- Linux-stable-mirror - lists.linaro.org

by Rainer Fiebig

Hi! With 4.18.1 and l1tf=full no problems so far and no noticeable performance-degradation in normal desktop-usage including a VirtualBox-VM. Compiling a kernel seems to take a bit longer, though. 4.9.120 and 4.14.63 also seem OK in cursory testing. CPU: Core i3. Thanks and so long! Rainer Fiebig -- The truth always turns out to be simpler than you thought. Richard Feynman

7 years, 1 month

2
1
0 0

Linux 4.4.148

by Greg KH

I'm announcing the release of the 4.4.148 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/imx6sx.dtsi | 2 arch/parisc/Kconfig | 2 arch/parisc/include/asm/barrier.h | 32 ++++++++++ arch/parisc/kernel/entry.S | 2 arch/parisc/kernel/pacache.S | 1 arch/parisc/kernel/syscall.S | 4 + arch/x86/include/asm/cpufeatures.h | 10 ++- arch/x86/include/asm/irqflags.h | 2 arch/x86/include/asm/page_32_types.h | 9 ++- arch/x86/include/asm/pgtable-2level.h | 17 +++++ arch/x86/include/asm/pgtable-3level.h | 37 +++++++++++- arch/x86/include/asm/pgtable-invert.h | 32 ++++++++++ arch/x86/include/asm/pgtable.h | 84 ++++++++++++++++++++++------ arch/x86/include/asm/pgtable_64.h | 54 +++++++++++++++--- arch/x86/include/asm/pgtable_types.h | 10 +-- arch/x86/include/asm/processor.h | 5 + arch/x86/kernel/cpu/bugs.c | 81 ++++++++++++++++----------- arch/x86/kernel/cpu/common.c | 20 ++++++ arch/x86/kernel/kprobes/core.c | 4 - arch/x86/kernel/paravirt.c | 14 +++- arch/x86/kernel/setup.c | 6 ++ arch/x86/mm/init.c | 25 ++++++++ arch/x86/mm/kmmio.c | 25 +++++--- arch/x86/mm/mmap.c | 21 +++++++ arch/x86/mm/pageattr.c | 8 +- drivers/acpi/acpi_lpss.c | 2 drivers/base/cpu.c | 8 ++ drivers/char/tpm/tpm-dev.c | 43 ++++++-------- drivers/infiniband/core/umem.c | 11 --- drivers/infiniband/hw/mlx4/mr.c | 50 ++++++++++++++-- drivers/infiniband/hw/ocrdma/ocrdma_stats.c | 2 drivers/net/xen-netfront.c | 8 +- drivers/scsi/sr.c | 29 +++++++-- fs/dcache.c | 6 +- fs/ext4/ialloc.c | 5 + fs/ext4/super.c | 8 -- fs/namespace.c | 28 ++++++++- include/asm-generic/pgtable.h | 12 ++++ include/linux/cpu.h | 2 include/linux/mm.h | 2 include/linux/swapfile.h | 2 include/linux/thread_info.h | 6 -- include/rdma/ib_verbs.h | 14 ++++ mm/memory.c | 62 +++++++++++++++++--- mm/mprotect.c | 49 ++++++++++++++++ mm/swapfile.c | 46 ++++++++++----- net/ipv4/Kconfig | 1 net/ipv6/Kconfig | 1 49 files changed, 715 insertions(+), 191 deletions(-) Al Viro (3): root dentries need RCU-delayed freeing fix mntput/mntput race fix __legitimize_mnt()/mntput() race Andi Kleen (10): x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation x86/speculation/l1tf: Make sure the first page is always reserved x86/speculation/l1tf: Add sysfs reporting for l1tf x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings x86/speculation/l1tf: Limit swap file size to MAX_PA/2 x86/speculation/l1tf: Invert all not present mappings x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert x86/mm/pat: Make set_memory_np() L1TF safe x86/mm/kmmio: Make the tracer robust against L1TF Andy Lutomirski (1): mm: Add vm_insert_pfn_prot() Bart Van Assche (1): scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled Dan Williams (1): mm: fix cache mode tracking in vm_insert_mixed() Dave Hansen (2): x86/mm: Move swap offset/type up in PTE to work around erratum x86/mm: Fix swap entry comment and macro Greg Kroah-Hartman (1): Linux 4.4.148 Guenter Roeck (1): x86/speculation/l1tf: Fix up CPU feature flags Hans de Goede (1): ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices Helge Deller (1): parisc: Enable CONFIG_MLONGCALLS by default Jack Morgenstein (2): IB/core: Make testing MR flags for writability a static inline function IB/mlx4: Mark user MR as writable if actual virtual memory is writable Jiri Kosina (2): x86/speculation: Protect against userspace-userspace spectreRSB x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures John David Anglin (1): parisc: Define mb() and add memory barriers to assembler unlock sequences Juergen Gross (1): xen/netfront: don't cache skb_shinfo() Kees Cook (1): fork: unconditionally clear stack on fork Konrad Rzeszutek Wilk (2): x86/bugs: Move the l1tf function and define pr_fmt properly x86/cpufeatures: Add detection of L1D cache flush support. Linus Torvalds (2): x86/speculation/l1tf: Change order of offset/type in swap entry x86/speculation/l1tf: Protect swap entries against L1TF Masami Hiramatsu (1): kprobes/x86: Fix %p uses in error messages Michael Mera (1): IB/ocrdma: fix out of bounds access to local buffer Michal Hocko (1): x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Naoya Horiguchi (1): mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 Nick Desaulniers (1): x86/irqflags: Provide a declaration for native_save_fl Oleksij Rempel (1): ARM: dts: imx6sx: fix irq for pcie bridge Peter Zijlstra (1): x86/paravirt: Fix spectre-v2 mitigations for paravirt guests Tadeusz Struk (1): tpm: fix race condition in tpm_common_write() Theodore Ts'o (1): ext4: fix check to prevent initializing reserved inodes Thomas Egerer (1): ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV Vlastimil Babka (3): x86/speculation/l1tf: Extend 64bit swap file size limit x86/speculation/l1tf: Protect PAE swap entries against L1TF x86/init: fix build with CONFIG_SWAP=n

7 years, 1 month

1
1
0 0

Linux 4.9.120

by Greg KH

I'm announcing the release of the 4.9.120 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 24 Documentation/index.rst | 1 Documentation/kernel-parameters.txt | 78 + Documentation/l1tf.rst | 610 +++++++++++ Documentation/virtual/kvm/api.txt | 40 Makefile | 2 arch/Kconfig | 3 arch/arm/boot/dts/imx6sx.dtsi | 2 arch/parisc/Kconfig | 2 arch/parisc/include/asm/barrier.h | 32 arch/parisc/kernel/entry.S | 2 arch/parisc/kernel/pacache.S | 1 arch/parisc/kernel/syscall.S | 4 arch/x86/Kconfig | 1 arch/x86/include/asm/apic.h | 10 arch/x86/include/asm/cpufeatures.h | 4 arch/x86/include/asm/dmi.h | 2 arch/x86/include/asm/hardirq.h | 26 arch/x86/include/asm/irqflags.h | 2 arch/x86/include/asm/kvm_host.h | 9 arch/x86/include/asm/msr-index.h | 7 arch/x86/include/asm/page_32_types.h | 9 arch/x86/include/asm/pgtable-2level.h | 17 arch/x86/include/asm/pgtable-3level.h | 37 arch/x86/include/asm/pgtable-invert.h | 32 arch/x86/include/asm/pgtable.h | 85 + arch/x86/include/asm/pgtable_64.h | 48 arch/x86/include/asm/pgtable_types.h | 10 arch/x86/include/asm/processor.h | 17 arch/x86/include/asm/smp.h | 1 arch/x86/include/asm/topology.h | 6 arch/x86/include/asm/vmx.h | 11 arch/x86/kernel/apic/apic.c | 19 arch/x86/kernel/apic/htirq.c | 2 arch/x86/kernel/apic/io_apic.c | 1 arch/x86/kernel/apic/msi.c | 1 arch/x86/kernel/apic/vector.c | 1 arch/x86/kernel/cpu/amd.c | 84 - arch/x86/kernel/cpu/bugs.c | 171 ++- arch/x86/kernel/cpu/common.c | 63 - arch/x86/kernel/cpu/cpu.h | 2 arch/x86/kernel/cpu/intel.c | 7 arch/x86/kernel/cpu/microcode/core.c | 26 arch/x86/kernel/cpu/topology.c | 41 arch/x86/kernel/fpu/core.c | 1 arch/x86/kernel/ftrace.c | 1 arch/x86/kernel/hpet.c | 1 arch/x86/kernel/i8259.c | 1 arch/x86/kernel/irq.c | 1 arch/x86/kernel/irq_32.c | 1 arch/x86/kernel/irq_64.c | 1 arch/x86/kernel/irqinit.c | 1 arch/x86/kernel/kprobes/core.c | 5 arch/x86/kernel/kprobes/opt.c | 1 arch/x86/kernel/paravirt.c | 14 arch/x86/kernel/setup.c | 6 arch/x86/kernel/smp.c | 1 arch/x86/kernel/smpboot.c | 25 arch/x86/kernel/time.c | 1 arch/x86/kvm/svm.c | 46 arch/x86/kvm/vmx.c | 426 ++++++- arch/x86/kvm/x86.c | 133 ++ arch/x86/mm/fault.c | 1 arch/x86/mm/init.c | 25 arch/x86/mm/kaiser.c | 1 arch/x86/mm/kmmio.c | 25 arch/x86/mm/mmap.c | 21 arch/x86/mm/pageattr.c | 8 arch/x86/platform/efi/efi_64.c | 1 arch/x86/platform/efi/quirks.c | 1 arch/x86/platform/intel-mid/device_libs/platform_mrfld_wdt.c | 1 arch/x86/platform/uv/tlb_uv.c | 1 arch/x86/xen/enlighten.c | 1 arch/x86/xen/setup.c | 1 drivers/acpi/acpi_lpss.c | 2 drivers/base/cpu.c | 8 drivers/char/tpm/tpm-dev.c | 43 drivers/infiniband/core/umem.c | 11 drivers/infiniband/hw/mlx4/mr.c | 50 drivers/infiniband/hw/ocrdma/ocrdma_stats.c | 2 drivers/mtd/nand/qcom_nandc.c | 3 drivers/net/xen-netfront.c | 8 drivers/pci/host/pci-hyperv.c | 2 drivers/scsi/sr.c | 29 fs/dcache.c | 13 fs/ext4/ialloc.c | 5 fs/ext4/super.c | 8 fs/namespace.c | 28 fs/proc/inode.c | 3 fs/proc/internal.h | 7 fs/proc/proc_sysctl.c | 83 + include/asm-generic/pgtable.h | 13 include/linux/compiler-clang.h | 3 include/linux/cpu.h | 23 include/linux/swapfile.h | 2 include/linux/sysctl.h | 1 include/rdma/ib_verbs.h | 14 include/uapi/linux/kvm.h | 2 init/main.c | 2 kernel/cpu.c | 284 ++++- kernel/smp.c | 2 kernel/softirq.c | 12 mm/memory.c | 29 mm/mprotect.c | 49 mm/swapfile.c | 46 tools/arch/x86/include/asm/cpufeatures.h | 4 106 files changed, 2709 insertions(+), 388 deletions(-) Abel Vesa (1): cpu/hotplug: Non-SMP machines do not make use of booted_once Al Viro (4): root dentries need RCU-delayed freeing make sure that __dentry_kill() always invalidates d_seq, unhashed or not fix mntput/mntput race fix __legitimize_mnt()/mntput() race Andi Kleen (10): x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation x86/speculation/l1tf: Make sure the first page is always reserved x86/speculation/l1tf: Add sysfs reporting for l1tf x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings x86/speculation/l1tf: Limit swap file size to MAX_PA/2 x86/speculation/l1tf: Invert all not present mappings x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert x86/mm/pat: Make set_memory_np() L1TF safe x86/mm/kmmio: Make the tracer robust against L1TF Andrey Konovalov (1): kasan: add no_sanitize attribute for clang builds Ashok Raj (1): x86/microcode: Do not upload microcode if CPUs are offline Bart Van Assche (1): scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled Borislav Petkov (3): x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present David Woodhouse (1): tools headers: Synchronise x86 cpufeatures.h for L1TF additions Eric W. Biederman (2): proc/sysctl: Don't grab i_lock under sysctl_lock. proc: Fix proc_sys_prune_dcache to hold a sb reference Fabio Estevam (1): mtd: nand: qcom: Add a NULL check for devm_kasprintf() Greg Kroah-Hartman (1): Linux 4.9.120 Hans de Goede (1): ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices Helge Deller (1): parisc: Enable CONFIG_MLONGCALLS by default Jack Morgenstein (2): IB/core: Make testing MR flags for writability a static inline function IB/mlx4: Mark user MR as writable if actual virtual memory is writable Jim Mattson (1): kvm: nVMX: Update MSR load counts on a VMCS switch Jiri Kosina (4): x86/speculation: Protect against userspace-userspace spectreRSB cpu/hotplug: Expose SMT control init function x86/bugs, kvm: Introduce boot-time control of L1TF mitigations x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures John David Anglin (1): parisc: Define mb() and add memory barriers to assembler unlock sequences Josh Poimboeuf (2): cpu/hotplug: detect SMT disabled by BIOS x86/microcode: Allow late microcode loading with SMT disabled Juergen Gross (1): xen/netfront: don't cache skb_shinfo() Konrad Rzeszutek Wilk (9): x86/bugs: Move the l1tf function and define pr_fmt properly x86/cpufeatures: Add detection of L1D cache flush support. x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present x86/KVM/VMX: Add module argument for L1TF mitigation x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers x86/KVM/VMX: Add find_msr() helper function x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required Konstantin Khlebnikov (1): proc/sysctl: prune stale dentries during unregistering Linus Torvalds (4): Mark HI and TASKLET softirq synchronous init: rename and re-order boot_cpu_state_init() x86/speculation/l1tf: Change order of offset/type in swap entry x86/speculation/l1tf: Protect swap entries against L1TF Masami Hiramatsu (1): kprobes/x86: Fix %p uses in error messages Michael Mera (1): IB/ocrdma: fix out of bounds access to local buffer Michal Hocko (1): x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Naoya Horiguchi (1): mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 Nick Desaulniers (1): x86/irqflags: Provide a declaration for native_save_fl Nicolai Stange (9): x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d x86: Don't include linux/irq.h from asm/hardirq.h x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() Oleksij Rempel (1): ARM: dts: imx6sx: fix irq for pcie bridge Paolo Bonzini (7): x86/KVM/VMX: Add L1D flush algorithm x86/KVM/VMX: Add L1D MSR based flush x86/KVM/VMX: Add L1D flush logic KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR x86/speculation: Simplify sysfs report of VMX L1TF vulnerability x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry Peter Zijlstra (1): x86/paravirt: Fix spectre-v2 mitigations for paravirt guests Suravee Suthikulpanit (1): x86/cpu/amd: Limit cpu_core_id fixup to families older than F17h Tadeusz Struk (1): tpm: fix race condition in tpm_common_write() Theodore Ts'o (1): ext4: fix check to prevent initializing reserved inodes Thomas Gleixner (26): x86/smp: Provide topology_is_primary_thread() x86/topology: Provide topology_smt_supported() cpu/hotplug: Make bringup/teardown of smp threads symmetric cpu/hotplug: Split do_cpu_down() cpu/hotplug: Provide knobs to control SMT x86/cpu: Remove the pointless CPU printout x86/cpu/AMD: Remove the pointless detect_ht() call x86/cpu/common: Provide detect_ht_early() x86/cpu/topology: Provide detect_extended_topology_early() x86/cpu/intel: Evaluate smp_num_siblings early x86/cpu/AMD: Evaluate smp_num_siblings early x86/apic: Ignore secondary threads if nosmt=force Revert "x86/apic: Ignore secondary threads if nosmt=force" cpu/hotplug: Boot HT siblings at least once cpu/hotplug: Online siblings when SMT control is turned on x86/litf: Introduce vmx status variable x86/kvm: Drop L1TF MSR list approach x86/l1tf: Handle EPT disabled state proper x86/kvm: Move l1tf setup function x86/kvm: Add static key for flush always x86/kvm: Serialize L1D flush parameter setter x86/kvm: Allow runtime control of L1D flush cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early Documentation: Add section about CPU vulnerabilities Documentation/l1tf: Remove Yonah processors from not vulnerable list cpu/hotplug: Fix SMT supported evaluation Tom Lendacky (2): KVM: x86: Add a framework for supporting MSR-based features KVM: SVM: Add MSR-based feature support for serializing LFENCE Tony Luck (1): Documentation/l1tf: Fix typos Vlastimil Babka (4): x86/speculation/l1tf: Extend 64bit swap file size limit x86/speculation/l1tf: Protect PAE swap entries against L1TF x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread x86/init: fix build with CONFIG_SWAP=n Wanpeng Li (2): KVM: X86: Introduce kvm_get_msr_feature() KVM: X86: Allow userspace to define the microcode version

7 years, 1 month

1
1
0 0

Linux 4.17.15

by Greg KH

I'm announcing the release of the 4.17.15 kernel. All users of the 4.17 kernel series must upgrade. The updated 4.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.17.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 24 Documentation/admin-guide/index.rst | 9 Documentation/admin-guide/kernel-parameters.txt | 78 + Documentation/admin-guide/l1tf.rst | 610 +++++++++++ Makefile | 2 arch/Kconfig | 3 arch/arm/boot/dts/imx6sx.dtsi | 2 arch/parisc/Kconfig | 2 arch/parisc/include/asm/barrier.h | 32 arch/parisc/kernel/entry.S | 2 arch/parisc/kernel/pacache.S | 1 arch/parisc/kernel/syscall.S | 4 arch/x86/Kconfig | 1 arch/x86/include/asm/apic.h | 9 arch/x86/include/asm/cpufeatures.h | 3 arch/x86/include/asm/dmi.h | 2 arch/x86/include/asm/hardirq.h | 26 arch/x86/include/asm/irqflags.h | 2 arch/x86/include/asm/kvm_host.h | 6 arch/x86/include/asm/msr-index.h | 7 arch/x86/include/asm/page_32_types.h | 9 arch/x86/include/asm/pgtable-2level.h | 17 arch/x86/include/asm/pgtable-3level.h | 37 arch/x86/include/asm/pgtable-invert.h | 32 arch/x86/include/asm/pgtable.h | 74 - arch/x86/include/asm/pgtable_64.h | 38 arch/x86/include/asm/processor.h | 17 arch/x86/include/asm/smp.h | 1 arch/x86/include/asm/topology.h | 6 arch/x86/include/asm/vmx.h | 11 arch/x86/kernel/apic/apic.c | 18 arch/x86/kernel/apic/io_apic.c | 1 arch/x86/kernel/apic/msi.c | 1 arch/x86/kernel/apic/vector.c | 1 arch/x86/kernel/cpu/amd.c | 59 - arch/x86/kernel/cpu/bugs.c | 171 ++- arch/x86/kernel/cpu/common.c | 63 - arch/x86/kernel/cpu/cpu.h | 2 arch/x86/kernel/cpu/intel.c | 7 arch/x86/kernel/cpu/microcode/core.c | 16 arch/x86/kernel/cpu/topology.c | 41 arch/x86/kernel/fpu/core.c | 1 arch/x86/kernel/hpet.c | 1 arch/x86/kernel/i8259.c | 1 arch/x86/kernel/idt.c | 1 arch/x86/kernel/irq.c | 1 arch/x86/kernel/irq_32.c | 1 arch/x86/kernel/irq_64.c | 1 arch/x86/kernel/irqinit.c | 1 arch/x86/kernel/kprobes/core.c | 5 arch/x86/kernel/paravirt.c | 14 arch/x86/kernel/setup.c | 6 arch/x86/kernel/smp.c | 1 arch/x86/kernel/smpboot.c | 25 arch/x86/kernel/time.c | 1 arch/x86/kvm/mmu.c | 1 arch/x86/kvm/vmx.c | 455 ++++++-- arch/x86/kvm/x86.c | 34 arch/x86/mm/init.c | 25 arch/x86/mm/kmmio.c | 25 arch/x86/mm/mmap.c | 21 arch/x86/mm/pageattr.c | 8 arch/x86/mm/pti.c | 1 arch/x86/platform/intel-mid/device_libs/platform_mrfld_wdt.c | 1 arch/x86/platform/uv/tlb_uv.c | 1 arch/x86/xen/enlighten.c | 1 drivers/base/cpu.c | 8 drivers/block/zram/zram_drv.c | 15 drivers/gpu/drm/i915/i915_pmu.c | 1 drivers/gpu/drm/i915/intel_lpe_audio.c | 1 drivers/net/xen-netfront.c | 8 drivers/pci/host/pci-hyperv.c | 2 drivers/scsi/qla2xxx/qla_iocb.c | 53 drivers/scsi/sr.c | 29 fs/dcache.c | 13 fs/namespace.c | 28 include/asm-generic/pgtable.h | 12 include/linux/cpu.h | 23 include/linux/swapfile.h | 2 init/main.c | 2 kernel/bpf/sockmap.c | 9 kernel/cpu.c | 284 ++++- kernel/sched/core.c | 30 kernel/sched/deadline.c | 8 kernel/sched/fair.c | 1 kernel/smp.c | 2 kernel/softirq.c | 12 kernel/stop_machine.c | 10 mm/memory.c | 37 mm/mprotect.c | 49 mm/swapfile.c | 46 tools/arch/x86/include/asm/cpufeatures.h | 23 tools/include/uapi/linux/prctl.h | 12 93 files changed, 2419 insertions(+), 381 deletions(-) Abel Vesa (1): cpu/hotplug: Non-SMP machines do not make use of booted_once Al Viro (4): root dentries need RCU-delayed freeing make sure that __dentry_kill() always invalidates d_seq, unhashed or not fix mntput/mntput race fix __legitimize_mnt()/mntput() race Andi Kleen (10): x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation x86/speculation/l1tf: Make sure the first page is always reserved x86/speculation/l1tf: Add sysfs reporting for l1tf x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings x86/speculation/l1tf: Limit swap file size to MAX_PA/2 x86/speculation/l1tf: Invert all not present mappings x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert x86/mm/pat: Make set_memory_np() L1TF safe x86/mm/kmmio: Make the tracer robust against L1TF Arnaldo Carvalho de Melo (1): tools headers: Synchronize prctl.h ABI header Bart Van Assche (1): scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled Borislav Petkov (3): x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present Daniel Borkmann (2): bpf, sockmap: fix leak in bpf_tcp_sendmsg wait for mem path bpf, sockmap: fix bpf_tcp_sendmsg sock error handling Daniel Bristot de Oliveira (1): sched/deadline: Update rq_clock of later_rq when pushing a task David Woodhouse (1): tools headers: Synchronise x86 cpufeatures.h for L1TF additions Greg Kroah-Hartman (1): Linux 4.17.15 Helge Deller (1): parisc: Enable CONFIG_MLONGCALLS by default Isaac J. Manjarres (1): stop_machine: Disable preemption after queueing stopper threads Jiri Kosina (4): x86/speculation: Protect against userspace-userspace spectreRSB cpu/hotplug: Expose SMT control init function x86/bugs, kvm: Introduce boot-time control of L1TF mitigations x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures John David Anglin (1): parisc: Define mb() and add memory barriers to assembler unlock sequences Josh Poimboeuf (2): cpu/hotplug: detect SMT disabled by BIOS x86/microcode: Allow late microcode loading with SMT disabled Juergen Gross (1): xen/netfront: don't cache skb_shinfo() Konrad Rzeszutek Wilk (9): x86/bugs: Move the l1tf function and define pr_fmt properly x86/cpufeatures: Add detection of L1D cache flush support. x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present x86/KVM/VMX: Add module argument for L1TF mitigation x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers x86/KVM/VMX: Add find_msr() helper function x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required Linus Torvalds (4): Mark HI and TASKLET softirq synchronous init: rename and re-order boot_cpu_state_init() x86/speculation/l1tf: Change order of offset/type in swap entry x86/speculation/l1tf: Protect swap entries against L1TF Masami Hiramatsu (1): kprobes/x86: Fix %p uses in error messages Michal Hocko (1): x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Minchan Kim (1): zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature Nick Desaulniers (1): x86/irqflags: Provide a declaration for native_save_fl Nicolai Stange (9): x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d x86: Don't include linux/irq.h from asm/hardirq.h x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() Oleksij Rempel (1): ARM: dts: imx6sx: fix irq for pcie bridge Paolo Bonzini (6): x86/KVM/VMX: Add L1D flush algorithm x86/KVM/VMX: Add L1D MSR based flush x86/KVM/VMX: Add L1D flush logic x86/speculation: Simplify sysfs report of VMX L1TF vulnerability x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry Peter Zijlstra (2): x86/paravirt: Fix spectre-v2 mitigations for paravirt guests sched/smt: Update sched_smt_present at runtime Quinn Tran (1): scsi: qla2xxx: Fix memory leak for allocating abort IOCB Thomas Gleixner (26): x86/smp: Provide topology_is_primary_thread() x86/topology: Provide topology_smt_supported() cpu/hotplug: Make bringup/teardown of smp threads symmetric cpu/hotplug: Split do_cpu_down() cpu/hotplug: Provide knobs to control SMT x86/cpu: Remove the pointless CPU printout x86/cpu/AMD: Remove the pointless detect_ht() call x86/cpu/common: Provide detect_ht_early() x86/cpu/topology: Provide detect_extended_topology_early() x86/cpu/intel: Evaluate smp_num_siblings early x86/cpu/AMD: Evaluate smp_num_siblings early x86/apic: Ignore secondary threads if nosmt=force Revert "x86/apic: Ignore secondary threads if nosmt=force" cpu/hotplug: Boot HT siblings at least once cpu/hotplug: Online siblings when SMT control is turned on x86/litf: Introduce vmx status variable x86/kvm: Drop L1TF MSR list approach x86/l1tf: Handle EPT disabled state proper x86/kvm: Move l1tf setup function x86/kvm: Add static key for flush always x86/kvm: Serialize L1D flush parameter setter x86/kvm: Allow runtime control of L1D flush cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early Documentation: Add section about CPU vulnerabilities Documentation/l1tf: Remove Yonah processors from not vulnerable list cpu/hotplug: Fix SMT supported evaluation Tony Luck (1): Documentation/l1tf: Fix typos Vlastimil Babka (4): x86/speculation/l1tf: Extend 64bit swap file size limit x86/speculation/l1tf: Protect PAE swap entries against L1TF x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread x86/init: fix build with CONFIG_SWAP=n

7 years, 1 month

1
1
0 0

Enquiry Order

by Mr Walter Benson

Dear Supplier, Please view our company catalog in attach file below and selected items then provide quotation based on our requirement. For further clarification or any question feel free to contact me. Your further reply as above will be very appreciated and helpful for our next conversation. Hope we can establish long-term business relationship. Best regards. Walter Benson. Marketing & Business Development APTECH AFRICA LTD JUBA SOUTH SUDAN TEL:+211922414561 www.aptechafrica.com

7 years, 1 month

1
0
0 0

[PATCH 4.17 00/97] 4.17.15-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.17.15 release. There are 97 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 16 17:14:15 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.17.15-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.17.15-rc1 Josh Poimboeuf <jpoimboe(a)redhat.com> x86/microcode: Allow late microcode loading with SMT disabled David Woodhouse <dwmw(a)amazon.co.uk> tools headers: Synchronise x86 cpufeatures.h for L1TF additions Arnaldo Carvalho de Melo <acme(a)redhat.com> tools headers: Synchronize prctl.h ABI header Andi Kleen <ak(a)linux.intel.com> x86/mm/kmmio: Make the tracer robust against L1TF Andi Kleen <ak(a)linux.intel.com> x86/mm/pat: Make set_memory_np() L1TF safe Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Invert all not present mappings Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Fix SMT supported evaluation Paolo Bonzini <pbonzini(a)redhat.com> KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry Paolo Bonzini <pbonzini(a)redhat.com> x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry Paolo Bonzini <pbonzini(a)redhat.com> x86/speculation: Simplify sysfs report of VMX L1TF vulnerability Thomas Gleixner <tglx(a)linutronix.de> Documentation/l1tf: Remove Yonah processors from not vulnerable list Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() Nicolai Stange <nstange(a)suse.de> x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d Nicolai Stange <nstange(a)suse.de> x86: Don't include linux/irq.h from asm/hardirq.h Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d Nicolai Stange <nstange(a)suse.de> x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() Josh Poimboeuf <jpoimboe(a)redhat.com> cpu/hotplug: detect SMT disabled by BIOS Tony Luck <tony.luck(a)intel.com> Documentation/l1tf: Fix typos Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content Jiri Kosina <jkosina(a)suse.cz> x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures Thomas Gleixner <tglx(a)linutronix.de> Documentation: Add section about CPU vulnerabilities Jiri Kosina <jkosina(a)suse.cz> x86/bugs, kvm: Introduce boot-time control of L1TF mitigations Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early Jiri Kosina <jkosina(a)suse.cz> cpu/hotplug: Expose SMT control init function Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Allow runtime control of L1D flush Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Serialize L1D flush parameter setter Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Add static key for flush always Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Move l1tf setup function Thomas Gleixner <tglx(a)linutronix.de> x86/l1tf: Handle EPT disabled state proper Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Drop L1TF MSR list approach Thomas Gleixner <tglx(a)linutronix.de> x86/litf: Introduce vmx status variable Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Online siblings when SMT control is turned on Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Add find_msr() helper function Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D flush logic Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D MSR based flush Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D flush algorithm Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Add module argument for L1TF mitigation Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Boot HT siblings at least once Thomas Gleixner <tglx(a)linutronix.de> Revert "x86/apic: Ignore secondary threads if nosmt=force" Michal Hocko <mhocko(a)suse.cz> x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Protect PAE swap entries against L1TF Borislav Petkov <bp(a)suse.de> x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/cpufeatures: Add detection of L1D cache flush support. Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Extend 64bit swap file size limit Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Ignore secondary threads if nosmt=force Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/AMD: Evaluate smp_num_siblings early Borislav Petkov <bp(a)suse.de> x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/intel: Evaluate smp_num_siblings early Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/topology: Provide detect_extended_topology_early() Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/common: Provide detect_ht_early() Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/AMD: Remove the pointless detect_ht() call Thomas Gleixner <tglx(a)linutronix.de> x86/cpu: Remove the pointless CPU printout Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Provide knobs to control SMT Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Split do_cpu_down() Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Make bringup/teardown of smp threads symmetric Thomas Gleixner <tglx(a)linutronix.de> x86/topology: Provide topology_smt_supported() Thomas Gleixner <tglx(a)linutronix.de> x86/smp: Provide topology_is_primary_thread() Peter Zijlstra <peterz(a)infradead.org> sched/smt: Update sched_smt_present at runtime Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Move the l1tf function and define pr_fmt properly Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Limit swap file size to MAX_PA/2 Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Add sysfs reporting for l1tf Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Make sure the first page is always reserved Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation Linus Torvalds <torvalds(a)linux-foundation.org> x86/speculation/l1tf: Protect swap entries against L1TF Linus Torvalds <torvalds(a)linux-foundation.org> x86/speculation/l1tf: Change order of offset/type in swap entry Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT Nick Desaulniers <ndesaulniers(a)google.com> x86/irqflags: Provide a declaration for native_save_fl Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Fix %p uses in error messages Jiri Kosina <jkosina(a)suse.cz> x86/speculation: Protect against userspace-userspace spectreRSB Peter Zijlstra <peterz(a)infradead.org> x86/paravirt: Fix spectre-v2 mitigations for paravirt guests Oleksij Rempel <o.rempel(a)pengutronix.de> ARM: dts: imx6sx: fix irq for pcie bridge Al Viro <viro(a)zeniv.linux.org.uk> fix __legitimize_mnt()/mntput() race Al Viro <viro(a)zeniv.linux.org.uk> fix mntput/mntput race Al Viro <viro(a)zeniv.linux.org.uk> make sure that __dentry_kill() always invalidates d_seq, unhashed or not Al Viro <viro(a)zeniv.linux.org.uk> root dentries need RCU-delayed freeing Linus Torvalds <torvalds(a)linux-foundation.org> init: rename and re-order boot_cpu_state_init() Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix memory leak for allocating abort IOCB Bart Van Assche <bart.vanassche(a)wdc.com> scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix bpf_tcp_sendmsg sock error handling Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix leak in bpf_tcp_sendmsg wait for mem path Juergen Gross <jgross(a)suse.com> xen/netfront: don't cache skb_shinfo() Minchan Kim <minchan(a)kernel.org> zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature Daniel Bristot de Oliveira <bristot(a)redhat.com> sched/deadline: Update rq_clock of later_rq when pushing a task Isaac J. Manjarres <isaacm(a)codeaurora.org> stop_machine: Disable preemption after queueing stopper threads Linus Torvalds <torvalds(a)linux-foundation.org> Mark HI and TASKLET softirq synchronous John David Anglin <dave.anglin(a)bell.net> parisc: Define mb() and add memory barriers to assembler unlock sequences Helge Deller <deller(a)gmx.de> parisc: Enable CONFIG_MLONGCALLS by default ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 24 + Documentation/admin-guide/index.rst | 9 + Documentation/admin-guide/kernel-parameters.txt | 78 +++ Documentation/admin-guide/l1tf.rst | 610 +++++++++++++++++++++ Makefile | 4 +- arch/Kconfig | 3 + arch/arm/boot/dts/imx6sx.dtsi | 2 +- arch/parisc/Kconfig | 2 +- arch/parisc/include/asm/barrier.h | 32 ++ arch/parisc/kernel/entry.S | 2 + arch/parisc/kernel/pacache.S | 1 + arch/parisc/kernel/syscall.S | 4 + arch/x86/Kconfig | 1 + arch/x86/include/asm/apic.h | 9 + arch/x86/include/asm/cpufeatures.h | 3 + arch/x86/include/asm/dmi.h | 2 +- arch/x86/include/asm/hardirq.h | 26 +- arch/x86/include/asm/irqflags.h | 2 + arch/x86/include/asm/kvm_host.h | 6 + arch/x86/include/asm/msr-index.h | 7 + arch/x86/include/asm/page_32_types.h | 9 +- arch/x86/include/asm/pgtable-2level.h | 17 + arch/x86/include/asm/pgtable-3level.h | 37 +- arch/x86/include/asm/pgtable-invert.h | 32 ++ arch/x86/include/asm/pgtable.h | 74 ++- arch/x86/include/asm/pgtable_64.h | 38 +- arch/x86/include/asm/processor.h | 17 + arch/x86/include/asm/topology.h | 6 +- arch/x86/include/asm/vmx.h | 11 + arch/x86/kernel/apic/apic.c | 16 + arch/x86/kernel/apic/io_apic.c | 1 + arch/x86/kernel/apic/msi.c | 1 + arch/x86/kernel/apic/vector.c | 1 + arch/x86/kernel/cpu/amd.c | 49 +- arch/x86/kernel/cpu/bugs.c | 171 ++++-- arch/x86/kernel/cpu/common.c | 56 +- arch/x86/kernel/cpu/cpu.h | 2 + arch/x86/kernel/cpu/intel.c | 7 + arch/x86/kernel/cpu/microcode/core.c | 16 +- arch/x86/kernel/cpu/topology.c | 41 +- arch/x86/kernel/fpu/core.c | 1 + arch/x86/kernel/hpet.c | 1 + arch/x86/kernel/i8259.c | 1 + arch/x86/kernel/idt.c | 1 + arch/x86/kernel/irq.c | 1 + arch/x86/kernel/irq_32.c | 1 + arch/x86/kernel/irq_64.c | 1 + arch/x86/kernel/irqinit.c | 1 + arch/x86/kernel/kprobes/core.c | 5 +- arch/x86/kernel/paravirt.c | 14 +- arch/x86/kernel/setup.c | 6 + arch/x86/kernel/smp.c | 1 + arch/x86/kernel/smpboot.c | 18 + arch/x86/kernel/time.c | 1 + arch/x86/kvm/mmu.c | 1 + arch/x86/kvm/vmx.c | 455 ++++++++++++--- arch/x86/kvm/x86.c | 34 +- arch/x86/mm/init.c | 23 + arch/x86/mm/kmmio.c | 25 +- arch/x86/mm/mmap.c | 21 + arch/x86/mm/pageattr.c | 8 +- arch/x86/mm/pti.c | 1 + .../intel-mid/device_libs/platform_mrfld_wdt.c | 1 + arch/x86/platform/uv/tlb_uv.c | 1 + arch/x86/xen/enlighten.c | 1 + drivers/base/cpu.c | 8 + drivers/block/zram/zram_drv.c | 15 +- drivers/gpu/drm/i915/i915_pmu.c | 1 + drivers/gpu/drm/i915/intel_lpe_audio.c | 1 + drivers/net/xen-netfront.c | 8 +- drivers/pci/host/pci-hyperv.c | 2 + drivers/scsi/qla2xxx/qla_iocb.c | 53 +- drivers/scsi/sr.c | 29 +- fs/dcache.c | 13 +- fs/namespace.c | 28 +- include/asm-generic/pgtable.h | 12 + include/linux/cpu.h | 23 +- include/linux/swapfile.h | 2 + init/main.c | 2 +- kernel/bpf/sockmap.c | 9 +- kernel/cpu.c | 282 +++++++++- kernel/sched/core.c | 30 +- kernel/sched/deadline.c | 8 +- kernel/sched/fair.c | 1 + kernel/smp.c | 2 + kernel/softirq.c | 12 +- kernel/stop_machine.c | 10 +- mm/memory.c | 37 +- mm/mprotect.c | 49 ++ mm/swapfile.c | 46 +- tools/arch/x86/include/asm/cpufeatures.h | 23 +- tools/include/uapi/linux/prctl.h | 12 + 92 files changed, 2406 insertions(+), 365 deletions(-)

7 years, 1 month

3
99
0 0

[PATCH] ALSA: info: Check for integer overflow in snd_info_entry_write()

by Erick Reyes

Commit 4adb7bcbcb69 ("ALSA: core: Use seq_file for text proc file reads") heavily refactored ALSA procfs and fixed the overflow as a side-effect, so this fix only applies to kernels < 4.2 and there is no upstream equivalent snd_info_entry_write() resizes the buffer with an unsigned long size argument that gets truncated because resize_info_buffer() takes the size parameter as an unsigned int. On 64-bit kernels, this causes the following copy_to_user() to write out-of-bounds if (pos + count) can't be represented by an unsigned int. Signed-off-by: Siqi Lin <siqilin(a)google.com> Signed-off-by: Erick Reyes <erickreyes(a)google.com> --- sound/core/info.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sound/core/info.c b/sound/core/info.c index 9f404e965ea2..08832c973a53 100644 --- a/sound/core/info.c +++ b/sound/core/info.c @@ -253,6 +253,7 @@ static ssize_t snd_info_entry_write(struct file *file, const char __user *buffer struct snd_info_buffer *buf; ssize_t size = 0; loff_t pos; + unsigned long realloc_size; data = file->private_data; if (snd_BUG_ON(!data)) @@ -261,7 +262,8 @@ static ssize_t snd_info_entry_write(struct file *file, const char __user *buffer pos = *offset; if (pos < 0 || (long) pos != pos || (ssize_t) count < 0) return -EIO; - if ((unsigned long) pos + (unsigned long) count < (unsigned long) pos) + realloc_size = (unsigned long) pos + (unsigned long) count; + if (realloc_size < (unsigned long) pos || realloc_size > UINT_MAX) return -EIO; switch (entry->content) { case SNDRV_INFO_CONTENT_TEXT: -- 2.18.0.865.gffc8e1a3cd6-goog

7 years, 1 month

2
1
0 0

[PATCH 4.9 000/107] 4.9.120-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.120 release. There are 107 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 16 17:14:53 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.120-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.120-rc1 Josh Poimboeuf <jpoimboe(a)redhat.com> x86/microcode: Allow late microcode loading with SMT disabled Ashok Raj <ashok.raj(a)intel.com> x86/microcode: Do not upload microcode if CPUs are offline David Woodhouse <dwmw(a)amazon.co.uk> tools headers: Synchronise x86 cpufeatures.h for L1TF additions Andi Kleen <ak(a)linux.intel.com> x86/mm/kmmio: Make the tracer robust against L1TF Andi Kleen <ak(a)linux.intel.com> x86/mm/pat: Make set_memory_np() L1TF safe Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Invert all not present mappings Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Fix SMT supported evaluation Paolo Bonzini <pbonzini(a)redhat.com> KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry Paolo Bonzini <pbonzini(a)redhat.com> x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry Paolo Bonzini <pbonzini(a)redhat.com> x86/speculation: Simplify sysfs report of VMX L1TF vulnerability Paolo Bonzini <pbonzini(a)redhat.com> KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR Wanpeng Li <wanpengli(a)tencent.com> KVM: X86: Allow userspace to define the microcode version Wanpeng Li <wanpengli(a)tencent.com> KVM: X86: Introduce kvm_get_msr_feature() Tom Lendacky <thomas.lendacky(a)amd.com> KVM: SVM: Add MSR-based feature support for serializing LFENCE Tom Lendacky <thomas.lendacky(a)amd.com> KVM: x86: Add a framework for supporting MSR-based features Thomas Gleixner <tglx(a)linutronix.de> Documentation/l1tf: Remove Yonah processors from not vulnerable list Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() Nicolai Stange <nstange(a)suse.de> x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d Nicolai Stange <nstange(a)suse.de> x86: Don't include linux/irq.h from asm/hardirq.h Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d Nicolai Stange <nstange(a)suse.de> x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() Josh Poimboeuf <jpoimboe(a)redhat.com> cpu/hotplug: detect SMT disabled by BIOS Tony Luck <tony.luck(a)intel.com> Documentation/l1tf: Fix typos Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content Thomas Gleixner <tglx(a)linutronix.de> Documentation: Add section about CPU vulnerabilities Jiri Kosina <jkosina(a)suse.cz> x86/bugs, kvm: Introduce boot-time control of L1TF mitigations Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early Jiri Kosina <jkosina(a)suse.cz> cpu/hotplug: Expose SMT control init function Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Allow runtime control of L1D flush Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Serialize L1D flush parameter setter Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Add static key for flush always Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Move l1tf setup function Thomas Gleixner <tglx(a)linutronix.de> x86/l1tf: Handle EPT disabled state proper Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Drop L1TF MSR list approach Thomas Gleixner <tglx(a)linutronix.de> x86/litf: Introduce vmx status variable Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Online siblings when SMT control is turned on Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Add find_msr() helper function Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers Jim Mattson <jmattson(a)google.com> kvm: nVMX: Update MSR load counts on a VMCS switch Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D flush logic Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D MSR based flush Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D flush algorithm Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Add module argument for L1TF mitigation Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Boot HT siblings at least once Thomas Gleixner <tglx(a)linutronix.de> Revert "x86/apic: Ignore secondary threads if nosmt=force" Michal Hocko <mhocko(a)suse.cz> x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Protect PAE swap entries against L1TF Borislav Petkov <bp(a)suse.de> x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/cpufeatures: Add detection of L1D cache flush support. Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Extend 64bit swap file size limit Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Ignore secondary threads if nosmt=force Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/AMD: Evaluate smp_num_siblings early Borislav Petkov <bp(a)suse.de> x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/intel: Evaluate smp_num_siblings early Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/topology: Provide detect_extended_topology_early() Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/common: Provide detect_ht_early() Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/AMD: Remove the pointless detect_ht() call Thomas Gleixner <tglx(a)linutronix.de> x86/cpu: Remove the pointless CPU printout Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Provide knobs to control SMT Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Split do_cpu_down() Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Make bringup/teardown of smp threads symmetric Thomas Gleixner <tglx(a)linutronix.de> x86/topology: Provide topology_smt_supported() Thomas Gleixner <tglx(a)linutronix.de> x86/smp: Provide topology_is_primary_thread() Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Move the l1tf function and define pr_fmt properly Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Limit swap file size to MAX_PA/2 Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Add sysfs reporting for l1tf Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Make sure the first page is always reserved Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation Linus Torvalds <torvalds(a)linux-foundation.org> x86/speculation/l1tf: Protect swap entries against L1TF Linus Torvalds <torvalds(a)linux-foundation.org> x86/speculation/l1tf: Change order of offset/type in swap entry Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT Nick Desaulniers <ndesaulniers(a)google.com> x86/irqflags: Provide a declaration for native_save_fl Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Fix %p uses in error messages Jiri Kosina <jkosina(a)suse.cz> x86/speculation: Protect against userspace-userspace spectreRSB Peter Zijlstra <peterz(a)infradead.org> x86/paravirt: Fix spectre-v2 mitigations for paravirt guests Oleksij Rempel <o.rempel(a)pengutronix.de> ARM: dts: imx6sx: fix irq for pcie bridge Michael Mera <dev(a)michaelmera.com> IB/ocrdma: fix out of bounds access to local buffer Fabio Estevam <fabio.estevam(a)nxp.com> mtd: nand: qcom: Add a NULL check for devm_kasprintf() Jack Morgenstein <jackm(a)dev.mellanox.co.il> IB/mlx4: Mark user MR as writable if actual virtual memory is writable Jack Morgenstein <jackm(a)dev.mellanox.co.il> IB/core: Make testing MR flags for writability a static inline function Eric W. Biederman <ebiederm(a)xmission.com> proc: Fix proc_sys_prune_dcache to hold a sb reference Eric W. Biederman <ebiederm(a)xmission.com> proc/sysctl: Don't grab i_lock under sysctl_lock. Konstantin Khlebnikov <khlebnikov(a)yandex-team.ru> proc/sysctl: prune stale dentries during unregistering Al Viro <viro(a)zeniv.linux.org.uk> fix __legitimize_mnt()/mntput() race Al Viro <viro(a)zeniv.linux.org.uk> fix mntput/mntput race Al Viro <viro(a)zeniv.linux.org.uk> make sure that __dentry_kill() always invalidates d_seq, unhashed or not Al Viro <viro(a)zeniv.linux.org.uk> root dentries need RCU-delayed freeing Linus Torvalds <torvalds(a)linux-foundation.org> init: rename and re-order boot_cpu_state_init() Bart Van Assche <bart.vanassche(a)wdc.com> scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled Hans de Goede <hdegoede(a)redhat.com> ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices Juergen Gross <jgross(a)suse.com> xen/netfront: don't cache skb_shinfo() Linus Torvalds <torvalds(a)linux-foundation.org> Mark HI and TASKLET softirq synchronous Andrey Konovalov <andreyknvl(a)google.com> kasan: add no_sanitize attribute for clang builds John David Anglin <dave.anglin(a)bell.net> parisc: Define mb() and add memory barriers to assembler unlock sequences Helge Deller <deller(a)gmx.de> parisc: Enable CONFIG_MLONGCALLS by default Tadeusz Struk <tadeusz.struk(a)intel.com> tpm: fix race condition in tpm_common_write() Theodore Ts'o <tytso(a)mit.edu> ext4: fix check to prevent initializing reserved inodes ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 24 + Documentation/index.rst | 1 + Documentation/kernel-parameters.txt | 78 +++ Documentation/l1tf.rst | 610 +++++++++++++++++++++ Documentation/virtual/kvm/api.txt | 40 +- Makefile | 4 +- arch/Kconfig | 3 + arch/arm/boot/dts/imx6sx.dtsi | 2 +- arch/parisc/Kconfig | 2 +- arch/parisc/include/asm/barrier.h | 32 ++ arch/parisc/kernel/entry.S | 2 + arch/parisc/kernel/pacache.S | 1 + arch/parisc/kernel/syscall.S | 4 + arch/x86/Kconfig | 1 + arch/x86/include/asm/apic.h | 10 + arch/x86/include/asm/cpufeatures.h | 4 +- arch/x86/include/asm/dmi.h | 2 +- arch/x86/include/asm/hardirq.h | 26 +- arch/x86/include/asm/irqflags.h | 2 + arch/x86/include/asm/kvm_host.h | 9 + arch/x86/include/asm/msr-index.h | 7 + arch/x86/include/asm/page_32_types.h | 9 +- arch/x86/include/asm/pgtable-2level.h | 17 + arch/x86/include/asm/pgtable-3level.h | 37 +- arch/x86/include/asm/pgtable-invert.h | 32 ++ arch/x86/include/asm/pgtable.h | 85 ++- arch/x86/include/asm/pgtable_64.h | 48 +- arch/x86/include/asm/pgtable_types.h | 10 +- arch/x86/include/asm/processor.h | 17 + arch/x86/include/asm/topology.h | 6 +- arch/x86/include/asm/vmx.h | 11 + arch/x86/kernel/apic/apic.c | 17 + arch/x86/kernel/apic/htirq.c | 2 + arch/x86/kernel/apic/io_apic.c | 1 + arch/x86/kernel/apic/msi.c | 1 + arch/x86/kernel/apic/vector.c | 1 + arch/x86/kernel/cpu/amd.c | 53 +- arch/x86/kernel/cpu/bugs.c | 171 ++++-- arch/x86/kernel/cpu/common.c | 56 +- arch/x86/kernel/cpu/cpu.h | 2 + arch/x86/kernel/cpu/intel.c | 7 + arch/x86/kernel/cpu/microcode/core.c | 26 + arch/x86/kernel/cpu/topology.c | 41 +- arch/x86/kernel/fpu/core.c | 1 + arch/x86/kernel/ftrace.c | 1 + arch/x86/kernel/hpet.c | 1 + arch/x86/kernel/i8259.c | 1 + arch/x86/kernel/irq.c | 1 + arch/x86/kernel/irq_32.c | 1 + arch/x86/kernel/irq_64.c | 1 + arch/x86/kernel/irqinit.c | 1 + arch/x86/kernel/kprobes/core.c | 5 +- arch/x86/kernel/kprobes/opt.c | 1 + arch/x86/kernel/paravirt.c | 14 +- arch/x86/kernel/setup.c | 6 + arch/x86/kernel/smp.c | 1 + arch/x86/kernel/smpboot.c | 18 + arch/x86/kernel/time.c | 1 + arch/x86/kvm/svm.c | 46 +- arch/x86/kvm/vmx.c | 426 ++++++++++++-- arch/x86/kvm/x86.c | 133 ++++- arch/x86/mm/fault.c | 1 + arch/x86/mm/init.c | 23 + arch/x86/mm/kaiser.c | 1 + arch/x86/mm/kmmio.c | 25 +- arch/x86/mm/mmap.c | 21 + arch/x86/mm/pageattr.c | 8 +- arch/x86/platform/efi/efi_64.c | 1 + arch/x86/platform/efi/quirks.c | 1 + .../intel-mid/device_libs/platform_mrfld_wdt.c | 1 + arch/x86/platform/uv/tlb_uv.c | 1 + arch/x86/xen/enlighten.c | 1 + arch/x86/xen/setup.c | 1 + drivers/acpi/acpi_lpss.c | 2 + drivers/base/cpu.c | 8 + drivers/char/tpm/tpm-dev.c | 43 +- drivers/infiniband/core/umem.c | 11 +- drivers/infiniband/hw/mlx4/mr.c | 50 +- drivers/infiniband/hw/ocrdma/ocrdma_stats.c | 2 +- drivers/mtd/nand/qcom_nandc.c | 3 + drivers/net/xen-netfront.c | 8 +- drivers/pci/host/pci-hyperv.c | 2 + drivers/scsi/sr.c | 29 +- fs/dcache.c | 13 +- fs/ext4/ialloc.c | 5 +- fs/ext4/super.c | 8 +- fs/namespace.c | 28 +- fs/proc/inode.c | 3 +- fs/proc/internal.h | 7 +- fs/proc/proc_sysctl.c | 83 ++- include/asm-generic/pgtable.h | 12 + include/linux/compiler-clang.h | 3 + include/linux/cpu.h | 23 +- include/linux/swapfile.h | 2 + include/linux/sysctl.h | 1 + include/rdma/ib_verbs.h | 14 + include/uapi/linux/kvm.h | 2 + init/main.c | 2 +- kernel/cpu.c | 282 +++++++++- kernel/smp.c | 2 + kernel/softirq.c | 12 +- mm/memory.c | 29 +- mm/mprotect.c | 49 ++ mm/swapfile.c | 46 +- tools/arch/x86/include/asm/cpufeatures.h | 4 +- 105 files changed, 2680 insertions(+), 366 deletions(-)

7 years, 1 month

7
128
0 0

[PATCH] avoid race condition between start_xmit and cm_rep_handler

by Aaron S. Knister

From: Aaron Knister <aaron.s.knister(a)nasa.gov> Inside of start_xmit() the call to check if the connection is up and the queueing of the packets for later transmission is not atomic which leaves a window where cm_rep_handler can run, set the connection up, dequeue pending packets and leave the subsequently queued packets by start_xmit() sitting on neigh->queue until they're dropped when the connection is torn down. This only applies to connected mode. These dropped packets can really upset TCP, for example, and cause multi-minute delays in transmission for open connections. I've got a reproducer available if it's needed. Here's the code in start_xmit where we check to see if the connection is up: if (ipoib_cm_get(neigh)) { if (ipoib_cm_up(neigh)) { ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); goto unref; } } The race occurs if cm_rep_handler execution occurs after the above connection check (specifically if it gets to the point where it acquires priv->lock to dequeue pending skb's) but before the below code snippet in start_xmit where packets are queued. if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { push_pseudo_header(skb, phdr->hwaddr); spin_lock_irqsave(&priv->lock, flags); __skb_queue_tail(&neigh->queue, skb); spin_unlock_irqrestore(&priv->lock, flags); } else { ++dev->stats.tx_dropped; dev_kfree_skb_any(skb); } The patch re-checks ipoib_cm_up with priv->lock held to avoid this race condition. Since odds are the conn should be up most of the time (and thus the connection *not* down most of the time) we don't hold the lock for the first check attempt to avoid a slowdown from unecessary locking for the majority of the packets transmitted during the connection's life. Cc: stable(a)vger.kernel.org Tested-by: Ira Weiny <ira.weiny(a)intel.com> Signed-off-by: Aaron Knister <aaron.s.knister(a)nasa.gov> --- drivers/infiniband/ulp/ipoib/ipoib_main.c | 53 +++++++++++++++++++++++++------ 1 file changed, 44 insertions(+), 9 deletions(-) diff --git a/drivers/infiniband/ulp/ipoib/ipoib_main.c b/drivers/infiniband/ulp/ipoib/ipoib_main.c index 26cde95b..529dbeab 100644 --- a/drivers/infiniband/ulp/ipoib/ipoib_main.c +++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c @@ -1093,6 +1093,34 @@ static void unicast_arp_send(struct sk_buff *skb, struct net_device *dev, spin_unlock_irqrestore(&priv->lock, flags); } +static void defer_neigh_skb(struct sk_buff *skb, struct net_device *dev, + struct ipoib_neigh *neigh, + struct ipoib_pseudo_header *phdr, + unsigned long *flags) +{ + struct ipoib_dev_priv *priv = ipoib_priv(dev); + unsigned long local_flags; + int acquire_priv_lock = 0; + + /* Passing in pointer to spin_lock flags indicates spin lock + * already acquired so we don't need to acquire the priv lock */ + if (flags == NULL) { + flags = &local_flags; + acquire_priv_lock = 1; + } + + if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { + push_pseudo_header(skb, phdr->hwaddr); + if (acquire_priv_lock) + spin_lock_irqsave(&priv->lock, *flags); + __skb_queue_tail(&neigh->queue, skb); + spin_unlock_irqrestore(&priv->lock, *flags); + } else { + ++dev->stats.tx_dropped; + dev_kfree_skb_any(skb); + } +} + static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) { struct ipoib_dev_priv *priv = ipoib_priv(dev); @@ -1160,6 +1188,21 @@ static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); goto unref; } + /* + * Re-check ipoib_cm_up with priv->lock held to avoid + * race condition between start_xmit and skb_dequeue in + * cm_rep_handler. Since odds are the conn should be up + * most of the time, we don't hold the lock for the + * first check above + */ + spin_lock_irqsave(&priv->lock, flags); + if (ipoib_cm_up(neigh)) { + spin_unlock_irqrestore(&priv->lock, flags); + ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); + } else { + defer_neigh_skb(skb, dev, neigh, phdr, &flags); + } + goto unref; } else if (neigh->ah && neigh->ah->valid) { neigh->ah->last_send = rn->send(dev, skb, neigh->ah->ah, IPOIB_QPN(phdr->hwaddr)); @@ -1168,15 +1211,7 @@ static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) neigh_refresh_path(neigh, phdr->hwaddr, dev); } - if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { - push_pseudo_header(skb, phdr->hwaddr); - spin_lock_irqsave(&priv->lock, flags); - __skb_queue_tail(&neigh->queue, skb); - spin_unlock_irqrestore(&priv->lock, flags); - } else { - ++dev->stats.tx_dropped; - dev_kfree_skb_any(skb); - } + defer_neigh_skb(skb, dev, neigh, phdr, NULL); unref: ipoib_neigh_put(neigh); -- 2.12.3

7 years, 1 month

1
0
0 0

[PATCH] x86/speculation/l1tf: Add assembly guard for xtensa/ia64

by Andi Kleen

From: Andi Kleen <ak(a)linux.intel.com> The stable backport of the x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings patch for 4.4 and 4.9 put new C code for !__HAVE_ARCH_PFN_MODIFY_ALLOWED code outside the assembler ifdef. This breaks the xtensa and ia64 build as reported by 0day which somehow include this file into assembler. Just add an #ifdef __ASSEMBLY__ around the new code to fix this. This patch is only needed for 4.9 and 4.4 stable, the newer stables don't have this problem. Fixes: 7c5b42f82c13 ("x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings") Signed-off-by: Andi Kleen <ak(a)linux.intel.com> --- include/asm-generic/pgtable.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h index a88ea9e37a25..abc2a1b15dd8 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h @@ -825,6 +825,7 @@ static inline int pmd_free_pte_page(pmd_t *pmd) #endif #endif +#ifndef __ASSEMBLY__ struct file; int phys_mem_access_prot_allowed(struct file *file, unsigned long pfn, unsigned long size, pgprot_t *vma_prot); @@ -839,6 +840,9 @@ static inline bool arch_has_pfn_modify_check(void) { return false; } + +#endif + #endif /* !_HAVE_ARCH_PFN_MODIFY_ALLOWED */ #endif /* !__ASSEMBLY__ */ -- 2.17.1

7 years, 1 month

2
1
0 0

[merged] zram-remove-bd_cap_synchronous_io-with-writeback-feature.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature has been removed from the -mm tree. Its filename was zram-remove-bd_cap_synchronous_io-with-writeback-feature.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Minchan Kim <minchan(a)kernel.org> Subject: zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature If zram supports writeback feature, it's no longer a BD_CAP_SYNCHRONOUS_IO device beause zram does asynchronous IO operations for incompressible pages. Do not pretend to be synchronous IO device. It makes the system very sluggish due to waiting for IO completion from upper layers. Furthermore, it causes a user-after-free problem because swap thinks the opearion is done when the IO functions returns so it can free the page (e.g., lock_page_or_retry and goto out_release in do_swap_page) but in fact, IO is asynchronous so the driver could access a just freed page afterward. This patch fixes the problem. BUG: Bad page state in process qemu-system-x86 pfn:3dfab21 page:ffffdfb137eac840 count:0 mapcount:0 mapping:0000000000000000 index:0x1 flags: 0x17fffc000000008(uptodate) raw: 017fffc000000008 dead000000000100 dead000000000200 0000000000000000 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag set bad because of flags: 0x8(uptodate) Modules linked in: lz4 lz4_compress zram zsmalloc intel_rapl sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel bin fmt_misc pcbc aesni_intel aes_x86_64 crypto_simd cryptd iTCO_wdt glue_helper iTCO_vendor_support intel_cstate lpc_ich mei_me intel_uncore intel_rapl_perf pcspkr joydev sg mfd_core ioatdma mei wmi evdev ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter acpi_pad button ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 fscrypto hid_generic usbhid hid sd_mod xhci_pci ehci_pci ahci libahci xhci_hcd ehci_hcd libata igb i2c_algo_bit crc32c_intel scsi_mod i2c_i8 01 dca usbcore CPU: 4 PID: 1039 Comm: qemu-system-x86 Tainted: G B 4.18.0-rc5+ #1 Hardware name: Supermicro Super Server/X10SRL-F, BIOS 2.0b 05/02/2017 Call Trace: dump_stack+0x5c/0x7b bad_page+0xba/0x120 get_page_from_freelist+0x1016/0x1250 __alloc_pages_nodemask+0xfa/0x250 alloc_pages_vma+0x7c/0x1c0 do_swap_page+0x347/0x920 ? __update_load_avg_se.isra.38+0x1eb/0x1f0 ? cpumask_next_wrap+0x3d/0x60 __handle_mm_fault+0x7b4/0x1110 ? update_load_avg+0x5ea/0x720 handle_mm_fault+0xfc/0x1f0 __get_user_pages+0x12f/0x690 get_user_pages_unlocked+0x148/0x1f0 __gfn_to_pfn_memslot+0xff/0x3c0 [kvm] try_async_pf+0x87/0x230 [kvm] tdp_page_fault+0x132/0x290 [kvm] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] kvm_mmu_page_fault+0x74/0x570 [kvm] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmx_vcpu_run+0x375/0x620 [kvm_intel] kvm_arch_vcpu_ioctl_run+0x9b3/0x1990 [kvm] ? __update_load_avg_se.isra.38+0x1eb/0x1f0 ? kvm_vcpu_ioctl+0x388/0x5d0 [kvm] kvm_vcpu_ioctl+0x388/0x5d0 [kvm] ? __switch_to+0x395/0x450 ? __switch_to+0x395/0x450 do_vfs_ioctl+0xa2/0x630 ? __schedule+0x3fd/0x890 ksys_ioctl+0x70/0x80 ? exit_to_usermode_loop+0xca/0xf0 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x55/0x100 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fb30361add7 Code: 00 00 00 48 8b 05 c1 80 2b 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 80 2b 00 f7 d8 64 89 01 48 RSP: 002b:00007fb2e97f98b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000000ae80 RCX: 00007fb30361add7 RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000015 RBP: 00005652b984e0f0 R08: 00005652b7d513d0 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fb308c66000 R14: 0000000000000000 R15: 00005652b984e0f0 Link: https://lore.kernel.org/lkml/0516ae2d-b0fd-92c5-aa92-112ba7bd32fc@contabo.d… Link: http://lkml.kernel.org/r/20180802051112.86174-1-minchan@kernel.org [minchan(a)kernel.org: fix changelog, add comment] Link: https://lore.kernel.org/lkml/0516ae2d-b0fd-92c5-aa92-112ba7bd32fc@contabo.d… Link: http://lkml.kernel.org/r/20180802051112.86174-1-minchan@kernel.org Link: http://lkml.kernel.org/r/20180805233722.217347-1-minchan@kernel.org [akpm(a)linux-foundation.org: coding-style fixes] Signed-off-by: Minchan Kim <minchan(a)kernel.org> Reported-by: Tino Lehnig <tino.lehnig(a)contabo.de> Tested-by: Tino Lehnig <tino.lehnig(a)contabo.de> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: <stable(a)vger.kernel.org> [4.15+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) --- a/drivers/block/zram/zram_drv.c~zram-remove-bd_cap_synchronous_io-with-writeback-feature +++ a/drivers/block/zram/zram_drv.c @@ -298,7 +298,8 @@ static void reset_bdev(struct zram *zram zram->backing_dev = NULL; zram->old_block_size = 0; zram->bdev = NULL; - + zram->disk->queue->backing_dev_info->capabilities |= + BDI_CAP_SYNCHRONOUS_IO; kvfree(zram->bitmap); zram->bitmap = NULL; } @@ -400,6 +401,18 @@ static ssize_t backing_dev_store(struct zram->backing_dev = backing_dev; zram->bitmap = bitmap; zram->nr_pages = nr_pages; + /* + * With writeback feature, zram does asynchronous IO so it's no longer + * synchronous device so let's remove synchronous io flag. Othewise, + * upper layer(e.g., swap) could wait IO completion rather than + * (submit and return), which will cause system sluggish. + * Furthermore, when the IO function returns(e.g., swap_readpage), + * upper layer expects IO was done so it could deallocate the page + * freely but in fact, IO is going on so finally could cause + * use-after-free when the IO is really done. + */ + zram->disk->queue->backing_dev_info->capabilities &= + ~BDI_CAP_SYNCHRONOUS_IO; up_write(&zram->init_lock); pr_info("setup backing device %s\n", file_name); _ Patches currently in -mm which might be from minchan(a)kernel.org are

7 years, 1 month

1
0
0 0

[PATCH 4.14 000/104] 4.14.63-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.63 release. There are 104 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 16 17:14:49 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.63-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.63-rc1 Josh Poimboeuf <jpoimboe(a)redhat.com> x86/microcode: Allow late microcode loading with SMT disabled David Woodhouse <dwmw(a)amazon.co.uk> tools headers: Synchronise x86 cpufeatures.h for L1TF additions Andi Kleen <ak(a)linux.intel.com> x86/mm/kmmio: Make the tracer robust against L1TF Andi Kleen <ak(a)linux.intel.com> x86/mm/pat: Make set_memory_np() L1TF safe Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Invert all not present mappings Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Fix SMT supported evaluation Paolo Bonzini <pbonzini(a)redhat.com> KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry Paolo Bonzini <pbonzini(a)redhat.com> x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry Paolo Bonzini <pbonzini(a)redhat.com> x86/speculation: Simplify sysfs report of VMX L1TF vulnerability Paolo Bonzini <pbonzini(a)redhat.com> KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR Wanpeng Li <wanpengli(a)tencent.com> KVM: X86: Allow userspace to define the microcode version Wanpeng Li <wanpengli(a)tencent.com> KVM: X86: Introduce kvm_get_msr_feature() Tom Lendacky <thomas.lendacky(a)amd.com> KVM: SVM: Add MSR-based feature support for serializing LFENCE Tom Lendacky <thomas.lendacky(a)amd.com> KVM: x86: Add a framework for supporting MSR-based features Thomas Gleixner <tglx(a)linutronix.de> Documentation/l1tf: Remove Yonah processors from not vulnerable list Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() Nicolai Stange <nstange(a)suse.de> x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d Nicolai Stange <nstange(a)suse.de> x86: Don't include linux/irq.h from asm/hardirq.h Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d Nicolai Stange <nstange(a)suse.de> x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() Josh Poimboeuf <jpoimboe(a)redhat.com> cpu/hotplug: detect SMT disabled by BIOS Tony Luck <tony.luck(a)intel.com> Documentation/l1tf: Fix typos Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content Thomas Gleixner <tglx(a)linutronix.de> Documentation: Add section about CPU vulnerabilities Jiri Kosina <jkosina(a)suse.cz> x86/bugs, kvm: Introduce boot-time control of L1TF mitigations Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early Jiri Kosina <jkosina(a)suse.cz> cpu/hotplug: Expose SMT control init function Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Allow runtime control of L1D flush Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Serialize L1D flush parameter setter Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Add static key for flush always Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Move l1tf setup function Thomas Gleixner <tglx(a)linutronix.de> x86/l1tf: Handle EPT disabled state proper Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Drop L1TF MSR list approach Thomas Gleixner <tglx(a)linutronix.de> x86/litf: Introduce vmx status variable Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Online siblings when SMT control is turned on Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Add find_msr() helper function Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D flush logic Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D MSR based flush Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D flush algorithm Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Add module argument for L1TF mitigation Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Boot HT siblings at least once Thomas Gleixner <tglx(a)linutronix.de> Revert "x86/apic: Ignore secondary threads if nosmt=force" Michal Hocko <mhocko(a)suse.cz> x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Protect PAE swap entries against L1TF Borislav Petkov <bp(a)suse.de> x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/cpufeatures: Add detection of L1D cache flush support. Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Extend 64bit swap file size limit Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Ignore secondary threads if nosmt=force Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/AMD: Evaluate smp_num_siblings early Borislav Petkov <bp(a)suse.de> x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/intel: Evaluate smp_num_siblings early Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/topology: Provide detect_extended_topology_early() Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/common: Provide detect_ht_early() Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/AMD: Remove the pointless detect_ht() call Thomas Gleixner <tglx(a)linutronix.de> x86/cpu: Remove the pointless CPU printout Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Provide knobs to control SMT Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Split do_cpu_down() Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Make bringup/teardown of smp threads symmetric Thomas Gleixner <tglx(a)linutronix.de> x86/topology: Provide topology_smt_supported() Thomas Gleixner <tglx(a)linutronix.de> x86/smp: Provide topology_is_primary_thread() Peter Zijlstra <peterz(a)infradead.org> sched/smt: Update sched_smt_present at runtime Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Move the l1tf function and define pr_fmt properly Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Limit swap file size to MAX_PA/2 Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Add sysfs reporting for l1tf Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Make sure the first page is always reserved Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation Linus Torvalds <torvalds(a)linux-foundation.org> x86/speculation/l1tf: Protect swap entries against L1TF Linus Torvalds <torvalds(a)linux-foundation.org> x86/speculation/l1tf: Change order of offset/type in swap entry Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT Nick Desaulniers <ndesaulniers(a)google.com> x86/irqflags: Provide a declaration for native_save_fl Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Fix %p uses in error messages Jiri Kosina <jkosina(a)suse.cz> x86/speculation: Protect against userspace-userspace spectreRSB Peter Zijlstra <peterz(a)infradead.org> x86/paravirt: Fix spectre-v2 mitigations for paravirt guests Oleksij Rempel <o.rempel(a)pengutronix.de> ARM: dts: imx6sx: fix irq for pcie bridge Lukas Wunner <lukas(a)wunner.de> Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops Ronald Tschalär <ronald(a)innovation.ch> Bluetooth: hci_ldisc: Allow sleeping while proto locks are held. Chunfeng Yun <chunfeng.yun(a)mediatek.com> phy: phy-mtk-tphy: use auto instead of force to bypass utmi signals Fabio Estevam <fabio.estevam(a)nxp.com> mtd: nand: qcom: Add a NULL check for devm_kasprintf() Al Viro <viro(a)zeniv.linux.org.uk> fix __legitimize_mnt()/mntput() race Al Viro <viro(a)zeniv.linux.org.uk> fix mntput/mntput race Al Viro <viro(a)zeniv.linux.org.uk> make sure that __dentry_kill() always invalidates d_seq, unhashed or not Al Viro <viro(a)zeniv.linux.org.uk> root dentries need RCU-delayed freeing Linus Torvalds <torvalds(a)linux-foundation.org> init: rename and re-order boot_cpu_state_init() Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix memory leak for allocating abort IOCB Bart Van Assche <bart.vanassche(a)wdc.com> scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled Juergen Gross <jgross(a)suse.com> xen/netfront: don't cache skb_shinfo() Isaac J. Manjarres <isaacm(a)codeaurora.org> stop_machine: Disable preemption after queueing stopper threads Linus Torvalds <torvalds(a)linux-foundation.org> Mark HI and TASKLET softirq synchronous Andrey Konovalov <andreyknvl(a)google.com> kasan: add no_sanitize attribute for clang builds Ming Lei <ming.lei(a)redhat.com> scsi: virtio_scsi: fix IO hang caused by automatic irq vector affinity Ming Lei <ming.lei(a)redhat.com> scsi: core: introduce force_blk_mq Ming Lei <ming.lei(a)redhat.com> scsi: hpsa: fix selection of reply queue John David Anglin <dave.anglin(a)bell.net> parisc: Define mb() and add memory barriers to assembler unlock sequences Helge Deller <deller(a)gmx.de> parisc: Enable CONFIG_MLONGCALLS by default ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 24 + Documentation/admin-guide/index.rst | 9 + Documentation/admin-guide/kernel-parameters.txt | 78 +++ Documentation/admin-guide/l1tf.rst | 610 +++++++++++++++++++++ Documentation/virtual/kvm/api.txt | 40 +- Makefile | 4 +- arch/Kconfig | 3 + arch/arm/boot/dts/imx6sx.dtsi | 2 +- arch/parisc/Kconfig | 2 +- arch/parisc/include/asm/barrier.h | 32 ++ arch/parisc/kernel/entry.S | 2 + arch/parisc/kernel/pacache.S | 1 + arch/parisc/kernel/syscall.S | 4 + arch/x86/Kconfig | 1 + arch/x86/include/asm/apic.h | 10 + arch/x86/include/asm/cpufeatures.h | 3 + arch/x86/include/asm/dmi.h | 2 +- arch/x86/include/asm/hardirq.h | 26 +- arch/x86/include/asm/irqflags.h | 2 + arch/x86/include/asm/kvm_host.h | 9 + arch/x86/include/asm/msr-index.h | 7 + arch/x86/include/asm/page_32_types.h | 9 +- arch/x86/include/asm/pgtable-2level.h | 17 + arch/x86/include/asm/pgtable-3level.h | 37 +- arch/x86/include/asm/pgtable-invert.h | 32 ++ arch/x86/include/asm/pgtable.h | 74 ++- arch/x86/include/asm/pgtable_64.h | 38 +- arch/x86/include/asm/processor.h | 17 + arch/x86/include/asm/topology.h | 6 +- arch/x86/include/asm/vmx.h | 11 + arch/x86/kernel/apic/apic.c | 17 + arch/x86/kernel/apic/htirq.c | 2 + arch/x86/kernel/apic/io_apic.c | 1 + arch/x86/kernel/apic/msi.c | 1 + arch/x86/kernel/apic/vector.c | 1 + arch/x86/kernel/cpu/amd.c | 49 +- arch/x86/kernel/cpu/bugs.c | 171 ++++-- arch/x86/kernel/cpu/common.c | 56 +- arch/x86/kernel/cpu/cpu.h | 2 + arch/x86/kernel/cpu/intel.c | 7 + arch/x86/kernel/cpu/microcode/core.c | 16 +- arch/x86/kernel/cpu/topology.c | 41 +- arch/x86/kernel/fpu/core.c | 1 + arch/x86/kernel/ftrace.c | 1 + arch/x86/kernel/hpet.c | 1 + arch/x86/kernel/i8259.c | 1 + arch/x86/kernel/idt.c | 1 + arch/x86/kernel/irq.c | 1 + arch/x86/kernel/irq_32.c | 1 + arch/x86/kernel/irq_64.c | 1 + arch/x86/kernel/irqinit.c | 1 + arch/x86/kernel/kprobes/core.c | 6 +- arch/x86/kernel/paravirt.c | 14 +- arch/x86/kernel/setup.c | 6 + arch/x86/kernel/smp.c | 1 + arch/x86/kernel/smpboot.c | 18 + arch/x86/kernel/time.c | 1 + arch/x86/kvm/mmu.c | 1 + arch/x86/kvm/svm.c | 44 +- arch/x86/kvm/vmx.c | 426 ++++++++++++-- arch/x86/kvm/x86.c | 133 ++++- arch/x86/mm/fault.c | 1 + arch/x86/mm/init.c | 23 + arch/x86/mm/kmmio.c | 25 +- arch/x86/mm/mmap.c | 21 + arch/x86/mm/pageattr.c | 8 +- arch/x86/mm/pti.c | 1 + .../intel-mid/device_libs/platform_mrfld_wdt.c | 1 + arch/x86/platform/uv/tlb_uv.c | 1 + arch/x86/xen/enlighten.c | 1 + drivers/base/cpu.c | 8 + drivers/bluetooth/hci_ldisc.c | 38 +- drivers/bluetooth/hci_serdev.c | 1 + drivers/bluetooth/hci_uart.h | 2 +- drivers/gpu/drm/i915/intel_lpe_audio.c | 1 + drivers/mtd/nand/qcom_nandc.c | 3 + drivers/net/xen-netfront.c | 8 +- drivers/pci/host/pci-hyperv.c | 2 + drivers/phy/mediatek/phy-mtk-tphy.c | 19 +- drivers/scsi/hosts.c | 1 + drivers/scsi/hpsa.c | 73 ++- drivers/scsi/hpsa.h | 1 + drivers/scsi/qla2xxx/qla_iocb.c | 53 +- drivers/scsi/sr.c | 29 +- drivers/scsi/virtio_scsi.c | 59 +- fs/dcache.c | 13 +- fs/namespace.c | 28 +- include/asm-generic/pgtable.h | 12 + include/linux/compiler-clang.h | 3 + include/linux/cpu.h | 23 +- include/linux/swapfile.h | 2 + include/scsi/scsi_host.h | 3 + include/uapi/linux/kvm.h | 2 + init/main.c | 2 +- kernel/cpu.c | 282 +++++++++- kernel/sched/core.c | 30 +- kernel/sched/fair.c | 1 + kernel/smp.c | 2 + kernel/softirq.c | 12 +- kernel/stop_machine.c | 10 +- mm/memory.c | 37 +- mm/mprotect.c | 49 ++ mm/swapfile.c | 46 +- tools/arch/x86/include/asm/cpufeatures.h | 3 + 104 files changed, 2619 insertions(+), 456 deletions(-)

7 years, 1 month

3
99
0 0

[PATCH 4.18 00/79] 4.18.1-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.1 release. There are 79 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 16 17:13:16 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.1-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.1-rc1 Josh Poimboeuf <jpoimboe(a)redhat.com> x86/microcode: Allow late microcode loading with SMT disabled David Woodhouse <dwmw(a)amazon.co.uk> tools headers: Synchronise x86 cpufeatures.h for L1TF additions Andi Kleen <ak(a)linux.intel.com> x86/mm/kmmio: Make the tracer robust against L1TF Andi Kleen <ak(a)linux.intel.com> x86/mm/pat: Make set_memory_np() L1TF safe Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Invert all not present mappings Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Fix SMT supported evaluation Paolo Bonzini <pbonzini(a)redhat.com> KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry Paolo Bonzini <pbonzini(a)redhat.com> x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry Paolo Bonzini <pbonzini(a)redhat.com> x86/speculation: Simplify sysfs report of VMX L1TF vulnerability Thomas Gleixner <tglx(a)linutronix.de> Documentation/l1tf: Remove Yonah processors from not vulnerable list Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() Nicolai Stange <nstange(a)suse.de> x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d Nicolai Stange <nstange(a)suse.de> x86: Don't include linux/irq.h from asm/hardirq.h Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d Nicolai Stange <nstange(a)suse.de> x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() Josh Poimboeuf <jpoimboe(a)redhat.com> cpu/hotplug: detect SMT disabled by BIOS Tony Luck <tony.luck(a)intel.com> Documentation/l1tf: Fix typos Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content Jiri Kosina <jkosina(a)suse.cz> x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures Thomas Gleixner <tglx(a)linutronix.de> Documentation: Add section about CPU vulnerabilities Jiri Kosina <jkosina(a)suse.cz> x86/bugs, kvm: Introduce boot-time control of L1TF mitigations Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early Jiri Kosina <jkosina(a)suse.cz> cpu/hotplug: Expose SMT control init function Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Allow runtime control of L1D flush Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Serialize L1D flush parameter setter Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Add static key for flush always Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Move l1tf setup function Thomas Gleixner <tglx(a)linutronix.de> x86/l1tf: Handle EPT disabled state proper Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Drop L1TF MSR list approach Thomas Gleixner <tglx(a)linutronix.de> x86/litf: Introduce vmx status variable Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Online siblings when SMT control is turned on Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Add find_msr() helper function Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D flush logic Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D MSR based flush Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D flush algorithm Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Add module argument for L1TF mitigation Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Boot HT siblings at least once Thomas Gleixner <tglx(a)linutronix.de> Revert "x86/apic: Ignore secondary threads if nosmt=force" Michal Hocko <mhocko(a)suse.cz> x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Protect PAE swap entries against L1TF Borislav Petkov <bp(a)suse.de> x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/cpufeatures: Add detection of L1D cache flush support. Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Extend 64bit swap file size limit Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Ignore secondary threads if nosmt=force Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/AMD: Evaluate smp_num_siblings early Borislav Petkov <bp(a)suse.de> x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/intel: Evaluate smp_num_siblings early Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/topology: Provide detect_extended_topology_early() Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/common: Provide detect_ht_early() Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/AMD: Remove the pointless detect_ht() call Thomas Gleixner <tglx(a)linutronix.de> x86/cpu: Remove the pointless CPU printout Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Provide knobs to control SMT Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Split do_cpu_down() Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Make bringup/teardown of smp threads symmetric Thomas Gleixner <tglx(a)linutronix.de> x86/topology: Provide topology_smt_supported() Thomas Gleixner <tglx(a)linutronix.de> x86/smp: Provide topology_is_primary_thread() Peter Zijlstra <peterz(a)infradead.org> sched/smt: Update sched_smt_present at runtime Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Move the l1tf function and define pr_fmt properly Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Limit swap file size to MAX_PA/2 Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Add sysfs reporting for l1tf Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Make sure the first page is always reserved Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation Linus Torvalds <torvalds(a)linux-foundation.org> x86/speculation/l1tf: Protect swap entries against L1TF Linus Torvalds <torvalds(a)linux-foundation.org> x86/speculation/l1tf: Change order of offset/type in swap entry Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT Nick Desaulniers <ndesaulniers(a)google.com> x86/irqflags: Provide a declaration for native_save_fl Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Fix %p uses in error messages Jiri Kosina <jkosina(a)suse.cz> x86/speculation: Protect against userspace-userspace spectreRSB Peter Zijlstra <peterz(a)infradead.org> x86/paravirt: Fix spectre-v2 mitigations for paravirt guests ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 24 + Documentation/admin-guide/index.rst | 9 + Documentation/admin-guide/kernel-parameters.txt | 78 +++ Documentation/admin-guide/l1tf.rst | 610 +++++++++++++++++++++ Makefile | 4 +- arch/Kconfig | 3 + arch/x86/Kconfig | 1 + arch/x86/include/asm/apic.h | 9 + arch/x86/include/asm/cpufeatures.h | 3 + arch/x86/include/asm/dmi.h | 2 +- arch/x86/include/asm/hardirq.h | 26 +- arch/x86/include/asm/irqflags.h | 2 + arch/x86/include/asm/kvm_host.h | 6 + arch/x86/include/asm/msr-index.h | 7 + arch/x86/include/asm/page_32_types.h | 9 +- arch/x86/include/asm/pgtable-2level.h | 17 + arch/x86/include/asm/pgtable-3level.h | 37 +- arch/x86/include/asm/pgtable-invert.h | 32 ++ arch/x86/include/asm/pgtable.h | 74 ++- arch/x86/include/asm/pgtable_64.h | 38 +- arch/x86/include/asm/processor.h | 17 + arch/x86/include/asm/topology.h | 6 +- arch/x86/include/asm/vmx.h | 11 + arch/x86/kernel/apic/apic.c | 16 + arch/x86/kernel/apic/io_apic.c | 1 + arch/x86/kernel/apic/msi.c | 1 + arch/x86/kernel/apic/vector.c | 1 + arch/x86/kernel/cpu/amd.c | 51 +- arch/x86/kernel/cpu/bugs.c | 171 ++++-- arch/x86/kernel/cpu/common.c | 56 +- arch/x86/kernel/cpu/cpu.h | 2 + arch/x86/kernel/cpu/intel.c | 7 + arch/x86/kernel/cpu/microcode/core.c | 16 +- arch/x86/kernel/cpu/topology.c | 41 +- arch/x86/kernel/fpu/core.c | 1 + arch/x86/kernel/hpet.c | 1 + arch/x86/kernel/i8259.c | 1 + arch/x86/kernel/idt.c | 1 + arch/x86/kernel/irq.c | 1 + arch/x86/kernel/irq_32.c | 1 + arch/x86/kernel/irq_64.c | 1 + arch/x86/kernel/irqinit.c | 1 + arch/x86/kernel/kprobes/core.c | 5 +- arch/x86/kernel/paravirt.c | 14 +- arch/x86/kernel/setup.c | 6 + arch/x86/kernel/smp.c | 1 + arch/x86/kernel/smpboot.c | 18 + arch/x86/kernel/time.c | 1 + arch/x86/kvm/mmu.c | 1 + arch/x86/kvm/vmx.c | 455 ++++++++++++--- arch/x86/kvm/x86.c | 34 +- arch/x86/mm/init.c | 23 + arch/x86/mm/kmmio.c | 25 +- arch/x86/mm/mmap.c | 21 + arch/x86/mm/pageattr.c | 8 +- arch/x86/mm/pti.c | 1 + .../intel-mid/device_libs/platform_mrfld_wdt.c | 1 + arch/x86/platform/uv/tlb_uv.c | 1 + arch/x86/xen/enlighten.c | 1 + drivers/base/cpu.c | 8 + drivers/gpu/drm/i915/i915_pmu.c | 1 + drivers/gpu/drm/i915/intel_lpe_audio.c | 1 + drivers/pci/controller/pci-hyperv.c | 1 + include/asm-generic/pgtable.h | 12 + include/linux/cpu.h | 21 + include/linux/swapfile.h | 2 + kernel/cpu.c | 280 +++++++++- kernel/sched/core.c | 30 +- kernel/sched/fair.c | 1 + kernel/smp.c | 2 + mm/memory.c | 37 +- mm/mprotect.c | 49 ++ mm/swapfile.c | 46 +- tools/arch/x86/include/asm/cpufeatures.h | 3 + 74 files changed, 2206 insertions(+), 300 deletions(-)

7 years, 1 month

3
82
0 0

[PATCH v2 1/2] arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()

by Greg Hackmann

ARM64's pfn_valid() shifts away the upper PAGE_SHIFT bits of the input before seeing if the PFN is valid. This leads to false positives when some of the upper bits are set, but the lower bits match a valid PFN. For example, the following userspace code looks up a bogus entry in /proc/kpageflags: int pagemap = open("/proc/self/pagemap", O_RDONLY); int pageflags = open("/proc/kpageflags", O_RDONLY); uint64_t pfn, val; lseek64(pagemap, [...], SEEK_SET); read(pagemap, &pfn, sizeof(pfn)); if (pfn & (1UL << 63)) { /* valid PFN */ pfn &= ((1UL << 55) - 1); /* clear flag bits */ pfn |= (1UL << 55); lseek64(pageflags, pfn * sizeof(uint64_t), SEEK_SET); read(pageflags, &val, sizeof(val)); } On ARM64 this causes the userspace process to crash with SIGSEGV rather than reading (1 << KPF_NOPAGE). kpageflags_read() treats the offset as valid, and stable_page_flags() will try to access an address between the user and kernel address ranges. Fixes: c1cc1552616d ("arm64: MMU initialisation") Cc: stable(a)vger.kernel.org Signed-off-by: Greg Hackmann <ghackmann(a)google.com> --- arch/arm64/mm/init.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c index 9abf8a1e7b25..787e27964ab9 100644 --- a/arch/arm64/mm/init.c +++ b/arch/arm64/mm/init.c @@ -287,7 +287,11 @@ static void __init zone_sizes_init(unsigned long min, unsigned long max) #ifdef CONFIG_HAVE_ARCH_PFN_VALID int pfn_valid(unsigned long pfn) { - return memblock_is_map_memory(pfn << PAGE_SHIFT); + phys_addr_t addr = pfn << PAGE_SHIFT; + + if ((addr >> PAGE_SHIFT) != pfn) + return 0; + return memblock_is_map_memory(addr); } EXPORT_SYMBOL(pfn_valid); #endif -- 2.18.0.865.gffc8e1a3cd6-goog

7 years, 1 month

1
1
0 0

[PATCH 1/2] Fix kexec forbidding kernels signed with keys in the secondary keyring to boot

by Yannik Sembritzki

The split of .system_keyring to .builtin_trusted_keys and .secondary_trusted_keys broke kexec, as kernels signed by keys which are now in the secondary keyring cannot be kexec'd anymore. Signed-off-by: Yannik Sembritzki <yannik(a)sembritzki.me> CC: stable(a)vger.kernel.org --- arch/x86/kernel/kexec-bzimage64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c index 7326078e..74628275 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c @@ -532,7 +532,7 @@ static int bzImage64_cleanup(void *loader_data) static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len) { return verify_pefile_signature(kernel, kernel_len, - NULL, + ((struct key *)1UL), VERIFYING_KEXEC_PE_SIGNATURE); } #endif -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v8 5/5] drm/nouveau: Fix deadlocks in nouveau_connector_detect()

by Lyude Paul

When we disable hotplugging on the GPU, we need to be able to synchronize with each connector's hotplug interrupt handler before the interrupt is finally disabled. This can be a problem however, since nouveau_connector_detect() currently grabs a runtime power reference when handling connector probing. This will deadlock the runtime suspend handler like so: [ 861.480896] INFO: task kworker/0:2:61 blocked for more than 120 seconds. [ 861.483290] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.485158] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.486332] kworker/0:2 D 0 61 2 0x80000000 [ 861.487044] Workqueue: events nouveau_display_hpd_work [nouveau] [ 861.487737] Call Trace: [ 861.488394] __schedule+0x322/0xaf0 [ 861.489070] schedule+0x33/0x90 [ 861.489744] rpm_resume+0x19c/0x850 [ 861.490392] ? finish_wait+0x90/0x90 [ 861.491068] __pm_runtime_resume+0x4e/0x90 [ 861.491753] nouveau_display_hpd_work+0x22/0x60 [nouveau] [ 861.492416] process_one_work+0x231/0x620 [ 861.493068] worker_thread+0x44/0x3a0 [ 861.493722] kthread+0x12b/0x150 [ 861.494342] ? wq_pool_ids_show+0x140/0x140 [ 861.494991] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.495648] ret_from_fork+0x3a/0x50 [ 861.496304] INFO: task kworker/6:2:320 blocked for more than 120 seconds. [ 861.496968] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.497654] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.498341] kworker/6:2 D 0 320 2 0x80000080 [ 861.499045] Workqueue: pm pm_runtime_work [ 861.499739] Call Trace: [ 861.500428] __schedule+0x322/0xaf0 [ 861.501134] ? wait_for_completion+0x104/0x190 [ 861.501851] schedule+0x33/0x90 [ 861.502564] schedule_timeout+0x3a5/0x590 [ 861.503284] ? mark_held_locks+0x58/0x80 [ 861.503988] ? _raw_spin_unlock_irq+0x2c/0x40 [ 861.504710] ? wait_for_completion+0x104/0x190 [ 861.505417] ? trace_hardirqs_on_caller+0xf4/0x190 [ 861.506136] ? wait_for_completion+0x104/0x190 [ 861.506845] wait_for_completion+0x12c/0x190 [ 861.507555] ? wake_up_q+0x80/0x80 [ 861.508268] flush_work+0x1c9/0x280 [ 861.508990] ? flush_workqueue_prep_pwqs+0x1b0/0x1b0 [ 861.509735] nvif_notify_put+0xb1/0xc0 [nouveau] [ 861.510482] nouveau_display_fini+0xbd/0x170 [nouveau] [ 861.511241] nouveau_display_suspend+0x67/0x120 [nouveau] [ 861.511969] nouveau_do_suspend+0x5e/0x2d0 [nouveau] [ 861.512715] nouveau_pmops_runtime_suspend+0x47/0xb0 [nouveau] [ 861.513435] pci_pm_runtime_suspend+0x6b/0x180 [ 861.514165] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.514897] __rpm_callback+0x7a/0x1d0 [ 861.515618] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.516313] rpm_callback+0x24/0x80 [ 861.517027] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.517741] rpm_suspend+0x142/0x6b0 [ 861.518449] pm_runtime_work+0x97/0xc0 [ 861.519144] process_one_work+0x231/0x620 [ 861.519831] worker_thread+0x44/0x3a0 [ 861.520522] kthread+0x12b/0x150 [ 861.521220] ? wq_pool_ids_show+0x140/0x140 [ 861.521925] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.522622] ret_from_fork+0x3a/0x50 [ 861.523299] INFO: task kworker/6:0:1329 blocked for more than 120 seconds. [ 861.523977] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.524644] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.525349] kworker/6:0 D 0 1329 2 0x80000000 [ 861.526073] Workqueue: events nvif_notify_work [nouveau] [ 861.526751] Call Trace: [ 861.527411] __schedule+0x322/0xaf0 [ 861.528089] schedule+0x33/0x90 [ 861.528758] rpm_resume+0x19c/0x850 [ 861.529399] ? finish_wait+0x90/0x90 [ 861.530073] __pm_runtime_resume+0x4e/0x90 [ 861.530798] nouveau_connector_detect+0x7e/0x510 [nouveau] [ 861.531459] ? ww_mutex_lock+0x47/0x80 [ 861.532097] ? ww_mutex_lock+0x47/0x80 [ 861.532819] ? drm_modeset_lock+0x88/0x130 [drm] [ 861.533481] drm_helper_probe_detect_ctx+0xa0/0x100 [drm_kms_helper] [ 861.534127] drm_helper_hpd_irq_event+0xa4/0x120 [drm_kms_helper] [ 861.534940] nouveau_connector_hotplug+0x98/0x120 [nouveau] [ 861.535556] nvif_notify_work+0x2d/0xb0 [nouveau] [ 861.536221] process_one_work+0x231/0x620 [ 861.536994] worker_thread+0x44/0x3a0 [ 861.537757] kthread+0x12b/0x150 [ 861.538463] ? wq_pool_ids_show+0x140/0x140 [ 861.539102] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.539815] ret_from_fork+0x3a/0x50 [ 861.540521] Showing all locks held in the system: [ 861.541696] 2 locks held by kworker/0:2/61: [ 861.542406] #0: 000000002dbf8af5 ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.543071] #1: 0000000076868126 ((work_completion)(&drm->hpd_work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.543814] 1 lock held by khungtaskd/64: [ 861.544535] #0: 0000000059db4b53 (rcu_read_lock){....}, at: debug_show_all_locks+0x23/0x185 [ 861.545160] 3 locks held by kworker/6:2/320: [ 861.545896] #0: 00000000d9e1bc59 ((wq_completion)"pm"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.546702] #1: 00000000c9f92d84 ((work_completion)(&dev->power.work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.547443] #2: 000000004afc5de1 (drm_connector_list_iter){.+.+}, at: nouveau_display_fini+0x96/0x170 [nouveau] [ 861.548146] 1 lock held by dmesg/983: [ 861.548889] 2 locks held by zsh/1250: [ 861.549605] #0: 00000000348e3cf6 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 861.550393] #1: 000000007009a7a8 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0xc1/0x870 [ 861.551122] 6 locks held by kworker/6:0/1329: [ 861.551957] #0: 000000002dbf8af5 ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.552765] #1: 00000000ddb499ad ((work_completion)(&notify->work)#2){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.553582] #2: 000000006e013cbe (&dev->mode_config.mutex){+.+.}, at: drm_helper_hpd_irq_event+0x6c/0x120 [drm_kms_helper] [ 861.554357] #3: 000000004afc5de1 (drm_connector_list_iter){.+.+}, at: drm_helper_hpd_irq_event+0x78/0x120 [drm_kms_helper] [ 861.555227] #4: 0000000044f294d9 (crtc_ww_class_acquire){+.+.}, at: drm_helper_probe_detect_ctx+0x3d/0x100 [drm_kms_helper] [ 861.556133] #5: 00000000db193642 (crtc_ww_class_mutex){+.+.}, at: drm_modeset_lock+0x4b/0x130 [drm] [ 861.557864] ============================================= [ 861.559507] NMI backtrace for cpu 2 [ 861.560363] CPU: 2 PID: 64 Comm: khungtaskd Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.561197] Hardware name: LENOVO 20EQS64N0B/20EQS64N0B, BIOS N1EET78W (1.51 ) 05/18/2018 [ 861.561948] Call Trace: [ 861.562757] dump_stack+0x8e/0xd3 [ 861.563516] nmi_cpu_backtrace.cold.3+0x14/0x5a [ 861.564269] ? lapic_can_unplug_cpu.cold.27+0x42/0x42 [ 861.565029] nmi_trigger_cpumask_backtrace+0xa1/0xae [ 861.565789] arch_trigger_cpumask_backtrace+0x19/0x20 [ 861.566558] watchdog+0x316/0x580 [ 861.567355] kthread+0x12b/0x150 [ 861.568114] ? reset_hung_task_detector+0x20/0x20 [ 861.568863] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.569598] ret_from_fork+0x3a/0x50 [ 861.570370] Sending NMI from CPU 2 to CPUs 0-1,3-7: [ 861.571426] NMI backtrace for cpu 6 skipped: idling at intel_idle+0x7f/0x120 [ 861.571429] NMI backtrace for cpu 7 skipped: idling at intel_idle+0x7f/0x120 [ 861.571432] NMI backtrace for cpu 3 skipped: idling at intel_idle+0x7f/0x120 [ 861.571464] NMI backtrace for cpu 5 skipped: idling at intel_idle+0x7f/0x120 [ 861.571467] NMI backtrace for cpu 0 skipped: idling at intel_idle+0x7f/0x120 [ 861.571469] NMI backtrace for cpu 4 skipped: idling at intel_idle+0x7f/0x120 [ 861.571472] NMI backtrace for cpu 1 skipped: idling at intel_idle+0x7f/0x120 [ 861.572428] Kernel panic - not syncing: hung_task: blocked tasks So: fix this by making it so that normal hotplug handling /only/ happens so long as the GPU is currently awake without any pending runtime PM requests. In the event that a hotplug occurs while the device is suspending or resuming, we can simply defer our response until the GPU is fully runtime resumed again. Changes since v4: - Use a new trick I came up with using pm_runtime_get() instead of the hackish junk we had before Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Karol Herbst <kherbst(a)redhat.com> Acked-by: Daniel Vetter <daniel(a)ffwll.ch> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> --- drivers/gpu/drm/nouveau/nouveau_connector.c | 22 +++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c index 010d6db14cba..109240c03357 100644 --- a/drivers/gpu/drm/nouveau/nouveau_connector.c +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c @@ -1124,6 +1124,26 @@ nouveau_connector_hotplug(struct nvif_notify *notify) const struct nvif_notify_conn_rep_v0 *rep = notify->data; const char *name = connector->name; struct nouveau_encoder *nv_encoder; + int ret; + + ret = pm_runtime_get(drm->dev->dev); + if (ret == 0) { + /* We can't block here if there's a pending PM request + * running, as we'll deadlock nouveau_display_fini() when it + * calls nvif_put() on our nvif_notify struct. So, simply + * defer the hotplug event until the device finishes resuming + */ + NV_DEBUG(drm, "Deferring HPD on %s until runtime resume\n", + name); + schedule_work(&drm->hpd_work); + + pm_runtime_put_noidle(drm->dev->dev); + return NVIF_NOTIFY_KEEP; + } else if (ret != 1 && ret != -EACCES) { + NV_WARN(drm, "HPD on %s dropped due to RPM failure: %d\n", + name, ret); + return NVIF_NOTIFY_DROP; + } if (rep->mask & NVIF_NOTIFY_CONN_V0_IRQ) { NV_DEBUG(drm, "service %s\n", name); @@ -1141,6 +1161,8 @@ nouveau_connector_hotplug(struct nvif_notify *notify) drm_helper_hpd_irq_event(connector->dev); } + pm_runtime_mark_last_busy(drm->dev->dev); + pm_runtime_put_autosuspend(drm->dev->dev); return NVIF_NOTIFY_KEEP; } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v8 4/5] drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()

by Lyude Paul

It's true we can't resume the device from poll workers in nouveau_connector_detect(). We can however, prevent the autosuspend timer from elapsing immediately if it hasn't already without risking any sort of deadlock with the runtime suspend/resume operations. So do that instead of entirely avoiding grabbing a power reference. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Karol Herbst <kherbst(a)redhat.com> Acked-by: Daniel Vetter <daniel(a)ffwll.ch> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> --- drivers/gpu/drm/nouveau/nouveau_connector.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c index 2a45b4c2ceb0..010d6db14cba 100644 --- a/drivers/gpu/drm/nouveau/nouveau_connector.c +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c @@ -572,12 +572,16 @@ nouveau_connector_detect(struct drm_connector *connector, bool force) nv_connector->edid = NULL; } - /* Outputs are only polled while runtime active, so acquiring a - * runtime PM ref here is unnecessary (and would deadlock upon - * runtime suspend because it waits for polling to finish). + /* Outputs are only polled while runtime active, so resuming the + * device here is unnecessary (and would deadlock upon runtime suspend + * because it waits for polling to finish). We do however, want to + * prevent the autosuspend timer from elapsing during this operation + * if possible. */ - if (!drm_kms_helper_is_poll_worker()) { - ret = pm_runtime_get_sync(connector->dev->dev); + if (drm_kms_helper_is_poll_worker()) { + pm_runtime_get_noresume(dev->dev); + } else { + ret = pm_runtime_get_sync(dev->dev); if (ret < 0 && ret != -EACCES) return conn_status; } @@ -655,10 +659,8 @@ nouveau_connector_detect(struct drm_connector *connector, bool force) out: - if (!drm_kms_helper_is_poll_worker()) { - pm_runtime_mark_last_busy(connector->dev->dev); - pm_runtime_put_autosuspend(connector->dev->dev); - } + pm_runtime_mark_last_busy(dev->dev); + pm_runtime_put_autosuspend(dev->dev); return conn_status; } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v8 3/5] drm/nouveau: Fix deadlock with fb_helper with async RPM requests

by Lyude Paul

Currently, nouveau uses the generic drm_fb_helper_output_poll_changed() function provided by DRM as it's output_poll_changed callback. Unfortunately however, this function doesn't grab runtime PM references early enough and even if it did-we can't block waiting for the device to resume in output_poll_changed() since it's very likely that we'll need to grab the fb_helper lock at some point during the runtime resume process. This currently results in deadlocking like so: [ 246.669625] INFO: task kworker/4:0:37 blocked for more than 120 seconds. [ 246.673398] Not tainted 4.18.0-rc5Lyude-Test+ #2 [ 246.675271] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.676527] kworker/4:0 D 0 37 2 0x80000000 [ 246.677580] Workqueue: events output_poll_execute [drm_kms_helper] [ 246.678704] Call Trace: [ 246.679753] __schedule+0x322/0xaf0 [ 246.680916] schedule+0x33/0x90 [ 246.681924] schedule_preempt_disabled+0x15/0x20 [ 246.683023] __mutex_lock+0x569/0x9a0 [ 246.684035] ? kobject_uevent_env+0x117/0x7b0 [ 246.685132] ? drm_fb_helper_hotplug_event.part.28+0x20/0xb0 [drm_kms_helper] [ 246.686179] mutex_lock_nested+0x1b/0x20 [ 246.687278] ? mutex_lock_nested+0x1b/0x20 [ 246.688307] drm_fb_helper_hotplug_event.part.28+0x20/0xb0 [drm_kms_helper] [ 246.689420] drm_fb_helper_output_poll_changed+0x23/0x30 [drm_kms_helper] [ 246.690462] drm_kms_helper_hotplug_event+0x2a/0x30 [drm_kms_helper] [ 246.691570] output_poll_execute+0x198/0x1c0 [drm_kms_helper] [ 246.692611] process_one_work+0x231/0x620 [ 246.693725] worker_thread+0x214/0x3a0 [ 246.694756] kthread+0x12b/0x150 [ 246.695856] ? wq_pool_ids_show+0x140/0x140 [ 246.696888] ? kthread_create_worker_on_cpu+0x70/0x70 [ 246.697998] ret_from_fork+0x3a/0x50 [ 246.699034] INFO: task kworker/0:1:60 blocked for more than 120 seconds. [ 246.700153] Not tainted 4.18.0-rc5Lyude-Test+ #2 [ 246.701182] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.702278] kworker/0:1 D 0 60 2 0x80000000 [ 246.703293] Workqueue: pm pm_runtime_work [ 246.704393] Call Trace: [ 246.705403] __schedule+0x322/0xaf0 [ 246.706439] ? wait_for_completion+0x104/0x190 [ 246.707393] schedule+0x33/0x90 [ 246.708375] schedule_timeout+0x3a5/0x590 [ 246.709289] ? mark_held_locks+0x58/0x80 [ 246.710208] ? _raw_spin_unlock_irq+0x2c/0x40 [ 246.711222] ? wait_for_completion+0x104/0x190 [ 246.712134] ? trace_hardirqs_on_caller+0xf4/0x190 [ 246.713094] ? wait_for_completion+0x104/0x190 [ 246.713964] wait_for_completion+0x12c/0x190 [ 246.714895] ? wake_up_q+0x80/0x80 [ 246.715727] ? get_work_pool+0x90/0x90 [ 246.716649] flush_work+0x1c9/0x280 [ 246.717483] ? flush_workqueue_prep_pwqs+0x1b0/0x1b0 [ 246.718442] __cancel_work_timer+0x146/0x1d0 [ 246.719247] cancel_delayed_work_sync+0x13/0x20 [ 246.720043] drm_kms_helper_poll_disable+0x1f/0x30 [drm_kms_helper] [ 246.721123] nouveau_pmops_runtime_suspend+0x3d/0xb0 [nouveau] [ 246.721897] pci_pm_runtime_suspend+0x6b/0x190 [ 246.722825] ? pci_has_legacy_pm_support+0x70/0x70 [ 246.723737] __rpm_callback+0x7a/0x1d0 [ 246.724721] ? pci_has_legacy_pm_support+0x70/0x70 [ 246.725607] rpm_callback+0x24/0x80 [ 246.726553] ? pci_has_legacy_pm_support+0x70/0x70 [ 246.727376] rpm_suspend+0x142/0x6b0 [ 246.728185] pm_runtime_work+0x97/0xc0 [ 246.728938] process_one_work+0x231/0x620 [ 246.729796] worker_thread+0x44/0x3a0 [ 246.730614] kthread+0x12b/0x150 [ 246.731395] ? wq_pool_ids_show+0x140/0x140 [ 246.732202] ? kthread_create_worker_on_cpu+0x70/0x70 [ 246.732878] ret_from_fork+0x3a/0x50 [ 246.733768] INFO: task kworker/4:2:422 blocked for more than 120 seconds. [ 246.734587] Not tainted 4.18.0-rc5Lyude-Test+ #2 [ 246.735393] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.736113] kworker/4:2 D 0 422 2 0x80000080 [ 246.736789] Workqueue: events_long drm_dp_mst_link_probe_work [drm_kms_helper] [ 246.737665] Call Trace: [ 246.738490] __schedule+0x322/0xaf0 [ 246.739250] schedule+0x33/0x90 [ 246.739908] rpm_resume+0x19c/0x850 [ 246.740750] ? finish_wait+0x90/0x90 [ 246.741541] __pm_runtime_resume+0x4e/0x90 [ 246.742370] nv50_disp_atomic_commit+0x31/0x210 [nouveau] [ 246.743124] drm_atomic_commit+0x4a/0x50 [drm] [ 246.743775] restore_fbdev_mode_atomic+0x1c8/0x240 [drm_kms_helper] [ 246.744603] restore_fbdev_mode+0x31/0x140 [drm_kms_helper] [ 246.745373] drm_fb_helper_restore_fbdev_mode_unlocked+0x54/0xb0 [drm_kms_helper] [ 246.746220] drm_fb_helper_set_par+0x2d/0x50 [drm_kms_helper] [ 246.746884] drm_fb_helper_hotplug_event.part.28+0x96/0xb0 [drm_kms_helper] [ 246.747675] drm_fb_helper_output_poll_changed+0x23/0x30 [drm_kms_helper] [ 246.748544] drm_kms_helper_hotplug_event+0x2a/0x30 [drm_kms_helper] [ 246.749439] nv50_mstm_hotplug+0x15/0x20 [nouveau] [ 246.750111] drm_dp_send_link_address+0x177/0x1c0 [drm_kms_helper] [ 246.750764] drm_dp_check_and_send_link_address+0xa8/0xd0 [drm_kms_helper] [ 246.751602] drm_dp_mst_link_probe_work+0x51/0x90 [drm_kms_helper] [ 246.752314] process_one_work+0x231/0x620 [ 246.752979] worker_thread+0x44/0x3a0 [ 246.753838] kthread+0x12b/0x150 [ 246.754619] ? wq_pool_ids_show+0x140/0x140 [ 246.755386] ? kthread_create_worker_on_cpu+0x70/0x70 [ 246.756162] ret_from_fork+0x3a/0x50 [ 246.756847] Showing all locks held in the system: [ 246.758261] 3 locks held by kworker/4:0/37: [ 246.759016] #0: 00000000f8df4d2d ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.759856] #1: 00000000e6065461 ((work_completion)(&(&dev->mode_config.output_poll_work)->work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.760670] #2: 00000000cb66735f (&helper->lock){+.+.}, at: drm_fb_helper_hotplug_event.part.28+0x20/0xb0 [drm_kms_helper] [ 246.761516] 2 locks held by kworker/0:1/60: [ 246.762274] #0: 00000000fff6be0f ((wq_completion)"pm"){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.762982] #1: 000000005ab44fb4 ((work_completion)(&dev->power.work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.763890] 1 lock held by khungtaskd/64: [ 246.764664] #0: 000000008cb8b5c3 (rcu_read_lock){....}, at: debug_show_all_locks+0x23/0x185 [ 246.765588] 5 locks held by kworker/4:2/422: [ 246.766440] #0: 00000000232f0959 ((wq_completion)"events_long"){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.767390] #1: 00000000bb59b134 ((work_completion)(&mgr->work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.768154] #2: 00000000cb66735f (&helper->lock){+.+.}, at: drm_fb_helper_restore_fbdev_mode_unlocked+0x4c/0xb0 [drm_kms_helper] [ 246.768966] #3: 000000004c8f0b6b (crtc_ww_class_acquire){+.+.}, at: restore_fbdev_mode_atomic+0x4b/0x240 [drm_kms_helper] [ 246.769921] #4: 000000004c34a296 (crtc_ww_class_mutex){+.+.}, at: drm_modeset_backoff+0x8a/0x1b0 [drm] [ 246.770839] 1 lock held by dmesg/1038: [ 246.771739] 2 locks held by zsh/1172: [ 246.772650] #0: 00000000836d0438 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 246.773680] #1: 000000001f4f4d48 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0xc1/0x870 [ 246.775522] ============================================= After trying dozens of different solutions, I found one very simple one that should also have the benefit of preventing us from having to fight locking for the rest of our lives. So, we work around these deadlocks by deferring all fbcon hotplug events that happen after the runtime suspend process starts until after the device is resumed again. Changes since v7: - Fixup commit message - Daniel Vetter Changes since v6: - Remove unused nouveau_fbcon_hotplugged_in_suspend() - Ilia Changes since v5: - Come up with the (hopefully final) solution for solving this dumb problem, one that is a lot less likely to cause issues with locking in the future. This should work around all deadlock conditions with fbcon brought up thus far. Changes since v4: - Add nouveau_fbcon_hotplugged_in_suspend() to workaround deadlock condition that Lukas described - Just move all of this out of drm_fb_helper. It seems that other DRM drivers have already figured out other workarounds for this. If other drivers do end up needing this in the future, we can just move this back into drm_fb_helper again. Changes since v3: - Actually check if fb_helper is NULL in both new helpers - Actually check drm_fbdev_emulation in both new helpers - Don't fire off a fb_helper hotplug unconditionally; only do it if the following conditions are true (as otherwise, calling this in the wrong spot will cause Bad Things to happen): - fb_helper hotplug handling was actually inhibited previously - fb_helper actually has a delayed hotplug pending - fb_helper is actually bound - fb_helper is actually initialized - Add __must_check to drm_fb_helper_suspend_hotplug(). There's no situation where a driver would actually want to use this without checking the return value, so enforce that - Rewrite and clarify the documentation for both helpers. - Make sure to return true in the drm_fb_helper_suspend_hotplug() stub that's provided in drm_fb_helper.h when CONFIG_DRM_FBDEV_EMULATION isn't enabled - Actually grab the toplevel fb_helper lock in drm_fb_helper_resume_hotplug(), since it's possible other activity (such as a hotplug) could be going on at the same time the driver calls drm_fb_helper_resume_hotplug(). We need this to check whether or not drm_fb_helper_hotplug_event() needs to be called anyway Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Karol Herbst <kherbst(a)redhat.com> Acked-by: Daniel Vetter <daniel(a)ffwll.ch> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 2 +- drivers/gpu/drm/nouveau/nouveau_display.c | 2 +- drivers/gpu/drm/nouveau/nouveau_fbcon.c | 57 +++++++++++++++++++++++ drivers/gpu/drm/nouveau/nouveau_fbcon.h | 5 ++ 4 files changed, 64 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 8b522a9b12f6..a0772389ed90 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -2049,7 +2049,7 @@ nv50_disp_atomic_state_alloc(struct drm_device *dev) static const struct drm_mode_config_funcs nv50_disp_func = { .fb_create = nouveau_user_framebuffer_create, - .output_poll_changed = drm_fb_helper_output_poll_changed, + .output_poll_changed = nouveau_fbcon_output_poll_changed, .atomic_check = nv50_disp_atomic_check, .atomic_commit = nv50_disp_atomic_commit, .atomic_state_alloc = nv50_disp_atomic_state_alloc, diff --git a/drivers/gpu/drm/nouveau/nouveau_display.c b/drivers/gpu/drm/nouveau/nouveau_display.c index 1d36ab5d4796..4b873e668b26 100644 --- a/drivers/gpu/drm/nouveau/nouveau_display.c +++ b/drivers/gpu/drm/nouveau/nouveau_display.c @@ -293,7 +293,7 @@ nouveau_user_framebuffer_create(struct drm_device *dev, static const struct drm_mode_config_funcs nouveau_mode_config_funcs = { .fb_create = nouveau_user_framebuffer_create, - .output_poll_changed = drm_fb_helper_output_poll_changed, + .output_poll_changed = nouveau_fbcon_output_poll_changed, }; diff --git a/drivers/gpu/drm/nouveau/nouveau_fbcon.c b/drivers/gpu/drm/nouveau/nouveau_fbcon.c index 85c1f10bc2b6..8cf966690963 100644 --- a/drivers/gpu/drm/nouveau/nouveau_fbcon.c +++ b/drivers/gpu/drm/nouveau/nouveau_fbcon.c @@ -466,6 +466,7 @@ nouveau_fbcon_set_suspend_work(struct work_struct *work) console_unlock(); if (state == FBINFO_STATE_RUNNING) { + nouveau_fbcon_hotplug_resume(drm->fbcon); pm_runtime_mark_last_busy(drm->dev->dev); pm_runtime_put_sync(drm->dev->dev); } @@ -487,6 +488,61 @@ nouveau_fbcon_set_suspend(struct drm_device *dev, int state) schedule_work(&drm->fbcon_work); } +void +nouveau_fbcon_output_poll_changed(struct drm_device *dev) +{ + struct nouveau_drm *drm = nouveau_drm(dev); + struct nouveau_fbdev *fbcon = drm->fbcon; + int ret; + + if (!fbcon) + return; + + mutex_lock(&fbcon->hotplug_lock); + + ret = pm_runtime_get(dev->dev); + if (ret == 1 || ret == -EACCES) { + drm_fb_helper_hotplug_event(&fbcon->helper); + + pm_runtime_mark_last_busy(dev->dev); + pm_runtime_put_autosuspend(dev->dev); + } else if (ret == 0) { + /* If the GPU was already in the process of suspending before + * this event happened, then we can't block here as we'll + * deadlock the runtime pmops since they wait for us to + * finish. So, just defer this event for when we runtime + * resume again. It will be handled by fbcon_work. + */ + NV_DEBUG(drm, "fbcon HPD event deferred until runtime resume\n"); + fbcon->hotplug_waiting = true; + pm_runtime_put_noidle(drm->dev->dev); + } else { + DRM_WARN("fbcon HPD event lost due to RPM failure: %d\n", + ret); + } + + mutex_unlock(&fbcon->hotplug_lock); +} + +void +nouveau_fbcon_hotplug_resume(struct nouveau_fbdev *fbcon) +{ + struct nouveau_drm *drm; + + if (!fbcon) + return; + drm = nouveau_drm(fbcon->helper.dev); + + mutex_lock(&fbcon->hotplug_lock); + if (fbcon->hotplug_waiting) { + fbcon->hotplug_waiting = false; + + NV_DEBUG(drm, "Handling deferred fbcon HPD events\n"); + drm_fb_helper_hotplug_event(&fbcon->helper); + } + mutex_unlock(&fbcon->hotplug_lock); +} + int nouveau_fbcon_init(struct drm_device *dev) { @@ -505,6 +561,7 @@ nouveau_fbcon_init(struct drm_device *dev) drm->fbcon = fbcon; INIT_WORK(&drm->fbcon_work, nouveau_fbcon_set_suspend_work); + mutex_init(&fbcon->hotplug_lock); drm_fb_helper_prepare(dev, &fbcon->helper, &nouveau_fbcon_helper_funcs); diff --git a/drivers/gpu/drm/nouveau/nouveau_fbcon.h b/drivers/gpu/drm/nouveau/nouveau_fbcon.h index a6f192ea3fa6..db9d52047ef8 100644 --- a/drivers/gpu/drm/nouveau/nouveau_fbcon.h +++ b/drivers/gpu/drm/nouveau/nouveau_fbcon.h @@ -41,6 +41,9 @@ struct nouveau_fbdev { struct nvif_object gdi; struct nvif_object blit; struct nvif_object twod; + + struct mutex hotplug_lock; + bool hotplug_waiting; }; void nouveau_fbcon_restore(void); @@ -68,6 +71,8 @@ void nouveau_fbcon_set_suspend(struct drm_device *dev, int state); void nouveau_fbcon_accel_save_disable(struct drm_device *dev); void nouveau_fbcon_accel_restore(struct drm_device *dev); +void nouveau_fbcon_output_poll_changed(struct drm_device *dev); +void nouveau_fbcon_hotplug_resume(struct nouveau_fbdev *fbcon); extern int nouveau_nofbaccel; #endif /* __NV50_FBCON_H__ */ -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v8 2/5] drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend()

by Lyude Paul

Since actual hotplug notifications don't get disabled until nouveau_display_fini() is called, all this will do is cause any hotplugs that happen between this drm_kms_helper_poll_disable() call and the actual hotplug disablement to potentially be dropped if ACPI isn't around to help us. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Acked-by: Karol Herbst <kherbst(a)redhat.com> Acked-by: Daniel Vetter <daniel(a)ffwll.ch> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> --- drivers/gpu/drm/nouveau/nouveau_drm.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index c7ec86d6c3c9..5fdc1fbe2ee5 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -835,7 +835,6 @@ nouveau_pmops_runtime_suspend(struct device *dev) return -EBUSY; } - drm_kms_helper_poll_disable(drm_dev); nouveau_switcheroo_optimus_dsm(); ret = nouveau_do_suspend(drm_dev, true); pci_save_state(pdev); -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v8 1/5] drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement

by Lyude Paul

Turns out this part is my fault for not noticing when reviewing 9a2eba337cace ("drm/nouveau: Fix drm poll_helper handling"). Currently we call drm_kms_helper_poll_enable() from nouveau_display_hpd_work(). This makes basically no sense however, because that means we're calling drm_kms_helper_poll_enable() every time we schedule the hotplug detection work. This is also against the advice mentioned in drm_kms_helper_poll_enable()'s documentation: Note that calls to enable and disable polling must be strictly ordered, which is automatically the case when they're only call from suspend/resume callbacks. Of course, hotplugs can't really be ordered. They could even happen immediately after we called drm_kms_helper_poll_disable() in nouveau_display_fini(), which can lead to all sorts of issues. Additionally; enabling polling /after/ we call drm_helper_hpd_irq_event() could also mean that we'd miss a hotplug event anyway, since drm_helper_hpd_irq_event() wouldn't bother trying to probe connectors so long as polling is disabled. So; simply move this back into nouveau_display_init() again. The race condition that both of these patches attempted to work around has already been fixed properly in d61a5c106351 ("drm/nouveau: Fix deadlock on runtime suspend") Fixes: 9a2eba337cace ("drm/nouveau: Fix drm poll_helper handling") Signed-off-by: Lyude Paul <lyude(a)redhat.com> Acked-by: Karol Herbst <kherbst(a)redhat.com> Acked-by: Daniel Vetter <daniel(a)ffwll.ch> Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Peter Ujfalusi <peter.ujfalusi(a)ti.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/nouveau_display.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_display.c b/drivers/gpu/drm/nouveau/nouveau_display.c index ec7861457b84..1d36ab5d4796 100644 --- a/drivers/gpu/drm/nouveau/nouveau_display.c +++ b/drivers/gpu/drm/nouveau/nouveau_display.c @@ -355,8 +355,6 @@ nouveau_display_hpd_work(struct work_struct *work) pm_runtime_get_sync(drm->dev->dev); drm_helper_hpd_irq_event(drm->dev); - /* enable polling for external displays */ - drm_kms_helper_poll_enable(drm->dev); pm_runtime_mark_last_busy(drm->dev->dev); pm_runtime_put_sync(drm->dev->dev); @@ -411,6 +409,11 @@ nouveau_display_init(struct drm_device *dev) if (ret) return ret; + /* enable connector detection and polling for connectors without HPD + * support + */ + drm_kms_helper_poll_enable(dev); + /* enable hotplug interrupts */ drm_connector_list_iter_begin(dev, &conn_iter); nouveau_for_each_non_mst_connector_iter(connector, &conn_iter) { -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v4.{9, 14, 17, 18}] x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled

by Guenter Roeck

commit 1eb46908b35dfbac0ec1848d4b1e39667e0187e9 upstream allmodconfig+CONFIG_INTEL_KVM=n results in the following build error. ERROR: "l1tf_vmx_mitigation" [arch/x86/kvm/kvm.ko] undefined! Fixes: 5b76a3cff011 ("KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry") Reported-by: Meelis Roos <mroos(a)linux.ee> Cc: Meelis Roos <mroos(a)linux.ee> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> --- arch/x86/kernel/cpu/bugs.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 5229eaf73828..ac67a76550bd 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -647,10 +647,9 @@ void x86_spec_ctrl_setup_ap(void) enum l1tf_mitigations l1tf_mitigation __ro_after_init = L1TF_MITIGATION_FLUSH; #if IS_ENABLED(CONFIG_KVM_INTEL) EXPORT_SYMBOL_GPL(l1tf_mitigation); - +#endif enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO; EXPORT_SYMBOL_GPL(l1tf_vmx_mitigation); -#endif static void __init l1tf_select_mitigation(void) { -- 2.7.4

7 years, 1 month

2
2
0 0

Re: Fix for 84676c1f (b5b6e8c8) missing in 4.14.y

by Ming Lei

On Fri, Aug 10, 2018 at 02:09:01AM +0000, Felipe Franciosi wrote: > Hi Ming (and all), > > Your series "scsi: virtio_scsi: fix IO hang caused by irq vector automatic affinity" which forces virtio-scsi to use blk-mq fixes an issue introduced by 84676c1f. We noticed that this bug also exists in 4.14.y (as ef86f3a72adb), but your series was not backported to that stable branch. > > Are there any plans to do that? At least CoreOS is using 4.14 and showing issues on AHV (which provides an mq virtio-scsi controller). > Hi Felipe, Looks the following 4 patches should have been marked as stable, sorry for missing that. b5b6e8c8d3b4 scsi: virtio_scsi: fix IO hang caused by automatic irq vector affinity 2f31115e940c scsi: core: introduce force_blk_mq adbe552349f2 scsi: megaraid_sas: fix selection of reply queue 8b834bff1b73 scsi: hpsa: fix selection of reply queue Usually this backporting is done by our stable guys, so I will CC stable and leave them handle it, but I am happy to provide any help for addressing conflicts or sort of thing. Thanks, Ming

7 years, 1 month

3
7
0 0

Re: [PATCH 4.14 000/104] 4.14.63-stable review

by Jinpu Wang

> From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > Date: 2018年8月15日周三上午8:15 > Subject: Re: [PATCH 4.14 000/104] 4.14.63-stable review > To: <linux-kernel(a)vger.kernel.org> > Cc: <torvalds(a)linux-foundation.org>, <akpm(a)linux-foundation.org>, > <linux(a)roeck-us.net>, <shuah(a)kernel.org>, <patches(a)kernelci.org>, > <ben.hutchings(a)codethink.co.uk>, <lkft-triage(a)lists.linaro.org>, > <stable(a)vger.kernel.org> > > > On Tue, Aug 14, 2018 at 07:16:14PM +0200, Greg Kroah-Hartman wrote: > > This is the start of the stable review cycle for the 4.14.63 release. > > There are 104 patches in this series, all will be posted as a response > > to this one. If anyone has any issues with these being applied, please > > let me know. > > > > Responses should be made by Thu Aug 16 17:14:49 UTC 2018. > > Anything received after that time might be too late. > > > > The whole patch series can be found in one patch at: > > https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.63-rc… > > -rc2 is now out: > https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.63-rc… Merged to our tree, tested on my test machines with basic functional tests, all looks fine. Thanks, -- Jack Wang Linux Kernel Developer ProfitBricks GmbH Greifswalder Str. 207 D - 10405 Berlin Tel: +49 30 577 008 042 Fax: +49 30 577 008 299 Email: jinpu.wang(a)profitbricks.com URL: https://www.profitbricks.de Sitz der Gesellschaft: Berlin Registergericht: Amtsgericht Charlottenburg, HRB 125506 B Geschäftsführer: Achim Weiss, Matthias Steinberg, Christoph Steffens

7 years, 1 month

2
1
0 0

Applied "spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers" to the spi tree

by Mark Brown

The patch spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers has been applied to the spi tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 1a4327fbf4554d5b78d75b19a13d40d6de220159 Mon Sep 17 00:00:00 2001 From: Kirill Kapranov <kirill.kapranov(a)compulab.co.il> Date: Mon, 13 Aug 2018 19:48:10 +0300 Subject: [PATCH] spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers On systems where some controllers get a dynamic ID assigned and some have a fixed number (e.g. from ACPI tables), the current implementation might run into an IDR collision: in case of a fixed bus number is gotten by a driver (but not marked busy in IDR tree) and a driver with dynamic bus number gets the same ID and predictably fails. Fix this by means of checking-in fixed IDsin IDR as far as dynamic ones at the moment of the controller registration. Fixes: 9b61e302210e (spi: Pick spi bus number from Linux idr or spi alias) Signed-off-by: Kirill Kapranov <kirill.kapranov(a)compulab.co.il> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/spi/spi.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c index ec395a6baf9c..a00d006d4c3a 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c @@ -2170,6 +2170,15 @@ int spi_register_controller(struct spi_controller *ctlr) if (WARN(id < 0, "couldn't get idr")) return id; ctlr->bus_num = id; + } else { + /* devices with a fixed bus num must check-in with the num */ + mutex_lock(&board_lock); + id = idr_alloc(&spi_master_idr, ctlr, ctlr->bus_num, + ctlr->bus_num + 1, GFP_KERNEL); + mutex_unlock(&board_lock); + if (WARN(id < 0, "couldn't get idr")) + return id == -ENOSPC ? -EBUSY : id; + ctlr->bus_num = id; } INIT_LIST_HEAD(&ctlr->queue); spin_lock_init(&ctlr->queue_lock); -- 2.18.0

7 years, 1 month

1
0
0 0

[PATCH v4.9 1/2] x86/cpu/amd: Limit cpu_core_id fixup to families older than F17h

by Guenter Roeck

From: Suravee Suthikulpanit <suravee.suthikulpanit(a)amd.com> commit b89b41d0b8414690ec0030c134b8bde209e6d06c upstream Current cpu_core_id fixup causes downcored F17h configurations to be incorrect: NODE: 0 processor 0 core id : 0 processor 1 core id : 1 processor 2 core id : 2 processor 3 core id : 4 processor 4 core id : 5 processor 5 core id : 0 NODE: 1 processor 6 core id : 2 processor 7 core id : 3 processor 8 core id : 4 processor 9 core id : 0 processor 10 core id : 1 processor 11 core id : 2 Code that relies on the cpu_core_id, like match_smt(), for example, which builds the thread siblings masks used by the scheduler, is mislead. So, limit the fixup to pre-F17h machines. The new value for cpu_core_id for F17h and later will represent the CPUID_Fn8000001E_EBX[CoreId], which is guaranteed to be unique for each core within a socket. This way we have: NODE: 0 processor 0 core id : 0 processor 1 core id : 1 processor 2 core id : 2 processor 3 core id : 4 processor 4 core id : 5 processor 5 core id : 6 NODE: 1 processor 6 core id : 8 processor 7 core id : 9 processor 8 core id : 10 processor 9 core id : 12 processor 10 core id : 13 processor 11 core id : 14 Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit(a)amd.com> [ Heavily massaged. ] Signed-off-by: Borislav Petkov <bp(a)suse.de> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Yazen Ghannam <Yazen.Ghannam(a)amd.com> Link: http://lkml.kernel.org/r/20170731085159.9455-2-bp@alien8.de Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> --- arch/x86/kernel/cpu/amd.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 6de596449488..e864ff6cd8bd 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -305,6 +305,22 @@ static void amd_get_topology_early(struct cpuinfo_x86 *c) } /* + * Fix up cpu_core_id for pre-F17h systems to be in the + * [0 .. cores_per_node - 1] range. Not really needed but + * kept so as not to break existing setups. + */ +static void legacy_fixup_core_id(struct cpuinfo_x86 *c) +{ + u32 cus_per_node; + + if (c->x86 >= 0x17) + return; + + cus_per_node = c->x86_max_cores / nodes_per_socket; + c->cpu_core_id %= cus_per_node; +} + +/* * Fixup core topology information for * (1) AMD multi-node processors * Assumption: Number of cores in each internal node is the same. @@ -359,15 +375,9 @@ static void amd_get_topology(struct cpuinfo_x86 *c) } else return; - /* fixup multi-node processor information */ if (nodes_per_socket > 1) { - u32 cus_per_node; - set_cpu_cap(c, X86_FEATURE_AMD_DCM); - cus_per_node = c->x86_max_cores / nodes_per_socket; - - /* core id has to be in the [0 .. cores_per_node - 1] range */ - c->cpu_core_id %= cus_per_node; + legacy_fixup_core_id(c); } } #endif -- 2.7.4

7 years, 1 month

2
2
0 0

[PATCH v4.14, v4.17] x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present

by Guenter Roeck

From: Borislav Petkov <bpetkov(a)suse.de> commit f8b64d08dde2714c62751d18ba77f4aeceb161d3 upstream Move smp_num_siblings and cpu_llc_id to cpu/common.c so that they're always present as symbols and not only in the CONFIG_SMP case. Then, other code using them doesn't need ugly ifdeffery anymore. Get rid of some ifdeffery. Signed-off-by: Borislav Petkov <bpetkov(a)suse.de> Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit(a)amd.com> Signed-off-by: Borislav Petkov <bp(a)suse.de> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Link: http://lkml.kernel.org/r/1524864877-111962-2-git-send-email-suravee.suthiku… Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> --- Needed for x86_64:allnoconfig. arch/x86/include/asm/smp.h | 1 - arch/x86/kernel/cpu/amd.c | 10 +--------- arch/x86/kernel/cpu/common.c | 7 +++++++ arch/x86/kernel/smpboot.c | 7 ------- 4 files changed, 8 insertions(+), 17 deletions(-) diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h index 461f53d27708..fe2ee61880a8 100644 --- a/arch/x86/include/asm/smp.h +++ b/arch/x86/include/asm/smp.h @@ -170,7 +170,6 @@ static inline int wbinvd_on_all_cpus(void) wbinvd(); return 0; } -#define smp_num_siblings 1 #endif /* CONFIG_SMP */ extern unsigned disabled_cpus; diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index bb013735510a..dda741bd5789 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -298,7 +298,6 @@ static int nearby_node(int apicid) } #endif -#ifdef CONFIG_SMP /* * Fix up cpu_core_id for pre-F17h systems to be in the * [0 .. cores_per_node - 1] range. Not really needed but @@ -382,7 +381,6 @@ static void amd_get_topology(struct cpuinfo_x86 *c) legacy_fixup_core_id(c); } } -#endif /* * On a AMD dual core setup the lower bits of the APIC id distinguish the cores. @@ -390,7 +388,6 @@ static void amd_get_topology(struct cpuinfo_x86 *c) */ static void amd_detect_cmp(struct cpuinfo_x86 *c) { -#ifdef CONFIG_SMP unsigned bits; int cpu = smp_processor_id(); @@ -402,16 +399,11 @@ static void amd_detect_cmp(struct cpuinfo_x86 *c) /* use socket ID also for last level cache */ per_cpu(cpu_llc_id, cpu) = c->phys_proc_id; amd_get_topology(c); -#endif } u16 amd_get_nb_id(int cpu) { - u16 id = 0; -#ifdef CONFIG_SMP - id = per_cpu(cpu_llc_id, cpu); -#endif - return id; + return per_cpu(cpu_llc_id, cpu); } EXPORT_SYMBOL_GPL(amd_get_nb_id); diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index c925498224d0..dd02ee4fa8cd 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -66,6 +66,13 @@ cpumask_var_t cpu_callin_mask; /* representing cpus for which sibling maps can be computed */ cpumask_var_t cpu_sibling_setup_mask; +/* Number of siblings per CPU package */ +int smp_num_siblings = 1; +EXPORT_SYMBOL(smp_num_siblings); + +/* Last level cache ID of each logical CPU */ +DEFINE_PER_CPU_READ_MOSTLY(u16, cpu_llc_id) = BAD_APICID; + /* correctly size the local cpu masks */ void __init setup_cpu_local_masks(void) { diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c index 6fd12e0a07c9..5ebb0dbcf4f7 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c @@ -80,13 +80,6 @@ #include <asm/spec-ctrl.h> #include <asm/hw_irq.h> -/* Number of siblings per CPU package */ -int smp_num_siblings = 1; -EXPORT_SYMBOL(smp_num_siblings); - -/* Last level cache ID of each logical CPU */ -DEFINE_PER_CPU_READ_MOSTLY(u16, cpu_llc_id) = BAD_APICID; - /* representing HT siblings of each logical CPU */ DEFINE_PER_CPU_READ_MOSTLY(cpumask_var_t, cpu_sibling_map); EXPORT_PER_CPU_SYMBOL(cpu_sibling_map); -- 2.7.4

7 years, 1 month

2
1
0 0

[PATCH V2] EDAC, amd64: Add Family 17h Model 10h support.

by Michael Jin

Add support for ECC error decoding on family 17h models 10h-2fh. Link: https://lkml.kernel.org/r/20180810193623.24629-1-mikhail.jin@gmail.com Cc: stable(a)vger.kernel.org Signed-off-by: Michael Jin <mikhail.jin(a)gmail.com> --- drivers/edac/amd64_edac.c | 15 +++++++++++++++ drivers/edac/amd64_edac.h | 3 +++ 2 files changed, 18 insertions(+) diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c index 18aeabb1d5ee..2d7b6d37d6ec 100644 --- a/drivers/edac/amd64_edac.c +++ b/drivers/edac/amd64_edac.c @@ -2200,6 +2200,15 @@ static struct amd64_family_type family_types[] = { .dbam_to_cs = f17_base_addr_to_cs_size, } }, + [F17_M10H_CPUS] = { + .ctl_name = "F17h_M10h", + .f0_id = PCI_DEVICE_ID_AMD_17H_M10H_DF_F0, + .f6_id = PCI_DEVICE_ID_AMD_17H_M10H_DF_F6, + .ops = { + .early_channel_count = f17_early_channel_count, + .dbam_to_cs = f17_base_addr_to_cs_size, + } + }, }; /* @@ -3188,6 +3197,12 @@ static struct amd64_family_type *per_family_init(struct amd64_pvt *pvt) break; case 0x17: + /* Check if CPU model is in range 10h-2fh */ + if (pvt->model >= 0x10 && pvt->model <= 0x2f) { + fam_type = &family_types[F17_M10H_CPUS]; + pvt->ops = &family_types[F17_M10H_CPUS].ops; + break; + } fam_type = &family_types[F17_CPUS]; pvt->ops = &family_types[F17_CPUS].ops; break; diff --git a/drivers/edac/amd64_edac.h b/drivers/edac/amd64_edac.h index 1d4b74e9a037..4242f8e39c18 100644 --- a/drivers/edac/amd64_edac.h +++ b/drivers/edac/amd64_edac.h @@ -115,6 +115,8 @@ #define PCI_DEVICE_ID_AMD_16H_M30H_NB_F2 0x1582 #define PCI_DEVICE_ID_AMD_17H_DF_F0 0x1460 #define PCI_DEVICE_ID_AMD_17H_DF_F6 0x1466 +#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F0 0x15e8 +#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F6 0x15ee /* * Function 1 - Address Map @@ -281,6 +283,7 @@ enum amd_families { F16_CPUS, F16_M30H_CPUS, F17_CPUS, + F17_M10H_CPUS, NUM_FAMILIES, }; -- 2.14.3 (Apple Git-98)

7 years, 1 month

1
0
0 0

Please apply 501228470077 ("ext4: fix check to prevent initializing reserved inodes") to 4.4.y and 4.9.y

by Alistair Strachan

The commit 8844618d8aa7 ("ext4: only look at the bg_flags field if it is valid") introduced an issue which are seeing when running "adb remount" on Android devices with the affected kernels. This change appears on 4.4.y and later. > EXT4-fs error (device vdd): ext4_has_uninit_itable:2882: comm remount svc 50: Inode table for bg 0 marked as needing zeroing > Kernel panic - not syncing: EXT4-fs (device vdd): panic forced after error Looks like this fix was already picked up for 4.14.y, 4.17.y but (AFAIK) it isn't on anybody's radar for 4.4 and 4.9. Thanks!

7 years, 1 month

2
1
0 0

[PATCH v4.4.y] x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures

by Guenter Roeck

From: Jiri Kosina <jkosina(a)suse.cz> commit 6c26fcd2abfe0a56bbd95271fce02df2896cfd24 upstream pfn_modify_allowed() and arch_has_pfn_modify_check() are outside of the !__ASSEMBLY__ section in include/asm-generic/pgtable.h, which confuses assembler on archs that don't have __HAVE_ARCH_PFN_MODIFY_ALLOWED (e.g. ia64) and breaks build: include/asm-generic/pgtable.h: Assembler messages: include/asm-generic/pgtable.h:538: Error: Unknown opcode `static inline bool pfn_modify_allowed(unsigned long pfn,pgprot_t prot)' include/asm-generic/pgtable.h:540: Error: Unknown opcode `return true' include/asm-generic/pgtable.h:543: Error: Unknown opcode `static inline bool arch_has_pfn_modify_check(void)' include/asm-generic/pgtable.h:545: Error: Unknown opcode `return false' arch/ia64/kernel/entry.S:69: Error: `mov' does not fit into bundle Move those two static inlines into the !__ASSEMBLY__ section so that they don't confuse the asm build pass. Fixes: 42e4089c7890 ("x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings") Signed-off-by: Jiri Kosina <jkosina(a)suse.cz> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> [groeck: Context changes] Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> --- The patch looks all different from the original, but that is git in action. include/asm-generic/pgtable.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h index 976f749099ef..dabecb661264 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h @@ -799,12 +799,6 @@ static inline int pmd_free_pte_page(pmd_t *pmd) } #endif /* CONFIG_HAVE_ARCH_HUGE_VMAP */ -#endif /* !__ASSEMBLY__ */ - -#ifndef io_remap_pfn_range -#define io_remap_pfn_range remap_pfn_range -#endif - #ifndef __HAVE_ARCH_PFN_MODIFY_ALLOWED static inline bool pfn_modify_allowed(unsigned long pfn, pgprot_t prot) { @@ -815,6 +809,12 @@ static inline bool arch_has_pfn_modify_check(void) { return false; } +#endif /* !_HAVE_ARCH_PFN_MODIFY_ALLOWED */ + +#endif /* !__ASSEMBLY__ */ + +#ifndef io_remap_pfn_range +#define io_remap_pfn_range remap_pfn_range #endif #endif /* _ASM_GENERIC_PGTABLE_H */ -- 2.7.4

7 years, 1 month

2
1
0 0

[PATCH v4.9] x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures

by Guenter Roeck

From: Jiri Kosina <jkosina(a)suse.cz> commit 6c26fcd2abfe0a56bbd95271fce02df2896cfd24 upstream pfn_modify_allowed() and arch_has_pfn_modify_check() are outside of the !__ASSEMBLY__ section in include/asm-generic/pgtable.h, which confuses assembler on archs that don't have __HAVE_ARCH_PFN_MODIFY_ALLOWED (e.g. ia64) and breaks build: include/asm-generic/pgtable.h: Assembler messages: include/asm-generic/pgtable.h:538: Error: Unknown opcode `static inline bool pfn_modify_allowed(unsigned long pfn,pgprot_t prot)' include/asm-generic/pgtable.h:540: Error: Unknown opcode `return true' include/asm-generic/pgtable.h:543: Error: Unknown opcode `static inline bool arch_has_pfn_modify_check(void)' include/asm-generic/pgtable.h:545: Error: Unknown opcode `return false' arch/ia64/kernel/entry.S:69: Error: `mov' does not fit into bundle Move those two static inlines into the !__ASSEMBLY__ section so that they don't confuse the asm build pass. Fixes: 42e4089c7890 ("x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings") Signed-off-by: Jiri Kosina <jkosina(a)suse.cz> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> (cherry picked from commit 6c26fcd2abfe0a56bbd95271fce02df2896cfd24) [groeck: Context changes] Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> --- include/asm-generic/pgtable.h | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h index 0ffe4051ae2e..a88ea9e37a25 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h @@ -828,6 +828,19 @@ static inline int pmd_free_pte_page(pmd_t *pmd) struct file; int phys_mem_access_prot_allowed(struct file *file, unsigned long pfn, unsigned long size, pgprot_t *vma_prot); + +#ifndef __HAVE_ARCH_PFN_MODIFY_ALLOWED +static inline bool pfn_modify_allowed(unsigned long pfn, pgprot_t prot) +{ + return true; +} + +static inline bool arch_has_pfn_modify_check(void) +{ + return false; +} +#endif /* !_HAVE_ARCH_PFN_MODIFY_ALLOWED */ + #endif /* !__ASSEMBLY__ */ #ifndef io_remap_pfn_range @@ -842,16 +855,4 @@ int phys_mem_access_prot_allowed(struct file *file, unsigned long pfn, #endif #endif -#ifndef __HAVE_ARCH_PFN_MODIFY_ALLOWED -static inline bool pfn_modify_allowed(unsigned long pfn, pgprot_t prot) -{ - return true; -} - -static inline bool arch_has_pfn_modify_check(void) -{ - return false; -} -#endif - #endif /* _ASM_GENERIC_PGTABLE_H */ -- 2.7.4

7 years, 1 month

2
1
0 0

[PATCH v4.14 v4.17 v4.18] x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures

by Guenter Roeck

From: Jiri Kosina <jkosina(a)suse.cz> commit 6c26fcd2abfe0a56bbd95271fce02df2896cfd24 upstream pfn_modify_allowed() and arch_has_pfn_modify_check() are outside of the !__ASSEMBLY__ section in include/asm-generic/pgtable.h, which confuses assembler on archs that don't have __HAVE_ARCH_PFN_MODIFY_ALLOWED (e.g. ia64) and breaks build: include/asm-generic/pgtable.h: Assembler messages: include/asm-generic/pgtable.h:538: Error: Unknown opcode `static inline bool pfn_modify_allowed(unsigned long pfn,pgprot_t prot)' include/asm-generic/pgtable.h:540: Error: Unknown opcode `return true' include/asm-generic/pgtable.h:543: Error: Unknown opcode `static inline bool arch_has_pfn_modify_check(void)' include/asm-generic/pgtable.h:545: Error: Unknown opcode `return false' arch/ia64/kernel/entry.S:69: Error: `mov' does not fit into bundle Move those two static inlines into the !__ASSEMBLY__ section so that they don't confuse the asm build pass. Fixes: 42e4089c7890 ("x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings") Signed-off-by: Jiri Kosina <jkosina(a)suse.cz> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> --- include/asm-generic/pgtable.h | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h index f50d253f213f..46a2f5d9aa25 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h @@ -1055,6 +1055,18 @@ int phys_mem_access_prot_allowed(struct file *file, unsigned long pfn, static inline void init_espfix_bsp(void) { } #endif +#ifndef __HAVE_ARCH_PFN_MODIFY_ALLOWED +static inline bool pfn_modify_allowed(unsigned long pfn, pgprot_t prot) +{ + return true; +} + +static inline bool arch_has_pfn_modify_check(void) +{ + return false; +} +#endif /* !_HAVE_ARCH_PFN_MODIFY_ALLOWED */ + #endif /* !__ASSEMBLY__ */ #ifndef io_remap_pfn_range @@ -1069,16 +1081,4 @@ static inline void init_espfix_bsp(void) { } #endif #endif -#ifndef __HAVE_ARCH_PFN_MODIFY_ALLOWED -static inline bool pfn_modify_allowed(unsigned long pfn, pgprot_t prot) -{ - return true; -} - -static inline bool arch_has_pfn_modify_check(void) -{ - return false; -} -#endif - #endif /* _ASM_GENERIC_PGTABLE_H */ -- 2.7.4

7 years, 1 month

1
0
0 0

+ zram-fix-bug-storing-backing_dev.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: drivers/block/zram/zram_drv.c: fix bug storing backing_dev has been added to the -mm tree. Its filename is zram-fix-bug-storing-backing_dev.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/zram-fix-bug-storing-backing_dev.p… and later at http://ozlabs.org/~akpm/mmotm/broken-out/zram-fix-bug-storing-backing_dev.p… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Peter Kalauskas <peskal(a)google.com> Subject: drivers/block/zram/zram_drv.c: fix bug storing backing_dev The call to strlcpy in backing_dev_store is incorrect. It should take the size of the destination buffer instead of the size of the source buffer. Additionally, ignore the newline character (\n) when reading the new file_name buffer. This makes it possible to set the backing_dev as follows: echo /dev/sdX > /sys/block/zram0/backing_dev The reason it worked before was the fact that strlcpy() copies 'len - 1' bytes, which is strlen(buf) - 1 in our case, so it accidentally didn't copy the trailing new line symbol. Which also means that "echo -n /dev/sdX" most likely was broken. Signed-off-by: Peter Kalauskas <peskal(a)google.com> Link: http://lkml.kernel.org/r/20180813061623.GC64836@rodete-desktop-imager.corp.… Acked-by: Minchan Kim <minchan(a)kernel.org> Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/drivers/block/zram/zram_drv.c~zram-fix-bug-storing-backing_dev +++ a/drivers/block/zram/zram_drv.c @@ -337,6 +337,7 @@ static ssize_t backing_dev_store(struct struct device_attribute *attr, const char *buf, size_t len) { char *file_name; + size_t sz; struct file *backing_dev = NULL; struct inode *inode; struct address_space *mapping; @@ -357,7 +358,11 @@ static ssize_t backing_dev_store(struct goto out; } - strlcpy(file_name, buf, len); + strlcpy(file_name, buf, PATH_MAX); + /* ignore trailing newline */ + sz = strlen(file_name); + if (sz > 0 && file_name[sz - 1] == '\n') + file_name[sz - 1] = 0x00; backing_dev = filp_open(file_name, O_RDWR|O_LARGEFILE, 0); if (IS_ERR(backing_dev)) { _ Patches currently in -mm which might be from peskal(a)google.com are zram-fix-bug-storing-backing_dev.patch

7 years, 1 month

1
0
0 0

kasan patches

by Nick Desaulniers

These patches are needed for kasan+clang support. I confirmed they apply cleanly in order (top to bottom): 4.9: commit c5caf21ab0cf8 ("kasan: turn on -fsanitize-address-use-after-scope") commit 0e410e158e5b ("kasan: don't emit builtin calls when sanitization is off") 4.4: commit c5caf21ab0cf8 ("kasan: turn on -fsanitize-address-use-after-scope") === 0e410e158e5b is the one I'm interested in. Looks like it landed in 4.16, and got backported to 4.14-stable. === c5caf21ab0cf8 depends on c6d308534aef6 ("UBSAN: run-time undefined behavior sanity checker"), and I don't want to bring in all of UBSAN to 4.4. I'll send a patch for 0e410e158e5b. -- Thanks, ~Nick Desaulniers

7 years, 1 month

4
9
0 0

[PATCH] x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread

by Vlastimil Babka

The function has an inline "return false;" definition with CONFIG_SMP=n but the "real" definition is also visible leading to "redefinition of ‘apic_id_is_primary_thread’" compiler error. Guard it with #ifdef CONFIG_SMP Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Fixes: 6a4d2657e048 ("x86/smp: Provide topology_is_primary_thread()") Cc: stable(a)vger.kernel.org --- arch/x86/kernel/apic/apic.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index 87ff6235bbfe..84132eddb5a8 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -2193,6 +2193,7 @@ static int cpuid_to_apicid[] = { [0 ... NR_CPUS - 1] = -1, }; +#ifdef CONFIG_SMP /** * apic_id_is_primary_thread - Check whether APIC ID belongs to a primary thread * @id: APIC ID to check @@ -2207,6 +2208,7 @@ bool apic_id_is_primary_thread(unsigned int apicid) mask = (1U << (fls(smp_num_siblings) - 1)) - 1; return !(apicid & mask); } +#endif /* * Should use this API to allocate logical CPU IDs to keep nr_logical_cpuids -- 2.18.0

7 years, 1 month

2
1
0 0

[PATCH 4.4] kasan: don't emit builtin calls when sanitization is off

by Nick Desaulniers

From: Andrey Konovalov <andreyknvl(a)google.com> commit 0e410e158e5baa1300bdf678cea4f4e0cf9d8b94 upstream. With KASAN enabled the kernel has two different memset() functions, one with KASAN checks (memset) and one without (__memset). KASAN uses some macro tricks to use the proper version where required. For example memset() calls in mm/slub.c are without KASAN checks, since they operate on poisoned slab object metadata. The issue is that clang emits memset() calls even when there is no memset() in the source code. They get linked with improper memset() implementation and the kernel fails to boot due to a huge amount of KASAN reports during early boot stages. The solution is to add -fno-builtin flag for files with KASAN_SANITIZE := n marker. Link: http://lkml.kernel.org/r/8ffecfffe04088c52c42b92739c2bd8a0bcb3f5e.151638459… Signed-off-by: Andrey Konovalov <andreyknvl(a)google.com> Acked-by: Nick Desaulniers <ndesaulniers(a)google.com> Cc: Masahiro Yamada <yamada.masahiro(a)socionext.com> Cc: Michal Marek <michal.lkml(a)markovi.net> Cc: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> [ Nick : Backported to 4.4 avoiding KUBSAN ] Signed-off-by: Nick Desaulniers <ndesaulniers(a)google.com> --- Makefile | 3 ++- scripts/Makefile.kasan | 3 +++ scripts/Makefile.lib | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index ee92a12e3a4b..4fdd43dd14aa 100644 --- a/Makefile +++ b/Makefile @@ -418,7 +418,8 @@ export MAKE AWK GENKSYMS INSTALLKERNEL PERL PYTHON UTS_MACHINE export HOSTCXX HOSTCXXFLAGS LDFLAGS_MODULE CHECK CHECKFLAGS export KBUILD_CPPFLAGS NOSTDINC_FLAGS LINUXINCLUDE OBJCOPYFLAGS LDFLAGS -export KBUILD_CFLAGS CFLAGS_KERNEL CFLAGS_MODULE CFLAGS_GCOV CFLAGS_KASAN +export KBUILD_CFLAGS CFLAGS_KERNEL CFLAGS_MODULE CFLAGS_GCOV +export CFLAGS_KASAN CFLAGS_KASAN_NOSANITIZE export KBUILD_AFLAGS AFLAGS_KERNEL AFLAGS_MODULE export KBUILD_AFLAGS_MODULE KBUILD_CFLAGS_MODULE KBUILD_LDFLAGS_MODULE export KBUILD_AFLAGS_KERNEL KBUILD_CFLAGS_KERNEL diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan index 37323b0df374..2624d4bf9a45 100644 --- a/scripts/Makefile.kasan +++ b/scripts/Makefile.kasan @@ -28,4 +28,7 @@ else CFLAGS_KASAN := $(CFLAGS_KASAN_MINIMAL) endif endif + +CFLAGS_KASAN_NOSANITIZE := -fno-builtin + endif diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 24914e7de944..a2d0e6d32659 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -126,7 +126,7 @@ endif ifeq ($(CONFIG_KASAN),y) _c_flags += $(if $(patsubst n%,, \ $(KASAN_SANITIZE_$(basetarget).o)$(KASAN_SANITIZE)y), \ - $(CFLAGS_KASAN)) + $(CFLAGS_KASAN), $(CFLAGS_KASAN_NOSANITIZE)) endif # If building the kernel in a separate objtree expand all occurrences -- 2.18.0.865.gffc8e1a3cd6-goog

7 years, 1 month

1
0
0 0

[PATCH] x86/init: fix build with CONFIG_SWAP=n

by Vlastimil Babka

The introduction of generic_max_swapfile_size and arch-specific versions has broken linking on x86 with CONFIG_SWAP=n due to undefined reference to 'generic_max_swapfile_size'. Fix it by compiling the x86-specific max_swapfile_size() only with CONFIG_SWAP=y. Reported-by: Tomas Pruzina <pruzinat(a)gmail.com> Fixes: 377eeaa8e11f ("x86/speculation/l1tf: Limit swap file size to MAX_PA/2") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: stable(a)vger.kernel.org --- arch/x86/mm/init.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index 156ed8154af8..acfab322fbe0 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -914,6 +914,7 @@ void update_cache_mode_entry(unsigned entry, enum page_cache_mode cache) __pte2cachemode_tbl[entry] = cache; } +#ifdef CONFIG_SWAP unsigned long max_swapfile_size(void) { unsigned long pages; @@ -934,3 +935,4 @@ unsigned long max_swapfile_size(void) } return pages; } +#endif -- 2.18.0

7 years, 1 month

2
1
0 0

[PATCH] x86/kvm/vmx: Remove duplicate l1d flush definitions

by Josh Poimboeuf

These are already defined higher up in the file. Cc: stable(a)vger.kernel.org Signed-off-by: Josh Poimboeuf <jpoimboe(a)redhat.com> --- arch/x86/kvm/vmx.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 58bba7a7572a..e7691e666479 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -9725,9 +9725,6 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu) * information but as all relevant affected CPUs have 32KiB L1D cache size * there is no point in doing so. */ -#define L1D_CACHE_ORDER 4 -static void *vmx_l1d_flush_pages; - static void vmx_l1d_flush(struct kvm_vcpu *vcpu) { int size = PAGE_SIZE << L1D_CACHE_ORDER; -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH] net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()

by Jeremy Cline

req->sdiag_family is a user-controlled value that's used as an array index. Sanitize it after the bounds check to avoid speculative out-of-bounds array access. This also protects the sock_is_registered() call, so this removes the sanitize call there. Fixes: e978de7a6d38 ("net: socket: Fix potential spectre v1 gadget in sock_is_registered") Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: konrad.wilk(a)oracle.com Cc: jamie.iles(a)oracle.com Cc: liran.alon(a)oracle.com Cc: stable(a)vger.kernel.org Signed-off-by: Jeremy Cline <jcline(a)redhat.com> --- Since commit e978de7a6d38 didn't apply cleanly to v4.14, this won't either since it reverts that change. To apply cleanly there, the change to sock_is_registered() needs to be dropped. net/core/sock_diag.c | 2 ++ net/socket.c | 3 +-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c index c37b5be7c5e4..3312a5849a97 100644 --- a/net/core/sock_diag.c +++ b/net/core/sock_diag.c @@ -10,6 +10,7 @@ #include <linux/kernel.h> #include <linux/tcp.h> #include <linux/workqueue.h> +#include <linux/nospec.h> #include <linux/inet_diag.h> #include <linux/sock_diag.h> @@ -218,6 +219,7 @@ static int __sock_diag_cmd(struct sk_buff *skb, struct nlmsghdr *nlh) if (req->sdiag_family >= AF_MAX) return -EINVAL; + req->sdiag_family = array_index_nospec(req->sdiag_family, AF_MAX); if (sock_diag_handlers[req->sdiag_family] == NULL) sock_load_diag_module(req->sdiag_family, 0); diff --git a/net/socket.c b/net/socket.c index 53c907169818..391a0da49ffe 100644 --- a/net/socket.c +++ b/net/socket.c @@ -2679,8 +2679,7 @@ EXPORT_SYMBOL(sock_unregister); bool sock_is_registered(int family) { - return family < NPROTO && - rcu_access_pointer(net_families[array_index_nospec(family, NPROTO)]); + return family < NPROTO && rcu_access_pointer(net_families[family]); } static int __init sock_init(void) -- 2.17.1

7 years, 1 month

2
1
0 0

Dear Friend,

by Luiscarlosdelgado

Dear Friend, My sincere apologies for this unsolicited mail to you, my name is Barrister Luis Carlos Delgado, theCEO/founder of (LCD ABOGADOS) with offices in Madrid and Portugal. We consult for NGOs, Companiesand individuals on Family Law, Intellectual Property, Real Estate, and Wills. I am consulting you on business grounds: I know that it may surprise you receiving this mail from me since therewas no previous correspondence between us. I have an urgent and very confidential business proposal of(USD$9,500,000.00) (Nine Million Five Hundred Thousand US Dollars only) which I believe that will be a verygood opportunity for both of us, so I decided to contact you on the business. Further details; get back me on my direct contact number below: Tel: +351920414587Fax: +34917692994E-mail: Luis_carlos.delgado(a)consultant.comYour swift response will be highly recommended and appreciated, and I shall provide you with more detailsabout my urgent business proposal.Note: If my approach offends your moral ethics do accept my sincere apology, if on the contrary you wish towork with me on this, kindly get back to me with your interest for more details on my direct private contact.Best Regards, Luis Carlos Delgado Esq.(LCD ABOGADOS) Av. de Burgos 20, 28036 Madrid EspanaRua Sarmento de Beires 30 1�E, 1900-221 Lisboa PortugalTel: +351920414587Fax: +34917692994E-mail: Luis_carlos.delgado(a)consultant.co

7 years, 1 month

1
0
0 0

Applied "ASoC: wm9712: fix replace codec to component" to the asoc tree

by Mark Brown

The patch ASoC: wm9712: fix replace codec to component has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 5e4cfadaf5b73a0801b2fa7fb007f98400ebfe6e Mon Sep 17 00:00:00 2001 From: Marcel Ziswiler <marcel.ziswiler(a)toradex.com> Date: Tue, 14 Aug 2018 00:35:56 +0200 Subject: [PATCH] ASoC: wm9712: fix replace codec to component Since commit 143b44845d87 ("ASoC: wm9712: replace codec to component") "wm9712-codec" got renamed to "wm9712-component", however, this change never got propagated down to the actual board/platform drivers. E.g. on Colibri T20 this lead to the following spew upon boot with sound/touch being broken: [ 2.214121] tegra-snd-wm9712 sound: ASoC: CODEC DAI wm9712-hifi not registered [ 2.222137] tegra-snd-wm9712 sound: snd_soc_register_card failed (-517) ... [ 2.344384] tegra-snd-wm9712 sound: ASoC: CODEC DAI wm9712-hifi not registered [ 2.351885] tegra-snd-wm9712 sound: snd_soc_register_card failed (-517) ... [ 2.668339] tegra-snd-wm9712 sound: ASoC: CODEC DAI wm9712-hifi not registered [ 2.675811] tegra-snd-wm9712 sound: snd_soc_register_card failed (-517) ... [ 3.208408] tegra-snd-wm9712 sound: ASoC: CODEC DAI wm9712-hifi not registered [ 3.216312] tegra-snd-wm9712 sound: snd_soc_register_card failed (-517) ... [ 3.235397] tegra-snd-wm9712 sound: ASoC: CODEC DAI wm9712-hifi not registered [ 3.248938] tegra-snd-wm9712 sound: snd_soc_register_card failed (-517) ... [ 14.970443] ALSA device list: [ 14.996628] No soundcards found. This commit finally fixes this again. Signed-off-by: Marcel Ziswiler <marcel.ziswiler(a)toradex.com> Acked-by: Charles Keepax <ckeepax(a)opensource.cirrus.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- sound/soc/codecs/wm9712.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/soc/codecs/wm9712.c b/sound/soc/codecs/wm9712.c index 953d94d50586..ade34c26ad2f 100644 --- a/sound/soc/codecs/wm9712.c +++ b/sound/soc/codecs/wm9712.c @@ -719,7 +719,7 @@ static int wm9712_probe(struct platform_device *pdev) static struct platform_driver wm9712_component_driver = { .driver = { - .name = "wm9712-component", + .name = "wm9712-codec", }, .probe = wm9712_probe, -- 2.18.0

7 years, 1 month

1
0
0 0

[PATCH] drm/i915: set DP Main Stream Attribute for color range on DDI platforms

by Jani Nikula

Since Haswell we have no color range indication either in the pipe or port registers for DP. Instead, there's a separate register for setting the DP Main Stream Attributes (MSA) directly. The MSA register definition makes no references to colorimetry, just a vague reference to the DP spec. The connection to the color range was lost. Apparently we've failed to set the proper MSA bit for limited, or CEA, range ever since the first DDI platforms. We've started setting other MSA parameters since commit dae847991a43 ("drm/i915: add intel_ddi_set_pipe_settings"). Without the crucial bit of information, the DP sink has no way of knowing the source is actually transmitting limited range RGB, leading to "washed out" colors. With the colorimetry information, compliant sinks should be able to handle the limited range properly. Native (i.e. non-LSPCON) HDMI was not affected because we do pass the color range via AVI infoframes. Though not the root cause, the problem was made worse for DDI platforms with commit 55bc60db5988 ("drm/i915: Add "Automatic" mode for the "Broadcast RGB" property"), which selects limited range RGB automatically based on the mode, as per the DP, HDMI and CEA specs. After all these years, the fix boils down to flipping one bit. [Per testing reports, this fixes DP sinks, but not the LSPCON. My educated guess is that the LSPCON fails to turn the CEA range MSA into AVI infoframes for HDMI.] Reported-by: Michał Kopeć <mkopec12(a)gmail.com> Reported-by: N. W. <nw9165-3201(a)yahoo.com> Reported-by: Nicholas Stommel <nicholas.stommel(a)gmail.com> Reported-by: Tom Yan <tom.ty89(a)gmail.com> Tested-by: Nicholas Stommel <nicholas.stommel(a)gmail.com> References: https://bugs.freedesktop.org/show_bug.cgi?id=100023 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107476 Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=94921 Cc: Paulo Zanoni <paulo.r.zanoni(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v3.9+ Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> --- drivers/gpu/drm/i915/i915_reg.h | 1 + drivers/gpu/drm/i915/intel_ddi.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h index 17575cfc22b5..0c9f03dda569 100644 --- a/drivers/gpu/drm/i915/i915_reg.h +++ b/drivers/gpu/drm/i915/i915_reg.h @@ -9246,6 +9246,7 @@ enum skl_power_gate { #define TRANS_MSA_10_BPC (2 << 5) #define TRANS_MSA_12_BPC (3 << 5) #define TRANS_MSA_16_BPC (4 << 5) +#define TRANS_MSA_CEA_RANGE (1 << 3) /* LCPLL Control */ #define LCPLL_CTL _MMIO(0x130040) diff --git a/drivers/gpu/drm/i915/intel_ddi.c b/drivers/gpu/drm/i915/intel_ddi.c index 0adc043529f2..6f7be066c8f2 100644 --- a/drivers/gpu/drm/i915/intel_ddi.c +++ b/drivers/gpu/drm/i915/intel_ddi.c @@ -1685,6 +1685,10 @@ void intel_ddi_set_pipe_settings(const struct intel_crtc_state *crtc_state) WARN_ON(transcoder_is_dsi(cpu_transcoder)); temp = TRANS_MSA_SYNC_CLK; + + if (crtc_state->limited_color_range) + temp |= TRANS_MSA_CEA_RANGE; + switch (crtc_state->pipe_bpp) { case 18: temp |= TRANS_MSA_6_BPC; -- 2.11.0

7 years, 1 month

2
1
0 0

[Regression] usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201

by Joseph Salisbury

Hi Daniel, A kernel bug report was opened against Ubuntu [0]. It was found the following patch introduced the regression: da9970668948 ("usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201") The bug reporter claims there is a typo in the patch that caused the regression. I built a test kernel with a change to the suspected typo and the bug reporter claims it resolved the regression. My test kernel had the following change: - pdev->device == 0x0014) + pdev->device == 0x0015) I was hoping to get your feedback, since you are the patch author. Do you think this is an actual typo, or maybe there really needs to be two quirks? Thanks, Joe [0] http://pad.lv/1773704

7 years, 1 month

2
1
0 0

AW:

by info＠adtop-ch.net

Guten Tag, nach unserem Besuch Ihrer Homepage möchten wir Ihnen ein Angebot von Produkten vorstellen, das Ihnen ermöglichen wird, den Verkauf Ihrer Produkte sowie Dienstleistungen deutlich zu erhöhen. Ich biete Ihnen den ganz neuen Adressenkatalog der Österreicher Unternehmen an, in dem sich direkte Kontaktdaten der Firmeninhaber und Manager befinden. Die Firmenangaben beinhalten: Firmennamen, Adresse des Hauptsitzes (Straße und Hausnummer, Postleitzahl, Ort, Region), E-Mail-Adresse, Telefonnummer, Faxnummer. http://www.dbc-at.net/?page=catalog *** 1. AT 2018 ( 104 000 ) - 149 EUR ( bis zum 14.08.2018 ) *** Die Verwendungsmöglichkeiten der Datenbanken sind praktisch unbegrenzt und Sie können durch Verwendung der von uns entwickelten Programme des personalisierten Versendens von Angeboten u.ä. mittels E-mailing bzw. Fax effektive und sichere Werbekampagnen damit durchführen. Bitte informieren Sie sich über die weiteren Details einmal unverbindlich auf unseren Webseite: http://www.dbc-at.net/?page=catalog MfG Martin Weber GC-Team.

7 years, 1 month

1
0
0 0

[PATCH v7 3/5] drm/nouveau: Fix deadlock with fb_helper with async RPM requests

by Lyude Paul

I'm sure I don't need to tell you that fb_helper's locking is a mess. That being said; fb_helper's locking mess can seriously complicate the runtime suspend/resume operations of drivers because it can invoke atomic commits and connector probing from anywhere that calls drm_fb_helper_hotplug_event(). Since most drivers use drm_fb_helper_output_poll_changed() as their output_poll_changed handler, this can happen in every single context that can fire off a hotplug event. An example: [ 246.669625] INFO: task kworker/4:0:37 blocked for more than 120 seconds. [ 246.673398] Not tainted 4.18.0-rc5Lyude-Test+ #2 [ 246.675271] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.676527] kworker/4:0 D 0 37 2 0x80000000 [ 246.677580] Workqueue: events output_poll_execute [drm_kms_helper] [ 246.678704] Call Trace: [ 246.679753] __schedule+0x322/0xaf0 [ 246.680916] schedule+0x33/0x90 [ 246.681924] schedule_preempt_disabled+0x15/0x20 [ 246.683023] __mutex_lock+0x569/0x9a0 [ 246.684035] ? kobject_uevent_env+0x117/0x7b0 [ 246.685132] ? drm_fb_helper_hotplug_event.part.28+0x20/0xb0 [drm_kms_helper] [ 246.686179] mutex_lock_nested+0x1b/0x20 [ 246.687278] ? mutex_lock_nested+0x1b/0x20 [ 246.688307] drm_fb_helper_hotplug_event.part.28+0x20/0xb0 [drm_kms_helper] [ 246.689420] drm_fb_helper_output_poll_changed+0x23/0x30 [drm_kms_helper] [ 246.690462] drm_kms_helper_hotplug_event+0x2a/0x30 [drm_kms_helper] [ 246.691570] output_poll_execute+0x198/0x1c0 [drm_kms_helper] [ 246.692611] process_one_work+0x231/0x620 [ 246.693725] worker_thread+0x214/0x3a0 [ 246.694756] kthread+0x12b/0x150 [ 246.695856] ? wq_pool_ids_show+0x140/0x140 [ 246.696888] ? kthread_create_worker_on_cpu+0x70/0x70 [ 246.697998] ret_from_fork+0x3a/0x50 [ 246.699034] INFO: task kworker/0:1:60 blocked for more than 120 seconds. [ 246.700153] Not tainted 4.18.0-rc5Lyude-Test+ #2 [ 246.701182] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.702278] kworker/0:1 D 0 60 2 0x80000000 [ 246.703293] Workqueue: pm pm_runtime_work [ 246.704393] Call Trace: [ 246.705403] __schedule+0x322/0xaf0 [ 246.706439] ? wait_for_completion+0x104/0x190 [ 246.707393] schedule+0x33/0x90 [ 246.708375] schedule_timeout+0x3a5/0x590 [ 246.709289] ? mark_held_locks+0x58/0x80 [ 246.710208] ? _raw_spin_unlock_irq+0x2c/0x40 [ 246.711222] ? wait_for_completion+0x104/0x190 [ 246.712134] ? trace_hardirqs_on_caller+0xf4/0x190 [ 246.713094] ? wait_for_completion+0x104/0x190 [ 246.713964] wait_for_completion+0x12c/0x190 [ 246.714895] ? wake_up_q+0x80/0x80 [ 246.715727] ? get_work_pool+0x90/0x90 [ 246.716649] flush_work+0x1c9/0x280 [ 246.717483] ? flush_workqueue_prep_pwqs+0x1b0/0x1b0 [ 246.718442] __cancel_work_timer+0x146/0x1d0 [ 246.719247] cancel_delayed_work_sync+0x13/0x20 [ 246.720043] drm_kms_helper_poll_disable+0x1f/0x30 [drm_kms_helper] [ 246.721123] nouveau_pmops_runtime_suspend+0x3d/0xb0 [nouveau] [ 246.721897] pci_pm_runtime_suspend+0x6b/0x190 [ 246.722825] ? pci_has_legacy_pm_support+0x70/0x70 [ 246.723737] __rpm_callback+0x7a/0x1d0 [ 246.724721] ? pci_has_legacy_pm_support+0x70/0x70 [ 246.725607] rpm_callback+0x24/0x80 [ 246.726553] ? pci_has_legacy_pm_support+0x70/0x70 [ 246.727376] rpm_suspend+0x142/0x6b0 [ 246.728185] pm_runtime_work+0x97/0xc0 [ 246.728938] process_one_work+0x231/0x620 [ 246.729796] worker_thread+0x44/0x3a0 [ 246.730614] kthread+0x12b/0x150 [ 246.731395] ? wq_pool_ids_show+0x140/0x140 [ 246.732202] ? kthread_create_worker_on_cpu+0x70/0x70 [ 246.732878] ret_from_fork+0x3a/0x50 [ 246.733768] INFO: task kworker/4:2:422 blocked for more than 120 seconds. [ 246.734587] Not tainted 4.18.0-rc5Lyude-Test+ #2 [ 246.735393] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.736113] kworker/4:2 D 0 422 2 0x80000080 [ 246.736789] Workqueue: events_long drm_dp_mst_link_probe_work [drm_kms_helper] [ 246.737665] Call Trace: [ 246.738490] __schedule+0x322/0xaf0 [ 246.739250] schedule+0x33/0x90 [ 246.739908] rpm_resume+0x19c/0x850 [ 246.740750] ? finish_wait+0x90/0x90 [ 246.741541] __pm_runtime_resume+0x4e/0x90 [ 246.742370] nv50_disp_atomic_commit+0x31/0x210 [nouveau] [ 246.743124] drm_atomic_commit+0x4a/0x50 [drm] [ 246.743775] restore_fbdev_mode_atomic+0x1c8/0x240 [drm_kms_helper] [ 246.744603] restore_fbdev_mode+0x31/0x140 [drm_kms_helper] [ 246.745373] drm_fb_helper_restore_fbdev_mode_unlocked+0x54/0xb0 [drm_kms_helper] [ 246.746220] drm_fb_helper_set_par+0x2d/0x50 [drm_kms_helper] [ 246.746884] drm_fb_helper_hotplug_event.part.28+0x96/0xb0 [drm_kms_helper] [ 246.747675] drm_fb_helper_output_poll_changed+0x23/0x30 [drm_kms_helper] [ 246.748544] drm_kms_helper_hotplug_event+0x2a/0x30 [drm_kms_helper] [ 246.749439] nv50_mstm_hotplug+0x15/0x20 [nouveau] [ 246.750111] drm_dp_send_link_address+0x177/0x1c0 [drm_kms_helper] [ 246.750764] drm_dp_check_and_send_link_address+0xa8/0xd0 [drm_kms_helper] [ 246.751602] drm_dp_mst_link_probe_work+0x51/0x90 [drm_kms_helper] [ 246.752314] process_one_work+0x231/0x620 [ 246.752979] worker_thread+0x44/0x3a0 [ 246.753838] kthread+0x12b/0x150 [ 246.754619] ? wq_pool_ids_show+0x140/0x140 [ 246.755386] ? kthread_create_worker_on_cpu+0x70/0x70 [ 246.756162] ret_from_fork+0x3a/0x50 [ 246.756847] Showing all locks held in the system: [ 246.758261] 3 locks held by kworker/4:0/37: [ 246.759016] #0: 00000000f8df4d2d ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.759856] #1: 00000000e6065461 ((work_completion)(&(&dev->mode_config.output_poll_work)->work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.760670] #2: 00000000cb66735f (&helper->lock){+.+.}, at: drm_fb_helper_hotplug_event.part.28+0x20/0xb0 [drm_kms_helper] [ 246.761516] 2 locks held by kworker/0:1/60: [ 246.762274] #0: 00000000fff6be0f ((wq_completion)"pm"){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.762982] #1: 000000005ab44fb4 ((work_completion)(&dev->power.work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.763890] 1 lock held by khungtaskd/64: [ 246.764664] #0: 000000008cb8b5c3 (rcu_read_lock){....}, at: debug_show_all_locks+0x23/0x185 [ 246.765588] 5 locks held by kworker/4:2/422: [ 246.766440] #0: 00000000232f0959 ((wq_completion)"events_long"){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.767390] #1: 00000000bb59b134 ((work_completion)(&mgr->work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.768154] #2: 00000000cb66735f (&helper->lock){+.+.}, at: drm_fb_helper_restore_fbdev_mode_unlocked+0x4c/0xb0 [drm_kms_helper] [ 246.768966] #3: 000000004c8f0b6b (crtc_ww_class_acquire){+.+.}, at: restore_fbdev_mode_atomic+0x4b/0x240 [drm_kms_helper] [ 246.769921] #4: 000000004c34a296 (crtc_ww_class_mutex){+.+.}, at: drm_modeset_backoff+0x8a/0x1b0 [drm] [ 246.770839] 1 lock held by dmesg/1038: [ 246.771739] 2 locks held by zsh/1172: [ 246.772650] #0: 00000000836d0438 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 246.773680] #1: 000000001f4f4d48 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0xc1/0x870 [ 246.775522] ============================================= After trying dozens of different solutions, I found one very simple one that should also have the benefit of preventing us from having to fight locking for the rest of our lives. So, we work around these deadlocks by deferring all fbcon hotplug events that happen after the runtime suspend process starts until after the device is resumed again. Changes since v6: - Remove unused nouveau_fbcon_hotplugged_in_suspend() - Ilia Changes since v5: - Come up with the (hopefully final) solution for solving this dumb problem, one that is a lot less likely to cause issues with locking in the future. This should work around all deadlock conditions with fbcon brought up thus far. Changes since v4: - Add nouveau_fbcon_hotplugged_in_suspend() to workaround deadlock condition that Lukas described - Just move all of this out of drm_fb_helper. It seems that other DRM drivers have already figured out other workarounds for this. If other drivers do end up needing this in the future, we can just move this back into drm_fb_helper again. Changes since v3: - Actually check if fb_helper is NULL in both new helpers - Actually check drm_fbdev_emulation in both new helpers - Don't fire off a fb_helper hotplug unconditionally; only do it if the following conditions are true (as otherwise, calling this in the wrong spot will cause Bad Things to happen): - fb_helper hotplug handling was actually inhibited previously - fb_helper actually has a delayed hotplug pending - fb_helper is actually bound - fb_helper is actually initialized - Add __must_check to drm_fb_helper_suspend_hotplug(). There's no situation where a driver would actually want to use this without checking the return value, so enforce that - Rewrite and clarify the documentation for both helpers. - Make sure to return true in the drm_fb_helper_suspend_hotplug() stub that's provided in drm_fb_helper.h when CONFIG_DRM_FBDEV_EMULATION isn't enabled - Actually grab the toplevel fb_helper lock in drm_fb_helper_resume_hotplug(), since it's possible other activity (such as a hotplug) could be going on at the same time the driver calls drm_fb_helper_resume_hotplug(). We need this to check whether or not drm_fb_helper_hotplug_event() needs to be called anyway Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 2 +- drivers/gpu/drm/nouveau/nouveau_display.c | 2 +- drivers/gpu/drm/nouveau/nouveau_fbcon.c | 57 +++++++++++++++++++++++ drivers/gpu/drm/nouveau/nouveau_fbcon.h | 5 ++ 4 files changed, 64 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 8b522a9b12f6..a0772389ed90 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -2049,7 +2049,7 @@ nv50_disp_atomic_state_alloc(struct drm_device *dev) static const struct drm_mode_config_funcs nv50_disp_func = { .fb_create = nouveau_user_framebuffer_create, - .output_poll_changed = drm_fb_helper_output_poll_changed, + .output_poll_changed = nouveau_fbcon_output_poll_changed, .atomic_check = nv50_disp_atomic_check, .atomic_commit = nv50_disp_atomic_commit, .atomic_state_alloc = nv50_disp_atomic_state_alloc, diff --git a/drivers/gpu/drm/nouveau/nouveau_display.c b/drivers/gpu/drm/nouveau/nouveau_display.c index 1d36ab5d4796..4b873e668b26 100644 --- a/drivers/gpu/drm/nouveau/nouveau_display.c +++ b/drivers/gpu/drm/nouveau/nouveau_display.c @@ -293,7 +293,7 @@ nouveau_user_framebuffer_create(struct drm_device *dev, static const struct drm_mode_config_funcs nouveau_mode_config_funcs = { .fb_create = nouveau_user_framebuffer_create, - .output_poll_changed = drm_fb_helper_output_poll_changed, + .output_poll_changed = nouveau_fbcon_output_poll_changed, }; diff --git a/drivers/gpu/drm/nouveau/nouveau_fbcon.c b/drivers/gpu/drm/nouveau/nouveau_fbcon.c index 85c1f10bc2b6..8cf966690963 100644 --- a/drivers/gpu/drm/nouveau/nouveau_fbcon.c +++ b/drivers/gpu/drm/nouveau/nouveau_fbcon.c @@ -466,6 +466,7 @@ nouveau_fbcon_set_suspend_work(struct work_struct *work) console_unlock(); if (state == FBINFO_STATE_RUNNING) { + nouveau_fbcon_hotplug_resume(drm->fbcon); pm_runtime_mark_last_busy(drm->dev->dev); pm_runtime_put_sync(drm->dev->dev); } @@ -487,6 +488,61 @@ nouveau_fbcon_set_suspend(struct drm_device *dev, int state) schedule_work(&drm->fbcon_work); } +void +nouveau_fbcon_output_poll_changed(struct drm_device *dev) +{ + struct nouveau_drm *drm = nouveau_drm(dev); + struct nouveau_fbdev *fbcon = drm->fbcon; + int ret; + + if (!fbcon) + return; + + mutex_lock(&fbcon->hotplug_lock); + + ret = pm_runtime_get(dev->dev); + if (ret == 1 || ret == -EACCES) { + drm_fb_helper_hotplug_event(&fbcon->helper); + + pm_runtime_mark_last_busy(dev->dev); + pm_runtime_put_autosuspend(dev->dev); + } else if (ret == 0) { + /* If the GPU was already in the process of suspending before + * this event happened, then we can't block here as we'll + * deadlock the runtime pmops since they wait for us to + * finish. So, just defer this event for when we runtime + * resume again. It will be handled by fbcon_work. + */ + NV_DEBUG(drm, "fbcon HPD event deferred until runtime resume\n"); + fbcon->hotplug_waiting = true; + pm_runtime_put_noidle(drm->dev->dev); + } else { + DRM_WARN("fbcon HPD event lost due to RPM failure: %d\n", + ret); + } + + mutex_unlock(&fbcon->hotplug_lock); +} + +void +nouveau_fbcon_hotplug_resume(struct nouveau_fbdev *fbcon) +{ + struct nouveau_drm *drm; + + if (!fbcon) + return; + drm = nouveau_drm(fbcon->helper.dev); + + mutex_lock(&fbcon->hotplug_lock); + if (fbcon->hotplug_waiting) { + fbcon->hotplug_waiting = false; + + NV_DEBUG(drm, "Handling deferred fbcon HPD events\n"); + drm_fb_helper_hotplug_event(&fbcon->helper); + } + mutex_unlock(&fbcon->hotplug_lock); +} + int nouveau_fbcon_init(struct drm_device *dev) { @@ -505,6 +561,7 @@ nouveau_fbcon_init(struct drm_device *dev) drm->fbcon = fbcon; INIT_WORK(&drm->fbcon_work, nouveau_fbcon_set_suspend_work); + mutex_init(&fbcon->hotplug_lock); drm_fb_helper_prepare(dev, &fbcon->helper, &nouveau_fbcon_helper_funcs); diff --git a/drivers/gpu/drm/nouveau/nouveau_fbcon.h b/drivers/gpu/drm/nouveau/nouveau_fbcon.h index a6f192ea3fa6..db9d52047ef8 100644 --- a/drivers/gpu/drm/nouveau/nouveau_fbcon.h +++ b/drivers/gpu/drm/nouveau/nouveau_fbcon.h @@ -41,6 +41,9 @@ struct nouveau_fbdev { struct nvif_object gdi; struct nvif_object blit; struct nvif_object twod; + + struct mutex hotplug_lock; + bool hotplug_waiting; }; void nouveau_fbcon_restore(void); @@ -68,6 +71,8 @@ void nouveau_fbcon_set_suspend(struct drm_device *dev, int state); void nouveau_fbcon_accel_save_disable(struct drm_device *dev); void nouveau_fbcon_accel_restore(struct drm_device *dev); +void nouveau_fbcon_output_poll_changed(struct drm_device *dev); +void nouveau_fbcon_hotplug_resume(struct nouveau_fbdev *fbcon); extern int nouveau_nofbaccel; #endif /* __NV50_FBCON_H__ */ -- 2.17.1

7 years, 1 month

2
2
0 0

[PATCH v2] mm: migration: fix migration of huge PMD shared pages

by Mike Kravetz

The page migration code employs try_to_unmap() to try and unmap the source page. This is accomplished by using rmap_walk to find all vmas where the page is mapped. This search stops when page mapcount is zero. For shared PMD huge pages, the page map count is always 1 no matter the number of mappings. Shared mappings are tracked via the reference count of the PMD page. Therefore, try_to_unmap stops prematurely and does not completely unmap all mappings of the source page. This problem can result is data corruption as writes to the original source page can happen after contents of the page are copied to the target page. Hence, data is lost. This problem was originally seen as DB corruption of shared global areas after a huge page was soft offlined due to ECC memory errors. DB developers noticed they could reproduce the issue by (hotplug) offlining memory used to back huge pages. A simple testcase can reproduce the problem by creating a shared PMD mapping (note that this must be at least PUD_SIZE in size and PUD_SIZE aligned (1GB on x86)), and using migrate_pages() to migrate process pages between nodes while continually writing to the huge pages being migrated. To fix, have the try_to_unmap_one routine check for huge PMD sharing by calling huge_pmd_unshare for hugetlbfs huge pages. If it is a shared mapping it will be 'unshared' which removes the page table entry and drops the reference on the PMD page. After this, flush caches and TLB. Fixes: 39dde65c9940 ("shared page table for hugetlb page") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> --- v2: Fixed build issue for !CONFIG_HUGETLB_PAGE and typos in comment include/linux/hugetlb.h | 6 ++++++ mm/rmap.c | 21 +++++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index 36fa6a2a82e3..7524663028ec 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -170,6 +170,12 @@ static inline unsigned long hugetlb_total_pages(void) return 0; } +static inline int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, + pte_t *ptep) +{ + return 0; +} + #define follow_hugetlb_page(m,v,p,vs,a,b,i,w,n) ({ BUG(); 0; }) #define follow_huge_addr(mm, addr, write) ERR_PTR(-EINVAL) #define copy_hugetlb_page_range(src, dst, vma) ({ BUG(); 0; }) diff --git a/mm/rmap.c b/mm/rmap.c index 09a799c9aebd..cf2340adad10 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -1409,6 +1409,27 @@ static bool try_to_unmap_one(struct page *page, struct vm_area_struct *vma, subpage = page - page_to_pfn(page) + pte_pfn(*pvmw.pte); address = pvmw.address; + /* + * PMDs for hugetlbfs pages could be shared. In this case, + * pages with shared PMDs will have a mapcount of 1 no matter + * how many times they are actually mapped. Map counting for + * PMD sharing is mostly done via the reference count on the + * PMD page itself. If the page we are trying to unmap is a + * hugetlbfs page, attempt to 'unshare' at the PMD level. + * huge_pmd_unshare clears the PUD and adjusts reference + * counting on the PMD page which effectively unmaps the page. + * Take care of flushing cache and TLB for page in this + * specific mapping here. + */ + if (PageHuge(page) && + huge_pmd_unshare(mm, &address, pvmw.pte)) { + unsigned long end_add = address + vma_mmu_pagesize(vma); + + flush_cache_range(vma, address, end_add); + flush_tlb_range(vma, address, end_add); + mmu_notifier_invalidate_range(mm, address, end_add); + continue; + } if (IS_ENABLED(CONFIG_MIGRATION) && (flags & TTU_MIGRATION) && -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH 4/4] nvme-pci: Remap CMB SQ entries on every controller reset

by Gavin Shan

The controller memory buffer is remapped into a kernel address on each reset, but the driver was setting the submission queue base address only on the very first queue creation. The remapped address is likely to change after a reset, so accessing the old address will hit a kernel bug. This patch fixes that by setting the queue's CMB base address each time the queue is created. Cherry-pick from upstream commit 815c6704bf9f ("nvme-pci: Remap CMB SQ entries on every controller reset") Fixes: f63572dff1421 ("nvme: unmap CMB and remove sysfs file in reset path") Reported-by: Christian Black <christian.d.black(a)intel.com> Cc: Jon Derrick <jonathan.derrick(a)intel.com> Cc: <stable(a)vger.kernel.org> # 4.9+ Signed-off-by: Keith Busch <keith.busch(a)intel.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Gavin Shan <shan.gavin(a)linux.alibaba.com> --- drivers/nvme/host/pci.c | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c index 52d540f089e0..84fb47c4ad5c 100644 --- a/drivers/nvme/host/pci.c +++ b/drivers/nvme/host/pci.c @@ -1174,18 +1174,16 @@ static int nvme_alloc_sq_cmds(struct nvme_dev *dev, struct nvme_queue *nvmeq, int sq_idx, int depth) { int qid = nvmeq->sq[sq_idx].id; - if (qid && dev->cmb && use_cmb_sqes && (dev->cmbsz & NVME_CMBSZ_SQS)) { - unsigned offset = (qid - 1) * roundup(SQ_SIZE(depth), - dev->ctrl.page_size); - nvmeq->sq[sq_idx].sq_dma_addr = dev->cmb_bus_addr + offset; - nvmeq->sq[sq_idx].sq_cmds_io = dev->cmb + offset; - } else { - nvmeq->sq[sq_idx].sq_cmds = dma_alloc_coherent(dev->dev, - SQ_SIZE(depth), - &nvmeq->sq[sq_idx].sq_dma_addr, GFP_KERNEL); - if (!nvmeq->sq[sq_idx].sq_cmds) - return -ENOMEM; - } + + /* CMB SQEs will be mapped before creation */ + if (qid && dev->cmb && use_cmb_sqes && (dev->cmbsz & NVME_CMBSZ_SQS)) + return 0; + + nvmeq->sq[sq_idx].sq_cmds = dma_alloc_coherent(dev->dev, SQ_SIZE(depth), + &nvmeq->sq[sq_idx].sq_dma_addr, + GFP_KERNEL); + if (!nvmeq->sq[sq_idx].sq_cmds) + return -ENOMEM; return 0; } @@ -1280,6 +1278,13 @@ static int nvme_create_queue(struct nvme_queue *nvmeq, int qid) struct nvme_dev *dev = nvmeq->dev; int result, i; + if (dev->cmb && use_cmb_sqes && (dev->cmbsz & NVME_CMBSZ_SQS)) { + unsigned offset = (qid - 1) * roundup(SQ_SIZE(nvmeq->q_depth), + dev->ctrl.page_size); + nvmeq->sq[0].sq_dma_addr = dev->cmb_bus_addr + offset; + nvmeq->sq[0].sq_cmds_io = dev->cmb + offset; + } + nvmeq->cq_vector = qid - 1; result = adapter_alloc_cq(dev, nvmeq->cq_id, nvmeq); if (result < 0) -- 2.11.0

7 years, 1 month

3
2
0 0

RE: [PATCH 05/11] ACPICA: AML Parser: skip opcodes that open a scope upon parse failure

by Schmauss, Erik

> -----Original Message----- > From: Rafael J. Wysocki [mailto:rafael@kernel.org] > Sent: Sunday, August 12, 2018 2:47 AM > To: Schmauss, Erik <erik.schmauss(a)intel.com> > Cc: ACPI Devel Maling List <linux-acpi(a)vger.kernel.org>; Rafael J. Wysocki > <rjw(a)rjwysocki.net> > Subject: Re: [PATCH 05/11] ACPICA: AML Parser: skip opcodes that open a scope > upon parse failure > > On Fri, Aug 10, 2018 at 11:45 PM Erik Schmauss <erik.schmauss(a)intel.com> > wrote: > > > > This change skips the entire length of opcodes that open a scope > > (Device, Scope, Processor, etc) if the creation of the op fails. The > > failure could be caused by various errors including AE_ALREADY_EXISTS > > and AE_NOT_FOUND. > > > > Reported-by: Jeremy Linton <jeremy.linton(a)arm.com> > > Tested-by: Jeremy Linton <jeremy.linton(a)arm.com> > > Signed-off-by: Erik Schmauss <erik.schmauss(a)intel.com> > > I think that we should propagate this fix to the "stable" kernel series, at least > 4.17.y and newer. Do you agree? Yes, I agree. Hi Greg, please add this to the stable kernel > > > --- > > drivers/acpi/acpica/psloop.c | 17 +++++++++++------ > > 1 file changed, 11 insertions(+), 6 deletions(-) > > > > diff --git a/drivers/acpi/acpica/psloop.c > > b/drivers/acpi/acpica/psloop.c index 20b6142da183..358fcdd1f8a5 100644 > > --- a/drivers/acpi/acpica/psloop.c > > +++ b/drivers/acpi/acpica/psloop.c > > @@ -22,6 +22,7 @@ > > #include "acdispat.h" > > #include "amlcode.h" > > #include "acconvert.h" > > +#include "acnamesp.h" > > > > #define _COMPONENT ACPI_PARSER > > ACPI_MODULE_NAME("psloop") > > @@ -527,12 +528,18 @@ acpi_status acpi_ps_parse_loop(struct > acpi_walk_state *walk_state) > > if (ACPI_FAILURE(status)) { > > return_ACPI_STATUS(status); > > } > > - if (walk_state->opcode == AML_SCOPE_OP) { > > + if (acpi_ns_opens_scope > > + (acpi_ps_get_opcode_info > > + > > + (walk_state->opcode)->object_type)) { > > /* > > - * If the scope op fails to parse, skip the body of the > > - * scope op because the parse failure indicates that the > > - * device may not exist. > > + * If the scope/device op fails to parse, skip the body of > > + * the scope op because the parse failure indicates that > > + * the device may not exist. > > */ > > + ACPI_ERROR((AE_INFO, > > + "Skip parsing opcode %s", > > + acpi_ps_get_opcode_name > > + > > + (walk_state->opcode))); > > walk_state->parser_state.aml = > > walk_state->aml + 1; > > walk_state->parser_state.aml = > > @@ -540,8 +547,6 @@ acpi_status acpi_ps_parse_loop(struct > acpi_walk_state *walk_state) > > (&walk_state->parser_state); > > walk_state->aml = > > walk_state->parser_state.aml; > > - ACPI_ERROR((AE_INFO, > > - "Skipping Scope block")); > > } > > > > continue; > > -- > > 2.17.1 > >

7 years, 1 month

3
2
0 0

[PATCH v7 5/5] drm/nouveau: Fix deadlocks in nouveau_connector_detect()

by Lyude Paul

When we disable hotplugging on the GPU, we need to be able to synchronize with each connector's hotplug interrupt handler before the interrupt is finally disabled. This can be a problem however, since nouveau_connector_detect() currently grabs a runtime power reference when handling connector probing. This will deadlock the runtime suspend handler like so: [ 861.480896] INFO: task kworker/0:2:61 blocked for more than 120 seconds. [ 861.483290] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.485158] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.486332] kworker/0:2 D 0 61 2 0x80000000 [ 861.487044] Workqueue: events nouveau_display_hpd_work [nouveau] [ 861.487737] Call Trace: [ 861.488394] __schedule+0x322/0xaf0 [ 861.489070] schedule+0x33/0x90 [ 861.489744] rpm_resume+0x19c/0x850 [ 861.490392] ? finish_wait+0x90/0x90 [ 861.491068] __pm_runtime_resume+0x4e/0x90 [ 861.491753] nouveau_display_hpd_work+0x22/0x60 [nouveau] [ 861.492416] process_one_work+0x231/0x620 [ 861.493068] worker_thread+0x44/0x3a0 [ 861.493722] kthread+0x12b/0x150 [ 861.494342] ? wq_pool_ids_show+0x140/0x140 [ 861.494991] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.495648] ret_from_fork+0x3a/0x50 [ 861.496304] INFO: task kworker/6:2:320 blocked for more than 120 seconds. [ 861.496968] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.497654] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.498341] kworker/6:2 D 0 320 2 0x80000080 [ 861.499045] Workqueue: pm pm_runtime_work [ 861.499739] Call Trace: [ 861.500428] __schedule+0x322/0xaf0 [ 861.501134] ? wait_for_completion+0x104/0x190 [ 861.501851] schedule+0x33/0x90 [ 861.502564] schedule_timeout+0x3a5/0x590 [ 861.503284] ? mark_held_locks+0x58/0x80 [ 861.503988] ? _raw_spin_unlock_irq+0x2c/0x40 [ 861.504710] ? wait_for_completion+0x104/0x190 [ 861.505417] ? trace_hardirqs_on_caller+0xf4/0x190 [ 861.506136] ? wait_for_completion+0x104/0x190 [ 861.506845] wait_for_completion+0x12c/0x190 [ 861.507555] ? wake_up_q+0x80/0x80 [ 861.508268] flush_work+0x1c9/0x280 [ 861.508990] ? flush_workqueue_prep_pwqs+0x1b0/0x1b0 [ 861.509735] nvif_notify_put+0xb1/0xc0 [nouveau] [ 861.510482] nouveau_display_fini+0xbd/0x170 [nouveau] [ 861.511241] nouveau_display_suspend+0x67/0x120 [nouveau] [ 861.511969] nouveau_do_suspend+0x5e/0x2d0 [nouveau] [ 861.512715] nouveau_pmops_runtime_suspend+0x47/0xb0 [nouveau] [ 861.513435] pci_pm_runtime_suspend+0x6b/0x180 [ 861.514165] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.514897] __rpm_callback+0x7a/0x1d0 [ 861.515618] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.516313] rpm_callback+0x24/0x80 [ 861.517027] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.517741] rpm_suspend+0x142/0x6b0 [ 861.518449] pm_runtime_work+0x97/0xc0 [ 861.519144] process_one_work+0x231/0x620 [ 861.519831] worker_thread+0x44/0x3a0 [ 861.520522] kthread+0x12b/0x150 [ 861.521220] ? wq_pool_ids_show+0x140/0x140 [ 861.521925] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.522622] ret_from_fork+0x3a/0x50 [ 861.523299] INFO: task kworker/6:0:1329 blocked for more than 120 seconds. [ 861.523977] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.524644] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.525349] kworker/6:0 D 0 1329 2 0x80000000 [ 861.526073] Workqueue: events nvif_notify_work [nouveau] [ 861.526751] Call Trace: [ 861.527411] __schedule+0x322/0xaf0 [ 861.528089] schedule+0x33/0x90 [ 861.528758] rpm_resume+0x19c/0x850 [ 861.529399] ? finish_wait+0x90/0x90 [ 861.530073] __pm_runtime_resume+0x4e/0x90 [ 861.530798] nouveau_connector_detect+0x7e/0x510 [nouveau] [ 861.531459] ? ww_mutex_lock+0x47/0x80 [ 861.532097] ? ww_mutex_lock+0x47/0x80 [ 861.532819] ? drm_modeset_lock+0x88/0x130 [drm] [ 861.533481] drm_helper_probe_detect_ctx+0xa0/0x100 [drm_kms_helper] [ 861.534127] drm_helper_hpd_irq_event+0xa4/0x120 [drm_kms_helper] [ 861.534940] nouveau_connector_hotplug+0x98/0x120 [nouveau] [ 861.535556] nvif_notify_work+0x2d/0xb0 [nouveau] [ 861.536221] process_one_work+0x231/0x620 [ 861.536994] worker_thread+0x44/0x3a0 [ 861.537757] kthread+0x12b/0x150 [ 861.538463] ? wq_pool_ids_show+0x140/0x140 [ 861.539102] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.539815] ret_from_fork+0x3a/0x50 [ 861.540521] Showing all locks held in the system: [ 861.541696] 2 locks held by kworker/0:2/61: [ 861.542406] #0: 000000002dbf8af5 ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.543071] #1: 0000000076868126 ((work_completion)(&drm->hpd_work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.543814] 1 lock held by khungtaskd/64: [ 861.544535] #0: 0000000059db4b53 (rcu_read_lock){....}, at: debug_show_all_locks+0x23/0x185 [ 861.545160] 3 locks held by kworker/6:2/320: [ 861.545896] #0: 00000000d9e1bc59 ((wq_completion)"pm"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.546702] #1: 00000000c9f92d84 ((work_completion)(&dev->power.work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.547443] #2: 000000004afc5de1 (drm_connector_list_iter){.+.+}, at: nouveau_display_fini+0x96/0x170 [nouveau] [ 861.548146] 1 lock held by dmesg/983: [ 861.548889] 2 locks held by zsh/1250: [ 861.549605] #0: 00000000348e3cf6 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 861.550393] #1: 000000007009a7a8 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0xc1/0x870 [ 861.551122] 6 locks held by kworker/6:0/1329: [ 861.551957] #0: 000000002dbf8af5 ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.552765] #1: 00000000ddb499ad ((work_completion)(&notify->work)#2){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.553582] #2: 000000006e013cbe (&dev->mode_config.mutex){+.+.}, at: drm_helper_hpd_irq_event+0x6c/0x120 [drm_kms_helper] [ 861.554357] #3: 000000004afc5de1 (drm_connector_list_iter){.+.+}, at: drm_helper_hpd_irq_event+0x78/0x120 [drm_kms_helper] [ 861.555227] #4: 0000000044f294d9 (crtc_ww_class_acquire){+.+.}, at: drm_helper_probe_detect_ctx+0x3d/0x100 [drm_kms_helper] [ 861.556133] #5: 00000000db193642 (crtc_ww_class_mutex){+.+.}, at: drm_modeset_lock+0x4b/0x130 [drm] [ 861.557864] ============================================= [ 861.559507] NMI backtrace for cpu 2 [ 861.560363] CPU: 2 PID: 64 Comm: khungtaskd Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.561197] Hardware name: LENOVO 20EQS64N0B/20EQS64N0B, BIOS N1EET78W (1.51 ) 05/18/2018 [ 861.561948] Call Trace: [ 861.562757] dump_stack+0x8e/0xd3 [ 861.563516] nmi_cpu_backtrace.cold.3+0x14/0x5a [ 861.564269] ? lapic_can_unplug_cpu.cold.27+0x42/0x42 [ 861.565029] nmi_trigger_cpumask_backtrace+0xa1/0xae [ 861.565789] arch_trigger_cpumask_backtrace+0x19/0x20 [ 861.566558] watchdog+0x316/0x580 [ 861.567355] kthread+0x12b/0x150 [ 861.568114] ? reset_hung_task_detector+0x20/0x20 [ 861.568863] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.569598] ret_from_fork+0x3a/0x50 [ 861.570370] Sending NMI from CPU 2 to CPUs 0-1,3-7: [ 861.571426] NMI backtrace for cpu 6 skipped: idling at intel_idle+0x7f/0x120 [ 861.571429] NMI backtrace for cpu 7 skipped: idling at intel_idle+0x7f/0x120 [ 861.571432] NMI backtrace for cpu 3 skipped: idling at intel_idle+0x7f/0x120 [ 861.571464] NMI backtrace for cpu 5 skipped: idling at intel_idle+0x7f/0x120 [ 861.571467] NMI backtrace for cpu 0 skipped: idling at intel_idle+0x7f/0x120 [ 861.571469] NMI backtrace for cpu 4 skipped: idling at intel_idle+0x7f/0x120 [ 861.571472] NMI backtrace for cpu 1 skipped: idling at intel_idle+0x7f/0x120 [ 861.572428] Kernel panic - not syncing: hung_task: blocked tasks So: fix this by making it so that normal hotplug handling /only/ happens so long as the GPU is currently awake without any pending runtime PM requests. In the event that a hotplug occurs while the device is suspending or resuming, we can simply defer our response until the GPU is fully runtime resumed again. Changes since v4: - Use a new trick I came up with using pm_runtime_get() instead of the hackish junk we had before Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_connector.c | 22 +++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c index 010d6db14cba..109240c03357 100644 --- a/drivers/gpu/drm/nouveau/nouveau_connector.c +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c @@ -1124,6 +1124,26 @@ nouveau_connector_hotplug(struct nvif_notify *notify) const struct nvif_notify_conn_rep_v0 *rep = notify->data; const char *name = connector->name; struct nouveau_encoder *nv_encoder; + int ret; + + ret = pm_runtime_get(drm->dev->dev); + if (ret == 0) { + /* We can't block here if there's a pending PM request + * running, as we'll deadlock nouveau_display_fini() when it + * calls nvif_put() on our nvif_notify struct. So, simply + * defer the hotplug event until the device finishes resuming + */ + NV_DEBUG(drm, "Deferring HPD on %s until runtime resume\n", + name); + schedule_work(&drm->hpd_work); + + pm_runtime_put_noidle(drm->dev->dev); + return NVIF_NOTIFY_KEEP; + } else if (ret != 1 && ret != -EACCES) { + NV_WARN(drm, "HPD on %s dropped due to RPM failure: %d\n", + name, ret); + return NVIF_NOTIFY_DROP; + } if (rep->mask & NVIF_NOTIFY_CONN_V0_IRQ) { NV_DEBUG(drm, "service %s\n", name); @@ -1141,6 +1161,8 @@ nouveau_connector_hotplug(struct nvif_notify *notify) drm_helper_hpd_irq_event(connector->dev); } + pm_runtime_mark_last_busy(drm->dev->dev); + pm_runtime_put_autosuspend(drm->dev->dev); return NVIF_NOTIFY_KEEP; } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v7 4/5] drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()

by Lyude Paul

It's true we can't resume the device from poll workers in nouveau_connector_detect(). We can however, prevent the autosuspend timer from elapsing immediately if it hasn't already without risking any sort of deadlock with the runtime suspend/resume operations. So do that instead of entirely avoiding grabbing a power reference. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_connector.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c index 2a45b4c2ceb0..010d6db14cba 100644 --- a/drivers/gpu/drm/nouveau/nouveau_connector.c +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c @@ -572,12 +572,16 @@ nouveau_connector_detect(struct drm_connector *connector, bool force) nv_connector->edid = NULL; } - /* Outputs are only polled while runtime active, so acquiring a - * runtime PM ref here is unnecessary (and would deadlock upon - * runtime suspend because it waits for polling to finish). + /* Outputs are only polled while runtime active, so resuming the + * device here is unnecessary (and would deadlock upon runtime suspend + * because it waits for polling to finish). We do however, want to + * prevent the autosuspend timer from elapsing during this operation + * if possible. */ - if (!drm_kms_helper_is_poll_worker()) { - ret = pm_runtime_get_sync(connector->dev->dev); + if (drm_kms_helper_is_poll_worker()) { + pm_runtime_get_noresume(dev->dev); + } else { + ret = pm_runtime_get_sync(dev->dev); if (ret < 0 && ret != -EACCES) return conn_status; } @@ -655,10 +659,8 @@ nouveau_connector_detect(struct drm_connector *connector, bool force) out: - if (!drm_kms_helper_is_poll_worker()) { - pm_runtime_mark_last_busy(connector->dev->dev); - pm_runtime_put_autosuspend(connector->dev->dev); - } + pm_runtime_mark_last_busy(dev->dev); + pm_runtime_put_autosuspend(dev->dev); return conn_status; } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v7 2/5] drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend()

by Lyude Paul

Since actual hotplug notifications don't get disabled until nouveau_display_fini() is called, all this will do is cause any hotplugs that happen between this drm_kms_helper_poll_disable() call and the actual hotplug disablement to potentially be dropped if ACPI isn't around to help us. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_drm.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index c7ec86d6c3c9..5fdc1fbe2ee5 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -835,7 +835,6 @@ nouveau_pmops_runtime_suspend(struct device *dev) return -EBUSY; } - drm_kms_helper_poll_disable(drm_dev); nouveau_switcheroo_optimus_dsm(); ret = nouveau_do_suspend(drm_dev, true); pci_save_state(pdev); -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v7 1/5] drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement

by Lyude Paul

Turns out this part is my fault for not noticing when reviewing 9a2eba337cace ("drm/nouveau: Fix drm poll_helper handling"). Currently we call drm_kms_helper_poll_enable() from nouveau_display_hpd_work(). This makes basically no sense however, because that means we're calling drm_kms_helper_poll_enable() every time we schedule the hotplug detection work. This is also against the advice mentioned in drm_kms_helper_poll_enable()'s documentation: Note that calls to enable and disable polling must be strictly ordered, which is automatically the case when they're only call from suspend/resume callbacks. Of course, hotplugs can't really be ordered. They could even happen immediately after we called drm_kms_helper_poll_disable() in nouveau_display_fini(), which can lead to all sorts of issues. Additionally; enabling polling /after/ we call drm_helper_hpd_irq_event() could also mean that we'd miss a hotplug event anyway, since drm_helper_hpd_irq_event() wouldn't bother trying to probe connectors so long as polling is disabled. So; simply move this back into nouveau_display_init() again. The race condition that both of these patches attempted to work around has already been fixed properly in d61a5c106351 ("drm/nouveau: Fix deadlock on runtime suspend") Fixes: 9a2eba337cace ("drm/nouveau: Fix drm poll_helper handling") Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Peter Ujfalusi <peter.ujfalusi(a)ti.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/nouveau_display.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_display.c b/drivers/gpu/drm/nouveau/nouveau_display.c index ec7861457b84..1d36ab5d4796 100644 --- a/drivers/gpu/drm/nouveau/nouveau_display.c +++ b/drivers/gpu/drm/nouveau/nouveau_display.c @@ -355,8 +355,6 @@ nouveau_display_hpd_work(struct work_struct *work) pm_runtime_get_sync(drm->dev->dev); drm_helper_hpd_irq_event(drm->dev); - /* enable polling for external displays */ - drm_kms_helper_poll_enable(drm->dev); pm_runtime_mark_last_busy(drm->dev->dev); pm_runtime_put_sync(drm->dev->dev); @@ -411,6 +409,11 @@ nouveau_display_init(struct drm_device *dev) if (ret) return ret; + /* enable connector detection and polling for connectors without HPD + * support + */ + drm_kms_helper_poll_enable(dev); + /* enable hotplug interrupts */ drm_connector_list_iter_begin(dev, &conn_iter); nouveau_for_each_non_mst_connector_iter(connector, &conn_iter) { -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v6 3/5] drm/nouveau: Fix deadlock with fb_helper with async RPM requests

by Lyude Paul

I'm sure I don't need to tell you that fb_helper's locking is a mess. That being said; fb_helper's locking mess can seriously complicate the runtime suspend/resume operations of drivers because it can invoke atomic commits and connector probing from anywhere that calls drm_fb_helper_hotplug_event(). Since most drivers use drm_fb_helper_output_poll_changed() as their output_poll_changed handler, this can happen in every single context that can fire off a hotplug event. An example: [ 246.669625] INFO: task kworker/4:0:37 blocked for more than 120 seconds. [ 246.673398] Not tainted 4.18.0-rc5Lyude-Test+ #2 [ 246.675271] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.676527] kworker/4:0 D 0 37 2 0x80000000 [ 246.677580] Workqueue: events output_poll_execute [drm_kms_helper] [ 246.678704] Call Trace: [ 246.679753] __schedule+0x322/0xaf0 [ 246.680916] schedule+0x33/0x90 [ 246.681924] schedule_preempt_disabled+0x15/0x20 [ 246.683023] __mutex_lock+0x569/0x9a0 [ 246.684035] ? kobject_uevent_env+0x117/0x7b0 [ 246.685132] ? drm_fb_helper_hotplug_event.part.28+0x20/0xb0 [drm_kms_helper] [ 246.686179] mutex_lock_nested+0x1b/0x20 [ 246.687278] ? mutex_lock_nested+0x1b/0x20 [ 246.688307] drm_fb_helper_hotplug_event.part.28+0x20/0xb0 [drm_kms_helper] [ 246.689420] drm_fb_helper_output_poll_changed+0x23/0x30 [drm_kms_helper] [ 246.690462] drm_kms_helper_hotplug_event+0x2a/0x30 [drm_kms_helper] [ 246.691570] output_poll_execute+0x198/0x1c0 [drm_kms_helper] [ 246.692611] process_one_work+0x231/0x620 [ 246.693725] worker_thread+0x214/0x3a0 [ 246.694756] kthread+0x12b/0x150 [ 246.695856] ? wq_pool_ids_show+0x140/0x140 [ 246.696888] ? kthread_create_worker_on_cpu+0x70/0x70 [ 246.697998] ret_from_fork+0x3a/0x50 [ 246.699034] INFO: task kworker/0:1:60 blocked for more than 120 seconds. [ 246.700153] Not tainted 4.18.0-rc5Lyude-Test+ #2 [ 246.701182] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.702278] kworker/0:1 D 0 60 2 0x80000000 [ 246.703293] Workqueue: pm pm_runtime_work [ 246.704393] Call Trace: [ 246.705403] __schedule+0x322/0xaf0 [ 246.706439] ? wait_for_completion+0x104/0x190 [ 246.707393] schedule+0x33/0x90 [ 246.708375] schedule_timeout+0x3a5/0x590 [ 246.709289] ? mark_held_locks+0x58/0x80 [ 246.710208] ? _raw_spin_unlock_irq+0x2c/0x40 [ 246.711222] ? wait_for_completion+0x104/0x190 [ 246.712134] ? trace_hardirqs_on_caller+0xf4/0x190 [ 246.713094] ? wait_for_completion+0x104/0x190 [ 246.713964] wait_for_completion+0x12c/0x190 [ 246.714895] ? wake_up_q+0x80/0x80 [ 246.715727] ? get_work_pool+0x90/0x90 [ 246.716649] flush_work+0x1c9/0x280 [ 246.717483] ? flush_workqueue_prep_pwqs+0x1b0/0x1b0 [ 246.718442] __cancel_work_timer+0x146/0x1d0 [ 246.719247] cancel_delayed_work_sync+0x13/0x20 [ 246.720043] drm_kms_helper_poll_disable+0x1f/0x30 [drm_kms_helper] [ 246.721123] nouveau_pmops_runtime_suspend+0x3d/0xb0 [nouveau] [ 246.721897] pci_pm_runtime_suspend+0x6b/0x190 [ 246.722825] ? pci_has_legacy_pm_support+0x70/0x70 [ 246.723737] __rpm_callback+0x7a/0x1d0 [ 246.724721] ? pci_has_legacy_pm_support+0x70/0x70 [ 246.725607] rpm_callback+0x24/0x80 [ 246.726553] ? pci_has_legacy_pm_support+0x70/0x70 [ 246.727376] rpm_suspend+0x142/0x6b0 [ 246.728185] pm_runtime_work+0x97/0xc0 [ 246.728938] process_one_work+0x231/0x620 [ 246.729796] worker_thread+0x44/0x3a0 [ 246.730614] kthread+0x12b/0x150 [ 246.731395] ? wq_pool_ids_show+0x140/0x140 [ 246.732202] ? kthread_create_worker_on_cpu+0x70/0x70 [ 246.732878] ret_from_fork+0x3a/0x50 [ 246.733768] INFO: task kworker/4:2:422 blocked for more than 120 seconds. [ 246.734587] Not tainted 4.18.0-rc5Lyude-Test+ #2 [ 246.735393] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.736113] kworker/4:2 D 0 422 2 0x80000080 [ 246.736789] Workqueue: events_long drm_dp_mst_link_probe_work [drm_kms_helper] [ 246.737665] Call Trace: [ 246.738490] __schedule+0x322/0xaf0 [ 246.739250] schedule+0x33/0x90 [ 246.739908] rpm_resume+0x19c/0x850 [ 246.740750] ? finish_wait+0x90/0x90 [ 246.741541] __pm_runtime_resume+0x4e/0x90 [ 246.742370] nv50_disp_atomic_commit+0x31/0x210 [nouveau] [ 246.743124] drm_atomic_commit+0x4a/0x50 [drm] [ 246.743775] restore_fbdev_mode_atomic+0x1c8/0x240 [drm_kms_helper] [ 246.744603] restore_fbdev_mode+0x31/0x140 [drm_kms_helper] [ 246.745373] drm_fb_helper_restore_fbdev_mode_unlocked+0x54/0xb0 [drm_kms_helper] [ 246.746220] drm_fb_helper_set_par+0x2d/0x50 [drm_kms_helper] [ 246.746884] drm_fb_helper_hotplug_event.part.28+0x96/0xb0 [drm_kms_helper] [ 246.747675] drm_fb_helper_output_poll_changed+0x23/0x30 [drm_kms_helper] [ 246.748544] drm_kms_helper_hotplug_event+0x2a/0x30 [drm_kms_helper] [ 246.749439] nv50_mstm_hotplug+0x15/0x20 [nouveau] [ 246.750111] drm_dp_send_link_address+0x177/0x1c0 [drm_kms_helper] [ 246.750764] drm_dp_check_and_send_link_address+0xa8/0xd0 [drm_kms_helper] [ 246.751602] drm_dp_mst_link_probe_work+0x51/0x90 [drm_kms_helper] [ 246.752314] process_one_work+0x231/0x620 [ 246.752979] worker_thread+0x44/0x3a0 [ 246.753838] kthread+0x12b/0x150 [ 246.754619] ? wq_pool_ids_show+0x140/0x140 [ 246.755386] ? kthread_create_worker_on_cpu+0x70/0x70 [ 246.756162] ret_from_fork+0x3a/0x50 [ 246.756847] Showing all locks held in the system: [ 246.758261] 3 locks held by kworker/4:0/37: [ 246.759016] #0: 00000000f8df4d2d ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.759856] #1: 00000000e6065461 ((work_completion)(&(&dev->mode_config.output_poll_work)->work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.760670] #2: 00000000cb66735f (&helper->lock){+.+.}, at: drm_fb_helper_hotplug_event.part.28+0x20/0xb0 [drm_kms_helper] [ 246.761516] 2 locks held by kworker/0:1/60: [ 246.762274] #0: 00000000fff6be0f ((wq_completion)"pm"){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.762982] #1: 000000005ab44fb4 ((work_completion)(&dev->power.work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.763890] 1 lock held by khungtaskd/64: [ 246.764664] #0: 000000008cb8b5c3 (rcu_read_lock){....}, at: debug_show_all_locks+0x23/0x185 [ 246.765588] 5 locks held by kworker/4:2/422: [ 246.766440] #0: 00000000232f0959 ((wq_completion)"events_long"){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.767390] #1: 00000000bb59b134 ((work_completion)(&mgr->work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.768154] #2: 00000000cb66735f (&helper->lock){+.+.}, at: drm_fb_helper_restore_fbdev_mode_unlocked+0x4c/0xb0 [drm_kms_helper] [ 246.768966] #3: 000000004c8f0b6b (crtc_ww_class_acquire){+.+.}, at: restore_fbdev_mode_atomic+0x4b/0x240 [drm_kms_helper] [ 246.769921] #4: 000000004c34a296 (crtc_ww_class_mutex){+.+.}, at: drm_modeset_backoff+0x8a/0x1b0 [drm] [ 246.770839] 1 lock held by dmesg/1038: [ 246.771739] 2 locks held by zsh/1172: [ 246.772650] #0: 00000000836d0438 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 246.773680] #1: 000000001f4f4d48 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0xc1/0x870 [ 246.775522] ============================================= After trying dozens of different solutions, I found one very simple one that should also have the benefit of preventing us from having to fight locking for the rest of our lives. So, we work around these deadlocks by deferring all fbcon hotplug events that happen after the runtime suspend process starts until after the device is resumed again. Changes since v5: - Come up with the (hopefully final) solution for solving this dumb problem, one that is a lot less likely to cause issues with locking in the future. This should work around all deadlock conditions with fbcon brought up thus far. Changes since v4: - Add nouveau_fbcon_hotplugged_in_suspend() to workaround deadlock condition that Lukas described - Just move all of this out of drm_fb_helper. It seems that other DRM drivers have already figured out other workarounds for this. If other drivers do end up needing this in the future, we can just move this back into drm_fb_helper again. Changes since v3: - Actually check if fb_helper is NULL in both new helpers - Actually check drm_fbdev_emulation in both new helpers - Don't fire off a fb_helper hotplug unconditionally; only do it if the following conditions are true (as otherwise, calling this in the wrong spot will cause Bad Things to happen): - fb_helper hotplug handling was actually inhibited previously - fb_helper actually has a delayed hotplug pending - fb_helper is actually bound - fb_helper is actually initialized - Add __must_check to drm_fb_helper_suspend_hotplug(). There's no situation where a driver would actually want to use this without checking the return value, so enforce that - Rewrite and clarify the documentation for both helpers. - Make sure to return true in the drm_fb_helper_suspend_hotplug() stub that's provided in drm_fb_helper.h when CONFIG_DRM_FBDEV_EMULATION isn't enabled - Actually grab the toplevel fb_helper lock in drm_fb_helper_resume_hotplug(), since it's possible other activity (such as a hotplug) could be going on at the same time the driver calls drm_fb_helper_resume_hotplug(). We need this to check whether or not drm_fb_helper_hotplug_event() needs to be called anyway Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 2 +- drivers/gpu/drm/nouveau/nouveau_display.c | 2 +- drivers/gpu/drm/nouveau/nouveau_fbcon.c | 72 +++++++++++++++++++++++ drivers/gpu/drm/nouveau/nouveau_fbcon.h | 7 +++ 4 files changed, 81 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 8b522a9b12f6..a0772389ed90 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -2049,7 +2049,7 @@ nv50_disp_atomic_state_alloc(struct drm_device *dev) static const struct drm_mode_config_funcs nv50_disp_func = { .fb_create = nouveau_user_framebuffer_create, - .output_poll_changed = drm_fb_helper_output_poll_changed, + .output_poll_changed = nouveau_fbcon_output_poll_changed, .atomic_check = nv50_disp_atomic_check, .atomic_commit = nv50_disp_atomic_commit, .atomic_state_alloc = nv50_disp_atomic_state_alloc, diff --git a/drivers/gpu/drm/nouveau/nouveau_display.c b/drivers/gpu/drm/nouveau/nouveau_display.c index 1d36ab5d4796..4b873e668b26 100644 --- a/drivers/gpu/drm/nouveau/nouveau_display.c +++ b/drivers/gpu/drm/nouveau/nouveau_display.c @@ -293,7 +293,7 @@ nouveau_user_framebuffer_create(struct drm_device *dev, static const struct drm_mode_config_funcs nouveau_mode_config_funcs = { .fb_create = nouveau_user_framebuffer_create, - .output_poll_changed = drm_fb_helper_output_poll_changed, + .output_poll_changed = nouveau_fbcon_output_poll_changed, }; diff --git a/drivers/gpu/drm/nouveau/nouveau_fbcon.c b/drivers/gpu/drm/nouveau/nouveau_fbcon.c index 85c1f10bc2b6..c7e86e9232a6 100644 --- a/drivers/gpu/drm/nouveau/nouveau_fbcon.c +++ b/drivers/gpu/drm/nouveau/nouveau_fbcon.c @@ -466,6 +466,7 @@ nouveau_fbcon_set_suspend_work(struct work_struct *work) console_unlock(); if (state == FBINFO_STATE_RUNNING) { + nouveau_fbcon_hotplug_resume(drm->fbcon); pm_runtime_mark_last_busy(drm->dev->dev); pm_runtime_put_sync(drm->dev->dev); } @@ -487,6 +488,76 @@ nouveau_fbcon_set_suspend(struct drm_device *dev, int state) schedule_work(&drm->fbcon_work); } +void +nouveau_fbcon_output_poll_changed(struct drm_device *dev) +{ + struct nouveau_drm *drm = nouveau_drm(dev); + struct nouveau_fbdev *fbcon = drm->fbcon; + int ret; + + if (!fbcon) + return; + + mutex_lock(&fbcon->hotplug_lock); + + ret = pm_runtime_get(dev->dev); + if (ret == 1 || ret == -EACCES) { + drm_fb_helper_hotplug_event(&fbcon->helper); + + pm_runtime_mark_last_busy(dev->dev); + pm_runtime_put_autosuspend(dev->dev); + } else if (ret == 0) { + /* If the GPU was already in the process of suspending before + * this event happened, then we can't block here as we'll + * deadlock the runtime pmops since they wait for us to + * finish. So, just defer this event for when we runtime + * resume again. It will be handled by fbcon_work. + */ + NV_DEBUG(drm, "fbcon HPD event deferred until runtime resume\n"); + fbcon->hotplug_waiting = true; + pm_runtime_put_noidle(drm->dev->dev); + } else { + DRM_WARN("fbcon HPD event lost due to RPM failure: %d\n", + ret); + } + + mutex_unlock(&fbcon->hotplug_lock); +} + +void +nouveau_fbcon_hotplug_resume(struct nouveau_fbdev *fbcon) +{ + struct nouveau_drm *drm; + + if (!fbcon) + return; + drm = nouveau_drm(fbcon->helper.dev); + + mutex_lock(&fbcon->hotplug_lock); + if (fbcon->hotplug_waiting) { + fbcon->hotplug_waiting = false; + + NV_DEBUG(drm, "Handling deferred fbcon HPD events\n"); + drm_fb_helper_hotplug_event(&fbcon->helper); + } + mutex_unlock(&fbcon->hotplug_lock); +} + +bool +nouveau_fbcon_hotplugged_in_suspend(struct nouveau_fbdev *fbcon) +{ + bool hotplug; + + if (!fbcon) + return false; + + mutex_lock(&fbcon->hotplug_lock); + hotplug = fbcon->hotplug_waiting; + mutex_unlock(&fbcon->hotplug_lock); + + return hotplug; +} + int nouveau_fbcon_init(struct drm_device *dev) { @@ -505,6 +576,7 @@ nouveau_fbcon_init(struct drm_device *dev) drm->fbcon = fbcon; INIT_WORK(&drm->fbcon_work, nouveau_fbcon_set_suspend_work); + mutex_init(&fbcon->hotplug_lock); drm_fb_helper_prepare(dev, &fbcon->helper, &nouveau_fbcon_helper_funcs); diff --git a/drivers/gpu/drm/nouveau/nouveau_fbcon.h b/drivers/gpu/drm/nouveau/nouveau_fbcon.h index a6f192ea3fa6..148c6b2cc6da 100644 --- a/drivers/gpu/drm/nouveau/nouveau_fbcon.h +++ b/drivers/gpu/drm/nouveau/nouveau_fbcon.h @@ -41,6 +41,9 @@ struct nouveau_fbdev { struct nvif_object gdi; struct nvif_object blit; struct nvif_object twod; + + struct mutex hotplug_lock; + bool hotplug_waiting; }; void nouveau_fbcon_restore(void); @@ -68,6 +71,10 @@ void nouveau_fbcon_set_suspend(struct drm_device *dev, int state); void nouveau_fbcon_accel_save_disable(struct drm_device *dev); void nouveau_fbcon_accel_restore(struct drm_device *dev); +void nouveau_fbcon_output_poll_changed(struct drm_device *dev); +void nouveau_fbcon_hotplug_resume(struct nouveau_fbdev *fbcon); +bool nouveau_fbcon_hotplugged_in_suspend(struct nouveau_fbdev *fbcon); + extern int nouveau_nofbaccel; #endif /* __NV50_FBCON_H__ */ -- 2.17.1

7 years, 1 month

2
2
0 0

Targeted Amazon Web Services/ Microsoft Azure Global Accounts

by heather.peterson＠laytheon.com

Hello, I hope this note finds you well. How about targeting Cloud Platforms & Services Products End Users Install Base for your marketing and integrated strategy. We can help you provide Opt-In End Users Data Intelligence of: • Amazon AWS Users • Microsoft Azure Users • Rackspace Users • Amazon EC2 Users • SoftLayer Users • Google Compute Engine Users • Amazon Elastic Load Balancing Users • Google App Engine Users • Amazon S3 Users and many more. Kindly let me know if you would be interested in having more details on the above. Regards- Heather If you wish not to receive marketing emails please revert unsubscribe!

7 years, 1 month

1
0
0 0

[PATCH v6 5/5] drm/nouveau: Fix deadlocks in nouveau_connector_detect()

by Lyude Paul

When we disable hotplugging on the GPU, we need to be able to synchronize with each connector's hotplug interrupt handler before the interrupt is finally disabled. This can be a problem however, since nouveau_connector_detect() currently grabs a runtime power reference when handling connector probing. This will deadlock the runtime suspend handler like so: [ 861.480896] INFO: task kworker/0:2:61 blocked for more than 120 seconds. [ 861.483290] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.485158] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.486332] kworker/0:2 D 0 61 2 0x80000000 [ 861.487044] Workqueue: events nouveau_display_hpd_work [nouveau] [ 861.487737] Call Trace: [ 861.488394] __schedule+0x322/0xaf0 [ 861.489070] schedule+0x33/0x90 [ 861.489744] rpm_resume+0x19c/0x850 [ 861.490392] ? finish_wait+0x90/0x90 [ 861.491068] __pm_runtime_resume+0x4e/0x90 [ 861.491753] nouveau_display_hpd_work+0x22/0x60 [nouveau] [ 861.492416] process_one_work+0x231/0x620 [ 861.493068] worker_thread+0x44/0x3a0 [ 861.493722] kthread+0x12b/0x150 [ 861.494342] ? wq_pool_ids_show+0x140/0x140 [ 861.494991] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.495648] ret_from_fork+0x3a/0x50 [ 861.496304] INFO: task kworker/6:2:320 blocked for more than 120 seconds. [ 861.496968] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.497654] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.498341] kworker/6:2 D 0 320 2 0x80000080 [ 861.499045] Workqueue: pm pm_runtime_work [ 861.499739] Call Trace: [ 861.500428] __schedule+0x322/0xaf0 [ 861.501134] ? wait_for_completion+0x104/0x190 [ 861.501851] schedule+0x33/0x90 [ 861.502564] schedule_timeout+0x3a5/0x590 [ 861.503284] ? mark_held_locks+0x58/0x80 [ 861.503988] ? _raw_spin_unlock_irq+0x2c/0x40 [ 861.504710] ? wait_for_completion+0x104/0x190 [ 861.505417] ? trace_hardirqs_on_caller+0xf4/0x190 [ 861.506136] ? wait_for_completion+0x104/0x190 [ 861.506845] wait_for_completion+0x12c/0x190 [ 861.507555] ? wake_up_q+0x80/0x80 [ 861.508268] flush_work+0x1c9/0x280 [ 861.508990] ? flush_workqueue_prep_pwqs+0x1b0/0x1b0 [ 861.509735] nvif_notify_put+0xb1/0xc0 [nouveau] [ 861.510482] nouveau_display_fini+0xbd/0x170 [nouveau] [ 861.511241] nouveau_display_suspend+0x67/0x120 [nouveau] [ 861.511969] nouveau_do_suspend+0x5e/0x2d0 [nouveau] [ 861.512715] nouveau_pmops_runtime_suspend+0x47/0xb0 [nouveau] [ 861.513435] pci_pm_runtime_suspend+0x6b/0x180 [ 861.514165] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.514897] __rpm_callback+0x7a/0x1d0 [ 861.515618] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.516313] rpm_callback+0x24/0x80 [ 861.517027] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.517741] rpm_suspend+0x142/0x6b0 [ 861.518449] pm_runtime_work+0x97/0xc0 [ 861.519144] process_one_work+0x231/0x620 [ 861.519831] worker_thread+0x44/0x3a0 [ 861.520522] kthread+0x12b/0x150 [ 861.521220] ? wq_pool_ids_show+0x140/0x140 [ 861.521925] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.522622] ret_from_fork+0x3a/0x50 [ 861.523299] INFO: task kworker/6:0:1329 blocked for more than 120 seconds. [ 861.523977] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.524644] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.525349] kworker/6:0 D 0 1329 2 0x80000000 [ 861.526073] Workqueue: events nvif_notify_work [nouveau] [ 861.526751] Call Trace: [ 861.527411] __schedule+0x322/0xaf0 [ 861.528089] schedule+0x33/0x90 [ 861.528758] rpm_resume+0x19c/0x850 [ 861.529399] ? finish_wait+0x90/0x90 [ 861.530073] __pm_runtime_resume+0x4e/0x90 [ 861.530798] nouveau_connector_detect+0x7e/0x510 [nouveau] [ 861.531459] ? ww_mutex_lock+0x47/0x80 [ 861.532097] ? ww_mutex_lock+0x47/0x80 [ 861.532819] ? drm_modeset_lock+0x88/0x130 [drm] [ 861.533481] drm_helper_probe_detect_ctx+0xa0/0x100 [drm_kms_helper] [ 861.534127] drm_helper_hpd_irq_event+0xa4/0x120 [drm_kms_helper] [ 861.534940] nouveau_connector_hotplug+0x98/0x120 [nouveau] [ 861.535556] nvif_notify_work+0x2d/0xb0 [nouveau] [ 861.536221] process_one_work+0x231/0x620 [ 861.536994] worker_thread+0x44/0x3a0 [ 861.537757] kthread+0x12b/0x150 [ 861.538463] ? wq_pool_ids_show+0x140/0x140 [ 861.539102] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.539815] ret_from_fork+0x3a/0x50 [ 861.540521] Showing all locks held in the system: [ 861.541696] 2 locks held by kworker/0:2/61: [ 861.542406] #0: 000000002dbf8af5 ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.543071] #1: 0000000076868126 ((work_completion)(&drm->hpd_work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.543814] 1 lock held by khungtaskd/64: [ 861.544535] #0: 0000000059db4b53 (rcu_read_lock){....}, at: debug_show_all_locks+0x23/0x185 [ 861.545160] 3 locks held by kworker/6:2/320: [ 861.545896] #0: 00000000d9e1bc59 ((wq_completion)"pm"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.546702] #1: 00000000c9f92d84 ((work_completion)(&dev->power.work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.547443] #2: 000000004afc5de1 (drm_connector_list_iter){.+.+}, at: nouveau_display_fini+0x96/0x170 [nouveau] [ 861.548146] 1 lock held by dmesg/983: [ 861.548889] 2 locks held by zsh/1250: [ 861.549605] #0: 00000000348e3cf6 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 861.550393] #1: 000000007009a7a8 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0xc1/0x870 [ 861.551122] 6 locks held by kworker/6:0/1329: [ 861.551957] #0: 000000002dbf8af5 ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.552765] #1: 00000000ddb499ad ((work_completion)(&notify->work)#2){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.553582] #2: 000000006e013cbe (&dev->mode_config.mutex){+.+.}, at: drm_helper_hpd_irq_event+0x6c/0x120 [drm_kms_helper] [ 861.554357] #3: 000000004afc5de1 (drm_connector_list_iter){.+.+}, at: drm_helper_hpd_irq_event+0x78/0x120 [drm_kms_helper] [ 861.555227] #4: 0000000044f294d9 (crtc_ww_class_acquire){+.+.}, at: drm_helper_probe_detect_ctx+0x3d/0x100 [drm_kms_helper] [ 861.556133] #5: 00000000db193642 (crtc_ww_class_mutex){+.+.}, at: drm_modeset_lock+0x4b/0x130 [drm] [ 861.557864] ============================================= [ 861.559507] NMI backtrace for cpu 2 [ 861.560363] CPU: 2 PID: 64 Comm: khungtaskd Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.561197] Hardware name: LENOVO 20EQS64N0B/20EQS64N0B, BIOS N1EET78W (1.51 ) 05/18/2018 [ 861.561948] Call Trace: [ 861.562757] dump_stack+0x8e/0xd3 [ 861.563516] nmi_cpu_backtrace.cold.3+0x14/0x5a [ 861.564269] ? lapic_can_unplug_cpu.cold.27+0x42/0x42 [ 861.565029] nmi_trigger_cpumask_backtrace+0xa1/0xae [ 861.565789] arch_trigger_cpumask_backtrace+0x19/0x20 [ 861.566558] watchdog+0x316/0x580 [ 861.567355] kthread+0x12b/0x150 [ 861.568114] ? reset_hung_task_detector+0x20/0x20 [ 861.568863] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.569598] ret_from_fork+0x3a/0x50 [ 861.570370] Sending NMI from CPU 2 to CPUs 0-1,3-7: [ 861.571426] NMI backtrace for cpu 6 skipped: idling at intel_idle+0x7f/0x120 [ 861.571429] NMI backtrace for cpu 7 skipped: idling at intel_idle+0x7f/0x120 [ 861.571432] NMI backtrace for cpu 3 skipped: idling at intel_idle+0x7f/0x120 [ 861.571464] NMI backtrace for cpu 5 skipped: idling at intel_idle+0x7f/0x120 [ 861.571467] NMI backtrace for cpu 0 skipped: idling at intel_idle+0x7f/0x120 [ 861.571469] NMI backtrace for cpu 4 skipped: idling at intel_idle+0x7f/0x120 [ 861.571472] NMI backtrace for cpu 1 skipped: idling at intel_idle+0x7f/0x120 [ 861.572428] Kernel panic - not syncing: hung_task: blocked tasks So: fix this by making it so that normal hotplug handling /only/ happens so long as the GPU is currently awake without any pending runtime PM requests. In the event that a hotplug occurs while the device is suspending or resuming, we can simply defer our response until the GPU is fully runtime resumed again. Changes since v5: - Use a new trick I came up with using pm_runtime_get() instead of the hackish junk we had before Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_connector.c | 22 +++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c index 010d6db14cba..109240c03357 100644 --- a/drivers/gpu/drm/nouveau/nouveau_connector.c +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c @@ -1124,6 +1124,26 @@ nouveau_connector_hotplug(struct nvif_notify *notify) const struct nvif_notify_conn_rep_v0 *rep = notify->data; const char *name = connector->name; struct nouveau_encoder *nv_encoder; + int ret; + + ret = pm_runtime_get(drm->dev->dev); + if (ret == 0) { + /* We can't block here if there's a pending PM request + * running, as we'll deadlock nouveau_display_fini() when it + * calls nvif_put() on our nvif_notify struct. So, simply + * defer the hotplug event until the device finishes resuming + */ + NV_DEBUG(drm, "Deferring HPD on %s until runtime resume\n", + name); + schedule_work(&drm->hpd_work); + + pm_runtime_put_noidle(drm->dev->dev); + return NVIF_NOTIFY_KEEP; + } else if (ret != 1 && ret != -EACCES) { + NV_WARN(drm, "HPD on %s dropped due to RPM failure: %d\n", + name, ret); + return NVIF_NOTIFY_DROP; + } if (rep->mask & NVIF_NOTIFY_CONN_V0_IRQ) { NV_DEBUG(drm, "service %s\n", name); @@ -1141,6 +1161,8 @@ nouveau_connector_hotplug(struct nvif_notify *notify) drm_helper_hpd_irq_event(connector->dev); } + pm_runtime_mark_last_busy(drm->dev->dev); + pm_runtime_put_autosuspend(drm->dev->dev); return NVIF_NOTIFY_KEEP; } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v6 4/5] drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()

by Lyude Paul

It's true we can't resume the device from poll workers in nouveau_connector_detect(). We can however, prevent the autosuspend timer from elapsing immediately if it hasn't already without risking any sort of deadlock with the runtime suspend/resume operations. So do that instead of entirely avoiding grabbing a power reference. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_connector.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c index 2a45b4c2ceb0..010d6db14cba 100644 --- a/drivers/gpu/drm/nouveau/nouveau_connector.c +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c @@ -572,12 +572,16 @@ nouveau_connector_detect(struct drm_connector *connector, bool force) nv_connector->edid = NULL; } - /* Outputs are only polled while runtime active, so acquiring a - * runtime PM ref here is unnecessary (and would deadlock upon - * runtime suspend because it waits for polling to finish). + /* Outputs are only polled while runtime active, so resuming the + * device here is unnecessary (and would deadlock upon runtime suspend + * because it waits for polling to finish). We do however, want to + * prevent the autosuspend timer from elapsing during this operation + * if possible. */ - if (!drm_kms_helper_is_poll_worker()) { - ret = pm_runtime_get_sync(connector->dev->dev); + if (drm_kms_helper_is_poll_worker()) { + pm_runtime_get_noresume(dev->dev); + } else { + ret = pm_runtime_get_sync(dev->dev); if (ret < 0 && ret != -EACCES) return conn_status; } @@ -655,10 +659,8 @@ nouveau_connector_detect(struct drm_connector *connector, bool force) out: - if (!drm_kms_helper_is_poll_worker()) { - pm_runtime_mark_last_busy(connector->dev->dev); - pm_runtime_put_autosuspend(connector->dev->dev); - } + pm_runtime_mark_last_busy(dev->dev); + pm_runtime_put_autosuspend(dev->dev); return conn_status; } -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v6 2/5] drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend()

by Lyude Paul

Since actual hotplug notifications don't get disabled until nouveau_display_fini() is called, all this will do is cause any hotplugs that happen between this drm_kms_helper_poll_disable() call and the actual hotplug disablement to potentially be dropped if ACPI isn't around to help us. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_drm.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index c7ec86d6c3c9..5fdc1fbe2ee5 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -835,7 +835,6 @@ nouveau_pmops_runtime_suspend(struct device *dev) return -EBUSY; } - drm_kms_helper_poll_disable(drm_dev); nouveau_switcheroo_optimus_dsm(); ret = nouveau_do_suspend(drm_dev, true); pci_save_state(pdev); -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v6 1/5] drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement

by Lyude Paul

Turns out this part is my fault for not noticing when reviewing 9a2eba337cace ("drm/nouveau: Fix drm poll_helper handling"). Currently we call drm_kms_helper_poll_enable() from nouveau_display_hpd_work(). This makes basically no sense however, because that means we're calling drm_kms_helper_poll_enable() every time we schedule the hotplug detection work. This is also against the advice mentioned in drm_kms_helper_poll_enable()'s documentation: Note that calls to enable and disable polling must be strictly ordered, which is automatically the case when they're only call from suspend/resume callbacks. Of course, hotplugs can't really be ordered. They could even happen immediately after we called drm_kms_helper_poll_disable() in nouveau_display_fini(), which can lead to all sorts of issues. Additionally; enabling polling /after/ we call drm_helper_hpd_irq_event() could also mean that we'd miss a hotplug event anyway, since drm_helper_hpd_irq_event() wouldn't bother trying to probe connectors so long as polling is disabled. So; simply move this back into nouveau_display_init() again. The race condition that both of these patches attempted to work around has already been fixed properly in d61a5c106351 ("drm/nouveau: Fix deadlock on runtime suspend") Fixes: 9a2eba337cace ("drm/nouveau: Fix drm poll_helper handling") Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Peter Ujfalusi <peter.ujfalusi(a)ti.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/nouveau_display.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_display.c b/drivers/gpu/drm/nouveau/nouveau_display.c index ec7861457b84..1d36ab5d4796 100644 --- a/drivers/gpu/drm/nouveau/nouveau_display.c +++ b/drivers/gpu/drm/nouveau/nouveau_display.c @@ -355,8 +355,6 @@ nouveau_display_hpd_work(struct work_struct *work) pm_runtime_get_sync(drm->dev->dev); drm_helper_hpd_irq_event(drm->dev); - /* enable polling for external displays */ - drm_kms_helper_poll_enable(drm->dev); pm_runtime_mark_last_busy(drm->dev->dev); pm_runtime_put_sync(drm->dev->dev); @@ -411,6 +409,11 @@ nouveau_display_init(struct drm_device *dev) if (ret) return ret; + /* enable connector detection and polling for connectors without HPD + * support + */ + drm_kms_helper_poll_enable(dev); + /* enable hotplug interrupts */ drm_connector_list_iter_begin(dev, &conn_iter); nouveau_for_each_non_mst_connector_iter(connector, &conn_iter) { -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH 2/2] net: socket: Fix potential spectre v1 gadget in sock_is_registered

by Jeremy Cline

'family' can be a user-controlled value, so sanitize it after the bounds check to avoid speculative out-of-bounds access. Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: Jeremy Cline <jcline(a)redhat.com> --- net/socket.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/socket.c b/net/socket.c index f15d5cbb3ba4..608e29ae6baf 100644 --- a/net/socket.c +++ b/net/socket.c @@ -2672,7 +2672,8 @@ EXPORT_SYMBOL(sock_unregister); bool sock_is_registered(int family) { - return family < NPROTO && rcu_access_pointer(net_families[family]); + return family < NPROTO && + rcu_access_pointer(net_families[array_index_nospec(family, NPROTO)]); } static int __init sock_init(void) -- 2.17.1

7 years, 1 month

2
4
0 0

[PATCH v2 1/2] block: Introduce alloc_disk_node_attr()

by Bart Van Assche

This patch does not change the behavior of any existing code but introduces a function that will be used by the next patch. Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Keith Busch <keith.busch(a)intel.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Sagi Grimberg <sagi(a)grimberg.me> Cc: Matias Bjorling <mb(a)lightnvm.io> Cc: <stable(a)vger.kernel.org> --- block/genhd.c | 26 ++++++++++++++++++++++++-- include/linux/genhd.h | 13 +++++++++++-- 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/block/genhd.c b/block/genhd.c index 8cc719a37b32..3b643152907d 100644 --- a/block/genhd.c +++ b/block/genhd.c @@ -1413,10 +1413,20 @@ dev_t blk_lookup_devt(const char *name, int partno) } EXPORT_SYMBOL(blk_lookup_devt); -struct gendisk *__alloc_disk_node(int minors, int node_id) +/** + * __alloc_disk_node - allocate a gendisk structure and initialize it + * @minors: number of partitions to allocate memory for + * @node_id: NUMA node to allocate memory from + * @ag: NULL or pointer to a NULL-terminated array with attribute groups that + * must be attached to the disk_to_dev() of the allocated disk structure + */ +struct gendisk *__alloc_disk_node(int minors, int node_id, + const struct attribute_group **ag) { struct gendisk *disk; struct disk_part_tbl *ptbl; + const struct attribute_group **agp; + int num_groups = 0; if (minors > DISK_MAX_PARTS) { printk(KERN_ERR @@ -1425,7 +1435,15 @@ struct gendisk *__alloc_disk_node(int minors, int node_id) minors = DISK_MAX_PARTS; } - disk = kzalloc_node(sizeof(struct gendisk), GFP_KERNEL, node_id); + if (ag) { + for (agp = ag; *agp; agp++) + num_groups++; + /* Only count the terminating NULL if the array is not empty. */ + if (num_groups) + num_groups++; + } + disk = kzalloc_node(struct_size(disk, ag, num_groups), GFP_KERNEL, + node_id); if (disk) { if (!init_part_stats(&disk->part0)) { kfree(disk); @@ -1461,6 +1479,10 @@ struct gendisk *__alloc_disk_node(int minors, int node_id) rand_initialize_disk(disk); disk_to_dev(disk)->class = &block_class; disk_to_dev(disk)->type = &disk_type; + if (num_groups) { + memcpy(disk->ag, ag, num_groups * sizeof(ag)); + disk_to_dev(disk)->groups = disk->ag; + } device_initialize(disk_to_dev(disk)); } return disk; diff --git a/include/linux/genhd.h b/include/linux/genhd.h index 57864422a2c8..50ab6cf77fdf 100644 --- a/include/linux/genhd.h +++ b/include/linux/genhd.h @@ -211,6 +211,11 @@ struct gendisk { int node_id; struct badblocks *bb; struct lockdep_map lockdep_map; + /* + * Storage space for NULL-terminated attribute group array for + * disk_to_dev() of this gendisk structure. + */ + const struct attribute_group *ag[0]; }; static inline struct gendisk *part_to_disk(struct hd_struct *part) @@ -608,7 +613,8 @@ extern void __delete_partition(struct percpu_ref *); extern void delete_partition(struct gendisk *, int); extern void printk_all_partitions(void); -extern struct gendisk *__alloc_disk_node(int minors, int node_id); +extern struct gendisk *__alloc_disk_node(int minors, int node_id, + const struct attribute_group **ag); extern struct kobject *get_disk_and_module(struct gendisk *disk); extern void put_disk(struct gendisk *disk); extern void put_disk_and_module(struct gendisk *disk); @@ -634,6 +640,9 @@ extern ssize_t part_fail_store(struct device *dev, #endif /* CONFIG_FAIL_MAKE_REQUEST */ #define alloc_disk_node(minors, node_id) \ + alloc_disk_node_attr(minors, node_id, NULL) + +#define alloc_disk_node_attr(minors, node_id, ag) \ ({ \ static struct lock_class_key __key; \ const char *__name; \ @@ -641,7 +650,7 @@ extern ssize_t part_fail_store(struct device *dev, \ __name = "(gendisk_completion)"#minors"("#node_id")"; \ \ - __disk = __alloc_disk_node(minors, node_id); \ + __disk = __alloc_disk_node(minors, node_id, ag); \ \ if (__disk) \ lockdep_init_map(&__disk->lockdep_map, __name, &__key, 0); \ -- 2.18.0

7 years, 1 month

2
1
0 0

[PATCH 0/3 stable 4.9] proc/sysctl: prune stale dentries during unregistering

by Mike Rapoport

Hi, These patches fix a memory leak in per-cpu areas in v4.9.y The following command sequence while :; do c=$(docker create busybox) docker start $c docker stop $c docker rm $c done causes the number of pcpu_get_vm_area entries in /proc/vmallocinfo to grow. The commit d6cffbbe9a7e ("proc/sysctl: prune stale dentries during unregistering") fixes the issue and the commits ace0c791e6c3 ("proc/sysctl: Don't grab i_lock under sysctl_lock.") and 2fd1d2c4ceb2 ("proc: Fix proc_sys_prune_dcache to hold a sb reference") are the follow-up fixups. I've also checked v4.4 and the issue does not appear there. Eric W. Biederman (2): proc/sysctl: Don't grab i_lock under sysctl_lock. proc: Fix proc_sys_prune_dcache to hold a sb reference Konstantin Khlebnikov (1): proc/sysctl: prune stale dentries during unregistering fs/proc/inode.c | 3 +- fs/proc/internal.h | 7 +++-- fs/proc/proc_sysctl.c | 83 +++++++++++++++++++++++++++++++++++++++----------- include/linux/sysctl.h | 1 + 4 files changed, 74 insertions(+), 20 deletions(-) -- 2.7.4

7 years, 1 month

2
8
0 0

[PATCH for-4.14.y 1/5] mtd: nand: qcom: Add a NULL check for devm_kasprintf()

by Amit Pundir

From: Fabio Estevam <fabio.estevam(a)nxp.com> commit 069f05346d01e7298939f16533953cdf52370be3 upstream. devm_kasprintf() may fail, so we should better add a NULL check and propagate an error on failure. Signed-off-by: Fabio Estevam <fabio.estevam(a)nxp.com> Signed-off-by: Boris Brezillon <boris.brezillon(a)free-electrons.com> Signed-off-by: Amit Pundir <amit.pundir(a)linaro.org> --- Cherry-picked from lede tree https://git.lede-project.org/?p=source.git Please apply it on 4.9.y as well. Not applicable for 4.4.y and 3.18.y drivers/mtd/nand/qcom_nandc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/mtd/nand/qcom_nandc.c b/drivers/mtd/nand/qcom_nandc.c index 3baddfc997d1..b49ca02b399d 100644 --- a/drivers/mtd/nand/qcom_nandc.c +++ b/drivers/mtd/nand/qcom_nandc.c @@ -2544,6 +2544,9 @@ static int qcom_nand_host_init(struct qcom_nand_controller *nandc, nand_set_flash_node(chip, dn); mtd->name = devm_kasprintf(dev, GFP_KERNEL, "qcom_nand.%d", host->cs); + if (!mtd->name) + return -ENOMEM; + mtd->owner = THIS_MODULE; mtd->dev.parent = dev; -- 2.7.4

7 years, 1 month

2
6
0 0

request for 4.4-stable: d8f9cc328c88 ("IB/mlx4: Mark user MR as writable if actual virtual memory is writable")

by Sudip Mukherjee

Hi Greg, This was missing in 4.4-stable. Please apply to your queue. It will depend on 08bb558ac11a ("IB/core: Make testing MR flags for writability a static inline function") which I have sent earlier. -- Regards Sudip

7 years, 1 month

2
1
0 0

[PATCH 1/5] Tools: hv: Fix a bug in the key delete code

by kys＠linuxonhyperv.com

From: "K. Y. Srinivasan" <kys(a)microsoft.com> Fix a bug in the key delete code - the num_records range from 0 to num_records-1. Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Reported-by: David Binderman <dcb314(a)hotmail.com> Cc: <stable(a)vger.kernel.org> --- tools/hv/hv_kvp_daemon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index dbf6e8bd98ba..bbb2a8ef367c 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -286,7 +286,7 @@ static int kvp_key_delete(int pool, const __u8 *key, int key_size) * Found a match; just move the remaining * entries up. */ - if (i == num_records) { + if (i == (num_records - 1)) { kvp_file_info[pool].num_records--; kvp_update_file(pool); return 0; -- 2.18.0

7 years, 1 month

2
1
0 0

[Linux-stable-mirror] [PATCH] soc/tegra: pmc: fix child-node lookup

by Johan Hovold

Fix child-node lookup during probe, which ended up searching the whole device tree depth-first starting at the parent rather than just matching on its children. To make things worse, the parent pmc node could end up being prematurely freed as of_find_node_by_name() drops a reference to its first argument. Fixes: 3568df3d31d6 ("soc: tegra: Add thermal reset (thermtrip) support to PMC") Cc: stable <stable(a)vger.kernel.org> # 4.0 Cc: Mikko Perttunen <mperttunen(a)nvidia.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/soc/tegra/pmc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/soc/tegra/pmc.c b/drivers/soc/tegra/pmc.c index 0453ff6839a7..7e9ef3431bea 100644 --- a/drivers/soc/tegra/pmc.c +++ b/drivers/soc/tegra/pmc.c @@ -1321,7 +1321,7 @@ static void tegra_pmc_init_tsense_reset(struct tegra_pmc *pmc) if (!pmc->soc->has_tsense_reset) return; - np = of_find_node_by_name(pmc->dev->of_node, "i2c-thermtrip"); + np = of_get_child_by_name(pmc->dev->of_node, "i2c-thermtrip"); if (!np) { dev_warn(dev, "i2c-thermtrip node not found, %s.\n", disabled); return; -- 2.15.0

7 years, 1 month

3
5
0 0

[PATCH v7 0/9] powerpc/pseries: Machine check handler improvements.

by Mahesh J Salgaonkar

This patch series includes some improvement to Machine check handler for pseries. Patch 1 fixes a buffer overrun issue if rtas extended error log size is greater than RTAS_ERROR_LOG_MAX. Patch 2 fixes an issue where machine check handler crashes kernel while accessing vmalloc-ed buffer while in nmi context. Patch 3 fixes endain bug while restoring of r3 in MCE handler. Patch 5 implements a real mode mce handler and flushes the SLBs on SLB error. Patch 6 display's the MCE error details on console. Patch 7 saves and dumps the SLB contents on SLB MCE errors to improve the debugability. Patch 8 adds sysctl knob for recovery action on recovered MCEs. Patch 9 consolidates mce early real mode handling code. Change in V7: - Fold Michal's patch into patch 5 - Handle MSR_RI=0 and evil context case in MC handler in patch 5. - Patch 7: Print slb cache ptr value and slb cache data. - Move patch 8 to patch 9. - Introduce patch 8 add sysctl knob for recovery action on recovered MCEs. Change in V6: - Introduce patch 8 to consolidate early real mode handling code. - Address Nick's comment on erroneous hunk. Change in V5: - Use min_t instead of max_t. - Fix an issue reported by kbuild test robot and address review comments. Change in V4: - Flush the SLBs in real mode mce handler to handle SLB errors for entry 0. - Allocate buffers per cpu to hold rtas error log and old slb contents. - Defer the logging of rtas error log to irq work queue. Change in V3: - Moved patch 5 to patch 2 Change in V2: - patch 3: Display additional info (NIP and task info) in MCE error details. - patch 5: Fix endain bug while restoring of r3 in MCE handler. --- Mahesh Salgaonkar (9): powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX. powerpc/pseries: Defer the logging of rtas error to irq work queue. powerpc/pseries: Fix endainness while restoring of r3 in MCE handler. powerpc/pseries: Define MCE error event section. powerpc/pseries: flush SLB contents on SLB MCE errors. powerpc/pseries: Display machine check error details. powerpc/pseries: Dump the SLB contents on SLB MCE errors. powerpc/mce: Add sysctl control for recovery action on MCE. powernv/pseries: consolidate code for mce early handling. arch/powerpc/include/asm/book3s/64/mmu-hash.h | 8 + arch/powerpc/include/asm/machdep.h | 1 arch/powerpc/include/asm/mce.h | 2 arch/powerpc/include/asm/paca.h | 7 + arch/powerpc/include/asm/rtas.h | 116 ++++++++++++ arch/powerpc/kernel/exceptions-64s.S | 42 ++++ arch/powerpc/kernel/mce.c | 73 +++++++- arch/powerpc/kernel/traps.c | 3 arch/powerpc/mm/slb.c | 79 ++++++++ arch/powerpc/platforms/powernv/setup.c | 15 ++ arch/powerpc/platforms/pseries/pseries.h | 1 arch/powerpc/platforms/pseries/ras.c | 242 +++++++++++++++++++++++-- arch/powerpc/platforms/pseries/setup.c | 27 +++ 13 files changed, 588 insertions(+), 28 deletions(-) -- Signature

7 years, 1 month

2
3
0 0

[PATCH v2 1/2] powerpc/fadump: handle crash memory ranges array index overflow

by Hari Bathini

Crash memory ranges is an array of memory ranges of the crashing kernel to be exported as a dump via /proc/vmcore file. The size of the array is set based on INIT_MEMBLOCK_REGIONS, which works alright in most cases where memblock memory regions count is less than INIT_MEMBLOCK_REGIONS value. But this count can grow beyond INIT_MEMBLOCK_REGIONS value since commit 142b45a72e22 ("memblock: Add array resizing support"). On large memory systems with a few DLPAR operations, the memblock memory regions count could be larger than INIT_MEMBLOCK_REGIONS value. On such systems, registering fadump results in crash or other system failures like below: task: c00007f39a290010 ti: c00000000b738000 task.ti: c00000000b738000 NIP: c000000000047df4 LR: c0000000000f9e58 CTR: c00000000010f180 REGS: c00000000b73b570 TRAP: 0300 Tainted: G L X (4.4.140+) MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 22004484 XER: 20000000 CFAR: c000000000008500 DAR: 000007a450000000 DSISR: 40000000 SOFTE: 0 GPR00: c0000000000f9e58 c00000000b73b7f0 c000000000f09a00 000000000000001a GPR04: c00007f3bf774c90 0000000000000004 c000000000eb9a00 0000000000000800 GPR08: 0000000000000804 000007a450000000 c000000000fa9a00 c00007ffb169ca20 GPR12: 0000000022004482 c00000000fa12c00 c00007f3a0ea97a8 0000000000000000 GPR16: c00007f3a0ea9a50 c00000000b73bd60 0000000000000118 000000000001fe80 GPR20: 0000000000000118 0000000000000000 c000000000b8c980 00000000000000d0 GPR24: 000007ffb0b10000 c00007ffb169c980 0000000000000000 c000000000b8c980 GPR28: 0000000000000004 c00007ffb169c980 000000000000001a c00007ffb169c980 NIP [c000000000047df4] smp_send_reschedule+0x24/0x80 LR [c0000000000f9e58] resched_curr+0x138/0x160 Call Trace: [c00000000b73b7f0] [c0000000000f9e58] resched_curr+0x138/0x160 (unreliable) [c00000000b73b820] [c0000000000fb538] check_preempt_curr+0xc8/0xf0 [c00000000b73b850] [c0000000000fb598] ttwu_do_wakeup+0x38/0x150 [c00000000b73b890] [c0000000000fc9c4] try_to_wake_up+0x224/0x4d0 [c00000000b73b900] [c00000000011ef34] __wake_up_common+0x94/0x100 [c00000000b73b960] [c00000000034a78c] ep_poll_callback+0xac/0x1c0 [c00000000b73b9b0] [c00000000011ef34] __wake_up_common+0x94/0x100 [c00000000b73ba10] [c00000000011f810] __wake_up_sync_key+0x70/0xa0 [c00000000b73ba60] [c00000000067c3e8] sock_def_readable+0x58/0xa0 [c00000000b73ba90] [c0000000007848ac] unix_stream_sendmsg+0x2dc/0x4c0 [c00000000b73bb70] [c000000000675a38] sock_sendmsg+0x68/0xa0 [c00000000b73bba0] [c00000000067673c] ___sys_sendmsg+0x2cc/0x2e0 [c00000000b73bd30] [c000000000677dbc] __sys_sendmsg+0x5c/0xc0 [c00000000b73bdd0] [c0000000006789bc] SyS_socketcall+0x36c/0x3f0 [c00000000b73be30] [c000000000009488] system_call+0x3c/0x100 Instruction dump: 4e800020 60000000 60420000 3c4c00ec 38421c30 7c0802a6 f8010010 60000000 3d42000a e92ab420 2fa90000 4dde0020 <e9290000> 2fa90000 419e0044 7c0802a6 ---[ end trace a6d1dd4bab5f8253 ]--- as array index overflow is not checked for while setting up crash memory ranges causing memory corruption. To resolve this issue, dynamically allocate memory for crash memory ranges and resize it incrementally, in units of pagesize, on hitting array size limit. Fixes: 2df173d9e85d ("fadump: Initialize elfcore header and add PT_LOAD program headers.") Cc: stable(a)vger.kernel.org Cc: Mahesh Salgaonkar <mahesh(a)linux.vnet.ibm.com> Signed-off-by: Hari Bathini <hbathini(a)linux.ibm.com> --- Changes in v2: * Allocating memory for crash ranges in pagesize unit. * freeing memory allocated while cleaning up. * Moved the changes to coalesce memory ranges into patch 2/2. arch/powerpc/include/asm/fadump.h | 4 +- arch/powerpc/kernel/fadump.c | 91 +++++++++++++++++++++++++++++++------ 2 files changed, 79 insertions(+), 16 deletions(-) diff --git a/arch/powerpc/include/asm/fadump.h b/arch/powerpc/include/asm/fadump.h index 5a23010..3abc738 100644 --- a/arch/powerpc/include/asm/fadump.h +++ b/arch/powerpc/include/asm/fadump.h @@ -195,8 +195,8 @@ struct fadump_crash_info_header { struct cpumask online_mask; }; -/* Crash memory ranges */ -#define INIT_CRASHMEM_RANGES (INIT_MEMBLOCK_REGIONS + 2) +/* Crash memory ranges size unit (pagesize) */ +#define CRASHMEM_RANGES_ALLOC_SIZE PAGE_SIZE struct fad_crash_memory_ranges { unsigned long long base; diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c index 07e8396..2ec5704 100644 --- a/arch/powerpc/kernel/fadump.c +++ b/arch/powerpc/kernel/fadump.c @@ -47,8 +47,10 @@ static struct fadump_mem_struct fdm; static const struct fadump_mem_struct *fdm_active; static DEFINE_MUTEX(fadump_mutex); -struct fad_crash_memory_ranges crash_memory_ranges[INIT_CRASHMEM_RANGES]; +struct fad_crash_memory_ranges *crash_memory_ranges; +int crash_memory_ranges_size; int crash_mem_ranges; +int max_crash_mem_ranges; /* Scan the Firmware Assisted dump configuration details. */ int __init early_init_dt_scan_fw_dump(unsigned long node, @@ -868,22 +870,67 @@ static int __init process_fadump(const struct fadump_mem_struct *fdm_active) return 0; } -static inline void fadump_add_crash_memory(unsigned long long base, - unsigned long long end) +static void free_crash_memory_ranges(void) +{ + kfree(crash_memory_ranges); + crash_memory_ranges = NULL; + crash_memory_ranges_size = 0; + max_crash_mem_ranges = 0; +} + +/* + * Allocate or reallocate crash memory ranges array in incremental units + * of CRASHMEM_RANGES_ALLOC_SIZE. + */ +static int allocate_crash_memory_ranges(void) +{ + u64 new_size; + struct fad_crash_memory_ranges *new_array; + + new_size = crash_memory_ranges_size + CRASHMEM_RANGES_ALLOC_SIZE; + pr_debug("Allocating %llu bytes of memory for crash memory ranges\n", + new_size); + + new_array = krealloc(crash_memory_ranges, new_size, GFP_KERNEL); + if (new_array == NULL) { + pr_err("Insufficient memory for setting up crash memory ranges\n"); + free_crash_memory_ranges(); + return -ENOMEM; + } + + crash_memory_ranges = new_array; + crash_memory_ranges_size = new_size; + max_crash_mem_ranges = (new_size / + sizeof(struct fad_crash_memory_ranges)); + return 0; +} + +static inline int fadump_add_crash_memory(unsigned long long base, + unsigned long long end) { if (base == end) - return; + return 0; + + if (crash_mem_ranges == max_crash_mem_ranges) { + int ret; + + ret = allocate_crash_memory_ranges(); + if (ret) + return ret; + } pr_debug("crash_memory_range[%d] [%#016llx-%#016llx], %#llx bytes\n", crash_mem_ranges, base, end - 1, (end - base)); crash_memory_ranges[crash_mem_ranges].base = base; crash_memory_ranges[crash_mem_ranges].size = end - base; crash_mem_ranges++; + return 0; } -static void fadump_exclude_reserved_area(unsigned long long start, +static int fadump_exclude_reserved_area(unsigned long long start, unsigned long long end) { + int ret = 0; unsigned long long ra_start, ra_end; ra_start = fw_dump.reserve_dump_area_start; @@ -891,15 +938,20 @@ static void fadump_exclude_reserved_area(unsigned long long start, if ((ra_start < end) && (ra_end > start)) { if ((start < ra_start) && (end > ra_end)) { - fadump_add_crash_memory(start, ra_start); - fadump_add_crash_memory(ra_end, end); + ret = fadump_add_crash_memory(start, ra_start); + if (ret) + return ret; + + ret = fadump_add_crash_memory(ra_end, end); } else if (start < ra_start) { - fadump_add_crash_memory(start, ra_start); + ret = fadump_add_crash_memory(start, ra_start); } else if (ra_end < end) { - fadump_add_crash_memory(ra_end, end); + ret = fadump_add_crash_memory(ra_end, end); } } else - fadump_add_crash_memory(start, end); + ret = fadump_add_crash_memory(start, end); + + return ret; } static int fadump_init_elfcore_header(char *bufp) @@ -939,8 +991,9 @@ static int fadump_init_elfcore_header(char *bufp) * Traverse through memblock structure and setup crash memory ranges. These * ranges will be used create PT_LOAD program headers in elfcore header. */ -static void fadump_setup_crash_memory_ranges(void) +static int fadump_setup_crash_memory_ranges(void) { + int ret; struct memblock_region *reg; unsigned long long start, end; @@ -953,7 +1006,9 @@ static void fadump_setup_crash_memory_ranges(void) * specified during fadump registration. We need to create a separate * program header for this chunk with the correct offset. */ - fadump_add_crash_memory(RMA_START, fw_dump.boot_memory_size); + ret = fadump_add_crash_memory(RMA_START, fw_dump.boot_memory_size); + if (ret) + return ret; for_each_memblock(memory, reg) { start = (unsigned long long)reg->base; @@ -973,8 +1028,12 @@ static void fadump_setup_crash_memory_ranges(void) } /* add this range excluding the reserved dump area. */ - fadump_exclude_reserved_area(start, end); + ret = fadump_exclude_reserved_area(start, end); + if (ret) + return ret; } + + return 0; } /* @@ -1095,6 +1154,7 @@ static unsigned long init_fadump_header(unsigned long addr) static int register_fadump(void) { + int ret; unsigned long addr; void *vaddr; @@ -1105,7 +1165,9 @@ static int register_fadump(void) if (!fw_dump.reserve_dump_area_size) return -ENODEV; - fadump_setup_crash_memory_ranges(); + ret = fadump_setup_crash_memory_ranges(); + if (ret) + return ret; addr = be64_to_cpu(fdm.rmr_region.destination_address) + be64_to_cpu(fdm.rmr_region.source_len); /* Initialize fadump crash info header. */ @@ -1183,6 +1245,7 @@ void fadump_cleanup(void) } else if (fw_dump.dump_registered) { /* Un-register Firmware-assisted dump if it was registered. */ fadump_unregister_dump(&fdm); + free_crash_memory_ranges(); } }

7 years, 1 month

3
2
0 0

[PATCH v3 2/2] KVM: arm/arm64: Skip updating PTE entry if no change

by Punit Agrawal

When there is contention on faulting in a particular page table entry at stage 2, the break-before-make requirement of the architecture can lead to additional refaulting due to TLB invalidation. Avoid this by skipping a page table update if the new value of the PTE matches the previous value. Fixes: d5d8184d35c9 ("KVM: ARM: Memory virtualization setup") Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Cc: Marc Zyngier <marc.zyngier(a)arm.com> Cc: Christoffer Dall <christoffer.dall(a)arm.com> Cc: stable(a)vger.kernel.org --- virt/kvm/arm/mmu.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 2bb0b5dba412..c2b95a22959b 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1118,6 +1118,10 @@ static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache, /* Create 2nd stage page table mapping - Level 3 */ old_pte = *pte; if (pte_present(old_pte)) { + /* Skip page table update if there is no change */ + if (pte_val(old_pte) == pte_val(*new_pte)) + return 0; + kvm_set_pte(pte, __pte(0)); kvm_tlb_flush_vmid_ipa(kvm, addr); } else { -- 2.18.0

7 years, 1 month

1
0
0 0

[PATCH v3 1/2] KVM: arm/arm64: Skip updating PMD entry if no change

by Punit Agrawal

Contention on updating a PMD entry by a large number of vcpus can lead to duplicate work when handling stage 2 page faults. As the page table update follows the break-before-make requirement of the architecture, it can lead to repeated refaults due to clearing the entry and flushing the tlbs. This problem is more likely when - * there are large number of vcpus * the mapping is large block mapping such as when using PMD hugepages (512MB) with 64k pages. Fix this by skipping the page table update if there is no change in the entry being updated. Fixes: ad361f093c1e ("KVM: ARM: Support hugetlbfs backed huge pages") Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Cc: Marc Zyngier <marc.zyngier(a)arm.com> Cc: Christoffer Dall <christoffer.dall(a)arm.com> Cc: stable(a)vger.kernel.org --- virt/kvm/arm/mmu.c | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 1d90d79706bd..2bb0b5dba412 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1015,19 +1015,35 @@ static int stage2_set_pmd_huge(struct kvm *kvm, struct kvm_mmu_memory_cache pmd = stage2_get_pmd(kvm, cache, addr); VM_BUG_ON(!pmd); - /* - * Mapping in huge pages should only happen through a fault. If a - * page is merged into a transparent huge page, the individual - * subpages of that huge page should be unmapped through MMU - * notifiers before we get here. - * - * Merging of CompoundPages is not supported; they should become - * splitting first, unmapped, merged, and mapped back in on-demand. - */ - VM_BUG_ON(pmd_present(*pmd) && pmd_pfn(*pmd) != pmd_pfn(*new_pmd)); - old_pmd = *pmd; if (pmd_present(old_pmd)) { + /* + * Multiple vcpus faulting on the same PMD entry, can + * lead to them sequentially updating the PMD with the + * same value. Following the break-before-make + * (pmd_clear() followed by tlb_flush()) process can + * hinder forward progress due to refaults generated + * on missing translations. + * + * Skip updating the page table if the entry is + * unchanged. + */ + if (pmd_val(old_pmd) == pmd_val(*new_pmd)) + return 0; + + /* + * Mapping in huge pages should only happen through a + * fault. If a page is merged into a transparent huge + * page, the individual subpages of that huge page + * should be unmapped through MMU notifiers before we + * get here. + * + * Merging of CompoundPages is not supported; they + * should become splitting first, unmapped, merged, + * and mapped back in on-demand. + */ + VM_BUG_ON(pmd_pfn(old_pmd) != pmd_pfn(*new_pmd)); + pmd_clear(pmd); kvm_tlb_flush_vmid_ipa(kvm, addr); } else { -- 2.18.0

7 years, 1 month

1
0
0 0

[PATCH v2 1/2] KVM: arm/arm64: Skip updating PMD entry if no change

by Punit Agrawal

Contention on updating a PMD entry by a large number of vcpus can lead to duplicate work when handling stage 2 page faults. As the page table update follows the break-before-make requirement of the architecture, it can lead to repeated refaults due to clearing the entry and flushing the tlbs. This problem is more likely when - * there are large number of vcpus * the mapping is large block mapping such as when using PMD hugepages (512MB) with 64k pages. Fix this by skipping the page table update if there is no change in the entry being updated. Fixes: ad361f093c1e ("KVM: ARM: Support hugetlbfs backed huge pages") Change-Id: Ib417957c842ef67a6f4b786f68df62048d202c24 Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Cc: Marc Zyngier <marc.zyngier(a)arm.com> Cc: Christoffer Dall <christoffer.dall(a)arm.com> Cc: Suzuki Poulose <suzuki.poulose(a)arm.com> Cc: stable(a)vger.kernel.org --- virt/kvm/arm/mmu.c | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 1d90d79706bd..2ab977edc63c 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1015,19 +1015,36 @@ static int stage2_set_pmd_huge(struct kvm *kvm, struct kvm_mmu_memory_cache pmd = stage2_get_pmd(kvm, cache, addr); VM_BUG_ON(!pmd); - /* - * Mapping in huge pages should only happen through a fault. If a - * page is merged into a transparent huge page, the individual - * subpages of that huge page should be unmapped through MMU - * notifiers before we get here. - * - * Merging of CompoundPages is not supported; they should become - * splitting first, unmapped, merged, and mapped back in on-demand. - */ - VM_BUG_ON(pmd_present(*pmd) && pmd_pfn(*pmd) != pmd_pfn(*new_pmd)); - old_pmd = *pmd; + if (pmd_present(old_pmd)) { + /* + * Mapping in huge pages should only happen through a + * fault. If a page is merged into a transparent huge + * page, the individual subpages of that huge page + * should be unmapped through MMU notifiers before we + * get here. + * + * Merging of CompoundPages is not supported; they + * should become splitting first, unmapped, merged, + * and mapped back in on-demand. + */ + VM_BUG_ON(pmd_pfn(old_pmd) != pmd_pfn(*new_pmd)); + + /* + * Multiple vcpus faulting on the same PMD entry, can + * lead to them sequentially updating the PMD with the + * same value. Following the break-before-make + * (pmd_clear() followed by tlb_flush()) process can + * hinder forward progress due to refaults generated + * on missing translations. + * + * Skip updating the page table if the entry is + * unchanged. + */ + if (pmd_val(old_pmd) == pmd_val(*new_pmd)) + goto out; + pmd_clear(pmd); kvm_tlb_flush_vmid_ipa(kvm, addr); } else { @@ -1035,6 +1052,7 @@ static int stage2_set_pmd_huge(struct kvm *kvm, struct kvm_mmu_memory_cache } kvm_set_pmd(pmd, *new_pmd); +out: return 0; } -- 2.18.0

7 years, 1 month

3
4
0 0

[PATCH v2 2/2] KVM: arm/arm64: Skip updating PTE entry if no change

by Punit Agrawal

When there is contention on faulting in a particular page table entry at stage 2, the break-before-make requirement of the architecture can lead to additional refaulting due to TLB invalidation. Avoid this by skipping a page table update if the new value of the PTE matches the previous value. Fixes: d5d8184d35c9 ("KVM: ARM: Memory virtualization setup") Change-Id: I28e17daf394a4821b13c2cf8726bf72bf30434f9 Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Cc: Marc Zyngier <marc.zyngier(a)arm.com> Cc: Christoffer Dall <christoffer.dall(a)arm.com> Cc: Suzuki Poulose <suzuki.poulose(a)arm.com> Cc: stable(a)vger.kernel.org --- virt/kvm/arm/mmu.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 2ab977edc63c..d0a9dccc3793 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1120,6 +1120,10 @@ static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache, /* Create 2nd stage page table mapping - Level 3 */ old_pte = *pte; if (pte_present(old_pte)) { + /* Skip page table update if there is no change */ + if (pte_val(old_pte) == pte_val(*new_pte)) + goto out; + kvm_set_pte(pte, __pte(0)); kvm_tlb_flush_vmid_ipa(kvm, addr); } else { @@ -1127,6 +1131,7 @@ static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache, } kvm_set_pte(pte, *new_pte); +out: return 0; } -- 2.18.0

7 years, 1 month

2
1
0 0

FAILED: patch "[PATCH] i2c: xlp9xx: Fix case where SSIF read transaction completes" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5eb173f5c8f3a3cdc47b3952c368f10a28c81ab8 Mon Sep 17 00:00:00 2001 From: George Cherian <george.cherian(a)cavium.com> Date: Wed, 8 Aug 2018 23:36:48 -0700 Subject: [PATCH] i2c: xlp9xx: Fix case where SSIF read transaction completes early During ipmi stress tests we see occasional failure of transactions at the boot time. This happens in the case of a I2C_M_RECV_LEN transactions, when the read transfer completes (with the initial read length of 34) before the driver gets a chance to handle interrupts. The current driver code expects at least 2 interrupts for I2C_M_RECV_LEN transactions. The length is updated during the first interrupt, and the buffer contents are only copied during subsequent interrupts. In case of just one interrupt, we will complete the transaction without copying out the bytes from RX fifo. Update the code to drain the RX fifo after the length update, so that the transaction completes correctly in all cases. Signed-off-by: George Cherian <george.cherian(a)cavium.com> Signed-off-by: Wolfram Sang <wsa(a)the-dreams.de> Cc: stable(a)kernel.org diff --git a/drivers/i2c/busses/i2c-xlp9xx.c b/drivers/i2c/busses/i2c-xlp9xx.c index 1f41a4f89c08..8a873975cf12 100644 --- a/drivers/i2c/busses/i2c-xlp9xx.c +++ b/drivers/i2c/busses/i2c-xlp9xx.c @@ -191,28 +191,43 @@ static void xlp9xx_i2c_drain_rx_fifo(struct xlp9xx_i2c_dev *priv) if (priv->len_recv) { /* read length byte */ rlen = xlp9xx_read_i2c_reg(priv, XLP9XX_I2C_MRXFIFO); + + /* + * We expect at least 2 interrupts for I2C_M_RECV_LEN + * transactions. The length is updated during the first + * interrupt, and the buffer contents are only copied + * during subsequent interrupts. If in case the interrupts + * get merged we would complete the transaction without + * copying out the bytes from RX fifo. To avoid this now we + * drain the fifo as and when data is available. + * We drained the rlen byte already, decrement total length + * by one. + */ + + len--; if (rlen > I2C_SMBUS_BLOCK_MAX || rlen == 0) { rlen = 0; /*abort transfer */ priv->msg_buf_remaining = 0; priv->msg_len = 0; - } else { - *buf++ = rlen; - if (priv->client_pec) - ++rlen; /* account for error check byte */ - /* update remaining bytes and message length */ - priv->msg_buf_remaining = rlen; - priv->msg_len = rlen + 1; + xlp9xx_i2c_update_rlen(priv); + return; } + + *buf++ = rlen; + if (priv->client_pec) + ++rlen; /* account for error check byte */ + /* update remaining bytes and message length */ + priv->msg_buf_remaining = rlen; + priv->msg_len = rlen + 1; xlp9xx_i2c_update_rlen(priv); priv->len_recv = false; - } else { - len = min(priv->msg_buf_remaining, len); - for (i = 0; i < len; i++, buf++) - *buf = xlp9xx_read_i2c_reg(priv, XLP9XX_I2C_MRXFIFO); - - priv->msg_buf_remaining -= len; } + len = min(priv->msg_buf_remaining, len); + for (i = 0; i < len; i++, buf++) + *buf = xlp9xx_read_i2c_reg(priv, XLP9XX_I2C_MRXFIFO); + + priv->msg_buf_remaining -= len; priv->msg_buf = buf; if (priv->msg_buf_remaining)

7 years, 1 month

2
1
0 0

FAILED: patch "[PATCH] scsi: qedi: Fix a potential buffer overflow" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 15d258674b5c91b9c1ae11264624d5c0d0675e8f Mon Sep 17 00:00:00 2001 From: Bart Van Assche <bart.vanassche(a)wdc.com> Date: Thu, 26 Jul 2018 14:10:37 -0700 Subject: [PATCH] scsi: qedi: Fix a potential buffer overflow Tell snprintf() to store at most 255 characters in the output buffer instead of 256. This patch avoids that smatch reports the following warning: drivers/scsi/qedi/qedi_main.c:891: qedi_get_boot_tgt_info() error: snprintf() is printing too much 256 vs 255 Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: <QLogic-Storage-Upstream(a)cavium.com> Cc: <stable(a)vger.kernel.org> Acked-by: Nilesh Javali <nilesh.javali(a)cavium.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c index 091ec1207bea..cff83b9457f7 100644 --- a/drivers/scsi/qedi/qedi_main.c +++ b/drivers/scsi/qedi/qedi_main.c @@ -888,7 +888,7 @@ static void qedi_get_boot_tgt_info(struct nvm_iscsi_block *block, ipv6_en = !!(block->generic.ctrl_flags & NVM_ISCSI_CFG_GEN_IPV6_ENABLED); - snprintf(tgt->iscsi_name, NVM_ISCSI_CFG_ISCSI_NAME_MAX_LEN, "%s\n", + snprintf(tgt->iscsi_name, sizeof(tgt->iscsi_name), "%s\n", block->target[index].target_name.byte); tgt->ipv6_en = ipv6_en;

7 years, 1 month

1
0
0 0

our mobile apps design

by Jack Dike

Do you need mobile apps development? We can do it for you. We are an India base company. Here are the details about us: Years in business: 8 Staffs: 125 App developed: 350 We work on Android, iOS, Ionic, and PhoneGap platforms, we have clients across different kind of industries. Such like retail, media and entertainment, BFSI, hospitality, social media, eCommerce, food and beverages, etc. We do below: Mobile Apps Mobile App UI/UX designing App Maintenance and Support Website or ecommerce portal development Please reply back if you are interested in what we do. We will share our portfolios to you. Regards, Jack

7 years, 1 month

1
0
0 0

mobile apps for you

by Jack Dike

Do you need mobile apps development? We can do it for you. We are an India base company. Here are the details about us: Years in business: 8 Staffs: 125 App developed: 350 We work on Android, iOS, Ionic, and PhoneGap platforms, we have clients across different kind of industries. Such like retail, media and entertainment, BFSI, hospitality, social media, eCommerce, food and beverages, etc. We do below: Mobile Apps Mobile App UI/UX designing App Maintenance and Support Website or ecommerce portal development Please reply back if you are interested in what we do. We will share our portfolios to you. Regards, Jack

7 years, 1 month

1
0
0 0

patch "tty: serial: 8250: Revert NXP SC16C2552 workaround" added to tty-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tty: serial: 8250: Revert NXP SC16C2552 workaround to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 47ac76662ca9c5852fd353093f19de3ae85f2e66 Mon Sep 17 00:00:00 2001 From: Mark <dmarkh(a)cfl.rr.com> Date: Sun, 12 Aug 2018 11:47:16 -0400 Subject: tty: serial: 8250: Revert NXP SC16C2552 workaround Revert commit ecb988a3b7985913d1f0112f66667cdd15e40711: tty: serial: 8250: 8250_core: NXP SC16C2552 workaround The above commit causes userland application to no longer write correctly its first write to a dumb terminal connected to /dev/ttyS0. This commit seems to be the culprit. It's as though the TX FIFO is being reset during that write. What should be displayed is: PSW 80000000 INST 00000000 HALT // What is displayed is some variation of: T 00000000 HAL// Reverting this commit via this patch fixes my problem. Signed-off-by: Mark Hounschell <dmarkh(a)cfl.rr.com> Fixes: ecb988a3b798 ("tty: serial: 8250: 8250_core: NXP SC16C2552 workaround") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/8250/8250_port.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c index 8d863004c0da..3f779d25ec0c 100644 --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -90,8 +90,7 @@ static const struct serial8250_config uart_config[] = { .name = "16550A", .fifo_size = 16, .tx_loadsz = 16, - .fcr = UART_FCR_ENABLE_FIFO | UART_FCR_R_TRIG_10 | - UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT, + .fcr = UART_FCR_ENABLE_FIFO | UART_FCR_R_TRIG_10, .rxtrig_bytes = {1, 4, 8, 14}, .flags = UART_CAP_FIFO, }, -- 2.18.0

7 years, 1 month

1
0
0 0

the mobile apps

by Jack Dike

Do you need mobile apps development? We can do it for you. We are an India base company. Here are the details about us: Years in business: 8 Staffs: 125 App developed: 350 We work on Android, iOS, Ionic, and PhoneGap platforms, we have clients across different kind of industries. Such like retail, media and entertainment, BFSI, hospitality, social media, eCommerce, food and beverages, etc. We do below: Mobile Apps Mobile App UI/UX designing App Maintenance and Support Website or ecommerce portal development Please reply back if you are interested in what we do. We will share our portfolios to you. Regards, Jack

7 years, 1 month

1
0
0 0

[PATCH v2] xtensa: limit offsets in __loop_cache_{all,page}

by Max Filippov

When building kernel for xtensa cores with big cache lines (e.g. 128 bytes or more) __loop_cache_all and __loop_cache_page may generate assembly instructions with immediate fields that are too big. This results in the following build errors: arch/xtensa/mm/misc.S: Assembler messages: arch/xtensa/mm/misc.S:464: Error: operand 2 of 'diwbi' has invalid value '256' arch/xtensa/mm/misc.S:464: Error: operand 2 of 'diwbi' has invalid value '384' arch/xtensa/kernel/head.S: Assembler messages: arch/xtensa/kernel/head.S:172: Error: operand 2 of 'diu' has invalid value '256' arch/xtensa/kernel/head.S:172: Error: operand 2 of 'diu' has invalid value '384' arch/xtensa/kernel/head.S:176: Error: operand 2 of 'iiu' has invalid value '256' arch/xtensa/kernel/head.S:176: Error: operand 2 of 'iiu' has invalid value '384' arch/xtensa/kernel/head.S:255: Error: operand 2 of 'diwb' has invalid value '256' arch/xtensa/kernel/head.S:255: Error: operand 2 of 'diwb' has invalid value '384' Add parameter max_immed to these macros and use it to limit values of immediate operands. Extract common code of these macros into the new macro __loop_cache_unroll. Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> --- Changes v1->v2: - use _index and _reps instead of rep and reps, rewrite assignments through .set as used in other similar cases. arch/xtensa/include/asm/cacheasm.h | 65 +++++++++++++++++++++++--------------- 1 file changed, 40 insertions(+), 25 deletions(-) diff --git a/arch/xtensa/include/asm/cacheasm.h b/arch/xtensa/include/asm/cacheasm.h index 2041abb10a23..2c73b4571226 100644 --- a/arch/xtensa/include/asm/cacheasm.h +++ b/arch/xtensa/include/asm/cacheasm.h @@ -31,16 +31,32 @@ * */ - .macro __loop_cache_all ar at insn size line_width - movi \ar, 0 + .macro __loop_cache_unroll ar at insn size line_width max_immed + + .if (1 << (\line_width)) > (\max_immed) + .set _reps, 1 + .elseif (2 << (\line_width)) > (\max_immed) + .set _reps, 2 + .else + .set _reps, 4 + .endif + + __loopi \ar, \at, \size, (_reps << (\line_width)) + .set _index, 0 + .rep _reps + \insn \ar, _index << (\line_width) + .set _index, _index + 1 + .endr + __endla \ar, \at, _reps << (\line_width) + + .endm + - __loopi \ar, \at, \size, (4 << (\line_width)) - \insn \ar, 0 << (\line_width) - \insn \ar, 1 << (\line_width) - \insn \ar, 2 << (\line_width) - \insn \ar, 3 << (\line_width) - __endla \ar, \at, 4 << (\line_width) + .macro __loop_cache_all ar at insn size line_width max_immed + + movi \ar, 0 + __loop_cache_unroll \ar, \at, \insn, \size, \line_width, \max_immed .endm @@ -57,14 +73,9 @@ .endm - .macro __loop_cache_page ar at insn line_width + .macro __loop_cache_page ar at insn line_width max_immed - __loopi \ar, \at, PAGE_SIZE, 4 << (\line_width) - \insn \ar, 0 << (\line_width) - \insn \ar, 1 << (\line_width) - \insn \ar, 2 << (\line_width) - \insn \ar, 3 << (\line_width) - __endla \ar, \at, 4 << (\line_width) + __loop_cache_unroll \ar, \at, \insn, PAGE_SIZE, \line_width, \max_immed .endm @@ -72,7 +83,8 @@ .macro ___unlock_dcache_all ar at #if XCHAL_DCACHE_LINE_LOCKABLE && XCHAL_DCACHE_SIZE - __loop_cache_all \ar \at diu XCHAL_DCACHE_SIZE XCHAL_DCACHE_LINEWIDTH + __loop_cache_all \ar \at diu XCHAL_DCACHE_SIZE \ + XCHAL_DCACHE_LINEWIDTH 240 #endif .endm @@ -81,7 +93,8 @@ .macro ___unlock_icache_all ar at #if XCHAL_ICACHE_LINE_LOCKABLE && XCHAL_ICACHE_SIZE - __loop_cache_all \ar \at iiu XCHAL_ICACHE_SIZE XCHAL_ICACHE_LINEWIDTH + __loop_cache_all \ar \at iiu XCHAL_ICACHE_SIZE \ + XCHAL_ICACHE_LINEWIDTH 240 #endif .endm @@ -90,7 +103,8 @@ .macro ___flush_invalidate_dcache_all ar at #if XCHAL_DCACHE_SIZE - __loop_cache_all \ar \at diwbi XCHAL_DCACHE_SIZE XCHAL_DCACHE_LINEWIDTH + __loop_cache_all \ar \at diwbi XCHAL_DCACHE_SIZE \ + XCHAL_DCACHE_LINEWIDTH 240 #endif .endm @@ -99,7 +113,8 @@ .macro ___flush_dcache_all ar at #if XCHAL_DCACHE_SIZE - __loop_cache_all \ar \at diwb XCHAL_DCACHE_SIZE XCHAL_DCACHE_LINEWIDTH + __loop_cache_all \ar \at diwb XCHAL_DCACHE_SIZE \ + XCHAL_DCACHE_LINEWIDTH 240 #endif .endm @@ -109,7 +124,7 @@ #if XCHAL_DCACHE_SIZE __loop_cache_all \ar \at dii __stringify(DCACHE_WAY_SIZE) \ - XCHAL_DCACHE_LINEWIDTH + XCHAL_DCACHE_LINEWIDTH 1020 #endif .endm @@ -119,7 +134,7 @@ #if XCHAL_ICACHE_SIZE __loop_cache_all \ar \at iii __stringify(ICACHE_WAY_SIZE) \ - XCHAL_ICACHE_LINEWIDTH + XCHAL_ICACHE_LINEWIDTH 1020 #endif .endm @@ -166,7 +181,7 @@ .macro ___flush_invalidate_dcache_page ar as #if XCHAL_DCACHE_SIZE - __loop_cache_page \ar \as dhwbi XCHAL_DCACHE_LINEWIDTH + __loop_cache_page \ar \as dhwbi XCHAL_DCACHE_LINEWIDTH 1020 #endif .endm @@ -175,7 +190,7 @@ .macro ___flush_dcache_page ar as #if XCHAL_DCACHE_SIZE - __loop_cache_page \ar \as dhwb XCHAL_DCACHE_LINEWIDTH + __loop_cache_page \ar \as dhwb XCHAL_DCACHE_LINEWIDTH 1020 #endif .endm @@ -184,7 +199,7 @@ .macro ___invalidate_dcache_page ar as #if XCHAL_DCACHE_SIZE - __loop_cache_page \ar \as dhi XCHAL_DCACHE_LINEWIDTH + __loop_cache_page \ar \as dhi XCHAL_DCACHE_LINEWIDTH 1020 #endif .endm @@ -193,7 +208,7 @@ .macro ___invalidate_icache_page ar as #if XCHAL_ICACHE_SIZE - __loop_cache_page \ar \as ihi XCHAL_ICACHE_LINEWIDTH + __loop_cache_page \ar \as ihi XCHAL_ICACHE_LINEWIDTH 1020 #endif .endm -- 2.11.0

7 years, 1 month

1
0
0 0

Linux 3.18.111

by Greg KH

I'm announcing the release of the 3.18.111 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/device-mapper/thin-provisioning.txt | 8 Makefile | 2 arch/alpha/include/asm/xchg.h | 30 ++- arch/arm/boot/dts/socfpga.dtsi | 2 arch/arm/mach-omap1/clock.c | 6 arch/arm/mach-omap2/pm.c | 4 arch/arm/plat-omap/dmtimer.c | 7 arch/m68k/coldfire/device.c | 12 + arch/mips/include/asm/mach-ath79/ar71xx_regs.h | 2 arch/mips/kernel/ptrace.c | 22 +- arch/mips/kernel/ptrace32.c | 4 arch/mips/kvm/mips.c | 2 arch/mips/txx9/rbtx4939/setup.c | 4 arch/powerpc/include/asm/irq_work.h | 1 arch/powerpc/perf/core-book3s.c | 25 ++ arch/powerpc/sysdev/mpic.c | 2 arch/sh/kernel/entry-common.S | 2 arch/sparc/include/asm/atomic_64.h | 6 arch/x86/kernel/smpboot.c | 1 arch/x86/kvm/vmx.c | 20 +- arch/x86/kvm/x86.c | 7 arch/x86/power/hibernate_32.c | 2 arch/x86/power/hibernate_64.c | 2 drivers/acpi/acpi_pad.c | 3 drivers/acpi/acpica/evevent.c | 9 drivers/acpi/acpica/nseval.c | 8 drivers/acpi/processor_perflib.c | 2 drivers/ata/libata-core.c | 4 drivers/block/paride/pcd.c | 2 drivers/cdrom/cdrom.c | 3 drivers/cdrom/gdrom.c | 3 drivers/clk/samsung/clk-exynos3250.c | 4 drivers/clk/samsung/clk-exynos5250.c | 8 drivers/clk/samsung/clk-exynos5260.c | 2 drivers/clk/samsung/clk-s3c2410.c | 16 - drivers/clocksource/fsl_ftm_timer.c | 2 drivers/dma/pl330.c | 6 drivers/firewire/ohci.c | 8 drivers/firmware/dmi_scan.c | 22 -- drivers/gpu/drm/exynos/regs-fimc.h | 2 drivers/hid/hid-roccat-kovaplus.c | 2 drivers/hwmon/nct6775.c | 10 - drivers/hwmon/pmbus/adm1275.c | 4 drivers/hwmon/pmbus/max8688.c | 2 drivers/i2c/busses/i2c-mv64xxx.c | 8 drivers/ide/ide-cd.c | 2 drivers/infiniband/hw/mlx5/qp.c | 5 drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 drivers/irqchip/irq-gic-v3.c | 2 drivers/md/bcache/alloc.c | 4 drivers/md/bcache/bcache.h | 2 drivers/md/bcache/btree.c | 9 drivers/md/bcache/request.c | 2 drivers/md/bcache/super.c | 23 +- drivers/md/bcache/sysfs.c | 11 - drivers/md/bcache/writeback.c | 27 ++ drivers/md/raid1.c | 11 + drivers/md/raid10.c | 6 drivers/media/dvb-core/dmxdev.c | 2 drivers/media/pci/cx23885/cx23885-cards.c | 4 drivers/media/pci/cx23885/cx23885-core.c | 10 + drivers/media/pci/cx25821/cx25821-core.c | 7 drivers/media/platform/s3c-camif/camif-capture.c | 7 drivers/media/usb/em28xx/em28xx.h | 2 drivers/message/fusion/mptctl.c | 2 drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 drivers/net/ethernet/intel/e1000e/mac.c | 2 drivers/net/ethernet/intel/e1000e/netdev.c | 4 drivers/net/ethernet/marvell/mvneta.c | 1 drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 2 drivers/net/phy/dp83640.c | 18 + drivers/net/usb/qmi_wwan.c | 4 drivers/net/usb/r8152.c | 2 drivers/net/usb/smsc75xx.c | 7 drivers/net/virtio_net.c | 2 drivers/net/wireless/ath/ath10k/mac.c | 10 + drivers/parisc/lba_pci.c | 20 +- drivers/pci/pci-driver.c | 17 + drivers/pci/quirks.c | 5 drivers/regulator/of_regulator.c | 1 drivers/rtc/rtc-tx4939.c | 6 drivers/s390/cio/device_fsm.c | 7 drivers/s390/cio/io_sch.h | 1 drivers/scsi/aacraid/commsup.c | 4 drivers/scsi/aacraid/linit.c | 5 drivers/scsi/arm/fas216.c | 2 drivers/scsi/bnx2fc/bnx2fc_io.c | 1 drivers/scsi/lpfc/lpfc_attr.c | 5 drivers/scsi/lpfc/lpfc_hbadisc.c | 5 drivers/scsi/lpfc/lpfc_sli.c | 2 drivers/scsi/qla2xxx/qla_isr.c | 6 drivers/scsi/qla4xxx/ql4_def.h | 2 drivers/scsi/qla4xxx/ql4_os.c | 46 ++++ drivers/scsi/sd.c | 3 drivers/scsi/sr.c | 21 +- drivers/scsi/sym53c8xx_2/sym_hipd.c | 2 drivers/scsi/ufs/ufshcd.c | 2 drivers/staging/rtl8192u/r8192U_core.c | 2 drivers/tty/serial/arc_uart.c | 5 drivers/tty/serial/fsl_lpuart.c | 4 drivers/tty/serial/imx.c | 6 drivers/tty/serial/samsung.c | 4 drivers/tty/serial/xilinx_uartps.c | 2 drivers/usb/dwc2/core.h | 2 drivers/usb/dwc3/core.h | 2 drivers/usb/gadget/composite.c | 40 +--- drivers/usb/gadget/function/f_fs.c | 2 drivers/usb/gadget/function/f_uac2.c | 2 drivers/usb/gadget/udc/fsl_udc_core.c | 4 drivers/usb/gadget/udc/goku_udc.h | 2 drivers/usb/host/ohci-hcd.c | 3 drivers/usb/host/xhci-mem.c | 2 drivers/usb/musb/musb_core.c | 2 drivers/video/fbdev/sbuslib.c | 4 drivers/watchdog/f71808e_wdt.c | 3 drivers/watchdog/sp5100_tco.h | 2 drivers/xen/events/events_base.c | 4 drivers/xen/grant-table.c | 4 drivers/xen/swiotlb-xen.c | 2 drivers/xen/xen-acpi-processor.c | 6 drivers/xen/xenbus/xenbus_probe.c | 5 drivers/zorro/zorro.c | 12 + fs/affs/namei.c | 10 - fs/aio.c | 4 fs/btrfs/ctree.c | 12 - fs/btrfs/disk-io.c | 2 fs/btrfs/extent-tree.c | 1 fs/btrfs/inode.c | 16 - fs/btrfs/send.c | 3 fs/btrfs/tests/qgroup-tests.c | 2 fs/btrfs/tree-log.c | 12 - fs/cifs/cifssmb.c | 4 fs/dcache.c | 22 ++ fs/ecryptfs/inode.c | 3 fs/ext2/namei.c | 6 fs/ext4/namei.c | 6 fs/f2fs/namei.c | 12 - fs/jffs2/dir.c | 12 - fs/jffs2/fs.c | 1 fs/jfs/namei.c | 12 - fs/nfs/nfs4sysctl.c | 2 fs/nilfs2/namei.c | 6 fs/ocfs2/acl.c | 6 fs/ocfs2/super.c | 5 fs/ocfs2/xattr.c | 2 fs/proc/base.c | 29 ++ fs/proc/proc_sysctl.c | 3 fs/reiserfs/namei.c | 12 - fs/udf/namei.c | 6 fs/udf/super.c | 5 fs/ufs/namei.c | 6 fs/xfs/xfs_discard.c | 14 - include/asm-generic/pgtable.h | 15 + include/linux/dcache.h | 1 include/linux/suspend.h | 2 include/linux/usb/composite.h | 3 include/net/llc_conn.h | 2 include/net/mac80211.h | 2 include/net/regulatory.h | 2 include/trace/events/timer.h | 20 +- include/uapi/linux/if_ether.h | 1 kernel/audit.c | 2 kernel/debug/kdb/kdb_main.c | 27 ++ kernel/events/core.c | 3 kernel/power/power.h | 3 kernel/relay.c | 2 kernel/sched/rt.c | 2 kernel/signal.c | 4 mm/ksm.c | 28 ++ mm/mempolicy.c | 36 +++ mm/swapfile.c | 4 mm/vmscan.c | 22 +- net/batman-adv/distributed-arp-table.c | 2 net/batman-adv/fragmentation.c | 3 net/batman-adv/gateway_client.c | 3 net/batman-adv/multicast.c | 4 net/batman-adv/soft-interface.c | 8 net/bridge/netfilter/ebtables.c | 33 ++- net/core/skbuff.c | 9 net/ipv4/ip_vti.c | 2 net/ipv4/tcp_illinois.c | 2 net/ipv6/sit.c | 7 net/llc/llc_c_ac.c | 15 - net/llc/llc_conn.c | 32 ++- net/netlabel/netlabel_unlabeled.c | 10 + net/nfc/llcp_commands.c | 4 net/nfc/netlink.c | 3 scripts/kconfig/expr.c | 2 scripts/kconfig/menu.c | 1 scripts/kconfig/zconf.y | 33 ++- security/integrity/ima/ima_crypto.c | 2 security/integrity/ima/ima_main.c | 13 + sound/core/vmaster.c | 5 sound/soc/au1x/ac97c.c | 6 tools/lib/traceevent/parse-filter.c | 10 - tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_string.tc | 46 ++++ tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_syntax.tc | 97 ++++++++++ tools/testing/selftests/ftrace/test.d/kprobe/probepoint.tc | 43 ++++ tools/testing/selftests/memfd/config | 1 tools/thermal/tmon/sysfs.c | 12 - tools/thermal/tmon/tmon.c | 1 201 files changed, 1218 insertions(+), 395 deletions(-) Al Viro (3): affs_lookup(): close a race with affs_remove_link() aio: fix io_destroy(2) vs. lookup_ioctx() race do d_instantiate/unlock_new_inode combinations safely Alex Estrin (1): IB/ipoib: Fix for potential no-carrier state Alex Williamson (1): PCI: Add function 1 DMA alias quirk for Marvell 9128 Alexey Dobriyan (1): proc: fix /proc/*/map_files lookup Anders Roxell (1): selftests: memfd: add config fragment for fuse Andrea Parri (2): locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs Andrzej Hajda (4): clk: samsung: s3c2410: Fix PLL rates clk: samsung: exynos5260: Fix PLL rates clk: samsung: exynos5250: Fix PLL rates clk: samsung: exynos3250: Fix PLL rates Anna-Maria Gleixner (1): tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account Arnd Bergmann (4): scsi: fas216: fix sense buffer initialization x86/power: Fix swsusp_arch_resume prototype cifs: silence compiler warnings showing up with gcc-8.0.0 media: s3c-camif: fix out-of-bounds array access Arvind Yadav (1): xen: xenbus: use put_device() instead of kfree() Bart Van Assche (1): scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() Benjamin Poirier (1): e1000e: Fix check_for_link return value with autoneg off Brad Love (3): media: cx23885: Override 888 ImpactVCBe crystal frequency media: cx23885: Set subdev host data to clk_freq pointer media: em28xx: USB bulk packet size fix Carlos Maiolino (1): Force log to disk before reading the AGF during a fstrim Chad Dupuis (1): scsi: bnx2fc: Fix check in SCSI completion handler for timed out request Chen Yu (1): ACPI: processor_perflib: Do not send _PPC change notification if not ready Chris Dickens (1): usb: gadget: composite: fix incorrect handling of OS desc requests Christophe JAILLET (1): regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' Claudio Imbrenda (1): mm/ksm: fix interaction with THP Colin Ian King (5): KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" clocksource/drivers/fsl_ftm_timer: Fix error return checking staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr rtc: tx4939: avoid unintended sign extension on a 24 bit shift media: cx25821: prevent out-of-bounds read on array card Coly Li (2): bcache: properly set task state in bch_writeback_thread() bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set Cong Wang (1): llc: properly handle dev_queue_xmit() return value Dan Carpenter (5): ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() scsi: sym53c8xx_2: iterator underflow in sym_getsync() scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() xen/acpi: off by one in read_acpi_id() Danilo Krummrich (1): fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table Dave Carroll (1): scsi: aacraid: Insure command thread is not recursively stopped David Rientjes (1): kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE David S. Miller (1): sparc64: Make atomic_xchg() an inline function rather than a macro. Davidlohr Bueso (1): sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning Eric Dumazet (2): smsc75xx: fix smsc75xx_set_features() r8152: fix tx packets accounting Erik Schmauss (1): ACPICA: Events: add a return on failure from acpi_hw_register_read Esben Haabendal (1): dp83640: Ensure against premature access to PHY registers after reset Felix Fietkau (1): mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 Filipe Manana (2): Btrfs: send, fix issuing write op when processing hole in no data mode Btrfs: fix copy_items() return value when logging an inode Florian Westphal (2): netfilter: ebtables: convert BUG_ONs to WARN_ONs netfilter: ebtables: fix erroneous reject of last rule Frank Asseg (1): tools/thermal: tmon: fix for segfault Fredrik Noring (1): USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM Geert Uytterhoeven (6): ARM: OMAP1: clock: Fix debugfs_create_*() usage serial: xuartps: Fix out-of-bounds access through DT alias serial: samsung: Fix out-of-bounds access through serial port index serial: imx: Fix out-of-bounds access through serial port index serial: fsl_lpuart: Fix out-of-bounds access through DT alias serial: arc_uart: Fix out-of-bounds access through DT alias Giuseppe Lippolis (1): net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 Greg Kroah-Hartman (1): Linux 3.18.111 Greg Ungerer (1): m68k: set dma and coherent masks for platform FEC ethernets Gregory CLEMENT (1): i2c: mv64xxx: Apply errata delay only in standard mode Grigor Tovmasyan (1): usb: dwc2: Fix interval type issue Guenter Roeck (4): watchdog: sp5100_tco: Fix watchdog disable bit hwmon: (nct6775) Fix writing pwmX_mode hwmon: (pmbus/max8688) Accept negative page register values hwmon: (pmbus/adm1275) Accept negative page register values Hector Martin (1): firewire-ohci: work around oversized DMA reads on JMicron controllers Helge Deller (1): parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode Huang Ying (1): mm: fix races between address_space dereference and free in page_evicatable Igor Pylypiv (1): watchdog: f71808e_wdt: Fix magic close handling Jake Daryll Obina (1): jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path James Smart (3): scsi: lpfc: Fix issue_lip if link is disabled scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing scsi: lpfc: Fix frequency of Release WQE CQEs Jan Chochol (1): nfs: Do not convert nfs_idmap_cache_timeout to jiffies Jan Kara (1): udf: Provide saner default for invalid uid / gid Jay Vosburgh (1): virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS Jean Delvare (1): firmware: dmi_scan: Fix handling of empty DMI strings Jeff Mahoney (1): btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers Jens Axboe (1): sr: get/drop reference to device in revalidate and check_events Jeremy Cline (1): scsi: sd: Keep disk read-only when re-reading partition Joe Jin (1): xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent Joey Pabalinas (1): net/tcp/illinois: replace broken algorithm reference link Johannes Berg (1): regulatory: add NUL to request alpha2 John Keeping (1): usb: gadget: f_uac2: fix bFirstInterface in composite gadget Karthikeyan Periyasamy (1): ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) Kees Cook (1): NFC: llcp: Limit size of SDP URI Kirill A. Shutemov (1): asm-generic: provide generic_pmdp_establish() Lars-Peter Clausen (1): usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS Lenny Szubowicz (1): ACPI: acpi_pad: Fix memory leak in power saving threads Leon Romanovsky (2): RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure net/mlx5: Protect from command bit overflow Linus Lüssing (2): batman-adv: fix multicast-via-unicast transmission with AP isolation batman-adv: fix packet loss for broadcasted DHCP packets to a server Liu Bo (2): Btrfs: bail out on error during replay_dir_deletes Btrfs: fix NULL pointer dereference in log_dir_items Maciej W. Rozycki (2): MIPS: ptrace: Expose FIR register through FP regset MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs Madhavan Srinivasan (1): powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer Manish Rangankar (1): scsi: qla4xxx: skip error recovery in case of register disconnect. Mark Salter (1): irqchip/gic-v3: Change pr_debug message to pr_devel Masami Hiramatsu (3): selftests: ftrace: Add probe event argument syntax testcase selftests: ftrace: Add a testcase for string type with kprobe_event selftests: ftrace: Add a testcase for probepoint Mathias Kresin (1): MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset Mathias Nyman (1): xhci: zero usb device slot_id member when disabling and freeing a xhci slot Mathieu Malaterre (1): powerpc: Add missing prototype for arch_irq_work_raise() Matt Redfearn (1): MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS Matthias Schiffer (3): batman-adv: fix packet checksum in receive path batman-adv: invalidate checksum on fragment reassembly batman-adv: fix header size check in batadv_dbg_arp() Maurizio Lombardi (1): cdrom: do not call check_disk_change() inside cdrom_open() Mauro Carvalho Chehab (1): media: dmxdev: fix error code for invalid ioctls Meelis Roos (1): scsi: aacraid: fix shutdown crash when init fails Mel Gorman (1): mm: pin address_space before dereferencing it while isolating an LRU page Merlijn Wajer (1): usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers Michael Ellerman (2): powerpc/mpic: Check if cpu_possible() in mpic_physmask() powerpc/perf: Fix kernel address leak via sampling registers Michael Schmitz (1): zorro: Set up z->dev.dma_mask for the DMA API Nikolay Borisov (2): btrfs: Fix out of bounds access in btrfs_search_slot btrfs: Fix possible softlock on single core machines Paolo Bonzini (1): kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl Pawel Dembicki (1): net: qmi_wwan: add BroadMobi BM806U 2020:2033 Peter Malone (1): fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). Peter Zijlstra (1): perf/core: Fix perf_output_read_group() Petr Vorel (1): ima: Fallback to the builtin hash algorithm Philipp Puschmann (1): arm: dts: socfpga: fix GIC PPI warning Pierre-Yves Kerbrat (1): e1000e: allocate ring descriptors with dma_zalloc_coherent Qi Hou (1): dmaengine: pl330: fix a race condition in case of threaded irqs Qu Wenruo (1): btrfs: tests/qgroup: Fix wrong tree backref level Rafael J. Wysocki (1): PCI: Restore config space on runtime resume despite being unbound Randy Dunlap (1): kdb: make "mdr" command repeat Rich Felker (1): sh: fix debug trap failure to process signals before return to user Richard Guy Briggs (1): audit: return on memory error to avoid null pointer dereference Richard Haines (1): netlabel: If PF_INET6, check sk_buff ip header version Roger Pau Monne (1): xen/pirq: fix error path cleanup when binding MSIs Ross Lagerwall (1): xen/grant-table: Use put_page instead of free_page Samuel Neves (1): x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations Sean Christopherson (1): KVM: VMX: raise internal error for exception during invalid protected mode state Sebastian Ott (2): s390/cio: fix return code after missing interrupt s390/cio: clear timer when terminating driver I/O Seunghun Han (1): ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c Stefan Agner (1): usb: gadget: fsl_udc_core: fix ep valid checks Stefano Brivio (2): vti4: Don't count header length twice on tunnel setup vti4: Don't override MTU passed on link creation via IFLA_MTU Steven Rostedt (VMware) (1): tools lib traceevent: Fix get_field_str() for dynamic strings Sujit Reddy Thumma (1): scsi: ufs: Enable quirk to ignore sending WRITE_SAME command Takashi Iwai (1): ALSA: vmaster: Propagate slave error Tang Junhui (4): bcache: fix for allocator and register thread race bcache: fix for data collapse after re-attaching an attached device bcache: return attach error when no cache set exist bcache: fix kcrashes with fio in RAID5 backend dev Tejun Heo (1): libata: Blacklist some Sandisk SSDs for NCQ Thinh Nguyen (1): usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields Thomas Vincent-Cross (1): PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 Tom Abraham (1): swap: divide-by-zero when zero length swap file on ssd Tony Lindgren (2): ARM: OMAP3: Fix prm wake interrupt for resume ARM: OMAP: Fix dmtimer init for omap1 Toshiaki Makita (2): net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off net: Fix untag for vlan packets without ethernet header Ulf Magnusson (3): kconfig: Don't leak main menus during parsing kconfig: Fix automatic menu creation mem leak kconfig: Fix expr_free() E_NOT leak Wolfram Sang (2): drm/exynos: fix comparison to bitshift when dealing with a mask usb: gadget: udc: change comparison to bitshift when dealing with a mask Xin Long (1): sit: fix IFLA_MTU ignored on NEWLINK Yelena Krivosheev (1): net: mvneta: fix enable of all initialized RXQs Yisheng Xie (3): mm/mempolicy: fix the check of nodemask from user mm/mempolicy: add nodes_empty check in SYSC_migrate_pages mm/mempolicy.c: avoid use uninitialized preferred_node Yufen Yu (2): md raid10: fix NULL deference in handle_write_completed() md/raid1: fix NULL pointer dereference mulhern (1): dm thin: fix documentation relative to low water mark threshold piaojun (2): ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute zhongjiang (1): kernel/signal.c: avoid undefined behaviour in kill_something_info

7 years, 1 month

5
11
0 0

FAILED: patch "[PATCH] IB/core: Make testing MR flags for writability a static" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 08bb558ac11ab944e0539e78619d7b4c356278bd Mon Sep 17 00:00:00 2001 From: Jack Morgenstein <jackm(a)dev.mellanox.co.il> Date: Wed, 23 May 2018 15:30:30 +0300 Subject: [PATCH] IB/core: Make testing MR flags for writability a static inline function Make the MR writability flags check, which is performed in umem.c, a static inline function in file ib_verbs.h This allows the function to be used by low-level infiniband drivers. Cc: <stable(a)vger.kernel.org> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> Signed-off-by: Jack Morgenstein <jackm(a)dev.mellanox.co.il> Signed-off-by: Leon Romanovsky <leonro(a)mellanox.com> diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c index 2b6c9b516070..d76455edd292 100644 --- a/drivers/infiniband/core/umem.c +++ b/drivers/infiniband/core/umem.c @@ -119,16 +119,7 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr, umem->length = size; umem->address = addr; umem->page_shift = PAGE_SHIFT; - /* - * We ask for writable memory if any of the following - * access flags are set. "Local write" and "remote write" - * obviously require write access. "Remote atomic" can do - * things like fetch and add, which will modify memory, and - * "MW bind" can change permissions by binding a window. - */ - umem->writable = !!(access & - (IB_ACCESS_LOCAL_WRITE | IB_ACCESS_REMOTE_WRITE | - IB_ACCESS_REMOTE_ATOMIC | IB_ACCESS_MW_BIND)); + umem->writable = ib_access_writable(access); if (access & IB_ACCESS_ON_DEMAND) { ret = ib_umem_odp_get(context, umem, access); diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h index 9fc8a825aa28..20fa5c591e81 100644 --- a/include/rdma/ib_verbs.h +++ b/include/rdma/ib_verbs.h @@ -3734,6 +3734,20 @@ static inline int ib_check_mr_access(int flags) return 0; } +static inline bool ib_access_writable(int access_flags) +{ + /* + * We have writable memory backing the MR if any of the following + * access flags are set. "Local write" and "remote write" obviously + * require write access. "Remote atomic" can do things like fetch and + * add, which will modify memory, and "MW bind" can change permissions + * by binding a window. + */ + return access_flags & + (IB_ACCESS_LOCAL_WRITE | IB_ACCESS_REMOTE_WRITE | + IB_ACCESS_REMOTE_ATOMIC | IB_ACCESS_MW_BIND); +} + /** * ib_check_mr_status: lightweight check of MR status. * This routine may provide status checks on a selected

7 years, 1 month

4
4
0 0

patch "Revert NXP SC16C2552 workaround" added to tty-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Revert NXP SC16C2552 workaround to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the tty-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 09c46f3f2f82df132e97ee21702e7a31d6143ed6 Mon Sep 17 00:00:00 2001 From: Mark <dmarkh(a)cfl.rr.com> Date: Sun, 12 Aug 2018 11:47:16 -0400 Subject: Revert NXP SC16C2552 workaround Revert commit ecb988a3b7985913d1f0112f66667cdd15e40711: tty: serial: 8250: 8250_core: NXP SC16C2552 workaround The above commit causes userland application to no longer write correctly its first write to a dumb terminal connected to /dev/ttyS0. This commit seems to be the culprit. It's as though the TX FIFO is being reset during that write. What should be displayed is: PSW 80000000 INST 00000000 HALT // What is displayed is some variation of: T 00000000 HAL// Reverting this commit via this patch fixes my problem. Signed-off-by: Mark Hounschell <dmarkh(a)cfl.rr.com> Fixes: ecb988a3b798 ("tty: serial: 8250: 8250_core: NXP SC16C2552 workaround") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/8250/8250_port.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c index 8d863004c0da..3f779d25ec0c 100644 --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -90,8 +90,7 @@ static const struct serial8250_config uart_config[] = { .name = "16550A", .fifo_size = 16, .tx_loadsz = 16, - .fcr = UART_FCR_ENABLE_FIFO | UART_FCR_R_TRIG_10 | - UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT, + .fcr = UART_FCR_ENABLE_FIFO | UART_FCR_R_TRIG_10, .rxtrig_bytes = {1, 4, 8, 14}, .flags = UART_CAP_FIFO, }, -- 2.18.0

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From fdcb613d49321b5bf5d5a1bd0fba8e7c241dcc70 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Thu, 26 Apr 2018 14:10:24 +0200 Subject: [PATCH] ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices The LPSS PWM device on on Bay Trail and Cherry Trail devices has a set of private registers at offset 0x800, the current lpss_device_desc for them already sets the LPSS_SAVE_CTX flag to have these saved/restored over device-suspend, but the current lpss_device_desc was not setting the prv_offset field, leading to the regular device registers getting saved/restored instead. This is causing the PWM controller to no longer work, resulting in a black screen, after a suspend/resume on systems where the firmware clears the APB clock and reset bits at offset 0x804. This commit fixes this by properly setting prv_offset to 0x800 for the PWM devices. Cc: stable(a)vger.kernel.org Fixes: e1c748179754 ("ACPI / LPSS: Add Intel BayTrail ACPI mode PWM") Fixes: 1bfbd8eb8a7f ("ACPI / LPSS: Add ACPI IDs for Intel Braswell") Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Acked-by: Rafael J . Wysocki <rjw(a)rjwysocki.net> Signed-off-by: Thierry Reding <thierry.reding(a)gmail.com> diff --git a/drivers/acpi/acpi_lpss.c b/drivers/acpi/acpi_lpss.c index 2bcffec8dbf0..c4ba9164e582 100644 --- a/drivers/acpi/acpi_lpss.c +++ b/drivers/acpi/acpi_lpss.c @@ -229,11 +229,13 @@ static const struct lpss_device_desc lpt_sdio_dev_desc = { static const struct lpss_device_desc byt_pwm_dev_desc = { .flags = LPSS_SAVE_CTX, + .prv_offset = 0x800, .setup = byt_pwm_setup, }; static const struct lpss_device_desc bsw_pwm_dev_desc = { .flags = LPSS_SAVE_CTX | LPSS_NO_D3_DELAY, + .prv_offset = 0x800, .setup = bsw_pwm_setup, };

7 years, 1 month

3
2
0 0

FAILED: patch "[PATCH] tpm: fix race condition in tpm_common_write()" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3ab2011ea368ec3433ad49e1b9e1c7b70d2e65df Mon Sep 17 00:00:00 2001 From: Tadeusz Struk <tadeusz.struk(a)intel.com> Date: Tue, 22 May 2018 14:37:18 -0700 Subject: [PATCH] tpm: fix race condition in tpm_common_write() There is a race condition in tpm_common_write function allowing two threads on the same /dev/tpm<N>, or two different applications on the same /dev/tpmrm<N> to overwrite each other commands/responses. Fixed this by taking the priv->buffer_mutex early in the function. Also converted the priv->data_pending from atomic to a regular size_t type. There is no need for it to be atomic since it is only touched under the protection of the priv->buffer_mutex. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Tadeusz Struk <tadeusz.struk(a)intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> diff --git a/drivers/char/tpm/tpm-dev-common.c b/drivers/char/tpm/tpm-dev-common.c index 230b99288024..e4a04b2d3c32 100644 --- a/drivers/char/tpm/tpm-dev-common.c +++ b/drivers/char/tpm/tpm-dev-common.c @@ -37,7 +37,7 @@ static void timeout_work(struct work_struct *work) struct file_priv *priv = container_of(work, struct file_priv, work); mutex_lock(&priv->buffer_mutex); - atomic_set(&priv->data_pending, 0); + priv->data_pending = 0; memset(priv->data_buffer, 0, sizeof(priv->data_buffer)); mutex_unlock(&priv->buffer_mutex); } @@ -46,7 +46,6 @@ void tpm_common_open(struct file *file, struct tpm_chip *chip, struct file_priv *priv) { priv->chip = chip; - atomic_set(&priv->data_pending, 0); mutex_init(&priv->buffer_mutex); timer_setup(&priv->user_read_timer, user_reader_timeout, 0); INIT_WORK(&priv->work, timeout_work); @@ -58,29 +57,24 @@ ssize_t tpm_common_read(struct file *file, char __user *buf, size_t size, loff_t *off) { struct file_priv *priv = file->private_data; - ssize_t ret_size; - ssize_t orig_ret_size; + ssize_t ret_size = 0; int rc; del_singleshot_timer_sync(&priv->user_read_timer); flush_work(&priv->work); - ret_size = atomic_read(&priv->data_pending); - if (ret_size > 0) { /* relay data */ - orig_ret_size = ret_size; - if (size < ret_size) - ret_size = size; + mutex_lock(&priv->buffer_mutex); - mutex_lock(&priv->buffer_mutex); + if (priv->data_pending) { + ret_size = min_t(ssize_t, size, priv->data_pending); rc = copy_to_user(buf, priv->data_buffer, ret_size); - memset(priv->data_buffer, 0, orig_ret_size); + memset(priv->data_buffer, 0, priv->data_pending); if (rc) ret_size = -EFAULT; - mutex_unlock(&priv->buffer_mutex); + priv->data_pending = 0; } - atomic_set(&priv->data_pending, 0); - + mutex_unlock(&priv->buffer_mutex); return ret_size; } @@ -91,17 +85,19 @@ ssize_t tpm_common_write(struct file *file, const char __user *buf, size_t in_size = size; ssize_t out_size; + if (in_size > TPM_BUFSIZE) + return -E2BIG; + + mutex_lock(&priv->buffer_mutex); + /* Cannot perform a write until the read has cleared either via * tpm_read or a user_read_timer timeout. This also prevents split * buffered writes from blocking here. */ - if (atomic_read(&priv->data_pending) != 0) + if (priv->data_pending != 0) { + mutex_unlock(&priv->buffer_mutex); return -EBUSY; - - if (in_size > TPM_BUFSIZE) - return -E2BIG; - - mutex_lock(&priv->buffer_mutex); + } if (copy_from_user (priv->data_buffer, (void __user *) buf, in_size)) { @@ -132,7 +128,7 @@ ssize_t tpm_common_write(struct file *file, const char __user *buf, return out_size; } - atomic_set(&priv->data_pending, out_size); + priv->data_pending = out_size; mutex_unlock(&priv->buffer_mutex); /* Set a timeout by which the reader must come claim the result */ @@ -149,5 +145,5 @@ void tpm_common_release(struct file *file, struct file_priv *priv) del_singleshot_timer_sync(&priv->user_read_timer); flush_work(&priv->work); file->private_data = NULL; - atomic_set(&priv->data_pending, 0); + priv->data_pending = 0; } diff --git a/drivers/char/tpm/tpm-dev.h b/drivers/char/tpm/tpm-dev.h index ba3b6f9dacf7..b24cfb4d3ee1 100644 --- a/drivers/char/tpm/tpm-dev.h +++ b/drivers/char/tpm/tpm-dev.h @@ -8,7 +8,7 @@ struct file_priv { struct tpm_chip *chip; /* Data passed to and from the tpm via the read/write calls */ - atomic_t data_pending; + size_t data_pending; struct mutex buffer_mutex; struct timer_list user_read_timer; /* user needs to claim result */

7 years, 1 month

3
2
0 0

want to have a try

by Joe

Are you upset for your current business s a l e s? We provide email C A M P A I G N service and we can bring you business l e a d s and up your s a l e s. Please reply today so we can send options for you. Kind Regards, Joe

7 years, 1 month

1
0
0 0

[PATCH] xen/netfront: don't cache skb_shinfo()

by Juergen Gross

skb_shinfo() can change when calling __pskb_pull_tail(): Don't cache its return value. Cc: stable(a)vger.kernel.org Signed-off-by: Juergen Gross <jgross(a)suse.com> --- drivers/net/xen-netfront.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c index 2d8812dd1534..9dd2ca62d84a 100644 --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -894,7 +894,6 @@ static RING_IDX xennet_fill_frags(struct netfront_queue *queue, struct sk_buff *skb, struct sk_buff_head *list) { - struct skb_shared_info *shinfo = skb_shinfo(skb); RING_IDX cons = queue->rx.rsp_cons; struct sk_buff *nskb; @@ -903,15 +902,16 @@ static RING_IDX xennet_fill_frags(struct netfront_queue *queue, RING_GET_RESPONSE(&queue->rx, ++cons); skb_frag_t *nfrag = &skb_shinfo(nskb)->frags[0]; - if (shinfo->nr_frags == MAX_SKB_FRAGS) { + if (skb_shinfo(skb)->nr_frags == MAX_SKB_FRAGS) { unsigned int pull_to = NETFRONT_SKB_CB(skb)->pull_to; BUG_ON(pull_to <= skb_headlen(skb)); __pskb_pull_tail(skb, pull_to - skb_headlen(skb)); } - BUG_ON(shinfo->nr_frags >= MAX_SKB_FRAGS); + BUG_ON(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS); - skb_add_rx_frag(skb, shinfo->nr_frags, skb_frag_page(nfrag), + skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, + skb_frag_page(nfrag), rx->offset, rx->status, PAGE_SIZE); skb_shinfo(nskb)->nr_frags = 0; -- 2.13.7

7 years, 1 month

3
2
0 0

[for-next][PATCH 33/34] uprobes: Use synchronize_rcu() not synchronize_sched()

by Steven Rostedt

From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> While debugging another bug, I was looking at all the synchronize*() functions being used in kernel/trace, and noticed that trace_uprobes was using synchronize_sched(), with a comment to synchronize with {u,ret}_probe_trace_func(). When looking at those functions, the data is protected with "rcu_read_lock()" and not with "rcu_read_lock_sched()". This is using the wrong synchronize_*() function. Link: http://lkml.kernel.org/r/20180809160553.469e1e32@gandalf.local.home Cc: stable(a)vger.kernel.org Fixes: 70ed91c6ec7f8 ("tracing/uprobes: Support ftrace_event_file base multibuffer") Acked-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_uprobe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index bf89a51e740d..ac02fafc9f1b 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -952,7 +952,7 @@ probe_event_disable(struct trace_uprobe *tu, struct trace_event_file *file) list_del_rcu(&link->list); /* synchronize with u{,ret}probe_trace_func */ - synchronize_sched(); + synchronize_rcu(); kfree(link); if (!list_empty(&tu->tp.files)) -- 2.18.0

7 years, 1 month

1
0
0 0

[for-next][PATCH 18/34] tracing: Do not call start/stop() functions when tracing_on does not change

by Steven Rostedt

From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> Currently, when one echo's in 1 into tracing_on, the current tracer's "start()" function is executed, even if tracing_on was already one. This can lead to strange side effects. One being that if the hwlat tracer is enabled, and someone does "echo 1 > tracing_on" into tracing_on, the hwlat tracer's start() function is called again which will recreate another kernel thread, and make it unable to remove the old one. Link: http://lkml.kernel.org/r/1533120354-22923-1-git-send-email-erica.bugden@lin… Cc: stable(a)vger.kernel.org Fixes: 2df8f8a6a897e ("tracing: Fix regression with irqsoff tracer and tracing_on file") Reported-by: Erica Bugden <erica.bugden(a)linutronix.de> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 823687997b01..2378bb4f1442 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -7628,7 +7628,9 @@ rb_simple_write(struct file *filp, const char __user *ubuf, if (buffer) { mutex_lock(&trace_types_lock); - if (val) { + if (!!val == tracer_tracing_is_on(tr)) { + val = 0; /* do nothing */ + } else if (val) { tracer_tracing_on(tr); if (tr->current_trace->start) tr->current_trace->start(tr); -- 2.18.0

7 years, 1 month

1
0
0 0

[PATCH] i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes

by Hans de Goede

acpi_gsb_i2c_write_bytes() returns i2c_transfer()'s return value, which is the number of transfers executed on success, so 1. The ACPI code expects us to store 0 in gsb->status for success, not 1. Specifically this breaks the following code in the Thinkpad 8 DSDT: ECWR = I2CW = ECWR /* \_SB_.I2C1.BAT0.ECWR */ If ((ECST == Zero)) { ECRD = I2CR /* \_SB_.I2C1.I2CR */ } Before this commit we set ECST to 1, causing the read to never happen breaking battery monitoring on the Thinkpad 8. Note the Thinkpad 8 also has some unrelated issues where i2c transfers are unreliable. This commit sets status to 0 if it was bigger then 0 (so success), mirroring the multi-byte read path, fixing this. Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/i2c/i2c-core-acpi.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c index 7c3b4740b94b..10ad851bd277 100644 --- a/drivers/i2c/i2c-core-acpi.c +++ b/drivers/i2c/i2c-core-acpi.c @@ -595,6 +595,8 @@ i2c_acpi_space_handler(u32 function, acpi_physical_address command, } else { status = acpi_gsb_i2c_write_bytes(client, command, gsb->data, info->access_length); + if (status > 0) + status = 0; } break; -- 2.18.0

7 years, 1 month

3
2
0 0

[PATCH] xtensa: increase ranges in ___invalidate_{i,d}cache_all

by Max Filippov

Cache invalidation macros use cache line size to iterate over invalidated cache lines, assuming that all cache ways are invalidated by single instruction, but xtensa ISA recommends to not assume that for future compatibility: In some implementations all ways at index Addry-1..z are invalidated regardless of the specified way, but for future compatibility this behavior should not be assumed. Iterate over all cache ways in ___invalidate_icache_all and ___invalidate_dcache_all. Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> --- arch/xtensa/include/asm/cacheasm.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/xtensa/include/asm/cacheasm.h b/arch/xtensa/include/asm/cacheasm.h index 5dd57c5db76c..e23069bcd8fb 100644 --- a/arch/xtensa/include/asm/cacheasm.h +++ b/arch/xtensa/include/asm/cacheasm.h @@ -123,7 +123,7 @@ .macro ___invalidate_dcache_all ar at #if XCHAL_DCACHE_SIZE - __loop_cache_all \ar \at dii __stringify(DCACHE_WAY_SIZE) \ + __loop_cache_all \ar \at dii XCHAL_DCACHE_SIZE \ XCHAL_DCACHE_LINEWIDTH 1020 #endif @@ -133,7 +133,7 @@ .macro ___invalidate_icache_all ar at #if XCHAL_ICACHE_SIZE - __loop_cache_all \ar \at iii __stringify(ICACHE_WAY_SIZE) \ + __loop_cache_all \ar \at iii XCHAL_ICACHE_SIZE \ XCHAL_ICACHE_LINEWIDTH 1020 #endif -- 2.11.0

7 years, 1 month

2
1
0 0

[PATCH] xtensa: limit offsets in __loop_cache_{all,page}

by Max Filippov

When building kernel for xtensa cores with big cache lines (e.g. 128 bytes or more) __loop_cache_all and __loop_cache_page may generate assembly instructions with immediate fields that are too big. This results in the following build errors: arch/xtensa/mm/misc.S: Assembler messages: arch/xtensa/mm/misc.S:464: Error: operand 2 of 'diwbi' has invalid value '256' arch/xtensa/mm/misc.S:464: Error: operand 2 of 'diwbi' has invalid value '384' arch/xtensa/kernel/head.S: Assembler messages: arch/xtensa/kernel/head.S:172: Error: operand 2 of 'diu' has invalid value '256' arch/xtensa/kernel/head.S:172: Error: operand 2 of 'diu' has invalid value '384' arch/xtensa/kernel/head.S:176: Error: operand 2 of 'iiu' has invalid value '256' arch/xtensa/kernel/head.S:176: Error: operand 2 of 'iiu' has invalid value '384' arch/xtensa/kernel/head.S:255: Error: operand 2 of 'diwb' has invalid value '256' arch/xtensa/kernel/head.S:255: Error: operand 2 of 'diwb' has invalid value '384' Add parameter max_immed to these macros and use it to limit values of immediate operands. Extract common code of these macros into the new macro __loop_cache_unroll. Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> --- arch/xtensa/include/asm/cacheasm.h | 65 +++++++++++++++++++++++--------------- 1 file changed, 40 insertions(+), 25 deletions(-) diff --git a/arch/xtensa/include/asm/cacheasm.h b/arch/xtensa/include/asm/cacheasm.h index 2041abb10a23..5dd57c5db76c 100644 --- a/arch/xtensa/include/asm/cacheasm.h +++ b/arch/xtensa/include/asm/cacheasm.h @@ -31,16 +31,32 @@ * */ - .macro __loop_cache_all ar at insn size line_width - movi \ar, 0 + .macro __loop_cache_unroll ar at insn size line_width max_immed + + .if (1 << (\line_width)) > (\max_immed) + reps = 1 + .elseif (2 << (\line_width)) > (\max_immed) + reps = 2 + .else + reps = 4 + .endif + + __loopi \ar, \at, \size, (reps << (\line_width)) + rep = 0 + .rep reps + \insn \ar, rep << (\line_width) + rep = rep + 1 + .endr + __endla \ar, \at, reps << (\line_width) + + .endm + - __loopi \ar, \at, \size, (4 << (\line_width)) - \insn \ar, 0 << (\line_width) - \insn \ar, 1 << (\line_width) - \insn \ar, 2 << (\line_width) - \insn \ar, 3 << (\line_width) - __endla \ar, \at, 4 << (\line_width) + .macro __loop_cache_all ar at insn size line_width max_immed + + movi \ar, 0 + __loop_cache_unroll \ar, \at, \insn, \size, \line_width, \max_immed .endm @@ -57,14 +73,9 @@ .endm - .macro __loop_cache_page ar at insn line_width + .macro __loop_cache_page ar at insn line_width max_immed - __loopi \ar, \at, PAGE_SIZE, 4 << (\line_width) - \insn \ar, 0 << (\line_width) - \insn \ar, 1 << (\line_width) - \insn \ar, 2 << (\line_width) - \insn \ar, 3 << (\line_width) - __endla \ar, \at, 4 << (\line_width) + __loop_cache_unroll \ar, \at, \insn, PAGE_SIZE, \line_width, \max_immed .endm @@ -72,7 +83,8 @@ .macro ___unlock_dcache_all ar at #if XCHAL_DCACHE_LINE_LOCKABLE && XCHAL_DCACHE_SIZE - __loop_cache_all \ar \at diu XCHAL_DCACHE_SIZE XCHAL_DCACHE_LINEWIDTH + __loop_cache_all \ar \at diu XCHAL_DCACHE_SIZE \ + XCHAL_DCACHE_LINEWIDTH 240 #endif .endm @@ -81,7 +93,8 @@ .macro ___unlock_icache_all ar at #if XCHAL_ICACHE_LINE_LOCKABLE && XCHAL_ICACHE_SIZE - __loop_cache_all \ar \at iiu XCHAL_ICACHE_SIZE XCHAL_ICACHE_LINEWIDTH + __loop_cache_all \ar \at iiu XCHAL_ICACHE_SIZE \ + XCHAL_ICACHE_LINEWIDTH 240 #endif .endm @@ -90,7 +103,8 @@ .macro ___flush_invalidate_dcache_all ar at #if XCHAL_DCACHE_SIZE - __loop_cache_all \ar \at diwbi XCHAL_DCACHE_SIZE XCHAL_DCACHE_LINEWIDTH + __loop_cache_all \ar \at diwbi XCHAL_DCACHE_SIZE \ + XCHAL_DCACHE_LINEWIDTH 240 #endif .endm @@ -99,7 +113,8 @@ .macro ___flush_dcache_all ar at #if XCHAL_DCACHE_SIZE - __loop_cache_all \ar \at diwb XCHAL_DCACHE_SIZE XCHAL_DCACHE_LINEWIDTH + __loop_cache_all \ar \at diwb XCHAL_DCACHE_SIZE \ + XCHAL_DCACHE_LINEWIDTH 240 #endif .endm @@ -109,7 +124,7 @@ #if XCHAL_DCACHE_SIZE __loop_cache_all \ar \at dii __stringify(DCACHE_WAY_SIZE) \ - XCHAL_DCACHE_LINEWIDTH + XCHAL_DCACHE_LINEWIDTH 1020 #endif .endm @@ -119,7 +134,7 @@ #if XCHAL_ICACHE_SIZE __loop_cache_all \ar \at iii __stringify(ICACHE_WAY_SIZE) \ - XCHAL_ICACHE_LINEWIDTH + XCHAL_ICACHE_LINEWIDTH 1020 #endif .endm @@ -166,7 +181,7 @@ .macro ___flush_invalidate_dcache_page ar as #if XCHAL_DCACHE_SIZE - __loop_cache_page \ar \as dhwbi XCHAL_DCACHE_LINEWIDTH + __loop_cache_page \ar \as dhwbi XCHAL_DCACHE_LINEWIDTH 1020 #endif .endm @@ -175,7 +190,7 @@ .macro ___flush_dcache_page ar as #if XCHAL_DCACHE_SIZE - __loop_cache_page \ar \as dhwb XCHAL_DCACHE_LINEWIDTH + __loop_cache_page \ar \as dhwb XCHAL_DCACHE_LINEWIDTH 1020 #endif .endm @@ -184,7 +199,7 @@ .macro ___invalidate_dcache_page ar as #if XCHAL_DCACHE_SIZE - __loop_cache_page \ar \as dhi XCHAL_DCACHE_LINEWIDTH + __loop_cache_page \ar \as dhi XCHAL_DCACHE_LINEWIDTH 1020 #endif .endm @@ -193,7 +208,7 @@ .macro ___invalidate_icache_page ar as #if XCHAL_ICACHE_SIZE - __loop_cache_page \ar \as ihi XCHAL_ICACHE_LINEWIDTH + __loop_cache_page \ar \as ihi XCHAL_ICACHE_LINEWIDTH 1020 #endif .endm -- 2.11.0

7 years, 1 month

2
1
0 0

[PATCH v5 13/13] drm/nouveau: Call pm_runtime_get_noresume() from hpd handlers

by Lyude Paul

We can't and don't need to try resuming the device from our hotplug handlers, but hotplug events are generally something we'd like to keep the device awake for whenever possible. So, grab a PM ref safely in our hotplug handlers using pm_runtime_get_noresume() and mark the device as busy once we're finished. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_connector.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c index 8409c3f2c3a1..5a8e8c1ad647 100644 --- a/drivers/gpu/drm/nouveau/nouveau_connector.c +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c @@ -1152,6 +1152,11 @@ nouveau_connector_hotplug(struct nvif_notify *notify) const char *name = connector->name; struct nouveau_encoder *nv_encoder; + /* Resuming the device here isn't possible; but the suspend PM ops + * will wait for us to finish our work before disabling us so this + * should be enough + */ + pm_runtime_get_noresume(drm->dev->dev); nv_connector->hpd_task = current; if (rep->mask & NVIF_NOTIFY_CONN_V0_IRQ) { @@ -1171,6 +1176,9 @@ nouveau_connector_hotplug(struct nvif_notify *notify) } nv_connector->hpd_task = NULL; + + pm_runtime_mark_last_busy(drm->dev->dev); + pm_runtime_put_autosuspend(drm->dev->dev); return NVIF_NOTIFY_KEEP; } -- 2.17.1

7 years, 1 month

2
1
0 0

the editing is that you need

by Jeff

We would like to check if your photos need editing. We can do it for you. Our image editing is for web store photos, jewelries images and beauty and portrait photos etc. It is including cut out and clipping path , and also retouching if it is needed. We can do test on your photos. Just send us a photo we will start to work on it, Thanks, Jeff Allen

7 years, 1 month

1
0
0 0

the photos is what you need

by Jeff

We would like to check if your photos need editing. We can do it for you. Our image editing is for web store photos, jewelries images and beauty and portrait photos etc. It is including cut out and clipping path , and also retouching if it is needed. We can do test on your photos. Just send us a photo we will start to work on it, Thanks, Jeff Allen

7 years, 1 month

1
0
0 0

KASAN errors from unwind_frame

by Sodagudi Prasad

Hi All, I have observed following KASAN error with 4.14.56 kernel. Can you please copy change-[1](kasan: add no_sanitize attribute for clang builds) into stable kernels? [1] - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/i… ================================================================== BUG: KASAN: out-of-bounds in __read_once_size_nocheck include/linux/compiler.h:196 [inline] BUG: KASAN: out-of-bounds in unwind_frame+0xc4/0x324 arch/arm64/kernel/stacktrace.c:56 Read of size 8 at addr ffffffe3123ff4b0 by task poc/15233 CPU: 7 PID: 15233 Comm: poc Tainted: G S W O 4.14.56+ #3 Hardware name: Qualcomm Technologies, Inc. Call trace: dump_backtrace+0x0/0x388 show_stack+0x24/0x30 __dump_stack+0x24/0x2c dump_stack+0x8c/0xd0 print_address_description+0x74/0x234 kasan_report+0x240/0x264 __asan_report_load8_noabort+0x2c/0x38 unwind_frame+0xc4/0x324 walk_stackframe+0x44/0x6c __save_stack_trace+0x250/0x444 save_stack_trace_tsk+0x2c/0x38 proc_pid_stack+0x134/0x268 proc_single_show+0xdc/0x130 traverse+0x244/0x5b0 seq_lseek+0x10c/0x27c vfs_llseek+0xb4/0xe4 SyS_lseek+0x54/0xa0 el0_svc_naked+0x34/0x38 The buggy address belongs to the page: page:ffffffbf8c48ffc0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x0() raw: 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff raw: 0000000000000000 dead000000000200 0000000000000000 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not active (free page?) Memory state around the buggy address: ffffffe3123ff380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffe3123ff400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > ffffffe3123ff480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ ffffffe3123ff500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffe3123ff580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== -Thanks, Prasad -- The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, Linux Foundation Collaborative Project

7 years, 1 month

2
1
0 0

[PATCH] bcache: fix 0day error of setting writeback_rate by sysfs interface

by Coly Li

Commit ea8c5356d390 ("bcache: set max writeback rate when I/O request is idle") changes struct bch_ratelimit member rate from uint32_t to atomic_long_t and uses atomic_long_set() in drivers/md/bcache/sysfs.c to set new writeback rate, after the input is converted from memory buf to long int by sysfs_strtoul_clamp(). The above change has a problem because there is an implicit return inside sysfs_strtoul_clamp() so the following atomic_long_set() won't be called. This error is detected by 0day system with following snipped smatch warnings: drivers/md/bcache/sysfs.c:271 __cached_dev_store() error: uninitialized symbol 'v'. 270 sysfs_strtoul_clamp(writeback_rate, v, 1, INT_MAX); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @271 atomic_long_set(&dc->writeback_rate.rate, v); This patch fixes the above error by using strtoul_safe_clamp() to convert the input buffer into a long int type result. Fixes: Commit ea8c5356d390 ("bcache: set max writeback rate when I/O request is idle") Signed-off-by: Coly Li <colyli(a)suse.de> Cc: stable(a)vger.kernel.org #4.16+ Cc: Kai Krakow <kai(a)kaishome.de> Cc: Stefan Priebe <s.priebe(a)profihost.ag> --- drivers/md/bcache/sysfs.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c index 543b06408321..150cf4f4cf74 100644 --- a/drivers/md/bcache/sysfs.c +++ b/drivers/md/bcache/sysfs.c @@ -267,10 +267,17 @@ STORE(__cached_dev) sysfs_strtoul_clamp(writeback_percent, dc->writeback_percent, 0, 40); if (attr == &sysfs_writeback_rate) { - int v; + ssize_t ret; + long int v = atomic_long_read(&dc->writeback_rate.rate); + + ret = strtoul_safe_clamp(buf, v, 1, INT_MAX); - sysfs_strtoul_clamp(writeback_rate, v, 1, INT_MAX); - atomic_long_set(&dc->writeback_rate.rate, v); + if (!ret) { + atomic_long_set(&dc->writeback_rate.rate, v); + ret = size; + } + + return ret; } sysfs_strtoul_clamp(writeback_rate_update_seconds, -- 2.18.0

7 years, 1 month

2
2
0 0

[patch 4/4] zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature

by akpm＠linux-foundation.org

From: Minchan Kim <minchan(a)kernel.org> Subject: zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature If zram supports writeback feature, it's no longer a BD_CAP_SYNCHRONOUS_IO device beause zram does asynchronous IO operations for incompressible pages. Do not pretend to be synchronous IO device. It makes the system very sluggish due to waiting for IO completion from upper layers. Furthermore, it causes a user-after-free problem because swap thinks the opearion is done when the IO functions returns so it can free the page (e.g., lock_page_or_retry and goto out_release in do_swap_page) but in fact, IO is asynchronous so the driver could access a just freed page afterward. This patch fixes the problem. BUG: Bad page state in process qemu-system-x86 pfn:3dfab21 page:ffffdfb137eac840 count:0 mapcount:0 mapping:0000000000000000 index:0x1 flags: 0x17fffc000000008(uptodate) raw: 017fffc000000008 dead000000000100 dead000000000200 0000000000000000 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag set bad because of flags: 0x8(uptodate) Modules linked in: lz4 lz4_compress zram zsmalloc intel_rapl sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel bin fmt_misc pcbc aesni_intel aes_x86_64 crypto_simd cryptd iTCO_wdt glue_helper iTCO_vendor_support intel_cstate lpc_ich mei_me intel_uncore intel_rapl_perf pcspkr joydev sg mfd_core ioatdma mei wmi evdev ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter acpi_pad button ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 fscrypto hid_generic usbhid hid sd_mod xhci_pci ehci_pci ahci libahci xhci_hcd ehci_hcd libata igb i2c_algo_bit crc32c_intel scsi_mod i2c_i8 01 dca usbcore CPU: 4 PID: 1039 Comm: qemu-system-x86 Tainted: G B 4.18.0-rc5+ #1 Hardware name: Supermicro Super Server/X10SRL-F, BIOS 2.0b 05/02/2017 Call Trace: dump_stack+0x5c/0x7b bad_page+0xba/0x120 get_page_from_freelist+0x1016/0x1250 __alloc_pages_nodemask+0xfa/0x250 alloc_pages_vma+0x7c/0x1c0 do_swap_page+0x347/0x920 ? __update_load_avg_se.isra.38+0x1eb/0x1f0 ? cpumask_next_wrap+0x3d/0x60 __handle_mm_fault+0x7b4/0x1110 ? update_load_avg+0x5ea/0x720 handle_mm_fault+0xfc/0x1f0 __get_user_pages+0x12f/0x690 get_user_pages_unlocked+0x148/0x1f0 __gfn_to_pfn_memslot+0xff/0x3c0 [kvm] try_async_pf+0x87/0x230 [kvm] tdp_page_fault+0x132/0x290 [kvm] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] kvm_mmu_page_fault+0x74/0x570 [kvm] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmx_vcpu_run+0x375/0x620 [kvm_intel] kvm_arch_vcpu_ioctl_run+0x9b3/0x1990 [kvm] ? __update_load_avg_se.isra.38+0x1eb/0x1f0 ? kvm_vcpu_ioctl+0x388/0x5d0 [kvm] kvm_vcpu_ioctl+0x388/0x5d0 [kvm] ? __switch_to+0x395/0x450 ? __switch_to+0x395/0x450 do_vfs_ioctl+0xa2/0x630 ? __schedule+0x3fd/0x890 ksys_ioctl+0x70/0x80 ? exit_to_usermode_loop+0xca/0xf0 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x55/0x100 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fb30361add7 Code: 00 00 00 48 8b 05 c1 80 2b 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 80 2b 00 f7 d8 64 89 01 48 RSP: 002b:00007fb2e97f98b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000000ae80 RCX: 00007fb30361add7 RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000015 RBP: 00005652b984e0f0 R08: 00005652b7d513d0 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fb308c66000 R14: 0000000000000000 R15: 00005652b984e0f0 Link: https://lore.kernel.org/lkml/0516ae2d-b0fd-92c5-aa92-112ba7bd32fc@contabo.d… Link: http://lkml.kernel.org/r/20180802051112.86174-1-minchan@kernel.org [minchan(a)kernel.org: fix changelog, add comment] Link: https://lore.kernel.org/lkml/0516ae2d-b0fd-92c5-aa92-112ba7bd32fc@contabo.d… Link: http://lkml.kernel.org/r/20180802051112.86174-1-minchan@kernel.org Link: http://lkml.kernel.org/r/20180805233722.217347-1-minchan@kernel.org [akpm(a)linux-foundation.org: coding-style fixes] Signed-off-by: Minchan Kim <minchan(a)kernel.org> Reported-by: Tino Lehnig <tino.lehnig(a)contabo.de> Tested-by: Tino Lehnig <tino.lehnig(a)contabo.de> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: <stable(a)vger.kernel.org> [4.15+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) --- a/drivers/block/zram/zram_drv.c~zram-remove-bd_cap_synchronous_io-with-writeback-feature +++ a/drivers/block/zram/zram_drv.c @@ -298,7 +298,8 @@ static void reset_bdev(struct zram *zram zram->backing_dev = NULL; zram->old_block_size = 0; zram->bdev = NULL; - + zram->disk->queue->backing_dev_info->capabilities |= + BDI_CAP_SYNCHRONOUS_IO; kvfree(zram->bitmap); zram->bitmap = NULL; } @@ -400,6 +401,18 @@ static ssize_t backing_dev_store(struct zram->backing_dev = backing_dev; zram->bitmap = bitmap; zram->nr_pages = nr_pages; + /* + * With writeback feature, zram does asynchronous IO so it's no longer + * synchronous device so let's remove synchronous io flag. Othewise, + * upper layer(e.g., swap) could wait IO completion rather than + * (submit and return), which will cause system sluggish. + * Furthermore, when the IO function returns(e.g., swap_readpage), + * upper layer expects IO was done so it could deallocate the page + * freely but in fact, IO is going on so finally could cause + * use-after-free when the IO is really done. + */ + zram->disk->queue->backing_dev_info->capabilities &= + ~BDI_CAP_SYNCHRONOUS_IO; up_write(&zram->init_lock); pr_info("setup backing device %s\n", file_name); _

7 years, 1 month

1
0
0 0

[folded-merged] zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2 has been removed from the -mm tree. Its filename was zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2.patch This patch was dropped because it was folded into zram-remove-bd_cap_synchronous_io-with-writeback-feature.patch ------------------------------------------------------ From: Minchan Kim <minchan(a)kernel.org> Subject: zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2 - description correction - Andrew - add comment about removing BDI_CAP_SYNCHRONOUS_IO Link: https://lore.kernel.org/lkml/0516ae2d-b0fd-92c5-aa92-112ba7bd32fc@contabo.d… Link: http://lkml.kernel.org/r/20180802051112.86174-1-minchan@kernel.org Link: http://lkml.kernel.org/r/20180805233722.217347-1-minchan@kernel.org Signed-off-by: Minchan Kim <minchan(a)kernel.org> Reported-by: Tino Lehnig <tino.lehnig(a)contabo.de> Tested-by: Tino Lehnig <tino.lehnig(a)contabo.de> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: <stable(a)vger.kernel.org> [4.15+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN drivers/block/zram/zram_drv.c~zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2 drivers/block/zram/zram_drv.c --- a/drivers/block/zram/zram_drv.c~zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2 +++ a/drivers/block/zram/zram_drv.c @@ -401,6 +401,16 @@ static ssize_t backing_dev_store(struct zram->backing_dev = backing_dev; zram->bitmap = bitmap; zram->nr_pages = nr_pages; + /* + * With writeback feature, zram does asynchronous IO so it's no longer + * synchronous device so let's remove synchronous io flag. Othewise, + * upper layer(e.g., swap) could wait IO completion rather than + * (submit and return), which will cause system sluggish. + * Furthermore, when the IO function returns(e.g., swap_readpage), + * upper layer expects IO was done so it could deallocate the page + * freely but in fact, IO is going on so finally could cause + * use-after-free when the IO is really done. + */ zram->disk->queue->backing_dev_info->capabilities &= ~BDI_CAP_SYNCHRONOUS_IO; up_write(&zram->init_lock); _ Patches currently in -mm which might be from minchan(a)kernel.org are zram-remove-bd_cap_synchronous_io-with-writeback-feature.patch

7 years, 1 month

1
0
0 0

+ reiserfs-fix-broken-xattr-handling-heap-corruption-bad-retval.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: reiserfs: fix broken xattr handling (heap corruption, bad retval) has been added to the -mm tree. Its filename is reiserfs-fix-broken-xattr-handling-heap-corruption-bad-retval.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/reiserfs-fix-broken-xattr-handling… and later at http://ozlabs.org/~akpm/mmotm/broken-out/reiserfs-fix-broken-xattr-handling… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: reiserfs: fix broken xattr handling (heap corruption, bad retval) This fixes the following issues: - When a buffer size is supplied to reiserfs_listxattr() such that each individual name fits, but the concatenation of all names doesn't fit, reiserfs_listxattr() overflows the supplied buffer. This leads to a kernel heap overflow (verified using KASAN) followed by an out-of-bounds usercopy and is therefore a security bug. - When a buffer size is supplied to reiserfs_listxattr() such that a name doesn't fit, -ERANGE should be returned. But reiserfs instead just truncates the list of names; I have verified that if the only xattr on a file has a longer name than the supplied buffer length, listxattr() incorrectly returns zero. With my patch applied, -ERANGE is returned in both cases and the memory corruption doesn't happen anymore. Credit for making me clean this code up a bit goes to Al Viro, who pointed out that the ->actor calling convention is suboptimal and should be changed. Link: http://lkml.kernel.org/r/20180802151539.5373-1-jannh@google.com Fixes: 48b32a3553a5 ("reiserfs: use generic xattr handlers") Signed-off-by: Jann Horn <jannh(a)google.com> Cc: Jeff Mahoney <jeffm(a)suse.com> Cc: Eric Biggers <ebiggers(a)google.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/reiserfs/xattr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/fs/reiserfs/xattr.c~reiserfs-fix-broken-xattr-handling-heap-corruption-bad-retval +++ a/fs/reiserfs/xattr.c @@ -792,8 +792,10 @@ static int listxattr_filler(struct dir_c return 0; size = namelen + 1; if (b->buf) { - if (size > b->size) + if (b->pos + size > b->size) { + b->pos = -ERANGE; return -ERANGE; + } memcpy(b->buf + b->pos, name, namelen); b->buf[b->pos + namelen] = 0; } _ Patches currently in -mm which might be from jannh(a)google.com are reiserfs-fix-broken-xattr-handling-heap-corruption-bad-retval.patch fork-dont-copy-inconsistent-signal-handler-state-to-child.patch

7 years, 1 month

1
0
0 0

[PATCH v5 10/13] drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()

by Lyude Paul

It's true we can't resume the device from poll workers in nouveau_connector_detect(). We can however, prevent the autosuspend timer from elapsing immediately if it hasn't already without risking any sort of deadlock with the runtime suspend/resume operations. So do that instead of entirely avoiding grabbing a power reference. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_connector.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c index 2a45b4c2ceb0..010d6db14cba 100644 --- a/drivers/gpu/drm/nouveau/nouveau_connector.c +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c @@ -572,12 +572,16 @@ nouveau_connector_detect(struct drm_connector *connector, bool force) nv_connector->edid = NULL; } - /* Outputs are only polled while runtime active, so acquiring a - * runtime PM ref here is unnecessary (and would deadlock upon - * runtime suspend because it waits for polling to finish). + /* Outputs are only polled while runtime active, so resuming the + * device here is unnecessary (and would deadlock upon runtime suspend + * because it waits for polling to finish). We do however, want to + * prevent the autosuspend timer from elapsing during this operation + * if possible. */ - if (!drm_kms_helper_is_poll_worker()) { - ret = pm_runtime_get_sync(connector->dev->dev); + if (drm_kms_helper_is_poll_worker()) { + pm_runtime_get_noresume(dev->dev); + } else { + ret = pm_runtime_get_sync(dev->dev); if (ret < 0 && ret != -EACCES) return conn_status; } @@ -655,10 +659,8 @@ nouveau_connector_detect(struct drm_connector *connector, bool force) out: - if (!drm_kms_helper_is_poll_worker()) { - pm_runtime_mark_last_busy(connector->dev->dev); - pm_runtime_put_autosuspend(connector->dev->dev); - } + pm_runtime_mark_last_busy(dev->dev); + pm_runtime_put_autosuspend(dev->dev); return conn_status; } -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH v5 08/13] drm/nouveau: Don't ignore nouveau_do_suspend() ret value

by Lyude Paul

Otherwise, how will we roll everything back? Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_drm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index db56e9b6b6af..f79b435368ec 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -842,6 +842,9 @@ nouveau_pmops_runtime_suspend(struct device *dev) } ret = nouveau_do_suspend(drm_dev, true); + if (ret) + return ret; + nouveau_switcheroo_optimus_dsm(); pci_save_state(pdev); pci_disable_device(pdev); -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH v5 07/13] drm/nouveau: Add missing unroll functions in nouveau_do_suspend()

by Lyude Paul

Currently, it appears that nouveau_do_suspend() forgets to roll back suspending fbcon and suspending the device LEDs. We also currently skip the entire rollback process if nouveau_display_suspend() fails. So, fix that. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_drm.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index 5ea8fe992484..db56e9b6b6af 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -674,10 +674,11 @@ nouveau_do_suspend(struct drm_device *dev, bool runtime) if (dev->mode_config.num_crtc) { NV_DEBUG(drm, "suspending console...\n"); nouveau_fbcon_set_suspend(dev, 1); + NV_DEBUG(drm, "suspending display...\n"); ret = nouveau_display_suspend(dev, runtime); if (ret) - return ret; + goto fail_fbcon; } NV_DEBUG(drm, "evicting buffers...\n"); @@ -719,7 +720,14 @@ nouveau_do_suspend(struct drm_device *dev, bool runtime) if (dev->mode_config.num_crtc) { NV_DEBUG(drm, "resuming display...\n"); nouveau_display_resume(dev, runtime); + +fail_fbcon: + NV_DEBUG(drm, "resuming console...\n"); + nouveau_fbcon_set_suspend(dev, 0); } + + nouveau_led_resume(dev); + return ret; } -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH v5 06/13] drm/nouveau: Call optimus_dsm functions after nouveau_do_suspend()

by Lyude Paul

It's not necessary to call these before we call nouveau_do_suspend(). Ideally; we shouldn't have to call this at all here, but getting that to work will take a bit more effort. So for the time being, just move this call after nouveau_do_suspend() to allow us to easily be able to abort the runtime suspend process in nouveau_do_suspend() Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_drm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index 04f704b77a3c..5ea8fe992484 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -833,8 +833,8 @@ nouveau_pmops_runtime_suspend(struct device *dev) return -EBUSY; } - nouveau_switcheroo_optimus_dsm(); ret = nouveau_do_suspend(drm_dev, true); + nouveau_switcheroo_optimus_dsm(); pci_save_state(pdev); pci_disable_device(pdev); pci_ignore_hotplug(pdev); -- 2.17.1

7 years, 1 month

2
1
0 0

[PATCH] libnvdimm: fix ars_status output length calculation

by Vishal Verma

Commit efda1b5d87cb ("acpi, nfit, libnvdimm: fix / harden ars_status output length handling") Introduced additional hardening for ambiguity in the ACPI spec for ars_status output sizing. However, it had a couple of cases mixed up. Where it should have been checking for (and returning) "out_field[1] - 4" it was using "out_field[1] - 8" and vice versa. This caused a four byte discrepancy in the buffer size passed on to the command handler, and in some cases, this caused memory corruption like: ./daxdev-errors.sh: line 76: 24104 Aborted (core dumped) ./daxdev-errors $busdev $region malloc(): memory corruption Program received signal SIGABRT, Aborted. [...] #5 0x00007ffff7865a2e in calloc () from /lib64/libc.so.6 #6 0x00007ffff7bc2970 in ndctl_bus_cmd_new_ars_status (ars_cap=ars_cap@entry=0x6153b0) at ars.c:136 #7 0x0000000000401644 in check_ars_status (check=0x7fffffffdeb0, bus=0x604c20) at daxdev-errors.c:144 #8 test_daxdev_clear_error (region_name=<optimized out>, bus_name=<optimized out>) at daxdev-errors.c:332 Cc: <stable(a)vger.kernel.org> Cc: Dave Jiang <dave.jiang(a)intel.com> Cc: Keith Busch <keith.busch(a)intel.com> Cc: Lukasz Dorau <lukasz.dorau(a)intel.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Fixes: efda1b5d87cb ("acpi, nfit, libnvdimm: fix / harden ars_status output length handling") Signed-off-by: Vishal Verma <vishal.l.verma(a)intel.com> --- drivers/nvdimm/bus.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/nvdimm/bus.c b/drivers/nvdimm/bus.c index 27902a8799b1..8aae6dcc839f 100644 --- a/drivers/nvdimm/bus.c +++ b/drivers/nvdimm/bus.c @@ -812,9 +812,9 @@ u32 nd_cmd_out_size(struct nvdimm *nvdimm, int cmd, * overshoots the remainder by 4 bytes, assume it was * including 'status'. */ - if (out_field[1] - 8 == remainder) + if (out_field[1] - 4 == remainder) return remainder; - return out_field[1] - 4; + return out_field[1] - 8; } else if (cmd == ND_CMD_CALL) { struct nd_cmd_pkg *pkg = (struct nd_cmd_pkg *) in_field; -- 2.14.4

7 years, 1 month

3
2
0 0

[PATCH] clk: sunxi-ng: fix H6 bus clocks divider position

by Icenowy Zheng

The bus clocks (AHB/APB) on Allwinner H6 have their second divider start at bit 8, according to the user manual and the BSP code. However, currently the divider is wrongly set to 16, thus the divider is not correctly read and the clock frequency is not correctly calculated. Fix this bit offset on all affected bus clocks in ccu-sun50i-h6. Cc: stable(a)vger.kernel.org # v4.17.y Signed-off-by: Icenowy Zheng <icenowy(a)aosc.io> --- drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/clk/sunxi-ng/ccu-sun50i-h6.c b/drivers/clk/sunxi-ng/ccu-sun50i-h6.c index bdbfe78fe133..0f7a0ffd3f70 100644 --- a/drivers/clk/sunxi-ng/ccu-sun50i-h6.c +++ b/drivers/clk/sunxi-ng/ccu-sun50i-h6.c @@ -224,7 +224,7 @@ static SUNXI_CCU_MP_WITH_MUX(psi_ahb1_ahb2_clk, "psi-ahb1-ahb2", psi_ahb1_ahb2_parents, 0x510, 0, 5, /* M */ - 16, 2, /* P */ + 8, 2, /* P */ 24, 2, /* mux */ 0); @@ -233,19 +233,19 @@ static const char * const ahb3_apb1_apb2_parents[] = { "osc24M", "osc32k", "pll-periph0" }; static SUNXI_CCU_MP_WITH_MUX(ahb3_clk, "ahb3", ahb3_apb1_apb2_parents, 0x51c, 0, 5, /* M */ - 16, 2, /* P */ + 8, 2, /* P */ 24, 2, /* mux */ 0); static SUNXI_CCU_MP_WITH_MUX(apb1_clk, "apb1", ahb3_apb1_apb2_parents, 0x520, 0, 5, /* M */ - 16, 2, /* P */ + 8, 2, /* P */ 24, 2, /* mux */ 0); static SUNXI_CCU_MP_WITH_MUX(apb2_clk, "apb2", ahb3_apb1_apb2_parents, 0x524, 0, 5, /* M */ - 16, 2, /* P */ + 8, 2, /* P */ 24, 2, /* mux */ 0); -- 2.18.0

7 years, 1 month

2
1
0 0

[PATCH] tpm: fix race condition in tpm_common_write()

by Jarkko Sakkinen

From: Tadeusz Struk <tadeusz.struk(a)intel.com> commit 3ab2011ea368ec3433ad49e1b9e1c7b70d2e65df upstream There is a race condition in tpm_common_write function allowing two threads on the same /dev/tpm<N>, or two different applications on the same /dev/tpmrm<N> to overwrite each other commands/responses. Fixed this by taking the priv->buffer_mutex early in the function. Also converted the priv->data_pending from atomic to a regular size_t type. There is no need for it to be atomic since it is only touched under the protection of the priv->buffer_mutex. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Tadeusz Struk <tadeusz.struk(a)intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> --- Manually backported for v4.4 and v4.9. drivers/char/tpm/tpm-dev.c | 43 ++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/drivers/char/tpm/tpm-dev.c b/drivers/char/tpm/tpm-dev.c index 65b824954bdc..1662e4688ee2 100644 --- a/drivers/char/tpm/tpm-dev.c +++ b/drivers/char/tpm/tpm-dev.c @@ -25,7 +25,7 @@ struct file_priv { struct tpm_chip *chip; /* Data passed to and from the tpm via the read/write calls */ - atomic_t data_pending; + size_t data_pending; struct mutex buffer_mutex; struct timer_list user_read_timer; /* user needs to claim result */ @@ -46,7 +46,7 @@ static void timeout_work(struct work_struct *work) struct file_priv *priv = container_of(work, struct file_priv, work); mutex_lock(&priv->buffer_mutex); - atomic_set(&priv->data_pending, 0); + priv->data_pending = 0; memset(priv->data_buffer, 0, sizeof(priv->data_buffer)); mutex_unlock(&priv->buffer_mutex); } @@ -72,7 +72,6 @@ static int tpm_open(struct inode *inode, struct file *file) } priv->chip = chip; - atomic_set(&priv->data_pending, 0); mutex_init(&priv->buffer_mutex); setup_timer(&priv->user_read_timer, user_reader_timeout, (unsigned long)priv); @@ -86,28 +85,24 @@ static ssize_t tpm_read(struct file *file, char __user *buf, size_t size, loff_t *off) { struct file_priv *priv = file->private_data; - ssize_t ret_size; + ssize_t ret_size = 0; int rc; del_singleshot_timer_sync(&priv->user_read_timer); flush_work(&priv->work); - ret_size = atomic_read(&priv->data_pending); - if (ret_size > 0) { /* relay data */ - ssize_t orig_ret_size = ret_size; - if (size < ret_size) - ret_size = size; + mutex_lock(&priv->buffer_mutex); - mutex_lock(&priv->buffer_mutex); + if (priv->data_pending) { + ret_size = min_t(ssize_t, size, priv->data_pending); rc = copy_to_user(buf, priv->data_buffer, ret_size); - memset(priv->data_buffer, 0, orig_ret_size); + memset(priv->data_buffer, 0, priv->data_pending); if (rc) ret_size = -EFAULT; - mutex_unlock(&priv->buffer_mutex); + priv->data_pending = 0; } - atomic_set(&priv->data_pending, 0); - + mutex_unlock(&priv->buffer_mutex); return ret_size; } @@ -118,18 +113,20 @@ static ssize_t tpm_write(struct file *file, const char __user *buf, size_t in_size = size; ssize_t out_size; - /* cannot perform a write until the read has cleared - either via tpm_read or a user_read_timer timeout. - This also prevents splitted buffered writes from blocking here. - */ - if (atomic_read(&priv->data_pending) != 0) - return -EBUSY; - if (in_size > TPM_BUFSIZE) return -E2BIG; mutex_lock(&priv->buffer_mutex); + /* Cannot perform a write until the read has cleared either via + * tpm_read or a user_read_timer timeout. This also prevents split + * buffered writes from blocking here. + */ + if (priv->data_pending != 0) { + mutex_unlock(&priv->buffer_mutex); + return -EBUSY; + } + if (copy_from_user (priv->data_buffer, (void __user *) buf, in_size)) { mutex_unlock(&priv->buffer_mutex); @@ -159,7 +156,7 @@ static ssize_t tpm_write(struct file *file, const char __user *buf, return out_size; } - atomic_set(&priv->data_pending, out_size); + priv->data_pending = out_size; mutex_unlock(&priv->buffer_mutex); /* Set a timeout by which the reader must come claim the result */ @@ -178,7 +175,7 @@ static int tpm_release(struct inode *inode, struct file *file) del_singleshot_timer_sync(&priv->user_read_timer); flush_work(&priv->work); file->private_data = NULL; - atomic_set(&priv->data_pending, 0); + priv->data_pending = 0; clear_bit(0, &priv->chip->is_open); kfree(priv); return 0; -- 2.17.1

7 years, 1 month

2
2
0 0

Applied "spi: davinci: fix a NULL pointer dereference" to the spi tree

by Mark Brown

The patch spi: davinci: fix a NULL pointer dereference has been applied to the spi tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 563a53f3906a6b43692498e5b3ae891fac93a4af Mon Sep 17 00:00:00 2001 From: Bartosz Golaszewski <bgolaszewski(a)baylibre.com> Date: Fri, 10 Aug 2018 11:13:52 +0200 Subject: [PATCH] spi: davinci: fix a NULL pointer dereference On non-OF systems spi->controlled_data may be NULL. This causes a NULL pointer derefence on dm365-evm. Signed-off-by: Bartosz Golaszewski <bgolaszewski(a)baylibre.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/spi/spi-davinci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/spi/spi-davinci.c b/drivers/spi/spi-davinci.c index 60d59b003aa4..4ffc0f495be8 100644 --- a/drivers/spi/spi-davinci.c +++ b/drivers/spi/spi-davinci.c @@ -217,7 +217,7 @@ static void davinci_spi_chipselect(struct spi_device *spi, int value) pdata = &dspi->pdata; /* program delay transfers if tx_delay is non zero */ - if (spicfg->wdelay) + if (spicfg && spicfg->wdelay) spidat1 |= SPIDAT1_WDEL; /* -- 2.18.0

7 years, 1 month

1
0
0 0

Please help to apply commit 32b6170ca59c("ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV")into the 4.4 stable kernel

by Yongqin Liu

Hi, All Sorry, I am following the instructions in Documentation/networking/netdev-FAQ.txt to send out this mail, if I was wrong or there are more things I need to do, please let me know. After investigated on some failures of the android VtsKernelNetTest module test, I found that without the change of "ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV", the config of CRYPTO_ECHAINIV will be generated as m by default in the .config file, which needs more module loading process to be done. But with the 4.9 and 4.14 kernels which have the change, CRYPTO_ECHAINIV will be generated as y by default in the .config file. We could set config of CRYPTO_ECHAINIV to y explicitly to generated the correct .config file, but having the change of "ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV" cherry picked into the 4.4 stable kernel looks more like the right solution. The commit id for that change is 32b6170ca59ccf07d0e394561e54b2cd9726038c, it's already in 4.9 and 4.14 kernels, like here: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net… Could you please help to check if we could have 32b6170ca59ccf07d0e394561e54b2cd9726038c in the 4.4 stable kernel? The patch is here: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/net?… Thanks in advance! -- Best Regards, Yongqin Liu

7 years, 1 month

2
4
0 0

[PATCH] uprobes: Use synchronize_rcu() not synchronize_sched()

by Steven Rostedt

From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> While debugging another bug, I was looking at all the synchronize*() functions being used in kernel/trace, and noticed that trace_uprobes was using synchronize_sched(), with a comment to synchronize with {u,ret}_probe_trace_func(). When looking at those functions, the data is protected with "rcu_read_lock()" and not with "rcu_read_lock_sched()". This is using the wrong synchronize_*() function. Cc: stable(a)vger.kernel.org Fixes: 70ed91c6ec7f8 ("tracing/uprobes: Support ftrace_event_file base multibuffer") Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_uprobe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index bf89a51e740d..ac02fafc9f1b 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -952,7 +952,7 @@ probe_event_disable(struct trace_uprobe *tu, struct trace_event_file *file) list_del_rcu(&link->list); /* synchronize with u{,ret}probe_trace_func */ - synchronize_sched(); + synchronize_rcu(); kfree(link); if (!list_empty(&tu->tp.files)) -- 2.13.6

7 years, 1 month

2
6
0 0

did you check it

by Kelly

Your photos need editing. We can do it for you. We do editing for e-commerce photos, jewelries images and portrait photos etc. This will include cutout and clipping path etc , also retouching if needed. Let;s know if you want to send photos for working. We can do test on your photos. Thanks, Kelly

7 years, 1 month

1
0
0 0

[PATCH 2/2] drm/nouveau: Reset MST branching unit before enabling

by Lyude Paul

When probing a new MST device, it's not safe to make any assumptions about it's current state. While most well mannered MST hubs will just disable the branching unit on hotplug disconnects, this isn't enough to save us from various other scenarios that might have resulted in something writing to the MST branching unit before we got control of it. This could happen if a previous probe we tried failed, if we're booting in kexec context and the hub is still in the state the last kernel put it in, etc. Luckily; there is no reason we can't just reset the branching unit every time we enable a new topology. So, fix this by resetting it on enabling new topologies to ensure that we always start off with a clean, unmodified topology state on MST sinks. This fixes occasional hard-lockups on my P50's laptop dock (e.g. AUX times out all DPCD trasactions) observed after multiple docks, undocks, and module reloads. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index cdb3ef7c5d86..61bc36e9c915 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -1098,17 +1098,21 @@ nv50_mstm_enable(struct nv50_mstm *mstm, u8 dpcd, int state) int ret; if (dpcd >= 0x12) { - ret = drm_dp_dpcd_readb(mstm->mgr.aux, DP_MSTM_CTRL, &dpcd); + /* Even if we're enabling MST, start with disabling the + * branching unit to clear any sink-side MST topology state + * that wasn't set by us + */ + ret = drm_dp_dpcd_writeb(mstm->mgr.aux, DP_MSTM_CTRL, 0); if (ret < 0) return ret; - dpcd &= ~DP_MST_EN; - if (state) - dpcd |= DP_MST_EN; - - ret = drm_dp_dpcd_writeb(mstm->mgr.aux, DP_MSTM_CTRL, dpcd); - if (ret < 0) - return ret; + if (state) { + /* Now, start initializing */ + ret = drm_dp_dpcd_writeb(mstm->mgr.aux, DP_MSTM_CTRL, + DP_MST_EN); + if (ret < 0) + return ret; + } } return nvif_mthd(disp, 0, &args, sizeof(args)); -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH 1/2] drm/nouveau: Only write DP_MSTM_CTRL when needed

by Lyude Paul

Currently, nouveau will re-write the DP_MSTM_CTRL register for an MST hub every time it receives a long HPD pulse on DP. This isn't actually necessary and additionally, has some unintended side effects. With the P50 I've got here, rewriting DP_MSTM_CTRL constantly seems to make it rather likely (1 out of 5 times usually) that bringing up MST with it's ThinkPad dock will fail and result in sideband messages timing out in the middle. Afterwards, successive probes don't manage to get the dock to communicate properly over MST sideband properly. Many times sideband message timeouts from MST hubs are indicative of either the source or the sink dropping an ESI event, which can cause DRM's perspective of the topology's current state to go out of sync with reality. While it's tough to really know for sure what's happening to the dock, using userspace tools to write to DP_MSTM_CTRL in the middle of the MST link probing process does appear to make things flaky. It's possible that when we write to DP_MSTM_CTRL, the function that gets triggered to respond in the dock's firmware temporarily puts it in a state where it might end up not reporting an ESI to the source, or ends up dropping a sideband message we sent it. So, to fix this we make it so that when probing an MST topology, we respect it's current state. If the dock's already enabled, we simply read DP_MSTM_CTRL and disable the topology if it's value is not what we expected. Otherwise, we perform the normal MST probing dance. We avoid taking any action except if the state of the MST topology actually changes. This fixes MST sideband message timeouts and detection failures on my P50 with its ThinkPad dock. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 45 ++++++++++++++++++++----- 1 file changed, 36 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index f6c0b2aa9857..cdb3ef7c5d86 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -1117,31 +1117,58 @@ nv50_mstm_enable(struct nv50_mstm *mstm, u8 dpcd, int state) int nv50_mstm_detect(struct nv50_mstm *mstm, u8 dpcd[8], int allow) { - int ret, state = 0; + struct drm_dp_aux *aux; + int ret; + bool old_state, new_state; + u8 mstm_ctrl; if (!mstm) return 0; - if (dpcd[0] >= 0x12) { - ret = drm_dp_dpcd_readb(mstm->mgr.aux, DP_MSTM_CAP, &dpcd[1]); + mutex_lock(&mstm->mgr.lock); + + old_state = mstm->mgr.mst_state; + new_state = old_state; + aux = mstm->mgr.aux; + + if (old_state) { + /* Just check that the MST hub is still as we expect it */ + ret = drm_dp_dpcd_readb(aux, DP_MSTM_CTRL, &mstm_ctrl); + if (ret < 0 || !(mstm_ctrl & DP_MST_EN)) { + DRM_DEBUG_KMS("Hub gone, disabling MST topology\n"); + new_state = false; + } + } else if (dpcd[0] >= 0x12) { + ret = drm_dp_dpcd_readb(aux, DP_MSTM_CAP, &dpcd[1]); if (ret < 0) - return ret; + goto probe_error; if (!(dpcd[1] & DP_MST_CAP)) dpcd[0] = 0x11; else - state = allow; + new_state = allow; } - ret = nv50_mstm_enable(mstm, dpcd[0], state); + if (new_state == old_state) { + mutex_unlock(&mstm->mgr.lock); + return new_state; + } + + ret = nv50_mstm_enable(mstm, dpcd[0], new_state); if (ret) - return ret; + goto probe_error; + + mutex_unlock(&mstm->mgr.lock); - ret = drm_dp_mst_topology_mgr_set_mst(&mstm->mgr, state); + ret = drm_dp_mst_topology_mgr_set_mst(&mstm->mgr, new_state); if (ret) return nv50_mstm_enable(mstm, dpcd[0], 0); - return mstm->mgr.mst_state; + return new_state; + +probe_error: + mutex_unlock(&mstm->mgr.lock); + return ret; } static void -- 2.17.1

7 years, 1 month

1
0
0 0

[for-next][PATCH 6/6] uprobes: Use synchronize_rcu() not synchronize_sched()

by Steven Rostedt

From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> While debugging another bug, I was looking at all the synchronize*() functions being used in kernel/trace, and noticed that trace_uprobes was using synchronize_sched(), with a comment to synchronize with {u,ret}_probe_trace_func(). When looking at those functions, the data is protected with "rcu_read_lock()" and not with "rcu_read_lock_sched()". This is using the wrong synchronize_*() function. Cc: stable(a)vger.kernel.org Fixes: 70ed91c6ec7f8 ("tracing/uprobes: Support ftrace_event_file base multibuffer") Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_uprobe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index bf89a51e740d..ac02fafc9f1b 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -952,7 +952,7 @@ probe_event_disable(struct trace_uprobe *tu, struct trace_event_file *file) list_del_rcu(&link->list); /* synchronize with u{,ret}probe_trace_func */ - synchronize_sched(); + synchronize_rcu(); kfree(link); if (!list_empty(&tu->tp.files)) -- 2.18.0

7 years, 1 month

1
0
0 0

[PATCH v5 1/3] blkcg: Introduce blkg_root_lookup()

by Bart Van Assche

This new function will be used in a later patch to verify whether a queue has been dissociated from the cgroup controller before being released. Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Tejun Heo <tj(a)kernel.org> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Ming Lei <ming.lei(a)redhat.com> Cc: Omar Sandoval <osandov(a)fb.com> Cc: Johannes Thumshirn <jthumshirn(a)suse.de> Cc: Alexandru Moise <00moses.alexander00(a)gmail.com> Cc: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> --- include/linux/blk-cgroup.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/include/linux/blk-cgroup.h b/include/linux/blk-cgroup.h index f7b910768306..1361cfc9b878 100644 --- a/include/linux/blk-cgroup.h +++ b/include/linux/blk-cgroup.h @@ -341,6 +341,23 @@ static inline struct blkcg_gq *blkg_lookup(struct blkcg *blkcg, return __blkg_lookup(blkcg, q, false); } +/** + * blkg_lookup - look up blkg for the specified request queue + * @q: request_queue of interest + * + * Lookup blkg for @q at the root level. See also blkg_lookup(). + */ +static inline struct blkcg_gq *blkg_root_lookup(struct request_queue *q) +{ + struct blkcg_gq *blkg; + + rcu_read_lock(); + blkg = blkg_lookup(&blkcg_root, q); + rcu_read_unlock(); + + return blkg; +} + /** * blkg_to_pdata - get policy private data * @blkg: blkg of interest @@ -864,6 +881,7 @@ static inline bool blk_cgroup_congested(void) { return false; } static inline void blkcg_schedule_throttle(struct request_queue *q, bool use_memdelay) { } static inline struct blkcg_gq *blkg_lookup(struct blkcg *blkcg, void *key) { return NULL; } +static inline struct blkcg_gq *blkg_root_lookup(struct request_queue *q) { return NULL; } static inline int blkcg_init_queue(struct request_queue *q) { return 0; } static inline void blkcg_drain_queue(struct request_queue *q) { } static inline void blkcg_exit_queue(struct request_queue *q) { } -- 2.18.0

7 years, 1 month

4
3
0 0

v3.18.118 build: 0 failures 8 warnings (v3.18.118)

by Build bot for Mark Brown

Tree/Branch: v3.18.118 Git describe: v3.18.118 Commit: 830f9674e7 Linux 3.18.118 Build Time: 0 min 1 sec Passed: 7 / 7 (100.00 %) Failed: 0 / 7 ( 0.00 %) Errors: 0 Warnings: 8 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 5 warnings 0 mismatches : arm-allmodconfig 5 warnings 0 mismatches : arm-multi_v7_defconfig 12 warnings 0 mismatches : x86_64-allmodconfig 5 warnings 0 mismatches : arm-multi_v5_defconfig 7 warnings 0 mismatches : x86_64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 8 9 ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] 5 ../mm/slub.c:904:21: warning: format '%d' expects argument of type 'int', but argument 5 has type 'long unsigned int' [-Wformat=] 5 ../mm/slub.c:856:21: warning: too many arguments for format [-Wformat-extra-args] 5 ../mm/slub.c:851:21: warning: too many arguments for format [-Wformat-extra-args] 3 ../mm/slub.c:856:21: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] 3 ../mm/slub.c:851:21: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] 2 ../mm/slub.c:856:29: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] 2 ../mm/slub.c:851:31: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm-allmodconfig : PASS, 0 errors, 5 warnings, 0 section mismatches Warnings: ../mm/slub.c:851:21: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:851:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:856:21: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:856:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:904:21: warning: format '%d' expects argument of type 'int', but argument 5 has type 'long unsigned int' [-Wformat=] ------------------------------------------------------------------------------- arm-multi_v7_defconfig : PASS, 0 errors, 5 warnings, 0 section mismatches Warnings: ../mm/slub.c:851:21: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:851:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:856:21: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:856:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:904:21: warning: format '%d' expects argument of type 'int', but argument 5 has type 'long unsigned int' [-Wformat=] ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 12 warnings, 0 section mismatches Warnings: ../mm/slub.c:851:31: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:851:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:856:29: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:856:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:904:21: warning: format '%d' expects argument of type 'int', but argument 5 has type 'long unsigned int' [-Wformat=] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- arm-multi_v5_defconfig : PASS, 0 errors, 5 warnings, 0 section mismatches Warnings: ../mm/slub.c:851:21: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:851:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:856:21: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:856:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:904:21: warning: format '%d' expects argument of type 'int', but argument 5 has type 'long unsigned int' [-Wformat=] ------------------------------------------------------------------------------- x86_64-defconfig : PASS, 0 errors, 7 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../mm/slub.c:851:31: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:851:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:856:29: warning: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'const char *' [-Wformat=] ../mm/slub.c:856:21: warning: too many arguments for format [-Wformat-extra-args] ../mm/slub.c:904:21: warning: format '%d' expects argument of type 'int', but argument 5 has type 'long unsigned int' [-Wformat=] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig arm-allnoconfig

7 years, 1 month

1
0
0 0

[PATCH] pci/sriov: Hold rescan lock while enumerating

by Keith Busch

PCI enumeration/de-enumeration needs to run single threaded to prevent race conditions with other threads changing the topology. Altering the number of virtual functions was not taking the rescan/remove lock hile adding or removing those virtual functions, so this patch adds that. Reported-by: Krzysztof Wierzbicki <krzysztof.wierzbicki(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Keith Busch <keith.busch(a)intel.com> --- drivers/pci/pci-sysfs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c index 9ecfe13157c0..611abe220b6f 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -591,6 +591,7 @@ static ssize_t sriov_numvfs_store(struct device *dev, if (num_vfs > pci_sriov_get_totalvfs(pdev)) return -ERANGE; + pci_lock_rescan_remove(); device_lock(&pdev->dev); if (num_vfs == pdev->sriov->num_VFs) @@ -627,6 +628,7 @@ static ssize_t sriov_numvfs_store(struct device *dev, exit: device_unlock(&pdev->dev); + pci_unlock_rescan_remove(); if (ret < 0) return ret; -- 2.14.4

7 years, 1 month

1
0
0 0

[PATCH v5 3/3] block: Ensure that a request queue is dissociated from the cgroup controller

by Bart Van Assche

Several block drivers call alloc_disk() followed by put_disk() if something fails before device_add_disk() is called without calling blk_cleanup_queue(). Make sure that also for this scenario a request queue is dissociated from the cgroup controller. This patch avoids that loading the parport_pc, paride and pf drivers triggers the following kernel crash: BUG: KASAN: null-ptr-deref in pi_init+0x42e/0x580 [paride] Read of size 4 at addr 0000000000000008 by task modprobe/744 Call Trace: dump_stack+0x9a/0xeb kasan_report+0x139/0x350 pi_init+0x42e/0x580 [paride] pf_init+0x2bb/0x1000 [pf] do_one_initcall+0x8e/0x405 do_init_module+0xd9/0x2f2 load_module+0x3ab4/0x4700 SYSC_finit_module+0x176/0x1a0 do_syscall_64+0xee/0x2b0 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Reported-by: Alexandru Moise <00moses.alexander00(a)gmail.com> Fixes: a063057d7c73 ("block: Fix a race between request queue removal and the block cgroup controller") # v4.17 Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Tested-by: Alexandru Moise <00moses.alexander00(a)gmail.com> Reviewed-by: Johannes Thumshirn <jthumshirn(a)suse.de> Cc: Tejun Heo <tj(a)kernel.org> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Ming Lei <ming.lei(a)redhat.com> Cc: Alexandru Moise <00moses.alexander00(a)gmail.com> Cc: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> --- block/blk-sysfs.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/block/blk-sysfs.c b/block/blk-sysfs.c index ca1984ecbdeb..fcadea471779 100644 --- a/block/blk-sysfs.c +++ b/block/blk-sysfs.c @@ -802,6 +802,21 @@ static void __blk_release_queue(struct work_struct *work) blk_stat_remove_callback(q, q->poll_cb); blk_stat_free_callback(q->poll_cb); + if (!blk_queue_dead(q)) { + /* + * Last reference was dropped without having called + * blk_cleanup_queue(). + */ + WARN_ONCE(blk_queue_init_done(q), + "request queue %p has been registered but blk_cleanup_queue() has not been called for that queue\n", + q); + blk_exit_queue(q); + } + + WARN(blkg_root_lookup(q), + "request queue %p is being released but it has not yet been removed from the blkcg controller\n", + q); + blk_free_queue_stats(q->stats); blk_exit_rl(q, &q->root_rl); -- 2.18.0

7 years, 1 month

1
0
0 0

[PATCH v5 2/3] block: Introduce blk_exit_queue()

by Bart Van Assche

This patch does not change any functionality. Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Reviewed-by: Johannes Thumshirn <jthumshirn(a)suse.de> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Ming Lei <ming.lei(a)redhat.com> Cc: Omar Sandoval <osandov(a)fb.com> Cc: Alexandru Moise <00moses.alexander00(a)gmail.com> Cc: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> --- block/blk-core.c | 54 +++++++++++++++++++++++++++--------------------- block/blk.h | 1 + 2 files changed, 31 insertions(+), 24 deletions(-) diff --git a/block/blk-core.c b/block/blk-core.c index 2e054b65de42..55bc22ef2934 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -719,6 +719,35 @@ void blk_set_queue_dying(struct request_queue *q) } EXPORT_SYMBOL_GPL(blk_set_queue_dying); +/* Unconfigure the I/O scheduler and dissociate from the cgroup controller. */ +void blk_exit_queue(struct request_queue *q) +{ + /* + * Since the I/O scheduler exit code may access cgroup information, + * perform I/O scheduler exit before disassociating from the block + * cgroup controller. + */ + if (q->elevator) { + ioc_clear_queue(q); + elevator_exit(q, q->elevator); + q->elevator = NULL; + } + + /* + * Remove all references to @q from the block cgroup controller before + * restoring @q->queue_lock to avoid that restoring this pointer causes + * e.g. blkcg_print_blkgs() to crash. + */ + blkcg_exit_queue(q); + + /* + * Since the cgroup code may dereference the @q->backing_dev_info + * pointer, only decrease its reference count after having removed the + * association with the block cgroup controller. + */ + bdi_put(q->backing_dev_info); +} + /** * blk_cleanup_queue - shutdown a request queue * @q: request queue to shutdown @@ -788,30 +817,7 @@ void blk_cleanup_queue(struct request_queue *q) */ WARN_ON_ONCE(q->kobj.state_in_sysfs); - /* - * Since the I/O scheduler exit code may access cgroup information, - * perform I/O scheduler exit before disassociating from the block - * cgroup controller. - */ - if (q->elevator) { - ioc_clear_queue(q); - elevator_exit(q, q->elevator); - q->elevator = NULL; - } - - /* - * Remove all references to @q from the block cgroup controller before - * restoring @q->queue_lock to avoid that restoring this pointer causes - * e.g. blkcg_print_blkgs() to crash. - */ - blkcg_exit_queue(q); - - /* - * Since the cgroup code may dereference the @q->backing_dev_info - * pointer, only decrease its reference count after having removed the - * association with the block cgroup controller. - */ - bdi_put(q->backing_dev_info); + blk_exit_queue(q); if (q->mq_ops) blk_mq_free_queue(q); diff --git a/block/blk.h b/block/blk.h index 6adae8f94279..aeb8026f4d7b 100644 --- a/block/blk.h +++ b/block/blk.h @@ -130,6 +130,7 @@ void blk_free_flush_queue(struct blk_flush_queue *q); int blk_init_rl(struct request_list *rl, struct request_queue *q, gfp_t gfp_mask); void blk_exit_rl(struct request_queue *q, struct request_list *rl); +void blk_exit_queue(struct request_queue *q); void blk_rq_bio_prep(struct request_queue *q, struct request *rq, struct bio *bio); void blk_queue_bypass_start(struct request_queue *q); -- 2.18.0

7 years, 1 month

1
0
0 0

want to edit

by Tony

We just found that you need image editing. We are an image studio, we do all kinds of image editing such as for e-commerce photos, jewelry images and portrait mages. Our service includes cutting out and clipping path etc , we also do retouching. You may send us a photo, testing will be provided to check our quality Thanks, Tony Glenn

7 years, 1 month

1
0
0 0

in our studio

by Tony

We just found that you need image editing. We are an image studio, we do all kinds of image editing such as for e-commerce photos, jewelry images and portrait mages. Our service includes cutting out and clipping path etc , we also do retouching. You may send us a photo, testing will be provided to check our quality Thanks, Tony Glenn

7 years, 1 month

1
0
0 0

Linux 3.18.118

by Greg KH

I'm announcing the release of the 3.18.118 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/microblaze/boot/Makefile | 10 ++-- arch/powerpc/kernel/head_8xx.S | 2 arch/powerpc/kernel/pci_32.c | 1 arch/powerpc/platforms/chrp/time.c | 6 +- arch/powerpc/platforms/embedded6xx/hlwd-pic.c | 5 ++ arch/powerpc/platforms/powermac/bootx_init.c | 4 + arch/powerpc/platforms/powermac/setup.c | 1 arch/s390/include/asm/cpu_mf.h | 6 +- arch/x86/kernel/cpu/perf_event_intel_uncore.c | 2 arch/x86/kernel/cpu/perf_event_intel_uncore_nhmex.c | 2 crypto/authenc.c | 1 crypto/authencesn.c | 1 drivers/acpi/pci_root.c | 4 + drivers/ata/libata-eh.c | 12 +++-- drivers/char/random.c | 10 +++- drivers/crypto/padlock-aes.c | 8 ++- drivers/gpu/drm/gma500/psb_intel_drv.h | 2 drivers/gpu/drm/gma500/psb_intel_lvds.c | 2 drivers/gpu/drm/radeon/radeon_connectors.c | 10 ++-- drivers/hid/i2c-hid/i2c-hid.c | 8 +++ drivers/infiniband/core/mad.c | 11 ++-- drivers/infiniband/core/ucma.c | 6 ++ drivers/md/md.c | 3 + drivers/media/common/siano/smsendian.c | 14 ++--- drivers/media/i2c/smiapp/smiapp-core.c | 11 ++-- drivers/media/pci/saa7164/saa7164-fw.c | 3 - drivers/media/platform/omap3isp/isp.c | 7 +- drivers/media/radio/si470x/radio-si470x-i2c.c | 6 +- drivers/net/can/usb/ems_usb.c | 1 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 drivers/net/wireless/ath/regd.h | 5 ++ drivers/net/wireless/ath/regd_common.h | 13 +++++ drivers/net/wireless/mwifiex/usb.c | 3 + drivers/net/wireless/rsi/rsi_91x_sdio.c | 2 drivers/net/wireless/ti/wlcore/sdio.c | 5 ++ drivers/net/xen-netfront.c | 6 ++ drivers/pci/pci-sysfs.c | 15 +++--- drivers/regulator/pfuze100-regulator.c | 1 drivers/rtc/interface.c | 5 ++ drivers/scsi/3w-9xxx.c | 5 ++ drivers/scsi/3w-xxxx.c | 3 + drivers/scsi/megaraid.c | 3 + drivers/scsi/qla2xxx/qla_init.c | 7 +- drivers/scsi/qla2xxx/qla_os.c | 5 +- drivers/scsi/sg.c | 1 drivers/scsi/ufs/ufshcd.c | 2 drivers/tty/hvc/hvc_opal.c | 1 drivers/tty/pty.c | 3 + drivers/usb/core/hub.c | 4 + drivers/virtio/virtio_balloon.c | 2 fs/jfs/xattr.c | 10 ++-- fs/squashfs/block.c | 2 fs/squashfs/cache.c | 3 + fs/squashfs/file.c | 8 ++- fs/squashfs/fragment.c | 17 ++++--- fs/squashfs/squashfs_fs.h | 6 ++ fs/squashfs/squashfs_fs_sb.h | 1 fs/squashfs/super.c | 5 +- include/linux/ring_buffer.h | 1 include/net/tcp.h | 2 kernel/bpf/verifier.c | 4 - kernel/trace/ring_buffer.c | 16 ++++++ kernel/trace/trace.c | 6 ++ kernel/trace/trace_events_trigger.c | 18 +++++-- kernel/trace/trace_kprobe.c | 15 +++++- mm/slub.c | 2 mm/vmalloc.c | 3 - net/dsa/slave.c | 6 ++ net/ipv4/fib_frontend.c | 4 - net/ipv4/inet_fragment.c | 10 ++-- net/ipv4/ipconfig.c | 13 +++++ net/ipv4/tcp_dctcp.c | 4 - net/ipv4/tcp_input.c | 48 ++++++++++---------- sound/pci/emu10k1/emupcm.c | 4 + sound/pci/emu10k1/memory.c | 6 +- sound/pci/fm801.c | 16 +++++- sound/pci/hda/patch_ca0132.c | 8 ++- sound/soc/soc-pcm.c | 6 +- sound/usb/pcm.c | 2 tools/usb/usbip/src/usbip_detach.c | 9 ++- 81 files changed, 365 insertions(+), 144 deletions(-) Alexandre Belloni (1): rtc: ensure rtc_set_alarm fails when alarms are not supported Anil Gurumurthy (1): scsi: qla2xxx: Return error when TMF returns Anson Huang (1): regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops Anton Vasilyev (1): can: ems_usb: Fix memory leak on ems_usb_disconnect() Artem Savkov (1): tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure Brad Love (1): media: saa7164: Fix driver name in debug output Chintan Pandya (1): mm: vmalloc: avoid racy handling of debugobjects in vunmap Chris Novakovic (1): ipconfig: Correctly initialise ic_nameservers Christoph Hellwig (1): PCI: Prevent sysfs disable of device while driver is attached Christophe Leroy (1): powerpc/8xx: fix invalid register expression in head_8xx.S Colin Ian King (1): media: smiapp: fix timeout checking in smiapp_read_nvm Cong Wang (1): infiniband: fix a possible use-after-free bug DaeRyong Jeong (1): tty: Fix data race in tty_insert_flip_string_fixed_flag Damien Le Moal (1): libata: Fix command retry decision Dan Carpenter (1): scsi: megaraid: silence a static checker bug Dmitry Torokhov (1): HID: i2c-hid: check if device is there before really probing Dominik Bozek (1): usb: hub: Don't wait for connect state at resume for powered-off ports Eric Dumazet (5): tcp: do not force quickack when receiving out-of-order packets tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode tcp: do not aggressively quick ack after ECN events tcp: add one more quick ack after after ECN events inet: frag: enforce memory limits earlier Eugeniy Paltsev (1): NET: stmmac: align DMA stuff to largest cache line length Eyal Reizer (1): wlcore: sdio: check for valid platform device data before suspend Florian Fainelli (1): net: dsa: Do not suspend/resume closed slave_dev Ganapathi Bhat (1): mwifiex: handle race during mwifiex_usb_disconnect Greg Kroah-Hartman (1): Linux 3.18.118 Herbert Xu (1): crypto: padlock-aes - Fix Nano workaround data corruption Jakub Kicinski (1): bpf: fix references to free_bpf_prog_info() in comments Jiang Biao (1): virtio_balloon: fix another race between migration and ballooning Jonathan Neuschäfer (1): powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet Kai Chieh Chuang (1): ASoC: dpcm: fix BE dai not hw_free and shutdown Kan Liang (2): perf/x86/intel/uncore: Correct fixed counter index check in generic code perf/x86/intel/uncore: Correct fixed counter index check for NHM Leon Romanovsky (1): RDMA/mad: Convert BUG_ONs to error flows Linus Torvalds (3): squashfs: be more careful about metadata corruption squashfs: more metadata hardening squashfs: more metadata hardenings Lorenzo Bianconi (1): ipv4: remove BUG_ON() from fib_compute_spec_dst Luc Van Oostenryck (2): drm/radeon: fix mode_valid's return type drm/gma500: fix psb_intel_lvds_mode_valid()'s return type Masami Hiramatsu (1): ring_buffer: tracing: Inherit the tracing setting to next ring buffer Mathieu Malaterre (5): mm/slub.c: add __printf verification to slab_err() powerpc/32: Add a missing include header powerpc/chrp/time: Make some functions static, add missing header include powerpc/powermac: Add missing prototype for note_bootable_part() powerpc/powermac: Mark variable x as unused Mauro Carvalho Chehab (2): media: siano: get rid of __le32/__le16 cast warnings media: si470x: fix __be16 annotations Maya Erez (1): scsi: ufs: fix exception event handling Michal Simek (1): microblaze: Fix simpleImage format generation Mika Westerberg (1): PCI: pciehp: Request control of native hotplug only if supported Quinn Tran (1): scsi: qla2xxx: Fix ISP recovery on unload Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Shuah Khan (Samsung OSG) (1): usbip: usbip_detach: Fix memory, udev context and udev leak Siva Rebbagondla (1): rsi: Fix 'invalid vdd' warning in mmc Steven Rostedt (VMware) (3): tracing: Fix double free of event_trigger_data tracing: Fix possible double free in event_enable_trigger_func() tracing: Quiet gcc warning about maybe unused link variable Stewart Smith (1): hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common() Suman Anna (1): media: omap3isp: fix unbalanced dma_iommu_mapping Sven Eckelmann (9): ath: Add regulatory mapping for FCC3_ETSIC ath: Add regulatory mapping for ETSI8_WORLD ath: Add regulatory mapping for APL13_WORLD ath: Add regulatory mapping for APL2_FCCA ath: Add regulatory mapping for Uganda ath: Add regulatory mapping for Tanzania ath: Add regulatory mapping for Serbia ath: Add regulatory mapping for Bermuda ath: Add regulatory mapping for Bahamas Takashi Iwai (2): ALSA: emu10k1: Rate-limit error messages about page errors ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback Takashi Sakamoto (1): ALSA: hda/ca0132: fix build failure when a local macro is defined Theodore Ts'o (1): random: mix rdrand with entropy sent in from userspace Thomas Richter (2): s390/cpum_sf: Add data entry sizes to sampling trailer entry perf: fix invalid bit in diagnostic entry Tony Battersby (1): scsi: sg: fix minor memory leak in error path Tudor-Dan Ambarus (2): crypto: authencesn - don't leak pointers to authenc keys crypto: authenc - don't leak pointers to authenc keys Wenwen Wang (2): scsi: 3w-9xxx: fix a missing-check bug scsi: 3w-xxxx: fix a missing-check bug Xiao Liang (1): xen-netfront: wait xenbus state change when load module manually Yousuk Seung (1): tcp: refactor tcp_ecn_check_ce to remove sk type cast Yufen Yu (1): md: fix NULL dereference of mddev->pers in remove_and_add_spares() Zhouyang Jia (2): ALSA: emu10k1: add error handling for snd_ctl_add ALSA: fm801: add error handling for snd_ctl_add

7 years, 1 month

1
1
0 0

Linux 4.4.147

by Greg KH

I'm announcing the release of the 4.4.147 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- drivers/i2c/busses/i2c-imx.c | 3 +-- drivers/pci/pci-acpi.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 7 +++---- drivers/scsi/qla2xxx/qla_os.c | 5 +++-- fs/ext4/super.c | 4 ++-- fs/jfs/xattr.c | 10 ++++++---- include/linux/ring_buffer.h | 1 + kernel/irq/manage.c | 9 ++++++++- kernel/time/tick-sched.c | 2 +- kernel/trace/ring_buffer.c | 16 ++++++++++++++++ kernel/trace/trace.c | 6 ++++++ net/netlink/af_netlink.c | 5 +++++ 13 files changed, 54 insertions(+), 18 deletions(-) Anil Gurumurthy (1): scsi: qla2xxx: Return error when TMF returns Anna-Maria Gleixner (1): nohz: Fix local_timer_softirq_pending() Dmitry Safonov (3): netlink: Do not subscribe to non-existent groups netlink: Don't shift with UB on nlk->ngroups netlink: Don't shift on 64 for ngroups Esben Haabendal (1): i2c: imx: Fix reinit_completion() use Greg Kroah-Hartman (1): Linux 4.4.147 Masami Hiramatsu (1): ring_buffer: tracing: Inherit the tracing setting to next ring buffer Quinn Tran (1): scsi: qla2xxx: Fix ISP recovery on unload Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Theodore Ts'o (1): ext4: fix false negatives *and* false positives in ext4_check_descriptors() Thomas Gleixner (1): genirq: Make force irq threading setup more robust Vitaly Kuznetsov (1): ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle

7 years, 1 month

1
1
0 0

Linux 4.9.119

by Greg KH

I'm announcing the release of the 4.9.119 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- drivers/i2c/busses/i2c-imx.c | 3 +-- drivers/infiniband/hw/hfi1/rc.c | 2 +- drivers/infiniband/hw/hfi1/uc.c | 4 ++-- drivers/infiniband/hw/hfi1/ud.c | 4 ++-- drivers/infiniband/hw/hfi1/verbs_txreq.c | 4 ++-- drivers/infiniband/hw/hfi1/verbs_txreq.h | 4 ++-- drivers/pci/pci-acpi.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 7 +++---- drivers/scsi/qla2xxx/qla_os.c | 5 +++-- fs/btrfs/extent_io.c | 3 +++ fs/ext4/super.c | 4 ++-- fs/jfs/xattr.c | 10 ++++++---- include/linux/ring_buffer.h | 1 + include/linux/thread_info.h | 7 +------ kernel/fork.c | 3 +++ kernel/irq/manage.c | 9 ++++++++- kernel/time/tick-sched.c | 2 +- kernel/trace/ring_buffer.c | 16 ++++++++++++++++ kernel/trace/trace.c | 6 ++++++ net/ipv4/tcp_input.c | 23 +++++++++++++++++++++-- net/netlink/af_netlink.c | 5 +++++ 22 files changed, 91 insertions(+), 35 deletions(-) Anil Gurumurthy (1): scsi: qla2xxx: Return error when TMF returns Anna-Maria Gleixner (1): nohz: Fix local_timer_softirq_pending() Dmitry Safonov (3): netlink: Do not subscribe to non-existent groups netlink: Don't shift with UB on nlk->ngroups netlink: Don't shift on 64 for ngroups Eric Dumazet (1): tcp: add tcp_ooo_try_coalesce() helper Esben Haabendal (1): i2c: imx: Fix reinit_completion() use Filipe Manana (1): Btrfs: fix file data corruption after cloning a range and fsync Greg Kroah-Hartman (1): Linux 4.9.119 Kees Cook (1): fork: unconditionally clear stack on fork Konstantin Khlebnikov (1): kmemleak: clear stale pointers from task stacks Masami Hiramatsu (1): ring_buffer: tracing: Inherit the tracing setting to next ring buffer Michael J. Ruhl (1): IB/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values Quinn Tran (1): scsi: qla2xxx: Fix ISP recovery on unload Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Theodore Ts'o (1): ext4: fix false negatives *and* false positives in ext4_check_descriptors() Thomas Gleixner (1): genirq: Make force irq threading setup more robust Vitaly Kuznetsov (1): ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle

7 years, 1 month

1
1
0 0

Linux 4.14.62

by Greg KH

I'm announcing the release of the 4.14.62 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - drivers/i2c/busses/i2c-imx.c | 3 - drivers/idle/intel_idle.c | 7 +++- drivers/nvme/host/pci.c | 64 ++++++++++++++++---------------------- drivers/nvme/target/fc.c | 44 ++++++++++++++++++++------ drivers/pci/pci-acpi.c | 2 - drivers/scsi/qla2xxx/qla_attr.c | 1 drivers/scsi/qla2xxx/qla_gbl.h | 1 drivers/scsi/qla2xxx/qla_gs.c | 4 ++ drivers/scsi/qla2xxx/qla_init.c | 7 +--- drivers/scsi/qla2xxx/qla_inline.h | 2 + drivers/scsi/qla2xxx/qla_mid.c | 5 ++ drivers/scsi/qla2xxx/qla_os.c | 7 ++-- fs/btrfs/extent_io.c | 3 + fs/ext4/super.c | 4 +- fs/jfs/xattr.c | 10 +++-- fs/xfs/libxfs/xfs_attr_leaf.c | 5 +- fs/xfs/xfs_icache.c | 58 ++++++++++++++++++++++++++++++---- include/linux/ring_buffer.h | 1 kernel/irq/manage.c | 9 ++++- kernel/softirq.c | 2 - kernel/time/tick-sched.c | 2 - kernel/trace/ring_buffer.c | 16 +++++++++ kernel/trace/trace.c | 6 +++ net/netlink/af_netlink.c | 4 +- 25 files changed, 191 insertions(+), 78 deletions(-) Anil Gurumurthy (1): scsi: qla2xxx: Return error when TMF returns Anna-Maria Gleixner (1): nohz: Fix local_timer_softirq_pending() Dave Chinner (2): xfs: catch inode allocation state mismatch corruption xfs: validate cached inodes are free when allocated Dmitry Safonov (1): netlink: Don't shift on 64 for ngroups Eric Sandeen (1): xfs: don't call xfs_da_shrink_inode with NULL bp Esben Haabendal (1): i2c: imx: Fix reinit_completion() use Filipe Manana (1): Btrfs: fix file data corruption after cloning a range and fsync Frederic Weisbecker (1): nohz: Fix missing tick reprogram when interrupting an inline softirq Greg Kroah-Hartman (1): Linux 4.14.62 James Smart (1): nvmet-fc: fix target sgl list on large transfers Keith Busch (1): nvme-pci: Fix queue double allocations Len Brown (1): intel_idle: Graceful probe failure when MWAIT is disabled Masami Hiramatsu (1): ring_buffer: tracing: Inherit the tracing setting to next ring buffer Quinn Tran (3): scsi: qla2xxx: Fix unintialized List head crash scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion scsi: qla2xxx: Fix ISP recovery on unload Sagi Grimberg (1): nvme-pci: allocate device queues storage space at probe Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Theodore Ts'o (1): ext4: fix false negatives *and* false positives in ext4_check_descriptors() Thomas Gleixner (1): genirq: Make force irq threading setup more robust Vitaly Kuznetsov (1): ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle

7 years, 1 month

1
1
0 0

Linux 4.17.14

by Greg KH

I'm announcing the release of the 4.17.14 kernel. All users of the 4.17 kernel series must upgrade. The updated 4.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.17.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/x86/events/intel/uncore.h | 2 arch/x86/events/intel/uncore_snbep.c | 10 +++- block/blk-core.c | 5 +- drivers/i2c/busses/i2c-imx.c | 3 - drivers/scsi/qla2xxx/qla_attr.c | 1 drivers/scsi/qla2xxx/qla_gbl.h | 1 drivers/scsi/qla2xxx/qla_gs.c | 4 + drivers/scsi/qla2xxx/qla_init.c | 7 +-- drivers/scsi/qla2xxx/qla_inline.h | 2 drivers/scsi/qla2xxx/qla_isr.c | 3 + drivers/scsi/qla2xxx/qla_mbx.c | 6 ++ drivers/scsi/qla2xxx/qla_mid.c | 11 ++++- drivers/scsi/qla2xxx/qla_os.c | 51 ++++++++++-------------- drivers/scsi/qla2xxx/qla_sup.c | 3 + fs/btrfs/extent_io.c | 3 + fs/jfs/jfs_dinode.h | 7 +++ fs/jfs/jfs_incore.h | 1 fs/jfs/super.c | 3 - fs/jfs/xattr.c | 10 ++-- fs/xfs/libxfs/xfs_attr_leaf.c | 5 -- fs/xfs/xfs_icache.c | 73 +++++++++++++++++++++++------------ include/linux/ring_buffer.h | 1 kernel/irq/manage.c | 9 +++- kernel/softirq.c | 2 kernel/time/tick-sched.c | 2 kernel/trace/ring_buffer.c | 16 +++++++ kernel/trace/trace.c | 6 ++ net/netlink/af_netlink.c | 4 - 29 files changed, 170 insertions(+), 83 deletions(-) Anil Gurumurthy (1): scsi: qla2xxx: Return error when TMF returns Anna-Maria Gleixner (1): nohz: Fix local_timer_softirq_pending() Dave Chinner (1): xfs: validate cached inodes are free when allocated Dmitry Safonov (1): netlink: Don't shift on 64 for ngroups Eric Sandeen (1): xfs: don't call xfs_da_shrink_inode with NULL bp Esben Haabendal (1): i2c: imx: Fix reinit_completion() use Filipe Manana (1): Btrfs: fix file data corruption after cloning a range and fsync Frederic Weisbecker (1): nohz: Fix missing tick reprogram when interrupting an inline softirq Greg Kroah-Hartman (1): Linux 4.17.14 Kan Liang (1): perf/x86/intel/uncore: Fix hardcoded index of Broadwell extra PCI devices Kees Cook (1): jfs: Fix usercopy whitelist for inline inode data Linus Torvalds (1): Partially revert "block: fail op_is_write() requests to read-only partitions" Masami Hiramatsu (1): ring_buffer: tracing: Inherit the tracing setting to next ring buffer Quinn Tran (4): scsi: qla2xxx: Fix unintialized List head crash scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion scsi: qla2xxx: Fix driver unload by shutting down chip scsi: qla2xxx: Fix ISP recovery on unload Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Thomas Gleixner (1): genirq: Make force irq threading setup more robust

7 years, 1 month

1
1
0 0

[PATCH 3.18.y 5/5] switch ->setxattr() to passing dentry and inode separately

by Seung-Woo Kim

From: Al Viro <viro(a)zeniv.linux.org.uk> smack ->d_instantiate() uses ->setxattr(), so to be able to call it before we'd hashed the new dentry and attached it to inode, we need ->setxattr() instances getting the inode as an explicit argument rather than obtaining it from dentry. Similar change for ->getxattr() had been done in commit ce23e64. Unlike ->getxattr() (which is used by both selinux and smack instances of ->d_instantiate()) ->setxattr() is used only by smack one and unfortunately it got missed back then. Reported-by: Seung-Woo Kim <sw0312.kim(a)samsung.com> Tested-by: Casey Schaufler <casey(a)schaufler-ca.com> Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> [sw0312.kim: backport to 3.18] Signed-off-by: Seung-Woo Kim <sw0312.kim(a)samsung.com> --- It is not clear, a26feccaba29 ("ceph: Get rid of d_find_alias in ceph_set_acl") is required backport for ceph or not. --- Documentation/filesystems/porting | 7 +++++++ .../staging/lustre/lustre/llite/llite_internal.h | 4 ++-- drivers/staging/lustre/lustre/llite/xattr.c | 6 ++---- fs/bad_inode.c | 4 ++-- fs/btrfs/xattr.c | 12 +++++++----- fs/btrfs/xattr.h | 5 +++-- fs/ceph/super.h | 4 ++-- fs/ceph/xattr.c | 7 ++++--- fs/cifs/cifsfs.h | 4 ++-- fs/cifs/xattr.c | 13 +++++++------ fs/ecryptfs/crypto.c | 9 +++++---- fs/ecryptfs/ecryptfs_kernel.h | 4 ++-- fs/ecryptfs/inode.c | 7 ++++--- fs/ecryptfs/mmap.c | 3 ++- fs/fuse/dir.c | 6 +++--- fs/gfs2/inode.c | 9 +++++---- fs/hfs/attr.c | 6 +++--- fs/hfs/hfs_fs.h | 2 +- fs/jfs/jfs_xattr.h | 4 ++-- fs/jfs/xattr.c | 10 +++++----- fs/kernfs/inode.c | 11 ++++++----- fs/kernfs/kernfs-internal.h | 3 ++- fs/overlayfs/inode.c | 5 +++-- fs/overlayfs/overlayfs.h | 5 +++-- fs/reiserfs/xattr.c | 8 ++++---- fs/reiserfs/xattr.h | 5 +++-- fs/ubifs/ubifs.h | 2 +- fs/ubifs/xattr.c | 4 ++-- fs/xattr.c | 9 +++++---- include/linux/fs.h | 3 ++- include/linux/xattr.h | 3 ++- mm/shmem.c | 10 ++++++---- security/smack/smack_lsm.c | 2 +- 33 files changed, 110 insertions(+), 86 deletions(-) diff --git a/Documentation/filesystems/porting b/Documentation/filesystems/porting index daf9acd..51bdd4a 100644 --- a/Documentation/filesystems/porting +++ b/Documentation/filesystems/porting @@ -469,3 +469,10 @@ in your dentry operations instead. dentry might be yet to be attached to inode, so do _not_ use its ->d_inode in the instances. Rationale: !@#!@# security_d_instantiate() needs to be called before we attach dentry to inode. +-- +[mandatory] + ->setxattr() and xattr_handler.set() get dentry and inode passed separately. + dentry might be yet to be attached to inode, so do _not_ use its ->d_inode + in the instances. Rationale: !@#!@# security_d_instantiate() needs to be + called before we attach dentry to inode and !@#!@##!@$!$#!@#$!@$!@$ smack + ->d_instantiate() uses not just ->getxattr() but ->setxattr() as well. diff --git a/drivers/staging/lustre/lustre/llite/llite_internal.h b/drivers/staging/lustre/lustre/llite/llite_internal.h index 442fe5b..d7ac9bc 100644 --- a/drivers/staging/lustre/lustre/llite/llite_internal.h +++ b/drivers/staging/lustre/lustre/llite/llite_internal.h @@ -1068,8 +1068,8 @@ static inline __u64 ll_file_maxbytes(struct inode *inode) } /* llite/xattr.c */ -int ll_setxattr(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags); +int ll_setxattr(struct dentry *dentry, struct inode *inode, + const char *name, const void *value, size_t size, int flags); ssize_t ll_getxattr(struct dentry *dentry, struct inode *inode, const char *name, void *buffer, size_t size); ssize_t ll_listxattr(struct dentry *dentry, char *buffer, size_t size); diff --git a/drivers/staging/lustre/lustre/llite/xattr.c b/drivers/staging/lustre/lustre/llite/xattr.c index fc4b95d3..3edbbd2 100644 --- a/drivers/staging/lustre/lustre/llite/xattr.c +++ b/drivers/staging/lustre/lustre/llite/xattr.c @@ -212,11 +212,9 @@ int ll_setxattr_common(struct inode *inode, const char *name, return 0; } -int ll_setxattr(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags) +int ll_setxattr(struct dentry *dentry, struct inode *inode, + const char *name, const void *value, size_t size, int flags) { - struct inode *inode = dentry->d_inode; - LASSERT(inode); LASSERT(name); diff --git a/fs/bad_inode.c b/fs/bad_inode.c index 336c284..5c29455 100644 --- a/fs/bad_inode.c +++ b/fs/bad_inode.c @@ -247,8 +247,8 @@ static int bad_inode_setattr(struct dentry *direntry, struct iattr *attrs) return -EIO; } -static int bad_inode_setxattr(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags) +static int bad_inode_setxattr(struct dentry *dentry, struct inode *inode, + const char *name, const void *value, size_t size, int flags) { return -EIO; } diff --git a/fs/btrfs/xattr.c b/fs/btrfs/xattr.c index 6fa0196..22291af 100644 --- a/fs/btrfs/xattr.c +++ b/fs/btrfs/xattr.c @@ -412,10 +412,11 @@ ssize_t btrfs_getxattr(struct dentry *dentry, struct inode *inode, return __btrfs_getxattr(inode, name, buffer, size); } -int btrfs_setxattr(struct dentry *dentry, const char *name, const void *value, +int btrfs_setxattr(struct dentry *dentry, struct inode *inode, + const char *name, const void *value, size_t size, int flags) { - struct btrfs_root *root = BTRFS_I(dentry->d_inode)->root; + struct btrfs_root *root = BTRFS_I(inode)->root; int ret; /* @@ -431,20 +432,21 @@ int btrfs_setxattr(struct dentry *dentry, const char *name, const void *value, * for it via sb->s_xattr. */ if (!strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) - return generic_setxattr(dentry, name, value, size, flags); + return generic_setxattr(dentry, inode, name, value, + size, flags); ret = btrfs_is_valid_xattr(name); if (ret) return ret; if (!strncmp(name, XATTR_BTRFS_PREFIX, XATTR_BTRFS_PREFIX_LEN)) - return btrfs_set_prop(dentry->d_inode, name, + return btrfs_set_prop(inode, name, value, size, flags); if (size == 0) value = ""; /* empty EA, do not remove */ - return __btrfs_setxattr(NULL, dentry->d_inode, name, value, size, + return __btrfs_setxattr(NULL, inode, name, value, size, flags); } diff --git a/fs/btrfs/xattr.h b/fs/btrfs/xattr.h index 8ee4329..bbd23f3 100644 --- a/fs/btrfs/xattr.h +++ b/fs/btrfs/xattr.h @@ -30,8 +30,9 @@ extern int __btrfs_setxattr(struct btrfs_trans_handle *trans, const void *value, size_t size, int flags); extern ssize_t btrfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, void *buffer, size_t size); -extern int btrfs_setxattr(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags); +extern int btrfs_setxattr(struct dentry *dentry, struct inode *inode, + const char *name, const void *value, + size_t size, int flags); extern int btrfs_removexattr(struct dentry *dentry, const char *name); extern int btrfs_xattr_security_init(struct btrfs_trans_handle *trans, diff --git a/fs/ceph/super.h b/fs/ceph/super.h index 82dd063..2783da8 100644 --- a/fs/ceph/super.h +++ b/fs/ceph/super.h @@ -722,8 +722,8 @@ extern int ceph_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat); /* xattr.c */ -extern int ceph_setxattr(struct dentry *, const char *, const void *, - size_t, int); +extern int ceph_setxattr(struct dentry *, struct inode *, const char *, + const void *, size_t, int); int __ceph_setxattr(struct dentry *, const char *, const void *, size_t, int); ssize_t __ceph_getxattr(struct inode *, const char *, void *, size_t); int __ceph_removexattr(struct dentry *, const char *); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index 59640c0..663cecc 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -995,14 +995,15 @@ out: return err; } -int ceph_setxattr(struct dentry *dentry, const char *name, +int ceph_setxattr(struct dentry *dentry, struct inode *inode, const char *name, const void *value, size_t size, int flags) { - if (ceph_snap(dentry->d_inode) != CEPH_NOSNAP) + if (ceph_snap(inode) != CEPH_NOSNAP) return -EROFS; if (!strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) - return generic_setxattr(dentry, name, value, size, flags); + return generic_setxattr(dentry, inode, name, value, size, + flags); return __ceph_setxattr(dentry, name, value, size, flags); } diff --git a/fs/cifs/cifsfs.h b/fs/cifs/cifsfs.h index b0eac15..bda690e 100644 --- a/fs/cifs/cifsfs.h +++ b/fs/cifs/cifsfs.h @@ -122,8 +122,8 @@ extern int cifs_readlink(struct dentry *direntry, char __user *buffer, extern int cifs_symlink(struct inode *inode, struct dentry *direntry, const char *symname); extern int cifs_removexattr(struct dentry *, const char *); -extern int cifs_setxattr(struct dentry *, const char *, const void *, - size_t, int); +extern int cifs_setxattr(struct dentry *, struct inode *, const char *, + const void *, size_t, int); extern ssize_t cifs_getxattr(struct dentry *, struct inode *, const char *, void *, size_t); extern ssize_t cifs_listxattr(struct dentry *, char *, size_t); extern long cifs_ioctl(struct file *filep, unsigned int cmd, unsigned long arg); diff --git a/fs/cifs/xattr.c b/fs/cifs/xattr.c index d2c738e..2d7e6de 100644 --- a/fs/cifs/xattr.c +++ b/fs/cifs/xattr.c @@ -97,8 +97,9 @@ remove_ea_exit: return rc; } -int cifs_setxattr(struct dentry *direntry, const char *ea_name, - const void *ea_value, size_t value_size, int flags) +int cifs_setxattr(struct dentry *direntry, struct inode *inode, + const char *ea_name, const void *ea_value, size_t value_size, + int flags) { int rc = -EOPNOTSUPP; #ifdef CONFIG_CIFS_XATTR @@ -111,9 +112,9 @@ int cifs_setxattr(struct dentry *direntry, const char *ea_name, if (direntry == NULL) return -EIO; - if (direntry->d_inode == NULL) + if (inode == NULL) return -EIO; - sb = direntry->d_inode->i_sb; + sb = inode->i_sb; if (sb == NULL) return -EIO; @@ -177,12 +178,12 @@ int cifs_setxattr(struct dentry *direntry, const char *ea_name, memcpy(pacl, ea_value, value_size); if (pTcon->ses->server->ops->set_acl) rc = pTcon->ses->server->ops->set_acl(pacl, - value_size, direntry->d_inode, + value_size, inode, full_path, CIFS_ACL_DACL); else rc = -EOPNOTSUPP; if (rc == 0) /* force revalidate of the inode */ - CIFS_I(direntry->d_inode)->time = 0; + CIFS_I(inode)->time = 0; kfree(pacl); } #else diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index bc82bf3..1523f21 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -1149,12 +1149,13 @@ ecryptfs_write_metadata_to_contents(struct inode *ecryptfs_inode, static int ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry, + struct inode *ecryptfs_inode, char *page_virt, size_t size) { int rc; - rc = ecryptfs_setxattr(ecryptfs_dentry, ECRYPTFS_XATTR_NAME, page_virt, - size, 0); + rc = ecryptfs_setxattr(ecryptfs_dentry, ecryptfs_inode, + ECRYPTFS_XATTR_NAME, page_virt, size, 0); return rc; } @@ -1223,8 +1224,8 @@ int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry, goto out_free; } if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) - rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry, virt, - size); + rc = ecryptfs_write_metadata_to_xattr(ecryptfs_dentry, ecryptfs_inode, + virt, size); else rc = ecryptfs_write_metadata_to_contents(ecryptfs_inode, virt, virt_len); diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 0030865..567fbd7 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h @@ -621,8 +621,8 @@ ssize_t ecryptfs_getxattr_lower(struct dentry *lower_dentry, struct inode *lower_inode, const char *name, void *value, size_t size); int -ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value, - size_t size, int flags); +ecryptfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name, + const void *value, size_t size, int flags); int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode); #ifdef CONFIG_ECRYPT_FS_MESSAGING int ecryptfs_process_response(struct ecryptfs_daemon *daemon, diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index 4fb21a7..80006b1 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -1016,7 +1016,8 @@ static int ecryptfs_getattr(struct vfsmount *mnt, struct dentry *dentry, } int -ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value, +ecryptfs_setxattr(struct dentry *dentry, struct inode *inode, + const char *name, const void *value, size_t size, int flags) { int rc = 0; @@ -1029,8 +1030,8 @@ ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value, } rc = vfs_setxattr(lower_dentry, name, value, size, flags); - if (!rc && dentry->d_inode) - fsstack_copy_attr_all(dentry->d_inode, lower_dentry->d_inode); + if (!rc && inode) + fsstack_copy_attr_all(inode, lower_dentry->d_inode); out: return rc; } diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c index 4ee2cac..5099360 100644 --- a/fs/ecryptfs/mmap.c +++ b/fs/ecryptfs/mmap.c @@ -443,7 +443,8 @@ static int ecryptfs_write_inode_size_to_xattr(struct inode *ecryptfs_inode) if (size < 0) size = 8; put_unaligned_be64(i_size_read(ecryptfs_inode), xattr_virt); - rc = lower_inode->i_op->setxattr(lower_dentry, ECRYPTFS_XATTR_NAME, + rc = lower_inode->i_op->setxattr(lower_dentry, lower_inode, + ECRYPTFS_XATTR_NAME, xattr_virt, size, 0); mutex_unlock(&lower_inode->i_mutex); if (rc) diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index bef1ee3..1dbc7c1 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1845,10 +1845,10 @@ static int fuse_getattr(struct vfsmount *mnt, struct dentry *entry, return fuse_update_attributes(inode, stat, NULL, NULL); } -static int fuse_setxattr(struct dentry *entry, const char *name, - const void *value, size_t size, int flags) +static int fuse_setxattr(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags) { - struct inode *inode = entry->d_inode; struct fuse_conn *fc = get_fuse_conn(inode); struct fuse_req *req; struct fuse_setxattr_in inarg; diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c index ee95780..eb10bd8 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c @@ -1851,10 +1851,10 @@ static int gfs2_getattr(struct vfsmount *mnt, struct dentry *dentry, return 0; } -static int gfs2_setxattr(struct dentry *dentry, const char *name, - const void *data, size_t size, int flags) +static int gfs2_setxattr(struct dentry *dentry, struct inode *inode, + const char *name, const void *data, size_t size, + int flags) { - struct inode *inode = dentry->d_inode; struct gfs2_inode *ip = GFS2_I(inode); struct gfs2_holder gh; int ret; @@ -1864,7 +1864,8 @@ static int gfs2_setxattr(struct dentry *dentry, const char *name, if (ret == 0) { ret = gfs2_rs_alloc(ip); if (ret == 0) - ret = generic_setxattr(dentry, name, data, size, flags); + ret = generic_setxattr(dentry, inode, name, data, + size, flags); gfs2_glock_dq(&gh); } gfs2_holder_uninit(&gh); diff --git a/fs/hfs/attr.c b/fs/hfs/attr.c index ce9719c..39b7123 100644 --- a/fs/hfs/attr.c +++ b/fs/hfs/attr.c @@ -13,10 +13,10 @@ #include "hfs_fs.h" #include "btree.h" -int hfs_setxattr(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags) +int hfs_setxattr(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags) { - struct inode *inode = dentry->d_inode; struct hfs_find_data fd; hfs_cat_rec rec; struct hfs_cat_file *file; diff --git a/fs/hfs/hfs_fs.h b/fs/hfs/hfs_fs.h index f234e2a..f052215 100644 --- a/fs/hfs/hfs_fs.h +++ b/fs/hfs/hfs_fs.h @@ -211,7 +211,7 @@ extern void hfs_evict_inode(struct inode *); extern void hfs_delete_inode(struct inode *); /* attr.c */ -extern int hfs_setxattr(struct dentry *dentry, const char *name, +extern int hfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name, const void *value, size_t size, int flags); extern ssize_t hfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, void *value, size_t size); diff --git a/fs/jfs/jfs_xattr.h b/fs/jfs/jfs_xattr.h index e69e14f..01c47b1 100644 --- a/fs/jfs/jfs_xattr.h +++ b/fs/jfs/jfs_xattr.h @@ -54,8 +54,8 @@ struct jfs_ea_list { extern int __jfs_setxattr(tid_t, struct inode *, const char *, const void *, size_t, int); -extern int jfs_setxattr(struct dentry *, const char *, const void *, size_t, - int); +extern int jfs_setxattr(struct dentry *, struct inode *, const char *, + const void *, size_t, int); extern ssize_t __jfs_getxattr(struct inode *, const char *, void *, size_t); extern ssize_t jfs_getxattr(struct dentry *, struct inode *, const char *, void *, size_t); extern ssize_t jfs_listxattr(struct dentry *, char *, size_t); diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c index 7b9a8f9..a942358 100644 --- a/fs/jfs/xattr.c +++ b/fs/jfs/xattr.c @@ -846,10 +846,9 @@ int __jfs_setxattr(tid_t tid, struct inode *inode, const char *name, return rc; } -int jfs_setxattr(struct dentry *dentry, const char *name, const void *value, - size_t value_len, int flags) +int jfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name, + const void *value, size_t value_len, int flags) { - struct inode *inode = dentry->d_inode; struct jfs_inode_info *ji = JFS_IP(inode); int rc; tid_t tid; @@ -860,7 +859,8 @@ int jfs_setxattr(struct dentry *dentry, const char *name, const void *value, * for it via sb->s_xattr. */ if (!strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) - return generic_setxattr(dentry, name, value, value_len, flags); + return generic_setxattr(dentry, inode, name, value, value_len, + flags); if ((rc = can_set_xattr(inode, name, value, value_len))) return rc; @@ -872,7 +872,7 @@ int jfs_setxattr(struct dentry *dentry, const char *name, const void *value, tid = txBegin(inode->i_sb, 0); mutex_lock(&ji->commit_mutex); - rc = __jfs_setxattr(tid, dentry->d_inode, name, value, value_len, + rc = __jfs_setxattr(tid, inode, name, value, value_len, flags); if (!rc) rc = txCommit(tid, 1, &inode, 0); diff --git a/fs/kernfs/inode.c b/fs/kernfs/inode.c index 332ccaf..d422c76 100644 --- a/fs/kernfs/inode.c +++ b/fs/kernfs/inode.c @@ -169,10 +169,11 @@ static int kernfs_node_setsecdata(struct kernfs_node *kn, void **secdata, return 0; } -int kernfs_iop_setxattr(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags) +int kernfs_iop_setxattr(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags) { - struct kernfs_node *kn = dentry->d_fsdata; + struct kernfs_node *kn = inode->i_private; struct kernfs_iattrs *attrs; void *secdata; int error; @@ -184,11 +185,11 @@ int kernfs_iop_setxattr(struct dentry *dentry, const char *name, if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN)) { const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; - error = security_inode_setsecurity(dentry->d_inode, suffix, + error = security_inode_setsecurity(inode, suffix, value, size, flags); if (error) return error; - error = security_inode_getsecctx(dentry->d_inode, + error = security_inode_getsecctx(inode, &secdata, &secdata_len); if (error) return error; diff --git a/fs/kernfs/kernfs-internal.h b/fs/kernfs/kernfs-internal.h index 35b9ee1..b7469cf 100644 --- a/fs/kernfs/kernfs-internal.h +++ b/fs/kernfs/kernfs-internal.h @@ -82,7 +82,8 @@ int kernfs_iop_permission(struct inode *inode, int mask); int kernfs_iop_setattr(struct dentry *dentry, struct iattr *iattr); int kernfs_iop_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat); -int kernfs_iop_setxattr(struct dentry *dentry, const char *name, const void *value, +int kernfs_iop_setxattr(struct dentry *dentry, struct inode *inode, + const char *name, const void *value, size_t size, int flags); int kernfs_iop_removexattr(struct dentry *dentry, const char *name); ssize_t kernfs_iop_getxattr(struct dentry *dentry, struct inode *inode, diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 04b5520..810969d 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -213,8 +213,9 @@ bool ovl_is_private_xattr(const char *name) return strncmp(name, "trusted.overlay.", 14) == 0; } -int ovl_setxattr(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags) +int ovl_setxattr(struct dentry *dentry, struct inode *inode, + const char *name, const void *value, + size_t size, int flags) { int err; struct dentry *upperdentry; diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 66b56ea..214baf0 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -159,8 +159,9 @@ void ovl_cache_free(struct list_head *list); /* inode.c */ int ovl_setattr(struct dentry *dentry, struct iattr *attr); int ovl_permission(struct inode *inode, int mask); -int ovl_setxattr(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags); +int ovl_setxattr(struct dentry *dentry, struct inode *inode, + const char *name, const void *value, + size_t size, int flags); ssize_t ovl_getxattr(struct dentry *dentry, struct inode *inode, const char *name, void *value, size_t size); ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size); diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c index b5d64cc..5251955 100644 --- a/fs/reiserfs/xattr.c +++ b/fs/reiserfs/xattr.c @@ -787,8 +787,8 @@ reiserfs_getxattr(struct dentry *dentry, struct inode *inode, * dentry->d_inode->i_mutex down */ int -reiserfs_setxattr(struct dentry *dentry, const char *name, const void *value, - size_t size, int flags) +reiserfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name, + const void *value, size_t size, int flags) { const struct xattr_handler *handler; @@ -797,8 +797,8 @@ reiserfs_setxattr(struct dentry *dentry, const char *name, const void *value, if (!handler || get_inode_sd_version(dentry->d_inode) == STAT_DATA_V1) return -EOPNOTSUPP; - return handler->set(dentry, dentry->d_inode, name, value, size, - flags, handler->flags); + return handler->set(dentry, inode, name, value, size, flags, + handler->flags); } /* diff --git a/fs/reiserfs/xattr.h b/fs/reiserfs/xattr.h index 033bac1..0762779 100644 --- a/fs/reiserfs/xattr.h +++ b/fs/reiserfs/xattr.h @@ -20,8 +20,9 @@ int reiserfs_permission(struct inode *inode, int mask); #define has_xattr_dir(inode) (REISERFS_I(inode)->i_flags & i_has_xattr_dir) ssize_t reiserfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, void *buffer, size_t size); -int reiserfs_setxattr(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags); +int reiserfs_setxattr(struct dentry *dentry, struct inode *inode, + const char *name, const void *value, size_t size, + int flags); ssize_t reiserfs_listxattr(struct dentry *dentry, char *buffer, size_t size); int reiserfs_removexattr(struct dentry *dentry, const char *name); diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h index c35436f..7b022a9 100644 --- a/fs/ubifs/ubifs.h +++ b/fs/ubifs/ubifs.h @@ -1748,7 +1748,7 @@ int ubifs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat); /* xattr.c */ -int ubifs_setxattr(struct dentry *dentry, const char *name, +int ubifs_setxattr(struct dentry *dentry, struct inode *inode, const char *name, const void *value, size_t size, int flags); ssize_t ubifs_getxattr(struct dentry *dentry, struct inode *host, const char *name, void *buf, size_t size); diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c index 698194f..13104e4 100644 --- a/fs/ubifs/xattr.c +++ b/fs/ubifs/xattr.c @@ -294,10 +294,10 @@ static struct inode *iget_xattr(struct ubifs_info *c, ino_t inum) return ERR_PTR(-EINVAL); } -int ubifs_setxattr(struct dentry *dentry, const char *name, +int ubifs_setxattr(struct dentry *dentry, struct inode *host, const char *name, const void *value, size_t size, int flags) { - struct inode *inode, *host = dentry->d_inode; + struct inode *inode; struct ubifs_info *c = host->i_sb->s_fs_info; struct qstr nm = QSTR_INIT(name, strlen(name)); struct ubifs_dent_node *xent; diff --git a/fs/xattr.c b/fs/xattr.c index 87bd926..d6351cb 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -100,7 +100,7 @@ int __vfs_setxattr_noperm(struct dentry *dentry, const char *name, if (issec) inode->i_flags &= ~S_NOSEC; if (inode->i_op->setxattr) { - error = inode->i_op->setxattr(dentry, name, value, size, flags); + error = inode->i_op->setxattr(dentry, inode, name, value, size, flags); if (!error) { fsnotify_xattr(dentry); security_inode_post_setxattr(dentry, name, value, @@ -764,7 +764,8 @@ generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) * Find the handler for the prefix and dispatch its set() operation. */ int -generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) +generic_setxattr(struct dentry *dentry, struct inode *inode, const char *name, + const void *value, size_t size, int flags) { const struct xattr_handler *handler; @@ -773,8 +774,8 @@ generic_setxattr(struct dentry *dentry, const char *name, const void *value, siz handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); if (!handler) return -EOPNOTSUPP; - return handler->set(dentry, dentry->d_inode, name, value, size, - flags, handler->flags); + return handler->set(dentry, inode, name, value, size, flags, + handler->flags); } /* diff --git a/include/linux/fs.h b/include/linux/fs.h index 7586207..ba463aa 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1537,7 +1537,8 @@ struct inode_operations { struct inode *, struct dentry *, unsigned int); int (*setattr) (struct dentry *, struct iattr *); int (*getattr) (struct vfsmount *mnt, struct dentry *, struct kstat *); - int (*setxattr) (struct dentry *, const char *,const void *,size_t,int); + int (*setxattr) (struct dentry *, struct inode *, + const char *, const void *, size_t, int); ssize_t (*getxattr) (struct dentry *, struct inode *, const char *, void *, size_t); ssize_t (*listxattr) (struct dentry *, char *, size_t); diff --git a/include/linux/xattr.h b/include/linux/xattr.h index 0027b04..ac6e270 100644 --- a/include/linux/xattr.h +++ b/include/linux/xattr.h @@ -46,7 +46,8 @@ int vfs_removexattr(struct dentry *, const char *); ssize_t generic_getxattr(struct dentry *dentry, struct inode *inode, const char *name, void *buffer, size_t size); ssize_t generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size); -int generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags); +int generic_setxattr(struct dentry *dentry, struct inode *inode, + const char *name, const void *value, size_t size, int flags); int generic_removexattr(struct dentry *dentry, const char *name); ssize_t vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, size_t size, gfp_t flags); diff --git a/mm/shmem.c b/mm/shmem.c index 8be47d4..f926e5e 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -2597,10 +2597,11 @@ static ssize_t shmem_getxattr(struct dentry *dentry, struct inode *inode, return simple_xattr_get(&info->xattrs, name, buffer, size); } -static int shmem_setxattr(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags) +static int shmem_setxattr(struct dentry *dentry, struct inode *inode, + const char *name, const void *value, size_t size, + int flags) { - struct shmem_inode_info *info = SHMEM_I(dentry->d_inode); + struct shmem_inode_info *info = SHMEM_I(inode); int err; /* @@ -2609,7 +2610,8 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, * for it via sb->s_xattr. */ if (!strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) - return generic_setxattr(dentry, name, value, size, flags); + return generic_setxattr(dentry, inode, name, value, size, + flags); err = shmem_xattr_validate(name); if (err) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 764e521..444a619 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3139,7 +3139,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) */ if (isp->smk_flags & SMK_INODE_CHANGED) { isp->smk_flags &= ~SMK_INODE_CHANGED; - rc = inode->i_op->setxattr(dp, + rc = inode->i_op->setxattr(dp, inode, XATTR_NAME_SMACKTRANSMUTE, TRANS_TRUE, TRANS_TRUE_SIZE, 0); -- 1.7.4.1

7 years, 1 month

1
0
0 0

[PATCH 3.18.y 4/5] switch xattr_handler->set() to passing dentry and inode separately

by Seung-Woo Kim

From: Al Viro <viro(a)zeniv.linux.org.uk> preparation for similar switch in ->setxattr() (see the next commit for rationale). Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> [sw0312.kim: backport to 3.18 including ext3] Signed-off-by: Seung-Woo Kim <sw0312.kim(a)samsung.com> --- fs/9p/acl.c | 7 +++---- fs/9p/xattr_security.c | 5 +++-- fs/9p/xattr_trusted.c | 5 +++-- fs/9p/xattr_user.c | 5 +++-- fs/ext2/xattr_security.c | 7 ++++--- fs/ext2/xattr_trusted.c | 7 ++++--- fs/ext2/xattr_user.c | 9 +++++---- fs/ext3/xattr_security.c | 7 ++++--- fs/ext3/xattr_trusted.c | 7 ++++--- fs/ext3/xattr_user.c | 9 +++++---- fs/ext4/xattr_security.c | 7 ++++--- fs/ext4/xattr_trusted.c | 7 ++++--- fs/ext4/xattr_user.c | 9 +++++---- fs/f2fs/xattr.c | 17 ++++++++--------- fs/gfs2/xattr.c | 7 ++++--- fs/hfsplus/xattr.c | 7 ++++--- fs/hfsplus/xattr.h | 4 ++-- fs/hfsplus/xattr_security.c | 7 ++++--- fs/hfsplus/xattr_trusted.c | 7 ++++--- fs/hfsplus/xattr_user.c | 7 ++++--- fs/jffs2/security.c | 7 ++++--- fs/jffs2/xattr_trusted.c | 7 ++++--- fs/jffs2/xattr_user.c | 7 ++++--- fs/nfs/nfs4proc.c | 19 +++++++++---------- fs/ocfs2/xattr.c | 23 +++++++++++++---------- fs/posix_acl.c | 6 +++--- fs/reiserfs/xattr.c | 6 ++++-- fs/reiserfs/xattr_security.c | 8 ++++---- fs/reiserfs/xattr_trusted.c | 8 ++++---- fs/reiserfs/xattr_user.c | 8 ++++---- fs/xattr.c | 5 +++-- fs/xfs/xfs_xattr.c | 7 ++++--- include/linux/xattr.h | 5 +++-- 33 files changed, 144 insertions(+), 119 deletions(-) diff --git a/fs/9p/acl.c b/fs/9p/acl.c index 938e1a4..0928d74 100644 --- a/fs/9p/acl.c +++ b/fs/9p/acl.c @@ -279,14 +279,13 @@ static int v9fs_remote_set_acl(struct dentry *dentry, const char *name, } -static int v9fs_xattr_set_acl(struct dentry *dentry, const char *name, - const void *value, size_t size, - int flags, int type) +static int v9fs_xattr_set_acl(struct dentry *dentry, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { int retval; struct posix_acl *acl; struct v9fs_session_info *v9ses; - struct inode *inode = dentry->d_inode; if (strcmp(name, "") != 0) return -EINVAL; diff --git a/fs/9p/xattr_security.c b/fs/9p/xattr_security.c index df692f9..242c1f8 100644 --- a/fs/9p/xattr_security.c +++ b/fs/9p/xattr_security.c @@ -47,8 +47,9 @@ static int v9fs_xattr_security_get(struct dentry *dentry, struct inode *inode, return retval; } -static int v9fs_xattr_security_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +static int v9fs_xattr_security_set(struct dentry *dentry, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { int retval; char *full_name; diff --git a/fs/9p/xattr_trusted.c b/fs/9p/xattr_trusted.c index acfadcf..a1fe7d9 100644 --- a/fs/9p/xattr_trusted.c +++ b/fs/9p/xattr_trusted.c @@ -47,8 +47,9 @@ static int v9fs_xattr_trusted_get(struct dentry *dentry, struct inode *inode, return retval; } -static int v9fs_xattr_trusted_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +static int v9fs_xattr_trusted_set(struct dentry *dentry, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { int retval; char *full_name; diff --git a/fs/9p/xattr_user.c b/fs/9p/xattr_user.c index 9b37675..7a34aca 100644 --- a/fs/9p/xattr_user.c +++ b/fs/9p/xattr_user.c @@ -47,8 +47,9 @@ static int v9fs_xattr_user_get(struct dentry *dentry, struct inode *inode, return retval; } -static int v9fs_xattr_user_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +static int v9fs_xattr_user_set(struct dentry *dentry, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { int retval; char *full_name; diff --git a/fs/ext2/xattr_security.c b/fs/ext2/xattr_security.c index 1d53da4..3ece525 100644 --- a/fs/ext2/xattr_security.c +++ b/fs/ext2/xattr_security.c @@ -33,12 +33,13 @@ ext2_xattr_security_get(struct dentry *unused, struct inode *inode, } static int -ext2_xattr_security_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +ext2_xattr_security_set(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { if (strcmp(name, "") == 0) return -EINVAL; - return ext2_xattr_set(dentry->d_inode, EXT2_XATTR_INDEX_SECURITY, name, + return ext2_xattr_set(inode, EXT2_XATTR_INDEX_SECURITY, name, value, size, flags); } diff --git a/fs/ext2/xattr_trusted.c b/fs/ext2/xattr_trusted.c index dd05f14..d88cbb1 100644 --- a/fs/ext2/xattr_trusted.c +++ b/fs/ext2/xattr_trusted.c @@ -37,12 +37,13 @@ ext2_xattr_trusted_get(struct dentry *unused, struct inode *inode, } static int -ext2_xattr_trusted_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +ext2_xattr_trusted_set(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { if (strcmp(name, "") == 0) return -EINVAL; - return ext2_xattr_set(dentry->d_inode, EXT2_XATTR_INDEX_TRUSTED, name, + return ext2_xattr_set(inode, EXT2_XATTR_INDEX_TRUSTED, name, value, size, flags); } diff --git a/fs/ext2/xattr_user.c b/fs/ext2/xattr_user.c index b3289d5..b96a8f8 100644 --- a/fs/ext2/xattr_user.c +++ b/fs/ext2/xattr_user.c @@ -41,15 +41,16 @@ ext2_xattr_user_get(struct dentry *unused, struct inode *inode, } static int -ext2_xattr_user_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +ext2_xattr_user_set(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { if (strcmp(name, "") == 0) return -EINVAL; - if (!test_opt(dentry->d_sb, XATTR_USER)) + if (!test_opt(inode->i_sb, XATTR_USER)) return -EOPNOTSUPP; - return ext2_xattr_set(dentry->d_inode, EXT2_XATTR_INDEX_USER, + return ext2_xattr_set(inode, EXT2_XATTR_INDEX_USER, name, value, size, flags); } diff --git a/fs/ext3/xattr_security.c b/fs/ext3/xattr_security.c index 3e60abc..815f8c4 100644 --- a/fs/ext3/xattr_security.c +++ b/fs/ext3/xattr_security.c @@ -34,12 +34,13 @@ ext3_xattr_security_get(struct dentry *unused, struct inode *inode, } static int -ext3_xattr_security_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +ext3_xattr_security_set(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { if (strcmp(name, "") == 0) return -EINVAL; - return ext3_xattr_set(dentry->d_inode, EXT3_XATTR_INDEX_SECURITY, + return ext3_xattr_set(inode, EXT3_XATTR_INDEX_SECURITY, name, value, size, flags); } diff --git a/fs/ext3/xattr_trusted.c b/fs/ext3/xattr_trusted.c index 9fe035b..f9e1769 100644 --- a/fs/ext3/xattr_trusted.c +++ b/fs/ext3/xattr_trusted.c @@ -37,12 +37,13 @@ ext3_xattr_trusted_get(struct dentry *unused, struct inode *inode, } static int -ext3_xattr_trusted_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +ext3_xattr_trusted_set(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { if (strcmp(name, "") == 0) return -EINVAL; - return ext3_xattr_set(dentry->d_inode, EXT3_XATTR_INDEX_TRUSTED, name, + return ext3_xattr_set(inode, EXT3_XATTR_INDEX_TRUSTED, name, value, size, flags); } diff --git a/fs/ext3/xattr_user.c b/fs/ext3/xattr_user.c index 8856f51..ce7b23d 100644 --- a/fs/ext3/xattr_user.c +++ b/fs/ext3/xattr_user.c @@ -39,14 +39,15 @@ ext3_xattr_user_get(struct dentry *unused, struct inode *inode, } static int -ext3_xattr_user_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +ext3_xattr_user_set(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { if (strcmp(name, "") == 0) return -EINVAL; - if (!test_opt(dentry->d_sb, XATTR_USER)) + if (!test_opt(inode->i_sb, XATTR_USER)) return -EOPNOTSUPP; - return ext3_xattr_set(dentry->d_inode, EXT3_XATTR_INDEX_USER, + return ext3_xattr_set(inode, EXT3_XATTR_INDEX_USER, name, value, size, flags); } diff --git a/fs/ext4/xattr_security.c b/fs/ext4/xattr_security.c index 7704e94..c0dc82d 100644 --- a/fs/ext4/xattr_security.c +++ b/fs/ext4/xattr_security.c @@ -38,12 +38,13 @@ ext4_xattr_security_get(struct dentry *unused, struct inode *inode, } static int -ext4_xattr_security_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +ext4_xattr_security_set(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { if (strcmp(name, "") == 0) return -EINVAL; - return ext4_xattr_set(dentry->d_inode, EXT4_XATTR_INDEX_SECURITY, + return ext4_xattr_set(inode, EXT4_XATTR_INDEX_SECURITY, name, value, size, flags); } diff --git a/fs/ext4/xattr_trusted.c b/fs/ext4/xattr_trusted.c index 7bf8df2..42d6db0 100644 --- a/fs/ext4/xattr_trusted.c +++ b/fs/ext4/xattr_trusted.c @@ -41,12 +41,13 @@ ext4_xattr_trusted_get(struct dentry *unused, struct inode *inode, } static int -ext4_xattr_trusted_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +ext4_xattr_trusted_set(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { if (strcmp(name, "") == 0) return -EINVAL; - return ext4_xattr_set(dentry->d_inode, EXT4_XATTR_INDEX_TRUSTED, + return ext4_xattr_set(inode, EXT4_XATTR_INDEX_TRUSTED, name, value, size, flags); } diff --git a/fs/ext4/xattr_user.c b/fs/ext4/xattr_user.c index afad2827..f37a4ff 100644 --- a/fs/ext4/xattr_user.c +++ b/fs/ext4/xattr_user.c @@ -42,14 +42,15 @@ ext4_xattr_user_get(struct dentry *unused, struct inode *inode, } static int -ext4_xattr_user_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +ext4_xattr_user_set(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { if (strcmp(name, "") == 0) return -EINVAL; - if (!test_opt(dentry->d_sb, XATTR_USER)) + if (!test_opt(inode->i_sb, XATTR_USER)) return -EOPNOTSUPP; - return ext4_xattr_set(dentry->d_inode, EXT4_XATTR_INDEX_USER, + return ext4_xattr_set(inode, EXT4_XATTR_INDEX_USER, name, value, size, flags); } diff --git a/fs/f2fs/xattr.c b/fs/f2fs/xattr.c index a6e15c5..3f4705f 100644 --- a/fs/f2fs/xattr.c +++ b/fs/f2fs/xattr.c @@ -87,10 +87,11 @@ static int f2fs_xattr_generic_get(struct dentry *unused, struct inode *inode, return f2fs_getxattr(inode, type, name, buffer, size); } -static int f2fs_xattr_generic_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +static int f2fs_xattr_generic_set(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { - struct f2fs_sb_info *sbi = F2FS_SB(dentry->d_sb); + struct f2fs_sb_info *sbi = F2FS_SB(inode->i_sb); switch (type) { case F2FS_XATTR_INDEX_USER: @@ -109,8 +110,7 @@ static int f2fs_xattr_generic_set(struct dentry *dentry, const char *name, if (strcmp(name, "") == 0) return -EINVAL; - return f2fs_setxattr(dentry->d_inode, type, name, - value, size, NULL, flags); + return f2fs_setxattr(inode, type, name, value, size, NULL, flags); } static size_t f2fs_xattr_advise_list(struct dentry *dentry, char *list, @@ -138,11 +138,10 @@ static int f2fs_xattr_advise_get(struct dentry *unused, struct inode *inode, return sizeof(char); } -static int f2fs_xattr_advise_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +static int f2fs_xattr_advise_set(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { - struct inode *inode = dentry->d_inode; - if (strcmp(name, "") != 0) return -EINVAL; if (!inode_owner_or_capable(inode)) diff --git a/fs/gfs2/xattr.c b/fs/gfs2/xattr.c index 0c15e9f..96e47b0 100644 --- a/fs/gfs2/xattr.c +++ b/fs/gfs2/xattr.c @@ -1227,10 +1227,11 @@ int __gfs2_xattr_set(struct inode *inode, const char *name, return error; } -static int gfs2_xattr_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +static int gfs2_xattr_set(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { - return __gfs2_xattr_set(dentry->d_inode, name, value, + return __gfs2_xattr_set(inode, name, value, size, flags, type); } diff --git a/fs/hfsplus/xattr.c b/fs/hfsplus/xattr.c index 1377437..1ac46a2 100644 --- a/fs/hfsplus/xattr.c +++ b/fs/hfsplus/xattr.c @@ -826,8 +826,9 @@ static int hfsplus_osx_getxattr(struct dentry *unused, struct inode *inode, return hfsplus_getxattr(inode, name, buffer, size); } -static int hfsplus_osx_setxattr(struct dentry *dentry, const char *name, - const void *buffer, size_t size, int flags, int type) +static int hfsplus_osx_setxattr(struct dentry *unused, struct inode *inode, + const char *name, const void *buffer, + size_t size, int flags, int type) { if (!strcmp(name, "")) return -EINVAL; @@ -845,7 +846,7 @@ static int hfsplus_osx_setxattr(struct dentry *dentry, const char *name, * creates), so we pass the name through unmodified (after * ensuring it doesn't conflict with another namespace). */ - return hfsplus_setxattr(dentry, name, buffer, size, flags); + return hfsplus_setxattr(inode, name, buffer, size, flags); } static size_t hfsplus_osx_listxattr(struct dentry *dentry, char *list, diff --git a/fs/hfsplus/xattr.h b/fs/hfsplus/xattr.h index ba9d80d7..28337f5 100644 --- a/fs/hfsplus/xattr.h +++ b/fs/hfsplus/xattr.h @@ -21,10 +21,10 @@ extern const struct xattr_handler *hfsplus_xattr_handlers[]; int __hfsplus_setxattr(struct inode *inode, const char *name, const void *value, size_t size, int flags); -static inline int hfsplus_setxattr(struct dentry *dentry, const char *name, +static inline int hfsplus_setxattr(struct inode *inode, const char *name, const void *value, size_t size, int flags) { - return __hfsplus_setxattr(dentry->d_inode, name, value, size, flags); + return __hfsplus_setxattr(inode, name, value, size, flags); } ssize_t __hfsplus_getxattr(struct inode *inode, const char *name, diff --git a/fs/hfsplus/xattr_security.c b/fs/hfsplus/xattr_security.c index 77d7f29..ccbc7df 100644 --- a/fs/hfsplus/xattr_security.c +++ b/fs/hfsplus/xattr_security.c @@ -35,8 +35,9 @@ static int hfsplus_security_getxattr(struct dentry *unused, struct inode *inode, return res; } -static int hfsplus_security_setxattr(struct dentry *dentry, const char *name, - const void *buffer, size_t size, int flags, int type) +static int hfsplus_security_setxattr(struct dentry *unused, struct inode *inode, + const char *name, const void *buffer, + size_t size, int flags, int type) { char *xattr_name; int res; @@ -51,7 +52,7 @@ static int hfsplus_security_setxattr(struct dentry *dentry, const char *name, strcpy(xattr_name, XATTR_SECURITY_PREFIX); strcpy(xattr_name + XATTR_SECURITY_PREFIX_LEN, name); - res = hfsplus_setxattr(dentry, xattr_name, buffer, size, flags); + res = hfsplus_setxattr(inode, xattr_name, buffer, size, flags); kfree(xattr_name); return res; } diff --git a/fs/hfsplus/xattr_trusted.c b/fs/hfsplus/xattr_trusted.c index 5c9e7a0..5d54660 100644 --- a/fs/hfsplus/xattr_trusted.c +++ b/fs/hfsplus/xattr_trusted.c @@ -33,8 +33,9 @@ static int hfsplus_trusted_getxattr(struct dentry *unused, struct inode *inode, return res; } -static int hfsplus_trusted_setxattr(struct dentry *dentry, const char *name, - const void *buffer, size_t size, int flags, int type) +static int hfsplus_trusted_setxattr(struct dentry *unused, struct inode *inode, + const char *name, const void *buffer, + size_t size, int flags, int type) { char *xattr_name; int res; @@ -49,7 +50,7 @@ static int hfsplus_trusted_setxattr(struct dentry *dentry, const char *name, strcpy(xattr_name, XATTR_TRUSTED_PREFIX); strcpy(xattr_name + XATTR_TRUSTED_PREFIX_LEN, name); - res = hfsplus_setxattr(dentry, xattr_name, buffer, size, flags); + res = hfsplus_setxattr(inode, xattr_name, buffer, size, flags); kfree(xattr_name); return res; } diff --git a/fs/hfsplus/xattr_user.c b/fs/hfsplus/xattr_user.c index c7c424c..931c054 100644 --- a/fs/hfsplus/xattr_user.c +++ b/fs/hfsplus/xattr_user.c @@ -33,8 +33,9 @@ static int hfsplus_user_getxattr(struct dentry *unused, struct inode *inode, return res; } -static int hfsplus_user_setxattr(struct dentry *dentry, const char *name, - const void *buffer, size_t size, int flags, int type) +static int hfsplus_user_setxattr(struct dentry *unused, struct inode *inode, + const char *name, const void *buffer, + size_t size, int flags, int type) { char *xattr_name; int res; @@ -49,7 +50,7 @@ static int hfsplus_user_setxattr(struct dentry *dentry, const char *name, strcpy(xattr_name, XATTR_USER_PREFIX); strcpy(xattr_name + XATTR_USER_PREFIX_LEN, name); - res = hfsplus_setxattr(dentry, xattr_name, buffer, size, flags); + res = hfsplus_setxattr(inode, xattr_name, buffer, size, flags); kfree(xattr_name); return res; } diff --git a/fs/jffs2/security.c b/fs/jffs2/security.c index 77a9db6..f8ee8a2 100644 --- a/fs/jffs2/security.c +++ b/fs/jffs2/security.c @@ -59,13 +59,14 @@ static int jffs2_security_getxattr(struct dentry *unused, struct inode *inode, name, buffer, size); } -static int jffs2_security_setxattr(struct dentry *dentry, const char *name, - const void *buffer, size_t size, int flags, int type) +static int jffs2_security_setxattr(struct dentry *unused, struct inode *inode, + const char *name, const void *buffer, + size_t size, int flags, int type) { if (!strcmp(name, "")) return -EINVAL; - return do_jffs2_setxattr(dentry->d_inode, JFFS2_XPREFIX_SECURITY, + return do_jffs2_setxattr(inode, JFFS2_XPREFIX_SECURITY, name, buffer, size, flags); } diff --git a/fs/jffs2/xattr_trusted.c b/fs/jffs2/xattr_trusted.c index 7b2fe19..0f36f46 100644 --- a/fs/jffs2/xattr_trusted.c +++ b/fs/jffs2/xattr_trusted.c @@ -26,12 +26,13 @@ static int jffs2_trusted_getxattr(struct dentry *unused, struct inode *inode, name, buffer, size); } -static int jffs2_trusted_setxattr(struct dentry *dentry, const char *name, - const void *buffer, size_t size, int flags, int type) +static int jffs2_trusted_setxattr(struct dentry *unused, struct inode *inode, + const char *name, const void *buffer, + size_t size, int flags, int type) { if (!strcmp(name, "")) return -EINVAL; - return do_jffs2_setxattr(dentry->d_inode, JFFS2_XPREFIX_TRUSTED, + return do_jffs2_setxattr(inode, JFFS2_XPREFIX_TRUSTED, name, buffer, size, flags); } diff --git a/fs/jffs2/xattr_user.c b/fs/jffs2/xattr_user.c index 0d8b125..62551b6 100644 --- a/fs/jffs2/xattr_user.c +++ b/fs/jffs2/xattr_user.c @@ -26,12 +26,13 @@ static int jffs2_user_getxattr(struct dentry *unused, struct inode *inode, name, buffer, size); } -static int jffs2_user_setxattr(struct dentry *dentry, const char *name, - const void *buffer, size_t size, int flags, int type) +static int jffs2_user_setxattr(struct dentry *unused, struct inode *inode, + const char *name, const void *buffer, + size_t size, int flags, int type) { if (!strcmp(name, "")) return -EINVAL; - return do_jffs2_setxattr(dentry->d_inode, JFFS2_XPREFIX_USER, + return do_jffs2_setxattr(inode, JFFS2_XPREFIX_USER, name, buffer, size, flags); } diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 3e0df4a1..7ccecfb 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -4781,12 +4781,11 @@ static int nfs4_do_set_security_label(struct inode *inode, } static int -nfs4_set_security_label(struct dentry *dentry, const void *buf, size_t buflen) +nfs4_set_security_label(struct inode *inode, const void *buf, size_t buflen) { struct nfs4_label ilabel, *olabel = NULL; struct nfs_fattr fattr; struct rpc_cred *cred; - struct inode *inode = dentry->d_inode; int status; if (!nfs_server_capable(inode, NFS_CAP_SECURITY_LABEL)) @@ -6037,14 +6036,14 @@ nfs4_release_lockowner(struct nfs_server *server, struct nfs4_lock_state *lsp) #define XATTR_NAME_NFSV4_ACL "system.nfs4_acl" -static int nfs4_xattr_set_nfs4_acl(struct dentry *dentry, const char *key, - const void *buf, size_t buflen, - int flags, int type) +static int nfs4_xattr_set_nfs4_acl(struct dentry *unused, struct inode *inode, + const char *key, const void *buf, + size_t buflen, int flags, int type) { if (strcmp(key, "") != 0) return -EINVAL; - return nfs4_proc_set_acl(dentry->d_inode, buf, buflen); + return nfs4_proc_set_acl(inode, buf, buflen); } static int nfs4_xattr_get_nfs4_acl(struct dentry *unused, struct inode *inode, @@ -6077,12 +6076,12 @@ static inline int nfs4_server_supports_labels(struct nfs_server *server) return server->caps & NFS_CAP_SECURITY_LABEL; } -static int nfs4_xattr_set_nfs4_label(struct dentry *dentry, const char *key, - const void *buf, size_t buflen, - int flags, int type) +static int nfs4_xattr_set_nfs4_label(struct dentry *unused, struct inode *inode, + const char *key, const void *buf, + size_t buflen, int flags, int type) { if (security_ismaclabel(key)) - return nfs4_set_security_label(dentry, buf, buflen); + return nfs4_set_security_label(inode, buf, buflen); return -EOPNOTSUPP; } diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c index 8f42eaa..2d6aa1a 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c @@ -7262,13 +7262,14 @@ static int ocfs2_xattr_security_get(struct dentry *unused, struct inode *inode, name, buffer, size); } -static int ocfs2_xattr_security_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +static int ocfs2_xattr_security_set(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { if (strcmp(name, "") == 0) return -EINVAL; - return ocfs2_xattr_set(dentry->d_inode, OCFS2_XATTR_INDEX_SECURITY, + return ocfs2_xattr_set(inode, OCFS2_XATTR_INDEX_SECURITY, name, value, size, flags); } @@ -7353,13 +7354,14 @@ static int ocfs2_xattr_trusted_get(struct dentry *unused, struct inode *inode, name, buffer, size); } -static int ocfs2_xattr_trusted_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +static int ocfs2_xattr_trusted_set(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { if (strcmp(name, "") == 0) return -EINVAL; - return ocfs2_xattr_set(dentry->d_inode, OCFS2_XATTR_INDEX_TRUSTED, + return ocfs2_xattr_set(inode, OCFS2_XATTR_INDEX_TRUSTED, name, value, size, flags); } @@ -7406,17 +7408,18 @@ static int ocfs2_xattr_user_get(struct dentry *unused, struct inode *inode, buffer, size); } -static int ocfs2_xattr_user_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +static int ocfs2_xattr_user_set(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int type) { - struct ocfs2_super *osb = OCFS2_SB(dentry->d_sb); + struct ocfs2_super *osb = OCFS2_SB(inode->i_sb); if (strcmp(name, "") == 0) return -EINVAL; if (osb->s_mount_opt & OCFS2_MOUNT_NOUSERXATTR) return -EOPNOTSUPP; - return ocfs2_xattr_set(dentry->d_inode, OCFS2_XATTR_INDEX_USER, + return ocfs2_xattr_set(inode, OCFS2_XATTR_INDEX_USER, name, value, size, flags); } diff --git a/fs/posix_acl.c b/fs/posix_acl.c index a9d6c01..81b0008 100644 --- a/fs/posix_acl.c +++ b/fs/posix_acl.c @@ -841,10 +841,10 @@ set_posix_acl(struct inode *inode, int type, struct posix_acl *acl) EXPORT_SYMBOL(set_posix_acl); static int -posix_acl_xattr_set(struct dentry *dentry, const char *name, - const void *value, size_t size, int flags, int type) +posix_acl_xattr_set(struct dentry *dentry, struct inode *inode, + const char *name, const void *value, size_t size, + int flags, int type) { - struct inode *inode = dentry->d_inode; struct posix_acl *acl = NULL; int ret; diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c index 40d4fcc..b5d64cc 100644 --- a/fs/reiserfs/xattr.c +++ b/fs/reiserfs/xattr.c @@ -797,7 +797,8 @@ reiserfs_setxattr(struct dentry *dentry, const char *name, const void *value, if (!handler || get_inode_sd_version(dentry->d_inode) == STAT_DATA_V1) return -EOPNOTSUPP; - return handler->set(dentry, name, value, size, flags, handler->flags); + return handler->set(dentry, dentry->d_inode, name, value, size, + flags, handler->flags); } /* @@ -814,7 +815,8 @@ int reiserfs_removexattr(struct dentry *dentry, const char *name) if (!handler || get_inode_sd_version(dentry->d_inode) == STAT_DATA_V1) return -EOPNOTSUPP; - return handler->set(dentry, name, NULL, 0, XATTR_REPLACE, handler->flags); + return handler->set(dentry, dentry->d_inode, name, NULL, 0, + XATTR_REPLACE, handler->flags); } struct listxattr_buf { diff --git a/fs/reiserfs/xattr_security.c b/fs/reiserfs/xattr_security.c index dad61a9..d68b8da 100644 --- a/fs/reiserfs/xattr_security.c +++ b/fs/reiserfs/xattr_security.c @@ -22,16 +22,16 @@ security_get(struct dentry *unused, struct inode *inode, const char *name, } static int -security_set(struct dentry *dentry, const char *name, const void *buffer, - size_t size, int flags, int handler_flags) +security_set(struct dentry *unused, struct inode *inode, const char *name, + const void *buffer, size_t size, int flags, int handler_flags) { if (strlen(name) < sizeof(XATTR_SECURITY_PREFIX)) return -EINVAL; - if (IS_PRIVATE(dentry->d_inode)) + if (IS_PRIVATE(inode)) return -EPERM; - return reiserfs_xattr_set(dentry->d_inode, name, buffer, size, flags); + return reiserfs_xattr_set(inode, name, buffer, size, flags); } static size_t security_list(struct dentry *dentry, char *list, size_t list_len, diff --git a/fs/reiserfs/xattr_trusted.c b/fs/reiserfs/xattr_trusted.c index 9e3cf4a..8202daa 100644 --- a/fs/reiserfs/xattr_trusted.c +++ b/fs/reiserfs/xattr_trusted.c @@ -21,16 +21,16 @@ trusted_get(struct dentry *unused, struct inode *inode, const char *name, } static int -trusted_set(struct dentry *dentry, const char *name, const void *buffer, - size_t size, int flags, int handler_flags) +trusted_set(struct dentry *unused, struct inode *inode, const char *name, + const void *buffer, size_t size, int flags, int handler_flags) { if (strlen(name) < sizeof(XATTR_TRUSTED_PREFIX)) return -EINVAL; - if (!capable(CAP_SYS_ADMIN) || IS_PRIVATE(dentry->d_inode)) + if (!capable(CAP_SYS_ADMIN) || IS_PRIVATE(inode)) return -EPERM; - return reiserfs_xattr_set(dentry->d_inode, name, buffer, size, flags); + return reiserfs_xattr_set(inode, name, buffer, size, flags); } static size_t trusted_list(struct dentry *dentry, char *list, size_t list_size, diff --git a/fs/reiserfs/xattr_user.c b/fs/reiserfs/xattr_user.c index 8c0d2ef..5d0ec05 100644 --- a/fs/reiserfs/xattr_user.c +++ b/fs/reiserfs/xattr_user.c @@ -19,15 +19,15 @@ user_get(struct dentry *unused, struct inode *inode, const char *name, } static int -user_set(struct dentry *dentry, const char *name, const void *buffer, - size_t size, int flags, int handler_flags) +user_set(struct dentry *unused, struct inode *inode, const char *name, + const void *buffer, size_t size, int flags, int handler_flags) { if (strlen(name) < sizeof(XATTR_USER_PREFIX)) return -EINVAL; - if (!reiserfs_xattrs_user(dentry->d_sb)) + if (!reiserfs_xattrs_user(inode->i_sb)) return -EOPNOTSUPP; - return reiserfs_xattr_set(dentry->d_inode, name, buffer, size, flags); + return reiserfs_xattr_set(inode, name, buffer, size, flags); } static size_t user_list(struct dentry *dentry, char *list, size_t list_size, diff --git a/fs/xattr.c b/fs/xattr.c index b04fc6b..87bd926 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -773,7 +773,8 @@ generic_setxattr(struct dentry *dentry, const char *name, const void *value, siz handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); if (!handler) return -EOPNOTSUPP; - return handler->set(dentry, name, value, size, flags, handler->flags); + return handler->set(dentry, dentry->d_inode, name, value, size, + flags, handler->flags); } /* @@ -788,7 +789,7 @@ generic_removexattr(struct dentry *dentry, const char *name) handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); if (!handler) return -EOPNOTSUPP; - return handler->set(dentry, name, NULL, 0, + return handler->set(dentry, dentry->d_inode, name, NULL, 0, XATTR_REPLACE, handler->flags); } diff --git a/fs/xfs/xfs_xattr.c b/fs/xfs/xfs_xattr.c index bd4a6ee..8e19527 100644 --- a/fs/xfs/xfs_xattr.c +++ b/fs/xfs/xfs_xattr.c @@ -56,10 +56,11 @@ xfs_xattr_get(struct dentry *unused, struct inode *inode, const char *name, } static int -xfs_xattr_set(struct dentry *dentry, const char *name, const void *value, - size_t size, int flags, int xflags) +xfs_xattr_set(struct dentry *unused, struct inode *inode, + const char *name, const void *value, + size_t size, int flags, int xflags) { - struct xfs_inode *ip = XFS_I(dentry->d_inode); + struct xfs_inode *ip = XFS_I(inode); if (strcmp(name, "") == 0) return -EINVAL; diff --git a/include/linux/xattr.h b/include/linux/xattr.h index ad4c869..0027b04 100644 --- a/include/linux/xattr.h +++ b/include/linux/xattr.h @@ -26,8 +26,9 @@ struct xattr_handler { const char *name, size_t name_len, int handler_flags); int (*get)(struct dentry *dentry, struct inode *inode, const char *name, void *buffer, size_t size, int handler_flags); - int (*set)(struct dentry *dentry, const char *name, const void *buffer, - size_t size, int flags, int handler_flags); + int (*set)(struct dentry *dentry, struct inode *inode, const char *name, + const void *buffer, size_t size, int flags, + int handler_flags); }; struct xattr { -- 1.7.4.1

7 years, 1 month

1
0
0 0

[PATCH 3.18.y 3/5] security_d_instantiate(): move to the point prior to attaching dentry to inode

by Seung-Woo Kim

From: Al Viro <viro(a)zeniv.linux.org.uk> commit b96809173e94ea2fa8c19c2e40e8545a1821bf57 upstream. Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> [sw0312.kim: backport to 3.18] Signed-off-by: Seung-Woo Kim <sw0312.kim(a)samsung.com> --- fs/dcache.c | 18 +++++++----------- 1 files changed, 7 insertions(+), 11 deletions(-) diff --git a/fs/dcache.c b/fs/dcache.c index a34d401..6a4290a 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -1729,12 +1729,12 @@ static void __d_instantiate(struct dentry *dentry, struct inode *inode) void d_instantiate(struct dentry *entry, struct inode * inode) { BUG_ON(!hlist_unhashed(&entry->d_u.d_alias)); + security_d_instantiate(entry, inode); if (inode) spin_lock(&inode->i_lock); __d_instantiate(entry, inode); if (inode) spin_unlock(&inode->i_lock); - security_d_instantiate(entry, inode); } EXPORT_SYMBOL(d_instantiate); @@ -1795,16 +1795,15 @@ struct dentry *d_instantiate_unique(struct dentry *entry, struct inode *inode) BUG_ON(!hlist_unhashed(&entry->d_u.d_alias)); + security_d_instantiate(entry, inode); if (inode) spin_lock(&inode->i_lock); result = __d_instantiate_unique(entry, inode); if (inode) spin_unlock(&inode->i_lock); - if (!result) { - security_d_instantiate(entry, inode); + if (!result) return NULL; - } BUG_ON(!d_unhashed(result)); iput(inode); @@ -1826,6 +1825,7 @@ int d_instantiate_no_diralias(struct dentry *entry, struct inode *inode) { BUG_ON(!hlist_unhashed(&entry->d_u.d_alias)); + security_d_instantiate(entry, inode); spin_lock(&inode->i_lock); if (S_ISDIR(inode->i_mode) && !hlist_empty(&inode->i_dentry)) { spin_unlock(&inode->i_lock); @@ -1834,7 +1834,6 @@ int d_instantiate_no_diralias(struct dentry *entry, struct inode *inode) } __d_instantiate(entry, inode); spin_unlock(&inode->i_lock); - security_d_instantiate(entry, inode); return 0; } @@ -1930,6 +1929,7 @@ static struct dentry *__d_obtain_alias(struct inode *inode, int disconnected) goto out_iput; } + security_d_instantiate(tmp, inode); spin_lock(&inode->i_lock); res = __d_find_any_alias(inode); if (res) { @@ -1953,13 +1953,10 @@ static struct dentry *__d_obtain_alias(struct inode *inode, int disconnected) hlist_bl_unlock(&tmp->d_sb->s_anon); spin_unlock(&tmp->d_lock); spin_unlock(&inode->i_lock); - security_d_instantiate(tmp, inode); return tmp; out_iput: - if (res && !IS_ERR(res)) - security_d_instantiate(res, inode); iput(inode); return res; } @@ -2817,6 +2814,7 @@ struct dentry *d_splice_alias(struct inode *inode, struct dentry *dentry) return ERR_CAST(inode); if (inode && S_ISDIR(inode->i_mode)) { + security_d_instantiate(dentry, inode); spin_lock(&inode->i_lock); new = __d_find_any_alias(inode); if (new) { @@ -2836,13 +2834,11 @@ struct dentry *d_splice_alias(struct inode *inode, struct dentry *dentry) __d_move(new, dentry, false); write_sequnlock(&rename_lock); spin_unlock(&inode->i_lock); - security_d_instantiate(new, inode); iput(inode); } else { /* already taking inode->i_lock, so d_add() by hand */ __d_instantiate(dentry, inode); spin_unlock(&inode->i_lock); - security_d_instantiate(dentry, inode); d_rehash(dentry); } } else { @@ -2876,6 +2872,7 @@ struct dentry *d_materialise_unique(struct dentry *dentry, struct inode *inode) goto out_nolock; } + security_d_instantiate(dentry, inode); spin_lock(&inode->i_lock); if (S_ISDIR(inode->i_mode)) { @@ -2927,7 +2924,6 @@ found: spin_unlock(&inode->i_lock); out_nolock: if (actual == dentry) { - security_d_instantiate(dentry, inode); return NULL; } -- 1.7.4.1

7 years, 1 month

1
0
0 0

[PATCH 3.18.y 2/5] ->getxattr(): pass dentry and inode as separate arguments

by Seung-Woo Kim

From: Al Viro <viro(a)zeniv.linux.org.uk> commit ce23e640133484eebc20ca7b7668388213e11327 upstream. Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> [sw0312.kim: backport to 3.18] Signed-off-by: Seung-Woo Kim <sw0312.kim(a)samsung.com> --- Documentation/filesystems/porting | 6 +++++ .../staging/lustre/lustre/llite/llite_internal.h | 4 +- drivers/staging/lustre/lustre/llite/xattr.c | 6 +--- fs/bad_inode.c | 4 +- fs/btrfs/xattr.c | 8 +++--- fs/btrfs/xattr.h | 4 +- fs/ceph/super.h | 3 +- fs/ceph/xattr.c | 8 +++--- fs/cifs/cifsfs.h | 2 +- fs/cifs/xattr.c | 10 ++++---- fs/ecryptfs/crypto.c | 5 +++- fs/ecryptfs/ecryptfs_kernel.h | 4 +- fs/ecryptfs/inode.c | 23 ++++++++++--------- fs/ecryptfs/mmap.c | 3 +- fs/fuse/dir.c | 5 +-- fs/gfs2/inode.c | 9 +++---- fs/hfs/attr.c | 5 +-- fs/hfs/hfs_fs.h | 4 +- fs/jfs/jfs_xattr.h | 2 +- fs/jfs/xattr.c | 8 +++--- fs/kernfs/inode.c | 6 ++-- fs/kernfs/kernfs-internal.h | 4 +- fs/overlayfs/inode.c | 4 +- fs/overlayfs/overlayfs.h | 4 +- fs/overlayfs/super.c | 2 +- fs/reiserfs/xattr.c | 8 +++--- fs/reiserfs/xattr.h | 4 +- fs/ubifs/ubifs.h | 4 +- fs/ubifs/xattr.c | 6 ++-- fs/xattr.c | 13 ++++++----- include/linux/fs.h | 3 +- include/linux/xattr.h | 2 +- mm/shmem.c | 8 +++--- net/socket.c | 2 +- security/commoncap.c | 6 ++-- security/integrity/evm/evm_main.c | 2 +- security/selinux/hooks.c | 9 ++++--- security/smack/smack_lsm.c | 4 +- 38 files changed, 112 insertions(+), 102 deletions(-) diff --git a/Documentation/filesystems/porting b/Documentation/filesystems/porting index 0f3a139..daf9acd 100644 --- a/Documentation/filesystems/porting +++ b/Documentation/filesystems/porting @@ -463,3 +463,9 @@ in your dentry operations instead. of the in-tree instances did). inode_hash_lock is still held, of course, so they are still serialized wrt removal from inode hash, as well as wrt set() callback of iget5_locked(). +-- +[mandatory] + ->getxattr() and xattr_handler.get() get dentry and inode passed separately. + dentry might be yet to be attached to inode, so do _not_ use its ->d_inode + in the instances. Rationale: !@#!@# security_d_instantiate() needs to be + called before we attach dentry to inode. diff --git a/drivers/staging/lustre/lustre/llite/llite_internal.h b/drivers/staging/lustre/lustre/llite/llite_internal.h index 36aa0fd..442fe5b 100644 --- a/drivers/staging/lustre/lustre/llite/llite_internal.h +++ b/drivers/staging/lustre/lustre/llite/llite_internal.h @@ -1070,8 +1070,8 @@ static inline __u64 ll_file_maxbytes(struct inode *inode) /* llite/xattr.c */ int ll_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags); -ssize_t ll_getxattr(struct dentry *dentry, const char *name, - void *buffer, size_t size); +ssize_t ll_getxattr(struct dentry *dentry, struct inode *inode, + const char *name, void *buffer, size_t size); ssize_t ll_listxattr(struct dentry *dentry, char *buffer, size_t size); int ll_removexattr(struct dentry *dentry, const char *name); diff --git a/drivers/staging/lustre/lustre/llite/xattr.c b/drivers/staging/lustre/lustre/llite/xattr.c index 252a619..fc4b95d3 100644 --- a/drivers/staging/lustre/lustre/llite/xattr.c +++ b/drivers/staging/lustre/lustre/llite/xattr.c @@ -455,11 +455,9 @@ out: return rc; } -ssize_t ll_getxattr(struct dentry *dentry, const char *name, - void *buffer, size_t size) +ssize_t ll_getxattr(struct dentry *dentry, struct inode *inode, + const char *name, void *buffer, size_t size) { - struct inode *inode = dentry->d_inode; - LASSERT(inode); LASSERT(name); diff --git a/fs/bad_inode.c b/fs/bad_inode.c index afd2b44..336c284 100644 --- a/fs/bad_inode.c +++ b/fs/bad_inode.c @@ -253,8 +253,8 @@ static int bad_inode_setxattr(struct dentry *dentry, const char *name, return -EIO; } -static ssize_t bad_inode_getxattr(struct dentry *dentry, const char *name, - void *buffer, size_t size) +static ssize_t bad_inode_getxattr(struct dentry *dentry, struct inode *inode, + const char *name, void *buffer, size_t size) { return -EIO; } diff --git a/fs/btrfs/xattr.c b/fs/btrfs/xattr.c index fbb0533..6fa0196 100644 --- a/fs/btrfs/xattr.c +++ b/fs/btrfs/xattr.c @@ -393,8 +393,8 @@ static int btrfs_is_valid_xattr(const char *name) return 0; } -ssize_t btrfs_getxattr(struct dentry *dentry, const char *name, - void *buffer, size_t size) +ssize_t btrfs_getxattr(struct dentry *dentry, struct inode *inode, + const char *name, void *buffer, size_t size) { int ret; @@ -404,12 +404,12 @@ ssize_t btrfs_getxattr(struct dentry *dentry, const char *name, * for it via sb->s_xattr. */ if (!strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) - return generic_getxattr(dentry, name, buffer, size); + return generic_getxattr(dentry, inode, name, buffer, size); ret = btrfs_is_valid_xattr(name); if (ret) return ret; - return __btrfs_getxattr(dentry->d_inode, name, buffer, size); + return __btrfs_getxattr(inode, name, buffer, size); } int btrfs_setxattr(struct dentry *dentry, const char *name, const void *value, diff --git a/fs/btrfs/xattr.h b/fs/btrfs/xattr.h index 5049608..8ee4329 100644 --- a/fs/btrfs/xattr.h +++ b/fs/btrfs/xattr.h @@ -28,8 +28,8 @@ extern ssize_t __btrfs_getxattr(struct inode *inode, const char *name, extern int __btrfs_setxattr(struct btrfs_trans_handle *trans, struct inode *inode, const char *name, const void *value, size_t size, int flags); -extern ssize_t btrfs_getxattr(struct dentry *dentry, const char *name, - void *buffer, size_t size); +extern ssize_t btrfs_getxattr(struct dentry *dentry, struct inode *inode, + const char *name, void *buffer, size_t size); extern int btrfs_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags); extern int btrfs_removexattr(struct dentry *dentry, const char *name); diff --git a/fs/ceph/super.h b/fs/ceph/super.h index b82f507..82dd063 100644 --- a/fs/ceph/super.h +++ b/fs/ceph/super.h @@ -727,7 +727,8 @@ extern int ceph_setxattr(struct dentry *, const char *, const void *, int __ceph_setxattr(struct dentry *, const char *, const void *, size_t, int); ssize_t __ceph_getxattr(struct inode *, const char *, void *, size_t); int __ceph_removexattr(struct dentry *, const char *); -extern ssize_t ceph_getxattr(struct dentry *, const char *, void *, size_t); +extern ssize_t ceph_getxattr(struct dentry *, struct inode *, const char *, + void *, size_t); extern ssize_t ceph_listxattr(struct dentry *, char *, size_t); extern int ceph_removexattr(struct dentry *, const char *); extern void __ceph_build_xattrs_blob(struct ceph_inode_info *ci); diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index f827d55..59640c0 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c @@ -773,13 +773,13 @@ out: return err; } -ssize_t ceph_getxattr(struct dentry *dentry, const char *name, void *value, - size_t size) +ssize_t ceph_getxattr(struct dentry *dentry, struct inode *inode, + const char *name, void *value, size_t size) { if (!strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) - return generic_getxattr(dentry, name, value, size); + return generic_getxattr(dentry, inode, name, value, size); - return __ceph_getxattr(dentry->d_inode, name, value, size); + return __ceph_getxattr(inode, name, value, size); } ssize_t ceph_listxattr(struct dentry *dentry, char *names, size_t size) diff --git a/fs/cifs/cifsfs.h b/fs/cifs/cifsfs.h index 15da9e3..b0eac15 100644 --- a/fs/cifs/cifsfs.h +++ b/fs/cifs/cifsfs.h @@ -124,7 +124,7 @@ extern int cifs_symlink(struct inode *inode, struct dentry *direntry, extern int cifs_removexattr(struct dentry *, const char *); extern int cifs_setxattr(struct dentry *, const char *, const void *, size_t, int); -extern ssize_t cifs_getxattr(struct dentry *, const char *, void *, size_t); +extern ssize_t cifs_getxattr(struct dentry *, struct inode *, const char *, void *, size_t); extern ssize_t cifs_listxattr(struct dentry *, char *, size_t); extern long cifs_ioctl(struct file *filep, unsigned int cmd, unsigned long arg); diff --git a/fs/cifs/xattr.c b/fs/cifs/xattr.c index 72a4d10..d2c738e 100644 --- a/fs/cifs/xattr.c +++ b/fs/cifs/xattr.c @@ -232,8 +232,8 @@ set_ea_exit: return rc; } -ssize_t cifs_getxattr(struct dentry *direntry, const char *ea_name, - void *ea_value, size_t buf_size) +ssize_t cifs_getxattr(struct dentry *direntry, struct inode *inode, + const char *ea_name, void *ea_value, size_t buf_size) { ssize_t rc = -EOPNOTSUPP; #ifdef CONFIG_CIFS_XATTR @@ -246,9 +246,9 @@ ssize_t cifs_getxattr(struct dentry *direntry, const char *ea_name, if (direntry == NULL) return -EIO; - if (direntry->d_inode == NULL) + if (inode == NULL) return -EIO; - sb = direntry->d_inode->i_sb; + sb = inode->i_sb; if (sb == NULL) return -EIO; @@ -324,7 +324,7 @@ ssize_t cifs_getxattr(struct dentry *direntry, const char *ea_name, goto get_ea_exit; /* rc already EOPNOTSUPP */ pacl = pTcon->ses->server->ops->get_acl(cifs_sb, - direntry->d_inode, full_path, &acllen); + inode, full_path, &acllen); if (IS_ERR(pacl)) { rc = PTR_ERR(pacl); cifs_dbg(VFS, "%s: error %zd getting sec desc\n", diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 31b148f..bc82bf3 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -1377,7 +1377,9 @@ int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode) ssize_t size; int rc = 0; - size = ecryptfs_getxattr_lower(lower_dentry, ECRYPTFS_XATTR_NAME, + size = ecryptfs_getxattr_lower(lower_dentry, + ecryptfs_inode_to_lower(ecryptfs_inode), + ECRYPTFS_XATTR_NAME, page_virt, ECRYPTFS_DEFAULT_EXTENT_SIZE); if (size < 0) { if (unlikely(ecryptfs_verbosity > 0)) @@ -1399,6 +1401,7 @@ int ecryptfs_read_and_validate_xattr_region(struct dentry *dentry, int rc; rc = ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry), + ecryptfs_inode_to_lower(inode), ECRYPTFS_XATTR_NAME, file_size, ECRYPTFS_SIZE_AND_MARKER_BYTES); if (rc < ECRYPTFS_SIZE_AND_MARKER_BYTES) diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 4682bef..0030865 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h @@ -618,8 +618,8 @@ ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, unsigned char *src, struct dentry *ecryptfs_dentry); int ecryptfs_truncate(struct dentry *dentry, loff_t new_length); ssize_t -ecryptfs_getxattr_lower(struct dentry *lower_dentry, const char *name, - void *value, size_t size); +ecryptfs_getxattr_lower(struct dentry *lower_dentry, struct inode *lower_inode, + const char *name, void *value, size_t size); int ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags); diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index 885c6a9..4fb21a7 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -1036,29 +1036,30 @@ out: } ssize_t -ecryptfs_getxattr_lower(struct dentry *lower_dentry, const char *name, - void *value, size_t size) +ecryptfs_getxattr_lower(struct dentry *lower_dentry, struct inode *lower_inode, + const char *name, void *value, size_t size) { int rc = 0; - if (!lower_dentry->d_inode->i_op->getxattr) { + if (!lower_inode->i_op->getxattr) { rc = -EOPNOTSUPP; goto out; } - mutex_lock(&lower_dentry->d_inode->i_mutex); - rc = lower_dentry->d_inode->i_op->getxattr(lower_dentry, name, value, - size); - mutex_unlock(&lower_dentry->d_inode->i_mutex); + mutex_lock(&lower_inode->i_mutex); + rc = lower_inode->i_op->getxattr(lower_dentry, lower_inode, + name, value, size); + mutex_unlock(&lower_inode->i_mutex); out: return rc; } static ssize_t -ecryptfs_getxattr(struct dentry *dentry, const char *name, void *value, - size_t size) +ecryptfs_getxattr(struct dentry *dentry, struct inode *inode, + const char *name, void *value, size_t size) { - return ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry), name, - value, size); + return ecryptfs_getxattr_lower(ecryptfs_dentry_to_lower(dentry), + ecryptfs_inode_to_lower(inode), + name, value, size); } static ssize_t diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c index 564a1fa..4ee2cac 100644 --- a/fs/ecryptfs/mmap.c +++ b/fs/ecryptfs/mmap.c @@ -437,7 +437,8 @@ static int ecryptfs_write_inode_size_to_xattr(struct inode *ecryptfs_inode) goto out; } mutex_lock(&lower_inode->i_mutex); - size = lower_inode->i_op->getxattr(lower_dentry, ECRYPTFS_XATTR_NAME, + size = lower_inode->i_op->getxattr(lower_dentry, lower_inode, + ECRYPTFS_XATTR_NAME, xattr_virt, PAGE_CACHE_SIZE); if (size < 0) size = 8; diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index 86ee53f..bef1ee3 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1887,10 +1887,9 @@ static int fuse_setxattr(struct dentry *entry, const char *name, return err; } -static ssize_t fuse_getxattr(struct dentry *entry, const char *name, - void *value, size_t size) +static ssize_t fuse_getxattr(struct dentry *entry, struct inode *inode, + const char *name, void *value, size_t size) { - struct inode *inode = entry->d_inode; struct fuse_conn *fc = get_fuse_conn(inode); struct fuse_req *req; struct fuse_getxattr_in inarg; diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c index c4ed823..ee95780 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c @@ -1871,22 +1871,21 @@ static int gfs2_setxattr(struct dentry *dentry, const char *name, return ret; } -static ssize_t gfs2_getxattr(struct dentry *dentry, const char *name, - void *data, size_t size) +static ssize_t gfs2_getxattr(struct dentry *dentry, struct inode *inode, + const char *name, void *data, size_t size) { - struct inode *inode = dentry->d_inode; struct gfs2_inode *ip = GFS2_I(inode); struct gfs2_holder gh; int ret; /* For selinux during lookup */ if (gfs2_glock_is_locked_by_me(ip->i_gl)) - return generic_getxattr(dentry, name, data, size); + return generic_getxattr(dentry, inode, name, data, size); gfs2_holder_init(ip->i_gl, LM_ST_SHARED, LM_FLAG_ANY, &gh); ret = gfs2_glock_nq(&gh); if (ret == 0) { - ret = generic_getxattr(dentry, name, data, size); + ret = generic_getxattr(dentry, inode, name, data, size); gfs2_glock_dq(&gh); } gfs2_holder_uninit(&gh); diff --git a/fs/hfs/attr.c b/fs/hfs/attr.c index e057ec5..ce9719c 100644 --- a/fs/hfs/attr.c +++ b/fs/hfs/attr.c @@ -56,10 +56,9 @@ out: return res; } -ssize_t hfs_getxattr(struct dentry *dentry, const char *name, - void *value, size_t size) +ssize_t hfs_getxattr(struct dentry *unused, struct inode *inode, + const char *name, void *value, size_t size) { - struct inode *inode = dentry->d_inode; struct hfs_find_data fd; hfs_cat_rec rec; struct hfs_cat_file *file; diff --git a/fs/hfs/hfs_fs.h b/fs/hfs/hfs_fs.h index 95d2552..f234e2a 100644 --- a/fs/hfs/hfs_fs.h +++ b/fs/hfs/hfs_fs.h @@ -213,8 +213,8 @@ extern void hfs_delete_inode(struct inode *); /* attr.c */ extern int hfs_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags); -extern ssize_t hfs_getxattr(struct dentry *dentry, const char *name, - void *value, size_t size); +extern ssize_t hfs_getxattr(struct dentry *dentry, struct inode *inode, + const char *name, void *value, size_t size); extern ssize_t hfs_listxattr(struct dentry *dentry, char *buffer, size_t size); /* mdb.c */ diff --git a/fs/jfs/jfs_xattr.h b/fs/jfs/jfs_xattr.h index e8d717d..e69e14f 100644 --- a/fs/jfs/jfs_xattr.h +++ b/fs/jfs/jfs_xattr.h @@ -57,7 +57,7 @@ extern int __jfs_setxattr(tid_t, struct inode *, const char *, const void *, extern int jfs_setxattr(struct dentry *, const char *, const void *, size_t, int); extern ssize_t __jfs_getxattr(struct inode *, const char *, void *, size_t); -extern ssize_t jfs_getxattr(struct dentry *, const char *, void *, size_t); +extern ssize_t jfs_getxattr(struct dentry *, struct inode *, const char *, void *, size_t); extern ssize_t jfs_listxattr(struct dentry *, char *, size_t); extern int jfs_removexattr(struct dentry *, const char *); diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c index 46325d5..7b9a8f9 100644 --- a/fs/jfs/xattr.c +++ b/fs/jfs/xattr.c @@ -933,8 +933,8 @@ ssize_t __jfs_getxattr(struct inode *inode, const char *name, void *data, return size; } -ssize_t jfs_getxattr(struct dentry *dentry, const char *name, void *data, - size_t buf_size) +ssize_t jfs_getxattr(struct dentry *dentry, struct inode *inode, + const char *name, void *data, size_t buf_size) { int err; @@ -944,7 +944,7 @@ ssize_t jfs_getxattr(struct dentry *dentry, const char *name, void *data, * for it via sb->s_xattr. */ if (!strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) - return generic_getxattr(dentry, name, data, buf_size); + return generic_getxattr(dentry, inode, name, data, buf_size); if (strncmp(name, XATTR_OS2_PREFIX, XATTR_OS2_PREFIX_LEN) == 0) { /* @@ -959,7 +959,7 @@ ssize_t jfs_getxattr(struct dentry *dentry, const char *name, void *data, return -EOPNOTSUPP; } - err = __jfs_getxattr(dentry->d_inode, name, data, buf_size); + err = __jfs_getxattr(inode, name, data, buf_size); return err; } diff --git a/fs/kernfs/inode.c b/fs/kernfs/inode.c index 9852176..332ccaf 100644 --- a/fs/kernfs/inode.c +++ b/fs/kernfs/inode.c @@ -220,10 +220,10 @@ int kernfs_iop_removexattr(struct dentry *dentry, const char *name) return simple_xattr_remove(&attrs->xattrs, name); } -ssize_t kernfs_iop_getxattr(struct dentry *dentry, const char *name, void *buf, - size_t size) +ssize_t kernfs_iop_getxattr(struct dentry *unused, struct inode *inode, + const char *name, void *buf, size_t size) { - struct kernfs_node *kn = dentry->d_fsdata; + struct kernfs_node *kn = inode->i_private; struct kernfs_iattrs *attrs; attrs = kernfs_iattrs(kn); diff --git a/fs/kernfs/kernfs-internal.h b/fs/kernfs/kernfs-internal.h index dc84a3e..35b9ee1 100644 --- a/fs/kernfs/kernfs-internal.h +++ b/fs/kernfs/kernfs-internal.h @@ -85,8 +85,8 @@ int kernfs_iop_getattr(struct vfsmount *mnt, struct dentry *dentry, int kernfs_iop_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags); int kernfs_iop_removexattr(struct dentry *dentry, const char *name); -ssize_t kernfs_iop_getxattr(struct dentry *dentry, const char *name, void *buf, - size_t size); +ssize_t kernfs_iop_getxattr(struct dentry *dentry, struct inode *inode, + const char *name, void *buf, size_t size); ssize_t kernfs_iop_listxattr(struct dentry *dentry, char *buf, size_t size); void kernfs_inode_init(void); diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index df5c285..04b5520 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -246,8 +246,8 @@ static bool ovl_need_xattr_filter(struct dentry *dentry, return type == OVL_PATH_UPPER && S_ISDIR(dentry->d_inode->i_mode); } -ssize_t ovl_getxattr(struct dentry *dentry, const char *name, - void *value, size_t size) +ssize_t ovl_getxattr(struct dentry *dentry, struct inode *inode, + const char *name, void *value, size_t size) { struct path realpath; enum ovl_path_type type = ovl_path_real(dentry, &realpath); diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index f13557f..66b56ea 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -161,8 +161,8 @@ int ovl_setattr(struct dentry *dentry, struct iattr *attr); int ovl_permission(struct inode *inode, int mask); int ovl_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags); -ssize_t ovl_getxattr(struct dentry *dentry, const char *name, - void *value, size_t size); +ssize_t ovl_getxattr(struct dentry *dentry, struct inode *inode, + const char *name, void *value, size_t size); ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size); int ovl_removexattr(struct dentry *dentry, const char *name); struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags); diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index b5bddae..7d00d6c 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -249,7 +249,7 @@ static bool ovl_is_opaquedir(struct dentry *dentry) if (!S_ISDIR(inode->i_mode) || !inode->i_op->getxattr) return false; - res = inode->i_op->getxattr(dentry, ovl_opaque_xattr, &val, 1); + res = inode->i_op->getxattr(dentry, inode, ovl_opaque_xattr, &val, 1); if (res == 1 && val == 'y') return true; diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c index 9998770..40d4fcc 100644 --- a/fs/reiserfs/xattr.c +++ b/fs/reiserfs/xattr.c @@ -767,8 +767,8 @@ find_xattr_handler_prefix(const struct xattr_handler **handlers, * Inode operation getxattr() */ ssize_t -reiserfs_getxattr(struct dentry * dentry, const char *name, void *buffer, - size_t size) +reiserfs_getxattr(struct dentry *dentry, struct inode *inode, + const char *name, void *buffer, size_t size) { const struct xattr_handler *handler; @@ -777,8 +777,8 @@ reiserfs_getxattr(struct dentry * dentry, const char *name, void *buffer, if (!handler || get_inode_sd_version(dentry->d_inode) == STAT_DATA_V1) return -EOPNOTSUPP; - return handler->get(dentry, dentry->d_inode, name, buffer, size, - handler->flags); + return handler->get(dentry, inode, + name, buffer, size, handler->flags); } /* diff --git a/fs/reiserfs/xattr.h b/fs/reiserfs/xattr.h index f620e96..033bac1 100644 --- a/fs/reiserfs/xattr.h +++ b/fs/reiserfs/xattr.h @@ -18,8 +18,8 @@ int reiserfs_permission(struct inode *inode, int mask); #ifdef CONFIG_REISERFS_FS_XATTR #define has_xattr_dir(inode) (REISERFS_I(inode)->i_flags & i_has_xattr_dir) -ssize_t reiserfs_getxattr(struct dentry *dentry, const char *name, - void *buffer, size_t size); +ssize_t reiserfs_getxattr(struct dentry *dentry, struct inode *inode, + const char *name, void *buffer, size_t size); int reiserfs_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags); ssize_t reiserfs_listxattr(struct dentry *dentry, char *buffer, size_t size); diff --git a/fs/ubifs/ubifs.h b/fs/ubifs/ubifs.h index c4fe900..c35436f 100644 --- a/fs/ubifs/ubifs.h +++ b/fs/ubifs/ubifs.h @@ -1750,8 +1750,8 @@ int ubifs_getattr(struct vfsmount *mnt, struct dentry *dentry, /* xattr.c */ int ubifs_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags); -ssize_t ubifs_getxattr(struct dentry *dentry, const char *name, void *buf, - size_t size); +ssize_t ubifs_getxattr(struct dentry *dentry, struct inode *host, + const char *name, void *buf, size_t size); ssize_t ubifs_listxattr(struct dentry *dentry, char *buffer, size_t size); int ubifs_removexattr(struct dentry *dentry, const char *name); diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c index ce6c0d4..698194f 100644 --- a/fs/ubifs/xattr.c +++ b/fs/ubifs/xattr.c @@ -357,10 +357,10 @@ out_free: return err; } -ssize_t ubifs_getxattr(struct dentry *dentry, const char *name, void *buf, - size_t size) +ssize_t ubifs_getxattr(struct dentry *dentry, struct inode *host, + const char *name, void *buf, size_t size) { - struct inode *inode, *host = dentry->d_inode; + struct inode *inode; struct ubifs_info *c = host->i_sb->s_fs_info; struct qstr nm = QSTR_INIT(name, strlen(name)); struct ubifs_inode *ui; diff --git a/fs/xattr.c b/fs/xattr.c index 70a5962..b04fc6b 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -192,7 +192,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, if (!inode->i_op->getxattr) return -EOPNOTSUPP; - error = inode->i_op->getxattr(dentry, name, NULL, 0); + error = inode->i_op->getxattr(dentry, inode, name, NULL, 0); if (error < 0) return error; @@ -203,7 +203,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, memset(value, 0, error + 1); } - error = inode->i_op->getxattr(dentry, name, value, error); + error = inode->i_op->getxattr(dentry, inode, name, value, error); *xattr_value = value; return error; } @@ -255,7 +255,7 @@ vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) } nolsm: if (inode->i_op->getxattr) - error = inode->i_op->getxattr(dentry, name, value, size); + error = inode->i_op->getxattr(dentry, inode, name, value, size); else error = -EOPNOTSUPP; @@ -717,15 +717,16 @@ xattr_resolve_name(const struct xattr_handler **handlers, const char **name) * Find the handler for the prefix and dispatch its get() operation. */ ssize_t -generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size) +generic_getxattr(struct dentry *dentry, struct inode *inode, + const char *name, void *buffer, size_t size) { const struct xattr_handler *handler; handler = xattr_resolve_name(dentry->d_sb->s_xattr, &name); if (!handler) return -EOPNOTSUPP; - return handler->get(dentry, dentry->d_inode, name, buffer, size, - handler->flags); + return handler->get(dentry, inode, + name, buffer, size, handler->flags); } /* diff --git a/include/linux/fs.h b/include/linux/fs.h index 2a41353..7586207 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1538,7 +1538,8 @@ struct inode_operations { int (*setattr) (struct dentry *, struct iattr *); int (*getattr) (struct vfsmount *mnt, struct dentry *, struct kstat *); int (*setxattr) (struct dentry *, const char *,const void *,size_t,int); - ssize_t (*getxattr) (struct dentry *, const char *, void *, size_t); + ssize_t (*getxattr) (struct dentry *, struct inode *, + const char *, void *, size_t); ssize_t (*listxattr) (struct dentry *, char *, size_t); int (*removexattr) (struct dentry *, const char *); int (*fiemap)(struct inode *, struct fiemap_extent_info *, u64 start, diff --git a/include/linux/xattr.h b/include/linux/xattr.h index 1088878..ad4c869 100644 --- a/include/linux/xattr.h +++ b/include/linux/xattr.h @@ -43,7 +43,7 @@ int __vfs_setxattr_noperm(struct dentry *, const char *, const void *, size_t, i int vfs_setxattr(struct dentry *, const char *, const void *, size_t, int); int vfs_removexattr(struct dentry *, const char *); -ssize_t generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size); +ssize_t generic_getxattr(struct dentry *dentry, struct inode *inode, const char *name, void *buffer, size_t size); ssize_t generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size); int generic_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags); int generic_removexattr(struct dentry *dentry, const char *name); diff --git a/mm/shmem.c b/mm/shmem.c index fac22b5..8be47d4 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -2576,10 +2576,10 @@ static int shmem_xattr_validate(const char *name) return -EOPNOTSUPP; } -static ssize_t shmem_getxattr(struct dentry *dentry, const char *name, - void *buffer, size_t size) +static ssize_t shmem_getxattr(struct dentry *dentry, struct inode *inode, + const char *name, void *buffer, size_t size) { - struct shmem_inode_info *info = SHMEM_I(dentry->d_inode); + struct shmem_inode_info *info = SHMEM_I(inode); int err; /* @@ -2588,7 +2588,7 @@ static ssize_t shmem_getxattr(struct dentry *dentry, const char *name, * for it via sb->s_xattr. */ if (!strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN)) - return generic_getxattr(dentry, name, buffer, size); + return generic_getxattr(dentry, inode, name, buffer, size); err = shmem_xattr_validate(name); if (err) diff --git a/net/socket.c b/net/socket.c index e723717..a70e86c 100644 --- a/net/socket.c +++ b/net/socket.c @@ -470,7 +470,7 @@ static struct socket *sockfd_lookup_light(int fd, int *err, int *fput_needed) #define XATTR_SOCKPROTONAME_SUFFIX "sockprotoname" #define XATTR_NAME_SOCKPROTONAME (XATTR_SYSTEM_PREFIX XATTR_SOCKPROTONAME_SUFFIX) #define XATTR_NAME_SOCKPROTONAME_LEN (sizeof(XATTR_NAME_SOCKPROTONAME)-1) -static ssize_t sockfs_getxattr(struct dentry *dentry, +static ssize_t sockfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name, void *value, size_t size) { const char *proto_name; diff --git a/security/commoncap.c b/security/commoncap.c index 6849e6c..bdbe1e1 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -308,7 +308,7 @@ int cap_inode_need_killpriv(struct dentry *dentry) if (!inode->i_op->getxattr) return 0; - error = inode->i_op->getxattr(dentry, XATTR_NAME_CAPS, NULL, 0); + error = inode->i_op->getxattr(dentry, inode, XATTR_NAME_CAPS, NULL, 0); if (error <= 0) return 0; return 1; @@ -391,8 +391,8 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data if (!inode || !inode->i_op->getxattr) return -ENODATA; - size = inode->i_op->getxattr((struct dentry *)dentry, XATTR_NAME_CAPS, &caps, - XATTR_CAPS_SZ); + size = inode->i_op->getxattr((struct dentry *)dentry, inode, + XATTR_NAME_CAPS, &caps, XATTR_CAPS_SZ); if (size == -ENODATA || size == -EOPNOTSUPP) /* no data, that's ok */ return -ENODATA; diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index e1998df..106d1ac 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -83,7 +83,7 @@ static int evm_find_protected_xattrs(struct dentry *dentry) return -EOPNOTSUPP; for (xattr = evm_config_xattrnames; *xattr != NULL; xattr++) { - error = inode->i_op->getxattr(dentry, *xattr, NULL, 0); + error = inode->i_op->getxattr(dentry, inode, *xattr, NULL, 0); if (error < 0) { if (error == -ENODATA) continue; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 98370d0..8718f05 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -442,7 +442,8 @@ static int sb_finish_set_opts(struct super_block *sb) rc = -EOPNOTSUPP; goto out; } - rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0); + rc = root_inode->i_op->getxattr(root, root_inode, + XATTR_NAME_SELINUX, NULL, 0); if (rc < 0 && rc != -ENODATA) { if (rc == -EOPNOTSUPP) printk(KERN_WARNING "SELinux: (dev %s, type " @@ -1344,13 +1345,13 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent goto out_unlock; } context[len] = '\0'; - rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, + rc = inode->i_op->getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len); if (rc == -ERANGE) { kfree(context); /* Need a larger buffer. Query for the right size. */ - rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, + rc = inode->i_op->getxattr(dentry, inode, XATTR_NAME_SELINUX, NULL, 0); if (rc < 0) { dput(dentry); @@ -1364,7 +1365,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent goto out_unlock; } context[len] = '\0'; - rc = inode->i_op->getxattr(dentry, + rc = inode->i_op->getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len); } diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index a72b516..764e521 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -219,7 +219,7 @@ static struct smack_known *smk_fetch(const char *name, struct inode *ip, if (buffer == NULL) return NULL; - rc = ip->i_op->getxattr(dp, name, buffer, SMK_LONGLABEL); + rc = ip->i_op->getxattr(dp, ip, name, buffer, SMK_LONGLABEL); if (rc > 0) skp = smk_import_entry(buffer, rc); @@ -3144,7 +3144,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) TRANS_TRUE, TRANS_TRUE_SIZE, 0); } else { - rc = inode->i_op->getxattr(dp, + rc = inode->i_op->getxattr(dp, inode, XATTR_NAME_SMACKTRANSMUTE, trattr, TRANS_TRUE_SIZE); if (rc >= 0 && strncmp(trattr, TRANS_TRUE, -- 1.7.4.1

7 years, 1 month

1
0
0 0

patch "USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 3ae259faaf19e9b6284fe786e3bd4626df143cd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maxence=20Dupr=C3=A8s?= <xpros64(a)hotmail.fr> Date: Wed, 8 Aug 2018 23:56:33 +0000 Subject: USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller WORLDE Controller KS49 or Prodipe MIDI 49C USB controller cause a -EPROTO error, a communication restart and loop again. This issue has already been fixed for KS25. https://lore.kernel.org/patchwork/patch/753077/ I just add device 201 for KS49 in quirks.c to get it works. Signed-off-by: Laurent Roux <xpros64(a)hotmail.fr> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/quirks.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c index 097057d2eacf..689a6c65bc5c 100644 --- a/drivers/usb/core/quirks.c +++ b/drivers/usb/core/quirks.c @@ -178,6 +178,10 @@ static const struct usb_device_id usb_quirk_list[] = { /* CBM - Flash disk */ { USB_DEVICE(0x0204, 0x6025), .driver_info = USB_QUIRK_RESET_RESUME }, + /* WORLDE Controller KS49 or Prodipe MIDI 49C USB controller */ + { USB_DEVICE(0x0218, 0x0201), .driver_info = + USB_QUIRK_CONFIG_INTF_STRINGS }, + /* WORLDE easy key (easykey.25) MIDI controller */ { USB_DEVICE(0x0218, 0x0401), .driver_info = USB_QUIRK_CONFIG_INTF_STRINGS }, -- 2.18.0

7 years, 1 month

1
0
0 0

patch "USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 44daed946923907f425f616b3d69b18a4145740c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maxence=20Dupr=C3=A8s?= <xpros64(a)hotmail.fr> Date: Wed, 8 Aug 2018 23:56:33 +0000 Subject: USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller WORLDE Controller KS49 or Prodipe MIDI 49C USB controller cause a -EPROTO error, a communication restart and loop again. This issue has already been fixed for KS25. https://lore.kernel.org/patchwork/patch/753077/ I just add device 201 for KS49 in quirks.c to get it works. This is the patch I propose. Signed-off-by: Laurent Roux <xpros64(a)hotmail.fr> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/quirks.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c index 097057d2eacf..689a6c65bc5c 100644 --- a/drivers/usb/core/quirks.c +++ b/drivers/usb/core/quirks.c @@ -178,6 +178,10 @@ static const struct usb_device_id usb_quirk_list[] = { /* CBM - Flash disk */ { USB_DEVICE(0x0204, 0x6025), .driver_info = USB_QUIRK_RESET_RESUME }, + /* WORLDE Controller KS49 or Prodipe MIDI 49C USB controller */ + { USB_DEVICE(0x0218, 0x0201), .driver_info = + USB_QUIRK_CONFIG_INTF_STRINGS }, + /* WORLDE easy key (easykey.25) MIDI controller */ { USB_DEVICE(0x0218, 0x0401), .driver_info = USB_QUIRK_CONFIG_INTF_STRINGS }, -- 2.18.0

7 years, 1 month

1
0
0 0

perf: Support uncore in 4.9.112

by Jin, Yao

Hi, The stable kernel 4.9.112 has supported Intel uncore feature in perf core. While it also needs the perf tool supporting to let perf uncore feature work. Following backport patches enables basic perf uncore feature in 4.9.112. For example, on skylake desktop, root@skl:~# uname -a Linux skl 4.9.112+ #2 SMP Mon Jul 16 17:35:25 CST 2018 x86_64 x86_64 x86_64 GNU/Linux root@skl:~# perf list | grep unc_ unc_arb_coh_trk_requests.all unc_arb_trk_occupancy.all unc_arb_trk_occupancy.cycles_with_any_request unc_arb_trk_requests.all unc_arb_trk_requests.drd_direct unc_arb_trk_requests.writes unc_cbo_cache_lookup.any_es unc_cbo_cache_lookup.any_i unc_cbo_cache_lookup.any_m unc_cbo_cache_lookup.any_mesi unc_cbo_cache_lookup.read_es unc_cbo_cache_lookup.read_i unc_cbo_cache_lookup.read_mesi unc_cbo_cache_lookup.write_es unc_cbo_cache_lookup.write_m unc_cbo_cache_lookup.write_mesi unc_cbo_xsnp_response.hit_xcore unc_cbo_xsnp_response.hitm_xcore unc_cbo_xsnp_response.miss_eviction unc_cbo_xsnp_response.miss_xcore root@skl:~# perf stat -a -e unc_cbo_cache_lookup.any_es sleep 1 Performance counter stats for 'system wide': 147,229 unc_cbo_cache_lookup.any_es 1.001204726 seconds time elapsed These patches are divided into 2 parts, perf core part and perf tool part. (Please apply the patches from top to bottom in following lists, otherwise conflicts will happen) 1. Patches for perf core to fix some uncore issues. perf/x86/intel/uncore: Fix Skylake server CHA LLC_LOOKUP event umask c3f02682a101b83424128915b14e60c156c03f02 perf/x86/intel/uncore: Fix Skylake server PCU PMU event format bab4e569e80c07ba6fe5e4f2d815adeef26cee94 perf/x86/intel/uncore: Fix Skylake UPI PMU event masks b3625980a65db6b6b6bbd5790a77ab95ce6397c5 perf/x86/intel/uncore: Remove invalid Skylake server CHA filter field 9ad0fbd8fcd9e6815908c772f8d792a9d764449e perf/x86/intel/uncore: Fix SKX CHA event extra regs 8aa7b7b4b4a601978672dce6604b9f5630b2eeb8 perf/x86/intel/uncore: Fix missing marker for skx_uncore_cha_extra_regs ba883b4abc9cd837441b01eb9cf8d9196181294d perf/x86/intel/uncore: Add event constraint for BDX PCU bb9fbe1b57503f790dbbf9f06e72cb0fb9e60740 2. Patches for perf tool to enable the uncore feature. Note that since some dependencies in perf vendor events patches, so this patch-set includes both core and uncore event patches. perf vendor events: Add BroadwellDE V5 event file 27b565b1eb04a277027953cab13b5aad5d469390 perf vendor events: Add Broadwell V17 event file b74d1315cab113ce1e0ee5e10eb6638219c1b0d1 perf vendor events: Add BroadwellX V10 event file 19c0389b60d486010d508d5a1551ee9b6a8b2f45 perf vendor events: Add Bonnell V4 event file 052aa3cce3f2b91e339318e5fe9806d0cfd822f0 perf vendor events: Add Goldmont V8 event file 4a00680b059a6c2c378945e2dffa2fa2876a4fc1 perf vendor events: Add Haswell V24 event file dcfbad10c7ba0bd2f4993c8d8a258471eb6083ff perf vendor events: Add HaswellX V17 event file ede007404388cd1ba306760a2881dc9722f5bb47 perf vendor events: Add IvyBridge V18 event file 4b90798ebb0bab8fe1ed9065e80879503f5601d2 perf vendor events: Add IvyTown V19 event file d910f0ba6d72a0917ae30b6aed5131988e3096e4 perf vendor events: Add Jaketown V20 event file 902ea4ee33e6dccece0f78a68e882eee9be9577f perf vendor events: Add KnightsLanding V9 event file 55d42d272ee30cd781e74a9c4ab152664c6417fc perf vendor events: Add NehalemEP V2 event file edaa78b4c050ec0a0fc7f436cdf6a73c91af64e0 perf vendor events: Add NehalemEX V2 event file d8c303858582d4dcd90f13ebbe9db812a70d0948 perf vendor events: Add Skylake V24 event file 47cbd67e243a6bbb4133d719edd24ee6a315462d perf vendor events: Add Silvermont V13 event file 1b0978458300164046d12e1b7930c9de38057e1d perf vendor events: Add SandyBridge V15 event file 6e82bdae472355fe0953e12eb29a36079e155ddb perf vendor events: Add WestmereEP-DP V2 event file 1f888acd92c8f88b0ab9640cef0794bc5424c668 perf vendor events: Add WestmereEP-SP V2 event file 01dd25455b3588431d3f59c70e7b934a91d66121 perf vendor events: Add WestmereEX V2 event file 1fbd54b2e2356659f9f87920dc514792db6ff602 perf vendor events intel: Add uncore events for Haswell Server processor 7003f00fdb7b44662e8b47ebaf8ff6ce554df4bb perf vendor events intel: Add uncore events for Broadwell Server 949c84efcac9662b1df520675cdfce07273f4d59 perf vendor events intel: Add uncore events for IvyBridge Server 6b138c7b14d6134bed2419ccf7573b87e7a064b0 perf vendor events intel: Add uncore events for Sandy Bridge Server dd32cb5d8fd42316bf8c2b9f7e5c51a38625f755 perf vendor events intel: Add uncore events for Xeon Phi (Knights Landing) 22c8e5526b7bf33840c20b4e717e6560e5dfb294 perf vendor events intel: Add uncore events for Broadwell DE 76667024171a2d6811c5ddbe42a8f675987ad8a1 perf vendor events: Add mapping for KnightsMill PMU events 771ceddaadd0a2b31603034b36dca50943ff6836 perf vendor events intel: Update Intel uncore JSON event files b90b3e9c11050e09279d2b9a318189e155910b20 perf vendor events intel: Add missing UNC_M_DCLOCKTICKS for Broadwell DE uncore 9c4e2e2589c99ed01db6245847b4bd44bc053330 perf vendor events intel: Add uncore events for Sandy Bridge client 80432c7311dbcf0c814d4923480b055a725b0be2 perf vendor events intel: Add uncore events for Ivy Bridge client bccdcb2a77ba0bef17baf152179e30ca35459a0c perf vendor events intel: Add uncore events for Haswell client 0585c6265e66f952bcb6280cf078e5e120bd367a perf vendor events intel: Add uncore events for Broadwell client 092a95d41655bdd31d7d28f1788818724505feb2 perf vendor events intel: Add uncore events for Skylake client 92c6de0f10a80e4936fac04148bd3783a7c2b9f8 perf vendor events: Add core event list for Skylake Server 630171d4156a257869b3cca5b2e63aacf7bc7948 perf vendor events: Add Skylake server uncore event list 41d3d6db1767326dd7daf7c6df48e42020647c15 perf vendor events: Add Goldmont Plus V1 event file 65db92e0965ab56e8031d5c804f26d5be0e47047 perf jevents: Parse eventcode as number d581141970ef3965c1624960fa928d765afd8a3e perf jevents: Add support for parsing uncore json files fedb2b518239cbc00abcf0d200e0be8436251c11 perf pmu: Support per pmu json aliases 15b22ed369aa23ef4d083ffb9621650c353d3ddd perf pmu: Support event aliases for non cpu// pmus 231bb2aa32498cbebef1306889a02114e9dfc934 perf pmu: Factor out scale conversion code d02fc6bcd53721cf8588633409157c232f2418e0 perf tools: Move new_term arguments into struct parse_events_term template 67b49b38f7bd6f34319b540ce824d5697241b3a8 perf tools: Fail on using multiple bits long terms without value 99e7138eb7897aa0ccc6661173ae2d7e79721e05 perf list: Add debug support for outputing alias string f23610245c1aa0e912476e642bd5107d04122230 perf tools: Factor out PMU matching in parser 2073ad3326b7e4577af3d6789edd03df79519d21 perf pmu: Expand PMU events by prefix match 8255718f4bedbfb3558fba10ff40a70934f2117d perf pmu: Special case uncore_ prefix a820e33547aee9fd0460106c1fc577a125c23975 perf stat: Factor out callback for collecting event values fbe51fba82901fd15d3e0a068388fcd7d02dc047 perf stat: Collapse identically named events 430daf2dc7aff16096a137347e6fd03d4af609e9 perf stat: Handle partially bad results with merging b4229e9d4cac2295f8f04ec26acd571a391c6c37 perf vendor events intel: Add uncore_arb JSON support af34cb4fad1ba08db199ef1b0a529549e041dd25 perf vendor events intel: Add missing space in json descriptions 3401e8d1e1300742ed41910b9338b9da52689a16 Thanks Jin Yao

7 years, 1 month

3
13
0 0

[PATCH 08/10] bcache: set max writeback rate when I/O request is idle

by Coly Li

Commit b1092c9af9ed ("bcache: allow quick writeback when backing idle") allows the writeback rate to be faster if there is no I/O request on a bcache device. It works well if there is only one bcache device attached to the cache set. If there are many bcache devices attached to a cache set, it may introduce performance regression because multiple faster writeback threads of the idle bcache devices will compete the btree level locks with the bcache device who have I/O requests coming. This patch fixes the above issue by only permitting fast writebac when all bcache devices attached on the cache set are idle. And if one of the bcache devices has new I/O request coming, minimized all writeback throughput immediately and let PI controller __update_writeback_rate() to decide the upcoming writeback rate for each bcache device. Also when all bcache devices are idle, limited wrieback rate to a small number is wast of thoughput, especially when backing devices are slower non-rotation devices (e.g. SATA SSD). This patch sets a max writeback rate for each backing device if the whole cache set is idle. A faster writeback rate in idle time means new I/Os may have more available space for dirty data, and people may observe a better write performance then. Please note bcache may change its cache mode in run time, and this patch still works if the cache mode is switched from writeback mode and there is still dirty data on cache. Fixes: Commit b1092c9af9ed ("bcache: allow quick writeback when backing idle") Cc: stable(a)vger.kernel.org #4.16+ Signed-off-by: Coly Li <colyli(a)suse.de> Tested-by: Kai Krakow <kai(a)kaishome.de> Tested-by: Stefan Priebe <s.priebe(a)profihost.ag> Cc: Michael Lyle <mlyle(a)lyle.org> --- drivers/md/bcache/bcache.h | 10 ++-- drivers/md/bcache/request.c | 59 ++++++++++++++++++++++- drivers/md/bcache/super.c | 4 ++ drivers/md/bcache/sysfs.c | 15 ++++-- drivers/md/bcache/util.c | 2 +- drivers/md/bcache/util.h | 2 +- drivers/md/bcache/writeback.c | 91 +++++++++++++++++++++++------------ 7 files changed, 138 insertions(+), 45 deletions(-) diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h index b393b3fd06b6..05f82ff6f016 100644 --- a/drivers/md/bcache/bcache.h +++ b/drivers/md/bcache/bcache.h @@ -328,13 +328,6 @@ struct cached_dev { */ atomic_t has_dirty; - /* - * Set to zero by things that touch the backing volume-- except - * writeback. Incremented by writeback. Used to determine when to - * accelerate idle writeback. - */ - atomic_t backing_idle; - struct bch_ratelimit writeback_rate; struct delayed_work writeback_rate_update; @@ -515,6 +508,8 @@ struct cache_set { struct cache_accounting accounting; unsigned long flags; + atomic_t idle_counter; + atomic_t at_max_writeback_rate; struct cache_sb sb; @@ -524,6 +519,7 @@ struct cache_set { struct bcache_device **devices; unsigned devices_max_used; + atomic_t attached_dev_nr; struct list_head cached_devs; uint64_t cached_dev_sectors; atomic_long_t flash_dev_dirty_sectors; diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c index 914d501ad1e0..7dbe8b6316a0 100644 --- a/drivers/md/bcache/request.c +++ b/drivers/md/bcache/request.c @@ -1103,6 +1103,44 @@ static void detached_dev_do_request(struct bcache_device *d, struct bio *bio) generic_make_request(bio); } +static void quit_max_writeback_rate(struct cache_set *c, + struct cached_dev *this_dc) +{ + int i; + struct bcache_device *d; + struct cached_dev *dc; + + /* + * mutex bch_register_lock may compete with other parallel requesters, + * or attach/detach operations on other backing device. Waiting to + * the mutex lock may increase I/O request latency for seconds or more. + * To avoid such situation, if mutext_trylock() failed, only writeback + * rate of current cached device is set to 1, and __update_write_back() + * will decide writeback rate of other cached devices (remember now + * c->idle_counter is 0 already). + */ + if (mutex_trylock(&bch_register_lock)) { + for (i = 0; i < c->devices_max_used; i++) { + if (!c->devices[i]) + continue; + + if (UUID_FLASH_ONLY(&c->uuids[i])) + continue; + + d = c->devices[i]; + dc = container_of(d, struct cached_dev, disk); + /* + * set writeback rate to default minimum value, + * then let update_writeback_rate() to decide the + * upcoming rate. + */ + atomic_long_set(&dc->writeback_rate.rate, 1); + } + mutex_unlock(&bch_register_lock); + } else + atomic_long_set(&this_dc->writeback_rate.rate, 1); +} + /* Cached devices - read & write stuff */ static blk_qc_t cached_dev_make_request(struct request_queue *q, @@ -1120,8 +1158,25 @@ static blk_qc_t cached_dev_make_request(struct request_queue *q, return BLK_QC_T_NONE; } - atomic_set(&dc->backing_idle, 0); - generic_start_io_acct(q, bio_op(bio), bio_sectors(bio), &d->disk->part0); + if (likely(d->c)) { + if (atomic_read(&d->c->idle_counter)) + atomic_set(&d->c->idle_counter, 0); + /* + * If at_max_writeback_rate of cache set is true and new I/O + * comes, quit max writeback rate of all cached devices + * attached to this cache set, and set at_max_writeback_rate + * to false. + */ + if (unlikely(atomic_read(&d->c->at_max_writeback_rate) == 1)) { + atomic_set(&d->c->at_max_writeback_rate, 0); + quit_max_writeback_rate(d->c, dc); + } + } + + generic_start_io_acct(q, + bio_op(bio), + bio_sectors(bio), + &d->disk->part0); bio_set_dev(bio, dc->bdev); bio->bi_iter.bi_sector += dc->sb.data_offset; diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index f517d7d1fa10..32b95f3b9461 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -696,6 +696,8 @@ static void bcache_device_detach(struct bcache_device *d) { lockdep_assert_held(&bch_register_lock); + atomic_dec(&d->c->attached_dev_nr); + if (test_bit(BCACHE_DEV_DETACHING, &d->flags)) { struct uuid_entry *u = d->c->uuids + d->id; @@ -1144,6 +1146,7 @@ int bch_cached_dev_attach(struct cached_dev *dc, struct cache_set *c, bch_cached_dev_run(dc); bcache_device_link(&dc->disk, c, "bdev"); + atomic_inc(&c->attached_dev_nr); /* Allow the writeback thread to proceed */ up_write(&dc->writeback_lock); @@ -1696,6 +1699,7 @@ struct cache_set *bch_cache_set_alloc(struct cache_sb *sb) c->block_bits = ilog2(sb->block_size); c->nr_uuids = bucket_bytes(c) / sizeof(struct uuid_entry); c->devices_max_used = 0; + atomic_set(&c->attached_dev_nr, 0); c->btree_pages = bucket_pages(c); if (c->btree_pages > BTREE_MAX_PAGES) c->btree_pages = max_t(int, c->btree_pages / 4, diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c index 3e9d3459a224..6e88142514fb 100644 --- a/drivers/md/bcache/sysfs.c +++ b/drivers/md/bcache/sysfs.c @@ -171,7 +171,8 @@ SHOW(__bch_cached_dev) var_printf(writeback_running, "%i"); var_print(writeback_delay); var_print(writeback_percent); - sysfs_hprint(writeback_rate, wb ? dc->writeback_rate.rate << 9 : 0); + sysfs_hprint(writeback_rate, + wb ? atomic_long_read(&dc->writeback_rate.rate) << 9 : 0); sysfs_hprint(io_errors, atomic_read(&dc->io_errors)); sysfs_printf(io_error_limit, "%i", dc->error_limit); sysfs_printf(io_disable, "%i", dc->io_disable); @@ -193,7 +194,9 @@ SHOW(__bch_cached_dev) * Except for dirty and target, other values should * be 0 if writeback is not running. */ - bch_hprint(rate, wb ? dc->writeback_rate.rate << 9 : 0); + bch_hprint(rate, + wb ? atomic_long_read(&dc->writeback_rate.rate) << 9 + : 0); bch_hprint(dirty, bcache_dev_sectors_dirty(&dc->disk) << 9); bch_hprint(target, dc->writeback_rate_target << 9); bch_hprint(proportional, @@ -261,8 +264,12 @@ STORE(__cached_dev) sysfs_strtoul_clamp(writeback_percent, dc->writeback_percent, 0, 40); - sysfs_strtoul_clamp(writeback_rate, - dc->writeback_rate.rate, 1, INT_MAX); + if (attr == &sysfs_writeback_rate) { + int v; + + sysfs_strtoul_clamp(writeback_rate, v, 1, INT_MAX); + atomic_long_set(&dc->writeback_rate.rate, v); + } sysfs_strtoul_clamp(writeback_rate_update_seconds, dc->writeback_rate_update_seconds, diff --git a/drivers/md/bcache/util.c b/drivers/md/bcache/util.c index fc479b026d6d..b15256bcf0e7 100644 --- a/drivers/md/bcache/util.c +++ b/drivers/md/bcache/util.c @@ -200,7 +200,7 @@ uint64_t bch_next_delay(struct bch_ratelimit *d, uint64_t done) { uint64_t now = local_clock(); - d->next += div_u64(done * NSEC_PER_SEC, d->rate); + d->next += div_u64(done * NSEC_PER_SEC, atomic_long_read(&d->rate)); /* Bound the time. Don't let us fall further than 2 seconds behind * (this prevents unnecessary backlog that would make it impossible diff --git a/drivers/md/bcache/util.h b/drivers/md/bcache/util.h index cced87f8eb27..f7b0133c9d2f 100644 --- a/drivers/md/bcache/util.h +++ b/drivers/md/bcache/util.h @@ -442,7 +442,7 @@ struct bch_ratelimit { * Rate at which we want to do work, in units per second * The units here correspond to the units passed to bch_next_delay() */ - uint32_t rate; + atomic_long_t rate; }; static inline void bch_ratelimit_reset(struct bch_ratelimit *d) diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c index 912e969fedba..481d4cf38ac0 100644 --- a/drivers/md/bcache/writeback.c +++ b/drivers/md/bcache/writeback.c @@ -104,11 +104,56 @@ static void __update_writeback_rate(struct cached_dev *dc) dc->writeback_rate_proportional = proportional_scaled; dc->writeback_rate_integral_scaled = integral_scaled; - dc->writeback_rate_change = new_rate - dc->writeback_rate.rate; - dc->writeback_rate.rate = new_rate; + dc->writeback_rate_change = new_rate - + atomic_long_read(&dc->writeback_rate.rate); + atomic_long_set(&dc->writeback_rate.rate, new_rate); dc->writeback_rate_target = target; } +static bool set_at_max_writeback_rate(struct cache_set *c, + struct cached_dev *dc) +{ + /* + * Idle_counter is increased everytime when update_writeback_rate() is + * called. If all backing devices attached to the same cache set have + * identical dc->writeback_rate_update_seconds values, it is about 6 + * rounds of update_writeback_rate() on each backing device before + * c->at_max_writeback_rate is set to 1, and then max wrteback rate set + * to each dc->writeback_rate.rate. + * In order to avoid extra locking cost for counting exact dirty cached + * devices number, c->attached_dev_nr is used to calculate the idle + * throushold. It might be bigger if not all cached device are in write- + * back mode, but it still works well with limited extra rounds of + * update_writeback_rate(). + */ + if (atomic_inc_return(&c->idle_counter) < + atomic_read(&c->attached_dev_nr) * 6) + return false; + + if (atomic_read(&c->at_max_writeback_rate) != 1) + atomic_set(&c->at_max_writeback_rate, 1); + + atomic_long_set(&dc->writeback_rate.rate, INT_MAX); + + /* keep writeback_rate_target as existing value */ + dc->writeback_rate_proportional = 0; + dc->writeback_rate_integral_scaled = 0; + dc->writeback_rate_change = 0; + + /* + * Check c->idle_counter and c->at_max_writeback_rate agagain in case + * new I/O arrives during before set_at_max_writeback_rate() returns. + * Then the writeback rate is set to 1, and its new value should be + * decided via __update_writeback_rate(). + */ + if ((atomic_read(&c->idle_counter) < + atomic_read(&c->attached_dev_nr) * 6) || + !atomic_read(&c->at_max_writeback_rate)) + return false; + + return true; +} + static void update_writeback_rate(struct work_struct *work) { struct cached_dev *dc = container_of(to_delayed_work(work), @@ -136,13 +181,20 @@ static void update_writeback_rate(struct work_struct *work) return; } - down_read(&dc->writeback_lock); - - if (atomic_read(&dc->has_dirty) && - dc->writeback_percent) - __update_writeback_rate(dc); + if (atomic_read(&dc->has_dirty) && dc->writeback_percent) { + /* + * If the whole cache set is idle, set_at_max_writeback_rate() + * will set writeback rate to a max number. Then it is + * unncessary to update writeback rate for an idle cache set + * in maximum writeback rate number(s). + */ + if (!set_at_max_writeback_rate(c, dc)) { + down_read(&dc->writeback_lock); + __update_writeback_rate(dc); + up_read(&dc->writeback_lock); + } + } - up_read(&dc->writeback_lock); /* * CACHE_SET_IO_DISABLE might be set via sysfs interface, @@ -422,27 +474,6 @@ static void read_dirty(struct cached_dev *dc) delay = writeback_delay(dc, size); - /* If the control system would wait for at least half a - * second, and there's been no reqs hitting the backing disk - * for awhile: use an alternate mode where we have at most - * one contiguous set of writebacks in flight at a time. If - * someone wants to do IO it will be quick, as it will only - * have to contend with one operation in flight, and we'll - * be round-tripping data to the backing disk as quickly as - * it can accept it. - */ - if (delay >= HZ / 2) { - /* 3 means at least 1.5 seconds, up to 7.5 if we - * have slowed way down. - */ - if (atomic_inc_return(&dc->backing_idle) >= 3) { - /* Wait for current I/Os to finish */ - closure_sync(&cl); - /* And immediately launch a new set. */ - delay = 0; - } - } - while (!kthread_should_stop() && !test_bit(CACHE_SET_IO_DISABLE, &dc->disk.c->flags) && delay) { @@ -741,7 +772,7 @@ void bch_cached_dev_writeback_init(struct cached_dev *dc) dc->writeback_running = true; dc->writeback_percent = 10; dc->writeback_delay = 30; - dc->writeback_rate.rate = 1024; + atomic_long_set(&dc->writeback_rate.rate, 1024); dc->writeback_rate_minimum = 8; dc->writeback_rate_update_seconds = WRITEBACK_RATE_UPDATE_SECS_DEFAULT; -- 2.18.0

7 years, 1 month

1
0
0 0

[PATCH 01/10] bcache: do not check return value of debugfs_create_dir()

by Coly Li

Greg KH suggests that normal code should not care about debugfs. Therefore no matter successful or failed of debugfs_create_dir() execution, it is unncessary to check its return value. There are two functions called debugfs_create_dir() and check the return value, which are bch_debug_init() and closure_debug_init(). This patch changes these two functions from int to void type, and ignore return values of debugfs_create_dir(). This patch does not fix exact bug, just makes things work as they should. Signed-off-by: Coly Li <colyli(a)suse.de> Suggested-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: stable(a)vger.kernel.org Cc: Kai Krakow <kai(a)kaishome.de> Cc: Kent Overstreet <kent.overstreet(a)gmail.com> --- drivers/md/bcache/bcache.h | 2 +- drivers/md/bcache/closure.c | 13 +++++++++---- drivers/md/bcache/closure.h | 4 ++-- drivers/md/bcache/debug.c | 11 ++++++----- drivers/md/bcache/super.c | 4 +++- 5 files changed, 21 insertions(+), 13 deletions(-) diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h index 872ef4d67711..0a3e82b0876d 100644 --- a/drivers/md/bcache/bcache.h +++ b/drivers/md/bcache/bcache.h @@ -1001,7 +1001,7 @@ void bch_open_buckets_free(struct cache_set *); int bch_cache_allocator_start(struct cache *ca); void bch_debug_exit(void); -int bch_debug_init(struct kobject *); +void bch_debug_init(struct kobject *kobj); void bch_request_exit(void); int bch_request_init(void); diff --git a/drivers/md/bcache/closure.c b/drivers/md/bcache/closure.c index 0e14969182c6..618253683d40 100644 --- a/drivers/md/bcache/closure.c +++ b/drivers/md/bcache/closure.c @@ -199,11 +199,16 @@ static const struct file_operations debug_ops = { .release = single_release }; -int __init closure_debug_init(void) +void __init closure_debug_init(void) { - closure_debug = debugfs_create_file("closures", - 0400, bcache_debug, NULL, &debug_ops); - return IS_ERR_OR_NULL(closure_debug); + if (!IS_ERR_OR_NULL(bcache_debug)) + /* + * it is unnecessary to check return value of + * debugfs_create_file(), we should not care + * about this. + */ + closure_debug = debugfs_create_file( + "closures", 0400, bcache_debug, NULL, &debug_ops); } #endif diff --git a/drivers/md/bcache/closure.h b/drivers/md/bcache/closure.h index 71427eb5fdae..7c2c5bc7c88b 100644 --- a/drivers/md/bcache/closure.h +++ b/drivers/md/bcache/closure.h @@ -186,13 +186,13 @@ static inline void closure_sync(struct closure *cl) #ifdef CONFIG_BCACHE_CLOSURES_DEBUG -int closure_debug_init(void); +void closure_debug_init(void); void closure_debug_create(struct closure *cl); void closure_debug_destroy(struct closure *cl); #else -static inline int closure_debug_init(void) { return 0; } +static inline void closure_debug_init(void) {} static inline void closure_debug_create(struct closure *cl) {} static inline void closure_debug_destroy(struct closure *cl) {} diff --git a/drivers/md/bcache/debug.c b/drivers/md/bcache/debug.c index 04d146711950..12034c07257b 100644 --- a/drivers/md/bcache/debug.c +++ b/drivers/md/bcache/debug.c @@ -252,11 +252,12 @@ void bch_debug_exit(void) debugfs_remove_recursive(bcache_debug); } -int __init bch_debug_init(struct kobject *kobj) +void __init bch_debug_init(struct kobject *kobj) { - if (!IS_ENABLED(CONFIG_DEBUG_FS)) - return 0; - + /* + * it is unnecessary to check return value of + * debugfs_create_file(), we should not care + * about this. + */ bcache_debug = debugfs_create_dir("bcache", NULL); - return IS_ERR_OR_NULL(bcache_debug); } diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index e0a92104ca23..c7ffa6ef3f82 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -2345,10 +2345,12 @@ static int __init bcache_init(void) goto err; if (bch_request_init() || - bch_debug_init(bcache_kobj) || closure_debug_init() || sysfs_create_files(bcache_kobj, files)) goto err; + bch_debug_init(bcache_kobj); + closure_debug_init(); + return 0; err: bcache_exit(); -- 2.18.0

7 years, 1 month

1
0
0 0

[PATCH 4.17 00/18] 4.17.14-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.17.14 release. There are 18 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 9 17:23:05 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.17.14-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.17.14-rc1 Shankara Pailoor <shankarapailoor(a)gmail.com> jfs: Fix inconsistency between memory allocation and ea_buf->max_size Dave Chinner <dchinner(a)redhat.com> xfs: validate cached inodes are free when allocated Eric Sandeen <sandeen(a)sandeen.net> xfs: don't call xfs_da_shrink_inode with NULL bp Linus Torvalds <torvalds(a)linux-foundation.org> Partially revert "block: fail op_is_write() requests to read-only partitions" Filipe Manana <fdmanana(a)suse.com> Btrfs: fix file data corruption after cloning a range and fsync Esben Haabendal <eha(a)deif.com> i2c: imx: Fix reinit_completion() use Masami Hiramatsu <mhiramat(a)kernel.org> ring_buffer: tracing: Inherit the tracing setting to next ring buffer Dmitry Safonov <dima(a)arista.com> netlink: Don't shift on 64 for ngroups Frederic Weisbecker <frederic(a)kernel.org> nohz: Fix missing tick reprogram when interrupting an inline softirq Anna-Maria Gleixner <anna-maria(a)linutronix.de> nohz: Fix local_timer_softirq_pending() Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix hardcoded index of Broadwell extra PCI devices Thomas Gleixner <tglx(a)linutronix.de> genirq: Make force irq threading setup more robust Kees Cook <keescook(a)chromium.org> jfs: Fix usercopy whitelist for inline inode data Anil Gurumurthy <anil.gurumurthy(a)cavium.com> scsi: qla2xxx: Return error when TMF returns Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix ISP recovery on unload Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix driver unload by shutting down chip Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix unintialized List head crash ------------- Diffstat: Makefile | 4 +- arch/x86/events/intel/uncore.h | 2 +- arch/x86/events/intel/uncore_snbep.c | 10 +++-- block/blk-core.c | 5 ++- drivers/i2c/busses/i2c-imx.c | 3 +- drivers/scsi/qla2xxx/qla_attr.c | 1 + drivers/scsi/qla2xxx/qla_gbl.h | 1 + drivers/scsi/qla2xxx/qla_gs.c | 4 ++ drivers/scsi/qla2xxx/qla_init.c | 7 ++-- drivers/scsi/qla2xxx/qla_inline.h | 2 + drivers/scsi/qla2xxx/qla_isr.c | 3 ++ drivers/scsi/qla2xxx/qla_mbx.c | 6 +++ drivers/scsi/qla2xxx/qla_mid.c | 11 +++++- drivers/scsi/qla2xxx/qla_os.c | 51 +++++++++++-------------- drivers/scsi/qla2xxx/qla_sup.c | 3 ++ fs/btrfs/extent_io.c | 3 ++ fs/jfs/jfs_dinode.h | 7 ++++ fs/jfs/jfs_incore.h | 1 + fs/jfs/super.c | 3 +- fs/jfs/xattr.c | 10 +++-- fs/xfs/libxfs/xfs_attr_leaf.c | 5 +-- fs/xfs/xfs_icache.c | 73 ++++++++++++++++++++++++------------ include/linux/ring_buffer.h | 1 + kernel/irq/manage.c | 9 ++++- kernel/softirq.c | 2 +- kernel/time/tick-sched.c | 2 +- kernel/trace/ring_buffer.c | 16 ++++++++ kernel/trace/trace.c | 6 +++ net/netlink/af_netlink.c | 4 +- 29 files changed, 171 insertions(+), 84 deletions(-)

7 years, 1 month

4
22
0 0

[PATCH] ARC: [plat-axs10x] Enable SWAP

by Alexey Brodkin

SWAP support on ARC was fixed earlier by commit 6e3761145a9b ("ARC: Fix CONFIG_SWAP") so now we may safely enable it on platforms that have external media like USB and SD-card. Signed-off-by: Alexey Brodkin <abrodkin(a)synopsys.com> Cc: stable(a)vger.kernel.org # 6e3761145a9b: ARC: Fix CONFIG_SWAP --- arch/arc/configs/axs101_defconfig | 1 - arch/arc/configs/axs103_defconfig | 1 - arch/arc/configs/axs103_smp_defconfig | 1 - 3 files changed, 3 deletions(-) diff --git a/arch/arc/configs/axs101_defconfig b/arch/arc/configs/axs101_defconfig index 3dbb2b3f60af..96b7258a76be 100644 --- a/arch/arc/configs/axs101_defconfig +++ b/arch/arc/configs/axs101_defconfig @@ -1,4 +1,3 @@ -# CONFIG_SWAP is not set CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y # CONFIG_CROSS_MEMORY_ATTACH is not set diff --git a/arch/arc/configs/axs103_defconfig b/arch/arc/configs/axs103_defconfig index 4d7b85d4b2dc..72fc21ef1334 100644 --- a/arch/arc/configs/axs103_defconfig +++ b/arch/arc/configs/axs103_defconfig @@ -1,4 +1,3 @@ -# CONFIG_SWAP is not set CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y # CONFIG_CROSS_MEMORY_ATTACH is not set diff --git a/arch/arc/configs/axs103_smp_defconfig b/arch/arc/configs/axs103_smp_defconfig index 92417e2e39f3..2ac89bd00e28 100644 --- a/arch/arc/configs/axs103_smp_defconfig +++ b/arch/arc/configs/axs103_smp_defconfig @@ -1,4 +1,3 @@ -# CONFIG_SWAP is not set CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y # CONFIG_CROSS_MEMORY_ATTACH is not set -- 2.17.1

7 years, 1 month

2
3
0 0

[PATCH 3.18 00/85] 3.18.118-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.118 release. There are 85 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 9 17:23:43 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.118-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.118-rc1 Shankara Pailoor <shankarapailoor(a)gmail.com> jfs: Fix inconsistency between memory allocation and ea_buf->max_size Masami Hiramatsu <mhiramat(a)kernel.org> ring_buffer: tracing: Inherit the tracing setting to next ring buffer Anil Gurumurthy <anil.gurumurthy(a)cavium.com> scsi: qla2xxx: Return error when TMF returns Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix ISP recovery on unload Tony Battersby <tonyb(a)cybernetics.com> scsi: sg: fix minor memory leak in error path Herbert Xu <herbert(a)gondor.apana.org.au> crypto: padlock-aes - Fix Nano workaround data corruption Jiang Biao <jiang.biao2(a)zte.com.cn> virtio_balloon: fix another race between migration and ballooning Anton Vasilyev <vasilyev(a)ispras.ru> can: ems_usb: Fix memory leak on ems_usb_disconnect() Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: more metadata hardenings Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: more metadata hardening Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: Do not suspend/resume closed slave_dev Eric Dumazet <edumazet(a)google.com> inet: frag: enforce memory limits earlier Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> ipv4: remove BUG_ON() from fib_compute_spec_dst Eric Dumazet <edumazet(a)google.com> tcp: add one more quick ack after after ECN events Yousuk Seung <ysseung(a)google.com> tcp: refactor tcp_ecn_check_ce to remove sk type cast Eric Dumazet <edumazet(a)google.com> tcp: do not aggressively quick ack after ECN events Eric Dumazet <edumazet(a)google.com> tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode Eric Dumazet <edumazet(a)google.com> tcp: do not force quickack when receiving out-of-order packets Xiao Liang <xiliang(a)redhat.com> xen-netfront: wait xenbus state change when load module manually Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> NET: stmmac: align DMA stuff to largest cache line length Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: be more careful about metadata corruption Theodore Ts'o <tytso(a)mit.edu> random: mix rdrand with entropy sent in from userspace Mauro Carvalho Chehab <mchehab(a)s-opensource.com> media: si470x: fix __be16 annotations Suman Anna <s-anna(a)ti.com> media: omap3isp: fix unbalanced dma_iommu_mapping Tudor-Dan Ambarus <tudor.ambarus(a)microchip.com> crypto: authenc - don't leak pointers to authenc keys Tudor-Dan Ambarus <tudor.ambarus(a)microchip.com> crypto: authencesn - don't leak pointers to authenc keys Dominik Bozek <dominikx.bozek(a)intel.com> usb: hub: Don't wait for connect state at resume for powered-off ports Michal Simek <michal.simek(a)xilinx.com> microblaze: Fix simpleImage format generation Siva Rebbagondla <siva.rebbagondla(a)redpinesignals.com> rsi: Fix 'invalid vdd' warning in mmc Chris Novakovic <chris(a)chrisn.me.uk> ipconfig: Correctly initialise ic_nameservers Luc Van Oostenryck <luc.vanoostenryck(a)gmail.com> drm/gma500: fix psb_intel_lvds_mode_valid()'s return type Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: hda/ca0132: fix build failure when a local macro is defined Mauro Carvalho Chehab <mchehab(a)s-opensource.com> media: siano: get rid of __le32/__le16 cast warnings Jakub Kicinski <jakub.kicinski(a)netronome.com> bpf: fix references to free_bpf_prog_info() in comments Dan Carpenter <dan.carpenter(a)oracle.com> scsi: megaraid: silence a static checker bug Wenwen Wang <wang6495(a)umn.edu> scsi: 3w-xxxx: fix a missing-check bug Wenwen Wang <wang6495(a)umn.edu> scsi: 3w-9xxx: fix a missing-check bug Thomas Richter <tmricht(a)linux.ibm.com> perf: fix invalid bit in diagnostic entry Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_sf: Add data entry sizes to sampling trailer entry Brad Love <brad(a)nextdimension.cc> media: saa7164: Fix driver name in debug output Damien Le Moal <damien.lemoal(a)wdc.com> libata: Fix command retry decision DaeRyong Jeong <threeearcat(a)gmail.com> tty: Fix data race in tty_insert_flip_string_fixed_flag Dmitry Torokhov <dtor(a)chromium.org> HID: i2c-hid: check if device is there before really probing Jonathan Neuschäfer <j.neuschaefer(a)gmx.net> powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet Luc Van Oostenryck <luc.vanoostenryck(a)gmail.com> drm/radeon: fix mode_valid's return type Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback Colin Ian King <colin.king(a)canonical.com> media: smiapp: fix timeout checking in smiapp_read_nvm Yufen Yu <yuyufen(a)huawei.com> md: fix NULL dereference of mddev->pers in remove_and_add_spares() Anson Huang <Anson.Huang(a)nxp.com> regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops Takashi Iwai <tiwai(a)suse.de> ALSA: emu10k1: Rate-limit error messages about page errors Maya Erez <merez(a)codeaurora.org> scsi: ufs: fix exception event handling Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI: pciehp: Request control of native hotplug only if supported Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc/8xx: fix invalid register expression in head_8xx.S Mathieu Malaterre <malat(a)debian.org> powerpc/powermac: Mark variable x as unused Mathieu Malaterre <malat(a)debian.org> powerpc/powermac: Add missing prototype for note_bootable_part() Mathieu Malaterre <malat(a)debian.org> powerpc/chrp/time: Make some functions static, add missing header include Mathieu Malaterre <malat(a)debian.org> powerpc/32: Add a missing include header Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for Bahamas Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for Bermuda Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for Serbia Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for Tanzania Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for Uganda Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for APL2_FCCA Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for APL13_WORLD Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for ETSI8_WORLD Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for FCC3_ETSIC Christoph Hellwig <hch(a)lst.de> PCI: Prevent sysfs disable of device while driver is attached Eyal Reizer <eyalreizer(a)gmail.com> wlcore: sdio: check for valid platform device data before suspend Ganapathi Bhat <gbhat(a)marvell.com> mwifiex: handle race during mwifiex_usb_disconnect Kai Chieh Chuang <kaichieh.chuang(a)mediatek.com> ASoC: dpcm: fix BE dai not hw_free and shutdown Kan Liang <kan.liang(a)intel.com> perf/x86/intel/uncore: Correct fixed counter index check for NHM Kan Liang <kan.liang(a)intel.com> perf/x86/intel/uncore: Correct fixed counter index check in generic code Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_detach: Fix memory, udev context and udev leak Leon Romanovsky <leonro(a)mellanox.com> RDMA/mad: Convert BUG_ONs to error flows Stewart Smith <stewart(a)linux.ibm.com> hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common() Cong Wang <xiyou.wangcong(a)gmail.com> infiniband: fix a possible use-after-free bug Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: ensure rtc_set_alarm fails when alarms are not supported Mathieu Malaterre <malat(a)debian.org> mm/slub.c: add __printf verification to slab_err() Chintan Pandya <cpandya(a)codeaurora.org> mm: vmalloc: avoid racy handling of debugobjects in vunmap Zhouyang Jia <jiazhouyang09(a)gmail.com> ALSA: fm801: add error handling for snd_ctl_add Zhouyang Jia <jiazhouyang09(a)gmail.com> ALSA: emu10k1: add error handling for snd_ctl_add Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Quiet gcc warning about maybe unused link variable Artem Savkov <asavkov(a)redhat.com> tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Fix possible double free in event_enable_trigger_func() Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Fix double free of event_trigger_data ------------- Diffstat: Makefile | 4 +- arch/microblaze/boot/Makefile | 10 +++-- arch/powerpc/kernel/head_8xx.S | 2 +- arch/powerpc/kernel/pci_32.c | 1 + arch/powerpc/platforms/chrp/time.c | 6 ++- arch/powerpc/platforms/embedded6xx/hlwd-pic.c | 5 +++ arch/powerpc/platforms/powermac/bootx_init.c | 4 +- arch/powerpc/platforms/powermac/setup.c | 1 + arch/s390/include/asm/cpu_mf.h | 6 ++- arch/x86/kernel/cpu/perf_event_intel_uncore.c | 2 +- .../x86/kernel/cpu/perf_event_intel_uncore_nhmex.c | 2 +- crypto/authenc.c | 1 + crypto/authencesn.c | 1 + drivers/acpi/pci_root.c | 4 +- drivers/ata/libata-eh.c | 12 ++++-- drivers/char/random.c | 10 ++++- drivers/crypto/padlock-aes.c | 8 +++- drivers/gpu/drm/gma500/psb_intel_drv.h | 2 +- drivers/gpu/drm/gma500/psb_intel_lvds.c | 2 +- drivers/gpu/drm/radeon/radeon_connectors.c | 10 ++--- drivers/hid/i2c-hid/i2c-hid.c | 8 ++++ drivers/infiniband/core/mad.c | 11 +++-- drivers/infiniband/core/ucma.c | 6 ++- drivers/md/md.c | 3 ++ drivers/media/common/siano/smsendian.c | 14 +++---- drivers/media/i2c/smiapp/smiapp-core.c | 11 +++-- drivers/media/pci/saa7164/saa7164-fw.c | 3 +- drivers/media/platform/omap3isp/isp.c | 7 ++-- drivers/media/radio/si470x/radio-si470x-i2c.c | 6 +-- drivers/net/can/usb/ems_usb.c | 1 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/wireless/ath/regd.h | 5 +++ drivers/net/wireless/ath/regd_common.h | 13 ++++++ drivers/net/wireless/mwifiex/usb.c | 3 ++ drivers/net/wireless/rsi/rsi_91x_sdio.c | 2 - drivers/net/wireless/ti/wlcore/sdio.c | 5 +++ drivers/net/xen-netfront.c | 6 +++ drivers/pci/pci-sysfs.c | 15 ++++--- drivers/regulator/pfuze100-regulator.c | 1 + drivers/rtc/interface.c | 5 +++ drivers/scsi/3w-9xxx.c | 5 +++ drivers/scsi/3w-xxxx.c | 3 ++ drivers/scsi/megaraid.c | 3 ++ drivers/scsi/qla2xxx/qla_init.c | 7 ++-- drivers/scsi/qla2xxx/qla_os.c | 5 ++- drivers/scsi/sg.c | 1 + drivers/scsi/ufs/ufshcd.c | 2 + drivers/tty/hvc/hvc_opal.c | 1 - drivers/tty/pty.c | 3 ++ drivers/usb/core/hub.c | 4 ++ drivers/virtio/virtio_balloon.c | 2 + fs/jfs/xattr.c | 10 +++-- fs/squashfs/block.c | 2 + fs/squashfs/cache.c | 3 ++ fs/squashfs/file.c | 8 +++- fs/squashfs/fragment.c | 17 ++++---- fs/squashfs/squashfs_fs.h | 6 +++ fs/squashfs/squashfs_fs_sb.h | 1 + fs/squashfs/super.c | 5 ++- include/linux/ring_buffer.h | 1 + include/net/tcp.h | 2 +- kernel/bpf/verifier.c | 4 +- kernel/trace/ring_buffer.c | 16 ++++++++ kernel/trace/trace.c | 6 +++ kernel/trace/trace_events_trigger.c | 18 +++++--- kernel/trace/trace_kprobe.c | 15 ++++++- mm/slub.c | 2 +- mm/vmalloc.c | 3 +- net/dsa/slave.c | 6 +++ net/ipv4/fib_frontend.c | 4 +- net/ipv4/inet_fragment.c | 10 ++--- net/ipv4/ipconfig.c | 13 ++++++ net/ipv4/tcp_dctcp.c | 4 +- net/ipv4/tcp_input.c | 48 +++++++++++----------- sound/pci/emu10k1/emupcm.c | 4 +- sound/pci/emu10k1/memory.c | 6 +-- sound/pci/fm801.c | 16 ++++++-- sound/pci/hda/patch_ca0132.c | 8 +++- sound/soc/soc-pcm.c | 6 ++- sound/usb/pcm.c | 2 +- tools/usb/usbip/src/usbip_detach.c | 9 ++-- 81 files changed, 366 insertions(+), 145 deletions(-)

7 years, 1 month

4
84
0 0

[PATCH v2] RDMA/rxe: Set wqe->status correctly if an unexpected response is received

by Bart Van Assche

Every function that returns COMPST_ERROR must set wqe->status to another value than IB_WC_SUCCESS before returning COMPST_ERROR. Fix the only code path for which this is not yet the case. Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Zhu Yanjun <yanjun.zhu(a)oracle.com> Cc: Jianchao Wang <jianchao.w.wang(a)oracle.com> Cc: Yuval Shaia <yuval.shaia(a)oracle.com> Cc: <stable(a)vger.kernel.org> --- Changes compared to v1: left out a pr_err() statement as requested by Jason. drivers/infiniband/sw/rxe/rxe_comp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/infiniband/sw/rxe/rxe_comp.c b/drivers/infiniband/sw/rxe/rxe_comp.c index 98d470d1f3fc..83311dd07019 100644 --- a/drivers/infiniband/sw/rxe/rxe_comp.c +++ b/drivers/infiniband/sw/rxe/rxe_comp.c @@ -276,6 +276,7 @@ static inline enum comp_state check_ack(struct rxe_qp *qp, case IB_OPCODE_RC_RDMA_READ_RESPONSE_MIDDLE: if (wqe->wr.opcode != IB_WR_RDMA_READ && wqe->wr.opcode != IB_WR_RDMA_READ_WITH_INV) { + wqe->status = IB_WC_FATAL_ERR; return COMPST_ERROR; } reset_retry_counters(qp); -- 2.17.1

7 years, 1 month

4
5
0 0

[PATCH 4.14 00/21] 4.14.62-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.62 release. There are 21 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 9 17:23:22 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.62-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.62-rc1 Shankara Pailoor <shankarapailoor(a)gmail.com> jfs: Fix inconsistency between memory allocation and ea_buf->max_size Eric Sandeen <sandeen(a)sandeen.net> xfs: don't call xfs_da_shrink_inode with NULL bp Dave Chinner <dchinner(a)redhat.com> xfs: validate cached inodes are free when allocated Dave Chinner <dchinner(a)redhat.com> xfs: catch inode allocation state mismatch corruption Len Brown <len.brown(a)intel.com> intel_idle: Graceful probe failure when MWAIT is disabled James Smart <jsmart2021(a)gmail.com> nvmet-fc: fix target sgl list on large transfers Keith Busch <keith.busch(a)intel.com> nvme-pci: Fix queue double allocations Sagi Grimberg <sagi(a)grimberg.me> nvme-pci: allocate device queues storage space at probe Filipe Manana <fdmanana(a)suse.com> Btrfs: fix file data corruption after cloning a range and fsync Esben Haabendal <eha(a)deif.com> i2c: imx: Fix reinit_completion() use Masami Hiramatsu <mhiramat(a)kernel.org> ring_buffer: tracing: Inherit the tracing setting to next ring buffer Vitaly Kuznetsov <vkuznets(a)redhat.com> ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle Theodore Ts'o <tytso(a)mit.edu> ext4: fix false negatives *and* false positives in ext4_check_descriptors() Dmitry Safonov <dima(a)arista.com> netlink: Don't shift on 64 for ngroups Frederic Weisbecker <frederic(a)kernel.org> nohz: Fix missing tick reprogram when interrupting an inline softirq Anna-Maria Gleixner <anna-maria(a)linutronix.de> nohz: Fix local_timer_softirq_pending() Thomas Gleixner <tglx(a)linutronix.de> genirq: Make force irq threading setup more robust Anil Gurumurthy <anil.gurumurthy(a)cavium.com> scsi: qla2xxx: Return error when TMF returns Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix ISP recovery on unload Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix unintialized List head crash ------------- Diffstat: Makefile | 4 +-- drivers/i2c/busses/i2c-imx.c | 3 +- drivers/idle/intel_idle.c | 7 ++++- drivers/nvme/host/pci.c | 64 +++++++++++++++++---------------------- drivers/nvme/target/fc.c | 44 +++++++++++++++++++++------ drivers/pci/pci-acpi.c | 2 +- drivers/scsi/qla2xxx/qla_attr.c | 1 + drivers/scsi/qla2xxx/qla_gbl.h | 1 + drivers/scsi/qla2xxx/qla_gs.c | 4 +++ drivers/scsi/qla2xxx/qla_init.c | 7 ++--- drivers/scsi/qla2xxx/qla_inline.h | 2 ++ drivers/scsi/qla2xxx/qla_mid.c | 5 +++ drivers/scsi/qla2xxx/qla_os.c | 7 +++-- fs/btrfs/extent_io.c | 3 ++ fs/ext4/super.c | 4 +-- fs/jfs/xattr.c | 10 +++--- fs/xfs/libxfs/xfs_attr_leaf.c | 5 ++- fs/xfs/xfs_icache.c | 58 ++++++++++++++++++++++++++++++----- include/linux/ring_buffer.h | 1 + kernel/irq/manage.c | 9 +++++- kernel/softirq.c | 2 +- kernel/time/tick-sched.c | 2 +- kernel/trace/ring_buffer.c | 16 ++++++++++ kernel/trace/trace.c | 6 ++++ net/netlink/af_netlink.c | 4 +-- 25 files changed, 192 insertions(+), 79 deletions(-)

7 years, 1 month

4
23
0 0

[PATCH 4.9 00/17] 4.9.119-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.119 release. There are 17 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 9 17:23:30 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.119-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.119-rc1 Shankara Pailoor <shankarapailoor(a)gmail.com> jfs: Fix inconsistency between memory allocation and ea_buf->max_size Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values Kees Cook <keescook(a)chromium.org> fork: unconditionally clear stack on fork Konstantin Khlebnikov <khlebnikov(a)yandex-team.ru> kmemleak: clear stale pointers from task stacks Eric Dumazet <edumazet(a)google.com> tcp: add tcp_ooo_try_coalesce() helper Filipe Manana <fdmanana(a)suse.com> Btrfs: fix file data corruption after cloning a range and fsync Esben Haabendal <eha(a)deif.com> i2c: imx: Fix reinit_completion() use Masami Hiramatsu <mhiramat(a)kernel.org> ring_buffer: tracing: Inherit the tracing setting to next ring buffer Vitaly Kuznetsov <vkuznets(a)redhat.com> ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle Theodore Ts'o <tytso(a)mit.edu> ext4: fix false negatives *and* false positives in ext4_check_descriptors() Dmitry Safonov <dima(a)arista.com> netlink: Don't shift on 64 for ngroups Dmitry Safonov <dima(a)arista.com> netlink: Don't shift with UB on nlk->ngroups Dmitry Safonov <dima(a)arista.com> netlink: Do not subscribe to non-existent groups Anna-Maria Gleixner <anna-maria(a)linutronix.de> nohz: Fix local_timer_softirq_pending() Thomas Gleixner <tglx(a)linutronix.de> genirq: Make force irq threading setup more robust Anil Gurumurthy <anil.gurumurthy(a)cavium.com> scsi: qla2xxx: Return error when TMF returns Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix ISP recovery on unload ------------- Diffstat: Makefile | 4 ++-- drivers/i2c/busses/i2c-imx.c | 3 +-- drivers/infiniband/hw/hfi1/rc.c | 2 +- drivers/infiniband/hw/hfi1/uc.c | 4 ++-- drivers/infiniband/hw/hfi1/ud.c | 4 ++-- drivers/infiniband/hw/hfi1/verbs_txreq.c | 4 ++-- drivers/infiniband/hw/hfi1/verbs_txreq.h | 4 ++-- drivers/pci/pci-acpi.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 7 +++---- drivers/scsi/qla2xxx/qla_os.c | 5 +++-- fs/btrfs/extent_io.c | 3 +++ fs/ext4/super.c | 4 ++-- fs/jfs/xattr.c | 10 ++++++---- include/linux/ring_buffer.h | 1 + include/linux/thread_info.h | 7 +------ kernel/fork.c | 3 +++ kernel/irq/manage.c | 9 ++++++++- kernel/time/tick-sched.c | 2 +- kernel/trace/ring_buffer.c | 16 ++++++++++++++++ kernel/trace/trace.c | 6 ++++++ net/ipv4/tcp_input.c | 23 +++++++++++++++++++++-- net/netlink/af_netlink.c | 5 +++++ 22 files changed, 92 insertions(+), 36 deletions(-)

7 years, 1 month

5
20
0 0

[PATCH 4.4 00/12] 4.4.147-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.147 release. There are 12 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 9 17:23:34 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.147-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.147-rc1 Shankara Pailoor <shankarapailoor(a)gmail.com> jfs: Fix inconsistency between memory allocation and ea_buf->max_size Esben Haabendal <eha(a)deif.com> i2c: imx: Fix reinit_completion() use Masami Hiramatsu <mhiramat(a)kernel.org> ring_buffer: tracing: Inherit the tracing setting to next ring buffer Vitaly Kuznetsov <vkuznets(a)redhat.com> ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle Theodore Ts'o <tytso(a)mit.edu> ext4: fix false negatives *and* false positives in ext4_check_descriptors() Dmitry Safonov <dima(a)arista.com> netlink: Don't shift on 64 for ngroups Dmitry Safonov <dima(a)arista.com> netlink: Don't shift with UB on nlk->ngroups Dmitry Safonov <dima(a)arista.com> netlink: Do not subscribe to non-existent groups Anna-Maria Gleixner <anna-maria(a)linutronix.de> nohz: Fix local_timer_softirq_pending() Thomas Gleixner <tglx(a)linutronix.de> genirq: Make force irq threading setup more robust Anil Gurumurthy <anil.gurumurthy(a)cavium.com> scsi: qla2xxx: Return error when TMF returns Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix ISP recovery on unload ------------- Diffstat: Makefile | 4 ++-- drivers/i2c/busses/i2c-imx.c | 3 +-- drivers/pci/pci-acpi.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 7 +++---- drivers/scsi/qla2xxx/qla_os.c | 5 +++-- fs/ext4/super.c | 4 ++-- fs/jfs/xattr.c | 10 ++++++---- include/linux/ring_buffer.h | 1 + kernel/irq/manage.c | 9 ++++++++- kernel/time/tick-sched.c | 2 +- kernel/trace/ring_buffer.c | 16 ++++++++++++++++ kernel/trace/trace.c | 6 ++++++ net/netlink/af_netlink.c | 5 +++++ 13 files changed, 55 insertions(+), 19 deletions(-)

7 years, 1 month

5
15
0 0

[PATCH v4 2/2] block: Ensure that a request queue is dissociated from the cgroup controller

by Bart Van Assche

Several block drivers call alloc_disk() followed by put_disk() if something fails before device_add_disk() is called without calling blk_cleanup_queue(). Make sure that also for this scenario a request queue is dissociated from the cgroup controller. This patch avoids that loading the parport_pc, paride and pf drivers triggers the following kernel crash: BUG: KASAN: null-ptr-deref in pi_init+0x42e/0x580 [paride] Read of size 4 at addr 0000000000000008 by task modprobe/744 Call Trace: dump_stack+0x9a/0xeb kasan_report+0x139/0x350 pi_init+0x42e/0x580 [paride] pf_init+0x2bb/0x1000 [pf] do_one_initcall+0x8e/0x405 do_init_module+0xd9/0x2f2 load_module+0x3ab4/0x4700 SYSC_finit_module+0x176/0x1a0 do_syscall_64+0xee/0x2b0 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Reported-by: Alexandru Moise <00moses.alexander00(a)gmail.com> Fixes: a063057d7c73 ("block: Fix a race between request queue removal and the block cgroup controller") # v4.17 Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Tested-by: Alexandru Moise <00moses.alexander00(a)gmail.com> Cc: Tejun Heo <tj(a)kernel.org> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Ming Lei <ming.lei(a)redhat.com> Cc: Johannes Thumshirn <jthumshirn(a)suse.de> Cc: Alexandru Moise <00moses.alexander00(a)gmail.com> Cc: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> --- block/blk-sysfs.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/block/blk-sysfs.c b/block/blk-sysfs.c index ca1984ecbdeb..26275d9babcb 100644 --- a/block/blk-sysfs.c +++ b/block/blk-sysfs.c @@ -802,6 +802,31 @@ static void __blk_release_queue(struct work_struct *work) blk_stat_remove_callback(q, q->poll_cb); blk_stat_free_callback(q->poll_cb); + if (!blk_queue_dead(q)) { + /* + * Last reference was dropped without having called + * blk_cleanup_queue(). + */ + WARN_ONCE(blk_queue_init_done(q), + "request queue %p has been registered but blk_cleanup_queue() has not been called for that queue\n", + q); + blk_exit_queue(q); + } + +#ifdef CONFIG_BLK_CGROUP + { + struct blkcg_gq *blkg; + + rcu_read_lock(); + blkg = blkg_lookup(&blkcg_root, q); + rcu_read_unlock(); + + WARN(blkg, + "request queue %p is being released but it has not yet been removed from the blkcg controller\n", + q); + } +#endif + blk_free_queue_stats(q->stats); blk_exit_rl(q, &q->root_rl); -- 2.18.0

7 years, 1 month

4
4
0 0

[PATCH v6 0/8] powerpc/pseries: Machine check handler improvements.

by Mahesh J Salgaonkar

This patch series includes some improvement to Machine check handler for pSeries. Patch 1 fixes a buffer overrun issue if rtas extended error log size is greater than RTAS_ERROR_LOG_MAX. Patch 2 fixes an issue where machine check handler crashes kernel while accessing vmalloc-ed buffer while in nmi context. Patch 3 fixes endain bug while restoring of r3 in MCE handler. Patch 5 implements a real mode mce handler and flushes the SLBs on SLB error. Patch 6 display's the MCE error details on console. Patch 7 saves and dumps the SLB contents on SLB MCE errors to improve the debugability. Patch 8 consolidates mce early real mode handling code. Change in V6: - Introduce patch 8 to consolidate early real mode handling code. - Address Nick's comment on erroneous hunk. Change in V5: - Use min_t instead of max_t. - Fix an issue reported by kbuild test robot and address review comments. Change in V4: - Flush the SLBs in real mode mce handler to handle SLB errors for entry 0. - Allocate buffers per cpu to hold rtas error log and old slb contents. - Defer the logging of rtas error log to irq work queue. Change in V3: - Moved patch 5 to patch 2 Change in V2: - patch 3: Display additional info (NIP and task info) in MCE error details. - patch 5: Fix endain bug while restoring of r3 in MCE handler. --- Mahesh Salgaonkar (8): powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX. powerpc/pseries: Defer the logging of rtas error to irq work queue. powerpc/pseries: Fix endainness while restoring of r3 in MCE handler. powerpc/pseries: Define MCE error event section. powerpc/pseries: flush SLB contents on SLB MCE errors. powerpc/pseries: Display machine check error details. powerpc/pseries: Dump the SLB contents on SLB MCE errors. powernv/pseries: consolidate code for mce early handling. arch/powerpc/include/asm/book3s/64/mmu-hash.h | 8 + arch/powerpc/include/asm/machdep.h | 1 arch/powerpc/include/asm/paca.h | 4 arch/powerpc/include/asm/rtas.h | 116 ++++++++++++ arch/powerpc/kernel/exceptions-64s.S | 18 +- arch/powerpc/kernel/mce.c | 16 +- arch/powerpc/mm/slb.c | 63 +++++++ arch/powerpc/platforms/pseries/pseries.h | 1 arch/powerpc/platforms/pseries/ras.c | 242 +++++++++++++++++++++++-- arch/powerpc/platforms/pseries/setup.c | 27 +++ 10 files changed, 471 insertions(+), 25 deletions(-) -- Signature

7 years, 1 month

2
3
0 0

[PATCH 4.14 000/246] 4.14.60-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.60 release. There are 246 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Aug 3 16:49:18 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.60-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.60-rc1 Eric Dumazet <edumazet(a)google.com> tcp: add one more quick ack after after ECN events Yousuk Seung <ysseung(a)google.com> tcp: refactor tcp_ecn_check_ce to remove sk type cast Eric Dumazet <edumazet(a)google.com> tcp: do not aggressively quick ack after ECN events Eric Dumazet <edumazet(a)google.com> tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode Eric Dumazet <edumazet(a)google.com> tcp: do not force quickack when receiving out-of-order packets Dmitry Safonov <dima(a)arista.com> netlink: Don't shift with UB on nlk->ngroups Dmitry Safonov <dima(a)arista.com> netlink: Do not subscribe to non-existent groups Xiao Liang <xiliang(a)redhat.com> xen-netfront: wait xenbus state change when load module manually Neal Cardwell <ncardwell(a)google.com> tcp_bbr: fix bw probing to raise in-flight data for very small BDPs Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> NET: stmmac: align DMA stuff to largest cache line length Anton Vasilyev <vasilyev(a)ispras.ru> net: mdio-mux: bcm-iproc: fix wrong getter and setter pair Stefan Wahren <stefan.wahren(a)i2se.com> net: lan78xx: fix rx handling before first packet is send tangpengpeng <tangpengpeng(a)higon.com> net: fix amd-xgbe flow-control issue Gal Pressman <pressmangal(a)gmail.com> net: ena: Fix use of uninitialized DMA address bits field Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> ipv4: remove BUG_ON() from fib_compute_spec_dst Michal Vokáč <vokac.m(a)gmail.com> net: dsa: qca8k: Allow overwriting CPU port setting Michal Vokáč <vokac.m(a)gmail.com> net: dsa: qca8k: Add QCA8334 binding documentation Michal Vokáč <vokac.m(a)gmail.com> net: dsa: qca8k: Enable RXMAC when bringing up a port Michal Vokáč <vokac.m(a)gmail.com> net: dsa: qca8k: Force CPU port to its highest bandwidth Leon Romanovsky <leonro(a)mellanox.com> RDMA/uverbs: Protect from attempts to create flows on unsupported QP Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> usb: gadget: udc: renesas_usb3: should remove debugfs Chengguang Xu <cgxu(a)mykernel.net> ovl: Sync upper dirty data when syncing overlayfs Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> PCI: xgene: Remove leftover pci_scan_child_bus() call Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Assume NoCompl+ for Thunderbolt ports Theodore Ts'o <tytso(a)mit.edu> ext4: fix check to prevent initializing reserved inodes Theodore Ts'o <tytso(a)mit.edu> ext4: check for allocation block validity with block group locked Theodore Ts'o <tytso(a)mit.edu> ext4: fix inline data updates with checksums enabled Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: be more careful about metadata corruption Theodore Ts'o <tytso(a)mit.edu> random: mix rdrand with entropy sent in from userspace Greg Edwards <gedwards(a)ddn.com> block: reset bi_iter.bi_done after splitting bio Martin Wilck <mwilck(a)suse.com> blkdev: __blkdev_direct_IO_simple: fix leak in error case Martin Wilck <mwilck(a)suse.com> block: bio_iov_iter_get_pages: fix size of last iovec Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/dp/mst: Fix off-by-one typo when dump payload table Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown() José Roberto de Souza <jose.souza(a)intel.com> drm: Add DP PSR2 sink enable bit Kirill Marinushkin <k.marinushkin(a)gmail.com> ASoC: topology: Add missing clock gating parameter when parsing hw_configs Kirill Marinushkin <k.marinushkin(a)gmail.com> ASoC: topology: Fix bclk and fsync inversion in set_link_hw_format() Mauro Carvalho Chehab <mchehab(a)kernel.org> media: si470x: fix __be16 annotations Mauro Carvalho Chehab <mchehab(a)kernel.org> media: atomisp: compat32: fix __user annotations Matthew R. Ochs <mrochs(a)linux.vnet.ibm.com> scsi: cxlflash: Avoid clobbering context control register value Uma Krishnan <ukrishn(a)linux.vnet.ibm.com> scsi: cxlflash: Synchronize reset and remove ops Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs Xose Vazquez Perez <xose.vazquez(a)gmail.com> scsi: scsi_dh: replace too broad "TP9" string with the exact models Douglas Anderson <dianders(a)chromium.org> regulator: Don't return or expect -errno from of_map_mode() Suman Anna <s-anna(a)ti.com> media: omap3isp: fix unbalanced dma_iommu_mapping Tudor-Dan Ambarus <tudor.ambarus(a)microchip.com> crypto: authenc - don't leak pointers to authenc keys Tudor-Dan Ambarus <tudor.ambarus(a)microchip.com> crypto: authencesn - don't leak pointers to authenc keys Dominik Bozek <dominikx.bozek(a)intel.com> usb: hub: Don't wait for connect state at resume for powered-off ports Michal Simek <michal.simek(a)xilinx.com> microblaze: Fix simpleImage format generation Andrey Smirnov <andrew.smirnov(a)gmail.com> soc: imx: gpcv2: Do not pass static memory as platform data Douglas Anderson <dianders(a)chromium.org> serial: core: Make sure compiler barfs for 16-byte earlycon names NeilBrown <neilb(a)suse.com> staging: lustre: ldlm: free resource when ldlm_lock_create() fails. James Simmons <jsimmons(a)infradead.org> staging: lustre: llite: correct removexattr detection Stefan Wahren <stefan.wahren(a)i2se.com> staging: vchiq_core: Fix missing semaphore release in error case Ondrej Mosnáček <omosnace(a)redhat.com> audit: allow not equal op for audit by executable Siva Rebbagondla <siva.rebbagondla(a)redpinesignals.com> rsi: fix nommu_map_sg overflow kernel panic Siva Rebbagondla <siva.rebbagondla(a)redpinesignals.com> rsi: Fix 'invalid vdd' warning in mmc Chris Novakovic <chris(a)chrisn.me.uk> ipconfig: Correctly initialise ic_nameservers Luc Van Oostenryck <luc.vanoostenryck(a)gmail.com> drm/gma500: fix psb_intel_lvds_mode_valid()'s return type Vinicius Costa Gomes <vinicius.gomes(a)intel.com> igb: Fix queue selection on MAC filters on i210 Enric Balletbo i Serra <enric.balletbo(a)collabora.com> arm64: defconfig: Enable Rockchip io-domain driver Wei Xu <wxu(a)cnexlabs.com> nvme: lightnvm: add granby support Dmitry Osipenko <digetx(a)gmail.com> memory: tegra: Apply interrupts mask per SoC Dmitry Osipenko <digetx(a)gmail.com> memory: tegra: Do not handle spurious interrupts Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> delayacct: Use raw_spinlocks Thomas Gleixner <tglx(a)linutronix.de> stop_machine: Use raw spinlocks Wolfram Sang <wsa+renesas(a)sang-engineering.com> backlight: pwm_bl: Don't use GPIOF_* with gpiod_get_direction Kirill Tkhai <ktkhai(a)virtuozzo.com> fasync: Fix deadlock between task-context and interrupt-context kill_fasync() Yixun Lan <yixun.lan(a)amlogic.com> dt-bindings: net: meson-dwmac: new compatible name for AXG SoC Huazhong Tan <tanhuazhong(a)huawei.com> net: hns3: Fixes the out of bounds access in hclge_map_tqp Alexey Khoroshilov <khoroshilov(a)ispras.ru> spi: meson-spicc: Fix error handling in meson_spicc_probe() Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> dt-bindings: pinctrl: meson: add support for the Meson8m2 SoC Tobin C. Harding <me(a)tobin.cc> mmc: pwrseq: Use kmalloc_array instead of stack VLA Shawn Lin <shawn.lin(a)rock-chips.com> mmc: dw_mmc: update actual clock for mmc debugfs Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: hda/ca0132: fix build failure when a local macro is defined Satendra Singh Thakur <satendra.t(a)samsung.com> drm/atomic: Handling the case when setting old crtc for plane Mauro Carvalho Chehab <mchehab(a)kernel.org> media: siano: get rid of __le32/__le16 cast warnings Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: avoid fsync() failure caused by EAGAIN in writepage() Jakub Kicinski <jakub.kicinski(a)netronome.com> bpf: fix references to free_bpf_prog_info() in comments Bartlomiej Zolnierkiewicz <b.zolnierkie(a)samsung.com> thermal: exynos: fix setting rising_threshold for Exynos5433 Doug Oucharek <dougso(a)me.com> staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5 Doug Oucahrek <dougso(a)me.com> staging: lustre: o2iblnd: fix race at kiblnd_connect_peer Chad Dupuis <chad.dupuis(a)cavium.com> scsi: qedf: Set the UNLOADING flag when removing a vport Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: config ATA de-reset as an constrained command for v3 hw Dan Carpenter <dan.carpenter(a)oracle.com> scsi: megaraid: silence a static checker bug Wenwen Wang <wang6495(a)umn.edu> scsi: 3w-xxxx: fix a missing-check bug Wenwen Wang <wang6495(a)umn.edu> scsi: 3w-9xxx: fix a missing-check bug Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only. Thomas Richter <tmricht(a)linux.ibm.com> perf: fix invalid bit in diagnostic entry Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_sf: Add data entry sizes to sampling trailer entry Sean Lanigan <sean(a)lano.id.au> brcmfmac: Add support for bcm43364 wireless chipset Jane Wan <Jane.Wan(a)nokia.com> mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages Brad Love <brad(a)nextdimension.cc> media: saa7164: Fix driver name in debug output Sami Tolvanen <samitolvanen(a)google.com> media: media-device: fix ioctl function types Hans de Goede <hdegoede(a)redhat.com> ACPI / LPSS: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is 2 Damien Le Moal <damien.lemoal(a)wdc.com> libata: Fix command retry decision Wei Yongjun <yongjun_wei(a)trendmicro.com.cn> media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open() Florian Fainelli <f.fainelli(a)gmail.com> net: phy: phylink: Release link GPIO Marc Zyngier <marc.zyngier(a)arm.com> dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA DaeRyong Jeong <threeearcat(a)gmail.com> tty: Fix data race in tty_insert_flip_string_fixed_flag Jacob Keller <jacob.e.keller(a)intel.com> i40e: free the skb after clearing the bitlock Mathieu Malaterre <malat(a)debian.org> nvmem: properly handle returned value nvmem_reg_read Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: sh73a0: Add missing interrupt-affinity to PMU node Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: emev2: Add missing interrupt-affinity to PMU node Patrice Chotard <patrice.chotard(a)st.com> ARM: dts: stih407-pinctrl: Fix complain about IRQ_TYPE_NONE usage Thor Thayer <thor.thayer(a)linux.intel.com> EDAC, altera: Fix ARM64 build warning Dmitry Torokhov <dtor(a)chromium.org> HID: i2c-hid: check if device is there before really probing Jonathan Neuschäfer <j.neuschaefer(a)gmx.net> powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet Samuel Li <Samuel.Li(a)amd.com> drm/amdgpu: Remove VRAM from shared bo domains. Luc Van Oostenryck <luc.vanoostenryck(a)gmail.com> drm/radeon: fix mode_valid's return type Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> arm64: dts: renesas: salvator-common: use audio-graph-card for Sound Terry Junge <terry.junge(a)plantronics.com> HID: hid-plantronics: Re-resend Update to map button for PTT products Will Deacon <will.deacon(a)arm.com> arm64: cmpwait: Clear event register before arming exclusive monitor Mauro Carvalho Chehab <mchehab(a)kernel.org> media: atomisp: ov2680: don't declare unused vars Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback Grygorii Strashko <grygorii.strashko(a)ti.com> net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value Colin Ian King <colin.king(a)canonical.com> media: smiapp: fix timeout checking in smiapp_read_nvm Emil Tantilov <emil.s.tantilov(a)intel.com> ixgbevf: fix MAC address changes through ixgbevf_set_mac() Yufen Yu <yuyufen(a)huawei.com> md: fix NULL dereference of mddev->pers in remove_and_add_spares() Gioh Kim <gi-oh.kim(a)profitbricks.com> md/raid1: add error handling of read error from FailFast device Anson Huang <Anson.Huang(a)nxp.com> regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops Takashi Iwai <tiwai(a)suse.de> ALSA: emu10k1: Rate-limit error messages about page errors Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: tps65910: fix possible race condition Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: vr41xx: fix possible race condition Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: tps6586x: fix possible race condition Vic Wei <vwei(a)codeaurora.org> Bluetooth: btusb: add ID for LiteOn 04ca:301a Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/fifo/gk104-: poll for runlist update completion Jens Remus <jremus(a)linux.ibm.com> scsi: zfcp: assert that the ERP lock is held when tracing a recovery trigger Maya Erez <merez(a)codeaurora.org> scsi: ufs: fix exception event handling Subhash Jadavani <subhashj(a)codeaurora.org> scsi: ufs: ufshcd: fix possible unclocked register access Eric Biggers <ebiggers(a)google.com> fscrypt: use unbound workqueue for decryption Xi Wang <wangxi11(a)huawei.com> net: hns3: Fix the missing client list node initialization Tony Lindgren <tony(a)atomide.com> spi: Add missing pm_runtime_put_noidle() after failed get Mark Rutland <mark.rutland(a)arm.com> drivers/perf: arm-ccn: don't log to dmesg in event_init Mimi Zohar <zohar(a)linux.vnet.ibm.com> ima: based on policy verify firmware signatures (pre-allocated buffer) Xinming Hu <huxm(a)marvell.com> mwifiex: correct histogram data with appropriate index Michal Vokáč <vokac.m(a)gmail.com> net: dsa: qca8k: Add support for QCA8334 switch Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI: pciehp: Request control of native hotplug only if supported Sandipan Das <sandipan(a)linux.vnet.ibm.com> bpf: powerpc64: pad function address loads with NOPs Julia Lawall <Julia.Lawall(a)lip6.fr> pinctrl: at91-pio4: add missing of_node_put Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc/8xx: fix invalid register expression in head_8xx.S Geert Uytterhoeven <geert+renesas(a)glider.be> spi: sh-msiof: Fix setting SIRMDR1.SYNCAC to match SITMDR1.SYNCAC Mathieu Malaterre <malat(a)debian.org> powerpc: Add __printf verification to prom_printf Mathieu Malaterre <malat(a)debian.org> powerpc/powermac: Mark variable x as unused Mathieu Malaterre <malat(a)debian.org> powerpc/powermac: Add missing prototype for note_bootable_part() Mathieu Malaterre <malat(a)debian.org> powerpc/chrp/time: Make some functions static, add missing header include Mathieu Malaterre <malat(a)debian.org> powerpc/32: Add a missing include header Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for Bahamas Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for Bermuda Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for Serbia Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for Tanzania Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for Uganda Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for APL2_FCCA Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for APL13_WORLD Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for ETSI8_WORLD Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath: Add regulatory mapping for FCC3_ETSIC Keith Busch <keith.busch(a)intel.com> nvme-pci: Fix AER reset handling Jianchao Wang <jianchao.w.wang(a)oracle.com> nvme-rdma: stop admin queue before freeing it Christoph Hellwig <hch(a)lst.de> PCI: Prevent sysfs disable of device while driver is attached Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> PM / wakeup: Make s2idle_lock a RAW_SPINLOCK Scott Wood <swood(a)redhat.com> x86/microcode: Make the late update update_lock a raw lock for RT Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: Finish rescan when hit the last leaf of extent tree David Sterba <dsterba(a)suse.com> btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups Omar Sandoval <osandov(a)fb.com> Btrfs: don't BUG_ON() in btrfs_truncate_inode_items() Omar Sandoval <osandov(a)fb.com> Btrfs: don't return ino to ino cache if inode item removal fails Hans Verkuil <hans.verkuil(a)cisco.com> media: videobuf2-core: don't call memop 'finish' when queueing Ezequiel Garcia <ezequiel(a)collabora.com> media: tw686x: Fix incorrect vb2_mem_ops GFP flags Fuyun Liang <liangfuyun1(a)huawei.com> net: hns3: Fixes the init of the VALID BD info in the descriptor Eyal Reizer <eyalreizer(a)gmail.com> wlcore: sdio: check for valid platform device data before suspend Ganapathi Bhat <gbhat(a)marvell.com> mwifiex: handle race during mwifiex_usb_disconnect Vincent Palatin <vpalatin(a)chromium.org> mfd: cros_ec: Fail early if we cannot identify the EC Kai Chieh Chuang <kaichieh.chuang(a)mediatek.com> ASoC: dpcm: fix BE dai not hw_free and shutdown Jian-Hong Pan <jian-hong(a)endlessm.com> Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 Thierry Escande <thierry.escande(a)linaro.org> Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning Shaul Triebitz <shaul.triebitz(a)intel.com> iwlwifi: pcie: fix race in Rx buffer allocator Ethan Lien <ethanlien(a)synology.com> btrfs: balance dirty metadata pages in btrfs_finish_ordered_io Jan Kiszka <jan.kiszka(a)siemens.com> PCI: Fix devm_pci_alloc_host_bridge() memory leak Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: intel_pstate: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: memfd: return Kselftest Skip code for skipped tests Daniel Díaz <daniel.diaz(a)linaro.org> selftests/intel_pstate: Improve test, minor fixes Kan Liang <kan.liang(a)intel.com> perf/x86/intel/uncore: Correct fixed counter index check for NHM Kan Liang <kan.liang(a)intel.com> perf/x86/intel/uncore: Correct fixed counter index check in generic code Michael Grzeschik <m.grzeschik(a)pengutronix.de> usbip: dynamically allocate idev by nports found in sysfs Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_detach: Fix memory, udev context and udev leak Filippo Muzzini <filippo.muzzini(a)outlook.it> block, bfq: remove wrong lock in bfq_requests_merged Chao Yu <yuchao0(a)huawei.com> f2fs: fix race in between GC and atomic open Chao Yu <yuchao0(a)huawei.com> f2fs: fix to detect failure of dquot_initialize Sahitya Tummala <stummala(a)codeaurora.org> f2fs: Fix deadlock in shutdown ioctl Chao Yu <yuchao0(a)huawei.com> f2fs: fix to wait page writeback during revoking atomic write Chao Yu <yuchao0(a)huawei.com> f2fs: fix to don't trigger writeback during recovery Chao Yu <yuchao0(a)huawei.com> f2fs: fix error path of move_data_page Anatoly Pugachev <matorola(a)gmail.com> disable loading f2fs module on PAGE_SIZE > 4KB Trond Myklebust <trond.myklebust(a)hammerspace.com> pnfs: Don't release the sequence slot until we've processed layoutget on open Alexey Kodanev <alexey.kodanev(a)oracle.com> netfilter: nf_tables: check msg_type before nft_trans_set(trans) Javier González <javier(a)cnexlabs.com> lightnvm: pblk: warn in case of corrupted write buffer Leon Romanovsky <leonro(a)mellanox.com> RDMA/mad: Convert BUG_ONs to error flows Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s: Fix compiler store ordering to SLB shadow area Stewart Smith <stewart(a)linux.ibm.com> hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common() Sam Bobroff <sbobroff(a)linux.ibm.com> powerpc/eeh: Fix use-after-release of EEH driver Michal Suchanek <msuchanek(a)suse.de> powerpc/64s: Add barrier_nospec Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc/lib: Adjust .balign inside string functions for PPC32 Cong Wang <xiyou.wangcong(a)gmail.com> infiniband: fix a possible use-after-free bug Benjamin Poirier <bpoirier(a)suse.com> e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes Chengguang Xu <cgxu519(a)gmx.com> ceph: fix alignment of rasize Wang YanQing <udknight(a)gmail.com> bpf, arm32: fix inconsistent naming about emit_a32_lsr_{r64,i64} Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> printk: drop in_nmi check from printk_safe_flush_on_panic() Marco Felsch <m.felsch(a)pengutronix.de> watchdog: da9063: Fix updating timeout value Laurentiu Tudor <laurentiu.tudor(a)nxp.com> irqchip/ls-scfg-msi: Map MSIs in the iommu Jozsef Kadlecsik <kadlec(a)blackhole.kfki.hu> netfilter: ipset: List timing out entries with "timeout 1" instead of zero Florent Fourcot <florent.fourcot(a)wifirst.fr> netfilter: ipset: forbid family for hash:mac sets Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix pmu events parsing rule Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: ensure rtc_set_alarm fails when alarms are not supported Mathieu Malaterre <malat(a)debian.org> mm/slub.c: add __printf verification to slab_err() Chintan Pandya <cpandya(a)codeaurora.org> mm: vmalloc: avoid racy handling of debugobjects in vunmap Huang Ying <ying.huang(a)intel.com> mm: /proc/pid/pagemap: hide swap entries from unprivileged users Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> kernel/hung_task.c: show all hung tasks before panic Alex Williamson <alex.williamson(a)redhat.com> vfio/type1: Fix task tracking for QEMU vCPU hotplug Alex Williamson <alex.williamson(a)redhat.com> vfio/mdev: Check globally for duplicate devices Geert Uytterhoeven <geert+renesas(a)glider.be> vfio: platform: Fix reset module leak in error path Scott Mayhew <smayhew(a)redhat.com> nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY Zhouyang Jia <jiazhouyang09(a)gmail.com> ALSA: fm801: add error handling for snd_ctl_add Zhouyang Jia <jiazhouyang09(a)gmail.com> ALSA: emu10k1: add error handling for snd_ctl_add Olga Kornievskaia <olga.kornievskaia(a)gmail.com> skip LAYOUTRETURN if layout is invalid Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: fix network namespace issues with VF support Juergen Gross <jgross(a)suse.com> xen/netfront: raise max number of slots in xennet_get_responses() Mark Rutland <mark.rutland(a)arm.com> kcov: ensure irq code sees a valid area Petr Machata <petrm(a)mellanox.com> mlxsw: spectrum_switchdev: Fix port_vlan refcounting Johannes Weiner <hannes(a)cmpxchg.org> arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Quiet gcc warning about maybe unused link variable Artem Savkov <asavkov(a)redhat.com> tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure Snild Dolkow <snild(a)sony.com> kthread, tracing: Don't expose half-written comm when creating kthreads Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Fix possible double free in event_enable_trigger_func() Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Fix double free of event_trigger_data Tejun Heo <tj(a)kernel.org> delayacct: fix crash in delayacct_blkio_end() after delayacct init failure Shakeel Butt <shakeelb(a)google.com> kvm, mm: account shadow page tables to kmemcg KT Liao <kt.liao(a)emc.com.tw> Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST Chen-Yu Tsai <wens(a)csie.org> Input: i8042 - add Lenovo LaVie Z to the i8042 reset list Donald Shanty III <dshanty(a)protonmail.com> Input: elan_i2c - add ACPI ID for lenovo ideapad 330 Marek Szyprowski <m.szyprowski(a)samsung.com> spi: spi-s3c64xx: Fix system resume support Andrew Morton <akpm(a)linux-foundation.org> drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4 Bart Van Assche <bart.vanassche(a)wdc.com> IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write() Andrew Morton <akpm(a)linux-foundation.org> drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4 Bart Van Assche <bart.vanassche(a)wdc.com> RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access Lixin Wang <alan.1.wang(a)nokia-sbell.com> i2c: core: decrease reference count of device node in i2c_unregister_device Kees Cook <keescook(a)chromium.org> fork: unconditionally clear stack on fork ------------- Diffstat: .../devicetree/bindings/net/dsa/qca8k.txt | 23 ++++- .../devicetree/bindings/net/meson-dwmac.txt | 1 + .../devicetree/bindings/pinctrl/meson,pinctrl.txt | 2 + Documentation/vfio-mediated-device.txt | 5 + Makefile | 4 +- arch/arm/boot/dts/emev2.dtsi | 5 +- arch/arm/boot/dts/sh73a0.dtsi | 5 +- arch/arm/boot/dts/stih407-pinctrl.dtsi | 10 +- arch/arm/net/bpf_jit_32.c | 10 +- arch/arm64/boot/dts/renesas/salvator-common.dtsi | 38 ++++--- arch/arm64/configs/defconfig | 2 + arch/arm64/include/asm/cmpxchg.h | 4 +- arch/arm64/mm/init.c | 4 +- arch/microblaze/boot/Makefile | 10 +- arch/powerpc/include/asm/barrier.h | 15 +++ arch/powerpc/include/asm/cache.h | 3 + arch/powerpc/kernel/eeh_driver.c | 28 ++--- arch/powerpc/kernel/head_8xx.S | 2 +- arch/powerpc/kernel/pci_32.c | 1 + arch/powerpc/kernel/prom_init.c | 114 +++++++++++---------- arch/powerpc/lib/string.S | 7 +- arch/powerpc/mm/slb.c | 8 +- arch/powerpc/net/bpf_jit_comp64.c | 34 ++++-- arch/powerpc/platforms/chrp/time.c | 6 +- arch/powerpc/platforms/embedded6xx/hlwd-pic.c | 5 + arch/powerpc/platforms/powermac/bootx_init.c | 4 +- arch/powerpc/platforms/powermac/setup.c | 1 + arch/s390/include/asm/cpu_mf.h | 6 +- arch/x86/events/intel/uncore.c | 2 +- arch/x86/events/intel/uncore_nhmex.c | 2 +- arch/x86/kernel/cpu/microcode/core.c | 6 +- arch/x86/kvm/mmu.c | 2 +- block/bfq-iosched.c | 2 - block/bio.c | 19 ++-- crypto/authenc.c | 1 + crypto/authencesn.c | 1 + drivers/acpi/acpi_lpss.c | 6 +- drivers/acpi/pci_root.c | 4 +- drivers/ata/libata-eh.c | 12 ++- drivers/bluetooth/btusb.c | 4 + drivers/bluetooth/hci_qca.c | 2 +- drivers/bus/arm-ccn.c | 20 ++-- drivers/char/random.c | 10 +- drivers/edac/altera_edac.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 8 +- drivers/gpu/drm/drm_atomic.c | 4 +- drivers/gpu/drm/drm_atomic_helper.c | 78 +++++++------- drivers/gpu/drm/drm_dp_mst_topology.c | 9 +- drivers/gpu/drm/gma500/psb_intel_drv.h | 2 +- drivers/gpu/drm/gma500/psb_intel_lvds.c | 2 +- drivers/gpu/drm/nouveau/nvkm/engine/fifo/gk104.c | 8 +- drivers/gpu/drm/radeon/radeon_connectors.c | 10 +- drivers/hid/hid-plantronics.c | 6 +- drivers/hid/i2c-hid/i2c-hid.c | 8 ++ drivers/i2c/i2c-core-base.c | 5 +- drivers/infiniband/core/mad.c | 11 +- drivers/infiniband/core/ucma.c | 6 +- drivers/infiniband/core/uverbs_cmd.c | 5 + drivers/infiniband/core/verbs.c | 12 ++- drivers/infiniband/ulp/srpt/ib_srpt.c | 16 +-- drivers/input/mouse/elan_i2c_core.c | 2 + drivers/input/serio/i8042-x86ia64io.h | 7 ++ drivers/irqchip/irq-ls-scfg-msi.c | 3 + drivers/lightnvm/pblk-rb.c | 5 +- drivers/md/md.c | 3 + drivers/md/raid1.c | 2 + drivers/media/common/siano/smsendian.c | 14 +-- drivers/media/i2c/smiapp/smiapp-core.c | 11 +- drivers/media/media-device.c | 21 ++-- drivers/media/pci/saa7164/saa7164-fw.c | 3 +- drivers/media/pci/tw686x/tw686x-video.c | 3 +- drivers/media/platform/omap3isp/isp.c | 7 +- drivers/media/platform/rcar_jpu.c | 4 +- drivers/media/radio/si470x/radio-si470x-i2c.c | 6 +- drivers/media/v4l2-core/videobuf2-core.c | 9 +- drivers/memory/tegra/mc.c | 22 +--- drivers/memory/tegra/mc.h | 9 ++ drivers/memory/tegra/tegra114.c | 2 + drivers/memory/tegra/tegra124.c | 6 ++ drivers/memory/tegra/tegra210.c | 3 + drivers/memory/tegra/tegra30.c | 2 + drivers/mfd/cros_ec.c | 6 +- drivers/mmc/core/pwrseq_simple.c | 14 ++- drivers/mmc/host/dw_mmc.c | 4 + drivers/mtd/nand/fsl_ifc_nand.c | 17 +-- drivers/net/dsa/qca8k.c | 52 +++++++++- drivers/net/dsa/qca8k.h | 7 +- drivers/net/ethernet/amazon/ena/ena_com.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 4 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 3 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 7 +- .../net/ethernet/hisilicon/hns3/hns3pf/hns3_enet.c | 4 + drivers/net/ethernet/intel/e1000e/netdev.c | 15 ++- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 7 +- drivers/net/ethernet/intel/igb/igb_main.c | 9 +- drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 1 + .../ethernet/mellanox/mlxsw/spectrum_switchdev.c | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/ethernet/ti/cpsw-phy-sel.c | 8 +- drivers/net/hyperv/hyperv_net.h | 2 + drivers/net/hyperv/netvsc_drv.c | 43 ++++---- drivers/net/phy/mdio-mux-bcm-iproc.c | 2 +- drivers/net/phy/phylink.c | 2 + drivers/net/usb/lan78xx.c | 2 + drivers/net/wireless/ath/regd.h | 5 + drivers/net/wireless/ath/regd_common.h | 13 +++ .../wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 1 + drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 2 + drivers/net/wireless/marvell/mwifiex/usb.c | 3 + drivers/net/wireless/marvell/mwifiex/util.c | 8 +- drivers/net/wireless/rsi/rsi_91x_hal.c | 35 ++++--- drivers/net/wireless/rsi/rsi_91x_sdio.c | 23 +++-- drivers/net/wireless/rsi/rsi_sdio.h | 2 +- drivers/net/wireless/ti/wlcore/sdio.c | 5 + drivers/net/xen-netfront.c | 10 +- drivers/nvme/host/pci.c | 5 + drivers/nvme/host/rdma.c | 10 +- drivers/nvmem/core.c | 7 ++ drivers/pci/host/pci-xgene.c | 1 - drivers/pci/hotplug/pciehp_hpc.c | 7 ++ drivers/pci/pci-sysfs.c | 15 +-- drivers/pci/probe.c | 4 +- drivers/pinctrl/pinctrl-at91-pio4.c | 4 +- drivers/regulator/cpcap-regulator.c | 2 +- drivers/regulator/of_regulator.c | 13 +-- drivers/regulator/pfuze100-regulator.c | 1 + drivers/regulator/twl-regulator.c | 2 +- drivers/rtc/interface.c | 5 + drivers/rtc/rtc-tps6586x.c | 14 ++- drivers/rtc/rtc-tps65910.c | 12 ++- drivers/rtc/rtc-vr41xx.c | 9 +- drivers/s390/scsi/zfcp_dbf.c | 2 + drivers/scsi/3w-9xxx.c | 5 + drivers/scsi/3w-xxxx.c | 3 + drivers/scsi/cxlflash/main.c | 11 +- drivers/scsi/cxlflash/sislite.h | 1 + drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 11 +- drivers/scsi/megaraid.c | 3 + drivers/scsi/megaraid/megaraid_sas_fusion.c | 3 + drivers/scsi/qedf/qedf_main.c | 10 ++ drivers/scsi/scsi_dh.c | 5 +- drivers/scsi/ufs/ufshcd.c | 28 +++-- drivers/soc/imx/gpcv2.c | 22 ++-- drivers/spi/spi-meson-spicc.c | 11 +- drivers/spi/spi-s3c64xx.c | 4 +- drivers/spi/spi-sh-msiof.c | 6 +- drivers/spi/spi.c | 1 + .../staging/lustre/lnet/klnds/o2iblnd/o2iblnd.c | 2 +- .../staging/lustre/lnet/klnds/o2iblnd/o2iblnd_cb.c | 30 +++--- drivers/staging/lustre/lustre/ldlm/ldlm_lock.c | 6 +- drivers/staging/lustre/lustre/llite/xattr.c | 6 +- drivers/staging/media/atomisp/i2c/ov2680.c | 6 +- .../atomisp/pci/atomisp2/atomisp_compat_ioctl32.c | 49 ++++----- .../vc04_services/interface/vchiq_arm/vchiq_core.c | 1 + drivers/thermal/samsung/exynos_tmu.c | 1 + drivers/tty/hvc/hvc_opal.c | 1 - drivers/tty/pty.c | 3 + drivers/usb/core/hub.c | 4 + drivers/usb/gadget/udc/renesas_usb3.c | 8 +- drivers/vfio/mdev/mdev_core.c | 102 +++++++----------- drivers/vfio/mdev/mdev_private.h | 2 +- drivers/vfio/platform/vfio_platform_common.c | 15 ++- drivers/vfio/vfio_iommu_type1.c | 73 ++++++++----- drivers/video/backlight/pwm_bl.c | 6 +- drivers/watchdog/da9063_wdt.c | 17 ++- fs/block_dev.c | 9 +- fs/btrfs/inode.c | 33 +++--- fs/btrfs/qgroup.c | 19 ++++ fs/btrfs/tree-log.c | 10 +- fs/ceph/super.c | 2 +- fs/crypto/crypto.c | 11 +- fs/ext4/balloc.c | 3 + fs/ext4/ialloc.c | 8 +- fs/ext4/inline.c | 19 ++-- fs/ext4/inode.c | 16 ++- fs/ext4/super.c | 8 +- fs/f2fs/data.c | 8 +- fs/f2fs/file.c | 18 +++- fs/f2fs/gc.c | 11 +- fs/f2fs/segment.c | 5 + fs/f2fs/super.c | 6 ++ fs/fcntl.c | 15 ++- fs/nfs/nfs4proc.c | 14 ++- fs/nfs/pnfs.c | 6 +- fs/nfsd/nfs4xdr.c | 2 + fs/overlayfs/super.c | 19 +++- fs/proc/task_mmu.c | 26 +++-- fs/squashfs/cache.c | 3 + fs/squashfs/file.c | 8 +- fs/squashfs/fragment.c | 4 +- fs/squashfs/squashfs_fs.h | 6 ++ include/drm/drm_dp_helper.h | 1 + include/linux/delayacct.h | 4 +- include/linux/dma-iommu.h | 1 + include/linux/fs.h | 2 +- include/linux/mmc/sdio_ids.h | 1 + include/linux/netfilter/ipset/ip_set_timeout.h | 10 +- include/linux/regulator/consumer.h | 1 + include/linux/serial_core.h | 3 +- include/linux/thread_info.h | 6 +- include/net/tcp.h | 2 +- include/soc/tegra/mc.h | 2 + include/uapi/sound/asoc.h | 23 ++++- kernel/auditfilter.c | 2 +- kernel/auditsc.c | 2 + kernel/bpf/verifier.c | 4 +- kernel/delayacct.c | 17 +-- kernel/fork.c | 3 +- kernel/hung_task.c | 11 +- kernel/kcov.c | 3 +- kernel/kthread.c | 8 +- kernel/power/suspend.c | 14 +-- kernel/printk/printk_safe.c | 2 +- kernel/stop_machine.c | 24 ++--- kernel/trace/trace_events_trigger.c | 18 +++- kernel/trace/trace_kprobe.c | 15 ++- mm/slub.c | 2 +- mm/vmalloc.c | 3 +- net/ipv4/fib_frontend.c | 4 +- net/ipv4/ipconfig.c | 13 +++ net/ipv4/tcp_bbr.c | 4 + net/ipv4/tcp_dctcp.c | 4 +- net/ipv4/tcp_input.c | 48 ++++----- net/netfilter/ipset/ip_set_hash_gen.h | 5 +- net/netfilter/nf_tables_api.c | 11 +- net/netlink/af_netlink.c | 5 + security/integrity/ima/ima_main.c | 1 + sound/pci/emu10k1/emupcm.c | 4 +- sound/pci/emu10k1/memory.c | 6 +- sound/pci/fm801.c | 16 ++- sound/pci/hda/patch_ca0132.c | 8 +- sound/soc/soc-pcm.c | 6 +- sound/soc/soc-topology.c | 19 +++- sound/usb/pcm.c | 2 +- tools/perf/util/parse-events.y | 14 ++- tools/testing/selftests/intel_pstate/run.sh | 29 +++--- tools/testing/selftests/memfd/run_tests.sh | 14 ++- tools/usb/usbip/libsrc/vhci_driver.c | 32 +++--- tools/usb/usbip/libsrc/vhci_driver.h | 3 +- tools/usb/usbip/src/usbip_detach.c | 9 +- 240 files changed, 1573 insertions(+), 835 deletions(-)

7 years, 1 month

6
239
0 0

need your reply

by Julian Jones

You have needs for image editing for our studio? Our studio does different image editing for e-commerce photos, jewelry images, and portrait mages. It includes cutting out and clipping path and the others, like retouching etc. Drop us a photo, testing will be provided. Thanks, Julian

7 years, 1 month

1
0
0 0

Applied "ASoC: wm_adsp: Correct DSP pointer for preloader control" to the asoc tree

by Mark Brown

The patch ASoC: wm_adsp: Correct DSP pointer for preloader control has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From b1470d4ce77c2d60661c7d5325d4fb8063e15ff8 Mon Sep 17 00:00:00 2001 From: Ajit Pandey <ajit.pandey(a)cirrus.com> Date: Tue, 7 Aug 2018 18:30:42 +0100 Subject: [PATCH] ASoC: wm_adsp: Correct DSP pointer for preloader control The offset of the DSP core needs to be taken into account for the DSP preloader control get and put. Currently the dsp->preloaded variable will only ever be read/updated on the first DSP, whilst this doesn't affect the operation of the control the readback will be incorrect. Signed-off-by: Ajit Pandey <ajit.pandey(a)cirrus.com> Signed-off-by: Charles Keepax <ckeepax(a)opensource.cirrus.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- sound/soc/codecs/wm_adsp.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sound/soc/codecs/wm_adsp.c b/sound/soc/codecs/wm_adsp.c index 4e7f8525449e..08dc82770273 100644 --- a/sound/soc/codecs/wm_adsp.c +++ b/sound/soc/codecs/wm_adsp.c @@ -2643,7 +2643,10 @@ int wm_adsp2_preloader_get(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_value *ucontrol) { struct snd_soc_component *component = snd_soc_kcontrol_component(kcontrol); - struct wm_adsp *dsp = snd_soc_component_get_drvdata(component); + struct wm_adsp *dsps = snd_soc_component_get_drvdata(component); + struct soc_mixer_control *mc = + (struct soc_mixer_control *)kcontrol->private_value; + struct wm_adsp *dsp = &dsps[mc->shift - 1]; ucontrol->value.integer.value[0] = dsp->preloaded; @@ -2655,10 +2658,11 @@ int wm_adsp2_preloader_put(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_value *ucontrol) { struct snd_soc_component *component = snd_soc_kcontrol_component(kcontrol); - struct wm_adsp *dsp = snd_soc_component_get_drvdata(component); + struct wm_adsp *dsps = snd_soc_component_get_drvdata(component); struct snd_soc_dapm_context *dapm = snd_soc_component_get_dapm(component); struct soc_mixer_control *mc = (struct soc_mixer_control *)kcontrol->private_value; + struct wm_adsp *dsp = &dsps[mc->shift - 1]; char preload[32]; snprintf(preload, ARRAY_SIZE(preload), "DSP%u Preload", mc->shift); -- 2.18.0

7 years, 1 month

1
0
0 0

editing the images

by Julian Jones

You have needs for image editing for our studio? Our studio does different image editing for e-commerce photos, jewelry images, and portrait mages. It includes cutting out and clipping path and the others, like retouching etc. Drop us a photo, testing will be provided. Thanks, Julian

7 years, 1 month

1
0
0 0

[PATCH v3 1/2] powerpc/fadump: handle crash memory ranges array index overflow

by Hari Bathini

Crash memory ranges is an array of memory ranges of the crashing kernel to be exported as a dump via /proc/vmcore file. The size of the array is set based on INIT_MEMBLOCK_REGIONS, which works alright in most cases where memblock memory regions count is less than INIT_MEMBLOCK_REGIONS value. But this count can grow beyond INIT_MEMBLOCK_REGIONS value since commit 142b45a72e22 ("memblock: Add array resizing support"). On large memory systems with a few DLPAR operations, the memblock memory regions count could be larger than INIT_MEMBLOCK_REGIONS value. On such systems, registering fadump results in crash or other system failures like below: task: c00007f39a290010 ti: c00000000b738000 task.ti: c00000000b738000 NIP: c000000000047df4 LR: c0000000000f9e58 CTR: c00000000010f180 REGS: c00000000b73b570 TRAP: 0300 Tainted: G L X (4.4.140+) MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 22004484 XER: 20000000 CFAR: c000000000008500 DAR: 000007a450000000 DSISR: 40000000 SOFTE: 0 GPR00: c0000000000f9e58 c00000000b73b7f0 c000000000f09a00 000000000000001a GPR04: c00007f3bf774c90 0000000000000004 c000000000eb9a00 0000000000000800 GPR08: 0000000000000804 000007a450000000 c000000000fa9a00 c00007ffb169ca20 GPR12: 0000000022004482 c00000000fa12c00 c00007f3a0ea97a8 0000000000000000 GPR16: c00007f3a0ea9a50 c00000000b73bd60 0000000000000118 000000000001fe80 GPR20: 0000000000000118 0000000000000000 c000000000b8c980 00000000000000d0 GPR24: 000007ffb0b10000 c00007ffb169c980 0000000000000000 c000000000b8c980 GPR28: 0000000000000004 c00007ffb169c980 000000000000001a c00007ffb169c980 NIP [c000000000047df4] smp_send_reschedule+0x24/0x80 LR [c0000000000f9e58] resched_curr+0x138/0x160 Call Trace: [c00000000b73b7f0] [c0000000000f9e58] resched_curr+0x138/0x160 (unreliable) [c00000000b73b820] [c0000000000fb538] check_preempt_curr+0xc8/0xf0 [c00000000b73b850] [c0000000000fb598] ttwu_do_wakeup+0x38/0x150 [c00000000b73b890] [c0000000000fc9c4] try_to_wake_up+0x224/0x4d0 [c00000000b73b900] [c00000000011ef34] __wake_up_common+0x94/0x100 [c00000000b73b960] [c00000000034a78c] ep_poll_callback+0xac/0x1c0 [c00000000b73b9b0] [c00000000011ef34] __wake_up_common+0x94/0x100 [c00000000b73ba10] [c00000000011f810] __wake_up_sync_key+0x70/0xa0 [c00000000b73ba60] [c00000000067c3e8] sock_def_readable+0x58/0xa0 [c00000000b73ba90] [c0000000007848ac] unix_stream_sendmsg+0x2dc/0x4c0 [c00000000b73bb70] [c000000000675a38] sock_sendmsg+0x68/0xa0 [c00000000b73bba0] [c00000000067673c] ___sys_sendmsg+0x2cc/0x2e0 [c00000000b73bd30] [c000000000677dbc] __sys_sendmsg+0x5c/0xc0 [c00000000b73bdd0] [c0000000006789bc] SyS_socketcall+0x36c/0x3f0 [c00000000b73be30] [c000000000009488] system_call+0x3c/0x100 Instruction dump: 4e800020 60000000 60420000 3c4c00ec 38421c30 7c0802a6 f8010010 60000000 3d42000a e92ab420 2fa90000 4dde0020 <e9290000> 2fa90000 419e0044 7c0802a6 ---[ end trace a6d1dd4bab5f8253 ]--- as array index overflow is not checked for while setting up crash memory ranges causing memory corruption. To resolve this issue, dynamically allocate memory for crash memory ranges and resize it incrementally, in units of pagesize, on hitting array size limit. Fixes: 2df173d9e85d ("fadump: Initialize elfcore header and add PT_LOAD program headers.") Cc: stable(a)vger.kernel.org Cc: Mahesh Salgaonkar <mahesh(a)linux.vnet.ibm.com> Signed-off-by: Hari Bathini <hbathini(a)linux.ibm.com> Reviewed-by: Mahesh Salgaonkar <mahesh(a)linux.vnet.ibm.com> --- Changes in v3: * Included <linux/slab.h> for krelloc() arch/powerpc/include/asm/fadump.h | 4 +- arch/powerpc/kernel/fadump.c | 92 +++++++++++++++++++++++++++++++------ 2 files changed, 80 insertions(+), 16 deletions(-) diff --git a/arch/powerpc/include/asm/fadump.h b/arch/powerpc/include/asm/fadump.h index 5a23010..3abc738 100644 --- a/arch/powerpc/include/asm/fadump.h +++ b/arch/powerpc/include/asm/fadump.h @@ -195,8 +195,8 @@ struct fadump_crash_info_header { struct cpumask online_mask; }; -/* Crash memory ranges */ -#define INIT_CRASHMEM_RANGES (INIT_MEMBLOCK_REGIONS + 2) +/* Crash memory ranges size unit (pagesize) */ +#define CRASHMEM_RANGES_ALLOC_SIZE PAGE_SIZE struct fad_crash_memory_ranges { unsigned long long base; diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c index 07e8396..9f80a78 100644 --- a/arch/powerpc/kernel/fadump.c +++ b/arch/powerpc/kernel/fadump.c @@ -34,6 +34,7 @@ #include <linux/crash_dump.h> #include <linux/kobject.h> #include <linux/sysfs.h> +#include <linux/slab.h> #include <asm/debugfs.h> #include <asm/page.h> @@ -47,8 +48,10 @@ static struct fadump_mem_struct fdm; static const struct fadump_mem_struct *fdm_active; static DEFINE_MUTEX(fadump_mutex); -struct fad_crash_memory_ranges crash_memory_ranges[INIT_CRASHMEM_RANGES]; +struct fad_crash_memory_ranges *crash_memory_ranges; +int crash_memory_ranges_size; int crash_mem_ranges; +int max_crash_mem_ranges; /* Scan the Firmware Assisted dump configuration details. */ int __init early_init_dt_scan_fw_dump(unsigned long node, @@ -868,22 +871,67 @@ static int __init process_fadump(const struct fadump_mem_struct *fdm_active) return 0; } -static inline void fadump_add_crash_memory(unsigned long long base, - unsigned long long end) +static void free_crash_memory_ranges(void) +{ + kfree(crash_memory_ranges); + crash_memory_ranges = NULL; + crash_memory_ranges_size = 0; + max_crash_mem_ranges = 0; +} + +/* + * Allocate or reallocate crash memory ranges array in incremental units + * of CRASHMEM_RANGES_ALLOC_SIZE. + */ +static int allocate_crash_memory_ranges(void) +{ + u64 new_size; + struct fad_crash_memory_ranges *new_array; + + new_size = crash_memory_ranges_size + CRASHMEM_RANGES_ALLOC_SIZE; + pr_debug("Allocating %llu bytes of memory for crash memory ranges\n", + new_size); + + new_array = krealloc(crash_memory_ranges, new_size, GFP_KERNEL); + if (new_array == NULL) { + pr_err("Insufficient memory for setting up crash memory ranges\n"); + free_crash_memory_ranges(); + return -ENOMEM; + } + + crash_memory_ranges = new_array; + crash_memory_ranges_size = new_size; + max_crash_mem_ranges = (new_size / + sizeof(struct fad_crash_memory_ranges)); + return 0; +} + +static inline int fadump_add_crash_memory(unsigned long long base, + unsigned long long end) { if (base == end) - return; + return 0; + + if (crash_mem_ranges == max_crash_mem_ranges) { + int ret; + + ret = allocate_crash_memory_ranges(); + if (ret) + return ret; + } pr_debug("crash_memory_range[%d] [%#016llx-%#016llx], %#llx bytes\n", crash_mem_ranges, base, end - 1, (end - base)); crash_memory_ranges[crash_mem_ranges].base = base; crash_memory_ranges[crash_mem_ranges].size = end - base; crash_mem_ranges++; + return 0; } -static void fadump_exclude_reserved_area(unsigned long long start, +static int fadump_exclude_reserved_area(unsigned long long start, unsigned long long end) { + int ret = 0; unsigned long long ra_start, ra_end; ra_start = fw_dump.reserve_dump_area_start; @@ -891,15 +939,20 @@ static void fadump_exclude_reserved_area(unsigned long long start, if ((ra_start < end) && (ra_end > start)) { if ((start < ra_start) && (end > ra_end)) { - fadump_add_crash_memory(start, ra_start); - fadump_add_crash_memory(ra_end, end); + ret = fadump_add_crash_memory(start, ra_start); + if (ret) + return ret; + + ret = fadump_add_crash_memory(ra_end, end); } else if (start < ra_start) { - fadump_add_crash_memory(start, ra_start); + ret = fadump_add_crash_memory(start, ra_start); } else if (ra_end < end) { - fadump_add_crash_memory(ra_end, end); + ret = fadump_add_crash_memory(ra_end, end); } } else - fadump_add_crash_memory(start, end); + ret = fadump_add_crash_memory(start, end); + + return ret; } static int fadump_init_elfcore_header(char *bufp) @@ -939,8 +992,9 @@ static int fadump_init_elfcore_header(char *bufp) * Traverse through memblock structure and setup crash memory ranges. These * ranges will be used create PT_LOAD program headers in elfcore header. */ -static void fadump_setup_crash_memory_ranges(void) +static int fadump_setup_crash_memory_ranges(void) { + int ret; struct memblock_region *reg; unsigned long long start, end; @@ -953,7 +1007,9 @@ static void fadump_setup_crash_memory_ranges(void) * specified during fadump registration. We need to create a separate * program header for this chunk with the correct offset. */ - fadump_add_crash_memory(RMA_START, fw_dump.boot_memory_size); + ret = fadump_add_crash_memory(RMA_START, fw_dump.boot_memory_size); + if (ret) + return ret; for_each_memblock(memory, reg) { start = (unsigned long long)reg->base; @@ -973,8 +1029,12 @@ static void fadump_setup_crash_memory_ranges(void) } /* add this range excluding the reserved dump area. */ - fadump_exclude_reserved_area(start, end); + ret = fadump_exclude_reserved_area(start, end); + if (ret) + return ret; } + + return 0; } /* @@ -1095,6 +1155,7 @@ static unsigned long init_fadump_header(unsigned long addr) static int register_fadump(void) { + int ret; unsigned long addr; void *vaddr; @@ -1105,7 +1166,9 @@ static int register_fadump(void) if (!fw_dump.reserve_dump_area_size) return -ENODEV; - fadump_setup_crash_memory_ranges(); + ret = fadump_setup_crash_memory_ranges(); + if (ret) + return ret; addr = be64_to_cpu(fdm.rmr_region.destination_address) + be64_to_cpu(fdm.rmr_region.source_len); /* Initialize fadump crash info header. */ @@ -1183,6 +1246,7 @@ void fadump_cleanup(void) } else if (fw_dump.dump_registered) { /* Un-register Firmware-assisted dump if it was registered. */ fadump_unregister_dump(&fdm); + free_crash_memory_ranges(); } }

7 years, 1 month

1
0
0 0

AW: Kontakt

by BL Support

Guten Tag Nachdem wir Ihre Internetseite besucht und uns mit dem Angebot vertraut gemacht hatten, trafen wir die Entscheidung, die vorliegende E-Mail zu verfassen. Wir verfügen über Kontakte zu Firmen in Deutschland, die an der Aufnahme der potentiellen Zusammenarbeit mit Ihnen interessiert wären. Mithilfe unserer Tools können Sie Ihre Zielbranche schnell aufsuchen und neue Kunden erreichen. http://www.kontakt-marketing-at.net/ MfG BL-Team.

7 years, 1 month

1
0
0 0

[RESEND] requests for xfs patches inclusion in 4.14.y

by Eduardo Valentin

Greg, Please consider adding the following XFS patches on linux-4.14.y branch to fix NULL pointer dereference errors in lookup_slow() on a NULL inode->i_ops and for a corrupted xfs image after xfs_da_shrink_inode(): ee457001ed6c ("xfs: catch inode allocation state mismatch corruption") afca6c5b2595 ("xfs: validate cached inodes are free when allocated") bb3d48dcf86a ("xfs: don't call xfs_da_shrink_inode with NULL bp") Thanks. -- All the best, Eduardo Valentin

7 years, 1 month

3
4
0 0

Tom Gall <tom.gall@linaro.org>, Alistair Strachan <alistair.strachan@linaro.org>, Greg Kroah-Hartman <gregkh@google.com>, "avid S. Miller" <davem@davemloft.net>, John Stultz <john.stultz@linaro.org>, Thomas Egerer <hakke_007@gmx.de>, Herbert Xu <herbert@gondor.apana.org.au>

by Yongqin Liu

Hi, All Sorry, I am following the instructions in Documentation/networking/netdev-FAQ.txt to send out this mail, if I was wrong or there are more things I need to do, please let me know. After investigated on some failures of the android VtsKernelNetTest module test, I found that without the change of "ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV", the config of CRYPTO_ECHAINIV will be generated as m by default in the .config file, which needs more module loading process to be done. But with the 4.9 and 4.14 kernels which have the change, CRYPTO_ECHAINIV will be generated as y by default in the .config file. We could set config of CRYPTO_ECHAINIV to y explicitly to generated the correct .config file, but having the change of "ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV" cherry picked into the 4.4 stable kernel looks more like the right solution. The commit id for that change is 32b6170ca59ccf07d0e394561e54b2cd9726038c, it's already in 4.9 and 4.14 kernels, like here: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net… https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net… Could you please help to check if we could have 32b6170ca59ccf07d0e394561e54b2cd9726038c in the 4.4 stable kernel? The patch is here: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/net?… Thanks in advance! -- Best Regards, Yongqin Liu

7 years, 1 month

1
0
0 0

[PATCH v4 1/2] block: Introduce blk_exit_queue()

by Bart Van Assche

This patch does not change any functionality. Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Ming Lei <ming.lei(a)redhat.com> Cc: Omar Sandoval <osandov(a)fb.com> Cc: Johannes Thumshirn <jthumshirn(a)suse.de> Cc: Alexandru Moise <00moses.alexander00(a)gmail.com> Cc: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> --- block/blk-core.c | 54 +++++++++++++++++++++++++++--------------------- block/blk.h | 1 + 2 files changed, 31 insertions(+), 24 deletions(-) diff --git a/block/blk-core.c b/block/blk-core.c index 7c65e297a4f1..5fbfa8484c95 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -719,6 +719,35 @@ void blk_set_queue_dying(struct request_queue *q) } EXPORT_SYMBOL_GPL(blk_set_queue_dying); +/* Unconfigure the I/O scheduler and dissociate from the cgroup controller. */ +void blk_exit_queue(struct request_queue *q) +{ + /* + * Since the I/O scheduler exit code may access cgroup information, + * perform I/O scheduler exit before disassociating from the block + * cgroup controller. + */ + if (q->elevator) { + ioc_clear_queue(q); + elevator_exit(q, q->elevator); + q->elevator = NULL; + } + + /* + * Remove all references to @q from the block cgroup controller before + * restoring @q->queue_lock to avoid that restoring this pointer causes + * e.g. blkcg_print_blkgs() to crash. + */ + blkcg_exit_queue(q); + + /* + * Since the cgroup code may dereference the @q->backing_dev_info + * pointer, only decrease its reference count after having removed the + * association with the block cgroup controller. + */ + bdi_put(q->backing_dev_info); +} + /** * blk_cleanup_queue - shutdown a request queue * @q: request queue to shutdown @@ -788,30 +817,7 @@ void blk_cleanup_queue(struct request_queue *q) */ WARN_ON_ONCE(q->kobj.state_in_sysfs); - /* - * Since the I/O scheduler exit code may access cgroup information, - * perform I/O scheduler exit before disassociating from the block - * cgroup controller. - */ - if (q->elevator) { - ioc_clear_queue(q); - elevator_exit(q, q->elevator); - q->elevator = NULL; - } - - /* - * Remove all references to @q from the block cgroup controller before - * restoring @q->queue_lock to avoid that restoring this pointer causes - * e.g. blkcg_print_blkgs() to crash. - */ - blkcg_exit_queue(q); - - /* - * Since the cgroup code may dereference the @q->backing_dev_info - * pointer, only decrease its reference count after having removed the - * association with the block cgroup controller. - */ - bdi_put(q->backing_dev_info); + blk_exit_queue(q); if (q->mq_ops) blk_mq_free_queue(q); diff --git a/block/blk.h b/block/blk.h index 6adae8f94279..aeb8026f4d7b 100644 --- a/block/blk.h +++ b/block/blk.h @@ -130,6 +130,7 @@ void blk_free_flush_queue(struct blk_flush_queue *q); int blk_init_rl(struct request_list *rl, struct request_queue *q, gfp_t gfp_mask); void blk_exit_rl(struct request_queue *q, struct request_list *rl); +void blk_exit_queue(struct request_queue *q); void blk_rq_bio_prep(struct request_queue *q, struct request *rq, struct bio *bio); void blk_queue_bypass_start(struct request_queue *q); -- 2.18.0

7 years, 1 month

2
1
0 0

[PATCH] PCI: Fix bit definitions for LNKCAP2 register

by Felipe Balbi

Even thhough commit b891b4dc1eed claimed that original bit definitions were wrong, that's not really the case. After verifying PCI Specification Revisions 3.0, 3.1 and 4.0, Link Capabilites 2 Register's bit definitions were always starting from Bit 0. This has been causing issues reporting correct link speeds on sysfs. Fixes: b891b4dc1eed ("PCI: Fix bit definitions of PCI_EXP_LNKCAP2 register") Cc: <stable(a)vger.kernel.org> # v3.8+ Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> --- PCI Spec References: - 4.0 https://members.pcisig.com/wg/PCI-SIG/document/10912?downloadRevision=active - 3.1 https://members.pcisig.com/wg/PCI-SIG/document/download/8257 - 3.0 https://members.pcisig.com/wg/PCI-SIG/document/download/8265 include/uapi/linux/pci_regs.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/uapi/linux/pci_regs.h b/include/uapi/linux/pci_regs.h index 796d12910791..6ad597b3d082 100644 --- a/include/uapi/linux/pci_regs.h +++ b/include/uapi/linux/pci_regs.h @@ -652,10 +652,10 @@ #define PCI_EXP_DEVSTA2 42 /* Device Status 2 */ #define PCI_CAP_EXP_RC_ENDPOINT_SIZEOF_V2 44 /* v2 endpoints without link end here */ #define PCI_EXP_LNKCAP2 44 /* Link Capabilities 2 */ -#define PCI_EXP_LNKCAP2_SLS_2_5GB 0x00000002 /* Supported Speed 2.5GT/s */ -#define PCI_EXP_LNKCAP2_SLS_5_0GB 0x00000004 /* Supported Speed 5GT/s */ -#define PCI_EXP_LNKCAP2_SLS_8_0GB 0x00000008 /* Supported Speed 8GT/s */ -#define PCI_EXP_LNKCAP2_SLS_16_0GB 0x00000010 /* Supported Speed 16GT/s */ +#define PCI_EXP_LNKCAP2_SLS_2_5GB 0x00000001 /* Supported Speed 2.5GT/s */ +#define PCI_EXP_LNKCAP2_SLS_5_0GB 0x00000002 /* Supported Speed 5GT/s */ +#define PCI_EXP_LNKCAP2_SLS_8_0GB 0x00000004 /* Supported Speed 8GT/s */ +#define PCI_EXP_LNKCAP2_SLS_16_0GB 0x00000008 /* Supported Speed 16GT/s */ #define PCI_EXP_LNKCAP2_CROSSLINK 0x00000100 /* Crosslink supported */ #define PCI_EXP_LNKCTL2 48 /* Link Control 2 */ #define PCI_EXP_LNKCTL2_TLS 0x000f -- 2.16.1

7 years, 1 month

4
5
0 0

[PATCH] dm-bufio: adjust the reserved buffer for dm-verify-target.

by xiao jin

We hit the BUG() report at include/linux/scatterlist.h:144! The callback is as bellow: => verity_work => verity_hash_for_block => verity_verify_level => verity_hash => verity_hash_update => sg_init_one => sg_set_buf More debug shows the root cause. When creating dufio client it uses the __vmalloc() to allocate the buffer data for the reserved dm_buffer. The buffer that allocated by the __vmalloc() is invalid according to the __virt_addr_valid(). Mostly the reserved dm_buffer is not touched. But occasionally it might fail to allocate the dm_buffer data when we try to allocate in the __alloc_buffer_wait_no_callback(). Then it has to take the reserved dm_buffer for usage. Finally it reports the BUG() as virt_addr_valid() detects the buffer data address is invalid. The patch is to adjust the reserved buffer for dm-verity-target. We allocated two dm_buffers into the reserved buffers list when creating the buffer interface. The first dm_buffer in the reserved buffer list is allocated by the __vmalloc(), it's not used after that. The second dm_buffer in the reserved buffer list is allocated by the __get_free_pages() which can be consumed after that. Signed-off-by: xiao jin <jin.xiao(a)intel.com> --- drivers/md/dm-bufio.c | 4 ++-- drivers/md/dm-verity-target.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c index dc385b7..3b7ca5e 100644 --- a/drivers/md/dm-bufio.c +++ b/drivers/md/dm-bufio.c @@ -841,7 +841,7 @@ static struct dm_buffer *__alloc_buffer_wait_no_callback(struct dm_bufio_client tried_noio_alloc = true; } - if (!list_empty(&c->reserved_buffers)) { + if (!c->need_reserved_buffers) { b = list_entry(c->reserved_buffers.next, struct dm_buffer, lru_list); list_del(&b->lru_list); @@ -1701,7 +1701,7 @@ struct dm_bufio_client *dm_bufio_client_create(struct block_device *bdev, unsign goto bad; } - while (c->need_reserved_buffers) { + if (list_empty(&c->reserved_buffers)) { struct dm_buffer *b = alloc_buffer(c, GFP_KERNEL); if (!b) { diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c index 12decdbd7..40c66fc 100644 --- a/drivers/md/dm-verity-target.c +++ b/drivers/md/dm-verity-target.c @@ -1107,7 +1107,7 @@ static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv) v->hash_blocks = hash_position; v->bufio = dm_bufio_client_create(v->hash_dev->bdev, - 1 << v->hash_dev_block_bits, 1, sizeof(struct buffer_aux), + 1 << v->hash_dev_block_bits, 2, sizeof(struct buffer_aux), dm_bufio_alloc_callback, NULL); if (IS_ERR(v->bufio)) { ti->error = "Cannot initialize dm-bufio"; -- 2.7.4

7 years, 1 month

3
2
0 0

+ zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2 has been added to the -mm tree. Its filename is zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/zram-remove-bd_cap_synchronous_io-… and later at http://ozlabs.org/~akpm/mmotm/broken-out/zram-remove-bd_cap_synchronous_io-… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Minchan Kim <minchan(a)kernel.org> Subject: zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2 - description correction - Andrew - add comment about removing BDI_CAP_SYNCHRONOUS_IO Link: https://lore.kernel.org/lkml/0516ae2d-b0fd-92c5-aa92-112ba7bd32fc@contabo.d… Link: http://lkml.kernel.org/r/20180802051112.86174-1-minchan@kernel.org Link: http://lkml.kernel.org/r/20180805233722.217347-1-minchan@kernel.org Signed-off-by: Minchan Kim <minchan(a)kernel.org> Reported-by: Tino Lehnig <tino.lehnig(a)contabo.de> Tested-by: Tino Lehnig <tino.lehnig(a)contabo.de> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: <stable(a)vger.kernel.org> [4.15+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN drivers/block/zram/zram_drv.c~zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2 drivers/block/zram/zram_drv.c --- a/drivers/block/zram/zram_drv.c~zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2 +++ a/drivers/block/zram/zram_drv.c @@ -401,6 +401,16 @@ static ssize_t backing_dev_store(struct zram->backing_dev = backing_dev; zram->bitmap = bitmap; zram->nr_pages = nr_pages; + /* + * With writeback feature, zram does asynchronous IO so it's no longer + * synchronous device so let's remove synchronous io flag. Othewise, + * upper layer(e.g., swap) could wait IO completion rather than + * (submit and return), which will cause system sluggish. + * Furthermore, when the IO function returns(e.g., swap_readpage), + * upper layer expects IO was done so it could deallocate the page + * freely but in fact, IO is going on so finally could cause + * use-after-free when the IO is really done. + */ zram->disk->queue->backing_dev_info->capabilities &= ~BDI_CAP_SYNCHRONOUS_IO; up_write(&zram->init_lock); _ Patches currently in -mm which might be from minchan(a)kernel.org are zram-remove-bd_cap_synchronous_io-with-writeback-feature.patch zram-remove-bd_cap_synchronous_io-with-writeback-feature-v2.patch

7 years, 1 month

1
0
0 0

Backport Security Fix for CVE-2018-13095 to v4.14

by Yuki Machida

Hi Greg, I conformed that a patch of CVE-2018-13095 not applied at v4.14.60. Could you please apply a patch for 4.14-stable ? CVE-2018-13095 Upstream commit 23fcb3340d033d9f081e21e6c12c2db7eaa541d3 References https://nvd.nist.gov/vuln/detail/CVE-2018-13095 Regards, Yuki Machida

7 years, 1 month

3
3
0 0

[PATCH] drm/nouveau: Don't forget to cancel hpd_work on suspend/unload

by Lyude Paul

Currently, there's nothing in nouveau that actually cancels this work struct. So, cancel it on suspend/unload. Otherwise, if we're unlucky enough hpd_work might try to keep running up until the system is suspended. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/nouveau_display.c | 9 ++++++--- drivers/gpu/drm/nouveau/nouveau_display.h | 2 +- drivers/gpu/drm/nouveau/nouveau_drm.c | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_display.c b/drivers/gpu/drm/nouveau/nouveau_display.c index ec7861457b84..1ba3f152cfcb 100644 --- a/drivers/gpu/drm/nouveau/nouveau_display.c +++ b/drivers/gpu/drm/nouveau/nouveau_display.c @@ -425,7 +425,7 @@ nouveau_display_init(struct drm_device *dev) } void -nouveau_display_fini(struct drm_device *dev, bool suspend) +nouveau_display_fini(struct drm_device *dev, bool suspend, bool runtime) { struct nouveau_display *disp = nouveau_display(dev); struct nouveau_drm *drm = nouveau_drm(dev); @@ -450,6 +450,9 @@ nouveau_display_fini(struct drm_device *dev, bool suspend) } drm_connector_list_iter_end(&conn_iter); + if (!runtime) + cancel_work_sync(&drm->hpd_work); + drm_kms_helper_poll_disable(dev); disp->fini(dev); } @@ -618,11 +621,11 @@ nouveau_display_suspend(struct drm_device *dev, bool runtime) } } - nouveau_display_fini(dev, true); + nouveau_display_fini(dev, true, runtime); return 0; } - nouveau_display_fini(dev, true); + nouveau_display_fini(dev, true, runtime); list_for_each_entry(crtc, &dev->mode_config.crtc_list, head) { struct nouveau_framebuffer *nouveau_fb; diff --git a/drivers/gpu/drm/nouveau/nouveau_display.h b/drivers/gpu/drm/nouveau/nouveau_display.h index 54aa7c3fa42d..ff92b54ce448 100644 --- a/drivers/gpu/drm/nouveau/nouveau_display.h +++ b/drivers/gpu/drm/nouveau/nouveau_display.h @@ -62,7 +62,7 @@ nouveau_display(struct drm_device *dev) int nouveau_display_create(struct drm_device *dev); void nouveau_display_destroy(struct drm_device *dev); int nouveau_display_init(struct drm_device *dev); -void nouveau_display_fini(struct drm_device *dev, bool suspend); +void nouveau_display_fini(struct drm_device *dev, bool suspend, bool runtime); int nouveau_display_suspend(struct drm_device *dev, bool runtime); void nouveau_display_resume(struct drm_device *dev, bool runtime); int nouveau_display_vblank_enable(struct drm_device *, unsigned int); diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index f5d3158f0378..20d4ab647cf7 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -629,7 +629,7 @@ nouveau_drm_unload(struct drm_device *dev) nouveau_debugfs_fini(drm); if (dev->mode_config.num_crtc) - nouveau_display_fini(dev, false); + nouveau_display_fini(dev, false, false); nouveau_display_destroy(dev); nouveau_bios_takedown(dev); -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v5 12/13] drm/nouveau: Fix deadlocks in nouveau_connector_detect()

by Lyude Paul

When we disable hotplugging on the GPU, we need to be able to synchronize with each connector's hotplug interrupt handler before the interrupt is finally disabled. This can be a problem however, since nouveau_connector_detect() currently grabs a runtime power reference when handling connector probing. This will deadlock the runtime suspend handler like so: [ 861.480896] INFO: task kworker/0:2:61 blocked for more than 120 seconds. [ 861.483290] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.485158] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.486332] kworker/0:2 D 0 61 2 0x80000000 [ 861.487044] Workqueue: events nouveau_display_hpd_work [nouveau] [ 861.487737] Call Trace: [ 861.488394] __schedule+0x322/0xaf0 [ 861.489070] schedule+0x33/0x90 [ 861.489744] rpm_resume+0x19c/0x850 [ 861.490392] ? finish_wait+0x90/0x90 [ 861.491068] __pm_runtime_resume+0x4e/0x90 [ 861.491753] nouveau_display_hpd_work+0x22/0x60 [nouveau] [ 861.492416] process_one_work+0x231/0x620 [ 861.493068] worker_thread+0x44/0x3a0 [ 861.493722] kthread+0x12b/0x150 [ 861.494342] ? wq_pool_ids_show+0x140/0x140 [ 861.494991] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.495648] ret_from_fork+0x3a/0x50 [ 861.496304] INFO: task kworker/6:2:320 blocked for more than 120 seconds. [ 861.496968] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.497654] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.498341] kworker/6:2 D 0 320 2 0x80000080 [ 861.499045] Workqueue: pm pm_runtime_work [ 861.499739] Call Trace: [ 861.500428] __schedule+0x322/0xaf0 [ 861.501134] ? wait_for_completion+0x104/0x190 [ 861.501851] schedule+0x33/0x90 [ 861.502564] schedule_timeout+0x3a5/0x590 [ 861.503284] ? mark_held_locks+0x58/0x80 [ 861.503988] ? _raw_spin_unlock_irq+0x2c/0x40 [ 861.504710] ? wait_for_completion+0x104/0x190 [ 861.505417] ? trace_hardirqs_on_caller+0xf4/0x190 [ 861.506136] ? wait_for_completion+0x104/0x190 [ 861.506845] wait_for_completion+0x12c/0x190 [ 861.507555] ? wake_up_q+0x80/0x80 [ 861.508268] flush_work+0x1c9/0x280 [ 861.508990] ? flush_workqueue_prep_pwqs+0x1b0/0x1b0 [ 861.509735] nvif_notify_put+0xb1/0xc0 [nouveau] [ 861.510482] nouveau_display_fini+0xbd/0x170 [nouveau] [ 861.511241] nouveau_display_suspend+0x67/0x120 [nouveau] [ 861.511969] nouveau_do_suspend+0x5e/0x2d0 [nouveau] [ 861.512715] nouveau_pmops_runtime_suspend+0x47/0xb0 [nouveau] [ 861.513435] pci_pm_runtime_suspend+0x6b/0x180 [ 861.514165] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.514897] __rpm_callback+0x7a/0x1d0 [ 861.515618] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.516313] rpm_callback+0x24/0x80 [ 861.517027] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.517741] rpm_suspend+0x142/0x6b0 [ 861.518449] pm_runtime_work+0x97/0xc0 [ 861.519144] process_one_work+0x231/0x620 [ 861.519831] worker_thread+0x44/0x3a0 [ 861.520522] kthread+0x12b/0x150 [ 861.521220] ? wq_pool_ids_show+0x140/0x140 [ 861.521925] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.522622] ret_from_fork+0x3a/0x50 [ 861.523299] INFO: task kworker/6:0:1329 blocked for more than 120 seconds. [ 861.523977] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.524644] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.525349] kworker/6:0 D 0 1329 2 0x80000000 [ 861.526073] Workqueue: events nvif_notify_work [nouveau] [ 861.526751] Call Trace: [ 861.527411] __schedule+0x322/0xaf0 [ 861.528089] schedule+0x33/0x90 [ 861.528758] rpm_resume+0x19c/0x850 [ 861.529399] ? finish_wait+0x90/0x90 [ 861.530073] __pm_runtime_resume+0x4e/0x90 [ 861.530798] nouveau_connector_detect+0x7e/0x510 [nouveau] [ 861.531459] ? ww_mutex_lock+0x47/0x80 [ 861.532097] ? ww_mutex_lock+0x47/0x80 [ 861.532819] ? drm_modeset_lock+0x88/0x130 [drm] [ 861.533481] drm_helper_probe_detect_ctx+0xa0/0x100 [drm_kms_helper] [ 861.534127] drm_helper_hpd_irq_event+0xa4/0x120 [drm_kms_helper] [ 861.534940] nouveau_connector_hotplug+0x98/0x120 [nouveau] [ 861.535556] nvif_notify_work+0x2d/0xb0 [nouveau] [ 861.536221] process_one_work+0x231/0x620 [ 861.536994] worker_thread+0x44/0x3a0 [ 861.537757] kthread+0x12b/0x150 [ 861.538463] ? wq_pool_ids_show+0x140/0x140 [ 861.539102] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.539815] ret_from_fork+0x3a/0x50 [ 861.540521] Showing all locks held in the system: [ 861.541696] 2 locks held by kworker/0:2/61: [ 861.542406] #0: 000000002dbf8af5 ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.543071] #1: 0000000076868126 ((work_completion)(&drm->hpd_work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.543814] 1 lock held by khungtaskd/64: [ 861.544535] #0: 0000000059db4b53 (rcu_read_lock){....}, at: debug_show_all_locks+0x23/0x185 [ 861.545160] 3 locks held by kworker/6:2/320: [ 861.545896] #0: 00000000d9e1bc59 ((wq_completion)"pm"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.546702] #1: 00000000c9f92d84 ((work_completion)(&dev->power.work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.547443] #2: 000000004afc5de1 (drm_connector_list_iter){.+.+}, at: nouveau_display_fini+0x96/0x170 [nouveau] [ 861.548146] 1 lock held by dmesg/983: [ 861.548889] 2 locks held by zsh/1250: [ 861.549605] #0: 00000000348e3cf6 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 861.550393] #1: 000000007009a7a8 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0xc1/0x870 [ 861.551122] 6 locks held by kworker/6:0/1329: [ 861.551957] #0: 000000002dbf8af5 ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.552765] #1: 00000000ddb499ad ((work_completion)(&notify->work)#2){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.553582] #2: 000000006e013cbe (&dev->mode_config.mutex){+.+.}, at: drm_helper_hpd_irq_event+0x6c/0x120 [drm_kms_helper] [ 861.554357] #3: 000000004afc5de1 (drm_connector_list_iter){.+.+}, at: drm_helper_hpd_irq_event+0x78/0x120 [drm_kms_helper] [ 861.555227] #4: 0000000044f294d9 (crtc_ww_class_acquire){+.+.}, at: drm_helper_probe_detect_ctx+0x3d/0x100 [drm_kms_helper] [ 861.556133] #5: 00000000db193642 (crtc_ww_class_mutex){+.+.}, at: drm_modeset_lock+0x4b/0x130 [drm] [ 861.557864] ============================================= [ 861.559507] NMI backtrace for cpu 2 [ 861.560363] CPU: 2 PID: 64 Comm: khungtaskd Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.561197] Hardware name: LENOVO 20EQS64N0B/20EQS64N0B, BIOS N1EET78W (1.51 ) 05/18/2018 [ 861.561948] Call Trace: [ 861.562757] dump_stack+0x8e/0xd3 [ 861.563516] nmi_cpu_backtrace.cold.3+0x14/0x5a [ 861.564269] ? lapic_can_unplug_cpu.cold.27+0x42/0x42 [ 861.565029] nmi_trigger_cpumask_backtrace+0xa1/0xae [ 861.565789] arch_trigger_cpumask_backtrace+0x19/0x20 [ 861.566558] watchdog+0x316/0x580 [ 861.567355] kthread+0x12b/0x150 [ 861.568114] ? reset_hung_task_detector+0x20/0x20 [ 861.568863] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.569598] ret_from_fork+0x3a/0x50 [ 861.570370] Sending NMI from CPU 2 to CPUs 0-1,3-7: [ 861.571426] NMI backtrace for cpu 6 skipped: idling at intel_idle+0x7f/0x120 [ 861.571429] NMI backtrace for cpu 7 skipped: idling at intel_idle+0x7f/0x120 [ 861.571432] NMI backtrace for cpu 3 skipped: idling at intel_idle+0x7f/0x120 [ 861.571464] NMI backtrace for cpu 5 skipped: idling at intel_idle+0x7f/0x120 [ 861.571467] NMI backtrace for cpu 0 skipped: idling at intel_idle+0x7f/0x120 [ 861.571469] NMI backtrace for cpu 4 skipped: idling at intel_idle+0x7f/0x120 [ 861.571472] NMI backtrace for cpu 1 skipped: idling at intel_idle+0x7f/0x120 [ 861.572428] Kernel panic - not syncing: hung_task: blocked tasks So: fix this with a new trick; store the current task_struct that's executing in the nouveau_connector structure, then avoid attempting to runtime resume the device when we know that we're just running from the context of our hotplug interrupt handler. Since hpd interrupts are only enabled while the device is runtime active, this should be totally safe. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_connector.c | 16 ++++++++++------ drivers/gpu/drm/nouveau/nouveau_connector.h | 1 + 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c index 9714e09f17db..8409c3f2c3a1 100644 --- a/drivers/gpu/drm/nouveau/nouveau_connector.c +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c @@ -572,13 +572,14 @@ nouveau_connector_detect(struct drm_connector *connector, bool force) nv_connector->edid = NULL; } - /* Outputs are only polled while runtime active, so resuming the - * device here is unnecessary (and would deadlock upon runtime suspend - * because it waits for polling to finish). We do however, want to - * prevent the autosuspend timer from elapsing during this operation - * if possible. + /* Output polling and HPD only happens while we're runtime active, so + * resuming the device here is unnecessary (and would deadlock upon + * runtime suspend because it waits for polling to finish). We do + * however, want to prevent the autosuspend timer from elapsing during + * this operation if possible. */ - if (drm_kms_helper_is_poll_worker()) { + if (drm_kms_helper_is_poll_worker() || + nv_connector->hpd_task == current) { pm_runtime_get_noresume(dev->dev); } else { ret = pm_runtime_get_sync(dev->dev); @@ -1151,6 +1152,8 @@ nouveau_connector_hotplug(struct nvif_notify *notify) const char *name = connector->name; struct nouveau_encoder *nv_encoder; + nv_connector->hpd_task = current; + if (rep->mask & NVIF_NOTIFY_CONN_V0_IRQ) { NV_DEBUG(drm, "service %s\n", name); if ((nv_encoder = find_encoder(connector, DCB_OUTPUT_DP))) @@ -1167,6 +1170,7 @@ nouveau_connector_hotplug(struct nvif_notify *notify) nouveau_connector_hotplug_probe(nv_connector); } + nv_connector->hpd_task = NULL; return NVIF_NOTIFY_KEEP; } diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.h b/drivers/gpu/drm/nouveau/nouveau_connector.h index 2d9d35a146a4..1964e682ba13 100644 --- a/drivers/gpu/drm/nouveau/nouveau_connector.h +++ b/drivers/gpu/drm/nouveau/nouveau_connector.h @@ -45,6 +45,7 @@ struct nouveau_connector { u8 *dcb; struct nvif_notify hpd; + struct task_struct *hpd_task; struct drm_dp_aux aux; -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v5 11/13] drm/nouveau: Respond to HPDs by probing one conn at a time

by Lyude Paul

There isn't actually any reason we need to call drm_hpd_irq_event() from our hotplug handler, as we already know which connector the hotplug event was fired for. We're also going to need to avoid probing all connectors needlessly from hotplug handlers anyway so that we can track when nouveau_connector_detect() is being called from the context of it's connector's hotplug handler in order to fix the next deadlocking issue. This is (slightly) faster anyway! Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_connector.c | 28 ++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c index 010d6db14cba..9714e09f17db 100644 --- a/drivers/gpu/drm/nouveau/nouveau_connector.c +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c @@ -1114,6 +1114,32 @@ nouveau_connector_funcs_lvds = { .atomic_get_property = nouveau_conn_atomic_get_property, }; +static void +nouveau_connector_hotplug_probe(struct nouveau_connector *nv_conn) +{ + struct drm_modeset_acquire_ctx ctx; + struct drm_connector *conn = &nv_conn->base; + enum drm_connector_status old_status; + struct drm_device *dev = conn->dev; + bool changed; + + mutex_lock(&dev->mode_config.mutex); + + drm_modeset_acquire_init(&ctx, 0); + drm_modeset_lock(&dev->mode_config.connection_mutex, &ctx); + + old_status = conn->status; + conn->status = drm_helper_probe_detect(conn, &ctx, true); + changed = old_status != conn->status; + + drm_modeset_drop_locks(&ctx); + drm_modeset_acquire_fini(&ctx); + mutex_unlock(&dev->mode_config.mutex); + + if (changed) + drm_kms_helper_hotplug_event(dev); +} + static int nouveau_connector_hotplug(struct nvif_notify *notify) { @@ -1138,7 +1164,7 @@ nouveau_connector_hotplug(struct nvif_notify *notify) nv50_mstm_remove(nv_encoder->dp.mstm); } - drm_helper_hpd_irq_event(connector->dev); + nouveau_connector_hotplug_probe(nv_connector); } return NVIF_NOTIFY_KEEP; -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v5 09/13] drm/nouveau: Fix deadlock with fb_helper by inhibiting it's HPD

by Lyude Paul

I'm sure I don't need to tell you that fb_helper's locking is a mess. That being said; fb_helper's locking mess can seriously complicate the runtime suspend/resume operations of drivers because it can invoke atomic commits and connector probing from anywhere that calls drm_fb_helper_hotplug_event(). Since most drivers use drm_fb_helper_output_poll_changed() as their output_poll_changed handler, this can happen in every single context that can fire off a hotplug event. An example: [ 246.669625] INFO: task kworker/4:0:37 blocked for more than 120 seconds. [ 246.673398] Not tainted 4.18.0-rc5Lyude-Test+ #2 [ 246.675271] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.676527] kworker/4:0 D 0 37 2 0x80000000 [ 246.677580] Workqueue: events output_poll_execute [drm_kms_helper] [ 246.678704] Call Trace: [ 246.679753] __schedule+0x322/0xaf0 [ 246.680916] schedule+0x33/0x90 [ 246.681924] schedule_preempt_disabled+0x15/0x20 [ 246.683023] __mutex_lock+0x569/0x9a0 [ 246.684035] ? kobject_uevent_env+0x117/0x7b0 [ 246.685132] ? drm_fb_helper_hotplug_event.part.28+0x20/0xb0 [drm_kms_helper] [ 246.686179] mutex_lock_nested+0x1b/0x20 [ 246.687278] ? mutex_lock_nested+0x1b/0x20 [ 246.688307] drm_fb_helper_hotplug_event.part.28+0x20/0xb0 [drm_kms_helper] [ 246.689420] drm_fb_helper_output_poll_changed+0x23/0x30 [drm_kms_helper] [ 246.690462] drm_kms_helper_hotplug_event+0x2a/0x30 [drm_kms_helper] [ 246.691570] output_poll_execute+0x198/0x1c0 [drm_kms_helper] [ 246.692611] process_one_work+0x231/0x620 [ 246.693725] worker_thread+0x214/0x3a0 [ 246.694756] kthread+0x12b/0x150 [ 246.695856] ? wq_pool_ids_show+0x140/0x140 [ 246.696888] ? kthread_create_worker_on_cpu+0x70/0x70 [ 246.697998] ret_from_fork+0x3a/0x50 [ 246.699034] INFO: task kworker/0:1:60 blocked for more than 120 seconds. [ 246.700153] Not tainted 4.18.0-rc5Lyude-Test+ #2 [ 246.701182] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.702278] kworker/0:1 D 0 60 2 0x80000000 [ 246.703293] Workqueue: pm pm_runtime_work [ 246.704393] Call Trace: [ 246.705403] __schedule+0x322/0xaf0 [ 246.706439] ? wait_for_completion+0x104/0x190 [ 246.707393] schedule+0x33/0x90 [ 246.708375] schedule_timeout+0x3a5/0x590 [ 246.709289] ? mark_held_locks+0x58/0x80 [ 246.710208] ? _raw_spin_unlock_irq+0x2c/0x40 [ 246.711222] ? wait_for_completion+0x104/0x190 [ 246.712134] ? trace_hardirqs_on_caller+0xf4/0x190 [ 246.713094] ? wait_for_completion+0x104/0x190 [ 246.713964] wait_for_completion+0x12c/0x190 [ 246.714895] ? wake_up_q+0x80/0x80 [ 246.715727] ? get_work_pool+0x90/0x90 [ 246.716649] flush_work+0x1c9/0x280 [ 246.717483] ? flush_workqueue_prep_pwqs+0x1b0/0x1b0 [ 246.718442] __cancel_work_timer+0x146/0x1d0 [ 246.719247] cancel_delayed_work_sync+0x13/0x20 [ 246.720043] drm_kms_helper_poll_disable+0x1f/0x30 [drm_kms_helper] [ 246.721123] nouveau_pmops_runtime_suspend+0x3d/0xb0 [nouveau] [ 246.721897] pci_pm_runtime_suspend+0x6b/0x190 [ 246.722825] ? pci_has_legacy_pm_support+0x70/0x70 [ 246.723737] __rpm_callback+0x7a/0x1d0 [ 246.724721] ? pci_has_legacy_pm_support+0x70/0x70 [ 246.725607] rpm_callback+0x24/0x80 [ 246.726553] ? pci_has_legacy_pm_support+0x70/0x70 [ 246.727376] rpm_suspend+0x142/0x6b0 [ 246.728185] pm_runtime_work+0x97/0xc0 [ 246.728938] process_one_work+0x231/0x620 [ 246.729796] worker_thread+0x44/0x3a0 [ 246.730614] kthread+0x12b/0x150 [ 246.731395] ? wq_pool_ids_show+0x140/0x140 [ 246.732202] ? kthread_create_worker_on_cpu+0x70/0x70 [ 246.732878] ret_from_fork+0x3a/0x50 [ 246.733768] INFO: task kworker/4:2:422 blocked for more than 120 seconds. [ 246.734587] Not tainted 4.18.0-rc5Lyude-Test+ #2 [ 246.735393] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.736113] kworker/4:2 D 0 422 2 0x80000080 [ 246.736789] Workqueue: events_long drm_dp_mst_link_probe_work [drm_kms_helper] [ 246.737665] Call Trace: [ 246.738490] __schedule+0x322/0xaf0 [ 246.739250] schedule+0x33/0x90 [ 246.739908] rpm_resume+0x19c/0x850 [ 246.740750] ? finish_wait+0x90/0x90 [ 246.741541] __pm_runtime_resume+0x4e/0x90 [ 246.742370] nv50_disp_atomic_commit+0x31/0x210 [nouveau] [ 246.743124] drm_atomic_commit+0x4a/0x50 [drm] [ 246.743775] restore_fbdev_mode_atomic+0x1c8/0x240 [drm_kms_helper] [ 246.744603] restore_fbdev_mode+0x31/0x140 [drm_kms_helper] [ 246.745373] drm_fb_helper_restore_fbdev_mode_unlocked+0x54/0xb0 [drm_kms_helper] [ 246.746220] drm_fb_helper_set_par+0x2d/0x50 [drm_kms_helper] [ 246.746884] drm_fb_helper_hotplug_event.part.28+0x96/0xb0 [drm_kms_helper] [ 246.747675] drm_fb_helper_output_poll_changed+0x23/0x30 [drm_kms_helper] [ 246.748544] drm_kms_helper_hotplug_event+0x2a/0x30 [drm_kms_helper] [ 246.749439] nv50_mstm_hotplug+0x15/0x20 [nouveau] [ 246.750111] drm_dp_send_link_address+0x177/0x1c0 [drm_kms_helper] [ 246.750764] drm_dp_check_and_send_link_address+0xa8/0xd0 [drm_kms_helper] [ 246.751602] drm_dp_mst_link_probe_work+0x51/0x90 [drm_kms_helper] [ 246.752314] process_one_work+0x231/0x620 [ 246.752979] worker_thread+0x44/0x3a0 [ 246.753838] kthread+0x12b/0x150 [ 246.754619] ? wq_pool_ids_show+0x140/0x140 [ 246.755386] ? kthread_create_worker_on_cpu+0x70/0x70 [ 246.756162] ret_from_fork+0x3a/0x50 [ 246.756847] Showing all locks held in the system: [ 246.758261] 3 locks held by kworker/4:0/37: [ 246.759016] #0: 00000000f8df4d2d ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.759856] #1: 00000000e6065461 ((work_completion)(&(&dev->mode_config.output_poll_work)->work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.760670] #2: 00000000cb66735f (&helper->lock){+.+.}, at: drm_fb_helper_hotplug_event.part.28+0x20/0xb0 [drm_kms_helper] [ 246.761516] 2 locks held by kworker/0:1/60: [ 246.762274] #0: 00000000fff6be0f ((wq_completion)"pm"){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.762982] #1: 000000005ab44fb4 ((work_completion)(&dev->power.work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.763890] 1 lock held by khungtaskd/64: [ 246.764664] #0: 000000008cb8b5c3 (rcu_read_lock){....}, at: debug_show_all_locks+0x23/0x185 [ 246.765588] 5 locks held by kworker/4:2/422: [ 246.766440] #0: 00000000232f0959 ((wq_completion)"events_long"){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.767390] #1: 00000000bb59b134 ((work_completion)(&mgr->work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.768154] #2: 00000000cb66735f (&helper->lock){+.+.}, at: drm_fb_helper_restore_fbdev_mode_unlocked+0x4c/0xb0 [drm_kms_helper] [ 246.768966] #3: 000000004c8f0b6b (crtc_ww_class_acquire){+.+.}, at: restore_fbdev_mode_atomic+0x4b/0x240 [drm_kms_helper] [ 246.769921] #4: 000000004c34a296 (crtc_ww_class_mutex){+.+.}, at: drm_modeset_backoff+0x8a/0x1b0 [drm] [ 246.770839] 1 lock held by dmesg/1038: [ 246.771739] 2 locks held by zsh/1172: [ 246.772650] #0: 00000000836d0438 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 246.773680] #1: 000000001f4f4d48 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0xc1/0x870 [ 246.775522] ============================================= I've tried a couple of solutions so far, but it seems that right now the simplest solution is to just prevent fb_helper from handling hotplugs when runtime suspending, as this allows us to eliminate any possibility that we might race with fb_helper. We can just "resume" hotplug handling for fbdev when we runtime resume, and fire off a hotplug event if anything happened while we were suspended. Additionally; we take care to abort the runtime resume process if can't lock the new fb_helper hotplug locks before fb_helper starts doing something. Changes since v4: - Add nouveau_fbcon_hotplugged_in_suspend() to workaround deadlock condition that Lukas described - Just move all of this out of drm_fb_helper. It seems that other DRM drivers have already figured out other workarounds for this. If other drivers do end up needing this in the future, we can just move this back into drm_fb_helper again. Changes since v3: - Actually check if fb_helper is NULL in both new helpers - Actually check drm_fbdev_emulation in both new helpers - Don't fire off a fb_helper hotplug unconditionally; only do it if the following conditions are true (as otherwise, calling this in the wrong spot will cause Bad Things to happen): - fb_helper hotplug handling was actually inhibited previously - fb_helper actually has a delayed hotplug pending - fb_helper is actually bound - fb_helper is actually initialized - Add __must_check to drm_fb_helper_suspend_hotplug(). There's no situation where a driver would actually want to use this without checking the return value, so enforce that - Rewrite and clarify the documentation for both helpers. - Make sure to return true in the drm_fb_helper_suspend_hotplug() stub that's provided in drm_fb_helper.h when CONFIG_DRM_FBDEV_EMULATION isn't enabled - Actually grab the toplevel fb_helper lock in drm_fb_helper_resume_hotplug(), since it's possible other activity (such as a hotplug) could be going on at the same time the driver calls drm_fb_helper_resume_hotplug(). We need this to check whether or not drm_fb_helper_hotplug_event() needs to be called anyway Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 2 +- drivers/gpu/drm/nouveau/nouveau_display.c | 48 +++++++++--- drivers/gpu/drm/nouveau/nouveau_drm.c | 3 + drivers/gpu/drm/nouveau/nouveau_fbcon.c | 90 +++++++++++++++++++++++ drivers/gpu/drm/nouveau/nouveau_fbcon.h | 9 +++ 5 files changed, 139 insertions(+), 13 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 8b522a9b12f6..a0772389ed90 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -2049,7 +2049,7 @@ nv50_disp_atomic_state_alloc(struct drm_device *dev) static const struct drm_mode_config_funcs nv50_disp_func = { .fb_create = nouveau_user_framebuffer_create, - .output_poll_changed = drm_fb_helper_output_poll_changed, + .output_poll_changed = nouveau_fbcon_output_poll_changed, .atomic_check = nv50_disp_atomic_check, .atomic_commit = nv50_disp_atomic_commit, .atomic_state_alloc = nv50_disp_atomic_state_alloc, diff --git a/drivers/gpu/drm/nouveau/nouveau_display.c b/drivers/gpu/drm/nouveau/nouveau_display.c index 1d36ab5d4796..7229887f7cbf 100644 --- a/drivers/gpu/drm/nouveau/nouveau_display.c +++ b/drivers/gpu/drm/nouveau/nouveau_display.c @@ -293,7 +293,7 @@ nouveau_user_framebuffer_create(struct drm_device *dev, static const struct drm_mode_config_funcs nouveau_mode_config_funcs = { .fb_create = nouveau_user_framebuffer_create, - .output_poll_changed = drm_fb_helper_output_poll_changed, + .output_poll_changed = nouveau_fbcon_output_poll_changed, }; @@ -608,25 +608,49 @@ nouveau_display_destroy(struct drm_device *dev) int nouveau_display_suspend(struct drm_device *dev, bool runtime) { + struct nouveau_drm *drm = nouveau_drm(dev); struct nouveau_display *disp = nouveau_display(dev); struct drm_crtc *crtc; + bool using_atomic = drm_drv_uses_atomic_modeset(dev); + int ret; - if (drm_drv_uses_atomic_modeset(dev)) { - if (!runtime) { - disp->suspend = drm_atomic_helper_suspend(dev); - if (IS_ERR(disp->suspend)) { - int ret = PTR_ERR(disp->suspend); - disp->suspend = NULL; - return ret; - } + if (!runtime && using_atomic) { + disp->suspend = drm_atomic_helper_suspend(dev); + if (IS_ERR(disp->suspend)) { + int ret = PTR_ERR(disp->suspend); + disp->suspend = NULL; + return ret; } - - nouveau_display_fini(dev, true); - return 0; } nouveau_display_fini(dev, true); + if (runtime && nouveau_fbcon_hotplugged_in_suspend(drm->fbcon)) { + NV_DEBUG(drm, "interrupted by delayed fb_helper hotplug\n"); + + /* We don't need to run the whole nouveau_display_resume() + * process here, just undo what we did in + * nouveau_display_fini() + */ + NV_DEBUG(drm, "resuming display...\n"); + ret = nouveau_display_init(dev); + if (WARN_ON(ret)) { + NV_ERROR(drm, "Failed to bring back display!\n"); + return ret; + } + + return -EBUSY; + } + + /* Any hotplugs received after this point will be picked up by ACPI, + * which will wake us up properly before actually trying to handle the + * hotplug. + */ + + if (using_atomic) + return 0; + + /* The rest of this is for legacy modesetting only */ list_for_each_entry(crtc, &dev->mode_config.crtc_list, head) { struct nouveau_framebuffer *nouveau_fb; diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index f79b435368ec..296b1d63f054 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -841,6 +841,9 @@ nouveau_pmops_runtime_suspend(struct device *dev) return -EBUSY; } + if (!nouveau_fbcon_hotplug_suspend(nouveau_drm(drm_dev)->fbcon)) + return -EBUSY; + ret = nouveau_do_suspend(drm_dev, true); if (ret) return ret; diff --git a/drivers/gpu/drm/nouveau/nouveau_fbcon.c b/drivers/gpu/drm/nouveau/nouveau_fbcon.c index 85c1f10bc2b6..67677d60f07e 100644 --- a/drivers/gpu/drm/nouveau/nouveau_fbcon.c +++ b/drivers/gpu/drm/nouveau/nouveau_fbcon.c @@ -466,6 +466,7 @@ nouveau_fbcon_set_suspend_work(struct work_struct *work) console_unlock(); if (state == FBINFO_STATE_RUNNING) { + nouveau_fbcon_hotplug_resume(drm->fbcon); pm_runtime_mark_last_busy(drm->dev->dev); pm_runtime_put_sync(drm->dev->dev); } @@ -487,6 +488,94 @@ nouveau_fbcon_set_suspend(struct drm_device *dev, int state) schedule_work(&drm->fbcon_work); } +void +nouveau_fbcon_output_poll_changed(struct drm_device *dev) +{ + struct nouveau_drm *drm = nouveau_drm(dev); + struct nouveau_fbdev *fbcon = drm->fbcon; + + if (!fbcon) + return; + + mutex_lock(&fbcon->hotplug_lock); + + if (fbcon->hotplug_suspended) { + fbcon->hotplug_waiting = true; + } else { + pm_runtime_get_sync(drm->dev->dev); + + drm_fb_helper_hotplug_event(&fbcon->helper); + + pm_runtime_mark_last_busy(drm->dev->dev); + pm_runtime_put_autosuspend(drm->dev->dev); + } + + mutex_unlock(&fbcon->hotplug_lock); +} + +bool __must_check +nouveau_fbcon_hotplug_suspend(struct nouveau_fbdev *fbcon) +{ + int ret; + + if (!fbcon) + return true; + + /* We can't block on fbcon if it's performing connector probes, as + * it will need to grab a runtime PM reference to the GPU and deadlock + * us if we do. So, just abort if it's busy (that's what we want + * anyway) + */ + ret = mutex_trylock(&fbcon->hotplug_lock); + if (!ret) + return false; + fbcon->hotplug_suspended = true; + mutex_unlock(&fbcon->hotplug_lock); + + return true; +} + +void +nouveau_fbcon_hotplug_resume(struct nouveau_fbdev *fbcon) +{ + struct drm_device *dev; + + if (!fbcon) + return; + dev = fbcon->helper.dev; + + mutex_lock(&fbcon->hotplug_lock); + + fbcon->hotplug_suspended = false; + if (fbcon->hotplug_waiting) { + fbcon->hotplug_waiting = false; + + pm_runtime_get_sync(dev->dev); + + drm_fb_helper_hotplug_event(&fbcon->helper); + + pm_runtime_mark_last_busy(dev->dev); + pm_runtime_put_autosuspend(dev->dev); + } + + mutex_unlock(&fbcon->hotplug_lock); +} + +bool +nouveau_fbcon_hotplugged_in_suspend(struct nouveau_fbdev *fbcon) +{ + bool hotplug; + + if (!fbcon) + return false; + + mutex_lock(&fbcon->hotplug_lock); + hotplug = fbcon->hotplug_suspended && fbcon->hotplug_waiting; + mutex_unlock(&fbcon->hotplug_lock); + + return hotplug; +} + int nouveau_fbcon_init(struct drm_device *dev) { @@ -505,6 +594,7 @@ nouveau_fbcon_init(struct drm_device *dev) drm->fbcon = fbcon; INIT_WORK(&drm->fbcon_work, nouveau_fbcon_set_suspend_work); + mutex_init(&fbcon->hotplug_lock); drm_fb_helper_prepare(dev, &fbcon->helper, &nouveau_fbcon_helper_funcs); diff --git a/drivers/gpu/drm/nouveau/nouveau_fbcon.h b/drivers/gpu/drm/nouveau/nouveau_fbcon.h index a6f192ea3fa6..a939628bf7f7 100644 --- a/drivers/gpu/drm/nouveau/nouveau_fbcon.h +++ b/drivers/gpu/drm/nouveau/nouveau_fbcon.h @@ -41,6 +41,10 @@ struct nouveau_fbdev { struct nvif_object gdi; struct nvif_object blit; struct nvif_object twod; + + struct mutex hotplug_lock; + bool hotplug_suspended; + bool hotplug_waiting; }; void nouveau_fbcon_restore(void); @@ -68,6 +72,11 @@ void nouveau_fbcon_set_suspend(struct drm_device *dev, int state); void nouveau_fbcon_accel_save_disable(struct drm_device *dev); void nouveau_fbcon_accel_restore(struct drm_device *dev); +void nouveau_fbcon_output_poll_changed(struct drm_device *dev); +bool __must_check nouveau_fbcon_hotplug_suspend(struct nouveau_fbdev *fbcon); +void nouveau_fbcon_hotplug_resume(struct nouveau_fbdev *fbcon); +bool nouveau_fbcon_hotplugged_in_suspend(struct nouveau_fbdev *fbcon); + extern int nouveau_nofbaccel; #endif /* __NV50_FBCON_H__ */ -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v5 02/13] drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend()

by Lyude Paul

Since actual hotplug notifications don't get disabled until nouveau_display_fini() is called, all this will do is cause any hotplugs that happen between this drm_kms_helper_poll_disable() call and the actual hotplug disablement to potentially be dropped if ACPI isn't around to help us. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_drm.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index c7ec86d6c3c9..5fdc1fbe2ee5 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -835,7 +835,6 @@ nouveau_pmops_runtime_suspend(struct device *dev) return -EBUSY; } - drm_kms_helper_poll_disable(drm_dev); nouveau_switcheroo_optimus_dsm(); ret = nouveau_do_suspend(drm_dev, true); pci_save_state(pdev); -- 2.17.1

7 years, 1 month

1
0
0 0

[PATCH v5 01/13] drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement

by Lyude Paul

Turns out this part is my fault for not noticing when reviewing 9a2eba337cace ("drm/nouveau: Fix drm poll_helper handling"). Currently we call drm_kms_helper_poll_enable() from nouveau_display_hpd_work(). This makes basically no sense however, because that means we're calling drm_kms_helper_poll_enable() every time we schedule the hotplug detection work. This is also against the advice mentioned in drm_kms_helper_poll_enable()'s documentation: Note that calls to enable and disable polling must be strictly ordered, which is automatically the case when they're only call from suspend/resume callbacks. Of course, hotplugs can't really be ordered. They could even happen immediately after we called drm_kms_helper_poll_disable() in nouveau_display_fini(), which can lead to all sorts of issues. Additionally; enabling polling /after/ we call drm_helper_hpd_irq_event() could also mean that we'd miss a hotplug event anyway, since drm_helper_hpd_irq_event() wouldn't bother trying to probe connectors so long as polling is disabled. So; simply move this back into nouveau_display_init() again. The race condition that both of these patches attempted to work around has already been fixed properly in d61a5c106351 ("drm/nouveau: Fix deadlock on runtime suspend") Fixes: 9a2eba337cace ("drm/nouveau: Fix drm poll_helper handling") Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Peter Ujfalusi <peter.ujfalusi(a)ti.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/nouveau_display.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_display.c b/drivers/gpu/drm/nouveau/nouveau_display.c index ec7861457b84..1d36ab5d4796 100644 --- a/drivers/gpu/drm/nouveau/nouveau_display.c +++ b/drivers/gpu/drm/nouveau/nouveau_display.c @@ -355,8 +355,6 @@ nouveau_display_hpd_work(struct work_struct *work) pm_runtime_get_sync(drm->dev->dev); drm_helper_hpd_irq_event(drm->dev); - /* enable polling for external displays */ - drm_kms_helper_poll_enable(drm->dev); pm_runtime_mark_last_busy(drm->dev->dev); pm_runtime_put_sync(drm->dev->dev); @@ -411,6 +409,11 @@ nouveau_display_init(struct drm_device *dev) if (ret) return ret; + /* enable connector detection and polling for connectors without HPD + * support + */ + drm_kms_helper_poll_enable(dev); + /* enable hotplug interrupts */ drm_connector_list_iter_begin(dev, &conn_iter); nouveau_for_each_non_mst_connector_iter(connector, &conn_iter) { -- 2.17.1

7 years, 1 month

1
0
0 0

Please apply commit 92d34134193e ("fs: Fix inconsistency ..." to stable releases

by Guenter Roeck

Hi Greg, commit 92d34134193e ("jfs: Fix inconsistency between memory allocation and ea_buf->max_size") fixes CVE-2018-12233. As far as I can see, the commit is not in any stable releases. It applies to all stable releases at least as far back as v4.4.y (and it builds unless I really messed up). Copying author and committer in case there are any concerns. Otherwise, please apply to stable releases. Thanks, Guenter

7 years, 1 month

2
1
0 0

[RESEND] request to include on 4.14.y

by Eduardo Valentin

Greg, Can you please include the following patch to 4.14.y stable branch to fix the intel_idle probe and avoid mis-lead info to user by blaming unsupported processor model: a4c447533a18 ("intel_idle: Graceful probe failure when MWAIT is disabled") This is a self-contained and cherry-pick'able patch in linus master branch. Thanks, Hope this time is better communicated. -- All the best, Eduardo Valentin

7 years, 1 month

2
1
0 0

FAILED: patch "[PATCH] Btrfs: fix file data corruption after cloning a range and" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From bd3599a0e142cd73edd3b6801068ac3f48ac771a Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Thu, 12 Jul 2018 01:36:43 +0100 Subject: [PATCH] Btrfs: fix file data corruption after cloning a range and fsync When we clone a range into a file we can end up dropping existing extent maps (or trimming them) and replacing them with new ones if the range to be cloned overlaps with a range in the destination inode. When that happens we add the new extent maps to the list of modified extents in the inode's extent map tree, so that a "fast" fsync (the flag BTRFS_INODE_NEEDS_FULL_SYNC not set in the inode) will see the extent maps and log corresponding extent items. However, at the end of range cloning operation we do truncate all the pages in the affected range (in order to ensure future reads will not get stale data). Sometimes this truncation will release the corresponding extent maps besides the pages from the page cache. If this happens, then a "fast" fsync operation will miss logging some extent items, because it relies exclusively on the extent maps being present in the inode's extent tree, leading to data loss/corruption if the fsync ends up using the same transaction used by the clone operation (that transaction was not committed in the meanwhile). An extent map is released through the callback btrfs_invalidatepage(), which gets called by truncate_inode_pages_range(), and it calls __btrfs_releasepage(). The later ends up calling try_release_extent_mapping() which will release the extent map if some conditions are met, like the file size being greater than 16Mb, gfp flags allow blocking and the range not being locked (which is the case during the clone operation) nor being the extent map flagged as pinned (also the case for cloning). The following example, turned into a test for fstests, reproduces the issue: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ xfs_io -f -c "pwrite -S 0x18 9000K 6908K" /mnt/foo $ xfs_io -f -c "pwrite -S 0x20 2572K 156K" /mnt/bar $ xfs_io -c "fsync" /mnt/bar # reflink destination offset corresponds to the size of file bar, # 2728Kb minus 4Kb. $ xfs_io -c ""reflink ${SCRATCH_MNT}/foo 0 2724K 15908K" /mnt/bar $ xfs_io -c "fsync" /mnt/bar $ md5sum /mnt/bar 95a95813a8c2abc9aa75a6c2914a077e /mnt/bar <power fail> $ mount /dev/sdb /mnt $ md5sum /mnt/bar 207fd8d0b161be8a84b945f0df8d5f8d /mnt/bar # digest should be 95a95813a8c2abc9aa75a6c2914a077e like before the # power failure In the above example, the destination offset of the clone operation corresponds to the size of the "bar" file minus 4Kb. So during the clone operation, the extent map covering the range from 2572Kb to 2728Kb gets trimmed so that it ends at offset 2724Kb, and a new extent map covering the range from 2724Kb to 11724Kb is created. So at the end of the clone operation when we ask to truncate the pages in the range from 2724Kb to 2724Kb + 15908Kb, the page invalidation callback ends up removing the new extent map (through try_release_extent_mapping()) when the page at offset 2724Kb is passed to that callback. Fix this by setting the bit BTRFS_INODE_NEEDS_FULL_SYNC whenever an extent map is removed at try_release_extent_mapping(), forcing the next fsync to search for modified extents in the fs/subvolume tree instead of relying on the presence of extent maps in memory. This way we can continue doing a "fast" fsync if the destination range of a clone operation does not overlap with an existing range or if any of the criteria necessary to remove an extent map at try_release_extent_mapping() is not met (file size not bigger then 16Mb or gfp flags do not allow blocking). CC: stable(a)vger.kernel.org # 3.16+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 1aa91d57404a..8fd86e29085f 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -4241,8 +4241,9 @@ int try_release_extent_mapping(struct page *page, gfp_t mask) struct extent_map *em; u64 start = page_offset(page); u64 end = start + PAGE_SIZE - 1; - struct extent_io_tree *tree = &BTRFS_I(page->mapping->host)->io_tree; - struct extent_map_tree *map = &BTRFS_I(page->mapping->host)->extent_tree; + struct btrfs_inode *btrfs_inode = BTRFS_I(page->mapping->host); + struct extent_io_tree *tree = &btrfs_inode->io_tree; + struct extent_map_tree *map = &btrfs_inode->extent_tree; if (gfpflags_allow_blocking(mask) && page->mapping->host->i_size > SZ_16M) { @@ -4265,6 +4266,8 @@ int try_release_extent_mapping(struct page *page, gfp_t mask) extent_map_end(em) - 1, EXTENT_LOCKED | EXTENT_WRITEBACK, 0, NULL)) { + set_bit(BTRFS_INODE_NEEDS_FULL_SYNC, + &btrfs_inode->runtime_flags); remove_extent_mapping(map, em); /* once for the rb tree */ free_extent_map(em);

7 years, 1 month

3
2
0 0

FAILED: patch "[PATCH] i2c: imx: Fix reinit_completion() use" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9f9e3e0d4dd3338b3f3dde080789f71901e1e4ff Mon Sep 17 00:00:00 2001 From: Esben Haabendal <eha(a)deif.com> Date: Mon, 9 Jul 2018 11:43:01 +0200 Subject: [PATCH] i2c: imx: Fix reinit_completion() use MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Make sure to call reinit_completion() before dma is started to avoid race condition where reinit_completion() is called after complete() and before wait_for_completion_timeout(). Signed-off-by: Esben Haabendal <eha(a)deif.com> Fixes: ce1a78840ff7 ("i2c: imx: add DMA support for freescale i2c driver") Reviewed-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Signed-off-by: Wolfram Sang <wsa(a)the-dreams.de> Cc: stable(a)kernel.org diff --git a/drivers/i2c/busses/i2c-imx.c b/drivers/i2c/busses/i2c-imx.c index 0207e194f84b..39cfd98c7b23 100644 --- a/drivers/i2c/busses/i2c-imx.c +++ b/drivers/i2c/busses/i2c-imx.c @@ -368,6 +368,7 @@ static int i2c_imx_dma_xfer(struct imx_i2c_struct *i2c_imx, goto err_desc; } + reinit_completion(&dma->cmd_complete); txdesc->callback = i2c_imx_dma_callback; txdesc->callback_param = i2c_imx; if (dma_submit_error(dmaengine_submit(txdesc))) { @@ -622,7 +623,6 @@ static int i2c_imx_dma_write(struct imx_i2c_struct *i2c_imx, * The first byte must be transmitted by the CPU. */ imx_i2c_write_reg(i2c_8bit_addr_from_msg(msgs), i2c_imx, IMX_I2C_I2DR); - reinit_completion(&i2c_imx->dma->cmd_complete); time_left = wait_for_completion_timeout( &i2c_imx->dma->cmd_complete, msecs_to_jiffies(DMA_TIMEOUT)); @@ -681,7 +681,6 @@ static int i2c_imx_dma_read(struct imx_i2c_struct *i2c_imx, if (result) return result; - reinit_completion(&i2c_imx->dma->cmd_complete); time_left = wait_for_completion_timeout( &i2c_imx->dma->cmd_complete, msecs_to_jiffies(DMA_TIMEOUT));

7 years, 1 month

3
2
0 0

FAILED: patch "[PATCH] ring_buffer: tracing: Inherit the tracing setting to next" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 73c8d8945505acdcbae137c2e00a1232e0be709f Mon Sep 17 00:00:00 2001 From: Masami Hiramatsu <mhiramat(a)kernel.org> Date: Sat, 14 Jul 2018 01:28:15 +0900 Subject: [PATCH] ring_buffer: tracing: Inherit the tracing setting to next ring buffer Maintain the tracing on/off setting of the ring_buffer when switching to the trace buffer snapshot. Taking a snapshot is done by swapping the backup ring buffer (max_tr_buffer). But since the tracing on/off setting is defined by the ring buffer, when swapping it, the tracing on/off setting can also be changed. This causes a strange result like below: /sys/kernel/debug/tracing # cat tracing_on 1 /sys/kernel/debug/tracing # echo 0 > tracing_on /sys/kernel/debug/tracing # cat tracing_on 0 /sys/kernel/debug/tracing # echo 1 > snapshot /sys/kernel/debug/tracing # cat tracing_on 1 /sys/kernel/debug/tracing # echo 1 > snapshot /sys/kernel/debug/tracing # cat tracing_on 0 We don't touch tracing_on, but snapshot changes tracing_on setting each time. This is an anomaly, because user doesn't know that each "ring_buffer" stores its own tracing-enable state and the snapshot is done by swapping ring buffers. Link: http://lkml.kernel.org/r/153149929558.11274.11730609978254724394.stgit@devb… Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Tom Zanussi <tom.zanussi(a)linux.intel.com> Cc: Hiraku Toyooka <hiraku.toyooka(a)cybertrust.co.jp> Cc: stable(a)vger.kernel.org Fixes: debdd57f5145 ("tracing: Make a snapshot feature available from userspace") Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> [ Updated commit log and comment in the code ] Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> diff --git a/include/linux/ring_buffer.h b/include/linux/ring_buffer.h index b72ebdff0b77..003d09ab308d 100644 --- a/include/linux/ring_buffer.h +++ b/include/linux/ring_buffer.h @@ -165,6 +165,7 @@ void ring_buffer_record_enable(struct ring_buffer *buffer); void ring_buffer_record_off(struct ring_buffer *buffer); void ring_buffer_record_on(struct ring_buffer *buffer); int ring_buffer_record_is_on(struct ring_buffer *buffer); +int ring_buffer_record_is_set_on(struct ring_buffer *buffer); void ring_buffer_record_disable_cpu(struct ring_buffer *buffer, int cpu); void ring_buffer_record_enable_cpu(struct ring_buffer *buffer, int cpu); diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 6a46af21765c..0b0b688ea166 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -3226,6 +3226,22 @@ int ring_buffer_record_is_on(struct ring_buffer *buffer) return !atomic_read(&buffer->record_disabled); } +/** + * ring_buffer_record_is_set_on - return true if the ring buffer is set writable + * @buffer: The ring buffer to see if write is set enabled + * + * Returns true if the ring buffer is set writable by ring_buffer_record_on(). + * Note that this does NOT mean it is in a writable state. + * + * It may return true when the ring buffer has been disabled by + * ring_buffer_record_disable(), as that is a temporary disabling of + * the ring buffer. + */ +int ring_buffer_record_is_set_on(struct ring_buffer *buffer) +{ + return !(atomic_read(&buffer->record_disabled) & RB_BUFFER_OFF); +} + /** * ring_buffer_record_disable_cpu - stop all writes into the cpu_buffer * @buffer: The ring buffer to stop writes to. diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 87cf25171fb8..823687997b01 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -1373,6 +1373,12 @@ update_max_tr(struct trace_array *tr, struct task_struct *tsk, int cpu) arch_spin_lock(&tr->max_lock); + /* Inherit the recordable setting from trace_buffer */ + if (ring_buffer_record_is_set_on(tr->trace_buffer.buffer)) + ring_buffer_record_on(tr->max_buffer.buffer); + else + ring_buffer_record_off(tr->max_buffer.buffer); + swap(tr->trace_buffer.buffer, tr->max_buffer.buffer); __update_max_tr(tr, tsk, cpu);

7 years, 1 month

3
2
0 0

Please apply commit a0040c014594 to v4.4.y, v4.9.y, v4.14.y

by Sinan Kaya

Hi Greg, Upstream commit a0040c014594 ("ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle "). This patch fixes a NULL pointer access when ACPI_HANDLE() is NULL. acpi_evaluate_dsm() fails as follows while there is no DSM in the tables. ACPI: \: failed to evaluate _DSM (0x1001) Sinan

7 years, 1 month

2
3
0 0

FAILED: patch "[PATCH] ext4: fix false negatives *and* false positives in" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 44de022c4382541cebdd6de4465d1f4f465ff1dd Mon Sep 17 00:00:00 2001 From: Theodore Ts'o <tytso(a)mit.edu> Date: Sun, 8 Jul 2018 19:35:02 -0400 Subject: [PATCH] ext4: fix false negatives *and* false positives in ext4_check_descriptors() Ext4_check_descriptors() was getting called before s_gdb_count was initialized. So for file systems w/o the meta_bg feature, allocation bitmaps could overlap the block group descriptors and ext4 wouldn't notice. For file systems with the meta_bg feature enabled, there was a fencepost error which would cause the ext4_check_descriptors() to incorrectly believe that the block allocation bitmap overlaps with the block group descriptor blocks, and it would reject the mount. Fix both of these problems. Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org diff --git a/fs/ext4/super.c b/fs/ext4/super.c index ba2396a7bd04..eff5c983e067 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -2342,7 +2342,7 @@ static int ext4_check_descriptors(struct super_block *sb, struct ext4_sb_info *sbi = EXT4_SB(sb); ext4_fsblk_t first_block = le32_to_cpu(sbi->s_es->s_first_data_block); ext4_fsblk_t last_block; - ext4_fsblk_t last_bg_block = sb_block + ext4_bg_num_gdb(sb, 0) + 1; + ext4_fsblk_t last_bg_block = sb_block + ext4_bg_num_gdb(sb, 0); ext4_fsblk_t block_bitmap; ext4_fsblk_t inode_bitmap; ext4_fsblk_t inode_table; @@ -4085,14 +4085,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) goto failed_mount2; } } + sbi->s_gdb_count = db_count; if (!ext4_check_descriptors(sb, logical_sb_block, &first_not_zeroed)) { ext4_msg(sb, KERN_ERR, "group descriptors corrupted!"); ret = -EFSCORRUPTED; goto failed_mount2; } - sbi->s_gdb_count = db_count; - timer_setup(&sbi->s_err_report, print_daily_error_info, 0); /* Register extent status tree shrinker */

7 years, 1 month

4
4
0 0

[PATCH] ext4: fix false negatives *and* false positives in ext4_check_descriptors()

by Benjamin Gilbert

Fix trivial conflict that caused the original commit to bounce from 4.4, 4.9, and 4.14. -- >8 -- commit 44de022c4382541cebdd6de4465d1f4f465ff1dd upstream. Ext4_check_descriptors() was getting called before s_gdb_count was initialized. So for file systems w/o the meta_bg feature, allocation bitmaps could overlap the block group descriptors and ext4 wouldn't notice. For file systems with the meta_bg feature enabled, there was a fencepost error which would cause the ext4_check_descriptors() to incorrectly believe that the block allocation bitmap overlaps with the block group descriptor blocks, and it would reject the mount. Fix both of these problems. Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org Signed-off-by: Benjamin Gilbert <bgilbert(a)redhat.com> --- fs/ext4/super.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ext4/super.c b/fs/ext4/super.c index fc32a67a7a19..a500f55d421a 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -2301,7 +2301,7 @@ static int ext4_check_descriptors(struct super_block *sb, struct ext4_sb_info *sbi = EXT4_SB(sb); ext4_fsblk_t first_block = le32_to_cpu(sbi->s_es->s_first_data_block); ext4_fsblk_t last_block; - ext4_fsblk_t last_bg_block = sb_block + ext4_bg_num_gdb(sb, 0) + 1; + ext4_fsblk_t last_bg_block = sb_block + ext4_bg_num_gdb(sb, 0); ext4_fsblk_t block_bitmap; ext4_fsblk_t inode_bitmap; ext4_fsblk_t inode_table; @@ -4044,13 +4044,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) goto failed_mount2; } } + sbi->s_gdb_count = db_count; if (!ext4_check_descriptors(sb, logical_sb_block, &first_not_zeroed)) { ext4_msg(sb, KERN_ERR, "group descriptors corrupted!"); ret = -EFSCORRUPTED; goto failed_mount2; } - sbi->s_gdb_count = db_count; get_random_bytes(&sbi->s_next_generation, sizeof(u32)); spin_lock_init(&sbi->s_next_gen_lock); -- 2.17.1

7 years, 1 month

2
1
0 0

wait for your reply

by Roy Robinson

Did you receive my email yesterday? Just want to check if you have needs for photo editing for our studio? We normally edit 300 images within 12-24 hours. We take care of different kinds of e-commerce photos, jewelry images, and portrait model images. Including cutting out and clipping path and others, we also give retouching for your images. You may drop us a photo if you want to check our quality, we will provide testing. Thanks, Roy

7 years, 1 month

1
0
0 0

[PATCH v3 1/4] ACPI / scan: Fix acpi_is_indirect_io_slave() always returning false

by Hans de Goede

Since commit 63347db0affa ("ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs") the status field of normal acpi_devices gets set to 0 by acpi_bus_type_and_status() and filled with its actual value later when acpi_add_single_object() calls acpi_bus_get_status(). This means that status is 0 when acpi_device_enumeration_by_parent() gets called which makes the acpi_match_device_ids() call in acpi_is_indirect_io_slave() always return -ENOENT. This commit fixes this by making acpi_bus_type_and_status() set status to ACPI_STA_DEFAULT until acpi_add_single_object() calls acpi_bus_get_status() Fixes: dfda4492322e ("ACPI / scan: Do not enumerate Indirect IO host children") Cc: stable(a)vger.kernel.org Cc: John Garry <john.garry(a)huawei.com> Cc: Bjorn Helgaas <bhelgaas(a)google.com> Cc: Dann Frazier <dann.frazier(a)canonical.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/acpi/scan.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c index 970dd87d347c..6799d00dd790 100644 --- a/drivers/acpi/scan.c +++ b/drivers/acpi/scan.c @@ -1612,7 +1612,8 @@ static int acpi_add_single_object(struct acpi_device **child, * Note this must be done before the get power-/wakeup_dev-flags calls. */ if (type == ACPI_BUS_TYPE_DEVICE) - acpi_bus_get_status(device); + if (acpi_bus_get_status(device) < 0) + acpi_set_device_status(device, 0); acpi_bus_get_power_flags(device); acpi_bus_get_wakeup_device_flags(device); @@ -1690,7 +1691,7 @@ static int acpi_bus_type_and_status(acpi_handle handle, int *type, * acpi_add_single_object updates this once we've an acpi_device * so that acpi_bus_get_status' quirk handling can be used. */ - *sta = 0; + *sta = ACPI_STA_DEFAULT; break; case ACPI_TYPE_PROCESSOR: *type = ACPI_BUS_TYPE_PROCESSOR; -- 2.18.0

7 years, 1 month

2
2
0 0

[PATCH 1/2] x86/entry/64: Do not clear %rbx under Xen

by M. Vefa Bicakci

Commit 3ac6d8c787b8 ("x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface") unintendedly broke Xen PV virtual machines by clearing the %rbx register at the end of xen_failsafe_callback before the latter jumps to error_exit. error_exit expects the %rbx register to be a flag indicating whether there should be a return to kernel mode. This commit makes sure that the %rbx register is not cleared by the PUSH_AND_CLEAR_REGS macro, when the macro in question is instantiated by xen_failsafe_callback, to avoid the issue. The impact of this bug includes (and most likely is not limited to) kernel BUGs when wine is run in Xen PV virtual machines. One example is included below. This example depicts the bug when wine is used to run TeamViewer version 13's portable version under a Xen PV virtual machine using an up-to-date version of Qubes OS R3.2. [...........] kernel tried to execute NX-protected page - exploit attempt? (uid: 1000) [ +0.000021] BUG: unable to handle kernel paging request at ffffffff82012480 [ +0.000020] IP: init_task+0x0/0x2ac0 [ +0.000009] PGD 200e067 P4D 200e067 PUD 200f067 PMD 2d5e067 PTE 8010000002012067 [ +0.000019] Oops: 0011 [#1] SMP DEBUG_PAGEALLOC NOPTI [ +0.000015] Modules linked in: fuse bluetooth ecdh_generic rfkill ip6table_filter ip6_tables xt_conntrack ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c intel_rapl x86_pkg_temp_thermal crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel xen_netfront intel_rapl_perf pcspkr binfmt_misc dummy_hcd udc_core xen_gntdev xen_gntalloc u2mfn(O) xen_blkback xenfs xen_evtchn xen_privcmd xen_blkfront [ +0.000091] CPU: 0 PID: 1350 Comm: TeamViewer.exe Tainted: G O 4.14.20-11.d10d0bb86d #15 [ +0.000018] task: ffff8800042fda00 task.stack: ffffc900006f8000 [ +0.000015] RIP: e030:init_task+0x0/0x2ac0 [ +0.000009] RSP: e02b:ffffffff82003df8 EFLAGS: 00010002 [ +0.000012] RAX: 0000000000000040 RBX: 0000000000000004 RCX: 0000000000000000 [ +0.000015] RDX: 0000000000000000 RSI: 0000000000000202 RDI: ffffffff810011aa [ +0.000015] RBP: 000000000033eb88 R08: 0000000000000000 R09: 0000000000000000 [ +0.000015] R10: 0000000000000000 R11: ffff88000d772600 R12: 0000000000000000 [ +0.000015] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ +0.000027] FS: 000000007ffd8000(0063) GS:ffff88000f400000(006b) knlGS:0000000000000000 [ +0.000016] CS: e033 DS: 002b ES: 002b CR0: 0000000080050033 [ +0.000014] CR2: ffffffff82012480 CR3: 0000000004880000 CR4: 0000000000042660 [ +0.000025] Call Trace: [ +0.000007] Code: ff ff ff d0 5a 1e 81 ff ff ff ff 00 00 00 00 00 00 00 00 e0 d7 04 82 ff ff ff ff e8 98 c0 0d 00 88 ff ff 01 80 00 00 00 00 00 00 <00> 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ +0.000068] RIP: init_task+0x0/0x2ac0 RSP: ffffffff82003df8 [ +0.000011] CR2: ffffffff82012480 [ +0.000010] ---[ end trace 7fb0075d4247b2a2 ]--- The commit that introduces this bug was found with git-bisect in conjunction with some scripts and Qubes OS's cross-VM RPCs for automation, and the correction was prepared after a manual inspection of the changes introduced by the commit in question. To the best of my recollection, this issue is also reproducible in an Ubuntu 18.04 LTS dom0 instance with the version of the Xen hypervisor in Ubuntu's package repositories. Signed-off-by: M. Vefa Bicakci <m.v.b(a)runbox.com> Cc: Dominik Brodowski <linux(a)dominikbrodowski.net> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: Juergen Gross <jgross(a)suse.com> Cc: xen-devel(a)lists.xenproject.org Cc: x86(a)kernel.org Cc: stable(a)vger.kernel.org # for v4.14 and up Fixes: 3ac6d8c787b8 ("x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface") --- arch/x86/entry/calling.h | 4 +++- arch/x86/entry/entry_64.S | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h index 20d0885b00fb..71795767da94 100644 --- a/arch/x86/entry/calling.h +++ b/arch/x86/entry/calling.h @@ -97,7 +97,7 @@ For 32-bit we have the following conventions - kernel is built with #define SIZEOF_PTREGS 21*8 -.macro PUSH_AND_CLEAR_REGS rdx=%rdx rax=%rax save_ret=0 +.macro PUSH_AND_CLEAR_REGS rdx=%rdx rax=%rax save_ret=0 clear_rbx=1 /* * Push registers and sanitize registers of values that a * speculation attack might otherwise want to exploit. The @@ -127,7 +127,9 @@ For 32-bit we have the following conventions - kernel is built with pushq %r11 /* pt_regs->r11 */ xorl %r11d, %r11d /* nospec r11*/ pushq %rbx /* pt_regs->rbx */ + .if \clear_rbx xorl %ebx, %ebx /* nospec rbx*/ + .endif pushq %rbp /* pt_regs->rbp */ xorl %ebp, %ebp /* nospec rbp*/ pushq %r12 /* pt_regs->r12 */ diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S index c7449f377a77..96e8ff34129e 100644 --- a/arch/x86/entry/entry_64.S +++ b/arch/x86/entry/entry_64.S @@ -1129,7 +1129,7 @@ ENTRY(xen_failsafe_callback) addq $0x30, %rsp UNWIND_HINT_IRET_REGS pushq $-1 /* orig_ax = -1 => not a system call */ - PUSH_AND_CLEAR_REGS + PUSH_AND_CLEAR_REGS clear_rbx=0 ENCODE_FRAME_POINTER jmp error_exit END(xen_failsafe_callback) -- 2.17.1

7 years, 1 month

6
23
0 0

Your immediate response is required if you are alive

by Derek Langston

Dear Client, Please confirm if you are still alive because two gentle men walked into my office this morning to claim your inheritance funds with our bank. They said that you are dead and that they are your representative. I got your email from the file of your relative who is yet to be paid for the Contract he has executed before his death several years ago.You the beneficiary of this fund has not been in contact with the bank to claim your fund. The gentlemen submitted an address where they want your VISA DEBIT ATM CARD sent. If you are still alive, please indicate by sending your full contact details within 7 day of receiving this message, faliure to do so, I will send the card to the address submitted by your representatives. Regards Derek

7 years, 1 month

1
0
0 0

Can you do it?

by Ms CHIANG Lai Yuen JP

I have a Businesss Proposal for you, get ack to me for more details.

7 years, 1 month

1
0
0 0

Loan and investment

by Tajick Ali

Greetings, I represent business group in Middle East looking for projects to fund; we seek any business that will guaranty a safe and secure return on investments. Alternative powers, movies, start up companies etc. We are also looking for commercial building projects, hotels, casino, strip malls etc. If you have a project that differs from these and current budget is over $40M, Write us and Provide Executive Summary and project details. (a)100% financing is available. (b)Possible JV partnerships or 100% loans. (c)Project must be over $20M total budget. I look forward to your reply, Sir Abraham Oded Sahara Petrochems Ltd odoabraham5(a)gmail.com

7 years, 1 month

1
0
0 0

[PATCH v3 3/8] drm/fb_helper: Introduce hotplug_suspend/resume()

by Lyude Paul

I'm sure I don't need to tell you that fb_helper's locking is a mess. That being said; fb_helper's locking mess can seriously complicate the runtime suspend/resume operations of drivers because it can invoke atomic commits and connector probing from anywhere that calls drm_fb_helper_hotplug_event(). Since most drivers use drm_fb_helper_output_poll_changed() as their output_poll_changed handler, this can happen in every single context that can fire off a hotplug event. An example: [ 246.669625] INFO: task kworker/4:0:37 blocked for more than 120 seconds. [ 246.673398] Not tainted 4.18.0-rc5Lyude-Test+ #2 [ 246.675271] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.676527] kworker/4:0 D 0 37 2 0x80000000 [ 246.677580] Workqueue: events output_poll_execute [drm_kms_helper] [ 246.678704] Call Trace: [ 246.679753] __schedule+0x322/0xaf0 [ 246.680916] schedule+0x33/0x90 [ 246.681924] schedule_preempt_disabled+0x15/0x20 [ 246.683023] __mutex_lock+0x569/0x9a0 [ 246.684035] ? kobject_uevent_env+0x117/0x7b0 [ 246.685132] ? drm_fb_helper_hotplug_event.part.28+0x20/0xb0 [drm_kms_helper] [ 246.686179] mutex_lock_nested+0x1b/0x20 [ 246.687278] ? mutex_lock_nested+0x1b/0x20 [ 246.688307] drm_fb_helper_hotplug_event.part.28+0x20/0xb0 [drm_kms_helper] [ 246.689420] drm_fb_helper_output_poll_changed+0x23/0x30 [drm_kms_helper] [ 246.690462] drm_kms_helper_hotplug_event+0x2a/0x30 [drm_kms_helper] [ 246.691570] output_poll_execute+0x198/0x1c0 [drm_kms_helper] [ 246.692611] process_one_work+0x231/0x620 [ 246.693725] worker_thread+0x214/0x3a0 [ 246.694756] kthread+0x12b/0x150 [ 246.695856] ? wq_pool_ids_show+0x140/0x140 [ 246.696888] ? kthread_create_worker_on_cpu+0x70/0x70 [ 246.697998] ret_from_fork+0x3a/0x50 [ 246.699034] INFO: task kworker/0:1:60 blocked for more than 120 seconds. [ 246.700153] Not tainted 4.18.0-rc5Lyude-Test+ #2 [ 246.701182] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.702278] kworker/0:1 D 0 60 2 0x80000000 [ 246.703293] Workqueue: pm pm_runtime_work [ 246.704393] Call Trace: [ 246.705403] __schedule+0x322/0xaf0 [ 246.706439] ? wait_for_completion+0x104/0x190 [ 246.707393] schedule+0x33/0x90 [ 246.708375] schedule_timeout+0x3a5/0x590 [ 246.709289] ? mark_held_locks+0x58/0x80 [ 246.710208] ? _raw_spin_unlock_irq+0x2c/0x40 [ 246.711222] ? wait_for_completion+0x104/0x190 [ 246.712134] ? trace_hardirqs_on_caller+0xf4/0x190 [ 246.713094] ? wait_for_completion+0x104/0x190 [ 246.713964] wait_for_completion+0x12c/0x190 [ 246.714895] ? wake_up_q+0x80/0x80 [ 246.715727] ? get_work_pool+0x90/0x90 [ 246.716649] flush_work+0x1c9/0x280 [ 246.717483] ? flush_workqueue_prep_pwqs+0x1b0/0x1b0 [ 246.718442] __cancel_work_timer+0x146/0x1d0 [ 246.719247] cancel_delayed_work_sync+0x13/0x20 [ 246.720043] drm_kms_helper_poll_disable+0x1f/0x30 [drm_kms_helper] [ 246.721123] nouveau_pmops_runtime_suspend+0x3d/0xb0 [nouveau] [ 246.721897] pci_pm_runtime_suspend+0x6b/0x190 [ 246.722825] ? pci_has_legacy_pm_support+0x70/0x70 [ 246.723737] __rpm_callback+0x7a/0x1d0 [ 246.724721] ? pci_has_legacy_pm_support+0x70/0x70 [ 246.725607] rpm_callback+0x24/0x80 [ 246.726553] ? pci_has_legacy_pm_support+0x70/0x70 [ 246.727376] rpm_suspend+0x142/0x6b0 [ 246.728185] pm_runtime_work+0x97/0xc0 [ 246.728938] process_one_work+0x231/0x620 [ 246.729796] worker_thread+0x44/0x3a0 [ 246.730614] kthread+0x12b/0x150 [ 246.731395] ? wq_pool_ids_show+0x140/0x140 [ 246.732202] ? kthread_create_worker_on_cpu+0x70/0x70 [ 246.732878] ret_from_fork+0x3a/0x50 [ 246.733768] INFO: task kworker/4:2:422 blocked for more than 120 seconds. [ 246.734587] Not tainted 4.18.0-rc5Lyude-Test+ #2 [ 246.735393] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.736113] kworker/4:2 D 0 422 2 0x80000080 [ 246.736789] Workqueue: events_long drm_dp_mst_link_probe_work [drm_kms_helper] [ 246.737665] Call Trace: [ 246.738490] __schedule+0x322/0xaf0 [ 246.739250] schedule+0x33/0x90 [ 246.739908] rpm_resume+0x19c/0x850 [ 246.740750] ? finish_wait+0x90/0x90 [ 246.741541] __pm_runtime_resume+0x4e/0x90 [ 246.742370] nv50_disp_atomic_commit+0x31/0x210 [nouveau] [ 246.743124] drm_atomic_commit+0x4a/0x50 [drm] [ 246.743775] restore_fbdev_mode_atomic+0x1c8/0x240 [drm_kms_helper] [ 246.744603] restore_fbdev_mode+0x31/0x140 [drm_kms_helper] [ 246.745373] drm_fb_helper_restore_fbdev_mode_unlocked+0x54/0xb0 [drm_kms_helper] [ 246.746220] drm_fb_helper_set_par+0x2d/0x50 [drm_kms_helper] [ 246.746884] drm_fb_helper_hotplug_event.part.28+0x96/0xb0 [drm_kms_helper] [ 246.747675] drm_fb_helper_output_poll_changed+0x23/0x30 [drm_kms_helper] [ 246.748544] drm_kms_helper_hotplug_event+0x2a/0x30 [drm_kms_helper] [ 246.749439] nv50_mstm_hotplug+0x15/0x20 [nouveau] [ 246.750111] drm_dp_send_link_address+0x177/0x1c0 [drm_kms_helper] [ 246.750764] drm_dp_check_and_send_link_address+0xa8/0xd0 [drm_kms_helper] [ 246.751602] drm_dp_mst_link_probe_work+0x51/0x90 [drm_kms_helper] [ 246.752314] process_one_work+0x231/0x620 [ 246.752979] worker_thread+0x44/0x3a0 [ 246.753838] kthread+0x12b/0x150 [ 246.754619] ? wq_pool_ids_show+0x140/0x140 [ 246.755386] ? kthread_create_worker_on_cpu+0x70/0x70 [ 246.756162] ret_from_fork+0x3a/0x50 [ 246.756847] Showing all locks held in the system: [ 246.758261] 3 locks held by kworker/4:0/37: [ 246.759016] #0: 00000000f8df4d2d ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.759856] #1: 00000000e6065461 ((work_completion)(&(&dev->mode_config.output_poll_work)->work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.760670] #2: 00000000cb66735f (&helper->lock){+.+.}, at: drm_fb_helper_hotplug_event.part.28+0x20/0xb0 [drm_kms_helper] [ 246.761516] 2 locks held by kworker/0:1/60: [ 246.762274] #0: 00000000fff6be0f ((wq_completion)"pm"){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.762982] #1: 000000005ab44fb4 ((work_completion)(&dev->power.work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.763890] 1 lock held by khungtaskd/64: [ 246.764664] #0: 000000008cb8b5c3 (rcu_read_lock){....}, at: debug_show_all_locks+0x23/0x185 [ 246.765588] 5 locks held by kworker/4:2/422: [ 246.766440] #0: 00000000232f0959 ((wq_completion)"events_long"){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.767390] #1: 00000000bb59b134 ((work_completion)(&mgr->work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 246.768154] #2: 00000000cb66735f (&helper->lock){+.+.}, at: drm_fb_helper_restore_fbdev_mode_unlocked+0x4c/0xb0 [drm_kms_helper] [ 246.768966] #3: 000000004c8f0b6b (crtc_ww_class_acquire){+.+.}, at: restore_fbdev_mode_atomic+0x4b/0x240 [drm_kms_helper] [ 246.769921] #4: 000000004c34a296 (crtc_ww_class_mutex){+.+.}, at: drm_modeset_backoff+0x8a/0x1b0 [drm] [ 246.770839] 1 lock held by dmesg/1038: [ 246.771739] 2 locks held by zsh/1172: [ 246.772650] #0: 00000000836d0438 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 246.773680] #1: 000000001f4f4d48 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0xc1/0x870 [ 246.775522] ============================================= Because of this, there's an unreasonable number of places that drm drivers would need to insert special handling to prevent trying to resume the device from all of these contexts that can deadlock. It's difficult even to try synchronizing with fb_helper in these contexts as well, since any of them could introduce a deadlock by waiting to acquire the top-level fb_helper mutex, while it's being held by another thread that might potentially call down to pm_runtime_get_sync(). Luckily-there's no actual reason we need to allow fb_helper to handle hotplugging at all when runtime suspending a device. If a hotplug happens during a runtime suspend operation, there's no reason the driver can't just re-enable fbcon's hotplug handling and bring it up to speed with hotplugging events it may have missed by calling drm_fb_helper_hotplug_event(). So, let's make this easy and just add helpers to handle disabling and enabling fb_helper connector probing() without having to potentially wait on fb_helper to finish it's work. This will let us fix the runtime suspend/resume deadlocks that we've been experiencing with nouveau, along with being able to fix some of the incorrect runtime PM core interaction that other DRM drivers currently perform to work around these issues. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/drm_fb_helper.c | 65 +++++++++++++++++++++++++++++++++ include/drm/drm_fb_helper.h | 20 ++++++++++ 2 files changed, 85 insertions(+) diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c index 2ee1eaa66188..28d59befbc92 100644 --- a/drivers/gpu/drm/drm_fb_helper.c +++ b/drivers/gpu/drm/drm_fb_helper.c @@ -2733,6 +2733,66 @@ int drm_fb_helper_initial_config(struct drm_fb_helper *fb_helper, int bpp_sel) } EXPORT_SYMBOL(drm_fb_helper_initial_config); +/** + * drm_fb_helper_resume_hotplug - Allow fb_helper to handle probing new + * connectors again, and bring it up to date + * with the current device's connector status + * fb_helper: driver-allocated fbdev helper, can be NULL + * + * Allow fb_helper to react to connector status changes again after having + * been disabled through drm_fb_helper_suspend_hotplug(). This also schedules + * a fb_helper hotplug event to bring fb_helper up to date with the current + * status of the DRM device's connectors. + */ +void +drm_fb_helper_resume_hotplug(struct drm_fb_helper *fb_helper) +{ + fb_helper->hotplug_suspended = false; + drm_fb_helper_hotplug_event(fb_helper); +} +EXPORT_SYMBOL(drm_fb_helper_resume_hotplug); + +/** + * drm_fb_helper_suspend_hotplug - Attempt to temporarily inhibit fb_helper's + * ability to respond to connector changes + * without waiting + * @fb_helper: driver-allocated fbdev helper, can be NULL + * + * Temporarily prevent fb_helper from being able to handle connector changes, + * but only if it isn't busy doing something else. The connector probing + * routines in fb_helper can potentially grab any modesetting lock imaginable, + * which dramatically complicates the runtime suspend process. This helper can + * be used to simplify the process of runtime suspend by allowing the driver + * to disable unpredictable fb_helper operations as early as possible, without + * requiring that we try waiting on fb_helper (as this could lead to very + * difficult to solve deadlocks with runtime suspend code if fb_helper ends up + * needing to acquire a runtime PM reference). + * + * This call should be put at the very start of a driver's runtime suspend + * operation if desired. The driver must be responsible for re-enabling + * fb_helper hotplug handling when normal hotplug detection becomes available + * on the device again. This will usually happen if runtime suspend is + * aborted, or when the device is runtime resumed. + * + * Returns: true if hotplug handling was disabled, false if disabling hotplug + * handling would mean waiting on fb_helper. + */ +bool +drm_fb_helper_suspend_hotplug(struct drm_fb_helper *fb_helper) +{ + int ret; + + ret = mutex_trylock(&fb_helper->lock); + if (!ret) + return false; + + fb_helper->hotplug_suspended = true; + mutex_unlock(&fb_helper->lock); + + return true; +} +EXPORT_SYMBOL(drm_fb_helper_suspend_hotplug); + /** * drm_fb_helper_hotplug_event - respond to a hotplug notification by * probing all the outputs attached to the fb @@ -2774,6 +2834,11 @@ int drm_fb_helper_hotplug_event(struct drm_fb_helper *fb_helper) return err; } + if (fb_helper->hotplug_suspended) { + mutex_unlock(&fb_helper->lock); + return err; + } + DRM_DEBUG_KMS("\n"); drm_setup_crtcs(fb_helper, fb_helper->fb->width, fb_helper->fb->height); diff --git a/include/drm/drm_fb_helper.h b/include/drm/drm_fb_helper.h index b069433e7fc1..30881131075c 100644 --- a/include/drm/drm_fb_helper.h +++ b/include/drm/drm_fb_helper.h @@ -232,6 +232,14 @@ struct drm_fb_helper { * See also: @deferred_setup */ int preferred_bpp; + + /** + * @hotplug_suspended: + * + * Whether or not we can currently handle hotplug events, or if we + * need to wait for the DRM device to uninhibit us. + */ + bool hotplug_suspended; }; /** @@ -330,6 +338,10 @@ void drm_fb_helper_fbdev_teardown(struct drm_device *dev); void drm_fb_helper_lastclose(struct drm_device *dev); void drm_fb_helper_output_poll_changed(struct drm_device *dev); + +void drm_fb_helper_resume_hotplug(struct drm_fb_helper *fb_helper); +bool drm_fb_helper_suspend_hotplug(struct drm_fb_helper *fb_helper); + #else static inline void drm_fb_helper_prepare(struct drm_device *dev, struct drm_fb_helper *helper, @@ -564,6 +576,14 @@ static inline void drm_fb_helper_output_poll_changed(struct drm_device *dev) { } +static inline void +drm_fb_helper_resume_hotplug(struct drm_fb_helper *fb_helper) +{ +} +static inline bool +drm_fb_helper_suspend_hotplug(struct drm_fb_helper *fb_helper) +{ +} #endif static inline int -- 2.17.1

7 years, 1 month

5
7
0 0

[PATCH v4 7/8] drm/nouveau: Fix deadlocks in nouveau_connector_detect()

by Lyude Paul

When we disable hotplugging on the GPU, we need to be able to synchronize with each connector's hotplug interrupt handler before the interrupt is finally disabled. This can be a problem however, since nouveau_connector_detect() currently grabs a runtime power reference when handling connector probing. This will deadlock the runtime suspend handler like so: [ 861.480896] INFO: task kworker/0:2:61 blocked for more than 120 seconds. [ 861.483290] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.485158] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.486332] kworker/0:2 D 0 61 2 0x80000000 [ 861.487044] Workqueue: events nouveau_display_hpd_work [nouveau] [ 861.487737] Call Trace: [ 861.488394] __schedule+0x322/0xaf0 [ 861.489070] schedule+0x33/0x90 [ 861.489744] rpm_resume+0x19c/0x850 [ 861.490392] ? finish_wait+0x90/0x90 [ 861.491068] __pm_runtime_resume+0x4e/0x90 [ 861.491753] nouveau_display_hpd_work+0x22/0x60 [nouveau] [ 861.492416] process_one_work+0x231/0x620 [ 861.493068] worker_thread+0x44/0x3a0 [ 861.493722] kthread+0x12b/0x150 [ 861.494342] ? wq_pool_ids_show+0x140/0x140 [ 861.494991] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.495648] ret_from_fork+0x3a/0x50 [ 861.496304] INFO: task kworker/6:2:320 blocked for more than 120 seconds. [ 861.496968] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.497654] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.498341] kworker/6:2 D 0 320 2 0x80000080 [ 861.499045] Workqueue: pm pm_runtime_work [ 861.499739] Call Trace: [ 861.500428] __schedule+0x322/0xaf0 [ 861.501134] ? wait_for_completion+0x104/0x190 [ 861.501851] schedule+0x33/0x90 [ 861.502564] schedule_timeout+0x3a5/0x590 [ 861.503284] ? mark_held_locks+0x58/0x80 [ 861.503988] ? _raw_spin_unlock_irq+0x2c/0x40 [ 861.504710] ? wait_for_completion+0x104/0x190 [ 861.505417] ? trace_hardirqs_on_caller+0xf4/0x190 [ 861.506136] ? wait_for_completion+0x104/0x190 [ 861.506845] wait_for_completion+0x12c/0x190 [ 861.507555] ? wake_up_q+0x80/0x80 [ 861.508268] flush_work+0x1c9/0x280 [ 861.508990] ? flush_workqueue_prep_pwqs+0x1b0/0x1b0 [ 861.509735] nvif_notify_put+0xb1/0xc0 [nouveau] [ 861.510482] nouveau_display_fini+0xbd/0x170 [nouveau] [ 861.511241] nouveau_display_suspend+0x67/0x120 [nouveau] [ 861.511969] nouveau_do_suspend+0x5e/0x2d0 [nouveau] [ 861.512715] nouveau_pmops_runtime_suspend+0x47/0xb0 [nouveau] [ 861.513435] pci_pm_runtime_suspend+0x6b/0x180 [ 861.514165] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.514897] __rpm_callback+0x7a/0x1d0 [ 861.515618] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.516313] rpm_callback+0x24/0x80 [ 861.517027] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.517741] rpm_suspend+0x142/0x6b0 [ 861.518449] pm_runtime_work+0x97/0xc0 [ 861.519144] process_one_work+0x231/0x620 [ 861.519831] worker_thread+0x44/0x3a0 [ 861.520522] kthread+0x12b/0x150 [ 861.521220] ? wq_pool_ids_show+0x140/0x140 [ 861.521925] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.522622] ret_from_fork+0x3a/0x50 [ 861.523299] INFO: task kworker/6:0:1329 blocked for more than 120 seconds. [ 861.523977] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.524644] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.525349] kworker/6:0 D 0 1329 2 0x80000000 [ 861.526073] Workqueue: events nvif_notify_work [nouveau] [ 861.526751] Call Trace: [ 861.527411] __schedule+0x322/0xaf0 [ 861.528089] schedule+0x33/0x90 [ 861.528758] rpm_resume+0x19c/0x850 [ 861.529399] ? finish_wait+0x90/0x90 [ 861.530073] __pm_runtime_resume+0x4e/0x90 [ 861.530798] nouveau_connector_detect+0x7e/0x510 [nouveau] [ 861.531459] ? ww_mutex_lock+0x47/0x80 [ 861.532097] ? ww_mutex_lock+0x47/0x80 [ 861.532819] ? drm_modeset_lock+0x88/0x130 [drm] [ 861.533481] drm_helper_probe_detect_ctx+0xa0/0x100 [drm_kms_helper] [ 861.534127] drm_helper_hpd_irq_event+0xa4/0x120 [drm_kms_helper] [ 861.534940] nouveau_connector_hotplug+0x98/0x120 [nouveau] [ 861.535556] nvif_notify_work+0x2d/0xb0 [nouveau] [ 861.536221] process_one_work+0x231/0x620 [ 861.536994] worker_thread+0x44/0x3a0 [ 861.537757] kthread+0x12b/0x150 [ 861.538463] ? wq_pool_ids_show+0x140/0x140 [ 861.539102] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.539815] ret_from_fork+0x3a/0x50 [ 861.540521] Showing all locks held in the system: [ 861.541696] 2 locks held by kworker/0:2/61: [ 861.542406] #0: 000000002dbf8af5 ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.543071] #1: 0000000076868126 ((work_completion)(&drm->hpd_work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.543814] 1 lock held by khungtaskd/64: [ 861.544535] #0: 0000000059db4b53 (rcu_read_lock){....}, at: debug_show_all_locks+0x23/0x185 [ 861.545160] 3 locks held by kworker/6:2/320: [ 861.545896] #0: 00000000d9e1bc59 ((wq_completion)"pm"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.546702] #1: 00000000c9f92d84 ((work_completion)(&dev->power.work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.547443] #2: 000000004afc5de1 (drm_connector_list_iter){.+.+}, at: nouveau_display_fini+0x96/0x170 [nouveau] [ 861.548146] 1 lock held by dmesg/983: [ 861.548889] 2 locks held by zsh/1250: [ 861.549605] #0: 00000000348e3cf6 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 861.550393] #1: 000000007009a7a8 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0xc1/0x870 [ 861.551122] 6 locks held by kworker/6:0/1329: [ 861.551957] #0: 000000002dbf8af5 ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.552765] #1: 00000000ddb499ad ((work_completion)(&notify->work)#2){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.553582] #2: 000000006e013cbe (&dev->mode_config.mutex){+.+.}, at: drm_helper_hpd_irq_event+0x6c/0x120 [drm_kms_helper] [ 861.554357] #3: 000000004afc5de1 (drm_connector_list_iter){.+.+}, at: drm_helper_hpd_irq_event+0x78/0x120 [drm_kms_helper] [ 861.555227] #4: 0000000044f294d9 (crtc_ww_class_acquire){+.+.}, at: drm_helper_probe_detect_ctx+0x3d/0x100 [drm_kms_helper] [ 861.556133] #5: 00000000db193642 (crtc_ww_class_mutex){+.+.}, at: drm_modeset_lock+0x4b/0x130 [drm] [ 861.557864] ============================================= [ 861.559507] NMI backtrace for cpu 2 [ 861.560363] CPU: 2 PID: 64 Comm: khungtaskd Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.561197] Hardware name: LENOVO 20EQS64N0B/20EQS64N0B, BIOS N1EET78W (1.51 ) 05/18/2018 [ 861.561948] Call Trace: [ 861.562757] dump_stack+0x8e/0xd3 [ 861.563516] nmi_cpu_backtrace.cold.3+0x14/0x5a [ 861.564269] ? lapic_can_unplug_cpu.cold.27+0x42/0x42 [ 861.565029] nmi_trigger_cpumask_backtrace+0xa1/0xae [ 861.565789] arch_trigger_cpumask_backtrace+0x19/0x20 [ 861.566558] watchdog+0x316/0x580 [ 861.567355] kthread+0x12b/0x150 [ 861.568114] ? reset_hung_task_detector+0x20/0x20 [ 861.568863] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.569598] ret_from_fork+0x3a/0x50 [ 861.570370] Sending NMI from CPU 2 to CPUs 0-1,3-7: [ 861.571426] NMI backtrace for cpu 6 skipped: idling at intel_idle+0x7f/0x120 [ 861.571429] NMI backtrace for cpu 7 skipped: idling at intel_idle+0x7f/0x120 [ 861.571432] NMI backtrace for cpu 3 skipped: idling at intel_idle+0x7f/0x120 [ 861.571464] NMI backtrace for cpu 5 skipped: idling at intel_idle+0x7f/0x120 [ 861.571467] NMI backtrace for cpu 0 skipped: idling at intel_idle+0x7f/0x120 [ 861.571469] NMI backtrace for cpu 4 skipped: idling at intel_idle+0x7f/0x120 [ 861.571472] NMI backtrace for cpu 1 skipped: idling at intel_idle+0x7f/0x120 [ 861.572428] Kernel panic - not syncing: hung_task: blocked tasks So: fix this with a new trick; store the current task_struct that's executing in the nouveau_connector structure, then avoid attempting to runtime resume the device when we know that we're just running from the context of our hotplug interrupt handler. Since hpd interrupts are only enabled while the device is runtime active, this should be totally safe. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Karol Herbst <karolherbst(a)gmail.com> --- drivers/gpu/drm/nouveau/nouveau_connector.c | 16 ++++++++++------ drivers/gpu/drm/nouveau/nouveau_connector.h | 1 + 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c index 9714e09f17db..8409c3f2c3a1 100644 --- a/drivers/gpu/drm/nouveau/nouveau_connector.c +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c @@ -572,13 +572,14 @@ nouveau_connector_detect(struct drm_connector *connector, bool force) nv_connector->edid = NULL; } - /* Outputs are only polled while runtime active, so resuming the - * device here is unnecessary (and would deadlock upon runtime suspend - * because it waits for polling to finish). We do however, want to - * prevent the autosuspend timer from elapsing during this operation - * if possible. + /* Output polling and HPD only happens while we're runtime active, so + * resuming the device here is unnecessary (and would deadlock upon + * runtime suspend because it waits for polling to finish). We do + * however, want to prevent the autosuspend timer from elapsing during + * this operation if possible. */ - if (drm_kms_helper_is_poll_worker()) { + if (drm_kms_helper_is_poll_worker() || + nv_connector->hpd_task == current) { pm_runtime_get_noresume(dev->dev); } else { ret = pm_runtime_get_sync(dev->dev); @@ -1151,6 +1152,8 @@ nouveau_connector_hotplug(struct nvif_notify *notify) const char *name = connector->name; struct nouveau_encoder *nv_encoder; + nv_connector->hpd_task = current; + if (rep->mask & NVIF_NOTIFY_CONN_V0_IRQ) { NV_DEBUG(drm, "service %s\n", name); if ((nv_encoder = find_encoder(connector, DCB_OUTPUT_DP))) @@ -1167,6 +1170,7 @@ nouveau_connector_hotplug(struct nvif_notify *notify) nouveau_connector_hotplug_probe(nv_connector); } + nv_connector->hpd_task = NULL; return NVIF_NOTIFY_KEEP; } diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.h b/drivers/gpu/drm/nouveau/nouveau_connector.h index 2d9d35a146a4..1964e682ba13 100644 --- a/drivers/gpu/drm/nouveau/nouveau_connector.h +++ b/drivers/gpu/drm/nouveau/nouveau_connector.h @@ -45,6 +45,7 @@ struct nouveau_connector { u8 *dcb; struct nvif_notify hpd; + struct task_struct *hpd_task; struct drm_dp_aux aux; -- 2.17.1

7 years, 1 month

2
2
0 0

FAILED: patch "[PATCH] ARC: dma [non IOC]: fix arc_dma_sync_single_for_(device|cpu)" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4c612add7b18844ddd733ebdcbe754520155999b Mon Sep 17 00:00:00 2001 From: Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> Date: Tue, 24 Jul 2018 17:13:02 +0300 Subject: [PATCH] ARC: dma [non IOC]: fix arc_dma_sync_single_for_(device|cpu) ARC backend for dma_sync_single_for_(device|cpu) was broken as it was not honoring the @dir argument and simply forcing it based on the call: - arc_dma_sync_single_for_device(dir) assumed DMA_TO_DEVICE (cache wback) - arc_dma_sync_single_for_cpu(dir) assumed DMA_FROM_DEVICE (cache inv) This is not true given the DMA API programming model and has been discussed here [1] in some detail. Interestingly while the deficiency has been there forever, it only started showing up after 4.17 dma common ops rework, commit a8eb92d02dd7 ("arc: fix arc_dma_{map,unmap}_page") which wired up these calls under the more commonly used dma_map_page API triggering the issue. [1]: https://lkml.org/lkml/2018/5/18/979 Fixes: commit a8eb92d02dd7 ("arc: fix arc_dma_{map,unmap}_page") Cc: stable(a)kernel.org # v4.17+ Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> Signed-off-by: Vineet Gupta <vgupta(a)synopsys.com> [vgupta: reworked changelog] diff --git a/arch/arc/mm/dma.c b/arch/arc/mm/dma.c index 8c1071840979..ec47e6079f5d 100644 --- a/arch/arc/mm/dma.c +++ b/arch/arc/mm/dma.c @@ -129,14 +129,59 @@ int arch_dma_mmap(struct device *dev, struct vm_area_struct *vma, return ret; } +/* + * Cache operations depending on function and direction argument, inspired by + * https://lkml.org/lkml/2018/5/18/979 + * "dma_sync_*_for_cpu and direction=TO_DEVICE (was Re: [PATCH 02/20] + * dma-mapping: provide a generic dma-noncoherent implementation)" + * + * | map == for_device | unmap == for_cpu + * |---------------------------------------------------------------- + * TO_DEV | writeback writeback | none none + * FROM_DEV | invalidate invalidate | invalidate* invalidate* + * BIDIR | writeback+inv writeback+inv | invalidate invalidate + * + * [*] needed for CPU speculative prefetches + * + * NOTE: we don't check the validity of direction argument as it is done in + * upper layer functions (in include/linux/dma-mapping.h) + */ + void arch_sync_dma_for_device(struct device *dev, phys_addr_t paddr, size_t size, enum dma_data_direction dir) { - dma_cache_wback(paddr, size); + switch (dir) { + case DMA_TO_DEVICE: + dma_cache_wback(paddr, size); + break; + + case DMA_FROM_DEVICE: + dma_cache_inv(paddr, size); + break; + + case DMA_BIDIRECTIONAL: + dma_cache_wback_inv(paddr, size); + break; + + default: + break; + } } void arch_sync_dma_for_cpu(struct device *dev, phys_addr_t paddr, size_t size, enum dma_data_direction dir) { - dma_cache_inv(paddr, size); + switch (dir) { + case DMA_TO_DEVICE: + break; + + /* FROM_DEVICE invalidate needed if speculative CPU prefetch only */ + case DMA_FROM_DEVICE: + case DMA_BIDIRECTIONAL: + dma_cache_inv(paddr, size); + break; + + default: + break; + } }

7 years, 1 month

2
1
0 0

Linux 4.4.146

by Greg KH

I'm announcing the release of the 4.4.146 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/microblaze/boot/Makefile | 10 ++-- arch/mips/include/asm/pci.h | 2 arch/powerpc/kernel/head_8xx.S | 2 arch/powerpc/kernel/pci_32.c | 1 arch/powerpc/mm/slb.c | 8 +-- arch/powerpc/platforms/chrp/time.c | 6 +- arch/powerpc/platforms/embedded6xx/hlwd-pic.c | 5 ++ arch/powerpc/platforms/powermac/bootx_init.c | 4 + arch/powerpc/platforms/powermac/setup.c | 1 arch/s390/include/asm/cpu_mf.h | 6 +- arch/x86/kernel/cpu/perf_event_intel_uncore.c | 2 arch/x86/kernel/cpu/perf_event_intel_uncore_nhmex.c | 2 arch/x86/kvm/vmx.c | 7 +- crypto/authenc.c | 1 crypto/authencesn.c | 1 drivers/acpi/pci_root.c | 4 + drivers/ata/libata-eh.c | 12 +++-- drivers/bluetooth/btusb.c | 3 + drivers/bluetooth/hci_qca.c | 2 drivers/char/random.c | 10 +++- drivers/crypto/padlock-aes.c | 8 ++- drivers/dma/pxa_dma.c | 2 drivers/gpu/drm/drm_atomic.c | 4 + drivers/gpu/drm/gma500/psb_intel_drv.h | 2 drivers/gpu/drm/gma500/psb_intel_lvds.c | 2 drivers/gpu/drm/radeon/radeon_connectors.c | 10 ++-- drivers/hid/hid-plantronics.c | 6 ++ drivers/hid/i2c-hid/i2c-hid.c | 8 +++ drivers/infiniband/core/mad.c | 11 ++-- drivers/infiniband/core/ucma.c | 6 ++ drivers/input/mouse/elan_i2c_core.c | 2 drivers/input/serio/i8042-x86ia64io.h | 7 ++ drivers/md/md.c | 3 + drivers/media/common/siano/smsendian.c | 14 ++--- drivers/media/i2c/smiapp/smiapp-core.c | 11 ++-- drivers/media/pci/saa7164/saa7164-fw.c | 3 - drivers/media/platform/omap3isp/isp.c | 7 +- drivers/media/platform/rcar_jpu.c | 4 + drivers/media/radio/si470x/radio-si470x-i2c.c | 6 +- drivers/media/v4l2-core/videobuf2-core.c | 9 ++- drivers/memory/tegra/mc.c | 22 ++------- drivers/memory/tegra/mc.h | 9 +++ drivers/memory/tegra/tegra114.c | 2 drivers/memory/tegra/tegra124.c | 6 ++ drivers/memory/tegra/tegra210.c | 3 + drivers/memory/tegra/tegra30.c | 2 drivers/mfd/cros_ec.c | 6 ++ drivers/mtd/nand/fsl_ifc_nand.c | 17 ++++--- drivers/net/can/usb/ems_usb.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 4 - drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 drivers/net/usb/lan78xx.c | 2 drivers/net/wireless/ath/regd.h | 5 ++ drivers/net/wireless/ath/regd_common.h | 13 +++++ drivers/net/wireless/brcm80211/brcmfmac/bcmsdh.c | 1 drivers/net/wireless/iwlwifi/pcie/rx.c | 2 drivers/net/wireless/mwifiex/usb.c | 3 + drivers/net/wireless/mwifiex/util.c | 8 ++- drivers/net/wireless/rsi/rsi_91x_sdio.c | 2 drivers/net/wireless/ti/wlcore/sdio.c | 5 ++ drivers/net/xen-netfront.c | 10 +++- drivers/pci/pci-sysfs.c | 15 +++--- drivers/pinctrl/pinctrl-at91-pio4.c | 4 + drivers/regulator/pfuze100-regulator.c | 1 drivers/rtc/interface.c | 5 ++ drivers/scsi/3w-9xxx.c | 5 ++ drivers/scsi/3w-xxxx.c | 3 + drivers/scsi/megaraid.c | 3 + drivers/scsi/megaraid/megaraid_sas_fusion.c | 3 + drivers/scsi/scsi_dh.c | 5 +- drivers/scsi/sg.c | 1 drivers/scsi/ufs/ufshcd.c | 2 drivers/thermal/samsung/exynos_tmu.c | 1 drivers/tty/hvc/hvc_opal.c | 1 drivers/tty/pty.c | 3 + drivers/usb/core/hub.c | 4 + drivers/virtio/virtio_balloon.c | 2 fs/btrfs/qgroup.c | 19 +++++++ fs/btrfs/tree-log.c | 10 +++- fs/ext4/balloc.c | 3 + fs/ext4/ialloc.c | 3 + fs/ext4/inline.c | 19 ++++--- fs/ext4/inode.c | 16 ++---- fs/f2fs/segment.c | 3 + fs/f2fs/super.c | 6 ++ fs/nfsd/nfs4xdr.c | 2 fs/squashfs/block.c | 2 fs/squashfs/cache.c | 3 + fs/squashfs/file.c | 8 ++- fs/squashfs/fragment.c | 17 ++++--- fs/squashfs/squashfs_fs.h | 6 ++ fs/squashfs/squashfs_fs_sb.h | 1 fs/squashfs/super.c | 5 +- include/drm/drm_dp_helper.h | 1 include/linux/dma-iommu.h | 1 include/linux/mmc/sdio_ids.h | 1 include/linux/netfilter/ipset/ip_set_timeout.h | 10 +++- include/net/tcp.h | 2 include/soc/tegra/mc.h | 2 kernel/auditfilter.c | 2 kernel/auditsc.c | 2 kernel/bpf/verifier.c | 4 - kernel/trace/trace_events_trigger.c | 18 +++++-- kernel/trace/trace_kprobe.c | 15 +++++- mm/slub.c | 2 mm/vmalloc.c | 3 - net/dsa/slave.c | 6 ++ net/ipv4/fib_frontend.c | 4 - net/ipv4/inet_fragment.c | 10 ++-- net/ipv4/ipconfig.c | 13 +++++ net/ipv4/tcp_dctcp.c | 4 - net/ipv4/tcp_input.c | 48 ++++++++++---------- net/netlink/af_netlink.c | 2 net/socket.c | 2 sound/pci/emu10k1/emupcm.c | 4 + sound/pci/emu10k1/memory.c | 6 +- sound/pci/fm801.c | 16 +++++- sound/pci/hda/patch_ca0132.c | 8 ++- sound/soc/pxa/brownstone.c | 1 sound/soc/pxa/mioa701_wm9713.c | 1 sound/soc/pxa/mmp-pcm.c | 1 sound/soc/pxa/mmp-sspa.c | 1 sound/soc/pxa/palm27x.c | 1 sound/soc/pxa/pxa-ssp.c | 1 sound/soc/pxa/pxa2xx-ac97.c | 1 sound/soc/pxa/pxa2xx-pcm.c | 1 sound/soc/soc-pcm.c | 6 +- sound/usb/pcm.c | 2 tools/usb/usbip/src/usbip_detach.c | 9 ++- 130 files changed, 526 insertions(+), 207 deletions(-) Alexandre Belloni (1): rtc: ensure rtc_set_alarm fails when alarms are not supported Anatoly Pugachev (1): disable loading f2fs module on PAGE_SIZE > 4KB Andrea Adami (1): ASoC: pxa: Fix module autoload for platform drivers Anson Huang (1): regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops Anton Vasilyev (1): can: ems_usb: Fix memory leak on ems_usb_disconnect() Artem Savkov (1): tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure Bartlomiej Zolnierkiewicz (1): thermal: exynos: fix setting rising_threshold for Exynos5433 Brad Love (1): media: saa7164: Fix driver name in debug output Chao Yu (1): f2fs: fix to don't trigger writeback during recovery Chen-Yu Tsai (1): Input: i8042 - add Lenovo LaVie Z to the i8042 reset list Chintan Pandya (1): mm: vmalloc: avoid racy handling of debugobjects in vunmap Chris Novakovic (1): ipconfig: Correctly initialise ic_nameservers Christoph Hellwig (1): PCI: Prevent sysfs disable of device while driver is attached Christophe Leroy (1): powerpc/8xx: fix invalid register expression in head_8xx.S Colin Ian King (1): media: smiapp: fix timeout checking in smiapp_read_nvm Cong Wang (1): infiniband: fix a possible use-after-free bug DaeRyong Jeong (1): tty: Fix data race in tty_insert_flip_string_fixed_flag Damien Le Moal (1): libata: Fix command retry decision Dan Carpenter (1): scsi: megaraid: silence a static checker bug David Sterba (1): btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups Dmitry Osipenko (2): memory: tegra: Do not handle spurious interrupts memory: tegra: Apply interrupts mask per SoC Dmitry Torokhov (1): HID: i2c-hid: check if device is there before really probing Dominik Bozek (1): usb: hub: Don't wait for connect state at resume for powered-off ports Donald Shanty III (1): Input: elan_i2c - add ACPI ID for lenovo ideapad 330 Eric Dumazet (5): tcp: do not force quickack when receiving out-of-order packets tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode tcp: do not aggressively quick ack after ECN events tcp: add one more quick ack after after ECN events inet: frag: enforce memory limits earlier Eric Engestrom (1): dmaengine: pxa_dma: remove duplicate const qualifier Eugeniy Paltsev (1): NET: stmmac: align DMA stuff to largest cache line length Eyal Reizer (1): wlcore: sdio: check for valid platform device data before suspend Florian Fainelli (1): net: dsa: Do not suspend/resume closed slave_dev Ganapathi Bhat (1): mwifiex: handle race during mwifiex_usb_disconnect Greg Kroah-Hartman (1): Linux 4.4.146 Hans Verkuil (1): media: videobuf2-core: don't call memop 'finish' when queueing Herbert Xu (1): crypto: padlock-aes - Fix Nano workaround data corruption Jakub Kicinski (1): bpf: fix references to free_bpf_prog_info() in comments Jane Wan (1): mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages Jeremy Cline (2): netlink: Fix spectre v1 gadget in netlink_create() net: socket: fix potential spectre v1 gadget in socketcall Jian-Hong Pan (1): Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 Jiang Biao (1): virtio_balloon: fix another race between migration and ballooning Jonathan Neuschäfer (1): powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet José Roberto de Souza (1): drm: Add DP PSR2 sink enable bit Jozsef Kadlecsik (1): netfilter: ipset: List timing out entries with "timeout 1" instead of zero Juergen Gross (1): xen/netfront: raise max number of slots in xennet_get_responses() Julia Lawall (1): pinctrl: at91-pio4: add missing of_node_put KT Liao (1): Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST Kai Chieh Chuang (1): ASoC: dpcm: fix BE dai not hw_free and shutdown Kan Liang (2): perf/x86/intel/uncore: Correct fixed counter index check in generic code perf/x86/intel/uncore: Correct fixed counter index check for NHM Leon Romanovsky (1): RDMA/mad: Convert BUG_ONs to error flows Linus Torvalds (3): squashfs: be more careful about metadata corruption squashfs: more metadata hardening squashfs: more metadata hardenings Lorenzo Bianconi (1): ipv4: remove BUG_ON() from fib_compute_spec_dst Luc Van Oostenryck (2): drm/radeon: fix mode_valid's return type drm/gma500: fix psb_intel_lvds_mode_valid()'s return type Marc Zyngier (1): dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA Mathieu Malaterre (5): mm/slub.c: add __printf verification to slab_err() powerpc/32: Add a missing include header powerpc/chrp/time: Make some functions static, add missing header include powerpc/powermac: Add missing prototype for note_bootable_part() powerpc/powermac: Mark variable x as unused Mauro Carvalho Chehab (2): media: siano: get rid of __le32/__le16 cast warnings media: si470x: fix __be16 annotations Maya Erez (1): scsi: ufs: fix exception event handling Michal Simek (1): microblaze: Fix simpleImage format generation Mika Westerberg (1): PCI: pciehp: Request control of native hotplug only if supported Nicholas Piggin (1): powerpc/64s: Fix compiler store ordering to SLB shadow area Ondrej Mosnáček (1): audit: allow not equal op for audit by executable Paul Burton (1): MIPS: Fix off-by-one in pci_resource_to_user() Qu Wenruo (1): btrfs: qgroup: Finish rescan when hit the last leaf of extent tree Roman Kagan (1): kvm: x86: vmx: fix vpid leak Satendra Singh Thakur (1): drm/atomic: Handling the case when setting old crtc for plane Scott Mayhew (1): nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo Sean Lanigan (1): brcmfmac: Add support for bcm43364 wireless chipset Shaul Triebitz (1): iwlwifi: pcie: fix race in Rx buffer allocator Shivasharan S (1): scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs Shuah Khan (Samsung OSG) (1): usbip: usbip_detach: Fix memory, udev context and udev leak Siva Rebbagondla (1): rsi: Fix 'invalid vdd' warning in mmc Stefan Wahren (1): net: lan78xx: fix rx handling before first packet is send Steven Rostedt (VMware) (3): tracing: Fix double free of event_trigger_data tracing: Fix possible double free in event_enable_trigger_func() tracing: Quiet gcc warning about maybe unused link variable Stewart Smith (1): hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common() Suman Anna (1): media: omap3isp: fix unbalanced dma_iommu_mapping Sven Eckelmann (9): ath: Add regulatory mapping for FCC3_ETSIC ath: Add regulatory mapping for ETSI8_WORLD ath: Add regulatory mapping for APL13_WORLD ath: Add regulatory mapping for APL2_FCCA ath: Add regulatory mapping for Uganda ath: Add regulatory mapping for Tanzania ath: Add regulatory mapping for Serbia ath: Add regulatory mapping for Bermuda ath: Add regulatory mapping for Bahamas Takashi Iwai (2): ALSA: emu10k1: Rate-limit error messages about page errors ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback Takashi Sakamoto (1): ALSA: hda/ca0132: fix build failure when a local macro is defined Terry Junge (1): HID: hid-plantronics: Re-resend Update to map button for PTT products Theodore Ts'o (3): random: mix rdrand with entropy sent in from userspace ext4: fix inline data updates with checksums enabled ext4: check for allocation block validity with block group locked Thierry Escande (1): Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning Thomas Richter (2): s390/cpum_sf: Add data entry sizes to sampling trailer entry perf: fix invalid bit in diagnostic entry Tony Battersby (1): scsi: sg: fix minor memory leak in error path Tudor-Dan Ambarus (2): crypto: authencesn - don't leak pointers to authenc keys crypto: authenc - don't leak pointers to authenc keys Vincent Palatin (1): mfd: cros_ec: Fail early if we cannot identify the EC Wei Yongjun (1): media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open() Wenwen Wang (2): scsi: 3w-9xxx: fix a missing-check bug scsi: 3w-xxxx: fix a missing-check bug Xiao Liang (1): xen-netfront: wait xenbus state change when load module manually Xinming Hu (1): mwifiex: correct histogram data with appropriate index Xose Vazquez Perez (1): scsi: scsi_dh: replace too broad "TP9" string with the exact models Yousuk Seung (1): tcp: refactor tcp_ecn_check_ce to remove sk type cast Yufen Yu (1): md: fix NULL dereference of mddev->pers in remove_and_add_spares() Zhouyang Jia (2): ALSA: emu10k1: add error handling for snd_ctl_add ALSA: fm801: add error handling for snd_ctl_add tangpengpeng (1): net: fix amd-xgbe flow-control issue

7 years, 1 month

1
1
0 0

Linux 4.9.118

by Greg KH

I'm announcing the release of the 4.9.118 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/x86/kvm/vmx.c | 7 +-- drivers/crypto/padlock-aes.c | 8 ++- drivers/gpu/drm/vc4/vc4_plane.c | 3 + drivers/net/bonding/bond_main.c | 14 +++++- drivers/net/can/usb/ems_usb.c | 1 drivers/net/ethernet/amazon/ena/ena_com.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 4 - drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 40 +++++++++++++++++- drivers/net/phy/mdio-mux-bcm-iproc.c | 2 drivers/net/usb/lan78xx.c | 2 drivers/net/xen-netfront.c | 6 ++ drivers/pinctrl/intel/pinctrl-intel.c | 7 ++- drivers/scsi/sg.c | 1 drivers/virtio/virtio_balloon.c | 2 fs/squashfs/block.c | 2 fs/squashfs/fragment.c | 13 ++++- fs/squashfs/squashfs_fs_sb.h | 1 fs/squashfs/super.c | 5 +- include/net/tcp.h | 2 kernel/sched/swait.c | 6 -- net/dsa/slave.c | 6 ++ net/ipv4/fib_frontend.c | 4 - net/ipv4/inet_fragment.c | 10 ++-- net/ipv4/ip_fragment.c | 5 ++ net/ipv4/tcp_bbr.c | 4 + net/ipv4/tcp_dctcp.c | 4 - net/ipv4/tcp_input.c | 48 +++++++++++----------- net/netlink/af_netlink.c | 2 net/socket.c | 2 31 files changed, 155 insertions(+), 61 deletions(-) Andy Shevchenko (1): pinctrl: intel: Read back TX buffer state Anton Vasilyev (2): net: mdio-mux: bcm-iproc: fix wrong getter and setter pair can: ems_usb: Fix memory leak on ems_usb_disconnect() Boqun Feng (1): sched/wait: Remove the lockless swait_active() check in swake_up*() Boris Brezillon (1): drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats Eric Dumazet (7): tcp: do not force quickack when receiving out-of-order packets tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode tcp: do not aggressively quick ack after ECN events tcp: add one more quick ack after after ECN events bonding: avoid lockdep confusion in bond_get_stats() inet: frag: enforce memory limits earlier ipv4: frags: handle possible skb truesize change Eugeniy Paltsev (1): NET: stmmac: align DMA stuff to largest cache line length Florian Fainelli (1): net: dsa: Do not suspend/resume closed slave_dev Gal Pressman (1): net: ena: Fix use of uninitialized DMA address bits field Greg Kroah-Hartman (1): Linux 4.9.118 Herbert Xu (1): crypto: padlock-aes - Fix Nano workaround data corruption Jeremy Cline (2): netlink: Fix spectre v1 gadget in netlink_create() net: socket: fix potential spectre v1 gadget in socketcall Jiang Biao (1): virtio_balloon: fix another race between migration and ballooning Jose Abreu (1): net: stmmac: Fix WoL for PCI-based setups Linus Torvalds (2): squashfs: more metadata hardening squashfs: more metadata hardenings Lorenzo Bianconi (1): ipv4: remove BUG_ON() from fib_compute_spec_dst Neal Cardwell (1): tcp_bbr: fix bw probing to raise in-flight data for very small BDPs Roman Kagan (1): kvm: x86: vmx: fix vpid leak Stefan Wahren (1): net: lan78xx: fix rx handling before first packet is send Tony Battersby (1): scsi: sg: fix minor memory leak in error path Xiao Liang (1): xen-netfront: wait xenbus state change when load module manually Yousuk Seung (1): tcp: refactor tcp_ecn_check_ce to remove sk type cast tangpengpeng (1): net: fix amd-xgbe flow-control issue

7 years, 1 month

1
1
0 0

Linux 4.14.61

by Greg KH

I'm announcing the release of the 4.14.61 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/x86/entry/entry_64.S | 18 +---- arch/x86/kernel/apic/apic.c | 3 arch/x86/kvm/vmx.c | 7 -- drivers/crypto/padlock-aes.c | 8 +- drivers/gpu/drm/vc4/vc4_plane.c | 3 drivers/infiniband/core/uverbs_cmd.c | 59 +++++++++++++++++- drivers/net/bonding/bond_main.c | 14 +++- drivers/net/can/usb/ems_usb.c | 1 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 4 - drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 40 ++++++++++++ drivers/net/wireless/intel/iwlwifi/cfg/9000.c | 69 ++++++++++++++++++++++ drivers/net/wireless/intel/iwlwifi/iwl-config.h | 5 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 22 +++++++ drivers/scsi/sg.c | 1 drivers/virtio/virtio_balloon.c | 2 fs/squashfs/block.c | 2 fs/squashfs/fragment.c | 13 ++-- fs/squashfs/squashfs_fs_sb.h | 1 fs/squashfs/super.c | 5 - fs/userfaultfd.c | 4 - kernel/auditsc.c | 13 ++-- net/dsa/slave.c | 6 + net/ipv4/inet_fragment.c | 10 +-- net/ipv4/ip_fragment.c | 5 + net/netlink/af_netlink.c | 2 net/rxrpc/call_accept.c | 4 - net/socket.c | 2 28 files changed, 275 insertions(+), 50 deletions(-) Andy Lutomirski (1): x86/entry/64: Remove %ebx handling from error_entry/exit Anton Vasilyev (1): can: ems_usb: Fix memory leak on ems_usb_disconnect() Boris Brezillon (1): drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats Eli Cohen (1): net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager Emmanuel Grumbach (1): iwlwifi: add more card IDs for 9000 series Eric Dumazet (3): bonding: avoid lockdep confusion in bond_get_stats() inet: frag: enforce memory limits earlier ipv4: frags: handle possible skb truesize change Florian Fainelli (1): net: dsa: Do not suspend/resume closed slave_dev Greg Kroah-Hartman (1): Linux 4.14.61 Herbert Xu (1): crypto: padlock-aes - Fix Nano workaround data corruption Jack Morgenstein (1): RDMA/uverbs: Expand primary and alt AV port checks Jeremy Cline (2): netlink: Fix spectre v1 gadget in netlink_create() net: socket: fix potential spectre v1 gadget in socketcall Jiang Biao (1): virtio_balloon: fix another race between migration and ballooning Jose Abreu (1): net: stmmac: Fix WoL for PCI-based setups Len Brown (1): x86/apic: Future-proof the TSC_DEADLINE quirk for SKX Linus Torvalds (2): squashfs: more metadata hardening squashfs: more metadata hardenings Mike Rapoport (1): userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails Roman Kagan (1): kvm: x86: vmx: fix vpid leak Tony Battersby (1): scsi: sg: fix minor memory leak in error path Yi Wang (1): audit: fix potential null dereference 'context->module.name' YueHaibing (1): rxrpc: Fix user call ID check in rxrpc_service_prealloc_one

7 years, 1 month

1
1
0 0

Linux 4.17.13

by Greg KH

I'm announcing the release of the 4.17.13 kernel. All users of the 4.17 kernel series must upgrade. The updated 4.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.17.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/x86/entry/entry_64.S | 18 ---- arch/x86/kernel/apic/apic.c | 3 arch/x86/kvm/vmx.c | 7 - arch/x86/platform/efi/efi_64.c | 2 drivers/crypto/padlock-aes.c | 8 + drivers/gpu/drm/drm_atomic_helper.c | 8 + drivers/gpu/drm/vc4/vc4_plane.c | 3 drivers/infiniband/core/uverbs_cmd.c | 59 ++++++++++++- drivers/net/bonding/bond_main.c | 14 ++- drivers/net/can/usb/ems_usb.c | 1 drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 2 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 4 drivers/net/ethernet/mellanox/mlx5/core/ipoib/ipoib.c | 4 drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 40 ++++++++- drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 3 drivers/net/wireless/intel/iwlwifi/cfg/9000.c | 69 ++++++++++++++++ drivers/net/wireless/intel/iwlwifi/iwl-config.h | 5 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 22 +++++ drivers/scsi/sg.c | 1 drivers/virtio/virtio_balloon.c | 2 fs/squashfs/block.c | 2 fs/squashfs/fragment.c | 13 ++- fs/squashfs/squashfs_fs_sb.h | 1 fs/squashfs/super.c | 5 - fs/userfaultfd.c | 4 ipc/shm.c | 12 ++ kernel/auditsc.c | 13 ++- mm/hugetlb.c | 7 + net/dsa/slave.c | 6 + net/ipv4/inet_fragment.c | 6 - net/ipv4/ip_fragment.c | 5 + net/netlink/af_netlink.c | 2 net/rxrpc/call_accept.c | 4 net/socket.c | 5 - 35 files changed, 308 insertions(+), 54 deletions(-) Andy Lutomirski (1): x86/entry/64: Remove %ebx handling from error_entry/exit Anton Vasilyev (1): can: ems_usb: Fix memory leak on ems_usb_disconnect() Boris Brezillon (3): drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats drm/atomic: Check old_plane_state->crtc in drm_atomic_helper_async_check() drm/atomic: Initialize variables in drm_atomic_helper_async_check() to make gcc happy Brijesh Singh (1): x86/efi: Access EFI MMIO data as unencrypted when SEV is active Eli Cohen (1): net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager Emmanuel Grumbach (1): iwlwifi: add more card IDs for 9000 series Eric Dumazet (3): bonding: avoid lockdep confusion in bond_get_stats() inet: frag: enforce memory limits earlier ipv4: frags: handle possible skb truesize change Feras Daoud (1): net/mlx5e: IPoIB, Set the netdevice sw mtu in ipoib enhanced flow Florian Fainelli (1): net: dsa: Do not suspend/resume closed slave_dev Greg Kroah-Hartman (1): Linux 4.17.13 Herbert Xu (1): crypto: padlock-aes - Fix Nano workaround data corruption Jack Morgenstein (1): RDMA/uverbs: Expand primary and alt AV port checks Jane Chu (1): ipc/shm.c add ->pagesize function to shm_vm_ops Jeremy Cline (3): netlink: Fix spectre v1 gadget in netlink_create() net: socket: fix potential spectre v1 gadget in socketcall net: socket: Fix potential spectre v1 gadget in sock_is_registered Jiang Biao (1): virtio_balloon: fix another race between migration and ballooning Jose Abreu (1): net: stmmac: Fix WoL for PCI-based setups Len Brown (1): x86/apic: Future-proof the TSC_DEADLINE quirk for SKX Linus Torvalds (2): squashfs: more metadata hardening squashfs: more metadata hardenings Mike Rapoport (1): userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails Or Gerlitz (1): net/mlx5e: Set port trust mode to PCP as default Rafał Miłecki (1): brcmfmac: fix regression in parsing NVRAM for multiple devices Roman Kagan (1): kvm: x86: vmx: fix vpid leak Tony Battersby (1): scsi: sg: fix minor memory leak in error path Yi Wang (1): audit: fix potential null dereference 'context->module.name' YueHaibing (1): rxrpc: Fix user call ID check in rxrpc_service_prealloc_one

7 years, 1 month

1
1
0 0

we do the editing

by Jason James

Want to follow up the email sent last week. Do you have needs for photo editing? We can edit 400 images within 24 hours. We are working on all kinds of ecommerce photos, jewelry photos, and the portrait images. We do cutting out and clipping path and others, and also we provide retouching for your photos, You can throw us a photo and we will do testing for you to check our quality. Thanks, Jason

7 years, 1 month

1
0
0 0

[char-misc-next] mei: ignore not found client in the enumeration

by Tomas Winkler

From: Alexander Usyskin <alexander.usyskin(a)intel.com> Some of the ME clients are available only for BIOS operation and are removed during hand off to an OS. However the removal is not instant. A client may be visible on the client list when the mei driver requests for enumeration, while the subsequent request for properties will be answered with client not found error value. The default behavior for an error is to perform client reset while this error is harmless and the link reset should be prevented. This issue started to be visible due to suspend/resume timing changes. Currently reported only on the Haswell based system. Fixes: [33.564957] mei_me 0000:00:16.0: hbm: properties response: wrong status = 1 CLIENT_NOT_FOUND [33.564978] mei_me 0000:00:16.0: mei_irq_read_handler ret = -71. [33.565270] mei_me 0000:00:16.0: unexpected reset: dev_state = INIT_CLIENTS fw status = 1E000255 60002306 00000200 00004401 00000000 00000010 Cc: <stable(a)vger.kernel.org> Reported-by: Heiner Kallweit <hkallweit1(a)gmail.com> Signed-off-by: Alexander Usyskin <alexander.usyskin(a)intel.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> --- drivers/misc/mei/hbm.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/misc/mei/hbm.c b/drivers/misc/mei/hbm.c index f15d44bda28e..fa0f8e91e86f 100644 --- a/drivers/misc/mei/hbm.c +++ b/drivers/misc/mei/hbm.c @@ -1244,15 +1244,18 @@ int mei_hbm_dispatch(struct mei_device *dev, struct mei_msg_hdr *hdr) props_res = (struct hbm_props_response *)mei_msg; - if (props_res->status) { + if (props_res->status == MEI_HBMS_CLIENT_NOT_FOUND) { + dev_dbg(dev->dev, "hbm: properties response: %d CLIENT_NOT_FOUND\n", + props_res->me_addr); + } else if (props_res->status) { dev_err(dev->dev, "hbm: properties response: wrong status = %d %s\n", props_res->status, mei_hbm_status_str(props_res->status)); return -EPROTO; + } else { + mei_hbm_me_cl_add(dev, props_res); } - mei_hbm_me_cl_add(dev, props_res); - /* request property for the next client */ if (mei_hbm_prop_req(dev, props_res->me_addr + 1)) return -EIO; -- 2.14.4

7 years, 1 month

1
0
0 0

[PATCH] ARC: AXS10x/HSDK: Allow U-Boot to pass MAC-address to the kernel

by Alexey Brodkin

Otherwise kernel uses random MAC which is not very conveniet. With that change in place use might set desired MAC in U-Boot with "setenv ethaddr 11:22:33:44:55:66", save environment and then from boot to boot the same MAC will be used by the kernel. One other note for this to happen it's required to pass board's .dtb in U-Boot's "bootm" command like that: ------------------->8----------------- bootm 0x82000000 - 0x84000000 ------------------->8----------------- Here 0x82000000 is location of uImage while 0x80000000 is location of either axs10x.dtb or hsdk.dtb previously loaded from SD-card, USB storage or TFTP server. Signed-off-by: Alexey Brodkin <abrodkin(a)synopsys.com> Cc: Rob Herring <robh+dt(a)kernel.org> Cc: stable(a)vger.kernel.org # 4.14 Cc: devicetree(a)vger.kernel.org --- arch/arc/boot/dts/axs10x_mb.dtsi | 7 ++++++- arch/arc/boot/dts/hsdk.dts | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/arc/boot/dts/axs10x_mb.dtsi b/arch/arc/boot/dts/axs10x_mb.dtsi index 47b74fbc403c..37bafd44e36d 100644 --- a/arch/arc/boot/dts/axs10x_mb.dtsi +++ b/arch/arc/boot/dts/axs10x_mb.dtsi @@ -9,6 +9,10 @@ */ / { + aliases { + ethernet = &gmac; + }; + axs10x_mb { compatible = "simple-bus"; #address-cells = <1>; @@ -68,7 +72,7 @@ }; }; - ethernet@0x18000 { + gmac: ethernet@0x18000 { #interrupt-cells = <1>; compatible = "snps,dwmac"; reg = < 0x18000 0x2000 >; @@ -81,6 +85,7 @@ max-speed = <100>; resets = <&creg_rst 5>; reset-names = "stmmaceth"; + mac-address = [00 00 00 00 00 00]; /* Filled in by U-Boot */ }; ehci@0x40000 { diff --git a/arch/arc/boot/dts/hsdk.dts b/arch/arc/boot/dts/hsdk.dts index 006aa3de5348..d00f283094d3 100644 --- a/arch/arc/boot/dts/hsdk.dts +++ b/arch/arc/boot/dts/hsdk.dts @@ -25,6 +25,10 @@ bootargs = "earlycon=uart8250,mmio32,0xf0005000,115200n8 console=ttyS0,115200n8 debug print-fatal-signals=1"; }; + aliases { + ethernet = &gmac; + }; + cpus { #address-cells = <1>; #size-cells = <0>; @@ -163,7 +167,7 @@ #clock-cells = <0>; }; - ethernet@8000 { + gmac: ethernet@8000 { #interrupt-cells = <1>; compatible = "snps,dwmac"; reg = <0x8000 0x2000>; @@ -176,6 +180,7 @@ phy-handle = <&phy0>; resets = <&cgu_rst HSDK_ETH_RESET>; reset-names = "stmmaceth"; + mac-address = [00 00 00 00 00 00]; /* Filled in by U-Boot */ mdio { #address-cells = <1>; -- 2.17.1

7 years, 1 month

3
2
0 0

[PATCH] x86/irqflags: provide a declaration for native_save_fl

by Nick Desaulniers

Fixes commit d0a8d9378d16 ("x86/paravirt: Make native_save_fl() extern inline"). It was reported that the above commit was causing users of gcc < 4.9 to observe -Werror=missing-prototypes errors. Indeed, it seems that: extern inline unsigned long native_save_fl(void) { return 0; } compiled with -Werror=missing-prototypes produces this warning in gcc < 4.9, but not gcc >= 4.9. Cc: stable(a)vger.kernel.org # 4.17, 4.14, 4.9, 4.4 Reported-by: David Laight <david.laight(a)aculab.com> Reported-by: Jean Delvare <jdelvare(a)suse.de> Signed-off-by: Nick Desaulniers <ndesaulniers(a)google.com> --- arch/x86/include/asm/irqflags.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h index c4fc17220df9..c14f2a74b2be 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -13,6 +13,8 @@ * Interrupt control: */ +/* Declaration required for gcc < 4.9 to prevent -Werror=missing-prototypes */ +extern inline unsigned long native_save_fl(void); extern inline unsigned long native_save_fl(void) { unsigned long flags; -- 2.18.0.597.ga71716f1ad-goog

7 years, 1 month

3
2
0 0

Dear Beneficiary, FINAL NOTICE..28

by Paul

Attention: stable(a)vger.kernel.org, FINAL NOTICE We have been instructed to arrange your funds/payment via Online Banking & Loaded ATM Cards delivery to you. Your response very urgent for more details! Sincerely yours, Eddie. P.

7 years, 1 month

1
0
0 0

[PATCH RT 03/22] futex: Avoid violating the 10th rule of futex

by Julia Cartwright

From: Peter Zijlstra <peterz(a)infradead.org> 4.9.115-rt94-rc1 stable review patch. If you have any objection to the inclusion of this patch, let me know. --- 8< --- 8< --- 8< --- [ Upstream commit c1e2f0eaf015fb7076d51a339011f2383e6dd389 ] Julia reported futex state corruption in the following scenario: waiter waker stealer (prio > waiter) futex(WAIT_REQUEUE_PI, uaddr, uaddr2, timeout=[N ms]) futex_wait_requeue_pi() futex_wait_queue_me() freezable_schedule() <scheduled out> futex(LOCK_PI, uaddr2) futex(CMP_REQUEUE_PI, uaddr, uaddr2, 1, 0) /* requeues waiter to uaddr2 */ futex(UNLOCK_PI, uaddr2) wake_futex_pi() cmp_futex_value_locked(uaddr2, waiter) wake_up_q() <woken by waker> <hrtimer_wakeup() fires, clears sleeper->task> futex(LOCK_PI, uaddr2) __rt_mutex_start_proxy_lock() try_to_take_rt_mutex() /* steals lock */ rt_mutex_set_owner(lock, stealer) <preempted> <scheduled in> rt_mutex_wait_proxy_lock() __rt_mutex_slowlock() try_to_take_rt_mutex() /* fails, lock held by stealer */ if (timeout && !timeout->task) return -ETIMEDOUT; fixup_owner() /* lock wasn't acquired, so, fixup_pi_state_owner skipped */ return -ETIMEDOUT; /* At this point, we've returned -ETIMEDOUT to userspace, but the * futex word shows waiter to be the owner, and the pi_mutex has * stealer as the owner */ futex_lock(LOCK_PI, uaddr2) -> bails with EDEADLK, futex word says we're owner. And suggested that what commit: 73d786bd043e ("futex: Rework inconsistent rt_mutex/futex_q state") removes from fixup_owner() looks to be just what is needed. And indeed it is -- I completely missed that requeue_pi could also result in this case. So we need to restore that, except that subsequent patches, like commit: 16ffa12d7425 ("futex: Pull rt_mutex_futex_unlock() out from under hb->lock") changed all the locking rules. Even without that, the sequence: - if (rt_mutex_futex_trylock(&q->pi_state->pi_mutex)) { - locked = 1; - goto out; - } - raw_spin_lock_irq(&q->pi_state->pi_mutex.wait_lock); - owner = rt_mutex_owner(&q->pi_state->pi_mutex); - if (!owner) - owner = rt_mutex_next_owner(&q->pi_state->pi_mutex); - raw_spin_unlock_irq(&q->pi_state->pi_mutex.wait_lock); - ret = fixup_pi_state_owner(uaddr, q, owner); already suggests there were races; otherwise we'd never have to look at next_owner. So instead of doing 3 consecutive wait_lock sections with who knows what races, we do it all in a single section. Additionally, the usage of pi_state->owner in fixup_owner() was only safe because only the rt_mutex owner would modify it, which this additional case wrecks. Luckily the values can only change away and not to the value we're testing, this means we can do a speculative test and double check once we have the wait_lock. Fixes: 73d786bd043e ("futex: Rework inconsistent rt_mutex/futex_q state") Reported-by: Julia Cartwright <julia(a)ni.com> Reported-by: Gratian Crisan <gratian.crisan(a)ni.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Julia Cartwright <julia(a)ni.com> Tested-by: Gratian Crisan <gratian.crisan(a)ni.com> Cc: Darren Hart <dvhart(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20171208124939.7livp7no2ov65rrc@hirez.programming… Signed-off-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Signed-off-by: Julia Cartwright <julia(a)ni.com> --- kernel/futex.c | 83 ++++++++++++++++++++++++++------- kernel/locking/rtmutex.c | 26 ++++++++--- kernel/locking/rtmutex_common.h | 1 + 3 files changed, 87 insertions(+), 23 deletions(-) diff --git a/kernel/futex.c b/kernel/futex.c index 270148be5647..cdd68ba6e3a6 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -2287,21 +2287,17 @@ static void unqueue_me_pi(struct futex_q *q) spin_unlock(q->lock_ptr); } -/* - * Fixup the pi_state owner with the new owner. - * - * Must be called with hash bucket lock held and mm->sem held for non - * private futexes. - */ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, - struct task_struct *newowner) + struct task_struct *argowner) { - u32 newtid = task_pid_vnr(newowner) | FUTEX_WAITERS; struct futex_pi_state *pi_state = q->pi_state; u32 uval, uninitialized_var(curval), newval; - struct task_struct *oldowner; + struct task_struct *oldowner, *newowner; + u32 newtid; int ret; + lockdep_assert_held(q->lock_ptr); + raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock); oldowner = pi_state->owner; @@ -2310,11 +2306,17 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, newtid |= FUTEX_OWNER_DIED; /* - * We are here either because we stole the rtmutex from the - * previous highest priority waiter or we are the highest priority - * waiter but have failed to get the rtmutex the first time. + * We are here because either: + * + * - we stole the lock and pi_state->owner needs updating to reflect + * that (@argowner == current), * - * We have to replace the newowner TID in the user space variable. + * or: + * + * - someone stole our lock and we need to fix things to point to the + * new owner (@argowner == NULL). + * + * Either way, we have to replace the TID in the user space variable. * This must be atomic as we have to preserve the owner died bit here. * * Note: We write the user space value _before_ changing the pi_state @@ -2327,6 +2329,42 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, * in the PID check in lookup_pi_state. */ retry: + if (!argowner) { + if (oldowner != current) { + /* + * We raced against a concurrent self; things are + * already fixed up. Nothing to do. + */ + ret = 0; + goto out_unlock; + } + + if (__rt_mutex_futex_trylock(&pi_state->pi_mutex)) { + /* We got the lock after all, nothing to fix. */ + ret = 0; + goto out_unlock; + } + + /* + * Since we just failed the trylock; there must be an owner. + */ + newowner = rt_mutex_owner(&pi_state->pi_mutex); + BUG_ON(!newowner); + } else { + WARN_ON_ONCE(argowner != current); + if (oldowner == current) { + /* + * We raced against a concurrent self; things are + * already fixed up. Nothing to do. + */ + ret = 0; + goto out_unlock; + } + newowner = argowner; + } + + newtid = task_pid_vnr(newowner) | FUTEX_WAITERS; + if (get_futex_value_locked(&uval, uaddr)) goto handle_fault; @@ -2427,15 +2465,28 @@ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked) * Got the lock. We might not be the anticipated owner if we * did a lock-steal - fix up the PI-state in that case: * - * We can safely read pi_state->owner without holding wait_lock - * because we now own the rt_mutex, only the owner will attempt - * to change it. + * Speculative pi_state->owner read (we don't hold wait_lock); + * since we own the lock pi_state->owner == current is the + * stable state, anything else needs more attention. */ if (q->pi_state->owner != current) ret = fixup_pi_state_owner(uaddr, q, current); goto out; } + /* + * If we didn't get the lock; check if anybody stole it from us. In + * that case, we need to fix up the uval to point to them instead of + * us, otherwise bad things happen. [10] + * + * Another speculative read; pi_state->owner == current is unstable + * but needs our attention. + */ + if (q->pi_state->owner == current) { + ret = fixup_pi_state_owner(uaddr, q, NULL); + goto out; + } + /* * Paranoia check. If we did not take the lock, then we should not be * the owner of the rt_mutex. diff --git a/kernel/locking/rtmutex.c b/kernel/locking/rtmutex.c index 3a8b5d44aaf8..57361d631749 100644 --- a/kernel/locking/rtmutex.c +++ b/kernel/locking/rtmutex.c @@ -1849,6 +1849,19 @@ rt_mutex_slowlock(struct rt_mutex *lock, int state, return ret; } +static inline int __rt_mutex_slowtrylock(struct rt_mutex *lock) +{ + int ret = try_to_take_rt_mutex(lock, current, NULL); + + /* + * try_to_take_rt_mutex() sets the lock waiters bit + * unconditionally. Clean this up. + */ + fixup_rt_mutex_waiters(lock); + + return ret; +} + /* * Slow path try-lock function: */ @@ -1871,13 +1884,7 @@ static inline int rt_mutex_slowtrylock(struct rt_mutex *lock) */ raw_spin_lock_irqsave(&lock->wait_lock, flags); - ret = try_to_take_rt_mutex(lock, current, NULL); - - /* - * try_to_take_rt_mutex() sets the lock waiters bit - * unconditionally. Clean this up. - */ - fixup_rt_mutex_waiters(lock); + ret = __rt_mutex_slowtrylock(lock); raw_spin_unlock_irqrestore(&lock->wait_lock, flags); @@ -2102,6 +2109,11 @@ int __sched rt_mutex_futex_trylock(struct rt_mutex *lock) return rt_mutex_slowtrylock(lock); } +int __sched __rt_mutex_futex_trylock(struct rt_mutex *lock) +{ + return __rt_mutex_slowtrylock(lock); +} + /** * rt_mutex_timed_lock - lock a rt_mutex interruptible * the timeout structure is provided diff --git a/kernel/locking/rtmutex_common.h b/kernel/locking/rtmutex_common.h index 64d89d780059..50c0a1043556 100644 --- a/kernel/locking/rtmutex_common.h +++ b/kernel/locking/rtmutex_common.h @@ -122,6 +122,7 @@ extern bool rt_mutex_cleanup_proxy_lock(struct rt_mutex *lock, struct rt_mutex_waiter *waiter); extern int rt_mutex_futex_trylock(struct rt_mutex *l); +extern int __rt_mutex_futex_trylock(struct rt_mutex *l); extern void rt_mutex_futex_unlock(struct rt_mutex *lock); extern bool __rt_mutex_futex_unlock(struct rt_mutex *lock, -- 2.18.0

7 years, 1 month

1
0
0 0

[PATCH RT 02/22] futex: Fix more put_pi_state() vs. exit_pi_state_list() races

by Julia Cartwright

From: Peter Zijlstra <peterz(a)infradead.org> 4.9.115-rt94-rc1 stable review patch. If you have any objection to the inclusion of this patch, let me know. --- 8< --- 8< --- 8< --- [ Upstream commit 51d00899f7e6ded15c89cb4e2cb11a35283bac81 ] Dmitry (through syzbot) reported being able to trigger the WARN in get_pi_state() and a use-after-free on: raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock); Both are due to this race: exit_pi_state_list() put_pi_state() lock(&curr->pi_lock) while() { pi_state = list_first_entry(head); hb = hash_futex(&pi_state->key); unlock(&curr->pi_lock); dec_and_test(&pi_state->refcount); lock(&hb->lock) lock(&pi_state->pi_mutex.wait_lock) // uaf if pi_state free'd lock(&curr->pi_lock); .... unlock(&curr->pi_lock); get_pi_state(); // WARN; refcount==0 The problem is we take the reference count too late, and don't allow it being 0. Fix it by using inc_not_zero() and simply retrying the loop when we fail to get a refcount. In that case put_pi_state() should remove the entry from the list. Reported-by: Dmitry Vyukov <dvyukov(a)google.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Gratian Crisan <gratian.crisan(a)ni.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: dvhart(a)infradead.org Cc: syzbot <bot+2af19c9e1ffe4d4ee1d16c56ae7580feaee75765(a)syzkaller.appspotmail.com> Cc: syzkaller-bugs(a)googlegroups.com Cc: <stable(a)vger.kernel.org> Fixes: c74aef2d06a9 ("futex: Fix pi_state->owner serialization") Link: http://lkml.kernel.org/r/20171031101853.xpfh72y643kdfhjs@hirez.programming.… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Signed-off-by: Julia Cartwright <julia(a)ni.com> --- kernel/futex.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/kernel/futex.c b/kernel/futex.c index 47e42faad6c5..270148be5647 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -899,11 +899,27 @@ void exit_pi_state_list(struct task_struct *curr) */ raw_spin_lock_irq(&curr->pi_lock); while (!list_empty(head)) { - next = head->next; pi_state = list_entry(next, struct futex_pi_state, list); key = pi_state->key; hb = hash_futex(&key); + + /* + * We can race against put_pi_state() removing itself from the + * list (a waiter going away). put_pi_state() will first + * decrement the reference count and then modify the list, so + * its possible to see the list entry but fail this reference + * acquire. + * + * In that case; drop the locks to let put_pi_state() make + * progress and retry the loop. + */ + if (!atomic_inc_not_zero(&pi_state->refcount)) { + raw_spin_unlock_irq(&curr->pi_lock); + cpu_relax(); + raw_spin_lock_irq(&curr->pi_lock); + continue; + } raw_spin_unlock_irq(&curr->pi_lock); spin_lock(&hb->lock); @@ -914,10 +930,12 @@ void exit_pi_state_list(struct task_struct *curr) * task still owns the PI-state: */ if (head->next != next) { + /* retain curr->pi_lock for the loop invariant */ raw_spin_unlock(&curr->pi_lock); raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock); spin_unlock(&hb->lock); raw_spin_lock_irq(&curr->pi_lock); + put_pi_state(pi_state); continue; } @@ -925,9 +943,8 @@ void exit_pi_state_list(struct task_struct *curr) WARN_ON(list_empty(&pi_state->list)); list_del_init(&pi_state->list); pi_state->owner = NULL; - raw_spin_unlock(&curr->pi_lock); - get_pi_state(pi_state); + raw_spin_unlock(&curr->pi_lock); raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock); spin_unlock(&hb->lock); -- 2.18.0

7 years, 1 month

1
0
0 0

[PATCH RT 01/22] futex: Fix pi_state->owner serialization

by Julia Cartwright

From: Peter Zijlstra <peterz(a)infradead.org> 4.9.115-rt94-rc1 stable review patch. If you have any objection to the inclusion of this patch, let me know. --- 8< --- 8< --- 8< --- [ Upstream commit c74aef2d06a9f59cece89093eecc552933cba72a ] There was a reported suspicion about a race between exit_pi_state_list() and put_pi_state(). The same report mentioned the comment with put_pi_state() said it should be called with hb->lock held, and it no longer is in all places. As it turns out, the pi_state->owner serialization is indeed broken. As per the new rules: 734009e96d19 ("futex: Change locking rules") pi_state->owner should be serialized by pi_state->pi_mutex.wait_lock. For the sites setting pi_state->owner we already hold wait_lock (where required) but exit_pi_state_list() and put_pi_state() were not and raced on clearing it. Fixes: 734009e96d19 ("futex: Change locking rules") Reported-by: Gratian Crisan <gratian.crisan(a)ni.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: dvhart(a)infradead.org Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20170922154806.jd3ffltfk24m4o4y@hirez.programming… Signed-off-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Signed-off-by: Julia Cartwright <julia(a)ni.com> --- kernel/futex.c | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/kernel/futex.c b/kernel/futex.c index 8ab0ddd4cf8f..47e42faad6c5 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -819,8 +819,6 @@ static void get_pi_state(struct futex_pi_state *pi_state) /* * Drops a reference to the pi_state object and frees or caches it * when the last reference is gone. - * - * Must be called with the hb lock held. */ static void put_pi_state(struct futex_pi_state *pi_state) { @@ -835,16 +833,22 @@ static void put_pi_state(struct futex_pi_state *pi_state) * and has cleaned up the pi_state already */ if (pi_state->owner) { - raw_spin_lock_irq(&pi_state->owner->pi_lock); - list_del_init(&pi_state->list); - raw_spin_unlock_irq(&pi_state->owner->pi_lock); + struct task_struct *owner; - rt_mutex_proxy_unlock(&pi_state->pi_mutex, pi_state->owner); + raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock); + owner = pi_state->owner; + if (owner) { + raw_spin_lock(&owner->pi_lock); + list_del_init(&pi_state->list); + raw_spin_unlock(&owner->pi_lock); + } + rt_mutex_proxy_unlock(&pi_state->pi_mutex, owner); + raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock); } - if (current->pi_state_cache) + if (current->pi_state_cache) { kfree(pi_state); - else { + } else { /* * pi_state->list is already empty. * clear pi_state->owner. @@ -903,14 +907,15 @@ void exit_pi_state_list(struct task_struct *curr) raw_spin_unlock_irq(&curr->pi_lock); spin_lock(&hb->lock); - - raw_spin_lock_irq(&curr->pi_lock); + raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock); + raw_spin_lock(&curr->pi_lock); /* * We dropped the pi-lock, so re-check whether this * task still owns the PI-state: */ if (head->next != next) { - raw_spin_unlock_irq(&curr->pi_lock); + raw_spin_unlock(&curr->pi_lock); + raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock); spin_unlock(&hb->lock); raw_spin_lock_irq(&curr->pi_lock); continue; @@ -920,9 +925,10 @@ void exit_pi_state_list(struct task_struct *curr) WARN_ON(list_empty(&pi_state->list)); list_del_init(&pi_state->list); pi_state->owner = NULL; - raw_spin_unlock_irq(&curr->pi_lock); + raw_spin_unlock(&curr->pi_lock); get_pi_state(pi_state); + raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock); spin_unlock(&hb->lock); rt_mutex_futex_unlock(&pi_state->pi_mutex); @@ -1204,6 +1210,10 @@ static int attach_to_pi_owner(u32 uval, union futex_key *key, WARN_ON(!list_empty(&pi_state->list)); list_add(&pi_state->list, &p->pi_state_list); + /* + * Assignment without holding pi_state->pi_mutex.wait_lock is safe + * because there is no concurrency as the object is not published yet. + */ pi_state->owner = p; raw_spin_unlock_irq(&p->pi_lock); -- 2.18.0

7 years, 1 month

1
0
0 0

[PATCH] stop_machine: Disable preemption after queueing stopper threads

by Isaac J. Manjarres

This commit: 9fb8d5dc4b64 ("stop_machine, Disable preemption when waking two stopper threads") does not fully address the race condition that can occur as follows: On one CPU, call it CPU 3, thread 1 invokes cpu_stop_queue_two_works(2, 3,...), and the execution is such that thread 1 queues the works for migration/2 and migration/3, and is preempted after releasing the locks for migration/2 and migration/3, but before waking the threads. Then, On CPU 2, a kworker, call it thread 2, is running, and it invokes cpu_stop_queue_two_works(1, 2,...), such that thread 2 queues the works for migration/1 and migration/2. Meanwhile, on CPU 3, thread 1 resumes execution, and wakes migration/2 and migration/3. This means that when CPU 2 releases the locks for migration/1 and migration/2, but before it wakes those threads, it can be preempted by migration/2. If thread 2 is preempted by migration/2, then migration/2 will execute the first work item successfully, since migration/3 was woken up by CPU 3, but when it goes to execute the second work item, it disables preemption, calls multi_cpu_stop(), and thus, CPU 2 will wait forever for migration/1, which should have been woken up by thread 2. However migration/1 cannot be woken up by thread 2, since it is a kworker, so it is affine to CPU 2, but CPU 2 is running migration/2 with preemption disabled, so thread 2 will never run. Disable preemption after queueing works for stopper threads to ensure that the operation of queueing the works and waking the stopper threads is atomic. Fixes: 9fb8d5dc4b64 ("stop_machine, Disable preemption when waking two stopper threads") Co-Developed-by: Prasad Sodagudi <psodagud(a)codeaurora.org> Co-Developed-by: Pavankumar Kondeti <pkondeti(a)codeaurora.org> Signed-off-by: Isaac J. Manjarres <isaacm(a)codeaurora.org> Signed-off-by: Prasad Sodagudi <psodagud(a)codeaurora.org> Signed-off-by: Pavankumar Kondeti <pkondeti(a)codeaurora.org> Cc: stable(a)vger.kernel.org --- kernel/stop_machine.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/kernel/stop_machine.c b/kernel/stop_machine.c index 1ff523d..e190d1e 100644 --- a/kernel/stop_machine.c +++ b/kernel/stop_machine.c @@ -260,6 +260,15 @@ static int cpu_stop_queue_two_works(int cpu1, struct cpu_stop_work *work1, err = 0; __cpu_stop_queue_work(stopper1, work1, &wakeq); __cpu_stop_queue_work(stopper2, work2, &wakeq); + /* + * The waking up of stopper threads has to happen + * in the same scheduling context as the queueing. + * Otherwise, there is a possibility of one of the + * above stoppers being woken up by another CPU, + * and preempting us. This will cause us to n ot + * wake up the other stopper forever. + */ + preempt_disable(); unlock: raw_spin_unlock(&stopper2->lock); raw_spin_unlock_irq(&stopper1->lock); @@ -271,7 +280,6 @@ static int cpu_stop_queue_two_works(int cpu1, struct cpu_stop_work *work1, } if (!err) { - preempt_disable(); wake_up_q(&wakeq); preempt_enable(); } -- The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project

7 years, 1 month

7
11
0 0

[PATCH] powerpc/fadump: handle crash memory ranges array overflow

by Hari Bathini

Crash memory ranges is an array of memory ranges of the crashing kernel to be exported as a dump via /proc/vmcore file. The size of the array is set based on INIT_MEMBLOCK_REGIONS, which works alright in most cases where memblock memory regions count is less than INIT_MEMBLOCK_REGIONS value. But this count can grow beyond INIT_MEMBLOCK_REGIONS value since commit 142b45a72e22 ("memblock: Add array resizing support"). On large memory systems with a few DLPAR operations, the memblock memory regions count could be larger than INIT_MEMBLOCK_REGIONS value. On such systems, registering fadump results in crash or other system failures like below: task: c00007f39a290010 ti: c00000000b738000 task.ti: c00000000b738000 NIP: c000000000047df4 LR: c0000000000f9e58 CTR: c00000000010f180 REGS: c00000000b73b570 TRAP: 0300 Tainted: G L X (4.4.140+) MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 22004484 XER: 20000000 CFAR: c000000000008500 DAR: 000007a450000000 DSISR: 40000000 SOFTE: 0 GPR00: c0000000000f9e58 c00000000b73b7f0 c000000000f09a00 000000000000001a GPR04: c00007f3bf774c90 0000000000000004 c000000000eb9a00 0000000000000800 GPR08: 0000000000000804 000007a450000000 c000000000fa9a00 c00007ffb169ca20 GPR12: 0000000022004482 c00000000fa12c00 c00007f3a0ea97a8 0000000000000000 GPR16: c00007f3a0ea9a50 c00000000b73bd60 0000000000000118 000000000001fe80 GPR20: 0000000000000118 0000000000000000 c000000000b8c980 00000000000000d0 GPR24: 000007ffb0b10000 c00007ffb169c980 0000000000000000 c000000000b8c980 GPR28: 0000000000000004 c00007ffb169c980 000000000000001a c00007ffb169c980 NIP [c000000000047df4] smp_send_reschedule+0x24/0x80 LR [c0000000000f9e58] resched_curr+0x138/0x160 Call Trace: [c00000000b73b7f0] [c0000000000f9e58] resched_curr+0x138/0x160 (unreliable) [c00000000b73b820] [c0000000000fb538] check_preempt_curr+0xc8/0xf0 [c00000000b73b850] [c0000000000fb598] ttwu_do_wakeup+0x38/0x150 [c00000000b73b890] [c0000000000fc9c4] try_to_wake_up+0x224/0x4d0 [c00000000b73b900] [c00000000011ef34] __wake_up_common+0x94/0x100 [c00000000b73b960] [c00000000034a78c] ep_poll_callback+0xac/0x1c0 [c00000000b73b9b0] [c00000000011ef34] __wake_up_common+0x94/0x100 [c00000000b73ba10] [c00000000011f810] __wake_up_sync_key+0x70/0xa0 [c00000000b73ba60] [c00000000067c3e8] sock_def_readable+0x58/0xa0 [c00000000b73ba90] [c0000000007848ac] unix_stream_sendmsg+0x2dc/0x4c0 [c00000000b73bb70] [c000000000675a38] sock_sendmsg+0x68/0xa0 [c00000000b73bba0] [c00000000067673c] ___sys_sendmsg+0x2cc/0x2e0 [c00000000b73bd30] [c000000000677dbc] __sys_sendmsg+0x5c/0xc0 [c00000000b73bdd0] [c0000000006789bc] SyS_socketcall+0x36c/0x3f0 [c00000000b73be30] [c000000000009488] system_call+0x3c/0x100 Instruction dump: 4e800020 60000000 60420000 3c4c00ec 38421c30 7c0802a6 f8010010 60000000 3d42000a e92ab420 2fa90000 4dde0020 <e9290000> 2fa90000 419e0044 7c0802a6 ---[ end trace a6d1dd4bab5f8253 ]--- as array index overflow is not checked for while setting up crash memory ranges causing memory corruption. To resolve this issue, resize crash memory ranges array on hitting array size limit. But without a hard limit on the number of crash memory ranges, there is a possibility of program headers count overflow in the /proc/vmcore ELF file while exporting each of this memory ranges as PT_LOAD segments. To reduce the likelihood of such scenario, fold adjacent memory ranges to minimize the total number of crash memory ranges. Fixes: 2df173d9e85d ("fadump: Initialize elfcore header and add PT_LOAD program headers.") Cc: stable(a)vger.kernel.org Cc: Mahesh Salgaonkar <mahesh(a)linux.vnet.ibm.com> Signed-off-by: Hari Bathini <hbathini(a)linux.ibm.com> --- arch/powerpc/include/asm/fadump.h | 2 + arch/powerpc/kernel/fadump.c | 63 ++++++++++++++++++++++++++++++++++--- 2 files changed, 59 insertions(+), 6 deletions(-) diff --git a/arch/powerpc/include/asm/fadump.h b/arch/powerpc/include/asm/fadump.h index 5a23010..ff708b3 100644 --- a/arch/powerpc/include/asm/fadump.h +++ b/arch/powerpc/include/asm/fadump.h @@ -196,7 +196,7 @@ struct fadump_crash_info_header { }; /* Crash memory ranges */ -#define INIT_CRASHMEM_RANGES (INIT_MEMBLOCK_REGIONS + 2) +#define INIT_CRASHMEM_RANGES INIT_MEMBLOCK_REGIONS struct fad_crash_memory_ranges { unsigned long long base; diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c index 07e8396..1c1df4f 100644 --- a/arch/powerpc/kernel/fadump.c +++ b/arch/powerpc/kernel/fadump.c @@ -47,7 +47,9 @@ static struct fadump_mem_struct fdm; static const struct fadump_mem_struct *fdm_active; static DEFINE_MUTEX(fadump_mutex); -struct fad_crash_memory_ranges crash_memory_ranges[INIT_CRASHMEM_RANGES]; +struct fad_crash_memory_ranges init_crash_memory_ranges[INIT_CRASHMEM_RANGES]; +int max_crash_mem_ranges = INIT_CRASHMEM_RANGES; +struct fad_crash_memory_ranges *crash_memory_ranges = init_crash_memory_ranges; int crash_mem_ranges; /* Scan the Firmware Assisted dump configuration details. */ @@ -871,14 +873,65 @@ static int __init process_fadump(const struct fadump_mem_struct *fdm_active) static inline void fadump_add_crash_memory(unsigned long long base, unsigned long long end) { + u64 start, size; + bool is_adjacent = false; + if (base == end) return; + /* + * Fold adjacent memory ranges to bring down the memory ranges/ + * PT_LOAD segments count. + */ + if (crash_mem_ranges) { + start = crash_memory_ranges[crash_mem_ranges-1].base; + size = crash_memory_ranges[crash_mem_ranges-1].size; + + if ((start + size) == base) + is_adjacent = true; + } + + if (!is_adjacent) { + /* resize the array on reaching the limit */ + if (crash_mem_ranges == max_crash_mem_ranges) { + u64 old_size, new_max; + struct fad_crash_memory_ranges *new_array; + + old_size = max_crash_mem_ranges; + old_size *= sizeof(struct fad_crash_memory_ranges); + + new_max = max_crash_mem_ranges + INIT_CRASHMEM_RANGES; + size = new_max * sizeof(struct fad_crash_memory_ranges); + + pr_debug("Resizing crash memory ranges count from %d to %d\n", + max_crash_mem_ranges, new_max); + + new_array = kmalloc(size, GFP_KERNEL); + if (new_array == NULL) { + pr_warn("Insufficient memory for setting up crash memory ranges\n"); + return; + } + + /* + * Copy the old memory ranges into the new array before + * free'ing it. + */ + memcpy(new_array, crash_memory_ranges, old_size); + if (crash_memory_ranges != init_crash_memory_ranges) + kfree(crash_memory_ranges); + + crash_memory_ranges = new_array; + max_crash_mem_ranges = new_max; + } + start = base; + crash_memory_ranges[crash_mem_ranges].base = start; + crash_mem_ranges++; + } + + crash_memory_ranges[crash_mem_ranges-1].size = (end - start); + pr_debug("crash_memory_range[%d] [%#016llx-%#016llx], %#llx bytes\n", - crash_mem_ranges, base, end - 1, (end - base)); - crash_memory_ranges[crash_mem_ranges].base = base; - crash_memory_ranges[crash_mem_ranges].size = end - base; - crash_mem_ranges++; + (crash_mem_ranges - 1), start, end - 1, (end - start)); } static void fadump_exclude_reserved_area(unsigned long long start,

7 years, 1 month

4
3
0 0

[PATCH v2] zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature

by Minchan Kim

If zram supports writeback feature, it's no longer a BD_CAP_SYNCHRONOUS_IO device beause zram does asynchronous IO operations for incompressible pages. Do not pretend to be synchronous IO device. It makes the system very sluggish due to waiting for IO completion from upper layers. Furthermore, it causes a user-after-free problem because swap thinks the opearion is done when the IO functions returns so it can free the page (e.g., lock_page_or_retry and goto out_release in do_swap_page) but in fact, IO is asynchronous so the driver could access a just freed page afterward. This patch fixes the problem. BUG: Bad page state in process qemu-system-x86 pfn:3dfab21 page:ffffdfb137eac840 count:0 mapcount:0 mapping:0000000000000000 index:0x1 flags: 0x17fffc000000008(uptodate) raw: 017fffc000000008 dead000000000100 dead000000000200 0000000000000000 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag set bad because of flags: 0x8(uptodate) Modules linked in: lz4 lz4_compress zram zsmalloc intel_rapl sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel bin fmt_misc pcbc aesni_intel aes_x86_64 crypto_simd cryptd iTCO_wdt glue_helper iTCO_vendor_support intel_cstate lpc_ich mei_me intel_uncore intel_rapl_perf pcspkr joydev sg mfd_core ioatdma mei wmi evdev ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter acpi_pad button ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 fscrypto hid_generic usbhid hid sd_mod xhci_pci ehci_pci ahci libahci xhci_hcd ehci_hcd libata igb i2c_algo_bit crc32c_intel scsi_mod i2c_i8 01 dca usbcore CPU: 4 PID: 1039 Comm: qemu-system-x86 Tainted: G B 4.18.0-rc5+ #1 Hardware name: Supermicro Super Server/X10SRL-F, BIOS 2.0b 05/02/2017 Call Trace: dump_stack+0x5c/0x7b bad_page+0xba/0x120 get_page_from_freelist+0x1016/0x1250 __alloc_pages_nodemask+0xfa/0x250 alloc_pages_vma+0x7c/0x1c0 do_swap_page+0x347/0x920 ? __update_load_avg_se.isra.38+0x1eb/0x1f0 ? cpumask_next_wrap+0x3d/0x60 __handle_mm_fault+0x7b4/0x1110 ? update_load_avg+0x5ea/0x720 handle_mm_fault+0xfc/0x1f0 __get_user_pages+0x12f/0x690 get_user_pages_unlocked+0x148/0x1f0 __gfn_to_pfn_memslot+0xff/0x3c0 [kvm] try_async_pf+0x87/0x230 [kvm] tdp_page_fault+0x132/0x290 [kvm] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] kvm_mmu_page_fault+0x74/0x570 [kvm] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmx_vcpu_run+0x375/0x620 [kvm_intel] kvm_arch_vcpu_ioctl_run+0x9b3/0x1990 [kvm] ? __update_load_avg_se.isra.38+0x1eb/0x1f0 ? kvm_vcpu_ioctl+0x388/0x5d0 [kvm] kvm_vcpu_ioctl+0x388/0x5d0 [kvm] ? __switch_to+0x395/0x450 ? __switch_to+0x395/0x450 do_vfs_ioctl+0xa2/0x630 ? __schedule+0x3fd/0x890 ksys_ioctl+0x70/0x80 ? exit_to_usermode_loop+0xca/0xf0 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x55/0x100 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fb30361add7 Code: 00 00 00 48 8b 05 c1 80 2b 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 80 2b 00 f7 d8 64 89 01 48 RSP: 002b:00007fb2e97f98b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000000ae80 RCX: 00007fb30361add7 RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000015 RBP: 00005652b984e0f0 R08: 00005652b7d513d0 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fb308c66000 R14: 0000000000000000 R15: 00005652b984e0f0 * from v1 - description correction - Andrew - add comment about removing BDI_CAP_SYNCHRONOUS_IO Link: https://lore.kernel.org/lkml/0516ae2d-b0fd-92c5-aa92-112ba7bd32fc@contabo.d… Link: http://lkml.kernel.org/r/20180802051112.86174-1-minchan@kernel.org Signed-off-by: Minchan Kim <minchan(a)kernel.org> Reported-by: Tino Lehnig <tino.lehnig(a)contabo.de> Tested-by: Tino Lehnig <tino.lehnig(a)contabo.de> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: <stable(a)vger.kernel.org> [4.15+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index 7436b2d27fa3..82aa1a1f383a 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -298,7 +298,8 @@ static void reset_bdev(struct zram *zram) zram->backing_dev = NULL; zram->old_block_size = 0; zram->bdev = NULL; - + zram->disk->queue->backing_dev_info->capabilities |= + BDI_CAP_SYNCHRONOUS_IO; kvfree(zram->bitmap); zram->bitmap = NULL; } @@ -400,6 +401,18 @@ static ssize_t backing_dev_store(struct device *dev, zram->backing_dev = backing_dev; zram->bitmap = bitmap; zram->nr_pages = nr_pages; + /* + * With writeback feature, zram does asynchronous IO so it's no longer + * synchronous device so let's remove synchronous io flag. Othewise, + * upper layer(e.g., swap) could wait IO completion rather than + * (submit and return), which will cause system sluggish. + * Furthermore, when the IO function returns(e.g., swap_readpage), + * upper layer expects IO was done so it could deallocate the page + * freely but in fact, IO is going on so finally could cause + * use-after-free when the IO is really done. + */ + zram->disk->queue->backing_dev_info->capabilities &= + ~BDI_CAP_SYNCHRONOUS_IO; up_write(&zram->init_lock); pr_info("setup backing device %s\n", file_name); -- 2.18.0.597.ga71716f1ad-goog

7 years, 1 month

1
0
0 0

[PATCH 1/2] zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature

by Minchan Kim

If zram supports writeback feature, it's no more syncrhonous device beause zram does synchronous IO opeation for incompressible page. Do not pretend to be syncrhonous IO device. It makes system very sluggish as waiting IO completion from upper layer. Furthermore, it makes user-after-free problem because swap think the opearion is done when the IO functions returns so it could free page by will(e.g., lock_page_or_retry and goto out_release in do_swap_page) but in fact, IO is asynchrnous so driver could access just freed page afterward. This patch fixes the problem. BUG: Bad page state in process qemu-system-x86 pfn:3dfab21 page:ffffdfb137eac840 count:0 mapcount:0 mapping:0000000000000000 index:0x1 flags: 0x17fffc000000008(uptodate) raw: 017fffc000000008 dead000000000100 dead000000000200 0000000000000000 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag set bad because of flags: 0x8(uptodate) Modules linked in: lz4 lz4_compress zram zsmalloc intel_rapl sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel bin fmt_misc pcbc aesni_intel aes_x86_64 crypto_simd cryptd iTCO_wdt glue_helper iTCO_vendor_support intel_cstate lpc_ich mei_me intel_uncore intel_rapl_perf pcspkr joydev sg mfd_core ioatdma mei wmi evdev ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter acpi_pad button ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 fscrypto hid_generic usbhid hid sd_mod xhci_pci ehci_pci ahci libahci xhci_hcd ehci_hcd libata igb i2c_algo_bit crc32c_intel scsi_mod i2c_i8 01 dca usbcore CPU: 4 PID: 1039 Comm: qemu-system-x86 Tainted: G B 4.18.0-rc5+ #1 Hardware name: Supermicro Super Server/X10SRL-F, BIOS 2.0b 05/02/2017 Call Trace: dump_stack+0x5c/0x7b bad_page+0xba/0x120 get_page_from_freelist+0x1016/0x1250 __alloc_pages_nodemask+0xfa/0x250 alloc_pages_vma+0x7c/0x1c0 do_swap_page+0x347/0x920 ? __update_load_avg_se.isra.38+0x1eb/0x1f0 ? cpumask_next_wrap+0x3d/0x60 __handle_mm_fault+0x7b4/0x1110 ? update_load_avg+0x5ea/0x720 handle_mm_fault+0xfc/0x1f0 __get_user_pages+0x12f/0x690 get_user_pages_unlocked+0x148/0x1f0 __gfn_to_pfn_memslot+0xff/0x3c0 [kvm] try_async_pf+0x87/0x230 [kvm] tdp_page_fault+0x132/0x290 [kvm] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] kvm_mmu_page_fault+0x74/0x570 [kvm] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmx_vcpu_run+0x375/0x620 [kvm_intel] kvm_arch_vcpu_ioctl_run+0x9b3/0x1990 [kvm] ? __update_load_avg_se.isra.38+0x1eb/0x1f0 ? kvm_vcpu_ioctl+0x388/0x5d0 [kvm] kvm_vcpu_ioctl+0x388/0x5d0 [kvm] ? __switch_to+0x395/0x450 ? __switch_to+0x395/0x450 do_vfs_ioctl+0xa2/0x630 ? __schedule+0x3fd/0x890 ksys_ioctl+0x70/0x80 ? exit_to_usermode_loop+0xca/0xf0 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x55/0x100 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fb30361add7 Code: 00 00 00 48 8b 05 c1 80 2b 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 80 2b 00 f7 d8 64 89 01 48 RSP: 002b:00007fb2e97f98b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000000ae80 RCX: 00007fb30361add7 RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000015 RBP: 00005652b984e0f0 R08: 00005652b7d513d0 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fb308c66000 R14: 0000000000000000 R15: 00005652b984e0f0 Link: https://lore.kernel.org/lkml/0516ae2d-b0fd-92c5-aa92-112ba7bd32fc@contabo.d… Reported-by: Tino Lehnig <tino.lehnig(a)contabo.de> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Tino Lehnig <tino.lehnig(a)contabo.de> Cc: <stable(a)vger.kernel.org> # v4.15+ Tested-by: Tino Lehnig <tino.lehnig(a)contabo.de> Signed-off-by: Minchan Kim <minchan(a)kernel.org> --- drivers/block/zram/zram_drv.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index 7436b2d27fa3..0b6eda1bd77a 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -298,7 +298,8 @@ static void reset_bdev(struct zram *zram) zram->backing_dev = NULL; zram->old_block_size = 0; zram->bdev = NULL; - + zram->disk->queue->backing_dev_info->capabilities |= + BDI_CAP_SYNCHRONOUS_IO; kvfree(zram->bitmap); zram->bitmap = NULL; } @@ -400,6 +401,8 @@ static ssize_t backing_dev_store(struct device *dev, zram->backing_dev = backing_dev; zram->bitmap = bitmap; zram->nr_pages = nr_pages; + zram->disk->queue->backing_dev_info->capabilities &= + ~BDI_CAP_SYNCHRONOUS_IO; up_write(&zram->init_lock); pr_info("setup backing device %s\n", file_name); -- 2.18.0.597.ga71716f1ad-goog

7 years, 1 month

3
11
0 0

give editing

by Sam Dennis

Want to know if you have photos for editing? We can edit 300+ images each day. We can work on ecommerce photos, jewelry photos, and portrait photos. We give cut out and clipping path for different kind of photos, and also we provide retouching for them. Send us a test photo and we will do testing for you. Thanks, Sam Dennis

7 years, 1 month

1
0
0 0

Long and short term loan without collateral at 3% interest rate

by Brad Sanwomi

Dear Prospective Client, We provide funding for up to 500 Million USD. Loans are available at 3% interest rate with re-payment period of 1 year to 30 years. We provide:- *Business Loans *Project Loans *Personal Loans *Home Loans e.t.c If interested, please provide the information below:- Name: Amount Needed: Duration: Loan Type(e.g Business, Project or Personal): Country of residence: The above information would help us determine the best way to assist you. Regards Sanwomi Brad

7 years, 1 month

1
0
0 0

[PATCH 4.9 00/32] 4.9.118-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.118 release. There are 32 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon Aug 6 08:26:35 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.118-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.118-rc1 Tony Battersby <tonyb(a)cybernetics.com> scsi: sg: fix minor memory leak in error path Boris Brezillon <boris.brezillon(a)bootlin.com> drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats Herbert Xu <herbert(a)gondor.apana.org.au> crypto: padlock-aes - Fix Nano workaround data corruption Roman Kagan <rkagan(a)virtuozzo.com> kvm: x86: vmx: fix vpid leak Jiang Biao <jiang.biao2(a)zte.com.cn> virtio_balloon: fix another race between migration and ballooning Jeremy Cline <jcline(a)redhat.com> net: socket: fix potential spectre v1 gadget in socketcall Anton Vasilyev <vasilyev(a)ispras.ru> can: ems_usb: Fix memory leak on ems_usb_disconnect() Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: more metadata hardenings Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: more metadata hardening Jose Abreu <Jose.Abreu(a)synopsys.com> net: stmmac: Fix WoL for PCI-based setups Jeremy Cline <jcline(a)redhat.com> netlink: Fix spectre v1 gadget in netlink_create() Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: Do not suspend/resume closed slave_dev Eric Dumazet <edumazet(a)google.com> ipv4: frags: handle possible skb truesize change Eric Dumazet <edumazet(a)google.com> inet: frag: enforce memory limits earlier Eric Dumazet <edumazet(a)google.com> bonding: avoid lockdep confusion in bond_get_stats() Boqun Feng <boqun.feng(a)gmail.com> sched/wait: Remove the lockless swait_active() check in swake_up*() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: intel: Read back TX buffer state Eric Dumazet <edumazet(a)google.com> tcp: add one more quick ack after after ECN events Yousuk Seung <ysseung(a)google.com> tcp: refactor tcp_ecn_check_ce to remove sk type cast Eric Dumazet <edumazet(a)google.com> tcp: do not aggressively quick ack after ECN events Eric Dumazet <edumazet(a)google.com> tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode Eric Dumazet <edumazet(a)google.com> tcp: do not force quickack when receiving out-of-order packets Dmitry Safonov <dima(a)arista.com> netlink: Don't shift with UB on nlk->ngroups Dmitry Safonov <dima(a)arista.com> netlink: Do not subscribe to non-existent groups Xiao Liang <xiliang(a)redhat.com> xen-netfront: wait xenbus state change when load module manually Neal Cardwell <ncardwell(a)google.com> tcp_bbr: fix bw probing to raise in-flight data for very small BDPs Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> NET: stmmac: align DMA stuff to largest cache line length Anton Vasilyev <vasilyev(a)ispras.ru> net: mdio-mux: bcm-iproc: fix wrong getter and setter pair Stefan Wahren <stefan.wahren(a)i2se.com> net: lan78xx: fix rx handling before first packet is send tangpengpeng <tangpengpeng(a)higon.com> net: fix amd-xgbe flow-control issue Gal Pressman <pressmangal(a)gmail.com> net: ena: Fix use of uninitialized DMA address bits field Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> ipv4: remove BUG_ON() from fib_compute_spec_dst ------------- Diffstat: Makefile | 4 +- arch/x86/kvm/vmx.c | 7 ++-- drivers/crypto/padlock-aes.c | 8 +++- drivers/gpu/drm/vc4/vc4_plane.c | 3 ++ drivers/net/bonding/bond_main.c | 14 ++++++- drivers/net/can/usb/ems_usb.c | 1 + drivers/net/ethernet/amazon/ena/ena_com.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 40 ++++++++++++++++++- drivers/net/phy/mdio-mux-bcm-iproc.c | 2 +- drivers/net/usb/lan78xx.c | 2 + drivers/net/xen-netfront.c | 6 +++ drivers/pinctrl/intel/pinctrl-intel.c | 7 +++- drivers/scsi/sg.c | 1 + drivers/virtio/virtio_balloon.c | 2 + fs/squashfs/block.c | 2 + fs/squashfs/fragment.c | 13 ++++-- fs/squashfs/squashfs_fs_sb.h | 1 + fs/squashfs/super.c | 5 ++- include/net/tcp.h | 2 +- kernel/sched/swait.c | 6 --- net/dsa/slave.c | 6 +++ net/ipv4/fib_frontend.c | 4 +- net/ipv4/inet_fragment.c | 10 ++--- net/ipv4/ip_fragment.c | 5 +++ net/ipv4/tcp_bbr.c | 4 ++ net/ipv4/tcp_dctcp.c | 4 +- net/ipv4/tcp_input.c | 48 ++++++++++++----------- net/netlink/af_netlink.c | 7 ++++ net/socket.c | 2 + 31 files changed, 161 insertions(+), 62 deletions(-)

7 years, 1 month

4
35
0 0

[PATCH 4.14 00/23] 4.14.61-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.61 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon Aug 6 08:26:30 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.61-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.61-rc1 Tony Battersby <tonyb(a)cybernetics.com> scsi: sg: fix minor memory leak in error path Boris Brezillon <boris.brezillon(a)bootlin.com> drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats Herbert Xu <herbert(a)gondor.apana.org.au> crypto: padlock-aes - Fix Nano workaround data corruption Jack Morgenstein <jackm(a)dev.mellanox.co.il> RDMA/uverbs: Expand primary and alt AV port checks Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> iwlwifi: add more card IDs for 9000 series Mike Rapoport <rppt(a)linux.vnet.ibm.com> userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails Yi Wang <wang.yi59(a)zte.com.cn> audit: fix potential null dereference 'context->module.name' Roman Kagan <rkagan(a)virtuozzo.com> kvm: x86: vmx: fix vpid leak Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Remove %ebx handling from error_entry/exit Len Brown <len.brown(a)intel.com> x86/apic: Future-proof the TSC_DEADLINE quirk for SKX Jiang Biao <jiang.biao2(a)zte.com.cn> virtio_balloon: fix another race between migration and ballooning Jeremy Cline <jcline(a)redhat.com> net: socket: fix potential spectre v1 gadget in socketcall Anton Vasilyev <vasilyev(a)ispras.ru> can: ems_usb: Fix memory leak on ems_usb_disconnect() Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: more metadata hardenings Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: more metadata hardening Eli Cohen <eli(a)mellanox.com> net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager YueHaibing <yuehaibing(a)huawei.com> rxrpc: Fix user call ID check in rxrpc_service_prealloc_one Jose Abreu <Jose.Abreu(a)synopsys.com> net: stmmac: Fix WoL for PCI-based setups Jeremy Cline <jcline(a)redhat.com> netlink: Fix spectre v1 gadget in netlink_create() Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: Do not suspend/resume closed slave_dev Eric Dumazet <edumazet(a)google.com> ipv4: frags: handle possible skb truesize change Eric Dumazet <edumazet(a)google.com> inet: frag: enforce memory limits earlier Eric Dumazet <edumazet(a)google.com> bonding: avoid lockdep confusion in bond_get_stats() ------------- Diffstat: Makefile | 4 +- arch/x86/entry/entry_64.S | 18 ++---- arch/x86/kernel/apic/apic.c | 3 + arch/x86/kvm/vmx.c | 7 +-- drivers/crypto/padlock-aes.c | 8 ++- drivers/gpu/drm/vc4/vc4_plane.c | 3 + drivers/infiniband/core/uverbs_cmd.c | 59 +++++++++++++++++-- drivers/net/bonding/bond_main.c | 14 ++++- drivers/net/can/usb/ems_usb.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 40 ++++++++++++- drivers/net/wireless/intel/iwlwifi/cfg/9000.c | 69 +++++++++++++++++++++++ drivers/net/wireless/intel/iwlwifi/iwl-config.h | 5 ++ drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 22 ++++++++ drivers/scsi/sg.c | 1 + drivers/virtio/virtio_balloon.c | 2 + fs/squashfs/block.c | 2 + fs/squashfs/fragment.c | 13 +++-- fs/squashfs/squashfs_fs_sb.h | 1 + fs/squashfs/super.c | 5 +- fs/userfaultfd.c | 4 +- kernel/auditsc.c | 13 +++-- net/dsa/slave.c | 6 ++ net/ipv4/inet_fragment.c | 10 ++-- net/ipv4/ip_fragment.c | 5 ++ net/netlink/af_netlink.c | 2 + net/rxrpc/call_accept.c | 4 +- net/socket.c | 2 + 28 files changed, 276 insertions(+), 51 deletions(-)

7 years, 1 month

3
24
0 0

[PATCH 4.17 00/31] 4.17.13-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.17.13 release. There are 31 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon Aug 6 08:26:21 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.17.13-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.17.13-rc1 Tony Battersby <tonyb(a)cybernetics.com> scsi: sg: fix minor memory leak in error path Boris Brezillon <boris.brezillon(a)bootlin.com> drm/atomic: Initialize variables in drm_atomic_helper_async_check() to make gcc happy Boris Brezillon <boris.brezillon(a)bootlin.com> drm/atomic: Check old_plane_state->crtc in drm_atomic_helper_async_check() Boris Brezillon <boris.brezillon(a)bootlin.com> drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats Herbert Xu <herbert(a)gondor.apana.org.au> crypto: padlock-aes - Fix Nano workaround data corruption Jack Morgenstein <jackm(a)dev.mellanox.co.il> RDMA/uverbs: Expand primary and alt AV port checks Rafał Miłecki <rafal(a)milecki.pl> brcmfmac: fix regression in parsing NVRAM for multiple devices Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> iwlwifi: add more card IDs for 9000 series Mike Rapoport <rppt(a)linux.vnet.ibm.com> userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails Jane Chu <jane.chu(a)oracle.com> ipc/shm.c add ->pagesize function to shm_vm_ops Yi Wang <wang.yi59(a)zte.com.cn> audit: fix potential null dereference 'context->module.name' Roman Kagan <rkagan(a)virtuozzo.com> kvm: x86: vmx: fix vpid leak Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Remove %ebx handling from error_entry/exit Len Brown <len.brown(a)intel.com> x86/apic: Future-proof the TSC_DEADLINE quirk for SKX Brijesh Singh <brijesh.singh(a)amd.com> x86/efi: Access EFI MMIO data as unencrypted when SEV is active Jiang Biao <jiang.biao2(a)zte.com.cn> virtio_balloon: fix another race between migration and ballooning Jeremy Cline <jcline(a)redhat.com> net: socket: Fix potential spectre v1 gadget in sock_is_registered Jeremy Cline <jcline(a)redhat.com> net: socket: fix potential spectre v1 gadget in socketcall Anton Vasilyev <vasilyev(a)ispras.ru> can: ems_usb: Fix memory leak on ems_usb_disconnect() Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: more metadata hardenings Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: more metadata hardening Feras Daoud <ferasda(a)mellanox.com> net/mlx5e: IPoIB, Set the netdevice sw mtu in ipoib enhanced flow Or Gerlitz <ogerlitz(a)mellanox.com> net/mlx5e: Set port trust mode to PCP as default Eli Cohen <eli(a)mellanox.com> net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager YueHaibing <yuehaibing(a)huawei.com> rxrpc: Fix user call ID check in rxrpc_service_prealloc_one Jose Abreu <Jose.Abreu(a)synopsys.com> net: stmmac: Fix WoL for PCI-based setups Jeremy Cline <jcline(a)redhat.com> netlink: Fix spectre v1 gadget in netlink_create() Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: Do not suspend/resume closed slave_dev Eric Dumazet <edumazet(a)google.com> ipv4: frags: handle possible skb truesize change Eric Dumazet <edumazet(a)google.com> inet: frag: enforce memory limits earlier Eric Dumazet <edumazet(a)google.com> bonding: avoid lockdep confusion in bond_get_stats() ------------- Diffstat: Makefile | 4 +- arch/x86/entry/entry_64.S | 18 ++---- arch/x86/kernel/apic/apic.c | 3 + arch/x86/kvm/vmx.c | 7 +-- arch/x86/platform/efi/efi_64.c | 2 +- drivers/crypto/padlock-aes.c | 8 ++- drivers/gpu/drm/drm_atomic_helper.c | 8 ++- drivers/gpu/drm/vc4/vc4_plane.c | 3 + drivers/infiniband/core/uverbs_cmd.c | 59 ++++++++++++++++-- drivers/net/bonding/bond_main.c | 14 ++++- drivers/net/can/usb/ems_usb.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 4 +- .../net/ethernet/mellanox/mlx5/core/ipoib/ipoib.c | 4 ++ drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 40 ++++++++++++- .../wireless/broadcom/brcm80211/brcmfmac/pcie.c | 3 +- drivers/net/wireless/intel/iwlwifi/cfg/9000.c | 69 ++++++++++++++++++++++ drivers/net/wireless/intel/iwlwifi/iwl-config.h | 5 ++ drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 22 +++++++ drivers/scsi/sg.c | 1 + drivers/virtio/virtio_balloon.c | 2 + fs/squashfs/block.c | 2 + fs/squashfs/fragment.c | 13 ++-- fs/squashfs/squashfs_fs_sb.h | 1 + fs/squashfs/super.c | 5 +- fs/userfaultfd.c | 4 +- ipc/shm.c | 12 ++++ kernel/auditsc.c | 13 ++-- mm/hugetlb.c | 7 +++ net/dsa/slave.c | 6 ++ net/ipv4/inet_fragment.c | 6 +- net/ipv4/ip_fragment.c | 5 ++ net/netlink/af_netlink.c | 2 + net/rxrpc/call_accept.c | 4 +- net/socket.c | 5 +- 35 files changed, 309 insertions(+), 55 deletions(-)

7 years, 1 month

3
31
0 0

[PATCHv2] netlink: Don't shift on 64 for ngroups

by Dmitry Safonov

It's legal to have 64 groups for netlink_sock. As user-supplied nladdr->nl_groups is __u32, it's possible to subscribe only to first 32 groups. The check for correctness of .bind() userspace supplied parameter is done by applying mask made from ngroups shift. Which broke Android as they have 64 groups and the shift for mask resulted in an overflow. Fixes: 61f4b23769f0 ("netlink: Don't shift with UB on nlk->ngroups") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Herbert Xu <herbert(a)gondor.apana.org.au> Cc: Steffen Klassert <steffen.klassert(a)secunet.com> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org Reported-and-Tested-by: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Dmitry Safonov <dima(a)arista.com> --- v2: sizeof() is in bytes net/netlink/af_netlink.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 7d860a22e5fb..d6ff4d409437 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1011,8 +1011,8 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, if (nlk->ngroups == 0) groups = 0; - else - groups &= (1ULL << nlk->ngroups) - 1; + else if (nlk->ngroups < 8*sizeof(groups)) + groups &= (1UL << nlk->ngroups) - 1; bound = nlk->bound; if (bound) { -- 2.13.6

7 years, 1 month

2
1
0 0

[PATCH] netlink: Don't shift on 64 for ngroups

by Dmitry Safonov

It's legal to have 64 groups for netlink_sock. As user-supplied nladdr->nl_groups is __u32, it's possible to subscribe only to first 32 groups. The check for correctness of .bind() userspace supplied parameter is done by applying mask made from ngroups shift. Which broke Android as they have 64 groups and the shift for mask resulted in an overflow. Fixes: 61f4b23769f0 ("netlink: Don't shift with UB on nlk->ngroups") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Herbert Xu <herbert(a)gondor.apana.org.au> Cc: Steffen Klassert <steffen.klassert(a)secunet.com> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org Reported-and-Tested-by: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Dmitry Safonov <dima(a)arista.com> --- net/netlink/af_netlink.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 7d860a22e5fb..e44edadfad20 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1011,8 +1011,8 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, if (nlk->ngroups == 0) groups = 0; - else - groups &= (1ULL << nlk->ngroups) - 1; + else if (nlk->ngroups < sizeof(long unsigned int)) + groups &= (1UL << nlk->ngroups) - 1; bound = nlk->bound; if (bound) { -- 2.13.6

7 years, 1 month

2
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror