- Linux-stable-mirror - lists.linaro.org

Re: [Xen-devel] [PATCH] xen: remove size limit of privcmd-buf mapping interface

by Juergen Gross

On 02/11/2018 08:26, Jan Beulich wrote: >>>> On 01.11.18 at 17:27, <jgross(a)suse.com> wrote: >> On 01/11/2018 16:50, Jan Beulich wrote: >>>>>> Juergen Gross <jgross(a)suse.com> 11/01/18 3:23 PM >>> >>>> On 01/11/2018 15:18, Jan Beulich wrote: >>>>>>>> Juergen Gross <jgross(a)suse.com> 11/01/18 1:34 PM >>> >>>>>> Currently the size of hypercall buffers allocated via >>>>>> /dev/xen/hypercall is limited to a default of 64 memory pages. For live >>>>>> migration of guests this might be too small as the page dirty bitmask >>>>>> needs to be sized according to the size of the guest. This means >>>>>> migrating a 8GB sized guest is already exhausting the default buffer >>>>>> size for the dirty bitmap. >>>>>> >>>>>> There is no sensible way to set a sane limit, so just remove it >>>>>> completely. The device node's usage is limited to root anyway, so there >>>>>> is no additional DOS scenario added by allowing unlimited buffers. >>>>> >>>>> But is this setting of permissions what we want long term? What about a >>>>> de-privileged qemu, which still needs to be able to issue at least dm-op >>>>> hypercalls? >>>> >>>> Wouldn't that qemu have opened the node while still being privileged? >>> >>> Possibly, but how does this help? As soon as it's unprivileged it must not >>> be able to hog resources anymore. >>> >>> Anyway, with Andrew's reply my point may be irrelevant, but I have to >>> admit I'm not entirely sure. >> >> I guess we want Xen tools to close /dev/xen/hypercall (or more precise: >> don't dup2() it) when qemu is de-privileging itself. This will make it >> very clear that it can't hog memory via mmap(). >> >> When you are fine with that I'll send a Xen patch for this. > > If that doesn't prevent the process from making the hypercalls it > is permitted to do (I have to admit I don't recall if there are any > still needed besides the dmop ones), sure. Turns out that is already done: the restrict_all callback of libxencall will associate /dev/null with the file descriptor of /dev/xen/hypercall. Juergen

7 years, 1 month

1
0
0 0

[PATCH AUTOSEL 4.4 01/25] xfrm: Validate address prefix lengths in the xfrm selector.

by Sasha Levin

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit 07bf7908950a8b14e81aa1807e3c667eab39287a ] We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Air Icy <icytxw(a)gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/xfrm/xfrm_user.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index a9b4491a3cc4..c2e98dcba9fe 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -151,10 +151,16 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, err = -EINVAL; switch (p->family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + goto out; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + goto out; + break; #else err = -EAFNOSUPPORT; @@ -1312,10 +1318,16 @@ static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) switch (p->sel.family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + return -EINVAL; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + return -EINVAL; + break; #else return -EAFNOSUPPORT; -- 2.17.1

7 years, 1 month

2
25
0 0

Re: Patch "bridge: do not add port to router list when receives query with source 0.0.0.0" has been added to the 4.18-stable tree

by Hangbin Liu

On Fri, Nov 02, 2018 at 06:13:17AM +0100, gregkh(a)linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > bridge: do not add port to router list when receives query with source 0.0.0.0 > > to the 4.18-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > bridge-do-not-add-port-to-router-list-when-receives-query-with-source-0.0.0.0.patch > and it can be found in the queue-4.18 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Hi, Please also include patch commit 0fe5119e267f3e3d8ac206895f5922195ec55a8a Author: Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> Date: Sat Oct 27 12:07:47 2018 +0300 net: bridge: remove ipv6 zero address check in mcast queries which fixed the patch. Thanks Hangbin > > > From foo@baz Fri Nov 2 06:12:44 CET 2018 > From: Hangbin Liu <liuhangbin(a)gmail.com> > Date: Fri, 26 Oct 2018 10:28:43 +0800 > Subject: bridge: do not add port to router list when receives query with source 0.0.0.0 > > From: Hangbin Liu <liuhangbin(a)gmail.com> > > [ Upstream commit 5a2de63fd1a59c30c02526d427bc014b98adf508 ] > > Based on RFC 4541, 2.1.1. IGMP Forwarding Rules > > The switch supporting IGMP snooping must maintain a list of > multicast routers and the ports on which they are attached. This > list can be constructed in any combination of the following ways: > > a) This list should be built by the snooping switch sending > Multicast Router Solicitation messages as described in IGMP > Multicast Router Discovery [MRDISC]. It may also snoop > Multicast Router Advertisement messages sent by and to other > nodes. > > b) The arrival port for IGMP Queries (sent by multicast routers) > where the source address is not 0.0.0.0. > > We should not add the port to router list when receives query with source > 0.0.0.0. > > Reported-by: Ying Xu <yinxu(a)redhat.com> > Signed-off-by: Hangbin Liu <liuhangbin(a)gmail.com> > Acked-by: Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> > Acked-by: Roopa Prabhu <roopa(a)cumulusnetworks.com> > Signed-off-by: David S. Miller <davem(a)davemloft.net> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > net/bridge/br_multicast.c | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > > --- a/net/bridge/br_multicast.c > +++ b/net/bridge/br_multicast.c > @@ -1420,7 +1420,15 @@ static void br_multicast_query_received( > return; > > br_multicast_update_query_timer(br, query, max_delay); > - br_multicast_mark_router(br, port); > + > + /* Based on RFC4541, section 2.1.1 IGMP Forwarding Rules, > + * the arrival port for IGMP Queries where the source address > + * is 0.0.0.0 should not be added to router port list. > + */ > + if ((saddr->proto == htons(ETH_P_IP) && saddr->u.ip4) || > + (saddr->proto == htons(ETH_P_IPV6) && > + !ipv6_addr_any(&saddr->u.ip6))) > + br_multicast_mark_router(br, port); > } > > static int br_ip4_multicast_query(struct net_bridge *br, > > > Patches currently in stable-queue which might be from liuhangbin(a)gmail.com are > > queue-4.18/bridge-do-not-add-port-to-router-list-when-receives-query-with-source-0.0.0.0.patch

7 years, 1 month

3
2
0 0

Re: [Xen-devel] [PATCH] xen: remove size limit of privcmd-buf mapping interface

by Juergen Gross

On 01/11/2018 16:50, Jan Beulich wrote: >>>> Juergen Gross <jgross(a)suse.com> 11/01/18 3:23 PM >>> >> On 01/11/2018 15:18, Jan Beulich wrote: >>>>>> Juergen Gross <jgross(a)suse.com> 11/01/18 1:34 PM >>> >>>> Currently the size of hypercall buffers allocated via >>>> /dev/xen/hypercall is limited to a default of 64 memory pages. For live >>>> migration of guests this might be too small as the page dirty bitmask >>>> needs to be sized according to the size of the guest. This means >>>> migrating a 8GB sized guest is already exhausting the default buffer >>>> size for the dirty bitmap. >>>> >>>> There is no sensible way to set a sane limit, so just remove it >>>> completely. The device node's usage is limited to root anyway, so there >>>> is no additional DOS scenario added by allowing unlimited buffers. >>> >>> But is this setting of permissions what we want long term? What about a >>> de-privileged qemu, which still needs to be able to issue at least dm-op >>> hypercalls? >> >> Wouldn't that qemu have opened the node while still being privileged? > > Possibly, but how does this help? As soon as it's unprivileged it must not > be able to hog resources anymore. > > Anyway, with Andrew's reply my point may be irrelevant, but I have to > admit I'm not entirely sure. I guess we want Xen tools to close /dev/xen/hypercall (or more precise: don't dup2() it) when qemu is de-privileging itself. This will make it very clear that it can't hog memory via mmap(). When you are fine with that I'll send a Xen patch for this. Juergen

7 years, 1 month

2
1
0 0

Re: Patch "bridge: do not add port to router list when receives query with source 0.0.0.0" has been added to the 4.19-stable tree

by Hangbin Liu

On Fri, Nov 02, 2018 at 06:16:13AM +0100, gregkh(a)linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > bridge: do not add port to router list when receives query with source 0.0.0.0 > > to the 4.19-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > bridge-do-not-add-port-to-router-list-when-receives-query-with-source-0.0.0.0.patch > and it can be found in the queue-4.19 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Hi, Patch commit 0fe5119e267f3e3d8ac206895f5922195ec55a8a Author: Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> Date: Sat Oct 27 12:07:47 2018 +0300 net: bridge: remove ipv6 zero address check in mcast queries is also needed to fix this patch. Thanks Hangbin > > > From foo@baz Fri Nov 2 06:12:28 CET 2018 > From: Hangbin Liu <liuhangbin(a)gmail.com> > Date: Fri, 26 Oct 2018 10:28:43 +0800 > Subject: bridge: do not add port to router list when receives query with source 0.0.0.0 > > From: Hangbin Liu <liuhangbin(a)gmail.com> > > [ Upstream commit 5a2de63fd1a59c30c02526d427bc014b98adf508 ] > > Based on RFC 4541, 2.1.1. IGMP Forwarding Rules > > The switch supporting IGMP snooping must maintain a list of > multicast routers and the ports on which they are attached. This > list can be constructed in any combination of the following ways: > > a) This list should be built by the snooping switch sending > Multicast Router Solicitation messages as described in IGMP > Multicast Router Discovery [MRDISC]. It may also snoop > Multicast Router Advertisement messages sent by and to other > nodes. > > b) The arrival port for IGMP Queries (sent by multicast routers) > where the source address is not 0.0.0.0. > > We should not add the port to router list when receives query with source > 0.0.0.0. > > Reported-by: Ying Xu <yinxu(a)redhat.com> > Signed-off-by: Hangbin Liu <liuhangbin(a)gmail.com> > Acked-by: Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> > Acked-by: Roopa Prabhu <roopa(a)cumulusnetworks.com> > Signed-off-by: David S. Miller <davem(a)davemloft.net> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > net/bridge/br_multicast.c | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > > --- a/net/bridge/br_multicast.c > +++ b/net/bridge/br_multicast.c > @@ -1420,7 +1420,15 @@ static void br_multicast_query_received( > return; > > br_multicast_update_query_timer(br, query, max_delay); > - br_multicast_mark_router(br, port); > + > + /* Based on RFC4541, section 2.1.1 IGMP Forwarding Rules, > + * the arrival port for IGMP Queries where the source address > + * is 0.0.0.0 should not be added to router port list. > + */ > + if ((saddr->proto == htons(ETH_P_IP) && saddr->u.ip4) || > + (saddr->proto == htons(ETH_P_IPV6) && > + !ipv6_addr_any(&saddr->u.ip6))) > + br_multicast_mark_router(br, port); > } > > static void br_ip4_multicast_query(struct net_bridge *br, > > > Patches currently in stable-queue which might be from liuhangbin(a)gmail.com are > > queue-4.19/bridge-do-not-add-port-to-router-list-when-receives-query-with-source-0.0.0.0.patch

7 years, 1 month

2
1
0 0

[PATCHES] Sparc

by David Miller

Please queue up the following sparc bug fixes for v4.18 and v4.19 -stable, respectively. Thanks! >From dd6bdff3a6573eb93d5ea786ecb319aeb0134ef0 Mon Sep 17 00:00:00 2001 From: "David S. Miller" <davem(a)davemloft.net> Date: Fri, 26 Oct 2018 15:11:56 -0700 Subject: [PATCH 1/3] sparc64: Export __node_distance. [ Upstream commit 2b4792eaa9f553764047d157365ed8b7787751a3 ] Some drivers reference it via node_distance(), for example the NVME host driver core. ERROR: "__node_distance" [drivers/nvme/host/nvme-core.ko] undefined! make[1]: *** [scripts/Makefile.modpost:92: __modpost] Error 1 Signed-off-by: David S. Miller <davem(a)davemloft.net> --- arch/sparc/mm/init_64.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c index f396048a0d68..39822f611c01 100644 --- a/arch/sparc/mm/init_64.c +++ b/arch/sparc/mm/init_64.c @@ -1383,6 +1383,7 @@ int __node_distance(int from, int to) } return numa_latency[from][to]; } +EXPORT_SYMBOL(__node_distance); static int __init find_best_numa_node_for_mlgroup(struct mdesc_mlgroup *grp) { -- 2.19.1 >From 2835fa1d7c211c2367f8ec488306a00c01b63472 Mon Sep 17 00:00:00 2001 From: David Miller <davem(a)redhat.com> Date: Thu, 25 Oct 2018 20:36:46 -0700 Subject: [PATCH 2/3] sparc64: Make corrupted user stacks more debuggable. [ Upstream commit 5b4fc3882a649c9411dd0dcad2ddb78e911d340e ] Right now if we get a corrupted user stack frame we do a do_exit(SIGILL) which is not helpful. If under a debugger, this behavior causes the inferior process to exit. So the register and other state cannot be examined at the time of the event. Instead, conditionally log a rate limited kernel log message and then force a SIGSEGV. With bits and ideas borrowed (as usual) from powerpc. Signed-off-by: David S. Miller <davem(a)davemloft.net> --- arch/sparc/include/asm/switch_to_64.h | 3 ++- arch/sparc/kernel/process_64.c | 25 +++++++++++++++++++------ arch/sparc/kernel/rtrap_64.S | 1 + arch/sparc/kernel/signal32.c | 12 ++++++++++-- arch/sparc/kernel/signal_64.c | 6 +++++- 5 files changed, 37 insertions(+), 10 deletions(-) diff --git a/arch/sparc/include/asm/switch_to_64.h b/arch/sparc/include/asm/switch_to_64.h index 4ff29b1406a9..b1d4e2e3210f 100644 --- a/arch/sparc/include/asm/switch_to_64.h +++ b/arch/sparc/include/asm/switch_to_64.h @@ -67,6 +67,7 @@ do { save_and_clear_fpu(); \ } while(0) void synchronize_user_stack(void); -void fault_in_user_windows(void); +struct pt_regs; +void fault_in_user_windows(struct pt_regs *); #endif /* __SPARC64_SWITCH_TO_64_H */ diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c index 6c086086ca8f..59eaf6227af1 100644 --- a/arch/sparc/kernel/process_64.c +++ b/arch/sparc/kernel/process_64.c @@ -36,6 +36,7 @@ #include <linux/sysrq.h> #include <linux/nmi.h> #include <linux/context_tracking.h> +#include <linux/signal.h> #include <linux/uaccess.h> #include <asm/page.h> @@ -521,7 +522,12 @@ static void stack_unaligned(unsigned long sp) force_sig_fault(SIGBUS, BUS_ADRALN, (void __user *) sp, 0, current); } -void fault_in_user_windows(void) +static const char uwfault32[] = KERN_INFO \ + "%s[%d]: bad register window fault: SP %08lx (orig_sp %08lx) TPC %08lx O7 %08lx\n"; +static const char uwfault64[] = KERN_INFO \ + "%s[%d]: bad register window fault: SP %016lx (orig_sp %016lx) TPC %08lx O7 %016lx\n"; + +void fault_in_user_windows(struct pt_regs *regs) { struct thread_info *t = current_thread_info(); unsigned long window; @@ -534,9 +540,9 @@ void fault_in_user_windows(void) do { struct reg_window *rwin = &t->reg_window[window]; int winsize = sizeof(struct reg_window); - unsigned long sp; + unsigned long sp, orig_sp; - sp = t->rwbuf_stkptrs[window]; + orig_sp = sp = t->rwbuf_stkptrs[window]; if (test_thread_64bit_stack(sp)) sp += STACK_BIAS; @@ -547,8 +553,16 @@ void fault_in_user_windows(void) stack_unaligned(sp); if (unlikely(copy_to_user((char __user *)sp, - rwin, winsize))) + rwin, winsize))) { + if (show_unhandled_signals) + printk_ratelimited(is_compat_task() ? + uwfault32 : uwfault64, + current->comm, current->pid, + sp, orig_sp, + regs->tpc, + regs->u_regs[UREG_I7]); goto barf; + } } while (window--); } set_thread_wsaved(0); @@ -556,8 +570,7 @@ void fault_in_user_windows(void) barf: set_thread_wsaved(window + 1); - user_exit(); - do_exit(SIGILL); + force_sig(SIGSEGV, current); } asmlinkage long sparc_do_fork(unsigned long clone_flags, diff --git a/arch/sparc/kernel/rtrap_64.S b/arch/sparc/kernel/rtrap_64.S index 4073e2b87dd0..29aa34f11720 100644 --- a/arch/sparc/kernel/rtrap_64.S +++ b/arch/sparc/kernel/rtrap_64.S @@ -39,6 +39,7 @@ __handle_preemption: wrpr %g0, RTRAP_PSTATE_IRQOFF, %pstate __handle_user_windows: + add %sp, PTREGS_OFF, %o0 call fault_in_user_windows 661: wrpr %g0, RTRAP_PSTATE, %pstate /* If userspace is using ADI, it could potentially pass diff --git a/arch/sparc/kernel/signal32.c b/arch/sparc/kernel/signal32.c index 44d379db3f64..4c5b3fcbed94 100644 --- a/arch/sparc/kernel/signal32.c +++ b/arch/sparc/kernel/signal32.c @@ -371,7 +371,11 @@ static int setup_frame32(struct ksignal *ksig, struct pt_regs *regs, get_sigframe(ksig, regs, sigframe_size); if (invalid_frame_pointer(sf, sigframe_size)) { - do_exit(SIGILL); + if (show_unhandled_signals) + pr_info("%s[%d] bad frame in setup_frame32: %08lx TPC %08lx O7 %08lx\n", + current->comm, current->pid, (unsigned long)sf, + regs->tpc, regs->u_regs[UREG_I7]); + force_sigsegv(ksig->sig, current); return -EINVAL; } @@ -501,7 +505,11 @@ static int setup_rt_frame32(struct ksignal *ksig, struct pt_regs *regs, get_sigframe(ksig, regs, sigframe_size); if (invalid_frame_pointer(sf, sigframe_size)) { - do_exit(SIGILL); + if (show_unhandled_signals) + pr_info("%s[%d] bad frame in setup_rt_frame32: %08lx TPC %08lx O7 %08lx\n", + current->comm, current->pid, (unsigned long)sf, + regs->tpc, regs->u_regs[UREG_I7]); + force_sigsegv(ksig->sig, current); return -EINVAL; } diff --git a/arch/sparc/kernel/signal_64.c b/arch/sparc/kernel/signal_64.c index 48366e5eb5b2..e9de1803a22e 100644 --- a/arch/sparc/kernel/signal_64.c +++ b/arch/sparc/kernel/signal_64.c @@ -370,7 +370,11 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs) get_sigframe(ksig, regs, sf_size); if (invalid_frame_pointer (sf)) { - do_exit(SIGILL); /* won't return, actually */ + if (show_unhandled_signals) + pr_info("%s[%d] bad frame in setup_rt_frame: %016lx TPC %016lx O7 %016lx\n", + current->comm, current->pid, (unsigned long)sf, + regs->tpc, regs->u_regs[UREG_I7]); + force_sigsegv(ksig->sig, current); return -EINVAL; } -- 2.19.1 >From 42dffdd95a8faacd7df0e369040b0f441594757b Mon Sep 17 00:00:00 2001 From: "David S. Miller" <davem(a)davemloft.net> Date: Wed, 31 Oct 2018 18:30:21 -0700 Subject: [PATCH 3/3] sparc64: Wire up compat getpeername and getsockname. [ Upstream commit 1f2b5b8e2df4591fbca430aff9c5a072dcc0f408 ] Fixes: 8b30ca73b7cc ("sparc: Add all necessary direct socket system calls.") Reported-by: Joseph Myers <joseph(a)codesourcery.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> --- arch/sparc/kernel/systbls_64.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/sparc/kernel/systbls_64.S b/arch/sparc/kernel/systbls_64.S index bb68c805b891..ff9389a1c9f3 100644 --- a/arch/sparc/kernel/systbls_64.S +++ b/arch/sparc/kernel/systbls_64.S @@ -47,9 +47,9 @@ sys_call_table32: .word sys_recvfrom, sys_setreuid16, sys_setregid16, sys_rename, compat_sys_truncate /*130*/ .word compat_sys_ftruncate, sys_flock, compat_sys_lstat64, sys_sendto, sys_shutdown .word sys_socketpair, sys_mkdir, sys_rmdir, compat_sys_utimes, compat_sys_stat64 -/*140*/ .word sys_sendfile64, sys_nis_syscall, compat_sys_futex, sys_gettid, compat_sys_getrlimit +/*140*/ .word sys_sendfile64, sys_getpeername, compat_sys_futex, sys_gettid, compat_sys_getrlimit .word compat_sys_setrlimit, sys_pivot_root, sys_prctl, sys_pciconfig_read, sys_pciconfig_write -/*150*/ .word sys_nis_syscall, sys_inotify_init, sys_inotify_add_watch, sys_poll, sys_getdents64 +/*150*/ .word sys_getsockname, sys_inotify_init, sys_inotify_add_watch, sys_poll, sys_getdents64 .word compat_sys_fcntl64, sys_inotify_rm_watch, compat_sys_statfs, compat_sys_fstatfs, sys_oldumount /*160*/ .word compat_sys_sched_setaffinity, compat_sys_sched_getaffinity, sys_getdomainname, sys_setdomainname, sys_nis_syscall .word sys_quotactl, sys_set_tid_address, compat_sys_mount, compat_sys_ustat, sys_setxattr -- 2.19.1

7 years, 1 month

2
1
0 0

[PATCHES] Networking

by David Miller

Please queue up the following networking bug fixes for v4.18 and v4.19 -stable, respectively.

7 years, 1 month

2
1
0 0

[PATCH 4.4 00/92] 4.4.133-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.133 release. There are 92 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat May 26 09:31:28 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.133-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.133-rc1 Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> x86/kexec: Avoid double free_page() upon do_kexec_load() failure Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: stop workqueue when fill_super() failed Johannes Berg <johannes.berg(a)intel.com> cfg80211: limit wiphy names to 128 bytes Geert Uytterhoeven <geert+renesas(a)glider.be> gpio: rcar: Add Runtime PM handling for interrupts John Stultz <john.stultz(a)linaro.org> time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting Vinod Koul <vinod.koul(a)intel.com> dmaengine: ensure dmaengine helpers check valid callback Jens Remus <jremus(a)linux.ibm.com> scsi: zfcp: fix infinite iteration on ERP ready list Alexander Potapenko <glider(a)google.com> scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() Jason Yan <yanaijie(a)huawei.com> scsi: libsas: defer ata device eh commands to libata Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: use expoline thunks in the BPF JIT Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: extend expoline to BC instructions Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: move spectre sysfs attribute code Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/kernel: use expoline for indirect branches Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/ftrace: use expoline for indirect branches Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/lib: use expoline for indirect branches Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: move expoline assembler macros to a header Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: add assembler macros for CPU alternatives Al Viro <viro(a)zeniv.linux.org.uk> ext2: fix a block leak Eric Dumazet <edumazet(a)google.com> tcp: purge write queue in tcp_connect_init() Eric Dumazet <edumazet(a)google.com> sock_diag: fix use-after-free read in __sk_free Willem de Bruijn <willemb(a)google.com> packet: in packet_snd start writing at link layer allocation Willem de Bruijn <willemb(a)google.com> net: test tailroom before appending to linear skb Liu Bo <bo.liu(a)linux.alibaba.com> btrfs: fix reading stale metadata blocks after degraded raid1 mounts Anand Jain <anand.jain(a)oracle.com> btrfs: fix crash when trying to resume balance without the resume flag Filipe Manana <fdmanana(a)suse.com> Btrfs: fix xattr loss after power failure Masami Hiramatsu <mhiramat(a)kernel.org> ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions Masami Hiramatsu <mhiramat(a)kernel.org> ARM: 8770/1: kprobes: Prohibit probing on optimized_callback Masami Hiramatsu <mhiramat(a)kernel.org> ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed Dexuan Cui <decui(a)microsoft.com> tick/broadcast: Use for_each_cpu() specially on UP kernels Masami Hiramatsu <mhiramat(a)kernel.org> ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr Ard Biesheuvel <ard.biesheuvel(a)linaro.org> efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: remove indirect branch from do_softirq_own_stack Julian Wiedmann <jwi(a)linux.ibm.com> s390/qdio: don't release memory in qdio_setup_irq() Hendrik Brueckner <brueckner(a)linux.ibm.com> s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero Julian Wiedmann <jwi(a)linux.ibm.com> s390/qdio: fix access to uninitialized qdio_q fields Pavel Tatashin <pasha.tatashin(a)oracle.com> mm: don't allow deferred pages with NEED_PER_CPU_KM Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: Fix NVRAM sleep in invalid context when crashing Janis Danisevskis <jdanis(a)google.com> procfs: fix pthread cross-thread naming if !PR_DUMPABLE Mateusz Guzik <mguzik(a)redhat.com> proc read mm's {arg,env}_{start,end} with mmap semaphore taken. Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> cpufreq: intel_pstate: Enable HWP by default Waiman Long <Waiman.Long(a)hpe.com> signals: avoid unnecessary taking of sighand->siglock Mel Gorman <mgorman(a)techsingularity.net> mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to complete during a read Mel Gorman <mgorman(a)techsingularity.net> mm: filemap: remove redundant code in do_read_cache_page Johannes Weiner <hannes(a)cmpxchg.org> proc: meminfo: estimate available memory more conservatively Vladimir Davydov <vdavydov(a)virtuozzo.com> vmscan: do not force-scan file lru if its absolute size is small Benjamin Herrenschmidt <benh(a)kernel.crashing.org> powerpc: Don't preempt_disable() in show_cpuinfo() Anders Roxell <anders.roxell(a)linaro.org> cpuidle: coupled: remove unused define cpuidle_coupled_lock Stewart Smith <stewart(a)linux.vnet.ibm.com> powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL Stewart Smith <stewart(a)linux.vnet.ibm.com> powerpc/powernv: Remove OPALv2 firmware define and references Stewart Smith <stewart(a)linux.vnet.ibm.com> powerpc/powernv: panic() on OPAL < V3 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: pxa2xx: Allow 64-bit DMA Wenwen Wang <wang6495(a)umn.edu> ALSA: control: fix a redundant-copy issue Hans de Goede <hdegoede(a)redhat.com> ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist Federico Cuello <fedux(a)fedux.com.ar> ALSA: usb: mixer: volume quirk for CM102-A+/102S+ Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: fix bad unlock balance during stub_probe() Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: fix NULL-ptr deref and use-after-free errors Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: run rebind from exit when module is removed Shuah Khan (Samsung OSG) <shuah(a)kernel.org> usbip: usbip_host: delete device from busid_table after rebind Shuah Khan <shuahkh(a)osg.samsung.com> usbip: usbip_host: refine probe and disconnect debug msgs to be useful zhongjiang <zhongjiang(a)huawei.com> kernel/exit.c: avoid undefined behaviour when calling wait4() Jiri Slaby <jslaby(a)suse.cz> futex: futex_wake_op, fix sign_extend32 sign bits Michael Kerrisk (man-pages) <mtk.manpages(a)gmail.com> pipe: cap initial pipe capacity according to pipe-max-size limit James Chapman <jchapman(a)katalix.com> l2tp: revert "l2tp: fix missing print session offset info" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap" Vasily Averin <vvs(a)virtuozzo.com> lockd: lost rollback of set_grace_period() in lockd_down_net() Antony Antony <antony(a)phenome.org> xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) Jiri Slaby <jslaby(a)suse.cz> futex: Remove duplicated code and fix undefined behaviour Mel Gorman <mgorman(a)suse.de> futex: Remove unnecessary warning from get_futex_key Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: Add work around for Arm Cortex-A55 Erratum 1024718 Ard Biesheuvel <ard.biesheuvel(a)linaro.org> arm64: introduce mov_q macro to move a constant into a 64-bit register Richard Guy Briggs <rgb(a)redhat.com> audit: move calcs after alloc and check when logging set loginuid Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Call notifier in the same spinlock Xin Long <lucien.xin(a)gmail.com> sctp: delay the authentication for the duplicated cookie-echo chunk Xin Long <lucien.xin(a)gmail.com> sctp: fix the issue that the cookie-ack with auth can't get processed Yuchung Cheng <ycheng(a)google.com> tcp: ignore Fast Open on repair mode Debabrata Banerjee <dbanerje(a)akamai.com> bonding: do not allow rlb updates to invalid mac Michael Chan <michael.chan(a)broadcom.com> tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent(). Xin Long <lucien.xin(a)gmail.com> sctp: use the old asoc when making the cookie-ack chunk in dupcook_d Xin Long <lucien.xin(a)gmail.com> sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix powering up RTL8168h Bjørn Mork <bjorn(a)mork.no> qmi_wwan: do not steal interfaces from class drivers Stefano Brivio <sbrivio(a)redhat.com> openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found Lance Richardson <lance.richardson.net(a)gmail.com> net: support compat 64-bit time in {s,g}etsockopt Eric Dumazet <edumazet(a)google.com> net_sched: fq: take care of throttled flows before reuse Moshe Shemesh <moshe(a)mellanox.com> net/mlx4_en: Verify coalescing parameters are in range Rob Taglang <rob(a)taglang.io> net: ethernet: sun: niu set correct packet size in skb Eric Dumazet <edumazet(a)google.com> llc: better deal with too small mtu Andrey Ignatov <rdna(a)fb.com> ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg Eric Dumazet <edumazet(a)google.com> dccp: fix tasklet usage Hangbin Liu <liuhangbin(a)gmail.com> bridge: check iface upper dev when setting master via ioctl Ingo Molnar <mingo(a)elte.hu> 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() ------------- Diffstat: Makefile | 4 +- arch/alpha/include/asm/futex.h | 26 +-- arch/arc/include/asm/futex.h | 40 +---- arch/arm/boot/dts/imx6qdl-wandboard.dtsi | 1 - arch/arm/include/asm/assembler.h | 10 ++ arch/arm/include/asm/futex.h | 26 +-- arch/arm/kernel/traps.c | 5 +- arch/arm/lib/getuser.S | 10 ++ arch/arm/probes/kprobes/opt-arm.c | 4 +- arch/arm64/Kconfig | 14 ++ arch/arm64/include/asm/assembler.h | 60 +++++++ arch/arm64/include/asm/cputype.h | 11 ++ arch/arm64/include/asm/futex.h | 26 +-- arch/arm64/mm/proc.S | 5 + arch/frv/include/asm/futex.h | 3 +- arch/frv/kernel/futex.c | 27 +-- arch/hexagon/include/asm/futex.h | 38 +--- arch/ia64/include/asm/futex.h | 25 +-- arch/microblaze/include/asm/futex.h | 38 +--- arch/mips/include/asm/futex.h | 25 +-- arch/parisc/include/asm/futex.h | 25 +-- arch/powerpc/include/asm/firmware.h | 5 +- arch/powerpc/include/asm/futex.h | 26 +-- arch/powerpc/kernel/setup-common.c | 11 -- arch/powerpc/platforms/powernv/eeh-powernv.c | 4 +- arch/powerpc/platforms/powernv/idle.c | 2 +- arch/powerpc/platforms/powernv/opal-nvram.c | 14 +- arch/powerpc/platforms/powernv/opal-xscom.c | 2 +- arch/powerpc/platforms/powernv/opal.c | 36 ++-- arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- arch/powerpc/platforms/powernv/setup.c | 12 +- arch/powerpc/platforms/powernv/smp.c | 74 ++++---- arch/s390/include/asm/alternative-asm.h | 108 ++++++++++++ arch/s390/include/asm/futex.h | 23 +-- arch/s390/include/asm/nospec-insn.h | 193 +++++++++++++++++++++ arch/s390/kernel/Makefile | 1 + arch/s390/kernel/asm-offsets.c | 1 + arch/s390/kernel/base.S | 24 +-- arch/s390/kernel/entry.S | 105 +++-------- arch/s390/kernel/irq.c | 5 +- arch/s390/kernel/mcount.S | 14 +- arch/s390/kernel/nospec-branch.c | 43 +++-- arch/s390/kernel/nospec-sysfs.c | 21 +++ arch/s390/kernel/perf_cpum_sf.c | 4 + arch/s390/kernel/reipl.S | 5 +- arch/s390/kernel/swsusp.S | 10 +- arch/s390/lib/mem.S | 9 +- arch/s390/net/bpf_jit.S | 16 +- arch/s390/net/bpf_jit_comp.c | 63 ++++++- arch/sh/include/asm/futex.h | 26 +-- arch/sparc/include/asm/futex_64.h | 26 +-- arch/tile/include/asm/futex.h | 40 +---- arch/x86/boot/compressed/eboot.c | 6 +- arch/x86/include/asm/futex.h | 40 +---- arch/x86/kernel/machine_kexec_32.c | 6 +- arch/x86/kernel/machine_kexec_64.c | 4 +- arch/x86/xen/mmu.c | 4 - arch/xtensa/include/asm/futex.h | 27 +-- drivers/cpufreq/intel_pstate.c | 34 ++-- drivers/cpufreq/powernv-cpufreq.c | 2 +- drivers/cpuidle/coupled.c | 1 - drivers/cpuidle/cpuidle-powernv.c | 2 +- drivers/gpio/gpio-rcar.c | 46 +++++ drivers/net/bonding/bond_alb.c | 2 +- drivers/net/ethernet/broadcom/tg3.c | 9 +- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 16 ++ drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 7 +- drivers/net/ethernet/realtek/8139too.c | 2 +- drivers/net/ethernet/realtek/r8169.c | 3 + drivers/net/ethernet/sun/niu.c | 5 +- drivers/net/usb/qmi_wwan.c | 12 ++ drivers/s390/cio/qdio_setup.c | 12 +- drivers/s390/scsi/zfcp_dbf.c | 23 ++- drivers/s390/scsi/zfcp_ext.h | 5 +- drivers/s390/scsi/zfcp_scsi.c | 14 +- drivers/scsi/libsas/sas_scsi_host.c | 33 ++-- drivers/scsi/sg.c | 2 +- drivers/spi/spi-pxa2xx.h | 2 +- drivers/usb/usbip/stub.h | 2 + drivers/usb/usbip/stub_dev.c | 43 +++-- drivers/usb/usbip/stub_main.c | 105 +++++++++-- fs/btrfs/ctree.c | 6 +- fs/btrfs/tree-log.c | 7 + fs/btrfs/volumes.c | 9 + fs/ext2/inode.c | 10 -- fs/hfsplus/super.c | 1 + fs/lockd/svc.c | 2 + fs/pipe.c | 3 + fs/proc/base.c | 55 +++++- fs/proc/meminfo.c | 5 +- include/asm-generic/futex.h | 50 +----- include/linux/dmaengine.h | 20 ++- include/linux/efi.h | 8 +- include/linux/signal.h | 17 ++ include/linux/timekeeper_internal.h | 4 +- include/trace/events/xen.h | 16 -- include/uapi/linux/nl80211.h | 2 + kernel/auditsc.c | 7 +- kernel/exit.c | 4 + kernel/futex.c | 44 ++++- kernel/signal.c | 7 + kernel/time/tick-broadcast.c | 8 + kernel/time/timekeeping.c | 20 +-- mm/Kconfig | 1 + mm/filemap.c | 90 ++++++---- mm/util.c | 16 +- mm/vmscan.c | 12 +- net/bridge/br_if.c | 4 +- net/compat.c | 6 +- net/core/sock.c | 2 +- net/dccp/ccids/ccid2.c | 14 +- net/dccp/timer.c | 2 +- net/ipv4/ip_output.c | 3 +- net/ipv4/ping.c | 7 +- net/ipv4/tcp.c | 2 +- net/ipv4/tcp_output.c | 7 +- net/ipv4/udp.c | 7 +- net/ipv6/ip6_output.c | 3 +- net/l2tp/l2tp_netlink.c | 2 - net/llc/af_llc.c | 3 + net/openvswitch/flow_netlink.c | 9 +- net/packet/af_packet.c | 4 +- net/sched/sch_fq.c | 37 ++-- net/sctp/associola.c | 30 +++- net/sctp/inqueue.c | 2 +- net/sctp/ipv6.c | 3 + net/sctp/sm_statefuns.c | 89 +++++----- net/wireless/core.c | 3 + net/xfrm/xfrm_state.c | 1 + sound/core/control_compat.c | 3 +- sound/core/timer.c | 220 +++++++++++------------- sound/pci/hda/hda_intel.c | 2 + sound/usb/mixer.c | 8 + 133 files changed, 1605 insertions(+), 1109 deletions(-)

7 years, 1 month

15
123
0 0

[PATCH stable 4.14] bpf: fix partial copy of map_ptr when dst is scalar

by Daniel Borkmann

commit 0962590e553331db2cc0aef2dc35c57f6300dbbe upstream. ALU operations on pointers such as scalar_reg += map_value_ptr are handled in adjust_ptr_min_max_vals(). Problem is however that map_ptr and range in the register state share a union, so transferring state through dst_reg->range = ptr_reg->range is just buggy as any new map_ptr in the dst_reg is then truncated (or null) for subsequent checks. Fix this by adding a raw member and use it for copying state over to dst_reg. Fixes: f1174f77b50c ("bpf/verifier: rework value tracking") Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Cc: Edward Cree <ecree(a)solarflare.com> Acked-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Acked-by: Edward Cree <ecree(a)solarflare.com> --- include/linux/bpf_verifier.h | 3 +++ kernel/bpf/verifier.c | 10 ++++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h index 73bec75..a333300 100644 --- a/include/linux/bpf_verifier.h +++ b/include/linux/bpf_verifier.h @@ -50,6 +50,9 @@ struct bpf_reg_state { * PTR_TO_MAP_VALUE_OR_NULL */ struct bpf_map *map_ptr; + + /* Max size from any of the above. */ + unsigned long raw; }; /* Fixed part of pointer offset, pointer types only */ s32 off; diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index a0ffc62..013b0cd 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -1935,7 +1935,7 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, dst_reg->umax_value = umax_ptr; dst_reg->var_off = ptr_reg->var_off; dst_reg->off = ptr_reg->off + smin_val; - dst_reg->range = ptr_reg->range; + dst_reg->raw = ptr_reg->raw; break; } /* A new variable offset is created. Note that off_reg->off @@ -1965,10 +1965,11 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, } dst_reg->var_off = tnum_add(ptr_reg->var_off, off_reg->var_off); dst_reg->off = ptr_reg->off; + dst_reg->raw = ptr_reg->raw; if (ptr_reg->type == PTR_TO_PACKET) { dst_reg->id = ++env->id_gen; /* something was added to pkt_ptr, set range to zero */ - dst_reg->range = 0; + dst_reg->raw = 0; } break; case BPF_SUB: @@ -1999,7 +2000,7 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, dst_reg->var_off = ptr_reg->var_off; dst_reg->id = ptr_reg->id; dst_reg->off = ptr_reg->off - smin_val; - dst_reg->range = ptr_reg->range; + dst_reg->raw = ptr_reg->raw; break; } /* A new variable offset is created. If the subtrahend is known @@ -2025,11 +2026,12 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, } dst_reg->var_off = tnum_sub(ptr_reg->var_off, off_reg->var_off); dst_reg->off = ptr_reg->off; + dst_reg->raw = ptr_reg->raw; if (ptr_reg->type == PTR_TO_PACKET) { dst_reg->id = ++env->id_gen; /* something was added to pkt_ptr, set range to zero */ if (smin_val < 0) - dst_reg->range = 0; + dst_reg->raw = 0; } break; case BPF_AND: -- 2.9.5

7 years, 1 month

1
0
0 0

[PATCH AUTOSEL 4.14 01/19] bpf: do not blindly change rlimit in reuseport net selftest

by Sasha Levin

From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 262f9d811c7608f1e74258ceecfe1fa213bdf912 ] If the current process has unlimited RLIMIT_MEMLOCK, we should should leave it as is. Fixes: 941ff6f11c02 ("bpf: fix rlimit in reuseport net selftest") Signed-off-by: John Sperbeck <jsperbeck(a)google.com> Signed-off-by: Eric Dumazet <edumazet(a)google.com> Acked-by: Daniel Borkmann <daniel(a)iogearbox.net> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/net/reuseport_bpf.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/net/reuseport_bpf.c b/tools/testing/selftests/net/reuseport_bpf.c index cad14cd0ea92..b5277106df1f 100644 --- a/tools/testing/selftests/net/reuseport_bpf.c +++ b/tools/testing/selftests/net/reuseport_bpf.c @@ -437,14 +437,19 @@ void enable_fastopen(void) } } -static struct rlimit rlim_old, rlim_new; +static struct rlimit rlim_old; static __attribute__((constructor)) void main_ctor(void) { getrlimit(RLIMIT_MEMLOCK, &rlim_old); - rlim_new.rlim_cur = rlim_old.rlim_cur + (1UL << 20); - rlim_new.rlim_max = rlim_old.rlim_max + (1UL << 20); - setrlimit(RLIMIT_MEMLOCK, &rlim_new); + + if (rlim_old.rlim_cur != RLIM_INFINITY) { + struct rlimit rlim_new; + + rlim_new.rlim_cur = rlim_old.rlim_cur + (1UL << 20); + rlim_new.rlim_max = rlim_old.rlim_max + (1UL << 20); + setrlimit(RLIMIT_MEMLOCK, &rlim_new); + } } static __attribute__((destructor)) void main_dtor(void) -- 2.17.1

7 years, 1 month

3
21
0 0

request for 4.14-stable: ffdf16edfbbe ("drm/i915/gvt: fix memory leak of a cmd_entry struct on error exit path")

by Sudip Mukherjee

Hi Greg, This was not marked for stable but seems it should be in stable. Please apply to your queue of 4.14-stable. -- Regards Sudip

7 years, 1 month

3
3
0 0

[PATCH AUTOSEL 4.14 01/73] net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode

by Sasha Levin

From: Ivan Khoronzhuk <ivan.khoronzhuk(a)linaro.org> [ Upstream commit 9737cc99dd14b5b8b9d267618a6061feade8ea68 ] After flushing all mcast entries from the table, the ones contained in mc list of ndev are not restored when promisc mode is toggled off, because they are considered as synched with ALE, thus, in order to restore them after promisc mode - reset syncing info. This fix touches only switch mode devices, including single port boards like Beagle Bone. Fixes: commit 5da1948969bc ("net: ethernet: ti: cpsw: fix lost of mcast packets while rx_mode update") Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk(a)linaro.org> Reviewed-by: Grygorii Strashko <grygorii.strashko(a)ti.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/ethernet/ti/cpsw.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/ethernet/ti/cpsw.c b/drivers/net/ethernet/ti/cpsw.c index 8cb44eabc283..a44838aac97d 100644 --- a/drivers/net/ethernet/ti/cpsw.c +++ b/drivers/net/ethernet/ti/cpsw.c @@ -601,6 +601,7 @@ static void cpsw_set_promiscious(struct net_device *ndev, bool enable) /* Clear all mcast from ALE */ cpsw_ale_flush_multicast(ale, ALE_ALL_PORTS, -1); + __dev_mc_unsync(ndev, NULL); /* Flood All Unicast Packets to Host port */ cpsw_ale_control_set(ale, 0, ALE_P0_UNI_FLOOD, 1); -- 2.17.1

7 years, 1 month

2
74
0 0

[PATCH] ubifs: Handle re-linking of inodes correctly while recovery

by Richard Weinberger

UBIFS's recovery code strictly assumes that a deleted inode will never come back, therefore it removes all data which belongs to that inode as soon it faces an inode with link count 0 in the replay list. Before O_TMPFILE this assumption was perfectly fine. With O_TMPFILE it can lead to data loss upon a power-cut. Consider a journal with entries like: 0: inode X (nlink = 0) /* O_TMPFILE was created */ 1: data for inode X /* Someone writes to the temp file */ 2: inode X (nlink = 0) /* inode was changed, xattr, chmod, … */ 3: inode X (nlink = 1) /* inode was re-linked via linkat() */ Upon replay of entry #2 UBIFS will drop all data that belongs to inode X, this will lead to an empty file after mounting. As solution for this problem, scan the replay list for a re-link entry before dropping data. Fixes: 474b93704f32 ("ubifs: Implement O_TMPFILE") Cc: stable(a)vger.kernel.org Reported-by: Russell Senior <russell(a)personaltelco.net> Reported-by: Rafał Miłecki <zajec5(a)gmail.com> Signed-off-by: Richard Weinberger <richard(a)nod.at> --- Russel, Rafał, please give this patch another testing. I'll also run it on different test systems before merging. Thanks, //richard --- fs/ubifs/replay.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/fs/ubifs/replay.c b/fs/ubifs/replay.c index 4844538eb926..65a780685b82 100644 --- a/fs/ubifs/replay.c +++ b/fs/ubifs/replay.c @@ -209,6 +209,34 @@ static int trun_remove_range(struct ubifs_info *c, struct replay_entry *r) return ubifs_tnc_remove_range(c, &min_key, &max_key); } +/** + * inode_relinked - check whether inode in question will be re-linked. + * @c: UBIFS file-system description object + * @rino: replay entry to test + * + * O_TMPFILE files can be re-linked, this means link count goes from 0 to 1. + * This case needs special care, otherwise all references to the inode will + * be removed upon the first replay entry of an inode with link count 0 + * is found. + */ +static bool inode_relinked(struct ubifs_info *c, struct replay_entry *rino) +{ + struct replay_entry *r = rino; + + ubifs_assert(c, rino->deletion); + ubifs_assert(c, key_type(c, &rino->key) == UBIFS_INO_KEY); + + list_for_each_entry_from(r, &c->replay_list, list) { + if (key_inum(c, &r->key) == key_inum(c, &rino->key) && + r->deletion == 0) { + ubifs_assert(c, r->sqnum > rino->sqnum); + return true; + } + } + + return false; +} + /** * apply_replay_entry - apply a replay entry to the TNC. * @c: UBIFS file-system description object @@ -236,6 +264,11 @@ static int apply_replay_entry(struct ubifs_info *c, struct replay_entry *r) { ino_t inum = key_inum(c, &r->key); + if (inode_relinked(c, r)) { + err = 0; + break; + } + err = ubifs_tnc_remove_ino(c, inum); break; } -- 2.19.1

7 years, 1 month

3
3
0 0

[PATCH] fs: fix lost error code in dio_complete

by Maximilian Heyne

commit e259221763a40403d5bb232209998e8c45804ab8 ("fs: simplify the generic_write_sync prototype") reworked callers of generic_write_sync(), and ended up dropping the error return for the directio path. Prior to that commit, in dio_complete(), an error would be bubbled up the stack, but after that commit, errors passed on to dio_complete were eaten up. This was reported on the list earlier, and a fix was proposed in https://lore.kernel.org/lkml/20160921141539.GA17898@infradead.org/, but never followed up with. We recently hit this bug in our testing where fencing io errors, which were previously erroring out with EIO, were being returned as success operations after this commit. The fix proposed on the list earlier was a little short -- it would have still called generic_write_sync() in case `ret` already contained an error. This fix ensures generic_write_sync() is only called when there's no pending error in the write. CC: stable(a)vger.kernel.org Reported-by: Ravi Nankani <rnankani(a)amazon.com> Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> Signed-off-by: Torsten Mehlan <tomeh(a)amazon.de> Signed-off-by: Uwe Dannowski <uwed(a)amazon.de> Signed-off-by: Amit Shah <aams(a)amazon.de> Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> --- fs/direct-io.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/direct-io.c b/fs/direct-io.c index 093fb54cd316..199146036093 100644 --- a/fs/direct-io.c +++ b/fs/direct-io.c @@ -325,8 +325,8 @@ static ssize_t dio_complete(struct dio *dio, ssize_t ret, unsigned int flags) */ dio->iocb->ki_pos += transferred; - if (dio->op == REQ_OP_WRITE) - ret = generic_write_sync(dio->iocb, transferred); + if (ret > 0 && dio->op == REQ_OP_WRITE) + ret = generic_write_sync(dio->iocb, ret); dio->iocb->ki_complete(dio->iocb, ret, 0); } -- 2.16.2 Amazon Development Center Germany GmbH Berlin - Dresden - Aachen main office: Krausenstr. 38, 10117 Berlin Geschaeftsfuehrer: Dr. Ralf Herbrich, Christian Schlaeger Ust-ID: DE289237879 Eingetragen am Amtsgericht Charlottenburg HRB 149173 B

7 years, 1 month

3
4
0 0

[PATCH v8 1/9] KVM: arm/arm64: Ensure only THP is candidate for adjustment

by Punit Agrawal

PageTransCompoundMap() returns true for hugetlbfs and THP hugepages. This behaviour incorrectly leads to stage 2 faults for unsupported hugepage sizes (e.g., 64K hugepage with 4K pages) to be treated as THP faults. Tighten the check to filter out hugetlbfs pages. This also leads to consistently mapping all unsupported hugepage sizes as PTE level entries at stage 2. Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Cc: Christoffer Dall <christoffer.dall(a)arm.com> Cc: Marc Zyngier <marc.zyngier(a)arm.com> Cc: stable(a)vger.kernel.org # v4.13+ --- virt/kvm/arm/mmu.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 7e477b3cae5b..c23a1b323aad 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1231,8 +1231,14 @@ static bool transparent_hugepage_adjust(kvm_pfn_t *pfnp, phys_addr_t *ipap) { kvm_pfn_t pfn = *pfnp; gfn_t gfn = *ipap >> PAGE_SHIFT; + struct page *page = pfn_to_page(pfn); - if (PageTransCompoundMap(pfn_to_page(pfn))) { + /* + * PageTransCompoungMap() returns true for THP and + * hugetlbfs. Make sure the adjustment is done only for THP + * pages. + */ + if (!PageHuge(page) && PageTransCompoundMap(page)) { unsigned long mask; /* * The address we faulted on is backed by a transparent huge -- 2.18.0

7 years, 1 month

3
6
0 0

[PATCH AUTOSEL 3.18 01/22] locking/lockdep: Fix debug_locks off performance problem

by Sasha Levin

From: Waiman Long <longman(a)redhat.com> [ Upstream commit 9506a7425b094d2f1d9c877ed5a78f416669269b ] It was found that when debug_locks was turned off because of a problem found by the lockdep code, the system performance could drop quite significantly when the lock_stat code was also configured into the kernel. For instance, parallel kernel build time on a 4-socket x86-64 server nearly doubled. Further analysis into the cause of the slowdown traced back to the frequent call to debug_locks_off() from the __lock_acquired() function probably due to some inconsistent lockdep states with debug_locks off. The debug_locks_off() function did an unconditional atomic xchg to write a 0 value into debug_locks which had already been set to 0. This led to severe cacheline contention in the cacheline that held debug_locks. As debug_locks is being referenced in quite a few different places in the kernel, this greatly slow down the system performance. To prevent that trashing of debug_locks cacheline, lock_acquired() and lock_contended() now checks the state of debug_locks before proceeding. The debug_locks_off() function is also modified to check debug_locks before calling __debug_locks_off(). Signed-off-by: Waiman Long <longman(a)redhat.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Will Deacon <will.deacon(a)arm.com> Link: http://lkml.kernel.org/r/1539913518-15598-1-git-send-email-longman@redhat.c… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/locking/lockdep.c | 4 ++-- lib/debug_locks.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c index f99008534275..fb90ca3a296e 100644 --- a/kernel/locking/lockdep.c +++ b/kernel/locking/lockdep.c @@ -3808,7 +3808,7 @@ void lock_contended(struct lockdep_map *lock, unsigned long ip) { unsigned long flags; - if (unlikely(!lock_stat)) + if (unlikely(!lock_stat || !debug_locks)) return; if (unlikely(current->lockdep_recursion)) @@ -3828,7 +3828,7 @@ void lock_acquired(struct lockdep_map *lock, unsigned long ip) { unsigned long flags; - if (unlikely(!lock_stat)) + if (unlikely(!lock_stat || !debug_locks)) return; if (unlikely(current->lockdep_recursion)) diff --git a/lib/debug_locks.c b/lib/debug_locks.c index 96c4c633d95e..124fdf238b3d 100644 --- a/lib/debug_locks.c +++ b/lib/debug_locks.c @@ -37,7 +37,7 @@ EXPORT_SYMBOL_GPL(debug_locks_silent); */ int debug_locks_off(void) { - if (__debug_locks_off()) { + if (debug_locks && __debug_locks_off()) { if (!debug_locks_silent) { console_verbose(); return 1; -- 2.17.1

7 years, 1 month

2
23
0 0

[PATCH AUTOSEL 4.18 001/126] net: socionext: Reset tx queue in ndo_stop

by Sasha Levin

From: Masahisa Kojima <masahisa.kojima(a)linaro.org> [ Upstream commit 8d5b0bf611ec5b7618d5b772dddc93b8afa78cb8 ] We observed that packets and bytes count are not reset when user performs interface down. Eventually, tx queue is exhausted and packets will not be sent out. To avoid this problem, resets tx queue in ndo_stop. Fixes: 533dd11a12f6 ("net: socionext: Add Synquacer NetSec driver") Signed-off-by: Masahisa Kojima <masahisa.kojima(a)linaro.org> Signed-off-by: Yoshitoyo Osaki <osaki.yoshitoyo(a)socionext.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/ethernet/socionext/netsec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/ethernet/socionext/netsec.c b/drivers/net/ethernet/socionext/netsec.c index e080d3e7c582..4d7d53fbc0ef 100644 --- a/drivers/net/ethernet/socionext/netsec.c +++ b/drivers/net/ethernet/socionext/netsec.c @@ -945,6 +945,9 @@ static void netsec_uninit_pkt_dring(struct netsec_priv *priv, int id) dring->head = 0; dring->tail = 0; dring->pkt_cnt = 0; + + if (id == NETSEC_RING_TX) + netdev_reset_queue(priv->ndev); } static void netsec_free_dring(struct netsec_priv *priv, int id) -- 2.17.1

7 years, 1 month

1
125
0 0

[PATCH] usbnet: smsc95xx: disable carrier check while suspending

by Frieder Schrempf

We need to make sure, that the carrier check polling is disabled while suspending. Otherwise we can end up with usbnet_read_cmd() being issued when only usbnet_read_cmd_nopm() is allowed. If this happens, read operations lock up. Fixes: d69d169493 ("usbnet: smsc95xx: fix link detection for disabled autonegotiation") Cc: <stable(a)vger.kernel.org> Signed-off-by: Frieder Schrempf <frieder.schrempf(a)kontron.de> --- drivers/net/usb/smsc95xx.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/net/usb/smsc95xx.c b/drivers/net/usb/smsc95xx.c index 262e7a3..3bc9633 100644 --- a/drivers/net/usb/smsc95xx.c +++ b/drivers/net/usb/smsc95xx.c @@ -1592,6 +1592,8 @@ static int smsc95xx_suspend(struct usb_interface *intf, pm_message_t message) u32 val, link_up; int ret; + cancel_delayed_work_sync(&pdata->carrier_check); + ret = usbnet_suspend(intf, message); if (ret < 0) { netdev_warn(dev->net, "usbnet_suspend error\n"); @@ -1840,6 +1842,11 @@ static int smsc95xx_suspend(struct usb_interface *intf, pm_message_t message) */ if (ret && PMSG_IS_AUTO(message)) usbnet_resume(intf); + + if (ret) + schedule_delayed_work(&pdata->carrier_check, + CARRIER_CHECK_DELAY); + return ret; } -- 2.7.4

7 years, 1 month

1
0
0 0

Re: Business Proposal

by Edward Yuan

Dear Friend, My name is Mr. Edward Yuan, a consultant/broker. I know you might be a bit apprehensive because you do not know me. Nevertheless, I have a proposal on behalf of a client, a lucrative business that might be of mutual benefit to you. If interested in this proposition please kindly and urgently contact me for more details. Best Regards. Mr. Edward Yuan. --- This email has been checked for viruses by AVG. https://www.avg.com

7 years, 1 month

1
0
0 0

[PATCH] drm/i915: Fix error handling for the NV12 fb dimensions check

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Let's not leak obj->framebuffer_references when we decide that the framebuffer domensions are not suitable for NV12. Cc: stable(a)vger.kernel.org Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Vidya Srinivas <vidya.srinivas(a)intel.com> Fixes: e44134f2673c ("drm/i915: Add NV12 support to intel_framebuffer_init") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/intel_display.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c index fe045abb6472..9b549d3dd055 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -14540,7 +14540,7 @@ static int intel_framebuffer_init(struct intel_framebuffer *intel_fb, fb->height < SKL_MIN_YUV_420_SRC_H || (fb->width % 4) != 0 || (fb->height % 4) != 0)) { DRM_DEBUG_KMS("src dimensions not correct for NV12\n"); - return -EINVAL; + goto err; } for (i = 0; i < fb->format->num_planes; i++) { -- 2.18.1

7 years, 1 month

2
1
0 0

+ memory_hotplug-cond_resched-in-__remove_pages.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: memory_hotplug: cond_resched in __remove_pages has been added to the -mm tree. Its filename is memory_hotplug-cond_resched-in-__remove_pages.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/memory_hotplug-cond_resched-in-__r… and later at http://ozlabs.org/~akpm/mmotm/broken-out/memory_hotplug-cond_resched-in-__r… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Michal Hocko <mhocko(a)suse.com> Subject: memory_hotplug: cond_resched in __remove_pages We have received a bug report that unbinding a large pmem (>1TB) can result in a soft lockup: [ 380.339203] NMI watchdog: BUG: soft lockup - CPU#9 stuck for 23s! [ndctl:4365] [...] [ 380.339316] Supported: Yes [ 380.339318] CPU: 9 PID: 4365 Comm: ndctl Not tainted 4.12.14-94.40-default #1 SLE12-SP4 [ 380.339318] Hardware name: Intel Corporation S2600WFD/S2600WFD, BIOS SE5C620.86B.01.00.0833.051120182255 05/11/2018 [ 380.339319] task: ffff9cce7d4410c0 task.stack: ffffbe9eb1bc4000 [ 380.339325] RIP: 0010:__put_page+0x62/0x80 [ 380.339326] RSP: 0018:ffffbe9eb1bc7d30 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10 [ 380.339327] RAX: 000040540081c0d3 RBX: ffffeb8f03557200 RCX: 000063af40000000 [ 380.339328] RDX: 0000000000000002 RSI: ffff9cce75bff498 RDI: ffff9e4a76072ff8 [ 380.339329] RBP: 0000000a43557200 R08: 0000000000000000 R09: ffffbe9eb1bc7bb0 [ 380.339329] R10: ffffbe9eb1bc7d08 R11: 0000000000000000 R12: ffff9e194a22a0e0 [ 380.339330] R13: ffff9cce7062fc10 R14: ffff9e194a22a0a0 R15: ffff9cce6559c0e0 [ 380.339331] FS: 00007fd132368880(0000) GS:ffff9cce7ea40000(0000) knlGS:0000000000000000 [ 380.339332] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 380.339332] CR2: 00000000020820a0 CR3: 000000017ef7a003 CR4: 00000000007606e0 [ 380.339333] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 380.339334] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 380.339334] PKRU: 55555554 [ 380.339334] Call Trace: [ 380.339338] devm_memremap_pages_release+0x152/0x260 [ 380.339342] release_nodes+0x18d/0x1d0 [ 380.339347] device_release_driver_internal+0x160/0x210 [ 380.339350] unbind_store+0xb3/0xe0 [ 380.339355] kernfs_fop_write+0x102/0x180 [ 380.339358] __vfs_write+0x26/0x150 [ 380.339363] ? security_file_permission+0x3c/0xc0 [ 380.339364] vfs_write+0xad/0x1a0 [ 380.339366] SyS_write+0x42/0x90 [ 380.339370] do_syscall_64+0x74/0x150 [ 380.339375] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 380.339377] RIP: 0033:0x7fd13166b3d0 It has been reported on an older (4.12) kernel but the current upstream code doesn't cond_resched in the hot remove code at all and the given range to remove might be really large. Fix the issue by calling cond_resched once per memory section. Link: http://lkml.kernel.org/r/20181031125840.23982-1-mhocko@kernel.org Signed-off-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Johannes Thumshirn <jthumshirn(a)suse.de> Cc: Dan Williams <dan.j.williams(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory_hotplug.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/memory_hotplug.c~memory_hotplug-cond_resched-in-__remove_pages +++ a/mm/memory_hotplug.c @@ -586,6 +586,7 @@ int __remove_pages(struct zone *zone, un for (i = 0; i < sections_to_remove; i++) { unsigned long pfn = phys_start_pfn + i*PAGES_PER_SECTION; + cond_resched(); ret = __remove_section(zone, __pfn_to_section(pfn), map_offset, altmap); map_offset = 0; _ Patches currently in -mm which might be from mhocko(a)suse.com are memory_hotplug-cond_resched-in-__remove_pages.patch mm-thp-consolidate-thp-gfp-handling-into-alloc_hugepage_direct_gfpmask.patch

7 years, 1 month

1
0
0 0

[merged] kbuild-fix-kernel-boundsc-w=1-warning.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: kbuild: fix kernel/bounds.c 'W=1' warning has been removed from the -mm tree. Its filename was kbuild-fix-kernel-boundsc-w=1-warning.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Arnd Bergmann <arnd(a)arndb.de> Subject: kbuild: fix kernel/bounds.c 'W=1' warning Building any configuration with 'make W=1' produces a warning: kernel/bounds.c:16:6: warning: no previous prototype for 'foo' [-Wmissing-prototypes] When also passing -Werror, this prevents us from building any other files. Nobody ever calls the function, but we can't make it 'static' either since we want the compiler output. Calling it 'main' instead however avoids the warning, because gcc does not insist on having a declaration for main. Link: http://lkml.kernel.org/r/20181005083313.2088252-1-arnd@arndb.de Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Reported-by: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> Reviewed-by: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> Cc: David Laight <David.Laight(a)ACULAB.COM> Cc: Masahiro Yamada <yamada.masahiro(a)socionext.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/bounds.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/kernel/bounds.c~kbuild-fix-kernel-boundsc-w=1-warning +++ a/kernel/bounds.c @@ -13,7 +13,7 @@ #include <linux/log2.h> #include <linux/spinlock_types.h> -void foo(void) +int main(void) { /* The enum constants to put into include/generated/bounds.h */ DEFINE(NR_PAGEFLAGS, __NR_PAGEFLAGS); @@ -23,4 +23,6 @@ void foo(void) #endif DEFINE(SPINLOCK_SIZE, sizeof(spinlock_t)); /* End of constants */ + + return 0; } _ Patches currently in -mm which might be from arnd(a)arndb.de are ocfs2-dlmglue-clean-up-timestamp-handling.patch vfs-replace-current_kernel_time64-with-ktime-equivalent.patch

7 years, 1 month

1
0
0 0

[merged] mm-hmm-fix-race-between-hmm_mirror_unregister-and-mmu_notifier-callback.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/hmm: fix race between hmm_mirror_unregister() and mmu_notifier callback has been removed from the -mm tree. Its filename was mm-hmm-fix-race-between-hmm_mirror_unregister-and-mmu_notifier-callback.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Ralph Campbell <rcampbell(a)nvidia.com> Subject: mm/hmm: fix race between hmm_mirror_unregister() and mmu_notifier callback In hmm_mirror_unregister(), mm->hmm is set to NULL and then mmu_notifier_unregister_no_release() is called. That creates a small window where mmu_notifier can call mmu_notifier_ops with mm->hmm equal to NULL. Fix this by first unregistering mmu notifier callbacks and then setting mm->hmm to NULL. Similarly in hmm_register(), set mm->hmm before registering mmu_notifier callbacks so callback functions always see mm->hmm set. Link: http://lkml.kernel.org/r/20181019160442.18723-4-jglisse@redhat.com Signed-off-by: Ralph Campbell <rcampbell(a)nvidia.com> Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Reviewed-by: John Hubbard <jhubbard(a)nvidia.com> Reviewed-by: Jérôme Glisse <jglisse(a)redhat.com> Reviewed-by: Balbir Singh <bsingharora(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hmm.c | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) --- a/mm/hmm.c~mm-hmm-fix-race-between-hmm_mirror_unregister-and-mmu_notifier-callback +++ a/mm/hmm.c @@ -91,16 +91,6 @@ static struct hmm *hmm_register(struct m spin_lock_init(&hmm->lock); hmm->mm = mm; - /* - * We should only get here if hold the mmap_sem in write mode ie on - * registration of first mirror through hmm_mirror_register() - */ - hmm->mmu_notifier.ops = &hmm_mmu_notifier_ops; - if (__mmu_notifier_register(&hmm->mmu_notifier, mm)) { - kfree(hmm); - return NULL; - } - spin_lock(&mm->page_table_lock); if (!mm->hmm) mm->hmm = hmm; @@ -108,12 +98,27 @@ static struct hmm *hmm_register(struct m cleanup = true; spin_unlock(&mm->page_table_lock); - if (cleanup) { - mmu_notifier_unregister(&hmm->mmu_notifier, mm); - kfree(hmm); - } + if (cleanup) + goto error; + + /* + * We should only get here if hold the mmap_sem in write mode ie on + * registration of first mirror through hmm_mirror_register() + */ + hmm->mmu_notifier.ops = &hmm_mmu_notifier_ops; + if (__mmu_notifier_register(&hmm->mmu_notifier, mm)) + goto error_mm; return mm->hmm; + +error_mm: + spin_lock(&mm->page_table_lock); + if (mm->hmm == hmm) + mm->hmm = NULL; + spin_unlock(&mm->page_table_lock); +error: + kfree(hmm); + return NULL; } void hmm_mm_destroy(struct mm_struct *mm) @@ -278,12 +283,13 @@ void hmm_mirror_unregister(struct hmm_mi if (!should_unregister || mm == NULL) return; + mmu_notifier_unregister_no_release(&hmm->mmu_notifier, mm); + spin_lock(&mm->page_table_lock); if (mm->hmm == hmm) mm->hmm = NULL; spin_unlock(&mm->page_table_lock); - mmu_notifier_unregister_no_release(&hmm->mmu_notifier, mm); kfree(hmm); } EXPORT_SYMBOL(hmm_mirror_unregister); _ Patches currently in -mm which might be from rcampbell(a)nvidia.com are

7 years, 1 month

1
0
0 0

[merged] mm-rmap-map_pte-was-not-handling-private-zone_device-page-properly-v3.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly has been removed from the -mm tree. Its filename was mm-rmap-map_pte-was-not-handling-private-zone_device-page-properly-v3.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Ralph Campbell <rcampbell(a)nvidia.com> Subject: mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly Private ZONE_DEVICE pages use a special pte entry and thus are not present. Properly handle this case in map_pte(), it is already handled in check_pte(), the map_pte() part was lost in some rebase most probably. Without this patch the slow migration path can not migrate back to any private ZONE_DEVICE memory to regular memory. This was found after stress testing migration back to system memory. This ultimatly can lead to the CPU constantly page fault looping on the special swap entry. Link: http://lkml.kernel.org/r/20181019160442.18723-3-jglisse@redhat.com Signed-off-by: Ralph Campbell <rcampbell(a)nvidia.com> Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Reviewed-by: Balbir Singh <bsingharora(a)gmail.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_vma_mapped.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) --- a/mm/page_vma_mapped.c~mm-rmap-map_pte-was-not-handling-private-zone_device-page-properly-v3 +++ a/mm/page_vma_mapped.c @@ -21,7 +21,29 @@ static bool map_pte(struct page_vma_mapp if (!is_swap_pte(*pvmw->pte)) return false; } else { - if (!pte_present(*pvmw->pte)) + /* + * We get here when we are trying to unmap a private + * device page from the process address space. Such + * page is not CPU accessible and thus is mapped as + * a special swap entry, nonetheless it still does + * count as a valid regular mapping for the page (and + * is accounted as such in page maps count). + * + * So handle this special case as if it was a normal + * page mapping ie lock CPU page table and returns + * true. + * + * For more details on device private memory see HMM + * (include/linux/hmm.h or mm/hmm.c). + */ + if (is_swap_pte(*pvmw->pte)) { + swp_entry_t entry; + + /* Handle un-addressable ZONE_DEVICE memory */ + entry = pte_to_swp_entry(*pvmw->pte); + if (!is_device_private_entry(entry)) + return false; + } else if (!pte_present(*pvmw->pte)) return false; } } _ Patches currently in -mm which might be from rcampbell(a)nvidia.com are

7 years, 1 month

1
0
0 0

[PATCH 28/28] perf intel-pt/bts: Calculate cpumode for synthesized samples

by Arnaldo Carvalho de Melo

From: Adrian Hunter <adrian.hunter(a)intel.com> In the absence of a fallback, samples must provide a correct cpumode for the 'ip'. Do that now there is no fallback. Signed-off-by: Adrian Hunter <adrian.hunter(a)intel.com> Reviewed-by: Jiri Olsa <jolsa(a)kernel.org> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: David S. Miller <davem(a)davemloft.net> Cc: Leo Yan <leo.yan(a)linaro.org> Cc: Mathieu Poirier <mathieu.poirier(a)linaro.org> Cc: stable(a)vger.kernel.org # 4.19 Link: http://lkml.kernel.org/r/20181031091043.23465-6-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo <acme(a)redhat.com> --- tools/perf/util/intel-bts.c | 17 ++++++++++++----- tools/perf/util/intel-pt.c | 22 +++++++++++++--------- 2 files changed, 25 insertions(+), 14 deletions(-) diff --git a/tools/perf/util/intel-bts.c b/tools/perf/util/intel-bts.c index 3b3a3d55dca1..7b27d77306c2 100644 --- a/tools/perf/util/intel-bts.c +++ b/tools/perf/util/intel-bts.c @@ -269,6 +269,13 @@ static int intel_bts_do_fix_overlap(struct auxtrace_queue *queue, return 0; } +static inline u8 intel_bts_cpumode(struct intel_bts *bts, uint64_t ip) +{ + return machine__kernel_ip(bts->machine, ip) ? + PERF_RECORD_MISC_KERNEL : + PERF_RECORD_MISC_USER; +} + static int intel_bts_synth_branch_sample(struct intel_bts_queue *btsq, struct branch *branch) { @@ -281,12 +288,8 @@ static int intel_bts_synth_branch_sample(struct intel_bts_queue *btsq, bts->num_events++ <= bts->synth_opts.initial_skip) return 0; - event.sample.header.type = PERF_RECORD_SAMPLE; - event.sample.header.misc = PERF_RECORD_MISC_USER; - event.sample.header.size = sizeof(struct perf_event_header); - - sample.cpumode = PERF_RECORD_MISC_USER; sample.ip = le64_to_cpu(branch->from); + sample.cpumode = intel_bts_cpumode(bts, sample.ip); sample.pid = btsq->pid; sample.tid = btsq->tid; sample.addr = le64_to_cpu(branch->to); @@ -298,6 +301,10 @@ static int intel_bts_synth_branch_sample(struct intel_bts_queue *btsq, sample.insn_len = btsq->intel_pt_insn.length; memcpy(sample.insn, btsq->intel_pt_insn.buf, INTEL_PT_INSN_BUF_SZ); + event.sample.header.type = PERF_RECORD_SAMPLE; + event.sample.header.misc = sample.cpumode; + event.sample.header.size = sizeof(struct perf_event_header); + if (bts->synth_opts.inject) { event.sample.header.size = bts->branches_event_size; ret = perf_event__synthesize_sample(&event, diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c index 60732213d16a..86cc9a64e982 100644 --- a/tools/perf/util/intel-pt.c +++ b/tools/perf/util/intel-pt.c @@ -407,6 +407,13 @@ intel_pt_cache_lookup(struct dso *dso, struct machine *machine, u64 offset) return auxtrace_cache__lookup(dso->auxtrace_cache, offset); } +static inline u8 intel_pt_cpumode(struct intel_pt *pt, uint64_t ip) +{ + return ip >= pt->kernel_start ? + PERF_RECORD_MISC_KERNEL : + PERF_RECORD_MISC_USER; +} + static int intel_pt_walk_next_insn(struct intel_pt_insn *intel_pt_insn, uint64_t *insn_cnt_ptr, uint64_t *ip, uint64_t to_ip, uint64_t max_insn_cnt, @@ -429,10 +436,7 @@ static int intel_pt_walk_next_insn(struct intel_pt_insn *intel_pt_insn, if (to_ip && *ip == to_ip) goto out_no_cache; - if (*ip >= ptq->pt->kernel_start) - cpumode = PERF_RECORD_MISC_KERNEL; - else - cpumode = PERF_RECORD_MISC_USER; + cpumode = intel_pt_cpumode(ptq->pt, *ip); thread = ptq->thread; if (!thread) { @@ -1059,15 +1063,11 @@ static void intel_pt_prep_b_sample(struct intel_pt *pt, union perf_event *event, struct perf_sample *sample) { - event->sample.header.type = PERF_RECORD_SAMPLE; - event->sample.header.misc = PERF_RECORD_MISC_USER; - event->sample.header.size = sizeof(struct perf_event_header); - if (!pt->timeless_decoding) sample->time = tsc_to_perf_time(ptq->timestamp, &pt->tc); - sample->cpumode = PERF_RECORD_MISC_USER; sample->ip = ptq->state->from_ip; + sample->cpumode = intel_pt_cpumode(pt, sample->ip); sample->pid = ptq->pid; sample->tid = ptq->tid; sample->addr = ptq->state->to_ip; @@ -1076,6 +1076,10 @@ static void intel_pt_prep_b_sample(struct intel_pt *pt, sample->flags = ptq->flags; sample->insn_len = ptq->insn_len; memcpy(sample->insn, ptq->insn, INTEL_PT_INSN_BUF_SZ); + + event->sample.header.type = PERF_RECORD_SAMPLE; + event->sample.header.misc = sample->cpumode; + event->sample.header.size = sizeof(struct perf_event_header); } static int intel_pt_inject_event(union perf_event *event, -- 2.14.4

7 years, 1 month

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror