- Linux-stable-mirror - lists.linaro.org

[PATCH v3 2/3] ioremap: Update pgtable free interfaces with addr

by Toshi Kani

From: Chintan Pandya <cpandya(a)codeaurora.org> This patch ("mm/vmalloc: Add interfaces to free unmapped page table") adds following 2 interfaces to free the page table in case we implement huge mapping. pud_free_pmd_page() and pmd_free_pte_page() Some architectures (like arm64) needs to do proper TLB maintanance after updating pagetable entry even in map. Why ? Read this, https://patchwork.kernel.org/patch/10134581/ Pass 'addr' in these interfaces so that proper TLB ops can be performed. [toshi(a)hpe.com: merge changes] Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Signed-off-by: Chintan Pandya <cpandya(a)codeaurora.org> Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: <stable(a)vger.kernel.org> --- arch/arm64/mm/mmu.c | 4 ++-- arch/x86/mm/pgtable.c | 12 +++++++----- include/asm-generic/pgtable.h | 8 ++++---- lib/ioremap.c | 4 ++-- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 2dbb2c9f1ec1..da98828609a1 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -973,12 +973,12 @@ int pmd_clear_huge(pmd_t *pmdp) return 1; } -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return pud_none(*pud); } -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return pmd_none(*pmd); } diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index 3f7180bc5f52..f60fdf411103 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -719,11 +719,12 @@ int pmd_clear_huge(pmd_t *pmd) /** * pud_free_pmd_page - Clear pud entry and free pmd page. * @pud: Pointer to a PUD. + * @addr: Virtual address associated with pud. * * Context: The pud range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { pmd_t *pmd; int i; @@ -734,7 +735,7 @@ int pud_free_pmd_page(pud_t *pud) pmd = (pmd_t *)pud_page_vaddr(*pud); for (i = 0; i < PTRS_PER_PMD; i++) - if (!pmd_free_pte_page(&pmd[i])) + if (!pmd_free_pte_page(&pmd[i], addr + (i * PMD_SIZE))) return 0; pud_clear(pud); @@ -746,11 +747,12 @@ int pud_free_pmd_page(pud_t *pud) /** * pmd_free_pte_page - Clear pmd entry and free pte page. * @pmd: Pointer to a PMD. + * @addr: Virtual address associated with pmd. * * Context: The pmd range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { pte_t *pte; @@ -766,7 +768,7 @@ int pmd_free_pte_page(pmd_t *pmd) #else /* !CONFIG_X86_64 */ -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return pud_none(*pud); } @@ -775,7 +777,7 @@ int pud_free_pmd_page(pud_t *pud) * Disable free page handling on x86-PAE. This assures that ioremap() * does not update sync'd pmd entries. See vmalloc_sync_one(). */ -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return pmd_none(*pmd); } diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h index f59639afaa39..b081794ba135 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h @@ -1019,8 +1019,8 @@ int pud_set_huge(pud_t *pud, phys_addr_t addr, pgprot_t prot); int pmd_set_huge(pmd_t *pmd, phys_addr_t addr, pgprot_t prot); int pud_clear_huge(pud_t *pud); int pmd_clear_huge(pmd_t *pmd); -int pud_free_pmd_page(pud_t *pud); -int pmd_free_pte_page(pmd_t *pmd); +int pud_free_pmd_page(pud_t *pud, unsigned long addr); +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr); #else /* !CONFIG_HAVE_ARCH_HUGE_VMAP */ static inline int p4d_set_huge(p4d_t *p4d, phys_addr_t addr, pgprot_t prot) { @@ -1046,11 +1046,11 @@ static inline int pmd_clear_huge(pmd_t *pmd) { return 0; } -static inline int pud_free_pmd_page(pud_t *pud) +static inline int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return 0; } -static inline int pmd_free_pte_page(pmd_t *pmd) +static inline int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return 0; } diff --git a/lib/ioremap.c b/lib/ioremap.c index 54e5bbaa3200..517f5853ffed 100644 --- a/lib/ioremap.c +++ b/lib/ioremap.c @@ -92,7 +92,7 @@ static inline int ioremap_pmd_range(pud_t *pud, unsigned long addr, if (ioremap_pmd_enabled() && ((next - addr) == PMD_SIZE) && IS_ALIGNED(phys_addr + addr, PMD_SIZE) && - pmd_free_pte_page(pmd)) { + pmd_free_pte_page(pmd, addr)) { if (pmd_set_huge(pmd, phys_addr + addr, prot)) continue; } @@ -119,7 +119,7 @@ static inline int ioremap_pud_range(p4d_t *p4d, unsigned long addr, if (ioremap_pud_enabled() && ((next - addr) == PUD_SIZE) && IS_ALIGNED(phys_addr + addr, PUD_SIZE) && - pud_free_pmd_page(pud)) { + pud_free_pmd_page(pud, addr)) { if (pud_set_huge(pud, phys_addr + addr, prot)) continue; }

7 years, 5 months

3
2
0 0

FAILED: patch "[PATCH] btrfs: Take trans lock before access running trans in" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 998ac6d21cfd6efd58f5edf420bae8839dda9f2a Mon Sep 17 00:00:00 2001 From: ethanwu <ethanwu(a)synology.com> Date: Sun, 29 Apr 2018 15:59:42 +0800 Subject: [PATCH] btrfs: Take trans lock before access running trans in check_delayed_ref In preivous patch: Btrfs: kill trans in run_delalloc_nocow and btrfs_cross_ref_exist We avoid starting btrfs transaction and get this information from fs_info->running_transaction directly. When accessing running_transaction in check_delayed_ref, there's a chance that current transaction will be freed by commit transaction after the NULL pointer check of running_transaction is passed. After looking all the other places using fs_info->running_transaction, they are either protected by trans_lock or holding the transactions. Fix this by using trans_lock and increasing the use_count. Fixes: e4c3b2dcd144 ("Btrfs: kill trans in run_delalloc_nocow and btrfs_cross_ref_exist") CC: stable(a)vger.kernel.org # 4.14+ Signed-off-by: ethanwu <ethanwu(a)synology.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index f99102063366..3871658b6ab1 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -3142,7 +3142,11 @@ static noinline int check_delayed_ref(struct btrfs_root *root, struct rb_node *node; int ret = 0; + spin_lock(&root->fs_info->trans_lock); cur_trans = root->fs_info->running_transaction; + if (cur_trans) + refcount_inc(&cur_trans->use_count); + spin_unlock(&root->fs_info->trans_lock); if (!cur_trans) return 0; @@ -3151,6 +3155,7 @@ static noinline int check_delayed_ref(struct btrfs_root *root, head = btrfs_find_delayed_ref_head(delayed_refs, bytenr); if (!head) { spin_unlock(&delayed_refs->lock); + btrfs_put_transaction(cur_trans); return 0; } @@ -3167,6 +3172,7 @@ static noinline int check_delayed_ref(struct btrfs_root *root, mutex_lock(&head->mutex); mutex_unlock(&head->mutex); btrfs_put_delayed_ref_head(head); + btrfs_put_transaction(cur_trans); return -EAGAIN; } spin_unlock(&delayed_refs->lock); @@ -3199,6 +3205,7 @@ static noinline int check_delayed_ref(struct btrfs_root *root, } spin_unlock(&head->lock); mutex_unlock(&head->mutex); + btrfs_put_transaction(cur_trans); return ret; }

7 years, 5 months

3
2
0 0

[PATCH 1/2][stable-4.4] arm64: introduce mov_q macro to move a constant into a 64-bit register

by Suzuki K Poulose

commit 30b5ba5cf333cc650e474eaf2cc1ae91bc7cf89f upstream Implement a macro mov_q that can be used to move an immediate constant into a 64-bit register, using between 2 and 4 movz/movk instructions (depending on the operand) Cc: stable(a)vger.kernel.org # v4.4 Acked-by: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> --- Cherry picked for backport of "commit ece1397cbc89c51914fae1aec729539cfd8bd62b upstream" --- arch/arm64/include/asm/assembler.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h index 12eff92..83e2309 100644 --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -204,4 +204,24 @@ lr .req x30 // link register .size __pi_##x, . - x; \ ENDPROC(x) + /* + * mov_q - move an immediate constant into a 64-bit register using + * between 2 and 4 movz/movk instructions (depending on the + * magnitude and sign of the operand) + */ + .macro mov_q, reg, val + .if (((\val) >> 31) == 0 || ((\val) >> 31) == 0x1ffffffff) + movz \reg, :abs_g1_s:\val + .else + .if (((\val) >> 47) == 0 || ((\val) >> 47) == 0x1ffff) + movz \reg, :abs_g2_s:\val + .else + movz \reg, :abs_g3:\val + movk \reg, :abs_g2_nc:\val + .endif + movk \reg, :abs_g1_nc:\val + .endif + movk \reg, :abs_g0_nc:\val + .endm + #endif /* __ASM_ASSEMBLER_H */ -- 2.7.4

7 years, 5 months

2
2
0 0

[PATCH 4.4 00/72] 4.4.127-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.127 release. There are 72 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Apr 8 08:42:48 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.127-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.127-rc1 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ip6_vti: adjust vti mtu according to mtu of lower device" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> net: cavium: liquidio: fix up "Avoid dma_unmap_single on uninitialized ndata" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> spi: davinci: fix up dma_mapping_error() incorrect patch Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "mtip32xx: use runtime tag to initialize command header" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "cpufreq: Fix governor module removal race" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()" Dan Williams <dan.j.williams(a)intel.com> nospec: Kill array_index_nospec_mask_check() Will Deacon <will.deacon(a)arm.com> nospec: Move array_index_nospec() parameter checking into separate macro Matthias Brugger <matthias.bgg(a)gmail.com> net: hns: Fix ethtool private flags Guoqing Jiang <gqjiang(a)suse.com> md/raid10: reset the 'first' at the end of loop Keerthy <j-keerthy(a)ti.com> ARM: dts: am57xx-beagle-x15-common: Add overide powerhold property Keerthy <j-keerthy(a)ti.com> ARM: dts: dra7: Add power hold and power controller properties to palmas Keerthy <j-keerthy(a)ti.com> Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property definition Mike Frysinger <vapier(a)chromium.org> vt: change SGR 21 to follow the standards Ondrej Zary <linux(a)rainbow-software.org> Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad Dennis Wassenberg <dennis.wassenberg(a)secunet.com> Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list Frank Mori Hess <fmh6jj(a)gmail.com> staging: comedi: ni_mio_common: ack ai fifo error interrupts. Andy Lutomirski <luto(a)kernel.org> fs/proc: Stop trying to report thread stacks Eric Biggers <ebiggers(a)google.com> crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one Herbert Xu <herbert(a)gondor.apana.org.au> crypto: ahash - Fix early termination in hash walk Alexander Gerasiov <gq(a)redlab-i.ru> parport_pc: Add support for WCH CH382L PCI-E single parallel port card. Oliver Neukum <oneukum(a)suse.com> media: usbtv: prevent double free in error case Colin Ian King <colin.king(a)canonical.com> mei: remove dev_err message on an unsupported ioctl Johan Hovold <johan(a)kernel.org> USB: serial: cp210x: add ELDAT Easywave RX09 id Clemens Werther <clemens.werther(a)gmail.com> USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator Major Hayden <major(a)mhtx.net> USB: serial: ftdi_sio: add RT Systems VX-8 cable John Stultz <john.stultz(a)linaro.org> usb: dwc2: Improve gadget state disconnection handling Paolo Bonzini <pbonzini(a)redhat.com> scsi: virtio_scsi: always read VPD pages for multiqueue too Alexander Potapenko <glider(a)google.com> llist: clang: introduce member_address_is_nonnull() Szymon Janc <szymon.janc(a)codecoup.pl> Bluetooth: Fix missing encryption refresh on Security Request Florian Westphal <fw(a)strlen.de> netfilter: x_tables: add and use xt_check_proc_name Florian Westphal <fw(a)strlen.de> netfilter: bridge: ebt_among: add more missing match size checks Steffen Klassert <steffen.klassert(a)secunet.com> xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems Greg Hackmann <ghackmann(a)google.com> net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() Roland Dreier <roland(a)purestorage.com> RDMA/ucma: Introduce safer rdma_addr_size() variants Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Don't allow join attempts for unsupported AF family Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Check that device exists prior to accessing it Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Check that device is connected prior to access it Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Ensure that CM_ID exists prior to access it Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Fix use-after-free access in ucma_close Leon Romanovsky <leonro(a)mellanox.com> RDMA/ucma: Check AF family prior resolving address Florian Westphal <fw(a)strlen.de> xfrm_user: uncoditionally validate esn replay attribute struct Nick Desaulniers <ndesaulniers(a)google.com> arm64: avoid overflow in VA_START and PAGE_OFFSET Matthias Kaehlcke <mka(a)chromium.org> selinux: Remove redundant check for unknown labeling behavior Matthias Kaehlcke <mka(a)chromium.org> netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch Arnd Bergmann <arnd(a)arndb.de> tty: provide tty_name() even without CONFIG_TTY Richard Guy Briggs <rgb(a)redhat.com> audit: add tty field to LOGIN event Matthias Kaehlcke <mka(a)chromium.org> frv: declare jiffies to be located in the .data section Matthias Kaehlcke <mka(a)chromium.org> jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp Mark Charlebois <charlebm(a)gmail.com> fs: compat: Remove warning from COMPATIBLE_IOCTL Matthias Kaehlcke <mka(a)chromium.org> selinux: Remove unnecessary check of array base in selinux_set_mapping() Matthias Kaehlcke <mka(a)chromium.org> cpumask: Add helper cpumask_available() Matthias Kaehlcke <mka(a)chromium.org> genirq: Use cpumask_available() for check of cpumask variable Nick Desaulniers <ndesaulniers(a)google.com> netfilter: nf_nat_h323: fix logical-not-parentheses warning Nick Desaulniers <nick.desaulniers(a)gmail.com> Input: mousedev - fix implicit conversion warning Matthias Kaehlcke <mka(a)chromium.org> dm ioctl: remove double parentheses Matthias Kaehlcke <mka(a)chromium.org> PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant Kaixu Xia <xiakaixu(a)huawei.com> writeback: fix the wrong congested state variable definition Colin Ian King <colin.king(a)canonical.com> ACPI, PCI, irq: remove redundant check for null string pointer Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Fix to set RWX bits correctly before releasing trampoline Krzysztof Opasiak <kopasiak90(a)gmail.com> usb: gadget: f_hid: fix: Prevent accessing released memory Felipe F. Tonello <eu(a)felipetonello.com> usb: gadget: align buffer size when allocating for OUT endpoint Felipe F. Tonello <eu(a)felipetonello.com> usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align Felipe F. Tonello <eu(a)felipetonello.com> usb: gadget: change len to size_t on alloc_ep_req() Felipe F. Tonello <eu(a)felipetonello.com> usb: gadget: define free_ep_req as universal function Richard Narron <comet.berkeley(a)gmail.com> partitions/msdos: Unable to mount UFS 44bsd partitions Linus Torvalds <torvalds(a)linux-foundation.org> perf/hwbp: Simplify the perf-hwbp code, fix documentation Dan Carpenter <dan.carpenter(a)oracle.com> ALSA: pcm: potential uninitialized return values Stefan Roese <sr(a)denx.de> ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() Linus Walleij <linus.walleij(a)linaro.org> mtd: jedec_probe: Fix crash in jedec_read_mfr() ------------- Diffstat: .../devicetree/bindings/pinctrl/pinctrl-palmas.txt | 9 +++ Documentation/filesystems/proc.txt | 26 --------- Makefile | 4 +- arch/arm/boot/dts/am335x-pepper.dts | 2 +- arch/arm/boot/dts/am57xx-beagle-x15.dts | 1 + arch/arm/boot/dts/dra7-evm.dts | 2 + arch/arm/boot/dts/omap3-n900.dts | 4 +- arch/arm64/include/asm/memory.h | 6 +- arch/frv/include/asm/timex.h | 6 ++ arch/x86/crypto/cast5_avx_glue.c | 3 +- arch/x86/kernel/kprobes/core.c | 9 +++ block/partitions/msdos.c | 4 +- crypto/ahash.c | 7 ++- drivers/acpi/pci_irq.c | 3 - drivers/block/mtip32xx/mtip32xx.c | 36 ++++-------- drivers/cpufreq/cpufreq.c | 6 -- drivers/infiniband/core/addr.c | 16 ++++++ drivers/infiniband/core/ucma.c | 67 +++++++++++++++------- drivers/input/mousedev.c | 62 +++++++++++--------- drivers/input/serio/i8042-x86ia64io.h | 24 ++++++++ drivers/md/dm-ioctl.c | 4 +- drivers/md/raid10.c | 1 + drivers/media/usb/usbtv/usbtv-core.c | 2 + drivers/misc/mei/main.c | 1 - drivers/mtd/chips/jedec_probe.c | 2 + drivers/net/ethernet/cavium/liquidio/lio_main.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 4 +- drivers/parport/parport_pc.c | 4 ++ drivers/pci/pci-driver.c | 2 + drivers/pci/probe.c | 2 +- drivers/pci/setup-res.c | 2 +- drivers/scsi/virtio_scsi.c | 1 + drivers/spi/spi-davinci.c | 2 +- drivers/staging/comedi/drivers/ni_mio_common.c | 2 + drivers/tty/vt/vt.c | 6 +- drivers/usb/dwc2/hcd.c | 7 ++- drivers/usb/gadget/function/f_hid.c | 24 ++++++-- drivers/usb/gadget/function/f_midi.c | 6 -- drivers/usb/gadget/function/f_sourcesink.c | 6 -- drivers/usb/gadget/function/g_zero.h | 1 - drivers/usb/gadget/u_f.c | 6 +- drivers/usb/gadget/u_f.h | 26 ++++++++- drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 9 +++ fs/compat_ioctl.c | 2 +- fs/proc/task_mmu.c | 29 ++++------ fs/proc/task_nommu.c | 28 ++++----- include/linux/audit.h | 24 ++++++++ include/linux/cpumask.h | 10 ++++ include/linux/jiffies.h | 13 ++--- include/linux/llist.h | 21 ++++++- include/linux/netfilter/x_tables.h | 2 + include/linux/nospec.h | 14 ----- include/linux/tty.h | 4 +- include/linux/usb/gadget.h | 17 +++++- include/rdma/ib_addr.h | 2 + include/uapi/linux/pci_regs.h | 2 +- kernel/audit.c | 18 ++---- kernel/auditsc.c | 8 ++- kernel/events/hw_breakpoint.c | 30 +++------- kernel/irq/manage.c | 2 +- kernel/kprobes.c | 2 +- mm/backing-dev.c | 4 +- net/bluetooth/smp.c | 8 ++- net/bridge/netfilter/ebt_among.c | 34 +++++++++++ net/ipv4/netfilter/nf_nat_h323.c | 57 +++++++++--------- net/ipv6/ip6_vti.c | 20 ------- net/netfilter/nf_conntrack_netlink.c | 7 +-- net/netfilter/x_tables.c | 30 ++++++++++ net/netfilter/xt_hashlimit.c | 5 +- net/netfilter/xt_recent.c | 6 +- net/xfrm/xfrm_ipcomp.c | 2 +- net/xfrm/xfrm_state.c | 5 ++ net/xfrm/xfrm_user.c | 21 +++---- security/selinux/hooks.c | 16 ------ security/selinux/ss/services.c | 2 +- sound/core/oss/pcm_oss.c | 4 +- sound/core/pcm_native.c | 2 +- 82 files changed, 522 insertions(+), 357 deletions(-)

7 years, 5 months

6
81
0 0

[PATCH 4.14] xfrm: Use __skb_queue_tail in xfrm_trans_queue

by Alistair Strachan

From: Herbert Xu <herbert(a)gondor.apana.org.au> commit d16b46e4fd8bc6063624605f25b8c0835bb1fbe3 upstream. From: Herbert Xu <herbert(a)gondor.apana.org.au> We do not need locking in xfrm_trans_queue because it is designed to use per-CPU buffers. However, the original code incorrectly used skb_queue_tail which takes the lock. This patch switches it to __skb_queue_tail instead. Fixes the following stack trace seen when testing ipsec: BUG: spinlock bad magic on CPU#1, xfrm_algorithm_/945 lock: 0xffff8fb3dfd1fe78, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0 CPU: 1 PID: 945 Comm: xfrm_algorithm_ Not tainted 4.14.40-00047-g99a610f9568b #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Call Trace: dump_stack+0xa1/0xd0 ? spin_bug+0x99/0xb0 do_raw_spin_lock+0x5c/0x90 _raw_spin_lock_irqsave+0x33/0x60 skb_queue_tail+0x17/0x40 ? xfrm4_rcv+0x40/0x40 xfrm_trans_queue+0x5c/0xa0 ? nf_hook_slow+0x3d/0xb0 xfrm4_transport_finish+0x1a1/0x1d0 ? xfrm4_transport_finish+0x1d0/0x1d0 xfrm_input+0x7f4/0x920 xfrm4_esp_rcv+0x2e/0x60 ip_local_deliver_finish+0x140/0x210 ip_local_deliver+0xc7/0xf0 ? ip_local_deliver+0xf0/0xf0 ip_rcv+0x2f9/0x410 ? ip_rcv+0x410/0x410 __netif_receive_skb_core+0x927/0xa50 netif_receive_skb_internal+0xef/0x190 ? __skb_get_hash_symmetric+0xbc/0x110 netif_receive_skb+0x90/0xc0 tun_get_user+0xd30/0xfc0 tun_chr_write_iter+0x5a/0x80 __vfs_write+0x10c/0x150 vfs_write+0xdf/0x190 SyS_write+0x4c/0xb0 do_syscall_64+0x59/0x70 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Reported-and-tested-by: Artem Savkov <asavkov(a)redhat.com> Fixes: e095ecaec6d9 ("xfrm: Reinject transport-mode packets...") Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Cc: stable(a)vger.kernel.org Cc: kernel-team(a)android.com Signed-off-by: Alistair Strachan <astrachan(a)google.com> --- net/xfrm/xfrm_input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 3f6f6f8c9fa5..5b2409746ae0 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c @@ -518,7 +518,7 @@ int xfrm_trans_queue(struct sk_buff *skb, return -ENOBUFS; XFRM_TRANS_SKB_CB(skb)->finish = finish; - skb_queue_tail(&trans->queue, skb); + __skb_queue_tail(&trans->queue, skb); tasklet_schedule(&trans->tasklet); return 0; } -- 2.17.0.441.gb46fe60e1d-goog

7 years, 5 months

2
1
0 0

[PATCH 4.4 00/97] 4.4.129-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.129 release. There are 97 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Apr 24 13:52:47 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.129-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.129-rc1 Greg Thelen <gthelen(a)google.com> writeback: safer lock nesting Amir Goldstein <amir73il(a)gmail.com> fanotify: fix logic of events on child wangguang <wang.guang55(a)zte.com.cn> ext4: bugfix for mmaped pages in mpage_release_unused_pages() Matthew Wilcox <mawilcox(a)microsoft.com> mm/filemap.c: fix NULL pointer in page_cache_tree_insert() Michal Hocko <mhocko(a)suse.com> mm: allow GFP_{FS,IO} for page_cache_read page cache allocation Ian Kent <raven(a)themaw.net> autofs: mount point create should honour passed in mode Al Viro <viro(a)zeniv.linux.org.uk> Don't leak MNT_INTERNAL away from internal mounts Al Viro <viro(a)zeniv.linux.org.uk> rpc_pipefs: fix double-dput() Al Viro <viro(a)zeniv.linux.org.uk> hypfs_kill_super(): deal with failed allocations Al Viro <viro(a)zeniv.linux.org.uk> jffs2_kill_sb(): deal with failed allocations Michael Ellerman <mpe(a)ellerman.id.au> powerpc/lib: Fix off-by-one in alternate feature patching Michael Neuling <mikey(a)neuling.org> powerpc/eeh: Fix enabling bridge MMIO windows Matt Redfearn <matt.redfearn(a)mips.com> MIPS: memset.S: Fix clobber of v1 in last_fixup Matt Redfearn <matt.redfearn(a)mips.com> MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup Matt Redfearn <matt.redfearn(a)mips.com> MIPS: memset.S: EVA & fault support for small_memset Matt Redfearn <matt.redfearn(a)mips.com> MIPS: uaccess: Add micromips clobbers to bzero invocation Rodrigo Rivas Costa <rodrigorivascosta(a)gmail.com> HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device David Wang <davidwang(a)zhaoxin.com> ALSA: hda - New VIA controller suppor no-snoop path Takashi Iwai <tiwai(a)suse.de> ALSA: rawmidi: Fix missing input substream checks in compat ioctls Fabián Inostroza <soulsonceonfire(a)gmail.com> ALSA: line6: Use correct endpoint type for midi output Theodore Ts'o <tytso(a)mit.edu> ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea() Jan Kara <jack(a)suse.cz> ext4: fix crashes in dioread_nolock mode Paul Parsons <lost.distance(a)yahoo.com> drm/radeon: Fix PCIe lane width calculation Theodore Ts'o <tytso(a)mit.edu> ext4: don't allow r/w mounts if metadata blocks overlap the superblock Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Virtualize Maximum Read Request Size Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Virtualize Maximum Payload Size Alex Williamson <alex.williamson(a)redhat.com> vfio-pci: Virtualize PCIe & AF FLR Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Avoid potential races between OSS ioctls and read/write Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation Nicholas Mc Guire <hofrat(a)osadl.org> ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc Igor Pylypiv <igor.pylypiv(a)gmail.com> watchdog: f71808e_wdt: Fix WD_EN register read Mikhail Lappo <mikhail.lappo(a)esrlabs.com> thermal: imx: Fix race condition in imx_thermal_probe() Boris Brezillon <boris.brezillon(a)bootlin.com> clk: bcm2835: De-assert/assert PLL reset signal when appropriate Richard Genoud <richard.genoud(a)gmail.com> clk: mvebu: armada-38x: add support for missing clocks Ralph Sennhauser <ralph.sennhauser(a)gmail.com> clk: mvebu: armada-38x: add support for 1866MHz variants Alex Smith <alex.smith(a)imgtec.com> mmc: jz4740: Fix race condition in IRQ mask update Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Fix a potential memory leak Krzysztof Mazur <krzysiek(a)podlesie.net> um: Use POSIX ucontext_t instead of struct ucontext Maxime Jayat <maxime.jayat(a)mobile-devices.fr> dmaengine: at_xdmac: fix rare residue corruption Bart Van Assche <bart.vanassche(a)wdc.com> IB/srp: Fix completion vector assignment algorithm Bart Van Assche <bart.vanassche(a)wdc.com> IB/srp: Fix srp_abort() Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix UAF at PCM release via PCM timer access Roland Dreier <roland(a)purestorage.com> RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device Theodore Ts'o <tytso(a)mit.edu> ext4: fail ext4_iget for root directory if unallocated Theodore Ts'o <tytso(a)mit.edu> ext4: add validity checks for bitmap block numbers Theodore Ts'o <tytso(a)mit.edu> ext4: don't update checksum of new initialized bitmaps Theodore Ts'o <tytso(a)mit.edu> jbd2: if the journal is aborted then don't allow update of the log tail Theodore Ts'o <tytso(a)mit.edu> random: use a tighter cap in credit_entropy_bits_safe() Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Resume control channel after hibernation image is created James Kelly <jamespeterkelly(a)gmail.com> ASoC: ssm2602: Replace reg_default_raw with reg_default Aaron Ma <aaron.ma(a)canonical.com> HID: core: Fix size as type u32 Aaron Ma <aaron.ma(a)canonical.com> HID: Fix hid_report_len usage Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops Nicholas Piggin <npiggin(a)gmail.com> powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently Nicholas Piggin <npiggin(a)gmail.com> powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() Aaron Ma <aaron.ma(a)canonical.com> HID: i2c-hid: fix size check and type usage Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: pci: Properly cleanup resource Zhengjun Xing <zhengjun.xing(a)linux.intel.com> USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw Mika Westerberg <mika.westerberg(a)linux.intel.com> ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() Hans de Goede <hdegoede(a)redhat.com> ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E Dan Carpenter <dan.carpenter(a)oracle.com> regmap: Fix reversed bounds check in regmap_raw_write() Jason Andryuk <jandryuk(a)gmail.com> xen-netfront: Fix hang on device removal Santiago Esteban <Santiago.Esteban(a)microchip.com> ARM: dts: at91: sama5d4: fix pinctrl compatible string Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property Heinrich Schuchardt <xypron.glpk(a)gmx.de> usb: musb: gadget: misplaced out of bounds check Vlastimil Babka <vbabka(a)suse.cz> mm, slab: reschedule cache_reap() on the same CPU Eric Biggers <ebiggers(a)google.com> ipc/shm: fix use-after-free of shm file via remap_file_pages() Takashi Iwai <tiwai(a)suse.de> resource: fix integer overflow at reallocation Andrew Morton <akpm(a)linux-foundation.org> fs/reiserfs/journal.c: add missing resierfs_warning() arg Richard Weinberger <richard(a)nod.at> ubi: Reject MLC NAND Romain Izard <romain.izard.pro(a)gmail.com> ubi: Fix error for write access Richard Weinberger <richard(a)nod.at> ubi: fastmap: Don't flush fastmap work on detach Richard Weinberger <richard(a)nod.at> ubifs: Check ubifs_wbuf_sync() return code Tejun Heo <tj(a)kernel.org> tty: make n_tty_read() always abort if hangup is in progress Ville Syrjälä <ville.syrjala(a)linux.intel.com> x86/hweight: Don't clobber %rdi Borislav Petkov <bp(a)suse.de> x86/hweight: Get rid of the special calling convention Phil Elwell <phil(a)raspberrypi.org> lan78xx: Correctly indicate invalid OTP Tejaswi Tanikella <tejaswit(a)codeaurora.org> slip: Check if rstate is initialized before uncompressing Bassem Boubaker <bassem.boubaker(a)actia.fr> cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN Marek Szyprowski <m.szyprowski(a)samsung.com> hwmon: (ina2xx) Fix access to uninitialized mutex Sudhir Sreedharan <ssreedharan(a)mvista.com> rtl8187: Fix NULL pointer dereference in priv->conf_mutex Al Viro <viro(a)zeniv.linux.org.uk> getname_kernel() needs to make sure that ->name != ->iname in long case Vasily Gorbik <gor(a)linux.ibm.com> s390/ipl: ensure loadparm valid flag is set Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qdio: don't merge ERROR output buffers Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qdio: don't retry EQBS after CCQ 96 Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> block/loop: fix deadlock after loop_set_status Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "perf tests: Decompress kernel module before objdump" Arnd Bergmann <arnd(a)arndb.de> radeon: hide pointless #warning when compile testing Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix timestamp following overflow Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix error recovery from missing TIP packet Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix sync_switch Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix overlap detection to identify consecutive buffers correctly Helge Deller <deller(a)gmx.de> parisc: Fix out of array access in match_pci_device() Mauro Carvalho Chehab <mchehab(a)s-opensource.com> media: v4l2-compat-ioctl32: don't oops on overlay ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/at91sam9g25.dtsi | 2 +- arch/arm/boot/dts/sama5d4.dtsi | 2 +- arch/mips/include/asm/uaccess.h | 11 +- arch/mips/lib/memset.S | 11 +- arch/parisc/kernel/drivers.c | 4 + arch/powerpc/include/asm/barrier.h | 3 +- arch/powerpc/include/asm/synch.h | 4 - arch/powerpc/kernel/eeh_pe.c | 3 +- arch/powerpc/lib/feature-fixups.c | 2 +- arch/powerpc/platforms/powernv/opal-nvram.c | 11 +- arch/s390/hypfs/inode.c | 2 +- arch/s390/kernel/ipl.c | 1 + arch/um/os-Linux/signal.c | 2 +- arch/x86/Kconfig | 5 - arch/x86/include/asm/arch_hweight.h | 24 ++- arch/x86/kernel/i386_ksyms_32.c | 2 + arch/x86/kernel/x8664_ksyms_64.c | 3 + arch/x86/lib/Makefile | 2 +- arch/x86/lib/hweight.S | 79 +++++++++ arch/x86/um/stub_segv.c | 2 +- drivers/acpi/video_detect.c | 9 + drivers/base/regmap/regmap.c | 2 +- drivers/block/loop.c | 12 +- drivers/char/random.c | 2 +- drivers/clk/bcm/clk-bcm2835.c | 8 +- drivers/clk/mvebu/armada-38x.c | 15 +- drivers/dma/at_xdmac.c | 4 +- drivers/gpu/drm/radeon/radeon_object.c | 3 +- drivers/gpu/drm/radeon/si_dpm.c | 4 +- drivers/hid/hid-core.c | 10 +- drivers/hid/hid-input.c | 3 +- drivers/hid/hid-multitouch.c | 5 +- drivers/hid/hid-rmi.c | 4 +- drivers/hid/hidraw.c | 5 + drivers/hid/i2c-hid/i2c-hid.c | 13 +- drivers/hwmon/ina2xx.c | 3 +- drivers/infiniband/core/ucma.c | 3 + drivers/infiniband/ulp/srp/ib_srp.c | 18 +- drivers/iommu/intel-svm.c | 1 + drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 4 +- drivers/mmc/host/jz4740_mmc.c | 2 +- drivers/mtd/ubi/block.c | 2 +- drivers/mtd/ubi/build.c | 11 ++ drivers/mtd/ubi/fastmap-wl.c | 1 - drivers/net/slip/slhc.c | 5 + drivers/net/usb/cdc_ether.c | 6 + drivers/net/usb/lan78xx.c | 3 +- drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 2 +- drivers/net/xen-netfront.c | 7 +- drivers/pci/hotplug/acpiphp_glue.c | 23 ++- drivers/s390/cio/qdio_main.c | 42 ++--- drivers/thermal/imx_thermal.c | 6 +- drivers/thunderbolt/nhi.c | 1 + drivers/tty/n_tty.c | 6 + drivers/tty/tty_io.c | 9 + drivers/usb/core/generic.c | 9 +- drivers/usb/dwc3/dwc3-pci.c | 2 +- drivers/usb/musb/musb_gadget_ep0.c | 14 +- drivers/vfio/pci/vfio_pci_config.c | 107 +++++++++++- drivers/watchdog/f71808e_wdt.c | 2 +- fs/autofs4/root.c | 2 +- fs/ext4/balloc.c | 19 ++- fs/ext4/ialloc.c | 54 ++---- fs/ext4/inline.c | 66 ++++--- fs/ext4/inode.c | 48 +++--- fs/ext4/super.c | 6 + fs/ext4/xattr.c | 30 ++-- fs/ext4/xattr.h | 32 ++++ fs/fs-writeback.c | 7 +- fs/jbd2/journal.c | 5 +- fs/jffs2/super.c | 2 +- fs/namei.c | 3 +- fs/namespace.c | 3 +- fs/notify/fanotify/fanotify.c | 34 ++-- fs/reiserfs/journal.c | 2 +- fs/ubifs/super.c | 14 +- include/linux/backing-dev-defs.h | 5 + include/linux/backing-dev.h | 31 ++-- include/linux/hid.h | 6 +- include/linux/mm.h | 4 + include/linux/tty.h | 1 + include/net/slhc_vj.h | 1 + include/sound/pcm_oss.h | 1 + ipc/shm.c | 23 ++- kernel/resource.c | 3 +- lib/Makefile | 2 - lib/hweight.c | 4 + mm/filemap.c | 16 +- mm/memory.c | 17 ++ mm/page-writeback.c | 18 +- mm/slab.c | 3 +- net/sunrpc/rpc_pipe.c | 1 + sound/core/oss/pcm_oss.c | 189 ++++++++++++++++----- sound/core/pcm.c | 8 +- sound/core/rawmidi_compat.c | 18 +- sound/pci/hda/hda_intel.c | 3 +- sound/soc/codecs/ssm2602.c | 19 ++- sound/usb/line6/midi.c | 2 +- tools/perf/tests/code-reading.c | 20 +-- .../perf/util/intel-pt-decoder/intel-pt-decoder.c | 64 ++++--- .../perf/util/intel-pt-decoder/intel-pt-decoder.h | 2 +- tools/perf/util/intel-pt.c | 37 +++- 103 files changed, 943 insertions(+), 449 deletions(-)

7 years, 5 months

8
103
0 0

[PATCH] sched/rt: fix call to cpufreq_update_util

by Vincent Guittot

With commit 8f111bc357aa ("cpufreq/schedutil: Rewrite CPUFREQ_RT support") schedutil governor uses rq->rt.rt_nr_running to detect whether a RT task is currently running on the CPU and to set frequency to max if necessary. cpufreq_update_util() is called in enqueue/dequeue_top_rt_rq() but rq->rt.rt_nr_running as not been updated yet when dequeue_top_rt_rq() is called so schedutil still considers that a RT task is running when the last task is dequeued. The update of rq->rt.rt_nr_running happens later in dequeue_rt_stack() Fixes: 8f111bc357aa ('cpufreq/schedutil: Rewrite CPUFREQ_RT support') Cc: <stable(a)vger.kernel.org> # v4.16+ Signed-off-by: Vincent Guittot <vincent.guittot(a)linaro.org> --- kernel/sched/rt.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c index 7aef6b4..6e74d3d 100644 --- a/kernel/sched/rt.c +++ b/kernel/sched/rt.c @@ -1001,8 +1001,6 @@ dequeue_top_rt_rq(struct rt_rq *rt_rq) sub_nr_running(rq, rt_rq->rt_nr_running); rt_rq->rt_queued = 0; - /* Kick cpufreq (see the comment in kernel/sched/sched.h). */ - cpufreq_update_util(rq, 0); } static void @@ -1288,6 +1286,9 @@ static void dequeue_rt_stack(struct sched_rt_entity *rt_se, unsigned int flags) if (on_rt_rq(rt_se)) __dequeue_rt_entity(rt_se, flags); } + + /* Kick cpufreq (see the comment in kernel/sched/sched.h). */ + cpufreq_update_util(rq_of_rt_rq(rt_rq_of_se(back)), 0); } static void enqueue_rt_entity(struct sched_rt_entity *rt_se, unsigned int flags) -- 2.7.4

7 years, 5 months

2
2
0 0

[PATCH v3 1/3] x86/mm: disable ioremap free page handling on x86-PAE

by Toshi Kani

ioremap() supports pmd mappings on x86-PAE. However, kernel's pmd tables are not shared among processes on x86-PAE. Therefore, any update to sync'd pmd entries need re-syncing. Freeing a pte page also leads to a vmalloc fault and hits the BUG_ON in vmalloc_sync_one(). Disable free page handling on x86-PAE. pud_free_pmd_page() and pmd_free_pte_page() simply return 0 if a given pud/pmd entry is present. This assures that ioremap() does not update sync'd pmd entries at the cost of falling back to pte mappings. Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Reported-by: Joerg Roedel <joro(a)8bytes.org> Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <stable(a)vger.kernel.org> --- arch/x86/mm/pgtable.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index ffc8c13c50e4..3f7180bc5f52 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -715,6 +715,7 @@ int pmd_clear_huge(pmd_t *pmd) return 0; } +#ifdef CONFIG_X86_64 /** * pud_free_pmd_page - Clear pud entry and free pmd page. * @pud: Pointer to a PUD. @@ -762,4 +763,22 @@ int pmd_free_pte_page(pmd_t *pmd) return 1; } + +#else /* !CONFIG_X86_64 */ + +int pud_free_pmd_page(pud_t *pud) +{ + return pud_none(*pud); +} + +/* + * Disable free page handling on x86-PAE. This assures that ioremap() + * does not update sync'd pmd entries. See vmalloc_sync_one(). + */ +int pmd_free_pte_page(pmd_t *pmd) +{ + return pmd_none(*pmd); +} + +#endif /* CONFIG_X86_64 */ #endif /* CONFIG_HAVE_ARCH_HUGE_VMAP */

7 years, 5 months

1
0
0 0

[PATCH] media: gl861: fix probe of dvb_usb_gl861

by mika.batsman＠gmail.com

From: Mika Båtsman <mika.batsman(a)gmail.com> Probe of dvb_usb_gl861 was working at least with v4.4. Noticed the issue with v4.13 but according to similar issues the problem started with v4.9. [ 15.288065] transfer buffer not dma capable [ 15.288090] WARNING: CPU: 2 PID: 493 at drivers/usb/core/hcd.c:1595 usb_hcd_map_urb_for_dma+0x4e2/0x640 ...CUT... [ 15.288791] dvb_usb_gl861: probe of 3-7:1.0 failed with error -5 Tested with MSI Mega Sky 580 DVB-T Tuner [GL861] Cc: stable(a)vger.kernel.org Signed-off-by: Mika Båtsman <mika.batsman(a)gmail.com> --- drivers/media/usb/dvb-usb-v2/gl861.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/gl861.c b/drivers/media/usb/dvb-usb-v2/gl861.c index b1b09c5..0a988e3 100644 --- a/drivers/media/usb/dvb-usb-v2/gl861.c +++ b/drivers/media/usb/dvb-usb-v2/gl861.c @@ -20,15 +20,22 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, u16 value = addr << (8 + 1); int wo = (rbuf == NULL || rlen == 0); /* write-only */ u8 req, type; + int ret; + void *dmadata; if (wo) { req = GL861_REQ_I2C_WRITE; type = GL861_WRITE; + dmadata = kmemdup(wbuf, wlen, GFP_KERNEL); } else { /* rw */ req = GL861_REQ_I2C_READ; type = GL861_READ; + dmadata = kmalloc(rlen, GFP_KERNEL); } + if (!dmadata) + return -ENOMEM; + switch (wlen) { case 1: index = wbuf[0]; @@ -45,8 +52,14 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, msleep(1); /* avoid I2C errors */ - return usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), req, type, - value, index, rbuf, rlen, 2000); + ret = usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), req, type, + value, index, dmadata, rlen, 2000); + + if (!wo) + memcpy(rbuf, dmadata, rlen); + + kfree(dmadata); + return ret; } /* I2C */ -- 2.7.4

7 years, 5 months

1
0
0 0

[PATCH] media: gl861: fix probe of dvb_usb_gl861

by mika.batsman＠gmail.com

From: Mika Båtsman <mika.batsman(a)gmail.com> Probe of dvb_usb_gl861 was working at least with v4.4. Noticed the issue with v4.13 but according to similar issues the problem started with v4.9. [ 15.288065] transfer buffer not dma capable [ 15.288090] WARNING: CPU: 2 PID: 493 at drivers/usb/core/hcd.c:1595 usb_hcd_map_urb_for_dma+0x4e2/0x640 ...CUT... [ 15.288791] dvb_usb_gl861: probe of 3-7:1.0 failed with error -5 Tested with MSI Mega Sky 580 DVB-T Tuner [GL861] Cc: stable(a)vger.kernel.org Signed-off-by: Mika Båtsman <mika.batsman(a)gmail.com> --- drivers/media/usb/dvb-usb-v2/gl861.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/dvb-usb-v2/gl861.c b/drivers/media/usb/dvb-usb-v2/gl861.c index b1b09c5..0a988e3 100644 --- a/drivers/media/usb/dvb-usb-v2/gl861.c +++ b/drivers/media/usb/dvb-usb-v2/gl861.c @@ -20,15 +20,22 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, u16 value = addr << (8 + 1); int wo = (rbuf == NULL || rlen == 0); /* write-only */ u8 req, type; + int ret; + void *dmadata; if (wo) { req = GL861_REQ_I2C_WRITE; type = GL861_WRITE; + dmadata = kmemdup(wbuf, wlen, GFP_KERNEL); } else { /* rw */ req = GL861_REQ_I2C_READ; type = GL861_READ; + dmadata = kmalloc(rlen, GFP_KERNEL); } + if (!dmadata) + return -ENOMEM; + switch (wlen) { case 1: index = wbuf[0]; @@ -45,8 +52,14 @@ static int gl861_i2c_msg(struct dvb_usb_device *d, u8 addr, msleep(1); /* avoid I2C errors */ - return usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), req, type, - value, index, rbuf, rlen, 2000); + ret = usb_control_msg(d->udev, usb_rcvctrlpipe(d->udev, 0), req, type, + value, index, dmadata, rlen, 2000); + + if (!wo) + memcpy(rbuf, dmadata, rlen); + + kfree(dmadata); + return ret; } /* I2C */ -- 2.7.4

7 years, 5 months

1
0
0 0

[PATCH] ubi: fastmap: Cancel work upon detach

by Richard Weinberger

Ben Hutchings pointed out that 29b7a6fa1ec0 ("ubi: fastmap: Don't flush fastmap work on detach") does not really fix the problem, it just reduces the risk to hit the race window where fastmap work races against free()'ing ubi->volumes[]. The correct approach is making sure that no more fastmap work is in progress before we free ubi data structures. So we cancel fastmap work right after the ubi background thread is stopped. By setting ubi->thread_enabled to zero we make sure that no further work tries to wake the thread. Fixes: 29b7a6fa1ec0 ("ubi: fastmap: Don't flush fastmap work on detach") Fixes: 74cdaf24004a ("UBI: Fastmap: Fix memory leaks while closing the WL sub-system") Cc: stable(a)vger.kernel.org Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Cc: Martin Townsend <mtownsend1973(a)gmail.com> Signed-off-by: Richard Weinberger <richard(a)nod.at> --- drivers/mtd/ubi/build.c | 3 +++ drivers/mtd/ubi/wl.c | 4 +--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c index 6326a02e4568..0cf3356424cd 100644 --- a/drivers/mtd/ubi/build.c +++ b/drivers/mtd/ubi/build.c @@ -1100,6 +1100,9 @@ int ubi_detach_mtd_dev(int ubi_num, int anyway) if (ubi->bgt_thread) kthread_stop(ubi->bgt_thread); +#ifdef CONFIG_MTD_UBI_FASTMAP + cancel_work_sync(&ubi->fm_work); +#endif ubi_debugfs_exit_dev(ubi); uif_close(ubi); diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c index 3cc302924899..6bbb968fe9da 100644 --- a/drivers/mtd/ubi/wl.c +++ b/drivers/mtd/ubi/wl.c @@ -1505,6 +1505,7 @@ int ubi_thread(void *u) } dbg_wl("background thread \"%s\" is killed", ubi->bgt_name); + ubi->thread_enabled = 0; return 0; } @@ -1514,9 +1515,6 @@ int ubi_thread(void *u) */ static void shutdown_work(struct ubi_device *ubi) { -#ifdef CONFIG_MTD_UBI_FASTMAP - flush_work(&ubi->fm_work); -#endif while (!list_empty(&ubi->works)) { struct ubi_work *wrk; -- 2.13.6

7 years, 5 months

1
0
0 0

[PATCH 4/7] nbd: use bd_set_size when updating disk size

by Josef Bacik

From: Josef Bacik <jbacik(a)fb.com> When we stopped relying on the bdev everywhere I broke updating the block device size on the fly, which ceph relies on. We can't just do set_capacity, we also have to do bd_set_size so things like parted will notice the device size change. Fixes: 29eaadc ("nbd: stop using the bdev everywhere") cc: stable(a)vger.kernel.org Signed-off-by: Josef Bacik <jbacik(a)fb.com> --- drivers/block/nbd.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c index b709abf3cb79..64278f472efe 100644 --- a/drivers/block/nbd.c +++ b/drivers/block/nbd.c @@ -234,9 +234,18 @@ static void nbd_size_clear(struct nbd_device *nbd) static void nbd_size_update(struct nbd_device *nbd) { struct nbd_config *config = nbd->config; + struct block_device *bdev = bdget_disk(nbd->disk, 0); + blk_queue_logical_block_size(nbd->disk->queue, config->blksize); blk_queue_physical_block_size(nbd->disk->queue, config->blksize); set_capacity(nbd->disk, config->bytesize >> 9); + if (bdev) { + if (bdev->bd_disk) + bd_set_size(bdev, config->bytesize); + else + bdev->bd_invalidated = 1; + bdput(bdev); + } kobject_uevent(&nbd_to_dev(nbd)->kobj, KOBJ_CHANGE); } @@ -1114,7 +1123,6 @@ static int nbd_start_device_ioctl(struct nbd_device *nbd, struct block_device *b if (ret) return ret; - bd_set_size(bdev, config->bytesize); if (max_part) bdev->bd_invalidated = 1; mutex_unlock(&nbd->config_lock); -- 2.14.3

7 years, 5 months

1
0
0 0

[PATCH 3/7] nbd: update size when connected

by Josef Bacik

From: Josef Bacik <jbacik(a)fb.com> I messed up changing the size of an NBD device while it was connected by not actually updating the device or doing the uevent. Fix this by updating everything if we're connected and we change the size. cc: stable(a)vger.kernel.org Fixes: 639812a ("nbd: don't set the device size until we're connected") Signed-off-by: Josef Bacik <jbacik(a)fb.com> --- drivers/block/nbd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c index 9710a0c338b0..b709abf3cb79 100644 --- a/drivers/block/nbd.c +++ b/drivers/block/nbd.c @@ -246,6 +246,8 @@ static void nbd_size_set(struct nbd_device *nbd, loff_t blocksize, struct nbd_config *config = nbd->config; config->blksize = blocksize; config->bytesize = blocksize * nr_blocks; + if (nbd->task_recv != NULL) + nbd_size_update(nbd); } static void nbd_complete_rq(struct request *req) -- 2.14.3

7 years, 5 months

1
0
0 0

[PATCH 2/7] nbd: fix nbd device deletion

by Josef Bacik

From: Josef Bacik <jbacik(a)fb.com> This fixes a use after free bug, we shouldn't be doing disk->queue right after we do del_gendisk(disk). Save the queue and do the cleanup after the del_gendisk. Fixes: c6a4759ea0c9 ("nbd: add device refcounting") cc: stable(a)vger.kernel.org Signed-off-by: Josef Bacik <jbacik(a)fb.com> --- drivers/block/nbd.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c index afbc202ca6fd..9710a0c338b0 100644 --- a/drivers/block/nbd.c +++ b/drivers/block/nbd.c @@ -173,9 +173,12 @@ static const struct device_attribute pid_attr = { static void nbd_dev_remove(struct nbd_device *nbd) { struct gendisk *disk = nbd->disk; + struct request_queue *q; + if (disk) { + q = disk->queue; del_gendisk(disk); - blk_cleanup_queue(disk->queue); + blk_cleanup_queue(q); blk_mq_free_tag_set(&nbd->tag_set); disk->private_data = NULL; put_disk(disk); -- 2.14.3

7 years, 5 months

1
0
0 0

Linux 4.16.9

by Greg KH

I'm announcing the release of the 4.16.9 kernel. All users of the 4.16 kernel series must upgrade. The updated 4.16.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.16.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/imx35.dtsi | 4 arch/arm/boot/dts/imx53.dtsi | 4 arch/x86/events/core.c | 8 + arch/x86/events/intel/cstate.c | 2 arch/x86/events/msr.c | 9 + crypto/af_alg.c | 8 - drivers/ata/libata-core.c | 3 drivers/atm/zatm.c | 3 drivers/bluetooth/btusb.c | 19 +++ drivers/clk/ti/clock.h | 9 + drivers/gpio/gpio-aspeed.c | 2 drivers/gpio/gpiolib.c | 7 - drivers/gpu/drm/drm_atomic.c | 8 + drivers/gpu/drm/i915/intel_cdclk.c | 41 +++++++- drivers/gpu/drm/i915/intel_dp.c | 20 ---- drivers/gpu/drm/i915/intel_lvds.c | 3 drivers/gpu/drm/nouveau/nouveau_bo.c | 1 drivers/gpu/drm/nouveau/nouveau_bo.h | 2 drivers/gpu/drm/nouveau/nouveau_ttm.c | 6 - drivers/gpu/drm/nouveau/nv50_display.c | 7 - drivers/gpu/drm/ttm/ttm_page_alloc.c | 11 +- drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 3 drivers/gpu/drm/vc4/vc4_plane.c | 2 drivers/i2c/i2c-dev.c | 2 drivers/md/dm-integrity.c | 2 drivers/mtd/nand/marvell_nand.c | 12 +- drivers/net/can/flexcan.c | 26 ++--- drivers/net/can/spi/hi311x.c | 11 +- drivers/net/can/usb/kvaser_usb.c | 2 drivers/nvme/host/core.c | 3 drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 12 ++ drivers/pci/pci.c | 37 +++++-- drivers/thermal/samsung/exynos_tmu.c | 14 ++ fs/ceph/file.c | 10 +- fs/cifs/cifsfs.c | 13 ++ fs/fs-writeback.c | 2 include/linux/bpf.h | 4 include/linux/oom.h | 2 include/linux/wait_bit.h | 17 +++ include/net/inet_timewait_sock.h | 1 include/net/nexthop.h | 2 kernel/bpf/core.c | 45 +++++---- kernel/compat.c | 1 kernel/events/callchain.c | 10 -- kernel/events/ring_buffer.c | 7 + kernel/sched/autogroup.c | 7 + kernel/sched/core.c | 7 + kernel/sched/cpufreq_schedutil.c | 3 kernel/trace/bpf_trace.c | 25 ++++- kernel/trace/trace_events_filter.c | 3 kernel/trace/trace_uprobe.c | 2 lib/swiotlb.c | 2 mm/backing-dev.c | 3 mm/memcontrol.c | 3 mm/mmap.c | 44 +++++--- mm/oom_kill.c | 81 ++++++++-------- mm/sparse.c | 2 mm/z3fold.c | 42 ++++++-- net/atm/lec.c | 9 + net/bridge/netfilter/ebtables.c | 11 +- net/core/dev_addr_lists.c | 4 net/core/skbuff.c | 1 net/dccp/ipv4.c | 1 net/dccp/ipv6.c | 1 net/ipv4/inet_timewait_sock.c | 1 net/ipv4/inetpeer.c | 1 net/ipv4/route.c | 11 +- net/ipv4/tcp.c | 2 net/kcm/kcmsock.c | 1 net/netfilter/ipvs/ip_vs_ctl.c | 8 - net/netfilter/ipvs/ip_vs_sync.c | 155 ++++++++++++++++--------------- net/netlink/af_netlink.c | 2 net/rds/tcp.c | 17 +-- net/rfkill/rfkill-gpio.c | 7 + 76 files changed, 557 insertions(+), 323 deletions(-) Alexander Popov (1): i2c: dev: prevent ZERO_SIZE_PTR deref in i2cdev_ioctl_rdwr() Ben Skeggs (1): drm/nouveau/ttm: don't dereference nvbo::cli, it can outlive client Boris Brezillon (1): drm/vc4: Fix scaling of uni-planar formats Charles Machalow (1): nvme: Fix sync controller reset return Chris Packham (1): mtd: rawnand: marvell: pass ms delay to wait_op David Rientjes (1): mm, oom: fix concurrent munlock and oom reaper unmap, v3 Eric Dumazet (10): crypto: af_alg - fix possible uninit-value in alg_bind() netlink: fix uninit-value in netlink_sendmsg net: fix rtnh_ok() net: initialize skb->peeked when cloning net: fix uninit-value in __hw_addr_add_ex() dccp: initialize ireq->ir_mark ipv4: fix uninit-value in ip_route_output_key_hash_rcu() soreuseport: initialise timewait reuseport field inetpeer: fix uninit-value in inet_getpeer tcp: fix TCP_REPAIR_QUEUE bound checking Florent Flament (1): drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log Florian Westphal (1): netfilter: ebtables: don't attempt to allocate 0-sized compat array Govert Overgaauw (1): gpio: fix aspeed_gpio unmask irq Greg Kroah-Hartman (1): Linux 4.16.9 Gustavo A. R. Silva (2): net: atm: Fix potential Spectre v1 atm: zatm: Fix potential Spectre v1 Hans de Goede (4): libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome chipsets Ilya Dryomov (1): ceph: fix rsize/wsize capping in ceph_direct_read_write() Jan Kara (1): bdi: Fix oops in wb_workfn() Jann Horn (1): compat: fix 4-byte infoleak via uninitialized struct field Jean Delvare (1): swiotlb: silent unwanted warning "buffer is full" Jens Axboe (1): nvme: add quirk to force medium priority for SQ creation Jimmy Assarsson (1): can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() Jiri Olsa (1): perf: Remove superfluous allocation error check Johan Hovold (1): rfkill: gpio: fix memory leak in probe error path Julian Anastasov (1): ipvs: fix rtnl_lock lockups caused by start_sync_thread Kai Heng Feng (1): PCI / PM: Always check PME wakeup capability for runtime wakeup support Lukas Wunner (2): can: hi311x: Acquire SPI lock on ->do_get_berr_counter can: hi311x: Work around TX complete interrupt erratum Lyude Paul (1): drm/nouveau: Fix deadlock in nv50_mstm_register_connector() Marek Szyprowski (2): thermal: exynos: Reading temperature makes sense only when TMU is turned on thermal: exynos: Propagate error value from tmu_read() Masami Hiramatsu (1): tracing/uprobe_event: Fix strncpy corner case Michal Hocko (1): memcg: fix per_node_info cleanup Michel Dänzer (1): drm/ttm: Use GFP_TRANSHUGE_LIGHT for allocating huge pages Mikulas Patocka (1): dm integrity: use kvfree for kvmalloc'd memory Miquel Raynal (1): mtd: rawnand: marvell: fix command xtype in BCH write hook Pavel Tatashin (1): mm: sections are not offlined during memory hotremove Peter Zijlstra (7): sched/core: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() Rafael J. Wysocki (2): PCI / PM: Check device_may_wakeup() in pci_enable_wake() cpufreq: schedutil: Avoid using invalid next_freq Rodrigo Vivi (1): drm/i915: Adjust eDP's logical vco in a reliable place. Sowmini Varadhan (1): rds: tcp: must use spin_lock_irq* and not spin_lock_bh with rds_tcp_conn_lock Steve French (1): smb3: directory sync should not return an error Steven Rostedt (VMware) (1): tracing: Fix regex_match_front() to not over compare the test string Tero Kristo (1): clk: ti: fix flag space conflict with clkctrl clocks Tetsuo Handa (2): bdi: wake up concurrent wb_shutdown() callers. bdi: Fix use after free bug in debugfs_remove() Timur Tabi (1): gpioib: do not free unrequested descriptors Tom Herbert (1): kcm: Call strp_stop before strp_done in kcm_attach Uwe Kleine-König (3): gpio: fix error path in lineevent_create can: flexcan: fix endianess detection arm: dts: imx[35]*: declare flexcan devices to be compatible to imx25's flexcan Ville Syrjälä (2): drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear() drm/atomic: Clean private obj old_state/new_state in drm_atomic_state_default_clear() Vitaly Wool (1): z3fold: fix reclaim lock-ups Yonghong Song (1): bpf/tracing: fix a deadlock in perf_event_detach_bpf_prog

7 years, 5 months

1
1
0 0

Linux 4.14.41

by Greg KH

I'm announcing the release of the 4.14.41 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arm64/silicon-errata.txt | 1 Makefile | 2 arch/arm64/Kconfig | 14 ++ arch/arm64/include/asm/assembler.h | 40 ++++++++ arch/arm64/include/asm/cputype.h | 2 arch/arm64/mm/proc.S | 5 + arch/powerpc/kvm/book3s_64_mmu_radix.c | 72 +++++++++----- arch/powerpc/kvm/book3s_hv.c | 17 +-- arch/powerpc/kvm/book3s_hv_rmhandlers.S | 8 + arch/x86/events/core.c | 8 + arch/x86/events/intel/cstate.c | 2 arch/x86/events/msr.c | 9 + arch/x86/kvm/lapic.c | 37 ++++--- crypto/af_alg.c | 8 - drivers/ata/libata-core.c | 3 drivers/atm/zatm.c | 3 drivers/bluetooth/btusb.c | 19 +++ drivers/gpio/gpio-aspeed.c | 2 drivers/gpio/gpiolib.c | 7 - drivers/gpu/drm/drm_atomic.c | 8 + drivers/gpu/drm/i915/intel_lvds.c | 3 drivers/gpu/drm/nouveau/nv50_display.c | 7 - drivers/gpu/drm/vc4/vc4_plane.c | 2 drivers/md/dm-integrity.c | 2 drivers/net/can/spi/hi311x.c | 11 +- drivers/net/can/usb/kvaser_usb.c | 2 drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 12 ++ drivers/pci/pci.c | 37 +++++-- drivers/thermal/samsung/exynos_tmu.c | 14 ++ fs/ceph/file.c | 10 +- fs/cifs/cifsfs.c | 13 ++ fs/fs-writeback.c | 2 include/linux/oom.h | 2 include/linux/wait_bit.h | 17 +++ include/net/inet_timewait_sock.h | 1 include/net/nexthop.h | 2 kernel/compat.c | 1 kernel/events/callchain.c | 10 -- kernel/events/ring_buffer.c | 7 + kernel/sched/autogroup.c | 7 + kernel/sched/cpufreq_schedutil.c | 3 kernel/trace/trace_events_filter.c | 3 kernel/trace/trace_uprobe.c | 2 mm/backing-dev.c | 2 mm/memcontrol.c | 3 mm/mmap.c | 44 +++++---- mm/oom_kill.c | 74 ++++++++------- mm/sparse.c | 2 mm/z3fold.c | 42 ++++++-- net/atm/lec.c | 9 + net/bridge/netfilter/ebtables.c | 11 +- net/core/dev_addr_lists.c | 4 net/core/skbuff.c | 1 net/dccp/ipv4.c | 1 net/dccp/ipv6.c | 1 net/ipv4/inet_timewait_sock.c | 1 net/ipv4/inetpeer.c | 1 net/ipv4/route.c | 11 +- net/ipv4/tcp.c | 2 net/kcm/kcmsock.c | 1 net/netfilter/ipvs/ip_vs_ctl.c | 8 - net/netfilter/ipvs/ip_vs_sync.c | 155 ++++++++++++++++---------------- net/netlink/af_netlink.c | 2 net/rfkill/rfkill-gpio.c | 7 + 65 files changed, 542 insertions(+), 282 deletions(-) Anthoine Bourgeois (1): KVM: x86: remove APIC Timer periodic/oneshot spikes Boris Brezillon (1): drm/vc4: Fix scaling of uni-planar formats David Rientjes (1): mm, oom: fix concurrent munlock and oom reaper unmap, v3 Eric Dumazet (10): crypto: af_alg - fix possible uninit-value in alg_bind() netlink: fix uninit-value in netlink_sendmsg net: fix rtnh_ok() net: initialize skb->peeked when cloning net: fix uninit-value in __hw_addr_add_ex() dccp: initialize ireq->ir_mark ipv4: fix uninit-value in ip_route_output_key_hash_rcu() soreuseport: initialise timewait reuseport field inetpeer: fix uninit-value in inet_getpeer tcp: fix TCP_REPAIR_QUEUE bound checking Florent Flament (1): drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log Florian Westphal (1): netfilter: ebtables: don't attempt to allocate 0-sized compat array Govert Overgaauw (1): gpio: fix aspeed_gpio unmask irq Greg Kroah-Hartman (1): Linux 4.14.41 Gustavo A. R. Silva (2): net: atm: Fix potential Spectre v1 atm: zatm: Fix potential Spectre v1 Hans de Goede (4): libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome chipsets Ilya Dryomov (1): ceph: fix rsize/wsize capping in ceph_direct_read_write() Jan Kara (1): bdi: Fix oops in wb_workfn() Jann Horn (1): compat: fix 4-byte infoleak via uninitialized struct field Jens Axboe (1): nvme: add quirk to force medium priority for SQ creation Jimmy Assarsson (1): can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() Jiri Olsa (1): perf: Remove superfluous allocation error check Johan Hovold (1): rfkill: gpio: fix memory leak in probe error path Julian Anastasov (1): ipvs: fix rtnl_lock lockups caused by start_sync_thread Kai Heng Feng (1): PCI / PM: Always check PME wakeup capability for runtime wakeup support Laurent Vivier (1): KVM: PPC: Book3S HV: Fix guest time accounting with VIRT_CPU_ACCOUNTING_GEN Lukas Wunner (2): can: hi311x: Acquire SPI lock on ->do_get_berr_counter can: hi311x: Work around TX complete interrupt erratum Lyude Paul (1): drm/nouveau: Fix deadlock in nv50_mstm_register_connector() Marek Szyprowski (2): thermal: exynos: Reading temperature makes sense only when TMU is turned on thermal: exynos: Propagate error value from tmu_read() Masami Hiramatsu (1): tracing/uprobe_event: Fix strncpy corner case Michal Hocko (1): memcg: fix per_node_info cleanup Mikulas Patocka (1): dm integrity: use kvfree for kvmalloc'd memory Paul Mackerras (3): KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler Pavel Tatashin (1): mm: sections are not offlined during memory hotremove Peter Zijlstra (6): sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() Rafael J. Wysocki (2): PCI / PM: Check device_may_wakeup() in pci_enable_wake() cpufreq: schedutil: Avoid using invalid next_freq Steve French (1): smb3: directory sync should not return an error Steven Rostedt (VMware) (1): tracing: Fix regex_match_front() to not over compare the test string Suzuki K Poulose (1): arm64: Add work around for Arm Cortex-A55 Erratum 1024718 Tetsuo Handa (1): bdi: wake up concurrent wb_shutdown() callers. Timur Tabi (1): gpioib: do not free unrequested descriptors Tom Herbert (1): kcm: Call strp_stop before strp_done in kcm_attach Uwe Kleine-König (1): gpio: fix error path in lineevent_create Ville Syrjälä (2): drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear() drm/atomic: Clean private obj old_state/new_state in drm_atomic_state_default_clear() Vitaly Wool (1): z3fold: fix reclaim lock-ups

7 years, 5 months

1
1
0 0

Linux 4.9.100

by Greg KH

I'm announcing the release of the 4.9.100 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arm64/silicon-errata.txt | 1 Makefile | 2 arch/arm64/Kconfig | 14 ++ arch/arm64/include/asm/assembler.h | 40 ++++++++ arch/arm64/include/asm/cputype.h | 5 + arch/arm64/mm/proc.S | 5 + arch/powerpc/kvm/book3s_hv_rmhandlers.S | 8 + arch/x86/events/core.c | 8 + arch/x86/events/intel/cstate.c | 2 arch/x86/events/msr.c | 9 + crypto/af_alg.c | 8 - drivers/ata/libata-core.c | 3 drivers/atm/zatm.c | 3 drivers/bluetooth/btusb.c | 2 drivers/gpio/gpio-aspeed.c | 2 drivers/gpio/gpiolib.c | 7 - drivers/gpu/drm/i915/intel_lvds.c | 3 drivers/gpu/drm/vc4/vc4_plane.c | 2 drivers/infiniband/core/device.c | 3 drivers/net/can/usb/kvaser_usb.c | 2 drivers/thermal/samsung/exynos_tmu.c | 14 ++ fs/f2fs/data.c | 2 fs/fs-writeback.c | 2 include/net/inet_timewait_sock.h | 1 include/net/nexthop.h | 2 kernel/events/callchain.c | 10 -- kernel/events/ring_buffer.c | 7 + kernel/trace/trace_events_filter.c | 3 kernel/trace/trace_uprobe.c | 2 net/atm/lec.c | 9 + net/core/dev_addr_lists.c | 4 net/core/skbuff.c | 1 net/dccp/ipv4.c | 1 net/dccp/ipv6.c | 1 net/ipv4/inet_timewait_sock.c | 1 net/ipv4/tcp.c | 2 net/kcm/kcmsock.c | 1 net/netfilter/ipvs/ip_vs_ctl.c | 8 - net/netfilter/ipvs/ip_vs_sync.c | 155 ++++++++++++++++---------------- net/netlink/af_netlink.c | 2 net/rfkill/rfkill-gpio.c | 7 + 41 files changed, 237 insertions(+), 127 deletions(-) Boris Brezillon (1): drm/vc4: Fix scaling of uni-planar formats Eric Dumazet (8): crypto: af_alg - fix possible uninit-value in alg_bind() netlink: fix uninit-value in netlink_sendmsg net: fix rtnh_ok() net: initialize skb->peeked when cloning net: fix uninit-value in __hw_addr_add_ex() dccp: initialize ireq->ir_mark soreuseport: initialise timewait reuseport field tcp: fix TCP_REPAIR_QUEUE bound checking Florent Flament (1): drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log Govert Overgaauw (1): gpio: fix aspeed_gpio unmask irq Greg Kroah-Hartman (1): Linux 4.9.100 Gustavo A. R. Silva (2): net: atm: Fix potential Spectre v1 atm: zatm: Fix potential Spectre v1 Hans de Goede (2): libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" Jan Kara (1): bdi: Fix oops in wb_workfn() Jimmy Assarsson (1): can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() Jiri Olsa (1): perf: Remove superfluous allocation error check Johan Hovold (1): rfkill: gpio: fix memory leak in probe error path Julian Anastasov (1): ipvs: fix rtnl_lock lockups caused by start_sync_thread Marek Szyprowski (2): thermal: exynos: Reading temperature makes sense only when TMU is turned on thermal: exynos: Propagate error value from tmu_read() Masami Hiramatsu (1): tracing/uprobe_event: Fix strncpy corner case Paul Mackerras (1): KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry Peter Zijlstra (5): perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() Sagi Grimberg (1): IB/device: Convert ib-comp-wq to be CPU-bound Steven Rostedt (VMware) (1): tracing: Fix regex_match_front() to not over compare the test string Suzuki K Poulose (1): arm64: Add work around for Arm Cortex-A55 Erratum 1024718 Timur Tabi (1): gpioib: do not free unrequested descriptors Tom Herbert (1): kcm: Call strp_stop before strp_done in kcm_attach Uwe Kleine-König (1): gpio: fix error path in lineevent_create Wei Fang (1): f2fs: fix a dead loop in f2fs_fiemap()

7 years, 5 months

1
1
0 0

Linux 4.4.132

by Greg KH

I'm announcing the release of the 4.4.132 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/s390/kvm/kvm-s390.c | 4 arch/x86/kernel/cpu/perf_event.c | 8 arch/x86/kernel/cpu/perf_event_intel_cstate.c | 2 arch/x86/kernel/cpu/perf_event_msr.c | 9 crypto/af_alg.c | 8 drivers/ata/libata-core.c | 3 drivers/atm/zatm.c | 3 drivers/bluetooth/btusb.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 1 drivers/infiniband/core/ucma.c | 2 drivers/infiniband/hw/mlx5/qp.c | 22 - drivers/input/input-leds.c | 8 drivers/input/touchscreen/atmel_mxt_ts.c | 9 drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 78 +++ drivers/net/can/usb/kvaser_usb.c | 2 drivers/net/usb/qmi_wwan.c | 1 drivers/net/wireless/ath/ath10k/core.c | 8 drivers/net/wireless/ath/ath10k/core.h | 4 drivers/net/wireless/ath/ath10k/htt_rx.c | 100 ++++ drivers/net/wireless/ath/wcn36xx/txrx.c | 2 drivers/usb/core/config.c | 4 drivers/usb/musb/musb_host.c | 4 drivers/usb/serial/option.c | 448 +++++++--------------- drivers/usb/serial/visor.c | 69 +-- fs/f2fs/data.c | 2 fs/fs-writeback.c | 2 fs/xfs/xfs_file.c | 14 include/net/inet_timewait_sock.h | 1 include/net/mac80211.h | 14 include/net/nexthop.h | 2 kernel/bpf/arraymap.c | 2 kernel/bpf/hashtab.c | 9 kernel/bpf/syscall.c | 20 kernel/events/callchain.c | 10 kernel/events/core.c | 2 kernel/events/ring_buffer.c | 7 kernel/trace/trace_events_filter.c | 3 kernel/trace/trace_uprobe.c | 2 kernel/tracepoint.c | 4 mm/percpu.c | 1 net/atm/lec.c | 9 net/core/dev_addr_lists.c | 4 net/core/skbuff.c | 1 net/dccp/ipv4.c | 1 net/dccp/ipv6.c | 1 net/ipv4/inet_timewait_sock.c | 1 net/ipv4/tcp.c | 2 net/mac80211/util.c | 5 net/mac80211/wep.c | 3 net/mac80211/wpa.c | 45 +- net/netfilter/ipvs/ip_vs_ctl.c | 8 net/netfilter/ipvs/ip_vs_sync.c | 155 +++---- net/netlink/af_netlink.c | 2 net/rfkill/rfkill-gpio.c | 7 net/xfrm/xfrm_user.c | 2 sound/core/pcm_compat.c | 2 sound/core/seq/seq_virmidi.c | 4 sound/drivers/aloop.c | 29 + tools/testing/selftests/firmware/fw_filesystem.sh | 6 60 files changed, 655 insertions(+), 530 deletions(-) Alan Stern (1): USB: Accept bulk endpoints with 1024-byte maxpacket Alexander Yarygin (1): KVM: s390: Enable all facility bits that are known good for passthrough Ben Hutchings (1): test_firmware: fix setting old custom fw path back on exit, second try Bin Liu (1): usb: musb: host: fix potential NULL pointer dereference Danit Goldberg (1): IB/mlx5: Use unlimited rate when static rate is not supported Darrick J. Wong (1): xfs: prevent creating negative-sized file via INSERT_RANGE David Spinadel (1): mac80211: Add RX flag to indicate ICV stripped Dmitry Torokhov (1): Input: leds - fix out of bound access Eric Dumazet (8): crypto: af_alg - fix possible uninit-value in alg_bind() netlink: fix uninit-value in netlink_sendmsg net: fix rtnh_ok() net: initialize skb->peeked when cloning net: fix uninit-value in __hw_addr_add_ex() dccp: initialize ireq->ir_mark soreuseport: initialise timewait reuseport field tcp: fix TCP_REPAIR_QUEUE bound checking Greg Kroah-Hartman (2): USB: serial: visor: handle potential invalid device configuration Linux 4.4.132 Gustavo A. R. Silva (2): net: atm: Fix potential Spectre v1 atm: zatm: Fix potential Spectre v1 Hans de Goede (2): libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" Jan Kara (1): bdi: Fix oops in wb_workfn() Jimmy Assarsson (1): can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() Jiri Olsa (1): perf: Remove superfluous allocation error check Johan Hovold (2): USB: serial: option: reimplement interface masking rfkill: gpio: fix memory leak in probe error path Julian Anastasov (1): ipvs: fix rtnl_lock lockups caused by start_sync_thread Kristian Evensen (1): USB: serial: option: Add support for Quectel EP06 Leon Romanovsky (1): RDMA/mlx5: Protect from shift operand overflow Markus Pargmann (1): gpmi-nand: Handle ECC Errors in erased pages Masami Hiramatsu (1): tracing/uprobe_event: Fix strncpy corner case Mathieu Desnoyers (1): tracepoint: Do not warn on ENOMEM Peter Zijlstra (5): perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() Robert Rosengren (1): ALSA: aloop: Mark paused device as inactive Roland Dreier (1): RDMA/ucma: Allow resolving address w/o specifying source address SZ Lin (林上智) (2): NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 USB: serial: option: adding support for ublox R410M Sara Sharon (2): mac80211: allow not sending MIC up from driver for HW crypto mac80211: allow same PN for AMSDU sub-frames Steven Rostedt (VMware) (1): tracing: Fix regex_match_front() to not over compare the test string Takashi Iwai (3): ALSA: pcm: Check PCM state at xfern compat ioctl ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() ALSA: aloop: Add missing cable lock to ctl API callbacks Tan Xiaojun (1): perf/core: Fix the perf_cpu_time_max_percent check Tejun Heo (1): percpu: include linux/sched.h for cond_resched() Teng Qin (1): bpf: map_get_next_key to return first key on NULL Thomas Hellstrom (1): drm/vmwgfx: Fix a buffer object leak Vasanthakumar Thiagarajan (2): ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode ath10k: rebuild crypto header in rx data frames Vittorio Gambaletta (VittGam) (1): Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro Wei Fang (1): f2fs: fix a dead loop in f2fs_fiemap() Yi Zhao (1): xfrm_user: fix return value from xfrm_user_rcv_msg

7 years, 5 months

1
1
0 0

Linux 3.18.109

by Greg KH

I'm announcing the release of the 3.18.109 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - drivers/ata/libata-core.c | 3 + drivers/infiniband/hw/mlx5/qp.c | 4 ++ drivers/net/can/usb/kvaser_usb.c | 2 - drivers/net/usb/qmi_wwan.c | 1 drivers/usb/musb/musb_host.c | 4 +- drivers/usb/serial/visor.c | 69 ++++++++++++++++++------------------- include/net/inet_timewait_sock.h | 1 include/net/nexthop.h | 2 - kernel/events/callchain.c | 10 +---- kernel/events/core.c | 2 - kernel/trace/trace_events_filter.c | 3 + kernel/trace/trace_uprobe.c | 2 + mm/percpu.c | 1 net/core/dev_addr_lists.c | 4 +- net/core/skbuff.c | 1 net/ipv4/inet_timewait_sock.c | 1 net/ipv4/tcp.c | 2 - net/netlink/af_netlink.c | 2 + net/rfkill/rfkill-gpio.c | 7 +++ sound/core/pcm_compat.c | 2 + sound/core/seq/seq_virmidi.c | 4 +- sound/drivers/aloop.c | 29 ++++++++++++--- tools/perf/util/session.c | 1 24 files changed, 101 insertions(+), 58 deletions(-) Bin Liu (1): usb: musb: host: fix potential NULL pointer dereference Eric Dumazet (6): netlink: fix uninit-value in netlink_sendmsg net: fix rtnh_ok() net: initialize skb->peeked when cloning net: fix uninit-value in __hw_addr_add_ex() soreuseport: initialise timewait reuseport field tcp: fix TCP_REPAIR_QUEUE bound checking Greg Kroah-Hartman (2): USB: serial: visor: handle potential invalid device configuration Linux 3.18.109 Hans de Goede (1): libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs Jimmy Assarsson (1): can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() Jiri Olsa (1): perf: Remove superfluous allocation error check Johan Hovold (1): rfkill: gpio: fix memory leak in probe error path Leon Romanovsky (1): RDMA/mlx5: Protect from shift operand overflow Masami Hiramatsu (1): tracing/uprobe_event: Fix strncpy corner case Murilo Opsfelder Araujo (1): perf session: Fix undeclared 'oe' Robert Rosengren (1): ALSA: aloop: Mark paused device as inactive SZ Lin (林上智) (1): NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 Steven Rostedt (VMware) (1): tracing: Fix regex_match_front() to not over compare the test string Takashi Iwai (3): ALSA: pcm: Check PCM state at xfern compat ioctl ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() ALSA: aloop: Add missing cable lock to ctl API callbacks Tan Xiaojun (1): perf/core: Fix the perf_cpu_time_max_percent check Tejun Heo (1): percpu: include linux/sched.h for cond_resched()

7 years, 5 months

1
1
0 0

[PATCH] block: fix QEMU crash with scsi-hd and drive_del

by Greg Kurz

Removing a drive with drive_del while it is being used to run an I/O intensive workload can cause QEMU to crash. An AIO flush can yield at some point: blk_aio_flush_entry() blk_co_flush(blk) bdrv_co_flush(blk->root->bs) ... qemu_coroutine_yield() and let the HMP command to run, free blk->root and give control back to the AIO flush: hmp_drive_del() blk_remove_bs() bdrv_root_unref_child(blk->root) child_bs = blk->root->bs bdrv_detach_child(blk->root) bdrv_replace_child(blk->root, NULL) blk->root->bs = NULL g_free(blk->root) <============== blk->root becomes stale bdrv_unref(child_bs) bdrv_delete(child_bs) bdrv_close() bdrv_drained_begin() bdrv_do_drained_begin() bdrv_drain_recurse() aio_poll() ... qemu_coroutine_switch() and the AIO flush completion ends up dereferencing blk->root: blk_aio_complete() scsi_aio_complete() blk_get_aio_context(blk) bs = blk_bs(blk) ie, bs = blk->root ? blk->root->bs : NULL ^^^^^ stale The solution to this user-after-free situation is is to clear blk->root before calling bdrv_unref() in bdrv_detach_child(), and let blk_get_aio_context() fall back to the main loop context since the BDS has been removed. Signed-off-by: Greg Kurz <groug(a)kaod.org> --- The use-after-free condition is easy to reproduce with a stress-ng run in the guest: -device virtio-scsi-pci,id=scsi1 \ -drive file=/home/greg/images/scratch.qcow2,format=qcow2,if=none,id=drive1 \ -device scsi-hd,bus=scsi1.0,drive=drive1,id=scsi-hd1 # stress-ng --hdd 0 --aggressive and doing drive_del from the QEMU monitor while stress-ng is still running: (qemu) drive_del drive1 The crash is less easy to hit though, as it depends on the bs field of the stale blk->root to have a non-NULL value that eventually breaks something when it gets dereferenced. The following patch simulates that, and allows to validate the fix: --- a/block.c +++ b/block.c @@ -2127,6 +2127,8 @@ BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs, static void bdrv_detach_child(BdrvChild *child) { + BlockDriverState *bs = child->bs; + if (child->next.le_prev) { QLIST_REMOVE(child, next); child->next.le_prev = NULL; @@ -2135,7 +2137,15 @@ static void bdrv_detach_child(BdrvChild *child) bdrv_replace_child(child, NULL); g_free(child->name); - g_free(child); + /* Poison the BdrvChild instead of freeing it, in order to break blk_bs() + * if the blk still has a pointer to this BdrvChild in blk->root. + */ + if (atomic_read(&bs->in_flight)) { + child->bs = (BlockDriverState *) -1; + fprintf(stderr, "\nPoisonned BdrvChild %p\n", child); + } else { + g_free(child); + } } void bdrv_root_unref_child(BdrvChild *child) --- block/block-backend.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/block/block-backend.c b/block/block-backend.c index 681b240b1268..ed9434e236b9 100644 --- a/block/block-backend.c +++ b/block/block-backend.c @@ -756,6 +756,7 @@ void blk_remove_bs(BlockBackend *blk) { ThrottleGroupMember *tgm = &blk->public.throttle_group_member; BlockDriverState *bs; + BdrvChild *root; notifier_list_notify(&blk->remove_bs_notifiers, blk); if (tgm->throttle_state) { @@ -768,8 +769,9 @@ void blk_remove_bs(BlockBackend *blk) blk_update_root_state(blk); - bdrv_root_unref_child(blk->root); + root = blk->root; blk->root = NULL; + bdrv_root_unref_child(root); } /*

7 years, 5 months

2
1
0 0

[PATCH v3 11/14] ftrace/selftest: Have the reset_trigger code be a bit more careful

by Steven Rostedt

From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> The trigger code is picky in how it can be disabled as there may be dependencies between different events and synthetic events. Change the order on how triggers are reset. 1) Reset triggers of all synthetic events first 2) Remove triggers with actions attached to them 3) Remove all other triggers If this order isn't followed, then some triggers will not be reset, and an error may happen because a trigger is busy. Cc: stable(a)vger.kernel.org Fixes: cfa0963dc474f ("kselftests/ftrace : Add event trigger testcases") Acked-by: Masami Hiramatsu <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- .../testing/selftests/ftrace/test.d/functions | 21 ++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/ftrace/test.d/functions b/tools/testing/selftests/ftrace/test.d/functions index 2a4f16fc9819..8393b1c06027 100644 --- a/tools/testing/selftests/ftrace/test.d/functions +++ b/tools/testing/selftests/ftrace/test.d/functions @@ -15,14 +15,29 @@ reset_tracer() { # reset the current tracer echo nop > current_tracer } -reset_trigger() { # reset all current setting triggers - grep -v ^# events/*/*/trigger | +reset_trigger_file() { + # remove action triggers first + grep -H ':on[^:]*(' $@ | + while read line; do + cmd=`echo $line | cut -f2- -d: | cut -f1 -d" "` + file=`echo $line | cut -f1 -d:` + echo "!$cmd" >> $file + done + grep -Hv ^# $@ | while read line; do cmd=`echo $line | cut -f2- -d: | cut -f1 -d" "` - echo "!$cmd" > `echo $line | cut -f1 -d:` + file=`echo $line | cut -f1 -d:` + echo "!$cmd" > $file done } +reset_trigger() { # reset all current setting triggers + if [ -d events/synthetic ]; then + reset_trigger_file events/synthetic/*/trigger + fi + reset_trigger_file events/*/*/trigger +} + reset_events_filter() { # reset all current setting filters grep -v ^none events/*/*/filter | while read line; do -- 2.17.0

7 years, 5 months

1
0
0 0

[PATCH v2 1/3] x86/mm: disable ioremap free page handling on x86-PAE

by Toshi Kani

ioremap() supports pmd mappings on x86-PAE. However, kernel's pmd tables are not shared among processes on x86-PAE. Therefore, any update to sync'd pmd entries need re-syncing. Freeing a pte page also leads to a vmalloc fault and hits the BUG_ON in vmalloc_sync_one(). Disable free page handling on x86-PAE. pud_free_pmd_page() and pmd_free_pte_page() simply return 0 if a given pud/pmd entry is present. This assures that ioremap() does not update sync'd pmd entries at the cost of falling back to pte mappings. Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Reported-by: Joerg Roedel <joro(a)8bytes.org> Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <stable(a)vger.kernel.org> --- arch/x86/mm/pgtable.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index ffc8c13c50e4..08cdd7c13619 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -715,6 +715,7 @@ int pmd_clear_huge(pmd_t *pmd) return 0; } +#ifdef CONFIG_X86_64 /** * pud_free_pmd_page - Clear pud entry and free pmd page. * @pud: Pointer to a PUD. @@ -762,4 +763,22 @@ int pmd_free_pte_page(pmd_t *pmd) return 1; } + +#else /* !CONFIG_X86_64 */ + +int pud_free_pmd_page(pud_t *pud, unsigned long addr) +{ + return pud_none(*pud); +} + +/* + * Disable free page handling on x86-PAE. This assures that ioremap() + * does not update sync'd pmd entries. See vmalloc_sync_one(). + */ +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) +{ + return pmd_none(*pmd); +} + +#endif /* CONFIG_X86_64 */ #endif /* CONFIG_HAVE_ARCH_HUGE_VMAP */

7 years, 5 months

3
2
0 0

[PATCH] bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n

by Coly Li

Commit 539d39eb2708 ("bcache: fix wrong return value in bch_debug_init()") returns the return value of debugfs_create_dir() to bcache_init(). When CONFIG_DEBUG_FS=n, bch_debug_init() always returns 1 and makes bcache_init() failedi. This patch makes bch_debug_init() always returns 0 if CONFIG_DEBUG_FS=n, so bcache can continue to work for the kernels which don't have debugfs enanbled. Fixes: Commit 539d39eb2708 ("bcache: fix wrong return value in bch_debug_init()") Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> Reported-by: Massimo B. <massimo.b(a)gmx.net> Reported-by: Kai Krakow <kai(a)kaishome.de> Cc: Kent Overstreet <kent.overstreet(a)gmail.com> --- drivers/md/bcache/bcache.h | 5 +++++ drivers/md/bcache/debug.c | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h index 3a0cfb237af9..5b3fe87f32ee 100644 --- a/drivers/md/bcache/bcache.h +++ b/drivers/md/bcache/bcache.h @@ -994,8 +994,13 @@ void bch_open_buckets_free(struct cache_set *); int bch_cache_allocator_start(struct cache *ca); +#ifdef CONFIG_DEBUG_FS void bch_debug_exit(void); int bch_debug_init(struct kobject *); +#else +static inline void bch_debug_exit(void) {}; +static inline int bch_debug_init(struct kobject *kobj) { return 0; }; +#endif void bch_request_exit(void); int bch_request_init(void); diff --git a/drivers/md/bcache/debug.c b/drivers/md/bcache/debug.c index 4e63c6f6c04d..34a0ed4ed70c 100644 --- a/drivers/md/bcache/debug.c +++ b/drivers/md/bcache/debug.c @@ -240,8 +240,6 @@ void bch_debug_init_cache_set(struct cache_set *c) } } -#endif - void bch_debug_exit(void) { if (!IS_ERR_OR_NULL(bcache_debug)) @@ -254,3 +252,5 @@ int __init bch_debug_init(struct kobject *kobj) return IS_ERR_OR_NULL(bcache_debug); } + +#endif -- 2.16.3

7 years, 5 months

1
0
0 0

[PATCH 0/3] x86/platform/UV: Update Memory Block Size Setting

by mike.travis＠hpe.com

Update support for the UV kernel to accommodate Intel BIOS changes in NVDIMM alignment, which caused UV BIOS to align the memory boundaries on different blocks than the previous UV standard of 2GB. --

7 years, 5 months

4
10
0 0

[PATCH v3 1/4] ovl: use insert_inode_locked4() to hash a newly created inode

by Amir Goldstein

Currently, there is a small window where ovl_obtain_alias() can race with ovl_instantiate() and create two different overlay inodes with the same underlying real non-dir non-hardlink inode. The race requires an adversary to guess the file handle of the yet to be created upper inode and decode the guessed file handle after ovl_creat_real(), but before ovl_instantiate(). This patch fixes the race, by using insert_inode_locked4() to add a newly created inode to icache. If the newly created inode apears to already exist in icache (hashed by the same real upper inode), we export this error to user instead of silently not hashing the new inode. This race does not affect overlay directory inodes, because those are decoded via ovl_lookup_real() and not with ovl_obtain_alias(), so avoid using the new helper d_instantiate_new() to reduce backport dependencies. Backporting only makes sense for v4.16 where NFS export was introduced. Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: <stable(a)vger.kernel.org> #v4.16 Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> --- fs/overlayfs/dir.c | 24 ++++++++++++++++++------ fs/overlayfs/inode.c | 18 ++++++++++++++++++ fs/overlayfs/overlayfs.h | 1 + 3 files changed, 37 insertions(+), 6 deletions(-) diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index 47dc980e8b33..62e6733b755c 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -183,14 +183,24 @@ static int ovl_set_opaque(struct dentry *dentry, struct dentry *upperdentry) } /* Common operations required to be done after creation of file on upper */ -static void ovl_instantiate(struct dentry *dentry, struct inode *inode, - struct dentry *newdentry, bool hardlink) +static int ovl_instantiate(struct dentry *dentry, struct inode *inode, + struct dentry *newdentry, bool hardlink) { ovl_dir_modified(dentry->d_parent, false); - ovl_copyattr(d_inode(newdentry), inode); ovl_dentry_set_upper_alias(dentry); if (!hardlink) { - ovl_inode_update(inode, newdentry); + int err; + + ovl_inode_init(inode, newdentry, NULL); + /* + * XXX: if we ever use ovl_obtain_alias() to decode directory + * file handles, need to use ovl_insert_inode_locked() and + * d_instantiate_new() here to prevent ovl_obtain_alias() + * from sneaking in before d_instantiate(). + */ + err = ovl_insert_inode(inode, d_inode(newdentry)); + if (err) + return err; } else { WARN_ON(ovl_inode_real(inode) != d_inode(newdentry)); dput(newdentry); @@ -200,6 +210,8 @@ static void ovl_instantiate(struct dentry *dentry, struct inode *inode, /* Force lookup of new upper hardlink to find its lower */ if (hardlink) d_drop(dentry); + + return 0; } static bool ovl_type_merge(struct dentry *dentry) @@ -238,7 +250,7 @@ static int ovl_create_upper(struct dentry *dentry, struct inode *inode, ovl_set_opaque(dentry, newdentry); } - ovl_instantiate(dentry, inode, newdentry, !!hardlink); + err = ovl_instantiate(dentry, inode, newdentry, !!hardlink); newdentry = NULL; out_dput: dput(newdentry); @@ -439,7 +451,7 @@ static int ovl_create_over_whiteout(struct dentry *dentry, struct inode *inode, if (err) goto out_cleanup; } - ovl_instantiate(dentry, inode, newdentry, !!hardlink); + err = ovl_instantiate(dentry, inode, newdentry, !!hardlink); newdentry = NULL; out_dput2: dput(upper); diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 7abcf96e94fc..060c534998d1 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -741,6 +741,24 @@ static bool ovl_verify_inode(struct inode *inode, struct dentry *lowerdentry, return true; } +static int ovl_insert_inode_locked(struct inode *inode, struct inode *realinode) +{ + return insert_inode_locked4(inode, (unsigned long) realinode, + ovl_inode_test, realinode); +} + +int ovl_insert_inode(struct inode *inode, struct inode *realinode) +{ + int err; + + err = ovl_insert_inode_locked(inode, realinode); + if (err) + return err; + + unlock_new_inode(inode); + return 0; +} + struct inode *ovl_lookup_inode(struct super_block *sb, struct dentry *real, bool is_upper) { diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index caaa47cea2aa..642b25702092 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -343,6 +343,7 @@ int ovl_update_time(struct inode *inode, struct timespec *ts, int flags); bool ovl_is_private_xattr(const char *name); struct inode *ovl_new_inode(struct super_block *sb, umode_t mode, dev_t rdev); +int ovl_insert_inode(struct inode *inode, struct inode *realinode); struct inode *ovl_lookup_inode(struct super_block *sb, struct dentry *real, bool is_upper); struct inode *ovl_get_inode(struct super_block *sb, struct dentry *upperdentry, -- 2.7.4

7 years, 5 months

3
6
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror