- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] ring_buffer: tracing: Inherit the tracing setting to next" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 73c8d8945505acdcbae137c2e00a1232e0be709f Mon Sep 17 00:00:00 2001 From: Masami Hiramatsu <mhiramat(a)kernel.org> Date: Sat, 14 Jul 2018 01:28:15 +0900 Subject: [PATCH] ring_buffer: tracing: Inherit the tracing setting to next ring buffer Maintain the tracing on/off setting of the ring_buffer when switching to the trace buffer snapshot. Taking a snapshot is done by swapping the backup ring buffer (max_tr_buffer). But since the tracing on/off setting is defined by the ring buffer, when swapping it, the tracing on/off setting can also be changed. This causes a strange result like below: /sys/kernel/debug/tracing # cat tracing_on 1 /sys/kernel/debug/tracing # echo 0 > tracing_on /sys/kernel/debug/tracing # cat tracing_on 0 /sys/kernel/debug/tracing # echo 1 > snapshot /sys/kernel/debug/tracing # cat tracing_on 1 /sys/kernel/debug/tracing # echo 1 > snapshot /sys/kernel/debug/tracing # cat tracing_on 0 We don't touch tracing_on, but snapshot changes tracing_on setting each time. This is an anomaly, because user doesn't know that each "ring_buffer" stores its own tracing-enable state and the snapshot is done by swapping ring buffers. Link: http://lkml.kernel.org/r/153149929558.11274.11730609978254724394.stgit@devb… Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Tom Zanussi <tom.zanussi(a)linux.intel.com> Cc: Hiraku Toyooka <hiraku.toyooka(a)cybertrust.co.jp> Cc: stable(a)vger.kernel.org Fixes: debdd57f5145 ("tracing: Make a snapshot feature available from userspace") Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> [ Updated commit log and comment in the code ] Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> diff --git a/include/linux/ring_buffer.h b/include/linux/ring_buffer.h index b72ebdff0b77..003d09ab308d 100644 --- a/include/linux/ring_buffer.h +++ b/include/linux/ring_buffer.h @@ -165,6 +165,7 @@ void ring_buffer_record_enable(struct ring_buffer *buffer); void ring_buffer_record_off(struct ring_buffer *buffer); void ring_buffer_record_on(struct ring_buffer *buffer); int ring_buffer_record_is_on(struct ring_buffer *buffer); +int ring_buffer_record_is_set_on(struct ring_buffer *buffer); void ring_buffer_record_disable_cpu(struct ring_buffer *buffer, int cpu); void ring_buffer_record_enable_cpu(struct ring_buffer *buffer, int cpu); diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 6a46af21765c..0b0b688ea166 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -3226,6 +3226,22 @@ int ring_buffer_record_is_on(struct ring_buffer *buffer) return !atomic_read(&buffer->record_disabled); } +/** + * ring_buffer_record_is_set_on - return true if the ring buffer is set writable + * @buffer: The ring buffer to see if write is set enabled + * + * Returns true if the ring buffer is set writable by ring_buffer_record_on(). + * Note that this does NOT mean it is in a writable state. + * + * It may return true when the ring buffer has been disabled by + * ring_buffer_record_disable(), as that is a temporary disabling of + * the ring buffer. + */ +int ring_buffer_record_is_set_on(struct ring_buffer *buffer) +{ + return !(atomic_read(&buffer->record_disabled) & RB_BUFFER_OFF); +} + /** * ring_buffer_record_disable_cpu - stop all writes into the cpu_buffer * @buffer: The ring buffer to stop writes to. diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 87cf25171fb8..823687997b01 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -1373,6 +1373,12 @@ update_max_tr(struct trace_array *tr, struct task_struct *tsk, int cpu) arch_spin_lock(&tr->max_lock); + /* Inherit the recordable setting from trace_buffer */ + if (ring_buffer_record_is_set_on(tr->trace_buffer.buffer)) + ring_buffer_record_on(tr->max_buffer.buffer); + else + ring_buffer_record_off(tr->max_buffer.buffer); + swap(tr->trace_buffer.buffer, tr->max_buffer.buffer); __update_max_tr(tr, tsk, cpu);

7 years, 5 months

1
0
0 0

FAILED: patch "[PATCH] kthread, tracing: Don't expose half-written comm when" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3e536e222f2930534c252c1cc7ae799c725c5ff9 Mon Sep 17 00:00:00 2001 From: Snild Dolkow <snild(a)sony.com> Date: Thu, 26 Jul 2018 09:15:39 +0200 Subject: [PATCH] kthread, tracing: Don't expose half-written comm when creating kthreads There is a window for racing when printing directly to task->comm, allowing other threads to see a non-terminated string. The vsnprintf function fills the buffer, counts the truncated chars, then finally writes the \0 at the end. creator other vsnprintf: fill (not terminated) count the rest trace_sched_waking(p): ... memcpy(comm, p->comm, TASK_COMM_LEN) write \0 The consequences depend on how 'other' uses the string. In our case, it was copied into the tracing system's saved cmdlines, a buffer of adjacent TASK_COMM_LEN-byte buffers (note the 'n' where 0 should be): crash-arm64> x/1024s savedcmd->saved_cmdlines | grep 'evenk' 0xffffffd5b3818640: "irq/497-pwr_evenkworker/u16:12" ...and a strcpy out of there would cause stack corruption: [224761.522292] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffff9bf9783c78 crash-arm64> kbt | grep 'comm\|trace_print_context' #6 0xffffff9bf9783c78 in trace_print_context+0x18c(+396) comm (char [16]) = "irq/497-pwr_even" crash-arm64> rd 0xffffffd4d0e17d14 8 ffffffd4d0e17d14: 2f71726900000000 5f7277702d373934 ....irq/497-pwr_ ffffffd4d0e17d24: 726f776b6e657665 3a3631752f72656b evenkworker/u16: ffffffd4d0e17d34: f9780248ff003231 cede60e0ffffff9b 12..H.x......`.. ffffffd4d0e17d44: cede60c8ffffffd4 00000fffffffffd4 .....`.......... The workaround in e09e28671 (use strlcpy in __trace_find_cmdline) was likely needed because of this same bug. Solved by vsnprintf:ing to a local buffer, then using set_task_comm(). This way, there won't be a window where comm is not terminated. Link: http://lkml.kernel.org/r/20180726071539.188015-1-snild@sony.com Cc: stable(a)vger.kernel.org Fixes: bc0c38d139ec7 ("ftrace: latency tracer infrastructure") Reviewed-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Signed-off-by: Snild Dolkow <snild(a)sony.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> diff --git a/kernel/kthread.c b/kernel/kthread.c index 750cb8082694..486dedbd9af5 100644 --- a/kernel/kthread.c +++ b/kernel/kthread.c @@ -325,8 +325,14 @@ struct task_struct *__kthread_create_on_node(int (*threadfn)(void *data), task = create->result; if (!IS_ERR(task)) { static const struct sched_param param = { .sched_priority = 0 }; + char name[TASK_COMM_LEN]; - vsnprintf(task->comm, sizeof(task->comm), namefmt, args); + /* + * task is already visible to other tasks, so updating + * COMM must be protected. + */ + vsnprintf(name, sizeof(name), namefmt, args); + set_task_comm(task, name); /* * root may have changed our (kthreadd's) priority or CPU mask. * The kernel thread should not inherit these properties.

7 years, 5 months

1
0
0 0

FAILED: patch "[PATCH] kthread, tracing: Don't expose half-written comm when" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3e536e222f2930534c252c1cc7ae799c725c5ff9 Mon Sep 17 00:00:00 2001 From: Snild Dolkow <snild(a)sony.com> Date: Thu, 26 Jul 2018 09:15:39 +0200 Subject: [PATCH] kthread, tracing: Don't expose half-written comm when creating kthreads There is a window for racing when printing directly to task->comm, allowing other threads to see a non-terminated string. The vsnprintf function fills the buffer, counts the truncated chars, then finally writes the \0 at the end. creator other vsnprintf: fill (not terminated) count the rest trace_sched_waking(p): ... memcpy(comm, p->comm, TASK_COMM_LEN) write \0 The consequences depend on how 'other' uses the string. In our case, it was copied into the tracing system's saved cmdlines, a buffer of adjacent TASK_COMM_LEN-byte buffers (note the 'n' where 0 should be): crash-arm64> x/1024s savedcmd->saved_cmdlines | grep 'evenk' 0xffffffd5b3818640: "irq/497-pwr_evenkworker/u16:12" ...and a strcpy out of there would cause stack corruption: [224761.522292] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffff9bf9783c78 crash-arm64> kbt | grep 'comm\|trace_print_context' #6 0xffffff9bf9783c78 in trace_print_context+0x18c(+396) comm (char [16]) = "irq/497-pwr_even" crash-arm64> rd 0xffffffd4d0e17d14 8 ffffffd4d0e17d14: 2f71726900000000 5f7277702d373934 ....irq/497-pwr_ ffffffd4d0e17d24: 726f776b6e657665 3a3631752f72656b evenkworker/u16: ffffffd4d0e17d34: f9780248ff003231 cede60e0ffffff9b 12..H.x......`.. ffffffd4d0e17d44: cede60c8ffffffd4 00000fffffffffd4 .....`.......... The workaround in e09e28671 (use strlcpy in __trace_find_cmdline) was likely needed because of this same bug. Solved by vsnprintf:ing to a local buffer, then using set_task_comm(). This way, there won't be a window where comm is not terminated. Link: http://lkml.kernel.org/r/20180726071539.188015-1-snild@sony.com Cc: stable(a)vger.kernel.org Fixes: bc0c38d139ec7 ("ftrace: latency tracer infrastructure") Reviewed-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Signed-off-by: Snild Dolkow <snild(a)sony.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> diff --git a/kernel/kthread.c b/kernel/kthread.c index 750cb8082694..486dedbd9af5 100644 --- a/kernel/kthread.c +++ b/kernel/kthread.c @@ -325,8 +325,14 @@ struct task_struct *__kthread_create_on_node(int (*threadfn)(void *data), task = create->result; if (!IS_ERR(task)) { static const struct sched_param param = { .sched_priority = 0 }; + char name[TASK_COMM_LEN]; - vsnprintf(task->comm, sizeof(task->comm), namefmt, args); + /* + * task is already visible to other tasks, so updating + * COMM must be protected. + */ + vsnprintf(name, sizeof(name), namefmt, args); + set_task_comm(task, name); /* * root may have changed our (kthreadd's) priority or CPU mask. * The kernel thread should not inherit these properties.

7 years, 5 months

1
0
0 0

FAILED: patch "[PATCH] mm: fix vma_is_anonymous() false-positives" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From bfd40eaff5abb9f62c8ef94ca13ed0d94a560f10 Mon Sep 17 00:00:00 2001 From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Date: Thu, 26 Jul 2018 16:37:35 -0700 Subject: [PATCH] mm: fix vma_is_anonymous() false-positives vma_is_anonymous() relies on ->vm_ops being NULL to detect anonymous VMA. This is unreliable as ->mmap may not set ->vm_ops. False-positive vma_is_anonymous() may lead to crashes: next ffff8801ce5e7040 prev ffff8801d20eca50 mm ffff88019c1e13c0 prot 27 anon_vma ffff88019680cdd8 vm_ops 0000000000000000 pgoff 0 file ffff8801b2ec2d00 private_data 0000000000000000 flags: 0xff(read|write|exec|shared|mayread|maywrite|mayexec|mayshare) ------------[ cut here ]------------ kernel BUG at mm/memory.c:1422! invalid opcode: 0000 [#1] SMP KASAN CPU: 0 PID: 18486 Comm: syz-executor3 Not tainted 4.18.0-rc3+ #136 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:zap_pmd_range mm/memory.c:1421 [inline] RIP: 0010:zap_pud_range mm/memory.c:1466 [inline] RIP: 0010:zap_p4d_range mm/memory.c:1487 [inline] RIP: 0010:unmap_page_range+0x1c18/0x2220 mm/memory.c:1508 Call Trace: unmap_single_vma+0x1a0/0x310 mm/memory.c:1553 zap_page_range_single+0x3cc/0x580 mm/memory.c:1644 unmap_mapping_range_vma mm/memory.c:2792 [inline] unmap_mapping_range_tree mm/memory.c:2813 [inline] unmap_mapping_pages+0x3a7/0x5b0 mm/memory.c:2845 unmap_mapping_range+0x48/0x60 mm/memory.c:2880 truncate_pagecache+0x54/0x90 mm/truncate.c:800 truncate_setsize+0x70/0xb0 mm/truncate.c:826 simple_setattr+0xe9/0x110 fs/libfs.c:409 notify_change+0xf13/0x10f0 fs/attr.c:335 do_truncate+0x1ac/0x2b0 fs/open.c:63 do_sys_ftruncate+0x492/0x560 fs/open.c:205 __do_sys_ftruncate fs/open.c:215 [inline] __se_sys_ftruncate fs/open.c:213 [inline] __x64_sys_ftruncate+0x59/0x80 fs/open.c:213 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Reproducer: #include <stdio.h> #include <stddef.h> #include <stdint.h> #include <stdlib.h> #include <string.h> #include <sys/types.h> #include <sys/stat.h> #include <sys/ioctl.h> #include <sys/mman.h> #include <unistd.h> #include <fcntl.h> #define KCOV_INIT_TRACE _IOR('c', 1, unsigned long) #define KCOV_ENABLE _IO('c', 100) #define KCOV_DISABLE _IO('c', 101) #define COVER_SIZE (1024<<10) #define KCOV_TRACE_PC 0 #define KCOV_TRACE_CMP 1 int main(int argc, char **argv) { int fd; unsigned long *cover; system("mount -t debugfs none /sys/kernel/debug"); fd = open("/sys/kernel/debug/kcov", O_RDWR); ioctl(fd, KCOV_INIT_TRACE, COVER_SIZE); cover = mmap(NULL, COVER_SIZE * sizeof(unsigned long), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); munmap(cover, COVER_SIZE * sizeof(unsigned long)); cover = mmap(NULL, COVER_SIZE * sizeof(unsigned long), PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); memset(cover, 0, COVER_SIZE * sizeof(unsigned long)); ftruncate(fd, 3UL << 20); return 0; } This can be fixed by assigning anonymous VMAs own vm_ops and not relying on it being NULL. If ->mmap() failed to set ->vm_ops, mmap_region() will set it to dummy_vm_ops. This way we will have non-NULL ->vm_ops for all VMAs. Link: http://lkml.kernel.org/r/20180724121139.62570-4-kirill.shutemov@linux.intel… Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: syzbot+3f84280d52be9b7083cc(a)syzkaller.appspotmail.com Acked-by: Linus Torvalds <torvalds(a)linux-foundation.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/drivers/char/mem.c b/drivers/char/mem.c index ffeb60d3434c..df66a9dd0aae 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -708,6 +708,7 @@ static int mmap_zero(struct file *file, struct vm_area_struct *vma) #endif if (vma->vm_flags & VM_SHARED) return shmem_zero_setup(vma); + vma_set_anonymous(vma); return 0; } diff --git a/fs/exec.c b/fs/exec.c index 72e961a62adb..bdd0eacefdf5 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -293,6 +293,7 @@ static int __bprm_mm_init(struct linux_binprm *bprm) bprm->vma = vma = vm_area_alloc(mm); if (!vma) return -ENOMEM; + vma_set_anonymous(vma); if (down_write_killable(&mm->mmap_sem)) { err = -EINTR; diff --git a/include/linux/mm.h b/include/linux/mm.h index 31540f166987..7ba6d356d18f 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -454,10 +454,18 @@ struct vm_operations_struct { static inline void vma_init(struct vm_area_struct *vma, struct mm_struct *mm) { + static const struct vm_operations_struct dummy_vm_ops = {}; + vma->vm_mm = mm; + vma->vm_ops = &dummy_vm_ops; INIT_LIST_HEAD(&vma->anon_vma_chain); } +static inline void vma_set_anonymous(struct vm_area_struct *vma) +{ + vma->vm_ops = NULL; +} + struct mmu_gather; struct inode; diff --git a/mm/mmap.c b/mm/mmap.c index ff1944d8d458..17bbf4d3e24f 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1778,6 +1778,8 @@ unsigned long mmap_region(struct file *file, unsigned long addr, error = shmem_zero_setup(vma); if (error) goto free_vma; + } else { + vma_set_anonymous(vma); } vma_link(mm, vma, prev, rb_link, rb_parent); @@ -2983,6 +2985,7 @@ static int do_brk_flags(unsigned long addr, unsigned long len, unsigned long fla return -ENOMEM; } + vma_set_anonymous(vma); vma->vm_start = addr; vma->vm_end = addr + len; vma->vm_pgoff = pgoff; diff --git a/mm/nommu.c b/mm/nommu.c index 1d22fdbf7d7c..9fc9e43335b6 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -1145,6 +1145,8 @@ static int do_mmap_private(struct vm_area_struct *vma, if (ret < len) memset(base + ret, 0, len - ret); + } else { + vma_set_anonymous(vma); } return 0;

7 years, 5 months

1
0
0 0

FAILED: patch "[PATCH] mm: introduce vma_init()" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 027232da7c7c1c7f04383f93bd798e475dde5285 Mon Sep 17 00:00:00 2001 From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Date: Thu, 26 Jul 2018 16:37:25 -0700 Subject: [PATCH] mm: introduce vma_init() Not all VMAs allocated with vm_area_alloc(). Some of them allocated on stack or in data segment. The new helper can be use to initialize VMA properly regardless where it was allocated. Link: http://lkml.kernel.org/r/20180724121139.62570-2-kirill.shutemov@linux.intel… Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Acked-by: Linus Torvalds <torvalds(a)linux-foundation.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/include/linux/mm.h b/include/linux/mm.h index d3a3842316b8..31540f166987 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -452,6 +452,12 @@ struct vm_operations_struct { unsigned long addr); }; +static inline void vma_init(struct vm_area_struct *vma, struct mm_struct *mm) +{ + vma->vm_mm = mm; + INIT_LIST_HEAD(&vma->anon_vma_chain); +} + struct mmu_gather; struct inode; diff --git a/kernel/fork.c b/kernel/fork.c index a191c05e757d..1b27babc4c78 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -312,10 +312,8 @@ struct vm_area_struct *vm_area_alloc(struct mm_struct *mm) { struct vm_area_struct *vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); - if (vma) { - vma->vm_mm = mm; - INIT_LIST_HEAD(&vma->anon_vma_chain); - } + if (vma) + vma_init(vma, mm); return vma; }

7 years, 5 months

1
0
0 0

[PATCH 4.4 00/23] 4.4.145-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.145 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Jul 29 10:08:37 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.145-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.145-rc1 Arnd Bergmann <arnd(a)arndb.de> ARM: fix put_user() for gcc-8 Arnd Bergmann <arnd(a)arndb.de> turn off -Wattribute-alias Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: fix RX overflow interrupt not being enabled Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: fix incorrect clear of non-processed interrupts Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: fix device dropping off bus on RX overrun Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: fix recovery from error states not being propagated Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> driver core: Partially revert "driver core: correct device's shutdown order" Jerry Zhang <zhangjerry(a)google.com> usb: gadget: f_fs: Only return delayed status when len is 0 Bin Liu <b-liu(a)ti.com> usb: core: handle hub C_PORT_OVER_CURRENT condition Lubomir Rintel <lkundrak(a)v3.sk> usb: cdc_acm: Add quirk for Castles VEGA3000 Willem de Bruijn <willemb(a)google.com> ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull Eric Dumazet <edumazet(a)google.com> tcp: detect malicious patterns in tcp_collapse_ofo_queue() Eric Dumazet <edumazet(a)google.com> tcp: avoid collapses in tcp_prune_queue() if possible Yuchung Cheng <ycheng(a)google.com> tcp: do not delay ACK in DCTCP upon CE status change Yuchung Cheng <ycheng(a)google.com> tcp: do not cancel delay-AcK on DCTCP special ACK Yuchung Cheng <ycheng(a)google.com> tcp: helpers to send special DCTCP ack Yuchung Cheng <ycheng(a)google.com> tcp: fix dctcp delayed ACK schedule Roopa Prabhu <roopa(a)cumulusnetworks.com> rtnetlink: add rtnl_link_state check in rtnl_configure_link Jack Morgenstein <jackm(a)dev.mellanox.co.il> net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper Paolo Abeni <pabeni(a)redhat.com> ip: hash fragments consistently Felix Fietkau <nbd(a)nbd.name> MIPS: ath79: fix register address in ath79_ddr_wb_flush() ------------- Diffstat: Makefile | 5 +- arch/arm/include/asm/uaccess.h | 2 +- arch/mips/ath79/common.c | 2 +- drivers/base/dd.c | 8 - drivers/net/can/xilinx_can.c | 323 +++++++++++++++++---- .../net/ethernet/mellanox/mlx4/resource_tracker.c | 2 +- drivers/usb/class/cdc-acm.c | 3 + drivers/usb/core/hub.c | 8 +- drivers/usb/gadget/function/f_fs.c | 2 +- include/net/tcp.h | 2 + net/core/rtnetlink.c | 9 +- net/ipv4/ip_output.c | 2 + net/ipv4/ip_sockglue.c | 7 +- net/ipv4/tcp_dctcp.c | 50 +--- net/ipv4/tcp_input.c | 21 +- net/ipv4/tcp_output.c | 33 ++- net/ipv6/datagram.c | 7 +- net/ipv6/ip6_output.c | 2 + 18 files changed, 357 insertions(+), 131 deletions(-)

7 years, 5 months

5
27
0 0

[PATCH 4.9 00/33] 4.9.116-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.116 release. There are 33 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Jul 29 10:08:17 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.116-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.116-rc1 Arnd Bergmann <arnd(a)arndb.de> exec: avoid gcc-8 warning for get_task_comm Arnd Bergmann <arnd(a)arndb.de> turn off -Wattribute-alias Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: fix RX overflow interrupt not being enabled Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: fix incorrect clear of non-processed interrupts Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: fix device dropping off bus on RX overrun Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: fix recovery from error states not being propagated Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: fix power management handling Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> driver core: Partially revert "driver core: correct device's shutdown order" Jerry Zhang <zhangjerry(a)google.com> usb: gadget: f_fs: Only return delayed status when len is 0 Bin Liu <b-liu(a)ti.com> usb: core: handle hub C_PORT_OVER_CURRENT condition Lubomir Rintel <lkundrak(a)v3.sk> usb: cdc_acm: Add quirk for Castles VEGA3000 Eric Dumazet <edumazet(a)google.com> tcp: call tcp_drop() from tcp_data_queue_ofo() Eric Dumazet <edumazet(a)google.com> tcp: detect malicious patterns in tcp_collapse_ofo_queue() Eric Dumazet <edumazet(a)google.com> tcp: avoid collapses in tcp_prune_queue() if possible Eric Dumazet <edumazet(a)google.com> tcp: free batches of packets in tcp_prune_ofo_queue() Yuchung Cheng <ycheng(a)google.com> tcp: do not delay ACK in DCTCP upon CE status change Yuchung Cheng <ycheng(a)google.com> tcp: do not cancel delay-AcK on DCTCP special ACK Yuchung Cheng <ycheng(a)google.com> tcp: helpers to send special DCTCP ack Yuchung Cheng <ycheng(a)google.com> tcp: fix dctcp delayed ACK schedule Roopa Prabhu <roopa(a)cumulusnetworks.com> rtnetlink: add rtnl_link_state check in rtnl_configure_link Heiner Kallweit <hkallweit1(a)gmail.com> net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv Hangbin Liu <liuhangbin(a)gmail.com> multicast: do not restore deleted record source filter mode to new one Eran Ben Elisha <eranbe(a)mellanox.com> net/mlx5e: Fix quota counting in aRFS expire flow Eran Ben Elisha <eranbe(a)mellanox.com> net/mlx5e: Don't allow aRFS for encapsulated packets Ariel Levkovich <lariel(a)mellanox.com> net/mlx5: Adjust clock overflow work period Eric Dumazet <edumazet(a)google.com> net: skb_segment() should not return NULL Jack Morgenstein <jackm(a)dev.mellanox.co.il> net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper Willem de Bruijn <willemb(a)google.com> ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull Paolo Abeni <pabeni(a)redhat.com> ip: hash fragments consistently Paul Burton <paul.burton(a)mips.com> MIPS: Fix off-by-one in pci_resource_to_user() Felix Fietkau <nbd(a)nbd.name> MIPS: ath79: fix register address in ath79_ddr_wb_flush() ------------- Diffstat: Makefile | 5 +- arch/mips/ath79/common.c | 2 +- arch/mips/pci/pci.c | 2 +- drivers/base/dd.c | 8 - drivers/net/can/xilinx_can.c | 392 +++++++++++++++------ .../net/ethernet/mellanox/mlx4/resource_tracker.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 7 +- drivers/net/ethernet/mellanox/mlx5/core/en_clock.c | 12 +- drivers/net/phy/phy.c | 2 +- drivers/usb/class/cdc-acm.c | 3 + drivers/usb/core/hub.c | 8 +- drivers/usb/gadget/function/f_fs.c | 2 +- fs/exec.c | 7 +- include/linux/sched.h | 6 +- include/linux/skbuff.h | 2 + include/net/tcp.h | 2 + net/core/rtnetlink.c | 9 +- net/core/skbuff.c | 10 +- net/ipv4/igmp.c | 3 +- net/ipv4/ip_output.c | 2 + net/ipv4/ip_sockglue.c | 7 +- net/ipv4/tcp_dctcp.c | 50 +-- net/ipv4/tcp_input.c | 40 ++- net/ipv4/tcp_output.c | 33 +- net/ipv6/datagram.c | 7 +- net/ipv6/ip6_output.c | 2 + net/ipv6/mcast.c | 3 +- 27 files changed, 431 insertions(+), 197 deletions(-)

7 years, 5 months

5
37
0 0

[PATCH 4.14 00/48] 4.14.59-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.59 release. There are 48 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Jul 29 09:58:59 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.59-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.59-rc1 Arnd Bergmann <arnd(a)arndb.de> turn off -Wattribute-alias Roman Fietze <roman.fietze(a)telemotive.de> can: m_can.c: fix setup of CCCR register: clear CCCR NISO bit before checking can.ctrlmode Stephane Grosjean <s.grosjean(a)peak-system.com> can: peak_canfd: fix firmware < v3.3.0: limit allocation to 32-bit DMA addr only Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: fix RX overflow interrupt not being enabled Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: fix incorrect clear of non-processed interrupts Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: fix device dropping off bus on RX overrun Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: fix recovery from error states not being propagated Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: fix power management handling Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> driver core: Partially revert "driver core: correct device's shutdown order" Jerry Zhang <zhangjerry(a)google.com> usb: gadget: f_fs: Only return delayed status when len is 0 Antti Seppälä <a.seppala(a)gmail.com> usb: dwc2: Fix DMA alignment to start at allocated boundary Bin Liu <b-liu(a)ti.com> usb: core: handle hub C_PORT_OVER_CURRENT condition Lubomir Rintel <lkundrak(a)v3.sk> usb: cdc_acm: Add quirk for Castles VEGA3000 Samuel Thibault <samuel.thibault(a)ens-lyon.org> staging: speakup: fix wraparound in uaccess length check Eric Dumazet <edumazet(a)google.com> tcp: add tcp_ooo_try_coalesce() helper Eric Dumazet <edumazet(a)google.com> tcp: call tcp_drop() from tcp_data_queue_ofo() Eric Dumazet <edumazet(a)google.com> tcp: detect malicious patterns in tcp_collapse_ofo_queue() Eric Dumazet <edumazet(a)google.com> tcp: avoid collapses in tcp_prune_queue() if possible Eric Dumazet <edumazet(a)google.com> tcp: free batches of packets in tcp_prune_ofo_queue() Yuchung Cheng <ycheng(a)google.com> tcp: do not delay ACK in DCTCP upon CE status change Yuchung Cheng <ycheng(a)google.com> tcp: do not cancel delay-AcK on DCTCP special ACK Yuchung Cheng <ycheng(a)google.com> tcp: helpers to send special DCTCP ack Yuchung Cheng <ycheng(a)google.com> tcp: fix dctcp delayed ACK schedule Roopa Prabhu <roopa(a)cumulusnetworks.com> vxlan: fix default fdb entry netlink notify ordering during netdev create Roopa Prabhu <roopa(a)cumulusnetworks.com> vxlan: make netlink notify in vxlan_fdb_destroy optional Roopa Prabhu <roopa(a)cumulusnetworks.com> vxlan: add new fdb alloc and create helpers Roopa Prabhu <roopa(a)cumulusnetworks.com> rtnetlink: add rtnl_link_state check in rtnl_configure_link Daniel Borkmann <daniel(a)iogearbox.net> sock: fix sg page frag coalescing in sk_alloc_sg Heiner Kallweit <hkallweit1(a)gmail.com> net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv Hangbin Liu <liuhangbin(a)gmail.com> multicast: do not restore deleted record source filter mode to new one David Ahern <dsahern(a)gmail.com> net/ipv6: Fix linklocal to global address with VRF Eran Ben Elisha <eranbe(a)mellanox.com> net/mlx5e: Fix quota counting in aRFS expire flow Eran Ben Elisha <eranbe(a)mellanox.com> net/mlx5e: Don't allow aRFS for encapsulated packets Ariel Levkovich <lariel(a)mellanox.com> net/mlx5: Adjust clock overflow work period Eric Dumazet <edumazet(a)google.com> net: skb_segment() should not return NULL Jack Morgenstein <jackm(a)dev.mellanox.co.il> net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper Willem de Bruijn <willemb(a)google.com> ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull Paolo Abeni <pabeni(a)redhat.com> ip: hash fragments consistently Jarod Wilson <jarod(a)redhat.com> bonding: set default miimon value for non-arp modes if not set Lyude Paul <lyude(a)redhat.com> drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs Lyude Paul <lyude(a)redhat.com> drm/nouveau/drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit() Alexey Kardashevskiy <aik(a)ozlabs.ru> KVM: PPC: Check if IOMMU page is contained in the pinned physical page Boris Ostrovsky <boris.ostrovsky(a)oracle.com> xen/PVH: Set up GS segment for stack canary Paul Burton <paul.burton(a)mips.com> MIPS: Fix off-by-one in pci_resource_to_user() Felix Fietkau <nbd(a)nbd.name> MIPS: ath79: fix register address in ath79_ddr_wb_flush() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting" ------------- Diffstat: Makefile | 5 +- arch/mips/ath79/common.c | 2 +- arch/mips/pci/pci.c | 2 +- arch/powerpc/include/asm/mmu_context.h | 4 +- arch/powerpc/kvm/book3s_64_vio.c | 2 +- arch/powerpc/kvm/book3s_64_vio_hv.c | 6 +- arch/powerpc/mm/mmu_context_iommu.c | 37 +- arch/x86/xen/xen-pvh.S | 26 +- drivers/base/dd.c | 8 - drivers/gpu/drm/nouveau/dispnv04/disp.c | 3 + drivers/gpu/drm/nouveau/nouveau_drm.c | 7 + drivers/gpu/drm/nouveau/nv50_display.c | 8 +- drivers/net/bonding/bond_options.c | 23 +- drivers/net/can/m_can/m_can.c | 3 +- drivers/net/can/peak_canfd/peak_pciefd_main.c | 19 + drivers/net/can/xilinx_can.c | 392 +++++++++++++++------ .../net/ethernet/mellanox/mlx4/resource_tracker.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 7 +- drivers/net/ethernet/mellanox/mlx5/core/en_clock.c | 12 +- drivers/net/phy/phy.c | 2 +- drivers/net/vxlan.c | 126 +++++-- drivers/staging/speakup/speakup_soft.c | 6 +- drivers/usb/class/cdc-acm.c | 3 + drivers/usb/core/hub.c | 8 +- drivers/usb/dwc2/hcd.c | 44 +-- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/vfio/vfio_iommu_spapr_tce.c | 2 +- fs/cifs/smb2pdu.c | 7 +- include/linux/skbuff.h | 2 + include/net/tcp.h | 7 + net/core/rtnetlink.c | 9 +- net/core/skbuff.c | 10 +- net/ipv4/igmp.c | 3 +- net/ipv4/ip_output.c | 2 + net/ipv4/ip_sockglue.c | 7 +- net/ipv4/tcp_dctcp.c | 50 +-- net/ipv4/tcp_input.c | 65 +++- net/ipv4/tcp_output.c | 33 +- net/ipv6/datagram.c | 7 +- net/ipv6/icmp.c | 5 +- net/ipv6/ip6_output.c | 2 + net/ipv6/mcast.c | 3 +- net/ipv6/tcp_ipv6.c | 6 +- net/tls/tls_sw.c | 7 +- 44 files changed, 691 insertions(+), 295 deletions(-)

7 years, 5 months

4
49
0 0

FAILED: patch "[PATCH] spi: spi-s3c64xx: Fix system resume support" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e935dba111621bd6a0c5d48e6511a4d9885103b4 Mon Sep 17 00:00:00 2001 From: Marek Szyprowski <m.szyprowski(a)samsung.com> Date: Wed, 16 May 2018 10:42:39 +0200 Subject: [PATCH] spi: spi-s3c64xx: Fix system resume support Since Linux v4.10 release (commit 1d9174fbc55e "PM / Runtime: Defer resuming of the device in pm_runtime_force_resume()"), pm_runtime_force_resume() function doesn't runtime resume device if it was not runtime active before system suspend. Thus, driver should not do any register access after pm_runtime_force_resume() without checking the runtime status of the device. To fix this issue, simply move s3c64xx_spi_hwinit() call to s3c64xx_spi_runtime_resume() to ensure that hardware is always properly initialized. This fixes Synchronous external abort issue on system suspend/resume cycle on newer Exynos SoCs. Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Reviewed-by: Krzysztof Kozlowski <krzk(a)kernel.org> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/spi/spi-s3c64xx.c b/drivers/spi/spi-s3c64xx.c index f55dc78957ad..7b7151ec14c8 100644 --- a/drivers/spi/spi-s3c64xx.c +++ b/drivers/spi/spi-s3c64xx.c @@ -1292,8 +1292,6 @@ static int s3c64xx_spi_resume(struct device *dev) if (ret < 0) return ret; - s3c64xx_spi_hwinit(sdd); - return spi_master_resume(master); } #endif /* CONFIG_PM_SLEEP */ @@ -1331,6 +1329,8 @@ static int s3c64xx_spi_runtime_resume(struct device *dev) if (ret != 0) goto err_disable_src_clk; + s3c64xx_spi_hwinit(sdd); + return 0; err_disable_src_clk:

7 years, 5 months

3
2
0 0

request for 4.14-stable: 2a78cb4db487 ("IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write()")

by Sudip Mukherjee

Hi Greg, These were missing in 4.14-stable. Sending them together as the second commit fixes the first. Please apply to your queue. -- Regards Sudip

7 years, 5 months

2
1
0 0

request for 4.14-stable: a1ae7d0345ed ("RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access")

by Sudip Mukherjee

Hi Greg, These were missing in 4.14-stable. Sending them together as the second commit fixes the first. Please apply them to your queue. -- Regards Sudip

7 years, 5 months

2
1
0 0

Linux 4.14.59

by Greg KH

I'm announcing the release of the 4.14.59 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 3 arch/mips/ath79/common.c | 2 arch/mips/pci/pci.c | 2 arch/powerpc/include/asm/mmu_context.h | 4 arch/powerpc/kvm/book3s_64_vio.c | 2 arch/powerpc/kvm/book3s_64_vio_hv.c | 6 arch/powerpc/mm/mmu_context_iommu.c | 37 + arch/x86/xen/xen-pvh.S | 26 + drivers/base/dd.c | 8 drivers/gpu/drm/nouveau/dispnv04/disp.c | 3 drivers/gpu/drm/nouveau/nouveau_drm.c | 7 drivers/gpu/drm/nouveau/nv50_display.c | 8 drivers/net/bonding/bond_options.c | 23 - drivers/net/can/m_can/m_can.c | 3 drivers/net/can/peak_canfd/peak_pciefd_main.c | 19 drivers/net/can/xilinx_can.c | 392 +++++++++++++----- drivers/net/ethernet/mellanox/mlx4/resource_tracker.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 7 drivers/net/ethernet/mellanox/mlx5/core/en_clock.c | 12 drivers/net/phy/phy.c | 2 drivers/net/vxlan.c | 126 +++-- drivers/staging/speakup/speakup_soft.c | 6 drivers/usb/class/cdc-acm.c | 3 drivers/usb/core/hub.c | 8 drivers/usb/dwc2/hcd.c | 44 +- drivers/usb/gadget/function/f_fs.c | 2 drivers/vfio/vfio_iommu_spapr_tce.c | 2 fs/cifs/smb2pdu.c | 7 include/linux/skbuff.h | 2 include/net/tcp.h | 7 net/core/rtnetlink.c | 9 net/core/skbuff.c | 10 net/ipv4/igmp.c | 3 net/ipv4/ip_output.c | 2 net/ipv4/ip_sockglue.c | 7 net/ipv4/tcp_dctcp.c | 50 -- net/ipv4/tcp_input.c | 65 ++ net/ipv4/tcp_output.c | 33 + net/ipv6/datagram.c | 7 net/ipv6/icmp.c | 5 net/ipv6/ip6_output.c | 2 net/ipv6/mcast.c | 3 net/ipv6/tcp_ipv6.c | 6 net/tls/tls_sw.c | 7 44 files changed, 690 insertions(+), 294 deletions(-) Alexey Kardashevskiy (1): KVM: PPC: Check if IOMMU page is contained in the pinned physical page Anssi Hannula (7): can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK can: xilinx_can: fix power management handling can: xilinx_can: fix recovery from error states not being propagated can: xilinx_can: fix device dropping off bus on RX overrun can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting can: xilinx_can: fix incorrect clear of non-processed interrupts can: xilinx_can: fix RX overflow interrupt not being enabled Antti Seppälä (1): usb: dwc2: Fix DMA alignment to start at allocated boundary Ariel Levkovich (1): net/mlx5: Adjust clock overflow work period Arnd Bergmann (1): turn off -Wattribute-alias Bin Liu (1): usb: core: handle hub C_PORT_OVER_CURRENT condition Boris Ostrovsky (1): xen/PVH: Set up GS segment for stack canary Daniel Borkmann (1): sock: fix sg page frag coalescing in sk_alloc_sg David Ahern (1): net/ipv6: Fix linklocal to global address with VRF Eran Ben Elisha (2): net/mlx5e: Don't allow aRFS for encapsulated packets net/mlx5e: Fix quota counting in aRFS expire flow Eric Dumazet (6): net: skb_segment() should not return NULL tcp: free batches of packets in tcp_prune_ofo_queue() tcp: avoid collapses in tcp_prune_queue() if possible tcp: detect malicious patterns in tcp_collapse_ofo_queue() tcp: call tcp_drop() from tcp_data_queue_ofo() tcp: add tcp_ooo_try_coalesce() helper Felix Fietkau (1): MIPS: ath79: fix register address in ath79_ddr_wb_flush() Greg Kroah-Hartman (2): Revert "cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting" Linux 4.14.59 Hangbin Liu (1): multicast: do not restore deleted record source filter mode to new one Heiner Kallweit (1): net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv Jack Morgenstein (1): net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper Jarod Wilson (1): bonding: set default miimon value for non-arp modes if not set Jerry Zhang (1): usb: gadget: f_fs: Only return delayed status when len is 0 Lubomir Rintel (1): usb: cdc_acm: Add quirk for Castles VEGA3000 Lyude Paul (2): drm/nouveau/drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit() drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs Paolo Abeni (1): ip: hash fragments consistently Paul Burton (1): MIPS: Fix off-by-one in pci_resource_to_user() Rafael J. Wysocki (1): driver core: Partially revert "driver core: correct device's shutdown order" Roman Fietze (1): can: m_can.c: fix setup of CCCR register: clear CCCR NISO bit before checking can.ctrlmode Roopa Prabhu (4): rtnetlink: add rtnl_link_state check in rtnl_configure_link vxlan: add new fdb alloc and create helpers vxlan: make netlink notify in vxlan_fdb_destroy optional vxlan: fix default fdb entry netlink notify ordering during netdev create Samuel Thibault (1): staging: speakup: fix wraparound in uaccess length check Stephane Grosjean (1): can: peak_canfd: fix firmware < v3.3.0: limit allocation to 32-bit DMA addr only Willem de Bruijn (1): ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull Yuchung Cheng (4): tcp: fix dctcp delayed ACK schedule tcp: helpers to send special DCTCP ack tcp: do not cancel delay-AcK on DCTCP special ACK tcp: do not delay ACK in DCTCP upon CE status change

7 years, 5 months

1
1
0 0

Linux 4.9.116

by Greg KH

I'm announcing the release of the 4.9.116 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 3 arch/mips/ath79/common.c | 2 arch/mips/pci/pci.c | 2 drivers/base/dd.c | 8 drivers/net/can/xilinx_can.c | 392 +++++++++++++----- drivers/net/ethernet/mellanox/mlx4/resource_tracker.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c | 7 drivers/net/ethernet/mellanox/mlx5/core/en_clock.c | 12 drivers/net/phy/phy.c | 2 drivers/usb/class/cdc-acm.c | 3 drivers/usb/core/hub.c | 8 drivers/usb/gadget/function/f_fs.c | 2 fs/exec.c | 7 include/linux/sched.h | 6 include/linux/skbuff.h | 2 include/net/tcp.h | 2 net/core/rtnetlink.c | 9 net/core/skbuff.c | 10 net/ipv4/igmp.c | 3 net/ipv4/ip_output.c | 2 net/ipv4/ip_sockglue.c | 7 net/ipv4/tcp_dctcp.c | 50 -- net/ipv4/tcp_input.c | 40 + net/ipv4/tcp_output.c | 33 + net/ipv6/datagram.c | 7 net/ipv6/ip6_output.c | 2 net/ipv6/mcast.c | 3 27 files changed, 430 insertions(+), 196 deletions(-) Anssi Hannula (7): can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK can: xilinx_can: fix power management handling can: xilinx_can: fix recovery from error states not being propagated can: xilinx_can: fix device dropping off bus on RX overrun can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting can: xilinx_can: fix incorrect clear of non-processed interrupts can: xilinx_can: fix RX overflow interrupt not being enabled Ariel Levkovich (1): net/mlx5: Adjust clock overflow work period Arnd Bergmann (2): turn off -Wattribute-alias exec: avoid gcc-8 warning for get_task_comm Bin Liu (1): usb: core: handle hub C_PORT_OVER_CURRENT condition Eran Ben Elisha (2): net/mlx5e: Don't allow aRFS for encapsulated packets net/mlx5e: Fix quota counting in aRFS expire flow Eric Dumazet (5): net: skb_segment() should not return NULL tcp: free batches of packets in tcp_prune_ofo_queue() tcp: avoid collapses in tcp_prune_queue() if possible tcp: detect malicious patterns in tcp_collapse_ofo_queue() tcp: call tcp_drop() from tcp_data_queue_ofo() Felix Fietkau (1): MIPS: ath79: fix register address in ath79_ddr_wb_flush() Greg Kroah-Hartman (1): Linux 4.9.116 Hangbin Liu (1): multicast: do not restore deleted record source filter mode to new one Heiner Kallweit (1): net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv Jack Morgenstein (1): net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper Jerry Zhang (1): usb: gadget: f_fs: Only return delayed status when len is 0 Lubomir Rintel (1): usb: cdc_acm: Add quirk for Castles VEGA3000 Paolo Abeni (1): ip: hash fragments consistently Paul Burton (1): MIPS: Fix off-by-one in pci_resource_to_user() Rafael J. Wysocki (1): driver core: Partially revert "driver core: correct device's shutdown order" Roopa Prabhu (1): rtnetlink: add rtnl_link_state check in rtnl_configure_link Willem de Bruijn (1): ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull Yuchung Cheng (4): tcp: fix dctcp delayed ACK schedule tcp: helpers to send special DCTCP ack tcp: do not cancel delay-AcK on DCTCP special ACK tcp: do not delay ACK in DCTCP upon CE status change

7 years, 5 months

1
1
0 0

Linux 4.4.145

by Greg KH

I'm announcing the release of the 4.4.145 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 3 arch/arm/include/asm/uaccess.h | 2 arch/mips/ath79/common.c | 2 drivers/base/dd.c | 8 drivers/net/can/xilinx_can.c | 323 ++++++++++++++---- drivers/net/ethernet/mellanox/mlx4/resource_tracker.c | 2 drivers/usb/class/cdc-acm.c | 3 drivers/usb/core/hub.c | 8 drivers/usb/gadget/function/f_fs.c | 2 include/net/tcp.h | 2 net/core/rtnetlink.c | 9 net/ipv4/ip_output.c | 2 net/ipv4/ip_sockglue.c | 7 net/ipv4/tcp_dctcp.c | 50 -- net/ipv4/tcp_input.c | 22 + net/ipv4/tcp_output.c | 33 + net/ipv6/datagram.c | 7 net/ipv6/ip6_output.c | 2 18 files changed, 357 insertions(+), 130 deletions(-) Anssi Hannula (6): can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK can: xilinx_can: fix recovery from error states not being propagated can: xilinx_can: fix device dropping off bus on RX overrun can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting can: xilinx_can: fix incorrect clear of non-processed interrupts can: xilinx_can: fix RX overflow interrupt not being enabled Arnd Bergmann (2): turn off -Wattribute-alias ARM: fix put_user() for gcc-8 Bin Liu (1): usb: core: handle hub C_PORT_OVER_CURRENT condition Eric Dumazet (2): tcp: avoid collapses in tcp_prune_queue() if possible tcp: detect malicious patterns in tcp_collapse_ofo_queue() Felix Fietkau (1): MIPS: ath79: fix register address in ath79_ddr_wb_flush() Greg Kroah-Hartman (1): Linux 4.4.145 Jack Morgenstein (1): net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper Jerry Zhang (1): usb: gadget: f_fs: Only return delayed status when len is 0 Lubomir Rintel (1): usb: cdc_acm: Add quirk for Castles VEGA3000 Paolo Abeni (1): ip: hash fragments consistently Rafael J. Wysocki (1): driver core: Partially revert "driver core: correct device's shutdown order" Roopa Prabhu (1): rtnetlink: add rtnl_link_state check in rtnl_configure_link Willem de Bruijn (1): ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull Yuchung Cheng (4): tcp: fix dctcp delayed ACK schedule tcp: helpers to send special DCTCP ack tcp: do not cancel delay-AcK on DCTCP special ACK tcp: do not delay ACK in DCTCP upon CE status change

7 years, 5 months

1
1
0 0

Linux 3.18.117

by Greg KH

I'm announcing the release of the 3.18.117 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 3 arch/arc/include/asm/page.h | 2 arch/arc/include/asm/pgtable.h | 2 arch/arm/include/asm/uaccess.h | 2 arch/x86/kernel/cpu/mcheck/mce.c | 3 drivers/net/can/xilinx_can.c | 98 +++++++++++++----- drivers/net/ethernet/mellanox/mlx4/resource_tracker.c | 2 drivers/ptp/ptp_chardev.c | 1 drivers/usb/class/cdc-acm.c | 3 drivers/usb/core/hub.c | 8 + drivers/usb/gadget/function/f_fs.c | 2 fs/fat/inode.c | 20 ++- include/linux/skbuff.h | 12 +- include/net/tcp.h | 2 net/core/rtnetlink.c | 9 + net/core/skbuff.c | 1 net/ipv4/ip_output.c | 2 net/ipv4/sysctl_net_ipv4.c | 5 net/ipv4/tcp_dctcp.c | 50 ++------- net/ipv4/tcp_input.c | 22 +++- net/ipv4/tcp_output.c | 33 ++++-- net/ipv6/ip6_output.c | 2 sound/core/rawmidi.c | 20 ++- 23 files changed, 198 insertions(+), 106 deletions(-) Alexey Brodkin (1): ARC: Fix CONFIG_SWAP Anssi Hannula (4): can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK can: xilinx_can: fix device dropping off bus on RX overrun can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting can: xilinx_can: fix RX overflow interrupt not being enabled Arnd Bergmann (2): ARM: fix put_user() for gcc-8 turn off -Wattribute-alias Bin Liu (1): usb: core: handle hub C_PORT_OVER_CURRENT condition Dewet Thibaut (1): x86/MCE: Remove min interval polling limitation Eric Dumazet (2): tcp: avoid collapses in tcp_prune_queue() if possible tcp: detect malicious patterns in tcp_collapse_ofo_queue() Greg Kroah-Hartman (1): Linux 3.18.117 Gustavo A. R. Silva (1): ptp: fix missing break in switch Jack Morgenstein (1): net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper Jerry Zhang (1): usb: gadget: f_fs: Only return delayed status when len is 0 Lubomir Rintel (1): usb: cdc_acm: Add quirk for Castles VEGA3000 OGAWA Hirofumi (1): fat: fix memory allocation failure handling of match_strdup() Paolo Abeni (1): ip: hash fragments consistently Roopa Prabhu (1): rtnetlink: add rtnl_link_state check in rtnl_configure_link Stefano Brivio (2): net: Don't copy pfmemalloc flag in __copy_skb_header() skbuff: Unconditionally copy pfmemalloc in __skb_clone() Takashi Iwai (1): ALSA: rawmidi: Change resized buffers atomically Tyler Hicks (1): ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns Vineet Gupta (1): ARC: mm: allow mprotect to make stack mappings executable Yuchung Cheng (4): tcp: fix dctcp delayed ACK schedule tcp: helpers to send special DCTCP ack tcp: do not cancel delay-AcK on DCTCP special ACK tcp: do not delay ACK in DCTCP upon CE status change

7 years, 5 months

1
1
0 0

[PATCH 4.4 00/47] 4.4.140-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.140 release. There are 47 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Jul 12 18:23:24 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.140-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.140-rc1 Dan Carpenter <dan.carpenter(a)oracle.com> staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write() Jann Horn <jannh(a)google.com> netfilter: nf_log: don't hold nf_log_mutex during user access Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> mtd: cfi_cmdset_0002: Change erase functions to check chip good only Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> mtd: cfi_cmdset_0002: Change erase functions to retry for error Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> mtd: cfi_cmdset_0002: Change definition naming to retry write operation Mikulas Patocka <mpatocka(a)redhat.com> dm bufio: don't take the lock in dm_bufio_shrink_count Martin Kaiser <martin(a)kaiser.cx> mtd: rawnand: mxc: set spare area size register explicitly Mikulas Patocka <mpatocka(a)redhat.com> dm bufio: drop the lock when doing GFP_NOIO allocation Douglas Anderson <dianders(a)chromium.org> dm bufio: avoid sleeping while holding the dm_bufio lock Vlastimil Babka <vbabka(a)suse.cz> mm, page_alloc: do not break __GFP_THISNODE by zonelist reset Brad Love <brad(a)nextdimension.cc> media: cx25840: Use subdev host data for PLL override Tony Luck <tony.luck(a)intel.com> x86/mce: Fix incorrect "Machine check from unknown source" message Yazen Ghannam <Yazen.Ghannam(a)amd.com> x86/mce: Detect local MCEs properly Daniel Rosenberg <drosen(a)google.com> HID: debug: check length before copy_to_user() Gustavo A. R. Silva <gustavo(a)embeddedor.com> HID: hiddev: fix potential Spectre v1 Jason Andryuk <jandryuk(a)gmail.com> HID: i2c-hid: Fix "incomplete report" noise Jon Derrick <jonathan.derrick(a)intel.com> ext4: check superblock mapped prior to committing Theodore Ts'o <tytso(a)mit.edu> ext4: add more mount time checks of the superblock Theodore Ts'o <tytso(a)mit.edu> ext4: add more inode number paranoia checks Theodore Ts'o <tytso(a)mit.edu> ext4: clear i_data in ext4_inode_info when removing inline data Theodore Ts'o <tytso(a)mit.edu> ext4: include the illegal physical block in the bad map ext4_error msg Theodore Ts'o <tytso(a)mit.edu> ext4: verify the depth of extent tree in ext4_find_extent() Theodore Ts'o <tytso(a)mit.edu> ext4: only look at the bg_flags field if it is valid Theodore Ts'o <tytso(a)mit.edu> ext4: always check block group bounds in ext4_init_block_bitmap() Theodore Ts'o <tytso(a)mit.edu> ext4: make sure bitmaps and the inode table don't overlap with bg descriptors Theodore Ts'o <tytso(a)mit.edu> jbd2: don't mark block as modified if the handle is out of credits Paulo Alcantara <paulo(a)paulo.ac> cifs: Fix infinite loop when using hard mount option Lars Ellenberg <lars.ellenberg(a)linbit.com> drbd: fix access after free Christian Borntraeger <borntraeger(a)de.ibm.com> s390: Correct register corruption in critical section cleanup Jann Horn <jannh(a)google.com> scsi: sg: mitigate read/write abuse Changbin Du <changbin.du(a)intel.com> tracing: Fix missing return symbol in function_graph output Cannon Matthews <cannonmatthews(a)google.com> mm: hugetlb: yield when prepping struct pages Richard Weinberger <richard(a)nod.at> ubi: fastmap: Correctly handle interrupted erasures in EBA Sean Nyekjaer <sean.nyekjaer(a)prevas.dk> ARM: dts: imx6q: Use correct SDMA script for SPI5 core Taehee Yoo <ap420073(a)gmail.com> netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() Keith Busch <keith.busch(a)intel.com> nvme-pci: initialize queue memory before interrupts Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Do not modify singlestep buffer while resuming Ben Hutchings <ben.hutchings(a)codethink.co.uk> ipv4: Fix error return value in fib_convert_metrics() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: fix resume by always initializing registers before transfer Vasanthakumar Thiagarajan <vthiagar(a)qti.qualcomm.com> ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode Dave Hansen <dave.hansen(a)linux.intel.com> x86/boot: Fix early command-line parsing when matching at end Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> n_tty: Access echo_* variables carefully. Laura Abbott <labbott(a)redhat.com> staging: android: ion: Return an ERR_PTR in ion_map_kernel Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> n_tty: Fix stall at n_tty_receive_char_special(). Karoly Pados <pados(a)pados.hu> USB: serial: cp210x: add Silicon Labs IDs for Windows Update Johan Hovold <johan(a)kernel.org> USB: serial: cp210x: add CESINEL device ids Houston Yaroschoff <hstn(a)4ever3.net> usb: cdc_acm: Add quirk for Uniden UBC125 scanner ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/imx6q.dtsi | 2 +- arch/s390/kernel/entry.S | 4 +- arch/x86/kernel/cpu/mcheck/mce.c | 51 ++++++++----- arch/x86/kernel/kprobes/core.c | 42 ++++++----- arch/x86/lib/cmdline.c | 34 ++++++--- drivers/block/drbd/drbd_worker.c | 2 +- drivers/hid/hid-debug.c | 8 ++- drivers/hid/i2c-hid/i2c-hid.c | 2 +- drivers/hid/usbhid/hiddev.c | 11 +++ drivers/i2c/busses/i2c-rcar.c | 3 +- drivers/md/dm-bufio.c | 31 ++++---- drivers/media/i2c/cx25840/cx25840-core.c | 28 ++++++-- drivers/mtd/chips/cfi_cmdset_0002.c | 30 +++++--- drivers/mtd/nand/mxc_nand.c | 5 +- drivers/mtd/ubi/eba.c | 92 +++++++++++++++++++++++- drivers/net/wireless/ath/ath10k/htt_rx.c | 5 +- drivers/nvme/host/pci.c | 4 +- drivers/scsi/sg.c | 42 ++++++++++- drivers/staging/android/ion/ion_heap.c | 2 +- drivers/staging/comedi/drivers/quatech_daqp_cs.c | 2 +- drivers/tty/n_tty.c | 55 ++++++++------ drivers/usb/class/cdc-acm.c | 3 + drivers/usb/serial/cp210x.c | 14 ++++ fs/cifs/cifssmb.c | 10 ++- fs/cifs/smb2pdu.c | 18 +++-- fs/ext4/balloc.c | 21 +++--- fs/ext4/ext4.h | 5 -- fs/ext4/ext4_extents.h | 1 + fs/ext4/extents.c | 6 ++ fs/ext4/ialloc.c | 14 +++- fs/ext4/inline.c | 1 + fs/ext4/inode.c | 7 +- fs/ext4/mballoc.c | 6 +- fs/ext4/super.c | 86 ++++++++++++++++++---- fs/jbd2/transaction.c | 9 ++- kernel/trace/trace_functions_graph.c | 5 +- mm/hugetlb.c | 1 + mm/page_alloc.c | 2 - net/ipv4/fib_semantics.c | 2 +- net/netfilter/nf_log.c | 9 ++- net/netfilter/nf_tables_core.c | 3 +- 42 files changed, 513 insertions(+), 169 deletions(-)

7 years, 5 months

7
55
0 0

FAILED: patch "[PATCH] MIPS: Fix off-by-one in pci_resource_to_user()" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 38c0a74fe06da3be133cae3fb7bde6a9438e698b Mon Sep 17 00:00:00 2001 From: Paul Burton <paul.burton(a)mips.com> Date: Thu, 12 Jul 2018 09:33:04 -0700 Subject: [PATCH] MIPS: Fix off-by-one in pci_resource_to_user() The MIPS implementation of pci_resource_to_user() introduced in v3.12 by commit 4c2924b725fb ("MIPS: PCI: Use pci_resource_to_user to map pci memory space properly") incorrectly sets *end to the address of the byte after the resource, rather than the last byte of the resource. This results in userland seeing resources as a byte larger than they actually are, for example a 32 byte BAR will be reported by a tool such as lspci as being 33 bytes in size: Region 2: I/O ports at 1000 [disabled] [size=33] Correct this by subtracting one from the calculated end address, reporting the correct address to userland. Signed-off-by: Paul Burton <paul.burton(a)mips.com> Reported-by: Rui Wang <rui.wang(a)windriver.com> Fixes: 4c2924b725fb ("MIPS: PCI: Use pci_resource_to_user to map pci memory space properly") Cc: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: Wolfgang Grandegger <wg(a)grandegger.com> Cc: linux-mips(a)linux-mips.org Cc: stable(a)vger.kernel.org # v3.12+ Patchwork: https://patchwork.linux-mips.org/patch/19829/ diff --git a/arch/mips/pci/pci.c b/arch/mips/pci/pci.c index 9632436d74d7..c2e94cf5ecda 100644 --- a/arch/mips/pci/pci.c +++ b/arch/mips/pci/pci.c @@ -54,5 +54,5 @@ void pci_resource_to_user(const struct pci_dev *dev, int bar, phys_addr_t size = resource_size(rsrc); *start = fixup_bigphys_addr(rsrc->start, size); - *end = rsrc->start + size; + *end = rsrc->start + size - 1; }

7 years, 5 months

2
1
0 0

Re: [PATCH v3] cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()

by Serge E. Hallyn

Quoting Eddie.Horng (eddie.horng(a)mediatek.com): > > The code in cap_inode_getsecurity(), introduced by commit 8db6c34f1dbc > ("Introduce v3 namespaced file capabilities"), should use > d_find_any_alias() instead of d_find_alias() do handle unhashed dentry > correctly. This is needed, for example, if execveat() is called with an > open but unlinked overlayfs file, because overlayfs unhashes dentry on > unlink. > This is a regression of real life application, first reported at > https://www.spinics.net/lists/linux-unionfs/msg05363.html > > Below reproducer and setup can reproduce the case. > const char* exec="echo"; > const char *newargv[] = { "echo", "hello", NULL}; > const char *newenviron[] = { NULL }; > int fd, err; > > fd = open(exec, O_PATH); > unlink(exec); > err = syscall(322/*SYS_execveat*/, fd, "", newargv, newenviron, > AT_EMPTY_PATH); > if(err<0) > fprintf(stderr, "execveat: %s\n", strerror(errno)); > > gcc compile into ~/test/a.out > mount -t overlay -orw,lowerdir=/mnt/l,upperdir=/mnt/u,workdir=/mnt/w > none /mnt/m > cd /mnt/m > cp /bin/echo . > ~/test/a.out > > Expected result: > hello > Actually result: > execveat: Invalid argument > dmesg: > Invalid argument reading file caps for /dev/fd/3 > > The 2nd reproducer and setup emulates similar case but for > regular filesystem: > const char* exec="echo"; > int fd, err; > char buf[256]; > > fd = open(exec, O_RDONLY); > unlink(exec); > err = fgetxattr(fd, "security.capability", buf, 256); > if(err<0) > fprintf(stderr, "fgetxattr: %s\n", strerror(errno)); > > gcc compile into ~/test_fgetxattr > > cd /tmp > cp /bin/echo . > ~/test_fgetxattr > > Result: > fgetxattr: Invalid argument > > On regular filesystem, for example, ext4 read xattr from > disk and return to execveat(), will not trigger this issue, however, > the overlay attr handler pass real dentry to vfs_getxattr() will. > This reproducer calls fgetxattr() with an unlinked fd, involkes > vfs_getxattr() then reproduced the case that d_find_alias() in > cap_inode_getsecurity() can't find the unlinked dentry. > > > Suggested-by: Amir Goldstein <amir73il(a)gmail.com> > Acked-by: Amir Goldstein <amir73il(a)gmail.com> > Acked-by: Serge E. Hallyn <serge(a)hallyn.com> > Fixes: 8db6c34f1dbc ("Introduce v3 namespaced file capabilities") > Cc: <stable(a)vger.kernel.org> # v4.14 > Signed-off-by: Eddie Horng <eddie.horng(a)mediatek.com> Hey Eric, if the patch looks ok to you, do you mind pulling it in through your tree? thanks, -serge > --- > Changes in v2: > - fix commit message wrapped at 74 chars > - added previous acked-by > > --- > Changes in v3: > - added original case report link > - added 2nd reproducer for regular filesystems > - added acked-by Serge E. Hallyn > - add Cc > > --- > security/commoncap.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/security/commoncap.c b/security/commoncap.c > index 1ce701fcb3f3..147f6131842a 100644 > --- a/security/commoncap.c > +++ b/security/commoncap.c > @@ -388,7 +388,7 @@ int cap_inode_getsecurity(struct inode *inode, const > char *name, void **buffer, > if (strcmp(name, "capability") != 0) > return -EOPNOTSUPP; > > - dentry = d_find_alias(inode); > + dentry = d_find_any_alias(inode); > if (!dentry) > return -EINVAL; > > -- > 2.12.5 >

7 years, 5 months

1
0
0 0

+ ipc-shmc-add-pagesize-function-to-shm_vm_ops.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: ipc/shm.c add ->pagesize function to shm_vm_ops has been added to the -mm tree. Its filename is ipc-shmc-add-pagesize-function-to-shm_vm_ops.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/ipc-shmc-add-pagesize-function-to-… and later at http://ozlabs.org/~akpm/mmotm/broken-out/ipc-shmc-add-pagesize-function-to-… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Jane Chu <jane.chu(a)oracle.com> Subject: ipc/shm.c add ->pagesize function to shm_vm_ops 05ea88608d4e13 (mm, hugetlbfs: introduce ->pagesize() to vm_operations_struct) adds a new ->pagesize() function to hugetlb_vm_ops, intended to cover all hugetlbfs backed files. With System V shared memory model, if "huge page" is specified, the "shared memory" is backed by hugetlbfs files, but the mappings initiated via shmget/shmat have their original vm_ops overwritten with shm_vm_ops, so we need to add a ->pagesize function to shm_vm_ops. Otherwise, vma_kernel_pagesize() returns PAGE_SIZE given a hugetlbfs backed vma, result in below BUG: fs/hugetlbfs/inode.c 443 if (unlikely(page_mapped(page))) { 444 BUG_ON(truncate_op); [ 242.268342] hugetlbfs: oracle (4592): Using mlock ulimits for SHM_HUGETLB is deprecated [ 282.653208] ------------[ cut here ]------------ [ 282.708447] kernel BUG at fs/hugetlbfs/inode.c:444! [ 282.818957] Modules linked in: nfsv3 rpcsec_gss_krb5 nfsv4 ... [ 284.025873] CPU: 35 PID: 5583 Comm: oracle_5583_sbt Not tainted 4.14.35-1829.el7uek.x86_64 #2 [ 284.246609] task: ffff9bf0507aaf80 task.stack: ffffa9e625628000 [ 284.317455] RIP: 0010:remove_inode_hugepages+0x3db/0x3e2 .... [ 285.292389] Call Trace: [ 285.321630] hugetlbfs_evict_inode+0x1e/0x3e [ 285.372707] evict+0xdb/0x1af [ 285.408185] iput+0x1a2/0x1f7 [ 285.443661] dentry_unlink_inode+0xc6/0xf0 [ 285.492661] __dentry_kill+0xd8/0x18d [ 285.536459] dput+0x1b5/0x1ed [ 285.571939] __fput+0x18b/0x216 [ 285.609495] ____fput+0xe/0x10 [ 285.646030] task_work_run+0x90/0xa7 [ 285.688788] exit_to_usermode_loop+0xdd/0x116 [ 285.740905] do_syscall_64+0x187/0x1ae [ 285.785740] entry_SYSCALL_64_after_hwframe+0x150/0x0 Link: http://lkml.kernel.org/r/20180727211727.5020-1-jane.chu@oracle.com Fixes: 05ea88608d4e13 ("mm, hugetlbfs: introduce ->pagesize() to vm_operations_struct") Signed-off-by: Jane Chu <jane.chu(a)oracle.com> Suggested-by: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Jan Kara <jack(a)suse.cz> Cc: Jérôme Glisse <jglisse(a)redhat.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Manfred Spraul <manfred(a)colorfullife.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN include/linux/mm.h~ipc-shmc-add-pagesize-function-to-shm_vm_ops include/linux/mm.h --- a/include/linux/mm.h~ipc-shmc-add-pagesize-function-to-shm_vm_ops +++ a/include/linux/mm.h @@ -389,6 +389,13 @@ enum page_entry_size { * These are the virtual MM functions - opening of an area, closing and * unmapping it (needed to keep files on disk up-to-date etc), pointer * to the functions called when a no-page or a wp-page exception occurs. + * + * Note, when a new function is introduced to vm_operations_struct and + * added to hugetlb_vm_ops, please consider adding the function to + * shm_vm_ops. This is because under System V memory model, though + * mappings created via shmget/shmat with "huge page" specified are + * backed by hugetlbfs files, their original vm_ops are overwritten with + * shm_vm_ops. */ struct vm_operations_struct { void (*open)(struct vm_area_struct * area); diff -puN ipc/shm.c~ipc-shmc-add-pagesize-function-to-shm_vm_ops ipc/shm.c --- a/ipc/shm.c~ipc-shmc-add-pagesize-function-to-shm_vm_ops +++ a/ipc/shm.c @@ -427,6 +427,17 @@ static int shm_split(struct vm_area_stru return 0; } +static unsigned long shm_pagesize(struct vm_area_struct *vma) +{ + struct file *file = vma->vm_file; + struct shm_file_data *sfd = shm_file_data(file); + + if (sfd->vm_ops->pagesize) + return sfd->vm_ops->pagesize(vma); + + return PAGE_SIZE; +} + #ifdef CONFIG_NUMA static int shm_set_policy(struct vm_area_struct *vma, struct mempolicy *new) { @@ -554,6 +565,7 @@ static const struct vm_operations_struct .close = shm_close, /* callback for when the vm-area is released */ .fault = shm_fault, .split = shm_split, + .pagesize = shm_pagesize, #if defined(CONFIG_NUMA) .set_policy = shm_set_policy, .get_policy = shm_get_policy, _ Patches currently in -mm which might be from jane.chu(a)oracle.com are ipc-shmc-add-pagesize-function-to-shm_vm_ops.patch

7 years, 5 months

1
0
0 0

[merged] kvm-mm-account-shadow-page-tables-to-kmemcg.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: kvm, mm: account shadow page tables to kmemcg has been removed from the -mm tree. Its filename was kvm-mm-account-shadow-page-tables-to-kmemcg.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Shakeel Butt <shakeelb(a)google.com> Subject: kvm, mm: account shadow page tables to kmemcg The size of kvm's shadow page tables corresponds to the size of the guest virtual machines on the system. Large VMs can spend a significant amount of memory as shadow page tables which can not be left as system memory overhead. So, account shadow page tables to the kmemcg. [shakeelb(a)google.com: replace (GFP_KERNEL|__GFP_ACCOUNT) with GFP_KERNEL_ACCOUNT] Link: http://lkml.kernel.org/r/20180629140224.205849-1-shakeelb@google.com Link: http://lkml.kernel.org/r/20180627181349.149778-1-shakeelb@google.com Signed-off-by: Shakeel Butt <shakeelb(a)google.com> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Vladimir Davydov <vdavydov.dev(a)gmail.com> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Greg Thelen <gthelen(a)google.com> Cc: Radim Krčmář <rkrcmar(a)redhat.com> Cc: Peter Feiner <pfeiner(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/x86/kvm/mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/x86/kvm/mmu.c~kvm-mm-account-shadow-page-tables-to-kmemcg +++ a/arch/x86/kvm/mmu.c @@ -890,7 +890,7 @@ static int mmu_topup_memory_cache_page(s if (cache->nobjs >= min) return 0; while (cache->nobjs < ARRAY_SIZE(cache->objects)) { - page = (void *)__get_free_page(GFP_KERNEL); + page = (void *)__get_free_page(GFP_KERNEL_ACCOUNT); if (!page) return -ENOMEM; cache->objects[cache->nobjs++] = page; _ Patches currently in -mm which might be from shakeelb(a)google.com are fs-fsnotify-account-fsnotify-metadata-to-kmemcg.patch fs-fsnotify-account-fsnotify-metadata-to-kmemcg-fix.patch fs-mm-account-buffer_head-to-kmemcg.patch fs-mm-account-buffer_head-to-kmemcgpatchfix.patch memcg-reduce-memcg-tree-traversals-for-stats-collection.patch

7 years, 5 months

1
0
0 0

[merged] mm-fix-vma_is_anonymous-false-positives.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: fix vma_is_anonymous() false-positives has been removed from the -mm tree. Its filename was mm-fix-vma_is_anonymous-false-positives.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm: fix vma_is_anonymous() false-positives vma_is_anonymous() relies on ->vm_ops being NULL to detect anonymous VMA. This is unreliable as ->mmap may not set ->vm_ops. False-positive vma_is_anonymous() may lead to crashes: next ffff8801ce5e7040 prev ffff8801d20eca50 mm ffff88019c1e13c0 prot 27 anon_vma ffff88019680cdd8 vm_ops 0000000000000000 pgoff 0 file ffff8801b2ec2d00 private_data 0000000000000000 flags: 0xff(read|write|exec|shared|mayread|maywrite|mayexec|mayshare) ------------[ cut here ]------------ kernel BUG at mm/memory.c:1422! invalid opcode: 0000 [#1] SMP KASAN CPU: 0 PID: 18486 Comm: syz-executor3 Not tainted 4.18.0-rc3+ #136 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:zap_pmd_range mm/memory.c:1421 [inline] RIP: 0010:zap_pud_range mm/memory.c:1466 [inline] RIP: 0010:zap_p4d_range mm/memory.c:1487 [inline] RIP: 0010:unmap_page_range+0x1c18/0x2220 mm/memory.c:1508 Code: ff 31 ff 4c 89 e6 42 c6 04 33 f8 e8 92 dd d0 ff 4d 85 e4 0f 85 4a eb ff ff e8 54 dc d0 ff 48 8b bd 10 fc ff ff e8 82 95 fe ff <0f> 0b e8 41 dc d0 ff 0f 0b 4c 89 ad 18 fc ff ff c7 85 7c fb ff ff RSP: 0018:ffff8801b0587330 EFLAGS: 00010286 RAX: 000000000000013c RBX: 1ffff100360b0e9c RCX: ffffc90002620000 RDX: 0000000000000000 RSI: ffffffff81631851 RDI: 0000000000000001 RBP: ffff8801b05877c8 R08: ffff880199d40300 R09: ffffed003b5c4fc0 R10: ffffed003b5c4fc0 R11: ffff8801dae27e07 R12: 0000000000000000 R13: ffff88019c1e13c0 R14: dffffc0000000000 R15: 0000000020e01000 FS: 00007fca32251700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f04c540d000 CR3: 00000001ac1f0000 CR4: 00000000001426f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: unmap_single_vma+0x1a0/0x310 mm/memory.c:1553 zap_page_range_single+0x3cc/0x580 mm/memory.c:1644 unmap_mapping_range_vma mm/memory.c:2792 [inline] unmap_mapping_range_tree mm/memory.c:2813 [inline] unmap_mapping_pages+0x3a7/0x5b0 mm/memory.c:2845 unmap_mapping_range+0x48/0x60 mm/memory.c:2880 truncate_pagecache+0x54/0x90 mm/truncate.c:800 truncate_setsize+0x70/0xb0 mm/truncate.c:826 simple_setattr+0xe9/0x110 fs/libfs.c:409 notify_change+0xf13/0x10f0 fs/attr.c:335 do_truncate+0x1ac/0x2b0 fs/open.c:63 do_sys_ftruncate+0x492/0x560 fs/open.c:205 __do_sys_ftruncate fs/open.c:215 [inline] __se_sys_ftruncate fs/open.c:213 [inline] __x64_sys_ftruncate+0x59/0x80 fs/open.c:213 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Reproducer: #include <stdio.h> #include <stddef.h> #include <stdint.h> #include <stdlib.h> #include <string.h> #include <sys/types.h> #include <sys/stat.h> #include <sys/ioctl.h> #include <sys/mman.h> #include <unistd.h> #include <fcntl.h> #define KCOV_INIT_TRACE _IOR('c', 1, unsigned long) #define KCOV_ENABLE _IO('c', 100) #define KCOV_DISABLE _IO('c', 101) #define COVER_SIZE (1024<<10) #define KCOV_TRACE_PC 0 #define KCOV_TRACE_CMP 1 int main(int argc, char **argv) { int fd; unsigned long *cover; system("mount -t debugfs none /sys/kernel/debug"); fd = open("/sys/kernel/debug/kcov", O_RDWR); ioctl(fd, KCOV_INIT_TRACE, COVER_SIZE); cover = mmap(NULL, COVER_SIZE * sizeof(unsigned long), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); munmap(cover, COVER_SIZE * sizeof(unsigned long)); cover = mmap(NULL, COVER_SIZE * sizeof(unsigned long), PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); memset(cover, 0, COVER_SIZE * sizeof(unsigned long)); ftruncate(fd, 3UL << 20); return 0; } This can be fixed by assigning anonymous VMAs own vm_ops and not relying on it being NULL. If ->mmap() failed to set ->vm_ops, mmap_region() will set it to dummy_vm_ops. This way we will have non-NULL ->vm_ops for all VMAs. Link: http://lkml.kernel.org/r/20180724121139.62570-4-kirill.shutemov@linux.intel… Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: syzbot+3f84280d52be9b7083cc(a)syzkaller.appspotmail.com Acked-by: Linus Torvalds <torvalds(a)linux-foundation.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/char/mem.c | 1 + fs/exec.c | 1 + include/linux/mm.h | 8 ++++++++ mm/mmap.c | 3 +++ mm/nommu.c | 2 ++ 5 files changed, 15 insertions(+) --- a/drivers/char/mem.c~mm-fix-vma_is_anonymous-false-positives +++ a/drivers/char/mem.c @@ -708,6 +708,7 @@ static int mmap_zero(struct file *file, #endif if (vma->vm_flags & VM_SHARED) return shmem_zero_setup(vma); + vma_set_anonymous(vma); return 0; } --- a/fs/exec.c~mm-fix-vma_is_anonymous-false-positives +++ a/fs/exec.c @@ -293,6 +293,7 @@ static int __bprm_mm_init(struct linux_b bprm->vma = vma = vm_area_alloc(mm); if (!vma) return -ENOMEM; + vma_set_anonymous(vma); if (down_write_killable(&mm->mmap_sem)) { err = -EINTR; --- a/include/linux/mm.h~mm-fix-vma_is_anonymous-false-positives +++ a/include/linux/mm.h @@ -454,10 +454,18 @@ struct vm_operations_struct { static inline void vma_init(struct vm_area_struct *vma, struct mm_struct *mm) { + static const struct vm_operations_struct dummy_vm_ops = {}; + vma->vm_mm = mm; + vma->vm_ops = &dummy_vm_ops; INIT_LIST_HEAD(&vma->anon_vma_chain); } +static inline void vma_set_anonymous(struct vm_area_struct *vma) +{ + vma->vm_ops = NULL; +} + struct mmu_gather; struct inode; --- a/mm/mmap.c~mm-fix-vma_is_anonymous-false-positives +++ a/mm/mmap.c @@ -1778,6 +1778,8 @@ unsigned long mmap_region(struct file *f error = shmem_zero_setup(vma); if (error) goto free_vma; + } else { + vma_set_anonymous(vma); } vma_link(mm, vma, prev, rb_link, rb_parent); @@ -2983,6 +2985,7 @@ static int do_brk_flags(unsigned long ad return -ENOMEM; } + vma_set_anonymous(vma); vma->vm_start = addr; vma->vm_end = addr + len; vma->vm_pgoff = pgoff; --- a/mm/nommu.c~mm-fix-vma_is_anonymous-false-positives +++ a/mm/nommu.c @@ -1145,6 +1145,8 @@ static int do_mmap_private(struct vm_are if (ret < len) memset(base + ret, 0, len - ret); + } else { + vma_set_anonymous(vma); } return 0; _ Patches currently in -mm which might be from kirill.shutemov(a)linux.intel.com are mm-page_ext-drop-definition-of-unused-page_ext_debug_poison.patch mm-page_ext-constify-lookup_page_ext-argument.patch

7 years, 5 months

1
0
0 0

[merged] mm-use-vma_init-to-initialize-vmas-on-stack-and-data-segments.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: use vma_init() to initialize VMAs on stack and data segments has been removed from the -mm tree. Its filename was mm-use-vma_init-to-initialize-vmas-on-stack-and-data-segments.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm: use vma_init() to initialize VMAs on stack and data segments Make sure to initialize all VMAs properly, not only those which come from vm_area_cachep. Link: http://lkml.kernel.org/r/20180724121139.62570-3-kirill.shutemov@linux.intel… Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Acked-by: Linus Torvalds <torvalds(a)linux-foundation.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/arm/kernel/process.c | 1 + arch/arm/mach-rpc/ecard.c | 2 +- arch/arm64/include/asm/tlb.h | 4 +++- arch/arm64/mm/hugetlbpage.c | 7 +++++-- arch/ia64/include/asm/tlb.h | 2 +- arch/ia64/mm/init.c | 2 +- arch/x86/um/mem_32.c | 2 +- fs/hugetlbfs/inode.c | 2 ++ mm/mempolicy.c | 1 + mm/shmem.c | 1 + 10 files changed, 17 insertions(+), 7 deletions(-) --- a/arch/arm64/include/asm/tlb.h~mm-use-vma_init-to-initialize-vmas-on-stack-and-data-segments +++ a/arch/arm64/include/asm/tlb.h @@ -37,7 +37,9 @@ static inline void __tlb_remove_table(vo static inline void tlb_flush(struct mmu_gather *tlb) { - struct vm_area_struct vma = { .vm_mm = tlb->mm, }; + struct vm_area_struct vma; + + vma_init(&vma, tlb->mm); /* * The ASID allocator will either invalidate the ASID or mark --- a/arch/arm64/mm/hugetlbpage.c~mm-use-vma_init-to-initialize-vmas-on-stack-and-data-segments +++ a/arch/arm64/mm/hugetlbpage.c @@ -108,11 +108,13 @@ static pte_t get_clear_flush(struct mm_s unsigned long pgsize, unsigned long ncontig) { - struct vm_area_struct vma = { .vm_mm = mm }; + struct vm_area_struct vma; pte_t orig_pte = huge_ptep_get(ptep); bool valid = pte_valid(orig_pte); unsigned long i, saddr = addr; + vma_init(&vma, mm); + for (i = 0; i < ncontig; i++, addr += pgsize, ptep++) { pte_t pte = ptep_get_and_clear(mm, addr, ptep); @@ -145,9 +147,10 @@ static void clear_flush(struct mm_struct unsigned long pgsize, unsigned long ncontig) { - struct vm_area_struct vma = { .vm_mm = mm }; + struct vm_area_struct vma; unsigned long i, saddr = addr; + vma_init(&vma, mm); for (i = 0; i < ncontig; i++, addr += pgsize, ptep++) pte_clear(mm, addr, ptep); --- a/arch/arm/kernel/process.c~mm-use-vma_init-to-initialize-vmas-on-stack-and-data-segments +++ a/arch/arm/kernel/process.c @@ -338,6 +338,7 @@ static struct vm_area_struct gate_vma = static int __init gate_vma_init(void) { + vma_init(&gate_vma, NULL); gate_vma.vm_page_prot = PAGE_READONLY_EXEC; return 0; } --- a/arch/arm/mach-rpc/ecard.c~mm-use-vma_init-to-initialize-vmas-on-stack-and-data-segments +++ a/arch/arm/mach-rpc/ecard.c @@ -237,8 +237,8 @@ static void ecard_init_pgtables(struct m memcpy(dst_pgd, src_pgd, sizeof(pgd_t) * (EASI_SIZE / PGDIR_SIZE)); + vma_init(&vma, mm); vma.vm_flags = VM_EXEC; - vma.vm_mm = mm; flush_tlb_range(&vma, IO_START, IO_START + IO_SIZE); flush_tlb_range(&vma, EASI_START, EASI_START + EASI_SIZE); --- a/arch/ia64/include/asm/tlb.h~mm-use-vma_init-to-initialize-vmas-on-stack-and-data-segments +++ a/arch/ia64/include/asm/tlb.h @@ -120,7 +120,7 @@ ia64_tlb_flush_mmu_tlbonly(struct mmu_ga */ struct vm_area_struct vma; - vma.vm_mm = tlb->mm; + vma_init(&vma, tlb->mm); /* flush the address range from the tlb: */ flush_tlb_range(&vma, start, end); /* now flush the virt. page-table area mapping the address range: */ --- a/arch/ia64/mm/init.c~mm-use-vma_init-to-initialize-vmas-on-stack-and-data-segments +++ a/arch/ia64/mm/init.c @@ -273,7 +273,7 @@ static struct vm_area_struct gate_vma; static int __init gate_vma_init(void) { - gate_vma.vm_mm = NULL; + vma_init(&gate_vma, NULL); gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; --- a/arch/x86/um/mem_32.c~mm-use-vma_init-to-initialize-vmas-on-stack-and-data-segments +++ a/arch/x86/um/mem_32.c @@ -16,7 +16,7 @@ static int __init gate_vma_init(void) if (!FIXADDR_USER_START) return 0; - gate_vma.vm_mm = NULL; + vma_init(&gate_vma, NULL); gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; --- a/fs/hugetlbfs/inode.c~mm-use-vma_init-to-initialize-vmas-on-stack-and-data-segments +++ a/fs/hugetlbfs/inode.c @@ -411,6 +411,7 @@ static void remove_inode_hugepages(struc bool truncate_op = (lend == LLONG_MAX); memset(&pseudo_vma, 0, sizeof(struct vm_area_struct)); + vma_init(&pseudo_vma, current->mm); pseudo_vma.vm_flags = (VM_HUGETLB | VM_MAYSHARE | VM_SHARED); pagevec_init(&pvec); next = start; @@ -595,6 +596,7 @@ static long hugetlbfs_fallocate(struct f * as input to create an allocation policy. */ memset(&pseudo_vma, 0, sizeof(struct vm_area_struct)); + vma_init(&pseudo_vma, mm); pseudo_vma.vm_flags = (VM_HUGETLB | VM_MAYSHARE | VM_SHARED); pseudo_vma.vm_file = file; --- a/mm/mempolicy.c~mm-use-vma_init-to-initialize-vmas-on-stack-and-data-segments +++ a/mm/mempolicy.c @@ -2505,6 +2505,7 @@ void mpol_shared_policy_init(struct shar /* Create pseudo-vma that contains just the policy */ memset(&pvma, 0, sizeof(struct vm_area_struct)); + vma_init(&pvma, NULL); pvma.vm_end = TASK_SIZE; /* policy covers entire file */ mpol_set_shared_policy(sp, &pvma, new); /* adds ref */ --- a/mm/shmem.c~mm-use-vma_init-to-initialize-vmas-on-stack-and-data-segments +++ a/mm/shmem.c @@ -1421,6 +1421,7 @@ static void shmem_pseudo_vma_init(struct { /* Create a pseudo vma that just contains the policy */ memset(vma, 0, sizeof(*vma)); + vma_init(vma, NULL); /* Bias interleave by inode number to distribute better across nodes */ vma->vm_pgoff = index + info->vfs_inode.i_ino; vma->vm_policy = mpol_shared_policy_lookup(&info->policy, index); _ Patches currently in -mm which might be from kirill.shutemov(a)linux.intel.com are mm-page_ext-drop-definition-of-unused-page_ext_debug_poison.patch mm-page_ext-constify-lookup_page_ext-argument.patch

7 years, 5 months

1
0
0 0

[merged] mm-introduce-vma_init.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: introduce vma_init() has been removed from the -mm tree. Its filename was mm-introduce-vma_init.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm: introduce vma_init() Not all VMAs allocated with vm_area_alloc(). Some of them allocated on stack or in data segment. The new helper can be use to initialize VMA properly regardless where it was allocated. Link: http://lkml.kernel.org/r/20180724121139.62570-2-kirill.shutemov@linux.intel… Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Acked-by: Linus Torvalds <torvalds(a)linux-foundation.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/mm.h | 6 ++++++ kernel/fork.c | 6 ++---- 2 files changed, 8 insertions(+), 4 deletions(-) --- a/include/linux/mm.h~mm-introduce-vma_init +++ a/include/linux/mm.h @@ -452,6 +452,12 @@ struct vm_operations_struct { unsigned long addr); }; +static inline void vma_init(struct vm_area_struct *vma, struct mm_struct *mm) +{ + vma->vm_mm = mm; + INIT_LIST_HEAD(&vma->anon_vma_chain); +} + struct mmu_gather; struct inode; --- a/kernel/fork.c~mm-introduce-vma_init +++ a/kernel/fork.c @@ -312,10 +312,8 @@ struct vm_area_struct *vm_area_alloc(str { struct vm_area_struct *vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); - if (vma) { - vma->vm_mm = mm; - INIT_LIST_HEAD(&vma->anon_vma_chain); - } + if (vma) + vma_init(vma, mm); return vma; } _ Patches currently in -mm which might be from kirill.shutemov(a)linux.intel.com are mm-page_ext-drop-definition-of-unused-page_ext_debug_poison.patch mm-page_ext-constify-lookup_page_ext-argument.patch

7 years, 5 months

1
0
0 0

[merged] mm-disallow-mapping-that-conflict-for-devm_memremap_pages.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: disallow mappings that conflict for devm_memremap_pages() has been removed from the -mm tree. Its filename was mm-disallow-mapping-that-conflict-for-devm_memremap_pages.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Dave Jiang <dave.jiang(a)intel.com> Subject: mm: disallow mappings that conflict for devm_memremap_pages() When pmem namespaces created are smaller than section size, this can cause an issue during removal and gpf was observed: [ 249.613597] general protection fault: 0000 1 SMP PTI [ 249.725203] CPU: 36 PID: 3941 Comm: ndctl Tainted: G W 4.14.28-1.el7uek.x86_64 #2 [ 249.745495] task: ffff88acda150000 task.stack: ffffc900233a4000 [ 249.752107] RIP: 0010:__put_page+0x56/0x79 [ 249.844675] Call Trace: [ 249.847410] devm_memremap_pages_release+0x155/0x23a [ 249.852953] release_nodes+0x21e/0x260 [ 249.857138] devres_release_all+0x3c/0x48 [ 249.861606] device_release_driver_internal+0x15c/0x207 [ 249.867439] device_release_driver+0x12/0x14 [ 249.872204] unbind_store+0xba/0xd8 [ 249.876098] drv_attr_store+0x27/0x31 [ 249.880186] sysfs_kf_write+0x3f/0x46 [ 249.884266] kernfs_fop_write+0x10f/0x18b [ 249.888734] __vfs_write+0x3a/0x16d [ 249.892628] ? selinux_file_permission+0xe5/0x116 [ 249.897881] ? security_file_permission+0x41/0xbb [ 249.903133] vfs_write+0xb2/0x1a1 [ 249.906835] ? syscall_trace_enter+0x1ce/0x2b8 [ 249.911795] SyS_write+0x55/0xb9 [ 249.915397] do_syscall_64+0x79/0x1ae [ 249.919485] entry_SYSCALL_64_after_hwframe+0x3d/0x0 Add code to check whether we have a mapping already in the same section and prevent additional mappings from being created if that is the case. Link: http://lkml.kernel.org/r/152909478401.50143.312364396244072931.stgit@djiang… Signed-off-by: Dave Jiang <dave.jiang(a)intel.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Robert Elliott <elliott(a)hpe.com> Cc: Jeff Moyer <jmoyer(a)redhat.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/memremap.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) --- a/kernel/memremap.c~mm-disallow-mapping-that-conflict-for-devm_memremap_pages +++ a/kernel/memremap.c @@ -176,10 +176,27 @@ void *devm_memremap_pages(struct device unsigned long pfn, pgoff, order; pgprot_t pgprot = PAGE_KERNEL; int error, nid, is_ram; + struct dev_pagemap *conflict_pgmap; align_start = res->start & ~(SECTION_SIZE - 1); align_size = ALIGN(res->start + resource_size(res), SECTION_SIZE) - align_start; + align_end = align_start + align_size - 1; + + conflict_pgmap = get_dev_pagemap(PHYS_PFN(align_start), NULL); + if (conflict_pgmap) { + dev_WARN(dev, "Conflicting mapping in same section\n"); + put_dev_pagemap(conflict_pgmap); + return ERR_PTR(-ENOMEM); + } + + conflict_pgmap = get_dev_pagemap(PHYS_PFN(align_end), NULL); + if (conflict_pgmap) { + dev_WARN(dev, "Conflicting mapping in same section\n"); + put_dev_pagemap(conflict_pgmap); + return ERR_PTR(-ENOMEM); + } + is_ram = region_intersects(align_start, align_size, IORESOURCE_SYSTEM_RAM, IORES_DESC_NONE); @@ -199,7 +216,6 @@ void *devm_memremap_pages(struct device mutex_lock(&pgmap_lock); error = 0; - align_end = align_start + align_size - 1; foreach_order_pgoff(res, order, pgoff) { error = __radix_tree_insert(&pgmap_radix, _ Patches currently in -mm which might be from dave.jiang(a)intel.com are dax-remove-vm_mixedmap-for-fsdax-and-device-dax.patch

7 years, 5 months

1
0
0 0

[merged] delayacct-fix-crash-in-delayacct_blkio_end-after-delayacct-init-failure.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: delayacct: fix crash in delayacct_blkio_end() after delayacct init failure has been removed from the -mm tree. Its filename was delayacct-fix-crash-in-delayacct_blkio_end-after-delayacct-init-failure.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Tejun Heo <tj(a)kernel.org> Subject: delayacct: fix crash in delayacct_blkio_end() after delayacct init failure While forking, if delayacct init fails due to memory shortage, it continues expecting all delayacct users to check task->delays pointer against NULL before dereferencing it, which all of them used to do. c96f5471ce7d ("delayacct: Account blkio completion on the correct task"), while updating delayacct_blkio_end() to take the target task instead of always using %current, made the function test NULL on %current->delays and then continue to operated on @p->delays. If %current succeeded init while @p didn't, it leads to the following crash. BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 IP: __delayacct_blkio_end+0xc/0x40 PGD 8000001fd07e1067 P4D 8000001fd07e1067 PUD 1fcffbb067 PMD 0 Oops: 0000 [#1] SMP PTI CPU: 4 PID: 25774 Comm: QIOThread0 Not tainted 4.16.0-9_fbk1_rc2_1180_g6b593215b4d7 #9 Hardware name: Quanta Leopard ORv2-DDR4/Leopard ORv2-DDR4, BIOS F06_3B12 08/17/2017 RIP: 0010:__delayacct_blkio_end+0xc/0x40 RSP: 0000:ffff881fff703bf8 EFLAGS: 00010086 RAX: ffff881f1ec8b800 RBX: ffff8804f735cd54 RCX: ffff881fff703cb0 RDX: 0000000000000002 RSI: 0000000000000003 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff881fff703cc0 R10: 0000000000001000 R11: ffff881fd3f73d00 R12: ffff8804f735c600 R13: 0000000000000000 R14: 000000000000001d R15: ffff881fff703cb0 FS: 00007f5003f7d700(0000) GS:ffff881fff700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000004 CR3: 0000001f401a6006 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> try_to_wake_up+0x2c0/0x600 autoremove_wake_function+0xe/0x30 __wake_up_common+0x74/0x120 wake_up_page_bit+0x9c/0xe0 mpage_end_io+0x27/0x70 blk_update_request+0x78/0x2c0 scsi_end_request+0x2c/0x1e0 scsi_io_completion+0x20b/0x5f0 blk_mq_complete_request+0xa2/0x100 ata_scsi_qc_complete+0x79/0x400 ata_qc_complete_multiple+0x86/0xd0 ahci_handle_port_interrupt+0xc9/0x5c0 ahci_handle_port_intr+0x54/0xb0 ahci_single_level_irq_intr+0x3b/0x60 __handle_irq_event_percpu+0x43/0x190 handle_irq_event_percpu+0x20/0x50 handle_irq_event+0x2a/0x50 handle_edge_irq+0x80/0x1c0 handle_irq+0xaf/0x120 do_IRQ+0x41/0xc0 common_interrupt+0xf/0xf </IRQ> Fix it by updating delayacct_blkio_end() check @p->delays instead. Link: http://lkml.kernel.org/r/20180724175542.GP1934745@devbig577.frc2.facebook.c… Fixes: c96f5471ce7d ("delayacct: Account blkio completion on the correct task") Signed-off-by: Tejun Heo <tj(a)kernel.org> Reported-by: Dave Jones <dsj(a)fb.com> Debugged-by: Dave Jones <dsj(a)fb.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Josh Snyder <joshs(a)netflix.com> Cc: <stable(a)vger.kernel.org> [4.15+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/delayacct.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/linux/delayacct.h~delayacct-fix-crash-in-delayacct_blkio_end-after-delayacct-init-failure +++ a/include/linux/delayacct.h @@ -124,7 +124,7 @@ static inline void delayacct_blkio_start static inline void delayacct_blkio_end(struct task_struct *p) { - if (current->delays) + if (p->delays) __delayacct_blkio_end(p); delayacct_clear_flag(DELAYACCT_PF_BLKIO); } _ Patches currently in -mm which might be from tj(a)kernel.org are

7 years, 5 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror