- Linux-stable-mirror - lists.linaro.org

[PATCH 4.4.y] tcp: Fix missing range_truesize enlargement in the backport

by Takashi Iwai

The 4.4.y stable backport dc6ae4dffd65 for the upstream commit 3d4bf93ac120 ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()") missed a line that enlarges the range_truesize value, which broke the whole check. Fixes: dc6ae4dffd65 ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()") Signed-off-by: Takashi Iwai <tiwai(a)suse.de> --- Greg, this is a fix-up specific to 4.4.y stable backport that had a slightly different form from upstream fix. I haven't looked at the older trees, but 4.9.y and later took the upstream fix as is, so this patch isn't needed for them. The patch hasn't been tested with the real test case, though; let me know if the current code is intended. Thanks! net/ipv4/tcp_input.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 4a261e078082..9c4c6cd0316e 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -4835,6 +4835,7 @@ static void tcp_collapse_ofo_queue(struct sock *sk) end = TCP_SKB_CB(skb)->end_seq; range_truesize = skb->truesize; } else { + range_truesize += skb->truesize; if (before(TCP_SKB_CB(skb)->seq, start)) start = TCP_SKB_CB(skb)->seq; if (after(TCP_SKB_CB(skb)->end_seq, end)) -- 2.18.0

7 years, 4 months

3
4
0 0

[PATCH 2/2] Fix kexec forbidding kernels signed with keys in the secondary keyring to boot

by David Howells

From: Yannik Sembritzki <yannik(a)sembritzki.me> The split of .system_keyring into .builtin_trusted_keys and .secondary_trusted_keys broke kexec, thereby preventing kernels signed by keys which are now in the secondary keyring from being kexec'd. Fix this by passing VERIFY_USE_SECONDARY_KEYRING to verify_pefile_signature(). Fixes: d3bfe84129f6 ("certs: Add a secondary system keyring that can be added to dynamically") Signed-off-by: Yannik Sembritzki <yannik(a)sembritzki.me> Signed-off-by: David Howells <dhowells(a)redhat.com> cc: kexec(a)lists.infradead.org cc: keyrings(a)vger.kernel.org cc: linux-security-module(a)vger.kernel.org cc: stable(a)vger.kernel.org --- arch/x86/kernel/kexec-bzimage64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c index 7326078eaa7a..278cd07228dd 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c @@ -532,7 +532,7 @@ static int bzImage64_cleanup(void *loader_data) static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len) { return verify_pefile_signature(kernel, kernel_len, - NULL, + VERIFY_USE_SECONDARY_KEYRING, VERIFYING_KEXEC_PE_SIGNATURE); } #endif

7 years, 4 months

1
0
0 0

[PATCH] avoid race condition between start_xmit and cm_rep_handler

by Aaron Knister

Inside of start_xmit() the call to check if the connection is up and the queueing of the packets for later transmission is not atomic which leaves a window where cm_rep_handler can run, set the connection up, dequeue pending packets and leave the subsequently queued packets by start_xmit() sitting on neigh->queue until they're dropped when the connection is torn down. This only applies to connected mode. These dropped packets can really upset TCP, for example, and cause multi-minute delays in transmission for open connections. I've got a reproducer available if it's needed. Here's the code in start_xmit where we check to see if the connection is up: if (ipoib_cm_get(neigh)) { if (ipoib_cm_up(neigh)) { ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); goto unref; } } The race occurs if cm_rep_handler execution occurs after the above connection check (specifically if it gets to the point where it acquires priv->lock to dequeue pending skb's) but before the below code snippet in start_xmit where packets are queued. if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { push_pseudo_header(skb, phdr->hwaddr); spin_lock_irqsave(&priv->lock, flags); __skb_queue_tail(&neigh->queue, skb); spin_unlock_irqrestore(&priv->lock, flags); } else { ++dev->stats.tx_dropped; dev_kfree_skb_any(skb); } The patch re-checks ipoib_cm_up with priv->lock held to avoid this race condition. Since odds are the conn should be up most of the time (and thus the connection *not* down most of the time) we don't hold the lock for the first check attempt to avoid a slowdown from unecessary locking for the majority of the packets transmitted during the connection's life. Cc: stable(a)vger.kernel.org Tested-by: Ira Weiny <ira.weiny(a)intel.com> Signed-off-by: Aaron Knister <aaron.s.knister(a)nasa.gov> --- drivers/infiniband/ulp/ipoib/ipoib_main.c | 53 +++++++++++++++++++++++++------ 1 file changed, 44 insertions(+), 9 deletions(-) diff --git a/drivers/infiniband/ulp/ipoib/ipoib_main.c b/drivers/infiniband/ulp/ipoib/ipoib_main.c index 26cde95b..529dbeab 100644 --- a/drivers/infiniband/ulp/ipoib/ipoib_main.c +++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c @@ -1093,6 +1093,34 @@ static void unicast_arp_send(struct sk_buff *skb, struct net_device *dev, spin_unlock_irqrestore(&priv->lock, flags); } +static void defer_neigh_skb(struct sk_buff *skb, struct net_device *dev, + struct ipoib_neigh *neigh, + struct ipoib_pseudo_header *phdr, + unsigned long *flags) +{ + struct ipoib_dev_priv *priv = ipoib_priv(dev); + unsigned long local_flags; + int acquire_priv_lock = 0; + + /* Passing in pointer to spin_lock flags indicates spin lock + * already acquired so we don't need to acquire the priv lock */ + if (flags == NULL) { + flags = &local_flags; + acquire_priv_lock = 1; + } + + if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { + push_pseudo_header(skb, phdr->hwaddr); + if (acquire_priv_lock) + spin_lock_irqsave(&priv->lock, *flags); + __skb_queue_tail(&neigh->queue, skb); + spin_unlock_irqrestore(&priv->lock, *flags); + } else { + ++dev->stats.tx_dropped; + dev_kfree_skb_any(skb); + } +} + static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) { struct ipoib_dev_priv *priv = ipoib_priv(dev); @@ -1160,6 +1188,21 @@ static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); goto unref; } + /* + * Re-check ipoib_cm_up with priv->lock held to avoid + * race condition between start_xmit and skb_dequeue in + * cm_rep_handler. Since odds are the conn should be up + * most of the time, we don't hold the lock for the + * first check above + */ + spin_lock_irqsave(&priv->lock, flags); + if (ipoib_cm_up(neigh)) { + spin_unlock_irqrestore(&priv->lock, flags); + ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); + } else { + defer_neigh_skb(skb, dev, neigh, phdr, &flags); + } + goto unref; } else if (neigh->ah && neigh->ah->valid) { neigh->ah->last_send = rn->send(dev, skb, neigh->ah->ah, IPOIB_QPN(phdr->hwaddr)); @@ -1168,15 +1211,7 @@ static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) neigh_refresh_path(neigh, phdr->hwaddr, dev); } - if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { - push_pseudo_header(skb, phdr->hwaddr); - spin_lock_irqsave(&priv->lock, flags); - __skb_queue_tail(&neigh->queue, skb); - spin_unlock_irqrestore(&priv->lock, flags); - } else { - ++dev->stats.tx_dropped; - dev_kfree_skb_any(skb); - } + defer_neigh_skb(skb, dev, neigh, phdr, NULL); unref: ipoib_neigh_put(neigh); -- 2.12.3

7 years, 4 months

2
3
0 0

L1TF: Disabling EPT / performance-impact

by Rainer Fiebig

Hi! According to 1), disabling EPT offers the same maximum protection against L1TF as disabling SMT but has a severe performance impact. FWIW: With EPT disabled (2)), I can *not* confirm any performance-degradation for the VirtualBox Windows- or Linux-VMs that I use. Those VMs are for desktop-use, though. So to me it seems that the performance impact depends on the use case and in a desktop-setting disabling EPT may offer a simple max-protection-option with the advantage of still enabled hyperthreading. I have tried this with 4.18.1 and 4.14.63. Rainer Fiebig *** 1) https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html#mitigation-sel… 2) kvm-intel.ept=0 > tail /sys/devices/system/cpu/vulnerabilities/* ==> /sys/devices/system/cpu/vulnerabilities/l1tf <== Mitigation: PTE Inversion; VMX: EPT disabled ==> /sys/devices/system/cpu/vulnerabilities/meltdown <== Mitigation: PTI ==> /sys/devices/system/cpu/vulnerabilities/spec_store_bypass <== Mitigation: Speculative Store Bypass disabled via prctl and seccomp ==> /sys/devices/system/cpu/vulnerabilities/spectre_v1 <== Mitigation: __user pointer sanitization ==> /sys/devices/system/cpu/vulnerabilities/spectre_v2 <== Mitigation: Full generic retpoline, IBPB, IBRS_FW

7 years, 4 months

2
2
0 0

FAILED: patch "[PATCH] x86/mm: Add TLB purge to free pmd/pte page interfaces" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5e0fb5df2ee871b841f96f9cb6a7f2784e96aa4e Mon Sep 17 00:00:00 2001 From: Toshi Kani <toshi.kani(a)hpe.com> Date: Wed, 27 Jun 2018 08:13:48 -0600 Subject: [PATCH] x86/mm: Add TLB purge to free pmd/pte page interfaces ioremap() calls pud_free_pmd_page() / pmd_free_pte_page() when it creates a pud / pmd map. The following preconditions are met at their entry. - All pte entries for a target pud/pmd address range have been cleared. - System-wide TLB purges have been peformed for a target pud/pmd address range. The preconditions assure that there is no stale TLB entry for the range. Speculation may not cache TLB entries since it requires all levels of page entries, including ptes, to have P & A-bits set for an associated address. However, speculation may cache pud/pmd entries (paging-structure caches) when they have P-bit set. Add a system-wide TLB purge (INVLPG) to a single page after clearing pud/pmd entry's P-bit. SDM 4.10.4.1, Operation that Invalidate TLBs and Paging-Structure Caches, states that: INVLPG invalidates all paging-structure caches associated with the current PCID regardless of the liner addresses to which they correspond. Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: mhocko(a)suse.com Cc: akpm(a)linux-foundation.org Cc: hpa(a)zytor.com Cc: cpandya(a)codeaurora.org Cc: linux-mm(a)kvack.org Cc: linux-arm-kernel(a)lists.infradead.org Cc: Joerg Roedel <joro(a)8bytes.org> Cc: stable(a)vger.kernel.org Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Link: https://lkml.kernel.org/r/20180627141348.21777-4-toshi.kani@hpe.com diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index fbd14e506758..e3deefb891da 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -725,24 +725,44 @@ int pmd_clear_huge(pmd_t *pmd) * @pud: Pointer to a PUD. * @addr: Virtual address associated with pud. * - * Context: The pud range has been unmaped and TLB purged. + * Context: The pud range has been unmapped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. + * + * NOTE: Callers must allow a single page allocation. */ int pud_free_pmd_page(pud_t *pud, unsigned long addr) { - pmd_t *pmd; + pmd_t *pmd, *pmd_sv; + pte_t *pte; int i; if (pud_none(*pud)) return 1; pmd = (pmd_t *)pud_page_vaddr(*pud); + pmd_sv = (pmd_t *)__get_free_page(GFP_KERNEL); + if (!pmd_sv) + return 0; - for (i = 0; i < PTRS_PER_PMD; i++) - if (!pmd_free_pte_page(&pmd[i], addr + (i * PMD_SIZE))) - return 0; + for (i = 0; i < PTRS_PER_PMD; i++) { + pmd_sv[i] = pmd[i]; + if (!pmd_none(pmd[i])) + pmd_clear(&pmd[i]); + } pud_clear(pud); + + /* INVLPG to clear all paging-structure caches */ + flush_tlb_kernel_range(addr, addr + PAGE_SIZE-1); + + for (i = 0; i < PTRS_PER_PMD; i++) { + if (!pmd_none(pmd_sv[i])) { + pte = (pte_t *)pmd_page_vaddr(pmd_sv[i]); + free_page((unsigned long)pte); + } + } + + free_page((unsigned long)pmd_sv); free_page((unsigned long)pmd); return 1; @@ -753,7 +773,7 @@ int pud_free_pmd_page(pud_t *pud, unsigned long addr) * @pmd: Pointer to a PMD. * @addr: Virtual address associated with pmd. * - * Context: The pmd range has been unmaped and TLB purged. + * Context: The pmd range has been unmapped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) @@ -765,6 +785,10 @@ int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) pte = (pte_t *)pmd_page_vaddr(*pmd); pmd_clear(pmd); + + /* INVLPG to clear all paging-structure caches */ + flush_tlb_kernel_range(addr, addr + PAGE_SIZE-1); + free_page((unsigned long)pte); return 1;

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] x86/mm: Add TLB purge to free pmd/pte page interfaces" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5e0fb5df2ee871b841f96f9cb6a7f2784e96aa4e Mon Sep 17 00:00:00 2001 From: Toshi Kani <toshi.kani(a)hpe.com> Date: Wed, 27 Jun 2018 08:13:48 -0600 Subject: [PATCH] x86/mm: Add TLB purge to free pmd/pte page interfaces ioremap() calls pud_free_pmd_page() / pmd_free_pte_page() when it creates a pud / pmd map. The following preconditions are met at their entry. - All pte entries for a target pud/pmd address range have been cleared. - System-wide TLB purges have been peformed for a target pud/pmd address range. The preconditions assure that there is no stale TLB entry for the range. Speculation may not cache TLB entries since it requires all levels of page entries, including ptes, to have P & A-bits set for an associated address. However, speculation may cache pud/pmd entries (paging-structure caches) when they have P-bit set. Add a system-wide TLB purge (INVLPG) to a single page after clearing pud/pmd entry's P-bit. SDM 4.10.4.1, Operation that Invalidate TLBs and Paging-Structure Caches, states that: INVLPG invalidates all paging-structure caches associated with the current PCID regardless of the liner addresses to which they correspond. Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: mhocko(a)suse.com Cc: akpm(a)linux-foundation.org Cc: hpa(a)zytor.com Cc: cpandya(a)codeaurora.org Cc: linux-mm(a)kvack.org Cc: linux-arm-kernel(a)lists.infradead.org Cc: Joerg Roedel <joro(a)8bytes.org> Cc: stable(a)vger.kernel.org Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Link: https://lkml.kernel.org/r/20180627141348.21777-4-toshi.kani@hpe.com diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index fbd14e506758..e3deefb891da 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -725,24 +725,44 @@ int pmd_clear_huge(pmd_t *pmd) * @pud: Pointer to a PUD. * @addr: Virtual address associated with pud. * - * Context: The pud range has been unmaped and TLB purged. + * Context: The pud range has been unmapped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. + * + * NOTE: Callers must allow a single page allocation. */ int pud_free_pmd_page(pud_t *pud, unsigned long addr) { - pmd_t *pmd; + pmd_t *pmd, *pmd_sv; + pte_t *pte; int i; if (pud_none(*pud)) return 1; pmd = (pmd_t *)pud_page_vaddr(*pud); + pmd_sv = (pmd_t *)__get_free_page(GFP_KERNEL); + if (!pmd_sv) + return 0; - for (i = 0; i < PTRS_PER_PMD; i++) - if (!pmd_free_pte_page(&pmd[i], addr + (i * PMD_SIZE))) - return 0; + for (i = 0; i < PTRS_PER_PMD; i++) { + pmd_sv[i] = pmd[i]; + if (!pmd_none(pmd[i])) + pmd_clear(&pmd[i]); + } pud_clear(pud); + + /* INVLPG to clear all paging-structure caches */ + flush_tlb_kernel_range(addr, addr + PAGE_SIZE-1); + + for (i = 0; i < PTRS_PER_PMD; i++) { + if (!pmd_none(pmd_sv[i])) { + pte = (pte_t *)pmd_page_vaddr(pmd_sv[i]); + free_page((unsigned long)pte); + } + } + + free_page((unsigned long)pmd_sv); free_page((unsigned long)pmd); return 1; @@ -753,7 +773,7 @@ int pud_free_pmd_page(pud_t *pud, unsigned long addr) * @pmd: Pointer to a PMD. * @addr: Virtual address associated with pmd. * - * Context: The pmd range has been unmaped and TLB purged. + * Context: The pmd range has been unmapped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) @@ -765,6 +785,10 @@ int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) pte = (pte_t *)pmd_page_vaddr(*pmd); pmd_clear(pmd); + + /* INVLPG to clear all paging-structure caches */ + flush_tlb_kernel_range(addr, addr + PAGE_SIZE-1); + free_page((unsigned long)pte); return 1;

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] x86/mm: Add TLB purge to free pmd/pte page interfaces" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5e0fb5df2ee871b841f96f9cb6a7f2784e96aa4e Mon Sep 17 00:00:00 2001 From: Toshi Kani <toshi.kani(a)hpe.com> Date: Wed, 27 Jun 2018 08:13:48 -0600 Subject: [PATCH] x86/mm: Add TLB purge to free pmd/pte page interfaces ioremap() calls pud_free_pmd_page() / pmd_free_pte_page() when it creates a pud / pmd map. The following preconditions are met at their entry. - All pte entries for a target pud/pmd address range have been cleared. - System-wide TLB purges have been peformed for a target pud/pmd address range. The preconditions assure that there is no stale TLB entry for the range. Speculation may not cache TLB entries since it requires all levels of page entries, including ptes, to have P & A-bits set for an associated address. However, speculation may cache pud/pmd entries (paging-structure caches) when they have P-bit set. Add a system-wide TLB purge (INVLPG) to a single page after clearing pud/pmd entry's P-bit. SDM 4.10.4.1, Operation that Invalidate TLBs and Paging-Structure Caches, states that: INVLPG invalidates all paging-structure caches associated with the current PCID regardless of the liner addresses to which they correspond. Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: mhocko(a)suse.com Cc: akpm(a)linux-foundation.org Cc: hpa(a)zytor.com Cc: cpandya(a)codeaurora.org Cc: linux-mm(a)kvack.org Cc: linux-arm-kernel(a)lists.infradead.org Cc: Joerg Roedel <joro(a)8bytes.org> Cc: stable(a)vger.kernel.org Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Link: https://lkml.kernel.org/r/20180627141348.21777-4-toshi.kani@hpe.com diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index fbd14e506758..e3deefb891da 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -725,24 +725,44 @@ int pmd_clear_huge(pmd_t *pmd) * @pud: Pointer to a PUD. * @addr: Virtual address associated with pud. * - * Context: The pud range has been unmaped and TLB purged. + * Context: The pud range has been unmapped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. + * + * NOTE: Callers must allow a single page allocation. */ int pud_free_pmd_page(pud_t *pud, unsigned long addr) { - pmd_t *pmd; + pmd_t *pmd, *pmd_sv; + pte_t *pte; int i; if (pud_none(*pud)) return 1; pmd = (pmd_t *)pud_page_vaddr(*pud); + pmd_sv = (pmd_t *)__get_free_page(GFP_KERNEL); + if (!pmd_sv) + return 0; - for (i = 0; i < PTRS_PER_PMD; i++) - if (!pmd_free_pte_page(&pmd[i], addr + (i * PMD_SIZE))) - return 0; + for (i = 0; i < PTRS_PER_PMD; i++) { + pmd_sv[i] = pmd[i]; + if (!pmd_none(pmd[i])) + pmd_clear(&pmd[i]); + } pud_clear(pud); + + /* INVLPG to clear all paging-structure caches */ + flush_tlb_kernel_range(addr, addr + PAGE_SIZE-1); + + for (i = 0; i < PTRS_PER_PMD; i++) { + if (!pmd_none(pmd_sv[i])) { + pte = (pte_t *)pmd_page_vaddr(pmd_sv[i]); + free_page((unsigned long)pte); + } + } + + free_page((unsigned long)pmd_sv); free_page((unsigned long)pmd); return 1; @@ -753,7 +773,7 @@ int pud_free_pmd_page(pud_t *pud, unsigned long addr) * @pmd: Pointer to a PMD. * @addr: Virtual address associated with pmd. * - * Context: The pmd range has been unmaped and TLB purged. + * Context: The pmd range has been unmapped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) @@ -765,6 +785,10 @@ int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) pte = (pte_t *)pmd_page_vaddr(*pmd); pmd_clear(pmd); + + /* INVLPG to clear all paging-structure caches */ + flush_tlb_kernel_range(addr, addr + PAGE_SIZE-1); + free_page((unsigned long)pte); return 1;

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] x86/mm: Add TLB purge to free pmd/pte page interfaces" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5e0fb5df2ee871b841f96f9cb6a7f2784e96aa4e Mon Sep 17 00:00:00 2001 From: Toshi Kani <toshi.kani(a)hpe.com> Date: Wed, 27 Jun 2018 08:13:48 -0600 Subject: [PATCH] x86/mm: Add TLB purge to free pmd/pte page interfaces ioremap() calls pud_free_pmd_page() / pmd_free_pte_page() when it creates a pud / pmd map. The following preconditions are met at their entry. - All pte entries for a target pud/pmd address range have been cleared. - System-wide TLB purges have been peformed for a target pud/pmd address range. The preconditions assure that there is no stale TLB entry for the range. Speculation may not cache TLB entries since it requires all levels of page entries, including ptes, to have P & A-bits set for an associated address. However, speculation may cache pud/pmd entries (paging-structure caches) when they have P-bit set. Add a system-wide TLB purge (INVLPG) to a single page after clearing pud/pmd entry's P-bit. SDM 4.10.4.1, Operation that Invalidate TLBs and Paging-Structure Caches, states that: INVLPG invalidates all paging-structure caches associated with the current PCID regardless of the liner addresses to which they correspond. Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: mhocko(a)suse.com Cc: akpm(a)linux-foundation.org Cc: hpa(a)zytor.com Cc: cpandya(a)codeaurora.org Cc: linux-mm(a)kvack.org Cc: linux-arm-kernel(a)lists.infradead.org Cc: Joerg Roedel <joro(a)8bytes.org> Cc: stable(a)vger.kernel.org Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Link: https://lkml.kernel.org/r/20180627141348.21777-4-toshi.kani@hpe.com diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index fbd14e506758..e3deefb891da 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -725,24 +725,44 @@ int pmd_clear_huge(pmd_t *pmd) * @pud: Pointer to a PUD. * @addr: Virtual address associated with pud. * - * Context: The pud range has been unmaped and TLB purged. + * Context: The pud range has been unmapped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. + * + * NOTE: Callers must allow a single page allocation. */ int pud_free_pmd_page(pud_t *pud, unsigned long addr) { - pmd_t *pmd; + pmd_t *pmd, *pmd_sv; + pte_t *pte; int i; if (pud_none(*pud)) return 1; pmd = (pmd_t *)pud_page_vaddr(*pud); + pmd_sv = (pmd_t *)__get_free_page(GFP_KERNEL); + if (!pmd_sv) + return 0; - for (i = 0; i < PTRS_PER_PMD; i++) - if (!pmd_free_pte_page(&pmd[i], addr + (i * PMD_SIZE))) - return 0; + for (i = 0; i < PTRS_PER_PMD; i++) { + pmd_sv[i] = pmd[i]; + if (!pmd_none(pmd[i])) + pmd_clear(&pmd[i]); + } pud_clear(pud); + + /* INVLPG to clear all paging-structure caches */ + flush_tlb_kernel_range(addr, addr + PAGE_SIZE-1); + + for (i = 0; i < PTRS_PER_PMD; i++) { + if (!pmd_none(pmd_sv[i])) { + pte = (pte_t *)pmd_page_vaddr(pmd_sv[i]); + free_page((unsigned long)pte); + } + } + + free_page((unsigned long)pmd_sv); free_page((unsigned long)pmd); return 1; @@ -753,7 +773,7 @@ int pud_free_pmd_page(pud_t *pud, unsigned long addr) * @pmd: Pointer to a PMD. * @addr: Virtual address associated with pmd. * - * Context: The pmd range has been unmaped and TLB purged. + * Context: The pmd range has been unmapped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) @@ -765,6 +785,10 @@ int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) pte = (pte_t *)pmd_page_vaddr(*pmd); pmd_clear(pmd); + + /* INVLPG to clear all paging-structure caches */ + flush_tlb_kernel_range(addr, addr + PAGE_SIZE-1); + free_page((unsigned long)pte); return 1;

7 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] x86/mm/init: Remove freed kernel image areas from alias" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c40a56a7818cfe735fc93a69e1875f8bba834483 Mon Sep 17 00:00:00 2001 From: Dave Hansen <dave.hansen(a)linux.intel.com> Date: Thu, 2 Aug 2018 15:58:31 -0700 Subject: [PATCH] x86/mm/init: Remove freed kernel image areas from alias mapping The kernel image is mapped into two places in the virtual address space (addresses without KASLR, of course): 1. The kernel direct map (0xffff880000000000) 2. The "high kernel map" (0xffffffff81000000) We actually execute out of #2. If we get the address of a kernel symbol, it points to #2, but almost all physical-to-virtual translations point to Parts of the "high kernel map" alias are mapped in the userspace page tables with the Global bit for performance reasons. The parts that we map to userspace do not (er, should not) have secrets. When PTI is enabled then the global bit is usually not set in the high mapping and just used to compensate for poor performance on systems which lack PCID. This is fine, except that some areas in the kernel image that are adjacent to the non-secret-containing areas are unused holes. We free these holes back into the normal page allocator and reuse them as normal kernel memory. The memory will, of course, get *used* via the normal map, but the alias mapping is kept. This otherwise unused alias mapping of the holes will, by default keep the Global bit, be mapped out to userspace, and be vulnerable to Meltdown. Remove the alias mapping of these pages entirely. This is likely to fracture the 2M page mapping the kernel image near these areas, but this should affect a minority of the area. The pageattr code changes *all* aliases mapping the physical pages that it operates on (by default). We only want to modify a single alias, so we need to tweak its behavior. This unmapping behavior is currently dependent on PTI being in place. Going forward, we should at least consider doing this for all configurations. Having an extra read-write alias for memory is not exactly ideal for debugging things like random memory corruption and this does undercut features like DEBUG_PAGEALLOC or future work like eXclusive Page Frame Ownership (XPFO). Before this patch: current_kernel:---[ High Kernel Mapping ]--- current_kernel-0xffffffff80000000-0xffffffff81000000 16M pmd current_kernel-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_kernel-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_kernel-0xffffffff81e11000-0xffffffff82000000 1980K RW NX pte current_kernel-0xffffffff82000000-0xffffffff82600000 6M ro PSE GLB NX pmd current_kernel-0xffffffff82600000-0xffffffff82c00000 6M RW PSE NX pmd current_kernel-0xffffffff82c00000-0xffffffff82e00000 2M RW NX pte current_kernel-0xffffffff82e00000-0xffffffff83200000 4M RW PSE NX pmd current_kernel-0xffffffff83200000-0xffffffffa0000000 462M pmd current_user:---[ High Kernel Mapping ]--- current_user-0xffffffff80000000-0xffffffff81000000 16M pmd current_user-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_user-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_user-0xffffffff81e11000-0xffffffff82000000 1980K RW NX pte current_user-0xffffffff82000000-0xffffffff82600000 6M ro PSE GLB NX pmd current_user-0xffffffff82600000-0xffffffffa0000000 474M pmd After this patch: current_kernel:---[ High Kernel Mapping ]--- current_kernel-0xffffffff80000000-0xffffffff81000000 16M pmd current_kernel-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_kernel-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_kernel-0xffffffff81e11000-0xffffffff82000000 1980K pte current_kernel-0xffffffff82000000-0xffffffff82400000 4M ro PSE GLB NX pmd current_kernel-0xffffffff82400000-0xffffffff82488000 544K ro NX pte current_kernel-0xffffffff82488000-0xffffffff82600000 1504K pte current_kernel-0xffffffff82600000-0xffffffff82c00000 6M RW PSE NX pmd current_kernel-0xffffffff82c00000-0xffffffff82c0d000 52K RW NX pte current_kernel-0xffffffff82c0d000-0xffffffff82dc0000 1740K pte current_user:---[ High Kernel Mapping ]--- current_user-0xffffffff80000000-0xffffffff81000000 16M pmd current_user-0xffffffff81000000-0xffffffff81e00000 14M ro PSE GLB x pmd current_user-0xffffffff81e00000-0xffffffff81e11000 68K ro GLB x pte current_user-0xffffffff81e11000-0xffffffff82000000 1980K pte current_user-0xffffffff82000000-0xffffffff82400000 4M ro PSE GLB NX pmd current_user-0xffffffff82400000-0xffffffff82488000 544K ro NX pte current_user-0xffffffff82488000-0xffffffff82600000 1504K pte current_user-0xffffffff82600000-0xffffffffa0000000 474M pmd [ tglx: Do not unmap on 32bit as there is only one mapping ] Fixes: 0f561fce4d69 ("x86/pti: Enable global pages for shared areas") Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Kees Cook <keescook(a)google.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Juergen Gross <jgross(a)suse.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Joerg Roedel <jroedel(a)suse.de> Link: https://lkml.kernel.org/r/20180802225831.5F6A2BFC@viggo.jf.intel.com diff --git a/arch/x86/include/asm/set_memory.h b/arch/x86/include/asm/set_memory.h index bd090367236c..34cffcef7375 100644 --- a/arch/x86/include/asm/set_memory.h +++ b/arch/x86/include/asm/set_memory.h @@ -46,6 +46,7 @@ int set_memory_np(unsigned long addr, int numpages); int set_memory_4k(unsigned long addr, int numpages); int set_memory_encrypted(unsigned long addr, int numpages); int set_memory_decrypted(unsigned long addr, int numpages); +int set_memory_np_noalias(unsigned long addr, int numpages); int set_memory_array_uc(unsigned long *addr, int addrinarray); int set_memory_array_wc(unsigned long *addr, int addrinarray); diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index bc11dedffc45..74b157ac078d 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -780,8 +780,30 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) */ void free_kernel_image_pages(void *begin, void *end) { - free_init_pages("unused kernel image", - (unsigned long)begin, (unsigned long)end); + unsigned long begin_ul = (unsigned long)begin; + unsigned long end_ul = (unsigned long)end; + unsigned long len_pages = (end_ul - begin_ul) >> PAGE_SHIFT; + + + free_init_pages("unused kernel image", begin_ul, end_ul); + + /* + * PTI maps some of the kernel into userspace. For performance, + * this includes some kernel areas that do not contain secrets. + * Those areas might be adjacent to the parts of the kernel image + * being freed, which may contain secrets. Remove the "high kernel + * image mapping" for these freed areas, ensuring they are not even + * potentially vulnerable to Meltdown regardless of the specific + * optimizations PTI is currently using. + * + * The "noalias" prevents unmapping the direct map alias which is + * needed to access the freed pages. + * + * This is only valid for 64bit kernels. 32bit has only one mapping + * which can't be treated in this way for obvious reasons. + */ + if (IS_ENABLED(CONFIG_X86_64) && cpu_feature_enabled(X86_FEATURE_PTI)) + set_memory_np_noalias(begin_ul, len_pages); } void __ref free_initmem(void) diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c index c04153796f61..0a74996a1149 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -53,6 +53,7 @@ static DEFINE_SPINLOCK(cpa_lock); #define CPA_FLUSHTLB 1 #define CPA_ARRAY 2 #define CPA_PAGES_ARRAY 4 +#define CPA_NO_CHECK_ALIAS 8 /* Do not search for aliases */ #ifdef CONFIG_PROC_FS static unsigned long direct_pages_count[PG_LEVEL_NUM]; @@ -1486,6 +1487,9 @@ static int change_page_attr_set_clr(unsigned long *addr, int numpages, /* No alias checking for _NX bit modifications */ checkalias = (pgprot_val(mask_set) | pgprot_val(mask_clr)) != _PAGE_NX; + /* Has caller explicitly disabled alias checking? */ + if (in_flag & CPA_NO_CHECK_ALIAS) + checkalias = 0; ret = __change_page_attr_set_clr(&cpa, checkalias); @@ -1772,6 +1776,15 @@ int set_memory_np(unsigned long addr, int numpages) return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_PRESENT), 0); } +int set_memory_np_noalias(unsigned long addr, int numpages) +{ + int cpa_flags = CPA_NO_CHECK_ALIAS; + + return change_page_attr_set_clr(&addr, numpages, __pgprot(0), + __pgprot(_PAGE_PRESENT), 0, + cpa_flags, NULL); +} + int set_memory_4k(unsigned long addr, int numpages) { return change_page_attr_set_clr(&addr, numpages, __pgprot(0),

7 years, 4 months

1
0
0 0

Feedback: 4.18.1

by Rainer Fiebig

Hi! With 4.18.1 and l1tf=full no problems so far and no noticeable performance-degradation in normal desktop-usage including a VirtualBox-VM. Compiling a kernel seems to take a bit longer, though. 4.9.120 and 4.14.63 also seem OK in cursory testing. CPU: Core i3. Thanks and so long! Rainer Fiebig -- The truth always turns out to be simpler than you thought. Richard Feynman

7 years, 4 months

2
1
0 0

Linux 4.4.148

by Greg KH

I'm announcing the release of the 4.4.148 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/imx6sx.dtsi | 2 arch/parisc/Kconfig | 2 arch/parisc/include/asm/barrier.h | 32 ++++++++++ arch/parisc/kernel/entry.S | 2 arch/parisc/kernel/pacache.S | 1 arch/parisc/kernel/syscall.S | 4 + arch/x86/include/asm/cpufeatures.h | 10 ++- arch/x86/include/asm/irqflags.h | 2 arch/x86/include/asm/page_32_types.h | 9 ++- arch/x86/include/asm/pgtable-2level.h | 17 +++++ arch/x86/include/asm/pgtable-3level.h | 37 +++++++++++- arch/x86/include/asm/pgtable-invert.h | 32 ++++++++++ arch/x86/include/asm/pgtable.h | 84 ++++++++++++++++++++++------ arch/x86/include/asm/pgtable_64.h | 54 +++++++++++++++--- arch/x86/include/asm/pgtable_types.h | 10 +-- arch/x86/include/asm/processor.h | 5 + arch/x86/kernel/cpu/bugs.c | 81 ++++++++++++++++----------- arch/x86/kernel/cpu/common.c | 20 ++++++ arch/x86/kernel/kprobes/core.c | 4 - arch/x86/kernel/paravirt.c | 14 +++- arch/x86/kernel/setup.c | 6 ++ arch/x86/mm/init.c | 25 ++++++++ arch/x86/mm/kmmio.c | 25 +++++--- arch/x86/mm/mmap.c | 21 +++++++ arch/x86/mm/pageattr.c | 8 +- drivers/acpi/acpi_lpss.c | 2 drivers/base/cpu.c | 8 ++ drivers/char/tpm/tpm-dev.c | 43 ++++++-------- drivers/infiniband/core/umem.c | 11 --- drivers/infiniband/hw/mlx4/mr.c | 50 ++++++++++++++-- drivers/infiniband/hw/ocrdma/ocrdma_stats.c | 2 drivers/net/xen-netfront.c | 8 +- drivers/scsi/sr.c | 29 +++++++-- fs/dcache.c | 6 +- fs/ext4/ialloc.c | 5 + fs/ext4/super.c | 8 -- fs/namespace.c | 28 ++++++++- include/asm-generic/pgtable.h | 12 ++++ include/linux/cpu.h | 2 include/linux/mm.h | 2 include/linux/swapfile.h | 2 include/linux/thread_info.h | 6 -- include/rdma/ib_verbs.h | 14 ++++ mm/memory.c | 62 +++++++++++++++++--- mm/mprotect.c | 49 ++++++++++++++++ mm/swapfile.c | 46 ++++++++++----- net/ipv4/Kconfig | 1 net/ipv6/Kconfig | 1 49 files changed, 715 insertions(+), 191 deletions(-) Al Viro (3): root dentries need RCU-delayed freeing fix mntput/mntput race fix __legitimize_mnt()/mntput() race Andi Kleen (10): x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation x86/speculation/l1tf: Make sure the first page is always reserved x86/speculation/l1tf: Add sysfs reporting for l1tf x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings x86/speculation/l1tf: Limit swap file size to MAX_PA/2 x86/speculation/l1tf: Invert all not present mappings x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert x86/mm/pat: Make set_memory_np() L1TF safe x86/mm/kmmio: Make the tracer robust against L1TF Andy Lutomirski (1): mm: Add vm_insert_pfn_prot() Bart Van Assche (1): scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled Dan Williams (1): mm: fix cache mode tracking in vm_insert_mixed() Dave Hansen (2): x86/mm: Move swap offset/type up in PTE to work around erratum x86/mm: Fix swap entry comment and macro Greg Kroah-Hartman (1): Linux 4.4.148 Guenter Roeck (1): x86/speculation/l1tf: Fix up CPU feature flags Hans de Goede (1): ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices Helge Deller (1): parisc: Enable CONFIG_MLONGCALLS by default Jack Morgenstein (2): IB/core: Make testing MR flags for writability a static inline function IB/mlx4: Mark user MR as writable if actual virtual memory is writable Jiri Kosina (2): x86/speculation: Protect against userspace-userspace spectreRSB x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures John David Anglin (1): parisc: Define mb() and add memory barriers to assembler unlock sequences Juergen Gross (1): xen/netfront: don't cache skb_shinfo() Kees Cook (1): fork: unconditionally clear stack on fork Konrad Rzeszutek Wilk (2): x86/bugs: Move the l1tf function and define pr_fmt properly x86/cpufeatures: Add detection of L1D cache flush support. Linus Torvalds (2): x86/speculation/l1tf: Change order of offset/type in swap entry x86/speculation/l1tf: Protect swap entries against L1TF Masami Hiramatsu (1): kprobes/x86: Fix %p uses in error messages Michael Mera (1): IB/ocrdma: fix out of bounds access to local buffer Michal Hocko (1): x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Naoya Horiguchi (1): mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 Nick Desaulniers (1): x86/irqflags: Provide a declaration for native_save_fl Oleksij Rempel (1): ARM: dts: imx6sx: fix irq for pcie bridge Peter Zijlstra (1): x86/paravirt: Fix spectre-v2 mitigations for paravirt guests Tadeusz Struk (1): tpm: fix race condition in tpm_common_write() Theodore Ts'o (1): ext4: fix check to prevent initializing reserved inodes Thomas Egerer (1): ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV Vlastimil Babka (3): x86/speculation/l1tf: Extend 64bit swap file size limit x86/speculation/l1tf: Protect PAE swap entries against L1TF x86/init: fix build with CONFIG_SWAP=n

7 years, 4 months

1
1
0 0

Linux 4.9.120

by Greg KH

I'm announcing the release of the 4.9.120 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 24 Documentation/index.rst | 1 Documentation/kernel-parameters.txt | 78 + Documentation/l1tf.rst | 610 +++++++++++ Documentation/virtual/kvm/api.txt | 40 Makefile | 2 arch/Kconfig | 3 arch/arm/boot/dts/imx6sx.dtsi | 2 arch/parisc/Kconfig | 2 arch/parisc/include/asm/barrier.h | 32 arch/parisc/kernel/entry.S | 2 arch/parisc/kernel/pacache.S | 1 arch/parisc/kernel/syscall.S | 4 arch/x86/Kconfig | 1 arch/x86/include/asm/apic.h | 10 arch/x86/include/asm/cpufeatures.h | 4 arch/x86/include/asm/dmi.h | 2 arch/x86/include/asm/hardirq.h | 26 arch/x86/include/asm/irqflags.h | 2 arch/x86/include/asm/kvm_host.h | 9 arch/x86/include/asm/msr-index.h | 7 arch/x86/include/asm/page_32_types.h | 9 arch/x86/include/asm/pgtable-2level.h | 17 arch/x86/include/asm/pgtable-3level.h | 37 arch/x86/include/asm/pgtable-invert.h | 32 arch/x86/include/asm/pgtable.h | 85 + arch/x86/include/asm/pgtable_64.h | 48 arch/x86/include/asm/pgtable_types.h | 10 arch/x86/include/asm/processor.h | 17 arch/x86/include/asm/smp.h | 1 arch/x86/include/asm/topology.h | 6 arch/x86/include/asm/vmx.h | 11 arch/x86/kernel/apic/apic.c | 19 arch/x86/kernel/apic/htirq.c | 2 arch/x86/kernel/apic/io_apic.c | 1 arch/x86/kernel/apic/msi.c | 1 arch/x86/kernel/apic/vector.c | 1 arch/x86/kernel/cpu/amd.c | 84 - arch/x86/kernel/cpu/bugs.c | 171 ++- arch/x86/kernel/cpu/common.c | 63 - arch/x86/kernel/cpu/cpu.h | 2 arch/x86/kernel/cpu/intel.c | 7 arch/x86/kernel/cpu/microcode/core.c | 26 arch/x86/kernel/cpu/topology.c | 41 arch/x86/kernel/fpu/core.c | 1 arch/x86/kernel/ftrace.c | 1 arch/x86/kernel/hpet.c | 1 arch/x86/kernel/i8259.c | 1 arch/x86/kernel/irq.c | 1 arch/x86/kernel/irq_32.c | 1 arch/x86/kernel/irq_64.c | 1 arch/x86/kernel/irqinit.c | 1 arch/x86/kernel/kprobes/core.c | 5 arch/x86/kernel/kprobes/opt.c | 1 arch/x86/kernel/paravirt.c | 14 arch/x86/kernel/setup.c | 6 arch/x86/kernel/smp.c | 1 arch/x86/kernel/smpboot.c | 25 arch/x86/kernel/time.c | 1 arch/x86/kvm/svm.c | 46 arch/x86/kvm/vmx.c | 426 ++++++- arch/x86/kvm/x86.c | 133 ++ arch/x86/mm/fault.c | 1 arch/x86/mm/init.c | 25 arch/x86/mm/kaiser.c | 1 arch/x86/mm/kmmio.c | 25 arch/x86/mm/mmap.c | 21 arch/x86/mm/pageattr.c | 8 arch/x86/platform/efi/efi_64.c | 1 arch/x86/platform/efi/quirks.c | 1 arch/x86/platform/intel-mid/device_libs/platform_mrfld_wdt.c | 1 arch/x86/platform/uv/tlb_uv.c | 1 arch/x86/xen/enlighten.c | 1 arch/x86/xen/setup.c | 1 drivers/acpi/acpi_lpss.c | 2 drivers/base/cpu.c | 8 drivers/char/tpm/tpm-dev.c | 43 drivers/infiniband/core/umem.c | 11 drivers/infiniband/hw/mlx4/mr.c | 50 drivers/infiniband/hw/ocrdma/ocrdma_stats.c | 2 drivers/mtd/nand/qcom_nandc.c | 3 drivers/net/xen-netfront.c | 8 drivers/pci/host/pci-hyperv.c | 2 drivers/scsi/sr.c | 29 fs/dcache.c | 13 fs/ext4/ialloc.c | 5 fs/ext4/super.c | 8 fs/namespace.c | 28 fs/proc/inode.c | 3 fs/proc/internal.h | 7 fs/proc/proc_sysctl.c | 83 + include/asm-generic/pgtable.h | 13 include/linux/compiler-clang.h | 3 include/linux/cpu.h | 23 include/linux/swapfile.h | 2 include/linux/sysctl.h | 1 include/rdma/ib_verbs.h | 14 include/uapi/linux/kvm.h | 2 init/main.c | 2 kernel/cpu.c | 284 ++++- kernel/smp.c | 2 kernel/softirq.c | 12 mm/memory.c | 29 mm/mprotect.c | 49 mm/swapfile.c | 46 tools/arch/x86/include/asm/cpufeatures.h | 4 106 files changed, 2709 insertions(+), 388 deletions(-) Abel Vesa (1): cpu/hotplug: Non-SMP machines do not make use of booted_once Al Viro (4): root dentries need RCU-delayed freeing make sure that __dentry_kill() always invalidates d_seq, unhashed or not fix mntput/mntput race fix __legitimize_mnt()/mntput() race Andi Kleen (10): x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation x86/speculation/l1tf: Make sure the first page is always reserved x86/speculation/l1tf: Add sysfs reporting for l1tf x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings x86/speculation/l1tf: Limit swap file size to MAX_PA/2 x86/speculation/l1tf: Invert all not present mappings x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert x86/mm/pat: Make set_memory_np() L1TF safe x86/mm/kmmio: Make the tracer robust against L1TF Andrey Konovalov (1): kasan: add no_sanitize attribute for clang builds Ashok Raj (1): x86/microcode: Do not upload microcode if CPUs are offline Bart Van Assche (1): scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled Borislav Petkov (3): x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present David Woodhouse (1): tools headers: Synchronise x86 cpufeatures.h for L1TF additions Eric W. Biederman (2): proc/sysctl: Don't grab i_lock under sysctl_lock. proc: Fix proc_sys_prune_dcache to hold a sb reference Fabio Estevam (1): mtd: nand: qcom: Add a NULL check for devm_kasprintf() Greg Kroah-Hartman (1): Linux 4.9.120 Hans de Goede (1): ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices Helge Deller (1): parisc: Enable CONFIG_MLONGCALLS by default Jack Morgenstein (2): IB/core: Make testing MR flags for writability a static inline function IB/mlx4: Mark user MR as writable if actual virtual memory is writable Jim Mattson (1): kvm: nVMX: Update MSR load counts on a VMCS switch Jiri Kosina (4): x86/speculation: Protect against userspace-userspace spectreRSB cpu/hotplug: Expose SMT control init function x86/bugs, kvm: Introduce boot-time control of L1TF mitigations x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures John David Anglin (1): parisc: Define mb() and add memory barriers to assembler unlock sequences Josh Poimboeuf (2): cpu/hotplug: detect SMT disabled by BIOS x86/microcode: Allow late microcode loading with SMT disabled Juergen Gross (1): xen/netfront: don't cache skb_shinfo() Konrad Rzeszutek Wilk (9): x86/bugs: Move the l1tf function and define pr_fmt properly x86/cpufeatures: Add detection of L1D cache flush support. x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present x86/KVM/VMX: Add module argument for L1TF mitigation x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers x86/KVM/VMX: Add find_msr() helper function x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required Konstantin Khlebnikov (1): proc/sysctl: prune stale dentries during unregistering Linus Torvalds (4): Mark HI and TASKLET softirq synchronous init: rename and re-order boot_cpu_state_init() x86/speculation/l1tf: Change order of offset/type in swap entry x86/speculation/l1tf: Protect swap entries against L1TF Masami Hiramatsu (1): kprobes/x86: Fix %p uses in error messages Michael Mera (1): IB/ocrdma: fix out of bounds access to local buffer Michal Hocko (1): x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Naoya Horiguchi (1): mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 Nick Desaulniers (1): x86/irqflags: Provide a declaration for native_save_fl Nicolai Stange (9): x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d x86: Don't include linux/irq.h from asm/hardirq.h x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() Oleksij Rempel (1): ARM: dts: imx6sx: fix irq for pcie bridge Paolo Bonzini (7): x86/KVM/VMX: Add L1D flush algorithm x86/KVM/VMX: Add L1D MSR based flush x86/KVM/VMX: Add L1D flush logic KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR x86/speculation: Simplify sysfs report of VMX L1TF vulnerability x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry Peter Zijlstra (1): x86/paravirt: Fix spectre-v2 mitigations for paravirt guests Suravee Suthikulpanit (1): x86/cpu/amd: Limit cpu_core_id fixup to families older than F17h Tadeusz Struk (1): tpm: fix race condition in tpm_common_write() Theodore Ts'o (1): ext4: fix check to prevent initializing reserved inodes Thomas Gleixner (26): x86/smp: Provide topology_is_primary_thread() x86/topology: Provide topology_smt_supported() cpu/hotplug: Make bringup/teardown of smp threads symmetric cpu/hotplug: Split do_cpu_down() cpu/hotplug: Provide knobs to control SMT x86/cpu: Remove the pointless CPU printout x86/cpu/AMD: Remove the pointless detect_ht() call x86/cpu/common: Provide detect_ht_early() x86/cpu/topology: Provide detect_extended_topology_early() x86/cpu/intel: Evaluate smp_num_siblings early x86/cpu/AMD: Evaluate smp_num_siblings early x86/apic: Ignore secondary threads if nosmt=force Revert "x86/apic: Ignore secondary threads if nosmt=force" cpu/hotplug: Boot HT siblings at least once cpu/hotplug: Online siblings when SMT control is turned on x86/litf: Introduce vmx status variable x86/kvm: Drop L1TF MSR list approach x86/l1tf: Handle EPT disabled state proper x86/kvm: Move l1tf setup function x86/kvm: Add static key for flush always x86/kvm: Serialize L1D flush parameter setter x86/kvm: Allow runtime control of L1D flush cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early Documentation: Add section about CPU vulnerabilities Documentation/l1tf: Remove Yonah processors from not vulnerable list cpu/hotplug: Fix SMT supported evaluation Tom Lendacky (2): KVM: x86: Add a framework for supporting MSR-based features KVM: SVM: Add MSR-based feature support for serializing LFENCE Tony Luck (1): Documentation/l1tf: Fix typos Vlastimil Babka (4): x86/speculation/l1tf: Extend 64bit swap file size limit x86/speculation/l1tf: Protect PAE swap entries against L1TF x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread x86/init: fix build with CONFIG_SWAP=n Wanpeng Li (2): KVM: X86: Introduce kvm_get_msr_feature() KVM: X86: Allow userspace to define the microcode version

7 years, 4 months

1
1
0 0

Linux 4.17.15

by Greg KH

I'm announcing the release of the 4.17.15 kernel. All users of the 4.17 kernel series must upgrade. The updated 4.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.17.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 24 Documentation/admin-guide/index.rst | 9 Documentation/admin-guide/kernel-parameters.txt | 78 + Documentation/admin-guide/l1tf.rst | 610 +++++++++++ Makefile | 2 arch/Kconfig | 3 arch/arm/boot/dts/imx6sx.dtsi | 2 arch/parisc/Kconfig | 2 arch/parisc/include/asm/barrier.h | 32 arch/parisc/kernel/entry.S | 2 arch/parisc/kernel/pacache.S | 1 arch/parisc/kernel/syscall.S | 4 arch/x86/Kconfig | 1 arch/x86/include/asm/apic.h | 9 arch/x86/include/asm/cpufeatures.h | 3 arch/x86/include/asm/dmi.h | 2 arch/x86/include/asm/hardirq.h | 26 arch/x86/include/asm/irqflags.h | 2 arch/x86/include/asm/kvm_host.h | 6 arch/x86/include/asm/msr-index.h | 7 arch/x86/include/asm/page_32_types.h | 9 arch/x86/include/asm/pgtable-2level.h | 17 arch/x86/include/asm/pgtable-3level.h | 37 arch/x86/include/asm/pgtable-invert.h | 32 arch/x86/include/asm/pgtable.h | 74 - arch/x86/include/asm/pgtable_64.h | 38 arch/x86/include/asm/processor.h | 17 arch/x86/include/asm/smp.h | 1 arch/x86/include/asm/topology.h | 6 arch/x86/include/asm/vmx.h | 11 arch/x86/kernel/apic/apic.c | 18 arch/x86/kernel/apic/io_apic.c | 1 arch/x86/kernel/apic/msi.c | 1 arch/x86/kernel/apic/vector.c | 1 arch/x86/kernel/cpu/amd.c | 59 - arch/x86/kernel/cpu/bugs.c | 171 ++- arch/x86/kernel/cpu/common.c | 63 - arch/x86/kernel/cpu/cpu.h | 2 arch/x86/kernel/cpu/intel.c | 7 arch/x86/kernel/cpu/microcode/core.c | 16 arch/x86/kernel/cpu/topology.c | 41 arch/x86/kernel/fpu/core.c | 1 arch/x86/kernel/hpet.c | 1 arch/x86/kernel/i8259.c | 1 arch/x86/kernel/idt.c | 1 arch/x86/kernel/irq.c | 1 arch/x86/kernel/irq_32.c | 1 arch/x86/kernel/irq_64.c | 1 arch/x86/kernel/irqinit.c | 1 arch/x86/kernel/kprobes/core.c | 5 arch/x86/kernel/paravirt.c | 14 arch/x86/kernel/setup.c | 6 arch/x86/kernel/smp.c | 1 arch/x86/kernel/smpboot.c | 25 arch/x86/kernel/time.c | 1 arch/x86/kvm/mmu.c | 1 arch/x86/kvm/vmx.c | 455 ++++++-- arch/x86/kvm/x86.c | 34 arch/x86/mm/init.c | 25 arch/x86/mm/kmmio.c | 25 arch/x86/mm/mmap.c | 21 arch/x86/mm/pageattr.c | 8 arch/x86/mm/pti.c | 1 arch/x86/platform/intel-mid/device_libs/platform_mrfld_wdt.c | 1 arch/x86/platform/uv/tlb_uv.c | 1 arch/x86/xen/enlighten.c | 1 drivers/base/cpu.c | 8 drivers/block/zram/zram_drv.c | 15 drivers/gpu/drm/i915/i915_pmu.c | 1 drivers/gpu/drm/i915/intel_lpe_audio.c | 1 drivers/net/xen-netfront.c | 8 drivers/pci/host/pci-hyperv.c | 2 drivers/scsi/qla2xxx/qla_iocb.c | 53 drivers/scsi/sr.c | 29 fs/dcache.c | 13 fs/namespace.c | 28 include/asm-generic/pgtable.h | 12 include/linux/cpu.h | 23 include/linux/swapfile.h | 2 init/main.c | 2 kernel/bpf/sockmap.c | 9 kernel/cpu.c | 284 ++++- kernel/sched/core.c | 30 kernel/sched/deadline.c | 8 kernel/sched/fair.c | 1 kernel/smp.c | 2 kernel/softirq.c | 12 kernel/stop_machine.c | 10 mm/memory.c | 37 mm/mprotect.c | 49 mm/swapfile.c | 46 tools/arch/x86/include/asm/cpufeatures.h | 23 tools/include/uapi/linux/prctl.h | 12 93 files changed, 2419 insertions(+), 381 deletions(-) Abel Vesa (1): cpu/hotplug: Non-SMP machines do not make use of booted_once Al Viro (4): root dentries need RCU-delayed freeing make sure that __dentry_kill() always invalidates d_seq, unhashed or not fix mntput/mntput race fix __legitimize_mnt()/mntput() race Andi Kleen (10): x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation x86/speculation/l1tf: Make sure the first page is always reserved x86/speculation/l1tf: Add sysfs reporting for l1tf x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings x86/speculation/l1tf: Limit swap file size to MAX_PA/2 x86/speculation/l1tf: Invert all not present mappings x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert x86/mm/pat: Make set_memory_np() L1TF safe x86/mm/kmmio: Make the tracer robust against L1TF Arnaldo Carvalho de Melo (1): tools headers: Synchronize prctl.h ABI header Bart Van Assche (1): scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled Borislav Petkov (3): x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present Daniel Borkmann (2): bpf, sockmap: fix leak in bpf_tcp_sendmsg wait for mem path bpf, sockmap: fix bpf_tcp_sendmsg sock error handling Daniel Bristot de Oliveira (1): sched/deadline: Update rq_clock of later_rq when pushing a task David Woodhouse (1): tools headers: Synchronise x86 cpufeatures.h for L1TF additions Greg Kroah-Hartman (1): Linux 4.17.15 Helge Deller (1): parisc: Enable CONFIG_MLONGCALLS by default Isaac J. Manjarres (1): stop_machine: Disable preemption after queueing stopper threads Jiri Kosina (4): x86/speculation: Protect against userspace-userspace spectreRSB cpu/hotplug: Expose SMT control init function x86/bugs, kvm: Introduce boot-time control of L1TF mitigations x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures John David Anglin (1): parisc: Define mb() and add memory barriers to assembler unlock sequences Josh Poimboeuf (2): cpu/hotplug: detect SMT disabled by BIOS x86/microcode: Allow late microcode loading with SMT disabled Juergen Gross (1): xen/netfront: don't cache skb_shinfo() Konrad Rzeszutek Wilk (9): x86/bugs: Move the l1tf function and define pr_fmt properly x86/cpufeatures: Add detection of L1D cache flush support. x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present x86/KVM/VMX: Add module argument for L1TF mitigation x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers x86/KVM/VMX: Add find_msr() helper function x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required Linus Torvalds (4): Mark HI and TASKLET softirq synchronous init: rename and re-order boot_cpu_state_init() x86/speculation/l1tf: Change order of offset/type in swap entry x86/speculation/l1tf: Protect swap entries against L1TF Masami Hiramatsu (1): kprobes/x86: Fix %p uses in error messages Michal Hocko (1): x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Minchan Kim (1): zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature Nick Desaulniers (1): x86/irqflags: Provide a declaration for native_save_fl Nicolai Stange (9): x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d x86: Don't include linux/irq.h from asm/hardirq.h x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() Oleksij Rempel (1): ARM: dts: imx6sx: fix irq for pcie bridge Paolo Bonzini (6): x86/KVM/VMX: Add L1D flush algorithm x86/KVM/VMX: Add L1D MSR based flush x86/KVM/VMX: Add L1D flush logic x86/speculation: Simplify sysfs report of VMX L1TF vulnerability x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry Peter Zijlstra (2): x86/paravirt: Fix spectre-v2 mitigations for paravirt guests sched/smt: Update sched_smt_present at runtime Quinn Tran (1): scsi: qla2xxx: Fix memory leak for allocating abort IOCB Thomas Gleixner (26): x86/smp: Provide topology_is_primary_thread() x86/topology: Provide topology_smt_supported() cpu/hotplug: Make bringup/teardown of smp threads symmetric cpu/hotplug: Split do_cpu_down() cpu/hotplug: Provide knobs to control SMT x86/cpu: Remove the pointless CPU printout x86/cpu/AMD: Remove the pointless detect_ht() call x86/cpu/common: Provide detect_ht_early() x86/cpu/topology: Provide detect_extended_topology_early() x86/cpu/intel: Evaluate smp_num_siblings early x86/cpu/AMD: Evaluate smp_num_siblings early x86/apic: Ignore secondary threads if nosmt=force Revert "x86/apic: Ignore secondary threads if nosmt=force" cpu/hotplug: Boot HT siblings at least once cpu/hotplug: Online siblings when SMT control is turned on x86/litf: Introduce vmx status variable x86/kvm: Drop L1TF MSR list approach x86/l1tf: Handle EPT disabled state proper x86/kvm: Move l1tf setup function x86/kvm: Add static key for flush always x86/kvm: Serialize L1D flush parameter setter x86/kvm: Allow runtime control of L1D flush cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early Documentation: Add section about CPU vulnerabilities Documentation/l1tf: Remove Yonah processors from not vulnerable list cpu/hotplug: Fix SMT supported evaluation Tony Luck (1): Documentation/l1tf: Fix typos Vlastimil Babka (4): x86/speculation/l1tf: Extend 64bit swap file size limit x86/speculation/l1tf: Protect PAE swap entries against L1TF x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread x86/init: fix build with CONFIG_SWAP=n

7 years, 4 months

1
1
0 0

Enquiry Order

by Mr Walter Benson

Dear Supplier, Please view our company catalog in attach file below and selected items then provide quotation based on our requirement. For further clarification or any question feel free to contact me. Your further reply as above will be very appreciated and helpful for our next conversation. Hope we can establish long-term business relationship. Best regards. Walter Benson. Marketing & Business Development APTECH AFRICA LTD JUBA SOUTH SUDAN TEL:+211922414561 www.aptechafrica.com

7 years, 4 months

1
0
0 0

[PATCH 4.17 00/97] 4.17.15-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.17.15 release. There are 97 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 16 17:14:15 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.17.15-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.17.15-rc1 Josh Poimboeuf <jpoimboe(a)redhat.com> x86/microcode: Allow late microcode loading with SMT disabled David Woodhouse <dwmw(a)amazon.co.uk> tools headers: Synchronise x86 cpufeatures.h for L1TF additions Arnaldo Carvalho de Melo <acme(a)redhat.com> tools headers: Synchronize prctl.h ABI header Andi Kleen <ak(a)linux.intel.com> x86/mm/kmmio: Make the tracer robust against L1TF Andi Kleen <ak(a)linux.intel.com> x86/mm/pat: Make set_memory_np() L1TF safe Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Invert all not present mappings Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Fix SMT supported evaluation Paolo Bonzini <pbonzini(a)redhat.com> KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry Paolo Bonzini <pbonzini(a)redhat.com> x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry Paolo Bonzini <pbonzini(a)redhat.com> x86/speculation: Simplify sysfs report of VMX L1TF vulnerability Thomas Gleixner <tglx(a)linutronix.de> Documentation/l1tf: Remove Yonah processors from not vulnerable list Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() Nicolai Stange <nstange(a)suse.de> x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d Nicolai Stange <nstange(a)suse.de> x86: Don't include linux/irq.h from asm/hardirq.h Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d Nicolai Stange <nstange(a)suse.de> x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() Josh Poimboeuf <jpoimboe(a)redhat.com> cpu/hotplug: detect SMT disabled by BIOS Tony Luck <tony.luck(a)intel.com> Documentation/l1tf: Fix typos Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content Jiri Kosina <jkosina(a)suse.cz> x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures Thomas Gleixner <tglx(a)linutronix.de> Documentation: Add section about CPU vulnerabilities Jiri Kosina <jkosina(a)suse.cz> x86/bugs, kvm: Introduce boot-time control of L1TF mitigations Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early Jiri Kosina <jkosina(a)suse.cz> cpu/hotplug: Expose SMT control init function Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Allow runtime control of L1D flush Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Serialize L1D flush parameter setter Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Add static key for flush always Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Move l1tf setup function Thomas Gleixner <tglx(a)linutronix.de> x86/l1tf: Handle EPT disabled state proper Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Drop L1TF MSR list approach Thomas Gleixner <tglx(a)linutronix.de> x86/litf: Introduce vmx status variable Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Online siblings when SMT control is turned on Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Add find_msr() helper function Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D flush logic Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D MSR based flush Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D flush algorithm Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Add module argument for L1TF mitigation Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Boot HT siblings at least once Thomas Gleixner <tglx(a)linutronix.de> Revert "x86/apic: Ignore secondary threads if nosmt=force" Michal Hocko <mhocko(a)suse.cz> x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Protect PAE swap entries against L1TF Borislav Petkov <bp(a)suse.de> x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/cpufeatures: Add detection of L1D cache flush support. Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Extend 64bit swap file size limit Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Ignore secondary threads if nosmt=force Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/AMD: Evaluate smp_num_siblings early Borislav Petkov <bp(a)suse.de> x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/intel: Evaluate smp_num_siblings early Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/topology: Provide detect_extended_topology_early() Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/common: Provide detect_ht_early() Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/AMD: Remove the pointless detect_ht() call Thomas Gleixner <tglx(a)linutronix.de> x86/cpu: Remove the pointless CPU printout Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Provide knobs to control SMT Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Split do_cpu_down() Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Make bringup/teardown of smp threads symmetric Thomas Gleixner <tglx(a)linutronix.de> x86/topology: Provide topology_smt_supported() Thomas Gleixner <tglx(a)linutronix.de> x86/smp: Provide topology_is_primary_thread() Peter Zijlstra <peterz(a)infradead.org> sched/smt: Update sched_smt_present at runtime Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Move the l1tf function and define pr_fmt properly Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Limit swap file size to MAX_PA/2 Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Add sysfs reporting for l1tf Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Make sure the first page is always reserved Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation Linus Torvalds <torvalds(a)linux-foundation.org> x86/speculation/l1tf: Protect swap entries against L1TF Linus Torvalds <torvalds(a)linux-foundation.org> x86/speculation/l1tf: Change order of offset/type in swap entry Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT Nick Desaulniers <ndesaulniers(a)google.com> x86/irqflags: Provide a declaration for native_save_fl Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Fix %p uses in error messages Jiri Kosina <jkosina(a)suse.cz> x86/speculation: Protect against userspace-userspace spectreRSB Peter Zijlstra <peterz(a)infradead.org> x86/paravirt: Fix spectre-v2 mitigations for paravirt guests Oleksij Rempel <o.rempel(a)pengutronix.de> ARM: dts: imx6sx: fix irq for pcie bridge Al Viro <viro(a)zeniv.linux.org.uk> fix __legitimize_mnt()/mntput() race Al Viro <viro(a)zeniv.linux.org.uk> fix mntput/mntput race Al Viro <viro(a)zeniv.linux.org.uk> make sure that __dentry_kill() always invalidates d_seq, unhashed or not Al Viro <viro(a)zeniv.linux.org.uk> root dentries need RCU-delayed freeing Linus Torvalds <torvalds(a)linux-foundation.org> init: rename and re-order boot_cpu_state_init() Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix memory leak for allocating abort IOCB Bart Van Assche <bart.vanassche(a)wdc.com> scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix bpf_tcp_sendmsg sock error handling Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix leak in bpf_tcp_sendmsg wait for mem path Juergen Gross <jgross(a)suse.com> xen/netfront: don't cache skb_shinfo() Minchan Kim <minchan(a)kernel.org> zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature Daniel Bristot de Oliveira <bristot(a)redhat.com> sched/deadline: Update rq_clock of later_rq when pushing a task Isaac J. Manjarres <isaacm(a)codeaurora.org> stop_machine: Disable preemption after queueing stopper threads Linus Torvalds <torvalds(a)linux-foundation.org> Mark HI and TASKLET softirq synchronous John David Anglin <dave.anglin(a)bell.net> parisc: Define mb() and add memory barriers to assembler unlock sequences Helge Deller <deller(a)gmx.de> parisc: Enable CONFIG_MLONGCALLS by default ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 24 + Documentation/admin-guide/index.rst | 9 + Documentation/admin-guide/kernel-parameters.txt | 78 +++ Documentation/admin-guide/l1tf.rst | 610 +++++++++++++++++++++ Makefile | 4 +- arch/Kconfig | 3 + arch/arm/boot/dts/imx6sx.dtsi | 2 +- arch/parisc/Kconfig | 2 +- arch/parisc/include/asm/barrier.h | 32 ++ arch/parisc/kernel/entry.S | 2 + arch/parisc/kernel/pacache.S | 1 + arch/parisc/kernel/syscall.S | 4 + arch/x86/Kconfig | 1 + arch/x86/include/asm/apic.h | 9 + arch/x86/include/asm/cpufeatures.h | 3 + arch/x86/include/asm/dmi.h | 2 +- arch/x86/include/asm/hardirq.h | 26 +- arch/x86/include/asm/irqflags.h | 2 + arch/x86/include/asm/kvm_host.h | 6 + arch/x86/include/asm/msr-index.h | 7 + arch/x86/include/asm/page_32_types.h | 9 +- arch/x86/include/asm/pgtable-2level.h | 17 + arch/x86/include/asm/pgtable-3level.h | 37 +- arch/x86/include/asm/pgtable-invert.h | 32 ++ arch/x86/include/asm/pgtable.h | 74 ++- arch/x86/include/asm/pgtable_64.h | 38 +- arch/x86/include/asm/processor.h | 17 + arch/x86/include/asm/topology.h | 6 +- arch/x86/include/asm/vmx.h | 11 + arch/x86/kernel/apic/apic.c | 16 + arch/x86/kernel/apic/io_apic.c | 1 + arch/x86/kernel/apic/msi.c | 1 + arch/x86/kernel/apic/vector.c | 1 + arch/x86/kernel/cpu/amd.c | 49 +- arch/x86/kernel/cpu/bugs.c | 171 ++++-- arch/x86/kernel/cpu/common.c | 56 +- arch/x86/kernel/cpu/cpu.h | 2 + arch/x86/kernel/cpu/intel.c | 7 + arch/x86/kernel/cpu/microcode/core.c | 16 +- arch/x86/kernel/cpu/topology.c | 41 +- arch/x86/kernel/fpu/core.c | 1 + arch/x86/kernel/hpet.c | 1 + arch/x86/kernel/i8259.c | 1 + arch/x86/kernel/idt.c | 1 + arch/x86/kernel/irq.c | 1 + arch/x86/kernel/irq_32.c | 1 + arch/x86/kernel/irq_64.c | 1 + arch/x86/kernel/irqinit.c | 1 + arch/x86/kernel/kprobes/core.c | 5 +- arch/x86/kernel/paravirt.c | 14 +- arch/x86/kernel/setup.c | 6 + arch/x86/kernel/smp.c | 1 + arch/x86/kernel/smpboot.c | 18 + arch/x86/kernel/time.c | 1 + arch/x86/kvm/mmu.c | 1 + arch/x86/kvm/vmx.c | 455 ++++++++++++--- arch/x86/kvm/x86.c | 34 +- arch/x86/mm/init.c | 23 + arch/x86/mm/kmmio.c | 25 +- arch/x86/mm/mmap.c | 21 + arch/x86/mm/pageattr.c | 8 +- arch/x86/mm/pti.c | 1 + .../intel-mid/device_libs/platform_mrfld_wdt.c | 1 + arch/x86/platform/uv/tlb_uv.c | 1 + arch/x86/xen/enlighten.c | 1 + drivers/base/cpu.c | 8 + drivers/block/zram/zram_drv.c | 15 +- drivers/gpu/drm/i915/i915_pmu.c | 1 + drivers/gpu/drm/i915/intel_lpe_audio.c | 1 + drivers/net/xen-netfront.c | 8 +- drivers/pci/host/pci-hyperv.c | 2 + drivers/scsi/qla2xxx/qla_iocb.c | 53 +- drivers/scsi/sr.c | 29 +- fs/dcache.c | 13 +- fs/namespace.c | 28 +- include/asm-generic/pgtable.h | 12 + include/linux/cpu.h | 23 +- include/linux/swapfile.h | 2 + init/main.c | 2 +- kernel/bpf/sockmap.c | 9 +- kernel/cpu.c | 282 +++++++++- kernel/sched/core.c | 30 +- kernel/sched/deadline.c | 8 +- kernel/sched/fair.c | 1 + kernel/smp.c | 2 + kernel/softirq.c | 12 +- kernel/stop_machine.c | 10 +- mm/memory.c | 37 +- mm/mprotect.c | 49 ++ mm/swapfile.c | 46 +- tools/arch/x86/include/asm/cpufeatures.h | 23 +- tools/include/uapi/linux/prctl.h | 12 + 92 files changed, 2406 insertions(+), 365 deletions(-)

7 years, 4 months

3
99
0 0

[PATCH] ALSA: info: Check for integer overflow in snd_info_entry_write()

by Erick Reyes

Commit 4adb7bcbcb69 ("ALSA: core: Use seq_file for text proc file reads") heavily refactored ALSA procfs and fixed the overflow as a side-effect, so this fix only applies to kernels < 4.2 and there is no upstream equivalent snd_info_entry_write() resizes the buffer with an unsigned long size argument that gets truncated because resize_info_buffer() takes the size parameter as an unsigned int. On 64-bit kernels, this causes the following copy_to_user() to write out-of-bounds if (pos + count) can't be represented by an unsigned int. Signed-off-by: Siqi Lin <siqilin(a)google.com> Signed-off-by: Erick Reyes <erickreyes(a)google.com> --- sound/core/info.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sound/core/info.c b/sound/core/info.c index 9f404e965ea2..08832c973a53 100644 --- a/sound/core/info.c +++ b/sound/core/info.c @@ -253,6 +253,7 @@ static ssize_t snd_info_entry_write(struct file *file, const char __user *buffer struct snd_info_buffer *buf; ssize_t size = 0; loff_t pos; + unsigned long realloc_size; data = file->private_data; if (snd_BUG_ON(!data)) @@ -261,7 +262,8 @@ static ssize_t snd_info_entry_write(struct file *file, const char __user *buffer pos = *offset; if (pos < 0 || (long) pos != pos || (ssize_t) count < 0) return -EIO; - if ((unsigned long) pos + (unsigned long) count < (unsigned long) pos) + realloc_size = (unsigned long) pos + (unsigned long) count; + if (realloc_size < (unsigned long) pos || realloc_size > UINT_MAX) return -EIO; switch (entry->content) { case SNDRV_INFO_CONTENT_TEXT: -- 2.18.0.865.gffc8e1a3cd6-goog

7 years, 4 months

2
1
0 0

[PATCH 4.9 000/107] 4.9.120-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.120 release. There are 107 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 16 17:14:53 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.120-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.120-rc1 Josh Poimboeuf <jpoimboe(a)redhat.com> x86/microcode: Allow late microcode loading with SMT disabled Ashok Raj <ashok.raj(a)intel.com> x86/microcode: Do not upload microcode if CPUs are offline David Woodhouse <dwmw(a)amazon.co.uk> tools headers: Synchronise x86 cpufeatures.h for L1TF additions Andi Kleen <ak(a)linux.intel.com> x86/mm/kmmio: Make the tracer robust against L1TF Andi Kleen <ak(a)linux.intel.com> x86/mm/pat: Make set_memory_np() L1TF safe Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Invert all not present mappings Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Fix SMT supported evaluation Paolo Bonzini <pbonzini(a)redhat.com> KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry Paolo Bonzini <pbonzini(a)redhat.com> x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry Paolo Bonzini <pbonzini(a)redhat.com> x86/speculation: Simplify sysfs report of VMX L1TF vulnerability Paolo Bonzini <pbonzini(a)redhat.com> KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR Wanpeng Li <wanpengli(a)tencent.com> KVM: X86: Allow userspace to define the microcode version Wanpeng Li <wanpengli(a)tencent.com> KVM: X86: Introduce kvm_get_msr_feature() Tom Lendacky <thomas.lendacky(a)amd.com> KVM: SVM: Add MSR-based feature support for serializing LFENCE Tom Lendacky <thomas.lendacky(a)amd.com> KVM: x86: Add a framework for supporting MSR-based features Thomas Gleixner <tglx(a)linutronix.de> Documentation/l1tf: Remove Yonah processors from not vulnerable list Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() Nicolai Stange <nstange(a)suse.de> x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d Nicolai Stange <nstange(a)suse.de> x86: Don't include linux/irq.h from asm/hardirq.h Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d Nicolai Stange <nstange(a)suse.de> x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() Josh Poimboeuf <jpoimboe(a)redhat.com> cpu/hotplug: detect SMT disabled by BIOS Tony Luck <tony.luck(a)intel.com> Documentation/l1tf: Fix typos Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content Thomas Gleixner <tglx(a)linutronix.de> Documentation: Add section about CPU vulnerabilities Jiri Kosina <jkosina(a)suse.cz> x86/bugs, kvm: Introduce boot-time control of L1TF mitigations Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early Jiri Kosina <jkosina(a)suse.cz> cpu/hotplug: Expose SMT control init function Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Allow runtime control of L1D flush Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Serialize L1D flush parameter setter Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Add static key for flush always Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Move l1tf setup function Thomas Gleixner <tglx(a)linutronix.de> x86/l1tf: Handle EPT disabled state proper Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Drop L1TF MSR list approach Thomas Gleixner <tglx(a)linutronix.de> x86/litf: Introduce vmx status variable Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Online siblings when SMT control is turned on Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Add find_msr() helper function Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers Jim Mattson <jmattson(a)google.com> kvm: nVMX: Update MSR load counts on a VMCS switch Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D flush logic Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D MSR based flush Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D flush algorithm Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Add module argument for L1TF mitigation Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Boot HT siblings at least once Thomas Gleixner <tglx(a)linutronix.de> Revert "x86/apic: Ignore secondary threads if nosmt=force" Michal Hocko <mhocko(a)suse.cz> x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Protect PAE swap entries against L1TF Borislav Petkov <bp(a)suse.de> x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/cpufeatures: Add detection of L1D cache flush support. Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Extend 64bit swap file size limit Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Ignore secondary threads if nosmt=force Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/AMD: Evaluate smp_num_siblings early Borislav Petkov <bp(a)suse.de> x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/intel: Evaluate smp_num_siblings early Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/topology: Provide detect_extended_topology_early() Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/common: Provide detect_ht_early() Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/AMD: Remove the pointless detect_ht() call Thomas Gleixner <tglx(a)linutronix.de> x86/cpu: Remove the pointless CPU printout Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Provide knobs to control SMT Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Split do_cpu_down() Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Make bringup/teardown of smp threads symmetric Thomas Gleixner <tglx(a)linutronix.de> x86/topology: Provide topology_smt_supported() Thomas Gleixner <tglx(a)linutronix.de> x86/smp: Provide topology_is_primary_thread() Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Move the l1tf function and define pr_fmt properly Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Limit swap file size to MAX_PA/2 Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Add sysfs reporting for l1tf Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Make sure the first page is always reserved Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation Linus Torvalds <torvalds(a)linux-foundation.org> x86/speculation/l1tf: Protect swap entries against L1TF Linus Torvalds <torvalds(a)linux-foundation.org> x86/speculation/l1tf: Change order of offset/type in swap entry Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT Nick Desaulniers <ndesaulniers(a)google.com> x86/irqflags: Provide a declaration for native_save_fl Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Fix %p uses in error messages Jiri Kosina <jkosina(a)suse.cz> x86/speculation: Protect against userspace-userspace spectreRSB Peter Zijlstra <peterz(a)infradead.org> x86/paravirt: Fix spectre-v2 mitigations for paravirt guests Oleksij Rempel <o.rempel(a)pengutronix.de> ARM: dts: imx6sx: fix irq for pcie bridge Michael Mera <dev(a)michaelmera.com> IB/ocrdma: fix out of bounds access to local buffer Fabio Estevam <fabio.estevam(a)nxp.com> mtd: nand: qcom: Add a NULL check for devm_kasprintf() Jack Morgenstein <jackm(a)dev.mellanox.co.il> IB/mlx4: Mark user MR as writable if actual virtual memory is writable Jack Morgenstein <jackm(a)dev.mellanox.co.il> IB/core: Make testing MR flags for writability a static inline function Eric W. Biederman <ebiederm(a)xmission.com> proc: Fix proc_sys_prune_dcache to hold a sb reference Eric W. Biederman <ebiederm(a)xmission.com> proc/sysctl: Don't grab i_lock under sysctl_lock. Konstantin Khlebnikov <khlebnikov(a)yandex-team.ru> proc/sysctl: prune stale dentries during unregistering Al Viro <viro(a)zeniv.linux.org.uk> fix __legitimize_mnt()/mntput() race Al Viro <viro(a)zeniv.linux.org.uk> fix mntput/mntput race Al Viro <viro(a)zeniv.linux.org.uk> make sure that __dentry_kill() always invalidates d_seq, unhashed or not Al Viro <viro(a)zeniv.linux.org.uk> root dentries need RCU-delayed freeing Linus Torvalds <torvalds(a)linux-foundation.org> init: rename and re-order boot_cpu_state_init() Bart Van Assche <bart.vanassche(a)wdc.com> scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled Hans de Goede <hdegoede(a)redhat.com> ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices Juergen Gross <jgross(a)suse.com> xen/netfront: don't cache skb_shinfo() Linus Torvalds <torvalds(a)linux-foundation.org> Mark HI and TASKLET softirq synchronous Andrey Konovalov <andreyknvl(a)google.com> kasan: add no_sanitize attribute for clang builds John David Anglin <dave.anglin(a)bell.net> parisc: Define mb() and add memory barriers to assembler unlock sequences Helge Deller <deller(a)gmx.de> parisc: Enable CONFIG_MLONGCALLS by default Tadeusz Struk <tadeusz.struk(a)intel.com> tpm: fix race condition in tpm_common_write() Theodore Ts'o <tytso(a)mit.edu> ext4: fix check to prevent initializing reserved inodes ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 24 + Documentation/index.rst | 1 + Documentation/kernel-parameters.txt | 78 +++ Documentation/l1tf.rst | 610 +++++++++++++++++++++ Documentation/virtual/kvm/api.txt | 40 +- Makefile | 4 +- arch/Kconfig | 3 + arch/arm/boot/dts/imx6sx.dtsi | 2 +- arch/parisc/Kconfig | 2 +- arch/parisc/include/asm/barrier.h | 32 ++ arch/parisc/kernel/entry.S | 2 + arch/parisc/kernel/pacache.S | 1 + arch/parisc/kernel/syscall.S | 4 + arch/x86/Kconfig | 1 + arch/x86/include/asm/apic.h | 10 + arch/x86/include/asm/cpufeatures.h | 4 +- arch/x86/include/asm/dmi.h | 2 +- arch/x86/include/asm/hardirq.h | 26 +- arch/x86/include/asm/irqflags.h | 2 + arch/x86/include/asm/kvm_host.h | 9 + arch/x86/include/asm/msr-index.h | 7 + arch/x86/include/asm/page_32_types.h | 9 +- arch/x86/include/asm/pgtable-2level.h | 17 + arch/x86/include/asm/pgtable-3level.h | 37 +- arch/x86/include/asm/pgtable-invert.h | 32 ++ arch/x86/include/asm/pgtable.h | 85 ++- arch/x86/include/asm/pgtable_64.h | 48 +- arch/x86/include/asm/pgtable_types.h | 10 +- arch/x86/include/asm/processor.h | 17 + arch/x86/include/asm/topology.h | 6 +- arch/x86/include/asm/vmx.h | 11 + arch/x86/kernel/apic/apic.c | 17 + arch/x86/kernel/apic/htirq.c | 2 + arch/x86/kernel/apic/io_apic.c | 1 + arch/x86/kernel/apic/msi.c | 1 + arch/x86/kernel/apic/vector.c | 1 + arch/x86/kernel/cpu/amd.c | 53 +- arch/x86/kernel/cpu/bugs.c | 171 ++++-- arch/x86/kernel/cpu/common.c | 56 +- arch/x86/kernel/cpu/cpu.h | 2 + arch/x86/kernel/cpu/intel.c | 7 + arch/x86/kernel/cpu/microcode/core.c | 26 + arch/x86/kernel/cpu/topology.c | 41 +- arch/x86/kernel/fpu/core.c | 1 + arch/x86/kernel/ftrace.c | 1 + arch/x86/kernel/hpet.c | 1 + arch/x86/kernel/i8259.c | 1 + arch/x86/kernel/irq.c | 1 + arch/x86/kernel/irq_32.c | 1 + arch/x86/kernel/irq_64.c | 1 + arch/x86/kernel/irqinit.c | 1 + arch/x86/kernel/kprobes/core.c | 5 +- arch/x86/kernel/kprobes/opt.c | 1 + arch/x86/kernel/paravirt.c | 14 +- arch/x86/kernel/setup.c | 6 + arch/x86/kernel/smp.c | 1 + arch/x86/kernel/smpboot.c | 18 + arch/x86/kernel/time.c | 1 + arch/x86/kvm/svm.c | 46 +- arch/x86/kvm/vmx.c | 426 ++++++++++++-- arch/x86/kvm/x86.c | 133 ++++- arch/x86/mm/fault.c | 1 + arch/x86/mm/init.c | 23 + arch/x86/mm/kaiser.c | 1 + arch/x86/mm/kmmio.c | 25 +- arch/x86/mm/mmap.c | 21 + arch/x86/mm/pageattr.c | 8 +- arch/x86/platform/efi/efi_64.c | 1 + arch/x86/platform/efi/quirks.c | 1 + .../intel-mid/device_libs/platform_mrfld_wdt.c | 1 + arch/x86/platform/uv/tlb_uv.c | 1 + arch/x86/xen/enlighten.c | 1 + arch/x86/xen/setup.c | 1 + drivers/acpi/acpi_lpss.c | 2 + drivers/base/cpu.c | 8 + drivers/char/tpm/tpm-dev.c | 43 +- drivers/infiniband/core/umem.c | 11 +- drivers/infiniband/hw/mlx4/mr.c | 50 +- drivers/infiniband/hw/ocrdma/ocrdma_stats.c | 2 +- drivers/mtd/nand/qcom_nandc.c | 3 + drivers/net/xen-netfront.c | 8 +- drivers/pci/host/pci-hyperv.c | 2 + drivers/scsi/sr.c | 29 +- fs/dcache.c | 13 +- fs/ext4/ialloc.c | 5 +- fs/ext4/super.c | 8 +- fs/namespace.c | 28 +- fs/proc/inode.c | 3 +- fs/proc/internal.h | 7 +- fs/proc/proc_sysctl.c | 83 ++- include/asm-generic/pgtable.h | 12 + include/linux/compiler-clang.h | 3 + include/linux/cpu.h | 23 +- include/linux/swapfile.h | 2 + include/linux/sysctl.h | 1 + include/rdma/ib_verbs.h | 14 + include/uapi/linux/kvm.h | 2 + init/main.c | 2 +- kernel/cpu.c | 282 +++++++++- kernel/smp.c | 2 + kernel/softirq.c | 12 +- mm/memory.c | 29 +- mm/mprotect.c | 49 ++ mm/swapfile.c | 46 +- tools/arch/x86/include/asm/cpufeatures.h | 4 +- 105 files changed, 2680 insertions(+), 366 deletions(-)

7 years, 4 months

7
128
0 0

[PATCH] avoid race condition between start_xmit and cm_rep_handler

by Aaron S. Knister

From: Aaron Knister <aaron.s.knister(a)nasa.gov> Inside of start_xmit() the call to check if the connection is up and the queueing of the packets for later transmission is not atomic which leaves a window where cm_rep_handler can run, set the connection up, dequeue pending packets and leave the subsequently queued packets by start_xmit() sitting on neigh->queue until they're dropped when the connection is torn down. This only applies to connected mode. These dropped packets can really upset TCP, for example, and cause multi-minute delays in transmission for open connections. I've got a reproducer available if it's needed. Here's the code in start_xmit where we check to see if the connection is up: if (ipoib_cm_get(neigh)) { if (ipoib_cm_up(neigh)) { ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); goto unref; } } The race occurs if cm_rep_handler execution occurs after the above connection check (specifically if it gets to the point where it acquires priv->lock to dequeue pending skb's) but before the below code snippet in start_xmit where packets are queued. if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { push_pseudo_header(skb, phdr->hwaddr); spin_lock_irqsave(&priv->lock, flags); __skb_queue_tail(&neigh->queue, skb); spin_unlock_irqrestore(&priv->lock, flags); } else { ++dev->stats.tx_dropped; dev_kfree_skb_any(skb); } The patch re-checks ipoib_cm_up with priv->lock held to avoid this race condition. Since odds are the conn should be up most of the time (and thus the connection *not* down most of the time) we don't hold the lock for the first check attempt to avoid a slowdown from unecessary locking for the majority of the packets transmitted during the connection's life. Cc: stable(a)vger.kernel.org Tested-by: Ira Weiny <ira.weiny(a)intel.com> Signed-off-by: Aaron Knister <aaron.s.knister(a)nasa.gov> --- drivers/infiniband/ulp/ipoib/ipoib_main.c | 53 +++++++++++++++++++++++++------ 1 file changed, 44 insertions(+), 9 deletions(-) diff --git a/drivers/infiniband/ulp/ipoib/ipoib_main.c b/drivers/infiniband/ulp/ipoib/ipoib_main.c index 26cde95b..529dbeab 100644 --- a/drivers/infiniband/ulp/ipoib/ipoib_main.c +++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c @@ -1093,6 +1093,34 @@ static void unicast_arp_send(struct sk_buff *skb, struct net_device *dev, spin_unlock_irqrestore(&priv->lock, flags); } +static void defer_neigh_skb(struct sk_buff *skb, struct net_device *dev, + struct ipoib_neigh *neigh, + struct ipoib_pseudo_header *phdr, + unsigned long *flags) +{ + struct ipoib_dev_priv *priv = ipoib_priv(dev); + unsigned long local_flags; + int acquire_priv_lock = 0; + + /* Passing in pointer to spin_lock flags indicates spin lock + * already acquired so we don't need to acquire the priv lock */ + if (flags == NULL) { + flags = &local_flags; + acquire_priv_lock = 1; + } + + if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { + push_pseudo_header(skb, phdr->hwaddr); + if (acquire_priv_lock) + spin_lock_irqsave(&priv->lock, *flags); + __skb_queue_tail(&neigh->queue, skb); + spin_unlock_irqrestore(&priv->lock, *flags); + } else { + ++dev->stats.tx_dropped; + dev_kfree_skb_any(skb); + } +} + static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) { struct ipoib_dev_priv *priv = ipoib_priv(dev); @@ -1160,6 +1188,21 @@ static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); goto unref; } + /* + * Re-check ipoib_cm_up with priv->lock held to avoid + * race condition between start_xmit and skb_dequeue in + * cm_rep_handler. Since odds are the conn should be up + * most of the time, we don't hold the lock for the + * first check above + */ + spin_lock_irqsave(&priv->lock, flags); + if (ipoib_cm_up(neigh)) { + spin_unlock_irqrestore(&priv->lock, flags); + ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); + } else { + defer_neigh_skb(skb, dev, neigh, phdr, &flags); + } + goto unref; } else if (neigh->ah && neigh->ah->valid) { neigh->ah->last_send = rn->send(dev, skb, neigh->ah->ah, IPOIB_QPN(phdr->hwaddr)); @@ -1168,15 +1211,7 @@ static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) neigh_refresh_path(neigh, phdr->hwaddr, dev); } - if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { - push_pseudo_header(skb, phdr->hwaddr); - spin_lock_irqsave(&priv->lock, flags); - __skb_queue_tail(&neigh->queue, skb); - spin_unlock_irqrestore(&priv->lock, flags); - } else { - ++dev->stats.tx_dropped; - dev_kfree_skb_any(skb); - } + defer_neigh_skb(skb, dev, neigh, phdr, NULL); unref: ipoib_neigh_put(neigh); -- 2.12.3

7 years, 4 months

1
0
0 0

[PATCH] x86/speculation/l1tf: Add assembly guard for xtensa/ia64

by Andi Kleen

From: Andi Kleen <ak(a)linux.intel.com> The stable backport of the x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings patch for 4.4 and 4.9 put new C code for !__HAVE_ARCH_PFN_MODIFY_ALLOWED code outside the assembler ifdef. This breaks the xtensa and ia64 build as reported by 0day which somehow include this file into assembler. Just add an #ifdef __ASSEMBLY__ around the new code to fix this. This patch is only needed for 4.9 and 4.4 stable, the newer stables don't have this problem. Fixes: 7c5b42f82c13 ("x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings") Signed-off-by: Andi Kleen <ak(a)linux.intel.com> --- include/asm-generic/pgtable.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h index a88ea9e37a25..abc2a1b15dd8 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h @@ -825,6 +825,7 @@ static inline int pmd_free_pte_page(pmd_t *pmd) #endif #endif +#ifndef __ASSEMBLY__ struct file; int phys_mem_access_prot_allowed(struct file *file, unsigned long pfn, unsigned long size, pgprot_t *vma_prot); @@ -839,6 +840,9 @@ static inline bool arch_has_pfn_modify_check(void) { return false; } + +#endif + #endif /* !_HAVE_ARCH_PFN_MODIFY_ALLOWED */ #endif /* !__ASSEMBLY__ */ -- 2.17.1

7 years, 4 months

2
1
0 0

[merged] zram-remove-bd_cap_synchronous_io-with-writeback-feature.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature has been removed from the -mm tree. Its filename was zram-remove-bd_cap_synchronous_io-with-writeback-feature.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Minchan Kim <minchan(a)kernel.org> Subject: zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature If zram supports writeback feature, it's no longer a BD_CAP_SYNCHRONOUS_IO device beause zram does asynchronous IO operations for incompressible pages. Do not pretend to be synchronous IO device. It makes the system very sluggish due to waiting for IO completion from upper layers. Furthermore, it causes a user-after-free problem because swap thinks the opearion is done when the IO functions returns so it can free the page (e.g., lock_page_or_retry and goto out_release in do_swap_page) but in fact, IO is asynchronous so the driver could access a just freed page afterward. This patch fixes the problem. BUG: Bad page state in process qemu-system-x86 pfn:3dfab21 page:ffffdfb137eac840 count:0 mapcount:0 mapping:0000000000000000 index:0x1 flags: 0x17fffc000000008(uptodate) raw: 017fffc000000008 dead000000000100 dead000000000200 0000000000000000 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag set bad because of flags: 0x8(uptodate) Modules linked in: lz4 lz4_compress zram zsmalloc intel_rapl sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel bin fmt_misc pcbc aesni_intel aes_x86_64 crypto_simd cryptd iTCO_wdt glue_helper iTCO_vendor_support intel_cstate lpc_ich mei_me intel_uncore intel_rapl_perf pcspkr joydev sg mfd_core ioatdma mei wmi evdev ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter acpi_pad button ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 fscrypto hid_generic usbhid hid sd_mod xhci_pci ehci_pci ahci libahci xhci_hcd ehci_hcd libata igb i2c_algo_bit crc32c_intel scsi_mod i2c_i8 01 dca usbcore CPU: 4 PID: 1039 Comm: qemu-system-x86 Tainted: G B 4.18.0-rc5+ #1 Hardware name: Supermicro Super Server/X10SRL-F, BIOS 2.0b 05/02/2017 Call Trace: dump_stack+0x5c/0x7b bad_page+0xba/0x120 get_page_from_freelist+0x1016/0x1250 __alloc_pages_nodemask+0xfa/0x250 alloc_pages_vma+0x7c/0x1c0 do_swap_page+0x347/0x920 ? __update_load_avg_se.isra.38+0x1eb/0x1f0 ? cpumask_next_wrap+0x3d/0x60 __handle_mm_fault+0x7b4/0x1110 ? update_load_avg+0x5ea/0x720 handle_mm_fault+0xfc/0x1f0 __get_user_pages+0x12f/0x690 get_user_pages_unlocked+0x148/0x1f0 __gfn_to_pfn_memslot+0xff/0x3c0 [kvm] try_async_pf+0x87/0x230 [kvm] tdp_page_fault+0x132/0x290 [kvm] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] kvm_mmu_page_fault+0x74/0x570 [kvm] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmx_vcpu_run+0x375/0x620 [kvm_intel] kvm_arch_vcpu_ioctl_run+0x9b3/0x1990 [kvm] ? __update_load_avg_se.isra.38+0x1eb/0x1f0 ? kvm_vcpu_ioctl+0x388/0x5d0 [kvm] kvm_vcpu_ioctl+0x388/0x5d0 [kvm] ? __switch_to+0x395/0x450 ? __switch_to+0x395/0x450 do_vfs_ioctl+0xa2/0x630 ? __schedule+0x3fd/0x890 ksys_ioctl+0x70/0x80 ? exit_to_usermode_loop+0xca/0xf0 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x55/0x100 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fb30361add7 Code: 00 00 00 48 8b 05 c1 80 2b 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 80 2b 00 f7 d8 64 89 01 48 RSP: 002b:00007fb2e97f98b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000000ae80 RCX: 00007fb30361add7 RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000015 RBP: 00005652b984e0f0 R08: 00005652b7d513d0 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fb308c66000 R14: 0000000000000000 R15: 00005652b984e0f0 Link: https://lore.kernel.org/lkml/0516ae2d-b0fd-92c5-aa92-112ba7bd32fc@contabo.d… Link: http://lkml.kernel.org/r/20180802051112.86174-1-minchan@kernel.org [minchan(a)kernel.org: fix changelog, add comment] Link: https://lore.kernel.org/lkml/0516ae2d-b0fd-92c5-aa92-112ba7bd32fc@contabo.d… Link: http://lkml.kernel.org/r/20180802051112.86174-1-minchan@kernel.org Link: http://lkml.kernel.org/r/20180805233722.217347-1-minchan@kernel.org [akpm(a)linux-foundation.org: coding-style fixes] Signed-off-by: Minchan Kim <minchan(a)kernel.org> Reported-by: Tino Lehnig <tino.lehnig(a)contabo.de> Tested-by: Tino Lehnig <tino.lehnig(a)contabo.de> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: <stable(a)vger.kernel.org> [4.15+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) --- a/drivers/block/zram/zram_drv.c~zram-remove-bd_cap_synchronous_io-with-writeback-feature +++ a/drivers/block/zram/zram_drv.c @@ -298,7 +298,8 @@ static void reset_bdev(struct zram *zram zram->backing_dev = NULL; zram->old_block_size = 0; zram->bdev = NULL; - + zram->disk->queue->backing_dev_info->capabilities |= + BDI_CAP_SYNCHRONOUS_IO; kvfree(zram->bitmap); zram->bitmap = NULL; } @@ -400,6 +401,18 @@ static ssize_t backing_dev_store(struct zram->backing_dev = backing_dev; zram->bitmap = bitmap; zram->nr_pages = nr_pages; + /* + * With writeback feature, zram does asynchronous IO so it's no longer + * synchronous device so let's remove synchronous io flag. Othewise, + * upper layer(e.g., swap) could wait IO completion rather than + * (submit and return), which will cause system sluggish. + * Furthermore, when the IO function returns(e.g., swap_readpage), + * upper layer expects IO was done so it could deallocate the page + * freely but in fact, IO is going on so finally could cause + * use-after-free when the IO is really done. + */ + zram->disk->queue->backing_dev_info->capabilities &= + ~BDI_CAP_SYNCHRONOUS_IO; up_write(&zram->init_lock); pr_info("setup backing device %s\n", file_name); _ Patches currently in -mm which might be from minchan(a)kernel.org are

7 years, 4 months

1
0
0 0

[PATCH 4.14 000/104] 4.14.63-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.63 release. There are 104 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 16 17:14:49 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.63-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.63-rc1 Josh Poimboeuf <jpoimboe(a)redhat.com> x86/microcode: Allow late microcode loading with SMT disabled David Woodhouse <dwmw(a)amazon.co.uk> tools headers: Synchronise x86 cpufeatures.h for L1TF additions Andi Kleen <ak(a)linux.intel.com> x86/mm/kmmio: Make the tracer robust against L1TF Andi Kleen <ak(a)linux.intel.com> x86/mm/pat: Make set_memory_np() L1TF safe Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Invert all not present mappings Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Fix SMT supported evaluation Paolo Bonzini <pbonzini(a)redhat.com> KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry Paolo Bonzini <pbonzini(a)redhat.com> x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry Paolo Bonzini <pbonzini(a)redhat.com> x86/speculation: Simplify sysfs report of VMX L1TF vulnerability Paolo Bonzini <pbonzini(a)redhat.com> KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR Wanpeng Li <wanpengli(a)tencent.com> KVM: X86: Allow userspace to define the microcode version Wanpeng Li <wanpengli(a)tencent.com> KVM: X86: Introduce kvm_get_msr_feature() Tom Lendacky <thomas.lendacky(a)amd.com> KVM: SVM: Add MSR-based feature support for serializing LFENCE Tom Lendacky <thomas.lendacky(a)amd.com> KVM: x86: Add a framework for supporting MSR-based features Thomas Gleixner <tglx(a)linutronix.de> Documentation/l1tf: Remove Yonah processors from not vulnerable list Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() Nicolai Stange <nstange(a)suse.de> x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d Nicolai Stange <nstange(a)suse.de> x86: Don't include linux/irq.h from asm/hardirq.h Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d Nicolai Stange <nstange(a)suse.de> x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() Josh Poimboeuf <jpoimboe(a)redhat.com> cpu/hotplug: detect SMT disabled by BIOS Tony Luck <tony.luck(a)intel.com> Documentation/l1tf: Fix typos Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content Thomas Gleixner <tglx(a)linutronix.de> Documentation: Add section about CPU vulnerabilities Jiri Kosina <jkosina(a)suse.cz> x86/bugs, kvm: Introduce boot-time control of L1TF mitigations Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early Jiri Kosina <jkosina(a)suse.cz> cpu/hotplug: Expose SMT control init function Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Allow runtime control of L1D flush Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Serialize L1D flush parameter setter Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Add static key for flush always Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Move l1tf setup function Thomas Gleixner <tglx(a)linutronix.de> x86/l1tf: Handle EPT disabled state proper Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Drop L1TF MSR list approach Thomas Gleixner <tglx(a)linutronix.de> x86/litf: Introduce vmx status variable Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Online siblings when SMT control is turned on Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Add find_msr() helper function Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D flush logic Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D MSR based flush Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D flush algorithm Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Add module argument for L1TF mitigation Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Boot HT siblings at least once Thomas Gleixner <tglx(a)linutronix.de> Revert "x86/apic: Ignore secondary threads if nosmt=force" Michal Hocko <mhocko(a)suse.cz> x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Protect PAE swap entries against L1TF Borislav Petkov <bp(a)suse.de> x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/cpufeatures: Add detection of L1D cache flush support. Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Extend 64bit swap file size limit Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Ignore secondary threads if nosmt=force Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/AMD: Evaluate smp_num_siblings early Borislav Petkov <bp(a)suse.de> x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/intel: Evaluate smp_num_siblings early Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/topology: Provide detect_extended_topology_early() Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/common: Provide detect_ht_early() Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/AMD: Remove the pointless detect_ht() call Thomas Gleixner <tglx(a)linutronix.de> x86/cpu: Remove the pointless CPU printout Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Provide knobs to control SMT Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Split do_cpu_down() Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Make bringup/teardown of smp threads symmetric Thomas Gleixner <tglx(a)linutronix.de> x86/topology: Provide topology_smt_supported() Thomas Gleixner <tglx(a)linutronix.de> x86/smp: Provide topology_is_primary_thread() Peter Zijlstra <peterz(a)infradead.org> sched/smt: Update sched_smt_present at runtime Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Move the l1tf function and define pr_fmt properly Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Limit swap file size to MAX_PA/2 Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Add sysfs reporting for l1tf Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Make sure the first page is always reserved Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation Linus Torvalds <torvalds(a)linux-foundation.org> x86/speculation/l1tf: Protect swap entries against L1TF Linus Torvalds <torvalds(a)linux-foundation.org> x86/speculation/l1tf: Change order of offset/type in swap entry Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT Nick Desaulniers <ndesaulniers(a)google.com> x86/irqflags: Provide a declaration for native_save_fl Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Fix %p uses in error messages Jiri Kosina <jkosina(a)suse.cz> x86/speculation: Protect against userspace-userspace spectreRSB Peter Zijlstra <peterz(a)infradead.org> x86/paravirt: Fix spectre-v2 mitigations for paravirt guests Oleksij Rempel <o.rempel(a)pengutronix.de> ARM: dts: imx6sx: fix irq for pcie bridge Lukas Wunner <lukas(a)wunner.de> Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops Ronald Tschalär <ronald(a)innovation.ch> Bluetooth: hci_ldisc: Allow sleeping while proto locks are held. Chunfeng Yun <chunfeng.yun(a)mediatek.com> phy: phy-mtk-tphy: use auto instead of force to bypass utmi signals Fabio Estevam <fabio.estevam(a)nxp.com> mtd: nand: qcom: Add a NULL check for devm_kasprintf() Al Viro <viro(a)zeniv.linux.org.uk> fix __legitimize_mnt()/mntput() race Al Viro <viro(a)zeniv.linux.org.uk> fix mntput/mntput race Al Viro <viro(a)zeniv.linux.org.uk> make sure that __dentry_kill() always invalidates d_seq, unhashed or not Al Viro <viro(a)zeniv.linux.org.uk> root dentries need RCU-delayed freeing Linus Torvalds <torvalds(a)linux-foundation.org> init: rename and re-order boot_cpu_state_init() Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix memory leak for allocating abort IOCB Bart Van Assche <bart.vanassche(a)wdc.com> scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled Juergen Gross <jgross(a)suse.com> xen/netfront: don't cache skb_shinfo() Isaac J. Manjarres <isaacm(a)codeaurora.org> stop_machine: Disable preemption after queueing stopper threads Linus Torvalds <torvalds(a)linux-foundation.org> Mark HI and TASKLET softirq synchronous Andrey Konovalov <andreyknvl(a)google.com> kasan: add no_sanitize attribute for clang builds Ming Lei <ming.lei(a)redhat.com> scsi: virtio_scsi: fix IO hang caused by automatic irq vector affinity Ming Lei <ming.lei(a)redhat.com> scsi: core: introduce force_blk_mq Ming Lei <ming.lei(a)redhat.com> scsi: hpsa: fix selection of reply queue John David Anglin <dave.anglin(a)bell.net> parisc: Define mb() and add memory barriers to assembler unlock sequences Helge Deller <deller(a)gmx.de> parisc: Enable CONFIG_MLONGCALLS by default ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 24 + Documentation/admin-guide/index.rst | 9 + Documentation/admin-guide/kernel-parameters.txt | 78 +++ Documentation/admin-guide/l1tf.rst | 610 +++++++++++++++++++++ Documentation/virtual/kvm/api.txt | 40 +- Makefile | 4 +- arch/Kconfig | 3 + arch/arm/boot/dts/imx6sx.dtsi | 2 +- arch/parisc/Kconfig | 2 +- arch/parisc/include/asm/barrier.h | 32 ++ arch/parisc/kernel/entry.S | 2 + arch/parisc/kernel/pacache.S | 1 + arch/parisc/kernel/syscall.S | 4 + arch/x86/Kconfig | 1 + arch/x86/include/asm/apic.h | 10 + arch/x86/include/asm/cpufeatures.h | 3 + arch/x86/include/asm/dmi.h | 2 +- arch/x86/include/asm/hardirq.h | 26 +- arch/x86/include/asm/irqflags.h | 2 + arch/x86/include/asm/kvm_host.h | 9 + arch/x86/include/asm/msr-index.h | 7 + arch/x86/include/asm/page_32_types.h | 9 +- arch/x86/include/asm/pgtable-2level.h | 17 + arch/x86/include/asm/pgtable-3level.h | 37 +- arch/x86/include/asm/pgtable-invert.h | 32 ++ arch/x86/include/asm/pgtable.h | 74 ++- arch/x86/include/asm/pgtable_64.h | 38 +- arch/x86/include/asm/processor.h | 17 + arch/x86/include/asm/topology.h | 6 +- arch/x86/include/asm/vmx.h | 11 + arch/x86/kernel/apic/apic.c | 17 + arch/x86/kernel/apic/htirq.c | 2 + arch/x86/kernel/apic/io_apic.c | 1 + arch/x86/kernel/apic/msi.c | 1 + arch/x86/kernel/apic/vector.c | 1 + arch/x86/kernel/cpu/amd.c | 49 +- arch/x86/kernel/cpu/bugs.c | 171 ++++-- arch/x86/kernel/cpu/common.c | 56 +- arch/x86/kernel/cpu/cpu.h | 2 + arch/x86/kernel/cpu/intel.c | 7 + arch/x86/kernel/cpu/microcode/core.c | 16 +- arch/x86/kernel/cpu/topology.c | 41 +- arch/x86/kernel/fpu/core.c | 1 + arch/x86/kernel/ftrace.c | 1 + arch/x86/kernel/hpet.c | 1 + arch/x86/kernel/i8259.c | 1 + arch/x86/kernel/idt.c | 1 + arch/x86/kernel/irq.c | 1 + arch/x86/kernel/irq_32.c | 1 + arch/x86/kernel/irq_64.c | 1 + arch/x86/kernel/irqinit.c | 1 + arch/x86/kernel/kprobes/core.c | 6 +- arch/x86/kernel/paravirt.c | 14 +- arch/x86/kernel/setup.c | 6 + arch/x86/kernel/smp.c | 1 + arch/x86/kernel/smpboot.c | 18 + arch/x86/kernel/time.c | 1 + arch/x86/kvm/mmu.c | 1 + arch/x86/kvm/svm.c | 44 +- arch/x86/kvm/vmx.c | 426 ++++++++++++-- arch/x86/kvm/x86.c | 133 ++++- arch/x86/mm/fault.c | 1 + arch/x86/mm/init.c | 23 + arch/x86/mm/kmmio.c | 25 +- arch/x86/mm/mmap.c | 21 + arch/x86/mm/pageattr.c | 8 +- arch/x86/mm/pti.c | 1 + .../intel-mid/device_libs/platform_mrfld_wdt.c | 1 + arch/x86/platform/uv/tlb_uv.c | 1 + arch/x86/xen/enlighten.c | 1 + drivers/base/cpu.c | 8 + drivers/bluetooth/hci_ldisc.c | 38 +- drivers/bluetooth/hci_serdev.c | 1 + drivers/bluetooth/hci_uart.h | 2 +- drivers/gpu/drm/i915/intel_lpe_audio.c | 1 + drivers/mtd/nand/qcom_nandc.c | 3 + drivers/net/xen-netfront.c | 8 +- drivers/pci/host/pci-hyperv.c | 2 + drivers/phy/mediatek/phy-mtk-tphy.c | 19 +- drivers/scsi/hosts.c | 1 + drivers/scsi/hpsa.c | 73 ++- drivers/scsi/hpsa.h | 1 + drivers/scsi/qla2xxx/qla_iocb.c | 53 +- drivers/scsi/sr.c | 29 +- drivers/scsi/virtio_scsi.c | 59 +- fs/dcache.c | 13 +- fs/namespace.c | 28 +- include/asm-generic/pgtable.h | 12 + include/linux/compiler-clang.h | 3 + include/linux/cpu.h | 23 +- include/linux/swapfile.h | 2 + include/scsi/scsi_host.h | 3 + include/uapi/linux/kvm.h | 2 + init/main.c | 2 +- kernel/cpu.c | 282 +++++++++- kernel/sched/core.c | 30 +- kernel/sched/fair.c | 1 + kernel/smp.c | 2 + kernel/softirq.c | 12 +- kernel/stop_machine.c | 10 +- mm/memory.c | 37 +- mm/mprotect.c | 49 ++ mm/swapfile.c | 46 +- tools/arch/x86/include/asm/cpufeatures.h | 3 + 104 files changed, 2619 insertions(+), 456 deletions(-)

7 years, 4 months

3
99
0 0

[PATCH 4.18 00/79] 4.18.1-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.1 release. There are 79 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Aug 16 17:13:16 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.1-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.1-rc1 Josh Poimboeuf <jpoimboe(a)redhat.com> x86/microcode: Allow late microcode loading with SMT disabled David Woodhouse <dwmw(a)amazon.co.uk> tools headers: Synchronise x86 cpufeatures.h for L1TF additions Andi Kleen <ak(a)linux.intel.com> x86/mm/kmmio: Make the tracer robust against L1TF Andi Kleen <ak(a)linux.intel.com> x86/mm/pat: Make set_memory_np() L1TF safe Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Invert all not present mappings Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Fix SMT supported evaluation Paolo Bonzini <pbonzini(a)redhat.com> KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry Paolo Bonzini <pbonzini(a)redhat.com> x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry Paolo Bonzini <pbonzini(a)redhat.com> x86/speculation: Simplify sysfs report of VMX L1TF vulnerability Thomas Gleixner <tglx(a)linutronix.de> Documentation/l1tf: Remove Yonah processors from not vulnerable list Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() Nicolai Stange <nstange(a)suse.de> x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d Nicolai Stange <nstange(a)suse.de> x86: Don't include linux/irq.h from asm/hardirq.h Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d Nicolai Stange <nstange(a)suse.de> x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() Josh Poimboeuf <jpoimboe(a)redhat.com> cpu/hotplug: detect SMT disabled by BIOS Tony Luck <tony.luck(a)intel.com> Documentation/l1tf: Fix typos Nicolai Stange <nstange(a)suse.de> x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content Jiri Kosina <jkosina(a)suse.cz> x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures Thomas Gleixner <tglx(a)linutronix.de> Documentation: Add section about CPU vulnerabilities Jiri Kosina <jkosina(a)suse.cz> x86/bugs, kvm: Introduce boot-time control of L1TF mitigations Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early Jiri Kosina <jkosina(a)suse.cz> cpu/hotplug: Expose SMT control init function Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Allow runtime control of L1D flush Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Serialize L1D flush parameter setter Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Add static key for flush always Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Move l1tf setup function Thomas Gleixner <tglx(a)linutronix.de> x86/l1tf: Handle EPT disabled state proper Thomas Gleixner <tglx(a)linutronix.de> x86/kvm: Drop L1TF MSR list approach Thomas Gleixner <tglx(a)linutronix.de> x86/litf: Introduce vmx status variable Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Online siblings when SMT control is turned on Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Add find_msr() helper function Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D flush logic Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D MSR based flush Paolo Bonzini <pbonzini(a)redhat.com> x86/KVM/VMX: Add L1D flush algorithm Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM/VMX: Add module argument for L1TF mitigation Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Boot HT siblings at least once Thomas Gleixner <tglx(a)linutronix.de> Revert "x86/apic: Ignore secondary threads if nosmt=force" Michal Hocko <mhocko(a)suse.cz> x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Protect PAE swap entries against L1TF Borislav Petkov <bp(a)suse.de> x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/cpufeatures: Add detection of L1D cache flush support. Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Extend 64bit swap file size limit Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Ignore secondary threads if nosmt=force Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/AMD: Evaluate smp_num_siblings early Borislav Petkov <bp(a)suse.de> x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/intel: Evaluate smp_num_siblings early Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/topology: Provide detect_extended_topology_early() Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/common: Provide detect_ht_early() Thomas Gleixner <tglx(a)linutronix.de> x86/cpu/AMD: Remove the pointless detect_ht() call Thomas Gleixner <tglx(a)linutronix.de> x86/cpu: Remove the pointless CPU printout Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Provide knobs to control SMT Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Split do_cpu_down() Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Make bringup/teardown of smp threads symmetric Thomas Gleixner <tglx(a)linutronix.de> x86/topology: Provide topology_smt_supported() Thomas Gleixner <tglx(a)linutronix.de> x86/smp: Provide topology_is_primary_thread() Peter Zijlstra <peterz(a)infradead.org> sched/smt: Update sched_smt_present at runtime Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Move the l1tf function and define pr_fmt properly Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Limit swap file size to MAX_PA/2 Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Add sysfs reporting for l1tf Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Make sure the first page is always reserved Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation Linus Torvalds <torvalds(a)linux-foundation.org> x86/speculation/l1tf: Protect swap entries against L1TF Linus Torvalds <torvalds(a)linux-foundation.org> x86/speculation/l1tf: Change order of offset/type in swap entry Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT Nick Desaulniers <ndesaulniers(a)google.com> x86/irqflags: Provide a declaration for native_save_fl Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Fix %p uses in error messages Jiri Kosina <jkosina(a)suse.cz> x86/speculation: Protect against userspace-userspace spectreRSB Peter Zijlstra <peterz(a)infradead.org> x86/paravirt: Fix spectre-v2 mitigations for paravirt guests ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 24 + Documentation/admin-guide/index.rst | 9 + Documentation/admin-guide/kernel-parameters.txt | 78 +++ Documentation/admin-guide/l1tf.rst | 610 +++++++++++++++++++++ Makefile | 4 +- arch/Kconfig | 3 + arch/x86/Kconfig | 1 + arch/x86/include/asm/apic.h | 9 + arch/x86/include/asm/cpufeatures.h | 3 + arch/x86/include/asm/dmi.h | 2 +- arch/x86/include/asm/hardirq.h | 26 +- arch/x86/include/asm/irqflags.h | 2 + arch/x86/include/asm/kvm_host.h | 6 + arch/x86/include/asm/msr-index.h | 7 + arch/x86/include/asm/page_32_types.h | 9 +- arch/x86/include/asm/pgtable-2level.h | 17 + arch/x86/include/asm/pgtable-3level.h | 37 +- arch/x86/include/asm/pgtable-invert.h | 32 ++ arch/x86/include/asm/pgtable.h | 74 ++- arch/x86/include/asm/pgtable_64.h | 38 +- arch/x86/include/asm/processor.h | 17 + arch/x86/include/asm/topology.h | 6 +- arch/x86/include/asm/vmx.h | 11 + arch/x86/kernel/apic/apic.c | 16 + arch/x86/kernel/apic/io_apic.c | 1 + arch/x86/kernel/apic/msi.c | 1 + arch/x86/kernel/apic/vector.c | 1 + arch/x86/kernel/cpu/amd.c | 51 +- arch/x86/kernel/cpu/bugs.c | 171 ++++-- arch/x86/kernel/cpu/common.c | 56 +- arch/x86/kernel/cpu/cpu.h | 2 + arch/x86/kernel/cpu/intel.c | 7 + arch/x86/kernel/cpu/microcode/core.c | 16 +- arch/x86/kernel/cpu/topology.c | 41 +- arch/x86/kernel/fpu/core.c | 1 + arch/x86/kernel/hpet.c | 1 + arch/x86/kernel/i8259.c | 1 + arch/x86/kernel/idt.c | 1 + arch/x86/kernel/irq.c | 1 + arch/x86/kernel/irq_32.c | 1 + arch/x86/kernel/irq_64.c | 1 + arch/x86/kernel/irqinit.c | 1 + arch/x86/kernel/kprobes/core.c | 5 +- arch/x86/kernel/paravirt.c | 14 +- arch/x86/kernel/setup.c | 6 + arch/x86/kernel/smp.c | 1 + arch/x86/kernel/smpboot.c | 18 + arch/x86/kernel/time.c | 1 + arch/x86/kvm/mmu.c | 1 + arch/x86/kvm/vmx.c | 455 ++++++++++++--- arch/x86/kvm/x86.c | 34 +- arch/x86/mm/init.c | 23 + arch/x86/mm/kmmio.c | 25 +- arch/x86/mm/mmap.c | 21 + arch/x86/mm/pageattr.c | 8 +- arch/x86/mm/pti.c | 1 + .../intel-mid/device_libs/platform_mrfld_wdt.c | 1 + arch/x86/platform/uv/tlb_uv.c | 1 + arch/x86/xen/enlighten.c | 1 + drivers/base/cpu.c | 8 + drivers/gpu/drm/i915/i915_pmu.c | 1 + drivers/gpu/drm/i915/intel_lpe_audio.c | 1 + drivers/pci/controller/pci-hyperv.c | 1 + include/asm-generic/pgtable.h | 12 + include/linux/cpu.h | 21 + include/linux/swapfile.h | 2 + kernel/cpu.c | 280 +++++++++- kernel/sched/core.c | 30 +- kernel/sched/fair.c | 1 + kernel/smp.c | 2 + mm/memory.c | 37 +- mm/mprotect.c | 49 ++ mm/swapfile.c | 46 +- tools/arch/x86/include/asm/cpufeatures.h | 3 + 74 files changed, 2206 insertions(+), 300 deletions(-)

7 years, 4 months

3
82
0 0

[PATCH v2 1/2] arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()

by Greg Hackmann

ARM64's pfn_valid() shifts away the upper PAGE_SHIFT bits of the input before seeing if the PFN is valid. This leads to false positives when some of the upper bits are set, but the lower bits match a valid PFN. For example, the following userspace code looks up a bogus entry in /proc/kpageflags: int pagemap = open("/proc/self/pagemap", O_RDONLY); int pageflags = open("/proc/kpageflags", O_RDONLY); uint64_t pfn, val; lseek64(pagemap, [...], SEEK_SET); read(pagemap, &pfn, sizeof(pfn)); if (pfn & (1UL << 63)) { /* valid PFN */ pfn &= ((1UL << 55) - 1); /* clear flag bits */ pfn |= (1UL << 55); lseek64(pageflags, pfn * sizeof(uint64_t), SEEK_SET); read(pageflags, &val, sizeof(val)); } On ARM64 this causes the userspace process to crash with SIGSEGV rather than reading (1 << KPF_NOPAGE). kpageflags_read() treats the offset as valid, and stable_page_flags() will try to access an address between the user and kernel address ranges. Fixes: c1cc1552616d ("arm64: MMU initialisation") Cc: stable(a)vger.kernel.org Signed-off-by: Greg Hackmann <ghackmann(a)google.com> --- arch/arm64/mm/init.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c index 9abf8a1e7b25..787e27964ab9 100644 --- a/arch/arm64/mm/init.c +++ b/arch/arm64/mm/init.c @@ -287,7 +287,11 @@ static void __init zone_sizes_init(unsigned long min, unsigned long max) #ifdef CONFIG_HAVE_ARCH_PFN_VALID int pfn_valid(unsigned long pfn) { - return memblock_is_map_memory(pfn << PAGE_SHIFT); + phys_addr_t addr = pfn << PAGE_SHIFT; + + if ((addr >> PAGE_SHIFT) != pfn) + return 0; + return memblock_is_map_memory(addr); } EXPORT_SYMBOL(pfn_valid); #endif -- 2.18.0.865.gffc8e1a3cd6-goog

7 years, 4 months

1
1
0 0

[PATCH 1/2] Fix kexec forbidding kernels signed with keys in the secondary keyring to boot

by Yannik Sembritzki

The split of .system_keyring to .builtin_trusted_keys and .secondary_trusted_keys broke kexec, as kernels signed by keys which are now in the secondary keyring cannot be kexec'd anymore. Signed-off-by: Yannik Sembritzki <yannik(a)sembritzki.me> CC: stable(a)vger.kernel.org --- arch/x86/kernel/kexec-bzimage64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c index 7326078e..74628275 100644 --- a/arch/x86/kernel/kexec-bzimage64.c +++ b/arch/x86/kernel/kexec-bzimage64.c @@ -532,7 +532,7 @@ static int bzImage64_cleanup(void *loader_data) static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len) { return verify_pefile_signature(kernel, kernel_len, - NULL, + ((struct key *)1UL), VERIFYING_KEXEC_PE_SIGNATURE); } #endif -- 2.17.1

7 years, 4 months

1
0
0 0

[PATCH v8 5/5] drm/nouveau: Fix deadlocks in nouveau_connector_detect()

by Lyude Paul

When we disable hotplugging on the GPU, we need to be able to synchronize with each connector's hotplug interrupt handler before the interrupt is finally disabled. This can be a problem however, since nouveau_connector_detect() currently grabs a runtime power reference when handling connector probing. This will deadlock the runtime suspend handler like so: [ 861.480896] INFO: task kworker/0:2:61 blocked for more than 120 seconds. [ 861.483290] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.485158] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.486332] kworker/0:2 D 0 61 2 0x80000000 [ 861.487044] Workqueue: events nouveau_display_hpd_work [nouveau] [ 861.487737] Call Trace: [ 861.488394] __schedule+0x322/0xaf0 [ 861.489070] schedule+0x33/0x90 [ 861.489744] rpm_resume+0x19c/0x850 [ 861.490392] ? finish_wait+0x90/0x90 [ 861.491068] __pm_runtime_resume+0x4e/0x90 [ 861.491753] nouveau_display_hpd_work+0x22/0x60 [nouveau] [ 861.492416] process_one_work+0x231/0x620 [ 861.493068] worker_thread+0x44/0x3a0 [ 861.493722] kthread+0x12b/0x150 [ 861.494342] ? wq_pool_ids_show+0x140/0x140 [ 861.494991] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.495648] ret_from_fork+0x3a/0x50 [ 861.496304] INFO: task kworker/6:2:320 blocked for more than 120 seconds. [ 861.496968] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.497654] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.498341] kworker/6:2 D 0 320 2 0x80000080 [ 861.499045] Workqueue: pm pm_runtime_work [ 861.499739] Call Trace: [ 861.500428] __schedule+0x322/0xaf0 [ 861.501134] ? wait_for_completion+0x104/0x190 [ 861.501851] schedule+0x33/0x90 [ 861.502564] schedule_timeout+0x3a5/0x590 [ 861.503284] ? mark_held_locks+0x58/0x80 [ 861.503988] ? _raw_spin_unlock_irq+0x2c/0x40 [ 861.504710] ? wait_for_completion+0x104/0x190 [ 861.505417] ? trace_hardirqs_on_caller+0xf4/0x190 [ 861.506136] ? wait_for_completion+0x104/0x190 [ 861.506845] wait_for_completion+0x12c/0x190 [ 861.507555] ? wake_up_q+0x80/0x80 [ 861.508268] flush_work+0x1c9/0x280 [ 861.508990] ? flush_workqueue_prep_pwqs+0x1b0/0x1b0 [ 861.509735] nvif_notify_put+0xb1/0xc0 [nouveau] [ 861.510482] nouveau_display_fini+0xbd/0x170 [nouveau] [ 861.511241] nouveau_display_suspend+0x67/0x120 [nouveau] [ 861.511969] nouveau_do_suspend+0x5e/0x2d0 [nouveau] [ 861.512715] nouveau_pmops_runtime_suspend+0x47/0xb0 [nouveau] [ 861.513435] pci_pm_runtime_suspend+0x6b/0x180 [ 861.514165] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.514897] __rpm_callback+0x7a/0x1d0 [ 861.515618] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.516313] rpm_callback+0x24/0x80 [ 861.517027] ? pci_has_legacy_pm_support+0x70/0x70 [ 861.517741] rpm_suspend+0x142/0x6b0 [ 861.518449] pm_runtime_work+0x97/0xc0 [ 861.519144] process_one_work+0x231/0x620 [ 861.519831] worker_thread+0x44/0x3a0 [ 861.520522] kthread+0x12b/0x150 [ 861.521220] ? wq_pool_ids_show+0x140/0x140 [ 861.521925] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.522622] ret_from_fork+0x3a/0x50 [ 861.523299] INFO: task kworker/6:0:1329 blocked for more than 120 seconds. [ 861.523977] Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.524644] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 861.525349] kworker/6:0 D 0 1329 2 0x80000000 [ 861.526073] Workqueue: events nvif_notify_work [nouveau] [ 861.526751] Call Trace: [ 861.527411] __schedule+0x322/0xaf0 [ 861.528089] schedule+0x33/0x90 [ 861.528758] rpm_resume+0x19c/0x850 [ 861.529399] ? finish_wait+0x90/0x90 [ 861.530073] __pm_runtime_resume+0x4e/0x90 [ 861.530798] nouveau_connector_detect+0x7e/0x510 [nouveau] [ 861.531459] ? ww_mutex_lock+0x47/0x80 [ 861.532097] ? ww_mutex_lock+0x47/0x80 [ 861.532819] ? drm_modeset_lock+0x88/0x130 [drm] [ 861.533481] drm_helper_probe_detect_ctx+0xa0/0x100 [drm_kms_helper] [ 861.534127] drm_helper_hpd_irq_event+0xa4/0x120 [drm_kms_helper] [ 861.534940] nouveau_connector_hotplug+0x98/0x120 [nouveau] [ 861.535556] nvif_notify_work+0x2d/0xb0 [nouveau] [ 861.536221] process_one_work+0x231/0x620 [ 861.536994] worker_thread+0x44/0x3a0 [ 861.537757] kthread+0x12b/0x150 [ 861.538463] ? wq_pool_ids_show+0x140/0x140 [ 861.539102] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.539815] ret_from_fork+0x3a/0x50 [ 861.540521] Showing all locks held in the system: [ 861.541696] 2 locks held by kworker/0:2/61: [ 861.542406] #0: 000000002dbf8af5 ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.543071] #1: 0000000076868126 ((work_completion)(&drm->hpd_work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.543814] 1 lock held by khungtaskd/64: [ 861.544535] #0: 0000000059db4b53 (rcu_read_lock){....}, at: debug_show_all_locks+0x23/0x185 [ 861.545160] 3 locks held by kworker/6:2/320: [ 861.545896] #0: 00000000d9e1bc59 ((wq_completion)"pm"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.546702] #1: 00000000c9f92d84 ((work_completion)(&dev->power.work)){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.547443] #2: 000000004afc5de1 (drm_connector_list_iter){.+.+}, at: nouveau_display_fini+0x96/0x170 [nouveau] [ 861.548146] 1 lock held by dmesg/983: [ 861.548889] 2 locks held by zsh/1250: [ 861.549605] #0: 00000000348e3cf6 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x37/0x40 [ 861.550393] #1: 000000007009a7a8 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0xc1/0x870 [ 861.551122] 6 locks held by kworker/6:0/1329: [ 861.551957] #0: 000000002dbf8af5 ((wq_completion)"events"){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.552765] #1: 00000000ddb499ad ((work_completion)(&notify->work)#2){+.+.}, at: process_one_work+0x1b3/0x620 [ 861.553582] #2: 000000006e013cbe (&dev->mode_config.mutex){+.+.}, at: drm_helper_hpd_irq_event+0x6c/0x120 [drm_kms_helper] [ 861.554357] #3: 000000004afc5de1 (drm_connector_list_iter){.+.+}, at: drm_helper_hpd_irq_event+0x78/0x120 [drm_kms_helper] [ 861.555227] #4: 0000000044f294d9 (crtc_ww_class_acquire){+.+.}, at: drm_helper_probe_detect_ctx+0x3d/0x100 [drm_kms_helper] [ 861.556133] #5: 00000000db193642 (crtc_ww_class_mutex){+.+.}, at: drm_modeset_lock+0x4b/0x130 [drm] [ 861.557864] ============================================= [ 861.559507] NMI backtrace for cpu 2 [ 861.560363] CPU: 2 PID: 64 Comm: khungtaskd Tainted: G O 4.18.0-rc6Lyude-Test+ #1 [ 861.561197] Hardware name: LENOVO 20EQS64N0B/20EQS64N0B, BIOS N1EET78W (1.51 ) 05/18/2018 [ 861.561948] Call Trace: [ 861.562757] dump_stack+0x8e/0xd3 [ 861.563516] nmi_cpu_backtrace.cold.3+0x14/0x5a [ 861.564269] ? lapic_can_unplug_cpu.cold.27+0x42/0x42 [ 861.565029] nmi_trigger_cpumask_backtrace+0xa1/0xae [ 861.565789] arch_trigger_cpumask_backtrace+0x19/0x20 [ 861.566558] watchdog+0x316/0x580 [ 861.567355] kthread+0x12b/0x150 [ 861.568114] ? reset_hung_task_detector+0x20/0x20 [ 861.568863] ? kthread_create_worker_on_cpu+0x70/0x70 [ 861.569598] ret_from_fork+0x3a/0x50 [ 861.570370] Sending NMI from CPU 2 to CPUs 0-1,3-7: [ 861.571426] NMI backtrace for cpu 6 skipped: idling at intel_idle+0x7f/0x120 [ 861.571429] NMI backtrace for cpu 7 skipped: idling at intel_idle+0x7f/0x120 [ 861.571432] NMI backtrace for cpu 3 skipped: idling at intel_idle+0x7f/0x120 [ 861.571464] NMI backtrace for cpu 5 skipped: idling at intel_idle+0x7f/0x120 [ 861.571467] NMI backtrace for cpu 0 skipped: idling at intel_idle+0x7f/0x120 [ 861.571469] NMI backtrace for cpu 4 skipped: idling at intel_idle+0x7f/0x120 [ 861.571472] NMI backtrace for cpu 1 skipped: idling at intel_idle+0x7f/0x120 [ 861.572428] Kernel panic - not syncing: hung_task: blocked tasks So: fix this by making it so that normal hotplug handling /only/ happens so long as the GPU is currently awake without any pending runtime PM requests. In the event that a hotplug occurs while the device is suspending or resuming, we can simply defer our response until the GPU is fully runtime resumed again. Changes since v4: - Use a new trick I came up with using pm_runtime_get() instead of the hackish junk we had before Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Karol Herbst <kherbst(a)redhat.com> Acked-by: Daniel Vetter <daniel(a)ffwll.ch> Cc: stable(a)vger.kernel.org Cc: Lukas Wunner <lukas(a)wunner.de> --- drivers/gpu/drm/nouveau/nouveau_connector.c | 22 +++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c index 010d6db14cba..109240c03357 100644 --- a/drivers/gpu/drm/nouveau/nouveau_connector.c +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c @@ -1124,6 +1124,26 @@ nouveau_connector_hotplug(struct nvif_notify *notify) const struct nvif_notify_conn_rep_v0 *rep = notify->data; const char *name = connector->name; struct nouveau_encoder *nv_encoder; + int ret; + + ret = pm_runtime_get(drm->dev->dev); + if (ret == 0) { + /* We can't block here if there's a pending PM request + * running, as we'll deadlock nouveau_display_fini() when it + * calls nvif_put() on our nvif_notify struct. So, simply + * defer the hotplug event until the device finishes resuming + */ + NV_DEBUG(drm, "Deferring HPD on %s until runtime resume\n", + name); + schedule_work(&drm->hpd_work); + + pm_runtime_put_noidle(drm->dev->dev); + return NVIF_NOTIFY_KEEP; + } else if (ret != 1 && ret != -EACCES) { + NV_WARN(drm, "HPD on %s dropped due to RPM failure: %d\n", + name, ret); + return NVIF_NOTIFY_DROP; + } if (rep->mask & NVIF_NOTIFY_CONN_V0_IRQ) { NV_DEBUG(drm, "service %s\n", name); @@ -1141,6 +1161,8 @@ nouveau_connector_hotplug(struct nvif_notify *notify) drm_helper_hpd_irq_event(connector->dev); } + pm_runtime_mark_last_busy(drm->dev->dev); + pm_runtime_put_autosuspend(drm->dev->dev); return NVIF_NOTIFY_KEEP; } -- 2.17.1

7 years, 4 months

1
0
0 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror