- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] Patch "sctp: do not free asoc when it is already dead in sctp_sendmsg" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sctp: do not free asoc when it is already dead in sctp_sendmsg to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sctp-do-not-free-asoc-when-it-is-already-dead-in-sctp_sendmsg.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Xin Long <lucien.xin(a)gmail.com> Date: Wed, 15 Nov 2017 16:55:54 +0800 Subject: sctp: do not free asoc when it is already dead in sctp_sendmsg From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit ca3af4dd28cff4e7216e213ba3b671fbf9f84758 ] Now in sctp_sendmsg sctp_wait_for_sndbuf could schedule out without holding sock sk. It means the current asoc can be freed elsewhere, like when receiving an abort packet. If the asoc is just created in sctp_sendmsg and sctp_wait_for_sndbuf returns err, the asoc will be freed again due to new_asoc is not nil. An use-after-free issue would be triggered by this. This patch is to fix it by setting new_asoc with nil if the asoc is already dead when cpu schedules back, so that it will not be freed again in sctp_sendmsg. v1->v2: set new_asoc as nil in sctp_sendmsg instead of sctp_wait_for_sndbuf. Suggested-by: Neil Horman <nhorman(a)tuxdriver.com> Reported-by: Dmitry Vyukov <dvyukov(a)google.com> Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Acked-by: Neil Horman <nhorman(a)tuxdriver.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sctp/socket.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -1958,8 +1958,14 @@ static int sctp_sendmsg(struct sock *sk, timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); if (!sctp_wspace(asoc)) { err = sctp_wait_for_sndbuf(asoc, &timeo, msg_len); - if (err) + if (err) { + if (err == -ESRCH) { + /* asoc is already dead. */ + new_asoc = NULL; + err = -EPIPE; + } goto out_free; + } } /* If an address is passed with the sendto/sendmsg call, it is used @@ -7457,10 +7463,11 @@ static int sctp_wait_for_sndbuf(struct s for (;;) { prepare_to_wait_exclusive(&asoc->wait, &wait, TASK_INTERRUPTIBLE); + if (asoc->base.dead) + goto do_dead; if (!*timeo_p) goto do_nonblock; - if (sk->sk_err || asoc->state >= SCTP_STATE_SHUTDOWN_PENDING || - asoc->base.dead) + if (sk->sk_err || asoc->state >= SCTP_STATE_SHUTDOWN_PENDING) goto do_error; if (signal_pending(current)) goto do_interrupted; @@ -7485,6 +7492,10 @@ out: return err; +do_dead: + err = -ESRCH; + goto out; + do_error: err = -EPIPE; goto out; Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.9/route-update-fnhe_expires-for-redirect-when-the-fnhe-exists.patch queue-4.9/route-also-update-fnhe_genid-when-updating-a-route-cache.patch queue-4.9/sctp-use-the-right-sk-after-waking-up-from-wait_buf-sleep.patch queue-4.9/sctp-do-not-free-asoc-when-it-is-already-dead-in-sctp_sendmsg.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: scsi-lpfc-fix-crash-during-hardware-error-recovery-on-sli3-adapters.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: James Smart <jsmart2021(a)gmail.com> Date: Sat, 4 Mar 2017 09:30:25 -0800 Subject: scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters From: James Smart <jsmart2021(a)gmail.com> [ Upstream commit 5d181531bc6169e19a02a27d202cf0e982db9d0e ] if REG_VPI fails, the driver was incorrectly issuing INIT_VFI (a SLI4 command) on a SLI3 adapter. Signed-off-by: Dick Kennedy <dick.kennedy(a)broadcom.com> Signed-off-by: James Smart <james.smart(a)broadcom.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/scsi/lpfc/lpfc_els.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) --- a/drivers/scsi/lpfc/lpfc_els.c +++ b/drivers/scsi/lpfc/lpfc_els.c @@ -8185,11 +8185,17 @@ lpfc_cmpl_reg_new_vport(struct lpfc_hba spin_lock_irq(shost->host_lock); vport->fc_flag |= FC_VPORT_NEEDS_REG_VPI; spin_unlock_irq(shost->host_lock); - if (vport->port_type == LPFC_PHYSICAL_PORT - && !(vport->fc_flag & FC_LOGO_RCVD_DID_CHNG)) - lpfc_issue_init_vfi(vport); - else + if (mb->mbxStatus == MBX_NOT_FINISHED) + break; + if ((vport->port_type == LPFC_PHYSICAL_PORT) && + !(vport->fc_flag & FC_LOGO_RCVD_DID_CHNG)) { + if (phba->sli_rev == LPFC_SLI_REV4) + lpfc_issue_init_vfi(vport); + else + lpfc_initial_flogi(vport); + } else { lpfc_initial_fdisc(vport); + } break; } } else { Patches currently in stable-queue which might be from jsmart2021(a)gmail.com are queue-4.9/scsi-lpfc-fix-crash-during-hardware-error-recovery-on-sli3-adapters.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "scsi: qla2xxx: Fix ql_dump_buffer" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled scsi: qla2xxx: Fix ql_dump_buffer to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: scsi-qla2xxx-fix-ql_dump_buffer.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Joe Perches <joe(a)perches.com> Date: Thu, 2 Mar 2017 17:14:47 -0800 Subject: scsi: qla2xxx: Fix ql_dump_buffer From: Joe Perches <joe(a)perches.com> [ Upstream commit 23456565acf6d452e0368f7380aecd584c019c67 ] Recent printk changes for KERN_CONT cause this logging to be defectively emitted on multiple lines. Fix it. Also reduces object size a trivial amount. $ size drivers/scsi/qla2xxx/qla_dbg.o* text data bss dec hex filename 39125 0 0 39125 98d5 drivers/scsi/qla2xxx/qla_dbg.o.new 39164 0 0 39164 98fc drivers/scsi/qla2xxx/qla_dbg.o.old Signed-off-by: Joe Perches <joe(a)perches.com> Acked-by: Himanshu Madhani <himanshu.madhani(a)cavium.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/scsi/qla2xxx/qla_dbg.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) --- a/drivers/scsi/qla2xxx/qla_dbg.c +++ b/drivers/scsi/qla2xxx/qla_dbg.c @@ -2707,13 +2707,9 @@ ql_dump_buffer(uint32_t level, scsi_qla_ "%-+5d 0 1 2 3 4 5 6 7 8 9 A B C D E F\n", size); ql_dbg(level, vha, id, "----- -----------------------------------------------\n"); - for (cnt = 0; cnt < size; cnt++, buf++) { - if (cnt % 16 == 0) - ql_dbg(level, vha, id, "%04x:", cnt & ~0xFU); - printk(" %02x", *buf); - if (cnt % 16 == 15) - printk("\n"); + for (cnt = 0; cnt < size; cnt += 16) { + ql_dbg(level, vha, id, "%04x: ", cnt); + print_hex_dump(KERN_CONT, "", DUMP_PREFIX_NONE, 16, 1, + buf + cnt, min(16U, size - cnt), false); } - if (cnt % 16 != 0) - printk("\n"); } Patches currently in stable-queue which might be from joe(a)perches.com are queue-4.9/scsi-qla2xxx-fix-ql_dump_buffer.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "route: update fnhe_expires for redirect when the fnhe exists" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled route: update fnhe_expires for redirect when the fnhe exists to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: route-update-fnhe_expires-for-redirect-when-the-fnhe-exists.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Xin Long <lucien.xin(a)gmail.com> Date: Fri, 17 Nov 2017 14:27:06 +0800 Subject: route: update fnhe_expires for redirect when the fnhe exists From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit e39d5246111399dbc6e11cd39fd8580191b86c47 ] Now when creating fnhe for redirect, it sets fnhe_expires for this new route cache. But when updating the exist one, it doesn't do it. It will cause this fnhe never to be expired. Paolo already noticed it before, in Jianlin's test case, it became even worse: When ip route flush cache, the old fnhe is not to be removed, but only clean it's members. When redirect comes again, this fnhe will be found and updated, but never be expired due to fnhe_expires not being set. So fix it by simply updating fnhe_expires even it's for redirect. Fixes: aee06da6726d ("ipv4: use seqlock for nh_exceptions") Reported-by: Jianlin Shi <jishi(a)redhat.com> Acked-by: Hannes Frederic Sowa <hannes(a)stressinduktion.org> Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/route.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -662,10 +662,9 @@ static void update_or_create_fnhe(struct fnhe->fnhe_genid = genid; if (gw) fnhe->fnhe_gw = gw; - if (pmtu) { + if (pmtu) fnhe->fnhe_pmtu = pmtu; - fnhe->fnhe_expires = max(1UL, expires); - } + fnhe->fnhe_expires = max(1UL, expires); /* Update all cached dsts too */ rt = rcu_dereference(fnhe->fnhe_rth_input); if (rt) Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.9/route-update-fnhe_expires-for-redirect-when-the-fnhe-exists.patch queue-4.9/route-also-update-fnhe_genid-when-updating-a-route-cache.patch queue-4.9/sctp-use-the-right-sk-after-waking-up-from-wait_buf-sleep.patch queue-4.9/sctp-do-not-free-asoc-when-it-is-already-dead-in-sctp_sendmsg.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "sched/fair: Make select_idle_cpu() more aggressive" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sched/fair: Make select_idle_cpu() more aggressive to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sched-fair-make-select_idle_cpu-more-aggressive.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Peter Zijlstra <peterz(a)infradead.org> Date: Wed, 1 Mar 2017 11:24:35 +0100 Subject: sched/fair: Make select_idle_cpu() more aggressive From: Peter Zijlstra <peterz(a)infradead.org> [ Upstream commit 4c77b18cf8b7ab37c7d5737b4609010d2ceec5f0 ] Kitsunyan reported desktop latency issues on his Celeron 887 because of commit: 1b568f0aabf2 ("sched/core: Optimize SCHED_SMT") ... even though his CPU doesn't do SMT. The effect of running the SMT code on a !SMT part is basically a more aggressive select_idle_cpu(). Removing the avg condition fixed things for him. I also know FB likes this test gone, even though other workloads like having it. For now, take it out by default, until we get a better idea. Reported-by: kitsunyan <kitsunyan(a)inbox.ru> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: Chris Mason <clm(a)fb.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Mike Galbraith <efault(a)gmx.de> Cc: Mike Galbraith <umgwanakikbuti(a)gmail.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: linux-kernel(a)vger.kernel.org Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/sched/fair.c | 2 +- kernel/sched/features.h | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -5451,7 +5451,7 @@ static int select_idle_cpu(struct task_s * Due to large variance we need a large fuzz factor; hackbench in * particularly is sensitive here. */ - if ((avg_idle / 512) < avg_cost) + if (sched_feat(SIS_AVG_CPU) && (avg_idle / 512) < avg_cost) return -1; time = local_clock(); --- a/kernel/sched/features.h +++ b/kernel/sched/features.h @@ -51,6 +51,11 @@ SCHED_FEAT(NONTASK_CAPACITY, true) */ SCHED_FEAT(TTWU_QUEUE, true) +/* + * When doing wakeups, attempt to limit superfluous scans of the LLC domain. + */ +SCHED_FEAT(SIS_AVG_CPU, false) + #ifdef HAVE_RT_PUSH_IPI /* * In order to avoid a thundering herd attack of CPUs that are Patches currently in stable-queue which might be from peterz(a)infradead.org are queue-4.9/smp-hotplug-move-step-cpuhp_ap_smpcfd_dying-to-the-correct-place.patch queue-4.9/efi-esrt-use-memunmap-instead-of-kfree-to-free-the-remapping.patch queue-4.9/x86-hpet-prevent-might-sleep-splat-on-resume.patch queue-4.9/efi-move-some-sysfs-files-to-be-read-only-by-root.patch queue-4.9/x86-platform-uv-bau-fix-hub-errors-by-remove-initial-write-to-sw-ack-register.patch queue-4.9/x86-mpx-selftests-fix-up-weird-arrays.patch queue-4.9/blk-mq-initialize-mq-kobjects-in-blk_mq_init_allocated_queue.patch queue-4.9/x86-selftests-add-clobbers-for-int80-on-x86_64.patch queue-4.9/jump_label-invoke-jump_label_test-via-early_initcall.patch queue-4.9/sched-fair-make-select_idle_cpu-more-aggressive.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "route: also update fnhe_genid when updating a route cache" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled route: also update fnhe_genid when updating a route cache to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: route-also-update-fnhe_genid-when-updating-a-route-cache.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Xin Long <lucien.xin(a)gmail.com> Date: Fri, 17 Nov 2017 14:27:18 +0800 Subject: route: also update fnhe_genid when updating a route cache From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit cebe84c6190d741045a322f5343f717139993c08 ] Now when ip route flush cache and it turn out all fnhe_genid != genid. If a redirect/pmtu icmp packet comes and the old fnhe is found and all it's members but fnhe_genid will be updated. Then next time when it looks up route and tries to rebind this fnhe to the new dst, the fnhe will be flushed due to fnhe_genid != genid. It causes this redirect/pmtu icmp packet acutally not to be applied. This patch is to also reset fnhe_genid when updating a route cache. Fixes: 5aad1de5ea2c ("ipv4: use separate genid for next hop exceptions") Acked-by: Hannes Frederic Sowa <hannes(a)stressinduktion.org> Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/route.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -630,9 +630,12 @@ static void update_or_create_fnhe(struct struct fnhe_hash_bucket *hash; struct fib_nh_exception *fnhe; struct rtable *rt; + u32 genid, hval; unsigned int i; int depth; - u32 hval = fnhe_hashfun(daddr); + + genid = fnhe_genid(dev_net(nh->nh_dev)); + hval = fnhe_hashfun(daddr); spin_lock_bh(&fnhe_lock); @@ -655,6 +658,8 @@ static void update_or_create_fnhe(struct } if (fnhe) { + if (fnhe->fnhe_genid != genid) + fnhe->fnhe_genid = genid; if (gw) fnhe->fnhe_gw = gw; if (pmtu) { @@ -679,7 +684,7 @@ static void update_or_create_fnhe(struct fnhe->fnhe_next = hash->chain; rcu_assign_pointer(hash->chain, fnhe); } - fnhe->fnhe_genid = fnhe_genid(dev_net(nh->nh_dev)); + fnhe->fnhe_genid = genid; fnhe->fnhe_daddr = daddr; fnhe->fnhe_gw = gw; fnhe->fnhe_pmtu = pmtu; Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.9/route-update-fnhe_expires-for-redirect-when-the-fnhe-exists.patch queue-4.9/route-also-update-fnhe_genid-when-updating-a-route-cache.patch queue-4.9/sctp-use-the-right-sk-after-waking-up-from-wait_buf-sleep.patch queue-4.9/sctp-do-not-free-asoc-when-it-is-already-dead-in-sctp_sendmsg.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA"" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: revert-spi-spi_fsl_dspi-should-depend-on-has_dma.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Sasha Levin <alexander.levin(a)verizon.com> Date: Thu, 7 Dec 2017 23:23:42 -0500 Subject: Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" From: Sasha Levin <alexander.levin(a)verizon.com> This reverts commit dadab2d4e3cf708ceba22ecddd94aedfecb39199. Not required on < 4.10. Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/spi/Kconfig | 1 - 1 file changed, 1 deletion(-) --- a/drivers/spi/Kconfig +++ b/drivers/spi/Kconfig @@ -365,7 +365,6 @@ config SPI_FSL_SPI config SPI_FSL_DSPI tristate "Freescale DSPI controller" select REGMAP_MMIO - depends on HAS_DMA depends on SOC_VF610 || SOC_LS1021A || ARCH_LAYERSCAPE || COMPILE_TEST help This enables support for the Freescale DSPI controller in master Patches currently in stable-queue which might be from alexander.levin(a)verizon.com are queue-4.9/xfrm-copy-policy-family-in-clone_policy.patch queue-4.9/scsi-lpfc-fix-crash-during-hardware-error-recovery-on-sli3-adapters.patch queue-4.9/ibmvnic-allocate-number-of-rx-tx-buffers-agreed-on-by-firmware.patch queue-4.9/atm-horizon-fix-irq-release-error.patch queue-4.9/powerpc-fix-compiling-a-be-kernel-with-a-powerpc64le-toolchain.patch queue-4.9/ipv6-reorder-icmpv6_init-and-ip6_mr_init.patch queue-4.9/ipvlan-fix-ipv6-outbound-device.patch queue-4.9/spi_ks8995-regs_size-incorrect-for-some-devices.patch queue-4.9/arm-omap2-release-device-node-after-it-is-no-longer-needed.patch queue-4.9/kvm-nvmx-reset-nested_run_pending-if-the-vcpu-is-going-to-be-reset.patch queue-4.9/usb-dwc3-gadget-fix-system-suspend-resume-on-ti-platforms.patch queue-4.9/arm-8657-1-uaccess-consistently-check-object-sizes.patch queue-4.9/rdma-cxgb4-annotate-r2-and-stag-as-__be32.patch queue-4.9/hid-chicony-add-support-for-another-asus-zen-aio-keyboard.patch queue-4.9/bnx2x-fix-detection-of-vlan-filtering-feature-for-vf.patch queue-4.9/netfilter-don-t-track-fragmented-packets.patch queue-4.9/lirc-fix-dead-lock-between-open-and-wakeup_filter.patch queue-4.9/block-wake-up-all-tasks-blocked-in-get_request.patch queue-4.9/asoc-rcar-avoid-ssi_modex-settings-for-ssi8.patch queue-4.9/kvm-nvmx-vmclear-should-not-cause-the-vcpu-to-shut-down.patch queue-4.9/arm-omap2-fix-device-node-reference-counts.patch queue-4.9/mac80211_hwsim-fix-memory-leak-in-hwsim_new_radio_nl.patch queue-4.9/axonram-fix-gendisk-handling.patch queue-4.9/kvm-arm-arm64-vgic-fix-command-handling-while-its-being-disabled.patch queue-4.9/powerpc-64-fix-checksum-folding-in-csum_add.patch queue-4.9/revert-spi-spi_fsl_dspi-should-depend-on-has_dma.patch queue-4.9/powerpc-powernv-ioda2-gracefully-fail-if-too-many-tce-levels-requested.patch queue-4.9/bpf-fix-lockdep-splat.patch queue-4.9/usb-gadgetfs-fix-a-potential-memory-leak-in-dev_config.patch queue-4.9/spi_ks8995-fix-bug-key-accdaa28-not-in-.data.patch queue-4.9/drivers-rapidio-devices-rio_mport_cdev.c-fix-resource-leak-in-error-handling-path-in-rio_dma_transfer.patch queue-4.9/bnx2x-fix-possible-overrun-of-vfpf-multicast-addresses-array.patch queue-4.9/bnx2x-do-not-rollback-vf-mac-vlan-filters-we-did-not-configure.patch queue-4.9/powerpc-64-invalidate-process-table-caching-after-setting-process-table.patch queue-4.9/sunrpc-fix-rpc_task_begin-trace-point.patch queue-4.9/clk-uniphier-fix-dapll2-clock-rate-of-pro5.patch queue-4.9/arm-kvm-survive-unknown-traps-from-guests.patch queue-4.9/crypto-s5p-sss-fix-completing-crypto-request-in-irq-handler.patch queue-4.9/ib-mlx5-assign-send-cq-and-recv-cq-of-umr-qp.patch queue-4.9/gpio-altera-use-handle_level_irq-when-configured-as-a-level_high.patch queue-4.9/lib-genalloc.c-make-the-avail-variable-an-atomic_long_t.patch queue-4.9/dt-bindings-usb-fix-reg-property-port-number-range.patch queue-4.9/arm-omap2-gpmc-onenand-propagate-error-on-initialization-failure.patch queue-4.9/afs-connect-up-the-cb.probeuuid.patch queue-4.9/drm-amd-amdgpu-fix-console-deadlock-if-late-init-failed.patch queue-4.9/module-set-__jump_table-alignment-to-8.patch queue-4.9/usb-gadget-pxa27x-test-for-a-valid-argument-pointer.patch queue-4.9/x86-hpet-prevent-might-sleep-splat-on-resume.patch queue-4.9/route-update-fnhe_expires-for-redirect-when-the-fnhe-exists.patch queue-4.9/edac-i5000-i5400-fix-definition-of-nrecmemb-register.patch queue-4.9/md-free-unused-memory-after-bitmap-resize.patch queue-4.9/x86-platform-uv-bau-fix-hub-errors-by-remove-initial-write-to-sw-ack-register.patch queue-4.9/x86-mpx-selftests-fix-up-weird-arrays.patch queue-4.9/libata-drop-warn-from-protocol-error-in-ata_sff_qc_issue.patch queue-4.9/nfs-fix-a-typo-in-nfs_rename.patch queue-4.9/ibmvnic-fix-overflowing-firmware-hardware-tx-queue.patch queue-4.9/blk-mq-initialize-mq-kobjects-in-blk_mq_init_allocated_queue.patch queue-4.9/audit-ensure-that-audit-1-actually-enables-audit-for-pid-1.patch queue-4.9/sparc64-mm-set-fields-in-deferred-pages.patch queue-4.9/zram-set-physical-queue-limits-to-avoid-array-out-of-bounds-accesses.patch queue-4.9/route-also-update-fnhe_genid-when-updating-a-route-cache.patch queue-4.9/selftest-powerpc-fix-false-failures-for-skipped-tests.patch queue-4.9/rds-tcp-sequence-teardown-of-listen-and-acceptor-sockets-to-avoid-races.patch queue-4.9/usb-gadget-udc-net2280-fix-tmp-reusage-in-net2280-driver.patch queue-4.9/xfs-fix-forgotten-rcu-read-unlock-when-skipping-inode-reclaim.patch queue-4.9/x86-selftests-add-clobbers-for-int80-on-x86_64.patch queue-4.9/gre6-use-log_ecn_error-module-parameter-in-ip6_tnl_rcv.patch queue-4.9/edac-i5000-i5400-fix-use-of-mtr_dram_width-macro.patch queue-4.9/jump_label-invoke-jump_label_test-via-early_initcall.patch queue-4.9/workqueue-trigger-warn-if-queue_delayed_work-is-called-with-null-wq.patch queue-4.9/irqchip-crossbar-fix-incorrect-type-of-register-size.patch queue-4.9/zsmalloc-calling-zs_map_object-from-irq-is-a-bug.patch queue-4.9/bnx2x-prevent-crash-when-accessing-ptp-with-interface-down.patch queue-4.9/vti6-don-t-report-path-mtu-below-ipv6_min_mtu.patch queue-4.9/sched-fair-make-select_idle_cpu-more-aggressive.patch queue-4.9/sctp-use-the-right-sk-after-waking-up-from-wait_buf-sleep.patch queue-4.9/kbuild-do-not-call-cc-option-before-kbuild_cflags-initialization.patch queue-4.9/arm64-kvm-survive-unknown-traps-from-guests.patch queue-4.9/coccinelle-fix-parallel-build-with-check-scripts-coccicheck.patch queue-4.9/dynamic-debug-howto-fix-optional-omitted-ending-line-number-to-be-large-instead-of-0.patch queue-4.9/scsi-qla2xxx-fix-ql_dump_buffer.patch queue-4.9/i2c-riic-fix-restart-condition.patch queue-4.9/ib-mlx4-increase-maximal-message-size-under-ud-qp.patch queue-4.9/usb-gadget-configs-plug-memory-leak.patch queue-4.9/revert-drm-armada-fix-compile-fail.patch queue-4.9/sctp-do-not-free-asoc-when-it-is-already-dead-in-sctp_sendmsg.patch queue-4.9/kbuild-pkg-use-transform-option-to-prefix-paths-in-tar.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] [GIT PULL] commits for Linux 4.9

by alexander.levin＠verizon.com

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 3781db07c79e7e4c5273c902f9c4718795866a1c: Linux 4.9.68 (2017-12-09 22:01:57 +0100) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-11122017 for you to fetch changes up to 91388b75c2e8e018ffb59ecb5c7fca68285e9a30: RDMA/cxgb4: Annotate r2 and stag as __be32 (2017-12-11 19:34:01 -0500) - ---------------------------------------------------------------- for-greg-4.9-11122017 - ---------------------------------------------------------------- Alexey Kardashevskiy (1): powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested Alexey Kodanev (1): gre6: use log_ecn_error module parameter in ip6_tnl_rcv() Andre Przywara (1): KVM: arm/arm64: VGIC: Fix command handling while ITS being disabled Andrew Banman (1): x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register Arvind Yadav (1): atm: horizon: Fix irq release error Ben Hutchings (1): mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() Blomme, Maarten (2): spi_ks8995: fix "BUG: key accdaa28 not in .data!" spi_ks8995: regs_size incorrect for some devices Chris Brandt (1): i2c: riic: fix restart condition Christophe JAILLET (2): USB: gadgetfs: Fix a potential memory leak in 'dev_config()' drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' Chuck Lever (1): sunrpc: Fix rpc_task_begin trace point Daniel Drake (1): HID: chicony: Add support for another ASUS Zen AiO keyboard Darrick J. Wong (1): xfs: fix forgotten rcu read unlock when skipping inode reclaim Dave Hansen (1): x86/mpx/selftests: Fix up weird arrays David Daney (1): module: set __jump_table alignment to 8 David Howells (1): afs: Connect up the CB.ProbeUuid Dmitry Safonov (1): x86/selftests: Add clobbers for int80 on x86_64 Eric Dumazet (1): bpf: fix lockdep splat Florian Westphal (1): netfilter: don't track fragmented packets Franck Demathieu (1): irqchip/crossbar: Fix incorrect type of register size Guenter Roeck (2): ARM: OMAP2+: Fix device node reference counts ARM: OMAP2+: Release device node after it is no longer needed. Herbert Xu (1): xfrm: Copy policy family in clone_policy James Smart (1): scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters Jan Kara (1): axonram: Fix gendisk handling Jason Baron (1): jump_label: Invoke jump_label_test() via early_initcall() Jim Mattson (1): kvm: nVMX: VMCLEAR should not cause the vCPU to shut down Jim Qu (1): drm/amd/amdgpu: fix console deadlock if late init failed Joe Perches (1): scsi: qla2xxx: Fix ql_dump_buffer Johan Hovold (1): dt-bindings: usb: fix reg-property port-number range Johannes Thumshirn (1): zram: set physical queue limits to avoid array out of bounds accesses John Keeping (1): usb: gadget: configs: plug memory leak JÃ©rÃ©my Lefaure (2): EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro EDAC, i5000, i5400: Fix definition of NRECMEMB register Keefe Liu (1): ipvlan: fix ipv6 outbound device Kees Cook (1): ARM: 8657/1: uaccess: consistently check object sizes Krzysztof Kozlowski (1): crypto: s5p-sss - Fix completing crypto request in IRQ handler Kuninori Morimoto (1): ASoC: rcar: avoid SSI_MODEx settings for SSI8 Ladislav Michl (1): ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure Leon Romanovsky (1): RDMA/cxgb4: Annotate r2 and stag as __be32 Majd Dibbiny (1): IB/mlx5: Assign send CQ and recv CQ of UMR QP Mark Bloch (1): IB/mlx4: Increase maximal message size under UD QP Mark Rutland (2): arm: KVM: Survive unknown traps from guests arm64: KVM: Survive unknown traps from guests Masahiro Yamada (4): kbuild: pkg: use --transform option to prefix paths in tar coccinelle: fix parallel build with CHECK=scripts/coccicheck clk: uniphier: fix DAPLL2 clock rate of Pro5 kbuild: do not call cc-option before KBUILD_CFLAGS initialization Michal Schmidt (4): bnx2x: prevent crash when accessing PTP with interface down bnx2x: fix possible overrun of VFPF multicast addresses array bnx2x: fix detection of VLAN filtering feature for VF bnx2x: do not rollback VF MAC/VLAN filters we did not configure Ming Lei (2): blk-mq: initialize mq kobjects in blk_mq_init_allocated_queue() block: wake up all tasks blocked in get_request() Nicholas Piggin (1): powerpc: Fix compiling a BE kernel with a powerpc64le toolchain Paul Mackerras (1): powerpc/64: Invalidate process table caching after setting process table Paul Moore (1): audit: ensure that 'audit=1' actually enables audit for PID 1 Pavel Tatashin (1): sparc64/mm: set fields in deferred pages Peter Zijlstra (1): sched/fair: Make select_idle_cpu() more aggressive Petr Cvek (1): usb: gadget: pxa27x: Test for a valid argument pointer Phil Reid (1): gpio: altera: Use handle_level_irq when configured as a level_high Randy Dunlap (1): dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 Raz Manor (1): usb: gadget: udc: net2280: Fix tmp reusage in net2280 driver Roger Quadros (1): usb: dwc3: gadget: Fix system suspend/resume on TI platforms Sachin Sant (1): selftest/powerpc: Fix false failures for skipped tests Sasha Levin (2): Revert "drm/armada: Fix compile fail" Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" Sean Young (1): [media] lirc: fix dead lock between open and wakeup_filter Sebastian Sjoholm (1): net: qmi_wwan: add Quectel BG96 2c7c:0296 Sergey Senozhatsky (1): zsmalloc: calling zs_map_object() from irq is a bug Shile Zhang (1): powerpc/64: Fix checksum folding in csum_add() Sowmini Varadhan (1): rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races Steffen Klassert (1): vti6: Don't report path MTU below IPV6_MIN_MTU. Stephen Bates (1): lib/genalloc.c: make the avail variable an atomic_long_t Tejun Heo (2): libata: drop WARN from protocol error in ata_sff_qc_issue() workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq Thomas Falcon (2): ibmvnic: Fix overflowing firmware/hardware TX queue ibmvnic: Allocate number of rx/tx buffers agreed on by firmware Thomas Gleixner (1): x86/hpet: Prevent might sleep splat on resume Trond Myklebust (1): NFS: Fix a typo in nfs_rename() WANG Cong (1): ipv6: reorder icmpv6_init() and ip6_mr_init() Wanpeng Li (1): KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset Xin Long (4): route: also update fnhe_genid when updating a route cache route: update fnhe_expires for redirect when the fnhe exists sctp: do not free asoc when it is already dead in sctp_sendmsg sctp: use the right sk after waking up from wait_buf sleep Zdenek Kabelac (1): md: free unused memory after bitmap resize .../devicetree/bindings/usb/usb-device.txt | 2 +- Makefile | 21 ++-- arch/arm/include/asm/kvm_arm.h | 1 + arch/arm/include/asm/uaccess.h | 44 ++++++--- arch/arm/kvm/handle_exit.c | 19 ++-- arch/arm/mach-omap2/gpmc-onenand.c | 10 +- arch/arm/mach-omap2/omap_hwmod_3xxx_data.c | 25 +++-- arch/arm64/kvm/handle_exit.c | 19 ++-- arch/powerpc/Makefile | 11 ++- arch/powerpc/include/asm/checksum.h | 2 +- arch/powerpc/mm/pgtable-radix.c | 4 + arch/powerpc/platforms/powernv/pci-ioda.c | 3 + arch/powerpc/sysdev/axonram.c | 5 +- arch/sparc/mm/init_64.c | 9 +- arch/x86/kernel/hpet.c | 2 +- arch/x86/kvm/vmx.c | 26 ++--- arch/x86/platform/uv/tlb_uv.c | 1 - block/blk-core.c | 4 +- block/blk-mq-sysfs.c | 4 +- block/blk-mq.c | 4 +- block/blk-mq.h | 1 + drivers/ata/libata-sff.c | 1 - drivers/atm/horizon.c | 2 +- drivers/block/zram/zram_drv.c | 2 + drivers/clk/uniphier/clk-uniphier-sys.c | 2 +- drivers/crypto/s5p-sss.c | 5 +- drivers/edac/i5000_edac.c | 8 +- drivers/edac/i5400_edac.c | 9 +- drivers/gpio/gpio-altera.c | 26 +++-- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5 +- drivers/gpu/drm/armada/Makefile | 2 - drivers/hid/Kconfig | 4 +- drivers/hid/hid-chicony.c | 1 + drivers/hid/hid-core.c | 1 + drivers/hid/hid-ids.h | 1 + drivers/i2c/busses/i2c-riic.c | 6 +- drivers/infiniband/hw/cxgb4/t4fw_ri_api.h | 4 +- drivers/infiniband/hw/mlx4/qp.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 2 + drivers/irqchip/irq-crossbar.c | 8 +- drivers/md/bitmap.c | 9 ++ drivers/media/rc/lirc_dev.c | 4 +- drivers/memory/omap-gpmc.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 36 +++++-- drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c | 8 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c | 23 +++-- drivers/net/ethernet/ibm/ibmvnic.c | 43 ++++++-- drivers/net/ethernet/ibm/ibmvnic.h | 1 + drivers/net/ipvlan/ipvlan_core.c | 2 +- drivers/net/phy/spi_ks8995.c | 3 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/mac80211_hwsim.c | 5 +- drivers/rapidio/devices/rio_mport_cdev.c | 3 +- drivers/scsi/lpfc/lpfc_els.c | 14 ++- drivers/scsi/qla2xxx/qla_dbg.c | 12 +-- drivers/spi/Kconfig | 1 - drivers/usb/dwc3/gadget.c | 7 +- drivers/usb/gadget/configfs.c | 1 + drivers/usb/gadget/legacy/inode.c | 4 +- drivers/usb/gadget/udc/net2280.c | 25 ++--- drivers/usb/gadget/udc/pxa27x_udc.c | 5 +- fs/afs/cmservice.c | 3 + fs/nfs/dir.c | 2 +- fs/xfs/xfs_inode.c | 1 + include/linux/genalloc.h | 3 +- include/linux/omap-gpmc.h | 5 +- kernel/audit.c | 10 +- kernel/bpf/percpu_freelist.c | 8 +- kernel/jump_label.c | 2 +- kernel/sched/fair.c | 2 +- kernel/sched/features.h | 5 + kernel/workqueue.c | 1 + lib/dynamic_debug.c | 4 + lib/genalloc.c | 10 +- mm/zsmalloc.c | 2 +- net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 4 + net/ipv4/netfilter/nf_nat_l3proto_ipv4.c | 5 - net/ipv4/route.c | 14 ++- net/ipv6/af_inet6.c | 10 +- net/ipv6/ip6_gre.c | 2 +- net/ipv6/ip6_vti.c | 8 +- net/rds/tcp.c | 15 ++- net/rds/tcp.h | 2 +- net/rds/tcp_listen.c | 9 +- net/sctp/socket.c | 38 ++++--- net/sunrpc/sched.c | 3 +- net/xfrm/xfrm_policy.c | 1 + scripts/coccicheck | 15 +-- scripts/module-common.lds | 2 + scripts/package/Makefile | 5 +- sound/soc/sh/rcar/ssiu.c | 6 +- tools/testing/selftests/powerpc/harness.c | 6 +- tools/testing/selftests/x86/fsgsbase.c | 2 +- tools/testing/selftests/x86/ldt_gdt.c | 16 ++- tools/testing/selftests/x86/mpx-hw.h | 4 +- tools/testing/selftests/x86/ptrace_syscall.c | 3 +- tools/testing/selftests/x86/single_step_syscall.c | 5 +- virt/kvm/arm/vgic/vgic-its.c | 109 ++++++++++++--------- 99 files changed, 544 insertions(+), 318 deletions(-) -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJaLynXAAoJEN6mb/eXdyzcJIkQAKnfZSv461UVTRJW01K9ECQ6 UpfhthOs2IwPX+iFK4wrxNCnEuYsVUboX29Gpcf/peXHZjNq17qyWThuzg1NDJCS n+b+RmIU6yXBtXn98FrGFa/QpYhNtUuh2NvplqzE9MGpakUEgW75XwYcwa6DRoh4 3eyoWyheXNikXTiYoqaADCiBfr+JSctrZtNRlzj5Bah3Kq6JOk4vA/6Z6T0DGovG CjyP/urdL544+KfBcuObP1uRCZp2AuOqjEJ8bkhakyL2aCYHyDq/FHxppJ1/wfJ5 L1Nwj7WrsvXe9ZYrZIuTFfQe/xOudI9Ae/l+08PdtsOOy9gqgztSuKzAqyvaIro7 0iXE44oRdnksyNo1Y65l+sGAKSUG/W2i3uOVS3703XDcGAhWO5hhKLZ8Bg6c6AtH okk28cUUUCitbc0+QD1a9Z7QvHUn9AC1BsUeHCk7DkteEhGqB6m3zgfpYal+s4Xz hSq+tFOIdzA4PvMy6aNXXJKagvOhVr00j9MJZ9pl4I8NoFexOTgAnNQ91RMXnyEx hC5xm+Ugfu2/ZMg+beV44Qh+34ZZKZ2J02M0zUmyYmDfNHMJnbCkz3pYL1V7YuO9 XNZUxkF2snxVl1io2djyGNx3Y4cEA/5na5bKj1+0gBABiQwwOkylXf3qI7cMGMBU 1B0vUCR+MHZCiSU6t3eq =n4qU -----END PGP SIGNATURE-----

7 years, 6 months

2
1
0 0

[Linux-stable-mirror] Patch "rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: rds-tcp-sequence-teardown-of-listen-and-acceptor-sockets-to-avoid-races.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Sowmini Varadhan <sowmini.varadhan(a)oracle.com> Date: Sat, 4 Mar 2017 08:57:35 -0800 Subject: rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races From: Sowmini Varadhan <sowmini.varadhan(a)oracle.com> [ Upstream commit b21dd4506b71bdb9c5a20e759255cd2513ea7ebe ] Commit a93d01f5777e ("RDS: TCP: avoid bad page reference in rds_tcp_listen_data_ready") added the function rds_tcp_listen_sock_def_readable() to handle the case when a partially set-up acceptor socket drops into rds_tcp_listen_data_ready(). However, if the listen socket (rtn->rds_tcp_listen_sock) is itself going through a tear-down via rds_tcp_listen_stop(), the (*ready)() will be null and we would hit a panic of the form BUG: unable to handle kernel NULL pointer dereference at (null) IP: (null) : ? rds_tcp_listen_data_ready+0x59/0xb0 [rds_tcp] tcp_data_queue+0x39d/0x5b0 tcp_rcv_established+0x2e5/0x660 tcp_v4_do_rcv+0x122/0x220 tcp_v4_rcv+0x8b7/0x980 : In the above case, it is not fatal to encounter a NULL value for ready- we should just drop the packet and let the flush of the acceptor thread finish gracefully. In general, the tear-down sequence for listen() and accept() socket that is ensured by this commit is: rtn->rds_tcp_listen_sock = NULL; /* prevent any new accepts */ In rds_tcp_listen_stop(): serialize with, and prevent, further callbacks using lock_sock() flush rds_wq flush acceptor workq sock_release(listen socket) Signed-off-by: Sowmini Varadhan <sowmini.varadhan(a)oracle.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/rds/tcp.c | 15 ++++++++++----- net/rds/tcp.h | 2 +- net/rds/tcp_listen.c | 9 +++++++-- 3 files changed, 18 insertions(+), 8 deletions(-) --- a/net/rds/tcp.c +++ b/net/rds/tcp.c @@ -478,9 +478,10 @@ static void __net_exit rds_tcp_exit_net( * we do need to clean up the listen socket here. */ if (rtn->rds_tcp_listen_sock) { - rds_tcp_listen_stop(rtn->rds_tcp_listen_sock); + struct socket *lsock = rtn->rds_tcp_listen_sock; + rtn->rds_tcp_listen_sock = NULL; - flush_work(&rtn->rds_tcp_accept_w); + rds_tcp_listen_stop(lsock, &rtn->rds_tcp_accept_w); } } @@ -517,10 +518,10 @@ static void rds_tcp_kill_sock(struct net struct rds_tcp_connection *tc, *_tc; LIST_HEAD(tmp_list); struct rds_tcp_net *rtn = net_generic(net, rds_tcp_netid); + struct socket *lsock = rtn->rds_tcp_listen_sock; - rds_tcp_listen_stop(rtn->rds_tcp_listen_sock); rtn->rds_tcp_listen_sock = NULL; - flush_work(&rtn->rds_tcp_accept_w); + rds_tcp_listen_stop(lsock, &rtn->rds_tcp_accept_w); spin_lock_irq(&rds_tcp_conn_lock); list_for_each_entry_safe(tc, _tc, &rds_tcp_conn_list, t_tcp_node) { struct net *c_net = read_pnet(&tc->t_cpath->cp_conn->c_net); @@ -540,8 +541,12 @@ static void rds_tcp_kill_sock(struct net void *rds_tcp_listen_sock_def_readable(struct net *net) { struct rds_tcp_net *rtn = net_generic(net, rds_tcp_netid); + struct socket *lsock = rtn->rds_tcp_listen_sock; + + if (!lsock) + return NULL; - return rtn->rds_tcp_listen_sock->sk->sk_user_data; + return lsock->sk->sk_user_data; } static int rds_tcp_dev_event(struct notifier_block *this, --- a/net/rds/tcp.h +++ b/net/rds/tcp.h @@ -66,7 +66,7 @@ void rds_tcp_state_change(struct sock *s /* tcp_listen.c */ struct socket *rds_tcp_listen_init(struct net *); -void rds_tcp_listen_stop(struct socket *); +void rds_tcp_listen_stop(struct socket *sock, struct work_struct *acceptor); void rds_tcp_listen_data_ready(struct sock *sk); int rds_tcp_accept_one(struct socket *sock); int rds_tcp_keepalive(struct socket *sock); --- a/net/rds/tcp_listen.c +++ b/net/rds/tcp_listen.c @@ -227,6 +227,9 @@ void rds_tcp_listen_data_ready(struct so * before it has been accepted and the accepter has set up their * data_ready.. we only want to queue listen work for our listening * socket + * + * (*ready)() may be null if we are racing with netns delete, and + * the listen socket is being torn down. */ if (sk->sk_state == TCP_LISTEN) rds_tcp_accept_work(sk); @@ -235,7 +238,8 @@ void rds_tcp_listen_data_ready(struct so out: read_unlock_bh(&sk->sk_callback_lock); - ready(sk); + if (ready) + ready(sk); } struct socket *rds_tcp_listen_init(struct net *net) @@ -275,7 +279,7 @@ out: return NULL; } -void rds_tcp_listen_stop(struct socket *sock) +void rds_tcp_listen_stop(struct socket *sock, struct work_struct *acceptor) { struct sock *sk; @@ -296,5 +300,6 @@ void rds_tcp_listen_stop(struct socket * /* wait for accepts to stop and close the socket */ flush_workqueue(rds_wq); + flush_work(acceptor); sock_release(sock); } Patches currently in stable-queue which might be from sowmini.varadhan(a)oracle.com are queue-4.9/rds-tcp-sequence-teardown-of-listen-and-acceptor-sockets-to-avoid-races.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "Revert "drm/armada: Fix compile fail"" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Revert "drm/armada: Fix compile fail" to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: revert-drm-armada-fix-compile-fail.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Sasha Levin <alexander.levin(a)verizon.com> Date: Thu, 7 Dec 2017 23:21:06 -0500 Subject: Revert "drm/armada: Fix compile fail" From: Sasha Levin <alexander.levin(a)verizon.com> This reverts commit 82f260d472c3b4dbb7324624e395c3e91f73a040. Not required on < 4.10. Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/armada/Makefile | 2 -- 1 file changed, 2 deletions(-) --- a/drivers/gpu/drm/armada/Makefile +++ b/drivers/gpu/drm/armada/Makefile @@ -4,5 +4,3 @@ armada-y += armada_510.o armada-$(CONFIG_DEBUG_FS) += armada_debugfs.o obj-$(CONFIG_DRM_ARMADA) := armada.o - -CFLAGS_armada_trace.o := -I$(src) Patches currently in stable-queue which might be from alexander.levin(a)verizon.com are queue-4.9/xfrm-copy-policy-family-in-clone_policy.patch queue-4.9/scsi-lpfc-fix-crash-during-hardware-error-recovery-on-sli3-adapters.patch queue-4.9/ibmvnic-allocate-number-of-rx-tx-buffers-agreed-on-by-firmware.patch queue-4.9/atm-horizon-fix-irq-release-error.patch queue-4.9/powerpc-fix-compiling-a-be-kernel-with-a-powerpc64le-toolchain.patch queue-4.9/ipv6-reorder-icmpv6_init-and-ip6_mr_init.patch queue-4.9/ipvlan-fix-ipv6-outbound-device.patch queue-4.9/spi_ks8995-regs_size-incorrect-for-some-devices.patch queue-4.9/arm-omap2-release-device-node-after-it-is-no-longer-needed.patch queue-4.9/kvm-nvmx-reset-nested_run_pending-if-the-vcpu-is-going-to-be-reset.patch queue-4.9/usb-dwc3-gadget-fix-system-suspend-resume-on-ti-platforms.patch queue-4.9/arm-8657-1-uaccess-consistently-check-object-sizes.patch queue-4.9/rdma-cxgb4-annotate-r2-and-stag-as-__be32.patch queue-4.9/hid-chicony-add-support-for-another-asus-zen-aio-keyboard.patch queue-4.9/bnx2x-fix-detection-of-vlan-filtering-feature-for-vf.patch queue-4.9/netfilter-don-t-track-fragmented-packets.patch queue-4.9/lirc-fix-dead-lock-between-open-and-wakeup_filter.patch queue-4.9/block-wake-up-all-tasks-blocked-in-get_request.patch queue-4.9/asoc-rcar-avoid-ssi_modex-settings-for-ssi8.patch queue-4.9/kvm-nvmx-vmclear-should-not-cause-the-vcpu-to-shut-down.patch queue-4.9/arm-omap2-fix-device-node-reference-counts.patch queue-4.9/mac80211_hwsim-fix-memory-leak-in-hwsim_new_radio_nl.patch queue-4.9/axonram-fix-gendisk-handling.patch queue-4.9/kvm-arm-arm64-vgic-fix-command-handling-while-its-being-disabled.patch queue-4.9/powerpc-64-fix-checksum-folding-in-csum_add.patch queue-4.9/revert-spi-spi_fsl_dspi-should-depend-on-has_dma.patch queue-4.9/powerpc-powernv-ioda2-gracefully-fail-if-too-many-tce-levels-requested.patch queue-4.9/bpf-fix-lockdep-splat.patch queue-4.9/usb-gadgetfs-fix-a-potential-memory-leak-in-dev_config.patch queue-4.9/spi_ks8995-fix-bug-key-accdaa28-not-in-.data.patch queue-4.9/drivers-rapidio-devices-rio_mport_cdev.c-fix-resource-leak-in-error-handling-path-in-rio_dma_transfer.patch queue-4.9/bnx2x-fix-possible-overrun-of-vfpf-multicast-addresses-array.patch queue-4.9/bnx2x-do-not-rollback-vf-mac-vlan-filters-we-did-not-configure.patch queue-4.9/powerpc-64-invalidate-process-table-caching-after-setting-process-table.patch queue-4.9/sunrpc-fix-rpc_task_begin-trace-point.patch queue-4.9/clk-uniphier-fix-dapll2-clock-rate-of-pro5.patch queue-4.9/arm-kvm-survive-unknown-traps-from-guests.patch queue-4.9/crypto-s5p-sss-fix-completing-crypto-request-in-irq-handler.patch queue-4.9/ib-mlx5-assign-send-cq-and-recv-cq-of-umr-qp.patch queue-4.9/gpio-altera-use-handle_level_irq-when-configured-as-a-level_high.patch queue-4.9/lib-genalloc.c-make-the-avail-variable-an-atomic_long_t.patch queue-4.9/dt-bindings-usb-fix-reg-property-port-number-range.patch queue-4.9/arm-omap2-gpmc-onenand-propagate-error-on-initialization-failure.patch queue-4.9/afs-connect-up-the-cb.probeuuid.patch queue-4.9/drm-amd-amdgpu-fix-console-deadlock-if-late-init-failed.patch queue-4.9/module-set-__jump_table-alignment-to-8.patch queue-4.9/usb-gadget-pxa27x-test-for-a-valid-argument-pointer.patch queue-4.9/x86-hpet-prevent-might-sleep-splat-on-resume.patch queue-4.9/route-update-fnhe_expires-for-redirect-when-the-fnhe-exists.patch queue-4.9/edac-i5000-i5400-fix-definition-of-nrecmemb-register.patch queue-4.9/md-free-unused-memory-after-bitmap-resize.patch queue-4.9/x86-platform-uv-bau-fix-hub-errors-by-remove-initial-write-to-sw-ack-register.patch queue-4.9/x86-mpx-selftests-fix-up-weird-arrays.patch queue-4.9/libata-drop-warn-from-protocol-error-in-ata_sff_qc_issue.patch queue-4.9/nfs-fix-a-typo-in-nfs_rename.patch queue-4.9/ibmvnic-fix-overflowing-firmware-hardware-tx-queue.patch queue-4.9/blk-mq-initialize-mq-kobjects-in-blk_mq_init_allocated_queue.patch queue-4.9/audit-ensure-that-audit-1-actually-enables-audit-for-pid-1.patch queue-4.9/sparc64-mm-set-fields-in-deferred-pages.patch queue-4.9/zram-set-physical-queue-limits-to-avoid-array-out-of-bounds-accesses.patch queue-4.9/route-also-update-fnhe_genid-when-updating-a-route-cache.patch queue-4.9/selftest-powerpc-fix-false-failures-for-skipped-tests.patch queue-4.9/rds-tcp-sequence-teardown-of-listen-and-acceptor-sockets-to-avoid-races.patch queue-4.9/usb-gadget-udc-net2280-fix-tmp-reusage-in-net2280-driver.patch queue-4.9/xfs-fix-forgotten-rcu-read-unlock-when-skipping-inode-reclaim.patch queue-4.9/x86-selftests-add-clobbers-for-int80-on-x86_64.patch queue-4.9/gre6-use-log_ecn_error-module-parameter-in-ip6_tnl_rcv.patch queue-4.9/edac-i5000-i5400-fix-use-of-mtr_dram_width-macro.patch queue-4.9/jump_label-invoke-jump_label_test-via-early_initcall.patch queue-4.9/workqueue-trigger-warn-if-queue_delayed_work-is-called-with-null-wq.patch queue-4.9/irqchip-crossbar-fix-incorrect-type-of-register-size.patch queue-4.9/zsmalloc-calling-zs_map_object-from-irq-is-a-bug.patch queue-4.9/bnx2x-prevent-crash-when-accessing-ptp-with-interface-down.patch queue-4.9/vti6-don-t-report-path-mtu-below-ipv6_min_mtu.patch queue-4.9/sched-fair-make-select_idle_cpu-more-aggressive.patch queue-4.9/sctp-use-the-right-sk-after-waking-up-from-wait_buf-sleep.patch queue-4.9/kbuild-do-not-call-cc-option-before-kbuild_cflags-initialization.patch queue-4.9/arm64-kvm-survive-unknown-traps-from-guests.patch queue-4.9/coccinelle-fix-parallel-build-with-check-scripts-coccicheck.patch queue-4.9/dynamic-debug-howto-fix-optional-omitted-ending-line-number-to-be-large-instead-of-0.patch queue-4.9/scsi-qla2xxx-fix-ql_dump_buffer.patch queue-4.9/i2c-riic-fix-restart-condition.patch queue-4.9/ib-mlx4-increase-maximal-message-size-under-ud-qp.patch queue-4.9/usb-gadget-configs-plug-memory-leak.patch queue-4.9/revert-drm-armada-fix-compile-fail.patch queue-4.9/sctp-do-not-free-asoc-when-it-is-already-dead-in-sctp_sendmsg.patch queue-4.9/kbuild-pkg-use-transform-option-to-prefix-paths-in-tar.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-powernv-ioda2-gracefully-fail-if-too-many-tce-levels-requested.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Alexey Kardashevskiy <aik(a)ozlabs.ru> Date: Wed, 22 Feb 2017 15:43:59 +1100 Subject: powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested From: Alexey Kardashevskiy <aik(a)ozlabs.ru> [ Upstream commit 7aafac11e308d37ed3c509829bb43d80c1811ac3 ] The IODA2 specification says that a 64 DMA address cannot use top 4 bits (3 are reserved and one is a "TVE select"); bottom page_shift bits cannot be used for multilevel table addressing either. The existing IODA2 table allocation code aligns the minimum TCE table size to PAGE_SIZE so in the case of 64K system pages and 4K IOMMU pages, we have 64-4-12=48 bits. Since 64K page stores 8192 TCEs, i.e. needs 13 bits, the maximum number of levels is 48/13 = 3 so we physically cannot address more and EEH happens on DMA accesses. This adds a check that too many levels were requested. It is still possible to have 5 levels in the case of 4K system page size. Signed-off-by: Alexey Kardashevskiy <aik(a)ozlabs.ru> Acked-by: Gavin Shan <gwshan(a)linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/platforms/powernv/pci-ioda.c | 3 +++ 1 file changed, 3 insertions(+) --- a/arch/powerpc/platforms/powernv/pci-ioda.c +++ b/arch/powerpc/platforms/powernv/pci-ioda.c @@ -2623,6 +2623,9 @@ static long pnv_pci_ioda2_table_alloc_pa level_shift = entries_shift + 3; level_shift = max_t(unsigned, level_shift, PAGE_SHIFT); + if ((level_shift - 3) * levels + page_shift >= 60) + return -EINVAL; + /* Allocate TCE table */ addr = pnv_pci_ioda2_table_do_alloc_pages(nid, level_shift, levels, tce_table_size, &offset, &total_allocated); Patches currently in stable-queue which might be from aik(a)ozlabs.ru are queue-4.9/powerpc-powernv-ioda2-gracefully-fail-if-too-many-tce-levels-requested.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "RDMA/cxgb4: Annotate r2 and stag as __be32" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled RDMA/cxgb4: Annotate r2 and stag as __be32 to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: rdma-cxgb4-annotate-r2-and-stag-as-__be32.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Leon Romanovsky <leon(a)kernel.org> Date: Wed, 25 Oct 2017 23:10:19 +0300 Subject: RDMA/cxgb4: Annotate r2 and stag as __be32 From: Leon Romanovsky <leon(a)kernel.org> [ Upstream commit 7d7d065a5eec7e218174d5c64a9f53f99ffdb119 ] Chelsio cxgb4 HW is big-endian, hence there is need to properly annotate r2 and stag fields as __be32 and not __u32 to fix the following sparse warnings. drivers/infiniband/hw/cxgb4/qp.c:614:16: warning: incorrect type in assignment (different base types) expected unsigned int [unsigned] [usertype] r2 got restricted __be32 [usertype] <noident> drivers/infiniband/hw/cxgb4/qp.c:615:18: warning: incorrect type in assignment (different base types) expected unsigned int [unsigned] [usertype] stag got restricted __be32 [usertype] <noident> Cc: Steve Wise <swise(a)opengridcomputing.com> Signed-off-by: Leon Romanovsky <leon(a)kernel.org> Reviewed-by: Steve Wise <swise(a)opengridcomputing.com> Signed-off-by: Doug Ledford <dledford(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/infiniband/hw/cxgb4/t4fw_ri_api.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/infiniband/hw/cxgb4/t4fw_ri_api.h +++ b/drivers/infiniband/hw/cxgb4/t4fw_ri_api.h @@ -675,8 +675,8 @@ struct fw_ri_fr_nsmr_tpte_wr { __u16 wrid; __u8 r1[3]; __u8 len16; - __u32 r2; - __u32 stag; + __be32 r2; + __be32 stag; struct fw_ri_tpte tpte; __u64 pbl[2]; }; Patches currently in stable-queue which might be from leon(a)kernel.org are queue-4.9/rdma-cxgb4-annotate-r2-and-stag-as-__be32.patch queue-4.9/ib-mlx5-assign-send-cq-and-recv-cq-of-umr-qp.patch queue-4.9/ib-mlx4-increase-maximal-message-size-under-ud-qp.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "powerpc: Fix compiling a BE kernel with a powerpc64le toolchain" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc: Fix compiling a BE kernel with a powerpc64le toolchain to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-fix-compiling-a-be-kernel-with-a-powerpc64le-toolchain.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Nicholas Piggin <npiggin(a)gmail.com> Date: Sun, 27 Nov 2016 13:46:20 +1100 Subject: powerpc: Fix compiling a BE kernel with a powerpc64le toolchain From: Nicholas Piggin <npiggin(a)gmail.com> [ Upstream commit 4dc831aa88132f835cefe876aa0206977c4d7710 ] GCC can compile with either endian, but the default ABI version is set based on the default endianness of the toolchain. Alan Modra says: you need both -mbig and -mabi=elfv1 to make a powerpc64le gcc generate powerpc64 code The opposite is true for powerpc64 when generating -mlittle it requires -mabi=elfv2 to generate v2 ABI, which we were already doing. This change adds ABI annotations together with endianness for all cases, LE and BE. This fixes the case of building a BE kernel with a toolchain that is LE by default. Signed-off-by: Nicholas Piggin <npiggin(a)gmail.com> Tested-by: Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/Makefile | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) --- a/arch/powerpc/Makefile +++ b/arch/powerpc/Makefile @@ -72,8 +72,15 @@ GNUTARGET := powerpc MULTIPLEWORD := -mmultiple endif -cflags-$(CONFIG_CPU_BIG_ENDIAN) += $(call cc-option,-mbig-endian) +ifdef CONFIG_PPC64 +cflags-$(CONFIG_CPU_BIG_ENDIAN) += $(call cc-option,-mabi=elfv1) +cflags-$(CONFIG_CPU_BIG_ENDIAN) += $(call cc-option,-mcall-aixdesc) +aflags-$(CONFIG_CPU_BIG_ENDIAN) += $(call cc-option,-mabi=elfv1) +aflags-$(CONFIG_CPU_LITTLE_ENDIAN) += -mabi=elfv2 +endif + cflags-$(CONFIG_CPU_LITTLE_ENDIAN) += -mlittle-endian +cflags-$(CONFIG_CPU_BIG_ENDIAN) += $(call cc-option,-mbig-endian) ifneq ($(cc-name),clang) cflags-$(CONFIG_CPU_LITTLE_ENDIAN) += -mno-strict-align endif @@ -113,7 +120,9 @@ ifeq ($(CONFIG_CPU_LITTLE_ENDIAN),y) CFLAGS-$(CONFIG_PPC64) += $(call cc-option,-mabi=elfv2,$(call cc-option,-mcall-aixdesc)) AFLAGS-$(CONFIG_PPC64) += $(call cc-option,-mabi=elfv2) else +CFLAGS-$(CONFIG_PPC64) += $(call cc-option,-mabi=elfv1) CFLAGS-$(CONFIG_PPC64) += $(call cc-option,-mcall-aixdesc) +AFLAGS-$(CONFIG_PPC64) += $(call cc-option,-mabi=elfv1) endif CFLAGS-$(CONFIG_PPC64) += $(call cc-option,-mcmodel=medium,$(call cc-option,-mminimal-toc)) CFLAGS-$(CONFIG_PPC64) += $(call cc-option,-mno-pointers-to-nested-functions) Patches currently in stable-queue which might be from npiggin(a)gmail.com are queue-4.9/powerpc-64s-initialize-isav3-mmu-registers-before-setting-partition-table.patch queue-4.9/powerpc-fix-compiling-a-be-kernel-with-a-powerpc64le-toolchain.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "powerpc/64: Invalidate process table caching after setting process table" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/64: Invalidate process table caching after setting process table to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-64-invalidate-process-table-caching-after-setting-process-table.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Paul Mackerras <paulus(a)ozlabs.org> Date: Mon, 27 Feb 2017 14:32:41 +1100 Subject: powerpc/64: Invalidate process table caching after setting process table From: Paul Mackerras <paulus(a)ozlabs.org> [ Upstream commit 7a70d7288c926ae88e0c773fbb506aa374e99c2d ] The POWER9 MMU reads and caches entries from the process table. When we kexec from one kernel to another, the second kernel sets its process table pointer but doesn't currently do anything to make the CPU invalidate any cached entries from the old process table. This adds a tlbie (TLB invalidate entry) instruction with parameters to invalidate caching of the process table after the new process table is installed. Signed-off-by: Paul Mackerras <paulus(a)ozlabs.org> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/mm/pgtable-radix.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/arch/powerpc/mm/pgtable-radix.c +++ b/arch/powerpc/mm/pgtable-radix.c @@ -173,6 +173,10 @@ redo: */ register_process_table(__pa(process_tb), 0, PRTB_SIZE_SHIFT - 12); pr_info("Process table %p and radix root for kernel: %p\n", process_tb, init_mm.pgd); + asm volatile("ptesync" : : : "memory"); + asm volatile(PPC_TLBIE_5(%0,%1,2,1,1) : : + "r" (TLBIEL_INVAL_SET_LPID), "r" (0)); + asm volatile("eieio; tlbsync; ptesync" : : : "memory"); } static void __init radix_init_partition_table(void) Patches currently in stable-queue which might be from paulus(a)ozlabs.org are queue-4.9/powerpc-64-fix-checksum-folding-in-csum_add.patch queue-4.9/powerpc-64-invalidate-process-table-caching-after-setting-process-table.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "NFS: Fix a typo in nfs_rename()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled NFS: Fix a typo in nfs_rename() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: nfs-fix-a-typo-in-nfs_rename.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Trond Myklebust <trond.myklebust(a)primarydata.com> Date: Mon, 6 Nov 2017 15:28:04 -0500 Subject: NFS: Fix a typo in nfs_rename() From: Trond Myklebust <trond.myklebust(a)primarydata.com> [ Upstream commit d803224c84be067754db7fa58a93f36f61566493 ] On successful rename, the "old_dentry" is retained and is attached to the "new_dir", so we need to call nfs_set_verifier() accordingly. Signed-off-by: Trond Myklebust <trond.myklebust(a)primarydata.com> Signed-off-by: Anna Schumaker <Anna.Schumaker(a)Netapp.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/nfs/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/nfs/dir.c +++ b/fs/nfs/dir.c @@ -2098,7 +2098,7 @@ out: if (new_inode != NULL) nfs_drop_nlink(new_inode); d_move(old_dentry, new_dentry); - nfs_set_verifier(new_dentry, + nfs_set_verifier(old_dentry, nfs_save_change_attribute(new_dir)); } else if (error == -ENOENT) nfs_dentry_handle_enoent(old_dentry); Patches currently in stable-queue which might be from trond.myklebust(a)primarydata.com are queue-4.9/nfs-fix-a-typo-in-nfs_rename.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "powerpc/64: Fix checksum folding in csum_add()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/64: Fix checksum folding in csum_add() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-64-fix-checksum-folding-in-csum_add.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Shile Zhang <shile.zhang(a)nokia.com> Date: Sat, 4 Feb 2017 17:03:40 +0800 Subject: powerpc/64: Fix checksum folding in csum_add() From: Shile Zhang <shile.zhang(a)nokia.com> [ Upstream commit 6ad966d7303b70165228dba1ee8da1a05c10eefe ] Paul's patch to fix checksum folding, commit b492f7e4e07a ("powerpc/64: Fix checksum folding in csum_tcpudp_nofold and ip_fast_csum_nofold") missed a case in csum_add(). Fix it. Signed-off-by: Shile Zhang <shile.zhang(a)nokia.com> Acked-by: Paul Mackerras <paulus(a)ozlabs.org> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/include/asm/checksum.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/powerpc/include/asm/checksum.h +++ b/arch/powerpc/include/asm/checksum.h @@ -100,7 +100,7 @@ static inline __wsum csum_add(__wsum csu #ifdef __powerpc64__ res += (__force u64)addend; - return (__force __wsum)((u32)res + (res >> 32)); + return (__force __wsum) from64to32(res); #else asm("addc %0,%0,%1;" "addze %0,%0;" Patches currently in stable-queue which might be from shile.zhang(a)nokia.com are queue-4.9/powerpc-64-fix-checksum-folding-in-csum_add.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "netfilter: don't track fragmented packets" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netfilter: don't track fragmented packets to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netfilter-don-t-track-fragmented-packets.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Florian Westphal <fw(a)strlen.de> Date: Fri, 3 Mar 2017 21:44:00 +0100 Subject: netfilter: don't track fragmented packets From: Florian Westphal <fw(a)strlen.de> [ Upstream commit 7b4fdf77a450ec0fdcb2f677b080ddbf2c186544 ] Andrey reports syzkaller splat caused by NF_CT_ASSERT(!ip_is_fragment(ip_hdr(skb))); in ipv4 nat. But this assertion (and the comment) are wrong, this function does see fragments when IP_NODEFRAG setsockopt is used. As conntrack doesn't track packets without complete l4 header, only the first fragment is tracked. Because applying nat to first packet but not the rest makes no sense this also turns off tracking of all fragments. Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Florian Westphal <fw(a)strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 4 ++++ net/ipv4/netfilter/nf_nat_l3proto_ipv4.c | 5 ----- 2 files changed, 4 insertions(+), 5 deletions(-) --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c @@ -158,6 +158,10 @@ static unsigned int ipv4_conntrack_local if (skb->len < sizeof(struct iphdr) || ip_hdrlen(skb) < sizeof(struct iphdr)) return NF_ACCEPT; + + if (ip_is_fragment(ip_hdr(skb))) /* IP_NODEFRAG setsockopt set */ + return NF_ACCEPT; + return nf_conntrack_in(state->net, PF_INET, state->hook, skb); } --- a/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c @@ -255,11 +255,6 @@ nf_nat_ipv4_fn(void *priv, struct sk_buf /* maniptype == SRC for postrouting. */ enum nf_nat_manip_type maniptype = HOOK2MANIP(state->hook); - /* We never see fragments: conntrack defrags on pre-routing - * and local-out, and nf_nat_out protects post-routing. - */ - NF_CT_ASSERT(!ip_is_fragment(ip_hdr(skb))); - ct = nf_ct_get(skb, &ctinfo); /* Can't track? It's not due to stress, or conntrack would * have dropped it. Hence it's the user's responsibilty to Patches currently in stable-queue which might be from fw(a)strlen.de are queue-4.9/netfilter-don-t-track-fragmented-packets.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "module: set __jump_table alignment to 8" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled module: set __jump_table alignment to 8 to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: module-set-__jump_table-alignment-to-8.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: David Daney <david.daney(a)cavium.com> Date: Wed, 1 Mar 2017 14:04:53 -0800 Subject: module: set __jump_table alignment to 8 From: David Daney <david.daney(a)cavium.com> [ Upstream commit ab42632156becd35d3884ee5c14da2bedbf3149a ] For powerpc the __jump_table section in modules is not aligned, this causes a WARN_ON() splat when loading a module containing a __jump_table. Strict alignment became necessary with commit 3821fd35b58d ("jump_label: Reduce the size of struct static_key"), currently in linux-next, which uses the two least significant bits of pointers to __jump_table elements. Fix by forcing __jump_table to 8, which is the same alignment used for this section in the kernel proper. Link: http://lkml.kernel.org/r/20170301220453.4756-1-david.daney@cavium.com Reviewed-by: Jason Baron <jbaron(a)akamai.com> Acked-by: Jessica Yu <jeyu(a)redhat.com> Acked-by: Michael Ellerman <mpe(a)ellerman.id.au> (powerpc) Tested-by: Sachin Sant <sachinp(a)linux.vnet.ibm.com> Signed-off-by: David Daney <david.daney(a)cavium.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- scripts/module-common.lds | 2 ++ 1 file changed, 2 insertions(+) --- a/scripts/module-common.lds +++ b/scripts/module-common.lds @@ -19,4 +19,6 @@ SECTIONS { . = ALIGN(8); .init_array 0 : { *(SORT(.init_array.*)) *(.init_array) } + + __jump_table 0 : ALIGN(8) { KEEP(*(__jump_table)) } } Patches currently in stable-queue which might be from david.daney(a)cavium.com are queue-4.9/module-set-__jump_table-alignment-to-8.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "md: free unused memory after bitmap resize" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled md: free unused memory after bitmap resize to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: md-free-unused-memory-after-bitmap-resize.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Zdenek Kabelac <zkabelac(a)redhat.com> Date: Wed, 8 Nov 2017 13:44:56 +0100 Subject: md: free unused memory after bitmap resize From: Zdenek Kabelac <zkabelac(a)redhat.com> [ Upstream commit 0868b99c214a3d55486c700de7c3f770b7243e7c ] When bitmap is resized, the old kalloced chunks just are not released once the resized bitmap starts to use new space. This fixes in particular kmemleak reports like this one: unreferenced object 0xffff8f4311e9c000 (size 4096): comm "lvm", pid 19333, jiffies 4295263268 (age 528.265s) hex dump (first 32 bytes): 02 80 02 80 02 80 02 80 02 80 02 80 02 80 02 80 ................ 02 80 02 80 02 80 02 80 02 80 02 80 02 80 02 80 ................ backtrace: [<ffffffffa69471ca>] kmemleak_alloc+0x4a/0xa0 [<ffffffffa628c10e>] kmem_cache_alloc_trace+0x14e/0x2e0 [<ffffffffa676cfec>] bitmap_checkpage+0x7c/0x110 [<ffffffffa676d0c5>] bitmap_get_counter+0x45/0xd0 [<ffffffffa676d6b3>] bitmap_set_memory_bits+0x43/0xe0 [<ffffffffa676e41c>] bitmap_init_from_disk+0x23c/0x530 [<ffffffffa676f1ae>] bitmap_load+0xbe/0x160 [<ffffffffc04c47d3>] raid_preresume+0x203/0x2f0 [dm_raid] [<ffffffffa677762f>] dm_table_resume_targets+0x4f/0xe0 [<ffffffffa6774b52>] dm_resume+0x122/0x140 [<ffffffffa6779b9f>] dev_suspend+0x18f/0x290 [<ffffffffa677a3a7>] ctl_ioctl+0x287/0x560 [<ffffffffa677a693>] dm_ctl_ioctl+0x13/0x20 [<ffffffffa62d6b46>] do_vfs_ioctl+0xa6/0x750 [<ffffffffa62d7269>] SyS_ioctl+0x79/0x90 [<ffffffffa6956d41>] entry_SYSCALL_64_fastpath+0x1f/0xc2 Signed-off-by: Zdenek Kabelac <zkabelac(a)redhat.com> Signed-off-by: Shaohua Li <shli(a)fb.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/md/bitmap.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/drivers/md/bitmap.c +++ b/drivers/md/bitmap.c @@ -2084,6 +2084,7 @@ int bitmap_resize(struct bitmap *bitmap, for (k = 0; k < page; k++) { kfree(new_bp[k].map); } + kfree(new_bp); /* restore some fields from old_counts */ bitmap->counts.bp = old_counts.bp; @@ -2134,6 +2135,14 @@ int bitmap_resize(struct bitmap *bitmap, block += old_blocks; } + if (bitmap->counts.bp != old_counts.bp) { + unsigned long k; + for (k = 0; k < old_counts.pages; k++) + if (!old_counts.bp[k].hijacked) + kfree(old_counts.bp[k].map); + kfree(old_counts.bp); + } + if (!init) { int i; while (block < (chunks << chunkshift)) { Patches currently in stable-queue which might be from zkabelac(a)redhat.com are queue-4.9/md-free-unused-memory-after-bitmap-resize.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mac80211_hwsim-fix-memory-leak-in-hwsim_new_radio_nl.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Date: Fri, 10 Nov 2017 18:48:50 +0000 Subject: mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() From: Ben Hutchings <ben.hutchings(a)codethink.co.uk> [ Upstream commit 67bd52386125ce1159c0581cbcd2740addf33cd4 ] hwsim_new_radio_nl() now copies the name attribute in order to add a null-terminator. mac80211_hwsim_new_radio() (indirectly) copies it again into the net_device structure, so the first copy is not used or freed later. Free the first copy before returning. Fixes: ff4dd73dd2b4 ("mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length") Signed-off-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/wireless/mac80211_hwsim.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c @@ -3047,6 +3047,7 @@ static int hwsim_new_radio_nl(struct sk_ { struct hwsim_new_radio_params param = { 0 }; const char *hwname = NULL; + int ret; param.reg_strict = info->attrs[HWSIM_ATTR_REG_STRICT_REG]; param.p2p_device = info->attrs[HWSIM_ATTR_SUPPORT_P2P_DEVICE]; @@ -3086,7 +3087,9 @@ static int hwsim_new_radio_nl(struct sk_ param.regd = hwsim_world_regdom_custom[idx]; } - return mac80211_hwsim_new_radio(info, &param); + ret = mac80211_hwsim_new_radio(info, &param); + kfree(hwname); + return ret; } static int hwsim_del_radio_nl(struct sk_buff *msg, struct genl_info *info) Patches currently in stable-queue which might be from ben.hutchings(a)codethink.co.uk are queue-4.9/mac80211_hwsim-fix-memory-leak-in-hwsim_new_radio_nl.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "libata: drop WARN from protocol error in ata_sff_qc_issue()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled libata: drop WARN from protocol error in ata_sff_qc_issue() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: libata-drop-warn-from-protocol-error-in-ata_sff_qc_issue.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Tejun Heo <tj(a)kernel.org> Date: Mon, 6 Mar 2017 15:26:54 -0500 Subject: libata: drop WARN from protocol error in ata_sff_qc_issue() From: Tejun Heo <tj(a)kernel.org> [ Upstream commit 0580b762a4d6b70817476b90042813f8573283fa ] ata_sff_qc_issue() expects upper layers to never issue commands on a command protocol that it doesn't implement. While the assumption holds fine with the usual IO path, nothing filters based on the command protocol in the passthrough path (which was added later), allowing the warning to be tripped with a passthrough command with the right (well, wrong) protocol. Failing with AC_ERR_SYSTEM is the right thing to do anyway. Remove the unnecessary WARN. Reported-by: Dmitry Vyukov <dvyukov(a)google.com> Link: http://lkml.kernel.org/r/CACT4Y+bXkvevNZU8uP6X0QVqsj6wNoUA_1exfTSOzc+SmUtMO… Signed-off-by: Tejun Heo <tj(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/ata/libata-sff.c | 1 - 1 file changed, 1 deletion(-) --- a/drivers/ata/libata-sff.c +++ b/drivers/ata/libata-sff.c @@ -1481,7 +1481,6 @@ unsigned int ata_sff_qc_issue(struct ata break; default: - WARN_ON_ONCE(1); return AC_ERR_SYSTEM; } Patches currently in stable-queue which might be from tj(a)kernel.org are queue-4.9/libata-drop-warn-from-protocol-error-in-ata_sff_qc_issue.patch queue-4.9/workqueue-trigger-warn-if-queue_delayed_work-is-called-with-null-wq.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "[media] lirc: fix dead lock between open and wakeup_filter" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [media] lirc: fix dead lock between open and wakeup_filter to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: lirc-fix-dead-lock-between-open-and-wakeup_filter.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Sean Young <sean(a)mess.org> Date: Mon, 13 Feb 2017 10:35:44 -0200 Subject: [media] lirc: fix dead lock between open and wakeup_filter From: Sean Young <sean(a)mess.org> [ Upstream commit db5b15b74ed9a5c04bb808d18ffa2c773f5c18c0 ] The locking in lirc needs improvement, but for now just fix this potential deadlock. ====================================================== [ INFO: possible circular locking dependency detected ] 4.10.0-rc1+ #1 Not tainted ------------------------------------------------------- bash/2502 is trying to acquire lock: (ir_raw_handler_lock){+.+.+.}, at: [<ffffffffc06f6a5e>] ir_raw_encode_scancode+0x3e/0xb0 [rc_core] but task is already holding lock: (&dev->lock){+.+.+.}, at: [<ffffffffc06f511f>] store_filter+0x9f/0x240 [rc_core] which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&dev->lock){+.+.+.}: [<ffffffffa110adad>] lock_acquire+0xfd/0x200 [<ffffffffa1921327>] mutex_lock_nested+0x77/0x6d0 [<ffffffffc06f436a>] rc_open+0x2a/0x80 [rc_core] [<ffffffffc07114ca>] lirc_dev_fop_open+0xda/0x1e0 [lirc_dev] [<ffffffffa12975e0>] chrdev_open+0xb0/0x210 [<ffffffffa128eb5a>] do_dentry_open+0x20a/0x2f0 [<ffffffffa128ffcc>] vfs_open+0x4c/0x80 [<ffffffffa12a35ec>] path_openat+0x5bc/0xc00 [<ffffffffa12a5271>] do_filp_open+0x91/0x100 [<ffffffffa12903f0>] do_sys_open+0x130/0x220 [<ffffffffa12904fe>] SyS_open+0x1e/0x20 [<ffffffffa19278c1>] entry_SYSCALL_64_fastpath+0x1f/0xc2 -> #1 (lirc_dev_lock){+.+.+.}: [<ffffffffa110adad>] lock_acquire+0xfd/0x200 [<ffffffffa1921327>] mutex_lock_nested+0x77/0x6d0 [<ffffffffc0711f47>] lirc_register_driver+0x67/0x59b [lirc_dev] [<ffffffffc06db7f4>] ir_lirc_register+0x1f4/0x260 [ir_lirc_codec] [<ffffffffc06f6cac>] ir_raw_handler_register+0x7c/0xb0 [rc_core] [<ffffffffc0398010>] 0xffffffffc0398010 [<ffffffffa1002192>] do_one_initcall+0x52/0x1b0 [<ffffffffa11ef5c8>] do_init_module+0x5f/0x1fa [<ffffffffa11566b5>] load_module+0x2675/0x2b00 [<ffffffffa1156dcf>] SYSC_finit_module+0xdf/0x110 [<ffffffffa1156e1e>] SyS_finit_module+0xe/0x10 [<ffffffffa1003f5c>] do_syscall_64+0x6c/0x1f0 [<ffffffffa1927989>] return_from_SYSCALL_64+0x0/0x7a -> #0 (ir_raw_handler_lock){+.+.+.}: [<ffffffffa110a7b7>] __lock_acquire+0x10f7/0x1290 [<ffffffffa110adad>] lock_acquire+0xfd/0x200 [<ffffffffa1921327>] mutex_lock_nested+0x77/0x6d0 [<ffffffffc06f6a5e>] ir_raw_encode_scancode+0x3e/0xb0 [rc_core] [<ffffffffc0b0f492>] loop_set_wakeup_filter+0x62/0xbd [rc_loopback] [<ffffffffc06f522a>] store_filter+0x1aa/0x240 [rc_core] [<ffffffffa15e46f8>] dev_attr_store+0x18/0x30 [<ffffffffa13318e5>] sysfs_kf_write+0x45/0x60 [<ffffffffa1330b55>] kernfs_fop_write+0x155/0x1e0 [<ffffffffa1290797>] __vfs_write+0x37/0x160 [<ffffffffa12921f8>] vfs_write+0xc8/0x1e0 [<ffffffffa12936e8>] SyS_write+0x58/0xc0 [<ffffffffa19278c1>] entry_SYSCALL_64_fastpath+0x1f/0xc2 other info that might help us debug this: Chain exists of: ir_raw_handler_lock --> lirc_dev_lock --> &dev->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&dev->lock); lock(lirc_dev_lock); lock(&dev->lock); lock(ir_raw_handler_lock); *** DEADLOCK *** 4 locks held by bash/2502: #0: (sb_writers#4){.+.+.+}, at: [<ffffffffa12922c5>] vfs_write+0x195/0x1e0 #1: (&of->mutex){+.+.+.}, at: [<ffffffffa1330b1f>] kernfs_fop_write+0x11f/0x1e0 #2: (s_active#215){.+.+.+}, at: [<ffffffffa1330b28>] kernfs_fop_write+0x128/0x1e0 #3: (&dev->lock){+.+.+.}, at: [<ffffffffc06f511f>] store_filter+0x9f/0x240 [rc_core] stack backtrace: CPU: 3 PID: 2502 Comm: bash Not tainted 4.10.0-rc1+ #1 Hardware name: /DG45ID, BIOS IDG4510H.86A.0135.2011.0225.1100 02/25/2011 Call Trace: dump_stack+0x86/0xc3 print_circular_bug+0x1be/0x210 __lock_acquire+0x10f7/0x1290 lock_acquire+0xfd/0x200 ? ir_raw_encode_scancode+0x3e/0xb0 [rc_core] ? ir_raw_encode_scancode+0x3e/0xb0 [rc_core] mutex_lock_nested+0x77/0x6d0 ? ir_raw_encode_scancode+0x3e/0xb0 [rc_core] ? loop_set_wakeup_filter+0x44/0xbd [rc_loopback] ir_raw_encode_scancode+0x3e/0xb0 [rc_core] loop_set_wakeup_filter+0x62/0xbd [rc_loopback] ? loop_set_tx_duty_cycle+0x70/0x70 [rc_loopback] store_filter+0x1aa/0x240 [rc_core] dev_attr_store+0x18/0x30 sysfs_kf_write+0x45/0x60 kernfs_fop_write+0x155/0x1e0 __vfs_write+0x37/0x160 ? rcu_read_lock_sched_held+0x4a/0x80 ? rcu_sync_lockdep_assert+0x2f/0x60 ? __sb_start_write+0x10c/0x220 ? vfs_write+0x195/0x1e0 ? security_file_permission+0x3b/0xc0 vfs_write+0xc8/0x1e0 SyS_write+0x58/0xc0 entry_SYSCALL_64_fastpath+0x1f/0xc2 Signed-off-by: Sean Young <sean(a)mess.org> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/media/rc/lirc_dev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/media/rc/lirc_dev.c +++ b/drivers/media/rc/lirc_dev.c @@ -446,6 +446,8 @@ int lirc_dev_fop_open(struct inode *inod return -ERESTARTSYS; ir = irctls[iminor(inode)]; + mutex_unlock(&lirc_dev_lock); + if (!ir) { retval = -ENODEV; goto error; @@ -486,8 +488,6 @@ int lirc_dev_fop_open(struct inode *inod } error: - mutex_unlock(&lirc_dev_lock); - nonseekable_open(inode, file); return retval; Patches currently in stable-queue which might be from sean(a)mess.org are queue-4.9/lirc-fix-dead-lock-between-open-and-wakeup_filter.patch queue-4.9/media-dvb-i2c-transfers-over-usb-cannot-be-done-from-stack.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "lib/genalloc.c: make the avail variable an atomic_long_t" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled lib/genalloc.c: make the avail variable an atomic_long_t to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: lib-genalloc.c-make-the-avail-variable-an-atomic_long_t.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Stephen Bates <sbates(a)raithlin.com> Date: Fri, 17 Nov 2017 15:28:16 -0800 Subject: lib/genalloc.c: make the avail variable an atomic_long_t From: Stephen Bates <sbates(a)raithlin.com> [ Upstream commit 36a3d1dd4e16bcd0d2ddfb4a2ec7092f0ae0d931 ] If the amount of resources allocated to a gen_pool exceeds 2^32 then the avail atomic overflows and this causes problems when clients try and borrow resources from the pool. This is only expected to be an issue on 64 bit systems. Add the <linux/atomic.h> header to pull in atomic_long* operations. So that 32 bit systems continue to use atomic32_t but 64 bit systems can use atomic64_t. Link: http://lkml.kernel.org/r/1509033843-25667-1-git-send-email-sbates@raithlin.… Signed-off-by: Stephen Bates <sbates(a)raithlin.com> Reviewed-by: Logan Gunthorpe <logang(a)deltatee.com> Reviewed-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Reviewed-by: Daniel Mentz <danielmentz(a)google.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/linux/genalloc.h | 3 ++- lib/genalloc.c | 10 +++++----- 2 files changed, 7 insertions(+), 6 deletions(-) --- a/include/linux/genalloc.h +++ b/include/linux/genalloc.h @@ -32,6 +32,7 @@ #include <linux/types.h> #include <linux/spinlock_types.h> +#include <linux/atomic.h> struct device; struct device_node; @@ -70,7 +71,7 @@ struct gen_pool { */ struct gen_pool_chunk { struct list_head next_chunk; /* next chunk in pool */ - atomic_t avail; + atomic_long_t avail; phys_addr_t phys_addr; /* physical starting address of memory chunk */ unsigned long start_addr; /* start address of memory chunk */ unsigned long end_addr; /* end address of memory chunk (inclusive) */ --- a/lib/genalloc.c +++ b/lib/genalloc.c @@ -194,7 +194,7 @@ int gen_pool_add_virt(struct gen_pool *p chunk->phys_addr = phys; chunk->start_addr = virt; chunk->end_addr = virt + size - 1; - atomic_set(&chunk->avail, size); + atomic_long_set(&chunk->avail, size); spin_lock(&pool->lock); list_add_rcu(&chunk->next_chunk, &pool->chunks); @@ -304,7 +304,7 @@ unsigned long gen_pool_alloc_algo(struct nbits = (size + (1UL << order) - 1) >> order; rcu_read_lock(); list_for_each_entry_rcu(chunk, &pool->chunks, next_chunk) { - if (size > atomic_read(&chunk->avail)) + if (size > atomic_long_read(&chunk->avail)) continue; start_bit = 0; @@ -324,7 +324,7 @@ retry: addr = chunk->start_addr + ((unsigned long)start_bit << order); size = nbits << order; - atomic_sub(size, &chunk->avail); + atomic_long_sub(size, &chunk->avail); break; } rcu_read_unlock(); @@ -390,7 +390,7 @@ void gen_pool_free(struct gen_pool *pool remain = bitmap_clear_ll(chunk->bits, start_bit, nbits); BUG_ON(remain); size = nbits << order; - atomic_add(size, &chunk->avail); + atomic_long_add(size, &chunk->avail); rcu_read_unlock(); return; } @@ -464,7 +464,7 @@ size_t gen_pool_avail(struct gen_pool *p rcu_read_lock(); list_for_each_entry_rcu(chunk, &pool->chunks, next_chunk) - avail += atomic_read(&chunk->avail); + avail += atomic_long_read(&chunk->avail); rcu_read_unlock(); return avail; } Patches currently in stable-queue which might be from sbates(a)raithlin.com are queue-4.9/lib-genalloc.c-make-the-avail-variable-an-atomic_long_t.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "kvm: nVMX: VMCLEAR should not cause the vCPU to shut down" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled kvm: nVMX: VMCLEAR should not cause the vCPU to shut down to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: kvm-nvmx-vmclear-should-not-cause-the-vcpu-to-shut-down.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Jim Mattson <jmattson(a)google.com> Date: Thu, 2 Mar 2017 12:41:48 -0800 Subject: kvm: nVMX: VMCLEAR should not cause the vCPU to shut down From: Jim Mattson <jmattson(a)google.com> [ Upstream commit 587d7e72aedca91cee80c0a56811649c3efab765 ] VMCLEAR should silently ignore a failure to clear the launch state of the VMCS referenced by the operand. Signed-off-by: Jim Mattson <jmattson(a)google.com> [Changed "kvm_write_guest(vcpu->kvm" to "kvm_vcpu_write_guest(vcpu".] Signed-off-by: Radim Krčmář <rkrcmar(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kvm/vmx.c | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -7203,9 +7203,8 @@ static int handle_vmoff(struct kvm_vcpu static int handle_vmclear(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); + u32 zero = 0; gpa_t vmptr; - struct vmcs12 *vmcs12; - struct page *page; if (!nested_vmx_check_permission(vcpu)) return 1; @@ -7216,22 +7215,9 @@ static int handle_vmclear(struct kvm_vcp if (vmptr == vmx->nested.current_vmptr) nested_release_vmcs12(vmx); - page = nested_get_page(vcpu, vmptr); - if (page == NULL) { - /* - * For accurate processor emulation, VMCLEAR beyond available - * physical memory should do nothing at all. However, it is - * possible that a nested vmx bug, not a guest hypervisor bug, - * resulted in this case, so let's shut down before doing any - * more damage: - */ - kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu); - return 1; - } - vmcs12 = kmap(page); - vmcs12->launch_state = 0; - kunmap(page); - nested_release_page(page); + kvm_vcpu_write_guest(vcpu, + vmptr + offsetof(struct vmcs12, launch_state), + &zero, sizeof(zero)); nested_free_vmcs02(vmx, vmptr); Patches currently in stable-queue which might be from jmattson(a)google.com are queue-4.9/kvm-nvmx-reset-nested_run_pending-if-the-vcpu-is-going-to-be-reset.patch queue-4.9/kvm-nvmx-vmclear-should-not-cause-the-vcpu-to-shut-down.patch queue-4.9/kvm-vmx-remove-i-o-port-0x80-bypass-on-intel-hosts.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: kvm-nvmx-reset-nested_run_pending-if-the-vcpu-is-going-to-be-reset.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 13:26:17 CET 2017 From: Wanpeng Li <wanpeng.li(a)hotmail.com> Date: Mon, 6 Mar 2017 04:03:28 -0800 Subject: KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset From: Wanpeng Li <wanpeng.li(a)hotmail.com> [ Upstream commit 2f707d97982286b307ef2a9b034e19aabc1abb56 ] Reported by syzkaller: WARNING: CPU: 1 PID: 27742 at arch/x86/kvm/vmx.c:11029 nested_vmx_vmexit+0x5c35/0x74d0 arch/x86/kvm/vmx.c:11029 CPU: 1 PID: 27742 Comm: a.out Not tainted 4.10.0+ #229 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:15 [inline] dump_stack+0x2ee/0x3ef lib/dump_stack.c:51 panic+0x1fb/0x412 kernel/panic.c:179 __warn+0x1c4/0x1e0 kernel/panic.c:540 warn_slowpath_null+0x2c/0x40 kernel/panic.c:583 nested_vmx_vmexit+0x5c35/0x74d0 arch/x86/kvm/vmx.c:11029 vmx_leave_nested arch/x86/kvm/vmx.c:11136 [inline] vmx_set_msr+0x1565/0x1910 arch/x86/kvm/vmx.c:3324 kvm_set_msr+0xd4/0x170 arch/x86/kvm/x86.c:1099 do_set_msr+0x11e/0x190 arch/x86/kvm/x86.c:1128 __msr_io arch/x86/kvm/x86.c:2577 [inline] msr_io+0x24b/0x450 arch/x86/kvm/x86.c:2614 kvm_arch_vcpu_ioctl+0x35b/0x46a0 arch/x86/kvm/x86.c:3497 kvm_vcpu_ioctl+0x232/0x1120 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2721 vfs_ioctl fs/ioctl.c:43 [inline] do_vfs_ioctl+0x1bf/0x1790 fs/ioctl.c:683 SYSC_ioctl fs/ioctl.c:698 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:689 entry_SYSCALL_64_fastpath+0x1f/0xc2 The syzkaller folks reported a nested_run_pending warning during userspace clear VMX capability which is exposed to L1 before. The warning gets thrown while doing (*(uint32_t*)0x20aecfe8 = (uint32_t)0x1); (*(uint32_t*)0x20aecfec = (uint32_t)0x0); (*(uint32_t*)0x20aecff0 = (uint32_t)0x3a); (*(uint32_t*)0x20aecff4 = (uint32_t)0x0); (*(uint64_t*)0x20aecff8 = (uint64_t)0x0); r[29] = syscall(__NR_ioctl, r[4], 0x4008ae89ul, 0x20aecfe8ul, 0, 0, 0, 0, 0, 0); i.e. KVM_SET_MSR ioctl with struct kvm_msrs { .nmsrs = 1, .pad = 0, .entries = { {.index = MSR_IA32_FEATURE_CONTROL, .reserved = 0, .data = 0} } } The VMLANCH/VMRESUME emulation should be stopped since the CPU is going to reset here. This patch resets the nested_run_pending since the CPU is going to be reset hence there should be nothing pending. Reported-by: Dmitry Vyukov <dvyukov(a)google.com> Suggested-by: Radim Krčmář <rkrcmar(a)redhat.com> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Radim Krčmář <rkrcmar(a)redhat.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Signed-off-by: Wanpeng Li <wanpeng.li(a)hotmail.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Jim Mattson <jmattson(a)google.com> Signed-off-by: Radim Krčmář <rkrcmar(a)redhat.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kvm/vmx.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -10884,8 +10884,10 @@ static void nested_vmx_vmexit(struct kvm */ static void vmx_leave_nested(struct kvm_vcpu *vcpu) { - if (is_guest_mode(vcpu)) + if (is_guest_mode(vcpu)) { + to_vmx(vcpu)->nested.nested_run_pending = 0; nested_vmx_vmexit(vcpu, -1, 0, 0); + } free_nested(to_vmx(vcpu)); } Patches currently in stable-queue which might be from wanpeng.li(a)hotmail.com are queue-4.9/kvm-nvmx-reset-nested_run_pending-if-the-vcpu-is-going-to-be-reset.patch queue-4.9/kvm-x86-fix-apic-page-invalidation.patch

7 years, 6 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror