- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] + vmalloc-fix-__gfp_highmem-usage-for-vmalloc_32-on-32b-systems.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems has been added to the -mm tree. Its filename is vmalloc-fix-__gfp_highmem-usage-for-vmalloc_32-on-32b-systems.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/vmalloc-fix-__gfp_highmem-usage-fo… and later at http://ozlabs.org/~akpm/mmotm/broken-out/vmalloc-fix-__gfp_highmem-usage-fo… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/SubmitChecklist when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Michal Hocko <mhocko(a)suse.com> Subject: vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems Kai Heng Feng has noticed that BUG_ON(PageHighMem(pg)) triggers in drivers/media/common/saa7146/saa7146_core.c since 19809c2da28a ("mm, vmalloc: use __GFP_HIGHMEM implicitly"). saa7146_vmalloc_build_pgtable uses vmalloc_32 and it is reasonable to expect that the resulting page is not in highmem. The above commit aimed to add __GFP_HIGHMEM only for those requests which do not specify any zone modifier gfp flag. vmalloc_32 relies on GFP_VMALLOC32 which should do the right thing. Except it has been missed that GFP_VMALLOC32 is an alias for GFP_KERNEL on 32b architectures. Thanks to Matthew to notice this. Fix the problem by unconditionally setting GFP_DMA32 in GFP_VMALLOC32 for !64b arches (as a bailout). This should do the right thing and use ZONE_NORMAL which should be always below 4G on 32b systems. Debugged by Matthew Wilcox. Link: http://lkml.kernel.org/r/20180212095019.GX21609@dhcp22.suse.cz Fixes: 19809c2da28a ("mm, vmalloc: use __GFP_HIGHMEM implicitly”) Signed-off-by: Michal Hocko <mhocko(a)suse.com> Reported-by: Kai Heng Feng <kai.heng.feng(a)canonical.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Laura Abbott <labbott(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff -puN mm/vmalloc.c~vmalloc-fix-__gfp_highmem-usage-for-vmalloc_32-on-32b-systems mm/vmalloc.c --- a/mm/vmalloc.c~vmalloc-fix-__gfp_highmem-usage-for-vmalloc_32-on-32b-systems +++ a/mm/vmalloc.c @@ -1947,7 +1947,11 @@ void *vmalloc_exec(unsigned long size) #elif defined(CONFIG_64BIT) && defined(CONFIG_ZONE_DMA) #define GFP_VMALLOC32 GFP_DMA | GFP_KERNEL #else -#define GFP_VMALLOC32 GFP_KERNEL +/* + * 64b systems should always have either DMA or DMA32 zones. For others + * GFP_DMA32 should do the right thing and use the normal zone. + */ +#define GFP_VMALLOC32 GFP_DMA32 | GFP_KERNEL #endif /** _ Patches currently in -mm which might be from mhocko(a)suse.com are vmalloc-fix-__gfp_highmem-usage-for-vmalloc_32-on-32b-systems.patch mm-oom-docs-describe-the-cgroup-aware-oom-killer-fix-2.patch mm-introduce-map_fixed_safe.patch fs-elf-drop-map_fixed-usage-from-elf_map.patch mm-numa-rework-do_pages_move.patch mm-migrate-remove-reason-argument-from-new_page_t.patch mm-unclutter-thp-migration.patch

7 years, 8 months

1
0
0 0

[Linux-stable-mirror] [PATCH v3 3/3] extcon: int3496: process id-pin first so that we start with the right status

by Hans de Goede

Some other drivers may be waiting for our extcon to show-up (exiting their probe methods with -EPROBE_DEFER until we show up). These drivers will typically get the cable state directly after getting the extcon, this commit changes the int3496 code to process the id-pin before registering the extcon, so that other drivers see the correct state right away. Fixes: 2f556bdb9f2e ("extcon: int3496: Add Intel INT3496 ACPI ... driver") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- Changes in v2: -Add Fixes tag Changes in v3: -Fix oops on probe by scheduling the work too early --- drivers/extcon/extcon-intel-int3496.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/extcon/extcon-intel-int3496.c b/drivers/extcon/extcon-intel-int3496.c index c8691b5a9cb0..673bb26a9a2a 100644 --- a/drivers/extcon/extcon-intel-int3496.c +++ b/drivers/extcon/extcon-intel-int3496.c @@ -131,11 +131,15 @@ static int int3496_probe(struct platform_device *pdev) if (IS_ERR(data->gpio_usb_mux)) dev_info(dev, "can't request USB MUX GPIO\n"); - /* register extcon device */ data->edev = devm_extcon_dev_allocate(dev, int3496_cable); if (IS_ERR(data->edev)) return -ENOMEM; + /* process id-pin first so that we start with the right status */ + queue_delayed_work(system_wq, &data->work, 0); + flush_delayed_work(&data->work); + + /* register extcon device */ ret = devm_extcon_dev_register(dev, data->edev); if (ret < 0) { dev_err(dev, "can't register extcon device: %d\n", ret); @@ -153,9 +157,6 @@ static int int3496_probe(struct platform_device *pdev) return ret; } - /* queue initial processing of id-pin */ - queue_delayed_work(system_wq, &data->work, 0); - platform_set_drvdata(pdev, data); return 0; -- 2.14.3

7 years, 8 months

2
1
0 0

[Linux-stable-mirror] [PATCH] mtd: nand: vf610: set correct ooblayout

by Stefan Agner

With commit 3cf32d180227 ("mtd: nand: vf610: switch to mtd_ooblayout_ops") the driver started to use the NAND cores default large page ooblayout. However, shortly after commit 6a623e076944 ("mtd: nand: add ooblayout for old hamming layout") changed the default layout to the old hamming layout, which is not what vf610_nfc is using. Specify the default large page layout explicitly. Fixes: 6a623e076944 ("mtd: nand: add ooblayout for old hamming layout") Cc: <stable(a)vger.kernel.org> # v4.12+ Signed-off-by: Stefan Agner <stefan(a)agner.ch> --- drivers/mtd/nand/vf610_nfc.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/mtd/nand/vf610_nfc.c b/drivers/mtd/nand/vf610_nfc.c index 80d31a58e558..f367144f3c6f 100644 --- a/drivers/mtd/nand/vf610_nfc.c +++ b/drivers/mtd/nand/vf610_nfc.c @@ -752,10 +752,8 @@ static int vf610_nfc_probe(struct platform_device *pdev) if (mtd->oobsize > 64) mtd->oobsize = 64; - /* - * mtd->ecclayout is not specified here because we're using the - * default large page ECC layout defined in NAND core. - */ + /* Use default large page ECC layout defined in NAND core */ + mtd_set_ooblayout(mtd, &nand_ooblayout_lp_ops); if (chip->ecc.strength == 32) { nfc->ecc_mode = ECC_60_BYTE; chip->ecc.bytes = 60; -- 2.16.1

7 years, 8 months

2
1
0 0

[Linux-stable-mirror] [PATCH] extcon: intel-int3496: Fix oops on probe

by Hans de Goede

Commit 41d600274fbf ("extcon: int3496: process id-pin first so that we start with the right status") starts the work on the workqueue before registration to make sure we've a valid cable state directly after registration. But that commit moves the queuing of the work to before we even alloc the extcon, causing a NULL pointer deref in the worker. This commit moves the queuing of the work to after we alloc the extcon, fixing the NULL pointer deref. Fixes: 41d600274fbf ("extcon: int3496: process id-pin first ...") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/extcon/extcon-intel-int3496.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/extcon/extcon-intel-int3496.c b/drivers/extcon/extcon-intel-int3496.c index b23ee9d993a3..673bb26a9a2a 100644 --- a/drivers/extcon/extcon-intel-int3496.c +++ b/drivers/extcon/extcon-intel-int3496.c @@ -131,15 +131,15 @@ static int int3496_probe(struct platform_device *pdev) if (IS_ERR(data->gpio_usb_mux)) dev_info(dev, "can't request USB MUX GPIO\n"); + data->edev = devm_extcon_dev_allocate(dev, int3496_cable); + if (IS_ERR(data->edev)) + return -ENOMEM; + /* process id-pin first so that we start with the right status */ queue_delayed_work(system_wq, &data->work, 0); flush_delayed_work(&data->work); /* register extcon device */ - data->edev = devm_extcon_dev_allocate(dev, int3496_cable); - if (IS_ERR(data->edev)) - return -ENOMEM; - ret = devm_extcon_dev_register(dev, data->edev); if (ret < 0) { dev_err(dev, "can't register extcon device: %d\n", ret); -- 2.14.3

7 years, 8 months

2
2
0 0

[Linux-stable-mirror] [PATCH -mm -v2] mm, swap, frontswap: Fix THP swap if frontswap enabled

by Huang, Ying

From: Huang Ying <huang.ying.caritas(a)gmail.com> It was reported by Sergey Senozhatsky that if THP (Transparent Huge Page) and frontswap (via zswap) are both enabled, when memory goes low so that swap is triggered, segfault and memory corruption will occur in random user space applications as follow, kernel: urxvt[338]: segfault at 20 ip 00007fc08889ae0d sp 00007ffc73a7fc40 error 6 in libc-2.26.so[7fc08881a000+1ae000] #0 0x00007fc08889ae0d _int_malloc (libc.so.6) #1 0x00007fc08889c2f3 malloc (libc.so.6) #2 0x0000560e6004bff7 _Z14rxvt_wcstoutf8PKwi (urxvt) #3 0x0000560e6005e75c n/a (urxvt) #4 0x0000560e6007d9f1 _ZN16rxvt_perl_interp6invokeEP9rxvt_term9hook_typez (urxvt) #5 0x0000560e6003d988 _ZN9rxvt_term9cmd_parseEv (urxvt) #6 0x0000560e60042804 _ZN9rxvt_term6pty_cbERN2ev2ioEi (urxvt) #7 0x0000560e6005c10f _Z17ev_invoke_pendingv (urxvt) #8 0x0000560e6005cb55 ev_run (urxvt) #9 0x0000560e6003b9b9 main (urxvt) #10 0x00007fc08883af4a __libc_start_main (libc.so.6) #11 0x0000560e6003f9da _start (urxvt) After bisection, it was found the first bad commit is bd4c82c22c367e068 ("mm, THP, swap: delay splitting THP after swapped out"). The root cause is as follow. When the pages are written to swap device during swapping out in swap_writepage(), zswap (fontswap) is tried to compress the pages instead to improve the performance. But zswap (frontswap) will treat THP as normal page, so only the head page is saved. After swapping in, tail pages will not be restored to its original contents, so cause the memory corruption in the applications. This is fixed via splitting THP before writing the page to swap device if frontswap is enabled. To deal with the situation where frontswap is enabled at runtime, whether the page is THP is checked before using frontswap during swapping out too. Reported-and-tested-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Signed-off-by: "Huang, Ying" <ying.huang(a)intel.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> Cc: Dan Streetman <ddstreet(a)ieee.org> Cc: Seth Jennings <sjenning(a)redhat.com> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Cc: Shaohua Li <shli(a)kernel.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Shakeel Butt <shakeelb(a)google.com> Cc: stable(a)vger.kernel.org # 4.14 Fixes: bd4c82c22c367e068 ("mm, THP, swap: delay splitting THP after swapped out") Changelog: v2: - Move frontswap check into swapfile.c to avoid to make vmscan.c depends on frontswap. --- mm/page_io.c | 2 +- mm/swapfile.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/mm/page_io.c b/mm/page_io.c index b41cf9644585..6dca817ae7a0 100644 --- a/mm/page_io.c +++ b/mm/page_io.c @@ -250,7 +250,7 @@ int swap_writepage(struct page *page, struct writeback_control *wbc) unlock_page(page); goto out; } - if (frontswap_store(page) == 0) { + if (!PageTransHuge(page) && frontswap_store(page) == 0) { set_page_writeback(page); unlock_page(page); end_page_writeback(page); diff --git a/mm/swapfile.c b/mm/swapfile.c index 006047b16814..0b7c7883ce64 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -934,6 +934,9 @@ int get_swap_pages(int n_goal, bool cluster, swp_entry_t swp_entries[]) /* Only single cluster request supported */ WARN_ON_ONCE(n_goal > 1 && cluster); + /* Frontswap doesn't support THP */ + if (frontswap_enabled() && cluster) + goto noswap; avail_pgs = atomic_long_read(&nr_swap_pages) / nr_pages; if (avail_pgs <= 0) -- 2.15.1

7 years, 8 months

7
12
0 0

[Linux-stable-mirror] [PATCH v2] xenbus: track caller request id

by Joao Martins

Commit fd8aa9095a95 ("xen: optimize xenbus driver for multiple concurrent xenstore accesses") optimized xenbus concurrent accesses but in doing so broke UABI of /dev/xen/xenbus. Through /dev/xen/xenbus applications are in charge of xenbus message exchange with the correct header and body. Now, after the mentioned commit the replies received by application will no longer have the header req_id echoed back as it was on request (see specification below for reference), because that particular field is being overwritten by kernel. struct xsd_sockmsg { uint32_t type; /* XS_??? */ uint32_t req_id;/* Request identifier, echoed in daemon's response. */ uint32_t tx_id; /* Transaction id (0 if not related to a transaction). */ uint32_t len; /* Length of data following this. */ /* Generally followed by nul-terminated string(s). */ }; Before there was only one request at a time so req_id could simply be forwarded back and forth. To allow simultaneous requests we need a different req_id for each message thus kernel keeps a monotonic increasing counter for this field and is written on every request irrespective of userspace value. Forwarding again the req_id on userspace requests is not a solution because we would open the possibility of userspace-generated req_id colliding with kernel ones. So this patch instead takes another route which is to artificially keep user req_id while keeping the xenbus logic as is. We do that by saving the original req_id before xs_send(), use the private kernel counter as req_id and then once reply comes and was validated, we restore back the original req_id. Cc: <stable(a)vger.kernel.org> # 4.11 Fixes: fd8aa9095a ("xen: optimize xenbus driver for multiple concurrent xenstore accesses") Reported-by: Bhavesh Davda <bhavesh.davda(a)oracle.com> Signed-off-by: Joao Martins <joao.m.martins(a)oracle.com> --- Here's a link to a unit test (https://pastebin.com/2q51j2sR) where req_id of reply and response are being asserted each request. Without this patch the assert will fail (e.g. try it with `./xswire_reqid_test name`). But on <= v4.10 or >= v4.11 with the fix above, it will print domain name 10 times. Changes since v1: * Adjust commit message (Comments from Juergen on IRC) * Unilateraly save/restore req_id and remove xs_request_is_user() * Initialize req_id for kernel callers --- drivers/xen/xenbus/xenbus.h | 1 + drivers/xen/xenbus/xenbus_comms.c | 1 + drivers/xen/xenbus/xenbus_xs.c | 3 +++ 3 files changed, 5 insertions(+) diff --git a/drivers/xen/xenbus/xenbus.h b/drivers/xen/xenbus/xenbus.h index 149c5e7efc89..092981171df1 100644 --- a/drivers/xen/xenbus/xenbus.h +++ b/drivers/xen/xenbus/xenbus.h @@ -76,6 +76,7 @@ struct xb_req_data { struct list_head list; wait_queue_head_t wq; struct xsd_sockmsg msg; + uint32_t caller_req_id; enum xsd_sockmsg_type type; char *body; const struct kvec *vec; diff --git a/drivers/xen/xenbus/xenbus_comms.c b/drivers/xen/xenbus/xenbus_comms.c index 5b081a01779d..d239fc3c5e3d 100644 --- a/drivers/xen/xenbus/xenbus_comms.c +++ b/drivers/xen/xenbus/xenbus_comms.c @@ -309,6 +309,7 @@ static int process_msg(void) goto out; if (req->state == xb_req_state_wait_reply) { + req->msg.req_id = req->caller_req_id; req->msg.type = state.msg.type; req->msg.len = state.msg.len; req->body = state.body; diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c index 3e59590c7254..3f3b29398ab8 100644 --- a/drivers/xen/xenbus/xenbus_xs.c +++ b/drivers/xen/xenbus/xenbus_xs.c @@ -227,6 +227,8 @@ static void xs_send(struct xb_req_data *req, struct xsd_sockmsg *msg) req->state = xb_req_state_queued; init_waitqueue_head(&req->wq); + /* Save the caller req_id and restore it later in the reply */ + req->caller_req_id = req->msg.req_id; req->msg.req_id = xs_request_enter(req); mutex_lock(&xb_write_mutex); @@ -310,6 +312,7 @@ static void *xs_talkv(struct xenbus_transaction t, req->num_vecs = num_vecs; req->cb = xs_wake_up; + msg.req_id = 0; msg.tx_id = t.id; msg.type = type; msg.len = 0; -- 2.11.0

7 years, 8 months

2
2
0 0

[Linux-stable-mirror] [PATCH 6/6] xhci: fix xhci debugfs errors in xhci_stop

by Mathias Nyman

From: Zhengjun Xing <zhengjun.xing(a)linux.intel.com> In function xhci_stop, xhci_debugfs_exit called before xhci_mem_cleanup. xhci_debugfs_exit removed the xhci debugfs root nodes, xhci_mem_cleanup called function xhci_free_virt_devices_depth_first which in turn called function xhci_debugfs_remove_slot. Function xhci_debugfs_remove_slot removed the nodes for devices, the nodes folders are sub folder of xhci debugfs. It is unreasonable to remove xhci debugfs root folder before xhci debugfs sub folder. Function xhci_mem_cleanup should be called before function xhci_debugfs_exit. Fixes: 02b6fdc2a153 ("usb: xhci: Add debugfs interface for xHCI driver") Cc: <stable(a)vger.kernel.org> # v4.15 Signed-off-by: Zhengjun Xing <zhengjun.xing(a)linux.intel.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 4adb6da..25d4b748 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -646,8 +646,6 @@ static void xhci_stop(struct usb_hcd *hcd) return; } - xhci_debugfs_exit(xhci); - xhci_dbc_exit(xhci); spin_lock_irq(&xhci->lock); @@ -680,6 +678,7 @@ static void xhci_stop(struct usb_hcd *hcd) xhci_dbg_trace(xhci, trace_xhci_dbg_init, "cleaning up memory"); xhci_mem_cleanup(xhci); + xhci_debugfs_exit(xhci); xhci_dbg_trace(xhci, trace_xhci_dbg_init, "xhci_stop completed - status = %x", readl(&xhci->op_regs->status)); -- 2.7.4

7 years, 8 months

1
0
0 0

[Linux-stable-mirror] [PATCH 5/6] xhci: xhci debugfs device nodes weren't removed after device plugged out

by Mathias Nyman

From: Zhengjun Xing <zhengjun.xing(a)linux.intel.com> There is a bug after plugged out USB device, the device and its ep00 nodes are still kept, we need to remove the nodes in xhci_free_dev when USB device is plugged out. Fixes: 052f71e25a7e ("xhci: Fix xhci debugfs NULL pointer dereference in resume from hibernate") Cc: <stable(a)vger.kernel.org> # v4.15 Signed-off-by: Zhengjun Xing <zhengjun.xing(a)linux.intel.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index b01bd64..4adb6da 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -3545,12 +3545,10 @@ static void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev) virt_dev->eps[i].ep_state &= ~EP_STOP_CMD_PENDING; del_timer_sync(&virt_dev->eps[i].stop_cmd_timer); } - + xhci_debugfs_remove_slot(xhci, udev->slot_id); ret = xhci_disable_slot(xhci, udev->slot_id); - if (ret) { - xhci_debugfs_remove_slot(xhci, udev->slot_id); + if (ret) xhci_free_virt_device(xhci, udev->slot_id); - } } int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id) -- 2.7.4

7 years, 8 months

1
0
0 0

[Linux-stable-mirror] [PATCH 4/6] xhci: Fix xhci debugfs devices node disappearance after hibernation

by Mathias Nyman

From: Zhengjun Xing <zhengjun.xing(a)linux.intel.com> During system resume from hibernation, xhci host is reset, all the nodes in devices folder are removed in xhci_mem_cleanup function. Later nodes in /sys/kernel/debug/usb/xhci/* are created again in function xhci_run, but the nodes already exist, so the nodes still keep the old ones, finally device nodes in xhci debugfs folder /sys/kernel/debug/usb/xhci/*/devices/* are disappeared. This fix removed xhci debugfs nodes before the nodes are re-created, so all the nodes in xhci debugfs can be re-created successfully. Fixes: 02b6fdc2a153 ("usb: xhci: Add debugfs interface for xHCI driver") Cc: <stable(a)vger.kernel.org> # v4.15 Signed-off-by: Zhengjun Xing <zhengjun.xing(a)linux.intel.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 1eeb339..b01bd64 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -1014,6 +1014,7 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated) xhci_dbg(xhci, "cleaning up memory\n"); xhci_mem_cleanup(xhci); + xhci_debugfs_exit(xhci); xhci_dbg(xhci, "xhci_stop completed - status = %x\n", readl(&xhci->op_regs->status)); -- 2.7.4

7 years, 8 months

1
0
0 0

[Linux-stable-mirror] [PATCH 3/6] xhci: Fix NULL pointer in xhci debugfs

by Mathias Nyman

From: Zhengjun Xing <zhengjun.xing(a)linux.intel.com> Commit dde634057da7 ("xhci: Fix use-after-free in xhci debugfs") causes a null pointer dereference while fixing xhci-debugfs usage of ring pointers that were freed during hibernate. The fix passed addresses to ring pointers instead, but forgot to do this change for the xhci_ring_trb_show function. The address of the ring pointer passed to xhci-debugfs was of a temporary ring pointer "new_ring" instead of the actual ring "ring" pointer. The temporary new_ring pointer will be set to NULL later causing the NULL pointer dereference. This issue was seen when reading xhci related files in debugfs: cat /sys/kernel/debug/usb/xhci/*/devices/*/ep*/trbs [ 184.604861] BUG: unable to handle kernel NULL pointer dereference at (null) [ 184.613776] IP: xhci_ring_trb_show+0x3a/0x890 [ 184.618733] PGD 264193067 P4D 264193067 PUD 263238067 PMD 0 [ 184.625184] Oops: 0000 [#1] SMP [ 184.726410] RIP: 0010:xhci_ring_trb_show+0x3a/0x890 [ 184.731944] RSP: 0018:ffffba8243c0fd90 EFLAGS: 00010246 [ 184.737880] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000000295d6 [ 184.746020] RDX: 00000000000295d5 RSI: 0000000000000001 RDI: ffff971a6418d400 [ 184.754121] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 184.762222] R10: ffff971a64c98a80 R11: ffff971a62a00e40 R12: ffff971a62a85500 [ 184.770325] R13: 0000000000020000 R14: ffff971a6418d400 R15: ffff971a6418d400 [ 184.778448] FS: 00007fe725a79700(0000) GS:ffff971a6ec00000(0000) knlGS:0000000000000000 [ 184.787644] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 184.794168] CR2: 0000000000000000 CR3: 000000025f365005 CR4: 00000000003606f0 [ 184.802318] Call Trace: [ 184.805094] ? seq_read+0x281/0x3b0 [ 184.809068] seq_read+0xeb/0x3b0 [ 184.812735] full_proxy_read+0x4d/0x70 [ 184.817007] __vfs_read+0x23/0x120 [ 184.820870] vfs_read+0x91/0x130 [ 184.824538] SyS_read+0x42/0x90 [ 184.828106] entry_SYSCALL_64_fastpath+0x1a/0x7d Fixes: dde634057da7 ("xhci: Fix use-after-free in xhci debugfs") Cc: <stable(a)vger.kernel.org> # v4.15 Signed-off-by: Zhengjun Xing <zhengjun.xing(a)linux.intel.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-debugfs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/host/xhci-debugfs.c b/drivers/usb/host/xhci-debugfs.c index e26e685..5851052 100644 --- a/drivers/usb/host/xhci-debugfs.c +++ b/drivers/usb/host/xhci-debugfs.c @@ -211,7 +211,7 @@ static void xhci_ring_dump_segment(struct seq_file *s, static int xhci_ring_trb_show(struct seq_file *s, void *unused) { int i; - struct xhci_ring *ring = s->private; + struct xhci_ring *ring = *(struct xhci_ring **)s->private; struct xhci_segment *seg = ring->first_seg; for (i = 0; i < ring->num_segs; i++) { @@ -387,7 +387,7 @@ void xhci_debugfs_create_endpoint(struct xhci_hcd *xhci, snprintf(epriv->name, sizeof(epriv->name), "ep%02d", ep_index); epriv->root = xhci_debugfs_create_ring_dir(xhci, - &dev->eps[ep_index].new_ring, + &dev->eps[ep_index].ring, epriv->name, spriv->root); spriv->eps[ep_index] = epriv; -- 2.7.4

7 years, 8 months

1
0
0 0

[Linux-stable-mirror] v4.15.3 build: 0 failures 0 warnings (v4.15.3)

by Build bot for Mark Brown

Tree/Branch: v4.15.3 Git describe: v4.15.3 Commit: e6e2d12fa4 Linux 4.15.3 Build Time: 112 min 12 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 8 months

1
0
0 0

[Linux-stable-mirror] [PATCH 1/2] xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling

by Simon Gaiser

Commit fd8aa9095a95 ("xen: optimize xenbus driver for multiple concurrent xenstore accesses") made a subtle change to the semantic of xenbus_dev_request_and_reply() and xenbus_transaction_end(). Before on an error response to XS_TRANSACTION_END xenbus_dev_request_and_reply() would not decrement the active transaction counter. But xenbus_transaction_end() has always counted the transaction as finished regardless of the response. The new behavior is that xenbus_dev_request_and_reply() and xenbus_transaction_end() will always count the transaction as finished regardless the response code (handled in xs_request_exit()). But xenbus_dev_frontend tries to end a transaction on closing of the device if the XS_TRANSACTION_END failed before. Trying to close the transaction twice corrupts the reference count. So fix this by also considering a transaction closed if we have sent XS_TRANSACTION_END once regardless of the return code. Cc: <stable(a)vger.kernel.org> # 4.11 Fixes: fd8aa9095a95 ("xen: optimize xenbus driver for multiple concurrent xenstore accesses") Signed-off-by: Simon Gaiser <simon(a)invisiblethingslab.com> --- drivers/xen/xenbus/xenbus_dev_frontend.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c index f3b089b7c0b6..d2edbc79384a 100644 --- a/drivers/xen/xenbus/xenbus_dev_frontend.c +++ b/drivers/xen/xenbus/xenbus_dev_frontend.c @@ -365,7 +365,7 @@ void xenbus_dev_queue_reply(struct xb_req_data *req) if (WARN_ON(rc)) goto out; } - } else if (req->msg.type == XS_TRANSACTION_END) { + } else if (req->type == XS_TRANSACTION_END) { trans = xenbus_get_transaction(u, req->msg.tx_id); if (WARN_ON(!trans)) goto out; -- 2.15.1

7 years, 8 months

3
3
0 0

[Linux-stable-mirror] [PATCH 3.2 00/79] 3.2.99-rc1 review

by Ben Hutchings

This is the start of the stable review cycle for the 3.2.99 release. There are 79 patches in this series, which will be posted as responses to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Feb 13 12:00:00 UTC 2018. Anything received after that time might be too late. All the patches have also been committed to the linux-3.2.y-rc branch of https://git.kernel.org/pub/scm/linux/kernel/git/bwh/linux-stable-rc.git . A shortlog and diffstat can be found below. Ben. ------------- Al Viro (2): autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race [4041bcdc7bef06a2fb29c57394c713a74bd13b08] autofs4: catatonic_mode vs. notify_daemon race [8753333266be67ff3a984ac1f6566d31c260bee4] Alan (1): usbip: Fix sscanf handling [2d32927127f44d755780aa5fa88c8c34e72558f8] Alan Stern (1): USB: usbfs: compute urb->actual_length for isochronous [2ef47001b3ee3ded579b7532ebdcf8680e4d8c54] Alex Chen (1): ocfs2: should wait dio before inode lock in ocfs2_setattr() [28f5a8a7c033cbf3e32277f4cc9c6afd74f05300] Alexander Potapenko (1): sctp: fully initialize the IPv6 address in sctp_v6_to_addr() [15339e441ec46fbc3bf3486bb1ae4845b0f1bb8d] Alexander Steffen (1): tpm-dev-common: Reject too short writes [ee70bc1e7b63ac8023c9ff9475d8741e397316e7] Alexandre Belloni (1): rtc: set the alarm to the next expiring timer [74717b28cb32e1ad3c1042cafd76b264c8c0f68d] Andreas Rohner (1): nilfs2: fix race condition that causes file system corruption [31ccb1f7ba3cfe29631587d451cf5bb8ab593550] Arnd Bergmann (2): Input: adxl34x - do not treat FIFO_MODE() as boolean [1dbc080c9ef6bcfba652ef0d6ae919b8c7c85a1d] isofs: fix timestamps beyond 2027 [34be4dbf87fc3e474a842305394534216d428f5d] Bart Van Assche (1): IB/srp: Avoid that a cable pull can trigger a kernel crash [8a0d18c62121d3c554a83eb96e2752861d84d937] Bart Westgeest (1): staging: usbip: removed #if 0'd out code [34c09578179f5838e5958c45e8aed4edc9c6c3b8] Bernhard Rosenkraenzer (1): USB: Add delay-init quirk for Corsair K70 LUX keyboards [a0fea6027f19c62727315aba1a7fae75a9caa842] Brent Taylor (1): mtd: nand: Fix writing mtdoops to nand flash. [30863e38ebeb500a31cecee8096fb5002677dd9b] Chuck Lever (1): nfs: Fix ugly referral attributes [c05cefcc72416a37eba5a2b35f0704ed758a9145] Colin Ian King (1): rtc: interface: ignore expired timers when enqueuing new timers [2b2f5ff00f63847d95adad6289bd8b05f5983dd5] Dan Carpenter (2): eCryptfs: use after free in ecryptfs_release_messaging() [db86be3a12d0b6e5c5b51c2ab2a48f06329cb590] scsi: bfa: integer overflow in debugfs [3e351275655d3c84dc28abf170def9786db5176d] Eric Biggers (1): dm bufio: fix integer overflow when limiting maximum cache size [74d4108d9e681dbbe4a2940ed8fdff1f6868184c] Eric Dumazet (1): netfilter: xt_TCPMSS: add more sanity tests on tcph->doff [2638fd0f92d4397884fd991d8f4925cb3f081901] Eric W. Biederman (1): net/sctp: Always set scope_id in sctp_inet6_skb_msgname [7c8a61d9ee1df0fb4747879fa67a99614eb62fec] Felipe Balbi (1): usb: add helper to extract bits 12:11 of wMaxPacketSize [541b6fe63023f3059cf85d47ff2767a3e42a8e44] Gabriele Paoloni (1): PCI/AER: Report non-fatal errors only to the affected endpoint [86acc790717fb60fb51ea3095084e331d8711c74] Guenter Roeck (1): kaiser: Set _PAGE_NX only if supported [61e9b3671007a5da8127955a1a3bda7e0d5f42e8] Guillaume Nault (5): l2tp: don't register sessions in l2tp_session_create() [3953ae7b218df4d1e544b98a393666f9ae58a78c] l2tp: ensure sessions are freed after their PPPOL2TP socket [cdd10c9627496ad25c87ce6394e29752253c69d3] l2tp: initialise PPP sessions before registering them [f98be6c6359e7e4a61aaefb9964c1db31cb9ec0c] l2tp: initialise l2tp_eth sessions before registering them [ee28de6bbd78c2e18111a0aef43ea746f28d2073] l2tp: protect sock pointer of struct pppol2tp_session with RCU [ee40fb2e1eb5bc0ddd3f2f83c6e39a454ef5a741] Hou Tao (1): dm: fix race between dm_get_from_kobject() and __dm_destroy() [b9a41d21dceadf8104812626ef85dc56ee8a60ed] Jan Harkes (1): coda: fix 'kernel memory exposure attempt' in fsync [d337b66a4c52c7b04eec661d86c2ef6e168965a2] Jason Gunthorpe (1): sctp: Fixup v4mapped behaviour to comply with Sock API [299ee123e19889d511092347f5fc14db0f10e3a6] Jens Axboe (1): blktrace: fix unlocked access to init/start-stop/teardown [1f2cac107c591c24b60b115d6050adc213d10fc0] Johan Hovold (2): USB: serial: garmin_gps: fix I/O after failed probe and remove [19a565d9af6e0d828bd0d521d3bafd5017f4ce52] USB: serial: garmin_gps: fix memory leak on probe errors [74d471b598444b7f2d964930f7234779c80960a0] Ladi Prosek (1): KVM: nVMX: set IDTR and GDTR limits when loading L1 host state [21f2d551183847bc7fbe8d866151d00cdad18752] Ladislav Michl (1): video: udlfb: Fix read EDID timeout [c98769475575c8a585f5b3952f4b5f90266f699b] Lepton Wu (1): kaiser: Set _PAGE_NX only if supported [not upstream; specific to KAISER backport] Mark Bloch (1): IB/mlx4: Increase maximal message size under UD QP [5f22a1d87c5315a98981ecf93cd8de226cffe6ca] Markus Elfring (1): media: omap_vout: Fix a possible null pointer dereference in omap_vout_open() [bfba2b3e21b9426c0f9aca00f3cad8631b2da170] Masami Hiramatsu (1): x86/decoder: Add new TEST instruction pattern [12a78d43de767eaf8fb272facb7a7b6f2dc6a9df] Mauro Carvalho Chehab (1): [media] cx231xx: Fix the max number of interfaces [139d28826b8e2bc7a9232fde0d2f14812914f501] Michele Baldessari (1): media: Don't do DMA on stack for firmware upload in the AS102 driver [b3120d2cc447ee77b9d69bf4ad7b452c9adb4d39] Mike Snitzer (1): dm: discard support requires all targets in a table support discards [8a74d29d541cd86569139c6f3f44b2d210458071] Mohamed Ghannam (2): RDS: Heap OOB write in rds_message_alloc_sgs() [c095508770aebf1b9218e77026e48345d719b17c] RDS: null pointer dereference in rds_atomic_free_op [7d11f77f84b27cef452cee332f4e469503084737] Nadav Amit (1): KVM: vmx: Inject #GP on invalid PAT CR [4566654bb9be9e8864df417bb72ceee5136b6a6a] NeilBrown (2): autofs: don't fail mount for transient error [ecc0c469f27765ed1e2b967be0aa17cee1a60b76] autofs: fix careless error in recent commit [302ec300ef8a545a7fc7f667e5fd743b091c2eeb] Pablo Neira Ayuso (3): netfilter: xt_TCPMSS: fix handling of malformed TCP header and options [71ffe9c77dd7a2b62207953091efa8dafec958dd] netfilter: xt_TCPOPTSTRIP: don't use tcp_hdr() [ed82c437320c48a4032492f4a55a7e2c934158b6] netfilter: xt_TCPOPTSTRIP: fix possible mangling beyond packet boundary [bc6bcb59dd7c184d229f9e86d08aa56059938a4c] Paolo Bonzini (1): KVM: SVM: obey guest PAT [15038e14724799b8c205beb5f20f9e54896013c3] Phil Oester (2): netfilter: xt_TCPMSS: Fix missing fragmentation handling [b396966c4688522863572927cb30aa874b3ec504] netfilter: xt_TCPMSS: correct return value in tcpmss_mangle_packet [1205e1fa615805c9efa97303b552cf445965752a] Rusty Russell (1): x86/smp: Don't ever patch back to UP if we unplug cpus [816afe4ff98ee10b1d30fd66361be132a0a5cee6] Sean Young (1): media: rc: check for integer overflow [3e45067f94bbd61dec0619b1c32744eb0de480c8] Shuah Khan (4): usbip: fix stub_rx: get_pipe() to validate endpoint number [635f545a7e8be7596b9b2b6a43cab6bbd5a88e43] usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input [c6688ef9f29762e65bce325ef4acd6c675806366] usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer [be6123df1ea8f01ee2f896a16c2b7be3e4557a5a] usbip: prevent vhci_hcd driver from leaking a socket pointer address [2f2d0088eb93db5c649d2a5e34a3800a8a935fc5] Stanislaw Gruszka (1): rt2x00usb: mark device removed when get ENOENT usb error [bfa62a52cad93686bb8d8171ea5288813248a7c6] Takashi Iwai (6): ALSA: seq: Make ioctls race-free [b3defb791b26ea0683a93a4f49c77ec45ec96f10] ALSA: timer: Remove kernel warning at compat ioctl error paths [3d4e8303f2c747c8540a0a0126d0151514f6468b] ALSA: usb-audio: Add sanity checks in v2 clock parsers [0a62d6c966956d77397c32836a5bbfe3af786fc1] ALSA: usb-audio: Add sanity checks to FE parser [d937cd6790a2bef2d07b500487646bd794c039bb] ALSA: usb-audio: Fix potential out-of-bound access at parsing SU [f658f17b5e0e339935dca23e77e0f3cad591926b] ALSA: usb-audio: Fix potential zero-division at parsing FU [8428a8ebde2db1e988e41a58497a28beb7ce1705] Tom Parkin (3): l2tp: add session reorder queue purge function to core [48f72f92b31431c40279b0fba6c5588e07e67d95] l2tp: purge session reorder queue on delete [4c6e2fd35460208596fa099ee0750a4b0438aa5c] l2tp: push all ppp pseudowire shutdown through .release handler [cf2f5c886a209377daefd5d2ba0bcd49c3887813] Tuomas Tynkkynen (2): fs/9p: Compare qid.path in v9fs_test_inode [8ee031631546cf2f7859cc69593bd60bbdd70b46] net/9p: Switch to wait_event_killable() [9523feac272ccad2ad8186ba4fcc89103754de52] Vasily Gorbik (1): s390/disassembler: increase show_code buffer size [b192571d1ae375e0bbe0aa3ccfa1a3c3704454b9] Vijendar Mukunda (1): ALSA: hda: Add Raven PCI ID [9ceace3c9c18c67676e75141032a65a8e01f9a7a] Waiman Long (1): blktrace: Fix potential deadlock between delete & sysfs ops [5acb3cc2c2e9d3020a4fee43763c6463767f1572] Younger Liu (1): ocfs2: fix issue that ocfs2_setattr() does not deal with new_i_size==i_size [d62e74be1270c89fbaf7aada8218bfdf62d00a58] Zhou Chengming (1): kprobes, x86/alternatives: Use text_mutex to protect smp_alt_modules [e846d13958066828a9483d862cc8370a72fadbb6] Documentation/kernel-parameters.txt | 3 - Makefile | 4 +- arch/s390/kernel/dis.c | 4 +- arch/x86/include/asm/alternative.h | 4 +- arch/x86/kernel/alternative.c | 129 +++------- arch/x86/kernel/smpboot.c | 20 +- arch/x86/kvm/svm.c | 7 + arch/x86/kvm/vmx.c | 4 + arch/x86/kvm/x86.c | 5 +- arch/x86/kvm/x86.h | 2 + arch/x86/lib/x86-opcode-map.txt | 2 +- arch/x86/mm/kaiser.c | 5 +- arch/x86/xen/smp.c | 6 +- block/blk-core.c | 3 + drivers/char/tpm/tpm.c | 6 + drivers/infiniband/hw/mlx4/qp.c | 2 +- drivers/infiniband/ulp/srp/ib_srp.c | 23 +- drivers/input/misc/adxl34x.c | 2 +- drivers/md/dm-bufio.c | 15 +- drivers/md/dm-table.c | 32 ++- drivers/md/dm.c | 12 +- drivers/media/rc/ir-lirc-codec.c | 9 +- drivers/media/video/cx231xx/cx231xx-cards.c | 3 +- drivers/media/video/omap/omap_vout.c | 3 +- drivers/mtd/nand/nand_base.c | 9 +- drivers/net/wireless/rt2x00/rt2x00usb.c | 6 +- drivers/pci/pcie/aer/aerdrv_core.c | 9 +- drivers/rtc/interface.c | 16 +- drivers/scsi/bfa/bfad_debugfs.c | 5 +- drivers/staging/media/as102/as102_fw.c | 28 ++- drivers/staging/usbip/stub_rx.c | 58 +++-- drivers/staging/usbip/stub_tx.c | 7 + drivers/staging/usbip/usbip_common.h | 1 + .../staging/usbip/userspace/libsrc/usbip_common.c | 2 +- .../staging/usbip/userspace/libsrc/vhci_driver.c | 8 +- drivers/staging/usbip/vhci_hcd.c | 39 --- drivers/staging/usbip/vhci_sysfs.c | 20 +- drivers/usb/core/devio.c | 14 ++ drivers/usb/core/quirks.c | 3 + drivers/usb/serial/garmin_gps.c | 22 +- drivers/video/udlfb.c | 10 +- fs/9p/vfs_inode.c | 3 + fs/9p/vfs_inode_dotl.c | 3 + fs/autofs4/waitq.c | 45 +++- fs/coda/upcall.c | 3 +- fs/ecryptfs/messaging.c | 8 +- fs/isofs/isofs.h | 2 +- fs/isofs/rock.h | 2 +- fs/isofs/util.c | 2 +- fs/nfs/nfs4proc.c | 18 +- fs/nilfs2/segment.c | 6 +- fs/ocfs2/alloc.c | 2 +- fs/ocfs2/file.c | 18 +- include/linux/blkdev.h | 1 + include/linux/usb/ch9.h | 19 ++ include/net/sctp/sctp.h | 2 + include/net/sctp/structs.h | 8 +- kernel/cpu.c | 11 - kernel/extable.c | 2 + kernel/trace/blktrace.c | 76 ++++-- net/9p/client.c | 3 +- net/9p/trans_virtio.c | 13 +- net/l2tp/l2tp_core.c | 42 ++-- net/l2tp/l2tp_core.h | 3 + net/l2tp/l2tp_eth.c | 96 +++++-- net/l2tp/l2tp_ppp.c | 276 ++++++++++++--------- net/netfilter/xt_TCPMSS.c | 43 ++-- net/netfilter/xt_TCPOPTSTRIP.c | 19 +- net/rds/rdma.c | 4 + net/sctp/ipv6.c | 160 ++++++------ net/sctp/protocol.c | 12 +- net/sctp/socket.c | 33 ++- net/sctp/transport.c | 4 +- net/sctp/ulpevent.c | 2 +- sound/core/seq/seq_clientmgr.c | 10 +- sound/core/seq/seq_clientmgr.h | 1 + sound/core/timer_compat.c | 12 +- sound/pci/hda/hda_intel.c | 3 + sound/usb/clock.c | 9 +- sound/usb/mixer.c | 19 +- 80 files changed, 916 insertions(+), 641 deletions(-) -- Ben Hutchings Sturgeon's Law: Ninety percent of everything is crap.

7 years, 8 months

4
82
0 0

[Linux-stable-mirror] [PATCH -mm -v3] mm, swap, frontswap: Fix THP swap if frontswap enabled

by Huang, Ying

From: Huang Ying <huang.ying.caritas(a)gmail.com> It was reported by Sergey Senozhatsky that if THP (Transparent Huge Page) and frontswap (via zswap) are both enabled, when memory goes low so that swap is triggered, segfault and memory corruption will occur in random user space applications as follow, kernel: urxvt[338]: segfault at 20 ip 00007fc08889ae0d sp 00007ffc73a7fc40 error 6 in libc-2.26.so[7fc08881a000+1ae000] #0 0x00007fc08889ae0d _int_malloc (libc.so.6) #1 0x00007fc08889c2f3 malloc (libc.so.6) #2 0x0000560e6004bff7 _Z14rxvt_wcstoutf8PKwi (urxvt) #3 0x0000560e6005e75c n/a (urxvt) #4 0x0000560e6007d9f1 _ZN16rxvt_perl_interp6invokeEP9rxvt_term9hook_typez (urxvt) #5 0x0000560e6003d988 _ZN9rxvt_term9cmd_parseEv (urxvt) #6 0x0000560e60042804 _ZN9rxvt_term6pty_cbERN2ev2ioEi (urxvt) #7 0x0000560e6005c10f _Z17ev_invoke_pendingv (urxvt) #8 0x0000560e6005cb55 ev_run (urxvt) #9 0x0000560e6003b9b9 main (urxvt) #10 0x00007fc08883af4a __libc_start_main (libc.so.6) #11 0x0000560e6003f9da _start (urxvt) After bisection, it was found the first bad commit is bd4c82c22c367e068 ("mm, THP, swap: delay splitting THP after swapped out"). The root cause is as follow. When the pages are written to swap device during swapping out in swap_writepage(), zswap (fontswap) is tried to compress the pages instead to improve the performance. But zswap (frontswap) will treat THP as normal page, so only the head page is saved. After swapping in, tail pages will not be restored to its original contents, so cause the memory corruption in the applications. This is fixed via rejecting to save page in frontswap store functions if the page is a THP. So that the THP will be swapped out to swap device. Another choice is to split THP if frontswap is enabled. But it is found that the frontswap enabling isn't flexible. For example, if CONFIG_ZSWAP=y (cannot be module), frontswap will be enabled even if zswap itself isn't enabled. Frontswap has multiple backends, to make it easy for one backend to enable THP support, the THP checking is put in backend frontswap store functions instead of the general interfaces. Fixes: bd4c82c22c367e068 ("mm, THP, swap: delay splitting THP after swapped out") Reported-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Tested-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Suggested-by: Minchan Kim <minchan(a)kernel.org> # put THP checking in backend Signed-off-by: "Huang, Ying" <ying.huang(a)intel.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> Cc: Dan Streetman <ddstreet(a)ieee.org> Cc: Seth Jennings <sjenning(a)redhat.com> Cc: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Cc: Shaohua Li <shli(a)kernel.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Shakeel Butt <shakeelb(a)google.com> Cc: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: Juergen Gross <jgross(a)suse.com> Cc: stable(a)vger.kernel.org # 4.14 Changelog: v3: - Fix via checking THP in frontswap backend as suggested by Minchan. v2: - Move frontswap check into swapfile.c to avoid to make vmscan.c depends on frontswap as suggested by Minchan. --- drivers/xen/tmem.c | 4 ++++ mm/zswap.c | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/drivers/xen/tmem.c b/drivers/xen/tmem.c index bf13d1ec51f3..04e7b3b29bac 100644 --- a/drivers/xen/tmem.c +++ b/drivers/xen/tmem.c @@ -284,6 +284,10 @@ static int tmem_frontswap_store(unsigned type, pgoff_t offset, int pool = tmem_frontswap_poolid; int ret; + /* THP isn't supported */ + if (PageTransHuge(page)) + return -1; + if (pool < 0) return -1; if (ind64 != ind) diff --git a/mm/zswap.c b/mm/zswap.c index c004aa4fd3f4..61a5c41972db 100644 --- a/mm/zswap.c +++ b/mm/zswap.c @@ -1007,6 +1007,12 @@ static int zswap_frontswap_store(unsigned type, pgoff_t offset, u8 *src, *dst; struct zswap_header zhdr = { .swpentry = swp_entry(type, offset) }; + /* THP isn't supported */ + if (PageTransHuge(page)) { + ret = -EINVAL; + goto reject; + } + if (!zswap_enabled || !tree) { ret = -ENODEV; goto reject; -- 2.15.1

7 years, 8 months

3
2
0 0

[Linux-stable-mirror] [PATCH v2] extcon: int3496: process id-pin first so that we start with the right status

by Hans de Goede

Some other drivers may be waiting for our extcon to show-up (exiting their probe methods with -EPROBE_DEFER until we show up). These drivers will typically get the cable state directly after getting the extcon, this commit changes the int3496 code to process the id-pin before registering the extcon, so that other drivers see the correct state right away. Fixes: 2f556bdb9f2e ("extcon: int3496: Add Intel INT3496 ACPI ... driver") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/extcon/extcon-intel-int3496.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/extcon/extcon-intel-int3496.c b/drivers/extcon/extcon-intel-int3496.c index c8691b5a9cb0..b23ee9d993a3 100644 --- a/drivers/extcon/extcon-intel-int3496.c +++ b/drivers/extcon/extcon-intel-int3496.c @@ -131,6 +131,10 @@ static int int3496_probe(struct platform_device *pdev) if (IS_ERR(data->gpio_usb_mux)) dev_info(dev, "can't request USB MUX GPIO\n"); + /* process id-pin first so that we start with the right status */ + queue_delayed_work(system_wq, &data->work, 0); + flush_delayed_work(&data->work); + /* register extcon device */ data->edev = devm_extcon_dev_allocate(dev, int3496_cable); if (IS_ERR(data->edev)) @@ -153,9 +157,6 @@ static int int3496_probe(struct platform_device *pdev) return ret; } - /* queue initial processing of id-pin */ - queue_delayed_work(system_wq, &data->work, 0); - platform_set_drvdata(pdev, data); return 0; -- 2.14.3

7 years, 8 months

2
2
0 0

[Linux-stable-mirror] [PATCH 3.16 000/136] 3.16.54-rc1 review

by Ben Hutchings

This is the start of the stable review cycle for the 3.16.54 release. There are 136 patches in this series, which will be posted as responses to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Feb 13 12:00:00 UTC 2018. Anything received after that time might be too late. All the patches have also been committed to the linux-3.16.y-rc branch of https://git.kernel.org/pub/scm/linux/kernel/git/bwh/linux-stable-rc.git . A shortlog and diffstat can be found below. Ben. ------------- Alan Stern (1): USB: usbfs: compute urb->actual_length for isochronous [2ef47001b3ee3ded579b7532ebdcf8680e4d8c54] Alex Chen (1): ocfs2: should wait dio before inode lock in ocfs2_setattr() [28f5a8a7c033cbf3e32277f4cc9c6afd74f05300] Alexander Popov (1): usbip: fix NULL pointer dereference on errors [8c7003a3b4b4afd3734cdcc39217ef22d78a4a16] Alexander Potapenko (1): sctp: fully initialize the IPv6 address in sctp_v6_to_addr() [15339e441ec46fbc3bf3486bb1ae4845b0f1bb8d] Alexander Steffen (1): tpm-dev-common: Reject too short writes [ee70bc1e7b63ac8023c9ff9475d8741e397316e7] Alexandre Belloni (1): rtc: set the alarm to the next expiring timer [74717b28cb32e1ad3c1042cafd76b264c8c0f68d] Andreas Rohner (1): nilfs2: fix race condition that causes file system corruption [31ccb1f7ba3cfe29631587d451cf5bb8ab593550] Andrew F. Davis (1): ASoC: cs42l56: Fix reset GPIO name in example DT binding [8adc430603d67e76a0f8491df21654f691acda62] Andrey Konovalov (1): p54: don't unregister leds when they are not initialized [fc09785de0a364427a5df63d703bae9a306ed116] Andy Lutomirski (4): x86, vdso, pvclock: Simplify and speed up the vdso pvclock reader [6b078f5de7fc0851af4102493c7b5bb07e49c4cb] x86, vdso: Move the vvar area before the vdso text [e6577a7ce99a506b587bcd1d2cd803cb45119557] x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap [dac16fba6fc590fa7239676b35ed75dae4c4cd2b] x86/vdso: Remove pvclock fixmap machinery [cc1e24fdb064d3126a494716f22ad4fc39306742] Anna Schumaker (1): NFS: Avoid RCU usage in tracepoints [3944369db701f075092357b511fd9f5755771585] Arnd Bergmann (4): Input: adxl34x - do not treat FIFO_MODE() as boolean [1dbc080c9ef6bcfba652ef0d6ae919b8c7c85a1d] drm: gma500: fix logic error [67a3b63a54cbe18944191f43d644686731cf30c7] elf_fdpic: fix unused variable warning [11e3e8d6d9274bf630859b4c47bc4e4d76f289db] isofs: fix timestamps beyond 2027 [34be4dbf87fc3e474a842305394534216d428f5d] Bart Van Assche (3): IB/srp: Avoid that a cable pull can trigger a kernel crash [8a0d18c62121d3c554a83eb96e2752861d84d937] IB/srpt: Do not accept invalid initiator port names [c70ca38960399a63d5c048b7b700612ea321d17e] target/iscsi: Fix iSCSI task reassignment handling [59b6986dbfcdab96a971f9663221849de79a7556] Ben Hutchings (1): usbip: tools: Install all headers needed for libusbip development [c15562c0dcb2c7f26e891923b784cf1926b8c833] Ben Seri (1): Bluetooth: Prevent stack info leak from the EFS element. [06e7e776ca4d36547e503279aeff996cbb292c16] Bernhard Rosenkraenzer (1): USB: Add delay-init quirk for Corsair K70 LUX keyboards [a0fea6027f19c62727315aba1a7fae75a9caa842] Boshi Wang (1): ima: fix hash algorithm initialization [ebe7c0a7be92bbd34c6ff5b55810546a0ee05bee] Brent Taylor (1): mtd: nand: Fix writing mtdoops to nand flash. [30863e38ebeb500a31cecee8096fb5002677dd9b] Brian King (6): i40e: Use smp_rmb rather than read_barrier_depends [52c6912fde0133981ee50ba08808f257829c4c93] i40evf: Use smp_rmb rather than read_barrier_depends [f72271e2a0ae4277d53c4053f5eed8bb346ba38a] igb: Use smp_rmb rather than read_barrier_depends [c4cb99185b4cc96c0a1c70104dc21ae14d7e7f28] igbvf: Use smp_rmb rather than read_barrier_depends [1e1f9ca546556e508d021545861f6b5fc75a95fe] ixgbe: Fix skb list corruption on Power systems [0a9a17e3bb4564caf4bfe2a6783ae1287667d188] ixgbevf: Use smp_rmb rather than read_barrier_depends [ae0c585d93dfaf923d2c7eb44b2c3ab92854ea9b] Christian König (1): drm/ttm: once more fix ttm_buffer_object_transfer [4d98e5ee6084f6d7bc578c5d5f86de7156aaa4cb] Chuck Lever (1): nfs: Fix ugly referral attributes [c05cefcc72416a37eba5a2b35f0704ed758a9145] Colin Ian King (3): btrfs: avoid null pointer dereference on fs_info when calling btrfs_crit [3993b112dac968612b0b213ed59cb30f50b0015b] rtc: interface: ignore expired timers when enqueuing new timers [2b2f5ff00f63847d95adad6289bd8b05f5983dd5] staging: rtl8188eu: avoid a null dereference on pmlmepriv [123c0aab0050cd0e07ce18e453389fbbb0a5a425] Coly Li (2): bcache: check ca->alloc_thread initialized before wake up it [91af8300d9c1d7c6b6a2fd754109e08d4798b8d8] bcache: only permit to recovery read error when cache device is clean [d59b23795933678c9638fd20c942d2b4f3cd6185] Corey Minyard (1): ipmi: fix unsigned long underflow [392a17b10ec4320d3c0e96e2a23ebaad1123b989] Dan Carpenter (2): eCryptfs: use after free in ecryptfs_release_messaging() [db86be3a12d0b6e5c5b51c2ab2a48f06329cb590] scsi: bfa: integer overflow in debugfs [3e351275655d3c84dc28abf170def9786db5176d] Dongho Sim (1): f2fs: remove redundant lines in allocate_data_block [33be828ada7274ebcade2001f16e5b4e33a4636e] Doug Berger (1): net: bcmgenet: enable loopback during UniMAC sw_reset [28c2d1a7a0bfdf3617800d2beae1c67983c03d15] Douglas Fischer (1): USB: serial: qcserial: add pid/vid for Sierra Wireless EM7355 fw update [771394a54148f18926ca86414e51c69eda27d0cd] Eric Biggers (1): dm bufio: fix integer overflow when limiting maximum cache size [74d4108d9e681dbbe4a2940ed8fdff1f6868184c] Eric Dumazet (1): netfilter: xt_TCPMSS: add more sanity tests on tcph->doff [2638fd0f92d4397884fd991d8f4925cb3f081901] Eric W. Biederman (1): net/sctp: Always set scope_id in sctp_inet6_skb_msgname [7c8a61d9ee1df0fb4747879fa67a99614eb62fec] Gabriele Paoloni (1): PCI/AER: Report non-fatal errors only to the affected endpoint [86acc790717fb60fb51ea3095084e331d8711c74] Guenter Roeck (1): kaiser: Set _PAGE_NX only if supported [61e9b3671007a5da8127955a1a3bda7e0d5f42e8] Guillaume Nault (5): l2tp: don't register sessions in l2tp_session_create() [3953ae7b218df4d1e544b98a393666f9ae58a78c] l2tp: ensure sessions are freed after their PPPOL2TP socket [cdd10c9627496ad25c87ce6394e29752253c69d3] l2tp: initialise PPP sessions before registering them [f98be6c6359e7e4a61aaefb9964c1db31cb9ec0c] l2tp: initialise l2tp_eth sessions before registering them [ee28de6bbd78c2e18111a0aef43ea746f28d2073] l2tp: protect sock pointer of struct pppol2tp_session with RCU [ee40fb2e1eb5bc0ddd3f2f83c6e39a454ef5a741] Heiko Carstens (2): s390/runtime instrumention: fix possible memory corruption [d6e646ad7cfa7034d280459b2b2546288f247144] s390: fix transactional execution control register handling [a1c5befc1c24eb9c1ee83f711e0f21ee79cbb556] Hou Tao (1): dm: fix race between dm_get_from_kobject() and __dm_destroy() [b9a41d21dceadf8104812626ef85dc56ee8a60ed] Ingo Molnar (1): x86/platform/uv: Include clocksource.h for clocksource_touch_watchdog() [d51953b0873358d13b189996e6976dfa12a9b59d] Jaegeuk Kim (1): f2fs: expose some sectors to user in inline data or dentry case [5b4267d195dd887c4412e34b5a7365baa741b679] James Morse (2): ACPI / APEI: Remove ghes_ioremap_area [520e18a5080d2c444a03280d99c8a35cb667d321] ACPI / APEI: Replace ioremap_page_range() with fixmap [4f89fa286f6729312e227e7c2d764e8e7b9d340e] Jan Harkes (1): coda: fix 'kernel memory exposure attempt' in fsync [d337b66a4c52c7b04eec661d86c2ef6e168965a2] Jani Nikula (1): drm/i915/bios: parse DDI ports also for CHV for HDMI DDC pin and DP AUX channel [348e4058ebf53904e817eec7a1b25327143c2ed2] Jason Gunthorpe (1): sctp: Fixup v4mapped behaviour to comply with Sock API [299ee123e19889d511092347f5fc14db0f10e3a6] Jens Axboe (1): blktrace: fix unlocked access to init/start-stop/teardown [1f2cac107c591c24b60b115d6050adc213d10fc0] Joerg Roedel (1): iommu/vt-d: Don't register bus-notifier under dmar_global_lock [ec154bf56b276a0bb36079a5d22a267b5f417801] Johan Hovold (5): NFC: fix device-allocation error return [c45e3e4c5b134b081e8af362109905427967eb19] USB: serial: garmin_gps: fix I/O after failed probe and remove [19a565d9af6e0d828bd0d521d3bafd5017f4ce52] USB: serial: garmin_gps: fix memory leak on probe errors [74d471b598444b7f2d964930f7234779c80960a0] USB: serial: metro-usb: stop I/O after failed open [2339536d229df25c71c0900fc619289229bfecf6] clk: ti: dra7-atl-clock: fix child-node lookups [33ec6dbc5a02677509d97fe36cd2105753f0f0ea] Johannes Berg (1): nl80211: don't expose wdev->ssid for most interfaces [44905265bc155e0237c76c25bf5ddf740d85a8f2] John David Anglin (1): parisc: Fix validity check of pointer size argument in new CAS implementation [05f016d2ca7a4fab99d5d5472168506ddf95e74f] John Johansen (1): apparmor: ensure that undecidable profile attachments fail [844b8292b6311ecd30ae63db1471edb26e01d895] Joshua Watt (1): NFS: Fix typo in nomigration mount option [f02fee227e5f21981152850744a6084ff3fa94ee] Juerg Haefliger (1): Revert "x86: kvmclock: Disable use from vDSO if KPTI is enabled" [not upstream; reverts 3.16-specific change] Ladi Prosek (1): KVM: nVMX: set IDTR and GDTR limits when loading L1 host state [21f2d551183847bc7fbe8d866151d00cdad18752] Ladislav Michl (1): video: udlfb: Fix read EDID timeout [c98769475575c8a585f5b3952f4b5f90266f699b] Lepton Wu (1): kaiser: Set _PAGE_NX only if supported [not upstream; specific to KAISER backport] Maciej W. Rozycki (1): MIPS: Fix an n32 core file generation regset support regression [547da673173de51f73887377eb275304775064ad] Majd Dibbiny (1): IB/mlx5: Assign send CQ and recv CQ of UMR QP [31fde034a8bd964a5c7c1a5663fc87a913158db2] Manasi Navare (1): drm/i915/edp: Get the Panel Power Off timestamp after panel is off [cbacf02e7796fea02e5c6e46c90ed7cbe9e6f2c0] Mark Bloch (1): IB/mlx4: Increase maximal message size under UD QP [5f22a1d87c5315a98981ecf93cd8de226cffe6ca] Mark Rutland (1): arm64: vdso: fix clock_getres for 4GiB-aligned res [c80ed088a519da53f27b798a69748eaabc66aadf] Markus Elfring (2): media: omap_vout: Fix a possible null pointer dereference in omap_vout_open() [bfba2b3e21b9426c0f9aca00f3cad8631b2da170] platform/x86: sony-laptop: Fix error handling in sony_nc_setup_rfkill() [f6c8a317ab208aee223776327c06f23342492d54] Masami Hiramatsu (1): x86/decoder: Add new TEST instruction pattern [12a78d43de767eaf8fb272facb7a7b6f2dc6a9df] Mauro Carvalho Chehab (1): [media] cx231xx: Fix the max number of interfaces [139d28826b8e2bc7a9232fde0d2f14812914f501] Michał Mirosław (1): clk: tegra: Fix cclk_lp divisor register [54eff2264d3e9fd7e3987de1d7eba1d3581c631e] Mike Snitzer (1): dm: discard support requires all targets in a table support discards [8a74d29d541cd86569139c6f3f44b2d210458071] Mohamed Ghannam (2): RDS: Heap OOB write in rds_message_alloc_sgs() [c095508770aebf1b9218e77026e48345d719b17c] RDS: null pointer dereference in rds_atomic_free_op [7d11f77f84b27cef452cee332f4e469503084737] Nadav Amit (2): KVM: vmx: Inject #GP on invalid PAT CR [4566654bb9be9e8864df417bb72ceee5136b6a6a] staging: lustre: ptlrpc: kfree used instead of kvfree [c3eec59659cf25916647d2178c541302bb4822ad] Nathan Lynch (1): arm64: vdso: minor ABI fix for clock_getres [e1b6b6ce55a0a25c8aa8af019095253b2133a41a] NeilBrown (2): autofs: don't fail mount for transient error [ecc0c469f27765ed1e2b967be0aa17cee1a60b76] autofs: fix careless error in recent commit [302ec300ef8a545a7fc7f667e5fd743b091c2eeb] Nicholas Bellinger (3): iscsi-target: Fix non-immediate TMR reference leak [3fc9fb13a4b2576aeab86c62fd64eb29ab68659c] iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref [ae072726f6109bb1c94841d6fb3a82dde298ea85] target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK [1c21a48055a67ceb693e9c2587824a8de60a217c] Paolo Bonzini (2): KVM: SVM: obey guest PAT [15038e14724799b8c205beb5f20f9e54896013c3] x86: pvclock: Really remove the sched notifier for cross-cpu migrations [73459e2a1ada09a68c02cc5b73f3116fc8194b3d] Peter Ujfalusi (1): clk: ti: dra7-atl-clock: Fix of_node reference counting [660e1551939931657808d47838a3f443c0e83fd0] Peter Zijlstra (1): lib/int_sqrt: optimize small argument [3f3295709edea6268ff1609855f498035286af73] Philip Derrin (1): ARM: 8721/1: mm: dump: check hardware RO bit for LPAE [3b0c0c922ff4be275a8beb87ce5657d16f355b54] Radu Alexe (1): crypto: caam - fix incorrect define [cc2f8ab5334a736fa0e775cfccf06c1e268667f0] Roger Quadros (1): mtd: nand: omap2: Fix subpage write [739c64414f01748a36e7d82c8e0611dea94412bd] Roman Kapl (1): drm/radeon: fix atombios on big endian [4f626a4ac8f57ddabf06d03870adab91e463217f] Sean Young (1): media: rc: check for integer overflow [3e45067f94bbd61dec0619b1c32744eb0de480c8] Shriya (1): powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo [cd77b5ce208c153260ed7882d8910f2395bfaabd] Shuah Khan (4): usbip: fix stub_rx: get_pipe() to validate endpoint number [635f545a7e8be7596b9b2b6a43cab6bbd5a88e43] usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input [c6688ef9f29762e65bce325ef4acd6c675806366] usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer [be6123df1ea8f01ee2f896a16c2b7be3e4557a5a] usbip: prevent vhci_hcd driver from leaking a socket pointer address [2f2d0088eb93db5c649d2a5e34a3800a8a935fc5] Stanislaw Gruszka (1): rt2x00usb: mark device removed when get ENOENT usb error [bfa62a52cad93686bb8d8171ea5288813248a7c6] Takashi Iwai (6): ALSA: seq: Make ioctls race-free [b3defb791b26ea0683a93a4f49c77ec45ec96f10] ALSA: timer: Remove kernel warning at compat ioctl error paths [3d4e8303f2c747c8540a0a0126d0151514f6468b] ALSA: usb-audio: Add sanity checks in v2 clock parsers [0a62d6c966956d77397c32836a5bbfe3af786fc1] ALSA: usb-audio: Add sanity checks to FE parser [d937cd6790a2bef2d07b500487646bd794c039bb] ALSA: usb-audio: Fix potential out-of-bound access at parsing SU [f658f17b5e0e339935dca23e77e0f3cad591926b] ALSA: usb-audio: Fix potential zero-division at parsing FU [8428a8ebde2db1e988e41a58497a28beb7ce1705] Theodore Ts'o (1): ext4: fix interaction between i_size, fallocate, and delalloc after a crash [51e3ae81ec58e95f10a98ef3dd6d7bce5d8e35a2] Tuomas Tynkkynen (2): fs/9p: Compare qid.path in v9fs_test_inode [8ee031631546cf2f7859cc69593bd60bbdd70b46] net/9p: Switch to wait_event_killable() [9523feac272ccad2ad8186ba4fcc89103754de52] Tyrel Datwyler (1): powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister [b8f89fea599d91e674497aad572613eb63181f31] Vasily Gorbik (1): s390/disassembler: increase show_code buffer size [b192571d1ae375e0bbe0aa3ccfa1a3c3704454b9] Vijendar Mukunda (1): ALSA: hda: Add Raven PCI ID [9ceace3c9c18c67676e75141032a65a8e01f9a7a] Viktor Slavkovic (1): staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl [443064cb0b1fb4569fe0a71209da7625129fb760] Ville Syrjälä (1): drm/i915: Read timings from the correct transcoder in intel_crtc_mode_get() [e30a154b5262b967b133b06ac40777e651045898] Waiman Long (1): blktrace: Fix potential deadlock between delete & sysfs ops [5acb3cc2c2e9d3020a4fee43763c6463767f1572] William A. Kennington III (1): powerpc/opal: Fix EBUSY bug in acquiring tokens [71e24d7731a2903b1ae2bba2b2971c654d9c2aa6] Xin Long (2): route: also update fnhe_genid when updating a route cache [cebe84c6190d741045a322f5343f717139993c08] route: update fnhe_expires for redirect when the fnhe exists [e39d5246111399dbc6e11cd39fd8580191b86c47] Yunlong Song (1): Revert "f2fs: handle dirty segments inside refresh_sit_entry" [65f1b80b33378501ea552ef085e9c31739af356c] Zhou Chengming (1): kprobes, x86/alternatives: Use text_mutex to protect smp_alt_modules [e846d13958066828a9483d862cc8370a72fadbb6] .../devicetree/bindings/sound/cs42l56.txt | 2 +- Makefile | 4 +- arch/arm/mm/dump.c | 4 +- arch/arm64/kernel/vdso/gettimeofday.S | 3 +- arch/mips/kernel/ptrace.c | 17 ++ arch/parisc/kernel/syscall.S | 6 +- arch/powerpc/kernel/vio.c | 2 + arch/powerpc/platforms/powernv/opal-async.c | 6 +- arch/powerpc/platforms/powernv/setup.c | 2 +- arch/s390/include/asm/switch_to.h | 2 +- arch/s390/kernel/dis.c | 4 +- arch/s390/kernel/early.c | 4 +- arch/s390/kernel/process.c | 1 + arch/s390/kernel/runtime_instr.c | 4 +- arch/x86/include/asm/fixmap.h | 11 +- arch/x86/include/asm/pvclock.h | 15 +- arch/x86/include/asm/vdso.h | 19 +- arch/x86/kernel/alternative.c | 26 +- arch/x86/kernel/kvmclock.c | 16 +- arch/x86/kernel/pvclock.c | 68 ----- arch/x86/kvm/svm.c | 7 + arch/x86/kvm/vmx.c | 4 + arch/x86/kvm/x86.c | 5 +- arch/x86/kvm/x86.h | 2 + arch/x86/lib/x86-opcode-map.txt | 2 +- arch/x86/mm/kaiser.c | 7 +- arch/x86/platform/uv/uv_nmi.c | 1 + arch/x86/vdso/vclock_gettime.c | 103 ++++--- arch/x86/vdso/vdso-layout.lds.S | 45 ++- arch/x86/vdso/vdso2c.c | 15 +- arch/x86/vdso/vdso2c.h | 25 +- arch/x86/vdso/vma.c | 34 ++- block/blk-core.c | 3 + drivers/acpi/apei/ghes.c | 85 +----- drivers/char/ipmi/ipmi_msghandler.c | 10 +- drivers/char/tpm/tpm-dev.c | 6 + drivers/clk/tegra/clk-tegra30.c | 2 +- drivers/clk/ti/clk-dra7-atl.c | 3 +- drivers/crypto/caam/desc.h | 2 +- drivers/gpu/drm/gma500/mdfld_intel_display.c | 2 +- drivers/gpu/drm/i915/intel_bios.c | 2 +- drivers/gpu/drm/i915/intel_display.c | 14 +- drivers/gpu/drm/i915/intel_dp.c | 2 +- drivers/gpu/drm/radeon/atombios_dp.c | 38 ++- drivers/gpu/drm/ttm/ttm_bo_util.c | 1 + drivers/infiniband/hw/mlx4/qp.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 2 + drivers/infiniband/ulp/srp/ib_srp.c | 23 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 9 +- drivers/input/misc/adxl34x.c | 2 +- drivers/iommu/dmar.c | 7 +- drivers/iommu/intel-iommu.c | 10 + drivers/md/bcache/alloc.c | 3 +- drivers/md/bcache/request.c | 10 +- drivers/md/dm-bufio.c | 15 +- drivers/md/dm-table.c | 32 +- drivers/md/dm.c | 12 +- drivers/media/platform/omap/omap_vout.c | 3 +- drivers/media/rc/ir-lirc-codec.c | 9 +- drivers/media/usb/cx231xx/cx231xx-cards.c | 3 +- drivers/mtd/nand/nand_base.c | 9 +- drivers/mtd/nand/omap2.c | 340 ++++++++++++++------- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 56 +--- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 2 +- drivers/net/ethernet/intel/i40evf/i40e_txrx.c | 2 +- drivers/net/ethernet/intel/igb/igb_main.c | 2 +- drivers/net/ethernet/intel/igbvf/netdev.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 2 +- drivers/net/wireless/p54/main.c | 7 +- drivers/net/wireless/rt2x00/rt2x00usb.c | 6 +- drivers/pci/pcie/aer/aerdrv_core.c | 9 +- drivers/platform/x86/sony-laptop.c | 14 +- drivers/rtc/interface.c | 16 +- drivers/scsi/bfa/bfad_debugfs.c | 5 +- drivers/staging/android/ashmem.c | 2 + drivers/staging/lustre/lustre/ptlrpc/sec.c | 2 +- drivers/staging/rtl8188eu/core/rtw_mlme.c | 3 +- drivers/staging/usbip/stub.h | 1 - drivers/staging/usbip/stub_dev.c | 4 +- drivers/staging/usbip/stub_rx.c | 66 ++-- drivers/staging/usbip/stub_tx.c | 13 +- drivers/staging/usbip/usbip_common.h | 1 + drivers/staging/usbip/userspace/Makefile.am | 3 +- .../staging/usbip/userspace/libsrc/vhci_driver.c | 8 +- drivers/staging/usbip/vhci_sysfs.c | 20 +- drivers/target/iscsi/iscsi_target.c | 49 ++- drivers/target/target_core_tmr.c | 10 + drivers/target/target_core_transport.c | 2 + drivers/usb/core/devio.c | 14 + drivers/usb/core/quirks.c | 3 + drivers/usb/serial/garmin_gps.c | 22 +- drivers/usb/serial/metro-usb.c | 11 +- drivers/usb/serial/qcserial.c | 1 + drivers/video/fbdev/udlfb.c | 10 +- fs/9p/vfs_inode.c | 3 + fs/9p/vfs_inode_dotl.c | 3 + fs/autofs4/waitq.c | 16 +- fs/binfmt_elf_fdpic.c | 2 + fs/btrfs/super.c | 4 +- fs/coda/upcall.c | 3 +- fs/ecryptfs/messaging.c | 7 +- fs/ext4/extents.c | 6 +- fs/f2fs/file.c | 5 + fs/f2fs/segment.c | 20 +- fs/isofs/isofs.h | 2 +- fs/isofs/rock.h | 2 +- fs/isofs/util.c | 2 +- fs/nfs/nfs4proc.c | 18 +- fs/nfs/nfs4trace.h | 8 +- fs/nfs/super.c | 2 +- fs/nilfs2/segment.c | 6 +- fs/ocfs2/file.c | 9 +- include/linux/blkdev.h | 1 + include/linux/dmar.h | 1 + include/linux/sched.h | 8 - include/net/sctp/sctp.h | 2 + include/net/sctp/structs.h | 8 +- include/target/target_core_base.h | 2 + kernel/extable.c | 2 + kernel/sched/core.c | 15 - kernel/trace/blktrace.c | 76 ++++- lib/int_sqrt.c | 3 + net/9p/client.c | 3 +- net/9p/trans_virtio.c | 13 +- net/bluetooth/l2cap_core.c | 20 +- net/ipv4/route.c | 14 +- net/l2tp/l2tp_core.c | 21 +- net/l2tp/l2tp_core.h | 3 + net/l2tp/l2tp_eth.c | 101 ++++-- net/l2tp/l2tp_ppp.c | 236 ++++++++------ net/netfilter/xt_TCPMSS.c | 6 +- net/nfc/core.c | 2 +- net/rds/rdma.c | 4 + net/sctp/ipv6.c | 160 +++++----- net/sctp/protocol.c | 12 +- net/sctp/socket.c | 33 +- net/sctp/transport.c | 4 +- net/sctp/ulpevent.c | 2 +- net/wireless/nl80211.c | 26 +- security/apparmor/domain.c | 53 +++- security/integrity/ima/ima_main.c | 4 + sound/core/seq/seq_clientmgr.c | 10 +- sound/core/seq/seq_clientmgr.h | 1 + sound/core/timer_compat.c | 12 +- sound/pci/hda/hda_intel.c | 3 + sound/usb/clock.c | 9 +- sound/usb/mixer.c | 19 +- 149 files changed, 1480 insertions(+), 1026 deletions(-) -- Ben Hutchings Sturgeon's Law: Ninety percent of everything is crap.

7 years, 8 months

3
138
0 0

[Linux-stable-mirror] [PATCH] drm/i915/audio: do not set Maud/Naud values manually on KBL

by Jani Nikula

Apparently using the manual Maud/Naud mode does not work on KBL. The details on the failure mode are scarce, except that there's no audio, and there is obviously no idea on the root cause either. It is also unknown whether the failure can be reproduced on newer platforms in some scenarios. The problem was introduced when switching from automatic mode to manual mode in commit 6014ac122ed0 ("drm/i915/audio: set proper N/M in modeset"). Instead of reverting that, disable the feature on KBL as a workaround. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=104093 Reported-by: Quanxian Wang <quanxian.wang(a)intel.com> Fixes: 6014ac122ed0 ("drm/i915/audio: set proper N/M in modeset") Cc: <stable(a)vger.kernel.org> # v4.10+ Cc: Keqiao Zhang <keqiao.zhang(a)intel.com> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Mengdong Lin <mengdong.lin(a)intel.com> Cc: Libin Yang <libin.yang(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Quanxian Wang <quanxian.wang(a)intel.com> Cc: Wang Zhijun <zhijunx.wang(a)intel.com> Cc: Cui Yueping <yuepingx.cui(a)intel.com> Cc: Alice Liu <alice.liu(a)intel.com> Cc: intel-gfx(a)lists.freedesktop.org Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> --- UNTESTED. Please provide Tested-by's on the affected KBLs, but *also* on CFL, CNL, etc. --- drivers/gpu/drm/i915/intel_audio.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_audio.c b/drivers/gpu/drm/i915/intel_audio.c index 522d54fecb53..b7634cff12b6 100644 --- a/drivers/gpu/drm/i915/intel_audio.c +++ b/drivers/gpu/drm/i915/intel_audio.c @@ -294,12 +294,19 @@ hsw_dp_audio_config_update(struct intel_encoder *encoder, struct intel_crtc *crtc = to_intel_crtc(crtc_state->base.crtc); enum port port = encoder->port; enum pipe pipe = crtc->pipe; - const struct dp_aud_n_m *nm; + const struct dp_aud_n_m *nm = NULL; int rate; u32 tmp; rate = acomp ? acomp->aud_sample_rate[port] : 0; - nm = audio_config_dp_get_n_m(crtc_state, rate); + + /* + * FIXME: For reasons still unknown, there seem to be issues with the + * manual Maud/Naud mode on KBL. + */ + if (!IS_KABYLAKE(dev_priv)) + nm = audio_config_dp_get_n_m(crtc_state, rate); + if (nm) DRM_DEBUG_KMS("using Maud %u, Naud %u\n", nm->m, nm->n); else -- 2.11.0

7 years, 8 months

3
2
0 0

[Linux-stable-mirror] 4.14.x - KVM guests crashing

by Nikola Ciprich

Hi, not sure whether this is the best list to ask for that, but maybe somebody from -stable interested people has hit similar problem.. if it's not appropriate list to ask/report, please let me know since we started rolling to 4.14.x kernels, we've experienced multiple KVM guest panics (with 4.14 on hosts) We've first hit it with 4.14.12, yesterday I had similar problem with 4.14.16. backtraces can be observed here: http://nik.lbox.cz/download/guest-panic-host-4.14.12.png http://nik.lbox.cz/download/guest-panic-host-4.14.16.png sorry I don't have anything more complete they are a bit different, but there are some similarities (ie double_fault) also important to note, both are from different host systems. after reverting hosts to 4.4, crashes are gone. my question is, did anyone hit similar problem? Is this something know, maybe fixed in 4.14.17? (I'll give 4.14.17 try anyways I suppose) (or latest git?) could it be related to page table isolation enabled hosts? btw hosts are running x86_64 centos 7, guests are either centos 6 or centos 7 If I could provide any further info, let me know BR nik -- ------------------------------------- Ing. Nikola CIPRICH LinuxBox.cz, s.r.o. 28.rijna 168, 709 00 Ostrava tel.: +420 591 166 214 fax: +420 596 621 273 mobil: +420 777 093 799 www.linuxbox.cz mobil servis: +420 737 238 656 email servis: servis(a)linuxbox.cz -------------------------------------

7 years, 8 months

3
3
0 0

[Linux-stable-mirror] + mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled-v3.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, swap, frontswap: fix THP swap if frontswap enabled has been added to the -mm tree. Its filename is mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled-v3.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-swap-frontswap-fix-thp-swap-if-… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-swap-frontswap-fix-thp-swap-if-… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/SubmitChecklist when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Huang Ying <huang.ying.caritas(a)gmail.com> Subject: mm, swap, frontswap: fix THP swap if frontswap enabled It was reported by Sergey Senozhatsky that if THP (Transparent Huge Page) and frontswap (via zswap) are both enabled, when memory goes low so that swap is triggered, segfault and memory corruption will occur in random user space applications as follow, kernel: urxvt[338]: segfault at 20 ip 00007fc08889ae0d sp 00007ffc73a7fc40 error 6 in libc-2.26.so[7fc08881a000+1ae000] #0 0x00007fc08889ae0d _int_malloc (libc.so.6) #1 0x00007fc08889c2f3 malloc (libc.so.6) #2 0x0000560e6004bff7 _Z14rxvt_wcstoutf8PKwi (urxvt) #3 0x0000560e6005e75c n/a (urxvt) #4 0x0000560e6007d9f1 _ZN16rxvt_perl_interp6invokeEP9rxvt_term9hook_typez (urxvt) #5 0x0000560e6003d988 _ZN9rxvt_term9cmd_parseEv (urxvt) #6 0x0000560e60042804 _ZN9rxvt_term6pty_cbERN2ev2ioEi (urxvt) #7 0x0000560e6005c10f _Z17ev_invoke_pendingv (urxvt) #8 0x0000560e6005cb55 ev_run (urxvt) #9 0x0000560e6003b9b9 main (urxvt) #10 0x00007fc08883af4a __libc_start_main (libc.so.6) #11 0x0000560e6003f9da _start (urxvt) After bisection, it was found the first bad commit is bd4c82c22c367e068 ("mm, THP, swap: delay splitting THP after swapped out"). The root cause is as follows: When the pages are written to swap device during swapping out in swap_writepage(), zswap (fontswap) is tried to compress the pages to improve performance. But zswap (frontswap) will treat THP as a normal page, so only the head page is saved. After swapping in, tail pages will not be restored to their original contents, causing memory corruption in the applications. This is fixed by refusing to save page in the frontswap store functions if the page is a THP. So that the THP will be swapped out to swap device. Another choice is to split THP if frontswap is enabled. But it is found that the frontswap enabling isn't flexible. For example, if CONFIG_ZSWAP=y (cannot be module), frontswap will be enabled even if zswap itself isn't enabled. Frontswap has multiple backends, to make it easy for one backend to enable THP support, the THP checking is put in backend frontswap store functions instead of the general interfaces. Link: http://lkml.kernel.org/r/20180209084947.22749-1-ying.huang@intel.com Fixes: bd4c82c22c367e068 ("mm, THP, swap: delay splitting THP after swapped out") Signed-off-by: "Huang, Ying" <ying.huang(a)intel.com> Reported-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Suggested-by: Minchan Kim <minchan(a)kernel.org> [put THP checking in backend] Cc: Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> Cc: Dan Streetman <ddstreet(a)ieee.org> Cc: Seth Jennings <sjenning(a)redhat.com> Cc: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Cc: Shaohua Li <shli(a)kernel.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Shakeel Butt <shakeelb(a)google.com> Cc: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: Juergen Gross <jgross(a)suse.com> Cc: <stable(a)vger.kernel.org> [4.14] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/xen/tmem.c | 4 ++++ mm/zswap.c | 6 ++++++ 2 files changed, 10 insertions(+) diff -puN drivers/xen/tmem.c~mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled-v3 drivers/xen/tmem.c --- a/drivers/xen/tmem.c~mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled-v3 +++ a/drivers/xen/tmem.c @@ -284,6 +284,10 @@ static int tmem_frontswap_store(unsigned int pool = tmem_frontswap_poolid; int ret; + /* THP isn't supported */ + if (PageTransHuge(page)) + return -1; + if (pool < 0) return -1; if (ind64 != ind) diff -puN mm/zswap.c~mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled-v3 mm/zswap.c --- a/mm/zswap.c~mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled-v3 +++ a/mm/zswap.c @@ -1007,6 +1007,12 @@ static int zswap_frontswap_store(unsigne u8 *src, *dst; struct zswap_header zhdr = { .swpentry = swp_entry(type, offset) }; + /* THP isn't supported */ + if (PageTransHuge(page)) { + ret = -EINVAL; + goto reject; + } + if (!zswap_enabled || !tree) { ret = -ENODEV; goto reject; _ Patches currently in -mm which might be from huang.ying.caritas(a)gmail.com are mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled-v3.patch

7 years, 8 months

1
0
0 0

[Linux-stable-mirror] [to-be-updated] mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, swap, frontswap: Fix THP swap if frontswap enabled has been removed from the -mm tree. Its filename was mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled.patch This patch was dropped because an updated version will be merged ------------------------------------------------------ From: Huang Ying <huang.ying.caritas(a)gmail.com> Subject: mm, swap, frontswap: Fix THP swap if frontswap enabled It was reported by Sergey Senozhatsky that if THP (Transparent Huge Page) and frontswap (via zswap) are both enabled, when memory goes low so that swap is triggered, segfault and memory corruption will occur in random user space applications as follow, kernel: urxvt[338]: segfault at 20 ip 00007fc08889ae0d sp 00007ffc73a7fc40 error 6 in libc-2.26.so[7fc08881a000+1ae000] #0 0x00007fc08889ae0d _int_malloc (libc.so.6) #1 0x00007fc08889c2f3 malloc (libc.so.6) #2 0x0000560e6004bff7 _Z14rxvt_wcstoutf8PKwi (urxvt) #3 0x0000560e6005e75c n/a (urxvt) #4 0x0000560e6007d9f1 _ZN16rxvt_perl_interp6invokeEP9rxvt_term9hook_typez (urxvt) #5 0x0000560e6003d988 _ZN9rxvt_term9cmd_parseEv (urxvt) #6 0x0000560e60042804 _ZN9rxvt_term6pty_cbERN2ev2ioEi (urxvt) #7 0x0000560e6005c10f _Z17ev_invoke_pendingv (urxvt) #8 0x0000560e6005cb55 ev_run (urxvt) #9 0x0000560e6003b9b9 main (urxvt) #10 0x00007fc08883af4a __libc_start_main (libc.so.6) #11 0x0000560e6003f9da _start (urxvt) After bisection, it was found the first bad commit is bd4c82c22c367e068 ("mm, THP, swap: delay splitting THP after swapped out"). The root cause is as follows: When the pages are written to swap device during swapping out in swap_writepage(), zswap (fontswap) is tried to compress the pages instead to improve the performance. But zswap (frontswap) will treat THP as normal page, so only the head page is saved. After swapping in, tail pages will not be restored to its original contents, so cause the memory corruption in the applications. This is fixed via splitting THP before writing the page to swap device if frontswap is enabled. To deal with the situation where frontswap is enabled at runtime, whether the page is THP is checked before using frontswap during swapping out too. Link: http://lkml.kernel.org/r/20180207070035.30302-1-ying.huang@intel.com Fixes: bd4c82c22c367e068 ("mm, THP, swap: delay splitting THP after swapped out") Signed-off-by: "Huang, Ying" <ying.huang(a)intel.com> Reported-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Tested-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> Cc: Dan Streetman <ddstreet(a)ieee.org> Cc: Seth Jennings <sjenning(a)redhat.com> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Cc: Shaohua Li <shli(a)kernel.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Shakeel Butt <shakeelb(a)google.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_io.c | 2 +- mm/swapfile.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff -puN mm/page_io.c~mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled mm/page_io.c --- a/mm/page_io.c~mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled +++ a/mm/page_io.c @@ -250,7 +250,7 @@ int swap_writepage(struct page *page, st unlock_page(page); goto out; } - if (frontswap_store(page) == 0) { + if (!PageTransHuge(page) && frontswap_store(page) == 0) { set_page_writeback(page); unlock_page(page); end_page_writeback(page); diff -puN mm/swapfile.c~mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled mm/swapfile.c --- a/mm/swapfile.c~mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled +++ a/mm/swapfile.c @@ -934,6 +934,9 @@ int get_swap_pages(int n_goal, bool clus /* Only single cluster request supported */ WARN_ON_ONCE(n_goal > 1 && cluster); + /* Frontswap doesn't support THP */ + if (frontswap_enabled() && cluster) + goto noswap; avail_pgs = atomic_long_read(&nr_swap_pages) / nr_pages; if (avail_pgs <= 0) _ Patches currently in -mm which might be from huang.ying.caritas(a)gmail.com are mm-swap-frontswap-fix-thp-swap-if-frontswap-enabled-v3.patch

7 years, 8 months

1
0
0 0

Re: [Linux-stable-mirror] [PATCH 4.14 00/22] 4.14.19-stable review

by Kevin Hilman

On Fri, Feb 9, 2018 at 11:36 AM, kernelci.org bot <bot(a)kernelci.org> wrote: > stable-rc/linux-4.14.y boot: 111 boots: 2 failed, 109 passed (v4.14.18-23-g8d861f5b27b0) > > Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.14.y/kernel/v4.1… > Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.14.y/kernel/v4.14.18-23… > > Tree: stable-rc > Branch: linux-4.14.y > Git Describe: v4.14.18-23-g8d861f5b27b0 > Git Commit: 8d861f5b27b05466ce2a9d3c4108367555dccefe > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git > Tested: 63 unique boards, 22 SoC families, 16 builds out of 185 TL;DR; All is well. > Boot Regressions Detected: > > arm64: > > defconfig: > bcm2837-rpi-3-b: > lab-baylibre: new failure (last pass: v4.14.18-19-g44b8fc264b98) > r8a7795-salvator-x: > lab-baylibre: new failure (last pass: v4.14.18-19-g44b8fc264b98) Both of these are a bootloader failure to TFTP a kernel image. Kevin

7 years, 8 months

1
0
0 0

[Linux-stable-mirror] [PATCH 2/6] tracing: Fix parsing of globs with a wildcard at the beginning

by Steven Rostedt

From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> Al Viro reported: For substring - sure, but what about something like "*a*b" and "a*b"? AFAICS, filter_parse_regex() ends up with identical results in both cases - MATCH_GLOB and *search = "a*b". And no way for the caller to tell one from another. Testing this with the following: # cd /sys/kernel/tracing # echo '*raw*lock' > set_ftrace_filter bash: echo: write error: Invalid argument With this patch: # echo '*raw*lock' > set_ftrace_filter # cat set_ftrace_filter _raw_read_trylock _raw_write_trylock _raw_read_unlock _raw_spin_unlock _raw_write_unlock _raw_spin_trylock _raw_spin_lock _raw_write_lock _raw_read_lock Al recommended not setting the search buffer to skip the first '*' unless we know we are not using MATCH_GLOB. This implements his suggested logic. Link: http://lkml.kernel.org/r/20180127170748.GF13338@ZenIV.linux.org.uk Cc: stable(a)vger.kernel.org Fixes: 60f1d5e3bac44 ("ftrace: Support full glob matching") Reviewed-by: Masami Hiramatsu <mhiramat(a)kernel.org> Reported-by: Al Viro <viro(a)ZenIV.linux.org.uk> Suggsted-by: Al Viro <viro(a)ZenIV.linux.org.uk> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_events_filter.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c index 61e7f0678d33..a764aec3c9a1 100644 --- a/kernel/trace/trace_events_filter.c +++ b/kernel/trace/trace_events_filter.c @@ -400,7 +400,6 @@ enum regex_type filter_parse_regex(char *buff, int len, char **search, int *not) for (i = 0; i < len; i++) { if (buff[i] == '*') { if (!i) { - *search = buff + 1; type = MATCH_END_ONLY; } else if (i == len - 1) { if (type == MATCH_END_ONLY) @@ -410,14 +409,14 @@ enum regex_type filter_parse_regex(char *buff, int len, char **search, int *not) buff[i] = 0; break; } else { /* pattern continues, use full glob */ - type = MATCH_GLOB; - break; + return MATCH_GLOB; } } else if (strchr("[?\\", buff[i])) { - type = MATCH_GLOB; - break; + return MATCH_GLOB; } } + if (buff[0] == '*') + *search = buff + 1; return type; } -- 2.15.1

7 years, 8 months

1
0
0 0

[Linux-stable-mirror] [PATCH 1/6] ftrace: Remove incorrect setting of glob search field

by Steven Rostedt

From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> __unregister_ftrace_function_probe() will incorrectly parse the glob filter because it resets the search variable that was setup by filter_parse_regex(). Al Viro reported this: After that call of filter_parse_regex() we could have func_g.search not equal to glob only if glob started with '!' or '*'. In the former case we would've buggered off with -EINVAL (not = 1). In the latter we would've set func_g.search equal to glob + 1, calculated the length of that thing in func_g.len and proceeded to reset func_g.search back to glob. Suppose the glob is e.g. *foo*. We end up with func_g.type = MATCH_MIDDLE_ONLY; func_g.len = 3; func_g.search = "*foo"; Feeding that to ftrace_match_record() will not do anything sane - we will be looking for names containing "*foo" (->len is ignored for that one). Link: http://lkml.kernel.org/r/20180127031706.GE13338@ZenIV.linux.org.uk Cc: stable(a)vger.kernel.org Fixes: 3ba009297149f ("ftrace: Introduce ftrace_glob structure") Reviewed-by: Dmitry Safonov <0x7f454c46(a)gmail.com> Reviewed-by: Masami Hiramatsu <mhiramat(a)kernel.org> Reported-by: Al Viro <viro(a)ZenIV.linux.org.uk> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 1 - 1 file changed, 1 deletion(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index dabd9d167d42..eac9ce2c57a2 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -4456,7 +4456,6 @@ unregister_ftrace_function_probe_func(char *glob, struct trace_array *tr, func_g.type = filter_parse_regex(glob, strlen(glob), &func_g.search, &not); func_g.len = strlen(func_g.search); - func_g.search = glob; /* we do not support '!' for function probes */ if (WARN_ON(not)) -- 2.15.1

7 years, 8 months

1
0
0 0

[Linux-stable-mirror] [PATCH] usb: gadget: uvc: Missing files for configfs interface

by Bin Liu

From: Petr Cvek <petr.cvek(a)tul.cz> commit c8cd751060b149997b9de53a494fb1490ded72c5 upstream. Commit 76e0da34c7ce ("usb-gadget/uvc: use per-attribute show and store methods") caused a stringification of an undefined macro argument "aname", so three UVC parameters (streaming_interval, streaming_maxpacket and streaming_maxburst) were named "aname". Add the definition of "aname" to the main macro and name the filenames as originaly intended. Signed-off-by: Petr Cvek <petr.cvek(a)tul.cz> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Signed-off-by: Bin Liu <b-liu(a)ti.com> --- drivers/usb/gadget/function/uvc_configfs.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/drivers/usb/gadget/function/uvc_configfs.c b/drivers/usb/gadget/function/uvc_configfs.c index ad8c9b05572d..01656f1c6d65 100644 --- a/drivers/usb/gadget/function/uvc_configfs.c +++ b/drivers/usb/gadget/function/uvc_configfs.c @@ -2202,7 +2202,7 @@ static struct configfs_item_operations uvc_item_ops = { .release = uvc_attr_release, }; -#define UVCG_OPTS_ATTR(cname, conv, str2u, uxx, vnoc, limit) \ +#define UVCG_OPTS_ATTR(cname, aname, conv, str2u, uxx, vnoc, limit) \ static ssize_t f_uvc_opts_##cname##_show( \ struct config_item *item, char *page) \ { \ @@ -2245,16 +2245,16 @@ end: \ return ret; \ } \ \ -UVC_ATTR(f_uvc_opts_, cname, aname) +UVC_ATTR(f_uvc_opts_, cname, cname) #define identity_conv(x) (x) -UVCG_OPTS_ATTR(streaming_interval, identity_conv, kstrtou8, u8, identity_conv, - 16); -UVCG_OPTS_ATTR(streaming_maxpacket, le16_to_cpu, kstrtou16, u16, le16_to_cpu, - 3072); -UVCG_OPTS_ATTR(streaming_maxburst, identity_conv, kstrtou8, u8, identity_conv, - 15); +UVCG_OPTS_ATTR(streaming_interval, streaming_interval, identity_conv, + kstrtou8, u8, identity_conv, 16); +UVCG_OPTS_ATTR(streaming_maxpacket, streaming_maxpacket, le16_to_cpu, + kstrtou16, u16, le16_to_cpu, 3072); +UVCG_OPTS_ATTR(streaming_maxburst, streaming_maxburst, identity_conv, + kstrtou8, u8, identity_conv, 15); #undef identity_conv -- 1.9.1

7 years, 8 months

2
2
0 0

[Linux-stable-mirror] [PATCH] KVM MMU: check pending exception before injecting APF

by Paolo Bonzini

From: Haozhong Zhang <haozhong.zhang(a)intel.com> [ upstream commit 2a266f23550be997d783f27e704b9b40c4010292 Mon Sep 17 00:00:00 2001 ] For example, when two APF's for page ready happen after one exit and the first one becomes pending, the second one will result in #DF. Instead, just handle the second page fault synchronously. Reported-by: Ross Zwisler <zwisler(a)gmail.com> Message-ID: <CAOxpaSUBf8QoOZQ1p4KfUp0jq76OKfGY4Uxs-Gg8ngReD99xww(a)mail.gmail.com> Reported-by: Alec Blayne <ab(a)tevsa.net> Signed-off-by: Haozhong Zhang <haozhong.zhang(a)intel.com> Fixes: 664f8e26b00c7673a8303b0d40853a0c24ca93e1 Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> --- arch/x86/kvm/mmu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index c4deb1f34faa..e577bacd4bd0 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -3781,7 +3781,8 @@ static int kvm_arch_setup_async_pf(struct kvm_vcpu *vcpu, gva_t gva, gfn_t gfn) bool kvm_can_do_async_pf(struct kvm_vcpu *vcpu) { if (unlikely(!lapic_in_kernel(vcpu) || - kvm_event_needs_reinjection(vcpu))) + kvm_event_needs_reinjection(vcpu) || + vcpu->arch.exception.pending)) return false; if (!vcpu->arch.apf.delivery_as_pf_vmexit && is_guest_mode(vcpu)) -- 1.8.3.1

7 years, 8 months

2
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror