- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] [patch 24/28] fs/fat/inode.c: fix sb_rdonly() change

by akpm＠linux-foundation.org

From: OGAWA Hirofumi <hirofumi(a)mail.parknet.co.jp> Subject: fs/fat/inode.c: fix sb_rdonly() change bc98a42c1f7d0f ("VFS: Convert sb->s_flags & MS_RDONLY to sb_rdonly(sb)") converted fat_remount():new_rdonly from a bool to an int. However fat_remount() depends upon the compiler's conversion of a non-zero integer into boolean `true'. Fix it by switching `new_rdonly' back into a bool. Link: http://lkml.kernel.org/r/87mv3d5x51.fsf@mail.parknet.co.jp Fixes: bc98a42c1f7d0f8 ("VFS: Convert sb->s_flags & MS_RDONLY to sb_rdonly(sb)") Signed-off-by: OGAWA Hirofumi <hirofumi(a)mail.parknet.co.jp> Cc: Joe Perches <joe(a)perches.com> Cc: David Howells <dhowells(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/fat/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN fs/fat/inode.c~fat-fix-sb_rdonly-change fs/fat/inode.c --- a/fs/fat/inode.c~fat-fix-sb_rdonly-change +++ a/fs/fat/inode.c @@ -779,7 +779,7 @@ static void __exit fat_destroy_inodecach static int fat_remount(struct super_block *sb, int *flags, char *data) { - int new_rdonly; + bool new_rdonly; struct msdos_sb_info *sbi = MSDOS_SB(sb); *flags |= SB_NODIRATIME | (sbi->options.isvfat ? 0 : SB_NOATIME); _

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] [patch 23/28] mm, memcg: fix mem_cgroup_swapout() for THPs

by akpm＠linux-foundation.org

From: Shakeel Butt <shakeelb(a)google.com> Subject: mm, memcg: fix mem_cgroup_swapout() for THPs d6810d730022 ("memcg, THP, swap: make mem_cgroup_swapout() support THP") changed mem_cgroup_swapout() to support transparent huge page (THP). However the patch missed one location which should be changed for correctly handling THPs. The resulting bug will cause the memory cgroups whose THPs were swapped out to become zombies on deletion. Link: http://lkml.kernel.org/r/20171128161941.20931-1-shakeelb@google.com Fixes: d6810d730022 ("memcg, THP, swap: make mem_cgroup_swapout() support THP") Signed-off-by: Shakeel Butt <shakeelb(a)google.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Huang Ying <ying.huang(a)intel.com> Cc: Vladimir Davydov <vdavydov.dev(a)gmail.com> Cc: Greg Thelen <gthelen(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memcontrol.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN mm/memcontrol.c~mm-memcg-fix-mem_cgroup_swapout-for-thps mm/memcontrol.c --- a/mm/memcontrol.c~mm-memcg-fix-mem_cgroup_swapout-for-thps +++ a/mm/memcontrol.c @@ -6044,7 +6044,7 @@ void mem_cgroup_swapout(struct page *pag memcg_check_events(memcg, page); if (!mem_cgroup_is_root(memcg)) - css_put(&memcg->css); + css_put_many(&memcg->css, nr_entries); } /** _

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] [patch 22/28] mm: migrate: fix an incorrect call of prep_transhuge_page()

by akpm＠linux-foundation.org

From: Zi Yan <zi.yan(a)cs.rutgers.edu> Subject: mm: migrate: fix an incorrect call of prep_transhuge_page() In https://lkml.org/lkml/2017/11/20/411, Andrea reported that during memory hotplug/hot remove prep_transhuge_page() is called incorrectly on non-THP pages for migration, when THP is on but THP migration is not enabled. This leads to a bad state of target pages for migration. By inspecting the code, if called on a non-THP, prep_transhuge_page() will 1) change the value of the mapping of (page + 2), since it is used for THP deferred list; 2) change the lru value of (page + 1), since it is used for THP's dtor. Both can lead to data corruption of these two pages. Andrea said: : Pragmatically and from the point of view of the memory_hotplug subsys, the : effect is a kernel crash when pages are being migrated during a memory hot : remove offline and migration target pages are found in a bad state. This patch fixes it by only calling prep_transhuge_page() when we are certain that the target page is THP. Link: http://lkml.kernel.org/r/20171121021855.50525-1-zi.yan@sent.com Fixes: 8135d8926c08 ("mm: memory_hotplug: memory hotremove supports thp migration") Signed-off-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Reported-by: Andrea Reale <ar(a)linux.vnet.ibm.com> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: "Jérôme Glisse" <jglisse(a)redhat.com> Cc: <stable(a)vger.kernel.org> [4.14] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/migrate.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN include/linux/migrate.h~mm-migrate-fix-an-incorrect-call-of-prep_transhuge_page include/linux/migrate.h --- a/include/linux/migrate.h~mm-migrate-fix-an-incorrect-call-of-prep_transhuge_page +++ a/include/linux/migrate.h @@ -54,7 +54,7 @@ static inline struct page *new_page_node new_page = __alloc_pages_nodemask(gfp_mask, order, preferred_nid, nodemask); - if (new_page && PageTransHuge(page)) + if (new_page && PageTransHuge(new_page)) prep_transhuge_page(new_page); return new_page; _

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] [patch 17/28] mm/madvise.c: fix madvise() infinite loop under special circumstances

by akpm＠linux-foundation.org

From: chenjie <chenjie6(a)huawei.com> Subject: mm/madvise.c: fix madvise() infinite loop under special circumstances MADVISE_WILLNEED has always been a noop for DAX (formerly XIP) mappings. Unfortunately madvise_willneed() doesn't communicate this information properly to the generic madvise syscall implementation. The calling convention is quite subtle there. madvise_vma() is supposed to either return an error or update &prev otherwise the main loop will never advance to the next vma and it will keep looping for ever without a way to get out of the kernel. It seems this has been broken since introduction. Nobody has noticed because nobody seems to be using MADVISE_WILLNEED on these DAX mappings. [mhocko(a)suse.com: rewrite changelog] Link: http://lkml.kernel.org/r/20171127115318.911-1-guoxuenan@huawei.com Fixes: fe77ba6f4f97 ("[PATCH] xip: madvice/fadvice: execute in place") Signed-off-by: chenjie <chenjie6(a)huawei.com> Signed-off-by: guoxuenan <guoxuenan(a)huawei.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Minchan Kim <minchan(a)kernel.org> Cc: zhangyi (F) <yi.zhang(a)huawei.com> Cc: Miao Xie <miaoxie(a)huawei.com> Cc: Mike Rapoport <rppt(a)linux.vnet.ibm.com> Cc: Shaohua Li <shli(a)fb.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: David Rientjes <rientjes(a)google.com> Cc: Anshuman Khandual <khandual(a)linux.vnet.ibm.com> Cc: Rik van Riel <riel(a)redhat.com> Cc: Carsten Otte <cotte(a)de.ibm.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/madvise.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff -puN mm/madvise.c~mmmadvise-bugfix-of-madvise-systemcall-infinite-loop-under-special-circumstances mm/madvise.c --- a/mm/madvise.c~mmmadvise-bugfix-of-madvise-systemcall-infinite-loop-under-special-circumstances +++ a/mm/madvise.c @@ -276,15 +276,14 @@ static long madvise_willneed(struct vm_a { struct file *file = vma->vm_file; + *prev = vma; #ifdef CONFIG_SWAP if (!file) { - *prev = vma; force_swapin_readahead(vma, start, end); return 0; } if (shmem_mapping(file->f_mapping)) { - *prev = vma; force_shm_swapin_readahead(vma, start, end, file->f_mapping); return 0; @@ -299,7 +298,6 @@ static long madvise_willneed(struct vm_a return 0; } - *prev = vma; start = ((start - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff; if (end > vma->vm_end) end = vma->vm_end; _

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] [patch 16/28] exec: avoid RLIMIT_STACK races with prlimit()

by akpm＠linux-foundation.org

From: Kees Cook <keescook(a)chromium.org> Subject: exec: avoid RLIMIT_STACK races with prlimit() While the defense-in-depth RLIMIT_STACK limit on setuid processes was protected against races from other threads calling setrlimit(), I missed protecting it against races from external processes calling prlimit(). This adds locking around the change and makes sure that rlim_max is set too. Link: http://lkml.kernel.org/r/20171127193457.GA11348@beast Fixes: 64701dee4178e ("exec: Use sane stack rlimit under secureexec") Signed-off-by: Kees Cook <keescook(a)chromium.org> Reported-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Reported-by: Brad Spengler <spender(a)grsecurity.net> Acked-by: Serge Hallyn <serge(a)hallyn.com> Cc: James Morris <james.l.morris(a)oracle.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Jiri Slaby <jslaby(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/exec.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff -puN fs/exec.c~exec-avoid-rlimit_stack-races-with-prlimit fs/exec.c --- a/fs/exec.c~exec-avoid-rlimit_stack-races-with-prlimit +++ a/fs/exec.c @@ -1340,10 +1340,15 @@ void setup_new_exec(struct linux_binprm * avoid bad behavior from the prior rlimits. This has to * happen before arch_pick_mmap_layout(), which examines * RLIMIT_STACK, but after the point of no return to avoid - * needing to clean up the change on failure. + * races from other threads changing the limits. This also + * must be protected from races with prlimit() calls. */ + task_lock(current->group_leader); if (current->signal->rlim[RLIMIT_STACK].rlim_cur > _STK_LIM) current->signal->rlim[RLIMIT_STACK].rlim_cur = _STK_LIM; + if (current->signal->rlim[RLIMIT_STACK].rlim_max > _STK_LIM) + current->signal->rlim[RLIMIT_STACK].rlim_max = _STK_LIM; + task_unlock(current->group_leader); } arch_pick_mmap_layout(current->mm); _

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] [patch 15/28] IB/core: disable memory registration of filesystem-dax vmas

by akpm＠linux-foundation.org

From: Dan Williams <dan.j.williams(a)intel.com> Subject: IB/core: disable memory registration of filesystem-dax vmas Until there is a solution to the dma-to-dax vs truncate problem it is not safe to allow RDMA to create long standing memory registrations against filesytem-dax vmas. Link: http://lkml.kernel.org/r/151068941011.7446.7766030590347262502.stgit@dwilli… Fixes: 3565fce3a659 ("mm, x86: get_user_pages() for dax mappings") Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> Reported-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Acked-by: Jason Gunthorpe <jgg(a)mellanox.com> Cc: Sean Hefty <sean.hefty(a)intel.com> Cc: Doug Ledford <dledford(a)redhat.com> Cc: Hal Rosenstock <hal.rosenstock(a)gmail.com> Cc: Jeff Moyer <jmoyer(a)redhat.com> Cc: Ross Zwisler <ross.zwisler(a)linux.intel.com> Cc: Inki Dae <inki.dae(a)samsung.com> Cc: Jan Kara <jack(a)suse.cz> Cc: Joonyoung Shim <jy0922.shim(a)samsung.com> Cc: Kyungmin Park <kyungmin.park(a)samsung.com> Cc: Mauro Carvalho Chehab <mchehab(a)kernel.org> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Seung-Woo Kim <sw0312.kim(a)samsung.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/infiniband/core/umem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN drivers/infiniband/core/umem.c~ib-core-disable-memory-registration-of-fileystem-dax-vmas drivers/infiniband/core/umem.c --- a/drivers/infiniband/core/umem.c~ib-core-disable-memory-registration-of-fileystem-dax-vmas +++ a/drivers/infiniband/core/umem.c @@ -191,7 +191,7 @@ struct ib_umem *ib_umem_get(struct ib_uc sg_list_start = umem->sg_head.sgl; while (npages) { - ret = get_user_pages(cur_base, + ret = get_user_pages_longterm(cur_base, min_t(unsigned long, npages, PAGE_SIZE / sizeof (struct page *)), gup_flags, page_list, vma_list); _

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] [patch 14/28] v4l2: disable filesystem-dax mapping support

by akpm＠linux-foundation.org

From: Dan Williams <dan.j.williams(a)intel.com> Subject: v4l2: disable filesystem-dax mapping support V4L2 memory registrations are incompatible with filesystem-dax that needs the ability to revoke dma access to a mapping at will, or otherwise allow the kernel to wait for completion of DMA. The filesystem-dax implementation breaks the traditional solution of truncate of active file backed mappings since there is no page-cache page we can orphan to sustain ongoing DMA. If v4l2 wants to support long lived DMA mappings it needs to arrange to hold a file lease or use some other mechanism so that the kernel can coordinate revoking DMA access when the filesystem needs to truncate mappings. Link: http://lkml.kernel.org/r/151068940499.7446.12846708245365671207.stgit@dwill… Fixes: 3565fce3a659 ("mm, x86: get_user_pages() for dax mappings") Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> Reported-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Jan Kara <jack(a)suse.cz> Cc: Mauro Carvalho Chehab <mchehab(a)kernel.org> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Doug Ledford <dledford(a)redhat.com> Cc: Hal Rosenstock <hal.rosenstock(a)gmail.com> Cc: Inki Dae <inki.dae(a)samsung.com> Cc: Jason Gunthorpe <jgg(a)mellanox.com> Cc: Jeff Moyer <jmoyer(a)redhat.com> Cc: Joonyoung Shim <jy0922.shim(a)samsung.com> Cc: Kyungmin Park <kyungmin.park(a)samsung.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Ross Zwisler <ross.zwisler(a)linux.intel.com> Cc: Sean Hefty <sean.hefty(a)intel.com> Cc: Seung-Woo Kim <sw0312.kim(a)samsung.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/media/v4l2-core/videobuf-dma-sg.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff -puN drivers/media/v4l2-core/videobuf-dma-sg.c~v4l2-disable-filesystem-dax-mapping-support drivers/media/v4l2-core/videobuf-dma-sg.c --- a/drivers/media/v4l2-core/videobuf-dma-sg.c~v4l2-disable-filesystem-dax-mapping-support +++ a/drivers/media/v4l2-core/videobuf-dma-sg.c @@ -185,12 +185,13 @@ static int videobuf_dma_init_user_locked dprintk(1, "init user [0x%lx+0x%lx => %d pages]\n", data, size, dma->nr_pages); - err = get_user_pages(data & PAGE_MASK, dma->nr_pages, + err = get_user_pages_longterm(data & PAGE_MASK, dma->nr_pages, flags, dma->pages, NULL); if (err != dma->nr_pages) { dma->nr_pages = (err >= 0) ? err : 0; - dprintk(1, "get_user_pages: err=%d [%d]\n", err, dma->nr_pages); + dprintk(1, "get_user_pages_longterm: err=%d [%d]\n", err, + dma->nr_pages); return err < 0 ? err : -EINVAL; } return 0; _

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] [patch 13/28] mm: fail get_vaddr_frames() for filesystem-dax mappings

by akpm＠linux-foundation.org

From: Dan Williams <dan.j.williams(a)intel.com> Subject: mm: fail get_vaddr_frames() for filesystem-dax mappings Until there is a solution to the dma-to-dax vs truncate problem it is not safe to allow V4L2, Exynos, and other frame vector users to create long standing / irrevocable memory registrations against filesytem-dax vmas. [dan.j.williams(a)intel.com: add comment for vma_is_fsdax() check in get_vaddr_frames(), per Jan] Link: http://lkml.kernel.org/r/151197874035.26211.4061781453123083667.stgit@dwill… Link: http://lkml.kernel.org/r/151068939985.7446.15684639617389154187.stgit@dwill… Fixes: 3565fce3a659 ("mm, x86: get_user_pages() for dax mappings") Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Cc: Inki Dae <inki.dae(a)samsung.com> Cc: Seung-Woo Kim <sw0312.kim(a)samsung.com> Cc: Joonyoung Shim <jy0922.shim(a)samsung.com> Cc: Kyungmin Park <kyungmin.park(a)samsung.com> Cc: Mauro Carvalho Chehab <mchehab(a)kernel.org> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Doug Ledford <dledford(a)redhat.com> Cc: Hal Rosenstock <hal.rosenstock(a)gmail.com> Cc: Jason Gunthorpe <jgg(a)mellanox.com> Cc: Jeff Moyer <jmoyer(a)redhat.com> Cc: Ross Zwisler <ross.zwisler(a)linux.intel.com> Cc: Sean Hefty <sean.hefty(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/frame_vector.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff -puN mm/frame_vector.c~mm-fail-get_vaddr_frames-for-filesystem-dax-mappings mm/frame_vector.c --- a/mm/frame_vector.c~mm-fail-get_vaddr_frames-for-filesystem-dax-mappings +++ a/mm/frame_vector.c @@ -53,6 +53,18 @@ int get_vaddr_frames(unsigned long start ret = -EFAULT; goto out; } + + /* + * While get_vaddr_frames() could be used for transient (kernel + * controlled lifetime) pinning of memory pages all current + * users establish long term (userspace controlled lifetime) + * page pinning. Treat get_vaddr_frames() like + * get_user_pages_longterm() and disallow it for filesystem-dax + * mappings. + */ + if (vma_is_fsdax(vma)) + return -EOPNOTSUPP; + if (!(vma->vm_flags & (VM_IO | VM_PFNMAP))) { vec->got_ref = true; vec->is_pfns = false; _

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] [patch 12/28] mm: introduce get_user_pages_longterm

by akpm＠linux-foundation.org

From: Dan Williams <dan.j.williams(a)intel.com> Subject: mm: introduce get_user_pages_longterm Patch series "introduce get_user_pages_longterm()", v2. Here is a new get_user_pages api for cases where a driver intends to keep an elevated page count indefinitely. This is distinct from usages like iov_iter_get_pages where the elevated page counts are transient. The iov_iter_get_pages cases immediately turn around and submit the pages to a device driver which will put_page when the i/o operation completes (under kernel control). In the longterm case userspace is responsible for dropping the page reference at some undefined point in the future. This is untenable for filesystem-dax case where the filesystem is in control of the lifetime of the block / page and needs reasonable limits on how long it can wait for pages in a mapping to become idle. Fixing filesystems to actually wait for dax pages to be idle before blocks from a truncate/hole-punch operation are repurposed is saved for a later patch series. Also, allowing longterm registration of dax mappings is a future patch series that introduces a "map with lease" semantic where the kernel can revoke a lease and force userspace to drop its page references. I have also tagged these for -stable to purposely break cases that might assume that longterm memory registrations for filesystem-dax mappings were supported by the kernel. The behavior regression this policy change implies is one of the reasons we maintain the "dax enabled. Warning: EXPERIMENTAL, use at your own risk" notification when mounting a filesystem in dax mode. It is worth noting the device-dax interface does not suffer the same constraints since it does not support file space management operations like hole-punch. This patch (of 4): Until there is a solution to the dma-to-dax vs truncate problem it is not safe to allow long standing memory registrations against filesytem-dax vmas. Device-dax vmas do not have this problem and are explicitly allowed. This is temporary until a "memory registration with layout-lease" mechanism can be implemented for the affected sub-systems (RDMA and V4L2). [akpm(a)linux-foundation.org: use kcalloc()] Link: http://lkml.kernel.org/r/151068939435.7446.13560129395419350737.stgit@dwill… Fixes: 3565fce3a659 ("mm, x86: get_user_pages() for dax mappings") Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> Suggested-by: Christoph Hellwig <hch(a)lst.de> Cc: Doug Ledford <dledford(a)redhat.com> Cc: Hal Rosenstock <hal.rosenstock(a)gmail.com> Cc: Inki Dae <inki.dae(a)samsung.com> Cc: Jan Kara <jack(a)suse.cz> Cc: Jason Gunthorpe <jgg(a)mellanox.com> Cc: Jeff Moyer <jmoyer(a)redhat.com> Cc: Joonyoung Shim <jy0922.shim(a)samsung.com> Cc: Kyungmin Park <kyungmin.park(a)samsung.com> Cc: Mauro Carvalho Chehab <mchehab(a)kernel.org> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Ross Zwisler <ross.zwisler(a)linux.intel.com> Cc: Sean Hefty <sean.hefty(a)intel.com> Cc: Seung-Woo Kim <sw0312.kim(a)samsung.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/fs.h | 14 +++++++++ include/linux/mm.h | 13 ++++++++ mm/gup.c | 64 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 91 insertions(+) diff -puN include/linux/fs.h~mm-introduce-get_user_pages_longterm include/linux/fs.h --- a/include/linux/fs.h~mm-introduce-get_user_pages_longterm +++ a/include/linux/fs.h @@ -3194,6 +3194,20 @@ static inline bool vma_is_dax(struct vm_ return vma->vm_file && IS_DAX(vma->vm_file->f_mapping->host); } +static inline bool vma_is_fsdax(struct vm_area_struct *vma) +{ + struct inode *inode; + + if (!vma->vm_file) + return false; + if (!vma_is_dax(vma)) + return false; + inode = file_inode(vma->vm_file); + if (inode->i_mode == S_IFCHR) + return false; /* device-dax */ + return true; +} + static inline int iocb_flags(struct file *file) { int res = 0; diff -puN include/linux/mm.h~mm-introduce-get_user_pages_longterm include/linux/mm.h --- a/include/linux/mm.h~mm-introduce-get_user_pages_longterm +++ a/include/linux/mm.h @@ -1380,6 +1380,19 @@ long get_user_pages_locked(unsigned long unsigned int gup_flags, struct page **pages, int *locked); long get_user_pages_unlocked(unsigned long start, unsigned long nr_pages, struct page **pages, unsigned int gup_flags); +#ifdef CONFIG_FS_DAX +long get_user_pages_longterm(unsigned long start, unsigned long nr_pages, + unsigned int gup_flags, struct page **pages, + struct vm_area_struct **vmas); +#else +static inline long get_user_pages_longterm(unsigned long start, + unsigned long nr_pages, unsigned int gup_flags, + struct page **pages, struct vm_area_struct **vmas) +{ + return get_user_pages(start, nr_pages, gup_flags, pages, vmas); +} +#endif /* CONFIG_FS_DAX */ + int get_user_pages_fast(unsigned long start, int nr_pages, int write, struct page **pages); diff -puN mm/gup.c~mm-introduce-get_user_pages_longterm mm/gup.c --- a/mm/gup.c~mm-introduce-get_user_pages_longterm +++ a/mm/gup.c @@ -1095,6 +1095,70 @@ long get_user_pages(unsigned long start, } EXPORT_SYMBOL(get_user_pages); +#ifdef CONFIG_FS_DAX +/* + * This is the same as get_user_pages() in that it assumes we are + * operating on the current task's mm, but it goes further to validate + * that the vmas associated with the address range are suitable for + * longterm elevated page reference counts. For example, filesystem-dax + * mappings are subject to the lifetime enforced by the filesystem and + * we need guarantees that longterm users like RDMA and V4L2 only + * establish mappings that have a kernel enforced revocation mechanism. + * + * "longterm" == userspace controlled elevated page count lifetime. + * Contrast this to iov_iter_get_pages() usages which are transient. + */ +long get_user_pages_longterm(unsigned long start, unsigned long nr_pages, + unsigned int gup_flags, struct page **pages, + struct vm_area_struct **vmas_arg) +{ + struct vm_area_struct **vmas = vmas_arg; + struct vm_area_struct *vma_prev = NULL; + long rc, i; + + if (!pages) + return -EINVAL; + + if (!vmas) { + vmas = kcalloc(nr_pages, sizeof(struct vm_area_struct *), + GFP_KERNEL); + if (!vmas) + return -ENOMEM; + } + + rc = get_user_pages(start, nr_pages, gup_flags, pages, vmas); + + for (i = 0; i < rc; i++) { + struct vm_area_struct *vma = vmas[i]; + + if (vma == vma_prev) + continue; + + vma_prev = vma; + + if (vma_is_fsdax(vma)) + break; + } + + /* + * Either get_user_pages() failed, or the vma validation + * succeeded, in either case we don't need to put_page() before + * returning. + */ + if (i >= rc) + goto out; + + for (i = 0; i < rc; i++) + put_page(pages[i]); + rc = -EOPNOTSUPP; +out: + if (vmas != vmas_arg) + kfree(vmas); + return rc; +} +EXPORT_SYMBOL(get_user_pages_longterm); +#endif /* CONFIG_FS_DAX */ + /** * populate_vma_page_range() - populate a range of pages in the vma. * @vma: target vma _

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] [patch 11/28] device-dax: implement ->split() to catch invalid munmap attempts

by akpm＠linux-foundation.org

From: Dan Williams <dan.j.williams(a)intel.com> Subject: device-dax: implement ->split() to catch invalid munmap attempts Similar to how device-dax enforces that the 'address', 'offset', and 'len' parameters to mmap() be aligned to the device's fundamental alignment, the same constraints apply to munmap(). Implement ->split() to fail munmap calls that violate the alignment constraint. Otherwise, we later fail VM_BUG_ON checks in the unmap_page_range() path with crash signatures of the form: vma ffff8800b60c8a88 start 00007f88c0000000 end 00007f88c0e00000 next (null) prev (null) mm ffff8800b61150c0 prot 8000000000000027 anon_vma (null) vm_ops ffffffffa0091240 pgoff 0 file ffff8800b638ef80 private_data (null) flags: 0x380000fb(read|write|shared|mayread|maywrite|mayexec|mayshare|softdirty|mixedmap|hugepage) ------------[ cut here ]------------ kernel BUG at mm/huge_memory.c:2014! [..] RIP: 0010:__split_huge_pud+0x12a/0x180 [..] Call Trace: unmap_page_range+0x245/0xa40 ? __vma_adjust+0x301/0x990 unmap_vmas+0x4c/0xa0 unmap_region+0xae/0x120 ? __vma_rb_erase+0x11a/0x230 do_munmap+0x276/0x410 vm_munmap+0x6a/0xa0 SyS_munmap+0x1d/0x30 Link: http://lkml.kernel.org/r/151130418681.4029.7118245855057952010.stgit@dwilli… Fixes: dee410792419 ("/dev/dax, core: file operations and dax-mmap") Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> Reported-by: Jeff Moyer <jmoyer(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/dax/device.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff -puN drivers/dax/device.c~device-dax-implement-split-to-catch-invalid-munmap-attempts drivers/dax/device.c --- a/drivers/dax/device.c~device-dax-implement-split-to-catch-invalid-munmap-attempts +++ a/drivers/dax/device.c @@ -428,9 +428,21 @@ static int dev_dax_fault(struct vm_fault return dev_dax_huge_fault(vmf, PE_SIZE_PTE); } +static int dev_dax_split(struct vm_area_struct *vma, unsigned long addr) +{ + struct file *filp = vma->vm_file; + struct dev_dax *dev_dax = filp->private_data; + struct dax_region *dax_region = dev_dax->region; + + if (!IS_ALIGNED(addr, dax_region->align)) + return -EINVAL; + return 0; +} + static const struct vm_operations_struct dax_vm_ops = { .fault = dev_dax_fault, .huge_fault = dev_dax_huge_fault, + .split = dev_dax_split, }; static int dax_mmap(struct file *filp, struct vm_area_struct *vma) _

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] [patch 10/28] mm, hugetlbfs: introduce ->split() to vm_operations_struct

by akpm＠linux-foundation.org

From: Dan Williams <dan.j.williams(a)intel.com> Subject: mm, hugetlbfs: introduce ->split() to vm_operations_struct Patch series "device-dax: fix unaligned munmap handling" When device-dax is operating in huge-page mode we want it to behave like hugetlbfs and fail attempts to split vmas into unaligned ranges. It would be messy to teach the munmap path about device-dax alignment constraints in the same (hstate) way that hugetlbfs communicates this constraint. Instead, these patches introduce a new ->split() vm operation. This patch (of 2): The device-dax interface has similar constraints as hugetlbfs in that it requires the munmap path to unmap in huge page aligned units. Rather than add more custom vma handling code in __split_vma() introduce a new vm operation to perform this vma specific check. Link: http://lkml.kernel.org/r/151130418135.4029.6783191281930729710.stgit@dwilli… Fixes: dee410792419 ("/dev/dax, core: file operations and dax-mmap") Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> Cc: Jeff Moyer <jmoyer(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/mm.h | 1 + mm/hugetlb.c | 8 ++++++++ mm/mmap.c | 8 +++++--- 3 files changed, 14 insertions(+), 3 deletions(-) diff -puN include/linux/mm.h~mm-hugetlbfs-introduce-split-to-vm_operations_struct include/linux/mm.h --- a/include/linux/mm.h~mm-hugetlbfs-introduce-split-to-vm_operations_struct +++ a/include/linux/mm.h @@ -377,6 +377,7 @@ enum page_entry_size { struct vm_operations_struct { void (*open)(struct vm_area_struct * area); void (*close)(struct vm_area_struct * area); + int (*split)(struct vm_area_struct * area, unsigned long addr); int (*mremap)(struct vm_area_struct * area); int (*fault)(struct vm_fault *vmf); int (*huge_fault)(struct vm_fault *vmf, enum page_entry_size pe_size); diff -puN mm/hugetlb.c~mm-hugetlbfs-introduce-split-to-vm_operations_struct mm/hugetlb.c --- a/mm/hugetlb.c~mm-hugetlbfs-introduce-split-to-vm_operations_struct +++ a/mm/hugetlb.c @@ -3125,6 +3125,13 @@ static void hugetlb_vm_op_close(struct v } } +static int hugetlb_vm_op_split(struct vm_area_struct *vma, unsigned long addr) +{ + if (addr & ~(huge_page_mask(hstate_vma(vma)))) + return -EINVAL; + return 0; +} + /* * We cannot handle pagefaults against hugetlb pages at all. They cause * handle_mm_fault() to try to instantiate regular-sized pages in the @@ -3141,6 +3148,7 @@ const struct vm_operations_struct hugetl .fault = hugetlb_vm_op_fault, .open = hugetlb_vm_op_open, .close = hugetlb_vm_op_close, + .split = hugetlb_vm_op_split, }; static pte_t make_huge_pte(struct vm_area_struct *vma, struct page *page, diff -puN mm/mmap.c~mm-hugetlbfs-introduce-split-to-vm_operations_struct mm/mmap.c --- a/mm/mmap.c~mm-hugetlbfs-introduce-split-to-vm_operations_struct +++ a/mm/mmap.c @@ -2555,9 +2555,11 @@ int __split_vma(struct mm_struct *mm, st struct vm_area_struct *new; int err; - if (is_vm_hugetlb_page(vma) && (addr & - ~(huge_page_mask(hstate_vma(vma))))) - return -EINVAL; + if (vma->vm_ops && vma->vm_ops->split) { + err = vma->vm_ops->split(vma, addr); + if (err) + return err; + } new = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL); if (!new) _

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] [patch 04/28] mm: fix device-dax pud write-faults triggered by get_user_pages()

by akpm＠linux-foundation.org

From: Dan Williams <dan.j.williams(a)intel.com> Subject: mm: fix device-dax pud write-faults triggered by get_user_pages() Currently only get_user_pages_fast() can safely handle the writable gup case due to its use of pud_access_permitted() to check whether the pud entry is writable. In the gup slow path pud_write() is used instead of pud_access_permitted() and to date it has been unimplemented, just calls BUG_ON(). kernel BUG at ./include/linux/hugetlb.h:244! [..] RIP: 0010:follow_devmap_pud+0x482/0x490 [..] Call Trace: follow_page_mask+0x28c/0x6e0 __get_user_pages+0xe4/0x6c0 get_user_pages_unlocked+0x130/0x1b0 get_user_pages_fast+0x89/0xb0 iov_iter_get_pages_alloc+0x114/0x4a0 nfs_direct_read_schedule_iovec+0xd2/0x350 ? nfs_start_io_direct+0x63/0x70 nfs_file_direct_read+0x1e0/0x250 nfs_file_read+0x90/0xc0 For now this just implements a simple check for the _PAGE_RW bit similar to pmd_write. However, this implies that the gup-slow-path check is missing the extra checks that the gup-fast-path performs with pud_access_permitted. Later patches will align all checks to use the 'access_permitted' helper if the architecture provides it. Note that the generic 'access_permitted' helper fallback is the simple _PAGE_RW check on architectures that do not define the 'access_permitted' helper(s). [dan.j.williams(a)intel.com: fix powerpc compile error] Link: http://lkml.kernel.org/r/151129126165.37405.16031785266675461397.stgit@dwil… Link: http://lkml.kernel.org/r/151043109938.2842.14834662818213616199.stgit@dwill… Fixes: a00cc7d9dd93 ("mm, x86: add support for PUD-sized transparent hugepages") Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> Reported-by: Stephen Rothwell <sfr(a)canb.auug.org.au> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> [x86] Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/x86/include/asm/pgtable.h | 6 ++++++ include/asm-generic/pgtable.h | 8 ++++++++ include/linux/hugetlb.h | 8 -------- 3 files changed, 14 insertions(+), 8 deletions(-) diff -puN arch/x86/include/asm/pgtable.h~mm-fix-device-dax-pud-write-faults-triggered-by-get_user_pages arch/x86/include/asm/pgtable.h --- a/arch/x86/include/asm/pgtable.h~mm-fix-device-dax-pud-write-faults-triggered-by-get_user_pages +++ a/arch/x86/include/asm/pgtable.h @@ -1088,6 +1088,12 @@ static inline void pmdp_set_wrprotect(st clear_bit(_PAGE_BIT_RW, (unsigned long *)pmdp); } +#define pud_write pud_write +static inline int pud_write(pud_t pud) +{ + return pud_flags(pud) & _PAGE_RW; +} + /* * clone_pgd_range(pgd_t *dst, pgd_t *src, int count); * diff -puN include/asm-generic/pgtable.h~mm-fix-device-dax-pud-write-faults-triggered-by-get_user_pages include/asm-generic/pgtable.h --- a/include/asm-generic/pgtable.h~mm-fix-device-dax-pud-write-faults-triggered-by-get_user_pages +++ a/include/asm-generic/pgtable.h @@ -814,6 +814,14 @@ static inline int pmd_write(pmd_t pmd) #endif /* __HAVE_ARCH_PMD_WRITE */ #endif /* CONFIG_TRANSPARENT_HUGEPAGE */ +#ifndef pud_write +static inline int pud_write(pud_t pud) +{ + BUG(); + return 0; +} +#endif /* pud_write */ + #if !defined(CONFIG_TRANSPARENT_HUGEPAGE) || \ (defined(CONFIG_TRANSPARENT_HUGEPAGE) && \ !defined(CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD)) diff -puN include/linux/hugetlb.h~mm-fix-device-dax-pud-write-faults-triggered-by-get_user_pages include/linux/hugetlb.h --- a/include/linux/hugetlb.h~mm-fix-device-dax-pud-write-faults-triggered-by-get_user_pages +++ a/include/linux/hugetlb.h @@ -239,14 +239,6 @@ static inline int pgd_write(pgd_t pgd) } #endif -#ifndef pud_write -static inline int pud_write(pud_t pud) -{ - BUG(); - return 0; -} -#endif - #define HUGETLB_ANON_FILE "anon_hugepage" enum { _

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] [patch 03/28] mm/cma: fix alloc_contig_range ret code/potential leak

by akpm＠linux-foundation.org

From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: mm/cma: fix alloc_contig_range ret code/potential leak If the call __alloc_contig_migrate_range() in alloc_contig_range returns -EBUSY, processing continues so that test_pages_isolated() is called where there is a tracepoint to identify the busy pages. However, it is possible for busy pages to become available between the calls to these two routines. In this case, the range of pages may be allocated. Unfortunately, the original return code (ret == -EBUSY) is still set and returned to the caller. Therefore, the caller believes the pages were not allocated and they are leaked. Update comment to indicate that allocation is still possible even if __alloc_contig_migrate_range returns -EBUSY. Also, clear return code in this case so that it is not accidentally used or returned to caller. Link: http://lkml.kernel.org/r/20171122185214.25285-1-mike.kravetz@oracle.com Fixes: 8ef5849fa8a2 ("mm/cma: always check which page caused allocation failure") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: Michal Nazarewicz <mina86(a)mina86.com> Cc: Laura Abbott <labbott(a)redhat.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff -puN mm/page_alloc.c~mm-cma-fix-alloc_contig_range-ret-code-potential-leak-v2 mm/page_alloc.c --- a/mm/page_alloc.c~mm-cma-fix-alloc_contig_range-ret-code-potential-leak-v2 +++ a/mm/page_alloc.c @@ -7652,11 +7652,18 @@ int alloc_contig_range(unsigned long sta /* * In case of -EBUSY, we'd like to know which page causes problem. - * So, just fall through. We will check it in test_pages_isolated(). + * So, just fall through. test_pages_isolated() has a tracepoint + * which will report the busy page. + * + * It is possible that busy pages could become available before + * the call to test_pages_isolated, and the range will actually be + * allocated. So, if we fall through be sure to clear ret so that + * -EBUSY is not accidentally used or returned to caller. */ ret = __alloc_contig_migrate_range(&cc, start, end); if (ret && ret != -EBUSY) goto done; + ret =0; /* * Pages from [start, end) are within a MAX_ORDER_NR_PAGES _

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] [patch 02/28] mm, oom_reaper: gather each vma to prevent leaking TLB entry

by akpm＠linux-foundation.org

From: Wang Nan <wangnan0(a)huawei.com> Subject: mm, oom_reaper: gather each vma to prevent leaking TLB entry tlb_gather_mmu(&tlb, mm, 0, -1) means gathering the whole virtual memory space. In this case, tlb->fullmm is true. Some archs like arm64 doesn't flush TLB when tlb->fullmm is true: commit 5a7862e83000 ("arm64: tlbflush: avoid flushing when fullmm == 1"). Which causes leaking of tlb entries. Will clarifies his patch: : Basically, we tag each address space with an ASID (PCID on x86) which : is resident in the TLB. This means we can elide TLB invalidation when : pulling down a full mm because we won't ever assign that ASID to another mm : without doing TLB invalidation elsewhere (which actually just nukes the : whole TLB). : : I think that means that we could potentially not fault on a kernel uaccess, : because we could hit in the TLB. There could be a window between complete_signal() sending IPI to other cores and all threads sharing this mm are really kicked off from cores. In this window, the oom reaper may calls tlb_flush_mmu_tlbonly() to flush TLB then frees pages. However, due to the above problem, the TLB entries are not really flushed on arm64. Other threads are possible to access these pages through TLB entries. Moreover, a copy_to_user() can also write to these pages without generating page fault, causes use-after-free bugs. This patch gathers each vma instead of gathering full vm space. In this case tlb->fullmm is not true. The behavior of oom reaper become similar to munmapping before do_exit, which should be safe for all archs. Link: http://lkml.kernel.org/r/20171107095453.179940-1-wangnan0@huawei.com Fixes: aac453635549 ("mm, oom: introduce oom reaper") Signed-off-by: Wang Nan <wangnan0(a)huawei.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: David Rientjes <rientjes(a)google.com> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Bob Liu <liubo95(a)huawei.com> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Roman Gushchin <guro(a)fb.com> Cc: Konstantin Khlebnikov <khlebnikov(a)yandex-team.ru> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/oom_kill.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff -puN mm/oom_kill.c~mm-oom_reaper-gather-each-vma-to-prevent-leaking-tlb-entry mm/oom_kill.c --- a/mm/oom_kill.c~mm-oom_reaper-gather-each-vma-to-prevent-leaking-tlb-entry +++ a/mm/oom_kill.c @@ -550,7 +550,6 @@ static bool __oom_reap_task_mm(struct ta */ set_bit(MMF_UNSTABLE, &mm->flags); - tlb_gather_mmu(&tlb, mm, 0, -1); for (vma = mm->mmap ; vma; vma = vma->vm_next) { if (!can_madv_dontneed_vma(vma)) continue; @@ -565,11 +564,13 @@ static bool __oom_reap_task_mm(struct ta * we do not want to block exit_mmap by keeping mm ref * count elevated without a good reason. */ - if (vma_is_anonymous(vma) || !(vma->vm_flags & VM_SHARED)) + if (vma_is_anonymous(vma) || !(vma->vm_flags & VM_SHARED)) { + tlb_gather_mmu(&tlb, mm, vma->vm_start, vma->vm_end); unmap_page_range(&tlb, vma, vma->vm_start, vma->vm_end, NULL); + tlb_finish_mmu(&tlb, vma->vm_start, vma->vm_end); + } } - tlb_finish_mmu(&tlb, 0, -1); pr_info("oom_reaper: reaped process %d (%s), now anon-rss:%lukB, file-rss:%lukB, shmem-rss:%lukB\n", task_pid_nr(tsk), tsk->comm, K(get_mm_counter(mm, MM_ANONPAGES)), _

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] [patch 01/28] mm, memory_hotplug: do not back off draining pcp free pages from kworker context

by akpm＠linux-foundation.org

From: Michal Hocko <mhocko(a)suse.com> Subject: mm, memory_hotplug: do not back off draining pcp free pages from kworker context drain_all_pages backs off when called from a kworker context since 0ccce3b924212 ("mm, page_alloc: drain per-cpu pages from workqueue context") because the original IPI based pcp draining has been replaced by a WQ based one and the check wanted to prevent from recursion and inter workers dependencies. This has made some sense at the time because the system WQ has been used and one worker holding the lock could be blocked while waiting for new workers to emerge which can be a problem under OOM conditions. Since then ce612879ddc7 ("mm: move pcp and lru-pcp draining into single wq") has moved draining to a dedicated (mm_percpu_wq) WQ with a rescuer so we shouldn't depend on any other WQ activity to make a forward progress so calling drain_all_pages from a worker context is safe as long as this doesn't happen from mm_percpu_wq itself which is not the case because all workers are required to _not_ depend on any MM locks. Why is this a problem in the first place? ACPI driven memory hot-remove (acpi_device_hotplug) is executed from the worker context. We end up calling __offline_pages to free all the pages and that requires both lru_add_drain_all_cpuslocked and drain_all_pages to do their job otherwise we can have dangling pages on pcp lists and fail the offline operation (__test_page_isolated_in_pageblock would see a page with 0 ref. count but without PageBuddy set). Fix the issue by removing the worker check in drain_all_pages. lru_add_drain_all_cpuslocked doesn't have this restriction so it works as expected. Link: http://lkml.kernel.org/r/20170828093341.26341-1-mhocko@kernel.org Fixes: 0ccce3b924212 ("mm, page_alloc: drain per-cpu pages from workqueue context") Signed-off-by: Michal Hocko <mhocko(a)suse.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Tejun Heo <tj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [4.11+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 4 ---- 1 file changed, 4 deletions(-) diff -puN mm/page_alloc.c~mm-memory_hotplug-do-not-back-off-draining-pcp-free-pages-from-kworker-context mm/page_alloc.c --- a/mm/page_alloc.c~mm-memory_hotplug-do-not-back-off-draining-pcp-free-pages-from-kworker-context +++ a/mm/page_alloc.c @@ -2507,10 +2507,6 @@ void drain_all_pages(struct zone *zone) if (WARN_ON_ONCE(!mm_percpu_wq)) return; - /* Workqueues cannot recurse */ - if (current->flags & PF_WQ_WORKER) - return; - /* * Do not drain if one is already in progress unless it's specific to * a zone. Such callers are primarily CMA and memory hotplug and need _

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] [PATCH] MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task

by Maciej W. Rozycki

Fix an API loophole introduced with commit 9791554b45a2 ("MIPS,prctl: add PR_[GS]ET_FP_MODE prctl options for MIPS"), where the caller of prctl(2) is incorrectly allowed to make a change to CP0.Status.FR or CP0.Config5.FRE register bits even if CONFIG_MIPS_O32_FP64_SUPPORT has not been enabled, despite that an executable requesting the mode requested via ELF file annotation would not be allowed to run in the first place, or for n64 and n64 ABI tasks which do not have non-default modes defined at all. Add suitable checks to `mips_set_process_fp_mode' and bail out if an invalid mode change has been requested for the ABI in effect, even if the FPU hardware or emulation would otherwise allow it. Always succeed however without taking any further action if the mode requested is the same as one already in effect, regardless of whether any mode change, should it be requested, would actually be allowed for the task concerned. Cc: stable(a)vger.kernel.org # 4.0+ Fixes: 9791554b45a2 ("MIPS,prctl: add PR_[GS]ET_FP_MODE prctl options for MIPS") Signed-off-by: Maciej W. Rozycki <macro(a)mips.com> --- arch/mips/kernel/process.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) linux-mips-prctl-fp-mode-o32-fp64.diff Index: linux-sfr-test/arch/mips/kernel/process.c =================================================================== --- linux-sfr-test.orig/arch/mips/kernel/process.c 2017-11-25 12:40:55.868109000 +0000 +++ linux-sfr-test/arch/mips/kernel/process.c 2017-11-25 12:41:56.411578000 +0000 @@ -705,6 +705,18 @@ int mips_set_process_fp_mode(struct task struct task_struct *t; int max_users; + /* If nothing to change, return right away, successfully. */ + if (value == mips_get_process_fp_mode(task)) + return 0; + + /* Only accept a mode change if 64-bit FP enabled for o32. */ + if (!IS_ENABLED(CONFIG_MIPS_O32_FP64_SUPPORT)) + return -EOPNOTSUPP; + + /* And only for o32 tasks. */ + if (IS_ENABLED(CONFIG_64BIT) && !test_thread_flag(TIF_32BIT_REGS)) + return -EOPNOTSUPP; + /* Check the value is valid */ if (value & ~known_bits) return -EOPNOTSUPP;

7 years, 7 months

2
4
0 0

[Linux-stable-mirror] [PATCH 4.14 000/193] 4.14.3-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.3 release. There are 193 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Nov 30 10:05:26 UTC 2017. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.3-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.3-rc1 Sasha Neftin <sasha.neftin(a)intel.com> e1000e: fix buffer overrun while the I219 is processing DMA transactions Benjamin Poirier <bpoirier(a)suse.com> e1000e: Avoid receiver overrun interrupt bursts Benjamin Poirier <bpoirier(a)suse.com> e1000e: Separate signaling for link check/link up Benjamin Poirier <bpoirier(a)suse.com> e1000e: Fix return value test Benjamin Poirier <bpoirier(a)suse.com> e1000e: Fix error path in link detection Luca Coelho <luciano.coelho(a)intel.com> iwlwifi: mvm: support version 7 of the SCAN_REQ_UMAC FW command Luca Coelho <luciano.coelho(a)intel.com> iwlwifi: fix PCI IDs and configuration mapping for 9000 series Ihab Zhaika <ihab.zhaika(a)intel.com> iwlwifi: add new cards for 8260 series Ihab Zhaika <ihab.zhaika(a)intel.com> iwlwifi: add new cards for 8265 series Ihab Zhaika <ihab.zhaika(a)intel.com> iwlwifi: add new cards for a000 series Luca Coelho <luciano.coelho(a)intel.com> iwlwifi: pcie: sort IDs for the 9000 series for easier comparisons Oren Givon <oren.givon(a)intel.com> iwlwifi: add a new a000 device Oren Givon <oren.givon(a)intel.com> iwlwifi: fix wrong struct for a000 device Neil Armstrong <narmstrong(a)baylibre.com> ARM64: dts: meson-gxl: Add alternate ARM Trusted Firmware reserved memory zone Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: reimplement decoder stop command Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: venc: fix bytesused v4l2_plane field Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: fix wrong size on dma_free Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> media: v4l2-ctrl: Fix flags field on Control events Johan Hovold <johan(a)kernel.org> cx231xx-cards: fix NULL-deref on missing association descriptor Sean Young <sean(a)mess.org> media: rc: nec decoder should not send both repeat and keycode Sean Young <sean(a)mess.org> media: rc: check for integer overflow Michele Baldessari <michele(a)acksyn.org> media: Don't do DMA on stack for firmware upload in the AS102 driver Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s/hash: Allow MAP_FIXED allocations to cross 128TB boundary Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s/hash: Fix fork() with 512TB process address space Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s/hash: Fix 128TB-512TB virtual address boundary case allocation Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s/hash: Fix 512T hint detection to use >= 128T Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s/radix: Fix 128TB-512TB virtual address boundary case allocation Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Fix masking of SRR1 bits on instruction fault Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/signal: Properly handle return value from uprobe_deny_signal() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/perf/imc: Use cpu_to_node() not topology_physical_package_id() Balbir Singh <bsingharora(a)gmail.com> powerpc/mm/radix: Fix crashes on Power9 DD1 with radix MMU and STRICT_RWX Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc: Fix boot on BOOK3S_32 with CONFIG_STRICT_KERNEL_RWX John David Anglin <dave.anglin(a)bell.net> parisc: Fix validity check of pointer size argument in new CAS implementation Brian King <brking(a)linux.vnet.ibm.com> ixgbe: Fix skb list corruption on Power systems Brian King <brking(a)linux.vnet.ibm.com> fm10k: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> i40evf: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> ixgbevf: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> igbvf: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> igb: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> i40e: Use smp_rmb rather than read_barrier_depends Bin Meng <bmeng.cn(a)gmail.com> spi-nor: intel-spi: Fix broken software sequencing codes Johan Hovold <johan(a)kernel.org> NFC: fix device-allocation error return Daniel Jurgens <danielj(a)mellanox.com> IB/core: Only maintain real QPs in the security lists Parav Pandit <parav(a)mellanox.com> IB/core: Avoid crash on pkey enforcement failed in received MADs Bart Van Assche <bart.vanassche(a)wdc.com> IB/srp: Avoid that a cable pull can trigger a kernel crash Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Fix incorrect available receive user context count Parav Pandit <parav(a)mellanox.com> IB/cm: Fix memory corruption in handling CM request Bart Van Assche <bart.vanassche(a)wdc.com> IB/srpt: Do not accept invalid initiator port names Chuck Lever <chuck.lever(a)oracle.com> svcrdma: Preserve CB send buffer across retransmits Dan Williams <dan.j.williams(a)intel.com> libnvdimm, namespace: make 'resource' attribute only readable by root Dan Williams <dan.j.williams(a)intel.com> libnvdimm, region : make 'resource' attribute only readable by root Dan Williams <dan.j.williams(a)intel.com> libnvdimm, namespace: fix label initialization to use valid seq numbers Dan Williams <dan.j.williams(a)intel.com> libnvdimm, pfn: make 'resource' attribute only readable by root Dan Williams <dan.j.williams(a)intel.com> libnvdimm, dimm: clear 'locked' status on successful DIMM enable Johan Hovold <johan(a)kernel.org> clk: ti: dra7-atl-clock: fix child-node lookups Trond Myklebust <trond.myklebust(a)primarydata.com> SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status Mikulas Patocka <mpatocka(a)redhat.com> dax: fix general protection fault in dax_alloc_inode Jeff Moyer <jmoyer(a)redhat.com> dax: fix PMD faults on zero-length files Paolo Bonzini <pbonzini(a)redhat.com> kvm: vmx: Reinstate support for CPUs without virtual NMI Paolo Bonzini <pbonzini(a)redhat.com> KVM: SVM: obey guest PAT Ladi Prosek <lprosek(a)redhat.com> KVM: nVMX: set IDTR and GDTR limits when loading L1 host state Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't call real-mode XICS hypercall handlers if not enabled Vasily Averin <vvs(a)virtuozzo.com> lockd: double unregister of inetaddr notifiers Johan Hovold <johan(a)kernel.org> irqchip/gic-v3: Fix ppi-partitions lookup Marc Zyngier <marc.zyngier(a)arm.com> genirq: Track whether the trigger type has been set Nate Dailey <nate.dailey(a)stratus.com> raid1: prevent freeze_array/wait_all_barriers deadlock Bart Van Assche <bart.vanassche(a)wdc.com> block: Fix a race between blk_cleanup_queue() and timeout handling Andrey Konovalov <andreyknvl(a)google.com> p54: don't unregister leds when they are not initialized Anup Patel <anup.patel(a)broadcom.com> mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush sequence Xiaolei Li <xiaolei.li(a)mediatek.com> mtd: nand: mtk: fix infinite ECC decode IRQ issue Brent Taylor <motobud(a)gmail.com> mtd: nand: Fix writing mtdoops to nand flash. Roger Quadros <rogerq(a)ti.com> mtd: nand: omap2: Fix subpage write Boris Brezillon <boris.brezillon(a)free-electrons.com> mtd: nand: atmel: Actually use the PM ops Boris Brezillon <boris.brezillon(a)free-electrons.com> mtd: nand: Export nand_reset() symbol Boris Brezillon <boris.brezillon(a)free-electrons.com> mtd: Avoid probe failures when mtd->dbg.dfs_dir is invalid Nicholas Bellinger <nab(a)linux-iscsi.org> target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK Nicholas Bellinger <nab(a)linux-iscsi.org> target: Fix quiese during transport_write_pending_qf endless loop Nicholas Bellinger <nab(a)linux-iscsi.org> target: Fix caw_sem leak in transport_generic_request_failure Nicholas Bellinger <nab(a)linux-iscsi.org> target: Fix QUEUE_FULL + SCSI task attribute handling tangwenji <tang.wenji(a)zte.com.cn> target: fix buffer offset in core_scsi3_pri_read_full_status tangwenji <tang.wenji(a)zte.com.cn> target: fix null pointer regression in core_tmr_drain_tmr_list Nicholas Bellinger <nab(a)linux-iscsi.org> iscsi-target: Fix non-immediate TMR reference leak Nicholas Bellinger <nab(a)linux-iscsi.org> iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: Fix oops if nvmet_fc_register_targetport fails Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: Fix FCP hba_wqidx assignment Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: Fix crash receiving ELS while detaching driver Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: fix pci hot plug crash in list_add call Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: fix pci hot plug crash in timer management routines Damien Le Moal <damien.lemoal(a)wdc.com> scsi: sd_zbc: Fix sd_zbc_read_zoned_characteristics() Bart Van Assche <bart.vanassche(a)wdc.com> scsi: qla2xxx: Suppress a kernel complaint in qla_init_base_qpair() Tuomas Tynkkynen <tuomas(a)tuxera.com> net/9p: Switch to wait_event_killable() Tuomas Tynkkynen <tuomas(a)tuxera.com> fs/9p: Compare qid.path in v9fs_test_inode Tuomas Tynkkynen <tuomas(a)tuxera.com> 9p: Fix missing commas in mount options Al Viro <viro(a)zeniv.linux.org.uk> fix a page leak in vhost_scsi_iov_to_sgl() error recovery Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mfd: lpc_ich: Avoton/Rangeley uses SPI_BYT method Maxime Ripard <maxime.ripard(a)free-electrons.com> ASoC: sun8i-codec: Set the BCLK divider Maxime Ripard <maxime.ripard(a)free-electrons.com> ASoC: sun8i-codec: Fix left and right channels inversion Maxime Ripard <maxime.ripard(a)free-electrons.com> ASoC: sun8i-codec: Invert Master / Slave condition Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix ALC700 family no sound issue Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Fix yet remaining issue with vmaster 0dB initialization Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Fix too short HDMI/DP chmap reporting Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix ALC275 no sound issue Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Remove kernel warning at compat ioctl error paths Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add sanity checks in v2 clock parsers Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix potential out-of-bound access at parsing SU Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add sanity checks to FE parser Henrik Eriksson <henrik.eriksson(a)axis.com> ALSA: pcm: update tstamp only if audio_tstamp changed Ross Zwisler <ross.zwisler(a)linux.intel.com> ext4: prevent data corruption with journaling + DAX Ross Zwisler <ross.zwisler(a)linux.intel.com> ext4: prevent data corruption with inline data + DAX Theodore Ts'o <tytso(a)mit.edu> ext4: fix interaction between i_size, fallocate, and delalloc after a crash Rameshwar Prasad Sahu <rsahu(a)apm.com> ata: fixes kernel crash while tracing ata_eh_link_autopsy event Miklos Szeredi <mszeredi(a)redhat.com> fsnotify: fix pinning group in fsnotify_prepare_user_wait() Miklos Szeredi <mszeredi(a)redhat.com> fsnotify: pin both inode and vfsmount mark Miklos Szeredi <mszeredi(a)redhat.com> fsnotify: clean up fsnotify_prepare/finish_user_wait() Shaohua Li <shli(a)fb.com> md/bitmap: revert a patch Loic Poulain <loic.poulain(a)linaro.org> Bluetooth: btqcomsmd: Add support for BD address setup Artur Paszkiewicz <artur.paszkiewicz(a)intel.com> md: don't check MD_SB_CHANGE_CLEAN in md_allow_write NeilBrown <neilb(a)suse.com> md: fix deadlock error in recent patch. Thomas Backlund <tmb(a)mageia.org> iwlwifi: fix firmware names for 9000 and A000 series hw Arnd Bergmann <arnd(a)arndb.de> rtlwifi: fix uninitialized rtlhal->last_suspend_sec time Larry Finger <Larry.Finger(a)lwfinger.net> rtlwifi: rtl8192ee: Fix memory leak when loading firmware Andrew Elble <aweits(a)rit.edu> nfsd: deal with revoked delegations appropriately NeilBrown <neilb(a)suse.com> NFS: revalidate "." etc correctly on "open". Anna Schumaker <Anna.Schumaker(a)Netapp.com> NFS: Avoid RCU usage in tracepoints Chuck Lever <chuck.lever(a)oracle.com> nfs: Fix ugly referral attributes Benjamin Coddington <bcodding(a)redhat.com> NFS: Revert "NFS: Move the flock open mode check into nfs_flock()" Joshua Watt <jpewhacker(a)gmail.com> NFS: Fix typo in nomigration mount option Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: expose some sectors to user in inline data or dentry case Josef Bacik <jbacik(a)fb.com> btrfs: change how we decide to commit transactions during flushing Arnd Bergmann <arnd(a)arndb.de> isofs: fix timestamps beyond 2027 Miklos Szeredi <mszeredi(a)redhat.com> fanotify: fix fsnotify_prepare_user_wait() failure Greg Edwards <gedwards(a)ddn.com> fs: guard_bio_eod() needs to consider partitions Coly Li <colyli(a)suse.de> bcache: check ca->alloc_thread initialized before wake up it Eric Biggers <ebiggers(a)google.com> libceph: don't WARN() if user tries to add invalid key Dan Carpenter <dan.carpenter(a)oracle.com> eCryptfs: use after free in ecryptfs_release_messaging() Eric Biggers <ebiggers(a)google.com> fscrypt: lock mutex before checking for bounce page pool Andreas Rohner <andreas.rohner(a)gmx.net> nilfs2: fix race condition that causes file system corruption NeilBrown <neilb(a)suse.com> autofs: don't fail mount for transient error Vitaly Wool <vitalywool(a)gmail.com> mm/z3fold.c: use kref to prevent page free/compact race Stanislaw Gruszka <sgruszka(a)redhat.com> rt2x00usb: mark device removed when get ENOENT usb error Aleksandar Markovic <aleksandar.markovic(a)mips.com> MIPS: math-emu: Fix final emulation phase for certain instructions Mirko Parthey <mirko.parthey(a)web.de> MIPS: BCM47XX: Fix LED inversion for WRT54GSv1 Maciej W. Rozycki <macro(a)mips.com> MIPS: Fix an n32 core file generation regset support regression Masahiro Yamada <yamada.masahiro(a)socionext.com> MIPS: dts: remove bogus bcm96358nb4ser.dtb from dtb-y entry James Hogan <jhogan(a)kernel.org> MIPS: Fix MIPS64 FP save/restore on 32-bit kernels James Hogan <jhogan(a)kernel.org> MIPS: Fix odd fp register warnings with MIPS64r2 Mike Snitzer <snitzer(a)redhat.com> dm: discard support requires all targets in a table support discards Hou Tao <houtao1(a)huawei.com> dm: fix race between dm_get_from_kobject() and __dm_destroy() John Crispin <john(a)phrozen.org> MIPS: pci: Remove KERN_WARN instance inside the mt7620 driver Steven Rostedt (Red Hat) <rostedt(a)goodmis.org> sched/rt: Simplify the IPI based RT balancing logic Mikulas Patocka <mpatocka(a)redhat.com> dm: allocate struct mapped_device with kvzalloc Vivek Goyal <vgoyal(a)redhat.com> ovl: Put upperdentry if ovl_check_origin() fails Eric Biggers <ebiggers(a)google.com> dm bufio: fix integer overflow when limiting maximum cache size Ming Lei <ming.lei(a)redhat.com> dm mpath: remove annoying message of 'blk_get_request() returned -11' Damien Le Moal <damien.lemoal(a)wdc.com> dm zoned: ignore last smaller runt zone Mikulas Patocka <mpatocka(a)redhat.com> dm crypt: allow unaligned bv_offset Joe Thornber <ejt(a)redhat.com> dm cache: fix race condition in the writeback mode overwrite_bio optimisation Mikulas Patocka <mpatocka(a)redhat.com> dm integrity: allow unaligned bv_offset Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ALSA: hda: Add Raven PCI ID Vadim Lomovtsev <Vadim.Lomovtsev(a)cavium.com> PCI: Apply Cavium ThunderX ACS quirk to more Root Ports Vadim Lomovtsev <Vadim.Lomovtsev(a)cavium.com> PCI: Set Cavium ACS capability quirk flags to assert RR/CR/SV/UF Dexuan Cui <decui(a)microsoft.com> PCI: hv: Use effective affinity mask Bjorn Helgaas <bhelgaas(a)google.com> PCI/ASPM: Use correct capability pointer to program LTR_L1.2_THRESHOLD Bjorn Helgaas <bhelgaas(a)google.com> PCI/ASPM: Account for downstream device's Port Common_Mode_Restore_Time Tobias Jordan <Tobias.Jordan(a)elektrobit.com> PM / OPP: Add missing of_node_put(np) Josef Bacik <jbacik(a)fb.com> nbd: don't start req until after the dead connection logic Josef Bacik <jbacik(a)fb.com> nbd: wait uninterruptible for the dead timeout Simon Guinot <simon.guinot(a)sequanux.org> net: mvneta: fix handling of the Tx descriptor counter Mathias Kresin <dev(a)kresin.me> MIPS: ralink: Fix typo in mt7628 pinmux function Mathias Kresin <dev(a)kresin.me> MIPS: ralink: Fix MT7628 pinmux Ben Hutchings <ben(a)decadent.org.uk> MIPS: cmpxchg64() and HAVE_VIRT_CPU_ACCOUNTING_GEN don't work for 32-bit SMP Dmitry V. Levin <ldv(a)altlinux.org> uapi: fix linux/rxrpc.h userspace compilation errors Dmitry V. Levin <ldv(a)altlinux.org> uapi: fix linux/tls.h userspace compilation error Philip Derrin <philip(a)cog.systems> ARM: 8721/1: mm: dump: check hardware RO bit for LPAE Philip Derrin <philip(a)cog.systems> ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE Catalin Marinas <catalin.marinas(a)arm.com> arm64: Implement arch-specific pte_access_permitted() Andi Kleen <ak(a)linux.intel.com> perf/x86/intel: Hide TSX events when RTM is not supported Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Add missing irqflags tracing to native_load_gs_index() Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Fix entry_SYSCALL_64_after_hwframe() IRQ tracing Masami Hiramatsu <mhiramat(a)kernel.org> x86/decoder: Add new TEST instruction pattern Tom Lendacky <thomas.lendacky(a)amd.com> x86/boot: Fix boot failure when SMP MP-table is based at 0 Eric Biggers <ebiggers(a)google.com> lib/mpi: call cond_resched() from mpi_powm() loop Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> sched: Make resched_cpu() unconditional Johan Hovold <johan(a)kernel.org> serdev: fix registration of second slave Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: schedutil: Reset cached_raw_freq when not in sync with next_freq Lv Zheng <lv.zheng(a)intel.com> ACPI / EC: Fix regression related to triggering source of EC event handling Ville Syrjälä <ville.syrjala(a)linux.intel.com> ACPI / PM: Fix acpi_pm_notifier_lock vs flush_workqueue() deadlock Vasily Gorbik <gor(a)linux.vnet.ibm.com> s390/disassembler: increase show_code buffer size Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/disassembler: add missing end marker for e7 table Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/guarded storage: fix possible memory corruption Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/runtime instrumention: fix possible memory corruption Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/noexec: execute kexec datamover without DAT Heiko Carstens <heiko.carstens(a)de.ibm.com> s390: fix transactional execution control register handling ------------- Diffstat: Makefile | 4 +- arch/arm/mm/dump.c | 4 +- arch/arm/mm/init.c | 4 +- arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 8 + arch/arm64/include/asm/pgtable.h | 14 + arch/mips/Kconfig | 2 +- arch/mips/bcm47xx/leds.c | 2 +- arch/mips/boot/dts/brcm/Makefile | 1 - arch/mips/include/asm/asmmacro.h | 16 +- arch/mips/include/asm/cmpxchg.h | 2 + arch/mips/kernel/ptrace.c | 17 ++ arch/mips/kernel/r4k_fpu.S | 20 +- arch/mips/math-emu/cp1emu.c | 28 +- arch/mips/pci/pci-mt7620.c | 2 +- arch/mips/ralink/mt7620.c | 4 +- arch/parisc/kernel/syscall.S | 6 +- arch/powerpc/kernel/exceptions-64s.S | 2 +- arch/powerpc/kernel/signal.c | 2 +- arch/powerpc/kvm/book3s_hv_builtin.c | 12 + arch/powerpc/lib/code-patching.c | 6 +- arch/powerpc/mm/hugetlbpage-radix.c | 26 +- arch/powerpc/mm/mmap.c | 55 ++-- arch/powerpc/mm/mmu_context_book3s64.c | 8 +- arch/powerpc/mm/pgtable-radix.c | 10 + arch/powerpc/mm/slice.c | 50 ++- arch/powerpc/perf/imc-pmu.c | 12 +- arch/s390/include/asm/switch_to.h | 2 +- arch/s390/kernel/dis.c | 5 +- arch/s390/kernel/early.c | 4 +- arch/s390/kernel/guarded_storage.c | 2 + arch/s390/kernel/machine_kexec.c | 1 + arch/s390/kernel/process.c | 1 + arch/s390/kernel/relocate_kernel.S | 3 - arch/s390/kernel/runtime_instr.c | 4 +- arch/x86/entry/entry_64.S | 14 +- arch/x86/events/intel/core.c | 35 ++- arch/x86/kernel/mpparse.c | 6 +- arch/x86/kvm/svm.c | 7 + arch/x86/kvm/vmx.c | 152 ++++++--- arch/x86/lib/x86-opcode-map.txt | 2 +- block/blk-core.c | 2 + block/blk-timeout.c | 3 - drivers/acpi/device_pm.c | 21 +- drivers/acpi/ec.c | 12 +- drivers/ata/libata-eh.c | 2 +- drivers/base/power/opp/of.c | 1 + drivers/block/nbd.c | 26 +- drivers/bluetooth/btqcomsmd.c | 34 +++ drivers/clk/ti/clk-dra7-atl.c | 3 +- drivers/dax/super.c | 3 + drivers/infiniband/core/cm.c | 11 +- drivers/infiniband/core/mad.c | 3 +- drivers/infiniband/core/security.c | 51 ++-- drivers/infiniband/hw/hfi1/chip.c | 35 ++- drivers/infiniband/hw/hfi1/hfi.h | 2 + drivers/infiniband/hw/hfi1/sysfs.c | 2 +- drivers/infiniband/hw/hfi1/vnic_main.c | 7 +- drivers/infiniband/ulp/srp/ib_srp.c | 25 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 9 +- drivers/irqchip/irq-gic-v3.c | 9 +- drivers/mailbox/bcm-flexrm-mailbox.c | 22 +- drivers/md/bcache/alloc.c | 3 +- drivers/md/bitmap.c | 4 +- drivers/md/dm-bufio.c | 15 +- drivers/md/dm-cache-target.c | 86 ++++-- drivers/md/dm-core.h | 3 +- drivers/md/dm-crypt.c | 4 +- drivers/md/dm-integrity.c | 2 +- drivers/md/dm-mpath.c | 2 - drivers/md/dm-table.c | 33 +- drivers/md/dm-zoned-target.c | 13 +- drivers/md/dm.c | 18 +- drivers/md/md.c | 4 +- drivers/md/raid1.c | 24 +- drivers/media/platform/qcom/venus/core.h | 2 - drivers/media/platform/qcom/venus/helpers.c | 7 - drivers/media/platform/qcom/venus/hfi.c | 1 + drivers/media/platform/qcom/venus/hfi_venus.c | 12 +- drivers/media/platform/qcom/venus/vdec.c | 34 ++- drivers/media/platform/qcom/venus/venc.c | 7 +- drivers/media/rc/ir-lirc-codec.c | 9 +- drivers/media/rc/ir-nec-decoder.c | 29 +- drivers/media/usb/as102/as102_fw.c | 28 +- drivers/media/usb/cx231xx/cx231xx-cards.c | 2 +- drivers/media/v4l2-core/v4l2-ctrls.c | 16 +- drivers/mfd/lpc_ich.c | 1 + drivers/mtd/devices/docg3.c | 7 +- drivers/mtd/nand/atmel/nand-controller.c | 1 + drivers/mtd/nand/mtk_ecc.c | 13 +- drivers/mtd/nand/nand_base.c | 10 +- drivers/mtd/nand/nandsim.c | 13 +- drivers/mtd/nand/omap2.c | 339 ++++++++++++++------- drivers/mtd/spi-nor/intel-spi.c | 4 +- drivers/net/ethernet/intel/e1000e/defines.h | 1 + drivers/net/ethernet/intel/e1000e/mac.c | 11 +- drivers/net/ethernet/intel/e1000e/netdev.c | 45 ++- drivers/net/ethernet/intel/e1000e/phy.c | 7 +- drivers/net/ethernet/intel/fm10k/fm10k_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 2 +- drivers/net/ethernet/intel/i40evf/i40e_txrx.c | 2 +- drivers/net/ethernet/intel/igb/igb_main.c | 2 +- drivers/net/ethernet/intel/igbvf/netdev.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 2 +- drivers/net/ethernet/marvell/mvneta.c | 13 +- drivers/net/wireless/intel/iwlwifi/cfg/9000.c | 73 ++++- drivers/net/wireless/intel/iwlwifi/cfg/a000.c | 10 +- drivers/net/wireless/intel/iwlwifi/fw/api/scan.h | 59 +++- drivers/net/wireless/intel/iwlwifi/fw/file.h | 1 + drivers/net/wireless/intel/iwlwifi/iwl-config.h | 5 + drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 6 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 86 ++++-- drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 183 ++++++++--- drivers/net/wireless/intersil/p54/main.c | 7 +- drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8192ee/fw.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8821ae/hw.c | 1 + drivers/nvdimm/dimm.c | 1 + drivers/nvdimm/dimm_devs.c | 7 + drivers/nvdimm/label.c | 2 +- drivers/nvdimm/namespace_devs.c | 2 +- drivers/nvdimm/nd.h | 1 + drivers/nvdimm/pfn_devs.c | 8 + drivers/nvdimm/region_devs.c | 8 +- drivers/pci/host/pci-hyperv.c | 8 +- drivers/pci/pcie/aspm.c | 4 +- drivers/pci/quirks.c | 27 +- drivers/scsi/lpfc/lpfc_attr.c | 6 +- drivers/scsi/lpfc/lpfc_bsg.c | 4 +- drivers/scsi/lpfc/lpfc_els.c | 7 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_init.c | 15 +- drivers/scsi/lpfc/lpfc_nportdisc.c | 2 +- drivers/scsi/lpfc/lpfc_nvmet.c | 15 +- drivers/scsi/lpfc/lpfc_sli.c | 34 ++- drivers/scsi/qla2xxx/qla_os.c | 2 +- drivers/scsi/sd_zbc.c | 6 +- drivers/target/iscsi/iscsi_target.c | 30 +- drivers/target/target_core_pr.c | 1 + drivers/target/target_core_tmr.c | 12 +- drivers/target/target_core_transport.c | 26 +- drivers/tty/serdev/core.c | 19 +- drivers/vhost/scsi.c | 5 +- fs/9p/vfs_inode.c | 3 + fs/9p/vfs_inode_dotl.c | 3 + fs/autofs4/waitq.c | 15 +- fs/btrfs/extent-tree.c | 42 ++- fs/buffer.c | 10 +- fs/crypto/crypto.c | 7 +- fs/dax.c | 6 +- fs/ecryptfs/messaging.c | 7 +- fs/ext4/extents.c | 6 +- fs/ext4/inline.c | 10 - fs/ext4/inode.c | 5 - fs/ext4/ioctl.c | 16 +- fs/ext4/super.c | 5 + fs/f2fs/file.c | 6 + fs/isofs/isofs.h | 2 +- fs/isofs/rock.h | 2 +- fs/isofs/util.c | 2 +- fs/lockd/svc.c | 20 +- fs/nfs/dir.c | 4 +- fs/nfs/file.c | 18 +- fs/nfs/nfs4proc.c | 32 +- fs/nfs/nfs4trace.h | 24 +- fs/nfs/super.c | 2 +- fs/nfsd/nfs4state.c | 25 +- fs/nilfs2/segment.c | 6 +- fs/notify/fanotify/fanotify.c | 33 +- fs/notify/fsnotify.c | 10 +- fs/notify/mark.c | 107 ++++--- fs/overlayfs/namei.c | 2 +- include/linux/genhd.h | 1 + include/linux/irq.h | 11 +- include/net/tls.h | 4 + include/sound/control.h | 4 +- include/target/target_core_base.h | 1 + include/trace/events/sunrpc.h | 17 +- include/uapi/linux/rxrpc.h | 10 +- include/uapi/linux/tls.h | 4 - kernel/irq/manage.c | 13 +- kernel/sched/core.c | 3 +- kernel/sched/cpufreq_schedutil.c | 6 +- kernel/sched/rt.c | 316 +++++++------------ kernel/sched/sched.h | 24 +- kernel/sched/topology.c | 6 + lib/mpi/mpi-pow.c | 2 + mm/z3fold.c | 10 +- net/9p/client.c | 5 +- net/9p/trans_fd.c | 6 +- net/9p/trans_virtio.c | 13 +- net/9p/trans_xen.c | 4 +- net/ceph/crypto.c | 4 +- net/nfc/core.c | 2 +- net/sunrpc/xprtrdma/svc_rdma_backchannel.c | 6 +- sound/core/pcm_lib.c | 6 +- sound/core/timer_compat.c | 12 +- sound/core/vmaster.c | 6 +- sound/hda/hdmi_chmap.c | 2 +- sound/pci/hda/hda_codec.c | 10 +- sound/pci/hda/hda_intel.c | 3 + sound/pci/hda/patch_realtek.c | 5 +- sound/soc/sunxi/sun8i-codec.c | 61 +++- sound/usb/clock.c | 9 +- sound/usb/mixer.c | 15 +- 206 files changed, 2165 insertions(+), 1243 deletions(-)

7 years, 7 months

6
195
0 0

[Linux-stable-mirror] [PATCH AUTOSEL for 4.4 01/32] vti6: Don't report path MTU below IPV6_MIN_MTU.

by alexander.levin＠verizon.com

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit e3dc847a5f85b43ee2bfc8eae407a7e383483228 ] In vti6_xmit(), the check for IPV6_MIN_MTU before we send a ICMPV6_PKT_TOOBIG message is missing. So we might report a PMTU below 1280. Fix this by adding the required check. Fixes: ccd740cbc6e ("vti6: Add pmtu handling to vti6_xmit.") Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> --- net/ipv6/ip6_vti.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c index 7ebb14def2cb..24140e85067c 100644 --- a/net/ipv6/ip6_vti.c +++ b/net/ipv6/ip6_vti.c @@ -474,11 +474,15 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl) if (!skb->ignore_df && skb->len > mtu) { skb_dst(skb)->ops->update_pmtu(dst, NULL, skb, mtu); - if (skb->protocol == htons(ETH_P_IPV6)) + if (skb->protocol == htons(ETH_P_IPV6)) { + if (mtu < IPV6_MIN_MTU) + mtu = IPV6_MIN_MTU; + icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); - else + } else { icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu)); + } return -EMSGSIZE; } -- 2.11.0

7 years, 7 months

1
31
0 0

[Linux-stable-mirror] [PATCH v2 1/3] drm/i915: Fix vblank timestamp/frame counter jumps on gen2

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Previously I was under the impression that the scanline counter reads 0 when the pipe is off. Turns out that's not correct, and instead the scanline counter simply stops when the pipe stops, and it retains it's last value until the pipe starts up again, at which point the scanline counter jumps to vblank start. These jumps can cause the timestamp to jump backwards by one frame. Since we use the timestamps to guesstimage also the frame counter value on gen2, that would cause the frame counter to also jump backwards, which leads to a massice difference from the previous value. The end result is that flips/vblank events don't appear to complete as they're stuck waiting for the frame counter to catch up to that massive difference. Fix the problem properly by actually making sure the scanline counter has started to move before we assume that it's safe to enable vblank processing. v2: Less pointless duplication in the code (Chris) Cc: stable(a)vger.kernel.org Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Reviewed-by: Chris Wilson <chris(a)chris-wilson.co.uk> #v1 Fixes: b7792d8b54cc ("drm/i915: Wait for pipe to start before sampling vblank timestamps on gen2") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/intel_display.c | 51 +++++++++++++++++++++++++----------- 1 file changed, 35 insertions(+), 16 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c index f7dc7b7fed80..7280dd699316 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -998,7 +998,8 @@ enum transcoder intel_pipe_to_cpu_transcoder(struct drm_i915_private *dev_priv, return crtc->config->cpu_transcoder; } -static bool pipe_dsl_stopped(struct drm_i915_private *dev_priv, enum pipe pipe) +static bool pipe_scanline_is_moving(struct drm_i915_private *dev_priv, + enum pipe pipe) { i915_reg_t reg = PIPEDSL(pipe); u32 line1, line2; @@ -1013,7 +1014,28 @@ static bool pipe_dsl_stopped(struct drm_i915_private *dev_priv, enum pipe pipe) msleep(5); line2 = I915_READ(reg) & line_mask; - return line1 == line2; + return line1 != line2; +} + +static void wait_for_pipe_scanline_moving(struct intel_crtc *crtc, bool state) +{ + struct drm_i915_private *dev_priv = to_i915(crtc->base.dev); + enum pipe pipe = crtc->pipe; + + /* Wait for the display line to settle/start moving */ + if (wait_for(pipe_scanline_is_moving(dev_priv, pipe) == state, 100)) + DRM_ERROR("pipe %c scanline %s wait timed out\n", + pipe_name(pipe), onoff(state)); +} + +static void intel_wait_for_pipe_scanline_stopped(struct intel_crtc *crtc) +{ + wait_for_pipe_scanline_moving(crtc, false); +} + +static void intel_wait_for_pipe_scanline_moving(struct intel_crtc *crtc) +{ + wait_for_pipe_scanline_moving(crtc, true); } /* @@ -1036,7 +1058,6 @@ static void intel_wait_for_pipe_off(struct intel_crtc *crtc) { struct drm_i915_private *dev_priv = to_i915(crtc->base.dev); enum transcoder cpu_transcoder = crtc->config->cpu_transcoder; - enum pipe pipe = crtc->pipe; if (INTEL_GEN(dev_priv) >= 4) { i915_reg_t reg = PIPECONF(cpu_transcoder); @@ -1047,9 +1068,7 @@ static void intel_wait_for_pipe_off(struct intel_crtc *crtc) 100)) WARN(1, "pipe_off wait timed out\n"); } else { - /* Wait for the display line to settle */ - if (wait_for(pipe_dsl_stopped(dev_priv, pipe), 100)) - WARN(1, "pipe_off wait timed out\n"); + intel_wait_for_pipe_scanline_stopped(crtc); } } @@ -1862,15 +1881,14 @@ static void intel_enable_pipe(struct intel_crtc *crtc) POSTING_READ(reg); /* - * Until the pipe starts DSL will read as 0, which would cause - * an apparent vblank timestamp jump, which messes up also the - * frame count when it's derived from the timestamps. So let's - * wait for the pipe to start properly before we call - * drm_crtc_vblank_on() + * Until the pipe starts PIPEDSL reads will return a stale value, + * which causes an apparent vblank timestamp jump when PIPEDSL + * resets to its proper value. That also messes up the frame count + * when it's derived from the timestamps. So let's wait for the + * pipe to start properly before we call drm_crtc_vblank_on() */ - if (dev->max_vblank_count == 0 && - wait_for(intel_get_crtc_scanline(crtc) != crtc->scanline_offset, 50)) - DRM_ERROR("pipe %c didn't start\n", pipe_name(pipe)); + if (dev->max_vblank_count == 0) + intel_wait_for_pipe_scanline_moving(crtc); } /** @@ -14728,6 +14746,8 @@ void i830_enable_pipe(struct drm_i915_private *dev_priv, enum pipe pipe) void i830_disable_pipe(struct drm_i915_private *dev_priv, enum pipe pipe) { + struct intel_crtc *crtc = intel_get_crtc_for_pipe(dev_priv, pipe); + DRM_DEBUG_KMS("disabling pipe %c due to force quirk\n", pipe_name(pipe)); @@ -14737,8 +14757,7 @@ void i830_disable_pipe(struct drm_i915_private *dev_priv, enum pipe pipe) I915_WRITE(PIPECONF(pipe), 0); POSTING_READ(PIPECONF(pipe)); - if (wait_for(pipe_dsl_stopped(dev_priv, pipe), 100)) - DRM_ERROR("pipe %c off wait timed out\n", pipe_name(pipe)); + intel_wait_for_pipe_scanline_stopped(crtc); I915_WRITE(DPLL(pipe), DPLL_VGA_MODE_DIS); POSTING_READ(DPLL(pipe)); -- 2.13.6

7 years, 7 months

2
1
0 0

Re: [Linux-stable-mirror] [Lkft-triage] [PATCH 4.9 000/138] 4.9.66-stable review

by Greg Kroah-Hartman

On Wed, Nov 29, 2017 at 10:07:02AM +0000, Mark Brown wrote: > On Wed, Nov 29, 2017 at 09:07:45AM +0100, Greg Kroah-Hartman wrote: > > On Tue, Nov 28, 2017 at 11:07:01PM +0530, Naresh Kamboju wrote: > > > > Results from Linaro’s test farm. > > > No regressions on arm64, arm and x86_64. > > > Thanks for testing. > > > What is up with the odd email subject prefix? > > There's another internal list for looking at LKFT been set up and > they've set it up as a mailman list adding subject prefixes :( That's a pretty horrid thing to spam the public with :( I'm going to drop the linaro.org address from my -rc announcements now until someone learns how to properly sort their mailing lists by mail headers, and not email subjects... greg k-h

7 years, 7 months

2
1
0 0

[Linux-stable-mirror] [PATCH] drm/fb_helper: Disable all crtc's when initial setup fails.

by Maarten Lankhorst

Some drivers like i915 start with crtc's enabled, but with deferred fbcon setup they were no longer disabled as part of fbdev setup. Headless units could no longer enter pc3 state because the crtc was still enabled. Fix this by calling restore_fbdev_mode when we would have called it otherwise once during initial fbdev setup. Signed-off-by: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Fixes: ca91a2758fce ("drm/fb-helper: Support deferred setup") Cc: <stable(a)vger.kernel.org> # v4.14+ Reported-by: Thomas Voegtle <tv(a)lio96.de> --- drivers/gpu/drm/drm_fb_helper.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c index 07374008f146..e56166334455 100644 --- a/drivers/gpu/drm/drm_fb_helper.c +++ b/drivers/gpu/drm/drm_fb_helper.c @@ -1809,6 +1809,10 @@ static int drm_fb_helper_single_fb_probe(struct drm_fb_helper *fb_helper, if (crtc_count == 0 || sizes.fb_width == -1 || sizes.fb_height == -1) { DRM_INFO("Cannot find any crtc or sizes\n"); + + /* First time: disable all crtc's.. */ + if (!fb_helper->deferred_setup && !READ_ONCE(fb_helper->dev->master)) + restore_fbdev_mode(fb_helper); return -EAGAIN; } -- 2.15.0

7 years, 7 months

3
3
0 0

Re: [Linux-stable-mirror] [PATCH] virtio: release virtio index when fail to device_register

by Michael S. Tsirkin

On Wed, Nov 29, 2017 at 09:23:01AM +0800, weiping zhang wrote: > index can be reused by other virtio device. > > Signed-off-by: weiping zhang <zhangweiping(a)didichuxing.com> Thanks! I've queued this up, this is needed on stable as well. > --- > drivers/virtio/virtio.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c > index 48230a5..bf7ff39 100644 > --- a/drivers/virtio/virtio.c > +++ b/drivers/virtio/virtio.c > @@ -333,6 +333,8 @@ int register_virtio_device(struct virtio_device *dev) > /* device_register() causes the bus infrastructure to look for a > * matching driver. */ > err = device_register(&dev->dev); > + if (err) > + ida_simple_remove(&virtio_index_ida, dev->index); > out: > if (err) > virtio_add_status(dev, VIRTIO_CONFIG_S_FAILED); > -- > 2.9.4

7 years, 7 months

1
0
0 0

[Linux-stable-mirror] [PATCH rdma-rc v3] IB/core: Only enforce security for InfiniBand

by Dan Jurgens

From: Daniel Jurgens <danielj(a)mellanox.com> For now the only LSM security enforcement mechanism available is specific to InfiniBand. Bypass enforcement for non-IB link types. This fixes a regression where modify_qp fails for iWARP because querying the PKEY returns -EINVAL. Cc: Paul Moore <paul(a)paul-moore.com> Cc: Don Dutile <ddutile(a)redhat.com> Cc: stable(a)vger.kernel.org Reported-by: Potnuri Bharat Teja <bharat(a)chelsio.com> Fixes: d291f1a65232("IB/core: Enforce PKey security on QPs") Fixes: 47a2b338fe63("IB/core: Enforce security on management datagrams") Signed-off-by: Daniel Jurgens <danielj(a)mellanox.com> Reviewed-by: Parav Pandit <parav(a)mellanox.com> Tested-by: Potnuri Bharat Teja <bharat(a)chelsio.com> Signed-off-by: Leon Romanovsky <leon(a)kernel.org> --- Changelog: v2->v3: Fix build warning v1->v2: Fixed build errors v0->v1: Added proper SElinux patch --- drivers/infiniband/core/security.c | 47 +++++++++++++++++++++++++++++++++++--- 1 file changed, 44 insertions(+), 3 deletions(-) diff --git a/drivers/infiniband/core/security.c b/drivers/infiniband/core/security.c index 209d057..5bc323f 100644 --- a/drivers/infiniband/core/security.c +++ b/drivers/infiniband/core/security.c @@ -417,8 +417,17 @@ void ib_close_shared_qp_security(struct ib_qp_security *sec) int ib_create_qp_security(struct ib_qp *qp, struct ib_device *dev) { + u8 i = rdma_start_port(dev); + bool is_ib = false; int ret; + while (i <= rdma_end_port(dev) && !is_ib) + is_ib = rdma_protocol_ib(dev, i++); + + /* If this isn't an IB device don't create the security context */ + if (!is_ib) + return 0; + qp->qp_sec = kzalloc(sizeof(*qp->qp_sec), GFP_KERNEL); if (!qp->qp_sec) return -ENOMEM; @@ -441,6 +450,10 @@ int ib_create_qp_security(struct ib_qp *qp, struct ib_device *dev) void ib_destroy_qp_security_begin(struct ib_qp_security *sec) { + /* Return if not IB */ + if (!sec) + return; + mutex_lock(&sec->mutex); /* Remove the QP from the lists so it won't get added to @@ -470,6 +483,10 @@ void ib_destroy_qp_security_abort(struct ib_qp_security *sec) int ret; int i; + /* Return if not IB */ + if (!sec) + return; + /* If a concurrent cache update is in progress this * QP security could be marked for an error state * transition. Wait for this to complete. @@ -505,6 +522,10 @@ void ib_destroy_qp_security_end(struct ib_qp_security *sec) { int i; + /* Return if not IB */ + if (!sec) + return; + /* If a concurrent cache update is occurring we must * wait until this QP security structure is processed * in the QP to error flow before destroying it because @@ -557,7 +578,7 @@ int ib_security_modify_qp(struct ib_qp *qp, { int ret = 0; struct ib_ports_pkeys *tmp_pps; - struct ib_ports_pkeys *new_pps; + struct ib_ports_pkeys *new_pps = NULL; struct ib_qp *real_qp = qp->real_qp; bool special_qp = (real_qp->qp_type == IB_QPT_SMI || real_qp->qp_type == IB_QPT_GSI || @@ -565,17 +586,25 @@ int ib_security_modify_qp(struct ib_qp *qp, bool pps_change = ((qp_attr_mask & (IB_QP_PKEY_INDEX | IB_QP_PORT)) || (qp_attr_mask & IB_QP_ALT_PATH)); + WARN_ONCE((qp_attr_mask & IB_QP_PORT && + rdma_protocol_ib(real_qp->device, qp_attr->port_num) && + !real_qp->qp_sec), + "%s: QP security is not initialized for IB QP: %d\n", + __func__, real_qp->qp_num); + /* The port/pkey settings are maintained only for the real QP. Open * handles on the real QP will be in the shared_qp_list. When * enforcing security on the real QP all the shared QPs will be * checked as well. */ - if (pps_change && !special_qp) { + if (pps_change && !special_qp && real_qp->qp_sec) { mutex_lock(&real_qp->qp_sec->mutex); new_pps = get_new_pps(real_qp, qp_attr, qp_attr_mask); + if (!new_pps) + return -ENOMEM; /* Add this QP to the lists for the new port * and pkey settings before checking for permission @@ -600,7 +629,7 @@ int ib_security_modify_qp(struct ib_qp *qp, qp_attr_mask, udata); - if (pps_change && !special_qp) { + if (new_pps) { /* Clean up the lists and free the appropriate * ports_pkeys structure. */ @@ -630,6 +659,9 @@ static int ib_security_pkey_access(struct ib_device *dev, u16 pkey; int ret; + if (!rdma_protocol_ib(dev, port_num)) + return 0; + ret = ib_get_cached_pkey(dev, port_num, pkey_index, &pkey); if (ret) return ret; @@ -663,6 +695,9 @@ int ib_mad_agent_security_setup(struct ib_mad_agent *agent, { int ret; + if (!rdma_protocol_ib(agent->device, agent->port_num)) + return 0; + ret = security_ib_alloc_security(&agent->security); if (ret) return ret; @@ -688,6 +723,9 @@ int ib_mad_agent_security_setup(struct ib_mad_agent *agent, void ib_mad_agent_security_cleanup(struct ib_mad_agent *agent) { + if (!rdma_protocol_ib(agent->device, agent->port_num)) + return; + security_ib_free_security(agent->security); if (agent->lsm_nb_reg) unregister_lsm_notifier(&agent->lsm_nb); @@ -695,6 +733,9 @@ void ib_mad_agent_security_cleanup(struct ib_mad_agent *agent) int ib_mad_enforce_security(struct ib_mad_agent_private *map, u16 pkey_index) { + if (!rdma_protocol_ib(map->agent.device, map->agent.port_num)) + return 0; + if (map->agent.qp->qp_type == IB_QPT_SMI && !map->agent.smp_allowed) return -EACCES; -- 1.8.3.1

7 years, 7 months

3
2
0 0

[Linux-stable-mirror] [PATCH] pinctrl: armada-37xx: Fix direction_output() callback behavior

by Gregory CLEMENT

The direction_output callback of the gpio_chip structure is supposed to set the output direction but also to set the value of the gpio. For the armada-37xx driver this callback acted as the gpio_set_direction callback for the pinctrl. This patch fixes the behavior of the direction_output callback by also applying the value received as parameter. Cc: stable(a)vger.kernel.org Fixes: 5715092a458c ("pinctrl: armada-37xx: Add gpio support") Reported-by: Alexandre Belloni <alexandre.belloni(a)free-electrons.com> Signed-off-by: Gregory CLEMENT <gregory.clement(a)free-electrons.com> --- drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/drivers/pinctrl/mvebu/pinctrl-armada-37xx.c b/drivers/pinctrl/mvebu/pinctrl-armada-37xx.c index 71b944748304..c5fe7d4a9065 100644 --- a/drivers/pinctrl/mvebu/pinctrl-armada-37xx.c +++ b/drivers/pinctrl/mvebu/pinctrl-armada-37xx.c @@ -408,12 +408,21 @@ static int armada_37xx_gpio_direction_output(struct gpio_chip *chip, { struct armada_37xx_pinctrl *info = gpiochip_get_data(chip); unsigned int reg = OUTPUT_EN; - unsigned int mask; + unsigned int mask, val, ret; armada_37xx_update_reg(&reg, offset); mask = BIT(offset); - return regmap_update_bits(info->regmap, reg, mask, mask); + ret = regmap_update_bits(info->regmap, reg, mask, mask); + + if (ret) + return ret; + + reg = OUTPUT_VAL; + val = value ? mask : 0; + regmap_update_bits(info->regmap, reg, mask, val); + + return 0; } static int armada_37xx_gpio_get(struct gpio_chip *chip, unsigned int offset) -- 2.14.2

7 years, 7 months

2
1
0 0

[Linux-stable-mirror] [PATCH v2 3/4] backlight: tps65217_bl: fix device-tree node lookup

by Johan Hovold

Fix child-node lookup during probe, which ended up searching the whole device tree depth-first starting at the parent rather than just matching on its children. This would only cause trouble if the child node is missing while there is an unrelated node named "backlight" elsewhere in the tree. Fixes: eebfdc17cc6c ("backlight: Add TPS65217 WLED driver") Cc: stable <stable(a)vger.kernel.org> # 3.7 Cc: Matthias Kaehlcke <matthias(a)kaehlcke.net> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/video/backlight/tps65217_bl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/video/backlight/tps65217_bl.c b/drivers/video/backlight/tps65217_bl.c index 380917c86276..762e3feed097 100644 --- a/drivers/video/backlight/tps65217_bl.c +++ b/drivers/video/backlight/tps65217_bl.c @@ -184,11 +184,11 @@ static struct tps65217_bl_pdata * tps65217_bl_parse_dt(struct platform_device *pdev) { struct tps65217 *tps = dev_get_drvdata(pdev->dev.parent); - struct device_node *node = of_node_get(tps->dev->of_node); + struct device_node *node; struct tps65217_bl_pdata *pdata, *err; u32 val; - node = of_find_node_by_name(node, "backlight"); + node = of_get_child_by_name(tps->dev->of_node, "backlight"); if (!node) return ERR_PTR(-ENODEV); -- 2.15.0

7 years, 7 months

3
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror