- Linux-stable-mirror - lists.linaro.org

by Greg KH

I'm announcing the release of the 4.4.149 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/Changes | 17 - Makefile | 5 arch/arm64/mm/mmu.c | 4 arch/x86/mm/pgtable.c | 61 +++ crypto/ablkcipher.c | 57 +-- crypto/blkcipher.c | 54 +-- crypto/vmac.c | 412 ++++++++++++--------------- drivers/i2c/busses/i2c-ismt.c | 2 include/asm-generic/pgtable.h | 8 include/crypto/vmac.h | 63 ---- lib/ioremap.c | 4 net/bluetooth/hidp/core.c | 4 net/ipv4/tcp_input.c | 1 scripts/Makefile.kasan | 3 scripts/Makefile.lib | 2 scripts/depmod.sh | 8 sound/soc/intel/boards/cht_bsw_max98090_ti.c | 45 ++ 17 files changed, 353 insertions(+), 397 deletions(-) Andrey Konovalov (1): kasan: don't emit builtin calls when sanitization is off Chintan Pandya (1): ioremap: Update pgtable free interfaces with addr Eric Biggers (4): crypto: vmac - require a block cipher with 128-bit block size crypto: vmac - separate tfm and request context crypto: blkcipher - fix crash flushing dcache in error path crypto: ablkcipher - fix crash flushing dcache in error path Greg Kroah-Hartman (1): Linux 4.4.149 Liwei Song (1): i2c: ismt: fix wrong device address when unmap the data buffer Mark Salyzyn (1): Bluetooth: hidp: buffer overflow in hidp_process_report Randy Dunlap (1): kbuild: verify that $DEPMOD is installed Takashi Iwai (1): tcp: Fix missing range_truesize enlargement in the backport Thierry Escande (1): ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization Toshi Kani (2): x86/mm: Disable ioremap free page handling on x86-PAE x86/mm: Add TLB purge to free pmd/pte page interfaces

7 years, 1 month

1
1
0 0

Linux 3.18.119

by Greg KH

I'm announcing the release of the 3.18.119 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/Changes | 17 - Makefile | 2 arch/arm/boot/dts/imx6sx.dtsi | 2 arch/x86/kernel/kprobes/core.c | 4 crypto/ablkcipher.c | 57 ++--- crypto/blkcipher.c | 54 ++--- crypto/vmac.c | 412 ++++++++++++++++++----------------------- drivers/i2c/busses/i2c-ismt.c | 2 drivers/net/xen-netfront.c | 8 fs/dcache.c | 6 fs/namespace.c | 28 ++ include/crypto/vmac.h | 63 ------ mm/slub.c | 6 net/bluetooth/hidp/core.c | 4 scripts/depmod.sh | 8 sound/core/info.c | 4 16 files changed, 296 insertions(+), 381 deletions(-) Al Viro (3): root dentries need RCU-delayed freeing fix mntput/mntput race fix __legitimize_mnt()/mntput() race Andrey Ryabinin (1): mm: slub: fix format mismatches in slab_err() callers Eric Biggers (4): crypto: vmac - require a block cipher with 128-bit block size crypto: vmac - separate tfm and request context crypto: blkcipher - fix crash flushing dcache in error path crypto: ablkcipher - fix crash flushing dcache in error path Erick Reyes (1): ALSA: info: Check for integer overflow in snd_info_entry_write() Greg Kroah-Hartman (1): Linux 3.18.119 Juergen Gross (1): xen/netfront: don't cache skb_shinfo() Liwei Song (1): i2c: ismt: fix wrong device address when unmap the data buffer Mark Salyzyn (1): Bluetooth: hidp: buffer overflow in hidp_process_report Masami Hiramatsu (1): kprobes/x86: Fix %p uses in error messages Oleksij Rempel (1): ARM: dts: imx6sx: fix irq for pcie bridge Randy Dunlap (1): kbuild: verify that $DEPMOD is installed

7 years, 1 month

1
1
0 0

v3.18.119 build: 0 failures 1 warnings (v3.18.119)

by Build bot for Mark Brown

Tree/Branch: v3.18.119 Git describe: v3.18.119 Commit: 18e6ee0440 Linux 3.18.119 Build Time: 0 min 2 sec Passed: 7 / 7 (100.00 %) Failed: 0 / 7 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 7 warnings 0 mismatches : x86_64-allmodconfig 2 warnings 0 mismatches : x86_64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 1 9 ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 7 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- x86_64-defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig arm-multi_v7_defconfig arm-allmodconfig arm-allnoconfig arm-multi_v5_defconfig

7 years, 1 month

1
0
0 0

[PATCH stable 4.18] bpf, arm32: fix stack var offset in jit

by Daniel Borkmann

Commit 38ca93060163 ("bpf, arm32: save 4 bytes of unneeded stack space") messed up STACK_VAR() by 4 bytes presuming it was related to skb scratch buffer space, but it clearly isn't as this refers to the top word in stack, therefore restore it. This fixes a NULL pointer dereference seen during bootup when JIT is enabled and BPF program run in sk_filter_trim_cap() triggered by systemd-udevd. JIT rework in 1c35ba122d4a ("ARM: net: bpf: use negative numbers for stacked registers") and 96cced4e774a ("ARM: net: bpf: access eBPF scratch space using ARM FP register") removed the affected parts, so only needed in 4.18 stable. Fixes: 38ca93060163 ("bpf, arm32: save 4 bytes of unneeded stack space") Reported-by: Peter Robinson <pbrobinson(a)gmail.com> Reported-by: Marc Haber <mh+netdev(a)zugschlus.de> Tested-by: Stefan Wahren <stefan.wahren(a)i2se.com> Tested-by: Peter Robinson <pbrobinson(a)gmail.com> Cc: Russell King <rmk+kernel(a)armlinux.org.uk> Cc: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> --- arch/arm/net/bpf_jit_32.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c index f6a62ae..c864f6b 100644 --- a/arch/arm/net/bpf_jit_32.c +++ b/arch/arm/net/bpf_jit_32.c @@ -238,7 +238,7 @@ static void jit_fill_hole(void *area, unsigned int size) #define STACK_SIZE ALIGN(_STACK_SIZE, STACK_ALIGNMENT) /* Get the offset of eBPF REGISTERs stored on scratch space. */ -#define STACK_VAR(off) (STACK_SIZE - off) +#define STACK_VAR(off) (STACK_SIZE - off - 4) #if __LINUX_ARM_ARCH__ < 7 -- 2.9.5

7 years, 1 month

2
1
0 0

[PATCH v2 2/2] nvme: Fix race conditions related to creation of /dev/nvme0n<x>

by Bart Van Assche

For the udev rules that create symbolic links under /dev it is essential that all sysfs attributes are registered before an object becomes visible. This patch avoids that udevd fails to create the /dev/disk/by-id/nvme-uuid.* symbolic link. Fixes: 2b9b6e86bca7 ("NVMe: Export namespace attributes to sysfs") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Keith Busch <keith.busch(a)intel.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Sagi Grimberg <sagi(a)grimberg.me> Cc: Matias Bjorling <mb(a)lightnvm.io> Cc: <stable(a)vger.kernel.org> --- drivers/nvme/host/core.c | 17 +++++------------ drivers/nvme/host/lightnvm.c | 34 +++++++--------------------------- drivers/nvme/host/nvme.h | 9 ++++----- 3 files changed, 16 insertions(+), 44 deletions(-) diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index dd8ec1dd9219..0121db66d2c6 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -3043,6 +3043,7 @@ static void nvme_alloc_ns(struct nvme_ctrl *ctrl, unsigned nsid) struct nvme_id_ns *id; char disk_name[DISK_NAME_LEN]; int node = dev_to_node(ctrl->dev), flags = GENHD_FL_EXT_DEVT; + const struct attribute_group *nvme_attr_groups[3]; ns = kzalloc_node(sizeof(*ns), GFP_KERNEL, node); if (!ns) @@ -3080,7 +3081,10 @@ static void nvme_alloc_ns(struct nvme_ctrl *ctrl, unsigned nsid) } } - disk = alloc_disk_node(0, node); + nvme_attr_groups[0] = &nvme_ns_id_attr_group; + nvme_attr_groups[1] = nvme_nvm_attr_group(ns); + nvme_attr_groups[2] = NULL; + disk = alloc_disk_node_attr(0, node, nvme_attr_groups); if (!disk) goto out_unlink_ns; @@ -3100,13 +3104,6 @@ static void nvme_alloc_ns(struct nvme_ctrl *ctrl, unsigned nsid) nvme_get_ctrl(ctrl); device_add_disk(ctrl->device, ns->disk); - if (sysfs_create_group(&disk_to_dev(ns->disk)->kobj, - &nvme_ns_id_attr_group)) - pr_warn("%s: failed to create sysfs group for identification\n", - ns->disk->disk_name); - if (ns->ndev && nvme_nvm_register_sysfs(ns)) - pr_warn("%s: failed to register lightnvm sysfs group for identification\n", - ns->disk->disk_name); nvme_mpath_add_disk(ns, id); nvme_fault_inject_init(ns); @@ -3132,10 +3129,6 @@ static void nvme_ns_remove(struct nvme_ns *ns) nvme_fault_inject_fini(ns); if (ns->disk && ns->disk->flags & GENHD_FL_UP) { - sysfs_remove_group(&disk_to_dev(ns->disk)->kobj, - &nvme_ns_id_attr_group); - if (ns->ndev) - nvme_nvm_unregister_sysfs(ns); del_gendisk(ns->disk); blk_cleanup_queue(ns->queue); if (blk_get_integrity(ns->disk)) diff --git a/drivers/nvme/host/lightnvm.c b/drivers/nvme/host/lightnvm.c index 6fe5923c95d4..11e687f3c36f 100644 --- a/drivers/nvme/host/lightnvm.c +++ b/drivers/nvme/host/lightnvm.c @@ -1270,39 +1270,19 @@ static const struct attribute_group nvm_dev_attr_group_20 = { .attrs = nvm_dev_attrs_20, }; -int nvme_nvm_register_sysfs(struct nvme_ns *ns) +const struct attribute_group *nvme_nvm_attr_group(const struct nvme_ns *ns) { - struct nvm_dev *ndev = ns->ndev; - struct nvm_geo *geo = &ndev->geo; + const struct nvm_dev *ndev = ns->ndev; if (!ndev) - return -EINVAL; + return NULL; - switch (geo->major_ver_id) { + switch (ndev->geo->major_ver_id) { case 1: - return sysfs_create_group(&disk_to_dev(ns->disk)->kobj, - &nvm_dev_attr_group_12); + return &nvm_dev_attr_group_12; case 2: - return sysfs_create_group(&disk_to_dev(ns->disk)->kobj, - &nvm_dev_attr_group_20); + return &nvm_dev_attr_group_20; } - return -EINVAL; -} - -void nvme_nvm_unregister_sysfs(struct nvme_ns *ns) -{ - struct nvm_dev *ndev = ns->ndev; - struct nvm_geo *geo = &ndev->geo; - - switch (geo->major_ver_id) { - case 1: - sysfs_remove_group(&disk_to_dev(ns->disk)->kobj, - &nvm_dev_attr_group_12); - break; - case 2: - sysfs_remove_group(&disk_to_dev(ns->disk)->kobj, - &nvm_dev_attr_group_20); - break; - } + return NULL; } diff --git a/drivers/nvme/host/nvme.h b/drivers/nvme/host/nvme.h index bb4a2003c097..112596ad1ed3 100644 --- a/drivers/nvme/host/nvme.h +++ b/drivers/nvme/host/nvme.h @@ -551,8 +551,7 @@ static inline void nvme_mpath_stop(struct nvme_ctrl *ctrl) void nvme_nvm_update_nvm_info(struct nvme_ns *ns); int nvme_nvm_register(struct nvme_ns *ns, char *disk_name, int node); void nvme_nvm_unregister(struct nvme_ns *ns); -int nvme_nvm_register_sysfs(struct nvme_ns *ns); -void nvme_nvm_unregister_sysfs(struct nvme_ns *ns); +const struct attribute_group *nvme_nvm_attr_group(const struct nvme_ns *ns); int nvme_nvm_ioctl(struct nvme_ns *ns, unsigned int cmd, unsigned long arg); #else static inline void nvme_nvm_update_nvm_info(struct nvme_ns *ns) {}; @@ -563,11 +562,11 @@ static inline int nvme_nvm_register(struct nvme_ns *ns, char *disk_name, } static inline void nvme_nvm_unregister(struct nvme_ns *ns) {}; -static inline int nvme_nvm_register_sysfs(struct nvme_ns *ns) +static inline const struct attribute_group * +nvme_nvm_attr_group(const struct nvme_ns *ns) { - return 0; + return NULL; } -static inline void nvme_nvm_unregister_sysfs(struct nvme_ns *ns) {}; static inline int nvme_nvm_ioctl(struct nvme_ns *ns, unsigned int cmd, unsigned long arg) { -- 2.18.0

7 years, 1 month

2
1
0 0

[PATCH] nvme: Fix a race condition related to creation of /dev/nvme0n<x>

by Bart Van Assche

For the udev rules that create symbolic links under /dev it is essential that all sysfs attributes are registered before an object becomes visible. This patch avoids that udevd fails to create the /dev/disk/by-id/nvme-uuid.* symbolic link. Fixes: 2b9b6e86bca7 ("NVMe: Export namespace attributes to sysfs") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Keith Busch <keith.busch(a)intel.com> Cc: Sagi Grimberg <sagi(a)grimberg.me> Cc: Matias Bjorling <mb(a)lightnvm.io> Cc: <stable(a)vger.kernel.org> --- drivers/nvme/host/core.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index dd8ec1dd9219..f4b880c8abe6 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -2734,6 +2734,11 @@ const struct attribute_group nvme_ns_id_attr_group = { .is_visible = nvme_ns_id_attrs_are_visible, }; +static const struct attribute_group *nvme_attr_groups[] = { + &nvme_ns_id_attr_group, + NULL +}; + #define nvme_show_str_function(field) \ static ssize_t field##_show(struct device *dev, \ struct device_attribute *attr, char *buf) \ @@ -3099,11 +3104,13 @@ static void nvme_alloc_ns(struct nvme_ctrl *ctrl, unsigned nsid) nvme_get_ctrl(ctrl); + WARN_ON_ONCE(disk_to_dev(ns->disk)->groups); + disk_to_dev(ns->disk)->groups = nvme_attr_groups; device_add_disk(ctrl->device, ns->disk); - if (sysfs_create_group(&disk_to_dev(ns->disk)->kobj, - &nvme_ns_id_attr_group)) - pr_warn("%s: failed to create sysfs group for identification\n", - ns->disk->disk_name); + /* + * To do: remove nvme_nvm_register_sysfs() and add the nvm attribute + * groups to nvme_attr_groups. + */ if (ns->ndev && nvme_nvm_register_sysfs(ns)) pr_warn("%s: failed to register lightnvm sysfs group for identification\n", ns->disk->disk_name); @@ -3132,8 +3139,6 @@ static void nvme_ns_remove(struct nvme_ns *ns) nvme_fault_inject_fini(ns); if (ns->disk && ns->disk->flags & GENHD_FL_UP) { - sysfs_remove_group(&disk_to_dev(ns->disk)->kobj, - &nvme_ns_id_attr_group); if (ns->ndev) nvme_nvm_unregister_sysfs(ns); del_gendisk(ns->disk); -- 2.18.0

7 years, 1 month

3
2
0 0

[PATCH 3.18 00/15] 3.18.119-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.119 release. There are 15 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 18 17:16:20 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.119-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.119-rc1 Mark Salyzyn <salyzyn(a)android.com> Bluetooth: hidp: buffer overflow in hidp_process_report Eric Biggers <ebiggers(a)google.com> crypto: ablkcipher - fix crash flushing dcache in error path Eric Biggers <ebiggers(a)google.com> crypto: blkcipher - fix crash flushing dcache in error path Eric Biggers <ebiggers(a)google.com> crypto: vmac - separate tfm and request context Eric Biggers <ebiggers(a)google.com> crypto: vmac - require a block cipher with 128-bit block size Randy Dunlap <rdunlap(a)infradead.org> kbuild: verify that $DEPMOD is installed Liwei Song <liwei.song(a)windriver.com> i2c: ismt: fix wrong device address when unmap the data buffer Andrey Ryabinin <a.ryabinin(a)samsung.com> mm: slub: fix format mismatches in slab_err() callers Erick Reyes <erickreyes(a)google.com> ALSA: info: Check for integer overflow in snd_info_entry_write() Masami Hiramatsu <mhiramat(a)kernel.org> kprobes/x86: Fix %p uses in error messages Oleksij Rempel <o.rempel(a)pengutronix.de> ARM: dts: imx6sx: fix irq for pcie bridge Al Viro <viro(a)zeniv.linux.org.uk> fix __legitimize_mnt()/mntput() race Al Viro <viro(a)zeniv.linux.org.uk> fix mntput/mntput race Al Viro <viro(a)zeniv.linux.org.uk> root dentries need RCU-delayed freeing Juergen Gross <jgross(a)suse.com> xen/netfront: don't cache skb_shinfo() ------------- Diffstat: Documentation/Changes | 17 +- Makefile | 4 +- arch/arm/boot/dts/imx6sx.dtsi | 2 +- arch/x86/kernel/kprobes/core.c | 4 +- crypto/ablkcipher.c | 57 +++--- crypto/blkcipher.c | 54 +++--- crypto/vmac.c | 412 ++++++++++++++++++----------------------- drivers/i2c/busses/i2c-ismt.c | 2 +- drivers/net/xen-netfront.c | 8 +- fs/dcache.c | 6 +- fs/namespace.c | 28 ++- include/crypto/vmac.h | 63 ------- mm/slub.c | 6 +- net/bluetooth/hidp/core.c | 4 +- scripts/depmod.sh | 8 +- sound/core/info.c | 4 +- 16 files changed, 297 insertions(+), 382 deletions(-)

7 years, 1 month

4
20
0 0

[PATCH linux dev-4.17 1/2] mtd: spi-nor: fix options for mx66l51235f

by Alexander Soldatov

Currently in driver spi-nor there is a line for mx66l51235l. According to Macronix site there is no such part number. The chip detected as such is actually mx66l51235f. According to the datasheet for mx66l51235f, "The device default is in 24-bit address mode" (section 9-10). Hence we removed SPI_NOR_4B_OPCODES option with this commit. Cc: stable(a)vger.kernel.org Fixes: d342b6a973af ("mtd: spi-nor: enable 4B opcodes for mx66l51235l") Signed-off-by: Alexander Soldatov <a.soldatov(a)yadro.com> --- drivers/mtd/spi-nor/spi-nor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/spi-nor/spi-nor.c b/drivers/mtd/spi-nor/spi-nor.c index 5bfa36e95f35..e9f44475571a 100644 --- a/drivers/mtd/spi-nor/spi-nor.c +++ b/drivers/mtd/spi-nor/spi-nor.c @@ -1068,7 +1068,7 @@ static const struct flash_info spi_nor_ids[] = { { "mx25l25635e", INFO(0xc22019, 0, 64 * 1024, 512, SPI_NOR_DUAL_READ | SPI_NOR_QUAD_READ) }, { "mx25u25635f", INFO(0xc22539, 0, 64 * 1024, 512, SECT_4K | SPI_NOR_4B_OPCODES) }, { "mx25l25655e", INFO(0xc22619, 0, 64 * 1024, 512, 0) }, - { "mx66l51235l", INFO(0xc2201a, 0, 64 * 1024, 1024, SPI_NOR_DUAL_READ | SPI_NOR_QUAD_READ | SPI_NOR_4B_OPCODES) }, + { "mx66l51235f", INFO(0xc2201a, 0, 64 * 1024, 1024, SPI_NOR_DUAL_READ | SPI_NOR_QUAD_READ) }, { "mx66u51235f", INFO(0xc2253a, 0, 64 * 1024, 1024, SECT_4K | SPI_NOR_DUAL_READ | SPI_NOR_QUAD_READ | SPI_NOR_4B_OPCODES) }, { "mx66l1g45g", INFO(0xc2201b, 0, 64 * 1024, 2048, SECT_4K | SPI_NOR_DUAL_READ | SPI_NOR_QUAD_READ) }, { "mx66l1g55g", INFO(0xc2261b, 0, 64 * 1024, 2048, SPI_NOR_QUAD_READ) }, -- 2.7.4

7 years, 1 month

3
4
0 0

[PATCH] avoid race condition between start_xmit and cm_rep_handler

by Aaron S. Knister

Inside of start_xmit() the call to check if the connection is up and the queueing of the packets for later transmission is not atomic which leaves a window where cm_rep_handler can run, set the connection up, dequeue pending packets and leave the subsequently queued packets by start_xmit() sitting on neigh->queue until they're dropped when the connection is torn down. This only applies to connected mode. These dropped packets can really upset TCP, for example, and cause multi-minute delays in transmission for open connections. I've got a reproducer available if it's needed. Here's the code in start_xmit where we check to see if the connection is up: if (ipoib_cm_get(neigh)) { if (ipoib_cm_up(neigh)) { ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); goto unref; } } The race occurs if cm_rep_handler execution occurs after the above connection check (specifically if it gets to the point where it acquires priv->lock to dequeue pending skb's) but before the below code snippet in start_xmit where packets are queued. if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { push_pseudo_header(skb, phdr->hwaddr); spin_lock_irqsave(&priv->lock, flags); __skb_queue_tail(&neigh->queue, skb); spin_unlock_irqrestore(&priv->lock, flags); } else { ++dev->stats.tx_dropped; dev_kfree_skb_any(skb); } The patch re-checks ipoib_cm_up with priv->lock held to avoid this race condition. Since odds are the conn should be up most of the time (and thus the connection *not* down most of the time) we don't hold the lock for the first check attempt to avoid a slowdown from unecessary locking for the majority of the packets transmitted during the connection's life. Tested-by: Ira Weiny <ira.weiny(a)intel.com> Signed-off-by: Aaron Knister <aaron.s.knister(a)nasa.gov> --- drivers/infiniband/ulp/ipoib/ipoib_main.c | 53 +++++++++++++++++++++++++------ 1 file changed, 44 insertions(+), 9 deletions(-) diff --git a/drivers/infiniband/ulp/ipoib/ipoib_main.c b/drivers/infiniband/ulp/ipoib/ipoib_main.c index 26cde95b..529dbeab 100644 --- a/drivers/infiniband/ulp/ipoib/ipoib_main.c +++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c @@ -1093,6 +1093,34 @@ static void unicast_arp_send(struct sk_buff *skb, struct net_device *dev, spin_unlock_irqrestore(&priv->lock, flags); } +static void defer_neigh_skb(struct sk_buff *skb, struct net_device *dev, + struct ipoib_neigh *neigh, + struct ipoib_pseudo_header *phdr, + unsigned long *flags) +{ + struct ipoib_dev_priv *priv = ipoib_priv(dev); + unsigned long local_flags; + int acquire_priv_lock = 0; + + /* Passing in pointer to spin_lock flags indicates spin lock + * already acquired so we don't need to acquire the priv lock */ + if (flags == NULL) { + flags = &local_flags; + acquire_priv_lock = 1; + } + + if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { + push_pseudo_header(skb, phdr->hwaddr); + if (acquire_priv_lock) + spin_lock_irqsave(&priv->lock, *flags); + __skb_queue_tail(&neigh->queue, skb); + spin_unlock_irqrestore(&priv->lock, *flags); + } else { + ++dev->stats.tx_dropped; + dev_kfree_skb_any(skb); + } +} + static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) { struct ipoib_dev_priv *priv = ipoib_priv(dev); @@ -1160,6 +1188,21 @@ static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); goto unref; } + /* + * Re-check ipoib_cm_up with priv->lock held to avoid + * race condition between start_xmit and skb_dequeue in + * cm_rep_handler. Since odds are the conn should be up + * most of the time, we don't hold the lock for the + * first check above + */ + spin_lock_irqsave(&priv->lock, flags); + if (ipoib_cm_up(neigh)) { + spin_unlock_irqrestore(&priv->lock, flags); + ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); + } else { + defer_neigh_skb(skb, dev, neigh, phdr, &flags); + } + goto unref; } else if (neigh->ah && neigh->ah->valid) { neigh->ah->last_send = rn->send(dev, skb, neigh->ah->ah, IPOIB_QPN(phdr->hwaddr)); @@ -1168,15 +1211,7 @@ static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) neigh_refresh_path(neigh, phdr->hwaddr, dev); } - if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { - push_pseudo_header(skb, phdr->hwaddr); - spin_lock_irqsave(&priv->lock, flags); - __skb_queue_tail(&neigh->queue, skb); - spin_unlock_irqrestore(&priv->lock, flags); - } else { - ++dev->stats.tx_dropped; - dev_kfree_skb_any(skb); - } + defer_neigh_skb(skb, dev, neigh, phdr, NULL); unref: ipoib_neigh_put(neigh); -- 2.12.3

7 years, 1 month

3
2
0 0

[PATCH] drm/nouveau: Prevent handling ACPI HPD events too early

by Lyude Paul

On most systems with ACPI hotplugging support, it seems that we always receive a hotplug event once we re-enable EC interrupts even if the GPU hasn't even been resumed yet. This can cause problems since even though we schedule hpd_work to handle connector reprobing for us, hpd_work synchronizes on pm_runtime_get_sync() to wait until the device is ready to perform reprobing. Since runtime suspend/resume callbacks are disabled before the PM core calls ->suspend(), any calls to pm_runtime_get_sync() during this period will grab a runtime PM ref and return immediately with -EACCES. Because we schedule hpd_work from our ACPI HPD handler, and hpd_work synchronizes on pm_runtime_get_sync(), this causes us to launch a connector reprobe immediately even if the GPU isn't actually resumed just yet. This causes various warnings in dmesg and occasionally, also prevents some displays connected to the dedicated GPU from coming back up after suspend. Example: usb 1-4: USB disconnect, device number 14 usb 1-4.1: USB disconnect, device number 15 WARNING: CPU: 0 PID: 838 at drivers/gpu/drm/nouveau/include/nvkm/subdev/i2c.h:170 nouveau_dp_detect+0x17e/0x370 [nouveau] CPU: 0 PID: 838 Comm: kworker/0:6 Not tainted 4.17.14-201.Lyude.bz1477182.V3.fc28.x86_64 #1 Hardware name: LENOVO 20EQS64N00/20EQS64N00, BIOS N1EET77W (1.50 ) 03/28/2018 Workqueue: events nouveau_display_hpd_work [nouveau] RIP: 0010:nouveau_dp_detect+0x17e/0x370 [nouveau] RSP: 0018:ffffa15143933cf0 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff8cb4f656c400 RCX: 0000000000000000 RDX: ffffa1514500e4e4 RSI: ffffa1514500e4e4 RDI: 0000000001009002 RBP: ffff8cb4f4a8a800 R08: ffffa15143933cfd R09: ffffa15143933cfc R10: 0000000000000000 R11: 0000000000000000 R12: ffff8cb4fb57a000 R13: ffff8cb4fb57a000 R14: ffff8cb4f4a8f800 R15: ffff8cb4f656c418 FS: 0000000000000000(0000) GS:ffff8cb51f400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f78ec938000 CR3: 000000073720a003 CR4: 00000000003606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? _cond_resched+0x15/0x30 nouveau_connector_detect+0x2ce/0x520 [nouveau] ? _cond_resched+0x15/0x30 ? ww_mutex_lock+0x12/0x40 drm_helper_probe_detect_ctx+0x8b/0xe0 [drm_kms_helper] drm_helper_hpd_irq_event+0xa8/0x120 [drm_kms_helper] nouveau_display_hpd_work+0x2a/0x60 [nouveau] process_one_work+0x187/0x340 worker_thread+0x2e/0x380 ? pwq_unbound_release_workfn+0xd0/0xd0 kthread+0x112/0x130 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x35/0x40 Code: 4c 8d 44 24 0d b9 00 05 00 00 48 89 ef ba 09 00 00 00 be 01 00 00 00 e8 e1 09 f8 ff 85 c0 0f 85 b2 01 00 00 80 7c 24 0c 03 74 02 <0f> 0b 48 89 ef e8 b8 07 f8 ff f6 05 51 1b c8 ff 02 0f 84 72 ff ---[ end trace 55d811b38fc8e71a ]--- So, to fix this we attempt to grab a runtime PM reference in the ACPI handler itself asynchronously. If the GPU is already awake (it will have normal hotplugging at this point) or runtime PM callbacks are currently disabled on the device, we drop our reference without updating the autosuspend delay. We only schedule connector reprobes when we successfully managed to queue up a resume request with our asynchronous PM ref. This also has the added benefit of preventing redundant connector reprobes from ACPI while the GPU is runtime resumed! Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org Cc: Karol Herbst <kherbst(a)redhat.com> Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1477182#c41 Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/nouveau/nouveau_display.c | 26 +++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_display.c b/drivers/gpu/drm/nouveau/nouveau_display.c index 4b873e668b26..2e3226ff9f95 100644 --- a/drivers/gpu/drm/nouveau/nouveau_display.c +++ b/drivers/gpu/drm/nouveau/nouveau_display.c @@ -377,15 +377,29 @@ nouveau_display_acpi_ntfy(struct notifier_block *nb, unsigned long val, { struct nouveau_drm *drm = container_of(nb, typeof(*drm), acpi_nb); struct acpi_bus_event *info = data; + int ret; if (!strcmp(info->device_class, ACPI_VIDEO_CLASS)) { if (info->type == ACPI_VIDEO_NOTIFY_PROBE) { - /* - * This may be the only indication we receive of a - * connector hotplug on a runtime suspended GPU, - * schedule hpd_work to check. - */ - schedule_work(&drm->hpd_work); + ret = pm_runtime_get(drm->dev->dev); + if (ret == 1 || ret == -EACCES) { + /* If the GPU is already awake, or in a state + * where we can't wake it up, it can handle + * it's own hotplug events. + */ + pm_runtime_put_autosuspend(drm->dev->dev); + } else if (ret == 0) { + /* This may be the only indication we receive + * of a connector hotplug on a runtime + * suspended GPU, schedule hpd_work to check. + */ + NV_DEBUG(drm, "ACPI requested connector reprobe\n"); + schedule_work(&drm->hpd_work); + pm_runtime_put_noidle(drm->dev->dev); + } else { + NV_WARN(drm, "Dropped ACPI reprobe event due to RPM error: %d\n", + ret); + } /* acpi-video should not generate keypresses for this */ return NOTIFY_BAD; -- 2.17.1

7 years, 1 month

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror