Linux-stable-mirror

linux-stable-mirror@lists.linaro.org

295 participants
124132 discussions

Re: Request for stable backport: stmmac: Use correct values in TQS/RQS fields

by Niklas Cassel

Adding stable since I see Greg's Sign-off-by on recent backports to this driver. On Wed, Dec 19, 2018 at 10:55:16AM +0100, Niklas Cassel wrote: > Hello David, > > I can observe a netdev watchdog timeout on kernel 4.14.78 when using stmmac > with multiple tx queues. > > Backporting the following commit: > > commit 52a76235d0c4dd259cd0df503afed4757c04ba1d > Author: Jose Abreu <Jose.Abreu(a)synopsys.com> > Date: Fri Oct 13 10:58:36 2017 +0100 > > net: stmmac: Use correct values in TQS/RQS fields > > Currently we are using all the available fifo size in RQS and > TQS fields. This will not work correctly in multi-queues IP's > because total fifo size must be splitted to the enabled queues. > > Correct this by computing the available fifo size per queue and > setting the right value in TQS and RQS fields. > > Signed-off-by: Jose Abreu <joabreu(a)synopsys.com> > Cc: David S. Miller <davem(a)davemloft.net> > Cc: Joao Pinto <jpinto(a)synopsys.com> > Cc: Giuseppe Cavallaro <peppe.cavallaro(a)st.com> > Cc: Alexandre Torgue <alexandre.torgue(a)st.com> > Signed-off-by: David S. Miller <davem(a)davemloft.net> > > > resolves the issue. > > The fix was first included in v4.15 > $ git tag --contains 52a76235d0c4dd259cd0df503afed4757c04ba1d > v4.15 > v4.15-rc1 > v4.15-rc2 > > Could you please queue it up for 4.14 stable? > > > Kind regards, > Niklas

6 years, 11 months

Re: [PATCH v2] HID: debug: fix the ring buffer implementation

by Vladis Dronov

Hi, > The bot has tested the following trees: v4.20.5, v4.19.18, v4.14.96, > v4.9.153, v4.4.172, v3.18.133. > > v4.20.5: Build OK! > v4.19.18: Build OK! > v4.14.96: Failed to apply! Possible dependencies: > v4.9.153: Failed to apply! Possible dependencies: > v4.4.172: Failed to apply! Possible dependencies: > v3.18.133: Failed to apply! Possible dependencies: > > How should we proceed with this patch? Unfortunately, I have no idea how stable trees process failed-to-apply patches. The obvious answer would be "backport it". Best regards, Vladis Dronov | Red Hat, Inc. | Product Security | Senior Software Engineer

6 years, 11 months

Stable queue: queue-4.20

by CKI

Hello, We ran automated tests on a patchset that was proposed for merging into this kernel tree. The patches were applied to: Kernel repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: 9f1a389a0b5b Linux 4.20.5 The results of these automated tests are provided below. Overall result: FAILED (see details below) Patch merge: OK Compile: OK Kernel tests: FAILED One or more kernel tests failed: powerpc64le: PASSED s390x: PASSED aarch64: PASSED x86_64: PASSED We hope that these logs can help you find the problem quickly. For the full detail on our testing procedures, please scroll to the bottom of this message. Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Merge testing ------------- We cloned this repository and checked out a ref: Repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Ref: 9f1a389a0b5b Linux 4.20.5 We then merged the following patches with `git am`: amd-xgbe-fix-mdio-access-for-non-zero-ports-and-clause-45-phys.patch net-bridge-fix-ethernet-header-pointer-before-check-skb-forwardable.patch net-fix-usage-of-pskb_trim_rcsum.patch net-phy-marvell-errata-for-mv88e6390-internal-phys.patch net-phy-mdio_bus-add-missing-device_del-in-mdiobus_register-error-handling.patch net-phy-phy-driver-features-are-mandatory.patch net-sched-act_tunnel_key-fix-memory-leak-in-case-of-action-replace.patch net_sched-refetch-skb-protocol-for-each-filter.patch openvswitch-avoid-oob-read-when-parsing-flow-nlattrs.patch vhost-log-dirty-page-correctly.patch mlxsw-pci-increase-pci-sw-reset-timeout.patch net-ipv4-fix-memory-leak-in-network-namespace-dismantle.patch mlxsw-spectrum_fid-update-dummy-fid-index.patch mlxsw-pci-ring-cq-s-doorbell-before-rdq-s.patch net-sched-cls_flower-allocate-mask-dynamically-in-fl_change.patch udp-with-udp_segment-release-on-error-path.patch ip6_gre-fix-tunnel-list-corruption-for-x-netns.patch erspan-build-the-header-with-the-right-proto-according-to-erspan_ver.patch net-phy-marvell-fix-deadlock-from-wrong-locking.patch ip6_gre-update-version-related-info-when-changing-link.patch tcp-allow-msg_zerocopy-transmission-also-in-close_wait-state.patch arm-fix-the-cockup-in-the-previous-patch.patch sunrpc-address-kerberos-performance-behavior-regress.patch mei-me-mark-lbg-devices-as-having-dma-support.patch mei-me-add-denverton-innovation-engine-device-ids.patch usb-leds-fix-regression-in-usbport-led-trigger.patch usb-ehci-ehci-mv-add-module_device_table.patch usb-serial-ftdi_sio-fix-gpio-not-working-in-autosuspend.patch usb-serial-simple-add-motorola-tetra-tpg2200-device-id.patch usb-serial-pl2303-add-new-pid-to-support-pl2303tb.patch ceph-clear-inode-pointer-when-snap-realm-gets-dropped-by-its-inode.patch asoc-atom-fix-a-missing-check-of-snd_pcm_lib_malloc_pages.patch asoc-rt5514-spi-fix-potential-null-pointer-dereference.patch asoc-tlv320aic32x4-kernel-oops-while-entering-dapm-standby-mode.patch clk-zynqmp-fix-memory-allocation-in-zynqmp_clk_setup.patch clk-socfpga-stratix10-fix-rate-calculation-for-pll-clocks.patch clk-socfpga-stratix10-fix-naming-convention-for-the-fixed-clocks.patch inotify-fix-fd-refcount-leak-in-inotify_add_watch.patch alsa-hda-realtek-fix-typo-for-alc225-model.patch alsa-hda-add-mute-led-support-for-hp-probook-470-g5.patch arcv2-lib-memeset-fix-doing-prefetchw-outside-of-buffer.patch arc-adjust-memblock_reserve-of-kernel-memory.patch arc-perf-map-generic-branches-to-correct-hardware-condition.patch s390-vdso-correct-vdso-mapping-for-compat-tasks.patch s390-mm-always-force-a-load-of-the-primary-asce-on-context-switch.patch s390-early-improve-machine-detection.patch s390-smp-fix-cpu-hotplug-deadlock-with-cpu-rescan.patch s390-smp-fix-calling-smp_call_ipl_cpu-from-ipl-cpu.patch misc-ibmvsm-fix-potential-null-pointer-dereference.patch char-mwave-fix-potential-spectre-v1-vulnerability.patch mmc-sdhci-iproc-handle-mmc_of_parse-errors-during-probe.patch mmc-dw_mmc-bluefield-fix-the-license-information.patch mmc-meson-gx-free-irq-in-release-callback.patch staging-rtl8188eu-add-device-code-for-d-link-dwa-121-rev-b1.patch tty-handle-problem-if-line-discipline-does-not-have-receive_buf.patch uart-fix-crash-in-uart_write-and-uart_put_char.patch tty-n_hdlc-fix-__might_sleep-warning.patch hv_balloon-avoid-touching-uninitialized-struct-page-during-tail-onlining.patch drivers-hv-vmbus-check-for-ring-when-getting-debug-info.patch vgacon-unconfuse-vc_origin-when-using-soft-scrollback.patch cifs-fix-possible-hang-during-async-mtu-reads-and-writes.patch cifs-fix-credits-calculations-for-reads-with-errors.patch cifs-fix-credit-calculation-for-encrypted-reads-with-errors.patch cifs-do-not-reconnect-tcp-session-in-add_credits.patch smb3-add-credits-we-receive-from-oplock-break-pdus.patch input-xpad-add-support-for-steelseries-stratus-duo.patch input-input_event-provide-override-for-sparc64.patch input-uinput-fix-undefined-behavior-in-uinput_validate_absinfo.patch acpi-nfit-block-function-zero-dsms.patch acpi-nfit-fix-command-supported-detection.patch scsi-ufs-use-explicit-access-size-in-ufshcd_dump_regs.patch dm-thin-fix-passdown_double_checking_shared_status.patch dm-crypt-fix-parsing-of-extended-iv-arguments.patch drm-amdgpu-add-aptx-quirk-for-lenovo-laptop.patch edac-altera-fix-s10-persistent-register-offset.patch kvm-x86-fix-single-step-debugging.patch kvm-x86-fix-pv-ipis-for-32-bit-kvm-host.patch kvm-x86-warn_once-if-sending-a-pv-ipi-returns-a-fatal-error.patch kvm-x86-vmx-use-kzalloc-for-cached_vmcs12.patch x86-pkeys-properly-copy-pkey-state-at-fork.patch x86-selftests-pkeys-fork-to-check-for-state-being-preserved.patch x86-kaslr-fix-incorrect-i8254-outb-parameters.patch x86-entry-64-compat-fix-stack-switching-for-xen-pv.patch posix-cpu-timers-unbreak-timer-rearming.patch net-sun-cassini-cleanup-license-conflict.patch irqchip-gic-v3-its-align-pci-multi-msi-allocation-on-their-size.patch can-dev-__can_get_echo_skb-fix-bogous-check-for-non-existing-skb-by-removing-it.patch can-bcm-check-timer-values-before-ktime-conversion.patch can-flexcan-fix-null-pointer-exception-during-bringup.patch vt-make-vt_console_print-compatible-with-the-unicode-screen-buffer.patch vt-always-call-notifier-with-the-console-lock-held.patch vt-invoke-notifier-on-screen-size-change.patch drm-meson-fix-atomic-mode-switching-regression.patch Compile testing --------------- We compiled the kernel for 4 architectures: powerpc64le: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/ppc64le/0bcf75d067e11bab66cb635da9… s390x: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/s390x/f137b3c0e426bab253e2332931de… aarch64: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/aarch64/0bd7f3a1cb649a63f6f0c4cd30… x86_64: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/x86_64/42f517be5ad60afbedcb5200199… Hardware testing ---------------- We booted each kernel and ran the following tests: powerpc: s390: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu arm64: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… xfstests: xfs - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu Usex - version 1.9-29 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us… x86_64: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… xfstests: xfs - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu Usex - version 1.9-29 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us…

6 years, 11 months

[PATCH] perf/x86/intel/uncore: Add Node ID mask

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> Some PCI uncore PMUs cannot be registered on a 8-socket system (HPE Superdome Flex). To understand which Socket the PCI uncore PMUs belong to, perf retrieves the local Node ID of the uncore device from CPUNODEID(0xC0) of the PCI configuration space, and the mapping between Socket ID and Node ID from GIDNIDMAP(0xD4). The Socket ID can be calculated accordingly. The local Node ID is only available at bit 2:0, but current code doesn't mask it. If a BIOS doesn't clear the rest of the bits, a wrong Node ID will be fetched. Filter the Node ID by adding a mask. Fixes: 7c94ee2e0917 ("perf/x86: Add Intel Nehalem and Sandy Bridge-EP uncore support") Reported-by: Song Liu <songliubraving(a)fb.com> Tested-by: Song Liu <songliubraving(a)fb.com> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/uncore_snbep.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/events/intel/uncore_snbep.c b/arch/x86/events/intel/uncore_snbep.c index c07bee3..b10e043 100644 --- a/arch/x86/events/intel/uncore_snbep.c +++ b/arch/x86/events/intel/uncore_snbep.c @@ -1222,6 +1222,8 @@ static struct pci_driver snbep_uncore_pci_driver = { .id_table = snbep_uncore_pci_ids, }; +#define NODE_ID_MASK 0x7 + /* * build pci bus to socket mapping */ @@ -1243,7 +1245,7 @@ static int snbep_pci2phy_map_init(int devid, int nodeid_loc, int idmap_loc, bool err = pci_read_config_dword(ubox_dev, nodeid_loc, &config); if (err) break; - nodeid = config; + nodeid = config & NODE_ID_MASK; /* get the Node ID mapping */ err = pci_read_config_dword(ubox_dev, idmap_loc, &config); if (err) -- 2.7.4

6 years, 11 months

[PATCH] nfit: Fix nfit_intel_shutdown_status() command submission

by Dan Williams

The implementation is broken in all the ways the unit test did not touch: 1/ The local definition of in_buf and in_obj violated C99 initializer expectations for zeroing. By only initializing 2 out of the three struct members the compiler was free to zero-initialize the remaining entry even though the aliased location in the union was initialized. 2/ The implementation made assumptions about the state of the 'smart' payload after command execution that are satisfied by acpi_nfit_ctl(), but not acpi_evaluate_dsm(). 3/ populate_shutdown_status() is skipped on Intel NVDIMMs due to the early return for skipping the common _LS{I,R,W} enabling. 4/ The input length should be zero. This breakage was missed due to the unit test implementation only testing the case where nfit_intel_shutdown_status() returns a valid payload. Much of this complexity would be saved if acpi_nfit_ctl() could be used, but that currently requires a 'struct nvdimm *' argument and one is not created until later in the init process. The health result is needed before the device is created because the payload gates whether the nmemX/nfit/dirty_shutdown property is visible in sysfs. Cc: <stable(a)vger.kernel.org> Fixes: 0ead11181fe0 ("acpi, nfit: Collect shutdown status") Reported-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- drivers/acpi/nfit/core.c | 41 ++++++++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c index e18ade5d74e9..0a49c57334cc 100644 --- a/drivers/acpi/nfit/core.c +++ b/drivers/acpi/nfit/core.c @@ -1759,14 +1759,14 @@ static bool acpi_nvdimm_has_method(struct acpi_device *adev, char *method) __weak void nfit_intel_shutdown_status(struct nfit_mem *nfit_mem) { + struct device *dev = &nfit_mem->adev->dev; struct nd_intel_smart smart = { 0 }; union acpi_object in_buf = { - .type = ACPI_TYPE_BUFFER, - .buffer.pointer = (char *) &smart, - .buffer.length = sizeof(smart), + .buffer.type = ACPI_TYPE_BUFFER, + .buffer.length = 0, }; union acpi_object in_obj = { - .type = ACPI_TYPE_PACKAGE, + .package.type = ACPI_TYPE_PACKAGE, .package.count = 1, .package.elements = &in_buf, }; @@ -1781,8 +1781,15 @@ __weak void nfit_intel_shutdown_status(struct nfit_mem *nfit_mem) return; out_obj = acpi_evaluate_dsm(handle, guid, revid, func, &in_obj); - if (!out_obj) + if (!out_obj || out_obj->type != ACPI_TYPE_BUFFER + || out_obj->buffer.length < sizeof(smart)) { + dev_dbg(dev->parent, "%s: failed to retrieve initial health\n", + dev_name(dev)); + ACPI_FREE(out_obj); return; + } + memcpy(&smart, out_obj->buffer.pointer, sizeof(smart)); + ACPI_FREE(out_obj); if (smart.flags & ND_INTEL_SMART_SHUTDOWN_VALID) { if (smart.shutdown_state) @@ -1793,7 +1800,6 @@ __weak void nfit_intel_shutdown_status(struct nfit_mem *nfit_mem) set_bit(NFIT_MEM_DIRTY_COUNT, &nfit_mem->flags); nfit_mem->dirty_shutdown = smart.shutdown_count; } - ACPI_FREE(out_obj); } static void populate_shutdown_status(struct nfit_mem *nfit_mem) @@ -1915,18 +1921,19 @@ static int acpi_nfit_add_dimm(struct acpi_nfit_desc *acpi_desc, | 1 << ND_CMD_SET_CONFIG_DATA; if (family == NVDIMM_FAMILY_INTEL && (dsm_mask & label_mask) == label_mask) - return 0; - - if (acpi_nvdimm_has_method(adev_dimm, "_LSI") - && acpi_nvdimm_has_method(adev_dimm, "_LSR")) { - dev_dbg(dev, "%s: has _LSR\n", dev_name(&adev_dimm->dev)); - set_bit(NFIT_MEM_LSR, &nfit_mem->flags); - } + /* skip _LS{I,R,W} enabling */; + else { + if (acpi_nvdimm_has_method(adev_dimm, "_LSI") + && acpi_nvdimm_has_method(adev_dimm, "_LSR")) { + dev_dbg(dev, "%s: has _LSR\n", dev_name(&adev_dimm->dev)); + set_bit(NFIT_MEM_LSR, &nfit_mem->flags); + } - if (test_bit(NFIT_MEM_LSR, &nfit_mem->flags) - && acpi_nvdimm_has_method(adev_dimm, "_LSW")) { - dev_dbg(dev, "%s: has _LSW\n", dev_name(&adev_dimm->dev)); - set_bit(NFIT_MEM_LSW, &nfit_mem->flags); + if (test_bit(NFIT_MEM_LSR, &nfit_mem->flags) + && acpi_nvdimm_has_method(adev_dimm, "_LSW")) { + dev_dbg(dev, "%s: has _LSW\n", dev_name(&adev_dimm->dev)); + set_bit(NFIT_MEM_LSW, &nfit_mem->flags); + } } populate_shutdown_status(nfit_mem);

6 years, 11 months

[PATCH] PCI: dwc: Fix stop condition on __dw_pcie_ep_find_next_cap()

by Gustavo Pimentel

The combination of __dw_pcie_ep_find_next_cap() and dw_pcie_ep_find_capability() allows to search on the Endpoint configuration space for a specific capability ID. This search is done recursively by __dw_pcie_ep_find_next_cap() jumping from capability to capability (using the next offset register to calculate next jump address), stopping until the next offset register is null or the current capability meets the desired ID. However, if the desired capability is at the end of that list, the recursive search will be returning because the next offset will be null (thus filling the first stop condition) and not because it has reached the desired ID and therefore reporting capability "not found". This fix will swap the stop conditions order of __dw_pcie_ep_find_next_cap(), allowing to find the desired capability ID, if it encounters at the end of the list. Fixes: beb4641a787d ("PCI: dwc: Add MSI-X callbacks handler") Reported-by: Jian Wang <jianwang(a)ra.rockwell.com> Signed-off-by: Gustavo Pimentel <gustavo.pimentel(a)synopsys.com> Cc: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Cc: Kishon Vijay Abraham I <kishon(a)ti.com> Cc: stable(a)vger.kernel.org --- drivers/pci/controller/dwc/pcie-designware-ep.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c index a543c45..0258894 100644 --- a/drivers/pci/controller/dwc/pcie-designware-ep.c +++ b/drivers/pci/controller/dwc/pcie-designware-ep.c @@ -50,12 +50,12 @@ static u8 __dw_pcie_ep_find_next_cap(struct dw_pcie *pci, u8 cap_ptr, next_cap_ptr = (reg & 0xff00) >> 8; cap_id = (reg & 0x00ff); - if (!next_cap_ptr || cap_id > PCI_CAP_ID_MAX) - return 0; - if (cap_id == cap) return cap_ptr; + if (!next_cap_ptr || cap_id > PCI_CAP_ID_MAX) + return 0; + return __dw_pcie_ep_find_next_cap(pci, next_cap_ptr, cap); } -- 2.7.4

6 years, 11 months

Re: [PATCH] kprobe: safely access memory specified by userspace

by Changbin Du

Hi, Please hold until Steven returned from Linux Conf Au. Thanks! On Tue, Jan 29, 2019 at 12:35:20AM +0000, Sasha Levin wrote: > Hi, > > [This is an automated email] > > This commit has been processed because it contains a -stable tag. > The stable tag indicates that it's relevant for the following trees: all > > The bot has tested the following trees: v4.20.5, v4.19.18, v4.14.96, v4.9.153, v4.4.172, v3.18.133. > > v4.20.5: Build OK! > v4.19.18: Failed to apply! Possible dependencies: > 533059281ee5 ("tracing: probeevent: Introduce new argument fetching code") > 56de76305279 ("tracing: probeevent: Cleanup print argument functions") > 9178412ddf5a ("tracing: probeevent: Return consumed bytes of dynamic area") > > v4.14.96: Failed to apply! Possible dependencies: > 45408c4f9250 ("tracing: kprobes: Prohibit probing on notrace function") > 4bebdc7a85aa ("bpf: add helper bpf_perf_prog_read_value") > 533059281ee5 ("tracing: probeevent: Introduce new argument fetching code") > 908432ca84fc ("bpf: add helper bpf_perf_event_read_value for perf event array map") > 97562633bcba ("bpf: perf event change needed for subsequent bpf helpers") > 9802d86585db ("bpf: add a bpf_override_function helper") > b4da3340eae2 ("tracing/kprobe: bpf: Check error injectable event is on function entry") > cd86d1fd2102 ("bpf: Adding helper function bpf_getsockops") > dd0bb688eaa2 ("bpf: add a bpf_override_function helper") > de8f3a83b0a0 ("bpf: add meta pointer for direct access") > f3edacbd697f ("bpf: Revert bpf_overrid_function() helper changes.") > > v4.9.153: Failed to apply! Possible dependencies: > 17bedab27231 ("bpf: xdp: Allow head adjustment in XDP prog") > 1d9995771fcb ("s390: update defconfigs") > 23a4e389bdc7 ("nfp: create separate define for max number of vectors") > 416db5c1e448 ("nfp: remove support for nfp3200") > 45408c4f9250 ("tracing: kprobes: Prohibit probing on notrace function") > 533059281ee5 ("tracing: probeevent: Introduce new argument fetching code") > 67f8b1dcb9ee ("net/mlx4_en: Refactor the XDP forwarding rings scheme") > 68453c7a8973 ("nfp: centralize runtime reconfiguration logic") > 6b0b7551428e ("perf/core: Rename CONFIG_[UK]PROBE_EVENT to CONFIG_[UK]PROBE_EVENTS") > 7ff5c83a1deb ("nfp: simplify nfp_net_poll()") > 9802d86585db ("bpf: add a bpf_override_function helper") > a4b562bb8ebd ("nfp: use unsigned int for vector/ring counts") > b4da3340eae2 ("tracing/kprobe: bpf: Check error injectable event is on function entry") > bf187ea01b07 ("nfp: centralize the buffer size calculation") > cbeaf7aa733a ("nfp: bring back support for different ring counts") > ccc109b8ed24 ("net/mlx4_en: Add TX_XDP for CQ types") > dd0bb688eaa2 ("bpf: add a bpf_override_function helper") > e390b55d5aef ("bpf: make bpf_xdp_adjust_head support mandatory") > ecd63a0217d5 ("nfp: add XDP support in the driver") > f18f97ac43d7 ("tracing/kprobes: Add a helper method to return number of probe hits") > f3edacbd697f ("bpf: Revert bpf_overrid_function() helper changes.") > > v4.4.172: Failed to apply! Possible dependencies: > 1d9995771fcb ("s390: update defconfigs") > 45408c4f9250 ("tracing: kprobes: Prohibit probing on notrace function") > 533059281ee5 ("tracing: probeevent: Introduce new argument fetching code") > 6b0b7551428e ("perf/core: Rename CONFIG_[UK]PROBE_EVENT to CONFIG_[UK]PROBE_EVENTS") > 6e127efeeae5 ("s390/config: make the vector optimized crc function builtin") > a086171ad886 ("s390: Updated kernel config files") > cb14def6a9ca ("s390/configs: update default configurations") > e9bc15f28e5f ("s390/config: update default configuration") > fdcebf6f18ee ("s390/config: Enable config options for Docker") > > v3.18.133: Failed to apply! Possible dependencies: > 1a6877b9c0c2 ("lib: introduce strncpy_from_unsafe()") > 34c0dad75229 ("s390/hypfs: Add diagnose 0c support") > 45408c4f9250 ("tracing: kprobes: Prohibit probing on notrace function") > 533059281ee5 ("tracing: probeevent: Introduce new argument fetching code") > 5a79859ae0f3 ("s390: remove 31 bit support") > 5c6497c50f8d ("s390/jump label: add sanity checks") > 6b0b7551428e ("perf/core: Rename CONFIG_[UK]PROBE_EVENT to CONFIG_[UK]PROBE_EVENTS") > 8461b63ca01d ("s390: translate cputime magic constants to macros") > a763bc8b656d ("s390/numa: enable support in s390 configs") > c07af4f1ce41 ("mm: add missing __PAGETABLE_{PUD,PMD}_FOLDED defines") > c933146a5e41 ("s390/ftrace,kprobes: allow to patch first instruction") > d5caa4dbf9bd ("s390/jump label: use different nop instruction") > e9bc15f28e5f ("s390/config: update default configuration") > f8b2dcbd9e6d ("s390: add z13 code generation support") > > > How should we proceed with this patch? > > -- > Thanks, > Sasha -- Cheers, Changbin Du

6 years, 11 months

+ mm-proc-smaps_rollup-fix-pss_locked-calculation.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: fs/proc/task_mmu.c: fix smaps_rollup pss_locked calculation has been added to the -mm tree. Its filename is mm-proc-smaps_rollup-fix-pss_locked-calculation.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-proc-smaps_rollup-fix-pss_locke… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-proc-smaps_rollup-fix-pss_locke… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Sandeep Patil <sspatil(a)android.com> Subject: fs/proc/task_mmu.c: fix smaps_rollup pss_locked calculation The 'pss_locked' field of smaps_rollup was being calculated incorrectly as it accumulated the current pss everytime a locked VMA was found. Fix that by making sure we record the current pss value before each VMA is walked. So, we can only add the delta if the VMA was found to be VM_LOCKED. Link: http://lkml.kernel.org/r/20190121011049.160505-1-sspatil@android.com Fixes: 493b0e9d945f ("mm: add /proc/pid/smaps_rollup") Signed-off-by: Sandeep Patil <sspatil(a)android.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: Andrey Vagin <avagin(a)openvz.org> Cc: Daniel Colascione <dancol(a)google.com> Cc: <stable(a)vger.kernel.org> [4.14.x 4.19.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/fs/proc/task_mmu.c~mm-proc-smaps_rollup-fix-pss_locked-calculation +++ a/fs/proc/task_mmu.c @@ -721,6 +721,7 @@ static void smap_gather_stats(struct vm_ #endif .mm = vma->vm_mm, }; + unsigned long pss; smaps_walk.private = mss; @@ -749,11 +750,12 @@ static void smap_gather_stats(struct vm_ } } #endif - + /* record current pss so we can calculate the delta after page walk */ + pss = mss->pss; /* mmap_sem is held in m_start */ walk_page_vma(vma, &smaps_walk); if (vma->vm_flags & VM_LOCKED) - mss->pss_locked += mss->pss; + mss->pss_locked += mss->pss - pss; } #define SEQ_PUT_DEC(str, val) \ _ Patches currently in -mm which might be from sspatil(a)android.com are mm-proc-smaps_rollup-fix-pss_locked-calculation.patch

6 years, 11 months

+ mm-oom-fix-use-after-free-in-oom_kill_process.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, oom: fix use-after-free in oom_kill_process has been added to the -mm tree. Its filename is mm-oom-fix-use-after-free-in-oom_kill_process.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-oom-fix-use-after-free-in-oom_k… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-oom-fix-use-after-free-in-oom_k… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Shakeel Butt <shakeelb(a)google.com> Subject: mm, oom: fix use-after-free in oom_kill_process Syzbot instance running on upstream kernel found a use-after-free bug in oom_kill_process. On further inspection it seems like the process selected to be oom-killed has exited even before reaching read_lock(&tasklist_lock) in oom_kill_process(). More specifically the tsk->usage is 1 which is due to get_task_struct() in oom_evaluate_task() and the put_task_struct within for_each_thread() frees the tsk and for_each_thread() tries to access the tsk. The easiest fix is to do get/put across the for_each_thread() on the selected task. Now the next question is should we continue with the oom-kill as the previously selected task has exited? However before adding more complexity and heuristics, let's answer why we even look at the children of oom-kill selected task? The select_bad_process() has already selected the worst process in the system/memcg. Due to race, the selected process might not be the worst at the kill time but does that matter? The userspace can use the oom_score_adj interface to prefer children to be killed before the parent. I looked at the history but it seems like this is there before git history. Link: http://lkml.kernel.org/r/20190121215850.221745-1-shakeelb@google.com Reported-by: syzbot+7fbbfa368521945f0e3d(a)syzkaller.appspotmail.com Fixes: 6b0c81b3be11 ("mm, oom: reduce dependency on tasklist_lock") Signed-off-by: Shakeel Butt <shakeelb(a)google.com> Reviewed-by: Roman Gushchin <guro(a)fb.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: David Rientjes <rientjes(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/oom_kill.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/mm/oom_kill.c~mm-oom-fix-use-after-free-in-oom_kill_process +++ a/mm/oom_kill.c @@ -975,6 +975,13 @@ static void oom_kill_process(struct oom_ * still freeing memory. */ read_lock(&tasklist_lock); + + /* + * The task 'p' might have already exited before reaching here. The + * put_task_struct() will free task_struct 'p' while the loop still try + * to access the field of 'p', so, get an extra reference. + */ + get_task_struct(p); for_each_thread(p, t) { list_for_each_entry(child, &t->children, sibling) { unsigned int child_points; @@ -994,6 +1001,7 @@ static void oom_kill_process(struct oom_ } } } + put_task_struct(p); read_unlock(&tasklist_lock); /* _ Patches currently in -mm which might be from shakeelb(a)google.com are mm-oom-fix-use-after-free-in-oom_kill_process.patch memcg-localize-memcg_kmem_enabled-check.patch memcg-schedule-high-reclaim-for-remote-memcgs-on-high_work.patch memcg-schedule-high-reclaim-for-remote-memcgs-on-high_work-v3.patch mm-oom-remove-prefer-children-over-parent-heuristic.patch

6 years, 11 months

[PATCH] Fix: membarrier: racy access to p->mm in membarrier_global_expedited()

by Mathieu Desnoyers

Jann Horn identified a racy access to p->mm in the global expedited command of the membarrier system call. The suggested fix is to hold the task_lock() around the accesses to p->mm and to the mm_struct membarrier_state field to guarantee the existence of the mm_struct. Link: https://lore.kernel.org/lkml/CAG48ez2G8ctF8dHS42TF37pThfr3y0RNOOYTmxvACm4u8… Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Tested-by: Jann Horn <jannh(a)google.com> CC: Jann Horn <jannh(a)google.com> CC: Thomas Gleixner <tglx(a)linutronix.de> CC: Peter Zijlstra (Intel) <peterz(a)infradead.org> CC: Ingo Molnar <mingo(a)kernel.org> CC: Andrea Parri <parri.andrea(a)gmail.com> CC: Andy Lutomirski <luto(a)kernel.org> CC: Avi Kivity <avi(a)scylladb.com> CC: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> CC: Boqun Feng <boqun.feng(a)gmail.com> CC: Dave Watson <davejwatson(a)fb.com> CC: David Sehr <sehr(a)google.com> CC: H. Peter Anvin <hpa(a)zytor.com> CC: Linus Torvalds <torvalds(a)linux-foundation.org> CC: Maged Michael <maged.michael(a)gmail.com> CC: Michael Ellerman <mpe(a)ellerman.id.au> CC: Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> CC: Paul Mackerras <paulus(a)samba.org> CC: Russell King <linux(a)armlinux.org.uk> CC: Will Deacon <will.deacon(a)arm.com> CC: stable(a)vger.kernel.org # v4.16+ CC: linux-api(a)vger.kernel.org --- kernel/sched/membarrier.c | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/kernel/sched/membarrier.c b/kernel/sched/membarrier.c index 76e0eaf4654e..305fdcc4c5f7 100644 --- a/kernel/sched/membarrier.c +++ b/kernel/sched/membarrier.c @@ -81,12 +81,27 @@ static int membarrier_global_expedited(void) rcu_read_lock(); p = task_rcu_dereference(&cpu_rq(cpu)->curr); - if (p && p->mm && (atomic_read(&p->mm->membarrier_state) & - MEMBARRIER_STATE_GLOBAL_EXPEDITED)) { - if (!fallback) - __cpumask_set_cpu(cpu, tmpmask); - else - smp_call_function_single(cpu, ipi_mb, NULL, 1); + /* + * Skip this CPU if the runqueue's current task is NULL or if + * it is a kernel thread. + */ + if (p && READ_ONCE(p->mm)) { + bool mm_match; + + /* + * Read p->mm and access membarrier_state while holding + * the task lock to ensure existence of mm. + */ + task_lock(p); + mm_match = p->mm && (atomic_read(&p->mm->membarrier_state) & + MEMBARRIER_STATE_GLOBAL_EXPEDITED); + task_unlock(p); + if (mm_match) { + if (!fallback) + __cpumask_set_cpu(cpu, tmpmask); + else + smp_call_function_single(cpu, ipi_mb, NULL, 1); + } } rcu_read_unlock(); } -- 2.17.1

6 years, 11 months

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror