- Linux-stable-mirror - lists.linaro.org

[PATCH] stop_machine: Disable preemption after queueing stopper threads

by Isaac J. Manjarres

This commit: 9fb8d5dc4b64 ("stop_machine, Disable preemption when waking two stopper threads") does not fully address the race condition that can occur as follows: On one CPU, call it CPU 3, thread 1 invokes cpu_stop_queue_two_works(2, 3,...), and the execution is such that thread 1 queues the works for migration/2 and migration/3, and is preempted after releasing the locks for migration/2 and migration/3, but before waking the threads. Then, On CPU 2, a kworker, call it thread 2, is running, and it invokes cpu_stop_queue_two_works(1, 2,...), such that thread 2 queues the works for migration/1 and migration/2. Meanwhile, on CPU 3, thread 1 resumes execution, and wakes migration/2 and migration/3. This means that when CPU 2 releases the locks for migration/1 and migration/2, but before it wakes those threads, it can be preempted by migration/2. If thread 2 is preempted by migration/2, then migration/2 will execute the first work item successfully, since migration/3 was woken up by CPU 3, but when it goes to execute the second work item, it disables preemption, calls multi_cpu_stop(), and thus, CPU 2 will wait forever for migration/1, which should have been woken up by thread 2. However migration/1 cannot be woken up by thread 2, since it is a kworker, so it is affine to CPU 2, but CPU 2 is running migration/2 with preemption disabled, so thread 2 will never run. Disable preemption after queueing works for stopper threads to ensure that the operation of queueing the works and waking the stopper threads is atomic. Fixes: 9fb8d5dc4b64 ("stop_machine, Disable preemption when waking two stopper threads") Co-Developed-by: Prasad Sodagudi <psodagud(a)codeaurora.org> Co-Developed-by: Pavankumar Kondeti <pkondeti(a)codeaurora.org> Signed-off-by: Isaac J. Manjarres <isaacm(a)codeaurora.org> Signed-off-by: Prasad Sodagudi <psodagud(a)codeaurora.org> Signed-off-by: Pavankumar Kondeti <pkondeti(a)codeaurora.org> Cc: stable(a)vger.kernel.org --- kernel/stop_machine.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/kernel/stop_machine.c b/kernel/stop_machine.c index 1ff523d..e190d1e 100644 --- a/kernel/stop_machine.c +++ b/kernel/stop_machine.c @@ -260,6 +260,15 @@ static int cpu_stop_queue_two_works(int cpu1, struct cpu_stop_work *work1, err = 0; __cpu_stop_queue_work(stopper1, work1, &wakeq); __cpu_stop_queue_work(stopper2, work2, &wakeq); + /* + * The waking up of stopper threads has to happen + * in the same scheduling context as the queueing. + * Otherwise, there is a possibility of one of the + * above stoppers being woken up by another CPU, + * and preempting us. This will cause us to n ot + * wake up the other stopper forever. + */ + preempt_disable(); unlock: raw_spin_unlock(&stopper2->lock); raw_spin_unlock_irq(&stopper1->lock); @@ -271,7 +280,6 @@ static int cpu_stop_queue_two_works(int cpu1, struct cpu_stop_work *work1, } if (!err) { - preempt_disable(); wake_up_q(&wakeq); preempt_enable(); } -- The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project

7 years, 1 month

7
11
0 0

[PATCH] powerpc/fadump: handle crash memory ranges array overflow

by Hari Bathini

Crash memory ranges is an array of memory ranges of the crashing kernel to be exported as a dump via /proc/vmcore file. The size of the array is set based on INIT_MEMBLOCK_REGIONS, which works alright in most cases where memblock memory regions count is less than INIT_MEMBLOCK_REGIONS value. But this count can grow beyond INIT_MEMBLOCK_REGIONS value since commit 142b45a72e22 ("memblock: Add array resizing support"). On large memory systems with a few DLPAR operations, the memblock memory regions count could be larger than INIT_MEMBLOCK_REGIONS value. On such systems, registering fadump results in crash or other system failures like below: task: c00007f39a290010 ti: c00000000b738000 task.ti: c00000000b738000 NIP: c000000000047df4 LR: c0000000000f9e58 CTR: c00000000010f180 REGS: c00000000b73b570 TRAP: 0300 Tainted: G L X (4.4.140+) MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 22004484 XER: 20000000 CFAR: c000000000008500 DAR: 000007a450000000 DSISR: 40000000 SOFTE: 0 GPR00: c0000000000f9e58 c00000000b73b7f0 c000000000f09a00 000000000000001a GPR04: c00007f3bf774c90 0000000000000004 c000000000eb9a00 0000000000000800 GPR08: 0000000000000804 000007a450000000 c000000000fa9a00 c00007ffb169ca20 GPR12: 0000000022004482 c00000000fa12c00 c00007f3a0ea97a8 0000000000000000 GPR16: c00007f3a0ea9a50 c00000000b73bd60 0000000000000118 000000000001fe80 GPR20: 0000000000000118 0000000000000000 c000000000b8c980 00000000000000d0 GPR24: 000007ffb0b10000 c00007ffb169c980 0000000000000000 c000000000b8c980 GPR28: 0000000000000004 c00007ffb169c980 000000000000001a c00007ffb169c980 NIP [c000000000047df4] smp_send_reschedule+0x24/0x80 LR [c0000000000f9e58] resched_curr+0x138/0x160 Call Trace: [c00000000b73b7f0] [c0000000000f9e58] resched_curr+0x138/0x160 (unreliable) [c00000000b73b820] [c0000000000fb538] check_preempt_curr+0xc8/0xf0 [c00000000b73b850] [c0000000000fb598] ttwu_do_wakeup+0x38/0x150 [c00000000b73b890] [c0000000000fc9c4] try_to_wake_up+0x224/0x4d0 [c00000000b73b900] [c00000000011ef34] __wake_up_common+0x94/0x100 [c00000000b73b960] [c00000000034a78c] ep_poll_callback+0xac/0x1c0 [c00000000b73b9b0] [c00000000011ef34] __wake_up_common+0x94/0x100 [c00000000b73ba10] [c00000000011f810] __wake_up_sync_key+0x70/0xa0 [c00000000b73ba60] [c00000000067c3e8] sock_def_readable+0x58/0xa0 [c00000000b73ba90] [c0000000007848ac] unix_stream_sendmsg+0x2dc/0x4c0 [c00000000b73bb70] [c000000000675a38] sock_sendmsg+0x68/0xa0 [c00000000b73bba0] [c00000000067673c] ___sys_sendmsg+0x2cc/0x2e0 [c00000000b73bd30] [c000000000677dbc] __sys_sendmsg+0x5c/0xc0 [c00000000b73bdd0] [c0000000006789bc] SyS_socketcall+0x36c/0x3f0 [c00000000b73be30] [c000000000009488] system_call+0x3c/0x100 Instruction dump: 4e800020 60000000 60420000 3c4c00ec 38421c30 7c0802a6 f8010010 60000000 3d42000a e92ab420 2fa90000 4dde0020 <e9290000> 2fa90000 419e0044 7c0802a6 ---[ end trace a6d1dd4bab5f8253 ]--- as array index overflow is not checked for while setting up crash memory ranges causing memory corruption. To resolve this issue, resize crash memory ranges array on hitting array size limit. But without a hard limit on the number of crash memory ranges, there is a possibility of program headers count overflow in the /proc/vmcore ELF file while exporting each of this memory ranges as PT_LOAD segments. To reduce the likelihood of such scenario, fold adjacent memory ranges to minimize the total number of crash memory ranges. Fixes: 2df173d9e85d ("fadump: Initialize elfcore header and add PT_LOAD program headers.") Cc: stable(a)vger.kernel.org Cc: Mahesh Salgaonkar <mahesh(a)linux.vnet.ibm.com> Signed-off-by: Hari Bathini <hbathini(a)linux.ibm.com> --- arch/powerpc/include/asm/fadump.h | 2 + arch/powerpc/kernel/fadump.c | 63 ++++++++++++++++++++++++++++++++++--- 2 files changed, 59 insertions(+), 6 deletions(-) diff --git a/arch/powerpc/include/asm/fadump.h b/arch/powerpc/include/asm/fadump.h index 5a23010..ff708b3 100644 --- a/arch/powerpc/include/asm/fadump.h +++ b/arch/powerpc/include/asm/fadump.h @@ -196,7 +196,7 @@ struct fadump_crash_info_header { }; /* Crash memory ranges */ -#define INIT_CRASHMEM_RANGES (INIT_MEMBLOCK_REGIONS + 2) +#define INIT_CRASHMEM_RANGES INIT_MEMBLOCK_REGIONS struct fad_crash_memory_ranges { unsigned long long base; diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c index 07e8396..1c1df4f 100644 --- a/arch/powerpc/kernel/fadump.c +++ b/arch/powerpc/kernel/fadump.c @@ -47,7 +47,9 @@ static struct fadump_mem_struct fdm; static const struct fadump_mem_struct *fdm_active; static DEFINE_MUTEX(fadump_mutex); -struct fad_crash_memory_ranges crash_memory_ranges[INIT_CRASHMEM_RANGES]; +struct fad_crash_memory_ranges init_crash_memory_ranges[INIT_CRASHMEM_RANGES]; +int max_crash_mem_ranges = INIT_CRASHMEM_RANGES; +struct fad_crash_memory_ranges *crash_memory_ranges = init_crash_memory_ranges; int crash_mem_ranges; /* Scan the Firmware Assisted dump configuration details. */ @@ -871,14 +873,65 @@ static int __init process_fadump(const struct fadump_mem_struct *fdm_active) static inline void fadump_add_crash_memory(unsigned long long base, unsigned long long end) { + u64 start, size; + bool is_adjacent = false; + if (base == end) return; + /* + * Fold adjacent memory ranges to bring down the memory ranges/ + * PT_LOAD segments count. + */ + if (crash_mem_ranges) { + start = crash_memory_ranges[crash_mem_ranges-1].base; + size = crash_memory_ranges[crash_mem_ranges-1].size; + + if ((start + size) == base) + is_adjacent = true; + } + + if (!is_adjacent) { + /* resize the array on reaching the limit */ + if (crash_mem_ranges == max_crash_mem_ranges) { + u64 old_size, new_max; + struct fad_crash_memory_ranges *new_array; + + old_size = max_crash_mem_ranges; + old_size *= sizeof(struct fad_crash_memory_ranges); + + new_max = max_crash_mem_ranges + INIT_CRASHMEM_RANGES; + size = new_max * sizeof(struct fad_crash_memory_ranges); + + pr_debug("Resizing crash memory ranges count from %d to %d\n", + max_crash_mem_ranges, new_max); + + new_array = kmalloc(size, GFP_KERNEL); + if (new_array == NULL) { + pr_warn("Insufficient memory for setting up crash memory ranges\n"); + return; + } + + /* + * Copy the old memory ranges into the new array before + * free'ing it. + */ + memcpy(new_array, crash_memory_ranges, old_size); + if (crash_memory_ranges != init_crash_memory_ranges) + kfree(crash_memory_ranges); + + crash_memory_ranges = new_array; + max_crash_mem_ranges = new_max; + } + start = base; + crash_memory_ranges[crash_mem_ranges].base = start; + crash_mem_ranges++; + } + + crash_memory_ranges[crash_mem_ranges-1].size = (end - start); + pr_debug("crash_memory_range[%d] [%#016llx-%#016llx], %#llx bytes\n", - crash_mem_ranges, base, end - 1, (end - base)); - crash_memory_ranges[crash_mem_ranges].base = base; - crash_memory_ranges[crash_mem_ranges].size = end - base; - crash_mem_ranges++; + (crash_mem_ranges - 1), start, end - 1, (end - start)); } static void fadump_exclude_reserved_area(unsigned long long start,

7 years, 1 month

4
3
0 0

[PATCH v2] zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature

by Minchan Kim

If zram supports writeback feature, it's no longer a BD_CAP_SYNCHRONOUS_IO device beause zram does asynchronous IO operations for incompressible pages. Do not pretend to be synchronous IO device. It makes the system very sluggish due to waiting for IO completion from upper layers. Furthermore, it causes a user-after-free problem because swap thinks the opearion is done when the IO functions returns so it can free the page (e.g., lock_page_or_retry and goto out_release in do_swap_page) but in fact, IO is asynchronous so the driver could access a just freed page afterward. This patch fixes the problem. BUG: Bad page state in process qemu-system-x86 pfn:3dfab21 page:ffffdfb137eac840 count:0 mapcount:0 mapping:0000000000000000 index:0x1 flags: 0x17fffc000000008(uptodate) raw: 017fffc000000008 dead000000000100 dead000000000200 0000000000000000 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag set bad because of flags: 0x8(uptodate) Modules linked in: lz4 lz4_compress zram zsmalloc intel_rapl sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel bin fmt_misc pcbc aesni_intel aes_x86_64 crypto_simd cryptd iTCO_wdt glue_helper iTCO_vendor_support intel_cstate lpc_ich mei_me intel_uncore intel_rapl_perf pcspkr joydev sg mfd_core ioatdma mei wmi evdev ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter acpi_pad button ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 fscrypto hid_generic usbhid hid sd_mod xhci_pci ehci_pci ahci libahci xhci_hcd ehci_hcd libata igb i2c_algo_bit crc32c_intel scsi_mod i2c_i8 01 dca usbcore CPU: 4 PID: 1039 Comm: qemu-system-x86 Tainted: G B 4.18.0-rc5+ #1 Hardware name: Supermicro Super Server/X10SRL-F, BIOS 2.0b 05/02/2017 Call Trace: dump_stack+0x5c/0x7b bad_page+0xba/0x120 get_page_from_freelist+0x1016/0x1250 __alloc_pages_nodemask+0xfa/0x250 alloc_pages_vma+0x7c/0x1c0 do_swap_page+0x347/0x920 ? __update_load_avg_se.isra.38+0x1eb/0x1f0 ? cpumask_next_wrap+0x3d/0x60 __handle_mm_fault+0x7b4/0x1110 ? update_load_avg+0x5ea/0x720 handle_mm_fault+0xfc/0x1f0 __get_user_pages+0x12f/0x690 get_user_pages_unlocked+0x148/0x1f0 __gfn_to_pfn_memslot+0xff/0x3c0 [kvm] try_async_pf+0x87/0x230 [kvm] tdp_page_fault+0x132/0x290 [kvm] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] kvm_mmu_page_fault+0x74/0x570 [kvm] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmx_vcpu_run+0x375/0x620 [kvm_intel] kvm_arch_vcpu_ioctl_run+0x9b3/0x1990 [kvm] ? __update_load_avg_se.isra.38+0x1eb/0x1f0 ? kvm_vcpu_ioctl+0x388/0x5d0 [kvm] kvm_vcpu_ioctl+0x388/0x5d0 [kvm] ? __switch_to+0x395/0x450 ? __switch_to+0x395/0x450 do_vfs_ioctl+0xa2/0x630 ? __schedule+0x3fd/0x890 ksys_ioctl+0x70/0x80 ? exit_to_usermode_loop+0xca/0xf0 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x55/0x100 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fb30361add7 Code: 00 00 00 48 8b 05 c1 80 2b 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 80 2b 00 f7 d8 64 89 01 48 RSP: 002b:00007fb2e97f98b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000000ae80 RCX: 00007fb30361add7 RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000015 RBP: 00005652b984e0f0 R08: 00005652b7d513d0 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fb308c66000 R14: 0000000000000000 R15: 00005652b984e0f0 * from v1 - description correction - Andrew - add comment about removing BDI_CAP_SYNCHRONOUS_IO Link: https://lore.kernel.org/lkml/0516ae2d-b0fd-92c5-aa92-112ba7bd32fc@contabo.d… Link: http://lkml.kernel.org/r/20180802051112.86174-1-minchan@kernel.org Signed-off-by: Minchan Kim <minchan(a)kernel.org> Reported-by: Tino Lehnig <tino.lehnig(a)contabo.de> Tested-by: Tino Lehnig <tino.lehnig(a)contabo.de> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: <stable(a)vger.kernel.org> [4.15+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index 7436b2d27fa3..82aa1a1f383a 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -298,7 +298,8 @@ static void reset_bdev(struct zram *zram) zram->backing_dev = NULL; zram->old_block_size = 0; zram->bdev = NULL; - + zram->disk->queue->backing_dev_info->capabilities |= + BDI_CAP_SYNCHRONOUS_IO; kvfree(zram->bitmap); zram->bitmap = NULL; } @@ -400,6 +401,18 @@ static ssize_t backing_dev_store(struct device *dev, zram->backing_dev = backing_dev; zram->bitmap = bitmap; zram->nr_pages = nr_pages; + /* + * With writeback feature, zram does asynchronous IO so it's no longer + * synchronous device so let's remove synchronous io flag. Othewise, + * upper layer(e.g., swap) could wait IO completion rather than + * (submit and return), which will cause system sluggish. + * Furthermore, when the IO function returns(e.g., swap_readpage), + * upper layer expects IO was done so it could deallocate the page + * freely but in fact, IO is going on so finally could cause + * use-after-free when the IO is really done. + */ + zram->disk->queue->backing_dev_info->capabilities &= + ~BDI_CAP_SYNCHRONOUS_IO; up_write(&zram->init_lock); pr_info("setup backing device %s\n", file_name); -- 2.18.0.597.ga71716f1ad-goog

7 years, 1 month

1
0
0 0

[PATCH 1/2] zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature

by Minchan Kim

If zram supports writeback feature, it's no more syncrhonous device beause zram does synchronous IO opeation for incompressible page. Do not pretend to be syncrhonous IO device. It makes system very sluggish as waiting IO completion from upper layer. Furthermore, it makes user-after-free problem because swap think the opearion is done when the IO functions returns so it could free page by will(e.g., lock_page_or_retry and goto out_release in do_swap_page) but in fact, IO is asynchrnous so driver could access just freed page afterward. This patch fixes the problem. BUG: Bad page state in process qemu-system-x86 pfn:3dfab21 page:ffffdfb137eac840 count:0 mapcount:0 mapping:0000000000000000 index:0x1 flags: 0x17fffc000000008(uptodate) raw: 017fffc000000008 dead000000000100 dead000000000200 0000000000000000 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag set bad because of flags: 0x8(uptodate) Modules linked in: lz4 lz4_compress zram zsmalloc intel_rapl sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel bin fmt_misc pcbc aesni_intel aes_x86_64 crypto_simd cryptd iTCO_wdt glue_helper iTCO_vendor_support intel_cstate lpc_ich mei_me intel_uncore intel_rapl_perf pcspkr joydev sg mfd_core ioatdma mei wmi evdev ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter acpi_pad button ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 fscrypto hid_generic usbhid hid sd_mod xhci_pci ehci_pci ahci libahci xhci_hcd ehci_hcd libata igb i2c_algo_bit crc32c_intel scsi_mod i2c_i8 01 dca usbcore CPU: 4 PID: 1039 Comm: qemu-system-x86 Tainted: G B 4.18.0-rc5+ #1 Hardware name: Supermicro Super Server/X10SRL-F, BIOS 2.0b 05/02/2017 Call Trace: dump_stack+0x5c/0x7b bad_page+0xba/0x120 get_page_from_freelist+0x1016/0x1250 __alloc_pages_nodemask+0xfa/0x250 alloc_pages_vma+0x7c/0x1c0 do_swap_page+0x347/0x920 ? __update_load_avg_se.isra.38+0x1eb/0x1f0 ? cpumask_next_wrap+0x3d/0x60 __handle_mm_fault+0x7b4/0x1110 ? update_load_avg+0x5ea/0x720 handle_mm_fault+0xfc/0x1f0 __get_user_pages+0x12f/0x690 get_user_pages_unlocked+0x148/0x1f0 __gfn_to_pfn_memslot+0xff/0x3c0 [kvm] try_async_pf+0x87/0x230 [kvm] tdp_page_fault+0x132/0x290 [kvm] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] kvm_mmu_page_fault+0x74/0x570 [kvm] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmexit_fill_RSB+0x18/0x30 [kvm_intel] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] ? vmx_vcpu_run+0x375/0x620 [kvm_intel] kvm_arch_vcpu_ioctl_run+0x9b3/0x1990 [kvm] ? __update_load_avg_se.isra.38+0x1eb/0x1f0 ? kvm_vcpu_ioctl+0x388/0x5d0 [kvm] kvm_vcpu_ioctl+0x388/0x5d0 [kvm] ? __switch_to+0x395/0x450 ? __switch_to+0x395/0x450 do_vfs_ioctl+0xa2/0x630 ? __schedule+0x3fd/0x890 ksys_ioctl+0x70/0x80 ? exit_to_usermode_loop+0xca/0xf0 __x64_sys_ioctl+0x16/0x20 do_syscall_64+0x55/0x100 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fb30361add7 Code: 00 00 00 48 8b 05 c1 80 2b 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 80 2b 00 f7 d8 64 89 01 48 RSP: 002b:00007fb2e97f98b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000000ae80 RCX: 00007fb30361add7 RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000015 RBP: 00005652b984e0f0 R08: 00005652b7d513d0 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fb308c66000 R14: 0000000000000000 R15: 00005652b984e0f0 Link: https://lore.kernel.org/lkml/0516ae2d-b0fd-92c5-aa92-112ba7bd32fc@contabo.d… Reported-by: Tino Lehnig <tino.lehnig(a)contabo.de> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Tino Lehnig <tino.lehnig(a)contabo.de> Cc: <stable(a)vger.kernel.org> # v4.15+ Tested-by: Tino Lehnig <tino.lehnig(a)contabo.de> Signed-off-by: Minchan Kim <minchan(a)kernel.org> --- drivers/block/zram/zram_drv.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index 7436b2d27fa3..0b6eda1bd77a 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -298,7 +298,8 @@ static void reset_bdev(struct zram *zram) zram->backing_dev = NULL; zram->old_block_size = 0; zram->bdev = NULL; - + zram->disk->queue->backing_dev_info->capabilities |= + BDI_CAP_SYNCHRONOUS_IO; kvfree(zram->bitmap); zram->bitmap = NULL; } @@ -400,6 +401,8 @@ static ssize_t backing_dev_store(struct device *dev, zram->backing_dev = backing_dev; zram->bitmap = bitmap; zram->nr_pages = nr_pages; + zram->disk->queue->backing_dev_info->capabilities &= + ~BDI_CAP_SYNCHRONOUS_IO; up_write(&zram->init_lock); pr_info("setup backing device %s\n", file_name); -- 2.18.0.597.ga71716f1ad-goog

7 years, 1 month

3
11
0 0

give editing

by Sam Dennis

Want to know if you have photos for editing? We can edit 300+ images each day. We can work on ecommerce photos, jewelry photos, and portrait photos. We give cut out and clipping path for different kind of photos, and also we provide retouching for them. Send us a test photo and we will do testing for you. Thanks, Sam Dennis

7 years, 1 month

1
0
0 0

Long and short term loan without collateral at 3% interest rate

by Brad Sanwomi

Dear Prospective Client, We provide funding for up to 500 Million USD. Loans are available at 3% interest rate with re-payment period of 1 year to 30 years. We provide:- *Business Loans *Project Loans *Personal Loans *Home Loans e.t.c If interested, please provide the information below:- Name: Amount Needed: Duration: Loan Type(e.g Business, Project or Personal): Country of residence: The above information would help us determine the best way to assist you. Regards Sanwomi Brad

7 years, 1 month

1
0
0 0

[PATCH 4.9 00/32] 4.9.118-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.118 release. There are 32 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon Aug 6 08:26:35 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.118-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.118-rc1 Tony Battersby <tonyb(a)cybernetics.com> scsi: sg: fix minor memory leak in error path Boris Brezillon <boris.brezillon(a)bootlin.com> drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats Herbert Xu <herbert(a)gondor.apana.org.au> crypto: padlock-aes - Fix Nano workaround data corruption Roman Kagan <rkagan(a)virtuozzo.com> kvm: x86: vmx: fix vpid leak Jiang Biao <jiang.biao2(a)zte.com.cn> virtio_balloon: fix another race between migration and ballooning Jeremy Cline <jcline(a)redhat.com> net: socket: fix potential spectre v1 gadget in socketcall Anton Vasilyev <vasilyev(a)ispras.ru> can: ems_usb: Fix memory leak on ems_usb_disconnect() Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: more metadata hardenings Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: more metadata hardening Jose Abreu <Jose.Abreu(a)synopsys.com> net: stmmac: Fix WoL for PCI-based setups Jeremy Cline <jcline(a)redhat.com> netlink: Fix spectre v1 gadget in netlink_create() Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: Do not suspend/resume closed slave_dev Eric Dumazet <edumazet(a)google.com> ipv4: frags: handle possible skb truesize change Eric Dumazet <edumazet(a)google.com> inet: frag: enforce memory limits earlier Eric Dumazet <edumazet(a)google.com> bonding: avoid lockdep confusion in bond_get_stats() Boqun Feng <boqun.feng(a)gmail.com> sched/wait: Remove the lockless swait_active() check in swake_up*() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: intel: Read back TX buffer state Eric Dumazet <edumazet(a)google.com> tcp: add one more quick ack after after ECN events Yousuk Seung <ysseung(a)google.com> tcp: refactor tcp_ecn_check_ce to remove sk type cast Eric Dumazet <edumazet(a)google.com> tcp: do not aggressively quick ack after ECN events Eric Dumazet <edumazet(a)google.com> tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode Eric Dumazet <edumazet(a)google.com> tcp: do not force quickack when receiving out-of-order packets Dmitry Safonov <dima(a)arista.com> netlink: Don't shift with UB on nlk->ngroups Dmitry Safonov <dima(a)arista.com> netlink: Do not subscribe to non-existent groups Xiao Liang <xiliang(a)redhat.com> xen-netfront: wait xenbus state change when load module manually Neal Cardwell <ncardwell(a)google.com> tcp_bbr: fix bw probing to raise in-flight data for very small BDPs Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> NET: stmmac: align DMA stuff to largest cache line length Anton Vasilyev <vasilyev(a)ispras.ru> net: mdio-mux: bcm-iproc: fix wrong getter and setter pair Stefan Wahren <stefan.wahren(a)i2se.com> net: lan78xx: fix rx handling before first packet is send tangpengpeng <tangpengpeng(a)higon.com> net: fix amd-xgbe flow-control issue Gal Pressman <pressmangal(a)gmail.com> net: ena: Fix use of uninitialized DMA address bits field Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> ipv4: remove BUG_ON() from fib_compute_spec_dst ------------- Diffstat: Makefile | 4 +- arch/x86/kvm/vmx.c | 7 ++-- drivers/crypto/padlock-aes.c | 8 +++- drivers/gpu/drm/vc4/vc4_plane.c | 3 ++ drivers/net/bonding/bond_main.c | 14 ++++++- drivers/net/can/usb/ems_usb.c | 1 + drivers/net/ethernet/amazon/ena/ena_com.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 40 ++++++++++++++++++- drivers/net/phy/mdio-mux-bcm-iproc.c | 2 +- drivers/net/usb/lan78xx.c | 2 + drivers/net/xen-netfront.c | 6 +++ drivers/pinctrl/intel/pinctrl-intel.c | 7 +++- drivers/scsi/sg.c | 1 + drivers/virtio/virtio_balloon.c | 2 + fs/squashfs/block.c | 2 + fs/squashfs/fragment.c | 13 ++++-- fs/squashfs/squashfs_fs_sb.h | 1 + fs/squashfs/super.c | 5 ++- include/net/tcp.h | 2 +- kernel/sched/swait.c | 6 --- net/dsa/slave.c | 6 +++ net/ipv4/fib_frontend.c | 4 +- net/ipv4/inet_fragment.c | 10 ++--- net/ipv4/ip_fragment.c | 5 +++ net/ipv4/tcp_bbr.c | 4 ++ net/ipv4/tcp_dctcp.c | 4 +- net/ipv4/tcp_input.c | 48 ++++++++++++----------- net/netlink/af_netlink.c | 7 ++++ net/socket.c | 2 + 31 files changed, 161 insertions(+), 62 deletions(-)

7 years, 1 month

4
35
0 0

[PATCH 4.14 00/23] 4.14.61-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.61 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon Aug 6 08:26:30 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.61-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.61-rc1 Tony Battersby <tonyb(a)cybernetics.com> scsi: sg: fix minor memory leak in error path Boris Brezillon <boris.brezillon(a)bootlin.com> drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats Herbert Xu <herbert(a)gondor.apana.org.au> crypto: padlock-aes - Fix Nano workaround data corruption Jack Morgenstein <jackm(a)dev.mellanox.co.il> RDMA/uverbs: Expand primary and alt AV port checks Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> iwlwifi: add more card IDs for 9000 series Mike Rapoport <rppt(a)linux.vnet.ibm.com> userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails Yi Wang <wang.yi59(a)zte.com.cn> audit: fix potential null dereference 'context->module.name' Roman Kagan <rkagan(a)virtuozzo.com> kvm: x86: vmx: fix vpid leak Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Remove %ebx handling from error_entry/exit Len Brown <len.brown(a)intel.com> x86/apic: Future-proof the TSC_DEADLINE quirk for SKX Jiang Biao <jiang.biao2(a)zte.com.cn> virtio_balloon: fix another race between migration and ballooning Jeremy Cline <jcline(a)redhat.com> net: socket: fix potential spectre v1 gadget in socketcall Anton Vasilyev <vasilyev(a)ispras.ru> can: ems_usb: Fix memory leak on ems_usb_disconnect() Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: more metadata hardenings Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: more metadata hardening Eli Cohen <eli(a)mellanox.com> net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager YueHaibing <yuehaibing(a)huawei.com> rxrpc: Fix user call ID check in rxrpc_service_prealloc_one Jose Abreu <Jose.Abreu(a)synopsys.com> net: stmmac: Fix WoL for PCI-based setups Jeremy Cline <jcline(a)redhat.com> netlink: Fix spectre v1 gadget in netlink_create() Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: Do not suspend/resume closed slave_dev Eric Dumazet <edumazet(a)google.com> ipv4: frags: handle possible skb truesize change Eric Dumazet <edumazet(a)google.com> inet: frag: enforce memory limits earlier Eric Dumazet <edumazet(a)google.com> bonding: avoid lockdep confusion in bond_get_stats() ------------- Diffstat: Makefile | 4 +- arch/x86/entry/entry_64.S | 18 ++---- arch/x86/kernel/apic/apic.c | 3 + arch/x86/kvm/vmx.c | 7 +-- drivers/crypto/padlock-aes.c | 8 ++- drivers/gpu/drm/vc4/vc4_plane.c | 3 + drivers/infiniband/core/uverbs_cmd.c | 59 +++++++++++++++++-- drivers/net/bonding/bond_main.c | 14 ++++- drivers/net/can/usb/ems_usb.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 40 ++++++++++++- drivers/net/wireless/intel/iwlwifi/cfg/9000.c | 69 +++++++++++++++++++++++ drivers/net/wireless/intel/iwlwifi/iwl-config.h | 5 ++ drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 22 ++++++++ drivers/scsi/sg.c | 1 + drivers/virtio/virtio_balloon.c | 2 + fs/squashfs/block.c | 2 + fs/squashfs/fragment.c | 13 +++-- fs/squashfs/squashfs_fs_sb.h | 1 + fs/squashfs/super.c | 5 +- fs/userfaultfd.c | 4 +- kernel/auditsc.c | 13 +++-- net/dsa/slave.c | 6 ++ net/ipv4/inet_fragment.c | 10 ++-- net/ipv4/ip_fragment.c | 5 ++ net/netlink/af_netlink.c | 2 + net/rxrpc/call_accept.c | 4 +- net/socket.c | 2 + 28 files changed, 276 insertions(+), 51 deletions(-)

7 years, 1 month

3
24
0 0

[PATCH 4.17 00/31] 4.17.13-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.17.13 release. There are 31 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon Aug 6 08:26:21 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.17.13-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.17.13-rc1 Tony Battersby <tonyb(a)cybernetics.com> scsi: sg: fix minor memory leak in error path Boris Brezillon <boris.brezillon(a)bootlin.com> drm/atomic: Initialize variables in drm_atomic_helper_async_check() to make gcc happy Boris Brezillon <boris.brezillon(a)bootlin.com> drm/atomic: Check old_plane_state->crtc in drm_atomic_helper_async_check() Boris Brezillon <boris.brezillon(a)bootlin.com> drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats Herbert Xu <herbert(a)gondor.apana.org.au> crypto: padlock-aes - Fix Nano workaround data corruption Jack Morgenstein <jackm(a)dev.mellanox.co.il> RDMA/uverbs: Expand primary and alt AV port checks Rafał Miłecki <rafal(a)milecki.pl> brcmfmac: fix regression in parsing NVRAM for multiple devices Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> iwlwifi: add more card IDs for 9000 series Mike Rapoport <rppt(a)linux.vnet.ibm.com> userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails Jane Chu <jane.chu(a)oracle.com> ipc/shm.c add ->pagesize function to shm_vm_ops Yi Wang <wang.yi59(a)zte.com.cn> audit: fix potential null dereference 'context->module.name' Roman Kagan <rkagan(a)virtuozzo.com> kvm: x86: vmx: fix vpid leak Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Remove %ebx handling from error_entry/exit Len Brown <len.brown(a)intel.com> x86/apic: Future-proof the TSC_DEADLINE quirk for SKX Brijesh Singh <brijesh.singh(a)amd.com> x86/efi: Access EFI MMIO data as unencrypted when SEV is active Jiang Biao <jiang.biao2(a)zte.com.cn> virtio_balloon: fix another race between migration and ballooning Jeremy Cline <jcline(a)redhat.com> net: socket: Fix potential spectre v1 gadget in sock_is_registered Jeremy Cline <jcline(a)redhat.com> net: socket: fix potential spectre v1 gadget in socketcall Anton Vasilyev <vasilyev(a)ispras.ru> can: ems_usb: Fix memory leak on ems_usb_disconnect() Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: more metadata hardenings Linus Torvalds <torvalds(a)linux-foundation.org> squashfs: more metadata hardening Feras Daoud <ferasda(a)mellanox.com> net/mlx5e: IPoIB, Set the netdevice sw mtu in ipoib enhanced flow Or Gerlitz <ogerlitz(a)mellanox.com> net/mlx5e: Set port trust mode to PCP as default Eli Cohen <eli(a)mellanox.com> net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager YueHaibing <yuehaibing(a)huawei.com> rxrpc: Fix user call ID check in rxrpc_service_prealloc_one Jose Abreu <Jose.Abreu(a)synopsys.com> net: stmmac: Fix WoL for PCI-based setups Jeremy Cline <jcline(a)redhat.com> netlink: Fix spectre v1 gadget in netlink_create() Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: Do not suspend/resume closed slave_dev Eric Dumazet <edumazet(a)google.com> ipv4: frags: handle possible skb truesize change Eric Dumazet <edumazet(a)google.com> inet: frag: enforce memory limits earlier Eric Dumazet <edumazet(a)google.com> bonding: avoid lockdep confusion in bond_get_stats() ------------- Diffstat: Makefile | 4 +- arch/x86/entry/entry_64.S | 18 ++---- arch/x86/kernel/apic/apic.c | 3 + arch/x86/kvm/vmx.c | 7 +-- arch/x86/platform/efi/efi_64.c | 2 +- drivers/crypto/padlock-aes.c | 8 ++- drivers/gpu/drm/drm_atomic_helper.c | 8 ++- drivers/gpu/drm/vc4/vc4_plane.c | 3 + drivers/infiniband/core/uverbs_cmd.c | 59 ++++++++++++++++-- drivers/net/bonding/bond_main.c | 14 ++++- drivers/net/can/usb/ems_usb.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 4 +- .../net/ethernet/mellanox/mlx5/core/ipoib/ipoib.c | 4 ++ drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 40 ++++++++++++- .../wireless/broadcom/brcm80211/brcmfmac/pcie.c | 3 +- drivers/net/wireless/intel/iwlwifi/cfg/9000.c | 69 ++++++++++++++++++++++ drivers/net/wireless/intel/iwlwifi/iwl-config.h | 5 ++ drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 22 +++++++ drivers/scsi/sg.c | 1 + drivers/virtio/virtio_balloon.c | 2 + fs/squashfs/block.c | 2 + fs/squashfs/fragment.c | 13 ++-- fs/squashfs/squashfs_fs_sb.h | 1 + fs/squashfs/super.c | 5 +- fs/userfaultfd.c | 4 +- ipc/shm.c | 12 ++++ kernel/auditsc.c | 13 ++-- mm/hugetlb.c | 7 +++ net/dsa/slave.c | 6 ++ net/ipv4/inet_fragment.c | 6 +- net/ipv4/ip_fragment.c | 5 ++ net/netlink/af_netlink.c | 2 + net/rxrpc/call_accept.c | 4 +- net/socket.c | 5 +- 35 files changed, 309 insertions(+), 55 deletions(-)

7 years, 1 month

3
31
0 0

[PATCHv2] netlink: Don't shift on 64 for ngroups

by Dmitry Safonov

It's legal to have 64 groups for netlink_sock. As user-supplied nladdr->nl_groups is __u32, it's possible to subscribe only to first 32 groups. The check for correctness of .bind() userspace supplied parameter is done by applying mask made from ngroups shift. Which broke Android as they have 64 groups and the shift for mask resulted in an overflow. Fixes: 61f4b23769f0 ("netlink: Don't shift with UB on nlk->ngroups") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Herbert Xu <herbert(a)gondor.apana.org.au> Cc: Steffen Klassert <steffen.klassert(a)secunet.com> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org Reported-and-Tested-by: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Dmitry Safonov <dima(a)arista.com> --- v2: sizeof() is in bytes net/netlink/af_netlink.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 7d860a22e5fb..d6ff4d409437 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1011,8 +1011,8 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, if (nlk->ngroups == 0) groups = 0; - else - groups &= (1ULL << nlk->ngroups) - 1; + else if (nlk->ngroups < 8*sizeof(groups)) + groups &= (1UL << nlk->ngroups) - 1; bound = nlk->bound; if (bound) { -- 2.13.6

7 years, 1 month

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror