The patch below does not apply to the 4.14-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From f068090426ea8d72c408ebd42953a82a88e2282c Mon Sep 17 00:00:00 2001
From: Mathias Nyman <mathias.nyman(a)linux.intel.com>
Date: Fri, 9 Nov 2018 17:21:17 +0200
Subject: [PATCH] xhci: Fix leaking USB3 shared_hcd at xhci removal
Ensure that the shared_hcd pointer is valid when calling usb_put_hcd()
The shared_hcd is removed and freed in xhci by first calling
usb_remove_hcd(xhci->shared_hcd), and later
usb_put_hcd(xhci->shared_hcd)
Afer commit fe190ed0d602 ("xhci: Do not halt the host until both HCD have
disconnected their devices.") the shared_hcd was never properly put as
xhci->shared_hcd was set to NULL before usb_put_hcd(xhci->shared_hcd) was
called.
shared_hcd (USB3) is removed before primary hcd (USB2).
While removing the primary hcd we might need to handle xhci interrupts
to cleanly remove last USB2 devices, therefore we need to set
xhci->shared_hcd to NULL before removing the primary hcd to let xhci
interrupt handler know shared_hcd is no longer available.
xhci-plat.c, xhci-histb.c and xhci-mtk first create both their hcd's before
adding them. so to keep the correct reverse removal order use a temporary
shared_hcd variable for them.
For more details see commit 4ac53087d6d4 ("usb: xhci: plat: Create both
HCDs before adding them")
Fixes: fe190ed0d602 ("xhci: Do not halt the host until both HCD have disconnected their devices.")
Cc: Joel Stanley <joel(a)jms.id.au>
Cc: Chunfeng Yun <chunfeng.yun(a)mediatek.com>
Cc: Thierry Reding <treding(a)nvidia.com>
Cc: Jianguo Sun <sunjianguo1(a)huawei.com>
Cc: <stable(a)vger.kernel.org>
Reported-by: Jack Pham <jackp(a)codeaurora.org>
Tested-by: Jack Pham <jackp(a)codeaurora.org>
Tested-by: Peter Chen <peter.chen(a)nxp.com>
Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/usb/host/xhci-histb.c b/drivers/usb/host/xhci-histb.c
index 27f00160332e..3c4abb5a1c3f 100644
--- a/drivers/usb/host/xhci-histb.c
+++ b/drivers/usb/host/xhci-histb.c
@@ -325,14 +325,16 @@ static int xhci_histb_remove(struct platform_device *dev)
struct xhci_hcd_histb *histb = platform_get_drvdata(dev);
struct usb_hcd *hcd = histb->hcd;
struct xhci_hcd *xhci = hcd_to_xhci(hcd);
+ struct usb_hcd *shared_hcd = xhci->shared_hcd;
xhci->xhc_state |= XHCI_STATE_REMOVING;
- usb_remove_hcd(xhci->shared_hcd);
+ usb_remove_hcd(shared_hcd);
+ xhci->shared_hcd = NULL;
device_wakeup_disable(&dev->dev);
usb_remove_hcd(hcd);
- usb_put_hcd(xhci->shared_hcd);
+ usb_put_hcd(shared_hcd);
xhci_histb_host_disable(histb);
usb_put_hcd(hcd);
diff --git a/drivers/usb/host/xhci-mtk.c b/drivers/usb/host/xhci-mtk.c
index 71d0d33c3286..60987c787e44 100644
--- a/drivers/usb/host/xhci-mtk.c
+++ b/drivers/usb/host/xhci-mtk.c
@@ -590,12 +590,14 @@ static int xhci_mtk_remove(struct platform_device *dev)
struct xhci_hcd_mtk *mtk = platform_get_drvdata(dev);
struct usb_hcd *hcd = mtk->hcd;
struct xhci_hcd *xhci = hcd_to_xhci(hcd);
+ struct usb_hcd *shared_hcd = xhci->shared_hcd;
- usb_remove_hcd(xhci->shared_hcd);
+ usb_remove_hcd(shared_hcd);
+ xhci->shared_hcd = NULL;
device_init_wakeup(&dev->dev, false);
usb_remove_hcd(hcd);
- usb_put_hcd(xhci->shared_hcd);
+ usb_put_hcd(shared_hcd);
usb_put_hcd(hcd);
xhci_mtk_sch_exit(mtk);
xhci_mtk_clks_disable(mtk);
diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c
index 01c57055c0c5..1fb448cd2667 100644
--- a/drivers/usb/host/xhci-pci.c
+++ b/drivers/usb/host/xhci-pci.c
@@ -380,6 +380,7 @@ static void xhci_pci_remove(struct pci_dev *dev)
if (xhci->shared_hcd) {
usb_remove_hcd(xhci->shared_hcd);
usb_put_hcd(xhci->shared_hcd);
+ xhci->shared_hcd = NULL;
}
/* Workaround for spurious wakeups at shutdown with HSW */
diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c
index 32b5574ad5c5..ef09cb06212f 100644
--- a/drivers/usb/host/xhci-plat.c
+++ b/drivers/usb/host/xhci-plat.c
@@ -362,14 +362,16 @@ static int xhci_plat_remove(struct platform_device *dev)
struct xhci_hcd *xhci = hcd_to_xhci(hcd);
struct clk *clk = xhci->clk;
struct clk *reg_clk = xhci->reg_clk;
+ struct usb_hcd *shared_hcd = xhci->shared_hcd;
xhci->xhc_state |= XHCI_STATE_REMOVING;
- usb_remove_hcd(xhci->shared_hcd);
+ usb_remove_hcd(shared_hcd);
+ xhci->shared_hcd = NULL;
usb_phy_shutdown(hcd->usb_phy);
usb_remove_hcd(hcd);
- usb_put_hcd(xhci->shared_hcd);
+ usb_put_hcd(shared_hcd);
clk_disable_unprepare(clk);
clk_disable_unprepare(reg_clk);
diff --git a/drivers/usb/host/xhci-tegra.c b/drivers/usb/host/xhci-tegra.c
index 6b5db344de30..938ff06c0349 100644
--- a/drivers/usb/host/xhci-tegra.c
+++ b/drivers/usb/host/xhci-tegra.c
@@ -1303,6 +1303,7 @@ static int tegra_xusb_remove(struct platform_device *pdev)
usb_remove_hcd(xhci->shared_hcd);
usb_put_hcd(xhci->shared_hcd);
+ xhci->shared_hcd = NULL;
usb_remove_hcd(tegra->hcd);
usb_put_hcd(tegra->hcd);
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 0420eefa647a..c928dbbff881 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -719,8 +719,6 @@ static void xhci_stop(struct usb_hcd *hcd)
/* Only halt host and free memory after both hcds are removed */
if (!usb_hcd_is_primary_hcd(hcd)) {
- /* usb core will free this hcd shortly, unset pointer */
- xhci->shared_hcd = NULL;
mutex_unlock(&xhci->mutex);
return;
}
While debugging some crashes related to virtio-balloon deflation that
happened under the old balloon migration code, I stumbled over a race
that still exists today.
What we experienced:
drivers/virtio/virtio_balloon.c:release_pages_balloon():
- WARNING: CPU: 13 PID: 6586 at lib/list_debug.c:59 __list_del_entry+0xa1/0xd0
- list_del corruption. prev->next should be ffffe253961090a0, but was dead000000000100
Turns out after having added the page to a local list when dequeuing,
the page would suddenly be moved to an LRU list before we would free it
via the local list, corrupting both lists. So a page we own and that is
!LRU was moved to an LRU list.
In __unmap_and_move(), we lock the old and newpage and perform the
migration. In case of vitio-balloon, the new page will become
movable, the old page will no longer be movable.
However, after unlocking newpage, there is nothing stopping the newpage
from getting dequeued and freed by virtio-balloon. This
will result in the newpage
1. No longer having PageMovable()
2. Getting moved to the local list before finally freeing it (using
page->lru)
Back in the migration thread in __unmap_and_move(), we would after
unlocking the newpage suddenly no longer have PageMovable(newpage) and
will therefore call putback_lru_page(newpage), modifying page->lru
although that list is still in use by virtio-balloon.
To summarize, we have a race between migrating the newpage and checking
for PageMovable(newpage). Instead of checking PageMovable(newpage), we
can simply rely on is_lru of the original page.
Looks like this was introduced by d6d86c0a7f8d ("mm/balloon_compaction:
redesign ballooned pages management"), which was backported up to 3.12.
Old compaction code used PageBalloon() via -_is_movable_balloon_page()
instead of PageMovable(), however with the same semantics.
Cc: Andrew Morton <akpm(a)linux-foundation.org>
Cc: Mel Gorman <mgorman(a)techsingularity.net>
Cc: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com>
Cc: Michal Hocko <mhocko(a)suse.com>
Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com>
Cc: Jan Kara <jack(a)suse.cz>
Cc: Andrea Arcangeli <aarcange(a)redhat.com>
Cc: Dominik Brodowski <linux(a)dominikbrodowski.net>
Cc: Matthew Wilcox <willy(a)infradead.org>
Cc: Vratislav Bendel <vbendel(a)redhat.com>
Cc: Rafael Aquini <aquini(a)redhat.com>
Cc: Konstantin Khlebnikov <k.khlebnikov(a)samsung.com>
Cc: Minchan Kim <minchan(a)kernel.org>
Cc: stable(a)vger.kernel.org # 3.12+
Fixes: d6d86c0a7f8d ("mm/balloon_compaction: redesign ballooned pages management")
Reported-by: Vratislav Bendel <vbendel(a)redhat.com>
Acked-by: Michal Hocko <mhocko(a)suse.com>
Acked-by: Rafael Aquini <aquini(a)redhat.com>
Signed-off-by: David Hildenbrand <david(a)redhat.com>
---
mm/migrate.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/mm/migrate.c b/mm/migrate.c
index 4512afab46ac..31e002270b05 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -1135,10 +1135,12 @@ static int __unmap_and_move(struct page *page, struct page *newpage,
* If migration is successful, decrease refcount of the newpage
* which will not free the page because new page owner increased
* refcounter. As well, if it is LRU page, add the page to LRU
- * list in here.
+ * list in here. Don't rely on PageMovable(newpage), as that could
+ * already have changed after unlocking newpage (e.g.
+ * virtio-balloon deflation).
*/
if (rc == MIGRATEPAGE_SUCCESS) {
- if (unlikely(__PageMovable(newpage)))
+ if (unlikely(!is_lru))
put_page(newpage);
else
putback_lru_page(newpage);
--
2.17.2
Hi Greg,
Could you please backport the following commits to 4.14, 4.19, and 4.20 stable trees.
The commit 5cbab6303b fixes a bogus dereference under heavy load, and the other commit(ad1f82494) resolves the dependency issue.
Commit #1:
commit ad1f824948e4ed886529219cf7cd717d078c630d
Author: Israel Rukshin <israelr(a)mellanox.com>
Date: Mon Nov 19 10:58:51 2018 +0000
nvmet-rdma: Add unlikely for response allocated check
Commit #2:
commit 5cbab6303b4791a3e6713dfe2c5fda6a867f9adc
Author: Raju Rangoju <rajur(a)chelsio.com>
Date: Thu Jan 3 23:05:31 2019 +0530
nvmet-rdma: fix null dereference under heavy load
Thanks,
Raju
The patch below does not apply to the 4.14-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
>From 60f1bf29c0b2519989927cae640cd1f50f59dc7f Mon Sep 17 00:00:00 2001
From: David Hildenbrand <david(a)redhat.com>
Date: Fri, 11 Jan 2019 15:18:22 +0100
Subject: [PATCH] s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU
When calling smp_call_ipl_cpu() from the IPL CPU, we will try to read
from pcpu_devices->lowcore. However, due to prefixing, that will result
in reading from absolute address 0 on that CPU. We have to go via the
actual lowcore instead.
This means that right now, we will read lc->nodat_stack == 0 and
therfore work on a very wrong stack.
This BUG essentially broke rebooting under QEMU TCG (which will report
a low address protection exception). And checking under KVM, it is
also broken under KVM. With 1 VCPU it can be easily triggered.
:/# echo 1 > /proc/sys/kernel/sysrq
:/# echo b > /proc/sysrq-trigger
[ 28.476745] sysrq: SysRq : Resetting
[ 28.476793] Kernel stack overflow.
[ 28.476817] CPU: 0 PID: 424 Comm: sh Not tainted 5.0.0-rc1+ #13
[ 28.476820] Hardware name: IBM 2964 NE1 716 (KVM/Linux)
[ 28.476826] Krnl PSW : 0400c00180000000 0000000000115c0c (pcpu_delegate+0x12c/0x140)
[ 28.476861] R:0 T:1 IO:0 EX:0 Key:0 M:0 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3
[ 28.476863] Krnl GPRS: ffffffffffffffff 0000000000000000 000000000010dff8 0000000000000000
[ 28.476864] 0000000000000000 0000000000000000 0000000000ab7090 000003e0006efbf0
[ 28.476864] 000000000010dff8 0000000000000000 0000000000000000 0000000000000000
[ 28.476865] 000000007fffc000 0000000000730408 000003e0006efc58 0000000000000000
[ 28.476887] Krnl Code: 0000000000115bfe: 4170f000 la %r7,0(%r15)
[ 28.476887] 0000000000115c02: 41f0a000 la %r15,0(%r10)
[ 28.476887] #0000000000115c06: e370f0980024 stg %r7,152(%r15)
[ 28.476887] >0000000000115c0c: c0e5fffff86e brasl %r14,114ce8
[ 28.476887] 0000000000115c12: 41f07000 la %r15,0(%r7)
[ 28.476887] 0000000000115c16: a7f4ffa8 brc 15,115b66
[ 28.476887] 0000000000115c1a: 0707 bcr 0,%r7
[ 28.476887] 0000000000115c1c: 0707 bcr 0,%r7
[ 28.476901] Call Trace:
[ 28.476902] Last Breaking-Event-Address:
[ 28.476920] [<0000000000a01c4a>] arch_call_rest_init+0x22/0x80
[ 28.476927] Kernel panic - not syncing: Corrupt kernel stack, can't continue.
[ 28.476930] CPU: 0 PID: 424 Comm: sh Not tainted 5.0.0-rc1+ #13
[ 28.476932] Hardware name: IBM 2964 NE1 716 (KVM/Linux)
[ 28.476932] Call Trace:
Fixes: 2f859d0dad81 ("s390/smp: reduce size of struct pcpu")
Cc: stable(a)vger.kernel.org # 4.0+
Reported-by: Cornelia Huck <cohuck(a)redhat.com>
Signed-off-by: David Hildenbrand <david(a)redhat.com>
Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com>
diff --git a/arch/s390/kernel/smp.c b/arch/s390/kernel/smp.c
index 307a1c86ea21..b198ece2aad6 100644
--- a/arch/s390/kernel/smp.c
+++ b/arch/s390/kernel/smp.c
@@ -381,8 +381,13 @@ void smp_call_online_cpu(void (*func)(void *), void *data)
*/
void smp_call_ipl_cpu(void (*func)(void *), void *data)
{
+ struct lowcore *lc = pcpu_devices->lowcore;
+
+ if (pcpu_devices[0].address == stap())
+ lc = &S390_lowcore;
+
pcpu_delegate(&pcpu_devices[0], func, data,
- pcpu_devices->lowcore->nodat_stack);
+ lc->nodat_stack);
}
int smp_find_processor_id(u16 address)
From: Marc Zyngier <marc.zyngier(a)arm.com>
Commit 8208d1708b88b412ca97f50a6d951242c88cbbac upstream.
The way we allocate events works fine in most cases, except
when multiple PCI devices share an ITS-visible DevID, and that
one of them is trying to use MultiMSI allocation.
In that case, our allocation is not guaranteed to be zero-based
anymore, and we have to make sure we allocate it on a boundary
that is compatible with the PCI Multi-MSI constraints.
Fix this by allocating the full region upfront instead of iterating
over the number of MSIs. MSI-X are always allocated one by one,
so this shouldn't change anything on that front.
Fixes: b48ac83d6bbc2 ("irqchip: GICv3: ITS: MSI support")
Cc: <stable(a)vger.kernel.org> # v4.4 - v4.9
Reported-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org>
Tested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com>
[ardb: rebased onto v4.9.153, should apply cleanly onto v4.4.y as well]
Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org>
---
drivers/irqchip/irq-gic-v3-its.c | 25 ++++++++++----------
1 file changed, 13 insertions(+), 12 deletions(-)
diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c
index 558c7589c329..83ca754250fb 100644
--- a/drivers/irqchip/irq-gic-v3-its.c
+++ b/drivers/irqchip/irq-gic-v3-its.c
@@ -1372,13 +1372,14 @@ static void its_free_device(struct its_device *its_dev)
kfree(its_dev);
}
-static int its_alloc_device_irq(struct its_device *dev, irq_hw_number_t *hwirq)
+static int its_alloc_device_irq(struct its_device *dev, int nvecs, irq_hw_number_t *hwirq)
{
int idx;
- idx = find_first_zero_bit(dev->event_map.lpi_map,
- dev->event_map.nr_lpis);
- if (idx == dev->event_map.nr_lpis)
+ idx = bitmap_find_free_region(dev->event_map.lpi_map,
+ dev->event_map.nr_lpis,
+ get_count_order(nvecs));
+ if (idx < 0)
return -ENOSPC;
*hwirq = dev->event_map.lpi_base + idx;
@@ -1464,20 +1465,20 @@ static int its_irq_domain_alloc(struct irq_domain *domain, unsigned int virq,
int err;
int i;
- for (i = 0; i < nr_irqs; i++) {
- err = its_alloc_device_irq(its_dev, &hwirq);
- if (err)
- return err;
+ err = its_alloc_device_irq(its_dev, nr_irqs, &hwirq);
+ if (err)
+ return err;
- err = its_irq_gic_domain_alloc(domain, virq + i, hwirq);
+ for (i = 0; i < nr_irqs; i++) {
+ err = its_irq_gic_domain_alloc(domain, virq + i, hwirq + i);
if (err)
return err;
irq_domain_set_hwirq_and_chip(domain, virq + i,
- hwirq, &its_irq_chip, its_dev);
+ hwirq + i, &its_irq_chip, its_dev);
pr_debug("ID:%d pID:%d vID:%d\n",
- (int)(hwirq - its_dev->event_map.lpi_base),
- (int) hwirq, virq + i);
+ (int)(hwirq + i - its_dev->event_map.lpi_base),
+ (int)(hwirq + i), virq + i);
}
return 0;
--
2.20.1
Adding stable since I see Greg's Sign-off-by on recent backports
to this driver.
On Wed, Dec 19, 2018 at 10:55:16AM +0100, Niklas Cassel wrote:
> Hello David,
>
> I can observe a netdev watchdog timeout on kernel 4.14.78 when using stmmac
> with multiple tx queues.
>
> Backporting the following commit:
>
> commit 52a76235d0c4dd259cd0df503afed4757c04ba1d
> Author: Jose Abreu <Jose.Abreu(a)synopsys.com>
> Date: Fri Oct 13 10:58:36 2017 +0100
>
> net: stmmac: Use correct values in TQS/RQS fields
>
> Currently we are using all the available fifo size in RQS and
> TQS fields. This will not work correctly in multi-queues IP's
> because total fifo size must be splitted to the enabled queues.
>
> Correct this by computing the available fifo size per queue and
> setting the right value in TQS and RQS fields.
>
> Signed-off-by: Jose Abreu <joabreu(a)synopsys.com>
> Cc: David S. Miller <davem(a)davemloft.net>
> Cc: Joao Pinto <jpinto(a)synopsys.com>
> Cc: Giuseppe Cavallaro <peppe.cavallaro(a)st.com>
> Cc: Alexandre Torgue <alexandre.torgue(a)st.com>
> Signed-off-by: David S. Miller <davem(a)davemloft.net>
>
>
> resolves the issue.
>
> The fix was first included in v4.15
> $ git tag --contains 52a76235d0c4dd259cd0df503afed4757c04ba1d
> v4.15
> v4.15-rc1
> v4.15-rc2
>
> Could you please queue it up for 4.14 stable?
>
>
> Kind regards,
> Niklas
Hi,
> The bot has tested the following trees: v4.20.5, v4.19.18, v4.14.96,
> v4.9.153, v4.4.172, v3.18.133.
>
> v4.20.5: Build OK!
> v4.19.18: Build OK!
> v4.14.96: Failed to apply! Possible dependencies:
> v4.9.153: Failed to apply! Possible dependencies:
> v4.4.172: Failed to apply! Possible dependencies:
> v3.18.133: Failed to apply! Possible dependencies:
>
> How should we proceed with this patch?
Unfortunately, I have no idea how stable trees process failed-to-apply
patches. The obvious answer would be "backport it".
Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security | Senior Software Engineer
Hello,
We ran automated tests on a patchset that was proposed for merging into this
kernel tree. The patches were applied to:
Kernel repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Commit: 9f1a389a0b5b Linux 4.20.5
The results of these automated tests are provided below.
Overall result: FAILED (see details below)
Patch merge: OK
Compile: OK
Kernel tests: FAILED
One or more kernel tests failed:
powerpc64le: PASSED
s390x: PASSED
aarch64: PASSED
x86_64: PASSED
We hope that these logs can help you find the problem quickly. For the full
detail on our testing procedures, please scroll to the bottom of this message.
Please reply to this email if you have any questions about the tests that we
ran or if you have any suggestions on how to make future tests more effective.
,-. ,-.
( C ) ( K ) Continuous
`-',-.`-' Kernel
( I ) Integration
`-'
______________________________________________________________________________
Merge testing
-------------
We cloned this repository and checked out a ref:
Repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Ref: 9f1a389a0b5b Linux 4.20.5
We then merged the following patches with `git am`:
amd-xgbe-fix-mdio-access-for-non-zero-ports-and-clause-45-phys.patch
net-bridge-fix-ethernet-header-pointer-before-check-skb-forwardable.patch
net-fix-usage-of-pskb_trim_rcsum.patch
net-phy-marvell-errata-for-mv88e6390-internal-phys.patch
net-phy-mdio_bus-add-missing-device_del-in-mdiobus_register-error-handling.patch
net-phy-phy-driver-features-are-mandatory.patch
net-sched-act_tunnel_key-fix-memory-leak-in-case-of-action-replace.patch
net_sched-refetch-skb-protocol-for-each-filter.patch
openvswitch-avoid-oob-read-when-parsing-flow-nlattrs.patch
vhost-log-dirty-page-correctly.patch
mlxsw-pci-increase-pci-sw-reset-timeout.patch
net-ipv4-fix-memory-leak-in-network-namespace-dismantle.patch
mlxsw-spectrum_fid-update-dummy-fid-index.patch
mlxsw-pci-ring-cq-s-doorbell-before-rdq-s.patch
net-sched-cls_flower-allocate-mask-dynamically-in-fl_change.patch
udp-with-udp_segment-release-on-error-path.patch
ip6_gre-fix-tunnel-list-corruption-for-x-netns.patch
erspan-build-the-header-with-the-right-proto-according-to-erspan_ver.patch
net-phy-marvell-fix-deadlock-from-wrong-locking.patch
ip6_gre-update-version-related-info-when-changing-link.patch
tcp-allow-msg_zerocopy-transmission-also-in-close_wait-state.patch
arm-fix-the-cockup-in-the-previous-patch.patch
sunrpc-address-kerberos-performance-behavior-regress.patch
mei-me-mark-lbg-devices-as-having-dma-support.patch
mei-me-add-denverton-innovation-engine-device-ids.patch
usb-leds-fix-regression-in-usbport-led-trigger.patch
usb-ehci-ehci-mv-add-module_device_table.patch
usb-serial-ftdi_sio-fix-gpio-not-working-in-autosuspend.patch
usb-serial-simple-add-motorola-tetra-tpg2200-device-id.patch
usb-serial-pl2303-add-new-pid-to-support-pl2303tb.patch
ceph-clear-inode-pointer-when-snap-realm-gets-dropped-by-its-inode.patch
asoc-atom-fix-a-missing-check-of-snd_pcm_lib_malloc_pages.patch
asoc-rt5514-spi-fix-potential-null-pointer-dereference.patch
asoc-tlv320aic32x4-kernel-oops-while-entering-dapm-standby-mode.patch
clk-zynqmp-fix-memory-allocation-in-zynqmp_clk_setup.patch
clk-socfpga-stratix10-fix-rate-calculation-for-pll-clocks.patch
clk-socfpga-stratix10-fix-naming-convention-for-the-fixed-clocks.patch
inotify-fix-fd-refcount-leak-in-inotify_add_watch.patch
alsa-hda-realtek-fix-typo-for-alc225-model.patch
alsa-hda-add-mute-led-support-for-hp-probook-470-g5.patch
arcv2-lib-memeset-fix-doing-prefetchw-outside-of-buffer.patch
arc-adjust-memblock_reserve-of-kernel-memory.patch
arc-perf-map-generic-branches-to-correct-hardware-condition.patch
s390-vdso-correct-vdso-mapping-for-compat-tasks.patch
s390-mm-always-force-a-load-of-the-primary-asce-on-context-switch.patch
s390-early-improve-machine-detection.patch
s390-smp-fix-cpu-hotplug-deadlock-with-cpu-rescan.patch
s390-smp-fix-calling-smp_call_ipl_cpu-from-ipl-cpu.patch
misc-ibmvsm-fix-potential-null-pointer-dereference.patch
char-mwave-fix-potential-spectre-v1-vulnerability.patch
mmc-sdhci-iproc-handle-mmc_of_parse-errors-during-probe.patch
mmc-dw_mmc-bluefield-fix-the-license-information.patch
mmc-meson-gx-free-irq-in-release-callback.patch
staging-rtl8188eu-add-device-code-for-d-link-dwa-121-rev-b1.patch
tty-handle-problem-if-line-discipline-does-not-have-receive_buf.patch
uart-fix-crash-in-uart_write-and-uart_put_char.patch
tty-n_hdlc-fix-__might_sleep-warning.patch
hv_balloon-avoid-touching-uninitialized-struct-page-during-tail-onlining.patch
drivers-hv-vmbus-check-for-ring-when-getting-debug-info.patch
vgacon-unconfuse-vc_origin-when-using-soft-scrollback.patch
cifs-fix-possible-hang-during-async-mtu-reads-and-writes.patch
cifs-fix-credits-calculations-for-reads-with-errors.patch
cifs-fix-credit-calculation-for-encrypted-reads-with-errors.patch
cifs-do-not-reconnect-tcp-session-in-add_credits.patch
smb3-add-credits-we-receive-from-oplock-break-pdus.patch
input-xpad-add-support-for-steelseries-stratus-duo.patch
input-input_event-provide-override-for-sparc64.patch
input-uinput-fix-undefined-behavior-in-uinput_validate_absinfo.patch
acpi-nfit-block-function-zero-dsms.patch
acpi-nfit-fix-command-supported-detection.patch
scsi-ufs-use-explicit-access-size-in-ufshcd_dump_regs.patch
dm-thin-fix-passdown_double_checking_shared_status.patch
dm-crypt-fix-parsing-of-extended-iv-arguments.patch
drm-amdgpu-add-aptx-quirk-for-lenovo-laptop.patch
edac-altera-fix-s10-persistent-register-offset.patch
kvm-x86-fix-single-step-debugging.patch
kvm-x86-fix-pv-ipis-for-32-bit-kvm-host.patch
kvm-x86-warn_once-if-sending-a-pv-ipi-returns-a-fatal-error.patch
kvm-x86-vmx-use-kzalloc-for-cached_vmcs12.patch
x86-pkeys-properly-copy-pkey-state-at-fork.patch
x86-selftests-pkeys-fork-to-check-for-state-being-preserved.patch
x86-kaslr-fix-incorrect-i8254-outb-parameters.patch
x86-entry-64-compat-fix-stack-switching-for-xen-pv.patch
posix-cpu-timers-unbreak-timer-rearming.patch
net-sun-cassini-cleanup-license-conflict.patch
irqchip-gic-v3-its-align-pci-multi-msi-allocation-on-their-size.patch
can-dev-__can_get_echo_skb-fix-bogous-check-for-non-existing-skb-by-removing-it.patch
can-bcm-check-timer-values-before-ktime-conversion.patch
can-flexcan-fix-null-pointer-exception-during-bringup.patch
vt-make-vt_console_print-compatible-with-the-unicode-screen-buffer.patch
vt-always-call-notifier-with-the-console-lock-held.patch
vt-invoke-notifier-on-screen-size-change.patch
drm-meson-fix-atomic-mode-switching-regression.patch
Compile testing
---------------
We compiled the kernel for 4 architectures:
powerpc64le:
make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64
configuration: https://artifacts.cki-project.org/builds/ppc64le/0bcf75d067e11bab66cb635da9…
s390x:
make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64
configuration: https://artifacts.cki-project.org/builds/s390x/f137b3c0e426bab253e2332931de…
aarch64:
make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64
configuration: https://artifacts.cki-project.org/builds/aarch64/0bd7f3a1cb649a63f6f0c4cd30…
x86_64:
make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64
configuration: https://artifacts.cki-project.org/builds/x86_64/42f517be5ad60afbedcb5200199…
Hardware testing
----------------
We booted each kernel and ran the following tests:
powerpc:
s390:
Boot test
- URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution…
/distribution/command
LTP lite - release 20180926
- URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution…
AMTU (Abstract Machine Test Utility)
- URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu
arm64:
Boot test
- URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution…
/distribution/command
LTP lite - release 20180926
- URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution…
xfstests: xfs
- URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems…
AMTU (Abstract Machine Test Utility)
- URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu
Usex - version 1.9-29
- URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us…
x86_64:
Boot test
- URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution…
/distribution/command
LTP lite - release 20180926
- URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution…
xfstests: xfs
- URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems…
AMTU (Abstract Machine Test Utility)
- URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu
Usex - version 1.9-29
- URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us…
From: Kan Liang <kan.liang(a)linux.intel.com>
Some PCI uncore PMUs cannot be registered on a 8-socket system (HPE
Superdome Flex).
To understand which Socket the PCI uncore PMUs belong to, perf retrieves
the local Node ID of the uncore device from CPUNODEID(0xC0) of the PCI
configuration space, and the mapping between Socket ID and Node ID from
GIDNIDMAP(0xD4). The Socket ID can be calculated accordingly.
The local Node ID is only available at bit 2:0, but current code doesn't
mask it. If a BIOS doesn't clear the rest of the bits, a wrong Node ID
will be fetched.
Filter the Node ID by adding a mask.
Fixes: 7c94ee2e0917 ("perf/x86: Add Intel Nehalem and Sandy Bridge-EP uncore support")
Reported-by: Song Liu <songliubraving(a)fb.com>
Tested-by: Song Liu <songliubraving(a)fb.com>
Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com>
Cc: stable(a)vger.kernel.org
---
arch/x86/events/intel/uncore_snbep.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/x86/events/intel/uncore_snbep.c b/arch/x86/events/intel/uncore_snbep.c
index c07bee3..b10e043 100644
--- a/arch/x86/events/intel/uncore_snbep.c
+++ b/arch/x86/events/intel/uncore_snbep.c
@@ -1222,6 +1222,8 @@ static struct pci_driver snbep_uncore_pci_driver = {
.id_table = snbep_uncore_pci_ids,
};
+#define NODE_ID_MASK 0x7
+
/*
* build pci bus to socket mapping
*/
@@ -1243,7 +1245,7 @@ static int snbep_pci2phy_map_init(int devid, int nodeid_loc, int idmap_loc, bool
err = pci_read_config_dword(ubox_dev, nodeid_loc, &config);
if (err)
break;
- nodeid = config;
+ nodeid = config & NODE_ID_MASK;
/* get the Node ID mapping */
err = pci_read_config_dword(ubox_dev, idmap_loc, &config);
if (err)
--
2.7.4