- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] [PATCH] mm, oom_reaper: fix memory corruption

by Michal Hocko

From: Michal Hocko <mhocko(a)suse.com> David Rientjes has reported the following memory corruption while the oom reaper tries to unmap the victims address space BUG: Bad page map in process oom_reaper pte:6353826300000000 pmd:00000000 addr:00007f50cab1d000 vm_flags:08100073 anon_vma:ffff9eea335603f0 mapping: (null) index:7f50cab1d file: (null) fault: (null) mmap: (null) readpage: (null) CPU: 2 PID: 1001 Comm: oom_reaper Call Trace: [<ffffffffa4bd967d>] dump_stack+0x4d/0x70 [<ffffffffa4a03558>] unmap_page_range+0x1068/0x1130 [<ffffffffa4a2e07f>] __oom_reap_task_mm+0xd5/0x16b [<ffffffffa4a2e226>] oom_reaper+0xff/0x14c [<ffffffffa48d6ad1>] kthread+0xc1/0xe0 Tetsuo Handa has noticed that the synchronization inside exit_mmap is insufficient. We only synchronize with the oom reaper if tsk_is_oom_victim which is not true if the final __mmput is called from a different context than the oom victim exit path. This can trivially happen from context of any task which has grabbed mm reference (e.g. to read /proc/<pid>/ file which requires mm etc.). The race would look like this oom_reaper oom_victim task mmget_not_zero do_exit mmput __oom_reap_task_mm mmput __mmput exit_mmap remove_vma unmap_page_range Fix this issue by providing a new mm_is_oom_victim() helper which operates on the mm struct rather than a task. Any context which operates on a remote mm struct should use this helper in place of tsk_is_oom_victim. The flag is set in mark_oom_victim and never cleared so it is stable in the exit_mmap path. Changes since v1 - set MMF_OOM_SKIP in exit_mmap only for the oom mm as suggested by Tetsuo because there is no reason to set the flag unless we are synchronizing with the oom reaper. - do not modify values of other MMF_ flags and add MMF_OOM_VICTIM as the last one as requested by David Rientjes because they have "automated tools that look at specific bits in mm->flags and it would be nice to not have them be inconsistent between kernel versions. Not absolutely required, but nice to avoid" Reported-by: David Rientjes <rientjes(a)google.com> Debugged-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Fixes: 212925802454 ("mm: oom: let oom_reap_task and exit_mmap run concurrently") Cc: stable # 4.14 Acked-by: David Rientjes <rientjes(a)google.com> Signed-off-by: Michal Hocko <mhocko(a)suse.com> --- Hi, this patch fixes issue reported by David [1][2]. [1] http://lkml.kernel.org/r/alpine.DEB.2.10.1712051824050.91099@chino.kir.corp… [2] http://lkml.kernel.org/r/alpine.DEB.2.10.1712071315570.135101@chino.kir.cor… include/linux/oom.h | 9 +++++++++ include/linux/sched/coredump.h | 1 + mm/mmap.c | 10 +++++----- mm/oom_kill.c | 4 +++- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/include/linux/oom.h b/include/linux/oom.h index 27cd36b762b5..c4139e79771d 100644 --- a/include/linux/oom.h +++ b/include/linux/oom.h @@ -77,6 +77,15 @@ static inline bool tsk_is_oom_victim(struct task_struct * tsk) return tsk->signal->oom_mm; } +/* + * Use this helper if tsk->mm != mm and the victim mm needs a special + * handling. This is guaranteed to stay true after once set. + */ +static inline bool mm_is_oom_victim(struct mm_struct *mm) +{ + return test_bit(MMF_OOM_VICTIM, &mm->flags); +} + /* * Checks whether a page fault on the given mm is still reliable. * This is no longer true if the oom reaper started to reap the diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h index 9c8847395b5e..ec912d01126f 100644 --- a/include/linux/sched/coredump.h +++ b/include/linux/sched/coredump.h @@ -70,6 +70,7 @@ static inline int get_dumpable(struct mm_struct *mm) #define MMF_UNSTABLE 22 /* mm is unstable for copy_from_user */ #define MMF_HUGE_ZERO_PAGE 23 /* mm has ever used the global huge zero page */ #define MMF_DISABLE_THP 24 /* disable THP for all VMAs */ +#define MMF_OOM_VICTIM 25 /* mm is the oom victim */ #define MMF_DISABLE_THP_MASK (1 << MMF_DISABLE_THP) #define MMF_INIT_MASK (MMF_DUMPABLE_MASK | MMF_DUMP_FILTER_MASK |\ diff --git a/mm/mmap.c b/mm/mmap.c index 476e810cf100..0de87a376aaa 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -3004,20 +3004,20 @@ void exit_mmap(struct mm_struct *mm) /* Use -1 here to ensure all VMAs in the mm are unmapped */ unmap_vmas(&tlb, vma, 0, -1); - set_bit(MMF_OOM_SKIP, &mm->flags); - if (unlikely(tsk_is_oom_victim(current))) { + if (unlikely(mm_is_oom_victim(mm))) { /* * Wait for oom_reap_task() to stop working on this * mm. Because MMF_OOM_SKIP is already set before * calling down_read(), oom_reap_task() will not run * on this "mm" post up_write(). * - * tsk_is_oom_victim() cannot be set from under us - * either because current->mm is already set to NULL + * mm_is_oom_victim() cannot be set from under us + * either because victim->mm is already set to NULL * under task_lock before calling mmput and oom_mm is - * set not NULL by the OOM killer only if current->mm + * set not NULL by the OOM killer only if victim->mm * is found not NULL while holding the task_lock. */ + set_bit(MMF_OOM_SKIP, &mm->flags); down_write(&mm->mmap_sem); up_write(&mm->mmap_sem); } diff --git a/mm/oom_kill.c b/mm/oom_kill.c index 3b0d0fed8480..e4d290b6804b 100644 --- a/mm/oom_kill.c +++ b/mm/oom_kill.c @@ -666,8 +666,10 @@ static void mark_oom_victim(struct task_struct *tsk) return; /* oom_mm is bound to the signal struct life time. */ - if (!cmpxchg(&tsk->signal->oom_mm, NULL, mm)) + if (!cmpxchg(&tsk->signal->oom_mm, NULL, mm)) { mmgrab(tsk->signal->oom_mm); + set_bit(MMF_OOM_VICTIM, &mm->flags); + } /* * Make sure that the task is woken up from uninterruptible sleep -- 2.15.0

6 years, 9 months

1
0
0 0

[Linux-stable-mirror] v4.9.68 build: 0 failures 0 warnings (v4.9.68)

by Build bot for Mark Brown

Tree/Branch: v4.9.68 Git describe: v4.9.68 Commit: 3781db07c7 Linux 4.9.68 Build Time: 101 min 24 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

6 years, 9 months

1
0
0 0

[Linux-stable-mirror] v4.4.105 build: 0 failures 0 warnings (v4.4.105)

by Build bot for Mark Brown

Tree/Branch: v4.4.105 Git describe: v4.4.105 Commit: 69b0bf95a5 Linux 4.4.105 Build Time: 87 min 19 sec Passed: 9 / 9 (100.00 %) Failed: 0 / 9 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

6 years, 9 months

1
0
0 0

[Linux-stable-mirror] v3.18.87 build: 0 failures 1 warnings (v3.18.87)

by Build bot for Mark Brown

Tree/Branch: v3.18.87 Git describe: v3.18.87 Commit: 2179863ede Linux 3.18.87 Build Time: 67 min 13 sec Passed: 9 / 9 (100.00 %) Failed: 0 / 9 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 2 warnings 0 mismatches : x86_64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 1 2 ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm64-defconfig

6 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "usb: dwc2: Improve gadget state disconnection handling" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: dwc2: Improve gadget state disconnection handling to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-dwc2-improve-gadget-state-disconnection-handling.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From d2471d4a24dfbff5e463d382e2c6fec7d7e25a09 Mon Sep 17 00:00:00 2001 From: John Stultz <john.stultz(a)linaro.org> Date: Mon, 23 Oct 2017 14:32:48 -0700 Subject: usb: dwc2: Improve gadget state disconnection handling From: John Stultz <john.stultz(a)linaro.org> commit d2471d4a24dfbff5e463d382e2c6fec7d7e25a09 upstream. In the earlier commit dad3f793f20f ("usb: dwc2: Make sure we disconnect the gadget state"), I was trying to fix up the fact that we somehow weren't disconnecting the gadget state, so that when the OTG port was plugged in the second time we would get warnings about the state tracking being wrong. (This seems to be due to a quirk of the HiKey board where we do not ever get any otg interrupts, particularly the session end detected signal. Instead we only see status change interrupt.) The fix there was somewhat simple, as it just made sure to call dwc2_hsotg_disconnect() before we connected things up in OTG mode, ensuring the state handling didn't throw errors. But in looking at a different issue I was seeing with UDC state handling, I realized that it would be much better to call dwc2_hsotg_disconnect when we get the state change signal moving to host mode. Thus, this patch removes the earlier disconnect call I added and moves it (and the needed locking) to the host mode transition. Cc: Wei Xu <xuwei5(a)hisilicon.com> Cc: Guodong Xu <guodong.xu(a)linaro.org> Cc: Amit Pundir <amit.pundir(a)linaro.org> Cc: YongQin Liu <yongqin.liu(a)linaro.org> Cc: John Youn <johnyoun(a)synopsys.com> Cc: Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> Cc: Douglas Anderson <dianders(a)chromium.org> Cc: Chen Yu <chenyu56(a)huawei.com> Cc: Felipe Balbi <felipe.balbi(a)linux.intel.com> Cc: linux-usb(a)vger.kernel.org Acked-by: Minas Harutyunyan <hminas(a)synopsys.com> Tested-by: Minas Harutyunyan <hminas(a)synopsys.com> Signed-off-by: John Stultz <john.stultz(a)linaro.org> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/dwc2/hcd.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/drivers/usb/dwc2/hcd.c +++ b/drivers/usb/dwc2/hcd.c @@ -3277,7 +3277,6 @@ static void dwc2_conn_id_status_change(s dwc2_core_init(hsotg, false); dwc2_enable_global_interrupts(hsotg); spin_lock_irqsave(&hsotg->lock, flags); - dwc2_hsotg_disconnect(hsotg); dwc2_hsotg_core_init_disconnected(hsotg, false); spin_unlock_irqrestore(&hsotg->lock, flags); dwc2_hsotg_core_connect(hsotg); @@ -3296,8 +3295,12 @@ host: if (count > 250) dev_err(hsotg->dev, "Connection id status change timed out\n"); - hsotg->op_state = OTG_STATE_A_HOST; + spin_lock_irqsave(&hsotg->lock, flags); + dwc2_hsotg_disconnect(hsotg); + spin_unlock_irqrestore(&hsotg->lock, flags); + + hsotg->op_state = OTG_STATE_A_HOST; /* Initialize the Core for Host mode */ dwc2_core_init(hsotg, false); dwc2_enable_global_interrupts(hsotg); Patches currently in stable-queue which might be from john.stultz(a)linaro.org are queue-4.14/usb-dwc2-improve-gadget-state-disconnection-handling.patch

6 years, 9 months

2
1
0 0

[Linux-stable-mirror] Patch "xen-netfront: avoid crashing on resume after a failure in talk_to_netback()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xen-netfront: avoid crashing on resume after a failure in talk_to_netback() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xen-netfront-avoid-crashing-on-resume-after-a-failure-in-talk_to_netback.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From d86b5672b1adb98b4cdd6fbf0224bbfb03db6e2e Mon Sep 17 00:00:00 2001 From: Vitaly Kuznetsov <vkuznets(a)redhat.com> Date: Thu, 11 May 2017 13:58:06 +0200 Subject: xen-netfront: avoid crashing on resume after a failure in talk_to_netback() From: Vitaly Kuznetsov <vkuznets(a)redhat.com> commit d86b5672b1adb98b4cdd6fbf0224bbfb03db6e2e upstream. Unavoidable crashes in netfront_resume() and netback_changed() after a previous fail in talk_to_netback() (e.g. when we fail to read MAC from xenstore) were discovered. The failure path in talk_to_netback() does unregister/free for netdev but we don't reset drvdata and we try accessing it after resume. Fix the bug by removing the whole xen device completely with device_unregister(), this guarantees we won't have any calls into netfront after a failure. Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/xen-netfront.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -1958,8 +1958,7 @@ abort_transaction_no_dev_fatal: xennet_disconnect_backend(info); xennet_destroy_queues(info); out: - unregister_netdev(info->netdev); - xennet_free_netdev(info->netdev); + device_unregister(&dev->dev); return err; } Patches currently in stable-queue which might be from vkuznets(a)redhat.com are queue-4.9/xen-netfront-avoid-crashing-on-resume-after-a-failure-in-talk_to_netback.patch

6 years, 9 months

1
0
0 0

[Linux-stable-mirror] Patch "xen-netfront: avoid crashing on resume after a failure in talk_to_netback()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xen-netfront: avoid crashing on resume after a failure in talk_to_netback() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xen-netfront-avoid-crashing-on-resume-after-a-failure-in-talk_to_netback.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From d86b5672b1adb98b4cdd6fbf0224bbfb03db6e2e Mon Sep 17 00:00:00 2001 From: Vitaly Kuznetsov <vkuznets(a)redhat.com> Date: Thu, 11 May 2017 13:58:06 +0200 Subject: xen-netfront: avoid crashing on resume after a failure in talk_to_netback() From: Vitaly Kuznetsov <vkuznets(a)redhat.com> commit d86b5672b1adb98b4cdd6fbf0224bbfb03db6e2e upstream. Unavoidable crashes in netfront_resume() and netback_changed() after a previous fail in talk_to_netback() (e.g. when we fail to read MAC from xenstore) were discovered. The failure path in talk_to_netback() does unregister/free for netdev but we don't reset drvdata and we try accessing it after resume. Fix the bug by removing the whole xen device completely with device_unregister(), this guarantees we won't have any calls into netfront after a failure. Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/xen-netfront.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -1944,8 +1944,7 @@ abort_transaction_no_dev_fatal: xennet_disconnect_backend(info); xennet_destroy_queues(info); out: - unregister_netdev(info->netdev); - xennet_free_netdev(info->netdev); + device_unregister(&dev->dev); return err; } Patches currently in stable-queue which might be from vkuznets(a)redhat.com are queue-4.4/xen-netfront-avoid-crashing-on-resume-after-a-failure-in-talk_to_netback.patch

6 years, 9 months

1
0
0 0

Re: [Linux-stable-mirror] [PATCH 4.4 00/49] 4.4.105-stable review

by Greg Kroah-Hartman

On Fri, Dec 08, 2017 at 12:00:47PM -0800, Kevin Hilman wrote: > kernelci.org bot <bot(a)kernelci.org> writes: > > > stable-rc/linux-4.4.y boot: 122 boots: 2 failed, 106 passed with 12 offline, 2 conflicts (v4.4.104-50-gffc1d3fcd46a) > > > > Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.4.y/kernel/v4.4.… > > Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.4.y/kernel/v4.4.104-50-… > > > > Tree: stable-rc > > Branch: linux-4.4.y > > Git Describe: v4.4.104-50-gffc1d3fcd46a > > Git Commit: ffc1d3fcd46a59815958ce25e4e70da1a8a5799d > > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git > > Tested: 62 unique boards, 20 SoC families, 18 builds out of 182 > > > > Boot Regressions Detected: > > > > arm: > > > > exynos_defconfig: > > exynos5422-odroidxu3: > > lab-collabora: failing since 31 days (last pass: v4.4.95-21-g32458fcb7bd6 - first fail: v4.4.96-41-g336421367b9c) > > exynos5422-odroidxu3_rootfs:nfs: > > lab-collabora: failing since 23 days (last pass: v4.4.95-21-g32458fcb7bd6 - first fail: v4.4.97-57-g528c687b455d) > > TL;DR; All is well. > > These two are passing in another lab, so this is a board/lab setup issue > under. Guillaume (Cc'd) is investigating. I figured with a lab that was failing for that long, I didn't need to worry about it. thanks, greg k-h > Kevin

6 years, 9 months

1
0
0 0

Re: [Linux-stable-mirror] [PATCH 4.14 00/75] 4.14.5-stable review

by Greg Kroah-Hartman

On Fri, Dec 08, 2017 at 12:03:34PM -0800, Kevin Hilman wrote: > kernelci.org bot <bot(a)kernelci.org> writes: > > > stable-rc/linux-4.14.y boot: 142 boots: 1 failed, 127 passed with 14 offline (v4.14.4-76-gf91a57b206e0) > > > > Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.14.y/kernel/v4.1… > > Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.14.y/kernel/v4.14.4-76-… > > > > Tree: stable-rc > > Branch: linux-4.14.y > > Git Describe: v4.14.4-76-gf91a57b206e0 > > Git Commit: f91a57b206e0ca82c4d3f13372c392e3b374e1ce > > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git > > Tested: 76 unique boards, 23 SoC families, 18 builds out of 189 > > > > Boot Regressions Detected: > > > > arm64: > > > > defconfig: > > meson-gxbb-p200: > > TL;DR; All is well. > > Re-ran this one and it's fine. Great, thanks for letting me know. greg k-h

6 years, 9 months

1
0
0 0

[Linux-stable-mirror] [PATCH 4.4 00/96] 4.4.103-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.103 release. There are 96 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Nov 30 10:04:41 UTC 2017. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.103-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.103-rc1 Juergen Gross <jgross(a)suse.com> xen: xenbus driver must not accept invalid transaction ids Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/kbuild: enable modversions for symbols exported from asm Richard Fitzgerald <rf(a)opensource.wolfsonmicro.com> ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data Pan Bian <bianpan2016(a)163.com> btrfs: return the actual error value from from btrfs_uuid_tree_iterate Colin Ian King <colin.king(a)canonical.com> ASoC: rsnd: don't double free kctrl Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: fix oob access Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_queue: use raw_smp_processor_id() Geert Uytterhoeven <geert(a)linux-m68k.org> spi: SPI_FSL_DSPI should depend on HAS_DMA Pan Bian <bianpan2016(a)163.com> staging: iio: cdc: fix improper return value Pan Bian <bianpan2016(a)163.com> iio: light: fix improper return value Masashi Honma <masashi.honma(a)gmail.com> mac80211: Suppress NEW_PEER_CANDIDATE event if no room Masashi Honma <masashi.honma(a)gmail.com> mac80211: Remove invalid flag operations in mesh TSF synchronization Chris Wilson <chris(a)chris-wilson.co.uk> drm: Apply range restriction after color adjustment when allocation Gabriele Mazzotta <gabriele.mzt(a)gmail.com> ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE Bartosz Markowski <bartosz.markowski(a)tieto.com> ath10k: set CTS protection VDEV param only if VDEV is up Christian Lamparter <chunkeey(a)googlemail.com> ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats() Ryan Hsu <ryanhsu(a)qca.qualcomm.com> ath10k: ignore configuring the incorrect board_id Ryan Hsu <ryanhsu(a)qca.qualcomm.com> ath10k: fix incorrect txpower set by P2P_DEVICE interface Daniel Vetter <daniel.vetter(a)ffwll.ch> drm/armada: Fix compile fail Thomas Preisner <thomas.preisner+linux(a)fau.de> net: 3com: typhoon: typhoon_init_one: fix incorrect return values Thomas Preisner <thomas.preisner+linux(a)fau.de> net: 3com: typhoon: typhoon_init_one: make return values more specific David Ahern <dsa(a)cumulusnetworks.com> net: Allow IP_MULTICAST_IF to set index to L3 slave Shawn Guo <shawn.guo(a)linaro.org> dmaengine: zx: set DMA_CYCLIC cap_mask bit Bjorn Helgaas <bhelgaas(a)google.com> PCI: Apply _HPX settings only to relevant devices Santosh Shilimkar <santosh.shilimkar(a)oracle.com> RDS: RDMA: return appropriate error on rdma map failures Benjamin Poirier <bpoirier(a)suse.com> e1000e: Separate signaling for link check/link up Benjamin Poirier <bpoirier(a)suse.com> e1000e: Fix return value test Benjamin Poirier <bpoirier(a)suse.com> e1000e: Fix error path in link detection Tobias Jordan <Tobias.Jordan(a)elektrobit.com> PM / OPP: Add missing of_node_put(np) Tuomas Tynkkynen <tuomas(a)tuxera.com> net/9p: Switch to wait_event_killable() Eric Biggers <ebiggers(a)google.com> fscrypt: lock mutex before checking for bounce page pool Steven Rostedt (Red Hat) <rostedt(a)goodmis.org> sched/rt: Simplify the IPI based RT balancing logic Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> media: v4l2-ctrl: Fix flags field on Control events Johan Hovold <johan(a)kernel.org> cx231xx-cards: fix NULL-deref on missing association descriptor Sean Young <sean(a)mess.org> media: rc: check for integer overflow Michele Baldessari <michele(a)acksyn.org> media: Don't do DMA on stack for firmware upload in the AS102 driver Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/signal: Properly handle return value from uprobe_deny_signal() John David Anglin <dave.anglin(a)bell.net> parisc: Fix validity check of pointer size argument in new CAS implementation Brian King <brking(a)linux.vnet.ibm.com> ixgbe: Fix skb list corruption on Power systems Brian King <brking(a)linux.vnet.ibm.com> fm10k: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> i40evf: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> ixgbevf: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> igbvf: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> igb: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> i40e: Use smp_rmb rather than read_barrier_depends Johan Hovold <johan(a)kernel.org> NFC: fix device-allocation error return Bart Van Assche <bart.vanassche(a)wdc.com> IB/srp: Avoid that a cable pull can trigger a kernel crash Bart Van Assche <bart.vanassche(a)wdc.com> IB/srpt: Do not accept invalid initiator port names Dan Williams <dan.j.williams(a)intel.com> libnvdimm, namespace: make 'resource' attribute only readable by root Dan Williams <dan.j.williams(a)intel.com> libnvdimm, namespace: fix label initialization to use valid seq numbers Johan Hovold <johan(a)kernel.org> clk: ti: dra7-atl-clock: fix child-node lookups Peter Ujfalusi <peter.ujfalusi(a)ti.com> clk: ti: dra7-atl-clock: Fix of_node reference counting Trond Myklebust <trond.myklebust(a)primarydata.com> SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status Paolo Bonzini <pbonzini(a)redhat.com> KVM: SVM: obey guest PAT Ladi Prosek <lprosek(a)redhat.com> KVM: nVMX: set IDTR and GDTR limits when loading L1 host state Nicholas Bellinger <nab(a)linux-iscsi.org> target: Fix QUEUE_FULL + SCSI task attribute handling Nicholas Bellinger <nab(a)linux-iscsi.org> iscsi-target: Fix non-immediate TMR reference leak Tuomas Tynkkynen <tuomas(a)tuxera.com> fs/9p: Compare qid.path in v9fs_test_inode Al Viro <viro(a)zeniv.linux.org.uk> fix a page leak in vhost_scsi_iov_to_sgl() error recovery Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix ALC700 family no sound issue Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Remove kernel warning at compat ioctl error paths Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add sanity checks in v2 clock parsers Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix potential out-of-bound access at parsing SU Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add sanity checks to FE parser Henrik Eriksson <henrik.eriksson(a)axis.com> ALSA: pcm: update tstamp only if audio_tstamp changed Theodore Ts'o <tytso(a)mit.edu> ext4: fix interaction between i_size, fallocate, and delalloc after a crash Rameshwar Prasad Sahu <rsahu(a)apm.com> ata: fixes kernel crash while tracing ata_eh_link_autopsy event Arnd Bergmann <arnd(a)arndb.de> rtlwifi: fix uninitialized rtlhal->last_suspend_sec time Larry Finger <Larry.Finger(a)lwfinger.net> rtlwifi: rtl8192ee: Fix memory leak when loading firmware Andrew Elble <aweits(a)rit.edu> nfsd: deal with revoked delegations appropriately Chuck Lever <chuck.lever(a)oracle.com> nfs: Fix ugly referral attributes Joshua Watt <jpewhacker(a)gmail.com> NFS: Fix typo in nomigration mount option Arnd Bergmann <arnd(a)arndb.de> isofs: fix timestamps beyond 2027 Coly Li <colyli(a)suse.de> bcache: check ca->alloc_thread initialized before wake up it Dan Carpenter <dan.carpenter(a)oracle.com> eCryptfs: use after free in ecryptfs_release_messaging() Andreas Rohner <andreas.rohner(a)gmx.net> nilfs2: fix race condition that causes file system corruption NeilBrown <neilb(a)suse.com> autofs: don't fail mount for transient error Mirko Parthey <mirko.parthey(a)web.de> MIPS: BCM47XX: Fix LED inversion for WRT54GSv1 Maciej W. Rozycki <macro(a)mips.com> MIPS: Fix an n32 core file generation regset support regression Hou Tao <houtao1(a)huawei.com> dm: fix race between dm_get_from_kobject() and __dm_destroy() Eric Biggers <ebiggers(a)google.com> dm bufio: fix integer overflow when limiting maximum cache size Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ALSA: hda: Add Raven PCI ID Mathias Kresin <dev(a)kresin.me> MIPS: ralink: Fix typo in mt7628 pinmux function Mathias Kresin <dev(a)kresin.me> MIPS: ralink: Fix MT7628 pinmux Philip Derrin <philip(a)cog.systems> ARM: 8721/1: mm: dump: check hardware RO bit for LPAE Philip Derrin <philip(a)cog.systems> ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE Masami Hiramatsu <mhiramat(a)kernel.org> x86/decoder: Add new TEST instruction pattern Eric Biggers <ebiggers(a)google.com> lib/mpi: call cond_resched() from mpi_powm() loop Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> sched: Make resched_cpu() unconditional WANG Cong <xiyou.wangcong(a)gmail.com> vsock: use new wait API for vsock_stream_sendmsg() Claudio Imbrenda <imbrenda(a)linux.vnet.ibm.com> AF_VSOCK: Shrink the area influenced by prepare_to_wait WANG Cong <xiyou.wangcong(a)gmail.com> ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER Vasily Gorbik <gor(a)linux.vnet.ibm.com> s390/disassembler: increase show_code buffer size Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/disassembler: add missing end marker for e7 table Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/runtime instrumention: fix possible memory corruption Heiko Carstens <heiko.carstens(a)de.ibm.com> s390: fix transactional execution control register handling ------------- Diffstat: Makefile | 4 +- arch/arm/mm/dump.c | 4 +- arch/arm/mm/init.c | 4 +- arch/mips/bcm47xx/leds.c | 2 +- arch/mips/kernel/ptrace.c | 17 ++ arch/mips/ralink/mt7620.c | 4 +- arch/parisc/kernel/syscall.S | 6 +- arch/powerpc/kernel/signal.c | 2 +- arch/s390/include/asm/asm-prototypes.h | 8 + arch/s390/include/asm/switch_to.h | 2 +- arch/s390/kernel/dis.c | 5 +- arch/s390/kernel/early.c | 4 +- arch/s390/kernel/process.c | 1 + arch/s390/kernel/runtime_instr.c | 4 +- arch/x86/kvm/svm.c | 7 + arch/x86/kvm/vmx.c | 2 + arch/x86/lib/x86-opcode-map.txt | 2 +- drivers/ata/libata-eh.c | 2 +- drivers/base/power/opp/core.c | 1 + drivers/clk/ti/clk-dra7-atl.c | 3 +- drivers/dma/zx296702_dma.c | 1 + drivers/gpu/drm/armada/Makefile | 2 + drivers/gpu/drm/drm_mm.c | 16 +- drivers/iio/light/cm3232.c | 2 +- drivers/infiniband/ulp/srp/ib_srp.c | 25 ++- drivers/infiniband/ulp/srpt/ib_srpt.c | 9 +- drivers/md/bcache/alloc.c | 3 +- drivers/md/dm-bufio.c | 15 +- drivers/md/dm.c | 12 +- drivers/media/rc/ir-lirc-codec.c | 9 +- drivers/media/usb/as102/as102_fw.c | 28 ++- drivers/media/usb/cx231xx/cx231xx-cards.c | 2 +- drivers/media/v4l2-core/v4l2-ctrls.c | 16 +- drivers/net/ethernet/3com/typhoon.c | 25 ++- drivers/net/ethernet/intel/e1000e/mac.c | 11 +- drivers/net/ethernet/intel/e1000e/netdev.c | 4 +- drivers/net/ethernet/intel/e1000e/phy.c | 7 +- drivers/net/ethernet/intel/fm10k/fm10k_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 2 +- drivers/net/ethernet/intel/i40evf/i40e_txrx.c | 2 +- drivers/net/ethernet/intel/igb/igb_main.c | 2 +- drivers/net/ethernet/intel/igbvf/netdev.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 2 +- drivers/net/wireless/ath/ath10k/core.c | 5 +- drivers/net/wireless/ath/ath10k/mac.c | 58 ++++- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 12 +- .../net/wireless/realtek/rtlwifi/rtl8192ee/fw.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8821ae/hw.c | 1 + drivers/nvdimm/label.c | 2 +- drivers/nvdimm/namespace_devs.c | 2 +- drivers/pci/probe.c | 15 +- drivers/spi/Kconfig | 1 + drivers/staging/iio/cdc/ad7150.c | 2 +- drivers/target/iscsi/iscsi_target.c | 8 +- drivers/target/target_core_transport.c | 4 + drivers/vhost/scsi.c | 5 +- drivers/xen/xenbus/xenbus_dev_frontend.c | 2 +- fs/9p/vfs_inode.c | 3 + fs/9p/vfs_inode_dotl.c | 3 + fs/autofs4/waitq.c | 15 +- fs/btrfs/uuid-tree.c | 4 +- fs/ecryptfs/messaging.c | 7 +- fs/ext4/crypto_key.c | 8 +- fs/ext4/extents.c | 6 +- fs/isofs/isofs.h | 2 +- fs/isofs/rock.h | 2 +- fs/isofs/util.c | 2 +- fs/nfs/nfs4proc.c | 18 +- fs/nfs/super.c | 2 +- fs/nfsd/nfs4state.c | 25 ++- fs/nilfs2/segment.c | 6 +- include/trace/events/sunrpc.h | 17 +- kernel/sched/core.c | 9 +- kernel/sched/rt.c | 235 ++++++++++----------- kernel/sched/sched.h | 24 ++- lib/mpi/mpi-pow.c | 2 + net/9p/client.c | 3 +- net/9p/trans_virtio.c | 13 +- net/ipv4/ip_sockglue.c | 7 +- net/ipv6/ipv6_sockglue.c | 16 +- net/ipv6/route.c | 6 +- net/mac80211/ieee80211_i.h | 1 - net/mac80211/mesh.c | 3 - net/mac80211/mesh_plink.c | 14 +- net/mac80211/mesh_sync.c | 11 - net/netfilter/nf_tables_api.c | 2 +- net/netfilter/nft_queue.c | 2 +- net/nfc/core.c | 2 +- net/rds/send.c | 11 +- net/vmw_vsock/af_vsock.c | 167 ++++++++------- sound/core/pcm_lib.c | 6 +- sound/core/timer_compat.c | 12 +- sound/pci/hda/hda_intel.c | 3 + sound/pci/hda/patch_realtek.c | 4 +- sound/soc/codecs/wm_adsp.c | 25 ++- sound/soc/sh/rcar/core.c | 4 +- sound/usb/clock.c | 9 +- sound/usb/mixer.c | 15 +- 100 files changed, 699 insertions(+), 437 deletions(-)

6 years, 9 months

9
118
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror