- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.199 release. There are 62 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed 06 Nov 2019 09:14:04 PM UTC. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.199-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.199-rc1 Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Fix mutex deadlock at releasing card Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Simplify error path in snd_timer_open() Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Limit max instances per timer Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Follow standard EXPORT_SYMBOL() declarations Vratislav Bendel <vbendel(a)redhat.com> xfs: Correctly invert xfs_buftarg LRU isolation logic Xin Long <lucien.xin(a)gmail.com> sctp: not bind the socket in sctp_connect Xin Long <lucien.xin(a)gmail.com> sctp: fix the issue that flags are ignored when using kernel_connect Eric Dumazet <edumazet(a)google.com> sch_netem: fix rcu splat in netem_enqueue() Valentin Vidic <vvidic(a)valentin-vidic.from.hr> net: usb: sr9800: fix uninitialized local variable Eric Dumazet <edumazet(a)google.com> bonding: fix potential NULL deref in bond_update_slave_arr Eric Biggers <ebiggers(a)google.com> llc: fix sk_buff leak in llc_conn_service() Eric Biggers <ebiggers(a)google.com> llc: fix sk_buff leak in llc_sap_state_process() Tony Lindgren <tony(a)atomide.com> dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle Laura Abbott <labbott(a)redhat.com> rtlwifi: Fix potential overflow on P2P code Yihui ZENG <yzeng56(a)asu.edu> s390/cmm: fix information leak in cmm_timeout_handler() Markus Theil <markus.theil(a)tu-ilmenau.de> nl80211: fix validation of mesh path nexthop Michał Mirosław <mirq-linux(a)rere.qmqm.pl> HID: fix error message in hid_open_report() Alan Stern <stern(a)rowland.harvard.edu> HID: Fix assumption that devices have inputs Hans de Goede <hdegoede(a)redhat.com> HID: i2c-hid: add Trekstor Primebook C11B to descriptor override Johan Hovold <johan(a)kernel.org> USB: serial: whiteheat: fix line-speed endianness Johan Hovold <johan(a)kernel.org> USB: serial: whiteheat: fix potential slab corruption Johan Hovold <johan(a)kernel.org> USB: ldusb: fix control-message timeout Johan Hovold <johan(a)kernel.org> USB: ldusb: fix ring-buffer locking Alan Stern <stern(a)rowland.harvard.edu> usb-storage: Revert commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows") Alan Stern <stern(a)rowland.harvard.edu> USB: gadget: Reject endpoints with 0 maxpacket value Alan Stern <stern(a)rowland.harvard.edu> UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments") Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: bebob: Fix prototype of helper function to return negative value Miklos Szeredi <mszeredi(a)redhat.com> fuse: truncate pending writes on O_TRUNC Miklos Szeredi <mszeredi(a)redhat.com> fuse: flush dirty data/metadata before non-truncate setattr Hui Peng <benquike(a)gmail.com> ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Use 32-bit writes when writing ring producer/consumer Dan Carpenter <dan.carpenter(a)oracle.com> USB: legousbtower: fix a signedness bug in tower_probe() Petr Mladek <pmladek(a)suse.com> tracing: Initialize iter->seq after zeroing in tracing_read_pipe() Christian Borntraeger <borntraeger(a)de.ibm.com> s390/uaccess: avoid (false positive) compiler warnings Chuck Lever <chuck.lever(a)oracle.com> NFSv4: Fix leak of clp->cl_acceptor string Thomas Bogendoerfer <tbogendoerfer(a)suse.de> MIPS: fw: sni: Fix out of bounds init of o32 stack Jia-Ju Bai <baijiaju1990(a)gmail.com> fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() Jia-Ju Bai <baijiaju1990(a)gmail.com> fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock() Jia-Ju Bai <baijiaju1990(a)gmail.com> fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry() Jia Guo <guojia12(a)huawei.com> ocfs2: clear zero in unaligned direct IO Dave Young <dyoung(a)redhat.com> efi/x86: Do not clean dummy variable in kexec path Lukas Wunner <lukas(a)wunner.de> efi/cper: Fix endianness of PCIe class code Adam Ford <aford173(a)gmail.com> serial: mctrl_gpio: Check for NULL pointer Austin Kim <austindh.kim(a)gmail.com> fs: cifs: mute -Wunused-const-variable message Thierry Reding <treding(a)nvidia.com> gpio: max77620: Use correct unit for debounce times Bart Van Assche <bvanassche(a)acm.org> RDMA/iwcm: Fix a lock inversion issue Connor Kuehl <connor.kuehl(a)canonical.com> staging: rtl8188eu: fix null dereference when kzalloc fails Andi Kleen <ak(a)linux.intel.com> perf jevents: Fix period for Intel fixed counters Steve MacLean <Steve.MacLean(a)microsoft.com> perf map: Fix overlapped map handling Pascal Bouwmann <bouwmann(a)tau-tec.de> iio: fix center temperature of bmc150-accel-core Kees Cook <keescook(a)chromium.org> exec: load_script: Do not exec truncated interpreter path Sam Ravnborg <sam(a)ravnborg.org> rtc: pcf8523: set xtal load capacitance from DT Jan-Marek Glogowski <glogow(a)fbihome.de> usb: handle warm-reset port requests on hub resume Brian Norris <briannorris(a)chromium.org> scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks Hans de Goede <hdegoede(a)redhat.com> HID: i2c-hid: Add Odys Winbook 13 to descriptor override Kan Liang <kan.liang(a)linux.intel.com> x86/cpu: Add Atom Tremont (Jacobsville) Julian Sax <jsbc(a)gmx.de> HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override Phil Elwell <phil(a)raspberrypi.org> sc16is7xx: Fix for "Unexpected interrupt: 8" Kent Overstreet <kent.overstreet(a)gmail.com> dm: Use kzalloc for all structs with embedded biosets/mempools Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: rework COW throttling to fix deadlock Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: introduce account_start_copy() and account_end_copy() Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: use mutex instead of rw_semaphore ------------- Diffstat: Makefile | 4 +- arch/mips/fw/sni/sniprom.c | 2 +- arch/s390/include/asm/uaccess.h | 4 +- arch/s390/mm/cmm.c | 12 +- arch/x86/include/asm/intel-family.h | 3 +- arch/x86/platform/efi/efi.c | 3 - drivers/dma/cppi41.c | 21 +++- drivers/firmware/efi/cper.c | 2 +- drivers/gpio/gpio-max77620.c | 6 +- drivers/hid/hid-axff.c | 11 +- drivers/hid/hid-core.c | 7 +- drivers/hid/hid-dr.c | 12 +- drivers/hid/hid-emsff.c | 12 +- drivers/hid/hid-gaff.c | 12 +- drivers/hid/hid-holtekff.c | 12 +- drivers/hid/hid-lg2ff.c | 12 +- drivers/hid/hid-lg3ff.c | 11 +- drivers/hid/hid-lg4ff.c | 11 +- drivers/hid/hid-lgff.c | 11 +- drivers/hid/hid-logitech-hidpp.c | 11 +- drivers/hid/hid-sony.c | 12 +- drivers/hid/hid-tmff.c | 12 +- drivers/hid/hid-zpff.c | 12 +- drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c | 35 ++++++ drivers/iio/accel/bmc150-accel-core.c | 2 +- drivers/infiniband/core/cma.c | 3 +- drivers/md/dm-bio-prison.c | 2 +- drivers/md/dm-io.c | 2 +- drivers/md/dm-kcopyd.c | 2 +- drivers/md/dm-region-hash.c | 2 +- drivers/md/dm-snap.c | 178 +++++++++++++++++++--------- drivers/md/dm-thin.c | 2 +- drivers/net/bonding/bond_main.c | 2 +- drivers/net/usb/sr9800.c | 2 +- drivers/net/wireless/ath/ath6kl/usb.c | 8 ++ drivers/net/wireless/realtek/rtlwifi/ps.c | 6 + drivers/rtc/rtc-pcf8523.c | 28 +++-- drivers/staging/rtl8188eu/os_dep/usb_intf.c | 6 +- drivers/thunderbolt/nhi.c | 22 +++- drivers/tty/serial/sc16is7xx.c | 28 +++++ drivers/tty/serial/serial_mctrl_gpio.c | 3 + drivers/usb/core/hub.c | 7 ++ drivers/usb/gadget/udc/core.c | 11 ++ drivers/usb/misc/ldusb.c | 6 +- drivers/usb/misc/legousbtower.c | 2 +- drivers/usb/serial/whiteheat.c | 13 +- drivers/usb/serial/whiteheat.h | 2 +- drivers/usb/storage/scsiglue.c | 10 -- drivers/usb/storage/uas.c | 20 ---- fs/binfmt_script.c | 57 +++++++-- fs/cifs/netmisc.c | 4 - fs/fuse/dir.c | 13 ++ fs/fuse/file.c | 10 +- fs/nfs/nfs4proc.c | 1 + fs/ocfs2/aops.c | 25 +++- fs/ocfs2/ioctl.c | 2 +- fs/ocfs2/xattr.c | 56 ++++----- fs/xfs/xfs_buf.c | 2 +- include/net/llc_conn.h | 2 +- include/net/sch_generic.h | 5 + include/net/sctp/sctp.h | 2 + include/sound/timer.h | 2 + kernel/trace/trace.c | 1 + net/llc/llc_c_ac.c | 8 +- net/llc/llc_conn.c | 32 ++--- net/llc/llc_s_ac.c | 12 +- net/llc/llc_sap.c | 23 ++-- net/sched/sch_netem.c | 2 +- net/sctp/ipv6.c | 2 +- net/sctp/protocol.c | 2 +- net/sctp/socket.c | 55 +++++---- net/wireless/nl80211.c | 3 +- scripts/setlocalversion | 12 +- sound/core/hrtimer.c | 1 + sound/core/timer.c | 141 +++++++++++++++------- sound/firewire/bebob/bebob_stream.c | 3 +- tools/perf/pmu-events/jevents.c | 12 +- tools/perf/util/map.c | 3 + 78 files changed, 754 insertions(+), 358 deletions(-)

5 years, 8 months

8
71
0 0

[PATCH 5.3 000/163] 5.3.9-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.3.9 release. There are 163 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed 06 Nov 2019 09:14:04 PM UTC. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.3.9-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.3.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.3.9-rc1 Qian Cai <cai(a)lca.pw> sched/fair: Fix -Wunused-but-set-variable warnings Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/mlx5: Use irq xarray locking for mkey_table Justin Song <flyingecar(a)gmail.com> ALSA: usb-audio: Add DSD support for Gustard U16/X26 USB Interface Jussi Laako <jussi(a)sonarnerd.net> ALSA: usb-audio: Update DSD support quirks for Oppo and Rotel Jussi Laako <jussi(a)sonarnerd.net> ALSA: usb-audio: DSD auto-detection for Playback Designs Dave Chiluk <chiluk+linux(a)indeed.com> sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices Luca Coelho <luciano.coelho(a)intel.com> iwlwifi: exclude GEO SAR support for 3168 Vlad Buslov <vladbu(a)mellanox.com> net: sched: sch_sfb: don't call qdisc_put() while holding tree lock Eric Dumazet <edumazet(a)google.com> sch_netem: fix rcu splat in netem_enqueue() Valentin Vidic <vvidic(a)valentin-vidic.from.hr> net: usb: sr9800: fix uninitialized local variable Eric Dumazet <edumazet(a)google.com> netfilter: conntrack: avoid possible false sharing Eric Dumazet <edumazet(a)google.com> bonding: fix potential NULL deref in bond_update_slave_arr Johan Hovold <johan(a)kernel.org> NFC: pn533: fix use-after-free and memleaks David Howells <dhowells(a)redhat.com> rxrpc: Fix trace-after-put looking at the put peer record David Howells <dhowells(a)redhat.com> rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record David Howells <dhowells(a)redhat.com> rxrpc: Fix call ref leak Eric Biggers <ebiggers(a)google.com> llc: fix sk_buff leak in llc_conn_service() Eric Biggers <ebiggers(a)google.com> llc: fix sk_buff leak in llc_sap_state_process() Sven Eckelmann <sven(a)narfation.org> batman-adv: Avoid free/alloc race when handling OGM buffer John Donnelly <John.P.Donnelly(a)Oracle.com> iommu/vt-d: Fix panic after kexec -p for kdump Jens Axboe <axboe(a)kernel.dk> io_uring: ensure we clear io_kiocb->result before each issue Trond Myklebust <trondmy(a)gmail.com> NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() chen gong <curry.gong(a)amd.com> drm/amdgpu: Fix SDMA hang when performing VKexample test Pelle van Gils <pelle(a)vangils.xyz> drm/amdgpu/powerplay/vega10: allow undervolting in p7 Tianci.Yin <tianci.yin(a)amd.com> drm/amdgpu/gfx10: update gfx golden settings Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix PCH reference clock for FDI on HSW/BDW Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gmc10: properly set BANK_SELECT and FRAGMENT_SIZE Tony Lindgren <tony(a)atomide.com> dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle Robin Gong <yibin.gong(a)nxp.com> dmaengine: imx-sdma: fix size check for sdma script_number Sameer Pujar <spujar(a)nvidia.com> dmaengine: tegra210-adma: fix transfer failure Jeffrey Hugo <jeffrey.l.hugo(a)gmail.com> dmaengine: qcom: bam_dma: Fix resource leak Paolo Bonzini <pbonzini(a)redhat.com> KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active Laura Abbott <labbott(a)redhat.com> rtlwifi: Fix potential overflow on P2P code Larry Finger <Larry.Finger(a)lwfinger.net> rtlwifi: rtl_pci: Fix problem of too small skb->len Marvin Liu <yong.liu(a)intel.com> virtio_ring: fix stalls for packed rings Bjorn Andersson <bjorn.andersson(a)linaro.org> arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 Catalin Marinas <catalin.marinas(a)arm.com> arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default Kaike Wan <kaike.wan(a)intel.com> IB/hfi1: Avoid excessive retry for TID RDMA READ request Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: perf: Accommodate big-endian CPU Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/idle: fix cpu idle time calculation Yihui ZENG <yzeng56(a)asu.edu> s390/cmm: fix information leak in cmm_timeout_handler() Ilya Leoshkevich <iii(a)linux.ibm.com> s390/unwind: fix mixing regs and sp Anton Ivanov <anton.ivanov(a)cambridgegreys.com> um-ubd: Entrust re-queue to the upper layers Andrey Smirnov <andrew.smirnov(a)gmail.com> HID: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy() Andrey Smirnov <andrew.smirnov(a)gmail.com> HID: logitech-hidpp: rework device validation Andrey Smirnov <andrew.smirnov(a)gmail.com> HID: logitech-hidpp: split g920_get_config() Michał Mirosław <mirq-linux(a)rere.qmqm.pl> HID: fix error message in hid_open_report() Alan Stern <stern(a)rowland.harvard.edu> HID: Fix assumption that devices have inputs Hans de Goede <hdegoede(a)redhat.com> HID: i2c-hid: add Trekstor Primebook C11B to descriptor override Bart Van Assche <bvanassche(a)acm.org> scsi: target: cxgbit: Fix cxgbit_fw4_ack() Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix partial flash write of MBI Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix use-after-free regression in xhci clear hub TT implementation Johan Hovold <johan(a)kernel.org> USB: serial: whiteheat: fix line-speed endianness Johan Hovold <johan(a)kernel.org> USB: serial: whiteheat: fix potential slab corruption Ben Dooks (Codethink) <ben.dooks(a)codethink.co.uk> usb: xhci: fix __le32/__le64 accessors in debugfs code Samuel Holland <samuel(a)sholland.org> usb: xhci: fix Immediate Data Transfer endianness Johan Hovold <johan(a)kernel.org> USB: ldusb: fix control-message timeout Johan Hovold <johan(a)kernel.org> USB: ldusb: fix ring-buffer locking Alan Stern <stern(a)rowland.harvard.edu> usb-storage: Revert commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows") Alan Stern <stern(a)rowland.harvard.edu> USB: gadget: Reject endpoints with 0 maxpacket value Markus Theil <markus.theil(a)tu-ilmenau.de> nl80211: fix validation of mesh path nexthop Alan Stern <stern(a)rowland.harvard.edu> UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments") Miaoqing Pan <miaoqing(a)codeaurora.org> ath10k: fix latency issue for QCA988x Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Add support for ALC623 Aaron Ma <aaron.ma(a)canonical.com> ALSA: hda/realtek - Fix 2 front mics of codec 0x623 Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Fix mutex deadlock at releasing card Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: bebob: Fix prototype of helper function to return negative value Miklos Szeredi <mszeredi(a)redhat.com> fuse: truncate pending writes on O_TRUNC Miklos Szeredi <mszeredi(a)redhat.com> fuse: flush dirty data/metadata before non-truncate setattr Hui Peng <benquike(a)gmail.com> ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Use 32-bit writes when writing ring producer/consumer Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Correct path indices for PCIe tunnel Sebastian Ott <sebott(a)linux.ibm.com> s390/pci: fix MSI message data Joe Perches <joe(a)perches.com> rtw88: Fix misuse of GENMASK macro Jeffrey Hugo <jeffrey.l.hugo(a)gmail.com> arm64: dts: qcom: Add Asus NovaGo TP370QL Jeffrey Hugo <jeffrey.l.hugo(a)gmail.com> arm64: dts: qcom: Add HP Envy x2 Jeffrey Hugo <jeffrey.l.hugo(a)gmail.com> arm64: dts: qcom: Add Lenovo Miix 630 Mike Christie <mchristi(a)redhat.com> nbd: verify socket is supported during setup Dan Carpenter <dan.carpenter(a)oracle.com> USB: legousbtower: fix a signedness bug in tower_probe() Thomas Richter <tmricht(a)linux.ibm.com> perf/aux: Fix tracking of auxiliary trace buffer allocation Gustavo A. R. Silva <gustavo(a)embeddedor.com> perf annotate: Fix multiple memory and file descriptor leaks Petr Mladek <pmladek(a)suse.com> tracing: Initialize iter->seq after zeroing in tracing_read_pipe() Christian Borntraeger <borntraeger(a)de.ibm.com> s390/uaccess: avoid (false positive) compiler warnings Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: fix race to sk_err after xs_error_report Chuck Lever <chuck.lever(a)oracle.com> NFSv4: Fix leak of clp->cl_acceptor string Xiubo Li <xiubli(a)redhat.com> nbd: fix possible sysfs duplicate warning Navid Emamdoost <navid.emamdoost(a)gmail.com> virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr Halil Pasic <pasic(a)linux.ibm.com> s390/cio: fix virtio-ccw DMA without PV Thomas Bogendoerfer <tbogendoerfer(a)suse.de> MIPS: fw: sni: Fix out of bounds init of o32 stack Thomas Bogendoerfer <tbogendoerfer(a)suse.de> MIPS: include: Mark __xchg as __always_inline Lorenzo Bianconi <lorenzo(a)kernel.org> iio: imu: st_lsm6dsx: fix waitime for st_lsm6dsx i2c controller Navid Emamdoost <navid.emamdoost(a)gmail.com> iio: imu: adis16400: fix memory leak Navid Emamdoost <navid.emamdoost(a)gmail.com> iio: imu: adis16400: release allocated memory on failure Nirmoy Das <nirmoy.das(a)amd.com> drm/amdgpu: fix memory leak Tom Lendacky <thomas.lendacky(a)amd.com> perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp Song Liu <songliubraving(a)fb.com> perf/core: Fix corner case in perf_rotate_context() Song Liu <songliubraving(a)fb.com> perf/core: Rework memory accounting in perf_mmap() Frederic Weisbecker <frederic(a)kernel.org> sched/vtime: Fix guest/system mis-accounting on task switch Xuewei Zhang <xueweiz(a)google.com> sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision Kan Liang <kan.liang(a)linux.intel.com> x86/cpu: Add Comet Lake to the Intel CPU models header Yunfeng Ye <yeyunfeng(a)huawei.com> arm64: armv8_deprecated: Checking return value for memory allocation Austin Kim <austindh.kim(a)gmail.com> btrfs: silence maybe-uninitialized warning in clone_range Jia-Ju Bai <baijiaju1990(a)gmail.com> fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() Jia-Ju Bai <baijiaju1990(a)gmail.com> fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock() Jia-Ju Bai <baijiaju1990(a)gmail.com> fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry() Jia Guo <guojia12(a)huawei.com> ocfs2: clear zero in unaligned direct IO Boris Ostrovsky <boris.ostrovsky(a)oracle.com> x86/xen: Return from panic notifier Vincent Chen <vincent.chen(a)sifive.com> riscv: Correct the handling of unexpected ebreak in do_trap_break() Vincent Chen <vincent.chen(a)sifive.com> riscv: avoid sending a SIGTRAP to a user thread trapped in WARN() Vincent Chen <vincent.chen(a)sifive.com> riscv: avoid kernel hangs when trapped in BUG() Thomas Bogendoerfer <tbogendoerfer(a)suse.de> MIPS: include: Mark __cmpxchg as __always_inline Dave Young <dyoung(a)redhat.com> efi/x86: Do not clean dummy variable in kexec path Lukas Wunner <lukas(a)wunner.de> efi/cper: Fix endianness of PCIe class code Will Deacon <will(a)kernel.org> arm64: vdso32: Don't use KBUILD_CPPFLAGS unconditionally Will Deacon <will(a)kernel.org> arm64: Default to building compat vDSO with clang when CONFIG_CC_IS_CLANG Adam Ford <aford173(a)gmail.com> serial: 8250_omap: Fix gpio check for auto RTS/CTS Adam Ford <aford173(a)gmail.com> serial: mctrl_gpio: Check for NULL pointer Vincenzo Frascino <vincenzo.frascino(a)arm.com> arm64: vdso32: Detect binutils support for dmb ishld Vincenzo Frascino <vincenzo.frascino(a)arm.com> arm64: vdso32: Fix broken compat vDSO build warnings Austin Kim <austindh.kim(a)gmail.com> fs: cifs: mute -Wunused-const-variable message Thierry Reding <treding(a)nvidia.com> gpio: max77620: Use correct unit for debounce times Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/mlx5: Add missing synchronize_srcu() for MW cases Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/mlx5: Order num_pending_prefetch properly with synchronize_srcu Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/mlx5: Do not allow rereg of a ODP MR Leon Romanovsky <leon(a)kernel.org> RDMA/nldev: Reshuffle the code to avoid need to rebind QP in error path Jack Morgenstein <jackm(a)dev.mellanox.co.il> RDMA/cm: Fix memory leak in cm_add/remove_one Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> RDMA/core: Fix an error handling path in 'res_get_common_doit()' Navid Emamdoost <navid.emamdoost(a)gmail.com> misc: fastrpc: prevent memory leak in fastrpc_dma_buf_attach Randy Dunlap <rdunlap(a)infradead.org> tty: n_hdlc: fix build on SPARC Christoph Hellwig <hch(a)lst.de> serial/sifive: select SERIAL_EARLYCON Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> tty: serial: rda: Fix the link time qualifier of 'rda_uart_exit()' Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> tty: serial: owl: Fix the link time qualifier of 'owl_uart_exit()' James Morse <james.morse(a)arm.com> arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419 James Morse <james.morse(a)arm.com> arm64: Fix incorrect irqflag restore for priority masking for compat Julien Grall <julien.grall(a)arm.com> arm64: cpufeature: Effectively expose FRINT capability to userspace ZhangXiaoxu <zhangxiaoxu5(a)huawei.com> nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request Kees Cook <keescook(a)chromium.org> selftests/kselftest/runner.sh: Add 45 second timeout per test Cristian Marussi <cristian.marussi(a)arm.com> kselftest: exclude failed TARGETS from runlist Dexuan Cui <decui(a)microsoft.com> HID: hyperv: Use in-place iterator API in the channel callback Bart Van Assche <bvanassche(a)acm.org> RDMA/iwcm: Fix a lock inversion issue Potnuri Bharat Teja <bharat(a)chelsio.com> RDMA/iw_cxgb4: fix SRQ access from dump_qp() Navid Emamdoost <navid.emamdoost(a)gmail.com> RDMA/hfi1: Prevent memory leak in sdma_init Krishnamraju Eraparaju <krishna2(a)chelsio.com> RDMA/siw: Fix serialization issue in write_space() Connor Kuehl <connor.kuehl(a)canonical.com> staging: rtl8188eu: fix null dereference when kzalloc fails Arnaldo Carvalho de Melo <acme(a)redhat.com> perf annotate: Don't return -1 for error when doing BPF disassembly Arnaldo Carvalho de Melo <acme(a)redhat.com> perf annotate: Return appropriate error code for allocation failures Arnaldo Carvalho de Melo <acme(a)redhat.com> perf annotate: Fix arch specific ->init() failure errors Arnaldo Carvalho de Melo <acme(a)redhat.com> perf annotate: Propagate the symbol__annotate() error return Arnaldo Carvalho de Melo <acme(a)redhat.com> perf annotate: Fix the signedness of failure returns Arnaldo Carvalho de Melo <acme(a)redhat.com> perf annotate: Propagate perf_env__arch() error Arnaldo Carvalho de Melo <acme(a)redhat.com> perf tools: Propagate get_cpuid() error Andi Kleen <ak(a)linux.intel.com> perf jevents: Fix period for Intel fixed counters Andi Kleen <ak(a)linux.intel.com> perf script brstackinsn: Fix recovery from LBR/binary mismatch Steve MacLean <Steve.MacLean(a)microsoft.com> perf map: Fix overlapped map handling Ian Rogers <irogers(a)google.com> perf tests: Avoid raising SEGV using an obvious NULL dereference Ian Rogers <irogers(a)google.com> libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature Pascal Bouwmann <bouwmann(a)tau-tec.de> iio: fix center temperature of bmc150-accel-core Remi Pommarel <repk(a)triplefau.lt> iio: adc: meson_saradc: Fix memory allocation order Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() Filipe Manana <fdmanana(a)suse.com> Btrfs: fix inode cache block reserve leak on failure to allocate data space Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: rework COW throttling to fix deadlock Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: introduce account_start_copy() and account_end_copy() Jens Axboe <axboe(a)kernel.dk> io_uring: fix up O_NONBLOCK handling for sockets ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 4 + Documentation/scheduler/sched-bwc.rst | 74 ++++-- Makefile | 4 +- arch/arc/kernel/perf_event.c | 4 +- arch/arm64/Kconfig | 2 +- arch/arm64/Makefile | 22 +- arch/arm64/boot/dts/qcom/Makefile | 3 + .../boot/dts/qcom/msm8998-asus-novago-tp370ql.dts | 47 ++++ arch/arm64/boot/dts/qcom/msm8998-clamshell.dtsi | 240 ++++++++++++++++++++ arch/arm64/boot/dts/qcom/msm8998-hp-envy-x2.dts | 30 +++ .../boot/dts/qcom/msm8998-lenovo-miix-630.dts | 30 +++ arch/arm64/include/asm/pgtable-prot.h | 15 +- arch/arm64/include/asm/vdso/compat_barrier.h | 2 +- arch/arm64/kernel/armv8_deprecated.c | 5 + arch/arm64/kernel/cpu_errata.c | 1 + arch/arm64/kernel/cpufeature.c | 1 + arch/arm64/kernel/entry.S | 1 + arch/arm64/kernel/ftrace.c | 12 +- arch/arm64/kernel/vdso32/Makefile | 17 +- arch/mips/fw/sni/sniprom.c | 2 +- arch/mips/include/asm/cmpxchg.h | 9 +- arch/riscv/kernel/traps.c | 14 +- arch/s390/include/asm/uaccess.h | 4 +- arch/s390/include/asm/unwind.h | 1 + arch/s390/kernel/idle.c | 29 ++- arch/s390/kernel/unwind_bc.c | 18 +- arch/s390/mm/cmm.c | 12 +- arch/s390/pci/pci_irq.c | 2 +- arch/um/drivers/ubd_kern.c | 8 +- arch/x86/events/amd/core.c | 30 +-- arch/x86/include/asm/intel-family.h | 3 + arch/x86/kvm/svm.c | 10 +- arch/x86/kvm/vmx/vmx.c | 14 +- arch/x86/platform/efi/efi.c | 3 - arch/x86/xen/enlighten.c | 28 ++- drivers/block/nbd.c | 25 ++- drivers/dma/imx-sdma.c | 8 + drivers/dma/qcom/bam_dma.c | 19 ++ drivers/dma/tegra210-adma.c | 7 + drivers/dma/ti/cppi41.c | 21 +- drivers/firmware/efi/cper.c | 2 +- drivers/gpio/gpio-max77620.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c | 14 +- drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/gfxhub_v2_0.c | 9 + drivers/gpu/drm/amd/amdgpu/mmhub_v2_0.c | 9 + drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 1 + drivers/gpu/drm/amd/powerplay/hwmgr/vega10_hwmgr.c | 4 +- drivers/gpu/drm/i915/display/intel_display.c | 11 +- drivers/gpu/drm/i915/display/intel_dpll_mgr.c | 15 ++ drivers/gpu/drm/i915/i915_drv.h | 2 + drivers/hid/hid-axff.c | 11 +- drivers/hid/hid-core.c | 7 +- drivers/hid/hid-dr.c | 12 +- drivers/hid/hid-emsff.c | 12 +- drivers/hid/hid-gaff.c | 12 +- drivers/hid/hid-holtekff.c | 12 +- drivers/hid/hid-hyperv.c | 56 +---- drivers/hid/hid-lg2ff.c | 12 +- drivers/hid/hid-lg3ff.c | 11 +- drivers/hid/hid-lg4ff.c | 11 +- drivers/hid/hid-lgff.c | 11 +- drivers/hid/hid-logitech-hidpp.c | 248 ++++++++++++--------- drivers/hid/hid-microsoft.c | 12 +- drivers/hid/hid-sony.c | 12 +- drivers/hid/hid-tmff.c | 12 +- drivers/hid/hid-zpff.c | 12 +- drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c | 19 ++ drivers/iio/accel/bmc150-accel-core.c | 2 +- drivers/iio/adc/meson_saradc.c | 10 +- drivers/iio/imu/adis_buffer.c | 10 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_shub.c | 4 +- drivers/infiniband/core/cm.c | 3 + drivers/infiniband/core/cma.c | 3 +- drivers/infiniband/core/nldev.c | 12 +- drivers/infiniband/hw/cxgb4/device.c | 7 +- drivers/infiniband/hw/cxgb4/qp.c | 10 +- drivers/infiniband/hw/hfi1/sdma.c | 5 +- drivers/infiniband/hw/hfi1/tid_rdma.c | 5 - drivers/infiniband/hw/mlx5/devx.c | 58 ++--- drivers/infiniband/hw/mlx5/mlx5_ib.h | 1 - drivers/infiniband/hw/mlx5/mr.c | 32 ++- drivers/infiniband/sw/siw/siw_qp.c | 15 +- drivers/iommu/intel-iommu.c | 2 +- drivers/md/dm-snap.c | 94 ++++++-- drivers/misc/fastrpc.c | 1 + drivers/net/bonding/bond_main.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/mr.c | 8 +- drivers/net/usb/sr9800.c | 2 +- drivers/net/wireless/ath/ath10k/core.c | 15 +- drivers/net/wireless/ath/ath6kl/usb.c | 8 + drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 16 +- drivers/net/wireless/realtek/rtlwifi/pci.c | 3 +- drivers/net/wireless/realtek/rtlwifi/ps.c | 6 + drivers/net/wireless/realtek/rtw88/rtw8822b.c | 2 +- drivers/nfc/pn533/usb.c | 9 +- drivers/s390/cio/cio.h | 1 + drivers/s390/cio/css.c | 7 +- drivers/s390/cio/device.c | 2 +- drivers/scsi/qla2xxx/qla_attr.c | 7 +- drivers/staging/rtl8188eu/os_dep/usb_intf.c | 6 +- drivers/target/iscsi/cxgbit/cxgbit_cm.c | 3 +- drivers/thunderbolt/nhi.c | 22 +- drivers/thunderbolt/tunnel.c | 4 +- drivers/tty/n_hdlc.c | 5 + drivers/tty/serial/8250/8250_omap.c | 5 +- drivers/tty/serial/Kconfig | 1 + drivers/tty/serial/owl-uart.c | 2 +- drivers/tty/serial/rda-uart.c | 2 +- drivers/tty/serial/serial_mctrl_gpio.c | 3 + drivers/usb/gadget/udc/core.c | 11 + drivers/usb/host/xhci-debugfs.c | 24 +- drivers/usb/host/xhci-ring.c | 2 + drivers/usb/host/xhci.c | 54 ++++- drivers/usb/misc/ldusb.c | 6 +- drivers/usb/misc/legousbtower.c | 2 +- drivers/usb/serial/whiteheat.c | 13 +- drivers/usb/serial/whiteheat.h | 2 +- drivers/usb/storage/scsiglue.c | 10 - drivers/usb/storage/uas.c | 20 -- drivers/virt/vboxguest/vboxguest_utils.c | 3 +- drivers/virtio/virtio_ring.c | 7 +- fs/btrfs/ctree.h | 3 +- fs/btrfs/delalloc-space.c | 6 +- fs/btrfs/file.c | 7 +- fs/btrfs/inode-map.c | 5 +- fs/btrfs/inode.c | 12 +- fs/btrfs/ioctl.c | 6 +- fs/btrfs/relocation.c | 9 +- fs/btrfs/send.c | 2 +- fs/cifs/netmisc.c | 4 - fs/fuse/dir.c | 13 ++ fs/fuse/file.c | 10 +- fs/io_uring.c | 58 +++-- fs/nfs/delegation.c | 2 +- fs/nfs/nfs4proc.c | 1 + fs/nfs/write.c | 5 +- fs/ocfs2/aops.c | 25 ++- fs/ocfs2/ioctl.c | 2 +- fs/ocfs2/xattr.c | 56 ++--- include/linux/platform_data/dma-imx-sdma.h | 3 + include/linux/sunrpc/xprtsock.h | 1 + include/net/llc_conn.h | 2 +- include/net/sch_generic.h | 5 + include/trace/events/rxrpc.h | 6 +- kernel/events/core.c | 45 +++- kernel/sched/cputime.c | 6 +- kernel/sched/fair.c | 127 +++-------- kernel/sched/sched.h | 4 - kernel/trace/trace.c | 1 + net/batman-adv/bat_iv_ogm.c | 61 ++++- net/batman-adv/hard-interface.c | 2 + net/batman-adv/types.h | 3 + net/llc/llc_c_ac.c | 8 +- net/llc/llc_conn.c | 32 +-- net/llc/llc_s_ac.c | 12 +- net/llc/llc_sap.c | 23 +- net/netfilter/nf_conntrack_core.c | 4 +- net/rxrpc/peer_object.c | 16 +- net/rxrpc/sendmsg.c | 1 + net/sched/sch_netem.c | 2 +- net/sched/sch_sfb.c | 7 +- net/sunrpc/xprtsock.c | 17 +- net/wireless/nl80211.c | 2 +- sound/core/timer.c | 24 +- sound/firewire/bebob/bebob_stream.c | 3 +- sound/pci/hda/patch_realtek.c | 11 + sound/usb/quirks.c | 13 +- tools/lib/subcmd/Makefile | 8 +- tools/perf/arch/arm/annotate/instructions.c | 4 +- tools/perf/arch/arm64/annotate/instructions.c | 4 +- tools/perf/arch/powerpc/util/header.c | 3 +- tools/perf/arch/s390/annotate/instructions.c | 6 +- tools/perf/arch/s390/util/header.c | 9 +- tools/perf/arch/x86/annotate/instructions.c | 6 +- tools/perf/arch/x86/util/header.c | 3 +- tools/perf/builtin-kvm.c | 7 +- tools/perf/builtin-script.c | 6 +- tools/perf/pmu-events/jevents.c | 12 +- tools/perf/tests/perf-hooks.c | 3 +- tools/perf/util/annotate.c | 35 ++- tools/perf/util/annotate.h | 4 + tools/perf/util/map.c | 3 + tools/testing/selftests/Makefile | 4 + tools/testing/selftests/kselftest/runner.sh | 36 ++- tools/testing/selftests/rtc/settings | 1 + 186 files changed, 1848 insertions(+), 880 deletions(-)

5 years, 8 months

7
173
0 0

[PATCH] media: venus: remove invalid compat_ioctl32 handler

by Arnd Bergmann

v4l2_compat_ioctl32() is the function that calls into v4l2_file_operations->compat_ioctl32(), so setting that back to the same function leads to a trivial endless loop, followed by a kernel stack overrun. Remove the incorrect assignment. Cc: stable(a)vger.kernel.org Fixes: 7472c1c69138 ("[media] media: venus: vdec: add video decoder files") Fixes: aaaa93eda64b ("[media] media: venus: venc: add video encoder files") Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- drivers/media/platform/qcom/venus/vdec.c | 3 --- drivers/media/platform/qcom/venus/venc.c | 3 --- 2 files changed, 6 deletions(-) diff --git a/drivers/media/platform/qcom/venus/vdec.c b/drivers/media/platform/qcom/venus/vdec.c index 7f4660555ddb..59ae7a1e63bc 100644 --- a/drivers/media/platform/qcom/venus/vdec.c +++ b/drivers/media/platform/qcom/venus/vdec.c @@ -1412,9 +1412,6 @@ static const struct v4l2_file_operations vdec_fops = { .unlocked_ioctl = video_ioctl2, .poll = v4l2_m2m_fop_poll, .mmap = v4l2_m2m_fop_mmap, -#ifdef CONFIG_COMPAT - .compat_ioctl32 = v4l2_compat_ioctl32, -#endif }; static int vdec_probe(struct platform_device *pdev) diff --git a/drivers/media/platform/qcom/venus/venc.c b/drivers/media/platform/qcom/venus/venc.c index 1b7fb2d5887c..30028ceb548b 100644 --- a/drivers/media/platform/qcom/venus/venc.c +++ b/drivers/media/platform/qcom/venus/venc.c @@ -1235,9 +1235,6 @@ static const struct v4l2_file_operations venc_fops = { .unlocked_ioctl = video_ioctl2, .poll = v4l2_m2m_fop_poll, .mmap = v4l2_m2m_fop_mmap, -#ifdef CONFIG_COMPAT - .compat_ioctl32 = v4l2_compat_ioctl32, -#endif }; static int venc_probe(struct platform_device *pdev) -- 2.20.0

5 years, 8 months

2
1
0 0

[PATCH] arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default

by Catalin Marinas

Shared and writable mappings (__S.1.) should be clean (!dirty) initially and made dirty on a subsequent write either through the hardware DBM (dirty bit management) mechanism or through a write page fault. A clean pte for the arm64 kernel is one that has PTE_RDONLY set and PTE_DIRTY clear. The PAGE_SHARED{,_EXEC} attributes have PTE_WRITE set (PTE_DBM) and PTE_DIRTY clear. Prior to commit 73e86cb03cf2 ("arm64: Move PTE_RDONLY bit handling out of set_pte_at()"), it was the responsibility of set_pte_at() to set the PTE_RDONLY bit and mark the pte clean if the software PTE_DIRTY bit was not set. However, the above commit removed the pte_sw_dirty() check and the subsequent setting of PTE_RDONLY in set_pte_at() while leaving the PAGE_SHARED{,_EXEC} definitions unchanged. The result is that shared+writable mappings are now dirty by default Fix the above by explicitly setting PTE_RDONLY in PAGE_SHARED{,_EXEC}. In addition, remove the superfluous PTE_DIRTY bit from the kernel PROT_* attributes. Fixes: 73e86cb03cf2 ("arm64: Move PTE_RDONLY bit handling out of set_pte_at()") Cc: <stable(a)vger.kernel.org> # 4.14.x- Cc: Will Deacon <will(a)kernel.org> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> --- arch/arm64/include/asm/pgtable-prot.h | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h index 9a21b84536f2..8dc6c5cdabe6 100644 --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -32,11 +32,11 @@ #define PROT_DEFAULT (_PROT_DEFAULT | PTE_MAYBE_NG) #define PROT_SECT_DEFAULT (_PROT_SECT_DEFAULT | PMD_MAYBE_NG) -#define PROT_DEVICE_nGnRnE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRnE)) -#define PROT_DEVICE_nGnRE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRE)) -#define PROT_NORMAL_NC (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL_NC)) -#define PROT_NORMAL_WT (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL_WT)) -#define PROT_NORMAL (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL)) +#define PROT_DEVICE_nGnRnE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRnE)) +#define PROT_DEVICE_nGnRE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRE)) +#define PROT_NORMAL_NC (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL_NC)) +#define PROT_NORMAL_WT (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL_WT)) +#define PROT_NORMAL (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL)) #define PROT_SECT_DEVICE_nGnRE (PROT_SECT_DEFAULT | PMD_SECT_PXN | PMD_SECT_UXN | PMD_ATTRINDX(MT_DEVICE_nGnRE)) #define PROT_SECT_NORMAL (PROT_SECT_DEFAULT | PMD_SECT_PXN | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL)) @@ -80,8 +80,9 @@ #define PAGE_S2_DEVICE __pgprot(_PROT_DEFAULT | PAGE_S2_MEMATTR(DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_S2_XN) #define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN) -#define PAGE_SHARED __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN | PTE_WRITE) -#define PAGE_SHARED_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_WRITE) +/* shared+writable pages are clean by default, hence PTE_RDONLY|PTE_WRITE */ +#define PAGE_SHARED __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN | PTE_WRITE) +#define PAGE_SHARED_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_WRITE) #define PAGE_READONLY __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN) #define PAGE_READONLY_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN) #define PAGE_EXECONLY __pgprot(_PAGE_DEFAULT | PTE_RDONLY | PTE_NG | PTE_PXN)

5 years, 8 months

3
11
0 0

[PATCH] drm/i915/userptr: Try to acquire the page lock around set_page_dirty()

by Chris Wilson

set_page_dirty says: For pages with a mapping this should be done under the page lock for the benefit of asynchronous memory errors who prefer a consistent dirty state. This rule can be broken in some special cases, but should be better not to. Under those rules, it is only safe for us to use the plain set_page_dirty calls for shmemfs/anonymous memory. Userptr may be used with real mappings and so needs to use the locked version (set_page_dirty_lock). However, following a try_to_unmap() we may want to remove the userptr and so call put_pages(). However, try_to_unmap() acquires the page lock and so we must avoid recursively locking the pages ourselves -- which means that we cannot safely acquire the lock around set_page_dirty(). Since we can't be sure of the lock, we have to risk skip dirtying the page, or else risk calling set_page_dirty() without a lock and so risk fs corruption. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=203317 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=112012 Fixes: 5cc9ed4b9a7a ("drm/i915: Introduce mapping of user pages into video m References: cb6d7c7dc7ff ("drm/i915/userptr: Acquire the page lock around set_page_dirty()") References: 505a8ec7e11a ("Revert "drm/i915/userptr: Acquire the page lock around set_page_dirty()"") References: 6dcc693bc57f ("ext4: warn when page is dirtied without buffers") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 22 ++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c index 1e045c337044..4c72d74d6576 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c @@ -646,8 +646,28 @@ i915_gem_userptr_put_pages(struct drm_i915_gem_object *obj, obj->mm.dirty = false; for_each_sgt_page(page, sgt_iter, pages) { - if (obj->mm.dirty) + if (obj->mm.dirty && trylock_page(page)) { + /* + * As this may not be anonymous memory (e.g. shmem) + * but exist on a real mapping, we have to lock + * the page in order to dirty it -- holding + * the page reference is not sufficient to + * prevent the inode from being truncated. + * Play safe and take the lock. + * + * However...! + * + * The mmu-notifier can be invalidated for a + * migrate_page, that is alreadying holding the lock + * on the page. Such a try_to_unmap() will result + * in us calling put_pages() and so recursively try + * to lock the page. We avoid that deadlock with + * a trylock_page() and in exchange we risk missing + * some page dirtying. + */ set_page_dirty(page); + unlock_page(page); + } mark_page_accessed(page); put_page(page); -- 2.24.0

5 years, 8 months

1
0
0 0

[PATCH 1/5] drm/i915/userptr: Beware recursive lock_page()

by Chris Wilson

Following a try_to_unmap() we may want to remove the userptr and so call put_pages(). However, try_to_unmap() acquires the page lock and so we must avoid recursively locking the pages ourselves -- which means that we cannot safely acquire the lock around set_page_dirty(). Since we can't be sure of the lock, we have to risk skip dirtying the page, or else risk calling set_page_dirty() without a lock and so risk fs corruption. Reported-by: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> Fixes: cb6d7c7dc7ff ("drm/i915/userptr: Acquire the page lock around set_page_dirty()") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c index b9d2bb15e4a6..1ad2047a6dbd 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c @@ -672,7 +672,7 @@ i915_gem_userptr_put_pages(struct drm_i915_gem_object *obj, obj->mm.dirty = false; for_each_sgt_page(page, sgt_iter, pages) { - if (obj->mm.dirty) + if (obj->mm.dirty && trylock_page(page)) { /* * As this may not be anonymous memory (e.g. shmem) * but exist on a real mapping, we have to lock @@ -680,8 +680,20 @@ i915_gem_userptr_put_pages(struct drm_i915_gem_object *obj, * the page reference is not sufficient to * prevent the inode from being truncated. * Play safe and take the lock. + * + * However...! + * + * The mmu-notifier can be invalidated for a + * migrate_page, that is alreadying holding the lock + * on the page. Such a try_to_unmap() will result + * in us calling put_pages() and so recursively try + * to lock the page. We avoid that deadlock with + * a trylock_page() and in exchange we risk missing + * some page dirtying. */ - set_page_dirty_lock(page); + set_page_dirty(page); + unlock_page(page); + } mark_page_accessed(page); put_page(page); -- 2.22.0

5 years, 8 months

3
15
0 0

[patch 17/17] mm: memcontrol: fix network errors from failing __GFP_ATOMIC charges

by akpm＠linux-foundation.org

From: Johannes Weiner <hannes(a)cmpxchg.org> Subject: mm: memcontrol: fix network errors from failing __GFP_ATOMIC charges While upgrading from 4.16 to 5.2, we noticed these allocation errors in the log of the new kernel: [ 8642.253395] SLUB: Unable to allocate memory on node -1, gfp=0xa20(GFP_ATOMIC) [ 8642.269170] cache: tw_sock_TCPv6(960:helper-logs), object size: 232, buffer size: 240, default order: 1, min order: 0 [ 8642.293009] node 0: slabs: 5, objs: 170, free: 0 slab_out_of_memory+1 ___slab_alloc+969 __slab_alloc+14 kmem_cache_alloc+346 inet_twsk_alloc+60 tcp_time_wait+46 tcp_fin+206 tcp_data_queue+2034 tcp_rcv_state_process+784 tcp_v6_do_rcv+405 __release_sock+118 tcp_close+385 inet_release+46 __sock_release+55 sock_close+17 __fput+170 task_work_run+127 exit_to_usermode_loop+191 do_syscall_64+212 entry_SYSCALL_64_after_hwframe+68 accompanied by an increase in machines going completely radio silent under memory pressure. One thing that changed since 4.16 is e699e2c6a654 ("net, mm: account sock objects to kmemcg"), which made these slab caches subject to cgroup memory accounting and control. The problem with that is that cgroups, unlike the page allocator, do not maintain dedicated atomic reserves. As a cgroup's usage hovers at its limit, atomic allocations - such as done during network rx - can fail consistently for extended periods of time. The kernel is not able to operate under these conditions. We don't want to revert the culprit patch, because it indeed tracks a potentially substantial amount of memory used by a cgroup. We also don't want to implement dedicated atomic reserves for cgroups. There is no point in keeping a fixed margin of unused bytes in the cgroup's memory budget to accomodate a consumer that is impossible to predict - we'd be wasting memory and get into configuration headaches, not unlike what we have going with min_free_kbytes. We do this for physical mem because we have to, but cgroups are an accounting game. Instead, account these privileged allocations to the cgroup, but let them bypass the configured limit if they have to. This way, we get the benefits of accounting the consumed memory and have it exert pressure on the rest of the cgroup, but like with the page allocator, we shift the burden of reclaimining on behalf of atomic allocations onto the regular allocations that can block. Link: http://lkml.kernel.org/r/20191022233708.365764-1-hannes@cmpxchg.org Fixes: e699e2c6a654 ("net, mm: account sock objects to kmemcg") Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Reviewed-by: Shakeel Butt <shakeelb(a)google.com> Cc: Suleiman Souhlal <suleiman(a)google.com> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: <stable(a)vger.kernel.org> [4.18+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memcontrol.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/mm/memcontrol.c~mm-memcontrol-fix-network-errors-from-failing-__gfp_atomic-charges +++ a/mm/memcontrol.c @@ -2535,6 +2535,15 @@ retry: } /* + * Memcg doesn't have a dedicated reserve for atomic + * allocations. But like the global atomic pool, we need to + * put the burden of reclaim on regular allocation requests + * and let these go through as privileged allocations. + */ + if (gfp_mask & __GFP_ATOMIC) + goto force; + + /* * Unlike in global OOM situations, memcg is not in a physical * memory shortage. Allow dying and OOM-killed tasks to * bypass the last charges so that they can exit quickly and _

5 years, 8 months

1
0
0 0

[patch 14/17] mm: slab: make page_cgroup_ino() to recognize non-compound slab pages properly

by akpm＠linux-foundation.org

From: Roman Gushchin <guro(a)fb.com> Subject: mm: slab: make page_cgroup_ino() to recognize non-compound slab pages properly page_cgroup_ino() doesn't return a valid memcg pointer for non-compound slab pages, because it depends on PgHead AND PgSlab flags to be set to determine the memory cgroup from the kmem_cache. It's correct for compound pages, but not for generic small pages. Those don't have PgHead set, so it ends up returning zero. Fix this by replacing the condition to PageSlab() && !PageTail(). Before this patch: [root@localhost ~]# ./page-types -c /sys/fs/cgroup/user.slice/user-0.slice/user(a)0.service/ | grep slab 0x0000000000000080 38 0 _______S___________________________________ slab After this patch: [root@localhost ~]# ./page-types -c /sys/fs/cgroup/user.slice/user-0.slice/user(a)0.service/ | grep slab 0x0000000000000080 147 0 _______S___________________________________ slab Also, hwpoison_filter_task() uses output of page_cgroup_ino() in order to filter error injection events based on memcg. So if page_cgroup_ino() fails to return memcg pointer, we just fail to inject memory error. Considering that hwpoison filter is for testing, affected users are limited and the impact should be marginal. [n-horiguchi(a)ah.jp.nec.com: changelog additions] Link: http://lkml.kernel.org/r/20191031012151.2722280-1-guro@fb.com Fixes: 4d96ba353075 ("mm: memcg/slab: stop setting page->mem_cgroup pointer for slab pages") Signed-off-by: Roman Gushchin <guro(a)fb.com> Reviewed-by: Shakeel Butt <shakeelb(a)google.com> Acked-by: David Rientjes <rientjes(a)google.com> Cc: Vladimir Davydov <vdavydov.dev(a)gmail.com> Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memcontrol.c | 2 +- mm/slab.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) --- a/mm/memcontrol.c~mm-slab-make-page_cgroup_ino-to-recognize-non-compound-slab-pages-properly +++ a/mm/memcontrol.c @@ -484,7 +484,7 @@ ino_t page_cgroup_ino(struct page *page) unsigned long ino = 0; rcu_read_lock(); - if (PageHead(page) && PageSlab(page)) + if (PageSlab(page) && !PageTail(page)) memcg = memcg_from_slab_page(page); else memcg = READ_ONCE(page->mem_cgroup); --- a/mm/slab.h~mm-slab-make-page_cgroup_ino-to-recognize-non-compound-slab-pages-properly +++ a/mm/slab.h @@ -323,8 +323,8 @@ static inline struct kmem_cache *memcg_r * Expects a pointer to a slab page. Please note, that PageSlab() check * isn't sufficient, as it returns true also for tail compound slab pages, * which do not have slab_cache pointer set. - * So this function assumes that the page can pass PageHead() and PageSlab() - * checks. + * So this function assumes that the page can pass PageSlab() && !PageTail() + * check. * * The kmem_cache can be reparented asynchronously. The caller must ensure * the memcg lifetime, e.g. by taking rcu_read_lock() or cgroup_mutex. _

5 years, 8 months

1
0
0 0

[patch 12/17] dump_stack: avoid the livelock of the dump_lock

by akpm＠linux-foundation.org

From: Kevin Hao <haokexin(a)gmail.com> Subject: dump_stack: avoid the livelock of the dump_lock In the current code, we use the atomic_cmpxchg() to serialize the output of the dump_stack(), but this implementation suffers the thundering herd problem. We have observed such kind of livelock on a Marvell cn96xx board(24 cpus) when heavily using the dump_stack() in a kprobe handler. Actually we can let the competitors to wait for the releasing of the lock before jumping to atomic_cmpxchg(). This will definitely mitigate the thundering herd problem. Thanks Linus for the suggestion. [akpm(a)linux-foundation.org: fix comment] Link: http://lkml.kernel.org/r/20191030031637.6025-1-haokexin@gmail.com Fixes: b58d977432c8 ("dump_stack: serialize the output from dump_stack()") Signed-off-by: Kevin Hao <haokexin(a)gmail.com> Suggested-by: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/dump_stack.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/lib/dump_stack.c~dump_stack-avoid-the-livelock-of-the-dump_lock +++ a/lib/dump_stack.c @@ -106,7 +106,12 @@ retry: was_locked = 1; } else { local_irq_restore(flags); - cpu_relax(); + /* + * Wait for the lock to release before jumping to + * atomic_cmpxchg() in order to mitigate the thundering herd + * problem. + */ + do { cpu_relax(); } while (atomic_read(&dump_lock) != -1); goto retry; } _

5 years, 8 months

1
0
0 0

[patch 09/17] mm/khugepaged: fix might_sleep() warn with CONFIG_HIGHPTE=y

by akpm＠linux-foundation.org

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Subject: mm/khugepaged: fix might_sleep() warn with CONFIG_HIGHPTE=y I got some khugepaged spew on a 32bit x86: [ 217.490026] BUG: sleeping function called from invalid context at include/linux/mmu_notifier.h:346 [ 217.492826] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 25, name: khugepaged [ 217.495589] INFO: lockdep is turned off. [ 217.498371] CPU: 1 PID: 25 Comm: khugepaged Not tainted 5.4.0-rc5-elk+ #206 [ 217.501233] Hardware name: System manufacturer P5Q-EM/P5Q-EM, BIOS 2203 07/08/2009 [ 217.501697] Call Trace: [ 217.501697] dump_stack+0x66/0x8e [ 217.501697] ___might_sleep.cold.96+0x95/0xa6 [ 217.501697] __might_sleep+0x2e/0x80 [ 217.501697] collapse_huge_page.isra.51+0x5ac/0x1360 [ 217.501697] ? __alloc_pages_nodemask+0xec/0xf80 [ 217.501697] ? __alloc_pages_nodemask+0x191/0xf80 [ 217.501697] ? trace_hardirqs_on+0x4a/0xf0 [ 217.501697] khugepaged+0x9a9/0x20f0 [ 217.501697] ? _raw_spin_unlock+0x21/0x30 [ 217.501697] ? trace_hardirqs_on+0x4a/0xf0 [ 217.501697] ? wait_woken+0xa0/0xa0 [ 217.501697] kthread+0xf5/0x110 [ 217.501697] ? collapse_pte_mapped_thp+0x3b0/0x3b0 [ 217.501697] ? kthread_create_worker_on_cpu+0x20/0x20 [ 217.501697] ret_from_fork+0x2e/0x38 Looks like it's due to CONFIG_HIGHPTE=y pte_offset_map()->kmap_atomic() vs. mmu_notifier_invalidate_range_start(). Let's do the naive approach and just reorder the two operations. Link: http://lkml.kernel.org/r/20191029201513.GG1208@intel.com Fixes: 810e24e009cf71 ("mm/mmu_notifiers: annotate with might_sleep()") Signed-off-by: Ville Syrjl <ville.syrjala(a)linux.intel.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Jérôme Glisse <jglisse(a)redhat.com> Cc: Ralph Campbell <rcampbell(a)nvidia.com> Cc: Ira Weiny <ira.weiny(a)intel.com> Cc: Jason Gunthorpe <jgg(a)mellanox.com> Cc: Daniel Vetter <daniel.vetter(a)intel.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/khugepaged.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/mm/khugepaged.c~khugepaged-might_sleep-warn-due-to-config_highpte=y +++ a/mm/khugepaged.c @@ -1028,12 +1028,13 @@ static void collapse_huge_page(struct mm anon_vma_lock_write(vma->anon_vma); - pte = pte_offset_map(pmd, address); - pte_ptl = pte_lockptr(mm, pmd); - mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, NULL, mm, address, address + HPAGE_PMD_SIZE); mmu_notifier_invalidate_range_start(&range); + + pte = pte_offset_map(pmd, address); + pte_ptl = pte_lockptr(mm, pmd); + pmd_ptl = pmd_lock(mm, pmd); /* probably unnecessary */ /* * After this gup_fast can't run anymore. This also removes _

5 years, 8 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror