- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] mm/memory_hotplug: don't access uninitialized memmaps in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7ce700bf11b5e2cb84e4352bbdf2123a7a239c84 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Thu, 21 Nov 2019 17:53:56 -0800 Subject: [PATCH] mm/memory_hotplug: don't access uninitialized memmaps in shrink_zone_span() Let's limit shrinking to !ZONE_DEVICE so we can fix the current code. We should never try to touch the memmap of offline sections where we could have uninitialized memmaps and could trigger BUGs when calling page_to_nid() on poisoned pages. There is no reliable way to distinguish an uninitialized memmap from an initialized memmap that belongs to ZONE_DEVICE, as we don't have anything like SECTION_IS_ONLINE we can use similar to pfn_to_online_section() for !ZONE_DEVICE memory. E.g., set_zone_contiguous() similarly relies on pfn_to_online_section() and will therefore never set a ZONE_DEVICE zone consecutive. Stopping to shrink the ZONE_DEVICE therefore results in no observable changes, besides /proc/zoneinfo indicating different boundaries - something we can totally live with. Before commit d0dc12e86b31 ("mm/memory_hotplug: optimize memory hotplug"), the memmap was initialized with 0 and the node with the right value. So the zone might be wrong but not garbage. After that commit, both the zone and the node will be garbage when touching uninitialized memmaps. Toshiki reported a BUG (race between delayed initialization of ZONE_DEVICE memmaps without holding the memory hotplug lock and concurrent zone shrinking). https://lkml.org/lkml/2019/11/14/1040 "Iteration of create and destroy namespace causes the panic as below: kernel BUG at mm/page_alloc.c:535! CPU: 7 PID: 2766 Comm: ndctl Not tainted 5.4.0-rc4 #6 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org 04/01/2014 RIP: 0010:set_pfnblock_flags_mask+0x95/0xf0 Call Trace: memmap_init_zone_device+0x165/0x17c memremap_pages+0x4c1/0x540 devm_memremap_pages+0x1d/0x60 pmem_attach_disk+0x16b/0x600 [nd_pmem] nvdimm_bus_probe+0x69/0x1c0 really_probe+0x1c2/0x3e0 driver_probe_device+0xb4/0x100 device_driver_attach+0x4f/0x60 bind_store+0xc9/0x110 kernfs_fop_write+0x116/0x190 vfs_write+0xa5/0x1a0 ksys_write+0x59/0xd0 do_syscall_64+0x5b/0x180 entry_SYSCALL_64_after_hwframe+0x44/0xa9 While creating a namespace and initializing memmap, if you destroy the namespace and shrink the zone, it will initialize the memmap outside the zone and trigger VM_BUG_ON_PAGE(!zone_spans_pfn(page_zone(page), pfn), page) in set_pfnblock_flags_mask()." This BUG is also mitigated by this commit, where we for now stop to shrink the ZONE_DEVICE zone until we can do it in a safe and clean way. Link: http://lkml.kernel.org/r/20191006085646.5768-5-david@redhat.com Fixes: f1dd2cd13c4b ("mm, memory_hotplug: do not associate hotadded memory to zones until online") [visible after d0dc12e86b319] Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> Reported-by: Toshiki Fukasawa <t-fukasawa(a)vx.jp.nec.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: David Hildenbrand <david(a)redhat.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Pavel Tatashin <pasha.tatashin(a)soleen.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Alexander Duyck <alexander.h.duyck(a)linux.intel.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Christian Borntraeger <borntraeger(a)de.ibm.com> Cc: Christophe Leroy <christophe.leroy(a)c-s.fr> Cc: Damian Tometzki <damian.tometzki(a)gmail.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Fenghua Yu <fenghua.yu(a)intel.com> Cc: Gerald Schaefer <gerald.schaefer(a)de.ibm.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Halil Pasic <pasic(a)linux.ibm.com> Cc: Heiko Carstens <heiko.carstens(a)de.ibm.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Ira Weiny <ira.weiny(a)intel.com> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Jun Yao <yaojun8558363(a)gmail.com> Cc: Logan Gunthorpe <logang(a)deltatee.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Masahiro Yamada <yamada.masahiro(a)socionext.com> Cc: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Mike Rapoport <rppt(a)linux.ibm.com> Cc: Pankaj Gupta <pagupta(a)redhat.com> Cc: Paul Mackerras <paulus(a)samba.org> Cc: Pavel Tatashin <pavel.tatashin(a)microsoft.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Qian Cai <cai(a)lca.pw> Cc: Rich Felker <dalias(a)libc.org> Cc: Robin Murphy <robin.murphy(a)arm.com> Cc: Steve Capper <steve.capper(a)arm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: Tony Luck <tony.luck(a)intel.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Wei Yang <richard.weiyang(a)gmail.com> Cc: Wei Yang <richardw.yang(a)linux.intel.com> Cc: Will Deacon <will(a)kernel.org> Cc: Yoshinori Sato <ysato(a)users.sourceforge.jp> Cc: Yu Zhao <yuzhao(a)google.com> Cc: <stable(a)vger.kernel.org> [4.13+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index 3b62a9ff8ea0..f307bd82d750 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -331,7 +331,7 @@ static unsigned long find_smallest_section_pfn(int nid, struct zone *zone, unsigned long end_pfn) { for (; start_pfn < end_pfn; start_pfn += PAGES_PER_SUBSECTION) { - if (unlikely(!pfn_valid(start_pfn))) + if (unlikely(!pfn_to_online_page(start_pfn))) continue; if (unlikely(pfn_to_nid(start_pfn) != nid)) @@ -356,7 +356,7 @@ static unsigned long find_biggest_section_pfn(int nid, struct zone *zone, /* pfn is the end pfn of a memory section. */ pfn = end_pfn - 1; for (; pfn >= start_pfn; pfn -= PAGES_PER_SUBSECTION) { - if (unlikely(!pfn_valid(pfn))) + if (unlikely(!pfn_to_online_page(pfn))) continue; if (unlikely(pfn_to_nid(pfn) != nid)) @@ -415,7 +415,7 @@ static void shrink_zone_span(struct zone *zone, unsigned long start_pfn, */ pfn = zone_start_pfn; for (; pfn < zone_end_pfn; pfn += PAGES_PER_SUBSECTION) { - if (unlikely(!pfn_valid(pfn))) + if (unlikely(!pfn_to_online_page(pfn))) continue; if (page_zone(pfn_to_page(pfn)) != zone) @@ -471,6 +471,16 @@ static void __remove_zone(struct zone *zone, unsigned long start_pfn, struct pglist_data *pgdat = zone->zone_pgdat; unsigned long flags; +#ifdef CONFIG_ZONE_DEVICE + /* + * Zone shrinking code cannot properly deal with ZONE_DEVICE. So + * we will not try to shrink the zones - which is okay as + * set_zone_contiguous() cannot deal with ZONE_DEVICE either way. + */ + if (zone_idx(zone) == ZONE_DEVICE) + return; +#endif + pgdat_resize_lock(zone->zone_pgdat, &flags); shrink_zone_span(zone, start_pfn, start_pfn + nr_pages); update_pgdat_span(pgdat);

5 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] mm/memory_hotplug: don't access uninitialized memmaps in" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7ce700bf11b5e2cb84e4352bbdf2123a7a239c84 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Thu, 21 Nov 2019 17:53:56 -0800 Subject: [PATCH] mm/memory_hotplug: don't access uninitialized memmaps in shrink_zone_span() Let's limit shrinking to !ZONE_DEVICE so we can fix the current code. We should never try to touch the memmap of offline sections where we could have uninitialized memmaps and could trigger BUGs when calling page_to_nid() on poisoned pages. There is no reliable way to distinguish an uninitialized memmap from an initialized memmap that belongs to ZONE_DEVICE, as we don't have anything like SECTION_IS_ONLINE we can use similar to pfn_to_online_section() for !ZONE_DEVICE memory. E.g., set_zone_contiguous() similarly relies on pfn_to_online_section() and will therefore never set a ZONE_DEVICE zone consecutive. Stopping to shrink the ZONE_DEVICE therefore results in no observable changes, besides /proc/zoneinfo indicating different boundaries - something we can totally live with. Before commit d0dc12e86b31 ("mm/memory_hotplug: optimize memory hotplug"), the memmap was initialized with 0 and the node with the right value. So the zone might be wrong but not garbage. After that commit, both the zone and the node will be garbage when touching uninitialized memmaps. Toshiki reported a BUG (race between delayed initialization of ZONE_DEVICE memmaps without holding the memory hotplug lock and concurrent zone shrinking). https://lkml.org/lkml/2019/11/14/1040 "Iteration of create and destroy namespace causes the panic as below: kernel BUG at mm/page_alloc.c:535! CPU: 7 PID: 2766 Comm: ndctl Not tainted 5.4.0-rc4 #6 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org 04/01/2014 RIP: 0010:set_pfnblock_flags_mask+0x95/0xf0 Call Trace: memmap_init_zone_device+0x165/0x17c memremap_pages+0x4c1/0x540 devm_memremap_pages+0x1d/0x60 pmem_attach_disk+0x16b/0x600 [nd_pmem] nvdimm_bus_probe+0x69/0x1c0 really_probe+0x1c2/0x3e0 driver_probe_device+0xb4/0x100 device_driver_attach+0x4f/0x60 bind_store+0xc9/0x110 kernfs_fop_write+0x116/0x190 vfs_write+0xa5/0x1a0 ksys_write+0x59/0xd0 do_syscall_64+0x5b/0x180 entry_SYSCALL_64_after_hwframe+0x44/0xa9 While creating a namespace and initializing memmap, if you destroy the namespace and shrink the zone, it will initialize the memmap outside the zone and trigger VM_BUG_ON_PAGE(!zone_spans_pfn(page_zone(page), pfn), page) in set_pfnblock_flags_mask()." This BUG is also mitigated by this commit, where we for now stop to shrink the ZONE_DEVICE zone until we can do it in a safe and clean way. Link: http://lkml.kernel.org/r/20191006085646.5768-5-david@redhat.com Fixes: f1dd2cd13c4b ("mm, memory_hotplug: do not associate hotadded memory to zones until online") [visible after d0dc12e86b319] Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> Reported-by: Toshiki Fukasawa <t-fukasawa(a)vx.jp.nec.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: David Hildenbrand <david(a)redhat.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Pavel Tatashin <pasha.tatashin(a)soleen.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Alexander Duyck <alexander.h.duyck(a)linux.intel.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Christian Borntraeger <borntraeger(a)de.ibm.com> Cc: Christophe Leroy <christophe.leroy(a)c-s.fr> Cc: Damian Tometzki <damian.tometzki(a)gmail.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Fenghua Yu <fenghua.yu(a)intel.com> Cc: Gerald Schaefer <gerald.schaefer(a)de.ibm.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Halil Pasic <pasic(a)linux.ibm.com> Cc: Heiko Carstens <heiko.carstens(a)de.ibm.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Ira Weiny <ira.weiny(a)intel.com> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Jun Yao <yaojun8558363(a)gmail.com> Cc: Logan Gunthorpe <logang(a)deltatee.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Masahiro Yamada <yamada.masahiro(a)socionext.com> Cc: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Mike Rapoport <rppt(a)linux.ibm.com> Cc: Pankaj Gupta <pagupta(a)redhat.com> Cc: Paul Mackerras <paulus(a)samba.org> Cc: Pavel Tatashin <pavel.tatashin(a)microsoft.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Qian Cai <cai(a)lca.pw> Cc: Rich Felker <dalias(a)libc.org> Cc: Robin Murphy <robin.murphy(a)arm.com> Cc: Steve Capper <steve.capper(a)arm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: Tony Luck <tony.luck(a)intel.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Wei Yang <richard.weiyang(a)gmail.com> Cc: Wei Yang <richardw.yang(a)linux.intel.com> Cc: Will Deacon <will(a)kernel.org> Cc: Yoshinori Sato <ysato(a)users.sourceforge.jp> Cc: Yu Zhao <yuzhao(a)google.com> Cc: <stable(a)vger.kernel.org> [4.13+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index 3b62a9ff8ea0..f307bd82d750 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -331,7 +331,7 @@ static unsigned long find_smallest_section_pfn(int nid, struct zone *zone, unsigned long end_pfn) { for (; start_pfn < end_pfn; start_pfn += PAGES_PER_SUBSECTION) { - if (unlikely(!pfn_valid(start_pfn))) + if (unlikely(!pfn_to_online_page(start_pfn))) continue; if (unlikely(pfn_to_nid(start_pfn) != nid)) @@ -356,7 +356,7 @@ static unsigned long find_biggest_section_pfn(int nid, struct zone *zone, /* pfn is the end pfn of a memory section. */ pfn = end_pfn - 1; for (; pfn >= start_pfn; pfn -= PAGES_PER_SUBSECTION) { - if (unlikely(!pfn_valid(pfn))) + if (unlikely(!pfn_to_online_page(pfn))) continue; if (unlikely(pfn_to_nid(pfn) != nid)) @@ -415,7 +415,7 @@ static void shrink_zone_span(struct zone *zone, unsigned long start_pfn, */ pfn = zone_start_pfn; for (; pfn < zone_end_pfn; pfn += PAGES_PER_SUBSECTION) { - if (unlikely(!pfn_valid(pfn))) + if (unlikely(!pfn_to_online_page(pfn))) continue; if (page_zone(pfn_to_page(pfn)) != zone) @@ -471,6 +471,16 @@ static void __remove_zone(struct zone *zone, unsigned long start_pfn, struct pglist_data *pgdat = zone->zone_pgdat; unsigned long flags; +#ifdef CONFIG_ZONE_DEVICE + /* + * Zone shrinking code cannot properly deal with ZONE_DEVICE. So + * we will not try to shrink the zones - which is okay as + * set_zone_contiguous() cannot deal with ZONE_DEVICE either way. + */ + if (zone_idx(zone) == ZONE_DEVICE) + return; +#endif + pgdat_resize_lock(zone->zone_pgdat, &flags); shrink_zone_span(zone, start_pfn, start_pfn + nr_pages); update_pgdat_span(pgdat);

5 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] virtio_ring: fix return code on DMA mapping fails" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From f7728002c1c7bfa787b276a31c3ef458739b8e7c Mon Sep 17 00:00:00 2001 From: Halil Pasic <pasic(a)linux.ibm.com> Date: Thu, 14 Nov 2019 13:46:46 +0100 Subject: [PATCH] virtio_ring: fix return code on DMA mapping fails Commit 780bc7903a32 ("virtio_ring: Support DMA APIs") makes virtqueue_add() return -EIO when we fail to map our I/O buffers. This is a very realistic scenario for guests with encrypted memory, as swiotlb may run out of space, depending on it's size and the I/O load. The virtio-blk driver interprets -EIO form virtqueue_add() as an IO error, despite the fact that swiotlb full is in absence of bugs a recoverable condition. Let us change the return code to -ENOMEM, and make the block layer recover form these failures when virtio-blk encounters the condition described above. Cc: stable(a)vger.kernel.org Fixes: 780bc7903a32 ("virtio_ring: Support DMA APIs") Signed-off-by: Halil Pasic <pasic(a)linux.ibm.com> Tested-by: Michael Mueller <mimu(a)linux.ibm.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c index a8041e451e9e..867c7ebd3f10 100644 --- a/drivers/virtio/virtio_ring.c +++ b/drivers/virtio/virtio_ring.c @@ -583,7 +583,7 @@ static inline int virtqueue_add_split(struct virtqueue *_vq, kfree(desc); END_USE(vq); - return -EIO; + return -ENOMEM; } static bool virtqueue_kick_prepare_split(struct virtqueue *_vq) @@ -1085,7 +1085,7 @@ static int virtqueue_add_indirect_packed(struct vring_virtqueue *vq, kfree(desc); END_USE(vq); - return -EIO; + return -ENOMEM; } static inline int virtqueue_add_packed(struct virtqueue *_vq,

5 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] virtio_ring: fix return code on DMA mapping fails" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From f7728002c1c7bfa787b276a31c3ef458739b8e7c Mon Sep 17 00:00:00 2001 From: Halil Pasic <pasic(a)linux.ibm.com> Date: Thu, 14 Nov 2019 13:46:46 +0100 Subject: [PATCH] virtio_ring: fix return code on DMA mapping fails Commit 780bc7903a32 ("virtio_ring: Support DMA APIs") makes virtqueue_add() return -EIO when we fail to map our I/O buffers. This is a very realistic scenario for guests with encrypted memory, as swiotlb may run out of space, depending on it's size and the I/O load. The virtio-blk driver interprets -EIO form virtqueue_add() as an IO error, despite the fact that swiotlb full is in absence of bugs a recoverable condition. Let us change the return code to -ENOMEM, and make the block layer recover form these failures when virtio-blk encounters the condition described above. Cc: stable(a)vger.kernel.org Fixes: 780bc7903a32 ("virtio_ring: Support DMA APIs") Signed-off-by: Halil Pasic <pasic(a)linux.ibm.com> Tested-by: Michael Mueller <mimu(a)linux.ibm.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c index a8041e451e9e..867c7ebd3f10 100644 --- a/drivers/virtio/virtio_ring.c +++ b/drivers/virtio/virtio_ring.c @@ -583,7 +583,7 @@ static inline int virtqueue_add_split(struct virtqueue *_vq, kfree(desc); END_USE(vq); - return -EIO; + return -ENOMEM; } static bool virtqueue_kick_prepare_split(struct virtqueue *_vq) @@ -1085,7 +1085,7 @@ static int virtqueue_add_indirect_packed(struct vring_virtqueue *vq, kfree(desc); END_USE(vq); - return -EIO; + return -ENOMEM; } static inline int virtqueue_add_packed(struct virtqueue *_vq,

5 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] virtio_console: allocate inbufs in add_port() only if it is" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From d791cfcbf98191122af70b053a21075cb450d119 Mon Sep 17 00:00:00 2001 From: Laurent Vivier <lvivier(a)redhat.com> Date: Thu, 14 Nov 2019 13:25:48 +0100 Subject: [PATCH] virtio_console: allocate inbufs in add_port() only if it is needed When we hot unplug a virtserialport and then try to hot plug again, it fails: (qemu) chardev-add socket,id=serial0,path=/tmp/serial0,server,nowait (qemu) device_add virtserialport,bus=virtio-serial0.0,nr=2,\ chardev=serial0,id=serial0,name=serial0 (qemu) device_del serial0 (qemu) device_add virtserialport,bus=virtio-serial0.0,nr=2,\ chardev=serial0,id=serial0,name=serial0 kernel error: virtio-ports vport2p2: Error allocating inbufs qemu error: virtio-serial-bus: Guest failure in adding port 2 for device \ virtio-serial0.0 This happens because buffers for the in_vq are allocated when the port is added but are not released when the port is unplugged. They are only released when virtconsole is removed (see a7a69ec0d8e4) To avoid the problem and to be symmetric, we could allocate all the buffers in init_vqs() as they are released in remove_vqs(), but it sounds like a waste of memory. Rather than that, this patch changes add_port() logic to ignore ENOSPC error in fill_queue(), which means queue has already been filled. Fixes: a7a69ec0d8e4 ("virtio_console: free buffers after reset") Cc: mst(a)redhat.com Cc: stable(a)vger.kernel.org Signed-off-by: Laurent Vivier <lvivier(a)redhat.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c index 7270e7b69262..3259426f01dc 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c @@ -1325,24 +1325,24 @@ static void set_console_size(struct port *port, u16 rows, u16 cols) port->cons.ws.ws_col = cols; } -static unsigned int fill_queue(struct virtqueue *vq, spinlock_t *lock) +static int fill_queue(struct virtqueue *vq, spinlock_t *lock) { struct port_buffer *buf; - unsigned int nr_added_bufs; + int nr_added_bufs; int ret; nr_added_bufs = 0; do { buf = alloc_buf(vq->vdev, PAGE_SIZE, 0); if (!buf) - break; + return -ENOMEM; spin_lock_irq(lock); ret = add_inbuf(vq, buf); if (ret < 0) { spin_unlock_irq(lock); free_buf(buf, true); - break; + return ret; } nr_added_bufs++; spin_unlock_irq(lock); @@ -1362,7 +1362,6 @@ static int add_port(struct ports_device *portdev, u32 id) char debugfs_name[16]; struct port *port; dev_t devt; - unsigned int nr_added_bufs; int err; port = kmalloc(sizeof(*port), GFP_KERNEL); @@ -1421,11 +1420,13 @@ static int add_port(struct ports_device *portdev, u32 id) spin_lock_init(&port->outvq_lock); init_waitqueue_head(&port->waitqueue); - /* Fill the in_vq with buffers so the host can send us data. */ - nr_added_bufs = fill_queue(port->in_vq, &port->inbuf_lock); - if (!nr_added_bufs) { + /* We can safely ignore ENOSPC because it means + * the queue already has buffers. Buffers are removed + * only by virtcons_remove(), not by unplug_port() + */ + err = fill_queue(port->in_vq, &port->inbuf_lock); + if (err < 0 && err != -ENOSPC) { dev_err(port->dev, "Error allocating inbufs\n"); - err = -ENOMEM; goto free_device; } @@ -2059,14 +2060,11 @@ static int virtcons_probe(struct virtio_device *vdev) INIT_WORK(&portdev->control_work, &control_work_handler); if (multiport) { - unsigned int nr_added_bufs; - spin_lock_init(&portdev->c_ivq_lock); spin_lock_init(&portdev->c_ovq_lock); - nr_added_bufs = fill_queue(portdev->c_ivq, - &portdev->c_ivq_lock); - if (!nr_added_bufs) { + err = fill_queue(portdev->c_ivq, &portdev->c_ivq_lock); + if (err < 0) { dev_err(&vdev->dev, "Error allocating buffers for control queue\n"); /* @@ -2077,7 +2075,7 @@ static int virtcons_probe(struct virtio_device *vdev) VIRTIO_CONSOLE_DEVICE_READY, 0); /* Device was functional: we need full cleanup. */ virtcons_remove(vdev); - return -ENOMEM; + return err; } } else { /*

5 years, 11 months

1
0
0 0

Please backport 6dbd3e66e778 vhost/vsock: split packets to send using multiple buffers

by Stefano Garzarella

Hi, with Michael, we realized that this patch merged upstream solves an issue in the device emulation in the vhost-vsock module. Before this patch, the emulation did not meet the VIRTIO vsock specification, assuming that the buffer in the RX virtqueue was always 4 KB, without checking the actual size. Please, backport the following patch to fix this issue: commit 6dbd3e66e7785a2f055bf84d98de9b8fd31ff3f5 Author: Stefano Garzarella <sgarzare(a)redhat.com> Date: Tue Jul 30 17:43:33 2019 +0200 vhost/vsock: split packets to send using multiple buffers If the packets to sent to the guest are bigger than the buffer available, we can split them, using multiple buffers and fixing the length in the packet header. This is safe since virtio-vsock supports only stream sockets. Signed-off-by: Stefano Garzarella <sgarzare(a)redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha(a)redhat.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> The commit applies and builds against 4.14, 4.19, and 5.3 Thanks, Stefano

5 years, 11 months

2
1
0 0

FAILED: patch "[PATCH] KVM: X86: Fix initialization of MSR lists" failed to apply to 5.3-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.3-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7a5ee6edb42e0bb487954806d34877995b6b8d59 Mon Sep 17 00:00:00 2001 From: Chenyi Qiang <chenyi.qiang(a)intel.com> Date: Wed, 6 Nov 2019 14:35:20 +0800 Subject: [PATCH] KVM: X86: Fix initialization of MSR lists The three MSR lists(msrs_to_save[], emulated_msrs[] and msr_based_features[]) are global arrays of kvm.ko, which are adjusted (copy supported MSRs forward to override the unsupported MSRs) when insmod kvm-{intel,amd}.ko, but it doesn't reset these three arrays to their initial value when rmmod kvm-{intel,amd}.ko. Thus, at the next installation, kvm-{intel,amd}.ko will do operations on the modified arrays with some MSRs lost and some MSRs duplicated. So define three constant arrays to hold the initial MSR lists and initialize msrs_to_save[], emulated_msrs[] and msr_based_features[] based on the constant arrays. Cc: stable(a)vger.kernel.org Reviewed-by: Xiaoyao Li <xiaoyao.li(a)intel.com> Signed-off-by: Chenyi Qiang <chenyi.qiang(a)intel.com> [Remove now useless conditionals. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index ff395f812719..8c8a5e20ea06 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1132,13 +1132,15 @@ EXPORT_SYMBOL_GPL(kvm_rdpmc); * List of msr numbers which we expose to userspace through KVM_GET_MSRS * and KVM_SET_MSRS, and KVM_GET_MSR_INDEX_LIST. * - * This list is modified at module load time to reflect the + * The three MSR lists(msrs_to_save, emulated_msrs, msr_based_features) + * extract the supported MSRs from the related const lists. + * msrs_to_save is selected from the msrs_to_save_all to reflect the * capabilities of the host cpu. This capabilities test skips MSRs that are - * kvm-specific. Those are put in emulated_msrs; filtering of emulated_msrs + * kvm-specific. Those are put in emulated_msrs_all; filtering of emulated_msrs * may depend on host virtualization features rather than host cpu features. */ -static u32 msrs_to_save[] = { +static const u32 msrs_to_save_all[] = { MSR_IA32_SYSENTER_CS, MSR_IA32_SYSENTER_ESP, MSR_IA32_SYSENTER_EIP, MSR_STAR, #ifdef CONFIG_X86_64 @@ -1179,9 +1181,10 @@ static u32 msrs_to_save[] = { MSR_ARCH_PERFMON_EVENTSEL0 + 16, MSR_ARCH_PERFMON_EVENTSEL0 + 17, }; +static u32 msrs_to_save[ARRAY_SIZE(msrs_to_save_all)]; static unsigned num_msrs_to_save; -static u32 emulated_msrs[] = { +static const u32 emulated_msrs_all[] = { MSR_KVM_SYSTEM_TIME, MSR_KVM_WALL_CLOCK, MSR_KVM_SYSTEM_TIME_NEW, MSR_KVM_WALL_CLOCK_NEW, HV_X64_MSR_GUEST_OS_ID, HV_X64_MSR_HYPERCALL, @@ -1220,7 +1223,7 @@ static u32 emulated_msrs[] = { * by arch/x86/kvm/vmx/nested.c based on CPUID or other MSRs. * We always support the "true" VMX control MSRs, even if the host * processor does not, so I am putting these registers here rather - * than in msrs_to_save. + * than in msrs_to_save_all. */ MSR_IA32_VMX_BASIC, MSR_IA32_VMX_TRUE_PINBASED_CTLS, @@ -1239,13 +1242,14 @@ static u32 emulated_msrs[] = { MSR_KVM_POLL_CONTROL, }; +static u32 emulated_msrs[ARRAY_SIZE(emulated_msrs_all)]; static unsigned num_emulated_msrs; /* * List of msr numbers which are used to expose MSR-based features that * can be used by a hypervisor to validate requested CPU features. */ -static u32 msr_based_features[] = { +static const u32 msr_based_features_all[] = { MSR_IA32_VMX_BASIC, MSR_IA32_VMX_TRUE_PINBASED_CTLS, MSR_IA32_VMX_PINBASED_CTLS, @@ -1270,6 +1274,7 @@ static u32 msr_based_features[] = { MSR_IA32_ARCH_CAPABILITIES, }; +static u32 msr_based_features[ARRAY_SIZE(msr_based_features_all)]; static unsigned int num_msr_based_features; static u64 kvm_get_arch_capabilities(void) @@ -5090,22 +5095,22 @@ static void kvm_init_msr_list(void) { struct x86_pmu_capability x86_pmu; u32 dummy[2]; - unsigned i, j; + unsigned i; BUILD_BUG_ON_MSG(INTEL_PMC_MAX_FIXED != 4, - "Please update the fixed PMCs in msrs_to_save[]"); + "Please update the fixed PMCs in msrs_to_saved_all[]"); perf_get_x86_pmu_capability(&x86_pmu); - for (i = j = 0; i < ARRAY_SIZE(msrs_to_save); i++) { - if (rdmsr_safe(msrs_to_save[i], &dummy[0], &dummy[1]) < 0) + for (i = 0; i < ARRAY_SIZE(msrs_to_save_all); i++) { + if (rdmsr_safe(msrs_to_save_all[i], &dummy[0], &dummy[1]) < 0) continue; /* * Even MSRs that are valid in the host may not be exposed * to the guests in some cases. */ - switch (msrs_to_save[i]) { + switch (msrs_to_save_all[i]) { case MSR_IA32_BNDCFGS: if (!kvm_mpx_supported()) continue; @@ -5133,17 +5138,17 @@ static void kvm_init_msr_list(void) break; case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B: { if (!kvm_x86_ops->pt_supported() || - msrs_to_save[i] - MSR_IA32_RTIT_ADDR0_A >= + msrs_to_save_all[i] - MSR_IA32_RTIT_ADDR0_A >= intel_pt_validate_hw_cap(PT_CAP_num_address_ranges) * 2) continue; break; case MSR_ARCH_PERFMON_PERFCTR0 ... MSR_ARCH_PERFMON_PERFCTR0 + 17: - if (msrs_to_save[i] - MSR_ARCH_PERFMON_PERFCTR0 >= + if (msrs_to_save_all[i] - MSR_ARCH_PERFMON_PERFCTR0 >= min(INTEL_PMC_MAX_GENERIC, x86_pmu.num_counters_gp)) continue; break; case MSR_ARCH_PERFMON_EVENTSEL0 ... MSR_ARCH_PERFMON_EVENTSEL0 + 17: - if (msrs_to_save[i] - MSR_ARCH_PERFMON_EVENTSEL0 >= + if (msrs_to_save_all[i] - MSR_ARCH_PERFMON_EVENTSEL0 >= min(INTEL_PMC_MAX_GENERIC, x86_pmu.num_counters_gp)) continue; } @@ -5151,34 +5156,25 @@ static void kvm_init_msr_list(void) break; } - if (j < i) - msrs_to_save[j] = msrs_to_save[i]; - j++; + msrs_to_save[num_msrs_to_save++] = msrs_to_save_all[i]; } - num_msrs_to_save = j; - for (i = j = 0; i < ARRAY_SIZE(emulated_msrs); i++) { - if (!kvm_x86_ops->has_emulated_msr(emulated_msrs[i])) + for (i = 0; i < ARRAY_SIZE(emulated_msrs_all); i++) { + if (!kvm_x86_ops->has_emulated_msr(emulated_msrs_all[i])) continue; - if (j < i) - emulated_msrs[j] = emulated_msrs[i]; - j++; + emulated_msrs[num_emulated_msrs++] = emulated_msrs_all[i]; } - num_emulated_msrs = j; - for (i = j = 0; i < ARRAY_SIZE(msr_based_features); i++) { + for (i = 0; i < ARRAY_SIZE(msr_based_features_all); i++) { struct kvm_msr_entry msr; - msr.index = msr_based_features[i]; + msr.index = msr_based_features_all[i]; if (kvm_get_msr_feature(&msr)) continue; - if (j < i) - msr_based_features[j] = msr_based_features[i]; - j++; + msr_based_features[num_msr_based_features++] = msr_based_features_all[i]; } - num_msr_based_features = j; } static int vcpu_mmio_write(struct kvm_vcpu *vcpu, gpa_t addr, int len,

5 years, 11 months

2
1
0 0

Linux 4.4.203

by Greg KH

I'm announcing the release of the 4.4.203 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/misc-devices/mei/mei-amt-version.c | 2 Makefile | 2 arch/arm/boot/compressed/libfdt_env.h | 2 arch/arm/boot/dts/am335x-evm.dts | 12 arch/arm/boot/dts/at91sam9g45.dtsi | 2 arch/arm/boot/dts/exynos5250-snow-rev5.dts | 11 arch/arm/boot/dts/omap3-gta04.dtsi | 21 arch/arm/boot/dts/pxa27x.dtsi | 2 arch/arm/boot/dts/socfpga_cyclone5_de0_sockit.dts | 2 arch/arm/boot/dts/ste-dbx5x0.dtsi | 6 arch/arm/boot/dts/ste-href-family-pinctrl.dtsi | 8 arch/arm/boot/dts/ste-hrefprev60.dtsi | 2 arch/arm/boot/dts/ste-snowball.dts | 2 arch/arm/boot/dts/ste-u300.dts | 2 arch/arm/boot/dts/tegra30-apalis.dtsi | 6 arch/arm/boot/dts/tegra30.dtsi | 6 arch/arm/kernel/entry-common.S | 9 arch/arm/mach-imx/pm-imx6.c | 25 arch/arm64/boot/dts/amd/amd-seattle-soc.dtsi | 4 arch/arm64/lib/clear_user.S | 2 arch/arm64/lib/copy_from_user.S | 2 arch/arm64/lib/copy_in_user.S | 2 arch/arm64/lib/copy_to_user.S | 2 arch/mips/bcm47xx/workarounds.c | 8 arch/mips/include/asm/kexec.h | 6 arch/mips/txx9/generic/setup.c | 5 arch/powerpc/boot/libfdt_env.h | 2 arch/powerpc/kernel/iommu.c | 2 arch/powerpc/kernel/rtas.c | 2 arch/powerpc/kernel/vdso32/datapage.S | 1 arch/powerpc/kernel/vdso32/gettimeofday.S | 1 arch/powerpc/kernel/vdso64/datapage.S | 1 arch/powerpc/kernel/vdso64/gettimeofday.S | 1 arch/powerpc/kvm/book3s.c | 3 arch/powerpc/mm/slb.c | 2 arch/powerpc/platforms/pseries/dtl.c | 4 arch/x86/Kconfig | 3 arch/x86/include/asm/atomic.h | 8 arch/x86/include/asm/atomic64_64.h | 8 arch/x86/include/asm/barrier.h | 4 arch/x86/include/asm/insn.h | 18 arch/x86/include/asm/kexec.h | 2 arch/x86/kernel/cpu/cyrix.c | 2 arch/x86/kernel/kprobes/core.c | 4 arch/x86/kernel/uprobes.c | 6 drivers/acpi/osl.c | 1 drivers/acpi/pci_root.c | 5 drivers/acpi/sbshc.c | 2 drivers/ata/libata-scsi.c | 21 drivers/ata/pata_ep93xx.c | 8 drivers/bluetooth/hci_ldisc.c | 10 drivers/bluetooth/hci_uart.h | 1 drivers/crypto/mxs-dcp.c | 80 - drivers/dma/dma-jz4780.c | 2 drivers/dma/ioat/init.c | 7 drivers/dma/timb_dma.c | 2 drivers/gpio/gpio-syscon.c | 2 drivers/hwmon/pwm-fan.c | 8 drivers/iio/dac/mcp4922.c | 11 drivers/infiniband/hw/mthca/mthca_main.c | 3 drivers/input/ff-memless.c | 9 drivers/input/touchscreen/st1232.c | 1 drivers/md/bcache/super.c | 1 drivers/media/pci/ivtv/ivtv-yuv.c | 2 drivers/media/pci/meye/meye.c | 2 drivers/media/platform/davinci/isif.c | 3 drivers/media/platform/davinci/vpbe_display.c | 2 drivers/media/usb/cx231xx/cx231xx-video.c | 2 drivers/misc/genwqe/card_utils.c | 13 drivers/misc/kgdbts.c | 16 drivers/mmc/host/sdhci-of-at91.c | 2 drivers/mtd/maps/physmap_of.c | 27 drivers/mtd/nand/sh_flctl.c | 4 drivers/net/can/slcan.c | 1 drivers/net/ethernet/amd/am79c961a.c | 2 drivers/net/ethernet/amd/atarilance.c | 6 drivers/net/ethernet/amd/declance.c | 2 drivers/net/ethernet/amd/sun3lance.c | 6 drivers/net/ethernet/amd/sunlance.c | 2 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 4 drivers/net/ethernet/broadcom/bcm63xx_enet.c | 5 drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 10 drivers/net/ethernet/broadcom/sb1250-mac.c | 4 drivers/net/ethernet/chelsio/cxgb4/cxgb4_dcb.c | 4 drivers/net/ethernet/chelsio/cxgb4/cxgb4_dcb.h | 2 drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 2 drivers/net/ethernet/intel/i40e/i40e_main.c | 8 drivers/net/ethernet/intel/i40e/i40e_ptp.c | 3 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 10 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 10 drivers/net/ethernet/micrel/ks8695net.c | 2 drivers/net/ethernet/micrel/ks8851_mll.c | 4 drivers/net/ethernet/smsc/smc911x.c | 3 drivers/net/ethernet/smsc/smc91x.c | 3 drivers/net/ethernet/smsc/smsc911x.c | 3 drivers/net/ethernet/toshiba/ps3_gelic_net.c | 4 drivers/net/ethernet/toshiba/ps3_gelic_net.h | 2 drivers/net/ethernet/toshiba/spider_net.c | 4 drivers/net/ethernet/toshiba/tc35815.c | 6 drivers/net/ethernet/xilinx/ll_temac_main.c | 3 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 3 drivers/net/ethernet/xilinx/xilinx_emaclite.c | 9 drivers/net/slip/slip.c | 1 drivers/net/usb/ax88172a.c | 2 drivers/net/usb/cdc_ncm.c | 2 drivers/net/usb/lan78xx.c | 5 drivers/net/wireless/ath/ath10k/core.h | 1 drivers/net/wireless/ath/ath10k/mac.c | 2 drivers/net/wireless/ath/ath10k/wmi.c | 22 drivers/net/wireless/ath/ath10k/wmi.h | 8 drivers/net/wireless/ath/ath9k/common-spectral.c | 2 drivers/net/wireless/brcm80211/brcmfmac/p2p.c | 17 drivers/net/wireless/brcm80211/brcmfmac/p2p.h | 2 drivers/net/wireless/realtek/rtl818x/rtl8187/leds.c | 2 drivers/nvmem/core.c | 2 drivers/of/base.c | 2 drivers/pinctrl/pinctrl-at91-pio4.c | 8 drivers/pinctrl/pinctrl-at91.c | 28 drivers/power/ab8500_fg.c | 31 drivers/power/max8998_charger.c | 2 drivers/power/twl4030_charger.c | 30 drivers/s390/net/qeth_l2_main.c | 3 drivers/s390/net/qeth_l3_main.c | 3 drivers/scsi/libsas/sas_expander.c | 13 drivers/scsi/pm8001/pm8001_hwi.c | 6 drivers/scsi/pm8001/pm8001_sas.c | 9 drivers/scsi/pm8001/pm8001_sas.h | 1 drivers/scsi/pm8001/pm80xx_hwi.c | 80 - drivers/scsi/pm8001/pm80xx_hwi.h | 3 drivers/scsi/sym53c8xx_2/sym_hipd.c | 15 drivers/spi/spi-rockchip.c | 3 drivers/spi/spidev.c | 8 drivers/tty/serial/mxs-auart.c | 3 drivers/usb/chipidea/otg.c | 9 drivers/usb/gadget/function/uvc_configfs.c | 7 drivers/usb/gadget/function/uvc_video.c | 32 drivers/usb/gadget/udc/fotg210-udc.c | 2 drivers/usb/serial/cypress_m8.c | 2 drivers/vfio/pci/vfio_pci_config.c | 4 drivers/video/backlight/lm3639_bl.c | 6 drivers/video/fbdev/Kconfig | 10 drivers/video/fbdev/Makefile | 1 drivers/video/fbdev/core/fbmon.c | 95 - drivers/video/fbdev/core/modedb.c | 57 drivers/video/fbdev/sbuslib.c | 28 drivers/video/fbdev/sh_mobile_hdmi.c | 1489 -------------------- fs/ecryptfs/inode.c | 19 fs/f2fs/gc.c | 2 fs/fuse/control.c | 4 fs/gfs2/rgrp.c | 2 fs/gfs2/super.c | 2 fs/kernfs/symlink.c | 5 fs/nfs/delegation.c | 6 fs/proc/vmcore.c | 10 include/linux/blkdev.h | 16 include/linux/cpufeature.h | 2 include/linux/edac.h | 3 include/linux/fb.h | 3 include/linux/intel-iommu.h | 6 include/linux/libfdt_env.h | 1 include/linux/platform_data/dma-ep93xx.h | 2 include/linux/sunrpc/sched.h | 2 include/net/llc.h | 1 include/video/sh_mobile_hdmi.h | 49 kernel/events/uprobes.c | 4 kernel/kprobes.c | 8 kernel/printk/printk.c | 18 kernel/signal.c | 4 mm/hugetlb_cgroup.c | 2 mm/memcontrol.c | 2 mm/shmem.c | 2 net/bluetooth/l2cap_core.c | 10 net/llc/llc_core.c | 4 net/mac80211/rc80211_minstrel_ht.c | 2 net/openvswitch/vport-internal_dev.c | 5 net/sunrpc/sched.c | 109 - net/wireless/nl80211.c | 2 security/apparmor/apparmorfs.c | 2 security/apparmor/audit.c | 3 security/apparmor/file.c | 3 security/apparmor/include/policy.h | 2 security/apparmor/lsm.c | 22 security/apparmor/policy.c | 18 sound/core/oss/pcm_plugin.c | 4 sound/core/seq/seq_system.c | 18 sound/pci/hda/patch_sigmatel.c | 20 sound/pci/intel8x0m.c | 20 sound/soc/codecs/sgtl5000.c | 2 sound/soc/soc-pcm.c | 2 sound/usb/endpoint.c | 3 sound/usb/mixer.c | 4 191 files changed, 949 insertions(+), 2140 deletions(-) Al Viro (2): ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either Alan Modra (1): powerpc/vdso: Correct call frame information Andreas Kemnade (2): power: supply: twl4030_charger: fix charging current out-of-bounds power: supply: twl4030_charger: disable eoc interrupt on linear charge Andrew Zaborowski (1): nl80211: Fix a GET_KEY reply attribute Anton Vasilyev (1): serial: mxs-auart: Fix potential infinite loop Ben Greear (1): ath10k: fix vdev-start timeout on error Bernd Edlinger (1): kernfs: Fix range checks in kernfs_get_target_path Bjorn Helgaas (1): x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error Bob Peterson (1): gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated Borislav Petkov (2): x86/olpc: Fix build error with CONFIG_MFD_CS5535=m proc/vmcore: Fix i386 build error of missing copy_oldmem_page_encrypted() Breno Leitao (1): powerpc/iommu: Avoid derefence before pointer check Cameron Kaiser (1): KVM: PPC: Book3S PR: Exiting split hack mode needs to fixup both PC and LR Charles Keepax (1): ASoC: dpcm: Properly initialise hw->rate_max Christoph Hellwig (1): block: introduce blk_rq_is_passthrough Chung-Hsien Hsu (1): brcmfmac: fix full timeout waiting for action frame on-channel tx Colin Ian King (2): ASoC: sgtl5000: avoid division by zero if lo_vag is zero media: cx231xx: fix potential sign-extension overflow on large shift Cong Wang (1): llc: avoid blocking in llc_sap_close() Dan Carpenter (7): ALSA: pcm: signedness bug in snd_pcm_plug_alloc() pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() power: supply: ab8500_fg: silence uninitialized variable warnings net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() mei: samples: fix a signedness bug in amt_host_if_call() fbdev: sbuslib: use checked version of put_user() fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() Daniel Silsby (1): dmaengine: dma-jz4780: Further residue status fix Daniel Vetter (1): fbdev: Ditch fb_edid_add_monspecs Deepak Ukey (2): scsi: pm80xx: Corrected dma_unmap_sg() parameter scsi: pm80xx: Fixed system hang issue during kexec boot Dengcheng Zhu (1): MIPS: kexec: Relax memory restriction Ding Xiang (1): mips: txx9: fix iounmap related issue Dinh Nguyen (1): ARM: dts: socfpga: Fix I2C bus unit-address error Eric Auger (1): iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros Eric W. Biederman (3): signal: Always ignore SIGKILL and SIGSTOP sent to the global init signal: Properly deliver SIGILL from uprobes signal: Properly deliver SIGSEGV from x86 uprobes Erik Stromdahl (1): ath10k: wmi: disable softirq's while calling ieee80211_rx Eugen Hristev (1): mmc: sdhci-of-at91: fix quirk2 overwrite Felix Fietkau (1): mac80211: minstrel: fix CCK rate group streams value Ganesh Goudar (1): cxgb4: Fix endianness issue in t4_fwcache() Geert Uytterhoeven (2): ARM: dts: ux500: Correct SCU unit address fbdev: Remove unused SH-Mobile HDMI driver George Kennedy (1): scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() Greg Kroah-Hartman (1): Linux 4.4.203 Grygorii Strashko (1): ARM: dts: am335x-evm: fix number of cpsw H. Nikolaus Schaller (4): ARM: dts: omap3-gta04: give spi_lcd node a label so that we can overwrite in other DTS files ARM: dts: omap3-gta04: tvout: enable as display1 alias ARM: dts: omap3-gta04: make NAND partitions compatible with recent U-Boot ARM: dts: omap3-gta04: keep vpll2 always on He Zhe (1): printk: Give error on attempt to set log buffer length to over 2G Henry Lin (1): ALSA: usb-audio: not submit urb for stopped endpoint Huibin Hong (1): spi: rockchip: initialize dma_slave_config properly Jaegeuk Kim (1): f2fs: return correct errno in f2fs_gc Jason Yan (1): scsi: libsas: always unregister the old device if going to discover new Jay Foster (1): ARM: dts: at91/trivial: Fix USART1 definition for at91sam9g45 Jens Axboe (1): libata: have ata_scsi_rw_xlat() fail invalid passthrough requests Jia-Ju Bai (2): media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() Joel Pepper (1): usb: gadget: uvc: configfs: Prevent format changes after linking header Johan Hovold (1): USB: serial: cypress_m8: fix interrupt-out transfer length John Johansen (3): apparmor: fix uninitialized lsm_audit member apparmor: fix update the mtime of the profile file on replacement apparmor: fix module parameters can be changed after policy is locked Jouni Hogander (2): slip: Fix memory leak in slip_open error path slcan: Fix memory leak in error path Julian Wiedmann (1): s390/qeth: invoke softirqs after napi_schedule() Justin Ernst (1): EDAC: Raise the maximum number of memory controllers Kefeng Wang (1): Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() Kirill Tkhai (1): fuse: use READ_ONCE on congestion_threshold and max_background Lao Wei (1): media: fix: media: pci: meye: validate offset to avoid arbitrary access Larry Finger (1): rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument Laura Abbott (1): misc: kgdbts: Fix restrict error Laurent Pinchart (3): usb: gadget: uvc: configfs: Drop leaked references to config items usb: gadget: uvc: Factor out video USB request queueing usb: gadget: uvc: Only halt video streaming endpoint in bulk mode Li Qiang (1): vfio/pci: Fix potential memory leak in vfio_msi_cap_len Linus Walleij (1): ARM: dts: ux500: Fix LCDA clock line muxing Loic Poulain (2): usb: chipidea: Fix otg event handler Bluetooth: hci_ldisc: Fix null pointer derefence in case of early data Ludovic Desroches (1): pinctrl: at91: don't use the same irqchip with multiple gpiochips Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS Marcel Ziswiler (3): ARM: dts: pxa: fix power i2c base address ARM: dts: tegra30: fix xcvr-setup-use-fuses ARM: tegra: apalis_t30: fix mmc1 cmd pull-up Marcus Folkesson (1): iio: dac: mcp4922: fix error handling in mcp4922_write_raw Marek Szyprowski (1): ARM: dts: exynos: Fix sound in Snow-rev5 Chromebook Marek Vasut (1): gpio: syscon: Fix possible NULL ptr usage Martin Kepplinger (1): Input: st1232 - set INPUT_PROP_DIRECT property Masami Hiramatsu (3): kprobes: Don't call BUG_ON() if there is a kprobe in use on free list kprobes/x86: Prohibit probing on exception masking instructions uprobes/x86: Prohibit probing on MOV SS instruction Matthew Whitehead (1): x86/CPU: Use correct macros for Cyrix calls Michael Pobega (1): ALSA: hda/sigmatel - Disable automute for Elo VuPoint Mitch Williams (1): i40e: use correct length for strncpy Nathan Chancellor (8): media: davinci: Fix implicit enum conversion warning dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction dmaengine: timb_dma: Use proper enum in td_prep_slave_sg cxgb4: Use proper enum in cxgb4_dcb_handle_fw_update cxgb4: Use proper enum in IEEE_FAUX_SYNC mtd: rawnand: sh_flctl: Use proper enum for flctl_dma_fifo0_transfer ata: ep93xx: Use proper enums for directions backlight: lm3639: Unconditionally call led_classdev_unregister Nathan Fontenot (1): powerpc/pseries: Disable CPU hotplug across migrations Naveen N. Rao (2): powerpc/pseries: Fix DTL buffer registration powerpc/pseries: Fix how we iterate over the DTL entries Nicholas Piggin (1): powerpc/64s/hash: Fix stab_rr off by one initialization Oleksij Rempel (1): ARM: imx6: register pm_power_off handler if "fsl,pmic-stby-poweroff" is set Olga Kornievskaia (1): NFSv4.x: fix lock recovery during delegation recall Oliver Neukum (2): ax88172a: fix information leak on short answers Input: ff-memless - kill timer in destroy() Patryk Małek (2): i40e: hold the rtnl lock on clearing interrupt scheme i40e: Prevent deleting MAC address from VF when set by PF Pavel Tatashin (1): arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess fault Peter Zijlstra (1): x86/atomic: Fix smp_mb__{before,after}_atomic() Radoslaw Tyl (1): ixgbe: Fix crash with VFs and flow director on interface flap Radu Solea (2): crypto: mxs-dcp - Fix SHA null hashes and output length crypto: mxs-dcp - Fix AES issues Rami Rosen (1): dmaengine: ioat: fix prototype of ioat_enumerate_channels Ricardo Ribalda Delgado (1): mtd: physmap_of: Release resources on error Rob Herring (4): of: make PowerMac cache node search conditional on CONFIG_PPC_PMAC libfdt: Ensure INT_MAX is defined in libfdt_env.h ARM: dts: ste: Fix SPI controller node names arm64: dts: amd: Fix SPI bus warnings Roman Gushchin (2): mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() Ronald Tschalär (1): ACPI / SBS: Fix rare oops when removing modules Shahed Shaikh (1): bnx2x: Ignore bandwidth attention in single function mode Shenghui Wang (1): bcache: recal cached_dev_sectors on detach Simon Wunderlich (1): ath9k: fix reporting calculated new FFT upper max Sinan Kaya (1): PCI/ACPI: Correct error message for ASPM disabling Srinivas Kandagatla (1): nvmem: core: return error code instead of NULL from nvmem_device_get Stefan Agner (1): cpufeature: avoid warning when compiling with clang Stefan Wahren (1): net: lan78xx: Bail out if lan78xx_get_endpoints fails Takashi Iwai (3): ALSA: usb-audio: Fix missing error check at mixer resolution test ALSA: seq: Do error checks at creating system ports ALSA: intel8x0m: Register irq handler after register initializations Thierry Reding (1): hwmon: (pwm-fan) Silence error on probe deferral Tim Smith (1): GFS2: Flush the GFS2 delete workqueue before stopping the kernel threads Timothy E Baldwin (1): ARM: 8802/1: Call syscall_trace_exit even when system call skipped Tomasz Figa (1): power: supply: max8998-charger: Fix platform data retrieval Trent Piepho (1): spi: spidev: Fix OF tree warning logic Trond Myklebust (1): SUNRPC: Fix priority queue fairness Tuomas Tynkkynen (1): MIPS: BCM47XX: Enable USB power on Netgear WNDR3400v3 Wei Yongjun (1): IB/mthca: Fix error return code in __mthca_init_one() Wenwen Wang (1): media: isif: fix a NULL pointer dereference bug YueHaibing (7): net: toshiba: fix return type of ndo_start_xmit function net: xilinx: fix return type of ndo_start_xmit function net: broadcom: fix return type of ndo_start_xmit function net: amd: fix return type of ndo_start_xmit function net: micrel: fix return type of ndo_start_xmit function net: smsc: fix return type of ndo_start_xmit function net: ovs: fix return type of ndo_start_xmit function zhong jiang (2): misc: genwqe: should return proper error value. memfd: Use radix_tree_deref_slot_protected to avoid the warning.

5 years, 11 months

1
1
0 0

[PATCH v2 6/7] cifs: Fix retrieval of DFS referrals in cifs_mount()

by Paulo Alcantara (SUSE)

Make sure that DFS referrals are sent to newly resolved root targets as in a multi tier DFS setup. Signed-off-by: Paulo Alcantara (SUSE) <pc(a)cjr.nz> Link: https://lkml.kernel.org/r/05aa2995-e85e-0ff4-d003-5bb08bd17a22@canonical.com Cc: stable(a)vger.kernel.org Tested-by: Matthew Ruffell <matthew.ruffell(a)canonical.com> --- fs/cifs/connect.c | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 668d477cc9c7..86d98d73749d 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -4776,6 +4776,17 @@ static int is_path_remote(struct cifs_sb_info *cifs_sb, struct smb_vol *vol, } #ifdef CONFIG_CIFS_DFS_UPCALL +static inline void set_root_tcon(struct cifs_sb_info *cifs_sb, + struct cifs_tcon *tcon, + struct cifs_tcon **root) +{ + spin_lock(&cifs_tcp_ses_lock); + tcon->tc_count++; + tcon->remap = cifs_remap(cifs_sb); + spin_unlock(&cifs_tcp_ses_lock); + *root = tcon; +} + int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb_vol *vol) { int rc = 0; @@ -4877,18 +4888,10 @@ int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb_vol *vol) /* Cache out resolved root server */ (void)dfs_cache_find(xid, ses, cifs_sb->local_nls, cifs_remap(cifs_sb), root_path + 1, NULL, NULL); - /* - * Save root tcon for additional DFS requests to update or create a new - * DFS cache entry, or even perform DFS failover. - */ - spin_lock(&cifs_tcp_ses_lock); - tcon->tc_count++; - tcon->dfs_path = root_path; + kfree(root_path); root_path = NULL; - tcon->remap = cifs_remap(cifs_sb); - spin_unlock(&cifs_tcp_ses_lock); - root_tcon = tcon; + set_root_tcon(cifs_sb, tcon, &root_tcon); for (count = 1; ;) { if (!rc && tcon) { @@ -4925,6 +4928,15 @@ int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb_vol *vol) mount_put_conns(cifs_sb, xid, server, ses, tcon); rc = mount_get_conns(vol, cifs_sb, &xid, &server, &ses, &tcon); + /* + * Ensure that DFS referrals go through new root server. + */ + if (!rc && tcon && + (tcon->share_flags & (SHI1005_FLAGS_DFS | + SHI1005_FLAGS_DFS_ROOT))) { + cifs_put_tcon(root_tcon); + set_root_tcon(cifs_sb, tcon, &root_tcon); + } } if (rc) { if (rc == -EACCES || rc == -EOPNOTSUPP) -- 2.24.0

5 years, 11 months

1
0
0 0

[PATCH v3 05/13] scsi: qla2xxx: Change discovery state before PLOGI

by Roman Bolshakov

When a port sends PLOGI, discovery state should be changed to login pending, otherwise RELOGIN_NEEDED bit is set in qla24xx_handle_plogi_done_event(). RELOGIN_NEEDED triggers another PLOGI, and it never goes out of the loop until login timer expires. Fixes: 8777e4314d397 ("scsi: qla2xxx: Migrate NVME N2N handling into state machine") Fixes: 8b5292bcfcacf ("scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag") Cc: Quinn Tran <qutran(a)marvell.com> Cc: stable(a)vger.kernel.org Acked-by: Himanshu Madhani <hmadhani(a)marvell.com> Reviewed-by: Hannes Reinecke <hare(a)suse.de> Tested-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Roman Bolshakov <r.bolshakov(a)yadro.com> --- drivers/scsi/qla2xxx/qla_init.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c index 4f3da968163e..fcb309be50d9 100644 --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -533,6 +533,7 @@ static int qla_post_els_plogi_work(struct scsi_qla_host *vha, fc_port_t *fcport) e->u.fcport.fcport = fcport; fcport->flags |= FCF_ASYNC_ACTIVE; + fcport->disc_state = DSC_LOGIN_PEND; return qla2x00_post_work(vha, e); } -- 2.24.0

5 years, 11 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror