- Linux-stable-mirror - lists.linaro.org

[merged] mm-slub-really-fix-slab-walking-for-init_on_free.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: slub: really fix slab walking for init_on_free has been removed from the -mm tree. Its filename was mm-slub-really-fix-slab-walking-for-init_on_free.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Laura Abbott <labbott(a)redhat.com> Subject: mm: slub: really fix slab walking for init_on_free Commit 1b7e816fc80e ("mm: slub: Fix slab walking for init_on_free") fixed one problem with the slab walking but missed a key detail: When walking the list, the head and tail pointers need to be updated since we end up reversing the list as a result. Without doing this, bulk free is broken. One way this is exposed is a NULL pointer with slub_debug=F: ============================================================================= BUG skbuff_head_cache (Tainted: G T): Object already free ----------------------------------------------------------------------------- INFO: Slab 0x000000000d2d2f8f objects=16 used=3 fp=0x0000000064309071 flags=0x3fff00000000201 BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B T 5.3.8 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:print_trailer+0x70/0x1d5 Code: 28 4d 8b 4d 00 4d 8b 45 20 81 e2 ff 7f 00 00 e8 86 ce ef ff 8b 4b 20 48 89 ea 48 89 ee 4c 29 e2 48 c7 c7 90 6f d4 89 48 01 e9 <48> 33 09 48 33 8b 70 01 00 00 e8 61 ce ef ff f6 43 09 04 74 35 8b RSP: 0018:ffffbf7680003d58 EFLAGS: 00010046 RAX: 000000000000005d RBX: ffffa3d2bb08e540 RCX: 0000000000000000 RDX: 00005c2d8fdc2000 RSI: 0000000000000000 RDI: ffffffff89d46f90 RBP: 0000000000000000 R08: 0000000000000242 R09: 000000000000006c R10: 0000000000000000 R11: 0000000000000030 R12: ffffa3d27023e000 R13: fffff11080c08f80 R14: ffffa3d2bb047a80 R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffffa3d2be400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000007a6c4000 CR4: 00000000000006f0 Call Trace: <IRQ> free_debug_processing.cold.37+0xc9/0x149 ? __kfree_skb_flush+0x30/0x40 ? __kfree_skb_flush+0x30/0x40 __slab_free+0x22a/0x3d0 ? tcp_wfree+0x2a/0x140 ? __sock_wfree+0x1b/0x30 kmem_cache_free_bulk+0x415/0x420 ? __kfree_skb_flush+0x30/0x40 __kfree_skb_flush+0x30/0x40 net_rx_action+0x2dd/0x480 __do_softirq+0xf0/0x246 irq_exit+0x93/0xb0 do_IRQ+0xa0/0x110 common_interrupt+0xf/0xf </IRQ> Given we're now almost identical to the existing debugging code which correctly walks the list, combine with that. Link: https://lkml.kernel.org/r/20191104170303.GA50361@gandi.net Link: http://lkml.kernel.org/r/20191106222208.26815-1-labbott@redhat.com Fixes: 1b7e816fc80e ("mm: slub: Fix slab walking for init_on_free") Signed-off-by: Laura Abbott <labbott(a)redhat.com> Reported-by: Thibaut Sautereau <thibaut.sautereau(a)clip-os.org> Acked-by: David Rientjes <rientjes(a)google.com> Tested-by: Alexander Potapenko <glider(a)google.com> Acked-by: Alexander Potapenko <glider(a)google.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <clipos(a)ssi.gouv.fr> Cc: Christoph Lameter <cl(a)linux.com> Cc: Pekka Enberg <penberg(a)kernel.org> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/slub.c | 39 +++++++++------------------------------ 1 file changed, 9 insertions(+), 30 deletions(-) --- a/mm/slub.c~mm-slub-really-fix-slab-walking-for-init_on_free +++ a/mm/slub.c @@ -1433,12 +1433,15 @@ static inline bool slab_free_freelist_ho void *old_tail = *tail ? *tail : *head; int rsize; - if (slab_want_init_on_free(s)) { - void *p = NULL; + /* Head and tail of the reconstructed freelist */ + *head = NULL; + *tail = NULL; + + do { + object = next; + next = get_freepointer(s, object); - do { - object = next; - next = get_freepointer(s, object); + if (slab_want_init_on_free(s)) { /* * Clear the object and the metadata, but don't touch * the redzone. @@ -1448,29 +1451,8 @@ static inline bool slab_free_freelist_ho : 0; memset((char *)object + s->inuse, 0, s->size - s->inuse - rsize); - set_freepointer(s, object, p); - p = object; - } while (object != old_tail); - } - -/* - * Compiler cannot detect this function can be removed if slab_free_hook() - * evaluates to nothing. Thus, catch all relevant config debug options here. - */ -#if defined(CONFIG_LOCKDEP) || \ - defined(CONFIG_DEBUG_KMEMLEAK) || \ - defined(CONFIG_DEBUG_OBJECTS_FREE) || \ - defined(CONFIG_KASAN) - - next = *head; - /* Head and tail of the reconstructed freelist */ - *head = NULL; - *tail = NULL; - - do { - object = next; - next = get_freepointer(s, object); + } /* If object's reuse doesn't have to be delayed */ if (!slab_free_hook(s, object)) { /* Move object to the new freelist */ @@ -1485,9 +1467,6 @@ static inline bool slab_free_freelist_ho *tail = NULL; return *head != NULL; -#else - return true; -#endif } static void *setup_object(struct kmem_cache *s, struct page *page, _ Patches currently in -mm which might be from labbott(a)redhat.com are lib-test_meminitc-add-bulk-alloc-free-tests.patch

5 years, 11 months

1
0
0 0

[merged] mm-hugetlb-switch-to-css_tryget-in-hugetlb_cgroup_charge_cgroup.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() has been removed from the -mm tree. Its filename was mm-hugetlb-switch-to-css_tryget-in-hugetlb_cgroup_charge_cgroup.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Roman Gushchin <guro(a)fb.com> Subject: mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() An exiting task might belong to an offline cgroup. In this case an attempt to grab a cgroup reference from the task can end up with an infinite loop in hugetlb_cgroup_charge_cgroup(), because neither the cgroup will become online, neither the task will be migrated to a live cgroup. Fix this by switching over to css_tryget(). As css_tryget_online() can't guarantee that the cgroup won't go offline, in most cases the check doesn't make sense. In this particular case users of hugetlb_cgroup_charge_cgroup() are not affected by this change. A similar problem is described by commit 18fa84a2db0e ("cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css()"). Link: http://lkml.kernel.org/r/20191106225131.3543616-2-guro@fb.com Signed-off-by: Roman Gushchin <guro(a)fb.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Tejun Heo <tj(a)kernel.org> Reviewed-by: Shakeel Butt <shakeelb(a)google.com> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb_cgroup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/hugetlb_cgroup.c~mm-hugetlb-switch-to-css_tryget-in-hugetlb_cgroup_charge_cgroup +++ a/mm/hugetlb_cgroup.c @@ -196,7 +196,7 @@ int hugetlb_cgroup_charge_cgroup(int idx again: rcu_read_lock(); h_cg = hugetlb_cgroup_from_task(current); - if (!css_tryget_online(&h_cg->css)) { + if (!css_tryget(&h_cg->css)) { rcu_read_unlock(); goto again; } _ Patches currently in -mm which might be from guro(a)fb.com are

5 years, 11 months

1
0
0 0

[merged] mm-memcg-switch-to-css_tryget-in-get_mem_cgroup_from_mm.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() has been removed from the -mm tree. Its filename was mm-memcg-switch-to-css_tryget-in-get_mem_cgroup_from_mm.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Roman Gushchin <guro(a)fb.com> Subject: mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() We've encountered a rcu stall in get_mem_cgroup_from_mm(): rcu: INFO: rcu_sched self-detected stall on CPU rcu: 33-....: (21000 ticks this GP) idle=6c6/1/0x4000000000000002 softirq=35441/35441 fqs=5017 (t=21031 jiffies g=324821 q=95837) NMI backtrace for cpu 33 <...> RIP: 0010:get_mem_cgroup_from_mm+0x2f/0x90 <...> __memcg_kmem_charge+0x55/0x140 __alloc_pages_nodemask+0x267/0x320 pipe_write+0x1ad/0x400 new_sync_write+0x127/0x1c0 __kernel_write+0x4f/0xf0 dump_emit+0x91/0xc0 writenote+0xa0/0xc0 elf_core_dump+0x11af/0x1430 do_coredump+0xc65/0xee0 ? unix_stream_sendmsg+0x37d/0x3b0 get_signal+0x132/0x7c0 do_signal+0x36/0x640 ? recalc_sigpending+0x17/0x50 exit_to_usermode_loop+0x61/0xd0 do_syscall_64+0xd4/0x100 entry_SYSCALL_64_after_hwframe+0x44/0xa9 The problem is caused by an exiting task which is associated with an offline memcg. We're iterating over and over in the do {} while (!css_tryget_online()) loop, but obviously the memcg won't become online and the exiting task won't be migrated to a live memcg. Let's fix it by switching from css_tryget_online() to css_tryget(). As css_tryget_online() cannot guarantee that the memcg won't go offline, the check is usually useless, except some rare cases when for example it determines if something should be presented to a user. A similar problem is described by commit 18fa84a2db0e ("cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css()"). Johannes: : The bug aside, it doesn't matter whether the cgroup is online for the : callers. It used to matter when offlining needed to evacuate all charges : from the memcg, and so needed to prevent new ones from showing up, but we : don't care now. Link: http://lkml.kernel.org/r/20191106225131.3543616-1-guro@fb.com Signed-off-by: Roman Gushchin <guro(a)fb.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Tejun Heo <tj(a)kernel.org> Reviewed-by: Shakeel Butt <shakeeb(a)google.com> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Michal Koutn <mkoutny(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memcontrol.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/memcontrol.c~mm-memcg-switch-to-css_tryget-in-get_mem_cgroup_from_mm +++ a/mm/memcontrol.c @@ -960,7 +960,7 @@ struct mem_cgroup *get_mem_cgroup_from_m if (unlikely(!memcg)) memcg = root_mem_cgroup; } - } while (!css_tryget_online(&memcg->css)); + } while (!css_tryget(&memcg->css)); rcu_read_unlock(); return memcg; } _ Patches currently in -mm which might be from guro(a)fb.com are

5 years, 11 months

1
0
0 0

[merged] mm-fix-trying-to-reclaim-unevictable-lru-page-when-calling-madvise_pageout.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: fix trying to reclaim unevictable lru page when calling madvise_pageout has been removed from the -mm tree. Its filename was mm-fix-trying-to-reclaim-unevictable-lru-page-when-calling-madvise_pageout.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: zhong jiang <zhongjiang(a)huawei.com> Subject: mm: fix trying to reclaim unevictable lru page when calling madvise_pageout Recently, I hit the following issue when running upstream. kernel BUG at mm/vmscan.c:1521! invalid opcode: 0000 [#1] SMP KASAN PTI CPU: 0 PID: 23385 Comm: syz-executor.6 Not tainted 5.4.0-rc4+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 RIP: 0010:shrink_page_list+0x12b6/0x3530 mm/vmscan.c:1521 Code: de f5 ff ff e8 ab 79 eb ff 4c 89 f7 e8 43 33 0d 00 e9 cc f5 ff ff e8 99 79 eb ff 48 c7 c6 a0 34 2b a0 4c 89 f7 e8 1a 4d 05 00 <0f> 0b e8 83 79 eb ff 48 89 d8 48 c1 e8 03 42 80 3c 38 00 0f 85 74 RSP: 0018:ffff88819a3df5a0 EFLAGS: 00010286 RAX: 0000000000040000 RBX: ffffea00061c3980 RCX: ffffffff814fba36 RDX: 00000000000056f7 RSI: ffffc9000c02c000 RDI: ffff8881f70268cc RBP: ffff88819a3df898 R08: ffffed103ee05de0 R09: ffffed103ee05de0 R10: 0000000000000001 R11: ffffed103ee05ddf R12: ffff88819a3df6f0 R13: ffff88819a3df6f0 R14: ffffea00061c3980 R15: dffffc0000000000 FS: 00007f21b9d8e700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2d621000 CR3: 00000001c8c46004 CR4: 00000000007606f0 DR0: 0000000020000140 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 PKRU: 55555554 Call Trace: reclaim_pages+0x499/0x800 mm/vmscan.c:2188 madvise_cold_or_pageout_pte_range+0x58a/0x710 mm/madvise.c:453 walk_pmd_range mm/pagewalk.c:53 [inline] walk_pud_range mm/pagewalk.c:112 [inline] walk_p4d_range mm/pagewalk.c:139 [inline] walk_pgd_range mm/pagewalk.c:166 [inline] __walk_page_range+0x45a/0xc20 mm/pagewalk.c:261 walk_page_range+0x179/0x310 mm/pagewalk.c:349 madvise_pageout_page_range mm/madvise.c:506 [inline] madvise_pageout+0x1f0/0x330 mm/madvise.c:542 madvise_vma mm/madvise.c:931 [inline] __do_sys_madvise+0x7d2/0x1600 mm/madvise.c:1113 do_syscall_64+0x9f/0x4c0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe madvise_pageout() accesses the specified range of the vma and isolates them, then runs shrink_page_list() to reclaim its memory. But it also isolates the unevictable pages to reclaim. Hence, we can catch the cases in shrink_page_list(). The root cause is that we scan the page tables instead of specific LRU list. and so we need to filter out the unevictable lru pages from our end. Link: http://lkml.kernel.org/r/1572616245-18946-1-git-send-email-zhongjiang@huawe… Fixes: 1a4e58cce84e ("mm: introduce MADV_PAGEOUT") Signed-off-by: zhong jiang <zhongjiang(a)huawei.com> Suggested-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Minchan Kim <minchan(a)kernel.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/madvise.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) --- a/mm/madvise.c~mm-fix-trying-to-reclaim-unevictable-lru-page-when-calling-madvise_pageout +++ a/mm/madvise.c @@ -363,8 +363,12 @@ static int madvise_cold_or_pageout_pte_r ClearPageReferenced(page); test_and_clear_page_young(page); if (pageout) { - if (!isolate_lru_page(page)) - list_add(&page->lru, &page_list); + if (!isolate_lru_page(page)) { + if (PageUnevictable(page)) + putback_lru_page(page); + else + list_add(&page->lru, &page_list); + } } else deactivate_page(page); huge_unlock: @@ -441,8 +445,12 @@ regular_page: ClearPageReferenced(page); test_and_clear_page_young(page); if (pageout) { - if (!isolate_lru_page(page)) - list_add(&page->lru, &page_list); + if (!isolate_lru_page(page)) { + if (PageUnevictable(page)) + putback_lru_page(page); + else + list_add(&page->lru, &page_list); + } } else deactivate_page(page); } _ Patches currently in -mm which might be from zhongjiang(a)huawei.com are mm-gup-allow-cma-migration-to-propagate-errors-back-to-caller.patch mm-split_huge_pages_fops-should-be-defined-with-define_debugfs_attribute.patch mm-cma_debug-use-define_debugfs_attribute-to-define-debugfs-fops.patch mm-hwpoison-inject-use-define_debugfs_attribute-to-define-debugfs-fops.patch

5 years, 11 months

1
0
0 0

[merged] mm-mempolicy-fix-the-wrong-return-value-and-potential-pages-leak-of-mbind.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: mempolicy: fix the wrong return value and potential pages leak of mbind has been removed from the -mm tree. Its filename was mm-mempolicy-fix-the-wrong-return-value-and-potential-pages-leak-of-mbind.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Yang Shi <yang.shi(a)linux.alibaba.com> Subject: mm: mempolicy: fix the wrong return value and potential pages leak of mbind Commit d883544515aa ("mm: mempolicy: make the behavior consistent when MPOL_MF_MOVE* and MPOL_MF_STRICT were specified") fixed the return value of mbind() for a couple of corner cases. But, it altered the errno for some other cases, for example, mbind() should return -EFAULT when part or all of the memory range specified by nodemask and maxnode points outside your accessible address space, or there was an unmapped hole in the specified memory range specified by addr and len. Fix this by preserving the errno returned by queue_pages_range(). And, the pagelist may be not empty even though queue_pages_range() returns error, put the pages back to LRU since mbind_range() is not called to really apply the policy so those pages should not be migrated, this is also the old behavior before the problematic commit. Link: http://lkml.kernel.org/r/1572454731-3925-1-git-send-email-yang.shi@linux.al… Fixes: d883544515aa ("mm: mempolicy: make the behavior consistent when MPOL_MF_MOVE* and MPOL_MF_STRICT were specified") Signed-off-by: Yang Shi <yang.shi(a)linux.alibaba.com> Reported-by: Li Xinhai <lixinhai.lxh(a)gmail.com> Reviewed-by: Li Xinhai <lixinhai.lxh(a)gmail.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: <stable(a)vger.kernel.org> [4.19 and 5.2+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mempolicy.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) --- a/mm/mempolicy.c~mm-mempolicy-fix-the-wrong-return-value-and-potential-pages-leak-of-mbind +++ a/mm/mempolicy.c @@ -672,7 +672,9 @@ static const struct mm_walk_ops queue_pa * 1 - there is unmovable page, but MPOL_MF_MOVE* & MPOL_MF_STRICT were * specified. * 0 - queue pages successfully or no misplaced page. - * -EIO - there is misplaced page and only MPOL_MF_STRICT was specified. + * errno - i.e. misplaced pages with MPOL_MF_STRICT specified (-EIO) or + * memory range specified by nodemask and maxnode points outside + * your accessible address space (-EFAULT) */ static int queue_pages_range(struct mm_struct *mm, unsigned long start, unsigned long end, @@ -1286,7 +1288,7 @@ static long do_mbind(unsigned long start flags | MPOL_MF_INVERT, &pagelist); if (ret < 0) { - err = -EIO; + err = ret; goto up_out; } @@ -1305,10 +1307,12 @@ static long do_mbind(unsigned long start if ((ret > 0) || (nr_failed && (flags & MPOL_MF_STRICT))) err = -EIO; - } else - putback_movable_pages(&pagelist); - + } else { up_out: + if (!list_empty(&pagelist)) + putback_movable_pages(&pagelist); + } + up_write(&mm->mmap_sem); mpol_out: mpol_put(new); _ Patches currently in -mm which might be from yang.shi(a)linux.alibaba.com are mm-rmap-use-vm_bug_on_page-in-__page_check_anon_rmap.patch mm-vmscan-remove-unused-scan_control-parameter-from-pageout.patch mm-migrate-handle-freed-page-at-the-first-place.patch mm-shmem-use-proper-gfp-flags-for-shmem_writepage.patch

5 years, 11 months

1
0
0 0

[PATCH] bpf, x32: Fix bug for BPF_JMP | {BPF_JSGT, BPF_JSLE, BPF_JSLT, BPF_JSGE}

by Wang YanQing

commit 711aef1bbf88212a21f7103e88f397b47a528805 upstream. The current method to compare 64-bit numbers for conditional jump is: 1) Compare the high 32-bit first. 2) If the high 32-bit isn't the same, then goto step 4. 3) Compare the low 32-bit. 4) Check the desired condition. This method is right for unsigned comparison, but it is buggy for signed comparison, because it does signed comparison for low 32-bit too. There is only one sign bit in 64-bit number, that is the MSB in the 64-bit number, it is wrong to treat low 32-bit as signed number and do the signed comparison for it. This patch fixes the bug. Note: The original commit adds a testcase in selftests/bpf for such bug, this backport patch doesn't include the testcase, because the testcase needs another upstream commit. Link: https://bugzilla.kernel.org/show_bug.cgi?id=205469 Reported-by: Tony Ambardar <itugrok(a)yahoo.com> Cc: Tony Ambardar <itugrok(a)yahoo.com> Cc: stable(a)vger.kernel.org #v4.19 Signed-off-by: Wang YanQing <udknight(a)gmail.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> --- arch/x86/net/bpf_jit_comp32.c | 221 ++++++++++++++++++++++++++-------- 1 file changed, 168 insertions(+), 53 deletions(-) diff --git a/arch/x86/net/bpf_jit_comp32.c b/arch/x86/net/bpf_jit_comp32.c index 8f6cc71e0848..85f1f11a45bf 100644 --- a/arch/x86/net/bpf_jit_comp32.c +++ b/arch/x86/net/bpf_jit_comp32.c @@ -117,6 +117,8 @@ static bool is_simm32(s64 value) #define IA32_JLE 0x7E #define IA32_JG 0x7F +#define COND_JMP_OPCODE_INVALID (0xFF) + /* * Map eBPF registers to IA32 32bit registers or stack scratch space. * @@ -1613,6 +1615,75 @@ static inline void emit_push_r64(const u8 src[], u8 **pprog) *pprog = prog; } +static u8 get_cond_jmp_opcode(const u8 op, bool is_cmp_lo) +{ + u8 jmp_cond; + + /* Convert BPF opcode to x86 */ + switch (op) { + case BPF_JEQ: + jmp_cond = IA32_JE; + break; + case BPF_JSET: + case BPF_JNE: + jmp_cond = IA32_JNE; + break; + case BPF_JGT: + /* GT is unsigned '>', JA in x86 */ + jmp_cond = IA32_JA; + break; + case BPF_JLT: + /* LT is unsigned '<', JB in x86 */ + jmp_cond = IA32_JB; + break; + case BPF_JGE: + /* GE is unsigned '>=', JAE in x86 */ + jmp_cond = IA32_JAE; + break; + case BPF_JLE: + /* LE is unsigned '<=', JBE in x86 */ + jmp_cond = IA32_JBE; + break; + case BPF_JSGT: + if (!is_cmp_lo) + /* Signed '>', GT in x86 */ + jmp_cond = IA32_JG; + else + /* GT is unsigned '>', JA in x86 */ + jmp_cond = IA32_JA; + break; + case BPF_JSLT: + if (!is_cmp_lo) + /* Signed '<', LT in x86 */ + jmp_cond = IA32_JL; + else + /* LT is unsigned '<', JB in x86 */ + jmp_cond = IA32_JB; + break; + case BPF_JSGE: + if (!is_cmp_lo) + /* Signed '>=', GE in x86 */ + jmp_cond = IA32_JGE; + else + /* GE is unsigned '>=', JAE in x86 */ + jmp_cond = IA32_JAE; + break; + case BPF_JSLE: + if (!is_cmp_lo) + /* Signed '<=', LE in x86 */ + jmp_cond = IA32_JLE; + else + /* LE is unsigned '<=', JBE in x86 */ + jmp_cond = IA32_JBE; + break; + default: /* to silence GCC warning */ + jmp_cond = COND_JMP_OPCODE_INVALID; + break; + } + + return jmp_cond; +} + static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image, int oldproglen, struct jit_context *ctx) { @@ -2068,11 +2139,7 @@ static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image, case BPF_JMP | BPF_JGT | BPF_X: case BPF_JMP | BPF_JLT | BPF_X: case BPF_JMP | BPF_JGE | BPF_X: - case BPF_JMP | BPF_JLE | BPF_X: - case BPF_JMP | BPF_JSGT | BPF_X: - case BPF_JMP | BPF_JSLE | BPF_X: - case BPF_JMP | BPF_JSLT | BPF_X: - case BPF_JMP | BPF_JSGE | BPF_X: { + case BPF_JMP | BPF_JLE | BPF_X: { u8 dreg_lo = dstk ? IA32_EAX : dst_lo; u8 dreg_hi = dstk ? IA32_EDX : dst_hi; u8 sreg_lo = sstk ? IA32_ECX : src_lo; @@ -2099,6 +2166,40 @@ static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image, EMIT2(0x39, add_2reg(0xC0, dreg_lo, sreg_lo)); goto emit_cond_jmp; } + case BPF_JMP | BPF_JSGT | BPF_X: + case BPF_JMP | BPF_JSLE | BPF_X: + case BPF_JMP | BPF_JSLT | BPF_X: + case BPF_JMP | BPF_JSGE | BPF_X: { + u8 dreg_lo = dstk ? IA32_EAX : dst_lo; + u8 dreg_hi = dstk ? IA32_EDX : dst_hi; + u8 sreg_lo = sstk ? IA32_ECX : src_lo; + u8 sreg_hi = sstk ? IA32_EBX : src_hi; + + if (dstk) { + EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_EAX), + STACK_VAR(dst_lo)); + EMIT3(0x8B, + add_2reg(0x40, IA32_EBP, + IA32_EDX), + STACK_VAR(dst_hi)); + } + + if (sstk) { + EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_ECX), + STACK_VAR(src_lo)); + EMIT3(0x8B, + add_2reg(0x40, IA32_EBP, + IA32_EBX), + STACK_VAR(src_hi)); + } + + /* cmp dreg_hi,sreg_hi */ + EMIT2(0x39, add_2reg(0xC0, dreg_hi, sreg_hi)); + EMIT2(IA32_JNE, 10); + /* cmp dreg_lo,sreg_lo */ + EMIT2(0x39, add_2reg(0xC0, dreg_lo, sreg_lo)); + goto emit_cond_jmp_signed; + } case BPF_JMP | BPF_JSET | BPF_X: { u8 dreg_lo = dstk ? IA32_EAX : dst_lo; u8 dreg_hi = dstk ? IA32_EDX : dst_hi; @@ -2159,11 +2260,7 @@ static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image, case BPF_JMP | BPF_JGT | BPF_K: case BPF_JMP | BPF_JLT | BPF_K: case BPF_JMP | BPF_JGE | BPF_K: - case BPF_JMP | BPF_JLE | BPF_K: - case BPF_JMP | BPF_JSGT | BPF_K: - case BPF_JMP | BPF_JSLE | BPF_K: - case BPF_JMP | BPF_JSLT | BPF_K: - case BPF_JMP | BPF_JSGE | BPF_K: { + case BPF_JMP | BPF_JLE | BPF_K: { u32 hi; u8 dreg_lo = dstk ? IA32_EAX : dst_lo; u8 dreg_hi = dstk ? IA32_EDX : dst_hi; @@ -2189,50 +2286,9 @@ static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image, /* cmp dreg_lo,sreg_lo */ EMIT2(0x39, add_2reg(0xC0, dreg_lo, sreg_lo)); -emit_cond_jmp: /* Convert BPF opcode to x86 */ - switch (BPF_OP(code)) { - case BPF_JEQ: - jmp_cond = IA32_JE; - break; - case BPF_JSET: - case BPF_JNE: - jmp_cond = IA32_JNE; - break; - case BPF_JGT: - /* GT is unsigned '>', JA in x86 */ - jmp_cond = IA32_JA; - break; - case BPF_JLT: - /* LT is unsigned '<', JB in x86 */ - jmp_cond = IA32_JB; - break; - case BPF_JGE: - /* GE is unsigned '>=', JAE in x86 */ - jmp_cond = IA32_JAE; - break; - case BPF_JLE: - /* LE is unsigned '<=', JBE in x86 */ - jmp_cond = IA32_JBE; - break; - case BPF_JSGT: - /* Signed '>', GT in x86 */ - jmp_cond = IA32_JG; - break; - case BPF_JSLT: - /* Signed '<', LT in x86 */ - jmp_cond = IA32_JL; - break; - case BPF_JSGE: - /* Signed '>=', GE in x86 */ - jmp_cond = IA32_JGE; - break; - case BPF_JSLE: - /* Signed '<=', LE in x86 */ - jmp_cond = IA32_JLE; - break; - default: /* to silence GCC warning */ +emit_cond_jmp: jmp_cond = get_cond_jmp_opcode(BPF_OP(code), false); + if (jmp_cond == COND_JMP_OPCODE_INVALID) return -EFAULT; - } jmp_offset = addrs[i + insn->off] - addrs[i]; if (is_imm8(jmp_offset)) { EMIT2(jmp_cond, jmp_offset); @@ -2242,7 +2298,66 @@ static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image, pr_err("cond_jmp gen bug %llx\n", jmp_offset); return -EFAULT; } + break; + } + case BPF_JMP | BPF_JSGT | BPF_K: + case BPF_JMP | BPF_JSLE | BPF_K: + case BPF_JMP | BPF_JSLT | BPF_K: + case BPF_JMP | BPF_JSGE | BPF_K: { + u8 dreg_lo = dstk ? IA32_EAX : dst_lo; + u8 dreg_hi = dstk ? IA32_EDX : dst_hi; + u8 sreg_lo = IA32_ECX; + u8 sreg_hi = IA32_EBX; + u32 hi; + if (dstk) { + EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_EAX), + STACK_VAR(dst_lo)); + EMIT3(0x8B, + add_2reg(0x40, IA32_EBP, + IA32_EDX), + STACK_VAR(dst_hi)); + } + + /* mov ecx,imm32 */ + EMIT2_off32(0xC7, add_1reg(0xC0, IA32_ECX), imm32); + hi = imm32 & (1 << 31) ? (u32)~0 : 0; + /* mov ebx,imm32 */ + EMIT2_off32(0xC7, add_1reg(0xC0, IA32_EBX), hi); + /* cmp dreg_hi,sreg_hi */ + EMIT2(0x39, add_2reg(0xC0, dreg_hi, sreg_hi)); + EMIT2(IA32_JNE, 10); + /* cmp dreg_lo,sreg_lo */ + EMIT2(0x39, add_2reg(0xC0, dreg_lo, sreg_lo)); + + /* + * For simplicity of branch offset computation, + * let's use fixed jump coding here. + */ +emit_cond_jmp_signed: /* Check the condition for low 32-bit comparison */ + jmp_cond = get_cond_jmp_opcode(BPF_OP(code), true); + if (jmp_cond == COND_JMP_OPCODE_INVALID) + return -EFAULT; + jmp_offset = addrs[i + insn->off] - addrs[i] + 8; + if (is_simm32(jmp_offset)) { + EMIT2_off32(0x0F, jmp_cond + 0x10, jmp_offset); + } else { + pr_err("cond_jmp gen bug %llx\n", jmp_offset); + return -EFAULT; + } + EMIT2(0xEB, 6); + + /* Check the condition for high 32-bit comparison */ + jmp_cond = get_cond_jmp_opcode(BPF_OP(code), false); + if (jmp_cond == COND_JMP_OPCODE_INVALID) + return -EFAULT; + jmp_offset = addrs[i + insn->off] - addrs[i]; + if (is_simm32(jmp_offset)) { + EMIT2_off32(0x0F, jmp_cond + 0x10, jmp_offset); + } else { + pr_err("cond_jmp gen bug %llx\n", jmp_offset); + return -EFAULT; + } break; } case BPF_JMP | BPF_JA: -- 2.17.1

5 years, 11 months

3
2
0 0

Back-porting request

by Stephen Suryaputra

Hello, I'm requesting this commit to be back-ported to v4.14: --- commit 5b18f1289808fee5d04a7e6ecf200189f41a4db6 Author: Stephen Suryaputra <ssuryaextr(a)gmail.com> Date: Wed Jun 26 02:21:16 2019 -0400 ipv4: reset rt_iif for recirculated mcast/bcast out pkts Multicast or broadcast egress packets have rt_iif set to the oif. These packets might be recirculated back as input and lookup to the raw sockets may fail because they are bound to the incoming interface (skb_iif). If rt_iif is not zero, during the lookup, inet_iif() function returns rt_iif instead of skb_iif. Hence, the lookup fails. v2: Make it non vrf specific (David Ahern). Reword the changelog to reflect it. Signed-off-by: Stephen Suryaputra <ssuryaextr(a)gmail.com> Reviewed-by: David Ahern <dsahern(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> --- We found the issue in that release and the above commit is on linux-stable. On the discussion behind this commit, please see: https://www.spinics.net/lists/netdev/msg581045.html I think after the following diff is needed on top of the above commit for v4.14: --- diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 4d85a4fdfdb0..ad2718c1624e 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1623,11 +1623,8 @@ struct rtable *rt_dst_clone(struct net_device *dev, struct rtable *rt) new_rt->rt_iif = rt->rt_iif; new_rt->rt_pmtu = rt->rt_pmtu; new_rt->rt_mtu_locked = rt->rt_mtu_locked; - new_rt->rt_gw_family = rt->rt_gw_family; - if (rt->rt_gw_family == AF_INET) - new_rt->rt_gw4 = rt->rt_gw4; - else if (rt->rt_gw_family == AF_INET6) - new_rt->rt_gw6 = rt->rt_gw6; + new_rt->rt_gateway = rt->rt_gateway; + new_rt->rt_table_id = rt->rt_table_id; INIT_LIST_HEAD(&new_rt->rt_uncached); new_rt->dst.flags |= DST_HOST; --- Thank you, Stephen.

5 years, 11 months

4
3
0 0

[PATCH 3.16 00/83] 3.16.78-rc1 review

by Ben Hutchings

This is the start of the stable review cycle for the 3.16.78 release. There are 83 patches in this series, which will be posted as responses to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Nov 22 15:37:10 UTC 2019. Anything received after that time might be too late. All the patches have also been committed to the linux-3.16.y-rc branch of https://git.kernel.org/pub/scm/linux/kernel/git/bwh/linux-stable-rc.git . A shortlog and diffstat can be found below. Ben. ------------- Alan Stern (1): USB: core: Fix races in character device registration and deregistraion [303911cfc5b95d33687d9046133ff184cf5043ff] Andreas Koop (1): mmc: mmc_spi: Enable stable writes [3a6ffb3c8c3274a39dc8f2514526e645c5d21753] Bandan Das (1): x86/apic: Do not initialize LDR and DFR for bigsmp [bae3a8d3308ee69a7dbdf145911b18dfda8ade0d] Björn Gerhart (1): hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 [f3d43e2e45fd9d44ba52d20debd12cd4ee9c89bf] Charles Keepax (1): ALSA: compress: Fix regression on compressed capture streams [4475f8c4ab7b248991a60d9c02808dbb813d6be8] Christophe JAILLET (3): ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' [d23dbc479a8e813db4161a695d67da0e36557846] net: seeq: Fix the function used to release some memory in an error handling path [e1e54ec7fb55501c33b117c111cb0a045b8eded2] sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' [b456d72412ca8797234449c25815e82f4e1426c0] Cong Wang (1): sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero [d4d6ec6dac07f263f06d847d6f732d6855522845] Dave Wysochanski (1): cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic [cb248819d209d113e45fed459773991518e8e80b] Dirk Morris (1): netfilter: conntrack: Use consistent ct id hash calculation [656c8e9cc1badbc18eefe6ba01d33ebbcae61b9a] Dou Liyang (1): x86/apic: Drop logical_smp_processor_id() inline [8f1561680f42a5491b371b513f1ab8197f31fd62] Eric Dumazet (2): mld: fix memory leak in mld_del_delrec() [a84d016479896b5526a2cc54784e6ffc41c9d6f6] net/packet: fix race in tpacket_snd() [32d3182cd2cd29b2e7e04df7b0db350fbe11289f] Fuqian Huang (1): KVM: x86: work around leak of uninitialized stack contents [541ab2aeb28251bf7135c7961f3a6080eebcc705] Gustavo A. R. Silva (1): sh: kernel: hw_breakpoint: Fix missing break in switch statement [1ee1119d184bb06af921b48c3021d921bbd85bac] Hans de Goede (1): x86/sysfb_efi: Add quirks for some devices with swapped width and height [d02f1aa39189e0619c3525d5cd03254e61bf606a] Hans van Kranenburg (2): btrfs: alloc_chunk: fix more DUP stripe size handling [baf92114c7e6dd6124aa3d506e4bc4b694da3bc3] btrfs: partially apply b8b93addde [b8b93addde1e0192b045da8995e296fc1e40c80f] Henk van der Laan (1): usb-storage: Add new JMS567 revision to unusual_devs [08d676d1685c2a29e4d0e1b0242324e564d4589e] Hillf Danton (1): keys: Fix missing null pointer check in request_key_auth_describe() [d41a3effbb53b1bcea41e328d16a4d046a508381] Ian Abbott (2): staging: comedi: dt3000: Fix rounding up of timer divisor [8e2a589a3fc36ce858d42e767c3bcd8fc62a512b] staging: comedi: dt3000: Fix signed integer overflow 'divider * base' [b4d98bc3fc93ec3a58459948a2c0e0c9b501cd88] Jan Beulich (1): x86/apic/32: Avoid bogus LDR warnings [fe6f85ca121e9c74e7490fe66b0c5aae38e332c3] Jann Horn (1): sched/fair: Don't free p->numa_faults with concurrent readers [16d51a590a8ce3befb1308e0e7ab77f3b661af33] Jia-Ju Bai (1): net: sched: Fix a possible null-pointer dereference in dequeue_func() [051c7b39be4a91f6b7d8c4548444e4b850f1f56c] Jiri Pirko (1): net: fix ifindex collision during namespace removal [55b40dbf0e76b4bfb9d8b3a16a0208640a9a45df] Juergen Gross (1): xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() [50f6393f9654c561df4cdcf8e6cfba7260143601] Kai-Heng Feng (2): USB: storage: ums-realtek: Update module parameter description for auto_delink_en [f6445b6b2f2bb1745080af4a0926049e8bca2617] USB: storage: ums-realtek: Whitelist auto-delink support [1902a01e2bcc3abd7c9a18dc05e78c7ab4a53c54] Kees Cook (1): libata: zpodd: Fix small read overflow in zpodd_get_mech_type() [71d6c505b4d9e6f76586350450e785e3d452b346] Kefeng Wang (1): hpet: Fix division by zero in hpet_time_div() [0c7d37f4d9b8446956e97b7c5e61173cdb7c8522] Liangyan (1): sched/fair: Don't assign runtime for throttled cfs_rq [5e2d2cc2588bd3307ce3937acbc2ed03c830a861] Mikulas Patocka (1): dm table: fix invalid memory accesses with too high sector number [1cfd5d3399e87167b7f9157ef99daa0e959f395d] Nadav Amit (1): VMCI: Release resource if the work is already queued [ba03a9bbd17b149c373c0ea44017f35fc2cd0f28] Nathan Chancellor (1): net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx [125b7e0949d4e72b15c2b1a1590f8cece985a918] Neal Cardwell (1): tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR [af38d07ed391b21f7405fa1f936ca9686787d6d2] Nigel Croxon (1): md/raid: raid5 preserve the writeback action after the parity check [b2176a1dfb518d870ee073445d27055fea64dfb8] Nikolay Aleksandrov (1): net: bridge: mcast: don't delete permanent entries when fast leave is enabled [5c725b6b65067909548ac9ca9bc777098ec9883d] Oliver Neukum (2): USB: cdc-wdm: fix race between write and disconnect due to flag abuse [1426bd2c9f7e3126e2678e7469dca9fd9fc6dd3e] usb: cdc-acm: make sure a refcount is taken early enough [c52873e5a1ef72f845526d9f6a50704433f9c625] Ondrej Mosnacek (1): selinux: fix memory leak in policydb_init() [45385237f65aeee73641f1ef737d7273905a233f] Paolo Bonzini (1): KVM: nVMX: handle page fault in vmread [f7eea636c3d505fe6f1d1066234f1aaf7171b681] Pavel Shilovsky (2): CIFS: Fix use after free of file info structures [1a67c415965752879e2e9fad407bc44fc7f25f23] SMB3: Fix deadlock in validate negotiate hits reconnect [e99c63e4d86d3a94818693147b469fa70de6f945] Peter Zijlstra (1): tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop [952041a8639a7a3a73a2b6573cb8aa8518bc39f8] Phong Tran (1): usb: wusbcore: fix unbalanced get/put cluster_id [f90bf1ece48a736097ea224430578fe586a9544c] Qian Cai (1): asm-generic: fix -Wtype-limits compiler warnings [cbedfe11347fe418621bd188d58a206beb676218] Qu Wenruo (1): btrfs: volumes: Cleanup stripe size calculation [793ff2c88c6397b3531c08cc4f920619b56a9def] Ricardo Neri (1): ptrace,x86: Make user_64bit_mode() available to 32-bit builds [e27c310af5c05cf876d9cad006928076c27f54d4] Robert Hodaszi (1): Revert "cfg80211: fix processing world regdomain when non modular" [0d31d4dbf38412f5b8b11b4511d07b840eebe8cb] Ryan Kennedy (1): usb: pci-quirks: Correct AMD PLL quirk detection [f3dccdaade4118070a3a47bef6b18321431f9ac6] Sean Christopherson (1): x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386 [b63f20a778c88b6a04458ed6ffc69da953d3a109] Sebastian Mayr (1): uprobes/x86: Fix detection of 32-bit user mode [9212ec7d8357ea630031e89d0d399c761421c83b] Stefan Haberland (1): s390/dasd: fix endless loop after read unit address configuration [41995342b40c418a47603e1321256d2c4a2ed0fb] Stephane Grosjean (1): can: peak_usb: fix potential double kfree_skb() [fee6a8923ae0d318a7f7950c6c6c28a96cea099b] Steve French (1): smb3: send CAP_DFS capability during session setup [8d33096a460d5b9bd13300f01615df5bb454db10] Subash Abhinov Kasiviswanathan (1): net: Fix null de-reference of device refcount [10cc514f451a0f239aa34f91bc9dc954a9397840] Sudarsana Reddy Kalluru (1): bnx2x: Disable multi-cos feature. [d1f0b5dce8fda09a7f5f04c1878f181d548e42f5] Suzuki K Poulose (1): usb: yurex: Fix use-after-free in yurex_delete [fc05481b2fcabaaeccf63e32ac1baab54e5b6963] Sven Eckelmann (1): batman-adv: Only read OGM tvlv_len after buffer len check [a15d56a60760aa9dbe26343b9a0ac5228f35d445] Takashi Iwai (2): ALSA: hda - Fix potential endless loop at applying quirks [333f31436d3db19f4286f8862a00ea1d8d8420a1] ALSA: seq: Fix potential concurrent access to the deleted pool [75545304eba6a3d282f923b96a466dc25a81e359] Thadeu Lima de Souza Cascardo (1): alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP [f18ddc13af981ce3c7b7f26925f099e7c6929aba] Tiwei Bie (1): vhost/test: fix build for vhost test [264b563b8675771834419057cbe076c1a41fb666] Tomas Bortoli (1): can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices [ead16e53c2f0ed946d82d4037c630e2f60f4ab69] Tony Lindgren (1): USB: serial: option: Add Motorola modem UARTs [6caf0be40a707689e8ff8824fdb96ef77685b1ba] Trond Myklebust (1): NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() [c77e22834ae9a11891cb613bd9a551be1b94f2bc] Ulf Hansson (1): mmc: core: Fix init of SD cards reporting an invalid VDD range [72741084d903e65e121c27bd29494d941729d4a1] Vidya Sagar (1): PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 [7be142caabc4780b13a522c485abc806de5c4114] Wenwen Wang (3): ALSA: firewire: fix a memory leak bug [1be3c1fae6c1e1f5bb982b255d2034034454527a] ALSA: hda - Fix a memory leak bug [cfef67f016e4c00a2f423256fc678a6967a9fc09] sound: fix a memory leak bug [c7cd7c748a3250ca33509f9235efab9c803aca09] Will Deacon (1): arm64: compat: Allow single-byte watchpoints on all addresses [849adec41203ac5837c40c2d7e08490ffdef3c2c] Xin Long (2): sctp: fix the transport error_count check [a1794de8b92ea6bc2037f445b296814ac826693e] sctp: use transport pf_retrans in sctp_do_8_2_transport_strike [10eb56c582c557c629271f1ee31e15e7a9b2558b] Yang Yingliang (1): tun: fix use-after-free when register netdev failed [77f22f92dff8e7b45c7786a430626d38071d4670] Yoshiaki Okamoto (1): USB: serial: option: Add support for ZTE MF871A [7e7ae38bf928c5cfa6dd6e9a2cf8b42c84a27c92] Yoshihiro Shimoda (1): usb: host: ohci: fix a race condition between shutdown and irq [a349b95d7ca0cea71be4a7dac29830703de7eb62] Yunfeng Ye (1): genirq: Prevent NULL pointer dereference in resend_irqs() [eddf3e9c7c7e4d0707c68d1bb22cc6ec8aef7d4a] ZhangXiaoxu (2): dm btree: fix order of block initialization in btree_split_beneath [e4f9d6013820d1eba1432d51dd1c5795759aa77f] dm space map metadata: fix missing store of apply_bops() return value [ae148243d3f0816b37477106c05a2ec7d5f32614] Zhenzhong Duan (1): x86/speculation/mds: Apply more accurate check on hypervisor platform [517c3ba00916383af6411aec99442c307c23f684] Makefile | 4 +- arch/arm64/kernel/hw_breakpoint.c | 7 +-- arch/sh/kernel/hw_breakpoint.c | 1 + arch/x86/include/asm/nospec-branch.h | 2 +- arch/x86/include/asm/ptrace.h | 6 ++- arch/x86/include/asm/smp.h | 10 ----- arch/x86/kernel/apic/apic.c | 25 ++++++----- arch/x86/kernel/apic/bigsmp_32.c | 24 +---------- arch/x86/kernel/cpu/bugs.c | 4 +- arch/x86/kernel/sysfb_efi.c | 46 ++++++++++++++++++++ arch/x86/kernel/uprobes.c | 17 +++++--- arch/x86/kvm/vmx.c | 7 ++- arch/x86/kvm/x86.c | 7 +++ drivers/ata/libata-zpodd.c | 2 +- drivers/char/hpet.c | 3 +- drivers/hwmon/nct6775.c | 3 +- drivers/md/dm-table.c | 5 ++- drivers/md/persistent-data/dm-btree.c | 31 +++++++------- drivers/md/persistent-data/dm-space-map-metadata.c | 2 +- drivers/md/raid5.c | 10 ++++- drivers/misc/vmw_vmci/vmci_doorbell.c | 6 ++- drivers/mmc/card/queue.c | 5 +++ drivers/mmc/core/sd.c | 6 +++ drivers/net/can/usb/peak_usb/pcan_usb_core.c | 8 ++-- drivers/net/can/usb/peak_usb/pcan_usb_pro.c | 2 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 2 +- drivers/net/ethernet/seeq/sgiseeq.c | 7 +-- drivers/net/ethernet/toshiba/tc35815.c | 2 +- drivers/net/tun.c | 17 +++++--- drivers/pci/host/pci-tegra.c | 7 ++- drivers/s390/block/dasd_alias.c | 22 +++++++--- drivers/staging/comedi/drivers/dt3000.c | 8 ++-- drivers/tty/tty_ldsem.c | 5 +-- drivers/usb/class/cdc-acm.c | 18 ++++---- drivers/usb/class/cdc-wdm.c | 16 +++++-- drivers/usb/core/file.c | 10 ++--- drivers/usb/host/hwa-hc.c | 2 +- drivers/usb/host/ohci-hcd.c | 13 +++++- drivers/usb/host/pci-quirks.c | 31 ++++++++------ drivers/usb/misc/yurex.c | 2 +- drivers/usb/serial/option.c | 6 +++ drivers/usb/storage/realtek_cr.c | 15 ++++--- drivers/usb/storage/unusual_devs.h | 2 +- drivers/vhost/test.c | 13 ++++-- drivers/xen/swiotlb-xen.c | 4 +- fs/btrfs/volumes.c | 22 +++++----- fs/cifs/file.c | 33 ++++++-------- fs/cifs/smb2pdu.c | 7 ++- fs/exec.c | 2 +- fs/nfs/nfs4_fs.h | 3 +- fs/nfs/nfs4client.c | 5 ++- fs/nfs/nfs4state.c | 27 +++++++++--- include/asm-generic/getorder.h | 50 +++++++++------------- include/linux/sched.h | 4 +- include/sound/compress_driver.h | 5 +-- kernel/fork.c | 2 +- kernel/irq/resend.c | 2 + kernel/sched/fair.c | 37 +++++++++++++--- kernel/time/alarmtimer.c | 8 ++-- net/batman-adv/bat_iv_ogm.c | 18 +++++--- net/bridge/br_multicast.c | 3 ++ net/core/dev.c | 4 ++ net/ipv4/tcp_input.c | 2 +- net/ipv6/mcast.c | 5 ++- net/ipv6/ping.c | 2 +- net/netfilter/nf_conntrack_core.c | 16 +++---- net/packet/af_packet.c | 7 +++ net/sched/sch_codel.c | 3 +- net/sched/sch_hhf.c | 2 +- net/sctp/protocol.c | 2 +- net/sctp/sm_sideeffect.c | 4 +- net/wireless/reg.c | 2 +- security/keys/request_key_auth.c | 6 +++ security/selinux/ss/policydb.c | 6 ++- sound/core/compress_offload.c | 16 ++++--- sound/core/seq/seq_clientmgr.c | 3 +- sound/core/seq/seq_fifo.c | 17 ++++++++ sound/core/seq/seq_fifo.h | 2 + sound/firewire/packets-buffer.c | 2 +- sound/pci/hda/hda_auto_parser.c | 4 +- sound/pci/hda/hda_generic.c | 2 +- sound/sound_core.c | 3 +- 82 files changed, 497 insertions(+), 286 deletions(-) -- Ben Hutchings Theory and practice are closer in theory than in practice - John Levine

5 years, 11 months

3
87
0 0

[PATCH website] releases: Extend 3.16 EOL to match Debian 8

by Ben Hutchings

I'm maintaining 3.16 primarily for Debian 8. I originally expected that to have an EOL of April 2020 but it's actually June. Signed-off-by: Ben Hutchings <ben(a)decadent.org.uk> --- content/releases.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/releases.rst b/content/releases.rst index dbbe0d69db9d..0908fd090cdc 100644 --- a/content/releases.rst +++ b/content/releases.rst @@ -45,7 +45,7 @@ Longterm 4.14 Greg Kroah-Hartman & Sasha Levin 2017-11-12 Jan, 2024 4.9 Greg Kroah-Hartman & Sasha Levin 2016-12-11 Jan, 2023 4.4 Greg Kroah-Hartman & Sasha Levin 2016-01-10 Feb, 2022 - 3.16 Ben Hutchings 2014-08-03 Apr, 2020 + 3.16 Ben Hutchings 2014-08-03 Jun, 2020 ======== ================================ ============ ================== Distribution kernels

5 years, 11 months

3
3
0 0

[PATCH] arm64: dts: agilex/stratix10: fix pmu interrupt numbers

by Dinh Nguyen

Fix up the correct interrupt numbers for the PMU unit on Agilex and Stratix10. Fixes: 78cd6a9d8e15 ("arm64: dts: Add base stratix 10 dtsi") Cc: linux-stable <stable(a)vger.kernel.org> Reported-by: Meng Li <Meng.Li(a)windriver.com> Signed-off-by: Dinh Nguyen <dinguyen(a)kernel.org> --- arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 8 ++++---- arch/arm64/boot/dts/intel/socfpga_agilex.dtsi | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi index 144a2c19ac02..d1fc9c2055f4 100644 --- a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi +++ b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi @@ -61,10 +61,10 @@ pmu { compatible = "arm,armv8-pmuv3"; - interrupts = <0 120 8>, - <0 121 8>, - <0 122 8>, - <0 123 8>; + interrupts = <0 170 4>, + <0 171 4>, + <0 172 4>, + <0 173 4>; interrupt-affinity = <&cpu0>, <&cpu1>, <&cpu2>, diff --git a/arch/arm64/boot/dts/intel/socfpga_agilex.dtsi b/arch/arm64/boot/dts/intel/socfpga_agilex.dtsi index ef66e90e2d7a..e1d357eaad7c 100644 --- a/arch/arm64/boot/dts/intel/socfpga_agilex.dtsi +++ b/arch/arm64/boot/dts/intel/socfpga_agilex.dtsi @@ -60,10 +60,10 @@ pmu { compatible = "arm,armv8-pmuv3"; - interrupts = <0 120 8>, - <0 121 8>, - <0 122 8>, - <0 123 8>; + interrupts = <0 170 4>, + <0 171 4>, + <0 172 4>, + <0 173 4>; interrupt-affinity = <&cpu0>, <&cpu1>, <&cpu2>, -- 2.24.0

5 years, 11 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror