December 2017 - Linux-stable-mirror

[Linux-stable-mirror] [GIT PULL] commits for Linux 4.14

by alexander.levin＠verizon.com

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 64138f0adb25ca8f34baa57af33260b05efe2874: Linux 4.14.5 (2017-12-10 13:40:45 +0100) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-11122017 for you to fetch changes up to b3ba2e1ad223f53af892a09142cf9ecada07c576: x86/intel_rdt: Fix potential deadlock during resctrl unmount (2017-12-11 19:32:06 -0500) - ---------------------------------------------------------------- for-greg-4.14-11122017 - ---------------------------------------------------------------- Alexey Kodanev (1): gre6: use log_ecn_error module parameter in ip6_tnl_rcv() Arvind Yadav (1): atm: horizon: Fix irq release error Bart Van Assche (1): blk-mq: Avoid that request queue removal can trigger list corruption Ben Hutchings (1): mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() Chao Yu (1): f2fs: fix to clear FI_NO_PREALLOC Christophe JAILLET (1): drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' Chuck Lever (1): sunrpc: Fix rpc_task_begin trace point Colin Ian King (2): irqchip/qcom: Fix u32 comparison with value less than zero rsi: fix memory leak on buf and usb_reg_buf Darrick J. Wong (1): xfs: fix forgotten rcu read unlock when skipping inode reclaim Dave Hansen (1): x86/mpx/selftests: Fix up weird arrays David Ahern (1): net: ipv6: Fixup device for anycast routes during copy David Howells (2): afs: Fix total-length calculation for multiple-page send afs: Connect up the CB.ProbeUuid Dirk van der Merwe (1): nfp: inherit the max_mtu from the PF netdev Eric Dumazet (1): bpf: fix lockdep splat Gabriel Fernandez (1): clk: stm32h7: fix test of clock config Hangbin Liu (1): geneve: fix fill_info when link down Heinz Mauelshagen (1): dm raid: fix panic when attempting to force a raid to sync Herbert Xu (1): xfrm: Copy policy family in clone_policy Hongxu Jia (1): ide: ide-atapi: fix compile error with defining macro DEBUG Ilya Lesokhin (1): tls: Use kzalloc for aead_request allocation Israel Rukshin (1): nvmet-rdma: update queue list during ib_device removal Jason Baron (1): jump_label: Invoke jump_label_test() via early_initcall() Jeff Layton (1): fcntl: don't leak fd reference when fixup_compat_flock fails Joe Lawrence (1): pipe: match pipe_max_size data type with procfs Johan Hovold (2): dt-bindings: usb: fix reg-property port-number range clk: qcom: common: fix legacy board-clock registration John Johansen (1): apparmor: fix leak of null profile name if profile allocation fails Keefe Liu (1): ipvlan: fix ipv6 outbound device Leon Romanovsky (1): RDMA/cxgb4: Annotate r2 and stag as __be32 Madhavan Srinivasan (1): powerpc/perf: Fix pmu_count to count only nest imc pmus Majd Dibbiny (1): IB/mlx5: Assign send CQ and recv CQ of UMR QP Mark Bloch (1): IB/mlx4: Increase maximal message size under UD QP Masahiro Yamada (5): kbuild: pkg: use --transform option to prefix paths in tar coccinelle: fix parallel build with CHECK=scripts/coccicheck clk: uniphier: fix DAPLL2 clock rate of Pro5 kbuild: rpm-pkg: fix jobserver unavailable warning kbuild: do not call cc-option before KBUILD_CFLAGS initialization Miles Chen (1): slub: fix sysfs duplicate filename creation when slub_debug=O Ming Lei (1): block: wake up all tasks blocked in get_request() Mylene JOSSERAND (1): clk: sunxi-ng: a83t: Fix i2c buses bits Neal Cardwell (1): tcp: when scheduling TLP, time of RTO should account for current ACK Nicolas Dichtel (1): ipv6: set all.accept_dad to 0 by default Paul Moore (1): audit: ensure that 'audit=1' actually enables audit for PID 1 Pavel Tatashin (1): sparc64/mm: set fields in deferred pages Pieter Jansen van Vuuren (1): nfp: fix flower offload metadata flag usage Randy Dunlap (1): dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 Reinette Chatre (1): x86/intel_rdt: Fix potential deadlock during resctrl unmount Sebastian Sjoholm (1): net: qmi_wwan: add Quectel BG96 2c7c:0296 Sergey Senozhatsky (1): zsmalloc: calling zs_map_object() from irq is a bug Sriharsha Basavapatna (1): bnxt_re: changing the ip address shouldn't affect new connections Stephen Bates (1): lib/genalloc.c: make the avail variable an atomic_long_t Steve Grubb (1): audit: Allow auditd to set pid to 0 to end auditing Sudeep Holla (1): mailbox: mailbox-test: don't rely on rx_buffer content to signal data ready Trond Myklebust (1): NFS: Fix a typo in nfs_rename() Ursula Braun (1): net/smc: use sk_rcvbuf as start for rmb creation Vaidyanathan Srinivasan (1): powerpc/powernv/idle: Round up latency and residency values Xin Long (5): tun: fix rcu_read_lock imbalance in tun_build_skb route: also update fnhe_genid when updating a route cache route: update fnhe_expires for redirect when the fnhe exists sctp: do not free asoc when it is already dead in sctp_sendmsg sctp: use the right sk after waking up from wait_buf sleep Zdenek Kabelac (1): md: free unused memory after bitmap resize Zhong Kaihua (1): clk: hi3660: fix incorrect uart3 clock freqency .../devicetree/bindings/usb/usb-device.txt | 2 +- Makefile | 21 ++++++------ arch/powerpc/platforms/powernv/opal-imc.c | 6 ++-- arch/sparc/mm/init_64.c | 9 ++++- arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 10 +++--- block/blk-core.c | 5 +-- drivers/atm/horizon.c | 2 +- drivers/clk/clk-stm32h7.c | 4 +-- drivers/clk/hisilicon/clk-hi3660.c | 2 +- drivers/clk/qcom/common.c | 6 ++-- drivers/clk/sunxi-ng/ccu-sun8i-a83t.c | 4 +-- drivers/clk/uniphier/clk-uniphier-sys.c | 2 +- drivers/cpuidle/cpuidle-powernv.c | 4 +-- drivers/ide/ide-atapi.c | 6 ++-- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 1 + drivers/infiniband/hw/cxgb4/t4fw_ri_api.h | 4 +-- drivers/infiniband/hw/mlx4/qp.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 2 ++ drivers/irqchip/qcom-irq-combiner.c | 2 +- drivers/mailbox/mailbox-test.c | 11 +++--- drivers/md/bitmap.c | 9 +++++ drivers/md/dm-raid.c | 21 ++++++------ drivers/net/ethernet/netronome/nfp/flower/main.h | 3 +- .../net/ethernet/netronome/nfp/flower/metadata.c | 7 ++-- drivers/net/ethernet/netronome/nfp/nfp_net_repr.c | 2 ++ drivers/net/geneve.c | 24 ++++++------- drivers/net/ipvlan/ipvlan_core.c | 2 +- drivers/net/tun.c | 3 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/mac80211_hwsim.c | 5 ++- drivers/net/wireless/rsi/rsi_91x_usb.c | 12 +++---- drivers/nvme/target/rdma.c | 6 ++-- drivers/rapidio/devices/rio_mport_cdev.c | 3 +- fs/afs/cmservice.c | 3 ++ fs/afs/rxrpc.c | 13 ++++++-- fs/f2fs/file.c | 1 + fs/fcntl.c | 5 ++- fs/nfs/dir.c | 2 +- fs/pipe.c | 2 +- fs/xfs/xfs_inode.c | 1 + include/linux/genalloc.h | 3 +- include/net/tcp.h | 2 +- kernel/audit.c | 39 ++++++++++++---------- kernel/bpf/percpu_freelist.c | 8 +++-- kernel/jump_label.c | 2 +- kernel/sysctl.c | 2 +- lib/dynamic_debug.c | 4 +++ lib/genalloc.c | 10 +++--- mm/slub.c | 4 +++ mm/zsmalloc.c | 2 +- net/ipv4/route.c | 14 +++++--- net/ipv4/tcp_input.c | 2 +- net/ipv4/tcp_output.c | 8 +++-- net/ipv6/addrconf.c | 2 +- net/ipv6/ip6_gre.c | 2 +- net/ipv6/route.c | 2 +- net/sctp/socket.c | 38 +++++++++++++-------- net/smc/smc_core.c | 2 +- net/sunrpc/sched.c | 3 +- net/tls/tls_sw.c | 2 +- net/xfrm/xfrm_policy.c | 1 + scripts/coccicheck | 15 +++++---- scripts/package/Makefile | 9 +++-- security/apparmor/policy.c | 3 +- tools/testing/selftests/x86/mpx-hw.h | 4 +-- 65 files changed, 249 insertions(+), 164 deletions(-) -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJaLynNAAoJEN6mb/eXdyzc8JsP/1f2Vq8RSADQ2lNCldP7KolP auxs9CxCRXkQInD8S7jEq+K0ulzc8C80fCKxBNgSP6EmtldHRaK9xtiIx0zXAFti 4jcBdDjau+bBqU987xmOJHfS9NegczPvlpPGs9AdC/Rf5yNfxDJwZUIFUjW8QYpQ L4nqKcuUcH4oe0GPD08J8dwtOVJzLcptdx9CkHXXxl4i9xJDLE+XukIetNfubDeJ HyJZbzwG8PrfEDuPtBFDD7Q0k/Q6//Jdu7A3cyhAxkBawmDlpBSxVXfcG6heolSY nplbdNz7ybRq0i0bd8D8DAEE83er+3EQHkwus5uKiH4OXt6/ikmEGkkleDuyTTjR FWTeRW7OxQmJU1rcz7U0BsvXa8MyVYOwvG9dl4/otbxmMnXIWT+OL3lYtpXWBfYP kmcq+vEbRFkOb7V+at7dF0QZDjVlbvB+jmUs3ZtXblWPWY/pn42Y8+b0G36SvoSA cGBFV/weijxYBFdxreLV47sGpaeWWEi3dqFbgetwB91PEAQ9/XGp3VK5dyWF8+Ex zjaYJQ8x22/yaVZqg7pAqX7DgK7jUwaLoVIfjwi8Rm8UXlYEMA9/OnHWqiiucUxC 4qtRSCRHQbUvCNzGKULdz8N5y0R4h0hPePB5TlvUF2QTFFkebhIefEQZmEEYHXob sYHTPh7WrZlUQleo8Qrk =TBw0 -----END PGP SIGNATURE-----

7 years, 1 month

2
1
0 0

[Linux-stable-mirror] [christophe.leroy@c-s.fr: [PATCH 01/18] crypto: talitos - fix AEAD test failures]

by Herbert Xu

commit ec8c7d14acc0a477429d3a6fade5dab72c996c82 For kernels 4.9+. -- Email: Herbert Xu <herbert(a)gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

7 years, 1 month

2
2
0 0

[Linux-stable-mirror] [PATCH 1/6] blk-mq: quiesce queue before freeing queue

by Ming Lei

After queue is frozen, dispatch still may happen, for example: 1) requests are submitted from several contexts 2) requests from all these contexts are inserted to queue, but may dispatch to LLD in one of these paths, but other paths sill need to move on even all these requests are completed(that means blk_mq_freeze_queue_wait() returns at that time) 3) dispatch after queue freezing still moves on and causes use-after-free, because request queue is freed This patch quiesces queue after it is frozen, and makes sure all in-progress dispatch are completed. This patch fixes the following kernel crash when running heavy IOs vs. deleting device: [ 36.719251] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 [ 36.720318] IP: kyber_has_work+0x14/0x40 [ 36.720847] PGD 254bf5067 P4D 254bf5067 PUD 255e6a067 PMD 0 [ 36.721584] Oops: 0000 [#1] PREEMPT SMP [ 36.722105] Dumping ftrace buffer: [ 36.722570] (ftrace buffer empty) [ 36.723057] Modules linked in: scsi_debug ebtable_filter ebtables ip6table_filter ip6_tables tcm_loop iscsi_target_mod target_core_file target_core_iblock target_core_pscsi target_core_mod xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c bridge stp llc fuse iptable_filter ip_tables sd_mod sg btrfs xor zstd_decompress zstd_compress xxhash raid6_pq mptsas mptscsih bcache crc32c_intel ahci mptbase libahci serio_raw scsi_transport_sas nvme libata shpchp lpc_ich virtio_scsi nvme_core binfmt_misc dm_mod iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi null_blk configs [ 36.733438] CPU: 2 PID: 2374 Comm: fio Not tainted 4.15.0-rc2.blk_mq_quiesce+ #714 [ 36.735143] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.9.3-1.fc25 04/01/2014 [ 36.736688] RIP: 0010:kyber_has_work+0x14/0x40 [ 36.737515] RSP: 0018:ffffc9000209bca0 EFLAGS: 00010202 [ 36.738431] RAX: 0000000000000008 RBX: ffff88025578bfc8 RCX: ffff880257bf4ed0 [ 36.739581] RDX: 0000000000000038 RSI: ffffffff81a98c6d RDI: ffff88025578bfc8 [ 36.740730] RBP: ffff880253cebfc8 R08: ffffc9000209bda0 R09: ffff8802554f3480 [ 36.741885] R10: ffffc9000209be60 R11: ffff880263f72538 R12: ffff88025573e9e8 [ 36.743036] R13: ffff88025578bfd0 R14: 0000000000000001 R15: 0000000000000000 [ 36.744189] FS: 00007f9b9bee67c0(0000) GS:ffff88027fc80000(0000) knlGS:0000000000000000 [ 36.746617] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 36.748483] CR2: 0000000000000008 CR3: 0000000254bf4001 CR4: 00000000003606e0 [ 36.750164] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 36.751455] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 36.752796] Call Trace: [ 36.753992] blk_mq_do_dispatch_sched+0x7f/0xe0 [ 36.755110] blk_mq_sched_dispatch_requests+0x119/0x190 [ 36.756179] __blk_mq_run_hw_queue+0x83/0x90 [ 36.757144] __blk_mq_delay_run_hw_queue+0xaf/0x110 [ 36.758046] blk_mq_run_hw_queue+0x24/0x70 [ 36.758845] blk_mq_flush_plug_list+0x1e7/0x270 [ 36.759676] blk_flush_plug_list+0xd6/0x240 [ 36.760463] blk_finish_plug+0x27/0x40 [ 36.761195] do_io_submit+0x19b/0x780 [ 36.761921] ? entry_SYSCALL_64_fastpath+0x1a/0x7d [ 36.762788] entry_SYSCALL_64_fastpath+0x1a/0x7d [ 36.763639] RIP: 0033:0x7f9b9699f697 [ 36.764352] RSP: 002b:00007ffc10f991b8 EFLAGS: 00000206 ORIG_RAX: 00000000000000d1 [ 36.765773] RAX: ffffffffffffffda RBX: 00000000008f6f00 RCX: 00007f9b9699f697 [ 36.766965] RDX: 0000000000a5e6c0 RSI: 0000000000000001 RDI: 00007f9b8462a000 [ 36.768377] RBP: 0000000000000000 R08: 0000000000000001 R09: 00000000008f6420 [ 36.769649] R10: 00007f9b846e5000 R11: 0000000000000206 R12: 00007f9b795d6a70 [ 36.770807] R13: 00007f9b795e4140 R14: 00007f9b795e3fe0 R15: 0000000100000000 [ 36.771955] Code: 83 c7 10 e9 3f 68 d1 ff 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 97 b0 00 00 00 48 8d 42 08 48 83 c2 38 <48> 3b 00 74 06 b8 01 00 00 00 c3 48 3b 40 08 75 f4 48 83 c0 10 [ 36.775004] RIP: kyber_has_work+0x14/0x40 RSP: ffffc9000209bca0 [ 36.776012] CR2: 0000000000000008 [ 36.776690] ---[ end trace 4045cbce364ff2a4 ]--- [ 36.777527] Kernel panic - not syncing: Fatal exception [ 36.778526] Dumping ftrace buffer: [ 36.779313] (ftrace buffer empty) [ 36.780081] Kernel Offset: disabled [ 36.780877] ---[ end Kernel panic - not syncing: Fatal exception Cc: stable(a)vger.kernel.org Signed-off-by: Ming Lei <ming.lei(a)redhat.com> --- block/blk-core.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/block/blk-core.c b/block/blk-core.c index b8881750a3ac..071a0fb29597 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -694,6 +694,15 @@ void blk_cleanup_queue(struct request_queue *q) queue_flag_set(QUEUE_FLAG_DEAD, q); spin_unlock_irq(lock); + /* + * make sure all in-progress dispatch are completed because + * blk_freeze_queue() can only complete all requests, and + * dispatch may still be in-progress since we dispatch requests + * from more than one contexts + */ + if (q->mq_ops) + blk_mq_quiesce_queue(q); + /* for synchronous bio-based driver finish in-flight integrity i/o */ blk_flush_integrity(); -- 2.9.5

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "zsmalloc: calling zs_map_object() from irq is a bug" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled zsmalloc: calling zs_map_object() from irq is a bug to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: zsmalloc-calling-zs_map_object-from-irq-is-a-bug.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 10:32:42 CET 2017 From: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Date: Wed, 15 Nov 2017 17:34:03 -0800 Subject: zsmalloc: calling zs_map_object() from irq is a bug From: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> [ Upstream commit 1aedcafbf32b3f232c159b14cd0d423fcfe2b861 ] Use BUG_ON(in_interrupt()) in zs_map_object(). This is not a new BUG_ON(), it's always been there, but was recently changed to VM_BUG_ON(). There are several problems there. First, we use use per-CPU mappings both in zsmalloc and in zram, and interrupt may easily corrupt those buffers. Second, and more importantly, we believe it's possible to start leaking sensitive information. Consider the following case: -> process P swap out zram per-cpu mapping CPU1 compress page A -> IRQ swap out zram per-cpu mapping CPU1 compress page B write page from per-cpu mapping CPU1 to zsmalloc pool iret -> process P write page from per-cpu mapping CPU1 to zsmalloc pool [*] return * so we store overwritten data that actually belongs to another page (task) and potentially contains sensitive data. And when process P will page fault it's going to read (swap in) that other task's data. Link: http://lkml.kernel.org/r/20170929045140.4055-1-sergey.senozhatsky@gmail.com Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Acked-by: Minchan Kim <minchan(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- mm/zsmalloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/zsmalloc.c +++ b/mm/zsmalloc.c @@ -1349,7 +1349,7 @@ void *zs_map_object(struct zs_pool *pool * pools/users, we can't allow mapping in interrupt context * because it can corrupt another users mappings. */ - WARN_ON_ONCE(in_interrupt()); + BUG_ON(in_interrupt()); /* From now on, migration cannot move the object */ pin_tag(handle); Patches currently in stable-queue which might be from sergey.senozhatsky.work(a)gmail.com are queue-4.14/zsmalloc-calling-zs_map_object-from-irq-is-a-bug.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "xfs: fix forgotten rcu read unlock when skipping inode reclaim" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xfs: fix forgotten rcu read unlock when skipping inode reclaim to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xfs-fix-forgotten-rcu-read-unlock-when-skipping-inode-reclaim.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 10:32:42 CET 2017 From: "Darrick J. Wong" <darrick.wong(a)oracle.com> Date: Tue, 14 Nov 2017 16:34:44 -0800 Subject: xfs: fix forgotten rcu read unlock when skipping inode reclaim From: "Darrick J. Wong" <darrick.wong(a)oracle.com> [ Upstream commit 962cc1ad6caddb5abbb9f0a43e5abe7131a71f18 ] In commit f2e9ad21 ("xfs: check for race with xfs_reclaim_inode"), we skip an inode if we're racing with freeing the inode via xfs_reclaim_inode, but we forgot to release the rcu read lock when dumping the inode, with the result that we exit to userspace with a lock held. Don't do that; generic/320 with a 1k block size fails this very occasionally. ================================================ WARNING: lock held when returning to user space! 4.14.0-rc6-djwong #4 Tainted: G W ------------------------------------------------ rm/30466 is leaving the kernel with locks still held! 1 lock held by rm/30466: #0: (rcu_read_lock){....}, at: [<ffffffffa01364d3>] xfs_ifree_cluster.isra.17+0x2c3/0x6f0 [xfs] ------------[ cut here ]------------ WARNING: CPU: 1 PID: 30466 at kernel/rcu/tree_plugin.h:329 rcu_note_context_switch+0x71/0x700 Modules linked in: deadline_iosched dm_snapshot dm_bufio ext4 mbcache jbd2 dm_flakey xfs libcrc32c dax_pmem device_dax nd_pmem sch_fq_codel af_packet [last unloaded: scsi_debug] CPU: 1 PID: 30466 Comm: rm Tainted: G W 4.14.0-rc6-djwong #4 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.10.2-1ubuntu1djwong0 04/01/2014 task: ffff880037680000 task.stack: ffffc90001064000 RIP: 0010:rcu_note_context_switch+0x71/0x700 RSP: 0000:ffffc90001067e50 EFLAGS: 00010002 RAX: 0000000000000001 RBX: ffff880037680000 RCX: ffff88003e73d200 RDX: 0000000000000002 RSI: ffffffff819e53e9 RDI: ffffffff819f4375 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff880062c900d0 R10: 0000000000000000 R11: 0000000000000000 R12: ffff880037680000 R13: 0000000000000000 R14: ffffc90001067eb8 R15: ffff880037680690 FS: 00007fa3b8ce8700(0000) GS:ffff88003ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f69bf77c000 CR3: 000000002450a000 CR4: 00000000000006e0 Call Trace: __schedule+0xb8/0xb10 schedule+0x40/0x90 exit_to_usermode_loop+0x6b/0xa0 prepare_exit_to_usermode+0x7a/0x90 retint_user+0x8/0x20 RIP: 0033:0x7fa3b87fda87 RSP: 002b:00007ffe41206568 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff02 RAX: 0000000000000000 RBX: 00000000010e88c0 RCX: 00007fa3b87fda87 RDX: 0000000000000000 RSI: 00000000010e89c8 RDI: 0000000000000005 RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000000 R10: 000000000000015e R11: 0000000000000246 R12: 00000000010c8060 R13: 00007ffe41206690 R14: 0000000000000000 R15: 0000000000000000 ---[ end trace e88f83bf0cfbd07d ]--- Fixes: f2e9ad212def50bcf4c098c6288779dd97fff0f0 Cc: Omar Sandoval <osandov(a)fb.com> Signed-off-by: Darrick J. Wong <darrick.wong(a)oracle.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Omar Sandoval <osandov(a)fb.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/xfs/xfs_inode.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c @@ -2378,6 +2378,7 @@ retry: */ if (ip->i_ino != inum + i) { xfs_iunlock(ip, XFS_ILOCK_EXCL); + rcu_read_unlock(); continue; } } Patches currently in stable-queue which might be from darrick.wong(a)oracle.com are queue-4.14/xfs-fix-forgotten-rcu-read-unlock-when-skipping-inode-reclaim.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "xfrm: Copy policy family in clone_policy" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xfrm: Copy policy family in clone_policy to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xfrm-copy-policy-family-in-clone_policy.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 10:32:42 CET 2017 From: Herbert Xu <herbert(a)gondor.apana.org.au> Date: Fri, 10 Nov 2017 14:14:06 +1100 Subject: xfrm: Copy policy family in clone_policy From: Herbert Xu <herbert(a)gondor.apana.org.au> [ Upstream commit 0e74aa1d79a5bbc663e03a2804399cae418a0321 ] The syzbot found an ancient bug in the IPsec code. When we cloned a socket policy (for example, for a child TCP socket derived from a listening socket), we did not copy the family field. This results in a live policy with a zero family field. This triggers a BUG_ON check in the af_key code when the cloned policy is retrieved. This patch fixes it by copying the family field over. Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/xfrm/xfrm_policy.c | 1 + 1 file changed, 1 insertion(+) --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -1306,6 +1306,7 @@ static struct xfrm_policy *clone_policy( newp->xfrm_nr = old->xfrm_nr; newp->index = old->index; newp->type = old->type; + newp->family = old->family; memcpy(newp->xfrm_vec, old->xfrm_vec, newp->xfrm_nr*sizeof(struct xfrm_tmpl)); spin_lock_bh(&net->xfrm.xfrm_policy_lock); Patches currently in stable-queue which might be from herbert(a)gondor.apana.org.au are queue-4.14/xfrm-copy-policy-family-in-clone_policy.patch queue-4.14/crypto-talitos-fix-aead-for-sha224-on-non-sha224-capable-chips.patch queue-4.14/crypto-talitos-fix-memory-corruption-on-sec2.patch queue-4.14/crypto-talitos-fix-use-of-sg_link_tbl_len.patch queue-4.14/crypto-talitos-fix-setkey-to-check-key-weakness.patch queue-4.14/crypto-talitos-fix-aead-test-failures.patch queue-4.14/crypto-talitos-fix-ctr-aes-talitos.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "x86/intel_rdt: Fix potential deadlock during resctrl unmount" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/intel_rdt: Fix potential deadlock during resctrl unmount to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-intel_rdt-fix-potential-deadlock-during-resctrl-unmount.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 10:32:42 CET 2017 From: Reinette Chatre <reinette.chatre(a)intel.com> Date: Fri, 20 Oct 2017 02:16:58 -0700 Subject: x86/intel_rdt: Fix potential deadlock during resctrl unmount From: Reinette Chatre <reinette.chatre(a)intel.com> [ Upstream commit 36b6f9fcb8928c06b6638a4cf91bc9d69bb49aa2 ] Lockdep warns about a potential deadlock: [ 66.782842] ====================================================== [ 66.782888] WARNING: possible circular locking dependency detected [ 66.782937] 4.14.0-rc2-test-test+ #48 Not tainted [ 66.782983] ------------------------------------------------------ [ 66.783052] umount/336 is trying to acquire lock: [ 66.783117] (cpu_hotplug_lock.rw_sem){++++}, at: [<ffffffff81032395>] rdt_kill_sb+0x215/0x390 [ 66.783193] but task is already holding lock: [ 66.783244] (rdtgroup_mutex){+.+.}, at: [<ffffffff810321b6>] rdt_kill_sb+0x36/0x390 [ 66.783305] which lock already depends on the new lock. [ 66.783364] the existing dependency chain (in reverse order) is: [ 66.783419] -> #3 (rdtgroup_mutex){+.+.}: [ 66.783467] __lock_acquire+0x1293/0x13f0 [ 66.783509] lock_acquire+0xaf/0x220 [ 66.783543] __mutex_lock+0x71/0x9b0 [ 66.783575] mutex_lock_nested+0x1b/0x20 [ 66.783610] intel_rdt_online_cpu+0x3b/0x430 [ 66.783649] cpuhp_invoke_callback+0xab/0x8e0 [ 66.783687] cpuhp_thread_fun+0x7a/0x150 [ 66.783722] smpboot_thread_fn+0x1cc/0x270 [ 66.783764] kthread+0x16e/0x190 [ 66.783794] ret_from_fork+0x27/0x40 [ 66.783825] -> #2 (cpuhp_state){+.+.}: [ 66.783870] __lock_acquire+0x1293/0x13f0 [ 66.783906] lock_acquire+0xaf/0x220 [ 66.783938] cpuhp_issue_call+0x102/0x170 [ 66.783974] __cpuhp_setup_state_cpuslocked+0x154/0x2a0 [ 66.784023] __cpuhp_setup_state+0xc7/0x170 [ 66.784061] page_writeback_init+0x43/0x67 [ 66.784097] pagecache_init+0x43/0x4a [ 66.784131] start_kernel+0x3ad/0x3f7 [ 66.784165] x86_64_start_reservations+0x2a/0x2c [ 66.784204] x86_64_start_kernel+0x72/0x75 [ 66.784241] verify_cpu+0x0/0xfb [ 66.784270] -> #1 (cpuhp_state_mutex){+.+.}: [ 66.784319] __lock_acquire+0x1293/0x13f0 [ 66.784355] lock_acquire+0xaf/0x220 [ 66.784387] __mutex_lock+0x71/0x9b0 [ 66.784419] mutex_lock_nested+0x1b/0x20 [ 66.784454] __cpuhp_setup_state_cpuslocked+0x52/0x2a0 [ 66.784497] __cpuhp_setup_state+0xc7/0x170 [ 66.784535] page_alloc_init+0x28/0x30 [ 66.784569] start_kernel+0x148/0x3f7 [ 66.784602] x86_64_start_reservations+0x2a/0x2c [ 66.784642] x86_64_start_kernel+0x72/0x75 [ 66.784678] verify_cpu+0x0/0xfb [ 66.784707] -> #0 (cpu_hotplug_lock.rw_sem){++++}: [ 66.784759] check_prev_add+0x32f/0x6e0 [ 66.784794] __lock_acquire+0x1293/0x13f0 [ 66.784830] lock_acquire+0xaf/0x220 [ 66.784863] cpus_read_lock+0x3d/0xb0 [ 66.784896] rdt_kill_sb+0x215/0x390 [ 66.784930] deactivate_locked_super+0x3e/0x70 [ 66.784968] deactivate_super+0x40/0x60 [ 66.785003] cleanup_mnt+0x3f/0x80 [ 66.785034] __cleanup_mnt+0x12/0x20 [ 66.785070] task_work_run+0x8b/0xc0 [ 66.785103] exit_to_usermode_loop+0x94/0xa0 [ 66.786804] syscall_return_slowpath+0xe8/0x150 [ 66.788502] entry_SYSCALL_64_fastpath+0xab/0xad [ 66.790194] other info that might help us debug this: [ 66.795139] Chain exists of: cpu_hotplug_lock.rw_sem --> cpuhp_state --> rdtgroup_mutex [ 66.800035] Possible unsafe locking scenario: [ 66.803267] CPU0 CPU1 [ 66.804867] ---- ---- [ 66.806443] lock(rdtgroup_mutex); [ 66.808002] lock(cpuhp_state); [ 66.809565] lock(rdtgroup_mutex); [ 66.811110] lock(cpu_hotplug_lock.rw_sem); [ 66.812608] *** DEADLOCK *** [ 66.816983] 2 locks held by umount/336: [ 66.818418] #0: (&type->s_umount_key#35){+.+.}, at: [<ffffffff81229738>] deactivate_super+0x38/0x60 [ 66.819922] #1: (rdtgroup_mutex){+.+.}, at: [<ffffffff810321b6>] rdt_kill_sb+0x36/0x390 When the resctrl filesystem is unmounted the locks should be obtain in the locks in the same order as was done when the cpus came online: cpu_hotplug_lock before rdtgroup_mutex. This also requires to switch the static_branch_disable() calls to the _cpulocked variant because now cpu hotplug lock is held already. [ tglx: Switched to cpus_read_[un]lock ] Signed-off-by: Reinette Chatre <reinette.chatre(a)intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Sai Praneeth Prakhya <sai.praneeth.prakhya(a)intel.com> Acked-by: Vikas Shivappa <vikas.shivappa(a)linux.intel.com> Acked-by: Fenghua Yu <fenghua.yu(a)intel.com> Acked-by: Tony Luck <tony.luck(a)intel.com> Link: https://lkml.kernel.org/r/cc292e76be073f7260604651711c47b09fd0dc81.15084901… Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) --- a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c +++ b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c @@ -1297,9 +1297,7 @@ static void rmdir_all_sub(void) kfree(rdtgrp); } /* Notify online CPUs to update per cpu storage and PQR_ASSOC MSR */ - get_online_cpus(); update_closid_rmid(cpu_online_mask, &rdtgroup_default); - put_online_cpus(); kernfs_remove(kn_info); kernfs_remove(kn_mongrp); @@ -1310,6 +1308,7 @@ static void rdt_kill_sb(struct super_blo { struct rdt_resource *r; + cpus_read_lock(); mutex_lock(&rdtgroup_mutex); /*Put everything back to default values. */ @@ -1317,11 +1316,12 @@ static void rdt_kill_sb(struct super_blo reset_all_ctrls(r); cdp_disable(); rmdir_all_sub(); - static_branch_disable(&rdt_alloc_enable_key); - static_branch_disable(&rdt_mon_enable_key); - static_branch_disable(&rdt_enable_key); + static_branch_disable_cpuslocked(&rdt_alloc_enable_key); + static_branch_disable_cpuslocked(&rdt_mon_enable_key); + static_branch_disable_cpuslocked(&rdt_enable_key); kernfs_kill_sb(sb); mutex_unlock(&rdtgroup_mutex); + cpus_read_unlock(); } static struct file_system_type rdt_fs_type = { Patches currently in stable-queue which might be from reinette.chatre(a)intel.com are queue-4.14/x86-intel_rdt-fix-potential-deadlock-during-resctrl-unmount.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "x86/mpx/selftests: Fix up weird arrays" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/mpx/selftests: Fix up weird arrays to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-mpx-selftests-fix-up-weird-arrays.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 10:32:42 CET 2017 From: Dave Hansen <dave.hansen(a)linux.intel.com> Date: Fri, 10 Nov 2017 16:12:29 -0800 Subject: x86/mpx/selftests: Fix up weird arrays From: Dave Hansen <dave.hansen(a)linux.intel.com> [ Upstream commit a6400120d042397675fcf694060779d21e9e762d ] The MPX hardware data structurse are defined in a weird way: they define their size in bytes and then union that with the type with which we want to access them. Yes, this is weird, but it does work. But, new GCC's complain that we are accessing the array out of bounds. Just make it a zero-sized array so gcc will stop complaining. There was not really a bug here. Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Denys Vlasenko <dvlasenk(a)redhat.com> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Link: http://lkml.kernel.org/r/20171111001229.58A7933D@viggo.jf.intel.com Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- tools/testing/selftests/x86/mpx-hw.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/tools/testing/selftests/x86/mpx-hw.h +++ b/tools/testing/selftests/x86/mpx-hw.h @@ -52,14 +52,14 @@ struct mpx_bd_entry { union { char x[MPX_BOUNDS_DIR_ENTRY_SIZE_BYTES]; - void *contents[1]; + void *contents[0]; }; } __attribute__((packed)); struct mpx_bt_entry { union { char x[MPX_BOUNDS_TABLE_ENTRY_SIZE_BYTES]; - unsigned long contents[1]; + unsigned long contents[0]; }; } __attribute__((packed)); Patches currently in stable-queue which might be from dave.hansen(a)linux.intel.com are queue-4.14/x86-mpx-selftests-fix-up-weird-arrays.patch queue-4.14/x86-pci-make-broadcom_postcore_init-check-acpi_disabled.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "tls: Use kzalloc for aead_request allocation" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tls: Use kzalloc for aead_request allocation to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: tls-use-kzalloc-for-aead_request-allocation.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 10:32:42 CET 2017 From: Ilya Lesokhin <ilyal(a)mellanox.com> Date: Mon, 13 Nov 2017 10:22:44 +0200 Subject: tls: Use kzalloc for aead_request allocation From: Ilya Lesokhin <ilyal(a)mellanox.com> [ Upstream commit 61ef6da622aa7b66bf92991bd272490eea6c712e ] Use kzalloc for aead_request allocation as we don't set all the bits in the request. Fixes: 3c4d7559159b ('tls: kernel TLS support') Signed-off-by: Ilya Lesokhin <ilyal(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/tls/tls_sw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -219,7 +219,7 @@ static int tls_do_encryption(struct tls_ struct aead_request *aead_req; int rc; - aead_req = kmalloc(req_size, flags); + aead_req = kzalloc(req_size, flags); if (!aead_req) return -ENOMEM; Patches currently in stable-queue which might be from ilyal(a)mellanox.com are queue-4.14/tls-use-kzalloc-for-aead_request-allocation.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "sunrpc: Fix rpc_task_begin trace point" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sunrpc: Fix rpc_task_begin trace point to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sunrpc-fix-rpc_task_begin-trace-point.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Dec 12 10:32:42 CET 2017 From: Chuck Lever <chuck.lever(a)oracle.com> Date: Fri, 3 Nov 2017 13:46:06 -0400 Subject: sunrpc: Fix rpc_task_begin trace point From: Chuck Lever <chuck.lever(a)oracle.com> [ Upstream commit b2bfe5915d5fe7577221031a39ac722a0a2a1199 ] The rpc_task_begin trace point always display a task ID of zero. Move the trace point call site so that it picks up the new task ID. Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> Signed-off-by: Anna Schumaker <Anna.Schumaker(a)Netapp.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sunrpc/sched.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/net/sunrpc/sched.c +++ b/net/sunrpc/sched.c @@ -274,10 +274,9 @@ static inline void rpc_task_set_debuginf static void rpc_set_active(struct rpc_task *task) { - trace_rpc_task_begin(task->tk_client, task, NULL); - rpc_task_set_debuginfo(task); set_bit(RPC_TASK_ACTIVE, &task->tk_runstate); + trace_rpc_task_begin(task->tk_client, task, NULL); } /* Patches currently in stable-queue which might be from chuck.lever(a)oracle.com are queue-4.14/sunrpc-fix-rpc_task_begin-trace-point.patch

7 years, 1 month

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror December 2017