This is the start of the stable review cycle for the 4.9.79 release.
There are 66 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed Jan 31 12:38:12 UTC 2018.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.79-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.9.79-rc1
Daniel Borkmann <daniel(a)iogearbox.net>
bpf: reject stores into ctx via st and xadd
Alexei Starovoitov <ast(a)kernel.org>
bpf: fix 32-bit divide by zero
Eric Dumazet <edumazet(a)google.com>
bpf: fix divides by zero
Daniel Borkmann <daniel(a)iogearbox.net>
bpf: avoid false sharing of map refcount with max_entries
Daniel Borkmann <daniel(a)iogearbox.net>
bpf: arsh is not supported in 32 bit alu thus reject it
Alexei Starovoitov <ast(a)kernel.org>
bpf: introduce BPF_JIT_ALWAYS_ON config
Alexei Starovoitov <ast(a)fb.com>
bpf: fix bpf_tail_call() x64 JIT
Eric Dumazet <edumazet(a)google.com>
x86: bpf_jit: small optimization in emit_bpf_tail_call()
Thomas Gleixner <tglx(a)linutronix.de>
hrtimer: Reset hrtimer cpu base proper on CPU hotplug
Jia Zhang <zhang.jia(a)linux.alibaba.com>
x86/microcode/intel: Extend BDW late-loading further with LLC size check
Xiao Liang <xiliang(a)redhat.com>
perf/x86/amd/power: Do not load AMD power module on !AMD platforms
Eric Dumazet <edumazet(a)google.com>
flow_dissector: properly cap thoff field
Cong Wang <xiyou.wangcong(a)gmail.com>
tun: fix a memory leak for tfile->tx_array
Yuval Mintz <yuvalm(a)mellanox.com>
mlxsw: spectrum_router: Don't log an error on missing neighbor
Willem de Bruijn <willemb(a)google.com>
gso: validate gso_type in GSO handlers
Alexey Kodanev <alexey.kodanev(a)oracle.com>
ip6_gre: init dev->mtu and dev->hard_header_len correctly
Ivan Vecera <cera(a)cera.cz>
be2net: restore properly promisc mode after queues reconfiguration
Guillaume Nault <g.nault(a)alphalink.fr>
ppp: unlock all_ppp_mutex before registering device
Jim Westfall <jwestfall(a)surrealistic.net>
ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY
Jim Westfall <jwestfall(a)surrealistic.net>
net: Allow neigh contructor functions ability to modify the primary_key
Neil Horman <nhorman(a)tuxdriver.com>
vmxnet3: repair memory leak
Cong Wang <xiyou.wangcong(a)gmail.com>
tipc: fix a memory leak in tipc_nl_node_get_link()
Xin Long <lucien.xin(a)gmail.com>
sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
Xin Long <lucien.xin(a)gmail.com>
sctp: do not allow the v4 socket to bind a v4mapped v6 address
Francois Romieu <romieu(a)fr.zoreil.com>
r8169: fix memory corruption on retrieval of hardware statistics.
Guillaume Nault <g.nault(a)alphalink.fr>
pppoe: take ->needed_headroom of lower device into account on xmit
Dan Streetman <ddstreet(a)ieee.org>
net: tcp: close sock if net namespace is exiting
Eric Dumazet <edumazet(a)google.com>
net: qdisc_pkt_len_init() should be more robust
Felix Fietkau <nbd(a)nbd.name>
net: igmp: fix source address check for IGMPv3 reports
Yuiko Oshino <yuiko.oshino(a)microchip.com>
lan78xx: Fix failure in USB Full Speed
Eric Dumazet <edumazet(a)google.com>
ipv6: ip6_make_skb() needs to clear cork.base.dst
Mike Maloney <maloney(a)google.com>
ipv6: fix udpv6 sendmsg crash caused by too small MTU
Ben Hutchings <ben.hutchings(a)codethink.co.uk>
ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL
Alexey Kodanev <alexey.kodanev(a)oracle.com>
dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state
Greg KH <gregkh(a)linuxfoundation.org>
eventpoll.h: add missing epoll event masks
Ben Hutchings <ben.hutchings(a)codethink.co.uk>
vsyscall: Fix permissions for emulate mode with KAISER/PTI
Thomas Meyer <thomas(a)m3y3r.de>
um: link vmlinux with -no-pie
Martin Brandenburg <martin(a)omnibond.com>
orangefs: fix deadlock; do not write i_size in read_iter
Aaron Ma <aaron.ma(a)canonical.com>
Input: trackpoint - force 3 buttons if 0 button is reported
Johannes Weiner <hannes(a)cmpxchg.org>
mm: fix 100% CPU kswapd busyloop on unreclaimable nodes
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Revert "module: Add retpoline tag to VERMAGIC"
Johannes Thumshirn <jthumshirn(a)suse.de>
scsi: libiscsi: fix shifting of DID_REQUEUE host byte
Jiri Slaby <jslaby(a)suse.cz>
fs/fcntl: f_setown, avoid undefined behaviour
Jeff Mahoney <jeffm(a)suse.com>
reiserfs: don't preallocate blocks for extended attributes
Jeff Mahoney <jeffm(a)suse.com>
reiserfs: fix race in prealloc discard
Kevin Cernekee <cernekee(a)chromium.org>
netfilter: xt_osf: Add missing permission checks
Kevin Cernekee <cernekee(a)chromium.org>
netfilter: nfnetlink_cthelper: Add missing permission checks
Seunghun Han <kkamagui(a)gmail.com>
ACPICA: Namespace: fix operand cache leak
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
Jiri Slaby <jslaby(a)suse.cz>
ipc: msg, make msgrcv work with LONG_MIN
Vlastimil Babka <vbabka(a)suse.cz>
mm, page_alloc: fix potential false positive in __zone_watermark_ok
Doug Berger <opendmb(a)gmail.com>
cma: fix calculation of aligned offset
Michal Hocko <mhocko(a)suse.com>
hwpoison, memcg: forcibly uncharge LRU pages
Michal Hocko <mhocko(a)suse.com>
mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
Sudeep Holla <sudeep.holla(a)arm.com>
drivers: base: cacheinfo: fix boot error message when acpi is enabled
Sudeep Holla <sudeep.holla(a)arm.com>
drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
Janakarajan Natarajan <Janakarajan.Natarajan(a)amd.com>
Prevent timer value 0 for MWAITX
Punit Agrawal <punit.agrawal(a)arm.com>
KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2
Marc Kleine-Budde <mkl(a)pengutronix.de>
can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
Marc Kleine-Budde <mkl(a)pengutronix.de>
can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
Jonathan Dieter <jdieter(a)lesbg.com>
usbip: Fix potential format overflow in userspace tools
Jonathan Dieter <jdieter(a)lesbg.com>
usbip: Fix implicit fallthrough warning
Shuah Khan <shuah(a)kernel.org>
usbip: prevent vhci_hcd driver from leaking a socket pointer address
Martin Brandenburg <martin(a)omnibond.com>
orangefs: initialize op on loop restart in orangefs_devreq_read
Martin Brandenburg <martin(a)omnibond.com>
orangefs: use list_for_each_entry_safe in purge_waiting_ops
Andy Lutomirski <luto(a)kernel.org>
x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
-------------
Diffstat:
Makefile | 4 +-
arch/arm/kvm/mmu.c | 2 +-
arch/um/Makefile | 2 +-
arch/x86/entry/vsyscall/vsyscall_64.c | 7 ++--
arch/x86/events/amd/power.c | 2 +-
arch/x86/include/asm/processor.h | 2 +-
arch/x86/include/asm/vsyscall.h | 1 +
arch/x86/kernel/cpu/intel_cacheinfo.c | 2 +
arch/x86/kernel/cpu/microcode/intel.c | 20 ++++++++-
arch/x86/lib/delay.c | 7 ++++
arch/x86/mm/kaiser.c | 2 +-
arch/x86/net/bpf_jit_comp.c | 13 +++---
drivers/acpi/acpica/nsutils.c | 23 +++++------
drivers/acpi/glue.c | 12 +++---
drivers/base/cacheinfo.c | 15 +++++--
drivers/input/mouse/trackpoint.c | 3 ++
drivers/net/ethernet/emulex/benet/be_main.c | 9 +++++
.../net/ethernet/mellanox/mlxsw/spectrum_router.c | 5 +--
drivers/net/ethernet/realtek/r8169.c | 9 +----
drivers/net/ppp/ppp_generic.c | 5 ++-
drivers/net/ppp/pppoe.c | 11 ++---
drivers/net/tun.c | 15 ++++++-
drivers/net/usb/lan78xx.c | 1 +
drivers/net/vmxnet3/vmxnet3_drv.c | 2 +-
drivers/scsi/libiscsi.c | 2 +-
drivers/usb/usbip/usbip_common.h | 1 +
drivers/usb/usbip/vhci_sysfs.c | 25 +++++++-----
fs/fcntl.c | 4 ++
fs/orangefs/devorangefs-req.c | 3 +-
fs/orangefs/file.c | 7 +---
fs/orangefs/orangefs-kernel.h | 11 -----
fs/orangefs/waitqueue.c | 4 +-
fs/reiserfs/bitmap.c | 14 +++++--
include/linux/bpf.h | 16 ++++++--
include/linux/cacheinfo.h | 1 +
include/linux/mmzone.h | 2 +
include/linux/vermagic.h | 8 +---
include/net/arp.h | 3 ++
include/net/ipv6.h | 1 +
include/net/net_namespace.h | 10 +++++
include/uapi/linux/eventpoll.h | 13 ++++++
init/Kconfig | 7 ++++
ipc/msg.c | 5 ++-
kernel/bpf/core.c | 24 +++++++++--
kernel/bpf/verifier.c | 42 +++++++++++++++++++
kernel/time/hrtimer.c | 3 ++
lib/test_bpf.c | 11 +++--
mm/cma.c | 15 +++----
mm/internal.h | 6 +++
mm/memcontrol.c | 2 +-
mm/memory-failure.c | 7 ++++
mm/mmap.c | 6 ++-
mm/page_alloc.c | 15 +++----
mm/vmscan.c | 47 +++++++++++++++-------
mm/vmstat.c | 2 +-
net/can/af_can.c | 22 +++++-----
net/core/dev.c | 19 +++++++--
net/core/filter.c | 10 +++--
net/core/flow_dissector.c | 3 +-
net/core/neighbour.c | 4 +-
net/core/sysctl_net_core.c | 6 +++
net/dccp/ccids/ccid2.c | 3 ++
net/ipv4/arp.c | 7 +++-
net/ipv4/igmp.c | 2 +-
net/ipv4/tcp.c | 3 ++
net/ipv4/tcp_offload.c | 3 ++
net/ipv4/tcp_timer.c | 15 +++++++
net/ipv4/udp_offload.c | 3 ++
net/ipv6/ip6_gre.c | 14 +++----
net/ipv6/ip6_output.c | 9 +++--
net/ipv6/ipv6_sockglue.c | 2 +-
net/ipv6/tcpv6_offload.c | 3 ++
net/ipv6/udp_offload.c | 3 ++
net/netfilter/nfnetlink_cthelper.c | 10 +++++
net/netfilter/xt_osf.c | 7 ++++
net/sctp/offload.c | 3 ++
net/sctp/socket.c | 30 ++++++--------
net/socket.c | 9 +++++
net/tipc/node.c | 26 ++++++------
tools/usb/usbip/libsrc/usbip_common.c | 9 ++++-
tools/usb/usbip/libsrc/usbip_host_common.c | 28 ++++++++++---
tools/usb/usbip/libsrc/vhci_driver.c | 8 ++--
tools/usb/usbip/src/usbip.c | 2 +
83 files changed, 523 insertions(+), 231 deletions(-)
This is a note to let you know that I've just added the patch titled
xfs: quota: fix missed destroy of qi_tree_lock
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
xfs-quota-fix-missed-destroy-of-qi_tree_lock.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From foo@baz Wed Feb 28 16:23:28 CET 2018
From: Aliaksei Karaliou <akaraliou.dev(a)gmail.com>
Date: Thu, 21 Dec 2017 13:18:26 -0800
Subject: xfs: quota: fix missed destroy of qi_tree_lock
From: Aliaksei Karaliou <akaraliou.dev(a)gmail.com>
[ Upstream commit 2196881566225f3c3428d1a5f847a992944daa5b ]
xfs_qm_destroy_quotainfo() does not destroy quotainfo->qi_tree_lock
while destroys quotainfo->qi_quotaofflock.
Signed-off-by: Aliaksei Karaliou <akaraliou.dev(a)gmail.com>
Reviewed-by: Darrick J. Wong <darrick.wong(a)oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong(a)oracle.com>
Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
fs/xfs/xfs_qm.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/xfs/xfs_qm.c
+++ b/fs/xfs/xfs_qm.c
@@ -736,6 +736,7 @@ xfs_qm_destroy_quotainfo(
IRELE(qi->qi_pquotaip);
qi->qi_pquotaip = NULL;
}
+ mutex_destroy(&qi->qi_tree_lock);
mutex_destroy(&qi->qi_quotaofflock);
kmem_free(qi);
mp->m_quotainfo = NULL;
Patches currently in stable-queue which might be from akaraliou.dev(a)gmail.com are
queue-4.14/xfs-quota-fix-missed-destroy-of-qi_tree_lock.patch
queue-4.14/xfs-quota-check-result-of-register_shrinker.patch
This is a note to let you know that I've just added the patch titled
xfs: quota: check result of register_shrinker()
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
xfs-quota-check-result-of-register_shrinker.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From foo@baz Wed Feb 28 16:23:28 CET 2018
From: Aliaksei Karaliou <akaraliou.dev(a)gmail.com>
Date: Thu, 21 Dec 2017 13:18:26 -0800
Subject: xfs: quota: check result of register_shrinker()
From: Aliaksei Karaliou <akaraliou.dev(a)gmail.com>
[ Upstream commit 3a3882ff26fbdbaf5f7e13f6a0bccfbf7121041d ]
xfs_qm_init_quotainfo() does not check result of register_shrinker()
which was tagged as __must_check recently, reported by sparse.
Signed-off-by: Aliaksei Karaliou <akaraliou.dev(a)gmail.com>
[darrick: move xfs_qm_destroy_quotainos nearer xfs_qm_init_quotainos]
Reviewed-by: Darrick J. Wong <darrick.wong(a)oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong(a)oracle.com>
Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
fs/xfs/xfs_qm.c | 45 +++++++++++++++++++++++++++++----------------
1 file changed, 29 insertions(+), 16 deletions(-)
--- a/fs/xfs/xfs_qm.c
+++ b/fs/xfs/xfs_qm.c
@@ -48,7 +48,7 @@
STATIC int xfs_qm_init_quotainos(xfs_mount_t *);
STATIC int xfs_qm_init_quotainfo(xfs_mount_t *);
-
+STATIC void xfs_qm_destroy_quotainos(xfs_quotainfo_t *qi);
STATIC void xfs_qm_dqfree_one(struct xfs_dquot *dqp);
/*
* We use the batch lookup interface to iterate over the dquots as it
@@ -695,9 +695,17 @@ xfs_qm_init_quotainfo(
qinf->qi_shrinker.scan_objects = xfs_qm_shrink_scan;
qinf->qi_shrinker.seeks = DEFAULT_SEEKS;
qinf->qi_shrinker.flags = SHRINKER_NUMA_AWARE;
- register_shrinker(&qinf->qi_shrinker);
+
+ error = register_shrinker(&qinf->qi_shrinker);
+ if (error)
+ goto out_free_inos;
+
return 0;
+out_free_inos:
+ mutex_destroy(&qinf->qi_quotaofflock);
+ mutex_destroy(&qinf->qi_tree_lock);
+ xfs_qm_destroy_quotainos(qinf);
out_free_lru:
list_lru_destroy(&qinf->qi_lru);
out_free_qinf:
@@ -706,7 +714,6 @@ out_free_qinf:
return error;
}
-
/*
* Gets called when unmounting a filesystem or when all quotas get
* turned off.
@@ -723,19 +730,7 @@ xfs_qm_destroy_quotainfo(
unregister_shrinker(&qi->qi_shrinker);
list_lru_destroy(&qi->qi_lru);
-
- if (qi->qi_uquotaip) {
- IRELE(qi->qi_uquotaip);
- qi->qi_uquotaip = NULL; /* paranoia */
- }
- if (qi->qi_gquotaip) {
- IRELE(qi->qi_gquotaip);
- qi->qi_gquotaip = NULL;
- }
- if (qi->qi_pquotaip) {
- IRELE(qi->qi_pquotaip);
- qi->qi_pquotaip = NULL;
- }
+ xfs_qm_destroy_quotainos(qi);
mutex_destroy(&qi->qi_tree_lock);
mutex_destroy(&qi->qi_quotaofflock);
kmem_free(qi);
@@ -1601,6 +1596,24 @@ error_rele:
}
STATIC void
+xfs_qm_destroy_quotainos(
+ xfs_quotainfo_t *qi)
+{
+ if (qi->qi_uquotaip) {
+ IRELE(qi->qi_uquotaip);
+ qi->qi_uquotaip = NULL; /* paranoia */
+ }
+ if (qi->qi_gquotaip) {
+ IRELE(qi->qi_gquotaip);
+ qi->qi_gquotaip = NULL;
+ }
+ if (qi->qi_pquotaip) {
+ IRELE(qi->qi_pquotaip);
+ qi->qi_pquotaip = NULL;
+ }
+}
+
+STATIC void
xfs_qm_dqfree_one(
struct xfs_dquot *dqp)
{
Patches currently in stable-queue which might be from akaraliou.dev(a)gmail.com are
queue-4.14/xfs-quota-fix-missed-destroy-of-qi_tree_lock.patch
queue-4.14/xfs-quota-check-result-of-register_shrinker.patch
This is a note to let you know that I've just added the patch titled
xen-netfront: enable device after manual module load
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
xen-netfront-enable-device-after-manual-module-load.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From foo@baz Wed Feb 28 16:23:28 CET 2018
From: Eduardo Otubo <otubo(a)redhat.com>
Date: Fri, 5 Jan 2018 09:42:16 +0100
Subject: xen-netfront: enable device after manual module load
From: Eduardo Otubo <otubo(a)redhat.com>
[ Upstream commit b707fda2df4070785d0fa8a278aa13944c5f51f8 ]
When loading the module after unloading it, the network interface would
not be enabled and thus wouldn't have a backend counterpart and unable
to be used by the guest.
The guest would face errors like:
[root@guest ~]# ethtool -i eth0
Cannot get driver information: No such device
[root@guest ~]# ifconfig eth0
eth0: error fetching interface information: Device not found
This patch initializes the state of the netfront device whenever it is
loaded manually, this state would communicate the netback to create its
device and establish the connection between them.
Signed-off-by: Eduardo Otubo <otubo(a)redhat.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/net/xen-netfront.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/net/xen-netfront.c
+++ b/drivers/net/xen-netfront.c
@@ -1326,6 +1326,7 @@ static struct net_device *xennet_create_
netif_carrier_off(netdev);
+ xenbus_switch_state(dev, XenbusStateInitialising);
return netdev;
exit:
Patches currently in stable-queue which might be from otubo(a)redhat.com are
queue-4.14/xen-netfront-enable-device-after-manual-module-load.patch
This is a note to let you know that I've just added the patch titled
xen/gntdev: Fix partial gntdev_mmap() cleanup
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
xen-gntdev-fix-partial-gntdev_mmap-cleanup.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From foo@baz Wed Feb 28 16:23:28 CET 2018
From: Ross Lagerwall <ross.lagerwall(a)citrix.com>
Date: Tue, 9 Jan 2018 12:10:22 +0000
Subject: xen/gntdev: Fix partial gntdev_mmap() cleanup
From: Ross Lagerwall <ross.lagerwall(a)citrix.com>
[ Upstream commit cf2acf66ad43abb39735568f55e1f85f9844e990 ]
When cleaning up after a partially successful gntdev_mmap(), unmap the
successfully mapped grant pages otherwise Xen will kill the domain if
in debug mode (Attempt to implicitly unmap a granted PTE) or Linux will
kill the process and emit "BUG: Bad page map in process" if Xen is in
release mode.
This is only needed when use_ptemod is true because gntdev_put_map()
will unmap grant pages itself when use_ptemod is false.
Signed-off-by: Ross Lagerwall <ross.lagerwall(a)citrix.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com>
Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/xen/gntdev.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -1071,8 +1071,10 @@ unlock_out:
out_unlock_put:
mutex_unlock(&priv->lock);
out_put_map:
- if (use_ptemod)
+ if (use_ptemod) {
map->vma = NULL;
+ unmap_grant_pages(map, 0, map->count);
+ }
gntdev_put_map(priv, map);
return err;
}
Patches currently in stable-queue which might be from ross.lagerwall(a)citrix.com are
queue-4.14/xen-gntdev-fix-off-by-one-error-when-unmapping-with-holes.patch
queue-4.14/xen-gntdev-fix-partial-gntdev_mmap-cleanup.patch
This is a note to let you know that I've just added the patch titled
xen/gntdev: Fix off-by-one error when unmapping with holes
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
xen-gntdev-fix-off-by-one-error-when-unmapping-with-holes.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From foo@baz Wed Feb 28 16:23:28 CET 2018
From: Ross Lagerwall <ross.lagerwall(a)citrix.com>
Date: Tue, 9 Jan 2018 12:10:21 +0000
Subject: xen/gntdev: Fix off-by-one error when unmapping with holes
From: Ross Lagerwall <ross.lagerwall(a)citrix.com>
[ Upstream commit 951a010233625b77cde3430b4b8785a9a22968d1 ]
If the requested range has a hole, the calculation of the number of
pages to unmap is off by one. Fix it.
Signed-off-by: Ross Lagerwall <ross.lagerwall(a)citrix.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com>
Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/xen/gntdev.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -380,10 +380,8 @@ static int unmap_grant_pages(struct gran
}
range = 0;
while (range < pages) {
- if (map->unmap_ops[offset+range].handle == -1) {
- range--;
+ if (map->unmap_ops[offset+range].handle == -1)
break;
- }
range++;
}
err = __unmap_grant_pages(map, offset, range);
Patches currently in stable-queue which might be from ross.lagerwall(a)citrix.com are
queue-4.14/xen-gntdev-fix-off-by-one-error-when-unmapping-with-holes.patch
queue-4.14/xen-gntdev-fix-partial-gntdev_mmap-cleanup.patch