November 2020 - Linux-stable-mirror

by Greg Kroah-Hartman

I'm announcing the release of the 4.14.208 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 7 + Makefile | 2 arch/powerpc/include/asm/book3s/64/kup-radix.h | 22 +++ arch/powerpc/include/asm/exception-64s.h | 13 +- arch/powerpc/include/asm/feature-fixups.h | 19 +++ arch/powerpc/include/asm/futex.h | 4 arch/powerpc/include/asm/kup.h | 40 ++++++ arch/powerpc/include/asm/security_features.h | 7 + arch/powerpc/include/asm/setup.h | 4 arch/powerpc/include/asm/uaccess.h | 148 ++++++++++++++++++------ arch/powerpc/kernel/exceptions-64s.S | 96 ++++++++------- arch/powerpc/kernel/head_8xx.S | 8 - arch/powerpc/kernel/setup_64.c | 122 +++++++++++++++++++ arch/powerpc/kernel/vmlinux.lds.S | 14 ++ arch/powerpc/lib/checksum_wrappers.c | 4 arch/powerpc/lib/feature-fixups.c | 104 ++++++++++++++++ arch/powerpc/lib/string.S | 4 arch/powerpc/lib/string_64.S | 6 arch/powerpc/platforms/powernv/setup.c | 17 ++ arch/powerpc/platforms/pseries/setup.c | 8 + arch/x86/kvm/emulate.c | 8 + drivers/acpi/evged.c | 2 drivers/gpio/gpio-mockup.c | 1 drivers/i2c/busses/i2c-imx.c | 56 ++++++--- drivers/input/keyboard/sunkbd.c | 41 +++++- net/can/proc.c | 6 net/mac80211/sta_info.c | 18 ++ 27 files changed, 663 insertions(+), 118 deletions(-) Andrew Donnellan (1): powerpc: Fix __clear_user() with KUAP enabled Bartosz Golaszewski (1): gpio: mockup: fix resource leak in error path Christophe Leroy (3): powerpc: Add a framework for user access tracking powerpc: Implement user_access_begin and friends powerpc/8xx: Always fault when _PAGE_ACCESSED is not set Daniel Axtens (2): powerpc/64s: Define MASKABLE_RELON_EXCEPTION_PSERIES_OOL powerpc/64s: move some exception handlers out of line David Edmondson (1): KVM: x86: clflushopt should be treated as a no-op by emulation Dmitry Torokhov (1): Input: sunkbd - avoid use-after-free in teardown paths Greg Kroah-Hartman (1): Linux 4.14.208 Johannes Berg (1): mac80211: always wind down STA state Krzysztof Kozlowski (1): i2c: imx: Fix external abort on interrupt in exit paths Lucas Stach (1): i2c: imx: use clk notifier for rate changes Nicholas Piggin (3): powerpc/64s: flush L1D on kernel entry powerpc/uaccess: Evaluate macro arguments once, before user access is allowed powerpc/64s: flush L1D after user accesses Nick Desaulniers (1): ACPI: GED: fix -Wformat Zhang Changzhong (1): can: proc: can_remove_proc(): silence remove_proc_entry warning

4 years, 5 months

1
1
0 0

Linux 4.9.245

by Greg Kroah-Hartman

I'm announcing the release of the 4.9.245 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/kernel-parameters.txt | 7 + Makefile | 2 arch/powerpc/include/asm/book3s/64/kup-radix.h | 22 +++ arch/powerpc/include/asm/exception-64s.h | 13 ++ arch/powerpc/include/asm/feature-fixups.h | 19 +++ arch/powerpc/include/asm/futex.h | 4 arch/powerpc/include/asm/kup.h | 40 ++++++ arch/powerpc/include/asm/security_features.h | 7 + arch/powerpc/include/asm/setup.h | 4 arch/powerpc/include/asm/uaccess.h | 143 +++++++++++++++++++------ arch/powerpc/kernel/exceptions-64s.S | 130 ++++++++++++---------- arch/powerpc/kernel/head_8xx.S | 8 - arch/powerpc/kernel/setup_64.c | 120 ++++++++++++++++++++ arch/powerpc/kernel/vmlinux.lds.S | 14 ++ arch/powerpc/lib/checksum_wrappers.c | 4 arch/powerpc/lib/feature-fixups.c | 104 ++++++++++++++++++ arch/powerpc/lib/string.S | 4 arch/powerpc/lib/string_64.S | 6 - arch/powerpc/platforms/powernv/setup.c | 15 ++ arch/powerpc/platforms/pseries/setup.c | 8 + arch/x86/kvm/emulate.c | 8 + drivers/acpi/evged.c | 2 drivers/i2c/busses/i2c-imx.c | 56 ++++++--- drivers/i2c/muxes/i2c-mux-pca954x.c | 6 - drivers/input/keyboard/sunkbd.c | 41 +++++-- net/mac80211/sta_info.c | 18 +++ 26 files changed, 672 insertions(+), 133 deletions(-) Andrew Donnellan (1): powerpc: Fix __clear_user() with KUAP enabled Christophe Leroy (3): powerpc: Add a framework for user access tracking powerpc: Implement user_access_begin and friends powerpc/8xx: Always fault when _PAGE_ACCESSED is not set Daniel Axtens (2): powerpc/64s: Define MASKABLE_RELON_EXCEPTION_PSERIES_OOL powerpc/64s: move some exception handlers out of line David Edmondson (1): KVM: x86: clflushopt should be treated as a no-op by emulation Dmitry Torokhov (1): Input: sunkbd - avoid use-after-free in teardown paths Greg Kroah-Hartman (1): Linux 4.9.245 Johannes Berg (1): mac80211: always wind down STA state Krzysztof Kozlowski (1): i2c: imx: Fix external abort on interrupt in exit paths Lucas Stach (1): i2c: imx: use clk notifier for rate changes Mike Looijmans (1): i2c: mux: pca954x: Add missing pca9546 definition to chip_desc Nicholas Piggin (3): powerpc/64s: flush L1D on kernel entry powerpc/uaccess: Evaluate macro arguments once, before user access is allowed powerpc/64s: flush L1D after user accesses Nick Desaulniers (1): ACPI: GED: fix -Wformat

4 years, 5 months

1
1
0 0

Linux 4.4.245

by Greg Kroah-Hartman

I'm announcing the release of the 4.4.245 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/kernel-parameters.txt | 7 Makefile | 2 arch/powerpc/include/asm/book3s/64/kup-radix.h | 23 ++ arch/powerpc/include/asm/exception-64s.h | 15 + arch/powerpc/include/asm/feature-fixups.h | 19 ++ arch/powerpc/include/asm/futex.h | 4 arch/powerpc/include/asm/kup.h | 40 ++++ arch/powerpc/include/asm/security_features.h | 7 arch/powerpc/include/asm/setup.h | 4 arch/powerpc/include/asm/uaccess.h | 142 +++++++++++++--- arch/powerpc/kernel/exceptions-64s.S | 210 +++++++++++++++---------- arch/powerpc/kernel/head_8xx.S | 8 arch/powerpc/kernel/ppc_ksyms.c | 10 + arch/powerpc/kernel/setup_64.c | 138 ++++++++++++++++ arch/powerpc/kernel/vmlinux.lds.S | 14 + arch/powerpc/lib/checksum_wrappers_64.c | 4 arch/powerpc/lib/feature-fixups.c | 104 ++++++++++++ arch/powerpc/lib/string.S | 2 arch/powerpc/lib/string_64.S | 4 arch/powerpc/platforms/powernv/setup.c | 15 + arch/powerpc/platforms/pseries/setup.c | 8 arch/x86/kvm/emulate.c | 8 drivers/i2c/busses/i2c-imx.c | 25 +- drivers/input/keyboard/sunkbd.c | 41 +++- fs/xfs/xfs_icache.c | 58 ++++++ net/mac80211/sta_info.c | 18 ++ 26 files changed, 781 insertions(+), 149 deletions(-) Andrew Donnellan (1): powerpc: Fix __clear_user() with KUAP enabled Christophe Leroy (3): powerpc: Add a framework for user access tracking powerpc: Implement user_access_begin and friends powerpc/8xx: Always fault when _PAGE_ACCESSED is not set Daniel Axtens (2): powerpc/64s: Define MASKABLE_RELON_EXCEPTION_PSERIES_OOL powerpc/64s: move some exception handlers out of line Dave Chinner (2): xfs: catch inode allocation state mismatch corruption xfs: validate cached inodes are free when allocated David Edmondson (1): KVM: x86: clflushopt should be treated as a no-op by emulation Dmitry Torokhov (1): Input: sunkbd - avoid use-after-free in teardown paths Greg Kroah-Hartman (1): Linux 4.4.245 Johannes Berg (1): mac80211: always wind down STA state Krzysztof Kozlowski (1): i2c: imx: Fix external abort on interrupt in exit paths Nicholas Piggin (3): powerpc/64s: flush L1D on kernel entry powerpc/uaccess: Evaluate macro arguments once, before user access is allowed powerpc/64s: flush L1D after user accesses

4 years, 5 months

1
1
0 0

[PATCH 5.9 00/14] 5.9.10-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.9.10 release. There are 14 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 22 Nov 2020 10:45:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.10-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.9.10-rc1 Nick Desaulniers <ndesaulniers(a)google.com> ACPI: GED: fix -Wformat David Edmondson <david.edmondson(a)oracle.com> KVM: x86: clflushopt should be treated as a no-op by emulation Arnd Bergmann <arnd(a)arndb.de> perf/x86/intel/uncore: Fix Add BW copypasta Qian Cai <cai(a)redhat.com> powerpc/smp: Call rcu_cpu_starting() earlier Tommi Rantala <tommi.t.rantala(a)nokia.com> selftests/harness: prettify SKIP message whitespace again Zhang Changzhong <zhangchangzhong(a)huawei.com> can: proc: can_remove_proc(): silence remove_proc_entry warning Johannes Berg <johannes.berg(a)intel.com> mac80211: always wind down STA state Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: sunkbd - avoid use-after-free in teardown paths Gabriel David <ultracoolguy(a)tutanota.com> leds: lm3697: Fix out-of-bound access Daniel Axtens <dja(a)axtens.net> selftests/powerpc: entry flush test Michael Ellerman <mpe(a)ellerman.id.au> powerpc: Only include kup-radix.h for 64-bit Book3S Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s: flush L1D after user accesses Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s: flush L1D on kernel entry Russell Currey <ruscur(a)russell.cc> selftests/powerpc: rfi_flush: disable entry flush if present ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 7 + Makefile | 4 +- arch/powerpc/include/asm/book3s/64/kup-radix.h | 66 ++++--- arch/powerpc/include/asm/exception-64s.h | 12 +- arch/powerpc/include/asm/feature-fixups.h | 19 ++ arch/powerpc/include/asm/kup.h | 26 ++- arch/powerpc/include/asm/security_features.h | 7 + arch/powerpc/include/asm/setup.h | 4 + arch/powerpc/kernel/exceptions-64s.S | 80 +++++---- arch/powerpc/kernel/setup_64.c | 122 ++++++++++++- arch/powerpc/kernel/smp.c | 2 +- arch/powerpc/kernel/syscall_64.c | 2 +- arch/powerpc/kernel/vmlinux.lds.S | 14 ++ arch/powerpc/lib/feature-fixups.c | 104 +++++++++++ arch/powerpc/platforms/powernv/setup.c | 17 ++ arch/powerpc/platforms/pseries/setup.c | 8 + arch/x86/events/intel/uncore_snb.c | 2 +- arch/x86/kvm/emulate.c | 8 +- drivers/acpi/evged.c | 2 +- drivers/input/keyboard/sunkbd.c | 41 ++++- drivers/leds/leds-lm3697.c | 8 +- net/can/proc.c | 6 +- net/mac80211/sta_info.c | 18 ++ tools/testing/selftests/kselftest_harness.h | 2 +- .../testing/selftests/powerpc/security/.gitignore | 1 + tools/testing/selftests/powerpc/security/Makefile | 2 +- .../selftests/powerpc/security/entry_flush.c | 198 +++++++++++++++++++++ .../testing/selftests/powerpc/security/rfi_flush.c | 35 +++- 28 files changed, 719 insertions(+), 98 deletions(-)

4 years, 5 months

6
23
0 0

[PATCH 4.19 00/14] 4.19.159-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.159 release. There are 14 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 22 Nov 2020 10:45:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.159-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.159-rc1 Nick Desaulniers <ndesaulniers(a)google.com> ACPI: GED: fix -Wformat David Edmondson <david.edmondson(a)oracle.com> KVM: x86: clflushopt should be treated as a no-op by emulation Zhang Changzhong <zhangchangzhong(a)huawei.com> can: proc: can_remove_proc(): silence remove_proc_entry warning Johannes Berg <johannes.berg(a)intel.com> mac80211: always wind down STA state Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: sunkbd - avoid use-after-free in teardown paths Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/8xx: Always fault when _PAGE_ACCESSED is not set Salvatore Bonaccorso <carnil(a)debian.org> Revert "perf cs-etm: Move definition of 'traceid_list' global variable from header file" Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s: flush L1D after user accesses Nicholas Piggin <npiggin(a)gmail.com> powerpc/uaccess: Evaluate macro arguments once, before user access is allowed Andrew Donnellan <ajd(a)linux.ibm.com> powerpc: Fix __clear_user() with KUAP enabled Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc: Implement user_access_begin and friends Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc: Add a framework for user access tracking Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s: flush L1D on kernel entry Daniel Axtens <dja(a)axtens.net> powerpc/64s: move some exception handlers out of line ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 7 ++ Makefile | 4 +- arch/powerpc/include/asm/book3s/64/kup-radix.h | 22 ++++ arch/powerpc/include/asm/exception-64s.h | 9 +- arch/powerpc/include/asm/feature-fixups.h | 19 +++ arch/powerpc/include/asm/futex.h | 4 + arch/powerpc/include/asm/kup.h | 40 +++++++ arch/powerpc/include/asm/security_features.h | 7 ++ arch/powerpc/include/asm/setup.h | 4 + arch/powerpc/include/asm/uaccess.h | 147 +++++++++++++++++++----- arch/powerpc/kernel/exceptions-64s.S | 96 +++++++++------- arch/powerpc/kernel/head_8xx.S | 8 +- arch/powerpc/kernel/setup_64.c | 122 +++++++++++++++++++- arch/powerpc/kernel/vmlinux.lds.S | 14 +++ arch/powerpc/lib/checksum_wrappers.c | 4 + arch/powerpc/lib/feature-fixups.c | 104 +++++++++++++++++ arch/powerpc/lib/string_32.S | 4 +- arch/powerpc/lib/string_64.S | 6 +- arch/powerpc/platforms/powernv/setup.c | 17 +++ arch/powerpc/platforms/pseries/setup.c | 8 ++ arch/x86/kvm/emulate.c | 8 +- drivers/acpi/evged.c | 2 +- drivers/input/keyboard/sunkbd.c | 41 +++++-- net/can/proc.c | 6 +- net/mac80211/sta_info.c | 18 +++ tools/perf/util/cs-etm.c | 3 - tools/perf/util/cs-etm.h | 3 + 27 files changed, 623 insertions(+), 104 deletions(-)

4 years, 5 months

6
20
0 0

[PATCH 4.9 00/16] 4.9.245-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.245 release. There are 16 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 22 Nov 2020 10:45:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.245-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.245-rc1 Nick Desaulniers <ndesaulniers(a)google.com> ACPI: GED: fix -Wformat David Edmondson <david.edmondson(a)oracle.com> KVM: x86: clflushopt should be treated as a no-op by emulation Johannes Berg <johannes.berg(a)intel.com> mac80211: always wind down STA state Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: sunkbd - avoid use-after-free in teardown paths Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/8xx: Always fault when _PAGE_ACCESSED is not set Mike Looijmans <mike.looijmans(a)topic.nl> i2c: mux: pca954x: Add missing pca9546 definition to chip_desc Krzysztof Kozlowski <krzk(a)kernel.org> i2c: imx: Fix external abort on interrupt in exit paths Lucas Stach <l.stach(a)pengutronix.de> i2c: imx: use clk notifier for rate changes Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s: flush L1D after user accesses Nicholas Piggin <npiggin(a)gmail.com> powerpc/uaccess: Evaluate macro arguments once, before user access is allowed Andrew Donnellan <ajd(a)linux.ibm.com> powerpc: Fix __clear_user() with KUAP enabled Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc: Implement user_access_begin and friends Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc: Add a framework for user access tracking Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s: flush L1D on kernel entry Daniel Axtens <dja(a)axtens.net> powerpc/64s: move some exception handlers out of line Daniel Axtens <dja(a)axtens.net> powerpc/64s: Define MASKABLE_RELON_EXCEPTION_PSERIES_OOL ------------- Diffstat: Documentation/kernel-parameters.txt | 7 ++ Makefile | 4 +- arch/powerpc/include/asm/book3s/64/kup-radix.h | 22 ++++ arch/powerpc/include/asm/exception-64s.h | 13 ++- arch/powerpc/include/asm/feature-fixups.h | 19 ++++ arch/powerpc/include/asm/futex.h | 4 + arch/powerpc/include/asm/kup.h | 40 +++++++ arch/powerpc/include/asm/security_features.h | 7 ++ arch/powerpc/include/asm/setup.h | 4 + arch/powerpc/include/asm/uaccess.h | 143 +++++++++++++++++++------ arch/powerpc/kernel/exceptions-64s.S | 130 ++++++++++++---------- arch/powerpc/kernel/head_8xx.S | 8 +- arch/powerpc/kernel/setup_64.c | 120 +++++++++++++++++++++ arch/powerpc/kernel/vmlinux.lds.S | 14 +++ arch/powerpc/lib/checksum_wrappers.c | 4 + arch/powerpc/lib/feature-fixups.c | 104 ++++++++++++++++++ arch/powerpc/lib/string.S | 4 +- arch/powerpc/lib/string_64.S | 6 +- arch/powerpc/platforms/powernv/setup.c | 15 +++ arch/powerpc/platforms/pseries/setup.c | 8 ++ arch/x86/kvm/emulate.c | 8 +- drivers/acpi/evged.c | 2 +- drivers/i2c/busses/i2c-imx.c | 56 ++++++---- drivers/i2c/muxes/i2c-mux-pca954x.c | 6 +- drivers/input/keyboard/sunkbd.c | 41 +++++-- net/mac80211/sta_info.c | 18 ++++ 26 files changed, 673 insertions(+), 134 deletions(-)

4 years, 5 months

5
22
0 0

[PATCH kernel v2] powerpc/powernv/npu: Do not attempt NPU2 setup on POWER8NVL NPU

by Alexey Kardashevskiy

We execute certain NPU2 setup code (such as mapping an LPID to a device in NPU2) unconditionally if an Nvlink bridge is detected. However this cannot succeed on POWER8NVL machines and errors appear in dmesg. This is harmless as skiboot returns an error and the only place we check it is vfio-pci but that code does not get called on P8+ either. This adds a check if pnv_npu2_xxx helpers are called on a machine with NPU2 which initializes pnv_phb::npu in pnv_npu2_init(); pnv_phb::npu==NULL on POWER8/NVL (Naples). While at this, fix NULL derefencing in pnv_npu_peers_take_ownership/ pnv_npu_peers_release_ownership which occurs when GPUs on mentioned P8s cause EEH which happens if "vfio-pci" disables devices using the D3 power state; the vfio-pci's disable_idle_d3 module parameter controls this and must be set on Naples. The EEH handling clears the entire pnv_ioda_pe struct in pnv_ioda_free_pe() hence the NULL derefencing. We cannot recover from that but at least we stop crashing. Tested on - POWER9 pvr=004e1201, Ubuntu 19.04 host, Ubuntu 18.04 vm, NVIDIA GV100 10de:1db1 driver 418.39 - POWER8 pvr=004c0100, RHEL 7.6 host, Ubuntu 16.10 vm, NVIDIA P100 10de:15f9 driver 396.47 Fixes: 1b785611e119 ("powerpc/powernv/npu: Add release_ownership hook") Cc: stable(a)vger.kernel.org # 5.0 Signed-off-by: Alexey Kardashevskiy <aik(a)ozlabs.ru> --- Changes: v2: * added checks for !pe->table_group.ops and updated commit log * added tested configurations --- arch/powerpc/platforms/powernv/npu-dma.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/platforms/powernv/npu-dma.c b/arch/powerpc/platforms/powernv/npu-dma.c index abeaa533b976..b711dc3262a3 100644 --- a/arch/powerpc/platforms/powernv/npu-dma.c +++ b/arch/powerpc/platforms/powernv/npu-dma.c @@ -385,7 +385,8 @@ static void pnv_npu_peers_take_ownership(struct iommu_table_group *table_group) for (i = 0; i < npucomp->pe_num; ++i) { struct pnv_ioda_pe *pe = npucomp->pe[i]; - if (!pe->table_group.ops->take_ownership) + if (!pe->table_group.ops || + !pe->table_group.ops->take_ownership) continue; pe->table_group.ops->take_ownership(&pe->table_group); } @@ -401,7 +402,8 @@ static void pnv_npu_peers_release_ownership( for (i = 0; i < npucomp->pe_num; ++i) { struct pnv_ioda_pe *pe = npucomp->pe[i]; - if (!pe->table_group.ops->release_ownership) + if (!pe->table_group.ops || + !pe->table_group.ops->release_ownership) continue; pe->table_group.ops->release_ownership(&pe->table_group); } @@ -623,6 +625,11 @@ int pnv_npu2_map_lpar_dev(struct pci_dev *gpdev, unsigned int lparid, return -ENODEV; hose = pci_bus_to_host(npdev->bus); + if (hose->npu == NULL) { + dev_info_once(&npdev->dev, "Nvlink1 does not support contexts"); + return 0; + } + nphb = hose->private_data; dev_dbg(&gpdev->dev, "Map LPAR opalid=%llu lparid=%u\n", @@ -670,6 +677,11 @@ int pnv_npu2_unmap_lpar_dev(struct pci_dev *gpdev) return -ENODEV; hose = pci_bus_to_host(npdev->bus); + if (hose->npu == NULL) { + dev_info_once(&npdev->dev, "Nvlink1 does not support contexts"); + return 0; + } + nphb = hose->private_data; dev_dbg(&gpdev->dev, "destroy context opalid=%llu\n", -- 2.17.1

4 years, 5 months

1
0
0 0

[patch 6/8] mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault()

by Andrew Morton

From: Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> Subject: mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() Alexander reported a syzkaller / KASAN finding on s390, see below for complete output. In do_huge_pmd_anonymous_page(), the pre-allocated pagetable will be freed in some cases. In the case of userfaultfd_missing(), this will happen after calling handle_userfault(), which might have released the mmap_lock. Therefore, the following pte_free(vma->vm_mm, pgtable) will access an unstable vma->vm_mm, which could have been freed or re-used already. For all architectures other than s390 this will go w/o any negative impact, because pte_free() simply frees the page and ignores the passed-in mm. The implementation for SPARC32 would also access mm->page_table_lock for pte_free(), but there is no THP support in SPARC32, so the buggy code path will not be used there. For s390, the mm->context.pgtable_list is being used to maintain the 2K pagetable fragments, and operating on an already freed or even re-used mm could result in various more or less subtle bugs due to list / pagetable corruption. Fix this by calling pte_free() before handle_userfault(), similar to how it is already done in __do_huge_pmd_anonymous_page() for the WRITE / non-huge_zero_page case. Commit 6b251fc96cf2c ("userfaultfd: call handle_userfault() for userfaultfd_missing() faults") actually introduced both, the do_huge_pmd_anonymous_page() and also __do_huge_pmd_anonymous_page() changes wrt to calling handle_userfault(), but only in the latter case it put the pte_free() before calling handle_userfault(). ================================================================== BUG: KASAN: use-after-free in do_huge_pmd_anonymous_page+0xcda/0xd90 mm/huge_memory.c:744 Read of size 8 at addr 00000000962d6988 by task syz-executor.0/9334 CPU: 1 PID: 9334 Comm: syz-executor.0 Not tainted 5.10.0-rc1-syzkaller-07083-g4c9720875573 #0 Hardware name: IBM 3906 M04 701 (KVM/Linux) Call Trace: [<00000000aa0a7a1c>] unwind_start arch/s390/include/asm/unwind.h:65 [inline] [<00000000aa0a7a1c>] show_stack+0x174/0x220 arch/s390/kernel/dumpstack.c:135 [<00000000aa105952>] __dump_stack lib/dump_stack.c:77 [inline] [<00000000aa105952>] dump_stack+0x262/0x2e8 lib/dump_stack.c:118 [<00000000aa0b484e>] print_address_description.constprop.0+0x5e/0x218 mm/kasan/report.c:385 [<00000000a61f13aa>] __kasan_report mm/kasan/report.c:545 [inline] [<00000000a61f13aa>] kasan_report+0x11a/0x168 mm/kasan/report.c:562 [<00000000a620d782>] do_huge_pmd_anonymous_page+0xcda/0xd90 mm/huge_memory.c:744 [<00000000a610632e>] create_huge_pmd mm/memory.c:4256 [inline] [<00000000a610632e>] __handle_mm_fault+0xe6e/0x1068 mm/memory.c:4480 [<00000000a61067b0>] handle_mm_fault+0x288/0x748 mm/memory.c:4607 [<00000000a598b55c>] do_exception+0x394/0xae0 arch/s390/mm/fault.c:479 [<00000000a598d7c4>] do_dat_exception+0x34/0x80 arch/s390/mm/fault.c:567 [<00000000aa124e5e>] pgm_check_handler+0x1da/0x22c arch/s390/kernel/entry.S:706 [<00000000aa0a6902>] copy_from_user_mvcos arch/s390/lib/uaccess.c:111 [inline] [<00000000aa0a6902>] raw_copy_from_user+0x3a/0x88 arch/s390/lib/uaccess.c:174 [<00000000a7c24668>] _copy_from_user+0x48/0xa8 lib/usercopy.c:16 [<00000000a5b0b2a8>] copy_from_user include/linux/uaccess.h:192 [inline] [<00000000a5b0b2a8>] __do_sys_sigaltstack kernel/signal.c:4064 [inline] [<00000000a5b0b2a8>] __s390x_sys_sigaltstack+0xc8/0x240 kernel/signal.c:4060 [<00000000aa124a9c>] system_call+0xe0/0x28c arch/s390/kernel/entry.S:415 Allocated by task 9334: stack_trace_save+0xbe/0xf0 kernel/stacktrace.c:121 kasan_save_stack+0x30/0x60 mm/kasan/common.c:48 kasan_set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc.constprop.0+0xd0/0xe8 mm/kasan/common.c:461 slab_post_alloc_hook mm/slab.h:526 [inline] slab_alloc_node mm/slub.c:2891 [inline] slab_alloc mm/slub.c:2899 [inline] kmem_cache_alloc+0x118/0x348 mm/slub.c:2904 vm_area_dup+0x9c/0x2b8 kernel/fork.c:356 __split_vma+0xba/0x560 mm/mmap.c:2742 split_vma+0xca/0x108 mm/mmap.c:2800 mlock_fixup+0x4ae/0x600 mm/mlock.c:550 apply_vma_lock_flags+0x2c6/0x398 mm/mlock.c:619 do_mlock+0x1aa/0x718 mm/mlock.c:711 __do_sys_mlock2 mm/mlock.c:738 [inline] __s390x_sys_mlock2+0x86/0xa8 mm/mlock.c:728 system_call+0xe0/0x28c arch/s390/kernel/entry.S:415 Freed by task 9333: stack_trace_save+0xbe/0xf0 kernel/stacktrace.c:121 kasan_save_stack+0x30/0x60 mm/kasan/common.c:48 kasan_set_track+0x32/0x48 mm/kasan/common.c:56 kasan_set_free_info+0x34/0x50 mm/kasan/generic.c:355 __kasan_slab_free+0x11e/0x190 mm/kasan/common.c:422 slab_free_hook mm/slub.c:1544 [inline] slab_free_freelist_hook mm/slub.c:1577 [inline] slab_free mm/slub.c:3142 [inline] kmem_cache_free+0x7c/0x4b8 mm/slub.c:3158 __vma_adjust+0x7b2/0x2508 mm/mmap.c:960 vma_merge+0x87e/0xce0 mm/mmap.c:1209 userfaultfd_release+0x412/0x6b8 fs/userfaultfd.c:868 __fput+0x22c/0x7a8 fs/file_table.c:281 task_work_run+0x200/0x320 kernel/task_work.c:151 tracehook_notify_resume include/linux/tracehook.h:188 [inline] do_notify_resume+0x100/0x148 arch/s390/kernel/signal.c:538 system_call+0xe6/0x28c arch/s390/kernel/entry.S:416 The buggy address belongs to the object at 00000000962d6948 which belongs to the cache vm_area_struct of size 200 The buggy address is located 64 bytes inside of 200-byte region [00000000962d6948, 00000000962d6a10) The buggy address belongs to the page: page:00000000313a09fe refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x962d6 flags: 0x3ffff00000000200(slab) raw: 3ffff00000000200 000040000257e080 0000000c0000000c 000000008020ba00 raw: 0000000000000000 000f001e00000000 ffffffff00000001 0000000096959501 page dumped because: kasan: bad access detected page->mem_cgroup:0000000096959501 Memory state around the buggy address: 00000000962d6880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000000962d6900: 00 fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb >00000000962d6980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ 00000000962d6a00: fb fb fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00000000962d6a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== Link: https://lkml.kernel.org/r/20201110190329.11920-1-gerald.schaefer@linux.ibm.… Fixes: 6b251fc96cf2c ("userfaultfd: call handle_userfault() for userfaultfd_missing() faults") Signed-off-by: Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> Reported-by: Alexander Egorenkov <egorenar(a)linux.ibm.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> [4.3+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) --- a/mm/huge_memory.c~mm-userfaultfd-do-not-access-vma-vm_mm-after-calling-handle_userfault +++ a/mm/huge_memory.c @@ -710,7 +710,6 @@ vm_fault_t do_huge_pmd_anonymous_page(st transparent_hugepage_use_zero_page()) { pgtable_t pgtable; struct page *zero_page; - bool set; vm_fault_t ret; pgtable = pte_alloc_one(vma->vm_mm); if (unlikely(!pgtable)) @@ -723,25 +722,25 @@ vm_fault_t do_huge_pmd_anonymous_page(st } vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); ret = 0; - set = false; if (pmd_none(*vmf->pmd)) { ret = check_stable_address_space(vma->vm_mm); if (ret) { spin_unlock(vmf->ptl); + pte_free(vma->vm_mm, pgtable); } else if (userfaultfd_missing(vma)) { spin_unlock(vmf->ptl); + pte_free(vma->vm_mm, pgtable); ret = handle_userfault(vmf, VM_UFFD_MISSING); VM_BUG_ON(ret & VM_FAULT_FALLBACK); } else { set_huge_zero_page(pgtable, vma->vm_mm, vma, haddr, vmf->pmd, zero_page); spin_unlock(vmf->ptl); - set = true; } - } else + } else { spin_unlock(vmf->ptl); - if (!set) pte_free(vma->vm_mm, pgtable); + } return ret; } gfp = alloc_hugepage_direct_gfpmask(vma); _

4 years, 5 months

1
0
0 0

[patch 5/8] mm: memcg/slab: fix root memcg vmstats

by Andrew Morton

From: Muchun Song <songmuchun(a)bytedance.com> Subject: mm: memcg/slab: fix root memcg vmstats If we reparent the slab objects to the root memcg, when we free the slab object, we need to update the per-memcg vmstats to keep it correct for the root memcg. Now this at least affects the vmstat of NR_KERNEL_STACK_KB for !CONFIG_VMAP_STACK when the thread stack size is smaller than the PAGE_SIZE. David said: "I assume that without this fix that the root memcg's vmstat would always be inflated if we reparented." Link: https://lkml.kernel.org/r/20201110031015.15715-1-songmuchun@bytedance.com Fixes: ec9f02384f60 ("mm: workingset: fix vmstat counters for shadow nodes") Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> Acked-by: Roman Gushchin <guro(a)fb.com> Reviewed-by: Shakeel Butt <shakeelb(a)google.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: David Rientjes <rientjes(a)google.com> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Vladimir Davydov <vdavydov.dev(a)gmail.com> Cc: Christopher Lameter <cl(a)linux.com> Cc: Pekka Enberg <penberg(a)kernel.org> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: Roman Gushchin <guro(a)fb.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Yafang Shao <laoar.shao(a)gmail.com> Cc: Chris Down <chris(a)chrisdown.name> Cc: <stable(a)vger.kernel.org> [5.3+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memcontrol.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) --- a/mm/memcontrol.c~mm-memcg-slab-fix-root-memcg-vmstats +++ a/mm/memcontrol.c @@ -867,8 +867,13 @@ void __mod_lruvec_slab_state(void *p, en rcu_read_lock(); memcg = mem_cgroup_from_obj(p); - /* Untracked pages have no memcg, no lruvec. Update only the node */ - if (!memcg || memcg == root_mem_cgroup) { + /* + * Untracked pages have no memcg, no lruvec. Update only the + * node. If we reparent the slab objects to the root memcg, + * when we free the slab object, we need to update the per-memcg + * vmstats to keep it correct for the root memcg. + */ + if (!memcg) { __mod_node_page_state(pgdat, idx, val); } else { lruvec = mem_cgroup_lruvec(memcg, pgdat); _

4 years, 5 months

1
0
0 0

[patch 4/8] mm: fix readahead_page_batch for retry entries

by Andrew Morton

From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: mm: fix readahead_page_batch for retry entries Both btrfs and fuse have reported faults caused by seeing a retry entry instead of the page they were looking for. This was caused by a missing check in the iterator. As can be seen in the below panic log, the accessing 0x402 causes a panic. In the xarray.h, 0x402 means RETRY_ENTRY. BUG: kernel NULL pointer dereference, address: 0000000000000402 CPU: 14 PID: 306003 Comm: as Not tainted 5.9.0-1-amd64 #1 Debian 5.9.1-1 Hardware name: Lenovo ThinkSystem SR665/7D2VCTO1WW, BIOS D8E106Q-1.01 05/30/2020 RIP: 0010:fuse_readahead+0x152/0x470 [fuse] Code: 41 8b 57 18 4c 8d 54 10 ff 4c 89 d6 48 8d 7c 24 10 e8 d2 e3 28 f9 48 85 c0 0f 84 fe 00 00 00 44 89 f2 49 89 04 d4 44 8d 72 01 <48> 8b 10 41 8b 4f 1c 48 c1 ea 10 83 e2 01 80 fa 01 19 d2 81 e2 01 RSP: 0018:ffffad99ceaebc50 EFLAGS: 00010246 RAX: 0000000000000402 RBX: 0000000000000001 RCX: 0000000000000002 RDX: 0000000000000000 RSI: ffff94c5af90bd98 RDI: ffffad99ceaebc60 RBP: ffff94ddc1749a00 R08: 0000000000000402 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000100 R12: ffff94de6c429ce0 R13: ffff94de6c4d3700 R14: 0000000000000001 R15: ffffad99ceaebd68 FS: 00007f228c5c7040(0000) GS:ffff94de8ed80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000402 CR3: 0000001dbd9b4000 CR4: 0000000000350ee0 Call Trace: read_pages+0x83/0x270 page_cache_readahead_unbounded+0x197/0x230 generic_file_buffered_read+0x57a/0xa20 new_sync_read+0x112/0x1a0 vfs_read+0xf8/0x180 ksys_read+0x5f/0xe0 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Link: https://lkml.kernel.org/r/20201103142852.8543-1-willy@infradead.org Link: https://lkml.kernel.org/r/20201103124349.16722-1-vvghjk1234@gmail.com Fixes: 042124cc64c3 ("mm: add new readahead_control API") Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reported-by: David Sterba <dsterba(a)suse.com> Reported-by: Wonhyuk Yang <vvghjk1234(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/pagemap.h | 2 ++ 1 file changed, 2 insertions(+) --- a/include/linux/pagemap.h~mm-fix-readahead_page_batch-for-retry-entries +++ a/include/linux/pagemap.h @@ -906,6 +906,8 @@ static inline unsigned int __readahead_b xas_set(&xas, rac->_index); rcu_read_lock(); xas_for_each(&xas, page, rac->_index + rac->_nr_pages - 1) { + if (xas_retry(&xas, page)) + continue; VM_BUG_ON_PAGE(!PageLocked(page), page); VM_BUG_ON_PAGE(PageTail(page), page); array[i++] = page; _

4 years, 5 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror November 2020