May 2020 - Linux-stable-mirror

FAILED: patch "[PATCH] bdi: add a ->dev_name field to struct backing_dev_info" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6bd87eec23cbc9ed222bed0f5b5b02bf300e9a8d Mon Sep 17 00:00:00 2001 From: Christoph Hellwig <hch(a)lst.de> Date: Mon, 4 May 2020 14:47:56 +0200 Subject: [PATCH] bdi: add a ->dev_name field to struct backing_dev_info Cache a copy of the name for the life time of the backing_dev_info structure so that we can reference it even after unregistering. Fixes: 68f23b89067f ("memcg: fix a crash in wb_workfn when a device disappears") Reported-by: Yufen Yu <yuyufen(a)huawei.com> Signed-off-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/include/linux/backing-dev-defs.h b/include/linux/backing-dev-defs.h index ee577a83cfe6..7367150f962a 100644 --- a/include/linux/backing-dev-defs.h +++ b/include/linux/backing-dev-defs.h @@ -219,6 +219,7 @@ struct backing_dev_info { wait_queue_head_t wb_waitq; struct device *dev; + char dev_name[64]; struct device *owner; struct timer_list laptop_mode_wb_timer; diff --git a/mm/backing-dev.c b/mm/backing-dev.c index c2c44c89ee5d..efc5b83acd2d 100644 --- a/mm/backing-dev.c +++ b/mm/backing-dev.c @@ -938,7 +938,8 @@ int bdi_register_va(struct backing_dev_info *bdi, const char *fmt, va_list args) if (bdi->dev) /* The driver needs to use separate queues per device */ return 0; - dev = device_create_vargs(bdi_class, NULL, MKDEV(0, 0), bdi, fmt, args); + vsnprintf(bdi->dev_name, sizeof(bdi->dev_name), fmt, args); + dev = device_create(bdi_class, NULL, MKDEV(0, 0), bdi, bdi->dev_name); if (IS_ERR(dev)) return PTR_ERR(dev); @@ -1047,7 +1048,7 @@ const char *bdi_dev_name(struct backing_dev_info *bdi) { if (!bdi || !bdi->dev) return bdi_unknown_name; - return dev_name(bdi->dev); + return bdi->dev_name; } EXPORT_SYMBOL_GPL(bdi_dev_name);

4 years, 8 months

1
0
0 0

[PATCH 4.19 STABLE v2 0/2] KVM: VMX: Fix null pointer dereference

by Sean Christopherson

A simple fix for a null pointer dereference in vmx_vcpu_run() with an ugly-but-safe prereq patch. The even uglier ASM_CALL_CONSTRAINT is gone in v2 as I finally figured out why vmx_return was undefined: GCC dropped the entire asm blob because all outputs were deemed unused. v2: - Document why there is no exact upstream commit for the fix, with --verbose. [Greg] - Tag the asm blob as volatile and drop the ASM_CALL_CONSTRAINT hack. Sean Christopherson (2): KVM: VMX: Explicitly reference RCX as the vmx_vcpu pointer in asm blobs KVM: VMX: Mark RCX, RDX and RSI as clobbered in vmx_vcpu_run()'s asm blob arch/x86/kvm/vmx.c | 91 +++++++++++++++++++++++++--------------------- 1 file changed, 50 insertions(+), 41 deletions(-) -- 2.26.0

4 years, 8 months

2
3
0 0

FAILED: patch "[PATCH] io_uring: don't use 'fd' for openat/openat2/statx" failed to apply to 5.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 63ff822358b276137059520cf16e587e8073e80f Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Thu, 7 May 2020 14:56:15 -0600 Subject: [PATCH] io_uring: don't use 'fd' for openat/openat2/statx We currently make some guesses as when to open this fd, but in reality we have no business (or need) to do so at all. In fact, it makes certain things fail, like O_PATH. Remove the fd lookup from these opcodes, we're just passing the 'fd' to generic helpers anyway. With that, we can also remove the special casing of fd values in io_req_needs_file(), and the 'fd_non_neg' check that we have. And we can ensure that we only read sqe->fd once. This fixes O_PATH usage with openat/openat2, and ditto statx path side oddities. Cc: stable(a)vger.kernel.org: # v5.6 Reported-by: Max Kellermann <mk(a)cm4all.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/fs/io_uring.c b/fs/io_uring.c index dd680eb153cb..979d9f977409 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -680,8 +680,6 @@ struct io_op_def { unsigned needs_mm : 1; /* needs req->file assigned */ unsigned needs_file : 1; - /* needs req->file assigned IFF fd is >= 0 */ - unsigned fd_non_neg : 1; /* hash wq insertion if file is a regular file */ unsigned hash_reg_file : 1; /* unbound wq insertion if file is a non-regular file */ @@ -784,8 +782,6 @@ static const struct io_op_def io_op_defs[] = { .needs_file = 1, }, [IORING_OP_OPENAT] = { - .needs_file = 1, - .fd_non_neg = 1, .file_table = 1, .needs_fs = 1, }, @@ -799,8 +795,6 @@ static const struct io_op_def io_op_defs[] = { }, [IORING_OP_STATX] = { .needs_mm = 1, - .needs_file = 1, - .fd_non_neg = 1, .needs_fs = 1, .file_table = 1, }, @@ -837,8 +831,6 @@ static const struct io_op_def io_op_defs[] = { .buffer_select = 1, }, [IORING_OP_OPENAT2] = { - .needs_file = 1, - .fd_non_neg = 1, .file_table = 1, .needs_fs = 1, }, @@ -5368,15 +5360,6 @@ static void io_wq_submit_work(struct io_wq_work **workptr) io_steal_work(req, workptr); } -static int io_req_needs_file(struct io_kiocb *req, int fd) -{ - if (!io_op_defs[req->opcode].needs_file) - return 0; - if ((fd == -1 || fd == AT_FDCWD) && io_op_defs[req->opcode].fd_non_neg) - return 0; - return 1; -} - static inline struct file *io_file_from_index(struct io_ring_ctx *ctx, int index) { @@ -5414,14 +5397,11 @@ static int io_file_get(struct io_submit_state *state, struct io_kiocb *req, } static int io_req_set_file(struct io_submit_state *state, struct io_kiocb *req, - int fd, unsigned int flags) + int fd) { bool fixed; - if (!io_req_needs_file(req, fd)) - return 0; - - fixed = (flags & IOSQE_FIXED_FILE); + fixed = (req->flags & REQ_F_FIXED_FILE) != 0; if (unlikely(!fixed && req->needs_fixed_file)) return -EBADF; @@ -5798,7 +5778,7 @@ static int io_init_req(struct io_ring_ctx *ctx, struct io_kiocb *req, struct io_submit_state *state, bool async) { unsigned int sqe_flags; - int id, fd; + int id; /* * All io need record the previous position, if LINK vs DARIN, @@ -5850,8 +5830,10 @@ static int io_init_req(struct io_ring_ctx *ctx, struct io_kiocb *req, IOSQE_ASYNC | IOSQE_FIXED_FILE | IOSQE_BUFFER_SELECT | IOSQE_IO_LINK); - fd = READ_ONCE(sqe->fd); - return io_req_set_file(state, req, fd, sqe_flags); + if (!io_op_defs[req->opcode].needs_file) + return 0; + + return io_req_set_file(state, req, READ_ONCE(sqe->fd)); } static int io_submit_sqes(struct io_ring_ctx *ctx, unsigned int nr,

4 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] ipc/mqueue.c: change __do_notify() to bypass" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b5f2006144c6ae941726037120fa1001ddede784 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Thu, 7 May 2020 18:35:39 -0700 Subject: [PATCH] ipc/mqueue.c: change __do_notify() to bypass check_kill_permission() Commit cc731525f26a ("signal: Remove kernel interal si_code magic") changed the value of SI_FROMUSER(SI_MESGQ), this means that mq_notify() no longer works if the sender doesn't have rights to send a signal. Change __do_notify() to use do_send_sig_info() instead of kill_pid_info() to avoid check_kill_permission(). This needs the additional notify.sigev_signo != 0 check, shouldn't we change do_mq_notify() to deny sigev_signo == 0 ? Test-case: #include <signal.h> #include <mqueue.h> #include <unistd.h> #include <sys/wait.h> #include <assert.h> static int notified; static void sigh(int sig) { notified = 1; } int main(void) { signal(SIGIO, sigh); int fd = mq_open("/mq", O_RDWR|O_CREAT, 0666, NULL); assert(fd >= 0); struct sigevent se = { .sigev_notify = SIGEV_SIGNAL, .sigev_signo = SIGIO, }; assert(mq_notify(fd, &se) == 0); if (!fork()) { assert(setuid(1) == 0); mq_send(fd, "",1,0); return 0; } wait(NULL); mq_unlink("/mq"); assert(notified); return 0; } [manfred(a)colorfullife.com: 1) Add self_exec_id evaluation so that the implementation matches do_notify_parent 2) use PIDTYPE_TGID everywhere] Fixes: cc731525f26a ("signal: Remove kernel interal si_code magic") Reported-by: Yoji <yoji.fujihar.min(a)gmail.com> Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Manfred Spraul <manfred(a)colorfullife.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: "Eric W. Biederman" <ebiederm(a)xmission.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Markus Elfring <elfring(a)users.sourceforge.net> Cc: <1vier1(a)web.de> Cc: <stable(a)vger.kernel.org> Link: http://lkml.kernel.org/r/e2a782e4-eab9-4f5c-c749-c07a8f7a4e66@colorfullife.… Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/ipc/mqueue.c b/ipc/mqueue.c index dc8307bf2d74..beff0cfcd1e8 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -142,6 +142,7 @@ struct mqueue_inode_info { struct sigevent notify; struct pid *notify_owner; + u32 notify_self_exec_id; struct user_namespace *notify_user_ns; struct user_struct *user; /* user who created, for accounting */ struct sock *notify_sock; @@ -773,28 +774,44 @@ static void __do_notify(struct mqueue_inode_info *info) * synchronously. */ if (info->notify_owner && info->attr.mq_curmsgs == 1) { - struct kernel_siginfo sig_i; switch (info->notify.sigev_notify) { case SIGEV_NONE: break; - case SIGEV_SIGNAL: - /* sends signal */ + case SIGEV_SIGNAL: { + struct kernel_siginfo sig_i; + struct task_struct *task; + + /* do_mq_notify() accepts sigev_signo == 0, why?? */ + if (!info->notify.sigev_signo) + break; clear_siginfo(&sig_i); sig_i.si_signo = info->notify.sigev_signo; sig_i.si_errno = 0; sig_i.si_code = SI_MESGQ; sig_i.si_value = info->notify.sigev_value; - /* map current pid/uid into info->owner's namespaces */ rcu_read_lock(); + /* map current pid/uid into info->owner's namespaces */ sig_i.si_pid = task_tgid_nr_ns(current, ns_of_pid(info->notify_owner)); - sig_i.si_uid = from_kuid_munged(info->notify_user_ns, current_uid()); + sig_i.si_uid = from_kuid_munged(info->notify_user_ns, + current_uid()); + /* + * We can't use kill_pid_info(), this signal should + * bypass check_kill_permission(). It is from kernel + * but si_fromuser() can't know this. + * We do check the self_exec_id, to avoid sending + * signals to programs that don't expect them. + */ + task = pid_task(info->notify_owner, PIDTYPE_TGID); + if (task && task->self_exec_id == + info->notify_self_exec_id) { + do_send_sig_info(info->notify.sigev_signo, + &sig_i, task, PIDTYPE_TGID); + } rcu_read_unlock(); - - kill_pid_info(info->notify.sigev_signo, - &sig_i, info->notify_owner); break; + } case SIGEV_THREAD: set_cookie(info->notify_cookie, NOTIFY_WOKENUP); netlink_sendskb(info->notify_sock, info->notify_cookie); @@ -1383,6 +1400,7 @@ static int do_mq_notify(mqd_t mqdes, const struct sigevent *notification) info->notify.sigev_signo = notification->sigev_signo; info->notify.sigev_value = notification->sigev_value; info->notify.sigev_notify = SIGEV_SIGNAL; + info->notify_self_exec_id = current->self_exec_id; break; }

4 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] ipc/mqueue.c: change __do_notify() to bypass" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b5f2006144c6ae941726037120fa1001ddede784 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Thu, 7 May 2020 18:35:39 -0700 Subject: [PATCH] ipc/mqueue.c: change __do_notify() to bypass check_kill_permission() Commit cc731525f26a ("signal: Remove kernel interal si_code magic") changed the value of SI_FROMUSER(SI_MESGQ), this means that mq_notify() no longer works if the sender doesn't have rights to send a signal. Change __do_notify() to use do_send_sig_info() instead of kill_pid_info() to avoid check_kill_permission(). This needs the additional notify.sigev_signo != 0 check, shouldn't we change do_mq_notify() to deny sigev_signo == 0 ? Test-case: #include <signal.h> #include <mqueue.h> #include <unistd.h> #include <sys/wait.h> #include <assert.h> static int notified; static void sigh(int sig) { notified = 1; } int main(void) { signal(SIGIO, sigh); int fd = mq_open("/mq", O_RDWR|O_CREAT, 0666, NULL); assert(fd >= 0); struct sigevent se = { .sigev_notify = SIGEV_SIGNAL, .sigev_signo = SIGIO, }; assert(mq_notify(fd, &se) == 0); if (!fork()) { assert(setuid(1) == 0); mq_send(fd, "",1,0); return 0; } wait(NULL); mq_unlink("/mq"); assert(notified); return 0; } [manfred(a)colorfullife.com: 1) Add self_exec_id evaluation so that the implementation matches do_notify_parent 2) use PIDTYPE_TGID everywhere] Fixes: cc731525f26a ("signal: Remove kernel interal si_code magic") Reported-by: Yoji <yoji.fujihar.min(a)gmail.com> Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Manfred Spraul <manfred(a)colorfullife.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: "Eric W. Biederman" <ebiederm(a)xmission.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Markus Elfring <elfring(a)users.sourceforge.net> Cc: <1vier1(a)web.de> Cc: <stable(a)vger.kernel.org> Link: http://lkml.kernel.org/r/e2a782e4-eab9-4f5c-c749-c07a8f7a4e66@colorfullife.… Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/ipc/mqueue.c b/ipc/mqueue.c index dc8307bf2d74..beff0cfcd1e8 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -142,6 +142,7 @@ struct mqueue_inode_info { struct sigevent notify; struct pid *notify_owner; + u32 notify_self_exec_id; struct user_namespace *notify_user_ns; struct user_struct *user; /* user who created, for accounting */ struct sock *notify_sock; @@ -773,28 +774,44 @@ static void __do_notify(struct mqueue_inode_info *info) * synchronously. */ if (info->notify_owner && info->attr.mq_curmsgs == 1) { - struct kernel_siginfo sig_i; switch (info->notify.sigev_notify) { case SIGEV_NONE: break; - case SIGEV_SIGNAL: - /* sends signal */ + case SIGEV_SIGNAL: { + struct kernel_siginfo sig_i; + struct task_struct *task; + + /* do_mq_notify() accepts sigev_signo == 0, why?? */ + if (!info->notify.sigev_signo) + break; clear_siginfo(&sig_i); sig_i.si_signo = info->notify.sigev_signo; sig_i.si_errno = 0; sig_i.si_code = SI_MESGQ; sig_i.si_value = info->notify.sigev_value; - /* map current pid/uid into info->owner's namespaces */ rcu_read_lock(); + /* map current pid/uid into info->owner's namespaces */ sig_i.si_pid = task_tgid_nr_ns(current, ns_of_pid(info->notify_owner)); - sig_i.si_uid = from_kuid_munged(info->notify_user_ns, current_uid()); + sig_i.si_uid = from_kuid_munged(info->notify_user_ns, + current_uid()); + /* + * We can't use kill_pid_info(), this signal should + * bypass check_kill_permission(). It is from kernel + * but si_fromuser() can't know this. + * We do check the self_exec_id, to avoid sending + * signals to programs that don't expect them. + */ + task = pid_task(info->notify_owner, PIDTYPE_TGID); + if (task && task->self_exec_id == + info->notify_self_exec_id) { + do_send_sig_info(info->notify.sigev_signo, + &sig_i, task, PIDTYPE_TGID); + } rcu_read_unlock(); - - kill_pid_info(info->notify.sigev_signo, - &sig_i, info->notify_owner); break; + } case SIGEV_THREAD: set_cookie(info->notify_cookie, NOTIFY_WOKENUP); netlink_sendskb(info->notify_sock, info->notify_cookie); @@ -1383,6 +1400,7 @@ static int do_mq_notify(mqd_t mqdes, const struct sigevent *notification) info->notify.sigev_signo = notification->sigev_signo; info->notify.sigev_value = notification->sigev_value; info->notify.sigev_notify = SIGEV_SIGNAL; + info->notify_self_exec_id = current->self_exec_id; break; }

4 years, 8 months

1
0
0 0

[PATCH] drm/i915: Watch out for idling during i915_gem_evict_something

by Chris Wilson

i915_gem_evict_something() is charged with finding a slot within the GTT that we may reuse. Since our goal is not to stall, we first look for a slot that only overlaps idle vma. To this end, on the first pass we move any active vma to the end of the search list. However, we only stopped moving active vma after we see the first active vma twice. If during the search, that first active vma completed, we would not notice and keep on extending the search list. Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/1746 Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Cc: <stable(a)vger.kernel.org> # v5.5+ --- drivers/gpu/drm/i915/i915_gem_evict.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gem_evict.c b/drivers/gpu/drm/i915/i915_gem_evict.c index 0ba7b1e881c0..6501939929d5 100644 --- a/drivers/gpu/drm/i915/i915_gem_evict.c +++ b/drivers/gpu/drm/i915/i915_gem_evict.c @@ -128,6 +128,13 @@ i915_gem_evict_something(struct i915_address_space *vm, active = NULL; INIT_LIST_HEAD(&eviction_list); list_for_each_entry_safe(vma, next, &vm->bound_list, vm_link) { + if (vma == active) { /* now seen this vma twice */ + if (flags & PIN_NONBLOCK) + break; + + active = ERR_PTR(-EAGAIN); + } + /* * We keep this list in a rough least-recently scanned order * of active elements (inactive elements are cheap to reap). @@ -143,21 +150,12 @@ i915_gem_evict_something(struct i915_address_space *vm, * To notice when we complete one full cycle, we record the * first active element seen, before moving it to the tail. */ - if (i915_vma_is_active(vma)) { - if (vma == active) { - if (flags & PIN_NONBLOCK) - break; - - active = ERR_PTR(-EAGAIN); - } - - if (active != ERR_PTR(-EAGAIN)) { - if (!active) - active = vma; + if (active != ERR_PTR(-EAGAIN) && i915_vma_is_active(vma)) { + if (!active) + active = vma; - list_move_tail(&vma->vm_link, &vm->bound_list); - continue; - } + list_move_tail(&vma->vm_link, &vm->bound_list); + continue; } if (mark_free(&scan, vma, flags, &eviction_list)) -- 2.20.1

4 years, 8 months

2
3
0 0

[PATCH V4 02/14] KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits

by Huacai Chen

From: Xing Li <lixing(a)loongson.cn> If a CPU support more than 32bit vmbits (which is true for 64bit CPUs), VPN2_MASK set to fixed 0xffffe000 will lead to a wrong EntryHi in some functions such as _kvm_mips_host_tlb_inv(). The cpu_vmbits definition of 32bit CPU in cpu-features.h is 31, so we still use the old definition. Cc: stable(a)vger.kernel.org Reviewed-by: Aleksandar Markovic <aleksandar.qemu.devel(a)gmail.com> Signed-off-by: Xing Li <lixing(a)loongson.cn> [Huacai: Improve commit messages] Signed-off-by: Huacai Chen <chenhc(a)lemote.com> --- arch/mips/include/asm/kvm_host.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/mips/include/asm/kvm_host.h b/arch/mips/include/asm/kvm_host.h index a01cee9..caa2b936 100644 --- a/arch/mips/include/asm/kvm_host.h +++ b/arch/mips/include/asm/kvm_host.h @@ -274,7 +274,11 @@ enum emulation_result { #define MIPS3_PG_SHIFT 6 #define MIPS3_PG_FRAME 0x3fffffc0 +#if defined(CONFIG_64BIT) +#define VPN2_MASK GENMASK(cpu_vmbits - 1, 13) +#else #define VPN2_MASK 0xffffe000 +#endif #define KVM_ENTRYHI_ASID cpu_asid_mask(&boot_cpu_data) #define TLB_IS_GLOBAL(x) ((x).tlb_lo[0] & (x).tlb_lo[1] & ENTRYLO_G) #define TLB_VPN2(x) ((x).tlb_hi & VPN2_MASK) -- 2.7.0

4 years, 8 months

1
0
0 0

List of patches to apply to stable releases (5/11)

by Guenter Roeck

Hi, Please consider applying the following patches to the listed stable releases. The following patches were found to be missing in stable releases by the Chrome OS missing patch robot. The patches meet the following criteria. - The patch includes a Fixes: tag - The patch referenced in the Fixes: tag has been applied to the listed stable release - The patch has not been applied to that stable release All patches have been applied to the listed stable releases and to at least one Chrome OS branch. Resulting images have been build- and runtime-tested (where applicable) on real hardware and with virtual hardware on kerneltests.org. Thanks, Guenter --- Upstream commit fd25ea29093e ("Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"") upstream: v4.10-rc6 Fixes: 6276e53fa8c0 ("ACPI / video: Add force_native quirk for HP Pavilion dv6") in linux-4.4.y: 69e236e70ead in linux-4.9.y: a04465251f94 upstream: v4.10-rc1 Affected branches: linux-4.4.y linux-4.9.y Upstream commit 56f772279a76 ("enic: do not overwrite error code") upstream: v4.18-rc2 Fixes: e8588e268509 ("enic: enable rq before updating rq descriptors") in linux-4.4.y: 6af8cf3ca5cb in linux-4.9.y: 92ff7ff0318f in linux-4.14.y: 87337cb5663c upstream: v4.17-rc1 Affected branches: linux-4.4.y linux-4.9.y (already applied) linux-4.14.y (already applied) Upstream commit afe49de44c27 ("ipv6: fix cleanup ordering for ip6_mr failure") upstream: v4.19-rc3 Fixes: 15e668070a64 ("ipv6: reorder icmpv6_init() and ip6_mr_init()") in linux-4.4.y: 7c5deeccc664 in linux-4.9.y: 05a59bc2f3c0 upstream: v4.11-rc3 Affected branches: linux-4.4.y linux-4.9.y (already applied) linux-4.14.y [commit 15e668070a64 is in v4.14 and thus in v4.14.y but its fix isn't] Upstream commit bbdc6076d2e5 ("binfmt_elf: move brk out of mmap when doing direct loader exec") upstream: v5.2-rc1 Fixes: eab09532d400 ("binfmt_elf: use ELF_ET_DYN_BASE only for PIE") in linux-4.4.y: 7eb968cd04d4 in linux-4.9.y: 63c2f8f8c41b upstream: v4.13-rc1 Affected branches: linux-4.4.y linux-4.9.y linux-4.14.y (already applied) linux-4.19.y (already applied) Upstream commit 6f6060a5c9cc ("x86/apm: Don't access __preempt_count with zeroed fs") upstream: v4.18-rc6 Fixes: dd84441a7971 ("x86/speculation: Use IBRS if available before calling into firmware") in linux-4.4.y: 7ec391255421 in linux-4.9.y: a27ede1bedcb in linux-4.14.y: c3ffdb5a2ed4 upstream: v4.16-rc4 Affected branches: linux-4.4.y linux-4.9.y (already applied) linux-4.14.y (already applied) Upstream commit 612601d0013f ("Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0"") upstream: v4.14-rc3 Fixes: 9a9b8112699d ("IB/ipoib: Update broadcast object if PKey value was changed in index 0") in linux-4.4.y: 8716c87ec253 in linux-4.9.y: 089f13786bdc upstream: v4.12-rc1 Affected branches: linux-4.4.y linux-4.9.y (already applied) Upstream commit 778fbf417999 ("HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices") upstream: v5.7-rc5 Fixes: 184eccd40389 ("HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report") in linux-4.14.y: 4e268e9c404a in linux-4.19.y: 8993c673d6c4 upstream: v5.3-rc1 Affected branches: linux-4.14.y linux-4.19.y linux-5.4.y linux-5.6.y Upstream commit f9094b7603c0 ("geneve: only configure or fill UDP_ZERO_CSUM6_RX/TX info when CONFIG_IPV6") upstream: v4.15-rc1 Fixes: fd7eafd02121 ("geneve: fix fill_info when link down") in linux-4.14.y: 81a1c2d3f9eb upstream: v4.15-rc1 Affected branches: linux-4.14.y Upstream commit 57d38f26d81e ("vt: fix unicode console freeing with a common interface") upstream: v5.7-rc5 Fixes: 9a98e7a80f95 ("vt: don't use kmalloc() for the unicode screen buffer") in linux-4.19.y: b91c4171c74e in linux-5.4.y: 64882aa0c531 in linux-5.6.y: ec6e885a4cb0 upstream: v5.7-rc3 Affected branches: linux-4.19.y linux-5.4.y linux-5.6.y Upstream commit 145cb2f7177d ("sctp: Fix bundling of SHUTDOWN with COOKIE-ACK") upstream: v5.7-rc3 Fixes: 4ff40b86262b ("sctp: set chunk transport correctly when it's a new asoc") in linux-4.19.y: cbf23d40cece upstream: v5.0-rc4 Affected branches: linux-4.19.y linux-5.4.y linux-5.6.y Upstream commit 2ae11c46d5fd ("tty: xilinx_uartps: Fix missing id assignment to the console") upstream: v5.7-rc5 Fixes: 18cc7ac8a28e ("Revert "serial: uartps: Register own uart console and driver structures"") in linux-5.4.y: c4606876164c in linux-5.6.y: 29772eb399a3 upstream: v5.7-rc3 Affected branches: linux-5.4.y linux-5.6.y

4 years, 8 months

2
1
0 0

[PATCH] x86/mm: Fix boot with some memory above MAXMEM

by Kirill A. Shutemov

A 5-level paging capable machine can have memory above 46-bit in the physical address space. This memory is only addressable in the 5-level paging mode: we don't have enough virtual address space to create direct mapping for such memory in the 4-level paging mode. Currently, we fail boot completely: NULL pointer dereference in subsection_map_init(). Skip creating a memblock for such memory instead and notify user that some memory is not addressable. Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: stable(a)vger.kernel.org # v4.14 --- Tested with a hacked QEMU: https://gist.github.com/kiryl/d45eb54110944ff95e544972d8bdac1d --- arch/x86/kernel/e820.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c index c5399e80c59c..022fe1de8940 100644 --- a/arch/x86/kernel/e820.c +++ b/arch/x86/kernel/e820.c @@ -1307,7 +1307,14 @@ void __init e820__memblock_setup(void) if (entry->type != E820_TYPE_RAM && entry->type != E820_TYPE_RESERVED_KERN) continue; - memblock_add(entry->addr, entry->size); + if (entry->addr >= MAXMEM || end >= MAXMEM) + pr_err_once("Some physical memory is not addressable in the paging mode.\n"); + + if (entry->addr >= MAXMEM) + continue; + + end = min_t(u64, end, MAXMEM - 1); + memblock_add(entry->addr, end - entry->addr); } /* Throw away partial pages: */ -- 2.26.2

4 years, 8 months

4
10
0 0

[PATCHES] Networking

by David Miller

Please queue up the following networking bug fixes for v5.4 and v5.6 -stable, respectively. Thank you.

4 years, 8 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2020