June 2020 - Linux-stable-mirror

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.184 release. There are 46 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Jun 2020 19:00:37 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.184-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.184-rc2 Oleg Nesterov <oleg(a)redhat.com> uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned Mathieu Othacehe <m.othacehe(a)gmail.com> iio: vcnl4000: Fix i2c swapped word reading. Josh Poimboeuf <jpoimboe(a)redhat.com> x86/speculation: Add Ivy Bridge to affected list Mark Gross <mgross(a)linux.intel.com> x86/speculation: Add SRBDS vulnerability and mitigation documentation Mark Gross <mgross(a)linux.intel.com> x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation Mark Gross <mgross(a)linux.intel.com> x86/cpu: Add 'table' argument to cpu_matches() Mark Gross <mgross(a)linux.intel.com> x86/cpu: Add a steppings field to struct x86_cpu_id Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> nvmem: qfprom: remove incorrect write support Oliver Neukum <oneukum(a)suse.com> CDC-ACM: heed quirk also in error handling Pascal Terjan <pterjan(a)google.com> staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK Jiri Slaby <jslaby(a)suse.cz> tty: hvc_console, fix crashes on parallel open/close Dmitry Torokhov <dmitry.torokhov(a)gmail.com> vt: keyboard: avoid signed integer overflow in k_ascii Dinghao Liu <dinghao.liu(a)zju.edu.cn> usb: musb: Fix runtime PM imbalance on error Bin Liu <b-liu(a)ti.com> usb: musb: start session in resume for host port Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit LE910C1-EUX compositions Bin Liu <b-liu(a)ti.com> USB: serial: usb_wwan: do not resubmit rx urb on fatal errors Matt Jolly <Kangie(a)footclan.ninja> USB: serial: qcserial: add DW5816e QDL support Eric Dumazet <edumazet(a)google.com> l2tp: add sk_family checks to l2tp_validate_socket Willem de Bruijn <willemb(a)google.com> net: check untrusted gso_size at kernel entry Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix timeout in vsock_accept() Chuhong Yuan <hslester96(a)gmail.com> NFC: st21nfca: add missed kfree_skb() in an error path Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: add Telit LE910C1-EUX composition Eric Dumazet <edumazet(a)google.com> l2tp: do not use inet_hash()/inet_unhash() Yang Yingliang <yangyingliang(a)huawei.com> devinet: fix memleak in inetdev_init() Dan Carpenter <dan.carpenter(a)oracle.com> airo: Fix read overflows sending packets Can Guo <cang(a)codeaurora.org> scsi: ufs: Release clock if DMA map fails Jérôme Pouiller <jerome.pouiller(a)silabs.com> mmc: fix compilation of user API Daniel Axtens <dja(a)axtens.net> kernel/relay.c: handle alloc_percpu returning NULL in relay_open Giuseppe Marco Randazzo <gmrandazzo(a)gmail.com> p54usb: add AirVasT USB stick device-id Julian Sax <jsbc(a)gmx.de> HID: i2c-hid: add Schneider SCL142ALM to descriptor override Scott Shumate <scott.shumate(a)gmail.com> HID: sony: Fix for broken buttons on DS3 USB dongles Fan Yang <Fan_Yang(a)sjtu.edu.cn> mm: Fix mremap not considering huge pmd devmap Dinghao Liu <dinghao.liu(a)zju.edu.cn> net: smsc911x: Fix runtime PM imbalance on error Jonathan McDowell <noodles(a)earth.li> net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x Valentin Longchamp <valentin(a)longchamp.me> net/ethernet/freescale: rework quiesce/activate for ucc_geth Jeremy Kerr <jk(a)ozlabs.org> net: bmac: Fix read of MAC address from ROM Nathan Chancellor <natechancellor(a)gmail.com> x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables Atsushi Nemoto <atsushi.nemoto(a)sord.co.jp> i2c: altera: Fix race between xfer_msg and isr thread Vineet Gupta <vgupta(a)synopsys.com> ARC: [plat-eznps]: Restrict to CONFIG_ISA_ARCOMPACT Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> ARC: Fix ICCM & DCCM runtime size checks Guillaume Nault <gnault(a)redhat.com> pppoe: only process PADT targeted at local interfaces Vasily Gorbik <gor(a)linux.ibm.com> s390/ftrace: save traced function caller Xinwei Kong <kong.kongxinwei(a)hisilicon.com> spi: dw: use "smp_mb()" to avoid sending spi data error Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Check sas_port before using it Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> libnvdimm: Fix endian conversion issues Hannes Reinecke <hare(a)suse.de> scsi: scsi_devinfo: fixup string compare ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/hw-vuln/index.rst | 1 + .../special-register-buffer-data-sampling.rst | 149 +++++++++++++++++++++ Documentation/admin-guide/kernel-parameters.txt | 20 +++ Makefile | 4 +- arch/arc/kernel/setup.c | 5 +- arch/arc/plat-eznps/Kconfig | 1 + arch/s390/kernel/mcount.S | 1 + arch/x86/include/asm/cpu_device_id.h | 27 ++++ arch/x86/include/asm/cpufeatures.h | 2 + arch/x86/include/asm/msr-index.h | 4 + arch/x86/include/asm/pgtable.h | 1 + arch/x86/kernel/cpu/bugs.c | 106 +++++++++++++++ arch/x86/kernel/cpu/common.c | 54 ++++++-- arch/x86/kernel/cpu/cpu.h | 1 + arch/x86/kernel/cpu/match.c | 7 +- arch/x86/mm/mmio-mod.c | 4 +- drivers/base/cpu.c | 8 ++ drivers/hid/hid-sony.c | 17 +++ drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c | 8 ++ drivers/i2c/busses/i2c-altera.c | 10 +- drivers/iio/light/vcnl4000.c | 6 +- drivers/net/ethernet/apple/bmac.c | 2 +- drivers/net/ethernet/freescale/ucc_geth.c | 13 +- drivers/net/ethernet/smsc/smsc911x.c | 9 +- .../net/ethernet/stmicro/stmmac/dwmac-ipq806x.c | 13 ++ drivers/net/ppp/pppoe.c | 3 + drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/cisco/airo.c | 12 ++ drivers/net/wireless/intersil/p54/p54usb.c | 1 + drivers/nfc/st21nfca/dep.c | 4 +- drivers/nvdimm/btt.c | 8 +- drivers/nvdimm/namespace_devs.c | 7 +- drivers/nvmem/qfprom.c | 14 -- drivers/scsi/hisi_sas/hisi_sas_main.c | 3 +- drivers/scsi/scsi_devinfo.c | 23 ++-- drivers/scsi/ufs/ufshcd.c | 1 + drivers/spi/spi-dw.c | 3 + drivers/staging/rtl8712/wifi.h | 9 +- drivers/tty/hvc/hvc_console.c | 23 ++-- drivers/tty/vt/keyboard.c | 26 ++-- drivers/usb/class/cdc-acm.c | 2 +- drivers/usb/musb/musb_core.c | 7 + drivers/usb/musb/musb_debugfs.c | 10 +- drivers/usb/serial/option.c | 4 + drivers/usb/serial/qcserial.c | 1 + drivers/usb/serial/usb_wwan.c | 4 + include/linux/mod_devicetable.h | 6 + include/linux/virtio_net.h | 14 +- include/uapi/linux/mmc/ioctl.h | 1 + kernel/events/uprobes.c | 14 +- kernel/relay.c | 5 + mm/mremap.c | 2 +- net/ipv4/devinet.c | 1 + net/l2tp/l2tp_core.c | 2 + net/l2tp/l2tp_ip.c | 29 +++- net/l2tp/l2tp_ip6.c | 30 +++-- net/vmw_vsock/af_vsock.c | 2 +- 58 files changed, 618 insertions(+), 128 deletions(-)

4 years, 7 months

5
4
0 0

Possible linux-stable mis-backport in ethernet/mellanox/mlx5

by Paul Gortmaker

I happened to notice this commit: 9ca415399dae - "net/mlx5: Annotate mutex destroy for root ns" ...was backported to 4.19 and 5.4 and v5.6 in linux-stable. It patches del_sw_root_ns() - which only exists after v5.7-rc7 from: 6eb7a268a99b - "net/mlx5: Don't maintain a case of del_sw_func being null" which creates the one line del_sw_root_ns stub function around kfree(node) by breaking it out of tree_put_node(). In the absense of del_sw_root_ns - the backport finds an identical one line kfree stub fcn - named del_sw_prio from this earlier commit: 139ed6c6c46a - "net/mlx5: Fix steering memory leak" [in v4.15-rc5] and then puts the mutex_destroy() into that (wrong) function, instead of putting it into tree_put_node where the root ns case used to be handled. Paul.

4 years, 7 months

2
2
0 0

[PATCH v6 08/12] PCI: qcom: Add support for tx term offset for rev 2.1.0

by Ansuel Smith

Add tx term offset support to pcie qcom driver need in some revision of the ipq806x SoC. Ipq8064 needs tx term offset set to 7. Fixes: 82a823833f4e ("PCI: qcom: Add Qualcomm PCIe controller driver") Signed-off-by: Sham Muthayyan <smuthayy(a)codeaurora.org> Signed-off-by: Ansuel Smith <ansuelsmth(a)gmail.com> Cc: stable(a)vger.kernel.org # v4.5+ --- drivers/pci/controller/dwc/pcie-qcom.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/drivers/pci/controller/dwc/pcie-qcom.c b/drivers/pci/controller/dwc/pcie-qcom.c index 85313493d51b..2cd6d1456210 100644 --- a/drivers/pci/controller/dwc/pcie-qcom.c +++ b/drivers/pci/controller/dwc/pcie-qcom.c @@ -45,7 +45,13 @@ #define PCIE_CAP_CPL_TIMEOUT_DISABLE 0x10 #define PCIE20_PARF_PHY_CTRL 0x40 +#define PHY_CTRL_PHY_TX0_TERM_OFFSET_MASK GENMASK(20, 16) +#define PHY_CTRL_PHY_TX0_TERM_OFFSET(x) ((x) << 16) + #define PCIE20_PARF_PHY_REFCLK 0x4C +#define PHY_REFCLK_SSP_EN BIT(16) +#define PHY_REFCLK_USE_PAD BIT(12) + #define PCIE20_PARF_DBI_BASE_ADDR 0x168 #define PCIE20_PARF_SLV_ADDR_SPACE_SIZE 0x16C #define PCIE20_PARF_MHI_CLOCK_RESET_CTRL 0x174 @@ -371,9 +377,18 @@ static int qcom_pcie_init_2_1_0(struct qcom_pcie *pcie) writel(PHY_RX0_EQ(4), pcie->parf + PCIE20_PARF_CONFIG_BITS); } + if (of_device_is_compatible(node, "qcom,pcie-ipq8064")) { + /* set TX termination offset */ + val = readl(pcie->parf + PCIE20_PARF_PHY_CTRL); + val &= ~PHY_CTRL_PHY_TX0_TERM_OFFSET_MASK; + val |= PHY_CTRL_PHY_TX0_TERM_OFFSET(7); + writel(val, pcie->parf + PCIE20_PARF_PHY_CTRL); + } + /* enable external reference clock */ val = readl(pcie->parf + PCIE20_PARF_PHY_REFCLK); - val |= BIT(16); + val &= ~PHY_REFCLK_USE_PAD; + val |= PHY_REFCLK_SSP_EN; writel(val, pcie->parf + PCIE20_PARF_PHY_REFCLK); /* wait for clock acquisition */ -- 2.25.1

4 years, 7 months

1
0
0 0

[PATCH v6 07/12] PCI: qcom: Define some PARF params needed for ipq8064 SoC

by Ansuel Smith

Set some specific value for Tx De-Emphasis, Tx Swing and Rx equalization needed on some ipq8064 based device (Netgear R7800 for example). Without this the system locks on kernel load. Fixes: 82a823833f4e ("PCI: qcom: Add Qualcomm PCIe controller driver") Signed-off-by: Ansuel Smith <ansuelsmth(a)gmail.com> Cc: stable(a)vger.kernel.org # v4.5+ Reviewed-by: Rob Herring <robh(a)kernel.org> --- drivers/pci/controller/dwc/pcie-qcom.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/drivers/pci/controller/dwc/pcie-qcom.c b/drivers/pci/controller/dwc/pcie-qcom.c index f2ea1ab6f584..85313493d51b 100644 --- a/drivers/pci/controller/dwc/pcie-qcom.c +++ b/drivers/pci/controller/dwc/pcie-qcom.c @@ -77,6 +77,18 @@ #define DBI_RO_WR_EN 1 #define PERST_DELAY_US 1000 +/* PARF registers */ +#define PCIE20_PARF_PCS_DEEMPH 0x34 +#define PCS_DEEMPH_TX_DEEMPH_GEN1(x) ((x) << 16) +#define PCS_DEEMPH_TX_DEEMPH_GEN2_3_5DB(x) ((x) << 8) +#define PCS_DEEMPH_TX_DEEMPH_GEN2_6DB(x) ((x) << 0) + +#define PCIE20_PARF_PCS_SWING 0x38 +#define PCS_SWING_TX_SWING_FULL(x) ((x) << 8) +#define PCS_SWING_TX_SWING_LOW(x) ((x) << 0) + +#define PCIE20_PARF_CONFIG_BITS 0x50 +#define PHY_RX0_EQ(x) ((x) << 24) #define PCIE20_v3_PARF_SLV_ADDR_SPACE_SIZE 0x358 #define SLV_ADDR_SPACE_SZ 0x10000000 @@ -293,6 +305,7 @@ static int qcom_pcie_init_2_1_0(struct qcom_pcie *pcie) struct qcom_pcie_resources_2_1_0 *res = &pcie->res.v2_1_0; struct dw_pcie *pci = pcie->pci; struct device *dev = pci->dev; + struct device_node *node = dev->of_node; u32 val; int ret; @@ -347,6 +360,17 @@ static int qcom_pcie_init_2_1_0(struct qcom_pcie *pcie) val &= ~BIT(0); writel(val, pcie->parf + PCIE20_PARF_PHY_CTRL); + if (of_device_is_compatible(node, "qcom,pcie-ipq8064")) { + writel(PCS_DEEMPH_TX_DEEMPH_GEN1(24) | + PCS_DEEMPH_TX_DEEMPH_GEN2_3_5DB(24) | + PCS_DEEMPH_TX_DEEMPH_GEN2_6DB(34), + pcie->parf + PCIE20_PARF_PCS_DEEMPH); + writel(PCS_SWING_TX_SWING_FULL(120) | + PCS_SWING_TX_SWING_LOW(120), + pcie->parf + PCIE20_PARF_PCS_SWING); + writel(PHY_RX0_EQ(4), pcie->parf + PCIE20_PARF_CONFIG_BITS); + } + /* enable external reference clock */ val = readl(pcie->parf + PCIE20_PARF_PHY_REFCLK); val |= BIT(16); -- 2.25.1

4 years, 7 months

1
0
0 0

[PATCH v6 04/12] PCI: qcom: Add missing reset for ipq806x

by Ansuel Smith

Add missing ext reset used by ipq8064 SoC in PCIe qcom driver. Fixes: 82a823833f4e ("PCI: qcom: Add Qualcomm PCIe controller driver") Signed-off-by: Sham Muthayyan <smuthayy(a)codeaurora.org> Signed-off-by: Ansuel Smith <ansuelsmth(a)gmail.com> Cc: stable(a)vger.kernel.org # v4.5+ Reviewed-by: Rob Herring <robh(a)kernel.org> Reviewed-by: Philipp Zabel <p.zabel(a)pengutronix.de> --- drivers/pci/controller/dwc/pcie-qcom.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/pci/controller/dwc/pcie-qcom.c b/drivers/pci/controller/dwc/pcie-qcom.c index 4512c2c5f61c..4dab5ef630cc 100644 --- a/drivers/pci/controller/dwc/pcie-qcom.c +++ b/drivers/pci/controller/dwc/pcie-qcom.c @@ -95,6 +95,7 @@ struct qcom_pcie_resources_2_1_0 { struct reset_control *ahb_reset; struct reset_control *por_reset; struct reset_control *phy_reset; + struct reset_control *ext_reset; struct regulator_bulk_data supplies[QCOM_PCIE_2_1_0_MAX_SUPPLY]; }; @@ -272,6 +273,10 @@ static int qcom_pcie_get_resources_2_1_0(struct qcom_pcie *pcie) if (IS_ERR(res->por_reset)) return PTR_ERR(res->por_reset); + res->ext_reset = devm_reset_control_get_optional_exclusive(dev, "ext"); + if (IS_ERR(res->ext_reset)) + return PTR_ERR(res->ext_reset); + res->phy_reset = devm_reset_control_get_exclusive(dev, "phy"); return PTR_ERR_OR_ZERO(res->phy_reset); } @@ -285,6 +290,7 @@ static void qcom_pcie_deinit_2_1_0(struct qcom_pcie *pcie) reset_control_assert(res->axi_reset); reset_control_assert(res->ahb_reset); reset_control_assert(res->por_reset); + reset_control_assert(res->ext_reset); reset_control_assert(res->phy_reset); clk_disable_unprepare(res->iface_clk); clk_disable_unprepare(res->core_clk); @@ -343,6 +349,12 @@ static int qcom_pcie_init_2_1_0(struct qcom_pcie *pcie) goto err_deassert_ahb; } + ret = reset_control_deassert(res->ext_reset); + if (ret) { + dev_err(dev, "cannot deassert ext reset\n"); + goto err_deassert_ahb; + } + /* enable PCIe clocks and resets */ val = readl(pcie->parf + PCIE20_PARF_PHY_CTRL); val &= ~BIT(0); -- 2.25.1

4 years, 7 months

1
0
0 0

[PATCH 1/3] writeback: Avoid skipping inode writeback

by Jan Kara

Inode's i_io_list list head is used to attach inode to several different lists - wb->{b_dirty, b_dirty_time, b_io, b_more_io}. When flush worker prepares a list of inodes to writeback e.g. for sync(2), it moves inodes to b_io list. Thus it is critical for sync(2) data integrity guarantees that inode is not requeued to any other writeback list when inode is queued for processing by flush worker. That's the reason why writeback_single_inode() does not touch i_io_list (unless the inode is completely clean) and why __mark_inode_dirty() does not touch i_io_list if I_SYNC flag is set. However there are two flaws in the current logic: 1) When inode has only I_DIRTY_TIME set but it is already queued in b_io list due to sync(2), concurrent __mark_inode_dirty(inode, I_DIRTY_SYNC) can still move inode back to b_dirty list resulting in skipping writeback of inode time stamps during sync(2). 2) When inode is on b_dirty_time list and writeback_single_inode() races with __mark_inode_dirty() like: writeback_single_inode() __mark_inode_dirty(inode, I_DIRTY_PAGES) inode->i_state |= I_SYNC __writeback_single_inode() inode->i_state |= I_DIRTY_PAGES; if (inode->i_state & I_SYNC) bail if (!(inode->i_state & I_DIRTY_ALL)) - not true so nothing done We end up with I_DIRTY_PAGES inode on b_dirty_time list and thus standard background writeback will not writeback this inode leading to possible dirty throttling stalls etc. (thanks to Martijn Coenen for this analysis). Fix these problems by tracking whether inode is queued in b_io or b_more_io lists in a new I_SYNC_QUEUED flag. When this flag is set, we know flush worker has queued inode and we should not touch i_io_list. On the other hand we also know that once flush worker is done with the inode it will requeue the inode to appropriate dirty list. When I_SYNC_QUEUED is not set, __mark_inode_dirty() can (and must) move inode to appropriate dirty list. Reported-by: Martijn Coenen <maco(a)android.com> Fixes: 0ae45f63d4ef ("vfs: add support for a lazytime mount option") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/fs-writeback.c | 39 +++++++++++++++++++++++++++++---------- include/linux/fs.h | 8 ++++++-- 2 files changed, 35 insertions(+), 12 deletions(-) diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c index 76ac9c7d32ec..855c6611710a 100644 --- a/fs/fs-writeback.c +++ b/fs/fs-writeback.c @@ -144,7 +144,9 @@ static void inode_io_list_del_locked(struct inode *inode, struct bdi_writeback *wb) { assert_spin_locked(&wb->list_lock); + assert_spin_locked(&inode->i_lock); + inode->i_state &= ~I_SYNC_QUEUED; list_del_init(&inode->i_io_list); wb_io_lists_depopulated(wb); } @@ -1123,7 +1125,9 @@ void inode_io_list_del(struct inode *inode) struct bdi_writeback *wb; wb = inode_to_wb_and_lock_list(inode); + spin_lock(&inode->i_lock); inode_io_list_del_locked(inode, wb); + spin_unlock(&inode->i_lock); spin_unlock(&wb->list_lock); } @@ -1172,8 +1176,9 @@ void sb_clear_inode_writeback(struct inode *inode) * the case then the inode must have been redirtied while it was being written * out and we don't reset its dirtied_when. */ -static void redirty_tail(struct inode *inode, struct bdi_writeback *wb) +static void __redirty_tail(struct inode *inode, struct bdi_writeback *wb) { + assert_spin_locked(&inode->i_lock); if (!list_empty(&wb->b_dirty)) { struct inode *tail; @@ -1182,6 +1187,14 @@ static void redirty_tail(struct inode *inode, struct bdi_writeback *wb) inode->dirtied_when = jiffies; } inode_io_list_move_locked(inode, wb, &wb->b_dirty); + inode->i_state &= ~I_SYNC_QUEUED; +} + +static void redirty_tail(struct inode *inode, struct bdi_writeback *wb) +{ + spin_lock(&inode->i_lock); + __redirty_tail(inode, wb); + spin_unlock(&inode->i_lock); } /* @@ -1250,8 +1263,11 @@ static int move_expired_inodes(struct list_head *delaying_queue, break; list_move(&inode->i_io_list, &tmp); moved++; + spin_lock(&inode->i_lock); if (flags & EXPIRE_DIRTY_ATIME) - set_bit(__I_DIRTY_TIME_EXPIRED, &inode->i_state); + inode->i_state |= I_DIRTY_TIME_EXPIRED; + inode->i_state |= I_SYNC_QUEUED; + spin_unlock(&inode->i_lock); if (sb_is_blkdev_sb(inode->i_sb)) continue; if (sb && sb != inode->i_sb) @@ -1394,7 +1410,7 @@ static void requeue_inode(struct inode *inode, struct bdi_writeback *wb, * writeback is not making progress due to locked * buffers. Skip this inode for now. */ - redirty_tail(inode, wb); + __redirty_tail(inode, wb); return; } @@ -1414,7 +1430,7 @@ static void requeue_inode(struct inode *inode, struct bdi_writeback *wb, * retrying writeback of the dirty page/inode * that cannot be performed immediately. */ - redirty_tail(inode, wb); + __redirty_tail(inode, wb); } } else if (inode->i_state & I_DIRTY) { /* @@ -1422,10 +1438,11 @@ static void requeue_inode(struct inode *inode, struct bdi_writeback *wb, * such as delayed allocation during submission or metadata * updates after data IO completion. */ - redirty_tail(inode, wb); + __redirty_tail(inode, wb); } else if (inode->i_state & I_DIRTY_TIME) { inode->dirtied_when = jiffies; inode_io_list_move_locked(inode, wb, &wb->b_dirty_time); + inode->i_state &= ~I_SYNC_QUEUED; } else { /* The inode is clean. Remove from writeback lists. */ inode_io_list_del_locked(inode, wb); @@ -1669,8 +1686,9 @@ static long writeback_sb_inodes(struct super_block *sb, */ spin_lock(&inode->i_lock); if (inode->i_state & (I_NEW | I_FREEING | I_WILL_FREE)) { + inode->i_state &= ~I_SYNC_QUEUED; + __redirty_tail(inode, wb); spin_unlock(&inode->i_lock); - redirty_tail(inode, wb); continue; } if ((inode->i_state & I_SYNC) && wbc.sync_mode != WB_SYNC_ALL) { @@ -2289,11 +2307,12 @@ void __mark_inode_dirty(struct inode *inode, int flags) inode->i_state |= flags; /* - * If the inode is being synced, just update its dirty state. - * The unlocker will place the inode on the appropriate - * superblock list, based upon its state. + * If the inode is queued for writeback by flush worker, just + * update its dirty state. Once the flush worker is done with + * the inode it will place it on the appropriate superblock + * list, based upon its state. */ - if (inode->i_state & I_SYNC) + if (inode->i_state & I_SYNC_QUEUED) goto out_unlock_inode; /* diff --git a/include/linux/fs.h b/include/linux/fs.h index 45cc10cdf6dd..b02290d19edd 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2156,6 +2156,10 @@ static inline void kiocb_clone(struct kiocb *kiocb, struct kiocb *kiocb_src, * * I_CREATING New object's inode in the middle of setting up. * + * I_SYNC_QUEUED Inode is queued in b_io or b_more_io writeback lists. + * Used to detect that mark_inode_dirty() should not move + * inode between dirty lists. + * * Q: What is the difference between I_WILL_FREE and I_FREEING? */ #define I_DIRTY_SYNC (1 << 0) @@ -2173,11 +2177,11 @@ static inline void kiocb_clone(struct kiocb *kiocb, struct kiocb *kiocb_src, #define I_DIO_WAKEUP (1 << __I_DIO_WAKEUP) #define I_LINKABLE (1 << 10) #define I_DIRTY_TIME (1 << 11) -#define __I_DIRTY_TIME_EXPIRED 12 -#define I_DIRTY_TIME_EXPIRED (1 << __I_DIRTY_TIME_EXPIRED) +#define I_DIRTY_TIME_EXPIRED (1 << 12) #define I_WB_SWITCH (1 << 13) #define I_OVL_INUSE (1 << 14) #define I_CREATING (1 << 15) +#define I_SYNC_QUEUED (1 << 16) #define I_DIRTY_INODE (I_DIRTY_SYNC | I_DIRTY_DATASYNC) #define I_DIRTY (I_DIRTY_INODE | I_DIRTY_PAGES) -- 2.16.4

4 years, 7 months

3
3
0 0

[PATCH v2] KVM: x86: respect singlestep when emulating instruction

by Felipe Franciosi

When userspace configures KVM_GUESTDBG_SINGLESTEP, KVM will manage the presence of X86_EFLAGS_TF via kvm_set/get_rflags on vcpus. The actual rflag bit is therefore hidden from callers. That includes init_emulate_ctxt() which uses the value returned from kvm_get_flags() to set ctxt->tf. As a result, x86_emulate_instruction() will skip a single step, leaving singlestep_rip stale and not returning to userspace. This resolves the issue by observing the vcpu guest_debug configuration alongside ctxt->tf in x86_emulate_instruction(), performing the single step if set. Signed-off-by: Felipe Franciosi <felipe(a)nutanix.com> --- arch/x86/kvm/x86.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index c17e6eb9ad43..64cb183636da 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -6919,7 +6919,7 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, if (!ctxt->have_exception || exception_type(ctxt->exception.vector) == EXCPT_TRAP) { kvm_rip_write(vcpu, ctxt->eip); - if (r && ctxt->tf) + if (r && (ctxt->tf || (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP))) r = kvm_vcpu_do_singlestep(vcpu); if (kvm_x86_ops.update_emulated_instruction) kvm_x86_ops.update_emulated_instruction(vcpu); -- 2.20.1

4 years, 7 months

2
1
0 0

[PATCH] dma-buf: Move dma_buf_release() from fops to dentry_ops

by Sumit Semwal

Charan Teja reported a 'use-after-free' in dmabuffs_dname [1], which happens if the dma_buf_release() is called while the userspace is accessing the dma_buf pseudo fs's dmabuffs_dname() in another process, and dma_buf_release() releases the dmabuf object when the last reference to the struct file goes away. I discussed with Arnd Bergmann, and he suggested that rather than tying the dma_buf_release() to the file_operations' release(), we can tie it to the dentry_operations' d_release(), which will be called when the last ref to the dentry is removed. The path exercised by __fput() calls f_op->release() first, and then calls dput, which eventually calls d_op->d_release(). In the 'normal' case, when no userspace access is happening via dma_buf pseudo fs, there should be exactly one fd, file, dentry and inode, so closing the fd will kill of everything right away. In the presented case, the dentry's d_release() will be called only when the dentry's last ref is released. Therefore, lets move dma_buf_release() from fops->release() to d_ops->d_release(). Many thanks to Arnd for his FS insights :) [1]: https://lore.kernel.org/patchwork/patch/1238278/ Fixes: bb2bb9030425 ("dma-buf: add DMA_BUF_SET_NAME ioctls") Reported-by: syzbot+3643a18836bce555bff6(a)syzkaller.appspotmail.com Cc: <stable(a)vger.kernel.org> [5.3+] Cc: Arnd Bergmann <arnd(a)arndb.de> Reported-by: Charan Teja Reddy <charante(a)codeaurora.org> Signed-off-by: Sumit Semwal <sumit.semwal(a)linaro.org> --- drivers/dma-buf/dma-buf.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index 01ce125f8e8d..92ba4b6ef3e7 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -54,8 +54,11 @@ static char *dmabuffs_dname(struct dentry *dentry, char *buffer, int buflen) dentry->d_name.name, ret > 0 ? name : ""); } +static void dma_buf_release(struct dentry *dentry); + static const struct dentry_operations dma_buf_dentry_ops = { .d_dname = dmabuffs_dname, + .d_release = dma_buf_release, }; static struct vfsmount *dma_buf_mnt; @@ -77,14 +80,14 @@ static struct file_system_type dma_buf_fs_type = { .kill_sb = kill_anon_super, }; -static int dma_buf_release(struct inode *inode, struct file *file) +static void dma_buf_release(struct dentry *dentry) { struct dma_buf *dmabuf; - if (!is_dma_buf_file(file)) - return -EINVAL; + if (dentry->d_op != &dma_buf_dentry_ops) + return; - dmabuf = file->private_data; + dmabuf = dentry->d_fsdata; BUG_ON(dmabuf->vmapping_counter); @@ -110,7 +113,6 @@ static int dma_buf_release(struct inode *inode, struct file *file) module_put(dmabuf->owner); kfree(dmabuf->name); kfree(dmabuf); - return 0; } static int dma_buf_mmap_internal(struct file *file, struct vm_area_struct *vma) @@ -412,7 +414,6 @@ static void dma_buf_show_fdinfo(struct seq_file *m, struct file *file) } static const struct file_operations dma_buf_fops = { - .release = dma_buf_release, .mmap = dma_buf_mmap_internal, .llseek = dma_buf_llseek, .poll = dma_buf_poll, -- 2.27.0

4 years, 7 months

2
2
0 0

[PATCH 4.19 00/28] 4.19.127-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.127 release. There are 28 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 07 Jun 2020 13:54:56 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.127-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.127-rc1 Dinghao Liu <dinghao.liu(a)zju.edu.cn> net: smsc911x: Fix runtime PM imbalance on error Jonathan McDowell <noodles(a)earth.li> net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x Valentin Longchamp <valentin(a)longchamp.me> net/ethernet/freescale: rework quiesce/activate for ucc_geth Chaitanya Kulkarni <chaitanya.kulkarni(a)wdc.com> null_blk: return error for invalid zone size Gerald Schaefer <gerald.schaefer(a)de.ibm.com> s390/mm: fix set_huge_pte_at() for empty ptes Jan Schmidt <jan(a)centricular.com> drm/edid: Add Oculus Rift S to non-desktop list Jeremy Kerr <jk(a)ozlabs.org> net: bmac: Fix read of MAC address from ROM Nathan Chancellor <natechancellor(a)gmail.com> x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables Atsushi Nemoto <atsushi.nemoto(a)sord.co.jp> i2c: altera: Fix race between xfer_msg and isr thread Madhuparna Bhowmik <madhuparnabhowmik10(a)gmail.com> evm: Fix RCU list related warnings Vineet Gupta <vgupta(a)synopsys.com> ARC: [plat-eznps]: Restrict to CONFIG_ISA_ARCOMPACT Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> ARC: Fix ICCM & DCCM runtime size checks Vasily Gorbik <gor(a)linux.ibm.com> s390/ftrace: save traced function caller Xinwei Kong <kong.kongxinwei(a)hisilicon.com> spi: dw: use "smp_mb()" to avoid sending spi data error Anju T Sudhakar <anju(a)linux.vnet.ibm.com> powerpc/powernv: Avoid re-registration of imc debugfs directory Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Check sas_port before using it Lucas De Marchi <lucas.demarchi(a)intel.com> drm/i915: fix port checks for MST support on gen >= 11 Dan Carpenter <dan.carpenter(a)oracle.com> airo: Fix read overflows sending packets DENG Qingfang <dqfext(a)gmail.com> net: dsa: mt7530: set CPU port to fallback mode Can Guo <cang(a)codeaurora.org> scsi: ufs: Release clock if DMA map fails Jérôme Pouiller <jerome.pouiller(a)silabs.com> mmc: fix compilation of user API Daniel Axtens <dja(a)axtens.net> kernel/relay.c: handle alloc_percpu returning NULL in relay_open Giuseppe Marco Randazzo <gmrandazzo(a)gmail.com> p54usb: add AirVasT USB stick device-id Julian Sax <jsbc(a)gmx.de> HID: i2c-hid: add Schneider SCL142ALM to descriptor override Scott Shumate <scott.shumate(a)gmail.com> HID: sony: Fix for broken buttons on DS3 USB dongles Fan Yang <Fan_Yang(a)sjtu.edu.cn> mm: Fix mremap not considering huge pmd devmap Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> libnvdimm: Fix endian conversion issues Tejun Heo <tj(a)kernel.org> Revert "cgroup: Add memory barriers to plug cgroup_rstat_updated() race window" ------------- Diffstat: Makefile | 4 +-- arch/arc/kernel/setup.c | 5 +-- arch/arc/plat-eznps/Kconfig | 1 + arch/powerpc/platforms/powernv/opal-imc.c | 39 +++++++++------------- arch/s390/kernel/mcount.S | 1 + arch/s390/mm/hugetlbpage.c | 9 +++-- arch/x86/include/asm/pgtable.h | 1 + arch/x86/mm/mmio-mod.c | 4 +-- drivers/block/null_blk_zoned.c | 4 +++ drivers/gpu/drm/drm_edid.c | 3 +- drivers/gpu/drm/i915/intel_dp.c | 7 ++-- drivers/gpu/drm/i915/intel_dp_mst.c | 22 ++++++++---- drivers/hid/hid-sony.c | 17 ++++++++++ drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c | 8 +++++ drivers/i2c/busses/i2c-altera.c | 10 +++++- drivers/net/dsa/mt7530.c | 11 ++++-- drivers/net/dsa/mt7530.h | 6 ++++ drivers/net/ethernet/apple/bmac.c | 2 +- drivers/net/ethernet/freescale/ucc_geth.c | 13 ++++---- drivers/net/ethernet/smsc/smsc911x.c | 9 ++--- .../net/ethernet/stmicro/stmmac/dwmac-ipq806x.c | 13 ++++++++ drivers/net/wireless/cisco/airo.c | 12 +++++++ drivers/net/wireless/intersil/p54/p54usb.c | 1 + drivers/nvdimm/btt.c | 8 ++--- drivers/nvdimm/namespace_devs.c | 7 ++-- drivers/scsi/hisi_sas/hisi_sas_main.c | 3 +- drivers/scsi/ufs/ufshcd.c | 1 + drivers/spi/spi-dw.c | 3 ++ include/uapi/linux/mmc/ioctl.h | 1 + kernel/cgroup/rstat.c | 16 ++------- kernel/relay.c | 5 +++ mm/mremap.c | 2 +- security/integrity/evm/evm_crypto.c | 2 +- security/integrity/evm/evm_main.c | 4 +-- security/integrity/evm/evm_secfs.c | 9 ++++- 35 files changed, 178 insertions(+), 85 deletions(-)

4 years, 7 months

8
37
0 0

[PATCH 1/2] KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts

by Marc Zyngier

AArch32 CP1x registers are overlayed on their AArch64 counterparts in the vcpu struct. This leads to an interesting problem as they are stored in their CPU-local format, and thus a CP1x register doesn't "hit" the lower 32bit portion of the AArch64 register on a BE host. To workaround this unfortunate situation, introduce a bias trick in the vcpu_cp1x() accessors which picks the correct half of the 64bit register. Cc: stable(a)vger.kernel.org Reported-by: James Morse <james.morse(a)arm.com> Signed-off-by: Marc Zyngier <maz(a)kernel.org> --- arch/arm64/include/asm/kvm_host.h | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 59029e90b557..e80c0e06f235 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -404,8 +404,14 @@ void vcpu_write_sys_reg(struct kvm_vcpu *vcpu, u64 val, int reg); * CP14 and CP15 live in the same array, as they are backed by the * same system registers. */ -#define vcpu_cp14(v,r) ((v)->arch.ctxt.copro[(r)]) -#define vcpu_cp15(v,r) ((v)->arch.ctxt.copro[(r)]) +#ifdef CPU_BIG_ENDIAN +#define CPx_OFFSET 1 +#else +#define CPx_OFFSET 0 +#endif + +#define vcpu_cp14(v,r) ((v)->arch.ctxt.copro[(r) ^ CPx_OFFSET]) +#define vcpu_cp15(v,r) ((v)->arch.ctxt.copro[(r) ^ CPx_OFFSET]) struct kvm_vm_stat { ulong remote_tlb_flush; -- 2.26.2

4 years, 7 months

3
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror June 2020