July 2020 - Linux-stable-mirror

[PATCH 1/2] drm/i915/gem: Serialise debugfs i915_gem_objects with ctx->mutex

by Chris Wilson

Since the debugfs may peek into the GEM contexts as the corresponding client/fd is being closed, we may try and follow a dangling pointer. However, the context closure itself is serialised with the ctx->mutex, so if we hold that mutex as we inspect the state coupled in the context, we know the pointers within the context are stable and will remain valid as we inspect their tables. Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: CQ Tang <cq.tang(a)intel.com> Cc: Daniel Vetter <daniel.vetter(a)intel.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/i915_debugfs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c index 784219962193..ea469168cd44 100644 --- a/drivers/gpu/drm/i915/i915_debugfs.c +++ b/drivers/gpu/drm/i915/i915_debugfs.c @@ -326,6 +326,7 @@ static void print_context_stats(struct seq_file *m, } i915_gem_context_unlock_engines(ctx); + mutex_lock(&ctx->mutex); if (!IS_ERR_OR_NULL(ctx->file_priv)) { struct file_stats stats = { .vm = rcu_access_pointer(ctx->vm), @@ -346,6 +347,7 @@ static void print_context_stats(struct seq_file *m, print_file_stats(m, name, stats); } + mutex_unlock(&ctx->mutex); spin_lock(&i915->gem.contexts.lock); list_safe_reset_next(ctx, cn, link); -- 2.20.1

4 years, 5 months

1
0
0 0

[PATCH] bcache: use disk_{start, end}_io_acct() to count I/O for bcache device

by colyli＠suse.de

From: Coly Li <colyli(a)suse.de> This patch is a fix to patch "bcache: fix bio_{start,end}_io_acct with proper device". The previous patch uses a hack to temporarily set bi_disk to bcache device, which is mistaken too. As Christoph suggests, this patch uses disk_{start,end}_io_acct() to count I/O for bcache device in the correct way. Fixes: 85750aeb748f ("bcache: use bio_{start,end}_io_acct") Signed-off-by: Coly Li <colyli(a)suse.de> Cc: Christoph Hellwig <hch(a)lst.de> Cc: stable(a)vger.kernel.org --- drivers/md/bcache/request.c | 37 +++++++++---------------------------- 1 file changed, 9 insertions(+), 28 deletions(-) diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c index 8ea0f079c1d0..9cc044293acd 100644 --- a/drivers/md/bcache/request.c +++ b/drivers/md/bcache/request.c @@ -617,28 +617,6 @@ static void cache_lookup(struct closure *cl) /* Common code for the make_request functions */ -static inline void bch_bio_start_io_acct(struct gendisk *acct_bi_disk, - struct bio *bio, - unsigned long *start_time) -{ - struct gendisk *saved_bi_disk = bio->bi_disk; - - bio->bi_disk = acct_bi_disk; - *start_time = bio_start_io_acct(bio); - bio->bi_disk = saved_bi_disk; -} - -static inline void bch_bio_end_io_acct(struct gendisk *acct_bi_disk, - struct bio *bio, - unsigned long start_time) -{ - struct gendisk *saved_bi_disk = bio->bi_disk; - - bio->bi_disk = acct_bi_disk; - bio_end_io_acct(bio, start_time); - bio->bi_disk = saved_bi_disk; -} - static void request_endio(struct bio *bio) { struct closure *cl = bio->bi_private; @@ -690,7 +668,9 @@ static void backing_request_endio(struct bio *bio) static void bio_complete(struct search *s) { if (s->orig_bio) { - bch_bio_end_io_acct(s->d->disk, s->orig_bio, s->start_time); + /* Count on bcache device */ + disk_end_io_acct(s->d->disk, bio_op(s->orig_bio), s->start_time); + trace_bcache_request_end(s->d, s->orig_bio); s->orig_bio->bi_status = s->iop.status; bio_endio(s->orig_bio); @@ -750,8 +730,8 @@ static inline struct search *search_alloc(struct bio *bio, s->recoverable = 1; s->write = op_is_write(bio_op(bio)); s->read_dirty_data = 0; - bch_bio_start_io_acct(d->disk, bio, &s->start_time); - + /* Count on the bcache device */ + s->start_time = disk_start_io_acct(d->disk, bio_sectors(bio), bio_op(bio)); s->iop.c = d->c; s->iop.bio = NULL; s->iop.inode = d->id; @@ -1102,7 +1082,8 @@ static void detached_dev_end_io(struct bio *bio) bio->bi_end_io = ddip->bi_end_io; bio->bi_private = ddip->bi_private; - bch_bio_end_io_acct(ddip->d->disk, bio, ddip->start_time); + /* Count on the bcache device */ + disk_end_io_acct(ddip->d->disk, bio_op(bio), ddip->start_time); if (bio->bi_status) { struct cached_dev *dc = container_of(ddip->d, @@ -1127,8 +1108,8 @@ static void detached_dev_do_request(struct bcache_device *d, struct bio *bio) */ ddip = kzalloc(sizeof(struct detached_dev_io_private), GFP_NOIO); ddip->d = d; - bch_bio_start_io_acct(d->disk, bio, &ddip->start_time); - + /* Count on the bcache device */ + ddip->start_time = disk_start_io_acct(d->disk, bio_sectors(bio), bio_op(bio)); ddip->bi_end_io = bio->bi_end_io; ddip->bi_private = bio->bi_private; bio->bi_end_io = detached_dev_end_io; -- 2.26.2

4 years, 5 months

3
2
0 0

[PATCH 4.19 00/85] 4.19.135-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.135 release. There are 85 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 30 Jul 2020 15:01:05 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.135-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.135-rc2 Mark O'Donovan <shiftee(a)posteo.net> ath9k: Fix regression with Atheros 9271 Qiujun Huang <hqjagain(a)gmail.com> ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb Mikulas Patocka <mpatocka(a)redhat.com> dm integrity: fix integrity recalculation that is improperly skipped Geert Uytterhoeven <geert(a)linux-m68k.org> ASoC: qcom: Drop HAS_DMA dependency to fix link failure Hans de Goede <hdegoede(a)redhat.com> ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 Joerg Roedel <jroedel(a)suse.de> x86, vmlinux.lds: Page-align end of ..page_aligned sections John David Anglin <dave.anglin(a)bell.net> parisc: Add atomic64_set_release() define to avoid CPU soft lockups Qiu Wenbo <qiuwenbo(a)phytium.com.cn> drm/amd/powerplay: fix a crash when overclocking Vega M Paweł Gronowski <me(a)woland.xyz> drm/amdgpu: Fix NULL dereference in dpm sysfs handlers Michael J. Ruhl <michael.j.ruhl(a)intel.com> io-mapping: indicate mapping failure Muchun Song <songmuchun(a)bytedance.com> mm: memcg/slab: fix memory leak at non-root kmem_cache destroy Hugh Dickins <hughd(a)google.com> mm/memcg: fix refcount error while moving and swapping Fangrui Song <maskray(a)google.com> Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> vt: Reject zero-sized screen buffer size. Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. Serge Semin <Sergey.Semin(a)baikalelectronics.ru> serial: 8250_mtk: Fix high-speed baud rates clamping Yang Yingliang <yangyingliang(a)huawei.com> serial: 8250: fix null-ptr-deref in serial8250_start_tx() Ian Abbott <abbotti(a)mev.co.uk> staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift Ian Abbott <abbotti(a)mev.co.uk> staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift Ian Abbott <abbotti(a)mev.co.uk> staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support Ian Abbott <abbotti(a)mev.co.uk> staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift Rustam Kovhaev <rkovhaev(a)gmail.com> staging: wlan-ng: properly check endpoint types Steve French <stfrench(a)microsoft.com> Revert "cifs: Fix the target file was deleted when rename failed." Forest Crossman <cyrozap(a)gmail.com> usb: xhci: Fix ASM2142/ASM3142 DMA addressing Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: xhci-mtk: fix the failure of bandwidth allocation Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> binder: Don't use mmput() from shrinker function. Palmer Dabbelt <palmerdabbelt(a)google.com> RISC-V: Upgrade smp_mb__after_spinlock() to iorw,iorw Arnd Bergmann <arnd(a)arndb.de> x86: math-emu: Fix up 'cmp' insn for clang ias Will Deacon <will(a)kernel.org> arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP Cristian Marussi <cristian.marussi(a)arm.com> hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe() Chu Lin <linchuyuan(a)google.com> hwmon: (adm1275) Make sure we are reading enough data for different chips Evgeny Novikov <novikov(a)ispras.ru> usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() Ilya Katsnelson <me(a)0upti.me> Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen Leonid Ravich <Leonid.Ravich(a)emc.com> dmaengine: ioat setting ioat timeout as module parameter Evgeny Novikov <novikov(a)ispras.ru> hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow Marc Kleine-Budde <mkl(a)pengutronix.de> regmap: dev_get_regmap_match(): fix string comparison leilk.liu <leilk.liu(a)mediatek.com> spi: mediatek: use correct SPI_CFG2_REG MACRO Merlijn Wajer <merlijn(a)wizzup.org> Input: add `SW_MACHINE_COVER` Dinghao Liu <dinghao.liu(a)zju.edu.cn> dmaengine: tegra210-adma: Fix runtime PM imbalance on error Hans de Goede <hdegoede(a)redhat.com> HID: apple: Disable Fn-key key-re-mapping on clone keyboards Rodrigo Rivas Costa <rodrigorivascosta(a)gmail.com> HID: steam: fixes race in handling device list. Caiyuan Xie <caiyuan.xie(a)cn.alps.com> HID: alps: support devices with report id 2 Federico Ricchiuto <fed.ricchiuto(a)gmail.com> HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override Stefano Garzarella <sgarzare(a)redhat.com> scripts/gdb: fix lx-symbols 'gdb.error' while loading modules Pi-Hsun Shih <pihsun(a)chromium.org> scripts/decode_stacktrace: strip basepath from all paths Matthew Howell <matthew.howell(a)sealevel.com> serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X Cong Wang <xiyou.wangcong(a)gmail.com> bonding: check return value of register_netdevice() in bond_newlink() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: always clear ICSAR to avoid side effects Wang Hai <wanghai38(a)huawei.com> net: ethernet: ave: Fix error returns in ave_init guodeqing <geffrey.guo(a)huawei.com> ipvs: fix the connection sync failed in some cases Alexander Lobakin <alobakin(a)marvell.com> qed: suppress "don't support RoCE & iWARP" flooding on HW init Liu Jian <liujian56(a)huawei.com> mlxsw: destroy workqueue when trap_register in mlxsw_emad_init Taehee Yoo <ap420073(a)gmail.com> bonding: check error value of register_netdevice() immediately Wang Hai <wanghai38(a)huawei.com> net: smc91x: Fix possible memory leak in smc_drv_probe() Chen-Yu Tsai <wens(a)csie.org> drm: sun4i: hdmi: Fix inverted HPD result Liu Jian <liujian56(a)huawei.com> ieee802154: fix one possible memleak in adf7242_probe Sergey Organov <sorganov(a)gmail.com> net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration George Kennedy <george.kennedy(a)oracle.com> ax88172a: fix ax88172a_unbind() failures Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path Matthew Gerlach <matthew.gerlach(a)linux.intel.com> fpga: dfl: fix bug in port reset handshake Vasundhara Volam <vasundhara-v.volam(a)broadcom.com> bnxt_en: Fix race when modifying pause settings. Robbie Ko <robbieko(a)synology.com> btrfs: fix page leaks after failure to lock page for delalloc Boris Burkov <boris(a)bur.io> btrfs: fix mount failure caused by race with umount Filipe Manana <fdmanana(a)suse.com> btrfs: fix double free on ulist after backref resolution failure Hans de Goede <hdegoede(a)redhat.com> ASoC: rt5670: Correct RT5670_LDO_SEL_MASK Takashi Iwai <tiwai(a)suse.de> ALSA: info: Drop WARN_ON() from buffer NULL sanity check Oleg Nesterov <oleg(a)redhat.com> uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression Yang Yingliang <yangyingliang(a)huawei.com> IB/umem: fix reference count leak in ib_umem_odp_get() Jon Maloy <jon.maloy(a)ericsson.com> tipc: clean up skb list lock handling on send path Vladimir Oltean <olteanv(a)gmail.com> spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours Olga Kornievskaia <kolga(a)netapp.com> SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion") Thomas Gleixner <tglx(a)linutronix.de> irqdomain/treewide: Keep firmware node unconditionally allocated Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix weird page warning Gavin Shan <gshan(a)redhat.com> drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups() Ben Skeggs <bskeggs(a)redhat.com> drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout Tom Rix <trix(a)redhat.com> net: sky2: initialize return of gm_phy_read Xie He <xie.he.0141(a)gmail.com> drivers/net/wan/lapbether: Fixed the value of hard_header_len Max Filippov <jcmvbkbc(a)gmail.com> xtensa: update *pos in cpuinfo_op.next Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix __sync_fetch_and_{and,or}_4 declarations Tom Rix <trix(a)redhat.com> scsi: scsi_transport_spi: Fix function pointer check Markus Theil <markus.theil(a)tu-ilmenau.de> mac80211: allow rx of mesh eapol frames with default rx key Jacky Hu <hengqing.hu(a)gmail.com> pinctrl: amd: fix npins for uart0 in kerncz_groups Navid Emamdoost <navid.emamdoost(a)gmail.com> gpio: arizona: put pm_runtime in case of failure Navid Emamdoost <navid.emamdoost(a)gmail.com> gpio: arizona: handle pm_runtime_get_sync failure case Douglas Anderson <dianders(a)chromium.org> soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner ------------- Diffstat: Makefile | 6 +- arch/arm64/kernel/debug-monitors.c | 4 +- arch/parisc/include/asm/atomic.h | 2 + arch/riscv/include/asm/barrier.h | 10 ++- arch/x86/kernel/apic/io_apic.c | 10 +-- arch/x86/kernel/apic/msi.c | 18 ++++-- arch/x86/kernel/apic/vector.c | 1 - arch/x86/kernel/vmlinux.lds.S | 1 + arch/x86/math-emu/wm_sqrt.S | 2 +- arch/x86/platform/uv/uv_irq.c | 3 +- arch/xtensa/kernel/setup.c | 3 +- arch/xtensa/kernel/xtensa_ksyms.c | 4 +- drivers/android/binder_alloc.c | 2 +- drivers/base/regmap/regmap.c | 2 +- drivers/dma/ioat/dma.c | 12 ++++ drivers/dma/ioat/dma.h | 2 - drivers/dma/tegra210-adma.c | 5 +- drivers/firmware/psci_checker.c | 5 +- drivers/fpga/dfl-afu-main.c | 3 +- drivers/gpio/gpio-arizona.c | 7 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 9 +-- .../gpu/drm/amd/powerplay/smumgr/vegam_smumgr.c | 10 +-- drivers/gpu/drm/nouveau/nvkm/subdev/i2c/auxg94.c | 4 +- drivers/gpu/drm/nouveau/nvkm/subdev/i2c/auxgm200.c | 4 +- drivers/gpu/drm/sun4i/sun4i_hdmi_enc.c | 2 +- drivers/hid/hid-alps.c | 2 + drivers/hid/hid-apple.c | 18 ++++++ drivers/hid/hid-steam.c | 6 +- drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c | 8 +++ drivers/hwmon/aspeed-pwm-tacho.c | 2 + drivers/hwmon/pmbus/adm1275.c | 10 ++- drivers/hwmon/scmi-hwmon.c | 2 +- drivers/i2c/busses/i2c-rcar.c | 3 + drivers/infiniband/core/umem_odp.c | 3 +- drivers/input/mouse/synaptics.c | 1 + drivers/iommu/amd_iommu.c | 5 +- drivers/iommu/intel_irq_remapping.c | 2 +- drivers/md/dm-integrity.c | 4 +- drivers/md/dm.c | 17 ++++++ drivers/net/bonding/bond_main.c | 10 ++- drivers/net/bonding/bond_netlink.c | 3 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 5 +- drivers/net/ethernet/marvell/sky2.c | 2 +- drivers/net/ethernet/mellanox/mlxsw/core.c | 3 +- drivers/net/ethernet/qlogic/qed/qed_cxt.c | 4 +- drivers/net/ethernet/smsc/smc91x.c | 4 +- drivers/net/ethernet/socionext/sni_ave.c | 2 +- drivers/net/hippi/rrunner.c | 2 +- drivers/net/ieee802154/adf7242.c | 4 +- drivers/net/phy/dp83640.c | 4 ++ drivers/net/usb/ax88172a.c | 1 + drivers/net/wan/lapbether.c | 9 ++- drivers/net/wireless/ath/ath9k/hif_usb.c | 52 ++++++++++++---- drivers/net/wireless/ath/ath9k/hif_usb.h | 5 ++ drivers/pci/controller/vmd.c | 5 +- drivers/pinctrl/pinctrl-amd.h | 2 +- drivers/scsi/scsi_transport_spi.c | 2 +- drivers/soc/qcom/rpmh.c | 8 +-- drivers/spi/spi-fsl-dspi.c | 4 +- drivers/spi/spi-mt65xx.c | 15 ++--- drivers/staging/comedi/drivers/addi_apci_1032.c | 20 ++++-- drivers/staging/comedi/drivers/addi_apci_1500.c | 24 ++++++-- drivers/staging/comedi/drivers/addi_apci_1564.c | 20 ++++-- drivers/staging/comedi/drivers/ni_6527.c | 2 +- drivers/staging/wlan-ng/prism2usb.c | 16 ++++- drivers/tty/serial/8250/8250_core.c | 2 +- drivers/tty/serial/8250/8250_exar.c | 12 +++- drivers/tty/serial/8250/8250_mtk.c | 18 ++++++ drivers/tty/vt/vt.c | 29 +++++---- drivers/usb/gadget/udc/gr_udc.c | 7 ++- drivers/usb/host/xhci-mtk-sch.c | 4 ++ drivers/usb/host/xhci-pci.c | 3 + drivers/video/fbdev/core/bitblit.c | 4 +- drivers/video/fbdev/core/fbcon_ccw.c | 4 +- drivers/video/fbdev/core/fbcon_cw.c | 4 +- drivers/video/fbdev/core/fbcon_ud.c | 4 +- fs/btrfs/backref.c | 1 + fs/btrfs/extent_io.c | 3 +- fs/btrfs/volumes.c | 8 +++ fs/cifs/inode.c | 10 +-- fs/fuse/dev.c | 3 +- fs/nfs/direct.c | 13 ++-- fs/nfs/file.c | 1 - include/asm-generic/vmlinux.lds.h | 5 +- include/linux/device-mapper.h | 1 + include/linux/io-mapping.h | 5 +- include/linux/mod_devicetable.h | 2 +- include/sound/rt5670.h | 1 + include/uapi/linux/input-event-codes.h | 3 +- kernel/events/uprobes.c | 2 +- mm/memcontrol.c | 4 +- mm/slab_common.c | 37 ++++++++--- net/mac80211/rx.c | 26 ++++++++ net/netfilter/ipvs/ip_vs_sync.c | 12 ++-- net/tipc/bcast.c | 8 +-- net/tipc/group.c | 4 +- net/tipc/link.c | 12 ++-- net/tipc/node.c | 7 ++- net/tipc/socket.c | 12 ++-- scripts/decode_stacktrace.sh | 4 +- scripts/gdb/linux/symbols.py | 2 +- sound/core/info.c | 4 +- sound/soc/codecs/rt5670.c | 71 +++++++++++++++++----- sound/soc/codecs/rt5670.h | 2 +- sound/soc/qcom/Kconfig | 2 +- 105 files changed, 573 insertions(+), 225 deletions(-)

4 years, 5 months

1
0
0 0

[PATCH 1/2] nvme-tcp: use sendpage_ok() to check page for kernel_sendpage()

by Coly Li

Currently nvme_tcp_try_send_data() doesn't use kernel_sendpage() to send slab pages. But for pages allocated by __get_free_pages() without __GFP_COMP, which also have refcount as 0, they are still sent by kernel_sendpage() to remote end, this is problematic. When bcache uses a remote NVMe SSD via nvme-over-tcp as its cache device, writing meta data e.g. cache_set->disk_buckets to remote SSD may trigger a kernel panic due to the above problem. Bcause the meta data pages for cache_set->disk_buckets are allocated by __get_free_pages() without __GFP_COMP. This problem should be fixed both in upper layer driver (bcache) and nvme-over-tcp code. This patch fixes the nvme-over-tcp code by checking whether the page refcount is 0, if yes then don't use kernel_sendpage() and call sock_no_sendpage() to send the page into network stack. Such check is done by macro sendpage_ok() in this patch, which is defined in include/linux/net.h as, (!PageSlab(page) && page_count(page) >= 1) If sendpage_ok() returns false, sock_no_sendpage() will handle the page other than kernel_sendpage(). The code comments in this patch is copied and modified from drbd where the similar problem already gets solved by Philipp Reisner. This is the best code comment including my own version. Signed-off-by: Coly Li <colyli(a)suse.de> Cc: Chaitanya Kulkarni <chaitanya.kulkarni(a)wdc.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Hannes Reinecke <hare(a)suse.de> Cc: Jan Kara <jack(a)suse.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: Mikhail Skorzhinskii <mskorzhinskiy(a)solarflare.com> Cc: Philipp Reisner <philipp.reisner(a)linbit.com> Cc: Sagi Grimberg <sagi(a)grimberg.me> Cc: Vlastimil Babka <vbabka(a)suse.com> Cc: stable(a)vger.kernel.org --- Changelog: v3: introduce a more common name sendpage_ok() for the open coded check v2: fix typo in patch subject. v1: the initial version. drivers/nvme/host/tcp.c | 13 +++++++++++-- include/linux/net.h | 2 ++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c index 79ef2b8e2b3c..f9952f6d94b9 100644 --- a/drivers/nvme/host/tcp.c +++ b/drivers/nvme/host/tcp.c @@ -887,8 +887,17 @@ static int nvme_tcp_try_send_data(struct nvme_tcp_request *req) else flags |= MSG_MORE | MSG_SENDPAGE_NOTLAST; - /* can't zcopy slab pages */ - if (unlikely(PageSlab(page))) { + /* + * e.g. XFS meta- & log-data is in slab pages, or bcache meta + * data pages, or other high order pages allocated by + * __get_free_pages() without __GFP_COMP, which have a page_count + * of 0 and/or have PageSlab() set. We cannot use send_page for + * those, as that does get_page(); put_page(); and would cause + * either a VM_BUG directly, or __page_cache_release a page that + * would actually still be referenced by someone, leading to some + * obscure delayed Oops somewhere else. + */ + if (unlikely(!sendpage_ok(page))) { ret = sock_no_sendpage(queue->sock, page, offset, len, flags); } else { diff --git a/include/linux/net.h b/include/linux/net.h index 016a9c5faa34..41e5d2898e97 100644 --- a/include/linux/net.h +++ b/include/linux/net.h @@ -290,6 +290,8 @@ do { \ #define net_get_random_once_wait(buf, nbytes) \ get_random_once_wait((buf), (nbytes)) +#define sendpage_ok(page) (!PageSlab(page) && page_count(page) >= 1) + int kernel_sendmsg(struct socket *sock, struct msghdr *msg, struct kvec *vec, size_t num, size_t len); int kernel_sendmsg_locked(struct sock *sk, struct msghdr *msg, -- 2.26.2

4 years, 5 months

3
3
0 0

[PATCH] eeprom: at25: set minimum read/write access stride to 1

by Christian Eggers

SPI eeproms are addressed by byte. Signed-off-by: Christian Eggers <ceggers(a)arri.de> Cc: stable(a)vger.kernel.org --- drivers/misc/eeprom/at25.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/eeprom/at25.c b/drivers/misc/eeprom/at25.c index 0e7c8dc01195..4e57eb145fcc 100644 --- a/drivers/misc/eeprom/at25.c +++ b/drivers/misc/eeprom/at25.c @@ -358,7 +358,7 @@ static int at25_probe(struct spi_device *spi) at25->nvmem_config.reg_read = at25_ee_read; at25->nvmem_config.reg_write = at25_ee_write; at25->nvmem_config.priv = at25; - at25->nvmem_config.stride = 4; + at25->nvmem_config.stride = 1; at25->nvmem_config.word_size = 1; at25->nvmem_config.size = chip.byte_len; -- Christian Eggers Embedded software developer Arnold & Richter Cine Technik GmbH & Co. Betriebs KG Sitz: Muenchen - Registergericht: Amtsgericht Muenchen - Handelsregisternummer: HRA 57918 Persoenlich haftender Gesellschafter: Arnold & Richter Cine Technik GmbH Sitz: Muenchen - Registergericht: Amtsgericht Muenchen - Handelsregisternummer: HRB 54477 Geschaeftsfuehrer: Dr. Michael Neuhaeuser; Stephan Schenk; Walter Trauninger; Markus Zeiler

4 years, 5 months

2
4
0 0

[PATCH v2 1/3] KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled

by Wanpeng Li

From: Wanpeng Li <wanpengli(a)tencent.com> Prevent setting the tscdeadline timer if the lapic is hw disabled. Fixes: bce87cce88 (KVM: x86: consolidate different ways to test for in-kernel LAPIC) Cc: <stable(a)vger.kernel.org> Signed-off-by: Wanpeng Li <wanpengli(a)tencent.com> --- arch/x86/kvm/lapic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 5bf72fc..4ce2ddd 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2195,7 +2195,7 @@ void kvm_set_lapic_tscdeadline_msr(struct kvm_vcpu *vcpu, u64 data) { struct kvm_lapic *apic = vcpu->arch.apic; - if (!lapic_in_kernel(vcpu) || apic_lvtt_oneshot(apic) || + if (!kvm_apic_present(vcpu) || apic_lvtt_oneshot(apic) || apic_lvtt_period(apic)) return; -- 2.7.4

4 years, 5 months

1
0
0 0

[PATCH] media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect

by Hans de Goede

uvc_ctrl_add_info() calls uvc_ctrl_get_flags() which will override the fixed-up flags set by uvc_ctrl_fixup_xu_info(). This commit fixes this by adding a is_xu argument to uvc_ctrl_add_info() and skipping the uvc_ctrl_get_flags() call for xu ctrls. Note that the xu path has already called uvc_ctrl_get_flags() from uvc_ctrl_fill_xu_info() before calling uvc_ctrl_add_info(). This fixes the xu motor controls not working properly on a Logitech 046d:08cc, and presumably also on the other Logitech models which have a quirk for this in the uvc_ctrl_fixup_xu_info() function. Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/media/usb/uvc/uvc_ctrl.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index e399b9fad757..4bdea5814d6a 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -1815,7 +1815,7 @@ static int uvc_ctrl_fill_xu_info(struct uvc_device *dev, } static int uvc_ctrl_add_info(struct uvc_device *dev, struct uvc_control *ctrl, - const struct uvc_control_info *info); + const struct uvc_control_info *info, bool is_xu); static int uvc_ctrl_init_xu_ctrl(struct uvc_device *dev, struct uvc_control *ctrl) @@ -1830,7 +1830,7 @@ static int uvc_ctrl_init_xu_ctrl(struct uvc_device *dev, if (ret < 0) return ret; - ret = uvc_ctrl_add_info(dev, ctrl, &info); + ret = uvc_ctrl_add_info(dev, ctrl, &info, true); if (ret < 0) uvc_trace(UVC_TRACE_CONTROL, "Failed to initialize control " "%pUl/%u on device %s entity %u\n", info.entity, @@ -2009,7 +2009,7 @@ int uvc_ctrl_restore_values(struct uvc_device *dev) * Add control information to a given control. */ static int uvc_ctrl_add_info(struct uvc_device *dev, struct uvc_control *ctrl, - const struct uvc_control_info *info) + const struct uvc_control_info *info, bool is_xu) { int ret = 0; @@ -2029,7 +2029,8 @@ static int uvc_ctrl_add_info(struct uvc_device *dev, struct uvc_control *ctrl, * default flag values from the uvc_ctrl array when the device doesn't * properly implement GET_INFO on standard controls. */ - uvc_ctrl_get_flags(dev, ctrl, &ctrl->info); + if (!is_xu) + uvc_ctrl_get_flags(dev, ctrl, &ctrl->info); ctrl->initialized = 1; @@ -2252,7 +2253,7 @@ static void uvc_ctrl_init_ctrl(struct uvc_device *dev, struct uvc_control *ctrl) for (; info < iend; ++info) { if (uvc_entity_match_guid(ctrl->entity, info->entity) && ctrl->index == info->index) { - uvc_ctrl_add_info(dev, ctrl, info); + uvc_ctrl_add_info(dev, ctrl, info, false); break; } } -- 2.26.2

4 years, 5 months

3
3
0 0

[PATCH v2] KVM: arm64: Don't inherit exec permission across page-table levels

by Will Deacon

If a stage-2 page-table contains an executable, read-only mapping at the pte level (e.g. due to dirty logging being enabled), a subsequent write fault to the same page which tries to install a larger block mapping (e.g. due to dirty logging having been disabled) will erroneously inherit the exec permission and consequently skip I-cache invalidation for the rest of the block. Ensure that exec permission is only inherited by write faults when the new mapping is of the same size as the existing one. A subsequent instruction abort will result in I-cache invalidation for the entire block mapping. Cc: Marc Zyngier <maz(a)kernel.org> Cc: <stable(a)vger.kernel.org> Reviewed-by: Quentin Perret <qperret(a)google.com> Tested-by: Quentin Perret <qperret(a)google.com> Signed-off-by: Will Deacon <will(a)kernel.org> --- v2: Fix pte size check and allow inheriting to smaller granule. arch/arm64/kvm/mmu.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c index 8c0035cab6b6..31058e6e7c2a 100644 --- a/arch/arm64/kvm/mmu.c +++ b/arch/arm64/kvm/mmu.c @@ -1326,7 +1326,7 @@ static bool stage2_get_leaf_entry(struct kvm *kvm, phys_addr_t addr, return true; } -static bool stage2_is_exec(struct kvm *kvm, phys_addr_t addr) +static bool stage2_is_exec(struct kvm *kvm, phys_addr_t addr, unsigned long sz) { pud_t *pudp; pmd_t *pmdp; @@ -1338,11 +1338,11 @@ static bool stage2_is_exec(struct kvm *kvm, phys_addr_t addr) return false; if (pudp) - return kvm_s2pud_exec(pudp); + return sz <= PUD_SIZE && kvm_s2pud_exec(pudp); else if (pmdp) - return kvm_s2pmd_exec(pmdp); + return sz <= PMD_SIZE && kvm_s2pmd_exec(pmdp); else - return kvm_s2pte_exec(ptep); + return sz == PAGE_SIZE && kvm_s2pte_exec(ptep); } static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache, @@ -1958,7 +1958,8 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, * execute permissions, and we preserve whatever we have. */ needs_exec = exec_fault || - (fault_status == FSC_PERM && stage2_is_exec(kvm, fault_ipa)); + (fault_status == FSC_PERM && + stage2_is_exec(kvm, fault_ipa, vma_pagesize)); if (vma_pagesize == PUD_SIZE) { pud_t new_pud = kvm_pfn_pud(pfn, mem_type); -- 2.28.0.rc0.105.gf9edc3c819-goog

4 years, 5 months

3
2
0 0

[PATCH] MIPS: qi_lb60: Fix routing to audio amplifier

by Paul Cercueil

The ROUT (right channel output of audio codec) was connected to INL (left channel of audio amplifier) instead of INR (right channel of audio amplifier). Fixes: 8ddebad15e9b ("MIPS: qi_lb60: Migrate to devicetree") Cc: stable(a)vger.kernel.org # v5.3 Signed-off-by: Paul Cercueil <paul(a)crapouillou.net> --- arch/mips/boot/dts/ingenic/qi_lb60.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/mips/boot/dts/ingenic/qi_lb60.dts b/arch/mips/boot/dts/ingenic/qi_lb60.dts index 7a371d9c5a33..eda37fb516f0 100644 --- a/arch/mips/boot/dts/ingenic/qi_lb60.dts +++ b/arch/mips/boot/dts/ingenic/qi_lb60.dts @@ -69,7 +69,7 @@ sound { "Speaker", "OUTL", "Speaker", "OUTR", "INL", "LOUT", - "INL", "ROUT"; + "INR", "ROUT"; simple-audio-card,aux-devs = <&amp>; -- 2.27.0

4 years, 5 months

2
1
0 0

[PATCH 2/2] KVM: arm64: Don't inherit exec permission across page-table levels

by Marc Zyngier

From: Will Deacon <will(a)kernel.org> If a stage-2 page-table contains an executable, read-only mapping at the pte level (e.g. due to dirty logging being enabled), a subsequent write fault to the same page which tries to install a larger block mapping (e.g. due to dirty logging having been disabled) will erroneously inherit the exec permission and consequently skip I-cache invalidation for the rest of the block. Ensure that exec permission is only inherited by write faults when the new mapping is of the same size as the existing one. A subsequent instruction abort will result in I-cache invalidation for the entire block mapping. Signed-off-by: Will Deacon <will(a)kernel.org> Signed-off-by: Marc Zyngier <maz(a)kernel.org> Tested-by: Quentin Perret <qperret(a)google.com> Reviewed-by: Quentin Perret <qperret(a)google.com> Cc: Marc Zyngier <maz(a)kernel.org> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20200723101714.15873-1-will@kernel.org --- arch/arm64/kvm/mmu.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c index 8c0035cab6b6..31058e6e7c2a 100644 --- a/arch/arm64/kvm/mmu.c +++ b/arch/arm64/kvm/mmu.c @@ -1326,7 +1326,7 @@ static bool stage2_get_leaf_entry(struct kvm *kvm, phys_addr_t addr, return true; } -static bool stage2_is_exec(struct kvm *kvm, phys_addr_t addr) +static bool stage2_is_exec(struct kvm *kvm, phys_addr_t addr, unsigned long sz) { pud_t *pudp; pmd_t *pmdp; @@ -1338,11 +1338,11 @@ static bool stage2_is_exec(struct kvm *kvm, phys_addr_t addr) return false; if (pudp) - return kvm_s2pud_exec(pudp); + return sz <= PUD_SIZE && kvm_s2pud_exec(pudp); else if (pmdp) - return kvm_s2pmd_exec(pmdp); + return sz <= PMD_SIZE && kvm_s2pmd_exec(pmdp); else - return kvm_s2pte_exec(ptep); + return sz == PAGE_SIZE && kvm_s2pte_exec(ptep); } static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache, @@ -1958,7 +1958,8 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, * execute permissions, and we preserve whatever we have. */ needs_exec = exec_fault || - (fault_status == FSC_PERM && stage2_is_exec(kvm, fault_ipa)); + (fault_status == FSC_PERM && + stage2_is_exec(kvm, fault_ipa, vma_pagesize)); if (vma_pagesize == PUD_SIZE) { pud_t new_pud = kvm_pfn_pud(pfn, mem_type); -- 2.27.0

4 years, 5 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror July 2020