- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] serial: 8250: Avoid error message on reprobe" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e0a851fe6b9b619527bd928aa93caaddd003f70c Mon Sep 17 00:00:00 2001 From: Lukas Wunner <lukas(a)wunner.de> Date: Tue, 12 May 2020 14:40:01 +0200 Subject: [PATCH] serial: 8250: Avoid error message on reprobe If the call to uart_add_one_port() in serial8250_register_8250_port() fails, a half-initialized entry in the serial_8250ports[] array is left behind. A subsequent reprobe of the same serial port causes that entry to be reused. Because uart->port.dev is set, uart_remove_one_port() is called for the half-initialized entry and bails out with an error message: bcm2835-aux-uart 3f215040.serial: Removing wrong port: (null) != (ptrval) The same happens on failure of mctrl_gpio_init() since commit 4a96895f74c9 ("tty/serial/8250: use mctrl_gpio helpers"). Fix by zeroing the uart->port.dev pointer in the probe error path. The bug was introduced in v2.6.10 by historical commit befff6f5bf5f ("[SERIAL] Add new port registration/unregistration functions."): https://git.kernel.org/tglx/history/c/befff6f5bf5f The commit added an unconditional call to uart_remove_one_port() in serial8250_register_port(). In v3.7, commit 835d844d1a28 ("8250_pnp: do pnp probe before legacy probe") made that call conditional on uart->port.dev which allows me to fix the issue by zeroing that pointer in the error path. Thus, the present commit will fix the problem as far back as v3.7 whereas still older versions need to also cherry-pick 835d844d1a28. Fixes: 835d844d1a28 ("8250_pnp: do pnp probe before legacy probe") Signed-off-by: Lukas Wunner <lukas(a)wunner.de> Cc: stable(a)vger.kernel.org # v2.6.10 Cc: stable(a)vger.kernel.org # v2.6.10: 835d844d1a28: 8250_pnp: do pnp probe before legacy Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Link: https://lore.kernel.org/r/b4a072013ee1a1d13ee06b4325afb19bda57ca1b.15892858… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c index 45d9117cab68..9548d3f8fc8e 100644 --- a/drivers/tty/serial/8250/8250_core.c +++ b/drivers/tty/serial/8250/8250_core.c @@ -1040,7 +1040,7 @@ int serial8250_register_8250_port(struct uart_8250_port *up) gpios = mctrl_gpio_init(&uart->port, 0); if (IS_ERR(gpios)) { ret = PTR_ERR(gpios); - goto out_unlock; + goto err; } else { uart->gpios = gpios; } @@ -1089,8 +1089,10 @@ int serial8250_register_8250_port(struct uart_8250_port *up) serial8250_apply_quirks(uart); ret = uart_add_one_port(&serial8250_reg, &uart->port); - if (ret == 0) - ret = uart->port.line; + if (ret) + goto err; + + ret = uart->port.line; } else { dev_info(uart->port.dev, "skipping CIR port at 0x%lx / 0x%llx, IRQ %d\n", @@ -1112,10 +1114,14 @@ int serial8250_register_8250_port(struct uart_8250_port *up) } } -out_unlock: mutex_unlock(&serial_mutex); return ret; + +err: + uart->port.dev = NULL; + mutex_unlock(&serial_mutex); + return ret; } EXPORT_SYMBOL(serial8250_register_8250_port);

5 years, 4 months

1
0
0 0

Please apply commit 9453264ef586 ("media: go7007: fix a miss of snd_card_free") to v4.9.y up to v5.4.y

by Salvatore Bonaccorso

Hi Could you please apply 9453264ef586 ("media: go7007: fix a miss of snd_card_free") to v4.9.y up to v5.4.y stable series? The fix is related to CVE-2019-20810. The commit can be cherry-picked as is for 5.4.y but needs a small adjustment for context for versions which do not contain c0decac19da3 ("media: use strscpy() instead of strlcpy()") and ba78170ef153 ("media: go7007: Fix misuse of strscpy"). Attached a respective patch which applies with that refresh back to v4.9.y. Regards, Salvatore >From fd93d8ec8b3447fd29509d2d2f92352e26ff3804 Mon Sep 17 00:00:00 2001 From: Chuhong Yuan <hslester96(a)gmail.com> Date: Tue, 10 Dec 2019 04:15:48 +0100 Subject: [PATCH] media: go7007: fix a miss of snd_card_free go7007_snd_init() misses a snd_card_free() in an error path. Add the missed call to fix it. Signed-off-by: Chuhong Yuan <hslester96(a)gmail.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> [Salvatore Bonaccorso: Adjust context for backport to versions which do not contain c0decac19da3 ("media: use strscpy() instead of strlcpy()") and ba78170ef153 ("media: go7007: Fix misuse of strscpy")] Signed-off-by: Salvatore Bonaccorso <carnil(a)debian.org> --- drivers/media/usb/go7007/snd-go7007.c | 35 +++++++++++++-------------- 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/drivers/media/usb/go7007/snd-go7007.c b/drivers/media/usb/go7007/snd-go7007.c index 137fc253b122..96c37a131deb 100644 --- a/drivers/media/usb/go7007/snd-go7007.c +++ b/drivers/media/usb/go7007/snd-go7007.c @@ -244,22 +244,18 @@ int go7007_snd_init(struct go7007 *go) gosnd->capturing = 0; ret = snd_card_new(go->dev, index[dev], id[dev], THIS_MODULE, 0, &gosnd->card); - if (ret < 0) { - kfree(gosnd); - return ret; - } + if (ret < 0) + goto free_snd; + ret = snd_device_new(gosnd->card, SNDRV_DEV_LOWLEVEL, go, &go7007_snd_device_ops); - if (ret < 0) { - kfree(gosnd); - return ret; - } + if (ret < 0) + goto free_card; + ret = snd_pcm_new(gosnd->card, "go7007", 0, 0, 1, &gosnd->pcm); - if (ret < 0) { - snd_card_free(gosnd->card); - kfree(gosnd); - return ret; - } + if (ret < 0) + goto free_card; + strlcpy(gosnd->card->driver, "go7007", sizeof(gosnd->card->driver)); strlcpy(gosnd->card->shortname, go->name, sizeof(gosnd->card->driver)); strlcpy(gosnd->card->longname, gosnd->card->shortname, @@ -270,11 +266,8 @@ int go7007_snd_init(struct go7007 *go) &go7007_snd_capture_ops); ret = snd_card_register(gosnd->card); - if (ret < 0) { - snd_card_free(gosnd->card); - kfree(gosnd); - return ret; - } + if (ret < 0) + goto free_card; gosnd->substream = NULL; go->snd_context = gosnd; @@ -282,6 +275,12 @@ int go7007_snd_init(struct go7007 *go) ++dev; return 0; + +free_card: + snd_card_free(gosnd->card); +free_snd: + kfree(gosnd); + return ret; } EXPORT_SYMBOL(go7007_snd_init); -- 2.27.0.rc0

5 years, 4 months

2
1
0 0

FAILED: patch "[PATCH] btrfs: send: emit file capabilities after chown" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 89efda52e6b6930f80f5adda9c3c9edfb1397191 Mon Sep 17 00:00:00 2001 From: Marcos Paulo de Souza <mpdesouza(a)suse.com> Date: Sun, 10 May 2020 23:15:07 -0300 Subject: [PATCH] btrfs: send: emit file capabilities after chown Whenever a chown is executed, all capabilities of the file being touched are lost. When doing incremental send with a file with capabilities, there is a situation where the capability can be lost on the receiving side. The sequence of actions bellow shows the problem: $ mount /dev/sda fs1 $ mount /dev/sdb fs2 $ touch fs1/foo.bar $ setcap cap_sys_nice+ep fs1/foo.bar $ btrfs subvolume snapshot -r fs1 fs1/snap_init $ btrfs send fs1/snap_init | btrfs receive fs2 $ chgrp adm fs1/foo.bar $ setcap cap_sys_nice+ep fs1/foo.bar $ btrfs subvolume snapshot -r fs1 fs1/snap_complete $ btrfs subvolume snapshot -r fs1 fs1/snap_incremental $ btrfs send fs1/snap_complete | btrfs receive fs2 $ btrfs send -p fs1/snap_init fs1/snap_incremental | btrfs receive fs2 At this point, only a chown was emitted by "btrfs send" since only the group was changed. This makes the cap_sys_nice capability to be dropped from fs2/snap_incremental/foo.bar To fix that, only emit capabilities after chown is emitted. The current code first checks for xattrs that are new/changed, emits them, and later emit the chown. Now, __process_new_xattr skips capabilities, letting only finish_inode_if_needed to emit them, if they exist, for the inode being processed. This behavior was being worked around in "btrfs receive" side by caching the capability and only applying it after chown. Now, xattrs are only emmited _after_ chown, making that workaround not needed anymore. Link: https://github.com/kdave/btrfs-progs/issues/202 CC: stable(a)vger.kernel.org # 4.4+ Suggested-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Marcos Paulo de Souza <mpdesouza(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index c5f41bd86765..4f3b8d2bb56b 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -23,6 +23,7 @@ #include "btrfs_inode.h" #include "transaction.h" #include "compression.h" +#include "xattr.h" /* * Maximum number of references an extent can have in order for us to attempt to @@ -4545,6 +4546,10 @@ static int __process_new_xattr(int num, struct btrfs_key *di_key, struct fs_path *p; struct posix_acl_xattr_header dummy_acl; + /* Capabilities are emitted by finish_inode_if_needed */ + if (!strncmp(name, XATTR_NAME_CAPS, name_len)) + return 0; + p = fs_path_alloc(); if (!p) return -ENOMEM; @@ -5107,6 +5112,64 @@ static int send_extent_data(struct send_ctx *sctx, return 0; } +/* + * Search for a capability xattr related to sctx->cur_ino. If the capability is + * found, call send_set_xattr function to emit it. + * + * Return 0 if there isn't a capability, or when the capability was emitted + * successfully, or < 0 if an error occurred. + */ +static int send_capabilities(struct send_ctx *sctx) +{ + struct fs_path *fspath = NULL; + struct btrfs_path *path; + struct btrfs_dir_item *di; + struct extent_buffer *leaf; + unsigned long data_ptr; + char *buf = NULL; + int buf_len; + int ret = 0; + + path = alloc_path_for_send(); + if (!path) + return -ENOMEM; + + di = btrfs_lookup_xattr(NULL, sctx->send_root, path, sctx->cur_ino, + XATTR_NAME_CAPS, strlen(XATTR_NAME_CAPS), 0); + if (!di) { + /* There is no xattr for this inode */ + goto out; + } else if (IS_ERR(di)) { + ret = PTR_ERR(di); + goto out; + } + + leaf = path->nodes[0]; + buf_len = btrfs_dir_data_len(leaf, di); + + fspath = fs_path_alloc(); + buf = kmalloc(buf_len, GFP_KERNEL); + if (!fspath || !buf) { + ret = -ENOMEM; + goto out; + } + + ret = get_cur_path(sctx, sctx->cur_ino, sctx->cur_inode_gen, fspath); + if (ret < 0) + goto out; + + data_ptr = (unsigned long)(di + 1) + btrfs_dir_name_len(leaf, di); + read_extent_buffer(leaf, buf, data_ptr, buf_len); + + ret = send_set_xattr(sctx, fspath, XATTR_NAME_CAPS, + strlen(XATTR_NAME_CAPS), buf, buf_len); +out: + kfree(buf); + fs_path_free(fspath); + btrfs_free_path(path); + return ret; +} + static int clone_range(struct send_ctx *sctx, struct clone_root *clone_root, const u64 disk_byte, @@ -5972,6 +6035,10 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) goto out; } + ret = send_capabilities(sctx); + if (ret < 0) + goto out; + /* * If other directory inodes depended on our current directory * inode's move/rename, now do their move/rename operations.

5 years, 4 months

3
2
0 0

✅ PASS: Test report for kernel 5.7.4-1d8b8c5.cki (stable-queue)

by CKI Project

Hello, We ran automated tests on a recent commit from this kernel tree: Kernel repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Commit: 1d8b8c58b646 - x86/amd_nb: Add AMD family 17h model 60h PCI IDs The results of these automated tests are provided below. Overall result: PASSED Merge: OK Compile: OK Tests: OK All kernel binaries, config files, and logs are available for download here: https://cki-artifacts.s3.us-east-2.amazonaws.com/index.html?prefix=dataware… Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Compile testing --------------- We compiled the kernel for 4 architectures: aarch64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg ppc64le: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg s390x: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg x86_64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg Hardware testing ---------------- We booted each kernel and ran the following tests: aarch64: Host 1: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ✅ Boot test ✅ xfstests - ext4 ✅ xfstests - xfs ✅ selinux-policy: serge-testsuite ✅ storage: software RAID testing 🚧 ✅ IPMI driver test 🚧 ✅ IPMItool loop stress test 🚧 ⚡⚡⚡ Storage blktests Host 2: ✅ Boot test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking socket: fuzz ✅ Networking: igmp conformance test ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - transport ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test ✅ pciutils: update pci ids test ✅ ALSA PCM loopback test ✅ ALSA Control (mixer) Userspace Element test ✅ storage: SCSI VPD 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ✅ Networking firewall: basic netfilter test 🚧 ✅ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer 🚧 ✅ kdump - kexec_boot ppc64le: Host 1: ✅ Boot test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking socket: fuzz ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test ✅ pciutils: update pci ids test ✅ ALSA PCM loopback test ✅ ALSA Control (mixer) Userspace Element test 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ✅ Networking firewall: basic netfilter test 🚧 ✅ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer Host 2: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ✅ Boot test ✅ xfstests - ext4 ✅ xfstests - xfs ✅ selinux-policy: serge-testsuite ✅ storage: software RAID testing 🚧 ✅ IPMI driver test 🚧 ✅ IPMItool loop stress test 🚧 ⚡⚡⚡ Storage blktests Host 3: ✅ Boot test 🚧 ✅ kdump - sysrq-c s390x: Host 1: ✅ Boot test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - transport ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ❌ Networking firewall: basic netfilter test 🚧 ❌ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer 🚧 ✅ kdump - kexec_boot Host 2: ✅ Boot test 🚧 ✅ kdump - sysrq-c Host 3: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ✅ Boot test ✅ selinux-policy: serge-testsuite ✅ stress: stress-ng 🚧 ⚡⚡⚡ Storage blktests x86_64: Host 1: ✅ Boot test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking socket: fuzz ✅ Networking: igmp conformance test ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - transport ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test ✅ pciutils: sanity smoke test ✅ pciutils: update pci ids test ✅ ALSA PCM loopback test ✅ ALSA Control (mixer) Userspace Element test ✅ storage: SCSI VPD 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ✅ Networking firewall: basic netfilter test 🚧 ✅ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer 🚧 ✅ kdump - kexec_boot Host 2: ✅ Boot test 🚧 ✅ kdump - sysrq-c Host 3: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ✅ Boot test ✅ xfstests - ext4 ✅ xfstests - xfs ✅ selinux-policy: serge-testsuite ✅ storage: software RAID testing ✅ stress: stress-ng 🚧 ✅ CPU: Frequency Driver Test 🚧 ✅ CPU: Idle Test 🚧 ✅ IOMMU boot test 🚧 ✅ IPMI driver test 🚧 ✅ IPMItool loop stress test 🚧 ⚡⚡⚡ Storage blktests Test sources: https://github.com/CKI-project/tests-beaker 💚 Pull requests are welcome for new tests or improvements to existing tests! Aborted tests ------------- Tests that didn't complete running successfully are marked with ⚡⚡⚡. If this was caused by an infrastructure issue, we try to mark that explicitly in the report. Waived tests ------------ If the test run included waived tests, they are marked with 🚧. Such tests are executed but their results are not taken into account. Tests are waived when their results are not reliable enough, e.g. when they're just introduced or are being fixed. Testing timeout --------------- We aim to provide a report within reasonable timeframe. Tests that haven't finished running yet are marked with ⏱.

5 years, 4 months

1
0
0 0

[PATCH] blk-mq: move blk_mq_update_nr_hw_queues synchronize_rcu call

by Giuliano Procida

This fixes the 4.9 backport commit f530afb974c2e82047bd6220303a2dbe30eff304 which was upstream commit f5bbbbe4d63577026f908a809f22f5fd5a90ea1f. The upstream commit added a call to synchronize_rcu to _blk_mq_update_nr_hw_queues, just after freezing queues. In the backport this landed (in blk_mq_update_nr_hw_queues instead), just after unfreezeing queues. This commit moves the call to its intended place. Fixes: f530afb974c2 ("blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter") Signed-off-by: Giuliano Procida <gprocida(a)google.com> --- block/blk-mq.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/block/blk-mq.c b/block/blk-mq.c index 58be2eaa5aaa..e0ed7317e98c 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -2331,6 +2331,10 @@ void blk_mq_update_nr_hw_queues(struct blk_mq_tag_set *set, int nr_hw_queues) list_for_each_entry(q, &set->tag_list, tag_set_list) blk_mq_freeze_queue(q); + /* + * Sync with blk_mq_queue_tag_busy_iter. + */ + synchronize_rcu(); set->nr_hw_queues = nr_hw_queues; list_for_each_entry(q, &set->tag_list, tag_set_list) { @@ -2346,10 +2350,6 @@ void blk_mq_update_nr_hw_queues(struct blk_mq_tag_set *set, int nr_hw_queues) list_for_each_entry(q, &set->tag_list, tag_set_list) blk_mq_unfreeze_queue(q); - /* - * Sync with blk_mq_queue_tag_busy_iter. - */ - synchronize_rcu(); } EXPORT_SYMBOL_GPL(blk_mq_update_nr_hw_queues); -- 2.27.0.290.gba653c62da-goog

5 years, 4 months

2
1
0 0

[for-linus][PATCH 15/17] tools/bootconfig: Fix to return 0 if succeeded to show the bootconfig

by Steven Rostedt

From: Masami Hiramatsu <mhiramat(a)kernel.org> Fix bootconfig to return 0 if succeeded to show the bootconfig in initrd. Without this fix, "bootconfig INITRD" command returns !0 even if the command succeeded to show the bootconfig. Link: http://lkml.kernel.org/r/159230246566.65555.11891772258543514487.stgit@devn… Cc: stable(a)vger.kernel.org Fixes: 950313ebf79c ("tools: bootconfig: Add bootconfig command") Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- tools/bootconfig/main.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tools/bootconfig/main.c b/tools/bootconfig/main.c index 21896a6675fd..e0878f5f74b1 100644 --- a/tools/bootconfig/main.c +++ b/tools/bootconfig/main.c @@ -207,11 +207,13 @@ int show_xbc(const char *path) } ret = load_xbc_from_initrd(fd, &buf); - if (ret < 0) + if (ret < 0) { pr_err("Failed to load a boot config from initrd: %d\n", ret); - else - xbc_show_compact_tree(); - + goto out; + } + xbc_show_compact_tree(); + ret = 0; +out: close(fd); free(buf); -- 2.26.2

5 years, 4 months

1
0
0 0

[for-linus][PATCH 14/17] tools/bootconfig: Fix to use correct quotes for value

by Steven Rostedt

From: Masami Hiramatsu <mhiramat(a)kernel.org> Fix bootconfig tool to select double or single quotes correctly according to the value. If a bootconfig value includes a double quote character, we must use single-quotes to quote that value. Link: http://lkml.kernel.org/r/159230245697.65555.12444299015852932304.stgit@devn… Cc: stable(a)vger.kernel.org Fixes: 950313ebf79c ("tools: bootconfig: Add bootconfig command") Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- tools/bootconfig/main.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/tools/bootconfig/main.c b/tools/bootconfig/main.c index 0efaf45f7367..21896a6675fd 100644 --- a/tools/bootconfig/main.c +++ b/tools/bootconfig/main.c @@ -14,13 +14,18 @@ #include <linux/kernel.h> #include <linux/bootconfig.h> -static int xbc_show_array(struct xbc_node *node) +static int xbc_show_value(struct xbc_node *node) { const char *val; + char q; int i = 0; xbc_array_for_each_value(node, val) { - printf("\"%s\"%s", val, node->next ? ", " : ";\n"); + if (strchr(val, '"')) + q = '\''; + else + q = '"'; + printf("%c%s%c%s", q, val, q, node->next ? ", " : ";\n"); i++; } return i; @@ -48,10 +53,7 @@ static void xbc_show_compact_tree(void) continue; } else if (cnode && xbc_node_is_value(cnode)) { printf("%s = ", xbc_node_get_data(node)); - if (cnode->next) - xbc_show_array(cnode); - else - printf("\"%s\";\n", xbc_node_get_data(cnode)); + xbc_show_value(cnode); } else { printf("%s;\n", xbc_node_get_data(node)); } -- 2.26.2

5 years, 4 months

1
0
0 0

[for-linus][PATCH 13/17] proc/bootconfig: Fix to use correct quotes for value

by Steven Rostedt

From: Masami Hiramatsu <mhiramat(a)kernel.org> Fix /proc/bootconfig to select double or single quotes corrctly according to the value. If a bootconfig value includes a double quote character, we must use single-quotes to quote that value. This modifies if() condition and blocks for avoiding double-quote in value check in 2 places. Anyway, since xbc_array_for_each_value() can handle the array which has a single node correctly. Thus, if (vnode && xbc_node_is_array(vnode)) { xbc_array_for_each_value(vnode) /* vnode->next != NULL */ ... } else { snprintf(val); /* val is an empty string if !vnode */ } is equivalent to if (vnode) { xbc_array_for_each_value(vnode) /* vnode->next can be NULL */ ... } else { snprintf(""); /* value is always empty */ } Link: http://lkml.kernel.org/r/159230244786.65555.3763894451251622488.stgit@devno… Cc: stable(a)vger.kernel.org Fixes: c1a3c36017d4 ("proc: bootconfig: Add /proc/bootconfig to show boot config list") Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- fs/proc/bootconfig.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/fs/proc/bootconfig.c b/fs/proc/bootconfig.c index 9955d75c0585..ad31ec4ad627 100644 --- a/fs/proc/bootconfig.c +++ b/fs/proc/bootconfig.c @@ -26,8 +26,9 @@ static int boot_config_proc_show(struct seq_file *m, void *v) static int __init copy_xbc_key_value_list(char *dst, size_t size) { struct xbc_node *leaf, *vnode; - const char *val; char *key, *end = dst + size; + const char *val; + char q; int ret = 0; key = kzalloc(XBC_KEYLEN_MAX, GFP_KERNEL); @@ -41,16 +42,20 @@ static int __init copy_xbc_key_value_list(char *dst, size_t size) break; dst += ret; vnode = xbc_node_get_child(leaf); - if (vnode && xbc_node_is_array(vnode)) { + if (vnode) { xbc_array_for_each_value(vnode, val) { - ret = snprintf(dst, rest(dst, end), "\"%s\"%s", - val, vnode->next ? ", " : "\n"); + if (strchr(val, '"')) + q = '\''; + else + q = '"'; + ret = snprintf(dst, rest(dst, end), "%c%s%c%s", + q, val, q, vnode->next ? ", " : "\n"); if (ret < 0) goto out; dst += ret; } } else { - ret = snprintf(dst, rest(dst, end), "\"%s\"\n", val); + ret = snprintf(dst, rest(dst, end), "\"\"\n"); if (ret < 0) break; dst += ret; -- 2.26.2

5 years, 4 months

1
0
0 0

[for-linus][PATCH 11/17] tracing/probe: Fix memleak in fetch_op_data operations

by Steven Rostedt

From: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi(a)gmail.com> kmemleak report: [<57dcc2ca>] __kmalloc_track_caller+0x139/0x2b0 [<f1c45d0f>] kstrndup+0x37/0x80 [<f9761eb0>] parse_probe_arg.isra.7+0x3cc/0x630 [<055bf2ba>] traceprobe_parse_probe_arg+0x2f5/0x810 [<655a7766>] trace_kprobe_create+0x2ca/0x950 [<4fc6a02a>] create_or_delete_trace_kprobe+0xf/0x30 [<6d1c8a52>] trace_run_command+0x67/0x80 [<be812cc0>] trace_parse_run_command+0xa7/0x140 [<aecfe401>] probes_write+0x10/0x20 [<2027641c>] __vfs_write+0x30/0x1e0 [<6a4aeee1>] vfs_write+0x96/0x1b0 [<3517fb7d>] ksys_write+0x53/0xc0 [<dad91db7>] __ia32_sys_write+0x15/0x20 [<da347f64>] do_syscall_32_irqs_on+0x3d/0x260 [<fd0b7e7d>] do_fast_syscall_32+0x39/0xb0 [<ea5ae810>] entry_SYSENTER_32+0xaf/0x102 Post parse_probe_arg(), the FETCH_OP_DATA operation type is overwritten to FETCH_OP_ST_STRING, as a result memory is never freed since traceprobe_free_probe_arg() iterates only over SYMBOL and DATA op types Setup fetch string operation correctly after fetch_op_data operation. Link: https://lkml.kernel.org/r/20200615143034.GA1734@cosmos Cc: stable(a)vger.kernel.org Fixes: a42e3c4de964 ("tracing/probe: Add immediate string parameter support") Acked-by: Masami Hiramatsu <mhiramat(a)kernel.org> Signed-off-by: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi(a)gmail.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_probe.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c index b8a928e925c7..d2867ccc6aca 100644 --- a/kernel/trace/trace_probe.c +++ b/kernel/trace/trace_probe.c @@ -639,8 +639,8 @@ static int traceprobe_parse_probe_arg_body(char *arg, ssize_t *size, ret = -EINVAL; goto fail; } - if ((code->op == FETCH_OP_IMM || code->op == FETCH_OP_COMM) || - parg->count) { + if ((code->op == FETCH_OP_IMM || code->op == FETCH_OP_COMM || + code->op == FETCH_OP_DATA) || parg->count) { /* * IMM, DATA and COMM is pointing actual address, those * must be kept, and if parg->count != 0, this is an -- 2.26.2

5 years, 4 months

1
0
0 0

[for-linus][PATCH 09/17] tracing: Make ftrace packed events have align of 1

by Steven Rostedt

From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> When using trace-cmd on 5.6-rt for the function graph tracer, the output was corrupted. It gave output like this: funcgraph_entry: func=0xffffffff depth=38982 funcgraph_entry: func=0x1ffffffff depth=16044 funcgraph_exit: func=0xffffffff overrun=0x92539aaf00000000 calltime=0x92539c9900000072 rettime=0x100000072 depth=11084 funcgraph_exit: func=0xffffffff overrun=0x9253946e00000000 calltime=0x92539e2100000072 rettime=0x72 depth=26033702 funcgraph_entry: func=0xffffffff depth=85798 funcgraph_entry: func=0x1ffffffff depth=12044 The reason was because the tracefs/events/ftrace/funcgraph_entry/exit format file was incorrect. The -rt kernel adds more common fields to the trace events. Namely, common_migrate_disable and common_preempt_lazy_count. Each is one byte in size. This changes the alignment of the normal payload. Most events are aligned normally, but the function and function graph events are defined with a "PACKED" macro, that packs their payload. As the offsets displayed in the format files are now calculated by an aligned field, the aligned field for function and function graph events should be 1, not their normal alignment. With aligning of the funcgraph_entry event, the format file has: field:unsigned short common_type; offset:0; size:2; signed:0; field:unsigned char common_flags; offset:2; size:1; signed:0; field:unsigned char common_preempt_count; offset:3; size:1; signed:0; field:int common_pid; offset:4; size:4; signed:1; field:unsigned char common_migrate_disable; offset:8; size:1; signed:0; field:unsigned char common_preempt_lazy_count; offset:9; size:1; signed:0; field:unsigned long func; offset:16; size:8; signed:0; field:int depth; offset:24; size:4; signed:1; But the actual alignment is: field:unsigned short common_type; offset:0; size:2; signed:0; field:unsigned char common_flags; offset:2; size:1; signed:0; field:unsigned char common_preempt_count; offset:3; size:1; signed:0; field:int common_pid; offset:4; size:4; signed:1; field:unsigned char common_migrate_disable; offset:8; size:1; signed:0; field:unsigned char common_preempt_lazy_count; offset:9; size:1; signed:0; field:unsigned long func; offset:12; size:8; signed:0; field:int depth; offset:20; size:4; signed:1; Link: https://lkml.kernel.org/r/20200609220041.2a3b527f@oasis.local.home Cc: stable(a)vger.kernel.org Fixes: 04ae87a52074e ("ftrace: Rework event_create_dir()") Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace.h | 3 +++ kernel/trace/trace_entries.h | 14 +++++++------- kernel/trace/trace_export.c | 16 ++++++++++++++++ 3 files changed, 26 insertions(+), 7 deletions(-) diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h index def769df5bf1..13db4000af3f 100644 --- a/kernel/trace/trace.h +++ b/kernel/trace/trace.h @@ -61,6 +61,9 @@ enum trace_type { #undef __field_desc #define __field_desc(type, container, item) +#undef __field_packed +#define __field_packed(type, container, item) + #undef __array #define __array(type, item, size) type item[size]; diff --git a/kernel/trace/trace_entries.h b/kernel/trace/trace_entries.h index a523da0dae0a..18c4a58aff79 100644 --- a/kernel/trace/trace_entries.h +++ b/kernel/trace/trace_entries.h @@ -78,8 +78,8 @@ FTRACE_ENTRY_PACKED(funcgraph_entry, ftrace_graph_ent_entry, F_STRUCT( __field_struct( struct ftrace_graph_ent, graph_ent ) - __field_desc( unsigned long, graph_ent, func ) - __field_desc( int, graph_ent, depth ) + __field_packed( unsigned long, graph_ent, func ) + __field_packed( int, graph_ent, depth ) ), F_printk("--> %ps (%d)", (void *)__entry->func, __entry->depth) @@ -92,11 +92,11 @@ FTRACE_ENTRY_PACKED(funcgraph_exit, ftrace_graph_ret_entry, F_STRUCT( __field_struct( struct ftrace_graph_ret, ret ) - __field_desc( unsigned long, ret, func ) - __field_desc( unsigned long, ret, overrun ) - __field_desc( unsigned long long, ret, calltime) - __field_desc( unsigned long long, ret, rettime ) - __field_desc( int, ret, depth ) + __field_packed( unsigned long, ret, func ) + __field_packed( unsigned long, ret, overrun ) + __field_packed( unsigned long long, ret, calltime) + __field_packed( unsigned long long, ret, rettime ) + __field_packed( int, ret, depth ) ), F_printk("<-- %ps (%d) (start: %llx end: %llx) over: %d", diff --git a/kernel/trace/trace_export.c b/kernel/trace/trace_export.c index 77ce5a3b6773..70d3d0a09053 100644 --- a/kernel/trace/trace_export.c +++ b/kernel/trace/trace_export.c @@ -45,6 +45,9 @@ static int ftrace_event_register(struct trace_event_call *call, #undef __field_desc #define __field_desc(type, container, item) type item; +#undef __field_packed +#define __field_packed(type, container, item) type item; + #undef __array #define __array(type, item, size) type item[size]; @@ -85,6 +88,13 @@ static void __always_unused ____ftrace_check_##name(void) \ .size = sizeof(_type), .align = __alignof__(_type), \ is_signed_type(_type), .filter_type = _filter_type }, + +#undef __field_ext_packed +#define __field_ext_packed(_type, _item, _filter_type) { \ + .type = #_type, .name = #_item, \ + .size = sizeof(_type), .align = 1, \ + is_signed_type(_type), .filter_type = _filter_type }, + #undef __field #define __field(_type, _item) __field_ext(_type, _item, FILTER_OTHER) @@ -94,6 +104,9 @@ static void __always_unused ____ftrace_check_##name(void) \ #undef __field_desc #define __field_desc(_type, _container, _item) __field_ext(_type, _item, FILTER_OTHER) +#undef __field_packed +#define __field_packed(_type, _container, _item) __field_ext_packed(_type, _item, FILTER_OTHER) + #undef __array #define __array(_type, _item, _len) { \ .type = #_type"["__stringify(_len)"]", .name = #_item, \ @@ -129,6 +142,9 @@ static struct trace_event_fields ftrace_event_fields_##name[] = { \ #undef __field_desc #define __field_desc(type, container, item) +#undef __field_packed +#define __field_packed(type, container, item) + #undef __array #define __array(type, item, len) -- 2.26.2

5 years, 4 months

1
0
0 0

[for-linus][PATCH 08/17] sample-trace-array: Remove trace_array sample-instance

by Steven Rostedt

From: Kefeng Wang <wangkefeng.wang(a)huawei.com> Remove trace_array 'sample-instance' if kthread_run fails in sample_trace_array_init(). Link: https://lkml.kernel.org/r/20200609135200.2206726-1-wangkefeng.wang@huawei.c… Cc: stable(a)vger.kernel.org Fixes: 89ed42495ef4a ("tracing: Sample module to demonstrate kernel access to Ftrace instances.") Reviewed-by: Divya Indi <divya.indi(a)oracle.com> Signed-off-by: Kefeng Wang <wangkefeng.wang(a)huawei.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- samples/ftrace/sample-trace-array.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/samples/ftrace/sample-trace-array.c b/samples/ftrace/sample-trace-array.c index 9e437f930280..6aba02a31c96 100644 --- a/samples/ftrace/sample-trace-array.c +++ b/samples/ftrace/sample-trace-array.c @@ -115,8 +115,12 @@ static int __init sample_trace_array_init(void) trace_printk_init_buffers(); simple_tsk = kthread_run(simple_thread, NULL, "sample-instance"); - if (IS_ERR(simple_tsk)) + if (IS_ERR(simple_tsk)) { + trace_array_put(tr); + trace_array_destroy(tr); return -1; + } + return 0; } -- 2.26.2

5 years, 4 months

1
0
0 0

[for-linus][PATCH 07/17] sample-trace-array: Fix sleeping function called from invalid context

by Steven Rostedt

From: Kefeng Wang <wangkefeng.wang(a)huawei.com> BUG: sleeping function called from invalid context at kernel/locking/mutex.c:935 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 0, name: swapper/5 1 lock held by swapper/5/0: #0: ffff80001002bd90 (samples/ftrace/sample-trace-array.c:38){+.-.}-{0:0}, at: call_timer_fn+0x8/0x3e0 CPU: 5 PID: 0 Comm: swapper/5 Not tainted 5.7.0+ #8 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 Call trace: dump_backtrace+0x0/0x1a0 show_stack+0x20/0x30 dump_stack+0xe4/0x150 ___might_sleep+0x160/0x200 __might_sleep+0x58/0x90 __mutex_lock+0x64/0x948 mutex_lock_nested+0x3c/0x58 __ftrace_set_clr_event+0x44/0x88 trace_array_set_clr_event+0x24/0x38 mytimer_handler+0x34/0x40 [sample_trace_array] mutex_lock() will be called in interrupt context, using workqueue to fix it. Link: https://lkml.kernel.org/r/20200610011244.2209486-1-wangkefeng.wang@huawei.c… Cc: stable(a)vger.kernel.org Fixes: 89ed42495ef4 ("tracing: Sample module to demonstrate kernel access to Ftrace instances.") Reviewed-by: Divya Indi <divya.indi(a)oracle.com> Signed-off-by: Kefeng Wang <wangkefeng.wang(a)huawei.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- samples/ftrace/sample-trace-array.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/samples/ftrace/sample-trace-array.c b/samples/ftrace/sample-trace-array.c index d523450d73eb..9e437f930280 100644 --- a/samples/ftrace/sample-trace-array.c +++ b/samples/ftrace/sample-trace-array.c @@ -6,6 +6,7 @@ #include <linux/timer.h> #include <linux/err.h> #include <linux/jiffies.h> +#include <linux/workqueue.h> /* * Any file that uses trace points, must include the header. @@ -20,6 +21,16 @@ struct trace_array *tr; static void mytimer_handler(struct timer_list *unused); static struct task_struct *simple_tsk; +static void trace_work_fn(struct work_struct *work) +{ + /* + * Disable tracing for event "sample_event". + */ + trace_array_set_clr_event(tr, "sample-subsystem", "sample_event", + false); +} +static DECLARE_WORK(trace_work, trace_work_fn); + /* * mytimer: Timer setup to disable tracing for event "sample_event". This * timer is only for the purposes of the sample module to demonstrate access of @@ -29,11 +40,7 @@ static DEFINE_TIMER(mytimer, mytimer_handler); static void mytimer_handler(struct timer_list *unused) { - /* - * Disable tracing for event "sample_event". - */ - trace_array_set_clr_event(tr, "sample-subsystem", "sample_event", - false); + schedule_work(&trace_work); } static void simple_thread_func(int count) @@ -76,6 +83,7 @@ static int simple_thread(void *arg) simple_thread_func(count++); del_timer(&mytimer); + cancel_work_sync(&trace_work); /* * trace_array_put() decrements the reference counter associated with -- 2.26.2

5 years, 4 months

1
0
0 0

[for-linus][PATCH 06/17] kretprobe: Prevent triggering kretprobe from within kprobe_flush_task

by Steven Rostedt

From: Jiri Olsa <jolsa(a)redhat.com> Ziqian reported lockup when adding retprobe on _raw_spin_lock_irqsave. My test was also able to trigger lockdep output: ============================================ WARNING: possible recursive locking detected 5.6.0-rc6+ #6 Not tainted -------------------------------------------- sched-messaging/2767 is trying to acquire lock: ffffffff9a492798 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_hash_lock+0x52/0xa0 but task is already holding lock: ffffffff9a491a18 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_trampoline+0x0/0x50 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&(kretprobe_table_locks[i].lock)); lock(&(kretprobe_table_locks[i].lock)); *** DEADLOCK *** May be due to missing lock nesting notation 1 lock held by sched-messaging/2767: #0: ffffffff9a491a18 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_trampoline+0x0/0x50 stack backtrace: CPU: 3 PID: 2767 Comm: sched-messaging Not tainted 5.6.0-rc6+ #6 Call Trace: dump_stack+0x96/0xe0 __lock_acquire.cold.57+0x173/0x2b7 ? native_queued_spin_lock_slowpath+0x42b/0x9e0 ? lockdep_hardirqs_on+0x590/0x590 ? __lock_acquire+0xf63/0x4030 lock_acquire+0x15a/0x3d0 ? kretprobe_hash_lock+0x52/0xa0 _raw_spin_lock_irqsave+0x36/0x70 ? kretprobe_hash_lock+0x52/0xa0 kretprobe_hash_lock+0x52/0xa0 trampoline_handler+0xf8/0x940 ? kprobe_fault_handler+0x380/0x380 ? find_held_lock+0x3a/0x1c0 kretprobe_trampoline+0x25/0x50 ? lock_acquired+0x392/0xbc0 ? _raw_spin_lock_irqsave+0x50/0x70 ? __get_valid_kprobe+0x1f0/0x1f0 ? _raw_spin_unlock_irqrestore+0x3b/0x40 ? finish_task_switch+0x4b9/0x6d0 ? __switch_to_asm+0x34/0x70 ? __switch_to_asm+0x40/0x70 The code within the kretprobe handler checks for probe reentrancy, so we won't trigger any _raw_spin_lock_irqsave probe in there. The problem is in outside kprobe_flush_task, where we call: kprobe_flush_task kretprobe_table_lock raw_spin_lock_irqsave _raw_spin_lock_irqsave where _raw_spin_lock_irqsave triggers the kretprobe and installs kretprobe_trampoline handler on _raw_spin_lock_irqsave return. The kretprobe_trampoline handler is then executed with already locked kretprobe_table_locks, and first thing it does is to lock kretprobe_table_locks ;-) the whole lockup path like: kprobe_flush_task kretprobe_table_lock raw_spin_lock_irqsave _raw_spin_lock_irqsave ---> probe triggered, kretprobe_trampoline installed ---> kretprobe_table_locks locked kretprobe_trampoline trampoline_handler kretprobe_hash_lock(current, &head, &flags); <--- deadlock Adding kprobe_busy_begin/end helpers that mark code with fake probe installed to prevent triggering of another kprobe within this code. Using these helpers in kprobe_flush_task, so the probe recursion protection check is hit and the probe is never set to prevent above lockup. Link: http://lkml.kernel.org/r/158927059835.27680.7011202830041561604.stgit@devno… Fixes: ef53d9c5e4da ("kprobes: improve kretprobe scalability with hashed locking") Cc: Ingo Molnar <mingo(a)kernel.org> Cc: "Gustavo A . R . Silva" <gustavoars(a)kernel.org> Cc: Anders Roxell <anders.roxell(a)linaro.org> Cc: "Naveen N . Rao" <naveen.n.rao(a)linux.ibm.com> Cc: Anil S Keshavamurthy <anil.s.keshavamurthy(a)intel.com> Cc: David Miller <davem(a)davemloft.net> Cc: Ingo Molnar <mingo(a)elte.hu> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Reported-by: "Ziqian SUN (Zamir)" <zsun(a)redhat.com> Acked-by: Masami Hiramatsu <mhiramat(a)kernel.org> Signed-off-by: Jiri Olsa <jolsa(a)kernel.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- arch/x86/kernel/kprobes/core.c | 16 +++------------- include/linux/kprobes.h | 4 ++++ kernel/kprobes.c | 24 ++++++++++++++++++++++++ 3 files changed, 31 insertions(+), 13 deletions(-) diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c index 3bafe1bd4dc7..8a5ec10e95dc 100644 --- a/arch/x86/kernel/kprobes/core.c +++ b/arch/x86/kernel/kprobes/core.c @@ -753,16 +753,11 @@ asm( NOKPROBE_SYMBOL(kretprobe_trampoline); STACK_FRAME_NON_STANDARD(kretprobe_trampoline); -static struct kprobe kretprobe_kprobe = { - .addr = (void *)kretprobe_trampoline, -}; - /* * Called from kretprobe_trampoline */ __used __visible void *trampoline_handler(struct pt_regs *regs) { - struct kprobe_ctlblk *kcb; struct kretprobe_instance *ri = NULL; struct hlist_head *head, empty_rp; struct hlist_node *tmp; @@ -772,16 +767,12 @@ __used __visible void *trampoline_handler(struct pt_regs *regs) void *frame_pointer; bool skipped = false; - preempt_disable(); - /* * Set a dummy kprobe for avoiding kretprobe recursion. * Since kretprobe never run in kprobe handler, kprobe must not * be running at this point. */ - kcb = get_kprobe_ctlblk(); - __this_cpu_write(current_kprobe, &kretprobe_kprobe); - kcb->kprobe_status = KPROBE_HIT_ACTIVE; + kprobe_busy_begin(); INIT_HLIST_HEAD(&empty_rp); kretprobe_hash_lock(current, &head, &flags); @@ -857,7 +848,7 @@ __used __visible void *trampoline_handler(struct pt_regs *regs) __this_cpu_write(current_kprobe, &ri->rp->kp); ri->ret_addr = correct_ret_addr; ri->rp->handler(ri, regs); - __this_cpu_write(current_kprobe, &kretprobe_kprobe); + __this_cpu_write(current_kprobe, &kprobe_busy); } recycle_rp_inst(ri, &empty_rp); @@ -873,8 +864,7 @@ __used __visible void *trampoline_handler(struct pt_regs *regs) kretprobe_hash_unlock(current, &flags); - __this_cpu_write(current_kprobe, NULL); - preempt_enable(); + kprobe_busy_end(); hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) { hlist_del(&ri->hlist); diff --git a/include/linux/kprobes.h b/include/linux/kprobes.h index 594265bfd390..05ed663e6c7b 100644 --- a/include/linux/kprobes.h +++ b/include/linux/kprobes.h @@ -350,6 +350,10 @@ static inline struct kprobe_ctlblk *get_kprobe_ctlblk(void) return this_cpu_ptr(&kprobe_ctlblk); } +extern struct kprobe kprobe_busy; +void kprobe_busy_begin(void); +void kprobe_busy_end(void); + kprobe_opcode_t *kprobe_lookup_name(const char *name, unsigned int offset); int register_kprobe(struct kprobe *p); void unregister_kprobe(struct kprobe *p); diff --git a/kernel/kprobes.c b/kernel/kprobes.c index 5cb7791c16b3..4a904cc56d68 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -1241,6 +1241,26 @@ __releases(hlist_lock) } NOKPROBE_SYMBOL(kretprobe_table_unlock); +struct kprobe kprobe_busy = { + .addr = (void *) get_kprobe, +}; + +void kprobe_busy_begin(void) +{ + struct kprobe_ctlblk *kcb; + + preempt_disable(); + __this_cpu_write(current_kprobe, &kprobe_busy); + kcb = get_kprobe_ctlblk(); + kcb->kprobe_status = KPROBE_HIT_ACTIVE; +} + +void kprobe_busy_end(void) +{ + __this_cpu_write(current_kprobe, NULL); + preempt_enable(); +} + /* * This function is called from finish_task_switch when task tk becomes dead, * so that we can recycle any function-return probe instances associated @@ -1258,6 +1278,8 @@ void kprobe_flush_task(struct task_struct *tk) /* Early boot. kretprobe_table_locks not yet initialized. */ return; + kprobe_busy_begin(); + INIT_HLIST_HEAD(&empty_rp); hash = hash_ptr(tk, KPROBE_HASH_BITS); head = &kretprobe_inst_table[hash]; @@ -1271,6 +1293,8 @@ void kprobe_flush_task(struct task_struct *tk) hlist_del(&ri->hlist); kfree(ri); } + + kprobe_busy_end(); } NOKPROBE_SYMBOL(kprobe_flush_task); -- 2.26.2

5 years, 4 months

1
0
0 0

[for-linus][PATCH 04/17] kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex

by Steven Rostedt

From: Masami Hiramatsu <mhiramat(a)kernel.org> In kprobe_optimizer() kick_kprobe_optimizer() is called without kprobe_mutex, but this can race with other caller which is protected by kprobe_mutex. To fix that, expand kprobe_mutex protected area to protect kick_kprobe_optimizer() call. Link: http://lkml.kernel.org/r/158927057586.27680.5036330063955940456.stgit@devno… Fixes: cd7ebe2298ff ("kprobes: Use text_poke_smp_batch for optimizing") Cc: Ingo Molnar <mingo(a)kernel.org> Cc: "Gustavo A . R . Silva" <gustavoars(a)kernel.org> Cc: Anders Roxell <anders.roxell(a)linaro.org> Cc: "Naveen N . Rao" <naveen.n.rao(a)linux.ibm.com> Cc: Anil S Keshavamurthy <anil.s.keshavamurthy(a)intel.com> Cc: David Miller <davem(a)davemloft.net> Cc: Ingo Molnar <mingo(a)elte.hu> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ziqian SUN <zsun(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/kprobes.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/kprobes.c b/kernel/kprobes.c index ceb0e273bd69..0e185763578b 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -592,11 +592,12 @@ static void kprobe_optimizer(struct work_struct *work) mutex_unlock(&module_mutex); mutex_unlock(&text_mutex); cpus_read_unlock(); - mutex_unlock(&kprobe_mutex); /* Step 5: Kick optimizer again if needed */ if (!list_empty(&optimizing_list) || !list_empty(&unoptimizing_list)) kick_kprobe_optimizer(); + + mutex_unlock(&kprobe_mutex); } /* Wait for completing optimization and unoptimization */ -- 2.26.2

5 years, 4 months

1
0
0 0

✅ PASS: Test report for kernel 5.7.4-e37a568.cki (stable-queue)

by CKI Project

Hello, We ran automated tests on a recent commit from this kernel tree: Kernel repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Commit: e37a568c557a - btrfs: fix space_info bytes_may_use underflow during space cache writeout The results of these automated tests are provided below. Overall result: PASSED Merge: OK Compile: OK Tests: OK All kernel binaries, config files, and logs are available for download here: https://cki-artifacts.s3.us-east-2.amazonaws.com/index.html?prefix=dataware… Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Compile testing --------------- We compiled the kernel for 4 architectures: aarch64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg ppc64le: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg s390x: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg x86_64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg Hardware testing ---------------- We booted each kernel and ran the following tests: aarch64: Host 1: ✅ Boot test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking socket: fuzz ✅ Networking: igmp conformance test ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - transport ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test ✅ pciutils: update pci ids test ✅ ALSA PCM loopback test ✅ ALSA Control (mixer) Userspace Element test ✅ storage: SCSI VPD 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ✅ Networking firewall: basic netfilter test 🚧 ✅ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer 🚧 ✅ kdump - kexec_boot Host 2: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ✅ Boot test ✅ xfstests - ext4 ✅ xfstests - xfs ✅ selinux-policy: serge-testsuite ✅ storage: software RAID testing ✅ stress: stress-ng 🚧 ✅ IPMI driver test 🚧 ✅ IPMItool loop stress test 🚧 ⚡⚡⚡ Storage blktests ppc64le: Host 1: ✅ Boot test 🚧 ✅ kdump - sysrq-c Host 2: ✅ Boot test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking socket: fuzz ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test ✅ pciutils: update pci ids test ✅ ALSA PCM loopback test ✅ ALSA Control (mixer) Userspace Element test 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ✅ Networking firewall: basic netfilter test 🚧 ✅ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer Host 3: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ✅ Boot test ✅ xfstests - ext4 ✅ xfstests - xfs ✅ selinux-policy: serge-testsuite ✅ storage: software RAID testing 🚧 ✅ IPMI driver test 🚧 ✅ IPMItool loop stress test 🚧 ⚡⚡⚡ Storage blktests s390x: Host 1: ✅ Boot test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - transport ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ✅ Networking firewall: basic netfilter test 🚧 ❌ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer 🚧 ✅ kdump - kexec_boot Host 2: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ✅ Boot test ✅ selinux-policy: serge-testsuite ✅ stress: stress-ng 🚧 ⚡⚡⚡ Storage blktests Host 3: ✅ Boot test 🚧 ✅ kdump - sysrq-c x86_64: Host 1: ✅ Boot test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking socket: fuzz ✅ Networking: igmp conformance test ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - transport ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test ✅ pciutils: sanity smoke test ✅ pciutils: update pci ids test ✅ ALSA PCM loopback test ✅ ALSA Control (mixer) Userspace Element test ✅ storage: SCSI VPD 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ✅ Networking firewall: basic netfilter test 🚧 ✅ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer 🚧 ✅ kdump - kexec_boot Host 2: ✅ Boot test 🚧 ✅ kdump - sysrq-c Host 3: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ✅ Boot test ✅ xfstests - ext4 ✅ xfstests - xfs ✅ selinux-policy: serge-testsuite ✅ storage: software RAID testing ✅ stress: stress-ng 🚧 ✅ CPU: Frequency Driver Test 🚧 ✅ CPU: Idle Test 🚧 ✅ IOMMU boot test 🚧 ✅ IPMI driver test 🚧 ✅ IPMItool loop stress test 🚧 ⚡⚡⚡ Storage blktests Test sources: https://github.com/CKI-project/tests-beaker 💚 Pull requests are welcome for new tests or improvements to existing tests! Aborted tests ------------- Tests that didn't complete running successfully are marked with ⚡⚡⚡. If this was caused by an infrastructure issue, we try to mark that explicitly in the report. Waived tests ------------ If the test run included waived tests, they are marked with 🚧. Such tests are executed but their results are not taken into account. Tests are waived when their results are not reliable enough, e.g. when they're just introduced or are being fixed. Testing timeout --------------- We aim to provide a report within reasonable timeframe. Tests that haven't finished running yet are marked with ⏱.

5 years, 4 months

1
0
0 0

[PATCH] ima: move APPRAISE_BOOTPARAM dependency on ARCH_POLICY to runtime

by Bruno Meneguele

IMA_APPRAISE_BOOTPARAM has been marked as dependent on !IMA_ARCH_POLICY in compile time, enforcing the appraisal whenever the kernel had the arch policy option enabled. However it breaks systems where the option is actually set but the system wasn't booted in a "secure boot" platform. In this scenario, anytime the an appraisal policy (i.e. ima_policy=appraisal_tcb) is used it will be forced, giving no chance to the user set the 'fix' state (ima_appraise=fix) to actually measure system's files. This patch remove this compile time dependency and move it to a runtime decision, based on the arch policy loading failure/success. Cc: stable(a)vger.kernel.org Fixes: d958083a8f64 ("x86/ima: define arch_get_ima_policy() for x86") Signed-off-by: Bruno Meneguele <bmeneg(a)redhat.com> --- security/integrity/ima/Kconfig | 2 +- security/integrity/ima/ima_policy.c | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index edde88dbe576..62dc11a5af01 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -232,7 +232,7 @@ config IMA_APPRAISE_REQUIRE_POLICY_SIGS config IMA_APPRAISE_BOOTPARAM bool "ima_appraise boot parameter" - depends on IMA_APPRAISE && !IMA_ARCH_POLICY + depends on IMA_APPRAISE default y help This option enables the different "ima_appraise=" modes diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index e493063a3c34..d6f8f513f447 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -733,11 +733,15 @@ void __init ima_init_policy(void) * (Highest priority) */ arch_entries = ima_init_arch_policy(); - if (!arch_entries) + if (!arch_entries) { pr_info("No architecture policies found\n"); - else + } else { + /* Force appraisal, preventing runtime xattr changes */ + pr_info("ima: setting IMA appraisal to enforced\n"); + ima_appraise = IMA_APPRAISE_ENFORCE; add_rules(arch_policy_entry, arch_entries, IMA_DEFAULT_POLICY | IMA_CUSTOM_POLICY); + } /* * Insert the builtin "secure_boot" policy rules requiring file -- 2.26.2

5 years, 4 months

1
0
0 0

[PATCH] blk-mq: move _blk_mq_update_nr_hw_queues synchronize_rcu call

by Giuliano Procida

This fixes the 4.14 backport commit 574eb136ec7f315c3ef2ca68fa9b3e16c56baa24 which was upstream commit f5bbbbe4d63577026f908a809f22f5fd5a90ea1f. The upstream commit added a call to synchronize_rcu to _blk_mq_update_nr_hw_queues, just after freezing queues. In the backport this landed just after unfreezeing queues. This commit moves the call to its intended place. Fixes: 574eb136ec7f ("blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter") Signed-off-by: Giuliano Procida <gprocida(a)google.com> --- block/blk-mq.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/block/blk-mq.c b/block/blk-mq.c index 9d53f476c517..cf56bdad2e06 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -2738,6 +2738,10 @@ static void __blk_mq_update_nr_hw_queues(struct blk_mq_tag_set *set, list_for_each_entry(q, &set->tag_list, tag_set_list) blk_mq_freeze_queue(q); + /* + * Sync with blk_mq_queue_tag_busy_iter. + */ + synchronize_rcu(); set->nr_hw_queues = nr_hw_queues; blk_mq_update_queue_map(set); @@ -2748,10 +2752,6 @@ static void __blk_mq_update_nr_hw_queues(struct blk_mq_tag_set *set, list_for_each_entry(q, &set->tag_list, tag_set_list) blk_mq_unfreeze_queue(q); - /* - * Sync with blk_mq_queue_tag_busy_iter. - */ - synchronize_rcu(); } void blk_mq_update_nr_hw_queues(struct blk_mq_tag_set *set, int nr_hw_queues) -- 2.27.0.290.gba653c62da-goog

5 years, 4 months

1
0
0 0

[PATCH] blk-mq: move _blk_mq_update_nr_hw_queues synchronize_rcu call

by Giuliano Procida

This fixes the 4.14 backport commit 574eb136ec7f315c3ef2ca68fa9b3e16c56baa24 which was upstream commit f5bbbbe4d63577026f908a809f22f5fd5a90ea1f. The upstream commit added a call to synchronize_rcu to _blk_mq_update_nr_hw_queues, just after freezing queues. In the backport this landed just after unfreezeing queues. This commit moves the call to its intended place. Fixes: 574eb136ec7f ("blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter") Signed-off-by: Giuliano Procida <gprocida(a)google.com> --- block/blk-mq.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/block/blk-mq.c b/block/blk-mq.c index 9d53f476c517..cf56bdad2e06 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -2738,6 +2738,10 @@ static void __blk_mq_update_nr_hw_queues(struct blk_mq_tag_set *set, list_for_each_entry(q, &set->tag_list, tag_set_list) blk_mq_freeze_queue(q); + /* + * Sync with blk_mq_queue_tag_busy_iter. + */ + synchronize_rcu(); set->nr_hw_queues = nr_hw_queues; blk_mq_update_queue_map(set); @@ -2748,10 +2752,6 @@ static void __blk_mq_update_nr_hw_queues(struct blk_mq_tag_set *set, list_for_each_entry(q, &set->tag_list, tag_set_list) blk_mq_unfreeze_queue(q); - /* - * Sync with blk_mq_queue_tag_busy_iter. - */ - synchronize_rcu(); } void blk_mq_update_nr_hw_queues(struct blk_mq_tag_set *set, int nr_hw_queues) -- 2.27.0.290.gba653c62da-goog

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] ext4: fix race between ext4_sync_parent() and rename()" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 08adf452e628b0e2ce9a01048cfbec52353703d7 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)google.com> Date: Wed, 6 May 2020 11:31:40 -0700 Subject: [PATCH] ext4: fix race between ext4_sync_parent() and rename() 'igrab(d_inode(dentry->d_parent))' without holding dentry->d_lock is broken because without d_lock, d_parent can be concurrently changed due to a rename(). Then if the old directory is immediately deleted, old d_parent->inode can be NULL. That causes a NULL dereference in igrab(). To fix this, use dget_parent() to safely grab a reference to the parent dentry, which pins the inode. This also eliminates the need to use d_find_any_alias() other than for the initial inode, as we no longer throw away the dentry at each step. This is an extremely hard race to hit, but it is possible. Adding a udelay() in between the reads of ->d_parent and its ->d_inode makes it reproducible on a no-journal filesystem using the following program: #include <fcntl.h> #include <unistd.h> int main() { if (fork()) { for (;;) { mkdir("dir1", 0700); int fd = open("dir1/file", O_RDWR|O_CREAT|O_SYNC); write(fd, "X", 1); close(fd); } } else { mkdir("dir2", 0700); for (;;) { rename("dir1/file", "dir2/file"); rmdir("dir1"); } } } Fixes: d59729f4e794 ("ext4: fix races in ext4_sync_parent()") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> Link: https://lore.kernel.org/r/20200506183140.541194-1-ebiggers@kernel.org Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/fsync.c b/fs/ext4/fsync.c index e10206e7f4bb..093c359952cd 100644 --- a/fs/ext4/fsync.c +++ b/fs/ext4/fsync.c @@ -44,30 +44,28 @@ */ static int ext4_sync_parent(struct inode *inode) { - struct dentry *dentry = NULL; - struct inode *next; + struct dentry *dentry, *next; int ret = 0; if (!ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY)) return 0; - inode = igrab(inode); + dentry = d_find_any_alias(inode); + if (!dentry) + return 0; while (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY)) { ext4_clear_inode_state(inode, EXT4_STATE_NEWENTRY); - dentry = d_find_any_alias(inode); - if (!dentry) - break; - next = igrab(d_inode(dentry->d_parent)); + + next = dget_parent(dentry); dput(dentry); - if (!next) - break; - iput(inode); - inode = next; + dentry = next; + inode = dentry->d_inode; + /* * The directory inode may have gone through rmdir by now. But * the inode itself and its blocks are still allocated (we hold - * a reference to the inode so it didn't go through - * ext4_evict_inode()) and so we are safe to flush metadata - * blocks and the inode. + * a reference to the inode via its dentry), so it didn't go + * through ext4_evict_inode()) and so we are safe to flush + * metadata blocks and the inode. */ ret = sync_mapping_buffers(inode->i_mapping); if (ret) @@ -76,7 +74,7 @@ static int ext4_sync_parent(struct inode *inode) if (ret) break; } - iput(inode); + dput(dentry); return ret; }

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] ima: Set again build_ima_appraise variable" failed to apply to 5.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b59fda449cf07f2db3be3a67142e6c000f5e8d79 Mon Sep 17 00:00:00 2001 From: Krzysztof Struczynski <krzysztof.struczynski(a)huawei.com> Date: Mon, 27 Apr 2020 12:28:59 +0200 Subject: [PATCH] ima: Set again build_ima_appraise variable After adding the new add_rule() function in commit c52657d93b05 ("ima: refactor ima_init_policy()"), all appraisal flags are added to the temp_ima_appraise variable. Revert to the previous behavior instead of removing build_ima_appraise, to benefit from the protection offered by __ro_after_init. The mentioned commit introduced a bug, as it makes all the flags modifiable, while build_ima_appraise flags can be protected with __ro_after_init. Cc: stable(a)vger.kernel.org # 5.0.x Fixes: c52657d93b05 ("ima: refactor ima_init_policy()") Co-developed-by: Roberto Sassu <roberto.sassu(a)huawei.com> Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> Signed-off-by: Krzysztof Struczynski <krzysztof.struczynski(a)huawei.com> Signed-off-by: Mimi Zohar <zohar(a)linux.ibm.com> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index ea9b991f0232..ef7f68cc935e 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -643,8 +643,14 @@ static void add_rules(struct ima_rule_entry *entries, int count, list_add_tail(&entry->list, &ima_policy_rules); } - if (entries[i].action == APPRAISE) - temp_ima_appraise |= ima_appraise_flag(entries[i].func); + if (entries[i].action == APPRAISE) { + if (entries != build_appraise_rules) + temp_ima_appraise |= + ima_appraise_flag(entries[i].func); + else + build_ima_appraise |= + ima_appraise_flag(entries[i].func); + } } }

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] ima: Set again build_ima_appraise variable" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b59fda449cf07f2db3be3a67142e6c000f5e8d79 Mon Sep 17 00:00:00 2001 From: Krzysztof Struczynski <krzysztof.struczynski(a)huawei.com> Date: Mon, 27 Apr 2020 12:28:59 +0200 Subject: [PATCH] ima: Set again build_ima_appraise variable After adding the new add_rule() function in commit c52657d93b05 ("ima: refactor ima_init_policy()"), all appraisal flags are added to the temp_ima_appraise variable. Revert to the previous behavior instead of removing build_ima_appraise, to benefit from the protection offered by __ro_after_init. The mentioned commit introduced a bug, as it makes all the flags modifiable, while build_ima_appraise flags can be protected with __ro_after_init. Cc: stable(a)vger.kernel.org # 5.0.x Fixes: c52657d93b05 ("ima: refactor ima_init_policy()") Co-developed-by: Roberto Sassu <roberto.sassu(a)huawei.com> Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> Signed-off-by: Krzysztof Struczynski <krzysztof.struczynski(a)huawei.com> Signed-off-by: Mimi Zohar <zohar(a)linux.ibm.com> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index ea9b991f0232..ef7f68cc935e 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -643,8 +643,14 @@ static void add_rules(struct ima_rule_entry *entries, int count, list_add_tail(&entry->list, &ima_policy_rules); } - if (entries[i].action == APPRAISE) - temp_ima_appraise |= ima_appraise_flag(entries[i].func); + if (entries[i].action == APPRAISE) { + if (entries != build_appraise_rules) + temp_ima_appraise |= + ima_appraise_flag(entries[i].func); + else + build_ima_appraise |= + ima_appraise_flag(entries[i].func); + } } }

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6cc7c266e5b47d3cd2b5bb7fd3aac4e6bb2dd1d2 Mon Sep 17 00:00:00 2001 From: Roberto Sassu <roberto.sassu(a)huawei.com> Date: Wed, 3 Jun 2020 17:08:21 +0200 Subject: [PATCH] ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() If the template field 'd' is chosen and the digest to be added to the measurement entry was not calculated with SHA1 or MD5, it is recalculated with SHA1, by using the passed file descriptor. However, this cannot be done for boot_aggregate, because there is no file descriptor. This patch adds a call to ima_calc_boot_aggregate() in ima_eventdigest_init(), so that the digest can be recalculated also for the boot_aggregate entry. Cc: stable(a)vger.kernel.org # 3.13.x Fixes: 3ce1217d6cd5d ("ima: define template fields library and new helpers") Reported-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> Signed-off-by: Mimi Zohar <zohar(a)linux.ibm.com> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 02796473238b..df93ac258e01 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -57,6 +57,7 @@ extern int ima_hash_algo_idx __ro_after_init; extern int ima_extra_slots __ro_after_init; extern int ima_appraise; extern struct tpm_chip *ima_tpm_chip; +extern const char boot_aggregate_name[]; /* IMA event related data */ struct ima_event_data { @@ -144,7 +145,7 @@ int ima_calc_buffer_hash(const void *buf, loff_t len, struct ima_digest_data *hash); int ima_calc_field_array_hash(struct ima_field_data *field_data, struct ima_template_entry *entry); -int __init ima_calc_boot_aggregate(struct ima_digest_data *hash); +int ima_calc_boot_aggregate(struct ima_digest_data *hash); void ima_add_violation(struct file *file, const unsigned char *filename, struct integrity_iint_cache *iint, const char *op, const char *cause); diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 5201f5ec2ce4..002fdf6994d5 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -806,8 +806,8 @@ static void __init ima_pcrread(u32 idx, struct tpm_digest *d) * hash algorithm for reading the TPM PCRs as for calculating the boot * aggregate digest as stored in the measurement list. */ -static int __init ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id, - struct crypto_shash *tfm) +static int ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id, + struct crypto_shash *tfm) { struct tpm_digest d = { .alg_id = alg_id, .digest = {0} }; int rc; @@ -835,7 +835,7 @@ static int __init ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id, return rc; } -int __init ima_calc_boot_aggregate(struct ima_digest_data *hash) +int ima_calc_boot_aggregate(struct ima_digest_data *hash) { struct crypto_shash *tfm; u16 crypto_id, alg_id; diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index fc1e1002b48d..4902fe7bd570 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -19,7 +19,7 @@ #include "ima.h" /* name for boot aggregate entry */ -static const char boot_aggregate_name[] = "boot_aggregate"; +const char boot_aggregate_name[] = "boot_aggregate"; struct tpm_chip *ima_tpm_chip; /* Add the boot aggregate to the IMA measurement list and extend diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index 9cd1e50f3ccc..635c6ac05050 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -286,6 +286,24 @@ int ima_eventdigest_init(struct ima_event_data *event_data, goto out; } + if ((const char *)event_data->filename == boot_aggregate_name) { + if (ima_tpm_chip) { + hash.hdr.algo = HASH_ALGO_SHA1; + result = ima_calc_boot_aggregate(&hash.hdr); + + /* algo can change depending on available PCR banks */ + if (!result && hash.hdr.algo != HASH_ALGO_SHA1) + result = -EINVAL; + + if (result < 0) + memset(&hash, 0, sizeof(hash)); + } + + cur_digest = hash.hdr.digest; + cur_digestsize = hash_digest_size[HASH_ALGO_SHA1]; + goto out; + } + if (!event_data->file) /* missing info to re-calculate the digest */ return -EINVAL;

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6cc7c266e5b47d3cd2b5bb7fd3aac4e6bb2dd1d2 Mon Sep 17 00:00:00 2001 From: Roberto Sassu <roberto.sassu(a)huawei.com> Date: Wed, 3 Jun 2020 17:08:21 +0200 Subject: [PATCH] ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() If the template field 'd' is chosen and the digest to be added to the measurement entry was not calculated with SHA1 or MD5, it is recalculated with SHA1, by using the passed file descriptor. However, this cannot be done for boot_aggregate, because there is no file descriptor. This patch adds a call to ima_calc_boot_aggregate() in ima_eventdigest_init(), so that the digest can be recalculated also for the boot_aggregate entry. Cc: stable(a)vger.kernel.org # 3.13.x Fixes: 3ce1217d6cd5d ("ima: define template fields library and new helpers") Reported-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> Signed-off-by: Mimi Zohar <zohar(a)linux.ibm.com> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 02796473238b..df93ac258e01 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -57,6 +57,7 @@ extern int ima_hash_algo_idx __ro_after_init; extern int ima_extra_slots __ro_after_init; extern int ima_appraise; extern struct tpm_chip *ima_tpm_chip; +extern const char boot_aggregate_name[]; /* IMA event related data */ struct ima_event_data { @@ -144,7 +145,7 @@ int ima_calc_buffer_hash(const void *buf, loff_t len, struct ima_digest_data *hash); int ima_calc_field_array_hash(struct ima_field_data *field_data, struct ima_template_entry *entry); -int __init ima_calc_boot_aggregate(struct ima_digest_data *hash); +int ima_calc_boot_aggregate(struct ima_digest_data *hash); void ima_add_violation(struct file *file, const unsigned char *filename, struct integrity_iint_cache *iint, const char *op, const char *cause); diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 5201f5ec2ce4..002fdf6994d5 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -806,8 +806,8 @@ static void __init ima_pcrread(u32 idx, struct tpm_digest *d) * hash algorithm for reading the TPM PCRs as for calculating the boot * aggregate digest as stored in the measurement list. */ -static int __init ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id, - struct crypto_shash *tfm) +static int ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id, + struct crypto_shash *tfm) { struct tpm_digest d = { .alg_id = alg_id, .digest = {0} }; int rc; @@ -835,7 +835,7 @@ static int __init ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id, return rc; } -int __init ima_calc_boot_aggregate(struct ima_digest_data *hash) +int ima_calc_boot_aggregate(struct ima_digest_data *hash) { struct crypto_shash *tfm; u16 crypto_id, alg_id; diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index fc1e1002b48d..4902fe7bd570 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -19,7 +19,7 @@ #include "ima.h" /* name for boot aggregate entry */ -static const char boot_aggregate_name[] = "boot_aggregate"; +const char boot_aggregate_name[] = "boot_aggregate"; struct tpm_chip *ima_tpm_chip; /* Add the boot aggregate to the IMA measurement list and extend diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index 9cd1e50f3ccc..635c6ac05050 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -286,6 +286,24 @@ int ima_eventdigest_init(struct ima_event_data *event_data, goto out; } + if ((const char *)event_data->filename == boot_aggregate_name) { + if (ima_tpm_chip) { + hash.hdr.algo = HASH_ALGO_SHA1; + result = ima_calc_boot_aggregate(&hash.hdr); + + /* algo can change depending on available PCR banks */ + if (!result && hash.hdr.algo != HASH_ALGO_SHA1) + result = -EINVAL; + + if (result < 0) + memset(&hash, 0, sizeof(hash)); + } + + cur_digest = hash.hdr.digest; + cur_digestsize = hash_digest_size[HASH_ALGO_SHA1]; + goto out; + } + if (!event_data->file) /* missing info to re-calculate the digest */ return -EINVAL;

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6cc7c266e5b47d3cd2b5bb7fd3aac4e6bb2dd1d2 Mon Sep 17 00:00:00 2001 From: Roberto Sassu <roberto.sassu(a)huawei.com> Date: Wed, 3 Jun 2020 17:08:21 +0200 Subject: [PATCH] ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() If the template field 'd' is chosen and the digest to be added to the measurement entry was not calculated with SHA1 or MD5, it is recalculated with SHA1, by using the passed file descriptor. However, this cannot be done for boot_aggregate, because there is no file descriptor. This patch adds a call to ima_calc_boot_aggregate() in ima_eventdigest_init(), so that the digest can be recalculated also for the boot_aggregate entry. Cc: stable(a)vger.kernel.org # 3.13.x Fixes: 3ce1217d6cd5d ("ima: define template fields library and new helpers") Reported-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> Signed-off-by: Mimi Zohar <zohar(a)linux.ibm.com> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 02796473238b..df93ac258e01 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -57,6 +57,7 @@ extern int ima_hash_algo_idx __ro_after_init; extern int ima_extra_slots __ro_after_init; extern int ima_appraise; extern struct tpm_chip *ima_tpm_chip; +extern const char boot_aggregate_name[]; /* IMA event related data */ struct ima_event_data { @@ -144,7 +145,7 @@ int ima_calc_buffer_hash(const void *buf, loff_t len, struct ima_digest_data *hash); int ima_calc_field_array_hash(struct ima_field_data *field_data, struct ima_template_entry *entry); -int __init ima_calc_boot_aggregate(struct ima_digest_data *hash); +int ima_calc_boot_aggregate(struct ima_digest_data *hash); void ima_add_violation(struct file *file, const unsigned char *filename, struct integrity_iint_cache *iint, const char *op, const char *cause); diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 5201f5ec2ce4..002fdf6994d5 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -806,8 +806,8 @@ static void __init ima_pcrread(u32 idx, struct tpm_digest *d) * hash algorithm for reading the TPM PCRs as for calculating the boot * aggregate digest as stored in the measurement list. */ -static int __init ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id, - struct crypto_shash *tfm) +static int ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id, + struct crypto_shash *tfm) { struct tpm_digest d = { .alg_id = alg_id, .digest = {0} }; int rc; @@ -835,7 +835,7 @@ static int __init ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id, return rc; } -int __init ima_calc_boot_aggregate(struct ima_digest_data *hash) +int ima_calc_boot_aggregate(struct ima_digest_data *hash) { struct crypto_shash *tfm; u16 crypto_id, alg_id; diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index fc1e1002b48d..4902fe7bd570 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -19,7 +19,7 @@ #include "ima.h" /* name for boot aggregate entry */ -static const char boot_aggregate_name[] = "boot_aggregate"; +const char boot_aggregate_name[] = "boot_aggregate"; struct tpm_chip *ima_tpm_chip; /* Add the boot aggregate to the IMA measurement list and extend diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index 9cd1e50f3ccc..635c6ac05050 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -286,6 +286,24 @@ int ima_eventdigest_init(struct ima_event_data *event_data, goto out; } + if ((const char *)event_data->filename == boot_aggregate_name) { + if (ima_tpm_chip) { + hash.hdr.algo = HASH_ALGO_SHA1; + result = ima_calc_boot_aggregate(&hash.hdr); + + /* algo can change depending on available PCR banks */ + if (!result && hash.hdr.algo != HASH_ALGO_SHA1) + result = -EINVAL; + + if (result < 0) + memset(&hash, 0, sizeof(hash)); + } + + cur_digest = hash.hdr.digest; + cur_digestsize = hash_digest_size[HASH_ALGO_SHA1]; + goto out; + } + if (!event_data->file) /* missing info to re-calculate the digest */ return -EINVAL;

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6cc7c266e5b47d3cd2b5bb7fd3aac4e6bb2dd1d2 Mon Sep 17 00:00:00 2001 From: Roberto Sassu <roberto.sassu(a)huawei.com> Date: Wed, 3 Jun 2020 17:08:21 +0200 Subject: [PATCH] ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() If the template field 'd' is chosen and the digest to be added to the measurement entry was not calculated with SHA1 or MD5, it is recalculated with SHA1, by using the passed file descriptor. However, this cannot be done for boot_aggregate, because there is no file descriptor. This patch adds a call to ima_calc_boot_aggregate() in ima_eventdigest_init(), so that the digest can be recalculated also for the boot_aggregate entry. Cc: stable(a)vger.kernel.org # 3.13.x Fixes: 3ce1217d6cd5d ("ima: define template fields library and new helpers") Reported-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> Signed-off-by: Mimi Zohar <zohar(a)linux.ibm.com> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 02796473238b..df93ac258e01 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -57,6 +57,7 @@ extern int ima_hash_algo_idx __ro_after_init; extern int ima_extra_slots __ro_after_init; extern int ima_appraise; extern struct tpm_chip *ima_tpm_chip; +extern const char boot_aggregate_name[]; /* IMA event related data */ struct ima_event_data { @@ -144,7 +145,7 @@ int ima_calc_buffer_hash(const void *buf, loff_t len, struct ima_digest_data *hash); int ima_calc_field_array_hash(struct ima_field_data *field_data, struct ima_template_entry *entry); -int __init ima_calc_boot_aggregate(struct ima_digest_data *hash); +int ima_calc_boot_aggregate(struct ima_digest_data *hash); void ima_add_violation(struct file *file, const unsigned char *filename, struct integrity_iint_cache *iint, const char *op, const char *cause); diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 5201f5ec2ce4..002fdf6994d5 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -806,8 +806,8 @@ static void __init ima_pcrread(u32 idx, struct tpm_digest *d) * hash algorithm for reading the TPM PCRs as for calculating the boot * aggregate digest as stored in the measurement list. */ -static int __init ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id, - struct crypto_shash *tfm) +static int ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id, + struct crypto_shash *tfm) { struct tpm_digest d = { .alg_id = alg_id, .digest = {0} }; int rc; @@ -835,7 +835,7 @@ static int __init ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id, return rc; } -int __init ima_calc_boot_aggregate(struct ima_digest_data *hash) +int ima_calc_boot_aggregate(struct ima_digest_data *hash) { struct crypto_shash *tfm; u16 crypto_id, alg_id; diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index fc1e1002b48d..4902fe7bd570 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -19,7 +19,7 @@ #include "ima.h" /* name for boot aggregate entry */ -static const char boot_aggregate_name[] = "boot_aggregate"; +const char boot_aggregate_name[] = "boot_aggregate"; struct tpm_chip *ima_tpm_chip; /* Add the boot aggregate to the IMA measurement list and extend diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index 9cd1e50f3ccc..635c6ac05050 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -286,6 +286,24 @@ int ima_eventdigest_init(struct ima_event_data *event_data, goto out; } + if ((const char *)event_data->filename == boot_aggregate_name) { + if (ima_tpm_chip) { + hash.hdr.algo = HASH_ALGO_SHA1; + result = ima_calc_boot_aggregate(&hash.hdr); + + /* algo can change depending on available PCR banks */ + if (!result && hash.hdr.algo != HASH_ALGO_SHA1) + result = -EINVAL; + + if (result < 0) + memset(&hash, 0, sizeof(hash)); + } + + cur_digest = hash.hdr.digest; + cur_digestsize = hash_digest_size[HASH_ALGO_SHA1]; + goto out; + } + if (!event_data->file) /* missing info to re-calculate the digest */ return -EINVAL;

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] ima: Directly assign the ima_default_policy pointer to" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 067a436b1b0aafa593344fddd711a755a58afb3b Mon Sep 17 00:00:00 2001 From: Roberto Sassu <roberto.sassu(a)huawei.com> Date: Wed, 3 Jun 2020 17:08:20 +0200 Subject: [PATCH] ima: Directly assign the ima_default_policy pointer to ima_rules This patch prevents the following oops: [ 10.771813] BUG: kernel NULL pointer dereference, address: 0000000000000 [...] [ 10.779790] RIP: 0010:ima_match_policy+0xf7/0xb80 [...] [ 10.798576] Call Trace: [ 10.798993] ? ima_lsm_policy_change+0x2b0/0x2b0 [ 10.799753] ? inode_init_owner+0x1a0/0x1a0 [ 10.800484] ? _raw_spin_lock+0x7a/0xd0 [ 10.801592] ima_must_appraise.part.0+0xb6/0xf0 [ 10.802313] ? ima_fix_xattr.isra.0+0xd0/0xd0 [ 10.803167] ima_must_appraise+0x4f/0x70 [ 10.804004] ima_post_path_mknod+0x2e/0x80 [ 10.804800] do_mknodat+0x396/0x3c0 It occurs when there is a failure during IMA initialization, and ima_init_policy() is not called. IMA hooks still call ima_match_policy() but ima_rules is NULL. This patch prevents the crash by directly assigning the ima_default_policy pointer to ima_rules when ima_rules is defined. This wouldn't alter the existing behavior, as ima_rules is always set at the end of ima_init_policy(). Cc: stable(a)vger.kernel.org # 3.7.x Fixes: 07f6a79415d7d ("ima: add appraise action keywords and default rules") Reported-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> Signed-off-by: Mimi Zohar <zohar(a)linux.ibm.com> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index ef7f68cc935e..e493063a3c34 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -204,7 +204,7 @@ static struct ima_rule_entry *arch_policy_entry __ro_after_init; static LIST_HEAD(ima_default_rules); static LIST_HEAD(ima_policy_rules); static LIST_HEAD(ima_temp_rules); -static struct list_head *ima_rules; +static struct list_head *ima_rules = &ima_default_rules; /* Pre-allocated buffer used for matching keyrings. */ static char *ima_keyrings; @@ -768,7 +768,6 @@ void __init ima_init_policy(void) ARRAY_SIZE(default_appraise_rules), IMA_DEFAULT_POLICY); - ima_rules = &ima_default_rules; ima_update_policy_flag(); }

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] mm/pagealloc.c: call touch_nmi_watchdog() on max order" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 117003c32771df617acf66e140fbdbdeb0ac71f5 Mon Sep 17 00:00:00 2001 From: Daniel Jordan <daniel.m.jordan(a)oracle.com> Date: Wed, 3 Jun 2020 15:59:20 -0700 Subject: [PATCH] mm/pagealloc.c: call touch_nmi_watchdog() on max order boundaries in deferred init Patch series "initialize deferred pages with interrupts enabled", v4. Keep interrupts enabled during deferred page initialization in order to make code more modular and allow jiffies to update. Original approach, and discussion can be found here: http://lkml.kernel.org/r/20200311123848.118638-1-shile.zhang@linux.alibaba.… This patch (of 3): deferred_init_memmap() disables interrupts the entire time, so it calls touch_nmi_watchdog() periodically to avoid soft lockup splats. Soon it will run with interrupts enabled, at which point cond_resched() should be used instead. deferred_grow_zone() makes the same watchdog calls through code shared with deferred init but will continue to run with interrupts disabled, so it can't call cond_resched(). Pull the watchdog calls up to these two places to allow the first to be changed later, independently of the second. The frequency reduces from twice per pageblock (init and free) to once per max order block. Fixes: 3a2d7fa8a3d5 ("mm: disable interrupts while initializing deferred pages") Signed-off-by: Daniel Jordan <daniel.m.jordan(a)oracle.com> Signed-off-by: Pavel Tatashin <pasha.tatashin(a)soleen.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Reviewed-by: David Hildenbrand <david(a)redhat.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Shile Zhang <shile.zhang(a)linux.alibaba.com> Cc: Kirill Tkhai <ktkhai(a)virtuozzo.com> Cc: James Morris <jmorris(a)namei.org> Cc: Sasha Levin <sashal(a)kernel.org> Cc: Yiqian Wei <yiwei(a)redhat.com> Cc: <stable(a)vger.kernel.org> [4.17+] Link: http://lkml.kernel.org/r/20200403140952.17177-2-pasha.tatashin@soleen.com Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 045c4aeeec9a..148cf9a73f0b 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -1693,7 +1693,6 @@ static void __init deferred_free_pages(unsigned long pfn, } else if (!(pfn & nr_pgmask)) { deferred_free_range(pfn - nr_free, nr_free); nr_free = 1; - touch_nmi_watchdog(); } else { nr_free++; } @@ -1723,7 +1722,6 @@ static unsigned long __init deferred_init_pages(struct zone *zone, continue; } else if (!page || !(pfn & nr_pgmask)) { page = pfn_to_page(pfn); - touch_nmi_watchdog(); } else { page++; } @@ -1863,8 +1861,10 @@ static int __init deferred_init_memmap(void *data) * that we can avoid introducing any issues with the buddy * allocator. */ - while (spfn < epfn) + while (spfn < epfn) { nr_pages += deferred_init_maxorder(&i, zone, &spfn, &epfn); + touch_nmi_watchdog(); + } zone_empty: pgdat_resize_unlock(pgdat, &flags); @@ -1948,6 +1948,7 @@ deferred_grow_zone(struct zone *zone, unsigned int order) first_deferred_pfn = spfn; nr_pages += deferred_init_maxorder(&i, zone, &spfn, &epfn); + touch_nmi_watchdog(); /* We should only stop along section boundaries */ if ((first_deferred_pfn ^ spfn) < PAGES_PER_SECTION)

5 years, 4 months

1
0
0 0

[PATCH] blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter

by Giuliano Procida

From: Jianchao Wang <jianchao.w.wang(a)oracle.com> commit f5bbbbe4d63577026f908a809f22f5fd5a90ea1f upstream. For blk-mq, part_in_flight/rw will invoke blk_mq_in_flight/rw to account the inflight requests. It will access the queue_hw_ctx and nr_hw_queues w/o any protection. When updating nr_hw_queues and blk_mq_in_flight/rw occur concurrently, panic comes up. Before update nr_hw_queues, the q will be frozen. So we could use q_usage_counter to avoid the race. percpu_ref_is_zero is used here so that we will not miss any in-flight request. The access to nr_hw_queues and queue_hw_ctx in blk_mq_queue_tag_busy_iter are under rcu critical section, __blk_mq_update_nr_hw_queues could use synchronize_rcu to ensure the zeroed q_usage_counter to be globally visible. Backporting Notes This is a re-backport, landing synchronize_rcu in the right place. Signed-off-by: Jianchao Wang <jianchao.w.wang(a)oracle.com> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Giuliano Procida <gprocida(a)google.com> --- block/blk-mq.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/block/blk-mq.c b/block/blk-mq.c index 9d53f476c517..cf56bdad2e06 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -2738,6 +2738,10 @@ static void __blk_mq_update_nr_hw_queues(struct blk_mq_tag_set *set, list_for_each_entry(q, &set->tag_list, tag_set_list) blk_mq_freeze_queue(q); + /* + * Sync with blk_mq_queue_tag_busy_iter. + */ + synchronize_rcu(); set->nr_hw_queues = nr_hw_queues; blk_mq_update_queue_map(set); @@ -2748,10 +2752,6 @@ static void __blk_mq_update_nr_hw_queues(struct blk_mq_tag_set *set, list_for_each_entry(q, &set->tag_list, tag_set_list) blk_mq_unfreeze_queue(q); - /* - * Sync with blk_mq_queue_tag_busy_iter. - */ - synchronize_rcu(); } void blk_mq_update_nr_hw_queues(struct blk_mq_tag_set *set, int nr_hw_queues) -- 2.27.0.278.ge193c7cf3a9-goog

5 years, 4 months

2
9
0 0

[PATCH 11/11] ima: Remove semicolon at the end of ima_get_binary_runtime_size()

by Roberto Sassu

This patch removes the unnecessary semicolon at the end of ima_get_binary_runtime_size(). Cc: stable(a)vger.kernel.org Fixes: d158847ae89a2 ("ima: maintain memory size needed for serializing the measurement list") Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> --- security/integrity/ima/ima_queue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index fb4ec270f620..c096ef8945c7 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c @@ -133,7 +133,7 @@ unsigned long ima_get_binary_runtime_size(void) return ULONG_MAX; else return binary_runtime_size + sizeof(struct ima_kexec_hdr); -}; +} static int ima_pcr_extend(struct tpm_digest *digests_arg, int pcr) { -- 2.17.1

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] mm: call cond_resched() from deferred_init_memmap()" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From da97f2d56bbd880b4138916a7ef96f9881a551b2 Mon Sep 17 00:00:00 2001 From: Pavel Tatashin <pasha.tatashin(a)soleen.com> Date: Wed, 3 Jun 2020 15:59:27 -0700 Subject: [PATCH] mm: call cond_resched() from deferred_init_memmap() Now that deferred pages are initialized with interrupts enabled we can replace touch_nmi_watchdog() with cond_resched(), as it was before 3a2d7fa8a3d5. For now, we cannot do the same in deferred_grow_zone() as it is still initializes pages with interrupts disabled. This change fixes RCU problem described in https://lkml.kernel.org/r/20200401104156.11564-2-david@redhat.com [ 60.474005] rcu: INFO: rcu_sched detected stalls on CPUs/tasks: [ 60.475000] rcu: 1-...0: (0 ticks this GP) idle=02a/1/0x4000000000000000 softirq=1/1 fqs=15000 [ 60.475000] rcu: (detected by 0, t=60002 jiffies, g=-1199, q=1) [ 60.475000] Sending NMI from CPU 0 to CPUs 1: [ 1.760091] NMI backtrace for cpu 1 [ 1.760091] CPU: 1 PID: 20 Comm: pgdatinit0 Not tainted 4.18.0-147.9.1.el8_1.x86_64 #1 [ 1.760091] Hardware name: Red Hat KVM, BIOS 1.13.0-1.module+el8.2.0+5520+4e5817f3 04/01/2014 [ 1.760091] RIP: 0010:__init_single_page.isra.65+0x10/0x4f [ 1.760091] Code: 48 83 cf 63 48 89 f8 0f 1f 40 00 48 89 c6 48 89 d7 e8 6b 18 80 ff 66 90 5b c3 31 c0 b9 10 00 00 00 49 89 f8 48 c1 e6 33 f3 ab <b8> 07 00 00 00 48 c1 e2 36 41 c7 40 34 01 00 00 00 48 c1 e0 33 41 [ 1.760091] RSP: 0000:ffffba783123be40 EFLAGS: 00000006 [ 1.760091] RAX: 0000000000000000 RBX: fffffad34405e300 RCX: 0000000000000000 [ 1.760091] RDX: 0000000000000000 RSI: 0010000000000000 RDI: fffffad34405e340 [ 1.760091] RBP: 0000000033f3177e R08: fffffad34405e300 R09: 0000000000000002 [ 1.760091] R10: 000000000000002b R11: ffff98afb691a500 R12: 0000000000000002 [ 1.760091] R13: 0000000000000000 R14: 000000003f03ea00 R15: 000000003e10178c [ 1.760091] FS: 0000000000000000(0000) GS:ffff9c9ebeb00000(0000) knlGS:0000000000000000 [ 1.760091] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1.760091] CR2: 00000000ffffffff CR3: 000000a1cf20a001 CR4: 00000000003606e0 [ 1.760091] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1.760091] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1.760091] Call Trace: [ 1.760091] deferred_init_pages+0x8f/0xbf [ 1.760091] deferred_init_memmap+0x184/0x29d [ 1.760091] ? deferred_free_pages.isra.97+0xba/0xba [ 1.760091] kthread+0x112/0x130 [ 1.760091] ? kthread_flush_work_fn+0x10/0x10 [ 1.760091] ret_from_fork+0x35/0x40 [ 89.123011] node 0 initialised, 1055935372 pages in 88650ms Fixes: 3a2d7fa8a3d5 ("mm: disable interrupts while initializing deferred pages") Reported-by: Yiqian Wei <yiwei(a)redhat.com> Signed-off-by: Pavel Tatashin <pasha.tatashin(a)soleen.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Tested-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Daniel Jordan <daniel.m.jordan(a)oracle.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Pankaj Gupta <pankaj.gupta.linux(a)gmail.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: James Morris <jmorris(a)namei.org> Cc: Kirill Tkhai <ktkhai(a)virtuozzo.com> Cc: Sasha Levin <sashal(a)kernel.org> Cc: Shile Zhang <shile.zhang(a)linux.alibaba.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> [4.17+] Link: http://lkml.kernel.org/r/20200403140952.17177-4-pasha.tatashin@soleen.com Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/mm/page_alloc.c b/mm/page_alloc.c index c75561a3f144..2dbc571f68de 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -1870,7 +1870,7 @@ static int __init deferred_init_memmap(void *data) */ while (spfn < epfn) { nr_pages += deferred_init_maxorder(&i, zone, &spfn, &epfn); - touch_nmi_watchdog(); + cond_resched(); } zone_empty: /* Sanity check that the next zone really is unpopulated */

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] mm: call cond_resched() from deferred_init_memmap()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From da97f2d56bbd880b4138916a7ef96f9881a551b2 Mon Sep 17 00:00:00 2001 From: Pavel Tatashin <pasha.tatashin(a)soleen.com> Date: Wed, 3 Jun 2020 15:59:27 -0700 Subject: [PATCH] mm: call cond_resched() from deferred_init_memmap() Now that deferred pages are initialized with interrupts enabled we can replace touch_nmi_watchdog() with cond_resched(), as it was before 3a2d7fa8a3d5. For now, we cannot do the same in deferred_grow_zone() as it is still initializes pages with interrupts disabled. This change fixes RCU problem described in https://lkml.kernel.org/r/20200401104156.11564-2-david@redhat.com [ 60.474005] rcu: INFO: rcu_sched detected stalls on CPUs/tasks: [ 60.475000] rcu: 1-...0: (0 ticks this GP) idle=02a/1/0x4000000000000000 softirq=1/1 fqs=15000 [ 60.475000] rcu: (detected by 0, t=60002 jiffies, g=-1199, q=1) [ 60.475000] Sending NMI from CPU 0 to CPUs 1: [ 1.760091] NMI backtrace for cpu 1 [ 1.760091] CPU: 1 PID: 20 Comm: pgdatinit0 Not tainted 4.18.0-147.9.1.el8_1.x86_64 #1 [ 1.760091] Hardware name: Red Hat KVM, BIOS 1.13.0-1.module+el8.2.0+5520+4e5817f3 04/01/2014 [ 1.760091] RIP: 0010:__init_single_page.isra.65+0x10/0x4f [ 1.760091] Code: 48 83 cf 63 48 89 f8 0f 1f 40 00 48 89 c6 48 89 d7 e8 6b 18 80 ff 66 90 5b c3 31 c0 b9 10 00 00 00 49 89 f8 48 c1 e6 33 f3 ab <b8> 07 00 00 00 48 c1 e2 36 41 c7 40 34 01 00 00 00 48 c1 e0 33 41 [ 1.760091] RSP: 0000:ffffba783123be40 EFLAGS: 00000006 [ 1.760091] RAX: 0000000000000000 RBX: fffffad34405e300 RCX: 0000000000000000 [ 1.760091] RDX: 0000000000000000 RSI: 0010000000000000 RDI: fffffad34405e340 [ 1.760091] RBP: 0000000033f3177e R08: fffffad34405e300 R09: 0000000000000002 [ 1.760091] R10: 000000000000002b R11: ffff98afb691a500 R12: 0000000000000002 [ 1.760091] R13: 0000000000000000 R14: 000000003f03ea00 R15: 000000003e10178c [ 1.760091] FS: 0000000000000000(0000) GS:ffff9c9ebeb00000(0000) knlGS:0000000000000000 [ 1.760091] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1.760091] CR2: 00000000ffffffff CR3: 000000a1cf20a001 CR4: 00000000003606e0 [ 1.760091] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1.760091] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1.760091] Call Trace: [ 1.760091] deferred_init_pages+0x8f/0xbf [ 1.760091] deferred_init_memmap+0x184/0x29d [ 1.760091] ? deferred_free_pages.isra.97+0xba/0xba [ 1.760091] kthread+0x112/0x130 [ 1.760091] ? kthread_flush_work_fn+0x10/0x10 [ 1.760091] ret_from_fork+0x35/0x40 [ 89.123011] node 0 initialised, 1055935372 pages in 88650ms Fixes: 3a2d7fa8a3d5 ("mm: disable interrupts while initializing deferred pages") Reported-by: Yiqian Wei <yiwei(a)redhat.com> Signed-off-by: Pavel Tatashin <pasha.tatashin(a)soleen.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Tested-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Daniel Jordan <daniel.m.jordan(a)oracle.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Pankaj Gupta <pankaj.gupta.linux(a)gmail.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: James Morris <jmorris(a)namei.org> Cc: Kirill Tkhai <ktkhai(a)virtuozzo.com> Cc: Sasha Levin <sashal(a)kernel.org> Cc: Shile Zhang <shile.zhang(a)linux.alibaba.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> [4.17+] Link: http://lkml.kernel.org/r/20200403140952.17177-4-pasha.tatashin@soleen.com Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/mm/page_alloc.c b/mm/page_alloc.c index c75561a3f144..2dbc571f68de 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -1870,7 +1870,7 @@ static int __init deferred_init_memmap(void *data) */ while (spfn < epfn) { nr_pages += deferred_init_maxorder(&i, zone, &spfn, &epfn); - touch_nmi_watchdog(); + cond_resched(); } zone_empty: /* Sanity check that the next zone really is unpopulated */

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: reloc: fix reloc root leak and NULL pointer" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 51415b6c1b117e223bc083e30af675cb5c5498f3 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Tue, 19 May 2020 10:13:20 +0800 Subject: [PATCH] btrfs: reloc: fix reloc root leak and NULL pointer dereference [BUG] When balance is canceled, there is a pretty high chance that unmounting the fs can lead to lead the NULL pointer dereference: BTRFS warning (device dm-3): page private not zero on page 223158272 ... BTRFS warning (device dm-3): page private not zero on page 223162368 BTRFS error (device dm-3): leaked root 18446744073709551608-304 refcount 1 BUG: kernel NULL pointer dereference, address: 0000000000000168 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 2 PID: 5793 Comm: umount Tainted: G O 5.7.0-rc5-custom+ #53 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:__lock_acquire+0x5dc/0x24c0 Call Trace: lock_acquire+0xab/0x390 _raw_spin_lock+0x39/0x80 btrfs_release_extent_buffer_pages+0xd7/0x200 [btrfs] release_extent_buffer+0xb2/0x170 [btrfs] free_extent_buffer+0x66/0xb0 [btrfs] btrfs_put_root+0x8e/0x130 [btrfs] btrfs_check_leaked_roots.cold+0x5/0x5d [btrfs] btrfs_free_fs_info+0xe5/0x120 [btrfs] btrfs_kill_super+0x1f/0x30 [btrfs] deactivate_locked_super+0x3b/0x80 deactivate_super+0x3e/0x50 cleanup_mnt+0x109/0x160 __cleanup_mnt+0x12/0x20 task_work_run+0x67/0xa0 exit_to_usermode_loop+0xc5/0xd0 syscall_return_slowpath+0x205/0x360 do_syscall_64+0x6e/0xb0 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x7fd028ef740b [CAUSE] When balance is canceled, all reloc roots are marked as orphan, and orphan reloc roots are going to be cleaned up. However for orphan reloc roots and merged reloc roots, their lifespan are quite different: Merged reloc roots | Orphan reloc roots by cancel -------------------------------------------------------------------- create_reloc_root() | create_reloc_root() |- refs == 1 | |- refs == 1 | btrfs_grab_root(reloc_root); | btrfs_grab_root(reloc_root); |- refs == 2 | |- refs == 2 | root->reloc_root = reloc_root; | root->reloc_root = reloc_root; >>> No difference so far <<< | prepare_to_merge() | prepare_to_merge() |- btrfs_set_root_refs(item, 1);| |- if (!err) (err == -EINTR) | merge_reloc_roots() | merge_reloc_roots() |- merge_reloc_root() | |- Doing nothing to put reloc root |- insert_dirty_subvol() | |- refs == 2 |- __del_reloc_root() | |- btrfs_put_root() | |- refs == 1 | >>> Now orphan reloc roots still have refs 2 <<< | clean_dirty_subvols() | clean_dirty_subvols() |- btrfs_drop_snapshot() | |- btrfS_drop_snapshot() |- reloc_root get freed | |- reloc_root still has refs 2 | related ebs get freed, but | reloc_root still recorded in | allocated_roots btrfs_check_leaked_roots() | btrfs_check_leaked_roots() |- No leaked roots | |- Leaked reloc_roots detected | |- btrfs_put_root() | |- free_extent_buffer(root->node); | |- eb already freed, caused NULL | pointer dereference [FIX] The fix is to clear fs_root->reloc_root and put it at merge_reloc_roots() time, so that we won't leak reloc roots. Fixes: d2311e698578 ("btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots") CC: stable(a)vger.kernel.org # 5.1+ Tested-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index 58f56e01de0d..81b076e46143 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -1917,12 +1917,10 @@ void merge_reloc_roots(struct reloc_control *rc) reloc_root = list_entry(reloc_roots.next, struct btrfs_root, root_list); + root = read_fs_root(fs_info, reloc_root->root_key.offset); if (btrfs_root_refs(&reloc_root->root_item) > 0) { - root = read_fs_root(fs_info, - reloc_root->root_key.offset); BUG_ON(IS_ERR(root)); BUG_ON(root->reloc_root != reloc_root); - ret = merge_reloc_root(rc, root); btrfs_put_root(root); if (ret) { @@ -1932,6 +1930,14 @@ void merge_reloc_roots(struct reloc_control *rc) goto out; } } else { + if (!IS_ERR(root)) { + if (root->reloc_root == reloc_root) { + root->reloc_root = NULL; + btrfs_put_root(reloc_root); + } + btrfs_put_root(root); + } + list_del_init(&reloc_root->root_list); /* Don't forget to queue this reloc root for cleanup */ list_add_tail(&reloc_root->reloc_dirty_list,

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix a race between scrub and block group" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2473d24f2b77da0ffabcbb916793e58e7f57440b Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 8 May 2020 11:01:10 +0100 Subject: [PATCH] btrfs: fix a race between scrub and block group removal/allocation When scrub is verifying the extents of a block group for a device, it is possible that the corresponding block group gets removed and its logical address and device extents get used for a new block group allocation. When this happens scrub incorrectly reports that errors were detected and, if the the new block group has a different profile then the old one, deleted block group, we can crash due to a null pointer dereference. Possibly other unexpected and weird consequences can happen as well. Consider the following sequence of actions that leads to the null pointer dereference crash when scrub is running in parallel with balance: 1) Balance sets block group X to read-only mode and starts relocating it. Block group X is a metadata block group, has a raid1 profile (two device extents, each one in a different device) and a logical address of 19424870400; 2) Scrub is running and finds device extent E, which belongs to block group X. It enters scrub_stripe() to find all extents allocated to block group X, the search is done using the extent tree; 3) Balance finishes relocating block group X and removes block group X; 4) Balance starts relocating another block group and when trying to commit the current transaction as part of the preparation step (prepare_to_relocate()), it blocks because scrub is running; 5) The scrub task finds the metadata extent at the logical address 19425001472 and marks the pages of the extent to be read by a bio (struct scrub_bio). The extent item's flags, which have the bit BTRFS_EXTENT_FLAG_TREE_BLOCK set, are added to each page (struct scrub_page). It is these flags in the scrub pages that tells the bio's end io function (scrub_bio_end_io_worker) which type of extent it is dealing with. At this point we end up with 4 pages in a bio which is ready for submission (the metadata extent has a size of 16Kb, so that gives 4 pages on x86); 6) At the next iteration of scrub_stripe(), scrub checks that there is a pause request from the relocation task trying to commit a transaction, therefore it submits the pending bio and pauses, waiting for the transaction commit to complete before resuming; 7) The relocation task commits the transaction. The device extent E, that was used by our block group X, is now available for allocation, since the commit root for the device tree was swapped by the transaction commit; 8) Another task doing a direct IO write allocates a new data block group Y which ends using device extent E. This new block group Y also ends up getting the same logical address that block group X had: 19424870400. This happens because block group X was the block group with the highest logical address and, when allocating Y, find_next_chunk() returns the end offset of the current last block group to be used as the logical address for the new block group, which is 18351128576 + 1073741824 = 19424870400 So our new block group Y has the same logical address and device extent that block group X had. However Y is a data block group, while X was a metadata one, and Y has a raid0 profile, while X had a raid1 profile; 9) After allocating block group Y, the direct IO submits a bio to write to device extent E; 10) The read bio submitted by scrub reads the 4 pages (16Kb) from device extent E, which now correspond to the data written by the task that did a direct IO write. Then at the end io function associated with the bio, scrub_bio_end_io_worker(), we call scrub_block_complete() which calls scrub_checksum(). This later function checks the flags of the first page, and sees that the bit BTRFS_EXTENT_FLAG_TREE_BLOCK is set in the flags, so it assumes it has a metadata extent and then calls scrub_checksum_tree_block(). That functions returns an error, since interpreting data as a metadata extent causes the checksum verification to fail. So this makes scrub_checksum() call scrub_handle_errored_block(), which determines 'failed_mirror_index' to be 1, since the device extent E was allocated as the second mirror of block group X. It allocates BTRFS_MAX_MIRRORS scrub_block structures as an array at 'sblocks_for_recheck', and all the memory is initialized to zeroes by kcalloc(). After that it calls scrub_setup_recheck_block(), which is responsible for filling each of those structures. However, when that function calls btrfs_map_sblock() against the logical address of the metadata extent, 19425001472, it gets a struct btrfs_bio ('bbio') that matches the current block group Y. However block group Y has a raid0 profile and not a raid1 profile like X had, so the following call returns 1: scrub_nr_raid_mirrors(bbio) And as a result scrub_setup_recheck_block() only initializes the first (index 0) scrub_block structure in 'sblocks_for_recheck'. Then scrub_recheck_block() is called by scrub_handle_errored_block() with the second (index 1) scrub_block structure as the argument, because 'failed_mirror_index' was previously set to 1. This scrub_block was not initialized by scrub_setup_recheck_block(), so it has zero pages, its 'page_count' member is 0 and its 'pagev' page array has all members pointing to NULL. Finally when scrub_recheck_block() calls scrub_recheck_block_checksum() we have a NULL pointer dereference when accessing the flags of the first page, as pavev[0] is NULL: static void scrub_recheck_block_checksum(struct scrub_block *sblock) { (...) if (sblock->pagev[0]->flags & BTRFS_EXTENT_FLAG_DATA) scrub_checksum_data(sblock); (...) } Producing a stack trace like the following: [542998.008985] BUG: kernel NULL pointer dereference, address: 0000000000000028 [542998.010238] #PF: supervisor read access in kernel mode [542998.010878] #PF: error_code(0x0000) - not-present page [542998.011516] PGD 0 P4D 0 [542998.011929] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI [542998.012786] CPU: 3 PID: 4846 Comm: kworker/u8:1 Tainted: G B W 5.6.0-rc7-btrfs-next-58 #1 [542998.014524] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [542998.016065] Workqueue: btrfs-scrub btrfs_work_helper [btrfs] [542998.017255] RIP: 0010:scrub_recheck_block_checksum+0xf/0x20 [btrfs] [542998.018474] Code: 4c 89 e6 ... [542998.021419] RSP: 0018:ffffa7af0375fbd8 EFLAGS: 00010202 [542998.022120] RAX: 0000000000000000 RBX: ffff9792e674d120 RCX: 0000000000000000 [542998.023178] RDX: 0000000000000001 RSI: ffff9792e674d120 RDI: ffff9792e674d120 [542998.024465] RBP: 0000000000000000 R08: 0000000000000067 R09: 0000000000000001 [542998.025462] R10: ffffa7af0375fa50 R11: 0000000000000000 R12: ffff9791f61fe800 [542998.026357] R13: ffff9792e674d120 R14: 0000000000000001 R15: ffffffffc0e3dfc0 [542998.027237] FS: 0000000000000000(0000) GS:ffff9792fb200000(0000) knlGS:0000000000000000 [542998.028327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [542998.029261] CR2: 0000000000000028 CR3: 00000000b3b18003 CR4: 00000000003606e0 [542998.030301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [542998.031316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [542998.032380] Call Trace: [542998.032752] scrub_recheck_block+0x162/0x400 [btrfs] [542998.033500] ? __alloc_pages_nodemask+0x31e/0x460 [542998.034228] scrub_handle_errored_block+0x6f8/0x1920 [btrfs] [542998.035170] scrub_bio_end_io_worker+0x100/0x520 [btrfs] [542998.035991] btrfs_work_helper+0xaa/0x720 [btrfs] [542998.036735] process_one_work+0x26d/0x6a0 [542998.037275] worker_thread+0x4f/0x3e0 [542998.037740] ? process_one_work+0x6a0/0x6a0 [542998.038378] kthread+0x103/0x140 [542998.038789] ? kthread_create_worker_on_cpu+0x70/0x70 [542998.039419] ret_from_fork+0x3a/0x50 [542998.039875] Modules linked in: dm_snapshot dm_thin_pool ... [542998.047288] CR2: 0000000000000028 [542998.047724] ---[ end trace bde186e176c7f96a ]--- This issue has been around for a long time, possibly since scrub exists. The last time I ran into it was over 2 years ago. After recently fixing fstests to pass the "--full-balance" command line option to btrfs-progs when doing balance, several tests started to more heavily exercise balance with fsstress, scrub and other operations in parallel, and therefore started to hit this issue again (with btrfs/061 for example). Fix this by having scrub increment the 'trimming' counter of the block group, which pins the block group in such a way that it guarantees neither its logical address nor device extents can be reused by future block group allocations until we decrement the 'trimming' counter. Also make sure that on each iteration of scrub_stripe() we stop scrubbing the block group if it was removed already. A later patch in the series will rename the block group's 'trimming' counter and its helpers to a more generic name, since now it is not used exclusively for pinning while trimming anymore. CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c index adaf8ab694d5..7c50ac5b6876 100644 --- a/fs/btrfs/scrub.c +++ b/fs/btrfs/scrub.c @@ -3046,7 +3046,8 @@ static noinline_for_stack int scrub_raid56_parity(struct scrub_ctx *sctx, static noinline_for_stack int scrub_stripe(struct scrub_ctx *sctx, struct map_lookup *map, struct btrfs_device *scrub_dev, - int num, u64 base, u64 length) + int num, u64 base, u64 length, + struct btrfs_block_group *cache) { struct btrfs_path *path, *ppath; struct btrfs_fs_info *fs_info = sctx->fs_info; @@ -3284,6 +3285,20 @@ static noinline_for_stack int scrub_stripe(struct scrub_ctx *sctx, break; } + /* + * If our block group was removed in the meanwhile, just + * stop scrubbing since there is no point in continuing. + * Continuing would prevent reusing its device extents + * for new block groups for a long time. + */ + spin_lock(&cache->lock); + if (cache->removed) { + spin_unlock(&cache->lock); + ret = 0; + goto out; + } + spin_unlock(&cache->lock); + extent = btrfs_item_ptr(l, slot, struct btrfs_extent_item); flags = btrfs_extent_flags(l, extent); @@ -3457,7 +3472,7 @@ static noinline_for_stack int scrub_chunk(struct scrub_ctx *sctx, if (map->stripes[i].dev->bdev == scrub_dev->bdev && map->stripes[i].physical == dev_offset) { ret = scrub_stripe(sctx, map, scrub_dev, i, - chunk_offset, length); + chunk_offset, length, cache); if (ret) goto out; } @@ -3554,6 +3569,23 @@ int scrub_enumerate_chunks(struct scrub_ctx *sctx, if (!cache) goto skip; + /* + * Make sure that while we are scrubbing the corresponding block + * group doesn't get its logical address and its device extents + * reused for another block group, which can possibly be of a + * different type and different profile. We do this to prevent + * false error detections and crashes due to bogus attempts to + * repair extents. + */ + spin_lock(&cache->lock); + if (cache->removed) { + spin_unlock(&cache->lock); + btrfs_put_block_group(cache); + goto skip; + } + btrfs_get_block_group_trimming(cache); + spin_unlock(&cache->lock); + /* * we need call btrfs_inc_block_group_ro() with scrubs_paused, * to avoid deadlock caused by: @@ -3609,6 +3641,7 @@ int scrub_enumerate_chunks(struct scrub_ctx *sctx, } else { btrfs_warn(fs_info, "failed setting block group ro: %d", ret); + btrfs_put_block_group_trimming(cache); btrfs_put_block_group(cache); scrub_pause_off(fs_info); break; @@ -3695,6 +3728,7 @@ int scrub_enumerate_chunks(struct scrub_ctx *sctx, spin_unlock(&cache->lock); } + btrfs_put_block_group_trimming(cache); btrfs_put_block_group(cache); if (ret) break;

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix a race between scrub and block group" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2473d24f2b77da0ffabcbb916793e58e7f57440b Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 8 May 2020 11:01:10 +0100 Subject: [PATCH] btrfs: fix a race between scrub and block group removal/allocation When scrub is verifying the extents of a block group for a device, it is possible that the corresponding block group gets removed and its logical address and device extents get used for a new block group allocation. When this happens scrub incorrectly reports that errors were detected and, if the the new block group has a different profile then the old one, deleted block group, we can crash due to a null pointer dereference. Possibly other unexpected and weird consequences can happen as well. Consider the following sequence of actions that leads to the null pointer dereference crash when scrub is running in parallel with balance: 1) Balance sets block group X to read-only mode and starts relocating it. Block group X is a metadata block group, has a raid1 profile (two device extents, each one in a different device) and a logical address of 19424870400; 2) Scrub is running and finds device extent E, which belongs to block group X. It enters scrub_stripe() to find all extents allocated to block group X, the search is done using the extent tree; 3) Balance finishes relocating block group X and removes block group X; 4) Balance starts relocating another block group and when trying to commit the current transaction as part of the preparation step (prepare_to_relocate()), it blocks because scrub is running; 5) The scrub task finds the metadata extent at the logical address 19425001472 and marks the pages of the extent to be read by a bio (struct scrub_bio). The extent item's flags, which have the bit BTRFS_EXTENT_FLAG_TREE_BLOCK set, are added to each page (struct scrub_page). It is these flags in the scrub pages that tells the bio's end io function (scrub_bio_end_io_worker) which type of extent it is dealing with. At this point we end up with 4 pages in a bio which is ready for submission (the metadata extent has a size of 16Kb, so that gives 4 pages on x86); 6) At the next iteration of scrub_stripe(), scrub checks that there is a pause request from the relocation task trying to commit a transaction, therefore it submits the pending bio and pauses, waiting for the transaction commit to complete before resuming; 7) The relocation task commits the transaction. The device extent E, that was used by our block group X, is now available for allocation, since the commit root for the device tree was swapped by the transaction commit; 8) Another task doing a direct IO write allocates a new data block group Y which ends using device extent E. This new block group Y also ends up getting the same logical address that block group X had: 19424870400. This happens because block group X was the block group with the highest logical address and, when allocating Y, find_next_chunk() returns the end offset of the current last block group to be used as the logical address for the new block group, which is 18351128576 + 1073741824 = 19424870400 So our new block group Y has the same logical address and device extent that block group X had. However Y is a data block group, while X was a metadata one, and Y has a raid0 profile, while X had a raid1 profile; 9) After allocating block group Y, the direct IO submits a bio to write to device extent E; 10) The read bio submitted by scrub reads the 4 pages (16Kb) from device extent E, which now correspond to the data written by the task that did a direct IO write. Then at the end io function associated with the bio, scrub_bio_end_io_worker(), we call scrub_block_complete() which calls scrub_checksum(). This later function checks the flags of the first page, and sees that the bit BTRFS_EXTENT_FLAG_TREE_BLOCK is set in the flags, so it assumes it has a metadata extent and then calls scrub_checksum_tree_block(). That functions returns an error, since interpreting data as a metadata extent causes the checksum verification to fail. So this makes scrub_checksum() call scrub_handle_errored_block(), which determines 'failed_mirror_index' to be 1, since the device extent E was allocated as the second mirror of block group X. It allocates BTRFS_MAX_MIRRORS scrub_block structures as an array at 'sblocks_for_recheck', and all the memory is initialized to zeroes by kcalloc(). After that it calls scrub_setup_recheck_block(), which is responsible for filling each of those structures. However, when that function calls btrfs_map_sblock() against the logical address of the metadata extent, 19425001472, it gets a struct btrfs_bio ('bbio') that matches the current block group Y. However block group Y has a raid0 profile and not a raid1 profile like X had, so the following call returns 1: scrub_nr_raid_mirrors(bbio) And as a result scrub_setup_recheck_block() only initializes the first (index 0) scrub_block structure in 'sblocks_for_recheck'. Then scrub_recheck_block() is called by scrub_handle_errored_block() with the second (index 1) scrub_block structure as the argument, because 'failed_mirror_index' was previously set to 1. This scrub_block was not initialized by scrub_setup_recheck_block(), so it has zero pages, its 'page_count' member is 0 and its 'pagev' page array has all members pointing to NULL. Finally when scrub_recheck_block() calls scrub_recheck_block_checksum() we have a NULL pointer dereference when accessing the flags of the first page, as pavev[0] is NULL: static void scrub_recheck_block_checksum(struct scrub_block *sblock) { (...) if (sblock->pagev[0]->flags & BTRFS_EXTENT_FLAG_DATA) scrub_checksum_data(sblock); (...) } Producing a stack trace like the following: [542998.008985] BUG: kernel NULL pointer dereference, address: 0000000000000028 [542998.010238] #PF: supervisor read access in kernel mode [542998.010878] #PF: error_code(0x0000) - not-present page [542998.011516] PGD 0 P4D 0 [542998.011929] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI [542998.012786] CPU: 3 PID: 4846 Comm: kworker/u8:1 Tainted: G B W 5.6.0-rc7-btrfs-next-58 #1 [542998.014524] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [542998.016065] Workqueue: btrfs-scrub btrfs_work_helper [btrfs] [542998.017255] RIP: 0010:scrub_recheck_block_checksum+0xf/0x20 [btrfs] [542998.018474] Code: 4c 89 e6 ... [542998.021419] RSP: 0018:ffffa7af0375fbd8 EFLAGS: 00010202 [542998.022120] RAX: 0000000000000000 RBX: ffff9792e674d120 RCX: 0000000000000000 [542998.023178] RDX: 0000000000000001 RSI: ffff9792e674d120 RDI: ffff9792e674d120 [542998.024465] RBP: 0000000000000000 R08: 0000000000000067 R09: 0000000000000001 [542998.025462] R10: ffffa7af0375fa50 R11: 0000000000000000 R12: ffff9791f61fe800 [542998.026357] R13: ffff9792e674d120 R14: 0000000000000001 R15: ffffffffc0e3dfc0 [542998.027237] FS: 0000000000000000(0000) GS:ffff9792fb200000(0000) knlGS:0000000000000000 [542998.028327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [542998.029261] CR2: 0000000000000028 CR3: 00000000b3b18003 CR4: 00000000003606e0 [542998.030301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [542998.031316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [542998.032380] Call Trace: [542998.032752] scrub_recheck_block+0x162/0x400 [btrfs] [542998.033500] ? __alloc_pages_nodemask+0x31e/0x460 [542998.034228] scrub_handle_errored_block+0x6f8/0x1920 [btrfs] [542998.035170] scrub_bio_end_io_worker+0x100/0x520 [btrfs] [542998.035991] btrfs_work_helper+0xaa/0x720 [btrfs] [542998.036735] process_one_work+0x26d/0x6a0 [542998.037275] worker_thread+0x4f/0x3e0 [542998.037740] ? process_one_work+0x6a0/0x6a0 [542998.038378] kthread+0x103/0x140 [542998.038789] ? kthread_create_worker_on_cpu+0x70/0x70 [542998.039419] ret_from_fork+0x3a/0x50 [542998.039875] Modules linked in: dm_snapshot dm_thin_pool ... [542998.047288] CR2: 0000000000000028 [542998.047724] ---[ end trace bde186e176c7f96a ]--- This issue has been around for a long time, possibly since scrub exists. The last time I ran into it was over 2 years ago. After recently fixing fstests to pass the "--full-balance" command line option to btrfs-progs when doing balance, several tests started to more heavily exercise balance with fsstress, scrub and other operations in parallel, and therefore started to hit this issue again (with btrfs/061 for example). Fix this by having scrub increment the 'trimming' counter of the block group, which pins the block group in such a way that it guarantees neither its logical address nor device extents can be reused by future block group allocations until we decrement the 'trimming' counter. Also make sure that on each iteration of scrub_stripe() we stop scrubbing the block group if it was removed already. A later patch in the series will rename the block group's 'trimming' counter and its helpers to a more generic name, since now it is not used exclusively for pinning while trimming anymore. CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c index adaf8ab694d5..7c50ac5b6876 100644 --- a/fs/btrfs/scrub.c +++ b/fs/btrfs/scrub.c @@ -3046,7 +3046,8 @@ static noinline_for_stack int scrub_raid56_parity(struct scrub_ctx *sctx, static noinline_for_stack int scrub_stripe(struct scrub_ctx *sctx, struct map_lookup *map, struct btrfs_device *scrub_dev, - int num, u64 base, u64 length) + int num, u64 base, u64 length, + struct btrfs_block_group *cache) { struct btrfs_path *path, *ppath; struct btrfs_fs_info *fs_info = sctx->fs_info; @@ -3284,6 +3285,20 @@ static noinline_for_stack int scrub_stripe(struct scrub_ctx *sctx, break; } + /* + * If our block group was removed in the meanwhile, just + * stop scrubbing since there is no point in continuing. + * Continuing would prevent reusing its device extents + * for new block groups for a long time. + */ + spin_lock(&cache->lock); + if (cache->removed) { + spin_unlock(&cache->lock); + ret = 0; + goto out; + } + spin_unlock(&cache->lock); + extent = btrfs_item_ptr(l, slot, struct btrfs_extent_item); flags = btrfs_extent_flags(l, extent); @@ -3457,7 +3472,7 @@ static noinline_for_stack int scrub_chunk(struct scrub_ctx *sctx, if (map->stripes[i].dev->bdev == scrub_dev->bdev && map->stripes[i].physical == dev_offset) { ret = scrub_stripe(sctx, map, scrub_dev, i, - chunk_offset, length); + chunk_offset, length, cache); if (ret) goto out; } @@ -3554,6 +3569,23 @@ int scrub_enumerate_chunks(struct scrub_ctx *sctx, if (!cache) goto skip; + /* + * Make sure that while we are scrubbing the corresponding block + * group doesn't get its logical address and its device extents + * reused for another block group, which can possibly be of a + * different type and different profile. We do this to prevent + * false error detections and crashes due to bogus attempts to + * repair extents. + */ + spin_lock(&cache->lock); + if (cache->removed) { + spin_unlock(&cache->lock); + btrfs_put_block_group(cache); + goto skip; + } + btrfs_get_block_group_trimming(cache); + spin_unlock(&cache->lock); + /* * we need call btrfs_inc_block_group_ro() with scrubs_paused, * to avoid deadlock caused by: @@ -3609,6 +3641,7 @@ int scrub_enumerate_chunks(struct scrub_ctx *sctx, } else { btrfs_warn(fs_info, "failed setting block group ro: %d", ret); + btrfs_put_block_group_trimming(cache); btrfs_put_block_group(cache); scrub_pause_off(fs_info); break; @@ -3695,6 +3728,7 @@ int scrub_enumerate_chunks(struct scrub_ctx *sctx, spin_unlock(&cache->lock); } + btrfs_put_block_group_trimming(cache); btrfs_put_block_group(cache); if (ret) break;

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix space_info bytes_may_use underflow during space" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2166e5edce9ac1edf3b113d6091ef72fcac2d6c4 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 27 May 2020 11:16:19 +0100 Subject: [PATCH] btrfs: fix space_info bytes_may_use underflow during space cache writeout We always preallocate a data extent for writing a free space cache, which causes writeback to always try the nocow path first, since the free space inode has the prealloc bit set in its flags. However if the block group that contains the data extent for the space cache has been turned to RO mode due to a running scrub or balance for example, we have to fallback to the cow path. In that case once a new data extent is allocated we end up calling btrfs_add_reserved_bytes(), which decrements the counter named bytes_may_use from the data space_info object with the expection that this counter was previously incremented with the same amount (the size of the data extent). However when we started writeout of the space cache at cache_save_setup(), we incremented the value of the bytes_may_use counter through a call to btrfs_check_data_free_space() and then decremented it through a call to btrfs_prealloc_file_range_trans() immediately after. So when starting the writeback if we fallback to cow mode we have to increment the counter bytes_may_use of the data space_info again to compensate for the extent allocation done by the cow path. When this issue happens we are incorrectly decrementing the bytes_may_use counter and when its current value is smaller then the amount we try to subtract we end up with the following warning: ------------[ cut here ]------------ WARNING: CPU: 3 PID: 657 at fs/btrfs/space-info.h:115 btrfs_add_reserved_bytes+0x3d6/0x4e0 [btrfs] Modules linked in: btrfs blake2b_generic xor raid6_pq libcrc32c (...) CPU: 3 PID: 657 Comm: kworker/u8:7 Tainted: G W 5.6.0-rc7-btrfs-next-58 #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Workqueue: writeback wb_workfn (flush-btrfs-1591) RIP: 0010:btrfs_add_reserved_bytes+0x3d6/0x4e0 [btrfs] Code: ff ff 48 (...) RSP: 0000:ffffa41608f13660 EFLAGS: 00010287 RAX: 0000000000001000 RBX: ffff9615b93ae400 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffff9615b96ab410 RBP: fffffffffffee000 R08: 0000000000000001 R09: 0000000000000000 R10: ffff961585e62a40 R11: 0000000000000000 R12: ffff9615b96ab400 R13: ffff9615a1a2a000 R14: 0000000000012000 R15: ffff9615b93ae400 FS: 0000000000000000(0000) GS:ffff9615bb200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055cbbc2ae178 CR3: 0000000115794006 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: find_free_extent+0x4a0/0x16c0 [btrfs] btrfs_reserve_extent+0x91/0x180 [btrfs] cow_file_range+0x12d/0x490 [btrfs] btrfs_run_delalloc_range+0x9f/0x6d0 [btrfs] ? find_lock_delalloc_range+0x221/0x250 [btrfs] writepage_delalloc+0xe8/0x150 [btrfs] __extent_writepage+0xe8/0x4c0 [btrfs] extent_write_cache_pages+0x237/0x530 [btrfs] extent_writepages+0x44/0xa0 [btrfs] do_writepages+0x23/0x80 __writeback_single_inode+0x59/0x700 writeback_sb_inodes+0x267/0x5f0 __writeback_inodes_wb+0x87/0xe0 wb_writeback+0x382/0x590 ? wb_workfn+0x4a2/0x6c0 wb_workfn+0x4a2/0x6c0 process_one_work+0x26d/0x6a0 worker_thread+0x4f/0x3e0 ? process_one_work+0x6a0/0x6a0 kthread+0x103/0x140 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x3a/0x50 irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<ffffffffb2abdedf>] copy_process+0x74f/0x2020 softirqs last enabled at (0): [<ffffffffb2abdedf>] copy_process+0x74f/0x2020 softirqs last disabled at (0): [<0000000000000000>] 0x0 ---[ end trace bd7c03622e0b0a52 ]--- ------------[ cut here ]------------ So fix this by incrementing the bytes_may_use counter of the data space_info when we fallback to the cow path. If the cow path is successful the counter is decremented after extent allocation (by btrfs_add_reserved_bytes()), if it fails it ends up being decremented as well when clearing the delalloc range (extent_clear_unlock_delalloc()). This could be triggered sporadically by the test case btrfs/061 from fstests. Fixes: 82d5902d9c681b ("Btrfs: Support reading/writing on disk free ino cache") CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 486b1da2fc5c..1242d0aa108d 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1359,6 +1359,8 @@ static int fallback_to_cow(struct inode *inode, struct page *locked_page, const u64 start, const u64 end, int *page_started, unsigned long *nr_written) { + const bool is_space_ino = btrfs_is_free_space_inode(BTRFS_I(inode)); + const u64 range_bytes = end + 1 - start; struct extent_io_tree *io_tree = &BTRFS_I(inode)->io_tree; u64 range_start = start; u64 count; @@ -1386,19 +1388,27 @@ static int fallback_to_cow(struct inode *inode, struct page *locked_page, * that if the COW path fails for any reason, it decrements (through * extent_clear_unlock_delalloc()) the bytes_may_use counter of the * data space info, which we incremented in the step above. + * + * If we need to fallback to cow and the inode corresponds to a free + * space cache inode, we must also increment bytes_may_use of the data + * space_info for the same reason. Space caches always get a prealloc + * extent for them, however scrub or balance may have set the block + * group that contains that extent to RO mode. */ - count = count_range_bits(io_tree, &range_start, end, end + 1 - start, + count = count_range_bits(io_tree, &range_start, end, range_bytes, EXTENT_NORESERVE, 0); - if (count > 0) { + if (count > 0 || is_space_ino) { + const u64 bytes = is_space_ino ? range_bytes : count; struct btrfs_fs_info *fs_info = BTRFS_I(inode)->root->fs_info; struct btrfs_space_info *sinfo = fs_info->data_sinfo; spin_lock(&sinfo->lock); - btrfs_space_info_update_bytes_may_use(fs_info, sinfo, count); + btrfs_space_info_update_bytes_may_use(fs_info, sinfo, bytes); spin_unlock(&sinfo->lock); - clear_extent_bit(io_tree, start, end, EXTENT_NORESERVE, 0, 0, - NULL); + if (count > 0) + clear_extent_bit(io_tree, start, end, EXTENT_NORESERVE, + 0, 0, NULL); } return cow_file_range(inode, locked_page, start, end, page_started,

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix space_info bytes_may_use underflow during space" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2166e5edce9ac1edf3b113d6091ef72fcac2d6c4 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 27 May 2020 11:16:19 +0100 Subject: [PATCH] btrfs: fix space_info bytes_may_use underflow during space cache writeout We always preallocate a data extent for writing a free space cache, which causes writeback to always try the nocow path first, since the free space inode has the prealloc bit set in its flags. However if the block group that contains the data extent for the space cache has been turned to RO mode due to a running scrub or balance for example, we have to fallback to the cow path. In that case once a new data extent is allocated we end up calling btrfs_add_reserved_bytes(), which decrements the counter named bytes_may_use from the data space_info object with the expection that this counter was previously incremented with the same amount (the size of the data extent). However when we started writeout of the space cache at cache_save_setup(), we incremented the value of the bytes_may_use counter through a call to btrfs_check_data_free_space() and then decremented it through a call to btrfs_prealloc_file_range_trans() immediately after. So when starting the writeback if we fallback to cow mode we have to increment the counter bytes_may_use of the data space_info again to compensate for the extent allocation done by the cow path. When this issue happens we are incorrectly decrementing the bytes_may_use counter and when its current value is smaller then the amount we try to subtract we end up with the following warning: ------------[ cut here ]------------ WARNING: CPU: 3 PID: 657 at fs/btrfs/space-info.h:115 btrfs_add_reserved_bytes+0x3d6/0x4e0 [btrfs] Modules linked in: btrfs blake2b_generic xor raid6_pq libcrc32c (...) CPU: 3 PID: 657 Comm: kworker/u8:7 Tainted: G W 5.6.0-rc7-btrfs-next-58 #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Workqueue: writeback wb_workfn (flush-btrfs-1591) RIP: 0010:btrfs_add_reserved_bytes+0x3d6/0x4e0 [btrfs] Code: ff ff 48 (...) RSP: 0000:ffffa41608f13660 EFLAGS: 00010287 RAX: 0000000000001000 RBX: ffff9615b93ae400 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffff9615b96ab410 RBP: fffffffffffee000 R08: 0000000000000001 R09: 0000000000000000 R10: ffff961585e62a40 R11: 0000000000000000 R12: ffff9615b96ab400 R13: ffff9615a1a2a000 R14: 0000000000012000 R15: ffff9615b93ae400 FS: 0000000000000000(0000) GS:ffff9615bb200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055cbbc2ae178 CR3: 0000000115794006 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: find_free_extent+0x4a0/0x16c0 [btrfs] btrfs_reserve_extent+0x91/0x180 [btrfs] cow_file_range+0x12d/0x490 [btrfs] btrfs_run_delalloc_range+0x9f/0x6d0 [btrfs] ? find_lock_delalloc_range+0x221/0x250 [btrfs] writepage_delalloc+0xe8/0x150 [btrfs] __extent_writepage+0xe8/0x4c0 [btrfs] extent_write_cache_pages+0x237/0x530 [btrfs] extent_writepages+0x44/0xa0 [btrfs] do_writepages+0x23/0x80 __writeback_single_inode+0x59/0x700 writeback_sb_inodes+0x267/0x5f0 __writeback_inodes_wb+0x87/0xe0 wb_writeback+0x382/0x590 ? wb_workfn+0x4a2/0x6c0 wb_workfn+0x4a2/0x6c0 process_one_work+0x26d/0x6a0 worker_thread+0x4f/0x3e0 ? process_one_work+0x6a0/0x6a0 kthread+0x103/0x140 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x3a/0x50 irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<ffffffffb2abdedf>] copy_process+0x74f/0x2020 softirqs last enabled at (0): [<ffffffffb2abdedf>] copy_process+0x74f/0x2020 softirqs last disabled at (0): [<0000000000000000>] 0x0 ---[ end trace bd7c03622e0b0a52 ]--- ------------[ cut here ]------------ So fix this by incrementing the bytes_may_use counter of the data space_info when we fallback to the cow path. If the cow path is successful the counter is decremented after extent allocation (by btrfs_add_reserved_bytes()), if it fails it ends up being decremented as well when clearing the delalloc range (extent_clear_unlock_delalloc()). This could be triggered sporadically by the test case btrfs/061 from fstests. Fixes: 82d5902d9c681b ("Btrfs: Support reading/writing on disk free ino cache") CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 486b1da2fc5c..1242d0aa108d 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1359,6 +1359,8 @@ static int fallback_to_cow(struct inode *inode, struct page *locked_page, const u64 start, const u64 end, int *page_started, unsigned long *nr_written) { + const bool is_space_ino = btrfs_is_free_space_inode(BTRFS_I(inode)); + const u64 range_bytes = end + 1 - start; struct extent_io_tree *io_tree = &BTRFS_I(inode)->io_tree; u64 range_start = start; u64 count; @@ -1386,19 +1388,27 @@ static int fallback_to_cow(struct inode *inode, struct page *locked_page, * that if the COW path fails for any reason, it decrements (through * extent_clear_unlock_delalloc()) the bytes_may_use counter of the * data space info, which we incremented in the step above. + * + * If we need to fallback to cow and the inode corresponds to a free + * space cache inode, we must also increment bytes_may_use of the data + * space_info for the same reason. Space caches always get a prealloc + * extent for them, however scrub or balance may have set the block + * group that contains that extent to RO mode. */ - count = count_range_bits(io_tree, &range_start, end, end + 1 - start, + count = count_range_bits(io_tree, &range_start, end, range_bytes, EXTENT_NORESERVE, 0); - if (count > 0) { + if (count > 0 || is_space_ino) { + const u64 bytes = is_space_ino ? range_bytes : count; struct btrfs_fs_info *fs_info = BTRFS_I(inode)->root->fs_info; struct btrfs_space_info *sinfo = fs_info->data_sinfo; spin_lock(&sinfo->lock); - btrfs_space_info_update_bytes_may_use(fs_info, sinfo, count); + btrfs_space_info_update_bytes_may_use(fs_info, sinfo, bytes); spin_unlock(&sinfo->lock); - clear_extent_bit(io_tree, start, end, EXTENT_NORESERVE, 0, 0, - NULL); + if (count > 0) + clear_extent_bit(io_tree, start, end, EXTENT_NORESERVE, + 0, 0, NULL); } return cow_file_range(inode, locked_page, start, end, page_started,

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix space_info bytes_may_use underflow during space" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2166e5edce9ac1edf3b113d6091ef72fcac2d6c4 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 27 May 2020 11:16:19 +0100 Subject: [PATCH] btrfs: fix space_info bytes_may_use underflow during space cache writeout We always preallocate a data extent for writing a free space cache, which causes writeback to always try the nocow path first, since the free space inode has the prealloc bit set in its flags. However if the block group that contains the data extent for the space cache has been turned to RO mode due to a running scrub or balance for example, we have to fallback to the cow path. In that case once a new data extent is allocated we end up calling btrfs_add_reserved_bytes(), which decrements the counter named bytes_may_use from the data space_info object with the expection that this counter was previously incremented with the same amount (the size of the data extent). However when we started writeout of the space cache at cache_save_setup(), we incremented the value of the bytes_may_use counter through a call to btrfs_check_data_free_space() and then decremented it through a call to btrfs_prealloc_file_range_trans() immediately after. So when starting the writeback if we fallback to cow mode we have to increment the counter bytes_may_use of the data space_info again to compensate for the extent allocation done by the cow path. When this issue happens we are incorrectly decrementing the bytes_may_use counter and when its current value is smaller then the amount we try to subtract we end up with the following warning: ------------[ cut here ]------------ WARNING: CPU: 3 PID: 657 at fs/btrfs/space-info.h:115 btrfs_add_reserved_bytes+0x3d6/0x4e0 [btrfs] Modules linked in: btrfs blake2b_generic xor raid6_pq libcrc32c (...) CPU: 3 PID: 657 Comm: kworker/u8:7 Tainted: G W 5.6.0-rc7-btrfs-next-58 #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Workqueue: writeback wb_workfn (flush-btrfs-1591) RIP: 0010:btrfs_add_reserved_bytes+0x3d6/0x4e0 [btrfs] Code: ff ff 48 (...) RSP: 0000:ffffa41608f13660 EFLAGS: 00010287 RAX: 0000000000001000 RBX: ffff9615b93ae400 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffff9615b96ab410 RBP: fffffffffffee000 R08: 0000000000000001 R09: 0000000000000000 R10: ffff961585e62a40 R11: 0000000000000000 R12: ffff9615b96ab400 R13: ffff9615a1a2a000 R14: 0000000000012000 R15: ffff9615b93ae400 FS: 0000000000000000(0000) GS:ffff9615bb200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055cbbc2ae178 CR3: 0000000115794006 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: find_free_extent+0x4a0/0x16c0 [btrfs] btrfs_reserve_extent+0x91/0x180 [btrfs] cow_file_range+0x12d/0x490 [btrfs] btrfs_run_delalloc_range+0x9f/0x6d0 [btrfs] ? find_lock_delalloc_range+0x221/0x250 [btrfs] writepage_delalloc+0xe8/0x150 [btrfs] __extent_writepage+0xe8/0x4c0 [btrfs] extent_write_cache_pages+0x237/0x530 [btrfs] extent_writepages+0x44/0xa0 [btrfs] do_writepages+0x23/0x80 __writeback_single_inode+0x59/0x700 writeback_sb_inodes+0x267/0x5f0 __writeback_inodes_wb+0x87/0xe0 wb_writeback+0x382/0x590 ? wb_workfn+0x4a2/0x6c0 wb_workfn+0x4a2/0x6c0 process_one_work+0x26d/0x6a0 worker_thread+0x4f/0x3e0 ? process_one_work+0x6a0/0x6a0 kthread+0x103/0x140 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x3a/0x50 irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<ffffffffb2abdedf>] copy_process+0x74f/0x2020 softirqs last enabled at (0): [<ffffffffb2abdedf>] copy_process+0x74f/0x2020 softirqs last disabled at (0): [<0000000000000000>] 0x0 ---[ end trace bd7c03622e0b0a52 ]--- ------------[ cut here ]------------ So fix this by incrementing the bytes_may_use counter of the data space_info when we fallback to the cow path. If the cow path is successful the counter is decremented after extent allocation (by btrfs_add_reserved_bytes()), if it fails it ends up being decremented as well when clearing the delalloc range (extent_clear_unlock_delalloc()). This could be triggered sporadically by the test case btrfs/061 from fstests. Fixes: 82d5902d9c681b ("Btrfs: Support reading/writing on disk free ino cache") CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 486b1da2fc5c..1242d0aa108d 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1359,6 +1359,8 @@ static int fallback_to_cow(struct inode *inode, struct page *locked_page, const u64 start, const u64 end, int *page_started, unsigned long *nr_written) { + const bool is_space_ino = btrfs_is_free_space_inode(BTRFS_I(inode)); + const u64 range_bytes = end + 1 - start; struct extent_io_tree *io_tree = &BTRFS_I(inode)->io_tree; u64 range_start = start; u64 count; @@ -1386,19 +1388,27 @@ static int fallback_to_cow(struct inode *inode, struct page *locked_page, * that if the COW path fails for any reason, it decrements (through * extent_clear_unlock_delalloc()) the bytes_may_use counter of the * data space info, which we incremented in the step above. + * + * If we need to fallback to cow and the inode corresponds to a free + * space cache inode, we must also increment bytes_may_use of the data + * space_info for the same reason. Space caches always get a prealloc + * extent for them, however scrub or balance may have set the block + * group that contains that extent to RO mode. */ - count = count_range_bits(io_tree, &range_start, end, end + 1 - start, + count = count_range_bits(io_tree, &range_start, end, range_bytes, EXTENT_NORESERVE, 0); - if (count > 0) { + if (count > 0 || is_space_ino) { + const u64 bytes = is_space_ino ? range_bytes : count; struct btrfs_fs_info *fs_info = BTRFS_I(inode)->root->fs_info; struct btrfs_space_info *sinfo = fs_info->data_sinfo; spin_lock(&sinfo->lock); - btrfs_space_info_update_bytes_may_use(fs_info, sinfo, count); + btrfs_space_info_update_bytes_may_use(fs_info, sinfo, bytes); spin_unlock(&sinfo->lock); - clear_extent_bit(io_tree, start, end, EXTENT_NORESERVE, 0, 0, - NULL); + if (count > 0) + clear_extent_bit(io_tree, start, end, EXTENT_NORESERVE, + 0, 0, NULL); } return cow_file_range(inode, locked_page, start, end, page_started,

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix space_info bytes_may_use underflow during space" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2166e5edce9ac1edf3b113d6091ef72fcac2d6c4 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 27 May 2020 11:16:19 +0100 Subject: [PATCH] btrfs: fix space_info bytes_may_use underflow during space cache writeout We always preallocate a data extent for writing a free space cache, which causes writeback to always try the nocow path first, since the free space inode has the prealloc bit set in its flags. However if the block group that contains the data extent for the space cache has been turned to RO mode due to a running scrub or balance for example, we have to fallback to the cow path. In that case once a new data extent is allocated we end up calling btrfs_add_reserved_bytes(), which decrements the counter named bytes_may_use from the data space_info object with the expection that this counter was previously incremented with the same amount (the size of the data extent). However when we started writeout of the space cache at cache_save_setup(), we incremented the value of the bytes_may_use counter through a call to btrfs_check_data_free_space() and then decremented it through a call to btrfs_prealloc_file_range_trans() immediately after. So when starting the writeback if we fallback to cow mode we have to increment the counter bytes_may_use of the data space_info again to compensate for the extent allocation done by the cow path. When this issue happens we are incorrectly decrementing the bytes_may_use counter and when its current value is smaller then the amount we try to subtract we end up with the following warning: ------------[ cut here ]------------ WARNING: CPU: 3 PID: 657 at fs/btrfs/space-info.h:115 btrfs_add_reserved_bytes+0x3d6/0x4e0 [btrfs] Modules linked in: btrfs blake2b_generic xor raid6_pq libcrc32c (...) CPU: 3 PID: 657 Comm: kworker/u8:7 Tainted: G W 5.6.0-rc7-btrfs-next-58 #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Workqueue: writeback wb_workfn (flush-btrfs-1591) RIP: 0010:btrfs_add_reserved_bytes+0x3d6/0x4e0 [btrfs] Code: ff ff 48 (...) RSP: 0000:ffffa41608f13660 EFLAGS: 00010287 RAX: 0000000000001000 RBX: ffff9615b93ae400 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffff9615b96ab410 RBP: fffffffffffee000 R08: 0000000000000001 R09: 0000000000000000 R10: ffff961585e62a40 R11: 0000000000000000 R12: ffff9615b96ab400 R13: ffff9615a1a2a000 R14: 0000000000012000 R15: ffff9615b93ae400 FS: 0000000000000000(0000) GS:ffff9615bb200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055cbbc2ae178 CR3: 0000000115794006 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: find_free_extent+0x4a0/0x16c0 [btrfs] btrfs_reserve_extent+0x91/0x180 [btrfs] cow_file_range+0x12d/0x490 [btrfs] btrfs_run_delalloc_range+0x9f/0x6d0 [btrfs] ? find_lock_delalloc_range+0x221/0x250 [btrfs] writepage_delalloc+0xe8/0x150 [btrfs] __extent_writepage+0xe8/0x4c0 [btrfs] extent_write_cache_pages+0x237/0x530 [btrfs] extent_writepages+0x44/0xa0 [btrfs] do_writepages+0x23/0x80 __writeback_single_inode+0x59/0x700 writeback_sb_inodes+0x267/0x5f0 __writeback_inodes_wb+0x87/0xe0 wb_writeback+0x382/0x590 ? wb_workfn+0x4a2/0x6c0 wb_workfn+0x4a2/0x6c0 process_one_work+0x26d/0x6a0 worker_thread+0x4f/0x3e0 ? process_one_work+0x6a0/0x6a0 kthread+0x103/0x140 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x3a/0x50 irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<ffffffffb2abdedf>] copy_process+0x74f/0x2020 softirqs last enabled at (0): [<ffffffffb2abdedf>] copy_process+0x74f/0x2020 softirqs last disabled at (0): [<0000000000000000>] 0x0 ---[ end trace bd7c03622e0b0a52 ]--- ------------[ cut here ]------------ So fix this by incrementing the bytes_may_use counter of the data space_info when we fallback to the cow path. If the cow path is successful the counter is decremented after extent allocation (by btrfs_add_reserved_bytes()), if it fails it ends up being decremented as well when clearing the delalloc range (extent_clear_unlock_delalloc()). This could be triggered sporadically by the test case btrfs/061 from fstests. Fixes: 82d5902d9c681b ("Btrfs: Support reading/writing on disk free ino cache") CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 486b1da2fc5c..1242d0aa108d 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1359,6 +1359,8 @@ static int fallback_to_cow(struct inode *inode, struct page *locked_page, const u64 start, const u64 end, int *page_started, unsigned long *nr_written) { + const bool is_space_ino = btrfs_is_free_space_inode(BTRFS_I(inode)); + const u64 range_bytes = end + 1 - start; struct extent_io_tree *io_tree = &BTRFS_I(inode)->io_tree; u64 range_start = start; u64 count; @@ -1386,19 +1388,27 @@ static int fallback_to_cow(struct inode *inode, struct page *locked_page, * that if the COW path fails for any reason, it decrements (through * extent_clear_unlock_delalloc()) the bytes_may_use counter of the * data space info, which we incremented in the step above. + * + * If we need to fallback to cow and the inode corresponds to a free + * space cache inode, we must also increment bytes_may_use of the data + * space_info for the same reason. Space caches always get a prealloc + * extent for them, however scrub or balance may have set the block + * group that contains that extent to RO mode. */ - count = count_range_bits(io_tree, &range_start, end, end + 1 - start, + count = count_range_bits(io_tree, &range_start, end, range_bytes, EXTENT_NORESERVE, 0); - if (count > 0) { + if (count > 0 || is_space_ino) { + const u64 bytes = is_space_ino ? range_bytes : count; struct btrfs_fs_info *fs_info = BTRFS_I(inode)->root->fs_info; struct btrfs_space_info *sinfo = fs_info->data_sinfo; spin_lock(&sinfo->lock); - btrfs_space_info_update_bytes_may_use(fs_info, sinfo, count); + btrfs_space_info_update_bytes_may_use(fs_info, sinfo, bytes); spin_unlock(&sinfo->lock); - clear_extent_bit(io_tree, start, end, EXTENT_NORESERVE, 0, 0, - NULL); + if (count > 0) + clear_extent_bit(io_tree, start, end, EXTENT_NORESERVE, + 0, 0, NULL); } return cow_file_range(inode, locked_page, start, end, page_started,

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix space_info bytes_may_use underflow after nocow" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 467dc47ea99c56e966e99d09dae54869850abeeb Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 27 May 2020 11:16:07 +0100 Subject: [PATCH] btrfs: fix space_info bytes_may_use underflow after nocow buffered write When doing a buffered write we always try to reserve data space for it, even when the file has the NOCOW bit set or the write falls into a file range covered by a prealloc extent. This is done both because it is expensive to check if we can do a nocow write (checking if an extent is shared through reflinks or if there's a hole in the range for example), and because when writeback starts we might actually need to fallback to COW mode (for example the block group containing the target extents was turned into RO mode due to a scrub or balance). When we are unable to reserve data space we check if we can do a nocow write, and if we can, we proceed with dirtying the pages and setting up the range for delalloc. In this case the bytes_may_use counter of the data space_info object is not incremented, unlike in the case where we are able to reserve data space (done through btrfs_check_data_free_space() which calls btrfs_alloc_data_chunk_ondemand()). Later when running delalloc we attempt to start writeback in nocow mode but we might revert back to cow mode, for example because in the meanwhile a block group was turned into RO mode by a scrub or relocation. The cow path after successfully allocating an extent ends up calling btrfs_add_reserved_bytes(), which expects the bytes_may_use counter of the data space_info object to have been incremented before - but we did not do it when the buffered write started, since there was not enough available data space. So btrfs_add_reserved_bytes() ends up decrementing the bytes_may_use counter anyway, and when the counter's current value is smaller then the size of the allocated extent we get a stack trace like the following: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 20138 at fs/btrfs/space-info.h:115 btrfs_add_reserved_bytes+0x3d6/0x4e0 [btrfs] Modules linked in: btrfs blake2b_generic xor raid6_pq libcrc32c (...) CPU: 0 PID: 20138 Comm: kworker/u8:15 Not tainted 5.6.0-rc7-btrfs-next-58 #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Workqueue: writeback wb_workfn (flush-btrfs-1754) RIP: 0010:btrfs_add_reserved_bytes+0x3d6/0x4e0 [btrfs] Code: ff ff 48 (...) RSP: 0018:ffffbda18a4b3568 EFLAGS: 00010287 RAX: 0000000000000000 RBX: ffff9ca076f5d800 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffff9ca068470410 RBP: fffffffffffff000 R08: 0000000000000001 R09: 0000000000000000 R10: ffff9ca079d58040 R11: 0000000000000000 R12: ffff9ca068470400 R13: ffff9ca0408b2000 R14: 0000000000001000 R15: ffff9ca076f5d800 FS: 0000000000000000(0000) GS:ffff9ca07a600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005605dbfe7048 CR3: 0000000138570006 CR4: 00000000003606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: find_free_extent+0x4a0/0x16c0 [btrfs] btrfs_reserve_extent+0x91/0x180 [btrfs] cow_file_range+0x12d/0x490 [btrfs] run_delalloc_nocow+0x341/0xa40 [btrfs] btrfs_run_delalloc_range+0x1ea/0x6d0 [btrfs] ? find_lock_delalloc_range+0x221/0x250 [btrfs] writepage_delalloc+0xe8/0x150 [btrfs] __extent_writepage+0xe8/0x4c0 [btrfs] extent_write_cache_pages+0x237/0x530 [btrfs] ? btrfs_wq_submit_bio+0x9f/0xc0 [btrfs] extent_writepages+0x44/0xa0 [btrfs] do_writepages+0x23/0x80 __writeback_single_inode+0x59/0x700 writeback_sb_inodes+0x267/0x5f0 __writeback_inodes_wb+0x87/0xe0 wb_writeback+0x382/0x590 ? wb_workfn+0x4a2/0x6c0 wb_workfn+0x4a2/0x6c0 process_one_work+0x26d/0x6a0 worker_thread+0x4f/0x3e0 ? process_one_work+0x6a0/0x6a0 kthread+0x103/0x140 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x3a/0x50 irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<ffffffff94ebdedf>] copy_process+0x74f/0x2020 softirqs last enabled at (0): [<ffffffff94ebdedf>] copy_process+0x74f/0x2020 softirqs last disabled at (0): [<0000000000000000>] 0x0 ---[ end trace f9f6ef8ec4cd8ec9 ]--- So to fix this, when falling back into cow mode check if space was not reserved, by testing for the bit EXTENT_NORESERVE in the respective file range, and if not, increment the bytes_may_use counter for the data space_info object. Also clear the EXTENT_NORESERVE bit from the range, so that if the cow path fails it decrements the bytes_may_use counter when clearing the delalloc range (through the btrfs_clear_delalloc_extent() callback). Fixes: 7ee9e4405f264e ("Btrfs: check if we can nocow if we don't have data space") CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 1b6cd937f214..486b1da2fc5c 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -48,6 +48,7 @@ #include "qgroup.h" #include "delalloc-space.h" #include "block-group.h" +#include "space-info.h" struct btrfs_iget_args { u64 ino; @@ -1354,6 +1355,56 @@ static noinline int csum_exist_in_range(struct btrfs_fs_info *fs_info, return 1; } +static int fallback_to_cow(struct inode *inode, struct page *locked_page, + const u64 start, const u64 end, + int *page_started, unsigned long *nr_written) +{ + struct extent_io_tree *io_tree = &BTRFS_I(inode)->io_tree; + u64 range_start = start; + u64 count; + + /* + * If EXTENT_NORESERVE is set it means that when the buffered write was + * made we had not enough available data space and therefore we did not + * reserve data space for it, since we though we could do NOCOW for the + * respective file range (either there is prealloc extent or the inode + * has the NOCOW bit set). + * + * However when we need to fallback to COW mode (because for example the + * block group for the corresponding extent was turned to RO mode by a + * scrub or relocation) we need to do the following: + * + * 1) We increment the bytes_may_use counter of the data space info. + * If COW succeeds, it allocates a new data extent and after doing + * that it decrements the space info's bytes_may_use counter and + * increments its bytes_reserved counter by the same amount (we do + * this at btrfs_add_reserved_bytes()). So we need to increment the + * bytes_may_use counter to compensate (when space is reserved at + * buffered write time, the bytes_may_use counter is incremented); + * + * 2) We clear the EXTENT_NORESERVE bit from the range. We do this so + * that if the COW path fails for any reason, it decrements (through + * extent_clear_unlock_delalloc()) the bytes_may_use counter of the + * data space info, which we incremented in the step above. + */ + count = count_range_bits(io_tree, &range_start, end, end + 1 - start, + EXTENT_NORESERVE, 0); + if (count > 0) { + struct btrfs_fs_info *fs_info = BTRFS_I(inode)->root->fs_info; + struct btrfs_space_info *sinfo = fs_info->data_sinfo; + + spin_lock(&sinfo->lock); + btrfs_space_info_update_bytes_may_use(fs_info, sinfo, count); + spin_unlock(&sinfo->lock); + + clear_extent_bit(io_tree, start, end, EXTENT_NORESERVE, 0, 0, + NULL); + } + + return cow_file_range(inode, locked_page, start, end, page_started, + nr_written, 1); +} + /* * when nowcow writeback call back. This checks for snapshots or COW copies * of the extents that exist in the file, and COWs the file as required. @@ -1601,9 +1652,9 @@ static noinline int run_delalloc_nocow(struct inode *inode, * NOCOW, following one which needs to be COW'ed */ if (cow_start != (u64)-1) { - ret = cow_file_range(inode, locked_page, - cow_start, found_key.offset - 1, - page_started, nr_written, 1); + ret = fallback_to_cow(inode, locked_page, cow_start, + found_key.offset - 1, + page_started, nr_written); if (ret) { if (nocow) btrfs_dec_nocow_writers(fs_info, @@ -1692,8 +1743,8 @@ static noinline int run_delalloc_nocow(struct inode *inode, if (cow_start != (u64)-1) { cur_offset = end; - ret = cow_file_range(inode, locked_page, cow_start, end, - page_started, nr_written, 1); + ret = fallback_to_cow(inode, locked_page, cow_start, end, + page_started, nr_written); if (ret) goto error; }

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix space_info bytes_may_use underflow after nocow" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 467dc47ea99c56e966e99d09dae54869850abeeb Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 27 May 2020 11:16:07 +0100 Subject: [PATCH] btrfs: fix space_info bytes_may_use underflow after nocow buffered write When doing a buffered write we always try to reserve data space for it, even when the file has the NOCOW bit set or the write falls into a file range covered by a prealloc extent. This is done both because it is expensive to check if we can do a nocow write (checking if an extent is shared through reflinks or if there's a hole in the range for example), and because when writeback starts we might actually need to fallback to COW mode (for example the block group containing the target extents was turned into RO mode due to a scrub or balance). When we are unable to reserve data space we check if we can do a nocow write, and if we can, we proceed with dirtying the pages and setting up the range for delalloc. In this case the bytes_may_use counter of the data space_info object is not incremented, unlike in the case where we are able to reserve data space (done through btrfs_check_data_free_space() which calls btrfs_alloc_data_chunk_ondemand()). Later when running delalloc we attempt to start writeback in nocow mode but we might revert back to cow mode, for example because in the meanwhile a block group was turned into RO mode by a scrub or relocation. The cow path after successfully allocating an extent ends up calling btrfs_add_reserved_bytes(), which expects the bytes_may_use counter of the data space_info object to have been incremented before - but we did not do it when the buffered write started, since there was not enough available data space. So btrfs_add_reserved_bytes() ends up decrementing the bytes_may_use counter anyway, and when the counter's current value is smaller then the size of the allocated extent we get a stack trace like the following: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 20138 at fs/btrfs/space-info.h:115 btrfs_add_reserved_bytes+0x3d6/0x4e0 [btrfs] Modules linked in: btrfs blake2b_generic xor raid6_pq libcrc32c (...) CPU: 0 PID: 20138 Comm: kworker/u8:15 Not tainted 5.6.0-rc7-btrfs-next-58 #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Workqueue: writeback wb_workfn (flush-btrfs-1754) RIP: 0010:btrfs_add_reserved_bytes+0x3d6/0x4e0 [btrfs] Code: ff ff 48 (...) RSP: 0018:ffffbda18a4b3568 EFLAGS: 00010287 RAX: 0000000000000000 RBX: ffff9ca076f5d800 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffff9ca068470410 RBP: fffffffffffff000 R08: 0000000000000001 R09: 0000000000000000 R10: ffff9ca079d58040 R11: 0000000000000000 R12: ffff9ca068470400 R13: ffff9ca0408b2000 R14: 0000000000001000 R15: ffff9ca076f5d800 FS: 0000000000000000(0000) GS:ffff9ca07a600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005605dbfe7048 CR3: 0000000138570006 CR4: 00000000003606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: find_free_extent+0x4a0/0x16c0 [btrfs] btrfs_reserve_extent+0x91/0x180 [btrfs] cow_file_range+0x12d/0x490 [btrfs] run_delalloc_nocow+0x341/0xa40 [btrfs] btrfs_run_delalloc_range+0x1ea/0x6d0 [btrfs] ? find_lock_delalloc_range+0x221/0x250 [btrfs] writepage_delalloc+0xe8/0x150 [btrfs] __extent_writepage+0xe8/0x4c0 [btrfs] extent_write_cache_pages+0x237/0x530 [btrfs] ? btrfs_wq_submit_bio+0x9f/0xc0 [btrfs] extent_writepages+0x44/0xa0 [btrfs] do_writepages+0x23/0x80 __writeback_single_inode+0x59/0x700 writeback_sb_inodes+0x267/0x5f0 __writeback_inodes_wb+0x87/0xe0 wb_writeback+0x382/0x590 ? wb_workfn+0x4a2/0x6c0 wb_workfn+0x4a2/0x6c0 process_one_work+0x26d/0x6a0 worker_thread+0x4f/0x3e0 ? process_one_work+0x6a0/0x6a0 kthread+0x103/0x140 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x3a/0x50 irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<ffffffff94ebdedf>] copy_process+0x74f/0x2020 softirqs last enabled at (0): [<ffffffff94ebdedf>] copy_process+0x74f/0x2020 softirqs last disabled at (0): [<0000000000000000>] 0x0 ---[ end trace f9f6ef8ec4cd8ec9 ]--- So to fix this, when falling back into cow mode check if space was not reserved, by testing for the bit EXTENT_NORESERVE in the respective file range, and if not, increment the bytes_may_use counter for the data space_info object. Also clear the EXTENT_NORESERVE bit from the range, so that if the cow path fails it decrements the bytes_may_use counter when clearing the delalloc range (through the btrfs_clear_delalloc_extent() callback). Fixes: 7ee9e4405f264e ("Btrfs: check if we can nocow if we don't have data space") CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 1b6cd937f214..486b1da2fc5c 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -48,6 +48,7 @@ #include "qgroup.h" #include "delalloc-space.h" #include "block-group.h" +#include "space-info.h" struct btrfs_iget_args { u64 ino; @@ -1354,6 +1355,56 @@ static noinline int csum_exist_in_range(struct btrfs_fs_info *fs_info, return 1; } +static int fallback_to_cow(struct inode *inode, struct page *locked_page, + const u64 start, const u64 end, + int *page_started, unsigned long *nr_written) +{ + struct extent_io_tree *io_tree = &BTRFS_I(inode)->io_tree; + u64 range_start = start; + u64 count; + + /* + * If EXTENT_NORESERVE is set it means that when the buffered write was + * made we had not enough available data space and therefore we did not + * reserve data space for it, since we though we could do NOCOW for the + * respective file range (either there is prealloc extent or the inode + * has the NOCOW bit set). + * + * However when we need to fallback to COW mode (because for example the + * block group for the corresponding extent was turned to RO mode by a + * scrub or relocation) we need to do the following: + * + * 1) We increment the bytes_may_use counter of the data space info. + * If COW succeeds, it allocates a new data extent and after doing + * that it decrements the space info's bytes_may_use counter and + * increments its bytes_reserved counter by the same amount (we do + * this at btrfs_add_reserved_bytes()). So we need to increment the + * bytes_may_use counter to compensate (when space is reserved at + * buffered write time, the bytes_may_use counter is incremented); + * + * 2) We clear the EXTENT_NORESERVE bit from the range. We do this so + * that if the COW path fails for any reason, it decrements (through + * extent_clear_unlock_delalloc()) the bytes_may_use counter of the + * data space info, which we incremented in the step above. + */ + count = count_range_bits(io_tree, &range_start, end, end + 1 - start, + EXTENT_NORESERVE, 0); + if (count > 0) { + struct btrfs_fs_info *fs_info = BTRFS_I(inode)->root->fs_info; + struct btrfs_space_info *sinfo = fs_info->data_sinfo; + + spin_lock(&sinfo->lock); + btrfs_space_info_update_bytes_may_use(fs_info, sinfo, count); + spin_unlock(&sinfo->lock); + + clear_extent_bit(io_tree, start, end, EXTENT_NORESERVE, 0, 0, + NULL); + } + + return cow_file_range(inode, locked_page, start, end, page_started, + nr_written, 1); +} + /* * when nowcow writeback call back. This checks for snapshots or COW copies * of the extents that exist in the file, and COWs the file as required. @@ -1601,9 +1652,9 @@ static noinline int run_delalloc_nocow(struct inode *inode, * NOCOW, following one which needs to be COW'ed */ if (cow_start != (u64)-1) { - ret = cow_file_range(inode, locked_page, - cow_start, found_key.offset - 1, - page_started, nr_written, 1); + ret = fallback_to_cow(inode, locked_page, cow_start, + found_key.offset - 1, + page_started, nr_written); if (ret) { if (nocow) btrfs_dec_nocow_writers(fs_info, @@ -1692,8 +1743,8 @@ static noinline int run_delalloc_nocow(struct inode *inode, if (cow_start != (u64)-1) { cur_offset = end; - ret = cow_file_range(inode, locked_page, cow_start, end, - page_started, nr_written, 1); + ret = fallback_to_cow(inode, locked_page, cow_start, end, + page_started, nr_written); if (ret) goto error; }

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix space_info bytes_may_use underflow after nocow" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 467dc47ea99c56e966e99d09dae54869850abeeb Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 27 May 2020 11:16:07 +0100 Subject: [PATCH] btrfs: fix space_info bytes_may_use underflow after nocow buffered write When doing a buffered write we always try to reserve data space for it, even when the file has the NOCOW bit set or the write falls into a file range covered by a prealloc extent. This is done both because it is expensive to check if we can do a nocow write (checking if an extent is shared through reflinks or if there's a hole in the range for example), and because when writeback starts we might actually need to fallback to COW mode (for example the block group containing the target extents was turned into RO mode due to a scrub or balance). When we are unable to reserve data space we check if we can do a nocow write, and if we can, we proceed with dirtying the pages and setting up the range for delalloc. In this case the bytes_may_use counter of the data space_info object is not incremented, unlike in the case where we are able to reserve data space (done through btrfs_check_data_free_space() which calls btrfs_alloc_data_chunk_ondemand()). Later when running delalloc we attempt to start writeback in nocow mode but we might revert back to cow mode, for example because in the meanwhile a block group was turned into RO mode by a scrub or relocation. The cow path after successfully allocating an extent ends up calling btrfs_add_reserved_bytes(), which expects the bytes_may_use counter of the data space_info object to have been incremented before - but we did not do it when the buffered write started, since there was not enough available data space. So btrfs_add_reserved_bytes() ends up decrementing the bytes_may_use counter anyway, and when the counter's current value is smaller then the size of the allocated extent we get a stack trace like the following: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 20138 at fs/btrfs/space-info.h:115 btrfs_add_reserved_bytes+0x3d6/0x4e0 [btrfs] Modules linked in: btrfs blake2b_generic xor raid6_pq libcrc32c (...) CPU: 0 PID: 20138 Comm: kworker/u8:15 Not tainted 5.6.0-rc7-btrfs-next-58 #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Workqueue: writeback wb_workfn (flush-btrfs-1754) RIP: 0010:btrfs_add_reserved_bytes+0x3d6/0x4e0 [btrfs] Code: ff ff 48 (...) RSP: 0018:ffffbda18a4b3568 EFLAGS: 00010287 RAX: 0000000000000000 RBX: ffff9ca076f5d800 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffff9ca068470410 RBP: fffffffffffff000 R08: 0000000000000001 R09: 0000000000000000 R10: ffff9ca079d58040 R11: 0000000000000000 R12: ffff9ca068470400 R13: ffff9ca0408b2000 R14: 0000000000001000 R15: ffff9ca076f5d800 FS: 0000000000000000(0000) GS:ffff9ca07a600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005605dbfe7048 CR3: 0000000138570006 CR4: 00000000003606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: find_free_extent+0x4a0/0x16c0 [btrfs] btrfs_reserve_extent+0x91/0x180 [btrfs] cow_file_range+0x12d/0x490 [btrfs] run_delalloc_nocow+0x341/0xa40 [btrfs] btrfs_run_delalloc_range+0x1ea/0x6d0 [btrfs] ? find_lock_delalloc_range+0x221/0x250 [btrfs] writepage_delalloc+0xe8/0x150 [btrfs] __extent_writepage+0xe8/0x4c0 [btrfs] extent_write_cache_pages+0x237/0x530 [btrfs] ? btrfs_wq_submit_bio+0x9f/0xc0 [btrfs] extent_writepages+0x44/0xa0 [btrfs] do_writepages+0x23/0x80 __writeback_single_inode+0x59/0x700 writeback_sb_inodes+0x267/0x5f0 __writeback_inodes_wb+0x87/0xe0 wb_writeback+0x382/0x590 ? wb_workfn+0x4a2/0x6c0 wb_workfn+0x4a2/0x6c0 process_one_work+0x26d/0x6a0 worker_thread+0x4f/0x3e0 ? process_one_work+0x6a0/0x6a0 kthread+0x103/0x140 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x3a/0x50 irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<ffffffff94ebdedf>] copy_process+0x74f/0x2020 softirqs last enabled at (0): [<ffffffff94ebdedf>] copy_process+0x74f/0x2020 softirqs last disabled at (0): [<0000000000000000>] 0x0 ---[ end trace f9f6ef8ec4cd8ec9 ]--- So to fix this, when falling back into cow mode check if space was not reserved, by testing for the bit EXTENT_NORESERVE in the respective file range, and if not, increment the bytes_may_use counter for the data space_info object. Also clear the EXTENT_NORESERVE bit from the range, so that if the cow path fails it decrements the bytes_may_use counter when clearing the delalloc range (through the btrfs_clear_delalloc_extent() callback). Fixes: 7ee9e4405f264e ("Btrfs: check if we can nocow if we don't have data space") CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 1b6cd937f214..486b1da2fc5c 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -48,6 +48,7 @@ #include "qgroup.h" #include "delalloc-space.h" #include "block-group.h" +#include "space-info.h" struct btrfs_iget_args { u64 ino; @@ -1354,6 +1355,56 @@ static noinline int csum_exist_in_range(struct btrfs_fs_info *fs_info, return 1; } +static int fallback_to_cow(struct inode *inode, struct page *locked_page, + const u64 start, const u64 end, + int *page_started, unsigned long *nr_written) +{ + struct extent_io_tree *io_tree = &BTRFS_I(inode)->io_tree; + u64 range_start = start; + u64 count; + + /* + * If EXTENT_NORESERVE is set it means that when the buffered write was + * made we had not enough available data space and therefore we did not + * reserve data space for it, since we though we could do NOCOW for the + * respective file range (either there is prealloc extent or the inode + * has the NOCOW bit set). + * + * However when we need to fallback to COW mode (because for example the + * block group for the corresponding extent was turned to RO mode by a + * scrub or relocation) we need to do the following: + * + * 1) We increment the bytes_may_use counter of the data space info. + * If COW succeeds, it allocates a new data extent and after doing + * that it decrements the space info's bytes_may_use counter and + * increments its bytes_reserved counter by the same amount (we do + * this at btrfs_add_reserved_bytes()). So we need to increment the + * bytes_may_use counter to compensate (when space is reserved at + * buffered write time, the bytes_may_use counter is incremented); + * + * 2) We clear the EXTENT_NORESERVE bit from the range. We do this so + * that if the COW path fails for any reason, it decrements (through + * extent_clear_unlock_delalloc()) the bytes_may_use counter of the + * data space info, which we incremented in the step above. + */ + count = count_range_bits(io_tree, &range_start, end, end + 1 - start, + EXTENT_NORESERVE, 0); + if (count > 0) { + struct btrfs_fs_info *fs_info = BTRFS_I(inode)->root->fs_info; + struct btrfs_space_info *sinfo = fs_info->data_sinfo; + + spin_lock(&sinfo->lock); + btrfs_space_info_update_bytes_may_use(fs_info, sinfo, count); + spin_unlock(&sinfo->lock); + + clear_extent_bit(io_tree, start, end, EXTENT_NORESERVE, 0, 0, + NULL); + } + + return cow_file_range(inode, locked_page, start, end, page_started, + nr_written, 1); +} + /* * when nowcow writeback call back. This checks for snapshots or COW copies * of the extents that exist in the file, and COWs the file as required. @@ -1601,9 +1652,9 @@ static noinline int run_delalloc_nocow(struct inode *inode, * NOCOW, following one which needs to be COW'ed */ if (cow_start != (u64)-1) { - ret = cow_file_range(inode, locked_page, - cow_start, found_key.offset - 1, - page_started, nr_written, 1); + ret = fallback_to_cow(inode, locked_page, cow_start, + found_key.offset - 1, + page_started, nr_written); if (ret) { if (nocow) btrfs_dec_nocow_writers(fs_info, @@ -1692,8 +1743,8 @@ static noinline int run_delalloc_nocow(struct inode *inode, if (cow_start != (u64)-1) { cur_offset = end; - ret = cow_file_range(inode, locked_page, cow_start, end, - page_started, nr_written, 1); + ret = fallback_to_cow(inode, locked_page, cow_start, end, + page_started, nr_written); if (ret) goto error; }

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix space_info bytes_may_use underflow after nocow" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 467dc47ea99c56e966e99d09dae54869850abeeb Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 27 May 2020 11:16:07 +0100 Subject: [PATCH] btrfs: fix space_info bytes_may_use underflow after nocow buffered write When doing a buffered write we always try to reserve data space for it, even when the file has the NOCOW bit set or the write falls into a file range covered by a prealloc extent. This is done both because it is expensive to check if we can do a nocow write (checking if an extent is shared through reflinks or if there's a hole in the range for example), and because when writeback starts we might actually need to fallback to COW mode (for example the block group containing the target extents was turned into RO mode due to a scrub or balance). When we are unable to reserve data space we check if we can do a nocow write, and if we can, we proceed with dirtying the pages and setting up the range for delalloc. In this case the bytes_may_use counter of the data space_info object is not incremented, unlike in the case where we are able to reserve data space (done through btrfs_check_data_free_space() which calls btrfs_alloc_data_chunk_ondemand()). Later when running delalloc we attempt to start writeback in nocow mode but we might revert back to cow mode, for example because in the meanwhile a block group was turned into RO mode by a scrub or relocation. The cow path after successfully allocating an extent ends up calling btrfs_add_reserved_bytes(), which expects the bytes_may_use counter of the data space_info object to have been incremented before - but we did not do it when the buffered write started, since there was not enough available data space. So btrfs_add_reserved_bytes() ends up decrementing the bytes_may_use counter anyway, and when the counter's current value is smaller then the size of the allocated extent we get a stack trace like the following: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 20138 at fs/btrfs/space-info.h:115 btrfs_add_reserved_bytes+0x3d6/0x4e0 [btrfs] Modules linked in: btrfs blake2b_generic xor raid6_pq libcrc32c (...) CPU: 0 PID: 20138 Comm: kworker/u8:15 Not tainted 5.6.0-rc7-btrfs-next-58 #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Workqueue: writeback wb_workfn (flush-btrfs-1754) RIP: 0010:btrfs_add_reserved_bytes+0x3d6/0x4e0 [btrfs] Code: ff ff 48 (...) RSP: 0018:ffffbda18a4b3568 EFLAGS: 00010287 RAX: 0000000000000000 RBX: ffff9ca076f5d800 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffff9ca068470410 RBP: fffffffffffff000 R08: 0000000000000001 R09: 0000000000000000 R10: ffff9ca079d58040 R11: 0000000000000000 R12: ffff9ca068470400 R13: ffff9ca0408b2000 R14: 0000000000001000 R15: ffff9ca076f5d800 FS: 0000000000000000(0000) GS:ffff9ca07a600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005605dbfe7048 CR3: 0000000138570006 CR4: 00000000003606f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: find_free_extent+0x4a0/0x16c0 [btrfs] btrfs_reserve_extent+0x91/0x180 [btrfs] cow_file_range+0x12d/0x490 [btrfs] run_delalloc_nocow+0x341/0xa40 [btrfs] btrfs_run_delalloc_range+0x1ea/0x6d0 [btrfs] ? find_lock_delalloc_range+0x221/0x250 [btrfs] writepage_delalloc+0xe8/0x150 [btrfs] __extent_writepage+0xe8/0x4c0 [btrfs] extent_write_cache_pages+0x237/0x530 [btrfs] ? btrfs_wq_submit_bio+0x9f/0xc0 [btrfs] extent_writepages+0x44/0xa0 [btrfs] do_writepages+0x23/0x80 __writeback_single_inode+0x59/0x700 writeback_sb_inodes+0x267/0x5f0 __writeback_inodes_wb+0x87/0xe0 wb_writeback+0x382/0x590 ? wb_workfn+0x4a2/0x6c0 wb_workfn+0x4a2/0x6c0 process_one_work+0x26d/0x6a0 worker_thread+0x4f/0x3e0 ? process_one_work+0x6a0/0x6a0 kthread+0x103/0x140 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x3a/0x50 irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<ffffffff94ebdedf>] copy_process+0x74f/0x2020 softirqs last enabled at (0): [<ffffffff94ebdedf>] copy_process+0x74f/0x2020 softirqs last disabled at (0): [<0000000000000000>] 0x0 ---[ end trace f9f6ef8ec4cd8ec9 ]--- So to fix this, when falling back into cow mode check if space was not reserved, by testing for the bit EXTENT_NORESERVE in the respective file range, and if not, increment the bytes_may_use counter for the data space_info object. Also clear the EXTENT_NORESERVE bit from the range, so that if the cow path fails it decrements the bytes_may_use counter when clearing the delalloc range (through the btrfs_clear_delalloc_extent() callback). Fixes: 7ee9e4405f264e ("Btrfs: check if we can nocow if we don't have data space") CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 1b6cd937f214..486b1da2fc5c 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -48,6 +48,7 @@ #include "qgroup.h" #include "delalloc-space.h" #include "block-group.h" +#include "space-info.h" struct btrfs_iget_args { u64 ino; @@ -1354,6 +1355,56 @@ static noinline int csum_exist_in_range(struct btrfs_fs_info *fs_info, return 1; } +static int fallback_to_cow(struct inode *inode, struct page *locked_page, + const u64 start, const u64 end, + int *page_started, unsigned long *nr_written) +{ + struct extent_io_tree *io_tree = &BTRFS_I(inode)->io_tree; + u64 range_start = start; + u64 count; + + /* + * If EXTENT_NORESERVE is set it means that when the buffered write was + * made we had not enough available data space and therefore we did not + * reserve data space for it, since we though we could do NOCOW for the + * respective file range (either there is prealloc extent or the inode + * has the NOCOW bit set). + * + * However when we need to fallback to COW mode (because for example the + * block group for the corresponding extent was turned to RO mode by a + * scrub or relocation) we need to do the following: + * + * 1) We increment the bytes_may_use counter of the data space info. + * If COW succeeds, it allocates a new data extent and after doing + * that it decrements the space info's bytes_may_use counter and + * increments its bytes_reserved counter by the same amount (we do + * this at btrfs_add_reserved_bytes()). So we need to increment the + * bytes_may_use counter to compensate (when space is reserved at + * buffered write time, the bytes_may_use counter is incremented); + * + * 2) We clear the EXTENT_NORESERVE bit from the range. We do this so + * that if the COW path fails for any reason, it decrements (through + * extent_clear_unlock_delalloc()) the bytes_may_use counter of the + * data space info, which we incremented in the step above. + */ + count = count_range_bits(io_tree, &range_start, end, end + 1 - start, + EXTENT_NORESERVE, 0); + if (count > 0) { + struct btrfs_fs_info *fs_info = BTRFS_I(inode)->root->fs_info; + struct btrfs_space_info *sinfo = fs_info->data_sinfo; + + spin_lock(&sinfo->lock); + btrfs_space_info_update_bytes_may_use(fs_info, sinfo, count); + spin_unlock(&sinfo->lock); + + clear_extent_bit(io_tree, start, end, EXTENT_NORESERVE, 0, 0, + NULL); + } + + return cow_file_range(inode, locked_page, start, end, page_started, + nr_written, 1); +} + /* * when nowcow writeback call back. This checks for snapshots or COW copies * of the extents that exist in the file, and COWs the file as required. @@ -1601,9 +1652,9 @@ static noinline int run_delalloc_nocow(struct inode *inode, * NOCOW, following one which needs to be COW'ed */ if (cow_start != (u64)-1) { - ret = cow_file_range(inode, locked_page, - cow_start, found_key.offset - 1, - page_started, nr_written, 1); + ret = fallback_to_cow(inode, locked_page, cow_start, + found_key.offset - 1, + page_started, nr_written); if (ret) { if (nocow) btrfs_dec_nocow_writers(fs_info, @@ -1692,8 +1743,8 @@ static noinline int run_delalloc_nocow(struct inode *inode, if (cow_start != (u64)-1) { cur_offset = end; - ret = cow_file_range(inode, locked_page, cow_start, end, - page_started, nr_written, 1); + ret = fallback_to_cow(inode, locked_page, cow_start, end, + page_started, nr_written); if (ret) goto error; }

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix wrong file range cleanup after an error filling" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e2c8e92d1140754073ad3799eb6620c76bab2078 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 27 May 2020 11:15:53 +0100 Subject: [PATCH] btrfs: fix wrong file range cleanup after an error filling dealloc range If an error happens while running dellaloc in COW mode for a range, we can end up calling extent_clear_unlock_delalloc() for a range that goes beyond our range's end offset by 1 byte, which affects 1 extra page. This results in clearing bits and doing page operations (such as a page unlock) outside our target range. Fix that by calling extent_clear_unlock_delalloc() with an inclusive end offset, instead of an exclusive end offset, at cow_file_range(). Fixes: a315e68f6e8b30 ("Btrfs: fix invalid attempt to free reserved space on failure to cow range") CC: stable(a)vger.kernel.org # 4.14+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 4583f0763571..1b6cd937f214 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1141,7 +1141,7 @@ static noinline int cow_file_range(struct inode *inode, */ if (extent_reserved) { extent_clear_unlock_delalloc(inode, start, - start + cur_alloc_size, + start + cur_alloc_size - 1, locked_page, clear_bits, page_ops);

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix wrong file range cleanup after an error filling" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e2c8e92d1140754073ad3799eb6620c76bab2078 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 27 May 2020 11:15:53 +0100 Subject: [PATCH] btrfs: fix wrong file range cleanup after an error filling dealloc range If an error happens while running dellaloc in COW mode for a range, we can end up calling extent_clear_unlock_delalloc() for a range that goes beyond our range's end offset by 1 byte, which affects 1 extra page. This results in clearing bits and doing page operations (such as a page unlock) outside our target range. Fix that by calling extent_clear_unlock_delalloc() with an inclusive end offset, instead of an exclusive end offset, at cow_file_range(). Fixes: a315e68f6e8b30 ("Btrfs: fix invalid attempt to free reserved space on failure to cow range") CC: stable(a)vger.kernel.org # 4.14+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 4583f0763571..1b6cd937f214 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1141,7 +1141,7 @@ static noinline int cow_file_range(struct inode *inode, */ if (extent_reserved) { extent_clear_unlock_delalloc(inode, start, - start + cur_alloc_size, + start + cur_alloc_size - 1, locked_page, clear_bits, page_ops);

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix corrupt log due to concurrent fsync of inodes with" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e289f03ea79bbc6574b78ac25682555423a91cbb Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Mon, 18 May 2020 12:14:50 +0100 Subject: [PATCH] btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents When we have extents shared amongst different inodes in the same subvolume, if we fsync them in parallel we can end up with checksum items in the log tree that represent ranges which overlap. For example, consider we have inodes A and B, both sharing an extent that covers the logical range from X to X + 64KiB: 1) Task A starts an fsync on inode A; 2) Task B starts an fsync on inode B; 3) Task A calls btrfs_csum_file_blocks(), and the first search in the log tree, through btrfs_lookup_csum(), returns -EFBIG because it finds an existing checksum item that covers the range from X - 64KiB to X; 4) Task A checks that the checksum item has not reached the maximum possible size (MAX_CSUM_ITEMS) and then releases the search path before it does another path search for insertion (through a direct call to btrfs_search_slot()); 5) As soon as task A releases the path and before it does the search for insertion, task B calls btrfs_csum_file_blocks() and gets -EFBIG too, because there is an existing checksum item that has an end offset that matches the start offset (X) of the checksum range we want to log; 6) Task B releases the path; 7) Task A does the path search for insertion (through btrfs_search_slot()) and then verifies that the checksum item that ends at offset X still exists and extends its size to insert the checksums for the range from X to X + 64KiB; 8) Task A releases the path and returns from btrfs_csum_file_blocks(), having inserted the checksums into an existing checksum item that got its size extended. At this point we have one checksum item in the log tree that covers the logical range from X - 64KiB to X + 64KiB; 9) Task B now does a search for insertion using btrfs_search_slot() too, but it finds that the previous checksum item no longer ends at the offset X, it now ends at an of offset X + 64KiB, so it leaves that item untouched. Then it releases the path and calls btrfs_insert_empty_item() that inserts a checksum item with a key offset corresponding to X and a size for inserting a single checksum (4 bytes in case of crc32c). Subsequent iterations end up extending this new checksum item so that it contains the checksums for the range from X to X + 64KiB. So after task B returns from btrfs_csum_file_blocks() we end up with two checksum items in the log tree that have overlapping ranges, one for the range from X - 64KiB to X + 64KiB, and another for the range from X to X + 64KiB. Having checksum items that represent ranges which overlap, regardless of being in the log tree or in the chekcsums tree, can lead to problems where checksums for a file range end up not being found. This type of problem has happened a few times in the past and the following commits fixed them and explain in detail why having checksum items with overlapping ranges is problematic: 27b9a8122ff71a "Btrfs: fix csum tree corruption, duplicate and outdated checksums" b84b8390d6009c "Btrfs: fix file read corruption after extent cloning and fsync" 40e046acbd2f36 "Btrfs: fix missing data checksums after replaying a log tree" Since this specific instance of the problem can only happen when logging inodes, because it is the only case where concurrent attempts to insert checksums for the same range can happen, fix the issue by using an extent io tree as a range lock to serialize checksum insertion during inode logging. This issue could often be reproduced by the test case generic/457 from fstests. When it happens it produces the following trace: BTRFS critical (device dm-0): corrupt leaf: root=18446744073709551610 block=30625792 slot=42, csum end range (15020032) goes beyond the start range (15015936) of the next csum item BTRFS info (device dm-0): leaf 30625792 gen 7 total ptrs 49 free space 2402 owner 18446744073709551610 BTRFS info (device dm-0): refs 1 lock (w:0 r:0 bw:0 br:0 sw:0 sr:0) lock_owner 0 current 15884 item 0 key (18446744073709551606 128 13979648) itemoff 3991 itemsize 4 item 1 key (18446744073709551606 128 13983744) itemoff 3987 itemsize 4 item 2 key (18446744073709551606 128 13987840) itemoff 3983 itemsize 4 item 3 key (18446744073709551606 128 13991936) itemoff 3979 itemsize 4 item 4 key (18446744073709551606 128 13996032) itemoff 3975 itemsize 4 item 5 key (18446744073709551606 128 14000128) itemoff 3971 itemsize 4 (...) BTRFS error (device dm-0): block=30625792 write time tree block corruption detected ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15884 at fs/btrfs/disk-io.c:539 btree_csum_one_bio+0x268/0x2d0 [btrfs] Modules linked in: btrfs dm_thin_pool ... CPU: 1 PID: 15884 Comm: fsx Tainted: G W 5.6.0-rc7-btrfs-next-58 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:btree_csum_one_bio+0x268/0x2d0 [btrfs] Code: c7 c7 ... RSP: 0018:ffffbb0109e6f8e0 EFLAGS: 00010296 RAX: 0000000000000000 RBX: ffffe1c0847b6080 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffffaa963988 RDI: 0000000000000001 RBP: ffff956a4f4d2000 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000526 R11: 0000000000000000 R12: ffff956a5cd28bb0 R13: 0000000000000000 R14: ffff956a649c9388 R15: 000000011ed82000 FS: 00007fb419959e80(0000) GS:ffff956a7aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000fe6d54 CR3: 0000000138696005 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: btree_submit_bio_hook+0x67/0xc0 [btrfs] submit_one_bio+0x31/0x50 [btrfs] btree_write_cache_pages+0x2db/0x4b0 [btrfs] ? __filemap_fdatawrite_range+0xb1/0x110 do_writepages+0x23/0x80 __filemap_fdatawrite_range+0xd2/0x110 btrfs_write_marked_extents+0x15e/0x180 [btrfs] btrfs_sync_log+0x206/0x10a0 [btrfs] ? kmem_cache_free+0x315/0x3b0 ? btrfs_log_inode+0x1e8/0xf90 [btrfs] ? __mutex_unlock_slowpath+0x45/0x2a0 ? lockref_put_or_lock+0x9/0x30 ? dput+0x2d/0x580 ? dput+0xb5/0x580 ? btrfs_sync_file+0x464/0x4d0 [btrfs] btrfs_sync_file+0x464/0x4d0 [btrfs] do_fsync+0x38/0x60 __x64_sys_fsync+0x10/0x20 do_syscall_64+0x5c/0x280 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fb41953a6d0 Code: 48 3d ... RSP: 002b:00007ffcc86bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004a RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007fb41953a6d0 RDX: 0000000000000009 RSI: 0000000000040000 RDI: 0000000000000003 RBP: 0000000000040000 R08: 0000000000000001 R09: 0000000000000009 R10: 0000000000000064 R11: 0000000000000246 R12: 0000556cf4b2c060 R13: 0000000000000100 R14: 0000000000000000 R15: 0000556cf322b420 irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<ffffffffa96bdedf>] copy_process+0x74f/0x2020 softirqs last enabled at (0): [<ffffffffa96bdedf>] copy_process+0x74f/0x2020 softirqs last disabled at (0): [<0000000000000000>] 0x0 ---[ end trace d543fc76f5ad7fd8 ]--- In that trace the tree checker detected the overlapping checksum items at the time when we triggered writeback for the log tree when syncing the log. Another trace that can happen is due to BUG_ON() when deleting checksum items while logging an inode: BTRFS critical (device dm-0): slot 81 key (18446744073709551606 128 13635584) new key (18446744073709551606 128 13635584) BTRFS info (device dm-0): leaf 30949376 gen 7 total ptrs 98 free space 8527 owner 18446744073709551610 BTRFS info (device dm-0): refs 4 lock (w:1 r:0 bw:0 br:0 sw:1 sr:0) lock_owner 13473 current 13473 item 0 key (257 1 0) itemoff 16123 itemsize 160 inode generation 7 size 262144 mode 100600 item 1 key (257 12 256) itemoff 16103 itemsize 20 item 2 key (257 108 0) itemoff 16050 itemsize 53 extent data disk bytenr 13631488 nr 4096 extent data offset 0 nr 131072 ram 131072 (...) ------------[ cut here ]------------ kernel BUG at fs/btrfs/ctree.c:3153! invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI CPU: 1 PID: 13473 Comm: fsx Not tainted 5.6.0-rc7-btrfs-next-58 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:btrfs_set_item_key_safe+0x1ea/0x270 [btrfs] Code: 0f b6 ... RSP: 0018:ffff95e3889179d0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000051 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffffb7763988 RDI: 0000000000000001 RBP: fffffffffffffff6 R08: 0000000000000000 R09: 0000000000000001 R10: 00000000000009ef R11: 0000000000000000 R12: ffff8912a8ba5a08 R13: ffff95e388917a06 R14: ffff89138dcf68c8 R15: ffff95e388917ace FS: 00007fe587084e80(0000) GS:ffff8913baa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe587091000 CR3: 0000000126dac005 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: btrfs_del_csums+0x2f4/0x540 [btrfs] copy_items+0x4b5/0x560 [btrfs] btrfs_log_inode+0x910/0xf90 [btrfs] btrfs_log_inode_parent+0x2a0/0xe40 [btrfs] ? dget_parent+0x5/0x370 btrfs_log_dentry_safe+0x4a/0x70 [btrfs] btrfs_sync_file+0x42b/0x4d0 [btrfs] __x64_sys_msync+0x199/0x200 do_syscall_64+0x5c/0x280 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fe586c65760 Code: 00 f7 ... RSP: 002b:00007ffe250f98b8 EFLAGS: 00000246 ORIG_RAX: 000000000000001a RAX: ffffffffffffffda RBX: 00000000000040e1 RCX: 00007fe586c65760 RDX: 0000000000000004 RSI: 0000000000006b51 RDI: 00007fe58708b000 RBP: 0000000000006a70 R08: 0000000000000003 R09: 00007fe58700cb61 R10: 0000000000000100 R11: 0000000000000246 R12: 00000000000000e1 R13: 00007fe58708b000 R14: 0000000000006b51 R15: 0000558de021a420 Modules linked in: dm_log_writes ... ---[ end trace c92a7f447a8515f5 ]--- CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index 5afeb17a3f1a..30ce7039bc27 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -1167,6 +1167,9 @@ struct btrfs_root { /* Record pairs of swapped blocks for qgroup */ struct btrfs_qgroup_swapped_blocks swapped_blocks; + /* Used only by log trees, when logging csum items */ + struct extent_io_tree log_csum_range; + #ifdef CONFIG_BTRFS_FS_RUN_SANITY_TESTS u64 alloc_bytenr; #endif diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index f2f2864f5978..f8ec2d8606fd 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -1133,9 +1133,12 @@ static void __setup_root(struct btrfs_root *root, struct btrfs_fs_info *fs_info, root->log_transid = 0; root->log_transid_committed = -1; root->last_log_commit = 0; - if (!dummy) + if (!dummy) { extent_io_tree_init(fs_info, &root->dirty_log_pages, IO_TREE_ROOT_DIRTY_LOG_PAGES, NULL); + extent_io_tree_init(fs_info, &root->log_csum_range, + IO_TREE_LOG_CSUM_RANGE, NULL); + } memset(&root->root_key, 0, sizeof(root->root_key)); memset(&root->root_item, 0, sizeof(root->root_item)); diff --git a/fs/btrfs/extent-io-tree.h b/fs/btrfs/extent-io-tree.h index b4a7bad3e82e..b6561455b3c4 100644 --- a/fs/btrfs/extent-io-tree.h +++ b/fs/btrfs/extent-io-tree.h @@ -44,6 +44,7 @@ enum { IO_TREE_TRANS_DIRTY_PAGES, IO_TREE_ROOT_DIRTY_LOG_PAGES, IO_TREE_INODE_FILE_EXTENT, + IO_TREE_LOG_CSUM_RANGE, IO_TREE_SELFTEST, }; diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 67fa7087f707..920cee312f4e 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -3290,6 +3290,7 @@ static void free_log_tree(struct btrfs_trans_handle *trans, clear_extent_bits(&log->dirty_log_pages, 0, (u64)-1, EXTENT_DIRTY | EXTENT_NEW | EXTENT_NEED_WAIT); + extent_io_tree_release(&log->log_csum_range); btrfs_put_root(log); } @@ -3903,8 +3904,20 @@ static int log_csums(struct btrfs_trans_handle *trans, struct btrfs_root *log_root, struct btrfs_ordered_sum *sums) { + const u64 lock_end = sums->bytenr + sums->len - 1; + struct extent_state *cached_state = NULL; int ret; + /* + * Serialize logging for checksums. This is to avoid racing with the + * same checksum being logged by another task that is logging another + * file which happens to refer to the same extent as well. Such races + * can leave checksum items in the log with overlapping ranges. + */ + ret = lock_extent_bits(&log_root->log_csum_range, sums->bytenr, + lock_end, &cached_state); + if (ret) + return ret; /* * Due to extent cloning, we might have logged a csum item that covers a * subrange of a cloned extent, and later we can end up logging a csum @@ -3915,10 +3928,13 @@ static int log_csums(struct btrfs_trans_handle *trans, * trim and adjust) any existing csum items in the log for this range. */ ret = btrfs_del_csums(trans, log_root, sums->bytenr, sums->len); - if (ret) - return ret; + if (!ret) + ret = btrfs_csum_file_blocks(trans, log_root, sums); - return btrfs_csum_file_blocks(trans, log_root, sums); + unlock_extent_cached(&log_root->log_csum_range, sums->bytenr, lock_end, + &cached_state); + + return ret; } static noinline int copy_items(struct btrfs_trans_handle *trans, diff --git a/include/trace/events/btrfs.h b/include/trace/events/btrfs.h index bcbc763b8814..360b0f9d2220 100644 --- a/include/trace/events/btrfs.h +++ b/include/trace/events/btrfs.h @@ -89,6 +89,7 @@ TRACE_DEFINE_ENUM(COMMIT_TRANS); { IO_TREE_TRANS_DIRTY_PAGES, "TRANS_DIRTY_PAGES" }, \ { IO_TREE_ROOT_DIRTY_LOG_PAGES, "ROOT_DIRTY_LOG_PAGES" }, \ { IO_TREE_INODE_FILE_EXTENT, "INODE_FILE_EXTENT" }, \ + { IO_TREE_LOG_CSUM_RANGE, "LOG_CSUM_RANGE" }, \ { IO_TREE_SELFTEST, "SELFTEST" }) #define BTRFS_GROUP_FLAGS \

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix corrupt log due to concurrent fsync of inodes with" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e289f03ea79bbc6574b78ac25682555423a91cbb Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Mon, 18 May 2020 12:14:50 +0100 Subject: [PATCH] btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents When we have extents shared amongst different inodes in the same subvolume, if we fsync them in parallel we can end up with checksum items in the log tree that represent ranges which overlap. For example, consider we have inodes A and B, both sharing an extent that covers the logical range from X to X + 64KiB: 1) Task A starts an fsync on inode A; 2) Task B starts an fsync on inode B; 3) Task A calls btrfs_csum_file_blocks(), and the first search in the log tree, through btrfs_lookup_csum(), returns -EFBIG because it finds an existing checksum item that covers the range from X - 64KiB to X; 4) Task A checks that the checksum item has not reached the maximum possible size (MAX_CSUM_ITEMS) and then releases the search path before it does another path search for insertion (through a direct call to btrfs_search_slot()); 5) As soon as task A releases the path and before it does the search for insertion, task B calls btrfs_csum_file_blocks() and gets -EFBIG too, because there is an existing checksum item that has an end offset that matches the start offset (X) of the checksum range we want to log; 6) Task B releases the path; 7) Task A does the path search for insertion (through btrfs_search_slot()) and then verifies that the checksum item that ends at offset X still exists and extends its size to insert the checksums for the range from X to X + 64KiB; 8) Task A releases the path and returns from btrfs_csum_file_blocks(), having inserted the checksums into an existing checksum item that got its size extended. At this point we have one checksum item in the log tree that covers the logical range from X - 64KiB to X + 64KiB; 9) Task B now does a search for insertion using btrfs_search_slot() too, but it finds that the previous checksum item no longer ends at the offset X, it now ends at an of offset X + 64KiB, so it leaves that item untouched. Then it releases the path and calls btrfs_insert_empty_item() that inserts a checksum item with a key offset corresponding to X and a size for inserting a single checksum (4 bytes in case of crc32c). Subsequent iterations end up extending this new checksum item so that it contains the checksums for the range from X to X + 64KiB. So after task B returns from btrfs_csum_file_blocks() we end up with two checksum items in the log tree that have overlapping ranges, one for the range from X - 64KiB to X + 64KiB, and another for the range from X to X + 64KiB. Having checksum items that represent ranges which overlap, regardless of being in the log tree or in the chekcsums tree, can lead to problems where checksums for a file range end up not being found. This type of problem has happened a few times in the past and the following commits fixed them and explain in detail why having checksum items with overlapping ranges is problematic: 27b9a8122ff71a "Btrfs: fix csum tree corruption, duplicate and outdated checksums" b84b8390d6009c "Btrfs: fix file read corruption after extent cloning and fsync" 40e046acbd2f36 "Btrfs: fix missing data checksums after replaying a log tree" Since this specific instance of the problem can only happen when logging inodes, because it is the only case where concurrent attempts to insert checksums for the same range can happen, fix the issue by using an extent io tree as a range lock to serialize checksum insertion during inode logging. This issue could often be reproduced by the test case generic/457 from fstests. When it happens it produces the following trace: BTRFS critical (device dm-0): corrupt leaf: root=18446744073709551610 block=30625792 slot=42, csum end range (15020032) goes beyond the start range (15015936) of the next csum item BTRFS info (device dm-0): leaf 30625792 gen 7 total ptrs 49 free space 2402 owner 18446744073709551610 BTRFS info (device dm-0): refs 1 lock (w:0 r:0 bw:0 br:0 sw:0 sr:0) lock_owner 0 current 15884 item 0 key (18446744073709551606 128 13979648) itemoff 3991 itemsize 4 item 1 key (18446744073709551606 128 13983744) itemoff 3987 itemsize 4 item 2 key (18446744073709551606 128 13987840) itemoff 3983 itemsize 4 item 3 key (18446744073709551606 128 13991936) itemoff 3979 itemsize 4 item 4 key (18446744073709551606 128 13996032) itemoff 3975 itemsize 4 item 5 key (18446744073709551606 128 14000128) itemoff 3971 itemsize 4 (...) BTRFS error (device dm-0): block=30625792 write time tree block corruption detected ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15884 at fs/btrfs/disk-io.c:539 btree_csum_one_bio+0x268/0x2d0 [btrfs] Modules linked in: btrfs dm_thin_pool ... CPU: 1 PID: 15884 Comm: fsx Tainted: G W 5.6.0-rc7-btrfs-next-58 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:btree_csum_one_bio+0x268/0x2d0 [btrfs] Code: c7 c7 ... RSP: 0018:ffffbb0109e6f8e0 EFLAGS: 00010296 RAX: 0000000000000000 RBX: ffffe1c0847b6080 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffffaa963988 RDI: 0000000000000001 RBP: ffff956a4f4d2000 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000526 R11: 0000000000000000 R12: ffff956a5cd28bb0 R13: 0000000000000000 R14: ffff956a649c9388 R15: 000000011ed82000 FS: 00007fb419959e80(0000) GS:ffff956a7aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000fe6d54 CR3: 0000000138696005 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: btree_submit_bio_hook+0x67/0xc0 [btrfs] submit_one_bio+0x31/0x50 [btrfs] btree_write_cache_pages+0x2db/0x4b0 [btrfs] ? __filemap_fdatawrite_range+0xb1/0x110 do_writepages+0x23/0x80 __filemap_fdatawrite_range+0xd2/0x110 btrfs_write_marked_extents+0x15e/0x180 [btrfs] btrfs_sync_log+0x206/0x10a0 [btrfs] ? kmem_cache_free+0x315/0x3b0 ? btrfs_log_inode+0x1e8/0xf90 [btrfs] ? __mutex_unlock_slowpath+0x45/0x2a0 ? lockref_put_or_lock+0x9/0x30 ? dput+0x2d/0x580 ? dput+0xb5/0x580 ? btrfs_sync_file+0x464/0x4d0 [btrfs] btrfs_sync_file+0x464/0x4d0 [btrfs] do_fsync+0x38/0x60 __x64_sys_fsync+0x10/0x20 do_syscall_64+0x5c/0x280 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fb41953a6d0 Code: 48 3d ... RSP: 002b:00007ffcc86bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004a RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007fb41953a6d0 RDX: 0000000000000009 RSI: 0000000000040000 RDI: 0000000000000003 RBP: 0000000000040000 R08: 0000000000000001 R09: 0000000000000009 R10: 0000000000000064 R11: 0000000000000246 R12: 0000556cf4b2c060 R13: 0000000000000100 R14: 0000000000000000 R15: 0000556cf322b420 irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<ffffffffa96bdedf>] copy_process+0x74f/0x2020 softirqs last enabled at (0): [<ffffffffa96bdedf>] copy_process+0x74f/0x2020 softirqs last disabled at (0): [<0000000000000000>] 0x0 ---[ end trace d543fc76f5ad7fd8 ]--- In that trace the tree checker detected the overlapping checksum items at the time when we triggered writeback for the log tree when syncing the log. Another trace that can happen is due to BUG_ON() when deleting checksum items while logging an inode: BTRFS critical (device dm-0): slot 81 key (18446744073709551606 128 13635584) new key (18446744073709551606 128 13635584) BTRFS info (device dm-0): leaf 30949376 gen 7 total ptrs 98 free space 8527 owner 18446744073709551610 BTRFS info (device dm-0): refs 4 lock (w:1 r:0 bw:0 br:0 sw:1 sr:0) lock_owner 13473 current 13473 item 0 key (257 1 0) itemoff 16123 itemsize 160 inode generation 7 size 262144 mode 100600 item 1 key (257 12 256) itemoff 16103 itemsize 20 item 2 key (257 108 0) itemoff 16050 itemsize 53 extent data disk bytenr 13631488 nr 4096 extent data offset 0 nr 131072 ram 131072 (...) ------------[ cut here ]------------ kernel BUG at fs/btrfs/ctree.c:3153! invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI CPU: 1 PID: 13473 Comm: fsx Not tainted 5.6.0-rc7-btrfs-next-58 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:btrfs_set_item_key_safe+0x1ea/0x270 [btrfs] Code: 0f b6 ... RSP: 0018:ffff95e3889179d0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000051 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffffb7763988 RDI: 0000000000000001 RBP: fffffffffffffff6 R08: 0000000000000000 R09: 0000000000000001 R10: 00000000000009ef R11: 0000000000000000 R12: ffff8912a8ba5a08 R13: ffff95e388917a06 R14: ffff89138dcf68c8 R15: ffff95e388917ace FS: 00007fe587084e80(0000) GS:ffff8913baa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe587091000 CR3: 0000000126dac005 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: btrfs_del_csums+0x2f4/0x540 [btrfs] copy_items+0x4b5/0x560 [btrfs] btrfs_log_inode+0x910/0xf90 [btrfs] btrfs_log_inode_parent+0x2a0/0xe40 [btrfs] ? dget_parent+0x5/0x370 btrfs_log_dentry_safe+0x4a/0x70 [btrfs] btrfs_sync_file+0x42b/0x4d0 [btrfs] __x64_sys_msync+0x199/0x200 do_syscall_64+0x5c/0x280 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fe586c65760 Code: 00 f7 ... RSP: 002b:00007ffe250f98b8 EFLAGS: 00000246 ORIG_RAX: 000000000000001a RAX: ffffffffffffffda RBX: 00000000000040e1 RCX: 00007fe586c65760 RDX: 0000000000000004 RSI: 0000000000006b51 RDI: 00007fe58708b000 RBP: 0000000000006a70 R08: 0000000000000003 R09: 00007fe58700cb61 R10: 0000000000000100 R11: 0000000000000246 R12: 00000000000000e1 R13: 00007fe58708b000 R14: 0000000000006b51 R15: 0000558de021a420 Modules linked in: dm_log_writes ... ---[ end trace c92a7f447a8515f5 ]--- CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index 5afeb17a3f1a..30ce7039bc27 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -1167,6 +1167,9 @@ struct btrfs_root { /* Record pairs of swapped blocks for qgroup */ struct btrfs_qgroup_swapped_blocks swapped_blocks; + /* Used only by log trees, when logging csum items */ + struct extent_io_tree log_csum_range; + #ifdef CONFIG_BTRFS_FS_RUN_SANITY_TESTS u64 alloc_bytenr; #endif diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index f2f2864f5978..f8ec2d8606fd 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -1133,9 +1133,12 @@ static void __setup_root(struct btrfs_root *root, struct btrfs_fs_info *fs_info, root->log_transid = 0; root->log_transid_committed = -1; root->last_log_commit = 0; - if (!dummy) + if (!dummy) { extent_io_tree_init(fs_info, &root->dirty_log_pages, IO_TREE_ROOT_DIRTY_LOG_PAGES, NULL); + extent_io_tree_init(fs_info, &root->log_csum_range, + IO_TREE_LOG_CSUM_RANGE, NULL); + } memset(&root->root_key, 0, sizeof(root->root_key)); memset(&root->root_item, 0, sizeof(root->root_item)); diff --git a/fs/btrfs/extent-io-tree.h b/fs/btrfs/extent-io-tree.h index b4a7bad3e82e..b6561455b3c4 100644 --- a/fs/btrfs/extent-io-tree.h +++ b/fs/btrfs/extent-io-tree.h @@ -44,6 +44,7 @@ enum { IO_TREE_TRANS_DIRTY_PAGES, IO_TREE_ROOT_DIRTY_LOG_PAGES, IO_TREE_INODE_FILE_EXTENT, + IO_TREE_LOG_CSUM_RANGE, IO_TREE_SELFTEST, }; diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 67fa7087f707..920cee312f4e 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -3290,6 +3290,7 @@ static void free_log_tree(struct btrfs_trans_handle *trans, clear_extent_bits(&log->dirty_log_pages, 0, (u64)-1, EXTENT_DIRTY | EXTENT_NEW | EXTENT_NEED_WAIT); + extent_io_tree_release(&log->log_csum_range); btrfs_put_root(log); } @@ -3903,8 +3904,20 @@ static int log_csums(struct btrfs_trans_handle *trans, struct btrfs_root *log_root, struct btrfs_ordered_sum *sums) { + const u64 lock_end = sums->bytenr + sums->len - 1; + struct extent_state *cached_state = NULL; int ret; + /* + * Serialize logging for checksums. This is to avoid racing with the + * same checksum being logged by another task that is logging another + * file which happens to refer to the same extent as well. Such races + * can leave checksum items in the log with overlapping ranges. + */ + ret = lock_extent_bits(&log_root->log_csum_range, sums->bytenr, + lock_end, &cached_state); + if (ret) + return ret; /* * Due to extent cloning, we might have logged a csum item that covers a * subrange of a cloned extent, and later we can end up logging a csum @@ -3915,10 +3928,13 @@ static int log_csums(struct btrfs_trans_handle *trans, * trim and adjust) any existing csum items in the log for this range. */ ret = btrfs_del_csums(trans, log_root, sums->bytenr, sums->len); - if (ret) - return ret; + if (!ret) + ret = btrfs_csum_file_blocks(trans, log_root, sums); - return btrfs_csum_file_blocks(trans, log_root, sums); + unlock_extent_cached(&log_root->log_csum_range, sums->bytenr, lock_end, + &cached_state); + + return ret; } static noinline int copy_items(struct btrfs_trans_handle *trans, diff --git a/include/trace/events/btrfs.h b/include/trace/events/btrfs.h index bcbc763b8814..360b0f9d2220 100644 --- a/include/trace/events/btrfs.h +++ b/include/trace/events/btrfs.h @@ -89,6 +89,7 @@ TRACE_DEFINE_ENUM(COMMIT_TRANS); { IO_TREE_TRANS_DIRTY_PAGES, "TRANS_DIRTY_PAGES" }, \ { IO_TREE_ROOT_DIRTY_LOG_PAGES, "ROOT_DIRTY_LOG_PAGES" }, \ { IO_TREE_INODE_FILE_EXTENT, "INODE_FILE_EXTENT" }, \ + { IO_TREE_LOG_CSUM_RANGE, "LOG_CSUM_RANGE" }, \ { IO_TREE_SELFTEST, "SELFTEST" }) #define BTRFS_GROUP_FLAGS \

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix corrupt log due to concurrent fsync of inodes with" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e289f03ea79bbc6574b78ac25682555423a91cbb Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Mon, 18 May 2020 12:14:50 +0100 Subject: [PATCH] btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents When we have extents shared amongst different inodes in the same subvolume, if we fsync them in parallel we can end up with checksum items in the log tree that represent ranges which overlap. For example, consider we have inodes A and B, both sharing an extent that covers the logical range from X to X + 64KiB: 1) Task A starts an fsync on inode A; 2) Task B starts an fsync on inode B; 3) Task A calls btrfs_csum_file_blocks(), and the first search in the log tree, through btrfs_lookup_csum(), returns -EFBIG because it finds an existing checksum item that covers the range from X - 64KiB to X; 4) Task A checks that the checksum item has not reached the maximum possible size (MAX_CSUM_ITEMS) and then releases the search path before it does another path search for insertion (through a direct call to btrfs_search_slot()); 5) As soon as task A releases the path and before it does the search for insertion, task B calls btrfs_csum_file_blocks() and gets -EFBIG too, because there is an existing checksum item that has an end offset that matches the start offset (X) of the checksum range we want to log; 6) Task B releases the path; 7) Task A does the path search for insertion (through btrfs_search_slot()) and then verifies that the checksum item that ends at offset X still exists and extends its size to insert the checksums for the range from X to X + 64KiB; 8) Task A releases the path and returns from btrfs_csum_file_blocks(), having inserted the checksums into an existing checksum item that got its size extended. At this point we have one checksum item in the log tree that covers the logical range from X - 64KiB to X + 64KiB; 9) Task B now does a search for insertion using btrfs_search_slot() too, but it finds that the previous checksum item no longer ends at the offset X, it now ends at an of offset X + 64KiB, so it leaves that item untouched. Then it releases the path and calls btrfs_insert_empty_item() that inserts a checksum item with a key offset corresponding to X and a size for inserting a single checksum (4 bytes in case of crc32c). Subsequent iterations end up extending this new checksum item so that it contains the checksums for the range from X to X + 64KiB. So after task B returns from btrfs_csum_file_blocks() we end up with two checksum items in the log tree that have overlapping ranges, one for the range from X - 64KiB to X + 64KiB, and another for the range from X to X + 64KiB. Having checksum items that represent ranges which overlap, regardless of being in the log tree or in the chekcsums tree, can lead to problems where checksums for a file range end up not being found. This type of problem has happened a few times in the past and the following commits fixed them and explain in detail why having checksum items with overlapping ranges is problematic: 27b9a8122ff71a "Btrfs: fix csum tree corruption, duplicate and outdated checksums" b84b8390d6009c "Btrfs: fix file read corruption after extent cloning and fsync" 40e046acbd2f36 "Btrfs: fix missing data checksums after replaying a log tree" Since this specific instance of the problem can only happen when logging inodes, because it is the only case where concurrent attempts to insert checksums for the same range can happen, fix the issue by using an extent io tree as a range lock to serialize checksum insertion during inode logging. This issue could often be reproduced by the test case generic/457 from fstests. When it happens it produces the following trace: BTRFS critical (device dm-0): corrupt leaf: root=18446744073709551610 block=30625792 slot=42, csum end range (15020032) goes beyond the start range (15015936) of the next csum item BTRFS info (device dm-0): leaf 30625792 gen 7 total ptrs 49 free space 2402 owner 18446744073709551610 BTRFS info (device dm-0): refs 1 lock (w:0 r:0 bw:0 br:0 sw:0 sr:0) lock_owner 0 current 15884 item 0 key (18446744073709551606 128 13979648) itemoff 3991 itemsize 4 item 1 key (18446744073709551606 128 13983744) itemoff 3987 itemsize 4 item 2 key (18446744073709551606 128 13987840) itemoff 3983 itemsize 4 item 3 key (18446744073709551606 128 13991936) itemoff 3979 itemsize 4 item 4 key (18446744073709551606 128 13996032) itemoff 3975 itemsize 4 item 5 key (18446744073709551606 128 14000128) itemoff 3971 itemsize 4 (...) BTRFS error (device dm-0): block=30625792 write time tree block corruption detected ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15884 at fs/btrfs/disk-io.c:539 btree_csum_one_bio+0x268/0x2d0 [btrfs] Modules linked in: btrfs dm_thin_pool ... CPU: 1 PID: 15884 Comm: fsx Tainted: G W 5.6.0-rc7-btrfs-next-58 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:btree_csum_one_bio+0x268/0x2d0 [btrfs] Code: c7 c7 ... RSP: 0018:ffffbb0109e6f8e0 EFLAGS: 00010296 RAX: 0000000000000000 RBX: ffffe1c0847b6080 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffffaa963988 RDI: 0000000000000001 RBP: ffff956a4f4d2000 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000526 R11: 0000000000000000 R12: ffff956a5cd28bb0 R13: 0000000000000000 R14: ffff956a649c9388 R15: 000000011ed82000 FS: 00007fb419959e80(0000) GS:ffff956a7aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000fe6d54 CR3: 0000000138696005 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: btree_submit_bio_hook+0x67/0xc0 [btrfs] submit_one_bio+0x31/0x50 [btrfs] btree_write_cache_pages+0x2db/0x4b0 [btrfs] ? __filemap_fdatawrite_range+0xb1/0x110 do_writepages+0x23/0x80 __filemap_fdatawrite_range+0xd2/0x110 btrfs_write_marked_extents+0x15e/0x180 [btrfs] btrfs_sync_log+0x206/0x10a0 [btrfs] ? kmem_cache_free+0x315/0x3b0 ? btrfs_log_inode+0x1e8/0xf90 [btrfs] ? __mutex_unlock_slowpath+0x45/0x2a0 ? lockref_put_or_lock+0x9/0x30 ? dput+0x2d/0x580 ? dput+0xb5/0x580 ? btrfs_sync_file+0x464/0x4d0 [btrfs] btrfs_sync_file+0x464/0x4d0 [btrfs] do_fsync+0x38/0x60 __x64_sys_fsync+0x10/0x20 do_syscall_64+0x5c/0x280 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fb41953a6d0 Code: 48 3d ... RSP: 002b:00007ffcc86bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004a RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007fb41953a6d0 RDX: 0000000000000009 RSI: 0000000000040000 RDI: 0000000000000003 RBP: 0000000000040000 R08: 0000000000000001 R09: 0000000000000009 R10: 0000000000000064 R11: 0000000000000246 R12: 0000556cf4b2c060 R13: 0000000000000100 R14: 0000000000000000 R15: 0000556cf322b420 irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<ffffffffa96bdedf>] copy_process+0x74f/0x2020 softirqs last enabled at (0): [<ffffffffa96bdedf>] copy_process+0x74f/0x2020 softirqs last disabled at (0): [<0000000000000000>] 0x0 ---[ end trace d543fc76f5ad7fd8 ]--- In that trace the tree checker detected the overlapping checksum items at the time when we triggered writeback for the log tree when syncing the log. Another trace that can happen is due to BUG_ON() when deleting checksum items while logging an inode: BTRFS critical (device dm-0): slot 81 key (18446744073709551606 128 13635584) new key (18446744073709551606 128 13635584) BTRFS info (device dm-0): leaf 30949376 gen 7 total ptrs 98 free space 8527 owner 18446744073709551610 BTRFS info (device dm-0): refs 4 lock (w:1 r:0 bw:0 br:0 sw:1 sr:0) lock_owner 13473 current 13473 item 0 key (257 1 0) itemoff 16123 itemsize 160 inode generation 7 size 262144 mode 100600 item 1 key (257 12 256) itemoff 16103 itemsize 20 item 2 key (257 108 0) itemoff 16050 itemsize 53 extent data disk bytenr 13631488 nr 4096 extent data offset 0 nr 131072 ram 131072 (...) ------------[ cut here ]------------ kernel BUG at fs/btrfs/ctree.c:3153! invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI CPU: 1 PID: 13473 Comm: fsx Not tainted 5.6.0-rc7-btrfs-next-58 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:btrfs_set_item_key_safe+0x1ea/0x270 [btrfs] Code: 0f b6 ... RSP: 0018:ffff95e3889179d0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000051 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffffb7763988 RDI: 0000000000000001 RBP: fffffffffffffff6 R08: 0000000000000000 R09: 0000000000000001 R10: 00000000000009ef R11: 0000000000000000 R12: ffff8912a8ba5a08 R13: ffff95e388917a06 R14: ffff89138dcf68c8 R15: ffff95e388917ace FS: 00007fe587084e80(0000) GS:ffff8913baa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe587091000 CR3: 0000000126dac005 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: btrfs_del_csums+0x2f4/0x540 [btrfs] copy_items+0x4b5/0x560 [btrfs] btrfs_log_inode+0x910/0xf90 [btrfs] btrfs_log_inode_parent+0x2a0/0xe40 [btrfs] ? dget_parent+0x5/0x370 btrfs_log_dentry_safe+0x4a/0x70 [btrfs] btrfs_sync_file+0x42b/0x4d0 [btrfs] __x64_sys_msync+0x199/0x200 do_syscall_64+0x5c/0x280 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fe586c65760 Code: 00 f7 ... RSP: 002b:00007ffe250f98b8 EFLAGS: 00000246 ORIG_RAX: 000000000000001a RAX: ffffffffffffffda RBX: 00000000000040e1 RCX: 00007fe586c65760 RDX: 0000000000000004 RSI: 0000000000006b51 RDI: 00007fe58708b000 RBP: 0000000000006a70 R08: 0000000000000003 R09: 00007fe58700cb61 R10: 0000000000000100 R11: 0000000000000246 R12: 00000000000000e1 R13: 00007fe58708b000 R14: 0000000000006b51 R15: 0000558de021a420 Modules linked in: dm_log_writes ... ---[ end trace c92a7f447a8515f5 ]--- CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index 5afeb17a3f1a..30ce7039bc27 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -1167,6 +1167,9 @@ struct btrfs_root { /* Record pairs of swapped blocks for qgroup */ struct btrfs_qgroup_swapped_blocks swapped_blocks; + /* Used only by log trees, when logging csum items */ + struct extent_io_tree log_csum_range; + #ifdef CONFIG_BTRFS_FS_RUN_SANITY_TESTS u64 alloc_bytenr; #endif diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index f2f2864f5978..f8ec2d8606fd 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -1133,9 +1133,12 @@ static void __setup_root(struct btrfs_root *root, struct btrfs_fs_info *fs_info, root->log_transid = 0; root->log_transid_committed = -1; root->last_log_commit = 0; - if (!dummy) + if (!dummy) { extent_io_tree_init(fs_info, &root->dirty_log_pages, IO_TREE_ROOT_DIRTY_LOG_PAGES, NULL); + extent_io_tree_init(fs_info, &root->log_csum_range, + IO_TREE_LOG_CSUM_RANGE, NULL); + } memset(&root->root_key, 0, sizeof(root->root_key)); memset(&root->root_item, 0, sizeof(root->root_item)); diff --git a/fs/btrfs/extent-io-tree.h b/fs/btrfs/extent-io-tree.h index b4a7bad3e82e..b6561455b3c4 100644 --- a/fs/btrfs/extent-io-tree.h +++ b/fs/btrfs/extent-io-tree.h @@ -44,6 +44,7 @@ enum { IO_TREE_TRANS_DIRTY_PAGES, IO_TREE_ROOT_DIRTY_LOG_PAGES, IO_TREE_INODE_FILE_EXTENT, + IO_TREE_LOG_CSUM_RANGE, IO_TREE_SELFTEST, }; diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 67fa7087f707..920cee312f4e 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -3290,6 +3290,7 @@ static void free_log_tree(struct btrfs_trans_handle *trans, clear_extent_bits(&log->dirty_log_pages, 0, (u64)-1, EXTENT_DIRTY | EXTENT_NEW | EXTENT_NEED_WAIT); + extent_io_tree_release(&log->log_csum_range); btrfs_put_root(log); } @@ -3903,8 +3904,20 @@ static int log_csums(struct btrfs_trans_handle *trans, struct btrfs_root *log_root, struct btrfs_ordered_sum *sums) { + const u64 lock_end = sums->bytenr + sums->len - 1; + struct extent_state *cached_state = NULL; int ret; + /* + * Serialize logging for checksums. This is to avoid racing with the + * same checksum being logged by another task that is logging another + * file which happens to refer to the same extent as well. Such races + * can leave checksum items in the log with overlapping ranges. + */ + ret = lock_extent_bits(&log_root->log_csum_range, sums->bytenr, + lock_end, &cached_state); + if (ret) + return ret; /* * Due to extent cloning, we might have logged a csum item that covers a * subrange of a cloned extent, and later we can end up logging a csum @@ -3915,10 +3928,13 @@ static int log_csums(struct btrfs_trans_handle *trans, * trim and adjust) any existing csum items in the log for this range. */ ret = btrfs_del_csums(trans, log_root, sums->bytenr, sums->len); - if (ret) - return ret; + if (!ret) + ret = btrfs_csum_file_blocks(trans, log_root, sums); - return btrfs_csum_file_blocks(trans, log_root, sums); + unlock_extent_cached(&log_root->log_csum_range, sums->bytenr, lock_end, + &cached_state); + + return ret; } static noinline int copy_items(struct btrfs_trans_handle *trans, diff --git a/include/trace/events/btrfs.h b/include/trace/events/btrfs.h index bcbc763b8814..360b0f9d2220 100644 --- a/include/trace/events/btrfs.h +++ b/include/trace/events/btrfs.h @@ -89,6 +89,7 @@ TRACE_DEFINE_ENUM(COMMIT_TRANS); { IO_TREE_TRANS_DIRTY_PAGES, "TRANS_DIRTY_PAGES" }, \ { IO_TREE_ROOT_DIRTY_LOG_PAGES, "ROOT_DIRTY_LOG_PAGES" }, \ { IO_TREE_INODE_FILE_EXTENT, "INODE_FILE_EXTENT" }, \ + { IO_TREE_LOG_CSUM_RANGE, "LOG_CSUM_RANGE" }, \ { IO_TREE_SELFTEST, "SELFTEST" }) #define BTRFS_GROUP_FLAGS \

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix corrupt log due to concurrent fsync of inodes with" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e289f03ea79bbc6574b78ac25682555423a91cbb Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Mon, 18 May 2020 12:14:50 +0100 Subject: [PATCH] btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents When we have extents shared amongst different inodes in the same subvolume, if we fsync them in parallel we can end up with checksum items in the log tree that represent ranges which overlap. For example, consider we have inodes A and B, both sharing an extent that covers the logical range from X to X + 64KiB: 1) Task A starts an fsync on inode A; 2) Task B starts an fsync on inode B; 3) Task A calls btrfs_csum_file_blocks(), and the first search in the log tree, through btrfs_lookup_csum(), returns -EFBIG because it finds an existing checksum item that covers the range from X - 64KiB to X; 4) Task A checks that the checksum item has not reached the maximum possible size (MAX_CSUM_ITEMS) and then releases the search path before it does another path search for insertion (through a direct call to btrfs_search_slot()); 5) As soon as task A releases the path and before it does the search for insertion, task B calls btrfs_csum_file_blocks() and gets -EFBIG too, because there is an existing checksum item that has an end offset that matches the start offset (X) of the checksum range we want to log; 6) Task B releases the path; 7) Task A does the path search for insertion (through btrfs_search_slot()) and then verifies that the checksum item that ends at offset X still exists and extends its size to insert the checksums for the range from X to X + 64KiB; 8) Task A releases the path and returns from btrfs_csum_file_blocks(), having inserted the checksums into an existing checksum item that got its size extended. At this point we have one checksum item in the log tree that covers the logical range from X - 64KiB to X + 64KiB; 9) Task B now does a search for insertion using btrfs_search_slot() too, but it finds that the previous checksum item no longer ends at the offset X, it now ends at an of offset X + 64KiB, so it leaves that item untouched. Then it releases the path and calls btrfs_insert_empty_item() that inserts a checksum item with a key offset corresponding to X and a size for inserting a single checksum (4 bytes in case of crc32c). Subsequent iterations end up extending this new checksum item so that it contains the checksums for the range from X to X + 64KiB. So after task B returns from btrfs_csum_file_blocks() we end up with two checksum items in the log tree that have overlapping ranges, one for the range from X - 64KiB to X + 64KiB, and another for the range from X to X + 64KiB. Having checksum items that represent ranges which overlap, regardless of being in the log tree or in the chekcsums tree, can lead to problems where checksums for a file range end up not being found. This type of problem has happened a few times in the past and the following commits fixed them and explain in detail why having checksum items with overlapping ranges is problematic: 27b9a8122ff71a "Btrfs: fix csum tree corruption, duplicate and outdated checksums" b84b8390d6009c "Btrfs: fix file read corruption after extent cloning and fsync" 40e046acbd2f36 "Btrfs: fix missing data checksums after replaying a log tree" Since this specific instance of the problem can only happen when logging inodes, because it is the only case where concurrent attempts to insert checksums for the same range can happen, fix the issue by using an extent io tree as a range lock to serialize checksum insertion during inode logging. This issue could often be reproduced by the test case generic/457 from fstests. When it happens it produces the following trace: BTRFS critical (device dm-0): corrupt leaf: root=18446744073709551610 block=30625792 slot=42, csum end range (15020032) goes beyond the start range (15015936) of the next csum item BTRFS info (device dm-0): leaf 30625792 gen 7 total ptrs 49 free space 2402 owner 18446744073709551610 BTRFS info (device dm-0): refs 1 lock (w:0 r:0 bw:0 br:0 sw:0 sr:0) lock_owner 0 current 15884 item 0 key (18446744073709551606 128 13979648) itemoff 3991 itemsize 4 item 1 key (18446744073709551606 128 13983744) itemoff 3987 itemsize 4 item 2 key (18446744073709551606 128 13987840) itemoff 3983 itemsize 4 item 3 key (18446744073709551606 128 13991936) itemoff 3979 itemsize 4 item 4 key (18446744073709551606 128 13996032) itemoff 3975 itemsize 4 item 5 key (18446744073709551606 128 14000128) itemoff 3971 itemsize 4 (...) BTRFS error (device dm-0): block=30625792 write time tree block corruption detected ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15884 at fs/btrfs/disk-io.c:539 btree_csum_one_bio+0x268/0x2d0 [btrfs] Modules linked in: btrfs dm_thin_pool ... CPU: 1 PID: 15884 Comm: fsx Tainted: G W 5.6.0-rc7-btrfs-next-58 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:btree_csum_one_bio+0x268/0x2d0 [btrfs] Code: c7 c7 ... RSP: 0018:ffffbb0109e6f8e0 EFLAGS: 00010296 RAX: 0000000000000000 RBX: ffffe1c0847b6080 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffffaa963988 RDI: 0000000000000001 RBP: ffff956a4f4d2000 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000526 R11: 0000000000000000 R12: ffff956a5cd28bb0 R13: 0000000000000000 R14: ffff956a649c9388 R15: 000000011ed82000 FS: 00007fb419959e80(0000) GS:ffff956a7aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000fe6d54 CR3: 0000000138696005 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: btree_submit_bio_hook+0x67/0xc0 [btrfs] submit_one_bio+0x31/0x50 [btrfs] btree_write_cache_pages+0x2db/0x4b0 [btrfs] ? __filemap_fdatawrite_range+0xb1/0x110 do_writepages+0x23/0x80 __filemap_fdatawrite_range+0xd2/0x110 btrfs_write_marked_extents+0x15e/0x180 [btrfs] btrfs_sync_log+0x206/0x10a0 [btrfs] ? kmem_cache_free+0x315/0x3b0 ? btrfs_log_inode+0x1e8/0xf90 [btrfs] ? __mutex_unlock_slowpath+0x45/0x2a0 ? lockref_put_or_lock+0x9/0x30 ? dput+0x2d/0x580 ? dput+0xb5/0x580 ? btrfs_sync_file+0x464/0x4d0 [btrfs] btrfs_sync_file+0x464/0x4d0 [btrfs] do_fsync+0x38/0x60 __x64_sys_fsync+0x10/0x20 do_syscall_64+0x5c/0x280 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fb41953a6d0 Code: 48 3d ... RSP: 002b:00007ffcc86bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004a RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007fb41953a6d0 RDX: 0000000000000009 RSI: 0000000000040000 RDI: 0000000000000003 RBP: 0000000000040000 R08: 0000000000000001 R09: 0000000000000009 R10: 0000000000000064 R11: 0000000000000246 R12: 0000556cf4b2c060 R13: 0000000000000100 R14: 0000000000000000 R15: 0000556cf322b420 irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<ffffffffa96bdedf>] copy_process+0x74f/0x2020 softirqs last enabled at (0): [<ffffffffa96bdedf>] copy_process+0x74f/0x2020 softirqs last disabled at (0): [<0000000000000000>] 0x0 ---[ end trace d543fc76f5ad7fd8 ]--- In that trace the tree checker detected the overlapping checksum items at the time when we triggered writeback for the log tree when syncing the log. Another trace that can happen is due to BUG_ON() when deleting checksum items while logging an inode: BTRFS critical (device dm-0): slot 81 key (18446744073709551606 128 13635584) new key (18446744073709551606 128 13635584) BTRFS info (device dm-0): leaf 30949376 gen 7 total ptrs 98 free space 8527 owner 18446744073709551610 BTRFS info (device dm-0): refs 4 lock (w:1 r:0 bw:0 br:0 sw:1 sr:0) lock_owner 13473 current 13473 item 0 key (257 1 0) itemoff 16123 itemsize 160 inode generation 7 size 262144 mode 100600 item 1 key (257 12 256) itemoff 16103 itemsize 20 item 2 key (257 108 0) itemoff 16050 itemsize 53 extent data disk bytenr 13631488 nr 4096 extent data offset 0 nr 131072 ram 131072 (...) ------------[ cut here ]------------ kernel BUG at fs/btrfs/ctree.c:3153! invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI CPU: 1 PID: 13473 Comm: fsx Not tainted 5.6.0-rc7-btrfs-next-58 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:btrfs_set_item_key_safe+0x1ea/0x270 [btrfs] Code: 0f b6 ... RSP: 0018:ffff95e3889179d0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000051 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffffb7763988 RDI: 0000000000000001 RBP: fffffffffffffff6 R08: 0000000000000000 R09: 0000000000000001 R10: 00000000000009ef R11: 0000000000000000 R12: ffff8912a8ba5a08 R13: ffff95e388917a06 R14: ffff89138dcf68c8 R15: ffff95e388917ace FS: 00007fe587084e80(0000) GS:ffff8913baa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe587091000 CR3: 0000000126dac005 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: btrfs_del_csums+0x2f4/0x540 [btrfs] copy_items+0x4b5/0x560 [btrfs] btrfs_log_inode+0x910/0xf90 [btrfs] btrfs_log_inode_parent+0x2a0/0xe40 [btrfs] ? dget_parent+0x5/0x370 btrfs_log_dentry_safe+0x4a/0x70 [btrfs] btrfs_sync_file+0x42b/0x4d0 [btrfs] __x64_sys_msync+0x199/0x200 do_syscall_64+0x5c/0x280 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fe586c65760 Code: 00 f7 ... RSP: 002b:00007ffe250f98b8 EFLAGS: 00000246 ORIG_RAX: 000000000000001a RAX: ffffffffffffffda RBX: 00000000000040e1 RCX: 00007fe586c65760 RDX: 0000000000000004 RSI: 0000000000006b51 RDI: 00007fe58708b000 RBP: 0000000000006a70 R08: 0000000000000003 R09: 00007fe58700cb61 R10: 0000000000000100 R11: 0000000000000246 R12: 00000000000000e1 R13: 00007fe58708b000 R14: 0000000000006b51 R15: 0000558de021a420 Modules linked in: dm_log_writes ... ---[ end trace c92a7f447a8515f5 ]--- CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index 5afeb17a3f1a..30ce7039bc27 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -1167,6 +1167,9 @@ struct btrfs_root { /* Record pairs of swapped blocks for qgroup */ struct btrfs_qgroup_swapped_blocks swapped_blocks; + /* Used only by log trees, when logging csum items */ + struct extent_io_tree log_csum_range; + #ifdef CONFIG_BTRFS_FS_RUN_SANITY_TESTS u64 alloc_bytenr; #endif diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index f2f2864f5978..f8ec2d8606fd 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -1133,9 +1133,12 @@ static void __setup_root(struct btrfs_root *root, struct btrfs_fs_info *fs_info, root->log_transid = 0; root->log_transid_committed = -1; root->last_log_commit = 0; - if (!dummy) + if (!dummy) { extent_io_tree_init(fs_info, &root->dirty_log_pages, IO_TREE_ROOT_DIRTY_LOG_PAGES, NULL); + extent_io_tree_init(fs_info, &root->log_csum_range, + IO_TREE_LOG_CSUM_RANGE, NULL); + } memset(&root->root_key, 0, sizeof(root->root_key)); memset(&root->root_item, 0, sizeof(root->root_item)); diff --git a/fs/btrfs/extent-io-tree.h b/fs/btrfs/extent-io-tree.h index b4a7bad3e82e..b6561455b3c4 100644 --- a/fs/btrfs/extent-io-tree.h +++ b/fs/btrfs/extent-io-tree.h @@ -44,6 +44,7 @@ enum { IO_TREE_TRANS_DIRTY_PAGES, IO_TREE_ROOT_DIRTY_LOG_PAGES, IO_TREE_INODE_FILE_EXTENT, + IO_TREE_LOG_CSUM_RANGE, IO_TREE_SELFTEST, }; diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 67fa7087f707..920cee312f4e 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -3290,6 +3290,7 @@ static void free_log_tree(struct btrfs_trans_handle *trans, clear_extent_bits(&log->dirty_log_pages, 0, (u64)-1, EXTENT_DIRTY | EXTENT_NEW | EXTENT_NEED_WAIT); + extent_io_tree_release(&log->log_csum_range); btrfs_put_root(log); } @@ -3903,8 +3904,20 @@ static int log_csums(struct btrfs_trans_handle *trans, struct btrfs_root *log_root, struct btrfs_ordered_sum *sums) { + const u64 lock_end = sums->bytenr + sums->len - 1; + struct extent_state *cached_state = NULL; int ret; + /* + * Serialize logging for checksums. This is to avoid racing with the + * same checksum being logged by another task that is logging another + * file which happens to refer to the same extent as well. Such races + * can leave checksum items in the log with overlapping ranges. + */ + ret = lock_extent_bits(&log_root->log_csum_range, sums->bytenr, + lock_end, &cached_state); + if (ret) + return ret; /* * Due to extent cloning, we might have logged a csum item that covers a * subrange of a cloned extent, and later we can end up logging a csum @@ -3915,10 +3928,13 @@ static int log_csums(struct btrfs_trans_handle *trans, * trim and adjust) any existing csum items in the log for this range. */ ret = btrfs_del_csums(trans, log_root, sums->bytenr, sums->len); - if (ret) - return ret; + if (!ret) + ret = btrfs_csum_file_blocks(trans, log_root, sums); - return btrfs_csum_file_blocks(trans, log_root, sums); + unlock_extent_cached(&log_root->log_csum_range, sums->bytenr, lock_end, + &cached_state); + + return ret; } static noinline int copy_items(struct btrfs_trans_handle *trans, diff --git a/include/trace/events/btrfs.h b/include/trace/events/btrfs.h index bcbc763b8814..360b0f9d2220 100644 --- a/include/trace/events/btrfs.h +++ b/include/trace/events/btrfs.h @@ -89,6 +89,7 @@ TRACE_DEFINE_ENUM(COMMIT_TRANS); { IO_TREE_TRANS_DIRTY_PAGES, "TRANS_DIRTY_PAGES" }, \ { IO_TREE_ROOT_DIRTY_LOG_PAGES, "ROOT_DIRTY_LOG_PAGES" }, \ { IO_TREE_INODE_FILE_EXTENT, "INODE_FILE_EXTENT" }, \ + { IO_TREE_LOG_CSUM_RANGE, "LOG_CSUM_RANGE" }, \ { IO_TREE_SELFTEST, "SELFTEST" }) #define BTRFS_GROUP_FLAGS \

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix corrupt log due to concurrent fsync of inodes with" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e289f03ea79bbc6574b78ac25682555423a91cbb Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Mon, 18 May 2020 12:14:50 +0100 Subject: [PATCH] btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents When we have extents shared amongst different inodes in the same subvolume, if we fsync them in parallel we can end up with checksum items in the log tree that represent ranges which overlap. For example, consider we have inodes A and B, both sharing an extent that covers the logical range from X to X + 64KiB: 1) Task A starts an fsync on inode A; 2) Task B starts an fsync on inode B; 3) Task A calls btrfs_csum_file_blocks(), and the first search in the log tree, through btrfs_lookup_csum(), returns -EFBIG because it finds an existing checksum item that covers the range from X - 64KiB to X; 4) Task A checks that the checksum item has not reached the maximum possible size (MAX_CSUM_ITEMS) and then releases the search path before it does another path search for insertion (through a direct call to btrfs_search_slot()); 5) As soon as task A releases the path and before it does the search for insertion, task B calls btrfs_csum_file_blocks() and gets -EFBIG too, because there is an existing checksum item that has an end offset that matches the start offset (X) of the checksum range we want to log; 6) Task B releases the path; 7) Task A does the path search for insertion (through btrfs_search_slot()) and then verifies that the checksum item that ends at offset X still exists and extends its size to insert the checksums for the range from X to X + 64KiB; 8) Task A releases the path and returns from btrfs_csum_file_blocks(), having inserted the checksums into an existing checksum item that got its size extended. At this point we have one checksum item in the log tree that covers the logical range from X - 64KiB to X + 64KiB; 9) Task B now does a search for insertion using btrfs_search_slot() too, but it finds that the previous checksum item no longer ends at the offset X, it now ends at an of offset X + 64KiB, so it leaves that item untouched. Then it releases the path and calls btrfs_insert_empty_item() that inserts a checksum item with a key offset corresponding to X and a size for inserting a single checksum (4 bytes in case of crc32c). Subsequent iterations end up extending this new checksum item so that it contains the checksums for the range from X to X + 64KiB. So after task B returns from btrfs_csum_file_blocks() we end up with two checksum items in the log tree that have overlapping ranges, one for the range from X - 64KiB to X + 64KiB, and another for the range from X to X + 64KiB. Having checksum items that represent ranges which overlap, regardless of being in the log tree or in the chekcsums tree, can lead to problems where checksums for a file range end up not being found. This type of problem has happened a few times in the past and the following commits fixed them and explain in detail why having checksum items with overlapping ranges is problematic: 27b9a8122ff71a "Btrfs: fix csum tree corruption, duplicate and outdated checksums" b84b8390d6009c "Btrfs: fix file read corruption after extent cloning and fsync" 40e046acbd2f36 "Btrfs: fix missing data checksums after replaying a log tree" Since this specific instance of the problem can only happen when logging inodes, because it is the only case where concurrent attempts to insert checksums for the same range can happen, fix the issue by using an extent io tree as a range lock to serialize checksum insertion during inode logging. This issue could often be reproduced by the test case generic/457 from fstests. When it happens it produces the following trace: BTRFS critical (device dm-0): corrupt leaf: root=18446744073709551610 block=30625792 slot=42, csum end range (15020032) goes beyond the start range (15015936) of the next csum item BTRFS info (device dm-0): leaf 30625792 gen 7 total ptrs 49 free space 2402 owner 18446744073709551610 BTRFS info (device dm-0): refs 1 lock (w:0 r:0 bw:0 br:0 sw:0 sr:0) lock_owner 0 current 15884 item 0 key (18446744073709551606 128 13979648) itemoff 3991 itemsize 4 item 1 key (18446744073709551606 128 13983744) itemoff 3987 itemsize 4 item 2 key (18446744073709551606 128 13987840) itemoff 3983 itemsize 4 item 3 key (18446744073709551606 128 13991936) itemoff 3979 itemsize 4 item 4 key (18446744073709551606 128 13996032) itemoff 3975 itemsize 4 item 5 key (18446744073709551606 128 14000128) itemoff 3971 itemsize 4 (...) BTRFS error (device dm-0): block=30625792 write time tree block corruption detected ------------[ cut here ]------------ WARNING: CPU: 1 PID: 15884 at fs/btrfs/disk-io.c:539 btree_csum_one_bio+0x268/0x2d0 [btrfs] Modules linked in: btrfs dm_thin_pool ... CPU: 1 PID: 15884 Comm: fsx Tainted: G W 5.6.0-rc7-btrfs-next-58 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:btree_csum_one_bio+0x268/0x2d0 [btrfs] Code: c7 c7 ... RSP: 0018:ffffbb0109e6f8e0 EFLAGS: 00010296 RAX: 0000000000000000 RBX: ffffe1c0847b6080 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffffaa963988 RDI: 0000000000000001 RBP: ffff956a4f4d2000 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000526 R11: 0000000000000000 R12: ffff956a5cd28bb0 R13: 0000000000000000 R14: ffff956a649c9388 R15: 000000011ed82000 FS: 00007fb419959e80(0000) GS:ffff956a7aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000fe6d54 CR3: 0000000138696005 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: btree_submit_bio_hook+0x67/0xc0 [btrfs] submit_one_bio+0x31/0x50 [btrfs] btree_write_cache_pages+0x2db/0x4b0 [btrfs] ? __filemap_fdatawrite_range+0xb1/0x110 do_writepages+0x23/0x80 __filemap_fdatawrite_range+0xd2/0x110 btrfs_write_marked_extents+0x15e/0x180 [btrfs] btrfs_sync_log+0x206/0x10a0 [btrfs] ? kmem_cache_free+0x315/0x3b0 ? btrfs_log_inode+0x1e8/0xf90 [btrfs] ? __mutex_unlock_slowpath+0x45/0x2a0 ? lockref_put_or_lock+0x9/0x30 ? dput+0x2d/0x580 ? dput+0xb5/0x580 ? btrfs_sync_file+0x464/0x4d0 [btrfs] btrfs_sync_file+0x464/0x4d0 [btrfs] do_fsync+0x38/0x60 __x64_sys_fsync+0x10/0x20 do_syscall_64+0x5c/0x280 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fb41953a6d0 Code: 48 3d ... RSP: 002b:00007ffcc86bd218 EFLAGS: 00000246 ORIG_RAX: 000000000000004a RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007fb41953a6d0 RDX: 0000000000000009 RSI: 0000000000040000 RDI: 0000000000000003 RBP: 0000000000040000 R08: 0000000000000001 R09: 0000000000000009 R10: 0000000000000064 R11: 0000000000000246 R12: 0000556cf4b2c060 R13: 0000000000000100 R14: 0000000000000000 R15: 0000556cf322b420 irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<ffffffffa96bdedf>] copy_process+0x74f/0x2020 softirqs last enabled at (0): [<ffffffffa96bdedf>] copy_process+0x74f/0x2020 softirqs last disabled at (0): [<0000000000000000>] 0x0 ---[ end trace d543fc76f5ad7fd8 ]--- In that trace the tree checker detected the overlapping checksum items at the time when we triggered writeback for the log tree when syncing the log. Another trace that can happen is due to BUG_ON() when deleting checksum items while logging an inode: BTRFS critical (device dm-0): slot 81 key (18446744073709551606 128 13635584) new key (18446744073709551606 128 13635584) BTRFS info (device dm-0): leaf 30949376 gen 7 total ptrs 98 free space 8527 owner 18446744073709551610 BTRFS info (device dm-0): refs 4 lock (w:1 r:0 bw:0 br:0 sw:1 sr:0) lock_owner 13473 current 13473 item 0 key (257 1 0) itemoff 16123 itemsize 160 inode generation 7 size 262144 mode 100600 item 1 key (257 12 256) itemoff 16103 itemsize 20 item 2 key (257 108 0) itemoff 16050 itemsize 53 extent data disk bytenr 13631488 nr 4096 extent data offset 0 nr 131072 ram 131072 (...) ------------[ cut here ]------------ kernel BUG at fs/btrfs/ctree.c:3153! invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI CPU: 1 PID: 13473 Comm: fsx Not tainted 5.6.0-rc7-btrfs-next-58 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:btrfs_set_item_key_safe+0x1ea/0x270 [btrfs] Code: 0f b6 ... RSP: 0018:ffff95e3889179d0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000051 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffffb7763988 RDI: 0000000000000001 RBP: fffffffffffffff6 R08: 0000000000000000 R09: 0000000000000001 R10: 00000000000009ef R11: 0000000000000000 R12: ffff8912a8ba5a08 R13: ffff95e388917a06 R14: ffff89138dcf68c8 R15: ffff95e388917ace FS: 00007fe587084e80(0000) GS:ffff8913baa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe587091000 CR3: 0000000126dac005 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: btrfs_del_csums+0x2f4/0x540 [btrfs] copy_items+0x4b5/0x560 [btrfs] btrfs_log_inode+0x910/0xf90 [btrfs] btrfs_log_inode_parent+0x2a0/0xe40 [btrfs] ? dget_parent+0x5/0x370 btrfs_log_dentry_safe+0x4a/0x70 [btrfs] btrfs_sync_file+0x42b/0x4d0 [btrfs] __x64_sys_msync+0x199/0x200 do_syscall_64+0x5c/0x280 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fe586c65760 Code: 00 f7 ... RSP: 002b:00007ffe250f98b8 EFLAGS: 00000246 ORIG_RAX: 000000000000001a RAX: ffffffffffffffda RBX: 00000000000040e1 RCX: 00007fe586c65760 RDX: 0000000000000004 RSI: 0000000000006b51 RDI: 00007fe58708b000 RBP: 0000000000006a70 R08: 0000000000000003 R09: 00007fe58700cb61 R10: 0000000000000100 R11: 0000000000000246 R12: 00000000000000e1 R13: 00007fe58708b000 R14: 0000000000006b51 R15: 0000558de021a420 Modules linked in: dm_log_writes ... ---[ end trace c92a7f447a8515f5 ]--- CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index 5afeb17a3f1a..30ce7039bc27 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -1167,6 +1167,9 @@ struct btrfs_root { /* Record pairs of swapped blocks for qgroup */ struct btrfs_qgroup_swapped_blocks swapped_blocks; + /* Used only by log trees, when logging csum items */ + struct extent_io_tree log_csum_range; + #ifdef CONFIG_BTRFS_FS_RUN_SANITY_TESTS u64 alloc_bytenr; #endif diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index f2f2864f5978..f8ec2d8606fd 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -1133,9 +1133,12 @@ static void __setup_root(struct btrfs_root *root, struct btrfs_fs_info *fs_info, root->log_transid = 0; root->log_transid_committed = -1; root->last_log_commit = 0; - if (!dummy) + if (!dummy) { extent_io_tree_init(fs_info, &root->dirty_log_pages, IO_TREE_ROOT_DIRTY_LOG_PAGES, NULL); + extent_io_tree_init(fs_info, &root->log_csum_range, + IO_TREE_LOG_CSUM_RANGE, NULL); + } memset(&root->root_key, 0, sizeof(root->root_key)); memset(&root->root_item, 0, sizeof(root->root_item)); diff --git a/fs/btrfs/extent-io-tree.h b/fs/btrfs/extent-io-tree.h index b4a7bad3e82e..b6561455b3c4 100644 --- a/fs/btrfs/extent-io-tree.h +++ b/fs/btrfs/extent-io-tree.h @@ -44,6 +44,7 @@ enum { IO_TREE_TRANS_DIRTY_PAGES, IO_TREE_ROOT_DIRTY_LOG_PAGES, IO_TREE_INODE_FILE_EXTENT, + IO_TREE_LOG_CSUM_RANGE, IO_TREE_SELFTEST, }; diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 67fa7087f707..920cee312f4e 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -3290,6 +3290,7 @@ static void free_log_tree(struct btrfs_trans_handle *trans, clear_extent_bits(&log->dirty_log_pages, 0, (u64)-1, EXTENT_DIRTY | EXTENT_NEW | EXTENT_NEED_WAIT); + extent_io_tree_release(&log->log_csum_range); btrfs_put_root(log); } @@ -3903,8 +3904,20 @@ static int log_csums(struct btrfs_trans_handle *trans, struct btrfs_root *log_root, struct btrfs_ordered_sum *sums) { + const u64 lock_end = sums->bytenr + sums->len - 1; + struct extent_state *cached_state = NULL; int ret; + /* + * Serialize logging for checksums. This is to avoid racing with the + * same checksum being logged by another task that is logging another + * file which happens to refer to the same extent as well. Such races + * can leave checksum items in the log with overlapping ranges. + */ + ret = lock_extent_bits(&log_root->log_csum_range, sums->bytenr, + lock_end, &cached_state); + if (ret) + return ret; /* * Due to extent cloning, we might have logged a csum item that covers a * subrange of a cloned extent, and later we can end up logging a csum @@ -3915,10 +3928,13 @@ static int log_csums(struct btrfs_trans_handle *trans, * trim and adjust) any existing csum items in the log for this range. */ ret = btrfs_del_csums(trans, log_root, sums->bytenr, sums->len); - if (ret) - return ret; + if (!ret) + ret = btrfs_csum_file_blocks(trans, log_root, sums); - return btrfs_csum_file_blocks(trans, log_root, sums); + unlock_extent_cached(&log_root->log_csum_range, sums->bytenr, lock_end, + &cached_state); + + return ret; } static noinline int copy_items(struct btrfs_trans_handle *trans, diff --git a/include/trace/events/btrfs.h b/include/trace/events/btrfs.h index bcbc763b8814..360b0f9d2220 100644 --- a/include/trace/events/btrfs.h +++ b/include/trace/events/btrfs.h @@ -89,6 +89,7 @@ TRACE_DEFINE_ENUM(COMMIT_TRANS); { IO_TREE_TRANS_DIRTY_PAGES, "TRANS_DIRTY_PAGES" }, \ { IO_TREE_ROOT_DIRTY_LOG_PAGES, "ROOT_DIRTY_LOG_PAGES" }, \ { IO_TREE_INODE_FILE_EXTENT, "INODE_FILE_EXTENT" }, \ + { IO_TREE_LOG_CSUM_RANGE, "LOG_CSUM_RANGE" }, \ { IO_TREE_SELFTEST, "SELFTEST" }) #define BTRFS_GROUP_FLAGS \

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix error handling when submitting direct I/O bio" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6d3113a193e3385c72240096fe397618ecab6e43 Mon Sep 17 00:00:00 2001 From: Omar Sandoval <osandov(a)fb.com> Date: Thu, 16 Apr 2020 14:46:12 -0700 Subject: [PATCH] btrfs: fix error handling when submitting direct I/O bio In btrfs_submit_direct_hook(), if a direct I/O write doesn't span a RAID stripe or chunk, we submit orig_bio without cloning it. In this case, we don't increment pending_bios. Then, if btrfs_submit_dio_bio() fails, we decrement pending_bios to -1, and we never complete orig_bio. Fix it by initializing pending_bios to 1 instead of incrementing later. Fixing this exposes another bug: we put orig_bio prematurely and then put it again from end_io. Fix it by not putting orig_bio. After this change, pending_bios is really more of a reference count, but I'll leave that cleanup separate to keep the fix small. Fixes: e65e15355429 ("btrfs: fix panic caused by direct IO") CC: stable(a)vger.kernel.org # 4.4+ Reviewed-by: Nikolay Borisov <nborisov(a)suse.com> Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Signed-off-by: Omar Sandoval <osandov(a)fb.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 259239b33370..b628c319a5b6 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -7939,7 +7939,6 @@ static int btrfs_submit_direct_hook(struct btrfs_dio_private *dip) /* bio split */ ASSERT(geom.len <= INT_MAX); - atomic_inc(&dip->pending_bios); do { clone_len = min_t(int, submit_len, geom.len); @@ -7989,7 +7988,8 @@ static int btrfs_submit_direct_hook(struct btrfs_dio_private *dip) if (!status) return 0; - bio_put(bio); + if (bio != orig_bio) + bio_put(bio); out_err: dip->errors = 1; /* @@ -8030,7 +8030,7 @@ static void btrfs_submit_direct(struct bio *dio_bio, struct inode *inode, bio->bi_private = dip; dip->orig_bio = bio; dip->dio_bio = dio_bio; - atomic_set(&dip->pending_bios, 0); + atomic_set(&dip->pending_bios, 1); io_bio = btrfs_io_bio(bio); io_bio->logical = file_offset;

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix error handling when submitting direct I/O bio" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6d3113a193e3385c72240096fe397618ecab6e43 Mon Sep 17 00:00:00 2001 From: Omar Sandoval <osandov(a)fb.com> Date: Thu, 16 Apr 2020 14:46:12 -0700 Subject: [PATCH] btrfs: fix error handling when submitting direct I/O bio In btrfs_submit_direct_hook(), if a direct I/O write doesn't span a RAID stripe or chunk, we submit orig_bio without cloning it. In this case, we don't increment pending_bios. Then, if btrfs_submit_dio_bio() fails, we decrement pending_bios to -1, and we never complete orig_bio. Fix it by initializing pending_bios to 1 instead of incrementing later. Fixing this exposes another bug: we put orig_bio prematurely and then put it again from end_io. Fix it by not putting orig_bio. After this change, pending_bios is really more of a reference count, but I'll leave that cleanup separate to keep the fix small. Fixes: e65e15355429 ("btrfs: fix panic caused by direct IO") CC: stable(a)vger.kernel.org # 4.4+ Reviewed-by: Nikolay Borisov <nborisov(a)suse.com> Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Signed-off-by: Omar Sandoval <osandov(a)fb.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 259239b33370..b628c319a5b6 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -7939,7 +7939,6 @@ static int btrfs_submit_direct_hook(struct btrfs_dio_private *dip) /* bio split */ ASSERT(geom.len <= INT_MAX); - atomic_inc(&dip->pending_bios); do { clone_len = min_t(int, submit_len, geom.len); @@ -7989,7 +7988,8 @@ static int btrfs_submit_direct_hook(struct btrfs_dio_private *dip) if (!status) return 0; - bio_put(bio); + if (bio != orig_bio) + bio_put(bio); out_err: dip->errors = 1; /* @@ -8030,7 +8030,7 @@ static void btrfs_submit_direct(struct bio *dio_bio, struct inode *inode, bio->bi_private = dip; dip->orig_bio = bio; dip->dio_bio = dio_bio; - atomic_set(&dip->pending_bios, 0); + atomic_set(&dip->pending_bios, 1); io_bio = btrfs_io_bio(bio); io_bio->logical = file_offset;

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix error handling when submitting direct I/O bio" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6d3113a193e3385c72240096fe397618ecab6e43 Mon Sep 17 00:00:00 2001 From: Omar Sandoval <osandov(a)fb.com> Date: Thu, 16 Apr 2020 14:46:12 -0700 Subject: [PATCH] btrfs: fix error handling when submitting direct I/O bio In btrfs_submit_direct_hook(), if a direct I/O write doesn't span a RAID stripe or chunk, we submit orig_bio without cloning it. In this case, we don't increment pending_bios. Then, if btrfs_submit_dio_bio() fails, we decrement pending_bios to -1, and we never complete orig_bio. Fix it by initializing pending_bios to 1 instead of incrementing later. Fixing this exposes another bug: we put orig_bio prematurely and then put it again from end_io. Fix it by not putting orig_bio. After this change, pending_bios is really more of a reference count, but I'll leave that cleanup separate to keep the fix small. Fixes: e65e15355429 ("btrfs: fix panic caused by direct IO") CC: stable(a)vger.kernel.org # 4.4+ Reviewed-by: Nikolay Borisov <nborisov(a)suse.com> Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Signed-off-by: Omar Sandoval <osandov(a)fb.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 259239b33370..b628c319a5b6 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -7939,7 +7939,6 @@ static int btrfs_submit_direct_hook(struct btrfs_dio_private *dip) /* bio split */ ASSERT(geom.len <= INT_MAX); - atomic_inc(&dip->pending_bios); do { clone_len = min_t(int, submit_len, geom.len); @@ -7989,7 +7988,8 @@ static int btrfs_submit_direct_hook(struct btrfs_dio_private *dip) if (!status) return 0; - bio_put(bio); + if (bio != orig_bio) + bio_put(bio); out_err: dip->errors = 1; /* @@ -8030,7 +8030,7 @@ static void btrfs_submit_direct(struct bio *dio_bio, struct inode *inode, bio->bi_private = dip; dip->orig_bio = bio; dip->dio_bio = dio_bio; - atomic_set(&dip->pending_bios, 0); + atomic_set(&dip->pending_bios, 1); io_bio = btrfs_io_bio(bio); io_bio->logical = file_offset;

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix error handling when submitting direct I/O bio" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6d3113a193e3385c72240096fe397618ecab6e43 Mon Sep 17 00:00:00 2001 From: Omar Sandoval <osandov(a)fb.com> Date: Thu, 16 Apr 2020 14:46:12 -0700 Subject: [PATCH] btrfs: fix error handling when submitting direct I/O bio In btrfs_submit_direct_hook(), if a direct I/O write doesn't span a RAID stripe or chunk, we submit orig_bio without cloning it. In this case, we don't increment pending_bios. Then, if btrfs_submit_dio_bio() fails, we decrement pending_bios to -1, and we never complete orig_bio. Fix it by initializing pending_bios to 1 instead of incrementing later. Fixing this exposes another bug: we put orig_bio prematurely and then put it again from end_io. Fix it by not putting orig_bio. After this change, pending_bios is really more of a reference count, but I'll leave that cleanup separate to keep the fix small. Fixes: e65e15355429 ("btrfs: fix panic caused by direct IO") CC: stable(a)vger.kernel.org # 4.4+ Reviewed-by: Nikolay Borisov <nborisov(a)suse.com> Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Signed-off-by: Omar Sandoval <osandov(a)fb.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 259239b33370..b628c319a5b6 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -7939,7 +7939,6 @@ static int btrfs_submit_direct_hook(struct btrfs_dio_private *dip) /* bio split */ ASSERT(geom.len <= INT_MAX); - atomic_inc(&dip->pending_bios); do { clone_len = min_t(int, submit_len, geom.len); @@ -7989,7 +7988,8 @@ static int btrfs_submit_direct_hook(struct btrfs_dio_private *dip) if (!status) return 0; - bio_put(bio); + if (bio != orig_bio) + bio_put(bio); out_err: dip->errors = 1; /* @@ -8030,7 +8030,7 @@ static void btrfs_submit_direct(struct bio *dio_bio, struct inode *inode, bio->bi_private = dip; dip->orig_bio = bio; dip->dio_bio = dio_bio; - atomic_set(&dip->pending_bios, 0); + atomic_set(&dip->pending_bios, 1); io_bio = btrfs_io_bio(bio); io_bio->logical = file_offset;

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix a race between scrub and block group" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2473d24f2b77da0ffabcbb916793e58e7f57440b Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 8 May 2020 11:01:10 +0100 Subject: [PATCH] btrfs: fix a race between scrub and block group removal/allocation When scrub is verifying the extents of a block group for a device, it is possible that the corresponding block group gets removed and its logical address and device extents get used for a new block group allocation. When this happens scrub incorrectly reports that errors were detected and, if the the new block group has a different profile then the old one, deleted block group, we can crash due to a null pointer dereference. Possibly other unexpected and weird consequences can happen as well. Consider the following sequence of actions that leads to the null pointer dereference crash when scrub is running in parallel with balance: 1) Balance sets block group X to read-only mode and starts relocating it. Block group X is a metadata block group, has a raid1 profile (two device extents, each one in a different device) and a logical address of 19424870400; 2) Scrub is running and finds device extent E, which belongs to block group X. It enters scrub_stripe() to find all extents allocated to block group X, the search is done using the extent tree; 3) Balance finishes relocating block group X and removes block group X; 4) Balance starts relocating another block group and when trying to commit the current transaction as part of the preparation step (prepare_to_relocate()), it blocks because scrub is running; 5) The scrub task finds the metadata extent at the logical address 19425001472 and marks the pages of the extent to be read by a bio (struct scrub_bio). The extent item's flags, which have the bit BTRFS_EXTENT_FLAG_TREE_BLOCK set, are added to each page (struct scrub_page). It is these flags in the scrub pages that tells the bio's end io function (scrub_bio_end_io_worker) which type of extent it is dealing with. At this point we end up with 4 pages in a bio which is ready for submission (the metadata extent has a size of 16Kb, so that gives 4 pages on x86); 6) At the next iteration of scrub_stripe(), scrub checks that there is a pause request from the relocation task trying to commit a transaction, therefore it submits the pending bio and pauses, waiting for the transaction commit to complete before resuming; 7) The relocation task commits the transaction. The device extent E, that was used by our block group X, is now available for allocation, since the commit root for the device tree was swapped by the transaction commit; 8) Another task doing a direct IO write allocates a new data block group Y which ends using device extent E. This new block group Y also ends up getting the same logical address that block group X had: 19424870400. This happens because block group X was the block group with the highest logical address and, when allocating Y, find_next_chunk() returns the end offset of the current last block group to be used as the logical address for the new block group, which is 18351128576 + 1073741824 = 19424870400 So our new block group Y has the same logical address and device extent that block group X had. However Y is a data block group, while X was a metadata one, and Y has a raid0 profile, while X had a raid1 profile; 9) After allocating block group Y, the direct IO submits a bio to write to device extent E; 10) The read bio submitted by scrub reads the 4 pages (16Kb) from device extent E, which now correspond to the data written by the task that did a direct IO write. Then at the end io function associated with the bio, scrub_bio_end_io_worker(), we call scrub_block_complete() which calls scrub_checksum(). This later function checks the flags of the first page, and sees that the bit BTRFS_EXTENT_FLAG_TREE_BLOCK is set in the flags, so it assumes it has a metadata extent and then calls scrub_checksum_tree_block(). That functions returns an error, since interpreting data as a metadata extent causes the checksum verification to fail. So this makes scrub_checksum() call scrub_handle_errored_block(), which determines 'failed_mirror_index' to be 1, since the device extent E was allocated as the second mirror of block group X. It allocates BTRFS_MAX_MIRRORS scrub_block structures as an array at 'sblocks_for_recheck', and all the memory is initialized to zeroes by kcalloc(). After that it calls scrub_setup_recheck_block(), which is responsible for filling each of those structures. However, when that function calls btrfs_map_sblock() against the logical address of the metadata extent, 19425001472, it gets a struct btrfs_bio ('bbio') that matches the current block group Y. However block group Y has a raid0 profile and not a raid1 profile like X had, so the following call returns 1: scrub_nr_raid_mirrors(bbio) And as a result scrub_setup_recheck_block() only initializes the first (index 0) scrub_block structure in 'sblocks_for_recheck'. Then scrub_recheck_block() is called by scrub_handle_errored_block() with the second (index 1) scrub_block structure as the argument, because 'failed_mirror_index' was previously set to 1. This scrub_block was not initialized by scrub_setup_recheck_block(), so it has zero pages, its 'page_count' member is 0 and its 'pagev' page array has all members pointing to NULL. Finally when scrub_recheck_block() calls scrub_recheck_block_checksum() we have a NULL pointer dereference when accessing the flags of the first page, as pavev[0] is NULL: static void scrub_recheck_block_checksum(struct scrub_block *sblock) { (...) if (sblock->pagev[0]->flags & BTRFS_EXTENT_FLAG_DATA) scrub_checksum_data(sblock); (...) } Producing a stack trace like the following: [542998.008985] BUG: kernel NULL pointer dereference, address: 0000000000000028 [542998.010238] #PF: supervisor read access in kernel mode [542998.010878] #PF: error_code(0x0000) - not-present page [542998.011516] PGD 0 P4D 0 [542998.011929] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI [542998.012786] CPU: 3 PID: 4846 Comm: kworker/u8:1 Tainted: G B W 5.6.0-rc7-btrfs-next-58 #1 [542998.014524] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [542998.016065] Workqueue: btrfs-scrub btrfs_work_helper [btrfs] [542998.017255] RIP: 0010:scrub_recheck_block_checksum+0xf/0x20 [btrfs] [542998.018474] Code: 4c 89 e6 ... [542998.021419] RSP: 0018:ffffa7af0375fbd8 EFLAGS: 00010202 [542998.022120] RAX: 0000000000000000 RBX: ffff9792e674d120 RCX: 0000000000000000 [542998.023178] RDX: 0000000000000001 RSI: ffff9792e674d120 RDI: ffff9792e674d120 [542998.024465] RBP: 0000000000000000 R08: 0000000000000067 R09: 0000000000000001 [542998.025462] R10: ffffa7af0375fa50 R11: 0000000000000000 R12: ffff9791f61fe800 [542998.026357] R13: ffff9792e674d120 R14: 0000000000000001 R15: ffffffffc0e3dfc0 [542998.027237] FS: 0000000000000000(0000) GS:ffff9792fb200000(0000) knlGS:0000000000000000 [542998.028327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [542998.029261] CR2: 0000000000000028 CR3: 00000000b3b18003 CR4: 00000000003606e0 [542998.030301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [542998.031316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [542998.032380] Call Trace: [542998.032752] scrub_recheck_block+0x162/0x400 [btrfs] [542998.033500] ? __alloc_pages_nodemask+0x31e/0x460 [542998.034228] scrub_handle_errored_block+0x6f8/0x1920 [btrfs] [542998.035170] scrub_bio_end_io_worker+0x100/0x520 [btrfs] [542998.035991] btrfs_work_helper+0xaa/0x720 [btrfs] [542998.036735] process_one_work+0x26d/0x6a0 [542998.037275] worker_thread+0x4f/0x3e0 [542998.037740] ? process_one_work+0x6a0/0x6a0 [542998.038378] kthread+0x103/0x140 [542998.038789] ? kthread_create_worker_on_cpu+0x70/0x70 [542998.039419] ret_from_fork+0x3a/0x50 [542998.039875] Modules linked in: dm_snapshot dm_thin_pool ... [542998.047288] CR2: 0000000000000028 [542998.047724] ---[ end trace bde186e176c7f96a ]--- This issue has been around for a long time, possibly since scrub exists. The last time I ran into it was over 2 years ago. After recently fixing fstests to pass the "--full-balance" command line option to btrfs-progs when doing balance, several tests started to more heavily exercise balance with fsstress, scrub and other operations in parallel, and therefore started to hit this issue again (with btrfs/061 for example). Fix this by having scrub increment the 'trimming' counter of the block group, which pins the block group in such a way that it guarantees neither its logical address nor device extents can be reused by future block group allocations until we decrement the 'trimming' counter. Also make sure that on each iteration of scrub_stripe() we stop scrubbing the block group if it was removed already. A later patch in the series will rename the block group's 'trimming' counter and its helpers to a more generic name, since now it is not used exclusively for pinning while trimming anymore. CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c index adaf8ab694d5..7c50ac5b6876 100644 --- a/fs/btrfs/scrub.c +++ b/fs/btrfs/scrub.c @@ -3046,7 +3046,8 @@ static noinline_for_stack int scrub_raid56_parity(struct scrub_ctx *sctx, static noinline_for_stack int scrub_stripe(struct scrub_ctx *sctx, struct map_lookup *map, struct btrfs_device *scrub_dev, - int num, u64 base, u64 length) + int num, u64 base, u64 length, + struct btrfs_block_group *cache) { struct btrfs_path *path, *ppath; struct btrfs_fs_info *fs_info = sctx->fs_info; @@ -3284,6 +3285,20 @@ static noinline_for_stack int scrub_stripe(struct scrub_ctx *sctx, break; } + /* + * If our block group was removed in the meanwhile, just + * stop scrubbing since there is no point in continuing. + * Continuing would prevent reusing its device extents + * for new block groups for a long time. + */ + spin_lock(&cache->lock); + if (cache->removed) { + spin_unlock(&cache->lock); + ret = 0; + goto out; + } + spin_unlock(&cache->lock); + extent = btrfs_item_ptr(l, slot, struct btrfs_extent_item); flags = btrfs_extent_flags(l, extent); @@ -3457,7 +3472,7 @@ static noinline_for_stack int scrub_chunk(struct scrub_ctx *sctx, if (map->stripes[i].dev->bdev == scrub_dev->bdev && map->stripes[i].physical == dev_offset) { ret = scrub_stripe(sctx, map, scrub_dev, i, - chunk_offset, length); + chunk_offset, length, cache); if (ret) goto out; } @@ -3554,6 +3569,23 @@ int scrub_enumerate_chunks(struct scrub_ctx *sctx, if (!cache) goto skip; + /* + * Make sure that while we are scrubbing the corresponding block + * group doesn't get its logical address and its device extents + * reused for another block group, which can possibly be of a + * different type and different profile. We do this to prevent + * false error detections and crashes due to bogus attempts to + * repair extents. + */ + spin_lock(&cache->lock); + if (cache->removed) { + spin_unlock(&cache->lock); + btrfs_put_block_group(cache); + goto skip; + } + btrfs_get_block_group_trimming(cache); + spin_unlock(&cache->lock); + /* * we need call btrfs_inc_block_group_ro() with scrubs_paused, * to avoid deadlock caused by: @@ -3609,6 +3641,7 @@ int scrub_enumerate_chunks(struct scrub_ctx *sctx, } else { btrfs_warn(fs_info, "failed setting block group ro: %d", ret); + btrfs_put_block_group_trimming(cache); btrfs_put_block_group(cache); scrub_pause_off(fs_info); break; @@ -3695,6 +3728,7 @@ int scrub_enumerate_chunks(struct scrub_ctx *sctx, spin_unlock(&cache->lock); } + btrfs_put_block_group_trimming(cache); btrfs_put_block_group(cache); if (ret) break;

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix a race between scrub and block group" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2473d24f2b77da0ffabcbb916793e58e7f57440b Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 8 May 2020 11:01:10 +0100 Subject: [PATCH] btrfs: fix a race between scrub and block group removal/allocation When scrub is verifying the extents of a block group for a device, it is possible that the corresponding block group gets removed and its logical address and device extents get used for a new block group allocation. When this happens scrub incorrectly reports that errors were detected and, if the the new block group has a different profile then the old one, deleted block group, we can crash due to a null pointer dereference. Possibly other unexpected and weird consequences can happen as well. Consider the following sequence of actions that leads to the null pointer dereference crash when scrub is running in parallel with balance: 1) Balance sets block group X to read-only mode and starts relocating it. Block group X is a metadata block group, has a raid1 profile (two device extents, each one in a different device) and a logical address of 19424870400; 2) Scrub is running and finds device extent E, which belongs to block group X. It enters scrub_stripe() to find all extents allocated to block group X, the search is done using the extent tree; 3) Balance finishes relocating block group X and removes block group X; 4) Balance starts relocating another block group and when trying to commit the current transaction as part of the preparation step (prepare_to_relocate()), it blocks because scrub is running; 5) The scrub task finds the metadata extent at the logical address 19425001472 and marks the pages of the extent to be read by a bio (struct scrub_bio). The extent item's flags, which have the bit BTRFS_EXTENT_FLAG_TREE_BLOCK set, are added to each page (struct scrub_page). It is these flags in the scrub pages that tells the bio's end io function (scrub_bio_end_io_worker) which type of extent it is dealing with. At this point we end up with 4 pages in a bio which is ready for submission (the metadata extent has a size of 16Kb, so that gives 4 pages on x86); 6) At the next iteration of scrub_stripe(), scrub checks that there is a pause request from the relocation task trying to commit a transaction, therefore it submits the pending bio and pauses, waiting for the transaction commit to complete before resuming; 7) The relocation task commits the transaction. The device extent E, that was used by our block group X, is now available for allocation, since the commit root for the device tree was swapped by the transaction commit; 8) Another task doing a direct IO write allocates a new data block group Y which ends using device extent E. This new block group Y also ends up getting the same logical address that block group X had: 19424870400. This happens because block group X was the block group with the highest logical address and, when allocating Y, find_next_chunk() returns the end offset of the current last block group to be used as the logical address for the new block group, which is 18351128576 + 1073741824 = 19424870400 So our new block group Y has the same logical address and device extent that block group X had. However Y is a data block group, while X was a metadata one, and Y has a raid0 profile, while X had a raid1 profile; 9) After allocating block group Y, the direct IO submits a bio to write to device extent E; 10) The read bio submitted by scrub reads the 4 pages (16Kb) from device extent E, which now correspond to the data written by the task that did a direct IO write. Then at the end io function associated with the bio, scrub_bio_end_io_worker(), we call scrub_block_complete() which calls scrub_checksum(). This later function checks the flags of the first page, and sees that the bit BTRFS_EXTENT_FLAG_TREE_BLOCK is set in the flags, so it assumes it has a metadata extent and then calls scrub_checksum_tree_block(). That functions returns an error, since interpreting data as a metadata extent causes the checksum verification to fail. So this makes scrub_checksum() call scrub_handle_errored_block(), which determines 'failed_mirror_index' to be 1, since the device extent E was allocated as the second mirror of block group X. It allocates BTRFS_MAX_MIRRORS scrub_block structures as an array at 'sblocks_for_recheck', and all the memory is initialized to zeroes by kcalloc(). After that it calls scrub_setup_recheck_block(), which is responsible for filling each of those structures. However, when that function calls btrfs_map_sblock() against the logical address of the metadata extent, 19425001472, it gets a struct btrfs_bio ('bbio') that matches the current block group Y. However block group Y has a raid0 profile and not a raid1 profile like X had, so the following call returns 1: scrub_nr_raid_mirrors(bbio) And as a result scrub_setup_recheck_block() only initializes the first (index 0) scrub_block structure in 'sblocks_for_recheck'. Then scrub_recheck_block() is called by scrub_handle_errored_block() with the second (index 1) scrub_block structure as the argument, because 'failed_mirror_index' was previously set to 1. This scrub_block was not initialized by scrub_setup_recheck_block(), so it has zero pages, its 'page_count' member is 0 and its 'pagev' page array has all members pointing to NULL. Finally when scrub_recheck_block() calls scrub_recheck_block_checksum() we have a NULL pointer dereference when accessing the flags of the first page, as pavev[0] is NULL: static void scrub_recheck_block_checksum(struct scrub_block *sblock) { (...) if (sblock->pagev[0]->flags & BTRFS_EXTENT_FLAG_DATA) scrub_checksum_data(sblock); (...) } Producing a stack trace like the following: [542998.008985] BUG: kernel NULL pointer dereference, address: 0000000000000028 [542998.010238] #PF: supervisor read access in kernel mode [542998.010878] #PF: error_code(0x0000) - not-present page [542998.011516] PGD 0 P4D 0 [542998.011929] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI [542998.012786] CPU: 3 PID: 4846 Comm: kworker/u8:1 Tainted: G B W 5.6.0-rc7-btrfs-next-58 #1 [542998.014524] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [542998.016065] Workqueue: btrfs-scrub btrfs_work_helper [btrfs] [542998.017255] RIP: 0010:scrub_recheck_block_checksum+0xf/0x20 [btrfs] [542998.018474] Code: 4c 89 e6 ... [542998.021419] RSP: 0018:ffffa7af0375fbd8 EFLAGS: 00010202 [542998.022120] RAX: 0000000000000000 RBX: ffff9792e674d120 RCX: 0000000000000000 [542998.023178] RDX: 0000000000000001 RSI: ffff9792e674d120 RDI: ffff9792e674d120 [542998.024465] RBP: 0000000000000000 R08: 0000000000000067 R09: 0000000000000001 [542998.025462] R10: ffffa7af0375fa50 R11: 0000000000000000 R12: ffff9791f61fe800 [542998.026357] R13: ffff9792e674d120 R14: 0000000000000001 R15: ffffffffc0e3dfc0 [542998.027237] FS: 0000000000000000(0000) GS:ffff9792fb200000(0000) knlGS:0000000000000000 [542998.028327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [542998.029261] CR2: 0000000000000028 CR3: 00000000b3b18003 CR4: 00000000003606e0 [542998.030301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [542998.031316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [542998.032380] Call Trace: [542998.032752] scrub_recheck_block+0x162/0x400 [btrfs] [542998.033500] ? __alloc_pages_nodemask+0x31e/0x460 [542998.034228] scrub_handle_errored_block+0x6f8/0x1920 [btrfs] [542998.035170] scrub_bio_end_io_worker+0x100/0x520 [btrfs] [542998.035991] btrfs_work_helper+0xaa/0x720 [btrfs] [542998.036735] process_one_work+0x26d/0x6a0 [542998.037275] worker_thread+0x4f/0x3e0 [542998.037740] ? process_one_work+0x6a0/0x6a0 [542998.038378] kthread+0x103/0x140 [542998.038789] ? kthread_create_worker_on_cpu+0x70/0x70 [542998.039419] ret_from_fork+0x3a/0x50 [542998.039875] Modules linked in: dm_snapshot dm_thin_pool ... [542998.047288] CR2: 0000000000000028 [542998.047724] ---[ end trace bde186e176c7f96a ]--- This issue has been around for a long time, possibly since scrub exists. The last time I ran into it was over 2 years ago. After recently fixing fstests to pass the "--full-balance" command line option to btrfs-progs when doing balance, several tests started to more heavily exercise balance with fsstress, scrub and other operations in parallel, and therefore started to hit this issue again (with btrfs/061 for example). Fix this by having scrub increment the 'trimming' counter of the block group, which pins the block group in such a way that it guarantees neither its logical address nor device extents can be reused by future block group allocations until we decrement the 'trimming' counter. Also make sure that on each iteration of scrub_stripe() we stop scrubbing the block group if it was removed already. A later patch in the series will rename the block group's 'trimming' counter and its helpers to a more generic name, since now it is not used exclusively for pinning while trimming anymore. CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c index adaf8ab694d5..7c50ac5b6876 100644 --- a/fs/btrfs/scrub.c +++ b/fs/btrfs/scrub.c @@ -3046,7 +3046,8 @@ static noinline_for_stack int scrub_raid56_parity(struct scrub_ctx *sctx, static noinline_for_stack int scrub_stripe(struct scrub_ctx *sctx, struct map_lookup *map, struct btrfs_device *scrub_dev, - int num, u64 base, u64 length) + int num, u64 base, u64 length, + struct btrfs_block_group *cache) { struct btrfs_path *path, *ppath; struct btrfs_fs_info *fs_info = sctx->fs_info; @@ -3284,6 +3285,20 @@ static noinline_for_stack int scrub_stripe(struct scrub_ctx *sctx, break; } + /* + * If our block group was removed in the meanwhile, just + * stop scrubbing since there is no point in continuing. + * Continuing would prevent reusing its device extents + * for new block groups for a long time. + */ + spin_lock(&cache->lock); + if (cache->removed) { + spin_unlock(&cache->lock); + ret = 0; + goto out; + } + spin_unlock(&cache->lock); + extent = btrfs_item_ptr(l, slot, struct btrfs_extent_item); flags = btrfs_extent_flags(l, extent); @@ -3457,7 +3472,7 @@ static noinline_for_stack int scrub_chunk(struct scrub_ctx *sctx, if (map->stripes[i].dev->bdev == scrub_dev->bdev && map->stripes[i].physical == dev_offset) { ret = scrub_stripe(sctx, map, scrub_dev, i, - chunk_offset, length); + chunk_offset, length, cache); if (ret) goto out; } @@ -3554,6 +3569,23 @@ int scrub_enumerate_chunks(struct scrub_ctx *sctx, if (!cache) goto skip; + /* + * Make sure that while we are scrubbing the corresponding block + * group doesn't get its logical address and its device extents + * reused for another block group, which can possibly be of a + * different type and different profile. We do this to prevent + * false error detections and crashes due to bogus attempts to + * repair extents. + */ + spin_lock(&cache->lock); + if (cache->removed) { + spin_unlock(&cache->lock); + btrfs_put_block_group(cache); + goto skip; + } + btrfs_get_block_group_trimming(cache); + spin_unlock(&cache->lock); + /* * we need call btrfs_inc_block_group_ro() with scrubs_paused, * to avoid deadlock caused by: @@ -3609,6 +3641,7 @@ int scrub_enumerate_chunks(struct scrub_ctx *sctx, } else { btrfs_warn(fs_info, "failed setting block group ro: %d", ret); + btrfs_put_block_group_trimming(cache); btrfs_put_block_group(cache); scrub_pause_off(fs_info); break; @@ -3695,6 +3728,7 @@ int scrub_enumerate_chunks(struct scrub_ctx *sctx, spin_unlock(&cache->lock); } + btrfs_put_block_group_trimming(cache); btrfs_put_block_group(cache); if (ret) break;

5 years, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix a race between scrub and block group" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2473d24f2b77da0ffabcbb916793e58e7f57440b Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 8 May 2020 11:01:10 +0100 Subject: [PATCH] btrfs: fix a race between scrub and block group removal/allocation When scrub is verifying the extents of a block group for a device, it is possible that the corresponding block group gets removed and its logical address and device extents get used for a new block group allocation. When this happens scrub incorrectly reports that errors were detected and, if the the new block group has a different profile then the old one, deleted block group, we can crash due to a null pointer dereference. Possibly other unexpected and weird consequences can happen as well. Consider the following sequence of actions that leads to the null pointer dereference crash when scrub is running in parallel with balance: 1) Balance sets block group X to read-only mode and starts relocating it. Block group X is a metadata block group, has a raid1 profile (two device extents, each one in a different device) and a logical address of 19424870400; 2) Scrub is running and finds device extent E, which belongs to block group X. It enters scrub_stripe() to find all extents allocated to block group X, the search is done using the extent tree; 3) Balance finishes relocating block group X and removes block group X; 4) Balance starts relocating another block group and when trying to commit the current transaction as part of the preparation step (prepare_to_relocate()), it blocks because scrub is running; 5) The scrub task finds the metadata extent at the logical address 19425001472 and marks the pages of the extent to be read by a bio (struct scrub_bio). The extent item's flags, which have the bit BTRFS_EXTENT_FLAG_TREE_BLOCK set, are added to each page (struct scrub_page). It is these flags in the scrub pages that tells the bio's end io function (scrub_bio_end_io_worker) which type of extent it is dealing with. At this point we end up with 4 pages in a bio which is ready for submission (the metadata extent has a size of 16Kb, so that gives 4 pages on x86); 6) At the next iteration of scrub_stripe(), scrub checks that there is a pause request from the relocation task trying to commit a transaction, therefore it submits the pending bio and pauses, waiting for the transaction commit to complete before resuming; 7) The relocation task commits the transaction. The device extent E, that was used by our block group X, is now available for allocation, since the commit root for the device tree was swapped by the transaction commit; 8) Another task doing a direct IO write allocates a new data block group Y which ends using device extent E. This new block group Y also ends up getting the same logical address that block group X had: 19424870400. This happens because block group X was the block group with the highest logical address and, when allocating Y, find_next_chunk() returns the end offset of the current last block group to be used as the logical address for the new block group, which is 18351128576 + 1073741824 = 19424870400 So our new block group Y has the same logical address and device extent that block group X had. However Y is a data block group, while X was a metadata one, and Y has a raid0 profile, while X had a raid1 profile; 9) After allocating block group Y, the direct IO submits a bio to write to device extent E; 10) The read bio submitted by scrub reads the 4 pages (16Kb) from device extent E, which now correspond to the data written by the task that did a direct IO write. Then at the end io function associated with the bio, scrub_bio_end_io_worker(), we call scrub_block_complete() which calls scrub_checksum(). This later function checks the flags of the first page, and sees that the bit BTRFS_EXTENT_FLAG_TREE_BLOCK is set in the flags, so it assumes it has a metadata extent and then calls scrub_checksum_tree_block(). That functions returns an error, since interpreting data as a metadata extent causes the checksum verification to fail. So this makes scrub_checksum() call scrub_handle_errored_block(), which determines 'failed_mirror_index' to be 1, since the device extent E was allocated as the second mirror of block group X. It allocates BTRFS_MAX_MIRRORS scrub_block structures as an array at 'sblocks_for_recheck', and all the memory is initialized to zeroes by kcalloc(). After that it calls scrub_setup_recheck_block(), which is responsible for filling each of those structures. However, when that function calls btrfs_map_sblock() against the logical address of the metadata extent, 19425001472, it gets a struct btrfs_bio ('bbio') that matches the current block group Y. However block group Y has a raid0 profile and not a raid1 profile like X had, so the following call returns 1: scrub_nr_raid_mirrors(bbio) And as a result scrub_setup_recheck_block() only initializes the first (index 0) scrub_block structure in 'sblocks_for_recheck'. Then scrub_recheck_block() is called by scrub_handle_errored_block() with the second (index 1) scrub_block structure as the argument, because 'failed_mirror_index' was previously set to 1. This scrub_block was not initialized by scrub_setup_recheck_block(), so it has zero pages, its 'page_count' member is 0 and its 'pagev' page array has all members pointing to NULL. Finally when scrub_recheck_block() calls scrub_recheck_block_checksum() we have a NULL pointer dereference when accessing the flags of the first page, as pavev[0] is NULL: static void scrub_recheck_block_checksum(struct scrub_block *sblock) { (...) if (sblock->pagev[0]->flags & BTRFS_EXTENT_FLAG_DATA) scrub_checksum_data(sblock); (...) } Producing a stack trace like the following: [542998.008985] BUG: kernel NULL pointer dereference, address: 0000000000000028 [542998.010238] #PF: supervisor read access in kernel mode [542998.010878] #PF: error_code(0x0000) - not-present page [542998.011516] PGD 0 P4D 0 [542998.011929] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI [542998.012786] CPU: 3 PID: 4846 Comm: kworker/u8:1 Tainted: G B W 5.6.0-rc7-btrfs-next-58 #1 [542998.014524] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [542998.016065] Workqueue: btrfs-scrub btrfs_work_helper [btrfs] [542998.017255] RIP: 0010:scrub_recheck_block_checksum+0xf/0x20 [btrfs] [542998.018474] Code: 4c 89 e6 ... [542998.021419] RSP: 0018:ffffa7af0375fbd8 EFLAGS: 00010202 [542998.022120] RAX: 0000000000000000 RBX: ffff9792e674d120 RCX: 0000000000000000 [542998.023178] RDX: 0000000000000001 RSI: ffff9792e674d120 RDI: ffff9792e674d120 [542998.024465] RBP: 0000000000000000 R08: 0000000000000067 R09: 0000000000000001 [542998.025462] R10: ffffa7af0375fa50 R11: 0000000000000000 R12: ffff9791f61fe800 [542998.026357] R13: ffff9792e674d120 R14: 0000000000000001 R15: ffffffffc0e3dfc0 [542998.027237] FS: 0000000000000000(0000) GS:ffff9792fb200000(0000) knlGS:0000000000000000 [542998.028327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [542998.029261] CR2: 0000000000000028 CR3: 00000000b3b18003 CR4: 00000000003606e0 [542998.030301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [542998.031316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [542998.032380] Call Trace: [542998.032752] scrub_recheck_block+0x162/0x400 [btrfs] [542998.033500] ? __alloc_pages_nodemask+0x31e/0x460 [542998.034228] scrub_handle_errored_block+0x6f8/0x1920 [btrfs] [542998.035170] scrub_bio_end_io_worker+0x100/0x520 [btrfs] [542998.035991] btrfs_work_helper+0xaa/0x720 [btrfs] [542998.036735] process_one_work+0x26d/0x6a0 [542998.037275] worker_thread+0x4f/0x3e0 [542998.037740] ? process_one_work+0x6a0/0x6a0 [542998.038378] kthread+0x103/0x140 [542998.038789] ? kthread_create_worker_on_cpu+0x70/0x70 [542998.039419] ret_from_fork+0x3a/0x50 [542998.039875] Modules linked in: dm_snapshot dm_thin_pool ... [542998.047288] CR2: 0000000000000028 [542998.047724] ---[ end trace bde186e176c7f96a ]--- This issue has been around for a long time, possibly since scrub exists. The last time I ran into it was over 2 years ago. After recently fixing fstests to pass the "--full-balance" command line option to btrfs-progs when doing balance, several tests started to more heavily exercise balance with fsstress, scrub and other operations in parallel, and therefore started to hit this issue again (with btrfs/061 for example). Fix this by having scrub increment the 'trimming' counter of the block group, which pins the block group in such a way that it guarantees neither its logical address nor device extents can be reused by future block group allocations until we decrement the 'trimming' counter. Also make sure that on each iteration of scrub_stripe() we stop scrubbing the block group if it was removed already. A later patch in the series will rename the block group's 'trimming' counter and its helpers to a more generic name, since now it is not used exclusively for pinning while trimming anymore. CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c index adaf8ab694d5..7c50ac5b6876 100644 --- a/fs/btrfs/scrub.c +++ b/fs/btrfs/scrub.c @@ -3046,7 +3046,8 @@ static noinline_for_stack int scrub_raid56_parity(struct scrub_ctx *sctx, static noinline_for_stack int scrub_stripe(struct scrub_ctx *sctx, struct map_lookup *map, struct btrfs_device *scrub_dev, - int num, u64 base, u64 length) + int num, u64 base, u64 length, + struct btrfs_block_group *cache) { struct btrfs_path *path, *ppath; struct btrfs_fs_info *fs_info = sctx->fs_info; @@ -3284,6 +3285,20 @@ static noinline_for_stack int scrub_stripe(struct scrub_ctx *sctx, break; } + /* + * If our block group was removed in the meanwhile, just + * stop scrubbing since there is no point in continuing. + * Continuing would prevent reusing its device extents + * for new block groups for a long time. + */ + spin_lock(&cache->lock); + if (cache->removed) { + spin_unlock(&cache->lock); + ret = 0; + goto out; + } + spin_unlock(&cache->lock); + extent = btrfs_item_ptr(l, slot, struct btrfs_extent_item); flags = btrfs_extent_flags(l, extent); @@ -3457,7 +3472,7 @@ static noinline_for_stack int scrub_chunk(struct scrub_ctx *sctx, if (map->stripes[i].dev->bdev == scrub_dev->bdev && map->stripes[i].physical == dev_offset) { ret = scrub_stripe(sctx, map, scrub_dev, i, - chunk_offset, length); + chunk_offset, length, cache); if (ret) goto out; } @@ -3554,6 +3569,23 @@ int scrub_enumerate_chunks(struct scrub_ctx *sctx, if (!cache) goto skip; + /* + * Make sure that while we are scrubbing the corresponding block + * group doesn't get its logical address and its device extents + * reused for another block group, which can possibly be of a + * different type and different profile. We do this to prevent + * false error detections and crashes due to bogus attempts to + * repair extents. + */ + spin_lock(&cache->lock); + if (cache->removed) { + spin_unlock(&cache->lock); + btrfs_put_block_group(cache); + goto skip; + } + btrfs_get_block_group_trimming(cache); + spin_unlock(&cache->lock); + /* * we need call btrfs_inc_block_group_ro() with scrubs_paused, * to avoid deadlock caused by: @@ -3609,6 +3641,7 @@ int scrub_enumerate_chunks(struct scrub_ctx *sctx, } else { btrfs_warn(fs_info, "failed setting block group ro: %d", ret); + btrfs_put_block_group_trimming(cache); btrfs_put_block_group(cache); scrub_pause_off(fs_info); break; @@ -3695,6 +3728,7 @@ int scrub_enumerate_chunks(struct scrub_ctx *sctx, spin_unlock(&cache->lock); } + btrfs_put_block_group_trimming(cache); btrfs_put_block_group(cache); if (ret) break;

5 years, 4 months

1
0
0 0

[net 1/3] e1000e: Do not wake up the system via WOL if device wakeup is disabled

by Jeff Kirsher

From: Chen Yu <yu.c.chen(a)intel.com> Currently the system will be woken up via WOL(Wake On LAN) even if the device wakeup ability has been disabled via sysfs: cat /sys/devices/pci0000:00/0000:00:1f.6/power/wakeup disabled The system should not be woken up if the user has explicitly disabled the wake up ability for this device. This patch clears the WOL ability of this network device if the user has disabled the wake up ability in sysfs. Fixes: bc7f75fa9788 ("[E1000E]: New pci-express e1000 driver") Reported-by: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Chen Yu <yu.c.chen(a)intel.com> Tested-by: Aaron Brown <aaron.f.brown(a)intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher(a)intel.com> --- drivers/net/ethernet/intel/e1000e/netdev.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c index a279f4fa9962..e2ad3f38c75c 100644 --- a/drivers/net/ethernet/intel/e1000e/netdev.c +++ b/drivers/net/ethernet/intel/e1000e/netdev.c @@ -6611,11 +6611,17 @@ static int __e1000_shutdown(struct pci_dev *pdev, bool runtime) struct net_device *netdev = pci_get_drvdata(pdev); struct e1000_adapter *adapter = netdev_priv(netdev); struct e1000_hw *hw = &adapter->hw; - u32 ctrl, ctrl_ext, rctl, status; - /* Runtime suspend should only enable wakeup for link changes */ - u32 wufc = runtime ? E1000_WUFC_LNKC : adapter->wol; + u32 ctrl, ctrl_ext, rctl, status, wufc; int retval = 0; + /* Runtime suspend should only enable wakeup for link changes */ + if (runtime) + wufc = E1000_WUFC_LNKC; + else if (device_may_wakeup(&pdev->dev)) + wufc = adapter->wol; + else + wufc = 0; + status = er32(STATUS); if (status & E1000_STATUS_LU) wufc &= ~E1000_WUFC_LNKC; @@ -6672,7 +6678,7 @@ static int __e1000_shutdown(struct pci_dev *pdev, bool runtime) if (adapter->hw.phy.type == e1000_phy_igp_3) { e1000e_igp3_phy_powerdown_workaround_ich8lan(&adapter->hw); } else if (hw->mac.type >= e1000_pch_lpt) { - if (!(wufc & (E1000_WUFC_EX | E1000_WUFC_MC | E1000_WUFC_BC))) + if (wufc && !(wufc & (E1000_WUFC_EX | E1000_WUFC_MC | E1000_WUFC_BC))) /* ULP does not support wake from unicast, multicast * or broadcast. */ -- 2.26.2

5 years, 4 months

2
1
0 0

Linux 5.7.4

by Greg Kroah-Hartman

I'm announcing the release of the 5.7.4 kernel. All users of the 5.7 kernel series must upgrade. The updated 5.7.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.7.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- lib/vdso/gettimeofday.c | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) Greg Kroah-Hartman (1): Linux 5.7.4 Thomas Gleixner (1): lib/vdso: Provide sanity check for cycles (again)

5 years, 4 months

1
1
0 0

[PATCH] dmabuf: use spinlock to access dmabuf->name

by Charan Teja Kalla

There exists a sleep-while-atomic bug while accessing the dmabuf->name under mutex in the dmabuffs_dname(). This is caused from the SELinux permissions checks on a process where it tries to validate the inherited files from fork() by traversing them through iterate_fd() (which traverse files under spin_lock) and call match_file(security/selinux/hooks.c) where the permission checks happen. This audit information is logged using dump_common_audit_data() where it calls d_path() to get the file path name. If the file check happen on the dmabuf's fd, then it ends up in ->dmabuffs_dname() and use mutex to access dmabuf->name. The flow will be like below: flush_unauthorized_files() iterate_fd() spin_lock() --> Start of the atomic section. match_file() file_has_perm() avc_has_perm() avc_audit() slow_avc_audit() common_lsm_audit() dump_common_audit_data() audit_log_d_path() d_path() dmabuffs_dname() mutex_lock()--> Sleep while atomic. Call trace captured (on 4.19 kernels) is below: ___might_sleep+0x204/0x208 __might_sleep+0x50/0x88 __mutex_lock_common+0x5c/0x1068 __mutex_lock_common+0x5c/0x1068 mutex_lock_nested+0x40/0x50 dmabuffs_dname+0xa0/0x170 d_path+0x84/0x290 audit_log_d_path+0x74/0x130 common_lsm_audit+0x334/0x6e8 slow_avc_audit+0xb8/0xf8 avc_has_perm+0x154/0x218 file_has_perm+0x70/0x180 match_file+0x60/0x78 iterate_fd+0x128/0x168 selinux_bprm_committing_creds+0x178/0x248 security_bprm_committing_creds+0x30/0x48 install_exec_creds+0x1c/0x68 load_elf_binary+0x3a4/0x14e0 search_binary_handler+0xb0/0x1e0 So, use spinlock to access dmabuf->name to avoid sleep-while-atomic. Cc: <stable(a)vger.kernel.org> [5.3+] Signed-off-by: Charan Teja Reddy <charante(a)codeaurora.org> --- drivers/dma-buf/dma-buf.c | 13 +++++++------ include/linux/dma-buf.h | 1 + 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index 01ce125..2e0456c 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -45,10 +45,10 @@ static char *dmabuffs_dname(struct dentry *dentry, char *buffer, int buflen) size_t ret = 0; dmabuf = dentry->d_fsdata; - dma_resv_lock(dmabuf->resv, NULL); + spin_lock(&dmabuf->name_lock); if (dmabuf->name) ret = strlcpy(name, dmabuf->name, DMA_BUF_NAME_LEN); - dma_resv_unlock(dmabuf->resv); + spin_unlock(&dmabuf->name_lock); return dynamic_dname(dentry, buffer, buflen, "/%s:%s", dentry->d_name.name, ret > 0 ? name : ""); @@ -335,7 +335,7 @@ static long dma_buf_set_name(struct dma_buf *dmabuf, const char __user *buf) if (IS_ERR(name)) return PTR_ERR(name); - dma_resv_lock(dmabuf->resv, NULL); + spin_lock(&dmabuf->name_lock); if (!list_empty(&dmabuf->attachments)) { ret = -EBUSY; kfree(name); @@ -345,7 +345,7 @@ static long dma_buf_set_name(struct dma_buf *dmabuf, const char __user *buf) dmabuf->name = name; out_unlock: - dma_resv_unlock(dmabuf->resv); + spin_unlock(&dmabuf->name_lock); return ret; } @@ -405,10 +405,10 @@ static void dma_buf_show_fdinfo(struct seq_file *m, struct file *file) /* Don't count the temporary reference taken inside procfs seq_show */ seq_printf(m, "count:\t%ld\n", file_count(dmabuf->file) - 1); seq_printf(m, "exp_name:\t%s\n", dmabuf->exp_name); - dma_resv_lock(dmabuf->resv, NULL); + spin_lock(&dmabuf->name_lock); if (dmabuf->name) seq_printf(m, "name:\t%s\n", dmabuf->name); - dma_resv_unlock(dmabuf->resv); + spin_unlock(&dmabuf->name_lock); } static const struct file_operations dma_buf_fops = { @@ -546,6 +546,7 @@ struct dma_buf *dma_buf_export(const struct dma_buf_export_info *exp_info) dmabuf->size = exp_info->size; dmabuf->exp_name = exp_info->exp_name; dmabuf->owner = exp_info->owner; + spin_lock_init(&dmabuf->name_lock); init_waitqueue_head(&dmabuf->poll); dmabuf->cb_excl.poll = dmabuf->cb_shared.poll = &dmabuf->poll; dmabuf->cb_excl.active = dmabuf->cb_shared.active = 0; diff --git a/include/linux/dma-buf.h b/include/linux/dma-buf.h index ab0c156..93108fd 100644 --- a/include/linux/dma-buf.h +++ b/include/linux/dma-buf.h @@ -311,6 +311,7 @@ struct dma_buf { void *vmap_ptr; const char *exp_name; const char *name; + spinlock_t name_lock; struct module *owner; struct list_head list_node; void *priv; -- The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project

5 years, 4 months

4
8
0 0

[tip: x86/urgent] x86/cpu: Use pinning mask for CR4 bits needing to be 0

by tip-bot2 for Kees Cook

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: a13b9d0b97211579ea63b96c606de79b963c0f47 Gitweb: https://git.kernel.org/tip/a13b9d0b97211579ea63b96c606de79b963c0f47 Author: Kees Cook <keescook(a)chromium.org> AuthorDate: Mon, 08 Jun 2020 20:15:09 -07:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Thu, 18 Jun 2020 11:41:32 +02:00 x86/cpu: Use pinning mask for CR4 bits needing to be 0 The X86_CR4_FSGSBASE bit of CR4 should not change after boot[1]. Older kernels should enforce this bit to zero, and newer kernels need to enforce it depending on boot-time configuration (e.g. "nofsgsbase"). To support a pinned bit being either 1 or 0, use an explicit mask in combination with the expected pinned bit values. [1] https://lore.kernel.org/lkml/20200527103147.GI325280@hirez.programming.kick… Signed-off-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/202006082013.71E29A42@keescook --- arch/x86/kernel/cpu/common.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 043d93c..95c090a 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -347,6 +347,9 @@ out: cr4_clear_bits(X86_CR4_UMIP); } +/* These bits should not change their value after CPU init is finished. */ +static const unsigned long cr4_pinned_mask = + X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_UMIP | X86_CR4_FSGSBASE; static DEFINE_STATIC_KEY_FALSE_RO(cr_pinning); static unsigned long cr4_pinned_bits __ro_after_init; @@ -371,20 +374,20 @@ EXPORT_SYMBOL(native_write_cr0); void native_write_cr4(unsigned long val) { - unsigned long bits_missing = 0; + unsigned long bits_changed = 0; set_register: asm volatile("mov %0,%%cr4": "+r" (val), "+m" (cr4_pinned_bits)); if (static_branch_likely(&cr_pinning)) { - if (unlikely((val & cr4_pinned_bits) != cr4_pinned_bits)) { - bits_missing = ~val & cr4_pinned_bits; - val |= bits_missing; + if (unlikely((val & cr4_pinned_mask) != cr4_pinned_bits)) { + bits_changed = (val & cr4_pinned_mask) ^ cr4_pinned_bits; + val = (val & ~cr4_pinned_mask) | cr4_pinned_bits; goto set_register; } - /* Warn after we've set the missing bits. */ - WARN_ONCE(bits_missing, "CR4 bits went missing: %lx!?\n", - bits_missing); + /* Warn after we've corrected the changed bits. */ + WARN_ONCE(bits_changed, "pinned CR4 bits changed: 0x%lx!?\n", + bits_changed); } } #if IS_MODULE(CONFIG_LKDTM) @@ -419,7 +422,7 @@ void cr4_init(void) if (boot_cpu_has(X86_FEATURE_PCID)) cr4 |= X86_CR4_PCIDE; if (static_branch_likely(&cr_pinning)) - cr4 |= cr4_pinned_bits; + cr4 = (cr4 & ~cr4_pinned_mask) | cr4_pinned_bits; __write_cr4(cr4); @@ -434,10 +437,7 @@ void cr4_init(void) */ static void __init setup_cr_pinning(void) { - unsigned long mask; - - mask = (X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_UMIP); - cr4_pinned_bits = this_cpu_read(cpu_tlbstate.cr4) & mask; + cr4_pinned_bits = this_cpu_read(cpu_tlbstate.cr4) & cr4_pinned_mask; static_key_enable(&cr_pinning.key); }

5 years, 4 months

1
0
0 0

patch "usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 302c570bf36e997d55ad0d60628a2feec76954a4 Mon Sep 17 00:00:00 2001 From: Li Jun <jun.li(a)nxp.com> Date: Thu, 4 Jun 2020 19:21:18 +0800 Subject: usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs John reported screaming irq caused by rt1711h when system boot[1], this is because irq request is done before tcpci_register_port(), so the chip->tcpci has not been setup, irq handler is entered but can't do anything, this patch is to address this by moving the irq request after tcpci_register_port(). [1] https://lore.kernel.org/linux-usb/20200530040157.31038-1-john.stultz@linaro… Fixes: ce08eaeb6388 ("staging: typec: rt1711h typec chip driver") Cc: stable <stable(a)vger.kernel.org> # v4.18+ Cc: John Stultz <john.stultz(a)linaro.org> Reported-and-tested-by: John Stultz <john.stultz(a)linaro.org> Reviewed-by: Guenter Roeck <linux(a)roeck-us.net> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Signed-off-by: Li Jun <jun.li(a)nxp.com> Link: https://lore.kernel.org/r/20200604112118.38062-1-jun.li@nxp.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/typec/tcpm/tcpci_rt1711h.c | 31 +++++++++----------------- 1 file changed, 10 insertions(+), 21 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpci_rt1711h.c b/drivers/usb/typec/tcpm/tcpci_rt1711h.c index 017389021b96..b56a0880a044 100644 --- a/drivers/usb/typec/tcpm/tcpci_rt1711h.c +++ b/drivers/usb/typec/tcpm/tcpci_rt1711h.c @@ -179,26 +179,6 @@ static irqreturn_t rt1711h_irq(int irq, void *dev_id) return tcpci_irq(chip->tcpci); } -static int rt1711h_init_alert(struct rt1711h_chip *chip, - struct i2c_client *client) -{ - int ret; - - /* Disable chip interrupts before requesting irq */ - ret = rt1711h_write16(chip, TCPC_ALERT_MASK, 0); - if (ret < 0) - return ret; - - ret = devm_request_threaded_irq(chip->dev, client->irq, NULL, - rt1711h_irq, - IRQF_ONESHOT | IRQF_TRIGGER_LOW, - dev_name(chip->dev), chip); - if (ret < 0) - return ret; - enable_irq_wake(client->irq); - return 0; -} - static int rt1711h_sw_reset(struct rt1711h_chip *chip) { int ret; @@ -260,7 +240,8 @@ static int rt1711h_probe(struct i2c_client *client, if (ret < 0) return ret; - ret = rt1711h_init_alert(chip, client); + /* Disable chip interrupts before requesting irq */ + ret = rt1711h_write16(chip, TCPC_ALERT_MASK, 0); if (ret < 0) return ret; @@ -271,6 +252,14 @@ static int rt1711h_probe(struct i2c_client *client, if (IS_ERR_OR_NULL(chip->tcpci)) return PTR_ERR(chip->tcpci); + ret = devm_request_threaded_irq(chip->dev, client->irq, NULL, + rt1711h_irq, + IRQF_ONESHOT | IRQF_TRIGGER_LOW, + dev_name(chip->dev), chip); + if (ret < 0) + return ret; + enable_irq_wake(client->irq); + return 0; } -- 2.27.0

5 years, 4 months

1
0
0 0

patch "USB: ohci-sm501: Add missed iounmap() in remove" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: ohci-sm501: Add missed iounmap() in remove to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 07c112fb09c86c0231f6ff0061a000ffe91c8eb9 Mon Sep 17 00:00:00 2001 From: Chuhong Yuan <hslester96(a)gmail.com> Date: Wed, 10 Jun 2020 10:48:44 +0800 Subject: USB: ohci-sm501: Add missed iounmap() in remove This driver misses calling iounmap() in remove to undo the ioremap() called in probe. Add the missed call to fix it. Fixes: f54aab6ebcec ("usb: ohci-sm501 driver") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Chuhong Yuan <hslester96(a)gmail.com> Acked-by: Alan Stern <stern(a)rowland.harvard.edu> Link: https://lore.kernel.org/r/20200610024844.3628408-1-hslester96@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/ohci-sm501.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/host/ohci-sm501.c b/drivers/usb/host/ohci-sm501.c index cff965240327..b91d50da6127 100644 --- a/drivers/usb/host/ohci-sm501.c +++ b/drivers/usb/host/ohci-sm501.c @@ -191,6 +191,7 @@ static int ohci_hcd_sm501_drv_remove(struct platform_device *pdev) struct resource *mem; usb_remove_hcd(hcd); + iounmap(hcd->regs); release_mem_region(hcd->rsrc_start, hcd->rsrc_len); usb_put_hcd(hcd); mem = platform_get_resource(pdev, IORESOURCE_MEM, 1); -- 2.27.0

5 years, 4 months

1
0
0 0

patch "USB: ehci: reopen solution for Synopsys HC bug" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: ehci: reopen solution for Synopsys HC bug to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 1ddcb71a3edf0e1682b6e056158e4c4b00325f66 Mon Sep 17 00:00:00 2001 From: Longfang Liu <liulongfang(a)huawei.com> Date: Mon, 8 Jun 2020 11:46:59 +0800 Subject: USB: ehci: reopen solution for Synopsys HC bug MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A Synopsys USB2.0 core used in Huawei Kunpeng920 SoC has a bug which might cause the host controller not issuing ping. Bug description: After indicating an Interrupt on Async Advance, the software uses the doorbell mechanism to delete the Next Link queue head of the last executed queue head. At this time, the host controller still references the removed queue head(the queue head is NULL). NULL reference causes the host controller to lose the USB device. Solution: After deleting the Next Link queue head, when has_synopsys_hc_bug set to 1，the software can write one of the valid queue head addresses to the ASYNCLISTADDR register to allow the host controller to get the valid queue head. in order to solve that problem, this patch set the flag for Huawei Kunpeng920 There are detailed instructions and solutions in this patch: commit 2f7ac6c19997 ("USB: ehci: add workaround for Synopsys HC bug") Signed-off-by: Longfang Liu <liulongfang(a)huawei.com> Cc: stable <stable(a)vger.kernel.org> Acked-by: Alan Stern <stern(a)rowland.harvard.edu> Link: https://lore.kernel.org/r/1591588019-44284-1-git-send-email-liulongfang@hua… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/ehci-pci.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/usb/host/ehci-pci.c b/drivers/usb/host/ehci-pci.c index 3c3820ad9092..af3c1b9b38b2 100644 --- a/drivers/usb/host/ehci-pci.c +++ b/drivers/usb/host/ehci-pci.c @@ -216,6 +216,13 @@ static int ehci_pci_setup(struct usb_hcd *hcd) ehci_info(ehci, "applying MosChip frame-index workaround\n"); ehci->frame_index_bug = 1; break; + case PCI_VENDOR_ID_HUAWEI: + /* Synopsys HC bug */ + if (pdev->device == 0xa239) { + ehci_info(ehci, "applying Synopsys HC workaround\n"); + ehci->has_synopsys_hc_bug = 1; + } + break; } /* optional debug port, normally in the first BAR */ -- 2.27.0

5 years, 4 months

1
0
0 0

patch "usb: add USB_QUIRK_DELAY_INIT for Logitech C922" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: add USB_QUIRK_DELAY_INIT for Logitech C922 to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 5d8021923e8a8cc37a421a64e27c7221f0fee33c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomasz=20Meresi=C5=84ski?= <tomasz(a)meresinski.eu> Date: Wed, 3 Jun 2020 22:33:46 +0200 Subject: usb: add USB_QUIRK_DELAY_INIT for Logitech C922 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Logitech C922, just like other Logitech webcams, needs the USB_QUIRK_DELAY_INIT or it will randomly not respond after device connection Signed-off-by: Tomasz Meresiński <tomasz(a)meresinski.eu> Cc: stable <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20200603203347.7792-1-tomasz@meresinski.eu Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/quirks.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c index 3e8efe759c3e..e0b77674869c 100644 --- a/drivers/usb/core/quirks.c +++ b/drivers/usb/core/quirks.c @@ -218,11 +218,12 @@ static const struct usb_device_id usb_quirk_list[] = { /* Logitech HD Webcam C270 */ { USB_DEVICE(0x046d, 0x0825), .driver_info = USB_QUIRK_RESET_RESUME }, - /* Logitech HD Pro Webcams C920, C920-C, C925e and C930e */ + /* Logitech HD Pro Webcams C920, C920-C, C922, C925e and C930e */ { USB_DEVICE(0x046d, 0x082d), .driver_info = USB_QUIRK_DELAY_INIT }, { USB_DEVICE(0x046d, 0x0841), .driver_info = USB_QUIRK_DELAY_INIT }, { USB_DEVICE(0x046d, 0x0843), .driver_info = USB_QUIRK_DELAY_INIT }, { USB_DEVICE(0x046d, 0x085b), .driver_info = USB_QUIRK_DELAY_INIT }, + { USB_DEVICE(0x046d, 0x085c), .driver_info = USB_QUIRK_DELAY_INIT }, /* Logitech ConferenceCam CC3000e */ { USB_DEVICE(0x046d, 0x0847), .driver_info = USB_QUIRK_DELAY_INIT }, -- 2.27.0

5 years, 4 months

1
0
0 0

patch "usb: dwc2: Postponed gadget registration to the udc class driver" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: dwc2: Postponed gadget registration to the udc class driver to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 207324a321a866401b098cadf19e4a2dd6584622 Mon Sep 17 00:00:00 2001 From: Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> Date: Tue, 9 Jun 2020 12:28:11 +0400 Subject: usb: dwc2: Postponed gadget registration to the udc class driver During dwc2 driver probe, after gadget registration to the udc class driver, if exist any builtin function driver it immediately bound to dwc2 and after init host side (dwc2_hcd_init()) stucked in host mode. Patch postpone gadget registration after host side initialization done. Fixes: 117777b2c3bb9 ("usb: dwc2: Move gadget probe function into platform code") Reported-by: kbuild test robot <lkp(a)intel.com> Tested-by: Marek Vasut <marex(a)denx.de> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Minas Harutyunyan <hminas(a)synopsys.com> Link: https://lore.kernel.org/r/f21cb38fecc72a230b86155d94c7e60c9cb66f58.15916909… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/dwc2/gadget.c | 6 ------ drivers/usb/dwc2/platform.c | 11 +++++++++++ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/usb/dwc2/gadget.c b/drivers/usb/dwc2/gadget.c index 12b98b466287..7faf5f8c056d 100644 --- a/drivers/usb/dwc2/gadget.c +++ b/drivers/usb/dwc2/gadget.c @@ -4920,12 +4920,6 @@ int dwc2_gadget_init(struct dwc2_hsotg *hsotg) epnum, 0); } - ret = usb_add_gadget_udc(dev, &hsotg->gadget); - if (ret) { - dwc2_hsotg_ep_free_request(&hsotg->eps_out[0]->ep, - hsotg->ctrl_req); - return ret; - } dwc2_hsotg_dump(hsotg); return 0; diff --git a/drivers/usb/dwc2/platform.c b/drivers/usb/dwc2/platform.c index e571c8ae65ec..c347d93eae64 100644 --- a/drivers/usb/dwc2/platform.c +++ b/drivers/usb/dwc2/platform.c @@ -575,6 +575,17 @@ static int dwc2_driver_probe(struct platform_device *dev) if (hsotg->dr_mode == USB_DR_MODE_PERIPHERAL) dwc2_lowlevel_hw_disable(hsotg); +#if IS_ENABLED(CONFIG_USB_DWC2_PERIPHERAL) || \ + IS_ENABLED(CONFIG_USB_DWC2_DUAL_ROLE) + /* Postponed adding a new gadget to the udc class driver list */ + if (hsotg->gadget_enabled) { + retval = usb_add_gadget_udc(hsotg->dev, &hsotg->gadget); + if (retval) { + dwc2_hsotg_remove(hsotg); + goto error_init; + } + } +#endif /* CONFIG_USB_DWC2_PERIPHERAL || CONFIG_USB_DWC2_DUAL_ROLE */ return 0; error_init: -- 2.27.0

5 years, 4 months

1
0
0 0

patch "usb: host: ehci-exynos: Fix error check in exynos_ehci_probe()" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 44ed240d62736ad29943ec01e41e194b96f7c5e9 Mon Sep 17 00:00:00 2001 From: Tang Bin <tangbin(a)cmss.chinamobile.com> Date: Tue, 2 Jun 2020 19:47:08 +0800 Subject: usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() If the function platform_get_irq() failed, the negative value returned will not be detected here. So fix error handling in exynos_ehci_probe(). And when get irq failed, the function platform_get_irq() logs an error message, so remove redundant message here. Fixes: 1bcc5aa87f04 ("USB: Add initial S5P EHCI driver") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Zhang Shengju <zhangshengju(a)cmss.chinamobile.com> Signed-off-by: Tang Bin <tangbin(a)cmss.chinamobile.com> Link: https://lore.kernel.org/r/20200602114708.28620-1-tangbin@cmss.chinamobile.c… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/ehci-exynos.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/usb/host/ehci-exynos.c b/drivers/usb/host/ehci-exynos.c index a4e9abcbdc4f..1a9b7572e17f 100644 --- a/drivers/usb/host/ehci-exynos.c +++ b/drivers/usb/host/ehci-exynos.c @@ -203,9 +203,8 @@ static int exynos_ehci_probe(struct platform_device *pdev) hcd->rsrc_len = resource_size(res); irq = platform_get_irq(pdev, 0); - if (!irq) { - dev_err(&pdev->dev, "Failed to get IRQ\n"); - err = -ENODEV; + if (irq < 0) { + err = irq; goto fail_io; } -- 2.27.0

5 years, 4 months

1
0
0 0

patch "usb: typec: mux: intel_pmc_mux: Fix DP alternate mode entry" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: typec: mux: intel_pmc_mux: Fix DP alternate mode entry to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 130206a88683d859f63ed6d4a56ab5c2b4930c8e Mon Sep 17 00:00:00 2001 From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Date: Fri, 29 May 2020 16:17:53 +0300 Subject: usb: typec: mux: intel_pmc_mux: Fix DP alternate mode entry The PMC needs to be notified separately about HPD (hotplug detected) signal being high after mode entry. There is a bit "HPD High" in the Alternate Mode Request that the driver already sets, but that bit is only valid when the DisplayPort Alternate Mode is directly entered from disconnected state. Fixes: 5c4edcdbcd97 ("usb: typec: mux: intel: Fix DP_HPD_LVL bit field") Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Cc: stable <stable(a)vger.kernel.org> Tested-by: Prashant Malani <pmalani(a)chromium.org> Link: https://lore.kernel.org/r/20200529131753.15587-1-heikki.krogerus@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/typec/mux/intel_pmc_mux.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/mux/intel_pmc_mux.c b/drivers/usb/typec/mux/intel_pmc_mux.c index 962bc69a6a59..70ddc9d6d49e 100644 --- a/drivers/usb/typec/mux/intel_pmc_mux.c +++ b/drivers/usb/typec/mux/intel_pmc_mux.c @@ -148,7 +148,8 @@ pmc_usb_mux_dp_hpd(struct pmc_usb_port *port, struct typec_mux_state *state) msg[0] = PMC_USB_DP_HPD; msg[0] |= port->usb3_port << PMC_USB_MSG_USB3_PORT_SHIFT; - msg[1] = PMC_USB_DP_HPD_IRQ; + if (data->status & DP_STATUS_IRQ_HPD) + msg[1] = PMC_USB_DP_HPD_IRQ; if (data->status & DP_STATUS_HPD_STATE) msg[1] |= PMC_USB_DP_HPD_LVL; @@ -161,6 +162,7 @@ pmc_usb_mux_dp(struct pmc_usb_port *port, struct typec_mux_state *state) { struct typec_displayport_data *data = state->data; struct altmode_req req = { }; + int ret; if (data->status & DP_STATUS_IRQ_HPD) return pmc_usb_mux_dp_hpd(port, state); @@ -181,7 +183,14 @@ pmc_usb_mux_dp(struct pmc_usb_port *port, struct typec_mux_state *state) if (data->status & DP_STATUS_HPD_STATE) req.mode_data |= PMC_USB_ALTMODE_HPD_HIGH; - return pmc_usb_command(port, (void *)&req, sizeof(req)); + ret = pmc_usb_command(port, (void *)&req, sizeof(req)); + if (ret) + return ret; + + if (data->status & DP_STATUS_HPD_STATE) + return pmc_usb_mux_dp_hpd(port, state); + + return 0; } static int -- 2.27.0

5 years, 4 months

1
0
0 0

[PATCH] Revert "tty: xilinx_uartps: Fix missing id assignment to the console"

by Jan Kiszka

From: Jan Kiszka <jan.kiszka(a)siemens.com> This reverts commit 2ae11c46d5fdc46cb396e35911c713d271056d35. It turned out to break the ultra96-rev1, e.g., which uses uart1 as serial0 (and stdout-path = "serial0:115200n8"). Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Jan Kiszka <jan.kiszka(a)siemens.com> --- drivers/tty/serial/xilinx_uartps.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c index 35e9e8faf8de..ac137b6a1dc1 100644 --- a/drivers/tty/serial/xilinx_uartps.c +++ b/drivers/tty/serial/xilinx_uartps.c @@ -1459,7 +1459,6 @@ static int cdns_uart_probe(struct platform_device *pdev) cdns_uart_uart_driver.nr = CDNS_UART_NR_PORTS; #ifdef CONFIG_SERIAL_XILINX_PS_UART_CONSOLE cdns_uart_uart_driver.cons = &cdns_uart_console; - cdns_uart_console.index = id; #endif rc = uart_register_driver(&cdns_uart_uart_driver); -- 2.26.2

5 years, 4 months

2
1
0 0

[PATCH v2] tty: xilinx_uartps: Fix missing id assignment to the console

by Michal Simek

From: Shubhrajyoti Datta <shubhrajyoti.datta(a)xilinx.com> When serial console has been assigned to ttyPS1 (which is serial1 alias) console index is not updated property and pointing to index -1 (statically initialized) which ends up in situation where nothing has been printed on the port. The commit 18cc7ac8a28e ("Revert "serial: uartps: Register own uart console and driver structures"") didn't contain this line which was removed by accident. Signed-off-by: Shubhrajyoti Datta <shubhrajyoti.datta(a)xilinx.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Michal Simek <michal.simek(a)xilinx.com> --- Changes in v2: - Do better commit description - Origin subject was "tty: xilinx_uartps: Add the id to the console" Greg: Would be good if you can take this patch to 5.7 and also to stable trees. --- drivers/tty/serial/xilinx_uartps.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c index 672cfa075e28..b9d672af8b65 100644 --- a/drivers/tty/serial/xilinx_uartps.c +++ b/drivers/tty/serial/xilinx_uartps.c @@ -1465,6 +1465,7 @@ static int cdns_uart_probe(struct platform_device *pdev) cdns_uart_uart_driver.nr = CDNS_UART_NR_PORTS; #ifdef CONFIG_SERIAL_XILINX_PS_UART_CONSOLE cdns_uart_uart_driver.cons = &cdns_uart_console; + cdns_uart_console.index = id; #endif rc = uart_register_driver(&cdns_uart_uart_driver); -- 2.26.2

5 years, 4 months

3
4
0 0

✅ PASS: Test report for kernel 5.7.2-8d8368a.cki (stable-queue)

by CKI Project

Hello, We ran automated tests on a recent commit from this kernel tree: Kernel repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Commit: 8d8368a974fe - serial: amba-pl011: Make sure we initialize the port.lock spinlock The results of these automated tests are provided below. Overall result: PASSED Merge: OK Compile: OK Tests: OK All kernel binaries, config files, and logs are available for download here: https://cki-artifacts.s3.us-east-2.amazonaws.com/index.html?prefix=dataware… Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Compile testing --------------- We compiled the kernel for 4 architectures: aarch64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg ppc64le: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg s390x: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg x86_64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg Hardware testing ---------------- We booted each kernel and ran the following tests: aarch64: Host 1: ✅ Boot test ✅ xfstests - ext4 ✅ xfstests - xfs ✅ selinux-policy: serge-testsuite ✅ storage: software RAID testing 🚧 ✅ IPMI driver test 🚧 ✅ IPMItool loop stress test 🚧 ✅ Storage blktests Host 2: ✅ Boot test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking socket: fuzz ✅ Networking: igmp conformance test ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - transport ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test ✅ pciutils: update pci ids test ✅ ALSA PCM loopback test ✅ ALSA Control (mixer) Userspace Element test ✅ storage: SCSI VPD 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ✅ Networking firewall: basic netfilter test 🚧 ✅ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer 🚧 ✅ kdump - kexec_boot ppc64le: Host 1: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ✅ Boot test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ⚡⚡⚡ LTP ⚡⚡⚡ Loopdev Sanity ⚡⚡⚡ Memory function: memfd_create ⚡⚡⚡ AMTU (Abstract Machine Test Utility) ⚡⚡⚡ Networking bridge: sanity ⚡⚡⚡ Ethernet drivers sanity ⚡⚡⚡ Networking socket: fuzz ⚡⚡⚡ Networking route: pmtu ⚡⚡⚡ Networking route_func - local ⚡⚡⚡ Networking route_func - forward ⚡⚡⚡ Networking TCP: keepalive test ⚡⚡⚡ Networking UDP: socket ⚡⚡⚡ Networking tunnel: geneve basic test ⚡⚡⚡ Networking tunnel: gre basic ⚡⚡⚡ L2TP basic test ⚡⚡⚡ Networking tunnel: vxlan basic ⚡⚡⚡ Networking ipsec: basic netns - tunnel ⚡⚡⚡ Libkcapi AF_ALG test ⚡⚡⚡ pciutils: update pci ids test ⚡⚡⚡ ALSA PCM loopback test ⚡⚡⚡ ALSA Control (mixer) Userspace Element test 🚧 ⚡⚡⚡ CIFS Connectathon 🚧 ⚡⚡⚡ POSIX pjd-fstest suites 🚧 ⚡⚡⚡ jvm - DaCapo Benchmark Suite 🚧 ⚡⚡⚡ jvm - jcstress tests 🚧 ⚡⚡⚡ Memory function: kaslr 🚧 ⚡⚡⚡ Networking firewall: basic netfilter test 🚧 ⚡⚡⚡ audit: audit testsuite test 🚧 ⚡⚡⚡ trace: ftrace/tracer Host 2: ✅ Boot test 🚧 ✅ kdump - sysrq-c Host 3: ✅ Boot test ✅ xfstests - ext4 ✅ xfstests - xfs ✅ selinux-policy: serge-testsuite ✅ storage: software RAID testing 🚧 ✅ IPMI driver test 🚧 ✅ IPMItool loop stress test 🚧 ✅ Storage blktests Host 4: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ✅ Boot test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ⚡⚡⚡ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking socket: fuzz ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test ✅ pciutils: update pci ids test ✅ ALSA PCM loopback test ✅ ALSA Control (mixer) Userspace Element test 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ✅ Networking firewall: basic netfilter test 🚧 ✅ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer s390x: Host 1: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ✅ Boot test ✅ Podman system integration test - as root ⚡⚡⚡ Podman system integration test - as user ⚡⚡⚡ LTP ⚡⚡⚡ Loopdev Sanity ⚡⚡⚡ Memory function: memfd_create ⚡⚡⚡ Networking bridge: sanity ⚡⚡⚡ Ethernet drivers sanity ⚡⚡⚡ Networking route: pmtu ⚡⚡⚡ Networking route_func - local ⚡⚡⚡ Networking route_func - forward ⚡⚡⚡ Networking TCP: keepalive test ⚡⚡⚡ Networking UDP: socket ⚡⚡⚡ Networking tunnel: geneve basic test ⚡⚡⚡ Networking tunnel: gre basic ⚡⚡⚡ L2TP basic test ⚡⚡⚡ Networking tunnel: vxlan basic ⚡⚡⚡ Networking ipsec: basic netns - transport ⚡⚡⚡ Networking ipsec: basic netns - tunnel ⚡⚡⚡ Libkcapi AF_ALG test 🚧 ⚡⚡⚡ CIFS Connectathon 🚧 ⚡⚡⚡ POSIX pjd-fstest suites 🚧 ⚡⚡⚡ jvm - DaCapo Benchmark Suite 🚧 ⚡⚡⚡ jvm - jcstress tests 🚧 ⚡⚡⚡ Memory function: kaslr 🚧 ⚡⚡⚡ Networking firewall: basic netfilter test 🚧 ⚡⚡⚡ audit: audit testsuite test 🚧 ⚡⚡⚡ trace: ftrace/tracer 🚧 ⚡⚡⚡ kdump - kexec_boot Host 2: ✅ Boot test 🚧 ✅ kdump - sysrq-c Host 3: ✅ Boot test ✅ selinux-policy: serge-testsuite ✅ stress: stress-ng 🚧 ✅ Storage blktests Host 4: ✅ Boot test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - transport ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ✅ Networking firewall: basic netfilter test 🚧 ❌ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer 🚧 ✅ kdump - kexec_boot x86_64: Host 1: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ⚡⚡⚡ Boot test 🚧 ⚡⚡⚡ kdump - sysrq-c Host 2: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ⚡⚡⚡ Boot test ⚡⚡⚡ Podman system integration test - as root ⚡⚡⚡ Podman system integration test - as user ⚡⚡⚡ LTP ⚡⚡⚡ Loopdev Sanity ⚡⚡⚡ Memory function: memfd_create ⚡⚡⚡ AMTU (Abstract Machine Test Utility) ⚡⚡⚡ Networking bridge: sanity ⚡⚡⚡ Ethernet drivers sanity ⚡⚡⚡ Networking socket: fuzz ⚡⚡⚡ Networking: igmp conformance test ⚡⚡⚡ Networking route: pmtu ⚡⚡⚡ Networking route_func - local ⚡⚡⚡ Networking route_func - forward ⚡⚡⚡ Networking TCP: keepalive test ⚡⚡⚡ Networking UDP: socket ⚡⚡⚡ Networking tunnel: geneve basic test ⚡⚡⚡ Networking tunnel: gre basic ⚡⚡⚡ L2TP basic test ⚡⚡⚡ Networking tunnel: vxlan basic ⚡⚡⚡ Networking ipsec: basic netns - transport ⚡⚡⚡ Networking ipsec: basic netns - tunnel ⚡⚡⚡ Libkcapi AF_ALG test ⚡⚡⚡ pciutils: sanity smoke test ⚡⚡⚡ pciutils: update pci ids test ⚡⚡⚡ ALSA PCM loopback test ⚡⚡⚡ ALSA Control (mixer) Userspace Element test ⚡⚡⚡ storage: SCSI VPD 🚧 ⚡⚡⚡ CIFS Connectathon 🚧 ⚡⚡⚡ POSIX pjd-fstest suites 🚧 ⚡⚡⚡ jvm - DaCapo Benchmark Suite 🚧 ⚡⚡⚡ jvm - jcstress tests 🚧 ⚡⚡⚡ Memory function: kaslr 🚧 ⚡⚡⚡ Networking firewall: basic netfilter test 🚧 ⚡⚡⚡ audit: audit testsuite test 🚧 ⚡⚡⚡ trace: ftrace/tracer 🚧 ⚡⚡⚡ kdump - kexec_boot Host 3: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ⚡⚡⚡ Boot test ⚡⚡⚡ xfstests - ext4 ⚡⚡⚡ xfstests - xfs ⚡⚡⚡ selinux-policy: serge-testsuite ⚡⚡⚡ storage: software RAID testing ⚡⚡⚡ stress: stress-ng 🚧 ⚡⚡⚡ CPU: Frequency Driver Test 🚧 ⚡⚡⚡ CPU: Idle Test 🚧 ⚡⚡⚡ IOMMU boot test 🚧 ⚡⚡⚡ IPMI driver test 🚧 ⚡⚡⚡ IPMItool loop stress test 🚧 ⚡⚡⚡ power-management: cpupower/sanity test 🚧 ⚡⚡⚡ Storage blktests Host 4: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ⚡⚡⚡ Boot test 🚧 ⚡⚡⚡ kdump - sysrq-c Host 5: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ⚡⚡⚡ Boot test ⚡⚡⚡ Podman system integration test - as root ⚡⚡⚡ Podman system integration test - as user ⚡⚡⚡ LTP ⚡⚡⚡ Loopdev Sanity ⚡⚡⚡ Memory function: memfd_create ⚡⚡⚡ AMTU (Abstract Machine Test Utility) ⚡⚡⚡ Networking bridge: sanity ⚡⚡⚡ Ethernet drivers sanity ⚡⚡⚡ Networking socket: fuzz ⚡⚡⚡ Networking: igmp conformance test ⚡⚡⚡ Networking route: pmtu ⚡⚡⚡ Networking route_func - local ⚡⚡⚡ Networking route_func - forward ⚡⚡⚡ Networking TCP: keepalive test ⚡⚡⚡ Networking UDP: socket ⚡⚡⚡ Networking tunnel: geneve basic test ⚡⚡⚡ Networking tunnel: gre basic ⚡⚡⚡ L2TP basic test ⚡⚡⚡ Networking tunnel: vxlan basic ⚡⚡⚡ Networking ipsec: basic netns - transport ⚡⚡⚡ Networking ipsec: basic netns - tunnel ⚡⚡⚡ Libkcapi AF_ALG test ⚡⚡⚡ pciutils: sanity smoke test ⚡⚡⚡ pciutils: update pci ids test ⚡⚡⚡ ALSA PCM loopback test ⚡⚡⚡ ALSA Control (mixer) Userspace Element test ⚡⚡⚡ storage: SCSI VPD 🚧 ⚡⚡⚡ CIFS Connectathon 🚧 ⚡⚡⚡ POSIX pjd-fstest suites 🚧 ⚡⚡⚡ jvm - DaCapo Benchmark Suite 🚧 ⚡⚡⚡ jvm - jcstress tests 🚧 ⚡⚡⚡ Memory function: kaslr 🚧 ⚡⚡⚡ Networking firewall: basic netfilter test 🚧 ⚡⚡⚡ audit: audit testsuite test 🚧 ⚡⚡⚡ trace: ftrace/tracer 🚧 ⚡⚡⚡ kdump - kexec_boot Test sources: https://github.com/CKI-project/tests-beaker 💚 Pull requests are welcome for new tests or improvements to existing tests! Aborted tests ------------- Tests that didn't complete running successfully are marked with ⚡⚡⚡. If this was caused by an infrastructure issue, we try to mark that explicitly in the report. Waived tests ------------ If the test run included waived tests, they are marked with 🚧. Such tests are executed but their results are not taken into account. Tests are waived when their results are not reliable enough, e.g. when they're just introduced or are being fixed. Testing timeout --------------- We aim to provide a report within reasonable timeframe. Tests that haven't finished running yet are marked with ⏱.

5 years, 4 months

1
0
0 0

[PATCH AUTOSEL 4.9 01/80] power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select

by Sasha Levin

From: Enric Balletbo i Serra <enric.balletbo(a)collabora.com> [ Upstream commit 87c3d579c8ed0eaea6b1567d529a8daa85a2bc6c ] regmap is a library function that gets selected by drivers that need it. No driver modules should depend on it. Depending on REGMAP_I2C makes this driver only build if another driver already selected REGMAP_I2C, as the symbol can't be selected through the menu kernel configuration. Fixes: 2219a935963e ("power_supply: Add TI BQ24257 charger driver") Signed-off-by: Enric Balletbo i Serra <enric.balletbo(a)collabora.com> Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/power/supply/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/power/supply/Kconfig b/drivers/power/supply/Kconfig index 76806a0be820..0de9a958b29a 100644 --- a/drivers/power/supply/Kconfig +++ b/drivers/power/supply/Kconfig @@ -424,7 +424,7 @@ config CHARGER_BQ24257 tristate "TI BQ24250/24251/24257 battery charger driver" depends on I2C depends on GPIOLIB || COMPILE_TEST - depends on REGMAP_I2C + select REGMAP_I2C help Say Y to enable support for the TI BQ24250, BQ24251, and BQ24257 battery chargers. -- 2.25.1

5 years, 4 months

2
80
0 0

stable/linux-5.6.y baseline: 43 runs, 1 regressions (v5.6.19)

by kernelci.org bot

stable/linux-5.6.y baseline: 43 runs, 1 regressions (v5.6.19) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | results ----------------+-------+--------------+----------+-----------+-------- bcm2837-rpi-3-b | arm64 | lab-baylibre | gcc-8 | defconfig | 4/5 Details: https://kernelci.org/test/job/stable/branch/linux-5.6.y/kernel/v5.6.19/plan… Test: baseline Tree: stable Branch: linux-5.6.y Describe: v5.6.19 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git SHA: 61aba373f5708f2aebc3f72078e51949a068aa6f Test Regressions ---------------- platform | arch | lab | compiler | defconfig | results ----------------+-------+--------------+----------+-----------+-------- bcm2837-rpi-3-b | arm64 | lab-baylibre | gcc-8 | defconfig | 4/5 Details: https://kernelci.org/test/plan/id/5eea7fce9eaf8b0b6497bf27 Results: 4 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-8 (aarch64-linux-gnu-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable/linux-5.6.y/v5.6.19/arm64/defconfig/gc… HTML log: https://storage.kernelci.org//stable/linux-5.6.y/v5.6.19/arm64/defconfig/gc… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2019.02-11-g17e793f… * baseline.dmesg.crit: https://kernelci.org/test/case/id/5eea7fce9eaf8b0b6497bf2a failing since 6 days (last pass: v5.6.17, first fail: v5.6.18) 3 lines

5 years, 4 months

1
0
0 0

stable/linux-5.4.y baseline: 57 runs, 1 regressions (v5.4.47)

by kernelci.org bot

stable/linux-5.4.y baseline: 57 runs, 1 regressions (v5.4.47) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | results ----------------------+------+--------------+----------+-----------------+-------- at91-sama5d4_xplained | arm | lab-baylibre | gcc-8 | sama5_defconfig | 0/1 Details: https://kernelci.org/test/job/stable/branch/linux-5.4.y/kernel/v5.4.47/plan… Test: baseline Tree: stable Branch: linux-5.4.y Describe: v5.4.47 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git SHA: fd8cd8ac940c8b45b75474415291a3b941c865ab Test Regressions ---------------- platform | arch | lab | compiler | defconfig | results ----------------------+------+--------------+----------+-----------------+-------- at91-sama5d4_xplained | arm | lab-baylibre | gcc-8 | sama5_defconfig | 0/1 Details: https://kernelci.org/test/plan/id/5eea74903bdcfa582597bf09 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: sama5_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable/linux-5.4.y/v5.4.47/arm/sama5_defconfi… HTML log: https://storage.kernelci.org//stable/linux-5.4.y/v5.4.47/arm/sama5_defconfi… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2019.02-11-g17e793f… * baseline.login: https://kernelci.org/test/case/id/5eea74903bdcfa582597bf0a new failure (last pass: v5.4.46)

5 years, 4 months

1
0
0 0

+ mm-compaction-make-capture-control-handling-safe-wrt-interrupts.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, compaction: make capture control handling safe wrt interrupts has been added to the -mm tree. Its filename is mm-compaction-make-capture-control-handling-safe-wrt-interrupts.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-compaction-make-capture-control… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-compaction-make-capture-control… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Vlastimil Babka <vbabka(a)suse.cz> Subject: mm, compaction: make capture control handling safe wrt interrupts Hugh reports: : While stressing compaction, one run oopsed on NULL capc->cc in : __free_one_page()'s task_capc(zone): compact_zone_order() had been : interrupted, and a page was being freed in the return from interrupt. : : Though you would not expect it from the source, both gccs I was using (a : 4.8.1 and a 7.5.0) had chosen to compile compact_zone_order() with the : ".cc = &cc" implemented by mov %rbx,-0xb0(%rbp) immediately before callq : compact_zone - long after the "current->capture_control = &capc". An : interrupt in between those finds capc->cc NULL (zeroed by an earlier rep : stos). : : This could presumably be fixed by a barrier() before setting : current->capture_control in compact_zone_order(); but would also need more : care on return from compact_zone(), in order not to risk leaking a page : captured by interrupt just before capture_control is reset. : : Maybe that is the preferable fix, but I felt safer for task_capc() to : exclude the rather surprising possibility of capture at interrupt time. I have checked that gcc10 also behaves the same. The advantage of fix in compact_zone_order() is that we don't add another test in the page freeing hot path, and that it might prevent future problems if we stop exposing pointers to unitialized structures in current task. So this patch implements the suggestion for compact_zone_order() with barrier() (and WRITE_ONCE() to prevent store tearing) for setting current->capture_control, and prevents page leaking with WRITE_ONCE/READ_ONCE in the proper order. Link: http://lkml.kernel.org/r/20200616082649.27173-1-vbabka@suse.cz Fixes: 5e1f0f098b46 ("mm, compaction: capture a page under direct compaction") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Hugh Dickins <hughd(a)google.com> Suggested-by: Hugh Dickins <hughd(a)google.com> Cc: Alex Shi <alex.shi(a)linux.alibaba.com> Cc: Li Wang <liwang(a)redhat.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: <stable(a)vger.kernel.org> [5.1+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/compaction.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) --- a/mm/compaction.c~mm-compaction-make-capture-control-handling-safe-wrt-interrupts +++ a/mm/compaction.c @@ -2316,15 +2316,26 @@ static enum compact_result compact_zone_ .page = NULL, }; - current->capture_control = &capc; + /* + * Make sure the structs are really initialized before we expose the + * capture control, in case we are interrupted and the interrupt handler + * frees a page. + */ + barrier(); + WRITE_ONCE(current->capture_control, &capc); ret = compact_zone(&cc, &capc); VM_BUG_ON(!list_empty(&cc.freepages)); VM_BUG_ON(!list_empty(&cc.migratepages)); - *capture = capc.page; - current->capture_control = NULL; + /* + * Make sure we hide capture control first before we read the captured + * page pointer, otherwise an interrupt could free and capture a page + * and we would leak it. + */ + WRITE_ONCE(current->capture_control, NULL); + *capture = READ_ONCE(capc.page); return ret; } _ Patches currently in -mm which might be from vbabka(a)suse.cz are mm-compaction-make-capture-control-handling-safe-wrt-interrupts.patch mm-page_alloc-use-unlikely-in-task_capc.patch mm-slub-extend-slub_debug-syntax-for-multiple-blocks.patch mm-slub-make-some-slub_debug-related-attributes-read-only.patch mm-slub-remove-runtime-allocation-order-changes.patch mm-slub-make-remaining-slub_debug-related-attributes-read-only.patch mm-slub-make-reclaim_account-attribute-read-only.patch mm-slub-introduce-static-key-for-slub_debug.patch mm-slub-introduce-kmem_cache_debug_flags.patch mm-slub-extend-checks-guarded-by-slub_debug-static-key.patch mm-slab-slub-move-and-improve-cache_from_obj.patch

5 years, 4 months

1
0
0 0

stable/linux-5.6.y build: 147 builds: 1 failed, 146 passed, 3 errors, 22 warnings (v5.6.19)

by kernelci.org bot

stable/linux-5.6.y build: 147 builds: 1 failed, 146 passed, 3 errors, 22 warnings (v5.6.19) Full Build Summary: https://kernelci.org/build/stable/branch/linux-5.6.y/kernel/v5.6.19/ Tree: stable Branch: linux-5.6.y Git Describe: v5.6.19 Git Commit: 61aba373f5708f2aebc3f72078e51949a068aa6f Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git Built: 7 unique architectures Build Failure Detected: arm: viper_defconfig: (gcc-8) FAIL Errors and Warnings Detected: arc: arm64: defconfig (gcc-8): 2 warnings arm: viper_defconfig (gcc-8): 3 errors, 12 warnings i386: mips: malta_qemu_32r6_defconfig (gcc-8): 1 warning riscv: rv32_defconfig (gcc-8): 6 warnings x86_64: tinyconfig (gcc-8): 1 warning Errors summary: 1 include/linux/bpf.h:4: error: unterminated #ifndef 1 include/linux/bpf.h:485:2: error: unterminated comment 1 include/linux/bpf-cgroup.h:341:1: error: expected specifier-qualifier-list before ‘static’ Warnings summary: 2 arch/arm64/include/asm/memory.h:233:15: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] 2 <stdin>:830:2: warning: #warning syscall fstat64 not implemented [-Wcpp] 2 <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] 2 <stdin>:1127:2: warning: #warning syscall fstatat64 not implemented [-Wcpp] 1 {standard input}:141: Warning: macro instruction expanded into multiple instructions 1 include/linux/bpf-cgroup.h:340:21: warning: declaration does not declare anything 1 include/linux/bpf-cgroup.h:339:16: warning: declaration does not declare anything 1 include/linux/bpf-cgroup.h:22:24: warning: declaration does not declare anything 1 include/linux/bpf-cgroup.h:21:17: warning: declaration does not declare anything 1 include/linux/bpf-cgroup.h:20:26: warning: declaration does not declare anything 1 include/linux/bpf-cgroup.h:19:25: warning: declaration does not declare anything 1 include/linux/bpf-cgroup.h:18:16: warning: declaration does not declare anything 1 include/linux/bpf-cgroup.h:17:15: warning: declaration does not declare anything 1 include/linux/bpf-cgroup.h:16:15: warning: declaration does not declare anything 1 include/linux/bpf-cgroup.h:15:14: warning: declaration does not declare anything 1 include/linux/bpf-cgroup.h:14:16: warning: declaration does not declare anything 1 include/linux/bpf-cgroup.h:13:12: warning: declaration does not declare anything 1 .config:1160:warning: override: UNWINDER_GUESS changes choice state Section mismatches summary: 1 WARNING: vmlinux.o(.text.unlikely+0x3674): Section mismatch in reference from the function pmax_setup_memory_region() to the function .init.text:add_memory_region() ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- 32r2el_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (i386, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (arc, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (arm64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- am200epdkit_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- aspeed_g4_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- assabet_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- at91_dt_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ath25_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ath79_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- axs103_defconfig (arc, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- axs103_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- badge4_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm63xx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bmips_be_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- capcella_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cavium_octeon_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cerfcube_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ci20_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- clps711x_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cm_x2xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cm_x300_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cns3420vb_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- colibri_pxa270_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- colibri_pxa300_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- collie_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- davinci_all_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- db1xxx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- decstation_64_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- decstation_r4k_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: vmlinux.o(.text.unlikely+0x3674): Section mismatch in reference from the function pmax_setup_memory_region() to the function .init.text:add_memory_region() -------------------------------------------------------------------------------- defconfig (arm64, gcc-8) — PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: arch/arm64/include/asm/memory.h:233:15: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] arch/arm64/include/asm/memory.h:233:15: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] -------------------------------------------------------------------------------- dove_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- e55_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ebsa110_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- efm32_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- em_x270_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- eseries_pxa_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ezx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- footbridge_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- fuloong2e_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- gemini_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- gpr_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- h3600_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- h5000_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- hackkit_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- haps_hs_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- hsdk_defconfig (arc, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- i386_defconfig (i386, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- imx_v4_v5_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- imx_v6_v7_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- integrator_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- iop32x_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip28_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip32_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ixp4xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- jornada720_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- keystone_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lasat_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- loongson1b_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- loongson1c_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- loongson3_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lpc18xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lpd270_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mainstone_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_kvm_guest_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_qemu_32r6_defconfig (mips, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: {standard input}:141: Warning: macro instruction expanded into multiple instructions -------------------------------------------------------------------------------- maltaaprp_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltasmvp_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltasmvp_eva_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltaup_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltaup_xpa_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- markeins_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- milbeaut_m10v_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mini2440_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mips_paravirt_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mmp2_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- moxart_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mpc30x_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- msp71xx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v4t_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v5_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mvebu_v5_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mvebu_v7_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mxs_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- netwinder_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nhk8815_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nlm_xlp_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nlm_xlr_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nommu_virt_defconfig (riscv, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nsimosci_hs_defconfig (arc, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nsimosci_hs_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- omap1_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- omap2plus_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- omega2p_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- palmz72_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pic32mzda_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pleb_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pnx8335_stb225_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- prima2_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa168_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa255-idp_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa3xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- qcom_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- qi_lb60_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rb532_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rbtx49xx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- realview_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rm200_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rpc_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rt305x_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rv32_defconfig (riscv, gcc-8) — PASS, 0 errors, 6 warnings, 0 section mismatches Warnings: <stdin>:830:2: warning: #warning syscall fstat64 not implemented [-Wcpp] <stdin>:1127:2: warning: #warning syscall fstatat64 not implemented [-Wcpp] <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] <stdin>:830:2: warning: #warning syscall fstat64 not implemented [-Wcpp] <stdin>:1127:2: warning: #warning syscall fstatat64 not implemented [-Wcpp] <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- s3c2410_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- s3c6400_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- s5pv210_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- sb1250_swarm_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- shannon_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- shmobile_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- simpad_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spear13xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spear6xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spitz_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tango4_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tb0219_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tb0226_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tct_hammer_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (riscv, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (x86_64, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: .config:1160:warning: override: UNWINDER_GUESS changes choice state -------------------------------------------------------------------------------- tinyconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- trizeps4_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- u300_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- u8500_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vdk_hs38_defconfig (arc, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vdk_hs38_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- versatile_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vf610m4_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- viper_defconfig (arm, gcc-8) — FAIL, 3 errors, 12 warnings, 0 section mismatches Errors: include/linux/bpf.h:485:2: error: unterminated comment include/linux/bpf.h:4: error: unterminated #ifndef include/linux/bpf-cgroup.h:341:1: error: expected specifier-qualifier-list before ‘static’ Warnings: include/linux/bpf-cgroup.h:13:12: warning: declaration does not declare anything include/linux/bpf-cgroup.h:14:16: warning: declaration does not declare anything include/linux/bpf-cgroup.h:15:14: warning: declaration does not declare anything include/linux/bpf-cgroup.h:16:15: warning: declaration does not declare anything include/linux/bpf-cgroup.h:17:15: warning: declaration does not declare anything include/linux/bpf-cgroup.h:18:16: warning: declaration does not declare anything include/linux/bpf-cgroup.h:19:25: warning: declaration does not declare anything include/linux/bpf-cgroup.h:20:26: warning: declaration does not declare anything include/linux/bpf-cgroup.h:21:17: warning: declaration does not declare anything include/linux/bpf-cgroup.h:22:24: warning: declaration does not declare anything include/linux/bpf-cgroup.h:339:16: warning: declaration does not declare anything include/linux/bpf-cgroup.h:340:21: warning: declaration does not declare anything -------------------------------------------------------------------------------- vocore2_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vt8500_v6_v7_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- workpad_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig (x86_64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- xcep_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- xway_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- zeus_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- zx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

5 years, 4 months

1
0
0 0

stable/linux-5.4.y build: 140 builds: 0 failed, 140 passed, 78 warnings (v5.4.47)

by kernelci.org bot

stable/linux-5.4.y build: 140 builds: 0 failed, 140 passed, 78 warnings (v5.4.47) Full Build Summary: https://kernelci.org/build/stable/branch/linux-5.4.y/kernel/v5.4.47/ Tree: stable Branch: linux-5.4.y Git Describe: v5.4.47 Git Commit: fd8cd8ac940c8b45b75474415291a3b941c865ab Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git Built: 7 unique architectures Warnings Detected: arc: axs103_defconfig (gcc-8): 2 warnings axs103_smp_defconfig (gcc-8): 2 warnings haps_hs_smp_defconfig (gcc-8): 2 warnings hsdk_defconfig (gcc-8): 2 warnings nsim_hs_smp_defconfig (gcc-8): 2 warnings nsimosci_hs_defconfig (gcc-8): 2 warnings nsimosci_hs_smp_defconfig (gcc-8): 2 warnings tinyconfig (gcc-8): 1 warning vdk_hs38_defconfig (gcc-8): 1 warning arm64: defconfig (gcc-8): 14 warnings arm: am200epdkit_defconfig (gcc-8): 1 warning assabet_defconfig (gcc-8): 1 warning axm55xx_defconfig (gcc-8): 1 warning cm_x300_defconfig (gcc-8): 1 warning colibri_pxa270_defconfig (gcc-8): 1 warning colibri_pxa300_defconfig (gcc-8): 1 warning davinci_all_defconfig (gcc-8): 1 warning dove_defconfig (gcc-8): 1 warning em_x270_defconfig (gcc-8): 1 warning ep93xx_defconfig (gcc-8): 1 warning eseries_pxa_defconfig (gcc-8): 1 warning exynos_defconfig (gcc-8): 1 warning ezx_defconfig (gcc-8): 1 warning h3600_defconfig (gcc-8): 1 warning imote2_defconfig (gcc-8): 1 warning imx_v6_v7_defconfig (gcc-8): 1 warning integrator_defconfig (gcc-8): 1 warning lpc32xx_defconfig (gcc-8): 1 warning magician_defconfig (gcc-8): 1 warning milbeaut_m10v_defconfig (gcc-8): 1 warning mini2440_defconfig (gcc-8): 1 warning mmp2_defconfig (gcc-8): 1 warning mxs_defconfig (gcc-8): 1 warning neponset_defconfig (gcc-8): 1 warning nhk8815_defconfig (gcc-8): 1 warning omap1_defconfig (gcc-8): 1 warning omap2plus_defconfig (gcc-8): 1 warning oxnas_v6_defconfig (gcc-8): 1 warning palmz72_defconfig (gcc-8): 1 warning pcm027_defconfig (gcc-8): 1 warning prima2_defconfig (gcc-8): 1 warning pxa168_defconfig (gcc-8): 1 warning pxa3xx_defconfig (gcc-8): 1 warning pxa910_defconfig (gcc-8): 1 warning realview_defconfig (gcc-8): 1 warning s3c6400_defconfig (gcc-8): 1 warning s5pv210_defconfig (gcc-8): 1 warning sama5_defconfig (gcc-8): 1 warning shannon_defconfig (gcc-8): 1 warning spear13xx_defconfig (gcc-8): 1 warning sunxi_defconfig (gcc-8): 1 warning tegra_defconfig (gcc-8): 1 warning u8500_defconfig (gcc-8): 1 warning vexpress_defconfig (gcc-8): 1 warning viper_defconfig (gcc-8): 1 warning xcep_defconfig (gcc-8): 1 warning zeus_defconfig (gcc-8): 1 warning i386: mips: riscv: x86_64: tinyconfig (gcc-8): 1 warning Warnings summary: 43 WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL 16 <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] 4 drivers/video/fbdev/sa1100fb.c:975:21: warning: ‘sa1100fb_min_dma_period’ defined but not used [-Wunused-function] 2 arch/arm64/include/asm/memory.h:239:15: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] 2 arch/arm64/boot/dts/exynos/exynos5433.dtsi:254.3-29: Warning (reg_format): /gpu@14ac0000:reg: property has invalid length (8 bytes) (#address-cells == 2, #size-cells == 2) 1 arch/arm64/boot/dts/exynos/exynos7.dtsi:83.3-29: Warning (reg_format): /gpu@14ac0000:reg: property has invalid length (8 bytes) (#address-cells == 2, #size-cells == 2) 1 arch/arm64/boot/dts/exynos/exynos7-espresso.dtb: Warning (spi_bus_reg): Failed prerequisite 'reg_format' 1 arch/arm64/boot/dts/exynos/exynos7-espresso.dtb: Warning (pci_device_bus_num): Failed prerequisite 'reg_format' 1 arch/arm64/boot/dts/exynos/exynos7-espresso.dtb: Warning (i2c_bus_reg): Failed prerequisite 'reg_format' 1 arch/arm64/boot/dts/exynos/exynos5433-tm2e.dtb: Warning (spi_bus_reg): Failed prerequisite 'reg_format' 1 arch/arm64/boot/dts/exynos/exynos5433-tm2e.dtb: Warning (pci_device_bus_num): Failed prerequisite 'reg_format' 1 arch/arm64/boot/dts/exynos/exynos5433-tm2e.dtb: Warning (i2c_bus_reg): Failed prerequisite 'reg_format' 1 arch/arm64/boot/dts/exynos/exynos5433-tm2.dtb: Warning (spi_bus_reg): Failed prerequisite 'reg_format' 1 arch/arm64/boot/dts/exynos/exynos5433-tm2.dtb: Warning (pci_device_bus_num): Failed prerequisite 'reg_format' 1 arch/arm64/boot/dts/exynos/exynos5433-tm2.dtb: Warning (i2c_bus_reg): Failed prerequisite 'reg_format' 1 .config:1156:warning: override: UNWINDER_GUESS changes choice state ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- 32r2el_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (i386, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (x86_64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- am200epdkit_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- ar7_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- aspeed_g4_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- assabet_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/video/fbdev/sa1100fb.c:975:21: warning: ‘sa1100fb_min_dma_period’ defined but not used [-Wunused-function] -------------------------------------------------------------------------------- ath25_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ath79_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- axm55xx_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- axs103_defconfig (arc, gcc-8) — PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- axs103_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- badge4_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm2835_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm47xx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm63xx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bmips_be_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cavium_octeon_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cerfcube_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ci20_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cm_x300_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- colibri_pxa270_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- colibri_pxa300_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- davinci_all_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- db1xxx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- decstation_64_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig (riscv, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig (arm64, gcc-8) — PASS, 0 errors, 14 warnings, 0 section mismatches Warnings: arch/arm64/include/asm/memory.h:239:15: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] arch/arm64/include/asm/memory.h:239:15: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] arch/arm64/boot/dts/exynos/exynos5433.dtsi:254.3-29: Warning (reg_format): /gpu@14ac0000:reg: property has invalid length (8 bytes) (#address-cells == 2, #size-cells == 2) arch/arm64/boot/dts/exynos/exynos5433-tm2.dtb: Warning (pci_device_bus_num): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos5433-tm2.dtb: Warning (i2c_bus_reg): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos5433-tm2.dtb: Warning (spi_bus_reg): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos5433.dtsi:254.3-29: Warning (reg_format): /gpu@14ac0000:reg: property has invalid length (8 bytes) (#address-cells == 2, #size-cells == 2) arch/arm64/boot/dts/exynos/exynos5433-tm2e.dtb: Warning (pci_device_bus_num): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos5433-tm2e.dtb: Warning (i2c_bus_reg): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos5433-tm2e.dtb: Warning (spi_bus_reg): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos7.dtsi:83.3-29: Warning (reg_format): /gpu@14ac0000:reg: property has invalid length (8 bytes) (#address-cells == 2, #size-cells == 2) arch/arm64/boot/dts/exynos/exynos7-espresso.dtb: Warning (pci_device_bus_num): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos7-espresso.dtb: Warning (i2c_bus_reg): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos7-espresso.dtb: Warning (spi_bus_reg): Failed prerequisite 'reg_format' -------------------------------------------------------------------------------- dove_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- e55_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ebsa110_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- efm32_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- em_x270_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- ep93xx_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- eseries_pxa_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- exynos_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- ezx_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- footbridge_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- fuloong2e_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- gemini_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- gpr_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- h3600_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/video/fbdev/sa1100fb.c:975:21: warning: ‘sa1100fb_min_dma_period’ defined but not used [-Wunused-function] -------------------------------------------------------------------------------- hackkit_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- haps_hs_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- hisi_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- hsdk_defconfig (arc, gcc-8) — PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- imote2_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- imx_v6_v7_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- integrator_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- iop32x_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip22_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip28_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip32_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- jmr3927_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- jornada720_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lasat_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lemote2f_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- loongson1b_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- loongson1c_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lpc18xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lpc32xx_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- lpd270_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- magician_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- malta_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_kvm_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_kvm_guest_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltaaprp_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltasmvp_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltasmvp_eva_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltaup_xpa_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- markeins_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- milbeaut_m10v_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- mini2440_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- mips_paravirt_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mmp2_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- moxart_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mpc30x_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- msp71xx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mtx1_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mxs_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- neponset_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/video/fbdev/sa1100fb.c:975:21: warning: ‘sa1100fb_min_dma_period’ defined but not used [-Wunused-function] -------------------------------------------------------------------------------- netwinder_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nhk8815_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- nlm_xlp_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nsim_hs_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- nsimosci_hs_defconfig (arc, gcc-8) — PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- nsimosci_hs_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- omap1_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- omap2plus_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- omega2p_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- oxnas_v6_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- palmz72_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- pcm027_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- pistachio_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pleb_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pnx8335_stb225_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- prima2_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- pxa168_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- pxa255-idp_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa3xx_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- pxa910_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- rbtx49xx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- realview_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- rpc_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rt305x_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- s3c6400_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- s5pv210_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- sama5_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- sb1250_swarm_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- shannon_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/video/fbdev/sa1100fb.c:975:21: warning: ‘sa1100fb_min_dma_period’ defined but not used [-Wunused-function] -------------------------------------------------------------------------------- simpad_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- socfpga_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spear13xx_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- spear6xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spitz_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- stm32_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- sunxi_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- tb0219_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tb0226_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tb0287_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tegra_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- tinyconfig (i386, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- tinyconfig (x86_64, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: .config:1156:warning: override: UNWINDER_GUESS changes choice state -------------------------------------------------------------------------------- tinyconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (arm64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (riscv, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- u8500_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- vdk_hs38_defconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- vexpress_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- vf610m4_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- viper_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- vocore2_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vt8500_v6_v7_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- workpad_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- xcep_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- xway_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- zeus_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- zx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

5 years, 4 months

1
0
0 0

[PATCH AUTOSEL 5.7 001/274] drm/amdgpu: fix and cleanup amdgpu_gem_object_close v4

by Sasha Levin

From: Christian König <christian.koenig(a)amd.com> [ Upstream commit 82c416b13cb7d22b96ec0888b296a48dff8a09eb ] The problem is that we can't add the clear fence to the BO when there is an exclusive fence on it since we can't guarantee the the clear fence will complete after the exclusive one. To fix this refactor the function and also add the exclusive fence as shared to the resv object. v2: fix warning v3: add excl fence as shared instead v4: squash in fix for fence handling in amdgpu_gem_object_close Signed-off-by: Christian König <christian.koenig(a)amd.com> Reviewed-by: xinhui pan <xinhui.pan(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 43 ++++++++++++++----------- 1 file changed, 25 insertions(+), 18 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c index 4277125a79ee..32f36c940abb 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c @@ -161,16 +161,17 @@ void amdgpu_gem_object_close(struct drm_gem_object *obj, struct amdgpu_bo_list_entry vm_pd; struct list_head list, duplicates; + struct dma_fence *fence = NULL; struct ttm_validate_buffer tv; struct ww_acquire_ctx ticket; struct amdgpu_bo_va *bo_va; - int r; + long r; INIT_LIST_HEAD(&list); INIT_LIST_HEAD(&duplicates); tv.bo = &bo->tbo; - tv.num_shared = 1; + tv.num_shared = 2; list_add(&tv.head, &list); amdgpu_vm_get_pd_bo(vm, &list, &vm_pd); @@ -178,28 +179,34 @@ void amdgpu_gem_object_close(struct drm_gem_object *obj, r = ttm_eu_reserve_buffers(&ticket, &list, false, &duplicates); if (r) { dev_err(adev->dev, "leaking bo va because " - "we fail to reserve bo (%d)\n", r); + "we fail to reserve bo (%ld)\n", r); return; } bo_va = amdgpu_vm_bo_find(vm, bo); - if (bo_va && --bo_va->ref_count == 0) { - amdgpu_vm_bo_rmv(adev, bo_va); - - if (amdgpu_vm_ready(vm)) { - struct dma_fence *fence = NULL; + if (!bo_va || --bo_va->ref_count) + goto out_unlock; - r = amdgpu_vm_clear_freed(adev, vm, &fence); - if (unlikely(r)) { - dev_err(adev->dev, "failed to clear page " - "tables on GEM object close (%d)\n", r); - } + amdgpu_vm_bo_rmv(adev, bo_va); + if (!amdgpu_vm_ready(vm)) + goto out_unlock; - if (fence) { - amdgpu_bo_fence(bo, fence, true); - dma_fence_put(fence); - } - } + fence = dma_resv_get_excl(bo->tbo.base.resv); + if (fence) { + amdgpu_bo_fence(bo, fence, true); + fence = NULL; } + + r = amdgpu_vm_clear_freed(adev, vm, &fence); + if (r || !fence) + goto out_unlock; + + amdgpu_bo_fence(bo, fence, true); + dma_fence_put(fence); + +out_unlock: + if (unlikely(r < 0)) + dev_err(adev->dev, "failed to clear page " + "tables on GEM object close (%ld)\n", r); ttm_eu_backoff_reservation(&ticket, &list); } -- 2.25.1

5 years, 4 months

5
280
0 0

[PATCH 5.7 000/162] 5.7.3-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.7.3 release. There are 162 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 18 Jun 2020 17:25:43 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.7.3-rc2.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.7.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.7.3-rc2 John Stultz <john.stultz(a)linaro.org> serial: amba-pl011: Make sure we initialize the port.lock spinlock Marc Zyngier <maz(a)kernel.org> KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception Marc Zyngier <maz(a)kernel.org> KVM: arm64: Save the host's PtrAuth keys in non-preemptible context Mattia Dongili <malattia(a)linux.it> platform/x86: sony-laptop: Make resuming thermal profile safer Mattia Dongili <malattia(a)linux.it> platform/x86: sony-laptop: SNC calls should handle BUFFER types Juergen Gross <jgross(a)suse.com> xen/pvcalls-back: test for errors when calling backend_connect() Jiri Kosina <jkosina(a)suse.cz> block/floppy: fix contended case in floppy_queue_rq() Ulf Hansson <ulf.hansson(a)linaro.org> mmc: sdio: Fix several potential memory leaks in mmc_sdio_init_card() Ulf Hansson <ulf.hansson(a)linaro.org> mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() Ludovic Desroches <ludovic.desroches(a)microchip.com> ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description Masahiro Yamada <yamada.masahiro(a)socionext.com> mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe() Ulf Hansson <ulf.hansson(a)linaro.org> mmc: tmio: Further fixup runtime PM management at remove Ludovic Barre <ludovic.barre(a)st.com> mmc: mmci_sdmmc: fix DMA API warning overlapping mappings Eugen Hristev <eugen.hristev(a)microchip.com> mmc: sdhci-of-at91: fix CALCR register being rewritten Veerabhadrarao Badiganti <vbadigan(a)codeaurora.org> mmc: sdhci-msm: Clear tuning done flag while hs400 tuning Chris Wilson <chris(a)chris-wilson.co.uk> agp/intel: Reinforce the barrier after GTT updates Barret Rhoden <brho(a)google.com> perf: Add cond_resched() to task_function_call() OGAWA Hirofumi <hirofumi(a)mail.parknet.co.jp> fat: don't allow to mount if the FAT length == 0 Wang Hai <wanghai38(a)huawei.com> mm/slub: fix a memory leak in sysfs_slab_add() Ezequiel Garcia <ezequiel(a)collabora.com> drm/vkms: Hold gem object while still in-use Casey Schaufler <casey(a)schaufler-ca.com> Smack: slab-out-of-bounds in vsscanf Qiujun Huang <hqjagain(a)gmail.com> ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb Qiujun Huang <hqjagain(a)gmail.com> ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb Qiujun Huang <hqjagain(a)gmail.com> ath9k: Fix use-after-free Write in ath9k_htc_rx_msg Qiujun Huang <hqjagain(a)gmail.com> ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx Qiujun Huang <hqjagain(a)gmail.com> ath9k: Fix use-after-free Read in htc_connect_service Masami Hiramatsu <mhiramat(a)kernel.org> selftests/ftrace: Return unsupported if no error_log file Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type Sumit Saxena <sumit.saxena(a)broadcom.com> scsi: megaraid_sas: TM command refire leads to controller firmware crash Marc Zyngier <maz(a)kernel.org> KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts James Morse <james.morse(a)arm.com> KVM: arm64: Stop writing aarch32's CSSELR into ACTLR Xing Li <lixing(a)loongson.cn> KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits Xing Li <lixing(a)loongson.cn> KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data) Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: nVMX: Consult only the "basic" exit reason when routing nested exit Paolo Bonzini <pbonzini(a)redhat.com> KVM: nSVM: leave ASID aside in copy_vmcb_control_area Paolo Bonzini <pbonzini(a)redhat.com> KVM: nSVM: fix condition for filtering async PF Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 Tomi Valkeinen <tomi.valkeinen(a)ti.com> media: videobuf2-dma-contig: fix bad kfree in vb2_dma_contig_clear_max_seg_size Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> video: fbdev: w100fb: Fix a potential double free. Sam Ravnborg <sam(a)ravnborg.org> video: vt8500lcdfb: fix fallthrough warning Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Fix up cpufreq_boost_set_sw() Suman Anna <s-anna(a)ti.com> remoteproc: Fix and restore the parenting hierarchy for vdev Tero Kristo <t-kristo(a)ti.com> remoteproc: Fall back to using parent memory pool if no dedicated available Eric W. Biederman <ebiederm(a)xmission.com> proc: Use new_inode not new_inode_pseudo Namjae Jeon <namjae.jeon(a)samsung.com> exfat: fix incorrect update of stream entry in __exfat_truncate() Al Viro <viro(a)zeniv.linux.org.uk> exfat: fix memory leak in exfat_parse_param() Yuxuan Shui <yshuiv7(a)gmail.com> ovl: initialize error in ovl_copy_xattr Amir Goldstein <amir73il(a)gmail.com> ovl: fix out of bounds access warning in ovl_check_fb_len() Oz Shlomo <ozsh(a)mellanox.com> net/mlx5e: CT: Fix ipv6 nat header rewrite actions Valentin Longchamp <valentin(a)longchamp.me> net: sched: export __netdev_watchdog_up() Grygorii Strashko <grygorii.strashko(a)ti.com> net: ethernet: ti: am65-cpsw-nuss: fix ale parameters init Grygorii Strashko <grygorii.strashko(a)ti.com> net: ethernet: ti: ale: fix allmulti for nu type ale Paolo Abeni <pabeni(a)redhat.com> mptcp: fix races between shutdown and recvmsg Shannon Nelson <snelson(a)pensando.io> ionic: wait on queue start until after IFF_UP Paolo Abeni <pabeni(a)redhat.com> mptcp: don't leak msk in token container Parav Pandit <parav(a)mellanox.com> net/mlx5: Disable reload while removing the device Charles Keepax <ckeepax(a)opensource.cirrus.com> net: macb: Only disable NAPI on the actual error path Corentin Labbe <clabbe(a)baylibre.com> net: cadence: macb: disable NAPI on error Maxim Mikityanskiy <maximmi(a)mellanox.com> net/mlx5e: Fix repeated XSK usage on one channel Shay Drory <shayd(a)mellanox.com> net/mlx5: Fix fatal error handling during device load Shay Drory <shayd(a)mellanox.com> net/mlx5: drain health workqueue in case of driver load error tannerlove <tannerlove(a)google.com> selftests/net: in rxtimestamp getopt_long needs terminating null entry Lorenzo Bianconi <lorenzo(a)kernel.org> net: mvneta: do not redirect frames during reconfiguration Wang Hai <wanghai38(a)huawei.com> dccp: Fix possible memleak in dccp_init and dccp_fini Franck LENORMAND <franck.lenormand(a)nxp.com> firmware: imx: scu: Fix corruption of header Peng Fan <peng.fan(a)nxp.com> firmware: imx-scu: Support one TX and one RX Tony Luck <tony.luck(a)intel.com> x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned Longpeng(Mike) <longpeng2(a)huawei.com> crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() Longpeng(Mike) <longpeng2(a)huawei.com> crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() Longpeng(Mike) <longpeng2(a)huawei.com> crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() Wei Yongjun <weiyongjun1(a)huawei.com> crypto: drbg - fix error return code in drbg_alloc_state() Eric Biggers <ebiggers(a)google.com> crypto: algapi - Avoid spurious modprobe on LOADED Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated Linus Torvalds <torvalds(a)linux-foundation.org> gup: document and work around "COW can break either way" issue Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: clk: Fix clk_pm_runtime_get() error path Justin Chen <justinpopo6(a)gmail.com> spi: bcm-qspi: when tx/rx buffer is NULL set to 0 Florian Fainelli <f.fainelli(a)gmail.com> spi: bcm-qspi: Handle clock probe deferral Lukas Wunner <lukas(a)wunner.de> spi: bcm2835aux: Fix controller unregister order Lukas Wunner <lukas(a)wunner.de> spi: bcm2835: Fix controller unregister order Lukas Wunner <lukas(a)wunner.de> spi: pxa2xx: Fix runtime PM ref imbalance on probe error Lukas Wunner <lukas(a)wunner.de> spi: pxa2xx: Fix controller unregister order Lukas Wunner <lukas(a)wunner.de> spi: Fix controller unregister order Lukas Wunner <lukas(a)wunner.de> spi: dw: Fix controller unregister order Alexander Gordeev <agordeev(a)linux.ibm.com> lib: fix bitmap_parse() on 64-bit big endian archs Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() Dave Rodgman <dave.rodgman(a)arm.com> lib/lzo: fix ambiguous encoding bug in lzo-rle Nick Desaulniers <ndesaulniers(a)google.com> arm64: acpi: fix UBSAN warning Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: PM: Avoid using power resources if there are none for D0 Ard Biesheuvel <ardb(a)kernel.org> ACPI: GED: add support for _Exx / _Lxx handler methods Qiushi Wu <wu000273(a)umn.edu> ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() Qiushi Wu <wu000273(a)umn.edu> ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix inconsistent card PM state after resume Michał Mirosław <mirq-linux(a)rere.qmqm.pl> ALSA: pcm: fix snd_pcm_link() lockdep splat Michał Mirosław <mirq-linux(a)rere.qmqm.pl> ALSA: pcm: disallow linking stream to itself Hui Wang <hui.wang(a)canonical.com> ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: fireface: start IR context immediately Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: fireface: fix configuration error for nominal sampling transfer frequency Hersen Wu <hersenxs.wu(a)amd.com> ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up Chuhong Yuan <hslester96(a)gmail.com> ALSA: es1688: Add the missed snd_card_free() Fabio Estevam <festevam(a)gmail.com> watchdog: imx_sc_wdt: Fix reboot on crash Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: imx: Initialize lock for non-registered console Steve French <stfrench(a)microsoft.com> smb3: fix typo in mount options displayed in /proc/mounts Namjae Jeon <namjae.jeon(a)samsung.com> smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl Steve French <stfrench(a)microsoft.com> smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K Ard Biesheuvel <ardb(a)kernel.org> efi/efivars: Add missing kobject_put() in sysfs entry creation error path Jens Axboe <axboe(a)kernel.dk> io_uring: allow O_NONBLOCK async retry Denis Efremov <efremov(a)linux.com> io_uring: use kvfree() in io_sqe_buffer_register() Jens Axboe <axboe(a)kernel.dk> io_uring: re-set iov base/len for buffer select retry Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix flush req->refs underflow Pavel Dobias <dobias(a)2n.cz> ASoC: max9867: fix volume controls Dan Murphy <dmurphy(a)ti.com> ASoC: tlv320adcx140: Fix mic gain registers Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/ptdump: Properly handle non standard page size Eiichi Tsukata <eiichi.tsukata(a)nutanix.com> KVM: x86: Fix APIC page invalidation race Felipe Franciosi <felipe(a)nutanix.com> KVM: x86: respect singlestep when emulating instruction Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated Maxim Levitsky <mlevitsk(a)redhat.com> KVM: VMX: enable X86_FEATURE_WAITPKG in KVM capabilities Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: allow KVM_STATE_NESTED_MTF_PENDING in kvm_state flags Maxim Levitsky <mlevitsk(a)redhat.com> KVM: x86: don't expose MSR_IA32_UMWAIT_CONTROL unconditionally Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Add more available bits for OFFCORE_RESPONSE of Intel Tremont Thomas Gleixner <tglx(a)linutronix.de> x86/vdso: Unbreak paravirt VDSO clocks Hill Ma <maahiuzeon(a)gmail.com> x86/reboot/quirks: Add MacBook6,1 reboot quirk Anthony Steinhauser <asteinhauser(a)google.com> x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. Anthony Steinhauser <asteinhauser(a)google.com> x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. Anthony Steinhauser <asteinhauser(a)google.com> x86/speculation: Prevent rogue cross-process SSBD shutdown Xiaochun Lee <lixc17(a)lenovo.com> x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs Steven Price <steven.price(a)arm.com> x86: mm: ptdump: calculate effective permissions correctly Bob Haarman <inglorion(a)google.com> x86_64: Fix jiffies ODR violation Vlastimil Babka <vbabka(a)suse.cz> usercopy: mark dma-kmalloc caches as usercopy caches Miklos Szeredi <mszeredi(a)redhat.com> aio: fix async fsync creds Bjorn Helgaas <bhelgaas(a)google.com> PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: only do L1TF workaround on affected processors Daniel Jordan <daniel.m.jordan(a)oracle.com> padata: add separate cpuhp node for CPUHP_PADATA_DEAD Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated Kim Phillips <kim.phillips(a)amd.com> x86/cpu/amd: Make erratum #1054 a legacy erratum Petr Tesarik <ptesarik(a)suse.com> s390/pci: Log new handle in clp_disable_fh() Arnd Bergmann <arnd(a)arndb.de> smack: avoid unused 'sip' variable warning Masashi Honma <masashi.honma(a)gmail.com> ath9k_htc: Silence undersized packet warnings Sasha Levin <sashal(a)kernel.org> spi: dw: Fix native CS being unset Cédric Le Goater <clg(a)kaod.org> powerpc/xive: Clear the page tables for the ESB IO mapping Amir Goldstein <amir73il(a)gmail.com> fanotify: fix ignore mask logic for events on child and on dir Saravana Kannan <saravanak(a)google.com> driver core: Update device link status correctly for SYNC_STATE_ONLY links Masami Hiramatsu <mhiramat(a)kernel.org> perf probe: Accept the instance number of kretprobe event Waiman Long <longman(a)redhat.com> mm: add kvfree_sensitive() for freeing sensitive data objects Vlad Buslov <vladbu(a)mellanox.com> selftests: fix flower parent qdisc Jérôme Pouiller <jerome.pouiller(a)silabs.com> staging: wfx: fix double free Sergio Paracuellos <sergio.paracuellos(a)gmail.com> staging: mt7621-pci: properly power off dual-ported pcie phy Nick Desaulniers <ndesaulniers(a)google.com> elfnote: mark all .note sections SHF_ALLOC Tuong Lien <tuong.t.lien(a)dektech.com.au> tipc: fix NULL pointer dereference in streaming Michal Vokáč <michal.vokac(a)ysoft.com> net: dsa: qca8k: Fix "Unexpected gfp" kernel exception Cong Wang <xiyou.wangcong(a)gmail.com> genetlink: fix memory leaks in genl_family_rcv_msg_dumpit() Geliang Tang <geliangtang(a)gmail.com> mptcp: bugfix for RM_ADDR option parsing Sameeh Jubran <sameehj(a)amazon.com> net: ena: xdp: update napi budget for DROP and ABORTED Sameeh Jubran <sameehj(a)amazon.com> net: ena: xdp: XDP_TX: fix memory leak Ido Schimmel <idosch(a)mellanox.com> vxlan: Avoid infinite loop when suppressing NS messages with invalid options Ido Schimmel <idosch(a)mellanox.com> bridge: Avoid infinite loop when suppressing NS messages with invalid options Willem de Bruijn <willemb(a)google.com> tun: correct header offsets in napi frags mode Vasily Averin <vvs(a)virtuozzo.com> net_failover: fixed rollback in net_failover_open() Vadim Pasternak <vadimp(a)mellanox.com> mlxsw: core: Use different get_trend() callbacks for different thermal zones Hangbin Liu <liuhangbin(a)gmail.com> ipv6: fix IPV6_ADDRFORM operation logic ------------- Diffstat: Documentation/lzo.txt | 8 +- Makefile | 4 +- arch/arm/boot/dts/at91-sama5d2_ptc_ek.dts | 2 - arch/arm64/include/asm/acpi.h | 5 +- arch/arm64/include/asm/kvm_emulate.h | 6 -- arch/arm64/include/asm/kvm_host.h | 6 +- arch/arm64/kvm/handle_exit.c | 19 +---- arch/arm64/kvm/sys_regs.c | 10 ++- arch/mips/include/asm/kvm_host.h | 6 +- arch/powerpc/mm/ptdump/ptdump.c | 21 ++--- arch/powerpc/sysdev/xive/common.c | 5 ++ arch/s390/pci/pci_clp.c | 3 +- arch/x86/events/intel/core.c | 4 +- arch/x86/include/asm/set_memory.h | 19 +++-- arch/x86/include/asm/vdso/gettimeofday.h | 18 +++++ arch/x86/kernel/cpu/amd.c | 3 +- arch/x86/kernel/cpu/bugs.c | 92 ++++++++++++--------- arch/x86/kernel/cpu/mce/core.c | 11 ++- arch/x86/kernel/process.c | 28 +++---- arch/x86/kernel/reboot.c | 8 ++ arch/x86/kernel/time.c | 4 - arch/x86/kernel/vmlinux.lds.S | 4 +- arch/x86/kvm/mmu/mmu.c | 46 +++++------ arch/x86/kvm/svm/nested.c | 6 +- arch/x86/kvm/vmx/nested.c | 4 +- arch/x86/kvm/vmx/vmx.c | 21 ++++- arch/x86/kvm/vmx/vmx.h | 3 +- arch/x86/kvm/x86.c | 15 ++-- arch/x86/mm/dump_pagetables.c | 33 +++++--- arch/x86/pci/fixup.c | 4 + crypto/algapi.c | 2 +- crypto/drbg.c | 4 +- drivers/acpi/cppc_acpi.c | 1 + drivers/acpi/device_pm.c | 2 +- drivers/acpi/evged.c | 22 ++++- drivers/acpi/scan.c | 28 ++++--- drivers/acpi/sysfs.c | 4 +- drivers/base/core.c | 34 ++++++-- drivers/block/floppy.c | 10 +-- drivers/char/agp/intel-gtt.c | 4 +- drivers/clk/clk.c | 6 +- drivers/cpufreq/cpufreq.c | 11 +-- drivers/crypto/cavium/nitrox/nitrox_main.c | 4 +- drivers/crypto/virtio/virtio_crypto_algs.c | 21 +++-- drivers/edac/i10nm_base.c | 2 +- drivers/edac/skx_base.c | 20 ++--- drivers/edac/skx_common.c | 6 +- drivers/edac/skx_common.h | 2 +- drivers/firmware/efi/efivars.c | 4 +- drivers/firmware/imx/imx-scu.c | 62 ++++++++++---- drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 8 ++ drivers/gpu/drm/vkms/vkms_drv.h | 5 -- drivers/gpu/drm/vkms/vkms_gem.c | 11 +-- drivers/infiniband/core/uverbs_main.c | 2 + .../media/common/videobuf2/videobuf2-dma-contig.c | 20 +---- drivers/mmc/core/sdio.c | 61 +++++++------- drivers/mmc/host/mmci_stm32_sdmmc.c | 3 + drivers/mmc/host/sdhci-msm.c | 6 ++ drivers/mmc/host/sdhci-of-at91.c | 7 +- drivers/mmc/host/tmio_mmc_core.c | 6 +- drivers/mmc/host/uniphier-sd.c | 12 +-- drivers/net/dsa/qca8k.c | 3 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +-- drivers/net/ethernet/cadence/macb_main.c | 14 ++-- drivers/net/ethernet/marvell/mvneta.c | 13 +++ drivers/net/ethernet/mellanox/mlx5/core/devlink.c | 2 - drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 16 ++-- .../net/ethernet/mellanox/mlx5/core/en/xsk/setup.c | 4 + drivers/net/ethernet/mellanox/mlx5/core/health.c | 14 +++- drivers/net/ethernet/mellanox/mlx5/core/main.c | 7 ++ drivers/net/ethernet/mellanox/mlxsw/core_thermal.c | 23 +++++- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +- drivers/net/ethernet/ti/cpsw_ale.c | 49 ++++++++--- drivers/net/net_failover.c | 3 +- drivers/net/tun.c | 14 +++- drivers/net/vxlan.c | 4 + drivers/net/wireless/ath/ath9k/hif_usb.c | 58 ++++++++++--- drivers/net/wireless/ath/ath9k/hif_usb.h | 6 ++ drivers/net/wireless/ath/ath9k/htc_drv_init.c | 10 ++- drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 6 +- drivers/net/wireless/ath/ath9k/htc_hst.c | 6 +- drivers/net/wireless/ath/ath9k/wmi.c | 6 +- drivers/net/wireless/ath/ath9k/wmi.h | 3 +- drivers/pci/pci.c | 4 +- drivers/platform/x86/sony-laptop.c | 60 +++++++------- drivers/remoteproc/remoteproc_core.c | 2 +- drivers/remoteproc/remoteproc_virtio.c | 12 +++ drivers/scsi/lpfc/lpfc_ct.c | 1 - drivers/scsi/megaraid/megaraid_sas.h | 4 +- drivers/scsi/megaraid/megaraid_sas_fusion.c | 7 +- drivers/scsi/megaraid/megaraid_sas_fusion.h | 6 +- drivers/spi/spi-bcm-qspi.c | 20 +++-- drivers/spi/spi-bcm2835.c | 4 +- drivers/spi/spi-bcm2835aux.c | 4 +- drivers/spi/spi-dw.c | 14 +++- drivers/spi/spi-pxa2xx.c | 5 +- drivers/spi/spi.c | 3 +- drivers/staging/mt7621-pci/pci-mt7621.c | 12 ++- drivers/staging/wfx/main.c | 1 - drivers/tty/serial/amba-pl011.c | 1 + drivers/tty/serial/imx.c | 3 + drivers/video/fbdev/vt8500lcdfb.c | 1 + drivers/video/fbdev/w100fb.c | 2 + drivers/watchdog/imx_sc_wdt.c | 5 ++ drivers/xen/pvcalls-back.c | 3 +- fs/aio.c | 8 ++ fs/cifs/cifsfs.c | 2 +- fs/cifs/smb2pdu.c | 4 +- fs/exfat/file.c | 8 +- fs/exfat/super.c | 12 ++- fs/fat/inode.c | 6 ++ fs/io_uring.c | 24 ++++-- fs/nilfs2/segment.c | 2 + fs/notify/fanotify/fanotify.c | 5 +- fs/overlayfs/copy_up.c | 2 +- fs/overlayfs/overlayfs.h | 3 + fs/proc/inode.c | 2 +- fs/proc/self.c | 2 +- fs/proc/thread_self.c | 2 +- include/linux/elfnote.h | 2 +- include/linux/kvm_host.h | 4 +- include/linux/mm.h | 1 + include/linux/padata.h | 6 +- include/linux/ptdump.h | 1 + include/linux/set_memory.h | 2 +- include/media/videobuf2-dma-contig.h | 2 +- include/net/inet_hashtables.h | 6 ++ kernel/events/core.c | 23 +++--- kernel/padata.c | 14 ++-- lib/bitmap.c | 9 ++- lib/lzo/lzo1x_compress.c | 13 +++ mm/gup.c | 44 ++++++++-- mm/huge_memory.c | 7 +- mm/ptdump.c | 17 +++- mm/slab_common.c | 3 +- mm/slub.c | 4 +- mm/util.c | 18 +++++ net/bridge/br_arp_nd_proxy.c | 4 + net/dccp/proto.c | 7 +- net/ipv6/ipv6_sockglue.c | 13 +-- net/mptcp/options.c | 2 + net/mptcp/protocol.c | 45 ++++++----- net/mptcp/subflow.c | 1 + net/netlink/genetlink.c | 94 +++++++++++++--------- net/sched/sch_generic.c | 1 + net/tipc/msg.c | 4 +- security/keys/internal.h | 11 --- security/keys/keyctl.c | 16 ++-- security/smack/smack.h | 6 -- security/smack/smack_lsm.c | 25 ++---- security/smack/smackfs.c | 10 +++ sound/core/pcm_native.c | 20 ++++- sound/firewire/fireface/ff-protocol-latter.c | 12 +-- sound/firewire/fireface/ff-stream.c | 10 +-- sound/isa/es1688/es1688.c | 4 +- sound/pci/hda/hda_intel.c | 3 + sound/pci/hda/patch_realtek.c | 6 ++ sound/soc/codecs/max9867.c | 4 +- sound/soc/codecs/tlv320adcx140.c | 6 +- sound/usb/card.c | 19 +++-- sound/usb/quirks-table.h | 20 +++++ sound/usb/usbaudio.h | 2 +- tools/perf/util/probe-event.c | 3 +- .../ftrace/test.d/ftrace/tracing-error-log.tc | 2 + tools/testing/selftests/net/rxtimestamp.c | 1 + .../tc-testing/tc-tests/filters/tests.json | 6 +- tools/testing/selftests/tc-testing/tdc_batch.py | 6 +- virt/kvm/arm/aarch32.c | 28 +++++++ virt/kvm/arm/arm.c | 18 ++++- virt/kvm/kvm_main.c | 26 +++--- 171 files changed, 1270 insertions(+), 682 deletions(-)

5 years, 4 months

4
6
0 0

[PATCHES] Networking

by David Miller

Please queue up the following networking bug fixes for v5.6 and v5.7 -stable, respectively. Thanks!

5 years, 4 months

2
2
0 0

Linux 5.6.19

by Greg Kroah-Hartman

Note, this is the LAST 5.6.y release to be made, please move to the 5.7.y tree at this time. It is now end-of-life. --------- I'm announcing the release of the 5.6.19 kernel. All users of the 5.6 kernel series must upgrade. The updated 5.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/lzo.txt | 8 Makefile | 2 arch/arm/boot/dts/at91-sama5d2_ptc_ek.dts | 2 arch/arm/include/asm/kvm_emulate.h | 3 arch/arm/include/asm/kvm_host.h | 2 arch/arm/kernel/ptrace.c | 4 arch/arm64/include/asm/acpi.h | 5 arch/arm64/include/asm/kvm_emulate.h | 6 arch/arm64/include/asm/kvm_host.h | 8 arch/arm64/kvm/handle_exit.c | 19 -- arch/arm64/kvm/sys_regs.c | 10 - arch/csky/abiv2/inc/abi/entry.h | 2 arch/csky/kernel/entry.S | 6 arch/mips/include/asm/kvm_host.h | 6 arch/powerpc/kernel/vmlinux.lds.S | 6 arch/powerpc/mm/ptdump/ptdump.c | 21 +- arch/powerpc/sysdev/xive/common.c | 5 arch/s390/pci/pci_clp.c | 3 arch/x86/events/intel/core.c | 4 arch/x86/include/asm/set_memory.h | 19 +- arch/x86/kernel/cpu/amd.c | 3 arch/x86/kernel/cpu/bugs.c | 92 +++++---- arch/x86/kernel/cpu/mce/core.c | 11 - arch/x86/kernel/process.c | 28 +- arch/x86/kernel/reboot.c | 8 arch/x86/kernel/time.c | 4 arch/x86/kernel/vmlinux.lds.S | 4 arch/x86/kvm/mmu/mmu.c | 46 ++-- arch/x86/kvm/svm.c | 6 arch/x86/kvm/vmx/nested.c | 4 arch/x86/kvm/vmx/vmx.c | 18 + arch/x86/kvm/vmx/vmx.h | 3 arch/x86/kvm/x86.c | 11 - arch/x86/mm/dump_pagetables.c | 33 ++- arch/x86/pci/fixup.c | 4 crypto/algapi.c | 2 crypto/drbg.c | 4 drivers/acpi/cppc_acpi.c | 1 drivers/acpi/device_pm.c | 2 drivers/acpi/evged.c | 22 ++ drivers/acpi/scan.c | 28 ++ drivers/acpi/sysfs.c | 4 drivers/base/core.c | 34 ++- drivers/block/floppy.c | 10 - drivers/char/agp/intel-gtt.c | 4 drivers/clk/clk.c | 6 drivers/cpufreq/cpufreq.c | 11 - drivers/crypto/cavium/nitrox/nitrox_main.c | 4 drivers/crypto/virtio/virtio_crypto_algs.c | 21 +- drivers/edac/i10nm_base.c | 2 drivers/edac/skx_base.c | 20 -- drivers/edac/skx_common.c | 6 drivers/edac/skx_common.h | 2 drivers/firmware/efi/efivars.c | 4 drivers/firmware/imx/imx-scu.c | 62 +++++- drivers/gpu/drm/amd/display/dc/core/dc.c | 23 ++ drivers/gpu/drm/amd/display/dc/dc.h | 1 drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 8 drivers/gpu/drm/vkms/vkms_drv.h | 5 drivers/gpu/drm/vkms/vkms_gem.c | 11 - drivers/infiniband/core/uverbs_main.c | 2 drivers/input/misc/axp20x-pek.c | 72 +++---- drivers/input/mouse/synaptics.c | 1 drivers/input/touchscreen/mms114.c | 12 - drivers/media/common/videobuf2/videobuf2-dma-contig.c | 20 -- drivers/mmc/core/sdio.c | 61 ++---- drivers/mmc/host/mmci_stm32_sdmmc.c | 3 drivers/mmc/host/sdhci-msm.c | 6 drivers/mmc/host/sdhci-of-at91.c | 7 drivers/mmc/host/tmio_mmc_core.c | 6 drivers/mmc/host/uniphier-sd.c | 12 - drivers/net/dsa/qca8k.c | 3 drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 - drivers/net/ethernet/cadence/macb_main.c | 14 - drivers/net/ethernet/ibm/ibmvnic.c | 8 drivers/net/ethernet/marvell/mvneta.c | 13 + drivers/net/ethernet/mellanox/mlx5/core/devlink.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/xsk/setup.c | 4 drivers/net/ethernet/mellanox/mlx5/core/health.c | 14 + drivers/net/ethernet/mellanox/mlx5/core/main.c | 7 drivers/net/ethernet/mellanox/mlxsw/core_thermal.c | 23 ++ drivers/net/net_failover.c | 3 drivers/net/tun.c | 14 + drivers/net/vxlan.c | 4 drivers/net/wireless/ath/ath9k/hif_usb.c | 58 ++++-- drivers/net/wireless/ath/ath9k/hif_usb.h | 6 drivers/net/wireless/ath/ath9k/htc_drv_init.c | 10 - drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 6 drivers/net/wireless/ath/ath9k/htc_hst.c | 6 drivers/net/wireless/ath/ath9k/wmi.c | 6 drivers/net/wireless/ath/ath9k/wmi.h | 3 drivers/pci/pci.c | 4 drivers/platform/x86/sony-laptop.c | 60 +++--- drivers/remoteproc/remoteproc_core.c | 2 drivers/remoteproc/remoteproc_virtio.c | 12 + drivers/scsi/lpfc/lpfc_ct.c | 1 drivers/scsi/megaraid/megaraid_sas.h | 4 drivers/scsi/megaraid/megaraid_sas_fusion.c | 7 drivers/scsi/megaraid/megaraid_sas_fusion.h | 6 drivers/spi/spi-bcm-qspi.c | 20 -- drivers/spi/spi-bcm2835.c | 4 drivers/spi/spi-bcm2835aux.c | 4 drivers/spi/spi-dw.c | 14 + drivers/spi/spi-pxa2xx.c | 5 drivers/spi/spi.c | 3 drivers/staging/mt7621-pci/pci-mt7621.c | 12 + drivers/staging/wfx/main.c | 1 drivers/target/iscsi/iscsi_target.c | 79 ++------ drivers/target/iscsi/iscsi_target.h | 1 drivers/target/iscsi/iscsi_target_configfs.c | 5 drivers/target/iscsi/iscsi_target_login.c | 5 drivers/video/fbdev/vt8500lcdfb.c | 1 drivers/video/fbdev/w100fb.c | 2 drivers/watchdog/imx_sc_wdt.c | 5 drivers/xen/pvcalls-back.c | 3 fs/aio.c | 8 fs/cifs/cifsfs.c | 2 fs/cifs/smb2pdu.c | 4 fs/fat/inode.c | 6 fs/gfs2/lops.c | 15 - fs/io_uring.c | 15 - fs/nilfs2/segment.c | 2 fs/notify/fanotify/fanotify.c | 5 fs/overlayfs/copy_up.c | 2 fs/overlayfs/overlayfs.h | 3 fs/proc/inode.c | 2 fs/proc/self.c | 2 fs/proc/thread_self.c | 2 include/asm-generic/vmlinux.lds.h | 15 + include/linux/elfnote.h | 2 include/linux/kvm_host.h | 4 include/linux/mm.h | 1 include/linux/padata.h | 6 include/linux/ptdump.h | 1 include/linux/set_memory.h | 2 include/media/videobuf2-dma-contig.h | 2 include/net/inet_hashtables.h | 6 include/target/iscsi/iscsi_target_core.h | 2 kernel/bpf/btf.c | 9 kernel/bpf/sysfs_btf.c | 11 - kernel/events/core.c | 23 +- kernel/padata.c | 14 - kernel/sched/fair.c | 2 lib/bitmap.c | 9 lib/lzo/lzo1x_compress.c | 13 + mm/gup.c | 44 ++++ mm/huge_memory.c | 7 mm/ptdump.c | 17 + mm/slab_common.c | 3 mm/slub.c | 4 mm/util.c | 18 + net/bridge/br_arp_nd_proxy.c | 4 net/dccp/proto.c | 7 net/ipv6/ipv6_sockglue.c | 13 - net/netlink/genetlink.c | 94 ++++++---- net/tipc/msg.c | 4 scripts/link-vmlinux.sh | 24 +- security/keys/internal.h | 11 - security/keys/keyctl.c | 16 - security/smack/smack.h | 6 security/smack/smack_lsm.c | 25 -- security/smack/smackfs.c | 10 + sound/core/pcm_native.c | 20 +- sound/firewire/fireface/ff-protocol-latter.c | 12 - sound/firewire/fireface/ff-stream.c | 10 - sound/isa/es1688/es1688.c | 4 sound/pci/hda/hda_intel.c | 3 sound/pci/hda/patch_realtek.c | 6 sound/soc/codecs/max9867.c | 4 sound/usb/card.c | 19 +- sound/usb/quirks-table.h | 20 ++ sound/usb/usbaudio.h | 2 tools/perf/util/probe-event.c | 3 tools/testing/selftests/ftrace/test.d/ftrace/tracing-error-log.tc | 2 tools/testing/selftests/networking/timestamping/rxtimestamp.c | 1 tools/testing/selftests/tc-testing/tc-tests/filters/tests.json | 6 tools/testing/selftests/tc-testing/tdc_batch.py | 6 virt/kvm/arm/aarch32.c | 28 ++ virt/kvm/arm/arm.c | 22 ++ virt/kvm/kvm_main.c | 26 +- 180 files changed, 1291 insertions(+), 789 deletions(-) Alexander Gordeev (1): lib: fix bitmap_parse() on 64-bit big endian archs Amir Goldstein (2): fanotify: fix ignore mask logic for events on child and on dir ovl: fix out of bounds access warning in ovl_check_fb_len() Andreas Gruenbacher (1): gfs2: Even more gfs2_find_jhead fixes Anthony Steinhauser (3): x86/speculation: Prevent rogue cross-process SSBD shutdown x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. Ard Biesheuvel (2): efi/efivars: Add missing kobject_put() in sysfs entry creation error path ACPI: GED: add support for _Exx / _Lxx handler methods Arnd Bergmann (1): smack: avoid unused 'sip' variable warning Barret Rhoden (1): perf: Add cond_resched() to task_function_call() Bjorn Helgaas (1): PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay Bob Haarman (1): x86_64: Fix jiffies ODR violation Casey Schaufler (1): Smack: slab-out-of-bounds in vsscanf Charles Keepax (1): net: macb: Only disable NAPI on the actual error path Chris Wilson (1): agp/intel: Reinforce the barrier after GTT updates Christophe JAILLET (2): crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated video: fbdev: w100fb: Fix a potential double free. Christophe Leroy (1): powerpc/ptdump: Properly handle non standard page size Chuhong Yuan (1): ALSA: es1688: Add the missed snd_card_free() Cong Wang (1): genetlink: fix memory leaks in genl_family_rcv_msg_dumpit() Corentin Labbe (1): net: cadence: macb: disable NAPI on error Cédric Le Goater (1): powerpc/xive: Clear the page tables for the ESB IO mapping Daniel Jordan (1): padata: add separate cpuhp node for CPUHP_PADATA_DEAD Dave Rodgman (1): lib/lzo: fix ambiguous encoding bug in lzo-rle Denis Efremov (1): io_uring: use kvfree() in io_sqe_buffer_register() Dennis Kadioglu (1): Input: synaptics - add a second working PNP_ID for Lenovo T470s Dick Kennedy (1): scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type Eiichi Tsukata (1): KVM: x86: Fix APIC page invalidation race Eric Biggers (1): crypto: algapi - Avoid spurious modprobe on LOADED Eric W. Biederman (1): proc: Use new_inode not new_inode_pseudo Eugen Hristev (1): mmc: sdhci-of-at91: fix CALCR register being rewritten Ezequiel Garcia (1): drm/vkms: Hold gem object while still in-use Fabio Estevam (1): watchdog: imx_sc_wdt: Fix reboot on crash Fangrui Song (1): bpf: Support llvm-objcopy for vmlinux BTF Felipe Franciosi (1): KVM: x86: respect singlestep when emulating instruction Florian Fainelli (1): spi: bcm-qspi: Handle clock probe deferral Franck LENORMAND (1): firmware: imx: scu: Fix corruption of header Fredrik Strupe (1): ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook Greg Kroah-Hartman (1): Linux 5.6.19 Guo Ren (1): csky: Fixup abiv2 syscall_trace break a4 & a5 Hangbin Liu (1): ipv6: fix IPV6_ADDRFORM operation logic Hans de Goede (1): Input: axp20x-pek - always register interrupt handlers Hersen Wu (1): ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up Hill Ma (1): x86/reboot/quirks: Add MacBook6,1 reboot quirk Hui Wang (1): ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines Ido Schimmel (2): bridge: Avoid infinite loop when suppressing NS messages with invalid options vxlan: Avoid infinite loop when suppressing NS messages with invalid options James Morse (1): KVM: arm64: Stop writing aarch32's CSSELR into ACTLR Jason Gunthorpe (1): RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated Jens Axboe (1): sched/fair: Don't NUMA balance for kthreads Jiri Kosina (1): block/floppy: fix contended case in floppy_queue_rq() Joseph Gravenor (1): drm/amd/display: remove invalid dc_is_hw_initialized function Juergen Gross (1): xen/pvcalls-back: test for errors when calling backend_connect() Justin Chen (1): spi: bcm-qspi: when tx/rx buffer is NULL set to 0 Jérôme Pouiller (1): staging: wfx: fix double free Kai-Heng Feng (1): ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock Kan Liang (1): perf/x86/intel: Add more available bits for OFFCORE_RESPONSE of Intel Tremont Kim Phillips (1): x86/cpu/amd: Make erratum #1054 a legacy erratum Linus Torvalds (1): gup: document and work around "COW can break either way" issue Longpeng(Mike) (3): crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() Lorenzo Bianconi (1): net: mvneta: do not redirect frames during reconfiguration Ludovic Barre (1): mmc: mmci_sdmmc: fix DMA API warning overlapping mappings Ludovic Desroches (1): ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description Lukas Wunner (6): spi: dw: Fix controller unregister order spi: Fix controller unregister order spi: pxa2xx: Fix controller unregister order spi: pxa2xx: Fix runtime PM ref imbalance on probe error spi: bcm2835: Fix controller unregister order spi: bcm2835aux: Fix controller unregister order Marc Zyngier (3): KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception KVM: arm64: Save the host's PtrAuth keys in non-preemptible context Masahiro Yamada (1): mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe() Masami Hiramatsu (2): perf probe: Accept the instance number of kretprobe event selftests/ftrace: Return unsupported if no error_log file Masashi Honma (1): ath9k_htc: Silence undersized packet warnings Mattia Dongili (2): platform/x86: sony-laptop: SNC calls should handle BUFFER types platform/x86: sony-laptop: Make resuming thermal profile safer Maurizio Lombardi (2): scsi: target: remove boilerplate code scsi: target: fix hang when multiple threads try to destroy the same iscsi session Maxim Mikityanskiy (1): net/mlx5e: Fix repeated XSK usage on one channel Michal Vokáč (1): net: dsa: qca8k: Fix "Unexpected gfp" kernel exception Michał Mirosław (2): ALSA: pcm: disallow linking stream to itself ALSA: pcm: fix snd_pcm_link() lockdep splat Miklos Szeredi (1): aio: fix async fsync creds Namjae Jeon (1): smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl Nick Desaulniers (2): elfnote: mark all .note sections SHF_ALLOC arm64: acpi: fix UBSAN warning OGAWA Hirofumi (1): fat: don't allow to mount if the FAT length == 0 Paolo Bonzini (4): KVM: x86: only do L1TF workaround on affected processors KVM: x86: allow KVM_STATE_NESTED_MTF_PENDING in kvm_state flags KVM: nSVM: fix condition for filtering async PF KVM: nSVM: leave ASID aside in copy_vmcb_control_area Parav Pandit (1): net/mlx5: Disable reload while removing the device Pavel Begunkov (1): io_uring: fix flush req->refs underflow Pavel Dobias (1): ASoC: max9867: fix volume controls Peng Fan (1): firmware: imx-scu: Support one TX and one RX Petr Tesarik (1): s390/pci: Log new handle in clp_disable_fh() Qiujun Huang (5): ath9k: Fix use-after-free Read in htc_connect_service ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx ath9k: Fix use-after-free Write in ath9k_htc_rx_msg ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb Qiushi Wu (2): ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() Qiuxu Zhuo (1): EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable Rafael J. Wysocki (3): ACPI: PM: Avoid using power resources if there are none for D0 PM: runtime: clk: Fix clk_pm_runtime_get() error path cpufreq: Fix up cpufreq_boost_set_sw() Ryusuke Konishi (1): nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() Sam Ravnborg (1): video: vt8500lcdfb: fix fallthrough warning Sameeh Jubran (2): net: ena: xdp: XDP_TX: fix memory leak net: ena: xdp: update napi budget for DROP and ABORTED Saravana Kannan (1): driver core: Update device link status correctly for SYNC_STATE_ONLY links Sasha Levin (1): spi: dw: Fix native CS being unset Sean Christopherson (3): KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 KVM: nVMX: Consult only the "basic" exit reason when routing nested exit Sergio Paracuellos (1): staging: mt7621-pci: properly power off dual-ported pcie phy Shay Drory (2): net/mlx5: drain health workqueue in case of driver load error net/mlx5: Fix fatal error handling during device load Shivasharan S (1): scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro Stephan Gerhold (1): Input: mms114 - fix handling of mms345l Steve French (2): smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K smb3: fix typo in mount options displayed in /proc/mounts Steven Price (1): x86: mm: ptdump: calculate effective permissions correctly Suman Anna (1): remoteproc: Fix and restore the parenting hierarchy for vdev Sumit Saxena (1): scsi: megaraid_sas: TM command refire leads to controller firmware crash Takashi Iwai (1): ALSA: usb-audio: Fix inconsistent card PM state after resume Takashi Sakamoto (2): ALSA: fireface: fix configuration error for nominal sampling transfer frequency ALSA: fireface: start IR context immediately Tero Kristo (1): remoteproc: Fall back to using parent memory pool if no dedicated available Thomas Falcon (1): drivers/net/ibmvnic: Update VNIC protocol version reporting Tomi Valkeinen (1): media: videobuf2-dma-contig: fix bad kfree in vb2_dma_contig_clear_max_seg_size Tony Luck (1): x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned Tuong Lien (1): tipc: fix NULL pointer dereference in streaming Ulf Hansson (3): mmc: tmio: Further fixup runtime PM management at remove mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() mmc: sdio: Fix several potential memory leaks in mmc_sdio_init_card() Vadim Pasternak (1): mlxsw: core: Use different get_trend() callbacks for different thermal zones Vasily Averin (1): net_failover: fixed rollback in net_failover_open() Veerabhadrarao Badiganti (1): mmc: sdhci-msm: Clear tuning done flag while hs400 tuning Vlad Buslov (1): selftests: fix flower parent qdisc Vlastimil Babka (1): usercopy: mark dma-kmalloc caches as usercopy caches Waiman Long (1): mm: add kvfree_sensitive() for freeing sensitive data objects Wang Hai (2): dccp: Fix possible memleak in dccp_init and dccp_fini mm/slub: fix a memory leak in sysfs_slab_add() Wei Yongjun (1): crypto: drbg - fix error return code in drbg_alloc_state() Willem de Bruijn (1): tun: correct header offsets in napi frags mode Xiaochun Lee (1): x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs Xiaoguang Wang (1): io_uring: fix mismatched finish_wait() calls in io_uring_cancel_files() Xing Li (2): KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data) KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits Yongqiang Sun (1): drm/amd/display: Not doing optimize bandwidth if flip pending. Yuxuan Shui (1): ovl: initialize error in ovl_copy_xattr tannerlove (1): selftests/net: in rxtimestamp getopt_long needs terminating null entry

5 years, 4 months

1
1
0 0

Linux 5.4.47

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.47 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/lzo.txt | 8 Makefile | 2 arch/arm/boot/dts/at91-sama5d2_ptc_ek.dts | 2 arch/arm/include/asm/kvm_emulate.h | 3 arch/arm/include/asm/kvm_host.h | 2 arch/arm/kernel/ptrace.c | 4 arch/arm64/include/asm/acpi.h | 5 arch/arm64/include/asm/kvm_emulate.h | 6 arch/arm64/include/asm/kvm_host.h | 8 arch/arm64/kvm/handle_exit.c | 19 -- arch/arm64/kvm/sys_regs.c | 10 - arch/csky/abiv2/inc/abi/entry.h | 2 arch/csky/kernel/entry.S | 6 arch/mips/include/asm/kvm_host.h | 6 arch/powerpc/kernel/vmlinux.lds.S | 6 arch/powerpc/mm/ptdump/ptdump.c | 21 +- arch/powerpc/sysdev/xive/common.c | 5 arch/s390/pci/pci_clp.c | 3 arch/x86/events/intel/core.c | 4 arch/x86/include/asm/set_memory.h | 19 +- arch/x86/kernel/cpu/amd.c | 3 arch/x86/kernel/cpu/bugs.c | 92 +++++----- arch/x86/kernel/cpu/mce/core.c | 11 - arch/x86/kernel/process.c | 28 +-- arch/x86/kernel/reboot.c | 8 arch/x86/kernel/time.c | 4 arch/x86/kernel/vmlinux.lds.S | 4 arch/x86/kvm/mmu.c | 46 ++--- arch/x86/kvm/svm.c | 6 arch/x86/kvm/vmx/nested.c | 4 arch/x86/kvm/vmx/vmx.c | 18 + arch/x86/kvm/vmx/vmx.h | 3 arch/x86/kvm/x86.c | 9 arch/x86/pci/fixup.c | 4 crypto/algapi.c | 2 crypto/drbg.c | 4 drivers/acpi/cppc_acpi.c | 1 drivers/acpi/device_pm.c | 2 drivers/acpi/evged.c | 22 ++ drivers/acpi/scan.c | 28 ++- drivers/acpi/sysfs.c | 4 drivers/block/floppy.c | 10 - drivers/char/agp/intel-gtt.c | 4 drivers/clk/clk.c | 6 drivers/cpufreq/cpufreq.c | 11 - drivers/crypto/cavium/nitrox/nitrox_main.c | 4 drivers/crypto/virtio/virtio_crypto_algs.c | 21 +- drivers/edac/i10nm_base.c | 2 drivers/edac/skx_base.c | 20 -- drivers/edac/skx_common.c | 6 drivers/edac/skx_common.h | 2 drivers/firmware/efi/efivars.c | 4 drivers/firmware/imx/imx-scu.c | 72 ++++++- drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 8 drivers/gpu/drm/vkms/vkms_drv.h | 5 drivers/gpu/drm/vkms/vkms_gem.c | 11 - drivers/infiniband/core/uverbs_main.c | 2 drivers/input/mouse/synaptics.c | 1 drivers/input/touchscreen/mms114.c | 12 - drivers/mmc/core/sdio.c | 61 +++--- drivers/mmc/host/mmci_stm32_sdmmc.c | 3 drivers/mmc/host/sdhci-msm.c | 6 drivers/mmc/host/tmio_mmc_core.c | 6 drivers/mmc/host/uniphier-sd.c | 12 - drivers/net/ethernet/ibm/ibmvnic.c | 8 drivers/net/ethernet/mellanox/mlx5/core/en/xsk/setup.c | 4 drivers/net/ethernet/mellanox/mlx5/core/health.c | 14 + drivers/net/ethernet/mellanox/mlx5/core/main.c | 5 drivers/net/ethernet/mellanox/mlxsw/core_thermal.c | 23 ++ drivers/net/net_failover.c | 3 drivers/net/tun.c | 14 + drivers/net/vxlan.c | 4 drivers/net/wireless/ath/ath9k/hif_usb.c | 58 ++++-- drivers/net/wireless/ath/ath9k/hif_usb.h | 6 drivers/net/wireless/ath/ath9k/htc_drv_init.c | 10 - drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 6 drivers/net/wireless/ath/ath9k/htc_hst.c | 6 drivers/net/wireless/ath/ath9k/wmi.c | 6 drivers/net/wireless/ath/ath9k/wmi.h | 3 drivers/net/wireless/intel/iwlwifi/mvm/nvm.c | 2 drivers/pci/pci.c | 4 drivers/remoteproc/remoteproc_core.c | 2 drivers/remoteproc/remoteproc_virtio.c | 12 + drivers/scsi/lpfc/lpfc_ct.c | 1 drivers/scsi/megaraid/megaraid_sas_fusion.c | 7 drivers/spi/spi-bcm-qspi.c | 20 -- drivers/spi/spi-bcm2835.c | 4 drivers/spi/spi-bcm2835aux.c | 4 drivers/spi/spi-dw.c | 14 + drivers/spi/spi-pxa2xx.c | 5 drivers/spi/spi.c | 3 drivers/video/fbdev/vt8500lcdfb.c | 1 drivers/video/fbdev/w100fb.c | 2 drivers/watchdog/imx_sc_wdt.c | 5 drivers/xen/pvcalls-back.c | 3 fs/aio.c | 8 fs/cifs/smb2pdu.c | 4 fs/fat/inode.c | 6 fs/gfs2/lops.c | 15 - fs/io_uring.c | 4 fs/nilfs2/segment.c | 2 fs/notify/fanotify/fanotify.c | 5 fs/overlayfs/copy_up.c | 2 fs/proc/inode.c | 2 fs/proc/self.c | 2 fs/proc/thread_self.c | 2 include/asm-generic/vmlinux.lds.h | 22 ++ include/linux/elfnote.h | 2 include/linux/kvm_host.h | 4 include/linux/mm.h | 1 include/linux/padata.h | 6 include/linux/set_memory.h | 2 include/net/inet_hashtables.h | 6 kernel/bpf/sysfs_btf.c | 11 - kernel/events/core.c | 23 +- kernel/padata.c | 14 - kernel/sched/fair.c | 2 lib/lzo/lzo1x_compress.c | 13 + mm/gup.c | 44 ++++ mm/huge_memory.c | 7 mm/slub.c | 4 mm/util.c | 18 + net/bridge/br_arp_nd_proxy.c | 4 net/dccp/proto.c | 7 net/ipv4/fib_trie.c | 3 net/ipv6/ipv6_sockglue.c | 13 - net/sctp/ipv6.c | 20 +- net/sctp/protocol.c | 28 ++- net/sctp/socket.c | 31 ++- scripts/link-vmlinux.sh | 24 +- security/keys/internal.h | 11 - security/keys/keyctl.c | 16 - security/smack/smack.h | 6 security/smack/smack_lsm.c | 25 -- security/smack/smackfs.c | 10 + sound/core/pcm_native.c | 20 +- sound/firewire/fireface/ff-protocol-latter.c | 12 - sound/isa/es1688/es1688.c | 4 sound/pci/hda/patch_realtek.c | 6 sound/soc/codecs/max9867.c | 4 sound/usb/card.c | 19 +- sound/usb/quirks-table.h | 20 ++ sound/usb/usbaudio.h | 2 tools/perf/util/probe-event.c | 3 tools/testing/selftests/ftrace/test.d/ftrace/tracing-error-log.tc | 2 tools/testing/selftests/networking/timestamping/rxtimestamp.c | 1 tools/testing/selftests/tc-testing/tc-tests/filters/tests.json | 6 tools/testing/selftests/tc-testing/tdc_batch.py | 6 virt/kvm/arm/aarch32.c | 28 +++ virt/kvm/arm/arm.c | 22 ++ virt/kvm/kvm_main.c | 26 +- 151 files changed, 1045 insertions(+), 557 deletions(-) Amir Goldstein (1): fanotify: fix ignore mask logic for events on child and on dir Andreas Gruenbacher (1): gfs2: Even more gfs2_find_jhead fixes Anthony Steinhauser (3): x86/speculation: Prevent rogue cross-process SSBD shutdown x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. Ard Biesheuvel (2): efi/efivars: Add missing kobject_put() in sysfs entry creation error path ACPI: GED: add support for _Exx / _Lxx handler methods Arnd Bergmann (1): smack: avoid unused 'sip' variable warning Barret Rhoden (1): perf: Add cond_resched() to task_function_call() Bjorn Helgaas (1): PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay Bob Haarman (1): x86_64: Fix jiffies ODR violation Casey Schaufler (1): Smack: slab-out-of-bounds in vsscanf Chris Wilson (1): agp/intel: Reinforce the barrier after GTT updates Christophe JAILLET (2): crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated video: fbdev: w100fb: Fix a potential double free. Christophe Leroy (1): powerpc/ptdump: Properly handle non standard page size Chuhong Yuan (1): ALSA: es1688: Add the missed snd_card_free() Cédric Le Goater (1): powerpc/xive: Clear the page tables for the ESB IO mapping Daniel Jordan (1): padata: add separate cpuhp node for CPUHP_PADATA_DEAD Dave Rodgman (1): lib/lzo: fix ambiguous encoding bug in lzo-rle Denis Efremov (1): io_uring: use kvfree() in io_sqe_buffer_register() Dennis Kadioglu (1): Input: synaptics - add a second working PNP_ID for Lenovo T470s Dick Kennedy (1): scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type Eiichi Tsukata (1): KVM: x86: Fix APIC page invalidation race Eric Biggers (1): crypto: algapi - Avoid spurious modprobe on LOADED Eric W. Biederman (1): proc: Use new_inode not new_inode_pseudo Ezequiel Garcia (1): drm/vkms: Hold gem object while still in-use Fabio Estevam (1): watchdog: imx_sc_wdt: Fix reboot on crash Fangrui Song (1): bpf: Support llvm-objcopy for vmlinux BTF Felipe Franciosi (1): KVM: x86: respect singlestep when emulating instruction Florian Fainelli (1): spi: bcm-qspi: Handle clock probe deferral Franck LENORMAND (1): firmware: imx: scu: Fix corruption of header Fredrik Strupe (1): ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook Greg Kroah-Hartman (1): Linux 5.4.47 Guo Ren (1): csky: Fixup abiv2 syscall_trace break a4 & a5 Hangbin Liu (1): ipv6: fix IPV6_ADDRFORM operation logic Hill Ma (1): x86/reboot/quirks: Add MacBook6,1 reboot quirk Hui Wang (1): ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines Ido Schimmel (2): bridge: Avoid infinite loop when suppressing NS messages with invalid options vxlan: Avoid infinite loop when suppressing NS messages with invalid options James Morse (1): KVM: arm64: Stop writing aarch32's CSSELR into ACTLR Jason Gunthorpe (1): RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated Jens Axboe (1): sched/fair: Don't NUMA balance for kthreads Jiri Kosina (1): block/floppy: fix contended case in floppy_queue_rq() Juergen Gross (1): xen/pvcalls-back: test for errors when calling backend_connect() Justin Chen (1): spi: bcm-qspi: when tx/rx buffer is NULL set to 0 Kai-Heng Feng (1): ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock Kan Liang (1): perf/x86/intel: Add more available bits for OFFCORE_RESPONSE of Intel Tremont Kim Phillips (1): x86/cpu/amd: Make erratum #1054 a legacy erratum Leonard Crestez (1): firmware: imx: warn on unexpected RX Linus Torvalds (1): gup: document and work around "COW can break either way" issue Longpeng(Mike) (3): crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() Luca Coelho (1): iwlwifi: mvm: fix NVM check for 3168 devices Ludovic Barre (1): mmc: mmci_sdmmc: fix DMA API warning overlapping mappings Ludovic Desroches (1): ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description Lukas Wunner (6): spi: dw: Fix controller unregister order spi: Fix controller unregister order spi: pxa2xx: Fix controller unregister order spi: pxa2xx: Fix runtime PM ref imbalance on probe error spi: bcm2835: Fix controller unregister order spi: bcm2835aux: Fix controller unregister order Marc Zyngier (3): KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception KVM: arm64: Save the host's PtrAuth keys in non-preemptible context Marcelo Ricardo Leitner (1): sctp: fix possibly using a bad saddr with a given dst Masahiro Yamada (1): mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe() Masami Hiramatsu (2): perf probe: Accept the instance number of kretprobe event selftests/ftrace: Return unsupported if no error_log file Masashi Honma (1): ath9k_htc: Silence undersized packet warnings Maxim Mikityanskiy (1): net/mlx5e: Fix repeated XSK usage on one channel Michał Mirosław (2): ALSA: pcm: disallow linking stream to itself ALSA: pcm: fix snd_pcm_link() lockdep splat Miklos Szeredi (1): aio: fix async fsync creds Namjae Jeon (1): smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl Nick Desaulniers (2): elfnote: mark all .note sections SHF_ALLOC arm64: acpi: fix UBSAN warning OGAWA Hirofumi (1): fat: don't allow to mount if the FAT length == 0 Paolo Bonzini (3): KVM: x86: only do L1TF workaround on affected processors KVM: nSVM: fix condition for filtering async PF KVM: nSVM: leave ASID aside in copy_vmcb_control_area Pavel Dobias (1): ASoC: max9867: fix volume controls Peng Fan (1): firmware: imx-scu: Support one TX and one RX Petr Tesarik (1): s390/pci: Log new handle in clp_disable_fh() Qian Cai (1): ipv4: fix a RCU-list lock in fib_triestat_seq_show Qiujun Huang (6): sctp: fix refcount bug in sctp_wfree ath9k: Fix use-after-free Read in htc_connect_service ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx ath9k: Fix use-after-free Write in ath9k_htc_rx_msg ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb Qiushi Wu (2): ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() Qiuxu Zhuo (1): EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable Rafael J. Wysocki (3): ACPI: PM: Avoid using power resources if there are none for D0 PM: runtime: clk: Fix clk_pm_runtime_get() error path cpufreq: Fix up cpufreq_boost_set_sw() Ryusuke Konishi (1): nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() Sam Ravnborg (1): video: vt8500lcdfb: fix fallthrough warning Sasha Levin (1): spi: dw: Fix native CS being unset Sean Christopherson (3): KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 KVM: nVMX: Consult only the "basic" exit reason when routing nested exit Shay Drory (2): net/mlx5: drain health workqueue in case of driver load error net/mlx5: Fix fatal error handling during device load Stephan Gerhold (1): Input: mms114 - fix handling of mms345l Steve French (1): smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K Suman Anna (1): remoteproc: Fix and restore the parenting hierarchy for vdev Sumit Saxena (1): scsi: megaraid_sas: TM command refire leads to controller firmware crash Takashi Iwai (1): ALSA: usb-audio: Fix inconsistent card PM state after resume Takashi Sakamoto (1): ALSA: fireface: fix configuration error for nominal sampling transfer frequency Tero Kristo (1): remoteproc: Fall back to using parent memory pool if no dedicated available Thomas Falcon (1): drivers/net/ibmvnic: Update VNIC protocol version reporting Tony Luck (1): x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned Ulf Hansson (3): mmc: tmio: Further fixup runtime PM management at remove mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() mmc: sdio: Fix several potential memory leaks in mmc_sdio_init_card() Vadim Pasternak (1): mlxsw: core: Use different get_trend() callbacks for different thermal zones Vasily Averin (1): net_failover: fixed rollback in net_failover_open() Veerabhadrarao Badiganti (1): mmc: sdhci-msm: Clear tuning done flag while hs400 tuning Vlad Buslov (1): selftests: fix flower parent qdisc Waiman Long (1): mm: add kvfree_sensitive() for freeing sensitive data objects Wang Hai (2): dccp: Fix possible memleak in dccp_init and dccp_fini mm/slub: fix a memory leak in sysfs_slab_add() Wei Yongjun (1): crypto: drbg - fix error return code in drbg_alloc_state() Willem de Bruijn (1): tun: correct header offsets in napi frags mode Xiaochun Lee (1): x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs Xing Li (2): KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data) KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits Yuxuan Shui (1): ovl: initialize error in ovl_copy_xattr tannerlove (1): selftests/net: in rxtimestamp getopt_long needs terminating null entry

5 years, 4 months

1
1
0 0

[PATCH 5.6 000/158] 5.6.19-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.6.19 release. There are 158 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 18 Jun 2020 17:25:39 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.6.19-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.6.19-rc2 Marc Zyngier <maz(a)kernel.org> KVM: arm64: Save the host's PtrAuth keys in non-preemptible context Marc Zyngier <maz(a)kernel.org> KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception Mattia Dongili <malattia(a)linux.it> platform/x86: sony-laptop: Make resuming thermal profile safer Mattia Dongili <malattia(a)linux.it> platform/x86: sony-laptop: SNC calls should handle BUFFER types Juergen Gross <jgross(a)suse.com> xen/pvcalls-back: test for errors when calling backend_connect() Jiri Kosina <jkosina(a)suse.cz> block/floppy: fix contended case in floppy_queue_rq() Ulf Hansson <ulf.hansson(a)linaro.org> mmc: sdio: Fix several potential memory leaks in mmc_sdio_init_card() Ulf Hansson <ulf.hansson(a)linaro.org> mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() Ludovic Desroches <ludovic.desroches(a)microchip.com> ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description Masahiro Yamada <yamada.masahiro(a)socionext.com> mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe() Ulf Hansson <ulf.hansson(a)linaro.org> mmc: tmio: Further fixup runtime PM management at remove Ludovic Barre <ludovic.barre(a)st.com> mmc: mmci_sdmmc: fix DMA API warning overlapping mappings Eugen Hristev <eugen.hristev(a)microchip.com> mmc: sdhci-of-at91: fix CALCR register being rewritten Veerabhadrarao Badiganti <vbadigan(a)codeaurora.org> mmc: sdhci-msm: Clear tuning done flag while hs400 tuning Chris Wilson <chris(a)chris-wilson.co.uk> agp/intel: Reinforce the barrier after GTT updates Barret Rhoden <brho(a)google.com> perf: Add cond_resched() to task_function_call() OGAWA Hirofumi <hirofumi(a)mail.parknet.co.jp> fat: don't allow to mount if the FAT length == 0 Wang Hai <wanghai38(a)huawei.com> mm/slub: fix a memory leak in sysfs_slab_add() Ezequiel Garcia <ezequiel(a)collabora.com> drm/vkms: Hold gem object while still in-use Casey Schaufler <casey(a)schaufler-ca.com> Smack: slab-out-of-bounds in vsscanf Qiujun Huang <hqjagain(a)gmail.com> ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb Qiujun Huang <hqjagain(a)gmail.com> ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb Qiujun Huang <hqjagain(a)gmail.com> ath9k: Fix use-after-free Write in ath9k_htc_rx_msg Qiujun Huang <hqjagain(a)gmail.com> ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx Qiujun Huang <hqjagain(a)gmail.com> ath9k: Fix use-after-free Read in htc_connect_service Masami Hiramatsu <mhiramat(a)kernel.org> selftests/ftrace: Return unsupported if no error_log file Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type Sumit Saxena <sumit.saxena(a)broadcom.com> scsi: megaraid_sas: TM command refire leads to controller firmware crash Marc Zyngier <maz(a)kernel.org> KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts James Morse <james.morse(a)arm.com> KVM: arm64: Stop writing aarch32's CSSELR into ACTLR Xing Li <lixing(a)loongson.cn> KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits Xing Li <lixing(a)loongson.cn> KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data) Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: nVMX: Consult only the "basic" exit reason when routing nested exit Paolo Bonzini <pbonzini(a)redhat.com> KVM: nSVM: leave ASID aside in copy_vmcb_control_area Paolo Bonzini <pbonzini(a)redhat.com> KVM: nSVM: fix condition for filtering async PF Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 Tomi Valkeinen <tomi.valkeinen(a)ti.com> media: videobuf2-dma-contig: fix bad kfree in vb2_dma_contig_clear_max_seg_size Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> video: fbdev: w100fb: Fix a potential double free. Sam Ravnborg <sam(a)ravnborg.org> video: vt8500lcdfb: fix fallthrough warning Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Fix up cpufreq_boost_set_sw() Suman Anna <s-anna(a)ti.com> remoteproc: Fix and restore the parenting hierarchy for vdev Tero Kristo <t-kristo(a)ti.com> remoteproc: Fall back to using parent memory pool if no dedicated available Eric W. Biederman <ebiederm(a)xmission.com> proc: Use new_inode not new_inode_pseudo Yuxuan Shui <yshuiv7(a)gmail.com> ovl: initialize error in ovl_copy_xattr Amir Goldstein <amir73il(a)gmail.com> ovl: fix out of bounds access warning in ovl_check_fb_len() Parav Pandit <parav(a)mellanox.com> net/mlx5: Disable reload while removing the device Charles Keepax <ckeepax(a)opensource.cirrus.com> net: macb: Only disable NAPI on the actual error path Corentin Labbe <clabbe(a)baylibre.com> net: cadence: macb: disable NAPI on error Maxim Mikityanskiy <maximmi(a)mellanox.com> net/mlx5e: Fix repeated XSK usage on one channel Shay Drory <shayd(a)mellanox.com> net/mlx5: Fix fatal error handling during device load Shay Drory <shayd(a)mellanox.com> net/mlx5: drain health workqueue in case of driver load error tannerlove <tannerlove(a)google.com> selftests/net: in rxtimestamp getopt_long needs terminating null entry Lorenzo Bianconi <lorenzo(a)kernel.org> net: mvneta: do not redirect frames during reconfiguration Wang Hai <wanghai38(a)huawei.com> dccp: Fix possible memleak in dccp_init and dccp_fini Franck LENORMAND <franck.lenormand(a)nxp.com> firmware: imx: scu: Fix corruption of header Peng Fan <peng.fan(a)nxp.com> firmware: imx-scu: Support one TX and one RX Tony Luck <tony.luck(a)intel.com> x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix flush req->refs underflow Xiaoguang Wang <xiaoguang.wang(a)linux.alibaba.com> io_uring: fix mismatched finish_wait() calls in io_uring_cancel_files() Longpeng(Mike) <longpeng2(a)huawei.com> crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() Longpeng(Mike) <longpeng2(a)huawei.com> crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() Longpeng(Mike) <longpeng2(a)huawei.com> crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() Wei Yongjun <weiyongjun1(a)huawei.com> crypto: drbg - fix error return code in drbg_alloc_state() Eric Biggers <ebiggers(a)google.com> crypto: algapi - Avoid spurious modprobe on LOADED Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated Linus Torvalds <torvalds(a)linux-foundation.org> gup: document and work around "COW can break either way" issue Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: clk: Fix clk_pm_runtime_get() error path Justin Chen <justinpopo6(a)gmail.com> spi: bcm-qspi: when tx/rx buffer is NULL set to 0 Florian Fainelli <f.fainelli(a)gmail.com> spi: bcm-qspi: Handle clock probe deferral Lukas Wunner <lukas(a)wunner.de> spi: bcm2835aux: Fix controller unregister order Lukas Wunner <lukas(a)wunner.de> spi: bcm2835: Fix controller unregister order Lukas Wunner <lukas(a)wunner.de> spi: pxa2xx: Fix runtime PM ref imbalance on probe error Lukas Wunner <lukas(a)wunner.de> spi: pxa2xx: Fix controller unregister order Lukas Wunner <lukas(a)wunner.de> spi: Fix controller unregister order Lukas Wunner <lukas(a)wunner.de> spi: dw: Fix controller unregister order Alexander Gordeev <agordeev(a)linux.ibm.com> lib: fix bitmap_parse() on 64-bit big endian archs Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() Dave Rodgman <dave.rodgman(a)arm.com> lib/lzo: fix ambiguous encoding bug in lzo-rle Nick Desaulniers <ndesaulniers(a)google.com> arm64: acpi: fix UBSAN warning Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: PM: Avoid using power resources if there are none for D0 Ard Biesheuvel <ardb(a)kernel.org> ACPI: GED: add support for _Exx / _Lxx handler methods Qiushi Wu <wu000273(a)umn.edu> ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() Qiushi Wu <wu000273(a)umn.edu> ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix inconsistent card PM state after resume Michał Mirosław <mirq-linux(a)rere.qmqm.pl> ALSA: pcm: fix snd_pcm_link() lockdep splat Michał Mirosław <mirq-linux(a)rere.qmqm.pl> ALSA: pcm: disallow linking stream to itself Hui Wang <hui.wang(a)canonical.com> ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: fireface: start IR context immediately Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: fireface: fix configuration error for nominal sampling transfer frequency Hersen Wu <hersenxs.wu(a)amd.com> ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up Chuhong Yuan <hslester96(a)gmail.com> ALSA: es1688: Add the missed snd_card_free() Fabio Estevam <festevam(a)gmail.com> watchdog: imx_sc_wdt: Fix reboot on crash Steve French <stfrench(a)microsoft.com> smb3: fix typo in mount options displayed in /proc/mounts Namjae Jeon <namjae.jeon(a)samsung.com> smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl Steve French <stfrench(a)microsoft.com> smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K Ard Biesheuvel <ardb(a)kernel.org> efi/efivars: Add missing kobject_put() in sysfs entry creation error path Denis Efremov <efremov(a)linux.com> io_uring: use kvfree() in io_sqe_buffer_register() Pavel Dobias <dobias(a)2n.cz> ASoC: max9867: fix volume controls Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/ptdump: Properly handle non standard page size Eiichi Tsukata <eiichi.tsukata(a)nutanix.com> KVM: x86: Fix APIC page invalidation race Felipe Franciosi <felipe(a)nutanix.com> KVM: x86: respect singlestep when emulating instruction Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: allow KVM_STATE_NESTED_MTF_PENDING in kvm_state flags Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Add more available bits for OFFCORE_RESPONSE of Intel Tremont Hill Ma <maahiuzeon(a)gmail.com> x86/reboot/quirks: Add MacBook6,1 reboot quirk Anthony Steinhauser <asteinhauser(a)google.com> x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. Anthony Steinhauser <asteinhauser(a)google.com> x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. Anthony Steinhauser <asteinhauser(a)google.com> x86/speculation: Prevent rogue cross-process SSBD shutdown Xiaochun Lee <lixc17(a)lenovo.com> x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs Steven Price <steven.price(a)arm.com> x86: mm: ptdump: calculate effective permissions correctly Bob Haarman <inglorion(a)google.com> x86_64: Fix jiffies ODR violation Vlastimil Babka <vbabka(a)suse.cz> usercopy: mark dma-kmalloc caches as usercopy caches Miklos Szeredi <mszeredi(a)redhat.com> aio: fix async fsync creds Yongqiang Sun <yongqiang.sun(a)amd.com> drm/amd/display: Not doing optimize bandwidth if flip pending. Joseph Gravenor <joseph.gravenor(a)amd.com> drm/amd/display: remove invalid dc_is_hw_initialized function Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: fix hang when multiple threads try to destroy the same iscsi session Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: remove boilerplate code Bjorn Helgaas <bhelgaas(a)google.com> PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: only do L1TF workaround on affected processors Kim Phillips <kim.phillips(a)amd.com> x86/cpu/amd: Make erratum #1054 a legacy erratum Petr Tesarik <ptesarik(a)suse.com> s390/pci: Log new handle in clp_disable_fh() Daniel Jordan <daniel.m.jordan(a)oracle.com> padata: add separate cpuhp node for CPUHP_PADATA_DEAD Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated Arnd Bergmann <arnd(a)arndb.de> smack: avoid unused 'sip' variable warning Masashi Honma <masashi.honma(a)gmail.com> ath9k_htc: Silence undersized packet warnings Sasha Levin <sashal(a)kernel.org> spi: dw: Fix native CS being unset Cédric Le Goater <clg(a)kaod.org> powerpc/xive: Clear the page tables for the ESB IO mapping Saravana Kannan <saravanak(a)google.com> driver core: Update device link status correctly for SYNC_STATE_ONLY links Amir Goldstein <amir73il(a)gmail.com> fanotify: fix ignore mask logic for events on child and on dir Vlad Buslov <vladbu(a)mellanox.com> selftests: fix flower parent qdisc Waiman Long <longman(a)redhat.com> mm: add kvfree_sensitive() for freeing sensitive data objects Masami Hiramatsu <mhiramat(a)kernel.org> perf probe: Accept the instance number of kretprobe event Sergio Paracuellos <sergio.paracuellos(a)gmail.com> staging: mt7621-pci: properly power off dual-ported pcie phy Jérôme Pouiller <jerome.pouiller(a)silabs.com> staging: wfx: fix double free Thomas Falcon <tlfalcon(a)linux.ibm.com> drivers/net/ibmvnic: Update VNIC protocol version reporting Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Even more gfs2_find_jhead fixes Guo Ren <guoren(a)linux.alibaba.com> csky: Fixup abiv2 syscall_trace break a4 & a5 Dennis Kadioglu <denk(a)eclipso.email> Input: synaptics - add a second working PNP_ID for Lenovo T470s Jens Axboe <axboe(a)kernel.dk> sched/fair: Don't NUMA balance for kthreads Fredrik Strupe <fredrik(a)strupe.net> ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook Hans de Goede <hdegoede(a)redhat.com> Input: axp20x-pek - always register interrupt handlers Stephan Gerhold <stephan(a)gerhold.net> Input: mms114 - fix handling of mms345l Nick Desaulniers <ndesaulniers(a)google.com> elfnote: mark all .note sections SHF_ALLOC Fangrui Song <maskray(a)google.com> bpf: Support llvm-objcopy for vmlinux BTF Tuong Lien <tuong.t.lien(a)dektech.com.au> tipc: fix NULL pointer dereference in streaming Michal Vokáč <michal.vokac(a)ysoft.com> net: dsa: qca8k: Fix "Unexpected gfp" kernel exception Cong Wang <xiyou.wangcong(a)gmail.com> genetlink: fix memory leaks in genl_family_rcv_msg_dumpit() Sameeh Jubran <sameehj(a)amazon.com> net: ena: xdp: update napi budget for DROP and ABORTED Sameeh Jubran <sameehj(a)amazon.com> net: ena: xdp: XDP_TX: fix memory leak Ido Schimmel <idosch(a)mellanox.com> vxlan: Avoid infinite loop when suppressing NS messages with invalid options Ido Schimmel <idosch(a)mellanox.com> bridge: Avoid infinite loop when suppressing NS messages with invalid options Willem de Bruijn <willemb(a)google.com> tun: correct header offsets in napi frags mode Vasily Averin <vvs(a)virtuozzo.com> net_failover: fixed rollback in net_failover_open() Vadim Pasternak <vadimp(a)mellanox.com> mlxsw: core: Use different get_trend() callbacks for different thermal zones Hangbin Liu <liuhangbin(a)gmail.com> ipv6: fix IPV6_ADDRFORM operation logic ------------- Diffstat: Documentation/lzo.txt | 8 +- Makefile | 4 +- arch/arm/boot/dts/at91-sama5d2_ptc_ek.dts | 2 - arch/arm/include/asm/kvm_emulate.h | 3 +- arch/arm/include/asm/kvm_host.h | 2 + arch/arm/kernel/ptrace.c | 4 +- arch/arm64/include/asm/acpi.h | 5 +- arch/arm64/include/asm/kvm_emulate.h | 6 -- arch/arm64/include/asm/kvm_host.h | 8 +- arch/arm64/kvm/handle_exit.c | 19 +---- arch/arm64/kvm/sys_regs.c | 10 ++- arch/csky/abiv2/inc/abi/entry.h | 2 + arch/csky/kernel/entry.S | 6 +- arch/mips/include/asm/kvm_host.h | 6 +- arch/powerpc/kernel/vmlinux.lds.S | 6 -- arch/powerpc/mm/ptdump/ptdump.c | 21 ++--- arch/powerpc/sysdev/xive/common.c | 5 ++ arch/s390/pci/pci_clp.c | 3 +- arch/x86/events/intel/core.c | 4 +- arch/x86/include/asm/set_memory.h | 19 +++-- arch/x86/kernel/cpu/amd.c | 3 +- arch/x86/kernel/cpu/bugs.c | 92 ++++++++++++--------- arch/x86/kernel/cpu/mce/core.c | 11 ++- arch/x86/kernel/process.c | 28 +++---- arch/x86/kernel/reboot.c | 8 ++ arch/x86/kernel/time.c | 4 - arch/x86/kernel/vmlinux.lds.S | 4 +- arch/x86/kvm/mmu/mmu.c | 46 +++++------ arch/x86/kvm/svm.c | 6 +- arch/x86/kvm/vmx/nested.c | 4 +- arch/x86/kvm/vmx/vmx.c | 18 ++++- arch/x86/kvm/vmx/vmx.h | 3 +- arch/x86/kvm/x86.c | 11 +-- arch/x86/mm/dump_pagetables.c | 33 +++++--- arch/x86/pci/fixup.c | 4 + crypto/algapi.c | 2 +- crypto/drbg.c | 4 +- drivers/acpi/cppc_acpi.c | 1 + drivers/acpi/device_pm.c | 2 +- drivers/acpi/evged.c | 22 ++++- drivers/acpi/scan.c | 28 ++++--- drivers/acpi/sysfs.c | 4 +- drivers/base/core.c | 34 ++++++-- drivers/block/floppy.c | 10 +-- drivers/char/agp/intel-gtt.c | 4 +- drivers/clk/clk.c | 6 +- drivers/cpufreq/cpufreq.c | 11 +-- drivers/crypto/cavium/nitrox/nitrox_main.c | 4 +- drivers/crypto/virtio/virtio_crypto_algs.c | 21 +++-- drivers/edac/i10nm_base.c | 2 +- drivers/edac/skx_base.c | 20 ++--- drivers/edac/skx_common.c | 6 +- drivers/edac/skx_common.h | 2 +- drivers/firmware/efi/efivars.c | 4 +- drivers/firmware/imx/imx-scu.c | 62 ++++++++++---- drivers/gpu/drm/amd/display/dc/core/dc.c | 23 +++++- drivers/gpu/drm/amd/display/dc/dc.h | 1 - drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 8 ++ drivers/gpu/drm/vkms/vkms_drv.h | 5 -- drivers/gpu/drm/vkms/vkms_gem.c | 11 +-- drivers/infiniband/core/uverbs_main.c | 2 + drivers/input/misc/axp20x-pek.c | 72 +++++++++-------- drivers/input/mouse/synaptics.c | 1 + drivers/input/touchscreen/mms114.c | 12 ++- .../media/common/videobuf2/videobuf2-dma-contig.c | 20 +---- drivers/mmc/core/sdio.c | 61 +++++++------- drivers/mmc/host/mmci_stm32_sdmmc.c | 3 + drivers/mmc/host/sdhci-msm.c | 6 ++ drivers/mmc/host/sdhci-of-at91.c | 7 +- drivers/mmc/host/tmio_mmc_core.c | 6 +- drivers/mmc/host/uniphier-sd.c | 12 +-- drivers/net/dsa/qca8k.c | 3 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 10 +-- drivers/net/ethernet/cadence/macb_main.c | 14 ++-- drivers/net/ethernet/ibm/ibmvnic.c | 8 +- drivers/net/ethernet/marvell/mvneta.c | 13 +++ drivers/net/ethernet/mellanox/mlx5/core/devlink.c | 2 - .../net/ethernet/mellanox/mlx5/core/en/xsk/setup.c | 4 + drivers/net/ethernet/mellanox/mlx5/core/health.c | 14 +++- drivers/net/ethernet/mellanox/mlx5/core/main.c | 7 ++ drivers/net/ethernet/mellanox/mlxsw/core_thermal.c | 23 +++++- drivers/net/net_failover.c | 3 +- drivers/net/tun.c | 14 +++- drivers/net/vxlan.c | 4 + drivers/net/wireless/ath/ath9k/hif_usb.c | 58 ++++++++++--- drivers/net/wireless/ath/ath9k/hif_usb.h | 6 ++ drivers/net/wireless/ath/ath9k/htc_drv_init.c | 10 ++- drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 6 +- drivers/net/wireless/ath/ath9k/htc_hst.c | 6 +- drivers/net/wireless/ath/ath9k/wmi.c | 6 +- drivers/net/wireless/ath/ath9k/wmi.h | 3 +- drivers/pci/pci.c | 4 +- drivers/platform/x86/sony-laptop.c | 60 +++++++------- drivers/remoteproc/remoteproc_core.c | 2 +- drivers/remoteproc/remoteproc_virtio.c | 12 +++ drivers/scsi/lpfc/lpfc_ct.c | 1 - drivers/scsi/megaraid/megaraid_sas.h | 4 +- drivers/scsi/megaraid/megaraid_sas_fusion.c | 7 +- drivers/scsi/megaraid/megaraid_sas_fusion.h | 6 +- drivers/spi/spi-bcm-qspi.c | 20 +++-- drivers/spi/spi-bcm2835.c | 4 +- drivers/spi/spi-bcm2835aux.c | 4 +- drivers/spi/spi-dw.c | 14 +++- drivers/spi/spi-pxa2xx.c | 5 +- drivers/spi/spi.c | 3 +- drivers/staging/mt7621-pci/pci-mt7621.c | 12 ++- drivers/staging/wfx/main.c | 1 - drivers/target/iscsi/iscsi_target.c | 79 ++++++------------ drivers/target/iscsi/iscsi_target.h | 1 - drivers/target/iscsi/iscsi_target_configfs.c | 5 +- drivers/target/iscsi/iscsi_target_login.c | 5 +- drivers/video/fbdev/vt8500lcdfb.c | 1 + drivers/video/fbdev/w100fb.c | 2 + drivers/watchdog/imx_sc_wdt.c | 5 ++ drivers/xen/pvcalls-back.c | 3 +- fs/aio.c | 8 ++ fs/cifs/cifsfs.c | 2 +- fs/cifs/smb2pdu.c | 4 +- fs/fat/inode.c | 6 ++ fs/gfs2/lops.c | 15 ++-- fs/io_uring.c | 15 ++-- fs/nilfs2/segment.c | 2 + fs/notify/fanotify/fanotify.c | 5 +- fs/overlayfs/copy_up.c | 2 +- fs/overlayfs/overlayfs.h | 3 + fs/proc/inode.c | 2 +- fs/proc/self.c | 2 +- fs/proc/thread_self.c | 2 +- include/asm-generic/vmlinux.lds.h | 15 ++++ include/linux/elfnote.h | 2 +- include/linux/kvm_host.h | 4 +- include/linux/mm.h | 1 + include/linux/padata.h | 6 +- include/linux/ptdump.h | 1 + include/linux/set_memory.h | 2 +- include/media/videobuf2-dma-contig.h | 2 +- include/net/inet_hashtables.h | 6 ++ include/target/iscsi/iscsi_target_core.h | 2 +- kernel/bpf/btf.c | 9 +-- kernel/bpf/sysfs_btf.c | 11 ++- kernel/events/core.c | 23 +++--- kernel/padata.c | 14 ++-- kernel/sched/fair.c | 2 +- lib/bitmap.c | 9 ++- lib/lzo/lzo1x_compress.c | 13 +++ mm/gup.c | 44 ++++++++-- mm/huge_memory.c | 7 +- mm/ptdump.c | 17 +++- mm/slab_common.c | 3 +- mm/slub.c | 4 +- mm/util.c | 18 +++++ net/bridge/br_arp_nd_proxy.c | 4 + net/dccp/proto.c | 7 +- net/ipv6/ipv6_sockglue.c | 13 +-- net/netlink/genetlink.c | 94 +++++++++++++--------- net/tipc/msg.c | 4 +- scripts/link-vmlinux.sh | 24 +++--- security/keys/internal.h | 11 --- security/keys/keyctl.c | 16 ++-- security/smack/smack.h | 6 -- security/smack/smack_lsm.c | 25 ++---- security/smack/smackfs.c | 10 +++ sound/core/pcm_native.c | 20 ++++- sound/firewire/fireface/ff-protocol-latter.c | 12 +-- sound/firewire/fireface/ff-stream.c | 10 +-- sound/isa/es1688/es1688.c | 4 +- sound/pci/hda/hda_intel.c | 3 + sound/pci/hda/patch_realtek.c | 6 ++ sound/soc/codecs/max9867.c | 4 +- sound/usb/card.c | 19 +++-- sound/usb/quirks-table.h | 20 +++++ sound/usb/usbaudio.h | 2 +- tools/perf/util/probe-event.c | 3 +- .../ftrace/test.d/ftrace/tracing-error-log.tc | 2 + .../networking/timestamping/rxtimestamp.c | 1 + .../tc-testing/tc-tests/filters/tests.json | 6 +- tools/testing/selftests/tc-testing/tdc_batch.py | 6 +- virt/kvm/arm/aarch32.c | 28 +++++++ virt/kvm/arm/arm.c | 22 ++++- virt/kvm/kvm_main.c | 26 +++--- 180 files changed, 1292 insertions(+), 790 deletions(-)

5 years, 4 months

4
3
0 0

[PATCH 5.4 000/131] 5.4.47-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.47 release. There are 131 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 18 Jun 2020 17:25:49 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.47-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.47-rc2 Marc Zyngier <maz(a)kernel.org> KVM: arm64: Save the host's PtrAuth keys in non-preemptible context Marc Zyngier <maz(a)kernel.org> KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception Juergen Gross <jgross(a)suse.com> xen/pvcalls-back: test for errors when calling backend_connect() Jiri Kosina <jkosina(a)suse.cz> block/floppy: fix contended case in floppy_queue_rq() Ulf Hansson <ulf.hansson(a)linaro.org> mmc: sdio: Fix several potential memory leaks in mmc_sdio_init_card() Ulf Hansson <ulf.hansson(a)linaro.org> mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() Ludovic Desroches <ludovic.desroches(a)microchip.com> ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description Masahiro Yamada <yamada.masahiro(a)socionext.com> mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe() Ulf Hansson <ulf.hansson(a)linaro.org> mmc: tmio: Further fixup runtime PM management at remove Ludovic Barre <ludovic.barre(a)st.com> mmc: mmci_sdmmc: fix DMA API warning overlapping mappings Veerabhadrarao Badiganti <vbadigan(a)codeaurora.org> mmc: sdhci-msm: Clear tuning done flag while hs400 tuning Chris Wilson <chris(a)chris-wilson.co.uk> agp/intel: Reinforce the barrier after GTT updates Barret Rhoden <brho(a)google.com> perf: Add cond_resched() to task_function_call() OGAWA Hirofumi <hirofumi(a)mail.parknet.co.jp> fat: don't allow to mount if the FAT length == 0 Wang Hai <wanghai38(a)huawei.com> mm/slub: fix a memory leak in sysfs_slab_add() Ezequiel Garcia <ezequiel(a)collabora.com> drm/vkms: Hold gem object while still in-use Casey Schaufler <casey(a)schaufler-ca.com> Smack: slab-out-of-bounds in vsscanf Qiujun Huang <hqjagain(a)gmail.com> ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb Qiujun Huang <hqjagain(a)gmail.com> ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb Qiujun Huang <hqjagain(a)gmail.com> ath9k: Fix use-after-free Write in ath9k_htc_rx_msg Qiujun Huang <hqjagain(a)gmail.com> ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx Qiujun Huang <hqjagain(a)gmail.com> ath9k: Fix use-after-free Read in htc_connect_service Masami Hiramatsu <mhiramat(a)kernel.org> selftests/ftrace: Return unsupported if no error_log file Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type Sumit Saxena <sumit.saxena(a)broadcom.com> scsi: megaraid_sas: TM command refire leads to controller firmware crash Marc Zyngier <maz(a)kernel.org> KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts James Morse <james.morse(a)arm.com> KVM: arm64: Stop writing aarch32's CSSELR into ACTLR Xing Li <lixing(a)loongson.cn> KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits Xing Li <lixing(a)loongson.cn> KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data) Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: nVMX: Consult only the "basic" exit reason when routing nested exit Paolo Bonzini <pbonzini(a)redhat.com> KVM: nSVM: leave ASID aside in copy_vmcb_control_area Paolo Bonzini <pbonzini(a)redhat.com> KVM: nSVM: fix condition for filtering async PF Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> video: fbdev: w100fb: Fix a potential double free. Sam Ravnborg <sam(a)ravnborg.org> video: vt8500lcdfb: fix fallthrough warning Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Fix up cpufreq_boost_set_sw() Suman Anna <s-anna(a)ti.com> remoteproc: Fix and restore the parenting hierarchy for vdev Tero Kristo <t-kristo(a)ti.com> remoteproc: Fall back to using parent memory pool if no dedicated available Eric W. Biederman <ebiederm(a)xmission.com> proc: Use new_inode not new_inode_pseudo Yuxuan Shui <yshuiv7(a)gmail.com> ovl: initialize error in ovl_copy_xattr Maxim Mikityanskiy <maximmi(a)mellanox.com> net/mlx5e: Fix repeated XSK usage on one channel Shay Drory <shayd(a)mellanox.com> net/mlx5: Fix fatal error handling during device load Shay Drory <shayd(a)mellanox.com> net/mlx5: drain health workqueue in case of driver load error tannerlove <tannerlove(a)google.com> selftests/net: in rxtimestamp getopt_long needs terminating null entry Wang Hai <wanghai38(a)huawei.com> dccp: Fix possible memleak in dccp_init and dccp_fini Longpeng(Mike) <longpeng2(a)huawei.com> crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() Longpeng(Mike) <longpeng2(a)huawei.com> crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() Longpeng(Mike) <longpeng2(a)huawei.com> crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() Franck LENORMAND <franck.lenormand(a)nxp.com> firmware: imx: scu: Fix corruption of header Peng Fan <peng.fan(a)nxp.com> firmware: imx-scu: Support one TX and one RX Leonard Crestez <leonard.crestez(a)nxp.com> firmware: imx: warn on unexpected RX Tony Luck <tony.luck(a)intel.com> x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned Wei Yongjun <weiyongjun1(a)huawei.com> crypto: drbg - fix error return code in drbg_alloc_state() Eric Biggers <ebiggers(a)google.com> crypto: algapi - Avoid spurious modprobe on LOADED Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated Linus Torvalds <torvalds(a)linux-foundation.org> gup: document and work around "COW can break either way" issue Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: clk: Fix clk_pm_runtime_get() error path Justin Chen <justinpopo6(a)gmail.com> spi: bcm-qspi: when tx/rx buffer is NULL set to 0 Florian Fainelli <f.fainelli(a)gmail.com> spi: bcm-qspi: Handle clock probe deferral Lukas Wunner <lukas(a)wunner.de> spi: bcm2835aux: Fix controller unregister order Lukas Wunner <lukas(a)wunner.de> spi: bcm2835: Fix controller unregister order Lukas Wunner <lukas(a)wunner.de> spi: pxa2xx: Fix runtime PM ref imbalance on probe error Lukas Wunner <lukas(a)wunner.de> spi: pxa2xx: Fix controller unregister order Lukas Wunner <lukas(a)wunner.de> spi: Fix controller unregister order Lukas Wunner <lukas(a)wunner.de> spi: dw: Fix controller unregister order Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() Dave Rodgman <dave.rodgman(a)arm.com> lib/lzo: fix ambiguous encoding bug in lzo-rle Nick Desaulniers <ndesaulniers(a)google.com> arm64: acpi: fix UBSAN warning Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: PM: Avoid using power resources if there are none for D0 Ard Biesheuvel <ardb(a)kernel.org> ACPI: GED: add support for _Exx / _Lxx handler methods Qiushi Wu <wu000273(a)umn.edu> ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() Qiushi Wu <wu000273(a)umn.edu> ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix inconsistent card PM state after resume Michał Mirosław <mirq-linux(a)rere.qmqm.pl> ALSA: pcm: fix snd_pcm_link() lockdep splat Michał Mirosław <mirq-linux(a)rere.qmqm.pl> ALSA: pcm: disallow linking stream to itself Hui Wang <hui.wang(a)canonical.com> ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: fireface: fix configuration error for nominal sampling transfer frequency Chuhong Yuan <hslester96(a)gmail.com> ALSA: es1688: Add the missed snd_card_free() Fabio Estevam <festevam(a)gmail.com> watchdog: imx_sc_wdt: Fix reboot on crash Namjae Jeon <namjae.jeon(a)samsung.com> smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl Steve French <stfrench(a)microsoft.com> smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K Ard Biesheuvel <ardb(a)kernel.org> efi/efivars: Add missing kobject_put() in sysfs entry creation error path Denis Efremov <efremov(a)linux.com> io_uring: use kvfree() in io_sqe_buffer_register() Pavel Dobias <dobias(a)2n.cz> ASoC: max9867: fix volume controls Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/ptdump: Properly handle non standard page size Eiichi Tsukata <eiichi.tsukata(a)nutanix.com> KVM: x86: Fix APIC page invalidation race Felipe Franciosi <felipe(a)nutanix.com> KVM: x86: respect singlestep when emulating instruction Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Add more available bits for OFFCORE_RESPONSE of Intel Tremont Hill Ma <maahiuzeon(a)gmail.com> x86/reboot/quirks: Add MacBook6,1 reboot quirk Anthony Steinhauser <asteinhauser(a)google.com> x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. Anthony Steinhauser <asteinhauser(a)google.com> x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. Anthony Steinhauser <asteinhauser(a)google.com> x86/speculation: Prevent rogue cross-process SSBD shutdown Xiaochun Lee <lixc17(a)lenovo.com> x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs Bob Haarman <inglorion(a)google.com> x86_64: Fix jiffies ODR violation Qiujun Huang <hqjagain(a)gmail.com> sctp: fix refcount bug in sctp_wfree Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> sctp: fix possibly using a bad saddr with a given dst Luca Coelho <luciano.coelho(a)intel.com> iwlwifi: mvm: fix NVM check for 3168 devices Qian Cai <cai(a)lca.pw> ipv4: fix a RCU-list lock in fib_triestat_seq_show Miklos Szeredi <mszeredi(a)redhat.com> aio: fix async fsync creds Amir Goldstein <amir73il(a)gmail.com> fanotify: fix ignore mask logic for events on child and on dir Vlad Buslov <vladbu(a)mellanox.com> selftests: fix flower parent qdisc Waiman Long <longman(a)redhat.com> mm: add kvfree_sensitive() for freeing sensitive data objects Masami Hiramatsu <mhiramat(a)kernel.org> perf probe: Accept the instance number of kretprobe event Bjorn Helgaas <bhelgaas(a)google.com> PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: only do L1TF workaround on affected processors Kim Phillips <kim.phillips(a)amd.com> x86/cpu/amd: Make erratum #1054 a legacy erratum Petr Tesarik <ptesarik(a)suse.com> s390/pci: Log new handle in clp_disable_fh() Daniel Jordan <daniel.m.jordan(a)oracle.com> padata: add separate cpuhp node for CPUHP_PADATA_DEAD Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated Arnd Bergmann <arnd(a)arndb.de> smack: avoid unused 'sip' variable warning Masashi Honma <masashi.honma(a)gmail.com> ath9k_htc: Silence undersized packet warnings Sasha Levin <sashal(a)kernel.org> spi: dw: Fix native CS being unset Cédric Le Goater <clg(a)kaod.org> powerpc/xive: Clear the page tables for the ESB IO mapping Thomas Falcon <tlfalcon(a)linux.ibm.com> drivers/net/ibmvnic: Update VNIC protocol version reporting Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Even more gfs2_find_jhead fixes Guo Ren <guoren(a)linux.alibaba.com> csky: Fixup abiv2 syscall_trace break a4 & a5 Dennis Kadioglu <denk(a)eclipso.email> Input: synaptics - add a second working PNP_ID for Lenovo T470s Jens Axboe <axboe(a)kernel.dk> sched/fair: Don't NUMA balance for kthreads Fredrik Strupe <fredrik(a)strupe.net> ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook Stephan Gerhold <stephan(a)gerhold.net> Input: mms114 - fix handling of mms345l Nick Desaulniers <ndesaulniers(a)google.com> elfnote: mark all .note sections SHF_ALLOC Fangrui Song <maskray(a)google.com> bpf: Support llvm-objcopy for vmlinux BTF Ido Schimmel <idosch(a)mellanox.com> vxlan: Avoid infinite loop when suppressing NS messages with invalid options Ido Schimmel <idosch(a)mellanox.com> bridge: Avoid infinite loop when suppressing NS messages with invalid options Willem de Bruijn <willemb(a)google.com> tun: correct header offsets in napi frags mode Vasily Averin <vvs(a)virtuozzo.com> net_failover: fixed rollback in net_failover_open() Vadim Pasternak <vadimp(a)mellanox.com> mlxsw: core: Use different get_trend() callbacks for different thermal zones Hangbin Liu <liuhangbin(a)gmail.com> ipv6: fix IPV6_ADDRFORM operation logic ------------- Diffstat: Documentation/lzo.txt | 8 +- Makefile | 4 +- arch/arm/boot/dts/at91-sama5d2_ptc_ek.dts | 2 - arch/arm/include/asm/kvm_emulate.h | 3 +- arch/arm/include/asm/kvm_host.h | 2 + arch/arm/kernel/ptrace.c | 4 +- arch/arm64/include/asm/acpi.h | 5 +- arch/arm64/include/asm/kvm_emulate.h | 6 -- arch/arm64/include/asm/kvm_host.h | 8 +- arch/arm64/kvm/handle_exit.c | 19 +---- arch/arm64/kvm/sys_regs.c | 10 ++- arch/csky/abiv2/inc/abi/entry.h | 2 + arch/csky/kernel/entry.S | 6 +- arch/mips/include/asm/kvm_host.h | 6 +- arch/powerpc/kernel/vmlinux.lds.S | 6 -- arch/powerpc/mm/ptdump/ptdump.c | 21 ++--- arch/powerpc/sysdev/xive/common.c | 5 ++ arch/s390/pci/pci_clp.c | 3 +- arch/x86/events/intel/core.c | 4 +- arch/x86/include/asm/set_memory.h | 19 +++-- arch/x86/kernel/cpu/amd.c | 3 +- arch/x86/kernel/cpu/bugs.c | 92 +++++++++++++--------- arch/x86/kernel/cpu/mce/core.c | 11 ++- arch/x86/kernel/process.c | 28 +++---- arch/x86/kernel/reboot.c | 8 ++ arch/x86/kernel/time.c | 4 - arch/x86/kernel/vmlinux.lds.S | 4 +- arch/x86/kvm/mmu.c | 46 +++++------ arch/x86/kvm/svm.c | 6 +- arch/x86/kvm/vmx/nested.c | 4 +- arch/x86/kvm/vmx/vmx.c | 18 ++++- arch/x86/kvm/vmx/vmx.h | 3 +- arch/x86/kvm/x86.c | 9 +-- arch/x86/pci/fixup.c | 4 + crypto/algapi.c | 2 +- crypto/drbg.c | 4 +- drivers/acpi/cppc_acpi.c | 1 + drivers/acpi/device_pm.c | 2 +- drivers/acpi/evged.c | 22 +++++- drivers/acpi/scan.c | 28 ++++--- drivers/acpi/sysfs.c | 4 +- drivers/block/floppy.c | 10 +-- drivers/char/agp/intel-gtt.c | 4 +- drivers/clk/clk.c | 6 +- drivers/cpufreq/cpufreq.c | 11 +-- drivers/crypto/cavium/nitrox/nitrox_main.c | 4 +- drivers/crypto/virtio/virtio_crypto_algs.c | 21 +++-- drivers/edac/i10nm_base.c | 2 +- drivers/edac/skx_base.c | 20 ++--- drivers/edac/skx_common.c | 6 +- drivers/edac/skx_common.h | 2 +- drivers/firmware/efi/efivars.c | 4 +- drivers/firmware/imx/imx-scu.c | 72 +++++++++++++---- drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 8 ++ drivers/gpu/drm/vkms/vkms_drv.h | 5 -- drivers/gpu/drm/vkms/vkms_gem.c | 11 +-- drivers/infiniband/core/uverbs_main.c | 2 + drivers/input/mouse/synaptics.c | 1 + drivers/input/touchscreen/mms114.c | 12 ++- drivers/mmc/core/sdio.c | 61 +++++++------- drivers/mmc/host/mmci_stm32_sdmmc.c | 3 + drivers/mmc/host/sdhci-msm.c | 6 ++ drivers/mmc/host/tmio_mmc_core.c | 6 +- drivers/mmc/host/uniphier-sd.c | 12 +-- drivers/net/ethernet/ibm/ibmvnic.c | 8 +- .../net/ethernet/mellanox/mlx5/core/en/xsk/setup.c | 4 + drivers/net/ethernet/mellanox/mlx5/core/health.c | 14 +++- drivers/net/ethernet/mellanox/mlx5/core/main.c | 5 ++ drivers/net/ethernet/mellanox/mlxsw/core_thermal.c | 23 +++++- drivers/net/net_failover.c | 3 +- drivers/net/tun.c | 14 +++- drivers/net/vxlan.c | 4 + drivers/net/wireless/ath/ath9k/hif_usb.c | 58 +++++++++++--- drivers/net/wireless/ath/ath9k/hif_usb.h | 6 ++ drivers/net/wireless/ath/ath9k/htc_drv_init.c | 10 ++- drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 6 +- drivers/net/wireless/ath/ath9k/htc_hst.c | 6 +- drivers/net/wireless/ath/ath9k/wmi.c | 6 +- drivers/net/wireless/ath/ath9k/wmi.h | 3 +- drivers/net/wireless/intel/iwlwifi/mvm/nvm.c | 2 +- drivers/pci/pci.c | 4 +- drivers/remoteproc/remoteproc_core.c | 2 +- drivers/remoteproc/remoteproc_virtio.c | 12 +++ drivers/scsi/lpfc/lpfc_ct.c | 1 - drivers/scsi/megaraid/megaraid_sas_fusion.c | 7 +- drivers/spi/spi-bcm-qspi.c | 20 +++-- drivers/spi/spi-bcm2835.c | 4 +- drivers/spi/spi-bcm2835aux.c | 4 +- drivers/spi/spi-dw.c | 14 +++- drivers/spi/spi-pxa2xx.c | 5 +- drivers/spi/spi.c | 3 +- drivers/video/fbdev/vt8500lcdfb.c | 1 + drivers/video/fbdev/w100fb.c | 2 + drivers/watchdog/imx_sc_wdt.c | 5 ++ drivers/xen/pvcalls-back.c | 3 +- fs/aio.c | 8 ++ fs/cifs/smb2pdu.c | 4 +- fs/fat/inode.c | 6 ++ fs/gfs2/lops.c | 15 ++-- fs/io_uring.c | 4 +- fs/nilfs2/segment.c | 2 + fs/notify/fanotify/fanotify.c | 5 +- fs/overlayfs/copy_up.c | 2 +- fs/proc/inode.c | 2 +- fs/proc/self.c | 2 +- fs/proc/thread_self.c | 2 +- include/asm-generic/vmlinux.lds.h | 22 +++++- include/linux/elfnote.h | 2 +- include/linux/kvm_host.h | 4 +- include/linux/mm.h | 1 + include/linux/padata.h | 6 +- include/linux/set_memory.h | 2 +- include/net/inet_hashtables.h | 6 ++ kernel/bpf/sysfs_btf.c | 11 ++- kernel/events/core.c | 23 +++--- kernel/padata.c | 14 ++-- kernel/sched/fair.c | 2 +- lib/lzo/lzo1x_compress.c | 13 +++ mm/gup.c | 44 +++++++++-- mm/huge_memory.c | 7 +- mm/slub.c | 4 +- mm/util.c | 18 +++++ net/bridge/br_arp_nd_proxy.c | 4 + net/dccp/proto.c | 7 +- net/ipv4/fib_trie.c | 3 + net/ipv6/ipv6_sockglue.c | 13 +-- net/sctp/ipv6.c | 20 +++-- net/sctp/protocol.c | 28 ++++--- net/sctp/socket.c | 31 ++++++-- scripts/link-vmlinux.sh | 24 +++--- security/keys/internal.h | 11 --- security/keys/keyctl.c | 16 ++-- security/smack/smack.h | 6 -- security/smack/smack_lsm.c | 25 ++---- security/smack/smackfs.c | 10 +++ sound/core/pcm_native.c | 20 ++++- sound/firewire/fireface/ff-protocol-latter.c | 12 +-- sound/isa/es1688/es1688.c | 4 +- sound/pci/hda/patch_realtek.c | 6 ++ sound/soc/codecs/max9867.c | 4 +- sound/usb/card.c | 19 +++-- sound/usb/quirks-table.h | 20 +++++ sound/usb/usbaudio.h | 2 +- tools/perf/util/probe-event.c | 3 +- .../ftrace/test.d/ftrace/tracing-error-log.tc | 2 + .../networking/timestamping/rxtimestamp.c | 1 + .../tc-testing/tc-tests/filters/tests.json | 6 +- tools/testing/selftests/tc-testing/tdc_batch.py | 6 +- virt/kvm/arm/aarch32.c | 28 +++++++ virt/kvm/arm/arm.c | 22 +++++- virt/kvm/kvm_main.c | 26 +++--- 151 files changed, 1046 insertions(+), 558 deletions(-)

5 years, 4 months

4
3
0 0

[PATCH] MIPS: lantiq: xway: sysctrl: fix the GPHY clock alias names

by Martin Blumenstingl

The dt-bindings for the GSWIP describe that the node should be named "switch". Use the same name in sysctrl.c so the GSWIP driver can actually find the "gphy0" and "gphy1" clocks. Fixes: 14fceff4771e51 ("net: dsa: Add Lantiq / Intel DSA driver for vrx200") Cc: stable(a)vger.kernel.org Signed-off-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> --- arch/mips/lantiq/xway/sysctrl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/mips/lantiq/xway/sysctrl.c b/arch/mips/lantiq/xway/sysctrl.c index aa37545ebe8f..b10342018d19 100644 --- a/arch/mips/lantiq/xway/sysctrl.c +++ b/arch/mips/lantiq/xway/sysctrl.c @@ -514,8 +514,8 @@ void __init ltq_soc_init(void) clkdev_add_pmu("1e10b308.eth", NULL, 0, 0, PMU_SWITCH | PMU_PPE_DP | PMU_PPE_TC); clkdev_add_pmu("1da00000.usif", "NULL", 1, 0, PMU_USIF); - clkdev_add_pmu("1e108000.gswip", "gphy0", 0, 0, PMU_GPHY); - clkdev_add_pmu("1e108000.gswip", "gphy1", 0, 0, PMU_GPHY); + clkdev_add_pmu("1e108000.switch", "gphy0", 0, 0, PMU_GPHY); + clkdev_add_pmu("1e108000.switch", "gphy1", 0, 0, PMU_GPHY); clkdev_add_pmu("1e103100.deu", NULL, 1, 0, PMU_DEU); clkdev_add_pmu("1e116000.mei", "afe", 1, 2, PMU_ANALOG_DSL_AFE); clkdev_add_pmu("1e116000.mei", "dfe", 1, 0, PMU_DFE); @@ -538,8 +538,8 @@ void __init ltq_soc_init(void) PMU_SWITCH | PMU_PPE_DPLUS | PMU_PPE_DPLUM | PMU_PPE_EMA | PMU_PPE_TC | PMU_PPE_SLL01 | PMU_PPE_QSB | PMU_PPE_TOP); - clkdev_add_pmu("1e108000.gswip", "gphy0", 0, 0, PMU_GPHY); - clkdev_add_pmu("1e108000.gswip", "gphy1", 0, 0, PMU_GPHY); + clkdev_add_pmu("1e108000.switch", "gphy0", 0, 0, PMU_GPHY); + clkdev_add_pmu("1e108000.switch", "gphy1", 0, 0, PMU_GPHY); clkdev_add_pmu("1e103000.sdio", NULL, 1, 0, PMU_SDIO); clkdev_add_pmu("1e103100.deu", NULL, 1, 0, PMU_DEU); clkdev_add_pmu("1e116000.mei", "dfe", 1, 0, PMU_DFE); -- 2.27.0

5 years, 4 months

3
2
0 0

[PATCH] exfat: move setting VOL_DIRTY over exfat_remove_entries()

by Namjae Jeon

Move setting VOL_DIRTY over exfat_remove_entries() to avoid unneeded leaving VOL_DIRTY on -ENOTEMPTY. Fixes: 5f2aa075070c ("exfat: add inode operations") Cc: stable(a)vger.kernel.org # v5.7 Reported-by: Tetsuhiro Kohada <kohada.t2(a)gmail.com> Reviewed-by: Sungjong Seo <sj1557.seo(a)samsung.com> Signed-off-by: Namjae Jeon <namjae.jeon(a)samsung.com> --- fs/exfat/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/exfat/namei.c b/fs/exfat/namei.c index edd8023865a0..2b9e21094a96 100644 --- a/fs/exfat/namei.c +++ b/fs/exfat/namei.c @@ -975,7 +975,6 @@ static int exfat_rmdir(struct inode *dir, struct dentry *dentry) goto unlock; } - exfat_set_vol_flags(sb, VOL_DIRTY); exfat_chain_set(&clu_to_free, ei->start_clu, EXFAT_B_TO_CLU_ROUND_UP(i_size_read(inode), sbi), ei->flags); @@ -1002,6 +1001,7 @@ static int exfat_rmdir(struct inode *dir, struct dentry *dentry) num_entries++; brelse(bh); + exfat_set_vol_flags(sb, VOL_DIRTY); err = exfat_remove_entries(dir, &cdir, entry, 0, num_entries); if (err) { exfat_err(sb, "failed to exfat_remove_entries : err(%d)", err); -- 2.17.1

5 years, 4 months

1
0
0 0

[PATCH] drm/amd/powerplay: Fix NULL dereference in lock_bus() on Vega20 w/o RAS

by Ivan Mironov

I updated my system with Radeon VII from kernel 5.6 to kernel 5.7, and following started to happen on each boot: ... BUG: kernel NULL pointer dereference, address: 0000000000000128 ... CPU: 9 PID: 1940 Comm: modprobe Tainted: G E 5.7.2-200.im0.fc32.x86_64 #1 Hardware name: System manufacturer System Product Name/PRIME X570-P, BIOS 1407 04/02/2020 RIP: 0010:lock_bus+0x42/0x60 [amdgpu] ... Call Trace: i2c_smbus_xfer+0x3d/0xf0 i2c_default_probe+0xf3/0x130 i2c_detect.isra.0+0xfe/0x2b0 ? kfree+0xa3/0x200 ? kobject_uevent_env+0x11f/0x6a0 ? i2c_detect.isra.0+0x2b0/0x2b0 __process_new_driver+0x1b/0x20 bus_for_each_dev+0x64/0x90 ? 0xffffffffc0f34000 i2c_register_driver+0x73/0xc0 do_one_initcall+0x46/0x200 ? _cond_resched+0x16/0x40 ? kmem_cache_alloc_trace+0x167/0x220 ? do_init_module+0x23/0x260 do_init_module+0x5c/0x260 __do_sys_init_module+0x14f/0x170 do_syscall_64+0x5b/0xf0 entry_SYSCALL_64_after_hwframe+0x44/0xa9 ... Error appears when some i2c device driver tries to probe for devices using adapter registered by `smu_v11_0_i2c_eeprom_control_init()`. Code supporting this adapter requires `adev->psp.ras.ras` to be not NULL, which is true only when `amdgpu_ras_init()` detects HW support by calling `amdgpu_ras_check_supported()`. Before 9015d60c9ee1, adapter was registered by -> amdgpu_device_ip_init() -> amdgpu_ras_recovery_init() -> amdgpu_ras_eeprom_init() -> smu_v11_0_i2c_eeprom_control_init() after verifying that `adev->psp.ras.ras` is not NULL in `amdgpu_ras_recovery_init()`. Currently it is registered unconditionally by -> amdgpu_device_ip_init() -> pp_sw_init() -> hwmgr_sw_init() -> vega20_smu_init() -> smu_v11_0_i2c_eeprom_control_init() Fix simply adds HW support check (ras == NULL => no support) before calling `smu_v11_0_i2c_eeprom_control_{init,fini}()`. Please note that there is a chance that similar fix is also required for CHIP_ARCTURUS. I do not know whether any actual Arcturus hardware without RAS exist, and whether calling `smu_i2c_eeprom_init()` makes any sense when there is no HW support. Cc: stable(a)vger.kernel.org Fixes: 9015d60c9ee1 ("drm/amdgpu: Move EEPROM I2C adapter to amdgpu_device") Signed-off-by: Ivan Mironov <mironov.ivan(a)gmail.com> --- drivers/gpu/drm/amd/powerplay/smumgr/vega20_smumgr.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/powerplay/smumgr/vega20_smumgr.c b/drivers/gpu/drm/amd/powerplay/smumgr/vega20_smumgr.c index 2fb97554134f..c2e0fbbccf56 100644 --- a/drivers/gpu/drm/amd/powerplay/smumgr/vega20_smumgr.c +++ b/drivers/gpu/drm/amd/powerplay/smumgr/vega20_smumgr.c @@ -522,9 +522,11 @@ static int vega20_smu_init(struct pp_hwmgr *hwmgr) priv->smu_tables.entry[TABLE_ACTIVITY_MONITOR_COEFF].version = 0x01; priv->smu_tables.entry[TABLE_ACTIVITY_MONITOR_COEFF].size = sizeof(DpmActivityMonitorCoeffInt_t); - ret = smu_v11_0_i2c_eeprom_control_init(&adev->pm.smu_i2c); - if (ret) - goto err4; + if (adev->psp.ras.ras) { + ret = smu_v11_0_i2c_eeprom_control_init(&adev->pm.smu_i2c); + if (ret) + goto err4; + } return 0; @@ -560,7 +562,8 @@ static int vega20_smu_fini(struct pp_hwmgr *hwmgr) (struct vega20_smumgr *)(hwmgr->smu_backend); struct amdgpu_device *adev = hwmgr->adev; - smu_v11_0_i2c_eeprom_control_fini(&adev->pm.smu_i2c); + if (adev->psp.ras.ras) + smu_v11_0_i2c_eeprom_control_fini(&adev->pm.smu_i2c); if (priv) { amdgpu_bo_free_kernel(&priv->smu_tables.entry[TABLE_PPTABLE].handle, -- 2.26.2

5 years, 4 months

1
0
0 0

stable-rc/linux-4.4.y baseline: 55 runs, 1 regressions (v4.4.226-83-g43fb0f9d5b32)

by kernelci.org bot

stable-rc/linux-4.4.y baseline: 55 runs, 1 regressions (v4.4.226-83-g43fb0f9d5b32) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | results ------------+--------+--------------+----------+------------------+-------- qemu_x86_64 | x86_64 | lab-baylibre | gcc-8 | x86_64_defconfig | 0/1 Details: https://kernelci.org/test/job/stable-rc/branch/linux-4.4.y/kernel/v4.4.226-… Test: baseline Tree: stable-rc Branch: linux-4.4.y Describe: v4.4.226-83-g43fb0f9d5b32 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 43fb0f9d5b3227048e6be520bfe64a40d3d8bd7d Test Regressions ---------------- platform | arch | lab | compiler | defconfig | results ------------+--------+--------------+----------+------------------+-------- qemu_x86_64 | x86_64 | lab-baylibre | gcc-8 | x86_64_defconfig | 0/1 Details: https://kernelci.org/test/plan/id/5ee9261f0e01b74aa997bf09 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: x86_64_defconfig Compiler: gcc-8 (gcc (Debian 8.3.0-6) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/linux-4.4.y/v4.4.226-83-g43fb0f9d5b… HTML log: https://storage.kernelci.org//stable-rc/linux-4.4.y/v4.4.226-83-g43fb0f9d5b… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2019.02-11-g17e793f… * baseline.login: https://kernelci.org/test/case/id/5ee9261f0e01b74aa997bf0a failing since 6 days (last pass: v4.4.226-24-gd275a29aa983, first fail: v4.4.226-37-g61ef7e7aaf1d)

5 years, 4 months

1
0
0 0

(no subject)

by Nico Pache

>From ec13df6442492592eb6a0b21d65d0489ac91a180 Mon Sep 17 00:00:00 2001 From: Yihui ZENG <yzeng56(a)asu.edu> Date: Fri, 25 Oct 2019 12:31:48 +0300 Subject: [PATCH] s390/cmm: fix information leak in cmm_timeout_handler() The problem is that we were putting the NUL terminator too far: buf[sizeof(buf) - 1] = '\0'; If the user input isn't NUL terminated and they haven't initialized the whole buffer then it leads to an info leak. The NUL terminator should be: buf[len - 1] = '\0'; Signed-off-by: Yihui Zeng <yzeng56(a)asu.edu> Cc: stable(a)vger.kernel.org Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> [heiko.carstens(a)de.ibm.com: keep semantics of how *lenp and *ppos are handled] Signed-off-by: Heiko Carstens <heiko.carstens(a)de.ibm.com> Signed-off-by: Vasily Gorbik <gor(a)linux.ibm.com> (cherry picked from commit b8e51a6a9db94bc1fb18ae831b3dab106b5a4b5f) Signed-off-by: Nico Pache <npache(a)redhat.com> --- arch/s390/mm/cmm.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/arch/s390/mm/cmm.c b/arch/s390/mm/cmm.c index 9d84a1feefef..846561d4245e 100644 --- a/arch/s390/mm/cmm.c +++ b/arch/s390/mm/cmm.c @@ -306,16 +306,16 @@ static int cmm_timeout_handler(ctl_table *ctl, int write, void __user *buffer, } if (write) { - len = *lenp; - if (copy_from_user(buf, buffer, - len > sizeof(buf) ? sizeof(buf) : len)) + len = min(*lenp, sizeof(buf)); + if (copy_from_user(buf, buffer, len)) return -EFAULT; - buf[sizeof(buf) - 1] = '\0'; + buf[len - 1] = '\0'; cmm_skip_blanks(buf, &p); nr = simple_strtoul(p, &p, 0); cmm_skip_blanks(p, &p); seconds = simple_strtoul(p, &p, 0); cmm_set_timeout(nr, seconds); + *ppos += *lenp; } else { len = sprintf(buf, "%ld %ld\n", cmm_timeout_pages, cmm_timeout_seconds); @@ -323,9 +323,9 @@ static int cmm_timeout_handler(ctl_table *ctl, int write, void __user *buffer, len = *lenp; if (copy_to_user(buffer, buf, len)) return -EFAULT; + *lenp = len; + *ppos += len; } - *lenp = len; - *ppos += len; return 0; } -- 2.18.1

5 years, 4 months

1
0
0 0

stable-rc/linux-5.4.y baseline: 59 runs, 1 regressions (v5.4.44-206-ga7debb64f8b4)

by kernelci.org bot

stable-rc/linux-5.4.y baseline: 59 runs, 1 regressions (v5.4.44-206-ga7debb64f8b4) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | results ----------------------+------+--------------+----------+-----------------+-------- at91-sama5d4_xplained | arm | lab-baylibre | gcc-8 | sama5_defconfig | 0/1 Details: https://kernelci.org/test/job/stable-rc/branch/linux-5.4.y/kernel/v5.4.44-2… Test: baseline Tree: stable-rc Branch: linux-5.4.y Describe: v5.4.44-206-ga7debb64f8b4 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: a7debb64f8b4820a8a003bf3bd0b702a111b4a4b Test Regressions ---------------- platform | arch | lab | compiler | defconfig | results ----------------------+------+--------------+----------+-----------------+-------- at91-sama5d4_xplained | arm | lab-baylibre | gcc-8 | sama5_defconfig | 0/1 Details: https://kernelci.org/test/plan/id/5ee91a11df46990a3d97bf1d Results: 0 PASS, 1 FAIL, 0 SKIP Full config: sama5_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.44-206-ga7debb64f8… HTML log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.44-206-ga7debb64f8… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2019.02-11-g17e793f… * baseline.login: https://kernelci.org/test/case/id/5ee91a11df46990a3d97bf1e failing since 66 days (last pass: v5.4.30-54-g6f04e8ca5355, first fail: v5.4.30-81-gf163418797b9)

5 years, 4 months

1
0
0 0

stable-rc/linux-5.6.y baseline: 108 runs, 1 regressions (v5.6.16-245-gb60e06c98873)

by kernelci.org bot

stable-rc/linux-5.6.y baseline: 108 runs, 1 regressions (v5.6.16-245-gb60e06c98873) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | results ---------------------+------+---------------+----------+------------------+-------- exynos5422-odroidxu3 | arm | lab-collabora | gcc-8 | exynos_defconfig | 0/1 Details: https://kernelci.org/test/job/stable-rc/branch/linux-5.6.y/kernel/v5.6.16-2… Test: baseline Tree: stable-rc Branch: linux-5.6.y Describe: v5.6.16-245-gb60e06c98873 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: b60e06c9887321691c8d341e86c085ed3a6a4138 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | results ---------------------+------+---------------+----------+------------------+-------- exynos5422-odroidxu3 | arm | lab-collabora | gcc-8 | exynos_defconfig | 0/1 Details: https://kernelci.org/test/plan/id/5ee9195483eca04a6d97bf1e Results: 0 PASS, 1 FAIL, 0 SKIP Full config: exynos_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/linux-5.6.y/v5.6.16-245-gb60e06c988… HTML log: https://storage.kernelci.org//stable-rc/linux-5.6.y/v5.6.16-245-gb60e06c988… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2019.02-11-g17e793f… * baseline.login: https://kernelci.org/test/case/id/5ee9195483eca04a6d97bf1f failing since 14 days (last pass: v5.6.13-193-g67346f550ad8, first fail: v5.6.15-178-gc72fcbc7d224)

5 years, 4 months

1
0
0 0

stable-rc/linux-4.9.y baseline: 72 runs, 1 regressions (v4.9.226-97-gbb217dde5322)

by kernelci.org bot

stable-rc/linux-4.9.y baseline: 72 runs, 1 regressions (v4.9.226-97-gbb217dde5322) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | results ----------------+------+--------------+----------+---------------------+-------- omap3-beagle-xm | arm | lab-baylibre | gcc-8 | omap2plus_defconfig | 0/1 Details: https://kernelci.org/test/job/stable-rc/branch/linux-4.9.y/kernel/v4.9.226-… Test: baseline Tree: stable-rc Branch: linux-4.9.y Describe: v4.9.226-97-gbb217dde5322 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: bb217dde5322a941e9840f3902a3ef062e8a83a3 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | results ----------------+------+--------------+----------+---------------------+-------- omap3-beagle-xm | arm | lab-baylibre | gcc-8 | omap2plus_defconfig | 0/1 Details: https://kernelci.org/test/plan/id/5ee90d7376ba6bab8497bf09 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: omap2plus_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/linux-4.9.y/v4.9.226-97-gbb217dde53… HTML log: https://storage.kernelci.org//stable-rc/linux-4.9.y/v4.9.226-97-gbb217dde53… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2019.02-11-g17e793f… * baseline.login: https://kernelci.org/test/case/id/5ee90d7376ba6bab8497bf0a new failure (last pass: v4.9.226-72-g6940a98776c9)

5 years, 4 months

1
0
0 0

[PATCH] ACPICA: fix UBSAN warning using __builtin_offsetof

by Nick Desaulniers

Will reported UBSAN warnings: UBSAN: null-ptr-deref in drivers/acpi/acpica/tbfadt.c:459:37 UBSAN: null-ptr-deref in arch/arm64/kernel/smp.c:596:6 Looks like the emulated offsetof macro ACPI_OFFSET is causing these. We can avoid this by using the compiler builtin, __builtin_offsetof. The non-kernel runtime of UBSAN would print: runtime error: member access within null pointer of type for this macro. Link: https://lore.kernel.org/lkml/20200521100952.GA5360@willie-the-truck/ Cc: stable(a)vger.kernel.org Reported-by: Will Deacon <will(a)kernel.org> Suggested-by: Ard Biesheuvel <ardb(a)kernel.org> Signed-off-by: Nick Desaulniers <ndesaulniers(a)google.com> --- include/acpi/actypes.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/acpi/actypes.h b/include/acpi/actypes.h index 4defed58ea33..04359c70b198 100644 --- a/include/acpi/actypes.h +++ b/include/acpi/actypes.h @@ -508,7 +508,7 @@ typedef u64 acpi_integer; #define ACPI_TO_POINTER(i) ACPI_CAST_PTR (void, (acpi_size) (i)) #define ACPI_TO_INTEGER(p) ACPI_PTR_DIFF (p, (void *) 0) -#define ACPI_OFFSET(d, f) ACPI_PTR_DIFF (&(((d *) 0)->f), (void *) 0) +#define ACPI_OFFSET(d, f) __builtin_offsetof(d, f) #define ACPI_PHYSADDR_TO_PTR(i) ACPI_TO_POINTER(i) #define ACPI_PTR_TO_PHYSADDR(i) ACPI_TO_INTEGER(i) -- 2.27.0.rc2.251.g90737beb825-goog

5 years, 4 months

7
18
0 0

stable-rc/linux-4.19.y baseline: 75 runs, 2 regressions (v4.19.126-148-g9301a9b9c27d)

by kernelci.org bot

stable-rc/linux-4.19.y baseline: 75 runs, 2 regressions (v4.19.126-148-g9301a9b9c27d) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | results ----------------------+-------+--------------+----------+-----------------+-------- at91-sama5d4_xplained | arm | lab-baylibre | gcc-8 | sama5_defconfig | 0/1 bcm2837-rpi-3-b | arm64 | lab-baylibre | gcc-8 | defconfig | 4/5 Details: https://kernelci.org/test/job/stable-rc/branch/linux-4.19.y/kernel/v4.19.12… Test: baseline Tree: stable-rc Branch: linux-4.19.y Describe: v4.19.126-148-g9301a9b9c27d URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: 9301a9b9c27d4cceb0092e65c9ad0844333a146a Test Regressions ---------------- platform | arch | lab | compiler | defconfig | results ----------------------+-------+--------------+----------+-----------------+-------- at91-sama5d4_xplained | arm | lab-baylibre | gcc-8 | sama5_defconfig | 0/1 Details: https://kernelci.org/test/plan/id/5ee901edd92b0148da97bf14 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: sama5_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/linux-4.19.y/v4.19.126-148-g9301a9b… HTML log: https://storage.kernelci.org//stable-rc/linux-4.19.y/v4.19.126-148-g9301a9b… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2019.02-11-g17e793f… * baseline.login: https://kernelci.org/test/case/id/5ee901edd92b0148da97bf15 failing since 0 day (last pass: v4.19.126-55-gf6c346f2d42d, first fail: v4.19.126-113-gd694d4388e88) platform | arch | lab | compiler | defconfig | results ----------------------+-------+--------------+----------+-----------------+-------- bcm2837-rpi-3-b | arm64 | lab-baylibre | gcc-8 | defconfig | 4/5 Details: https://kernelci.org/test/plan/id/5ee909a2d30c39a72497bf09 Results: 4 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-8 (aarch64-linux-gnu-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/linux-4.19.y/v4.19.126-148-g9301a9b… HTML log: https://storage.kernelci.org//stable-rc/linux-4.19.y/v4.19.126-148-g9301a9b… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2019.02-11-g17e793f… * baseline.dmesg.crit: https://kernelci.org/test/case/id/5ee909a2d30c39a72497bf0c new failure (last pass: v4.19.126-113-gd694d4388e88) 2 lines

5 years, 4 months

1
0
0 0

stable-rc/linux-4.14.y baseline: 85 runs, 1 regressions (v4.14.183-122-gbb81e4cb5570)

by kernelci.org bot

stable-rc/linux-4.14.y baseline: 85 runs, 1 regressions (v4.14.183-122-gbb81e4cb5570) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | results ----------------+-------+--------------+----------+-----------+-------- meson-gxbb-p200 | arm64 | lab-baylibre | gcc-8 | defconfig | 0/1 Details: https://kernelci.org/test/job/stable-rc/branch/linux-4.14.y/kernel/v4.14.18… Test: baseline Tree: stable-rc Branch: linux-4.14.y Describe: v4.14.183-122-gbb81e4cb5570 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: bb81e4cb5570c489657c5ce4ca6ab857282246b6 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | results ----------------+-------+--------------+----------+-----------+-------- meson-gxbb-p200 | arm64 | lab-baylibre | gcc-8 | defconfig | 0/1 Details: https://kernelci.org/test/plan/id/5ee8fd7f85783f6b0697bf10 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-8 (aarch64-linux-gnu-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/linux-4.14.y/v4.14.183-122-gbb81e4c… HTML log: https://storage.kernelci.org//stable-rc/linux-4.14.y/v4.14.183-122-gbb81e4c… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2019.02-11-g17e793f… * baseline.login: https://kernelci.org/test/case/id/5ee8fd7f85783f6b0697bf11 failing since 77 days (last pass: v4.14.172-114-g734382e2d26e, first fail: v4.14.174-131-g234ce78cac23)

5 years, 4 months

1
0
0 0

stable-rc/linux-4.4.y build: 150 builds: 1 failed, 149 passed, 2 errors, 11 warnings (v4.4.226-83-g43fb0f9d5b32)

by kernelci.org bot

stable-rc/linux-4.4.y build: 150 builds: 1 failed, 149 passed, 2 errors, 11 warnings (v4.4.226-83-g43fb0f9d5b32) Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.4.y/kernel/v4.4.226-83-… Tree: stable-rc Branch: linux-4.4.y Git Describe: v4.4.226-83-g43fb0f9d5b32 Git Commit: 43fb0f9d5b3227048e6be520bfe64a40d3d8bd7d Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Built: 6 unique architectures Build Failure Detected: arm: spear13xx_defconfig: (gcc-8) FAIL Errors and Warnings Detected: arc: allnoconfig (gcc-8): 3 warnings tinyconfig (gcc-8): 4 warnings arm64: arm: clps711x_defconfig (gcc-8): 1 warning lpc32xx_defconfig (gcc-8): 1 warning mxs_defconfig (gcc-8): 1 warning spear13xx_defconfig (gcc-8): 2 errors i386: mips: ip28_defconfig (gcc-8): 1 warning x86_64: Errors summary: 2 ./../include/linux/kconfig.h:4:10: fatal error: generated/autoconf.h: No such file or directory Warnings summary: 7 warning: (ARC) selects HAVE_FUTEX_CMPXCHG which has unmet direct dependencies (FUTEX) 1 drivers/net/ethernet/seeq/sgiseeq.c:804:26: warning: passing argument 5 of ‘dma_free_attrs’ makes pointer from integer without a cast [-Wint-conversion] 1 arch/arm/mach-mxs/mach-mxs.c:285:26: warning: duplicate ‘const’ declaration specifier [-Wduplicate-decl-specifier] 1 arch/arm/mach-lpc32xx/phy3250.c:215:36: warning: duplicate ‘const’ declaration specifier [-Wduplicate-decl-specifier] 1 arch/arm/mach-clps711x/board-autcpu12.c:163:26: warning: duplicate ‘const’ declaration specifier [-Wduplicate-decl-specifier] ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- acs5k_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (x86_64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (arm64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (arc, gcc-8) — PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: warning: (ARC) selects HAVE_FUTEX_CMPXCHG which has unmet direct dependencies (FUTEX) warning: (ARC) selects HAVE_FUTEX_CMPXCHG which has unmet direct dependencies (FUTEX) warning: (ARC) selects HAVE_FUTEX_CMPXCHG which has unmet direct dependencies (FUTEX) -------------------------------------------------------------------------------- allnoconfig (i386, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ar7_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ath79_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- axm55xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- axs103_defconfig (arc, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- axs103_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- badge4_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm47xx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm63xx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bigsur_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bmips_be_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bmips_stb_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cavium_octeon_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cerfcube_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ci20_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- clps711x_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: arch/arm/mach-clps711x/board-autcpu12.c:163:26: warning: duplicate ‘const’ declaration specifier [-Wduplicate-decl-specifier] -------------------------------------------------------------------------------- cm_x2xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cm_x300_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cobalt_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- colibri_pxa300_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- collie_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- corgi_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- db1xxx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- decstation_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig (arm64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- e55_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ebsa110_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- efm32_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- em_x270_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ep93xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- eseries_pxa_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- exynos_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- fuloong2e_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- gpr_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- h3600_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- h5000_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- hackkit_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- hisi_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- i386_defconfig (i386, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- imote2_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- integrator_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- iop13xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- iop33x_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip27_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip28_defconfig (mips, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/net/ethernet/seeq/sgiseeq.c:804:26: warning: passing argument 5 of ‘dma_free_attrs’ makes pointer from integer without a cast [-Wint-conversion] -------------------------------------------------------------------------------- ip32_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ixp4xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- jmr3927_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- jornada720_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- keystone_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ks8695_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lart_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lasat_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- loongson3_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lpc18xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lpc32xx_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: arch/arm/mach-lpc32xx/phy3250.c:215:36: warning: duplicate ‘const’ declaration specifier [-Wduplicate-decl-specifier] -------------------------------------------------------------------------------- lpd270_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ls1b_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mainstone_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_kvm_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_qemu_32r6_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltasmvp_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltaup_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltaup_xpa_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- markeins_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mini2440_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mips_paravirt_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mmp2_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- moxart_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mpc30x_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- msp71xx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mtx1_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v5_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v7_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mvebu_v7_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mxs_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: arch/arm/mach-mxs/mach-mxs.c:285:26: warning: duplicate ‘const’ declaration specifier [-Wduplicate-decl-specifier] -------------------------------------------------------------------------------- netwinder_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- netx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nhk8815_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nlm_xlp_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nlm_xlr_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nsim_hs_defconfig (arc, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nsim_hs_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nsimosci_hs_defconfig (arc, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nuc910_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nuc960_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- omap2plus_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- orion5x_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- palmz72_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pcm027_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- prima2_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa168_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa255-idp_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa910_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- qcom_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rb532_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rbtx49xx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- realview-smp_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- realview_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rm200_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rpc_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rt305x_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- s3c2410_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- s3c6400_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- s5pv210_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- sama5_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- sb1250_swarm_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- sead3_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- shannon_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- simpad_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- socfpga_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spear13xx_defconfig (arm, gcc-8) — FAIL, 2 errors, 0 warnings, 0 section mismatches Errors: ./../include/linux/kconfig.h:4:10: fatal error: generated/autoconf.h: No such file or directory ./../include/linux/kconfig.h:4:10: fatal error: generated/autoconf.h: No such file or directory -------------------------------------------------------------------------------- spear3xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spear6xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spitz_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- stm32_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- sunxi_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tb0219_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tb0287_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tct_hammer_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tegra_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (arc, gcc-8) — PASS, 0 errors, 4 warnings, 0 section mismatches Warnings: warning: (ARC) selects HAVE_FUTEX_CMPXCHG which has unmet direct dependencies (FUTEX) warning: (ARC) selects HAVE_FUTEX_CMPXCHG which has unmet direct dependencies (FUTEX) warning: (ARC) selects HAVE_FUTEX_CMPXCHG which has unmet direct dependencies (FUTEX) warning: (ARC) selects HAVE_FUTEX_CMPXCHG which has unmet direct dependencies (FUTEX) -------------------------------------------------------------------------------- tinyconfig (i386, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (x86_64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- trizeps4_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- u300_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- u8500_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vdk_hs38_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- versatile_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vexpress_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vf610m4_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- viper_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vt8500_v6_v7_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- workpad_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig (x86_64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- xcep_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- xilfpga_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- xway_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- zeus_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- zx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

5 years, 4 months

1
0
0 0

[PATCH 1/2] mm, compaction: make capture control handling safe wrt interrupts

by Vlastimil Babka

Hugh reports: ===== While stressing compaction, one run oopsed on NULL capc->cc in __free_one_page()'s task_capc(zone): compact_zone_order() had been interrupted, and a page was being freed in the return from interrupt. Though you would not expect it from the source, both gccs I was using (a 4.8.1 and a 7.5.0) had chosen to compile compact_zone_order() with the ".cc = &cc" implemented by mov %rbx,-0xb0(%rbp) immediately before callq compact_zone - long after the "current->capture_control = &capc". An interrupt in between those finds capc->cc NULL (zeroed by an earlier rep stos). This could presumably be fixed by a barrier() before setting current->capture_control in compact_zone_order(); but would also need more care on return from compact_zone(), in order not to risk leaking a page captured by interrupt just before capture_control is reset. Maybe that is the preferable fix, but I felt safer for task_capc() to exclude the rather surprising possibility of capture at interrupt time. ===== I have checked that gcc10 also behaves the same. The advantage of fix in compact_zone_order() is that we don't add another test in the page freeing hot path, and that it might prevent future problems if we stop exposing pointers to unitialized structures in current task. So this patch implements the suggestion for compact_zone_order() with barrier() (and WRITE_ONCE() to prevent store tearing) for setting current->capture_control, and prevents page leaking with WRITE_ONCE/READ_ONCE in the proper order. Fixes: 5e1f0f098b46 ("mm, compaction: capture a page under direct compaction") Cc: stable(a)vger.kernel.org # 5.1+ Reported-by: Hugh Dickins <hughd(a)google.com> Suggested-by: Hugh Dickins <hughd(a)google.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> --- mm/compaction.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/mm/compaction.c b/mm/compaction.c index fd988b7e5f2b..86375605faa9 100644 --- a/mm/compaction.c +++ b/mm/compaction.c @@ -2316,15 +2316,26 @@ static enum compact_result compact_zone_order(struct zone *zone, int order, .page = NULL, }; - current->capture_control = &capc; + /* + * Make sure the structs are really initialized before we expose the + * capture control, in case we are interrupted and the interrupt handler + * frees a page. + */ + barrier(); + WRITE_ONCE(current->capture_control, &capc); ret = compact_zone(&cc, &capc); VM_BUG_ON(!list_empty(&cc.freepages)); VM_BUG_ON(!list_empty(&cc.migratepages)); - *capture = capc.page; - current->capture_control = NULL; + /* + * Make sure we hide capture control first before we read the captured + * page pointer, otherwise an interrupt could free and capture a page + * and we would leak it. + */ + WRITE_ONCE(current->capture_control, NULL); + *capture = READ_ONCE(capc.page); return ret; } -- 2.27.0

5 years, 4 months

2
1
0 0

+ mm-memcontrol-fix-do-not-put-the-css-reference.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/memcontrol.c: add missed css_put() has been added to the -mm tree. Its filename is mm-memcontrol-fix-do-not-put-the-css-reference.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-memcontrol-fix-do-not-put-the-c… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-memcontrol-fix-do-not-put-the-c… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Muchun Song <songmuchun(a)bytedance.com> Subject: mm/memcontrol.c: add missed css_put() We should put the css reference when memory allocation failed. Link: http://lkml.kernel.org/r/20200614122653.98829-1-songmuchun@bytedance.com Fixes: f0a3a24b532d ("mm: memcg/slab: rework non-root kmem_cache lifecycle management") Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> Acked-by: Roman Gushchin <guro(a)fb.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Vladimir Davydov <vdavydov.dev(a)gmail.com> Cc: Qian Cai <cai(a)lca.pw> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memcontrol.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/mm/memcontrol.c~mm-memcontrol-fix-do-not-put-the-css-reference +++ a/mm/memcontrol.c @@ -2772,8 +2772,10 @@ static void memcg_schedule_kmem_cache_cr return; cw = kmalloc(sizeof(*cw), GFP_NOWAIT | __GFP_NOWARN); - if (!cw) + if (!cw) { + css_put(&memcg->css); return; + } cw->memcg = memcg; cw->cachep = cachep; _ Patches currently in -mm which might be from songmuchun(a)bytedance.com are mm-memcontrol-fix-do-not-put-the-css-reference.patch

5 years, 4 months

1
0
0 0

stable-rc/linux-5.4.y baseline: 82 runs, 2 regressions (v5.4.44-207-gfb0f5b2f83d5)

by kernelci.org bot

stable-rc/linux-5.4.y baseline: 82 runs, 2 regressions (v5.4.44-207-gfb0f5b2f83d5) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | results ----------------------+-------+--------------+----------+-----------------+-------- at91-sama5d4_xplained | arm | lab-baylibre | gcc-8 | sama5_defconfig | 0/1 bcm2837-rpi-3-b | arm64 | lab-baylibre | gcc-8 | defconfig | 4/5 Details: https://kernelci.org/test/job/stable-rc/branch/linux-5.4.y/kernel/v5.4.44-2… Test: baseline Tree: stable-rc Branch: linux-5.4.y Describe: v5.4.44-207-gfb0f5b2f83d5 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: fb0f5b2f83d55889e853c892505f02fd31a61a90 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | results ----------------------+-------+--------------+----------+-----------------+-------- at91-sama5d4_xplained | arm | lab-baylibre | gcc-8 | sama5_defconfig | 0/1 Details: https://kernelci.org/test/plan/id/5ee8e85bf60127a96697bf1a Results: 0 PASS, 1 FAIL, 0 SKIP Full config: sama5_defconfig Compiler: gcc-8 (arm-linux-gnueabihf-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.44-207-gfb0f5b2f83… HTML log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.44-207-gfb0f5b2f83… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2019.02-11-g17e793f… * baseline.login: https://kernelci.org/test/case/id/5ee8e85bf60127a96697bf1b failing since 65 days (last pass: v5.4.30-54-g6f04e8ca5355, first fail: v5.4.30-81-gf163418797b9) platform | arch | lab | compiler | defconfig | results ----------------------+-------+--------------+----------+-----------------+-------- bcm2837-rpi-3-b | arm64 | lab-baylibre | gcc-8 | defconfig | 4/5 Details: https://kernelci.org/test/plan/id/5ee8e948c57af2cca697bf10 Results: 4 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-8 (aarch64-linux-gnu-gcc (Debian 8.3.0-2) 8.3.0) Plain log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.44-207-gfb0f5b2f83… HTML log: https://storage.kernelci.org//stable-rc/linux-5.4.y/v5.4.44-207-gfb0f5b2f83… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/kci-2019.02-11-g17e793f… * baseline.dmesg.crit: https://kernelci.org/test/case/id/5ee8e948c57af2cca697bf13 failing since 10 days (last pass: v5.4.44, first fail: v5.4.44-39-g0e4e419d5fc3) 1 lines

5 years, 4 months

1
0
0 0

stable-rc/linux-5.4.y build: 151 builds: 1 failed, 150 passed, 1 error, 82 warnings (v5.4.44-206-ga7debb64f8b4)

by kernelci.org bot

stable-rc/linux-5.4.y build: 151 builds: 1 failed, 150 passed, 1 error, 82 warnings (v5.4.44-206-ga7debb64f8b4) Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-5.4.y/kernel/v5.4.44-206-… Tree: stable-rc Branch: linux-5.4.y Git Describe: v5.4.44-206-ga7debb64f8b4 Git Commit: a7debb64f8b4820a8a003bf3bd0b702a111b4a4b Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Built: 7 unique architectures Build Failure Detected: mips: ip27_defconfig: (gcc-8) FAIL Errors and Warnings Detected: arc: allnoconfig (gcc-8): 1 warning axs103_defconfig (gcc-8): 2 warnings axs103_smp_defconfig (gcc-8): 2 warnings hsdk_defconfig (gcc-8): 2 warnings nsimosci_hs_defconfig (gcc-8): 2 warnings nsimosci_hs_smp_defconfig (gcc-8): 2 warnings tinyconfig (gcc-8): 1 warning vdk_hs38_defconfig (gcc-8): 1 warning vdk_hs38_smp_defconfig (gcc-8): 1 warning arm64: defconfig (gcc-8): 14 warnings arm: am200epdkit_defconfig (gcc-8): 1 warning assabet_defconfig (gcc-8): 1 warning axm55xx_defconfig (gcc-8): 1 warning cm_x300_defconfig (gcc-8): 1 warning cns3420vb_defconfig (gcc-8): 1 warning colibri_pxa270_defconfig (gcc-8): 1 warning colibri_pxa300_defconfig (gcc-8): 1 warning collie_defconfig (gcc-8): 1 warning eseries_pxa_defconfig (gcc-8): 1 warning ezx_defconfig (gcc-8): 1 warning h3600_defconfig (gcc-8): 1 warning h5000_defconfig (gcc-8): 1 warning imote2_defconfig (gcc-8): 1 warning imx_v4_v5_defconfig (gcc-8): 1 warning imx_v6_v7_defconfig (gcc-8): 1 warning ixp4xx_defconfig (gcc-8): 1 warning keystone_defconfig (gcc-8): 1 warning lpc32xx_defconfig (gcc-8): 1 warning magician_defconfig (gcc-8): 1 warning milbeaut_m10v_defconfig (gcc-8): 1 warning mini2440_defconfig (gcc-8): 1 warning mmp2_defconfig (gcc-8): 1 warning mv78xx0_defconfig (gcc-8): 1 warning mvebu_v5_defconfig (gcc-8): 1 warning mvebu_v7_defconfig (gcc-8): 1 warning mxs_defconfig (gcc-8): 1 warning omap1_defconfig (gcc-8): 1 warning orion5x_defconfig (gcc-8): 1 warning oxnas_v6_defconfig (gcc-8): 1 warning pcm027_defconfig (gcc-8): 1 warning prima2_defconfig (gcc-8): 1 warning pxa168_defconfig (gcc-8): 1 warning pxa3xx_defconfig (gcc-8): 1 warning pxa910_defconfig (gcc-8): 1 warning realview_defconfig (gcc-8): 1 warning s3c6400_defconfig (gcc-8): 1 warning s5pv210_defconfig (gcc-8): 1 warning sama5_defconfig (gcc-8): 1 warning shannon_defconfig (gcc-8): 1 warning spear13xx_defconfig (gcc-8): 1 warning tango4_defconfig (gcc-8): 1 warning tegra_defconfig (gcc-8): 1 warning trizeps4_defconfig (gcc-8): 1 warning versatile_defconfig (gcc-8): 1 warning vexpress_defconfig (gcc-8): 1 warning viper_defconfig (gcc-8): 1 warning xcep_defconfig (gcc-8): 1 warning i386: mips: ip27_defconfig (gcc-8): 1 error riscv: rv32_defconfig (gcc-8): 6 warnings x86_64: tinyconfig (gcc-8): 1 warning Errors summary: 1 arch/mips/pci/pci-xtalk-bridge.c:287:9: error: ‘struct bridge_irq_chip_data’ has no member named ‘nnasid’; did you mean ‘nasid’? Warnings summary: 43 WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL 16 <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] 4 drivers/video/fbdev/sa1100fb.c:975:21: warning: ‘sa1100fb_min_dma_period’ defined but not used [-Wunused-function] 2 arch/arm64/include/asm/memory.h:239:15: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] 2 arch/arm64/boot/dts/exynos/exynos5433.dtsi:254.3-29: Warning (reg_format): /gpu@14ac0000:reg: property has invalid length (8 bytes) (#address-cells == 2, #size-cells == 2) 2 <stdin>:830:2: warning: #warning syscall fstat64 not implemented [-Wcpp] 2 <stdin>:1127:2: warning: #warning syscall fstatat64 not implemented [-Wcpp] 1 arch/arm64/boot/dts/exynos/exynos7.dtsi:83.3-29: Warning (reg_format): /gpu@14ac0000:reg: property has invalid length (8 bytes) (#address-cells == 2, #size-cells == 2) 1 arch/arm64/boot/dts/exynos/exynos7-espresso.dtb: Warning (spi_bus_reg): Failed prerequisite 'reg_format' 1 arch/arm64/boot/dts/exynos/exynos7-espresso.dtb: Warning (pci_device_bus_num): Failed prerequisite 'reg_format' 1 arch/arm64/boot/dts/exynos/exynos7-espresso.dtb: Warning (i2c_bus_reg): Failed prerequisite 'reg_format' 1 arch/arm64/boot/dts/exynos/exynos5433-tm2e.dtb: Warning (spi_bus_reg): Failed prerequisite 'reg_format' 1 arch/arm64/boot/dts/exynos/exynos5433-tm2e.dtb: Warning (pci_device_bus_num): Failed prerequisite 'reg_format' 1 arch/arm64/boot/dts/exynos/exynos5433-tm2e.dtb: Warning (i2c_bus_reg): Failed prerequisite 'reg_format' 1 arch/arm64/boot/dts/exynos/exynos5433-tm2.dtb: Warning (spi_bus_reg): Failed prerequisite 'reg_format' 1 arch/arm64/boot/dts/exynos/exynos5433-tm2.dtb: Warning (pci_device_bus_num): Failed prerequisite 'reg_format' 1 arch/arm64/boot/dts/exynos/exynos5433-tm2.dtb: Warning (i2c_bus_reg): Failed prerequisite 'reg_format' 1 .config:1156:warning: override: UNWINDER_GUESS changes choice state Section mismatches summary: 1 WARNING: vmlinux.o(.text.unlikely+0x3598): Section mismatch in reference from the function pmax_setup_memory_region() to the function .init.text:add_memory_region() ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- allnoconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- allnoconfig (arm64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (riscv, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (i386, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (x86_64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- allnoconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- am200epdkit_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- aspeed_g4_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- aspeed_g5_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- assabet_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/video/fbdev/sa1100fb.c:975:21: warning: ‘sa1100fb_min_dma_period’ defined but not used [-Wunused-function] -------------------------------------------------------------------------------- ath25_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ath79_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- axm55xx_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- axs103_defconfig (arc, gcc-8) — PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- axs103_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- bcm2835_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm47xx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bcm63xx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bmips_be_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- bmips_stb_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- capcella_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ci20_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- clps711x_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- cm_x300_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- cns3420vb_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- cobalt_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- colibri_pxa270_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- colibri_pxa300_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- collie_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/video/fbdev/sa1100fb.c:975:21: warning: ‘sa1100fb_min_dma_period’ defined but not used [-Wunused-function] -------------------------------------------------------------------------------- corgi_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- decstation_64_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- decstation_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches Section mismatches: WARNING: vmlinux.o(.text.unlikely+0x3598): Section mismatch in reference from the function pmax_setup_memory_region() to the function .init.text:add_memory_region() -------------------------------------------------------------------------------- defconfig (arm64, gcc-8) — PASS, 0 errors, 14 warnings, 0 section mismatches Warnings: arch/arm64/include/asm/memory.h:239:15: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] arch/arm64/include/asm/memory.h:239:15: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] arch/arm64/boot/dts/exynos/exynos5433.dtsi:254.3-29: Warning (reg_format): /gpu@14ac0000:reg: property has invalid length (8 bytes) (#address-cells == 2, #size-cells == 2) arch/arm64/boot/dts/exynos/exynos5433-tm2.dtb: Warning (pci_device_bus_num): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos5433-tm2.dtb: Warning (i2c_bus_reg): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos5433-tm2.dtb: Warning (spi_bus_reg): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos5433.dtsi:254.3-29: Warning (reg_format): /gpu@14ac0000:reg: property has invalid length (8 bytes) (#address-cells == 2, #size-cells == 2) arch/arm64/boot/dts/exynos/exynos5433-tm2e.dtb: Warning (pci_device_bus_num): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos5433-tm2e.dtb: Warning (i2c_bus_reg): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos5433-tm2e.dtb: Warning (spi_bus_reg): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos7.dtsi:83.3-29: Warning (reg_format): /gpu@14ac0000:reg: property has invalid length (8 bytes) (#address-cells == 2, #size-cells == 2) arch/arm64/boot/dts/exynos/exynos7-espresso.dtb: Warning (pci_device_bus_num): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos7-espresso.dtb: Warning (i2c_bus_reg): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos7-espresso.dtb: Warning (spi_bus_reg): Failed prerequisite 'reg_format' -------------------------------------------------------------------------------- defconfig (riscv, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- e55_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ebsa110_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- efm32_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- eseries_pxa_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- ezx_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- footbridge_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- fuloong2e_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- gcw0_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- gemini_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- gpr_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- h3600_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/video/fbdev/sa1100fb.c:975:21: warning: ‘sa1100fb_min_dma_period’ defined but not used [-Wunused-function] -------------------------------------------------------------------------------- h5000_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- hisi_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- hsdk_defconfig (arc, gcc-8) — PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- i386_defconfig (i386, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- imote2_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- imx_v4_v5_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- imx_v6_v7_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- iop32x_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip22_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip27_defconfig (mips, gcc-8) — FAIL, 1 error, 0 warnings, 0 section mismatches Errors: arch/mips/pci/pci-xtalk-bridge.c:287:9: error: ‘struct bridge_irq_chip_data’ has no member named ‘nnasid’; did you mean ‘nasid’? -------------------------------------------------------------------------------- ip28_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ip32_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- ixp4xx_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- jazz_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- jmr3927_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- jornada720_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- keystone_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- lart_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lemote2f_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- loongson1c_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- loongson3_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lpc32xx_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- lpd270_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- lubbock_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- magician_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- mainstone_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- malta_kvm_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltaaprp_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltasmvp_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltasmvp_eva_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- maltaup_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- markeins_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- milbeaut_m10v_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- mini2440_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- mips_paravirt_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mmp2_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- mpc30x_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- msp71xx_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mtx1_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v4t_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- mv78xx0_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- mvebu_v5_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- mvebu_v7_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- mxs_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- netwinder_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nlm_xlr_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- nsimosci_hs_defconfig (arc, gcc-8) — PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- nsimosci_hs_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- omap1_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- omega2p_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- orion5x_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- oxnas_v6_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- pcm027_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- pic32mzda_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pistachio_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pleb_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pnx8335_stb225_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- prima2_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- pxa168_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- pxa255-idp_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- pxa3xx_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- pxa910_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- qi_lb60_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rb532_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- realview_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- rpc_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rt305x_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- rv32_defconfig (riscv, gcc-8) — PASS, 0 errors, 6 warnings, 0 section mismatches Warnings: <stdin>:830:2: warning: #warning syscall fstat64 not implemented [-Wcpp] <stdin>:1127:2: warning: #warning syscall fstatat64 not implemented [-Wcpp] <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] <stdin>:830:2: warning: #warning syscall fstat64 not implemented [-Wcpp] <stdin>:1127:2: warning: #warning syscall fstatat64 not implemented [-Wcpp] <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- s3c2410_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- s3c6400_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- s5pv210_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- sama5_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- sb1250_swarm_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- shannon_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: drivers/video/fbdev/sa1100fb.c:975:21: warning: ‘sa1100fb_min_dma_period’ defined but not used [-Wunused-function] -------------------------------------------------------------------------------- shmobile_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- simpad_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- socfpga_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spear13xx_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- spear3xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spear6xx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- spitz_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- stm32_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tango4_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- tb0219_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tb0226_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tb0287_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tct_hammer_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tegra_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- tinyconfig (arm64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (x86_64, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: .config:1156:warning: override: UNWINDER_GUESS changes choice state -------------------------------------------------------------------------------- tinyconfig (i386, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- tinyconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- tinyconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- trizeps4_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- vdk_hs38_defconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- vdk_hs38_smp_defconfig (arc, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: <stdin>:1511:2: warning: #warning syscall clone3 not implemented [-Wcpp] -------------------------------------------------------------------------------- versatile_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- vexpress_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- viper_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- vocore2_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- vt8500_v6_v7_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- workpad_defconfig (mips, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig (x86_64, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- xcep_defconfig (arm, gcc-8) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: WARNING: "return_address" [vmlinux] is a static EXPORT_SYMBOL_GPL -------------------------------------------------------------------------------- zx_defconfig (arm, gcc-8) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

5 years, 4 months

1
0
0 0

patch "Staging: rtl8723bs: prevent buffer overflow in" added to staging-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Staging: rtl8723bs: prevent buffer overflow in to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From b65a2d8c8614386f7e8d38ea150749f8a862f431 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Wed, 3 Jun 2020 13:19:58 +0300 Subject: Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() The "ie_len" variable is in the 0-255 range and it comes from the network. If it's over NDIS_802_11_LENGTH_RATES_EX (16) then that will lead to memory corruption. Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: stable <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20200603101958.GA1845750@mwanda Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/rtl8723bs/core/rtw_wlan_util.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/staging/rtl8723bs/core/rtw_wlan_util.c b/drivers/staging/rtl8723bs/core/rtw_wlan_util.c index 69bcd172b298..a3ea7ce3e12e 100644 --- a/drivers/staging/rtl8723bs/core/rtw_wlan_util.c +++ b/drivers/staging/rtl8723bs/core/rtw_wlan_util.c @@ -1824,12 +1824,14 @@ int update_sta_support_rate(struct adapter *padapter, u8 *pvar_ie, uint var_ie_l pIE = (struct ndis_80211_var_ie *)rtw_get_ie(pvar_ie, _SUPPORTEDRATES_IE_, &ie_len, var_ie_len); if (!pIE) return _FAIL; + if (ie_len > sizeof(pmlmeinfo->FW_sta_info[cam_idx].SupportedRates)) + return _FAIL; memcpy(pmlmeinfo->FW_sta_info[cam_idx].SupportedRates, pIE->data, ie_len); supportRateNum = ie_len; pIE = (struct ndis_80211_var_ie *)rtw_get_ie(pvar_ie, _EXT_SUPPORTEDRATES_IE_, &ie_len, var_ie_len); - if (pIE) + if (pIE && (ie_len <= sizeof(pmlmeinfo->FW_sta_info[cam_idx].SupportedRates) - supportRateNum)) memcpy((pmlmeinfo->FW_sta_info[cam_idx].SupportedRates + supportRateNum), pIE->data, ie_len); return _SUCCESS; -- 2.27.0

5 years, 4 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror