- Linux-stable-mirror - lists.linaro.org

[PATCH v3 1/2] Bluetooth: hci_ath: Add NULL check for tiocmget() and tiocmset() in ath_setup()

by Myungho Jung

tiocmget() and tiocmset() operations are optional so they are not guaranteed to be set. Return ENODEV in ath_setup() if tty driver doesn't support the operations. Fixes: 4c876c0edbdc ("hci_uart: Add Atheros support for address config") Cc: <stable(a)vger.kernel.org> # 4.1 Signed-off-by: Myungho Jung <mhjungk(a)gmail.com> --- Changes in v2: - Add NULL check and return error in ath_setup() instead of ath_hci_uart_work() Changes in v3: - Fix to return -ENODEV - Split into 2 patches - Add stable CC and fixes tags drivers/bluetooth/hci_ath.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/bluetooth/hci_ath.c b/drivers/bluetooth/hci_ath.c index d568fbd94d6c..9f1ac1805d23 100644 --- a/drivers/bluetooth/hci_ath.c +++ b/drivers/bluetooth/hci_ath.c @@ -185,8 +185,14 @@ static int ath_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr) static int ath_setup(struct hci_uart *hu) { + struct tty_struct *tty = hu->tty; + BT_DBG("hu %p", hu); + /* tty driver should support operations to set RTS */ + if (!tty->driver->ops->tiocmget || !tty->driver->ops->tiocmset) + return -ENODEV; + hu->hdev->set_bdaddr = ath_set_bdaddr; return 0; -- 2.17.1

6 years, 7 months

1
0
0 0

[PATCH 4.19 00/74] 4.19.20-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.20 release. There are 74 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Feb 6 10:35:34 UTC 2019. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.20-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.20-rc1 Paulo Alcantara <paulo(a)paulo.ac> cifs: Always resolve hostname before reconnecting Alexei Naberezhnov <anaberezhnov(a)fb.com> md/raid5: fix 'out of memory' during raid cache recovery Frank Rowand <frank.rowand(a)sony.com> of: overlay: do not duplicate properties from overlay for new nodes Frank Rowand <frank.rowand(a)sony.com> of: overlay: use prop add changeset entry for property in new nodes Frank Rowand <frank.rowand(a)sony.com> of: overlay: add missing of_node_get() in __of_attach_node_sysfs Frank Rowand <frank.rowand(a)sony.com> of: overlay: add tests to validate kfrees from overlay removal Rob Herring <robh(a)kernel.org> of: Convert to using %pOFn instead of device_node.name David Hildenbrand <david(a)redhat.com> mm: migrate: don't rely on __PageMovable() of newpage after unlocking it Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> mm: hwpoison: use do_send_sig_info() instead of force_sig() Shakeel Butt <shakeelb(a)google.com> mm, oom: fix use-after-free in oom_kill_process Oscar Salvador <osalvador(a)suse.de> mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> oom, oom_reaper: do not enqueue same task twice Andrea Arcangeli <aarcange(a)redhat.com> mm/hugetlb.c: teach follow_hugetlb_page() to handle FOLL_NOWAIT Andrei Vagin <avagin(a)gmail.com> kernel/exit.c: release ptraced tasks before zap_pid_ns_processes Eric W. Biederman <ebiederm(a)xmission.com> btrfs: On error always free subvol_name in btrfs_mount Filipe Manana <fdmanana(a)suse.com> Btrfs: fix deadlock when allocating tree block during leaf/node split Stefan Wahren <stefan.wahren(a)i2se.com> mmc: sdhci-iproc: handle mmc_of_parse() errors during probe João Paulo Rechi Vita <jprvita(a)gmail.com> platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes João Paulo Rechi Vita <jprvita(a)gmail.com> platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Remove overly conservative VM_EXEC flag check Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed hp_pin no value Olek Poplavsky <woodenbits(a)gmail.com> ALSA: usb-audio: Add Opus #3 to quirks for native DSD support Chaotian Jing <chaotian.jing(a)mediatek.com> mmc: mediatek: fix incorrect register setting of hs400_cmd_int_delay Lukas Wunner <lukas(a)wunner.de> mmc: bcm2835: Fix DMA channel leak on probe error Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Revert "Fix loop in gfs2_rbm_find" Neo Hou <neo.hou(a)unisoc.com> gpio: sprd: Fix incorrect irq type setting for the async EIC Neo Hou <neo.hou(a)unisoc.com> gpio: sprd: Fix the incorrect data register Roger Quadros <rogerq(a)ti.com> gpio: pcf857x: Fix interrupts on multiple instances Bartosz Golaszewski <bgolaszewski(a)baylibre.com> gpiolib: fix line event timestamps for nested irqs Axel Lin <axel.lin(a)ingics.com> gpio: altera-a10sr: Set proper output level for direction_output James Morse <james.morse(a)arm.com> arm64: hibernate: Clean the __hyp_text to PoC after resume James Morse <james.morse(a)arm.com> arm64: hyp-stub: Forbid kprobing of the hyp-stub Catalin Marinas <catalin.marinas(a)arm.com> arm64: Do not issue IPIs for user executable ptes Ard Biesheuvel <ard.biesheuvel(a)linaro.org> arm64: kaslr: ensure randomized quantities are clean also when kaslr is off Koen Vandeputte <koen.vandeputte(a)ncentric.com> ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment Trond Myklebust <trondmy(a)gmail.com> NFS: Fix up return value on fatal errors in nfs_page_async_flush() Kees Cook <keescook(a)chromium.org> selftests/seccomp: Enhance per-arch ptrace syscall skip tests Gerald Schaefer <gerald.schaefer(a)de.ibm.com> iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() Waiman Long <longman(a)redhat.com> fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Do not consider -ENODATA as stat failure for reads Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Fix trace command logging for SMB2 reads and writes Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Do not count -ENODATA as failure for query directory Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> virtio_net: Differentiate sk_buff and xdp_frame on freeing Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> virtio_net: Use xdp_return_frame to free xdp_frames on destroying vqs Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> virtio_net: Don't process redirected XDP frames when XDP is disabled Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> virtio_net: Fix out of bounds access of sq Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> virtio_net: Fix not restoring real_num_rx_queues Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> virtio_net: Don't call free_old_xmit_skbs for xdp_frames Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> virtio_net: Don't enable NAPI when interface is down Xin Long <lucien.xin(a)gmail.com> sctp: set flow sport from saddr only when it's 0 Xin Long <lucien.xin(a)gmail.com> sctp: set chunk transport correctly when it's a new asoc Bodong Wang <bodong(a)mellanox.com> Revert "net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager" Nir Dotan <nird(a)mellanox.com> ip6mr: Fix notifiers call on mroute_clean_tables() Aya Levin <ayal(a)mellanox.com> net/mlx5e: Allow MAC invalidation while spoofchk is ON Xin Long <lucien.xin(a)gmail.com> sctp: improve the events for sctp stream adding Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> net: ip6_gre: always reports o_key to userspace Jason Wang <jasowang(a)redhat.com> vhost: fix OOB in get_rx_bufs() Mathias Thore <mathias.thore(a)infinera.com> ucc_geth: Reset BQL queue when stopping device George Amanakis <gamanakis(a)gmail.com> tun: move the call to tun_set_real_num_queues Xin Long <lucien.xin(a)gmail.com> sctp: improve the events for sctp stream reset Simon Horman <horms+renesas(a)verge.net.au> ravb: expand rx descriptor data to accommodate hw checksum Josh Elsasser <jelsasser(a)appneta.com> net: set default network namespace in init_dummy_netdev() Bernard Pidoux <f6bvp(a)free.fr> net/rose: fix NULL ax25_cb kernel panic Cong Wang <xiyou.wangcong(a)gmail.com> netrom: switch to sock timer API Aya Levin <ayal(a)mellanox.com> net/mlx4_core: Add masking for a few queries on HCA caps Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> net: ip_gre: use erspan key field for tunnel lookup Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> net: ip_gre: always reports o_key to userspace Jacob Wen <jian.w.wen(a)oracle.com> l2tp: fix reading optional fields of L2TPv3 Jacob Wen <jian.w.wen(a)oracle.com> l2tp: copy 4 more bytes to linear part if necessary Daniel Borkmann <daniel(a)iogearbox.net> ipvlan, l3mdev: fix broken l3s mode wrt local routes Yohei Kanemaru <yohei.kanemaru(a)gmail.com> ipv6: sr: clear IP6CB(skb) on SRH ip4ip6 encapsulation David Ahern <dsahern(a)gmail.com> ipv6: Consider sk_bound_dev_if when binding a socket to an address Arnd Bergmann <arnd(a)arndb.de> drm/msm/gpu: fix building without debugfs Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Fix "net: ipv4: do not handle duplicate fragments as overlapping" ------------- Diffstat: Makefile | 4 +- arch/arm/mach-cns3xxx/pcie.c | 2 +- arch/arm64/kernel/hibernate.c | 4 +- arch/arm64/kernel/hyp-stub.S | 2 + arch/arm64/kernel/kaslr.c | 1 + arch/arm64/mm/flush.c | 6 +- drivers/gpio/gpio-altera-a10sr.c | 4 +- drivers/gpio/gpio-eic-sprd.c | 14 +- drivers/gpio/gpio-pcf857x.c | 26 ++-- drivers/gpio/gpiolib.c | 10 +- drivers/gpu/drm/msm/msm_gpu.h | 2 +- drivers/infiniband/hw/hfi1/file_ops.c | 2 +- drivers/iommu/intel-iommu.c | 2 +- drivers/md/raid5-cache.c | 33 +++-- drivers/md/raid5.c | 8 +- drivers/mmc/host/bcm2835.c | 2 + drivers/mmc/host/mtk-sd.c | 2 +- drivers/mmc/host/sdhci-iproc.c | 5 +- drivers/net/ethernet/freescale/ucc_geth.c | 2 + drivers/net/ethernet/mellanox/mlx4/fw.c | 75 ++++++---- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 22 +-- drivers/net/ethernet/renesas/ravb_main.c | 12 +- drivers/net/ipvlan/ipvlan_main.c | 6 +- drivers/net/tun.c | 3 +- drivers/net/virtio_net.c | 169 +++++++++++++++------- drivers/of/device.c | 5 +- drivers/of/dynamic.c | 32 +++- drivers/of/kobj.c | 4 +- drivers/of/of_mdio.c | 12 +- drivers/of/of_numa.c | 4 +- drivers/of/overlay.c | 117 ++++++++++----- drivers/of/platform.c | 8 +- drivers/of/unittest.c | 12 +- drivers/platform/x86/asus-nb-wmi.c | 3 +- drivers/vhost/net.c | 3 +- drivers/vhost/scsi.c | 2 +- drivers/vhost/vhost.c | 7 +- drivers/vhost/vhost.h | 4 +- drivers/vhost/vsock.c | 2 +- fs/btrfs/ctree.c | 78 ++++++---- fs/btrfs/super.c | 3 + fs/cifs/connect.c | 53 +++++++ fs/cifs/smb2pdu.c | 50 ++++--- fs/dcache.c | 6 +- fs/gfs2/rgrp.c | 2 +- fs/nfs/write.c | 9 +- include/linux/netdevice.h | 8 + include/linux/of.h | 15 +- include/linux/sched/coredump.h | 1 + include/net/l3mdev.h | 3 +- kernel/exit.c | 12 +- mm/hugetlb.c | 3 +- mm/memory-failure.c | 3 +- mm/memory_hotplug.c | 36 +++-- mm/migrate.c | 7 +- mm/oom_kill.c | 12 +- net/core/dev.c | 3 + net/ipv4/gre_demux.c | 17 +++ net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 16 +- net/ipv6/af_inet6.c | 3 + net/ipv6/ip6_gre.c | 11 +- net/ipv6/ip6mr.c | 7 +- net/ipv6/seg6_iptunnel.c | 2 + net/l2tp/l2tp_core.c | 9 +- net/l2tp/l2tp_core.h | 20 +++ net/l2tp/l2tp_ip.c | 3 + net/l2tp/l2tp_ip6.c | 3 + net/netrom/nr_timer.c | 20 +-- net/rose/rose_route.c | 5 + net/sctp/ipv6.c | 3 +- net/sctp/protocol.c | 3 +- net/sctp/sm_make_chunk.c | 11 +- net/sctp/stream.c | 58 ++++---- sound/pci/hda/patch_realtek.c | 78 +++++----- sound/usb/quirks.c | 1 + tools/testing/selftests/seccomp/seccomp_bpf.c | 72 +++++++-- 77 files changed, 858 insertions(+), 423 deletions(-)

6 years, 7 months

3
76
0 0

[PATCH] scsi: cxlflash: Prevent deadlock when adapter probe fails

by Vaibhav Jain

Presently when an error is encountered during probe of the cxlflash adapter, a deadlock is seen with cpu thread stuck inside cxlflash_remove(). Below is the trace of the deadlock as logged by khungtaskd: cxlflash 0006:00:00.0: cxlflash_probe: init_afu failed rc=-16 INFO: task kworker/80:1:890 blocked for more than 120 seconds. Not tainted 5.0.0-rc4-capi2-kexec+ #2 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/80:1 D 0 890 2 0x00000808 Workqueue: events work_for_cpu_fn Call Trace: 0x4d72136320 (unreliable) __switch_to+0x2cc/0x460 __schedule+0x2bc/0xac0 schedule+0x40/0xb0 cxlflash_remove+0xec/0x640 [cxlflash] cxlflash_probe+0x370/0x8f0 [cxlflash] local_pci_probe+0x6c/0x140 work_for_cpu_fn+0x38/0x60 process_one_work+0x260/0x530 worker_thread+0x280/0x5d0 kthread+0x1a8/0x1b0 ret_from_kernel_thread+0x5c/0x80 INFO: task systemd-udevd:5160 blocked for more than 120 seconds. The deadlock occurs as cxlflash_remove() is called from cxlflash_probe() without setting 'cxlflash_cfg->state' to STATE_PROBED and the probe thread starts to wait on 'cxlflash_cfg->reset_waitq'. Since the device was never successfully probed the 'cxlflash_cfg->state' never changes from STATE_PROBING hence the deadlock occurs. We fix this deadlock by setting the variable 'cxlflash_cfg->state' to STATE_PROBED in case an error occurs during cxlflash_probe() and just before calling cxlflash_remove(). Cc: stable(a)vger.kernel.org Fixes: c21e0bbfc485("cxlflash: Base support for IBM CXL Flash Adapter") Signed-off-by: Vaibhav Jain <vaibhav(a)linux.ibm.com> --- drivers/scsi/cxlflash/main.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/scsi/cxlflash/main.c b/drivers/scsi/cxlflash/main.c index bfa13e3b191c..c8bad2c093b8 100644 --- a/drivers/scsi/cxlflash/main.c +++ b/drivers/scsi/cxlflash/main.c @@ -3687,6 +3687,7 @@ static int cxlflash_probe(struct pci_dev *pdev, host->max_cmd_len = CXLFLASH_MAX_CDB_LEN; cfg = shost_priv(host); + cfg->state = STATE_PROBING; cfg->host = host; rc = alloc_mem(cfg); if (rc) { @@ -3775,6 +3776,7 @@ static int cxlflash_probe(struct pci_dev *pdev, return rc; out_remove: + cfg->state = STATE_PROBED; cxlflash_remove(pdev); goto out; } -- 2.20.1

6 years, 7 months

2
1
0 0

[PATCH v2] RDMA/srp: Rework SCSI device reset handling

by Bart Van Assche

Since .scsi_done() must only be called after scsi_queue_rq() has finished, make sure that the SRP initiator driver does not call .scsi_done() while scsi_queue_rq() is in progress. Although invoking sg_reset -d while I/O is in progress works fine with kernel v4.20 and before, that is not the case with kernel v5.0-rc1. This patch avoids that the following crash is triggered with kernel v5.0-rc1: BUG: unable to handle kernel NULL pointer dereference at 0000000000000138 CPU: 0 PID: 360 Comm: kworker/0:1H Tainted: G B 5.0.0-rc1-dbg+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Workqueue: kblockd blk_mq_run_work_fn RIP: 0010:blk_mq_dispatch_rq_list+0x116/0xb10 Call Trace: blk_mq_sched_dispatch_requests+0x2f7/0x300 __blk_mq_run_hw_queue+0xd6/0x180 blk_mq_run_work_fn+0x27/0x30 process_one_work+0x4f1/0xa20 worker_thread+0x67/0x5b0 kthread+0x1cf/0x1f0 ret_from_fork+0x24/0x30 Cc: Sergey Gorenko <sergeygo(a)mellanox.com> Cc: Max Gurtovoy <maxg(a)mellanox.com> Cc: Laurence Oberman <loberman(a)redhat.com> Cc: <stable(a)vger.kernel.org> Fixes: 94a9174c630c ("IB/srp: reduce lock coverage of command completion") # v2.6.38 Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- Changes compared to v1: left out the code that waits until in-progress requests have finished. drivers/infiniband/ulp/srp/ib_srp.c | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c index af5197b5e7f1..085dba075651 100644 --- a/drivers/infiniband/ulp/srp/ib_srp.c +++ b/drivers/infiniband/ulp/srp/ib_srp.c @@ -3037,7 +3037,6 @@ static int srp_reset_device(struct scsi_cmnd *scmnd) { struct srp_target_port *target = host_to_target(scmnd->device->host); struct srp_rdma_ch *ch; - int i, j; u8 status; shost_printk(KERN_ERR, target->scsi_host, "SRP reset_device called\n"); @@ -3049,15 +3048,6 @@ static int srp_reset_device(struct scsi_cmnd *scmnd) if (status) return FAILED; - for (i = 0; i < target->ch_count; i++) { - ch = &target->ch[i]; - for (j = 0; j < target->req_ring_size; ++j) { - struct srp_request *req = &ch->req_ring[j]; - - srp_finish_req(ch, req, scmnd->device, DID_RESET << 16); - } - } - return SUCCESS; } -- 2.20.1.495.gaa96b0ce6b-goog

6 years, 7 months

2
1
0 0

[to-be-updated] mm-proc-smaps_rollup-fix-pss_locked-calculation.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: fs/proc/task_mmu.c: fix smaps_rollup pss_locked calculation has been removed from the -mm tree. Its filename was mm-proc-smaps_rollup-fix-pss_locked-calculation.patch This patch was dropped because an updated version will be merged ------------------------------------------------------ From: Sandeep Patil <sspatil(a)android.com> Subject: fs/proc/task_mmu.c: fix smaps_rollup pss_locked calculation The 'pss_locked' field of smaps_rollup was being calculated incorrectly as it accumulated the current pss everytime a locked VMA was found. Fix that by making sure we record the current pss value before each VMA is walked. So, we can only add the delta if the VMA was found to be VM_LOCKED. Link: http://lkml.kernel.org/r/20190121011049.160505-1-sspatil@android.com Fixes: 493b0e9d945f ("mm: add /proc/pid/smaps_rollup") Signed-off-by: Sandeep Patil <sspatil(a)android.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: Andrey Vagin <avagin(a)openvz.org> Cc: Daniel Colascione <dancol(a)google.com> Cc: <stable(a)vger.kernel.org> [4.14.x 4.19.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/fs/proc/task_mmu.c~mm-proc-smaps_rollup-fix-pss_locked-calculation +++ a/fs/proc/task_mmu.c @@ -709,6 +709,7 @@ static void smap_gather_stats(struct vm_ #endif .mm = vma->vm_mm, }; + unsigned long pss; smaps_walk.private = mss; @@ -737,11 +738,12 @@ static void smap_gather_stats(struct vm_ } } #endif - + /* record current pss so we can calculate the delta after page walk */ + pss = mss->pss; /* mmap_sem is held in m_start */ walk_page_vma(vma, &smaps_walk); if (vma->vm_flags & VM_LOCKED) - mss->pss_locked += mss->pss; + mss->pss_locked += mss->pss - pss; } #define SEQ_PUT_DEC(str, val) \ _ Patches currently in -mm which might be from sspatil(a)android.com are

6 years, 7 months

1
0
0 0

[PATCH v2] tpm/tpm_crb: Avoid unaligned reads in crb_recv()

by Jarkko Sakkinen

The current approach to read first 6 bytes from the response and then tail of the response, can cause the 2nd memcpy_fromio() to do an unaligned read (e.g. read 32-bit word from address aligned to a 16-bits), depending on how memcpy_fromio() is implemented. If this happens, the read will fail and the memory controller will fill the read with 1's. This was triggered by 170d13ca3a2f, which should be probably refined to check and react to the address alignment. Before that commit, on x86 memcpy_fromio() turned out to be memcpy(). By a luck GCC has done the right thing (from tpm_crb's perspective) for us so far, but we should not rely on that. Thus, it makes sense to fix this also in tpm_crb, not least because the fix can be then backported to stable kernels and make them more robust when compiled in differing environments. Cc: stable(a)vger.kernel.org Cc: James Morris <jmorris(a)namei.org> Cc: Tomas Winkler <tomas.winkler(a)intel.com> Cc: Jerry Snitselaar <jsnitsel(a)redhat.com> Fixes: 30fc8d138e91 ("tpm: TPM 2.0 CRB Interface") Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Reviewed-by: Jerry Snitselaar <jsnitsel(a)redhat.com> --- v2: * There was a trailing double colon in the end of the short summary. * Check requested and expected length against TPM_HEADER_SIZE. * Add some explanatory comments to crb_recv(). drivers/char/tpm/tpm_crb.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c index 36952ef98f90..c084e61299aa 100644 --- a/drivers/char/tpm/tpm_crb.c +++ b/drivers/char/tpm/tpm_crb.c @@ -287,19 +287,29 @@ static int crb_recv(struct tpm_chip *chip, u8 *buf, size_t count) struct crb_priv *priv = dev_get_drvdata(&chip->dev); unsigned int expected; - /* sanity check */ - if (count < 6) + /* A sanity check that the upper layer wants to get at least the header + * as that is the minimum size for any TPM response. + */ + if (count < TPM_HEADER_SIZE) return -EIO; + /* If this bit is set, according to the spec, the TPM is in unrecovable + * condition. + */ if (ioread32(&priv->regs_t->ctrl_sts) & CRB_CTRL_STS_ERROR) return -EIO; - memcpy_fromio(buf, priv->rsp, 6); - expected = be32_to_cpup((__be32 *) &buf[2]); - if (expected > count || expected < 6) + /* Read 8 bytes (not just 6 bytes, which would cover the response length + * field) in order to make sure that the reminding memory accesses will + * be aligned. + */ + memcpy_fromio(buf, priv->rsp, 8); + + expected = be32_to_cpup((__be32 *)&buf[2]); + if (expected > count || expected < TPM_HEADER_SIZE) return -EIO; - memcpy_fromio(&buf[6], &priv->rsp[6], expected - 6); + memcpy_fromio(&buf[8], &priv->rsp[8], expected - 8); return expected; } -- 2.19.1

6 years, 7 months

3
4
0 0

[PATCH REGRESSION] Revert "ath10k: add quiet mode support for QCA6174/QCA9377"

by Brian Norris

This reverts commit cfb353c0dc058bc1619cc226d3cbbda1f360bdd3. WCN3990 firmware does not yet implement this feature, and so it crashes like this: fatal error received: err_qdi.c:456:EX:wlan_process:1:WLAN RT:207a:PC=b001b4f0 This feature can be re-implemented with a proper service bitmap or other feature-discovery mechanism in the future. But it should not break working boards. Fixes: cfb353c0dc05 ("ath10k: add quiet mode support for QCA6174/QCA9377") Cc: Yu Wang <yyuwang(a)codeaurora.org> Cc: Rakesh Pillai <pillair(a)codeaurora.org> Cc: Govind Singh <govinds(a)codeaurora.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Brian Norris <briannorris(a)chromium.org> --- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 33 +---------------------- drivers/net/wireless/ath/ath10k/wmi-tlv.h | 16 ----------- 2 files changed, 1 insertion(+), 48 deletions(-) diff --git a/drivers/net/wireless/ath/ath10k/wmi-tlv.c b/drivers/net/wireless/ath/ath10k/wmi-tlv.c index ad4114a88170..099e78b5de1f 100644 --- a/drivers/net/wireless/ath/ath10k/wmi-tlv.c +++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.c @@ -3209,37 +3209,6 @@ ath10k_wmi_tlv_op_gen_tdls_peer_update(struct ath10k *ar, return skb; } -static struct sk_buff * -ath10k_wmi_tlv_op_gen_pdev_set_quiet_mode(struct ath10k *ar, u32 period, - u32 duration, u32 next_offset, - u32 enabled) -{ - struct wmi_tlv_set_quiet_cmd *cmd; - struct wmi_tlv *tlv; - struct sk_buff *skb; - - skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd)); - if (!skb) - return ERR_PTR(-ENOMEM); - - tlv = (void *)skb->data; - tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_PDEV_SET_QUIET_CMD); - tlv->len = __cpu_to_le16(sizeof(*cmd)); - cmd = (void *)tlv->value; - - /* vdev_id is not in use, set to 0 */ - cmd->vdev_id = __cpu_to_le32(0); - cmd->period = __cpu_to_le32(period); - cmd->duration = __cpu_to_le32(duration); - cmd->next_start = __cpu_to_le32(next_offset); - cmd->enabled = __cpu_to_le32(enabled); - - ath10k_dbg(ar, ATH10K_DBG_WMI, - "wmi tlv quiet param: period %u duration %u enabled %d\n", - period, duration, enabled); - return skb; -} - static struct sk_buff * ath10k_wmi_tlv_op_gen_wow_enable(struct ath10k *ar) { @@ -4143,7 +4112,7 @@ static const struct wmi_ops wmi_tlv_ops = { .gen_dbglog_cfg = ath10k_wmi_tlv_op_gen_dbglog_cfg, .gen_pktlog_enable = ath10k_wmi_tlv_op_gen_pktlog_enable, .gen_pktlog_disable = ath10k_wmi_tlv_op_gen_pktlog_disable, - .gen_pdev_set_quiet_mode = ath10k_wmi_tlv_op_gen_pdev_set_quiet_mode, + /* .gen_pdev_set_quiet_mode not implemented */ .gen_pdev_get_temperature = ath10k_wmi_tlv_op_gen_pdev_get_temperature, /* .gen_addba_clear_resp not implemented */ /* .gen_addba_send not implemented */ diff --git a/drivers/net/wireless/ath/ath10k/wmi-tlv.h b/drivers/net/wireless/ath/ath10k/wmi-tlv.h index bf8a4320c39c..5db294558ce5 100644 --- a/drivers/net/wireless/ath/ath10k/wmi-tlv.h +++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.h @@ -1,7 +1,6 @@ /* * Copyright (c) 2005-2011 Atheros Communications Inc. * Copyright (c) 2011-2017 Qualcomm Atheros, Inc. - * Copyright (c) 2018, The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -1980,21 +1979,6 @@ struct wmi_tlv_wow_add_del_event_cmd { __le32 event_bitmap; } __packed; -/* Command to set/unset chip in quiet mode */ -struct wmi_tlv_set_quiet_cmd { - __le32 vdev_id; - - /* in TUs */ - __le32 period; - - /* in TUs */ - __le32 duration; - - /* offset in TUs */ - __le32 next_start; - __le32 enabled; -} __packed; - struct wmi_tlv_wow_enable_cmd { __le32 enable; } __packed; -- 2.19.1.930.g4563a0d9d0-goog

6 years, 7 months

4
8
0 0

[merged] mm-migrate-dont-rely-on-__pagemovable-of-newpage-after-unlocking-it.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: migrate: don't rely on __PageMovable() of newpage after unlocking it has been removed from the -mm tree. Its filename was mm-migrate-dont-rely-on-__pagemovable-of-newpage-after-unlocking-it.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm: migrate: don't rely on __PageMovable() of newpage after unlocking it We had a race in the old balloon compaction code before b1123ea6d3b3 ("mm: balloon: use general non-lru movable page feature") refactored it that became visible after backporting 195a8c43e93d ("virtio-balloon: deflate via a page list") without the refactoring. The bug existed from commit d6d86c0a7f8d ("mm/balloon_compaction: redesign ballooned pages management") till b1123ea6d3b3 ("mm: balloon: use general non-lru movable page feature"). d6d86c0a7f8d ("mm/balloon_compaction: redesign ballooned pages management") was backported to 3.12, so the broken kernels are stable kernels [3.12 - 4.7]. There was a subtle race between dropping the page lock of the newpage in __unmap_and_move() and checking for __is_movable_balloon_page(newpage). Just after dropping this page lock, virtio-balloon could go ahead and deflate the newpage, effectively dequeueing it and clearing PageBalloon, in turn making __is_movable_balloon_page(newpage) fail. This resulted in dropping the reference of the newpage via putback_lru_page(newpage) instead of put_page(newpage), leading to page->lru getting modified and a !LRU page ending up in the LRU lists. With 195a8c43e93d ("virtio-balloon: deflate via a page list") backported, one would suddenly get corrupted lists in release_pages_balloon(): - WARNING: CPU: 13 PID: 6586 at lib/list_debug.c:59 __list_del_entry+0xa1/0xd0 - list_del corruption. prev->next should be ffffe253961090a0, but was dead000000000100 Nowadays this race is no longer possible, but it is hidden behind very ugly handling of __ClearPageMovable() and __PageMovable(). __ClearPageMovable() will not make __PageMovable() fail, only PageMovable(). So the new check (__PageMovable(newpage)) will still hold even after newpage was dequeued by virtio-balloon. If anybody would ever change that special handling, the BUG would be introduced again. So instead, make it explicit and use the information of the original isolated page before migration. This patch can be backported fairly easy to stable kernels (in contrast to the refactoring). Link: http://lkml.kernel.org/r/20190129233217.10747-1-david@redhat.com Fixes: d6d86c0a7f8d ("mm/balloon_compaction: redesign ballooned pages management") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Vratislav Bendel <vbendel(a)redhat.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Rafael Aquini <aquini(a)redhat.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Jan Kara <jack(a)suse.cz> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Dominik Brodowski <linux(a)dominikbrodowski.net> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Vratislav Bendel <vbendel(a)redhat.com> Cc: Rafael Aquini <aquini(a)redhat.com> Cc: Konstantin Khlebnikov <k.khlebnikov(a)samsung.com> Cc: Minchan Kim <minchan(a)kernel.org> Cc: <stable(a)vger.kernel.org> [3.12 - 4.7] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/migrate.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/mm/migrate.c~mm-migrate-dont-rely-on-__pagemovable-of-newpage-after-unlocking-it +++ a/mm/migrate.c @@ -1130,10 +1130,13 @@ out: * If migration is successful, decrease refcount of the newpage * which will not free the page because new page owner increased * refcounter. As well, if it is LRU page, add the page to LRU - * list in here. + * list in here. Use the old state of the isolated source page to + * determine if we migrated a LRU page. newpage was already unlocked + * and possibly modified by its owner - don't rely on the page + * state. */ if (rc == MIGRATEPAGE_SUCCESS) { - if (unlikely(__PageMovable(newpage))) + if (unlikely(!is_lru)) put_page(newpage); else putback_lru_page(newpage); _ Patches currently in -mm which might be from david(a)redhat.com are mm-balloon-update-comment-about-isolation-migration-compaction.patch mm-convert-pg_balloon-to-pg_offline.patch kexec-export-pg_offline-to-vmcoreinfo.patch xen-balloon-mark-inflated-pages-pg_offline.patch hv_balloon-mark-inflated-pages-pg_offline.patch vmw_balloon-mark-inflated-pages-pg_offline.patch vmw_balloon-mark-inflated-pages-pg_offline-v2.patch pm-hibernate-use-pfn_to_online_page.patch pm-hibernate-exclude-all-pageoffline-pages.patch pm-hibernate-exclude-all-pageoffline-pages-v2.patch agp-efficeon-no-need-to-set-pg_reserved-on-gatt-tables.patch s390-vdso-dont-clear-pg_reserved.patch powerpc-vdso-dont-clear-pg_reserved.patch riscv-vdso-dont-clear-pg_reserved.patch m68k-mm-use-__clearpagereserved.patch arm64-kexec-no-need-to-clearpagereserved.patch arm64-kdump-no-need-to-mark-crashkernel-pages-manually-pg_reserved.patch ia64-perfmon-dont-mark-buffer-pages-as-pg_reserved.patch mm-better-document-pg_reserved.patch

6 years, 7 months

1
0
0 0

[merged] mm-hwpoison-use-do_send_sig_info-instead-of-force_sig-re-pmem-error-handling-forces-sigkill-causes-kernel-panic.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: hwpoison: use do_send_sig_info() instead of force_sig() has been removed from the -mm tree. Its filename was mm-hwpoison-use-do_send_sig_info-instead-of-force_sig-re-pmem-error-handling-forces-sigkill-causes-kernel-panic.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Subject: mm: hwpoison: use do_send_sig_info() instead of force_sig() Currently memory_failure() is racy against process's exiting, which results in kernel crash by null pointer dereference. The root cause is that memory_failure() uses force_sig() to forcibly kill asynchronous (meaning not in the current context) processes. As discussed in thread https://lkml.org/lkml/2010/6/8/236 years ago for OOM fixes, this is not a right thing to do. OOM solves this issue by using do_send_sig_info() as done in commit d2d393099de2 ("signal: oom_kill_task: use SEND_SIG_FORCED instead of force_sig()"), so this patch is suggesting to do the same for hwpoison. do_send_sig_info() properly accesses to siglock with lock_task_sighand(), so is free from the reported race. I confirmed that the reported bug reproduces with inserting some delay in kill_procs(), and it never reproduces with this patch. Note that memory_failure() can send another type of signal using force_sig_mceerr(), and the reported race shouldn't happen on it because force_sig_mceerr() is called only for synchronous processes (i.e. BUS_MCEERR_AR happens only when some process accesses to the corrupted memory.) Link: http://lkml.kernel.org/r/20190116093046.GA29835@hori1.linux.bs1.fc.nec.co.jp Signed-off-by: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Reported-by: Jane Chu <jane.chu(a)oracle.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: William Kucharski <william.kucharski(a)oracle.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/mm/memory-failure.c~mm-hwpoison-use-do_send_sig_info-instead-of-force_sig-re-pmem-error-handling-forces-sigkill-causes-kernel-panic +++ a/mm/memory-failure.c @@ -372,7 +372,8 @@ static void kill_procs(struct list_head if (fail || tk->addr_valid == 0) { pr_err("Memory failure: %#lx: forcibly killing %s:%d because of failure to unmap corrupted page\n", pfn, tk->tsk->comm, tk->tsk->pid); - force_sig(SIGKILL, tk->tsk); + do_send_sig_info(SIGKILL, SEND_SIG_PRIV, + tk->tsk, PIDTYPE_PID); } /* _ Patches currently in -mm which might be from n-horiguchi(a)ah.jp.nec.com are

6 years, 7 months

1
0
0 0

[merged] mm-oom-fix-use-after-free-in-oom_kill_process.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, oom: fix use-after-free in oom_kill_process has been removed from the -mm tree. Its filename was mm-oom-fix-use-after-free-in-oom_kill_process.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Shakeel Butt <shakeelb(a)google.com> Subject: mm, oom: fix use-after-free in oom_kill_process Syzbot instance running on upstream kernel found a use-after-free bug in oom_kill_process. On further inspection it seems like the process selected to be oom-killed has exited even before reaching read_lock(&tasklist_lock) in oom_kill_process(). More specifically the tsk->usage is 1 which is due to get_task_struct() in oom_evaluate_task() and the put_task_struct within for_each_thread() frees the tsk and for_each_thread() tries to access the tsk. The easiest fix is to do get/put across the for_each_thread() on the selected task. Now the next question is should we continue with the oom-kill as the previously selected task has exited? However before adding more complexity and heuristics, let's answer why we even look at the children of oom-kill selected task? The select_bad_process() has already selected the worst process in the system/memcg. Due to race, the selected process might not be the worst at the kill time but does that matter? The userspace can use the oom_score_adj interface to prefer children to be killed before the parent. I looked at the history but it seems like this is there before git history. Link: http://lkml.kernel.org/r/20190121215850.221745-1-shakeelb@google.com Reported-by: syzbot+7fbbfa368521945f0e3d(a)syzkaller.appspotmail.com Fixes: 6b0c81b3be11 ("mm, oom: reduce dependency on tasklist_lock") Signed-off-by: Shakeel Butt <shakeelb(a)google.com> Reviewed-by: Roman Gushchin <guro(a)fb.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: David Rientjes <rientjes(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/oom_kill.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/mm/oom_kill.c~mm-oom-fix-use-after-free-in-oom_kill_process +++ a/mm/oom_kill.c @@ -975,6 +975,13 @@ static void oom_kill_process(struct oom_ * still freeing memory. */ read_lock(&tasklist_lock); + + /* + * The task 'p' might have already exited before reaching here. The + * put_task_struct() will free task_struct 'p' while the loop still try + * to access the field of 'p', so, get an extra reference. + */ + get_task_struct(p); for_each_thread(p, t) { list_for_each_entry(child, &t->children, sibling) { unsigned int child_points; @@ -994,6 +1001,7 @@ static void oom_kill_process(struct oom_ } } } + put_task_struct(p); read_unlock(&tasklist_lock); /* _ Patches currently in -mm which might be from shakeelb(a)google.com are memcg-localize-memcg_kmem_enabled-check.patch memcg-schedule-high-reclaim-for-remote-memcgs-on-high_work.patch memcg-schedule-high-reclaim-for-remote-memcgs-on-high_work-v3.patch mm-oom-remove-prefer-children-over-parent-heuristic.patch

6 years, 7 months

1
0
0 0

[merged] mmmemory_hotplug-fix-scan_movable_pages-for-gigantic-hugepages.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages has been removed from the -mm tree. Its filename was mmmemory_hotplug-fix-scan_movable_pages-for-gigantic-hugepages.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Oscar Salvador <osalvador(a)suse.de> Subject: mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages This is the same sort of error we saw in 17e2e7d7e1b83 ("mm, page_alloc: fix has_unmovable_pages for HugePages"). Gigantic hugepages cross several memblocks, so it can be that the page we get in scan_movable_pages() is a page-tail belonging to a 1G-hugepage. If that happens, page_hstate()->size_to_hstate() will return NULL, and we will blow up in hugepage_migration_supported(). The splat is as follows: kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 kernel: #PF error: [normal kernel read fault] kernel: PGD 0 P4D 0 kernel: Oops: 0000 [#1] SMP PTI kernel: CPU: 1 PID: 1350 Comm: bash Tainted: G E 5.0.0-rc1-mm1-1-default+ #27 kernel: Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014 kernel: RIP: 0010:__offline_pages+0x6ae/0x900 kernel: Code: 48 c7 c6 d0 3e a4 81 e8 44 c8 ad ff 49 8b 04 24 bf 00 10 00 00 a9 00 00 01 00 74 09 41 0f b6 4c 24 51 48 d3 e7 e8 42 2a c1 ff <8b> 40 08 83 f8 09 0f 84 b0 fc ff ff 83 f8 12 0f 84 a7 fc ff ff 83 kernel: RSP: 0018:ffffc900008e3d20 EFLAGS: 00010246 kernel: RAX: 0000000000000000 RBX: ffffea0000000000 RCX: 0000000000000009 kernel: RDX: ffffffff825c64f0 RSI: 0000000000001000 RDI: 0000000000001000 kernel: RBP: ffffc900008e3d68 R08: 0000000000200000 R09: 00000000000001e4 kernel: R10: 0000000000000058 R11: ffffffff8254a854 R12: ffffea0004200000 kernel: R13: 0000000000108000 R14: 0000000000110000 R15: 0000000000000000 kernel: FS: 00007ff172339b80(0000) GS:ffff88803eb00000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000008 CR3: 0000000038d78006 CR4: 00000000003606a0 kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 kernel: Call Trace: kernel: ? klist_next+0x79/0xe0 kernel: memory_subsys_offline+0x42/0x60 kernel: device_offline+0x80/0xa0 kernel: state_store+0xab/0xc0 kernel: kernfs_fop_write+0x102/0x180 kernel: __vfs_write+0x26/0x190 kernel: ? set_close_on_exec+0x49/0x70 kernel: vfs_write+0xad/0x1b0 kernel: ksys_write+0x42/0x90 kernel: do_syscall_64+0x5b/0x180 kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9 kernel: RIP: 0033:0x7ff1719febe4 kernel: Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 80 00 00 00 00 8b 05 4a fc 2c 00 48 63 ff 85 c0 75 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 f3 c3 66 90 55 53 48 89 d5 48 89 f3 48 83 kernel: RSP: 002b:00007ffd50b7ddc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 kernel: RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007ff1719febe4 kernel: RDX: 0000000000000008 RSI: 00005556e9216b20 RDI: 0000000000000001 kernel: RBP: 00005556e9216b20 R08: 000000000000000a R09: 0000000000000000 kernel: R10: 000000000000000a R11: 0000000000000246 R12: 0000000000000008 kernel: R13: 0000000000000001 R14: 00007ff171cca720 R15: 0000000000000008 kernel: Modules linked in: af_packet(E) xt_tcpudp(E) ipt_REJECT(E) xt_conntrack(E) nf_conntrack(E) nf_defrag_ipv4(E) ip_set(E) nfnetlink(E) ebtable_nat(E) ebtable_broute(E) bridge(E) stp(E) llc(E) iptable_mangle(E) iptable_raw(E) iptable_security(E) ebtable_filter(E) ebtables(E) iptable_filter(E) ip_tables(E) x_tables(E) kvm_intel(E) kvm(E) irqbypass(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) bochs_drm(E) ttm(E) aesni_intel(E) drm_kms_helper(E) aes_x86_64(E) crypto_simd(E) cryptd(E) glue_helper(E) drm(E) virtio_net(E) syscopyarea(E) sysfillrect(E) net_failover(E) sysimgblt(E) pcspkr(E) failover(E) i2c_piix4(E) fb_sys_fops(E) parport_pc(E) parport(E) button(E) btrfs(E) libcrc32c(E) xor(E) zstd_decompress(E) zstd_compress(E) xxhash(E) raid6_pq(E) sd_mod(E) ata_generic(E) ata_piix(E) ahci(E) libahci(E) libata(E) crc32c_intel(E) serio_raw(E) virtio_pci(E) virtio_ring(E) virtio(E) sg(E) scsi_mod(E) autofs4(E) kernel: CR2: 0000000000000008 kernel: ---[ end trace bdb71590872849fb ]--- kernel: RIP: 0010:__offline_pages+0x6ae/0x900 kernel: Code: 48 c7 c6 d0 3e a4 81 e8 44 c8 ad ff 49 8b 04 24 bf 00 10 00 00 a9 00 00 01 00 74 09 41 0f b6 4c 24 51 48 d3 e7 e8 42 2a c1 ff <8b> 40 08 83 f8 09 0f 84 b0 fc ff ff 83 f8 12 0f 84 a7 fc ff ff 83 kernel: RSP: 0018:ffffc900008e3d20 EFLAGS: 00010246 kernel: RAX: 0000000000000000 RBX: ffffea0000000000 RCX: 0000000000000009 kernel: RDX: ffffffff825c64f0 RSI: 0000000000001000 RDI: 0000000000001000 kernel: RBP: ffffc900008e3d68 R08: 0000000000200000 R09: 00000000000001e4 kernel: R10: 0000000000000058 R11: ffffffff8254a854 R12: ffffea0004200000 kernel: R13: 0000000000108000 R14: 0000000000110000 R15: 0000000000000000 kernel: FS: 00007ff172339b80(0000) GS:ffff88803eb00000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000008 CR3: 0000000038d78006 CR4: 00000000003606a0 kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [akpm(a)linux-foundation.org: fix brace layout, per David. Reduce indentation] Link: http://lkml.kernel.org/r/20190122154407.18417-1-osalvador@suse.de Signed-off-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: Anthony Yznaga <anthony.yznaga(a)oracle.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory_hotplug.c | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) --- a/mm/memory_hotplug.c~mmmemory_hotplug-fix-scan_movable_pages-for-gigantic-hugepages +++ a/mm/memory_hotplug.c @@ -1305,23 +1305,27 @@ int test_pages_in_a_zone(unsigned long s static unsigned long scan_movable_pages(unsigned long start, unsigned long end) { unsigned long pfn; - struct page *page; + for (pfn = start; pfn < end; pfn++) { - if (pfn_valid(pfn)) { - page = pfn_to_page(pfn); - if (PageLRU(page)) - return pfn; - if (__PageMovable(page)) - return pfn; - if (PageHuge(page)) { - if (hugepage_migration_supported(page_hstate(page)) && - page_huge_active(page)) - return pfn; - else - pfn = round_up(pfn + 1, - 1 << compound_order(page)) - 1; - } - } + struct page *page, *head; + unsigned long skip; + + if (!pfn_valid(pfn)) + continue; + page = pfn_to_page(pfn); + if (PageLRU(page)) + return pfn; + if (__PageMovable(page)) + return pfn; + + if (!PageHuge(page)) + continue; + head = compound_head(page); + if (hugepage_migration_supported(page_hstate(head)) && + page_huge_active(head)) + return pfn; + skip = (1 << compound_order(head)) - (page - head); + pfn += skip - 1; } return 0; } _ Patches currently in -mm which might be from osalvador(a)suse.de are

6 years, 7 months

1
0
0 0

[merged] oom-oom_reaper-do-not-enqueue-same-task-twice.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: oom, oom_reaper: do not enqueue same task twice has been removed from the -mm tree. Its filename was oom-oom_reaper-do-not-enqueue-same-task-twice.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Subject: oom, oom_reaper: do not enqueue same task twice Arkadiusz reported that enabling memcg's group oom killing causes strange memcg statistics where there is no task in a memcg despite the number of tasks in that memcg is not 0. It turned out that there is a bug in wake_oom_reaper() which allows enqueuing same task twice which makes impossible to decrease the number of tasks in that memcg due to a refcount leak. This bug existed since the OOM reaper became invokable from task_will_free_mem(current) path in out_of_memory() in Linux 4.7, T1@P1 |T2@P1 |T3@P1 |OOM reaper ----------+----------+----------+------------ # Processing an OOM victim in a different memcg domain. try_charge() mem_cgroup_out_of_memory() mutex_lock(&oom_lock) try_charge() mem_cgroup_out_of_memory() mutex_lock(&oom_lock) try_charge() mem_cgroup_out_of_memory() mutex_lock(&oom_lock) out_of_memory() oom_kill_process(P1) do_send_sig_info(SIGKILL, @P1) mark_oom_victim(T1@P1) wake_oom_reaper(T1@P1) # T1@P1 is enqueued. mutex_unlock(&oom_lock) out_of_memory() mark_oom_victim(T2@P1) wake_oom_reaper(T2@P1) # T2@P1 is enqueued. mutex_unlock(&oom_lock) out_of_memory() mark_oom_victim(T1@P1) wake_oom_reaper(T1@P1) # T1@P1 is enqueued again due to oom_reaper_list == T2@P1 && T1@P1->oom_reaper_list == NULL. mutex_unlock(&oom_lock) # Completed processing an OOM victim in a different memcg domain. spin_lock(&oom_reaper_lock) # T1P1 is dequeued. spin_unlock(&oom_reaper_lock) but memcg's group oom killing made it easier to trigger this bug by calling wake_oom_reaper() on the same task from one out_of_memory() request. Fix this bug using an approach used by commit 855b018325737f76 ("oom, oom_reaper: disable oom_reaper for oom_kill_allocating_task"). As a side effect of this patch, this patch also avoids enqueuing multiple threads sharing memory via task_will_free_mem(current) path. Link: http://lkml.kernel.org/r/e865a044-2c10-9858-f4ef-254bc71d6cc2@i-love.sakura… Link: http://lkml.kernel.org/r/5ee34fc6-1485-34f8-8790-903ddabaa809@i-love.sakura… Fixes: af8e15cc85a25315 ("oom, oom_reaper: do not enqueue task if it is on the oom_reaper_list head") Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: Arkadiusz Miskiewicz <arekm(a)maven.pl> Tested-by: Arkadiusz Miskiewicz <arekm(a)maven.pl> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Roman Gushchin <guro(a)fb.com> Cc: Tejun Heo <tj(a)kernel.org> Cc: Aleksa Sarai <asarai(a)suse.de> Cc: Jay Kamat <jgkamat(a)fb.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/sched/coredump.h | 1 + mm/oom_kill.c | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) --- a/include/linux/sched/coredump.h~oom-oom_reaper-do-not-enqueue-same-task-twice +++ a/include/linux/sched/coredump.h @@ -71,6 +71,7 @@ static inline int get_dumpable(struct mm #define MMF_HUGE_ZERO_PAGE 23 /* mm has ever used the global huge zero page */ #define MMF_DISABLE_THP 24 /* disable THP for all VMAs */ #define MMF_OOM_VICTIM 25 /* mm is the oom victim */ +#define MMF_OOM_REAP_QUEUED 26 /* mm was queued for oom_reaper */ #define MMF_DISABLE_THP_MASK (1 << MMF_DISABLE_THP) #define MMF_INIT_MASK (MMF_DUMPABLE_MASK | MMF_DUMP_FILTER_MASK |\ --- a/mm/oom_kill.c~oom-oom_reaper-do-not-enqueue-same-task-twice +++ a/mm/oom_kill.c @@ -647,8 +647,8 @@ static int oom_reaper(void *unused) static void wake_oom_reaper(struct task_struct *tsk) { - /* tsk is already queued? */ - if (tsk == oom_reaper_list || tsk->oom_reaper_list) + /* mm is already queued? */ + if (test_and_set_bit(MMF_OOM_REAP_QUEUED, &tsk->signal->oom_mm->flags)) return; get_task_struct(tsk); _ Patches currently in -mm which might be from penguin-kernel(a)I-love.SAKURA.ne.jp are memcg-killed-threads-should-not-invoke-memcg-oom-killer.patch mmoom-dont-kill-global-init-via-memoryoomgroup.patch info-task-hung-in-generic_file_write_iter.patch info-task-hung-in-generic_file_write-fix.patch

6 years, 7 months

1
0
0 0

[merged] mm-migrate-make-buffer_migrate_page_norefs-actually-succeed.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: migrate: make buffer_migrate_page_norefs() actually succeed has been removed from the -mm tree. Its filename was mm-migrate-make-buffer_migrate_page_norefs-actually-succeed.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Jan Kara <jack(a)suse.cz> Subject: mm: migrate: make buffer_migrate_page_norefs() actually succeed Currently, buffer_migrate_page_norefs() was constantly failing because buffer_migrate_lock_buffers() grabbed reference on each buffer. In fact, there's no reason for buffer_migrate_lock_buffers() to grab any buffer references as the page is locked during all our operation and thus nobody can reclaim buffers from the page. So remove grabbing of buffer references which also makes buffer_migrate_page_norefs() succeed. Link: http://lkml.kernel.org/r/20190116131217.7226-1-jack@suse.cz Fixes: 89cb0888ca14 "mm: migrate: provide buffer_migrate_page_norefs()" Signed-off-by: Jan Kara <jack(a)suse.cz> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Pavel Machek <pavel(a)ucw.cz> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: David Rientjes <rientjes(a)google.com> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Zi Yan <zi.yan(a)cs.rutgers.edu> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/migrate.c | 5 ----- 1 file changed, 5 deletions(-) --- a/mm/migrate.c~mm-migrate-make-buffer_migrate_page_norefs-actually-succeed +++ a/mm/migrate.c @@ -709,7 +709,6 @@ static bool buffer_migrate_lock_buffers( /* Simple case, sync compaction */ if (mode != MIGRATE_ASYNC) { do { - get_bh(bh); lock_buffer(bh); bh = bh->b_this_page; @@ -720,18 +719,15 @@ static bool buffer_migrate_lock_buffers( /* async case, we cannot block on lock_buffer so use trylock_buffer */ do { - get_bh(bh); if (!trylock_buffer(bh)) { /* * We failed to lock the buffer and cannot stall in * async migration. Release the taken locks */ struct buffer_head *failed_bh = bh; - put_bh(failed_bh); bh = head; while (bh != failed_bh) { unlock_buffer(bh); - put_bh(bh); bh = bh->b_this_page; } return false; @@ -818,7 +814,6 @@ unlock_buffers: bh = head; do { unlock_buffer(bh); - put_bh(bh); bh = bh->b_this_page; } while (bh != head); _ Patches currently in -mm which might be from jack(a)suse.cz are

6 years, 7 months

1
0
0 0

[merged] kernel-release-ptraced-tasks-before-zap_pid_ns_processes.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: kernel/exit.c: release ptraced tasks before zap_pid_ns_processes has been removed from the -mm tree. Its filename was kernel-release-ptraced-tasks-before-zap_pid_ns_processes.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Andrei Vagin <avagin(a)gmail.com> Subject: kernel/exit.c: release ptraced tasks before zap_pid_ns_processes Currently, exit_ptrace() adds all ptraced tasks in a dead list, then zap_pid_ns_processes() waits on all tasks in a current pidns, and only then are tasks from the dead list released. zap_pid_ns_processes() can get stuck on waiting tasks from the dead list. In this case, we will have one unkillable process with one or more dead children. Thanks to Oleg for the advice to release tasks in find_child_reaper(). Link: http://lkml.kernel.org/r/20190110175200.12442-1-avagin@gmail.com Fixes: 7c8bd2322c7f ("exit: ptrace: shift "reap dead" code from exit_ptrace() to forget_original_parent()") Signed-off-by: Andrei Vagin <avagin(a)gmail.com> Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Cc: "Eric W. Biederman" <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/exit.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) --- a/kernel/exit.c~kernel-release-ptraced-tasks-before-zap_pid_ns_processes +++ a/kernel/exit.c @@ -558,12 +558,14 @@ static struct task_struct *find_alive_th return NULL; } -static struct task_struct *find_child_reaper(struct task_struct *father) +static struct task_struct *find_child_reaper(struct task_struct *father, + struct list_head *dead) __releases(&tasklist_lock) __acquires(&tasklist_lock) { struct pid_namespace *pid_ns = task_active_pid_ns(father); struct task_struct *reaper = pid_ns->child_reaper; + struct task_struct *p, *n; if (likely(reaper != father)) return reaper; @@ -579,6 +581,12 @@ static struct task_struct *find_child_re panic("Attempted to kill init! exitcode=0x%08x\n", father->signal->group_exit_code ?: father->exit_code); } + + list_for_each_entry_safe(p, n, dead, ptrace_entry) { + list_del_init(&p->ptrace_entry); + release_task(p); + } + zap_pid_ns_processes(pid_ns); write_lock_irq(&tasklist_lock); @@ -668,7 +676,7 @@ static void forget_original_parent(struc exit_ptrace(father, dead); /* Can drop and reacquire tasklist_lock */ - reaper = find_child_reaper(father); + reaper = find_child_reaper(father, dead); if (list_empty(&father->children)) return; _ Patches currently in -mm which might be from avagin(a)gmail.com are ptrace-take-into-account-saved_sigmask-in-ptrace_getsetsigmask.patch include-replace-tsk-to-task-in-linux-sched-signalh.patch

6 years, 7 months

1
0
0 0

[merged] mm-hugetlbc-teach-follow_hugetlb_page-to-handle-foll_nowait.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/hugetlb.c: teach follow_hugetlb_page() to handle FOLL_NOWAIT has been removed from the -mm tree. Its filename was mm-hugetlbc-teach-follow_hugetlb_page-to-handle-foll_nowait.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Andrea Arcangeli <aarcange(a)redhat.com> Subject: mm/hugetlb.c: teach follow_hugetlb_page() to handle FOLL_NOWAIT hugetlb needs the same fix as faultin_nopage (which was applied in 96312e61282ae ("mm/gup.c: teach get_user_pages_unlocked to handle FOLL_NOWAIT")) or KVM hangs because it thinks the mmap_sem was already released by hugetlb_fault() if it returned VM_FAULT_RETRY, but it wasn't in the FOLL_NOWAIT case. Link: http://lkml.kernel.org/r/20190109020203.26669-2-aarcange@redhat.com Fixes: ce53053ce378 ("kvm: switch get_user_page_nowait() to get_user_pages_unlocked()") Signed-off-by: Andrea Arcangeli <aarcange(a)redhat.com> Tested-by: "Dr. David Alan Gilbert" <dgilbert(a)redhat.com> Reported-by: "Dr. David Alan Gilbert" <dgilbert(a)redhat.com> Reviewed-by: Mike Kravetz <mike.kravetz(a)oracle.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Cc: Mike Rapoport <rppt(a)linux.vnet.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/mm/hugetlb.c~mm-hugetlbc-teach-follow_hugetlb_page-to-handle-foll_nowait +++ a/mm/hugetlb.c @@ -4268,7 +4268,8 @@ long follow_hugetlb_page(struct mm_struc break; } if (ret & VM_FAULT_RETRY) { - if (nonblocking) + if (nonblocking && + !(fault_flags & FAULT_FLAG_RETRY_NOWAIT)) *nonblocking = 0; *nr_pages = 0; /* _ Patches currently in -mm which might be from aarcange(a)redhat.com are

6 years, 7 months

1
0
0 0

[PATCH] MIPS: Use lower case for addresses in nexys4ddr.dts

by Paul Burton

DTC introduced an i2c_bus_reg check in v1.4.7, used since Linux v4.20, which complains about upper case addresses used in the unit name. nexys4ddr.dts names an I2C device node "ad7420@4B", leading to: arch/mips/boot/dts/xilfpga/nexys4ddr.dts:109.16-112.8: Warning (i2c_bus_reg): /i2c@10A00000/ad7420@4B: I2C bus unit address format error, expected "4b" Fix this by switching to lower case addresses throughout the file, as is *mostly* the case in the file already & fairly standard throughout the tree. Signed-off-by: Paul Burton <paul.burton(a)mips.com> Cc: stable(a)vger.kernel.org # v4.20+ --- arch/mips/boot/dts/xilfpga/nexys4ddr.dts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/mips/boot/dts/xilfpga/nexys4ddr.dts b/arch/mips/boot/dts/xilfpga/nexys4ddr.dts index 2152b7ba65fb..cc8dbea0911f 100644 --- a/arch/mips/boot/dts/xilfpga/nexys4ddr.dts +++ b/arch/mips/boot/dts/xilfpga/nexys4ddr.dts @@ -90,11 +90,11 @@ interrupts = <0>; }; - axi_i2c: i2c@10A00000 { + axi_i2c: i2c@10a00000 { compatible = "xlnx,xps-iic-2.00.a"; interrupt-parent = <&axi_intc>; interrupts = <4>; - reg = < 0x10A00000 0x10000 >; + reg = < 0x10a00000 0x10000 >; clocks = <&ext>; xlnx,clk-freq = <0x5f5e100>; xlnx,family = "Artix7"; @@ -106,9 +106,9 @@ #address-cells = <1>; #size-cells = <0>; - ad7420@4B { + ad7420@4b { compatible = "adi,adt7420"; - reg = <0x4B>; + reg = <0x4b>; }; } ; }; -- 2.20.1

6 years, 7 months

1
1
0 0

Re: [PATCH v2] of: fix kmemleak crash

by Marc Gonzalez

+ GKH On 01/02/2019 17:23, Marc Gonzalez wrote: > On 23/01/2019 13:31, Mike Rapoport wrote: > >> Signed-off-by: Mike Rapoport <rppt(a)linux.ibm.com> >> Tested-by: Marc Gonzalez <marc.w.gonzalez(a)free.fr> >> Acked-by: Marek Szyprowski <m.szyprowski(a)samsung.com> >> --- >> drivers/of/of_reserved_mem.c | 18 +++++------------- >> 1 file changed, 5 insertions(+), 13 deletions(-) > > Thanks for the patch, Mike. > > Whose tree should this patch go through? By the way, I think we can add Acked-by: Prateek Patel <prpatel(a)nvidia.com> Fixes: 3f0c820664483 ("drivers: of: add initialization code for dynamic reserved memory") Cc: stable(a)vger.kernel.org # 3.15+ Regards.

6 years, 7 months

3
2
0 0

PASS: Test report for kernel 4.20.7-rc1.cki+ (linux-stable-rc)

by CKI

Hello, We ran automated tests on a recent commit from this kernel tree: Kernel repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Commit: 96376ab744ee Linux 4.20.7-rc1 The results of these automated tests are provided below. Overall result: PASSED Patch merge: OK Compile: OK Kernel tests: OK Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Compile testing --------------- We compiled the kernel for 4 architectures: s390x: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/s390x/96376ab744eeaffb3b1d7c3f65ec… powerpc64le: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/ppc64le/96376ab744eeaffb3b1d7c3f65… aarch64: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/aarch64/96376ab744eeaffb3b1d7c3f65… x86_64: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/x86_64/96376ab744eeaffb3b1d7c3f65e… Hardware testing ---------------- We booted each kernel and ran the following tests: s390: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /kernel/loopdev/sanity NFS Connectathon - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… Memory function: memfd_create - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/memory/func… AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu Networking route: pmtu - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… lvm thinp sanity - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/lvm/… powerpc: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /kernel/loopdev/sanity NFS Connectathon - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… xfstests: ext4 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… xfstests: xfs - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… Memory function: memfd_create - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/memory/func… AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu Networking route: pmtu - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… Usex - version 1.9-29 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us… lvm thinp sanity - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/lvm/… arm64: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /kernel/loopdev/sanity NFS Connectathon - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… xfstests: ext4 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… xfstests: xfs - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… Memory function: memfd_create - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/memory/func… AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu Networking route: pmtu - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… Usex - version 1.9-29 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us… lvm thinp sanity - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/lvm/… x86_64: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /kernel/loopdev/sanity NFS Connectathon - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… xfstests: ext4 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… xfstests: xfs - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… Memory function: memfd_create - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/memory/func… AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu Networking route: pmtu - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/networking/… Usex - version 1.9-29 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us… lvm thinp sanity - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#storage/lvm/…

6 years, 7 months

1
0
0 0

[PATCH] tpm/st33zp24: Fix name collision with TPM_BUFSIZE

by Jarkko Sakkinen

Rename TPM_BUFSIZE defined in drivers/char/tpm/st33zp24/st33zp24.h to ST33ZP24_BUFSIZE as it collides with TPM_BUFSIZE defined in drivers/char/tpm/tpm.h. Cc: stable(a)vger.kernel.org Fixes: bf38b8710892 ("tpm/tpm_i2c_stm_st33: Split tpm_i2c_tpm_st33 in 2 layers (core + phy)") Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> --- drivers/char/tpm/st33zp24/i2c.c | 2 +- drivers/char/tpm/st33zp24/spi.c | 2 +- drivers/char/tpm/st33zp24/st33zp24.h | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/char/tpm/st33zp24/i2c.c b/drivers/char/tpm/st33zp24/i2c.c index be5d1abd3e8e..8390c5b54c3b 100644 --- a/drivers/char/tpm/st33zp24/i2c.c +++ b/drivers/char/tpm/st33zp24/i2c.c @@ -33,7 +33,7 @@ struct st33zp24_i2c_phy { struct i2c_client *client; - u8 buf[TPM_BUFSIZE + 1]; + u8 buf[ST33ZP24_BUFSIZE + 1]; int io_lpcpd; }; diff --git a/drivers/char/tpm/st33zp24/spi.c b/drivers/char/tpm/st33zp24/spi.c index d7909ab287a8..ff019a1e3c68 100644 --- a/drivers/char/tpm/st33zp24/spi.c +++ b/drivers/char/tpm/st33zp24/spi.c @@ -63,7 +63,7 @@ * some latency byte before the answer is available (max 15). * We have 2048 + 1024 + 15. */ -#define ST33ZP24_SPI_BUFFER_SIZE (TPM_BUFSIZE + (TPM_BUFSIZE / 2) +\ +#define ST33ZP24_SPI_BUFFER_SIZE (ST33ZP24_BUFSIZE + (ST33ZP24_BUFSIZE / 2) +\ MAX_SPI_LATENCY) diff --git a/drivers/char/tpm/st33zp24/st33zp24.h b/drivers/char/tpm/st33zp24/st33zp24.h index 6f4a4198af6a..20da0a84988d 100644 --- a/drivers/char/tpm/st33zp24/st33zp24.h +++ b/drivers/char/tpm/st33zp24/st33zp24.h @@ -18,8 +18,8 @@ #ifndef __LOCAL_ST33ZP24_H__ #define __LOCAL_ST33ZP24_H__ -#define TPM_WRITE_DIRECTION 0x80 -#define TPM_BUFSIZE 2048 +#define TPM_WRITE_DIRECTION 0x80 +#define ST33ZP24_BUFSIZE 2048 struct st33zp24_dev { struct tpm_chip *chip; -- 2.19.1

6 years, 7 months

2
2
0 0

Stable queue: queue-4.20

by CKI

Hello, We ran automated tests on a patchset that was proposed for merging into this kernel tree. The patches were applied to: Kernel repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: 65f42a73e553 Linux 4.20.6 The results of these automated tests are provided below. Overall result: PASSED Patch merge: OK Compile: OK Kernel tests: OK Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Merge testing ------------- We cloned this repository and checked out a ref: Repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Ref: 65f42a73e553 Linux 4.20.6 We then merged the following patches with `git am`: drm-msm-gpu-fix-building-without-debugfs.patch ipv6-sr-clear-ip6cb-skb-on-srh-ip4ip6-encapsulation.patch ipvlan-l3mdev-fix-broken-l3s-mode-wrt-local-routes.patch l2tp-copy-4-more-bytes-to-linear-part-if-necessary.patch l2tp-fix-reading-optional-fields-of-l2tpv3.patch net-ip_gre-always-reports-o_key-to-userspace.patch net-ip_gre-use-erspan-key-field-for-tunnel-lookup.patch net-ipv6-don-t-return-positive-numbers-when-nothing-was-dumped.patch net-mlx4_core-add-masking-for-a-few-queries-on-hca-caps.patch netrom-switch-to-sock-timer-api.patch net-rose-fix-null-ax25_cb-kernel-panic.patch net-set-default-network-namespace-in-init_dummy_netdev.patch ravb-expand-rx-descriptor-data-to-accommodate-hw-checksum.patch sctp-improve-the-events-for-sctp-stream-reset.patch tun-move-the-call-to-tun_set_real_num_queues.patch ucc_geth-reset-bql-queue-when-stopping-device.patch vhost-fix-oob-in-get_rx_bufs.patch net-ip6_gre-always-reports-o_key-to-userspace.patch sctp-improve-the-events-for-sctp-stream-adding.patch net-mlx5e-allow-mac-invalidation-while-spoofchk-is-on.patch ip6mr-fix-notifiers-call-on-mroute_clean_tables.patch revert-net-mlx5e-e-switch-initialize-eswitch-only-if-eswitch-manager.patch sctp-set-chunk-transport-correctly-when-it-s-a-new-asoc.patch sctp-set-flow-sport-from-saddr-only-when-it-s-0.patch net-tls-fix-deadlock-in-free_resources-tx.patch net-tls-save-iv-in-tls_rec-for-async-crypto-requests.patch virtio_net-don-t-enable-napi-when-interface-is-down.patch virtio_net-don-t-call-free_old_xmit_skbs-for-xdp_frames.patch virtio_net-fix-not-restoring-real_num_rx_queues.patch virtio_net-fix-out-of-bounds-access-of-sq.patch virtio_net-don-t-process-redirected-xdp-frames-when-xdp-is-disabled.patch virtio_net-use-xdp_return_frame-to-free-xdp_frames-on-destroying-vqs.patch virtio_net-differentiate-sk_buff-and-xdp_frame-on-freeing.patch ipv6-consider-sk_bound_dev_if-when-binding-a-socket-to-an-address.patch cifs-do-not-count-enodata-as-failure-for-query-directory.patch cifs-fix-possible-oops-and-memory-leaks-in-async-io.patch cifs-fix-trace-command-logging-for-smb2-reads-and-writes.patch cifs-fix-use-after-free-of-the-lease-keys.patch cifs-do-not-consider-enodata-as-stat-failure-for-reads.patch fs-dcache-fix-incorrect-nr_dentry_unused-accounting-in-shrink_dcache_sb.patch iommu-vt-d-fix-memory-leak-in-intel_iommu_put_resv_regions.patch selftests-seccomp-enhance-per-arch-ptrace-syscall-skip-tests.patch nfs-fix-up-return-value-on-fatal-errors-in-nfs_page_async_flush.patch arm-cns3xxx-fix-writing-to-wrong-pci-config-registers-after-alignment.patch arm64-kaslr-ensure-randomized-quantities-are-clean-also-when-kaslr-is-off.patch arm64-do-not-issue-ipis-for-user-executable-ptes.patch arm64-hyp-stub-forbid-kprobing-of-the-hyp-stub.patch arm64-hibernate-clean-the-__hyp_text-to-poc-after-resume.patch gpio-altera-a10sr-set-proper-output-level-for-direction_output.patch gpiolib-fix-line-event-timestamps-for-nested-irqs.patch gpio-pcf857x-fix-interrupts-on-multiple-instances.patch gpio-sprd-fix-the-incorrect-data-register.patch gpio-sprd-fix-incorrect-irq-type-setting-for-the-async-eic.patch gfs2-revert-fix-loop-in-gfs2_rbm_find.patch mmc-bcm2835-fix-dma-channel-leak-on-probe-error.patch mmc-mediatek-fix-incorrect-register-setting-of-hs400_cmd_int_delay.patch alsa-usb-audio-add-opus-3-to-quirks-for-native-dsd-support.patch alsa-hda-realtek-fixed-hp_pin-no-value.patch alsa-pcm-fix-tight-loop-of-oss-capture-stream.patch ib-uverbs-fix-oops-upon-device-disassociation.patch ib-uverbs-fix-oops-in-uverbs_user_mmap_disassociate.patch ib-hfi1-remove-overly-conservative-vm_exec-flag-check.patch ib-hfi1-add-limit-test-for-rc-uc-send-via-loopback.patch platform-x86-asus-nb-wmi-map-0x35-to-key_screenlock.patch platform-x86-asus-nb-wmi-drop-mapping-of-0x33-and-0x.patch btrfs-fix-deadlock-when-allocating-tree-block-during-leaf-node-split.patch btrfs-on-error-always-free-subvol_name-in-btrfs_mount.patch kernel-exit.c-release-ptraced-tasks-before-zap_pid_ns_processes.patch mm-hugetlb.c-teach-follow_hugetlb_page-to-handle-foll_nowait.patch oom-oom_reaper-do-not-enqueue-same-task-twice.patch mm-memory_hotplug-fix-scan_movable_pages-for-gigantic-hugepages.patch mm-oom-fix-use-after-free-in-oom_kill_process.patch mm-hwpoison-use-do_send_sig_info-instead-of-force_sig.patch mm-migrate-don-t-rely-on-__pagemovable-of-newpage-after-unlocking-it.patch Compile testing --------------- We compiled the kernel for 4 architectures: s390x: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/s390x/743eef229729cd24f8d68930968a… powerpc64le: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/ppc64le/5df366cff2307273e396f3a491… aarch64: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/aarch64/eb79bc8d51292cd2b49c4d97c1… x86_64: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/x86_64/cc70770ed103646ca100d3ebd8b… Hardware testing ---------------- We booted each kernel and ran the following tests: s390: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /kernel/loopdev/sanity AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu powerpc: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /kernel/loopdev/sanity xfstests: xfs - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu Usex - version 1.9-29 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us… arm64: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /kernel/loopdev/sanity xfstests: xfs - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu Usex - version 1.9-29 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us… x86_64: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /kernel/loopdev/sanity xfstests: xfs - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu Usex - version 1.9-29 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us…

6 years, 7 months

1
0
0 0

Re: [PATCH v2] arm64: dts: hikey: Give wifi some time after power-on

by Wei Xu

Hi Ulf, On 2/4/2019 6:06 AM, Ulf Hansson wrote: > On Fri, 1 Feb 2019 at 17:34, Wei Xu <xuwei5(a)hisilicon.com> wrote: >> >> Hi Jan, >> >> On 1/24/2019 7:52 AM, Jan Kiszka wrote: >>> From: Jan Kiszka <jan.kiszka(a)siemens.com> >>> >>> Somewhere along recent changes to power control of the wl1835, power-on >>> became very unreliable on the hikey, failing like this: >>> >>> wl1271_sdio: probe of mmc2:0001:1 failed with error -16 >>> wl1271_sdio: probe of mmc2:0001:2 failed with error -16 >>> >>> After playing with some dt parameters and comparing to other users of >>> this chip, it turned out we need some power-on delay to make things >>> stable again. In contrast to those other users which define 200 ms, the >>> hikey would already be happy with 1 ms. Still, we use the safer 10 ms, >>> like on the Ultra96. >>> >>> Fixes: ea452678734e ("arm64: dts: hikey: Fix WiFi support") >>> Signed-off-by: Jan Kiszka <jan.kiszka(a)siemens.com> >>> Acked-by: Ulf Hansson <ulf.hansson(a)linaro.org> >> >> Applied to the hisilicon soc dt tree. > > Wei, can you please also add a stable tag to it? Yes, added below tag into this patch. Cc: <stable(a)vger.kernel.org> #4.12+ Thanks for your kindly reminder :) Best Regards, Wei > > [...] > > Thanks and kind regards > Uffe > > . >

6 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] oom, oom_reaper: do not enqueue same task twice" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9bcdeb51bd7d2ae9fe65ea4d60643d2aeef5bfe3 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Fri, 1 Feb 2019 14:20:31 -0800 Subject: [PATCH] oom, oom_reaper: do not enqueue same task twice Arkadiusz reported that enabling memcg's group oom killing causes strange memcg statistics where there is no task in a memcg despite the number of tasks in that memcg is not 0. It turned out that there is a bug in wake_oom_reaper() which allows enqueuing same task twice which makes impossible to decrease the number of tasks in that memcg due to a refcount leak. This bug existed since the OOM reaper became invokable from task_will_free_mem(current) path in out_of_memory() in Linux 4.7, T1@P1 |T2@P1 |T3@P1 |OOM reaper ----------+----------+----------+------------ # Processing an OOM victim in a different memcg domain. try_charge() mem_cgroup_out_of_memory() mutex_lock(&oom_lock) try_charge() mem_cgroup_out_of_memory() mutex_lock(&oom_lock) try_charge() mem_cgroup_out_of_memory() mutex_lock(&oom_lock) out_of_memory() oom_kill_process(P1) do_send_sig_info(SIGKILL, @P1) mark_oom_victim(T1@P1) wake_oom_reaper(T1@P1) # T1@P1 is enqueued. mutex_unlock(&oom_lock) out_of_memory() mark_oom_victim(T2@P1) wake_oom_reaper(T2@P1) # T2@P1 is enqueued. mutex_unlock(&oom_lock) out_of_memory() mark_oom_victim(T1@P1) wake_oom_reaper(T1@P1) # T1@P1 is enqueued again due to oom_reaper_list == T2@P1 && T1@P1->oom_reaper_list == NULL. mutex_unlock(&oom_lock) # Completed processing an OOM victim in a different memcg domain. spin_lock(&oom_reaper_lock) # T1P1 is dequeued. spin_unlock(&oom_reaper_lock) but memcg's group oom killing made it easier to trigger this bug by calling wake_oom_reaper() on the same task from one out_of_memory() request. Fix this bug using an approach used by commit 855b018325737f76 ("oom, oom_reaper: disable oom_reaper for oom_kill_allocating_task"). As a side effect of this patch, this patch also avoids enqueuing multiple threads sharing memory via task_will_free_mem(current) path. Link: http://lkml.kernel.org/r/e865a044-2c10-9858-f4ef-254bc71d6cc2@i-love.sakura… Link: http://lkml.kernel.org/r/5ee34fc6-1485-34f8-8790-903ddabaa809@i-love.sakura… Fixes: af8e15cc85a25315 ("oom, oom_reaper: do not enqueue task if it is on the oom_reaper_list head") Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: Arkadiusz Miskiewicz <arekm(a)maven.pl> Tested-by: Arkadiusz Miskiewicz <arekm(a)maven.pl> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Roman Gushchin <guro(a)fb.com> Cc: Tejun Heo <tj(a)kernel.org> Cc: Aleksa Sarai <asarai(a)suse.de> Cc: Jay Kamat <jgkamat(a)fb.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h index ec912d01126f..ecdc6542070f 100644 --- a/include/linux/sched/coredump.h +++ b/include/linux/sched/coredump.h @@ -71,6 +71,7 @@ static inline int get_dumpable(struct mm_struct *mm) #define MMF_HUGE_ZERO_PAGE 23 /* mm has ever used the global huge zero page */ #define MMF_DISABLE_THP 24 /* disable THP for all VMAs */ #define MMF_OOM_VICTIM 25 /* mm is the oom victim */ +#define MMF_OOM_REAP_QUEUED 26 /* mm was queued for oom_reaper */ #define MMF_DISABLE_THP_MASK (1 << MMF_DISABLE_THP) #define MMF_INIT_MASK (MMF_DUMPABLE_MASK | MMF_DUMP_FILTER_MASK |\ diff --git a/mm/oom_kill.c b/mm/oom_kill.c index f0e8cd9edb1a..059e617a1847 100644 --- a/mm/oom_kill.c +++ b/mm/oom_kill.c @@ -647,8 +647,8 @@ static int oom_reaper(void *unused) static void wake_oom_reaper(struct task_struct *tsk) { - /* tsk is already queued? */ - if (tsk == oom_reaper_list || tsk->oom_reaper_list) + /* mm is already queued? */ + if (test_and_set_bit(MMF_OOM_REAP_QUEUED, &tsk->signal->oom_mm->flags)) return; get_task_struct(tsk);

6 years, 7 months

2
1
0 0

[PATCH 4.14 00/68] 4.14.97-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.97 release. There are 68 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Jan 31 11:31:10 UTC 2019. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.97-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.97-rc1 Anand Jain <anand.jain(a)oracle.com> btrfs: dev-replace: go back to suspended state if target device is missing Jeff Mahoney <jeffm(a)suse.com> btrfs: fix error handling in btrfs_dev_replace_start Pan Bian <bianpan2016(a)163.com> f2fs: read page index before freeing Juergen Gross <jgross(a)suse.com> xen: Fix x86 sched_clock() interface for xen Pavel Tatashin <pasha.tatashin(a)oracle.com> x86/xen/time: Output xen sched_clock time from 0 Joao Martins <joao.m.martins(a)oracle.com> x86/xen/time: setup vcpu 0 time info page Joao Martins <joao.m.martins(a)oracle.com> x86/xen/time: set pvclock flags on xen_time_init() Joao Martins <joao.m.martins(a)oracle.com> x86/pvclock: add setter for pvclock_pvti_cpu0_va Joao Martins <joao.m.martins(a)oracle.com> ptp_kvm: probe for kvm guest availability Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix leaking USB3 shared_hcd at xhci removal Jack Pham <jackp(a)codeaurora.org> usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup Raju Rangoju <rajur(a)chelsio.com> nvmet-rdma: fix null dereference under heavy load Israel Rukshin <israelr(a)mellanox.com> nvmet-rdma: Add unlikely for response allocated check David Hildenbrand <david(a)redhat.com> s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: Fix a 4.14 backport regression related to userspace/guest FPU Jose Abreu <Jose.Abreu(a)synopsys.com> net: stmmac: Use correct values in TQS/RQS fields Sasha Levin <sashal(a)kernel.org> Revert "seccomp: add a selftest for get_metadata" Milian Wolff <milian.wolff(a)kdab.com> perf unwind: Take pgoff into account when reporting elf to libdwfl Martin Vuille <jpmv27(a)aim.com> perf unwind: Unwind with libdw doesn't take symfs into account Nicolas Pitre <nicolas.pitre(a)linaro.org> vt: invoke notifier on screen size change Oliver Hartkopp <socketcan(a)hartkopp.net> can: bcm: check timer values before ktime conversion Manfred Schlaegl <manfred.schlaegl(a)ginzinger.com> can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it Marc Zyngier <marc.zyngier(a)arm.com> irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size Thomas Gleixner <tglx(a)linutronix.de> posix-cpu-timers: Unbreak timer rearming Daniel Drake <drake(a)endlessm.com> x86/kaslr: Fix incorrect i8254 outb() parameters Dave Hansen <dave.hansen(a)linux.intel.com> x86/selftests/pkeys: Fork() to check for state being preserved Dave Hansen <dave.hansen(a)linux.intel.com> x86/pkeys: Properly copy pkey state at fork() Alexander Popov <alex.popov(a)linux.com> KVM: x86: Fix single-step debugging Milan Broz <gmazyland(a)gmail.com> dm crypt: fix parsing of extended IV arguments Joe Thornber <ejt(a)redhat.com> dm thin: fix passdown_double_checking_shared_status() Dan Williams <dan.j.williams(a)intel.com> acpi/nfit: Fix command-supported detection Dan Williams <dan.j.williams(a)intel.com> acpi/nfit: Block function zero DSMs Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - fix undefined behavior in uinput_validate_absinfo() Rasmus Villemoes <linux(a)rasmusvillemoes.dk> compiler.h: enable builtin overflow checkers and add fallback code Tom Panfil <tom(a)steelseries.com> Input: xpad - add support for SteelSeries Stratus Duo Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Do not reconnect TCP session in add_credits() Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Fix credit calculation for encrypted reads with errors Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Fix credits calculations for reads with errors Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Fix possible hang during async MTU reads and writes Dexuan Cui <decui(a)microsoft.com> Drivers: hv: vmbus: Check for ring when getting debug info Vitaly Kuznetsov <vkuznets(a)redhat.com> hv_balloon: avoid touching uninitialized struct page during tail onlining Paul Fulghum <paulkf(a)microgate.com> tty/n_hdlc: fix __might_sleep warning Samir Virmani <samir(a)embedur.com> uart: Fix crash in uart_write and uart_put_char Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> tty: Handle problem if line discipline does not have receive_buf Michael Straube <straube.linux(a)gmail.com> staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 Gustavo A. R. Silva <gustavo(a)embeddedor.com> char/mwave: fix potential Spectre v1 vulnerability Gerald Schaefer <gerald.schaefer(a)de.ibm.com> s390/smp: fix CPU hotplug deadlock with CPU rescan Christian Borntraeger <borntraeger(a)de.ibm.com> s390/early: improve machine detection Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> ARC: perf: map generic branches to correct hardware condition Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> ARC: adjust memblock_reserve of kernel memory Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> ARCv2: lib: memeset: fix doing prefetchw outside of buffer Anthony Wong <anthony.wong(a)canonical.com> ALSA: hda - Add mute LED support for HP ProBook 470 G5 Gustavo A. R. Silva <gustavo(a)embeddedor.com> ASoC: rt5514-spi: Fix potential NULL pointer dereference Kangjie Lu <kjlu(a)umn.edu> ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages Charles Yeh <charlesyeh522(a)gmail.com> USB: serial: pl2303: add new PID to support PL2303TB Max Schulze <max.schulze(a)posteo.de> USB: serial: simple: add Motorola Tetra TPG2200 device id Tomas Winkler <tomas.winkler(a)intel.com> mei: me: add denverton innovation engine device IDs Vijay Viswanath <vviswana(a)codeaurora.org> mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS Paolo Abeni <pabeni(a)redhat.com> ipfrag: really prevent allocation on netns exit Willem de Bruijn <willemb(a)google.com> tcp: allow MSG_ZEROCOPY transmission also in CLOSE_WAIT state Ido Schimmel <idosch(a)mellanox.com> net: ipv4: Fix memory leak in network namespace dismantle Jason Wang <jasowang(a)redhat.com> vhost: log dirty page correctly Ross Lagerwall <ross.lagerwall(a)citrix.com> openvswitch: Avoid OOB read when parsing flow nlattrs Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: refetch skb protocol for each filter Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling Ross Lagerwall <ross.lagerwall(a)citrix.com> net: Fix usage of pskb_trim_rcsum Yunjian Wang <wangyunjian(a)huawei.com> net: bridge: Fix ethernet header pointer before check skb forwardable Lendacky, Thomas <Thomas.Lendacky(a)amd.com> amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/perf_event.h | 3 +- arch/arc/lib/memset-archs.S | 40 ++++- arch/arc/mm/init.c | 3 +- arch/s390/kernel/early.c | 4 +- arch/s390/kernel/setup.c | 2 + arch/s390/kernel/smp.c | 12 +- arch/x86/entry/vdso/vma.c | 2 +- arch/x86/include/asm/mmu_context.h | 18 ++ arch/x86/include/asm/pvclock.h | 19 +- arch/x86/kernel/kvmclock.c | 7 +- arch/x86/kernel/pvclock.c | 14 ++ arch/x86/kvm/x86.c | 9 +- arch/x86/lib/kaslr.c | 4 +- arch/x86/xen/suspend.c | 4 + arch/x86/xen/time.c | 118 ++++++++++++- arch/x86/xen/xen-ops.h | 2 + drivers/acpi/nfit/core.c | 61 +++++-- drivers/char/mwave/mwavedd.c | 7 + drivers/hv/hv_balloon.c | 10 +- drivers/hv/ring_buffer.c | 31 ++-- drivers/hv/vmbus_drv.c | 91 ++++++---- drivers/input/joystick/xpad.c | 3 + drivers/input/misc/uinput.c | 5 +- drivers/irqchip/irq-gic-v3-its.c | 25 +-- drivers/md/dm-crypt.c | 25 ++- drivers/md/dm-thin-metadata.c | 4 +- drivers/md/dm-thin-metadata.h | 2 +- drivers/md/dm-thin.c | 10 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mmc/host/Kconfig | 1 + drivers/net/can/dev.c | 27 ++- drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 - drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 22 ++- drivers/net/ethernet/stmicro/stmmac/common.h | 3 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 15 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 22 ++- drivers/net/phy/mdio_bus.c | 1 + drivers/net/ppp/pppoe.c | 1 + drivers/nvme/target/rdma.c | 17 +- drivers/ptp/ptp_kvm.c | 5 +- drivers/s390/char/sclp_config.c | 2 + drivers/staging/rtl8188eu/os_dep/usb_intf.c | 1 + drivers/tty/n_hdlc.c | 1 + drivers/tty/serial/serial_core.c | 12 +- drivers/tty/tty_io.c | 3 +- drivers/tty/vt/vt.c | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/host/xhci-mtk.c | 6 +- drivers/usb/host/xhci-pci.c | 1 + drivers/usb/host/xhci-plat.c | 6 +- drivers/usb/host/xhci-tegra.c | 1 + drivers/usb/host/xhci.c | 2 - drivers/usb/serial/pl2303.c | 1 + drivers/usb/serial/pl2303.h | 2 + drivers/usb/serial/usb-serial-simple.c | 3 +- drivers/vhost/net.c | 3 +- drivers/vhost/vhost.c | 97 ++++++++-- drivers/vhost/vhost.h | 3 +- drivers/xen/events/events_base.c | 2 +- fs/btrfs/dev-replace.c | 9 +- fs/cifs/cifssmb.c | 35 ++-- fs/cifs/connect.c | 21 +++ fs/cifs/smb2ops.c | 62 ++++--- fs/f2fs/node.c | 4 +- include/linux/compiler-clang.h | 14 ++ include/linux/compiler-gcc.h | 4 + include/linux/compiler-intel.h | 4 + include/linux/hyperv.h | 5 +- include/linux/overflow.h | 205 ++++++++++++++++++++++ include/linux/skbuff.h | 1 + include/net/ip_fib.h | 2 +- include/xen/interface/vcpu.h | 42 +++++ kernel/time/posix-cpu-timers.c | 1 + net/bridge/br_forward.c | 9 +- net/bridge/br_netfilter_ipv6.c | 1 + net/bridge/netfilter/nft_reject_bridge.c | 1 + net/can/bcm.c | 27 +++ net/ipv4/fib_frontend.c | 4 +- net/ipv4/fib_trie.c | 15 +- net/ipv4/inet_fragment.c | 2 +- net/ipv4/ip_input.c | 1 + net/ipv4/tcp.c | 2 +- net/openvswitch/flow_netlink.c | 2 +- net/sched/cls_api.c | 3 +- sound/pci/hda/patch_conexant.c | 1 + sound/soc/codecs/rt5514-spi.c | 2 + sound/soc/intel/atom/sst-mfld-platform-pcm.c | 8 +- tools/perf/util/unwind-libdw.c | 4 +- tools/testing/selftests/seccomp/seccomp_bpf.c | 61 ------- tools/testing/selftests/x86/protection_keys.c | 41 +++-- 92 files changed, 1073 insertions(+), 328 deletions(-)

6 years, 7 months

6
77
0 0

Re: [PATCH v2] net: dp83640: expire old TX-skb

by Sebastian Andrzej Siewior

On 2019-02-04 06:14:51 [+0000], Sasha Levin wrote: > Hi, > > [This is an automated email] > > This commit has been processed because it contains a -stable tag. > The stable tag indicates that it's relevant for the following trees: all > > The bot has tested the following trees: v4.20.6, v4.19.19, v4.14.97, v4.9.154, v4.4.172, v3.18.133. > > v4.20.6: Build OK! > v4.19.19: Build OK! > v4.14.97: Build OK! > v4.9.154: Build OK! > v4.4.172: Build OK! > v3.18.133: Failed to apply! Possible dependencies: > 81e8f2e930fe ("net: dp83640: Fix tx timestamp overflow handling.") > > > How should we proceed with this patch? I would skip v3.18, I backported more patches for my testing on v4.9. Sebastian

6 years, 7 months

1
0
0 0

[PATCH stable 4.4 v2 00/11] fix FragmentSmack in stable branch (CVE-2018-5391)

by Mao Wenan

There is one CVE: CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack), A fix is a merge commit in the Linux kernel tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… consisting of the following commits: 7969e5c40dfd04799d4341f1b7cd266b6e47f227 ip: discard IPv4 datagrams with overlapping segments. 385114dec8a49b5e5945e77ba7de6356106713f4 net: modify skb_rbtree_purge to return the truesize of all purged skbs. fa0f527358bd900ef92f925878ed6bfbd51305cc ip: use rb trees for IP frag queue. All above patches are with rb tree to fix this CVE, which is very similar the CVE-2018-5390, that I have backport to stable 4.4 branch in last year. In these patchset, I will backport some patches to fix CVE-2018-5391 with rb tree. v1->v2: in this patch, ipv6: defrag: drop non-last frags smaller than min mtu fix the incorrect return value of nf_ct_frag6_gather. Dan Carpenter (1): ipv4: frags: precedence bug in ip_expire() Eric Dumazet (2): net: speed up skb_rbtree_purge() inet: frags: get rif of inet_frag_evicting() Florian Westphal (1): ipv6: defrag: drop non-last frags smaller than min mtu Michal Kubecek (1): net: ipv4: do not handle duplicate fragments as overlapping Peter Oskolkov (5): ip: discard IPv4 datagrams with overlapping segments. net: modify skb_rbtree_purge to return the truesize of all purged skbs. ip: use rb trees for IP frag queue. ip: add helpers to process in-order fragments faster. ip: process in-order fragments efficiently Taehee Yoo (1): ip: frags: fix crash in ip_do_fragment() include/linux/skbuff.h | 4 +- include/net/inet_frag.h | 12 +- include/uapi/linux/snmp.h | 1 + net/core/skbuff.c | 17 +- net/ipv4/inet_fragment.c | 16 +- net/ipv4/ip_fragment.c | 410 +++++++++++++++++++------------- net/ipv4/proc.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 + net/ipv6/reassembly.c | 9 +- 9 files changed, 292 insertions(+), 184 deletions(-) -- 1.8.3.1

6 years, 7 months

2
12
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror