- Linux-stable-mirror - lists.linaro.org

[PATCH] gfs2: Fix loop in gfs2_rbm_find (2)

by Andreas Gruenbacher

This is an updated version of the patch previously posted on January 24. Changes since then: - The previous version didn't take filesystems with a single bitmap block per filesystem into account, and could still loop endlessly in that case. - When starting a scan at the beginning of a bitmap block and we wrap around, there is no need to rescan that bitmap block again. This revised version takes that into account as well. - At the end of gfs2_rbm_find, we update rd_extfail_pt when the scan has started at the beginning of the resource group. However, we should update rd_extfail_pt whenever we have scanned the entire resource group, including when we have wrapped around. -- The fix from commit 2d29f6b96d8f introduced an unexpected performance regression when allocating blocks. Fix by rewriting the overly complicated wrap-around logic in gfs2_rbm_find. Discovered and verified with iozone. Fixes: 2d29f6b96d8f ("gfs2: Fix loop in gfs2_rbm_find") Cc: stable(a)vger.kernel.org # v3.13+ Signed-off-by: Andreas Gruenbacher <agruenba(a)redhat.com> --- fs/gfs2/rgrp.c | 54 +++++++++++++++++++++++--------------------------- 1 file changed, 25 insertions(+), 29 deletions(-) diff --git a/fs/gfs2/rgrp.c b/fs/gfs2/rgrp.c index 831d7cb5a49c4..52a4f340a8672 100644 --- a/fs/gfs2/rgrp.c +++ b/fs/gfs2/rgrp.c @@ -1729,25 +1729,22 @@ static int gfs2_reservation_check_and_update(struct gfs2_rbm *rbm, static int gfs2_rbm_find(struct gfs2_rbm *rbm, u8 state, u32 *minext, const struct gfs2_inode *ip, bool nowrap) { + bool scan_from_start = rbm->bii == 0 && rbm->offset == 0; struct buffer_head *bh; - int initial_bii; - u32 initial_offset; - int first_bii = rbm->bii; - u32 first_offset = rbm->offset; + int last_bii; u32 offset; u8 *buffer; - int n = 0; - int iters = rbm->rgd->rd_length; + bool wrapped = false; int ret; struct gfs2_bitmap *bi; struct gfs2_extent maxext = { .rbm.rgd = rbm->rgd, }; - /* If we are not starting at the beginning of a bitmap, then we - * need to add one to the bitmap count to ensure that we search - * the starting bitmap twice. + /* + * Determine the last bitmap to search. If we're not starting at the + * beginning of a bitmap, we need to search that bitmap twice to scan + * the entire resource group. */ - if (rbm->offset != 0) - iters++; + last_bii = rbm->bii - (rbm->offset == 0); while(1) { bi = rbm_bi(rbm); @@ -1761,47 +1758,46 @@ static int gfs2_rbm_find(struct gfs2_rbm *rbm, u8 state, u32 *minext, WARN_ON(!buffer_uptodate(bh)); if (state != GFS2_BLKST_UNLINKED && bi->bi_clone) buffer = bi->bi_clone + bi->bi_offset; - initial_offset = rbm->offset; offset = gfs2_bitfit(buffer, bi->bi_bytes, rbm->offset, state); - if (offset == BFITNOENT) - goto bitmap_full; + if (offset == BFITNOENT) { + if (state == GFS2_BLKST_FREE && rbm->offset == 0) + set_bit(GBF_FULL, &bi->bi_flags); + goto next_bitmap; + } rbm->offset = offset; if (ip == NULL) return 0; - initial_bii = rbm->bii; ret = gfs2_reservation_check_and_update(rbm, ip, minext ? *minext : 0, &maxext); if (ret == 0) return 0; - if (ret > 0) { - n += (rbm->bii - initial_bii); + if (ret > 0) goto next_iter; - } if (ret == -E2BIG) { - n += rbm->bii - initial_bii; rbm->bii = 0; rbm->offset = 0; goto res_covered_end_of_rgrp; } return ret; -bitmap_full: /* Mark bitmap as full and fall through */ - if ((state == GFS2_BLKST_FREE) && initial_offset == 0) - set_bit(GBF_FULL, &bi->bi_flags); - next_bitmap: /* Find next bitmap in the rgrp */ rbm->offset = 0; rbm->bii++; if (rbm->bii == rbm->rgd->rd_length) rbm->bii = 0; res_covered_end_of_rgrp: - if ((rbm->bii == 0) && nowrap) - break; - n++; + if (rbm->bii == 0) { + if (wrapped) + break; + wrapped = true; + if (nowrap) + break; + } next_iter: - if (n >= iters) + /* Have we scanned the entire resource group? */ + if (wrapped && rbm->bii > last_bii) break; } @@ -1811,8 +1807,8 @@ static int gfs2_rbm_find(struct gfs2_rbm *rbm, u8 state, u32 *minext, /* If the extent was too small, and it's smaller than the smallest to have failed before, remember for future reference that it's useless to search this rgrp again for this amount or more. */ - if ((first_offset == 0) && (first_bii == 0) && - (*minext < rbm->rgd->rd_extfail_pt)) + if (wrapped && (scan_from_start || rbm->bii > last_bii) && + *minext < rbm->rgd->rd_extfail_pt) rbm->rgd->rd_extfail_pt = *minext; /* If the maximum extent we found is big enough to fulfill the -- 2.20.1

6 years, 7 months

2
1
0 0

Stable queue: queue-4.20

by CKI

Hello, We ran automated tests on a patchset that was proposed for merging into this kernel tree. The patches were applied to: Kernel repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: 65f42a73e553 Linux 4.20.6 The results of these automated tests are provided below. Overall result: PASSED Patch merge: OK Compile: OK Kernel tests: OK Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Merge testing ------------- We cloned this repository and checked out a ref: Repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Ref: 65f42a73e553 Linux 4.20.6 We then merged the following patches with `git am`: drm-msm-gpu-fix-building-without-debugfs.patch ipv6-sr-clear-ip6cb-skb-on-srh-ip4ip6-encapsulation.patch ipvlan-l3mdev-fix-broken-l3s-mode-wrt-local-routes.patch l2tp-copy-4-more-bytes-to-linear-part-if-necessary.patch l2tp-fix-reading-optional-fields-of-l2tpv3.patch net-ip_gre-always-reports-o_key-to-userspace.patch net-ip_gre-use-erspan-key-field-for-tunnel-lookup.patch net-ipv6-don-t-return-positive-numbers-when-nothing-was-dumped.patch net-mlx4_core-add-masking-for-a-few-queries-on-hca-caps.patch netrom-switch-to-sock-timer-api.patch net-rose-fix-null-ax25_cb-kernel-panic.patch net-set-default-network-namespace-in-init_dummy_netdev.patch ravb-expand-rx-descriptor-data-to-accommodate-hw-checksum.patch sctp-improve-the-events-for-sctp-stream-reset.patch tun-move-the-call-to-tun_set_real_num_queues.patch ucc_geth-reset-bql-queue-when-stopping-device.patch vhost-fix-oob-in-get_rx_bufs.patch net-ip6_gre-always-reports-o_key-to-userspace.patch sctp-improve-the-events-for-sctp-stream-adding.patch net-mlx5e-allow-mac-invalidation-while-spoofchk-is-on.patch ip6mr-fix-notifiers-call-on-mroute_clean_tables.patch revert-net-mlx5e-e-switch-initialize-eswitch-only-if-eswitch-manager.patch sctp-set-chunk-transport-correctly-when-it-s-a-new-asoc.patch sctp-set-flow-sport-from-saddr-only-when-it-s-0.patch net-tls-fix-deadlock-in-free_resources-tx.patch net-tls-save-iv-in-tls_rec-for-async-crypto-requests.patch virtio_net-don-t-enable-napi-when-interface-is-down.patch virtio_net-don-t-call-free_old_xmit_skbs-for-xdp_frames.patch virtio_net-fix-not-restoring-real_num_rx_queues.patch virtio_net-fix-out-of-bounds-access-of-sq.patch virtio_net-don-t-process-redirected-xdp-frames-when-xdp-is-disabled.patch virtio_net-use-xdp_return_frame-to-free-xdp_frames-on-destroying-vqs.patch virtio_net-differentiate-sk_buff-and-xdp_frame-on-freeing.patch ipv6-consider-sk_bound_dev_if-when-binding-a-socket-to-an-address.patch Compile testing --------------- We compiled the kernel for 4 architectures: s390x: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/s390x/ce6918b39b3a2302fae039ecf39a… powerpc64le: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/ppc64le/c500085b01106ff7715ed4f666… aarch64: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/aarch64/1b70af2f7ff35e7267b4514744… x86_64: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: https://artifacts.cki-project.org/builds/x86_64/3575f3da8fa40ab447d90d9da31… Hardware testing ---------------- We booted each kernel and ran the following tests: s390: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu powerpc: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu arm64: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu x86_64: Boot test - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… /distribution/command LTP lite - release 20180926 - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… AMTU (Abstract Machine Test Utility) - URL: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu

6 years, 7 months

1
0
0 0

Still need this?

by Grace

Want to retouch your photos? we can help you. Deep etching or masking for your photos, or even adding clipping path. Retouching also if needed. Hopefully to start something for you soon. Thanks, Grace Aaledn Pirna

6 years, 7 months

1
0
0 0

Do the work

by Grace

Want to retouch your photos? we can help you. Deep etching or masking for your photos, or even adding clipping path. Retouching also if needed. Hopefully to start something for you soon. Thanks, Grace Offendbach Siegdurg

6 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] IB/uverbs: Fix OOPs upon device disassociation" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 425784aa5b029eeb80498c73a68f62c3ad1d3b3f Mon Sep 17 00:00:00 2001 From: Yishai Hadas <yishaih(a)mellanox.com> Date: Thu, 24 Jan 2019 14:33:12 +0200 Subject: [PATCH] IB/uverbs: Fix OOPs upon device disassociation The async_file might be freed before the disassociation has been ended, causing qp shutdown to use after free on it. Since uverbs_destroy_ufile_hw is not a fence, it returns if a disassociation is ongoing in another thread. It has to be written this way to avoid deadlock. However this means that the ufile FD close cannot destroy anything that may still be used by an active kref, such as the the async_file. To fix that move the kref_put() to be in ib_uverbs_release_file(). BUG: unable to handle kernel paging request at ffffffffba682787 PGD bc80e067 P4D bc80e067 PUD bc80f063 PMD 1313df163 PTE 80000000bc682061 Oops: 0003 [#1] SMP PTI CPU: 1 PID: 32410 Comm: bash Tainted: G OE 4.20.0-rc6+ #3 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__pv_queued_spin_lock_slowpath+0x1b3/0x2a0 Code: 98 83 e2 60 49 89 df 48 8b 04 c5 80 18 72 ba 48 8d ba 80 32 02 00 ba 00 80 00 00 4c 8d 65 14 41 bd 01 00 00 00 48 01 c7 85 d2 <48> 89 2f 48 89 fb 74 14 8b 45 08 85 c0 75 42 84 d2 74 6b f3 90 83 RSP: 0018:ffffc1bbc064fb58 EFLAGS: 00010006 RAX: ffffffffba65f4e7 RBX: ffff9f209c656c00 RCX: 0000000000000001 RDX: 0000000000008000 RSI: 0000000000000000 RDI: ffffffffba682787 RBP: ffff9f217bb23280 R08: 0000000000000001 R09: 0000000000000000 R10: ffff9f209d2c7800 R11: ffffffffffffffe8 R12: ffff9f217bb23294 R13: 0000000000000001 R14: 0000000000000000 R15: ffff9f209c656c00 FS: 00007fac55aad740(0000) GS:ffff9f217bb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffba682787 CR3: 000000012f8e0000 CR4: 00000000000006e0 Call Trace: _raw_spin_lock_irq+0x27/0x30 ib_uverbs_release_uevent+0x1e/0xa0 [ib_uverbs] uverbs_free_qp+0x7e/0x90 [ib_uverbs] destroy_hw_idr_uobject+0x1c/0x50 [ib_uverbs] uverbs_destroy_uobject+0x2e/0x180 [ib_uverbs] __uverbs_cleanup_ufile+0x73/0x90 [ib_uverbs] uverbs_destroy_ufile_hw+0x5d/0x120 [ib_uverbs] ib_uverbs_remove_one+0xea/0x240 [ib_uverbs] ib_unregister_device+0xfb/0x200 [ib_core] mlx5_ib_remove+0x51/0xe0 [mlx5_ib] mlx5_remove_device+0xc1/0xd0 [mlx5_core] mlx5_unregister_device+0x3d/0xb0 [mlx5_core] remove_one+0x2a/0x90 [mlx5_core] pci_device_remove+0x3b/0xc0 device_release_driver_internal+0x16d/0x240 unbind_store+0xb2/0x100 kernfs_fop_write+0x102/0x180 __vfs_write+0x36/0x1a0 ? __alloc_fd+0xa9/0x170 ? set_close_on_exec+0x49/0x70 vfs_write+0xad/0x1a0 ksys_write+0x52/0xc0 do_syscall_64+0x5b/0x180 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fac551aac60 Cc: <stable(a)vger.kernel.org> # 4.2 Fixes: 036b10635739 ("IB/uverbs: Enable device removal when there are active user space applications") Signed-off-by: Yishai Hadas <yishaih(a)mellanox.com> Signed-off-by: Leon Romanovsky <leonro(a)mellanox.com> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c index 2890a77339e1..15add0688fbb 100644 --- a/drivers/infiniband/core/uverbs_main.c +++ b/drivers/infiniband/core/uverbs_main.c @@ -204,6 +204,9 @@ void ib_uverbs_release_file(struct kref *ref) if (atomic_dec_and_test(&file->device->refcount)) ib_uverbs_comp_dev(file->device); + if (file->async_file) + kref_put(&file->async_file->ref, + ib_uverbs_release_async_event_file); put_device(&file->device->dev); kfree(file); } @@ -1096,10 +1099,6 @@ static int ib_uverbs_close(struct inode *inode, struct file *filp) list_del_init(&file->list); mutex_unlock(&file->device->lists_mutex); - if (file->async_file) - kref_put(&file->async_file->ref, - ib_uverbs_release_async_event_file); - kref_put(&file->ref, ib_uverbs_release_file); return 0;

6 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] IB/uverbs: Fix OOPs upon device disassociation" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 425784aa5b029eeb80498c73a68f62c3ad1d3b3f Mon Sep 17 00:00:00 2001 From: Yishai Hadas <yishaih(a)mellanox.com> Date: Thu, 24 Jan 2019 14:33:12 +0200 Subject: [PATCH] IB/uverbs: Fix OOPs upon device disassociation The async_file might be freed before the disassociation has been ended, causing qp shutdown to use after free on it. Since uverbs_destroy_ufile_hw is not a fence, it returns if a disassociation is ongoing in another thread. It has to be written this way to avoid deadlock. However this means that the ufile FD close cannot destroy anything that may still be used by an active kref, such as the the async_file. To fix that move the kref_put() to be in ib_uverbs_release_file(). BUG: unable to handle kernel paging request at ffffffffba682787 PGD bc80e067 P4D bc80e067 PUD bc80f063 PMD 1313df163 PTE 80000000bc682061 Oops: 0003 [#1] SMP PTI CPU: 1 PID: 32410 Comm: bash Tainted: G OE 4.20.0-rc6+ #3 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__pv_queued_spin_lock_slowpath+0x1b3/0x2a0 Code: 98 83 e2 60 49 89 df 48 8b 04 c5 80 18 72 ba 48 8d ba 80 32 02 00 ba 00 80 00 00 4c 8d 65 14 41 bd 01 00 00 00 48 01 c7 85 d2 <48> 89 2f 48 89 fb 74 14 8b 45 08 85 c0 75 42 84 d2 74 6b f3 90 83 RSP: 0018:ffffc1bbc064fb58 EFLAGS: 00010006 RAX: ffffffffba65f4e7 RBX: ffff9f209c656c00 RCX: 0000000000000001 RDX: 0000000000008000 RSI: 0000000000000000 RDI: ffffffffba682787 RBP: ffff9f217bb23280 R08: 0000000000000001 R09: 0000000000000000 R10: ffff9f209d2c7800 R11: ffffffffffffffe8 R12: ffff9f217bb23294 R13: 0000000000000001 R14: 0000000000000000 R15: ffff9f209c656c00 FS: 00007fac55aad740(0000) GS:ffff9f217bb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffba682787 CR3: 000000012f8e0000 CR4: 00000000000006e0 Call Trace: _raw_spin_lock_irq+0x27/0x30 ib_uverbs_release_uevent+0x1e/0xa0 [ib_uverbs] uverbs_free_qp+0x7e/0x90 [ib_uverbs] destroy_hw_idr_uobject+0x1c/0x50 [ib_uverbs] uverbs_destroy_uobject+0x2e/0x180 [ib_uverbs] __uverbs_cleanup_ufile+0x73/0x90 [ib_uverbs] uverbs_destroy_ufile_hw+0x5d/0x120 [ib_uverbs] ib_uverbs_remove_one+0xea/0x240 [ib_uverbs] ib_unregister_device+0xfb/0x200 [ib_core] mlx5_ib_remove+0x51/0xe0 [mlx5_ib] mlx5_remove_device+0xc1/0xd0 [mlx5_core] mlx5_unregister_device+0x3d/0xb0 [mlx5_core] remove_one+0x2a/0x90 [mlx5_core] pci_device_remove+0x3b/0xc0 device_release_driver_internal+0x16d/0x240 unbind_store+0xb2/0x100 kernfs_fop_write+0x102/0x180 __vfs_write+0x36/0x1a0 ? __alloc_fd+0xa9/0x170 ? set_close_on_exec+0x49/0x70 vfs_write+0xad/0x1a0 ksys_write+0x52/0xc0 do_syscall_64+0x5b/0x180 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fac551aac60 Cc: <stable(a)vger.kernel.org> # 4.2 Fixes: 036b10635739 ("IB/uverbs: Enable device removal when there are active user space applications") Signed-off-by: Yishai Hadas <yishaih(a)mellanox.com> Signed-off-by: Leon Romanovsky <leonro(a)mellanox.com> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c index 2890a77339e1..15add0688fbb 100644 --- a/drivers/infiniband/core/uverbs_main.c +++ b/drivers/infiniband/core/uverbs_main.c @@ -204,6 +204,9 @@ void ib_uverbs_release_file(struct kref *ref) if (atomic_dec_and_test(&file->device->refcount)) ib_uverbs_comp_dev(file->device); + if (file->async_file) + kref_put(&file->async_file->ref, + ib_uverbs_release_async_event_file); put_device(&file->device->dev); kfree(file); } @@ -1096,10 +1099,6 @@ static int ib_uverbs_close(struct inode *inode, struct file *filp) list_del_init(&file->list); mutex_unlock(&file->device->lists_mutex); - if (file->async_file) - kref_put(&file->async_file->ref, - ib_uverbs_release_async_event_file); - kref_put(&file->ref, ib_uverbs_release_file); return 0;

6 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] IB/uverbs: Fix OOPs upon device disassociation" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 425784aa5b029eeb80498c73a68f62c3ad1d3b3f Mon Sep 17 00:00:00 2001 From: Yishai Hadas <yishaih(a)mellanox.com> Date: Thu, 24 Jan 2019 14:33:12 +0200 Subject: [PATCH] IB/uverbs: Fix OOPs upon device disassociation The async_file might be freed before the disassociation has been ended, causing qp shutdown to use after free on it. Since uverbs_destroy_ufile_hw is not a fence, it returns if a disassociation is ongoing in another thread. It has to be written this way to avoid deadlock. However this means that the ufile FD close cannot destroy anything that may still be used by an active kref, such as the the async_file. To fix that move the kref_put() to be in ib_uverbs_release_file(). BUG: unable to handle kernel paging request at ffffffffba682787 PGD bc80e067 P4D bc80e067 PUD bc80f063 PMD 1313df163 PTE 80000000bc682061 Oops: 0003 [#1] SMP PTI CPU: 1 PID: 32410 Comm: bash Tainted: G OE 4.20.0-rc6+ #3 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__pv_queued_spin_lock_slowpath+0x1b3/0x2a0 Code: 98 83 e2 60 49 89 df 48 8b 04 c5 80 18 72 ba 48 8d ba 80 32 02 00 ba 00 80 00 00 4c 8d 65 14 41 bd 01 00 00 00 48 01 c7 85 d2 <48> 89 2f 48 89 fb 74 14 8b 45 08 85 c0 75 42 84 d2 74 6b f3 90 83 RSP: 0018:ffffc1bbc064fb58 EFLAGS: 00010006 RAX: ffffffffba65f4e7 RBX: ffff9f209c656c00 RCX: 0000000000000001 RDX: 0000000000008000 RSI: 0000000000000000 RDI: ffffffffba682787 RBP: ffff9f217bb23280 R08: 0000000000000001 R09: 0000000000000000 R10: ffff9f209d2c7800 R11: ffffffffffffffe8 R12: ffff9f217bb23294 R13: 0000000000000001 R14: 0000000000000000 R15: ffff9f209c656c00 FS: 00007fac55aad740(0000) GS:ffff9f217bb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffba682787 CR3: 000000012f8e0000 CR4: 00000000000006e0 Call Trace: _raw_spin_lock_irq+0x27/0x30 ib_uverbs_release_uevent+0x1e/0xa0 [ib_uverbs] uverbs_free_qp+0x7e/0x90 [ib_uverbs] destroy_hw_idr_uobject+0x1c/0x50 [ib_uverbs] uverbs_destroy_uobject+0x2e/0x180 [ib_uverbs] __uverbs_cleanup_ufile+0x73/0x90 [ib_uverbs] uverbs_destroy_ufile_hw+0x5d/0x120 [ib_uverbs] ib_uverbs_remove_one+0xea/0x240 [ib_uverbs] ib_unregister_device+0xfb/0x200 [ib_core] mlx5_ib_remove+0x51/0xe0 [mlx5_ib] mlx5_remove_device+0xc1/0xd0 [mlx5_core] mlx5_unregister_device+0x3d/0xb0 [mlx5_core] remove_one+0x2a/0x90 [mlx5_core] pci_device_remove+0x3b/0xc0 device_release_driver_internal+0x16d/0x240 unbind_store+0xb2/0x100 kernfs_fop_write+0x102/0x180 __vfs_write+0x36/0x1a0 ? __alloc_fd+0xa9/0x170 ? set_close_on_exec+0x49/0x70 vfs_write+0xad/0x1a0 ksys_write+0x52/0xc0 do_syscall_64+0x5b/0x180 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fac551aac60 Cc: <stable(a)vger.kernel.org> # 4.2 Fixes: 036b10635739 ("IB/uverbs: Enable device removal when there are active user space applications") Signed-off-by: Yishai Hadas <yishaih(a)mellanox.com> Signed-off-by: Leon Romanovsky <leonro(a)mellanox.com> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c index 2890a77339e1..15add0688fbb 100644 --- a/drivers/infiniband/core/uverbs_main.c +++ b/drivers/infiniband/core/uverbs_main.c @@ -204,6 +204,9 @@ void ib_uverbs_release_file(struct kref *ref) if (atomic_dec_and_test(&file->device->refcount)) ib_uverbs_comp_dev(file->device); + if (file->async_file) + kref_put(&file->async_file->ref, + ib_uverbs_release_async_event_file); put_device(&file->device->dev); kfree(file); } @@ -1096,10 +1099,6 @@ static int ib_uverbs_close(struct inode *inode, struct file *filp) list_del_init(&file->list); mutex_unlock(&file->device->lists_mutex); - if (file->async_file) - kref_put(&file->async_file->ref, - ib_uverbs_release_async_event_file); - kref_put(&file->ref, ib_uverbs_release_file); return 0;

6 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] IB/uverbs: Fix OOPs upon device disassociation" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 425784aa5b029eeb80498c73a68f62c3ad1d3b3f Mon Sep 17 00:00:00 2001 From: Yishai Hadas <yishaih(a)mellanox.com> Date: Thu, 24 Jan 2019 14:33:12 +0200 Subject: [PATCH] IB/uverbs: Fix OOPs upon device disassociation The async_file might be freed before the disassociation has been ended, causing qp shutdown to use after free on it. Since uverbs_destroy_ufile_hw is not a fence, it returns if a disassociation is ongoing in another thread. It has to be written this way to avoid deadlock. However this means that the ufile FD close cannot destroy anything that may still be used by an active kref, such as the the async_file. To fix that move the kref_put() to be in ib_uverbs_release_file(). BUG: unable to handle kernel paging request at ffffffffba682787 PGD bc80e067 P4D bc80e067 PUD bc80f063 PMD 1313df163 PTE 80000000bc682061 Oops: 0003 [#1] SMP PTI CPU: 1 PID: 32410 Comm: bash Tainted: G OE 4.20.0-rc6+ #3 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__pv_queued_spin_lock_slowpath+0x1b3/0x2a0 Code: 98 83 e2 60 49 89 df 48 8b 04 c5 80 18 72 ba 48 8d ba 80 32 02 00 ba 00 80 00 00 4c 8d 65 14 41 bd 01 00 00 00 48 01 c7 85 d2 <48> 89 2f 48 89 fb 74 14 8b 45 08 85 c0 75 42 84 d2 74 6b f3 90 83 RSP: 0018:ffffc1bbc064fb58 EFLAGS: 00010006 RAX: ffffffffba65f4e7 RBX: ffff9f209c656c00 RCX: 0000000000000001 RDX: 0000000000008000 RSI: 0000000000000000 RDI: ffffffffba682787 RBP: ffff9f217bb23280 R08: 0000000000000001 R09: 0000000000000000 R10: ffff9f209d2c7800 R11: ffffffffffffffe8 R12: ffff9f217bb23294 R13: 0000000000000001 R14: 0000000000000000 R15: ffff9f209c656c00 FS: 00007fac55aad740(0000) GS:ffff9f217bb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffba682787 CR3: 000000012f8e0000 CR4: 00000000000006e0 Call Trace: _raw_spin_lock_irq+0x27/0x30 ib_uverbs_release_uevent+0x1e/0xa0 [ib_uverbs] uverbs_free_qp+0x7e/0x90 [ib_uverbs] destroy_hw_idr_uobject+0x1c/0x50 [ib_uverbs] uverbs_destroy_uobject+0x2e/0x180 [ib_uverbs] __uverbs_cleanup_ufile+0x73/0x90 [ib_uverbs] uverbs_destroy_ufile_hw+0x5d/0x120 [ib_uverbs] ib_uverbs_remove_one+0xea/0x240 [ib_uverbs] ib_unregister_device+0xfb/0x200 [ib_core] mlx5_ib_remove+0x51/0xe0 [mlx5_ib] mlx5_remove_device+0xc1/0xd0 [mlx5_core] mlx5_unregister_device+0x3d/0xb0 [mlx5_core] remove_one+0x2a/0x90 [mlx5_core] pci_device_remove+0x3b/0xc0 device_release_driver_internal+0x16d/0x240 unbind_store+0xb2/0x100 kernfs_fop_write+0x102/0x180 __vfs_write+0x36/0x1a0 ? __alloc_fd+0xa9/0x170 ? set_close_on_exec+0x49/0x70 vfs_write+0xad/0x1a0 ksys_write+0x52/0xc0 do_syscall_64+0x5b/0x180 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fac551aac60 Cc: <stable(a)vger.kernel.org> # 4.2 Fixes: 036b10635739 ("IB/uverbs: Enable device removal when there are active user space applications") Signed-off-by: Yishai Hadas <yishaih(a)mellanox.com> Signed-off-by: Leon Romanovsky <leonro(a)mellanox.com> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c index 2890a77339e1..15add0688fbb 100644 --- a/drivers/infiniband/core/uverbs_main.c +++ b/drivers/infiniband/core/uverbs_main.c @@ -204,6 +204,9 @@ void ib_uverbs_release_file(struct kref *ref) if (atomic_dec_and_test(&file->device->refcount)) ib_uverbs_comp_dev(file->device); + if (file->async_file) + kref_put(&file->async_file->ref, + ib_uverbs_release_async_event_file); put_device(&file->device->dev); kfree(file); } @@ -1096,10 +1099,6 @@ static int ib_uverbs_close(struct inode *inode, struct file *filp) list_del_init(&file->list); mutex_unlock(&file->device->lists_mutex); - if (file->async_file) - kref_put(&file->async_file->ref, - ib_uverbs_release_async_event_file); - kref_put(&file->ref, ib_uverbs_release_file); return 0;

6 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] mmc: mediatek: fix incorrect register setting of" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3751e008da0df4384031bd66a516c0292f915605 Mon Sep 17 00:00:00 2001 From: Chaotian Jing <chaotian.jing(a)mediatek.com> Date: Wed, 23 Jan 2019 20:05:25 +0800 Subject: [PATCH] mmc: mediatek: fix incorrect register setting of hs400_cmd_int_delay to set cmd internal delay, need set PAD_TUNE register but not PAD_CMD_TUNE register. Signed-off-by: Chaotian Jing <chaotian.jing(a)mediatek.com> Fixes: 1ede5cb88a29 ("mmc: mediatek: Use data tune for CMD line tune") Cc: stable(a)vger.kernel.org # v4.12+ Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/mtk-sd.c b/drivers/mmc/host/mtk-sd.c index 8afeaf81ae66..833ef0590af8 100644 --- a/drivers/mmc/host/mtk-sd.c +++ b/drivers/mmc/host/mtk-sd.c @@ -846,7 +846,7 @@ static void msdc_set_mclk(struct msdc_host *host, unsigned char timing, u32 hz) if (timing == MMC_TIMING_MMC_HS400 && host->dev_comp->hs400_tune) - sdr_set_field(host->base + PAD_CMD_TUNE, + sdr_set_field(host->base + tune_reg, MSDC_PAD_TUNE_CMDRRDLY, host->hs400_cmd_int_delay); dev_dbg(host->dev, "sclk: %d, timing: %d\n", host->mmc->actual_clock,

6 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] CIFS: Do not consider -ENODATA as stat failure for reads" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 082aaa8700415f6471ec9c5ef0c8307ca214989a Mon Sep 17 00:00:00 2001 From: Pavel Shilovsky <pshilov(a)microsoft.com> Date: Fri, 18 Jan 2019 15:54:34 -0800 Subject: [PATCH] CIFS: Do not consider -ENODATA as stat failure for reads When doing reads beyound the end of a file the server returns error STATUS_END_OF_FILE error which is mapped to -ENODATA. Currently we report it as a failure which confuses read stats. Change it to not consider -ENODATA as failure for stat purposes. Signed-off-by: Pavel Shilovsky <pshilov(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> CC: Stable <stable(a)vger.kernel.org> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index d858dc04fdc3..ef52d6642431 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -3241,7 +3241,7 @@ smb2_readv_callback(struct mid_q_entry *mid) rdata->mr = NULL; } #endif - if (rdata->result) { + if (rdata->result && rdata->result != -ENODATA) { cifs_stats_fail_inc(tcon, SMB2_READ_HE); trace_smb3_read_err(0 /* xid */, rdata->cfile->fid.persistent_fid,

6 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] CIFS: Do not consider -ENODATA as stat failure for reads" failed to apply to 4.20-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.20-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 082aaa8700415f6471ec9c5ef0c8307ca214989a Mon Sep 17 00:00:00 2001 From: Pavel Shilovsky <pshilov(a)microsoft.com> Date: Fri, 18 Jan 2019 15:54:34 -0800 Subject: [PATCH] CIFS: Do not consider -ENODATA as stat failure for reads When doing reads beyound the end of a file the server returns error STATUS_END_OF_FILE error which is mapped to -ENODATA. Currently we report it as a failure which confuses read stats. Change it to not consider -ENODATA as failure for stat purposes. Signed-off-by: Pavel Shilovsky <pshilov(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> CC: Stable <stable(a)vger.kernel.org> diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index d858dc04fdc3..ef52d6642431 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -3241,7 +3241,7 @@ smb2_readv_callback(struct mid_q_entry *mid) rdata->mr = NULL; } #endif - if (rdata->result) { + if (rdata->result && rdata->result != -ENODATA) { cifs_stats_fail_inc(tcon, SMB2_READ_HE); trace_smb3_read_err(0 /* xid */, rdata->cfile->fid.persistent_fid,

6 years, 7 months

1
0
0 0

[PATCHES] Networking

by David Miller

Please queue up the following networking bug fixes for v4.19 and v4.20 -stable, respectively. Thanks!

6 years, 7 months

2
1
0 0

v4.20.6 build: 0 failures 4 warnings (v4.20.6)

by Build bot for Mark Brown

Tree/Branch: v4.20.6 Git describe: v4.20.6 Commit: 65f42a73e5 Linux 4.20.6 Build Time: 129 min 59 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 4 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : arm64-allmodconfig 3 warnings 0 mismatches : arm-allmodconfig ------------------------------------------------------------------------------- Warnings Summary: 4 1 ../drivers/staging/erofs/unzip_vle.c:188:29: warning: array subscript is above array bounds [-Warray-bounds] 1 ../drivers/scsi/myrs.c:821:24: warning: 'sshdr.sense_key' may be used uninitialized in this function [-Wmaybe-uninitialized] 1 ../drivers/net/ethernet/mellanox/mlx5/core/en_stats.c:216:1: warning: the frame size of 1064 bytes is larger than 1024 bytes [-Wframe-larger-than=] 1 ../drivers/isdn/hardware/eicon/message.c:5985:1: warning: the frame size of 2064 bytes is larger than 2048 bytes [-Wframe-larger-than=] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../drivers/isdn/hardware/eicon/message.c:5985:1: warning: the frame size of 2064 bytes is larger than 2048 bytes [-Wframe-larger-than=] ------------------------------------------------------------------------------- arm-allmodconfig : PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: ../drivers/net/ethernet/mellanox/mlx5/core/en_stats.c:216:1: warning: the frame size of 1064 bytes is larger than 1024 bytes [-Wframe-larger-than=] ../drivers/staging/erofs/unzip_vle.c:188:29: warning: array subscript is above array bounds [-Warray-bounds] ../drivers/scsi/myrs.c:821:24: warning: 'sshdr.sense_key' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig x86_64-allmodconfig arm64-defconfig

6 years, 7 months

1
0
0 0

[PATCH] stable-kernel-rules.rst: add link to networking patch queue

by Greg Kroah-Hartman

The networking maintainer keeps a public list of the patches being queued up for the next round of stable releases. Be sure to check there before asking for a patch to be applied so that you do not waste people's time. Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Acked-by: David S. Miller <davem(a)davemloft.net> --- Jon, I can take this through one of my trees if you don't want to, which ever is easier for you. diff --git a/Documentation/process/stable-kernel-rules.rst b/Documentation/process/stable-kernel-rules.rst index 0de6f6145cc6..7ba8cd567f84 100644 --- a/Documentation/process/stable-kernel-rules.rst +++ b/Documentation/process/stable-kernel-rules.rst @@ -38,6 +38,9 @@ Procedure for submitting patches to the -stable tree - If the patch covers files in net/ or drivers/net please follow netdev stable submission guidelines as described in :ref:`Documentation/networking/netdev-FAQ.rst <netdev-FAQ>` + after first checking the stable networking queue at + https://patchwork.ozlabs.org/bundle/davem/stable/?series=&submitter=&state=… + to ensure the requested patch is not already queued up. - Security patches should not be handled (solely) by the -stable review process but should follow the procedures in :ref:`Documentation/admin-guide/security-bugs.rst <securitybugs>`.

6 years, 7 months

2
1
0 0

Re: [PATCH] huegtlbfs: fix page leak during migration of file pages

by Mike Kravetz

On 1/31/19 6:12 AM, Sasha Levin wrote: > Hi, > > [This is an automated email] > > This commit has been processed because it contains a "Fixes:" tag, > fixing commit: 290408d4a250 hugetlb: hugepage migration core. > > The bot has tested the following trees: v4.20.5, v4.19.18, v4.14.96, v4.9.153, v4.4.172, v3.18.133. > > v4.20.5: Build OK! > v4.19.18: Build OK! > v4.14.96: Build OK! > v4.9.153: Failed to apply! Possible dependencies: > 2916ecc0f9d4 ("mm/migrate: new migrate mode MIGRATE_SYNC_NO_COPY") > > v4.4.172: Failed to apply! Possible dependencies: > 09cbfeaf1a5a ("mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros") > 0e749e54244e ("dax: increase granularity of dax_clear_blocks() operations") > 2916ecc0f9d4 ("mm/migrate: new migrate mode MIGRATE_SYNC_NO_COPY") > 2a28900be206 ("udf: Export superblock magic to userspace") > 4420cfd3f51c ("staging: lustre: format properly all comment blocks for LNet core") > 48b4800a1c6a ("zsmalloc: page migration support") > 5057dcd0f1aa ("virtio_balloon: export 'available' memory to balloon statistics") > 52db400fcd50 ("pmem, dax: clean up clear_pmem()") > 5b7a487cf32d ("f2fs: add customized migrate_page callback") > 5fd88337d209 ("staging: lustre: fix all conditional comparison to zero in LNet layer") > a188222b6ed2 ("net: Rename NETIF_F_ALL_CSUM to NETIF_F_CSUM_MASK") > b1123ea6d3b3 ("mm: balloon: use general non-lru movable page feature") > b2e0d1625e19 ("dax: fix lifetime of in-kernel dax mappings with dax_map_atomic()") > bda807d44454 ("mm: migrate: support non-lru movable page migration") > c8b8e32d700f ("direct-io: eliminate the offset argument to ->direct_IO") > d1a5f2b4d8a1 ("block: use DAX for partition table reads") > e10624f8c097 ("pmem: fail io-requests to known bad blocks") > > v3.18.133: Failed to apply! Possible dependencies: > 0722b1011a5f ("f2fs: set page private for inmemory pages for truncation") > 1601839e9e5b ("f2fs: fix to release count of meta page in ->invalidatepage") > 2916ecc0f9d4 ("mm/migrate: new migrate mode MIGRATE_SYNC_NO_COPY") > 31a3268839c1 ("f2fs: cleanup if-statement of phase in gc_data_segment") > 34ba94bac938 ("f2fs: do not make dirty any inmemory pages") > 34d67debe02b ("f2fs: add infra struct and helper for inline dir") > 4634d71ed190 ("f2fs: fix missing kmem_cache_free") > 487261f39bcd ("f2fs: merge {invalidate,release}page for meta/node/data pages") > 5b7a487cf32d ("f2fs: add customized migrate_page callback") > 67298804f344 ("f2fs: introduce struct inode_management to wrap inner fields") > 769ec6e5b7d4 ("f2fs: call radix_tree_preload before radix_tree_insert") > 7dda2af83b2b ("f2fs: more fast lookup for gc_inode list") > 8b26ef98da33 ("f2fs: use rw_semaphore for nat entry lock") > 8c402946f074 ("f2fs: introduce the number of inode entries") > 9be32d72becc ("f2fs: do retry operations with cond_resched") > 9e4ded3f309e ("f2fs: activate f2fs_trace_pid") > d5053a34a9cc ("f2fs: introduce -o fastboot for reducing booting time only") > e5e7ea3c86e5 ("f2fs: control the memory footprint used by ino entries") > f68daeebba5a ("f2fs: keep PagePrivate during releasepage") > > > How should we proceed with this patch? Hello automated Sasha, First, let's wait for review/ack. However, the patch does not strictly 'depend' on the functionality of the commits in the lists above. If/when this goes upstream I can provide backports for 4.9, 4.4 and 3.18. -- Mike Kravetz

6 years, 7 months

1
0
0 0

[patch 21/24] mm: migrate: don't rely on __PageMovable() of newpage after unlocking it

by akpm＠linux-foundation.org

From: David Hildenbrand <david(a)redhat.com> Subject: mm: migrate: don't rely on __PageMovable() of newpage after unlocking it We had a race in the old balloon compaction code before b1123ea6d3b3 ("mm: balloon: use general non-lru movable page feature") refactored it that became visible after backporting 195a8c43e93d ("virtio-balloon: deflate via a page list") without the refactoring. The bug existed from commit d6d86c0a7f8d ("mm/balloon_compaction: redesign ballooned pages management") till b1123ea6d3b3 ("mm: balloon: use general non-lru movable page feature"). d6d86c0a7f8d ("mm/balloon_compaction: redesign ballooned pages management") was backported to 3.12, so the broken kernels are stable kernels [3.12 - 4.7]. There was a subtle race between dropping the page lock of the newpage in __unmap_and_move() and checking for __is_movable_balloon_page(newpage). Just after dropping this page lock, virtio-balloon could go ahead and deflate the newpage, effectively dequeueing it and clearing PageBalloon, in turn making __is_movable_balloon_page(newpage) fail. This resulted in dropping the reference of the newpage via putback_lru_page(newpage) instead of put_page(newpage), leading to page->lru getting modified and a !LRU page ending up in the LRU lists. With 195a8c43e93d ("virtio-balloon: deflate via a page list") backported, one would suddenly get corrupted lists in release_pages_balloon(): - WARNING: CPU: 13 PID: 6586 at lib/list_debug.c:59 __list_del_entry+0xa1/0xd0 - list_del corruption. prev->next should be ffffe253961090a0, but was dead000000000100 Nowadays this race is no longer possible, but it is hidden behind very ugly handling of __ClearPageMovable() and __PageMovable(). __ClearPageMovable() will not make __PageMovable() fail, only PageMovable(). So the new check (__PageMovable(newpage)) will still hold even after newpage was dequeued by virtio-balloon. If anybody would ever change that special handling, the BUG would be introduced again. So instead, make it explicit and use the information of the original isolated page before migration. This patch can be backported fairly easy to stable kernels (in contrast to the refactoring). Link: http://lkml.kernel.org/r/20190129233217.10747-1-david@redhat.com Fixes: d6d86c0a7f8d ("mm/balloon_compaction: redesign ballooned pages management") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Vratislav Bendel <vbendel(a)redhat.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Rafael Aquini <aquini(a)redhat.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Jan Kara <jack(a)suse.cz> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Dominik Brodowski <linux(a)dominikbrodowski.net> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Vratislav Bendel <vbendel(a)redhat.com> Cc: Rafael Aquini <aquini(a)redhat.com> Cc: Konstantin Khlebnikov <k.khlebnikov(a)samsung.com> Cc: Minchan Kim <minchan(a)kernel.org> Cc: <stable(a)vger.kernel.org> [3.12 - 4.7] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/migrate.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/mm/migrate.c~mm-migrate-dont-rely-on-__pagemovable-of-newpage-after-unlocking-it +++ a/mm/migrate.c @@ -1130,10 +1130,13 @@ out: * If migration is successful, decrease refcount of the newpage * which will not free the page because new page owner increased * refcounter. As well, if it is LRU page, add the page to LRU - * list in here. + * list in here. Use the old state of the isolated source page to + * determine if we migrated a LRU page. newpage was already unlocked + * and possibly modified by its owner - don't rely on the page + * state. */ if (rc == MIGRATEPAGE_SUCCESS) { - if (unlikely(__PageMovable(newpage))) + if (unlikely(!is_lru)) put_page(newpage); else putback_lru_page(newpage); _

6 years, 7 months

1
0
0 0

[patch 18/24] mm: hwpoison: use do_send_sig_info() instead of force_sig()

by akpm＠linux-foundation.org

From: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Subject: mm: hwpoison: use do_send_sig_info() instead of force_sig() Currently memory_failure() is racy against process's exiting, which results in kernel crash by null pointer dereference. The root cause is that memory_failure() uses force_sig() to forcibly kill asynchronous (meaning not in the current context) processes. As discussed in thread https://lkml.org/lkml/2010/6/8/236 years ago for OOM fixes, this is not a right thing to do. OOM solves this issue by using do_send_sig_info() as done in commit d2d393099de2 ("signal: oom_kill_task: use SEND_SIG_FORCED instead of force_sig()"), so this patch is suggesting to do the same for hwpoison. do_send_sig_info() properly accesses to siglock with lock_task_sighand(), so is free from the reported race. I confirmed that the reported bug reproduces with inserting some delay in kill_procs(), and it never reproduces with this patch. Note that memory_failure() can send another type of signal using force_sig_mceerr(), and the reported race shouldn't happen on it because force_sig_mceerr() is called only for synchronous processes (i.e. BUS_MCEERR_AR happens only when some process accesses to the corrupted memory.) Link: http://lkml.kernel.org/r/20190116093046.GA29835@hori1.linux.bs1.fc.nec.co.jp Signed-off-by: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Reported-by: Jane Chu <jane.chu(a)oracle.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: William Kucharski <william.kucharski(a)oracle.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/mm/memory-failure.c~mm-hwpoison-use-do_send_sig_info-instead-of-force_sig-re-pmem-error-handling-forces-sigkill-causes-kernel-panic +++ a/mm/memory-failure.c @@ -372,7 +372,8 @@ static void kill_procs(struct list_head if (fail || tk->addr_valid == 0) { pr_err("Memory failure: %#lx: forcibly killing %s:%d because of failure to unmap corrupted page\n", pfn, tk->tsk->comm, tk->tsk->pid); - force_sig(SIGKILL, tk->tsk); + do_send_sig_info(SIGKILL, SEND_SIG_PRIV, + tk->tsk, PIDTYPE_PID); } /* _

6 years, 7 months

1
0
0 0

[patch 14/24] mm, oom: fix use-after-free in oom_kill_process

by akpm＠linux-foundation.org

From: Shakeel Butt <shakeelb(a)google.com> Subject: mm, oom: fix use-after-free in oom_kill_process Syzbot instance running on upstream kernel found a use-after-free bug in oom_kill_process. On further inspection it seems like the process selected to be oom-killed has exited even before reaching read_lock(&tasklist_lock) in oom_kill_process(). More specifically the tsk->usage is 1 which is due to get_task_struct() in oom_evaluate_task() and the put_task_struct within for_each_thread() frees the tsk and for_each_thread() tries to access the tsk. The easiest fix is to do get/put across the for_each_thread() on the selected task. Now the next question is should we continue with the oom-kill as the previously selected task has exited? However before adding more complexity and heuristics, let's answer why we even look at the children of oom-kill selected task? The select_bad_process() has already selected the worst process in the system/memcg. Due to race, the selected process might not be the worst at the kill time but does that matter? The userspace can use the oom_score_adj interface to prefer children to be killed before the parent. I looked at the history but it seems like this is there before git history. Link: http://lkml.kernel.org/r/20190121215850.221745-1-shakeelb@google.com Reported-by: syzbot+7fbbfa368521945f0e3d(a)syzkaller.appspotmail.com Fixes: 6b0c81b3be11 ("mm, oom: reduce dependency on tasklist_lock") Signed-off-by: Shakeel Butt <shakeelb(a)google.com> Reviewed-by: Roman Gushchin <guro(a)fb.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: David Rientjes <rientjes(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/oom_kill.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/mm/oom_kill.c~mm-oom-fix-use-after-free-in-oom_kill_process +++ a/mm/oom_kill.c @@ -975,6 +975,13 @@ static void oom_kill_process(struct oom_ * still freeing memory. */ read_lock(&tasklist_lock); + + /* + * The task 'p' might have already exited before reaching here. The + * put_task_struct() will free task_struct 'p' while the loop still try + * to access the field of 'p', so, get an extra reference. + */ + get_task_struct(p); for_each_thread(p, t) { list_for_each_entry(child, &t->children, sibling) { unsigned int child_points; @@ -994,6 +1001,7 @@ static void oom_kill_process(struct oom_ } } } + put_task_struct(p); read_unlock(&tasklist_lock); /* _

6 years, 7 months

1
0
0 0

[patch 12/24] mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages

by akpm＠linux-foundation.org

From: Oscar Salvador <osalvador(a)suse.de> Subject: mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages This is the same sort of error we saw in 17e2e7d7e1b83 ("mm, page_alloc: fix has_unmovable_pages for HugePages"). Gigantic hugepages cross several memblocks, so it can be that the page we get in scan_movable_pages() is a page-tail belonging to a 1G-hugepage. If that happens, page_hstate()->size_to_hstate() will return NULL, and we will blow up in hugepage_migration_supported(). The splat is as follows: kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 kernel: #PF error: [normal kernel read fault] kernel: PGD 0 P4D 0 kernel: Oops: 0000 [#1] SMP PTI kernel: CPU: 1 PID: 1350 Comm: bash Tainted: G E 5.0.0-rc1-mm1-1-default+ #27 kernel: Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014 kernel: RIP: 0010:__offline_pages+0x6ae/0x900 kernel: Code: 48 c7 c6 d0 3e a4 81 e8 44 c8 ad ff 49 8b 04 24 bf 00 10 00 00 a9 00 00 01 00 74 09 41 0f b6 4c 24 51 48 d3 e7 e8 42 2a c1 ff <8b> 40 08 83 f8 09 0f 84 b0 fc ff ff 83 f8 12 0f 84 a7 fc ff ff 83 kernel: RSP: 0018:ffffc900008e3d20 EFLAGS: 00010246 kernel: RAX: 0000000000000000 RBX: ffffea0000000000 RCX: 0000000000000009 kernel: RDX: ffffffff825c64f0 RSI: 0000000000001000 RDI: 0000000000001000 kernel: RBP: ffffc900008e3d68 R08: 0000000000200000 R09: 00000000000001e4 kernel: R10: 0000000000000058 R11: ffffffff8254a854 R12: ffffea0004200000 kernel: R13: 0000000000108000 R14: 0000000000110000 R15: 0000000000000000 kernel: FS: 00007ff172339b80(0000) GS:ffff88803eb00000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000008 CR3: 0000000038d78006 CR4: 00000000003606a0 kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 kernel: Call Trace: kernel: ? klist_next+0x79/0xe0 kernel: memory_subsys_offline+0x42/0x60 kernel: device_offline+0x80/0xa0 kernel: state_store+0xab/0xc0 kernel: kernfs_fop_write+0x102/0x180 kernel: __vfs_write+0x26/0x190 kernel: ? set_close_on_exec+0x49/0x70 kernel: vfs_write+0xad/0x1b0 kernel: ksys_write+0x42/0x90 kernel: do_syscall_64+0x5b/0x180 kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9 kernel: RIP: 0033:0x7ff1719febe4 kernel: Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 80 00 00 00 00 8b 05 4a fc 2c 00 48 63 ff 85 c0 75 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 f3 c3 66 90 55 53 48 89 d5 48 89 f3 48 83 kernel: RSP: 002b:00007ffd50b7ddc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 kernel: RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007ff1719febe4 kernel: RDX: 0000000000000008 RSI: 00005556e9216b20 RDI: 0000000000000001 kernel: RBP: 00005556e9216b20 R08: 000000000000000a R09: 0000000000000000 kernel: R10: 000000000000000a R11: 0000000000000246 R12: 0000000000000008 kernel: R13: 0000000000000001 R14: 00007ff171cca720 R15: 0000000000000008 kernel: Modules linked in: af_packet(E) xt_tcpudp(E) ipt_REJECT(E) xt_conntrack(E) nf_conntrack(E) nf_defrag_ipv4(E) ip_set(E) nfnetlink(E) ebtable_nat(E) ebtable_broute(E) bridge(E) stp(E) llc(E) iptable_mangle(E) iptable_raw(E) iptable_security(E) ebtable_filter(E) ebtables(E) iptable_filter(E) ip_tables(E) x_tables(E) kvm_intel(E) kvm(E) irqbypass(E) crct10dif_pclmul(E) crc32_pclmul(E) ghash_clmulni_intel(E) bochs_drm(E) ttm(E) aesni_intel(E) drm_kms_helper(E) aes_x86_64(E) crypto_simd(E) cryptd(E) glue_helper(E) drm(E) virtio_net(E) syscopyarea(E) sysfillrect(E) net_failover(E) sysimgblt(E) pcspkr(E) failover(E) i2c_piix4(E) fb_sys_fops(E) parport_pc(E) parport(E) button(E) btrfs(E) libcrc32c(E) xor(E) zstd_decompress(E) zstd_compress(E) xxhash(E) raid6_pq(E) sd_mod(E) ata_generic(E) ata_piix(E) ahci(E) libahci(E) libata(E) crc32c_intel(E) serio_raw(E) virtio_pci(E) virtio_ring(E) virtio(E) sg(E) scsi_mod(E) autofs4(E) kernel: CR2: 0000000000000008 kernel: ---[ end trace bdb71590872849fb ]--- kernel: RIP: 0010:__offline_pages+0x6ae/0x900 kernel: Code: 48 c7 c6 d0 3e a4 81 e8 44 c8 ad ff 49 8b 04 24 bf 00 10 00 00 a9 00 00 01 00 74 09 41 0f b6 4c 24 51 48 d3 e7 e8 42 2a c1 ff <8b> 40 08 83 f8 09 0f 84 b0 fc ff ff 83 f8 12 0f 84 a7 fc ff ff 83 kernel: RSP: 0018:ffffc900008e3d20 EFLAGS: 00010246 kernel: RAX: 0000000000000000 RBX: ffffea0000000000 RCX: 0000000000000009 kernel: RDX: ffffffff825c64f0 RSI: 0000000000001000 RDI: 0000000000001000 kernel: RBP: ffffc900008e3d68 R08: 0000000000200000 R09: 00000000000001e4 kernel: R10: 0000000000000058 R11: ffffffff8254a854 R12: ffffea0004200000 kernel: R13: 0000000000108000 R14: 0000000000110000 R15: 0000000000000000 kernel: FS: 00007ff172339b80(0000) GS:ffff88803eb00000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000008 CR3: 0000000038d78006 CR4: 00000000003606a0 kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [akpm(a)linux-foundation.org: fix brace layout, per David. Reduce indentation] Link: http://lkml.kernel.org/r/20190122154407.18417-1-osalvador@suse.de Signed-off-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: Anthony Yznaga <anthony.yznaga(a)oracle.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory_hotplug.c | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) --- a/mm/memory_hotplug.c~mmmemory_hotplug-fix-scan_movable_pages-for-gigantic-hugepages +++ a/mm/memory_hotplug.c @@ -1305,23 +1305,27 @@ int test_pages_in_a_zone(unsigned long s static unsigned long scan_movable_pages(unsigned long start, unsigned long end) { unsigned long pfn; - struct page *page; + for (pfn = start; pfn < end; pfn++) { - if (pfn_valid(pfn)) { - page = pfn_to_page(pfn); - if (PageLRU(page)) - return pfn; - if (__PageMovable(page)) - return pfn; - if (PageHuge(page)) { - if (hugepage_migration_supported(page_hstate(page)) && - page_huge_active(page)) - return pfn; - else - pfn = round_up(pfn + 1, - 1 << compound_order(page)) - 1; - } - } + struct page *page, *head; + unsigned long skip; + + if (!pfn_valid(pfn)) + continue; + page = pfn_to_page(pfn); + if (PageLRU(page)) + return pfn; + if (__PageMovable(page)) + return pfn; + + if (!PageHuge(page)) + continue; + head = compound_head(page); + if (hugepage_migration_supported(page_hstate(head)) && + page_huge_active(head)) + return pfn; + skip = (1 << compound_order(head)) - (page - head); + pfn += skip - 1; } return 0; } _

6 years, 7 months

1
0
0 0

[patch 08/24] oom, oom_reaper: do not enqueue same task twice

by akpm＠linux-foundation.org

From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Subject: oom, oom_reaper: do not enqueue same task twice Arkadiusz reported that enabling memcg's group oom killing causes strange memcg statistics where there is no task in a memcg despite the number of tasks in that memcg is not 0. It turned out that there is a bug in wake_oom_reaper() which allows enqueuing same task twice which makes impossible to decrease the number of tasks in that memcg due to a refcount leak. This bug existed since the OOM reaper became invokable from task_will_free_mem(current) path in out_of_memory() in Linux 4.7, T1@P1 |T2@P1 |T3@P1 |OOM reaper ----------+----------+----------+------------ # Processing an OOM victim in a different memcg domain. try_charge() mem_cgroup_out_of_memory() mutex_lock(&oom_lock) try_charge() mem_cgroup_out_of_memory() mutex_lock(&oom_lock) try_charge() mem_cgroup_out_of_memory() mutex_lock(&oom_lock) out_of_memory() oom_kill_process(P1) do_send_sig_info(SIGKILL, @P1) mark_oom_victim(T1@P1) wake_oom_reaper(T1@P1) # T1@P1 is enqueued. mutex_unlock(&oom_lock) out_of_memory() mark_oom_victim(T2@P1) wake_oom_reaper(T2@P1) # T2@P1 is enqueued. mutex_unlock(&oom_lock) out_of_memory() mark_oom_victim(T1@P1) wake_oom_reaper(T1@P1) # T1@P1 is enqueued again due to oom_reaper_list == T2@P1 && T1@P1->oom_reaper_list == NULL. mutex_unlock(&oom_lock) # Completed processing an OOM victim in a different memcg domain. spin_lock(&oom_reaper_lock) # T1P1 is dequeued. spin_unlock(&oom_reaper_lock) but memcg's group oom killing made it easier to trigger this bug by calling wake_oom_reaper() on the same task from one out_of_memory() request. Fix this bug using an approach used by commit 855b018325737f76 ("oom, oom_reaper: disable oom_reaper for oom_kill_allocating_task"). As a side effect of this patch, this patch also avoids enqueuing multiple threads sharing memory via task_will_free_mem(current) path. Link: http://lkml.kernel.org/r/e865a044-2c10-9858-f4ef-254bc71d6cc2@i-love.sakura… Link: http://lkml.kernel.org/r/5ee34fc6-1485-34f8-8790-903ddabaa809@i-love.sakura… Fixes: af8e15cc85a25315 ("oom, oom_reaper: do not enqueue task if it is on the oom_reaper_list head") Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: Arkadiusz Miskiewicz <arekm(a)maven.pl> Tested-by: Arkadiusz Miskiewicz <arekm(a)maven.pl> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Roman Gushchin <guro(a)fb.com> Cc: Tejun Heo <tj(a)kernel.org> Cc: Aleksa Sarai <asarai(a)suse.de> Cc: Jay Kamat <jgkamat(a)fb.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/sched/coredump.h | 1 + mm/oom_kill.c | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) --- a/include/linux/sched/coredump.h~oom-oom_reaper-do-not-enqueue-same-task-twice +++ a/include/linux/sched/coredump.h @@ -71,6 +71,7 @@ static inline int get_dumpable(struct mm #define MMF_HUGE_ZERO_PAGE 23 /* mm has ever used the global huge zero page */ #define MMF_DISABLE_THP 24 /* disable THP for all VMAs */ #define MMF_OOM_VICTIM 25 /* mm is the oom victim */ +#define MMF_OOM_REAP_QUEUED 26 /* mm was queued for oom_reaper */ #define MMF_DISABLE_THP_MASK (1 << MMF_DISABLE_THP) #define MMF_INIT_MASK (MMF_DUMPABLE_MASK | MMF_DUMP_FILTER_MASK |\ --- a/mm/oom_kill.c~oom-oom_reaper-do-not-enqueue-same-task-twice +++ a/mm/oom_kill.c @@ -647,8 +647,8 @@ static int oom_reaper(void *unused) static void wake_oom_reaper(struct task_struct *tsk) { - /* tsk is already queued? */ - if (tsk == oom_reaper_list || tsk->oom_reaper_list) + /* mm is already queued? */ + if (test_and_set_bit(MMF_OOM_REAP_QUEUED, &tsk->signal->oom_mm->flags)) return; get_task_struct(tsk); _

6 years, 7 months

1
0
0 0

[patch 07/24] mm: migrate: make buffer_migrate_page_norefs() actually succeed

by akpm＠linux-foundation.org

From: Jan Kara <jack(a)suse.cz> Subject: mm: migrate: make buffer_migrate_page_norefs() actually succeed Currently, buffer_migrate_page_norefs() was constantly failing because buffer_migrate_lock_buffers() grabbed reference on each buffer. In fact, there's no reason for buffer_migrate_lock_buffers() to grab any buffer references as the page is locked during all our operation and thus nobody can reclaim buffers from the page. So remove grabbing of buffer references which also makes buffer_migrate_page_norefs() succeed. Link: http://lkml.kernel.org/r/20190116131217.7226-1-jack@suse.cz Fixes: 89cb0888ca14 "mm: migrate: provide buffer_migrate_page_norefs()" Signed-off-by: Jan Kara <jack(a)suse.cz> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Pavel Machek <pavel(a)ucw.cz> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: David Rientjes <rientjes(a)google.com> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Zi Yan <zi.yan(a)cs.rutgers.edu> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/migrate.c | 5 ----- 1 file changed, 5 deletions(-) --- a/mm/migrate.c~mm-migrate-make-buffer_migrate_page_norefs-actually-succeed +++ a/mm/migrate.c @@ -709,7 +709,6 @@ static bool buffer_migrate_lock_buffers( /* Simple case, sync compaction */ if (mode != MIGRATE_ASYNC) { do { - get_bh(bh); lock_buffer(bh); bh = bh->b_this_page; @@ -720,18 +719,15 @@ static bool buffer_migrate_lock_buffers( /* async case, we cannot block on lock_buffer so use trylock_buffer */ do { - get_bh(bh); if (!trylock_buffer(bh)) { /* * We failed to lock the buffer and cannot stall in * async migration. Release the taken locks */ struct buffer_head *failed_bh = bh; - put_bh(failed_bh); bh = head; while (bh != failed_bh) { unlock_buffer(bh); - put_bh(bh); bh = bh->b_this_page; } return false; @@ -818,7 +814,6 @@ unlock_buffers: bh = head; do { unlock_buffer(bh); - put_bh(bh); bh = bh->b_this_page; } while (bh != head); _

6 years, 7 months

1
0
0 0

[patch 06/24] kernel/exit.c: release ptraced tasks before zap_pid_ns_processes

by akpm＠linux-foundation.org

From: Andrei Vagin <avagin(a)gmail.com> Subject: kernel/exit.c: release ptraced tasks before zap_pid_ns_processes Currently, exit_ptrace() adds all ptraced tasks in a dead list, then zap_pid_ns_processes() waits on all tasks in a current pidns, and only then are tasks from the dead list released. zap_pid_ns_processes() can get stuck on waiting tasks from the dead list. In this case, we will have one unkillable process with one or more dead children. Thanks to Oleg for the advice to release tasks in find_child_reaper(). Link: http://lkml.kernel.org/r/20190110175200.12442-1-avagin@gmail.com Fixes: 7c8bd2322c7f ("exit: ptrace: shift "reap dead" code from exit_ptrace() to forget_original_parent()") Signed-off-by: Andrei Vagin <avagin(a)gmail.com> Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Cc: "Eric W. Biederman" <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/exit.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) --- a/kernel/exit.c~kernel-release-ptraced-tasks-before-zap_pid_ns_processes +++ a/kernel/exit.c @@ -558,12 +558,14 @@ static struct task_struct *find_alive_th return NULL; } -static struct task_struct *find_child_reaper(struct task_struct *father) +static struct task_struct *find_child_reaper(struct task_struct *father, + struct list_head *dead) __releases(&tasklist_lock) __acquires(&tasklist_lock) { struct pid_namespace *pid_ns = task_active_pid_ns(father); struct task_struct *reaper = pid_ns->child_reaper; + struct task_struct *p, *n; if (likely(reaper != father)) return reaper; @@ -579,6 +581,12 @@ static struct task_struct *find_child_re panic("Attempted to kill init! exitcode=0x%08x\n", father->signal->group_exit_code ?: father->exit_code); } + + list_for_each_entry_safe(p, n, dead, ptrace_entry) { + list_del_init(&p->ptrace_entry); + release_task(p); + } + zap_pid_ns_processes(pid_ns); write_lock_irq(&tasklist_lock); @@ -668,7 +676,7 @@ static void forget_original_parent(struc exit_ptrace(father, dead); /* Can drop and reacquire tasklist_lock */ - reaper = find_child_reaper(father); + reaper = find_child_reaper(father, dead); if (list_empty(&father->children)) return; _

6 years, 7 months

1
0
0 0

[patch 04/24] mm/hugetlb.c: teach follow_hugetlb_page() to handle FOLL_NOWAIT

by akpm＠linux-foundation.org

From: Andrea Arcangeli <aarcange(a)redhat.com> Subject: mm/hugetlb.c: teach follow_hugetlb_page() to handle FOLL_NOWAIT hugetlb needs the same fix as faultin_nopage (which was applied in 96312e61282ae ("mm/gup.c: teach get_user_pages_unlocked to handle FOLL_NOWAIT")) or KVM hangs because it thinks the mmap_sem was already released by hugetlb_fault() if it returned VM_FAULT_RETRY, but it wasn't in the FOLL_NOWAIT case. Link: http://lkml.kernel.org/r/20190109020203.26669-2-aarcange@redhat.com Fixes: ce53053ce378 ("kvm: switch get_user_page_nowait() to get_user_pages_unlocked()") Signed-off-by: Andrea Arcangeli <aarcange(a)redhat.com> Tested-by: "Dr. David Alan Gilbert" <dgilbert(a)redhat.com> Reported-by: "Dr. David Alan Gilbert" <dgilbert(a)redhat.com> Reviewed-by: Mike Kravetz <mike.kravetz(a)oracle.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Cc: Mike Rapoport <rppt(a)linux.vnet.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/mm/hugetlb.c~mm-hugetlbc-teach-follow_hugetlb_page-to-handle-foll_nowait +++ a/mm/hugetlb.c @@ -4268,7 +4268,8 @@ long follow_hugetlb_page(struct mm_struc break; } if (ret & VM_FAULT_RETRY) { - if (nonblocking) + if (nonblocking && + !(fault_flags & FAULT_FLAG_RETRY_NOWAIT)) *nonblocking = 0; *nr_pages = 0; /* _

6 years, 7 months

1
0
0 0

[PATCH 4.19 000/103] 4.19.19-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.19 release. There are 103 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Jan 31 11:31:30 UTC 2019. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.19-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.19-rc1 Christoph Hellwig <hch(a)lst.de> ide: fix a typo in the settings proc file name Jack Pham <jackp(a)codeaurora.org> usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup Michal Hocko <mhocko(a)suse.com> Revert "mm, memory_hotplug: initialize struct pages for the full memory section" Raju Rangoju <rajur(a)chelsio.com> nvmet-rdma: fix null dereference under heavy load Israel Rukshin <israelr(a)mellanox.com> nvmet-rdma: Add unlikely for response allocated check David Hildenbrand <david(a)redhat.com> s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix inner map masking to prevent oob under speculation Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix sanitation of alu op with pointer / scalar type from different paths Daniel Borkmann <daniel(a)iogearbox.net> bpf: prevent out of bounds speculation on pointer arithmetic Daniel Borkmann <daniel(a)iogearbox.net> bpf: fix check_map_access smin_value test when pointer contains offset Daniel Borkmann <daniel(a)iogearbox.net> bpf: restrict unknown scalars of mixed signed bounds for unprivileged Daniel Borkmann <daniel(a)iogearbox.net> bpf: restrict stack pointer arithmetic for unprivileged Daniel Borkmann <daniel(a)iogearbox.net> bpf: restrict map value pointer arithmetic for unprivileged Daniel Borkmann <daniel(a)iogearbox.net> bpf: enable access to ax register also from verifier rewrite Daniel Borkmann <daniel(a)iogearbox.net> bpf: move tmp variable into ax register in interpreter Daniel Borkmann <daniel(a)iogearbox.net> bpf: move {prev_,}insn_idx into verifier env Alexei Starovoitov <ast(a)kernel.org> bpf: add per-insn complexity limit Alexei Starovoitov <ast(a)kernel.org> bpf: improve verifier branch analysis Neil Armstrong <narmstrong(a)baylibre.com> drm/meson: Fix atomic mode switching regression Nicolas Pitre <nicolas.pitre(a)linaro.org> vt: invoke notifier on screen size change Nicolas Pitre <nicolas.pitre(a)linaro.org> vt: always call notifier with the console lock held Nicolas Pitre <nicolas.pitre(a)linaro.org> vt: make vt_console_print() compatible with the unicode screen buffer Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> can: flexcan: fix NULL pointer exception during bringup Oliver Hartkopp <socketcan(a)hartkopp.net> can: bcm: check timer values before ktime conversion Manfred Schlaegl <manfred.schlaegl(a)ginzinger.com> can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it Marc Zyngier <marc.zyngier(a)arm.com> irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size Thomas Gleixner <tglx(a)linutronix.de> net: sun: cassini: Cleanup license conflict Thomas Gleixner <tglx(a)linutronix.de> posix-cpu-timers: Unbreak timer rearming Jan Beulich <JBeulich(a)suse.com> x86/entry/64/compat: Fix stack switching for XEN PV Daniel Drake <drake(a)endlessm.com> x86/kaslr: Fix incorrect i8254 outb() parameters Dave Hansen <dave.hansen(a)linux.intel.com> x86/selftests/pkeys: Fork() to check for state being preserved Dave Hansen <dave.hansen(a)linux.intel.com> x86/pkeys: Properly copy pkey state at fork() KarimAllah Ahmed <karahmed(a)amazon.de> KVM/nVMX: Do not validate that posted_intr_desc_addr is page aligned Tom Roeder <tmroeder(a)google.com> kvm: x86/vmx: Use kzalloc for cached_vmcs12 Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: WARN_ONCE if sending a PV IPI returns a fatal error Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: Fix PV IPIs for 32-bit KVM host Alexander Popov <alex.popov(a)linux.com> KVM: x86: Fix single-step debugging Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: Add APTX quirk for Lenovo laptop Milan Broz <gmazyland(a)gmail.com> dm crypt: fix parsing of extended IV arguments Joe Thornber <ejt(a)redhat.com> dm thin: fix passdown_double_checking_shared_status() Marc Gonzalez <marc.w.gonzalez(a)free.fr> scsi: ufs: Use explicit access size in ufshcd_dump_regs Dan Williams <dan.j.williams(a)intel.com> acpi/nfit: Fix command-supported detection Dan Williams <dan.j.williams(a)intel.com> acpi/nfit: Block function zero DSMs Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - fix undefined behavior in uinput_validate_absinfo() Deepa Dinamani <deepa.kernel(a)gmail.com> Input: input_event - provide override for sparc64 Tom Panfil <tom(a)steelseries.com> Input: xpad - add support for SteelSeries Stratus Duo Ronnie Sahlberg <lsahlber(a)redhat.com> smb3: add credits we receive from oplock/break PDUs Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Do not reconnect TCP session in add_credits() Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Fix credit calculation for encrypted reads with errors Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Fix credits calculations for reads with errors Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Fix possible hang during async MTU reads and writes Nicolas Pitre <nicolas.pitre(a)linaro.org> vgacon: unconfuse vc_origin when using soft scrollback Dexuan Cui <decui(a)microsoft.com> Drivers: hv: vmbus: Check for ring when getting debug info Vitaly Kuznetsov <vkuznets(a)redhat.com> hv_balloon: avoid touching uninitialized struct page during tail onlining Paul Fulghum <paulkf(a)microgate.com> tty/n_hdlc: fix __might_sleep warning Samir Virmani <samir(a)embedur.com> uart: Fix crash in uart_write and uart_put_char Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> tty: Handle problem if line discipline does not have receive_buf Michael Straube <straube.linux(a)gmail.com> staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 Remi Pommarel <repk(a)triplefau.lt> mmc: meson-gx: Free irq in release() callback Liming Sun <lsun(a)mellanox.com> mmc: dw_mmc-bluefield: : Fix the license information Gustavo A. R. Silva <gustavo(a)embeddedor.com> char/mwave: fix potential Spectre v1 vulnerability Gustavo A. R. Silva <gustavo(a)embeddedor.com> misc: ibmvsm: Fix potential NULL pointer dereference Gerald Schaefer <gerald.schaefer(a)de.ibm.com> s390/smp: fix CPU hotplug deadlock with CPU rescan Christian Borntraeger <borntraeger(a)de.ibm.com> s390/early: improve machine detection Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/mm: always force a load of the primary ASCE on context switch Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> ARC: perf: map generic branches to correct hardware condition Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> ARC: adjust memblock_reserve of kernel memory Eugeniy Paltsev <Eugeniy.Paltsev(a)synopsys.com> ARCv2: lib: memeset: fix doing prefetchw outside of buffer Anthony Wong <anthony.wong(a)canonical.com> ALSA: hda - Add mute LED support for HP ProBook 470 G5 Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix typo for ALC225 model Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> inotify: Fix fd refcount leak in inotify_add_watch(). Dinh Nguyen <dinguyen(a)kernel.org> clk: socfpga: stratix10: fix naming convention for the fixed-clocks Dinh Nguyen <dinguyen(a)kernel.org> clk: socfpga: stratix10: fix rate calculation for pll clocks b-ak <anur.bhargav(a)gmail.com> ASoC: tlv320aic32x4: Kernel OOPS while entering DAPM standby mode Gustavo A. R. Silva <gustavo(a)embeddedor.com> ASoC: rt5514-spi: Fix potential NULL pointer dereference Kangjie Lu <kjlu(a)umn.edu> ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages Yan, Zheng <zyan(a)redhat.com> ceph: clear inode pointer when snap realm gets dropped by its inode Charles Yeh <charlesyeh522(a)gmail.com> USB: serial: pl2303: add new PID to support PL2303TB Max Schulze <max.schulze(a)posteo.de> USB: serial: simple: add Motorola Tetra TPG2200 device id Christian Lamparter <chunkeey(a)gmail.com> USB: leds: fix regression in usbport led trigger Tomas Winkler <tomas.winkler(a)intel.com> mei: me: add denverton innovation engine device IDs Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: mark LBG devices as having dma support Willem de Bruijn <willemb(a)google.com> tcp: allow MSG_ZEROCOPY transmission also in CLOSE_WAIT state Hangbin Liu <liuhangbin(a)gmail.com> ip6_gre: update version related info when changing link Andrew Lunn <andrew(a)lunn.ch> net: phy: marvell: Fix deadlock from wrong locking Xin Long <lucien.xin(a)gmail.com> erspan: build the header with the right proto according to erspan_ver Olivier Matz <olivier.matz(a)6wind.com> ip6_gre: fix tunnel list corruption for x-netns Willem de Bruijn <willemb(a)google.com> udp: with udp_segment release on error path Ivan Vecera <ivecera(a)redhat.com> net/sched: cls_flower: allocate mask dynamically in fl_change() Ido Schimmel <idosch(a)mellanox.com> mlxsw: pci: Ring CQ's doorbell before RDQ's Nir Dotan <nird(a)mellanox.com> mlxsw: spectrum_fid: Update dummy FID index Ido Schimmel <idosch(a)mellanox.com> net: ipv4: Fix memory leak in network namespace dismantle Nir Dotan <nird(a)mellanox.com> mlxsw: pci: Increase PCI SW reset timeout Jason Wang <jasowang(a)redhat.com> vhost: log dirty page correctly Ross Lagerwall <ross.lagerwall(a)citrix.com> openvswitch: Avoid OOB read when parsing flow nlattrs Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: refetch skb protocol for each filter Davide Caratti <dcaratti(a)redhat.com> net/sched: act_tunnel_key: fix memory leak in case of action replace Camelia Groza <camelia.groza(a)nxp.com> net: phy: phy driver features are mandatory Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling Andrew Lunn <andrew(a)lunn.ch> net: phy: marvell: Errata for mv88e6390 internal PHYs Ross Lagerwall <ross.lagerwall(a)citrix.com> net: Fix usage of pskb_trim_rcsum Yunjian Wang <wangyunjian(a)huawei.com> net: bridge: Fix ethernet header pointer before check skb forwardable Lendacky, Thomas <Thomas.Lendacky(a)amd.com> amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/perf_event.h | 3 +- arch/arc/lib/memset-archs.S | 40 +- arch/arc/mm/init.c | 3 +- arch/s390/include/asm/mmu_context.h | 5 +- arch/s390/kernel/early.c | 4 +- arch/s390/kernel/setup.c | 2 + arch/s390/kernel/smp.c | 12 +- arch/x86/entry/entry_64_compat.S | 6 +- arch/x86/include/asm/mmu_context.h | 18 + arch/x86/kernel/kvm.c | 7 +- arch/x86/kvm/vmx.c | 14 +- arch/x86/kvm/x86.c | 5 +- arch/x86/lib/kaslr.c | 4 +- drivers/acpi/nfit/core.c | 61 ++- drivers/char/mwave/mwavedd.c | 7 + drivers/clk/socfpga/clk-pll-s10.c | 2 +- drivers/clk/socfpga/clk-s10.c | 20 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c | 1 + drivers/gpu/drm/meson/meson_crtc.c | 23 +- drivers/gpu/drm/meson/meson_drv.c | 5 + drivers/hv/hv_balloon.c | 10 +- drivers/hv/ring_buffer.c | 31 +- drivers/hv/vmbus_drv.c | 91 ++-- drivers/ide/ide-proc.c | 2 +- drivers/input/joystick/xpad.c | 3 + drivers/input/misc/uinput.c | 5 +- drivers/irqchip/irq-gic-v3-its.c | 25 +- drivers/md/dm-crypt.c | 25 +- drivers/md/dm-thin-metadata.c | 4 +- drivers/md/dm-thin-metadata.h | 2 +- drivers/md/dm-thin.c | 10 +- drivers/misc/ibmvmc.c | 7 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 4 +- drivers/mmc/host/dw_mmc-bluefield.c | 5 - drivers/mmc/host/meson-gx-mmc.c | 18 +- drivers/net/can/dev.c | 27 +- drivers/net/can/flexcan.c | 2 +- drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 - drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 22 +- drivers/net/ethernet/mellanox/mlxsw/pci.c | 12 +- drivers/net/ethernet/mellanox/mlxsw/pci_hw.h | 3 +- drivers/net/ethernet/mellanox/mlxsw/spectrum_fid.c | 4 +- drivers/net/ethernet/sun/cassini.c | 15 +- drivers/net/ethernet/sun/cassini.h | 15 +- drivers/net/phy/marvell.c | 37 +- drivers/net/phy/mdio_bus.c | 1 + drivers/net/phy/phy_device.c | 5 + drivers/net/ppp/pppoe.c | 1 + drivers/nvme/target/rdma.c | 17 +- drivers/s390/char/sclp_config.c | 2 + drivers/scsi/ufs/ufshcd.c | 10 +- drivers/staging/rtl8188eu/os_dep/usb_intf.c | 1 + drivers/tty/n_hdlc.c | 1 + drivers/tty/serial/serial_core.c | 12 +- drivers/tty/tty_io.c | 3 +- drivers/tty/vt/vt.c | 50 +-- drivers/usb/core/ledtrig-usbport.c | 17 +- drivers/usb/dwc3/gadget.c | 2 + drivers/usb/serial/pl2303.c | 1 + drivers/usb/serial/pl2303.h | 2 + drivers/usb/serial/usb-serial-simple.c | 3 +- drivers/vhost/net.c | 3 +- drivers/vhost/vhost.c | 97 ++++- drivers/vhost/vhost.h | 3 +- drivers/video/console/vgacon.c | 7 +- fs/ceph/caps.c | 2 + fs/cifs/cifssmb.c | 35 +- fs/cifs/connect.c | 21 + fs/cifs/smb2misc.c | 7 + fs/cifs/smb2ops.c | 62 ++- fs/notify/inotify/inotify_user.c | 6 +- include/linux/bpf_verifier.h | 13 + include/linux/filter.h | 10 +- include/linux/hyperv.h | 5 +- include/linux/phy.h | 4 +- include/linux/skbuff.h | 1 + include/net/ip_fib.h | 2 +- include/uapi/linux/input.h | 6 +- kernel/bpf/core.c | 54 ++- kernel/bpf/map_in_map.c | 17 +- kernel/bpf/verifier.c | 470 +++++++++++++++++---- kernel/time/posix-cpu-timers.c | 1 + mm/page_alloc.c | 12 - net/bridge/br_forward.c | 9 +- net/bridge/br_netfilter_ipv6.c | 1 + net/bridge/netfilter/nft_reject_bridge.c | 1 + net/can/bcm.c | 27 ++ net/ipv4/fib_frontend.c | 4 +- net/ipv4/fib_trie.c | 15 +- net/ipv4/ip_gre.c | 23 +- net/ipv4/ip_input.c | 1 + net/ipv4/tcp.c | 2 +- net/ipv4/udp.c | 16 +- net/ipv6/ip6_gre.c | 14 +- net/ipv6/udp.c | 16 +- net/openvswitch/flow_netlink.c | 2 +- net/sched/act_tunnel_key.c | 19 +- net/sched/cls_api.c | 3 +- net/sched/cls_flower.c | 19 +- sound/pci/hda/patch_conexant.c | 1 + sound/pci/hda/patch_realtek.c | 2 +- sound/soc/codecs/rt5514-spi.c | 2 + sound/soc/codecs/tlv320aic32x4.c | 4 + sound/soc/intel/atom/sst-mfld-platform-pcm.c | 8 +- tools/testing/selftests/x86/protection_keys.c | 41 +- 107 files changed, 1307 insertions(+), 518 deletions(-)

6 years, 7 months

9
120
0 0

[PATCH] arm64: dts: hikey: Revert "Enable HS200 mode on eMMC"

by John Stultz

From: Alistair Strachan <astrachan(a)google.com> This reverts commit abd7d0972a192ee653efc7b151a6af69db58f2bb. This change was already partially reverted by John Stultz in commit 9c6d26df1fae ("arm64: dts: hikey: Fix eMMC corruption regression"). This change appears to cause controller resets and block read failures which prevents successful booting on some hikey boards. Cc: Ryan Grachek <ryan(a)edited.us> Cc: Wei Xu <xuwei5(a)hisilicon.com> Cc: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: Rob Herring <robh+dt(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: linux-arm-kernel(a)lists.infradead.org Cc: devicetree(a)vger.kernel.org Cc: stable <stable(a)vger.kernel.org> #4.17+ Signed-off-by: Alistair Strachan <astrachan(a)google.com> Signed-off-by: John Stultz <john.stultz(a)linaro.org> --- arch/arm64/boot/dts/hisilicon/hi6220-hikey.dts | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/arm64/boot/dts/hisilicon/hi6220-hikey.dts b/arch/arm64/boot/dts/hisilicon/hi6220-hikey.dts index 6102350..7092460 100644 --- a/arch/arm64/boot/dts/hisilicon/hi6220-hikey.dts +++ b/arch/arm64/boot/dts/hisilicon/hi6220-hikey.dts @@ -300,7 +300,6 @@ dwmmc_0: dwmmc0@f723d000 { cap-mmc-highspeed; - mmc-hs200-1_8v; non-removable; bus-width = <0x8>; vmmc-supply = <&ldo19>; -- 2.7.4

6 years, 7 months

3
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror