- Linux-stable-mirror - lists.linaro.org

request for 4.14-stable: cd8ddbf7a5e2 ("lightnvm: pblk: free padded entries in write buffer")

by Sudip Mukherjee

Hi Greg, This was not marked for stable but seems it should be. Please apply to your queue. -- Regards Sudip

7 years, 3 months

1
0
0 0

request for 4.14-stable: 295d6d5e3736 ("sched/deadline: Fix switching to -deadline")

by Sudip Mukherjee

Hi Greg, This was not marked for stable but seems it should be. Please apply to your queue. -- Regards Sudip

7 years, 3 months

1
0
0 0

Re: Patch "usb: gadget: u_audio: protect stream runtime fields with stream spinlock" has been added to the 4.14-stable tree

by Vladimir Zapolskiy

Hi Greg, On 08/26/2018 10:14 AM, gregkh(a)linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > usb: gadget: u_audio: protect stream runtime fields with stream spinlock > > to the 4.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > usb-gadget-u_audio-protect-stream-runtime-fields-with-stream-spinlock.patch > and it can be found in the queue-4.14 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > From foo@baz Sun Aug 26 09:13:00 CEST 2018 > From: Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> > Date: Thu, 21 Jun 2018 17:22:52 +0200 > Subject: usb: gadget: u_audio: protect stream runtime fields with stream spinlock > > From: Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> > > [ Upstream commit 56bc61587daadef67712068f251c4ef2e3932d94 ] > > The change protects almost the whole body of u_audio_iso_complete() > function by PCM stream lock, this is mainly sufficient to avoid a race > between USB request completion and stream termination, the change > prevents a possibility of invalid memory access in interrupt context > by memcpy(): > > Unable to handle kernel paging request at virtual address 00004e80 > pgd = c0004000 > [00004e80] *pgd=00000000 > Internal error: Oops: 817 [#1] PREEMPT SMP ARM > CPU: 0 PID: 3 Comm: ksoftirqd/0 Tainted: G C 3.14.54+ #117 > task: da180b80 ti: da192000 task.ti: da192000 > PC is at memcpy+0x50/0x330 > LR is at 0xcdd92b0e > pc : [<c029ef30>] lr : [<cdd92b0e>] psr: 20000193 > sp : da193ce4 ip : dd86ae26 fp : 0000b180 > r10: daf81680 r9 : 00000000 r8 : d58a01ea > r7 : 2c0b43e4 r6 : acdfb08b r5 : 01a271cf r4 : 87389377 > r3 : 69469782 r2 : 00000020 r1 : daf82fe0 r0 : 00004e80 > Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment kernel > Control: 10c5387d Table: 2b70804a DAC: 00000015 > Process ksoftirqd/0 (pid: 3, stack limit = 0xda192238) > > Also added a check for potential !runtime condition, commonly it is > done by PCM_RUNTIME_CHECK(substream) in the beginning, however this > does not completely prevent from oopses in u_audio_iso_complete(), > because the proper protection scheme must be implemented in PCM > library functions. > > An example of *not fixed* oops due to substream->runtime->* > dereference by snd_pcm_running(substream) from > snd_pcm_period_elapsed(), where substream->runtime is gone while > waiting the substream lock: > > Unable to handle kernel paging request at virtual address 6b6b6b6b > pgd = db7e4000 > [6b6b6b6b] *pgd=00000000 > CPU: 0 PID: 193 Comm: klogd Tainted: G C 3.14.54+ #118 > task: db5ac500 ti: db60c000 task.ti: db60c000 > PC is at snd_pcm_period_elapsed+0x48/0xd8 [snd_pcm] > LR is at snd_pcm_period_elapsed+0x40/0xd8 [snd_pcm] > pc : [<>] lr : [<>] psr: 60000193 > Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user > Control: 10c5387d Table: 2b7e404a DAC: 00000015 > Process klogd (pid: 193, stack limit = 0xdb60c238) > [<>] (snd_pcm_period_elapsed [snd_pcm]) from [<>] (udc_irq+0x500/0xbbc) > [<>] (udc_irq) from [<>] (ci_irq+0x280/0x304) > [<>] (ci_irq) from [<>] (handle_irq_event_percpu+0xa4/0x40c) > [<>] (handle_irq_event_percpu) from [<>] (handle_irq_event+0x3c/0x5c) > [<>] (handle_irq_event) from [<>] (handle_fasteoi_irq+0xc4/0x110) > [<>] (handle_fasteoi_irq) from [<>] (generic_handle_irq+0x20/0x30) > [<>] (generic_handle_irq) from [<>] (handle_IRQ+0x80/0xc0) > [<>] (handle_IRQ) from [<>] (gic_handle_irq+0x3c/0x60) > [<>] (gic_handle_irq) from [<>] (__irq_svc+0x44/0x78) > > Signed-off-by: Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> > [erosca: W/o this patch, with minimal instrumentation [1], I can > consistently reproduce BUG: KASAN: use-after-free [2]] > > [1] Instrumentation to reproduce issue [2]: > diff --git a/drivers/usb/gadget/function/u_audio.c b/drivers/usb/gadget/function/u_audio.c > index a72295c953bb..bd0b308024fe 100644 > --- a/drivers/usb/gadget/function/u_audio.c > +++ b/drivers/usb/gadget/function/u_audio.c > @@ -16,6 +16,7 @@ > #include <sound/core.h> > #include <sound/pcm.h> > #include <sound/pcm_params.h> > +#include <linux/delay.h> > > #include "u_audio.h" > > @@ -147,6 +148,8 @@ static void u_audio_iso_complete(struct usb_ep *ep, struct usb_request *req) > > spin_unlock_irqrestore(&prm->lock, flags); > > + udelay(500); //delay here to increase probability of parallel activities > + > /* Pack USB load in ALSA ring buffer */ > pending = prm->dma_bytes - hw_ptr; > > [2] After applying [1], below BUG occurs on Rcar-H3-Salvator-X board: > ================================================================== > BUG: KASAN: use-after-free in u_audio_iso_complete+0x24c/0x520 [u_audio] > Read of size 8 at addr ffff8006cafcc248 by task swapper/0/0 > > CPU: 0 PID: 0 Comm: swapper/0 Tainted: G WC 4.14.47+ #160 > Hardware name: Renesas Salvator-X board based on r8a7795 ES2.0+ (DT) > Call trace: > [<ffff2000080925ac>] dump_backtrace+0x0/0x364 > [<ffff200008092924>] show_stack+0x14/0x1c > [<ffff200008f8dbcc>] dump_stack+0x108/0x174 > [<ffff2000083c71b8>] print_address_description+0x7c/0x32c > [<ffff2000083c78e8>] kasan_report+0x324/0x354 > [<ffff2000083c6114>] __asan_load8+0x24/0x94 > [<ffff2000021d1b34>] u_audio_iso_complete+0x24c/0x520 [u_audio] > [<ffff20000152fe50>] usb_gadget_giveback_request+0x480/0x4d0 [udc_core] > [<ffff200001860ab8>] usbhsg_queue_done+0x100/0x130 [renesas_usbhs] > [<ffff20000185f814>] usbhsf_pkt_handler+0x1a4/0x298 [renesas_usbhs] > [<ffff20000185fb38>] usbhsf_irq_ready+0x128/0x178 [renesas_usbhs] > [<ffff200001859cc8>] usbhs_interrupt+0x440/0x490 [renesas_usbhs] > [<ffff2000081a0288>] __handle_irq_event_percpu+0x594/0xa58 > [<ffff2000081a07d0>] handle_irq_event_percpu+0x84/0x12c > [<ffff2000081a0928>] handle_irq_event+0xb0/0x10c > [<ffff2000081a8384>] handle_fasteoi_irq+0x1e0/0x2ec > [<ffff20000819e5f8>] generic_handle_irq+0x2c/0x44 > [<ffff20000819f0d0>] __handle_domain_irq+0x190/0x194 > [<ffff20000808177c>] gic_handle_irq+0x80/0xac > Exception stack(0xffff200009e97c80 to 0xffff200009e97dc0) > 7c80: 0000000000000000 0000000000000000 0000000000000003 ffff200008179298 > 7ca0: ffff20000ae1c180 dfff200000000000 0000000000000000 ffff2000081f9a88 > 7cc0: ffff200009eb5960 ffff200009e97cf0 0000000000001600 ffff0400041b064b > 7ce0: 0000000000000000 0000000000000002 0000000200000001 0000000000000001 > 7d00: ffff20000842197c 0000ffff958c4970 0000000000000000 ffff8006da0d5b80 > 7d20: ffff8006d4678498 0000000000000000 000000126bde0a8b ffff8006d4678480 > 7d40: 0000000000000000 000000126bdbea64 ffff200008fd0000 ffff8006fffff980 > 7d60: 00000000495f0018 ffff200009e97dc0 ffff200008b6c4ec ffff200009e97dc0 > 7d80: ffff200008b6c4f0 0000000020000145 ffff8006da0d5b80 ffff8006d4678498 > 7da0: ffffffffffffffff ffff8006d4678498 ffff200009e97dc0 ffff200008b6c4f0 > [<ffff200008084034>] el1_irq+0xb4/0x12c > [<ffff200008b6c4f0>] cpuidle_enter_state+0x818/0x844 > [<ffff200008b6c59c>] cpuidle_enter+0x18/0x20 > [<ffff20000815f2e4>] call_cpuidle+0x98/0x9c > [<ffff20000815f674>] do_idle+0x214/0x264 > [<ffff20000815facc>] cpu_startup_entry+0x20/0x24 > [<ffff200008fb09d8>] rest_init+0x30c/0x320 > [<ffff2000095f1338>] start_kernel+0x570/0x5b0 > ---<-snip->--- > > Fixes: 132fcb460839 ("usb: gadget: Add Audio Class 2.0 Driver") > Signed-off-by: Eugeniu Rosca <erosca(a)de.adit-jv.com> > > Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> > > Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > drivers/usb/gadget/function/u_audio.c | 13 ++++++++++++- > 1 file changed, 12 insertions(+), 1 deletion(-) > > --- a/drivers/usb/gadget/function/u_audio.c > +++ b/drivers/usb/gadget/function/u_audio.c > @@ -25,6 +25,7 @@ > #include <sound/core.h> > #include <sound/pcm.h> > #include <sound/pcm_params.h> > +#include <linux/delay.h> > See a comment below... > #include "u_audio.h" > > @@ -88,7 +89,7 @@ static const struct snd_pcm_hardware uac > static void u_audio_iso_complete(struct usb_ep *ep, struct usb_request *req) > { > unsigned pending; > - unsigned long flags; > + unsigned long flags, flags2; > unsigned int hw_ptr; > int status = req->status; > struct uac_req *ur = req->context; > @@ -115,7 +116,14 @@ static void u_audio_iso_complete(struct > if (!substream) > goto exit; > > + snd_pcm_stream_lock_irqsave(substream, flags2); > + > runtime = substream->runtime; > + if (!runtime || !snd_pcm_running(substream)) { > + snd_pcm_stream_unlock_irqrestore(substream, flags2); > + goto exit; > + } > + > spin_lock_irqsave(&prm->lock, flags); > > if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) { > @@ -146,6 +154,8 @@ static void u_audio_iso_complete(struct > > spin_unlock_irqrestore(&prm->lock, flags); > > + udelay(500); //delay here to increase probability of parallel activities > + ^^^^^ That part of the change came from the commit message, it just describes instrumentation, and adding it to the change itself is wrong. Note that the source commit 56bc61587daad does not have such issue. -- Best wishes, Vladimir

7 years, 3 months

2
1
0 0

request for 4.4-stable: 56656e960b555 ("ovl: rename is_merge to is_lowest")

by SZ Lin (林上智)

Hi Greg, This patch is not marked for 4.4-stable, but it's already in 4.9 and 4.14 stable. This is a trivial rename patch, but the naming would be more logical and makes backports easier. Please consider to apply this patch to 4.4-stable. -- SZ Lin (林上智)

7 years, 3 months

3
3
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit ea101a702611f987c937a5fafe00f714fd9c1fe8: Linux 4.9.122 (2018-08-18 10:47:20 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-14082018 for you to fetch changes up to 9e73bb5b6b5317c1a0b3d722e36d306a5f7b5d1e: mm/memory.c: check return value of ioremap_prot (2018-08-18 10:17:02 -0400) - ---------------------------------------------------------------- for-greg-4.9-14082018 - ---------------------------------------------------------------- Aleksander Morgado (1): qmi_wwan: fix interface number for DW5821e production firmware Alexander Sverdlin (1): i2c: davinci: Avoid zero value of CLKH Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Bernd Edlinger (1): nl80211: Add a missing break in parse_station_flags Calvin Walton (1): tools/power turbostat: Read extended processor family from CPUID Colin Ian King (1): drivers: net: lmc: fix case value for target abort error Cong Wang (1): vsock: split dwork to avoid reinitializations Daniel Borkmann (1): bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd Eric Dumazet (1): xfrm_user: prevent leaking 2 bytes of kernel memory Eugeniu Rosca (1): usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' Eyal Birger (1): vti6: fix PMTU caching and reporting on xmit Florian Westphal (3): xfrm: free skb if nlsk pointer is NULL netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state atl1c: reserve min skb headroom Govindarajulu Varadarajan (1): enic: handle mtu change for vf properly Guenter Roeck (1): media: staging: omap4iss: Include asm/cacheflush.h after generic includes Jia-Ju Bai (2): usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() Jim Gill (1): scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED Johannes Thumshirn (2): scsi: fcoe: drop frames in ELS LOGO error path scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO Kees Cook (1): x86/boot: Fix if_changed build flip/flop bug Kiran Kumar Modukuri (3): fscache: Allow cancelled operations to be enqueued cachefiles: Fix refcounting bug in backing-file read monitoring cachefiles: Wait rather than BUG'ing on "Unexpected object collision" Kirill Tkhai (1): memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure Len Brown (1): tools/power turbostat: fix -S on UP systems Li Wang (1): zswap: re-check zswap_is_full() after do zswap_shrink() Linus Torvalds (1): squashfs metadata 2: electric boogaloo Lucas Stach (2): drm/imx: imx-ldb: disable LDB on driver bind drm/imx: imx-ldb: check if channel is enabled before printing warning Masami Hiramatsu (1): selftests/ftrace: Add snapshot and tracing_on test case Nicholas Mc Guire (2): drm: re-enable error handling can: mpc5xxx_can: check of_iomap return before use Peter Senna Tschudin (1): tools: usb: ffs-test: Fix build on big endian systems Phillip Lougher (1): Squashfs: Compute expected length from inode size rather than block length RafaÅ‚ MiÅ‚ecki (1): Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" Randy Dunlap (5): usb/phy: fix PPC64 build errors in phy-fsl-usb.c net: prevent ISA drivers from building on PPC32 arc: [plat-eznps] fix data type errors in platform headers arc: fix build errors in arc/include/asm/delay.h arc: fix type warnings in arc/mm/cache.c Sean Paul (1): drm/bridge: adv7511: Reset registers on hotplug Shubhrajyoti Datta (1): net: axienet: Fix double deregister of mdio Sudarsana Reddy Kalluru (3): qed: Fix possible race for the link state value. qed: Correct Multicast API to reflect existence of 256 approximate buckets. bnx2x: Fix invalid memory access in rss hash config path. Thomas Gleixner (1): perf/x86/amd/ibs: Don't access non-started event Tommi Rantala (1): xfrm: fix missing dst_release() after policy blocking lbcast and multicast Varun Prakash (1): scsi: libiscsi: fix possible NULL pointer dereference in case of TMF Willem de Bruijn (1): packet: refine ring v3 block size test to hold one frame Xin Long (1): ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit YueHaibing (1): net: caif: Add a missing rcu_read_unlock() in caif_flow_cb jie@chenjie6@huwei.com (1): mm/memory.c: check return value of ioremap_prot mpubbise(a)codeaurora.org (1): mac80211: add stations tied to AP_VLANs during hw reconfig arch/arc/include/asm/delay.h | 3 + arch/arc/mm/cache.c | 7 +- arch/arc/plat-eznps/include/plat/ctop.h | 1 + arch/mips/bcm47xx/setup.c | 6 -- arch/mips/include/asm/mipsregs.h | 3 - arch/powerpc/net/bpf_jit_comp64.c | 29 ++------ arch/x86/boot/compressed/Makefile | 8 ++- arch/x86/events/amd/ibs.c | 6 +- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 12 ++++ drivers/gpu/drm/drm_context.c | 2 +- drivers/gpu/drm/imx/imx-ldb.c | 9 ++- drivers/i2c/busses/i2c-davinci.c | 8 ++- drivers/net/can/mscan/mpc5xxx_can.c | 5 ++ drivers/net/ethernet/3com/Kconfig | 2 +- drivers/net/ethernet/amd/Kconfig | 4 +- drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 1 + .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 13 +++- drivers/net/ethernet/cirrus/Kconfig | 1 + drivers/net/ethernet/cisco/enic/enic_main.c | 78 ++++++++-------------- drivers/net/ethernet/qlogic/qed/qed_l2.c | 15 ++--- drivers/net/ethernet/qlogic/qed/qed_l2.h | 2 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 1 + drivers/net/ethernet/qlogic/qed/qed_sriov.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_vf.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_vf.h | 7 +- drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 1 + drivers/net/usb/qmi_wwan.c | 2 +- drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/scsi/fcoe/fcoe_ctlr.c | 4 +- drivers/scsi/libfc/fc_rport.c | 1 + drivers/scsi/libiscsi.c | 12 ++-- drivers/scsi/vmw_pvscsi.c | 11 ++- drivers/staging/media/omap4iss/iss_video.c | 3 +- drivers/usb/gadget/function/f_uac2.c | 20 +++--- drivers/usb/gadget/udc/r8a66597-udc.c | 6 +- drivers/usb/phy/phy-fsl-usb.c | 4 +- fs/cachefiles/namei.c | 1 - fs/cachefiles/rdwr.c | 17 +++-- fs/fscache/operation.c | 6 +- fs/squashfs/file.c | 50 ++++++++------ fs/squashfs/file_cache.c | 4 +- fs/squashfs/file_direct.c | 24 +++---- fs/squashfs/squashfs.h | 3 +- include/net/af_vsock.h | 4 +- mm/memcontrol.c | 15 +++-- mm/memory.c | 3 + mm/zswap.c | 9 +++ net/caif/caif_dev.c | 4 +- net/dccp/ccids/ccid2.c | 6 +- net/ipv6/ip6_tunnel.c | 8 +-- net/ipv6/ip6_vti.c | 11 +-- net/mac80211/util.c | 3 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +-- net/packet/af_packet.c | 10 +-- net/vmw_vsock/af_vsock.c | 15 +++-- net/vmw_vsock/vmci_transport.c | 3 +- net/wireless/nl80211.c | 1 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_user.c | 18 +++-- tools/power/x86/turbostat/turbostat.c | 8 +-- .../selftests/ftrace/test.d/00basic/snapshot.tc | 28 ++++++++ tools/usb/ffs-test.c | 19 +++++- 62 files changed, 336 insertions(+), 240 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/00basic/snapshot.tc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluBcVkACgkQ3qZv95d3 LNw9LhAAhYO1gSH1TU/L3yOt3RFvsIGSWqlDjl746dUkHgxwF0pZeFufDCN4hI8C Oi8iFRum4yScnvrm9Gj6ZMR4fvHjT3i0uixvFB8tyE6MGIOYoHyFd7FDHFLsFK4D UrA43Ow+cIjp+BuWJ/6fp0c9WwdcxDQUjqZS81Tc+FgQMiGLb0JpGLVuI+ftShdz PAdJqp4yg9oNb8xByyC5QDHm6CGC26BR+MJXsY8cmJIBcGihBy4UMZXYb8dasp9w 3qL4zLLBlHWRvH+JJJE0t2i9KrRf1TgfRuuu8f9B5Ey9YyilokpBZ7c9jFRfzLn9 TS+WW6xQqwmgLVp3/F+/r9xw2rCdZStlEPjcuiIU6nrSXf3yg41q50CQd3+gkCEy 1Rb9fWVWkRX/hyUCzCp1TBK++zPjC5DmxAxobvHKWElvdsP57CEV+0hPqyb6F/ve FPiH4u0BfdkToEDvL6mIi12CGcQV5eqW0bJv6OLbetvsGR/ATBzZfIXkm6TpWYri ayOJzIsRVmt3neACIY3iZR8lSoW7Lj4kO1q+iXzUoD5NDJYh3HVDG13cmMu7NzSC 8SLAWGA1N8i8YDTTXePQPd9Y43qRaF9D3mxlN45cDrfIYdt0cFrQ8/tjXukuaGKq Pc+jr4qfByVetWSHc7s+mPEzfHzRhO4lbCa+tZWL2sF7tTYYksw= =eZ0Z -----END PGP SIGNATURE-----

7 years, 3 months

2
1
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 4cea13b66144903ae7310331b43e08f7b2d6aadb: Linux 4.14.65 (2018-08-18 10:48:00 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-14082018 for you to fetch changes up to a1145b9daa1f738d7aa941ebc14426db8ea4da5c: mm/memory.c: check return value of ioremap_prot (2018-08-18 10:16:43 -0400) - ---------------------------------------------------------------- for-greg-4.14-14082018 - ---------------------------------------------------------------- Aleksander Morgado (1): qmi_wwan: fix interface number for DW5821e production firmware Alexander Sverdlin (1): i2c: davinci: Avoid zero value of CLKH Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Benjamin Tissoires (1): gpiolib-acpi: make sure we trigger edge events at least once on boot Bernd Edlinger (1): nl80211: Add a missing break in parse_station_flags Calvin Walton (1): tools/power turbostat: Read extended processor family from CPUID Colin Ian King (1): drivers: net: lmc: fix case value for target abort error Cong Wang (2): vsock: split dwork to avoid reinitializations llc: use refcount_inc_not_zero() for llc_sap_find() Daniel Borkmann (1): bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd Davidlohr Bueso (1): ipc/sem.c: prevent queue.status tearing in semop Eric Dumazet (1): xfrm_user: prevent leaking 2 bytes of kernel memory Eugeniu Rosca (3): usb: gadget: f_uac2: fix error handling in afunc_bind (again) usb: gadget: u_audio: fix pcm/card naming in g_audio_setup() usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' Eugeniy Paltsev (1): ARC: dma [non-IOC] setup SMP_CACHE_BYTES and cache_line_size Eyal Birger (1): vti6: fix PMTU caching and reporting on xmit Faiz Abbas (1): can: m_can: Move accessing of message ram to after clocks are enabled Florian Westphal (5): xfrm: free skb if nlsk pointer is NULL netfilter: nf_tables: fix memory leaks on chain rename netfilter: nf_tables: don't allow to rename to already-pending name netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state atl1c: reserve min skb headroom Govindarajulu Varadarajan (2): enic: handle mtu change for vf properly enic: do not call enic_change_mtu in enic_probe Guenter Roeck (1): media: staging: omap4iss: Include asm/cacheflush.h after generic includes Hailong Liu (1): sched/rt: Restore rt_runtime after disabling RT_RUNTIME_SHARE Hugh Dickins (1): mm: delete historical BUG from zap_pmd_range() Jason Wang (1): vhost: reset metadata cache when initializing new IOTLB Jia-Ju Bai (2): usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() Jim Gill (1): scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED Johannes Thumshirn (3): scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send scsi: fcoe: drop frames in ELS LOGO error path scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO John Hurley (1): nfp: flower: fix port metadata conversion bug Josef Bacik (2): nbd: don't requeue the same request twice. nbd: handle unexpected replies better Joshua Frkuska (1): usb: gadget: u_audio: update hw_ptr in iso_complete after data copied Kees Cook (1): x86/boot: Fix if_changed build flip/flop bug Kiran Kumar Modukuri (3): fscache: Allow cancelled operations to be enqueued cachefiles: Fix refcounting bug in backing-file read monitoring cachefiles: Wait rather than BUG'ing on "Unexpected object collision" Kirill Tkhai (1): memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure Len Brown (1): tools/power turbostat: fix -S on UP systems Li Wang (1): zswap: re-check zswap_is_full() after do zswap_shrink() Linus Torvalds (1): squashfs metadata 2: electric boogaloo Lucas Stach (2): drm/imx: imx-ldb: disable LDB on driver bind drm/imx: imx-ldb: check if channel is enabled before printing warning Masami Hiramatsu (1): selftests/ftrace: Add snapshot and tracing_on test case Nicholas Mc Guire (2): drm: re-enable error handling can: mpc5xxx_can: check of_iomap return before use Ofer Levi (1): ARC: [plat-eznps] Add missing struct nps_host_reg_aux_dpc Peter Rosin (2): locking/rtmutex: Allow specifying a subclass for nested locking i2c/mux, locking/core: Annotate the nested rt_mutex usage Peter Senna Tschudin (1): tools: usb: ffs-test: Fix build on big endian systems Phillip Lougher (1): Squashfs: Compute expected length from inode size rather than block length RafaÅ‚ MiÅ‚ecki (1): Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" Randy Dunlap (6): usb/phy: fix PPC64 build errors in phy-fsl-usb.c net: prevent ISA drivers from building on PPC32 arc: [plat-eznps] fix data type errors in platform headers arc: [plat-eznps] fix printk warning in arc/plat-eznps/mtm.c arc: fix build errors in arc/include/asm/delay.h arc: fix type warnings in arc/mm/cache.c Sean Christopherson (1): KVM: vmx: use local variable for current_vmptr when emulating VMPTRST Sean Paul (1): drm/bridge: adv7511: Reset registers on hotplug Shubhrajyoti Datta (1): net: axienet: Fix double deregister of mdio Steven Rostedt (VMware) (1): sparc/time: Add missing __init to init_tick_ops() Sudarsana Reddy Kalluru (4): qed: Fix link flap issue due to mismatching EEE capabilities. qed: Fix possible race for the link state value. qed: Correct Multicast API to reflect existence of 256 approximate buckets. bnx2x: Fix invalid memory access in rss hash config path. Taehee Yoo (2): netfilter: nft_set_hash: add rcu_barrier() in the nft_rhash_destroy() bpf: use GFP_ATOMIC instead of GFP_KERNEL in bpf_parse_prog() Theodore Ts'o (1): ext4: clear mmp sequence number when remounting read-only Thomas Gleixner (1): perf/x86/amd/ibs: Don't access non-started event Thomas Petazzoni (1): sparc: use asm-generic version of msi.h Tommi Rantala (1): xfrm: fix missing dst_release() after policy blocking lbcast and multicast Ursula Braun (1): net/smc: no shutdown in state SMC_LISTEN Varun Prakash (2): scsi: target: iscsi: cxgbit: fix max iso npdu calculation scsi: libiscsi: fix possible NULL pointer dereference in case of TMF Vladimir Zapolskiy (3): usb: gadget: u_audio: remove caching of stream buffer parameters usb: gadget: u_audio: remove cached period bytes value usb: gadget: u_audio: protect stream runtime fields with stream spinlock Willem de Bruijn (1): packet: refine ring v3 block size test to hold one frame Xin Long (1): ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit YueHaibing (1): net: caif: Add a missing rcu_read_unlock() in caif_flow_cb Zhen Lei (1): esp6: fix memleak on error path in esp6_input dann frazier (1): hinic: Link the logical network device to the pci device in sysfs jie@chenjie6@huwei.com (1): mm/memory.c: check return value of ioremap_prot mpubbise(a)codeaurora.org (1): mac80211: add stations tied to AP_VLANs during hw reconfig arch/arc/Kconfig | 3 + arch/arc/include/asm/cache.h | 4 +- arch/arc/include/asm/delay.h | 3 + arch/arc/mm/cache.c | 7 +- arch/arc/plat-eznps/include/plat/ctop.h | 10 +++ arch/arc/plat-eznps/mtm.c | 6 +- arch/mips/bcm47xx/setup.c | 6 -- arch/mips/include/asm/mipsregs.h | 3 - arch/powerpc/net/bpf_jit_comp64.c | 29 ++----- arch/sparc/include/asm/Kbuild | 1 + arch/sparc/kernel/time_64.c | 2 +- arch/x86/boot/compressed/Makefile | 8 +- arch/x86/events/amd/ibs.c | 6 +- arch/x86/kvm/vmx.c | 15 ++-- drivers/block/nbd.c | 96 ++++++++++++++++++---- drivers/gpio/gpiolib-acpi.c | 56 ++++++++++++- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 12 +++ drivers/gpu/drm/drm_context.c | 2 +- drivers/gpu/drm/imx/imx-ldb.c | 9 +- drivers/i2c/busses/i2c-davinci.c | 8 +- drivers/i2c/i2c-core-base.c | 2 +- drivers/i2c/i2c-mux.c | 4 +- drivers/net/can/m_can/m_can.c | 7 +- drivers/net/can/mscan/mpc5xxx_can.c | 5 ++ drivers/net/ethernet/3com/Kconfig | 2 +- drivers/net/ethernet/amd/Kconfig | 4 +- drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 1 + .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 13 ++- drivers/net/ethernet/cirrus/Kconfig | 1 + drivers/net/ethernet/cisco/enic/enic_main.c | 80 +++++++----------- drivers/net/ethernet/huawei/hinic/hinic_main.c | 1 + drivers/net/ethernet/netronome/nfp/flower/main.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_l2.c | 15 ++-- drivers/net/ethernet/qlogic/qed/qed_l2.h | 2 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 13 ++- drivers/net/ethernet/qlogic/qed/qed_sriov.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_vf.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_vf.h | 7 +- drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 1 + drivers/net/usb/qmi_wwan.c | 2 +- drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/scsi/fcoe/fcoe_ctlr.c | 6 +- drivers/scsi/libfc/fc_rport.c | 1 + drivers/scsi/libiscsi.c | 12 +-- drivers/scsi/vmw_pvscsi.c | 11 ++- drivers/staging/media/omap4iss/iss_video.c | 3 +- drivers/target/iscsi/cxgbit/cxgbit_target.c | 16 ++-- drivers/usb/gadget/function/f_uac2.c | 24 +++--- drivers/usb/gadget/function/u_audio.c | 88 ++++++++------------ drivers/usb/gadget/udc/r8a66597-udc.c | 6 +- drivers/usb/phy/phy-fsl-usb.c | 4 +- drivers/vhost/vhost.c | 9 +- fs/cachefiles/namei.c | 1 - fs/cachefiles/rdwr.c | 17 ++-- fs/ext4/mmp.c | 7 +- fs/ext4/super.c | 2 + fs/fscache/operation.c | 6 +- fs/squashfs/file.c | 50 ++++++----- fs/squashfs/file_cache.c | 4 +- fs/squashfs/file_direct.c | 24 +++--- fs/squashfs/squashfs.h | 3 +- include/linux/rtmutex.h | 7 ++ include/net/af_vsock.h | 4 +- include/net/llc.h | 5 ++ ipc/sem.c | 2 +- kernel/locking/rtmutex.c | 29 ++++++- kernel/sched/rt.c | 2 + mm/memcontrol.c | 15 +++- mm/memory.c | 9 +- mm/zswap.c | 9 ++ net/caif/caif_dev.c | 4 +- net/core/lwt_bpf.c | 2 +- net/dccp/ccids/ccid2.c | 6 +- net/ipv6/esp6.c | 4 +- net/ipv6/ip6_tunnel.c | 8 +- net/ipv6/ip6_vti.c | 11 +-- net/llc/llc_core.c | 4 +- net/mac80211/util.c | 3 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/netfilter/nf_tables_api.c | 59 ++++++++----- net/netfilter/nft_set_hash.c | 1 + net/packet/af_packet.c | 10 ++- net/smc/af_smc.c | 3 +- net/vmw_vsock/af_vsock.c | 15 ++-- net/vmw_vsock/vmci_transport.c | 3 +- net/wireless/nl80211.c | 1 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_user.c | 18 ++-- tools/power/x86/turbostat/turbostat.c | 8 +- .../selftests/ftrace/test.d/00basic/snapshot.tc | 28 +++++++ tools/usb/ffs-test.c | 19 ++++- 91 files changed, 663 insertions(+), 389 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/00basic/snapshot.tc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluBcUoACgkQ3qZv95d3 LNypkQ/+JcfYVO/MhrMr3Ipp3bPWoVw+jUJykP0m2EL6SB2eol2iG6Nvkn91Z4Z+ uYIwxkipZrkDiB6ojwThu6W1LXfvHyUwXPfUEerM6RhJnvWbNEL18hGX0TiPJJ2w vvhJj59hxD0hmRcIOZsUIEe0H/aNMNMrw/Ya3v1bpXdqGbtnmu4uDuqiLhY6UmjR 9gBnL047L4n0UVdq+GgbNSDKybTuRUeMiKO55gjfl2PHTsksIbrXsXY5LMpgZ5H9 YZ+t15l3wLgIBu+qGu05u9vbHMiwgFRZGfXHTRnj413DghZJix8mK8MQWpchV684 VE/aFiXnj2CmANAGPaTaakNyyqa0UT280+OQUPCSWrvzCTMFfrxUzT/h/HkrJqf9 PgJHXSOjb3GwVj7BGMcX+SREjk23pJYSwpsEPpq9OAOIlX9+I7ovM6axVxPR0goU Dhvfjb0VbIqsib8WUvZAylkZGhd+IzIjyGEYsiyjwf4tZiWhn+/8B+WKaHlBbXuC 98Fagd/ywH9BexhbmA4w6Q0EpC8WU4vMwZHQluxQmGp33JdiBket7flAl9trr2K8 slWozy4rzUBoa1K1t+wsMNInCqjEqqF93FQdMN9U0s3IXw0IVzicRARTa70fKoog 42Uw8k9Nt0GBuiE/k9ccuIv+NaE8WT9Vm0bI670isofrwP756ks= =pi0Q -----END PGP SIGNATURE-----

7 years, 3 months

2
1
0 0

request for 4.18-stable: 2fa4a32613c9 ("scsi: libsas: dynamically allocate and free ata host")

by Jason Yan

Hi Greg, This patch fixes a bug of libsas and is not in 4.18-stable yet. Please apply to your queue. Thanks -- Jason

7 years, 3 months

2
1
0 0

[PATCH v2] crypto: vmx - Fix sleep-in-atomic bugs

by Ondrej Mosnacek

This patch fixes sleep-in-atomic bugs in AES-CBC and AES-XTS VMX implementations. The problem is that the blkcipher_* functions should not be called in atomic context. The bugs can be reproduced via the AF_ALG interface by trying to encrypt/decrypt sufficiently large buffers (at least 64 KiB) using the VMX implementations of 'cbc(aes)' or 'xts(aes)'. Such operations then trigger BUG in crypto_yield(): [ 891.863680] BUG: sleeping function called from invalid context at include/crypto/algapi.h:424 [ 891.864622] in_atomic(): 1, irqs_disabled(): 0, pid: 12347, name: kcapi-enc [ 891.864739] 1 lock held by kcapi-enc/12347: [ 891.864811] #0: 00000000f5d42c46 (sk_lock-AF_ALG){+.+.}, at: skcipher_recvmsg+0x50/0x530 [ 891.865076] CPU: 5 PID: 12347 Comm: kcapi-enc Not tainted 4.19.0-0.rc0.git3.1.fc30.ppc64le #1 [ 891.865251] Call Trace: [ 891.865340] [c0000003387578c0] [c000000000d67ea4] dump_stack+0xe8/0x164 (unreliable) [ 891.865511] [c000000338757910] [c000000000172a58] ___might_sleep+0x2f8/0x310 [ 891.865679] [c000000338757990] [c0000000006bff74] blkcipher_walk_done+0x374/0x4a0 [ 891.865825] [c0000003387579e0] [d000000007e73e70] p8_aes_cbc_encrypt+0x1c8/0x260 [vmx_crypto] [ 891.865993] [c000000338757ad0] [c0000000006c0ee0] skcipher_encrypt_blkcipher+0x60/0x80 [ 891.866128] [c000000338757b10] [c0000000006ec504] skcipher_recvmsg+0x424/0x530 [ 891.866283] [c000000338757bd0] [c000000000b00654] sock_recvmsg+0x74/0xa0 [ 891.866403] [c000000338757c10] [c000000000b00f64] ___sys_recvmsg+0xf4/0x2f0 [ 891.866515] [c000000338757d90] [c000000000b02bb8] __sys_recvmsg+0x68/0xe0 [ 891.866631] [c000000338757e30] [c00000000000bbe4] system_call+0x5c/0x70 Fixes: 8c755ace357c ("crypto: vmx - Adding CBC routines for VMX module") Fixes: c07f5d3da643 ("crypto: vmx - Adding support for XTS") Cc: stable(a)vger.kernel.org Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- Still untested, please test and review if possible. Changes in v2: - fix leaving preemtption, etc. disabled when leaving the function (I switched to the more obvious and less efficient variant for the sake of clarity.) drivers/crypto/vmx/aes_cbc.c | 30 ++++++++++++++---------------- drivers/crypto/vmx/aes_xts.c | 21 ++++++++++++++------- 2 files changed, 28 insertions(+), 23 deletions(-) diff --git a/drivers/crypto/vmx/aes_cbc.c b/drivers/crypto/vmx/aes_cbc.c index 5285ece4f33a..b71895871be3 100644 --- a/drivers/crypto/vmx/aes_cbc.c +++ b/drivers/crypto/vmx/aes_cbc.c @@ -107,24 +107,23 @@ static int p8_aes_cbc_encrypt(struct blkcipher_desc *desc, ret = crypto_skcipher_encrypt(req); skcipher_request_zero(req); } else { - preempt_disable(); - pagefault_disable(); - enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); ret = blkcipher_walk_virt(desc, &walk); while ((nbytes = walk.nbytes)) { + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); aes_p8_cbc_encrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->enc_key, walk.iv, 1); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); + nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); } - - disable_kernel_vsx(); - pagefault_enable(); - preempt_enable(); } return ret; @@ -147,24 +146,23 @@ static int p8_aes_cbc_decrypt(struct blkcipher_desc *desc, ret = crypto_skcipher_decrypt(req); skcipher_request_zero(req); } else { - preempt_disable(); - pagefault_disable(); - enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); ret = blkcipher_walk_virt(desc, &walk); while ((nbytes = walk.nbytes)) { + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); aes_p8_cbc_encrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->dec_key, walk.iv, 0); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); + nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); } - - disable_kernel_vsx(); - pagefault_enable(); - preempt_enable(); } return ret; diff --git a/drivers/crypto/vmx/aes_xts.c b/drivers/crypto/vmx/aes_xts.c index 8bd9aff0f55f..e9954a7d4694 100644 --- a/drivers/crypto/vmx/aes_xts.c +++ b/drivers/crypto/vmx/aes_xts.c @@ -116,32 +116,39 @@ static int p8_aes_xts_crypt(struct blkcipher_desc *desc, ret = enc? crypto_skcipher_encrypt(req) : crypto_skcipher_decrypt(req); skcipher_request_zero(req); } else { + blkcipher_walk_init(&walk, dst, src, nbytes); + + ret = blkcipher_walk_virt(desc, &walk); + preempt_disable(); pagefault_disable(); enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); - - ret = blkcipher_walk_virt(desc, &walk); iv = walk.iv; memset(tweak, 0, AES_BLOCK_SIZE); aes_p8_encrypt(iv, tweak, &ctx->tweak_key); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); + while ((nbytes = walk.nbytes)) { + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); if (enc) aes_p8_xts_encrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->enc_key, NULL, tweak); else aes_p8_xts_decrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->dec_key, NULL, tweak); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); } - - disable_kernel_vsx(); - pagefault_enable(); - preempt_enable(); } return ret; } -- 2.17.1

7 years, 3 months

4
5
0 0

Re: stable/linux-4.4.y boot: 124 boots: 3 failed, 117 passed with 2 offline, 1 untried/unknown, 1 conflict (v4.4.151)

by Guillaume Tucker

On 22/08/18 14:51, kernelci.org bot wrote: > stable/linux-4.4.y boot: 124 boots: 3 failed, 117 passed with 2 offline, 1 untried/unknown, 1 conflict (v4.4.151) > > Full Boot Summary: https://kernelci.org/boot/all/job/stable/branch/linux-4.4.y/kernel/v4.4.151/ > Full Build Summary: https://kernelci.org/build/stable/branch/linux-4.4.y/kernel/v4.4.151/ > > Tree: stable > Branch: linux-4.4.y > Git Describe: v4.4.151 > Git Commit: 78f654f6cce3442937b8c7eb4b640357871363c1 > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git > Tested: 43 unique boards, 20 SoC families, 22 builds out of 191 > > Boot Regressions Detected: [...] > x86: > > defconfig+kvm_guest: > x86-x5-z8350: > lab-mhart: failing since 6 days (last pass: v4.4.147 - first fail: v4.4.148) > > x86_64_defconfig: > x86-x5-z8350: > lab-mhart: failing since 6 days (last pass: v4.4.147 - first fail: v4.4.148) We've had a couple of automated boot bisections pointing at the same commit on an x86 Atom x5-Z8350 platform (AAEON UP-CHT01), please see details below. The issue seems to have started with v4.4.148. Here's the boot details and log showing the issue on v4.4.151: https://kernelci.org/boot/id/5b7d39ea59b514c03796ba9c/ https://storage.kernelci.org/stable/linux-4.4.y/v4.4.151/x86/x86_64_defconf… [ 0.073668] swapper/0: Corrupted page table at address 5b95ef78 [ 0.080286] PGD 272a067 PUD 272d067 PMD 5b8000000e3 [ 0.085847] Bad pagetable: 0009 [#1] SMP Below is the result of the last kernelci.org automated bisection. I haven't done any further investigation, this is merely sharing the results so please take it with a pinch of salt! Hope this helps. Best wishes, Guillaume --------------------------------------8<-------------------------------------- Bisection result for stable/linux-4.4.y (v4.4.151) on x86-x5-z8350 Good: 8404ae6c8c9f Linux 4.4.147 Bad: 78f654f6cce3 Linux 4.4.151 Found: 02ff2769edbc x86/mm/pat: Make set_memory_np() L1TF safe Checks: revert: PASS verify: PASS Parameters: Tree: stable URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git Branch: linux-4.4.y Target: x86-x5-z8350 Lab: lab-mhart Config: x86_64_defconfig Plan: boot Breaking commit found: ------------------------------------------------------------------------------- commit 02ff2769edbce2261e981effbc3c4b98fae4faf0 Author: Andi Kleen <ak(a)linux.intel.com> Date: Tue Aug 7 15:09:39 2018 -0700 x86/mm/pat: Make set_memory_np() L1TF safe commit 958f79b9ee55dfaf00c8106ed1c22a2919e0028b upstream set_memory_np() is used to mark kernel mappings not present, but it has it's own open coded mechanism which does not have the L1TF protection of inverting the address bits. Replace the open coded PTE manipulation with the L1TF protecting low level PTE routines. Passes the CPA self test. Signed-off-by: Andi Kleen <ak(a)linux.intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> [ dwmw2: Pull in pud_mkhuge() from commit a00cc7d9dd, and pfn_pud() ] Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> [groeck: port to 4.4] Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h index b5e157c065ae..4de6c282c02a 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -378,12 +378,39 @@ static inline pmd_t pfn_pmd(unsigned long page_nr, pgprot_t pgprot) return __pmd(pfn | massage_pgprot(pgprot)); } +static inline pud_t pfn_pud(unsigned long page_nr, pgprot_t pgprot) +{ + phys_addr_t pfn = page_nr << PAGE_SHIFT; + pfn ^= protnone_mask(pgprot_val(pgprot)); + pfn &= PHYSICAL_PUD_PAGE_MASK; + return __pud(pfn | massage_pgprot(pgprot)); +} + static inline pmd_t pmd_mknotpresent(pmd_t pmd) { return pfn_pmd(pmd_pfn(pmd), __pgprot(pmd_flags(pmd) & ~(_PAGE_PRESENT|_PAGE_PROTNONE))); } +static inline pud_t pud_set_flags(pud_t pud, pudval_t set) +{ + pudval_t v = native_pud_val(pud); + + return __pud(v | set); +} + +static inline pud_t pud_clear_flags(pud_t pud, pudval_t clear) +{ + pudval_t v = native_pud_val(pud); + + return __pud(v & ~clear); +} + +static inline pud_t pud_mkhuge(pud_t pud) +{ + return pud_set_flags(pud, _PAGE_PSE); +} + static inline u64 flip_protnone_guard(u64 oldval, u64 val, u64 mask); static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c index 79377e2a7bcd..27610c2d1821 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -1006,8 +1006,8 @@ static int populate_pmd(struct cpa_data *cpa, pmd = pmd_offset(pud, start); - set_pmd(pmd, __pmd(cpa->pfn | _PAGE_PSE | - massage_pgprot(pmd_pgprot))); + set_pmd(pmd, pmd_mkhuge(pfn_pmd(cpa->pfn, + canon_pgprot(pmd_pgprot)))); start += PMD_SIZE; cpa->pfn += PMD_SIZE; @@ -1079,8 +1079,8 @@ static int populate_pud(struct cpa_data *cpa, unsigned long start, pgd_t *pgd, * Map everything starting from the Gb boundary, possibly with 1G pages */ while (end - start >= PUD_SIZE) { - set_pud(pud, __pud(cpa->pfn | _PAGE_PSE | - massage_pgprot(pud_pgprot))); + set_pud(pud, pud_mkhuge(pfn_pud(cpa->pfn, + canon_pgprot(pud_pgprot)))); start += PUD_SIZE; cpa->pfn += PUD_SIZE; ------------------------------------------------------------------------------- Git bisection log: ------------------------------------------------------------------------------- git bisect start # good: [8404ae6c8c9ff23a06cf38112e83002e1088bfe1] Linux 4.4.147 git bisect good 8404ae6c8c9ff23a06cf38112e83002e1088bfe1 # bad: [78f654f6cce3442937b8c7eb4b640357871363c1] Linux 4.4.151 git bisect bad 78f654f6cce3442937b8c7eb4b640357871363c1 # bad: [6b06f36f07e2c91ad0126f17d0fc8f933c827da8] x86/mm/kmmio: Make the tracer robust against L1TF git bisect bad 6b06f36f07e2c91ad0126f17d0fc8f933c827da8 # good: [90a231c63cc28d896ab353b027011a949e9884d3] x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT git bisect good 90a231c63cc28d896ab353b027011a949e9884d3 # good: [9ac0dc7d949db7afd4116d55fa4fcf6a66d820f0] mm: fix cache mode tracking in vm_insert_mixed() git bisect good 9ac0dc7d949db7afd4116d55fa4fcf6a66d820f0 # good: [dc48c1a2f45b628d3128ad4bb31d1bcd342c059d] x86/cpufeatures: Add detection of L1D cache flush support. git bisect good dc48c1a2f45b628d3128ad4bb31d1bcd342c059d # good: [0aae5fe8413dfcd949d0df1c7d6b835efecd5b3b] x86/speculation/l1tf: Invert all not present mappings git bisect good 0aae5fe8413dfcd949d0df1c7d6b835efecd5b3b # bad: [02ff2769edbce2261e981effbc3c4b98fae4faf0] x86/mm/pat: Make set_memory_np() L1TF safe git bisect bad 02ff2769edbce2261e981effbc3c4b98fae4faf0 # good: [9feecdb6cb73feaa55b0135aee8777eaac848c78] x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert git bisect good 9feecdb6cb73feaa55b0135aee8777eaac848c78 # first bad commit: [02ff2769edbce2261e981effbc3c4b98fae4faf0] x86/mm/pat: Make set_memory_np() L1TF safe ------------------------------------------------------------------------------- > For more info write to <info(a)kernelci.org> > > > > _______________________________________________ > Kernel-build-reports mailing list > Kernel-build-reports(a)lists.linaro.org > https://lists.linaro.org/mailman/listinfo/kernel-build-reports >

7 years, 3 months

3
7
0 0

+ mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported. has been added to the -mm tree. Its filename is mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-hugetlb-filter-out-hugetlb-page… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-hugetlb-filter-out-hugetlb-page… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: "Aneesh Kumar K.V" <aneesh.kumar(a)linux.ibm.com> Subject: mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported. When scanning for movable pages, filter out Hugetlb pages if hugepage migration is not supported. Without this we hit infinte loop in __offline_pages() where we do pfn = scan_movable_pages(start_pfn, end_pfn); if (pfn) { /* We have movable pages */ ret = do_migrate_range(pfn, end_pfn); goto repeat; } Fix this by checking hugepage_migration_supported both in has_unmovable_pages which is the primary backoff mechanism for page offlining and for consistency reasons also into scan_movable_pages because it doesn't make any sense to return a pfn to non-migrateable huge page. This issue was revealed by, but not caused by 72b39cfc4d75 ("mm, memory_hotplug: do not fail offlining too early"). Link: http://lkml.kernel.org/r/20180824063314.21981-1-aneesh.kumar@linux.ibm.com Fixes: 72b39cfc4d75 ("mm, memory_hotplug: do not fail offlining too early") Signed-off-by: Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> Reported-by: Haren Myneni <haren(a)linux.vnet.ibm.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory_hotplug.c | 3 ++- mm/page_alloc.c | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) --- a/mm/memory_hotplug.c~mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported +++ a/mm/memory_hotplug.c @@ -1333,7 +1333,8 @@ static unsigned long scan_movable_pages( if (__PageMovable(page)) return pfn; if (PageHuge(page)) { - if (page_huge_active(page)) + if (hugepage_migration_supported(page_hstate(page)) && + page_huge_active(page)) return pfn; else pfn = round_up(pfn + 1, --- a/mm/page_alloc.c~mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported +++ a/mm/page_alloc.c @@ -7709,6 +7709,10 @@ bool has_unmovable_pages(struct zone *zo * handle each tail page individually in migration. */ if (PageHuge(page)) { + + if (!hugepage_migration_supported(page_hstate(page))) + goto unmovable; + iter = round_up(iter + 1, 1<<compound_order(page)) - 1; continue; } _ Patches currently in -mm which might be from aneesh.kumar(a)linux.ibm.com are mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported.patch

7 years, 3 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror