- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] Patch "MIPS: CM: Drop WARN_ON(vp != 0)" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled MIPS: CM: Drop WARN_ON(vp != 0) to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mips-cm-drop-warn_on-vp-0.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c04de7b1ad645b61c141df8ca903ba0cc03a57f7 Mon Sep 17 00:00:00 2001 From: James Hogan <jhogan(a)kernel.org> Date: Tue, 5 Dec 2017 22:28:22 +0000 Subject: MIPS: CM: Drop WARN_ON(vp != 0) From: James Hogan <jhogan(a)kernel.org> commit c04de7b1ad645b61c141df8ca903ba0cc03a57f7 upstream. Since commit 68923cdc2eb3 ("MIPS: CM: Add cluster & block args to mips_cm_lock_other()"), mips_smp_send_ipi_mask() has used mips_cm_lock_other_cpu() with each CPU number, rather than mips_cm_lock_other() with the first VPE in each core. Prior to r6, multicore multithreaded systems such as dual-core dual-thread interAptivs with CPU Idle enabled (e.g. MIPS Creator Ci40) results in mips_cm_lock_other() repeatedly hitting WARN_ON(vp != 0). There doesn't appear to be anything fundamentally wrong about passing a non-zero VP/VPE number, even if it is a core's region that is locked into the other region before r6, so remove that particular WARN_ON(). Fixes: 68923cdc2eb3 ("MIPS: CM: Add cluster & block args to mips_cm_lock_other()") Signed-off-by: James Hogan <jhogan(a)kernel.org> Reviewed-by: Paul Burton <paul.burton(a)mips.com> Cc: linux-mips(a)linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/17883/ Signed-off-by: Ralf Baechle <ralf(a)linux-mips.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/mips/kernel/mips-cm.c | 1 - 1 file changed, 1 deletion(-) --- a/arch/mips/kernel/mips-cm.c +++ b/arch/mips/kernel/mips-cm.c @@ -292,7 +292,6 @@ void mips_cm_lock_other(unsigned int clu *this_cpu_ptr(&cm_core_lock_flags)); } else { WARN_ON(cluster != 0); - WARN_ON(vp != 0); WARN_ON(block != CM_GCR_Cx_OTHER_BLOCK_LOCAL); /* Patches currently in stable-queue which might be from jhogan(a)kernel.org are queue-4.14/mips-cm-drop-warn_on-vp-0.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: kvm-arm-arm64-check-pagesize-when-allocating-a-hugepage-at-stage-2.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c507babf10ead4d5c8cca704539b170752a8ac84 Mon Sep 17 00:00:00 2001 From: Punit Agrawal <punit.agrawal(a)arm.com> Date: Thu, 4 Jan 2018 18:24:33 +0000 Subject: KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2 From: Punit Agrawal <punit.agrawal(a)arm.com> commit c507babf10ead4d5c8cca704539b170752a8ac84 upstream. KVM only supports PMD hugepages at stage 2 but doesn't actually check that the provided hugepage memory pagesize is PMD_SIZE before populating stage 2 entries. In cases where the backing hugepage size is smaller than PMD_SIZE (such as when using contiguous hugepages), KVM can end up creating stage 2 mappings that extend beyond the supplied memory. Fix this by checking for the pagesize of userspace vma before creating PMD hugepage at stage 2. Fixes: 66b3923a1a0f77a ("arm64: hugetlb: add support for PTE contiguous bit") Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Cc: Marc Zyngier <marc.zyngier(a)arm.com> Reviewed-by: Christoffer Dall <christoffer.dall(a)linaro.org> Signed-off-by: Christoffer Dall <christoffer.dall(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- virt/kvm/arm/mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1310,7 +1310,7 @@ static int user_mem_abort(struct kvm_vcp return -EFAULT; } - if (is_vm_hugetlb_page(vma) && !logging_active) { + if (vma_kernel_pagesize(vma) == PMD_SIZE && !logging_active) { hugetlb = true; gfn = (fault_ipa & PMD_MASK) >> PAGE_SHIFT; } else { Patches currently in stable-queue which might be from punit.agrawal(a)arm.com are queue-4.14/kvm-arm-arm64-check-pagesize-when-allocating-a-hugepage-at-stage-2.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "alpha/PCI: Fix noname IRQ level detection" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled alpha/PCI: Fix noname IRQ level detection to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alpha-pci-fix-noname-irq-level-detection.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 86be89939d11a84800f66e2a283b915b704bf33d Mon Sep 17 00:00:00 2001 From: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Date: Tue, 16 Jan 2018 11:52:59 +0000 Subject: alpha/PCI: Fix noname IRQ level detection From: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> commit 86be89939d11a84800f66e2a283b915b704bf33d upstream. The conversion of the alpha architecture PCI host bridge legacy IRQ mapping/swizzling to the new PCI host bridge map/swizzle hooks carried out through: commit 0e4c2eeb758a ("alpha/PCI: Replace pci_fixup_irqs() call with host bridge IRQ mapping hooks") implies that IRQ for devices are now allocated through pci_assign_irq() function in pci_device_probe() that is called when a driver matching a device is found in order to probe the device through the device driver. Alpha noname platforms required IRQ level programming to be executed in sio_fixup_irq_levels(), that is called in noname_init_pci(), a platform hook called within a subsys_initcall. In noname_init_pci(), present IRQs are detected through sio_collect_irq_levels() that check the struct pci_dev->irq number to detect if an IRQ has been allocated for the device. By the time sio_collect_irq_levels() is called, some devices may still have not a matching driver loaded to match them (eg loadable module) therefore their IRQ allocation is still pending - which means that sio_collect_irq_levels() does not programme the correct IRQ level for those devices, causing their IRQ handling to be broken when the device driver is actually loaded and the device is probed. Fix the issue by adding code in the noname map_irq() function (noname_map_irq()) that, whilst mapping/swizzling the IRQ line, it also ensures that the correct IRQ level programming is executed at platform level, fixing the issue. Fixes: 0e4c2eeb758a ("alpha/PCI: Replace pci_fixup_irqs() call with host bridge IRQ mapping hooks") Reported-by: Mikulas Patocka <mpatocka(a)redhat.com> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Cc: Bjorn Helgaas <bhelgaas(a)google.com> Cc: Richard Henderson <rth(a)twiddle.net> Cc: Ivan Kokshaysky <ink(a)jurassic.park.msu.ru> Cc: Mikulas Patocka <mpatocka(a)redhat.com> Cc: Meelis Roos <mroos(a)linux.ee> Signed-off-by: Matt Turner <mattst88(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/alpha/kernel/sys_sio.c | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) --- a/arch/alpha/kernel/sys_sio.c +++ b/arch/alpha/kernel/sys_sio.c @@ -102,6 +102,15 @@ sio_pci_route(void) alpha_mv.sys.sio.route_tab); } +static bool sio_pci_dev_irq_needs_level(const struct pci_dev *dev) +{ + if ((dev->class >> 16 == PCI_BASE_CLASS_BRIDGE) && + (dev->class >> 8 != PCI_CLASS_BRIDGE_PCMCIA)) + return false; + + return true; +} + static unsigned int __init sio_collect_irq_levels(void) { @@ -110,8 +119,7 @@ sio_collect_irq_levels(void) /* Iterate through the devices, collecting IRQ levels. */ for_each_pci_dev(dev) { - if ((dev->class >> 16 == PCI_BASE_CLASS_BRIDGE) && - (dev->class >> 8 != PCI_CLASS_BRIDGE_PCMCIA)) + if (!sio_pci_dev_irq_needs_level(dev)) continue; if (dev->irq) @@ -120,8 +128,7 @@ sio_collect_irq_levels(void) return level_bits; } -static void __init -sio_fixup_irq_levels(unsigned int level_bits) +static void __sio_fixup_irq_levels(unsigned int level_bits, bool reset) { unsigned int old_level_bits; @@ -139,12 +146,21 @@ sio_fixup_irq_levels(unsigned int level_ */ old_level_bits = inb(0x4d0) | (inb(0x4d1) << 8); - level_bits |= (old_level_bits & 0x71ff); + if (reset) + old_level_bits &= 0x71ff; + + level_bits |= old_level_bits; outb((level_bits >> 0) & 0xff, 0x4d0); outb((level_bits >> 8) & 0xff, 0x4d1); } +static inline void +sio_fixup_irq_levels(unsigned int level_bits) +{ + __sio_fixup_irq_levels(level_bits, true); +} + static inline int noname_map_irq(const struct pci_dev *dev, u8 slot, u8 pin) { @@ -181,7 +197,14 @@ noname_map_irq(const struct pci_dev *dev const long min_idsel = 6, max_idsel = 14, irqs_per_slot = 5; int irq = COMMON_TABLE_LOOKUP, tmp; tmp = __kernel_extbl(alpha_mv.sys.sio.route_tab, irq); - return irq >= 0 ? tmp : -1; + + irq = irq >= 0 ? tmp : -1; + + /* Fixup IRQ level if an actual IRQ mapping is detected */ + if (sio_pci_dev_irq_needs_level(dev) && irq >= 0) + __sio_fixup_irq_levels(1 << irq, false); + + return irq; } static inline int Patches currently in stable-queue which might be from lorenzo.pieralisi(a)arm.com are queue-4.14/alpha-pci-fix-noname-irq-level-detection.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] Patch "arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-kvm-fix-smccc-handling-of-unimplemented-smc-hvc-calls.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From acfb3b883f6d6a4b5d27ad7fdded11f6a09ae6dd Mon Sep 17 00:00:00 2001 From: Marc Zyngier <marc.zyngier(a)arm.com> Date: Tue, 16 Jan 2018 10:23:47 +0000 Subject: arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls From: Marc Zyngier <marc.zyngier(a)arm.com> commit acfb3b883f6d6a4b5d27ad7fdded11f6a09ae6dd upstream. KVM doesn't follow the SMCCC when it comes to unimplemented calls, and inject an UNDEF instead of returning an error. Since firmware calls are now used for security mitigation, they are becoming more common, and the undef is counter productive. Instead, let's follow the SMCCC which states that -1 must be returned to the caller when getting an unknown function number. Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> Signed-off-by: Christoffer Dall <christoffer.dall(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/kvm/handle_exit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/arch/arm64/kvm/handle_exit.c +++ b/arch/arm64/kvm/handle_exit.c @@ -44,7 +44,7 @@ static int handle_hvc(struct kvm_vcpu *v ret = kvm_psci_call(vcpu); if (ret < 0) { - kvm_inject_undefined(vcpu); + vcpu_set_reg(vcpu, 0, ~0UL); return 1; } @@ -53,7 +53,7 @@ static int handle_hvc(struct kvm_vcpu *v static int handle_smc(struct kvm_vcpu *vcpu, struct kvm_run *run) { - kvm_inject_undefined(vcpu); + vcpu_set_reg(vcpu, 0, ~0UL); return 1; } Patches currently in stable-queue which might be from marc.zyngier(a)arm.com are queue-4.14/kvm-arm-arm64-check-pagesize-when-allocating-a-hugepage-at-stage-2.patch queue-4.14/arm64-kvm-fix-smccc-handling-of-unimplemented-smc-hvc-calls.patch

7 years, 1 month

1
0
0 0

Re: [Linux-stable-mirror] [PATCH] x86: Use __nostackprotect for sme_encrypt_kernel

by Gabriel C

On 21.01.2018 02:23, Linus Torvalds wrote: > On Sat, Jan 20, 2018 at 5:14 PM, Laura Abbott <labbott(a)redhat.com> wrote: >> >> I hadn't seen this picked up yet so sending explicitly > > Ingo, I just took this directly as a patch. Added stable to CC since the patch series this patch fixes is in stable-queue. Regards, Gabriel C

7 years, 1 month

4
4
0 0

[Linux-stable-mirror] Patch "x86: Use __nostackprotect for sme_encrypt_kernel" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86: Use __nostackprotect for sme_encrypt_kernel to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-use-__nostackprotect-for-sme_encrypt_kernel.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 91cfc88c66bf8ab95937606569670cf67fa73e09 Mon Sep 17 00:00:00 2001 From: Laura Abbott <labbott(a)redhat.com> Date: Sat, 20 Jan 2018 17:14:02 -0800 Subject: x86: Use __nostackprotect for sme_encrypt_kernel From: Laura Abbott <labbott(a)redhat.com> commit 91cfc88c66bf8ab95937606569670cf67fa73e09 upstream. Commit bacf6b499e11 ("x86/mm: Use a struct to reduce parameters for SME PGD mapping") moved some parameters into a structure. The structure was large enough to trigger the stack protection canary in sme_encrypt_kernel which doesn't work this early, causing reboots. Mark sme_encrypt_kernel appropriately to not use the canary. Fixes: bacf6b499e11 ("x86/mm: Use a struct to reduce parameters for SME PGD mapping") Signed-off-by: Laura Abbott <labbott(a)redhat.com> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/mm/mem_encrypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -487,7 +487,7 @@ static unsigned long __init sme_pgtable_ return total; } -void __init sme_encrypt_kernel(struct boot_params *bp) +void __init __nostackprotector sme_encrypt_kernel(struct boot_params *bp) { unsigned long workarea_start, workarea_end, workarea_len; unsigned long execute_start, execute_end, execute_len; Patches currently in stable-queue which might be from labbott(a)redhat.com are queue-4.14/x86-use-__nostackprotect-for-sme_encrypt_kernel.patch

7 years, 1 month

1
0
0 0

[Linux-stable-mirror] [PATCH v3] mtd: nand: brcmnand: Disable prefetch by default

by Kamal Dasu

Brcm nand controller prefetch feature needs to be disabled by default. Enabling affects performance on random reads as well as dma reads. Signed-off-by: Kamal Dasu <kdasu.kdev(a)gmail.com> Fixes: 27c5b17cd1b1 ("mtd: nand: add NAND driver "library" for Broadcom STB NAND controller") Cc: stable(a)vger.kernel.org --- drivers/mtd/nand/brcmnand/brcmnand.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/drivers/mtd/nand/brcmnand/brcmnand.c b/drivers/mtd/nand/brcmnand/brcmnand.c index dd56a67..2a978d9 100644 --- a/drivers/mtd/nand/brcmnand/brcmnand.c +++ b/drivers/mtd/nand/brcmnand/brcmnand.c @@ -2193,16 +2193,9 @@ static int brcmnand_setup_dev(struct brcmnand_host *host) if (ctrl->nand_version >= 0x0702) tmp |= ACC_CONTROL_RD_ERASED; tmp &= ~ACC_CONTROL_FAST_PGM_RDIN; - if (ctrl->features & BRCMNAND_HAS_PREFETCH) { - /* - * FIXME: Flash DMA + prefetch may see spurious erased-page ECC - * errors - */ - if (has_flash_dma(ctrl)) - tmp &= ~ACC_CONTROL_PREFETCH; - else - tmp |= ACC_CONTROL_PREFETCH; - } + if (ctrl->features & BRCMNAND_HAS_PREFETCH) + tmp &= ~ACC_CONTROL_PREFETCH; + nand_writereg(ctrl, offs, tmp); return 0; -- 2.7.4

7 years, 1 month

3
4
0 0

[Linux-stable-mirror] [PATCH 4.4 00/78] 4.4.108-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.108 release. There are 78 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Dec 24 08:45:30 UTC 2017. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.108-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.108-rc1 Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Fix yet another i915 pointer leftover in error path Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Degrade i915 binding failure message Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Clear the leftover component assignment at snd_hdac_i915_exit() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature" Aleksandar Markovic <aleksandar.markovic(a)mips.com> MIPS: math-emu: Fix final emulation phase for certain instructions Arvind Yadav <arvind.yadav.cs(a)gmail.com> thermal: hisilicon: Handle return value of clk_prepare_enable Nicholas Piggin <npiggin(a)gmail.com> cpuidle: fix broadcast control when broadcast can not be entered Alexandre Belloni <alexandre.belloni(a)free-electrons.com> rtc: set the alarm to the next expiring timer Hoang Tran <tranviethoang.vn(a)gmail.com> tcp: fix under-evaluated ssthresh in TCP Vegas Jacob Keller <jacob.e.keller(a)intel.com> fm10k: ensure we process SM mbx when processing VF mbx Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: PLOGI failures during NPIV testing Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: Fix secure firmware updates Gabriele Paoloni <gabriele.paoloni(a)huawei.com> PCI/AER: Report non-fatal errors only to the affected endpoint Emil Tantilov <emil.s.tantilov(a)intel.com> ixgbe: fix use of uninitialized padding Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> igb: check memory allocation failure Stuart Hayes <stuart.w.hayes(a)gmail.com> PCI: Create SR-IOV virtfn/physfn links before attaching driver Sreekanth Reddy <sreekanth.reddy(a)broadcom.com> scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive Varun Prakash <varun(a)chelsio.com> scsi: cxgb4i: fix Tx skb leak David Daney <david.daney(a)cavium.com> PCI: Avoid bus reset if bridge itself is broken Dan Murphy <dmurphy(a)ti.com> net: phy: at803x: Change error to EINVAL for invalid MAC Russell King <rmk+kernel(a)armlinux.org.uk> rtc: pl031: make interrupt optional Christian Lamparter <chunkeey(a)gmail.com> crypto: crypto4xx - increase context and scatter ring buffer elements Derek Basehore <dbasehore(a)chromium.org> backlight: pwm_bl: Fix overflow condition Sankar Patchineelam <sankar.patchineelam(a)broadcom.com> bnxt_en: Fix NULL pointer dereference in reopen failure path Vaidyanathan Srinivasan <svaidy(a)linux.vnet.ibm.com> cpuidle: powernv: Pass correct drv->cpumask for registration Russell King <rmk+kernel(a)armlinux.org.uk> ARM: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory Liping Zhang <zlpnobody(a)gmail.com> netfilter: nfnetlink_queue: fix secctx memory leak Adam Wallis <awallis(a)codeaurora.org> xhci: plat: Register shutdown for xhci_plat Arnd Bergmann <arnd(a)arndb.de> isdn: kcapi: avoid uninitialized data Herongguang (Stephen) <herongguang.he(a)huawei.com> KVM: pci-assign: do not map smm memory slot pages in vt-d page tables Reizer, Eyal <eyalr(a)ti.com> ARM: dts: am335x-evmsk: adjust mmc2 param to allow suspend Gao Feng <fgao(a)ikuai8.com> netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register Liping Zhang <zlpnobody(a)gmail.com> netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table Alexey Khoroshilov <khoroshilov(a)ispras.ru> irda: vlsi_ir: fix check for DMA mapping errors Sagi Grimberg <sagi(a)grimberg.me> RDMA/iser: Fix possible mr leak on device removal event Alexander Duyck <alexander.h.duyck(a)intel.com> i40e: Do not enable NAPI on q_vectors that have no rings Alexander Duyck <alexander.h.duyck(a)intel.com> net: Do not allow negative values for busy_read and busy_poll sysctl interfaces Arnd Bergmann <arnd(a)arndb.de> bna: avoid writing uninitialized data into hw registers Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: no ETH header for outbound AF_IUCV hayeswang <hayeswang(a)realtek.com> r8152: prevent the driver from transmitting packets with carrier off Peter Stein <peter(a)stuntstein.dk> HID: xinmo: fix for out of range for THT 2P arcade controller. Mike Looijmans <mike.looijmans(a)topic.nl> i2c: mux: pca954x: Add missing pca9546 definition to chip_desc Arnd Bergmann <arnd(a)arndb.de> hwmon: (asus_atk0110) fix uninitialized data access Rob Herring <robh(a)kernel.org> ARM: dts: ti: fix PCI bus dtc warnings Wanpeng Li <wanpeng.li(a)hotmail.com> KVM: VMX: Fix enable VPID conditions Wanpeng Li <wanpeng.li(a)hotmail.com> KVM: x86: correct async page present tracepoint Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: Fix PT2PT PRLI reject Patrice Chotard <patrice.chotard(a)st.com> pinctrl: st: add irq_request/release_resources callbacks Eric Dumazet <edumazet(a)google.com> inet: frag: release spinlock before calling icmp_send() Jeffy Chen <jeffy.chen(a)rock-chips.com> netfilter: nfnl_cthelper: Fix memory leak Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nfnl_cthelper: fix runtime expectation policy updates Gustavo A. R. Silva <garsilva(a)embeddedor.com> usb: gadget: udc: remove pointer dereference after free Roger Quadros <rogerq(a)ti.com> usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed Tony Lindgren <tony(a)atomide.com> net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4 Dan Carpenter <dan.carpenter(a)oracle.com> bna: integer overflow bug in debugfs Eric Dumazet <edumazet(a)google.com> sch_dsmark: fix invalid skb_cow() usage Herbert Xu <herbert(a)gondor.apana.org.au> crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex hayeswang <hayeswang(a)realtek.com> r8152: fix the list rx_done may be used without initialization Vaidyanathan Srinivasan <svaidy(a)linux.vnet.ibm.com> cpuidle: Validate cpu_dev in cpuidle_add_sysfs() Jon Medhurst <tixy(a)linaro.org> arm: kprobes: Align stack to 8-bytes in test code Masami Hiramatsu <mhiramat(a)kernel.org> arm: kprobes: Fix the return address of multiple kretprobes Jaroslav Kysela <perex(a)perex.cz> ALSA: hda - add support for docking station for HP 840 G3 Jaroslav Kysela <perex(a)perex.cz> ALSA: hda - add support for docking station for HP 820 G2 Aaron Lu <aaron.lu(a)intel.com> x86/irq: Do not substract irq_tlb_count from irq_call_count Andy Lutomirski <luto(a)kernel.org> sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() Steven Rostedt <rostedt(a)goodmis.org> ARM: Hide finish_arch_post_lock_switch() from modules Andy Lutomirski <luto(a)kernel.org> x86/mm, sched/core: Turn off IRQs in switch_mm() Andy Lutomirski <luto(a)kernel.org> x86/mm, sched/core: Uninline switch_mm() Andy Lutomirski <luto(a)kernel.org> x86/mm: Build arch/x86/mm/tlb.c even on !SMP Andy Lutomirski <luto(a)kernel.org> sched/core: Add switch_mm_irqs_off() and use it in the scheduler Ingo Molnar <mingo(a)kernel.org> mm/mmu_context, sched/core: Fix mmu_context.h assumption Nadav Amit <namit(a)vmware.com> mm/rmap: batched invalidations should use existing api Andy Lutomirski <luto(a)kernel.org> x86/mm: If INVPCID is available, use it to flush global mappings Andy Lutomirski <luto(a)kernel.org> x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID Borislav Petkov <bp(a)suse.de> x86/mm: Fix INVPCID asm constraint Andy Lutomirski <luto(a)kernel.org> x86/mm: Add INVPCID helpers Vaibhav Jain <vaibhav(a)linux.vnet.ibm.com> cxl: Check if vphb exists before iterating over AFU devices Steve Capper <steve.capper(a)arm.com> arm64: Initialise high_memory global variable earlier ------------- Diffstat: Documentation/kernel-parameters.txt | 2 + Makefile | 4 +- arch/arm/boot/dts/am335x-evmsk.dts | 1 + arch/arm/boot/dts/dra7.dtsi | 2 + arch/arm/include/asm/mmu_context.h | 2 + arch/arm/mm/dma-mapping.c | 20 +- arch/arm/probes/kprobes/core.c | 24 ++- arch/arm/probes/kprobes/test-core.c | 11 +- arch/arm64/mm/init.c | 2 +- arch/mips/math-emu/cp1emu.c | 28 +-- arch/x86/include/asm/hardirq.h | 4 - arch/x86/include/asm/mmu_context.h | 101 +-------- arch/x86/include/asm/tlbflush.h | 63 +++++- arch/x86/kernel/cpu/common.c | 16 ++ arch/x86/kernel/irq.c | 3 +- arch/x86/kvm/vmx.c | 9 +- arch/x86/kvm/x86.c | 2 +- arch/x86/mm/Makefile | 3 +- arch/x86/mm/tlb.c | 118 ++++++++++- drivers/bluetooth/btusb.c | 5 - drivers/cpuidle/cpuidle-powernv.c | 18 ++ drivers/cpuidle/cpuidle.c | 1 + drivers/cpuidle/sysfs.c | 12 ++ drivers/crypto/amcc/crypto4xx_core.h | 10 +- drivers/hid/hid-core.c | 1 + drivers/hid/hid-ids.h | 1 + drivers/hid/hid-xinmo.c | 1 + drivers/hwmon/asus_atk0110.c | 3 + drivers/i2c/muxes/i2c-mux-pca954x.c | 6 +- drivers/infiniband/ulp/iser/iscsi_iser.h | 2 + drivers/infiniband/ulp/iser/iser_verbs.c | 8 +- drivers/isdn/capi/kcapi.c | 1 + drivers/misc/cxl/pci.c | 13 ++ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 ++ drivers/net/ethernet/brocade/bna/bfa_ioc.c | 10 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_iov.c | 3 + drivers/net/ethernet/intel/i40e/i40e_main.c | 16 +- drivers/net/ethernet/intel/igb/igb_main.c | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 2 + drivers/net/irda/vlsi_ir.c | 8 +- drivers/net/phy/at803x.c | 2 +- drivers/net/usb/qmi_wwan.c | 4 + drivers/net/usb/r8152.c | 19 +- drivers/pci/iov.c | 3 +- drivers/pci/pci.c | 4 + drivers/pci/pcie/aer/aerdrv_core.c | 9 +- drivers/pinctrl/pinctrl-st.c | 30 ++- drivers/rtc/interface.c | 2 +- drivers/rtc/rtc-pl031.c | 14 +- drivers/s390/net/qeth_l3_main.c | 15 +- drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 1 + drivers/scsi/lpfc/lpfc_els.c | 3 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 3 +- drivers/scsi/lpfc/lpfc_hw4.h | 2 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 5 + drivers/thermal/hisi_thermal.c | 5 +- drivers/usb/gadget/function/f_uvc.c | 8 + drivers/usb/gadget/udc/pch_udc.c | 1 - drivers/usb/host/xhci-plat.c | 1 + drivers/video/backlight/pwm_bl.c | 7 +- include/linux/mmu_context.h | 7 + kernel/sched/core.c | 4 +- mm/mmu_context.c | 2 +- mm/rmap.c | 28 +-- net/core/sysctl_net_core.c | 6 +- net/ipv4/ip_fragment.c | 25 ++- net/ipv4/netfilter/nf_nat_snmp_basic.c | 19 +- net/ipv4/tcp_vegas.c | 2 +- net/netfilter/nfnetlink_cthelper.c | 267 +++++++++++++++--------- net/netfilter/nfnetlink_queue.c | 9 +- net/netlink/af_netlink.c | 41 ++++ net/sched/sch_dsmark.c | 10 +- sound/hda/hdac_i915.c | 4 +- sound/pci/hda/hda_intel.c | 6 +- sound/pci/hda/patch_conexant.c | 11 + sound/pci/hda/patch_realtek.c | 14 +- virt/kvm/kvm_main.c | 2 +- 79 files changed, 793 insertions(+), 359 deletions(-)

7 years, 1 month

7
92
0 0

[Linux-stable-mirror] [PATCH v4 00/10] prevent bounds-check bypass via speculative execution

by Dan Williams

Changes since v3 [1] * Drop 'ifence_array_ptr' and associated compile-time + run-time switching and just use the masking approach all the time. * Convert 'get_user' to use pointer sanitization via masking rather than lfence. '__get_user' and associated paths still rely on lfence. (Linus) "Basically, the rule is trivial: find all 'stac' users, and use address masking if those users already integrate the limit check, and lfence they don't." * At syscall entry sanitize the syscall number under speculation to remove a user controlled pointer de-reference in kernel space. (Linus) * Fix a raw lfence in the kvm code (added for v4.15-rc8) to use 'array_ptr'. * Propose 'array_idx' as a way to sanitize user input that is later used as an array index, but where the validation is happening in a different code block than the array reference. (Christian). * Fix grammar in speculation.txt (Kees) --- Quoting Mark's original RFC: "Recently, Google Project Zero discovered several classes of attack against speculative execution. One of these, known as variant-1, allows explicit bounds checks to be bypassed under speculation, providing an arbitrary read gadget. Further details can be found on the GPZ blog [2] and the Documentation patch in this series." A precondition of using this attack on the kernel is to get a user controlled pointer de-referenced (under speculation) in privileged code. The primary source of user controlled pointers in the kernel is the arguments passed to 'get_user' and '__get_user'. An example of other user controlled pointers are user-controlled array / pointer offsets. Better tooling is needed to find more arrays / pointers with user controlled indices / offsets that can be converted to use 'array_ptr' or 'array_idx'. A few are included in this set, and these are not expected to be complete. That said, the 'get_user' protections raise the bar on finding a vulnerable gadget in the kernel. These patches are also available via the 'nospec-v4' git branch here: git://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux nospec-v4 Note that the BPF fix for Spectre variant1 is merged for 4.15-rc8. [2]: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-… --- Dan Williams (9): asm/nospec, array_ptr: sanitize speculative array de-references x86: implement array_ptr_mask() x86: introduce __uaccess_begin_nospec and ifence x86, __get_user: use __uaccess_begin_nospec x86, get_user: use pointer masking to limit speculation x86: narrow out of bounds syscalls to sys_read under speculation vfs, fdtable: prevent bounds-check bypass via speculative execution kvm, x86: fix spectre-v1 mitigation nl80211: sanitize array index in parse_txq_params Mark Rutland (1): Documentation: document array_ptr Documentation/speculation.txt | 143 +++++++++++++++++++++++++++++++++++++ arch/x86/entry/entry_64.S | 2 + arch/x86/include/asm/barrier.h | 28 +++++++ arch/x86/include/asm/msr.h | 3 - arch/x86/include/asm/smap.h | 24 ++++++ arch/x86/include/asm/uaccess.h | 15 +++- arch/x86/include/asm/uaccess_32.h | 6 +- arch/x86/include/asm/uaccess_64.h | 12 ++- arch/x86/kvm/vmx.c | 19 ++--- arch/x86/lib/getuser.S | 5 + arch/x86/lib/usercopy_32.c | 8 +- include/linux/fdtable.h | 7 +- include/linux/nospec.h | 65 +++++++++++++++++ net/wireless/nl80211.c | 10 ++- 14 files changed, 312 insertions(+), 35 deletions(-) create mode 100644 Documentation/speculation.txt create mode 100644 include/linux/nospec.h

7 years, 1 month

3
5
0 0

[Linux-stable-mirror] Patch "workqueue: avoid hard lockups in show_workqueue_state()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled workqueue: avoid hard lockups in show_workqueue_state() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: workqueue-avoid-hard-lockups-in-show_workqueue_state.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 62635ea8c18f0f62df4cc58379e4f1d33afd5801 Mon Sep 17 00:00:00 2001 From: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Date: Thu, 11 Jan 2018 09:53:35 +0900 Subject: workqueue: avoid hard lockups in show_workqueue_state() From: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> commit 62635ea8c18f0f62df4cc58379e4f1d33afd5801 upstream. show_workqueue_state() can print out a lot of messages while being in atomic context, e.g. sysrq-t -> show_workqueue_state(). If the console device is slow it may end up triggering NMI hard lockup watchdog. Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Signed-off-by: Tejun Heo <tj(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/workqueue.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -48,6 +48,7 @@ #include <linux/nodemask.h> #include <linux/moduleparam.h> #include <linux/uaccess.h> +#include <linux/nmi.h> #include "workqueue_internal.h" @@ -4424,6 +4425,12 @@ void show_workqueue_state(void) if (pwq->nr_active || !list_empty(&pwq->delayed_works)) show_pwq(pwq); spin_unlock_irqrestore(&pwq->pool->lock, flags); + /* + * We could be printing a lot from atomic context, e.g. + * sysrq-t -> show_workqueue_state(). Avoid triggering + * hard lockup. + */ + touch_nmi_watchdog(); } } @@ -4451,6 +4458,12 @@ void show_workqueue_state(void) pr_cont("\n"); next_pool: spin_unlock_irqrestore(&pool->lock, flags); + /* + * We could be printing a lot from atomic context, e.g. + * sysrq-t -> show_workqueue_state(). Avoid triggering + * hard lockup. + */ + touch_nmi_watchdog(); } rcu_read_unlock_sched(); Patches currently in stable-queue which might be from sergey.senozhatsky.work(a)gmail.com are queue-4.9/workqueue-avoid-hard-lockups-in-show_workqueue_state.patch

7 years, 1 month

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror