- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] [patch 12/28] mm: introduce get_user_pages_longterm

by akpm＠linux-foundation.org

From: Dan Williams <dan.j.williams(a)intel.com> Subject: mm: introduce get_user_pages_longterm Patch series "introduce get_user_pages_longterm()", v2. Here is a new get_user_pages api for cases where a driver intends to keep an elevated page count indefinitely. This is distinct from usages like iov_iter_get_pages where the elevated page counts are transient. The iov_iter_get_pages cases immediately turn around and submit the pages to a device driver which will put_page when the i/o operation completes (under kernel control). In the longterm case userspace is responsible for dropping the page reference at some undefined point in the future. This is untenable for filesystem-dax case where the filesystem is in control of the lifetime of the block / page and needs reasonable limits on how long it can wait for pages in a mapping to become idle. Fixing filesystems to actually wait for dax pages to be idle before blocks from a truncate/hole-punch operation are repurposed is saved for a later patch series. Also, allowing longterm registration of dax mappings is a future patch series that introduces a "map with lease" semantic where the kernel can revoke a lease and force userspace to drop its page references. I have also tagged these for -stable to purposely break cases that might assume that longterm memory registrations for filesystem-dax mappings were supported by the kernel. The behavior regression this policy change implies is one of the reasons we maintain the "dax enabled. Warning: EXPERIMENTAL, use at your own risk" notification when mounting a filesystem in dax mode. It is worth noting the device-dax interface does not suffer the same constraints since it does not support file space management operations like hole-punch. This patch (of 4): Until there is a solution to the dma-to-dax vs truncate problem it is not safe to allow long standing memory registrations against filesytem-dax vmas. Device-dax vmas do not have this problem and are explicitly allowed. This is temporary until a "memory registration with layout-lease" mechanism can be implemented for the affected sub-systems (RDMA and V4L2). [akpm(a)linux-foundation.org: use kcalloc()] Link: http://lkml.kernel.org/r/151068939435.7446.13560129395419350737.stgit@dwill… Fixes: 3565fce3a659 ("mm, x86: get_user_pages() for dax mappings") Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> Suggested-by: Christoph Hellwig <hch(a)lst.de> Cc: Doug Ledford <dledford(a)redhat.com> Cc: Hal Rosenstock <hal.rosenstock(a)gmail.com> Cc: Inki Dae <inki.dae(a)samsung.com> Cc: Jan Kara <jack(a)suse.cz> Cc: Jason Gunthorpe <jgg(a)mellanox.com> Cc: Jeff Moyer <jmoyer(a)redhat.com> Cc: Joonyoung Shim <jy0922.shim(a)samsung.com> Cc: Kyungmin Park <kyungmin.park(a)samsung.com> Cc: Mauro Carvalho Chehab <mchehab(a)kernel.org> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Ross Zwisler <ross.zwisler(a)linux.intel.com> Cc: Sean Hefty <sean.hefty(a)intel.com> Cc: Seung-Woo Kim <sw0312.kim(a)samsung.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/fs.h | 14 +++++++++ include/linux/mm.h | 13 ++++++++ mm/gup.c | 64 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 91 insertions(+) diff -puN include/linux/fs.h~mm-introduce-get_user_pages_longterm include/linux/fs.h --- a/include/linux/fs.h~mm-introduce-get_user_pages_longterm +++ a/include/linux/fs.h @@ -3194,6 +3194,20 @@ static inline bool vma_is_dax(struct vm_ return vma->vm_file && IS_DAX(vma->vm_file->f_mapping->host); } +static inline bool vma_is_fsdax(struct vm_area_struct *vma) +{ + struct inode *inode; + + if (!vma->vm_file) + return false; + if (!vma_is_dax(vma)) + return false; + inode = file_inode(vma->vm_file); + if (inode->i_mode == S_IFCHR) + return false; /* device-dax */ + return true; +} + static inline int iocb_flags(struct file *file) { int res = 0; diff -puN include/linux/mm.h~mm-introduce-get_user_pages_longterm include/linux/mm.h --- a/include/linux/mm.h~mm-introduce-get_user_pages_longterm +++ a/include/linux/mm.h @@ -1380,6 +1380,19 @@ long get_user_pages_locked(unsigned long unsigned int gup_flags, struct page **pages, int *locked); long get_user_pages_unlocked(unsigned long start, unsigned long nr_pages, struct page **pages, unsigned int gup_flags); +#ifdef CONFIG_FS_DAX +long get_user_pages_longterm(unsigned long start, unsigned long nr_pages, + unsigned int gup_flags, struct page **pages, + struct vm_area_struct **vmas); +#else +static inline long get_user_pages_longterm(unsigned long start, + unsigned long nr_pages, unsigned int gup_flags, + struct page **pages, struct vm_area_struct **vmas) +{ + return get_user_pages(start, nr_pages, gup_flags, pages, vmas); +} +#endif /* CONFIG_FS_DAX */ + int get_user_pages_fast(unsigned long start, int nr_pages, int write, struct page **pages); diff -puN mm/gup.c~mm-introduce-get_user_pages_longterm mm/gup.c --- a/mm/gup.c~mm-introduce-get_user_pages_longterm +++ a/mm/gup.c @@ -1095,6 +1095,70 @@ long get_user_pages(unsigned long start, } EXPORT_SYMBOL(get_user_pages); +#ifdef CONFIG_FS_DAX +/* + * This is the same as get_user_pages() in that it assumes we are + * operating on the current task's mm, but it goes further to validate + * that the vmas associated with the address range are suitable for + * longterm elevated page reference counts. For example, filesystem-dax + * mappings are subject to the lifetime enforced by the filesystem and + * we need guarantees that longterm users like RDMA and V4L2 only + * establish mappings that have a kernel enforced revocation mechanism. + * + * "longterm" == userspace controlled elevated page count lifetime. + * Contrast this to iov_iter_get_pages() usages which are transient. + */ +long get_user_pages_longterm(unsigned long start, unsigned long nr_pages, + unsigned int gup_flags, struct page **pages, + struct vm_area_struct **vmas_arg) +{ + struct vm_area_struct **vmas = vmas_arg; + struct vm_area_struct *vma_prev = NULL; + long rc, i; + + if (!pages) + return -EINVAL; + + if (!vmas) { + vmas = kcalloc(nr_pages, sizeof(struct vm_area_struct *), + GFP_KERNEL); + if (!vmas) + return -ENOMEM; + } + + rc = get_user_pages(start, nr_pages, gup_flags, pages, vmas); + + for (i = 0; i < rc; i++) { + struct vm_area_struct *vma = vmas[i]; + + if (vma == vma_prev) + continue; + + vma_prev = vma; + + if (vma_is_fsdax(vma)) + break; + } + + /* + * Either get_user_pages() failed, or the vma validation + * succeeded, in either case we don't need to put_page() before + * returning. + */ + if (i >= rc) + goto out; + + for (i = 0; i < rc; i++) + put_page(pages[i]); + rc = -EOPNOTSUPP; +out: + if (vmas != vmas_arg) + kfree(vmas); + return rc; +} +EXPORT_SYMBOL(get_user_pages_longterm); +#endif /* CONFIG_FS_DAX */ + /** * populate_vma_page_range() - populate a range of pages in the vma. * @vma: target vma _

7 years, 2 months

1
0
0 0

[Linux-stable-mirror] [patch 11/28] device-dax: implement ->split() to catch invalid munmap attempts

by akpm＠linux-foundation.org

From: Dan Williams <dan.j.williams(a)intel.com> Subject: device-dax: implement ->split() to catch invalid munmap attempts Similar to how device-dax enforces that the 'address', 'offset', and 'len' parameters to mmap() be aligned to the device's fundamental alignment, the same constraints apply to munmap(). Implement ->split() to fail munmap calls that violate the alignment constraint. Otherwise, we later fail VM_BUG_ON checks in the unmap_page_range() path with crash signatures of the form: vma ffff8800b60c8a88 start 00007f88c0000000 end 00007f88c0e00000 next (null) prev (null) mm ffff8800b61150c0 prot 8000000000000027 anon_vma (null) vm_ops ffffffffa0091240 pgoff 0 file ffff8800b638ef80 private_data (null) flags: 0x380000fb(read|write|shared|mayread|maywrite|mayexec|mayshare|softdirty|mixedmap|hugepage) ------------[ cut here ]------------ kernel BUG at mm/huge_memory.c:2014! [..] RIP: 0010:__split_huge_pud+0x12a/0x180 [..] Call Trace: unmap_page_range+0x245/0xa40 ? __vma_adjust+0x301/0x990 unmap_vmas+0x4c/0xa0 unmap_region+0xae/0x120 ? __vma_rb_erase+0x11a/0x230 do_munmap+0x276/0x410 vm_munmap+0x6a/0xa0 SyS_munmap+0x1d/0x30 Link: http://lkml.kernel.org/r/151130418681.4029.7118245855057952010.stgit@dwilli… Fixes: dee410792419 ("/dev/dax, core: file operations and dax-mmap") Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> Reported-by: Jeff Moyer <jmoyer(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/dax/device.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff -puN drivers/dax/device.c~device-dax-implement-split-to-catch-invalid-munmap-attempts drivers/dax/device.c --- a/drivers/dax/device.c~device-dax-implement-split-to-catch-invalid-munmap-attempts +++ a/drivers/dax/device.c @@ -428,9 +428,21 @@ static int dev_dax_fault(struct vm_fault return dev_dax_huge_fault(vmf, PE_SIZE_PTE); } +static int dev_dax_split(struct vm_area_struct *vma, unsigned long addr) +{ + struct file *filp = vma->vm_file; + struct dev_dax *dev_dax = filp->private_data; + struct dax_region *dax_region = dev_dax->region; + + if (!IS_ALIGNED(addr, dax_region->align)) + return -EINVAL; + return 0; +} + static const struct vm_operations_struct dax_vm_ops = { .fault = dev_dax_fault, .huge_fault = dev_dax_huge_fault, + .split = dev_dax_split, }; static int dax_mmap(struct file *filp, struct vm_area_struct *vma) _

7 years, 2 months

1
0
0 0

[Linux-stable-mirror] [patch 10/28] mm, hugetlbfs: introduce ->split() to vm_operations_struct

by akpm＠linux-foundation.org

From: Dan Williams <dan.j.williams(a)intel.com> Subject: mm, hugetlbfs: introduce ->split() to vm_operations_struct Patch series "device-dax: fix unaligned munmap handling" When device-dax is operating in huge-page mode we want it to behave like hugetlbfs and fail attempts to split vmas into unaligned ranges. It would be messy to teach the munmap path about device-dax alignment constraints in the same (hstate) way that hugetlbfs communicates this constraint. Instead, these patches introduce a new ->split() vm operation. This patch (of 2): The device-dax interface has similar constraints as hugetlbfs in that it requires the munmap path to unmap in huge page aligned units. Rather than add more custom vma handling code in __split_vma() introduce a new vm operation to perform this vma specific check. Link: http://lkml.kernel.org/r/151130418135.4029.6783191281930729710.stgit@dwilli… Fixes: dee410792419 ("/dev/dax, core: file operations and dax-mmap") Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> Cc: Jeff Moyer <jmoyer(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/mm.h | 1 + mm/hugetlb.c | 8 ++++++++ mm/mmap.c | 8 +++++--- 3 files changed, 14 insertions(+), 3 deletions(-) diff -puN include/linux/mm.h~mm-hugetlbfs-introduce-split-to-vm_operations_struct include/linux/mm.h --- a/include/linux/mm.h~mm-hugetlbfs-introduce-split-to-vm_operations_struct +++ a/include/linux/mm.h @@ -377,6 +377,7 @@ enum page_entry_size { struct vm_operations_struct { void (*open)(struct vm_area_struct * area); void (*close)(struct vm_area_struct * area); + int (*split)(struct vm_area_struct * area, unsigned long addr); int (*mremap)(struct vm_area_struct * area); int (*fault)(struct vm_fault *vmf); int (*huge_fault)(struct vm_fault *vmf, enum page_entry_size pe_size); diff -puN mm/hugetlb.c~mm-hugetlbfs-introduce-split-to-vm_operations_struct mm/hugetlb.c --- a/mm/hugetlb.c~mm-hugetlbfs-introduce-split-to-vm_operations_struct +++ a/mm/hugetlb.c @@ -3125,6 +3125,13 @@ static void hugetlb_vm_op_close(struct v } } +static int hugetlb_vm_op_split(struct vm_area_struct *vma, unsigned long addr) +{ + if (addr & ~(huge_page_mask(hstate_vma(vma)))) + return -EINVAL; + return 0; +} + /* * We cannot handle pagefaults against hugetlb pages at all. They cause * handle_mm_fault() to try to instantiate regular-sized pages in the @@ -3141,6 +3148,7 @@ const struct vm_operations_struct hugetl .fault = hugetlb_vm_op_fault, .open = hugetlb_vm_op_open, .close = hugetlb_vm_op_close, + .split = hugetlb_vm_op_split, }; static pte_t make_huge_pte(struct vm_area_struct *vma, struct page *page, diff -puN mm/mmap.c~mm-hugetlbfs-introduce-split-to-vm_operations_struct mm/mmap.c --- a/mm/mmap.c~mm-hugetlbfs-introduce-split-to-vm_operations_struct +++ a/mm/mmap.c @@ -2555,9 +2555,11 @@ int __split_vma(struct mm_struct *mm, st struct vm_area_struct *new; int err; - if (is_vm_hugetlb_page(vma) && (addr & - ~(huge_page_mask(hstate_vma(vma))))) - return -EINVAL; + if (vma->vm_ops && vma->vm_ops->split) { + err = vma->vm_ops->split(vma, addr); + if (err) + return err; + } new = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL); if (!new) _

7 years, 2 months

1
0
0 0

[Linux-stable-mirror] [patch 04/28] mm: fix device-dax pud write-faults triggered by get_user_pages()

by akpm＠linux-foundation.org

From: Dan Williams <dan.j.williams(a)intel.com> Subject: mm: fix device-dax pud write-faults triggered by get_user_pages() Currently only get_user_pages_fast() can safely handle the writable gup case due to its use of pud_access_permitted() to check whether the pud entry is writable. In the gup slow path pud_write() is used instead of pud_access_permitted() and to date it has been unimplemented, just calls BUG_ON(). kernel BUG at ./include/linux/hugetlb.h:244! [..] RIP: 0010:follow_devmap_pud+0x482/0x490 [..] Call Trace: follow_page_mask+0x28c/0x6e0 __get_user_pages+0xe4/0x6c0 get_user_pages_unlocked+0x130/0x1b0 get_user_pages_fast+0x89/0xb0 iov_iter_get_pages_alloc+0x114/0x4a0 nfs_direct_read_schedule_iovec+0xd2/0x350 ? nfs_start_io_direct+0x63/0x70 nfs_file_direct_read+0x1e0/0x250 nfs_file_read+0x90/0xc0 For now this just implements a simple check for the _PAGE_RW bit similar to pmd_write. However, this implies that the gup-slow-path check is missing the extra checks that the gup-fast-path performs with pud_access_permitted. Later patches will align all checks to use the 'access_permitted' helper if the architecture provides it. Note that the generic 'access_permitted' helper fallback is the simple _PAGE_RW check on architectures that do not define the 'access_permitted' helper(s). [dan.j.williams(a)intel.com: fix powerpc compile error] Link: http://lkml.kernel.org/r/151129126165.37405.16031785266675461397.stgit@dwil… Link: http://lkml.kernel.org/r/151043109938.2842.14834662818213616199.stgit@dwill… Fixes: a00cc7d9dd93 ("mm, x86: add support for PUD-sized transparent hugepages") Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> Reported-by: Stephen Rothwell <sfr(a)canb.auug.org.au> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> [x86] Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/x86/include/asm/pgtable.h | 6 ++++++ include/asm-generic/pgtable.h | 8 ++++++++ include/linux/hugetlb.h | 8 -------- 3 files changed, 14 insertions(+), 8 deletions(-) diff -puN arch/x86/include/asm/pgtable.h~mm-fix-device-dax-pud-write-faults-triggered-by-get_user_pages arch/x86/include/asm/pgtable.h --- a/arch/x86/include/asm/pgtable.h~mm-fix-device-dax-pud-write-faults-triggered-by-get_user_pages +++ a/arch/x86/include/asm/pgtable.h @@ -1088,6 +1088,12 @@ static inline void pmdp_set_wrprotect(st clear_bit(_PAGE_BIT_RW, (unsigned long *)pmdp); } +#define pud_write pud_write +static inline int pud_write(pud_t pud) +{ + return pud_flags(pud) & _PAGE_RW; +} + /* * clone_pgd_range(pgd_t *dst, pgd_t *src, int count); * diff -puN include/asm-generic/pgtable.h~mm-fix-device-dax-pud-write-faults-triggered-by-get_user_pages include/asm-generic/pgtable.h --- a/include/asm-generic/pgtable.h~mm-fix-device-dax-pud-write-faults-triggered-by-get_user_pages +++ a/include/asm-generic/pgtable.h @@ -814,6 +814,14 @@ static inline int pmd_write(pmd_t pmd) #endif /* __HAVE_ARCH_PMD_WRITE */ #endif /* CONFIG_TRANSPARENT_HUGEPAGE */ +#ifndef pud_write +static inline int pud_write(pud_t pud) +{ + BUG(); + return 0; +} +#endif /* pud_write */ + #if !defined(CONFIG_TRANSPARENT_HUGEPAGE) || \ (defined(CONFIG_TRANSPARENT_HUGEPAGE) && \ !defined(CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD)) diff -puN include/linux/hugetlb.h~mm-fix-device-dax-pud-write-faults-triggered-by-get_user_pages include/linux/hugetlb.h --- a/include/linux/hugetlb.h~mm-fix-device-dax-pud-write-faults-triggered-by-get_user_pages +++ a/include/linux/hugetlb.h @@ -239,14 +239,6 @@ static inline int pgd_write(pgd_t pgd) } #endif -#ifndef pud_write -static inline int pud_write(pud_t pud) -{ - BUG(); - return 0; -} -#endif - #define HUGETLB_ANON_FILE "anon_hugepage" enum { _

7 years, 2 months

1
0
0 0

[Linux-stable-mirror] [patch 03/28] mm/cma: fix alloc_contig_range ret code/potential leak

by akpm＠linux-foundation.org

From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: mm/cma: fix alloc_contig_range ret code/potential leak If the call __alloc_contig_migrate_range() in alloc_contig_range returns -EBUSY, processing continues so that test_pages_isolated() is called where there is a tracepoint to identify the busy pages. However, it is possible for busy pages to become available between the calls to these two routines. In this case, the range of pages may be allocated. Unfortunately, the original return code (ret == -EBUSY) is still set and returned to the caller. Therefore, the caller believes the pages were not allocated and they are leaked. Update comment to indicate that allocation is still possible even if __alloc_contig_migrate_range returns -EBUSY. Also, clear return code in this case so that it is not accidentally used or returned to caller. Link: http://lkml.kernel.org/r/20171122185214.25285-1-mike.kravetz@oracle.com Fixes: 8ef5849fa8a2 ("mm/cma: always check which page caused allocation failure") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: Michal Nazarewicz <mina86(a)mina86.com> Cc: Laura Abbott <labbott(a)redhat.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff -puN mm/page_alloc.c~mm-cma-fix-alloc_contig_range-ret-code-potential-leak-v2 mm/page_alloc.c --- a/mm/page_alloc.c~mm-cma-fix-alloc_contig_range-ret-code-potential-leak-v2 +++ a/mm/page_alloc.c @@ -7652,11 +7652,18 @@ int alloc_contig_range(unsigned long sta /* * In case of -EBUSY, we'd like to know which page causes problem. - * So, just fall through. We will check it in test_pages_isolated(). + * So, just fall through. test_pages_isolated() has a tracepoint + * which will report the busy page. + * + * It is possible that busy pages could become available before + * the call to test_pages_isolated, and the range will actually be + * allocated. So, if we fall through be sure to clear ret so that + * -EBUSY is not accidentally used or returned to caller. */ ret = __alloc_contig_migrate_range(&cc, start, end); if (ret && ret != -EBUSY) goto done; + ret =0; /* * Pages from [start, end) are within a MAX_ORDER_NR_PAGES _

7 years, 2 months

1
0
0 0

[Linux-stable-mirror] [patch 02/28] mm, oom_reaper: gather each vma to prevent leaking TLB entry

by akpm＠linux-foundation.org

From: Wang Nan <wangnan0(a)huawei.com> Subject: mm, oom_reaper: gather each vma to prevent leaking TLB entry tlb_gather_mmu(&tlb, mm, 0, -1) means gathering the whole virtual memory space. In this case, tlb->fullmm is true. Some archs like arm64 doesn't flush TLB when tlb->fullmm is true: commit 5a7862e83000 ("arm64: tlbflush: avoid flushing when fullmm == 1"). Which causes leaking of tlb entries. Will clarifies his patch: : Basically, we tag each address space with an ASID (PCID on x86) which : is resident in the TLB. This means we can elide TLB invalidation when : pulling down a full mm because we won't ever assign that ASID to another mm : without doing TLB invalidation elsewhere (which actually just nukes the : whole TLB). : : I think that means that we could potentially not fault on a kernel uaccess, : because we could hit in the TLB. There could be a window between complete_signal() sending IPI to other cores and all threads sharing this mm are really kicked off from cores. In this window, the oom reaper may calls tlb_flush_mmu_tlbonly() to flush TLB then frees pages. However, due to the above problem, the TLB entries are not really flushed on arm64. Other threads are possible to access these pages through TLB entries. Moreover, a copy_to_user() can also write to these pages without generating page fault, causes use-after-free bugs. This patch gathers each vma instead of gathering full vm space. In this case tlb->fullmm is not true. The behavior of oom reaper become similar to munmapping before do_exit, which should be safe for all archs. Link: http://lkml.kernel.org/r/20171107095453.179940-1-wangnan0@huawei.com Fixes: aac453635549 ("mm, oom: introduce oom reaper") Signed-off-by: Wang Nan <wangnan0(a)huawei.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: David Rientjes <rientjes(a)google.com> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Bob Liu <liubo95(a)huawei.com> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Roman Gushchin <guro(a)fb.com> Cc: Konstantin Khlebnikov <khlebnikov(a)yandex-team.ru> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/oom_kill.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff -puN mm/oom_kill.c~mm-oom_reaper-gather-each-vma-to-prevent-leaking-tlb-entry mm/oom_kill.c --- a/mm/oom_kill.c~mm-oom_reaper-gather-each-vma-to-prevent-leaking-tlb-entry +++ a/mm/oom_kill.c @@ -550,7 +550,6 @@ static bool __oom_reap_task_mm(struct ta */ set_bit(MMF_UNSTABLE, &mm->flags); - tlb_gather_mmu(&tlb, mm, 0, -1); for (vma = mm->mmap ; vma; vma = vma->vm_next) { if (!can_madv_dontneed_vma(vma)) continue; @@ -565,11 +564,13 @@ static bool __oom_reap_task_mm(struct ta * we do not want to block exit_mmap by keeping mm ref * count elevated without a good reason. */ - if (vma_is_anonymous(vma) || !(vma->vm_flags & VM_SHARED)) + if (vma_is_anonymous(vma) || !(vma->vm_flags & VM_SHARED)) { + tlb_gather_mmu(&tlb, mm, vma->vm_start, vma->vm_end); unmap_page_range(&tlb, vma, vma->vm_start, vma->vm_end, NULL); + tlb_finish_mmu(&tlb, vma->vm_start, vma->vm_end); + } } - tlb_finish_mmu(&tlb, 0, -1); pr_info("oom_reaper: reaped process %d (%s), now anon-rss:%lukB, file-rss:%lukB, shmem-rss:%lukB\n", task_pid_nr(tsk), tsk->comm, K(get_mm_counter(mm, MM_ANONPAGES)), _

7 years, 2 months

1
0
0 0

[Linux-stable-mirror] [patch 01/28] mm, memory_hotplug: do not back off draining pcp free pages from kworker context

by akpm＠linux-foundation.org

From: Michal Hocko <mhocko(a)suse.com> Subject: mm, memory_hotplug: do not back off draining pcp free pages from kworker context drain_all_pages backs off when called from a kworker context since 0ccce3b924212 ("mm, page_alloc: drain per-cpu pages from workqueue context") because the original IPI based pcp draining has been replaced by a WQ based one and the check wanted to prevent from recursion and inter workers dependencies. This has made some sense at the time because the system WQ has been used and one worker holding the lock could be blocked while waiting for new workers to emerge which can be a problem under OOM conditions. Since then ce612879ddc7 ("mm: move pcp and lru-pcp draining into single wq") has moved draining to a dedicated (mm_percpu_wq) WQ with a rescuer so we shouldn't depend on any other WQ activity to make a forward progress so calling drain_all_pages from a worker context is safe as long as this doesn't happen from mm_percpu_wq itself which is not the case because all workers are required to _not_ depend on any MM locks. Why is this a problem in the first place? ACPI driven memory hot-remove (acpi_device_hotplug) is executed from the worker context. We end up calling __offline_pages to free all the pages and that requires both lru_add_drain_all_cpuslocked and drain_all_pages to do their job otherwise we can have dangling pages on pcp lists and fail the offline operation (__test_page_isolated_in_pageblock would see a page with 0 ref. count but without PageBuddy set). Fix the issue by removing the worker check in drain_all_pages. lru_add_drain_all_cpuslocked doesn't have this restriction so it works as expected. Link: http://lkml.kernel.org/r/20170828093341.26341-1-mhocko@kernel.org Fixes: 0ccce3b924212 ("mm, page_alloc: drain per-cpu pages from workqueue context") Signed-off-by: Michal Hocko <mhocko(a)suse.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Tejun Heo <tj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [4.11+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 4 ---- 1 file changed, 4 deletions(-) diff -puN mm/page_alloc.c~mm-memory_hotplug-do-not-back-off-draining-pcp-free-pages-from-kworker-context mm/page_alloc.c --- a/mm/page_alloc.c~mm-memory_hotplug-do-not-back-off-draining-pcp-free-pages-from-kworker-context +++ a/mm/page_alloc.c @@ -2507,10 +2507,6 @@ void drain_all_pages(struct zone *zone) if (WARN_ON_ONCE(!mm_percpu_wq)) return; - /* Workqueues cannot recurse */ - if (current->flags & PF_WQ_WORKER) - return; - /* * Do not drain if one is already in progress unless it's specific to * a zone. Such callers are primarily CMA and memory hotplug and need _

7 years, 2 months

1
0
0 0

[Linux-stable-mirror] [PATCH] MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task

by Maciej W. Rozycki

Fix an API loophole introduced with commit 9791554b45a2 ("MIPS,prctl: add PR_[GS]ET_FP_MODE prctl options for MIPS"), where the caller of prctl(2) is incorrectly allowed to make a change to CP0.Status.FR or CP0.Config5.FRE register bits even if CONFIG_MIPS_O32_FP64_SUPPORT has not been enabled, despite that an executable requesting the mode requested via ELF file annotation would not be allowed to run in the first place, or for n64 and n64 ABI tasks which do not have non-default modes defined at all. Add suitable checks to `mips_set_process_fp_mode' and bail out if an invalid mode change has been requested for the ABI in effect, even if the FPU hardware or emulation would otherwise allow it. Always succeed however without taking any further action if the mode requested is the same as one already in effect, regardless of whether any mode change, should it be requested, would actually be allowed for the task concerned. Cc: stable(a)vger.kernel.org # 4.0+ Fixes: 9791554b45a2 ("MIPS,prctl: add PR_[GS]ET_FP_MODE prctl options for MIPS") Signed-off-by: Maciej W. Rozycki <macro(a)mips.com> --- arch/mips/kernel/process.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) linux-mips-prctl-fp-mode-o32-fp64.diff Index: linux-sfr-test/arch/mips/kernel/process.c =================================================================== --- linux-sfr-test.orig/arch/mips/kernel/process.c 2017-11-25 12:40:55.868109000 +0000 +++ linux-sfr-test/arch/mips/kernel/process.c 2017-11-25 12:41:56.411578000 +0000 @@ -705,6 +705,18 @@ int mips_set_process_fp_mode(struct task struct task_struct *t; int max_users; + /* If nothing to change, return right away, successfully. */ + if (value == mips_get_process_fp_mode(task)) + return 0; + + /* Only accept a mode change if 64-bit FP enabled for o32. */ + if (!IS_ENABLED(CONFIG_MIPS_O32_FP64_SUPPORT)) + return -EOPNOTSUPP; + + /* And only for o32 tasks. */ + if (IS_ENABLED(CONFIG_64BIT) && !test_thread_flag(TIF_32BIT_REGS)) + return -EOPNOTSUPP; + /* Check the value is valid */ if (value & ~known_bits) return -EOPNOTSUPP;

7 years, 2 months

2
4
0 0

[Linux-stable-mirror] [PATCH 4.14 000/193] 4.14.3-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.3 release. There are 193 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Nov 30 10:05:26 UTC 2017. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.3-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.3-rc1 Sasha Neftin <sasha.neftin(a)intel.com> e1000e: fix buffer overrun while the I219 is processing DMA transactions Benjamin Poirier <bpoirier(a)suse.com> e1000e: Avoid receiver overrun interrupt bursts Benjamin Poirier <bpoirier(a)suse.com> e1000e: Separate signaling for link check/link up Benjamin Poirier <bpoirier(a)suse.com> e1000e: Fix return value test Benjamin Poirier <bpoirier(a)suse.com> e1000e: Fix error path in link detection Luca Coelho <luciano.coelho(a)intel.com> iwlwifi: mvm: support version 7 of the SCAN_REQ_UMAC FW command Luca Coelho <luciano.coelho(a)intel.com> iwlwifi: fix PCI IDs and configuration mapping for 9000 series Ihab Zhaika <ihab.zhaika(a)intel.com> iwlwifi: add new cards for 8260 series Ihab Zhaika <ihab.zhaika(a)intel.com> iwlwifi: add new cards for 8265 series Ihab Zhaika <ihab.zhaika(a)intel.com> iwlwifi: add new cards for a000 series Luca Coelho <luciano.coelho(a)intel.com> iwlwifi: pcie: sort IDs for the 9000 series for easier comparisons Oren Givon <oren.givon(a)intel.com> iwlwifi: add a new a000 device Oren Givon <oren.givon(a)intel.com> iwlwifi: fix wrong struct for a000 device Neil Armstrong <narmstrong(a)baylibre.com> ARM64: dts: meson-gxl: Add alternate ARM Trusted Firmware reserved memory zone Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: reimplement decoder stop command Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: venc: fix bytesused v4l2_plane field Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: fix wrong size on dma_free Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> media: v4l2-ctrl: Fix flags field on Control events Johan Hovold <johan(a)kernel.org> cx231xx-cards: fix NULL-deref on missing association descriptor Sean Young <sean(a)mess.org> media: rc: nec decoder should not send both repeat and keycode Sean Young <sean(a)mess.org> media: rc: check for integer overflow Michele Baldessari <michele(a)acksyn.org> media: Don't do DMA on stack for firmware upload in the AS102 driver Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s/hash: Allow MAP_FIXED allocations to cross 128TB boundary Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s/hash: Fix fork() with 512TB process address space Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s/hash: Fix 128TB-512TB virtual address boundary case allocation Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s/hash: Fix 512T hint detection to use >= 128T Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s/radix: Fix 128TB-512TB virtual address boundary case allocation Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Fix masking of SRR1 bits on instruction fault Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com> powerpc/signal: Properly handle return value from uprobe_deny_signal() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/perf/imc: Use cpu_to_node() not topology_physical_package_id() Balbir Singh <bsingharora(a)gmail.com> powerpc/mm/radix: Fix crashes on Power9 DD1 with radix MMU and STRICT_RWX Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc: Fix boot on BOOK3S_32 with CONFIG_STRICT_KERNEL_RWX John David Anglin <dave.anglin(a)bell.net> parisc: Fix validity check of pointer size argument in new CAS implementation Brian King <brking(a)linux.vnet.ibm.com> ixgbe: Fix skb list corruption on Power systems Brian King <brking(a)linux.vnet.ibm.com> fm10k: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> i40evf: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> ixgbevf: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> igbvf: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> igb: Use smp_rmb rather than read_barrier_depends Brian King <brking(a)linux.vnet.ibm.com> i40e: Use smp_rmb rather than read_barrier_depends Bin Meng <bmeng.cn(a)gmail.com> spi-nor: intel-spi: Fix broken software sequencing codes Johan Hovold <johan(a)kernel.org> NFC: fix device-allocation error return Daniel Jurgens <danielj(a)mellanox.com> IB/core: Only maintain real QPs in the security lists Parav Pandit <parav(a)mellanox.com> IB/core: Avoid crash on pkey enforcement failed in received MADs Bart Van Assche <bart.vanassche(a)wdc.com> IB/srp: Avoid that a cable pull can trigger a kernel crash Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Fix incorrect available receive user context count Parav Pandit <parav(a)mellanox.com> IB/cm: Fix memory corruption in handling CM request Bart Van Assche <bart.vanassche(a)wdc.com> IB/srpt: Do not accept invalid initiator port names Chuck Lever <chuck.lever(a)oracle.com> svcrdma: Preserve CB send buffer across retransmits Dan Williams <dan.j.williams(a)intel.com> libnvdimm, namespace: make 'resource' attribute only readable by root Dan Williams <dan.j.williams(a)intel.com> libnvdimm, region : make 'resource' attribute only readable by root Dan Williams <dan.j.williams(a)intel.com> libnvdimm, namespace: fix label initialization to use valid seq numbers Dan Williams <dan.j.williams(a)intel.com> libnvdimm, pfn: make 'resource' attribute only readable by root Dan Williams <dan.j.williams(a)intel.com> libnvdimm, dimm: clear 'locked' status on successful DIMM enable Johan Hovold <johan(a)kernel.org> clk: ti: dra7-atl-clock: fix child-node lookups Trond Myklebust <trond.myklebust(a)primarydata.com> SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status Mikulas Patocka <mpatocka(a)redhat.com> dax: fix general protection fault in dax_alloc_inode Jeff Moyer <jmoyer(a)redhat.com> dax: fix PMD faults on zero-length files Paolo Bonzini <pbonzini(a)redhat.com> kvm: vmx: Reinstate support for CPUs without virtual NMI Paolo Bonzini <pbonzini(a)redhat.com> KVM: SVM: obey guest PAT Ladi Prosek <lprosek(a)redhat.com> KVM: nVMX: set IDTR and GDTR limits when loading L1 host state Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't call real-mode XICS hypercall handlers if not enabled Vasily Averin <vvs(a)virtuozzo.com> lockd: double unregister of inetaddr notifiers Johan Hovold <johan(a)kernel.org> irqchip/gic-v3: Fix ppi-partitions lookup Marc Zyngier <marc.zyngier(a)arm.com> genirq: Track whether the trigger type has been set Nate Dailey <nate.dailey(a)stratus.com> raid1: prevent freeze_array/wait_all_barriers deadlock Bart Van Assche <bart.vanassche(a)wdc.com> block: Fix a race between blk_cleanup_queue() and timeout handling Andrey Konovalov <andreyknvl(a)google.com> p54: don't unregister leds when they are not initialized Anup Patel <anup.patel(a)broadcom.com> mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush sequence Xiaolei Li <xiaolei.li(a)mediatek.com> mtd: nand: mtk: fix infinite ECC decode IRQ issue Brent Taylor <motobud(a)gmail.com> mtd: nand: Fix writing mtdoops to nand flash. Roger Quadros <rogerq(a)ti.com> mtd: nand: omap2: Fix subpage write Boris Brezillon <boris.brezillon(a)free-electrons.com> mtd: nand: atmel: Actually use the PM ops Boris Brezillon <boris.brezillon(a)free-electrons.com> mtd: nand: Export nand_reset() symbol Boris Brezillon <boris.brezillon(a)free-electrons.com> mtd: Avoid probe failures when mtd->dbg.dfs_dir is invalid Nicholas Bellinger <nab(a)linux-iscsi.org> target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK Nicholas Bellinger <nab(a)linux-iscsi.org> target: Fix quiese during transport_write_pending_qf endless loop Nicholas Bellinger <nab(a)linux-iscsi.org> target: Fix caw_sem leak in transport_generic_request_failure Nicholas Bellinger <nab(a)linux-iscsi.org> target: Fix QUEUE_FULL + SCSI task attribute handling tangwenji <tang.wenji(a)zte.com.cn> target: fix buffer offset in core_scsi3_pri_read_full_status tangwenji <tang.wenji(a)zte.com.cn> target: fix null pointer regression in core_tmr_drain_tmr_list Nicholas Bellinger <nab(a)linux-iscsi.org> iscsi-target: Fix non-immediate TMR reference leak Nicholas Bellinger <nab(a)linux-iscsi.org> iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: Fix oops if nvmet_fc_register_targetport fails Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: Fix FCP hba_wqidx assignment Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: Fix crash receiving ELS while detaching driver Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: fix pci hot plug crash in list_add call Dick Kennedy <dick.kennedy(a)broadcom.com> scsi: lpfc: fix pci hot plug crash in timer management routines Damien Le Moal <damien.lemoal(a)wdc.com> scsi: sd_zbc: Fix sd_zbc_read_zoned_characteristics() Bart Van Assche <bart.vanassche(a)wdc.com> scsi: qla2xxx: Suppress a kernel complaint in qla_init_base_qpair() Tuomas Tynkkynen <tuomas(a)tuxera.com> net/9p: Switch to wait_event_killable() Tuomas Tynkkynen <tuomas(a)tuxera.com> fs/9p: Compare qid.path in v9fs_test_inode Tuomas Tynkkynen <tuomas(a)tuxera.com> 9p: Fix missing commas in mount options Al Viro <viro(a)zeniv.linux.org.uk> fix a page leak in vhost_scsi_iov_to_sgl() error recovery Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mfd: lpc_ich: Avoton/Rangeley uses SPI_BYT method Maxime Ripard <maxime.ripard(a)free-electrons.com> ASoC: sun8i-codec: Set the BCLK divider Maxime Ripard <maxime.ripard(a)free-electrons.com> ASoC: sun8i-codec: Fix left and right channels inversion Maxime Ripard <maxime.ripard(a)free-electrons.com> ASoC: sun8i-codec: Invert Master / Slave condition Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix ALC700 family no sound issue Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Fix yet remaining issue with vmaster 0dB initialization Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Fix too short HDMI/DP chmap reporting Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix ALC275 no sound issue Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Remove kernel warning at compat ioctl error paths Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add sanity checks in v2 clock parsers Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix potential out-of-bound access at parsing SU Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add sanity checks to FE parser Henrik Eriksson <henrik.eriksson(a)axis.com> ALSA: pcm: update tstamp only if audio_tstamp changed Ross Zwisler <ross.zwisler(a)linux.intel.com> ext4: prevent data corruption with journaling + DAX Ross Zwisler <ross.zwisler(a)linux.intel.com> ext4: prevent data corruption with inline data + DAX Theodore Ts'o <tytso(a)mit.edu> ext4: fix interaction between i_size, fallocate, and delalloc after a crash Rameshwar Prasad Sahu <rsahu(a)apm.com> ata: fixes kernel crash while tracing ata_eh_link_autopsy event Miklos Szeredi <mszeredi(a)redhat.com> fsnotify: fix pinning group in fsnotify_prepare_user_wait() Miklos Szeredi <mszeredi(a)redhat.com> fsnotify: pin both inode and vfsmount mark Miklos Szeredi <mszeredi(a)redhat.com> fsnotify: clean up fsnotify_prepare/finish_user_wait() Shaohua Li <shli(a)fb.com> md/bitmap: revert a patch Loic Poulain <loic.poulain(a)linaro.org> Bluetooth: btqcomsmd: Add support for BD address setup Artur Paszkiewicz <artur.paszkiewicz(a)intel.com> md: don't check MD_SB_CHANGE_CLEAN in md_allow_write NeilBrown <neilb(a)suse.com> md: fix deadlock error in recent patch. Thomas Backlund <tmb(a)mageia.org> iwlwifi: fix firmware names for 9000 and A000 series hw Arnd Bergmann <arnd(a)arndb.de> rtlwifi: fix uninitialized rtlhal->last_suspend_sec time Larry Finger <Larry.Finger(a)lwfinger.net> rtlwifi: rtl8192ee: Fix memory leak when loading firmware Andrew Elble <aweits(a)rit.edu> nfsd: deal with revoked delegations appropriately NeilBrown <neilb(a)suse.com> NFS: revalidate "." etc correctly on "open". Anna Schumaker <Anna.Schumaker(a)Netapp.com> NFS: Avoid RCU usage in tracepoints Chuck Lever <chuck.lever(a)oracle.com> nfs: Fix ugly referral attributes Benjamin Coddington <bcodding(a)redhat.com> NFS: Revert "NFS: Move the flock open mode check into nfs_flock()" Joshua Watt <jpewhacker(a)gmail.com> NFS: Fix typo in nomigration mount option Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: expose some sectors to user in inline data or dentry case Josef Bacik <jbacik(a)fb.com> btrfs: change how we decide to commit transactions during flushing Arnd Bergmann <arnd(a)arndb.de> isofs: fix timestamps beyond 2027 Miklos Szeredi <mszeredi(a)redhat.com> fanotify: fix fsnotify_prepare_user_wait() failure Greg Edwards <gedwards(a)ddn.com> fs: guard_bio_eod() needs to consider partitions Coly Li <colyli(a)suse.de> bcache: check ca->alloc_thread initialized before wake up it Eric Biggers <ebiggers(a)google.com> libceph: don't WARN() if user tries to add invalid key Dan Carpenter <dan.carpenter(a)oracle.com> eCryptfs: use after free in ecryptfs_release_messaging() Eric Biggers <ebiggers(a)google.com> fscrypt: lock mutex before checking for bounce page pool Andreas Rohner <andreas.rohner(a)gmx.net> nilfs2: fix race condition that causes file system corruption NeilBrown <neilb(a)suse.com> autofs: don't fail mount for transient error Vitaly Wool <vitalywool(a)gmail.com> mm/z3fold.c: use kref to prevent page free/compact race Stanislaw Gruszka <sgruszka(a)redhat.com> rt2x00usb: mark device removed when get ENOENT usb error Aleksandar Markovic <aleksandar.markovic(a)mips.com> MIPS: math-emu: Fix final emulation phase for certain instructions Mirko Parthey <mirko.parthey(a)web.de> MIPS: BCM47XX: Fix LED inversion for WRT54GSv1 Maciej W. Rozycki <macro(a)mips.com> MIPS: Fix an n32 core file generation regset support regression Masahiro Yamada <yamada.masahiro(a)socionext.com> MIPS: dts: remove bogus bcm96358nb4ser.dtb from dtb-y entry James Hogan <jhogan(a)kernel.org> MIPS: Fix MIPS64 FP save/restore on 32-bit kernels James Hogan <jhogan(a)kernel.org> MIPS: Fix odd fp register warnings with MIPS64r2 Mike Snitzer <snitzer(a)redhat.com> dm: discard support requires all targets in a table support discards Hou Tao <houtao1(a)huawei.com> dm: fix race between dm_get_from_kobject() and __dm_destroy() John Crispin <john(a)phrozen.org> MIPS: pci: Remove KERN_WARN instance inside the mt7620 driver Steven Rostedt (Red Hat) <rostedt(a)goodmis.org> sched/rt: Simplify the IPI based RT balancing logic Mikulas Patocka <mpatocka(a)redhat.com> dm: allocate struct mapped_device with kvzalloc Vivek Goyal <vgoyal(a)redhat.com> ovl: Put upperdentry if ovl_check_origin() fails Eric Biggers <ebiggers(a)google.com> dm bufio: fix integer overflow when limiting maximum cache size Ming Lei <ming.lei(a)redhat.com> dm mpath: remove annoying message of 'blk_get_request() returned -11' Damien Le Moal <damien.lemoal(a)wdc.com> dm zoned: ignore last smaller runt zone Mikulas Patocka <mpatocka(a)redhat.com> dm crypt: allow unaligned bv_offset Joe Thornber <ejt(a)redhat.com> dm cache: fix race condition in the writeback mode overwrite_bio optimisation Mikulas Patocka <mpatocka(a)redhat.com> dm integrity: allow unaligned bv_offset Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ALSA: hda: Add Raven PCI ID Vadim Lomovtsev <Vadim.Lomovtsev(a)cavium.com> PCI: Apply Cavium ThunderX ACS quirk to more Root Ports Vadim Lomovtsev <Vadim.Lomovtsev(a)cavium.com> PCI: Set Cavium ACS capability quirk flags to assert RR/CR/SV/UF Dexuan Cui <decui(a)microsoft.com> PCI: hv: Use effective affinity mask Bjorn Helgaas <bhelgaas(a)google.com> PCI/ASPM: Use correct capability pointer to program LTR_L1.2_THRESHOLD Bjorn Helgaas <bhelgaas(a)google.com> PCI/ASPM: Account for downstream device's Port Common_Mode_Restore_Time Tobias Jordan <Tobias.Jordan(a)elektrobit.com> PM / OPP: Add missing of_node_put(np) Josef Bacik <jbacik(a)fb.com> nbd: don't start req until after the dead connection logic Josef Bacik <jbacik(a)fb.com> nbd: wait uninterruptible for the dead timeout Simon Guinot <simon.guinot(a)sequanux.org> net: mvneta: fix handling of the Tx descriptor counter Mathias Kresin <dev(a)kresin.me> MIPS: ralink: Fix typo in mt7628 pinmux function Mathias Kresin <dev(a)kresin.me> MIPS: ralink: Fix MT7628 pinmux Ben Hutchings <ben(a)decadent.org.uk> MIPS: cmpxchg64() and HAVE_VIRT_CPU_ACCOUNTING_GEN don't work for 32-bit SMP Dmitry V. Levin <ldv(a)altlinux.org> uapi: fix linux/rxrpc.h userspace compilation errors Dmitry V. Levin <ldv(a)altlinux.org> uapi: fix linux/tls.h userspace compilation error Philip Derrin <philip(a)cog.systems> ARM: 8721/1: mm: dump: check hardware RO bit for LPAE Philip Derrin <philip(a)cog.systems> ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE Catalin Marinas <catalin.marinas(a)arm.com> arm64: Implement arch-specific pte_access_permitted() Andi Kleen <ak(a)linux.intel.com> perf/x86/intel: Hide TSX events when RTM is not supported Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Add missing irqflags tracing to native_load_gs_index() Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Fix entry_SYSCALL_64_after_hwframe() IRQ tracing Masami Hiramatsu <mhiramat(a)kernel.org> x86/decoder: Add new TEST instruction pattern Tom Lendacky <thomas.lendacky(a)amd.com> x86/boot: Fix boot failure when SMP MP-table is based at 0 Eric Biggers <ebiggers(a)google.com> lib/mpi: call cond_resched() from mpi_powm() loop Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> sched: Make resched_cpu() unconditional Johan Hovold <johan(a)kernel.org> serdev: fix registration of second slave Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: schedutil: Reset cached_raw_freq when not in sync with next_freq Lv Zheng <lv.zheng(a)intel.com> ACPI / EC: Fix regression related to triggering source of EC event handling Ville Syrjälä <ville.syrjala(a)linux.intel.com> ACPI / PM: Fix acpi_pm_notifier_lock vs flush_workqueue() deadlock Vasily Gorbik <gor(a)linux.vnet.ibm.com> s390/disassembler: increase show_code buffer size Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/disassembler: add missing end marker for e7 table Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/guarded storage: fix possible memory corruption Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/runtime instrumention: fix possible memory corruption Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/noexec: execute kexec datamover without DAT Heiko Carstens <heiko.carstens(a)de.ibm.com> s390: fix transactional execution control register handling ------------- Diffstat: Makefile | 4 +- arch/arm/mm/dump.c | 4 +- arch/arm/mm/init.c | 4 +- arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 8 + arch/arm64/include/asm/pgtable.h | 14 + arch/mips/Kconfig | 2 +- arch/mips/bcm47xx/leds.c | 2 +- arch/mips/boot/dts/brcm/Makefile | 1 - arch/mips/include/asm/asmmacro.h | 16 +- arch/mips/include/asm/cmpxchg.h | 2 + arch/mips/kernel/ptrace.c | 17 ++ arch/mips/kernel/r4k_fpu.S | 20 +- arch/mips/math-emu/cp1emu.c | 28 +- arch/mips/pci/pci-mt7620.c | 2 +- arch/mips/ralink/mt7620.c | 4 +- arch/parisc/kernel/syscall.S | 6 +- arch/powerpc/kernel/exceptions-64s.S | 2 +- arch/powerpc/kernel/signal.c | 2 +- arch/powerpc/kvm/book3s_hv_builtin.c | 12 + arch/powerpc/lib/code-patching.c | 6 +- arch/powerpc/mm/hugetlbpage-radix.c | 26 +- arch/powerpc/mm/mmap.c | 55 ++-- arch/powerpc/mm/mmu_context_book3s64.c | 8 +- arch/powerpc/mm/pgtable-radix.c | 10 + arch/powerpc/mm/slice.c | 50 ++- arch/powerpc/perf/imc-pmu.c | 12 +- arch/s390/include/asm/switch_to.h | 2 +- arch/s390/kernel/dis.c | 5 +- arch/s390/kernel/early.c | 4 +- arch/s390/kernel/guarded_storage.c | 2 + arch/s390/kernel/machine_kexec.c | 1 + arch/s390/kernel/process.c | 1 + arch/s390/kernel/relocate_kernel.S | 3 - arch/s390/kernel/runtime_instr.c | 4 +- arch/x86/entry/entry_64.S | 14 +- arch/x86/events/intel/core.c | 35 ++- arch/x86/kernel/mpparse.c | 6 +- arch/x86/kvm/svm.c | 7 + arch/x86/kvm/vmx.c | 152 ++++++--- arch/x86/lib/x86-opcode-map.txt | 2 +- block/blk-core.c | 2 + block/blk-timeout.c | 3 - drivers/acpi/device_pm.c | 21 +- drivers/acpi/ec.c | 12 +- drivers/ata/libata-eh.c | 2 +- drivers/base/power/opp/of.c | 1 + drivers/block/nbd.c | 26 +- drivers/bluetooth/btqcomsmd.c | 34 +++ drivers/clk/ti/clk-dra7-atl.c | 3 +- drivers/dax/super.c | 3 + drivers/infiniband/core/cm.c | 11 +- drivers/infiniband/core/mad.c | 3 +- drivers/infiniband/core/security.c | 51 ++-- drivers/infiniband/hw/hfi1/chip.c | 35 ++- drivers/infiniband/hw/hfi1/hfi.h | 2 + drivers/infiniband/hw/hfi1/sysfs.c | 2 +- drivers/infiniband/hw/hfi1/vnic_main.c | 7 +- drivers/infiniband/ulp/srp/ib_srp.c | 25 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 9 +- drivers/irqchip/irq-gic-v3.c | 9 +- drivers/mailbox/bcm-flexrm-mailbox.c | 22 +- drivers/md/bcache/alloc.c | 3 +- drivers/md/bitmap.c | 4 +- drivers/md/dm-bufio.c | 15 +- drivers/md/dm-cache-target.c | 86 ++++-- drivers/md/dm-core.h | 3 +- drivers/md/dm-crypt.c | 4 +- drivers/md/dm-integrity.c | 2 +- drivers/md/dm-mpath.c | 2 - drivers/md/dm-table.c | 33 +- drivers/md/dm-zoned-target.c | 13 +- drivers/md/dm.c | 18 +- drivers/md/md.c | 4 +- drivers/md/raid1.c | 24 +- drivers/media/platform/qcom/venus/core.h | 2 - drivers/media/platform/qcom/venus/helpers.c | 7 - drivers/media/platform/qcom/venus/hfi.c | 1 + drivers/media/platform/qcom/venus/hfi_venus.c | 12 +- drivers/media/platform/qcom/venus/vdec.c | 34 ++- drivers/media/platform/qcom/venus/venc.c | 7 +- drivers/media/rc/ir-lirc-codec.c | 9 +- drivers/media/rc/ir-nec-decoder.c | 29 +- drivers/media/usb/as102/as102_fw.c | 28 +- drivers/media/usb/cx231xx/cx231xx-cards.c | 2 +- drivers/media/v4l2-core/v4l2-ctrls.c | 16 +- drivers/mfd/lpc_ich.c | 1 + drivers/mtd/devices/docg3.c | 7 +- drivers/mtd/nand/atmel/nand-controller.c | 1 + drivers/mtd/nand/mtk_ecc.c | 13 +- drivers/mtd/nand/nand_base.c | 10 +- drivers/mtd/nand/nandsim.c | 13 +- drivers/mtd/nand/omap2.c | 339 ++++++++++++++------- drivers/mtd/spi-nor/intel-spi.c | 4 +- drivers/net/ethernet/intel/e1000e/defines.h | 1 + drivers/net/ethernet/intel/e1000e/mac.c | 11 +- drivers/net/ethernet/intel/e1000e/netdev.c | 45 ++- drivers/net/ethernet/intel/e1000e/phy.c | 7 +- drivers/net/ethernet/intel/fm10k/fm10k_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 2 +- drivers/net/ethernet/intel/i40evf/i40e_txrx.c | 2 +- drivers/net/ethernet/intel/igb/igb_main.c | 2 +- drivers/net/ethernet/intel/igbvf/netdev.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 2 +- drivers/net/ethernet/marvell/mvneta.c | 13 +- drivers/net/wireless/intel/iwlwifi/cfg/9000.c | 73 ++++- drivers/net/wireless/intel/iwlwifi/cfg/a000.c | 10 +- drivers/net/wireless/intel/iwlwifi/fw/api/scan.h | 59 +++- drivers/net/wireless/intel/iwlwifi/fw/file.h | 1 + drivers/net/wireless/intel/iwlwifi/iwl-config.h | 5 + drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 6 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 86 ++++-- drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 183 ++++++++--- drivers/net/wireless/intersil/p54/main.c | 7 +- drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8192ee/fw.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8821ae/hw.c | 1 + drivers/nvdimm/dimm.c | 1 + drivers/nvdimm/dimm_devs.c | 7 + drivers/nvdimm/label.c | 2 +- drivers/nvdimm/namespace_devs.c | 2 +- drivers/nvdimm/nd.h | 1 + drivers/nvdimm/pfn_devs.c | 8 + drivers/nvdimm/region_devs.c | 8 +- drivers/pci/host/pci-hyperv.c | 8 +- drivers/pci/pcie/aspm.c | 4 +- drivers/pci/quirks.c | 27 +- drivers/scsi/lpfc/lpfc_attr.c | 6 +- drivers/scsi/lpfc/lpfc_bsg.c | 4 +- drivers/scsi/lpfc/lpfc_els.c | 7 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_init.c | 15 +- drivers/scsi/lpfc/lpfc_nportdisc.c | 2 +- drivers/scsi/lpfc/lpfc_nvmet.c | 15 +- drivers/scsi/lpfc/lpfc_sli.c | 34 ++- drivers/scsi/qla2xxx/qla_os.c | 2 +- drivers/scsi/sd_zbc.c | 6 +- drivers/target/iscsi/iscsi_target.c | 30 +- drivers/target/target_core_pr.c | 1 + drivers/target/target_core_tmr.c | 12 +- drivers/target/target_core_transport.c | 26 +- drivers/tty/serdev/core.c | 19 +- drivers/vhost/scsi.c | 5 +- fs/9p/vfs_inode.c | 3 + fs/9p/vfs_inode_dotl.c | 3 + fs/autofs4/waitq.c | 15 +- fs/btrfs/extent-tree.c | 42 ++- fs/buffer.c | 10 +- fs/crypto/crypto.c | 7 +- fs/dax.c | 6 +- fs/ecryptfs/messaging.c | 7 +- fs/ext4/extents.c | 6 +- fs/ext4/inline.c | 10 - fs/ext4/inode.c | 5 - fs/ext4/ioctl.c | 16 +- fs/ext4/super.c | 5 + fs/f2fs/file.c | 6 + fs/isofs/isofs.h | 2 +- fs/isofs/rock.h | 2 +- fs/isofs/util.c | 2 +- fs/lockd/svc.c | 20 +- fs/nfs/dir.c | 4 +- fs/nfs/file.c | 18 +- fs/nfs/nfs4proc.c | 32 +- fs/nfs/nfs4trace.h | 24 +- fs/nfs/super.c | 2 +- fs/nfsd/nfs4state.c | 25 +- fs/nilfs2/segment.c | 6 +- fs/notify/fanotify/fanotify.c | 33 +- fs/notify/fsnotify.c | 10 +- fs/notify/mark.c | 107 ++++--- fs/overlayfs/namei.c | 2 +- include/linux/genhd.h | 1 + include/linux/irq.h | 11 +- include/net/tls.h | 4 + include/sound/control.h | 4 +- include/target/target_core_base.h | 1 + include/trace/events/sunrpc.h | 17 +- include/uapi/linux/rxrpc.h | 10 +- include/uapi/linux/tls.h | 4 - kernel/irq/manage.c | 13 +- kernel/sched/core.c | 3 +- kernel/sched/cpufreq_schedutil.c | 6 +- kernel/sched/rt.c | 316 +++++++------------ kernel/sched/sched.h | 24 +- kernel/sched/topology.c | 6 + lib/mpi/mpi-pow.c | 2 + mm/z3fold.c | 10 +- net/9p/client.c | 5 +- net/9p/trans_fd.c | 6 +- net/9p/trans_virtio.c | 13 +- net/9p/trans_xen.c | 4 +- net/ceph/crypto.c | 4 +- net/nfc/core.c | 2 +- net/sunrpc/xprtrdma/svc_rdma_backchannel.c | 6 +- sound/core/pcm_lib.c | 6 +- sound/core/timer_compat.c | 12 +- sound/core/vmaster.c | 6 +- sound/hda/hdmi_chmap.c | 2 +- sound/pci/hda/hda_codec.c | 10 +- sound/pci/hda/hda_intel.c | 3 + sound/pci/hda/patch_realtek.c | 5 +- sound/soc/sunxi/sun8i-codec.c | 61 +++- sound/usb/clock.c | 9 +- sound/usb/mixer.c | 15 +- 206 files changed, 2165 insertions(+), 1243 deletions(-)

7 years, 2 months

6
195
0 0

[Linux-stable-mirror] [PATCH AUTOSEL for 4.4 01/32] vti6: Don't report path MTU below IPV6_MIN_MTU.

by alexander.levin＠verizon.com

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit e3dc847a5f85b43ee2bfc8eae407a7e383483228 ] In vti6_xmit(), the check for IPV6_MIN_MTU before we send a ICMPV6_PKT_TOOBIG message is missing. So we might report a PMTU below 1280. Fix this by adding the required check. Fixes: ccd740cbc6e ("vti6: Add pmtu handling to vti6_xmit.") Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> --- net/ipv6/ip6_vti.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c index 7ebb14def2cb..24140e85067c 100644 --- a/net/ipv6/ip6_vti.c +++ b/net/ipv6/ip6_vti.c @@ -474,11 +474,15 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl) if (!skb->ignore_df && skb->len > mtu) { skb_dst(skb)->ops->update_pmtu(dst, NULL, skb, mtu); - if (skb->protocol == htons(ETH_P_IPV6)) + if (skb->protocol == htons(ETH_P_IPV6)) { + if (mtu < IPV6_MIN_MTU) + mtu = IPV6_MIN_MTU; + icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); - else + } else { icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu)); + } return -EMSGSIZE; } -- 2.11.0

7 years, 2 months

1
31
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror