- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] Init panic in 4.4 PTI backports with CONFIG_PARAVIRT_CLOCK=y

by Jamie Iles

Hi Greg, Another panic in the 4.4 PTI backports with CONFIG_PARAVIRT_CLOCK=y: [ 83.008457] init[1]: segfault at ffffffffff5ff0c0 ip 00007ffdcbf609c5 sp 00007ffdcbeb2fa0 error 5 [ 83.012895] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b [ 83.012895] [ 83.013764] CPU: 3 PID: 1 Comm: init Not tainted 4.4.110-rc1+ #84 [ 83.014345] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.1-1ubuntu1 04/01/2014 [ 83.015219] ffff880119207b68 ffff8801191579b8 ffffffff8159b31d ffffffff820441c0 [ 83.015981] ffff880119157a90 ffff880119157a80 ffffffff8120cc1a 0000000041b58ab3 [ 83.016724] ffffffff825a770d ffffffff8120cae0 ffff8801191487b8 0000000000000010 [ 83.017464] Call Trace: [ 83.017708] [<ffffffff8159b31d>] dump_stack+0x86/0xc9 [ 83.018197] [<ffffffff8120cc1a>] panic+0x13a/0x283 [ 83.018695] [<ffffffff8120cae0>] ? set_ti_thread_flag+0xf/0xf [ 83.019259] [<ffffffff81109a52>] ? mark_held_locks+0x22/0xb0 [ 83.019802] [<ffffffff81e6bfec>] ? _raw_write_unlock_irq+0x2c/0x40 [ 83.020391] [<ffffffff810964ef>] do_exit+0x96f/0x1480 [ 83.020885] [<ffffffff81095b80>] ? release_task+0x8e0/0x8e0 [ 83.021437] [<ffffffff81109d48>] ? trace_hardirqs_on_caller+0x268/0x2a0 [ 83.022089] [<ffffffff8109932a>] do_group_exit+0xda/0x160 [ 83.022607] [<ffffffff810ad7b3>] get_signal+0xa93/0xba0 [ 83.023132] [<ffffffff81109a52>] ? mark_held_locks+0x22/0xb0 [ 83.023684] [<ffffffff81007e31>] do_signal+0x91/0xab0 [ 83.024171] [<ffffffff8107abaf>] ? force_sig_info_fault.constprop.19+0xef/0x120 [ 83.024887] [<ffffffff81007da0>] ? setup_sigcontext+0x270/0x270 [ 83.025450] [<ffffffff8107aac0>] ? is_prefetch.isra.16+0x260/0x260 [ 83.026041] [<ffffffff8120d3c2>] ? printk+0x99/0xb5 [ 83.026520] [<ffffffff8120d329>] ? power_down+0xa9/0xa9 [ 83.027057] [<ffffffff811027df>] ? up_read+0x1f/0x40 [ 83.027559] [<ffffffff8120d3c2>] ? printk+0x99/0xb5 [ 83.028030] [<ffffffff8107bb55>] ? __bad_area_nosemaphore+0x265/0x2a0 [ 83.028647] [<ffffffff81109a52>] ? mark_held_locks+0x22/0xb0 [ 83.029199] [<ffffffff810023a2>] ? exit_to_usermode_loop+0x52/0xd0 [ 83.029789] [<ffffffff810023c3>] exit_to_usermode_loop+0x73/0xd0 [ 83.030365] [<ffffffff81003840>] prepare_exit_to_usermode+0x60/0x80 [ 83.031067] [<ffffffff81e6cfc8>] retint_user+0x8/0x3c [ 83.031699] Kernel Offset: disabled [ 83.032067] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b [ 83.032067] This one is from the PVCLOCK_FIXMAP_BEGIN fixmap page, and I can fix it by additionally picking: 6b078f5de7fc (x86, vdso, pvclock: Simplify and speed up the vdso pvclock reader) dac16fba6fc5 (x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap) onto the stable-rc linux-4.4.y branch. Thanks, Jamie

7 years, 3 months

2
1
0 0

[Linux-stable-mirror] [PATCH 4.14 00/14] 4.14.12-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.12 release. There are 14 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Jan 6 12:08:52 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.12-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.12-rc1 Troy Kisky <troy.kisky(a)boundarydevices.com> rtc: m41t80: remove unneeded checks from m41t80_sqw_set_rate Troy Kisky <troy.kisky(a)boundarydevices.com> rtc: m41t80: avoid i2c read in m41t80_sqw_is_prepared Troy Kisky <troy.kisky(a)boundarydevices.com> rtc: m41t80: avoid i2c read in m41t80_sqw_recalc_rate Troy Kisky <troy.kisky(a)boundarydevices.com> rtc: m41t80: fix m41t80_sqw_round_rate return value Troy Kisky <troy.kisky(a)boundarydevices.com> rtc: m41t80: m41t80_sqw_set_rate should return 0 on success Steffen Klassert <steffen.klassert(a)secunet.com> Revert "xfrm: Fix stack-out-of-bounds read in xfrm_state_find." Nick Desaulniers <ndesaulniers(a)google.com> x86/process: Define cpu_tss_rw in same section as declaration Thomas Gleixner <tglx(a)linutronix.de> x86/pti: Switch to kernel CR3 at early in entry_SYSCALL_compat() Josh Poimboeuf <jpoimboe(a)redhat.com> x86/dumpstack: Print registers for first stack frame Josh Poimboeuf <jpoimboe(a)redhat.com> x86/dumpstack: Fix partial register dumps Thomas Gleixner <tglx(a)linutronix.de> x86/pti: Make sure the user/kernel PTEs match Tom Lendacky <thomas.lendacky(a)amd.com> x86/cpu, x86/pti: Do not enable PTI on AMD processors Eric Biggers <ebiggers(a)google.com> capabilities: fix buffer overread on very short xattr Kees Cook <keescook(a)chromium.org> exec: Weaken dumpability for secureexec ------------- Diffstat: Makefile | 4 +- arch/x86/entry/entry_64_compat.S | 13 +++---- arch/x86/include/asm/unwind.h | 17 ++++++-- arch/x86/kernel/cpu/common.c | 4 +- arch/x86/kernel/dumpstack.c | 31 ++++++++++----- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/stacktrace.c | 2 +- arch/x86/mm/pti.c | 3 +- drivers/rtc/rtc-m41t80.c | 84 ++++++++++++++++++---------------------- fs/exec.c | 9 ++++- net/xfrm/xfrm_policy.c | 29 ++++++++------ security/commoncap.c | 21 +++++----- 12 files changed, 120 insertions(+), 99 deletions(-)

7 years, 3 months

4
17
0 0

[Linux-stable-mirror] [PATCH 4.9 00/39] 4.9.75-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.75 release. There are 39 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Jan 5 19:50:44 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.75-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.75-rc1 Kees Cook <keescook(a)chromium.org> KPTI: Report when enabled Kees Cook <keescook(a)chromium.org> KPTI: Rename to PAGE_TABLE_ISOLATION Borislav Petkov <bp(a)suse.de> x86/kaiser: Move feature detection up Jiri Kosina <jkosina(a)suse.cz> kaiser: disabled on Xen PV Borislav Petkov <bp(a)suse.de> x86/kaiser: Reenable PARAVIRT Thomas Gleixner <tglx(a)linutronix.de> x86/paravirt: Dont patch flush_tlb_single Hugh Dickins <hughd(a)google.com> kaiser: kaiser_flush_tlb_on_return_to_user() check PCID Hugh Dickins <hughd(a)google.com> kaiser: asm/tlbflush.h handle noPGE at lower level Hugh Dickins <hughd(a)google.com> kaiser: drop is_atomic arg to kaiser_pagetable_walk() Hugh Dickins <hughd(a)google.com> kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush Borislav Petkov <bp(a)suse.de> x86/kaiser: Check boottime cmdline params Borislav Petkov <bp(a)suse.de> x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling Hugh Dickins <hughd(a)google.com> kaiser: add "nokaiser" boot option, using ALTERNATIVE Hugh Dickins <hughd(a)google.com> kaiser: fix unlikely error in alloc_ldt_struct() Hugh Dickins <hughd(a)google.com> kaiser: kaiser_remove_mapping() move along the pgd Hugh Dickins <hughd(a)google.com> kaiser: paranoid_entry pass cr3 need to paranoid_exit Hugh Dickins <hughd(a)google.com> kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user Hugh Dickins <hughd(a)google.com> kaiser: PCID 0 for kernel and 128 for user Hugh Dickins <hughd(a)google.com> kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user Hugh Dickins <hughd(a)google.com> kaiser: enhanced by kernel and user PCIDs Hugh Dickins <hughd(a)google.com> kaiser: vmstat show NR_KAISERTABLE as nr_overhead Hugh Dickins <hughd(a)google.com> kaiser: delete KAISER_REAL_SWITCH option Hugh Dickins <hughd(a)google.com> kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET Hugh Dickins <hughd(a)google.com> kaiser: cleanups while trying for gold link Hugh Dickins <hughd(a)google.com> kaiser: align addition to x86/mm/Makefile Hugh Dickins <hughd(a)google.com> kaiser: tidied up kaiser_add/remove_mapping slightly Hugh Dickins <hughd(a)google.com> kaiser: tidied up asm/kaiser.h somewhat Hugh Dickins <hughd(a)google.com> kaiser: ENOMEM if kaiser_pagetable_walk() NULL Hugh Dickins <hughd(a)google.com> kaiser: fix perf crashes Hugh Dickins <hughd(a)google.com> kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER Hugh Dickins <hughd(a)google.com> kaiser: KAISER depends on SMP Hugh Dickins <hughd(a)google.com> kaiser: fix build and FIXME in alloc_ldt_struct() Hugh Dickins <hughd(a)google.com> kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE Hugh Dickins <hughd(a)google.com> kaiser: do not set _PAGE_NX on pgd_none Dave Hansen <dave.hansen(a)linux.intel.com> kaiser: merged update Richard Fellner <richard.fellner(a)student.tugraz.at> KAISER: Kernel Address Isolation Tom Lendacky <thomas.lendacky(a)amd.com> x86/boot: Add early cmdline parsing for options with arguments Neal Cardwell <ncardwell(a)google.com> tcp_bbr: reset long-term bandwidth sampling on loss recovery undo Neal Cardwell <ncardwell(a)google.com> tcp_bbr: reset full pipe detection on loss recovery undo ------------- Diffstat: Documentation/kernel-parameters.txt | 8 + Makefile | 4 +- arch/x86/boot/compressed/misc.h | 1 + arch/x86/entry/entry_64.S | 163 ++++++++-- arch/x86/entry/entry_64_compat.S | 8 +- arch/x86/events/intel/ds.c | 57 +++- arch/x86/include/asm/cmdline.h | 2 + arch/x86/include/asm/cpufeatures.h | 4 + arch/x86/include/asm/desc.h | 2 +- arch/x86/include/asm/hw_irq.h | 2 +- arch/x86/include/asm/kaiser.h | 141 +++++++++ arch/x86/include/asm/pgtable.h | 28 +- arch/x86/include/asm/pgtable_64.h | 25 +- arch/x86/include/asm/pgtable_types.h | 29 +- arch/x86/include/asm/processor.h | 2 +- arch/x86/include/asm/tlbflush.h | 74 ++++- arch/x86/include/uapi/asm/processor-flags.h | 3 +- arch/x86/kernel/cpu/common.c | 28 +- arch/x86/kernel/espfix_64.c | 10 + arch/x86/kernel/head_64.S | 35 ++- arch/x86/kernel/irqinit.c | 2 +- arch/x86/kernel/ldt.c | 25 +- arch/x86/kernel/paravirt_patch_64.c | 2 - arch/x86/kernel/process.c | 2 +- arch/x86/kernel/setup.c | 7 + arch/x86/kernel/tracepoint.c | 2 + arch/x86/kvm/x86.c | 3 +- arch/x86/lib/cmdline.c | 105 +++++++ arch/x86/mm/Makefile | 4 +- arch/x86/mm/init.c | 2 +- arch/x86/mm/init_64.c | 10 + arch/x86/mm/kaiser.c | 454 ++++++++++++++++++++++++++++ arch/x86/mm/kaslr.c | 4 +- arch/x86/mm/pageattr.c | 63 +++- arch/x86/mm/pgtable.c | 12 +- arch/x86/mm/tlb.c | 39 ++- include/asm-generic/vmlinux.lds.h | 7 + include/linux/kaiser.h | 52 ++++ include/linux/mmzone.h | 3 +- include/linux/percpu-defs.h | 32 +- init/main.c | 2 + kernel/fork.c | 6 + mm/vmstat.c | 1 + net/ipv4/tcp_bbr.c | 5 + security/Kconfig | 10 + tools/arch/x86/include/asm/cpufeatures.h | 3 + 46 files changed, 1382 insertions(+), 101 deletions(-)

7 years, 3 months

5
44
0 0

[Linux-stable-mirror] [PATCH] iwlwifi: pcie: fix DMA memory mapping / unmapping

by Emmanuel Grumbach

22000 devices (previously referenced as A000) can support short transmit queues. This means that we have less DMA descriptors (TFD) for those shorter queues. Previous devices must still have 256 TFDs for each queue even if those 256 TFDs point to fewer buffers. When I introduced support for the short queues for 22000 I broke older devices by assuming that they can also have less TFDs in their queues. This led to several problems: 1) the payload of the commands weren't unmapped properly which caused the SWIOTLB to complain at some point. 2) the hardware could get confused and we get hardware crashes. The corresponding bugzilla entries are: https://bugzilla.kernel.org/show_bug.cgi?id=198201 https://bugzilla.kernel.org/show_bug.cgi?id=198265 Cc: stable(a)vger.kernel.org # 4.14+ Fixes: 4ecab5616023 ("iwlwifi: pcie: support short Tx queues for A000 device family") Reviewed-by: Sharon, Sara <sara.sharon(a)intel.com> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> --- Hi Kalle, Luca is on vacation is 4.15 will be closed soon. I am fixing here a bug that caused much troube on our side. There are two bugzillas on it. Users on both bugs validated this fix. Please apply this on wireless-drivers.git directly and I'll sync with Luca when he'll be back. Thank you! --- drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 10 +++++++--- drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c | 11 +++-------- drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 8 ++++---- 3 files changed, 14 insertions(+), 15 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/internal.h b/drivers/net/wireless/intel/iwlwifi/pcie/internal.h index d749abeca3ae..403e65c309d0 100644 --- a/drivers/net/wireless/intel/iwlwifi/pcie/internal.h +++ b/drivers/net/wireless/intel/iwlwifi/pcie/internal.h @@ -670,11 +670,15 @@ static inline u8 iwl_pcie_get_cmd_index(struct iwl_txq *q, u32 index) return index & (q->n_window - 1); } -static inline void *iwl_pcie_get_tfd(struct iwl_trans_pcie *trans_pcie, +static inline void *iwl_pcie_get_tfd(struct iwl_trans *trans, struct iwl_txq *txq, int idx) { - return txq->tfds + trans_pcie->tfd_size * iwl_pcie_get_cmd_index(txq, - idx); + struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans); + + if (trans->cfg->use_tfh) + idx = iwl_pcie_get_cmd_index(txq, idx); + + return txq->tfds + trans_pcie->tfd_size * idx; } static inline void iwl_enable_rfkill_int(struct iwl_trans *trans) diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c b/drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c index 16b345f54ff0..6d0a907d5ba5 100644 --- a/drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c +++ b/drivers/net/wireless/intel/iwlwifi/pcie/tx-gen2.c @@ -171,8 +171,6 @@ static void iwl_pcie_gen2_tfd_unmap(struct iwl_trans *trans, static void iwl_pcie_gen2_free_tfd(struct iwl_trans *trans, struct iwl_txq *txq) { - struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans); - /* rd_ptr is bounded by TFD_QUEUE_SIZE_MAX and * idx is bounded by n_window */ @@ -181,7 +179,7 @@ static void iwl_pcie_gen2_free_tfd(struct iwl_trans *trans, struct iwl_txq *txq) lockdep_assert_held(&txq->lock); iwl_pcie_gen2_tfd_unmap(trans, &txq->entries[idx].meta, - iwl_pcie_get_tfd(trans_pcie, txq, idx)); + iwl_pcie_get_tfd(trans, txq, idx)); /* free SKB */ if (txq->entries) { @@ -364,11 +362,9 @@ struct iwl_tfh_tfd *iwl_pcie_gen2_build_tfd(struct iwl_trans *trans, struct sk_buff *skb, struct iwl_cmd_meta *out_meta) { - struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans); struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; int idx = iwl_pcie_get_cmd_index(txq, txq->write_ptr); - struct iwl_tfh_tfd *tfd = - iwl_pcie_get_tfd(trans_pcie, txq, idx); + struct iwl_tfh_tfd *tfd = iwl_pcie_get_tfd(trans, txq, idx); dma_addr_t tb_phys; bool amsdu; int i, len, tb1_len, tb2_len, hdr_len; @@ -565,8 +561,7 @@ static int iwl_pcie_gen2_enqueue_hcmd(struct iwl_trans *trans, u8 group_id = iwl_cmd_groupid(cmd->id); const u8 *cmddata[IWL_MAX_CMD_TBS_PER_TFD]; u16 cmdlen[IWL_MAX_CMD_TBS_PER_TFD]; - struct iwl_tfh_tfd *tfd = - iwl_pcie_get_tfd(trans_pcie, txq, txq->write_ptr); + struct iwl_tfh_tfd *tfd = iwl_pcie_get_tfd(trans, txq, txq->write_ptr); memset(tfd, 0, sizeof(*tfd)); diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/tx.c b/drivers/net/wireless/intel/iwlwifi/pcie/tx.c index fed6d842a5e1..3f85713c41dc 100644 --- a/drivers/net/wireless/intel/iwlwifi/pcie/tx.c +++ b/drivers/net/wireless/intel/iwlwifi/pcie/tx.c @@ -373,7 +373,7 @@ static void iwl_pcie_tfd_unmap(struct iwl_trans *trans, { struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans); int i, num_tbs; - void *tfd = iwl_pcie_get_tfd(trans_pcie, txq, index); + void *tfd = iwl_pcie_get_tfd(trans, txq, index); /* Sanity check on number of chunks */ num_tbs = iwl_pcie_tfd_get_num_tbs(trans, tfd); @@ -2018,7 +2018,7 @@ static int iwl_fill_data_tbs(struct iwl_trans *trans, struct sk_buff *skb, } trace_iwlwifi_dev_tx(trans->dev, skb, - iwl_pcie_get_tfd(trans_pcie, txq, txq->write_ptr), + iwl_pcie_get_tfd(trans, txq, txq->write_ptr), trans_pcie->tfd_size, &dev_cmd->hdr, IWL_FIRST_TB_SIZE + tb1_len, hdr_len); @@ -2092,7 +2092,7 @@ static int iwl_fill_data_tbs_amsdu(struct iwl_trans *trans, struct sk_buff *skb, IEEE80211_CCMP_HDR_LEN : 0; trace_iwlwifi_dev_tx(trans->dev, skb, - iwl_pcie_get_tfd(trans_pcie, txq, txq->write_ptr), + iwl_pcie_get_tfd(trans, txq, txq->write_ptr), trans_pcie->tfd_size, &dev_cmd->hdr, IWL_FIRST_TB_SIZE + tb1_len, 0); @@ -2425,7 +2425,7 @@ int iwl_trans_pcie_tx(struct iwl_trans *trans, struct sk_buff *skb, memcpy(&txq->first_tb_bufs[txq->write_ptr], &dev_cmd->hdr, IWL_FIRST_TB_SIZE); - tfd = iwl_pcie_get_tfd(trans_pcie, txq, txq->write_ptr); + tfd = iwl_pcie_get_tfd(trans, txq, txq->write_ptr); /* Set up entry for this TFD in Tx byte-count array */ iwl_pcie_txq_update_byte_cnt_tbl(trans, txq, le16_to_cpu(tx_cmd->len), iwl_pcie_tfd_get_num_tbs(trans, tfd)); -- 2.9.3

7 years, 3 months

2
2
0 0

[Linux-stable-mirror] [PATCH] crypto: algapi - fix NULL dereference in crypto_remove_spawns()

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> syzkaller triggered a NULL pointer dereference in crypto_remove_spawns() via a program that repeatedly and concurrently requests AEADs "authenc(cmac(des3_ede-asm),pcbc-aes-aesni)" and hashes "cmac(des3_ede)" through AF_ALG, where the hashes are requested as "untested" (CRYPTO_ALG_TESTED is set in ->salg_mask but clear in ->salg_feat; this causes the template to be instantiated for every request). Although AF_ALG users really shouldn't be able to request an "untested" algorithm, the NULL pointer dereference is actually caused by a longstanding race condition where crypto_remove_spawns() can encounter an instance which has had spawn(s) "grabbed" but hasn't yet been registered, resulting in ->cra_users still being NULL. We probably should properly initialize ->cra_users earlier, but that would require updating many templates individually. For now just fix the bug in a simple way that can easily be backported: make crypto_remove_spawns() treat a NULL ->cra_users list as empty. Reported-by: syzbot <syzkaller(a)googlegroups.com> Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- crypto/algapi.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/crypto/algapi.c b/crypto/algapi.c index 9895cafcce7e..395b082d03a9 100644 --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -166,6 +166,18 @@ void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list, spawn->alg = NULL; spawns = &inst->alg.cra_users; + + /* + * We may encounter an unregistered instance here, since + * an instance's spawns are set up prior to the instance + * being registered. An unregistered instance will have + * NULL ->cra_users.next, since ->cra_users isn't + * properly initialized until registration. But an + * unregistered instance cannot have any users, so treat + * it the same as ->cra_users being empty. + */ + if (spawns->next == NULL) + break; } } while ((spawns = crypto_more_spawns(alg, &stack, &top, &secondary_spawns))); -- 2.15.1

7 years, 3 months

2
1
0 0

Re: [Linux-stable-mirror] [PATCH 4.14 00/14] 4.14.12-stable review

by Greg Kroah-Hartman

On Thu, Jan 04, 2018 at 04:12:31PM -0800, Kevin Hilman wrote: > kernelci.org bot <bot(a)kernelci.org> writes: > > > stable-rc/linux-4.14.y boot: 118 boots: 4 failed, 113 passed with 1 offline (v4.14.11-15-g732141e47ee6) > > > > Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.14.y/kernel/v4.1… > > Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.14.y/kernel/v4.14.11-15… > > > > Tree: stable-rc > > Branch: linux-4.14.y > > Git Describe: v4.14.11-15-g732141e47ee6 > > Git Commit: 732141e47ee614d70aeb8ad828a977ad19447e87 > > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git > > Tested: 68 unique boards, 23 SoC families, 16 builds out of 185 > > > > Boot Regressions Detected: > > TL;DR; All is well. Thanks for the summary of all of these, and for your continued testing. greg k-h

7 years, 3 months

1
0
0 0

[Linux-stable-mirror] [PATCH] drm/i915: forward hotplug events again

by Rodrigo Vivi

As mentioned on commit '88be58be886f ("drm/i915/fbdev: Always forward hotplug events") we have real valid cases of hotplugs where fbdev is not fully setup yet. Unfortunately this remove the checkpoint after the sync point. So probably we can live without it. Or we need a more robust serialization. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=104158 Fixes: a45b30a6c5db ("drm/i915/fbdev: Serialise early hotplug events with async fbdev config") Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Lukas Wunner <lukas(a)wunner.de> Cc: jrg2718(a)gmail.com Cc: stable(a)vger.kernel.org Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> --- drivers/gpu/drm/i915/intel_fbdev.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_fbdev.c b/drivers/gpu/drm/i915/intel_fbdev.c index da48af11eb6b..7a6069b389f2 100644 --- a/drivers/gpu/drm/i915/intel_fbdev.c +++ b/drivers/gpu/drm/i915/intel_fbdev.c @@ -801,8 +801,7 @@ void intel_fbdev_output_poll_changed(struct drm_device *dev) return; intel_fbdev_sync(ifbdev); - if (ifbdev->vma) - drm_fb_helper_hotplug_event(&ifbdev->helper); + drm_fb_helper_hotplug_event(&ifbdev->helper); } void intel_fbdev_restore_mode(struct drm_device *dev) -- 2.13.6

7 years, 3 months

2
1
0 0

Re: [Linux-stable-mirror] [Intel-gfx] [PATCH] drm/i915: Whitelist SLICE_COMMON_ECO_CHICKEN1 on Geminilake.

by Rodrigo Vivi

On Thu, Jan 04, 2018 at 11:39:23PM +0000, Kenneth Graunke wrote: > On Thursday, January 4, 2018 1:23:06 PM PST Chris Wilson wrote: > > Quoting Kenneth Graunke (2018-01-04 19:38:05) > > > Geminilake requires the 3D driver to select whether barriers are > > > intended for compute shaders, or tessellation control shaders, by > > > whacking a "Barrier Mode" bit in SLICE_COMMON_ECO_CHICKEN1 when > > > switching pipelines. Failure to do this properly can result in GPU > > > hangs. > > > > > > Unfortunately, this means it needs to switch mid-batch, so only > > > userspace can properly set it. To facilitate this, the kernel needs > > > to whitelist the register. > > > > > > Signed-off-by: Kenneth Graunke <kenneth(a)whitecape.org> > > > Cc: stable(a)vger.kernel.org > > > --- > > > drivers/gpu/drm/i915/i915_reg.h | 2 ++ > > > drivers/gpu/drm/i915/intel_engine_cs.c | 5 +++++ > > > 2 files changed, 7 insertions(+) > > > > > > Hello, > > > > > > We unfortunately need to whitelist an extra register for GPU hang fix > > > on Geminilake. Here's the corresponding Mesa patch: > > > > Thankfully it appears to be context saved. Has a w/a name been assigned > > for this? > > -Chris > > There doesn't appear to be one. The workaround page lists it, but there > is no name. The register description has a note saying that you need to > set this, but doesn't call it out as a workaround. It mentions only BXT:ALL, but not mention to GLK. Should we add to both then? > > That's why I put a generic comment, rather than the name. On Display side we started using the row name for this case, to help easily finding this later. ex: "Display WA #0390: skl,kbl" The number for this apparently is: WA #0862 Maybe we could use this one to start /* GT WA #0862: bxt,glk */ GT? GEM? Unnamed WA #0862? Thanks, Rodrigo. > > --Ken > _______________________________________________ > Intel-gfx mailing list > Intel-gfx(a)lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/intel-gfx

7 years, 3 months

1
0
0 0

[Linux-stable-mirror] [patch 8/9] userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails

by akpm＠linux-foundation.org

From: Andrea Arcangeli <aarcange(a)redhat.com> Subject: userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails The previous fix 384632e67e0829 ("userfaultfd: non-cooperative: fix fork use after free") corrected the refcounting in case of UFFD_EVENT_FORK failure for the fork userfault paths. That still didn't clear the vma->vm_userfaultfd_ctx of the vmas that were set to point to the aborted new uffd ctx earlier in dup_userfaultfd. Link: http://lkml.kernel.org/r/20171223002505.593-2-aarcange@redhat.com Signed-off-by: Andrea Arcangeli <aarcange(a)redhat.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Reviewed-by: Mike Rapoport <rppt(a)linux.vnet.ibm.com> Cc: Eric Biggers <ebiggers3(a)gmail.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/userfaultfd.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff -puN fs/userfaultfd.c~userfaultfd-clear-the-vma-vm_userfaultfd_ctx-if-uffd_event_fork-fails fs/userfaultfd.c --- a/fs/userfaultfd.c~userfaultfd-clear-the-vma-vm_userfaultfd_ctx-if-uffd_event_fork-fails +++ a/fs/userfaultfd.c @@ -570,11 +570,14 @@ out: static void userfaultfd_event_wait_completion(struct userfaultfd_ctx *ctx, struct userfaultfd_wait_queue *ewq) { + struct userfaultfd_ctx *release_new_ctx; + if (WARN_ON_ONCE(current->flags & PF_EXITING)) goto out; ewq->ctx = ctx; init_waitqueue_entry(&ewq->wq, current); + release_new_ctx = NULL; spin_lock(&ctx->event_wqh.lock); /* @@ -601,8 +604,7 @@ static void userfaultfd_event_wait_compl new = (struct userfaultfd_ctx *) (unsigned long) ewq->msg.arg.reserved.reserved1; - - userfaultfd_ctx_put(new); + release_new_ctx = new; } break; } @@ -617,6 +619,20 @@ static void userfaultfd_event_wait_compl __set_current_state(TASK_RUNNING); spin_unlock(&ctx->event_wqh.lock); + if (release_new_ctx) { + struct vm_area_struct *vma; + struct mm_struct *mm = release_new_ctx->mm; + + /* the various vma->vm_userfaultfd_ctx still points to it */ + down_write(&mm->mmap_sem); + for (vma = mm->mmap; vma; vma = vma->vm_next) + if (vma->vm_userfaultfd_ctx.ctx == release_new_ctx) + vma->vm_userfaultfd_ctx = NULL_VM_UFFD_CTX; + up_write(&mm->mmap_sem); + + userfaultfd_ctx_put(release_new_ctx); + } + /* * ctx may go away after this if the userfault pseudo fd is * already released. _

7 years, 3 months

1
0
0 0

[Linux-stable-mirror] [patch 7/9] mm/sparse.c: wrong allocation for mem_section

by akpm＠linux-foundation.org

From: Baoquan He <bhe(a)redhat.com> Subject: mm/sparse.c: wrong allocation for mem_section In 83e3c48729 ("mm/sparsemem: Allocate mem_section at runtime for CONFIG_SPARSEMEM_EXTREME=y") mem_section is allocated at runtime to save memory. While it allocates the first dimension of array with sizeof(struct mem_section). It costs extra memory, should be sizeof(struct mem_section*). Fix it. Link: http://lkml.kernel.org/r/1513932498-20350-1-git-send-email-bhe@redhat.com Fixes: 83e3c48729 ("mm/sparsemem: Allocate mem_section at runtime for CONFIG_SPARSEMEM_EXTREME=y") Signed-off-by: Baoquan He <bhe(a)redhat.com> Tested-by: Dave Young <dyoung(a)redhat.com> Acked-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Atsushi Kumagai <ats-kumagai(a)wm.jp.nec.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/sparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN mm/sparse.c~mm-sparsec-wrong-allocation-for-mem_section mm/sparse.c --- a/mm/sparse.c~mm-sparsec-wrong-allocation-for-mem_section +++ a/mm/sparse.c @@ -211,7 +211,7 @@ void __init memory_present(int nid, unsi if (unlikely(!mem_section)) { unsigned long size, align; - size = sizeof(struct mem_section) * NR_SECTION_ROOTS; + size = sizeof(struct mem_section*) * NR_SECTION_ROOTS; align = 1 << (INTERNODE_CACHE_SHIFT); mem_section = memblock_virt_alloc(size, align); } _

7 years, 3 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror