- Linux-stable-mirror - lists.linaro.org

[PATCH] KVM: SVM: Fix redundant updates of LBR MSR intercepts

by Yosry Ahmed

svm_update_lbrv() always updates LBR MSRs intercepts, even when they are already set correctly. This results in force_msr_bitmap_recalc always being set to true on every nested transition, essentially undoing the hyperv optimization in nested_svm_merge_msrpm(). Fix it by keeping track of whether LBR MSRs are intercepted or not and only doing the update if needed, similar to x2avic_msrs_intercepted. Avoid using svm_test_msr_bitmap_*() to check the status of the intercepts, as an arbitrary MSR will need to be chosen as a representative of all LBR MSRs, and this could theoretically break if some of the MSRs intercepts are handled differently from the rest. Also, using svm_test_msr_bitmap_*() makes backports difficult as it was only recently introduced with no direct alternatives in older kernels. Fixes: fbe5e5f030c2 ("KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv()") Cc: stable(a)vger.kernel.org Signed-off-by: Yosry Ahmed <yosry.ahmed(a)linux.dev> --- arch/x86/kvm/svm/svm.c | 9 ++++++++- arch/x86/kvm/svm/svm.h | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 10c21e4c5406f..9d29b2e7e855d 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -705,7 +705,11 @@ void *svm_alloc_permissions_map(unsigned long size, gfp_t gfp_mask) static void svm_recalc_lbr_msr_intercepts(struct kvm_vcpu *vcpu) { - bool intercept = !(to_svm(vcpu)->vmcb->control.virt_ext & LBR_CTL_ENABLE_MASK); + struct vcpu_svm *svm = to_svm(vcpu); + bool intercept = !(svm->vmcb->control.virt_ext & LBR_CTL_ENABLE_MASK); + + if (intercept == svm->lbr_msrs_intercepted) + return; svm_set_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHFROMIP, MSR_TYPE_RW, intercept); svm_set_intercept_for_msr(vcpu, MSR_IA32_LASTBRANCHTOIP, MSR_TYPE_RW, intercept); @@ -714,6 +718,8 @@ static void svm_recalc_lbr_msr_intercepts(struct kvm_vcpu *vcpu) if (sev_es_guest(vcpu->kvm)) svm_set_intercept_for_msr(vcpu, MSR_IA32_DEBUGCTLMSR, MSR_TYPE_RW, intercept); + + svm->lbr_msrs_intercepted = intercept; } void svm_vcpu_free_msrpm(void *msrpm) @@ -1221,6 +1227,7 @@ static int svm_vcpu_create(struct kvm_vcpu *vcpu) } svm->x2avic_msrs_intercepted = true; + svm->lbr_msrs_intercepted = true; svm->vmcb01.ptr = page_address(vmcb01_page); svm->vmcb01.pa = __sme_set(page_to_pfn(vmcb01_page) << PAGE_SHIFT); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index c856d8e0f95e7..dd78e64023450 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -336,6 +336,7 @@ struct vcpu_svm { bool guest_state_loaded; bool x2avic_msrs_intercepted; + bool lbr_msrs_intercepted; /* Guest GIF value, used when vGIF is not enabled */ bool guest_gif; base-commit: 8a4821412cf2c1429fffa07c012dd150f2edf78c -- 2.51.2.1041.gc1ab5b90ca-goog

1 hour, 11 minutes

3
4
0 0

[PATCH] block: rate-limit capacity change info log

by Li Chen

From: Li Chen <chenl311(a)chinatelecom.cn> loop devices under heavy stress-ng loop streessor can trigger many capacity change events in a short time. Each event prints an info message from set_capacity_and_notify(), flooding the console and contributing to soft lockups on slow consoles. Switch the printk in set_capacity_and_notify() to pr_info_ratelimited() so frequent capacity changes do not spam the log while still reporting occasional changes. Cc: stable(a)vger.kernel.org Signed-off-by: Li Chen <chenl311(a)chinatelecom.cn> --- block/genhd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/genhd.c b/block/genhd.c index 9bbc38d12792..bd3a6841e5b5 100644 --- a/block/genhd.c +++ b/block/genhd.c @@ -90,7 +90,7 @@ bool set_capacity_and_notify(struct gendisk *disk, sector_t size) (disk->flags & GENHD_FL_HIDDEN)) return false; - pr_info("%s: detected capacity change from %lld to %lld\n", + pr_info_ratelimited("%s: detected capacity change from %lld to %lld\n", disk->disk_name, capacity, size); /* -- 2.51.0

1 hour, 18 minutes

4
3
0 0

[PATCH] iommu/omap: Fix error handling in omap_iommu_probe_device

by Ma Ke

omap_iommu_probe_device() calls of_find_device_by_node() which increments the reference count of the platform device, but fails to decrement the reference count in both success and error paths. This could lead to resource leakage and prevent proper device cleanup when the IOMMU is unbound or the device is removed. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 9d5018deec86 ("iommu/omap: Add support to program multiple iommus") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/iommu/omap-iommu.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/drivers/iommu/omap-iommu.c b/drivers/iommu/omap-iommu.c index 5c6f5943f44b..4df06cb09623 100644 --- a/drivers/iommu/omap-iommu.c +++ b/drivers/iommu/omap-iommu.c @@ -1637,6 +1637,7 @@ static struct iommu_device *omap_iommu_probe_device(struct device *dev) struct omap_iommu *oiommu; struct device_node *np; int num_iommus, i; + int ret = 0; /* * Allocate the per-device iommu structure for DT-based devices. @@ -1663,28 +1664,26 @@ static struct iommu_device *omap_iommu_probe_device(struct device *dev) for (i = 0, tmp = arch_data; i < num_iommus; i++, tmp++) { np = of_parse_phandle(dev->of_node, "iommus", i); if (!np) { - kfree(arch_data); - return ERR_PTR(-EINVAL); + ret = -EINVAL; + goto err_cleanup; } pdev = of_find_device_by_node(np); + of_node_put(np); if (!pdev) { - of_node_put(np); - kfree(arch_data); - return ERR_PTR(-ENODEV); + ret = -ENODEV; + goto err_cleanup; } oiommu = platform_get_drvdata(pdev); if (!oiommu) { - of_node_put(np); - kfree(arch_data); - return ERR_PTR(-EINVAL); + put_device(&pdev->dev); + ret = -EINVAL; + goto err_cleanup; } tmp->iommu_dev = oiommu; tmp->dev = &pdev->dev; - - of_node_put(np); } dev_iommu_priv_set(dev, arch_data); @@ -1697,17 +1696,28 @@ static struct iommu_device *omap_iommu_probe_device(struct device *dev) oiommu = arch_data->iommu_dev; return &oiommu->iommu; + +err_cleanup: + for (tmp = arch_data; tmp < arch_data + i; tmp++) { + if (tmp->dev) + put_device(tmp->dev); + } + kfree(arch_data); + return ERR_PTR(ret); } static void omap_iommu_release_device(struct device *dev) { struct omap_iommu_arch_data *arch_data = dev_iommu_priv_get(dev); + struct omap_iommu_arch_data *tmp; if (!dev->of_node || !arch_data) return; - kfree(arch_data); + for (tmp = arch_data; tmp->dev; tmp++) + put_device(tmp->dev); + kfree(arch_data); } static int omap_iommu_of_xlate(struct device *dev, const struct of_phandle_args *args) -- 2.17.1

1 hour, 49 minutes

3
2
0 0

[PATCH v6 01/18] kasan: Unpoison pcpu chunks with base address tag

by Maciej Wieczor-Retman

From: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> The problem presented here is related to NUMA systems and tag-based KASAN modes - software and hardware ones. It can be explained in the following points: 1. There can be more than one virtual memory chunk. 2. Chunk's base address has a tag. 3. The base address points at the first chunk and thus inherits the tag of the first chunk. 4. The subsequent chunks will be accessed with the tag from the first chunk. 5. Thus, the subsequent chunks need to have their tag set to match that of the first chunk. Refactor code by moving it into a helper in preparation for the actual fix. Fixes: 1d96320f8d53 ("kasan, vmalloc: add vmalloc tagging for SW_TAGS") Cc: <stable(a)vger.kernel.org> # 6.1+ Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> Tested-by: Baoquan He <bhe(a)redhat.com> --- Changelog v6: - Add Baoquan's tested-by tag. - Move patch to the beginning of the series as it is a fix. - Move the refactored code to tags.c because both software and hardware modes compile it. - Add fixes tag. Changelog v4: - Redo the patch message numbered list. - Do the refactoring in this patch and move additions to the next new one. Changelog v3: - Remove last version of this patch that just resets the tag on base_addr and add this patch that unpoisons all areas with the same tag instead. include/linux/kasan.h | 10 ++++++++++ mm/kasan/tags.c | 11 +++++++++++ mm/vmalloc.c | 4 +--- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index d12e1a5f5a9a..b00849ea8ffd 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -614,6 +614,13 @@ static __always_inline void kasan_poison_vmalloc(const void *start, __kasan_poison_vmalloc(start, size); } +void __kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms); +static __always_inline void kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms) +{ + if (kasan_enabled()) + __kasan_unpoison_vmap_areas(vms, nr_vms); +} + #else /* CONFIG_KASAN_VMALLOC */ static inline void kasan_populate_early_vm_area_shadow(void *start, @@ -638,6 +645,9 @@ static inline void *kasan_unpoison_vmalloc(const void *start, static inline void kasan_poison_vmalloc(const void *start, unsigned long size) { } +static inline void kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms) +{ } + #endif /* CONFIG_KASAN_VMALLOC */ #if (defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)) && \ diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index b9f31293622b..ecc17c7c675a 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -18,6 +18,7 @@ #include <linux/static_key.h> #include <linux/string.h> #include <linux/types.h> +#include <linux/vmalloc.h> #include "kasan.h" #include "../slab.h" @@ -146,3 +147,13 @@ void __kasan_save_free_info(struct kmem_cache *cache, void *object) { save_stack_info(cache, object, 0, true); } + +void __kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms) +{ + int area; + + for (area = 0 ; area < nr_vms ; area++) { + kasan_poison(vms[area]->addr, vms[area]->size, + arch_kasan_get_tag(vms[area]->addr), false); + } +} diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 798b2ed21e46..934c8bfbcebf 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -4870,9 +4870,7 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, * With hardware tag-based KASAN, marking is skipped for * non-VM_ALLOC mappings, see __kasan_unpoison_vmalloc(). */ - for (area = 0; area < nr_vms; area++) - vms[area]->addr = kasan_unpoison_vmalloc(vms[area]->addr, - vms[area]->size, KASAN_VMALLOC_PROT_NORMAL); + kasan_unpoison_vmap_areas(vms, nr_vms); kfree(vas); return vms; -- 2.51.0

1 hour, 58 minutes

3
2
0 0

[PATCH 1/2] Revert "block: Move checking GENHD_FL_NO_PART to bdev_add_partition()"

by Gulam Mohamed

This reverts commit 7777f47f2ea64efd1016262e7b59fab34adfb869. The commit 1a721de8489f ("block: don't add or resize partition on the disk with GENHD_FL_NO_PART") and the commit 7777f47f2ea6 ("block: Move checking GENHD_FL_NO_PART to bdev_add_partition()") used the flag GENHD_FL_NO_PART to prevent the add or resize of partitions in 5.15 stable kernels.But in these 5.15 kernels, this is giving an issue with the following error where the loop driver wants to create a partition when the partscan is disabled on the loop device: dd if=/dev/zero of=loopDisk.dsk bs=1M count=1 seek=10240; losetup -f loopDisk.dsk;parted -s /dev/loop0 -- mklabel gpt mkpart primary 2048s 4096s 1+0 records in 1+0 records out 1048576 bytes (1.0 MB, 1.0 MiB) copied, 0.0016293 s, 644 MB/s "" Error: Partition(s) 1 on /dev/loop0 have been written, but we have been unable to inform the kernel of the change, probably because it/they are in use. As a result, the old partition(s) will remain in use. You should reboot now before making further changes. "" If the partition scan is not enabled on the loop device, this flag GENHD_FL_NO_PART is getting set and when partition creation is tried, it returns an error EINVAL thereby preventing the creation of partitions. So, there is no such distinction between disabling of partition scan and partition creation. Later in 6.xxx kernels, the commit b9684a71fca7 ("block, loop: support partitions without scanning") a new flag GD_SUPPRESS_PART_SCAN was introduced that just disables the partition scan and uses GENHD_FL_NO_PART only to prevent creating partition scan. So, the partition creationg can proceed with even if partition scan is disabled. As the commit b9684a71fca7 ("block, loop: support partitions without scanning") is not available in 5.15 stable kernel, and since there is no distinction between disabling of "partition scan" and "partition creation", we need to revert the commits 1a721de8489f and 7777f47f2ea6 from 5.15 stable kernel to allow partition creation when partscan is disabled. Cc: stable(a)vger.kernel.org Signed-off-by: Gulam Mohamed <gulam.mohamed(a)oracle.com> --- block/ioctl.c | 2 ++ block/partitions/core.c | 5 ----- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/block/ioctl.c b/block/ioctl.c index a260e39e56a4..d25b84441237 100644 --- a/block/ioctl.c +++ b/block/ioctl.c @@ -20,6 +20,8 @@ static int blkpg_do_ioctl(struct block_device *bdev, struct blkpg_partition p; sector_t start, length; + if (disk->flags & GENHD_FL_NO_PART) + return -EINVAL; if (!capable(CAP_SYS_ADMIN)) return -EACCES; if (copy_from_user(&p, upart, sizeof(struct blkpg_partition))) diff --git a/block/partitions/core.c b/block/partitions/core.c index 0d1fe2b42b85..7b5750db7eaf 100644 --- a/block/partitions/core.c +++ b/block/partitions/core.c @@ -463,11 +463,6 @@ int bdev_add_partition(struct gendisk *disk, int partno, sector_t start, goto out; } - if (disk->flags & GENHD_FL_NO_PART) { - ret = -EINVAL; - goto out; - } - if (partition_overlaps(disk, start, length, -1)) { ret = -EBUSY; goto out; -- 2.47.3

2 hours, 6 minutes

1
1
0 0

[PATCH] selftests/mm: fix division-by-zero in uffd-unit-tests

by Carlos Llamas

Commit 4dfd4bba8578 ("selftests/mm/uffd: refactor non-composite global vars into struct") moved some of the operations previously implemented in uffd_setup_environment() earlier in the main test loop. The calculation of nr_pages, which involves a division by page_size, now occurs before checking that default_huge_page_size() returns a non-zero This leads to a division-by-zero error on systems with !CONFIG_HUGETLB. Fix this by relocating the non-zero page_size check before the nr_pages calculation, as it was originally implemented. Cc: stable(a)vger.kernel.org Fixes: 4dfd4bba8578 ("selftests/mm/uffd: refactor non-composite global vars into struct") Signed-off-by: Carlos Llamas <cmllamas(a)google.com> --- tools/testing/selftests/mm/uffd-unit-tests.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/mm/uffd-unit-tests.c b/tools/testing/selftests/mm/uffd-unit-tests.c index 9e3be2ee7f1b..f917b4c4c943 100644 --- a/tools/testing/selftests/mm/uffd-unit-tests.c +++ b/tools/testing/selftests/mm/uffd-unit-tests.c @@ -1758,10 +1758,15 @@ int main(int argc, char *argv[]) uffd_test_ops = mem_type->mem_ops; uffd_test_case_ops = test->test_case_ops; - if (mem_type->mem_flag & (MEM_HUGETLB_PRIVATE | MEM_HUGETLB)) + if (mem_type->mem_flag & (MEM_HUGETLB_PRIVATE | MEM_HUGETLB)) { gopts.page_size = default_huge_page_size(); - else + if (gopts.page_size == 0) { + uffd_test_skip("huge page size is 0, feature missing?"); + continue; + } + } else { gopts.page_size = psize(); + } /* Ensure we have at least 2 pages */ gopts.nr_pages = MAX(UFFD_TEST_MEM_SIZE, gopts.page_size * 2) @@ -1776,12 +1781,6 @@ int main(int argc, char *argv[]) continue; uffd_test_start("%s on %s", test->name, mem_type->name); - if ((mem_type->mem_flag == MEM_HUGETLB || - mem_type->mem_flag == MEM_HUGETLB_PRIVATE) && - (default_huge_page_size() == 0)) { - uffd_test_skip("huge page size is 0, feature missing?"); - continue; - } if (!uffd_feature_supported(test)) { uffd_test_skip("feature missing"); continue; -- 2.51.2.1041.gc1ab5b90ca-goog

2 hours, 18 minutes

6
9
0 0

[PATCH 01/15] dmaengine: at_hdmac: fix device leak on of_dma_xlate()

by Johan Hovold

Make sure to drop the reference taken when looking up the DMA platform device during of_dma_xlate() when releasing channel resources. Note that commit 3832b78b3ec2 ("dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate()") fixed the leak in a couple of error paths but the reference is still leaking on successful allocation. Fixes: bbe89c8e3d59 ("at_hdmac: move to generic DMA binding") Fixes: 3832b78b3ec2 ("dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate()") Cc: stable(a)vger.kernel.org # 3.10: 3832b78b3ec2 Cc: Yu Kuai <yukuai3(a)huawei.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/dma/at_hdmac.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/dma/at_hdmac.c b/drivers/dma/at_hdmac.c index 2d147712cbc6..dffe5becd6c3 100644 --- a/drivers/dma/at_hdmac.c +++ b/drivers/dma/at_hdmac.c @@ -1765,6 +1765,7 @@ static int atc_alloc_chan_resources(struct dma_chan *chan) static void atc_free_chan_resources(struct dma_chan *chan) { struct at_dma_chan *atchan = to_at_dma_chan(chan); + struct at_dma_slave *atslave; BUG_ON(atc_chan_is_enabled(atchan)); @@ -1774,8 +1775,12 @@ static void atc_free_chan_resources(struct dma_chan *chan) /* * Free atslave allocated in at_dma_xlate() */ - kfree(chan->private); - chan->private = NULL; + atslave = chan->private; + if (atslave) { + put_device(atslave->dma_dev); + kfree(atslave); + chan->private = NULL; + } dev_vdbg(chan2dev(chan), "free_chan_resources: done\n"); } -- 2.51.0

2 hours, 40 minutes

2
1
0 0

[PATCH 04/15] dmaengine: dw: dmamux: fix OF node leak on route allocation failure

by Johan Hovold

Make sure to drop the reference taken to the DMA master OF node also on late route allocation failures. Fixes: 134d9c52fca2 ("dmaengine: dw: dmamux: Introduce RZN1 DMA router support") Cc: stable(a)vger.kernel.org # 5.19 Cc: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/dma/dw/rzn1-dmamux.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/dma/dw/rzn1-dmamux.c b/drivers/dma/dw/rzn1-dmamux.c index deadf135681b..cbec277af4dd 100644 --- a/drivers/dma/dw/rzn1-dmamux.c +++ b/drivers/dma/dw/rzn1-dmamux.c @@ -90,7 +90,7 @@ static void *rzn1_dmamux_route_allocate(struct of_phandle_args *dma_spec, if (test_and_set_bit(map->req_idx, dmamux->used_chans)) { ret = -EBUSY; - goto free_map; + goto put_dma_spec_np; } mask = BIT(map->req_idx); @@ -103,6 +103,8 @@ static void *rzn1_dmamux_route_allocate(struct of_phandle_args *dma_spec, clear_bitmap: clear_bit(map->req_idx, dmamux->used_chans); +put_dma_spec_np: + of_node_put(dma_spec->np); free_map: kfree(map); put_device: -- 2.51.0

2 hours, 43 minutes

2
1
0 0

[PATCH 0/2] Two NVMe/FC bug fixes for -stable

by Ewan D. Milne

This patch series contains two fixes to the NVMe/FC transport code. The first one fixes a problem where we prematurely free the tagset based on an observation and a fix originally proposed by Ming Lei, with a further modification based on more extensive testing. The second one fixes a problem where we sometimes still had a workqueue item queued when we freed the nvme_fc_ctrl. Because both patches touch the same nvme_fc_delete_ctrl() function, they have to be applied in the correct order to merge cleanly. However they fix separate issues. Ewan D. Milne (2): nvme-fc: move tagset removal to nvme_fc_delete_ctrl() nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() drivers/nvme/host/fc.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) -- 2.43.0

2 hours, 50 minutes

3
5
0 0

Vendor Registration - Qatar Airways

by Qatar Airways

Dear Sir/Madam, We hope this message finds you well. Qatar Airways is pleased to announce the launch of its 2026/27 Expansion Program. We are currently seeking to engage with qualified Suppliers, Vendors, Manufacturers, and Contractors across a wide range of sectors. If your organization is interested in participating in this exciting initiative, we invite you to request our Vendor Application Form and submit your Expression of Interest (EOI) for evaluation. We look forward to the opportunity to collaborate and achieve mutual growth through this strategic partnership. Best regards, Hamza Mohammed Sahib Procurement & Logistics Manager Phone/ WhatsApp: +971-56-778-2809 Qatar Airways

3 hours, 6 minutes

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror