- Linux-stable-mirror - lists.linaro.org

[PATCH net,v3] net: mana: Fix accessing freed irq affinity_hint

by Haiyang Zhang

After calling irq_set_affinity_and_hint(), the cpumask pointer is saved in desc->affinity_hint, and will be used later when reading /proc/irq/<num>/affinity_hint. So the cpumask variable needs to be persistent. Otherwise, we are accessing freed memory when reading the affinity_hint file. Also, need to clear affinity_hint before free_irq(), otherwise there is a one-time warning and stack trace during module unloading: [ 243.948687] WARNING: CPU: 10 PID: 1589 at kernel/irq/manage.c:1913 free_irq+0x318/0x360 ... [ 243.948753] Call Trace: [ 243.948754] <TASK> [ 243.948760] mana_gd_remove_irqs+0x78/0xc0 [mana] [ 243.948767] mana_gd_remove+0x3e/0x80 [mana] [ 243.948773] pci_device_remove+0x3d/0xb0 [ 243.948778] device_remove+0x46/0x70 [ 243.948782] device_release_driver_internal+0x1fe/0x280 [ 243.948785] driver_detach+0x4e/0xa0 [ 243.948787] bus_remove_driver+0x70/0xf0 [ 243.948789] driver_unregister+0x35/0x60 [ 243.948792] pci_unregister_driver+0x44/0x90 [ 243.948794] mana_driver_exit+0x14/0x3fe [mana] [ 243.948800] __do_sys_delete_module.constprop.0+0x185/0x2f0 To fix the bug, use the persistent mask, cpumask_of(cpu#), and set affinity_hint to NULL before freeing the IRQ, as required by free_irq(). Cc: stable(a)vger.kernel.org Fixes: 71fa6887eeca ("net: mana: Assign interrupts to CPUs based on NUMA nodes") Signed-off-by: Haiyang Zhang <haiyangz(a)microsoft.com> Reviewed-by: Michael Kelley <mikelley(a)microsoft.com> Reviewed-by: Leon Romanovsky <leonro(a)nvidia.com> --- .../net/ethernet/microsoft/mana/gdma_main.c | 37 ++++++------------- 1 file changed, 11 insertions(+), 26 deletions(-) diff --git a/drivers/net/ethernet/microsoft/mana/gdma_main.c b/drivers/net/ethernet/microsoft/mana/gdma_main.c index b144f2237748..f9b8f372ec8a 100644 --- a/drivers/net/ethernet/microsoft/mana/gdma_main.c +++ b/drivers/net/ethernet/microsoft/mana/gdma_main.c @@ -1217,9 +1217,7 @@ static int mana_gd_setup_irqs(struct pci_dev *pdev) unsigned int max_queues_per_port = num_online_cpus(); struct gdma_context *gc = pci_get_drvdata(pdev); struct gdma_irq_context *gic; - unsigned int max_irqs; - u16 *cpus; - cpumask_var_t req_mask; + unsigned int max_irqs, cpu; int nvec, irq; int err, i = 0, j; @@ -1240,21 +1238,7 @@ static int mana_gd_setup_irqs(struct pci_dev *pdev) goto free_irq_vector; } - if (!zalloc_cpumask_var(&req_mask, GFP_KERNEL)) { - err = -ENOMEM; - goto free_irq; - } - - cpus = kcalloc(nvec, sizeof(*cpus), GFP_KERNEL); - if (!cpus) { - err = -ENOMEM; - goto free_mask; - } - for (i = 0; i < nvec; i++) - cpus[i] = cpumask_local_spread(i, gc->numa_node); - for (i = 0; i < nvec; i++) { - cpumask_set_cpu(cpus[i], req_mask); gic = &gc->irq_contexts[i]; gic->handler = NULL; gic->arg = NULL; @@ -1269,17 +1253,16 @@ static int mana_gd_setup_irqs(struct pci_dev *pdev) irq = pci_irq_vector(pdev, i); if (irq < 0) { err = irq; - goto free_mask; + goto free_irq; } err = request_irq(irq, mana_gd_intr, 0, gic->name, gic); if (err) - goto free_mask; - irq_set_affinity_and_hint(irq, req_mask); - cpumask_clear(req_mask); + goto free_irq; + + cpu = cpumask_local_spread(i, gc->numa_node); + irq_set_affinity_and_hint(irq, cpumask_of(cpu)); } - free_cpumask_var(req_mask); - kfree(cpus); err = mana_gd_alloc_res_map(nvec, &gc->msix_resource); if (err) @@ -1290,13 +1273,12 @@ static int mana_gd_setup_irqs(struct pci_dev *pdev) return 0; -free_mask: - free_cpumask_var(req_mask); - kfree(cpus); free_irq: for (j = i - 1; j >= 0; j--) { irq = pci_irq_vector(pdev, j); gic = &gc->irq_contexts[j]; + + irq_update_affinity_hint(irq, NULL); free_irq(irq, gic); } @@ -1324,6 +1306,9 @@ static void mana_gd_remove_irqs(struct pci_dev *pdev) continue; gic = &gc->irq_contexts[i]; + + /* Need to clear the hint before free_irq */ + irq_update_affinity_hint(irq, NULL); free_irq(irq, gic); } -- 2.25.1

2 years, 9 months

3
3
0 0

[PATCH net 1/1] hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC

by Michael Kelley

Memory allocations in the network transmit path must use GFP_ATOMIC so they won't sleep. Reported-by: Paolo Abeni <pabeni(a)redhat.com> Link: https://lore.kernel.org/lkml/8a4d08f94d3e6fe8b6da68440eaa89a088ad84f9.camel… Fixes: 846da38de0e8 ("net: netvsc: Add Isolation VM support for netvsc driver") Cc: stable(a)vger.kernel.org Signed-off-by: Michael Kelley <mikelley(a)microsoft.com> --- drivers/net/hyperv/netvsc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c index e02d1e3..79f4e13 100644 --- a/drivers/net/hyperv/netvsc.c +++ b/drivers/net/hyperv/netvsc.c @@ -1034,7 +1034,7 @@ static int netvsc_dma_map(struct hv_device *hv_dev, packet->dma_range = kcalloc(page_count, sizeof(*packet->dma_range), - GFP_KERNEL); + GFP_ATOMIC); if (!packet->dma_range) return -ENOMEM; -- 1.8.3.1

2 years, 9 months

2
1
0 0

[PATCH net] can: j1939: do not wait 250 ms if the same addr was already claimed

by Marc Kleine-Budde

From: Devid Antonio Filoni <devid.filoni(a)egluetechnologies.com> The ISO 11783-5 standard, in "4.5.2 - Address claim requirements", states: d) No CF shall begin, or resume, transmission on the network until 250 ms after it has successfully claimed an address except when responding to a request for address-claimed. But "Figure 6" and "Figure 7" in "4.5.4.2 - Address-claim prioritization" show that the CF begins the transmission after 250 ms from the first AC (address-claimed) message even if it sends another AC message during that time window to resolve the address contention with another CF. As stated in "4.4.2.3 - Address-claimed message": In order to successfully claim an address, the CF sending an address claimed message shall not receive a contending claim from another CF for at least 250 ms. As stated in "4.4.3.2 - NAME management (NM) message": 1) A commanding CF can d) request that a CF with a specified NAME transmit the address- claimed message with its current NAME. 2) A target CF shall d) send an address-claimed message in response to a request for a matching NAME Taking the above arguments into account, the 250 ms wait is requested only during network initialization. Do not restart the timer on AC message if both the NAME and the address match and so if the address has already been claimed (timer has expired) or the AC message has been sent to resolve the contention with another CF (timer is still running). Signed-off-by: Devid Antonio Filoni <devid.filoni(a)egluetechnologies.com> Acked-by: Oleksij Rempel <o.rempel(a)pengutronix.de> Link: https://lore.kernel.org/all/20221125170418.34575-1-devid.filoni@egluetechno… Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol") Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- net/can/j1939/address-claim.c | 40 +++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/net/can/j1939/address-claim.c b/net/can/j1939/address-claim.c index f33c47327927..ca4ad6cdd5cb 100644 --- a/net/can/j1939/address-claim.c +++ b/net/can/j1939/address-claim.c @@ -165,6 +165,46 @@ static void j1939_ac_process(struct j1939_priv *priv, struct sk_buff *skb) * leaving this function. */ ecu = j1939_ecu_get_by_name_locked(priv, name); + + if (ecu && ecu->addr == skcb->addr.sa) { + /* The ISO 11783-5 standard, in "4.5.2 - Address claim + * requirements", states: + * d) No CF shall begin, or resume, transmission on the + * network until 250 ms after it has successfully claimed + * an address except when responding to a request for + * address-claimed. + * + * But "Figure 6" and "Figure 7" in "4.5.4.2 - Address-claim + * prioritization" show that the CF begins the transmission + * after 250 ms from the first AC (address-claimed) message + * even if it sends another AC message during that time window + * to resolve the address contention with another CF. + * + * As stated in "4.4.2.3 - Address-claimed message": + * In order to successfully claim an address, the CF sending + * an address claimed message shall not receive a contending + * claim from another CF for at least 250 ms. + * + * As stated in "4.4.3.2 - NAME management (NM) message": + * 1) A commanding CF can + * d) request that a CF with a specified NAME transmit + * the address-claimed message with its current NAME. + * 2) A target CF shall + * d) send an address-claimed message in response to a + * request for a matching NAME + * + * Taking the above arguments into account, the 250 ms wait is + * requested only during network initialization. + * + * Do not restart the timer on AC message if both the NAME and + * the address match and so if the address has already been + * claimed (timer has expired) or the AC message has been sent + * to resolve the contention with another CF (timer is still + * running). + */ + goto out_ecu_put; + } + if (!ecu && j1939_address_is_unicast(skcb->addr.sa)) ecu = j1939_ecu_create_locked(priv, name); base-commit: 811d581194f7412eda97acc03d17fc77824b561f -- 2.39.1

2 years, 9 months

2
1
0 0

[PATCH 5.4 00/67] 5.4.227-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.227 release. There are 67 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 14 Dec 2022 13:08:57 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.227-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.227-rc1 Frank Jungclaus <frank.jungclaus(a)esd.eu> can: esd_usb: Allow REC and TEC to return to zero Dan Carpenter <error27(a)gmail.com> net: mvneta: Fix an out of bounds check Eric Dumazet <edumazet(a)google.com> ipv6: avoid use-after-free in ip6_fragment() Yang Yingliang <yangyingliang(a)huawei.com> net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq() Juergen Gross <jgross(a)suse.com> xen/netback: fix build warning Zhang Changzhong <zhangchangzhong(a)huawei.com> ethernet: aeroflex: fix potential skb leak in greth_init_rings() Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect route flushing when table ID 0 is used Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect route flushing when source address is deleted YueHaibing <yuehaibing(a)huawei.com> tipc: Fix potential OOB in tipc_link_proto_rcv() Liu Jian <liujian56(a)huawei.com> net: hisilicon: Fix potential use-after-free in hix5hd2_rx() Liu Jian <liujian56(a)huawei.com> net: hisilicon: Fix potential use-after-free in hisi_femac_rx() Yongqiang Liu <liuyongqiang13(a)huawei.com> net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq Jisheng Zhang <jszhang(a)kernel.org> net: stmmac: fix "snps,axi-config" node property parsing Pankaj Raghav <p.raghav(a)samsung.com> nvme initialize core quirks before calling nvme_init_subsystem Kees Cook <keescook(a)chromium.org> NFC: nci: Bounds check struct nfc_target arrays Przemyslaw Patynowski <przemyslawx.patynowski(a)intel.com> i40e: Disallow ip4 and ip6 l4_4_bytes Sylwester Dziedziuch <sylwesterx.dziedziuch(a)intel.com> i40e: Fix for VF MAC address 0 Michal Jaron <michalx.jaron(a)intel.com> i40e: Fix not setting default xps_cpus after reset Dan Carpenter <error27(a)gmail.com> net: mvneta: Prevent out of bounds read in mvneta_config_rss() Lin Liu <lin.liu(a)citrix.com> xen-netfront: Fix NULL sring after live migration Valentina Goncharenko <goncharenko.vp(a)ispras.ru> net: encx24j600: Fix invalid logic in reading of MISTAT register Valentina Goncharenko <goncharenko.vp(a)ispras.ru> net: encx24j600: Add parentheses to fix precedence Wei Yongjun <weiyongjun1(a)huawei.com> mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() Zhengchao Shao <shaozhengchao(a)huawei.com> selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload Artem Chernyshev <artem.chernyshev(a)red-soft.ru> net: dsa: ksz: Check return value Chen Zhongjin <chenzhongjin(a)huawei.com> Bluetooth: Fix not cleanup led when bt_init fails Wang ShaoBo <bobo.shaobowang(a)huawei.com> Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Get user_ns from in_skb in unix_diag_get_exact(). Akihiko Odaki <akihiko.odaki(a)daynix.com> igb: Allocate MSI-X vector when testing Akihiko Odaki <akihiko.odaki(a)daynix.com> e1000e: Fix TX dispatch condition Xiongfeng Wang <wangxiongfeng2(a)huawei.com> gpio: amd8111: Fix PCI device reference count leak Qiqi Zhang <eddy.zhang(a)rock-chips.com> drm/bridge: ti-sn65dsi86: Fix output polarity setting bug Hauke Mehrtens <hauke(a)hauke-m.de> ca8210: Fix crash by zero initializing data Ziyang Xuan <william.xuanziyang(a)huawei.com> ieee802154: cc2520: Fix error return code in cc2520_hw_init() Baolin Wang <baolin.wang(a)linux.alibaba.com> mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page Oliver Hartkopp <socketcan(a)hartkopp.net> can: af_can: fix NULL pointer dereference in can_rcv_filter ZhangPeng <zhangpeng362(a)huawei.com> HID: core: fix shift-out-of-bounds in hid_report_raw_event Anastasia Belova <abelova(a)astralinux.ru> HID: hid-lg4ff: Add check for empty lbuf Ankit Patel <anpatel(a)nvidia.com> HID: usbhid: Add ALWAYS_POLL quirk for some mice Rob Clark <robdclark(a)chromium.org> drm/shmem-helper: Remove errant put in error path Thomas Huth <thuth(a)redhat.com> KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field John Starks <jostarks(a)microsoft.com> mm/gup: fix gup_pud_range() for dax Tejun Heo <tj(a)kernel.org> memcg: fix possible use-after-free in memcg_write_event_control() Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: v4l2-dv-timings.c: fix too strict blanking sanity checks Rafał Miłecki <rafal(a)milecki.pl> Revert "net: dsa: b53: Fix valid setting for MDB entries" Juergen Gross <jgross(a)suse.com> xen/netback: don't call kfree_skb() with interrupts disabled Juergen Gross <jgross(a)suse.com> xen/netback: do some code cleanup Ross Lagerwall <ross.lagerwall(a)citrix.com> xen/netback: Ensure protocol headers don't fall in the non-linear area Jann Horn <jannh(a)google.com> mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Jann Horn <jannh(a)google.com> mm/khugepaged: fix GUP-fast interaction by sending IPI Jann Horn <jannh(a)google.com> mm/khugepaged: take the right locks for page table retraction Davide Tronchin <davide.tronchin.94(a)gmail.com> net: usb: qmi_wwan: add u-blox 0x1342 composition Dominique Martinet <asmadeus(a)codewreck.org> 9p/xen: check logical size for buffer size Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fbcon: Use kzalloc() in fbcon_prepare_logo() Andreas Kemnade <andreas(a)kemnade.info> regulator: twl6030: fix get status of twl6032 regulators Srinivasa Rao Mandadapu <quic_srivasam(a)quicinc.com> ASoC: soc-pcm: Add NULL check in BE reparenting Filipe Manana <fdmanana(a)suse.com> btrfs: send: avoid unaligned encoded writes when attempting to clone range Kees Cook <keescook(a)chromium.org> ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event Konrad Dybcio <konrad.dybcio(a)linaro.org> regulator: slg51000: Wait after asserting CS pin GUO Zihua <guozihua(a)huawei.com> 9p/fd: Use P9_HDRSZ for header size Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 Giulio Benetti <giulio.benetti(a)benettiengineering.com> ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation Tomislav Novak <tnovak(a)fb.com> ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix ir-receiver node names Sebastian Reichel <sebastian.reichel(a)collabora.com> arm: dts: rockchip: fix node name for hym8563 rtc FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/rk3036-evb.dts | 2 +- arch/arm/boot/dts/rk3188-radxarock.dts | 2 +- arch/arm/boot/dts/rk3188.dtsi | 3 +- arch/arm/boot/dts/rk3288-evb-act8846.dts | 2 +- arch/arm/boot/dts/rk3288-firefly.dtsi | 2 +- arch/arm/boot/dts/rk3288-miqi.dts | 2 +- arch/arm/boot/dts/rk3288-rock2-square.dts | 2 +- arch/arm/boot/dts/rk3xxx.dtsi | 7 + arch/arm/include/asm/perf_event.h | 2 +- arch/arm/include/asm/pgtable-nommu.h | 6 - arch/arm/include/asm/pgtable.h | 16 +- arch/arm/mm/nommu.c | 19 + arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dts | 1 - arch/s390/kvm/vsie.c | 4 +- drivers/gpio/gpio-amd8111.c | 4 + drivers/gpu/drm/bridge/ti-sn65dsi86.c | 4 +- drivers/gpu/drm/drm_gem_shmem_helper.c | 4 +- drivers/hid/hid-core.c | 3 + drivers/hid/hid-ids.h | 3 + drivers/hid/hid-lg4ff.c | 6 + drivers/hid/hid-quirks.c | 3 + drivers/media/v4l2-core/v4l2-dv-timings.c | 20 +- drivers/net/can/usb/esd_usb2.c | 6 + drivers/net/dsa/b53/b53_common.c | 1 + drivers/net/ethernet/aeroflex/greth.c | 1 + drivers/net/ethernet/cavium/thunder/nicvf_main.c | 4 +- drivers/net/ethernet/hisilicon/hisi_femac.c | 2 +- drivers/net/ethernet/hisilicon/hix5hd2_gmac.c | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 6 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 19 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 2 + drivers/net/ethernet/intel/igb/igb_ethtool.c | 2 + drivers/net/ethernet/marvell/mvneta.c | 2 +- drivers/net/ethernet/microchip/encx24j600-regmap.c | 4 +- .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 8 +- drivers/net/ieee802154/ca8210.c | 2 +- drivers/net/ieee802154/cc2520.c | 2 +- drivers/net/plip/plip.c | 4 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/xen-netback/common.h | 14 +- drivers/net/xen-netback/interface.c | 22 +- drivers/net/xen-netback/netback.c | 229 +-- drivers/net/xen-netback/rx.c | 10 +- drivers/net/xen-netfront.c | 6 + drivers/nvme/host/core.c | 8 +- drivers/regulator/slg51000-regulator.c | 2 + drivers/regulator/twl6030-regulator.c | 15 +- drivers/video/fbdev/core/fbcon.c | 2 +- fs/btrfs/send.c | 24 +- include/asm-generic/tlb.h | 4 + include/linux/cgroup.h | 1 + include/linux/hugetlb.h | 6 +- kernel/cgroup/cgroup-internal.h | 1 - mm/gup.c | 15 +- mm/hugetlb.c | 28 +- mm/khugepaged.c | 47 +- mm/memcontrol.c | 15 +- mm/mmu_gather.c | 5 + net/9p/trans_fd.c | 6 +- net/9p/trans_xen.c | 9 + net/bluetooth/6lowpan.c | 1 + net/bluetooth/af_bluetooth.c | 4 +- net/can/af_can.c | 4 +- net/dsa/tag_ksz.c | 3 +- net/ipv4/fib_frontend.c | 3 + net/ipv4/fib_semantics.c | 1 + net/ipv6/ip6_output.c | 5 + net/mac802154/iface.c | 1 + net/nfc/nci/ntf.c | 6 + net/tipc/link.c | 4 +- net/unix/diag.c | 20 +- sound/core/seq/seq_memory.c | 11 +- sound/soc/soc-pcm.c | 2 + tools/testing/selftests/net/fib_tests.sh | 1727 -------------------- tools/testing/selftests/net/rtnetlink.sh | 2 +- 77 files changed, 476 insertions(+), 1980 deletions(-)

2 years, 9 months

9
85
0 0

[PATCH] [PATCH V2] mm/filemap: fix page end in filemap_get_read_batch

by coolqyj＠163.com

From: Qian Yingjin <qian(a)ddn.com> I was running traces of the read code against an RAID storage system to understand why read requests were being misaligned against the underlying RAID strips. I found that the page end offset calculation in filemap_get_read_batch() was off by one. When a read is submitted with end offset 1048575, then it calculates the end page for read of 256 when it should be 255. "last_index" is the index of the page beyond the end of the read and it should be skipped when get a batch of pages for read in @filemap_get_read_batch(). The below simple patch fixes the problem. This code was introduced in kernel 5.12. Fixes: cbd59c48ae2b ("mm/filemap: use head pages in generic_file_buffered_read") Signed-off-by: Qian Yingjin <qian(a)ddn.com> --- mm/filemap.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/mm/filemap.c b/mm/filemap.c index c4d4ace9cc70..0e20a8d6dd93 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -2588,18 +2588,19 @@ static int filemap_get_pages(struct kiocb *iocb, struct iov_iter *iter, struct folio *folio; int err = 0; + /* "last_index" is the index of the page beyond the end of the read */ last_index = DIV_ROUND_UP(iocb->ki_pos + iter->count, PAGE_SIZE); retry: if (fatal_signal_pending(current)) return -EINTR; - filemap_get_read_batch(mapping, index, last_index, fbatch); + filemap_get_read_batch(mapping, index, last_index - 1, fbatch); if (!folio_batch_count(fbatch)) { if (iocb->ki_flags & IOCB_NOIO) return -EAGAIN; page_cache_sync_readahead(mapping, ra, filp, index, last_index - index); - filemap_get_read_batch(mapping, index, last_index, fbatch); + filemap_get_read_batch(mapping, index, last_index - 1, fbatch); } if (!folio_batch_count(fbatch)) { if (iocb->ki_flags & (IOCB_NOWAIT | IOCB_WAITQ)) -- 2.34.1

2 years, 9 months

2
1
0 0

[PATCH V2] KVM: sev: Fix potential overflow send|recieve_update_data

by Peter Gonda

KVM_SEV_SEND_UPDATE_DATA and KVM_SEV_RECEIVE_UPDATE_DATA have an integer overflow issue. Params.guest_len and offset are both 32bite wide, with a large params.guest_len the check to confirm a page boundary is not crossed can falsely pass: /* Check if we are crossing the page boundary * offset = params.guest_uaddr & (PAGE_SIZE - 1); if ((params.guest_len + offset > PAGE_SIZE)) Add an additional check to this conditional to confirm that params.guest_len itself is not greater than PAGE_SIZE. The current code is can only overflow with a params.guest_len of greater than 0xfffff000. And the FW spec says these commands fail with lengths greater than 16KB. So this issue should not be a security concern Fixes: 15fb7de1a7f5 ("KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_DATA command") Fixes: d3d1af85e2c7 ("KVM: SVM: Add KVM_SEND_UPDATE_DATA command") Reported-by: Andy Nguyen <theflow(a)google.com> Suggested-by: Thomas Lendacky <thomas.lendacky(a)amd.com> Signed-off-by: Peter Gonda <pgonda(a)google.com> Cc: David Rientjes <rientjes(a)google.com> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sean Christopherson <seanjc(a)google.com> Cc: kvm(a)vger.kernel.org Cc: stable(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org --- V2 * Updated conditional based on feedback from Tom. --- arch/x86/kvm/svm/sev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 273cba809328..3d74facaead8 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1294,7 +1294,7 @@ static int sev_send_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) /* Check if we are crossing the page boundary */ offset = params.guest_uaddr & (PAGE_SIZE - 1); - if ((params.guest_len + offset > PAGE_SIZE)) + if (params.guest_len > PAGE_SIZE || (params.guest_len + offset) > PAGE_SIZE) return -EINVAL; /* Pin guest memory */ @@ -1474,7 +1474,7 @@ static int sev_receive_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) /* Check if we are crossing the page boundary */ offset = params.guest_uaddr & (PAGE_SIZE - 1); - if ((params.guest_len + offset > PAGE_SIZE)) + if (params.guest_len > PAGE_SIZE || (params.guest_len + offset) > PAGE_SIZE) return -EINVAL; hdr = psp_copy_user_blob(params.hdr_uaddr, params.hdr_len); -- 2.39.1.519.gcb327c4b5f-goog

2 years, 9 months

3
3
0 0

+ scripts-gdb-fix-lx-current-for-x86.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: scripts/gdb: fix 'lx-current' for x86 has been added to the -mm mm-hotfixes-unstable branch. Its filename is scripts-gdb-fix-lx-current-for-x86.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jeff Xie <xiehuan09(a)gmail.com> Subject: scripts/gdb: fix 'lx-current' for x86 Date: Sat, 4 Feb 2023 17:01:39 +0800 When printing the name of the current process, it will report an error: (gdb) p $lx_current().comm Python Exception <class 'gdb.error'> No symbol "current_task" in current context.: Error occurred in Python: No symbol "current_task" in current context. Because e57ef2ed97c1 ("x86: Put hot per CPU variables into a struct") changed it. Link: https://lkml.kernel.org/r/20230204090139.1789264-1-xiehuan09@gmail.com Fixes: e57ef2ed97c1 ("x86: Put hot per CPU variables into a struct") Signed-off-by: Jeff Xie <xiehuan09(a)gmail.com> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/cpus.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/scripts/gdb/linux/cpus.py~scripts-gdb-fix-lx-current-for-x86 +++ a/scripts/gdb/linux/cpus.py @@ -163,7 +163,7 @@ def get_current_task(cpu): task_ptr_type = task_type.get_type().pointer() if utils.is_target_arch("x86"): - var_ptr = gdb.parse_and_eval("&current_task") + var_ptr = gdb.parse_and_eval("&pcpu_hot.current_task") return per_cpu(var_ptr, cpu).dereference() elif utils.is_target_arch("aarch64"): current_task_addr = gdb.parse_and_eval("$SP_EL0") _ Patches currently in -mm which might be from xiehuan09(a)gmail.com are scripts-gdb-fix-lx-current-for-x86.patch

2 years, 9 months

1
0
0 0

stable-rc/linux-5.10.y baseline: 173 runs, 3 regressions (v5.10.166-100-ge9ce3cb0864d)

by kernelci.org bot

stable-rc/linux-5.10.y baseline: 173 runs, 3 regressions (v5.10.166-100-ge9ce3cb0864d) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -----------------------+-------+--------------+----------+--------------------+------------ cubietruck | arm | lab-baylibre | gcc-10 | multi_v7_defconfig | 1 sun50i-a64-pine64-plus | arm64 | lab-baylibre | gcc-10 | defconfig | 1 sun50i-a64-pine64-plus | arm64 | lab-broonie | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/linux-5.10.y/kernel/v5.10.16… Test: baseline Tree: stable-rc Branch: linux-5.10.y Describe: v5.10.166-100-ge9ce3cb0864d URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: e9ce3cb0864d364496872cad97ba6af396372866 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -----------------------+-------+--------------+----------+--------------------+------------ cubietruck | arm | lab-baylibre | gcc-10 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/63e272c7d63f27656b8c863e Results: 5 PASS, 1 FAIL, 1 SKIP Full config: multi_v7_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.10.y/v5.10.166-100-ge9ce3cb… HTML log: https://storage.kernelci.org//stable-rc/linux-5.10.y/v5.10.166-100-ge9ce3cb… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/63e272c7d63f27656b8c8647 failing since 20 days (last pass: v5.10.158-107-gd2432186ff47, first fail: v5.10.162-852-geeaac3cf2eb3) 2023-02-07T15:48:11.814661 <8>[ 11.086283] <LAVA_SIGNAL_ENDRUN 0_dmesg 3302465_1.5.2.4.1> 2023-02-07T15:48:11.923564 / # # 2023-02-07T15:48:12.026730 export SHELL=/bin/sh 2023-02-07T15:48:12.027838 # 2023-02-07T15:48:12.129854 / # export SHELL=/bin/sh. /lava-3302465/environment 2023-02-07T15:48:12.130862 2023-02-07T15:48:12.131500 / # . /lava-3302465/environment<3>[ 11.371106] Bluetooth: hci0: command 0xfc18 tx timeout 2023-02-07T15:48:12.233618 /lava-3302465/bin/lava-test-runner /lava-3302465/1 2023-02-07T15:48:12.235406 2023-02-07T15:48:12.240461 / # /lava-3302465/bin/lava-test-runner /lava-3302465/1 ... (12 line(s) more) platform | arch | lab | compiler | defconfig | regressions -----------------------+-------+--------------+----------+--------------------+------------ sun50i-a64-pine64-plus | arm64 | lab-baylibre | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/63e2762cff683c19528c8645 Results: 5 PASS, 1 FAIL, 1 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.10.y/v5.10.166-100-ge9ce3cb… HTML log: https://storage.kernelci.org//stable-rc/linux-5.10.y/v5.10.166-100-ge9ce3cb… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/63e2762cff683c19528c864e failing since 8 days (last pass: v5.10.158-107-g6b6a42c25ed4, first fail: v5.10.165-144-g930bc29c79c4) 2023-02-07T16:02:40.348212 + set +x 2023-02-07T16:02:40.352392 <8>[ 17.064324] <LAVA_SIGNAL_ENDRUN 0_dmesg 3302553_1.5.2.4.1> 2023-02-07T16:02:40.472542 / # # 2023-02-07T16:02:40.578121 export SHELL=/bin/sh 2023-02-07T16:02:40.579718 # 2023-02-07T16:02:40.683092 / # export SHELL=/bin/sh. /lava-3302553/environment 2023-02-07T16:02:40.684629 2023-02-07T16:02:40.788076 / # . /lava-3302553/environment/lava-3302553/bin/lava-test-runner /lava-3302553/1 2023-02-07T16:02:40.790755 2023-02-07T16:02:40.793989 / # /lava-3302553/bin/lava-test-runner /lava-3302553/1 ... (12 line(s) more) platform | arch | lab | compiler | defconfig | regressions -----------------------+-------+--------------+----------+--------------------+------------ sun50i-a64-pine64-plus | arm64 | lab-broonie | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/63e27500df8798e2df8c863e Results: 5 PASS, 1 FAIL, 1 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/linux-5.10.y/v5.10.166-100-ge9ce3cb… HTML log: https://storage.kernelci.org//stable-rc/linux-5.10.y/v5.10.166-100-ge9ce3cb… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/63e27500df8798e2df8c8647 failing since 8 days (last pass: v5.10.158-107-g6b6a42c25ed4, first fail: v5.10.165-144-g930bc29c79c4) 2023-02-07T15:57:40.557023 <8>[ 17.154192] <LAVA_SIGNAL_ENDRUN 0_dmesg 269943_1.5.2.4.1> 2023-02-07T15:57:40.668669 / # # 2023-02-07T15:57:40.771622 export SHELL=/bin/sh 2023-02-07T15:57:40.772229 # 2023-02-07T15:57:40.874273 / # export SHELL=/bin/sh. /lava-269943/environment 2023-02-07T15:57:40.874870 2023-02-07T15:57:40.976738 / # . /lava-269943/environment/lava-269943/bin/lava-test-runner /lava-269943/1 2023-02-07T15:57:40.977775 2023-02-07T15:57:40.981876 / # /lava-269943/bin/lava-test-runner /lava-269943/1 2023-02-07T15:57:41.023515 + export 'TESTRUN_ID=1_bootrr' ... (11 line(s) more)

2 years, 9 months

1
0
0 0

stable-rc/queue/5.4 baseline: 153 runs, 23 regressions (v5.4.230-194-ga2e225b83953)

by kernelci.org bot

stable-rc/queue/5.4 baseline: 153 runs, 23 regressions (v5.4.230-194-ga2e225b83953) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ cubietruck | arm | lab-baylibre | gcc-10 | multi_v7_defconfig | 1 hifive-unleashed-a00 | riscv | lab-baylibre | gcc-10 | defconfig | 1 meson-gxm-q200 | arm64 | lab-baylibre | gcc-10 | defconfig | 1 qemu_arm64-virt-gicv2 | arm64 | lab-baylibre | gcc-10 | defconfig+arm64-chromebook | 1 qemu_arm64-virt-gicv2 | arm64 | lab-baylibre | gcc-10 | defconfig | 1 qemu_arm64-virt-gicv2 | arm64 | lab-broonie | gcc-10 | defconfig+arm64-chromebook | 1 qemu_arm64-virt-gicv2 | arm64 | lab-broonie | gcc-10 | defconfig | 1 qemu_arm64-virt-gicv2 | arm64 | lab-collabora | gcc-10 | defconfig+arm64-chromebook | 1 qemu_arm64-virt-gicv2-uefi | arm64 | lab-baylibre | gcc-10 | defconfig+arm64-chromebook | 1 qemu_arm64-virt-gicv2-uefi | arm64 | lab-baylibre | gcc-10 | defconfig | 1 qemu_arm64-virt-gicv2-uefi | arm64 | lab-broonie | gcc-10 | defconfig+arm64-chromebook | 1 qemu_arm64-virt-gicv2-uefi | arm64 | lab-broonie | gcc-10 | defconfig | 1 qemu_arm64-virt-gicv3 | arm64 | lab-baylibre | gcc-10 | defconfig+arm64-chromebook | 1 qemu_arm64-virt-gicv3 | arm64 | lab-baylibre | gcc-10 | defconfig | 1 qemu_arm64-virt-gicv3 | arm64 | lab-broonie | gcc-10 | defconfig+arm64-chromebook | 1 qemu_arm64-virt-gicv3 | arm64 | lab-broonie | gcc-10 | defconfig | 1 qemu_arm64-virt-gicv3 | arm64 | lab-collabora | gcc-10 | defconfig+arm64-chromebook | 1 qemu_arm64-virt-gicv3-uefi | arm64 | lab-baylibre | gcc-10 | defconfig+arm64-chromebook | 1 qemu_arm64-virt-gicv3-uefi | arm64 | lab-baylibre | gcc-10 | defconfig | 1 qemu_arm64-virt-gicv3-uefi | arm64 | lab-broonie | gcc-10 | defconfig+arm64-chromebook | 1 qemu_arm64-virt-gicv3-uefi | arm64 | lab-broonie | gcc-10 | defconfig | 1 qemu_arm64-virt-gicv3-uefi | arm64 | lab-collabora | gcc-10 | defconfig | 1 sun8i-h3-libretech-all-h3-cc | arm | lab-baylibre | gcc-10 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/job/stable-rc/branch/queue%2F5.4/kernel/v5.4.230-… Test: baseline Tree: stable-rc Branch: queue/5.4 Describe: v5.4.230-194-ga2e225b83953 URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git SHA: a2e225b83953b97c75acd08cb90af02345ca1fd4 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ cubietruck | arm | lab-baylibre | gcc-10 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/63e274bbf926fdc5838c864e Results: 5 PASS, 1 FAIL, 1 SKIP Full config: multi_v7_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/63e274bbf926fdc5838c8657 failing since 8 days (last pass: v5.4.230-81-g2ad0dc06d587, first fail: v5.4.230-108-g761a8268d868) 2023-02-07T15:56:07.140465 + set +x<8>[ 9.877671] <LAVA_SIGNAL_ENDRUN 0_dmesg 3302510_1.5.2.4.1> 2023-02-07T15:56:07.140957 2023-02-07T15:56:07.250639 / # # 2023-02-07T15:56:07.353459 export SHELL=/bin/sh 2023-02-07T15:56:07.354501 # 2023-02-07T15:56:07.456955 / # export SHELL=/bin/sh. /lava-3302510/environment 2023-02-07T15:56:07.458017 2023-02-07T15:56:07.560200 / # . /lava-3302510/environment/lava-3302510/bin/lava-test-runner /lava-3302510/1 2023-02-07T15:56:07.561674 2023-02-07T15:56:07.566513 / # /lava-3302510/bin/lava-test-runner /lava-3302510/1 ... (13 line(s) more) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ hifive-unleashed-a00 | riscv | lab-baylibre | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/63e2741032a81ab7df8c864c Results: 3 PASS, 2 FAIL, 2 SKIP Full config: defconfig Compiler: gcc-10 (riscv64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.dmesg.crit: https://kernelci.org/test/case/id/63e2741032a81ab7df8c8651 failing since 111 days (last pass: v5.4.219-270-gde284a6cd1e4, first fail: v5.4.219-266-g5eb28a6c7901) 3 lines 2023-02-07T15:53:32.415178 / # 2023-02-07T15:53:32.416069 2023-02-07T15:53:34.482656 / # # 2023-02-07T15:53:34.483948 # 2023-02-07T15:53:36.492908 / # export SHELL=/bin/sh 2023-02-07T15:53:36.493675 export SHELL=/bin/sh 2023-02-07T15:53:38.508566 / # . /lava-3302504/environment 2023-02-07T15:53:38.509003 . /lava-3302504/environment 2023-02-07T15:53:40.524660 / # /lava-3302504/bin/lava-test-runner /lava-3302504/0 2023-02-07T15:53:40.525821 /lava-3302504/bin/lava-test-runner /lava-3302504/0 ... (9 line(s) more) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ meson-gxm-q200 | arm64 | lab-baylibre | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/63e27a9a71efe583af8c8733 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e27a9a71efe583af8c8734 new failure (last pass: v5.4.230-134-gfbeae168e73cf) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv2 | arm64 | lab-baylibre | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/63e275ed29ea6c42b78c865d Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e275ed29ea6c42b78c865e failing since 196 days (last pass: v5.4.180-77-g7de29e82b9db, first fail: v5.4.207-73-ga2480f1b1dda1) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv2 | arm64 | lab-baylibre | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/63e2771fce200c30d18c8635 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e2771fce200c30d18c8636 failing since 273 days (last pass: v5.4.191-77-g1a3b249e415b, first fail: v5.4.191-125-g5917d1547e6e) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv2 | arm64 | lab-broonie | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/63e2757f83b47e260e8c8640 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e2757f83b47e260e8c8641 failing since 196 days (last pass: v5.4.180-77-g7de29e82b9db, first fail: v5.4.207-73-ga2480f1b1dda1) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv2 | arm64 | lab-broonie | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/63e276ff2ca6686fce8c8632 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e276ff2ca6686fce8c8633 failing since 273 days (last pass: v5.4.191-77-g1a3b249e415b, first fail: v5.4.191-125-g5917d1547e6e) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv2 | arm64 | lab-collabora | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/63e27512d31a909a1f8c8684 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e27512d31a909a1f8c8685 failing since 196 days (last pass: v5.4.180-77-g7de29e82b9db, first fail: v5.4.207-73-ga2480f1b1dda1) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv2-uefi | arm64 | lab-baylibre | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/63e275f029ea6c42b78c866b Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e275f029ea6c42b78c866c failing since 273 days (last pass: v5.4.191-84-g56ce42d78d96, first fail: v5.4.191-125-g5917d1547e6e) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv2-uefi | arm64 | lab-baylibre | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/63e2771dce200c30d18c862f Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e2771dce200c30d18c8630 failing since 273 days (last pass: v5.4.191-77-g1a3b249e415b, first fail: v5.4.191-125-g5917d1547e6e) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv2-uefi | arm64 | lab-broonie | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/63e27595b4c4ad13df8c86c1 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e27595b4c4ad13df8c86c2 failing since 273 days (last pass: v5.4.191-84-g56ce42d78d96, first fail: v5.4.191-125-g5917d1547e6e) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv2-uefi | arm64 | lab-broonie | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/63e276fd2ca6686fce8c862f Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e276fd2ca6686fce8c8630 failing since 273 days (last pass: v5.4.191-77-g1a3b249e415b, first fail: v5.4.191-125-g5917d1547e6e) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv3 | arm64 | lab-baylibre | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/63e275ef29ea6c42b78c8668 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e275ef29ea6c42b78c8669 failing since 196 days (last pass: v5.4.180-77-g7de29e82b9db, first fail: v5.4.207-73-ga2480f1b1dda1) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv3 | arm64 | lab-baylibre | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/63e2772075ac997fcb8c862f Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e2772075ac997fcb8c8630 failing since 273 days (last pass: v5.4.191-77-g1a3b249e415b, first fail: v5.4.191-125-g5917d1547e6e) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv3 | arm64 | lab-broonie | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/63e27594b4c4ad13df8c86b3 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e27594b4c4ad13df8c86b4 failing since 196 days (last pass: v5.4.180-77-g7de29e82b9db, first fail: v5.4.207-73-ga2480f1b1dda1) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv3 | arm64 | lab-broonie | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/63e277002ca6686fce8c8635 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e277002ca6686fce8c8636 failing since 273 days (last pass: v5.4.191-77-g1a3b249e415b, first fail: v5.4.191-125-g5917d1547e6e) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv3 | arm64 | lab-collabora | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/63e2753af3817497758c865f Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e2753af3817497758c8660 failing since 196 days (last pass: v5.4.180-77-g7de29e82b9db, first fail: v5.4.207-73-ga2480f1b1dda1) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv3-uefi | arm64 | lab-baylibre | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/63e275ee29ea6c42b78c8662 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e275ee29ea6c42b78c8663 failing since 273 days (last pass: v5.4.191-84-g56ce42d78d96, first fail: v5.4.191-125-g5917d1547e6e) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv3-uefi | arm64 | lab-baylibre | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/63e27769a4f39d0cde8c866c Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e27769a4f39d0cde8c866d failing since 196 days (last pass: v5.4.180-77-g7de29e82b9db, first fail: v5.4.207-73-ga2480f1b1dda1) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv3-uefi | arm64 | lab-broonie | gcc-10 | defconfig+arm64-chromebook | 1 Details: https://kernelci.org/test/plan/id/63e2758083b47e260e8c8643 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e2758083b47e260e8c8644 failing since 273 days (last pass: v5.4.191-84-g56ce42d78d96, first fail: v5.4.191-125-g5917d1547e6e) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv3-uefi | arm64 | lab-broonie | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/63e27738518d458b428c8658 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e27738518d458b428c8659 failing since 196 days (last pass: v5.4.180-77-g7de29e82b9db, first fail: v5.4.207-73-ga2480f1b1dda1) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ qemu_arm64-virt-gicv3-uefi | arm64 | lab-collabora | gcc-10 | defconfig | 1 Details: https://kernelci.org/test/plan/id/63e276169ed1ddbf938c863d Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.login: https://kernelci.org/test/case/id/63e276169ed1ddbf938c863e failing since 196 days (last pass: v5.4.180-77-g7de29e82b9db, first fail: v5.4.207-73-ga2480f1b1dda1) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+---------------+----------+----------------------------+------------ sun8i-h3-libretech-all-h3-cc | arm | lab-baylibre | gcc-10 | multi_v7_defconfig | 1 Details: https://kernelci.org/test/plan/id/63e273f99061b5a6f88c8638 Results: 5 PASS, 1 FAIL, 1 SKIP Full config: multi_v7_defconfig Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… HTML log: https://storage.kernelci.org//stable-rc/queue-5.4/v5.4.230-194-ga2e225b8395… Rootfs: http://storage.kernelci.org/images/rootfs/buildroot/buildroot-baseline/2023… * baseline.bootrr.deferred-probe-empty: https://kernelci.org/test/case/id/63e273f99061b5a6f88c8641 failing since 6 days (last pass: v5.4.230-108-g761a8268d868, first fail: v5.4.230-109-g0a6085bff265) 2023-02-07T15:53:03.194170 / # # 2023-02-07T15:53:03.295853 export SHELL=/bin/sh 2023-02-07T15:53:03.296230 # 2023-02-07T15:53:03.397565 / # export SHELL=/bin/sh. /lava-3302522/environment 2023-02-07T15:53:03.397977 2023-02-07T15:53:03.499307 / # . /lava-3302522/environment/lava-3302522/bin/lava-test-runner /lava-3302522/1 2023-02-07T15:53:03.499967 2023-02-07T15:53:03.505488 / # /lava-3302522/bin/lava-test-runner /lava-3302522/1 2023-02-07T15:53:03.600539 + export 'TESTRUN_ID=1_bootrr' 2023-02-07T15:53:03.601072 + cd /lava-3302522/1/tests/1_bootrr ... (10 line(s) more)

2 years, 9 months

1
0
0 0

[PATCH] f2fs: fix kernel crash due to null io->bio

by Jaegeuk Kim

We should return when io->bio is null before doing anything. Otherwise, panic. BUG: kernel NULL pointer dereference, address: 0000000000000010 RIP: 0010:__submit_merged_write_cond+0x164/0x240 [f2fs] Call Trace: <TASK> f2fs_submit_merged_write+0x1d/0x30 [f2fs] commit_checkpoint+0x110/0x1e0 [f2fs] f2fs_write_checkpoint+0x9f7/0xf00 [f2fs] ? __pfx_issue_checkpoint_thread+0x10/0x10 [f2fs] __checkpoint_and_complete_reqs+0x84/0x190 [f2fs] ? preempt_count_add+0x82/0xc0 ? __pfx_issue_checkpoint_thread+0x10/0x10 [f2fs] issue_checkpoint_thread+0x4c/0xf0 [f2fs] ? __pfx_autoremove_wake_function+0x10/0x10 kthread+0xff/0x130 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2c/0x50 </TASK> Cc: stable(a)vger.kernel.org # v5.18+ Fixes: 64bf0eef0171 ("f2fs: pass the bio operation to bio_alloc_bioset") Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> --- fs/f2fs/data.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 12f233f2fd58..ea8311a58ab7 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -653,6 +653,9 @@ static void __f2fs_submit_merged_write(struct f2fs_sb_info *sbi, f2fs_down_write(&io->io_rwsem); + if (!io->bio) + goto unlock_out; + /* change META to META_FLUSH in the checkpoint procedure */ if (type >= META_FLUSH) { io->fio.type = META_FLUSH; @@ -661,6 +664,7 @@ static void __f2fs_submit_merged_write(struct f2fs_sb_info *sbi, io->bio->bi_opf |= REQ_PREFLUSH | REQ_FUA; } __submit_merged_bio(io); +unlock_out: f2fs_up_write(&io->io_rwsem); } -- 2.39.1.519.gcb327c4b5f-goog

2 years, 9 months

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror