- 05 Mar, 2020 1 commit
-
-
Michael Ellerman authored
Stefan reported a strange kernel fault which turned out to be due to a missing KUAP disable in flush_coherent_icache() called from flush_icache_range(). The fault looks like: Kernel attempted to access user page (7fffc30d9c00) - exploit attempt? (uid: 1009) BUG: Unable to handle kernel data access on read at 0x7fffc30d9c00 Faulting instruction address: 0xc00000000007232c Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV CPU: 35 PID: 5886 Comm: sigtramp Not tainted 5.6.0-rc2-gcc-8.2.0-00003-gfc37a163 #79 NIP: c00000000007232c LR: c00000000003b7fc CTR: 0000000000000000 REGS: c000001e11093940 TRAP: 0300 Not tainted (5.6.0-rc2-gcc-8.2.0-00003-gfc37a163) MSR: 900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 28000884 XER: 00000000 CFAR: c0000000000722fc DAR: 00007fffc30d9c00 DSISR: 08000000 IRQMASK: 0 GPR00: c00000000003b7fc c000001e11093bd0 c0000000023ac200 00007fffc30d9c00 GPR04: 00007fffc30d9c18 0000000000000000 c000001e11093bd4 0000000000000000 GPR08: 0000000000000000 0000000000000001 0000000000000000 c000001e1104ed80 GPR12: 0000000000000000 c000001fff6ab380 c0000000016be2d0 4000000000000000 GPR16: c000000000000000 bfffffffffffffff 0000000000000000 0000000000000000 GPR20: 00007fffc30d9c00 00007fffc30d8f58 00007fffc30d9c18 00007fffc30d9c20 GPR24: 00007fffc30d9c18 0000000000000000 c000001e11093d90 c000001e1104ed80 GPR28: c000001e11093e90 0000000000000000 c0000000023d9d18 00007fffc30d9c00 NIP flush_icache_range+0x5c/0x80 LR handle_rt_signal64+0x95c/0xc2c Call Trace: 0xc000001e11093d90 (unreliable) handle_rt_signal64+0x93c/0xc2c do_notify_resume+0x310/0x430 ret_from_except_lite+0x70/0x74 Instruction dump: 409e002c 7c0802a6 3c62ff31 3863f6a0 f8010080 48195fed 60000000 48fe4c8d 60000000 e8010080 7c0803a6 7c0004ac <7c00ffac> 7c0004ac 4c00012c 38210070 This path through handle_rt_signal64() to setup_trampoline() and flush_icache_range() is only triggered by 64-bit processes that have unmapped their VDSO, which is rare. flush_icache_range() takes a range of addresses to flush. In flush_coherent_icache() we implement an optimisation for CPUs where we know we don't actually have to flush the whole range, we just need to do a single icbi. However we still execute the icbi on the user address of the start of the range we're flushing. On CPUs that also implement KUAP (Power9) that leads to the spurious fault above. We should be able to pass any address, including a kernel address, to the icbi on these CPUs, which would avoid any interaction with KUAP. But I don't want to make that change in a bug fix, just in case it surfaces some strange behaviour on some CPU. So for now just disable KUAP around the icbi. Note the icbi is treated as a load, so we allow read access, not write as you'd expect. Fixes: 890274c2 ("powerpc/64s: Implement KUAP for Radix MMU") Cc: stable@vger.kernel.org # v5.2+ Reported-by:
Stefan Berger <stefanb@linux.ibm.com> Signed-off-by:
Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20200303235708.26004-1-mpe@ellerman.id.au
-
- 27 Feb, 2020 1 commit
-
-
Desnes A. Nunes do Rosario authored
PowerVM systems running compatibility mode on a few Power8 revisions are still vulnerable to the hardware defect that loses PMU exceptions arriving prior to a context switch. The software fix for this issue is enabled through the CPU_FTR_PMAO_BUG cpu_feature bit, nevertheless this bit also needs to be set for PowerVM compatibility mode systems. Fixes: 68f2f0d4 ("powerpc: Add a cpu feature CPU_FTR_PMAO_BUG") Signed-off-by:
Desnes A. Nunes do Rosario <desnesn@linux.ibm.com> Reviewed-by:
Leonardo Bras <leonardo@linux.ibm.com> Signed-off-by:
-
- 24 Feb, 2020 2 commits
-
-
Naveen N. Rao authored
Selecting CONFIG_DEBUG_INFO_BTF results in the below warning from ld: ld: warning: orphan section `.BTF' from `.btf.vmlinux.bin.o' being placed in section `.BTF' Include .BTF section in vmlinux explicitly to fix the same. Signed-off-by:
Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com> Signed-off-by:
-
Ravi Bangoria authored
DAR is set to the first byte of overlap between actual access and watched range at DSI on Book3S processor. But actual access range might or might not be within user asked range. So for Book3S, it must not call dar_within_range(). This revert portion of commit 39413ae0 ("powerpc/hw_breakpoints: Rewrite 8xx breakpoints to allow any address range size."). Before patch: # ./tools/testing/selftests/powerpc/ptrace/perf-hwbreak ... TESTED: No overlap FAILED: Partial overlap: 0 != 2 TESTED: Partial overlap TESTED: No overlap FAILED: Full overlap: 0 != 2 failure: perf_hwbreak After patch: TESTED: No overlap TESTED: Partial overlap TESTED: Partial overlap TESTED: No overlap TESTED: Full overlap success: perf_hwbreak Fixes: 39413ae0 ("powerpc/hw_breakpoints: Rewrite 8xx breakpoints to allow any address range size.") Reported-by:
Ravi Bangoria <ravi.bangoria@linux.ibm.com> Reviewed-by:
Christophe Leroy <christophe.leroy@c-s.fr> Signed-off-by:
-
- 18 Feb, 2020 6 commits
-
-
Christophe Leroy authored
Fixes: 12c3f1fd ("powerpc/32s: get rid of CPU_FTR_601 feature") Cc: stable@vger.kernel.org # v5.4+ Signed-off-by:
-
Oliver O'Halloran authored
The ls (lookup symbol) and zr (reboot) commands use xmon's getstring() helper to read a string argument from the xmon prompt. This function skips over leading whitespace, but doesn't check if the first "non-whitespace" character is a newline which causes some odd behaviour (<enter> indicates a the enter key was pressed): 0:mon> ls printk<enter> printk: c0000000001680c4 0:mon> ls<enter> printk<enter> Symbol ' printk' not found. 0:mon> With commit 2d9b332d ("powerpc/xmon: Allow passing an argument to ppc_md.restart()") we have a similar problem with the zr command. Previously zr took no arguments so "zr<enter> would trigger a reboot. With that patch applied a second newline needs to be sent in order for the reboot to occur. Fix this by checking if the leading whitespace ended on a newline: 0:mon> ls<enter> Symbol '' not found. Fixes: 2d9b332d ("powerpc/xmon: Allow passing an argument to ppc_md.restart()") Reported-by:
Oliver O'Halloran <oohall@gmail.com> Signed-off-by:
-
Christophe Leroy authored
power_save_ppc32_restore() is called during exception entry, before re-enabling the MMU. It substracts KERNELBASE from the address of nap_save_msscr0 to access it. With CONFIG_VMAP_STACK enabled, data MMU translation has already been re-enabled, so power_save_ppc32_restore() has to access nap_save_msscr0 by its virtual address. Reported-by:
Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by:
-
Christophe Leroy authored
With CONFIG_VMAP_STACK, data MMU has to be enabled to read data on the stack. Fixes: cd08f109 ("powerpc/32s: Enable CONFIG_VMAP_STACK") Signed-off-by:
-
Christophe Leroy authored
hash_page() needs to read page tables from kernel memory. When entire kernel memory is mapped by BATs, which is normally the case when CONFIG_STRICT_KERNEL_RWX is not set, it works even if the page hosting the page table is not referenced in the MMU hash table. However, if the page where the page table resides is not covered by a BAT, a DSI fault can be encountered from hash_page(), and it loops forever. This can happen when CONFIG_STRICT_KERNEL_RWX is selected and the alignment of the different regions is too small to allow covering the entire memory with BATs. This also happens when CONFIG_DEBUG_PAGEALLOC is selected or when booting with 'nobats' flag. Also, if the page containing the kernel stack is not present in the MMU hash table, registers cannot be saved and a recursive DSI fault is encountered. To allow hash_page() to properly do its job at all time and load the MMU hash table whenever needed, it must run with data MMU disabled. This means it must be called before re-enabling data MMU. To allow this, registers clobbered by hash_page() and create_hpte() have to be saved in the thread struct together with SRR0, SSR1, DAR and DSISR. It is also necessary to ensure that DSI prolog doesn't overwrite regs saved by prolog of the current running exception. That means: - DSI can only use SPRN_SPRG_SCRATCH0 - Exceptions must free SPRN_SPRG_SCRATCH0 before writing to the stack. This also fixes the Oops reported by Erhard when create_hpte() is called by add_hash_page(). Due to prolog size increase, a few more exceptions had to get split in two parts. Fixes: cd08f109 ("powerpc/32s: Enable CONFIG_VMAP_STACK") Reported-by:
Erhard F. <erhard_f@mailbox.org> Signed-off-by:
-
Gustavo Luiz Duarte authored
After a treclaim, we expect to be in non-transactional state. If we don't clear the current thread's MSR[TS] before we get preempted, then tm_recheckpoint_new_task() will recheckpoint and we get rescheduled in suspended transaction state. When handling a signal caught in transactional state, handle_rt_signal64() calls get_tm_stackpointer() that treclaims the transaction using tm_reclaim_current() but without clearing the thread's MSR[TS]. This can cause the TM Bad Thing exception below if later we pagefault and get preempted trying to access the user's sigframe, using __put_user(). Afterwards, when we are rescheduled back into do_page_fault() (but now in suspended state since the thread's MSR[TS] was not cleared), upon executing 'rfid' after completion of the page fault handling, the exception is raised because a transition from suspended to non-transactional state is invalid. Unexpected TM Bad Thing exception at c00000000000de44 (msr 0x8000000302a03031) tm_scratch=800000010280b033 Oops: Unrecoverable exception, sig: 6 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries CPU: 25 PID: 15547 Comm: a.out Not tainted 5.4.0-rc2 #32 NIP: c00000000000de44 LR: c000000000034728 CTR: 0000000000000000 REGS: c00000003fe7bd70 TRAP: 0700 Not tainted (5.4.0-rc2) MSR: 8000000302a03031 <SF,VEC,VSX,FP,ME,IR,DR,LE,TM[SE]> CR: 44000884 XER: 00000000 CFAR: c00000000000dda4 IRQMASK: 0 PACATMSCRATCH: 800000010280b033 GPR00: c000000000034728 c000000f65a17c80 c000000001662800 00007fffacf3fd78 GPR04: 0000000000001000 0000000000001000 0000000000000000 c000000f611f8af0 GPR08: 0000000000000000 0000000078006001 0000000000000000 000c000000000000 GPR12: c000000f611f84b0 c00000003ffcb200 0000000000000000 0000000000000000 GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR20: 0000000000000000 0000000000000000 0000000000000000 c000000f611f8140 GPR24: 0000000000000000 00007fffacf3fd68 c000000f65a17d90 c000000f611f7800 GPR28: c000000f65a17e90 c000000f65a17e90 c000000001685e18 00007fffacf3f000 NIP [c00000000000de44] fast_exception_return+0xf4/0x1b0 LR [c000000000034728] handle_rt_signal64+0x78/0xc50 Call Trace: [c000000f65a17c80] [c000000000034710] handle_rt_signal64+0x60/0xc50 (unreliable) [c000000f65a17d30] [c000000000023640] do_notify_resume+0x330/0x460 [c000000f65a17e20] [c00000000000dcc4] ret_from_except_lite+0x70/0x74 Instruction dump: 7c4ff120 e8410170 7c5a03a6 38400000 f8410060 e8010070 e8410080 e8610088 60000000 60000000 e8810090 e8210078 <4c000024> 48000000 e8610178 88ed0989 ---[ end trace 93094aa44b442f87 ]--- The simplified sequence of events that triggers the above exception is: ... # userspace in NON-TRANSACTIONAL state tbegin # userspace in TRANSACTIONAL state signal delivery # kernelspace in SUSPENDED state handle_rt_signal64() get_tm_stackpointer() treclaim # kernelspace in NON-TRANSACTIONAL state __put_user() page fault happens. We will never get back here because of the TM Bad Thing exception. page fault handling kicks in and we voluntarily preempt ourselves do_page_fault() __schedule() __switch_to(other_task) our task is rescheduled and we recheckpoint because the thread's MSR[TS] was not cleared __switch_to(our_task) switch_to_tm() tm_recheckpoint_new_task() trechkpt # kernelspace in SUSPENDED state The page fault handling resumes, but now we are in suspended transaction state do_page_fault() completes rfid <----- trying to get back where the page fault happened (we were non-transactional back then) TM Bad Thing # illegal transition from suspended to non-transactional This patch fixes that issue by clearing the current thread's MSR[TS] just after treclaim in get_tm_stackpointer() so that we stay in non-transactional state in case we are preempted. In order to make treclaim and clearing the thread's MSR[TS] atomic from a preemption perspective when CONFIG_PREEMPT is set, preempt_disable/enable() is used. It's also necessary to save the previous value of the thread's MSR before get_tm_stackpointer() is called so that it can be exposed to the signal handler later in setup_tm_sigcontexts() to inform the userspace MSR at the moment of the signal delivery. Found with tm-signal-context-force-tm kernel selftest. Fixes: 2b0a576d ("powerpc: Add new transactional memory state to the signal context") Cc: stable@vger.kernel.org # v3.9 Signed-off-by:Gustavo Luiz Duarte <gustavold@linux.ibm.com> Acked-by:
Michael Neuling <mikey@neuling.org> Signed-off-by:
-
- 17 Feb, 2020 4 commits
-
-
Christophe Leroy authored
In ITLB miss handled the line supposed to clear bits 20-23 on the L2 ITLB entry is buggy and does indeed nothing, leading to undefined value which could allow execution when it shouldn't. Properly do the clearing with the relevant instruction. Fixes: 74fabcad ("powerpc/8xx: don't use r12/SPRN_SPRG_SCRATCH2 in TLB Miss handlers") Cc: stable@vger.kernel.org # v5.0+ Signed-off-by:
-
Christophe Leroy authored
With HW assistance all page tables must be 4k aligned, the 8xx drops the last 12 bits during the walk. Redefine HUGEPD_SHIFT_MASK to mask last 12 bits out. HUGEPD_SHIFT_MASK is used to for alignment of page table cache. Fixes: 22569b88 ("powerpc/8xx: Enable 8M hugepage support with HW assistance") Cc: stable@vger.kernel.org # v5.0+ Signed-off-by:
-
Christophe Leroy authored
Commit 55c8fc3f ("powerpc/8xx: reintroduce 16K pages with HW assistance") redefined pte_t as a struct of 4 pte_basic_t, because in 16K pages mode there are four identical entries in the page table. But the size of hugepage tables is calculated based of the size of (void *). Therefore, we end up with page tables of size 1k instead of 4k for 512k pages. As 512k hugepage tables are the same size as standard page tables, ie 4k, use the standard page tables instead of PGT_CACHE tables. Fixes: 3fb69c6a ("powerpc/8xx: Enable 512k hugepage support with HW assistance") Cc: stable@vger.kernel.org # v5.0+ Signed-off-by:
-
Sam Bobroff authored
Recovering a dead PHB can currently cause a deadlock as the PCI rescan/remove lock is taken twice. This is caused as part of an existing bug in eeh_handle_special_event(). The pe is processed while traversing the PHBs even though the pe is unrelated to the loop. This causes the pe to be, incorrectly, processed more than once. Untangling this section can move the pe processing out of the loop and also outside the locked section, correcting both problems. Fixes: 2e255051 ("powerpc/eeh: Fix crash when edev->pdev changes") Cc: stable@vger.kernel.org # 5.4+ Signed-off-by:
Sam Bobroff <sbobroff@linux.ibm.com> Reviewed-by:
Frederic Barrat <fbarrat@linux.ibm.com> Tested-by:
-
- 16 Feb, 2020 10 commits
-
-
Linus Torvalds authored
-
https://github.com/cminyard/linux-ipmiLinus Torvalds authored
Pull IPMI update from Corey Minyard: "Minor bug fixes for IPMI I know this is late; I've been travelling and, well, I've been distracted. This is just a few bug fixes and adding i2c support to the IPMB driver, which is something I wanted from the beginning for it" * tag 'for-linus-5.6-1' of https://github.com/cminyard/linux-ipmi: drivers: ipmi: fix off-by-one bounds check that leads to a out-of-bounds write ipmi:ssif: Handle a possible NULL pointer reference drivers: ipmi: Modify max length of IPMB packet drivers: ipmi: Support raw i2c packet in IPMB
-
git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds authored
Pull KVM fixes from Paolo Bonzini: "Bugfixes and improvements to selftests. On top of this, Mauro converted the KVM documentation to rst format, which was very welcome" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (44 commits) docs: virt: guest-halt-polling.txt convert to ReST docs: kvm: review-checklist.txt: rename to ReST docs: kvm: Convert timekeeping.txt to ReST format docs: kvm: Convert s390-diag.txt to ReST format docs: kvm: Convert ppc-pv.txt to ReST format docs: kvm: Convert nested-vmx.txt to ReST format docs: kvm: Convert mmu.txt to ReST format docs: kvm: Convert locking.txt to ReST format docs: kvm: Convert hypercalls.txt to ReST format docs: kvm: arm/psci.txt: convert to ReST docs: kvm: convert arm/hyp-abi.txt to ReST docs: kvm: Convert api.txt to ReST format docs: kvm: convert devices/xive.txt to ReST docs: kvm: convert devices/xics.txt to ReST docs: kvm: convert devices/vm.txt to ReST docs: kvm: convert devices/vfio.txt to ReST docs: kvm: convert devices/vcpu.txt to ReST docs: kvm: convert devices/s390_flic.txt to ReST docs: kvm: convert devices/mpic.txt to ReST docs: kvm: convert devices/arm-vgit.txt to ReST ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/ras/rasLinus Torvalds authored
Pull EDAC fixes from Borislav Petkov: "Two fixes for use-after-free and memory leaking in the EDAC core, by Robert Richter. Debug options like DEBUG_TEST_DRIVER_REMOVE, KASAN and DEBUG_KMEMLEAK unearthed issues with the lifespan of memory allocated by the EDAC memory controller descriptor due to misdesigned memory freeing, done partially by the EDAC core *and* the driver core, which is problematic to say the least. These two are minimal fixes to take care of stable - a proper rework is following which cleans up that mess properly" * tag 'edac_urgent_for_5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras: EDAC/sysfs: Remove csrow objects on errors EDAC/mc: Fix use-after-free and memleaks during device removal
-
git://git.kernel.dk/linux-blockLinus Torvalds authored
Pull block fixes from Jens Axboe: "Not a lot here, which is great, basically just three small bcache fixes from Coly, and four NVMe fixes via Keith" * tag 'block-5.6-2020-02-16' of git://git.kernel.dk/linux-block: nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info nvme/pci: move cqe check after device shutdown nvme: prevent warning triggered by nvme_stop_keep_alive nvme/tcp: fix bug on double requeue when send fails bcache: remove macro nr_to_fifo_front() bcache: Revert "bcache: shrink btree node cache after bch_btree_check()" bcache: ignore pending signals when creating gc and allocator thread
-
git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linuxLinus Torvalds authored
Pull btrfs fixes from David Sterba: "Two races fixed, memory leak fix, sysfs directory fixup and two new log messages: - two fixed race conditions: extent map merging and truncate vs fiemap - create the right sysfs directory with device information and move the individual device dirs under it - print messages when the tree-log is replayed at mount time or cannot be replayed on remount" * tag 'for-5.6-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: btrfs: sysfs, move device id directories to UUID/devinfo btrfs: sysfs, add UUID/devinfo kobject Btrfs: fix race between shrinking truncate and fiemap btrfs: log message when rw remount is attempted with unclean tree-log btrfs: print message when tree-log replay starts Btrfs: fix race between using extent maps and merging them btrfs: ref-verify: fix memory leaks -
git://git.samba.org/sfrench/cifs-2.6Linus Torvalds authored
Pull cifs fixes from Steve French: "Four small CIFS/SMB3 fixes. One (the EA overflow fix) for stable" * tag '5.6-rc1-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6: cifs: make sure we do not overflow the max EA buffer size cifs: enable change notification for SMB2.1 dialect cifs: Fix mode output in debugging statements cifs: fix mount option display for sec=krb5i
-
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4Linus Torvalds authored
Pull ext4 fixes from Ted Ts'o: "Miscellaneous ext4 bug fixes (all stable fodder)" * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: ext4: improve explanation of a mount failure caused by a misconfigured kernel jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() ext4: add cond_resched() to ext4_protect_reserved_inode ext4: fix checksum errors with indexed dirs ext4: fix support for inode sizes > 1024 bytes ext4: simplify checking quota limits in ext4_statfs() ext4: don't assume that mmp_nodename/bdevname have NUL
-
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/inputLinus Torvalds authored
Pull input updates from Dmitry Torokhov: - a few drivers have been updated to use flexible-array syntax instead of GCC extension - ili210x touchscreen driver now supports the 2120 protocol flavor - a couple more of Synaptics devices have been switched over to RMI4 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: cyapa - replace zero-length array with flexible-array member Input: tca6416-keypad - replace zero-length array with flexible-array member Input: gpio_keys_polled - replace zero-length array with flexible-array member Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list Input: synaptics - enable SMBus on ThinkPad L470 Input: synaptics - switch T470s to RMI4 by default Input: gpio_keys - replace zero-length array with flexible-array member Input: goldfish_events - replace zero-length array with flexible-array member Input: psmouse - switch to using i2c_new_scanned_device() Input: ili210x - add ili2120 support Input: ili210x - fix return value of is_visible function
-
git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdmaLinus Torvalds authored
Pull rdma fixes from Jason Gunthorpe: "Not too much going on here, though there are about four fixes related to stuff merged during the last merge window. We also see the return of a syzkaller instance with access to RDMA devices, and a few bugs detected by that squished. - Fix three crashers and a memory memory leak for HFI1 - Several bugs found by syzkaller - A bug fix for the recent QP counters feature on older mlx5 HW - Locking inversion in cxgb4 - Unnecessary WARN_ON in siw - A umad crasher regression during unload, from a bug fix for something else - Bugs introduced in the merge window: - Missed list_del in uverbs file rework, core and mlx5 devx - Unexpected integer math truncation in the mlx5 VAR patches - Compilation bug fix for the VAR patches on 32 bit" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: IB/mlx5: Use div64_u64 for num_var_hw_entries calculation RDMA/core: Fix protection fault in get_pkey_idx_qp_list RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq RDMA/mlx5: Prevent overflow in mmap offset calculations IB/umad: Fix kernel crash while unloading ib_umad RDMA/mlx5: Fix async events cleanup flows RDMA/core: Add missing list deletion on freeing event queue RDMA/siw: Remove unwanted WARN_ON in siw_cm_llp_data_ready() RDMA/iw_cxgb4: initiate CLOSE when entering TERM IB/mlx5: Return failure when rts2rts_qp_counters_set_id is not supported RDMA/core: Fix invalid memory access in spec_filter_size IB/rdmavt: Reset all QPs when the device is shut down IB/hfi1: Close window for pq and request coliding IB/hfi1: Acquire lock to release TID entries when user file is closed RDMA/hfi1: Fix memory leak in _dev_comp_vect_mappings_create
-
- 15 Feb, 2020 11 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/soc/socLinus Torvalds authored
Pull ARM SoC fixes from Olof Johansson: "A handful of fixes that have come in since the merge window: - Fix of PCI interrupt map on arm64 fast model (SW emulator) - Fixlet for sound on ST platforms and a small cleanup of deprecated DT properties - A stack buffer overflow fix for moxtet - Fuse driver build fix for Tegra194 - A few config updates to turn on new drivers merged this cycle" * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: bus: moxtet: fix potential stack buffer overflow soc/tegra: fuse: Fix build with Tegra194 configuration ARM: dts: sti: fixup sound frame-inversion for stihxxx-b2120.dtsi ARM: dts: sti: Remove deprecated snps PHY properties for stih410-b2260 arm64: defconfig: Enable DRM_SUN6I_DSI arm64: defconfig: Enable CONFIG_SUN8I_THERMAL ARM: sunxi: Enable CONFIG_SUN8I_THERMAL arm64: defconfig: Set bcm2835-dma as built-in ARM: configs: Cleanup old Kconfig options ARM: npcm: Bring back GPIOLIB support arm64: dts: fast models: Fix FVP PCI interrupt-map property -
git://git.kernel.org/pub/scm/linux/kernel/git/s390/linuxLinus Torvalds authored
Pull s390 updates from Vasily Gorbik: - Enable paes-s390 cipher selftests in testmgr (acked-by Herbert Xu). - Fix protected key length update in PKEY_SEC2PROTK ioctl and increase card/queue requests counter to 64-bit in crypto code. - Fix clang warning in get_tod_clock. - Fix ultravisor info length extensions handling. - Fix style of SPDX License Identifier in vfio-ccw. - Avoid unnecessary GFP_ATOMIC and simplify ACK tracking in qdio. * tag 's390-5.6-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: crypto/testmgr: enable selftests for paes-s390 ciphers s390/time: Fix clk type in get_tod_clock s390/uv: Fix handling of length extensions s390/qdio: don't allocate *aob array with GFP_ATOMIC s390/qdio: simplify ACK tracking s390/zcrypt: fix card and queue total counter wrap s390/pkey: fix missing length of protected key on return vfio-ccw: Use the correct style for SPDX License Identifier
-
Linus Torvalds authored
Merge tag 'hwmon-for-v5.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon fixes from Guenter Roeck: "Fix compatible string typos in the xdpe12284 driver, and a wrong bit value in the ltc2978 driver" * tag 'hwmon-for-v5.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (pmbus/xdpe12284) fix typo in compatible strings hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions.
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull scheduler fixes from Ingo Molnar: "Misc fixes all over the place: - Fix NUMA over-balancing between lightly loaded nodes. This is fallout of the big load-balancer rewrite. - Fix the NOHZ remote loadavg update logic, which fixes anomalies like reported 150 loadavg on mostly idle CPUs. - Fix XFS performance/scalability - Fix throttled groups unbound task-execution bug - Fix PSI procfs boundary condition - Fix the cpu.uclamp.{min,max} cgroup configuration write checks - Fix DocBook annotations - Fix RCU annotations - Fix overly CPU-intensive housekeeper CPU logic loop on large CPU counts" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/fair: Fix kernel-doc warning in attach_entity_load_avg() sched/core: Annotate curr pointer in rq with __rcu sched/psi: Fix OOB write when writing 0 bytes to PSI files sched/fair: Allow a per-CPU kthread waking a task to stack on the same CPU, to fix XFS performance regression sched/fair: Prevent unlimited runtime on throttled group sched/nohz: Optimize get_nohz_timer_target() sched/uclamp: Reject negative values in cpu_uclamp_write() sched/fair: Allow a small load imbalance between low utilisation SD_NUMA domains timers/nohz: Update NOHZ load in remote tick sched/core: Don't skip remote tick for idle CPUs -
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull perf fixes from Ingo Molnar: "Fixes and HW enablement patches: - Tooling fixes, most of which are tooling header synchronization with v5.6 changes - Fix kprobes fallout on ARM - Add Intel Elkhart Lake support and extend Tremont support, these are relatively simple and should only affect those models - Fix the AMD family 17h generic event table" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (30 commits) perf llvm: Fix script used to obtain kernel make directives to work with new kbuild tools headers kvm: Sync linux/kvm.h with the kernel sources tools headers kvm: Sync kvm headers with the kernel sources tools arch x86: Sync asm/cpufeatures.h with the kernel sources tools headers x86: Sync disabled-features.h tools include UAPI: Sync sound/asound.h copy tools headers UAPI: Sync asm-generic/mman-common.h with the kernel perf tools: Add arm64 version of get_cpuid() tools headers UAPI: Sync drm/i915_drm.h with the kernel sources tools headers uapi: Sync linux/fscrypt.h with the kernel sources tools headers UAPI: Sync sched.h with the kernel perf trace: Resolve prctl's 'option' arg strings to numbers perf beauty prctl: Export the 'options' strarray tools headers UAPI: Sync prctl.h with the kernel sources tools headers UAPI: Sync copy of arm64's asm/unistd.h with the kernel sources perf maps: Move kmap::kmaps setup to maps__insert() perf maps: Fix map__clone() for struct kmap perf maps: Mark ksymbol DSOs with kernel type perf maps: Mark module DSOs with kernel type tools include UAPI: Sync x86's syscalls_64.tbl, generic unistd.h and fcntl.h to pick up openat2 and pidfd_getfd ... -
Marek Behún authored
The input_read function declares the size of the hex array relative to sizeof(buf), but buf is a pointer argument of the function. The hex array is meant to contain hexadecimal representation of the bin array. Link: https://lore.kernel.org/r/20200215142130.22743-1-marek.behun@nic.cz Fixes: 5bc7f990 ("bus: Add support for Moxtet bus") Signed-off-by:
Marek Behún <marek.behun@nic.cz> Reported-by:
sohu0106 <sohu0106@126.com> Signed-off-by:
Olof Johansson <olof@lixom.net>
-
Theodore Ts'o authored
If CONFIG_QFMT_V2 is not enabled, but CONFIG_QUOTA is enabled, when a user tries to mount a file system with the quota or project quota enabled, the kernel will emit a very confusing messsage: EXT4-fs warning (device vdc): ext4_enable_quotas:5914: Failed to enable quota tracking (type=0, err=-3). Please run e2fsck to fix. EXT4-fs (vdc): mount failed We will now report an explanatory message indicating which kernel configuration options have to be enabled, to avoid customer/sysadmin confusion. Link: https://lore.kernel.org/r/20200215012738.565735-1-tytso@mit.edu Google-Bug-Id: 149093531 Fixes: 7c319d32 ("ext4: make quota as first class supported feature") Signed-off-by:Theodore Ts'o <tytso@mit.edu> Cc: stable@kernel.org
-
Ingo Molnar authored
Merge tag 'perf-urgent-for-mingo-5.6-20200214' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/urgent fixes from Arnaldo Carvalho de Melo: BPF: Arnaldo Carvalho de Melo: - Fix script used to obtain kernel make directives to work with new kbuild used for building BPF programs. maps: Jiri Olsa: - Fixup kmap->kmaps backpointer in kernel maps. arm64: John Garry: - Add arm64 version of get_cpuid() to get proper, arm64 specific output from 'perf list' and other tools. perf top: Kim Phillips: - Update kernel idle symbols so that output in AMD systems is in line with other systems. perf stat: Kim Phillips: - Don't report a null stalled cycles per insn metric. tools headers: Arnaldo Carvalho de Melo: - Sync tools/ headers with the kernel sources to get things like syscall numbers and new arguments so that 'perf trace' can decode and use them in tracepoint filters, e.g. prctl's new PR_{G,S}ET_IO_FLUSHER options. Signed-off-by:
Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by:
Ingo Molnar <mingo@kernel.org>
-
Gustavo A. R. Silva authored
The current codebase makes use of the zero-length array language extension to the C90 standard, but the preferred mechanism to declare variable-length types such as these ones is a flexible array member[1][2], introduced in C99: struct foo { int stuff; struct boo array[]; }; By making use of the mechanism above, we will get a compiler warning in case the flexible array does not occur last in the structure, which will help us prevent some kind of undefined behavior bugs from being inadvertently introduced[3] to the codebase from now on. Also, notice that, dynamic memory allocations won't be affected by this change: "Flexible array members have incomplete type, and so the sizeof operator may not be applied. As a quirk of the original implementation of zero-length arrays, sizeof evaluates to zero."[1] This issue was found with the help of Coccinelle. [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html [2] https://github.com/KSPP/linux/issues/21 [3] commit 76497732 ("cxgb3/l2t: Fix undefined behaviour") Signed-off-by:Gustavo A. R. Silva <gustavo@embeddedor.com> Link: https://lore.kernel.org/r/20200214172132.GA28389@embeddedorSigned-off-by:
Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
Gustavo A. R. Silva authored
The current codebase makes use of the zero-length array language extension to the C90 standard, but the preferred mechanism to declare variable-length types such as these ones is a flexible array member[1][2], introduced in C99: struct foo { int stuff; struct boo array[]; }; By making use of the mechanism above, we will get a compiler warning in case the flexible array does not occur last in the structure, which will help us prevent some kind of undefined behavior bugs from being inadvertently introduced[3] to the codebase from now on. Also, notice that, dynamic memory allocations won't be affected by this change: "Flexible array members have incomplete type, and so the sizeof operator may not be applied. As a quirk of the original implementation of zero-length arrays, sizeof evaluates to zero."[1] This issue was found with the help of Coccinelle. [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html [2] https://github.com/KSPP/linux/issues/21 [3] commit 76497732 ("cxgb3/l2t: Fix undefined behaviour") Signed-off-by: -
Gustavo A. R. Silva authored
The current codebase makes use of the zero-length array language extension to the C90 standard, but the preferred mechanism to declare variable-length types such as these ones is a flexible array member[1][2], introduced in C99: struct foo { int stuff; struct boo array[]; }; By making use of the mechanism above, we will get a compiler warning in case the flexible array does not occur last in the structure, which will help us prevent some kind of undefined behavior bugs from being inadvertently introduced[3] to the codebase from now on. Also, notice that, dynamic memory allocations won't be affected by this change: "Flexible array members have incomplete type, and so the sizeof operator may not be applied. As a quirk of the original implementation of zero-length arrays, sizeof evaluates to zero."[1] This issue was found with the help of Coccinelle. [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html [2] https://github.com/KSPP/linux/issues/21 [3] commit 76497732 ("cxgb3/l2t: Fix undefined behaviour") Signed-off-by:
-
- 14 Feb, 2020 5 commits
-
-
git://git.linux-nfs.org/projects/anna/linux-nfsLinus Torvalds authored
Pull NFS client bugfixes from Anna Schumaker: "The only stable fix this time is the DMA scatter-gather list bug fixed by Chuck. The rest fix up races and refcounting issues that have been found during testing. Stable fix: - fix DMA scatter-gather list mapping imbalance The rest: - fix directory verifier races - fix races between open and dentry revalidation - fix revalidation of dentries with delegations - fix "cachethis" setting for writes - fix delegation and delegation cred pinning" * tag 'nfs-for-5.6-2' of git://git.linux-nfs.org/projects/anna/linux-nfs: NFSv4: Ensure the delegation cred is pinned when we call delegreturn NFSv4: Ensure the delegation is pinned in nfs_do_return_delegation() NFSv4.1 make cachethis=no for writes xprtrdma: Fix DMA scatter-gather list mapping imbalance NFSv4: Fix revalidation of dentries with delegations NFSv4: Fix races between open and dentry revalidation NFS: Fix up directory verifier races
-
https://github.com/ceph/ceph-clientLinus Torvalds authored
Pull ceph fixes from Ilya Dryomov: - make O_DIRECT | O_APPEND combination work better - redo the server path canonicalization patch that went into -rc1 - fix the 'noacl' mount option that got broken by the conversion to the new mount API in 5.5 * tag 'ceph-for-5.6-rc2' of https://github.com/ceph/ceph-client: ceph: noacl mount option is effectively ignored ceph: canonicalize server path in place ceph: do not execute direct write in parallel if O_APPEND is specified
-
git://git.kernel.dk/linux-blockLinus Torvalds authored
Pull io_uring fixes from Jens Axboe: "Here's a set of fixes for io_uring: - Various fixes with cleanups from Pavel, fixing corner cases where we're not correctly dealing with iovec cleanup. - Clarify that statx/openat/openat2 don't accept fixed files - Buffered raw device write EOPTNOTSUPP fix - Ensure async workers grab current->fs - A few task exit fixes with pending requests that grab the file table - send/recvmsg async load fix - io-wq offline node setup fix - CQ overflow flush in poll" * tag 'io_uring-5.6-2020-02-14' of git://git.kernel.dk/linux-block: (21 commits) io_uring: prune request from overflow list on flush io-wq: don't call kXalloc_node() with non-online node io_uring: retain sockaddr_storage across send/recvmsg async punt io_uring: cancel pending async work if task exits io-wq: add io_wq_cancel_pid() to cancel based on a specific pid io-wq: make io_wqe_cancel_work() take a match handler io_uring: fix openat/statx's filename leak io_uring: fix double prep iovec leak io_uring: fix async close() with f_op->flush() io_uring: allow AT_FDCWD for non-file openat/openat2/statx io_uring: grab ->fs as part of async preparation io-wq: add support for inheriting ->fs io_uring: retry raw bdev writes if we hit -EOPNOTSUPP io_uring: add cleanup for openat()/statx() io_uring: fix iovec leaks io_uring: remove unused struct io_async_open io_uring: flush overflowed CQ events in the io_uring_poll() io_uring: statx/openat/openat2 don't support fixed files io_uring: fix deferred req iovec leak io_uring: fix 1-bit bitfields to be unsigned ... -
git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netLinus Torvalds authored
Pull networking fixes from David Miller: 1) Fix interrupt name truncation in mv88e6xxx dsa driver, from Andrew Lunn. 2) Process generic XDP even if SKB is cloned, from Toke Høiland-Jørgensen. 3) Fix leak of kernel memory to userspace in smc, from Eric Dumazet. 4) Add some missing netlink attribute validation to matchall and flower, from Davide Caratti. 5) Send icmp responses properly when NAT has been applied to the frame before we get to the tunnel emitting the icmp, from Jason Donenfeld. 6) Make sure there is enough SKB headroom when adding dsa tags for qca and ar9331. From Per Forlin. * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (62 commits) netdevice.h: fix all kernel-doc and Sphinx warnings net: dsa: tag_ar9331: Make sure there is headroom for tag net: dsa: tag_qca: Make sure there is headroom for tag net, ip6_tunnel: enhance tunnel locate with link check net/smc: no peer ID in CLC decline for SMCD net/smc: transfer fasync_list in case of fallback net: hns3: fix a copying IPv6 address error in hclge_fd_get_flow_tuples() net: hns3: fix VF bandwidth does not take effect in some case net: hns3: add management table after IMP reset mac80211: fix wrong 160/80+80 MHz setting cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE xfrm: interface: use icmp_ndo_send helper wireguard: device: use icmp_ndo_send helper sunvnet: use icmp_ndo_send helper gtp: use icmp_ndo_send helper icmp: introduce helper for nat'd source address in network device context net/sched: flower: add missing validation of TCA_FLOWER_FLAGS net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS net/flow_dissector: remove unexist field description page_pool: refill page when alloc.count of pool is zero ... -
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pmLinus Torvalds authored
Pull power management fixes from Rafael Wysocki: "Fix three issues related to the handling of wakeup events signaled through the ACPI SCI while suspended to idle (Rafael Wysocki) and unexport an internal cpufreq variable (Yangtao Li)" * tag 'pm-5.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI: PM: s2idle: Prevent spurious SCIs from waking up the system ACPICA: Introduce acpi_any_gpe_status_set() ACPI: PM: s2idle: Avoid possible race related to the EC GPE ACPI: EC: Fix flushing of pending work cpufreq: Make cpufreq_global_kobject static
-
