Skip to main content

Browse the archive

https://github.com/google/kmsan
16 July 2024, 22:04:21 UTC
sort by:
Revision Author Date Message Commit Date
f68a950 Alexander Potapenko 20 September 2017, 00:24:52 UTC kmsan: handle more instances of raw_copy_from_user()/raw_copy_to_user() 20 September 2017, 00:24:52 UTC
9e83310 Alexander Potapenko 20 September 2017, 00:24:22 UTC kmsan: suppress a false positive in __down_write_trylock() 20 September 2017, 00:24:22 UTC
49da1f0 Alexander Potapenko 20 September 2017, 00:23:43 UTC kmsan: add a comment to kmsan_copy_to_user() TODO(glider): merge into another commit. 20 September 2017, 00:23:43 UTC
c955797 Alexander Potapenko 04 September 2017, 12:50:09 UTC kmsan: whack-a-moleing the false positives 19 September 2017, 23:18:36 UTC
16b802c Alexander Potapenko 01 September 2017, 18:22:52 UTC kmsan: unpoison random data from chacha20_block() 19 September 2017, 23:18:16 UTC
7203333 Alexander Potapenko 01 September 2017, 18:08:18 UTC [BUG] nvme: fix use of uninit variable Introduced by https://github.com/torvalds/linux/commit/6bfe04255d5ed5643ee4c2d9b09b337398f8cb6a TODO(glider): report upstream 19 September 2017, 23:18:07 UTC
7f25b0b Alexander Potapenko 01 September 2017, 17:46:49 UTC kmsan: unpoison struct regs in do_page_fault() 19 September 2017, 23:17:22 UTC
8ca62d6 Alexander Potapenko 01 September 2017, 17:38:16 UTC fixup copy_to_user/copy_from_user 19 September 2017, 23:17:09 UTC
73479f7 Matthias Kaehlcke 17 August 2017, 18:20:47 UTC [UPSTREAM] x86/build: Use cc-option to validate stack alignment parameter With the following commit: 8f91869766c0 ("x86/build: Fix stack alignment for CLang") cc-option is only used to determine the name of the stack alignment option supported by the compiler, but not to verify that the actual parameter <option>=N is valid in combination with the other CFLAGS. This causes problems (as reported by the kbuild robot) with older GCC versions which only support stack alignment on a boundary of 16 bytes or higher. Also use (__)cc_option to add the stack alignment option to CFLAGS to make sure only valid options are added. Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Matthias Kaehlcke <mka@chromium.org> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Bernhard.Rosenkranzer@linaro.org Cc: Greg Hackmann <ghackmann@google.com> Cc: Kees Cook <keescook@chromium.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Masahiro Yamada <yamada.masahiro@socionext.com> Cc: Michael Davidson <md@google.com> Cc: Nick Desaulniers <ndesaulniers@google.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Stephen Hines <srhines@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: dianders@chromium.org Fixes: 8f91869766c0 ("x86/build: Fix stack alignment for CLang") Link: http://lkml.kernel.org/r/20170817182047.176752-1-mka@chromium.org Signed-off-by: Ingo Molnar <mingo@kernel.org> 19 September 2017, 23:17:01 UTC
80da1cd Matthias Kaehlcke 17 August 2017, 00:47:40 UTC [UPSTREAM] x86/build: Fix stack alignment for CLang Commit: d77698df39a5 ("x86/build: Specify stack alignment for clang") intended to use the same stack alignment for clang as with gcc. The two compilers use different options to configure the stack alignment (gcc: -mpreferred-stack-boundary=n, clang: -mstack-alignment=n). The above commit assumes that the clang option uses the same parameter type as gcc, i.e. that the alignment is specified as 2^n. However clang interprets the value of this option literally to use an alignment of n, in consequence the stack remains misaligned. Change the values used with -mstack-alignment to be the actual alignment instead of a power of two. cc-option isn't used here with the typical pattern of KBUILD_CFLAGS += $(call cc-option ...). The reason is that older gcc versions don't support the -mpreferred-stack-boundary option, since cc-option doesn't verify whether the alternative option is valid it would incorrectly select the clang option -mstack-alignment.. Signed-off-by: Matthias Kaehlcke <mka@chromium.org> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Bernhard.Rosenkranzer@linaro.org Cc: Greg Hackmann <ghackmann@google.com> Cc: Kees Cook <keescook@chromium.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Masahiro Yamada <yamada.masahiro@socionext.com> Cc: Michael Davidson <md@google.com> Cc: Nick Desaulniers <ndesaulniers@google.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Stephen Hines <srhines@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: dianders@chromium.org Link: http://lkml.kernel.org/r/20170817004740.170588-1-mka@chromium.org Signed-off-by: Ingo Molnar <mingo@kernel.org> 19 September 2017, 23:08:57 UTC
28ad6b4 Alexander Potapenko 23 August 2017, 14:28:42 UTC kmsan: support compat syscalls compat syscalls allocate parameters for real syscalls on the kernel stack, cast them to __user pointers and pass those to the real syscalls. As a result, those parameters are initialized with copy_to_user(), which in this case copies data between kernel structs. To avoid false positives, we special-case copy_to_user() to kernel addresses, treating it as a memcpy(). 19 September 2017, 23:08:37 UTC
416364d Alexander Potapenko 22 August 2017, 18:51:40 UTC kmsan: allow building KMSAN without clang_wrapper.py To build: $ cp .config.example .config $ make CC=$KMSAN_CLANG_PATH -j64 19 September 2017, 23:08:15 UTC
91f7e18 Alexander Potapenko 07 August 2017, 13:48:55 UTC kmsan: don't check zero-length memcpy()/memmove() calls. 19 September 2017, 23:07:30 UTC
4559064 Alexander Potapenko 28 July 2017, 17:27:26 UTC kmsan: factor out the code that checks for metadata page contiguity Also fix the bug in handling accesses bigger than 2 * PAGE_SIZE. 19 September 2017, 23:07:08 UTC
491f66e Alexander Potapenko 22 August 2017, 18:34:03 UTC kmsan: fix CONFIG_KMSAN=n build 19 September 2017, 23:06:57 UTC
e1269d5 Alexander Potapenko 27 July 2017, 13:39:06 UTC kmsan: fix kmsan_report() to print the position of uninit byte 19 September 2017, 23:06:46 UTC
bf532f2 Alexander Potapenko 26 July 2017, 17:26:49 UTC kmsan: don't poison memory allocated in kmsan_kmalloc_large() with __GFP_ZERO Also remove excessive origins. 19 September 2017, 23:06:26 UTC
d1e90ad Alexander Potapenko 16 May 2017, 12:49:15 UTC [NON-UPSTREAM] [iov_iter] use memmove() when copying to/from user page This patch hasn't been accepted upstream. See the discussion at https://lkml.org/lkml/2017/5/16/339 19 September 2017, 23:06:14 UTC
fdae215 Alexander Potapenko 26 July 2017, 13:53:02 UTC kmsan: unwind functions return initialized results 19 September 2017, 23:06:05 UTC
338021e Alexander Potapenko 26 July 2017, 13:32:24 UTC kmsan: suppress false positives in RNG functions 19 September 2017, 23:05:51 UTC
aa81e97 Alexander Potapenko 18 April 2017, 13:16:50 UTC kmsan: unpoison the result of usb_start_wait_urb() 19 September 2017, 23:05:34 UTC
80c214b Alexander Potapenko 26 July 2017, 13:13:48 UTC kmsan: don't instrument functions that switch tasks 19 September 2017, 23:05:22 UTC
330afd6 Alexander Potapenko 26 July 2017, 13:12:44 UTC kmsan: unpoison syscall arguments 19 September 2017, 23:04:42 UTC
708818e Alexander Potapenko 07 April 2017, 12:12:49 UTC kmsan: suppress reports in get_wchan() TODO(glider): do we need these? 19 September 2017, 23:04:16 UTC
a9b11e1 Alexander Potapenko 26 July 2017, 12:43:00 UTC kmsan: handle copy_to_user() and copy_from_user() 19 September 2017, 23:04:06 UTC
46b3d40 Alexander Potapenko 26 July 2017, 11:11:19 UTC kmsan: suppress false positives in assembly routines TODO(glider): handle the assembly in the compiler properly instead 19 September 2017, 23:03:44 UTC
876504f Alexander Potapenko 26 July 2017, 09:05:03 UTC kmsan: don't instrument __switch_to() 19 September 2017, 23:03:37 UTC
3c453cb Alexander Potapenko 25 July 2017, 16:15:38 UTC kmsan: add KMSAN hooks to SLAB and SLUB allocators. 19 September 2017, 23:03:25 UTC
aec8d50 Alexander Potapenko 18 May 2017, 14:45:11 UTC kmsan: disable slub_debug with KMSAN 19 September 2017, 23:03:14 UTC
1541749 Alexander Potapenko 06 April 2017, 13:08:32 UTC kmsan: put IRQ entry points into a separate section 19 September 2017, 23:03:05 UTC
f25a620 Alexander Potapenko 25 July 2017, 15:40:50 UTC kmsan: alloc KMSAN shadow for bootmem 19 September 2017, 23:02:28 UTC
d655c04 Alexander Potapenko 25 July 2017, 15:37:58 UTC kmsan: Split some string functions into lib/vsprintf_str.c 19 September 2017, 23:02:17 UTC
68c2caa Alexander Potapenko 25 July 2017, 14:58:28 UTC kmsan: add lib/test_kmsan.c 19 September 2017, 23:02:05 UTC
33d8617 Alexander Potapenko 12 April 2017, 16:41:41 UTC kmsan: suppress (true) reports on self-XORed BPF registers This turns out to be undefined behavior in C11, but let's not open that box for now. 19 September 2017, 23:01:49 UTC
3c276e5 Alexander Potapenko 25 July 2017, 14:55:39 UTC kmsan: enable KMSAN in start_kernel() 19 September 2017, 23:00:56 UTC
96177b8 Alexander Potapenko 06 April 2017, 14:55:13 UTC kmsan: use __msan_memcpy() instead of __builtin_memcpy() 19 September 2017, 23:00:43 UTC
ff5e372 Alexander Potapenko 12 April 2017, 12:00:04 UTC kmsan: disable KMSAN within uart_write() Avoid calling __msan_warning() within the UART critical section, as it will cause a deadlock. Instead, check the arguments upon function entry. 19 September 2017, 23:00:23 UTC
a8db95c Alexander Potapenko 25 July 2017, 14:43:28 UTC kmsan: call kmsan_thread_create() and kmsan_task_exit() 19 September 2017, 23:00:12 UTC
8601145 Alexander Potapenko 25 July 2017, 14:36:24 UTC kmsan: hooks for shadow initialization 19 September 2017, 22:59:59 UTC
a43d4b4 Alexander Potapenko 06 April 2017, 16:40:30 UTC kmsan: route memcpy() calls into __msan_memcpy() 19 September 2017, 22:59:47 UTC
e1347d4 Alexander Potapenko 06 April 2017, 13:06:28 UTC kmsan: increase stack order in KMSAN builds 19 September 2017, 22:59:37 UTC
94cb081 Alexander Potapenko 25 July 2017, 14:21:58 UTC kmsan: config changes 19 September 2017, 22:59:11 UTC
9c0ebc9 Alexander Potapenko 25 July 2017, 14:07:42 UTC kmsan: add KMSAN runtime Also add KMSAN state to struct page and struct task_struct. 19 September 2017, 22:58:32 UTC
059f3fa Alexander Potapenko 25 July 2017, 13:53:32 UTC kmsan: add writeups 19 September 2017, 22:58:20 UTC
27ec7bc Alexander Potapenko 25 July 2017, 13:48:15 UTC kmsan: gfp: introduce __GFP_NO_KMSAN_SHADOW 19 September 2017, 22:58:11 UTC
ee178f0 Alexander Potapenko 25 July 2017, 13:43:04 UTC kmsan: clang_wrapper.py TODO(glider): may not work properly, needs to be fixed for kernels >= v4.13-rc7 19 September 2017, 22:58:02 UTC
5e025d9 Alexander Potapenko 25 July 2017, 13:39:50 UTC kmsan: Clang and LLVM patches for r304977 19 September 2017, 22:57:41 UTC
1d506e5 Alexander Potapenko 25 July 2017, 13:37:15 UTC kmsan: example config 19 September 2017, 22:57:33 UTC
0a14a54 Alexander Potapenko 25 July 2017, 13:36:29 UTC kmsan: docs and README.md 19 September 2017, 22:57:20 UTC
52a5754 Alexander Potapenko 24 July 2017, 15:56:18 UTC DO-NOT-SUBMIT: make __sp a global variable to help Clang Signed-off-by: Alexander Potapenko <glider@google.com> 19 September 2017, 22:57:04 UTC
569dbb8 Linus Torvalds 03 September 2017, 20:56:17 UTC Linux 4.13 03 September 2017, 20:56:17 UTC
5e3b19d Linus Torvalds 03 September 2017, 16:50:26 UTC Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus Pull MIPS fixes from Ralf Baechle: "The two indirect syscall fixes have sat in linux-next for a few days. I did check back with a hardware designer to ensure a SYNC is really what's required for the GIC fix and so the GIC fix didn't make it into to linux-next in time for this final pull request. It builds in local build tests and passes Imagination's test system" * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: irqchip: mips-gic: SYNC after enabling GIC region MIPS: Remove pt_regs adjustments in indirect syscall handler MIPS: seccomp: Fix indirect syscall args 03 September 2017, 16:50:26 UTC
d0fa6ea Linus Torvalds 03 September 2017, 16:35:21 UTC Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Thomas Gleixner: - Expand the space for uncompressing as the LZ4 worst case does not fit into the currently reserved space - Validate boot parameters more strictly to prevent out of bound access in the decompressor/boot code - Fix off by one errors in get_segment_base() * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/boot: Prevent faulty bootparams.screeninfo from causing harm x86/boot: Provide more slack space during decompression x86/ldt: Fix off by one in get_segment_base() 03 September 2017, 16:35:21 UTC
3b62dc6 Linus Torvalds 03 September 2017, 16:30:40 UTC Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer fix from Thomas Gleixner: "A single fix for a thinko in the raw timekeeper update which causes clock MONOTONIC_RAW to run with erratically increased frequency" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: time: Fix ktime_get_raw() incorrect base accumulation 03 September 2017, 16:30:40 UTC
e92d51a Linus Torvalds 03 September 2017, 16:23:23 UTC Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Thomas Gleixner: - Prevent a potential inconistency in the perf user space access which might lead to evading sanity checks. - Prevent perf recording function trace entries twice * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/ftrace: Fix double traces of perf on ftrace:function perf/core: Fix potential double-fetch bug 03 September 2017, 16:23:23 UTC
d0d6ab5 Linus Torvalds 02 September 2017, 03:57:27 UTC Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs version warning fix from Steve French: "As requested, additional kernel warning messages to clarify the default dialect changes" [ There is still some discussion about exactly which version should be the new default. Longer-term we have auto-negotiation coming, but that's not there yet.. - Linus ] * 'for-next' of git://git.samba.org/sfrench/cifs-2.6: Fix warning messages when mounting to older servers 02 September 2017, 03:57:27 UTC
54f70f5 Linus Torvalds 02 September 2017, 00:16:40 UTC Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Olof Johansson: "A couple of late-arriving fixes before final 4.13: - A few reverts of DT bindings on Allwinner for their ethernet driver. Discussion didn't converge, and since bindings are considered ABI it makes sense to revert instead of having to support two bindings long-term. - A fix to enumerate GPIOs properly on Marvell Armada AP806" * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: arm64: dts: marvell: fix number of GPIOs in Armada AP806 description arm: dts: sunxi: Revert EMAC changes arm64: dts: allwinner: Revert EMAC changes dt-bindings: net: Revert sun8i dwmac binding 02 September 2017, 00:16:40 UTC
6f71a92 Olof Johansson 01 September 2017, 23:37:02 UTC Merge tag 'mvebu-fixes-4.13-3' of git://git.infradead.org/linux-mvebu into fixes mvebu fixes for 4.13 (part 3) Fix number of GPIOs in AP806 description for Armada 7K/8K * tag 'mvebu-fixes-4.13-3' of git://git.infradead.org/linux-mvebu: arm64: dts: marvell: fix number of GPIOs in Armada AP806 description Signed-off-by: Olof Johansson <olof@lixom.net> 01 September 2017, 23:37:02 UTC
f8c6d72 Linus Torvalds 01 September 2017, 22:03:13 UTC Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: "The ismt driver had a problem with a rarely used transaction type and the designware driver was made even more robust against non standard ACPI tables" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: designware: Round down ACPI provided clk to nearest supported clk i2c: ismt: Return EMSGSIZE for block reads with bogus length i2c: ismt: Don't duplicate the receive length for block reads 01 September 2017, 22:03:13 UTC
138e4ad Oleg Nesterov 01 September 2017, 16:55:33 UTC epoll: fix race between ep_poll_callback(POLLFREE) and ep_free()/ep_remove() The race was introduced by me in commit 971316f0503a ("epoll: ep_unregister_pollwait() can use the freed pwq->whead"). I did not realize that nothing can protect eventpoll after ep_poll_callback() sets ->whead = NULL, only whead->lock can save us from the race with ep_free() or ep_remove(). Move ->whead = NULL to the end of ep_poll_callback() and add the necessary barriers. TODO: cleanup the ewake/EPOLLEXCLUSIVE logic, it was confusing even before this patch. Hopefully this explains use-after-free reported by syzcaller: BUG: KASAN: use-after-free in debug_spin_lock_before ... _raw_spin_lock_irqsave+0x4a/0x60 kernel/locking/spinlock.c:159 ep_poll_callback+0x29f/0xff0 fs/eventpoll.c:1148 this is spin_lock(eventpoll->lock), ... Freed by task 17774: ... kfree+0xe8/0x2c0 mm/slub.c:3883 ep_free+0x22c/0x2a0 fs/eventpoll.c:865 Fixes: 971316f0503a ("epoll: ep_unregister_pollwait() can use the freed pwq->whead") Reported-by: 范龙飞 <long7573@126.com> Cc: stable@vger.kernel.org Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 01 September 2017, 20:07:35 UTC
8cf9f2a Linus Torvalds 01 September 2017, 19:49:03 UTC Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Fix handling of pinned BPF map nodes in hash of maps, from Daniel Borkmann. 2) IPSEC ESP error paths leak memory, from Steffen Klassert. 3) We need an RCU grace period before freeing fib6_node objects, from Wei Wang. 4) Must check skb_put_padto() return value in HSR driver, from FLorian Fainelli. 5) Fix oops on PHY probe failure in ftgmac100 driver, from Andrew Jeffery. 6) Fix infinite loop in UDP queue when using SO_PEEK_OFF, from Eric Dumazet. 7) Use after free when tcf_chain_destroy() called multiple times, from Jiri Pirko. 8) Fix KSZ DSA tag layer multiple free of SKBS, from Florian Fainelli. 9) Fix leak of uninitialized memory in sctp_get_sctp_info(), inet_diag_msg_sctpladdrs_fill() and inet_diag_msg_sctpaddrs_fill(). From Stefano Brivio. 10) L2TP tunnel refcount fixes from Guillaume Nault. 11) Don't leak UDP secpath in udp_set_dev_scratch(), from Yossi Kauperman. 12) Revert a PHY layer change wrt. handling of PHY_HALTED state in phy_stop_machine(), it causes regressions for multiple people. From Florian Fainelli. 13) When packets are sent out of br0 we have to clear the offload_fwdq_mark value. 14) Several NULL pointer deref fixes in packet schedulers when their ->init() routine fails. From Nikolay Aleksandrov. 15) Aquantium devices cannot checksum offload correctly when the packet is <= 60 bytes. From Pavel Belous. 16) Fix vnet header access past end of buffer in AF_PACKET, from Benjamin Poirier. 17) Double free in probe error paths of nfp driver, from Dan Carpenter. 18) QOS capability not checked properly in DCB init paths of mlx5 driver, from Huy Nguyen. 19) Fix conflicts between firmware load failure and health_care timer in mlx5, also from Huy Nguyen. 20) Fix dangling page pointer when DMA mapping errors occur in mlx5, from Eran Ben ELisha. 21) ->ndo_setup_tc() in bnxt_en driver doesn't count rings properly, from Michael Chan. 22) Missing MSIX vector free in bnxt_en, also from Michael Chan. 23) Refcount leak in xfrm layer when using sk_policy, from Lorenzo Colitti. 24) Fix copy of uninitialized data in qlge driver, from Arnd Bergmann. 25) bpf_setsockopts() erroneously always returns -EINVAL even on success. Fix from Yuchung Cheng. 26) tipc_rcv() needs to linearize the SKB before parsing the inner headers, from Parthasarathy Bhuvaragan. 27) Fix deadlock between link status updates and link removal in netvsc driver, from Stephen Hemminger. 28) Missed locking of page fragment handling in ESP output, from Steffen Klassert. 29) Fix refcnt leak in ebpf congestion control code, from Sabrina Dubroca. 30) sxgbe_probe_config_dt() doesn't check devm_kzalloc()'s return value, from Christophe Jaillet. 31) Fix missing ipv6 rx_dst_cookie update when rx_dst is updated during early demux, from Paolo Abeni. 32) Several info leaks in xfrm_user layer, from Mathias Krause. 33) Fix out of bounds read in cxgb4 driver, from Stefano Brivio. 34) Properly propagate obsolete state of route upwards in ipv6 so that upper holders like xfrm can see it. From Xin Long. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (118 commits) udp: fix secpath leak bridge: switchdev: Clear forward mark when transmitting packet mlxsw: spectrum: Forbid linking to devices that have uppers wl1251: add a missing spin_lock_init() Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()" net: dsa: bcm_sf2: Fix number of CFP entries for BCM7278 kcm: do not attach PF_KCM sockets to avoid deadlock sch_tbf: fix two null pointer dereferences on init failure sch_sfq: fix null pointer dereference on init failure sch_netem: avoid null pointer deref on init failure sch_fq_codel: avoid double free on init failure sch_cbq: fix null pointer dereferences on init failure sch_hfsc: fix null pointer deref and double free on init failure sch_hhf: fix null pointer dereference on init failure sch_multiq: fix double free on init failure sch_htb: fix crash on init failure net/mlx5e: Fix CQ moderation mode not set properly net/mlx5e: Fix inline header size for small packets net/mlx5: E-Switch, Unload the representors in the correct order net/mlx5e: Properly resolve TC offloaded ipv6 vxlan tunnel source address ... 01 September 2017, 19:49:03 UTC
b8a78bb Linus Torvalds 01 September 2017, 19:46:30 UTC Merge tag 'ceph-for-4.13-rc8' of git://github.com/ceph/ceph-client Pull ceph fix from Ilya Dryomov: "ceph fscache page locking fix from Zheng, marked for stable" * tag 'ceph-for-4.13-rc8' of git://github.com/ceph/ceph-client: ceph: fix readpage from fscache 01 September 2017, 19:46:30 UTC
3e1d79c Linus Torvalds 01 September 2017, 17:43:37 UTC Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input fixes from Dmitry Torokhov: "Just a couple drivers fixes (Synaptics PS/2, Xpad)" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: xpad - fix PowerA init quirk for some gamepad models Input: synaptics - fix device info appearing different on reconnect 01 September 2017, 17:43:37 UTC
d7e44b8 Linus Torvalds 01 September 2017, 17:41:02 UTC Merge tag 'mmc-v4.13-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull two more MMC fixes from Ulf Hansson: "MMC core: - Fix block status codes MMC host: - sdhci-xenon: Fix SD bus voltage select" * tag 'mmc-v4.13-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: sdhci-xenon: add set_power callback mmc: block: Fix block status codes 01 September 2017, 17:41:02 UTC
381cce5 Linus Torvalds 01 September 2017, 17:38:00 UTC Merge tag 'sound-4.13-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "Three regression fixes that should be addressed before the final release: a missing mutex call in OSS PCM emulation ioctl, ASoC rt5670 headset detection breakage, and a regression in simple-card parser code" * tag 'sound-4.13-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ASoC: simple_card_utils: fix fallback when "label" property isn't present ALSA: pcm: Fix power lock unbalance via OSS emulation ASoC: rt5670: Fix GPIO headset detection regression 01 September 2017, 17:38:00 UTC
bba2a5b Linus Torvalds 01 September 2017, 17:36:22 UTC Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Martin Schwidefsky: "Three more bug fixes for v4.13. The two memory management related fixes are quite new, they fix kernel crashes that can be triggered by user space. The third commit fixes a bug in the vfio ccw translation code" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/mm: fix BUG_ON in crst_table_upgrade s390/mm: fork vs. 5 level page tabel vfio: ccw: fix bad ptr math for TIC cda translation 01 September 2017, 17:36:22 UTC
a1c516a Linus Torvalds 01 September 2017, 17:30:03 UTC Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: "This fixes the following issues: - Regression in chacha20 handling of chunked input - Crash in algif_skcipher when used with async io - Potential bogus pointer dereference in lib/mpi" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: algif_skcipher - only call put_page on referenced and used pages crypto: testmgr - add chunked test cases for chacha20 crypto: chacha20 - fix handling of chunked input lib/mpi: kunmap after finishing accessing buffer 01 September 2017, 17:30:03 UTC
e8a732d Yossi Kuperman 01 September 2017, 12:42:30 UTC udp: fix secpath leak After commit dce4551cb2ad ("udp: preserve head state for IP_CMSG_PASSSEC") we preserve the secpath for the whole skb lifecycle, but we also end up leaking a reference to it. We must clear the head state on skb reception, if secpath is present. Fixes: dce4551cb2ad ("udp: preserve head state for IP_CMSG_PASSSEC") Signed-off-by: Yossi Kuperman <yossiku@mellanox.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> 01 September 2017, 17:29:34 UTC
79e99bd Ido Schimmel 01 September 2017, 09:22:25 UTC bridge: switchdev: Clear forward mark when transmitting packet Commit 6bc506b4fb06 ("bridge: switchdev: Add forward mark support for stacked devices") added the 'offload_fwd_mark' bit to the skb in order to allow drivers to indicate to the bridge driver that they already forwarded the packet in L2. In case the bit is set, before transmitting the packet from each port, the port's mark is compared with the mark stored in the skb's control block. If both marks are equal, we know the packet arrived from a switch device that already forwarded the packet and it's not re-transmitted. However, if the packet is transmitted from the bridge device itself (e.g., br0), we should clear the 'offload_fwd_mark' bit as the mark stored in the skb's control block isn't valid. This scenario can happen in rare cases where a packet was trapped during L3 forwarding and forwarded by the kernel to a bridge device. Fixes: 6bc506b4fb06 ("bridge: switchdev: Add forward mark support for stacked devices") Signed-off-by: Ido Schimmel <idosch@mellanox.com> Reported-by: Yotam Gigi <yotamg@mellanox.com> Tested-by: Yotam Gigi <yotamg@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Acked-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net> 01 September 2017, 17:11:28 UTC
25cc72a Ido Schimmel 01 September 2017, 08:52:31 UTC mlxsw: spectrum: Forbid linking to devices that have uppers The mlxsw driver relies on NETDEV_CHANGEUPPER events to configure the device in case a port is enslaved to a master netdev such as bridge or bond. Since the driver ignores events unrelated to its ports and their uppers, it's possible to engineer situations in which the device's data path differs from the kernel's. One example to such a situation is when a port is enslaved to a bond that is already enslaved to a bridge. When the bond was enslaved the driver ignored the event - as the bond wasn't one of its uppers - and therefore a bridge port instance isn't created in the device. Until such configurations are supported forbid them by checking that the upper device doesn't have uppers of its own. Fixes: 0d65fc13042f ("mlxsw: spectrum: Implement LAG port join/leave") Signed-off-by: Ido Schimmel <idosch@mellanox.com> Reported-by: Nogah Frankel <nogahf@mellanox.com> Tested-by: Nogah Frankel <nogahf@mellanox.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> 01 September 2017, 16:59:41 UTC
7e682f7 Steve French 01 September 2017, 02:34:24 UTC Fix warning messages when mounting to older servers When mounting to older servers, such as Windows XP (or even Windows 7), the limited error messages that can be passed back to user space can get confusing since the default dialect has changed from SMB1 (CIFS) to more secure SMB3 dialect. Log additional information when the user chooses to use the default dialects and when the server does not support the dialect requested. Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com> Acked-by: Pavel Shilovsky <pshilov@microsoft.com> 01 September 2017, 05:18:44 UTC
e89ce1f Linus Torvalds 01 September 2017, 01:45:04 UTC Merge tag 'cifs-fixes-for-4.13-rc7-and-stable' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs fixes from Steve French: "Two cifs bug fixes for stable" * tag 'cifs-fixes-for-4.13-rc7-and-stable' of git://git.samba.org/sfrench/cifs-2.6: CIFS: remove endian related sparse warning CIFS: Fix maximum SMB2 header size 01 September 2017, 01:45:04 UTC
501d9f7 Linus Torvalds 01 September 2017, 01:42:21 UTC Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "Unfortunately a few issues that warrant sending another pull request, even if I had hoped to avoid it. This contains: - A fix for multiqueue xen-blkback, on tear down / disconnect. - A few fixups for NVMe, including a wrong bit definition, fix for host memory buffers, and an nvme rdma page size fix" * 'for-linus' of git://git.kernel.dk/linux-block: nvme: fix the definition of the doorbell buffer config support bit nvme-pci: use dma memory for the host memory buffer descriptors nvme-rdma: default MR page size to 4k xen-blkback: stop blkback thread of every queue in xen_blkif_disconnect 01 September 2017, 01:42:21 UTC
73adb8c Linus Torvalds 01 September 2017, 01:39:19 UTC Merge tag 'for-4.13/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fixes from Mike Snitzer: - A couple fixes for bugs introduced as part of the blk_status_t block layer changes during the 4.13 merge window - A printk throttling fix to use discrete rate limiting state for each DM log level - A stable@ fix for DM multipath that delays request requeueing to avoid CPU lockup if/when the request queue is "dying" * tag 'for-4.13/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm mpath: do not lock up a CPU with requeuing activity dm: fix printk() rate limiting code dm mpath: retry BLK_STS_RESOURCE errors dm: fix the second dec_pending() argument in __split_and_process_bio() 01 September 2017, 01:39:19 UTC
1b2614f Linus Torvalds 01 September 2017, 00:56:56 UTC Merge branch 'akpm' (patches from Andrew) Merge more fixes from Andrew Morton: "6 fixes" * emailed patches from Andrew Morton <akpm@linux-foundation.org>: scripts/dtc: fix '%zx' warning include/linux/compiler.h: don't perform compiletime_assert with -O0 mm, madvise: ensure poisoned pages are removed from per-cpu lists mm, uprobes: fix multiple free of ->uprobes_state.xol_area kernel/kthread.c: kthread_worker: don't hog the cpu mm,page_alloc: don't call __node_reclaim() with oom_lock held. 01 September 2017, 00:56:56 UTC
ea25c43 Linus Torvalds 01 September 2017, 00:30:01 UTC Merge branch 'mmu_notifier_fixes' Merge mmu_notifier fixes from Jérôme Glisse: "The invalidate_page callback suffered from 2 pitfalls. First it used to happen after page table lock was release and thus a new page might have been setup for the virtual address before the call to invalidate_page(). This is in a weird way fixed by commit c7ab0d2fdc84 ("mm: convert try_to_unmap_one() to use page_vma_mapped_walk()") which moved the callback under the page table lock. Which also broke several existing user of the mmu_notifier API that assumed they could sleep inside this callback. The second pitfall was invalidate_page being the only callback not taking a range of address in respect to invalidation but was giving an address and a page. Lot of the callback implementer assumed this could never be THP and thus failed to invalidate the appropriate range for THP pages. By killing this callback we unify the mmu_notifier callback API to always take a virtual address range as input. There is now two clear API (I am not mentioning the youngess API which is seldomly used): - invalidate_range_start()/end() callback (which allow you to sleep) - invalidate_range() where you can not sleep but happen right after page table update under page table lock Note that a lot of existing user feels broken in respect to range_start/ range_end. Many user only have range_start() callback but there is nothing preventing them to undo what was invalidated in their range_start() callback after it returns but before any CPU page table update take place. The code pattern use in kvm or umem odp is an example on how to properly avoid such race. In a nutshell use some kind of sequence number and active range invalidation counter to block anything that might undo what the range_start() callback did. If you do not care about keeping fully in sync with CPU page table (ie you can live with CPU page table pointing to new different page for a given virtual address) then you can take a reference on the pages inside the range_start callback and drop it in range_end or when your driver is done with those pages. Last alternative is to use invalidate_range() if you can do invalidation without sleeping as invalidate_range() callback happens under the CPU page table spinlock right after the page table is updated. The first two patches convert existing mmu_notifier_invalidate_page() calls to mmu_notifier_invalidate_range() and bracket those call with call to mmu_notifier_invalidate_range_start()/end(). The next ten patches remove existing invalidate_page() callback as it can no longer happen. Finally the last page remove the invalidate_page() callback completely so it can RIP. Changes since v1: - remove more dead code in kvm (no testing impact) - more accurate end address computation (patch 2) in page_mkclean_one and try_to_unmap_one - added tested-by/reviewed-by gotten so far" * emailed patches from Jérôme Glisse <jglisse@redhat.com>: mm/mmu_notifier: kill invalidate_page KVM: update to new mmu_notifier semantic v2 xen/gntdev: update to new mmu_notifier semantic sgi-gru: update to new mmu_notifier semantic misc/mic/scif: update to new mmu_notifier semantic iommu/intel: update to new mmu_notifier semantic iommu/amd: update to new mmu_notifier semantic IB/hfi1: update to new mmu_notifier semantic IB/umem: update to new mmu_notifier semantic drm/amdgpu: update to new mmu_notifier semantic powerpc/powernv: update to new mmu_notifier semantic mm/rmap: update to new mmu_notifier semantic v2 dax: update to new mmu_notifier semantic 01 September 2017, 00:30:01 UTC
c227390 Dave Kleikamp 31 August 2017, 21:46:59 UTC jfs should use MAX_LFS_FILESIZE when calculating s_maxbytes jfs had previously avoided the use of MAX_LFS_FILESIZE because it hadn't accounted for the whole 32-bit index range on 32-bit systems. That has been fixed by commit 0cc3b0ec23ce ("Clarify (and fix) MAX_LFS_FILESIZE macros"), so we can simplify the code now. Suggested by Andreas Dilger. Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com> Reviewed-by: Andreas Dilger <adilger@dilger.ca> Cc: jfs-discussion@lists.sourceforge.net Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 01 September 2017, 00:02:21 UTC
e661869 Russell King 31 August 2017, 23:15:36 UTC scripts/dtc: fix '%zx' warning dtc uses an incorrect format specifier for printing a uint64_t value. uint64_t may be either 'unsigned long' or 'unsigned long long' depending on the host architecture. Fix this by using %llx and casting to unsigned long long, which ensures that we always have a wide enough variable to print 64 bits of hex. HOSTCC scripts/dtc/checks.o scripts/dtc/checks.c: In function 'check_simple_bus_reg': scripts/dtc/checks.c:876:2: warning: format '%zx' expects argument of type 'size_t', but argument 4 has type 'uint64_t' [-Wformat=] snprintf(unit_addr, sizeof(unit_addr), "%zx", reg); ^ scripts/dtc/checks.c:876:2: warning: format '%zx' expects argument of type 'size_t', but argument 4 has type 'uint64_t' [-Wformat=] Link: http://lkml.kernel.org/r/20170829222034.GJ20805@n2100.armlinux.org.uk Fixes: 828d4cdd012c ("dtc: check.c fix compile error") Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk> Cc: Rob Herring <robh+dt@kernel.org> Cc: Frank Rowand <frowand.list@gmail.com> Cc: Shuah Khan <shuahkh@osg.samsung.com> Cc: David Gibson <david@gibson.dropbear.id.au> Cc: Michal Marek <mmarek@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:33:15 UTC
c03567a Joe Stringer 31 August 2017, 23:15:33 UTC include/linux/compiler.h: don't perform compiletime_assert with -O0 Commit c7acec713d14 ("kernel.h: handle pointers to arrays better in container_of()") made use of __compiletime_assert() from container_of() thus increasing the usage of this macro, allowing developers to notice type conflicts in usage of container_of() at compile time. However, the implementation of __compiletime_assert relies on compiler optimizations to report an error. This means that if a developer uses "-O0" with any code that performs container_of(), the compiler will always report an error regardless of whether there is an actual problem in the code. This patch disables compile_time_assert when optimizations are disabled to allow such code to compile with CFLAGS="-O0". Example compilation failure: ./include/linux/compiler.h:547:38: error: call to `__compiletime_assert_94' declared with attribute error: pointer type mismatch in container_of() _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__) ^ ./include/linux/compiler.h:530:4: note: in definition of macro `__compiletime_assert' prefix ## suffix(); \ ^~~~~~ ./include/linux/compiler.h:547:2: note: in expansion of macro `_compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__) ^~~~~~~~~~~~~~~~~~~ ./include/linux/build_bug.h:46:37: note: in expansion of macro `compiletime_assert' #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg) ^~~~~~~~~~~~~~~~~~ ./include/linux/kernel.h:860:2: note: in expansion of macro `BUILD_BUG_ON_MSG' BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \ ^~~~~~~~~~~~~~~~ [akpm@linux-foundation.org: use do{}while(0), per Michal] Link: http://lkml.kernel.org/r/20170829230114.11662-1-joe@ovn.org Fixes: c7acec713d14c6c ("kernel.h: handle pointers to arrays better in container_of()") Signed-off-by: Joe Stringer <joe@ovn.org> Cc: Ian Abbott <abbotti@mev.co.uk> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Michal Nazarewicz <mina86@mina86.com> Cc: Kees Cook <keescook@chromium.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:33:15 UTC
c461ad6 Mel Gorman 31 August 2017, 23:15:30 UTC mm, madvise: ensure poisoned pages are removed from per-cpu lists Wendy Wang reported off-list that a RAS HWPOISON-SOFT test case failed and bisected it to the commit 479f854a207c ("mm, page_alloc: defer debugging checks of pages allocated from the PCP"). The problem is that a page that was poisoned with madvise() is reused. The commit removed a check that would trigger if DEBUG_VM was enabled but re-enabling the check only fixes the problem as a side-effect by printing a bad_page warning and recovering. The root of the problem is that an madvise() can leave a poisoned page on the per-cpu list. This patch drains all per-cpu lists after pages are poisoned so that they will not be reused. Wendy reports that the test case in question passes with this patch applied. While this could be done in a targeted fashion, it is over-complicated for such a rare operation. Link: http://lkml.kernel.org/r/20170828133414.7qro57jbepdcyz5x@techsingularity.net Fixes: 479f854a207c ("mm, page_alloc: defer debugging checks of pages allocated from the PCP") Signed-off-by: Mel Gorman <mgorman@techsingularity.net> Reported-by: Wang, Wendy <wendy.wang@intel.com> Tested-by: Wang, Wendy <wendy.wang@intel.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Vlastimil Babka <vbabka@suse.cz> Cc: "Hansen, Dave" <dave.hansen@intel.com> Cc: "Luck, Tony" <tony.luck@intel.com> Cc: Naoya Horiguchi <nao.horiguchi@gmail.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:33:15 UTC
355627f Eric Biggers 31 August 2017, 23:15:26 UTC mm, uprobes: fix multiple free of ->uprobes_state.xol_area Commit 7c051267931a ("mm, fork: make dup_mmap wait for mmap_sem for write killable") made it possible to kill a forking task while it is waiting to acquire its ->mmap_sem for write, in dup_mmap(). However, it was overlooked that this introduced an new error path before the new mm_struct's ->uprobes_state.xol_area has been set to NULL after being copied from the old mm_struct by the memcpy in dup_mm(). For a task that has previously hit a uprobe tracepoint, this resulted in the 'struct xol_area' being freed multiple times if the task was killed at just the right time while forking. Fix it by setting ->uprobes_state.xol_area to NULL in mm_init() rather than in uprobe_dup_mmap(). With CONFIG_UPROBE_EVENTS=y, the bug can be reproduced by the same C program given by commit 2b7e8665b4ff ("fork: fix incorrect fput of ->exe_file causing use-after-free"), provided that a uprobe tracepoint has been set on the fork_thread() function. For example: $ gcc reproducer.c -o reproducer -lpthread $ nm reproducer | grep fork_thread 0000000000400719 t fork_thread $ echo "p $PWD/reproducer:0x719" > /sys/kernel/debug/tracing/uprobe_events $ echo 1 > /sys/kernel/debug/tracing/events/uprobes/enable $ ./reproducer Here is the use-after-free reported by KASAN: BUG: KASAN: use-after-free in uprobe_clear_state+0x1c4/0x200 Read of size 8 at addr ffff8800320a8b88 by task reproducer/198 CPU: 1 PID: 198 Comm: reproducer Not tainted 4.13.0-rc7-00015-g36fde05f3fb5 #255 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-20170228_101828-anatol 04/01/2014 Call Trace: dump_stack+0xdb/0x185 print_address_description+0x7e/0x290 kasan_report+0x23b/0x350 __asan_report_load8_noabort+0x19/0x20 uprobe_clear_state+0x1c4/0x200 mmput+0xd6/0x360 do_exit+0x740/0x1670 do_group_exit+0x13f/0x380 get_signal+0x597/0x17d0 do_signal+0x99/0x1df0 exit_to_usermode_loop+0x166/0x1e0 syscall_return_slowpath+0x258/0x2c0 entry_SYSCALL_64_fastpath+0xbc/0xbe ... Allocated by task 199: save_stack_trace+0x1b/0x20 kasan_kmalloc+0xfc/0x180 kmem_cache_alloc_trace+0xf3/0x330 __create_xol_area+0x10f/0x780 uprobe_notify_resume+0x1674/0x2210 exit_to_usermode_loop+0x150/0x1e0 prepare_exit_to_usermode+0x14b/0x180 retint_user+0x8/0x20 Freed by task 199: save_stack_trace+0x1b/0x20 kasan_slab_free+0xa8/0x1a0 kfree+0xba/0x210 uprobe_clear_state+0x151/0x200 mmput+0xd6/0x360 copy_process.part.8+0x605f/0x65d0 _do_fork+0x1a5/0xbd0 SyS_clone+0x19/0x20 do_syscall_64+0x22f/0x660 return_from_SYSCALL_64+0x0/0x7a Note: without KASAN, you may instead see a "Bad page state" message, or simply a general protection fault. Link: http://lkml.kernel.org/r/20170830033303.17927-1-ebiggers3@gmail.com Fixes: 7c051267931a ("mm, fork: make dup_mmap wait for mmap_sem for write killable") Signed-off-by: Eric Biggers <ebiggers@google.com> Reported-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Oleg Nesterov <oleg@redhat.com> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Konstantin Khlebnikov <koct9i@gmail.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Michal Hocko <mhocko@suse.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: <stable@vger.kernel.org> [4.7+] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:33:15 UTC
22cf8bc Shaohua Li 31 August 2017, 23:15:23 UTC kernel/kthread.c: kthread_worker: don't hog the cpu If the worker thread continues getting work, it will hog the cpu and rcu stall complains. Make it a good citizen. This is triggered in a loop block device test. Link: http://lkml.kernel.org/r/5de0a179b3184e1a2183fc503448b0269f24d75b.1503697127.git.shli@fb.com Signed-off-by: Shaohua Li <shli@fb.com> Cc: Petr Mladek <pmladek@suse.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Tejun Heo <tj@kernel.org> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Ingo Molnar <mingo@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:33:15 UTC
e746bf7 Tetsuo Handa 31 August 2017, 23:15:20 UTC mm,page_alloc: don't call __node_reclaim() with oom_lock held. We are doing a last second memory allocation attempt before calling out_of_memory(). But since slab shrinker functions might indirectly wait for other thread's __GFP_DIRECT_RECLAIM && !__GFP_NORETRY memory allocations via sleeping locks, calling slab shrinker functions from node_reclaim() from get_page_from_freelist() with oom_lock held has possibility of deadlock. Therefore, make sure that last second memory allocation attempt does not call slab shrinker functions. Link: http://lkml.kernel.org/r/1503577106-9196-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Michal Hocko <mhocko@suse.com> Cc: Mel Gorman <mgorman@suse.de> Cc: Vlastimil Babka <vbabka@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:33:14 UTC
5f32b26 Jérôme Glisse 31 August 2017, 21:17:38 UTC mm/mmu_notifier: kill invalidate_page The invalidate_page callback suffered from two pitfalls. First it used to happen after the page table lock was release and thus a new page might have setup before the call to invalidate_page() happened. This is in a weird way fixed by commit c7ab0d2fdc84 ("mm: convert try_to_unmap_one() to use page_vma_mapped_walk()") that moved the callback under the page table lock but this also broke several existing users of the mmu_notifier API that assumed they could sleep inside this callback. The second pitfall was invalidate_page() being the only callback not taking a range of address in respect to invalidation but was giving an address and a page. Lots of the callback implementers assumed this could never be THP and thus failed to invalidate the appropriate range for THP. By killing this callback we unify the mmu_notifier callback API to always take a virtual address range as input. Finally this also simplifies the end user life as there is now two clear choices: - invalidate_range_start()/end() callback (which allow you to sleep) - invalidate_range() where you can not sleep but happen right after page table update under page table lock Signed-off-by: Jérôme Glisse <jglisse@redhat.com> Cc: Bernhard Held <berny156@gmx.de> Cc: Adam Borowski <kilobyte@angband.pl> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Radim Krčmář <rkrcmar@redhat.com> Cc: Wanpeng Li <kernellwp@gmail.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Takashi Iwai <tiwai@suse.de> Cc: Nadav Amit <nadav.amit@gmail.com> Cc: Mike Galbraith <efault@gmx.de> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: axie <axie@amd.com> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:13:00 UTC
fb1522e Jérôme Glisse 31 August 2017, 21:17:37 UTC KVM: update to new mmu_notifier semantic v2 Calls to mmu_notifier_invalidate_page() were replaced by calls to mmu_notifier_invalidate_range() and are now bracketed by calls to mmu_notifier_invalidate_range_start()/end() Remove now useless invalidate_page callback. Changed since v1 (Linus Torvalds) - remove now useless kvm_arch_mmu_notifier_invalidate_page() Signed-off-by: Jérôme Glisse <jglisse@redhat.com> Tested-by: Mike Galbraith <efault@gmx.de> Tested-by: Adam Borowski <kilobyte@angband.pl> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Radim Krčmář <rkrcmar@redhat.com> Cc: kvm@vger.kernel.org Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:13:00 UTC
a81461b Jérôme Glisse 31 August 2017, 21:17:36 UTC xen/gntdev: update to new mmu_notifier semantic Calls to mmu_notifier_invalidate_page() were replaced by calls to mmu_notifier_invalidate_range() and are now bracketed by calls to mmu_notifier_invalidate_range_start()/end() Remove now useless invalidate_page callback. Signed-off-by: Jérôme Glisse <jglisse@redhat.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: Roger Pau Monné <roger.pau@citrix.com> Cc: xen-devel@lists.xenproject.org (moderated for non-subscribers) Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:13:00 UTC
a487012 Jérôme Glisse 31 August 2017, 21:17:35 UTC sgi-gru: update to new mmu_notifier semantic Calls to mmu_notifier_invalidate_page() were replaced by calls to mmu_notifier_invalidate_range() and are now bracketed by calls to mmu_notifier_invalidate_range_start()/end() Remove now useless invalidate_page callback. Signed-off-by: Jérôme Glisse <jglisse@redhat.com> Cc: Dimitri Sivanich <sivanich@sgi.com> Cc: Jack Steiner <steiner@sgi.com> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:13:00 UTC
192e856 Jérôme Glisse 31 August 2017, 21:17:34 UTC misc/mic/scif: update to new mmu_notifier semantic Calls to mmu_notifier_invalidate_page() were replaced by calls to mmu_notifier_invalidate_range() and are now bracketed by calls to mmu_notifier_invalidate_range_start()/end() Remove now useless invalidate_page callback. Signed-off-by: Jérôme Glisse <jglisse@redhat.com> Cc: Sudeep Dutt <sudeep.dutt@intel.com> Cc: Ashutosh Dixit <ashutosh.dixit@intel.com> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:13:00 UTC
30ef7d2 Jérôme Glisse 31 August 2017, 21:17:33 UTC iommu/intel: update to new mmu_notifier semantic Calls to mmu_notifier_invalidate_page() were replaced by calls to mmu_notifier_invalidate_range() and are now bracketed by calls to mmu_notifier_invalidate_range_start()/end() Remove now useless invalidate_page callback. Signed-off-by: Jérôme Glisse <jglisse@redhat.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: iommu@lists.linux-foundation.org Cc: Joerg Roedel <jroedel@suse.de> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:12:59 UTC
f0d1c71 Jérôme Glisse 31 August 2017, 21:17:32 UTC iommu/amd: update to new mmu_notifier semantic Calls to mmu_notifier_invalidate_page() were replaced by calls to mmu_notifier_invalidate_range() and are now bracketed by calls to mmu_notifier_invalidate_range_start()/end() Remove now useless invalidate_page callback. Signed-off-by: Jérôme Glisse <jglisse@redhat.com> Cc: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com> Cc: iommu@lists.linux-foundation.org Cc: Joerg Roedel <jroedel@suse.de> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:12:59 UTC
7def96f Jérôme Glisse 31 August 2017, 21:17:31 UTC IB/hfi1: update to new mmu_notifier semantic Calls to mmu_notifier_invalidate_page() were replaced by calls to mmu_notifier_invalidate_range() and are now bracketed by calls to mmu_notifier_invalidate_range_start()/end() Remove now useless invalidate_page callback. Signed-off-by: Jérôme Glisse <jglisse@redhat.com> Cc: linux-rdma@vger.kernel.org Cc: Dean Luick <dean.luick@intel.com> Cc: Ira Weiny <ira.weiny@intel.com> Cc: Doug Ledford <dledford@redhat.com> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:12:59 UTC
b1a8925 Jérôme Glisse 31 August 2017, 21:17:30 UTC IB/umem: update to new mmu_notifier semantic Calls to mmu_notifier_invalidate_page() were replaced by calls to mmu_notifier_invalidate_range() and are now bracketed by calls to mmu_notifier_invalidate_range_start()/end() Remove now useless invalidate_page callback. Signed-off-by: Jérôme Glisse <jglisse@redhat.com> Tested-by: Leon Romanovsky <leonro@mellanox.com> Cc: linux-rdma@vger.kernel.org Cc: Artemy Kovalyov <artemyko@mellanox.com> Cc: Doug Ledford <dledford@redhat.com> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:12:59 UTC
c90270a Jérôme Glisse 31 August 2017, 21:17:29 UTC drm/amdgpu: update to new mmu_notifier semantic Calls to mmu_notifier_invalidate_page() were replaced by calls to mmu_notifier_invalidate_range() and are now bracketed by calls to mmu_notifier_invalidate_range_start()/end() Remove now useless invalidate_page callback. Signed-off-by: Jérôme Glisse <jglisse@redhat.com> Reviewed-by: Christian König <christian.koenig@amd.com> Cc: amd-gfx@lists.freedesktop.org Cc: Felix Kuehling <Felix.Kuehling@amd.com> Cc: Christian König <christian.koenig@amd.com> Cc: Alex Deucher <alexander.deucher@amd.com> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:12:59 UTC
d1d5762 Jérôme Glisse 31 August 2017, 21:17:28 UTC powerpc/powernv: update to new mmu_notifier semantic Calls to mmu_notifier_invalidate_page() were replaced by calls to mmu_notifier_invalidate_range() and now are bracketed by calls to mmu_notifier_invalidate_range_start()/end() Remove now useless invalidate_page callback. Signed-off-by: Jérôme Glisse <jglisse@redhat.com> Cc: linuxppc-dev@lists.ozlabs.org Cc: Alistair Popple <alistair@popple.id.au> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:12:59 UTC
369ea82 Jérôme Glisse 31 August 2017, 21:17:27 UTC mm/rmap: update to new mmu_notifier semantic v2 Replace all mmu_notifier_invalidate_page() calls by *_invalidate_range() and make sure it is bracketed by calls to *_invalidate_range_start()/end(). Note that because we can not presume the pmd value or pte value we have to assume the worst and unconditionaly report an invalidation as happening. Changed since v2: - try_to_unmap_one() only one call to mmu_notifier_invalidate_range() - compute end with PAGE_SIZE << compound_order(page) - fix PageHuge() case in try_to_unmap_one() Signed-off-by: Jérôme Glisse <jglisse@redhat.com> Reviewed-by: Andrea Arcangeli <aarcange@redhat.com> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Ross Zwisler <ross.zwisler@linux.intel.com> Cc: Bernhard Held <berny156@gmx.de> Cc: Adam Borowski <kilobyte@angband.pl> Cc: Radim Krčmář <rkrcmar@redhat.com> Cc: Wanpeng Li <kernellwp@gmail.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Takashi Iwai <tiwai@suse.de> Cc: Nadav Amit <nadav.amit@gmail.com> Cc: Mike Galbraith <efault@gmx.de> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: axie <axie@amd.com> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:12:59 UTC
a4d1a88 Jérôme Glisse 31 August 2017, 21:17:26 UTC dax: update to new mmu_notifier semantic Replace all mmu_notifier_invalidate_page() calls by *_invalidate_range() and make sure it is bracketed by calls to *_invalidate_range_start()/end(). Note that because we can not presume the pmd value or pte value we have to assume the worst and unconditionaly report an invalidation as happening. Signed-off-by: Jérôme Glisse <jglisse@redhat.com> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Ross Zwisler <ross.zwisler@linux.intel.com> Cc: Bernhard Held <berny156@gmx.de> Cc: Adam Borowski <kilobyte@angband.pl> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Radim Krčmář <rkrcmar@redhat.com> Cc: Wanpeng Li <kernellwp@gmail.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Takashi Iwai <tiwai@suse.de> Cc: Nadav Amit <nadav.amit@gmail.com> Cc: Mike Galbraith <efault@gmx.de> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: axie <axie@amd.com> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 31 August 2017, 23:12:59 UTC
dd2bc47 Yan, Zheng 04 August 2017, 03:22:31 UTC ceph: fix readpage from fscache ceph_readpage() unlocks page prematurely prematurely in the case that page is reading from fscache. Caller of readpage expects that page is uptodate when it get unlocked. So page shoule get locked by completion callback of fscache_read_or_alloc_pages() Cc: stable@vger.kernel.org # 4.1+, needs backporting for < 4.7 Signed-off-by: "Yan, Zheng" <zyan@redhat.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com> 31 August 2017, 22:04:26 UTC
f581a0d Cong Wang 31 August 2017, 14:47:43 UTC wl1251: add a missing spin_lock_init() wl1251: add a missing spin_lock_init() This fixes the following kernel warning: [ 5668.771453] BUG: spinlock bad magic on CPU#0, kworker/u2:3/9745 [ 5668.771850] lock: 0xce63ef20, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0 [ 5668.772277] CPU: 0 PID: 9745 Comm: kworker/u2:3 Tainted: G W 4.12.0-03002-gec979a4-dirty #40 [ 5668.772796] Hardware name: Nokia RX-51 board [ 5668.773071] Workqueue: phy1 wl1251_irq_work [ 5668.773345] [<c010c9e4>] (unwind_backtrace) from [<c010a274>] (show_stack+0x10/0x14) [ 5668.773803] [<c010a274>] (show_stack) from [<c01545a4>] (do_raw_spin_lock+0x6c/0xa0) [ 5668.774230] [<c01545a4>] (do_raw_spin_lock) from [<c06ca578>] (_raw_spin_lock_irqsave+0x10/0x18) [ 5668.774658] [<c06ca578>] (_raw_spin_lock_irqsave) from [<c048c010>] (wl1251_op_tx+0x38/0x5c) [ 5668.775115] [<c048c010>] (wl1251_op_tx) from [<c06a12e8>] (ieee80211_tx_frags+0x188/0x1c0) [ 5668.775543] [<c06a12e8>] (ieee80211_tx_frags) from [<c06a138c>] (__ieee80211_tx+0x6c/0x130) [ 5668.775970] [<c06a138c>] (__ieee80211_tx) from [<c06a3dbc>] (ieee80211_tx+0xdc/0x104) [ 5668.776367] [<c06a3dbc>] (ieee80211_tx) from [<c06a4af0>] (__ieee80211_subif_start_xmit+0x454/0x8c8) [ 5668.776824] [<c06a4af0>] (__ieee80211_subif_start_xmit) from [<c06a4f94>] (ieee80211_subif_start_xmit+0x30/0x2fc) [ 5668.777343] [<c06a4f94>] (ieee80211_subif_start_xmit) from [<c0578848>] (dev_hard_start_xmit+0x80/0x118) ... by adding the missing spin_lock_init(). Reported-by: Pavel Machek <pavel@ucw.cz> Cc: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Acked-by: Pavel Machek <pavel@ucw.cz> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Pavel Machek <pavel@ucw.cz> Cc: stable@kernel.org Signed-off-by: David S. Miller <davem@davemloft.net> 31 August 2017, 20:11:15 UTC
f5308d1 Cameron Gutman 31 August 2017, 18:52:20 UTC Input: xpad - fix PowerA init quirk for some gamepad models The PowerA gamepad initialization quirk worked with the PowerA wired gamepad I had around (0x24c6:0x543a), but a user reported [0] that it didn't work for him, even though our gamepads shared the same vendor and product IDs. When I initially implemented the PowerA quirk, I wanted to avoid actually triggering the rumble action during init. My tests showed that my gamepad would work correctly even if it received a rumble of 0 intensity, so that's what I went with. Unfortunately, this apparently isn't true for all models (perhaps a firmware difference?). This non-working gamepad seems to require the real magic rumble packet that the Microsoft driver sends, which actually vibrates the gamepad. To counteract this effect, I still send the old zero-rumble PowerA quirk packet which cancels the rumble effect before the motors can spin up enough to vibrate. [0]: https://github.com/paroj/xpad/issues/48#issuecomment-313904867 Reported-by: Kyle Beauchamp <kyleabeauchamp@gmail.com> Tested-by: Kyle Beauchamp <kyleabeauchamp@gmail.com> Fixes: 81093c9848a7 ("Input: xpad - support some quirky Xbox One pads") Cc: stable@vger.kernel.org # v4.12 Signed-off-by: Cameron Gutman <aicommander@gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> 31 August 2017, 18:55:11 UTC
231d069 Hans de Goede 29 August 2017, 12:08:35 UTC i2c: designware: Round down ACPI provided clk to nearest supported clk The Lenovo Miix2 8 DSDT contains an i2c clk / bus speed of 1700000 Hz for one if its devices, which is not supported. This is the second DSDT to show up with an unsupported clk in a short time, remove the hardcoded fix for DSDTs with a 1 MiHz clock and simply always round down the clk to the nearest supported value. Reported-by: russianneuromancer@ya.ru Fixes: 682c6c2188 ("i2c: designware: Some broken DSTDs use 1MiHz ...") Signed-off-by: Hans de Goede <hdegoede@redhat.com> Acked-by: Jarkko Nikula <jarkko.nikula@linux.intel.com> Signed-off-by: Wolfram Sang <wsa@the-dreams.de> 31 August 2017, 18:27:39 UTC
back to top