465 commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
Greg Kroah-Hartman
|
4579df0c74 |
Merge 4.19.299 into android-4.19-stable
Changes in 4.19.299 vfs: fix readahead(2) on block devices genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() i40e: fix potential memory leaks in i40e_remove() tcp_metrics: add missing barriers on delete tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() tcp_metrics: do not create an entry from tcp_init_metrics() wifi: rtlwifi: fix EDCA limit set by BT coexistence can: dev: move driver related infrastructure into separate subdir can: dev: can_restart(): don't crash kernel if carrier is OK can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() thermal: core: prevent potential string overflow chtls: fix tp->rcv_tstamp initialization ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() ipv6: avoid atomic fragment on GSO packets macsec: Fix traffic counters/statistics macsec: use DEV_STATS_INC() net: add DEV_STATS_READ() helper ipvlan: properly track tx_errors regmap: debugfs: Fix a erroneous check after snprintf() clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies clk: keystone: pll: fix a couple NULL vs IS_ERR() checks clk: npcm7xx: Fix incorrect kfree clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data platform/x86: wmi: Fix probe failure when failing to register WMI devices platform/x86: wmi: remove unnecessary initializations platform/x86: wmi: Fix opening of char device hwmon: (coretemp) Fix potentially truncated sysfs attribute name drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs drm/radeon: possible buffer overflow drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator firmware: ti_sci: Mark driver as non removable clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped hwrng: geode - fix accessing registers sched/rt: Provide migrate_disable/enable() inlines nd_btt: Make BTT lanes preemptible HID: cp2112: Use irqchip template hid: cp2112: Fix duplicate workqueue initialization ARM: 9321/1: memset: cast the constant byte to unsigned char ext4: move 'ix' sanity check to corrent position RDMA/hfi1: Workaround truncation compilation error sh: bios: Revive earlyprintk support ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails ASoC: ams-delta.c: use component after check mfd: dln2: Fix double put in dln2_probe leds: pwm: simplify if condition leds: pwm: convert to atomic PWM API leds: pwm: Don't disable the PWM when the LED should be off ledtrig-cpu: Limit to 8 CPUs leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' tty: tty_jobctrl: fix pid memleak in disassociate_ctty() usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency dmaengine: ti: edma: handle irq_of_parse_and_map() errors misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() tools: iio: privatize globals and functions in iio_generic_buffer.c file tools: iio: iio_generic_buffer: Fix some integer type and calculation tools: iio: iio_generic_buffer ensure alignment USB: usbip: fix stub_dev hub disconnect dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() f2fs: fix to initialize map.m_pblk in f2fs_precache_extents() pcmcia: cs: fix possible hung task and memory leak pccardd() pcmcia: ds: fix refcount leak in pcmcia_device_add() pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() media: bttv: fix use after free error due to btv->timeout timer media: s3c-camif: Avoid inappropriate kfree() media: dvb-usb-v2: af9035: fix missing unlock pwm: sti: Avoid conditional gotos pwm: sti: Reduce number of allocations and drop usage of chip_data pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() llc: verify mac len before reading mac header tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING dccp: Call security_inet_conn_request() after setting IPv4 addresses. dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. r8169: improve rtl_set_rx_mode net: r8169: Disable multicast filter for RTL8168H and RTL8107E net/smc: postpone release of clcsock net/smc: wait for pending work before clcsock release_sock net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT tg3: power down device only on SYSTEM_POWER_OFF r8169: respect userspace disabling IFF_MULTICAST netfilter: xt_recent: fix (increase) ipv6 literal buffer length fbdev: imsttfb: Fix error path of imsttfb_probe() fbdev: imsttfb: fix a resource leak in probe fbdev: fsl-diu-fb: mark wr_reg_wa() static Revert "mmc: core: Capture correct oemid-bits for eMMC cards" btrfs: use u64 for buffer sizes in the tree search ioctls Linux 4.19.299 Change-Id: I130ef8f6fcd9ce2815d8b2493f96082376730758 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Tomas Glozar
|
2577fece58 |
nd_btt: Make BTT lanes preemptible
[ Upstream commit 36c75ce3bd299878fd9b238e9803d3817ddafbf3 ]
nd_region_acquire_lane uses get_cpu, which disables preemption. This is
an issue on PREEMPT_RT kernels, since btt_write_pg and also
nd_region_acquire_lane itself take a spin lock, resulting in BUG:
sleeping function called from invalid context.
Fix the issue by replacing get_cpu with smp_process_id and
migrate_disable when needed. This makes BTT operations preemptible, thus
permitting the use of spin_lock.
BUG example occurring when running ndctl tests on PREEMPT_RT kernel:
BUG: sleeping function called from invalid context at
kernel/locking/spinlock_rt.c:48
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4903, name:
libndctl
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
Preemption disabled at:
[<ffffffffc1313db5>] nd_region_acquire_lane+0x15/0x90 [libnvdimm]
Call Trace:
<TASK>
dump_stack_lvl+0x8e/0xb0
__might_resched+0x19b/0x250
rt_spin_lock+0x4c/0x100
? btt_write_pg+0x2d7/0x500 [nd_btt]
btt_write_pg+0x2d7/0x500 [nd_btt]
? local_clock_noinstr+0x9/0xc0
btt_submit_bio+0x16d/0x270 [nd_btt]
__submit_bio+0x48/0x80
__submit_bio_noacct+0x7e/0x1e0
submit_bio_wait+0x58/0xb0
__blkdev_direct_IO_simple+0x107/0x240
? inode_set_ctime_current+0x51/0x110
? __pfx_submit_bio_wait_endio+0x10/0x10
blkdev_write_iter+0x1d8/0x290
vfs_write+0x237/0x330
...
</TASK>
Fixes:
|
||
Vaibhav Jain
|
4d69883e79 |
UPSTREAM: libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC
In case a platform doesn't provide explicit flush-hints but provides an explicit flush callback via ND_REGION_ASYNC region flag, then nvdimm_has_flush() still returns '0' indicating that writes do not require flushing. This happens on PPC64 with patch at [1] applied, where 'deep_flush' of a region was denied even though an explicit flush function was provided. Fix this by adding a condition to nvdimm_has_flush() to test for the ND_REGION_ASYNC flag on the region and see if a 'region->flush' callback is assigned. Bug: 254441685 Link: http://lore.kernel.org/r/161703936121.36.7260632399582101498.stgit@e1fbed493c87 [1] Fixes: c5d4355d10d4 ("libnvdimm: nd_region flush callback support") Reported-by: Shivaprasad G Bhat <sbhat@linux.ibm.com> Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com> Link: https://lore.kernel.org/r/20210402092555.208590-1-vaibhav@linux.ibm.com Signed-off-by: Dan Williams <dan.j.williams@intel.com> (cherry picked from commit a2948b17f6b936fc52f86c0f92c46d2f91928b79) Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: I220650135909d6a57f46443ea98b9aae5228d008 |
||
Greg Kroah-Hartman
|
105613d74a |
This is the 4.19.251 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmLG/TsACgkQONu9yGCS aT7mDQ/8Cd+wSYLKWd1obamA0rlRL3P3XJSu41c6BCFdqF5GwfBHpl2G/ekowk3A RxC/O2IKYWybefcGb1GUaUh1ua4b9zMtcCD+oEFKt5NWjvu1yBFhBEdgHdM6jKsh sqToAM40BlnB3flSdT+bYhEE4cRO1BVJDBqx2qLQNE1VtkDxntQe3tFEC2HCUrA4 QDfAYNu10WOsL82gG65qYGrF1W9G4WVbjxtCFH3msUIKnm8ecKa3V44J+IUKWdvk UKl4wHsQJ+AAXThluiGkkfLOzvO+zdf0fep5CDGShGutng0pFptnaWendvwVjeRC 9EbhphatoReSxUQEO22XKPOiL7gBuga3/gvzcl+GURS+87FZa6k2Cl8ZoRSA2FUh mP30hCGjhOV8YmpLhzNhDH4I6946/imUHMW7B0r11Rt5oMfeSiDpZFTfGuXBKcw/ cfUZKkOpRtPuMOQ33Qj7F7h9Cux0xpzVlEhbj2oH1JseFRib9HC7LpkHwlqlgSK+ UHORGp6NxP2Qa1hx1p5839vxRECOJYW2G9aq6FK9+We/IxUt4TvlGfYCT5iy61cv XKzjH0xkllmUeQ5kYnDzlrWUFM//2G01uqtctKWfmywXvhHkgBSgfujzL4Q6TlWI u3/zfSozNCIkG/bWDiHc2nlxaUffnuJMBOjoMxgZDPZzP4CVV6s= =/wWN -----END PGP SIGNATURE----- Merge 4.19.251 into android-4.19-stable Changes in 4.19.251 nvdimm: Fix badblocks clear off-by-one error dm raid: fix accesses beyond end of raid member array dm raid: fix KASAN warning in raid5_add_disks s390/archrandom: simplify back to earlier design and initialize earlier SUNRPC: Fix READ_PLUS crasher net: rose: fix UAF bugs caused by timer handler net: usb: ax88179_178a: Fix packet receiving virtio-net: fix race between ndo_open() and virtio_device_ready() selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test net: tun: unlink NAPI from device on destruction net: tun: stop NAPI when detaching queues RDMA/qedr: Fix reporting QP timeout attribute usbnet: fix memory allocation in helpers net: ipv6: unexport __init-annotated seg6_hmac_net_init() caif_virtio: fix race between virtio_device_ready() and ndo_open() netfilter: nft_dynset: restore set element counter when failing to update net: bonding: fix possible NULL deref in rlb code net: bonding: fix use-after-free after 802.3ad slave unbind nfc: nfcmrvl: Fix irq_of_parse_and_map() return value NFC: nxp-nci: Don't issue a zero length i2c_master_read() net: tun: avoid disabling NAPI twice xen/gntdev: Avoid blocking in unmap_grant_pages() hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails net: dsa: bcm_sf2: force pause link settings sit: use min ipv6/sit: fix ipip6_tunnel_get_prl return value xen/blkfront: fix leaking data in shared pages xen/netfront: fix leaking data in shared pages xen/netfront: force data bouncing when backend is untrusted xen/blkfront: force data bouncing when backend is untrusted xen/arm: Fix race in RB-tree based P2M accounting net: usb: qmi_wwan: add Telit 0x1060 composition net: usb: qmi_wwan: add Telit 0x1070 composition Linux 4.19.251 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ie9952c1de1287952d707e7b5aafef9f4d39cdd2d |
||
Chris Ye
|
1edcdff8a8 |
nvdimm: Fix badblocks clear off-by-one error
commit ef9102004a87cb3f8b26e000a095a261fc0467d3 upstream.
nvdimm_clear_badblocks_region() validates badblock clearing requests
against the span of the region, however it compares the inclusive
badblock request range to the exclusive region range. Fix up the
off-by-one error.
Fixes:
|
||
Greg Kroah-Hartman
|
022059b0c5 |
Revert "block: genhd: add 'groups' argument to device_add_disk"
This reverts commit
|
||
Greg Kroah-Hartman
|
338046dc91 |
This is the 4.19.180 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmBKFbAACgkQONu9yGCS aT7TLBAAoNiYgHkCv4dWU00i+0oRYqkKYqjw1BSDoNqaBAcJ6ztF6nYhALcFQCnn VFrigG8ve8MeiScH2QcFLoYaChiFI9MkNJInY/fVbN6jNagg5uK82/vKPX7UKVns mfEVcZ9oME8imtGsaSuQheIT7NNtC5MJYSq/Jq64/fUkE0/qGIKEqisZ7EvLGV3j ilcr+MjGhEsMEiAFZUrKPzpiIXw3nUopSpIDZISbTKRT5bS9Wo+Viii8ty7DmDHB q7Ort83V6/v9fONcnCqFXV7lqwh7qCCENqcRDuaSwoT+XhcQ6uCfRxJtfzQAPUTI jo0Pbhs23LRpmnxYlLpCso23W6AjUl64aetgZQhUbOQZCAUm7YHDuSiVfQyKCqDQ tk+nTajVn03ebhVDpJFojb+YdvyFE2uB4rQgI9bJ/d00oTrUYwgyOPczRgmdZDcS MnMIFN65T9cKGhgukycWssTOMJwz2lOsbB45yIqTSeq5tRAMOlGjrEJZUOlx4gb9 VnjCgshiW9XV0B7VVPmn7hSmY2SSdkBcvzie+T4XHcHVGWWR+4vIVc1lJ0J2pjn0 8H2prbJIJ1nsoXO0p3JrMpQYLRNdNIhO9fvAR1kKnabVLdXMMHynXJWcHKEvrN6a zlCt5xFskpS+1LyII1r0hT7Lq8krpuq9DUBYdBBbFIxYHL+n1sc= =WNtg -----END PGP SIGNATURE----- Merge 4.19.180 into android-4.19-stable Changes in 4.19.180 btrfs: raid56: simplify tracking of Q stripe presence btrfs: fix raid6 qstripe kmap btrfs: validate qgroup inherit for SNAP_CREATE_V2 ioctl btrfs: free correct amount of space in btrfs_delayed_inode_reserve_metadata btrfs: unlock extents in btrfs_zero_range in case of quota reservation errors PM: runtime: Update device status before letting suppliers suspend dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie usbip: tools: fix build error for multiple definition Revert "zram: close udev startup race condition as default groups" block: genhd: add 'groups' argument to device_add_disk nvme: register ns_id attributes as default sysfs groups aoe: register default groups with device_add_disk() zram: register default groups with device_add_disk() virtio-blk: modernize sysfs attribute creation ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits RDMA/rxe: Fix missing kconfig dependency on CRYPTO rsxx: Return -EFAULT if copy_to_user() fails dm verity: fix FEC for RS roots unaligned to block size r8169: fix resuming from suspend on RTL8105e if machine runs on battery net: dsa: add GRO support via gro_cells dm table: fix iterate_devices based device capability checks dm table: fix DAX iterate_devices based device capability checks dm table: fix zoned iterate_devices based device capability checks iommu/amd: Fix sleeping in atomic in increase_address_space() mwifiex: pcie: skip cancel_work_sync() on reset failure path platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines platform/x86: acer-wmi: Cleanup accelerometer device handling platform/x86: acer-wmi: Add new force_caps module parameter platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter media: cx23885: add more quirks for reset DMA on some AMD IOMMU ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN Linux 4.19.180 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I1d133776c03abf37203427cbc1c0edfa9c396edd |
||
Hannes Reinecke
|
1bf6a186c4 |
block: genhd: add 'groups' argument to device_add_disk
commit fef912bf860e8e7e48a2bfb978a356bba743a8b7 upstream. Update device_add_disk() to take an 'groups' argument so that individual drivers can register a device with additional sysfs attributes. This avoids race condition the driver would otherwise have if these groups were to be created with sysfs_add_groups(). Signed-off-by: Martin Wilck <martin.wilck@suse.com> Signed-off-by: Hannes Reinecke <hare@suse.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Jeffle Xu <jefflexu@linux.alibaba.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
6455a150fa |
Merge 4.19.178 into android-4.19-stable
Changes in 4.19.178 HID: make arrays usage and value to be the same USB: quirks: sort quirk entries usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable ntfs: check for valid standard information attribute arm64: tegra: Add power-domain for Tegra210 HDA scripts: use pkg-config to locate libcrypto scripts: set proper OpenSSL include dir also for sign-file block: add helper for checking if queue is registered block: split .sysfs_lock into two locks block: fix race between switching elevator and removing queues block: don't release queue's sysfs lock during switching elevator NET: usb: qmi_wwan: Adding support for Cinterion MV31 cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath. scripts/recordmcount.pl: support big endian for ARCH sh jump_label/lockdep: Assert we hold the hotplug lock for _cpuslocked() operations locking/static_key: Fix false positive warnings on concurrent dec/inc vmlinux.lds.h: add DWARF v5 sections kdb: Make memory allocations more robust PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 bfq: Avoid false bfq queue merging ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section random: fix the RNDRESEEDCRNG ioctl ath10k: Fix error handling in case of CE pipe init failure Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function Bluetooth: Fix initializing response id after clearing struct ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5 ARM: dts: exynos: correct PMIC interrupt trigger level on Monk ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato ARM: dts: exynos: correct PMIC interrupt trigger level on Spring ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 family arm64: dts: exynos: correct PMIC interrupt trigger level on TM2 arm64: dts: exynos: correct PMIC interrupt trigger level on Espresso bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args arm64: dts: allwinner: A64: properly connect USB PHY to port 0 arm64: dts: allwinner: Drop non-removable from SoPine/LTS SD card arm64: dts: allwinner: A64: Limit MMC2 bus frequency to 150 MHz cpufreq: brcmstb-avs-cpufreq: Free resources in error path cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove() ACPICA: Fix exception code class checks usb: gadget: u_audio: Free requests only after callback Bluetooth: drop HCI device reference before return Bluetooth: Put HCI device if inquiry procedure interrupts memory: ti-aemif: Drop child node when jumping out loop ARM: dts: Configure missing thermal interrupt for 4430 usb: dwc2: Do not update data length if it is 0 on inbound transfers usb: dwc2: Abort transaction after errors with unknown reason usb: dwc2: Make "trimming xfer length" a debug message staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules ARM: dts: armada388-helios4: assign pinctrl to LEDs ARM: dts: armada388-helios4: assign pinctrl to each fan arm64: dts: msm8916: Fix reserved and rfsa nodes unit address ARM: s3c: fix fiq for clang IAS soc: aspeed: snoop: Add clock control logic bpf_lru_list: Read double-checked variable once without lock ath9k: fix data bus crash when setting nf_override via debugfs ibmvnic: Set to CLOSED state even on error bnxt_en: reverse order of TX disable and carrier off xen/netback: fix spurious event detection for common event case mac80211: fix potential overflow when multiplying to u32 integers bpf: Fix bpf_fib_lookup helper MTU check for SKB ctx tcp: fix SO_RCVLOWAT related hangs under mem pressure cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds b43: N-PHY: Fix the update of coef for the PHY revision >= 3case ibmvnic: add memory barrier to protect long term buffer ibmvnic: skip send_request_unmap for timeout reset net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning net: amd-xgbe: Reset link when the link never comes back net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP net: mvneta: Remove per-cpu queue mapping for Armada 3700 fbdev: aty: SPARC64 requires FB_ATY_CT drm/gma500: Fix error return code in psb_driver_load() gma500: clean up error handling in init crypto: sun4i-ss - fix kmap usage drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if condition MIPS: c-r4k: Fix section mismatch for loongson2_sc_init MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0 media: i2c: ov5670: Fix PIXEL_RATE minimum value media: camss: missing error code in msm_video_register() media: vsp1: Fix an error handling path in the probe function media: em28xx: Fix use-after-free in em28xx_alloc_urbs media: media/pci: Fix memleak in empress_init media: tm6000: Fix memleak in tm6000_start_stream ASoC: cs42l56: fix up error handling in probe crypto: bcm - Rename struct device_private to bcm_device_private drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction. media: lmedm04: Fix misuse of comma media: qm1d1c0042: fix error return code in qm1d1c0042_init() media: cx25821: Fix a bug when reallocating some dma memory media: pxa_camera: declare variable when DEBUG is defined media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) ata: ahci_brcm: Add back regulators management ASoC: cpcap: fix microphone timeslot mask f2fs: fix to avoid inconsistent quota data drm/amdgpu: Prevent shift wrapping in amdgpu_read_mask() Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() btrfs: clarify error returns values in __load_free_space_cache hwrng: timeriomem - Fix cooldown period calculation crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() ima: Free IMA measurement buffer on error ima: Free IMA measurement buffer after kexec syscall fs/jfs: fix potential integer overflow on shift of a int jffs2: fix use after free in jffs2_sum_write_data() capabilities: Don't allow writing ambiguous v3 file capabilities clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL quota: Fix memory leak when handling corrupted quota file spi: cadence-quadspi: Abort read if dummy cycles required are too many clk: sunxi-ng: h6: Fix CEC clock HID: core: detect and skip invalid inputs to snto32() dmaengine: fsldma: Fix a resource leak in the remove function dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function dmaengine: owl-dma: Fix a resource leak in the remove function dmaengine: hsu: disable spurious interrupt mfd: bd9571mwv: Use devm_mfd_add_devices() fdt: Properly handle "no-map" field in the memory region of/fdt: Make sure no-map does not remove already reserved regions power: reset: at91-sama5d2_shdwc: fix wkupdbc mask rtc: s5m: select REGMAP_I2C clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation clk: sunxi-ng: h6: Fix clock divider range on some clocks regulator: axp20x: Fix reference cout leak certs: Fix blacklist flag type confusion spi: atmel: Put allocated master before return regulator: s5m8767: Drop regulators OF node reference isofs: release buffer head before return auxdisplay: ht16k33: Fix refresh rate handling IB/umad: Return EIO in case of when device disassociated IB/umad: Return EPOLLERR in case of when device disassociated KVM: PPC: Make the VMX instruction emulation routines static powerpc/47x: Disable 256k page size mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from 8 to 128-bytes ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores amba: Fix resource leak for drivers without .remove tracepoint: Do not fail unregistering a probe due to memory failure perf tools: Fix DSO filtering when not finding a map for a sampled address RDMA/rxe: Fix coding error in rxe_recv.c RDMA/rxe: Correct skb on loopback path spi: stm32: properly handle 0 byte transfer mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() powerpc/pseries/dlpar: handle ibm, configure-connector delay status powerpc/8xx: Fix software emulation interrupt clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs spi: pxa2xx: Fix the controller numbering for Wildcat Point Input: sur40 - fix an error code in sur40_probe() perf intel-pt: Fix missing CYC processing in PSB perf test: Fix unaligned access in sample parsing test Input: elo - fix an error code in elo_connect() sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set misc: eeprom_93xx46: Fix module alias to enable module autoprobe misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() VMCI: Use set_page_dirty_lock() when unregistering guest memory PCI: Align checking of syscall user config accessors drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) ext4: fix potential htree index checksum corruption regmap: sdw: use _no_pm functions in regmap_read/write i40e: Fix flow for IPv6 next header (extension header) i40e: Add zero-initialization of AQ command structures i40e: Fix overwriting flow control settings during driver loading i40e: Fix VFs not created i40e: Fix add TC filter for IPv6 net/mlx4_core: Add missed mlx4_free_cmd_mailbox() vxlan: move debug check after netdev unregister ocfs2: fix a use after free on error mm/memory.c: fix potential pte_unmap_unlock pte error mm/hugetlb: fix potential double free in hugetlb_register_node() error path r8169: fix jumbo packet handling on RTL8168e arm64: Add missing ISB after invalidating TLB in __primary_switch i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition mm/rmap: fix potential pte_unmap on an not mapped pte scsi: bnx2fc: Fix Kconfig warning & CNIC build errors blk-settings: align max_sectors on "logical_block_size" boundary ACPI: property: Fix fwnode string properties matching ACPI: configfs: add missing check after configfs_register_default_group() HID: wacom: Ignore attempts to overwrite the touch_max value from HID Input: raydium_ts_i2c - do not send zero length Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S Input: joydev - prevent potential read overflow in ioctl Input: i8042 - add ASUS Zenbook Flip to noselftest list USB: serial: option: update interface mapping for ZTE P685M usb: musb: Fix runtime PM race in musb_queue_resume_work usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt USB: serial: ftdi_sio: fix FTX sub-integer prescaler USB: serial: mos7840: fix error code in mos7840_write() USB: serial: mos7720: fix error code in mos7720_write() ALSA: hda/realtek: modify EAPD in the ALC886 tpm_tis: Fix check_locality for correct locality acquisition tpm_tis: Clean up locality release KEYS: trusted: Fix migratable=1 failing btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root btrfs: fix reloc root leak with 0 ref reloc roots on recovery btrfs: fix extent buffer leak on failure to copy root crypto: arm64/sha - add missing module aliases crypto: sun4i-ss - checking sg length is not sufficient crypto: sun4i-ss - handle BigEndian for cipher seccomp: Add missing return in non-void function misc: rtsx: init of rts522a add OCP power off when no card is present drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue pstore: Fix typo in compression option name dts64: mt7622: fix slow sd card access staging/mt7621-dma: mtk-hsdma.c->hsdma-mt7621.c staging: gdm724x: Fix DMA from stack staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table media: ipu3-cio2: Fix mbus_code processing in cio2_subdev_set_fmt() x86/reboot: Force all cpus to exit VMX root if VMX is supported floppy: reintroduce O_NDELAY fix arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing watchdog: mei_wdt: request stop on unregister mtd: spi-nor: hisi-sfc: Put child node np on error path fs/affs: release old buffer head on error path seq_file: document how per-entry resources are managed. x86: fix seq_file iteration for pat/memtype.c hugetlb: fix copy_huge_page_from_user contig page struct assumption libnvdimm/dimm: Avoid race between probe and available_slots_show() arm64: Extend workaround for erratum 1024718 to all versions of Cortex-A55 module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols mmc: sdhci-esdhc-imx: fix kernel panic when remove module gpio: pcf857x: Fix missing first interrupt printk: fix deadlock when kernel panic cpufreq: intel_pstate: Get per-CPU max freq via MSR_HWP_CAPABILITIES if available f2fs: fix out-of-repair __setattr_copy() sparc32: fix a user-triggerable oops in clear_user() gfs2: Don't skip dlm unlock if glock has an lvb dm: fix deadlock when swapping to encrypted device dm era: Recover committed writeset after crash dm era: Verify the data block size hasn't changed dm era: Fix bitset memory leaks dm era: Use correct value size in equality function of writeset tree dm era: Reinitialize bitset cache before digesting a new writeset dm era: only resize metadata in preresume icmp: introduce helper for nat'd source address in network device context icmp: allow icmpv6_ndo_send to work with CONFIG_IPV6=n gtp: use icmp_ndo_send helper sunvnet: use icmp_ndo_send helper xfrm: interface: use icmp_ndo_send helper ipv6: icmp6: avoid indirect call for icmpv6_send() ipv6: silence compilation warning for non-IPV6 builds net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending dm era: Update in-core bitset after committing the metadata net: qrtr: Fix memory leak in qrtr_tun_open ARM: dts: aspeed: Add LCLK to lpc-snoop Linux 4.19.178 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I8c07c10dd29a1233f238b533622d7b32bd22bdb0 |
||
Dan Williams
|
77d97b563a |
libnvdimm/dimm: Avoid race between probe and available_slots_show()
commit 7018c897c2f243d4b5f1b94bc6b4831a7eab80fb upstream
Richard reports that the following test:
(while true; do
cat /sys/bus/nd/devices/nmem*/available_slots 2>&1 > /dev/null
done) &
while true; do
for i in $(seq 0 4); do
echo nmem$i > /sys/bus/nd/drivers/nvdimm/bind
done
for i in $(seq 0 4); do
echo nmem$i > /sys/bus/nd/drivers/nvdimm/unbind
done
done
...fails with a crash signature like:
divide error: 0000 [#1] SMP KASAN PTI
RIP: 0010:nd_label_nfree+0x134/0x1a0 [libnvdimm]
[..]
Call Trace:
available_slots_show+0x4e/0x120 [libnvdimm]
dev_attr_show+0x42/0x80
? memset+0x20/0x40
sysfs_kf_seq_show+0x218/0x410
The root cause is that available_slots_show() consults driver-data, but
fails to synchronize against device-unbind setting up a TOCTOU race to
access uninitialized memory.
Validate driver-data under the device-lock.
Fixes:
|
||
Greg Kroah-Hartman
|
07ce88e9de |
This is the 4.19.164 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl/sVdwACgkQONu9yGCS aT581g/+KZ4lFcY/lAEY6/n6RjFenerl5O2a4tqO+j7eivOA8aNOzXQpvwcPXFKZ uCCwab3shrp0MdOJ4Ub1qLF5rZoJ/QvLNkI+8GVRztnchkWHwNlYbheZqHRows9E LM5w/+SUh+I7wymfjsjxr8ohSOxkvygNL9PLLTkuQMwbs/jjdizmcgqeYo54Plih IdtHrp/ZjxKMOu+fkp1dpTy2RUfbxxWS4RnVjSI+g3s8vaxWh90jMCwLP3fyUwpX a8eNCFkIV0lBCj+dYF+ry5x7wGd9mvCVAG70DmRkHd4nyc1WGnp+yz3lQlQnIzeq Hc7k3ts3FXmXBSRTzkqM9pmaOuyrKwqu3DoiplXxHgjeJYegP9k0jh33eohXmc/u qSz9XB3FhBxy7uRf8tqGLKiUsARnQUYfqzR8qgGFndvWRpIBr9egSzDKVNSF5uWu bPt3UQpM8O714NcnB2PGs4OUPqxSikT3BrnfurZOzEddkSveXfkItYnt3mc300bx MSHYY/iuLpsBeDd0U6POgf5J5RigmOWvayZrMkPSxlnm7v9diefpKo7xB7+l3AqD DZ5BSZMNtgKHwzck6d3RXX+GCILreL16Lj299NM1SJPm+j5SEkna7luikgi2pqrk r2cD31L9JHiq36L3uP5u30JoxEG6+W2Px+dqc+uyB3RXHJzRwy4= =TKv4 -----END PGP SIGNATURE----- Merge 4.19.164 into android-4.19-stable Changes in 4.19.164 Kbuild: do not emit debug info for assembly with LLVM_IAS=1 x86/lib: Change .weak to SYM_FUNC_START_WEAK for arch/x86/lib/mem*_64.S spi: bcm2835aux: Fix use-after-free on unbind spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe iwlwifi: pcie: limit memory read spin time arm64: dts: rockchip: Assign a fixed index to mmc devices on rk3399 boards. iwlwifi: mvm: fix kernel panic in case of assert during CSA powerpc: Drop -me200 addition to build flags ARC: stack unwinding: don't assume non-current task is sleeping scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE irqchip/gic-v3-its: Unconditionally save/restore the ITS state on suspend soc: fsl: dpio: Get the cpumask through cpumask_of(cpu) platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC Input: cm109 - do not stomp on control URB Input: i8042 - add Acer laptops to the i8042 reset list pinctrl: amd: remove debounce filter setting in IRQ type setting mmc: block: Fixup condition for CMD13 polling for RPMB requests kbuild: avoid static_assert for genksyms scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()" x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP x86/membarrier: Get rid of a dubious optimization x86/apic/vector: Fix ordering in vector assignment compiler.h: fix barrier_data() on clang PCI: qcom: Add missing reset for ipq806x mac80211: mesh: fix mesh_pathtbl_init() error path net: stmmac: free tx skb buffer in stmmac_resume() tcp: select sane initial rcvq_space.space for big MSS tcp: fix cwnd-limited bug for TSO deferral where we send nothing net/mlx4_en: Avoid scheduling restart task if it is already running lan743x: fix for potential NULL pointer dereference with bare card net/mlx4_en: Handle TX error CQE net: stmmac: delete the eee_ctrl_timer after napi disabled net: stmmac: dwmac-meson8b: fix mask definition of the m250_sel mux net: bridge: vlan: fix error return code in __vlan_add() ktest.pl: If size of log is too big to email, email error message USB: dummy-hcd: Fix uninitialized array use in init() USB: add RESET_RESUME quirk for Snapscan 1212 ALSA: usb-audio: Fix potential out-of-bounds shift ALSA: usb-audio: Fix control 'access overflow' errors from chmap xhci: Give USB2 ports time to enter U3 in bus suspend USB: UAS: introduce a quirk to set no_write_same USB: sisusbvga: Make console support depend on BROKEN ALSA: pcm: oss: Fix potential out-of-bounds shift serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access drm/xen-front: Fix misused IS_ERR_OR_NULL checks drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi arm64: lse: fix LSE atomics with LLVM's integrated assembler arm64: lse: Fix LSE atomics with LLVM arm64: Change .weak to SYM_FUNC_START_WEAK_PI for arch/arm64/lib/mem*.S x86/resctrl: Remove unused struct mbm_state::chunks_bw x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled pinctrl: merrifield: Set default bias in case no particular value given pinctrl: baytrail: Avoid clearing debounce value when turning it off ARM: dts: sun8i: v3s: fix GIC node memory range gpio: mvebu: fix potential user-after-free on probe scsi: bnx2i: Requires MMU xsk: Fix xsk_poll()'s return type can: softing: softing_netdev_open(): fix error handling clk: renesas: r9a06g032: Drop __packed for portability block: factor out requeue handling from dispatch code netfilter: x_tables: Switch synchronization to RCU gpio: eic-sprd: break loop when getting NULL device resource selftests/bpf/test_offload.py: Reset ethtool features after failed setting RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait ixgbe: avoid premature Rx buffer reuse drm/tegra: replace idr_init() by idr_init_base() kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling drm/tegra: sor: Disable clocks on error in tegra_sor_init() arm64: syscall: exit userspace before unmasking exceptions vxlan: Add needed_headroom for lower device vxlan: Copy needed_tailroom from lowerdev scsi: mpt3sas: Increase IOCInit request timeout to 30s dm table: Remove BUG_ON(in_interrupt()) soc/tegra: fuse: Fix index bug in get_process_id USB: serial: option: add interface-number sanity check to flag handling USB: gadget: f_acm: add support for SuperSpeed Plus USB: gadget: f_midi: setup SuperSpeed Plus descriptors usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus USB: gadget: f_rndis: fix bitrate for SuperSpeed and above usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on Exynos5410 ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid XU coresight: tmc-etr: Check if page is valid before dma_map_page() scsi: megaraid_sas: Check user-provided offsets HID: i2c-hid: add Vero K147 to descriptor override serial_core: Check for port state when tty is in error state Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() quota: Sanity-check quota file headers on load media: msi2500: assign SPI bus number dynamically crypto: af_alg - avoid undefined behavior accessing salg_name md: fix a warning caused by a race between concurrent md_ioctl()s perf cs-etm: Change tuple from traceID-CPU# to traceID-metadata perf cs-etm: Move definition of 'traceid_list' global variable from header file drm/gma500: fix double free of gma_connector drm/tve200: Fix handling of platform_get_irq() error soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains() soc: mediatek: Check if power domains can be powered on at boot time soc: qcom: geni: More properly switch to DMA mode RDMA/bnxt_re: Set queue pair state when being queried selinux: fix error initialization in inode_doinit_with_dentry() ARM: dts: aspeed: s2600wf: Fix VGA memory region location RDMA/rxe: Compute PSN windows correctly x86/mm/ident_map: Check for errors from ident_pud_init() ARM: p2v: fix handling of LPAE translation in BE mode x86/apic: Fix x2apic enablement without interrupt remapping sched/deadline: Fix sched_dl_global_validate() sched: Reenable interrupts in do_sched_yield() crypto: talitos - Endianess in current_desc_hdr() crypto: talitos - Fix return type of current_desc_hdr() crypto: inside-secure - Fix sizeof() mismatch powerpc/64: Set up a kernel stack for secondaries before cpu_restore() spi: img-spfi: fix reference leak in img_spfi_resume drm/msm/dsi_pll_10nm: restore VCO rate during restore_state ASoC: pcm: DRAIN support reactivation selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling arm64: dts: exynos: Include common syscon restart/poweroff for Exynos7 arm64: dts: exynos: Correct psci compatible used on Exynos7 Bluetooth: Fix null pointer dereference in hci_event_packet() Bluetooth: hci_h5: fix memory leak in h5_close spi: spi-ti-qspi: fix reference leak in ti_qspi_setup spi: tegra20-slink: fix reference leak in slink ops of tegra20 spi: tegra20-sflash: fix reference leak in tegra_sflash_resume spi: tegra114: fix reference leak in tegra spi ops spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure ASoC: wm8998: Fix PM disable depth imbalance on error ASoC: arizona: Fix a wrong free in wm8997_probe RDMa/mthca: Work around -Wenum-conversion warning MIPS: BCM47XX: fix kconfig dependency bug for BCM47XX_BCMA crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() staging: greybus: codecs: Fix reference counter leak in error handling staging: gasket: interrupt: fix the missed eventfd_ctx_put() in gasket_interrupt.c media: tm6000: Fix sizeof() mismatches media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() ASoC: meson: fix COMPILE_TEST error scsi: core: Fix VPD LUN ID designator priorities media: solo6x10: fix missing snd_card_free in error handling case video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init() drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() Input: ads7846 - fix race that causes missing releases Input: ads7846 - fix integer overflow on Rt calculation Input: ads7846 - fix unaligned access on 7845 usb/max3421: fix return error code in max3421_probe() spi: mxs: fix reference leak in mxs_spi_probe powerpc/feature: Fix CPU_FTRS_ALWAYS by removing CPU_FTRS_GENERIC_32 crypto: crypto4xx - Replace bitwise OR with logical OR in crypto4xx_build_pd crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe spi: fix resource leak for drivers without .remove callback soc: ti: knav_qmss: fix reference leak in knav_queue_probe soc: ti: Fix reference imbalance in knav_dma_probe drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe Input: omap4-keypad - fix runtime PM error handling RDMA/cxgb4: Validate the number of CQEs memstick: fix a double-free bug in memstick_check ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host orinoco: Move context allocation after processing the skb cw1200: fix missing destroy_workqueue() on error in cw1200_init_common dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe() media: siano: fix memory leak of debugfs members in smsdvb_hotplug platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration samples: bpf: Fix lwt_len_hist reusing previous BPF map mips: cdmm: fix use-after-free in mips_cdmm_bus_discover media: max2175: fix max2175_set_csm_mode() error code slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI HSI: omap_ssi: Don't jump to free ID in ssi_add_controller() ARM: dts: Remove non-existent i2c1 from 98dx3236 arm64: dts: rockchip: Set dr_mode to "host" for OTG on rk3328-roc-cc power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI matching power: supply: bq24190_charger: fix reference leak genirq/irqdomain: Don't try to free an interrupt that has no mapping PCI: Bounds-check command-line resource alignment requests PCI: Fix overflow in command-line resource alignment requests PCI: iproc: Fix out-of-bound array accesses arm64: dts: meson: fix spi-max-frequency on Khadas VIM2 ARM: dts: at91: at91sam9rl: fix ADC triggers platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init ath10k: Fix the parsing error in service available event ath10k: Fix an error handling path ath10k: Release some resources in an error handling path NFSv4.2: condition READDIR's mask for security label based on LSM state SUNRPC: xprt_load_transport() needs to support the netid "rdma6" lockd: don't use interval-based rebinding over TCP NFS: switch nfsiod to be an UNBOUND workqueue. vfio-pci: Use io_remap_pfn_range() for PCI IO memory media: saa7146: fix array overflow in vidioc_s_audio() clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent() ARM: dts: at91: sama5d2: map securam as device pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() arm64: dts: rockchip: Fix UART pull-ups on rk3328 memstick: r592: Fix error return in r592_probe() net/mlx5: Properly convey driver version to firmware ASoC: jz4740-i2s: add missed checks for clk_get() dm ioctl: fix error return code in target_message clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI cpufreq: highbank: Add missing MODULE_DEVICE_TABLE cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE cpufreq: st: Add missing MODULE_DEVICE_TABLE cpufreq: loongson1: Add missing MODULE_ALIAS cpufreq: scpi: Add missing MODULE_ALIAS scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe scsi: pm80xx: Fix error return in pm8001_pci_probe() seq_buf: Avoid type mismatch for seq_buf_init scsi: fnic: Fix error return code in fnic_probe() platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops powerpc/pseries/hibernation: remove redundant cacheinfo update usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe usb: oxu210hp-hcd: Fix memory leak in oxu_create speakup: fix uninitialized flush_lock nfsd: Fix message level for normal termination nfs_common: need lock during iterate through the list x86/kprobes: Restore BTF if the single-stepping is cancelled bus: fsl-mc: fix error return code in fsl_mc_object_allocate() clk: tegra: Fix duplicated SE clock entry extcon: max77693: Fix modalias string mac80211: don't set set TDLS STA bandwidth wider than possible ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control() irqchip/alpine-msi: Fix freeing of interrupts on allocation error path watchdog: sirfsoc: Add missing dependency on HAS_IOMEM watchdog: sprd: remove watchdog disable from resume fail path watchdog: sprd: check busy bit before new loading rather than after that watchdog: Fix potential dereferencing of null pointer um: Monitor error events in IRQ controller um: tty: Fix handling of close in tty lines um: chan_xterm: Fix fd leak nfc: s3fwrn5: Release the nfc firmware powerpc/ps3: use dma_mapping_error() checkpatch: fix unescaped left brace net: bcmgenet: Fix a resource leak in an error handling path in the probe functin net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function net: korina: fix return value libnvdimm/label: Return -ENXIO for no slot in __blk_label_update watchdog: qcom: Avoid context switch in restart handler watchdog: coh901327: add COMMON_CLK dependency clk: ti: Fix memleak in ti_fapll_synth_setup pwm: zx: Add missing cleanup in error path pwm: lp3943: Dynamically allocate PWM chip base perf record: Fix memory leak when using '--user-regs=?' to list registers qlcnic: Fix error code in probe clk: s2mps11: Fix a resource leak in error handling paths in the probe function clk: sunxi-ng: Make sure divider tables have sentinel kconfig: fix return value of do_error_if() ARM: sunxi: Add machine match for the Allwinner V3 SoC cfg80211: initialize rekey_data fix namespaced fscaps when !CONFIG_SECURITY lwt: Disable BH too in run_lwt_bpf() Input: cros_ec_keyb - send 'scancodes' in addition to key events Input: goodix - add upside-down quirk for Teclast X98 Pro tablet media: gspca: Fix memory leak in probe media: sunxi-cir: ensure IR is handled when it is continuous media: netup_unidvb: Don't leak SPI master in probe error path media: ipu3-cio2: Remove traces of returned buffers media: ipu3-cio2: Return actual subdev format media: ipu3-cio2: Serialise access to pad format media: ipu3-cio2: Validate mbus format in setting subdev format media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE Input: cyapa_gen6 - fix out-of-bounds stack access ALSA: hda/ca0132 - Change Input Source enum strings. PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup() Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks" ACPI: PNP: compare the string length in the matching_id() ALSA: hda: Fix regressions on clear and reconfig sysfs ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 ALSA: pcm: oss: Fix a few more UBSAN fixes ALSA: hda/realtek: Add quirk for MSI-GP73 ALSA: hda/realtek: Apply jack fixup for Quanta NL3 ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices ALSA: usb-audio: Disable sample read check if firmware doesn't give back s390/smp: perform initial CPU reset also for SMT siblings s390/kexec_file: fix diag308 subcode when loading crash kernel s390/dasd: fix hanging device offline processing s390/dasd: prevent inconsistent LCU device data s390/dasd: fix list corruption of pavgroup group list s390/dasd: fix list corruption of lcu list staging: comedi: mf6x4: Fix AI end-of-conversion detection powerpc/perf: Exclude kernel samples while counting events in user space. crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() EDAC/amd64: Fix PCI component registration USB: serial: mos7720: fix parallel-port state restore USB: serial: digi_acceleport: fix write-wakeup deadlocks USB: serial: keyspan_pda: fix dropped unthrottle interrupts USB: serial: keyspan_pda: fix write deadlock USB: serial: keyspan_pda: fix stalled writes USB: serial: keyspan_pda: fix write-wakeup use-after-free USB: serial: keyspan_pda: fix tx-unthrottle use-after-free USB: serial: keyspan_pda: fix write unthrottling ext4: fix a memory leak of ext4_free_data ext4: fix deadlock with fs freezing and EA inodes KVM: arm64: Introduce handling of AArch32 TTBCR2 traps ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard ES ARM: dts: at91: sama5d2: fix CAN message ram offset and size powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at powerpc/rtas: Fix typo of ibm,open-errinjct in RTAS filter powerpc/xmon: Change printk() to pr_cont() powerpc/powernv/memtrace: Don't leak kernel memory to user space powerpc/powernv/memtrace: Fix crashing the kernel when enabling concurrently ima: Don't modify file descriptor mode on the fly ceph: fix race in concurrent __ceph_remove_cap invocations SMB3: avoid confusing warning message on mount to Azure SMB3.1.1: do not log warning message if server doesn't populate salt ubifs: wbuf: Don't leak kernel memory to flash jffs2: Fix GC exit abnormally jfs: Fix array index bounds check in dbAdjTree drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() spi: spi-sh: Fix use-after-free on unbind spi: davinci: Fix use-after-free on unbind spi: pic32: Don't leak DMA channels in probe error path spi: rb4xx: Don't leak SPI master in probe error path spi: sc18is602: Don't leak SPI master in probe error path spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe soc: qcom: smp2p: Safely acquire spinlock without IRQs mtd: spinand: Fix OOB read mtd: parser: cmdline: Fix parsing of part-names with colons mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free() iio: buffer: Fix demux update iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume iio:light:rpr0521: Fix timestamp alignment and prevent data leak. iio:light:st_uvis25: Fix timestamp alignment and prevent data leak. iio:pressure:mpl3115: Force alignment of buffer iio:imu:bmi160: Fix too large a buffer. md/cluster: block reshape with remote resync job md/cluster: fix deadlock when node is doing resync job pinctrl: sunxi: Always call chained_irq_{enter, exit} in sunxi_pinctrl_irq_handler clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 xen-blkback: set ring->xenblkd to NULL after kthread_stop() xen/xenbus: Allow watches discard events before queueing xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() xen/xenbus/xen_bus_type: Support will_handle watch callback xen/xenbus: Count pending messages for each watch xenbus/xenbus_backend: Disallow pending watch messages libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12 PCI: Fix pci_slot_release() NULL pointer dereference platform/x86: mlx-platform: remove an unused variable Linux 4.19.164 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I8e2d24b45393ee2360186893d4e578e20156c7f1 |
||
Dan Williams
|
e8d635ad52 |
libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels
commit 2dd2a1740ee19cd2636d247276cf27bfa434b0e2 upstream. A recent change to ndctl to attempt to reconfigure namespaces in place uncovered a label accounting problem in block-window-type namespaces. The ndctl "create.sh" test is able to trigger this signature: WARNING: CPU: 34 PID: 9167 at drivers/nvdimm/label.c:1100 __blk_label_update+0x9a3/0xbc0 [libnvdimm] [..] RIP: 0010:__blk_label_update+0x9a3/0xbc0 [libnvdimm] [..] Call Trace: uuid_store+0x21b/0x2f0 [libnvdimm] kernfs_fop_write+0xcf/0x1c0 vfs_write+0xcc/0x380 ksys_write+0x68/0xe0 When allocated capacity for a namespace is renamed (new UUID) the labels with the old UUID need to be deleted. The ndctl behavior to always destroy namespaces on reconfiguration hid this problem. The immediate impact of this bug is limited since block-window-type namespaces only seem to exist in the specification and not in any shipping products. However, the label handling code is being reused for other technologies like CXL region labels, so there is a benefit to making sure both vertical labels sets (block-window) and horizontal label sets (pmem) have a functional reference implementation in libnvdimm. Fixes: c4703ce11c23 ("libnvdimm/namespace: Fix label tracking error") Cc: <stable@vger.kernel.org> Cc: Vishal Verma <vishal.l.verma@intel.com> Cc: Dave Jiang <dave.jiang@intel.com> Cc: Ira Weiny <ira.weiny@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Zhang Qilong
|
4d3b5ddb7b |
libnvdimm/label: Return -ENXIO for no slot in __blk_label_update
[ Upstream commit 4c46764733c85b82c07e9559b39da4d00a7dd659 ]
Forget to set error code when nd_label_alloc_slot failed, and we
add it to avoid overwritten error code.
Fixes:
|
||
Greg Kroah-Hartman
|
8f1ab4ae37 |
This is the 4.19.127 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7czOcACgkQONu9yGCS aT4XBBAAvMwls1yBK2I/9kWES9aZv0zjHIGl9LimzsTysEDo+4gFGJU8fZoIH2T/ pFbUtmFMyvnAYXTg7QbDBGnzriflufekyBKlPlNqDmq3zv6kD9x6VklowZmW4c4m TkIeXTyhiZVLpYhJy5LGwmzEAJ8ZABbqq2YghSqWhvldYdDLT/bfXe+jEKildM7h 4YVtudfDrryK2pLo8rI3acWfoVnbRiuX7B77DJ+3qI0r1vps25Ht7lg957wvqMqC LbSrnrOxp3WaSgnCqBEUvMTP2G+JPgXeFF9LdmktjwiWT5yGsBPHb6EDeEZ4to9d WuSWttlRjAkwK1oe2Z0Er5Hahb98ZrIFmQsjuNpMGO29pT0IGbmOS6KJMz4uGhC0 5NUcf6Fcnez05B9Pi2XljlwaCLv/xyz4lPyqSs/KHyu4GxsOeeHrVpnHY5Ei41N2 Ujglqy0tNV1rgRZZCEQA7rGzvLta0JC3SEqeqcJFahvL+NYLRP/WK7eCGuzOUuMs vv727ewOj5znb9f4UHCLFB9au0YsjaPvsEhw9pfoePVMpOt+25kS96z872VnUsUV tESAK7+BAIQDV6Q63S9MrNEJPBLUEFnA4J2WrwE9+6v19Az0usH8hlB0Swxhn7xn B6q4d17FhNSyXFbqJYjcT0ddWVv5qDIyuLbTB8EdxH3D+cRfuAM= =+xz9 -----END PGP SIGNATURE----- Merge 4.19.127 into android-4.19-stable Changes in 4.19.127 Revert "cgroup: Add memory barriers to plug cgroup_rstat_updated() race window" libnvdimm: Fix endian conversion issues mm: Fix mremap not considering huge pmd devmap HID: sony: Fix for broken buttons on DS3 USB dongles HID: i2c-hid: add Schneider SCL142ALM to descriptor override p54usb: add AirVasT USB stick device-id kernel/relay.c: handle alloc_percpu returning NULL in relay_open mmc: fix compilation of user API scsi: ufs: Release clock if DMA map fails net: dsa: mt7530: set CPU port to fallback mode airo: Fix read overflows sending packets drm/i915: fix port checks for MST support on gen >= 11 scsi: hisi_sas: Check sas_port before using it powerpc/powernv: Avoid re-registration of imc debugfs directory spi: dw: use "smp_mb()" to avoid sending spi data error s390/ftrace: save traced function caller ARC: Fix ICCM & DCCM runtime size checks ARC: [plat-eznps]: Restrict to CONFIG_ISA_ARCOMPACT evm: Fix RCU list related warnings i2c: altera: Fix race between xfer_msg and isr thread x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables net: bmac: Fix read of MAC address from ROM drm/edid: Add Oculus Rift S to non-desktop list s390/mm: fix set_huge_pte_at() for empty ptes null_blk: return error for invalid zone size net/ethernet/freescale: rework quiesce/activate for ucc_geth net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x net: smsc911x: Fix runtime PM imbalance on error Linux 4.19.127 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I0ba65b19a1f1d3d1767e8f5cccef4b2f320cdd59 |
||
Aneesh Kumar K.V
|
ee37d219a1 |
libnvdimm: Fix endian conversion issues
commit 86aa66687442ef45909ff9814b82b4d2bb892294 upstream.
nd_label->dpa issue was observed when trying to enable the namespace created
with little-endian kernel on a big-endian kernel. That made me run
`sparse` on the rest of the code and other changes are the result of that.
Fixes:
|
||
Greg Kroah-Hartman
|
a483478041 |
This is the 4.19.125 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7OiwEACgkQONu9yGCS aT6VuBAA041WkiGELfxgOZM4dsjl4h+q91tJb4Hg8labIH3psp762dnQDF41xO+v mXUQ84y8cSUAY9/KJ1Bf/4vPPJKI3+/Ce2lD/tjBArbj/GL25QBlQbH22UtU255X Km7lpEwjcsRu+y99f31DhASE41QQRSAeY11YgCdFVC3P8npTGX8YnlwsP/pNEBkB mVclgabmNsZ7IuF/NhUGJoQJarFJRQ3lIJxOJSS/9tcewsuTQLoDUz7q9eo7K6Oe OC3kgtfgN9I+afjcjx47PzurvG9HlZQNBSkh3XSE46LGzgULxd1eMZ04CAFAAhvY V8YjoSXQxtKxLkNuah0nyW/1ej9B8nMtRcfjfbHTaDr5+I0gssDvuypkJx2VVHKL G0JdZhOwsUOVxecZ1uQ8W9GtERZvyBQF4kWoD2UYMw9CIlz5ZYAGAQ+SMqv49Fkx BIBA8LWXN7Z62GAw2tYcylElXfImUZjCq6GbZM3+iR2G9LC7dPothUldhGRgtxSb CzKBwwEIGdDIaVTVdnRF+UKdQhyRe3YgkvzFJGT9FoiXuw/50BGIEJZw0iai4VZo 0+IxM0a+mvsA3IID4M0SQBC0+CxR0PoWI7CxeOInmlGz9QDjPwKSpJXHuO51lycD uGT0DLjP3VMNaalB13EJvsh98ddFgB1utumn/IdLzP477F3uBiw= =0DXr -----END PGP SIGNATURE----- Merge 4.19.125 into android-4.19-stable Changes in 4.19.125 x86/uaccess, ubsan: Fix UBSAN vs. SMAP ubsan: build ubsan.c more conservatively i2c: dev: Fix the race between the release of i2c_dev and cdev KVM: SVM: Fix potential memory leak in svm_cpu_init() riscv: set max_pfn to the PFN of the last page ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash() evm: Check also if *tfm is an error pointer in init_desc() ima: Fix return value of ima_write_policy() mtd: spinand: Propagate ECC information to the MTD structure fix multiplication overflow in copy_fdtable() ubifs: remove broken lazytime support iommu/amd: Fix over-read of ACPI UID from IVRS table i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' ubi: Fix seq_file usage in detailed_erase_block_info debugfs file gcc-common.h: Update for GCC 10 HID: multitouch: add eGalaxTouch P80H84 support HID: alps: Add AUI1657 device ID HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV scsi: qla2xxx: Delete all sessions before unregister local nvme port configfs: fix config_item refcnt leak in configfs_rmdir() vhost/vsock: fix packet delivery order to monitoring devices aquantia: Fix the media type of AQC100 ethernet controller in the driver component: Silence bind error on -EPROBE_DEFER scsi: ibmvscsi: Fix WARN_ON during event pool release HID: i2c-hid: reset Synaptics SYNA2393 on resume x86/apic: Move TSC deadline timer debug printk gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock ceph: fix double unlock in handle_cap_export() stmmac: fix pointer check after utilization in stmmac_interrupt USB: core: Fix misleading driver bug report platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA ARM: futex: Address build warning padata: Replace delayed timer with immediate workqueue in padata_reorder padata: initialize pd->cpu with effective cpumask padata: purge get_cpu and reorder_via_wq from padata_do_serial ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option ALSA: pcm: fix incorrect hw_base increase ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme ALSA: hda/realtek - Add more fixup entries for Clevo machines drm/etnaviv: fix perfmon domain interation apparmor: Fix use-after-free in aa_audit_rule_init apparmor: fix potential label refcnt leak in aa_change_profile apparmor: Fix aa_label refcnt leak in policy_update dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' dmaengine: owl: Use correct lock in owl_dma_get_pchan() drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance. powerpc: Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE powerpc/64s: Disable STRICT_KERNEL_RWX nfit: Add Hyper-V NVDIMM DSM command set to white list libnvdimm/btt: Remove unnecessary code in btt_freelist_init libnvdimm/btt: Fix LBA masking during 'free list' population staging: most: core: replace strcpy() by strscpy() thunderbolt: Drop duplicated get_switch_at_route() media: fdp1: Fix R-Car M3-N naming in debug message Revert "net/ibmvnic: Fix EOI when running in XIVE mode" net: bcmgenet: code movement net: bcmgenet: abort suspend on error cxgb4: free mac_hlist properly cxgb4/cxgb4vf: Fix mac_hlist initialization and free tty: serial: qcom_geni_serial: Fix wrap around of TX buffer brcmfmac: abort and release host after error Revert "gfs2: Don't demote a glock until its revokes are written" staging: iio: ad2s1210: Fix SPI reading staging: greybus: Fix uninitialized scalar variable iio: sca3000: Remove an erroneous 'get_device()' iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' misc: rtsx: Add short delay after exit from ASPM mei: release me_cl object reference ipack: tpci200: fix error return code in tpci200_register() rapidio: fix an error in get_user_pages_fast() error handling rxrpc: Fix a memory leak in rxkad_verify_response() x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() iio: adc: stm32-adc: fix device used to request dma iio: adc: stm32-dfsdm: Use dma_request_chan() instead dma_request_slave_channel() iio: adc: stm32-dfsdm: fix device used to request dma rxrpc: Trace discarded ACKs rxrpc: Fix ack discard Linux 4.19.125 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I7ef4b874ed2ce4f234e2333c751b5dd401746358 |
||
Vishal Verma
|
4e160b91c7 |
libnvdimm/btt: Fix LBA masking during 'free list' population
[ Upstream commit 9dedc73a4658ebcc0c9b58c3cb84e9ac80122213 ] The Linux BTT implementation assumes that log entries will never have the 'zero' flag set, and indeed it never sets that flag for log entries itself. However, the UEFI spec is ambiguous on the exact format of the LBA field of a log entry, specifically as to whether it should include the additional flag bits or not. While a zero bit doesn't make sense in the context of a log entry, other BTT implementations might still have it set. If an implementation does happen to have it set, we would happily read it in as the next block to write to for writes. Since a high bit is set, it pushes the block number out of the range of an 'arena', and we fail such a write with an EIO. Follow the robustness principle, and tolerate such implementations by stripping out the zero flag when populating the free list during initialization. Additionally, use the same stripped out entries for detection of incomplete writes and map restoration that happens at this stage. Add a sysfs file 'log_zero_flags' that indicates the ability to accept such a layout to userspace applications. This enables 'ndctl check-namespace' to recognize whether the kernel is able to handle zero flags, or whether it should attempt a fix-up under the --repair option. Cc: Dan Williams <dan.j.williams@intel.com> Reported-by: Dexuan Cui <decui@microsoft.com> Reported-by: Pedro d'Aquino Filocre F S Barbuda <pbarbuda@microsoft.com> Tested-by: Dexuan Cui <decui@microsoft.com> Signed-off-by: Vishal Verma <vishal.l.verma@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Vishal Verma
|
2979da3734 |
libnvdimm/btt: Remove unnecessary code in btt_freelist_init
[ Upstream commit 2f8c9011151337d0bc106693f272f9bddbccfab2 ] We call btt_log_read() twice, once to get the 'old' log entry, and again to get the 'new' entry. However, we have no use for the 'old' entry, so remove it. Cc: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Vishal Verma <vishal.l.verma@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Greg Kroah-Hartman
|
a13256124f |
This is the 4.19.118 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl6hUzYACgkQONu9yGCS aT60dw//aKFE0n+vIK9fv24SMkVfleVVFeU1hYNJAUDy4CZF6vbZYAVg+w740fMD 1rgOgk138kkFufC/Mlk1CcPkwVdTob9KhhuRDQS5+ncuPHlzmf0JF9Y0yQ4Y7BRm mDPvVVNQCdL26voReKf5rT+6YWIpVrwWOLxhboFmVE8fWwIxKAKYav/KCYFxHDZi Yu0C2qpKLs7fPoEDrcyQCHxo+lv/GFTNkFwGez1uB+ejZfGd/eQSsqEfRlHZlx5y XdqfbAuOJdIyPJjZZ9B6bFC0Q1w9Rs16DkfpEU2E7Ksx8UTY226wrKaQI0n419fy //ZEVv+fim/GHtfq9Eeo/IIWNADF6qL/5yx5xzJ9cZDVe4SAOsUo9QlVaYgqE+Fy AMtnspS4e0iKiUzbIAwqXBV/VPVUnkPgsuDVs/sKCjhVs8g7SsTxu6daxDcamXFh yTH2reH78n41WHOSvR23QnnuFO/+fc+vDIhVLvyUsrSeNPFODuJOQjNBeOJxNrrn 550n10NwJc8DW5QiEQ11D2R9qSOYT7o98SuxDS3iyfwhBSN2nwRJMP4z1lvYn1dR nqWxNT8cIL2cCzLlfN9bHga3Tx7Ix4TXcI9iMbY4s4gJRG5m9TBNl6dNX2PIhiKg Arjq4OA3t+k4FYmUIDXvvqYb/qX+1oWMvZMmU9PveZSxQ/7szZo= =C4om -----END PGP SIGNATURE----- Merge 4.19.118 into android-4.19 Changes in 4.19.118 arm, bpf: Fix offset overflow for BPF_MEM BPF_DW objtool: Fix switch table detection in .text.unlikely scsi: sg: add sg_remove_request in sg_common_write ext4: use non-movable memory for superblock readahead watchdog: sp805: fix restart handler arm, bpf: Fix bugs with ALU64 {RSH, ARSH} BPF_K shift by 0 ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN. netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type irqchip/mbigen: Free msi_desc on device teardown ALSA: hda: Don't release card at firmware loading error of: unittest: kmemleak on changeset destroy of: unittest: kmemleak in of_unittest_platform_populate() of: unittest: kmemleak in of_unittest_overlay_high_level() of: overlay: kmemleak in dup_and_fixup_symbol_prop() x86/Hyper-V: Report crash register data or kmsg before running crash kernel lib/raid6: use vdupq_n_u8 to avoid endianness warnings video: fbdev: sis: Remove unnecessary parentheses and commented code rbd: avoid a deadlock on header_rwsem when flushing notifies rbd: call rbd_dev_unprobe() after unwatching and flushing notifies xsk: Add missing check on user supplied headroom size x86/Hyper-V: Unload vmbus channel in hv panic callback x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump x86/Hyper-V: Trigger crash enlightenment only once during system crash. x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set x86/Hyper-V: Report crash data in die() when panic_on_oops is set clk: at91: usb: continue if clk_hw_round_rate() return zero power: supply: bq27xxx_battery: Silence deferred-probe error clk: tegra: Fix Tegra PMC clock out parents soc: imx: gpc: fix power up sequencing rtc: 88pm860x: fix possible race condition NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails s390/cpuinfo: fix wrong output when CPU0 is offline powerpc/maple: Fix declaration made after definition s390/cpum_sf: Fix wrong page count in error message ext4: do not commit super on read-only bdev um: ubd: Prevent buffer overrun on command completion cifs: Allocate encryption header through kmalloc include/linux/swapops.h: correct guards for non_swap_entry() percpu_counter: fix a data race at vm_committed_as compiler.h: fix error in BUILD_BUG_ON() reporting KVM: s390: vsie: Fix possible race when shadowing region 3 tables x86: ACPI: fix CPU hotplug deadlock drm/amdkfd: kfree the wrong pointer NFS: Fix memory leaks in nfs_pageio_stop_mirroring() f2fs: fix NULL pointer dereference in f2fs_write_begin() drm/vc4: Fix HDMI mode validation iommu/vt-d: Fix mm reference leak ext2: fix empty body warnings when -Wextra is used ext2: fix debug reference to ext2_xattr_cache power: supply: axp288_fuel_gauge: Broaden vendor check for Intel Compute Sticks. libnvdimm: Out of bounds read in __nd_ioctl() iommu/amd: Fix the configuration of GCR3 table root pointer f2fs: fix to wait all node page writeback net: dsa: bcm_sf2: Fix overflow checks fbdev: potential information leak in do_fb_ioctl() iio: si1133: read 24-bit signed integer for measurement tty: evh_bytechan: Fix out of bounds accesses locktorture: Print ratio of acquisitions, not failures mtd: spinand: Explicitly use MTD_OPS_RAW to write the bad block marker to OOB mtd: lpddr: Fix a double free in probe() mtd: phram: fix a double free issue in error path KEYS: Don't write out to userspace while holding key semaphore bpf: fix buggy r0 retval refinement for tracing helpers Linux 4.19.118 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ife34f739f719c332c7b1d22b1832179be6a16800 |
||
Dan Carpenter
|
b7c5dc73e1 |
libnvdimm: Out of bounds read in __nd_ioctl()
[ Upstream commit f84afbdd3a9e5e10633695677b95422572f920dc ]
The "cmd" comes from the user and it can be up to 255. It it's more
than the number of bits in long, it results out of bounds read when we
check test_bit(cmd, &cmd_mask). The highest valid value for "cmd" is
ND_CMD_CALL (10) so I added a compare against that.
Fixes:
|
||
Pankaj Gupta
|
748a437c5c |
UPSTREAM: virtio-pmem: Add virtio pmem driver
This patch adds virtio-pmem driver for KVM guest. Guest reads the persistent memory range information from Qemu over VIRTIO and registers it on nvdimm_bus. It also creates a nd_region object with the persistent memory range information so that existing 'nvdimm/pmem' driver can reserve this into system memory map. This way 'virtio-pmem' driver uses existing functionality of pmem driver to register persistent memory compatible for DAX capable filesystems. This also provides function to perform guest flush over VIRTIO from 'pmem' driver when userspace performs flush on DAX memory range. Signed-off-by: Pankaj Gupta <pagupta@redhat.com> Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Jakub Staron <jstaron@google.com> Tested-by: Jakub Staron <jstaron@google.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> (cherry picked from commit 6e84200c0a2994b991259d19450eee561029bf70) Bug: 146400078 Bug: 148297388 Change-Id: Ie3457fe184f29984d181bc0afa9267e2567a2caf Signed-off-by: Alistair Delva <adelva@google.com> |
||
Pankaj Gupta
|
d1e787071f |
UPSTREAM: libnvdimm: nd_region flush callback support
This patch adds functionality to perform flush from guest to host over VIRTIO. We are registering a callback based on 'nd_region' type. virtio_pmem driver requires this special flush function. For rest of the region types we are registering existing flush function. Report error returned by host fsync failure to userspace. Signed-off-by: Pankaj Gupta <pagupta@redhat.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> (cherry picked from commit c5d4355d10d414a96ca870b731756b89d068d57a) Bug: 146400078 Bug: 148297388 Change-Id: Icf6ff5327b3c74455a4d53d2d37ac7fef7fbda85 Signed-off-by: Alistair Delva <adelva@google.com> |
||
Aneesh Kumar K.V
|
4921f55708 |
UPSTREAM: libnvdimm/of_pmem: Provide a unique name for bus provider
ndctl binaries, v66 and older, mistakenly require the ndbus to have unique names. If not while enumerating the bus in userspace it drops bus with similar names. This results in us not listing devices beneath the bus. Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com> Tested-by: Vaibhav Jain <vaibhav@linux.ibm.com> Link: https://lore.kernel.org/r/20190807040029.11344-1-aneesh.kumar@linux.ibm.com Signed-off-by: Dan Williams <dan.j.williams@intel.com> (cherry picked from commit 49bddc73d15c25a68e4294d76fc74519fda984cd) Bug: 146400078 Bug: 148297388 Change-Id: Ieda4557bbda63e554e2eda6b87d7ba2a6e149e3b Signed-off-by: Alistair Delva <adelva@google.com> |
||
YueHaibing
|
e9bc6a61e4 |
UPSTREAM: libnvdimm/of_pmem: Fix platform_no_drv_owner.cocci warnings
Remove .owner field if calls are used which set it automatically Generated by: scripts/coccinelle/api/platform_no_drv_owner.cocci Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> (cherry picked from commit 316720b9c2341307b9a17103cdafa1ca9b2fb872) Bug: 146400078 Bug: 148297388 Change-Id: I16e7543bcb786e20e96ea4250a809bb3b7f1ec32 Signed-off-by: Alistair Delva <adelva@google.com> |
||
Qian Cai
|
fc7b2a29d8 |
libnvdimm/btt: fix variable 'rc' set but not used
[ Upstream commit 4e24e37d5313edca8b4ab86f240c046c731e28d6 ]
drivers/nvdimm/btt.c: In function 'btt_read_pg':
drivers/nvdimm/btt.c:1264:8: warning: variable 'rc' set but not used
[-Wunused-but-set-variable]
int rc;
^~
Add a ratelimited message in case a storm of errors is encountered.
Fixes:
|
||
Aneesh Kumar K.V
|
2e93d24ac7 |
libnvdimm/region: Initialize bad block for volatile namespaces
[ Upstream commit c42adf87e4e7ed77f6ffe288dc90f980d07d68df ] We do check for a bad block during namespace init and that use region bad block list. We need to initialize the bad block for volatile regions for this to work. We also observe a lockdep warning as below because the lock is not initialized correctly since we skip bad block init for volatile regions. INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 2 PID: 1 Comm: swapper/0 Not tainted 5.3.0-rc1-15699-g3dee241c937e #149 Call Trace: [c0000000f95cb250] [c00000000147dd84] dump_stack+0xe8/0x164 (unreliable) [c0000000f95cb2a0] [c00000000022ccd8] register_lock_class+0x308/0xa60 [c0000000f95cb3a0] [c000000000229cc0] __lock_acquire+0x170/0x1ff0 [c0000000f95cb4c0] [c00000000022c740] lock_acquire+0x220/0x270 [c0000000f95cb580] [c000000000a93230] badblocks_check+0xc0/0x290 [c0000000f95cb5f0] [c000000000d97540] nd_pfn_validate+0x5c0/0x7f0 [c0000000f95cb6d0] [c000000000d98300] nd_dax_probe+0xd0/0x1f0 [c0000000f95cb760] [c000000000d9b66c] nd_pmem_probe+0x10c/0x160 [c0000000f95cb790] [c000000000d7f5ec] nvdimm_bus_probe+0x10c/0x240 [c0000000f95cb820] [c000000000d0f844] really_probe+0x254/0x4e0 [c0000000f95cb8b0] [c000000000d0fdfc] driver_probe_device+0x16c/0x1e0 [c0000000f95cb930] [c000000000d10238] device_driver_attach+0x68/0xa0 [c0000000f95cb970] [c000000000d1040c] __driver_attach+0x19c/0x1c0 [c0000000f95cb9f0] [c000000000d0c4c4] bus_for_each_dev+0x94/0x130 [c0000000f95cba50] [c000000000d0f014] driver_attach+0x34/0x50 [c0000000f95cba70] [c000000000d0e208] bus_add_driver+0x178/0x2f0 [c0000000f95cbb00] [c000000000d117c8] driver_register+0x108/0x170 [c0000000f95cbb70] [c000000000d7edb0] __nd_driver_register+0xe0/0x100 [c0000000f95cbbd0] [c000000001a6baa4] nd_pmem_driver_init+0x34/0x48 [c0000000f95cbbf0] [c0000000000106f4] do_one_initcall+0x1d4/0x4b0 [c0000000f95cbcd0] [c0000000019f499c] kernel_init_freeable+0x544/0x65c [c0000000f95cbdb0] [c000000000010d6c] kernel_init+0x2c/0x180 [c0000000f95cbe20] [c00000000000b954] ret_from_kernel_thread+0x5c/0x68 Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com> Link: https://lore.kernel.org/r/20190919083355.26340-1-aneesh.kumar@linux.ibm.com Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Dan Williams
|
2364ed0d8e |
libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock
commit ca6bf264f6d856f959c4239cda1047b587745c67 upstream.
A multithreaded namespace creation/destruction stress test currently
deadlocks with the following lockup signature:
INFO: task ndctl:2924 blocked for more than 122 seconds.
Tainted: G OE 5.2.0-rc4+ #3382
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
ndctl D 0 2924 1176 0x00000000
Call Trace:
? __schedule+0x27e/0x780
schedule+0x30/0xb0
wait_nvdimm_bus_probe_idle+0x8a/0xd0 [libnvdimm]
? finish_wait+0x80/0x80
uuid_store+0xe6/0x2e0 [libnvdimm]
kernfs_fop_write+0xf0/0x1a0
vfs_write+0xb7/0x1b0
ksys_write+0x5c/0xd0
do_syscall_64+0x60/0x240
INFO: task ndctl:2923 blocked for more than 122 seconds.
Tainted: G OE 5.2.0-rc4+ #3382
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
ndctl D 0 2923 1175 0x00000000
Call Trace:
? __schedule+0x27e/0x780
? __mutex_lock+0x489/0x910
schedule+0x30/0xb0
schedule_preempt_disabled+0x11/0x20
__mutex_lock+0x48e/0x910
? nvdimm_namespace_common_probe+0x95/0x4d0 [libnvdimm]
? __lock_acquire+0x23f/0x1710
? nvdimm_namespace_common_probe+0x95/0x4d0 [libnvdimm]
nvdimm_namespace_common_probe+0x95/0x4d0 [libnvdimm]
__dax_pmem_probe+0x5e/0x210 [dax_pmem_core]
? nvdimm_bus_probe+0x1d0/0x2c0 [libnvdimm]
dax_pmem_probe+0xc/0x20 [dax_pmem]
nvdimm_bus_probe+0x90/0x2c0 [libnvdimm]
really_probe+0xef/0x390
driver_probe_device+0xb4/0x100
In this sequence an 'nd_dax' device is being probed and trying to take
the lock on its backing namespace to validate that the 'nd_dax' device
indeed has exclusive access to the backing namespace. Meanwhile, another
thread is trying to update the uuid property of that same backing
namespace. So one thread is in the probe path trying to acquire the
lock, and the other thread has acquired the lock and tries to flush the
probe path.
Fix this deadlock by not holding the namespace device_lock over the
wait_nvdimm_bus_probe_idle() synchronization step. In turn this requires
the device_lock to be held on entry to wait_nvdimm_bus_probe_idle() and
subsequently dropped internally to wait_nvdimm_bus_probe_idle().
Cc: <stable@vger.kernel.org>
Fixes:
|
||
Dan Williams
|
7f000e7b44 |
libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant
commit 6de5d06e657acdbcf9637dac37916a4a5309e0f4 upstream. In preparation for not holding a lock over the execution of nd_ioctl(), update the implementation to allow multiple threads to be attempting ioctls at the same time. The bus lock still prevents multiple in-flight ->ndctl() invocations from corrupting each other's state, but static global staging buffers are moved to the heap. Reported-by: Vishal Verma <vishal.l.verma@intel.com> Reviewed-by: Vishal Verma <vishal.l.verma@intel.com> Tested-by: Vishal Verma <vishal.l.verma@intel.com> Link: https://lore.kernel.org/r/156341208947.292348.10560140326807607481.stgit@dwillia2-desk3.amr.corp.intel.com Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Dan Williams
|
3248536919 |
libnvdimm/region: Register badblocks before namespaces
commit 700cd033a82d466ad8f9615f9985525e45f8960a upstream. Namespace activation expects to be able to reference region badblocks. The following warning sometimes triggers when asynchronous namespace activation races in front of the completion of namespace probing. Move all possible namespace probing after region badblocks initialization. Otherwise, lockdep sometimes catches the uninitialized state of the badblocks seqlock with stack trace signatures like: INFO: trying to register non-static key. pmem2: detected capacity change from 0 to 136365211648 the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 9 PID: 358 Comm: kworker/u80:5 Tainted: G OE 5.2.0-rc4+ #3382 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015 Workqueue: events_unbound async_run_entry_fn Call Trace: dump_stack+0x85/0xc0 pmem1.12: detected capacity change from 0 to 8589934592 register_lock_class+0x56a/0x570 ? check_object+0x140/0x270 __lock_acquire+0x80/0x1710 ? __mutex_lock+0x39d/0x910 lock_acquire+0x9e/0x180 ? nd_pfn_validate+0x28f/0x440 [libnvdimm] badblocks_check+0x93/0x1f0 ? nd_pfn_validate+0x28f/0x440 [libnvdimm] nd_pfn_validate+0x28f/0x440 [libnvdimm] ? lockdep_hardirqs_on+0xf0/0x180 nd_dax_probe+0x9a/0x120 [libnvdimm] nd_pmem_probe+0x6d/0x180 [nd_pmem] nvdimm_bus_probe+0x90/0x2c0 [libnvdimm] Fixes: 48af2f7e52f4 ("libnvdimm, pfn: during init, clear errors...") Cc: <stable@vger.kernel.org> Cc: Vishal Verma <vishal.l.verma@intel.com> Reviewed-by: Vishal Verma <vishal.l.verma@intel.com> Link: https://lore.kernel.org/r/156341208365.292348.1547528796026249120.stgit@dwillia2-desk3.amr.corp.intel.com Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Dan Williams
|
d16bbdbbcb |
libnvdimm/bus: Prevent duplicate device_unregister() calls
commit 8aac0e2338916e273ccbd438a2b7a1e8c61749f5 upstream.
A multithreaded namespace creation/destruction stress test currently
fails with signatures like the following:
sysfs group 'power' not found for kobject 'dax1.1'
RIP: 0010:sysfs_remove_group+0x76/0x80
Call Trace:
device_del+0x73/0x370
device_unregister+0x16/0x50
nd_async_device_unregister+0x1e/0x30 [libnvdimm]
async_run_entry_fn+0x39/0x160
process_one_work+0x23c/0x5e0
worker_thread+0x3c/0x390
BUG: kernel NULL pointer dereference, address: 0000000000000020
RIP: 0010:klist_put+0x1b/0x6c
Call Trace:
klist_del+0xe/0x10
device_del+0x8a/0x2c9
? __switch_to_asm+0x34/0x70
? __switch_to_asm+0x40/0x70
device_unregister+0x44/0x4f
nd_async_device_unregister+0x22/0x2d [libnvdimm]
async_run_entry_fn+0x47/0x15a
process_one_work+0x1a2/0x2eb
worker_thread+0x1b8/0x26e
Use the kill_device() helper to atomically resolve the race of multiple
threads issuing kill, device_unregister(), requests.
Reported-by: Jane Chu <jane.chu@oracle.com>
Reported-by: Erwin Tsaur <erwin.tsaur@oracle.com>
Fixes:
|
||
Dan Williams
|
1a547d24ec |
libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl()
commit b70d31d054ee3a6fc1034b9d7fc0ae1e481aa018 upstream.
In preparation for fixing a deadlock between wait_for_bus_probe_idle()
and the nvdimm_bus_list_mutex arrange for __nd_ioctl() without
nvdimm_bus_list_mutex held. This also unifies the 'dimm' and 'bus' level
ioctls into a common nd_ioctl() preamble implementation.
Marked for -stable as it is a pre-requisite for a follow-on fix.
Cc: <stable@vger.kernel.org>
Fixes:
|
||
Dan Williams
|
2c0222b48e |
libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
commit 7e3e888dfc138089f4c15a81b418e88f0978f744 upstream.
At namespace creation time there is the potential for the "expected to
be zero" fields of a 'pfn' info-block to be filled with indeterminate
data. While the kernel buffer is zeroed on allocation it is immediately
overwritten by nd_pfn_validate() filling it with the current contents of
the on-media info-block location. For fields like, 'flags' and the
'padding' it potentially means that future implementations can not rely on
those fields being zero.
In preparation to stop using the 'start_pad' and 'end_trunc' fields for
section alignment, arrange for fields that are not explicitly
initialized to be guaranteed zero. Bump the minor version to indicate
it is safe to assume the 'padding' and 'flags' are zero. Otherwise,
this corruption is expected to benign since all other critical fields
are explicitly initialized.
Note The cc: stable is about spreading this new policy to as many
kernels as possible not fixing an issue in those kernels. It is not
until the change titled "libnvdimm/pfn: Stop padding pmem namespaces to
section alignment" where this improper initialization becomes a problem.
So if someone decides to backport "libnvdimm/pfn: Stop padding pmem
namespaces to section alignment" (which is not tagged for stable), make
sure this pre-requisite is flagged.
Link: http://lkml.kernel.org/r/156092356065.979959.6681003754765958296.stgit@dwillia2-desk3.amr.corp.intel.com
Fixes:
|
||
Qian Cai
|
90a564549b |
libnvdimm: Fix compilation warnings with W=1
[ Upstream commit c01dafad77fea8d64c4fdca0a6031c980842ad65 ] Several places (dimm_devs.c, core.c etc) include label.h but only label.c uses NSINDEX_SIGNATURE, so move its definition to label.c instead. In file included from drivers/nvdimm/dimm_devs.c:23: drivers/nvdimm/label.h:41:19: warning: 'NSINDEX_SIGNATURE' defined but not used [-Wunused-const-variable=] Also, some places abuse "/**" which is only reserved for the kernel-doc. drivers/nvdimm/bus.c:648: warning: cannot understand function prototype: 'struct attribute_group nd_device_attribute_group = ' drivers/nvdimm/bus.c:677: warning: cannot understand function prototype: 'struct attribute_group nd_numa_attribute_group = ' Those are just some member assignments for the "struct attribute_group" instances and it can't be expressed in the kernel-doc. Reviewed-by: Vishal Verma <vishal.l.verma@intel.com> Signed-off-by: Qian Cai <cai@lca.pw> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Dan Williams
|
ee6d3eb311 |
libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead
commit 52f476a323f9efc959be1c890d0cdcf12e1582e0 upstream.
Jeff discovered that performance improves from ~375K iops to ~519K iops
on a simple psync-write fio workload when moving the location of 'struct
page' from the default PMEM location to DRAM. This result is surprising
because the expectation is that 'struct page' for dax is only needed for
third party references to dax mappings. For example, a dax-mapped buffer
passed to another system call for direct-I/O requires 'struct page' for
sending the request down the driver stack and pinning the page. There is
no usage of 'struct page' for first party access to a file via
read(2)/write(2) and friends.
However, this "no page needed" expectation is violated by
CONFIG_HARDENED_USERCOPY and the check_copy_size() performed in
copy_from_iter_full_nocache() and copy_to_iter_mcsafe(). The
check_heap_object() helper routine assumes the buffer is backed by a
slab allocator (DRAM) page and applies some checks. Those checks are
invalid, dax pages do not originate from the slab, and redundant,
dax_iomap_actor() has already validated that the I/O is within bounds.
Specifically that routine validates that the logical file offset is
within bounds of the file, then it does a sector-to-pfn translation
which validates that the physical mapping is within bounds of the block
device.
Bypass additional hardened usercopy overhead and call the 'no check'
versions of the copy_{to,from}_iter operations directly.
Fixes:
|
||
Dan Williams
|
866f011181 |
libnvdimm/namespace: Fix label tracking error
commit c4703ce11c23423d4b46e3d59aef7979814fd608 upstream.
Users have reported intermittent occurrences of DIMM initialization
failures due to duplicate allocations of address capacity detected in
the labels, or errors of the form below, both have the same root cause.
nd namespace1.4: failed to track label: 0
WARNING: CPU: 17 PID: 1381 at drivers/nvdimm/label.c:863
RIP: 0010:__pmem_label_update+0x56c/0x590 [libnvdimm]
Call Trace:
? nd_pmem_namespace_label_update+0xd6/0x160 [libnvdimm]
nd_pmem_namespace_label_update+0xd6/0x160 [libnvdimm]
uuid_store+0x17e/0x190 [libnvdimm]
kernfs_fop_write+0xf0/0x1a0
vfs_write+0xb7/0x1b0
ksys_write+0x57/0xd0
do_syscall_64+0x60/0x210
Unfortunately those reports were typically with a busy parallel
namespace creation / destruction loop making it difficult to see the
components of the bug. However, Jane provided a simple reproducer using
the work-in-progress sub-section implementation.
When ndctl is reconfiguring a namespace it may take an existing defunct
/ disabled namespace and reconfigure it with a new uuid and other
parameters. Critically namespace_update_uuid() takes existing address
resources and renames them for the new namespace to use / reconfigure as
it sees fit. The bug is that this rename only happens in the resource
tracking tree. Existing labels with the old uuid are not reaped leading
to a scenario where multiple active labels reference the same span of
address range.
Teach namespace_update_uuid() to flag any references to the old uuid for
reaping at the next label update attempt.
Cc: <stable@vger.kernel.org>
Fixes:
|
||
Li RongQing
|
4c8c9d5149 |
libnvdimm/pmem: fix a possible OOB access when read and write pmem
[ Upstream commit 9dc6488e84b0f64df17672271664752488cd6a25 ]
If offset is not zero and length is bigger than PAGE_SIZE,
this will cause to out of boundary access to a page memory
Fixes:
|
||
Aditya Pakki
|
af5b7a150e |
libnvdimm/btt: Fix a kmemdup failure check
[ Upstream commit 486fa92df4707b5df58d6508728bdb9321a59766 ] In case kmemdup fails, the fix releases resources and returns to avoid the NULL pointer dereference. Signed-off-by: Aditya Pakki <pakki001@umn.edu> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Kangjie Lu
|
e94f852e20 |
libnvdimm/namespace: Fix a potential NULL pointer dereference
[ Upstream commit 55c1fc0af29a6c1b92f217b7eb7581a882e0c07c ] In case kmemdup fails, the fix goes to blk_err to avoid NULL pointer dereference. Signed-off-by: Kangjie Lu <kjlu@umn.edu> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Oliver O'Halloran
|
3b8da135a4 |
libnvdimm: Fix altmap reservation size calculation
commit 07464e88365e9236febaca9ed1a2e2006d8bc952 upstream.
Libnvdimm reserves the first 8K of pfn and devicedax namespaces to
store a superblock describing the namespace. This 8K reservation
is contained within the altmap area which the kernel uses for the
vmemmap backing for the pages within the namespace. The altmap
allows for some pages at the start of the altmap area to be reserved
and that mechanism is used to protect the superblock from being
re-used as vmemmap backing.
The number of PFNs to reserve is calculated using:
PHYS_PFN(SZ_8K)
Which is implemented as:
#define PHYS_PFN(x) ((unsigned long)((x) >> PAGE_SHIFT))
So on systems where PAGE_SIZE is greater than 8K the reservation
size is truncated to zero and the superblock area is re-used as
vmemmap backing. As a result all the namespace information stored
in the superblock (i.e. if it's a PFN or DAX namespace) is lost
and the namespace needs to be re-created to get access to the
contents.
This patch fixes this by using PFN_UP() rather than PHYS_PFN() to ensure
that at least one page is reserved. On systems with a 4K pages size this
patch should have no effect.
Cc: stable@vger.kernel.org
Cc: Dan Williams <dan.j.williams@intel.com>
Fixes:
|
||
Dan Williams
|
696c37524b |
libnvdimm/pmem: Honor force_raw for legacy pmem regions
commit fa7d2e639cd90442d868dfc6ca1d4cc9d8bf206e upstream.
For recovery, where non-dax access is needed to a given physical address
range, and testing, allow the 'force_raw' attribute to override the
default establishment of a dev_pagemap.
Otherwise without this capability it is possible to end up with a
namespace that can not be activated due to corrupted info-block, and one
that can not be repaired due to a section collision.
Cc: <stable@vger.kernel.org>
Fixes:
|
||
Wei Yang
|
6a89ed7aa1 |
libnvdimm, pfn: Fix over-trim in trim_pfn_device()
commit f101ada7da6551127d192c2f1742c1e9e0f62799 upstream. When trying to see whether current nd_region intersects with others, trim_pfn_device() has already calculated the *size* to be expanded to SECTION size. Do not double append 'adjust' to 'size' when calculating whether the end of a region collides with the next pmem region. Fixes: ae86cbfef381 "libnvdimm, pfn: Pad pfn namespaces relative to other regions" Cc: <stable@vger.kernel.org> Signed-off-by: Wei Yang <richardw.yang@linux.intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Dan Williams
|
2b88d92ea9 |
libnvdimm/label: Clear 'updating' flag after label-set update
commit 966d23a006ca7b44ac8cf4d0c96b19785e0c3da0 upstream.
The UEFI 2.7 specification sets expectations that the 'updating' flag is
eventually cleared. To date, the libnvdimm core has never adhered to
that protocol. The policy of the core matches the policy of other
multi-device info-block formats like MD-Software-RAID that expect
administrator intervention on inconsistent info-blocks, not automatic
invalidation.
However, some pre-boot environments may unfortunately attempt to "clean
up" the labels and invalidate a set when it fails to find at least one
"non-updating" label in the set. Clear the updating flag after set
updates to minimize the window of vulnerability to aggressive pre-boot
environments.
Ideally implementations would not write to the label area outside of
creating namespaces.
Note that this only minimizes the window, it does not close it as the
system can still crash while clearing the flag and the set can be
subsequently deleted / invalidated by the pre-boot environment.
Fixes:
|
||
Dan Williams
|
ec5471c92f |
mm, devm_memremap_pages: fix shutdown handling
commit a95c90f1e2c253b280385ecf3d4ebfe476926b28 upstream.
The last step before devm_memremap_pages() returns success is to allocate
a release action, devm_memremap_pages_release(), to tear the entire setup
down. However, the result from devm_add_action() is not checked.
Checking the error from devm_add_action() is not enough. The api
currently relies on the fact that the percpu_ref it is using is killed by
the time the devm_memremap_pages_release() is run. Rather than continue
this awkward situation, offload the responsibility of killing the
percpu_ref to devm_memremap_pages_release() directly. This allows
devm_memremap_pages() to do the right thing relative to init failures and
shutdown.
Without this change we could fail to register the teardown of
devm_memremap_pages(). The likelihood of hitting this failure is tiny as
small memory allocations almost always succeed. However, the impact of
the failure is large given any future reconfiguration, or disable/enable,
of an nvdimm namespace will fail forever as subsequent calls to
devm_memremap_pages() will fail to setup the pgmap_radix since there will
be stale entries for the physical address range.
An argument could be made to require that the ->kill() operation be set in
the @pgmap arg rather than passed in separately. However, it helps code
readability, tracking the lifetime of a given instance, to be able to grep
the kill routine directly at the devm_memremap_pages() call site.
Link: http://lkml.kernel.org/r/154275558526.76910.7535251937849268605.stgit@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Fixes:
|
||
Dan Williams
|
98206f3400 |
libnvdimm, pfn: Pad pfn namespaces relative to other regions
commit ae86cbfef3818300f1972e52f67a93211acb0e24 upstream. Commit |
||
Dan Williams
|
6c1400b391 |
libnvdimm, pmem: Fix badblocks population for 'raw' namespaces
commit 91ed7ac444ef749603a95629a5ec483988c4f14b upstream.
The driver is only initializing bb_res in the devm_memremap_pages()
paths, but the raw namespace case is passing an uninitialized bb_res to
nvdimm_badblocks_populate().
Fixes:
|
||
Dan Williams
|
8f696986db |
libnvdimm, region: Fail badblocks listing for inactive regions
commit 5d394eee2c102453278d81d9a7cf94c80253486a upstream.
While experimenting with region driver loading the following backtrace
was triggered:
INFO: trying to register non-static key.
the code is fine but needs lockdep annotation.
turning off the locking correctness validator.
[..]
Call Trace:
dump_stack+0x85/0xcb
register_lock_class+0x571/0x580
? __lock_acquire+0x2ba/0x1310
? kernfs_seq_start+0x2a/0x80
__lock_acquire+0xd4/0x1310
? dev_attr_show+0x1c/0x50
? __lock_acquire+0x2ba/0x1310
? kernfs_seq_start+0x2a/0x80
? lock_acquire+0x9e/0x1a0
lock_acquire+0x9e/0x1a0
? dev_attr_show+0x1c/0x50
badblocks_show+0x70/0x190
? dev_attr_show+0x1c/0x50
dev_attr_show+0x1c/0x50
This results from a missing successful call to devm_init_badblocks()
from nd_region_probe(). Block attempts to show badblocks while the
region is not enabled.
Fixes:
|
||
Alexander Duyck
|
4f1a55a4f9 |
libnvdimm: Hold reference on parent while scheduling async init
commit b6eae0f61db27748606cc00dafcfd1e2c032f0a5 upstream.
Unlike asynchronous initialization in the core we have not yet associated
the device with the parent, and as such the device doesn't hold a reference
to the parent.
In order to resolve that we should be holding a reference on the parent
until the asynchronous initialization has completed.
Cc: <stable@vger.kernel.org>
Fixes:
|
||
Linus Torvalds
|
2923b27e54 |
libnvdimm-for-4.19_dax-memory-failure
* memory_failure() gets confused by dev_pagemap backed mappings. The recovery code has specific enabling for several possible page states that needs new enabling to handle poison in dax mappings. Teach memory_failure() about ZONE_DEVICE pages. -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE5DAy15EJMCV1R6v9YGjFFmlTOEoFAlt9ui8ACgkQYGjFFmlT OEpNRw//XGj9s7sezfJFeol4psJlRUd935yii/gmJRgi/yPf2VxxQG9qyM6SMBUc 75jASfOL6FSsfxHz0kplyWzMDNdrTkNNAD+9rv80FmY7GqWgcas9DaJX7jZ994vI 5SRO7pfvNZcXlo7IhqZippDw3yxkIU9Ufi0YQKaEUm7GFieptvCZ0p9x3VYfdvwM BExrxQe0X1XUF4xErp5P78+WUbKxP47DLcucRDig8Q7dmHELUdyNzo3E1SVoc7m+ 3CmvyTj6XuFQgOZw7ZKun1BJYfx/eD5ZlRJLZbx6wJHRtTXv/Uea8mZ8mJ31ykN9 F7QVd0Pmlyxys8lcXfK+nvpL09QBE0/PhwWKjmZBoU8AdgP/ZvBXLDL/D6YuMTg6 T4wwtPNJorfV4lVD06OliFkVI4qbKbmNsfRq43Ns7PCaLueu4U/eMaSwSH99UMaZ MGbO140XW2RZsHiU9yTRUmZq73AplePEjxtzR8oHmnjo45nPDPy8mucWPlkT9kXA oUFMhgiviK7dOo19H4eaPJGqLmHM93+x5tpYxGqTr0dUOXUadKWxMsTnkID+8Yi7 /kzQWCFvySz3VhiEHGuWkW08GZT6aCcpkREDomnRh4MEnETlZI8bblcuXYOCLs6c nNf1SIMtLdlsl7U1fEX89PNeQQ2y237vEDhFQZftaalPeu/JJV0= =Ftop -----END PGP SIGNATURE----- Merge tag 'libnvdimm-for-4.19_dax-memory-failure' of gitolite.kernel.org:pub/scm/linux/kernel/git/nvdimm/nvdimm Pull libnvdimm memory-failure update from Dave Jiang: "As it stands, memory_failure() gets thoroughly confused by dev_pagemap backed mappings. The recovery code has specific enabling for several possible page states and needs new enabling to handle poison in dax mappings. In order to support reliable reverse mapping of user space addresses: 1/ Add new locking in the memory_failure() rmap path to prevent races that would typically be handled by the page lock. 2/ Since dev_pagemap pages are hidden from the page allocator and the "compound page" accounting machinery, add a mechanism to determine the size of the mapping that encompasses a given poisoned pfn. 3/ Given pmem errors can be repaired, change the speculatively accessed poison protection, mce_unmap_kpfn(), to be reversible and otherwise allow ongoing access from the kernel. A side effect of this enabling is that MADV_HWPOISON becomes usable for dax mappings, however the primary motivation is to allow the system to survive userspace consumption of hardware-poison via dax. Specifically the current behavior is: mce: Uncorrected hardware memory error in user-access at af34214200 {1}[Hardware Error]: It has been corrected by h/w and requires no further action mce: [Hardware Error]: Machine check events logged {1}[Hardware Error]: event severity: corrected Memory failure: 0xaf34214: reserved kernel page still referenced by 1 users [..] Memory failure: 0xaf34214: recovery action for reserved kernel page: Failed mce: Memory error not recovered <reboot> ...and with these changes: Injecting memory failure for pfn 0x20cb00 at process virtual address 0x7f763dd00000 Memory failure: 0x20cb00: Killing dax-pmd:5421 due to hardware memory corruption Memory failure: 0x20cb00: recovery action for dax page: Recovered Given all the cross dependencies I propose taking this through nvdimm.git with acks from Naoya, x86/core, x86/RAS, and of course dax folks" * tag 'libnvdimm-for-4.19_dax-memory-failure' of gitolite.kernel.org:pub/scm/linux/kernel/git/nvdimm/nvdimm: libnvdimm, pmem: Restore page attributes when clearing errors x86/memory_failure: Introduce {set, clear}_mce_nospec() x86/mm/pat: Prepare {reserve, free}_memtype() for "decoy" addresses mm, memory_failure: Teach memory_failure() about dev_pagemap pages filesystem-dax: Introduce dax_lock_mapping_entry() mm, memory_failure: Collect mapping size in collect_procs() mm, madvise_inject_error: Let memory_failure() optionally take a page reference mm, dev_pagemap: Do not clear ->mapping on final put mm, madvise_inject_error: Disable MADV_SOFT_OFFLINE for ZONE_DEVICE pages filesystem-dax: Set page->index device-dax: Set page->index device-dax: Enable page_mapping() device-dax: Convert to vmf_insert_mixed and vm_fault_t |
||
Linus Torvalds
|
828bf6e904 |
libnvdimm-for-4.19_misc
Collection of misc libnvdimm patches for 4.19 submission * Adding support to read locked nvdimm capacity. * Change test code to make DSM failure code injection an override. * Add support for calculate maximum contiguous area for namespace. * Add support for queueing a short ARS when there is on going ARS for nvdimm. * Allow NULL to be passed in to ->direct_access() for kaddr and pfn params. * Improve smart injection support for nvdimm emulation testing. * Fix test code that supports for emulating controller temperature. * Fix hang on error before devm_memremap_pages() * Fix a bug that causes user memory corruption when data returned to user for ars_status. * Maintainer updates for Ross Zwisler emails and adding Jan Kara to fsdax. -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE5DAy15EJMCV1R6v9YGjFFmlTOEoFAlt9uUIACgkQYGjFFmlT OErL+xAAgWHSGs8w98VtYA9kLDeTYEXutq93wJZQoBu/FMAXuuU3hYmQYnOQU87h KKYmfDkeusaih1R3IX7mzlegnnzSfQ6MraNSV76M43noJHbRTunknCPZH6ebp4fo b/eljvWlZF/idM+7YcsnoFMnHSRj2pjJGXmKQDlKedHD+KMxpmk6zEl2s5Y0zvPU 4U7UQLtk3D5IIpLNsLEmxge32BfvNf5IzoSO1aZp7Eqk0+U5Tq3Sq/Tjmd+J0RKt 6WH5yA6NqXQgBh+ayHsYU8YX62RqnbKQZXqVxD35OH64zJEUefnP1fpt9pmaZ9eL 43BPMkpM09eLAikO2ET3/3c2k6h3h9ttz1sH8t/hiroCtfmxs3XgskY06hxpKjZV EbN+BUmut5Mr+zzYitRr3dbK2aHPVU9IbU7jUw/1Tz23rq3kU5iI7SHHv1b/eWup 1Cr77Z1M6HB8VBhjnJ+R607sbRrnKQUOV7fGzAaIskyUOTWsEvIgTh/6MRiaj9MD 5HXIgc/0y9E+G93s7MsUWwzpB7J6E7EGoybST2SKPtqwtDMPsBNeWRjyA9quBCoN u1s+e+lWHYutqRW0eisDTTlq3nJwPijSx1nnzhJxw9s1EkCXz3f7KRZhyH1C79Co 7wjiuvKQ79e/HI/oXvGmTnv5lbLEpWYyJ3U3KIFfoUqugeyhr0k= =5p2n -----END PGP SIGNATURE----- Merge tag 'libnvdimm-for-4.19_misc' of gitolite.kernel.org:pub/scm/linux/kernel/git/nvdimm/nvdimm Pull libnvdimm updates from Dave Jiang: "Collection of misc libnvdimm patches for 4.19 submission: - Adding support to read locked nvdimm capacity. - Change test code to make DSM failure code injection an override. - Add support for calculate maximum contiguous area for namespace. - Add support for queueing a short ARS when there is on going ARS for nvdimm. - Allow NULL to be passed in to ->direct_access() for kaddr and pfn params. - Improve smart injection support for nvdimm emulation testing. - Fix test code that supports for emulating controller temperature. - Fix hang on error before devm_memremap_pages() - Fix a bug that causes user memory corruption when data returned to user for ars_status. - Maintainer updates for Ross Zwisler emails and adding Jan Kara to fsdax" * tag 'libnvdimm-for-4.19_misc' of gitolite.kernel.org:pub/scm/linux/kernel/git/nvdimm/nvdimm: libnvdimm: fix ars_status output length calculation device-dax: avoid hang on error before devm_memremap_pages() tools/testing/nvdimm: improve emulation of smart injection filesystem-dax: Do not request kaddr and pfn when not required md/dm-writecache: Don't request pointer dummy_addr when not required dax/super: Do not request a pointer kaddr when not required tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() libnvdimm, pmem: kaddr and pfn can be NULL to ->direct_access() acpi/nfit: queue issuing of ars when an uc error notification comes in libnvdimm: Export max available extent libnvdimm: Use max contiguous area for namespace size MAINTAINERS: Add Jan Kara for filesystem DAX MAINTAINERS: update Ross Zwisler's email address tools/testing/nvdimm: Fix support for emulating controller temperature tools/testing/nvdimm: Make DSM failure code injection an override acpi, nfit: Prefer _DSM over _LSR for namespace label reads libnvdimm: Introduce locked DIMM capacity support |
||
Dan Williams
|
c953cc987a |
libnvdimm, pmem: Restore page attributes when clearing errors
Use clear_mce_nospec() to restore WB mode for the kernel linear mapping of a pmem page that was marked 'HWPoison'. A page with 'HWPoison' set has also been marked UC in PAT (page attribute table) via set_mce_nospec() to prevent speculative retrievals of poison. The 'HWPoison' flag is only cleared when overwriting an entire page. Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Dave Jiang <dave.jiang@intel.com> |