2019-07-18 03:27:23

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 5.1 00/54] 5.1.19-stable review

This is the start of the stable review cycle for the 5.1.19 release.
There are 54 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.

Responses should be made by Sat 20 Jul 2019 02:59:27 AM UTC.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.19-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.1.y
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <[email protected]>
Linux 5.1.19-rc1

Jiri Slaby <[email protected]>
x86/entry/32: Fix ENDPROC of common_spurious

Haren Myneni <[email protected]>
crypto/NX: Set receive window credits to max number of CRBs in RxFIFO

Christophe Leroy <[email protected]>
crypto: talitos - fix hash on SEC1.

Christophe Leroy <[email protected]>
crypto: talitos - move struct talitos_edesc into talitos.h

Julian Wiedmann <[email protected]>
s390/qdio: don't touch the dsci in tiqdio_add_input_queues()

Julian Wiedmann <[email protected]>
s390/qdio: (re-)initialize tiqdio list entries

Heiko Carstens <[email protected]>
s390: fix stfle zero padding

Arnd Bergmann <[email protected]>
ARC: hide unused function unw_hdr_alloc

Thomas Gleixner <[email protected]>
x86/irq: Seperate unused system vectors from spurious entry again

Thomas Gleixner <[email protected]>
x86/irq: Handle spurious interrupt after shutdown gracefully

Thomas Gleixner <[email protected]>
x86/ioapic: Implement irq_get_irqchip_state() callback

Thomas Gleixner <[email protected]>
genirq: Add optional hardware synchronization for shutdown

Thomas Gleixner <[email protected]>
genirq: Fix misleading synchronize_irq() documentation

Thomas Gleixner <[email protected]>
genirq: Delay deactivation in free_irq()

Vinod Koul <[email protected]>
linux/kernel.h: fix overflow for DIV_ROUND_UP_ULL

Andrea Arcangeli <[email protected]>
fork,memcg: alloc_thread_stack_node needs to set tsk->stack

Yafang Shao <[email protected]>
mm/oom_kill.c: fix uninitialized oc->constraint

Nicolas Boichat <[email protected]>
pinctrl: mediatek: Update cur_mask in mask/mask ops

Eiichi Tsukata <[email protected]>
cpu/hotplug: Fix out-of-bounds read when setting fail state

Nicolas Boichat <[email protected]>
pinctrl: mediatek: Ignore interrupts that are wake only during resume

Kai-Heng Feng <[email protected]>
HID: multitouch: Add pointstick support for ALPS Touchpad

Kyle Godbey <[email protected]>
HID: uclogic: Add support for Huion HS64 tablet

Oleksandr Natalenko <[email protected]>
HID: chicony: add another quirk for PixArt mouse

Kirill A. Shutemov <[email protected]>
x86/boot/64: Add missing fixup_pointer() for next_early_pgt access

Kirill A. Shutemov <[email protected]>
x86/boot/64: Fix crash if kernel image crosses page table boundary

Milan Broz <[email protected]>
dm verity: use message limit for data block corruption message

Jerome Marchand <[email protected]>
dm table: don't copy from a NULL pointer in realloc_argv()

Alexandre Belloni <[email protected]>
pinctrl: ocelot: fix pinmuxing for pins after 31

Alexandre Belloni <[email protected]>
pinctrl: ocelot: fix gpio direction for pins after 31

Phil Reid <[email protected]>
pinctrl: mcp23s08: Fix add_data and irqchip_add_nested call order

Sébastien Szymanski <[email protected]>
ARM: dts: imx6ul: fix PWM[1-4] interrupts

Sergej Benilov <[email protected]>
sis900: fix TX completion

Takashi Iwai <[email protected]>
ppp: mppe: Add softdep to arc4

Petr Oros <[email protected]>
be2net: fix link failure after ethtool offline test

Colin Ian King <[email protected]>
x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz

Qian Cai <[email protected]>
x86/efi: fix a -Wtype-limits compilation warning

David Howells <[email protected]>
afs: Fix uninitialised spinlock afs_volume::cb_break_lock

Arnd Bergmann <[email protected]>
ARM: omap2: remove incorrect __init annotation

Linus Walleij <[email protected]>
ARM: dts: gemini Fix up DNS-313 compatible string

Peter Zijlstra <[email protected]>
perf/core: Fix perf_sample_regs_user() mm check

Michael Ellerman <[email protected]>
selftests/powerpc: Add test of fork with mapping above 512TB

Ran Wang <[email protected]>
arm64: dts: ls1028a: Fix CPU idle fail.

Hans de Goede <[email protected]>
efi/bgrt: Drop BGRT status field reserved bits check

Tony Lindgren <[email protected]>
clk: ti: clkctrl: Fix returning uninitialized data

Heyi Guo <[email protected]>
irqchip/gic-v3-its: Fix command queue pointer comparison bug

Guo Ren <[email protected]>
irqchip/irq-csky-mpintc: Support auto irq deliver to all cpus

Martin Blumenstingl <[email protected]>
ARM: dts: meson8b: fix the operating voltage of the Mali GPU

Martin Blumenstingl <[email protected]>
ARM: dts: meson8: fix GPU interrupts and drop an undocumented property

Sven Van Asbroeck <[email protected]>
firmware: improve LSM/IMA security behaviour

James Morse <[email protected]>
drivers: base: cacheinfo: Ensure cpu hotplug work is done before Intel RDT

Masahiro Yamada <[email protected]>
nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header

Cole Rogers <[email protected]>
Input: synaptics - enable SMBUS on T480 thinkpad trackpad

Konstantin Khlebnikov <[email protected]>
e1000e: start network tx queue only when link is up

Konstantin Khlebnikov <[email protected]>
Revert "e1000e: fix cyclic resets at link up with active tx"


-------------

Diffstat:

Makefile | 4 +-
arch/arc/kernel/unwind.c | 9 +-
arch/arm/boot/dts/gemini-dlink-dns-313.dts | 2 +-
arch/arm/boot/dts/imx6ul.dtsi | 8 +-
arch/arm/boot/dts/meson8.dtsi | 5 +-
arch/arm/boot/dts/meson8b.dtsi | 10 +--
arch/arm/mach-omap2/prm3xxx.c | 2 +-
arch/arm64/boot/dts/freescale/fsl-ls1028a.dtsi | 18 ++--
arch/s390/include/asm/facility.h | 21 +++--
arch/x86/entry/entry_32.S | 24 ++++++
arch/x86/entry/entry_64.S | 30 ++++++-
arch/x86/include/asm/hw_irq.h | 5 +-
arch/x86/kernel/apic/apic.c | 36 +++++---
arch/x86/kernel/apic/io_apic.c | 46 ++++++++++
arch/x86/kernel/apic/vector.c | 4 +-
arch/x86/kernel/head64.c | 20 +++--
arch/x86/kernel/idt.c | 3 +-
arch/x86/kernel/irq.c | 2 +-
arch/x86/platform/efi/quirks.c | 2 +-
drivers/base/cacheinfo.c | 3 +-
drivers/base/firmware_loader/fallback.c | 2 +-
drivers/clk/ti/clkctrl.c | 7 +-
drivers/crypto/nx/nx-842-powernv.c | 8 +-
drivers/crypto/talitos.c | 99 +++++++++-------------
drivers/crypto/talitos.h | 30 +++++++
drivers/firmware/efi/efi-bgrt.c | 5 --
drivers/hid/hid-ids.h | 3 +
drivers/hid/hid-multitouch.c | 4 +
drivers/hid/hid-quirks.c | 1 +
drivers/hid/hid-uclogic-core.c | 2 +
drivers/hid/hid-uclogic-params.c | 2 +
drivers/input/mouse/synaptics.c | 1 +
drivers/irqchip/irq-csky-mpintc.c | 15 +++-
drivers/irqchip/irq-gic-v3-its.c | 35 +++++---
drivers/md/dm-table.c | 2 +-
drivers/md/dm-verity-target.c | 4 +-
drivers/net/ethernet/emulex/benet/be_ethtool.c | 28 ++++--
drivers/net/ethernet/intel/e1000e/netdev.c | 21 +++--
drivers/net/ethernet/sis/sis900.c | 16 ++--
drivers/net/ppp/ppp_mppe.c | 1 +
drivers/pinctrl/mediatek/mtk-eint.c | 34 ++++----
drivers/pinctrl/pinctrl-mcp23s08.c | 8 +-
drivers/pinctrl/pinctrl-ocelot.c | 18 ++--
drivers/s390/cio/qdio_setup.c | 2 +
drivers/s390/cio/qdio_thinint.c | 5 +-
fs/afs/callback.c | 4 +-
fs/afs/internal.h | 2 +-
fs/afs/volume.c | 1 +
include/linux/cpuhotplug.h | 1 +
include/linux/kernel.h | 3 +-
include/uapi/linux/nilfs2_ondisk.h | 24 +++---
kernel/cpu.c | 3 +
kernel/events/core.c | 2 +-
kernel/fork.c | 6 +-
kernel/irq/autoprobe.c | 6 +-
kernel/irq/chip.c | 6 ++
kernel/irq/cpuhotplug.c | 2 +-
kernel/irq/internals.h | 5 ++
kernel/irq/manage.c | 90 +++++++++++++++-----
mm/oom_kill.c | 12 ++-
tools/testing/selftests/powerpc/mm/.gitignore | 3 +-
tools/testing/selftests/powerpc/mm/Makefile | 4 +-
.../powerpc/mm/large_vm_fork_separation.c | 87 +++++++++++++++++++
63 files changed, 610 insertions(+), 258 deletions(-)



2019-07-18 03:27:25

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 5.1 47/54] ARC: hide unused function unw_hdr_alloc

From: Arnd Bergmann <[email protected]>

commit fd5de2721ea7d16e2b16c4049ac49f229551b290 upstream.

As kernelci.org reports, this function is not used in
vdk_hs38_defconfig:

arch/arc/kernel/unwind.c:188:14: warning: 'unw_hdr_alloc' defined but not used [-Wunused-function]

Fixes: bc79c9a72165 ("ARC: dw2 unwind: Reinstante unwinding out of modules")
Link: https://kernelci.org/build/id/5d1cae3f59b514300340c132/logs/
Cc: [email protected]
Signed-off-by: Arnd Bergmann <[email protected]>
Signed-off-by: Vineet Gupta <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
arch/arc/kernel/unwind.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)

--- a/arch/arc/kernel/unwind.c
+++ b/arch/arc/kernel/unwind.c
@@ -184,11 +184,6 @@ static void *__init unw_hdr_alloc_early(
return memblock_alloc_from(sz, sizeof(unsigned int), MAX_DMA_ADDRESS);
}

-static void *unw_hdr_alloc(unsigned long sz)
-{
- return kmalloc(sz, GFP_KERNEL);
-}
-
static void init_unwind_table(struct unwind_table *table, const char *name,
const void *core_start, unsigned long core_size,
const void *init_start, unsigned long init_size,
@@ -369,6 +364,10 @@ ret_err:
}

#ifdef CONFIG_MODULES
+static void *unw_hdr_alloc(unsigned long sz)
+{
+ return kmalloc(sz, GFP_KERNEL);
+}

static struct unwind_table *last_table;



2019-07-18 03:27:36

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 5.1 51/54] crypto: talitos - move struct talitos_edesc into talitos.h

From: Christophe Leroy <[email protected]>

commit d44769e4ccb636e8238adbc151f25467a536711b upstream.

Moves struct talitos_edesc into talitos.h so that it can be used
from any place in talitos.c

It will be required for next patch ("crypto: talitos - fix hash
on SEC1")

Signed-off-by: Christophe Leroy <[email protected]>
Cc: [email protected]
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/crypto/talitos.c | 30 ------------------------------
drivers/crypto/talitos.h | 30 ++++++++++++++++++++++++++++++
2 files changed, 30 insertions(+), 30 deletions(-)

--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -913,36 +913,6 @@ badkey:
return -EINVAL;
}

-/*
- * talitos_edesc - s/w-extended descriptor
- * @src_nents: number of segments in input scatterlist
- * @dst_nents: number of segments in output scatterlist
- * @icv_ool: whether ICV is out-of-line
- * @iv_dma: dma address of iv for checking continuity and link table
- * @dma_len: length of dma mapped link_tbl space
- * @dma_link_tbl: bus physical address of link_tbl/buf
- * @desc: h/w descriptor
- * @link_tbl: input and output h/w link tables (if {src,dst}_nents > 1) (SEC2)
- * @buf: input and output buffeur (if {src,dst}_nents > 1) (SEC1)
- *
- * if decrypting (with authcheck), or either one of src_nents or dst_nents
- * is greater than 1, an integrity check value is concatenated to the end
- * of link_tbl data
- */
-struct talitos_edesc {
- int src_nents;
- int dst_nents;
- bool icv_ool;
- dma_addr_t iv_dma;
- int dma_len;
- dma_addr_t dma_link_tbl;
- struct talitos_desc desc;
- union {
- struct talitos_ptr link_tbl[0];
- u8 buf[0];
- };
-};
-
static void talitos_sg_unmap(struct device *dev,
struct talitos_edesc *edesc,
struct scatterlist *src,
--- a/drivers/crypto/talitos.h
+++ b/drivers/crypto/talitos.h
@@ -65,6 +65,36 @@ struct talitos_desc {

#define TALITOS_DESC_SIZE (sizeof(struct talitos_desc) - sizeof(__be32))

+/*
+ * talitos_edesc - s/w-extended descriptor
+ * @src_nents: number of segments in input scatterlist
+ * @dst_nents: number of segments in output scatterlist
+ * @icv_ool: whether ICV is out-of-line
+ * @iv_dma: dma address of iv for checking continuity and link table
+ * @dma_len: length of dma mapped link_tbl space
+ * @dma_link_tbl: bus physical address of link_tbl/buf
+ * @desc: h/w descriptor
+ * @link_tbl: input and output h/w link tables (if {src,dst}_nents > 1) (SEC2)
+ * @buf: input and output buffeur (if {src,dst}_nents > 1) (SEC1)
+ *
+ * if decrypting (with authcheck), or either one of src_nents or dst_nents
+ * is greater than 1, an integrity check value is concatenated to the end
+ * of link_tbl data
+ */
+struct talitos_edesc {
+ int src_nents;
+ int dst_nents;
+ bool icv_ool;
+ dma_addr_t iv_dma;
+ int dma_len;
+ dma_addr_t dma_link_tbl;
+ struct talitos_desc desc;
+ union {
+ struct talitos_ptr link_tbl[0];
+ u8 buf[0];
+ };
+};
+
/**
* talitos_request - descriptor submission request
* @desc: descriptor pointer (kernel virtual)


2019-07-18 03:27:39

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 5.1 20/54] x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz

[ Upstream commit ea136a112d89bade596314a1ae49f748902f4727 ]

The left shift of unsigned int cpu_khz will overflow for large values of
cpu_khz, so cast it to a long long before shifting it to avoid overvlow.
For example, this can happen when cpu_khz is 4194305, i.e. ~4.2 GHz.

Addresses-Coverity: ("Unintentional integer overflow")
Fixes: 8c3ba8d04924 ("x86, apic: ack all pending irqs when crashed/on kexec")
Signed-off-by: Colin Ian King <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: "H . Peter Anvin" <[email protected]>
Cc: [email protected]
Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Sasha Levin <[email protected]>
---
arch/x86/kernel/apic/apic.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index b7bcdd781651..ec6225cb94f9 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -1458,7 +1458,8 @@ static void apic_pending_intr_clear(void)
if (queued) {
if (boot_cpu_has(X86_FEATURE_TSC) && cpu_khz) {
ntsc = rdtsc();
- max_loops = (cpu_khz << 10) - (ntsc - tsc);
+ max_loops = (long long)cpu_khz << 10;
+ max_loops -= ntsc - tsc;
} else {
max_loops--;
}
--
2.20.1



2019-07-18 03:28:11

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 5.1 36/54] cpu/hotplug: Fix out-of-bounds read when setting fail state

[ Upstream commit 33d4a5a7a5b4d02915d765064b2319e90a11cbde ]

Setting invalid value to /sys/devices/system/cpu/cpuX/hotplug/fail
can control `struct cpuhp_step *sp` address, results in the following
global-out-of-bounds read.

Reproducer:

# echo -2 > /sys/devices/system/cpu/cpu0/hotplug/fail

KASAN report:

BUG: KASAN: global-out-of-bounds in write_cpuhp_fail+0x2cd/0x2e0
Read of size 8 at addr ffffffff89734438 by task bash/1941

CPU: 0 PID: 1941 Comm: bash Not tainted 5.2.0-rc6+ #31
Call Trace:
write_cpuhp_fail+0x2cd/0x2e0
dev_attr_store+0x58/0x80
sysfs_kf_write+0x13d/0x1a0
kernfs_fop_write+0x2bc/0x460
vfs_write+0x1e1/0x560
ksys_write+0x126/0x250
do_syscall_64+0xc1/0x390
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f05e4f4c970

The buggy address belongs to the variable:
cpu_hotplug_lock+0x98/0xa0

Memory state around the buggy address:
ffffffff89734300: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
ffffffff89734380: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffff89734400: 00 00 00 00 fa fa fa fa 00 00 00 00 fa fa fa fa
^
ffffffff89734480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffff89734500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Add a sanity check for the value written from user space.

Fixes: 1db49484f21ed ("smp/hotplug: Hotplug state fail injection")
Signed-off-by: Eiichi Tsukata <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Cc: [email protected]
Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Sasha Levin <[email protected]>
---
kernel/cpu.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/kernel/cpu.c b/kernel/cpu.c
index 6170034f4118..e97e7224ab47 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -1954,6 +1954,9 @@ static ssize_t write_cpuhp_fail(struct device *dev,
if (ret)
return ret;

+ if (fail < CPUHP_OFFLINE || fail > CPUHP_ONLINE)
+ return -EINVAL;
+
/*
* Cannot fail STARTING/DYING callbacks.
*/
--
2.20.1



2019-07-18 03:28:16

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 5.1 30/54] x86/boot/64: Fix crash if kernel image crosses page table boundary

[ Upstream commit 81c7ed296dcd02bc0b4488246d040e03e633737a ]

A kernel which boots in 5-level paging mode crashes in a small percentage
of cases if KASLR is enabled.

This issue was tracked down to the case when the kernel image unpacks in a
way that it crosses an 1G boundary. The crash is caused by an overrun of
the PMD page table in __startup_64() and corruption of P4D page table
allocated next to it. This particular issue is not visible with 4-level
paging as P4D page tables are not used.

But the P4D and the PUD calculation have similar problems.

The PMD index calculation is wrong due to operator precedence, which fails
to confine the PMDs in the PMD array on wrap around.

The P4D calculation for 5-level paging and the PUD calculation calculate
the first index correctly, but then blindly increment it which causes the
same issue when a kernel image is located across a 512G and for 5-level
paging across a 46T boundary.

This wrap around mishandling was introduced when these parts moved from
assembly to C.

Restore it to the correct behaviour.

Fixes: c88d71508e36 ("x86/boot/64: Rewrite startup_64() in C")
Signed-off-by: Kirill A. Shutemov <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: "H. Peter Anvin" <[email protected]>
Cc: Dave Hansen <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Sasha Levin <[email protected]>
---
arch/x86/kernel/head64.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 16b1cbd3a61e..7df5bce4e1be 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -190,18 +190,18 @@ unsigned long __head __startup_64(unsigned long physaddr,
pgd[i + 0] = (pgdval_t)p4d + pgtable_flags;
pgd[i + 1] = (pgdval_t)p4d + pgtable_flags;

- i = (physaddr >> P4D_SHIFT) % PTRS_PER_P4D;
- p4d[i + 0] = (pgdval_t)pud + pgtable_flags;
- p4d[i + 1] = (pgdval_t)pud + pgtable_flags;
+ i = physaddr >> P4D_SHIFT;
+ p4d[(i + 0) % PTRS_PER_P4D] = (pgdval_t)pud + pgtable_flags;
+ p4d[(i + 1) % PTRS_PER_P4D] = (pgdval_t)pud + pgtable_flags;
} else {
i = (physaddr >> PGDIR_SHIFT) % PTRS_PER_PGD;
pgd[i + 0] = (pgdval_t)pud + pgtable_flags;
pgd[i + 1] = (pgdval_t)pud + pgtable_flags;
}

- i = (physaddr >> PUD_SHIFT) % PTRS_PER_PUD;
- pud[i + 0] = (pudval_t)pmd + pgtable_flags;
- pud[i + 1] = (pudval_t)pmd + pgtable_flags;
+ i = physaddr >> PUD_SHIFT;
+ pud[(i + 0) % PTRS_PER_PUD] = (pudval_t)pmd + pgtable_flags;
+ pud[(i + 1) % PTRS_PER_PUD] = (pudval_t)pmd + pgtable_flags;

pmd_entry = __PAGE_KERNEL_LARGE_EXEC & ~_PAGE_GLOBAL;
/* Filter out unsupported __PAGE_KERNEL_* bits: */
@@ -211,8 +211,9 @@ unsigned long __head __startup_64(unsigned long physaddr,
pmd_entry += physaddr;

for (i = 0; i < DIV_ROUND_UP(_end - _text, PMD_SIZE); i++) {
- int idx = i + (physaddr >> PMD_SHIFT) % PTRS_PER_PMD;
- pmd[idx] = pmd_entry + i * PMD_SIZE;
+ int idx = i + (physaddr >> PMD_SHIFT);
+
+ pmd[idx % PTRS_PER_PMD] = pmd_entry + i * PMD_SIZE;
}

/*
--
2.20.1



2019-07-18 03:28:31

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 5.1 14/54] selftests/powerpc: Add test of fork with mapping above 512TB

[ Upstream commit 16391bfc862342f285195013b73c1394fab28b97 ]

This tests that when a process with a mapping above 512TB forks we
correctly separate the parent and child address spaces. This exercises
the bug in the context id handling fixed in the previous commit.

Signed-off-by: Michael Ellerman <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
tools/testing/selftests/powerpc/mm/.gitignore | 3 +-
tools/testing/selftests/powerpc/mm/Makefile | 4 +-
.../powerpc/mm/large_vm_fork_separation.c | 87 +++++++++++++++++++
3 files changed, 92 insertions(+), 2 deletions(-)
create mode 100644 tools/testing/selftests/powerpc/mm/large_vm_fork_separation.c

diff --git a/tools/testing/selftests/powerpc/mm/.gitignore b/tools/testing/selftests/powerpc/mm/.gitignore
index ba919308fe30..d503b8764a8e 100644
--- a/tools/testing/selftests/powerpc/mm/.gitignore
+++ b/tools/testing/selftests/powerpc/mm/.gitignore
@@ -3,4 +3,5 @@ subpage_prot
tempfile
prot_sao
segv_errors
-wild_bctr
\ No newline at end of file
+wild_bctr
+large_vm_fork_separation
\ No newline at end of file
diff --git a/tools/testing/selftests/powerpc/mm/Makefile b/tools/testing/selftests/powerpc/mm/Makefile
index 43d68420e363..f1fbc15800c4 100644
--- a/tools/testing/selftests/powerpc/mm/Makefile
+++ b/tools/testing/selftests/powerpc/mm/Makefile
@@ -2,7 +2,8 @@
noarg:
$(MAKE) -C ../

-TEST_GEN_PROGS := hugetlb_vs_thp_test subpage_prot prot_sao segv_errors wild_bctr
+TEST_GEN_PROGS := hugetlb_vs_thp_test subpage_prot prot_sao segv_errors wild_bctr \
+ large_vm_fork_separation
TEST_GEN_FILES := tempfile

top_srcdir = ../../../../..
@@ -13,6 +14,7 @@ $(TEST_GEN_PROGS): ../harness.c
$(OUTPUT)/prot_sao: ../utils.c

$(OUTPUT)/wild_bctr: CFLAGS += -m64
+$(OUTPUT)/large_vm_fork_separation: CFLAGS += -m64

$(OUTPUT)/tempfile:
dd if=/dev/zero of=$@ bs=64k count=1
diff --git a/tools/testing/selftests/powerpc/mm/large_vm_fork_separation.c b/tools/testing/selftests/powerpc/mm/large_vm_fork_separation.c
new file mode 100644
index 000000000000..2363a7f3ab0d
--- /dev/null
+++ b/tools/testing/selftests/powerpc/mm/large_vm_fork_separation.c
@@ -0,0 +1,87 @@
+// SPDX-License-Identifier: GPL-2.0+
+//
+// Copyright 2019, Michael Ellerman, IBM Corp.
+//
+// Test that allocating memory beyond the memory limit and then forking is
+// handled correctly, ie. the child is able to access the mappings beyond the
+// memory limit and the child's writes are not visible to the parent.
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#include "utils.h"
+
+
+#ifndef MAP_FIXED_NOREPLACE
+#define MAP_FIXED_NOREPLACE MAP_FIXED // "Should be safe" above 512TB
+#endif
+
+
+static int test(void)
+{
+ int p2c[2], c2p[2], rc, status, c, *p;
+ unsigned long page_size;
+ pid_t pid;
+
+ page_size = sysconf(_SC_PAGESIZE);
+ SKIP_IF(page_size != 65536);
+
+ // Create a mapping at 512TB to allocate an extended_id
+ p = mmap((void *)(512ul << 40), page_size, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED_NOREPLACE, -1, 0);
+ if (p == MAP_FAILED) {
+ perror("mmap");
+ printf("Error: couldn't mmap(), confirm kernel has 4TB support?\n");
+ return 1;
+ }
+
+ printf("parent writing %p = 1\n", p);
+ *p = 1;
+
+ FAIL_IF(pipe(p2c) == -1 || pipe(c2p) == -1);
+
+ pid = fork();
+ if (pid == 0) {
+ FAIL_IF(read(p2c[0], &c, 1) != 1);
+
+ pid = getpid();
+ printf("child writing %p = %d\n", p, pid);
+ *p = pid;
+
+ FAIL_IF(write(c2p[1], &c, 1) != 1);
+ FAIL_IF(read(p2c[0], &c, 1) != 1);
+ exit(0);
+ }
+
+ c = 0;
+ FAIL_IF(write(p2c[1], &c, 1) != 1);
+ FAIL_IF(read(c2p[0], &c, 1) != 1);
+
+ // Prevent compiler optimisation
+ barrier();
+
+ rc = 0;
+ printf("parent reading %p = %d\n", p, *p);
+ if (*p != 1) {
+ printf("Error: BUG! parent saw child's write! *p = %d\n", *p);
+ rc = 1;
+ }
+
+ FAIL_IF(write(p2c[1], &c, 1) != 1);
+ FAIL_IF(waitpid(pid, &status, 0) == -1);
+ FAIL_IF(!WIFEXITED(status) || WEXITSTATUS(status));
+
+ if (rc == 0)
+ printf("success: test completed OK\n");
+
+ return rc;
+}
+
+int main(void)
+{
+ return test_harness(test, "large_vm_fork_separation");
+}
--
2.20.1



2019-07-18 03:28:41

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 5.1 01/54] Revert "e1000e: fix cyclic resets at link up with active tx"

From: Konstantin Khlebnikov <[email protected]>

commit caff422ea81e144842bc44bab408d85ac449377b upstream.

This reverts commit 0f9e980bf5ee1a97e2e401c846b2af989eb21c61.

That change cased false-positive warning about hardware hang:

e1000e: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
e1000e 0000:00:1f.6 eth0: Detected Hardware Unit Hang:
TDH <0>
TDT <1>
next_to_use <1>
next_to_clean <0>
buffer_info[next_to_clean]:
time_stamp <fffba7a7>
next_to_watch <0>
jiffies <fffbb140>
next_to_watch.status <0>
MAC Status <40080080>
PHY Status <7949>
PHY 1000BASE-T Status <0>
PHY Extended Status <3000>
PCI Status <10>
e1000e: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx

Besides warning everything works fine.
Original issue will be fixed property in following patch.

Signed-off-by: Konstantin Khlebnikov <[email protected]>
Reported-by: Joseph Yasi <[email protected]>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=203175
Tested-by: Joseph Yasi <[email protected]>
Tested-by: Aaron Brown <[email protected]>
Tested-by: Oleksandr Natalenko <[email protected]>
Signed-off-by: Jeff Kirsher <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/net/ethernet/intel/e1000e/netdev.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)

--- a/drivers/net/ethernet/intel/e1000e/netdev.c
+++ b/drivers/net/ethernet/intel/e1000e/netdev.c
@@ -5309,13 +5309,8 @@ static void e1000_watchdog_task(struct w
/* 8000ES2LAN requires a Rx packet buffer work-around
* on link down event; reset the controller to flush
* the Rx packet buffer.
- *
- * If the link is lost the controller stops DMA, but
- * if there is queued Tx work it cannot be done. So
- * reset the controller to flush the Tx packet buffers.
*/
- if ((adapter->flags & FLAG_RX_NEEDS_RESTART) ||
- e1000_desc_unused(tx_ring) + 1 < tx_ring->count)
+ if (adapter->flags & FLAG_RX_NEEDS_RESTART)
adapter->flags |= FLAG_RESTART_NOW;
else
pm_schedule_suspend(netdev->dev.parent,
@@ -5338,6 +5333,14 @@ link_up:
adapter->gotc_old = adapter->stats.gotc;
spin_unlock(&adapter->stats64_lock);

+ /* If the link is lost the controller stops DMA, but
+ * if there is queued Tx work it cannot be done. So
+ * reset the controller to flush the Tx packet buffers.
+ */
+ if (!netif_carrier_ok(netdev) &&
+ (e1000_desc_unused(tx_ring) + 1 < tx_ring->count))
+ adapter->flags |= FLAG_RESTART_NOW;
+
/* If reset is necessary, do it outside of interrupt context. */
if (adapter->flags & FLAG_RESTART_NOW) {
schedule_work(&adapter->reset_task);


2019-07-18 08:14:16

by kernelci.org bot

[permalink] [raw]
Subject: Re: [PATCH 5.1 00/54] 5.1.19-stable review

stable-rc/linux-5.1.y boot: 135 boots: 1 failed, 133 passed with 1 offline (v5.1.18-54-ga80425902cdb)

Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-5.1.y/kernel/v5.1.18-54-ga80425902cdb/
Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-5.1.y/kernel/v5.1.18-54-ga80425902cdb/

Tree: stable-rc
Branch: linux-5.1.y
Git Describe: v5.1.18-54-ga80425902cdb
Git Commit: a80425902cdbd5ab05f9f9af4e992fee397a1d47
Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
Tested: 77 unique boards, 27 SoC families, 17 builds out of 209

Boot Failure Detected:

arm:
multi_v7_defconfig:
gcc-8:
bcm4708-smartrg-sr400ac: 1 failed lab

Offline Platforms:

arm64:

defconfig:
gcc-8
meson-gxbb-odroidc2: 1 offline lab

---
For more info write to <[email protected]>

2019-07-18 09:22:20

by Jon Hunter

[permalink] [raw]
Subject: Re: [PATCH 5.1 00/54] 5.1.19-stable review


On 18/07/2019 04:00, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.1.19 release.
> There are 54 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 20 Jul 2019 02:59:27 AM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.19-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h

All tests are passing for Tegra ...

Test results for stable-v5.1:
12 builds: 12 pass, 0 fail
22 boots: 22 pass, 0 fail
32 tests: 32 pass, 0 fail

Linux version: 5.1.19-rc1-gf7d61f5b654e
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra20-ventana,
tegra210-p2371-2180, tegra30-cardhu-a04

Cheers
Jon

--
nvpublic

2019-07-18 15:27:25

by Naresh Kamboju

[permalink] [raw]
Subject: Re: [PATCH 5.1 00/54] 5.1.19-stable review

On Thu, 18 Jul 2019 at 08:34, Greg Kroah-Hartman
<[email protected]> wrote:
>
> This is the start of the stable review cycle for the 5.1.19 release.
> There are 54 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 20 Jul 2019 02:59:27 AM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.19-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h

Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.

Summary
------------------------------------------------------------------------

kernel: 5.1.19-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-5.1.y
git commit: f7d61f5b654edb3890d2a2a2c0a9769ba92acd6f
git describe: v5.1.18-55-gf7d61f5b654e
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-5.1-oe/build/v5.1.18-55-gf7d61f5b654e

No regressions (compared to build v5.1.18)

No fixes (compared to build v5.1.18)

Ran 17581 total tests in the following environments and test suites.

Environments
--------------
- dragonboard-410c
- hi6220-hikey
- i386
- juno-r2
- qemu_arm
- qemu_arm64
- qemu_i386
- qemu_x86_64
- x15
- x86

Test Suites
-----------
* build
* install-android-platform-tools-r2600
* kselftest
* libgpiod
* libhugetlbfs
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-cpuhotplug-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* ltp-timers-tests
* network-basic-tests
* perf
* spectre-meltdown-checker-test
* v4l2-compliance
* kvm-unit-tests
* ltp-open-posix-tests


--
Linaro LKFT
https://lkft.linaro.org

2019-07-18 19:49:20

by Guenter Roeck

[permalink] [raw]
Subject: Re: [PATCH 5.1 00/54] 5.1.19-stable review

On Thu, Jul 18, 2019 at 12:00:55PM +0900, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.1.19 release.
> There are 54 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 20 Jul 2019 02:59:27 AM UTC.
> Anything received after that time might be too late.
>

Build results:
total: 159 pass: 159 fail: 0
Qemu test results:
total: 364 pass: 364 fail: 0

Guenter

2019-07-18 20:37:52

by Jiunn Chang

[permalink] [raw]
Subject: Re: [PATCH 5.1 00/54] 5.1.19-stable review

On Thu, Jul 18, 2019 at 12:00:55PM +0900, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.1.19 release.
> There are 54 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 20 Jul 2019 02:59:27 AM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.19-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
> -------------

Hello,

Compiled and booted. No regressions on x86_64.

THX,

Jiunn

2019-07-18 21:01:17

by Kelsey

[permalink] [raw]
Subject: Re: [PATCH 5.1 00/54] 5.1.19-stable review

On Thu, Jul 18, 2019 at 12:00:55PM +0900, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.1.19 release.
> There are 54 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat 20 Jul 2019 02:59:27 AM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.19-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>

Compiled and booted with no regressions on my system.

-Kelsey

2019-07-19 04:44:04

by Bharath Vedartham

[permalink] [raw]
Subject: Re: [PATCH 5.1 00/54] 5.1.19-stable review

Built and booted on my x86 machine. No dmesg regressions found.

Thank you
Bharath