1. 29 Oct, 2019 2 commits
    • Al Viro's avatar
      ceph: fix RCU case handling in ceph_d_revalidate() · aa8dd816
      Al Viro authored
      For RCU case ->d_revalidate() is called with rcu_read_lock() and
      without pinning the dentry passed to it.  Which means that it
      can't rely upon ->d_inode remaining stable; that's the reason
      for d_inode_rcu(), actually.
      
      Make sure we don't reload ->d_inode there.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarJeff Layton <jlayton@kernel.org>
      Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
      aa8dd816
    • Luis Henriques's avatar
      ceph: fix use-after-free in __ceph_remove_cap() · ea60ed6f
      Luis Henriques authored
      KASAN reports a use-after-free when running xfstest generic/531, with the
      following trace:
      
      [  293.903362]  kasan_report+0xe/0x20
      [  293.903365]  rb_erase+0x1f/0x790
      [  293.903370]  __ceph_remove_cap+0x201/0x370
      [  293.903375]  __ceph_remove_caps+0x4b/0x70
      [  293.903380]  ceph_evict_inode+0x4e/0x360
      [  293.903386]  evict+0x169/0x290
      [  293.903390]  __dentry_kill+0x16f/0x250
      [  293.903394]  dput+0x1c6/0x440
      [  293.903398]  __fput+0x184/0x330
      [  293.903404]  task_work_run+0xb9/0xe0
      [  293.903410]  exit_to_usermode_loop+0xd3/0xe0
      [  293.903413]  do_syscall_64+0x1a0/0x1c0
      [  293.903417]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      This happens because __ceph_remove_cap() may queue a cap release
      (__ceph_queue_cap_release) which can be scheduled before that cap is
      removed from the inode list with
      
      	rb_erase(&cap->ci_node, &ci->i_caps);
      
      And, when this finally happens, the use-after-free will occur.
      
      This can be fixed by removing the cap from the inode list before being
      removed from the session list, and thus eliminating the risk of an UAF.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarLuis Henriques <lhenriques@suse.com>
      Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
      Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
      ea60ed6f
  2. 27 Oct, 2019 7 commits
    • Linus Torvalds's avatar
      Linux 5.4-rc5 · d6d5df1d
      Linus Torvalds authored
      d6d5df1d
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 153a971f
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
       "Two fixes for the VMWare guest support:
      
         - Unbreak VMWare platform detection which got wreckaged by converting
           an integer constant to a string constant.
      
         - Fix the clang build of the VMWAre hypercall by explicitely
           specifying the ouput register for INL instead of using the short
           form"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/cpu/vmware: Fix platform detection VMWARE_PORT macro
        x86/cpu/vmware: Use the full form of INL in VMWARE_HYPERCALL, for clang/llvm
      153a971f
    • Linus Torvalds's avatar
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 2b776b54
      Linus Torvalds authored
      Pull timer fixes from Thomas Gleixner:
       "A small set of fixes for time(keeping):
      
         - Add a missing include to prevent compiler warnings.
      
         - Make the VDSO implementation of clock_getres() POSIX compliant
           again. A recent change dropped the NULL pointer guard which is
           required as NULL is a valid pointer value for this function.
      
         - Fix two function documentation typos"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        posix-cpu-timers: Fix two trivial comments
        timers/sched_clock: Include local timekeeping.h for missing declarations
        lib/vdso: Make clock_getres() POSIX compliant again
      2b776b54
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · a8a31fdc
      Linus Torvalds authored
      Pull perf fixes from Thomas Gleixner:
       "A set of perf fixes:
      
        kernel:
      
         - Unbreak the tracking of auxiliary buffer allocations which got
           imbalanced causing recource limit failures.
      
         - Fix the fallout of splitting of ToPA entries which missed to shift
           the base entry PA correctly.
      
         - Use the correct context to lookup the AUX event when unmapping the
           associated AUX buffer so the event can be stopped and the buffer
           reference dropped.
      
        tools:
      
         - Fix buildiid-cache mode setting in copyfile_mode_ns() when copying
           /proc/kcore
      
         - Fix freeing id arrays in the event list so the correct event is
           closed.
      
         - Sync sched.h anc kvm.h headers with the kernel sources.
      
         - Link jvmti against tools/lib/ctype.o to have weak strlcpy().
      
         - Fix multiple memory and file descriptor leaks, found by coverity in
           perf annotate.
      
         - Fix leaks in error handling paths in 'perf c2c', 'perf kmem', found
           by a static analysis tool"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/aux: Fix AUX output stopping
        perf/aux: Fix tracking of auxiliary trace buffer allocation
        perf/x86/intel/pt: Fix base for single entry topa
        perf kmem: Fix memory leak in compact_gfp_flags()
        tools headers UAPI: Sync sched.h with the kernel
        tools headers kvm: Sync kvm.h headers with the kernel sources
        tools headers kvm: Sync kvm headers with the kernel sources
        tools headers kvm: Sync kvm headers with the kernel sources
        perf c2c: Fix memory leak in build_cl_output()
        perf tools: Fix mode setting in copyfile_mode_ns()
        perf annotate: Fix multiple memory and file descriptor leaks
        perf tools: Fix resource leak of closedir() on the error paths
        perf evlist: Fix fix for freed id arrays
        perf jvmti: Link against tools/lib/ctype.h to have weak strlcpy()
      a8a31fdc
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 1e1ac1cb
      Linus Torvalds authored
      Pull irq fixes from Thomas Gleixner:
       "Two fixes for interrupt controller drivers:
      
         - Skip IRQ_M_EXT entries in the device tree when initializing the
           RISCV PLIC controller to avoid a double init attempt.
      
         - Use the correct ITS list when issuing the VMOVP synchronization
           command so the operation works only on the ITS instances which are
           associated to a VM"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/sifive-plic: Skip contexts except supervisor in plic_init()
        irqchip/gic-v3-its: Use the exact ITSList for VMOVP
      1e1ac1cb
    • Linus Torvalds's avatar
      Merge tag '5.4-rc5-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 · c9a2e4a8
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Seven cifs/smb3 fixes, including three for stable"
      
      * tag '5.4-rc5-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs
        CIFS: Fix use after free of file info structures
        CIFS: Fix retry mid list corruption on reconnects
        cifs: Fix missed free operations
        CIFS: avoid using MID 0xFFFF
        cifs: clarify comment about timestamp granularity for old servers
        cifs: Handle -EINPROGRESS only when noblockcnt is set
      c9a2e4a8
    • Linus Torvalds's avatar
      Merge tag 'riscv/for-v5.4-rc5-b' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · 6995a6a5
      Linus Torvalds authored
      Pull RISC-V fixes from Paul Walmsley:
       "Several minor fixes and cleanups for v5.4-rc5:
      
         - Three build fixes for various SPARSEMEM-related kernel
           configurations
      
         - Two cleanup patches for the kernel bug and breakpoint trap handler
           code"
      
      * tag 'riscv/for-v5.4-rc5-b' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: cleanup do_trap_break
        riscv: cleanup <asm/bug.h>
        riscv: Fix undefined reference to vmemmap_populate_basepages
        riscv: Fix implicit declaration of 'page_to_section'
        riscv: fix fs/proc/kcore.c compilation with sparsemem enabled
      6995a6a5
  3. 26 Oct, 2019 13 commits
  4. 25 Oct, 2019 18 commits
    • Christoph Hellwig's avatar
      riscv: cleanup do_trap_break · e8f44c50
      Christoph Hellwig authored
      If we always compile the get_break_insn_length inline function we can
      remove the ifdefs and let dead code elimination take care of the warn
      branch that is now unreadable because the report_bug stub always
      returns BUG_TRAP_TYPE_BUG.
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarAnup Patel <anup@brainfault.org>
      Signed-off-by: default avatarPaul Walmsley <paul.walmsley@sifive.com>
      e8f44c50
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · b4b61b22
      Linus Torvalds authored
      Pull input fix from Dmitry Torokhov:
       "A fix for st1232 driver to properly report coordinates for 2nd and
        subsequent fingers when more than one is on the surface"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: st1232 - fix reporting multitouch coordinates
      b4b61b22
    • Mike Christie's avatar
      nbd: verify socket is supported during setup · cf1b2326
      Mike Christie authored
      nbd requires socket families to support the shutdown method so the nbd
      recv workqueue can be woken up from its sock_recvmsg call. If the socket
      does not support the callout we will leave recv works running or get hangs
      later when the device or module is removed.
      
      This adds a check during socket connection/reconnection to make sure the
      socket being passed in supports the needed callout.
      
      Reported-by: syzbot+24c12fa8d218ed26011a@syzkaller.appspotmail.com
      Fixes: e9e006f5 ("nbd: fix max number of supported devs")
      Tested-by: default avatarRichard W.M. Jones <rjones@redhat.com>
      Signed-off-by: default avatarMike Christie <mchristi@redhat.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      cf1b2326
    • Mark Brown's avatar
      ata: libahci_platform: Fix regulator_get_optional() misuse · 962399bb
      Mark Brown authored
      This driver is using regulator_get_optional() to handle all the supplies
      that it handles, and only ever enables and disables all supplies en masse
      without ever doing any other configuration of the device to handle missing
      power. These are clear signs that the API is being misused - it should only
      be used for supplies that may be physically absent from the system and in
      these cases the hardware usually needs different configuration if the
      supply is missing. Instead use normal regualtor_get(), if the supply is
      not described in DT then the framework will substitute a dummy regulator in
      so no special handling is needed by the consumer driver.
      
      In the case of the PHY regulator the handling in the driver is a hack to
      deal with integrated PHYs; the supplies are only optional in the sense
      that that there's some confusion in the code about where they're bound to.
      From a code point of view they function exactly as normal supplies so can
      be treated as such. It'd probably be better to model this by instantiating
      a PHY object for integrated PHYs.
      Reviewed-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      962399bb
    • Josef Bacik's avatar
      nbd: handle racing with error'ed out commands · 7ce23e8e
      Josef Bacik authored
      We hit the following warning in production
      
      print_req_error: I/O error, dev nbd0, sector 7213934408 flags 80700
      ------------[ cut here ]------------
      refcount_t: underflow; use-after-free.
      WARNING: CPU: 25 PID: 32407 at lib/refcount.c:190 refcount_sub_and_test_checked+0x53/0x60
      Workqueue: knbd-recv recv_work [nbd]
      RIP: 0010:refcount_sub_and_test_checked+0x53/0x60
      Call Trace:
       blk_mq_free_request+0xb7/0xf0
       blk_mq_complete_request+0x62/0xf0
       recv_work+0x29/0xa1 [nbd]
       process_one_work+0x1f5/0x3f0
       worker_thread+0x2d/0x3d0
       ? rescuer_thread+0x340/0x340
       kthread+0x111/0x130
       ? kthread_create_on_node+0x60/0x60
       ret_from_fork+0x1f/0x30
      ---[ end trace b079c3c67f98bb7c ]---
      
      This was preceded by us timing out everything and shutting down the
      sockets for the device.  The problem is we had a request in the queue at
      the same time, so we completed the request twice.  This can actually
      happen in a lot of cases, we fail to get a ref on our config, we only
      have one connection and just error out the command, etc.
      
      Fix this by checking cmd->status in nbd_read_stat.  We only change this
      under the cmd->lock, so we are safe to check this here and see if we've
      already error'ed this command out, which would indicate that we've
      completed it as well.
      Reviewed-by: default avatarMike Christie <mchristi@redhat.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      7ce23e8e
    • Josef Bacik's avatar
      nbd: protect cmd->status with cmd->lock · de6346ec
      Josef Bacik authored
      We already do this for the most part, except in timeout and clear_req.
      For the timeout case we take the lock after we grab a ref on the config,
      but that isn't really necessary because we're safe to touch the cmd at
      this point, so just move the order around.
      
      For the clear_req cause this is initiated by the user, so again is safe.
      Reviewed-by: default avatarMike Christie <mchristi@redhat.com>
      Signed-off-by: default avatarJosef Bacik <josef@toxicpanda.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      de6346ec
    • Linus Torvalds's avatar
      Merge tag 'modules-for-v5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux · 9e2dd2ca
      Linus Torvalds authored
      Pull modules fixes from Jessica Yu:
      
       - Revert __ksymtab_$namespace.$symbol naming scheme back to
         __ksymtab_$symbol, as it was causing issues with depmod.
      
         Instead, have modpost extract a symbol's namespace from __kstrtabns
         and __ksymtab_strings.
      
       - Fix `make nsdeps` for out of tree kernel builds (make O=...) caused
         by unescaped '/'.
      
         Use a different sed delimiter to avoid this problem.
      
      * tag 'modules-for-v5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux:
        scripts/nsdeps: use alternative sed delimiter
        symbol namespaces: revert to previous __ksymtab name scheme
        modpost: make updating the symbol namespace explicit
        modpost: delegate updating namespaces to separate function
      9e2dd2ca
    • Linus Torvalds's avatar
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 63cbb3b3
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
       "A slightly larger set of fixes have accrued in the last two weeks.
        Mostly a collection of the usual smaller fixes:
      
         - Marvell Armada: USB phy setup issues on Turris Mox
      
         - Broadcom: GPIO/pinmux DT mapping corrections for Stingray, MMC bus
           width fix for RPi Zero W, GPIO LED removal for RPI CM3. Also some
           maintainer updates.
      
         - OMAP: Fixlets for display config, interrupt settings for wifi, some
           clock/PM pieces. Also IOMMU regression fix and a ti-sysc
           no-watchdog regression fix.
      
         - i.MX: A few fixes around PM/settings, some devicetree fixlets and
           catching up with config option changes in DRM
      
         - Rockchip: RockRro64 misc DT fixups, Hugsun X99 USB-C, Kevin display
           panel settings
      
        ... and some smaller fixes for Davinci (backlight, McBSP DMA),
        Allwinner (phy regulators, PMU removal on A64, etc)"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (42 commits)
        ARM: dts: stm32: relax qspi pins slew-rate for stm32mp157
        MAINTAINERS: Update the Spreadtrum SoC maintainer
        MAINTAINERS: Remove Gregory and Brian for ARCH_BRCMSTB
        ARM: dts: bcm2837-rpi-cm3: Avoid leds-gpio probing issue
        bus: ti-sysc: Fix watchdog quirk handling
        ARM: OMAP2+: Add pdata for OMAP3 ISP IOMMU
        ARM: OMAP2+: Plug in device_enable/idle ops for IOMMUs
        ARM: davinci_all_defconfig: enable GPIO backlight
        ARM: davinci: dm365: Fix McBSP dma_slave_map entry
        ARM: dts: bcm2835-rpi-zero-w: Fix bus-width of sdhci
        ARM: imx_v6_v7_defconfig: Enable CONFIG_DRM_MSM
        arm64: dts: imx8mn: Use correct clock for usdhc's ipg clk
        arm64: dts: imx8mm: Use correct clock for usdhc's ipg clk
        arm64: dts: imx8mq: Use correct clock for usdhc's ipg clk
        ARM: dts: imx7s: Correct GPT's ipg clock source
        ARM: dts: vf610-zii-scu4-aib: Specify 'i2c-mux-idle-disconnect'
        ARM: dts: imx6q-logicpd: Re-Enable SNVS power key
        arm64: dts: lx2160a: Correct CPU core idle state name
        mailmap: Add Simon Arlott (replacement for expired email address)
        arm64: dts: rockchip: Fix override mode for rk3399-kevin panel
        ...
      63cbb3b3
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 8c123380
      Linus Torvalds authored
      Pull KVM fixes from Paolo Bonzini:
       "Bugfixes for ARM, PPC and x86, plus selftest improvements"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: nVMX: Don't leak L1 MMIO regions to L2
        KVM: SVM: Fix potential wrong physical id in avic_handle_ldr_update
        kvm: clear kvmclock MSR on reset
        KVM: x86: fix bugon.cocci warnings
        KVM: VMX: Remove specialized handling of unexpected exit-reasons
        selftests: kvm: fix sync_regs_test with newer gccs
        selftests: kvm: vmx_dirty_log_test: skip the test when VMX is not supported
        selftests: kvm: consolidate VMX support checks
        selftests: kvm: vmx_set_nested_state_test: don't check for VMX support twice
        KVM: Don't shrink/grow vCPU halt_poll_ns if host side polling is disabled
        selftests: kvm: synchronize .gitignore to Makefile
        kvm: x86: Expose RDPID in KVM_GET_SUPPORTED_CPUID
        KVM: arm64: pmu: Reset sample period on overflow handling
        KVM: arm64: pmu: Set the CHAINED attribute before creating the in-kernel event
        arm64: KVM: Handle PMCR_EL0.LC as RES1 on pure AArch64 systems
        KVM: arm64: pmu: Fix cycle counter truncation
        KVM: PPC: Book3S HV: XIVE: Ensure VP isn't already in use
      8c123380
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2019-10-25' of git://anongit.freedesktop.org/drm/drm · 8caacaad
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Quiet week this week, which I suspect means some people just didn't
        get around to sending me fixes pulls in time. This has 2 komeda and a
        bunch of amdgpu fixes in it:
      
        komeda:
         - typo fixes
         - flushing pipes fix
      
        amdgpu:
         - Fix suspend/resume issue related to multi-media engines
         - Fix memory leak in user ptr code related to hmm conversion
         - Fix possible VM faults when allocating page table memory
         - Fix error handling in bo list ioctl"
      
      * tag 'drm-fixes-2019-10-25' of git://anongit.freedesktop.org/drm/drm:
        drm/komeda: Fix typos in komeda_splitter_validate
        drm/komeda: Don't flush inactive pipes
        drm/amdgpu/vce: fix allocation size in enc ring test
        drm/amdgpu: fix error handling in amdgpu_bo_list_create
        drm/amdgpu: fix potential VM faults
        drm/amdgpu: user pages array memory leak fix
        drm/amdgpu/vcn: fix allocation size in enc ring test
        drm/amdgpu/uvd7: fix allocation size in enc ring test (v2)
        drm/amdgpu/uvd6: fix allocation size in enc ring test (v2)
      8caacaad
    • Linus Torvalds's avatar
      Merge tag 'mmc-v5.4-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · f6492848
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
       "MMC host fixes:
      
         - mxs: Fix flags passed to dmaengine_prep_slave_sg
      
         - cqhci: Add a missing memory barrier
      
         - sdhci-omap: Fix tuning procedure for temperatures < -20C"
      
      * tag 'mmc-v5.4-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: mxs: fix flags passed to dmaengine_prep_slave_sg
        mmc: cqhci: Commit descriptors before setting the doorbell
        mmc: sdhci-omap: Fix Tuning procedure for temperatures < -20C
      f6492848
    • Jens Axboe's avatar
      io_uring: fix bad inflight accounting for SETUP_IOPOLL|SETUP_SQTHREAD · 2b2ed975
      Jens Axboe authored
      We currently assume that submissions from the sqthread are successful,
      and if IO polling is enabled, we use that value for knowing how many
      completions to look for. But if we overflowed the CQ ring or some
      requests simply got errored and already completed, they won't be
      available for polling.
      
      For the case of IO polling and SQTHREAD usage, look at the pending
      poll list. If it ever hits empty then we know that we don't have
      anymore pollable requests inflight. For that case, simply reset
      the inflight count to zero.
      Reported-by: default avatarPavel Begunkov <asml.silence@gmail.com>
      Reviewed-by: default avatarPavel Begunkov <asml.silence@gmail.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      2b2ed975
    • Jens Axboe's avatar
      io_uring: used cached copies of sq->dropped and cq->overflow · 498ccd9e
      Jens Axboe authored
      We currently use the ring values directly, but that can lead to issues
      if the application is malicious and changes these values on our behalf.
      Created in-kernel cached versions of them, and just overwrite the user
      side when we update them. This is similar to how we treat the sq/cq
      ring tail/head updates.
      Reported-by: default avatarPavel Begunkov <asml.silence@gmail.com>
      Reviewed-by: default avatarPavel Begunkov <asml.silence@gmail.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      498ccd9e
    • Patrice Chotard's avatar
      ARM: dts: stm32: relax qspi pins slew-rate for stm32mp157 · 86ec2e17
      Patrice Chotard authored
      Relax qspi pins slew-rate to minimize peak currents.
      
      Fixes: 84403005 ("ARM: dts: stm32: add flash nor support on stm32mp157c eval board")
      
      Link: https://lore.kernel.org/r/20191025130122.11407-1-alexandre.torgue@st.comSigned-off-by: default avatarPatrice Chotard <patrice.chotard@st.com>
      Signed-off-by: default avatarAlexandre Torgue <alexandre.torgue@st.com>
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      86ec2e17
    • Pavel Begunkov's avatar
      io_uring: Fix race for sqes with userspace · 935d1e45
      Pavel Begunkov authored
      io_ring_submit() finalises with
      1. io_commit_sqring(), which releases sqes to the userspace
      2. Then calls to io_queue_link_head(), accessing released head's sqe
      
      Reorder them.
      Signed-off-by: default avatarPavel Begunkov <asml.silence@gmail.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      935d1e45
    • Pavel Begunkov's avatar
      io_uring: Fix broken links with offloading · fb5ccc98
      Pavel Begunkov authored
      io_sq_thread() processes sqes by 8 without considering links. As a
      result, links will be randomely subdivided.
      
      The easiest way to fix it is to call io_get_sqring() inside
      io_submit_sqes() as do io_ring_submit().
      
      Downsides:
      1. This removes optimisation of not grabbing mm_struct for fixed files
      2. It submitting all sqes in one go, without finer-grained sheduling
      with cq processing.
      Signed-off-by: default avatarPavel Begunkov <asml.silence@gmail.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      fb5ccc98
    • Pavel Begunkov's avatar
      io_uring: Fix corrupted user_data · 84d55dc5
      Pavel Begunkov authored
      There is a bug, where failed linked requests are returned not with
      specified @user_data, but with garbage from a kernel stack.
      
      The reason is that io_fail_links() uses req->user_data, which is
      uninitialised when called from io_queue_sqe() on fail path.
      Signed-off-by: default avatarPavel Begunkov <asml.silence@gmail.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      84d55dc5
    • Juergen Gross's avatar
      xen: issue deprecation warning for 32-bit pv guest · 6ccae60d
      Juergen Gross authored
      Support for the kernel as Xen 32-bit PV guest will soon be removed.
      Issue a warning when booted as such.
      Signed-off-by: default avatarJuergen Gross <jgross@suse.com>
      Signed-off-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
      6ccae60d