An error occurred fetching the project authors.
  1. 12 Jan, 2020 35 commits
  2. 09 Jan, 2020 5 commits
    • Greg Kroah-Hartman's avatar
      Linux 4.19.94 · cb1f9a16
      Greg Kroah-Hartman authored
      cb1f9a16
    • Alexander Shishkin's avatar
      perf/x86/intel/bts: Fix the use of page_private() · 78880475
      Alexander Shishkin authored
      [ Upstream commit ff61541c ]
      
      Commit
      
        8062382c ("perf/x86/intel/bts: Add BTS PMU driver")
      
      brought in a warning with the BTS buffer initialization
      that is easily tripped with (assuming KPTI is disabled):
      
      instantly throwing:
      
      > ------------[ cut here ]------------
      > WARNING: CPU: 2 PID: 326 at arch/x86/events/intel/bts.c:86 bts_buffer_setup_aux+0x117/0x3d0
      > Modules linked in:
      > CPU: 2 PID: 326 Comm: perf Not tainted 5.4.0-rc8-00291-gceb9e773 #904
      > RIP: 0010:bts_buffer_setup_aux+0x117/0x3d0
      > Call Trace:
      >  rb_alloc_aux+0x339/0x550
      >  perf_mmap+0x607/0xc70
      >  mmap_region+0x76b/0xbd0
      ...
      
      It appears to assume (for lost raisins) that PagePrivate() is set,
      while later it actually tests for PagePrivate() before using
      page_private().
      
      Make it consistent and always check PagePrivate() before using
      page_private().
      
      Fixes: 8062382c ("perf/x86/intel/bts: Add BTS PMU driver")
      Signed-off-by: default avatarAlexander Shishkin <alexander.shishkin@linux.intel.com>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Vince Weaver <vincent.weaver@maine.edu>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Link: https://lkml.kernel.org/r/20191205142853.28894-2-alexander.shishkin@linux.intel.comSigned-off-by: default avatarSasha Levin <sashal@kernel.org>
      78880475
    • SeongJae Park's avatar
      xen/blkback: Avoid unmapping unmapped grant pages · 87d43527
      SeongJae Park authored
      [ Upstream commit f9bd84a8 ]
      
      For each I/O request, blkback first maps the foreign pages for the
      request to its local pages.  If an allocation of a local page for the
      mapping fails, it should unmap every mapping already made for the
      request.
      
      However, blkback's handling mechanism for the allocation failure does
      not mark the remaining foreign pages as unmapped.  Therefore, the unmap
      function merely tries to unmap every valid grant page for the request,
      including the pages not mapped due to the allocation failure.  On a
      system that fails the allocation frequently, this problem leads to
      following kernel crash.
      
        [  372.012538] BUG: unable to handle kernel NULL pointer dereference at 0000000000000001
        [  372.012546] IP: [<ffffffff814071ac>] gnttab_unmap_refs.part.7+0x1c/0x40
        [  372.012557] PGD 16f3e9067 PUD 16426e067 PMD 0
        [  372.012562] Oops: 0002 [#1] SMP
        [  372.012566] Modules linked in: act_police sch_ingress cls_u32
        ...
        [  372.012746] Call Trace:
        [  372.012752]  [<ffffffff81407204>] gnttab_unmap_refs+0x34/0x40
        [  372.012759]  [<ffffffffa0335ae3>] xen_blkbk_unmap+0x83/0x150 [xen_blkback]
        ...
        [  372.012802]  [<ffffffffa0336c50>] dispatch_rw_block_io+0x970/0x980 [xen_blkback]
        ...
        Decompressing Linux... Parsing ELF... done.
        Booting the kernel.
        [    0.000000] Initializing cgroup subsys cpuset
      
      This commit fixes this problem by marking the grant pages of the given
      request that didn't mapped due to the allocation failure as invalid.
      
      Fixes: c6cc142d ("xen-blkback: use balloon pages for all mappings")
      Reviewed-by: default avatarDavid Woodhouse <dwmw@amazon.de>
      Reviewed-by: default avatarMaximilian Heyne <mheyne@amazon.de>
      Reviewed-by: default avatarPaul Durrant <pdurrant@amazon.co.uk>
      Reviewed-by: default avatarRoger Pau Monné <roger.pau@citrix.com>
      Signed-off-by: default avatarSeongJae Park <sjpark@amazon.de>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      87d43527
    • Heiko Carstens's avatar
      s390/smp: fix physical to logical CPU map for SMT · a5011c78
      Heiko Carstens authored
      [ Upstream commit 72a81ad9 ]
      
      If an SMT capable system is not IPL'ed from the first CPU the setup of
      the physical to logical CPU mapping is broken: the IPL core gets CPU
      number 0, but then the next core gets CPU number 1. Correct would be
      that all SMT threads of CPU 0 get the subsequent logical CPU numbers.
      
      This is important since a lot of code (like e.g. the CPU topology
      code) assumes that CPU maps are setup like this. If the mapping is
      broken the system will not IPL due to broken topology masks:
      
      [    1.716341] BUG: arch topology broken
      [    1.716342]      the SMT domain not a subset of the MC domain
      [    1.716343] BUG: arch topology broken
      [    1.716344]      the MC domain not a subset of the BOOK domain
      
      This scenario can usually not happen since LPARs are always IPL'ed
      from CPU 0 and also re-IPL is intiated from CPU 0. However older
      kernels did initiate re-IPL on an arbitrary CPU. If therefore a re-IPL
      from an old kernel into a new kernel is initiated this may lead to
      crash.
      
      Fix this by setting up the physical to logical CPU mapping correctly.
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      a5011c78
    • Zhihao Cheng's avatar
      ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps · 7764ed0b
      Zhihao Cheng authored
      [ Upstream commit 6abf5726 ]
      
      Running stress-test test_2 in mtd-utils on ubi device, sometimes we can
      get following oops message:
      
        BUG: unable to handle page fault for address: ffffffff00000140
        #PF: supervisor read access in kernel mode
        #PF: error_code(0x0000) - not-present page
        PGD 280a067 P4D 280a067 PUD 0
        Oops: 0000 [#1] SMP
        CPU: 0 PID: 60 Comm: kworker/u16:1 Kdump: loaded Not tainted 5.2.0 #13
        Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0
        -0-ga698c8995f-prebuilt.qemu.org 04/01/2014
        Workqueue: writeback wb_workfn (flush-ubifs_0_0)
        RIP: 0010:rb_next_postorder+0x2e/0xb0
        Code: 80 db 03 01 48 85 ff 0f 84 97 00 00 00 48 8b 17 48 83 05 bc 80 db
        03 01 48 83 e2 fc 0f 84 82 00 00 00 48 83 05 b2 80 db 03 01 <48> 3b 7a
        10 48 89 d0 74 02 f3 c3 48 8b 52 08 48 83 05 a3 80 db 03
        RSP: 0018:ffffc90000887758 EFLAGS: 00010202
        RAX: ffff888129ae4700 RBX: ffff888138b08400 RCX: 0000000080800001
        RDX: ffffffff00000130 RSI: 0000000080800024 RDI: ffff888138b08400
        RBP: ffff888138b08400 R08: ffffea0004a6b920 R09: 0000000000000000
        R10: ffffc90000887740 R11: 0000000000000001 R12: ffff888128d48000
        R13: 0000000000000800 R14: 000000000000011e R15: 00000000000007c8
        FS:  0000000000000000(0000) GS:ffff88813ba00000(0000)
        knlGS:0000000000000000
        CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        CR2: ffffffff00000140 CR3: 000000013789d000 CR4: 00000000000006f0
        DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
        DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
        Call Trace:
          destroy_old_idx+0x5d/0xa0 [ubifs]
          ubifs_tnc_start_commit+0x4fe/0x1380 [ubifs]
          do_commit+0x3eb/0x830 [ubifs]
          ubifs_run_commit+0xdc/0x1c0 [ubifs]
      
      Above Oops are due to the slab-out-of-bounds happened in do-while of
      function layout_in_gaps indirectly called by ubifs_tnc_start_commit. In
      function layout_in_gaps, there is a do-while loop placing index nodes
      into the gaps created by obsolete index nodes in non-empty index LEBs
      until rest index nodes can totally be placed into pre-allocated empty
      LEBs. @c->gap_lebs points to a memory area(integer array) which records
      LEB numbers used by 'in-the-gaps' method. Whenever a fitable index LEB
      is found, corresponding lnum will be incrementally written into the
      memory area pointed by @c->gap_lebs. The size
      ((@c->lst.idx_lebs + 1) * sizeof(int)) of memory area is allocated before
      do-while loop and can not be changed in the loop. But @c->lst.idx_lebs
      could be increased by function ubifs_change_lp (called by
      layout_leb_in_gaps->ubifs_find_dirty_idx_leb->get_idx_gc_leb) during the
      loop. So, sometimes oob happens when number of cycles in do-while loop
      exceeds the original value of @c->lst.idx_lebs. See detail in
      https://bugzilla.kernel.org/show_bug.cgi?id=204229.
      This patch fixes oob in layout_in_gaps.
      Signed-off-by: default avatarZhihao Cheng <chengzhihao1@huawei.com>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
      7764ed0b