1. 26 Jan, 2018 1 commit
    • Andy Lutomirski's avatar
      x86/mm/64: Fix vmapped stack syncing on very-large-memory 4-level systems · 5beda7d5
      Andy Lutomirski authored
      Neil Berrington reported a double-fault on a VM with 768GB of RAM that uses
      large amounts of vmalloc space with PTI enabled.
      
      The cause is that load_new_mm_cr3() was never fixed to take the 5-level pgd
      folding code into account, so, on a 4-level kernel, the pgd synchronization
      logic compiles away to exactly nothing.
      
      Interestingly, the problem doesn't trigger with nopti.  I assume this is
      because the kernel is mapped with global pages if we boot with nopti.  The
      sequence of operations when we create a new task is that we first load its
      mm while still running on the old stack (which crashes if the old stack is
      unmapped in the new mm unless the TLB saves us), then we call
      prepare_switch_to(), and then we switch to the new stack.
      prepare_switch_to() pokes the new stack directly, which will populate the
      mapping through vmalloc_fault().  I assume that we're getting lucky on
      non-PTI systems -- the old stack's TLB entry stays alive long enough to
      make it all the way through prepare_switch_to() and switch_to() so that we
      make it to a valid stack.
      
      Fixes: b50858ce ("x86/mm/vmalloc: Add 5-level paging support")
      Reported-and-tested-by: default avatarNeil Berrington <neil.berrington@datacore.com>
      Signed-off-by: default avatarAndy Lutomirski <luto@kernel.org>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
      Cc: stable@vger.kernel.org
      Cc: Dave Hansen <dave.hansen@intel.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Link: https://lkml.kernel.org/r/346541c56caed61abbe693d7d2742b4a380c5001.1516914529.git.luto@kernel.org
      5beda7d5
  2. 24 Jan, 2018 3 commits
  3. 23 Jan, 2018 3 commits
    • Linus Torvalds's avatar
      Merge tag 'pci-v4.15-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · 1f07476e
      Linus Torvalds authored
      Pull PCI fix from Bjorn Helgaas:
       "Fix AMD regression due to not re-enabling the big window on resume
        (Christian König)"
      
      * tag 'pci-v4.15-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        x86/PCI: Enable AMD 64-bit window on resume
      1f07476e
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · a84a8ab9
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix divide by zero in mlx5, from Talut Batheesh.
      
       2) Guard against invalid GSO packets coming from untrusted guests and
          arriving in qdisc_pkt_len_init(), from Eric Dumazet.
      
       3) Similarly add such protection to the various protocol GSO handlers.
          From Willem de Bruijn.
      
       4) Fix regression added to IGMP source address checking for IGMPv3
          reports, from Felix Feitkau.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
        tls: Correct length of scatterlist in tls_sw_sendpage
        be2net: restore properly promisc mode after queues reconfiguration
        net: igmp: fix source address check for IGMPv3 reports
        gso: validate gso_type in GSO handlers
        net: qdisc_pkt_len_init() should be more robust
        ibmvnic: Allocate and request vpd in init_resources
        ibmvnic: Revert to previous mtu when unsupported value requested
        ibmvnic: Modify buffer size and number of queues on failover
        rds: tcp: compute m_ack_seq as offset from ->write_seq
        usbnet: silence an unnecessary warning
        cxgb4: fix endianness for vlan value in cxgb4_tc_flower
        cxgb4: set filter type to 1 for ETH_P_IPV6
        net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare
      a84a8ab9
    • Ben Hutchings's avatar
      nfsd: auth: Fix gid sorting when rootsquash enabled · 19952667
      Ben Hutchings authored
      Commit bdcf0a42 ("kernel: make groups_sort calling a responsibility
      group_info allocators") appears to break nfsd rootsquash in a pretty
      major way.
      
      It adds a call to groups_sort() inside the loop that copies/squashes
      gids, which means the valid gids are sorted along with the following
      garbage.  The net result is that the highest numbered valid gids are
      replaced with any lower-valued garbage gids, possibly including 0.
      
      We should sort only once, after filling in all the gids.
      
      Fixes: bdcf0a42 ("kernel: make groups_sort calling a responsibility ...")
      Signed-off-by: default avatarBen Hutchings <ben.hutchings@codethink.co.uk>
      Acked-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      19952667
  4. 22 Jan, 2018 18 commits
  5. 21 Jan, 2018 8 commits
    • Talat Batheesh's avatar
      net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare · e58edaa4
      Talat Batheesh authored
      Helmut reported a bug about division by zero while
      running traffic and doing physical cable pull test.
      
      When the cable unplugged the ppms become zero, so when
      dividing the current ppms by the previous ppms in the
      next dim iteration there is division by zero.
      
      This patch prevent this division for both ppms and epms.
      
      Fixes: c3164d2f ("net/mlx5e: Added BW check for DIM decision mechanism")
      Reported-by: default avatarHelmut Grauer <helmut.grauer@de.ibm.com>
      Signed-off-by: default avatarTalat Batheesh <talatb@mellanox.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e58edaa4
    • Linus Torvalds's avatar
      Linux 4.15-rc9 · 0c5b9b5d
      Linus Torvalds authored
      0c5b9b5d
    • Linus Torvalds's avatar
      Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 55151142
      Linus Torvalds authored
      Pull x86 pti fixes from Thomas Gleixner:
       "A small set of fixes for the meltdown/spectre mitigations:
      
         - Make kprobes aware of retpolines to prevent probes in the retpoline
           thunks.
      
         - Make the machine check exception speculation protected. MCE used to
           issue an indirect call directly from the ASM entry code. Convert
           that to a direct call into a C-function and issue the indirect call
           from there so the compiler can add the retpoline protection,
      
         - Make the vmexit_fill_RSB() assembly less stupid
      
         - Fix a typo in the PTI documentation"
      
      * 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
        x86/pti: Document fix wrong index
        kprobes/x86: Disable optimizing on the function jumps to indirect thunk
        kprobes/x86: Blacklist indirect thunk functions for kprobes
        retpoline: Introduce start/end markers of indirect thunk
        x86/mce: Make machine check speculation protected
      55151142
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 319f1e04
      Linus Torvalds authored
      Pull x86 kexec fix from Thomas Gleixner:
       "A single fix for the WBINVD issue introduced by the SME support which
        causes kexec fails on non AMD/SME capable CPUs. Issue WBINVD only when
        the CPU has SME and avoid doing so in a loop"
      
      [ Side note: this patch fixes the problem, but it isn't entirely clear
        why it is required. The wbinvd should just work regardless, but there
        seems to be some system - as opposed to CPU - issue, since the wbinvd
        causes more problems later in the shutdown sequence, but wbinvd
        instructions while the system is still active are not problematic.
      
        Possibly some SMI or pending machine check issue on the affected system ]
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/mm: Rework wbinvd, hlt operation in stop_this_cpu()
      319f1e04
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 66f81624
      Linus Torvalds authored
      Pull irq fix from Thomas Gleixner:
       "A single fix for the new matrix allocator to prevent vector exhaustion
        by certain network drivers which allocate gazillions of unused vectors
        which cannot be put into reservation mode due to MSI and the lack of
        MSI entry masking.
      
        The fix/workaround is to spread the vectors across CPUs by searching
        the supplied target CPU mask for the CPU with the smallest number of
        allocated vectors"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irq/matrix: Spread interrupts on allocation
      66f81624
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha · d517bb79
      Linus Torvalds authored
      Pull alpha fixes from Matt Turner:
       "A build fix and a regression fix"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha:
        alpha/PCI: Fix noname IRQ level detection
        alpha: extend memset16 to EV6 optimised routines
      d517bb79
    • Laura Abbott's avatar
      x86: Use __nostackprotect for sme_encrypt_kernel · 91cfc88c
      Laura Abbott authored
      Commit bacf6b49 ("x86/mm: Use a struct to reduce parameters for SME
      PGD mapping") moved some parameters into a structure.
      
      The structure was large enough to trigger the stack protection canary in
      sme_encrypt_kernel which doesn't work this early, causing reboots.
      
      Mark sme_encrypt_kernel appropriately to not use the canary.
      
      Fixes: bacf6b49 ("x86/mm: Use a struct to reduce parameters for SME PGD mapping")
      Signed-off-by: default avatarLaura Abbott <labbott@redhat.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Ingo Molnar <mingo@kernel.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      91cfc88c
    • Lorenzo Pieralisi's avatar
      alpha/PCI: Fix noname IRQ level detection · 86be8993
      Lorenzo Pieralisi authored
      The conversion of the alpha architecture PCI host bridge legacy IRQ
      mapping/swizzling to the new PCI host bridge map/swizzle hooks carried
      out through:
      
      commit 0e4c2eeb ("alpha/PCI: Replace pci_fixup_irqs() call with
      host bridge IRQ mapping hooks")
      
      implies that IRQ for devices are now allocated through pci_assign_irq()
      function in pci_device_probe() that is called when a driver matching a
      device is found in order to probe the device through the device driver.
      
      Alpha noname platforms required IRQ level programming to be executed
      in sio_fixup_irq_levels(), that is called in noname_init_pci(), a
      platform hook called within a subsys_initcall.
      
      In noname_init_pci(), present IRQs are detected through
      sio_collect_irq_levels() that check the struct pci_dev->irq number
      to detect if an IRQ has been allocated for the device.
      
      By the time sio_collect_irq_levels() is called, some devices may still
      have not a matching driver loaded to match them (eg loadable module)
      therefore their IRQ allocation is still pending - which means that
      sio_collect_irq_levels() does not programme the correct IRQ level for
      those devices, causing their IRQ handling to be broken when the device
      driver is actually loaded and the device is probed.
      
      Fix the issue by adding code in the noname map_irq() function
      (noname_map_irq()) that, whilst mapping/swizzling the IRQ line, it also
      ensures that the correct IRQ level programming is executed at platform
      level, fixing the issue.
      
      Fixes: 0e4c2eeb ("alpha/PCI: Replace pci_fixup_irqs() call with
      host bridge IRQ mapping hooks")
      Reported-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarLorenzo Pieralisi <lorenzo.pieralisi@arm.com>
      Cc: stable@vger.kernel.org # 4.14
      Cc: Bjorn Helgaas <bhelgaas@google.com>
      Cc: Richard Henderson <rth@twiddle.net>
      Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
      Cc: Mikulas Patocka <mpatocka@redhat.com>
      Cc: Meelis Roos <mroos@linux.ee>
      Signed-off-by: default avatarMatt Turner <mattst88@gmail.com>
      86be8993
  6. 20 Jan, 2018 4 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 24b61240
      Linus Torvalds authored
      Pull KVM fixes from Radim Krčmář:
       "ARM:
         - fix incorrect huge page mappings on systems using the contiguous
           hint for hugetlbfs
         - support alternative GICv4 init sequence
         - correctly implement the ARM SMCC for HVC and SMC handling
      
        PPC:
         - add KVM IOCTL for reporting vulnerability and workaround status
      
        s390:
         - provide userspace interface for branch prediction changes in
           firmware
      
        x86:
         - use correct macros for bits"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: s390: wire up bpb feature
        KVM: PPC: Book3S: Provide information about hardware/firmware CVE workarounds
        KVM/x86: Fix wrong macro references of X86_CR0_PG_BIT and X86_CR4_PAE_BIT in kvm_valid_sregs()
        arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
        KVM: arm64: Fix GICv4 init when called from vgic_its_create
        KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2
      24b61240
    • Linus Torvalds's avatar
      Merge tag 'mips_fixes_4.15_2' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips · e6252e7f
      Linus Torvalds authored
      Pull MIPS fixes from James Hogan:
       "Some final MIPS fixes for 4.15, including important build fixes and a
        MAINTAINERS update:
      
         - Add myself as MIPS co-maintainer.
      
         - Fix various all*config build failures (particularly as a result of
           switching the default MIPS platform to the "generic" platform).
      
         - Fix GCC7 build failures (duplicate const and questionable calls to
           missing __multi3 intrinsic on mips64r6).
      
         - Fix warnings when CPU Idle is enabled (4.14).
      
         - Fix AR7 serial output (since 3.17).
      
         - Fix ralink platform_get_irq error checking (since 3.12)"
      
      * tag 'mips_fixes_4.15_2' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips:
        MAINTAINERS: Add James as MIPS co-maintainer
        MIPS: Fix undefined reference to physical_memsize
        MIPS: Implement __multi3 for GCC7 MIPS64r6 builds
        MIPS: mm: Fix duplicate "const" on insn_table_MM
        MIPS: CM: Drop WARN_ON(vp != 0)
        MIPS: ralink: Fix platform_get_irq's error checking
        MIPS: Fix CPS SMP NS16550 UART defaults
        MIPS: BCM47XX Avoid compile error with MIPS allnoconfig
        MIPS: RB532: Avoid undefined mac_pton without GENERIC_NET_UTILS
        MIPS: RB532: Avoid undefined early_serial_setup() without SERIAL_8250_CONSOLE
        MIPS: ath25: Avoid undefined early_serial_setup() without SERIAL_8250_CONSOLE
        MIPS: AR7: ensure the port type's FCR value is used
      e6252e7f
    • Christian Borntraeger's avatar
      KVM: s390: wire up bpb feature · 35b3fde6
      Christian Borntraeger authored
      The new firmware interfaces for branch prediction behaviour changes
      are transparently available for the guest. Nevertheless, there is
      new state attached that should be migrated and properly resetted.
      Provide a mechanism for handling reset, migration and VSIE.
      Signed-off-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
      Reviewed-by: default avatarDavid Hildenbrand <david@redhat.com>
      Reviewed-by: default avatarCornelia Huck <cohuck@redhat.com>
      [Changed capability number to 152. - Radim]
      Signed-off-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      35b3fde6
    • Radim Krčmář's avatar
      Merge tag 'kvm-ppc-cve-4.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc · 29d24e3f
      Radim Krčmář authored
      Add PPC KVM ioctl to report vulnerability and workaround status to userspace.
      29d24e3f
  7. 19 Jan, 2018 3 commits
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 8dd903d2
      Linus Torvalds authored
      Pull SCSI fix from James Bottomley:
       "One fix for SAS attached SATA CD-ROMs. It turns out that the libata
        handling of CD devices relies on the SCSI error handler, so disable
        async aborts (which don't start the error handler) for these devices"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: libsas: Disable asynchronous aborts for SATA devices
      8dd903d2
    • Linus Torvalds's avatar
      Merge tag 'for-4.15/dm-fixes-2' of... · 1cf55613
      Linus Torvalds authored
      Merge tag 'for-4.15/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
      
      Pull device mapper fixes from Mike Snitzer:
       "All fixes marked for stable:
      
         - Fix DM thinp btree corruption seen when inserting a new key/value
           pair into a full root node.
      
         - Fix DM thinp btree removal deadlock due to artificially low number
           of allowed concurrent locks allowed.
      
         - Fix possible DM crypt corruption if kernel keyring service is used.
           Only affects ciphers using following IVs: essiv, lmk and tcw.
      
         - Two DM crypt device initialization error checking fixes.
      
         - Fix DM integrity to allow use of async ciphers that require DMA"
      
      * tag 'for-4.15/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm crypt: fix error return code in crypt_ctr()
        dm crypt: wipe kernel key copy after IV initialization
        dm integrity: don't store cipher request on the stack
        dm crypt: fix crash by adding missing check for auth key size
        dm btree: fix serious bug in btree_split_beneath()
        dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6
      1cf55613
    • Linus Torvalds's avatar
      Merge tag 'trace-v4.15-rc4-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · ec835f81
      Linus Torvalds authored
      Pull tracing fixes from Steven Rostedt:
       "Two more small fixes
      
         - The conversion of enums into their actual numbers to display in the
           event format file had an off-by-one bug, that could cause an enum
           not to be converted, and break user space parsing tools.
      
         - A fix to a previous fix to bring back the context recursion checks.
           The interrupt case checks for NMI, IRQ and softirq, but the softirq
           returned the same number regardless if it was set or not, although
           the logic would force it to be set if it were hit"
      
      * tag 'trace-v4.15-rc4-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        tracing: Fix converting enum's from the map in trace_event_eval_update()
        ring-buffer: Fix duplicate results in mapping context to bits in recursive lock
      ec835f81