1. 18 Jul, 2017 7 commits
    • Sven Eckelmann's avatar
      batman-adv: Keep fragments equally sized · 628b27c3
      Sven Eckelmann authored
      commit 1c2bcc76 upstream.
      
      The batman-adv fragmentation packets have the design problem that they
      cannot be refragmented and cannot handle padding by the underlying link.
      The latter often leads to problems when networks are incorrectly configured
      and don't use a common MTU.
      
      The sender could for example fragment a 1271 byte frame (plus external
      ethernet header (14) and batadv unicast header (10)) to fit in a 1280 bytes
      large MTU of the underlying link (max. 1294 byte frames). This would create
      a 1294 bytes large frame (fragment 2) and a 55 bytes large frame
      (fragment 1). The extra 54 bytes are the fragment header (20) added to each
      fragment and the external ethernet header (14) for the second fragment.
      
      Let us assume that the next hop is then not able to transport 1294 bytes to
      its next hop. The 1294 byte large frame will be dropped but the 55 bytes
      large fragment will still be forwarded to its destination.
      
      Or let us assume that the underlying hardware requires that each frame has
      a minimum size (e.g. 60 bytes). Then it will pad the 55 bytes frame to 60
      bytes. The receiver of the 60 bytes frame will no longer be able to
      correctly assemble the two frames together because it is not aware that 5
      bytes of the 60 bytes frame are padding and don't belong to the reassembled
      frame.
      
      This can partly be avoided by splitting frames more equally. In this
      example, the 675 and 674 bytes large fragment frames could both potentially
      reach its destination without being too large or too small.
      Reported-by: default avatarMartin Weinelt <martin@darmstadt.freifunk.net>
      Fixes: ee75ed88 ("batman-adv: Fragment and send skbs larger than mtu")
      Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
      Acked-by: default avatarLinus Lüssing <linus.luessing@c0d3.blue>
      Signed-off-by: default avatarSimon Wunderlich <sw@simonwunderlich.de>
      [bwh: Backported to 3.16: adjust context]
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      628b27c3
    • Rik van Riel's avatar
      tracing: Add #undef to fix compile error · 57d310d0
      Rik van Riel authored
      commit bf7165cf upstream.
      
      There are several trace include files that define TRACE_INCLUDE_FILE.
      
      Include several of them in the same .c file (as I currently have in
      some code I am working on), and the compile will blow up with a
      "warning: "TRACE_INCLUDE_FILE" redefined #define TRACE_INCLUDE_FILE syscalls"
      
      Every other include file in include/trace/events/ avoids that issue
      by having a #undef TRACE_INCLUDE_FILE before the #define; syscalls.h
      should have one, too.
      
      Link: http://lkml.kernel.org/r/20160928225554.13bd7ac6@annuminas.surriel.com
      
      Fixes: b8007ef7 ("tracing: Separate raw syscall from syscall tracer")
      Signed-off-by: default avatarRik van Riel <riel@redhat.com>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      57d310d0
    • Janosch Frank's avatar
      KVM: s390: Fix guest migration for huge guests resulting in panic · 6be3b43d
      Janosch Frank authored
      commit 2e4d8800 upstream.
      
      While we can technically not run huge page guests right now, we can
      setup a guest with huge pages. Trying to migrate it will trigger a
      VM_BUG_ON and, if the kernel is not configured to panic on a BUG, it
      will happily try to work on non-existing page table entries.
      
      With this patch, we always return "dirty" if we encounter a large page
      when migrating. This at least fixes the immediate problem until we
      have proper handling for both kind of pages.
      
      Fixes: 15f36ebd ("KVM: s390: Add proper dirty bitmap support to S390 kvm.")
      Signed-off-by: default avatarJanosch Frank <frankja@linux.vnet.ibm.com>
      Acked-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      [bwh: Backported to 3.16:
       - Use respectively gmap->mm, address and pte instead of mm, addr and ptep
       - Adjust context]
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      6be3b43d
    • Masami Hiramatsu's avatar
      kprobes/x86: Fix kernel panic when certain exception-handling addresses are probed · 9b3026f2
      Masami Hiramatsu authored
      commit 75013fb1 upstream.
      
      Fix to the exception table entry check by using probed address
      instead of the address of copied instruction.
      
      This bug may cause unexpected kernel panic if user probe an address
      where an exception can happen which should be fixup by __ex_table
      (e.g. copy_from_user.)
      
      Unless user puts a kprobe on such address, this doesn't
      cause any problem.
      
      This bug has been introduced years ago, by commit:
      
        46484688 ("x86/kprobes: Fix a bug which can modify kernel code permanently").
      Signed-off-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Fixes: 46484688 ("x86/kprobes: Fix a bug which can modify kernel code permanently")
      Link: http://lkml.kernel.org/r/148829899399.28855.12581062400757221722.stgit@devboxSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      9b3026f2
    • Chris Leech's avatar
      scsi: libiscsi: add lock around task lists to fix list corruption regression · e57d9472
      Chris Leech authored
      commit 6f8830f5 upstream.
      
      There's a rather long standing regression from the commit "libiscsi:
      Reduce locking contention in fast path"
      
      Depending on iSCSI target behavior, it's possible to hit the case in
      iscsi_complete_task where the task is still on a pending list
      (!list_empty(&task->running)).  When that happens the task is removed
      from the list while holding the session back_lock, but other task list
      modification occur under the frwd_lock.  That leads to linked list
      corruption and eventually a panicked system.
      
      Rather than back out the session lock split entirely, in order to try
      and keep some of the performance gains this patch adds another lock to
      maintain the task lists integrity.
      
      Major enterprise supported kernels have been backing out the lock split
      for while now, thanks to the efforts at IBM where a lab setup has the
      most reliable reproducer I've seen on this issue.  This patch has been
      tested there successfully.
      Signed-off-by: default avatarChris Leech <cleech@redhat.com>
      Fixes: 659743b0 ("[SCSI] libiscsi: Reduce locking contention in fast path")
      Reported-by: default avatarPrashantha Subbarao <psubbara@us.ibm.com>
      Reviewed-by: default avatarGuilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      e57d9472
    • Dan Streetman's avatar
      xen: do not re-use pirq number cached in pci device msi msg data · da9865bf
      Dan Streetman authored
      commit c74fd80f upstream.
      
      Revert the main part of commit:
      af42b8d1 ("xen: fix MSI setup and teardown for PV on HVM guests")
      
      That commit introduced reading the pci device's msi message data to see
      if a pirq was previously configured for the device's msi/msix, and re-use
      that pirq.  At the time, that was the correct behavior.  However, a
      later change to Qemu caused it to call into the Xen hypervisor to unmap
      all pirqs for a pci device, when the pci device disables its MSI/MSIX
      vectors; specifically the Qemu commit:
      c976437c7dba9c7444fb41df45468968aaa326ad
      ("qemu-xen: free all the pirqs for msi/msix when driver unload")
      
      Once Qemu added this pirq unmapping, it was no longer correct for the
      kernel to re-use the pirq number cached in the pci device msi message
      data.  All Qemu releases since 2.1.0 contain the patch that unmaps the
      pirqs when the pci device disables its MSI/MSIX vectors.
      
      This bug is causing failures to initialize multiple NVMe controllers
      under Xen, because the NVMe driver sets up a single MSIX vector for
      each controller (concurrently), and then after using that to talk to
      the controller for some configuration data, it disables the single MSIX
      vector and re-configures all the MSIX vectors it needs.  So the MSIX
      setup code tries to re-use the cached pirq from the first vector
      for each controller, but the hypervisor has already given away that
      pirq to another controller, and its initialization fails.
      
      This is discussed in more detail at:
      https://lists.xen.org/archives/html/xen-devel/2017-01/msg00447.html
      
      Fixes: af42b8d1 ("xen: fix MSI setup and teardown for PV on HVM guests")
      Signed-off-by: default avatarDan Streetman <dan.streetman@canonical.com>
      Reviewed-by: default avatarStefano Stabellini <sstabellini@kernel.org>
      Acked-by: default avatarKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      Signed-off-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
      [bwh: Backported to 3.16: adjust context]
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      da9865bf
    • Florian Westphal's avatar
      xfrm: policy: init locks early · 6d7d4c06
      Florian Westphal authored
      commit c282222a upstream.
      
      Dmitry reports following splat:
       INFO: trying to register non-static key.
       the code is fine but needs lockdep annotation.
       turning off the locking correctness validator.
       CPU: 0 PID: 13059 Comm: syz-executor1 Not tainted 4.10.0-rc7-next-20170207 #1
      [..]
       spin_lock_bh include/linux/spinlock.h:304 [inline]
       xfrm_policy_flush+0x32/0x470 net/xfrm/xfrm_policy.c:963
       xfrm_policy_fini+0xbf/0x560 net/xfrm/xfrm_policy.c:3041
       xfrm_net_init+0x79f/0x9e0 net/xfrm/xfrm_policy.c:3091
       ops_init+0x10a/0x530 net/core/net_namespace.c:115
       setup_net+0x2ed/0x690 net/core/net_namespace.c:291
       copy_net_ns+0x26c/0x530 net/core/net_namespace.c:396
       create_new_namespaces+0x409/0x860 kernel/nsproxy.c:106
       unshare_nsproxy_namespaces+0xae/0x1e0 kernel/nsproxy.c:205
       SYSC_unshare kernel/fork.c:2281 [inline]
      
      Problem is that when we get error during xfrm_net_init we will call
      xfrm_policy_fini which will acquire xfrm_policy_lock before it was
      initialized.  Just move it around so locks get set up first.
      Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Fixes: 283bc9f3 ("xfrm: Namespacify xfrm state/policy locks")
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      [bwh: Backported to 3.2: xfrm_policy_lock is an rwlock]
      6d7d4c06
  2. 02 Jul, 2017 8 commits
  3. 05 Jun, 2017 25 commits