1. 23 Apr, 2020 6 commits
    • Andrew Melnychenko's avatar
      tty: hvc: fix buffer overflow during hvc_alloc(). · 9a9fc42b
      Andrew Melnychenko authored
      If there is a lot(more then 16) of virtio-console devices
      or virtio_console module is reloaded
      - buffers 'vtermnos' and 'cons_ops' are overflowed.
      In older kernels it overruns spinlock which leads to kernel freezing:
      https://bugzilla.redhat.com/show_bug.cgi?id=1786239
      
      To reproduce the issue, you can try simple script that
      loads/unloads module. Something like this:
      while [ 1 ]
      do
        modprobe virtio_console
        sleep 2
        modprobe -r virtio_console
        sleep 2
      done
      
      Description of problem:
      Guest get 'Call Trace' when loading module "virtio_console"
      and unloading it frequently - clearly reproduced on kernel-4.18.0:
      
      [   81.498208] ------------[ cut here ]------------
      [   81.499263] pvqspinlock: lock 0xffffffff92080020 has corrupted value 0xc0774ca0!
      [   81.501000] WARNING: CPU: 0 PID: 785 at kernel/locking/qspinlock_paravirt.h:500 __pv_queued_spin_unlock_slowpath+0xc0/0xd0
      [   81.503173] Modules linked in: virtio_console fuse xt_CHECKSUM ipt_MASQUERADE xt_conntrack ipt_REJECT nft_counter nf_nat_tftp nft_objref nf_conntrack_tftp tun bridge stp llc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nf_tables_set nft_chain_nat_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 nft_chain_route_ipv6 nft_chain_nat_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack nft_chain_route_ipv4 ip6_tables nft_compat ip_set nf_tables nfnetlink sunrpc bochs_drm drm_vram_helper ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm i2c_piix4 pcspkr crct10dif_pclmul crc32_pclmul joydev ghash_clmulni_intel ip_tables xfs libcrc32c sd_mod sg ata_generic ata_piix virtio_net libata crc32c_intel net_failover failover serio_raw virtio_scsi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: virtio_console]
      [   81.517019] CPU: 0 PID: 785 Comm: kworker/0:2 Kdump: loaded Not tainted 4.18.0-167.el8.x86_64 #1
      [   81.518639] Hardware name: Red Hat KVM, BIOS 1.12.0-5.scrmod+el8.2.0+5159+d8aa4d83 04/01/2014
      [   81.520205] Workqueue: events control_work_handler [virtio_console]
      [   81.521354] RIP: 0010:__pv_queued_spin_unlock_slowpath+0xc0/0xd0
      [   81.522450] Code: 07 00 48 63 7a 10 e8 bf 64 f5 ff 66 90 c3 8b 05 e6 cf d6 01 85 c0 74 01 c3 8b 17 48 89 fe 48 c7 c7 38 4b 29 91 e8 3a 6c fa ff <0f> 0b c3 0f 0b 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 48
      [   81.525830] RSP: 0018:ffffb51a01ffbd70 EFLAGS: 00010282
      [   81.526798] RAX: 0000000000000000 RBX: 0000000000000010 RCX: 0000000000000000
      [   81.528110] RDX: ffff9e66f1826480 RSI: ffff9e66f1816a08 RDI: ffff9e66f1816a08
      [   81.529437] RBP: ffffffff9153ff10 R08: 000000000000026c R09: 0000000000000053
      [   81.530732] R10: 0000000000000000 R11: ffffb51a01ffbc18 R12: ffff9e66cd682200
      [   81.532133] R13: ffffffff9153ff10 R14: ffff9e6685569500 R15: ffff9e66cd682000
      [   81.533442] FS:  0000000000000000(0000) GS:ffff9e66f1800000(0000) knlGS:0000000000000000
      [   81.534914] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [   81.535971] CR2: 00005624c55b14d0 CR3: 00000003a023c000 CR4: 00000000003406f0
      [   81.537283] Call Trace:
      [   81.537763]  __raw_callee_save___pv_queued_spin_unlock_slowpath+0x11/0x20
      [   81.539011]  .slowpath+0x9/0xe
      [   81.539585]  hvc_alloc+0x25e/0x300
      [   81.540237]  init_port_console+0x28/0x100 [virtio_console]
      [   81.541251]  handle_control_message.constprop.27+0x1c4/0x310 [virtio_console]
      [   81.542546]  control_work_handler+0x70/0x10c [virtio_console]
      [   81.543601]  process_one_work+0x1a7/0x3b0
      [   81.544356]  worker_thread+0x30/0x390
      [   81.545025]  ? create_worker+0x1a0/0x1a0
      [   81.545749]  kthread+0x112/0x130
      [   81.546358]  ? kthread_flush_work_fn+0x10/0x10
      [   81.547183]  ret_from_fork+0x22/0x40
      [   81.547842] ---[ end trace aa97649bd16c8655 ]---
      [   83.546539] general protection fault: 0000 [#1] SMP NOPTI
      [   83.547422] CPU: 5 PID: 3225 Comm: modprobe Kdump: loaded Tainted: G        W        --------- -  - 4.18.0-167.el8.x86_64 #1
      [   83.549191] Hardware name: Red Hat KVM, BIOS 1.12.0-5.scrmod+el8.2.0+5159+d8aa4d83 04/01/2014
      [   83.550544] RIP: 0010:__pv_queued_spin_lock_slowpath+0x19a/0x2a0
      [   83.551504] Code: c4 c1 ea 12 41 be 01 00 00 00 4c 8d 6d 14 41 83 e4 03 8d 42 ff 49 c1 e4 05 48 98 49 81 c4 40 a5 02 00 4c 03 24 c5 60 48 34 91 <49> 89 2c 24 b8 00 80 00 00 eb 15 84 c0 75 0a 41 0f b6 54 24 14 84
      [   83.554449] RSP: 0018:ffffb51a0323fdb0 EFLAGS: 00010202
      [   83.555290] RAX: 000000000000301c RBX: ffffffff92080020 RCX: 0000000000000001
      [   83.556426] RDX: 000000000000301d RSI: 0000000000000000 RDI: 0000000000000000
      [   83.557556] RBP: ffff9e66f196a540 R08: 000000000000028a R09: ffff9e66d2757788
      [   83.558688] R10: 0000000000000000 R11: 0000000000000000 R12: 646e61725f770b07
      [   83.559821] R13: ffff9e66f196a554 R14: 0000000000000001 R15: 0000000000180000
      [   83.560958] FS:  00007fd5032e8740(0000) GS:ffff9e66f1940000(0000) knlGS:0000000000000000
      [   83.562233] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [   83.563149] CR2: 00007fd5022b0da0 CR3: 000000038c334000 CR4: 00000000003406e0
      Signed-off-by: default avatarAndrew Melnychenko <andrew@daynix.com>
      Cc: stable <stable@vger.kernel.org>
      Link: https://lore.kernel.org/r/20200414191503.3471783-1-andrew@daynix.comSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      9a9fc42b
    • Jiri Slaby's avatar
      tty: rocket, avoid OOB access · 7127d243
      Jiri Slaby authored
      init_r_port can access pc104 array out of bounds. pc104 is a 2D array
      defined to have 4 members. Each member has 8 submembers.
      * we can have more than 4 (PCI) boards, i.e. [board] can be OOB
      * line is not modulo-ed by anything, so the first line on the second
        board can be 4, on the 3rd 12 or alike (depending on previously
        registered boards). It's zero only on the first line of the first
        board. So even [line] can be OOB, quite soon (with the 2nd registered
        board already).
      
      This code is broken for ages, so just avoid the OOB accesses and don't
      try to fix it as we would need to find out the correct line number. Use
      the default: RS232, if we are out.
      
      Generally, if anyone needs to set the interface types, a module parameter
      is past the last thing that should be used for this purpose. The
      parameters' description says it's for ISA cards anyway.
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      Cc: stable <stable@vger.kernel.org>
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Link: https://lore.kernel.org/r/20200417105959.15201-2-jslaby@suse.czSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7127d243
    • Zou Wei's avatar
      tty: serial: bcm63xx: fix missing clk_put() in bcm63xx_uart · 580d952e
      Zou Wei authored
      This patch fixes below error reported by coccicheck
      
      drivers/tty/serial/bcm63xx_uart.c:848:2-8: ERROR: missing clk_put;
      clk_get on line 842 and execution via conditional on line 846
      
      Fixes: ab4382d2 ("tty: move drivers/serial/ to drivers/tty/serial/")
      Reported-by: default avatarHulk Robot <hulkci@huawei.com>
      Signed-off-by: default avatarZou Wei <zou_wei@huawei.com>
      Cc: stable <stable@vger.kernel.org>
      Link: https://lore.kernel.org/r/1587472306-105155-1-git-send-email-zou_wei@huawei.comSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      580d952e
    • Nicolas Pitre's avatar
      vt: don't hardcode the mem allocation upper bound · 2717769e
      Nicolas Pitre authored
      The code in vc_do_resize() bounds the memory allocation size to avoid
      exceeding MAX_ORDER down the kzalloc() call chain and generating a
      runtime warning triggerable from user space. However, not only is it
      unwise to use a literal value here, but MAX_ORDER may also be
      configurable based on CONFIG_FORCE_MAX_ZONEORDER.
      Let's use KMALLOC_MAX_SIZE instead.
      
      Note that prior commit bb1107f7 ("mm, slab: make sure that
      KMALLOC_MAX_SIZE will fit into MAX_ORDER") the KMALLOC_MAX_SIZE value
      could not be relied upon.
      Signed-off-by: default avatarNicolas Pitre <nico@fluxnic.net>
      Cc: <stable@vger.kernel.org> # v4.10+
      
      Link: https://lore.kernel.org/r/nycvar.YSQ.7.76.2003281702410.2671@knanqh.ubzrSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2717769e
    • Amit Singh Tomar's avatar
      tty: serial: owl: add "much needed" clk_prepare_enable() · abf42d2f
      Amit Singh Tomar authored
      commit 8ba92cf5 ("arm64: dts: actions: s700: Add Clock Management Unit")
      breaks the UART on Cubieboard7-lite (based on S700 SoC), This is due to the
      fact that generic clk routine clk_disable_unused() disables the gate clks,
      and that in turns disables OWL UART (but UART driver never enables it). To
      prove this theory, Andre suggested to use "clk_ignore_unused" in kernel
      commnd line and it worked (Kernel happily lands into RAMFS world :)).
      
      This commit fix this up by adding clk_prepare_enable().
      
      Fixes: 8ba92cf5 ("arm64: dts: actions: s700: Add Clock Management Unit")
      Signed-off-by: default avatarAmit Singh Tomar <amittomer25@gmail.com>
      Cc: stable <stable@vger.kernel.org>
      Link: https://lore.kernel.org/r/1587067917-1400-1-git-send-email-amittomer25@gmail.comSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      abf42d2f
    • Nicolas Pitre's avatar
      vt: don't use kmalloc() for the unicode screen buffer · 9a98e7a8
      Nicolas Pitre authored
      Even if the actual screen size is bounded in vc_do_resize(), the unicode
      buffer is still a little more than twice the size of the glyph buffer
      and may exceed MAX_ORDER down the kmalloc() path. This can be triggered
      from user space.
      
      Since there is no point having a physically contiguous buffer here,
      let's avoid the above issue as well as reducing pressure on high order
      allocations by using vmalloc() instead.
      Signed-off-by: default avatarNicolas Pitre <nico@fluxnic.net>
      Cc: <stable@vger.kernel.org>
      Acked-by: default avatarSam Ravnborg <sam@ravnborg.org>
      Link: https://lore.kernel.org/r/nycvar.YSQ.7.76.2003282214210.2671@knanqh.ubzrSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      9a98e7a8
  2. 20 Apr, 2020 1 commit
  3. 16 Apr, 2020 9 commits
  4. 12 Apr, 2020 10 commits
    • Linus Torvalds's avatar
      Linux 5.7-rc1 · 8f3d9f35
      Linus Torvalds authored
      8f3d9f35
    • Linus Torvalds's avatar
      MAINTAINERS: sort field names for all entries · 3b50142d
      Linus Torvalds authored
      This sorts the actual field names too, potentially causing even more
      chaos and confusion at merge time if you have edited the MAINTAINERS
      file.  But the end result is a more consistent layout, and hopefully
      it's a one-time pain minimized by doing this just before the -rc1
      release.
      
      This was entirely scripted:
      
        ./scripts/parse-maintainers.pl --input=MAINTAINERS --output=MAINTAINERS --order
      Requested-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3b50142d
    • Linus Torvalds's avatar
      MAINTAINERS: sort entries by entry name · 4400b7d6
      Linus Torvalds authored
      They are all supposed to be sorted, but people who add new entries don't
      always know the alphabet.  Plus sometimes the entry names get edited,
      and people don't then re-order the entry.
      
      Let's see how painful this will be for merging purposes (the MAINTAINERS
      file is often edited in various different trees), but Joe claims there's
      relatively few patches in -next that touch this, and doing it just
      before -rc1 is likely the best time.  Fingers crossed.
      
      This was scripted with
      
        /scripts/parse-maintainers.pl --input=MAINTAINERS --output=MAINTAINERS
      
      but then I also ended up manually upper-casing a few entry names that
      stood out when looking at the end result.
      Requested-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4400b7d6
    • Linus Torvalds's avatar
      Merge tag 'x86-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 4f8a3cc1
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
       "A set of three patches to fix the fallout of the newly added split
        lock detection feature.
      
        It addressed the case where a KVM guest triggers a split lock #AC and
        KVM reinjects it into the guest which is not prepared to handle it.
      
        Add proper sanity checks which prevent the unconditional injection
        into the guest and handles the #AC on the host side in the same way as
        user space detections are handled. Depending on the detection mode it
        either warns and disables detection for the task or kills the task if
        the mode is set to fatal"
      
      * tag 'x86-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        KVM: VMX: Extend VMXs #AC interceptor to handle split lock #AC in guest
        KVM: x86: Emulate split-lock access as a write in emulator
        x86/split_lock: Provide handle_guest_split_lock()
      4f8a3cc1
    • Linus Torvalds's avatar
      Merge tag 'timers-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 0785249f
      Linus Torvalds authored
      Pull time(keeping) updates from Thomas Gleixner:
      
       - Fix the time_for_children symlink in /proc/$PID/ so it properly
         reflects that it part of the 'time' namespace
      
       - Add the missing userns limit for the allowed number of time
         namespaces, which was half defined but the actual array member was
         not added. This went unnoticed as the array has an exessive empty
         member at the end but introduced a user visible regression as the
         output was corrupted.
      
       - Prevent further silent ucount corruption by adding a BUILD_BUG_ON()
         to catch half updated data.
      
      * tag 'timers-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        ucount: Make sure ucounts in /proc/sys/user don't regress again
        time/namespace: Add max_time_namespaces ucount
        time/namespace: Fix time_for_children symlink
      0785249f
    • Linus Torvalds's avatar
      Merge tag 'sched-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 590680d1
      Linus Torvalds authored
      Pull scheduler fixes/updates from Thomas Gleixner:
      
       - Deduplicate the average computations in the scheduler core and the
         fair class code.
      
       - Fix a raise between runtime distribution and assignement which can
         cause exceeding the quota by up to 70%.
      
       - Prevent negative results in the imbalanace calculation
      
       - Remove a stale warning in the workqueue code which can be triggered
         since the call site was moved out of preempt disabled code. It's a
         false positive.
      
       - Deduplicate the print macros for procfs
      
       - Add the ucmap values to the SCHED_DEBUG procfs output for completness
      
      * tag 'sched-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/debug: Add task uclamp values to SCHED_DEBUG procfs
        sched/debug: Factor out printing formats into common macros
        sched/debug: Remove redundant macro define
        sched/core: Remove unused rq::last_load_update_tick
        workqueue: Remove the warning in wq_worker_sleeping()
        sched/fair: Fix negative imbalance in imbalance calculation
        sched/fair: Fix race between runtime distribution and assignment
        sched/fair: Align rq->avg_idle and rq->avg_scan_cost
      590680d1
    • Linus Torvalds's avatar
      Merge tag 'perf-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 20e2aa81
      Linus Torvalds authored
      Pull perf fixes from Thomas Gleixner:
       "Three fixes/updates for perf:
      
         - Fix the perf event cgroup tracking which tries to track the cgroup
           even for disabled events.
      
         - Add Ice Lake server support for uncore events
      
         - Disable pagefaults when retrieving the physical address in the
           sampling code"
      
      * tag 'perf-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/core: Disable page faults when getting phys address
        perf/x86/intel/uncore: Add Ice Lake server uncore support
        perf/cgroup: Correct indirection in perf_less_group_idx()
        perf/core: Fix event cgroup tracking
      20e2aa81
    • Linus Torvalds's avatar
      Merge tag 'locking-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 652fa53c
      Linus Torvalds authored
      Pull locking fixes from Thomas Gleixner:
       "Three small fixes/updates for the locking core code:
      
         - Plug a task struct reference leak in the percpu rswem
           implementation.
      
         - Document the refcount interaction with PID_MAX_LIMIT
      
         - Improve the 'invalid wait context' data dump in lockdep so it
           contains all information which is required to decode the problem"
      
      * tag 'locking-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        locking/lockdep: Improve 'invalid wait context' splat
        locking/refcount: Document interaction with PID_MAX_LIMIT
        locking/percpu-rwsem: Fix a task_struct refcount
      652fa53c
    • Linus Torvalds's avatar
      Merge tag '5.7-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6 · 4119bf9f
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Ten cifs/smb fixes:
      
         - five RDMA (smbdirect) related fixes
      
         - add experimental support for swap over SMB3 mounts
      
         - also a fix which improves performance of signed connections"
      
      * tag '5.7-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6:
        smb3: enable swap on SMB3 mounts
        smb3: change noisy error message to FYI
        smb3: smbdirect support can be configured by default
        cifs: smbd: Do not schedule work to send immediate packet on every receive
        cifs: smbd: Properly process errors on ib_post_send
        cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets
        cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending
        cifs: smbd: Check send queue size before posting a send
        cifs: smbd: Merge code to track pending packets
        cifs: ignore cached share root handle closing errors
      4119bf9f
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-5.7-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · 50bda5fa
      Linus Torvalds authored
      Pull NFS client bugfix from Trond Myklebust:
       "Fix an RCU read lock leakage in pnfs_alloc_ds_commits_list()"
      
      * tag 'nfs-for-5.7-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        pNFS: Fix RCU lock leakage
      50bda5fa
  5. 11 Apr, 2020 14 commits