1. 05 Oct, 2018 8 commits
    • Mike Kravetz's avatar
      mm: migration: fix migration of huge PMD shared pages · 017b1660
      Mike Kravetz authored
      The page migration code employs try_to_unmap() to try and unmap the source
      page.  This is accomplished by using rmap_walk to find all vmas where the
      page is mapped.  This search stops when page mapcount is zero.  For shared
      PMD huge pages, the page map count is always 1 no matter the number of
      mappings.  Shared mappings are tracked via the reference count of the PMD
      page.  Therefore, try_to_unmap stops prematurely and does not completely
      unmap all mappings of the source page.
      
      This problem can result is data corruption as writes to the original
      source page can happen after contents of the page are copied to the target
      page.  Hence, data is lost.
      
      This problem was originally seen as DB corruption of shared global areas
      after a huge page was soft offlined due to ECC memory errors.  DB
      developers noticed they could reproduce the issue by (hotplug) offlining
      memory used to back huge pages.  A simple testcase can reproduce the
      problem by creating a shared PMD mapping (note that this must be at least
      PUD_SIZE in size and PUD_SIZE aligned (1GB on x86)), and using
      migrate_pages() to migrate process pages between nodes while continually
      writing to the huge pages being migrated.
      
      To fix, have the try_to_unmap_one routine check for huge PMD sharing by
      calling huge_pmd_unshare for hugetlbfs huge pages.  If it is a shared
      mapping it will be 'unshared' which removes the page table entry and drops
      the reference on the PMD page.  After this, flush caches and TLB.
      
      mmu notifiers are called before locking page tables, but we can not be
      sure of PMD sharing until page tables are locked.  Therefore, check for
      the possibility of PMD sharing before locking so that notifiers can
      prepare for the worst possible case.
      
      Link: http://lkml.kernel.org/r/20180823205917.16297-2-mike.kravetz@oracle.com
      [mike.kravetz@oracle.com: make _range_in_vma() a static inline]
        Link: http://lkml.kernel.org/r/6063f215-a5c8-2f0c-465a-2c515ddc952d@oracle.com
      Fixes: 39dde65c ("shared page table for hugetlb page")
      Signed-off-by: default avatarMike Kravetz <mike.kravetz@oracle.com>
      Acked-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Reviewed-by: default avatarNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Acked-by: default avatarMichal Hocko <mhocko@suse.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: Davidlohr Bueso <dave@stgolabs.net>
      Cc: Jerome Glisse <jglisse@redhat.com>
      Cc: Mike Kravetz <mike.kravetz@oracle.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      017b1660
    • Greg Kroah-Hartman's avatar
      Merge tag 'iommu-fixes-v4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu · b2e45b46
      Greg Kroah-Hartman authored
      Joerg writes:
        "IOMMU Fix for Linux v4.19-rc6
      
         One important fix:
      	- Fix a memory leak with AMD IOMMU when SME is active and a VM
      	  has assigned devices. In that case the complete guest memory
      	  will be leaked without this fix."
      
      * tag 'iommu-fixes-v4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
        iommu/amd: Clear memory encryption mask from physical address
      b2e45b46
    • Greg Kroah-Hartman's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 08b297bb
      Greg Kroah-Hartman authored
      Paolo writes:
        "KVM changes for 4.19-rc7
      
         x86 and PPC bugfixes, mostly introduced in 4.19-rc1."
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        kvm: nVMX: fix entry with pending interrupt if APICv is enabled
        KVM: VMX: hide flexpriority from guest when disabled at the module level
        KVM: VMX: check for existence of secondary exec controls before accessing
        KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault
        KVM: x86: fix L1TF's MMIO GFN calculation
        tools/kvm_stat: cut down decimal places in update interval dialog
        KVM: nVMX: Fix emulation of VM_ENTRY_LOAD_BNDCFGS
        KVM: x86: Do not use kvm_x86_ops->mpx_supported() directly
        KVM: nVMX: Do not expose MPX VMX controls when guest MPX disabled
        KVM: x86: never trap MSR_KERNEL_GS_BASE
      08b297bb
    • Greg Kroah-Hartman's avatar
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 4fbeba43
      Greg Kroah-Hartman authored
      Herbert writes:
        "Crypto Fixes for 4.19
      
         This push fixes the following issues:
         - Out-of-bound stack access in qat.
         - Illegal schedule in mxs-dcp.
         - Memory corruption in chelsio.
         - Incorrect pointer computation in caam."
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe()
        crypto: mxs-dcp - Fix wait logic on chan threads
        crypto: chelsio - Fix memory corruption in DMA Mapped buffers.
        crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic
      4fbeba43
    • Greg Kroah-Hartman's avatar
      Merge tag '4.19-rc6-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 · 087f759a
      Greg Kroah-Hartman authored
      Steve writes:
        "SMB3 fixes
      
         four small SMB3 fixes: one for stable, the others to address a more
         recent regression"
      
      * tag '4.19-rc6-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        smb3: fix lease break problem introduced by compounding
        cifs: only wake the thread for the very last PDU in a compound
        cifs: add a warning if we try to to dequeue a deleted mid
        smb2: fix missing files in root share directory listing
      087f759a
    • Singh, Brijesh's avatar
      iommu/amd: Clear memory encryption mask from physical address · b3e9b515
      Singh, Brijesh authored
      Boris Ostrovsky reported a memory leak with device passthrough when SME
      is active.
      
      The VFIO driver uses iommu_iova_to_phys() to get the physical address for
      an iova. This physical address is later passed into vfio_unmap_unpin() to
      unpin the memory. The vfio_unmap_unpin() uses pfn_valid() before unpinning
      the memory. The pfn_valid() check was failing because encryption mask was
      part of the physical address returned. This resulted in the memory not
      being unpinned and therefore leaked after the guest terminates.
      
      The memory encryption mask must be cleared from the physical address in
      iommu_iova_to_phys().
      
      Fixes: 2543a786 ("iommu/amd: Allow the AMD IOMMU to work with memory encryption")
      Reported-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Joerg Roedel <joro@8bytes.org>
      Cc: <iommu@lists.linux-foundation.org>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Cc: kvm@vger.kernel.org
      Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
      Cc: <stable@vger.kernel.org> # 4.14+
      Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      Signed-off-by: default avatarJoerg Roedel <jroedel@suse.de>
      b3e9b515
    • Paolo Bonzini's avatar
      Merge tag 'kvm-ppc-fixes-4.19-3' of... · cc906f07
      Paolo Bonzini authored
      Merge tag 'kvm-ppc-fixes-4.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc into kvm-master
      
      Third set of PPC KVM fixes for 4.19
      
      One patch here, fixing a potential host crash introduced (or at least
      exacerbated) by a previous fix for corruption relating to radix guest
      page faults and THP operations.
      cc906f07
    • Greg Kroah-Hartman's avatar
      Merge tag 'drm-fixes-2018-10-05' of git://anongit.freedesktop.org/drm/drm · befad944
      Greg Kroah-Hartman authored
      Dave writes:
        "amdgpu and two core fixes
      
         Two fixes for amdgpu:
         one corrects a use of process->mm
         one fix for display code race condition that can result in a crash
      
         Two core fixes:
         One for a use-after-free in the leasing code
         One for a cma/fbdev crash."
      
      * tag 'drm-fixes-2018-10-05' of git://anongit.freedesktop.org/drm/drm:
        drm/amdkfd: Fix incorrect use of process->mm
        drm/amd/display: Signal hw_done() after waiting for flip_done()
        drm/cma-helper: Fix crash in fbdev error path
        drm: fix use-after-free read in drm_mode_create_lease_ioctl()
      befad944
  2. 04 Oct, 2018 17 commits
  3. 03 Oct, 2018 15 commits