1. 06 10月, 2018 24 次提交
  2. 05 10月, 2018 16 次提交
    • G
      Merge tag 'iommu-fixes-v4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu · b2e45b46
      Greg Kroah-Hartman 提交于
      Joerg writes:
        "IOMMU Fix for Linux v4.19-rc6
      
         One important fix:
      	- Fix a memory leak with AMD IOMMU when SME is active and a VM
      	  has assigned devices. In that case the complete guest memory
      	  will be leaked without this fix."
      
      * tag 'iommu-fixes-v4.19-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
        iommu/amd: Clear memory encryption mask from physical address
      b2e45b46
    • G
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 08b297bb
      Greg Kroah-Hartman 提交于
      Paolo writes:
        "KVM changes for 4.19-rc7
      
         x86 and PPC bugfixes, mostly introduced in 4.19-rc1."
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        kvm: nVMX: fix entry with pending interrupt if APICv is enabled
        KVM: VMX: hide flexpriority from guest when disabled at the module level
        KVM: VMX: check for existence of secondary exec controls before accessing
        KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault
        KVM: x86: fix L1TF's MMIO GFN calculation
        tools/kvm_stat: cut down decimal places in update interval dialog
        KVM: nVMX: Fix emulation of VM_ENTRY_LOAD_BNDCFGS
        KVM: x86: Do not use kvm_x86_ops->mpx_supported() directly
        KVM: nVMX: Do not expose MPX VMX controls when guest MPX disabled
        KVM: x86: never trap MSR_KERNEL_GS_BASE
      08b297bb
    • G
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 4fbeba43
      Greg Kroah-Hartman 提交于
      Herbert writes:
        "Crypto Fixes for 4.19
      
         This push fixes the following issues:
         - Out-of-bound stack access in qat.
         - Illegal schedule in mxs-dcp.
         - Memory corruption in chelsio.
         - Incorrect pointer computation in caam."
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe()
        crypto: mxs-dcp - Fix wait logic on chan threads
        crypto: chelsio - Fix memory corruption in DMA Mapped buffers.
        crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic
      4fbeba43
    • G
      Merge tag '4.19-rc6-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 · 087f759a
      Greg Kroah-Hartman 提交于
      Steve writes:
        "SMB3 fixes
      
         four small SMB3 fixes: one for stable, the others to address a more
         recent regression"
      
      * tag '4.19-rc6-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        smb3: fix lease break problem introduced by compounding
        cifs: only wake the thread for the very last PDU in a compound
        cifs: add a warning if we try to to dequeue a deleted mid
        smb2: fix missing files in root share directory listing
      087f759a
    • S
      iommu/amd: Clear memory encryption mask from physical address · b3e9b515
      Singh, Brijesh 提交于
      Boris Ostrovsky reported a memory leak with device passthrough when SME
      is active.
      
      The VFIO driver uses iommu_iova_to_phys() to get the physical address for
      an iova. This physical address is later passed into vfio_unmap_unpin() to
      unpin the memory. The vfio_unmap_unpin() uses pfn_valid() before unpinning
      the memory. The pfn_valid() check was failing because encryption mask was
      part of the physical address returned. This resulted in the memory not
      being unpinned and therefore leaked after the guest terminates.
      
      The memory encryption mask must be cleared from the physical address in
      iommu_iova_to_phys().
      
      Fixes: 2543a786 ("iommu/amd: Allow the AMD IOMMU to work with memory encryption")
      Reported-by: NBoris Ostrovsky <boris.ostrovsky@oracle.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Joerg Roedel <joro@8bytes.org>
      Cc: <iommu@lists.linux-foundation.org>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Cc: kvm@vger.kernel.org
      Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
      Cc: <stable@vger.kernel.org> # 4.14+
      Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com>
      Signed-off-by: NJoerg Roedel <jroedel@suse.de>
      b3e9b515
    • P
      Merge tag 'kvm-ppc-fixes-4.19-3' of... · cc906f07
      Paolo Bonzini 提交于
      Merge tag 'kvm-ppc-fixes-4.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc into kvm-master
      
      Third set of PPC KVM fixes for 4.19
      
      One patch here, fixing a potential host crash introduced (or at least
      exacerbated) by a previous fix for corruption relating to radix guest
      page faults and THP operations.
      cc906f07
    • G
      Merge tag 'drm-fixes-2018-10-05' of git://anongit.freedesktop.org/drm/drm · befad944
      Greg Kroah-Hartman 提交于
      Dave writes:
        "amdgpu and two core fixes
      
         Two fixes for amdgpu:
         one corrects a use of process->mm
         one fix for display code race condition that can result in a crash
      
         Two core fixes:
         One for a use-after-free in the leasing code
         One for a cma/fbdev crash."
      
      * tag 'drm-fixes-2018-10-05' of git://anongit.freedesktop.org/drm/drm:
        drm/amdkfd: Fix incorrect use of process->mm
        drm/amd/display: Signal hw_done() after waiting for flip_done()
        drm/cma-helper: Fix crash in fbdev error path
        drm: fix use-after-free read in drm_mode_create_lease_ioctl()
      befad944
    • D
      Merge branch 'drm-fixes-4.19' of git://people.freedesktop.org/~agd5f/linux into drm-fixes · bdf800c6
      Dave Airlie 提交于
      - Fix an ordering issue in DC with respect to atomic flips that could result
        in a crash
      - Fix incorrect use of process->mm in KFD
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      From: Alex Deucher <alexdeucher@gmail.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/1538668374-22334-1-git-send-email-alexander.deucher@amd.com
      bdf800c6
    • D
      Merge tag 'drm-misc-fixes-2018-10-04' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes · 3a9df1e9
      Dave Airlie 提交于
      drm-misc-fixes for v4.19-rc7:
      - Fix use-after-free in drm_mode_create_lease_ioctl()
      - Fix crash in fbdev error path.
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      
      From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/13b2c3ac-9a96-710e-ceb9-890af164f10e@linux.intel.com
      3a9df1e9
    • G
      Merge tag 'ovl-fixes-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs · 010bd965
      Greg Kroah-Hartman 提交于
      Miklos writes:
        "overlayfs fixes for 4.19-rc7
      
         This update fixes a couple of regressions in the stacked file update
         added in this cycle, as well as some older bugs uncovered by
         syzkaller.
      
         There's also one trivial naming change that touches other parts of
         the fs subsystem."
      
      * tag 'ovl-fixes-4.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
        ovl: fix format of setxattr debug
        ovl: fix access beyond unterminated strings
        ovl: make symbol 'ovl_aops' static
        vfs: swap names of {do,vfs}_clone_file_range()
        ovl: fix freeze protection bypass in ovl_clone_file_range()
        ovl: fix freeze protection bypass in ovl_write_iter()
        ovl: fix memory leak on unlink of indexed file
      010bd965
    • M
      dm cache: fix resize crash if user doesn't reload cache table · 5d07384a
      Mike Snitzer 提交于
      A reload of the cache's DM table is needed during resize because
      otherwise a crash will occur when attempting to access smq policy
      entries associated with the portion of the cache that was recently
      extended.
      
      The reason is cache-size based data structures in the policy will not be
      resized, the only way to safely extend the cache is to allow for a
      proper cache policy initialization that occurs when the cache table is
      loaded.  For example the smq policy's space_init(), init_allocator(),
      calc_hotspot_params() must be sized based on the extended cache size.
      
      The fix for this is to disallow cache resizes of this pattern:
      1) suspend "cache" target's device
      2) resize the fast device used for the cache
      3) resume "cache" target's device
      
      Instead, the last step must be a full reload of the cache's DM table.
      
      Fixes: 66a63635 ("dm cache: add stochastic-multi-queue (smq) policy")
      Cc: stable@vger.kernel.org
      Signed-off-by: NMike Snitzer <snitzer@redhat.com>
      5d07384a
    • J
      dm cache metadata: ignore hints array being too small during resize · 4561ffca
      Joe Thornber 提交于
      Commit fd2fa954 ("dm cache metadata: save in-core policy_hint_size to
      on-disk superblock") enabled previously written policy hints to be
      used after a cache is reactivated.  But in doing so the cache
      metadata's hint array was left exposed to out of bounds access because
      on resize the metadata's on-disk hint array wasn't ever extended.
      
      Fix this by ignoring that there are no on-disk hints associated with the
      newly added cache blocks.  An expanded on-disk hint array is later
      rewritten upon the next clean shutdown of the cache.
      
      Fixes: fd2fa954 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock")
      Cc: stable@vger.kernel.org
      Signed-off-by: NJoe Thornber <ejt@redhat.com>
      Signed-off-by: NMike Snitzer <snitzer@redhat.com>
      4561ffca
    • R
      PM / core: Clear the direct_complete flag on errors · 69e445ab
      Rafael J. Wysocki 提交于
      If __device_suspend() runs asynchronously (in which case the device
      passed to it is in dpm_suspended_list at that point) and it returns
      early on an error or pending wakeup, and the power.direct_complete
      flag has been set for the device already, the subsequent
      device_resume() will be confused by that and it will call
      pm_runtime_enable() incorrectly, as runtime PM has not been
      disabled for the device by __device_suspend().
      
      To avoid that, clear power.direct_complete if __device_suspend()
      is not going to disable runtime PM for the device before returning.
      
      Fixes: aae4518b (PM / sleep: Mechanism to avoid resuming runtime-suspended devices unnecessarily)
      Reported-by: NAl Cooper <alcooperx@gmail.com>
      Tested-by: NAl Cooper <alcooperx@gmail.com>
      Reviewed-by: NUlf Hansson <ulf.hansson@linaro.org>
      Cc: 3.16+ <stable@vger.kernel.org> # 3.16+
      Signed-off-by: NRafael J. Wysocki <rafael.j.wysocki@intel.com>
      69e445ab
    • G
      Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm · ac0657ed
      Greg Kroah-Hartman 提交于
      Russell writes:
        "A couple of small ARM fixes from Stefan and Thomas:
         - Adding the io_pgetevents syscall
         - Fixing a bounds check in pci_ioremap_io()"
      
      * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: 8799/1: mm: fix pci_ioremap_io() offset check
        ARM: 8787/1: wire up io_pgetevents syscall
      ac0657ed
    • G
      Merge tag 'drm-fixes-2018-10-04' of git://anongit.freedesktop.org/drm/drm · 10be83cc
      Greg Kroah-Hartman 提交于
      Dave writes:
        "drm exynos, tda9950 and intel fixes
      
         3 i915 fixes:
           compressed error handling zlib fix
           compiler warning cleanup
           and a minor code cleanup
      
         2 tda9950:
           Two fixes for the HDMI CEC
      
         1 exynos:
           A fix required for IOMMU interaction."
      
      * tag 'drm-fixes-2018-10-04' of git://anongit.freedesktop.org/drm/drm:
        drm/i915: Handle incomplete Z_FINISH for compressed error states
        drm/i915: Avoid compiler warning for maybe unused gu_misc_iir
        drm/i915: Do not redefine the has_csr parameter.
        drm/exynos: Use selected dma_dev default iommu domain instead of a fake one
        drm/i2c: tda9950: set MAX_RETRIES for errors only
        drm/i2c: tda9950: fix timeout counter check
      10be83cc
    • G
      Merge tag 'xfs-fixes-for-4.19-rc6' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · 1b0350c3
      Greg Kroah-Hartman 提交于
      Dave writes:
        "XFS fixes for 4.19-rc6
      
         Accumlated regression and bug fixes for 4.19-rc6, including:
      
         o make iomap correctly mark dirty pages for sub-page block sizes
         o fix regression in handling extent-to-btree format conversion errors
         o fix torn log wrap detection for new logs
         o various corrupt inode detection fixes
         o various delalloc state fixes
         o cleanup all the missed transaction cancel cases missed from changes merged
           in 4.19-rc1
         o fix lockdep false positive on transaction allocation
         o fix locking and reference counting on buffer log items"
      
      * tag 'xfs-fixes-for-4.19-rc6' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: fix error handling in xfs_bmap_extents_to_btree
        iomap: set page dirty after partial delalloc on mkwrite
        xfs: remove invalid log recovery first/last cycle check
        xfs: validate inode di_forkoff
        xfs: skip delalloc COW blocks in xfs_reflink_end_cow
        xfs: don't treat unknown di_flags2 as corruption in scrub
        xfs: remove duplicated include from alloc.c
        xfs: don't bring in extents in xfs_bmap_punch_delalloc_range
        xfs: fix transaction leak in xfs_reflink_allocate_cow()
        xfs: avoid lockdep false positives in xfs_trans_alloc
        xfs: refactor xfs_buf_log_item reference count handling
        xfs: clean up xfs_trans_brelse()
        xfs: don't unlock invalidated buf on aborted tx commit
        xfs: remove last of unnecessary xfs_defer_cancel() callers
        xfs: don't crash the vfs on a garbage inline symlink
      1b0350c3