1. 26 1月, 2018 1 次提交
    • A
      x86/mm/64: Fix vmapped stack syncing on very-large-memory 4-level systems · 5beda7d5
      Andy Lutomirski 提交于
      Neil Berrington reported a double-fault on a VM with 768GB of RAM that uses
      large amounts of vmalloc space with PTI enabled.
      
      The cause is that load_new_mm_cr3() was never fixed to take the 5-level pgd
      folding code into account, so, on a 4-level kernel, the pgd synchronization
      logic compiles away to exactly nothing.
      
      Interestingly, the problem doesn't trigger with nopti.  I assume this is
      because the kernel is mapped with global pages if we boot with nopti.  The
      sequence of operations when we create a new task is that we first load its
      mm while still running on the old stack (which crashes if the old stack is
      unmapped in the new mm unless the TLB saves us), then we call
      prepare_switch_to(), and then we switch to the new stack.
      prepare_switch_to() pokes the new stack directly, which will populate the
      mapping through vmalloc_fault().  I assume that we're getting lucky on
      non-PTI systems -- the old stack's TLB entry stays alive long enough to
      make it all the way through prepare_switch_to() and switch_to() so that we
      make it to a valid stack.
      
      Fixes: b50858ce ("x86/mm/vmalloc: Add 5-level paging support")
      Reported-and-tested-by: NNeil Berrington <neil.berrington@datacore.com>
      Signed-off-by: NAndy Lutomirski <luto@kernel.org>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
      Cc: stable@vger.kernel.org
      Cc: Dave Hansen <dave.hansen@intel.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Link: https://lkml.kernel.org/r/346541c56caed61abbe693d7d2742b4a380c5001.1516914529.git.luto@kernel.org
      5beda7d5
  2. 24 1月, 2018 5 次提交
  3. 23 1月, 2018 18 次提交
  4. 22 1月, 2018 6 次提交
  5. 21 1月, 2018 7 次提交
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha · d517bb79
      Linus Torvalds 提交于
      Pull alpha fixes from Matt Turner:
       "A build fix and a regression fix"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha:
        alpha/PCI: Fix noname IRQ level detection
        alpha: extend memset16 to EV6 optimised routines
      d517bb79
    • L
      x86: Use __nostackprotect for sme_encrypt_kernel · 91cfc88c
      Laura Abbott 提交于
      Commit bacf6b49 ("x86/mm: Use a struct to reduce parameters for SME
      PGD mapping") moved some parameters into a structure.
      
      The structure was large enough to trigger the stack protection canary in
      sme_encrypt_kernel which doesn't work this early, causing reboots.
      
      Mark sme_encrypt_kernel appropriately to not use the canary.
      
      Fixes: bacf6b49 ("x86/mm: Use a struct to reduce parameters for SME PGD mapping")
      Signed-off-by: NLaura Abbott <labbott@redhat.com>
      Cc: Tom Lendacky <thomas.lendacky@amd.com>
      Cc: Ingo Molnar <mingo@kernel.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      91cfc88c
    • L
      alpha/PCI: Fix noname IRQ level detection · 86be8993
      Lorenzo Pieralisi 提交于
      The conversion of the alpha architecture PCI host bridge legacy IRQ
      mapping/swizzling to the new PCI host bridge map/swizzle hooks carried
      out through:
      
      commit 0e4c2eeb ("alpha/PCI: Replace pci_fixup_irqs() call with
      host bridge IRQ mapping hooks")
      
      implies that IRQ for devices are now allocated through pci_assign_irq()
      function in pci_device_probe() that is called when a driver matching a
      device is found in order to probe the device through the device driver.
      
      Alpha noname platforms required IRQ level programming to be executed
      in sio_fixup_irq_levels(), that is called in noname_init_pci(), a
      platform hook called within a subsys_initcall.
      
      In noname_init_pci(), present IRQs are detected through
      sio_collect_irq_levels() that check the struct pci_dev->irq number
      to detect if an IRQ has been allocated for the device.
      
      By the time sio_collect_irq_levels() is called, some devices may still
      have not a matching driver loaded to match them (eg loadable module)
      therefore their IRQ allocation is still pending - which means that
      sio_collect_irq_levels() does not programme the correct IRQ level for
      those devices, causing their IRQ handling to be broken when the device
      driver is actually loaded and the device is probed.
      
      Fix the issue by adding code in the noname map_irq() function
      (noname_map_irq()) that, whilst mapping/swizzling the IRQ line, it also
      ensures that the correct IRQ level programming is executed at platform
      level, fixing the issue.
      
      Fixes: 0e4c2eeb ("alpha/PCI: Replace pci_fixup_irqs() call with
      host bridge IRQ mapping hooks")
      Reported-by: NMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: NLorenzo Pieralisi <lorenzo.pieralisi@arm.com>
      Cc: stable@vger.kernel.org # 4.14
      Cc: Bjorn Helgaas <bhelgaas@google.com>
      Cc: Richard Henderson <rth@twiddle.net>
      Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
      Cc: Mikulas Patocka <mpatocka@redhat.com>
      Cc: Meelis Roos <mroos@linux.ee>
      Signed-off-by: NMatt Turner <mattst88@gmail.com>
      86be8993
    • L
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 24b61240
      Linus Torvalds 提交于
      Pull KVM fixes from Radim Krčmář:
       "ARM:
         - fix incorrect huge page mappings on systems using the contiguous
           hint for hugetlbfs
         - support alternative GICv4 init sequence
         - correctly implement the ARM SMCC for HVC and SMC handling
      
        PPC:
         - add KVM IOCTL for reporting vulnerability and workaround status
      
        s390:
         - provide userspace interface for branch prediction changes in
           firmware
      
        x86:
         - use correct macros for bits"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: s390: wire up bpb feature
        KVM: PPC: Book3S: Provide information about hardware/firmware CVE workarounds
        KVM/x86: Fix wrong macro references of X86_CR0_PG_BIT and X86_CR4_PAE_BIT in kvm_valid_sregs()
        arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
        KVM: arm64: Fix GICv4 init when called from vgic_its_create
        KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2
      24b61240
    • L
      Merge tag 'mips_fixes_4.15_2' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips · e6252e7f
      Linus Torvalds 提交于
      Pull MIPS fixes from James Hogan:
       "Some final MIPS fixes for 4.15, including important build fixes and a
        MAINTAINERS update:
      
         - Add myself as MIPS co-maintainer.
      
         - Fix various all*config build failures (particularly as a result of
           switching the default MIPS platform to the "generic" platform).
      
         - Fix GCC7 build failures (duplicate const and questionable calls to
           missing __multi3 intrinsic on mips64r6).
      
         - Fix warnings when CPU Idle is enabled (4.14).
      
         - Fix AR7 serial output (since 3.17).
      
         - Fix ralink platform_get_irq error checking (since 3.12)"
      
      * tag 'mips_fixes_4.15_2' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips:
        MAINTAINERS: Add James as MIPS co-maintainer
        MIPS: Fix undefined reference to physical_memsize
        MIPS: Implement __multi3 for GCC7 MIPS64r6 builds
        MIPS: mm: Fix duplicate "const" on insn_table_MM
        MIPS: CM: Drop WARN_ON(vp != 0)
        MIPS: ralink: Fix platform_get_irq's error checking
        MIPS: Fix CPS SMP NS16550 UART defaults
        MIPS: BCM47XX Avoid compile error with MIPS allnoconfig
        MIPS: RB532: Avoid undefined mac_pton without GENERIC_NET_UTILS
        MIPS: RB532: Avoid undefined early_serial_setup() without SERIAL_8250_CONSOLE
        MIPS: ath25: Avoid undefined early_serial_setup() without SERIAL_8250_CONSOLE
        MIPS: AR7: ensure the port type's FCR value is used
      e6252e7f
    • C
      KVM: s390: wire up bpb feature · 35b3fde6
      Christian Borntraeger 提交于
      The new firmware interfaces for branch prediction behaviour changes
      are transparently available for the guest. Nevertheless, there is
      new state attached that should be migrated and properly resetted.
      Provide a mechanism for handling reset, migration and VSIE.
      Signed-off-by: NChristian Borntraeger <borntraeger@de.ibm.com>
      Reviewed-by: NDavid Hildenbrand <david@redhat.com>
      Reviewed-by: NCornelia Huck <cohuck@redhat.com>
      [Changed capability number to 152. - Radim]
      Signed-off-by: NRadim Krčmář <rkrcmar@redhat.com>
      35b3fde6
    • R
      Merge tag 'kvm-ppc-cve-4.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc · 29d24e3f
      Radim Krčmář 提交于
      Add PPC KVM ioctl to report vulnerability and workaround status to userspace.
      29d24e3f
  6. 20 1月, 2018 3 次提交
    • L
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 8dd903d2
      Linus Torvalds 提交于
      Pull SCSI fix from James Bottomley:
       "One fix for SAS attached SATA CD-ROMs. It turns out that the libata
        handling of CD devices relies on the SCSI error handler, so disable
        async aborts (which don't start the error handler) for these devices"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: libsas: Disable asynchronous aborts for SATA devices
      8dd903d2
    • L
      Merge tag 'for-4.15/dm-fixes-2' of... · 1cf55613
      Linus Torvalds 提交于
      Merge tag 'for-4.15/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
      
      Pull device mapper fixes from Mike Snitzer:
       "All fixes marked for stable:
      
         - Fix DM thinp btree corruption seen when inserting a new key/value
           pair into a full root node.
      
         - Fix DM thinp btree removal deadlock due to artificially low number
           of allowed concurrent locks allowed.
      
         - Fix possible DM crypt corruption if kernel keyring service is used.
           Only affects ciphers using following IVs: essiv, lmk and tcw.
      
         - Two DM crypt device initialization error checking fixes.
      
         - Fix DM integrity to allow use of async ciphers that require DMA"
      
      * tag 'for-4.15/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm crypt: fix error return code in crypt_ctr()
        dm crypt: wipe kernel key copy after IV initialization
        dm integrity: don't store cipher request on the stack
        dm crypt: fix crash by adding missing check for auth key size
        dm btree: fix serious bug in btree_split_beneath()
        dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6
      1cf55613
    • L
      Merge tag 'trace-v4.15-rc4-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · ec835f81
      Linus Torvalds 提交于
      Pull tracing fixes from Steven Rostedt:
       "Two more small fixes
      
         - The conversion of enums into their actual numbers to display in the
           event format file had an off-by-one bug, that could cause an enum
           not to be converted, and break user space parsing tools.
      
         - A fix to a previous fix to bring back the context recursion checks.
           The interrupt case checks for NMI, IRQ and softirq, but the softirq
           returned the same number regardless if it was set or not, although
           the logic would force it to be set if it were hit"
      
      * tag 'trace-v4.15-rc4-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        tracing: Fix converting enum's from the map in trace_event_eval_update()
        ring-buffer: Fix duplicate results in mapping context to bits in recursive lock
      ec835f81