debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

Update to 4.14.7 

Drop patches applied upstream, and fix a few conflicts.
This commit is contained in:
Ben Hutchings 2017-12-20 18:40:37 +00:00
parent a865f2fdb7
commit 9e0441b20a
12 changed files with 550 additions and 1138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

503
debian/changelog vendored
View File

@ -1,4 +1,505 @@
linux (4.14.2-2) UNRELEASED; urgency=medium
linux (4.14.7-1) UNRELEASED; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3
- [s390x] fix transactional execution control register handling
- [s390x] noexec: execute kexec datamover without DAT
- [s390x] runtime instrumention: fix possible memory corruption
- [s390x] guarded storage: fix possible memory corruption
- [s390x] disassembler: add missing end marker for e7 table
- [s390x] disassembler: increase show_code buffer size
- ACPI / PM: Fix acpi_pm_notifier_lock vs flush_workqueue() deadlock
- ACPI / EC: Fix regression related to triggering source of EC event
handling
- cpufreq: schedutil: Reset cached_raw_freq when not in sync with next_freq
- serdev: fix registration of second slave
- sched: Make resched_cpu() unconditional
- lib/mpi: call cond_resched() from mpi_powm() loop
- [x86] boot: Fix boot failure when SMP MP-table is based at 0
- [x86] decoder: Add new TEST instruction pattern
- [amd64] entry: Fix entry_SYSCALL_64_after_hwframe() IRQ tracing
- [x86] perf: intel: Hide TSX events when RTM is not supported
- [arm64] Implement arch-specific pte_access_permitted()
- [armhf/armmp-lpae] 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE
- [armhf/armmp-lpae] 8721/1: mm: dump: check hardware RO bit for LPAE
- uapi: fix linux/tls.h userspace compilation error
- uapi: fix linux/rxrpc.h userspace compilation errors
- [mips*/4kc-malta] cmpxchg64() and HAVE_VIRT_CPU_ACCOUNTING_GEN don't work
for 32-bit SMP
- [armhf,arm64] net: mvneta: fix handling of the Tx descriptor counter
- nbd: wait uninterruptible for the dead timeout
- nbd: don't start req until after the dead connection logic
- PM / OPP: Add missing of_node_put(np)
- PCI/ASPM: Account for downstream device's Port Common_Mode_Restore_Time
- PCI/ASPM: Use correct capability pointer to program LTR_L1.2_THRESHOLD
- [x86] PCI: hv: Use effective affinity mask
- [arm64] PCI: Set Cavium ACS capability quirk flags to assert RR/CR/SV/UF
- [arm64] PCI: Apply Cavium ThunderX ACS quirk to more Root Ports
- dm integrity: allow unaligned bv_offset
- dm cache: fix race condition in the writeback mode overwrite_bio
optimisation
- dm crypt: allow unaligned bv_offset
- dm zoned: ignore last smaller runt zone
- dm mpath: remove annoying message of 'blk_get_request() returned -11'
- dm bufio: fix integer overflow when limiting maximum cache size
- ovl: Put upperdentry if ovl_check_origin() fails
- dm: allocate struct mapped_device with kvzalloc
- sched/rt: Simplify the IPI based RT balancing logic
- dm: fix race between dm_get_from_kobject() and __dm_destroy()
- dm: discard support requires all targets in a table support discards
- [mips*] Fix odd fp register warnings with MIPS64r2
- [mips*/4kc-malta] Fix MIPS64 FP save/restore on 32-bit kernels
- [mips*] dts: remove bogus bcm96358nb4ser.dtb from dtb-y entry
- [mips*] Fix an n32 core file generation regset support regression
- [mips*] math-emu: Fix final emulation phase for certain instructions
- rt2x00usb: mark device removed when get ENOENT usb error
- mm/z3fold.c: use kref to prevent page free/compact race
- autofs: don't fail mount for transient error
- nilfs2: fix race condition that causes file system corruption
- fscrypt: lock mutex before checking for bounce page pool
- eCryptfs: use after free in ecryptfs_release_messaging()
- libceph: don't WARN() if user tries to add invalid key
- bcache: check ca->alloc_thread initialized before wake up it
- fs: guard_bio_eod() needs to consider partitions
- fanotify: fix fsnotify_prepare_user_wait() failure
- isofs: fix timestamps beyond 2027
- btrfs: change how we decide to commit transactions during flushing
- f2fs: expose some sectors to user in inline data or dentry case
- NFS: Fix typo in nomigration mount option
- NFS: Revert "NFS: Move the flock open mode check into nfs_flock()"
- nfs: Fix ugly referral attributes
- NFS: Avoid RCU usage in tracepoints
- NFS: revalidate "." etc correctly on "open".
- nfsd: deal with revoked delegations appropriately
- rtlwifi: rtl8192ee: Fix memory leak when loading firmware
- rtlwifi: fix uninitialized rtlhal->last_suspend_sec time
- iwlwifi: fix firmware names for 9000 and A000 series hw
- md: fix deadlock error in recent patch.
- md: don't check MD_SB_CHANGE_CLEAN in md_allow_write
- Bluetooth: btqcomsmd: Add support for BD address setup
- md/bitmap: revert a patch
- fsnotify: clean up fsnotify_prepare/finish_user_wait()
- fsnotify: pin both inode and vfsmount mark
- fsnotify: fix pinning group in fsnotify_prepare_user_wait()
- ata: fixes kernel crash while tracing ata_eh_link_autopsy event
- ext4: fix interaction between i_size, fallocate, and delalloc after a
crash
- ext4: prevent data corruption with inline data + DAX
- ext4: prevent data corruption with journaling + DAX
- ALSA: pcm: update tstamp only if audio_tstamp changed
- ALSA: usb-audio: Add sanity checks to FE parser
- ALSA: usb-audio: Fix potential out-of-bound access at parsing SU
- ALSA: usb-audio: Add sanity checks in v2 clock parsers
- ALSA: timer: Remove kernel warning at compat ioctl error paths
- ALSA: hda/realtek - Fix ALC275 no sound issue
- ALSA: hda: Fix too short HDMI/DP chmap reporting
- ALSA: hda - Fix yet remaining issue with vmaster 0dB initialization
- ALSA: hda/realtek - Fix ALC700 family no sound issue
- [x86] mfd: lpc_ich: Avoton/Rangeley uses SPI_BYT method
- fix a page leak in vhost_scsi_iov_to_sgl() error recovery
- 9p: Fix missing commas in mount options
- fs/9p: Compare qid.path in v9fs_test_inode
- net/9p: Switch to wait_event_killable()
- scsi: qla2xxx: Suppress a kernel complaint in qla_init_base_qpair()
- scsi: sd_zbc: Fix sd_zbc_read_zoned_characteristics()
- scsi: lpfc: fix pci hot plug crash in timer management routines
- scsi: lpfc: fix pci hot plug crash in list_add call
- scsi: lpfc: Fix crash receiving ELS while detaching driver
- scsi: lpfc: Fix FCP hba_wqidx assignment
- scsi: lpfc: Fix oops if nvmet_fc_register_targetport fails
- iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
- iscsi-target: Fix non-immediate TMR reference leak
- target: fix null pointer regression in core_tmr_drain_tmr_list
- target: fix buffer offset in core_scsi3_pri_read_full_status
- target: Fix QUEUE_FULL + SCSI task attribute handling
- target: Fix caw_sem leak in transport_generic_request_failure
- target: Fix quiese during transport_write_pending_qf endless loop
- target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
- mtd: Avoid probe failures when mtd->dbg.dfs_dir is invalid
- mtd: nand: atmel: Actually use the PM ops
- mtd: nand: omap2: Fix subpage write
- mtd: nand: Fix writing mtdoops to nand flash.
- mtd: nand: mtk: fix infinite ECC decode IRQ issue
- p54: don't unregister leds when they are not initialized
- block: Fix a race between blk_cleanup_queue() and timeout handling
- raid1: prevent freeze_array/wait_all_barriers deadlock
- genirq: Track whether the trigger type has been set
- [armhf,arm64] irqchip/gic-v3: Fix ppi-partitions lookup
- lockd: double unregister of inetaddr notifiers
- [powerpc*] KVM: Book3S HV: Don't call real-mode XICS hypercall handlers
if not enabled
- [x86] KVM: nVMX: set IDTR and GDTR limits when loading L1 host state
- [x86] KVM: SVM: obey guest PAT
- [x86] kvm: vmx: Reinstate support for CPUs without virtual NMI
(Closes: #884482)
- dax: fix PMD faults on zero-length files
- dax: fix general protection fault in dax_alloc_inode
- SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status
- [armhf] clk: ti: dra7-atl-clock: fix child-node lookups
- libnvdimm, dimm: clear 'locked' status on successful DIMM enable
- libnvdimm, pfn: make 'resource' attribute only readable by root
- libnvdimm, namespace: fix label initialization to use valid seq numbers
- libnvdimm, region : make 'resource' attribute only readable by root
- libnvdimm, namespace: make 'resource' attribute only readable by root
- svcrdma: Preserve CB send buffer across retransmits
- IB/srpt: Do not accept invalid initiator port names
- IB/cm: Fix memory corruption in handling CM request
- IB/hfi1: Fix incorrect available receive user context count
- IB/srp: Avoid that a cable pull can trigger a kernel crash
- IB/core: Avoid crash on pkey enforcement failed in received MADs
- IB/core: Only maintain real QPs in the security lists
- NFC: fix device-allocation error return
- spi-nor: intel-spi: Fix broken software sequencing codes
- fm10k,i40e,i40evf,igb,igbvf,ixgbe,ixgbevf: Use smp_rmb rather than
read_barrier_depends
- [hppa] Fix validity check of pointer size argument in new CAS
implementation
- [powerpc*] Fix boot on BOOK3S_32 with CONFIG_STRICT_KERNEL_RWX
- [powerpc*] mm/radix: Fix crashes on Power9 DD1 with radix MMU and
STRICT_RWX
- [powerpc*] perf/imc: Use cpu_to_node() not topology_physical_package_id()
- [powerpc*] signal: Properly handle return value from uprobe_deny_signal()
- [powerpc*] 64s: Fix masking of SRR1 bits on instruction fault
- [powerpc*] 64s/radix: Fix 128TB-512TB virtual address boundary case
allocation
- [powerpc*] 64s/hash: Fix 512T hint detection to use >= 128T
- [powerpc*] 64s/hash: Fix 128TB-512TB virtual address boundary case
allocation
- [powerpc*] 64s/hash: Fix fork() with 512TB process address space
- [powerpc*] 64s/hash: Allow MAP_FIXED allocations to cross 128TB boundary
- media: Don't do DMA on stack for firmware upload in the AS102 driver
- media: rc: check for integer overflow
- media: rc: nec decoder should not send both repeat and keycode
- media: v4l2-ctrl: Fix flags field on Control events
- [arm64] media: venus: fix wrong size on dma_free
- [arm64] media: venus: venc: fix bytesused v4l2_plane field
- [arm64] media: venus: reimplement decoder stop command
- [arm64] dts: meson-gxl: Add alternate ARM Trusted Firmware reserved
memory zone
- iwlwifi: fix wrong struct for a000 device
- iwlwifi: fix PCI IDs and configuration mapping for 9000 series
- iwlwifi: mvm: support version 7 of the SCAN_REQ_UMAC FW command
- e1000e: Fix error path in link detection
- e1000e: Fix return value test
- e1000e: Separate signaling for link check/link up
- e1000e: Avoid receiver overrun interrupt bursts
- e1000e: fix buffer overrun while the I219 is processing DMA transactions
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4
- [x86]: platform: hp-wmi: Fix tablet mode detection for convertibles
- mm, memory_hotplug: do not back off draining pcp free pages from kworker
context
- mm, oom_reaper: gather each vma to prevent leaking TLB entry
- [armhf,arm64] mm/cma: fix alloc_contig_range ret code/potential leak
- mm: fix device-dax pud write-faults triggered by get_user_pages()
- mm, hugetlbfs: introduce ->split() to vm_operations_struct
- device-dax: implement ->split() to catch invalid munmap attempts
- mm: introduce get_user_pages_longterm
- mm: fail get_vaddr_frames() for filesystem-dax mappings
- v4l2: disable filesystem-dax mapping support
- IB/core: disable memory registration of filesystem-dax vmas
- exec: avoid RLIMIT_STACK races with prlimit()
- mm/madvise.c: fix madvise() infinite loop under special circumstances
- mm: migrate: fix an incorrect call of prep_transhuge_page()
- mm, memcg: fix mem_cgroup_swapout() for THPs
- fs/fat/inode.c: fix sb_rdonly() change
- autofs: revert "autofs: take more care to not update last_used on path
walk"
- autofs: revert "autofs: fix AT_NO_AUTOMOUNT not being honored"
- mm/hugetlb: fix NULL-pointer dereference on 5-level paging machine
- btrfs: clear space cache inode generation always
- nfsd: Fix stateid races between OPEN and CLOSE
- nfsd: Fix another OPEN stateid race
- nfsd: fix panic in posix_unblock_lock called from nfs4_laundromat
- crypto: algif_aead - skip SGL entries with NULL page
- crypto: af_alg - remove locking in async callback
- crypto: skcipher - Fix skcipher_walk_aead_common
- lockd: lost rollback of set_grace_period() in lockd_down_net()
- [s390x] revert ELF_ET_DYN_BASE base changes
- [armhf] drm: omapdrm: Fix DPI on platforms using the DSI VDDS
- [armhf] omapdrm: hdmi4: Correct the SoC revision matching
- [arm64] module-plts: factor out PLT generation code for ftrace
- [arm64] ftrace: emit ftrace-mod.o contents through code
- [powerpc*] powernv: Fix kexec crashes caused by tlbie tracing
- [powerpc*] kexec: Fix kexec/kdump in P9 guest kernels
- [x86] KVM: pvclock: Handle first-time write to pvclock-page contains
random junk
- [x86] KVM: Exit to user-mode on #UD intercept when emulator requires
- [x86] KVM: inject exceptions produced by x86_decode_insn
- [x86] KVM: lapic: Split out x2apic ldr calculation
- [x86] KVM: lapic: Fixup LDR on load in x2apic
- mmc: sdhci: Avoid swiotlb buffer being full
- mmc: block: Fix missing blk_put_request()
- mmc: block: Check return value of blk_get_request()
- mmc: core: Do not leave the block driver in a suspended state
- mmc: block: Ensure that debugfs files are removed
- mmc: core: prepend 0x to pre_eol_info entry in sysfs
- mmc: core: prepend 0x to OCR entry in sysfs
- ACPI / EC: Fix regression related to PM ops support in ECDT device
- eeprom: at24: fix reading from 24MAC402/24MAC602
- eeprom: at24: correctly set the size for at24mac402
- eeprom: at24: check at24_read/write arguments
- [alpha,x86] i2c: i801: Fix Failed to allocate irq -2147483648 error
- bcache: Fix building error on MIPS
- bcache: only permit to recovery read error when cache device is clean
- bcache: recover data from backing when data is clean
- hwmon: (jc42) optionally try to disable the SMBUS timeout
- nvme-pci: add quirk for delay before CHK RDY for WDC SN200
- Revert "drm/radeon: dont switch vt on suspend"
- drm/amdgpu: potential uninitialized variable in amdgpu_vce_ring_parse_cs()
- drm/amdgpu: Potential uninitialized variable in
amdgpu_vm_update_directories()
- drm/amdgpu: correct reference clock value on vega10
- drm/amdgpu: fix error handling in amdgpu_bo_do_create
- drm/amdgpu: Properly allocate VM invalidate eng v2
- drm/amdgpu: Remove check which is not valid for certain VBIOS
- drm/ttm: fix ttm_bo_cleanup_refs_or_queue once more
- dma-buf: make reservation_object_copy_fences rcu save
- drm/amdgpu: reserve root PD while releasing it
- drm/ttm: Always and only destroy bo->ttm_resv in ttm_bo_release_list
- drm/vblank: Fix flip event vblank count
- drm/vblank: Tune drm_crtc_accurate_vblank_count() WARN down to a debug
- drm/tilcdc: Precalculate total frametime in tilcdc_crtc_set_mode()
- drm/radeon: fix atombios on big endian
- drm/panel: simple: Add missing panel_simple_unprepare() calls
- [arm64] drm/hisilicon: Ensure LDI regs are properly configured.
- drm/ttm: once more fix ttm_buffer_object_transfer
- drm/amd/pp: fix typecast error in powerplay.
- drm/fb_helper: Disable all crtc's when initial setup fails.
- drm/edid: Don't send non-zero YQ in AVI infoframe for HDMI 1.x sinks
- drm/amdgpu: move UVD/VCE and VCN structure out from union
- drm/amdgpu: Set adev->vcn.irq.num_types for VCN
- IB/core: Do not warn on lid conversions for OPA
- IB/hfi1: Do not warn on lid conversions for OPA
- e1000e: fix the use of magic numbers for buffer overrun issue
- md: forbid a RAID5 from having both a bitmap and a journal.
- [x86] drm/i915: Fix false-positive assert_rpm_wakelock_held in
i915_pmic_bus_access_notifier v2
- [x86] drm/i915: Re-register PMIC bus access notifier on runtime resume
- [x86] drm/i915/fbdev: Serialise early hotplug events with async fbdev
config
- [x86] drm/i915/gvt: Correct ADDR_4K/2M/1G_MASK definition
- [x86] drm/i915: Don't try indexed reads to alternate slave addresses
- [x86] drm/i915: Prevent zero length "index" write
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.5
- drm/amdgpu: Use unsigned ring indices in amdgpu_queue_mgr_map
- [s390x] runtime instrumentation: simplify task exit handling
- usbip: fix usbip attach to find a port that matches the requested speed
- usbip: Fix USB device hang due to wrong enabling of scatter-gather
- uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
- usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
- serial: 8250_early: Only set divisor if valid clk & baud
- [mips*] Add custom serial.h with BASE_BAUD override for generic kernel
- ima: fix hash algorithm initialization
- [s390x] vfio-ccw: Do not attempt to free no-op, test and tic cda.
- PM / Domains: Fix genpd to deal with drivers returning 1 from ->prepare()
- [s390x] pci: do not require AIS facility
- serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
- staging: rtl8188eu: avoid a null dereference on pmlmepriv
- [arm64] mmc: sdhci-msm: fix issue with power irq
- hwmon: (pmbus/core) Prevent unintentional setting of page to 0xFF
- perf/core: Fix __perf_read_group_add() locking
- [armhf] PCI: dra7xx: Create functional dependency between PCIe and PHY
- [x86] intel_rdt: Initialize bitmask of shareable resource if CDP enabled
- [x86] intel_rdt: Fix potential deadlock during resctrl mount
- serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
- kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y
- [x86] entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
- [armhf,arm64] clocksource/drivers/arm_arch_timer: Validate CNTFRQ after
enabling frame
- [x86] EDAC, sb_edac: Fix missing break in switch
- [arm64] cpuidle: Correct driver unregistration if init fails
- usb: xhci: Return error when host is dead in xhci_disable_slot()
- [armel,armhf] sysrq : fix Show Regs call trace on ARM
- [sh4] serial: sh-sci: suppress warning for ports without dma channels
- [armhf] serial: imx: Update cached mctrl value when changing RTS
- [x86] kprobes: Disable preemption in ftrace-based jprobes
- [x86] locking/refcounts, asm: Use unique .text section for refcount
exceptions
- [s390x] ptrace: fix guarded storage regset handling
- perf tools: Fix leaking rec_argv in error cases
- mm, x86/mm: Fix performance regression in get_user_pages_fast()
- iio: adc: ti-ads1015: add 10% to conversion wait time
- iio: multiplexer: add NULL check on devm_kzalloc() and devm_kmemdup()
return values
- [x86] locking/refcounts, asm: Enable CONFIG_ARCH_HAS_REFCOUNT
- [powerpc*] jprobes: Disable preemption when triggered through ftrace
- [powerpc*] kprobes: Disable preemption before invoking probe handler for
optprobes
- usb: hub: Cycle HUB power when initialization fails
- [armhf,arm64] USB: ulpi: fix bus-node lookup
- xhci: Don't show incorrect WARN message about events for empty rings
- usb: xhci: fix panic in xhci_free_virt_devices_depth_first
- USB: core: Add type-specific length check of BOS descriptors
- USB: usbfs: Filter flags passed in from user space
- usb: host: fix incorrect updating of offset
- locking/refcounts: Do not force refcount_t usage as GPL-only export
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6
- usb: gadget: core: Fix ->udc_set_speed() speed handling
- serdev: ttyport: add missing receive_buf sanity checks
- serdev: ttyport: fix NULL-deref on hangup
- serdev: ttyport: fix tty locking in close
- usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT
- can: peak/pci: fix potential bug when probe() fails
- can: kvaser_usb: free buf in error paths
- can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()
- can: kvaser_usb: ratelimit errors if incomplete messages are received
- can: kvaser_usb: cancel urb on -EPIPE and -EPROTO
- can: ems_usb: cancel urb on -EPIPE and -EPROTO
- can: esd_usb2: cancel urb on -EPIPE and -EPROTO
- can: usb_8dev: cancel urb on -EPIPE and -EPROTO
- can: peak/pcie_fd: fix potential bug in restarting tx queue
- virtio: release virtio index when fail to device_register
- [arm64] pinctrl: armada-37xx: Fix direction_output() callback behavior
- [x86] Drivers: hv: vmbus: Fix a rescind issue
- [x86] hv: kvp: Avoid reading past allocated blocks from KVP file
- firmware: vpd: Destroy vpd sections in remove function
- firmware: vpd: Tie firmware kobject to device lifetime
- firmware: vpd: Fix platform driver and device registration/unregistration
- scsi: dma-mapping: always provide dma_get_cache_alignment
- scsi: use dma_get_cache_alignment() as minimum DMA alignment
- scsi: libsas: align sata_device's rps_resp on a cacheline
- efi: Move some sysfs files to be read-only by root
- efi/esrt: Use memunmap() instead of kfree() to free the remapping
- ASN.1: fix out-of-bounds read when parsing indefinite length item
- ASN.1: check for error from ASN1_OP_END__ACT actions
- KEYS: add missing permission check for request_key() destination
- KEYS: reject NULL restriction string when type is specified
- X.509: reject invalid BIT STRING for subjectPublicKey
- X.509: fix comparisons of ->pkey_algo
- [x86] idt: Load idt early in start_secondary
- [x86] PCI: Make broadcom_postcore_init() check acpi_disabled
- [x86] KVM: fix APIC page invalidation
- btrfs: fix missing error return in btrfs_drop_snapshot
- btrfs: handle errors while updating refcounts in update_ref_for_cow
- ALSA: pcm: prevent UAF in snd_pcm_info
- ALSA: seq: Remove spurious WARN_ON() at timer check
- ALSA: usb-audio: Fix out-of-bound error
- ALSA: usb-audio: Add check return value for usb_string()
- [x86] iommu/vt-d: Fix scatterlist offset handling
- smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place
- [s390x] always save and restore all registers on context switch
- [s390x] mm: fix off-by-one bug in 5-level page table handling
- [s390x] fix compat system call table
- [s390x] KVM: Fix skey emulation permission check
- [powerpc*] Revert "powerpc: Do not call ppc_md.panic in fadump panic
notifier"
- [powerpc*] 64s: Initialize ISAv3 MMU registers before setting partition
table
- iwlwifi: mvm: mark MIC stripped MPDUs
- iwlwifi: mvm: don't use transmit queue hang detection when it is not
possible
- iwlwifi: mvm: flush queue before deleting ROC
- iwlwifi: mvm: fix packet injection
- iwlwifi: mvm: enable RX offloading with TKIP and WEP
- brcmfmac: change driver unbind order of the sdio function devices
- md/r5cache: move mddev_lock() out of r5c_journal_mode_set()
- [armhf] drm/bridge: analogix dp: Fix runtime PM state in get_modes()
callback
- [armhf] drm/exynos: gem: Drop NONCONTIG flag for buffers allocated
without IOMMU
- [x86] drm/i915: Fix vblank timestamp/frame counter jumps on gen2
- media: dvb: i2c transfers over usb cannot be done from stack
- media: rc: sir_ir: detect presence of port
- media: rc: partial revert of "media: rc: per-protocol repeat period"
- [arm64] KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one
- [armhf] KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
- [x86] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
(CVE-2017-1000407)
- [armhf,arm64] KVM: Fix broken GICH_ELRSR big endian conversion
- [armhf,arm64] KVM: vgic-irqfd: Fix MSI entry allocation
- [armhf,arm64] KVM: vgic: Preserve the revious read from the pending table
- [armhf,arm64] KVM: vgic-its: Check result of allocation before use
- [arm64] fpsimd: Prevent registers leaking from dead tasks
- [arm64] SW PAN: Point saved ttbr0 at the zero page when switching to
init_mm
- [arm64] SW PAN: Update saved ttbr0 value on enter_lazy_tlb
- [armhf] Revert "ARM: dts: imx53: add srtc node"
- [armhf] bus: arm-cci: Fix use of smp_processor_id() in preemptible context
- IB/core: Only enforce security for InfiniBand
- [armel,armhf] BUG if jumping to usermode address in kernel mode
- [armel,armhf] avoid faulting on qemu
- [arm64] irqchip/qcom: Fix u32 comparison with value less than zero
- [powerpc*] perf: Fix pmu_count to count only nest imc pmus
- apparmor: fix leak of null profile name if profile allocation fails
- mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
- gre6: use log_ecn_error module parameter in ip6_tnl_rcv()
- route: also update fnhe_genid when updating a route cache
- route: update fnhe_expires for redirect when the fnhe exists
- rsi: fix memory leak on buf and usb_reg_buf
- pipe: match pipe_max_size data type with procfs
- lib/genalloc.c: make the avail variable an atomic_long_t
- NFS: Fix a typo in nfs_rename()
- sunrpc: Fix rpc_task_begin trace point
- nfp: inherit the max_mtu from the PF netdev
- nfp: fix flower offload metadata flag usage
- xfs: fix forgotten rcu read unlock when skipping inode reclaim
- block: wake up all tasks blocked in get_request()
- [sparc64] mm: set fields in deferred pages
- zsmalloc: calling zs_map_object() from irq is a bug
- slub: fix sysfs duplicate filename creation when slub_debug=O
- sctp: do not free asoc when it is already dead in sctp_sendmsg
- sctp: use the right sk after waking up from wait_buf sleep
- fcntl: don't leak fd reference when fixup_compat_flock fails
- geneve: fix fill_info when link down
- bpf: fix lockdep splat
- [arm64] clk: qcom: common: fix legacy board-clock registration
- [arm64] clk: hi3660: fix incorrect uart3 clock freqency
- atm: horizon: Fix irq release error
- xfrm: Copy policy family in clone_policy
- f2fs: fix to clear FI_NO_PREALLOC
- bnxt_re: changing the ip address shouldn't affect new connections
- IB/mlx4: Increase maximal message size under UD QP
- IB/mlx5: Assign send CQ and recv CQ of UMR QP
- afs: Fix total-length calculation for multiple-page send
- afs: Connect up the CB.ProbeUuid
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7
- net: realtek: r8169: implement set_link_ksettings()
- [s390x] qeth: fix early exit from error path
- tipc: fix memory leak in tipc_accept_from_sock()
- vhost: fix skb leak in handle_rx()
- rds: Fix NULL pointer dereference in __rds_rdma_map
- sit: update frag_off info
- tcp: add tcp_v4_fill_cb()/tcp_v4_restore_cb()
- packet: fix crash in fanout_demux_rollover()
- net/packet: fix a race in packet_bind() and packet_notifier()
- tcp: remove buggy call to tcp_v6_restore_cb()
- usbnet: fix alignment for frames with no ethernet header
- net: remove hlist_nulls_add_tail_rcu()
- stmmac: reset last TSO segment size after device open
- tcp/dccp: block bh before arming time_wait timer
- [s390x] qeth: build max size GSO skbs on L2 devices
- [s390x] qeth: fix thinko in IPv4 multicast address tracking
- [s390x] qeth: fix GSO throughput regression
- tcp: use IPCB instead of TCP_SKB_CB in inet_exact_dif_match()
- tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv()
- tcp: use current time in tcp_rcv_space_adjust()
- net: sched: cbq: create block for q->link.block
- tap: free skb if flags error
- tcp: when scheduling TLP, time of RTO should account for current ACK
- tun: free skb in early errors
- net: ipv6: Fixup device for anycast routes during copy
- tun: fix rcu_read_lock imbalance in tun_build_skb
- net: accept UFO datagrams from tuntap and packet
- net: openvswitch: datapath: fix data type in queue_gso_packets
- cls_bpf: don't decrement net's refcount when offload fails
- sctp: use right member as the param of list_for_each_entry
- ipmi: Stop timers before cleaning up the module
- usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping
- fcntl: don't cap l_start and l_end values for F_GETLK64 in compat syscall
- fix kcm_clone()
- [armhf,arm64] KVM: vgic-its: Preserve the revious read from the pending
table
- kbuild: do not call cc-option before KBUILD_CFLAGS initialization
- [powerpc*] powernv/idle: Round up latency and residency values
- ipvlan: fix ipv6 outbound device
- blk-mq: Avoid that request queue removal can trigger list corruption
- nvmet-rdma: update queue list during ib_device removal
- audit: Allow auditd to set pid to 0 to end auditing
- audit: ensure that 'audit=1' actually enables audit for PID 1
- dm raid: fix panic when attempting to force a raid to sync
- md: free unused memory after bitmap resize
- RDMA/cxgb4: Annotate r2 and stag as __be32
- [x86] intel_rdt: Fix potential deadlock during resctrl unmount
[ Salvatore Bonaccorso ]
* Add ABI reference for 4.14.0-1

109
debian/patches/bugfix/all/apparmor-fix-oops-in-audit_signal_cb-hook.patch vendored
View File

@ -1,109 +0,0 @@
From: John Johansen <john.johansen@canonical.com>
Date: Wed, 22 Nov 2017 07:33:38 -0800
Subject: apparmor: fix oops in audit_signal_cb hook
Origin: https://lkml.org/lkml/2017/11/22/411
The apparmor_audit_data struct ordering got messed up during a merge
conflict, resulting in the signal integer and peer pointer being in
a union instead of a struct together.
For most of the 4.13 and 4.14 life cycle, this was hidden by commit
651e28c5537abb39076d3949fb7618536f1d242e which fixed the
apparmor_audit_data struct when its data was added. When that commit
was reverted in -rc7 the signal audit bug was exposed, and
unfortunately it never showed up in any of the testing until after
4.14 was released, and Shaun Khan, Zephaniah E. Loss-Cutler-Hull filed
nearly simultaneous bug reports (with different oopes, the smaller of
which is included below).
Full credit goes to Tetsuo Handa for jumping on this as well and
noticing the audit data struct problem and reporting it.
Alright, trying again, this time with my mail settings to actually send
as plain text, and with some more detail.
I am running Ubuntu 16.04, with a mainline 4.14 kernel.
[ 76.178568] BUG: unable to handle kernel paging request at ffffffff0eee3bc0
[ 76.178579] IP: audit_signal_cb+0x6c/0xe0
[ 76.178581] PGD 1a640a067 P4D 1a640a067 PUD 0
[ 76.178586] Oops: 0000 [#1] PREEMPT SMP
[ 76.178589] Modules linked in: fuse rfcomm bnep usblp uvcvideo btusb btrtl btbcm btintel bluetooth ecdh_generic ip6table_filter ip6_tables xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack iptable_filter ip_tables x_tables intel_rapl joydev wmi_bmof serio_raw iwldvm iwlwifi shpchp kvm_intel kvm irqbypass autofs4 algif_skcipher nls_iso8859_1 nls_cp437 crc32_pclmul ghash_clmulni_intel
[ 76.178620] CPU: 0 PID: 10675 Comm: pidgin Not tainted 4.14.0-f1-dirty #135
[ 76.178623] Hardware name: Hewlett-Packard HP EliteBook Folio 9470m/18DF, BIOS 68IBD Ver. F.62 10/22/2015
[ 76.178625] task: ffff9c7a94c31dc0 task.stack: ffffa09b02a4c000
[ 76.178628] RIP: 0010:audit_signal_cb+0x6c/0xe0
[ 76.178631] RSP: 0018:ffffa09b02a4fc08 EFLAGS: 00010292
[ 76.178634] RAX: ffffa09b02a4fd60 RBX: ffff9c7aee0741f8 RCX: 0000000000000000
[ 76.178636] RDX: ffffffffee012290 RSI: 0000000000000006 RDI: ffff9c7a9493d800
[ 76.178638] RBP: ffffa09b02a4fd40 R08: 000000000000004d R09: ffffa09b02a4fc46
[ 76.178641] R10: ffffa09b02a4fcb8 R11: ffff9c7ab44f5072 R12: ffffa09b02a4fd40
[ 76.178643] R13: ffffffff9e447be0 R14: ffff9c7a94c31dc0 R15: 0000000000000001
[ 76.178646] FS: 00007f8b11ba2a80(0000) GS:ffff9c7afea00000(0000) knlGS:0000000000000000
[ 76.178648] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 76.178650] CR2: ffffffff0eee3bc0 CR3: 00000003d5209002 CR4: 00000000001606f0
[ 76.178652] Call Trace:
[ 76.178660] common_lsm_audit+0x1da/0x780
[ 76.178665] ? d_absolute_path+0x60/0x90
[ 76.178669] ? aa_check_perms+0xcd/0xe0
[ 76.178672] aa_check_perms+0xcd/0xe0
[ 76.178675] profile_signal_perm.part.0+0x90/0xa0
[ 76.178679] aa_may_signal+0x16e/0x1b0
[ 76.178686] apparmor_task_kill+0x51/0x120
[ 76.178690] security_task_kill+0x44/0x60
[ 76.178695] group_send_sig_info+0x25/0x60
[ 76.178699] kill_pid_info+0x36/0x60
[ 76.178703] SYSC_kill+0xdb/0x180
[ 76.178707] ? preempt_count_sub+0x92/0xd0
[ 76.178712] ? _raw_write_unlock_irq+0x13/0x30
[ 76.178716] ? task_work_run+0x6a/0x90
[ 76.178720] ? exit_to_usermode_loop+0x80/0xa0
[ 76.178723] entry_SYSCALL_64_fastpath+0x13/0x94
[ 76.178727] RIP: 0033:0x7f8b0e58b767
[ 76.178729] RSP: 002b:00007fff19efd4d8 EFLAGS: 00000206 ORIG_RAX: 000000000000003e
[ 76.178732] RAX: ffffffffffffffda RBX: 0000557f3e3c2050 RCX: 00007f8b0e58b767
[ 76.178735] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000263b
[ 76.178737] RBP: 0000000000000000 R08: 0000557f3e3c2270 R09: 0000000000000001
[ 76.178739] R10: 000000000000022d R11: 0000000000000206 R12: 0000000000000000
[ 76.178741] R13: 0000000000000001 R14: 0000557f3e3c13c0 R15: 0000000000000000
[ 76.178745] Code: 48 8b 55 18 48 89 df 41 b8 20 00 08 01 5b 5d 48 8b 42 10 48 8b 52 30 48 63 48 4c 48 8b 44 c8 48 31 c9 48 8b 70 38 e9 f4 fd 00 00 <48> 8b 14 d5 40 27 e5 9e 48 c7 c6 7d 07 19 9f 48 89 df e8 fd 35
[ 76.178794] RIP: audit_signal_cb+0x6c/0xe0 RSP: ffffa09b02a4fc08
[ 76.178796] CR2: ffffffff0eee3bc0
[ 76.178799] ---[ end trace 514af9529297f1a3 ]---
Fixes: cd1dbf76b23d ("apparmor: add the ability to mediate signals")
Reported-by: Zephaniah E. Loss-Cutler-Hull <warp-spam_kernel@aehallh.com>
Reported-by: Shuah Khan <shuahkh@osg.samsung.com>
Reported-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
security/apparmor/include/audit.h | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -121,17 +121,19 @@ struct apparmor_audit_data {
/* these entries require a custom callback fn */
struct {
struct aa_label *peer;
- struct {
- const char *target;
- kuid_t ouid;
- } fs;
+ union {
+ struct {
+ const char *target;
+ kuid_t ouid;
+ } fs;
+ int signal;
+ };
};
struct {
struct aa_profile *profile;
const char *ns;
long pos;
} iface;
- int signal;
struct {
int rlim;
unsigned long max;

183
debian/patches/bugfix/all/dvb_frontend-don-t-use-after-free-the-frontend-struc.patch vendored
View File

@ -1,183 +0,0 @@
From: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Date: Tue, 7 Nov 2017 08:39:39 -0500
Subject: dvb_frontend: don't use-after-free the frontend struct
Origin: https://git.kernel.org/linus/b1cb7372fa822af6c06c8045963571d13ad6348b
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-16648
dvb_frontend_invoke_release() may free the frontend struct.
So, the free logic can't update it anymore after calling it.
That's OK, as __dvb_frontend_free() is called only when the
krefs are zeroed, so nobody is using it anymore.
That should fix the following KASAN error:
The KASAN report looks like this (running on kernel 3e0cc09a3a2c40ec1ffb6b4e12da86e98feccb11 (4.14-rc5+)):
==================================================================
BUG: KASAN: use-after-free in __dvb_frontend_free+0x113/0x120
Write of size 8 at addr ffff880067d45a00 by task kworker/0:1/24
CPU: 0 PID: 24 Comm: kworker/0:1 Not tainted 4.14.0-rc5-43687-g06ab8a23e0e6 #545
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
__dump_stack lib/dump_stack.c:16
dump_stack+0x292/0x395 lib/dump_stack.c:52
print_address_description+0x78/0x280 mm/kasan/report.c:252
kasan_report_error mm/kasan/report.c:351
kasan_report+0x23d/0x350 mm/kasan/report.c:409
__asan_report_store8_noabort+0x1c/0x20 mm/kasan/report.c:435
__dvb_frontend_free+0x113/0x120 drivers/media/dvb-core/dvb_frontend.c:156
dvb_frontend_put+0x59/0x70 drivers/media/dvb-core/dvb_frontend.c:176
dvb_frontend_detach+0x120/0x150 drivers/media/dvb-core/dvb_frontend.c:2803
dvb_usb_adapter_frontend_exit+0xd6/0x160 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:340
dvb_usb_adapter_exit drivers/media/usb/dvb-usb/dvb-usb-init.c:116
dvb_usb_exit+0x9b/0x200 drivers/media/usb/dvb-usb/dvb-usb-init.c:132
dvb_usb_device_exit+0xa5/0xf0 drivers/media/usb/dvb-usb/dvb-usb-init.c:295
usb_unbind_interface+0x21c/0xa90 drivers/usb/core/driver.c:423
__device_release_driver drivers/base/dd.c:861
device_release_driver_internal+0x4f1/0x5c0 drivers/base/dd.c:893
device_release_driver+0x1e/0x30 drivers/base/dd.c:918
bus_remove_device+0x2f4/0x4b0 drivers/base/bus.c:565
device_del+0x5c4/0xab0 drivers/base/core.c:1985
usb_disable_device+0x1e9/0x680 drivers/usb/core/message.c:1170
usb_disconnect+0x260/0x7a0 drivers/usb/core/hub.c:2124
hub_port_connect drivers/usb/core/hub.c:4754
hub_port_connect_change drivers/usb/core/hub.c:5009
port_event drivers/usb/core/hub.c:5115
hub_event+0x1318/0x3740 drivers/usb/core/hub.c:5195
process_one_work+0xc73/0x1d90 kernel/workqueue.c:2119
worker_thread+0x221/0x1850 kernel/workqueue.c:2253
kthread+0x363/0x440 kernel/kthread.c:231
ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
Allocated by task 24:
save_stack_trace+0x1b/0x20 arch/x86/kernel/stacktrace.c:59
save_stack+0x43/0xd0 mm/kasan/kasan.c:447
set_track mm/kasan/kasan.c:459
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:551
kmem_cache_alloc_trace+0x11e/0x2d0 mm/slub.c:2772
kmalloc ./include/linux/slab.h:493
kzalloc ./include/linux/slab.h:666
dtt200u_fe_attach+0x4c/0x110 drivers/media/usb/dvb-usb/dtt200u-fe.c:212
dtt200u_frontend_attach+0x35/0x80 drivers/media/usb/dvb-usb/dtt200u.c:136
dvb_usb_adapter_frontend_init+0x32b/0x660 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:286
dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:86
dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:162
dvb_usb_device_init+0xf73/0x17f0 drivers/media/usb/dvb-usb/dvb-usb-init.c:277
dtt200u_usb_probe+0xa1/0xe0 drivers/media/usb/dvb-usb/dtt200u.c:155
usb_probe_interface+0x35d/0x8e0 drivers/usb/core/driver.c:361
really_probe drivers/base/dd.c:413
driver_probe_device+0x610/0xa00 drivers/base/dd.c:557
__device_attach_driver+0x230/0x290 drivers/base/dd.c:653
bus_for_each_drv+0x161/0x210 drivers/base/bus.c:463
__device_attach+0x26b/0x3c0 drivers/base/dd.c:710
device_initial_probe+0x1f/0x30 drivers/base/dd.c:757
bus_probe_device+0x1eb/0x290 drivers/base/bus.c:523
device_add+0xd0b/0x1660 drivers/base/core.c:1835
usb_set_configuration+0x104e/0x1870 drivers/usb/core/message.c:1932
generic_probe+0x73/0xe0 drivers/usb/core/generic.c:174
usb_probe_device+0xaf/0xe0 drivers/usb/core/driver.c:266
really_probe drivers/base/dd.c:413
driver_probe_device+0x610/0xa00 drivers/base/dd.c:557
__device_attach_driver+0x230/0x290 drivers/base/dd.c:653
bus_for_each_drv+0x161/0x210 drivers/base/bus.c:463
__device_attach+0x26b/0x3c0 drivers/base/dd.c:710
device_initial_probe+0x1f/0x30 drivers/base/dd.c:757
bus_probe_device+0x1eb/0x290 drivers/base/bus.c:523
device_add+0xd0b/0x1660 drivers/base/core.c:1835
usb_new_device+0x7b8/0x1020 drivers/usb/core/hub.c:2457
hub_port_connect drivers/usb/core/hub.c:4903
hub_port_connect_change drivers/usb/core/hub.c:5009
port_event drivers/usb/core/hub.c:5115
hub_event+0x194d/0x3740 drivers/usb/core/hub.c:5195
process_one_work+0xc73/0x1d90 kernel/workqueue.c:2119
worker_thread+0x221/0x1850 kernel/workqueue.c:2253
kthread+0x363/0x440 kernel/kthread.c:231
ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
Freed by task 24:
save_stack_trace+0x1b/0x20 arch/x86/kernel/stacktrace.c:59
save_stack+0x43/0xd0 mm/kasan/kasan.c:447
set_track mm/kasan/kasan.c:459
kasan_slab_free+0x72/0xc0 mm/kasan/kasan.c:524
slab_free_hook mm/slub.c:1390
slab_free_freelist_hook mm/slub.c:1412
slab_free mm/slub.c:2988
kfree+0xf6/0x2f0 mm/slub.c:3919
dtt200u_fe_release+0x3c/0x50 drivers/media/usb/dvb-usb/dtt200u-fe.c:202
dvb_frontend_invoke_release.part.13+0x1c/0x30 drivers/media/dvb-core/dvb_frontend.c:2790
dvb_frontend_invoke_release drivers/media/dvb-core/dvb_frontend.c:2789
__dvb_frontend_free+0xad/0x120 drivers/media/dvb-core/dvb_frontend.c:153
dvb_frontend_put+0x59/0x70 drivers/media/dvb-core/dvb_frontend.c:176
dvb_frontend_detach+0x120/0x150 drivers/media/dvb-core/dvb_frontend.c:2803
dvb_usb_adapter_frontend_exit+0xd6/0x160 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:340
dvb_usb_adapter_exit drivers/media/usb/dvb-usb/dvb-usb-init.c:116
dvb_usb_exit+0x9b/0x200 drivers/media/usb/dvb-usb/dvb-usb-init.c:132
dvb_usb_device_exit+0xa5/0xf0 drivers/media/usb/dvb-usb/dvb-usb-init.c:295
usb_unbind_interface+0x21c/0xa90 drivers/usb/core/driver.c:423
__device_release_driver drivers/base/dd.c:861
device_release_driver_internal+0x4f1/0x5c0 drivers/base/dd.c:893
device_release_driver+0x1e/0x30 drivers/base/dd.c:918
bus_remove_device+0x2f4/0x4b0 drivers/base/bus.c:565
device_del+0x5c4/0xab0 drivers/base/core.c:1985
usb_disable_device+0x1e9/0x680 drivers/usb/core/message.c:1170
usb_disconnect+0x260/0x7a0 drivers/usb/core/hub.c:2124
hub_port_connect drivers/usb/core/hub.c:4754
hub_port_connect_change drivers/usb/core/hub.c:5009
port_event drivers/usb/core/hub.c:5115
hub_event+0x1318/0x3740 drivers/usb/core/hub.c:5195
process_one_work+0xc73/0x1d90 kernel/workqueue.c:2119
worker_thread+0x221/0x1850 kernel/workqueue.c:2253
kthread+0x363/0x440 kernel/kthread.c:231
ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
The buggy address belongs to the object at ffff880067d45500
which belongs to the cache kmalloc-2048 of size 2048
The buggy address is located 1280 bytes inside of
2048-byte region [ffff880067d45500, ffff880067d45d00)
The buggy address belongs to the page:
page:ffffea00019f5000 count:1 mapcount:0 mapping: (null)
index:0x0 compound_mapcount: 0
flags: 0x100000000008100(slab|head)
raw: 0100000000008100 0000000000000000 0000000000000000 00000001000f000f
raw: dead000000000100 dead000000000200 ffff88006c002d80 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff880067d45900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff880067d45980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff880067d45a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff880067d45a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff880067d45b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
Fixes: ead666000a5f ("media: dvb_frontend: only use kref after initialized")
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Suggested-by: Matthias Schwarzott <zzam@gentoo.org>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
---
drivers/media/dvb-core/dvb_frontend.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/drivers/media/dvb-core/dvb_frontend.c b/drivers/media/dvb-core/dvb_frontend.c
index d485d5f6cc88..3ad83359098b 100644
--- a/drivers/media/dvb-core/dvb_frontend.c
+++ b/drivers/media/dvb-core/dvb_frontend.c
@@ -150,11 +150,8 @@ static void __dvb_frontend_free(struct dvb_frontend *fe)
dvb_frontend_invoke_release(fe, fe->ops.release);
- if (!fepriv)
- return;
-
- kfree(fepriv);
- fe->frontend_priv = NULL;
+ if (fepriv)
+ kfree(fepriv);
}
static void dvb_frontend_free(struct kref *ref)

36
debian/patches/bugfix/all/media-cx231xx-cards-fix-null-deref-on-missing-associ.patch vendored
View File

@ -1,36 +0,0 @@
From: Johan Hovold <johan@kernel.org>
Date: Thu, 21 Sep 2017 05:40:18 -0300
Subject: [media] cx231xx-cards: fix NULL-deref on missing association
descriptor
Origin: https://git.kernel.org/linus/6c3b047fa2d2286d5e438bcb470c7b1a49f415f6
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-16536
Make sure to check that we actually have an Interface Association
Descriptor before dereferencing it during probe to avoid dereferencing a
NULL-pointer.
Fixes: e0d3bafd0258 ("V4L/DVB (10954): Add cx231xx USB driver")
Cc: stable <stable@vger.kernel.org> # 2.6.30
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
---
drivers/media/usb/cx231xx/cx231xx-cards.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/usb/cx231xx/cx231xx-cards.c b/drivers/media/usb/cx231xx/cx231xx-cards.c
index e0daa9b6c2a0..9b742d569fb5 100644
--- a/drivers/media/usb/cx231xx/cx231xx-cards.c
+++ b/drivers/media/usb/cx231xx/cx231xx-cards.c
@@ -1684,7 +1684,7 @@ static int cx231xx_usb_probe(struct usb_interface *interface,
nr = dev->devno;
assoc_desc = udev->actconfig->intf_assoc[0];
- if (assoc_desc->bFirstInterface != ifnum) {
+ if (!assoc_desc || assoc_desc->bFirstInterface != ifnum) {
dev_err(d, "Not found matching IAD interface\n");
retval = -ENODEV;
goto err_if;

47
debian/patches/bugfix/all/media-dvb-core-always-call-invoke_release-in-fe_free.patch vendored
View File

@ -1,47 +0,0 @@
From: Daniel Scheller <d.scheller@gmx.net>
Date: Sun, 29 Oct 2017 11:43:22 -0400
Subject: media: dvb-core: always call invoke_release() in fe_free()
Origin: https://git.kernel.org/linus/62229de19ff2b7f3e0ebf4d48ad99061127d0281
Follow-up to: ead666000a5f ("media: dvb_frontend: only use kref after initialized")
The aforementioned commit fixed refcount OOPSes when demod driver attaching
succeeded but tuner driver didn't. However, the use count of the attached
demod drivers don't go back to zero and thus couldn't be cleanly unloaded.
Improve on this by calling dvb_frontend_invoke_release() in
__dvb_frontend_free() regardless of fepriv being NULL, instead of returning
when fepriv is NULL. This is safe to do since _invoke_release() will check
for passed pointers being valid before calling the .release() function.
[mchehab@s-opensource.com: changed the logic a little bit to reduce
conflicts with another bug fix patch under review]
Fixes: ead666000a5f ("media: dvb_frontend: only use kref after initialized")
Signed-off-by: Daniel Scheller <d.scheller@gmx.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
---
drivers/media/dvb-core/dvb_frontend.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/media/dvb-core/dvb_frontend.c b/drivers/media/dvb-core/dvb_frontend.c
index daaf969719e4..d485d5f6cc88 100644
--- a/drivers/media/dvb-core/dvb_frontend.c
+++ b/drivers/media/dvb-core/dvb_frontend.c
@@ -145,13 +145,14 @@ static void __dvb_frontend_free(struct dvb_frontend *fe)
{
struct dvb_frontend_private *fepriv = fe->frontend_priv;
- if (!fepriv)
- return;
-
- dvb_free_device(fepriv->dvbdev);
+ if (fepriv)
+ dvb_free_device(fepriv->dvbdev);
dvb_frontend_invoke_release(fe, fe->ops.release);
+ if (!fepriv)
+ return;
+
kfree(fepriv);
fe->frontend_priv = NULL;
}

109
debian/patches/bugfix/all/mm-thp-Do-not-make-page-table-dirty-unconditionally-.patch vendored
View File

@ -1,109 +0,0 @@
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Date: Mon, 27 Nov 2017 06:21:25 +0300
Subject: mm, thp: Do not make page table dirty unconditionally in
touch_p[mu]d()
Origin: https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-1000405
Currently, we unconditionally make page table dirty in touch_pmd().
It may result in false-positive can_follow_write_pmd().
We may avoid the situation, if we would only make the page table entry
dirty if caller asks for write access -- FOLL_WRITE.
The patch also changes touch_pud() in the same way.
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
mm/huge_memory.c | 36 +++++++++++++-----------------------
1 file changed, 13 insertions(+), 23 deletions(-)
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 86fe697e8bfb..0e7ded98d114 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -842,20 +842,15 @@ EXPORT_SYMBOL_GPL(vmf_insert_pfn_pud);
#endif /* CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD */
static void touch_pmd(struct vm_area_struct *vma, unsigned long addr,
- pmd_t *pmd)
+ pmd_t *pmd, int flags)
{
pmd_t _pmd;
- /*
- * We should set the dirty bit only for FOLL_WRITE but for now
- * the dirty bit in the pmd is meaningless. And if the dirty
- * bit will become meaningful and we'll only set it with
- * FOLL_WRITE, an atomic set_bit will be required on the pmd to
- * set the young bit, instead of the current set_pmd_at.
- */
- _pmd = pmd_mkyoung(pmd_mkdirty(*pmd));
+ _pmd = pmd_mkyoung(*pmd);
+ if (flags & FOLL_WRITE)
+ _pmd = pmd_mkdirty(_pmd);
if (pmdp_set_access_flags(vma, addr & HPAGE_PMD_MASK,
- pmd, _pmd, 1))
+ pmd, _pmd, flags & FOLL_WRITE))
update_mmu_cache_pmd(vma, addr, pmd);
}
@@ -884,7 +879,7 @@ struct page *follow_devmap_pmd(struct vm_area_struct *vma, unsigned long addr,
return NULL;
if (flags & FOLL_TOUCH)
- touch_pmd(vma, addr, pmd);
+ touch_pmd(vma, addr, pmd, flags);
/*
* device mapped pages can only be returned if the
@@ -995,20 +990,15 @@ int copy_huge_pmd(struct mm_struct *dst_mm, struct mm_struct *src_mm,
#ifdef CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD
static void touch_pud(struct vm_area_struct *vma, unsigned long addr,
- pud_t *pud)
+ pud_t *pud, int flags)
{
pud_t _pud;
- /*
- * We should set the dirty bit only for FOLL_WRITE but for now
- * the dirty bit in the pud is meaningless. And if the dirty
- * bit will become meaningful and we'll only set it with
- * FOLL_WRITE, an atomic set_bit will be required on the pud to
- * set the young bit, instead of the current set_pud_at.
- */
- _pud = pud_mkyoung(pud_mkdirty(*pud));
+ _pud = pud_mkyoung(*pud);
+ if (flags & FOLL_WRITE)
+ _pud = pud_mkdirty(_pud);
if (pudp_set_access_flags(vma, addr & HPAGE_PUD_MASK,
- pud, _pud, 1))
+ pud, _pud, flags & FOLL_WRITE))
update_mmu_cache_pud(vma, addr, pud);
}
@@ -1031,7 +1021,7 @@ struct page *follow_devmap_pud(struct vm_area_struct *vma, unsigned long addr,
return NULL;
if (flags & FOLL_TOUCH)
- touch_pud(vma, addr, pud);
+ touch_pud(vma, addr, pud, flags);
/*
* device mapped pages can only be returned if the
@@ -1424,7 +1414,7 @@ struct page *follow_trans_huge_pmd(struct vm_area_struct *vma,
page = pmd_page(*pmd);
VM_BUG_ON_PAGE(!PageHead(page) && !is_zone_device_page(page), page);
if (flags & FOLL_TOUCH)
- touch_pmd(vma, addr, pmd);
+ touch_pmd(vma, addr, pmd, flags);
if ((flags & FOLL_MLOCK) && (vma->vm_flags & VM_LOCKED)) {
/*
* We don't mlock() pte-mapped THPs. This way we can avoid
--
2.15.0

11
debian/patches/debian/kernelvariables.patch vendored
View File

@ -14,7 +14,7 @@ use of $(ARCH) needs to be moved after this.
--- a/Makefile
+++ b/Makefile
@@ -255,42 +255,6 @@ SUBARCH := $(shell uname -m | sed -e s/i
@@ -251,42 +251,6 @@ SUBARCH := $(shell uname -m | sed -e s/i
ARCH ?= $(SUBARCH)
CROSS_COMPILE ?= $(CONFIG_CROSS_COMPILE:"%"=%)
@ -57,9 +57,9 @@ use of $(ARCH) needs to be moved after this.
KCONFIG_CONFIG ?= .config
export KCONFIG_CONFIG
@@ -373,6 +337,44 @@ LDFLAGS_vmlinux =
CFLAGS_GCOV := -fprofile-arcs -ftest-coverage -fno-tree-loop-im $(call cc-disable-warning,maybe-uninitialized,)
CFLAGS_KCOV := $(call cc-option,-fsanitize-coverage=trace-pc,)
@@ -374,6 +338,45 @@ CFLAGS_KERNEL =
AFLAGS_KERNEL =
LDFLAGS_vmlinux =
+-include $(obj)/.kernelvariables
+
@ -99,6 +99,7 @@ use of $(ARCH) needs to be moved after this.
+ifeq ($(ARCH),m68knommu)
+ hdr-arch := m68k
+endif
+
# Use USERINCLUDE when you must reference the UAPI directories only.
USERINCLUDE := \
-I$(srctree)/arch/$(hdr-arch)/include/uapi \

116
debian/patches/features/all/aufs4/aufs4-standalone.patch vendored
View File

@ -8,11 +8,9 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch
aufs4.14 standalone patch
diff --git a/fs/dcache.c b/fs/dcache.c
index e3719a5..3203470 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -1305,6 +1305,7 @@ void d_walk(struct dentry *parent, void *data,
@@ -1305,6 +1305,7 @@ rename_retry:
seq = 1;
goto again;
}
@ -20,7 +18,7 @@ index e3719a5..3203470 100644
struct check_mount {
struct vfsmount *mnt;
@@ -2894,6 +2895,7 @@ void d_exchange(struct dentry *dentry1, struct dentry *dentry2)
@@ -2894,6 +2895,7 @@ void d_exchange(struct dentry *dentry1,
write_sequnlock(&rename_lock);
}
@ -28,11 +26,9 @@ index e3719a5..3203470 100644
/**
* d_ancestor - search for an ancestor
diff --git a/fs/exec.c b/fs/exec.c
index 3e14ba2..6818b01 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -109,6 +109,7 @@ bool path_noexec(const struct path *path)
@@ -109,6 +109,7 @@ bool path_noexec(const struct path *path
return (path->mnt->mnt_flags & MNT_NOEXEC) ||
(path->mnt->mnt_sb->s_iflags & SB_I_NOEXEC);
}
@ -40,11 +36,9 @@ index 3e14ba2..6818b01 100644
#ifdef CONFIG_USELIB
/*
diff --git a/fs/fcntl.c b/fs/fcntl.c
index cffefab..725d190 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -85,6 +85,7 @@ int setfl(int fd, struct file * filp, unsigned long arg)
@@ -85,6 +85,7 @@ int setfl(int fd, struct file * filp, un
out:
return error;
}
@ -52,11 +46,9 @@ index cffefab..725d190 100644
static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
int force)
diff --git a/fs/file_table.c b/fs/file_table.c
index 61517f5..c6bab39c 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -148,6 +148,7 @@ struct file *get_empty_filp(void)
@@ -148,6 +148,7 @@ over:
}
return ERR_PTR(-ENFILE);
}
@ -88,11 +80,9 @@ index 61517f5..c6bab39c 100644
void __init files_init(void)
{
diff --git a/fs/inode.c b/fs/inode.c
index f7800d6..f31a6c7 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -1664,6 +1664,7 @@ int update_time(struct inode *inode, struct timespec *time, int flags)
@@ -1664,6 +1664,7 @@ int update_time(struct inode *inode, str
return update_time(inode, time, flags);
}
@ -100,11 +90,9 @@ index f7800d6..f31a6c7 100644
/**
* touch_atime - update the access time
diff --git a/fs/namespace.c b/fs/namespace.c
index e5a4a7f..6d0c376 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -517,6 +517,7 @@ void __mnt_drop_write(struct vfsmount *mnt)
@@ -517,6 +517,7 @@ void __mnt_drop_write(struct vfsmount *m
mnt_dec_writers(real_mount(mnt));
preempt_enable();
}
@ -112,7 +100,7 @@ index e5a4a7f..6d0c376 100644
/**
* mnt_drop_write - give up write access to a mount
@@ -851,6 +852,7 @@ int is_current_mnt_ns(struct vfsmount *mnt)
@@ -851,6 +852,7 @@ int is_current_mnt_ns(struct vfsmount *m
{
return check_mnt(real_mount(mnt));
}
@ -120,7 +108,7 @@ index e5a4a7f..6d0c376 100644
/*
* vfsmount lock must be held for write
@@ -1887,6 +1889,7 @@ int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg,
@@ -1887,6 +1889,7 @@ int iterate_mounts(int (*f)(struct vfsmo
}
return 0;
}
@ -128,8 +116,6 @@ index e5a4a7f..6d0c376 100644
static void cleanup_group_ids(struct mount *mnt, struct mount *end)
{
diff --git a/fs/notify/group.c b/fs/notify/group.c
index 3235753..14a2d48 100644
--- a/fs/notify/group.c
+++ b/fs/notify/group.c
@@ -22,6 +22,7 @@
@ -140,7 +126,7 @@ index 3235753..14a2d48 100644
#include <linux/fsnotify_backend.h>
#include "fsnotify.h"
@@ -109,6 +110,7 @@ void fsnotify_get_group(struct fsnotify_group *group)
@@ -109,6 +110,7 @@ void fsnotify_get_group(struct fsnotify_
{
atomic_inc(&group->refcnt);
}
@ -148,7 +134,7 @@ index 3235753..14a2d48 100644
/*
* Drop a reference to a group. Free it if it's through.
@@ -118,6 +120,7 @@ void fsnotify_put_group(struct fsnotify_group *group)
@@ -118,6 +120,7 @@ void fsnotify_put_group(struct fsnotify_
if (atomic_dec_and_test(&group->refcnt))
fsnotify_final_destroy_group(group);
}
@ -156,7 +142,7 @@ index 3235753..14a2d48 100644
/*
* Create a new fsnotify_group and hold a reference for the group returned.
@@ -147,6 +150,7 @@ struct fsnotify_group *fsnotify_alloc_group(const struct fsnotify_ops *ops)
@@ -147,6 +150,7 @@ struct fsnotify_group *fsnotify_alloc_gr
return group;
}
@ -164,19 +150,17 @@ index 3235753..14a2d48 100644
int fsnotify_fasync(int fd, struct file *file, int on)
{
diff --git a/fs/notify/mark.c b/fs/notify/mark.c
index 9991f88..117042c 100644
--- a/fs/notify/mark.c
+++ b/fs/notify/mark.c
@@ -118,6 +118,7 @@ static bool fsnotify_get_mark_safe(struct fsnotify_mark *mark)
{
return atomic_inc_not_zero(&mark->refcnt);
@@ -245,6 +245,7 @@ void fsnotify_put_mark(struct fsnotify_m
queue_delayed_work(system_unbound_wq, &reaper_work,
FSNOTIFY_REAPER_DELAY);
}
+EXPORT_SYMBOL_GPL(fsnotify_put_mark);
static void __fsnotify_recalc_mask(struct fsnotify_mark_connector *conn)
{
@@ -395,6 +396,7 @@ void fsnotify_destroy_mark(struct fsnotify_mark *mark,
/*
* Get mark reference when we found the mark via lockless traversal of object
@@ -392,6 +393,7 @@ void fsnotify_destroy_mark(struct fsnoti
mutex_unlock(&group->mark_mutex);
fsnotify_free_mark(mark);
}
@ -184,7 +168,7 @@ index 9991f88..117042c 100644
/*
* Sorting function for lists of fsnotify marks.
@@ -607,6 +609,7 @@ int fsnotify_add_mark_locked(struct fsnotify_mark *mark, struct inode *inode,
@@ -604,6 +606,7 @@ err:
fsnotify_put_mark(mark);
return ret;
}
@ -192,7 +176,7 @@ index 9991f88..117042c 100644
int fsnotify_add_mark(struct fsnotify_mark *mark, struct inode *inode,
struct vfsmount *mnt, int allow_dups)
@@ -742,6 +745,7 @@ void fsnotify_init_mark(struct fsnotify_mark *mark,
@@ -739,6 +742,7 @@ void fsnotify_init_mark(struct fsnotify_
fsnotify_get_group(group);
mark->group = group;
}
@ -200,11 +184,9 @@ index 9991f88..117042c 100644
/*
* Destroy all marks in destroy_list, waits for SRCU period to finish before
diff --git a/fs/open.c b/fs/open.c
index 7ea1184..6e2e241 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -64,6 +64,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
@@ -64,6 +64,7 @@ int do_truncate(struct dentry *dentry, l
inode_unlock(dentry->d_inode);
return ret;
}
@ -220,11 +202,9 @@ index 7ea1184..6e2e241 100644
static int do_dentry_open(struct file *f,
struct inode *inode,
diff --git a/fs/read_write.c b/fs/read_write.c
index 2388284..b2a68e5 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -454,6 +454,7 @@ ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos)
@@ -454,6 +454,7 @@ ssize_t vfs_read(struct file *file, char
return ret;
}
@ -240,7 +220,7 @@ index 2388284..b2a68e5 100644
vfs_writef_t vfs_writef(struct file *file)
{
@@ -505,6 +507,7 @@ vfs_writef_t vfs_writef(struct file *file)
@@ -505,6 +507,7 @@ vfs_writef_t vfs_writef(struct file *fil
return new_sync_write;
return ERR_PTR(-ENOSYS);
}
@ -248,7 +228,7 @@ index 2388284..b2a68e5 100644
ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos)
{
@@ -574,6 +577,7 @@ ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_
@@ -574,6 +577,7 @@ ssize_t vfs_write(struct file *file, con
return ret;
}
@ -256,11 +236,9 @@ index 2388284..b2a68e5 100644
static inline loff_t file_pos_read(struct file *file)
{
diff --git a/fs/splice.c b/fs/splice.c
index eb888c6..7ab89d2 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -850,6 +850,7 @@ long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
@@ -850,6 +850,7 @@ long do_splice_from(struct pipe_inode_in
return splice_write(pipe, out, ppos, len, flags);
}
@ -268,7 +246,7 @@ index eb888c6..7ab89d2 100644
/*
* Attempt to initiate a splice from a file to a pipe.
@@ -879,6 +880,7 @@ long do_splice_to(struct file *in, loff_t *ppos,
@@ -879,6 +880,7 @@ long do_splice_to(struct file *in, loff_
return splice_read(in, ppos, pipe, len, flags);
}
@ -276,11 +254,9 @@ index eb888c6..7ab89d2 100644
/**
* splice_direct_to_actor - splices data directly between two non-pipes
diff --git a/fs/sync.c b/fs/sync.c
index fe15900..e3386ea 100644
--- a/fs/sync.c
+++ b/fs/sync.c
@@ -39,6 +39,7 @@ int __sync_filesystem(struct super_block *sb, int wait)
@@ -39,6 +39,7 @@ int __sync_filesystem(struct super_block
sb->s_op->sync_fs(sb, wait);
return __sync_blockdev(sb->s_bdev, wait);
}
@ -288,11 +264,9 @@ index fe15900..e3386ea 100644
/*
* Write out and wait upon all dirty data associated with this
diff --git a/fs/xattr.c b/fs/xattr.c
index 61cd28b..35570cd 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -297,6 +297,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
@@ -297,6 +297,7 @@ vfs_getxattr_alloc(struct dentry *dentry
*xattr_value = value;
return error;
}
@ -300,11 +274,9 @@ index 61cd28b..35570cd 100644
ssize_t
__vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c
index bc97a97..895a1ba 100644
--- a/kernel/locking/lockdep.c
+++ b/kernel/locking/lockdep.c
@@ -155,6 +155,7 @@ inline struct lock_class *lockdep_hlock_class(struct held_lock *hlock)
@@ -155,6 +155,7 @@ inline struct lock_class *lockdep_hlock_
}
return lock_classes + hlock->class_idx - 1;
}
@ -312,8 +284,6 @@ index bc97a97..895a1ba 100644
#define hlock_class(hlock) lockdep_hlock_class(hlock)
#ifdef CONFIG_LOCK_STAT
diff --git a/kernel/task_work.c b/kernel/task_work.c
index 5718b3e..e6c64d9 100644
--- a/kernel/task_work.c
+++ b/kernel/task_work.c
@@ -116,3 +116,4 @@ void task_work_run(void)
@ -321,8 +291,6 @@ index 5718b3e..e6c64d9 100644
}
}
+EXPORT_SYMBOL_GPL(task_work_run);
diff --git a/security/commoncap.c b/security/commoncap.c
index fc46f5b..90543ef 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -1270,12 +1270,14 @@ int cap_mmap_addr(unsigned long addr)
@ -340,8 +308,6 @@ index fc46f5b..90543ef 100644
#ifdef CONFIG_SECURITY
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 5ef7e52..e2e959d 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -8,6 +8,7 @@
@ -352,7 +318,7 @@ index 5ef7e52..e2e959d 100644
#include <linux/list.h>
#include <linux/uaccess.h>
#include <linux/seq_file.h>
@@ -850,6 +851,7 @@ int __devcgroup_inode_permission(struct inode *inode, int mask)
@@ -850,6 +851,7 @@ int __devcgroup_inode_permission(struct
return __devcgroup_check_permission(type, imajor(inode), iminor(inode),
access);
}
@ -360,11 +326,9 @@ index 5ef7e52..e2e959d 100644
int devcgroup_inode_mknod(int mode, dev_t dev)
{
diff --git a/security/security.c b/security/security.c
index 4bf0f57..b30d1e1 100644
--- a/security/security.c
+++ b/security/security.c
@@ -530,6 +530,7 @@ int security_path_rmdir(const struct path *dir, struct dentry *dentry)
@@ -530,6 +530,7 @@ int security_path_rmdir(const struct pat
return 0;
return call_int_hook(path_rmdir, 0, dir, dentry);
}
@ -372,7 +336,7 @@ index 4bf0f57..b30d1e1 100644
int security_path_unlink(const struct path *dir, struct dentry *dentry)
{
@@ -546,6 +547,7 @@ int security_path_symlink(const struct path *dir, struct dentry *dentry,
@@ -546,6 +547,7 @@ int security_path_symlink(const struct p
return 0;
return call_int_hook(path_symlink, 0, dir, dentry, old_name);
}
@ -380,7 +344,7 @@ index 4bf0f57..b30d1e1 100644
int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
struct dentry *new_dentry)
@@ -554,6 +556,7 @@ int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
@@ -554,6 +556,7 @@ int security_path_link(struct dentry *ol
return 0;
return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry);
}
@ -388,7 +352,7 @@ index 4bf0f57..b30d1e1 100644
int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
const struct path *new_dir, struct dentry *new_dentry,
@@ -581,6 +584,7 @@ int security_path_truncate(const struct path *path)
@@ -581,6 +584,7 @@ int security_path_truncate(const struct
return 0;
return call_int_hook(path_truncate, 0, path);
}
@ -396,7 +360,7 @@ index 4bf0f57..b30d1e1 100644
int security_path_chmod(const struct path *path, umode_t mode)
{
@@ -588,6 +592,7 @@ int security_path_chmod(const struct path *path, umode_t mode)
@@ -588,6 +592,7 @@ int security_path_chmod(const struct pat
return 0;
return call_int_hook(path_chmod, 0, path, mode);
}
@ -404,7 +368,7 @@ index 4bf0f57..b30d1e1 100644
int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
{
@@ -595,6 +600,7 @@ int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
@@ -595,6 +600,7 @@ int security_path_chown(const struct pat
return 0;
return call_int_hook(path_chown, 0, path, uid, gid);
}
@ -412,7 +376,7 @@ index 4bf0f57..b30d1e1 100644
int security_path_chroot(const struct path *path)
{
@@ -680,6 +686,7 @@ int security_inode_readlink(struct dentry *dentry)
@@ -680,6 +686,7 @@ int security_inode_readlink(struct dentr
return 0;
return call_int_hook(inode_readlink, 0, dentry);
}
@ -420,7 +384,7 @@ index 4bf0f57..b30d1e1 100644
int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
bool rcu)
@@ -695,6 +702,7 @@ int security_inode_permission(struct inode *inode, int mask)
@@ -695,6 +702,7 @@ int security_inode_permission(struct ino
return 0;
return call_int_hook(inode_permission, 0, inode, mask);
}
@ -428,7 +392,7 @@ index 4bf0f57..b30d1e1 100644
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
{
@@ -866,6 +874,7 @@ int security_file_permission(struct file *file, int mask)
@@ -866,6 +874,7 @@ int security_file_permission(struct file
return fsnotify_perm(file, mask);
}
@ -436,7 +400,7 @@ index 4bf0f57..b30d1e1 100644
int security_file_alloc(struct file *file)
{
@@ -925,6 +934,7 @@ int security_mmap_file(struct file *file, unsigned long prot,
@@ -925,6 +934,7 @@ int security_mmap_file(struct file *file
return ret;
return ima_file_mmap(file, prot);
}

3
debian/patches/features/all/rt/mm-memcontrol-do_not_disable_irq.patch vendored
View File

@ -7,6 +7,7 @@ There are a few local_irq_disable() which then take sleeping locks. This
patch converts them local locks.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
[bwh: Adjust context after 4.14.4]
---
mm/memcontrol.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
@ -110,7 +111,7 @@ Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
memcg_check_events(memcg, page);
if (!mem_cgroup_is_root(memcg))
css_put(&memcg->css);
css_put_many(&memcg->css, nr_entries);
+ local_unlock_irqrestore(event_lock, flags);
}

565
debian/patches/features/all/rt/sched-rt-Simplify-the-IPI-based-RT-balancing-logic.patch vendored
View File

@ -1,565 +0,0 @@
From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
Date: Fri, 6 Oct 2017 14:05:04 -0400
Subject: [PATCH] sched/rt: Simplify the IPI based RT balancing logic
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.14/older/patches-4.14.1-rt3.tar.xz
Upstream commit 4bdced5c9a2922521e325896a7bbbf0132c94e56
When a CPU lowers its priority (schedules out a high priority task for a
lower priority one), a check is made to see if any other CPU has overloaded
RT tasks (more than one). It checks the rto_mask to determine this and if so
it will request to pull one of those tasks to itself if the non running RT
task is of higher priority than the new priority of the next task to run on
the current CPU.
When we deal with large number of CPUs, the original pull logic suffered
from large lock contention on a single CPU run queue, which caused a huge
latency across all CPUs. This was caused by only having one CPU having
overloaded RT tasks and a bunch of other CPUs lowering their priority. To
solve this issue, commit:
b6366f048e0c ("sched/rt: Use IPI to trigger RT task push migration instead of pulling")
changed the way to request a pull. Instead of grabbing the lock of the
overloaded CPU's runqueue, it simply sent an IPI to that CPU to do the work.
Although the IPI logic worked very well in removing the large latency build
up, it still could suffer from a large number of IPIs being sent to a single
CPU. On a 80 CPU box, I measured over 200us of processing IPIs. Worse yet,
when I tested this on a 120 CPU box, with a stress test that had lots of
RT tasks scheduling on all CPUs, it actually triggered the hard lockup
detector! One CPU had so many IPIs sent to it, and due to the restart
mechanism that is triggered when the source run queue has a priority status
change, the CPU spent minutes! processing the IPIs.
Thinking about this further, I realized there's no reason for each run queue
to send its own IPI. As all CPUs with overloaded tasks must be scanned
regardless if there's one or many CPUs lowering their priority, because
there's no current way to find the CPU with the highest priority task that
can schedule to one of these CPUs, there really only needs to be one IPI
being sent around at a time.
This greatly simplifies the code!
The new approach is to have each root domain have its own irq work, as the
rto_mask is per root domain. The root domain has the following fields
attached to it:
rto_push_work - the irq work to process each CPU set in rto_mask
rto_lock - the lock to protect some of the other rto fields
rto_loop_start - an atomic that keeps contention down on rto_lock
the first CPU scheduling in a lower priority task
is the one to kick off the process.
rto_loop_next - an atomic that gets incremented for each CPU that
schedules in a lower priority task.
rto_loop - a variable protected by rto_lock that is used to
compare against rto_loop_next
rto_cpu - The cpu to send the next IPI to, also protected by
the rto_lock.
When a CPU schedules in a lower priority task and wants to make sure
overloaded CPUs know about it. It increments the rto_loop_next. Then it
atomically sets rto_loop_start with a cmpxchg. If the old value is not "0",
then it is done, as another CPU is kicking off the IPI loop. If the old
value is "0", then it will take the rto_lock to synchronize with a possible
IPI being sent around to the overloaded CPUs.
If rto_cpu is greater than or equal to nr_cpu_ids, then there's either no
IPI being sent around, or one is about to finish. Then rto_cpu is set to the
first CPU in rto_mask and an IPI is sent to that CPU. If there's no CPUs set
in rto_mask, then there's nothing to be done.
When the CPU receives the IPI, it will first try to push any RT tasks that is
queued on the CPU but can't run because a higher priority RT task is
currently running on that CPU.
Then it takes the rto_lock and looks for the next CPU in the rto_mask. If it
finds one, it simply sends an IPI to that CPU and the process continues.
If there's no more CPUs in the rto_mask, then rto_loop is compared with
rto_loop_next. If they match, everything is done and the process is over. If
they do not match, then a CPU scheduled in a lower priority task as the IPI
was being passed around, and the process needs to start again. The first CPU
in rto_mask is sent the IPI.
This change removes this duplication of work in the IPI logic, and greatly
lowers the latency caused by the IPIs. This removed the lockup happening on
the 120 CPU machine. It also simplifies the code tremendously. What else
could anyone ask for?
Thanks to Peter Zijlstra for simplifying the rto_loop_start atomic logic and
supplying me with the rto_start_trylock() and rto_start_unlock() helper
functions.
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Clark Williams <williams@redhat.com>
Cc: Daniel Bristot de Oliveira <bristot@redhat.com>
Cc: John Kacur <jkacur@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Scott Wood <swood@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20170424114732.1aac6dc4@gandalf.local.home
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
---
kernel/sched/rt.c | 316 +++++++++++++++++-------------------------------
kernel/sched/sched.h | 24 ++-
kernel/sched/topology.c | 6
3 files changed, 138 insertions(+), 208 deletions(-)
--- a/kernel/sched/rt.c
+++ b/kernel/sched/rt.c
@@ -74,10 +74,6 @@ static void start_rt_bandwidth(struct rt
raw_spin_unlock(&rt_b->rt_runtime_lock);
}
-#if defined(CONFIG_SMP) && defined(HAVE_RT_PUSH_IPI)
-static void push_irq_work_func(struct irq_work *work);
-#endif
-
void init_rt_rq(struct rt_rq *rt_rq)
{
struct rt_prio_array *array;
@@ -97,13 +93,6 @@ void init_rt_rq(struct rt_rq *rt_rq)
rt_rq->rt_nr_migratory = 0;
rt_rq->overloaded = 0;
plist_head_init(&rt_rq->pushable_tasks);
-
-#ifdef HAVE_RT_PUSH_IPI
- rt_rq->push_flags = 0;
- rt_rq->push_cpu = nr_cpu_ids;
- raw_spin_lock_init(&rt_rq->push_lock);
- init_irq_work(&rt_rq->push_work, push_irq_work_func);
-#endif
#endif /* CONFIG_SMP */
/* We start is dequeued state, because no RT tasks are queued */
rt_rq->rt_queued = 0;
@@ -1876,241 +1865,166 @@ static void push_rt_tasks(struct rq *rq)
}
#ifdef HAVE_RT_PUSH_IPI
+
/*
- * The search for the next cpu always starts at rq->cpu and ends
- * when we reach rq->cpu again. It will never return rq->cpu.
- * This returns the next cpu to check, or nr_cpu_ids if the loop
- * is complete.
+ * When a high priority task schedules out from a CPU and a lower priority
+ * task is scheduled in, a check is made to see if there's any RT tasks
+ * on other CPUs that are waiting to run because a higher priority RT task
+ * is currently running on its CPU. In this case, the CPU with multiple RT
+ * tasks queued on it (overloaded) needs to be notified that a CPU has opened
+ * up that may be able to run one of its non-running queued RT tasks.
+ *
+ * All CPUs with overloaded RT tasks need to be notified as there is currently
+ * no way to know which of these CPUs have the highest priority task waiting
+ * to run. Instead of trying to take a spinlock on each of these CPUs,
+ * which has shown to cause large latency when done on machines with many
+ * CPUs, sending an IPI to the CPUs to have them push off the overloaded
+ * RT tasks waiting to run.
+ *
+ * Just sending an IPI to each of the CPUs is also an issue, as on large
+ * count CPU machines, this can cause an IPI storm on a CPU, especially
+ * if its the only CPU with multiple RT tasks queued, and a large number
+ * of CPUs scheduling a lower priority task at the same time.
+ *
+ * Each root domain has its own irq work function that can iterate over
+ * all CPUs with RT overloaded tasks. Since all CPUs with overloaded RT
+ * tassk must be checked if there's one or many CPUs that are lowering
+ * their priority, there's a single irq work iterator that will try to
+ * push off RT tasks that are waiting to run.
+ *
+ * When a CPU schedules a lower priority task, it will kick off the
+ * irq work iterator that will jump to each CPU with overloaded RT tasks.
+ * As it only takes the first CPU that schedules a lower priority task
+ * to start the process, the rto_start variable is incremented and if
+ * the atomic result is one, then that CPU will try to take the rto_lock.
+ * This prevents high contention on the lock as the process handles all
+ * CPUs scheduling lower priority tasks.
+ *
+ * All CPUs that are scheduling a lower priority task will increment the
+ * rt_loop_next variable. This will make sure that the irq work iterator
+ * checks all RT overloaded CPUs whenever a CPU schedules a new lower
+ * priority task, even if the iterator is in the middle of a scan. Incrementing
+ * the rt_loop_next will cause the iterator to perform another scan.
*
- * rq->rt.push_cpu holds the last cpu returned by this function,
- * or if this is the first instance, it must hold rq->cpu.
*/
static int rto_next_cpu(struct rq *rq)
{
- int prev_cpu = rq->rt.push_cpu;
+ struct root_domain *rd = rq->rd;
+ int next;
int cpu;
- cpu = cpumask_next(prev_cpu, rq->rd->rto_mask);
-
/*
- * If the previous cpu is less than the rq's CPU, then it already
- * passed the end of the mask, and has started from the beginning.
- * We end if the next CPU is greater or equal to rq's CPU.
+ * When starting the IPI RT pushing, the rto_cpu is set to -1,
+ * rt_next_cpu() will simply return the first CPU found in
+ * the rto_mask.
+ *
+ * If rto_next_cpu() is called with rto_cpu is a valid cpu, it
+ * will return the next CPU found in the rto_mask.
+ *
+ * If there are no more CPUs left in the rto_mask, then a check is made
+ * against rto_loop and rto_loop_next. rto_loop is only updated with
+ * the rto_lock held, but any CPU may increment the rto_loop_next
+ * without any locking.
*/
- if (prev_cpu < rq->cpu) {
- if (cpu >= rq->cpu)
- return nr_cpu_ids;
+ for (;;) {
- } else if (cpu >= nr_cpu_ids) {
- /*
- * We passed the end of the mask, start at the beginning.
- * If the result is greater or equal to the rq's CPU, then
- * the loop is finished.
- */
- cpu = cpumask_first(rq->rd->rto_mask);
- if (cpu >= rq->cpu)
- return nr_cpu_ids;
- }
- rq->rt.push_cpu = cpu;
+ /* When rto_cpu is -1 this acts like cpumask_first() */
+ cpu = cpumask_next(rd->rto_cpu, rd->rto_mask);
- /* Return cpu to let the caller know if the loop is finished or not */
- return cpu;
-}
+ rd->rto_cpu = cpu;
-static int find_next_push_cpu(struct rq *rq)
-{
- struct rq *next_rq;
- int cpu;
+ if (cpu < nr_cpu_ids)
+ return cpu;
- while (1) {
- cpu = rto_next_cpu(rq);
- if (cpu >= nr_cpu_ids)
- break;
- next_rq = cpu_rq(cpu);
+ rd->rto_cpu = -1;
+
+ /*
+ * ACQUIRE ensures we see the @rto_mask changes
+ * made prior to the @next value observed.
+ *
+ * Matches WMB in rt_set_overload().
+ */
+ next = atomic_read_acquire(&rd->rto_loop_next);
- /* Make sure the next rq can push to this rq */
- if (next_rq->rt.highest_prio.next < rq->rt.highest_prio.curr)
+ if (rd->rto_loop == next)
break;
+
+ rd->rto_loop = next;
}
- return cpu;
+ return -1;
}
-#define RT_PUSH_IPI_EXECUTING 1
-#define RT_PUSH_IPI_RESTART 2
+static inline bool rto_start_trylock(atomic_t *v)
+{
+ return !atomic_cmpxchg_acquire(v, 0, 1);
+}
-/*
- * When a high priority task schedules out from a CPU and a lower priority
- * task is scheduled in, a check is made to see if there's any RT tasks
- * on other CPUs that are waiting to run because a higher priority RT task
- * is currently running on its CPU. In this case, the CPU with multiple RT
- * tasks queued on it (overloaded) needs to be notified that a CPU has opened
- * up that may be able to run one of its non-running queued RT tasks.
- *
- * On large CPU boxes, there's the case that several CPUs could schedule
- * a lower priority task at the same time, in which case it will look for
- * any overloaded CPUs that it could pull a task from. To do this, the runqueue
- * lock must be taken from that overloaded CPU. Having 10s of CPUs all fighting
- * for a single overloaded CPU's runqueue lock can produce a large latency.
- * (This has actually been observed on large boxes running cyclictest).
- * Instead of taking the runqueue lock of the overloaded CPU, each of the
- * CPUs that scheduled a lower priority task simply sends an IPI to the
- * overloaded CPU. An IPI is much cheaper than taking an runqueue lock with
- * lots of contention. The overloaded CPU will look to push its non-running
- * RT task off, and if it does, it can then ignore the other IPIs coming
- * in, and just pass those IPIs off to any other overloaded CPU.
- *
- * When a CPU schedules a lower priority task, it only sends an IPI to
- * the "next" CPU that has overloaded RT tasks. This prevents IPI storms,
- * as having 10 CPUs scheduling lower priority tasks and 10 CPUs with
- * RT overloaded tasks, would cause 100 IPIs to go out at once.
- *
- * The overloaded RT CPU, when receiving an IPI, will try to push off its
- * overloaded RT tasks and then send an IPI to the next CPU that has
- * overloaded RT tasks. This stops when all CPUs with overloaded RT tasks
- * have completed. Just because a CPU may have pushed off its own overloaded
- * RT task does not mean it should stop sending the IPI around to other
- * overloaded CPUs. There may be another RT task waiting to run on one of
- * those CPUs that are of higher priority than the one that was just
- * pushed.
- *
- * An optimization that could possibly be made is to make a CPU array similar
- * to the cpupri array mask of all running RT tasks, but for the overloaded
- * case, then the IPI could be sent to only the CPU with the highest priority
- * RT task waiting, and that CPU could send off further IPIs to the CPU with
- * the next highest waiting task. Since the overloaded case is much less likely
- * to happen, the complexity of this implementation may not be worth it.
- * Instead, just send an IPI around to all overloaded CPUs.
- *
- * The rq->rt.push_flags holds the status of the IPI that is going around.
- * A run queue can only send out a single IPI at a time. The possible flags
- * for rq->rt.push_flags are:
- *
- * (None or zero): No IPI is going around for the current rq
- * RT_PUSH_IPI_EXECUTING: An IPI for the rq is being passed around
- * RT_PUSH_IPI_RESTART: The priority of the running task for the rq
- * has changed, and the IPI should restart
- * circulating the overloaded CPUs again.
- *
- * rq->rt.push_cpu contains the CPU that is being sent the IPI. It is updated
- * before sending to the next CPU.
- *
- * Instead of having all CPUs that schedule a lower priority task send
- * an IPI to the same "first" CPU in the RT overload mask, they send it
- * to the next overloaded CPU after their own CPU. This helps distribute
- * the work when there's more than one overloaded CPU and multiple CPUs
- * scheduling in lower priority tasks.
- *
- * When a rq schedules a lower priority task than what was currently
- * running, the next CPU with overloaded RT tasks is examined first.
- * That is, if CPU 1 and 5 are overloaded, and CPU 3 schedules a lower
- * priority task, it will send an IPI first to CPU 5, then CPU 5 will
- * send to CPU 1 if it is still overloaded. CPU 1 will clear the
- * rq->rt.push_flags if RT_PUSH_IPI_RESTART is not set.
- *
- * The first CPU to notice IPI_RESTART is set, will clear that flag and then
- * send an IPI to the next overloaded CPU after the rq->cpu and not the next
- * CPU after push_cpu. That is, if CPU 1, 4 and 5 are overloaded when CPU 3
- * schedules a lower priority task, and the IPI_RESTART gets set while the
- * handling is being done on CPU 5, it will clear the flag and send it back to
- * CPU 4 instead of CPU 1.
- *
- * Note, the above logic can be disabled by turning off the sched_feature
- * RT_PUSH_IPI. Then the rq lock of the overloaded CPU will simply be
- * taken by the CPU requesting a pull and the waiting RT task will be pulled
- * by that CPU. This may be fine for machines with few CPUs.
- */
-static void tell_cpu_to_push(struct rq *rq)
+static inline void rto_start_unlock(atomic_t *v)
{
- int cpu;
+ atomic_set_release(v, 0);
+}
- if (rq->rt.push_flags & RT_PUSH_IPI_EXECUTING) {
- raw_spin_lock(&rq->rt.push_lock);
- /* Make sure it's still executing */
- if (rq->rt.push_flags & RT_PUSH_IPI_EXECUTING) {
- /*
- * Tell the IPI to restart the loop as things have
- * changed since it started.
- */
- rq->rt.push_flags |= RT_PUSH_IPI_RESTART;
- raw_spin_unlock(&rq->rt.push_lock);
- return;
- }
- raw_spin_unlock(&rq->rt.push_lock);
- }
+static void tell_cpu_to_push(struct rq *rq)
+{
+ int cpu = -1;
- /* When here, there's no IPI going around */
+ /* Keep the loop going if the IPI is currently active */
+ atomic_inc(&rq->rd->rto_loop_next);
- rq->rt.push_cpu = rq->cpu;
- cpu = find_next_push_cpu(rq);
- if (cpu >= nr_cpu_ids)
+ /* Only one CPU can initiate a loop at a time */
+ if (!rto_start_trylock(&rq->rd->rto_loop_start))
return;
- rq->rt.push_flags = RT_PUSH_IPI_EXECUTING;
+ raw_spin_lock(&rq->rd->rto_lock);
- irq_work_queue_on(&rq->rt.push_work, cpu);
+ /*
+ * The rto_cpu is updated under the lock, if it has a valid cpu
+ * then the IPI is still running and will continue due to the
+ * update to loop_next, and nothing needs to be done here.
+ * Otherwise it is finishing up and an ipi needs to be sent.
+ */
+ if (rq->rd->rto_cpu < 0)
+ cpu = rto_next_cpu(rq);
+
+ raw_spin_unlock(&rq->rd->rto_lock);
+
+ rto_start_unlock(&rq->rd->rto_loop_start);
+
+ if (cpu >= 0)
+ irq_work_queue_on(&rq->rd->rto_push_work, cpu);
}
/* Called from hardirq context */
-static void try_to_push_tasks(void *arg)
+void rto_push_irq_work_func(struct irq_work *work)
{
- struct rt_rq *rt_rq = arg;
- struct rq *rq, *src_rq;
- int this_cpu;
+ struct rq *rq;
int cpu;
- this_cpu = rt_rq->push_cpu;
+ rq = this_rq();
- /* Paranoid check */
- BUG_ON(this_cpu != smp_processor_id());
-
- rq = cpu_rq(this_cpu);
- src_rq = rq_of_rt_rq(rt_rq);
-
-again:
+ /*
+ * We do not need to grab the lock to check for has_pushable_tasks.
+ * When it gets updated, a check is made if a push is possible.
+ */
if (has_pushable_tasks(rq)) {
raw_spin_lock(&rq->lock);
- push_rt_task(rq);
+ push_rt_tasks(rq);
raw_spin_unlock(&rq->lock);
}
- /* Pass the IPI to the next rt overloaded queue */
- raw_spin_lock(&rt_rq->push_lock);
- /*
- * If the source queue changed since the IPI went out,
- * we need to restart the search from that CPU again.
- */
- if (rt_rq->push_flags & RT_PUSH_IPI_RESTART) {
- rt_rq->push_flags &= ~RT_PUSH_IPI_RESTART;
- rt_rq->push_cpu = src_rq->cpu;
- }
+ raw_spin_lock(&rq->rd->rto_lock);
- cpu = find_next_push_cpu(src_rq);
+ /* Pass the IPI to the next rt overloaded queue */
+ cpu = rto_next_cpu(rq);
- if (cpu >= nr_cpu_ids)
- rt_rq->push_flags &= ~RT_PUSH_IPI_EXECUTING;
- raw_spin_unlock(&rt_rq->push_lock);
+ raw_spin_unlock(&rq->rd->rto_lock);
- if (cpu >= nr_cpu_ids)
+ if (cpu < 0)
return;
- /*
- * It is possible that a restart caused this CPU to be
- * chosen again. Don't bother with an IPI, just see if we
- * have more to push.
- */
- if (unlikely(cpu == rq->cpu))
- goto again;
-
/* Try the next RT overloaded CPU */
- irq_work_queue_on(&rt_rq->push_work, cpu);
-}
-
-static void push_irq_work_func(struct irq_work *work)
-{
- struct rt_rq *rt_rq = container_of(work, struct rt_rq, push_work);
-
- try_to_push_tasks(rt_rq);
+ irq_work_queue_on(&rq->rd->rto_push_work, cpu);
}
#endif /* HAVE_RT_PUSH_IPI */
--- a/kernel/sched/sched.h
+++ b/kernel/sched/sched.h
@@ -502,7 +502,7 @@ static inline int rt_bandwidth_enabled(v
}
/* RT IPI pull logic requires IRQ_WORK */
-#ifdef CONFIG_IRQ_WORK
+#if defined(CONFIG_IRQ_WORK) && defined(CONFIG_SMP)
# define HAVE_RT_PUSH_IPI
#endif
@@ -524,12 +524,6 @@ struct rt_rq {
unsigned long rt_nr_total;
int overloaded;
struct plist_head pushable_tasks;
-#ifdef HAVE_RT_PUSH_IPI
- int push_flags;
- int push_cpu;
- struct irq_work push_work;
- raw_spinlock_t push_lock;
-#endif
#endif /* CONFIG_SMP */
int rt_queued;
@@ -638,6 +632,19 @@ struct root_domain {
struct dl_bw dl_bw;
struct cpudl cpudl;
+#ifdef HAVE_RT_PUSH_IPI
+ /*
+ * For IPI pull requests, loop across the rto_mask.
+ */
+ struct irq_work rto_push_work;
+ raw_spinlock_t rto_lock;
+ /* These are only updated and read within rto_lock */
+ int rto_loop;
+ int rto_cpu;
+ /* These atomics are updated outside of a lock */
+ atomic_t rto_loop_next;
+ atomic_t rto_loop_start;
+#endif
/*
* The "RT overload" flag: it gets set if a CPU has more than
* one runnable RT task.
@@ -655,6 +662,9 @@ extern void init_defrootdomain(void);
extern int sched_init_domains(const struct cpumask *cpu_map);
extern void rq_attach_root(struct rq *rq, struct root_domain *rd);
+#ifdef HAVE_RT_PUSH_IPI
+extern void rto_push_irq_work_func(struct irq_work *work);
+#endif
#endif /* CONFIG_SMP */
/*
--- a/kernel/sched/topology.c
+++ b/kernel/sched/topology.c
@@ -269,6 +269,12 @@ static int init_rootdomain(struct root_d
if (!zalloc_cpumask_var(&rd->rto_mask, GFP_KERNEL))
goto free_dlo_mask;
+#ifdef HAVE_RT_PUSH_IPI
+ rd->rto_cpu = -1;
+ raw_spin_lock_init(&rd->rto_lock);
+ init_irq_work(&rd->rto_push_work, rto_push_irq_work_func);
+#endif
+
init_dl_bw(&rd->dl_bw);
if (cpudl_init(&rd->cpudl) != 0)
goto free_rto_mask;

5
debian/patches/series vendored
View File

@ -80,7 +80,6 @@ bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch
bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch
bugfix/all/i40e-i40evf-organize-and-re-number-feature-flags.patch
bugfix/all/i40e-fix-flags-declaration.patch
bugfix/all/apparmor-fix-oops-in-audit_signal_cb-hook.patch
bugfix/all/xen-time-do-not-decrease-steal-time-after-live-migra.patch
# Miscellaneous features
@ -117,10 +116,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
# Security fixes
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
bugfix/all/media-cx231xx-cards-fix-null-deref-on-missing-associ.patch
bugfix/all/media-dvb-core-always-call-invoke_release-in-fe_free.patch
bugfix/all/dvb_frontend-don-t-use-after-free-the-frontend-struc.patch
bugfix/all/mm-thp-Do-not-make-page-table-dirty-unconditionally-.patch
# Fix exported symbol versions
bugfix/all/module-disable-matching-missing-version-crc.patch

1
debian/patches/series-rt vendored
View File

@ -6,7 +6,6 @@
# UPSTREAM changes queued
############################################################
features/all/rt/rcu-Suppress-lockdep-false-positive-boost_mtx-compla.patch
features/all/rt/sched-rt-Simplify-the-IPI-based-RT-balancing-logic.patch
############################################################
# UPSTREAM FIXES, patches pending