Update to 4.14.7
Drop patches applied upstream, and fix a few conflicts.
This commit is contained in:
parent
a865f2fdb7
commit
9e0441b20a
|
@ -1,4 +1,505 @@
|
|||
linux (4.14.2-2) UNRELEASED; urgency=medium
|
||||
linux (4.14.7-1) UNRELEASED; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3
|
||||
- [s390x] fix transactional execution control register handling
|
||||
- [s390x] noexec: execute kexec datamover without DAT
|
||||
- [s390x] runtime instrumention: fix possible memory corruption
|
||||
- [s390x] guarded storage: fix possible memory corruption
|
||||
- [s390x] disassembler: add missing end marker for e7 table
|
||||
- [s390x] disassembler: increase show_code buffer size
|
||||
- ACPI / PM: Fix acpi_pm_notifier_lock vs flush_workqueue() deadlock
|
||||
- ACPI / EC: Fix regression related to triggering source of EC event
|
||||
handling
|
||||
- cpufreq: schedutil: Reset cached_raw_freq when not in sync with next_freq
|
||||
- serdev: fix registration of second slave
|
||||
- sched: Make resched_cpu() unconditional
|
||||
- lib/mpi: call cond_resched() from mpi_powm() loop
|
||||
- [x86] boot: Fix boot failure when SMP MP-table is based at 0
|
||||
- [x86] decoder: Add new TEST instruction pattern
|
||||
- [amd64] entry: Fix entry_SYSCALL_64_after_hwframe() IRQ tracing
|
||||
- [x86] perf: intel: Hide TSX events when RTM is not supported
|
||||
- [arm64] Implement arch-specific pte_access_permitted()
|
||||
- [armhf/armmp-lpae] 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE
|
||||
- [armhf/armmp-lpae] 8721/1: mm: dump: check hardware RO bit for LPAE
|
||||
- uapi: fix linux/tls.h userspace compilation error
|
||||
- uapi: fix linux/rxrpc.h userspace compilation errors
|
||||
- [mips*/4kc-malta] cmpxchg64() and HAVE_VIRT_CPU_ACCOUNTING_GEN don't work
|
||||
for 32-bit SMP
|
||||
- [armhf,arm64] net: mvneta: fix handling of the Tx descriptor counter
|
||||
- nbd: wait uninterruptible for the dead timeout
|
||||
- nbd: don't start req until after the dead connection logic
|
||||
- PM / OPP: Add missing of_node_put(np)
|
||||
- PCI/ASPM: Account for downstream device's Port Common_Mode_Restore_Time
|
||||
- PCI/ASPM: Use correct capability pointer to program LTR_L1.2_THRESHOLD
|
||||
- [x86] PCI: hv: Use effective affinity mask
|
||||
- [arm64] PCI: Set Cavium ACS capability quirk flags to assert RR/CR/SV/UF
|
||||
- [arm64] PCI: Apply Cavium ThunderX ACS quirk to more Root Ports
|
||||
- dm integrity: allow unaligned bv_offset
|
||||
- dm cache: fix race condition in the writeback mode overwrite_bio
|
||||
optimisation
|
||||
- dm crypt: allow unaligned bv_offset
|
||||
- dm zoned: ignore last smaller runt zone
|
||||
- dm mpath: remove annoying message of 'blk_get_request() returned -11'
|
||||
- dm bufio: fix integer overflow when limiting maximum cache size
|
||||
- ovl: Put upperdentry if ovl_check_origin() fails
|
||||
- dm: allocate struct mapped_device with kvzalloc
|
||||
- sched/rt: Simplify the IPI based RT balancing logic
|
||||
- dm: fix race between dm_get_from_kobject() and __dm_destroy()
|
||||
- dm: discard support requires all targets in a table support discards
|
||||
- [mips*] Fix odd fp register warnings with MIPS64r2
|
||||
- [mips*/4kc-malta] Fix MIPS64 FP save/restore on 32-bit kernels
|
||||
- [mips*] dts: remove bogus bcm96358nb4ser.dtb from dtb-y entry
|
||||
- [mips*] Fix an n32 core file generation regset support regression
|
||||
- [mips*] math-emu: Fix final emulation phase for certain instructions
|
||||
- rt2x00usb: mark device removed when get ENOENT usb error
|
||||
- mm/z3fold.c: use kref to prevent page free/compact race
|
||||
- autofs: don't fail mount for transient error
|
||||
- nilfs2: fix race condition that causes file system corruption
|
||||
- fscrypt: lock mutex before checking for bounce page pool
|
||||
- eCryptfs: use after free in ecryptfs_release_messaging()
|
||||
- libceph: don't WARN() if user tries to add invalid key
|
||||
- bcache: check ca->alloc_thread initialized before wake up it
|
||||
- fs: guard_bio_eod() needs to consider partitions
|
||||
- fanotify: fix fsnotify_prepare_user_wait() failure
|
||||
- isofs: fix timestamps beyond 2027
|
||||
- btrfs: change how we decide to commit transactions during flushing
|
||||
- f2fs: expose some sectors to user in inline data or dentry case
|
||||
- NFS: Fix typo in nomigration mount option
|
||||
- NFS: Revert "NFS: Move the flock open mode check into nfs_flock()"
|
||||
- nfs: Fix ugly referral attributes
|
||||
- NFS: Avoid RCU usage in tracepoints
|
||||
- NFS: revalidate "." etc correctly on "open".
|
||||
- nfsd: deal with revoked delegations appropriately
|
||||
- rtlwifi: rtl8192ee: Fix memory leak when loading firmware
|
||||
- rtlwifi: fix uninitialized rtlhal->last_suspend_sec time
|
||||
- iwlwifi: fix firmware names for 9000 and A000 series hw
|
||||
- md: fix deadlock error in recent patch.
|
||||
- md: don't check MD_SB_CHANGE_CLEAN in md_allow_write
|
||||
- Bluetooth: btqcomsmd: Add support for BD address setup
|
||||
- md/bitmap: revert a patch
|
||||
- fsnotify: clean up fsnotify_prepare/finish_user_wait()
|
||||
- fsnotify: pin both inode and vfsmount mark
|
||||
- fsnotify: fix pinning group in fsnotify_prepare_user_wait()
|
||||
- ata: fixes kernel crash while tracing ata_eh_link_autopsy event
|
||||
- ext4: fix interaction between i_size, fallocate, and delalloc after a
|
||||
crash
|
||||
- ext4: prevent data corruption with inline data + DAX
|
||||
- ext4: prevent data corruption with journaling + DAX
|
||||
- ALSA: pcm: update tstamp only if audio_tstamp changed
|
||||
- ALSA: usb-audio: Add sanity checks to FE parser
|
||||
- ALSA: usb-audio: Fix potential out-of-bound access at parsing SU
|
||||
- ALSA: usb-audio: Add sanity checks in v2 clock parsers
|
||||
- ALSA: timer: Remove kernel warning at compat ioctl error paths
|
||||
- ALSA: hda/realtek - Fix ALC275 no sound issue
|
||||
- ALSA: hda: Fix too short HDMI/DP chmap reporting
|
||||
- ALSA: hda - Fix yet remaining issue with vmaster 0dB initialization
|
||||
- ALSA: hda/realtek - Fix ALC700 family no sound issue
|
||||
- [x86] mfd: lpc_ich: Avoton/Rangeley uses SPI_BYT method
|
||||
- fix a page leak in vhost_scsi_iov_to_sgl() error recovery
|
||||
- 9p: Fix missing commas in mount options
|
||||
- fs/9p: Compare qid.path in v9fs_test_inode
|
||||
- net/9p: Switch to wait_event_killable()
|
||||
- scsi: qla2xxx: Suppress a kernel complaint in qla_init_base_qpair()
|
||||
- scsi: sd_zbc: Fix sd_zbc_read_zoned_characteristics()
|
||||
- scsi: lpfc: fix pci hot plug crash in timer management routines
|
||||
- scsi: lpfc: fix pci hot plug crash in list_add call
|
||||
- scsi: lpfc: Fix crash receiving ELS while detaching driver
|
||||
- scsi: lpfc: Fix FCP hba_wqidx assignment
|
||||
- scsi: lpfc: Fix oops if nvmet_fc_register_targetport fails
|
||||
- iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
|
||||
- iscsi-target: Fix non-immediate TMR reference leak
|
||||
- target: fix null pointer regression in core_tmr_drain_tmr_list
|
||||
- target: fix buffer offset in core_scsi3_pri_read_full_status
|
||||
- target: Fix QUEUE_FULL + SCSI task attribute handling
|
||||
- target: Fix caw_sem leak in transport_generic_request_failure
|
||||
- target: Fix quiese during transport_write_pending_qf endless loop
|
||||
- target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
|
||||
- mtd: Avoid probe failures when mtd->dbg.dfs_dir is invalid
|
||||
- mtd: nand: atmel: Actually use the PM ops
|
||||
- mtd: nand: omap2: Fix subpage write
|
||||
- mtd: nand: Fix writing mtdoops to nand flash.
|
||||
- mtd: nand: mtk: fix infinite ECC decode IRQ issue
|
||||
- p54: don't unregister leds when they are not initialized
|
||||
- block: Fix a race between blk_cleanup_queue() and timeout handling
|
||||
- raid1: prevent freeze_array/wait_all_barriers deadlock
|
||||
- genirq: Track whether the trigger type has been set
|
||||
- [armhf,arm64] irqchip/gic-v3: Fix ppi-partitions lookup
|
||||
- lockd: double unregister of inetaddr notifiers
|
||||
- [powerpc*] KVM: Book3S HV: Don't call real-mode XICS hypercall handlers
|
||||
if not enabled
|
||||
- [x86] KVM: nVMX: set IDTR and GDTR limits when loading L1 host state
|
||||
- [x86] KVM: SVM: obey guest PAT
|
||||
- [x86] kvm: vmx: Reinstate support for CPUs without virtual NMI
|
||||
(Closes: #884482)
|
||||
- dax: fix PMD faults on zero-length files
|
||||
- dax: fix general protection fault in dax_alloc_inode
|
||||
- SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status
|
||||
- [armhf] clk: ti: dra7-atl-clock: fix child-node lookups
|
||||
- libnvdimm, dimm: clear 'locked' status on successful DIMM enable
|
||||
- libnvdimm, pfn: make 'resource' attribute only readable by root
|
||||
- libnvdimm, namespace: fix label initialization to use valid seq numbers
|
||||
- libnvdimm, region : make 'resource' attribute only readable by root
|
||||
- libnvdimm, namespace: make 'resource' attribute only readable by root
|
||||
- svcrdma: Preserve CB send buffer across retransmits
|
||||
- IB/srpt: Do not accept invalid initiator port names
|
||||
- IB/cm: Fix memory corruption in handling CM request
|
||||
- IB/hfi1: Fix incorrect available receive user context count
|
||||
- IB/srp: Avoid that a cable pull can trigger a kernel crash
|
||||
- IB/core: Avoid crash on pkey enforcement failed in received MADs
|
||||
- IB/core: Only maintain real QPs in the security lists
|
||||
- NFC: fix device-allocation error return
|
||||
- spi-nor: intel-spi: Fix broken software sequencing codes
|
||||
- fm10k,i40e,i40evf,igb,igbvf,ixgbe,ixgbevf: Use smp_rmb rather than
|
||||
read_barrier_depends
|
||||
- [hppa] Fix validity check of pointer size argument in new CAS
|
||||
implementation
|
||||
- [powerpc*] Fix boot on BOOK3S_32 with CONFIG_STRICT_KERNEL_RWX
|
||||
- [powerpc*] mm/radix: Fix crashes on Power9 DD1 with radix MMU and
|
||||
STRICT_RWX
|
||||
- [powerpc*] perf/imc: Use cpu_to_node() not topology_physical_package_id()
|
||||
- [powerpc*] signal: Properly handle return value from uprobe_deny_signal()
|
||||
- [powerpc*] 64s: Fix masking of SRR1 bits on instruction fault
|
||||
- [powerpc*] 64s/radix: Fix 128TB-512TB virtual address boundary case
|
||||
allocation
|
||||
- [powerpc*] 64s/hash: Fix 512T hint detection to use >= 128T
|
||||
- [powerpc*] 64s/hash: Fix 128TB-512TB virtual address boundary case
|
||||
allocation
|
||||
- [powerpc*] 64s/hash: Fix fork() with 512TB process address space
|
||||
- [powerpc*] 64s/hash: Allow MAP_FIXED allocations to cross 128TB boundary
|
||||
- media: Don't do DMA on stack for firmware upload in the AS102 driver
|
||||
- media: rc: check for integer overflow
|
||||
- media: rc: nec decoder should not send both repeat and keycode
|
||||
- media: v4l2-ctrl: Fix flags field on Control events
|
||||
- [arm64] media: venus: fix wrong size on dma_free
|
||||
- [arm64] media: venus: venc: fix bytesused v4l2_plane field
|
||||
- [arm64] media: venus: reimplement decoder stop command
|
||||
- [arm64] dts: meson-gxl: Add alternate ARM Trusted Firmware reserved
|
||||
memory zone
|
||||
- iwlwifi: fix wrong struct for a000 device
|
||||
- iwlwifi: fix PCI IDs and configuration mapping for 9000 series
|
||||
- iwlwifi: mvm: support version 7 of the SCAN_REQ_UMAC FW command
|
||||
- e1000e: Fix error path in link detection
|
||||
- e1000e: Fix return value test
|
||||
- e1000e: Separate signaling for link check/link up
|
||||
- e1000e: Avoid receiver overrun interrupt bursts
|
||||
- e1000e: fix buffer overrun while the I219 is processing DMA transactions
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4
|
||||
- [x86]: platform: hp-wmi: Fix tablet mode detection for convertibles
|
||||
- mm, memory_hotplug: do not back off draining pcp free pages from kworker
|
||||
context
|
||||
- mm, oom_reaper: gather each vma to prevent leaking TLB entry
|
||||
- [armhf,arm64] mm/cma: fix alloc_contig_range ret code/potential leak
|
||||
- mm: fix device-dax pud write-faults triggered by get_user_pages()
|
||||
- mm, hugetlbfs: introduce ->split() to vm_operations_struct
|
||||
- device-dax: implement ->split() to catch invalid munmap attempts
|
||||
- mm: introduce get_user_pages_longterm
|
||||
- mm: fail get_vaddr_frames() for filesystem-dax mappings
|
||||
- v4l2: disable filesystem-dax mapping support
|
||||
- IB/core: disable memory registration of filesystem-dax vmas
|
||||
- exec: avoid RLIMIT_STACK races with prlimit()
|
||||
- mm/madvise.c: fix madvise() infinite loop under special circumstances
|
||||
- mm: migrate: fix an incorrect call of prep_transhuge_page()
|
||||
- mm, memcg: fix mem_cgroup_swapout() for THPs
|
||||
- fs/fat/inode.c: fix sb_rdonly() change
|
||||
- autofs: revert "autofs: take more care to not update last_used on path
|
||||
walk"
|
||||
- autofs: revert "autofs: fix AT_NO_AUTOMOUNT not being honored"
|
||||
- mm/hugetlb: fix NULL-pointer dereference on 5-level paging machine
|
||||
- btrfs: clear space cache inode generation always
|
||||
- nfsd: Fix stateid races between OPEN and CLOSE
|
||||
- nfsd: Fix another OPEN stateid race
|
||||
- nfsd: fix panic in posix_unblock_lock called from nfs4_laundromat
|
||||
- crypto: algif_aead - skip SGL entries with NULL page
|
||||
- crypto: af_alg - remove locking in async callback
|
||||
- crypto: skcipher - Fix skcipher_walk_aead_common
|
||||
- lockd: lost rollback of set_grace_period() in lockd_down_net()
|
||||
- [s390x] revert ELF_ET_DYN_BASE base changes
|
||||
- [armhf] drm: omapdrm: Fix DPI on platforms using the DSI VDDS
|
||||
- [armhf] omapdrm: hdmi4: Correct the SoC revision matching
|
||||
- [arm64] module-plts: factor out PLT generation code for ftrace
|
||||
- [arm64] ftrace: emit ftrace-mod.o contents through code
|
||||
- [powerpc*] powernv: Fix kexec crashes caused by tlbie tracing
|
||||
- [powerpc*] kexec: Fix kexec/kdump in P9 guest kernels
|
||||
- [x86] KVM: pvclock: Handle first-time write to pvclock-page contains
|
||||
random junk
|
||||
- [x86] KVM: Exit to user-mode on #UD intercept when emulator requires
|
||||
- [x86] KVM: inject exceptions produced by x86_decode_insn
|
||||
- [x86] KVM: lapic: Split out x2apic ldr calculation
|
||||
- [x86] KVM: lapic: Fixup LDR on load in x2apic
|
||||
- mmc: sdhci: Avoid swiotlb buffer being full
|
||||
- mmc: block: Fix missing blk_put_request()
|
||||
- mmc: block: Check return value of blk_get_request()
|
||||
- mmc: core: Do not leave the block driver in a suspended state
|
||||
- mmc: block: Ensure that debugfs files are removed
|
||||
- mmc: core: prepend 0x to pre_eol_info entry in sysfs
|
||||
- mmc: core: prepend 0x to OCR entry in sysfs
|
||||
- ACPI / EC: Fix regression related to PM ops support in ECDT device
|
||||
- eeprom: at24: fix reading from 24MAC402/24MAC602
|
||||
- eeprom: at24: correctly set the size for at24mac402
|
||||
- eeprom: at24: check at24_read/write arguments
|
||||
- [alpha,x86] i2c: i801: Fix Failed to allocate irq -2147483648 error
|
||||
- bcache: Fix building error on MIPS
|
||||
- bcache: only permit to recovery read error when cache device is clean
|
||||
- bcache: recover data from backing when data is clean
|
||||
- hwmon: (jc42) optionally try to disable the SMBUS timeout
|
||||
- nvme-pci: add quirk for delay before CHK RDY for WDC SN200
|
||||
- Revert "drm/radeon: dont switch vt on suspend"
|
||||
- drm/amdgpu: potential uninitialized variable in amdgpu_vce_ring_parse_cs()
|
||||
- drm/amdgpu: Potential uninitialized variable in
|
||||
amdgpu_vm_update_directories()
|
||||
- drm/amdgpu: correct reference clock value on vega10
|
||||
- drm/amdgpu: fix error handling in amdgpu_bo_do_create
|
||||
- drm/amdgpu: Properly allocate VM invalidate eng v2
|
||||
- drm/amdgpu: Remove check which is not valid for certain VBIOS
|
||||
- drm/ttm: fix ttm_bo_cleanup_refs_or_queue once more
|
||||
- dma-buf: make reservation_object_copy_fences rcu save
|
||||
- drm/amdgpu: reserve root PD while releasing it
|
||||
- drm/ttm: Always and only destroy bo->ttm_resv in ttm_bo_release_list
|
||||
- drm/vblank: Fix flip event vblank count
|
||||
- drm/vblank: Tune drm_crtc_accurate_vblank_count() WARN down to a debug
|
||||
- drm/tilcdc: Precalculate total frametime in tilcdc_crtc_set_mode()
|
||||
- drm/radeon: fix atombios on big endian
|
||||
- drm/panel: simple: Add missing panel_simple_unprepare() calls
|
||||
- [arm64] drm/hisilicon: Ensure LDI regs are properly configured.
|
||||
- drm/ttm: once more fix ttm_buffer_object_transfer
|
||||
- drm/amd/pp: fix typecast error in powerplay.
|
||||
- drm/fb_helper: Disable all crtc's when initial setup fails.
|
||||
- drm/edid: Don't send non-zero YQ in AVI infoframe for HDMI 1.x sinks
|
||||
- drm/amdgpu: move UVD/VCE and VCN structure out from union
|
||||
- drm/amdgpu: Set adev->vcn.irq.num_types for VCN
|
||||
- IB/core: Do not warn on lid conversions for OPA
|
||||
- IB/hfi1: Do not warn on lid conversions for OPA
|
||||
- e1000e: fix the use of magic numbers for buffer overrun issue
|
||||
- md: forbid a RAID5 from having both a bitmap and a journal.
|
||||
- [x86] drm/i915: Fix false-positive assert_rpm_wakelock_held in
|
||||
i915_pmic_bus_access_notifier v2
|
||||
- [x86] drm/i915: Re-register PMIC bus access notifier on runtime resume
|
||||
- [x86] drm/i915/fbdev: Serialise early hotplug events with async fbdev
|
||||
config
|
||||
- [x86] drm/i915/gvt: Correct ADDR_4K/2M/1G_MASK definition
|
||||
- [x86] drm/i915: Don't try indexed reads to alternate slave addresses
|
||||
- [x86] drm/i915: Prevent zero length "index" write
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.5
|
||||
- drm/amdgpu: Use unsigned ring indices in amdgpu_queue_mgr_map
|
||||
- [s390x] runtime instrumentation: simplify task exit handling
|
||||
- usbip: fix usbip attach to find a port that matches the requested speed
|
||||
- usbip: Fix USB device hang due to wrong enabling of scatter-gather
|
||||
- uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
|
||||
- usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
|
||||
- serial: 8250_early: Only set divisor if valid clk & baud
|
||||
- [mips*] Add custom serial.h with BASE_BAUD override for generic kernel
|
||||
- ima: fix hash algorithm initialization
|
||||
- [s390x] vfio-ccw: Do not attempt to free no-op, test and tic cda.
|
||||
- PM / Domains: Fix genpd to deal with drivers returning 1 from ->prepare()
|
||||
- [s390x] pci: do not require AIS facility
|
||||
- serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
|
||||
- staging: rtl8188eu: avoid a null dereference on pmlmepriv
|
||||
- [arm64] mmc: sdhci-msm: fix issue with power irq
|
||||
- hwmon: (pmbus/core) Prevent unintentional setting of page to 0xFF
|
||||
- perf/core: Fix __perf_read_group_add() locking
|
||||
- [armhf] PCI: dra7xx: Create functional dependency between PCIe and PHY
|
||||
- [x86] intel_rdt: Initialize bitmask of shareable resource if CDP enabled
|
||||
- [x86] intel_rdt: Fix potential deadlock during resctrl mount
|
||||
- serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
|
||||
- kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y
|
||||
- [x86] entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
|
||||
- [armhf,arm64] clocksource/drivers/arm_arch_timer: Validate CNTFRQ after
|
||||
enabling frame
|
||||
- [x86] EDAC, sb_edac: Fix missing break in switch
|
||||
- [arm64] cpuidle: Correct driver unregistration if init fails
|
||||
- usb: xhci: Return error when host is dead in xhci_disable_slot()
|
||||
- [armel,armhf] sysrq : fix Show Regs call trace on ARM
|
||||
- [sh4] serial: sh-sci: suppress warning for ports without dma channels
|
||||
- [armhf] serial: imx: Update cached mctrl value when changing RTS
|
||||
- [x86] kprobes: Disable preemption in ftrace-based jprobes
|
||||
- [x86] locking/refcounts, asm: Use unique .text section for refcount
|
||||
exceptions
|
||||
- [s390x] ptrace: fix guarded storage regset handling
|
||||
- perf tools: Fix leaking rec_argv in error cases
|
||||
- mm, x86/mm: Fix performance regression in get_user_pages_fast()
|
||||
- iio: adc: ti-ads1015: add 10% to conversion wait time
|
||||
- iio: multiplexer: add NULL check on devm_kzalloc() and devm_kmemdup()
|
||||
return values
|
||||
- [x86] locking/refcounts, asm: Enable CONFIG_ARCH_HAS_REFCOUNT
|
||||
- [powerpc*] jprobes: Disable preemption when triggered through ftrace
|
||||
- [powerpc*] kprobes: Disable preemption before invoking probe handler for
|
||||
optprobes
|
||||
- usb: hub: Cycle HUB power when initialization fails
|
||||
- [armhf,arm64] USB: ulpi: fix bus-node lookup
|
||||
- xhci: Don't show incorrect WARN message about events for empty rings
|
||||
- usb: xhci: fix panic in xhci_free_virt_devices_depth_first
|
||||
- USB: core: Add type-specific length check of BOS descriptors
|
||||
- USB: usbfs: Filter flags passed in from user space
|
||||
- usb: host: fix incorrect updating of offset
|
||||
- locking/refcounts: Do not force refcount_t usage as GPL-only export
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6
|
||||
- usb: gadget: core: Fix ->udc_set_speed() speed handling
|
||||
- serdev: ttyport: add missing receive_buf sanity checks
|
||||
- serdev: ttyport: fix NULL-deref on hangup
|
||||
- serdev: ttyport: fix tty locking in close
|
||||
- usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT
|
||||
- can: peak/pci: fix potential bug when probe() fails
|
||||
- can: kvaser_usb: free buf in error paths
|
||||
- can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()
|
||||
- can: kvaser_usb: ratelimit errors if incomplete messages are received
|
||||
- can: kvaser_usb: cancel urb on -EPIPE and -EPROTO
|
||||
- can: ems_usb: cancel urb on -EPIPE and -EPROTO
|
||||
- can: esd_usb2: cancel urb on -EPIPE and -EPROTO
|
||||
- can: usb_8dev: cancel urb on -EPIPE and -EPROTO
|
||||
- can: peak/pcie_fd: fix potential bug in restarting tx queue
|
||||
- virtio: release virtio index when fail to device_register
|
||||
- [arm64] pinctrl: armada-37xx: Fix direction_output() callback behavior
|
||||
- [x86] Drivers: hv: vmbus: Fix a rescind issue
|
||||
- [x86] hv: kvp: Avoid reading past allocated blocks from KVP file
|
||||
- firmware: vpd: Destroy vpd sections in remove function
|
||||
- firmware: vpd: Tie firmware kobject to device lifetime
|
||||
- firmware: vpd: Fix platform driver and device registration/unregistration
|
||||
- scsi: dma-mapping: always provide dma_get_cache_alignment
|
||||
- scsi: use dma_get_cache_alignment() as minimum DMA alignment
|
||||
- scsi: libsas: align sata_device's rps_resp on a cacheline
|
||||
- efi: Move some sysfs files to be read-only by root
|
||||
- efi/esrt: Use memunmap() instead of kfree() to free the remapping
|
||||
- ASN.1: fix out-of-bounds read when parsing indefinite length item
|
||||
- ASN.1: check for error from ASN1_OP_END__ACT actions
|
||||
- KEYS: add missing permission check for request_key() destination
|
||||
- KEYS: reject NULL restriction string when type is specified
|
||||
- X.509: reject invalid BIT STRING for subjectPublicKey
|
||||
- X.509: fix comparisons of ->pkey_algo
|
||||
- [x86] idt: Load idt early in start_secondary
|
||||
- [x86] PCI: Make broadcom_postcore_init() check acpi_disabled
|
||||
- [x86] KVM: fix APIC page invalidation
|
||||
- btrfs: fix missing error return in btrfs_drop_snapshot
|
||||
- btrfs: handle errors while updating refcounts in update_ref_for_cow
|
||||
- ALSA: pcm: prevent UAF in snd_pcm_info
|
||||
- ALSA: seq: Remove spurious WARN_ON() at timer check
|
||||
- ALSA: usb-audio: Fix out-of-bound error
|
||||
- ALSA: usb-audio: Add check return value for usb_string()
|
||||
- [x86] iommu/vt-d: Fix scatterlist offset handling
|
||||
- smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place
|
||||
- [s390x] always save and restore all registers on context switch
|
||||
- [s390x] mm: fix off-by-one bug in 5-level page table handling
|
||||
- [s390x] fix compat system call table
|
||||
- [s390x] KVM: Fix skey emulation permission check
|
||||
- [powerpc*] Revert "powerpc: Do not call ppc_md.panic in fadump panic
|
||||
notifier"
|
||||
- [powerpc*] 64s: Initialize ISAv3 MMU registers before setting partition
|
||||
table
|
||||
- iwlwifi: mvm: mark MIC stripped MPDUs
|
||||
- iwlwifi: mvm: don't use transmit queue hang detection when it is not
|
||||
possible
|
||||
- iwlwifi: mvm: flush queue before deleting ROC
|
||||
- iwlwifi: mvm: fix packet injection
|
||||
- iwlwifi: mvm: enable RX offloading with TKIP and WEP
|
||||
- brcmfmac: change driver unbind order of the sdio function devices
|
||||
- md/r5cache: move mddev_lock() out of r5c_journal_mode_set()
|
||||
- [armhf] drm/bridge: analogix dp: Fix runtime PM state in get_modes()
|
||||
callback
|
||||
- [armhf] drm/exynos: gem: Drop NONCONTIG flag for buffers allocated
|
||||
without IOMMU
|
||||
- [x86] drm/i915: Fix vblank timestamp/frame counter jumps on gen2
|
||||
- media: dvb: i2c transfers over usb cannot be done from stack
|
||||
- media: rc: sir_ir: detect presence of port
|
||||
- media: rc: partial revert of "media: rc: per-protocol repeat period"
|
||||
- [arm64] KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one
|
||||
- [armhf] KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
|
||||
- [x86] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
|
||||
(CVE-2017-1000407)
|
||||
- [armhf,arm64] KVM: Fix broken GICH_ELRSR big endian conversion
|
||||
- [armhf,arm64] KVM: vgic-irqfd: Fix MSI entry allocation
|
||||
- [armhf,arm64] KVM: vgic: Preserve the revious read from the pending table
|
||||
- [armhf,arm64] KVM: vgic-its: Check result of allocation before use
|
||||
- [arm64] fpsimd: Prevent registers leaking from dead tasks
|
||||
- [arm64] SW PAN: Point saved ttbr0 at the zero page when switching to
|
||||
init_mm
|
||||
- [arm64] SW PAN: Update saved ttbr0 value on enter_lazy_tlb
|
||||
- [armhf] Revert "ARM: dts: imx53: add srtc node"
|
||||
- [armhf] bus: arm-cci: Fix use of smp_processor_id() in preemptible context
|
||||
- IB/core: Only enforce security for InfiniBand
|
||||
- [armel,armhf] BUG if jumping to usermode address in kernel mode
|
||||
- [armel,armhf] avoid faulting on qemu
|
||||
- [arm64] irqchip/qcom: Fix u32 comparison with value less than zero
|
||||
- [powerpc*] perf: Fix pmu_count to count only nest imc pmus
|
||||
- apparmor: fix leak of null profile name if profile allocation fails
|
||||
- mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
|
||||
- gre6: use log_ecn_error module parameter in ip6_tnl_rcv()
|
||||
- route: also update fnhe_genid when updating a route cache
|
||||
- route: update fnhe_expires for redirect when the fnhe exists
|
||||
- rsi: fix memory leak on buf and usb_reg_buf
|
||||
- pipe: match pipe_max_size data type with procfs
|
||||
- lib/genalloc.c: make the avail variable an atomic_long_t
|
||||
- NFS: Fix a typo in nfs_rename()
|
||||
- sunrpc: Fix rpc_task_begin trace point
|
||||
- nfp: inherit the max_mtu from the PF netdev
|
||||
- nfp: fix flower offload metadata flag usage
|
||||
- xfs: fix forgotten rcu read unlock when skipping inode reclaim
|
||||
- block: wake up all tasks blocked in get_request()
|
||||
- [sparc64] mm: set fields in deferred pages
|
||||
- zsmalloc: calling zs_map_object() from irq is a bug
|
||||
- slub: fix sysfs duplicate filename creation when slub_debug=O
|
||||
- sctp: do not free asoc when it is already dead in sctp_sendmsg
|
||||
- sctp: use the right sk after waking up from wait_buf sleep
|
||||
- fcntl: don't leak fd reference when fixup_compat_flock fails
|
||||
- geneve: fix fill_info when link down
|
||||
- bpf: fix lockdep splat
|
||||
- [arm64] clk: qcom: common: fix legacy board-clock registration
|
||||
- [arm64] clk: hi3660: fix incorrect uart3 clock freqency
|
||||
- atm: horizon: Fix irq release error
|
||||
- xfrm: Copy policy family in clone_policy
|
||||
- f2fs: fix to clear FI_NO_PREALLOC
|
||||
- bnxt_re: changing the ip address shouldn't affect new connections
|
||||
- IB/mlx4: Increase maximal message size under UD QP
|
||||
- IB/mlx5: Assign send CQ and recv CQ of UMR QP
|
||||
- afs: Fix total-length calculation for multiple-page send
|
||||
- afs: Connect up the CB.ProbeUuid
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7
|
||||
- net: realtek: r8169: implement set_link_ksettings()
|
||||
- [s390x] qeth: fix early exit from error path
|
||||
- tipc: fix memory leak in tipc_accept_from_sock()
|
||||
- vhost: fix skb leak in handle_rx()
|
||||
- rds: Fix NULL pointer dereference in __rds_rdma_map
|
||||
- sit: update frag_off info
|
||||
- tcp: add tcp_v4_fill_cb()/tcp_v4_restore_cb()
|
||||
- packet: fix crash in fanout_demux_rollover()
|
||||
- net/packet: fix a race in packet_bind() and packet_notifier()
|
||||
- tcp: remove buggy call to tcp_v6_restore_cb()
|
||||
- usbnet: fix alignment for frames with no ethernet header
|
||||
- net: remove hlist_nulls_add_tail_rcu()
|
||||
- stmmac: reset last TSO segment size after device open
|
||||
- tcp/dccp: block bh before arming time_wait timer
|
||||
- [s390x] qeth: build max size GSO skbs on L2 devices
|
||||
- [s390x] qeth: fix thinko in IPv4 multicast address tracking
|
||||
- [s390x] qeth: fix GSO throughput regression
|
||||
- tcp: use IPCB instead of TCP_SKB_CB in inet_exact_dif_match()
|
||||
- tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv()
|
||||
- tcp: use current time in tcp_rcv_space_adjust()
|
||||
- net: sched: cbq: create block for q->link.block
|
||||
- tap: free skb if flags error
|
||||
- tcp: when scheduling TLP, time of RTO should account for current ACK
|
||||
- tun: free skb in early errors
|
||||
- net: ipv6: Fixup device for anycast routes during copy
|
||||
- tun: fix rcu_read_lock imbalance in tun_build_skb
|
||||
- net: accept UFO datagrams from tuntap and packet
|
||||
- net: openvswitch: datapath: fix data type in queue_gso_packets
|
||||
- cls_bpf: don't decrement net's refcount when offload fails
|
||||
- sctp: use right member as the param of list_for_each_entry
|
||||
- ipmi: Stop timers before cleaning up the module
|
||||
- usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping
|
||||
- fcntl: don't cap l_start and l_end values for F_GETLK64 in compat syscall
|
||||
- fix kcm_clone()
|
||||
- [armhf,arm64] KVM: vgic-its: Preserve the revious read from the pending
|
||||
table
|
||||
- kbuild: do not call cc-option before KBUILD_CFLAGS initialization
|
||||
- [powerpc*] powernv/idle: Round up latency and residency values
|
||||
- ipvlan: fix ipv6 outbound device
|
||||
- blk-mq: Avoid that request queue removal can trigger list corruption
|
||||
- nvmet-rdma: update queue list during ib_device removal
|
||||
- audit: Allow auditd to set pid to 0 to end auditing
|
||||
- audit: ensure that 'audit=1' actually enables audit for PID 1
|
||||
- dm raid: fix panic when attempting to force a raid to sync
|
||||
- md: free unused memory after bitmap resize
|
||||
- RDMA/cxgb4: Annotate r2 and stag as __be32
|
||||
- [x86] intel_rdt: Fix potential deadlock during resctrl unmount
|
||||
|
||||
[ Salvatore Bonaccorso ]
|
||||
* Add ABI reference for 4.14.0-1
|
||||
|
|
|
@ -1,109 +0,0 @@
|
|||
From: John Johansen <john.johansen@canonical.com>
|
||||
Date: Wed, 22 Nov 2017 07:33:38 -0800
|
||||
Subject: apparmor: fix oops in audit_signal_cb hook
|
||||
Origin: https://lkml.org/lkml/2017/11/22/411
|
||||
|
||||
The apparmor_audit_data struct ordering got messed up during a merge
|
||||
conflict, resulting in the signal integer and peer pointer being in
|
||||
a union instead of a struct together.
|
||||
|
||||
For most of the 4.13 and 4.14 life cycle, this was hidden by commit
|
||||
651e28c5537abb39076d3949fb7618536f1d242e which fixed the
|
||||
apparmor_audit_data struct when its data was added. When that commit
|
||||
was reverted in -rc7 the signal audit bug was exposed, and
|
||||
unfortunately it never showed up in any of the testing until after
|
||||
4.14 was released, and Shaun Khan, Zephaniah E. Loss-Cutler-Hull filed
|
||||
nearly simultaneous bug reports (with different oopes, the smaller of
|
||||
which is included below).
|
||||
|
||||
Full credit goes to Tetsuo Handa for jumping on this as well and
|
||||
noticing the audit data struct problem and reporting it.
|
||||
|
||||
Alright, trying again, this time with my mail settings to actually send
|
||||
as plain text, and with some more detail.
|
||||
|
||||
I am running Ubuntu 16.04, with a mainline 4.14 kernel.
|
||||
|
||||
[ 76.178568] BUG: unable to handle kernel paging request at ffffffff0eee3bc0
|
||||
[ 76.178579] IP: audit_signal_cb+0x6c/0xe0
|
||||
[ 76.178581] PGD 1a640a067 P4D 1a640a067 PUD 0
|
||||
[ 76.178586] Oops: 0000 [#1] PREEMPT SMP
|
||||
[ 76.178589] Modules linked in: fuse rfcomm bnep usblp uvcvideo btusb btrtl btbcm btintel bluetooth ecdh_generic ip6table_filter ip6_tables xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack iptable_filter ip_tables x_tables intel_rapl joydev wmi_bmof serio_raw iwldvm iwlwifi shpchp kvm_intel kvm irqbypass autofs4 algif_skcipher nls_iso8859_1 nls_cp437 crc32_pclmul ghash_clmulni_intel
|
||||
[ 76.178620] CPU: 0 PID: 10675 Comm: pidgin Not tainted 4.14.0-f1-dirty #135
|
||||
[ 76.178623] Hardware name: Hewlett-Packard HP EliteBook Folio 9470m/18DF, BIOS 68IBD Ver. F.62 10/22/2015
|
||||
[ 76.178625] task: ffff9c7a94c31dc0 task.stack: ffffa09b02a4c000
|
||||
[ 76.178628] RIP: 0010:audit_signal_cb+0x6c/0xe0
|
||||
[ 76.178631] RSP: 0018:ffffa09b02a4fc08 EFLAGS: 00010292
|
||||
[ 76.178634] RAX: ffffa09b02a4fd60 RBX: ffff9c7aee0741f8 RCX: 0000000000000000
|
||||
[ 76.178636] RDX: ffffffffee012290 RSI: 0000000000000006 RDI: ffff9c7a9493d800
|
||||
[ 76.178638] RBP: ffffa09b02a4fd40 R08: 000000000000004d R09: ffffa09b02a4fc46
|
||||
[ 76.178641] R10: ffffa09b02a4fcb8 R11: ffff9c7ab44f5072 R12: ffffa09b02a4fd40
|
||||
[ 76.178643] R13: ffffffff9e447be0 R14: ffff9c7a94c31dc0 R15: 0000000000000001
|
||||
[ 76.178646] FS: 00007f8b11ba2a80(0000) GS:ffff9c7afea00000(0000) knlGS:0000000000000000
|
||||
[ 76.178648] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
|
||||
[ 76.178650] CR2: ffffffff0eee3bc0 CR3: 00000003d5209002 CR4: 00000000001606f0
|
||||
[ 76.178652] Call Trace:
|
||||
[ 76.178660] common_lsm_audit+0x1da/0x780
|
||||
[ 76.178665] ? d_absolute_path+0x60/0x90
|
||||
[ 76.178669] ? aa_check_perms+0xcd/0xe0
|
||||
[ 76.178672] aa_check_perms+0xcd/0xe0
|
||||
[ 76.178675] profile_signal_perm.part.0+0x90/0xa0
|
||||
[ 76.178679] aa_may_signal+0x16e/0x1b0
|
||||
[ 76.178686] apparmor_task_kill+0x51/0x120
|
||||
[ 76.178690] security_task_kill+0x44/0x60
|
||||
[ 76.178695] group_send_sig_info+0x25/0x60
|
||||
[ 76.178699] kill_pid_info+0x36/0x60
|
||||
[ 76.178703] SYSC_kill+0xdb/0x180
|
||||
[ 76.178707] ? preempt_count_sub+0x92/0xd0
|
||||
[ 76.178712] ? _raw_write_unlock_irq+0x13/0x30
|
||||
[ 76.178716] ? task_work_run+0x6a/0x90
|
||||
[ 76.178720] ? exit_to_usermode_loop+0x80/0xa0
|
||||
[ 76.178723] entry_SYSCALL_64_fastpath+0x13/0x94
|
||||
[ 76.178727] RIP: 0033:0x7f8b0e58b767
|
||||
[ 76.178729] RSP: 002b:00007fff19efd4d8 EFLAGS: 00000206 ORIG_RAX: 000000000000003e
|
||||
[ 76.178732] RAX: ffffffffffffffda RBX: 0000557f3e3c2050 RCX: 00007f8b0e58b767
|
||||
[ 76.178735] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000263b
|
||||
[ 76.178737] RBP: 0000000000000000 R08: 0000557f3e3c2270 R09: 0000000000000001
|
||||
[ 76.178739] R10: 000000000000022d R11: 0000000000000206 R12: 0000000000000000
|
||||
[ 76.178741] R13: 0000000000000001 R14: 0000557f3e3c13c0 R15: 0000000000000000
|
||||
[ 76.178745] Code: 48 8b 55 18 48 89 df 41 b8 20 00 08 01 5b 5d 48 8b 42 10 48 8b 52 30 48 63 48 4c 48 8b 44 c8 48 31 c9 48 8b 70 38 e9 f4 fd 00 00 <48> 8b 14 d5 40 27 e5 9e 48 c7 c6 7d 07 19 9f 48 89 df e8 fd 35
|
||||
[ 76.178794] RIP: audit_signal_cb+0x6c/0xe0 RSP: ffffa09b02a4fc08
|
||||
[ 76.178796] CR2: ffffffff0eee3bc0
|
||||
[ 76.178799] ---[ end trace 514af9529297f1a3 ]---
|
||||
|
||||
Fixes: cd1dbf76b23d ("apparmor: add the ability to mediate signals")
|
||||
Reported-by: Zephaniah E. Loss-Cutler-Hull <warp-spam_kernel@aehallh.com>
|
||||
Reported-by: Shuah Khan <shuahkh@osg.samsung.com>
|
||||
Reported-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
|
||||
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
||||
---
|
||||
security/apparmor/include/audit.h | 12 +++++++-----
|
||||
1 file changed, 7 insertions(+), 5 deletions(-)
|
||||
|
||||
--- a/security/apparmor/include/audit.h
|
||||
+++ b/security/apparmor/include/audit.h
|
||||
@@ -121,17 +121,19 @@ struct apparmor_audit_data {
|
||||
/* these entries require a custom callback fn */
|
||||
struct {
|
||||
struct aa_label *peer;
|
||||
- struct {
|
||||
- const char *target;
|
||||
- kuid_t ouid;
|
||||
- } fs;
|
||||
+ union {
|
||||
+ struct {
|
||||
+ const char *target;
|
||||
+ kuid_t ouid;
|
||||
+ } fs;
|
||||
+ int signal;
|
||||
+ };
|
||||
};
|
||||
struct {
|
||||
struct aa_profile *profile;
|
||||
const char *ns;
|
||||
long pos;
|
||||
} iface;
|
||||
- int signal;
|
||||
struct {
|
||||
int rlim;
|
||||
unsigned long max;
|
|
@ -1,183 +0,0 @@
|
|||
From: Mauro Carvalho Chehab <mchehab@s-opensource.com>
|
||||
Date: Tue, 7 Nov 2017 08:39:39 -0500
|
||||
Subject: dvb_frontend: don't use-after-free the frontend struct
|
||||
Origin: https://git.kernel.org/linus/b1cb7372fa822af6c06c8045963571d13ad6348b
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-16648
|
||||
|
||||
dvb_frontend_invoke_release() may free the frontend struct.
|
||||
So, the free logic can't update it anymore after calling it.
|
||||
|
||||
That's OK, as __dvb_frontend_free() is called only when the
|
||||
krefs are zeroed, so nobody is using it anymore.
|
||||
|
||||
That should fix the following KASAN error:
|
||||
|
||||
The KASAN report looks like this (running on kernel 3e0cc09a3a2c40ec1ffb6b4e12da86e98feccb11 (4.14-rc5+)):
|
||||
==================================================================
|
||||
BUG: KASAN: use-after-free in __dvb_frontend_free+0x113/0x120
|
||||
Write of size 8 at addr ffff880067d45a00 by task kworker/0:1/24
|
||||
|
||||
CPU: 0 PID: 24 Comm: kworker/0:1 Not tainted 4.14.0-rc5-43687-g06ab8a23e0e6 #545
|
||||
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
|
||||
Workqueue: usb_hub_wq hub_event
|
||||
Call Trace:
|
||||
__dump_stack lib/dump_stack.c:16
|
||||
dump_stack+0x292/0x395 lib/dump_stack.c:52
|
||||
print_address_description+0x78/0x280 mm/kasan/report.c:252
|
||||
kasan_report_error mm/kasan/report.c:351
|
||||
kasan_report+0x23d/0x350 mm/kasan/report.c:409
|
||||
__asan_report_store8_noabort+0x1c/0x20 mm/kasan/report.c:435
|
||||
__dvb_frontend_free+0x113/0x120 drivers/media/dvb-core/dvb_frontend.c:156
|
||||
dvb_frontend_put+0x59/0x70 drivers/media/dvb-core/dvb_frontend.c:176
|
||||
dvb_frontend_detach+0x120/0x150 drivers/media/dvb-core/dvb_frontend.c:2803
|
||||
dvb_usb_adapter_frontend_exit+0xd6/0x160 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:340
|
||||
dvb_usb_adapter_exit drivers/media/usb/dvb-usb/dvb-usb-init.c:116
|
||||
dvb_usb_exit+0x9b/0x200 drivers/media/usb/dvb-usb/dvb-usb-init.c:132
|
||||
dvb_usb_device_exit+0xa5/0xf0 drivers/media/usb/dvb-usb/dvb-usb-init.c:295
|
||||
usb_unbind_interface+0x21c/0xa90 drivers/usb/core/driver.c:423
|
||||
__device_release_driver drivers/base/dd.c:861
|
||||
device_release_driver_internal+0x4f1/0x5c0 drivers/base/dd.c:893
|
||||
device_release_driver+0x1e/0x30 drivers/base/dd.c:918
|
||||
bus_remove_device+0x2f4/0x4b0 drivers/base/bus.c:565
|
||||
device_del+0x5c4/0xab0 drivers/base/core.c:1985
|
||||
usb_disable_device+0x1e9/0x680 drivers/usb/core/message.c:1170
|
||||
usb_disconnect+0x260/0x7a0 drivers/usb/core/hub.c:2124
|
||||
hub_port_connect drivers/usb/core/hub.c:4754
|
||||
hub_port_connect_change drivers/usb/core/hub.c:5009
|
||||
port_event drivers/usb/core/hub.c:5115
|
||||
hub_event+0x1318/0x3740 drivers/usb/core/hub.c:5195
|
||||
process_one_work+0xc73/0x1d90 kernel/workqueue.c:2119
|
||||
worker_thread+0x221/0x1850 kernel/workqueue.c:2253
|
||||
kthread+0x363/0x440 kernel/kthread.c:231
|
||||
ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
|
||||
|
||||
Allocated by task 24:
|
||||
save_stack_trace+0x1b/0x20 arch/x86/kernel/stacktrace.c:59
|
||||
save_stack+0x43/0xd0 mm/kasan/kasan.c:447
|
||||
set_track mm/kasan/kasan.c:459
|
||||
kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:551
|
||||
kmem_cache_alloc_trace+0x11e/0x2d0 mm/slub.c:2772
|
||||
kmalloc ./include/linux/slab.h:493
|
||||
kzalloc ./include/linux/slab.h:666
|
||||
dtt200u_fe_attach+0x4c/0x110 drivers/media/usb/dvb-usb/dtt200u-fe.c:212
|
||||
dtt200u_frontend_attach+0x35/0x80 drivers/media/usb/dvb-usb/dtt200u.c:136
|
||||
dvb_usb_adapter_frontend_init+0x32b/0x660 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:286
|
||||
dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:86
|
||||
dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:162
|
||||
dvb_usb_device_init+0xf73/0x17f0 drivers/media/usb/dvb-usb/dvb-usb-init.c:277
|
||||
dtt200u_usb_probe+0xa1/0xe0 drivers/media/usb/dvb-usb/dtt200u.c:155
|
||||
usb_probe_interface+0x35d/0x8e0 drivers/usb/core/driver.c:361
|
||||
really_probe drivers/base/dd.c:413
|
||||
driver_probe_device+0x610/0xa00 drivers/base/dd.c:557
|
||||
__device_attach_driver+0x230/0x290 drivers/base/dd.c:653
|
||||
bus_for_each_drv+0x161/0x210 drivers/base/bus.c:463
|
||||
__device_attach+0x26b/0x3c0 drivers/base/dd.c:710
|
||||
device_initial_probe+0x1f/0x30 drivers/base/dd.c:757
|
||||
bus_probe_device+0x1eb/0x290 drivers/base/bus.c:523
|
||||
device_add+0xd0b/0x1660 drivers/base/core.c:1835
|
||||
usb_set_configuration+0x104e/0x1870 drivers/usb/core/message.c:1932
|
||||
generic_probe+0x73/0xe0 drivers/usb/core/generic.c:174
|
||||
usb_probe_device+0xaf/0xe0 drivers/usb/core/driver.c:266
|
||||
really_probe drivers/base/dd.c:413
|
||||
driver_probe_device+0x610/0xa00 drivers/base/dd.c:557
|
||||
__device_attach_driver+0x230/0x290 drivers/base/dd.c:653
|
||||
bus_for_each_drv+0x161/0x210 drivers/base/bus.c:463
|
||||
__device_attach+0x26b/0x3c0 drivers/base/dd.c:710
|
||||
device_initial_probe+0x1f/0x30 drivers/base/dd.c:757
|
||||
bus_probe_device+0x1eb/0x290 drivers/base/bus.c:523
|
||||
device_add+0xd0b/0x1660 drivers/base/core.c:1835
|
||||
usb_new_device+0x7b8/0x1020 drivers/usb/core/hub.c:2457
|
||||
hub_port_connect drivers/usb/core/hub.c:4903
|
||||
hub_port_connect_change drivers/usb/core/hub.c:5009
|
||||
port_event drivers/usb/core/hub.c:5115
|
||||
hub_event+0x194d/0x3740 drivers/usb/core/hub.c:5195
|
||||
process_one_work+0xc73/0x1d90 kernel/workqueue.c:2119
|
||||
worker_thread+0x221/0x1850 kernel/workqueue.c:2253
|
||||
kthread+0x363/0x440 kernel/kthread.c:231
|
||||
ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
|
||||
|
||||
Freed by task 24:
|
||||
save_stack_trace+0x1b/0x20 arch/x86/kernel/stacktrace.c:59
|
||||
save_stack+0x43/0xd0 mm/kasan/kasan.c:447
|
||||
set_track mm/kasan/kasan.c:459
|
||||
kasan_slab_free+0x72/0xc0 mm/kasan/kasan.c:524
|
||||
slab_free_hook mm/slub.c:1390
|
||||
slab_free_freelist_hook mm/slub.c:1412
|
||||
slab_free mm/slub.c:2988
|
||||
kfree+0xf6/0x2f0 mm/slub.c:3919
|
||||
dtt200u_fe_release+0x3c/0x50 drivers/media/usb/dvb-usb/dtt200u-fe.c:202
|
||||
dvb_frontend_invoke_release.part.13+0x1c/0x30 drivers/media/dvb-core/dvb_frontend.c:2790
|
||||
dvb_frontend_invoke_release drivers/media/dvb-core/dvb_frontend.c:2789
|
||||
__dvb_frontend_free+0xad/0x120 drivers/media/dvb-core/dvb_frontend.c:153
|
||||
dvb_frontend_put+0x59/0x70 drivers/media/dvb-core/dvb_frontend.c:176
|
||||
dvb_frontend_detach+0x120/0x150 drivers/media/dvb-core/dvb_frontend.c:2803
|
||||
dvb_usb_adapter_frontend_exit+0xd6/0x160 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:340
|
||||
dvb_usb_adapter_exit drivers/media/usb/dvb-usb/dvb-usb-init.c:116
|
||||
dvb_usb_exit+0x9b/0x200 drivers/media/usb/dvb-usb/dvb-usb-init.c:132
|
||||
dvb_usb_device_exit+0xa5/0xf0 drivers/media/usb/dvb-usb/dvb-usb-init.c:295
|
||||
usb_unbind_interface+0x21c/0xa90 drivers/usb/core/driver.c:423
|
||||
__device_release_driver drivers/base/dd.c:861
|
||||
device_release_driver_internal+0x4f1/0x5c0 drivers/base/dd.c:893
|
||||
device_release_driver+0x1e/0x30 drivers/base/dd.c:918
|
||||
bus_remove_device+0x2f4/0x4b0 drivers/base/bus.c:565
|
||||
device_del+0x5c4/0xab0 drivers/base/core.c:1985
|
||||
usb_disable_device+0x1e9/0x680 drivers/usb/core/message.c:1170
|
||||
usb_disconnect+0x260/0x7a0 drivers/usb/core/hub.c:2124
|
||||
hub_port_connect drivers/usb/core/hub.c:4754
|
||||
hub_port_connect_change drivers/usb/core/hub.c:5009
|
||||
port_event drivers/usb/core/hub.c:5115
|
||||
hub_event+0x1318/0x3740 drivers/usb/core/hub.c:5195
|
||||
process_one_work+0xc73/0x1d90 kernel/workqueue.c:2119
|
||||
worker_thread+0x221/0x1850 kernel/workqueue.c:2253
|
||||
kthread+0x363/0x440 kernel/kthread.c:231
|
||||
ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
|
||||
|
||||
The buggy address belongs to the object at ffff880067d45500
|
||||
which belongs to the cache kmalloc-2048 of size 2048
|
||||
The buggy address is located 1280 bytes inside of
|
||||
2048-byte region [ffff880067d45500, ffff880067d45d00)
|
||||
The buggy address belongs to the page:
|
||||
page:ffffea00019f5000 count:1 mapcount:0 mapping: (null)
|
||||
index:0x0 compound_mapcount: 0
|
||||
flags: 0x100000000008100(slab|head)
|
||||
raw: 0100000000008100 0000000000000000 0000000000000000 00000001000f000f
|
||||
raw: dead000000000100 dead000000000200 ffff88006c002d80 0000000000000000
|
||||
page dumped because: kasan: bad access detected
|
||||
|
||||
Memory state around the buggy address:
|
||||
ffff880067d45900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
|
||||
ffff880067d45980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
|
||||
ffff880067d45a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
|
||||
^
|
||||
ffff880067d45a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
|
||||
ffff880067d45b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
|
||||
==================================================================
|
||||
|
||||
Fixes: ead666000a5f ("media: dvb_frontend: only use kref after initialized")
|
||||
|
||||
Reported-by: Andrey Konovalov <andreyknvl@google.com>
|
||||
Suggested-by: Matthias Schwarzott <zzam@gentoo.org>
|
||||
Tested-by: Andrey Konovalov <andreyknvl@google.com>
|
||||
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
|
||||
---
|
||||
drivers/media/dvb-core/dvb_frontend.c | 7 ++-----
|
||||
1 file changed, 2 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/drivers/media/dvb-core/dvb_frontend.c b/drivers/media/dvb-core/dvb_frontend.c
|
||||
index d485d5f6cc88..3ad83359098b 100644
|
||||
--- a/drivers/media/dvb-core/dvb_frontend.c
|
||||
+++ b/drivers/media/dvb-core/dvb_frontend.c
|
||||
@@ -150,11 +150,8 @@ static void __dvb_frontend_free(struct dvb_frontend *fe)
|
||||
|
||||
dvb_frontend_invoke_release(fe, fe->ops.release);
|
||||
|
||||
- if (!fepriv)
|
||||
- return;
|
||||
-
|
||||
- kfree(fepriv);
|
||||
- fe->frontend_priv = NULL;
|
||||
+ if (fepriv)
|
||||
+ kfree(fepriv);
|
||||
}
|
||||
|
||||
static void dvb_frontend_free(struct kref *ref)
|
|
@ -1,36 +0,0 @@
|
|||
From: Johan Hovold <johan@kernel.org>
|
||||
Date: Thu, 21 Sep 2017 05:40:18 -0300
|
||||
Subject: [media] cx231xx-cards: fix NULL-deref on missing association
|
||||
descriptor
|
||||
Origin: https://git.kernel.org/linus/6c3b047fa2d2286d5e438bcb470c7b1a49f415f6
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-16536
|
||||
|
||||
Make sure to check that we actually have an Interface Association
|
||||
Descriptor before dereferencing it during probe to avoid dereferencing a
|
||||
NULL-pointer.
|
||||
|
||||
Fixes: e0d3bafd0258 ("V4L/DVB (10954): Add cx231xx USB driver")
|
||||
|
||||
Cc: stable <stable@vger.kernel.org> # 2.6.30
|
||||
Reported-by: Andrey Konovalov <andreyknvl@google.com>
|
||||
Signed-off-by: Johan Hovold <johan@kernel.org>
|
||||
Tested-by: Andrey Konovalov <andreyknvl@google.com>
|
||||
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
|
||||
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
|
||||
---
|
||||
drivers/media/usb/cx231xx/cx231xx-cards.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/media/usb/cx231xx/cx231xx-cards.c b/drivers/media/usb/cx231xx/cx231xx-cards.c
|
||||
index e0daa9b6c2a0..9b742d569fb5 100644
|
||||
--- a/drivers/media/usb/cx231xx/cx231xx-cards.c
|
||||
+++ b/drivers/media/usb/cx231xx/cx231xx-cards.c
|
||||
@@ -1684,7 +1684,7 @@ static int cx231xx_usb_probe(struct usb_interface *interface,
|
||||
nr = dev->devno;
|
||||
|
||||
assoc_desc = udev->actconfig->intf_assoc[0];
|
||||
- if (assoc_desc->bFirstInterface != ifnum) {
|
||||
+ if (!assoc_desc || assoc_desc->bFirstInterface != ifnum) {
|
||||
dev_err(d, "Not found matching IAD interface\n");
|
||||
retval = -ENODEV;
|
||||
goto err_if;
|
|
@ -1,47 +0,0 @@
|
|||
From: Daniel Scheller <d.scheller@gmx.net>
|
||||
Date: Sun, 29 Oct 2017 11:43:22 -0400
|
||||
Subject: media: dvb-core: always call invoke_release() in fe_free()
|
||||
Origin: https://git.kernel.org/linus/62229de19ff2b7f3e0ebf4d48ad99061127d0281
|
||||
|
||||
Follow-up to: ead666000a5f ("media: dvb_frontend: only use kref after initialized")
|
||||
|
||||
The aforementioned commit fixed refcount OOPSes when demod driver attaching
|
||||
succeeded but tuner driver didn't. However, the use count of the attached
|
||||
demod drivers don't go back to zero and thus couldn't be cleanly unloaded.
|
||||
Improve on this by calling dvb_frontend_invoke_release() in
|
||||
__dvb_frontend_free() regardless of fepriv being NULL, instead of returning
|
||||
when fepriv is NULL. This is safe to do since _invoke_release() will check
|
||||
for passed pointers being valid before calling the .release() function.
|
||||
|
||||
[mchehab@s-opensource.com: changed the logic a little bit to reduce
|
||||
conflicts with another bug fix patch under review]
|
||||
Fixes: ead666000a5f ("media: dvb_frontend: only use kref after initialized")
|
||||
Signed-off-by: Daniel Scheller <d.scheller@gmx.net>
|
||||
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
|
||||
---
|
||||
drivers/media/dvb-core/dvb_frontend.c | 9 +++++----
|
||||
1 file changed, 5 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/drivers/media/dvb-core/dvb_frontend.c b/drivers/media/dvb-core/dvb_frontend.c
|
||||
index daaf969719e4..d485d5f6cc88 100644
|
||||
--- a/drivers/media/dvb-core/dvb_frontend.c
|
||||
+++ b/drivers/media/dvb-core/dvb_frontend.c
|
||||
@@ -145,13 +145,14 @@ static void __dvb_frontend_free(struct dvb_frontend *fe)
|
||||
{
|
||||
struct dvb_frontend_private *fepriv = fe->frontend_priv;
|
||||
|
||||
- if (!fepriv)
|
||||
- return;
|
||||
-
|
||||
- dvb_free_device(fepriv->dvbdev);
|
||||
+ if (fepriv)
|
||||
+ dvb_free_device(fepriv->dvbdev);
|
||||
|
||||
dvb_frontend_invoke_release(fe, fe->ops.release);
|
||||
|
||||
+ if (!fepriv)
|
||||
+ return;
|
||||
+
|
||||
kfree(fepriv);
|
||||
fe->frontend_priv = NULL;
|
||||
}
|
|
@ -1,109 +0,0 @@
|
|||
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
|
||||
Date: Mon, 27 Nov 2017 06:21:25 +0300
|
||||
Subject: mm, thp: Do not make page table dirty unconditionally in
|
||||
touch_p[mu]d()
|
||||
Origin: https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-1000405
|
||||
|
||||
Currently, we unconditionally make page table dirty in touch_pmd().
|
||||
It may result in false-positive can_follow_write_pmd().
|
||||
|
||||
We may avoid the situation, if we would only make the page table entry
|
||||
dirty if caller asks for write access -- FOLL_WRITE.
|
||||
|
||||
The patch also changes touch_pud() in the same way.
|
||||
|
||||
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
|
||||
Cc: Michal Hocko <mhocko@suse.com>
|
||||
Cc: Hugh Dickins <hughd@google.com>
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
---
|
||||
mm/huge_memory.c | 36 +++++++++++++-----------------------
|
||||
1 file changed, 13 insertions(+), 23 deletions(-)
|
||||
|
||||
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
|
||||
index 86fe697e8bfb..0e7ded98d114 100644
|
||||
--- a/mm/huge_memory.c
|
||||
+++ b/mm/huge_memory.c
|
||||
@@ -842,20 +842,15 @@ EXPORT_SYMBOL_GPL(vmf_insert_pfn_pud);
|
||||
#endif /* CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD */
|
||||
|
||||
static void touch_pmd(struct vm_area_struct *vma, unsigned long addr,
|
||||
- pmd_t *pmd)
|
||||
+ pmd_t *pmd, int flags)
|
||||
{
|
||||
pmd_t _pmd;
|
||||
|
||||
- /*
|
||||
- * We should set the dirty bit only for FOLL_WRITE but for now
|
||||
- * the dirty bit in the pmd is meaningless. And if the dirty
|
||||
- * bit will become meaningful and we'll only set it with
|
||||
- * FOLL_WRITE, an atomic set_bit will be required on the pmd to
|
||||
- * set the young bit, instead of the current set_pmd_at.
|
||||
- */
|
||||
- _pmd = pmd_mkyoung(pmd_mkdirty(*pmd));
|
||||
+ _pmd = pmd_mkyoung(*pmd);
|
||||
+ if (flags & FOLL_WRITE)
|
||||
+ _pmd = pmd_mkdirty(_pmd);
|
||||
if (pmdp_set_access_flags(vma, addr & HPAGE_PMD_MASK,
|
||||
- pmd, _pmd, 1))
|
||||
+ pmd, _pmd, flags & FOLL_WRITE))
|
||||
update_mmu_cache_pmd(vma, addr, pmd);
|
||||
}
|
||||
|
||||
@@ -884,7 +879,7 @@ struct page *follow_devmap_pmd(struct vm_area_struct *vma, unsigned long addr,
|
||||
return NULL;
|
||||
|
||||
if (flags & FOLL_TOUCH)
|
||||
- touch_pmd(vma, addr, pmd);
|
||||
+ touch_pmd(vma, addr, pmd, flags);
|
||||
|
||||
/*
|
||||
* device mapped pages can only be returned if the
|
||||
@@ -995,20 +990,15 @@ int copy_huge_pmd(struct mm_struct *dst_mm, struct mm_struct *src_mm,
|
||||
|
||||
#ifdef CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD
|
||||
static void touch_pud(struct vm_area_struct *vma, unsigned long addr,
|
||||
- pud_t *pud)
|
||||
+ pud_t *pud, int flags)
|
||||
{
|
||||
pud_t _pud;
|
||||
|
||||
- /*
|
||||
- * We should set the dirty bit only for FOLL_WRITE but for now
|
||||
- * the dirty bit in the pud is meaningless. And if the dirty
|
||||
- * bit will become meaningful and we'll only set it with
|
||||
- * FOLL_WRITE, an atomic set_bit will be required on the pud to
|
||||
- * set the young bit, instead of the current set_pud_at.
|
||||
- */
|
||||
- _pud = pud_mkyoung(pud_mkdirty(*pud));
|
||||
+ _pud = pud_mkyoung(*pud);
|
||||
+ if (flags & FOLL_WRITE)
|
||||
+ _pud = pud_mkdirty(_pud);
|
||||
if (pudp_set_access_flags(vma, addr & HPAGE_PUD_MASK,
|
||||
- pud, _pud, 1))
|
||||
+ pud, _pud, flags & FOLL_WRITE))
|
||||
update_mmu_cache_pud(vma, addr, pud);
|
||||
}
|
||||
|
||||
@@ -1031,7 +1021,7 @@ struct page *follow_devmap_pud(struct vm_area_struct *vma, unsigned long addr,
|
||||
return NULL;
|
||||
|
||||
if (flags & FOLL_TOUCH)
|
||||
- touch_pud(vma, addr, pud);
|
||||
+ touch_pud(vma, addr, pud, flags);
|
||||
|
||||
/*
|
||||
* device mapped pages can only be returned if the
|
||||
@@ -1424,7 +1414,7 @@ struct page *follow_trans_huge_pmd(struct vm_area_struct *vma,
|
||||
page = pmd_page(*pmd);
|
||||
VM_BUG_ON_PAGE(!PageHead(page) && !is_zone_device_page(page), page);
|
||||
if (flags & FOLL_TOUCH)
|
||||
- touch_pmd(vma, addr, pmd);
|
||||
+ touch_pmd(vma, addr, pmd, flags);
|
||||
if ((flags & FOLL_MLOCK) && (vma->vm_flags & VM_LOCKED)) {
|
||||
/*
|
||||
* We don't mlock() pte-mapped THPs. This way we can avoid
|
||||
--
|
||||
2.15.0
|
||||
|
|
@ -14,7 +14,7 @@ use of $(ARCH) needs to be moved after this.
|
|||
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -255,42 +255,6 @@ SUBARCH := $(shell uname -m | sed -e s/i
|
||||
@@ -251,42 +251,6 @@ SUBARCH := $(shell uname -m | sed -e s/i
|
||||
ARCH ?= $(SUBARCH)
|
||||
CROSS_COMPILE ?= $(CONFIG_CROSS_COMPILE:"%"=%)
|
||||
|
||||
|
@ -57,9 +57,9 @@ use of $(ARCH) needs to be moved after this.
|
|||
KCONFIG_CONFIG ?= .config
|
||||
export KCONFIG_CONFIG
|
||||
|
||||
@@ -373,6 +337,44 @@ LDFLAGS_vmlinux =
|
||||
CFLAGS_GCOV := -fprofile-arcs -ftest-coverage -fno-tree-loop-im $(call cc-disable-warning,maybe-uninitialized,)
|
||||
CFLAGS_KCOV := $(call cc-option,-fsanitize-coverage=trace-pc,)
|
||||
@@ -374,6 +338,45 @@ CFLAGS_KERNEL =
|
||||
AFLAGS_KERNEL =
|
||||
LDFLAGS_vmlinux =
|
||||
|
||||
+-include $(obj)/.kernelvariables
|
||||
+
|
||||
|
@ -99,6 +99,7 @@ use of $(ARCH) needs to be moved after this.
|
|||
+ifeq ($(ARCH),m68knommu)
|
||||
+ hdr-arch := m68k
|
||||
+endif
|
||||
|
||||
+
|
||||
# Use USERINCLUDE when you must reference the UAPI directories only.
|
||||
USERINCLUDE := \
|
||||
-I$(srctree)/arch/$(hdr-arch)/include/uapi \
|
||||
|
|
|
@ -8,11 +8,9 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch
|
|||
|
||||
aufs4.14 standalone patch
|
||||
|
||||
diff --git a/fs/dcache.c b/fs/dcache.c
|
||||
index e3719a5..3203470 100644
|
||||
--- a/fs/dcache.c
|
||||
+++ b/fs/dcache.c
|
||||
@@ -1305,6 +1305,7 @@ void d_walk(struct dentry *parent, void *data,
|
||||
@@ -1305,6 +1305,7 @@ rename_retry:
|
||||
seq = 1;
|
||||
goto again;
|
||||
}
|
||||
|
@ -20,7 +18,7 @@ index e3719a5..3203470 100644
|
|||
|
||||
struct check_mount {
|
||||
struct vfsmount *mnt;
|
||||
@@ -2894,6 +2895,7 @@ void d_exchange(struct dentry *dentry1, struct dentry *dentry2)
|
||||
@@ -2894,6 +2895,7 @@ void d_exchange(struct dentry *dentry1,
|
||||
|
||||
write_sequnlock(&rename_lock);
|
||||
}
|
||||
|
@ -28,11 +26,9 @@ index e3719a5..3203470 100644
|
|||
|
||||
/**
|
||||
* d_ancestor - search for an ancestor
|
||||
diff --git a/fs/exec.c b/fs/exec.c
|
||||
index 3e14ba2..6818b01 100644
|
||||
--- a/fs/exec.c
|
||||
+++ b/fs/exec.c
|
||||
@@ -109,6 +109,7 @@ bool path_noexec(const struct path *path)
|
||||
@@ -109,6 +109,7 @@ bool path_noexec(const struct path *path
|
||||
return (path->mnt->mnt_flags & MNT_NOEXEC) ||
|
||||
(path->mnt->mnt_sb->s_iflags & SB_I_NOEXEC);
|
||||
}
|
||||
|
@ -40,11 +36,9 @@ index 3e14ba2..6818b01 100644
|
|||
|
||||
#ifdef CONFIG_USELIB
|
||||
/*
|
||||
diff --git a/fs/fcntl.c b/fs/fcntl.c
|
||||
index cffefab..725d190 100644
|
||||
--- a/fs/fcntl.c
|
||||
+++ b/fs/fcntl.c
|
||||
@@ -85,6 +85,7 @@ int setfl(int fd, struct file * filp, unsigned long arg)
|
||||
@@ -85,6 +85,7 @@ int setfl(int fd, struct file * filp, un
|
||||
out:
|
||||
return error;
|
||||
}
|
||||
|
@ -52,11 +46,9 @@ index cffefab..725d190 100644
|
|||
|
||||
static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
|
||||
int force)
|
||||
diff --git a/fs/file_table.c b/fs/file_table.c
|
||||
index 61517f5..c6bab39c 100644
|
||||
--- a/fs/file_table.c
|
||||
+++ b/fs/file_table.c
|
||||
@@ -148,6 +148,7 @@ struct file *get_empty_filp(void)
|
||||
@@ -148,6 +148,7 @@ over:
|
||||
}
|
||||
return ERR_PTR(-ENFILE);
|
||||
}
|
||||
|
@ -88,11 +80,9 @@ index 61517f5..c6bab39c 100644
|
|||
|
||||
void __init files_init(void)
|
||||
{
|
||||
diff --git a/fs/inode.c b/fs/inode.c
|
||||
index f7800d6..f31a6c7 100644
|
||||
--- a/fs/inode.c
|
||||
+++ b/fs/inode.c
|
||||
@@ -1664,6 +1664,7 @@ int update_time(struct inode *inode, struct timespec *time, int flags)
|
||||
@@ -1664,6 +1664,7 @@ int update_time(struct inode *inode, str
|
||||
|
||||
return update_time(inode, time, flags);
|
||||
}
|
||||
|
@ -100,11 +90,9 @@ index f7800d6..f31a6c7 100644
|
|||
|
||||
/**
|
||||
* touch_atime - update the access time
|
||||
diff --git a/fs/namespace.c b/fs/namespace.c
|
||||
index e5a4a7f..6d0c376 100644
|
||||
--- a/fs/namespace.c
|
||||
+++ b/fs/namespace.c
|
||||
@@ -517,6 +517,7 @@ void __mnt_drop_write(struct vfsmount *mnt)
|
||||
@@ -517,6 +517,7 @@ void __mnt_drop_write(struct vfsmount *m
|
||||
mnt_dec_writers(real_mount(mnt));
|
||||
preempt_enable();
|
||||
}
|
||||
|
@ -112,7 +100,7 @@ index e5a4a7f..6d0c376 100644
|
|||
|
||||
/**
|
||||
* mnt_drop_write - give up write access to a mount
|
||||
@@ -851,6 +852,7 @@ int is_current_mnt_ns(struct vfsmount *mnt)
|
||||
@@ -851,6 +852,7 @@ int is_current_mnt_ns(struct vfsmount *m
|
||||
{
|
||||
return check_mnt(real_mount(mnt));
|
||||
}
|
||||
|
@ -120,7 +108,7 @@ index e5a4a7f..6d0c376 100644
|
|||
|
||||
/*
|
||||
* vfsmount lock must be held for write
|
||||
@@ -1887,6 +1889,7 @@ int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg,
|
||||
@@ -1887,6 +1889,7 @@ int iterate_mounts(int (*f)(struct vfsmo
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
@ -128,8 +116,6 @@ index e5a4a7f..6d0c376 100644
|
|||
|
||||
static void cleanup_group_ids(struct mount *mnt, struct mount *end)
|
||||
{
|
||||
diff --git a/fs/notify/group.c b/fs/notify/group.c
|
||||
index 3235753..14a2d48 100644
|
||||
--- a/fs/notify/group.c
|
||||
+++ b/fs/notify/group.c
|
||||
@@ -22,6 +22,7 @@
|
||||
|
@ -140,7 +126,7 @@ index 3235753..14a2d48 100644
|
|||
|
||||
#include <linux/fsnotify_backend.h>
|
||||
#include "fsnotify.h"
|
||||
@@ -109,6 +110,7 @@ void fsnotify_get_group(struct fsnotify_group *group)
|
||||
@@ -109,6 +110,7 @@ void fsnotify_get_group(struct fsnotify_
|
||||
{
|
||||
atomic_inc(&group->refcnt);
|
||||
}
|
||||
|
@ -148,7 +134,7 @@ index 3235753..14a2d48 100644
|
|||
|
||||
/*
|
||||
* Drop a reference to a group. Free it if it's through.
|
||||
@@ -118,6 +120,7 @@ void fsnotify_put_group(struct fsnotify_group *group)
|
||||
@@ -118,6 +120,7 @@ void fsnotify_put_group(struct fsnotify_
|
||||
if (atomic_dec_and_test(&group->refcnt))
|
||||
fsnotify_final_destroy_group(group);
|
||||
}
|
||||
|
@ -156,7 +142,7 @@ index 3235753..14a2d48 100644
|
|||
|
||||
/*
|
||||
* Create a new fsnotify_group and hold a reference for the group returned.
|
||||
@@ -147,6 +150,7 @@ struct fsnotify_group *fsnotify_alloc_group(const struct fsnotify_ops *ops)
|
||||
@@ -147,6 +150,7 @@ struct fsnotify_group *fsnotify_alloc_gr
|
||||
|
||||
return group;
|
||||
}
|
||||
|
@ -164,19 +150,17 @@ index 3235753..14a2d48 100644
|
|||
|
||||
int fsnotify_fasync(int fd, struct file *file, int on)
|
||||
{
|
||||
diff --git a/fs/notify/mark.c b/fs/notify/mark.c
|
||||
index 9991f88..117042c 100644
|
||||
--- a/fs/notify/mark.c
|
||||
+++ b/fs/notify/mark.c
|
||||
@@ -118,6 +118,7 @@ static bool fsnotify_get_mark_safe(struct fsnotify_mark *mark)
|
||||
{
|
||||
return atomic_inc_not_zero(&mark->refcnt);
|
||||
@@ -245,6 +245,7 @@ void fsnotify_put_mark(struct fsnotify_m
|
||||
queue_delayed_work(system_unbound_wq, &reaper_work,
|
||||
FSNOTIFY_REAPER_DELAY);
|
||||
}
|
||||
+EXPORT_SYMBOL_GPL(fsnotify_put_mark);
|
||||
|
||||
static void __fsnotify_recalc_mask(struct fsnotify_mark_connector *conn)
|
||||
{
|
||||
@@ -395,6 +396,7 @@ void fsnotify_destroy_mark(struct fsnotify_mark *mark,
|
||||
/*
|
||||
* Get mark reference when we found the mark via lockless traversal of object
|
||||
@@ -392,6 +393,7 @@ void fsnotify_destroy_mark(struct fsnoti
|
||||
mutex_unlock(&group->mark_mutex);
|
||||
fsnotify_free_mark(mark);
|
||||
}
|
||||
|
@ -184,7 +168,7 @@ index 9991f88..117042c 100644
|
|||
|
||||
/*
|
||||
* Sorting function for lists of fsnotify marks.
|
||||
@@ -607,6 +609,7 @@ int fsnotify_add_mark_locked(struct fsnotify_mark *mark, struct inode *inode,
|
||||
@@ -604,6 +606,7 @@ err:
|
||||
fsnotify_put_mark(mark);
|
||||
return ret;
|
||||
}
|
||||
|
@ -192,7 +176,7 @@ index 9991f88..117042c 100644
|
|||
|
||||
int fsnotify_add_mark(struct fsnotify_mark *mark, struct inode *inode,
|
||||
struct vfsmount *mnt, int allow_dups)
|
||||
@@ -742,6 +745,7 @@ void fsnotify_init_mark(struct fsnotify_mark *mark,
|
||||
@@ -739,6 +742,7 @@ void fsnotify_init_mark(struct fsnotify_
|
||||
fsnotify_get_group(group);
|
||||
mark->group = group;
|
||||
}
|
||||
|
@ -200,11 +184,9 @@ index 9991f88..117042c 100644
|
|||
|
||||
/*
|
||||
* Destroy all marks in destroy_list, waits for SRCU period to finish before
|
||||
diff --git a/fs/open.c b/fs/open.c
|
||||
index 7ea1184..6e2e241 100644
|
||||
--- a/fs/open.c
|
||||
+++ b/fs/open.c
|
||||
@@ -64,6 +64,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
|
||||
@@ -64,6 +64,7 @@ int do_truncate(struct dentry *dentry, l
|
||||
inode_unlock(dentry->d_inode);
|
||||
return ret;
|
||||
}
|
||||
|
@ -220,11 +202,9 @@ index 7ea1184..6e2e241 100644
|
|||
|
||||
static int do_dentry_open(struct file *f,
|
||||
struct inode *inode,
|
||||
diff --git a/fs/read_write.c b/fs/read_write.c
|
||||
index 2388284..b2a68e5 100644
|
||||
--- a/fs/read_write.c
|
||||
+++ b/fs/read_write.c
|
||||
@@ -454,6 +454,7 @@ ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos)
|
||||
@@ -454,6 +454,7 @@ ssize_t vfs_read(struct file *file, char
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
@ -240,7 +220,7 @@ index 2388284..b2a68e5 100644
|
|||
|
||||
vfs_writef_t vfs_writef(struct file *file)
|
||||
{
|
||||
@@ -505,6 +507,7 @@ vfs_writef_t vfs_writef(struct file *file)
|
||||
@@ -505,6 +507,7 @@ vfs_writef_t vfs_writef(struct file *fil
|
||||
return new_sync_write;
|
||||
return ERR_PTR(-ENOSYS);
|
||||
}
|
||||
|
@ -248,7 +228,7 @@ index 2388284..b2a68e5 100644
|
|||
|
||||
ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos)
|
||||
{
|
||||
@@ -574,6 +577,7 @@ ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_
|
||||
@@ -574,6 +577,7 @@ ssize_t vfs_write(struct file *file, con
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
@ -256,11 +236,9 @@ index 2388284..b2a68e5 100644
|
|||
|
||||
static inline loff_t file_pos_read(struct file *file)
|
||||
{
|
||||
diff --git a/fs/splice.c b/fs/splice.c
|
||||
index eb888c6..7ab89d2 100644
|
||||
--- a/fs/splice.c
|
||||
+++ b/fs/splice.c
|
||||
@@ -850,6 +850,7 @@ long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
|
||||
@@ -850,6 +850,7 @@ long do_splice_from(struct pipe_inode_in
|
||||
|
||||
return splice_write(pipe, out, ppos, len, flags);
|
||||
}
|
||||
|
@ -268,7 +246,7 @@ index eb888c6..7ab89d2 100644
|
|||
|
||||
/*
|
||||
* Attempt to initiate a splice from a file to a pipe.
|
||||
@@ -879,6 +880,7 @@ long do_splice_to(struct file *in, loff_t *ppos,
|
||||
@@ -879,6 +880,7 @@ long do_splice_to(struct file *in, loff_
|
||||
|
||||
return splice_read(in, ppos, pipe, len, flags);
|
||||
}
|
||||
|
@ -276,11 +254,9 @@ index eb888c6..7ab89d2 100644
|
|||
|
||||
/**
|
||||
* splice_direct_to_actor - splices data directly between two non-pipes
|
||||
diff --git a/fs/sync.c b/fs/sync.c
|
||||
index fe15900..e3386ea 100644
|
||||
--- a/fs/sync.c
|
||||
+++ b/fs/sync.c
|
||||
@@ -39,6 +39,7 @@ int __sync_filesystem(struct super_block *sb, int wait)
|
||||
@@ -39,6 +39,7 @@ int __sync_filesystem(struct super_block
|
||||
sb->s_op->sync_fs(sb, wait);
|
||||
return __sync_blockdev(sb->s_bdev, wait);
|
||||
}
|
||||
|
@ -288,11 +264,9 @@ index fe15900..e3386ea 100644
|
|||
|
||||
/*
|
||||
* Write out and wait upon all dirty data associated with this
|
||||
diff --git a/fs/xattr.c b/fs/xattr.c
|
||||
index 61cd28b..35570cd 100644
|
||||
--- a/fs/xattr.c
|
||||
+++ b/fs/xattr.c
|
||||
@@ -297,6 +297,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
|
||||
@@ -297,6 +297,7 @@ vfs_getxattr_alloc(struct dentry *dentry
|
||||
*xattr_value = value;
|
||||
return error;
|
||||
}
|
||||
|
@ -300,11 +274,9 @@ index 61cd28b..35570cd 100644
|
|||
|
||||
ssize_t
|
||||
__vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
|
||||
diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c
|
||||
index bc97a97..895a1ba 100644
|
||||
--- a/kernel/locking/lockdep.c
|
||||
+++ b/kernel/locking/lockdep.c
|
||||
@@ -155,6 +155,7 @@ inline struct lock_class *lockdep_hlock_class(struct held_lock *hlock)
|
||||
@@ -155,6 +155,7 @@ inline struct lock_class *lockdep_hlock_
|
||||
}
|
||||
return lock_classes + hlock->class_idx - 1;
|
||||
}
|
||||
|
@ -312,8 +284,6 @@ index bc97a97..895a1ba 100644
|
|||
#define hlock_class(hlock) lockdep_hlock_class(hlock)
|
||||
|
||||
#ifdef CONFIG_LOCK_STAT
|
||||
diff --git a/kernel/task_work.c b/kernel/task_work.c
|
||||
index 5718b3e..e6c64d9 100644
|
||||
--- a/kernel/task_work.c
|
||||
+++ b/kernel/task_work.c
|
||||
@@ -116,3 +116,4 @@ void task_work_run(void)
|
||||
|
@ -321,8 +291,6 @@ index 5718b3e..e6c64d9 100644
|
|||
}
|
||||
}
|
||||
+EXPORT_SYMBOL_GPL(task_work_run);
|
||||
diff --git a/security/commoncap.c b/security/commoncap.c
|
||||
index fc46f5b..90543ef 100644
|
||||
--- a/security/commoncap.c
|
||||
+++ b/security/commoncap.c
|
||||
@@ -1270,12 +1270,14 @@ int cap_mmap_addr(unsigned long addr)
|
||||
|
@ -340,8 +308,6 @@ index fc46f5b..90543ef 100644
|
|||
|
||||
#ifdef CONFIG_SECURITY
|
||||
|
||||
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
|
||||
index 5ef7e52..e2e959d 100644
|
||||
--- a/security/device_cgroup.c
|
||||
+++ b/security/device_cgroup.c
|
||||
@@ -8,6 +8,7 @@
|
||||
|
@ -352,7 +318,7 @@ index 5ef7e52..e2e959d 100644
|
|||
#include <linux/list.h>
|
||||
#include <linux/uaccess.h>
|
||||
#include <linux/seq_file.h>
|
||||
@@ -850,6 +851,7 @@ int __devcgroup_inode_permission(struct inode *inode, int mask)
|
||||
@@ -850,6 +851,7 @@ int __devcgroup_inode_permission(struct
|
||||
return __devcgroup_check_permission(type, imajor(inode), iminor(inode),
|
||||
access);
|
||||
}
|
||||
|
@ -360,11 +326,9 @@ index 5ef7e52..e2e959d 100644
|
|||
|
||||
int devcgroup_inode_mknod(int mode, dev_t dev)
|
||||
{
|
||||
diff --git a/security/security.c b/security/security.c
|
||||
index 4bf0f57..b30d1e1 100644
|
||||
--- a/security/security.c
|
||||
+++ b/security/security.c
|
||||
@@ -530,6 +530,7 @@ int security_path_rmdir(const struct path *dir, struct dentry *dentry)
|
||||
@@ -530,6 +530,7 @@ int security_path_rmdir(const struct pat
|
||||
return 0;
|
||||
return call_int_hook(path_rmdir, 0, dir, dentry);
|
||||
}
|
||||
|
@ -372,7 +336,7 @@ index 4bf0f57..b30d1e1 100644
|
|||
|
||||
int security_path_unlink(const struct path *dir, struct dentry *dentry)
|
||||
{
|
||||
@@ -546,6 +547,7 @@ int security_path_symlink(const struct path *dir, struct dentry *dentry,
|
||||
@@ -546,6 +547,7 @@ int security_path_symlink(const struct p
|
||||
return 0;
|
||||
return call_int_hook(path_symlink, 0, dir, dentry, old_name);
|
||||
}
|
||||
|
@ -380,7 +344,7 @@ index 4bf0f57..b30d1e1 100644
|
|||
|
||||
int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
|
||||
struct dentry *new_dentry)
|
||||
@@ -554,6 +556,7 @@ int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
|
||||
@@ -554,6 +556,7 @@ int security_path_link(struct dentry *ol
|
||||
return 0;
|
||||
return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry);
|
||||
}
|
||||
|
@ -388,7 +352,7 @@ index 4bf0f57..b30d1e1 100644
|
|||
|
||||
int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
|
||||
const struct path *new_dir, struct dentry *new_dentry,
|
||||
@@ -581,6 +584,7 @@ int security_path_truncate(const struct path *path)
|
||||
@@ -581,6 +584,7 @@ int security_path_truncate(const struct
|
||||
return 0;
|
||||
return call_int_hook(path_truncate, 0, path);
|
||||
}
|
||||
|
@ -396,7 +360,7 @@ index 4bf0f57..b30d1e1 100644
|
|||
|
||||
int security_path_chmod(const struct path *path, umode_t mode)
|
||||
{
|
||||
@@ -588,6 +592,7 @@ int security_path_chmod(const struct path *path, umode_t mode)
|
||||
@@ -588,6 +592,7 @@ int security_path_chmod(const struct pat
|
||||
return 0;
|
||||
return call_int_hook(path_chmod, 0, path, mode);
|
||||
}
|
||||
|
@ -404,7 +368,7 @@ index 4bf0f57..b30d1e1 100644
|
|||
|
||||
int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
|
||||
{
|
||||
@@ -595,6 +600,7 @@ int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
|
||||
@@ -595,6 +600,7 @@ int security_path_chown(const struct pat
|
||||
return 0;
|
||||
return call_int_hook(path_chown, 0, path, uid, gid);
|
||||
}
|
||||
|
@ -412,7 +376,7 @@ index 4bf0f57..b30d1e1 100644
|
|||
|
||||
int security_path_chroot(const struct path *path)
|
||||
{
|
||||
@@ -680,6 +686,7 @@ int security_inode_readlink(struct dentry *dentry)
|
||||
@@ -680,6 +686,7 @@ int security_inode_readlink(struct dentr
|
||||
return 0;
|
||||
return call_int_hook(inode_readlink, 0, dentry);
|
||||
}
|
||||
|
@ -420,7 +384,7 @@ index 4bf0f57..b30d1e1 100644
|
|||
|
||||
int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
|
||||
bool rcu)
|
||||
@@ -695,6 +702,7 @@ int security_inode_permission(struct inode *inode, int mask)
|
||||
@@ -695,6 +702,7 @@ int security_inode_permission(struct ino
|
||||
return 0;
|
||||
return call_int_hook(inode_permission, 0, inode, mask);
|
||||
}
|
||||
|
@ -428,7 +392,7 @@ index 4bf0f57..b30d1e1 100644
|
|||
|
||||
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
|
||||
{
|
||||
@@ -866,6 +874,7 @@ int security_file_permission(struct file *file, int mask)
|
||||
@@ -866,6 +874,7 @@ int security_file_permission(struct file
|
||||
|
||||
return fsnotify_perm(file, mask);
|
||||
}
|
||||
|
@ -436,7 +400,7 @@ index 4bf0f57..b30d1e1 100644
|
|||
|
||||
int security_file_alloc(struct file *file)
|
||||
{
|
||||
@@ -925,6 +934,7 @@ int security_mmap_file(struct file *file, unsigned long prot,
|
||||
@@ -925,6 +934,7 @@ int security_mmap_file(struct file *file
|
||||
return ret;
|
||||
return ima_file_mmap(file, prot);
|
||||
}
|
||||
|
|
|
@ -7,6 +7,7 @@ There are a few local_irq_disable() which then take sleeping locks. This
|
|||
patch converts them local locks.
|
||||
|
||||
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
[bwh: Adjust context after 4.14.4]
|
||||
---
|
||||
mm/memcontrol.c | 24 ++++++++++++++++--------
|
||||
1 file changed, 16 insertions(+), 8 deletions(-)
|
||||
|
@ -110,7 +111,7 @@ Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
|||
memcg_check_events(memcg, page);
|
||||
|
||||
if (!mem_cgroup_is_root(memcg))
|
||||
css_put(&memcg->css);
|
||||
css_put_many(&memcg->css, nr_entries);
|
||||
+ local_unlock_irqrestore(event_lock, flags);
|
||||
}
|
||||
|
||||
|
|
|
@ -1,565 +0,0 @@
|
|||
From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org>
|
||||
Date: Fri, 6 Oct 2017 14:05:04 -0400
|
||||
Subject: [PATCH] sched/rt: Simplify the IPI based RT balancing logic
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.14/older/patches-4.14.1-rt3.tar.xz
|
||||
|
||||
Upstream commit 4bdced5c9a2922521e325896a7bbbf0132c94e56
|
||||
|
||||
When a CPU lowers its priority (schedules out a high priority task for a
|
||||
lower priority one), a check is made to see if any other CPU has overloaded
|
||||
RT tasks (more than one). It checks the rto_mask to determine this and if so
|
||||
it will request to pull one of those tasks to itself if the non running RT
|
||||
task is of higher priority than the new priority of the next task to run on
|
||||
the current CPU.
|
||||
|
||||
When we deal with large number of CPUs, the original pull logic suffered
|
||||
from large lock contention on a single CPU run queue, which caused a huge
|
||||
latency across all CPUs. This was caused by only having one CPU having
|
||||
overloaded RT tasks and a bunch of other CPUs lowering their priority. To
|
||||
solve this issue, commit:
|
||||
|
||||
b6366f048e0c ("sched/rt: Use IPI to trigger RT task push migration instead of pulling")
|
||||
|
||||
changed the way to request a pull. Instead of grabbing the lock of the
|
||||
overloaded CPU's runqueue, it simply sent an IPI to that CPU to do the work.
|
||||
|
||||
Although the IPI logic worked very well in removing the large latency build
|
||||
up, it still could suffer from a large number of IPIs being sent to a single
|
||||
CPU. On a 80 CPU box, I measured over 200us of processing IPIs. Worse yet,
|
||||
when I tested this on a 120 CPU box, with a stress test that had lots of
|
||||
RT tasks scheduling on all CPUs, it actually triggered the hard lockup
|
||||
detector! One CPU had so many IPIs sent to it, and due to the restart
|
||||
mechanism that is triggered when the source run queue has a priority status
|
||||
change, the CPU spent minutes! processing the IPIs.
|
||||
|
||||
Thinking about this further, I realized there's no reason for each run queue
|
||||
to send its own IPI. As all CPUs with overloaded tasks must be scanned
|
||||
regardless if there's one or many CPUs lowering their priority, because
|
||||
there's no current way to find the CPU with the highest priority task that
|
||||
can schedule to one of these CPUs, there really only needs to be one IPI
|
||||
being sent around at a time.
|
||||
|
||||
This greatly simplifies the code!
|
||||
|
||||
The new approach is to have each root domain have its own irq work, as the
|
||||
rto_mask is per root domain. The root domain has the following fields
|
||||
attached to it:
|
||||
|
||||
rto_push_work - the irq work to process each CPU set in rto_mask
|
||||
rto_lock - the lock to protect some of the other rto fields
|
||||
rto_loop_start - an atomic that keeps contention down on rto_lock
|
||||
the first CPU scheduling in a lower priority task
|
||||
is the one to kick off the process.
|
||||
rto_loop_next - an atomic that gets incremented for each CPU that
|
||||
schedules in a lower priority task.
|
||||
rto_loop - a variable protected by rto_lock that is used to
|
||||
compare against rto_loop_next
|
||||
rto_cpu - The cpu to send the next IPI to, also protected by
|
||||
the rto_lock.
|
||||
|
||||
When a CPU schedules in a lower priority task and wants to make sure
|
||||
overloaded CPUs know about it. It increments the rto_loop_next. Then it
|
||||
atomically sets rto_loop_start with a cmpxchg. If the old value is not "0",
|
||||
then it is done, as another CPU is kicking off the IPI loop. If the old
|
||||
value is "0", then it will take the rto_lock to synchronize with a possible
|
||||
IPI being sent around to the overloaded CPUs.
|
||||
|
||||
If rto_cpu is greater than or equal to nr_cpu_ids, then there's either no
|
||||
IPI being sent around, or one is about to finish. Then rto_cpu is set to the
|
||||
first CPU in rto_mask and an IPI is sent to that CPU. If there's no CPUs set
|
||||
in rto_mask, then there's nothing to be done.
|
||||
|
||||
When the CPU receives the IPI, it will first try to push any RT tasks that is
|
||||
queued on the CPU but can't run because a higher priority RT task is
|
||||
currently running on that CPU.
|
||||
|
||||
Then it takes the rto_lock and looks for the next CPU in the rto_mask. If it
|
||||
finds one, it simply sends an IPI to that CPU and the process continues.
|
||||
|
||||
If there's no more CPUs in the rto_mask, then rto_loop is compared with
|
||||
rto_loop_next. If they match, everything is done and the process is over. If
|
||||
they do not match, then a CPU scheduled in a lower priority task as the IPI
|
||||
was being passed around, and the process needs to start again. The first CPU
|
||||
in rto_mask is sent the IPI.
|
||||
|
||||
This change removes this duplication of work in the IPI logic, and greatly
|
||||
lowers the latency caused by the IPIs. This removed the lockup happening on
|
||||
the 120 CPU machine. It also simplifies the code tremendously. What else
|
||||
could anyone ask for?
|
||||
|
||||
Thanks to Peter Zijlstra for simplifying the rto_loop_start atomic logic and
|
||||
supplying me with the rto_start_trylock() and rto_start_unlock() helper
|
||||
functions.
|
||||
|
||||
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
|
||||
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
|
||||
Cc: Clark Williams <williams@redhat.com>
|
||||
Cc: Daniel Bristot de Oliveira <bristot@redhat.com>
|
||||
Cc: John Kacur <jkacur@redhat.com>
|
||||
Cc: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Cc: Mike Galbraith <efault@gmx.de>
|
||||
Cc: Peter Zijlstra <peterz@infradead.org>
|
||||
Cc: Scott Wood <swood@redhat.com>
|
||||
Cc: Thomas Gleixner <tglx@linutronix.de>
|
||||
Link: http://lkml.kernel.org/r/20170424114732.1aac6dc4@gandalf.local.home
|
||||
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
||||
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
---
|
||||
kernel/sched/rt.c | 316 +++++++++++++++++-------------------------------
|
||||
kernel/sched/sched.h | 24 ++-
|
||||
kernel/sched/topology.c | 6
|
||||
3 files changed, 138 insertions(+), 208 deletions(-)
|
||||
|
||||
--- a/kernel/sched/rt.c
|
||||
+++ b/kernel/sched/rt.c
|
||||
@@ -74,10 +74,6 @@ static void start_rt_bandwidth(struct rt
|
||||
raw_spin_unlock(&rt_b->rt_runtime_lock);
|
||||
}
|
||||
|
||||
-#if defined(CONFIG_SMP) && defined(HAVE_RT_PUSH_IPI)
|
||||
-static void push_irq_work_func(struct irq_work *work);
|
||||
-#endif
|
||||
-
|
||||
void init_rt_rq(struct rt_rq *rt_rq)
|
||||
{
|
||||
struct rt_prio_array *array;
|
||||
@@ -97,13 +93,6 @@ void init_rt_rq(struct rt_rq *rt_rq)
|
||||
rt_rq->rt_nr_migratory = 0;
|
||||
rt_rq->overloaded = 0;
|
||||
plist_head_init(&rt_rq->pushable_tasks);
|
||||
-
|
||||
-#ifdef HAVE_RT_PUSH_IPI
|
||||
- rt_rq->push_flags = 0;
|
||||
- rt_rq->push_cpu = nr_cpu_ids;
|
||||
- raw_spin_lock_init(&rt_rq->push_lock);
|
||||
- init_irq_work(&rt_rq->push_work, push_irq_work_func);
|
||||
-#endif
|
||||
#endif /* CONFIG_SMP */
|
||||
/* We start is dequeued state, because no RT tasks are queued */
|
||||
rt_rq->rt_queued = 0;
|
||||
@@ -1876,241 +1865,166 @@ static void push_rt_tasks(struct rq *rq)
|
||||
}
|
||||
|
||||
#ifdef HAVE_RT_PUSH_IPI
|
||||
+
|
||||
/*
|
||||
- * The search for the next cpu always starts at rq->cpu and ends
|
||||
- * when we reach rq->cpu again. It will never return rq->cpu.
|
||||
- * This returns the next cpu to check, or nr_cpu_ids if the loop
|
||||
- * is complete.
|
||||
+ * When a high priority task schedules out from a CPU and a lower priority
|
||||
+ * task is scheduled in, a check is made to see if there's any RT tasks
|
||||
+ * on other CPUs that are waiting to run because a higher priority RT task
|
||||
+ * is currently running on its CPU. In this case, the CPU with multiple RT
|
||||
+ * tasks queued on it (overloaded) needs to be notified that a CPU has opened
|
||||
+ * up that may be able to run one of its non-running queued RT tasks.
|
||||
+ *
|
||||
+ * All CPUs with overloaded RT tasks need to be notified as there is currently
|
||||
+ * no way to know which of these CPUs have the highest priority task waiting
|
||||
+ * to run. Instead of trying to take a spinlock on each of these CPUs,
|
||||
+ * which has shown to cause large latency when done on machines with many
|
||||
+ * CPUs, sending an IPI to the CPUs to have them push off the overloaded
|
||||
+ * RT tasks waiting to run.
|
||||
+ *
|
||||
+ * Just sending an IPI to each of the CPUs is also an issue, as on large
|
||||
+ * count CPU machines, this can cause an IPI storm on a CPU, especially
|
||||
+ * if its the only CPU with multiple RT tasks queued, and a large number
|
||||
+ * of CPUs scheduling a lower priority task at the same time.
|
||||
+ *
|
||||
+ * Each root domain has its own irq work function that can iterate over
|
||||
+ * all CPUs with RT overloaded tasks. Since all CPUs with overloaded RT
|
||||
+ * tassk must be checked if there's one or many CPUs that are lowering
|
||||
+ * their priority, there's a single irq work iterator that will try to
|
||||
+ * push off RT tasks that are waiting to run.
|
||||
+ *
|
||||
+ * When a CPU schedules a lower priority task, it will kick off the
|
||||
+ * irq work iterator that will jump to each CPU with overloaded RT tasks.
|
||||
+ * As it only takes the first CPU that schedules a lower priority task
|
||||
+ * to start the process, the rto_start variable is incremented and if
|
||||
+ * the atomic result is one, then that CPU will try to take the rto_lock.
|
||||
+ * This prevents high contention on the lock as the process handles all
|
||||
+ * CPUs scheduling lower priority tasks.
|
||||
+ *
|
||||
+ * All CPUs that are scheduling a lower priority task will increment the
|
||||
+ * rt_loop_next variable. This will make sure that the irq work iterator
|
||||
+ * checks all RT overloaded CPUs whenever a CPU schedules a new lower
|
||||
+ * priority task, even if the iterator is in the middle of a scan. Incrementing
|
||||
+ * the rt_loop_next will cause the iterator to perform another scan.
|
||||
*
|
||||
- * rq->rt.push_cpu holds the last cpu returned by this function,
|
||||
- * or if this is the first instance, it must hold rq->cpu.
|
||||
*/
|
||||
static int rto_next_cpu(struct rq *rq)
|
||||
{
|
||||
- int prev_cpu = rq->rt.push_cpu;
|
||||
+ struct root_domain *rd = rq->rd;
|
||||
+ int next;
|
||||
int cpu;
|
||||
|
||||
- cpu = cpumask_next(prev_cpu, rq->rd->rto_mask);
|
||||
-
|
||||
/*
|
||||
- * If the previous cpu is less than the rq's CPU, then it already
|
||||
- * passed the end of the mask, and has started from the beginning.
|
||||
- * We end if the next CPU is greater or equal to rq's CPU.
|
||||
+ * When starting the IPI RT pushing, the rto_cpu is set to -1,
|
||||
+ * rt_next_cpu() will simply return the first CPU found in
|
||||
+ * the rto_mask.
|
||||
+ *
|
||||
+ * If rto_next_cpu() is called with rto_cpu is a valid cpu, it
|
||||
+ * will return the next CPU found in the rto_mask.
|
||||
+ *
|
||||
+ * If there are no more CPUs left in the rto_mask, then a check is made
|
||||
+ * against rto_loop and rto_loop_next. rto_loop is only updated with
|
||||
+ * the rto_lock held, but any CPU may increment the rto_loop_next
|
||||
+ * without any locking.
|
||||
*/
|
||||
- if (prev_cpu < rq->cpu) {
|
||||
- if (cpu >= rq->cpu)
|
||||
- return nr_cpu_ids;
|
||||
+ for (;;) {
|
||||
|
||||
- } else if (cpu >= nr_cpu_ids) {
|
||||
- /*
|
||||
- * We passed the end of the mask, start at the beginning.
|
||||
- * If the result is greater or equal to the rq's CPU, then
|
||||
- * the loop is finished.
|
||||
- */
|
||||
- cpu = cpumask_first(rq->rd->rto_mask);
|
||||
- if (cpu >= rq->cpu)
|
||||
- return nr_cpu_ids;
|
||||
- }
|
||||
- rq->rt.push_cpu = cpu;
|
||||
+ /* When rto_cpu is -1 this acts like cpumask_first() */
|
||||
+ cpu = cpumask_next(rd->rto_cpu, rd->rto_mask);
|
||||
|
||||
- /* Return cpu to let the caller know if the loop is finished or not */
|
||||
- return cpu;
|
||||
-}
|
||||
+ rd->rto_cpu = cpu;
|
||||
|
||||
-static int find_next_push_cpu(struct rq *rq)
|
||||
-{
|
||||
- struct rq *next_rq;
|
||||
- int cpu;
|
||||
+ if (cpu < nr_cpu_ids)
|
||||
+ return cpu;
|
||||
|
||||
- while (1) {
|
||||
- cpu = rto_next_cpu(rq);
|
||||
- if (cpu >= nr_cpu_ids)
|
||||
- break;
|
||||
- next_rq = cpu_rq(cpu);
|
||||
+ rd->rto_cpu = -1;
|
||||
+
|
||||
+ /*
|
||||
+ * ACQUIRE ensures we see the @rto_mask changes
|
||||
+ * made prior to the @next value observed.
|
||||
+ *
|
||||
+ * Matches WMB in rt_set_overload().
|
||||
+ */
|
||||
+ next = atomic_read_acquire(&rd->rto_loop_next);
|
||||
|
||||
- /* Make sure the next rq can push to this rq */
|
||||
- if (next_rq->rt.highest_prio.next < rq->rt.highest_prio.curr)
|
||||
+ if (rd->rto_loop == next)
|
||||
break;
|
||||
+
|
||||
+ rd->rto_loop = next;
|
||||
}
|
||||
|
||||
- return cpu;
|
||||
+ return -1;
|
||||
}
|
||||
|
||||
-#define RT_PUSH_IPI_EXECUTING 1
|
||||
-#define RT_PUSH_IPI_RESTART 2
|
||||
+static inline bool rto_start_trylock(atomic_t *v)
|
||||
+{
|
||||
+ return !atomic_cmpxchg_acquire(v, 0, 1);
|
||||
+}
|
||||
|
||||
-/*
|
||||
- * When a high priority task schedules out from a CPU and a lower priority
|
||||
- * task is scheduled in, a check is made to see if there's any RT tasks
|
||||
- * on other CPUs that are waiting to run because a higher priority RT task
|
||||
- * is currently running on its CPU. In this case, the CPU with multiple RT
|
||||
- * tasks queued on it (overloaded) needs to be notified that a CPU has opened
|
||||
- * up that may be able to run one of its non-running queued RT tasks.
|
||||
- *
|
||||
- * On large CPU boxes, there's the case that several CPUs could schedule
|
||||
- * a lower priority task at the same time, in which case it will look for
|
||||
- * any overloaded CPUs that it could pull a task from. To do this, the runqueue
|
||||
- * lock must be taken from that overloaded CPU. Having 10s of CPUs all fighting
|
||||
- * for a single overloaded CPU's runqueue lock can produce a large latency.
|
||||
- * (This has actually been observed on large boxes running cyclictest).
|
||||
- * Instead of taking the runqueue lock of the overloaded CPU, each of the
|
||||
- * CPUs that scheduled a lower priority task simply sends an IPI to the
|
||||
- * overloaded CPU. An IPI is much cheaper than taking an runqueue lock with
|
||||
- * lots of contention. The overloaded CPU will look to push its non-running
|
||||
- * RT task off, and if it does, it can then ignore the other IPIs coming
|
||||
- * in, and just pass those IPIs off to any other overloaded CPU.
|
||||
- *
|
||||
- * When a CPU schedules a lower priority task, it only sends an IPI to
|
||||
- * the "next" CPU that has overloaded RT tasks. This prevents IPI storms,
|
||||
- * as having 10 CPUs scheduling lower priority tasks and 10 CPUs with
|
||||
- * RT overloaded tasks, would cause 100 IPIs to go out at once.
|
||||
- *
|
||||
- * The overloaded RT CPU, when receiving an IPI, will try to push off its
|
||||
- * overloaded RT tasks and then send an IPI to the next CPU that has
|
||||
- * overloaded RT tasks. This stops when all CPUs with overloaded RT tasks
|
||||
- * have completed. Just because a CPU may have pushed off its own overloaded
|
||||
- * RT task does not mean it should stop sending the IPI around to other
|
||||
- * overloaded CPUs. There may be another RT task waiting to run on one of
|
||||
- * those CPUs that are of higher priority than the one that was just
|
||||
- * pushed.
|
||||
- *
|
||||
- * An optimization that could possibly be made is to make a CPU array similar
|
||||
- * to the cpupri array mask of all running RT tasks, but for the overloaded
|
||||
- * case, then the IPI could be sent to only the CPU with the highest priority
|
||||
- * RT task waiting, and that CPU could send off further IPIs to the CPU with
|
||||
- * the next highest waiting task. Since the overloaded case is much less likely
|
||||
- * to happen, the complexity of this implementation may not be worth it.
|
||||
- * Instead, just send an IPI around to all overloaded CPUs.
|
||||
- *
|
||||
- * The rq->rt.push_flags holds the status of the IPI that is going around.
|
||||
- * A run queue can only send out a single IPI at a time. The possible flags
|
||||
- * for rq->rt.push_flags are:
|
||||
- *
|
||||
- * (None or zero): No IPI is going around for the current rq
|
||||
- * RT_PUSH_IPI_EXECUTING: An IPI for the rq is being passed around
|
||||
- * RT_PUSH_IPI_RESTART: The priority of the running task for the rq
|
||||
- * has changed, and the IPI should restart
|
||||
- * circulating the overloaded CPUs again.
|
||||
- *
|
||||
- * rq->rt.push_cpu contains the CPU that is being sent the IPI. It is updated
|
||||
- * before sending to the next CPU.
|
||||
- *
|
||||
- * Instead of having all CPUs that schedule a lower priority task send
|
||||
- * an IPI to the same "first" CPU in the RT overload mask, they send it
|
||||
- * to the next overloaded CPU after their own CPU. This helps distribute
|
||||
- * the work when there's more than one overloaded CPU and multiple CPUs
|
||||
- * scheduling in lower priority tasks.
|
||||
- *
|
||||
- * When a rq schedules a lower priority task than what was currently
|
||||
- * running, the next CPU with overloaded RT tasks is examined first.
|
||||
- * That is, if CPU 1 and 5 are overloaded, and CPU 3 schedules a lower
|
||||
- * priority task, it will send an IPI first to CPU 5, then CPU 5 will
|
||||
- * send to CPU 1 if it is still overloaded. CPU 1 will clear the
|
||||
- * rq->rt.push_flags if RT_PUSH_IPI_RESTART is not set.
|
||||
- *
|
||||
- * The first CPU to notice IPI_RESTART is set, will clear that flag and then
|
||||
- * send an IPI to the next overloaded CPU after the rq->cpu and not the next
|
||||
- * CPU after push_cpu. That is, if CPU 1, 4 and 5 are overloaded when CPU 3
|
||||
- * schedules a lower priority task, and the IPI_RESTART gets set while the
|
||||
- * handling is being done on CPU 5, it will clear the flag and send it back to
|
||||
- * CPU 4 instead of CPU 1.
|
||||
- *
|
||||
- * Note, the above logic can be disabled by turning off the sched_feature
|
||||
- * RT_PUSH_IPI. Then the rq lock of the overloaded CPU will simply be
|
||||
- * taken by the CPU requesting a pull and the waiting RT task will be pulled
|
||||
- * by that CPU. This may be fine for machines with few CPUs.
|
||||
- */
|
||||
-static void tell_cpu_to_push(struct rq *rq)
|
||||
+static inline void rto_start_unlock(atomic_t *v)
|
||||
{
|
||||
- int cpu;
|
||||
+ atomic_set_release(v, 0);
|
||||
+}
|
||||
|
||||
- if (rq->rt.push_flags & RT_PUSH_IPI_EXECUTING) {
|
||||
- raw_spin_lock(&rq->rt.push_lock);
|
||||
- /* Make sure it's still executing */
|
||||
- if (rq->rt.push_flags & RT_PUSH_IPI_EXECUTING) {
|
||||
- /*
|
||||
- * Tell the IPI to restart the loop as things have
|
||||
- * changed since it started.
|
||||
- */
|
||||
- rq->rt.push_flags |= RT_PUSH_IPI_RESTART;
|
||||
- raw_spin_unlock(&rq->rt.push_lock);
|
||||
- return;
|
||||
- }
|
||||
- raw_spin_unlock(&rq->rt.push_lock);
|
||||
- }
|
||||
+static void tell_cpu_to_push(struct rq *rq)
|
||||
+{
|
||||
+ int cpu = -1;
|
||||
|
||||
- /* When here, there's no IPI going around */
|
||||
+ /* Keep the loop going if the IPI is currently active */
|
||||
+ atomic_inc(&rq->rd->rto_loop_next);
|
||||
|
||||
- rq->rt.push_cpu = rq->cpu;
|
||||
- cpu = find_next_push_cpu(rq);
|
||||
- if (cpu >= nr_cpu_ids)
|
||||
+ /* Only one CPU can initiate a loop at a time */
|
||||
+ if (!rto_start_trylock(&rq->rd->rto_loop_start))
|
||||
return;
|
||||
|
||||
- rq->rt.push_flags = RT_PUSH_IPI_EXECUTING;
|
||||
+ raw_spin_lock(&rq->rd->rto_lock);
|
||||
|
||||
- irq_work_queue_on(&rq->rt.push_work, cpu);
|
||||
+ /*
|
||||
+ * The rto_cpu is updated under the lock, if it has a valid cpu
|
||||
+ * then the IPI is still running and will continue due to the
|
||||
+ * update to loop_next, and nothing needs to be done here.
|
||||
+ * Otherwise it is finishing up and an ipi needs to be sent.
|
||||
+ */
|
||||
+ if (rq->rd->rto_cpu < 0)
|
||||
+ cpu = rto_next_cpu(rq);
|
||||
+
|
||||
+ raw_spin_unlock(&rq->rd->rto_lock);
|
||||
+
|
||||
+ rto_start_unlock(&rq->rd->rto_loop_start);
|
||||
+
|
||||
+ if (cpu >= 0)
|
||||
+ irq_work_queue_on(&rq->rd->rto_push_work, cpu);
|
||||
}
|
||||
|
||||
/* Called from hardirq context */
|
||||
-static void try_to_push_tasks(void *arg)
|
||||
+void rto_push_irq_work_func(struct irq_work *work)
|
||||
{
|
||||
- struct rt_rq *rt_rq = arg;
|
||||
- struct rq *rq, *src_rq;
|
||||
- int this_cpu;
|
||||
+ struct rq *rq;
|
||||
int cpu;
|
||||
|
||||
- this_cpu = rt_rq->push_cpu;
|
||||
+ rq = this_rq();
|
||||
|
||||
- /* Paranoid check */
|
||||
- BUG_ON(this_cpu != smp_processor_id());
|
||||
-
|
||||
- rq = cpu_rq(this_cpu);
|
||||
- src_rq = rq_of_rt_rq(rt_rq);
|
||||
-
|
||||
-again:
|
||||
+ /*
|
||||
+ * We do not need to grab the lock to check for has_pushable_tasks.
|
||||
+ * When it gets updated, a check is made if a push is possible.
|
||||
+ */
|
||||
if (has_pushable_tasks(rq)) {
|
||||
raw_spin_lock(&rq->lock);
|
||||
- push_rt_task(rq);
|
||||
+ push_rt_tasks(rq);
|
||||
raw_spin_unlock(&rq->lock);
|
||||
}
|
||||
|
||||
- /* Pass the IPI to the next rt overloaded queue */
|
||||
- raw_spin_lock(&rt_rq->push_lock);
|
||||
- /*
|
||||
- * If the source queue changed since the IPI went out,
|
||||
- * we need to restart the search from that CPU again.
|
||||
- */
|
||||
- if (rt_rq->push_flags & RT_PUSH_IPI_RESTART) {
|
||||
- rt_rq->push_flags &= ~RT_PUSH_IPI_RESTART;
|
||||
- rt_rq->push_cpu = src_rq->cpu;
|
||||
- }
|
||||
+ raw_spin_lock(&rq->rd->rto_lock);
|
||||
|
||||
- cpu = find_next_push_cpu(src_rq);
|
||||
+ /* Pass the IPI to the next rt overloaded queue */
|
||||
+ cpu = rto_next_cpu(rq);
|
||||
|
||||
- if (cpu >= nr_cpu_ids)
|
||||
- rt_rq->push_flags &= ~RT_PUSH_IPI_EXECUTING;
|
||||
- raw_spin_unlock(&rt_rq->push_lock);
|
||||
+ raw_spin_unlock(&rq->rd->rto_lock);
|
||||
|
||||
- if (cpu >= nr_cpu_ids)
|
||||
+ if (cpu < 0)
|
||||
return;
|
||||
|
||||
- /*
|
||||
- * It is possible that a restart caused this CPU to be
|
||||
- * chosen again. Don't bother with an IPI, just see if we
|
||||
- * have more to push.
|
||||
- */
|
||||
- if (unlikely(cpu == rq->cpu))
|
||||
- goto again;
|
||||
-
|
||||
/* Try the next RT overloaded CPU */
|
||||
- irq_work_queue_on(&rt_rq->push_work, cpu);
|
||||
-}
|
||||
-
|
||||
-static void push_irq_work_func(struct irq_work *work)
|
||||
-{
|
||||
- struct rt_rq *rt_rq = container_of(work, struct rt_rq, push_work);
|
||||
-
|
||||
- try_to_push_tasks(rt_rq);
|
||||
+ irq_work_queue_on(&rq->rd->rto_push_work, cpu);
|
||||
}
|
||||
#endif /* HAVE_RT_PUSH_IPI */
|
||||
|
||||
--- a/kernel/sched/sched.h
|
||||
+++ b/kernel/sched/sched.h
|
||||
@@ -502,7 +502,7 @@ static inline int rt_bandwidth_enabled(v
|
||||
}
|
||||
|
||||
/* RT IPI pull logic requires IRQ_WORK */
|
||||
-#ifdef CONFIG_IRQ_WORK
|
||||
+#if defined(CONFIG_IRQ_WORK) && defined(CONFIG_SMP)
|
||||
# define HAVE_RT_PUSH_IPI
|
||||
#endif
|
||||
|
||||
@@ -524,12 +524,6 @@ struct rt_rq {
|
||||
unsigned long rt_nr_total;
|
||||
int overloaded;
|
||||
struct plist_head pushable_tasks;
|
||||
-#ifdef HAVE_RT_PUSH_IPI
|
||||
- int push_flags;
|
||||
- int push_cpu;
|
||||
- struct irq_work push_work;
|
||||
- raw_spinlock_t push_lock;
|
||||
-#endif
|
||||
#endif /* CONFIG_SMP */
|
||||
int rt_queued;
|
||||
|
||||
@@ -638,6 +632,19 @@ struct root_domain {
|
||||
struct dl_bw dl_bw;
|
||||
struct cpudl cpudl;
|
||||
|
||||
+#ifdef HAVE_RT_PUSH_IPI
|
||||
+ /*
|
||||
+ * For IPI pull requests, loop across the rto_mask.
|
||||
+ */
|
||||
+ struct irq_work rto_push_work;
|
||||
+ raw_spinlock_t rto_lock;
|
||||
+ /* These are only updated and read within rto_lock */
|
||||
+ int rto_loop;
|
||||
+ int rto_cpu;
|
||||
+ /* These atomics are updated outside of a lock */
|
||||
+ atomic_t rto_loop_next;
|
||||
+ atomic_t rto_loop_start;
|
||||
+#endif
|
||||
/*
|
||||
* The "RT overload" flag: it gets set if a CPU has more than
|
||||
* one runnable RT task.
|
||||
@@ -655,6 +662,9 @@ extern void init_defrootdomain(void);
|
||||
extern int sched_init_domains(const struct cpumask *cpu_map);
|
||||
extern void rq_attach_root(struct rq *rq, struct root_domain *rd);
|
||||
|
||||
+#ifdef HAVE_RT_PUSH_IPI
|
||||
+extern void rto_push_irq_work_func(struct irq_work *work);
|
||||
+#endif
|
||||
#endif /* CONFIG_SMP */
|
||||
|
||||
/*
|
||||
--- a/kernel/sched/topology.c
|
||||
+++ b/kernel/sched/topology.c
|
||||
@@ -269,6 +269,12 @@ static int init_rootdomain(struct root_d
|
||||
if (!zalloc_cpumask_var(&rd->rto_mask, GFP_KERNEL))
|
||||
goto free_dlo_mask;
|
||||
|
||||
+#ifdef HAVE_RT_PUSH_IPI
|
||||
+ rd->rto_cpu = -1;
|
||||
+ raw_spin_lock_init(&rd->rto_lock);
|
||||
+ init_irq_work(&rd->rto_push_work, rto_push_irq_work_func);
|
||||
+#endif
|
||||
+
|
||||
init_dl_bw(&rd->dl_bw);
|
||||
if (cpudl_init(&rd->cpudl) != 0)
|
||||
goto free_rto_mask;
|
|
@ -80,7 +80,6 @@ bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch
|
|||
bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch
|
||||
bugfix/all/i40e-i40evf-organize-and-re-number-feature-flags.patch
|
||||
bugfix/all/i40e-fix-flags-declaration.patch
|
||||
bugfix/all/apparmor-fix-oops-in-audit_signal_cb-hook.patch
|
||||
bugfix/all/xen-time-do-not-decrease-steal-time-after-live-migra.patch
|
||||
|
||||
# Miscellaneous features
|
||||
|
@ -117,10 +116,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
|
|||
|
||||
# Security fixes
|
||||
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
||||
bugfix/all/media-cx231xx-cards-fix-null-deref-on-missing-associ.patch
|
||||
bugfix/all/media-dvb-core-always-call-invoke_release-in-fe_free.patch
|
||||
bugfix/all/dvb_frontend-don-t-use-after-free-the-frontend-struc.patch
|
||||
bugfix/all/mm-thp-Do-not-make-page-table-dirty-unconditionally-.patch
|
||||
|
||||
# Fix exported symbol versions
|
||||
bugfix/all/module-disable-matching-missing-version-crc.patch
|
||||
|
|
|
@ -6,7 +6,6 @@
|
|||
# UPSTREAM changes queued
|
||||
############################################################
|
||||
features/all/rt/rcu-Suppress-lockdep-false-positive-boost_mtx-compla.patch
|
||||
features/all/rt/sched-rt-Simplify-the-IPI-based-RT-balancing-logic.patch
|
||||
|
||||
############################################################
|
||||
# UPSTREAM FIXES, patches pending
|
||||
|
|
Loading…
Reference in New Issue