linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 4.4 00/27] 4.4.104-stable review
@ 2017-12-04 15:59 Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 01/27] netlink: add a start callback for starting a netlink dump Greg Kroah-Hartman
                   ` (23 more replies)
  0 siblings, 24 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuahkh, patches,
	ben.hutchings, lkft-triage, stable

This is the start of the stable review cycle for the 4.4.104 release.
There are 27 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Wed Dec  6 15:59:33 UTC 2017.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
	kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.104-rc1.gz
or in the git tree and branch at:
  git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Linux 4.4.104-rc1

Trond Myklebust <trond.myklebust@primarydata.com>
    nfsd: Fix another OPEN stateid race

Trond Myklebust <trond.myklebust@primarydata.com>
    nfsd: Fix stateid races between OPEN and CLOSE

Oleg Drokin <green@linuxhacker.ru>
    nfsd: Make init_open_stateid() a bit more whole

Ville Syrjälä <ville.syrjala@linux.intel.com>
    drm/i915: Prevent zero length "index" write

Ville Syrjälä <ville.syrjala@linux.intel.com>
    drm/i915: Don't try indexed reads to alternate slave addresses

NeilBrown <neilb@suse.com>
    NFS: revalidate "." etc correctly on "open".

Brent Taylor <motobud@gmail.com>
    mtd: nand: Fix writing mtdoops to nand flash.

Jonathan Liu <net147@gmail.com>
    drm/panel: simple: Add missing panel_simple_unprepare() calls

Roman Kapl <rka@sysgo.com>
    drm/radeon: fix atombios on big endian

Alex Deucher <alexander.deucher@amd.com>
    Revert "drm/radeon: dont switch vt on suspend"

Huacai Chen <chenhc@lemote.com>
    bcache: Fix building error on MIPS

Heiner Kallweit <hkallweit1@gmail.com>
    eeprom: at24: check at24_read/write arguments

Adrian Hunter <adrian.hunter@intel.com>
    mmc: core: Do not leave the block driver in a suspended state

Paolo Bonzini <pbonzini@redhat.com>
    KVM: x86: inject exceptions produced by x86_decode_insn

Liran Alon <liran.alon@oracle.com>
    KVM: x86: Exit to user-mode on #UD intercept when emulator requires

Liran Alon <liran.alon@oracle.com>
    KVM: x86: pvclock: Handle first-time write to pvclock-page contains random junk

Josef Bacik <jbacik@fb.com>
    btrfs: clear space cache inode generation always

chenjie <chenjie6@huawei.com>
    mm/madvise.c: fix madvise() infinite loop under special circumstances

Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
    mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()

Matt Fleming <matt@codeblueprint.co.uk>
    x86/efi-bgrt: Replace early_memremap() with memremap()

Sai Praneeth <sai.praneeth.prakhya@intel.com>
    x86/efi-bgrt: Fix kernel panic when mapping BGRT data

Adam Ford <aford173@gmail.com>
    ARM: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio

Matt Fleming <matt@codeblueprint.co.uk>
    x86/efi: Build our own page table structures

Matt Fleming <matt@codeblueprint.co.uk>
    x86/efi: Hoist page table switching code into efi_call_virt()

Matt Fleming <matt@codeblueprint.co.uk>
    x86/mm/pat: Ensure cpa->pfn only contains page frame numbers

Herbert Xu <herbert@gondor.apana.org.au>
    ipsec: Fix aborted xfrm policy dump crash

Tom Herbert <tom@herbertland.com>
    netlink: add a start callback for starting a netlink dump


-------------

Diffstat:

 Makefile                                          |   4 +-
 arch/arm/boot/dts/logicpd-torpedo-37xx-devkit.dts |   2 +-
 arch/x86/include/asm/efi.h                        |  26 ++++
 arch/x86/kvm/svm.c                                |   2 +
 arch/x86/kvm/vmx.c                                |   2 +
 arch/x86/kvm/x86.c                                |   5 +
 arch/x86/mm/pageattr.c                            |  17 +--
 arch/x86/platform/efi/efi-bgrt.c                  |  39 +++---
 arch/x86/platform/efi/efi.c                       |  39 +++---
 arch/x86/platform/efi/efi_32.c                    |   5 +
 arch/x86/platform/efi/efi_64.c                    | 137 ++++++++++++++++------
 arch/x86/platform/efi/efi_stub_64.S               |  43 -------
 drivers/firmware/efi/efi.c                        |  32 -----
 drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c      |  38 +++---
 drivers/gpu/drm/i915/intel_i2c.c                  |   4 +-
 drivers/gpu/drm/panel/panel-simple.c              |   2 +
 drivers/gpu/drm/radeon/atombios_dp.c              |  38 +++---
 drivers/gpu/drm/radeon/radeon_fb.c                |   1 -
 drivers/md/bcache/alloc.c                         |   2 +-
 drivers/md/bcache/extents.c                       |   2 +-
 drivers/md/bcache/journal.c                       |   2 +-
 drivers/misc/eeprom/at24.c                        |   6 +
 drivers/mmc/core/bus.c                            |   3 +
 drivers/mtd/nand/nand_base.c                      |   9 +-
 fs/btrfs/extent-tree.c                            |  14 +--
 fs/nfs/dir.c                                      |   3 +-
 fs/nfsd/nfs4state.c                               | 114 ++++++++++++------
 include/linux/netlink.h                           |   2 +
 include/net/genetlink.h                           |   2 +
 include/uapi/linux/bcache.h                       |   2 +-
 mm/huge_memory.c                                  |  14 +--
 mm/madvise.c                                      |   4 +-
 net/netlink/af_netlink.c                          |   4 +
 net/netlink/genetlink.c                           |  16 +++
 net/xfrm/xfrm_user.c                              |  25 ++--
 35 files changed, 373 insertions(+), 287 deletions(-)

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 01/27] netlink: add a start callback for starting a netlink dump
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 02/27] ipsec: Fix aborted xfrm policy dump crash Greg Kroah-Hartman
                   ` (22 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Tom Herbert, David S. Miller, Guenter Roeck

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Tom Herbert <tom@herbertland.com>

commit fc9e50f5a5a4e1fa9ba2756f745a13e693cf6a06 upstream.

The start callback allows the caller to set up a context for the
dump callbacks. Presumably, the context can then be destroyed in
the done callback.

Signed-off-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 include/linux/netlink.h  |    2 ++
 include/net/genetlink.h  |    2 ++
 net/netlink/af_netlink.c |    4 ++++
 net/netlink/genetlink.c  |   16 ++++++++++++++++
 4 files changed, 24 insertions(+)

--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -131,6 +131,7 @@ netlink_skb_clone(struct sk_buff *skb, g
 struct netlink_callback {
 	struct sk_buff		*skb;
 	const struct nlmsghdr	*nlh;
+	int			(*start)(struct netlink_callback *);
 	int			(*dump)(struct sk_buff * skb,
 					struct netlink_callback *cb);
 	int			(*done)(struct netlink_callback *cb);
@@ -153,6 +154,7 @@ struct nlmsghdr *
 __nlmsg_put(struct sk_buff *skb, u32 portid, u32 seq, int type, int len, int flags);
 
 struct netlink_dump_control {
+	int (*start)(struct netlink_callback *);
 	int (*dump)(struct sk_buff *skb, struct netlink_callback *);
 	int (*done)(struct netlink_callback *);
 	void *data;
--- a/include/net/genetlink.h
+++ b/include/net/genetlink.h
@@ -114,6 +114,7 @@ static inline void genl_info_net_set(str
  * @flags: flags
  * @policy: attribute validation policy
  * @doit: standard command callback
+ * @start: start callback for dumps
  * @dumpit: callback for dumpers
  * @done: completion callback for dumps
  * @ops_list: operations list
@@ -122,6 +123,7 @@ struct genl_ops {
 	const struct nla_policy	*policy;
 	int		       (*doit)(struct sk_buff *skb,
 				       struct genl_info *info);
+	int		       (*start)(struct netlink_callback *cb);
 	int		       (*dumpit)(struct sk_buff *skb,
 					 struct netlink_callback *cb);
 	int		       (*done)(struct netlink_callback *cb);
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -2203,6 +2203,7 @@ int __netlink_dump_start(struct sock *ss
 
 	cb = &nlk->cb;
 	memset(cb, 0, sizeof(*cb));
+	cb->start = control->start;
 	cb->dump = control->dump;
 	cb->done = control->done;
 	cb->nlh = nlh;
@@ -2216,6 +2217,9 @@ int __netlink_dump_start(struct sock *ss
 
 	mutex_unlock(nlk->cb_mutex);
 
+	if (cb->start)
+		cb->start(cb);
+
 	ret = netlink_dump(sk);
 	sock_put(sk);
 
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -513,6 +513,20 @@ void *genlmsg_put(struct sk_buff *skb, u
 }
 EXPORT_SYMBOL(genlmsg_put);
 
+static int genl_lock_start(struct netlink_callback *cb)
+{
+	/* our ops are always const - netlink API doesn't propagate that */
+	const struct genl_ops *ops = cb->data;
+	int rc = 0;
+
+	if (ops->start) {
+		genl_lock();
+		rc = ops->start(cb);
+		genl_unlock();
+	}
+	return rc;
+}
+
 static int genl_lock_dumpit(struct sk_buff *skb, struct netlink_callback *cb)
 {
 	/* our ops are always const - netlink API doesn't propagate that */
@@ -577,6 +591,7 @@ static int genl_family_rcv_msg(struct ge
 				.module = family->module,
 				/* we have const, but the netlink API doesn't */
 				.data = (void *)ops,
+				.start = genl_lock_start,
 				.dump = genl_lock_dumpit,
 				.done = genl_lock_done,
 			};
@@ -588,6 +603,7 @@ static int genl_family_rcv_msg(struct ge
 		} else {
 			struct netlink_dump_control c = {
 				.module = family->module,
+				.start = ops->start,
 				.dump = ops->dumpit,
 				.done = ops->done,
 			};

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 02/27] ipsec: Fix aborted xfrm policy dump crash
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 01/27] netlink: add a start callback for starting a netlink dump Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 03/27] x86/mm/pat: Ensure cpa->pfn only contains page frame numbers Greg Kroah-Hartman
                   ` (21 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Herbert Xu, Steffen Klassert, Guenter Roeck

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Herbert Xu <herbert@gondor.apana.org.au>

commit 1137b5e2529a8f5ca8ee709288ecba3e68044df2 upstream.

An independent security researcher, Mohamed Ghannam, has reported
this vulnerability to Beyond Security's SecuriTeam Secure Disclosure
program.

The xfrm_dump_policy_done function expects xfrm_dump_policy to
have been called at least once or it will crash.  This can be
triggered if a dump fails because the target socket's receive
buffer is full.

This patch fixes it by using the cb->start mechanism to ensure that
the initialisation is always done regardless of the buffer situation.

Fixes: 12a169e7d8f4 ("ipsec: Put dumpers on the dump list")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/xfrm/xfrm_user.c |   25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1652,32 +1652,34 @@ static int dump_one_policy(struct xfrm_p
 
 static int xfrm_dump_policy_done(struct netlink_callback *cb)
 {
-	struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1];
+	struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args;
 	struct net *net = sock_net(cb->skb->sk);
 
 	xfrm_policy_walk_done(walk, net);
 	return 0;
 }
 
+static int xfrm_dump_policy_start(struct netlink_callback *cb)
+{
+	struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args;
+
+	BUILD_BUG_ON(sizeof(*walk) > sizeof(cb->args));
+
+	xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY);
+	return 0;
+}
+
 static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb)
 {
 	struct net *net = sock_net(skb->sk);
-	struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1];
+	struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args;
 	struct xfrm_dump_info info;
 
-	BUILD_BUG_ON(sizeof(struct xfrm_policy_walk) >
-		     sizeof(cb->args) - sizeof(cb->args[0]));
-
 	info.in_skb = cb->skb;
 	info.out_skb = skb;
 	info.nlmsg_seq = cb->nlh->nlmsg_seq;
 	info.nlmsg_flags = NLM_F_MULTI;
 
-	if (!cb->args[0]) {
-		cb->args[0] = 1;
-		xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY);
-	}
-
 	(void) xfrm_policy_walk(net, walk, dump_one_policy, &info);
 
 	return skb->len;
@@ -2415,6 +2417,7 @@ static const struct nla_policy xfrma_spd
 
 static const struct xfrm_link {
 	int (*doit)(struct sk_buff *, struct nlmsghdr *, struct nlattr **);
+	int (*start)(struct netlink_callback *);
 	int (*dump)(struct sk_buff *, struct netlink_callback *);
 	int (*done)(struct netlink_callback *);
 	const struct nla_policy *nla_pol;
@@ -2428,6 +2431,7 @@ static const struct xfrm_link {
 	[XFRM_MSG_NEWPOLICY   - XFRM_MSG_BASE] = { .doit = xfrm_add_policy    },
 	[XFRM_MSG_DELPOLICY   - XFRM_MSG_BASE] = { .doit = xfrm_get_policy    },
 	[XFRM_MSG_GETPOLICY   - XFRM_MSG_BASE] = { .doit = xfrm_get_policy,
+						   .start = xfrm_dump_policy_start,
 						   .dump = xfrm_dump_policy,
 						   .done = xfrm_dump_policy_done },
 	[XFRM_MSG_ALLOCSPI    - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi },
@@ -2479,6 +2483,7 @@ static int xfrm_user_rcv_msg(struct sk_b
 
 		{
 			struct netlink_dump_control c = {
+				.start = link->start,
 				.dump = link->dump,
 				.done = link->done,
 			};

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 03/27] x86/mm/pat: Ensure cpa->pfn only contains page frame numbers
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 01/27] netlink: add a start callback for starting a netlink dump Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 02/27] ipsec: Fix aborted xfrm policy dump crash Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 04/27] x86/efi: Hoist page table switching code into efi_call_virt() Greg Kroah-Hartman
                   ` (20 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Matt Fleming, Borislav Petkov,
	Andy Lutomirski, Ard Biesheuvel, Borislav Petkov, Brian Gerst,
	Dave Hansen, Denys Vlasenko, H. Peter Anvin, Linus Torvalds,
	Peter Zijlstra, Sai Praneeth Prakhya, Thomas Gleixner,
	Toshi Kani, linux-efi, Ingo Molnar, Ghannam, Yazen

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Matt Fleming <matt@codeblueprint.co.uk>

commit edc3b9129cecd0f0857112136f5b8b1bc1d45918 upstream.

The x86 pageattr code is confused about the data that is stored
in cpa->pfn, sometimes it's treated as a page frame number,
sometimes it's treated as an unshifted physical address, and in
one place it's treated as a pte.

The result of this is that the mapping functions do not map the
intended physical address.

This isn't a problem in practice because most of the addresses
we're mapping in the EFI code paths are already mapped in
'trampoline_pgd' and so the pageattr mapping functions don't
actually do anything in this case. But when we move to using a
separate page table for the EFI runtime this will be an issue.

Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Reviewed-by: Borislav Petkov <bp@suse.de>
Acked-by: Borislav Petkov <bp@suse.de>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Toshi Kani <toshi.kani@hp.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1448658575-17029-3-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: "Ghannam, Yazen" <Yazen.Ghannam@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/mm/pageattr.c         |   17 ++++++-----------
 arch/x86/platform/efi/efi_64.c |   16 ++++++++++------
 2 files changed, 16 insertions(+), 17 deletions(-)

--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -911,15 +911,10 @@ static void populate_pte(struct cpa_data
 	pte = pte_offset_kernel(pmd, start);
 
 	while (num_pages-- && start < end) {
-
-		/* deal with the NX bit */
-		if (!(pgprot_val(pgprot) & _PAGE_NX))
-			cpa->pfn &= ~_PAGE_NX;
-
-		set_pte(pte, pfn_pte(cpa->pfn >> PAGE_SHIFT, pgprot));
+		set_pte(pte, pfn_pte(cpa->pfn, pgprot));
 
 		start	 += PAGE_SIZE;
-		cpa->pfn += PAGE_SIZE;
+		cpa->pfn++;
 		pte++;
 	}
 }
@@ -975,11 +970,11 @@ static int populate_pmd(struct cpa_data
 
 		pmd = pmd_offset(pud, start);
 
-		set_pmd(pmd, __pmd(cpa->pfn | _PAGE_PSE |
+		set_pmd(pmd, __pmd(cpa->pfn << PAGE_SHIFT | _PAGE_PSE |
 				   massage_pgprot(pmd_pgprot)));
 
 		start	  += PMD_SIZE;
-		cpa->pfn  += PMD_SIZE;
+		cpa->pfn  += PMD_SIZE >> PAGE_SHIFT;
 		cur_pages += PMD_SIZE >> PAGE_SHIFT;
 	}
 
@@ -1048,11 +1043,11 @@ static int populate_pud(struct cpa_data
 	 * Map everything starting from the Gb boundary, possibly with 1G pages
 	 */
 	while (end - start >= PUD_SIZE) {
-		set_pud(pud, __pud(cpa->pfn | _PAGE_PSE |
+		set_pud(pud, __pud(cpa->pfn << PAGE_SHIFT | _PAGE_PSE |
 				   massage_pgprot(pud_pgprot)));
 
 		start	  += PUD_SIZE;
-		cpa->pfn  += PUD_SIZE;
+		cpa->pfn  += PUD_SIZE >> PAGE_SHIFT;
 		cur_pages += PUD_SIZE >> PAGE_SHIFT;
 		pud++;
 	}
--- a/arch/x86/platform/efi/efi_64.c
+++ b/arch/x86/platform/efi/efi_64.c
@@ -143,7 +143,7 @@ void efi_sync_low_kernel_mappings(void)
 
 int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
 {
-	unsigned long text;
+	unsigned long pfn, text;
 	struct page *page;
 	unsigned npages;
 	pgd_t *pgd;
@@ -160,7 +160,8 @@ int __init efi_setup_page_tables(unsigne
 	 * and ident-map those pages containing the map before calling
 	 * phys_efi_set_virtual_address_map().
 	 */
-	if (kernel_map_pages_in_pgd(pgd, pa_memmap, pa_memmap, num_pages, _PAGE_NX)) {
+	pfn = pa_memmap >> PAGE_SHIFT;
+	if (kernel_map_pages_in_pgd(pgd, pfn, pa_memmap, num_pages, _PAGE_NX)) {
 		pr_err("Error ident-mapping new memmap (0x%lx)!\n", pa_memmap);
 		return 1;
 	}
@@ -185,8 +186,9 @@ int __init efi_setup_page_tables(unsigne
 
 	npages = (_end - _text) >> PAGE_SHIFT;
 	text = __pa(_text);
+	pfn = text >> PAGE_SHIFT;
 
-	if (kernel_map_pages_in_pgd(pgd, text >> PAGE_SHIFT, text, npages, 0)) {
+	if (kernel_map_pages_in_pgd(pgd, pfn, text, npages, 0)) {
 		pr_err("Failed to map kernel text 1:1\n");
 		return 1;
 	}
@@ -204,12 +206,14 @@ void __init efi_cleanup_page_tables(unsi
 static void __init __map_region(efi_memory_desc_t *md, u64 va)
 {
 	pgd_t *pgd = (pgd_t *)__va(real_mode_header->trampoline_pgd);
-	unsigned long pf = 0;
+	unsigned long flags = 0;
+	unsigned long pfn;
 
 	if (!(md->attribute & EFI_MEMORY_WB))
-		pf |= _PAGE_PCD;
+		flags |= _PAGE_PCD;
 
-	if (kernel_map_pages_in_pgd(pgd, md->phys_addr, va, md->num_pages, pf))
+	pfn = md->phys_addr >> PAGE_SHIFT;
+	if (kernel_map_pages_in_pgd(pgd, pfn, va, md->num_pages, flags))
 		pr_warn("Error mapping PA 0x%llx -> VA 0x%llx!\n",
 			   md->phys_addr, va);
 }

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 04/27] x86/efi: Hoist page table switching code into efi_call_virt()
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (2 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 4.4 03/27] x86/mm/pat: Ensure cpa->pfn only contains page frame numbers Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 05/27] x86/efi: Build our own page table structures Greg Kroah-Hartman
                   ` (19 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Matt Fleming, Borislav Petkov,
	Andrew Morton, Andy Lutomirski, Andy Lutomirski, Ard Biesheuvel,
	Borislav Petkov, Brian Gerst, Dave Jones, Denys Vlasenko,
	H. Peter Anvin, Linus Torvalds, Peter Zijlstra,
	Sai Praneeth Prakhya, Stephen Smalley, Thomas Gleixner,
	Toshi Kani, linux-efi, Ingo Molnar, Ghannam, Yazen

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Matt Fleming <matt@codeblueprint.co.uk>

commit c9f2a9a65e4855b74d92cdad688f6ee4a1a323ff upstream.

This change is a prerequisite for pending patches that switch to
a dedicated EFI page table, instead of using 'trampoline_pgd'
which shares PGD entries with 'swapper_pg_dir'. The pending
patches make it impossible to dereference the runtime service
function pointer without first switching %cr3.

It's true that we now have duplicated switching code in
efi_call_virt() and efi_call_phys_{prolog,epilog}() but we are
sacrificing code duplication for a little more clarity and the
ease of writing the page table switching code in C instead of
asm.

Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Reviewed-by: Borislav Petkov <bp@suse.de>
Acked-by: Borislav Petkov <bp@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Jones <davej@codemonkey.org.uk>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Toshi Kani <toshi.kani@hp.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1448658575-17029-5-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: "Ghannam, Yazen" <Yazen.Ghannam@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/include/asm/efi.h          |   25 ++++++++++++++++++++
 arch/x86/platform/efi/efi_64.c      |   24 +++++++++-----------
 arch/x86/platform/efi/efi_stub_64.S |   43 ------------------------------------
 3 files changed, 36 insertions(+), 56 deletions(-)

--- a/arch/x86/include/asm/efi.h
+++ b/arch/x86/include/asm/efi.h
@@ -3,6 +3,7 @@
 
 #include <asm/fpu/api.h>
 #include <asm/pgtable.h>
+#include <asm/tlb.h>
 
 /*
  * We map the EFI regions needed for runtime services non-contiguously,
@@ -64,6 +65,17 @@ extern u64 asmlinkage efi_call(void *fp,
 
 #define efi_call_phys(f, args...)		efi_call((f), args)
 
+/*
+ * Scratch space used for switching the pagetable in the EFI stub
+ */
+struct efi_scratch {
+	u64	r15;
+	u64	prev_cr3;
+	pgd_t	*efi_pgt;
+	bool	use_pgd;
+	u64	phys_stack;
+} __packed;
+
 #define efi_call_virt(f, ...)						\
 ({									\
 	efi_status_t __s;						\
@@ -71,7 +83,20 @@ extern u64 asmlinkage efi_call(void *fp,
 	efi_sync_low_kernel_mappings();					\
 	preempt_disable();						\
 	__kernel_fpu_begin();						\
+									\
+	if (efi_scratch.use_pgd) {					\
+		efi_scratch.prev_cr3 = read_cr3();			\
+		write_cr3((unsigned long)efi_scratch.efi_pgt);		\
+		__flush_tlb_all();					\
+	}								\
+									\
 	__s = efi_call((void *)efi.systab->runtime->f, __VA_ARGS__);	\
+									\
+	if (efi_scratch.use_pgd) {					\
+		write_cr3(efi_scratch.prev_cr3);			\
+		__flush_tlb_all();					\
+	}								\
+									\
 	__kernel_fpu_end();						\
 	preempt_enable();						\
 	__s;								\
--- a/arch/x86/platform/efi/efi_64.c
+++ b/arch/x86/platform/efi/efi_64.c
@@ -47,16 +47,7 @@
  */
 static u64 efi_va = EFI_VA_START;
 
-/*
- * Scratch space used for switching the pagetable in the EFI stub
- */
-struct efi_scratch {
-	u64 r15;
-	u64 prev_cr3;
-	pgd_t *efi_pgt;
-	bool use_pgd;
-	u64 phys_stack;
-} __packed;
+struct efi_scratch efi_scratch;
 
 static void __init early_code_mapping_set_exec(int executable)
 {
@@ -83,8 +74,11 @@ pgd_t * __init efi_call_phys_prolog(void
 	int pgd;
 	int n_pgds;
 
-	if (!efi_enabled(EFI_OLD_MEMMAP))
-		return NULL;
+	if (!efi_enabled(EFI_OLD_MEMMAP)) {
+		save_pgd = (pgd_t *)read_cr3();
+		write_cr3((unsigned long)efi_scratch.efi_pgt);
+		goto out;
+	}
 
 	early_code_mapping_set_exec(1);
 
@@ -96,6 +90,7 @@ pgd_t * __init efi_call_phys_prolog(void
 		vaddress = (unsigned long)__va(pgd * PGDIR_SIZE);
 		set_pgd(pgd_offset_k(pgd * PGDIR_SIZE), *pgd_offset_k(vaddress));
 	}
+out:
 	__flush_tlb_all();
 
 	return save_pgd;
@@ -109,8 +104,11 @@ void __init efi_call_phys_epilog(pgd_t *
 	int pgd_idx;
 	int nr_pgds;
 
-	if (!save_pgd)
+	if (!efi_enabled(EFI_OLD_MEMMAP)) {
+		write_cr3((unsigned long)save_pgd);
+		__flush_tlb_all();
 		return;
+	}
 
 	nr_pgds = DIV_ROUND_UP((max_pfn << PAGE_SHIFT) , PGDIR_SIZE);
 
--- a/arch/x86/platform/efi/efi_stub_64.S
+++ b/arch/x86/platform/efi/efi_stub_64.S
@@ -38,41 +38,6 @@
 	mov %rsi, %cr0;			\
 	mov (%rsp), %rsp
 
-	/* stolen from gcc */
-	.macro FLUSH_TLB_ALL
-	movq %r15, efi_scratch(%rip)
-	movq %r14, efi_scratch+8(%rip)
-	movq %cr4, %r15
-	movq %r15, %r14
-	andb $0x7f, %r14b
-	movq %r14, %cr4
-	movq %r15, %cr4
-	movq efi_scratch+8(%rip), %r14
-	movq efi_scratch(%rip), %r15
-	.endm
-
-	.macro SWITCH_PGT
-	cmpb $0, efi_scratch+24(%rip)
-	je 1f
-	movq %r15, efi_scratch(%rip)		# r15
-	# save previous CR3
-	movq %cr3, %r15
-	movq %r15, efi_scratch+8(%rip)		# prev_cr3
-	movq efi_scratch+16(%rip), %r15		# EFI pgt
-	movq %r15, %cr3
-	1:
-	.endm
-
-	.macro RESTORE_PGT
-	cmpb $0, efi_scratch+24(%rip)
-	je 2f
-	movq efi_scratch+8(%rip), %r15
-	movq %r15, %cr3
-	movq efi_scratch(%rip), %r15
-	FLUSH_TLB_ALL
-	2:
-	.endm
-
 ENTRY(efi_call)
 	SAVE_XMM
 	mov (%rsp), %rax
@@ -83,16 +48,8 @@ ENTRY(efi_call)
 	mov %r8, %r9
 	mov %rcx, %r8
 	mov %rsi, %rcx
-	SWITCH_PGT
 	call *%rdi
-	RESTORE_PGT
 	addq $48, %rsp
 	RESTORE_XMM
 	ret
 ENDPROC(efi_call)
-
-	.data
-ENTRY(efi_scratch)
-	.fill 3,8,0
-	.byte 0
-	.quad 0

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 05/27] x86/efi: Build our own page table structures
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (3 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 4.4 04/27] x86/efi: Hoist page table switching code into efi_call_virt() Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-07 22:43   ` Ben Hutchings
  2017-12-04 15:59 ` [PATCH 4.4 06/27] ARM: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio Greg Kroah-Hartman
                   ` (18 subsequent siblings)
  23 siblings, 1 reply; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Matt Fleming, Borislav Petkov,
	Andrew Morton, Andy Lutomirski, Andy Lutomirski, Ard Biesheuvel,
	Borislav Petkov, Brian Gerst, Dave Jones, Denys Vlasenko,
	H. Peter Anvin, Linus Torvalds, Peter Zijlstra,
	Sai Praneeth Prakhya, Stephen Smalley, Thomas Gleixner,
	Toshi Kani, linux-efi, Ingo Molnar, Ghannam, Yazen

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Matt Fleming <matt@codeblueprint.co.uk>

commit 67a9108ed4313b85a9c53406d80dc1ae3f8c3e36 upstream.

With commit e1a58320a38d ("x86/mm: Warn on W^X mappings") all
users booting on 64-bit UEFI machines see the following warning,

  ------------[ cut here ]------------
  WARNING: CPU: 7 PID: 1 at arch/x86/mm/dump_pagetables.c:225 note_page+0x5dc/0x780()
  x86/mm: Found insecure W+X mapping at address ffff88000005f000/0xffff88000005f000
  ...
  x86/mm: Checked W+X mappings: FAILED, 165660 W+X pages found.
  ...

This is caused by mapping EFI regions with RWX permissions.
There isn't much we can do to restrict the permissions for these
regions due to the way the firmware toolchains mix code and
data, but we can at least isolate these mappings so that they do
not appear in the regular kernel page tables.

In commit d2f7cbe7b26a ("x86/efi: Runtime services virtual
mapping") we started using 'trampoline_pgd' to map the EFI
regions because there was an existing identity mapping there
which we use during the SetVirtualAddressMap() call and for
broken firmware that accesses those addresses.

But 'trampoline_pgd' shares some PGD entries with
'swapper_pg_dir' and does not provide the isolation we require.
Notably the virtual address for __START_KERNEL_map and
MODULES_START are mapped by the same PGD entry so we need to be
more careful when copying changes over in
efi_sync_low_kernel_mappings().

This patch doesn't go the full mile, we still want to share some
PGD entries with 'swapper_pg_dir'. Having completely separate
page tables brings its own issues such as synchronising new
mappings after memory hotplug and module loading. Sharing also
keeps memory usage down.

Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Reviewed-by: Borislav Petkov <bp@suse.de>
Acked-by: Borislav Petkov <bp@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Jones <davej@codemonkey.org.uk>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Toshi Kani <toshi.kani@hp.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/1448658575-17029-6-git-send-email-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: "Ghannam, Yazen" <Yazen.Ghannam@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/include/asm/efi.h     |    1 
 arch/x86/platform/efi/efi.c    |   39 +++++-----------
 arch/x86/platform/efi/efi_32.c |    5 ++
 arch/x86/platform/efi/efi_64.c |   97 ++++++++++++++++++++++++++++++++++-------
 4 files changed, 102 insertions(+), 40 deletions(-)

--- a/arch/x86/include/asm/efi.h
+++ b/arch/x86/include/asm/efi.h
@@ -136,6 +136,7 @@ extern void __init efi_memory_uc(u64 add
 extern void __init efi_map_region(efi_memory_desc_t *md);
 extern void __init efi_map_region_fixed(efi_memory_desc_t *md);
 extern void efi_sync_low_kernel_mappings(void);
+extern int __init efi_alloc_page_tables(void);
 extern int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages);
 extern void __init efi_cleanup_page_tables(unsigned long pa_memmap, unsigned num_pages);
 extern void __init old_map_region(efi_memory_desc_t *md);
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -869,7 +869,7 @@ static void __init kexec_enter_virtual_m
  * This function will switch the EFI runtime services to virtual mode.
  * Essentially, we look through the EFI memmap and map every region that
  * has the runtime attribute bit set in its memory descriptor into the
- * ->trampoline_pgd page table using a top-down VA allocation scheme.
+ * efi_pgd page table.
  *
  * The old method which used to update that memory descriptor with the
  * virtual address obtained from ioremap() is still supported when the
@@ -879,8 +879,8 @@ static void __init kexec_enter_virtual_m
  *
  * The new method does a pagetable switch in a preemption-safe manner
  * so that we're in a different address space when calling a runtime
- * function. For function arguments passing we do copy the PGDs of the
- * kernel page table into ->trampoline_pgd prior to each call.
+ * function. For function arguments passing we do copy the PUDs of the
+ * kernel page table into efi_pgd prior to each call.
  *
  * Specially for kexec boot, efi runtime maps in previous kernel should
  * be passed in via setup_data. In that case runtime ranges will be mapped
@@ -895,6 +895,12 @@ static void __init __efi_enter_virtual_m
 
 	efi.systab = NULL;
 
+	if (efi_alloc_page_tables()) {
+		pr_err("Failed to allocate EFI page tables\n");
+		clear_bit(EFI_RUNTIME_SERVICES, &efi.flags);
+		return;
+	}
+
 	efi_merge_regions();
 	new_memmap = efi_map_regions(&count, &pg_shift);
 	if (!new_memmap) {
@@ -954,28 +960,11 @@ static void __init __efi_enter_virtual_m
 	efi_runtime_mkexec();
 
 	/*
-	 * We mapped the descriptor array into the EFI pagetable above but we're
-	 * not unmapping it here. Here's why:
-	 *
-	 * We're copying select PGDs from the kernel page table to the EFI page
-	 * table and when we do so and make changes to those PGDs like unmapping
-	 * stuff from them, those changes appear in the kernel page table and we
-	 * go boom.
-	 *
-	 * From setup_real_mode():
-	 *
-	 * ...
-	 * trampoline_pgd[0] = init_level4_pgt[pgd_index(__PAGE_OFFSET)].pgd;
-	 *
-	 * In this particular case, our allocation is in PGD 0 of the EFI page
-	 * table but we've copied that PGD from PGD[272] of the EFI page table:
-	 *
-	 *	pgd_index(__PAGE_OFFSET = 0xffff880000000000) = 272
-	 *
-	 * where the direct memory mapping in kernel space is.
-	 *
-	 * new_memmap's VA comes from that direct mapping and thus clearing it,
-	 * it would get cleared in the kernel page table too.
+	 * We mapped the descriptor array into the EFI pagetable above
+	 * but we're not unmapping it here because if we're running in
+	 * EFI mixed mode we need all of memory to be accessible when
+	 * we pass parameters to the EFI runtime services in the
+	 * thunking code.
 	 *
 	 * efi_cleanup_page_tables(__pa(new_memmap), 1 << pg_shift);
 	 */
--- a/arch/x86/platform/efi/efi_32.c
+++ b/arch/x86/platform/efi/efi_32.c
@@ -38,6 +38,11 @@
  * say 0 - 3G.
  */
 
+int __init efi_alloc_page_tables(void)
+{
+	return 0;
+}
+
 void efi_sync_low_kernel_mappings(void) {}
 void __init efi_dump_pagetable(void) {}
 int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
--- a/arch/x86/platform/efi/efi_64.c
+++ b/arch/x86/platform/efi/efi_64.c
@@ -40,6 +40,7 @@
 #include <asm/fixmap.h>
 #include <asm/realmode.h>
 #include <asm/time.h>
+#include <asm/pgalloc.h>
 
 /*
  * We allocate runtime services regions bottom-up, starting from -4G, i.e.
@@ -121,22 +122,92 @@ void __init efi_call_phys_epilog(pgd_t *
 	early_code_mapping_set_exec(0);
 }
 
+static pgd_t *efi_pgd;
+
+/*
+ * We need our own copy of the higher levels of the page tables
+ * because we want to avoid inserting EFI region mappings (EFI_VA_END
+ * to EFI_VA_START) into the standard kernel page tables. Everything
+ * else can be shared, see efi_sync_low_kernel_mappings().
+ */
+int __init efi_alloc_page_tables(void)
+{
+	pgd_t *pgd;
+	pud_t *pud;
+	gfp_t gfp_mask;
+
+	if (efi_enabled(EFI_OLD_MEMMAP))
+		return 0;
+
+	gfp_mask = GFP_KERNEL | __GFP_NOTRACK | __GFP_REPEAT | __GFP_ZERO;
+	efi_pgd = (pgd_t *)__get_free_page(gfp_mask);
+	if (!efi_pgd)
+		return -ENOMEM;
+
+	pgd = efi_pgd + pgd_index(EFI_VA_END);
+
+	pud = pud_alloc_one(NULL, 0);
+	if (!pud) {
+		free_page((unsigned long)efi_pgd);
+		return -ENOMEM;
+	}
+
+	pgd_populate(NULL, pgd, pud);
+
+	return 0;
+}
+
 /*
  * Add low kernel mappings for passing arguments to EFI functions.
  */
 void efi_sync_low_kernel_mappings(void)
 {
-	unsigned num_pgds;
-	pgd_t *pgd = (pgd_t *)__va(real_mode_header->trampoline_pgd);
+	unsigned num_entries;
+	pgd_t *pgd_k, *pgd_efi;
+	pud_t *pud_k, *pud_efi;
 
 	if (efi_enabled(EFI_OLD_MEMMAP))
 		return;
 
-	num_pgds = pgd_index(MODULES_END - 1) - pgd_index(PAGE_OFFSET);
+	/*
+	 * We can share all PGD entries apart from the one entry that
+	 * covers the EFI runtime mapping space.
+	 *
+	 * Make sure the EFI runtime region mappings are guaranteed to
+	 * only span a single PGD entry and that the entry also maps
+	 * other important kernel regions.
+	 */
+	BUILD_BUG_ON(pgd_index(EFI_VA_END) != pgd_index(MODULES_END));
+	BUILD_BUG_ON((EFI_VA_START & PGDIR_MASK) !=
+			(EFI_VA_END & PGDIR_MASK));
+
+	pgd_efi = efi_pgd + pgd_index(PAGE_OFFSET);
+	pgd_k = pgd_offset_k(PAGE_OFFSET);
+
+	num_entries = pgd_index(EFI_VA_END) - pgd_index(PAGE_OFFSET);
+	memcpy(pgd_efi, pgd_k, sizeof(pgd_t) * num_entries);
+
+	/*
+	 * We share all the PUD entries apart from those that map the
+	 * EFI regions. Copy around them.
+	 */
+	BUILD_BUG_ON((EFI_VA_START & ~PUD_MASK) != 0);
+	BUILD_BUG_ON((EFI_VA_END & ~PUD_MASK) != 0);
+
+	pgd_efi = efi_pgd + pgd_index(EFI_VA_END);
+	pud_efi = pud_offset(pgd_efi, 0);
+
+	pgd_k = pgd_offset_k(EFI_VA_END);
+	pud_k = pud_offset(pgd_k, 0);
+
+	num_entries = pud_index(EFI_VA_END);
+	memcpy(pud_efi, pud_k, sizeof(pud_t) * num_entries);
 
-	memcpy(pgd + pgd_index(PAGE_OFFSET),
-		init_mm.pgd + pgd_index(PAGE_OFFSET),
-		sizeof(pgd_t) * num_pgds);
+	pud_efi = pud_offset(pgd_efi, EFI_VA_START);
+	pud_k = pud_offset(pgd_k, EFI_VA_START);
+
+	num_entries = PTRS_PER_PUD - pud_index(EFI_VA_START);
+	memcpy(pud_efi, pud_k, sizeof(pud_t) * num_entries);
 }
 
 int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
@@ -149,8 +220,8 @@ int __init efi_setup_page_tables(unsigne
 	if (efi_enabled(EFI_OLD_MEMMAP))
 		return 0;
 
-	efi_scratch.efi_pgt = (pgd_t *)(unsigned long)real_mode_header->trampoline_pgd;
-	pgd = __va(efi_scratch.efi_pgt);
+	efi_scratch.efi_pgt = (pgd_t *)__pa(efi_pgd);
+	pgd = efi_pgd;
 
 	/*
 	 * It can happen that the physical address of new_memmap lands in memory
@@ -196,16 +267,14 @@ int __init efi_setup_page_tables(unsigne
 
 void __init efi_cleanup_page_tables(unsigned long pa_memmap, unsigned num_pages)
 {
-	pgd_t *pgd = (pgd_t *)__va(real_mode_header->trampoline_pgd);
-
-	kernel_unmap_pages_in_pgd(pgd, pa_memmap, num_pages);
+	kernel_unmap_pages_in_pgd(efi_pgd, pa_memmap, num_pages);
 }
 
 static void __init __map_region(efi_memory_desc_t *md, u64 va)
 {
-	pgd_t *pgd = (pgd_t *)__va(real_mode_header->trampoline_pgd);
 	unsigned long flags = 0;
 	unsigned long pfn;
+	pgd_t *pgd = efi_pgd;
 
 	if (!(md->attribute & EFI_MEMORY_WB))
 		flags |= _PAGE_PCD;
@@ -314,9 +383,7 @@ void __init efi_runtime_mkexec(void)
 void __init efi_dump_pagetable(void)
 {
 #ifdef CONFIG_EFI_PGT_DUMP
-	pgd_t *pgd = (pgd_t *)__va(real_mode_header->trampoline_pgd);
-
-	ptdump_walk_pgd_level(NULL, pgd);
+	ptdump_walk_pgd_level(NULL, efi_pgd);
 #endif
 }
 

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 06/27] ARM: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (4 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 4.4 05/27] x86/efi: Build our own page table structures Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 07/27] x86/efi-bgrt: Fix kernel panic when mapping BGRT data Greg Kroah-Hartman
                   ` (17 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Adam Ford, Tony Lindgren

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Adam Ford <aford173@gmail.com>

commit b7ace5ed8867ca54503727988adec6b20af54eeb upstream.

Fixes commit 687c27676151 ("ARM: dts: Add minimal support for LogicPD
Torpedo DM3730 devkit")

This patch corrects an issue where the cd-gpios was improperly setup
using IRQ_TYPE_LEVEL_LOW instead of GPIO_ACTIVE_LOW.

Signed-off-by: Adam Ford <aford173@gmail.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/boot/dts/logicpd-torpedo-37xx-devkit.dts |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/arm/boot/dts/logicpd-torpedo-37xx-devkit.dts
+++ b/arch/arm/boot/dts/logicpd-torpedo-37xx-devkit.dts
@@ -88,7 +88,7 @@
 	interrupts-extended = <&intc 83 &omap3_pmx_core 0x11a>;
 	pinctrl-names = "default";
 	pinctrl-0 = <&mmc1_pins &mmc1_cd>;
-	cd-gpios = <&gpio4 31 IRQ_TYPE_LEVEL_LOW>;		/* gpio127 */
+	cd-gpios = <&gpio4 31 GPIO_ACTIVE_LOW>;		/* gpio127 */
 	vmmc-supply = <&vmmc1>;
 	bus-width = <4>;
 	cap-power-off-card;

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 07/27] x86/efi-bgrt: Fix kernel panic when mapping BGRT data
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (5 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 4.4 06/27] ARM: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 09/27] mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() Greg Kroah-Hartman
                   ` (16 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Sai Praneeth Prakhya, Wendy Wang,
	Borislav Petkov, Josh Triplett, Ricardo Neri, Ravi Shankar,
	Matt Fleming, Ghannam, Yazen

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Sai Praneeth <sai.praneeth.prakhya@intel.com>

commit 50a0cb565246f20d59cdb161778531e4b19d35ac upstream.

Starting with this commit 35eb8b81edd4 ("x86/efi: Build our own page
table structures") efi regions have a separate page directory called
"efi_pgd". In order to access any efi region we have to first shift %cr3
to this page table. In the bgrt code we are trying to copy bgrt_header
and image, but these regions fall under "EFI_BOOT_SERVICES_DATA"
and to access these regions we have to shift %cr3 to efi_pgd and not
doing so will cause page fault as shown below.

[    0.251599] Last level dTLB entries: 4KB 64, 2MB 0, 4MB 0, 1GB 4
[    0.259126] Freeing SMP alternatives memory: 32K (ffffffff8230e000 - ffffffff82316000)
[    0.271803] BUG: unable to handle kernel paging request at fffffffefce35002
[    0.279740] IP: [<ffffffff821bca49>] efi_bgrt_init+0x144/0x1fd
[    0.286383] PGD 300f067 PUD 0
[    0.289879] Oops: 0000 [#1] SMP
[    0.293566] Modules linked in:
[    0.297039] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.4.0-rc1-eywa-eywa-built-in-47041+ #2
[    0.306619] Hardware name: Intel Corporation Skylake Client platform/Skylake Y LPDDR3 RVP3, BIOS SKLSE2R1.R00.B104.B01.1511110114 11/11/2015
[    0.320925] task: ffffffff820134c0 ti: ffffffff82000000 task.ti: ffffffff82000000
[    0.329420] RIP: 0010:[<ffffffff821bca49>]  [<ffffffff821bca49>] efi_bgrt_init+0x144/0x1fd
[    0.338821] RSP: 0000:ffffffff82003f18  EFLAGS: 00010246
[    0.344852] RAX: fffffffefce35000 RBX: fffffffefce35000 RCX: fffffffefce2b000
[    0.352952] RDX: 000000008a82b000 RSI: ffffffff8235bb80 RDI: 000000008a835000
[    0.361050] RBP: ffffffff82003f30 R08: 000000008a865000 R09: ffffffffff202850
[    0.369149] R10: ffffffff811ad62f R11: 0000000000000000 R12: 0000000000000000
[    0.377248] R13: ffff88016dbaea40 R14: ffffffff822622c0 R15: ffffffff82003fb0
[    0.385348] FS:  0000000000000000(0000) GS:ffff88016d800000(0000) knlGS:0000000000000000
[    0.394533] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.401054] CR2: fffffffefce35002 CR3: 000000000300c000 CR4: 00000000003406f0
[    0.409153] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    0.417252] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    0.425350] Stack:
[    0.427638]  ffffffffffffffff ffffffff82256900 ffff88016dbaea40 ffffffff82003f40
[    0.436086]  ffffffff821bbce0 ffffffff82003f88 ffffffff8219c0c2 0000000000000000
[    0.444533]  ffffffff8219ba4a ffffffff822622c0 0000000000083000 00000000ffffffff
[    0.452978] Call Trace:
[    0.455763]  [<ffffffff821bbce0>] efi_late_init+0x9/0xb
[    0.461697]  [<ffffffff8219c0c2>] start_kernel+0x463/0x47f
[    0.467928]  [<ffffffff8219ba4a>] ? set_init_arg+0x55/0x55
[    0.474159]  [<ffffffff8219b120>] ? early_idt_handler_array+0x120/0x120
[    0.481669]  [<ffffffff8219b5ee>] x86_64_start_reservations+0x2a/0x2c
[    0.488982]  [<ffffffff8219b72d>] x86_64_start_kernel+0x13d/0x14c
[    0.495897] Code: 00 41 b4 01 48 8b 78 28 e8 09 36 01 00 48 85 c0 48 89 c3 75 13 48 c7 c7 f8 ac d3 81 31 c0 e8 d7 3b fb fe e9 b5 00 00 00 45 84 e4 <44> 8b 6b 02 74 0d be 06 00 00 00 48 89 df e8 ae 34 0$
[    0.518151] RIP  [<ffffffff821bca49>] efi_bgrt_init+0x144/0x1fd
[    0.524888]  RSP <ffffffff82003f18>
[    0.528851] CR2: fffffffefce35002
[    0.532615] ---[ end trace 7b06521e6ebf2aea ]---
[    0.537852] Kernel panic - not syncing: Attempted to kill the idle task!

As said above one way to fix this bug is to shift %cr3 to efi_pgd but we
are not doing that way because it leaks inner details of how we switch
to EFI page tables into a new call site and it also adds duplicate code.
Instead, we remove the call to efi_lookup_mapped_addr() and always
perform early_mem*() instead of early_io*() because we want to remap RAM
regions and not I/O regions. We also delete efi_lookup_mapped_addr()
because we are no longer using it.

Signed-off-by: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Reported-by: Wendy Wang <wendy.wang@intel.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Josh Triplett <josh@joshtriplett.org>
Cc: Ricardo Neri <ricardo.neri@intel.com>
Cc: Ravi Shankar <ravi.v.shankar@intel.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Cc: "Ghannam, Yazen" <Yazen.Ghannam@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/x86/platform/efi/efi-bgrt.c |   39 ++++++++++++++-------------------------
 drivers/firmware/efi/efi.c       |   32 --------------------------------
 2 files changed, 14 insertions(+), 57 deletions(-)

--- a/arch/x86/platform/efi/efi-bgrt.c
+++ b/arch/x86/platform/efi/efi-bgrt.c
@@ -28,8 +28,7 @@ struct bmp_header {
 void __init efi_bgrt_init(void)
 {
 	acpi_status status;
-	void __iomem *image;
-	bool ioremapped = false;
+	void *image;
 	struct bmp_header bmp_header;
 
 	if (acpi_disabled)
@@ -70,20 +69,14 @@ void __init efi_bgrt_init(void)
 		return;
 	}
 
-	image = efi_lookup_mapped_addr(bgrt_tab->image_address);
+	image = early_memremap(bgrt_tab->image_address, sizeof(bmp_header));
 	if (!image) {
-		image = early_ioremap(bgrt_tab->image_address,
-				       sizeof(bmp_header));
-		ioremapped = true;
-		if (!image) {
-			pr_err("Ignoring BGRT: failed to map image header memory\n");
-			return;
-		}
+		pr_err("Ignoring BGRT: failed to map image header memory\n");
+		return;
 	}
 
-	memcpy_fromio(&bmp_header, image, sizeof(bmp_header));
-	if (ioremapped)
-		early_iounmap(image, sizeof(bmp_header));
+	memcpy(&bmp_header, image, sizeof(bmp_header));
+	early_memunmap(image, sizeof(bmp_header));
 	bgrt_image_size = bmp_header.size;
 
 	bgrt_image = kmalloc(bgrt_image_size, GFP_KERNEL | __GFP_NOWARN);
@@ -93,18 +86,14 @@ void __init efi_bgrt_init(void)
 		return;
 	}
 
-	if (ioremapped) {
-		image = early_ioremap(bgrt_tab->image_address,
-				       bmp_header.size);
-		if (!image) {
-			pr_err("Ignoring BGRT: failed to map image memory\n");
-			kfree(bgrt_image);
-			bgrt_image = NULL;
-			return;
-		}
+	image = early_memremap(bgrt_tab->image_address, bmp_header.size);
+	if (!image) {
+		pr_err("Ignoring BGRT: failed to map image memory\n");
+		kfree(bgrt_image);
+		bgrt_image = NULL;
+		return;
 	}
 
-	memcpy_fromio(bgrt_image, image, bgrt_image_size);
-	if (ioremapped)
-		early_iounmap(image, bmp_header.size);
+	memcpy(bgrt_image, image, bgrt_image_size);
+	early_memunmap(image, bmp_header.size);
 }
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -325,38 +325,6 @@ u64 __init efi_mem_desc_end(efi_memory_d
 	return end;
 }
 
-/*
- * We can't ioremap data in EFI boot services RAM, because we've already mapped
- * it as RAM.  So, look it up in the existing EFI memory map instead.  Only
- * callable after efi_enter_virtual_mode and before efi_free_boot_services.
- */
-void __iomem *efi_lookup_mapped_addr(u64 phys_addr)
-{
-	struct efi_memory_map *map;
-	void *p;
-	map = efi.memmap;
-	if (!map)
-		return NULL;
-	if (WARN_ON(!map->map))
-		return NULL;
-	for (p = map->map; p < map->map_end; p += map->desc_size) {
-		efi_memory_desc_t *md = p;
-		u64 size = md->num_pages << EFI_PAGE_SHIFT;
-		u64 end = md->phys_addr + size;
-		if (!(md->attribute & EFI_MEMORY_RUNTIME) &&
-		    md->type != EFI_BOOT_SERVICES_CODE &&
-		    md->type != EFI_BOOT_SERVICES_DATA)
-			continue;
-		if (!md->virt_addr)
-			continue;
-		if (phys_addr >= md->phys_addr && phys_addr < end) {
-			phys_addr += md->virt_addr - md->phys_addr;
-			return (__force void __iomem *)(unsigned long)phys_addr;
-		}
-	}
-	return NULL;
-}
-
 static __initdata efi_config_table_type_t common_tables[] = {
 	{ACPI_20_TABLE_GUID, "ACPI 2.0", &efi.acpi20},
 	{ACPI_TABLE_GUID, "ACPI", &efi.acpi},

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 09/27] mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (6 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 4.4 07/27] x86/efi-bgrt: Fix kernel panic when mapping BGRT data Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 10/27] mm/madvise.c: fix madvise() infinite loop under special circumstances Greg Kroah-Hartman
                   ` (15 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Kirill A. Shutemov, Michal Hocko,
	Hugh Dickins, Linus Torvalds, Ben Hutchings

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>

commit a8f97366452ed491d13cf1e44241bc0b5740b1f0 upstream.

Currently, we unconditionally make page table dirty in touch_pmd().
It may result in false-positive can_follow_write_pmd().

We may avoid the situation, if we would only make the page table entry
dirty if caller asks for write access -- FOLL_WRITE.

The patch also changes touch_pud() in the same way.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[Salvatore Bonaccorso: backport for 3.16:
 - Adjust context
 - Drop specific part for PUD-sized transparent hugepages. Support
   for PUD-sized transparent hugepages was added in v4.11-rc1
]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 mm/huge_memory.c |   14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -1304,17 +1304,11 @@ struct page *follow_trans_huge_pmd(struc
 	VM_BUG_ON_PAGE(!PageHead(page), page);
 	if (flags & FOLL_TOUCH) {
 		pmd_t _pmd;
-		/*
-		 * We should set the dirty bit only for FOLL_WRITE but
-		 * for now the dirty bit in the pmd is meaningless.
-		 * And if the dirty bit will become meaningful and
-		 * we'll only set it with FOLL_WRITE, an atomic
-		 * set_bit will be required on the pmd to set the
-		 * young bit, instead of the current set_pmd_at.
-		 */
-		_pmd = pmd_mkyoung(pmd_mkdirty(*pmd));
+		_pmd = pmd_mkyoung(*pmd);
+		if (flags & FOLL_WRITE)
+			_pmd = pmd_mkdirty(_pmd);
 		if (pmdp_set_access_flags(vma, addr & HPAGE_PMD_MASK,
-					  pmd, _pmd,  1))
+					  pmd, _pmd, flags & FOLL_WRITE))
 			update_mmu_cache_pmd(vma, addr, pmd);
 	}
 	if ((flags & FOLL_MLOCK) && (vma->vm_flags & VM_LOCKED)) {

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 10/27] mm/madvise.c: fix madvise() infinite loop under special circumstances
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (7 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 4.4 09/27] mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 11/27] btrfs: clear space cache inode generation always Greg Kroah-Hartman
                   ` (14 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, chenjie, guoxuenan, Michal Hocko,
	Minchan Kim, zhangyi (F),
	Miao Xie, Mike Rapoport, Shaohua Li, Andrea Arcangeli,
	Mel Gorman, Kirill A. Shutemov, David Rientjes,
	Anshuman Khandual, Rik van Riel, Carsten Otte, Dan Williams,
	Andrew Morton, Linus Torvalds

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: chenjie <chenjie6@huawei.com>

commit 6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91 upstream.

MADVISE_WILLNEED has always been a noop for DAX (formerly XIP) mappings.
Unfortunately madvise_willneed() doesn't communicate this information
properly to the generic madvise syscall implementation.  The calling
convention is quite subtle there.  madvise_vma() is supposed to either
return an error or update &prev otherwise the main loop will never
advance to the next vma and it will keep looping for ever without a way
to get out of the kernel.

It seems this has been broken since introduction.  Nobody has noticed
because nobody seems to be using MADVISE_WILLNEED on these DAX mappings.

[mhocko@suse.com: rewrite changelog]
Link: http://lkml.kernel.org/r/20171127115318.911-1-guoxuenan@huawei.com
Fixes: fe77ba6f4f97 ("[PATCH] xip: madvice/fadvice: execute in place")
Signed-off-by: chenjie <chenjie6@huawei.com>
Signed-off-by: guoxuenan <guoxuenan@huawei.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: zhangyi (F) <yi.zhang@huawei.com>
Cc: Miao Xie <miaoxie@huawei.com>
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Cc: Shaohua Li <shli@fb.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Anshuman Khandual <khandual@linux.vnet.ibm.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Carsten Otte <cotte@de.ibm.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 mm/madvise.c |    4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -223,15 +223,14 @@ static long madvise_willneed(struct vm_a
 {
 	struct file *file = vma->vm_file;
 
+	*prev = vma;
 #ifdef CONFIG_SWAP
 	if (!file) {
-		*prev = vma;
 		force_swapin_readahead(vma, start, end);
 		return 0;
 	}
 
 	if (shmem_mapping(file->f_mapping)) {
-		*prev = vma;
 		force_shm_swapin_readahead(vma, start, end,
 					file->f_mapping);
 		return 0;
@@ -246,7 +245,6 @@ static long madvise_willneed(struct vm_a
 		return 0;
 	}
 
-	*prev = vma;
 	start = ((start - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff;
 	if (end > vma->vm_end)
 		end = vma->vm_end;

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 11/27] btrfs: clear space cache inode generation always
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (8 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 4.4 10/27] mm/madvise.c: fix madvise() infinite loop under special circumstances Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 15/27] mmc: core: Do not leave the block driver in a suspended state Greg Kroah-Hartman
                   ` (13 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Josef Bacik, David Sterba

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Josef Bacik <jbacik@fb.com>

commit 8e138e0d92c6c9d3d481674fb14e3439b495be37 upstream.

We discovered a box that had double allocations, and suspected the space
cache may be to blame.  While auditing the write out path I noticed that
if we've already setup the space cache we will just carry on.  This
means that any error we hit after cache_save_setup before we go to
actually write the cache out we won't reset the inode generation, so
whatever was already written will be considered correct, except it'll be
stale.  Fix this by _always_ resetting the generation on the block group
inode, this way we only ever have valid or invalid cache.

With this patch I was no longer able to reproduce cache corruption with
dm-log-writes and my bpf error injection tool.

Signed-off-by: Josef Bacik <jbacik@fb.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/btrfs/extent-tree.c |   14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -3361,13 +3361,6 @@ again:
 		goto again;
 	}
 
-	/* We've already setup this transaction, go ahead and exit */
-	if (block_group->cache_generation == trans->transid &&
-	    i_size_read(inode)) {
-		dcs = BTRFS_DC_SETUP;
-		goto out_put;
-	}
-
 	/*
 	 * We want to set the generation to 0, that way if anything goes wrong
 	 * from here on out we know not to trust this cache when we load up next
@@ -3391,6 +3384,13 @@ again:
 	}
 	WARN_ON(ret);
 
+	/* We've already setup this transaction, go ahead and exit */
+	if (block_group->cache_generation == trans->transid &&
+	    i_size_read(inode)) {
+		dcs = BTRFS_DC_SETUP;
+		goto out_put;
+	}
+
 	if (i_size_read(inode) > 0) {
 		ret = btrfs_check_trunc_cache_free_space(root,
 					&root->fs_info->global_block_rsv);

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 15/27] mmc: core: Do not leave the block driver in a suspended state
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (9 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 4.4 11/27] btrfs: clear space cache inode generation always Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 16/27] eeprom: at24: check at24_read/write arguments Greg Kroah-Hartman
                   ` (12 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Linus Walleij, Ulf Hansson

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Adrian Hunter <adrian.hunter@intel.com>

commit ebe7dd45cf49e3b49cacbaace17f9f878f21fbea upstream.

The block driver must be resumed if the mmc bus fails to suspend the card.

Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mmc/core/bus.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/mmc/core/bus.c
+++ b/drivers/mmc/core/bus.c
@@ -155,6 +155,9 @@ static int mmc_bus_suspend(struct device
 		return ret;
 
 	ret = host->bus_ops->suspend(host);
+	if (ret)
+		pm_generic_resume(dev);
+
 	return ret;
 }
 

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 16/27] eeprom: at24: check at24_read/write arguments
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (10 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 4.4 15/27] mmc: core: Do not leave the block driver in a suspended state Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 17/27] bcache: Fix building error on MIPS Greg Kroah-Hartman
                   ` (11 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Heiner Kallweit, Bartosz Golaszewski

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Heiner Kallweit <hkallweit1@gmail.com>

commit d9bcd462daf34aebb8de9ad7f76de0198bb5a0f0 upstream.

So far we completely rely on the caller to provide valid arguments.
To be on the safe side perform an own sanity check.

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/misc/eeprom/at24.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/drivers/misc/eeprom/at24.c
+++ b/drivers/misc/eeprom/at24.c
@@ -257,6 +257,9 @@ static ssize_t at24_read(struct at24_dat
 	if (unlikely(!count))
 		return count;
 
+	if (off + count > at24->chip.byte_len)
+		return -EINVAL;
+
 	/*
 	 * Read data from chip, protecting against concurrent updates
 	 * from this host, but not from other I2C masters.
@@ -311,6 +314,9 @@ static ssize_t at24_eeprom_write(struct
 	unsigned long timeout, write_time;
 	unsigned next_page;
 
+	if (offset + count > at24->chip.byte_len)
+		return -EINVAL;
+
 	/* Get corresponding I2C address and adjust offset */
 	client = at24_translate_offset(at24, &offset);
 

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 17/27] bcache: Fix building error on MIPS
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (11 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 4.4 16/27] eeprom: at24: check at24_read/write arguments Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 19/27] drm/radeon: fix atombios on big endian Greg Kroah-Hartman
                   ` (10 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Huacai Chen, Michael Lyle, Jens Axboe

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Huacai Chen <chenhc@lemote.com>

commit cf33c1ee5254c6a430bc1538232b49c3ea13e613 upstream.

This patch try to fix the building error on MIPS. The reason is MIPS
has already defined the PTR macro, which conflicts with the PTR macro
in include/uapi/linux/bcache.h.

[fixed by mlyle: corrected a line-length issue]

Signed-off-by: Huacai Chen <chenhc@lemote.com>
Reviewed-by: Michael Lyle <mlyle@lyle.org>
Signed-off-by: Michael Lyle <mlyle@lyle.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/md/bcache/alloc.c   |    2 +-
 drivers/md/bcache/extents.c |    2 +-
 drivers/md/bcache/journal.c |    2 +-
 include/uapi/linux/bcache.h |    2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

--- a/drivers/md/bcache/alloc.c
+++ b/drivers/md/bcache/alloc.c
@@ -479,7 +479,7 @@ int __bch_bucket_alloc_set(struct cache_
 		if (b == -1)
 			goto err;
 
-		k->ptr[i] = PTR(ca->buckets[b].gen,
+		k->ptr[i] = MAKE_PTR(ca->buckets[b].gen,
 				bucket_to_sector(c, b),
 				ca->sb.nr_this_dev);
 
--- a/drivers/md/bcache/extents.c
+++ b/drivers/md/bcache/extents.c
@@ -584,7 +584,7 @@ static bool bch_extent_merge(struct btre
 		return false;
 
 	for (i = 0; i < KEY_PTRS(l); i++)
-		if (l->ptr[i] + PTR(0, KEY_SIZE(l), 0) != r->ptr[i] ||
+		if (l->ptr[i] + MAKE_PTR(0, KEY_SIZE(l), 0) != r->ptr[i] ||
 		    PTR_BUCKET_NR(b->c, l, i) != PTR_BUCKET_NR(b->c, r, i))
 			return false;
 
--- a/drivers/md/bcache/journal.c
+++ b/drivers/md/bcache/journal.c
@@ -508,7 +508,7 @@ static void journal_reclaim(struct cache
 			continue;
 
 		ja->cur_idx = next;
-		k->ptr[n++] = PTR(0,
+		k->ptr[n++] = MAKE_PTR(0,
 				  bucket_to_sector(c, ca->sb.d[ja->cur_idx]),
 				  ca->sb.nr_this_dev);
 	}
--- a/include/uapi/linux/bcache.h
+++ b/include/uapi/linux/bcache.h
@@ -90,7 +90,7 @@ PTR_FIELD(PTR_GEN,			0,  8)
 
 #define PTR_CHECK_DEV			((1 << PTR_DEV_BITS) - 1)
 
-#define PTR(gen, offset, dev)						\
+#define MAKE_PTR(gen, offset, dev)					\
 	((((__u64) dev) << 51) | ((__u64) offset) << 8 | gen)
 
 /* Bkey utility code */

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 19/27] drm/radeon: fix atombios on big endian
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (12 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 4.4 17/27] bcache: Fix building error on MIPS Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 20/27] drm/panel: simple: Add missing panel_simple_unprepare() calls Greg Kroah-Hartman
                   ` (9 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Roman Kapl, Alex Deucher

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Roman Kapl <rka@sysgo.com>

commit 4f626a4ac8f57ddabf06d03870adab91e463217f upstream.

The function for byteswapping the data send to/from atombios was buggy for
num_bytes not divisible by four. The function must be aware of the fact
that after byte-swapping the u32 units, valid bytes might end up after the
num_bytes boundary.

This patch was tested on kernel 3.12 and allowed us to sucesfully use
DisplayPort on and Radeon SI card. Namely it fixed the link training and
EDID readout.

The function is patched both in radeon and amd drivers, since the functions
and the fixes are identical.

Signed-off-by: Roman Kapl <rka@sysgo.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c |   38 ++++++++++++---------------
 drivers/gpu/drm/radeon/atombios_dp.c         |   38 ++++++++++++---------------
 2 files changed, 36 insertions(+), 40 deletions(-)

--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c
@@ -1575,34 +1575,32 @@ void amdgpu_atombios_scratch_regs_restor
 		WREG32(mmBIOS_SCRATCH_0 + i, adev->bios_scratch[i]);
 }
 
-/* Atom needs data in little endian format
- * so swap as appropriate when copying data to
- * or from atom. Note that atom operates on
- * dw units.
+/* Atom needs data in little endian format so swap as appropriate when copying
+ * data to or from atom. Note that atom operates on dw units.
+ *
+ * Use to_le=true when sending data to atom and provide at least
+ * ALIGN(num_bytes,4) bytes in the dst buffer.
+ *
+ * Use to_le=false when receiving data from atom and provide ALIGN(num_bytes,4)
+ * byes in the src buffer.
  */
 void amdgpu_atombios_copy_swap(u8 *dst, u8 *src, u8 num_bytes, bool to_le)
 {
 #ifdef __BIG_ENDIAN
-	u8 src_tmp[20], dst_tmp[20]; /* used for byteswapping */
-	u32 *dst32, *src32;
+	u32 src_tmp[5], dst_tmp[5];
 	int i;
+	u8 align_num_bytes = ALIGN(num_bytes, 4);
 
-	memcpy(src_tmp, src, num_bytes);
-	src32 = (u32 *)src_tmp;
-	dst32 = (u32 *)dst_tmp;
 	if (to_le) {
-		for (i = 0; i < ((num_bytes + 3) / 4); i++)
-			dst32[i] = cpu_to_le32(src32[i]);
-		memcpy(dst, dst_tmp, num_bytes);
+		memcpy(src_tmp, src, num_bytes);
+		for (i = 0; i < align_num_bytes / 4; i++)
+			dst_tmp[i] = cpu_to_le32(src_tmp[i]);
+		memcpy(dst, dst_tmp, align_num_bytes);
 	} else {
-		u8 dws = num_bytes & ~3;
-		for (i = 0; i < ((num_bytes + 3) / 4); i++)
-			dst32[i] = le32_to_cpu(src32[i]);
-		memcpy(dst, dst_tmp, dws);
-		if (num_bytes % 4) {
-			for (i = 0; i < (num_bytes % 4); i++)
-				dst[dws+i] = dst_tmp[dws+i];
-		}
+		memcpy(src_tmp, src, align_num_bytes);
+		for (i = 0; i < align_num_bytes / 4; i++)
+			dst_tmp[i] = le32_to_cpu(src_tmp[i]);
+		memcpy(dst, dst_tmp, num_bytes);
 	}
 #else
 	memcpy(dst, src, num_bytes);
--- a/drivers/gpu/drm/radeon/atombios_dp.c
+++ b/drivers/gpu/drm/radeon/atombios_dp.c
@@ -45,34 +45,32 @@ static char *pre_emph_names[] = {
 
 /***** radeon AUX functions *****/
 
-/* Atom needs data in little endian format
- * so swap as appropriate when copying data to
- * or from atom. Note that atom operates on
- * dw units.
+/* Atom needs data in little endian format so swap as appropriate when copying
+ * data to or from atom. Note that atom operates on dw units.
+ *
+ * Use to_le=true when sending data to atom and provide at least
+ * ALIGN(num_bytes,4) bytes in the dst buffer.
+ *
+ * Use to_le=false when receiving data from atom and provide ALIGN(num_bytes,4)
+ * byes in the src buffer.
  */
 void radeon_atom_copy_swap(u8 *dst, u8 *src, u8 num_bytes, bool to_le)
 {
 #ifdef __BIG_ENDIAN
-	u8 src_tmp[20], dst_tmp[20]; /* used for byteswapping */
-	u32 *dst32, *src32;
+	u32 src_tmp[5], dst_tmp[5];
 	int i;
+	u8 align_num_bytes = ALIGN(num_bytes, 4);
 
-	memcpy(src_tmp, src, num_bytes);
-	src32 = (u32 *)src_tmp;
-	dst32 = (u32 *)dst_tmp;
 	if (to_le) {
-		for (i = 0; i < ((num_bytes + 3) / 4); i++)
-			dst32[i] = cpu_to_le32(src32[i]);
-		memcpy(dst, dst_tmp, num_bytes);
+		memcpy(src_tmp, src, num_bytes);
+		for (i = 0; i < align_num_bytes / 4; i++)
+			dst_tmp[i] = cpu_to_le32(src_tmp[i]);
+		memcpy(dst, dst_tmp, align_num_bytes);
 	} else {
-		u8 dws = num_bytes & ~3;
-		for (i = 0; i < ((num_bytes + 3) / 4); i++)
-			dst32[i] = le32_to_cpu(src32[i]);
-		memcpy(dst, dst_tmp, dws);
-		if (num_bytes % 4) {
-			for (i = 0; i < (num_bytes % 4); i++)
-				dst[dws+i] = dst_tmp[dws+i];
-		}
+		memcpy(src_tmp, src, align_num_bytes);
+		for (i = 0; i < align_num_bytes / 4; i++)
+			dst_tmp[i] = le32_to_cpu(src_tmp[i]);
+		memcpy(dst, dst_tmp, num_bytes);
 	}
 #else
 	memcpy(dst, src, num_bytes);

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 20/27] drm/panel: simple: Add missing panel_simple_unprepare() calls
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (13 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 4.4 19/27] drm/radeon: fix atombios on big endian Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 21/27] mtd: nand: Fix writing mtdoops to nand flash Greg Kroah-Hartman
                   ` (8 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jonathan Liu, Thierry Reding

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jonathan Liu <net147@gmail.com>

commit f3621a8eb59a913612c8e6e37d81f16b649f8b6c upstream.

During panel removal or system shutdown panel_simple_disable() is called
which disables the panel backlight but the panel is still powered due to
missing calls to panel_simple_unprepare().

Fixes: d02fd93e2cd8 ("drm/panel: simple - Disable panel on shutdown")
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20170807115545.27747-1-net147@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/panel/panel-simple.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/gpu/drm/panel/panel-simple.c
+++ b/drivers/gpu/drm/panel/panel-simple.c
@@ -352,6 +352,7 @@ static int panel_simple_remove(struct de
 	drm_panel_remove(&panel->base);
 
 	panel_simple_disable(&panel->base);
+	panel_simple_unprepare(&panel->base);
 
 	if (panel->ddc)
 		put_device(&panel->ddc->dev);
@@ -367,6 +368,7 @@ static void panel_simple_shutdown(struct
 	struct panel_simple *panel = dev_get_drvdata(dev);
 
 	panel_simple_disable(&panel->base);
+	panel_simple_unprepare(&panel->base);
 }
 
 static const struct drm_display_mode ampire_am800480r3tmqwa1h_mode = {

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 21/27] mtd: nand: Fix writing mtdoops to nand flash.
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (14 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 4.4 20/27] drm/panel: simple: Add missing panel_simple_unprepare() calls Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 22/27] NFS: revalidate "." etc correctly on "open" Greg Kroah-Hartman
                   ` (7 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Brent Taylor, Boris Brezillon

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Brent Taylor <motobud@gmail.com>

commit 30863e38ebeb500a31cecee8096fb5002677dd9b upstream.

When mtdoops calls mtd_panic_write(), it eventually calls
panic_nand_write() in nand_base.c. In order to properly wait for the
nand chip to be ready in panic_nand_wait(), the chip must first be
selected.

When using the atmel nand flash controller, a panic would occur due to
a NULL pointer exception.

Fixes: 2af7c6539931 ("mtd: Add panic_write for NAND flashes")
Cc: <stable@vger.kernel.org>
Signed-off-by: Brent Taylor <motobud@gmail.com>
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/mtd/nand/nand_base.c |    9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

--- a/drivers/mtd/nand/nand_base.c
+++ b/drivers/mtd/nand/nand_base.c
@@ -2663,15 +2663,18 @@ static int panic_nand_write(struct mtd_i
 			    size_t *retlen, const uint8_t *buf)
 {
 	struct nand_chip *chip = mtd->priv;
+	int chipnr = (int)(to >> chip->chip_shift);
 	struct mtd_oob_ops ops;
 	int ret;
 
-	/* Wait for the device to get ready */
-	panic_nand_wait(mtd, chip, 400);
-
 	/* Grab the device */
 	panic_nand_get_device(chip, mtd, FL_WRITING);
 
+	chip->select_chip(mtd, chipnr);
+
+	/* Wait for the device to get ready */
+	panic_nand_wait(mtd, chip, 400);
+
 	memset(&ops, 0, sizeof(ops));
 	ops.len = len;
 	ops.datbuf = (uint8_t *)buf;

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 22/27] NFS: revalidate "." etc correctly on "open".
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (15 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 4.4 21/27] mtd: nand: Fix writing mtdoops to nand flash Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 25/27] nfsd: Make init_open_stateid() a bit more whole Greg Kroah-Hartman
                   ` (6 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, NeilBrown, Anna Schumaker

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: NeilBrown <neilb@suse.com>

commit b688741cb06695312f18b730653d6611e1bad28d upstream.

For correct close-to-open semantics, NFS must validate
the change attribute of a directory (or file) on open.

Since commit ecf3d1f1aa74 ("vfs: kill FS_REVAL_DOT by adding a
d_weak_revalidate dentry op"), open() of "." or a path ending ".." is
not revalidated reliably (except when that direct is a mount point).

Prior to that commit, "." was revalidated using nfs_lookup_revalidate()
which checks the LOOKUP_OPEN flag and forces revalidation if the flag is
set.
Since that commit, nfs_weak_revalidate() is used for NFSv3 (which
ignores the flags) and nothing is used for NFSv4.

This is fixed by using nfs_lookup_verify_inode() in
nfs_weak_revalidate().  This does the revalidation exactly when needed.
Also, add a definition of .d_weak_revalidate for NFSv4.

The incorrect behavior is easily demonstrated by running "echo *" in
some non-mountpoint NFS directory while watching network traffic.
Without this patch, "echo *" sometimes doesn't produce any traffic.
With the patch it always does.

Fixes: ecf3d1f1aa74 ("vfs: kill FS_REVAL_DOT by adding a d_weak_revalidate dentry op")
cc: stable@vger.kernel.org (3.9+)
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfs/dir.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -1260,7 +1260,7 @@ static int nfs_weak_revalidate(struct de
 		return 0;
 	}
 
-	error = nfs_revalidate_inode(NFS_SERVER(inode), inode);
+	error = nfs_lookup_verify_inode(inode, flags);
 	dfprintk(LOOKUPCACHE, "NFS: %s: inode %lu is %s\n",
 			__func__, inode->i_ino, error ? "invalid" : "valid");
 	return !error;
@@ -1420,6 +1420,7 @@ static int nfs4_lookup_revalidate(struct
 
 const struct dentry_operations nfs4_dentry_operations = {
 	.d_revalidate	= nfs4_lookup_revalidate,
+	.d_weak_revalidate	= nfs_weak_revalidate,
 	.d_delete	= nfs_dentry_delete,
 	.d_iput		= nfs_dentry_iput,
 	.d_automount	= nfs_d_automount,

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 25/27] nfsd: Make init_open_stateid() a bit more whole
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (16 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 4.4 22/27] NFS: revalidate "." etc correctly on "open" Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 26/27] nfsd: Fix stateid races between OPEN and CLOSE Greg Kroah-Hartman
                   ` (5 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, J . Bruce Fields, Oleg Drokin,
	J. Bruce Fields

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Oleg Drokin <green@linuxhacker.ru>

commit 8c7245abda877d4689b3371db8ae2a4400d7d9ce upstream.

Move the state selection logic inside from the caller,
always making it return correct stp to use.

Signed-off-by: J . Bruce Fields <bfields@fieldses.org>
Signed-off-by: Oleg Drokin <green@linuxhacker.ru>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfsd/nfs4state.c |   27 ++++++++++++---------------
 1 file changed, 12 insertions(+), 15 deletions(-)

--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -3420,13 +3420,14 @@ alloc_init_open_stateowner(unsigned int
 }
 
 static struct nfs4_ol_stateid *
-init_open_stateid(struct nfs4_ol_stateid *stp, struct nfs4_file *fp,
-		struct nfsd4_open *open)
+init_open_stateid(struct nfs4_file *fp, struct nfsd4_open *open)
 {
 
 	struct nfs4_openowner *oo = open->op_openowner;
 	struct nfs4_ol_stateid *retstp = NULL;
+	struct nfs4_ol_stateid *stp;
 
+	stp = open->op_stp;
 	/* We are moving these outside of the spinlocks to avoid the warnings */
 	mutex_init(&stp->st_mutex);
 	mutex_lock(&stp->st_mutex);
@@ -3437,6 +3438,8 @@ init_open_stateid(struct nfs4_ol_stateid
 	retstp = nfsd4_find_existing_open(fp, open);
 	if (retstp)
 		goto out_unlock;
+
+	open->op_stp = NULL;
 	atomic_inc(&stp->st_stid.sc_count);
 	stp->st_stid.sc_type = NFS4_OPEN_STID;
 	INIT_LIST_HEAD(&stp->st_locks);
@@ -3454,10 +3457,11 @@ out_unlock:
 	spin_unlock(&oo->oo_owner.so_client->cl_lock);
 	if (retstp) {
 		mutex_lock(&retstp->st_mutex);
-		/* Not that we need to, just for neatness */
+		/* To keep mutex tracking happy */
 		mutex_unlock(&stp->st_mutex);
+		stp = retstp;
 	}
-	return retstp;
+	return stp;
 }
 
 /*
@@ -4260,7 +4264,6 @@ nfsd4_process_open2(struct svc_rqst *rqs
 	struct nfs4_client *cl = open->op_openowner->oo_owner.so_client;
 	struct nfs4_file *fp = NULL;
 	struct nfs4_ol_stateid *stp = NULL;
-	struct nfs4_ol_stateid *swapstp = NULL;
 	struct nfs4_delegation *dp = NULL;
 	__be32 status;
 
@@ -4297,16 +4300,10 @@ nfsd4_process_open2(struct svc_rqst *rqs
 			goto out;
 		}
 	} else {
-		stp = open->op_stp;
-		open->op_stp = NULL;
-		/*
-		 * init_open_stateid() either returns a locked stateid
-		 * it found, or initializes and locks the new one we passed in
-		 */
-		swapstp = init_open_stateid(stp, fp, open);
-		if (swapstp) {
-			nfs4_put_stid(&stp->st_stid);
-			stp = swapstp;
+		/* stp is returned locked. */
+		stp = init_open_stateid(fp, open);
+		/* See if we lost the race to some other thread */
+		if (stp->st_access_bmap != 0) {
 			status = nfs4_upgrade_open(rqstp, fp, current_fh,
 						stp, open);
 			if (status) {

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 26/27] nfsd: Fix stateid races between OPEN and CLOSE
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (17 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 4.4 25/27] nfsd: Make init_open_stateid() a bit more whole Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 15:59 ` [PATCH 4.4 27/27] nfsd: Fix another OPEN stateid race Greg Kroah-Hartman
                   ` (4 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust, J. Bruce Fields

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Trond Myklebust <trond.myklebust@primarydata.com>

commit 15ca08d3299682dc49bad73251677b2c5017ef08 upstream.

Open file stateids can linger on the nfs4_file list of stateids even
after they have been closed. In order to avoid reusing such a
stateid, and confusing the client, we need to recheck the
nfs4_stid's type after taking the mutex.
Otherwise, we risk reusing an old stateid that was already closed,
which will confuse clients that expect new stateids to conform to
RFC7530 Sections 9.1.4.2 and 16.2.5 or RFC5661 Sections 8.2.2 and 18.2.4.

Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfsd/nfs4state.c |   67 +++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 59 insertions(+), 8 deletions(-)

--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -3379,7 +3379,9 @@ nfsd4_find_existing_open(struct nfs4_fil
 		/* ignore lock owners */
 		if (local->st_stateowner->so_is_open_owner == 0)
 			continue;
-		if (local->st_stateowner == &oo->oo_owner) {
+		if (local->st_stateowner != &oo->oo_owner)
+			continue;
+		if (local->st_stid.sc_type == NFS4_OPEN_STID) {
 			ret = local;
 			atomic_inc(&ret->st_stid.sc_count);
 			break;
@@ -3388,6 +3390,52 @@ nfsd4_find_existing_open(struct nfs4_fil
 	return ret;
 }
 
+static __be32
+nfsd4_verify_open_stid(struct nfs4_stid *s)
+{
+	__be32 ret = nfs_ok;
+
+	switch (s->sc_type) {
+	default:
+		break;
+	case NFS4_CLOSED_STID:
+	case NFS4_CLOSED_DELEG_STID:
+		ret = nfserr_bad_stateid;
+		break;
+	case NFS4_REVOKED_DELEG_STID:
+		ret = nfserr_deleg_revoked;
+	}
+	return ret;
+}
+
+/* Lock the stateid st_mutex, and deal with races with CLOSE */
+static __be32
+nfsd4_lock_ol_stateid(struct nfs4_ol_stateid *stp)
+{
+	__be32 ret;
+
+	mutex_lock(&stp->st_mutex);
+	ret = nfsd4_verify_open_stid(&stp->st_stid);
+	if (ret != nfs_ok)
+		mutex_unlock(&stp->st_mutex);
+	return ret;
+}
+
+static struct nfs4_ol_stateid *
+nfsd4_find_and_lock_existing_open(struct nfs4_file *fp, struct nfsd4_open *open)
+{
+	struct nfs4_ol_stateid *stp;
+	for (;;) {
+		spin_lock(&fp->fi_lock);
+		stp = nfsd4_find_existing_open(fp, open);
+		spin_unlock(&fp->fi_lock);
+		if (!stp || nfsd4_lock_ol_stateid(stp) == nfs_ok)
+			break;
+		nfs4_put_stid(&stp->st_stid);
+	}
+	return stp;
+}
+
 static struct nfs4_openowner *
 alloc_init_open_stateowner(unsigned int strhashval, struct nfsd4_open *open,
 			   struct nfsd4_compound_state *cstate)
@@ -3432,6 +3480,7 @@ init_open_stateid(struct nfs4_file *fp,
 	mutex_init(&stp->st_mutex);
 	mutex_lock(&stp->st_mutex);
 
+retry:
 	spin_lock(&oo->oo_owner.so_client->cl_lock);
 	spin_lock(&fp->fi_lock);
 
@@ -3456,7 +3505,11 @@ out_unlock:
 	spin_unlock(&fp->fi_lock);
 	spin_unlock(&oo->oo_owner.so_client->cl_lock);
 	if (retstp) {
-		mutex_lock(&retstp->st_mutex);
+		/* Handle races with CLOSE */
+		if (nfsd4_lock_ol_stateid(retstp) != nfs_ok) {
+			nfs4_put_stid(&retstp->st_stid);
+			goto retry;
+		}
 		/* To keep mutex tracking happy */
 		mutex_unlock(&stp->st_mutex);
 		stp = retstp;
@@ -4277,9 +4330,7 @@ nfsd4_process_open2(struct svc_rqst *rqs
 		status = nfs4_check_deleg(cl, open, &dp);
 		if (status)
 			goto out;
-		spin_lock(&fp->fi_lock);
-		stp = nfsd4_find_existing_open(fp, open);
-		spin_unlock(&fp->fi_lock);
+		stp = nfsd4_find_and_lock_existing_open(fp, open);
 	} else {
 		open->op_file = NULL;
 		status = nfserr_bad_stateid;
@@ -4293,7 +4344,6 @@ nfsd4_process_open2(struct svc_rqst *rqs
 	 */
 	if (stp) {
 		/* Stateid was found, this is an OPEN upgrade */
-		mutex_lock(&stp->st_mutex);
 		status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open);
 		if (status) {
 			mutex_unlock(&stp->st_mutex);
@@ -5150,7 +5200,6 @@ static void nfsd4_close_open_stateid(str
 	bool unhashed;
 	LIST_HEAD(reaplist);
 
-	s->st_stid.sc_type = NFS4_CLOSED_STID;
 	spin_lock(&clp->cl_lock);
 	unhashed = unhash_open_stateid(s, &reaplist);
 
@@ -5189,10 +5238,12 @@ nfsd4_close(struct svc_rqst *rqstp, stru
 	nfsd4_bump_seqid(cstate, status);
 	if (status)
 		goto out; 
+
+	stp->st_stid.sc_type = NFS4_CLOSED_STID;
 	nfs4_inc_and_copy_stateid(&close->cl_stateid, &stp->st_stid);
-	mutex_unlock(&stp->st_mutex);
 
 	nfsd4_close_open_stateid(stp);
+	mutex_unlock(&stp->st_mutex);
 
 	/* put reference from nfs4_preprocess_seqid_op */
 	nfs4_put_stid(&stp->st_stid);

^ permalink raw reply	[flat|nested] 30+ messages in thread

* [PATCH 4.4 27/27] nfsd: Fix another OPEN stateid race
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (18 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 4.4 26/27] nfsd: Fix stateid races between OPEN and CLOSE Greg Kroah-Hartman
@ 2017-12-04 15:59 ` Greg Kroah-Hartman
  2017-12-04 16:48 ` [PATCH 4.4 00/27] 4.4.104-stable review Nathan Chancellor
                   ` (3 subsequent siblings)
  23 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 15:59 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Andrew W Elble, Trond Myklebust,
	J. Bruce Fields

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Trond Myklebust <trond.myklebust@primarydata.com>

commit d8a1a000555ecd1b824ac1ed6df8fe364dfbbbb0 upstream.

If nfsd4_process_open2() is initialising a new stateid, and yet the
call to nfs4_get_vfs_file() fails for some reason, then we must
declare the stateid closed, and unhash it before dropping the mutex.

Right now, we unhash the stateid after dropping the mutex, and without
changing the stateid type, meaning that another OPEN could theoretically
look it up and attempt to use it.

Reported-by: Andrew W Elble <aweits@rit.edu>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/nfsd/nfs4state.c |   28 +++++++++++++---------------
 1 file changed, 13 insertions(+), 15 deletions(-)

--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -4319,6 +4319,7 @@ nfsd4_process_open2(struct svc_rqst *rqs
 	struct nfs4_ol_stateid *stp = NULL;
 	struct nfs4_delegation *dp = NULL;
 	__be32 status;
+	bool new_stp = false;
 
 	/*
 	 * Lookup file; if found, lookup stateid and check open request,
@@ -4338,11 +4339,19 @@ nfsd4_process_open2(struct svc_rqst *rqs
 			goto out;
 	}
 
+	if (!stp) {
+		stp = init_open_stateid(fp, open);
+		if (!open->op_stp)
+			new_stp = true;
+	}
+
 	/*
 	 * OPEN the file, or upgrade an existing OPEN.
 	 * If truncate fails, the OPEN fails.
+	 *
+	 * stp is already locked.
 	 */
-	if (stp) {
+	if (!new_stp) {
 		/* Stateid was found, this is an OPEN upgrade */
 		status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open);
 		if (status) {
@@ -4350,22 +4359,11 @@ nfsd4_process_open2(struct svc_rqst *rqs
 			goto out;
 		}
 	} else {
-		/* stp is returned locked. */
-		stp = init_open_stateid(fp, open);
-		/* See if we lost the race to some other thread */
-		if (stp->st_access_bmap != 0) {
-			status = nfs4_upgrade_open(rqstp, fp, current_fh,
-						stp, open);
-			if (status) {
-				mutex_unlock(&stp->st_mutex);
-				goto out;
-			}
-			goto upgrade_out;
-		}
 		status = nfs4_get_vfs_file(rqstp, fp, current_fh, stp, open);
 		if (status) {
-			mutex_unlock(&stp->st_mutex);
+			stp->st_stid.sc_type = NFS4_CLOSED_STID;
 			release_open_stateid(stp);
+			mutex_unlock(&stp->st_mutex);
 			goto out;
 		}
 
@@ -4374,7 +4372,7 @@ nfsd4_process_open2(struct svc_rqst *rqs
 		if (stp->st_clnt_odstate == open->op_odstate)
 			open->op_odstate = NULL;
 	}
-upgrade_out:
+
 	nfs4_inc_and_copy_stateid(&open->op_stateid, &stp->st_stid);
 	mutex_unlock(&stp->st_mutex);
 

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH 4.4 00/27] 4.4.104-stable review
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (19 preceding siblings ...)
  2017-12-04 15:59 ` [PATCH 4.4 27/27] nfsd: Fix another OPEN stateid race Greg Kroah-Hartman
@ 2017-12-04 16:48 ` Nathan Chancellor
  2017-12-04 18:36   ` Greg Kroah-Hartman
  2017-12-04 20:14 ` Shuah Khan
                   ` (2 subsequent siblings)
  23 siblings, 1 reply; 30+ messages in thread
From: Nathan Chancellor @ 2017-12-04 16:48 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, linux, shuahkh, patches,
	ben.hutchings, lkft-triage, stable

On Mon, Dec 04, 2017 at 04:59:25PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.4.104 release.
> There are 27 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Wed Dec  6 15:59:33 UTC 2017.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.104-rc1.gz
> or in the git tree and branch at:
>   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h
> 
> -------------
> Pseudo-Shortlog of commits:
> 
> Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>     Linux 4.4.104-rc1
> 
> Trond Myklebust <trond.myklebust@primarydata.com>
>     nfsd: Fix another OPEN stateid race
> 
> Trond Myklebust <trond.myklebust@primarydata.com>
>     nfsd: Fix stateid races between OPEN and CLOSE
> 
> Oleg Drokin <green@linuxhacker.ru>
>     nfsd: Make init_open_stateid() a bit more whole
> 
> Ville Syrjälä <ville.syrjala@linux.intel.com>
>     drm/i915: Prevent zero length "index" write
> 
> Ville Syrjälä <ville.syrjala@linux.intel.com>
>     drm/i915: Don't try indexed reads to alternate slave addresses
> 
> NeilBrown <neilb@suse.com>
>     NFS: revalidate "." etc correctly on "open".
> 
> Brent Taylor <motobud@gmail.com>
>     mtd: nand: Fix writing mtdoops to nand flash.
> 
> Jonathan Liu <net147@gmail.com>
>     drm/panel: simple: Add missing panel_simple_unprepare() calls
> 
> Roman Kapl <rka@sysgo.com>
>     drm/radeon: fix atombios on big endian
> 
> Alex Deucher <alexander.deucher@amd.com>
>     Revert "drm/radeon: dont switch vt on suspend"
> 
> Huacai Chen <chenhc@lemote.com>
>     bcache: Fix building error on MIPS
> 
> Heiner Kallweit <hkallweit1@gmail.com>
>     eeprom: at24: check at24_read/write arguments
> 
> Adrian Hunter <adrian.hunter@intel.com>
>     mmc: core: Do not leave the block driver in a suspended state
> 
> Paolo Bonzini <pbonzini@redhat.com>
>     KVM: x86: inject exceptions produced by x86_decode_insn
> 
> Liran Alon <liran.alon@oracle.com>
>     KVM: x86: Exit to user-mode on #UD intercept when emulator requires
> 
> Liran Alon <liran.alon@oracle.com>
>     KVM: x86: pvclock: Handle first-time write to pvclock-page contains random junk
> 
> Josef Bacik <jbacik@fb.com>
>     btrfs: clear space cache inode generation always
> 
> chenjie <chenjie6@huawei.com>
>     mm/madvise.c: fix madvise() infinite loop under special circumstances
> 
> Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
>     mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()
> 
> Matt Fleming <matt@codeblueprint.co.uk>
>     x86/efi-bgrt: Replace early_memremap() with memremap()
> 
> Sai Praneeth <sai.praneeth.prakhya@intel.com>
>     x86/efi-bgrt: Fix kernel panic when mapping BGRT data
> 
> Adam Ford <aford173@gmail.com>
>     ARM: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio
> 
> Matt Fleming <matt@codeblueprint.co.uk>
>     x86/efi: Build our own page table structures
> 
> Matt Fleming <matt@codeblueprint.co.uk>
>     x86/efi: Hoist page table switching code into efi_call_virt()
> 
> Matt Fleming <matt@codeblueprint.co.uk>
>     x86/mm/pat: Ensure cpa->pfn only contains page frame numbers
> 
> Herbert Xu <herbert@gondor.apana.org.au>
>     ipsec: Fix aborted xfrm policy dump crash
> 
> Tom Herbert <tom@herbertland.com>
>     netlink: add a start callback for starting a netlink dump
> 
> 
> -------------
> 
> Diffstat:
> 
>  Makefile                                          |   4 +-
>  arch/arm/boot/dts/logicpd-torpedo-37xx-devkit.dts |   2 +-
>  arch/x86/include/asm/efi.h                        |  26 ++++
>  arch/x86/kvm/svm.c                                |   2 +
>  arch/x86/kvm/vmx.c                                |   2 +
>  arch/x86/kvm/x86.c                                |   5 +
>  arch/x86/mm/pageattr.c                            |  17 +--
>  arch/x86/platform/efi/efi-bgrt.c                  |  39 +++---
>  arch/x86/platform/efi/efi.c                       |  39 +++---
>  arch/x86/platform/efi/efi_32.c                    |   5 +
>  arch/x86/platform/efi/efi_64.c                    | 137 ++++++++++++++++------
>  arch/x86/platform/efi/efi_stub_64.S               |  43 -------
>  drivers/firmware/efi/efi.c                        |  32 -----
>  drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c      |  38 +++---
>  drivers/gpu/drm/i915/intel_i2c.c                  |   4 +-
>  drivers/gpu/drm/panel/panel-simple.c              |   2 +
>  drivers/gpu/drm/radeon/atombios_dp.c              |  38 +++---
>  drivers/gpu/drm/radeon/radeon_fb.c                |   1 -
>  drivers/md/bcache/alloc.c                         |   2 +-
>  drivers/md/bcache/extents.c                       |   2 +-
>  drivers/md/bcache/journal.c                       |   2 +-
>  drivers/misc/eeprom/at24.c                        |   6 +
>  drivers/mmc/core/bus.c                            |   3 +
>  drivers/mtd/nand/nand_base.c                      |   9 +-
>  fs/btrfs/extent-tree.c                            |  14 +--
>  fs/nfs/dir.c                                      |   3 +-
>  fs/nfsd/nfs4state.c                               | 114 ++++++++++++------
>  include/linux/netlink.h                           |   2 +
>  include/net/genetlink.h                           |   2 +
>  include/uapi/linux/bcache.h                       |   2 +-
>  mm/huge_memory.c                                  |  14 +--
>  mm/madvise.c                                      |   4 +-
>  net/netlink/af_netlink.c                          |   4 +
>  net/netlink/genetlink.c                           |  16 +++
>  net/xfrm/xfrm_user.c                              |  25 ++--
>  35 files changed, 373 insertions(+), 287 deletions(-)
> 
>

Merged, compiled, and flashed on my Pixel 2 XL and OnePlus 5.

No initial issues noticed in general usage or dmesg.

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH 4.4 00/27] 4.4.104-stable review
  2017-12-04 16:48 ` [PATCH 4.4 00/27] 4.4.104-stable review Nathan Chancellor
@ 2017-12-04 18:36   ` Greg Kroah-Hartman
  0 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-04 18:36 UTC (permalink / raw)
  To: Nathan Chancellor
  Cc: linux-kernel, torvalds, akpm, linux, shuahkh, patches,
	ben.hutchings, lkft-triage, stable

On Mon, Dec 04, 2017 at 09:48:57AM -0700, Nathan Chancellor wrote:
> Merged, compiled, and flashed on my Pixel 2 XL and OnePlus 5.
> 
> No initial issues noticed in general usage or dmesg.

Wonderful, thanks for testing and letting me know.

greg k-h

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH 4.4 00/27] 4.4.104-stable review
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (20 preceding siblings ...)
  2017-12-04 16:48 ` [PATCH 4.4 00/27] 4.4.104-stable review Nathan Chancellor
@ 2017-12-04 20:14 ` Shuah Khan
  2017-12-04 23:45 ` Guenter Roeck
  2017-12-05  7:20 ` Naresh Kamboju
  23 siblings, 0 replies; 30+ messages in thread
From: Shuah Khan @ 2017-12-04 20:14 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: torvalds, akpm, linux, patches, ben.hutchings, lkft-triage,
	stable, Shuah Khan

On 12/04/2017 08:59 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.4.104 release.
> There are 27 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Wed Dec  6 15:59:33 UTC 2017.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.104-rc1.gz
> or in the git tree and branch at:
>   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
> and the diffstat can be found below.
> 
> thanks,
> 
> greg k-h
> 

Compiled and booted on my test system. No dmesg regressions.

thanks,
-- Shuah

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH 4.4 00/27] 4.4.104-stable review
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (21 preceding siblings ...)
  2017-12-04 20:14 ` Shuah Khan
@ 2017-12-04 23:45 ` Guenter Roeck
  2017-12-05  7:20 ` Naresh Kamboju
  23 siblings, 0 replies; 30+ messages in thread
From: Guenter Roeck @ 2017-12-04 23:45 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, torvalds, akpm, shuahkh, patches, ben.hutchings,
	lkft-triage, stable

On Mon, Dec 04, 2017 at 04:59:25PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.4.104 release.
> There are 27 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Wed Dec  6 15:59:33 UTC 2017.
> Anything received after that time might be too late.
> 

Build results:
	total: 145 pass: 145 fail: 0
Qemu test results:
	total: 116 pass: 116 fail: 0

Details are available at http://kerneltests.org/builders.

Guenter

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH 4.4 00/27] 4.4.104-stable review
  2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
                   ` (22 preceding siblings ...)
  2017-12-04 23:45 ` Guenter Roeck
@ 2017-12-05  7:20 ` Naresh Kamboju
  23 siblings, 0 replies; 30+ messages in thread
From: Naresh Kamboju @ 2017-12-05  7:20 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: linux-kernel, Ben Hutchings, Shuah Khan, lkft-triage, patches,
	linux- stable, akpm, torvalds, Guenter Roeck, Tom Gall

On 4 December 2017 at 21:29, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
> This is the start of the stable review cycle for the 4.4.104 release.
> There are 27 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed Dec  6 15:59:33 UTC 2017.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
>         kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.104-rc1.gz
> or in the git tree and branch at:
>   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>

Results from Linaro’s test farm.
No regressions on arm64, arm and x86_64.

Summary
------------------------------------------------------------------------

kernel: 4.4.104-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-4.4.y
git commit: 998ef014deff90a607c74c706b5bed3115931b61
git describe: v4.4.103-28-g998ef014deff
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-4.4-oe/build/v4.4.103-28-g998ef014deff


No regressions (compared to build v4.4.103-28-ge1e2e6c522e1)

Boards, architectures and test suites:
-------------------------------------

juno-r2 - arm64
* boot - pass: 20,
* kselftest - fail: 1, pass: 27, skip: 25
* libhugetlbfs - pass: 90, skip: 1
* ltp-cap_bounds-tests - pass: 2,
* ltp-containers-tests - pass: 28, skip: 36
* ltp-fcntl-locktests-tests - pass: 2,
* ltp-filecaps-tests - pass: 2,
* ltp-fs-tests - pass: 60,
* ltp-fs_bind-tests - pass: 2,
* ltp-fs_perms_simple-tests - pass: 19,
* ltp-fsx-tests - pass: 2,
* ltp-hugetlb-tests - pass: 22,
* ltp-io-tests - pass: 3,
* ltp-ipc-tests - pass: 9,
* ltp-math-tests - pass: 11,
* ltp-nptl-tests - pass: 2,
* ltp-pty-tests - pass: 4,
* ltp-sched-tests - pass: 10,
* ltp-securebits-tests - pass: 4,
* ltp-syscalls-tests - pass: 936, skip: 159
* ltp-timers-tests - pass: 12,

x15 - arm
* boot - pass: 20,
* kselftest - pass: 26, skip: 28
* libhugetlbfs - pass: 87, skip: 1
* ltp-cap_bounds-tests - pass: 2,
* ltp-containers-tests - pass: 64,
* ltp-fcntl-locktests-tests - pass: 2,
* ltp-filecaps-tests - pass: 2,
* ltp-fs-tests - pass: 60,
* ltp-fs_bind-tests - pass: 2,
* ltp-fs_perms_simple-tests - pass: 19,
* ltp-fsx-tests - pass: 2,
* ltp-hugetlb-tests - pass: 20, skip: 2
* ltp-io-tests - pass: 3,
* ltp-ipc-tests - pass: 9,
* ltp-math-tests - pass: 11,
* ltp-nptl-tests - pass: 2,
* ltp-pty-tests - pass: 4,
* ltp-sched-tests - pass: 13, skip: 1
* ltp-securebits-tests - pass: 4,
* ltp-syscalls-tests - pass: 1035, skip: 67
* ltp-timers-tests - pass: 12,

x86_64
* boot - pass: 20,
* kselftest - pass: 39, skip: 31
* libhugetlbfs - pass: 76, skip: 1
* ltp-cap_bounds-tests - pass: 2,
* ltp-containers-tests - pass: 64,
* ltp-fcntl-locktests-tests - pass: 2,
* ltp-filecaps-tests - pass: 2,
* ltp-fs-tests - pass: 61, skip: 1
* ltp-fs_bind-tests - pass: 2,
* ltp-fs_perms_simple-tests - pass: 19,
* ltp-fsx-tests - pass: 2,
* ltp-hugetlb-tests - pass: 22,
* ltp-io-tests - pass: 3,
* ltp-ipc-tests - pass: 9,
* ltp-math-tests - pass: 11,
* ltp-nptl-tests - pass: 2,
* ltp-pty-tests - pass: 4,
* ltp-sched-tests - pass: 9, skip: 1
* ltp-securebits-tests - pass: 4,
* ltp-syscalls-tests - pass: 956, skip: 164
* ltp-timers-tests - pass: 12,

And the arm64 hikey results.

Summary
------------------------------------------------------------------------

kernel: 4.4.104-rc1
git repo: https://git.linaro.org/lkft/arm64-stable-rc.git
git tag: 4.4.104-rc1-hikey-20171204-67
git commit: fc49d1746dc96bedfe5bf072eecbe84410972db0
git describe: 4.4.104-rc1-hikey-20171204-67
Test details: https://qa-reports.linaro.org/lkft/linaro-hikey-stable-rc-4.4-oe/build/4.4.104-rc1-hikey-20171204-67


No regressions (compared to build 4.4.104-rc1-hikey-20171204-66)

Boards, architectures and test suites:
-------------------------------------

hi6220-hikey - arm64
* boot - pass: 20,
* kselftest - pass: 25, skip: 29
* libhugetlbfs - pass: 90, skip: 1
* ltp-cap_bounds-tests - pass: 2,
* ltp-containers-tests - pass: 28, skip: 36
* ltp-fcntl-locktests-tests - pass: 2,
* ltp-filecaps-tests - pass: 2,
* ltp-fs-tests - pass: 60,
* ltp-fs_bind-tests - pass: 2,
* ltp-fs_perms_simple-tests - pass: 19,
* ltp-fsx-tests - pass: 2,
* ltp-hugetlb-tests - pass: 21, skip: 1
* ltp-io-tests - pass: 3,
* ltp-ipc-tests - pass: 9,
* ltp-math-tests - pass: 11,
* ltp-nptl-tests - pass: 2,
* ltp-pty-tests - pass: 4,
* ltp-sched-tests - pass: 14,
* ltp-securebits-tests - pass: 4,
* ltp-syscalls-tests - pass: 979, skip: 124
* ltp-timers-tests - pass: 12,

Documentation - https://collaborate.linaro.org/display/LKFT/Email+Reports

Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH 4.4 05/27] x86/efi: Build our own page table structures
  2017-12-04 15:59 ` [PATCH 4.4 05/27] x86/efi: Build our own page table structures Greg Kroah-Hartman
@ 2017-12-07 22:43   ` Ben Hutchings
  2017-12-10 21:26     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 30+ messages in thread
From: Ben Hutchings @ 2017-12-07 22:43 UTC (permalink / raw)
  To: Greg Kroah-Hartman, linux-kernel
  Cc: stable, Matt Fleming, Borislav Petkov, Andrew Morton,
	Andy Lutomirski, Andy Lutomirski, Ard Biesheuvel,
	Borislav Petkov, Brian Gerst, Dave Jones, Denys Vlasenko,
	H. Peter Anvin, Linus Torvalds, Peter Zijlstra,
	Sai Praneeth Prakhya, Stephen Smalley, Thomas Gleixner,
	Toshi Kani, linux-efi, Ingo Molnar, Ghannam, Yazen,
	Alex Thorlton

On Mon, 2017-12-04 at 16:59 +0100, Greg Kroah-Hartman wrote:
> 4.4-stable review patch.  If anyone has any objections, please let me know.
> 
> ------------------
> 
> From: Matt Fleming <matt@codeblueprint.co.uk>
> 
> commit 67a9108ed4313b85a9c53406d80dc1ae3f8c3e36 upstream.
[...]

It looks like this will cause regressions unless you also apply:

21cdb6b56843 x86/mm: Page align the '_end' symbol to avoid pfn conversion bugs
b61a76f8850d x86/efi: Map RAM into the identity page table for mixed mode
753b11ef8e92 x86/efi: Setup separate EFI page tables in kexec paths

and possibly also:

08914f436bdd x86/platform/UV: Bring back the call to map_low_mmrs in uv_system_init
683ad8092cd2 x86/efi: Fix 7-parameter efi_call()s
80e75596079f efi: Convert efi_call_virt() to efi_call_virt_pointer()
d1be84a232e3 x86/uv: Update uv_bios_call() to use efi_call_virt_pointer()

Ben.

-- 
Ben Hutchings
Software Developer, Codethink Ltd.

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH 4.4 05/27] x86/efi: Build our own page table structures
  2017-12-07 22:43   ` Ben Hutchings
@ 2017-12-10 21:26     ` Greg Kroah-Hartman
  2017-12-12 17:24       ` Ghannam, Yazen
  0 siblings, 1 reply; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-10 21:26 UTC (permalink / raw)
  To: Ben Hutchings, Ghannam, Yazen
  Cc: linux-kernel, stable, Matt Fleming, Borislav Petkov,
	Andrew Morton, Andy Lutomirski, Andy Lutomirski, Ard Biesheuvel,
	Borislav Petkov, Brian Gerst, Dave Jones, Denys Vlasenko,
	H. Peter Anvin, Linus Torvalds, Peter Zijlstra,
	Sai Praneeth Prakhya, Stephen Smalley, Thomas Gleixner,
	Toshi Kani, linux-efi, Ingo Molnar, Ghannam, Yazen,
	Alex Thorlton

On Thu, Dec 07, 2017 at 10:43:49PM +0000, Ben Hutchings wrote:
> On Mon, 2017-12-04 at 16:59 +0100, Greg Kroah-Hartman wrote:
> > 4.4-stable review patch.  If anyone has any objections, please let me know.
> > 
> > ------------------
> > 
> > From: Matt Fleming <matt@codeblueprint.co.uk>
> > 
> > commit 67a9108ed4313b85a9c53406d80dc1ae3f8c3e36 upstream.
> [...]
> 
> It looks like this will cause regressions unless you also apply:
> 
> 21cdb6b56843 x86/mm: Page align the '_end' symbol to avoid pfn conversion bugs
> b61a76f8850d x86/efi: Map RAM into the identity page table for mixed mode
> 753b11ef8e92 x86/efi: Setup separate EFI page tables in kexec paths
> 
> and possibly also:
> 
> 08914f436bdd x86/platform/UV: Bring back the call to map_low_mmrs in uv_system_init
> 683ad8092cd2 x86/efi: Fix 7-parameter efi_call()s
> 80e75596079f efi: Convert efi_call_virt() to efi_call_virt_pointer()
> d1be84a232e3 x86/uv: Update uv_bios_call() to use efi_call_virt_pointer()

Ugh, that's a mess.  Yazen is the one who reported this patch, and 2
others, were needed to resolve an issue on their hardware.

Yazen, any thoughts here?  Should I just revert the 3 patches, or do you
also feel I need all 7 of these to ensure everything works properly?

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 30+ messages in thread

* RE: [PATCH 4.4 05/27] x86/efi: Build our own page table structures
  2017-12-10 21:26     ` Greg Kroah-Hartman
@ 2017-12-12 17:24       ` Ghannam, Yazen
  2017-12-14 20:27         ` Greg Kroah-Hartman
  0 siblings, 1 reply; 30+ messages in thread
From: Ghannam, Yazen @ 2017-12-12 17:24 UTC (permalink / raw)
  To: Greg Kroah-Hartman, Ben Hutchings
  Cc: linux-kernel, stable, Matt Fleming, Borislav Petkov,
	Andrew Morton, Andy Lutomirski, Andy Lutomirski, Ard Biesheuvel,
	Borislav Petkov, Brian Gerst, Dave Jones, Denys Vlasenko,
	H. Peter Anvin, Linus Torvalds, Peter Zijlstra,
	Sai Praneeth Prakhya, Stephen Smalley, Thomas Gleixner,
	Toshi Kani, linux-efi, Ingo Molnar, Alex Thorlton

> -----Original Message-----
> From: Greg Kroah-Hartman [mailto:gregkh@linuxfoundation.org]
> Sent: Sunday, December 10, 2017 4:27 PM
> To: Ben Hutchings <ben.hutchings@codethink.co.uk>; Ghannam, Yazen
> <Yazen.Ghannam@amd.com>
> Cc: linux-kernel@vger.kernel.org; stable@vger.kernel.org; Matt Fleming
> <matt@codeblueprint.co.uk>; Borislav Petkov <bp@suse.de>; Andrew
> Morton <akpm@linux-foundation.org>; Andy Lutomirski
> <luto@amacapital.net>; Andy Lutomirski <luto@kernel.org>; Ard Biesheuvel
> <ard.biesheuvel@linaro.org>; Borislav Petkov <bp@alien8.de>; Brian Gerst
> <brgerst@gmail.com>; Dave Jones <davej@codemonkey.org.uk>; Denys
> Vlasenko <dvlasenk@redhat.com>; H. Peter Anvin <hpa@zytor.com>; Linus
> Torvalds <torvalds@linux-foundation.org>; Peter Zijlstra
> <peterz@infradead.org>; Sai Praneeth Prakhya
> <sai.praneeth.prakhya@intel.com>; Stephen Smalley <sds@tycho.nsa.gov>;
> Thomas Gleixner <tglx@linutronix.de>; Toshi Kani <toshi.kani@hp.com>;
> linux-efi@vger.kernel.org; Ingo Molnar <mingo@kernel.org>; Ghannam,
> Yazen <Yazen.Ghannam@amd.com>; Alex Thorlton <athorlton@sgi.com>
> Subject: Re: [PATCH 4.4 05/27] x86/efi: Build our own page table structures
> 
> On Thu, Dec 07, 2017 at 10:43:49PM +0000, Ben Hutchings wrote:
> > On Mon, 2017-12-04 at 16:59 +0100, Greg Kroah-Hartman wrote:
> > > 4.4-stable review patch.  If anyone has any objections, please let me
> know.
> > >
> > > ------------------
> > >
> > > From: Matt Fleming <matt@codeblueprint.co.uk>
> > >
> > > commit 67a9108ed4313b85a9c53406d80dc1ae3f8c3e36 upstream.
> > [...]
> >
> > It looks like this will cause regressions unless you also apply:
> >
> > 21cdb6b56843 x86/mm: Page align the '_end' symbol to avoid pfn
> conversion bugs
> > b61a76f8850d x86/efi: Map RAM into the identity page table for mixed
> mode
> > 753b11ef8e92 x86/efi: Setup separate EFI page tables in kexec paths
> >
> > and possibly also:
> >
> > 08914f436bdd x86/platform/UV: Bring back the call to map_low_mmrs in
> uv_system_init
> > 683ad8092cd2 x86/efi: Fix 7-parameter efi_call()s
> > 80e75596079f efi: Convert efi_call_virt() to efi_call_virt_pointer()
> > d1be84a232e3 x86/uv: Update uv_bios_call() to use efi_call_virt_pointer()
> 
> Ugh, that's a mess.  Yazen is the one who reported this patch, and 2
> others, were needed to resolve an issue on their hardware.
> 
> Yazen, any thoughts here?  Should I just revert the 3 patches, or do you
> also feel I need all 7 of these to ensure everything works properly?
> 

I think it's okay to revert the 3 patches.

Thanks,
Yazen

^ permalink raw reply	[flat|nested] 30+ messages in thread

* Re: [PATCH 4.4 05/27] x86/efi: Build our own page table structures
  2017-12-12 17:24       ` Ghannam, Yazen
@ 2017-12-14 20:27         ` Greg Kroah-Hartman
  0 siblings, 0 replies; 30+ messages in thread
From: Greg Kroah-Hartman @ 2017-12-14 20:27 UTC (permalink / raw)
  To: Ghannam, Yazen
  Cc: Ben Hutchings, linux-kernel, stable, Matt Fleming,
	Borislav Petkov, Andrew Morton, Andy Lutomirski, Andy Lutomirski,
	Ard Biesheuvel, Borislav Petkov, Brian Gerst, Dave Jones,
	Denys Vlasenko, H. Peter Anvin, Linus Torvalds, Peter Zijlstra,
	Sai Praneeth Prakhya, Stephen Smalley, Thomas Gleixner,
	Toshi Kani, linux-efi, Ingo Molnar, Alex Thorlton

On Tue, Dec 12, 2017 at 05:24:32PM +0000, Ghannam, Yazen wrote:
> > -----Original Message-----
> > From: Greg Kroah-Hartman [mailto:gregkh@linuxfoundation.org]
> > Sent: Sunday, December 10, 2017 4:27 PM
> > To: Ben Hutchings <ben.hutchings@codethink.co.uk>; Ghannam, Yazen
> > <Yazen.Ghannam@amd.com>
> > Cc: linux-kernel@vger.kernel.org; stable@vger.kernel.org; Matt Fleming
> > <matt@codeblueprint.co.uk>; Borislav Petkov <bp@suse.de>; Andrew
> > Morton <akpm@linux-foundation.org>; Andy Lutomirski
> > <luto@amacapital.net>; Andy Lutomirski <luto@kernel.org>; Ard Biesheuvel
> > <ard.biesheuvel@linaro.org>; Borislav Petkov <bp@alien8.de>; Brian Gerst
> > <brgerst@gmail.com>; Dave Jones <davej@codemonkey.org.uk>; Denys
> > Vlasenko <dvlasenk@redhat.com>; H. Peter Anvin <hpa@zytor.com>; Linus
> > Torvalds <torvalds@linux-foundation.org>; Peter Zijlstra
> > <peterz@infradead.org>; Sai Praneeth Prakhya
> > <sai.praneeth.prakhya@intel.com>; Stephen Smalley <sds@tycho.nsa.gov>;
> > Thomas Gleixner <tglx@linutronix.de>; Toshi Kani <toshi.kani@hp.com>;
> > linux-efi@vger.kernel.org; Ingo Molnar <mingo@kernel.org>; Ghannam,
> > Yazen <Yazen.Ghannam@amd.com>; Alex Thorlton <athorlton@sgi.com>
> > Subject: Re: [PATCH 4.4 05/27] x86/efi: Build our own page table structures
> > 
> > On Thu, Dec 07, 2017 at 10:43:49PM +0000, Ben Hutchings wrote:
> > > On Mon, 2017-12-04 at 16:59 +0100, Greg Kroah-Hartman wrote:
> > > > 4.4-stable review patch.  If anyone has any objections, please let me
> > know.
> > > >
> > > > ------------------
> > > >
> > > > From: Matt Fleming <matt@codeblueprint.co.uk>
> > > >
> > > > commit 67a9108ed4313b85a9c53406d80dc1ae3f8c3e36 upstream.
> > > [...]
> > >
> > > It looks like this will cause regressions unless you also apply:
> > >
> > > 21cdb6b56843 x86/mm: Page align the '_end' symbol to avoid pfn
> > conversion bugs
> > > b61a76f8850d x86/efi: Map RAM into the identity page table for mixed
> > mode
> > > 753b11ef8e92 x86/efi: Setup separate EFI page tables in kexec paths
> > >
> > > and possibly also:
> > >
> > > 08914f436bdd x86/platform/UV: Bring back the call to map_low_mmrs in
> > uv_system_init
> > > 683ad8092cd2 x86/efi: Fix 7-parameter efi_call()s
> > > 80e75596079f efi: Convert efi_call_virt() to efi_call_virt_pointer()
> > > d1be84a232e3 x86/uv: Update uv_bios_call() to use efi_call_virt_pointer()
> > 
> > Ugh, that's a mess.  Yazen is the one who reported this patch, and 2
> > others, were needed to resolve an issue on their hardware.
> > 
> > Yazen, any thoughts here?  Should I just revert the 3 patches, or do you
> > also feel I need all 7 of these to ensure everything works properly?
> > 
> 
> I think it's okay to revert the 3 patches.

Ugh, messy.  Ok, all now reverted.

Thanks Ben for the review, much appreciated.

greg k-h

^ permalink raw reply	[flat|nested] 30+ messages in thread

end of thread, other threads:[~2017-12-14 20:27 UTC | newest]

Thread overview: 30+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-12-04 15:59 [PATCH 4.4 00/27] 4.4.104-stable review Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 01/27] netlink: add a start callback for starting a netlink dump Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 02/27] ipsec: Fix aborted xfrm policy dump crash Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 03/27] x86/mm/pat: Ensure cpa->pfn only contains page frame numbers Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 04/27] x86/efi: Hoist page table switching code into efi_call_virt() Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 05/27] x86/efi: Build our own page table structures Greg Kroah-Hartman
2017-12-07 22:43   ` Ben Hutchings
2017-12-10 21:26     ` Greg Kroah-Hartman
2017-12-12 17:24       ` Ghannam, Yazen
2017-12-14 20:27         ` Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 06/27] ARM: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 07/27] x86/efi-bgrt: Fix kernel panic when mapping BGRT data Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 09/27] mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 10/27] mm/madvise.c: fix madvise() infinite loop under special circumstances Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 11/27] btrfs: clear space cache inode generation always Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 15/27] mmc: core: Do not leave the block driver in a suspended state Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 16/27] eeprom: at24: check at24_read/write arguments Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 17/27] bcache: Fix building error on MIPS Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 19/27] drm/radeon: fix atombios on big endian Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 20/27] drm/panel: simple: Add missing panel_simple_unprepare() calls Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 21/27] mtd: nand: Fix writing mtdoops to nand flash Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 22/27] NFS: revalidate "." etc correctly on "open" Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 25/27] nfsd: Make init_open_stateid() a bit more whole Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 26/27] nfsd: Fix stateid races between OPEN and CLOSE Greg Kroah-Hartman
2017-12-04 15:59 ` [PATCH 4.4 27/27] nfsd: Fix another OPEN stateid race Greg Kroah-Hartman
2017-12-04 16:48 ` [PATCH 4.4 00/27] 4.4.104-stable review Nathan Chancellor
2017-12-04 18:36   ` Greg Kroah-Hartman
2017-12-04 20:14 ` Shuah Khan
2017-12-04 23:45 ` Guenter Roeck
2017-12-05  7:20 ` Naresh Kamboju

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).