diff options
8 files changed, 330 insertions, 232 deletions
diff --git a/debian/changelog b/debian/changelog index 099cfa72b672..c267499e44e5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -linux (5.9.4-1) UNRELEASED; urgency=medium +linux (5.9.6-1) UNRELEASED; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.2 @@ -734,6 +734,326 @@ linux (5.9.4-1) UNRELEASED; urgency=medium https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.4 - [x86,powerpc] Rename memcpy_mcsafe() to copy_mc_to_{user, kernel}() - [x86] copy_mc: Introduce copy_mc_enhanced_fast_string() + https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.5 + - xen/events: avoid removing an event channel while handling it + (CVE-2020-27675) + - xen/events: add a proper barrier to 2-level uevent unmasking + (CVE-2020-27673) + - xen/events: fix race in evtchn_fifo_unmask() (CVE-2020-27673) + - xen/events: add a new "late EOI" evtchn framework (CVE-2020-27673) + - xen/blkback: use lateeoi irq binding (CVE-2020-27673) + - xen/netback: use lateeoi irq binding (CVE-2020-27673) + - xen/scsiback: use lateeoi irq binding (CVE-2020-27673) + - xen/pvcallsback: use lateeoi irq binding (CVE-2020-27673) + - xen/pciback: use lateeoi irq binding (CVE-2020-27673) + - xen/events: switch user event channels to lateeoi model (CVE-2020-27673) + - xen/events: use a common cpu hotplug hook for event channels + (CVE-2020-27673) + - xen/events: defer eoi in case of excessive number of events + (CVE-2020-27673) + - xen/events: block rogue events for some time (CVE-2020-27673) + - [arm64] tee: client UUID: Skip REE kernel login method as well + - [x86] unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 + compiled kernels + - [x86] alternative: Don't call text_poke() in lazy TLB mode + - RDMA/mlx5: Fix devlink deadlock on net namespace deletion + - afs: Fix a use after free in afs_xattr_get_acl() + - afs: Fix afs_launder_page to not clear PG_writeback + - RDMA/qedr: Fix memory leak in iWARP CM + - ata: sata_nv: Fix retrieving of active qcs + - [arm64] efi: increase EFI PE/COFF header padding to 64 KB + - afs: Fix to take ref on page when PG_private is set + - afs: Fix page leak on afs_write_begin() failure + - afs: Fix where page->private is set during write + - afs: Wrap page->private manipulations in inline functions + - afs: Alter dirty range encoding in page->private + - afs: Fix afs_invalidatepage to adjust the dirty region + - afs: Fix dirty-region encoding on ppc32 with 64K pages + - lockdep: Fix preemption WARN for spurious IRQ-enable + - [arm64,armhf] usb: host: ehci-tegra: Fix error handling in + tegra_ehci_probe() + - futex: Fix incorrect should_fail_futex() handling + - [powerpc*] vmemmap: Fix memory leak with vmemmap list allocation + failures. + - [powerpc*] powernv/smp: Fix spurious DBG() warning + - RDMA/core: Change how failing destroy is handled during uobj abort + - f2fs: allocate proper size memory for zstd decompress + - mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race + - [powerpc*] select ARCH_WANT_IRQS_OFF_ACTIVATE_MM + - [sparc64] remove mm_cpumask clearing to fix kthread_use_mm race + - f2fs: add trace exit in exception path + - f2fs: do sanity check on zoned block device path + - f2fs: fix uninit-value in f2fs_lookup + - f2fs: fix to check segment boundary during SIT page readahead + - [s390x] startup: avoid save_area_sync overflow + - f2fs: compress: fix to disallow enabling compress on non-empty file + - [s390x] ap/zcrypt: revisit ap and zcrypt error handling + - f2fs: handle errors of f2fs_get_meta_page_nofail + - afs: Don't assert on unpurgeable server records + - [powerpc*] 64s: handle ISA v3.1 local copy-paste context switches + - [armel,armhf] 8997/2: hw_breakpoint: Handle inexact watchpoint addresses + - NFS4: Fix oops when copy_file_range is attempted with NFS4.0 source + - xfs: Set xfs_buf type flag when growing summary/bitmap files + - xfs: Set xfs_buf's b_ops member when zeroing bitmap/summary files + - xfs: log new intent items created as part of finishing recovered intent + items + - power: supply: bq27xxx: report "not charging" on all types + - xfs: change the order in which child and parent defer ops are finished + - xfs: fix realtime bitmap/summary file truncation when growing rt volume + - io_uring: don't set COMP_LOCKED if won't put + - ath10k: fix retry packets update in station dump + - [x86] kaslr: Initialize mem_limit to the real maximum address + - drm/ast: Separate DRM driver from PCI code + - drm/amdgpu: restore ras flags when user resets eeprom(v2) + - ath10k: start recovery process when payload length exceeds max htc + length for sdio + - ath10k: fix VHT NSS calculation when STBC is enabled + - drm/scheduler: Scheduler priority fixes (v2) + - [x86] ASoC: SOF: fix a runtime pm issue in SOF when HDMI codec doesn't + work + - drm/bridge_connector: Set default status connected for eDP connectors + - media: videodev2.h: RGB BT2020 and HSV are always full range + - [x86] usb: typec: tcpm: During PR_SWAP, source caps should be sent only + after tSwapSourceStart + - mmc: via-sdmmc: Fix data race bug + - brcmfmac: increase F2 watermark for BCM4329 + - [arm64] topology: Stop using MPIDR for topology information + - printk: reduce LOG_BUF_SHIFT range for H8300 + - [ia64] kprobes: Use generic kretprobe trampoline handler + - bpf: Permit map_ptr arithmetic with opcode add and offset 0 + - [arm64,armhf] drm: lima: fix common struct sg_table related issues + - [arm64,armhf] drm: panfrost: fix common struct sg_table related issues + - media: uvcvideo: Fix dereference of out-of-bound list iterator + - selinux: access policycaps with READ_ONCE/WRITE_ONCE + - samples/bpf: Fix possible deadlock in xdpsock + - [riscv64] Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO + - cpufreq: sti-cpufreq: add stih418 support + - USB: adutux: fix debugging + - mac80211: add missing queue/hash initialization to 802.3 xmit + - usb: xhci: omit duplicate actions when suspending a runtime suspended + host. + - SUNRPC: Mitigate cond_resched() in xprt_transmit() + - [arm64] mm: return cpu_all_mask when node is NUMA_NO_NODE + - [armhf] can: flexcan: disable clocks during stop mode + - xfs: don't free rt blocks when we're doing a REMAP bunmapi call + - xfs: avoid LR buffer overrun due to crafted h_len + - ACPI: Add out of bounds and numa_off protections to pxm_to_node() + - brcmfmac: Fix warning message after dongle setup failed + - ath11k: Use GFP_ATOMIC instead of GFP_KERNEL in + ath11k_dp_htt_get_ppdu_desc + - ath11k: fix warning caused by lockdep_assert_held + - ath11k: change to disable softirqs for ath11k_regd_update to solve + deadlock + - drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values + - [arm64,armhf] usb: dwc3: core: do not queue work if dr_mode is not + USB_DR_MODE_OTG + - [arm64] bus/fsl_mc: Do not rely on caller to provide non NULL mc_io + - ACPI: HMAT: Fix handling of changes from ACPI 6.2 to ACPI 6.3 + - block: Consider only dispatched requests for inflight statistic + - btrfs: fix replace of seed device + - md/bitmap: md_bitmap_get_counter returns wrong blocks + - f2fs: fix to set SBI_NEED_FSCK flag for inconsistent inode + - bnxt_en: Log unknown link speed appropriately. + - [arm64] rpmsg: glink: Use complete_all for open states + - PCI/ACPI: Add Ampere Altra SOC MCFG quirk + - [armhf] clk: ti: clockdomain: fix static checker warning + - nfsd: rename delegation related tracepoints to make them less confusing + - nfsd4: remove check_conflicting_opens warning + - net: 9p: initialize sun_server.sun_path to have addr's value only when + addr is valid + - ceph: encode inodes' parent/d_name in cap reconnect message + - jbd2: avoid transaction reuse after reformatting + - ext4: Detect already used quota file early + - [ppc64el] KVM: PPC: Book3S HV: Do not allocate HPT for a nested guest + - scsi: core: Clean up allocation and freeing of sgtables + - gfs2: call truncate_inode_pages_final for address space glocks + - gfs2: Fix NULL pointer dereference in gfs2_rgrp_dump + - gfs2: use-after-free in sysfs deregistration + - gfs2: add validation checks for size of superblock + - Handle STATUS_IO_TIMEOUT gracefully + - cifs: handle -EINTR in cifs_setattr + - [armhf] memory: emif: Remove bogus debugfs error handling + - nbd: make the config put is called before the notifying the waiter + - sgl_alloc_order: fix memory leak + - nvme-rdma: fix crash when connect rejected + - vmlinux.lds.h: Add PGO and AutoFDO input sections + - [mips64el,mipsel] irqchip/loongson-htvec: Fix initial interrupt clearing + - md: fix the checking of wrong work queue + - md/raid5: fix oops during stripe resizing + - mmc: sdhci: Add LTR support for some Intel BYT based controllers + - mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN + - mm: memcg/slab: uncharge during kmem_cache_free_bulk() + - seccomp: Make duplicate listener detection non-racy + - [x86] perf/x86/intel: Fix Ice Lake event constraint table + - [x86] perf/x86/amd: Fix sampling Large Increment per Cycle events + - [x86] perf/amd/uncore: Set all slices and threads to restore perf stat + -a behaviour + - [x86] perf/x86/amd/ibs: Don't include randomized bits in + get_ibs_op_count() + - [x86] perf/x86/amd/ibs: Fix raw sample data accumulation + - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect + - fs: Don't invalidate page buffers in block_write_full_page() + - ACPI: configfs: Add missing config_item_put() to fix refcount leak + - NFS: fix nfs_path in case of a rename retry + - ACPI: button: fix handling lid state changes when input device closed + - ACPI: video: use ACPI backlight for HP 635 Notebook + - ACPI: debug: don't allow debugging when ACPI is disabled + - PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI + - ACPI: EC: PM: Flush EC work unconditionally after wakeup + - ACPI: EC: PM: Drop ec_no_wakeup check from acpi_ec_dispatch_gpe() + - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs + - io-wq: assign NUMA node locality if appropriate + - w1: mxc_w1: Fix timeout resolution problem leading to bus error + - fs/kernel_read_file: Remove FIRMWARE_PREALLOC_BUFFER enum + - scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() + - scsi: qla2xxx: Fix MPI reset needed message + - scsi: qla2xxx: Fix reset of MPI firmware + - scsi: qla2xxx: Fix crash on session cleanup with unload + - PM: runtime: Remove link state checks in rpm_get/put_supplier() + - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode + - btrfs: improve device scanning messages + - btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations + - btrfs: sysfs: init devices outside of the chunk_mutex + - btrfs: tracepoints: output proper root owner for + trace_find_free_extent() + - btrfs: reschedule if necessary when logging directory items + - btrfs: send, orphanize first all conflicting inodes when processing + references + - btrfs: send, recompute reference path after orphanization of a directory + - btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send() + - btrfs: tree-checker: fix false alert caused by legacy btrfs root item + - btrfs: reschedule when cloning lots of extents + - btrfs: cleanup cow block on error + - btrfs: skip devices without magic signature when mounting + - btrfs: tree-checker: validate number of chunk stripes and parity + - btrfs: fix use-after-free on readahead extent after failure to create it + - btrfs: fix readahead hang and use-after-free after removing a device + - btrfs: drop the path before adding block group sysfs files + - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC + - [arm64] usb: dwc3: pci: Allow Elkhart Lake to utilize DSM method for PM + functionality + - [arm64,armhf] usb: dwc3: ep0: Fix ZLP for OUT ep0 requests + - [arm64,armhf] usb: dwc3: gadget: Check MPS of the request length + - [arm64,armhf] usb: dwc3: gadget: Reclaim extra TRBs after request + completion + - [arm64,armhf] usb: dwc3: core: add phy cleanup for probe error handling + - [arm64,armhf] usb: dwc3: core: don't trigger runtime pm when remove + driver + - [arm64,armhf] usb: dwc3: gadget: Resume pending requests after + CLEAR_STALL + - [arm64,armhf] usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command + - usb: cdc-acm: fix cooldown mechanism + - [x86] usb: typec: tcpm: reset hard_reset_count for any disconnect + - usbcore: Check both id_table and match() when both available + - USB: apple-mfi-fastcharge: don't probe unhandled devices + - [x86] drm/i915: Force VT'd workarounds when running as a guest OS + - vt: keyboard, simplify vt_kdgkbsent + - vt: keyboard, extend func_buf_lock to readers (CVE-2020-25656) + - vt_ioctl: fix GIO_UNIMAP regression + - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery + - [x86] mce: Allow for copy_mc_fragile symbol checksum to be generated + - [arm64] tty: serial: fsl_lpuart: LS1021A has a FIFO size of 16 words, + like LS1028A + - tracing: Fix race in trace_open and buffer resize call + - [powerpc*] Fix random segfault when freeing hugetlb range + - udf: Fix memory leak when mounting + - rcu-tasks: Fix grace-period/unlock race in RCU Tasks Trace + - rcu-tasks: Fix low-probability task_struct leak + - rcu-tasks: Enclose task-list scan in rcu_read_lock() + - [s390x] stp: add locking to sysfs functions + - [powerpc*] rtas: Restrict RTAS requests from userspace + - [powerpc*] Warn about use of smt_snooze_delay + - [powerpc*] memhotplug: Make lmb size 64bit + - [powerpc*] powernv/elog: Fix race while processing OPAL error log event. + - [powerpc*] powermac: Fix low_sleep_handler with KUAP and KUEP + - [powerpc*] mce: Avoid nmi_enter/exit in real mode on pseries hash + - [powerpc*] Fix undetected data corruption with P9N DD2.1 VSX CI load + emulation + - [powerpc*] 32: Fix vmap stack - Do not activate MMU before reading task + struct + - [powerpc*] 32: Fix vmap stack - Properly set r1 before activating MMU + - block: advance iov_iter on bio_add_hw_page failure + - io_uring: use type appropriate io_kiocb handler for double poll + - [armhf] remoteproc: Fixup coredump debugfs disable request + - gfs2: Make sure we don't miss any delayed withdraws + - gfs2: Only access gl_delete for iopen glocks + - NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE + - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag + - NFSD: Add missing NFSv2 .pc_func methods + - ubifs: dent: Fix some potential memory leaks while iterating entries + - ubifs: xattr: Fix some potential memory leaks while iterating entries + - ubifs: journal: Make sure to not dirty twice for auth nodes + - ubifs: Fix a memleak after dumping authentication mount options + - ubifs: Don't parse authentication mount options in remount process + - ubifs: mount_ubifs: Release authentication resource in error handling + path + - perf vendor events amd: Add L2 Prefetch events for zen1 + - perf python scripting: Fix printable strings in python3 scripts + - ubi: check kthread_should_stop() after the setting of task state + - [arm64,armhf] i2c: imx: Fix external abort on interrupt in exit paths + - drm/amdgpu: don't map BO in reserved region + - drm/amdgpu: vcn and jpeg ring synchronization + - drm/amdgpu: update golden setting for sienna_cichlid + - drm/amdgpu: correct the gpu reset handling for job != NULL case + - drm/amdgpu: add function to program pbb mode for sienna cichlid + - drm/amdgpu: increase the reserved VM size to 2MB + - ceph: promote to unsigned long long before shifting + - libceph: clear con->out_msg on Policy::stateful_server faults + - 9P: Cast to loff_t before multiplying + - net/sunrpc: Fix return value for sysctl sunrpc.transports + - [arm64] PCI: qcom: Make sure PCIe is reset before init for rev 2.1.0 + - ring-buffer: Return 0 on success from ring_buffer_resize() + - [x86] intel_idle: Ignore _CST if control cannot be taken from the + platform + - [x86] intel_idle: Fix max_cstate for processor models without C-state + tables + - cpufreq: Avoid configuring old governors as default with intel_pstate + - cpufreq: Introduce CPUFREQ_NEED_UPDATE_LIMITS driver flag + - cpufreq: intel_pstate: Avoid missing HWP max updates in passive mode + - [amd64] vringh: fix __vringh_iov() when riov and wiov are different + - ext4: fix leaking sysfs kobject after failed mount + - ext4: fix error handling code in add_new_gdb + - ext4: implement swap_activate aops using iomap + - ext4: fix invalid inode checksum + - ext4: clear buffer verified flag if read meta block from disk + - ext4: fix bdev write error check failed when mount fs with ro + - ext4: fix bs < ps issue reported with dioread_nolock mount opt + - ext4: do not use extent after put_bh + - drm/ttm: fix eviction valuable range check. + - [arm64] mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 + - [arm64] mmc: sdhci-of-esdhc: set timeout to max before tuning + - mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true + - [arm64,armhf] memory: tegra: Remove GPU from DRM IOMMU group + - futex: Adjust absolute futex timeouts with per time namespace offset + - drm/amd/psp: Fix sysfs: cannot create duplicate filename + - drm/amdgpu: correct the cu and rb info for sienna cichlid + - tty: make FONTX ioctl use the tty pointer they were actually passed + (CVE-2020-25668) + - cachefiles: Handle readpage error correctly + - [hppa] hil/parisc: Disable HIL driver when it gets stuck + - [arm64] Change .weak to SYM_FUNC_START_WEAK_PI for arch/arm64/lib/mem*.S + - [arm64] dts: marvell: espressobin: Add ethernet switch aliases + - null_blk: synchronization fix for zoned device + - device property: Keep secondary firmware node secondary by type + - device property: Don't clear secondary pointer for shared primary + firmware node + - [x86] KVM: Fix NULL dereference at kvm_msr_ignored_check() + - [arm64] KVM: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR + - stop_machine, rcu: Mark functions as notrace + - [x86] staging: comedi: cb_pcidas: Allow 2-channel commands for AO + subdevice + - [mips64el,mipsel] staging: octeon: repair "fixed-link" support + - [mips64el,mipsel] staging: octeon: Drop on uncorrectable alignment or + FCS error + - cpufreq: Introduce cpufreq_driver_test_flags() + - cpufreq: schedutil: Always call driver if CPUFREQ_NEED_UPDATE_LIMITS is + set + - time: Prevent undefined behaviour in timespec64_to_ns() + - time/sched_clock: Mark sched_clock_read_begin/retry() as notrace + - null_blk: Fix zone reset all tracing + - null_blk: Fix locking in zoned mode + https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.6 + - [x86] ASOC: SOF: Intel: hda-codec: move unused label to correct position [ Sudip Mukherjee ] * Remove libtraceevent. (See: #971976) @@ -750,8 +1070,10 @@ linux (5.9.4-1) UNRELEASED; urgency=medium * Bump ABI to 2 * [x86] media/cec: Enable MEDIA_CEC_SUPPORT; Enable CEC_SECO as module (Closes: #972973) - * [x86] mce: Allow for copy_mc_fragile symbol checksum to be generated * [rt] (Temporary) disable seqcount related patches + * [rt] Drop "printk: reduce LOG_BUF_SHIFT range for H8300" + * [rt] Drop "mm: fix exec activate_mm vs TLB shootdown and lazy tlb + switching race" -- Sudip Mukherjee <sudipm.mukherjee@gmail.com> Sun, 18 Oct 2020 20:07:46 +0100 diff --git a/debian/patches-rt/0007-printk-reduce-LOG_BUF_SHIFT-range-for-H8300.patch b/debian/patches-rt/0007-printk-reduce-LOG_BUF_SHIFT-range-for-H8300.patch deleted file mode 100644 index 011a8a84be7a..000000000000 --- a/debian/patches-rt/0007-printk-reduce-LOG_BUF_SHIFT-range-for-H8300.patch +++ /dev/null @@ -1,33 +0,0 @@ -From: John Ogness <john.ogness@linutronix.de> -Date: Wed, 12 Aug 2020 09:37:22 +0206 -Subject: [PATCH 07/25] printk: reduce LOG_BUF_SHIFT range for H8300 -Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/5.9/older/patches-5.9.1-rt20.tar.xz - -The .bss section for the h8300 is relatively small. A value of -CONFIG_LOG_BUF_SHIFT that is larger than 19 will create a static -printk ringbuffer that is too large. Limit the range appropriately -for the H8300. - -Reported-by: kernel test robot <lkp@intel.com> -Signed-off-by: John Ogness <john.ogness@linutronix.de> -Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> -Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org> -Signed-off-by: Petr Mladek <pmladek@suse.com> -Link: https://lore.kernel.org/r/20200812073122.25412-1-john.ogness@linutronix.de -Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> ---- - init/Kconfig | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/init/Kconfig -+++ b/init/Kconfig -@@ -682,7 +682,8 @@ config IKHEADERS - - config LOG_BUF_SHIFT - int "Kernel log buffer size (16 => 64KB, 17 => 128KB)" -- range 12 25 -+ range 12 25 if !H8300 -+ range 12 19 if H8300 - default 17 - depends on PRINTK - help diff --git a/debian/patches-rt/mm-fix-exec-activate_mm-vs-TLB-shootdown-and-lazy-tl.patch b/debian/patches-rt/mm-fix-exec-activate_mm-vs-TLB-shootdown-and-lazy-tl.patch deleted file mode 100644 index 02f210941312..000000000000 --- a/debian/patches-rt/mm-fix-exec-activate_mm-vs-TLB-shootdown-and-lazy-tl.patch +++ /dev/null @@ -1,103 +0,0 @@ -From: Nicholas Piggin <npiggin@gmail.com> -Date: Fri, 28 Aug 2020 20:00:19 +1000 -Subject: [PATCH] mm: fix exec activate_mm vs TLB shootdown and lazy tlb - switching race -Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/5.9/older/patches-5.9.1-rt20.tar.xz - -Reading and modifying current->mm and current->active_mm and switching -mm should be done with irqs off, to prevent races seeing an intermediate -state. - -This is similar to commit 38cf307c1f20 ("mm: fix kthread_use_mm() vs TLB -invalidate"). At exec-time when the new mm is activated, the old one -should usually be single-threaded and no longer used, unless something -else is holding an mm_users reference (which may be possible). - -Absent other mm_users, there is also a race with preemption and lazy tlb -switching. Consider the kernel_execve case where the current thread is -using a lazy tlb active mm: - - call_usermodehelper() - kernel_execve() - old_mm = current->mm; - active_mm = current->active_mm; - *** preempt *** --------------------> schedule() - prev->active_mm = NULL; - mmdrop(prev active_mm); - ... - <-------------------- schedule() - current->mm = mm; - current->active_mm = mm; - if (!old_mm) - mmdrop(active_mm); - -If we switch back to the kernel thread from a different mm, there is a -double free of the old active_mm, and a missing free of the new one. - -Closing this race only requires interrupts to be disabled while ->mm -and ->active_mm are being switched, but the TLB problem requires also -holding interrupts off over activate_mm. Unfortunately not all archs -can do that yet, e.g., arm defers the switch if irqs are disabled and -expects finish_arch_post_lock_switch() to be called to complete the -flush; um takes a blocking lock in activate_mm(). - -So as a first step, disable interrupts across the mm/active_mm updates -to close the lazy tlb preempt race, and provide an arch option to -extend that to activate_mm which allows architectures doing IPI based -TLB shootdowns to close the second race. - -This is a bit ugly, but in the interest of fixing the bug and backporting -before all architectures are converted this is a compromise. - -Signed-off-by: Nicholas Piggin <npiggin@gmail.com> -Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> ---- - arch/Kconfig | 7 +++++++ - fs/exec.c | 17 +++++++++++++++-- - 2 files changed, 22 insertions(+), 2 deletions(-) - ---- a/arch/Kconfig -+++ b/arch/Kconfig -@@ -414,6 +414,13 @@ config MMU_GATHER_NO_GATHER - bool - depends on MMU_GATHER_TABLE_FREE - -+config ARCH_WANT_IRQS_OFF_ACTIVATE_MM -+ bool -+ help -+ Temporary select until all architectures can be converted to have -+ irqs disabled over activate_mm. Architectures that do IPI based TLB -+ shootdowns should enable this. -+ - config ARCH_HAVE_NMI_SAFE_CMPXCHG - bool - ---- a/fs/exec.c -+++ b/fs/exec.c -@@ -1130,11 +1130,24 @@ static int exec_mmap(struct mm_struct *m - } - - task_lock(tsk); -- active_mm = tsk->active_mm; - membarrier_exec_mmap(mm); -- tsk->mm = mm; -+ -+ local_irq_disable(); -+ active_mm = tsk->active_mm; - tsk->active_mm = mm; -+ tsk->mm = mm; -+ /* -+ * This prevents preemption while active_mm is being loaded and -+ * it and mm are being updated, which could cause problems for -+ * lazy tlb mm refcounting when these are updated by context -+ * switches. Not all architectures can handle irqs off over -+ * activate_mm yet. -+ */ -+ if (!IS_ENABLED(CONFIG_ARCH_WANT_IRQS_OFF_ACTIVATE_MM)) -+ local_irq_enable(); - activate_mm(active_mm, mm); -+ if (IS_ENABLED(CONFIG_ARCH_WANT_IRQS_OFF_ACTIVATE_MM)) -+ local_irq_enable(); - tsk->mm->vmacache_seqnum = 0; - vmacache_flush(tsk); - task_unlock(tsk); diff --git a/debian/patches-rt/series b/debian/patches-rt/series index d63192579927..2bd4c08f4fa8 100644 --- a/debian/patches-rt/series +++ b/debian/patches-rt/series @@ -13,7 +13,6 @@ 0004-printk-use-the-lockless-ringbuffer.patch 0005-MAINTAIERS-Add-John-Ogness-as-printk-reviewer.patch 0006-printk-ringbuffer-support-dataless-records.patch -0007-printk-reduce-LOG_BUF_SHIFT-range-for-H8300.patch 0008-docs-vmcoreinfo-add-lockless-printk-ringbuffer-vmcor.patch 0009-scripts-gdb-add-utils.read_ulong.patch 0010-scripts-gdb-update-for-lockless-printk-ringbuffer.patch @@ -37,11 +36,6 @@ ############################################################ # POSTED by others ############################################################ -# Part of [PATCH 0/4] more mm switching vs TLB shootdown and lazy tlb -# Date: Fri, 28 Aug 2020 20:00:18 +1000 -# https://lkml.kernel.org/r/20200828100022.1099682-2-npiggin@gmail.com -mm-fix-exec-activate_mm-vs-TLB-shootdown-and-lazy-tl.patch - # 2020-10-23 12:11 Peter Zijlstra [PATCH v4 00/19] sched: Migrate disable support # 20201023101158.088940906@infradead.org 0001-stop_machine-Add-function-and-caller-debug-info.patch diff --git a/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch b/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch index da1c7ae7ad3c..7543a26b615a 100644 --- a/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch +++ b/debian/patches/bugfix/all/firmware_class-log-every-success-and-failure.patch @@ -27,7 +27,7 @@ format to detect missing firmware. --- a/drivers/base/firmware_loader/fallback.c +++ b/drivers/base/firmware_loader/fallback.c -@@ -557,7 +557,7 @@ static int fw_load_from_user_helper(stru +@@ -560,7 +560,7 @@ static int fw_load_from_user_helper(stru if (opt_flags & FW_OPT_NOWAIT) { timeout = usermodehelper_read_lock_wait(timeout); if (!timeout) { @@ -38,9 +38,9 @@ format to detect missing firmware. } --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c -@@ -498,15 +498,12 @@ fw_get_filesystem_firmware(struct device - rc = kernel_read_file_from_path_initns(path, &buffer, - &size, msize, id); +@@ -502,15 +502,12 @@ fw_get_filesystem_firmware(struct device + &size, msize, + READING_FIRMWARE); if (rc) { - if (rc != -ENOENT) - dev_warn(device, "loading %s failed with error %d\n", @@ -58,7 +58,7 @@ format to detect missing firmware. if (decompress) { dev_dbg(device, "f/w decompressing %s\n", fw_priv->fw_name); -@@ -519,8 +516,6 @@ fw_get_filesystem_firmware(struct device +@@ -523,8 +520,6 @@ fw_get_filesystem_firmware(struct device continue; } } else { @@ -67,7 +67,7 @@ format to detect missing firmware. if (!fw_priv->data) fw_priv->data = buffer; fw_priv->size = size; -@@ -530,6 +525,10 @@ fw_get_filesystem_firmware(struct device +@@ -534,6 +529,10 @@ fw_get_filesystem_firmware(struct device } __putname(path); diff --git a/debian/patches/bugfix/x86/ACPI-extlog-Check-for-RDMSR-failure.patch b/debian/patches/bugfix/x86/ACPI-extlog-Check-for-RDMSR-failure.patch deleted file mode 100644 index 54185ded16f5..000000000000 --- a/debian/patches/bugfix/x86/ACPI-extlog-Check-for-RDMSR-failure.patch +++ /dev/null @@ -1,42 +0,0 @@ -From: Ben Hutchings <ben@decadent.org.uk> -Date: Sun, 27 Sep 2020 22:50:42 +0100 -Subject: ACPI / extlog: Check for RDMSR failure -Origin: https://git.kernel.org/linus/7cecb47f55e00282f972a1e0b09136c8cd938221 -Bug-Debian: https://bugs.debian.org/971058 - -extlog_init() uses rdmsrl() to read an MSR, which on older CPUs -provokes a error message at boot: - - unchecked MSR access error: RDMSR from 0x179 at rIP: 0xcd047307 (native_read_msr+0x7/0x40) - -Use rdmsrl_safe() instead, and return -ENODEV if it fails. - -Reported-by: jim@photojim.ca -References: https://bugs.debian.org/971058 -Cc: All applicable <stable@vger.kernel.org> -Signed-off-by: Ben Hutchings <ben@decadent.org.uk> -Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> ---- - drivers/acpi/acpi_extlog.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/drivers/acpi/acpi_extlog.c b/drivers/acpi/acpi_extlog.c -index f138e12b7b82..72f1fb77abcd 100644 ---- a/drivers/acpi/acpi_extlog.c -+++ b/drivers/acpi/acpi_extlog.c -@@ -222,9 +222,9 @@ static int __init extlog_init(void) - u64 cap; - int rc; - -- rdmsrl(MSR_IA32_MCG_CAP, cap); -- -- if (!(cap & MCG_ELOG_P) || !extlog_get_l1addr()) -+ if (rdmsrl_safe(MSR_IA32_MCG_CAP, &cap) || -+ !(cap & MCG_ELOG_P) || -+ !extlog_get_l1addr()) - return -ENODEV; - - rc = -EINVAL; --- -2.28.0 - diff --git a/debian/patches/bugfix/x86/x86-mce-Allow-for-copy_mc_fragile-symbol-checksum-to.patch b/debian/patches/bugfix/x86/x86-mce-Allow-for-copy_mc_fragile-symbol-checksum-to.patch deleted file mode 100644 index 50c35b710506..000000000000 --- a/debian/patches/bugfix/x86/x86-mce-Allow-for-copy_mc_fragile-symbol-checksum-to.patch +++ /dev/null @@ -1,38 +0,0 @@ -From: Borislav Petkov <bp@suse.de> -Date: Wed, 7 Oct 2020 18:55:35 +0200 -Subject: x86/mce: Allow for copy_mc_fragile symbol checksum to be generated -Origin: https://git.kernel.org/linus/b3149ffcdb31a8eb854cc442a389ae0b539bf28a - -Add asm/mce.h to asm/asm-prototypes.h so that that asm symbol's checksum -can be generated in order to support CONFIG_MODVERSIONS with it and fix: - - WARNING: modpost: EXPORT symbol "copy_mc_fragile" [vmlinux] version \ - generation failed, symbol will not be versioned. - -For reference see: - - 4efca4ed05cb ("kbuild: modversions for EXPORT_SYMBOL() for asm") - 334bb7738764 ("x86/kbuild: enable modversions for symbols exported from asm") - -Fixes: ec6347bb4339 ("x86, powerpc: Rename memcpy_mcsafe() to copy_mc_to_{user, kernel}()") -Signed-off-by: Borislav Petkov <bp@suse.de> -Link: https://lkml.kernel.org/r/20201007111447.GA23257@zn.tnic ---- - arch/x86/include/asm/asm-prototypes.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h -index 5a42f9206138..51e2bf27cc9b 100644 ---- a/arch/x86/include/asm/asm-prototypes.h -+++ b/arch/x86/include/asm/asm-prototypes.h -@@ -5,6 +5,7 @@ - #include <asm/string.h> - #include <asm/page.h> - #include <asm/checksum.h> -+#include <asm/mce.h> - - #include <asm-generic/asm-prototypes.h> - --- -2.20.1 - diff --git a/debian/patches/series b/debian/patches/series index 0fd0fd764913..6ce0889aeabf 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -73,8 +73,6 @@ bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch bugfix/x86/x86-32-disable-3dnow-in-generic-config.patch -bugfix/x86/ACPI-extlog-Check-for-RDMSR-failure.patch -bugfix/x86/x86-mce-Allow-for-copy_mc_fragile-symbol-checksum-to.patch # Arch features features/x86/x86-memtest-WARN-if-bad-RAM-found.patch |