29 Oct, 2017
1 commit
-
This fixes CVE-2017-12193.
Fix a case in the assoc_array implementation in which a new leaf is
added that needs to go into a node that happens to be full, where the
existing leaves in that node cluster together at that level to the
exclusion of new leaf.What needs to happen is that the existing leaves get moved out to a new
node, N1, at level + 1 and the existing node needs replacing with one,
N0, that has pointers to the new leaf and to N1.The code that tries to do this gets this wrong in two ways:
(1) The pointer that should've pointed from N0 to N1 is set to point
recursively to N0 instead.(2) The backpointer from N0 needs to be set correctly in the case N0 is
either the root node or reached through a shortcut.Fix this by removing this path and using the split_node path instead,
which achieves the same end, but in a more general way (thanks to Eric
Biggers for spotting the redundancy).The problem manifests itself as:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
IP: assoc_array_apply_edit+0x59/0xe5Fixes: 3cb989501c26 ("Add a generic associative array implementation.")
Reported-and-tested-by: WU Fan
Signed-off-by: David Howells
Cc: stable@vger.kernel.org [v3.13-rc1+]
Signed-off-by: Linus Torvalds
28 Oct, 2017
11 commits
-
Pull cifs fixes from Steve French:
"Various SMB3 fixes for 4.14 and stable"* tag '4.14-smb3-fixes-for-stable' of git://git.samba.org/sfrench/cifs-2.6:
SMB3: Validate negotiate request must always be signed
SMB: fix validate negotiate info uninitialised memory use
SMB: fix leak of validate negotiate info response buffer
CIFS: Fix NULL pointer deref on SMB2_tcon() failure
CIFS: do not send invalid input buffer on QUERY_INFO requests
cifs: Select all required crypto modules
CIFS: SMBD: Fix the definition for SMB2_CHANNEL_RDMA_V1_INVALIDATE
cifs: handle large EA requests more gracefully in smb2+
Fix encryption labels and lengths for SMB3.1.1 -
Pull overlayfs fixes from Miklos Szeredi:
"Fix several issues, most of them introduced in the last release"* 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
ovl: do not cleanup unsupported index entries
ovl: handle ENOENT on index lookup
ovl: fix EIO from lookup of non-indexed upper
ovl: Return -ENOMEM if an allocation fails ovl_lookup()
ovl: add NULL check in ovl_alloc_inode -
Pull fuse fix from Miklos Szeredi:
"This fixes a longstanding bug, which can be triggered by interrupting
a directory reading syscall"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
fuse: fix READDIRPLUS skipping an entry -
Pull xen fixes from Juergen Gross:
- a fix for the Xen gntdev device repairing an issue in case of partial
failure of mapping multiple pages of another domain- a fix of a regression in the Xen balloon driver introduced in 4.13
- a build fix for Xen on ARM which will trigger e.g. for Linux RT
- a maintainers update for pvops (not really Xen, but carrying through
this tree just for convenience)* tag 'for-linus-4.14c-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
maintainers: drop Chris Wright from pvops
arm/xen: don't inclide rwlock.h directly.
xen: fix booting ballooned down hvm guest
xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() -
Pull ARC fixes from Vineet Gupta:
- Fixes for HSDK platform
- module build error for !LLSC config
* tag 'arc-4.14-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
ARC: unbork module link errors with !CONFIG_ARC_HAS_LLSC
ARC: [plat-hsdk] Increase SDIO CIU frequency to 50000000Hz
ARC: [plat-hsdk] select CONFIG_RESET_HSDK from Kconfig -
Commit 6575257c60e1 ("tracing/samples: Fix creation and deletion of
simple_thread_fn creation") introduced a new warning due to using a
boolean as a counter.Just make it "int".
Fixes: 6575257c60e1 ("tracing/samples: Fix creation and deletion of simple_thread_fn creation")
Cc: Steven Rostedt
Signed-off-by: Linus Torvalds -
Pull s390 fix from Martin Schwidefsky:
"A fix for a regression in regard to machine check handling in KVM.Keeping my fingers crossed that this is the last s390 fix for v4.14"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/kvm: fix detection of guest machine checks -
Pull x86 fixes from Ingo Molnar:
"Misc fixes:- revert a /dev/mem restriction change that crashes with certain boot
parameters- an AMD erratum fix for cases where the BIOS doesn't apply it
- fix unwinder debuginfo
- improve ORC unwinder warning printouts"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
Revert "x86/mm: Limit mmap() of /dev/mem to valid physical addresses"
x86/unwind: Show function name+offset in ORC error messages
x86/entry: Fix idtentry unwind hint
x86/cpu/AMD: Apply the Erratum 688 fix when the BIOS doesn't -
Pull scheduler fix from Ingo Molnar:
"Update the documentation to discourage their use"* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched/swait: Document it clearly that the swait facilities are special and shouldn't be used -
Pull perf fix from Ingo Molnar:
"A fix for a misplaced permission check that can leave perf PT or LBR
disabled (on Intel CPUs) permanently until the next reboot"* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf/x86/intel/bts: Fix exclusive event reference leak -
Pull EFI fixes from Ingo Molnar:
"Two fixes: an ARM fix for KASLR interaction with hibernation, plus an
efi_test crash fix"* 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
efi/libstub/arm: Don't randomize runtime regions when CONFIG_HIBERNATION=y
efi/efi_test: Prevent an Oops in efi_runtime_query_capsulecaps()
27 Oct, 2017
7 commits
-
This reverts commit ce56a86e2ade45d052b3228cdfebe913a1ae7381.
There's unanticipated interaction with some boot parameters like 'mem=',
which now cause the new checks via valid_mmap_phys_addr_range() to be too
restrictive, crashing a Qemu bootup in fact, as reported by Fengguang Wu.So while the motivation of the change is still entirely valid, we
need a few more rounds of testing to get it right - it's way too late
after -rc6, so revert it for now.Reported-by: Fengguang Wu
Signed-off-by: Ingo Molnar
Acked-by: Craig Bergstrom
Cc: Andrew Morton
Cc: Andy Lutomirski
Cc: Borislav Petkov
Cc: Brian Gerst
Cc: Denys Vlasenko
Cc: H. Peter Anvin
Cc: Josh Poimboeuf
Cc: Linus Torvalds
Cc: Luis R. Rodriguez
Cc: Peter Zijlstra
Cc: Thomas Gleixner
Cc: Toshi Kani
Cc: dsafonov@virtuozzo.com
Cc: kirill.shutemov@linux.intel.com
Cc: mhocko@suse.com
Cc: oleg@redhat.com
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar -
Mails to chrisw@sous-sol.org are not deliverable since several months.
Drop him as PARAVIRT_OPS maintainer.Signed-off-by: Juergen Gross
Acked-by: Chris Wright
Signed-off-by: Juergen Gross -
Pull rdma fix from Doug Ledford:
"Fix an oops issue in the new RDMA netlink code"* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma:
RDMA/netlink: OOPs in rdma_nl_rcv_msg() from misinterpreted flag -
rwlock.h should not be included directly. Instead linux/splinlock.h
should be included. One thing it does is to break the RT build.Cc: Stefano Stabellini
Cc: xen-devel@lists.xenproject.org
Cc: linux-arm-kernel@lists.infradead.org
Signed-off-by: Sebastian Andrzej Siewior
Reviewed-by: Stefano Stabellini
Signed-off-by: Boris Ostrovsky -
This reverts commit 651e28c5537abb39076d3949fb7618536f1d242e.
This caused a regression:
"The specific problem is that dnsmasq refuses to start on openSUSE Leap
42.2. The specific cause is that and attempt to open a PF_LOCAL socket
gets EACCES. This means that networking doesn't function on a system
with a 4.14-rc2 system."Sadly, the developers involved seemed to be in denial for several weeks
about this, delaying the revert. This has not been a good release for
the security subsystem, and this area needs to change development
practices.Reported-and-bisected-by: James Bottomley
Tracked-by: Thorsten Leemhuis
Cc: John Johansen
Cc: Vlastimil Babka
Cc: Seth Arnold
Signed-off-by: Linus Torvalds -
According to MS-SMB2 3.2.55 validate_negotiate request must
always be signed. Some Windows can fail the request if you send it unsignedSee kernel bugzilla bug 197311
CC: Stable
Acked-by: Ronnie Sahlberg
Signed-off-by: Steve French -
Pull power management fix from Rafael Wysocki:
"This fixes a device power management quality of service (PM QoS)
framework implementation issue causing 'no restriction' requests for
device resume latency, including 'no restriction' set by user space,
to effectively override requests with specific device resume latency
requirements.It is late in the cycle, but the bug in question is in the 'user space
can trigger unexpected behavior' category and the fix is
stable-candidate, so here it goes"* tag 'pm-4.14-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
PM / QoS: Fix device resume latency PM QoS
26 Oct, 2017
14 commits
-
Pull block fixes from Jens Axboe:
"A few select fixes that should go into this series. Mainly for NVMe,
but also a single stable fix for nbd from Josef"* 'for-linus' of git://git.kernel.dk/linux-block:
nbd: handle interrupted sendmsg with a sndtimeo set
nvme-rdma: Fix error status return in tagset allocation failure
nvme-rdma: Fix possible double free in reconnect flow
nvmet: synchronize sqhd update
nvme-fc: retry initial controller connections 3 times
nvme-fc: fix iowait hang -
Pull spi fixes from Mark Brown:
"There are a bunch of device specific fixes (more than I'd like, I've
been lax sending these) plus one important core fix for the conversion
to use an IDR for bus number allocation which avoids issues with
collisions when some but not all of the buses in the system have a
fixed bus number specified.The Armada changes are rather large, specificially "spi: armada-3700:
Fix padding when sending not 4-byte aligned data", but it's a storage
corruption issue and there's things like indentation changes which
make it look bigger than it really is. It's been cooking in -next for
quite a while now and is part of the reason for the delay"* tag 'spi-fix-v4.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers
spi: bcm-qspi: Fix use after free in bcm_qspi_probe() in error path
spi: a3700: Return correct value on timeout detection
spi: uapi: spidev: add missing ioctl header
spi: stm32: Fix logical error in stm32_spi_prepare_mbr()
spi: armada-3700: Fix padding when sending not 4-byte aligned data
spi: armada-3700: Fix failing commands with quad-SPI -
Pull ceph fix from Ilya Dryomov:
"A small lock imbalance fix, marked for stable"* tag 'ceph-for-4.14-rc7' of git://github.com/ceph/ceph-client:
ceph: unlock dangling spinlock in try_flush_caps() -
Commit 96edd61dcf44362d3ef0bed1a5361e0ac7886a63 ("xen/balloon: don't
online new memory initially") introduced a regression when booting a
HVM domain with memory less than mem-max: instead of ballooning down
immediately the system would try to use the memory up to mem-max
resulting in Xen crashing the domain.For HVM domains the current size will be reflected in Xenstore node
memory/static-max instead of memory/target.Additionally we have to trigger the ballooning process at once.
Cc: # 4.13
Fixes: 96edd61dcf44362d3ef0bed1a5361e0ac7886a63 ("xen/balloon: don't
online new memory initially")Reported-by: Simon Gaiser
Suggested-by: Boris Ostrovsky
Signed-off-by: Juergen Gross
Reviewed-by: Boris Ostrovsky
Signed-off-by: Boris Ostrovsky -
Pull xfs fix from Darrick Wong:
"Here's (hopefully) the last bugfix for 4.14:- Rework nowait locking code to reduce locking overhead penalty"
* tag 'xfs-4.14-fixes-7' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
xfs: fix AIM7 regression -
…el/git/groeck/linux-staging
Pull hwmon fixes from Guenter Roeck:
- Fix initial temperature readings for TMP102
- Fix timeouts in DA9052 driver by increasing its sampling rate
* tag 'hwmon-for-linus-v4.14-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
hwmon: (tmp102) Fix first temperature reading
hwmon: (da9052) Increase sample rate when using TSI -
Pull sound fixes from Takashi Iwai:
"Just two HD-audio fixups for a recent Realtek codec model. It's pretty
safe to apply (and unsurprisingly boring)"* tag 'sound-4.14-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda - fix headset mic problem for Dell machines with alc236
ALSA: hda/realtek - Add support for ALC236/ALC3204 -
rdma_nl_rcv_msg() checks to see if it should use the .dump() callback
or the .doit() callback. The check is done with this check:if (flags & NLM_F_DUMP) ...
The NLM_F_DUMP flag is two bits (NLM_F_ROOT | NLM_F_MATCH).
When an RDMA_NL_LS message (response) is received, the bit used for
indicating an error is the same bit as NLM_F_ROOT.NLM_F_ROOT == (0x100) == RDMA_NL_LS_F_ERR.
ibacm sends a response with the RDMA_NL_LS_F_ERR bit set if an error
occurs in the service. The current code then misinterprets the
NLM_F_DUMP bit and trys to call the .dump() callback.If the .dump() callback for the specified request is not available
(which is true for the RDMA_NL_LS messages) the following Oops occurs:[ 4555.960256] BUG: unable to handle kernel NULL pointer dereference at
(null)
[ 4555.969046] IP: (null)
[ 4555.972664] PGD 10543f1067 P4D 10543f1067 PUD 1033f93067 PMD 0
[ 4555.979287] Oops: 0010 [#1] SMP
[ 4555.982809] Modules linked in: rpcrdma ib_isert iscsi_target_mod
target_core_mod ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_ucm ib_ucm
ib_uverbs ib_umad rdma_cm ib_cm iw_cm dm_mirror dm_region_hash dm_log dm_mod
dax sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm irqbypass
crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel crypto_simd
glue_helper cryptd hfi1 rdmavt iTCO_wdt iTCO_vendor_support ib_core mei_me
lpc_ich pcspkr mei ioatdma sg shpchp i2c_i801 mfd_core wmi ipmi_si ipmi_devintf
ipmi_msghandler acpi_power_meter acpi_pad nfsd auth_rpcgss nfs_acl lockd grace
sunrpc ip_tables ext4 mbcache jbd2 sd_mod mgag200 drm_kms_helper syscopyarea
sysfillrect sysimgblt fb_sys_fops ttm igb ahci crc32c_intel ptp libahci
pps_core drm dca libata i2c_algo_bit i2c_core
[ 4556.061190] CPU: 54 PID: 9841 Comm: ibacm Tainted: G I
4.14.0-rc2+ #6
[ 4556.069667] Hardware name: Intel Corporation S2600WT2/S2600WT2, BIOS
SE5C610.86B.01.01.0008.021120151325 02/11/2015
[ 4556.081339] task: ffff880855f42d00 task.stack: ffffc900246b4000
[ 4556.087967] RIP: 0010: (null)
[ 4556.092166] RSP: 0018:ffffc900246b7bc8 EFLAGS: 00010246
[ 4556.098018] RAX: ffffffff81dbe9e0 RBX: ffff881058bb1000 RCX:
0000000000000000
[ 4556.105997] RDX: 0000000000001100 RSI: ffff881058bb1320 RDI:
ffff881056362000
[ 4556.113984] RBP: ffffc900246b7bf8 R08: 0000000000000ec0 R09:
0000000000001100
[ 4556.121971] R10: ffff8810573a5000 R11: 0000000000000000 R12:
ffff881056362000
[ 4556.129957] R13: 0000000000000ec0 R14: ffff881058bb1320 R15:
0000000000000ec0
[ 4556.137945] FS: 00007fe0ba5a38c0(0000) GS:ffff88105f080000(0000)
knlGS:0000000000000000
[ 4556.147000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4556.153433] CR2: 0000000000000000 CR3: 0000001056f5d003 CR4:
00000000001606e0
[ 4556.161419] Call Trace:
[ 4556.164167] ? netlink_dump+0x12c/0x290
[ 4556.168468] __netlink_dump_start+0x186/0x1f0
[ 4556.173357] rdma_nl_rcv_msg+0x193/0x1b0 [ib_core]
[ 4556.178724] rdma_nl_rcv+0xdc/0x130 [ib_core]
[ 4556.183604] netlink_unicast+0x181/0x240
[ 4556.187998] netlink_sendmsg+0x2c2/0x3b0
[ 4556.192392] sock_sendmsg+0x38/0x50
[ 4556.196299] SYSC_sendto+0x102/0x190
[ 4556.200308] ? __audit_syscall_entry+0xaf/0x100
[ 4556.205387] ? syscall_trace_enter+0x1d0/0x2b0
[ 4556.210366] ? __audit_syscall_exit+0x209/0x290
[ 4556.215442] SyS_sendto+0xe/0x10
[ 4556.219060] do_syscall_64+0x67/0x1b0
[ 4556.223165] entry_SYSCALL64_slow_path+0x25/0x25
[ 4556.228328] RIP: 0033:0x7fe0b9db2a63
[ 4556.232333] RSP: 002b:00007ffc55edc260 EFLAGS: 00000293 ORIG_RAX:
000000000000002c
[ 4556.240808] RAX: ffffffffffffffda RBX: 0000000000000010 RCX:
00007fe0b9db2a63
[ 4556.248796] RDX: 0000000000000010 RSI: 00007ffc55edc280 RDI:
000000000000000d
[ 4556.256782] RBP: 00007ffc55edc670 R08: 00007ffc55edc270 R09:
000000000000000c
[ 4556.265321] R10: 0000000000000000 R11: 0000000000000293 R12:
00007ffc55edc280
[ 4556.273846] R13: 000000000260b400 R14: 000000000000000d R15:
0000000000000001
[ 4556.282368] Code: Bad RIP value.
[ 4556.286629] RIP: (null) RSP: ffffc900246b7bc8
[ 4556.293013] CR2: 0000000000000000
[ 4556.297292] ---[ end trace 8d67abcfd10ec209 ]---
[ 4556.305465] Kernel panic - not syncing: Fatal exception
[ 4556.313786] Kernel Offset: disabled
[ 4556.321563] ---[ end Kernel panic - not syncing: Fatal exception
[ 4556.328960] ------------[ cut here ]------------Special case RDMA_NL_LS response messages to call the appropriate
callback.Additionally, make sure that the .dump() callback is not NULL
before calling it.Fixes: 647c75ac59a48a54 ("RDMA/netlink: Convert LS to doit callback")
Reviewed-by: Mike Marciniszyn
Reviewed-by: Kaike Wan
Reviewed-by: Alex Estrin
Signed-off-by: Michael J. Ruhl
Reviewed-by: Shiraz Saleem
Signed-off-by: Doug Ledford -
An undersize validate negotiate info server response causes the client
to use uninitialised memory for struct validate_negotiate_info_rsp
comparisons of Dialect, SecurityMode and/or Capabilities members.Link: https://bugzilla.samba.org/show_bug.cgi?id=13092
Fixes: 7db0a6efdc3e ("SMB3: Work around mount failure when using SMB3 dialect to Macs")
Signed-off-by: David Disseldorp
Reviewed-by: Pavel Shilovsky
Signed-off-by: Steve French -
Fixes: ff1c038addc4 ("Check SMB3 dialects against downgrade attacks")
Signed-off-by: David Disseldorp
Signed-off-by: Steve French -
If SendReceive2() fails rsp is set to NULL but is dereferenced in the
error handling code.Cc: stable@vger.kernel.org
Signed-off-by: Aurelien Aptel
Reviewed-by: Pavel Shilovsky
Signed-off-by: Steve French -
query_info() doesn't use the InputBuffer field of the QUERY_INFO
request, therefore according to [MS-SMB2] it must:a) set the InputBufferOffset to 0
b) send a zero-length InputBufferDoing a) is trivial but b) is a bit more tricky.
The packet is allocated according to it's StructureSize, which takes
into account an extra 1 byte buffer which we don't need
here. StructureSize fields must have constant values no matter the
actual length of the whole packet so we can't just edit that constant.Both the NetBIOS-over-TCP message length ("rfc1002 length") L and the
iovec length L' have to be updated. Since L' is computed from L we
just update L by decrementing it by one.Signed-off-by: Aurelien Aptel
Signed-off-by: Steve French -
Some dependencies were lost when CIFS_SMB2 was merged into CIFS.
Fixes: 2a38e12053b7 ("[SMB3] Remove ifdef since SMB3 (and later) now STRONGLY preferred")
Signed-off-by: Benjamin Gilbert
Reviewed-by: Aurelien Aptel
CC: Stable
Signed-off-by: Steve French -
In case gntdev_mmap() succeeds only partially in mapping grant pages
it will leave some vital information uninitialized needed later for
cleanup. This will lead to an out of bounds array access when unmapping
the already mapped pages.So just initialize the data needed for unmapping the pages a little bit
earlier.Cc:
Reported-by: Arthur Borsboom
Signed-off-by: Juergen Gross
Reviewed-by: Boris Ostrovsky
Signed-off-by: Boris Ostrovsky
25 Oct, 2017
7 commits
-
Marios Titas running a Haskell program noticed a problem with fuse's
readdirplus: when it is interrupted by a signal, it skips one directory
entry.The reason is that fuse erronously updates ctx->pos after a failed
dir_emit().The issue originates from the patch adding readdirplus support.
Reported-by: Jakob Unterwurzacher
Tested-by: Marios Titas
Signed-off-by: Miklos Szeredi
Fixes: 0b05b18381ee ("fuse: implement NFS-like readdirplus support")
Cc: # v3.9 -
…'spi/fix/stm32' and 'spi/fix/uapi' into spi-linus
-
Commit:
e69176d68d26 ("ef/libstub/arm/arm64: Randomize the base of the UEFI rt services region")
implemented randomization of the virtual mapping that the OS chooses for
the UEFI runtime services. This was motivated by the fact that UEFI usually
does not bother to specify any permission restrictions for those regions,
making them prime real estate for exploitation now that the OS is getting
more and more careful not to leave any R+W+X mapped regions lying around.However, this randomization breaks assumptions in the resume from
hibernation code, which expects all memory regions populated by UEFI to
remain in the same place, including their virtual mapping into the OS
memory space. While this assumption may not be entirely reasonable in the
first place, breaking it deliberately does not make a lot of sense either.
So let's refrain from this randomization pass if CONFIG_HIBERNATION=y.Signed-off-by: Ard Biesheuvel
Cc: James Morse
Cc: Linus Torvalds
Cc: Matt Fleming
Cc: Peter Zijlstra
Cc: Thomas Gleixner
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20171025100448.26056-3-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar -
If "qcaps.capsule_count" is ULONG_MAX then "qcaps.capsule_count + 1"
will overflow to zero and kcalloc() will return the ZERO_SIZE_PTR. We
try to dereference it inside the loop and crash.Signed-off-by: Dan Carpenter
Signed-off-by: Matt Fleming
Signed-off-by: Ard Biesheuvel
Acked-by: Ivan Hu
Cc: Linus Torvalds
Cc: Peter Zijlstra
Cc: Thomas Gleixner
Cc: linux-efi@vger.kernel.org
Fixes: ff6301dabc3c ("efi: Add efi_test driver for exporting UEFI runtime service interfaces")
Link: http://lkml.kernel.org/r/20171025100448.26056-2-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar -
sparse warns:
fs/ceph/caps.c:2042:9: warning: context imbalance in 'try_flush_caps' - wrong count at exit
We need to exit this function with the lock unlocked, but a couple of
cases leave it locked.Cc: stable@vger.kernel.org
Signed-off-by: Jeff Layton
Reviewed-by: "Yan, Zheng"
Reviewed-by: Ilya Dryomov
Signed-off-by: Ilya Dryomov -
The new detection code for guest machine checks added a check based
on %r11 to .Lcleanup_sie to distinguish between normal asynchronous
interrupts and machine checks. But the funtion is called from the
program check handler as well with an undefined value in %r11.The effect is that all program exceptions pointing to the SIE instruction
will set the CIF_MCCK_GUEST bit. The bit stays set for the CPU until the
next machine check comes in which will incorrectly be interpreted as a
guest machine check.The simplest fix is to stop using .Lcleanup_sie in the program check
handler and duplicate a few instructions.Fixes: c929500d7a5a ("s390/nmi: s390: New low level handling for machine check happening in guest")
Cc: # v4.13+
Reviewed-by: Christian Borntraeger
Signed-off-by: Martin Schwidefsky -
Pull NFS client bugfixes from Trond Myklebust:
- Fix a list corruption in xprt_release()
- Fix a workqueue lockdep warning due to unsafe use of
cancel_work_sync()* tag 'nfs-for-4.14-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
SUNRPC: Destroy transport from the system workqueue
SUNRPC: fix a list corruption issue in xprt_release()
