kernel/linux.git/drivers/xen, branch v4.19.39

xen/gntdev: Do not destroy context while dma-bufs are in use

2019-04-05T20:33:06+00:00

[ Upstream commit fa13e665e02874c0a5f4d06d6967ae34a6cb3d6a ] If there are exported DMA buffers which are still in use and grant device is closed by either normal user-space close or by a signal this leads to the grant device context to be destroyed, thus making it not possible to correctly destroy those exported buffers when they are returned back to gntdev and makes the module crash: [ 339.617540] [] dmabuf_exp_ops_release+0x40/0xa8 [ 339.617560] [] dma_buf_release+0x60/0x190 [ 339.617577] [] __fput+0x88/0x1d0 [ 339.617589] [] ____fput+0xc/0x18 [ 339.617607] [] task_work_run+0x9c/0xc0 [ 339.617622] [] do_notify_resume+0xfc/0x108 Fix this by referencing gntdev on each DMA buffer export and unreferencing on buffer release. Signed-off-by: Oleksandr Andrushchenko Reviewed-by: Boris Ostrovsky@oracle.com> Signed-off-by: Juergen Gross Signed-off-by: Sasha Levin

pvcalls-front: fix potential null dereference

2019-02-27T09:08:56+00:00

[ Upstream commit b4711098066f1cf808d4dc11a1a842860a3292fe ] static checker warning: drivers/xen/pvcalls-front.c:373 alloc_active_ring() error: we previously assumed 'map->active.ring' could be null (see line 357) drivers/xen/pvcalls-front.c 351 static int alloc_active_ring(struct sock_mapping *map) 352 { 353 void *bytes; 354 355 map->active.ring = (struct pvcalls_data_intf *) 356 get_zeroed_page(GFP_KERNEL); 357 if (!map->active.ring) ^^^^^^^^^^^^^^^^^ Check 358 goto out; 359 360 map->active.ring->ring_order = PVCALLS_RING_ORDER; 361 bytes = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, 362 PVCALLS_RING_ORDER); 363 if (!bytes) 364 goto out; 365 366 map->active.data.in = bytes; 367 map->active.data.out = bytes + 368 XEN_FLEX_RING_SIZE(PVCALLS_RING_ORDER); 369 370 return 0; 371 372 out: --> 373 free_active_ring(map); ^^^ Add null check on map->active.ring before dereferencing it to avoid any NULL pointer dereferences. Fixes: 9f51c05dc41a ("pvcalls-front: Avoid get_free_pages(GFP_KERNEL) under spinlock") Reported-by: Dan Carpenter Suggested-by: Boris Ostrovsky Signed-off-by: Wen Yang Reviewed-by: Boris Ostrovsky CC: Boris Ostrovsky CC: Juergen Gross CC: Stefano Stabellini CC: Dan Carpenter CC: xen-devel@lists.xenproject.org CC: linux-kernel@vger.kernel.org Signed-off-by: Boris Ostrovsky Signed-off-by: Sasha Levin

pvcalls-front: Avoid get_free_pages(GFP_KERNEL) under spinlock

2019-02-27T09:08:54+00:00

[ Upstream commit 9f51c05dc41a6d69423e3d03d18eb7ab22f9ec19 ] The problem is that we call this with a spin lock held. The call tree is: pvcalls_front_accept() holds bedata->socket_lock. -> create_active() -> __get_free_pages() uses GFP_KERNEL The create_active() function is only called from pvcalls_front_accept() with a spin_lock held, The allocation is not allowed to sleep and GFP_KERNEL is not sufficient. This issue was detected by using the Coccinelle software. v2: Add a function doing the allocations which is called outside the lock and passing the allocated data to create_active(). v3: Use the matching deallocators i.e., free_page() and free_pages(), respectively. v4: It would be better to pre-populate map (struct sock_mapping), rather than introducing one more new struct. v5: Since allocating the data outside of this call it should also be freed outside, when create_active() fails. Move kzalloc(sizeof(*map2), GFP_ATOMIC) outside spinlock and use GFP_KERNEL instead. v6: Drop the superfluous calls. Suggested-by: Juergen Gross Suggested-by: Boris Ostrovsky Suggested-by: Stefano Stabellini Signed-off-by: Wen Yang Acked-by: Stefano Stabellini CC: Julia Lawall CC: Boris Ostrovsky CC: Juergen Gross CC: Stefano Stabellini CC: xen-devel@lists.xenproject.org CC: linux-kernel@vger.kernel.org Signed-off-by: Boris Ostrovsky Signed-off-by: Sasha Levin

xen/pvcalls: remove set but not used variable 'intf'

2019-02-27T09:08:52+00:00

[ Upstream commit 1f8ce09b36c41a026a37a24b20efa32000892a64 ] Fixes gcc '-Wunused-but-set-variable' warning: drivers/xen/pvcalls-back.c: In function 'pvcalls_sk_state_change': drivers/xen/pvcalls-back.c:286:28: warning: variable 'intf' set but not used [-Wunused-but-set-variable] It not used since e6587cdbd732 ("pvcalls-back: set -ENOTCONN in pvcalls_conn_back_read") Signed-off-by: YueHaibing Reviewed-by: Boris Ostrovsky Signed-off-by: Boris Ostrovsky Signed-off-by: Sasha Levin

pvcalls-back: set -ENOTCONN in pvcalls_conn_back_read

2019-02-27T09:08:51+00:00

[ Upstream commit e6587cdbd732eacb4c7ce592ed46f7bbcefb655f ] When a connection is closing we receive on pvcalls_sk_state_change notification. Instead of setting the connection as closed immediately (-ENOTCONN), let's read one more time from it: pvcalls_conn_back_read will set the connection as closed when necessary. That way, we avoid races between pvcalls_sk_state_change and pvcalls_back_ioworker. Signed-off-by: Stefano Stabellini Reviewed-by: Boris Ostrovsky Signed-off-by: Boris Ostrovsky Signed-off-by: Sasha Levin

pvcalls-front: properly allocate sk

2019-02-27T09:08:50+00:00

[ Upstream commit beee1fbe8f7d57d6ebaa5188f9f4db89c2077196 ] Don't use kzalloc: it ends up leaving sk->sk_prot not properly initialized. Use sk_alloc instead and define our own trivial struct proto. Signed-off-by: Stefano Stabellini Reviewed-by: Boris Ostrovsky Signed-off-by: Boris Ostrovsky Signed-off-by: Sasha Levin

pvcalls-front: don't try to free unallocated rings

2019-02-27T09:08:50+00:00

[ Upstream commit 96283f9a084e23d7cda2d3c5d1ffa6df6cf1ecec ] inflight_req_id is 0 when initialized. If inflight_req_id is 0, there is no accept_map to free. Fix the check in pvcalls_front_release. Signed-off-by: Stefano Stabellini Reviewed-by: Boris Ostrovsky Signed-off-by: Boris Ostrovsky Signed-off-by: Sasha Levin

pvcalls-front: read all data before closing the connection

2019-02-27T09:08:50+00:00

[ Upstream commit b79470b64fa9266948d1ce8d825ced94c4f63293 ] When a connection is closing in_error is set to ENOTCONN. There could still be outstanding data on the ring left by the backend. Before closing the connection on the frontend side, drain the ring. Signed-off-by: Stefano Stabellini Reviewed-by: Boris Ostrovsky Signed-off-by: Boris Ostrovsky Signed-off-by: Sasha Levin

xen: Fix x86 sched_clock() interface for xen

2019-01-22T20:40:32+00:00

commit 867cefb4cb1012f42cada1c7d1f35ac8dd276071 upstream. Commit f94c8d11699759 ("sched/clock, x86/tsc: Rework the x86 'unstable' sched_clock() interface") broke Xen guest time handling across migration: [ 187.249951] Freezing user space processes ... (elapsed 0.001 seconds) done. [ 187.251137] OOM killer disabled. [ 187.251137] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done. [ 187.252299] suspending xenstore... [ 187.266987] xen:grant_table: Grant tables using version 1 layout [18446743811.706476] OOM killer enabled. [18446743811.706478] Restarting tasks ... done. [18446743811.720505] Setting capacity to 16777216 Fix that by setting xen_sched_clock_offset at resume time to ensure a monotonic clock value. [boris: replaced pr_info() with pr_info_once() in xen_callback_vector() to avoid printing with incorrect timestamp during resume (as we haven't re-adjusted the clock yet)] Fixes: f94c8d11699759 ("sched/clock, x86/tsc: Rework the x86 'unstable' sched_clock() interface") Cc: # 4.11 Reported-by: Hans van Kranenburg Signed-off-by: Juergen Gross Tested-by: Hans van Kranenburg Signed-off-by: Boris Ostrovsky Signed-off-by: Greg Kroah-Hartman

pvcalls-front: fixes incorrect error handling

2018-12-17T08:24:39+00:00

[ Upstream commit 975ef94a0284648fb0137bd5e949b18cef604e33 ] kfree() is incorrectly used to release the pages allocated by __get_free_page() and __get_free_pages(). Use the matching deallocators i.e., free_page() and free_pages(), respectively. Signed-off-by: Pan Bian Reviewed-by: Stefano Stabellini Signed-off-by: Juergen Gross Signed-off-by: Sasha Levin