tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'x86_urgent_for_v5.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fixes from Borislav Petkov:
"A couple of urgent fixes which accumulated this last week:

- Two resctrl fixes to prevent refcount leaks when manipulating the
resctrl fs (Xiaochen Shen)

- Correct prctl(PR_GET_SPECULATION_CTRL) reporting (Anand K Mistry)

- A fix to not lose already seen MCE severity which determines
whether the machine can recover (Gabriele Paoloni)"

* tag 'x86_urgent_for_v5.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/mce: Do not overwrite no_way_out if mce_end() fails
x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb
x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak
x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak

Linus Torvalds 7255a39d aae5ab85

+32 -43
+2 -2
arch/x86/kernel/cpu/bugs.c
··· 739 739 if (boot_cpu_has(X86_FEATURE_IBPB)) { 740 740 setup_force_cpu_cap(X86_FEATURE_USE_IBPB); 741 741 742 + spectre_v2_user_ibpb = mode; 742 743 switch (cmd) { 743 744 case SPECTRE_V2_USER_CMD_FORCE: 744 745 case SPECTRE_V2_USER_CMD_PRCTL_IBPB: 745 746 case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: 746 747 static_branch_enable(&switch_mm_always_ibpb); 748 + spectre_v2_user_ibpb = SPECTRE_V2_USER_STRICT; 747 749 break; 748 750 case SPECTRE_V2_USER_CMD_PRCTL: 749 751 case SPECTRE_V2_USER_CMD_AUTO: ··· 759 757 pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n", 760 758 static_key_enabled(&switch_mm_always_ibpb) ? 761 759 "always-on" : "conditional"); 762 - 763 - spectre_v2_user_ibpb = mode; 764 760 } 765 761 766 762 /*
+4 -2
arch/x86/kernel/cpu/mce/core.c
··· 1384 1384 * When there's any problem use only local no_way_out state. 1385 1385 */ 1386 1386 if (!lmce) { 1387 - if (mce_end(order) < 0) 1388 - no_way_out = worst >= MCE_PANIC_SEVERITY; 1387 + if (mce_end(order) < 0) { 1388 + if (!no_way_out) 1389 + no_way_out = worst >= MCE_PANIC_SEVERITY; 1390 + } 1389 1391 } else { 1390 1392 /* 1391 1393 * If there was a fatal machine check we should have
+26 -39
arch/x86/kernel/cpu/resctrl/rdtgroup.c
··· 507 507 return ret ?: nbytes; 508 508 } 509 509 510 + /** 511 + * rdtgroup_remove - the helper to remove resource group safely 512 + * @rdtgrp: resource group to remove 513 + * 514 + * On resource group creation via a mkdir, an extra kernfs_node reference is 515 + * taken to ensure that the rdtgroup structure remains accessible for the 516 + * rdtgroup_kn_unlock() calls where it is removed. 517 + * 518 + * Drop the extra reference here, then free the rdtgroup structure. 519 + * 520 + * Return: void 521 + */ 522 + static void rdtgroup_remove(struct rdtgroup *rdtgrp) 523 + { 524 + kernfs_put(rdtgrp->kn); 525 + kfree(rdtgrp); 526 + } 527 + 510 528 struct task_move_callback { 511 529 struct callback_head work; 512 530 struct rdtgroup *rdtgrp; ··· 547 529 (rdtgrp->flags & RDT_DELETED)) { 548 530 current->closid = 0; 549 531 current->rmid = 0; 550 - kfree(rdtgrp); 532 + rdtgroup_remove(rdtgrp); 551 533 } 552 534 553 535 if (unlikely(current->flags & PF_EXITING)) ··· 1787 1769 if (IS_ERR(kn_subdir)) 1788 1770 return PTR_ERR(kn_subdir); 1789 1771 1790 - kernfs_get(kn_subdir); 1791 1772 ret = rdtgroup_kn_set_ugid(kn_subdir); 1792 1773 if (ret) 1793 1774 return ret; ··· 1809 1792 kn_info = kernfs_create_dir(parent_kn, "info", parent_kn->mode, NULL); 1810 1793 if (IS_ERR(kn_info)) 1811 1794 return PTR_ERR(kn_info); 1812 - kernfs_get(kn_info); 1813 1795 1814 1796 ret = rdtgroup_add_files(kn_info, RF_TOP_INFO); 1815 1797 if (ret) ··· 1828 1812 if (ret) 1829 1813 goto out_destroy; 1830 1814 } 1831 - 1832 - /* 1833 - * This extra ref will be put in kernfs_remove() and guarantees 1834 - * that @rdtgrp->kn is always accessible. 1835 - */ 1836 - kernfs_get(kn_info); 1837 1815 1838 1816 ret = rdtgroup_kn_set_ugid(kn_info); 1839 1817 if (ret) ··· 1856 1846 1857 1847 if (dest_kn) 1858 1848 *dest_kn = kn; 1859 - 1860 - /* 1861 - * This extra ref will be put in kernfs_remove() and guarantees 1862 - * that @rdtgrp->kn is always accessible. 1863 - */ 1864 - kernfs_get(kn); 1865 1849 1866 1850 ret = rdtgroup_kn_set_ugid(kn); 1867 1851 if (ret) ··· 2083 2079 rdtgrp->mode == RDT_MODE_PSEUDO_LOCKED) 2084 2080 rdtgroup_pseudo_lock_remove(rdtgrp); 2085 2081 kernfs_unbreak_active_protection(kn); 2086 - kernfs_put(rdtgrp->kn); 2087 - kfree(rdtgrp); 2082 + rdtgroup_remove(rdtgrp); 2088 2083 } else { 2089 2084 kernfs_unbreak_active_protection(kn); 2090 2085 } ··· 2142 2139 &kn_mongrp); 2143 2140 if (ret < 0) 2144 2141 goto out_info; 2145 - kernfs_get(kn_mongrp); 2146 2142 2147 2143 ret = mkdir_mondata_all(rdtgroup_default.kn, 2148 2144 &rdtgroup_default, &kn_mondata); 2149 2145 if (ret < 0) 2150 2146 goto out_mongrp; 2151 - kernfs_get(kn_mondata); 2152 2147 rdtgroup_default.mon.mon_data_kn = kn_mondata; 2153 2148 } 2154 2149 ··· 2358 2357 if (atomic_read(&sentry->waitcount) != 0) 2359 2358 sentry->flags = RDT_DELETED; 2360 2359 else 2361 - kfree(sentry); 2360 + rdtgroup_remove(sentry); 2362 2361 } 2363 2362 } 2364 2363 ··· 2400 2399 if (atomic_read(&rdtgrp->waitcount) != 0) 2401 2400 rdtgrp->flags = RDT_DELETED; 2402 2401 else 2403 - kfree(rdtgrp); 2402 + rdtgroup_remove(rdtgrp); 2404 2403 } 2405 2404 /* Notify online CPUs to update per cpu storage and PQR_ASSOC MSR */ 2406 2405 update_closid_rmid(cpu_online_mask, &rdtgroup_default); ··· 2500 2499 if (IS_ERR(kn)) 2501 2500 return PTR_ERR(kn); 2502 2501 2503 - /* 2504 - * This extra ref will be put in kernfs_remove() and guarantees 2505 - * that kn is always accessible. 2506 - */ 2507 - kernfs_get(kn); 2508 2502 ret = rdtgroup_kn_set_ugid(kn); 2509 2503 if (ret) 2510 2504 goto out_destroy; ··· 2834 2838 /* 2835 2839 * kernfs_remove() will drop the reference count on "kn" which 2836 2840 * will free it. But we still need it to stick around for the 2837 - * rdtgroup_kn_unlock(kn} call below. Take one extra reference 2838 - * here, which will be dropped inside rdtgroup_kn_unlock(). 2841 + * rdtgroup_kn_unlock(kn) call. Take one extra reference here, 2842 + * which will be dropped by kernfs_put() in rdtgroup_remove(). 2839 2843 */ 2840 2844 kernfs_get(kn); 2841 2845 ··· 2876 2880 out_idfree: 2877 2881 free_rmid(rdtgrp->mon.rmid); 2878 2882 out_destroy: 2883 + kernfs_put(rdtgrp->kn); 2879 2884 kernfs_remove(rdtgrp->kn); 2880 2885 out_free_rgrp: 2881 2886 kfree(rdtgrp); ··· 2889 2892 { 2890 2893 kernfs_remove(rgrp->kn); 2891 2894 free_rmid(rgrp->mon.rmid); 2892 - kfree(rgrp); 2895 + rdtgroup_remove(rgrp); 2893 2896 } 2894 2897 2895 2898 /* ··· 3046 3049 WARN_ON(list_empty(&prdtgrp->mon.crdtgrp_list)); 3047 3050 list_del(&rdtgrp->mon.crdtgrp_list); 3048 3051 3049 - /* 3050 - * one extra hold on this, will drop when we kfree(rdtgrp) 3051 - * in rdtgroup_kn_unlock() 3052 - */ 3053 - kernfs_get(kn); 3054 3052 kernfs_remove(rdtgrp->kn); 3055 3053 3056 3054 return 0; ··· 3057 3065 rdtgrp->flags = RDT_DELETED; 3058 3066 list_del(&rdtgrp->rdtgroup_list); 3059 3067 3060 - /* 3061 - * one extra hold on this, will drop when we kfree(rdtgrp) 3062 - * in rdtgroup_kn_unlock() 3063 - */ 3064 - kernfs_get(kn); 3065 3068 kernfs_remove(rdtgrp->kn); 3066 3069 return 0; 3067 3070 }