ia2...@gmail.com>
Signed-off-by: Michael S. Tsirkin
Reviewed-by: Stefano Garzarella
[Ajay: This is a security fix as per CVE-2024-0340]
Signed-off-by: Ajay Kaher
---
drivers/vhost/vhost.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/v
> On 23-Nov-2023, at 4:55 PM, Heiko Carstens wrote:
>
> !! External Email
>
> On Fri, Nov 17, 2023 at 03:38:29PM +0100, Heiko Carstens wrote:
>> On Fri, Nov 17, 2023 at 03:23:35PM +0100, Heiko Carstens wrote:
>>> I think this patch causes from time to time crashes when running ftrace
>>>
> @@ -3378,7 +3054,6 @@ static const struct consw fb_con = {
> .con_font_default = fbcon_set_def_font,
> .con_font_copy = fbcon_copy_font,
> .con_set_palette= fbcon_set_palette,
> - .con_scrolldelta= fbcon_scrolldelta,
> .con_set_origin
().
Reviewed-by: Peter Xu
Signed-off-by: Alex Williamson
[Ajay: Regenerated the patch for v4.14]
Signed-off-by: Ajay Kaher
---
drivers/vfio/vfio_iommu_type1.c | 36 +---
1 file changed, 33 insertions(+), 3 deletions(-)
diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers
CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some
devices may lead to DoS scenario
The VFIO modules allow users (guest VMs) to enable or disable access to the
devices' MMIO memory address spaces. If a user attempts to access (read/write)
the devices' MMIO address space when
later use to invalidate those mappings. The open callback
invalidates the vma range so that all tracking is inserted in the
fault handler and removed in the close handler.
Reviewed-by: Peter Xu
Signed-off-by: Alex Williamson
[Ajay: Regenerated the patch for v4.14]
Signed-off-by: Ajay Kaher
occur.
Fixes: CVE-2020-12888
Reviewed-by: Peter Xu
Signed-off-by: Alex Williamson
[Ajay: Regenerated the patch for v4.14]
Signed-off-by: Ajay Kaher
---
drivers/vfio/pci/vfio_pci.c | 294 +++-
drivers/vfio/pci/vfio_pci_config.c | 36 -
drivers/vfio
later use to invalidate those mappings. The open callback
invalidates the vma range so that all tracking is inserted in the
fault handler and removed in the close handler.
Reviewed-by: Peter Xu
Signed-off-by: Alex Williamson
[Ajay: Regenerated the patch for v4.9]
Signed-off-by: Ajay Kaher
occur.
Fixes: CVE-2020-12888
Reviewed-by: Peter Xu
Signed-off-by: Alex Williamson
[Ajay: Regenerated the patch for v4.9]
Signed-off-by: Ajay Kaher
---
drivers/vfio/pci/vfio_pci.c | 294 +++-
drivers/vfio/pci/vfio_pci_config.c | 36 -
drivers/vfio
().
Reviewed-by: Peter Xu
Signed-off-by: Alex Williamson
[Ajay: Regenerated the patch for v4.9]
Signed-off-by: Ajay Kaher
---
drivers/vfio/vfio_iommu_type1.c | 36 +---
1 file changed, 33 insertions(+), 3 deletions(-)
diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers
CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some
devices may lead to DoS scenario
The VFIO modules allow users (guest VMs) to enable or disable access to the
devices' MMIO memory address spaces. If a user attempts to access (read/write)
the devices' MMIO address space when
occur.
Fixes: CVE-2020-12888
Reviewed-by: Peter Xu
Signed-off-by: Alex Williamson
[Ajay: Regenerated the patch for v4.14]
Signed-off-by: Ajay Kaher
---
drivers/vfio/pci/vfio_pci.c | 294 +++-
drivers/vfio/pci/vfio_pci_config.c | 36 -
drivers/vfio
().
Reviewed-by: Peter Xu
Signed-off-by: Alex Williamson
[Ajay: Regenerated the patch for v4.14]
Signed-off-by: Ajay Kaher
---
drivers/vfio/vfio_iommu_type1.c | 36 +---
1 file changed, 33 insertions(+), 3 deletions(-)
diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers
CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some
devices may lead to DoS scenario
The VFIO modules allow users (guest VMs) to enable or disable access to the
devices' MMIO memory address spaces. If a user attempts to access (read/write)
the devices' MMIO address space when
later use to invalidate those mappings. The open callback
invalidates the vma range so that all tracking is inserted in the
fault handler and removed in the close handler.
Reviewed-by: Peter Xu
Signed-off-by: Alex Williamson
[Ajay: Regenerated the patch for v4.14]
Signed-off-by: Ajay Kaher
occur.
Fixes: CVE-2020-12888
Reviewed-by: Peter Xu
Signed-off-by: Alex Williamson
[Ajay: Regenerated the patch for v4.19]
Signed-off-by: Ajay Kaher
---
drivers/vfio/pci/vfio_pci.c | 291
drivers/vfio/pci/vfio_pci_config.c | 36 -
drivers/vfio
().
Reviewed-by: Peter Xu
Signed-off-by: Alex Williamson
[Ajay: Regenerated the patch for v4.19]
Signed-off-by: Ajay Kaher
---
drivers/vfio/vfio_iommu_type1.c | 36 +---
1 file changed, 33 insertions(+), 3 deletions(-)
diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers
CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some
devices may lead to DoS scenario
The VFIO modules allow users (guest VMs) to enable or disable access to the
devices' MMIO memory address spaces. If a user attempts to access (read/write)
the devices' MMIO address space when
later use to invalidate those mappings. The open callback
invalidates the vma range so that all tracking is inserted in the
fault handler and removed in the close handler.
Reviewed-by: Peter Xu
Signed-off-by: Alex Williamson
[Ajay: Regenerated the patch for v4.19]
Signed-off-by: Ajay Kaher
those mappings. The open callback
invalidates the vma range so that all tracking is inserted in the
fault handler and removed in the close handler.
Reviewed-by: Peter Xu
Signed-off-by: Alex Williamson
Signed-off-by: Ajay Kaher
---
drivers/vfio/pci/vfio_pci.c | 76
-12888
Reviewed-by: Peter Xu
Signed-off-by: Alex Williamson
Signed-off-by: Ajay Kaher
---
drivers/vfio/pci/vfio_pci.c | 291
drivers/vfio/pci/vfio_pci_config.c | 36 -
drivers/vfio/pci/vfio_pci_intrs.c | 14 ++
drivers/vfio/pci
CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some
devices may lead to DoS scenario
The VFIO modules allow users (guest VMs) to enable or disable access to the
devices' MMIO memory address spaces. If a user attempts to access (read/write)
the devices' MMIO address space when
-off-by: Alex Williamson
Signed-off-by: Ajay Kaher
---
drivers/vfio/vfio_iommu_type1.c | 36 +---
1 file changed, 33 insertions(+), 3 deletions(-)
diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 6cc47af..d679996 100644
Thanks Fan, this scenario works to reproduce on v4.9.
And following fix works for v4.9:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit/?h=linux-4.9.y=44cb51d5b4a736446b728bbde8407844d71843ef
-Ajay
Hi Fan,
Able to reproduce this issue on v4.19.y using your test program.
And as per commit message it fixes commit 5c7fb56e5e3f
("mm, dax: dax-pmd vs thp-pmd vs hugetlbfs-pm”) at kernel version v4.5.
So, v4.9.y should be vulnerable, however not able to reproduce on v4.9.y.
Does any specific
ow_hugetlb_page()
>> from 2be7cfed995e, to resolve compilation error
>> Srivatsa: Replaced call to get_page_foll() with try_get_page_foll() ]
>> Signed-off-by: Srivatsa S. Bhat (VMware)
>> Signed-off-by: Ajay Kaher
>> ---
>> mm/gup.c | 43
Cc: David S. Miller
Cc: Greg Kroah-Hartman
Signed-off-by: Ajay Kaher
---
net/ipv6/sit.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 47ca2a2..16eba7b 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -1856,7 +1856,6 @@ static int __net_init
09cbfeaf1a5a6 "mm, fs: get rid of PAGE_CACHE_* and
page_cache_{get,release} macros" for context. ]
Signed-off-by: Ajay Kaher
Reviewed-by: Srivatsa S. Bhat (VMware)
---
fs/fuse/dev.c | 12 ++--
fs/pipe.c | 4 ++--
fs/splice.c
Signed-off-by: Srivatsa S. Bhat (VMware)
Signed-off-by: Ajay Kaher
---
include/linux/mm.h | 6 +-
mm/internal.h | 5 +++--
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index ed653ba..701088e 100644
--- a/include/linux/mm.h
+++ b/include/
From: Miklos Szeredi
commit 7bf2d1df80822ec056363627e2014990f068f7aa upstream.
Signed-off-by: Miklos Szeredi
Signed-off-by: Al Viro
Signed-off-by: Ajay Kaher
Reviewed-by: Srivatsa S. Bhat (VMware)
---
fs/fuse/dev.c | 2 +-
fs/splice.c | 4 ++--
include/linux
Cc: Naoya Horiguchi
Cc: Mark Rutland
Cc: Hillf Danton
Cc: Mike Kravetz
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Ajay Kaher
Reviewed-by: Srivatsa S. Bhat (VMware)
---
mm/gup.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/
_get_page() to match the get_page()
implementation in 4.4.y, except for the refcount check.
- Added try_get_page_foll() which will be needed
in a subsequent patch. ]
Signed-off-by: Srivatsa S. Bhat (VMware)
Signed-off-by: Ajay Kaher
---
include/linux/mm.h | 12
mm/
local variable 'err' with-in follow_hugetlb_page()
from 2be7cfed995e, to resolve compilation error
Srivatsa: Replaced call to get_page_foll() with try_get_page_foll() ]
Signed-off-by: Srivatsa S. Bhat (VMware)
Signed-off-by: Ajay Kaher
---
mm/gup.c | 43
: Hillf Danton
Cc: Michal Hocko
Cc: Mike Kravetz
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Srivatsa S. Bhat (VMware)
Signed-off-by: Ajay Kaher
---
mm/gup.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/mm/gup.c b/mm/gup.c
index 45c544b..6e7cfaa 100644
Michal Hocko
Cc: Christoph Lameter
Cc: David Rientjes
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Ajay Kaher
---
mm/gup.c | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/mm/gup.c b/mm/gup.c
index 2cd3b31..45c544b 100644
--- a/mm/gup.c
+
These patches include few backported fixes for the 4.4 stable
tree.
I would appreciate if you could kindly consider including them in the
next release.
Ajay
---
[Changes from v1]: No changes, only answering Greg's below queries:
>> Why are these needed? From what I remember, the last patch
son for pointing this.
Signed-off-by: Ajay Kaher
Reviewed-by: Jason Gunthorpe
---
drivers/infiniband/hw/mlx4/main.c | 4 +++-
drivers/infiniband/hw/mlx5/main.c | 3 +++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/mlx4/main.c
b/drivers/infiniband/hw/m
coredump: fix race condition between mmget_not_zero()/get_task_mm()
and core dumping
[PATCH v5 1/3]:
Backporting of commit 04f5866e41fb70690e28397487d8bd8eea7d712a upstream.
[PATCH v5 2/3]:
Extension of commit 04f5866e41fb to fix the race condition between
get_task_mm() and core dumping for
-by: Mike Rapoport
Reviewed-by: Oleg Nesterov
Reviewed-by: Jann Horn
Acked-by: Jason Gunthorpe
Acked-by: Michal Hocko
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman
[aka...@vmware.com: stable 4.9 backport
- handle binder_update_page_range -
man
[Ajay: Just adjusted to apply on v4.9]
Signed-off-by: Ajay Kaher
---
include/linux/mm.h | 4
mm/khugepaged.c| 3 +++
2 files changed, 7 insertions(+)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index c239984..8852158 100644
--- a/include/linux/mm.h
+++ b/include/linux/
From: Miklos Szeredi
commit 7bf2d1df80822ec056363627e2014990f068f7aa upstream.
Signed-off-by: Miklos Szeredi
Signed-off-by: Al Viro
Signed-off-by: Ajay Kaher
Reviewed-by: Srivatsa S. Bhat (VMware)
---
fs/fuse/dev.c | 2 +-
fs/splice.c | 4 ++--
include/linux
09cbfeaf1a5a6 "mm, fs: get rid of PAGE_CACHE_* and
page_cache_{get,release} macros" for context. ]
Signed-off-by: Ajay Kaher
Reviewed-by: Srivatsa S. Bhat (VMware)
---
fs/fuse/dev.c | 12 ++--
fs/pipe.c | 4 ++--
fs/splice.c
local variable 'err' with-in follow_hugetlb_page()
from 2be7cfed995e, to resolve compilation error
Srivatsa: Replaced call to get_page_foll() with try_get_page_foll() ]
Signed-off-by: Srivatsa S. Bhat (VMware)
Signed-off-by: Ajay Kaher
---
mm/gup.c | 43
: Hillf Danton
Cc: Michal Hocko
Cc: Mike Kravetz
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Srivatsa S. Bhat (VMware)
Signed-off-by: Ajay Kaher
---
mm/gup.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/mm/gup.c b/mm/gup.c
index 45c544b..6e7cfaa 100644
Michal Hocko
Cc: Christoph Lameter
Cc: David Rientjes
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Ajay Kaher
---
mm/gup.c | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/mm/gup.c b/mm/gup.c
index 2cd3b31..45c544b 100644
--- a/mm/gup.c
+
Cc: Naoya Horiguchi
Cc: Mark Rutland
Cc: Hillf Danton
Cc: Mike Kravetz
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Ajay Kaher
Reviewed-by: Srivatsa S. Bhat (VMware)
---
mm/gup.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/
_get_page() to match the get_page()
implementation in 4.4.y, except for the refcount check.
- Added try_get_page_foll() which will be needed
in a subsequent patch. ]
Signed-off-by: Srivatsa S. Bhat (VMware)
Signed-off-by: Ajay Kaher
---
include/linux/mm.h | 12
mm/
These patches include few backported fixes for the 4.4 stable
tree.
I would appreciate if you could kindly consider including them in the
next release.
Ajay
---
[PATCH 1/8]:
Backporting of upstream commit f958d7b528b1:
mm: make page ref count overflow check tighter and more explicit
[PATCH
Signed-off-by: Srivatsa S. Bhat (VMware)
Signed-off-by: Ajay Kaher
---
include/linux/mm.h | 6 +-
mm/internal.h | 5 +++--
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index ed653ba..701088e 100644
--- a/include/linux/mm.h
+++ b/include/
Greg, I hope you would like to include these patches in next release.
In case any review comment please let me know.
- Ajay
On 01/07/19, 4:03 PM, "Ajay Kaher" wrote:
> coredump: fix race condition between mmget_not_zero()/get_task_mm()
> and core dumping
> [PATCH v5
coredump: fix race condition between mmget_not_zero()/get_task_mm()
and core dumping
[PATCH v5 1/3]:
Backporting of commit 04f5866e41fb70690e28397487d8bd8eea7d712a upstream.
[PATCH v5 2/3]:
Extension of commit 04f5866e41fb to fix the race condition between
get_task_mm() and core dumping for
son for pointing this.
Signed-off-by: Ajay Kaher
Reviewed-by: Jason Gunthorpe
---
drivers/infiniband/hw/mlx4/main.c | 4 +++-
drivers/infiniband/hw/mlx5/main.c | 3 +++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/mlx4/main.c
b/drivers/infiniband/hw/m
man
[Ajay: Just adjusted to apply on v4.9]
Signed-off-by: Ajay Kaher
---
include/linux/mm.h | 4
mm/khugepaged.c| 3 +++
2 files changed, 7 insertions(+)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index c239984..8852158 100644
--- a/include/linux/mm.h
+++ b/include/linux/
-by: Mike Rapoport
Reviewed-by: Oleg Nesterov
Reviewed-by: Jann Horn
Acked-by: Jason Gunthorpe
Acked-by: Michal Hocko
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman
[aka...@vmware.com: stable 4.9 backport
- handle binder_update_page_range -
On 25/06/19, 1:51 AM, "Sasha Levin" wrote:
> On Tue, Jun 25, 2019 at 02:33:06AM +0530, Ajay Kaher wrote:
> > coredump: fix race condition between mmget_not_zero()/get_task_mm()
> > and core dumping
> >
> > [PATCH v4 1/3]:
> > Backporting of comm
son for pointing this.
Signed-off-by: Ajay Kaher
---
drivers/infiniband/hw/mlx4/main.c | 4 +++-
drivers/infiniband/hw/mlx5/main.c | 3 +++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/mlx4/main.c
b/drivers/infiniband/hw/mlx4/main.c
index 8d59a59
coredump: fix race condition between mmget_not_zero()/get_task_mm()
and core dumping
[PATCH v4 1/3]:
Backporting of commit 04f5866e41fb70690e28397487d8bd8eea7d712a upstream.
[PATCH v4 2/3]:
Extension of commit 04f5866e41fb to fix the race condition between
get_task_mm() and core dumping for
man
[Ajay: Just adjusted to apply on v4.9]
Signed-off-by: Ajay Kaher
---
include/linux/mm.h | 4
mm/khugepaged.c| 3 +++
2 files changed, 7 insertions(+)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index c239984..8852158 100644
--- a/include/linux/mm.h
+++ b/include/linux/
-by: Mike Rapoport
Reviewed-by: Oleg Nesterov
Reviewed-by: Jann Horn
Acked-by: Jason Gunthorpe
Acked-by: Michal Hocko
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman
[aka...@vmware.com: stable 4.9 backport
- handle binder_update_page_range -
> On Mon, Jun 17, 2019 at 08:58:24AM +0200, Michal Hocko wrote:
> > From: Andrea Arcangeli
> >
> > Upstream 04f5866e41fb70690e28397487d8bd8eea7d712a commit.
> >
> > Signed-off-by: Michal Hocko
> > ---
> > drivers/android/binder.c | 6 ++
> > drivers/infiniband/hw/mlx4/main.c |
coredump: fix race condition between mmget_not_zero()/get_task_mm()
and core dumping
[PATCH v3 1/2]:
Backporting of commit 04f5866e41fb70690e28397487d8bd8eea7d712a upstream.
[PATCH v3 2/2]:
Extension of commit 04f5866e41fb to fix the race condition between
get_task_mm() and core dumping for
son for pointing this.
Signed-off-by: Ajay Kaher
---
drivers/infiniband/hw/mlx4/main.c | 4 +++-
drivers/infiniband/hw/mlx5/main.c | 3 +++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/mlx4/main.c
b/drivers/infiniband/hw/mlx4/main.c
index 8d59a59
-by: Mike Rapoport
Reviewed-by: Oleg Nesterov
Reviewed-by: Jann Horn
Acked-by: Jason Gunthorpe
Acked-by: Michal Hocko
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman
[aka...@vmware.com: stable 4.9 backport
- handle binder_update_page_range -
On 10/06/19, 6:22 PM, "Ajay Kaher" wrote:
> This patch is the extension of following upstream commit to fix
> the race condition between get_task_mm() and core dumping
> for IB->mlx4 and IB->mlx5 drivers:
>
> commit 04f5866e41fb ("coredump: fix rac
son for pointing this.
Signed-off-by: Ajay Kaher
---
drivers/infiniband/hw/mlx4/main.c | 4 +++-
drivers/infiniband/hw/mlx5/main.c | 3 +++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/mlx4/main.c
b/drivers/infiniband/hw/mlx4/main.c
index e2beb18
> From: Andrea Arcangeli
>
> Upstream 04f5866e41fb70690e28397487d8bd8eea7d712a commit.
>
>
> Signed-off-by: Michal Hocko
> ---
> Hi,
> this is based on the backport I have done for out 4.4 based distribution
> kernel. Please double check that I haven't missed anything before
> applying to the
> On 17/01/19, 8:37 PM, "Bjorn Helgaas" wrote:
>
> > On Fri, Jan 18, 2019 at 02:17:18AM +0530, Ajay Kaher wrote:
> > Update the Hyper-V vPCI driver to use the Server-2016 version of the vPCI
> > protocol, fixing MSI creation and retargeting issues.
> &
Helgaas
Reviewed-by: K. Y. Srinivasan
Acked-by: K. Y. Srinivasan
Signed-off-by: Ajay Kaher
---
drivers/pci/host/pci-hyperv.c | 300 ++
1 file changed, 246 insertions(+), 54 deletions(-)
diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci
. Y. Srinivasan
Signed-off-by: Ajay Kaher
---
drivers/pci/host/pci-hyperv.c | 29 +++--
1 file changed, 19 insertions(+), 10 deletions(-)
diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c
index b4d8ccf..9e44adf 100644
--- a/drivers/pci/host/pci
For now, please consider these patches for review and suggest if these can be
merged to mainline kernel v4.9.
These patches add support for vPCI protocol version 1.2, by baqkpotring from
v4.14 to v4.9. Individual patches are summarised below:
Patch 1: PCI: hv: Allocate physically contiguous
Hyper-V vPCI offers different protocol versions. Add the infra for
negotiating the one to use.
Signed-off-by: Jork Loeser
Signed-off-by: Bjorn Helgaas
Reviewed-by: K. Y. Srinivasan
Acked-by: K. Y. Srinivasan
Signed-off-by: Ajay Kaher
---
drivers/pci/host/pci-hyperv.c | 72
ng has been added in init_usb_class() and
destroy_usb_class().
As pointed by Alan, removed "if (usb_class)" test from destroy_usb_class()
because usb_class can never be NULL there.
Signed-off-by: Ajay Kaher <ajay.ka...@samsung.com>
Acked-by: Alan Stern <st...@rowland.harvard.e
ng has been added in init_usb_class() and
destroy_usb_class().
As pointed by Alan, removed "if (usb_class)" test from destroy_usb_class()
because usb_class can never be NULL there.
Signed-off-by: Ajay Kaher
Acked-by: Alan Stern
---
drivers/usb/core/file.c | 9 +++--
1 file changed, 7
register_dev->init_usb_class
>
> To solve this, mutex locking has been added in init_usb_class() and
> destroy_usb_class().
>
> As pointed by Alan, removed "if (usb_class)" test from destroy_usb_class()
> because usb_class can never be NULL there.
Signed-off-by: Ajay Ka
register_dev->init_usb_class
>
> To solve this, mutex locking has been added in init_usb_class() and
> destroy_usb_class().
>
> As pointed by Alan, removed "if (usb_class)" test from destroy_usb_class()
> because usb_class can never be NULL there.
Signed-off-by: Ajay Ka
emoved "if (usb_class)" test from destroy_usb_class()
because usb_class can never be NULL there.
Signed-off-by: Ajay Kaher <ajay.ka...@samsung.com>
Acked-by: Alan Stern <st...@rowland.harvard.edu>
---
drivers/usb/core/file.c |9 +++--
1 file changed, 7 insertions(+), 2 deletions(
emoved "if (usb_class)" test from destroy_usb_class()
because usb_class can never be NULL there.
Signed-off-by: Ajay Kaher
Acked-by: Alan Stern
---
drivers/usb/core/file.c |9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/core/file.c b/drivers/usb/core/file
From febeb10887d5026a489658fd9e911656e76038ac Mon Sep 17 00:00:00 2001
From: Ajay Kaher <ajay.ka...@samsung.com>
Date: Thu, 9 Mar 2017 16:07:54 +0530
Subject: [PATCH v4] USB:Core: BugFix: Proper handling of Race Condition when two
USB class drivers try to call init_usb_class simultan
From febeb10887d5026a489658fd9e911656e76038ac Mon Sep 17 00:00:00 2001
From: Ajay Kaher
Date: Thu, 9 Mar 2017 16:07:54 +0530
Subject: [PATCH v4] USB:Core: BugFix: Proper handling of Race Condition when two
USB class drivers try to call init_usb_class simultaneously
There is race condition when
> On Fri, 3 Mar 2017, Ajay Kaher wrote:
>
> > > usb_class->kref is not accessible outside the file.c
> > > as usb_class is _static_ inside the file.c and
> > > pointer of usb_class->kref is not passed anywhere.
> > >
> > > Hence
> On Fri, 3 Mar 2017, Ajay Kaher wrote:
>
> > > usb_class->kref is not accessible outside the file.c
> > > as usb_class is _static_ inside the file.c and
> > > pointer of usb_class->kref is not passed anywhere.
> > >
> > > Hence
> On Thr, 2 Mar 2017, Ajay Kaher wrote:
>> On Wed, 1 Mar 2017, Alan Stern wrote:
>>> On Wed, 1 Mar 2017, Ajay Kaher wrote:
>>>> On Mon, 22 Feb 2017, Ajay Kaher wrote:
>>>>
>>>>>
>>>>>> Alan, as per my understanding I
> On Thr, 2 Mar 2017, Ajay Kaher wrote:
>> On Wed, 1 Mar 2017, Alan Stern wrote:
>>> On Wed, 1 Mar 2017, Ajay Kaher wrote:
>>>> On Mon, 22 Feb 2017, Ajay Kaher wrote:
>>>>
>>>>>
>>>>>> Alan, as per my understanding I
> On Wed, 1 Mar 2017, Alan Stern wrote:
>> On Wed, 1 Mar 2017, Ajay Kaher wrote:
>>> On Mon, 22 Feb 2017, Ajay Kaher wrote:
>>>
>>>>
>>>>> Alan, as per my understanding I have shifted the lock from
>>>>> release_usb_class()
> On Wed, 1 Mar 2017, Alan Stern wrote:
>> On Wed, 1 Mar 2017, Ajay Kaher wrote:
>>> On Mon, 22 Feb 2017, Ajay Kaher wrote:
>>>
>>>>
>>>>> Alan, as per my understanding I have shifted the lock from
>>>>> release_usb_class()
> On Mon, 22 Feb 2017, Ajay Kaher wrote:
>
>> On Mon, 20 Feb 2017, Ajay Kaher wrote:
>>
>>> Alan, as per my understanding I have shifted the lock from
>>> release_usb_class() to destroy_usb_class() in patch v3.
>>> If it is not right, please expl
> On Mon, 22 Feb 2017, Ajay Kaher wrote:
>
>> On Mon, 20 Feb 2017, Ajay Kaher wrote:
>>
>>> Alan, as per my understanding I have shifted the lock from
>>> release_usb_class() to destroy_usb_class() in patch v3.
>>> If it is not right, please expl
On Tue, 21 Feb 2017, Alan Stern wrote:
> On Mon, 20 Feb 2017, Ajay Kaher wrote:
>> Alan, as per my understanding I have shifted the lock from
>> release_usb_class() to destroy_usb_class() in patch v3.
>> If it is not right, please explain in detail which race condi
On Tue, 21 Feb 2017, Alan Stern wrote:
> On Mon, 20 Feb 2017, Ajay Kaher wrote:
>> Alan, as per my understanding I have shifted the lock from
>> release_usb_class() to destroy_usb_class() in patch v3.
>> If it is not right, please explain in detail which race condi
On Thu, 16 Feb 2017, Alan Stern wrote:
> On Thu, 16 Feb 2017, Ajay Kaher wrote:
>
>> > On Thu, 14 Feb 2017, Alan Stern wrote:
>> >
>> > I think Ajay's argument is correct and a patch is needed. But this
>> > patch misses the race betw
On Thu, 16 Feb 2017, Alan Stern wrote:
> On Thu, 16 Feb 2017, Ajay Kaher wrote:
>
>> > On Thu, 14 Feb 2017, Alan Stern wrote:
>> >
>> > I think Ajay's argument is correct and a patch is needed. But this
>> > patch misses the race betw
ng init_usb_class_mutex lock
>>requires.
>> Don't you think so?
>>
>> >>>> And because of the following code path race condition happens:
>> >>>> probe->usb_register_dev->init_usb_class
>> >>>
>> >
ng init_usb_class_mutex lock
>>requires.
>> Don't you think so?
>>
>> >>>> And because of the following code path race condition happens:
>> >>>> probe->usb_register_dev->init_usb_class
>> >>>
>> >
Why is this just showing up now, and hasn't been an issue for the decade
>>> or so this code has been around? What changed?
>>>
>>>> Tested with these changes, and problem has been solved.
>>>
>>> What changes?
>>
>> Tested with my patc
Why is this just showing up now, and hasn't been an issue for the decade
>>> or so this code has been around? What changed?
>>>
>>>> Tested with these changes, and problem has been solved.
>>>
>>> What changes?
>>
>> Tested with my patc
ode has been around? What changed?
>
>> Tested with these changes, and problem has been solved.
>
>What changes?
Tested with my patch (i.e. locking with init_usb_class_mutex).
thanks,
ajay kaher
- Original Message -
Sender : gre...@linuxfoundation.org <gre.
ode has been around? What changed?
>
>> Tested with these changes, and problem has been solved.
>
>What changes?
Tested with my patch (i.e. locking with init_usb_class_mutex).
thanks,
ajay kaher
- Original Message -
Sender : gre...@linuxfoundation.org
Date
At boot time, probe function of multiple connected devices
(proprietary devices) execute simultaneously. And because
of the following code path race condition happens:
probe->usb_register_dev->init_usb_class
Tested with these changes, and problem has been solved.
thanks,
ajay
At boot time, probe function of multiple connected devices
(proprietary devices) execute simultaneously. And because
of the following code path race condition happens:
probe->usb_register_dev->init_usb_class
Tested with these changes, and problem has been solved.
thanks,
ajay
99 matches
Mail list logo
