- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.100 release. There are 36 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed May 16 06:47:47 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.100-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.100-rc1 Peter Zijlstra <peterz(a)infradead.org> perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] Peter Zijlstra <peterz(a)infradead.org> perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver Peter Zijlstra <peterz(a)infradead.org> perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr Peter Zijlstra <peterz(a)infradead.org> perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* Masami Hiramatsu <mhiramat(a)kernel.org> tracing/uprobe_event: Fix strncpy corner case Marek Szyprowski <m.szyprowski(a)samsung.com> thermal: exynos: Propagate error value from tmu_read() Marek Szyprowski <m.szyprowski(a)samsung.com> thermal: exynos: Reading temperature makes sense only when TMU is turned on Hans de Goede <hdegoede(a)redhat.com> Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" Gustavo A. R. Silva <gustavo(a)embeddedor.com> atm: zatm: Fix potential Spectre v1 Gustavo A. R. Silva <gustavo(a)embeddedor.com> net: atm: Fix potential Spectre v1 Florent Flament <contact(a)florentflament.com> drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log Boris Brezillon <boris.brezillon(a)bootlin.com> drm/vc4: Fix scaling of uni-planar formats Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Fix regex_match_front() to not over compare the test string Hans de Goede <hdegoede(a)redhat.com> libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs Johan Hovold <johan(a)kernel.org> rfkill: gpio: fix memory leak in probe error path Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> gpio: fix error path in lineevent_create Govert Overgaauw <govert.overgaauw(a)prodrive-technologies.com> gpio: fix aspeed_gpio unmask irq Timur Tabi <timur(a)codeaurora.org> gpioib: do not free unrequested descriptors Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: Add work around for Arm Cortex-A55 Erratum 1024718 Wei Fang <fangwei1(a)huawei.com> f2fs: fix a dead loop in f2fs_fiemap() Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry Jan Kara <jack(a)suse.cz> bdi: Fix oops in wb_workfn() Eric Dumazet <edumazet(a)google.com> tcp: fix TCP_REPAIR_QUEUE bound checking Jiri Olsa <jolsa(a)kernel.org> perf: Remove superfluous allocation error check Eric Dumazet <edumazet(a)google.com> soreuseport: initialise timewait reuseport field Eric Dumazet <edumazet(a)google.com> dccp: initialize ireq->ir_mark Eric Dumazet <edumazet(a)google.com> net: fix uninit-value in __hw_addr_add_ex() Eric Dumazet <edumazet(a)google.com> net: initialize skb->peeked when cloning Eric Dumazet <edumazet(a)google.com> net: fix rtnh_ok() Eric Dumazet <edumazet(a)google.com> netlink: fix uninit-value in netlink_sendmsg Eric Dumazet <edumazet(a)google.com> crypto: af_alg - fix possible uninit-value in alg_bind() Tom Herbert <tom(a)quantonium.net> kcm: Call strp_stop before strp_done in kcm_attach Sagi Grimberg <sagi(a)grimberg.me> IB/device: Convert ib-comp-wq to be CPU-bound Julian Anastasov <ja(a)ssi.bg> ipvs: fix rtnl_lock lockups caused by start_sync_thread ------------- Diffstat: Documentation/arm64/silicon-errata.txt | 1 + Makefile | 4 +- arch/arm64/Kconfig | 14 +++ arch/arm64/include/asm/assembler.h | 40 +++++++++ arch/arm64/include/asm/cputype.h | 5 ++ arch/arm64/mm/proc.S | 5 ++ arch/powerpc/kvm/book3s_hv_rmhandlers.S | 8 +- arch/x86/events/core.c | 8 +- arch/x86/events/intel/cstate.c | 2 + arch/x86/events/msr.c | 9 +- crypto/af_alg.c | 8 +- drivers/ata/libata-core.c | 3 + drivers/atm/zatm.c | 3 + drivers/bluetooth/btusb.c | 2 +- drivers/gpio/gpio-aspeed.c | 2 +- drivers/gpio/gpiolib.c | 7 +- drivers/gpu/drm/i915/intel_lvds.c | 3 +- drivers/gpu/drm/vc4/vc4_plane.c | 2 +- drivers/infiniband/core/device.c | 3 +- drivers/net/can/usb/kvaser_usb.c | 2 +- drivers/thermal/samsung/exynos_tmu.c | 14 ++- fs/f2fs/data.c | 2 +- fs/fs-writeback.c | 2 +- include/net/inet_timewait_sock.h | 1 + include/net/nexthop.h | 2 +- kernel/events/callchain.c | 10 +-- kernel/events/ring_buffer.c | 7 +- kernel/trace/trace_events_filter.c | 3 + kernel/trace/trace_uprobe.c | 2 + net/atm/lec.c | 9 +- net/core/dev_addr_lists.c | 4 +- net/core/skbuff.c | 1 + net/dccp/ipv4.c | 1 + net/dccp/ipv6.c | 1 + net/ipv4/inet_timewait_sock.c | 1 + net/ipv4/tcp.c | 2 +- net/kcm/kcmsock.c | 1 + net/netfilter/ipvs/ip_vs_ctl.c | 8 -- net/netfilter/ipvs/ip_vs_sync.c | 155 ++++++++++++++++---------------- net/netlink/af_netlink.c | 2 + net/rfkill/rfkill-gpio.c | 7 +- 41 files changed, 238 insertions(+), 128 deletions(-)

7 years, 1 month

4
36
0 0

[PATCH 1/2] MIPS: memset.S: EVA & fault support for small_memset

by Matt Redfearn

The MIPS kernel memset / bzero implementation includes a small_memset branch which is used when the region to be set is smaller than a long (4 bytes on 32bit, 8 bytes on 64bit). The current small_memset implementation uses a simple store byte loop to write the destination. There are 2 issues with this implementation: 1. When EVA mode is active, user and kernel address spaces may overlap. Currently the use of the sb instruction means kernel mode addressing is always used and an intended write to userspace may actually overwrite some critical kernel data. 2. If the write triggers a page fault, for example by calling __clear_user(NULL, 2), instead of gracefully handling the fault, an OOPS is triggered. Fix these issues by replacing the sb instruction with the EX() macro, which will emit EVA compatible instuctions as required. Additionally implement a fault fixup for small_memset which sets a2 to the number of bytes that could not be cleared (as defined by __clear_user). Reported-by: Chuanhua Lei <chuanhua.lei(a)intel.com> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Matt Redfearn <matt.redfearn(a)mips.com> --- arch/mips/lib/memset.S | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/mips/lib/memset.S b/arch/mips/lib/memset.S index a1456664d6c2..90bcdf1224ee 100644 --- a/arch/mips/lib/memset.S +++ b/arch/mips/lib/memset.S @@ -219,7 +219,7 @@ 1: PTR_ADDIU a0, 1 /* fill bytewise */ R10KCBARRIER(0(ra)) bne t1, a0, 1b - sb a1, -1(a0) + EX(sb, a1, -1(a0), .Lsmall_fixup\@) 2: jr ra /* done */ move a2, zero @@ -260,6 +260,11 @@ jr ra andi v1, a2, STORMASK +.Lsmall_fixup\@: + PTR_SUBU a2, t1, a0 + jr ra + PTR_ADDIU a2, 1 + .endm /* -- 2.7.4

7 years, 1 month

3
3
0 0

[PATCH] MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs

by Maciej W. Rozycki

Check the TIF_32BIT_FPREGS task setting of the tracee rather than the tracer in determining the layout of floating-point general registers in the floating-point context, correcting access to odd-numbered registers for o32 tracees where the setting disagrees between the two processes. Cc: stable(a)vger.kernel.org # 3.14+ Fixes: 597ce1723e0f ("MIPS: Support for 64-bit FP with O32 binaries") Signed-off-by: Maciej W. Rozycki <macro(a)mips.com> --- Hi, These are not the usual requests used by GDB to access the floating-point context, which is likely why it went unnoticed so long. They are only used as a fallback in the case where PTRACE_GETFPREGS and PTRACE_SETFPREGS requests are not supported, i.e. with ancient kernels. However to verify an unrelated GDB bug fix I have tweaked GDB to always use PTRACE_PEEKUSR and PTRACE_POKEUSR, and then discovered this issue in native GDB regression testing, as it showed regressions from corrupt FGR contents across numerous tests compared to the usual results. This fix removed those regressions then. Not being typically used does not mean we ought to keep the interface broken. Therefore please apply. Maciej --- arch/mips/kernel/ptrace.c | 4 ++-- arch/mips/kernel/ptrace32.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) linux-mips-ptrace-test-thread-flag.diff Index: linux/arch/mips/kernel/ptrace.c =================================================================== --- linux.orig/arch/mips/kernel/ptrace.c 2018-05-12 22:52:19.000000000 +0100 +++ linux/arch/mips/kernel/ptrace.c 2018-05-12 22:56:07.893993000 +0100 @@ -1059,7 +1059,7 @@ long arch_ptrace(struct task_struct *chi fregs = get_fpu_regs(child); #ifdef CONFIG_32BIT - if (test_thread_flag(TIF_32BIT_FPREGS)) { + if (test_tsk_thread_flag(child, TIF_32BIT_FPREGS)) { /* * The odd registers are actually the high * order bits of the values stored in the even @@ -1154,7 +1154,7 @@ long arch_ptrace(struct task_struct *chi init_fp_ctx(child); #ifdef CONFIG_32BIT - if (test_thread_flag(TIF_32BIT_FPREGS)) { + if (test_tsk_thread_flag(child, TIF_32BIT_FPREGS)) { /* * The odd registers are actually the high * order bits of the values stored in the even Index: linux-mipsswbrd038/arch/mips/kernel/ptrace32.c =================================================================== --- linux-mipsswbrd038.orig/arch/mips/kernel/ptrace32.c 2018-05-12 22:52:19.000000000 +0100 +++ linux-mipsswbrd038/arch/mips/kernel/ptrace32.c 2018-05-12 22:55:20.906637000 +0100 @@ -99,7 +99,7 @@ long compat_arch_ptrace(struct task_stru break; } fregs = get_fpu_regs(child); - if (test_thread_flag(TIF_32BIT_FPREGS)) { + if (test_tsk_thread_flag(child, TIF_32BIT_FPREGS)) { /* * The odd registers are actually the high * order bits of the values stored in the even @@ -212,7 +212,7 @@ long compat_arch_ptrace(struct task_stru sizeof(child->thread.fpu)); child->thread.fpu.fcr31 = 0; } - if (test_thread_flag(TIF_32BIT_FPREGS)) { + if (test_tsk_thread_flag(child, TIF_32BIT_FPREGS)) { /* * The odd registers are actually the high * order bits of the values stored in the even

7 years, 1 month

2
1
0 0

[PATCH 3.18 00/23] 3.18.109-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.109 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed May 16 06:46:49 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.109-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.109-rc1 Masami Hiramatsu <mhiramat(a)kernel.org> tracing/uprobe_event: Fix strncpy corner case Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Fix regex_match_front() to not over compare the test string Hans de Goede <hdegoede(a)redhat.com> libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs Johan Hovold <johan(a)kernel.org> rfkill: gpio: fix memory leak in probe error path Eric Dumazet <edumazet(a)google.com> tcp: fix TCP_REPAIR_QUEUE bound checking Jiri Olsa <jolsa(a)kernel.org> perf: Remove superfluous allocation error check Eric Dumazet <edumazet(a)google.com> soreuseport: initialise timewait reuseport field Eric Dumazet <edumazet(a)google.com> net: fix uninit-value in __hw_addr_add_ex() Eric Dumazet <edumazet(a)google.com> net: initialize skb->peeked when cloning Eric Dumazet <edumazet(a)google.com> net: fix rtnh_ok() Eric Dumazet <edumazet(a)google.com> netlink: fix uninit-value in netlink_sendmsg Bin Liu <b-liu(a)ti.com> usb: musb: host: fix potential NULL pointer dereference Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> USB: serial: visor: handle potential invalid device configuration SZ Lin (林上智) <sz.lin(a)moxa.com> NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 Leon Romanovsky <leonro(a)mellanox.com> RDMA/mlx5: Protect from shift operand overflow Takashi Iwai <tiwai(a)suse.de> ALSA: aloop: Add missing cable lock to ctl API callbacks Robert Rosengren <robert.rosengren(a)axis.com> ALSA: aloop: Mark paused device as inactive Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Check PCM state at xfern compat ioctl Murilo Opsfelder Araujo <muriloo(a)linux.ibm.com> perf session: Fix undeclared 'oe' Tan Xiaojun <tanxiaojun(a)huawei.com> perf/core: Fix the perf_cpu_time_max_percent check Tejun Heo <tj(a)kernel.org> percpu: include linux/sched.h for cond_resched() ------------- Diffstat: Makefile | 4 +-- drivers/ata/libata-core.c | 3 ++ drivers/infiniband/hw/mlx5/qp.c | 4 +++ drivers/net/can/usb/kvaser_usb.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/usb/musb/musb_host.c | 4 ++- drivers/usb/serial/visor.c | 69 +++++++++++++++++++------------------- include/net/inet_timewait_sock.h | 1 + include/net/nexthop.h | 2 +- kernel/events/callchain.c | 10 ++---- kernel/events/core.c | 2 +- kernel/trace/trace_events_filter.c | 3 ++ kernel/trace/trace_uprobe.c | 2 ++ mm/percpu.c | 1 + net/core/dev_addr_lists.c | 4 +-- net/core/skbuff.c | 1 + net/ipv4/inet_timewait_sock.c | 1 + net/ipv4/tcp.c | 2 +- net/netlink/af_netlink.c | 2 ++ net/rfkill/rfkill-gpio.c | 7 +++- sound/core/pcm_compat.c | 2 ++ sound/core/seq/seq_virmidi.c | 4 +-- sound/drivers/aloop.c | 29 +++++++++++++--- tools/perf/util/session.c | 1 + 24 files changed, 102 insertions(+), 59 deletions(-)

7 years, 1 month

5
26
0 0

[PATCH] tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}

by Steven Rostedt

From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> Doing an audit of trace events, I discovered two trace events in the xen subsystem that use a hack to create zero data size trace events. This is not what trace events are for. Trace events add memory footprint overhead, and if all you need to do is see if a function is hit or not, simply make that function noinline and use function tracer filtering. Worse yet, the hack used was: __array(char, x, 0) Which creates a static string of zero in length. There's assumptions about such constructs in ftrace that this is a dynamic string that is nul terminated. This is not the case with these tracepoints and can cause problems in various parts of ftrace. Nuke the trace events! Cc: stable(a)vger.kernel.org Fixes: 95a7d76897c1e ("xen/mmu: Use Xen specific TLB flush instead of the generic one.") Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- arch/x86/xen/mmu.c | 4 +--- arch/x86/xen/mmu_pv.c | 4 +--- include/trace/events/xen.h | 16 ---------------- 3 files changed, 2 insertions(+), 22 deletions(-) diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c index d33e7dbe3129..2d76106788a3 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c @@ -42,13 +42,11 @@ xmaddr_t arbitrary_virt_to_machine(void *vaddr) } EXPORT_SYMBOL_GPL(arbitrary_virt_to_machine); -static void xen_flush_tlb_all(void) +static noinline void xen_flush_tlb_all(void) { struct mmuext_op *op; struct multicall_space mcs; - trace_xen_mmu_flush_tlb_all(0); - preempt_disable(); mcs = xen_mc_entry(sizeof(*op)); diff --git a/arch/x86/xen/mmu_pv.c b/arch/x86/xen/mmu_pv.c index 486c0a34d00b..2c30cabfda90 100644 --- a/arch/x86/xen/mmu_pv.c +++ b/arch/x86/xen/mmu_pv.c @@ -1310,13 +1310,11 @@ unsigned long xen_read_cr2_direct(void) return this_cpu_read(xen_vcpu_info.arch.cr2); } -static void xen_flush_tlb(void) +static noinline void xen_flush_tlb(void) { struct mmuext_op *op; struct multicall_space mcs; - trace_xen_mmu_flush_tlb(0); - preempt_disable(); mcs = xen_mc_entry(sizeof(*op)); diff --git a/include/trace/events/xen.h b/include/trace/events/xen.h index 7dd8f34c37df..fdcf88bcf0ea 100644 --- a/include/trace/events/xen.h +++ b/include/trace/events/xen.h @@ -352,22 +352,6 @@ DECLARE_EVENT_CLASS(xen_mmu_pgd, DEFINE_XEN_MMU_PGD_EVENT(xen_mmu_pgd_pin); DEFINE_XEN_MMU_PGD_EVENT(xen_mmu_pgd_unpin); -TRACE_EVENT(xen_mmu_flush_tlb_all, - TP_PROTO(int x), - TP_ARGS(x), - TP_STRUCT__entry(__array(char, x, 0)), - TP_fast_assign((void)x), - TP_printk("%s", "") - ); - -TRACE_EVENT(xen_mmu_flush_tlb, - TP_PROTO(int x), - TP_ARGS(x), - TP_STRUCT__entry(__array(char, x, 0)), - TP_fast_assign((void)x), - TP_printk("%s", "") - ); - TRACE_EVENT(xen_mmu_flush_tlb_one_user, TP_PROTO(unsigned long addr), TP_ARGS(addr), -- 2.13.6

7 years, 1 month

2
4
0 0

[merged] mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, oom: fix concurrent munlock and oom reaper unmap, v3 has been removed from the -mm tree. Its filename was mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: David Rientjes <rientjes(a)google.com> Subject: mm, oom: fix concurrent munlock and oom reaper unmap, v3 Since exit_mmap() is done without the protection of mm->mmap_sem, it is possible for the oom reaper to concurrently operate on an mm until MMF_OOM_SKIP is set. This allows munlock_vma_pages_all() to concurrently run while the oom reaper is operating on a vma. Since munlock_vma_pages_range() depends on clearing VM_LOCKED from vm_flags before actually doing the munlock to determine if any other vmas are locking the same memory, the check for VM_LOCKED in the oom reaper is racy. This is especially noticeable on architectures such as powerpc where clearing a huge pmd requires serialize_against_pte_lookup(). If the pmd is zapped by the oom reaper during follow_page_mask() after the check for pmd_none() is bypassed, this ends up deferencing a NULL ptl or a kernel oops. Fix this by manually freeing all possible memory from the mm before doing the munlock and then setting MMF_OOM_SKIP. The oom reaper can not run on the mm anymore so the munlock is safe to do in exit_mmap(). It also matches the logic that the oom reaper currently uses for determining when to set MMF_OOM_SKIP itself, so there's no new risk of excessive oom killing. This issue fixes CVE-2018-1000200. Link: http://lkml.kernel.org/r/alpine.DEB.2.21.1804241526320.238665@chino.kir.cor… Fixes: 212925802454 ("mm: oom: let oom_reap_task and exit_mmap run concurrently") Signed-off-by: David Rientjes <rientjes(a)google.com> Suggested-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/oom.h | 2 + mm/mmap.c | 44 +++++++++++++--------- mm/oom_kill.c | 81 ++++++++++++++++++++++-------------------- 3 files changed, 71 insertions(+), 56 deletions(-) diff -puN include/linux/oom.h~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap include/linux/oom.h --- a/include/linux/oom.h~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap +++ a/include/linux/oom.h @@ -95,6 +95,8 @@ static inline int check_stable_address_s return 0; } +void __oom_reap_task_mm(struct mm_struct *mm); + extern unsigned long oom_badness(struct task_struct *p, struct mem_cgroup *memcg, const nodemask_t *nodemask, unsigned long totalpages); diff -puN mm/mmap.c~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap mm/mmap.c --- a/mm/mmap.c~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap +++ a/mm/mmap.c @@ -3024,6 +3024,32 @@ void exit_mmap(struct mm_struct *mm) /* mm's last user has gone, and its about to be pulled down */ mmu_notifier_release(mm); + if (unlikely(mm_is_oom_victim(mm))) { + /* + * Manually reap the mm to free as much memory as possible. + * Then, as the oom reaper does, set MMF_OOM_SKIP to disregard + * this mm from further consideration. Taking mm->mmap_sem for + * write after setting MMF_OOM_SKIP will guarantee that the oom + * reaper will not run on this mm again after mmap_sem is + * dropped. + * + * Nothing can be holding mm->mmap_sem here and the above call + * to mmu_notifier_release(mm) ensures mmu notifier callbacks in + * __oom_reap_task_mm() will not block. + * + * This needs to be done before calling munlock_vma_pages_all(), + * which clears VM_LOCKED, otherwise the oom reaper cannot + * reliably test it. + */ + mutex_lock(&oom_lock); + __oom_reap_task_mm(mm); + mutex_unlock(&oom_lock); + + set_bit(MMF_OOM_SKIP, &mm->flags); + down_write(&mm->mmap_sem); + up_write(&mm->mmap_sem); + } + if (mm->locked_vm) { vma = mm->mmap; while (vma) { @@ -3045,24 +3071,6 @@ void exit_mmap(struct mm_struct *mm) /* update_hiwater_rss(mm) here? but nobody should be looking */ /* Use -1 here to ensure all VMAs in the mm are unmapped */ unmap_vmas(&tlb, vma, 0, -1); - - if (unlikely(mm_is_oom_victim(mm))) { - /* - * Wait for oom_reap_task() to stop working on this - * mm. Because MMF_OOM_SKIP is already set before - * calling down_read(), oom_reap_task() will not run - * on this "mm" post up_write(). - * - * mm_is_oom_victim() cannot be set from under us - * either because victim->mm is already set to NULL - * under task_lock before calling mmput and oom_mm is - * set not NULL by the OOM killer only if victim->mm - * is found not NULL while holding the task_lock. - */ - set_bit(MMF_OOM_SKIP, &mm->flags); - down_write(&mm->mmap_sem); - up_write(&mm->mmap_sem); - } free_pgtables(&tlb, vma, FIRST_USER_ADDRESS, USER_PGTABLES_CEILING); tlb_finish_mmu(&tlb, 0, -1); diff -puN mm/oom_kill.c~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap mm/oom_kill.c --- a/mm/oom_kill.c~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap +++ a/mm/oom_kill.c @@ -469,7 +469,6 @@ bool process_shares_mm(struct task_struc return false; } - #ifdef CONFIG_MMU /* * OOM Reaper kernel thread which tries to reap the memory used by the OOM @@ -480,16 +479,54 @@ static DECLARE_WAIT_QUEUE_HEAD(oom_reape static struct task_struct *oom_reaper_list; static DEFINE_SPINLOCK(oom_reaper_lock); -static bool __oom_reap_task_mm(struct task_struct *tsk, struct mm_struct *mm) +void __oom_reap_task_mm(struct mm_struct *mm) { - struct mmu_gather tlb; struct vm_area_struct *vma; + + /* + * Tell all users of get_user/copy_from_user etc... that the content + * is no longer stable. No barriers really needed because unmapping + * should imply barriers already and the reader would hit a page fault + * if it stumbled over a reaped memory. + */ + set_bit(MMF_UNSTABLE, &mm->flags); + + for (vma = mm->mmap ; vma; vma = vma->vm_next) { + if (!can_madv_dontneed_vma(vma)) + continue; + + /* + * Only anonymous pages have a good chance to be dropped + * without additional steps which we cannot afford as we + * are OOM already. + * + * We do not even care about fs backed pages because all + * which are reclaimable have already been reclaimed and + * we do not want to block exit_mmap by keeping mm ref + * count elevated without a good reason. + */ + if (vma_is_anonymous(vma) || !(vma->vm_flags & VM_SHARED)) { + const unsigned long start = vma->vm_start; + const unsigned long end = vma->vm_end; + struct mmu_gather tlb; + + tlb_gather_mmu(&tlb, mm, start, end); + mmu_notifier_invalidate_range_start(mm, start, end); + unmap_page_range(&tlb, vma, start, end, NULL); + mmu_notifier_invalidate_range_end(mm, start, end); + tlb_finish_mmu(&tlb, start, end); + } + } +} + +static bool oom_reap_task_mm(struct task_struct *tsk, struct mm_struct *mm) +{ bool ret = true; /* * We have to make sure to not race with the victim exit path * and cause premature new oom victim selection: - * __oom_reap_task_mm exit_mm + * oom_reap_task_mm exit_mm * mmget_not_zero * mmput * atomic_dec_and_test @@ -534,39 +571,8 @@ static bool __oom_reap_task_mm(struct ta trace_start_task_reaping(tsk->pid); - /* - * Tell all users of get_user/copy_from_user etc... that the content - * is no longer stable. No barriers really needed because unmapping - * should imply barriers already and the reader would hit a page fault - * if it stumbled over a reaped memory. - */ - set_bit(MMF_UNSTABLE, &mm->flags); - - for (vma = mm->mmap ; vma; vma = vma->vm_next) { - if (!can_madv_dontneed_vma(vma)) - continue; + __oom_reap_task_mm(mm); - /* - * Only anonymous pages have a good chance to be dropped - * without additional steps which we cannot afford as we - * are OOM already. - * - * We do not even care about fs backed pages because all - * which are reclaimable have already been reclaimed and - * we do not want to block exit_mmap by keeping mm ref - * count elevated without a good reason. - */ - if (vma_is_anonymous(vma) || !(vma->vm_flags & VM_SHARED)) { - const unsigned long start = vma->vm_start; - const unsigned long end = vma->vm_end; - - tlb_gather_mmu(&tlb, mm, start, end); - mmu_notifier_invalidate_range_start(mm, start, end); - unmap_page_range(&tlb, vma, start, end, NULL); - mmu_notifier_invalidate_range_end(mm, start, end); - tlb_finish_mmu(&tlb, start, end); - } - } pr_info("oom_reaper: reaped process %d (%s), now anon-rss:%lukB, file-rss:%lukB, shmem-rss:%lukB\n", task_pid_nr(tsk), tsk->comm, K(get_mm_counter(mm, MM_ANONPAGES)), @@ -587,14 +593,13 @@ static void oom_reap_task(struct task_st struct mm_struct *mm = tsk->signal->oom_mm; /* Retry the down_read_trylock(mmap_sem) a few times */ - while (attempts++ < MAX_OOM_REAP_RETRIES && !__oom_reap_task_mm(tsk, mm)) + while (attempts++ < MAX_OOM_REAP_RETRIES && !oom_reap_task_mm(tsk, mm)) schedule_timeout_idle(HZ/10); if (attempts <= MAX_OOM_REAP_RETRIES || test_bit(MMF_OOM_SKIP, &mm->flags)) goto done; - pr_info("oom_reaper: unable to reap pid:%d (%s)\n", task_pid_nr(tsk), tsk->comm); debug_show_all_locks(); _ Patches currently in -mm which might be from rientjes(a)google.com are

7 years, 1 month

1
0
0 0

[merged] mm-sections-are-not-offlined-during-memory-hotremove.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: sections are not offlined during memory hotremove has been removed from the -mm tree. Its filename was mm-sections-are-not-offlined-during-memory-hotremove.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Pavel Tatashin <pasha.tatashin(a)oracle.com> Subject: mm: sections are not offlined during memory hotremove Memory hotplug and hotremove operate with per-block granularity. If the machine has a large amount of memory (more than 64G), the size of a memory block can span multiple sections. By mistake, during hotremove we set only the first section to offline state. The bug was discovered because kernel selftest started to fail: https://lkml.kernel.org/r/20180423011247.GK5563@yexl-desktop After commit, "mm/memory_hotplug: optimize probe routine". But, the bug is older than this commit. In this optimization we also added a check for sections to be in a proper state during hotplug operation. Link: http://lkml.kernel.org/r/20180427145257.15222-1-pasha.tatashin@oracle.com Fixes: 2d070eab2e82 ("mm: consider zone which is not fully populated to have holes") Signed-off-by: Pavel Tatashin <pasha.tatashin(a)oracle.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Steven Sistare <steven.sistare(a)oracle.com> Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com> Cc: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/sparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN mm/sparse.c~mm-sections-are-not-offlined-during-memory-hotremove mm/sparse.c --- a/mm/sparse.c~mm-sections-are-not-offlined-during-memory-hotremove +++ a/mm/sparse.c @@ -629,7 +629,7 @@ void offline_mem_sections(unsigned long unsigned long pfn; for (pfn = start_pfn; pfn < end_pfn; pfn += PAGES_PER_SECTION) { - unsigned long section_nr = pfn_to_section_nr(start_pfn); + unsigned long section_nr = pfn_to_section_nr(pfn); struct mem_section *ms; /* _ Patches currently in -mm which might be from pasha.tatashin(a)oracle.com are mm-allow-deferred-page-init-for-vmemmap-only.patch sparc64-ng4-memset-32-bits-overflow.patch

7 years, 1 month

1
0
0 0

[merged] z3fold-fix-reclaim-lock-ups.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: z3fold: fix reclaim lock-ups has been removed from the -mm tree. Its filename was z3fold-fix-reclaim-lock-ups.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Vitaly Wool <vitalywool(a)gmail.com> Subject: z3fold: fix reclaim lock-ups Do not try to optimize in-page object layout while the page is under reclaim. This fixes lock-ups on reclaim and improves reclaim performance at the same time. [akpm(a)linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/20180430125800.444cae9706489f412ad12621@gmail.com Signed-off-by: Vitaly Wool <vitaly.vul(a)sony.com> Reported-by: Guenter Roeck <linux(a)roeck-us.net> Tested-by: Guenter Roeck <linux(a)roeck-us.net> Cc: <Oleksiy.Avramchenko(a)sony.com> Cc: Matthew Wilcox <mawilcox(a)microsoft.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/z3fold.c | 42 ++++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) diff -puN mm/z3fold.c~z3fold-fix-reclaim-lock-ups mm/z3fold.c --- a/mm/z3fold.c~z3fold-fix-reclaim-lock-ups +++ a/mm/z3fold.c @@ -144,7 +144,8 @@ enum z3fold_page_flags { PAGE_HEADLESS = 0, MIDDLE_CHUNK_MAPPED, NEEDS_COMPACTING, - PAGE_STALE + PAGE_STALE, + UNDER_RECLAIM }; /***************** @@ -173,6 +174,7 @@ static struct z3fold_header *init_z3fold clear_bit(MIDDLE_CHUNK_MAPPED, &page->private); clear_bit(NEEDS_COMPACTING, &page->private); clear_bit(PAGE_STALE, &page->private); + clear_bit(UNDER_RECLAIM, &page->private); spin_lock_init(&zhdr->page_lock); kref_init(&zhdr->refcount); @@ -756,6 +758,10 @@ static void z3fold_free(struct z3fold_po atomic64_dec(&pool->pages_nr); return; } + if (test_bit(UNDER_RECLAIM, &page->private)) { + z3fold_page_unlock(zhdr); + return; + } if (test_and_set_bit(NEEDS_COMPACTING, &page->private)) { z3fold_page_unlock(zhdr); return; @@ -840,6 +846,8 @@ static int z3fold_reclaim_page(struct z3 kref_get(&zhdr->refcount); list_del_init(&zhdr->buddy); zhdr->cpu = -1; + set_bit(UNDER_RECLAIM, &page->private); + break; } list_del_init(&page->lru); @@ -887,25 +895,35 @@ static int z3fold_reclaim_page(struct z3 goto next; } next: - spin_lock(&pool->lock); if (test_bit(PAGE_HEADLESS, &page->private)) { if (ret == 0) { - spin_unlock(&pool->lock); free_z3fold_page(page); return 0; } - } else if (kref_put(&zhdr->refcount, release_z3fold_page)) { - atomic64_dec(&pool->pages_nr); + spin_lock(&pool->lock); + list_add(&page->lru, &pool->lru); + spin_unlock(&pool->lock); + } else { + z3fold_page_lock(zhdr); + clear_bit(UNDER_RECLAIM, &page->private); + if (kref_put(&zhdr->refcount, + release_z3fold_page_locked)) { + atomic64_dec(&pool->pages_nr); + return 0; + } + /* + * if we are here, the page is still not completely + * free. Take the global pool lock then to be able + * to add it back to the lru list + */ + spin_lock(&pool->lock); + list_add(&page->lru, &pool->lru); spin_unlock(&pool->lock); - return 0; + z3fold_page_unlock(zhdr); } - /* - * Add to the beginning of LRU. - * Pool lock has to be kept here to ensure the page has - * not already been released - */ - list_add(&page->lru, &pool->lru); + /* We started off locked to we need to lock the pool back */ + spin_lock(&pool->lock); } spin_unlock(&pool->lock); return -EAGAIN; _ Patches currently in -mm which might be from vitalywool(a)gmail.com are

7 years, 1 month

1
0
0 0

patch "serial: 8250: omap: Fix idling of clocks for unused uarts" added to tty-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: 8250: omap: Fix idling of clocks for unused uarts to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 13dc04d0e5fdc25c8f713ad23fdce51cf2bf96ba Mon Sep 17 00:00:00 2001 From: Tony Lindgren <tony(a)atomide.com> Date: Fri, 4 May 2018 10:44:09 -0700 Subject: serial: 8250: omap: Fix idling of clocks for unused uarts I noticed that unused UARTs won't necessarily idle properly always unless at least one byte tx transfer is done first. After some debugging I narrowed down the problem to the scr register dma configuration bits that need to be set before softreset for the clocks to idle. Unless we do this, the module clkctrl idlest bits may be set to 1 instead of 3 meaning the clock will never idle and is blocking deeper idle states for the whole domain. This might be related to the configuration done by the bootloader or kexec booting where certain configurations cause the 8250 or the clkctrl clock to jam in a way where setting of the scr bits and reset is needed to clear it. I've tried diffing the 8250 registers for the various modes, but did not see anything specific. So far I've only seen this on omap4 but I'm suspecting this might also happen on the other clkctrl using SoCs considering they already have a quirk enabled for UART_ERRATA_CLOCK_DISABLE. Let's fix the issue by configuring scr before reset for basic dma even if we don't use it. The scr register will be reset when we do softreset few lines after, and we restore scr on resume. We should do this for all the SoCs with UART_ERRATA_CLOCK_DISABLE quirk flag set since the ones with UART_ERRATA_CLOCK_DISABLE are all based using clkctrl similar to omap4. Looks like both OMAP_UART_SCR_DMAMODE_1 | OMAP_UART_SCR_DMAMODE_CTL bits are needed for the clkctrl to idle after a softreset. And we need to add omap4 to also use the UART_ERRATA_CLOCK_DISABLE for the related workaround to be enabled. This same compatible value will also be used for omap5. Fixes: cdb929e4452a ("serial: 8250_omap: workaround errata around idling UART after using DMA") Cc: Keerthy <j-keerthy(a)ti.com> Cc: Matthijs van Duin <matthijsvanduin(a)gmail.com> Cc: Sekhar Nori <nsekhar(a)ti.com> Cc: Tero Kristo <t-kristo(a)ti.com> Signed-off-by: Tony Lindgren <tony(a)atomide.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/8250/8250_omap.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c index 6aaa84355fd1..1b337fee07ed 100644 --- a/drivers/tty/serial/8250/8250_omap.c +++ b/drivers/tty/serial/8250/8250_omap.c @@ -1110,13 +1110,14 @@ static int omap8250_no_handle_irq(struct uart_port *port) return 0; } +static const u8 omap4_habit = UART_ERRATA_CLOCK_DISABLE; static const u8 am3352_habit = OMAP_DMA_TX_KICK | UART_ERRATA_CLOCK_DISABLE; static const u8 dra742_habit = UART_ERRATA_CLOCK_DISABLE; static const struct of_device_id omap8250_dt_ids[] = { { .compatible = "ti,omap2-uart" }, { .compatible = "ti,omap3-uart" }, - { .compatible = "ti,omap4-uart" }, + { .compatible = "ti,omap4-uart", .data = &omap4_habit, }, { .compatible = "ti,am3352-uart", .data = &am3352_habit, }, { .compatible = "ti,am4372-uart", .data = &am3352_habit, }, { .compatible = "ti,dra742-uart", .data = &dra742_habit, }, @@ -1362,6 +1363,19 @@ static int omap8250_soft_reset(struct device *dev) int sysc; int syss; + /* + * At least on omap4, unused uarts may not idle after reset without + * a basic scr dma configuration even with no dma in use. The + * module clkctrl status bits will be 1 instead of 3 blocking idle + * for the whole clockdomain. The softreset below will clear scr, + * and we restore it on resume so this is safe to do on all SoCs + * needing omap8250_soft_reset() quirk. Do it in two writes as + * recommended in the comment for omap8250_update_scr(). + */ + serial_out(up, UART_OMAP_SCR, OMAP_UART_SCR_DMAMODE_1); + serial_out(up, UART_OMAP_SCR, + OMAP_UART_SCR_DMAMODE_1 | OMAP_UART_SCR_DMAMODE_CTL); + sysc = serial_in(up, UART_OMAP_SYSC); /* softreset the UART */ -- 2.17.0

7 years, 1 month

1
0
0 0

patch "serial: samsung: fix maxburst parameter for DMA transactions" added to tty-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: samsung: fix maxburst parameter for DMA transactions to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From aa2f80e752c75e593b3820f42c416ed9458fa73e Mon Sep 17 00:00:00 2001 From: Marek Szyprowski <m.szyprowski(a)samsung.com> Date: Thu, 10 May 2018 08:41:13 +0200 Subject: serial: samsung: fix maxburst parameter for DMA transactions The best granularity of residue that DMA engine can report is in the BURST units, so the serial driver must use MAXBURST = 1 and DMA_SLAVE_BUSWIDTH_1_BYTE if it relies on exact number of bytes transferred by DMA engine. Fixes: 62c37eedb74c ("serial: samsung: add dma reqest/release functions") Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Acked-by: Krzysztof Kozlowski <krzk(a)kernel.org> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/samsung.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c index 3f2f8c118ce0..64e96926f1ad 100644 --- a/drivers/tty/serial/samsung.c +++ b/drivers/tty/serial/samsung.c @@ -862,15 +862,12 @@ static int s3c24xx_serial_request_dma(struct s3c24xx_uart_port *p) dma->rx_conf.direction = DMA_DEV_TO_MEM; dma->rx_conf.src_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE; dma->rx_conf.src_addr = p->port.mapbase + S3C2410_URXH; - dma->rx_conf.src_maxburst = 16; + dma->rx_conf.src_maxburst = 1; dma->tx_conf.direction = DMA_MEM_TO_DEV; dma->tx_conf.dst_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE; dma->tx_conf.dst_addr = p->port.mapbase + S3C2410_UTXH; - if (dma_get_cache_alignment() >= 16) - dma->tx_conf.dst_maxburst = 16; - else - dma->tx_conf.dst_maxburst = 1; + dma->tx_conf.dst_maxburst = 1; dma->rx_chan = dma_request_chan(p->port.dev, "rx"); -- 2.17.0

7 years, 1 month

1
0
0 0

patch "tty: pl011: Avoid spuriously stuck-off interrupts" added to tty-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tty: pl011: Avoid spuriously stuck-off interrupts to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 4a7e625ce50412a7711efa0f2ef0b96ce3826759 Mon Sep 17 00:00:00 2001 From: Dave Martin <Dave.Martin(a)arm.com> Date: Thu, 10 May 2018 18:08:23 +0100 Subject: tty: pl011: Avoid spuriously stuck-off interrupts Commit 9b96fbacda34 ("serial: PL011: clear pending interrupts") clears the RX and receive timeout interrupts on pl011 startup, to avoid a screaming-interrupt scenario that can occur when the firmware or bootloader leaves these interrupts asserted. This has been noted as an issue when running Linux on qemu [1]. Unfortunately, the above fix seems to lead to potential misbehaviour if the RX FIFO interrupt is asserted _non_ spuriously on driver startup, if the RX FIFO is also already full to the trigger level. Clearing the RX FIFO interrupt does not change the FIFO fill level. In this scenario, because the interrupt is now clear and because the FIFO is already full to the trigger level, no new assertion of the RX FIFO interrupt can occur unless the FIFO is drained back below the trigger level. This never occurs because the pl011 driver is waiting for an RX FIFO interrupt to tell it that there is something to read, and does not read the FIFO at all until that interrupt occurs. Thus, simply clearing "spurious" interrupts on startup may be misguided, since there is no way to be sure that the interrupts are truly spurious, and things can go wrong if they are not. This patch instead clears the interrupt condition by draining the RX FIFO during UART startup, after clearing any potentially spurious interrupt. This should ensure that an interrupt will definitely be asserted if the RX FIFO subsequently becomes sufficiently full. The drain is done at the point of enabling interrupts only. This means that it will occur any time the UART is newly opened through the tty layer. It will not apply to polled-mode use of the UART by kgdboc: since that scenario cannot use interrupts by design, this should not matter. kgdboc will interact badly with "normal" use of the UART in any case: this patch makes no attempt to paper over such issues. This patch does not attempt to address the case where the RX FIFO fills faster than it can be drained: that is a pathological hardware design problem that is beyond the scope of the driver to work around. As a failsafe, the number of poll iterations for draining the FIFO is limited to twice the FIFO size. This will ensure that the kernel at least boots even if it is impossible to drain the FIFO for some reason. [1] [Qemu-devel] [Qemu-arm] [PATCH] pl011: do not put into fifo before enabled the interruption https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg06446.html Reported-by: Wei Xu <xuwei5(a)hisilicon.com> Cc: Russell King <linux(a)armlinux.org.uk> Cc: Linus Walleij <linus.walleij(a)linaro.org> Cc: Peter Maydell <peter.maydell(a)linaro.org> Fixes: 9b96fbacda34 ("serial: PL011: clear pending interrupts") Signed-off-by: Dave Martin <Dave.Martin(a)arm.com> Cc: stable <stable(a)vger.kernel.org> Tested-by: Wei Xu <xuwei5(a)hisilicon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/amba-pl011.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/tty/serial/amba-pl011.c b/drivers/tty/serial/amba-pl011.c index 4b40a5b449ee..ebd33c0232e6 100644 --- a/drivers/tty/serial/amba-pl011.c +++ b/drivers/tty/serial/amba-pl011.c @@ -1727,10 +1727,26 @@ static int pl011_allocate_irq(struct uart_amba_port *uap) */ static void pl011_enable_interrupts(struct uart_amba_port *uap) { + unsigned int i; + spin_lock_irq(&uap->port.lock); /* Clear out any spuriously appearing RX interrupts */ pl011_write(UART011_RTIS | UART011_RXIS, uap, REG_ICR); + + /* + * RXIS is asserted only when the RX FIFO transitions from below + * to above the trigger threshold. If the RX FIFO is already + * full to the threshold this can't happen and RXIS will now be + * stuck off. Drain the RX FIFO explicitly to fix this: + */ + for (i = 0; i < uap->fifosize * 2; ++i) { + if (pl011_read(uap, REG_FR) & UART01x_FR_RXFE) + break; + + pl011_read(uap, REG_DR); + } + uap->im = UART011_RTIM; if (!pl011_dma_rx_running(uap)) uap->im |= UART011_RXIM; -- 2.17.0

7 years, 1 month

1
0
0 0

patch "driver core: Don't ignore class_dir_create_and_add() failure." added to driver-core-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled driver core: Don't ignore class_dir_create_and_add() failure. to my driver-core git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git in the driver-core-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 84d0c27d6233a9ba0578b20f5a09701eb66cee42 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Mon, 7 May 2018 19:10:31 +0900 Subject: driver core: Don't ignore class_dir_create_and_add() failure. syzbot is hitting WARN() at kernfs_add_one() [1]. This is because kernfs_create_link() is confused by previous device_add() call which continued without setting dev->kobj.parent field when get_device_parent() failed by memory allocation fault injection. Fix this by propagating the error from class_dir_create_and_add() to the calllers of get_device_parent(). [1] https://syzkaller.appspot.com/bug?id=fae0fb607989ea744526d1c082a5b8de652911… Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: syzbot <syzbot+df47f81c226b31d89fb1(a)syzkaller.appspotmail.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/base/core.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/drivers/base/core.c b/drivers/base/core.c index b610816eb887..d680fd030316 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -1467,7 +1467,7 @@ class_dir_create_and_add(struct class *class, struct kobject *parent_kobj) dir = kzalloc(sizeof(*dir), GFP_KERNEL); if (!dir) - return NULL; + return ERR_PTR(-ENOMEM); dir->class = class; kobject_init(&dir->kobj, &class_dir_ktype); @@ -1477,7 +1477,7 @@ class_dir_create_and_add(struct class *class, struct kobject *parent_kobj) retval = kobject_add(&dir->kobj, parent_kobj, "%s", class->name); if (retval < 0) { kobject_put(&dir->kobj); - return NULL; + return ERR_PTR(retval); } return &dir->kobj; } @@ -1784,6 +1784,10 @@ int device_add(struct device *dev) parent = get_device(dev->parent); kobj = get_device_parent(dev, parent); + if (IS_ERR(kobj)) { + error = PTR_ERR(kobj); + goto parent_error; + } if (kobj) dev->kobj.parent = kobj; @@ -1882,6 +1886,7 @@ int device_add(struct device *dev) kobject_del(&dev->kobj); Error: cleanup_glue_dir(dev, glue_dir); +parent_error: put_device(parent); name_error: kfree(dev->p); @@ -2701,6 +2706,11 @@ int device_move(struct device *dev, struct device *new_parent, device_pm_lock(); new_parent = get_device(new_parent); new_parent_kobj = get_device_parent(dev, new_parent); + if (IS_ERR(new_parent_kobj)) { + error = PTR_ERR(new_parent_kobj); + put_device(new_parent); + goto out; + } pr_debug("device: '%s': %s: moving to '%s'\n", dev_name(dev), __func__, new_parent ? dev_name(new_parent) : "<NULL>"); -- 2.17.0

7 years, 1 month

1
0
0 0

patch "1wire: family module autoload fails because of upper/lower case" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled 1wire: family module autoload fails because of upper/lower case to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 065c09563c872e52813a17218c52cd642be1dca6 Mon Sep 17 00:00:00 2001 From: Ingo Flaschberger <ingo.flaschberger(a)gmail.com> Date: Tue, 1 May 2018 16:10:33 +0200 Subject: 1wire: family module autoload fails because of upper/lower case mismatch. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1wire family module autoload fails because of upper/lower case mismatch. Signed-off-by: Ingo Flaschberger <ingo.flaschberger(a)gmail.com> Acked-by: Evgeniy Polyakov <zbr(a)ioremap.net> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/w1/w1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/w1/w1.c b/drivers/w1/w1.c index 80a778b02f28..caef0e0fd817 100644 --- a/drivers/w1/w1.c +++ b/drivers/w1/w1.c @@ -751,7 +751,7 @@ int w1_attach_slave_device(struct w1_master *dev, struct w1_reg_num *rn) /* slave modules need to be loaded in a context with unlocked mutex */ mutex_unlock(&dev->mutex); - request_module("w1-family-0x%02x", rn->family); + request_module("w1-family-0x%02X", rn->family); mutex_lock(&dev->mutex); spin_lock(&w1_flock); -- 2.17.0

7 years, 1 month

1
0
0 0

patch "w1: mxc_w1: Enable clock before calling clk_get_rate() on it" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled w1: mxc_w1: Enable clock before calling clk_get_rate() on it to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 955bc61328dc0a297fb3baccd84e9d3aee501ed8 Mon Sep 17 00:00:00 2001 From: Stefan Potyra <Stefan.Potyra(a)elektrobit.com> Date: Wed, 2 May 2018 10:55:31 +0200 Subject: w1: mxc_w1: Enable clock before calling clk_get_rate() on it According to the API, you may only call clk_get_rate() after actually enabling it. Found by Linux Driver Verification project (linuxtesting.org). Fixes: a5fd9139f74c ("w1: add 1-wire master driver for i.MX27 / i.MX31") Signed-off-by: Stefan Potyra <Stefan.Potyra(a)elektrobit.com> Acked-by: Evgeniy Polyakov <zbr(a)ioremap.net> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/w1/masters/mxc_w1.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/drivers/w1/masters/mxc_w1.c b/drivers/w1/masters/mxc_w1.c index 74f2e6e6202a..8851d441e5fd 100644 --- a/drivers/w1/masters/mxc_w1.c +++ b/drivers/w1/masters/mxc_w1.c @@ -112,6 +112,10 @@ static int mxc_w1_probe(struct platform_device *pdev) if (IS_ERR(mdev->clk)) return PTR_ERR(mdev->clk); + err = clk_prepare_enable(mdev->clk); + if (err) + return err; + clkrate = clk_get_rate(mdev->clk); if (clkrate < 10000000) dev_warn(&pdev->dev, @@ -125,12 +129,10 @@ static int mxc_w1_probe(struct platform_device *pdev) res = platform_get_resource(pdev, IORESOURCE_MEM, 0); mdev->regs = devm_ioremap_resource(&pdev->dev, res); - if (IS_ERR(mdev->regs)) - return PTR_ERR(mdev->regs); - - err = clk_prepare_enable(mdev->clk); - if (err) - return err; + if (IS_ERR(mdev->regs)) { + err = PTR_ERR(mdev->regs); + goto out_disable_clk; + } /* Software reset 1-Wire module */ writeb(MXC_W1_RESET_RST, mdev->regs + MXC_W1_RESET); @@ -146,8 +148,12 @@ static int mxc_w1_probe(struct platform_device *pdev) err = w1_add_master_device(&mdev->bus_master); if (err) - clk_disable_unprepare(mdev->clk); + goto out_disable_clk; + return 0; + +out_disable_clk: + clk_disable_unprepare(mdev->clk); return err; } -- 2.17.0

7 years, 1 month

1
0
0 0

[PATCH] ARM: dts: socfpga: Fix NAND controller node compatible for Arria10

by Dinh Nguyen

The NAND compatible "denali,denal-nand-dt" property has never been used and is obsolete. Remove it. Cc: stable(a)vger.kernel.org Fixes: f549af06e9b6("ARM: dts: socfpga: Add NAND device tree for Arria10") Signed-off-by: Dinh Nguyen <dinguyen(a)kernel.org> --- arch/arm/boot/dts/socfpga_arria10.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/boot/dts/socfpga_arria10.dtsi b/arch/arm/boot/dts/socfpga_arria10.dtsi index bead79e4b2aa..d8b1aa309f76 100644 --- a/arch/arm/boot/dts/socfpga_arria10.dtsi +++ b/arch/arm/boot/dts/socfpga_arria10.dtsi @@ -633,7 +633,7 @@ nand: nand@ffb90000 { #address-cells = <1>; #size-cells = <1>; - compatible = "denali,denali-nand-dt", "altr,socfpga-denali-nand"; + compatible = "altr,socfpga-denali-nand"; reg = <0xffb90000 0x72000>, <0xffb80000 0x10000>; reg-names = "nand_data", "denali_reg"; -- 2.17.0.391.g1f1cddd

7 years, 1 month

1
0
0 0

patch "driver core: Don't ignore class_dir_create_and_add() failure." added to driver-core-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled driver core: Don't ignore class_dir_create_and_add() failure. to my driver-core git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git in the driver-core-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the driver-core-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 84d0c27d6233a9ba0578b20f5a09701eb66cee42 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Mon, 7 May 2018 19:10:31 +0900 Subject: driver core: Don't ignore class_dir_create_and_add() failure. syzbot is hitting WARN() at kernfs_add_one() [1]. This is because kernfs_create_link() is confused by previous device_add() call which continued without setting dev->kobj.parent field when get_device_parent() failed by memory allocation fault injection. Fix this by propagating the error from class_dir_create_and_add() to the calllers of get_device_parent(). [1] https://syzkaller.appspot.com/bug?id=fae0fb607989ea744526d1c082a5b8de652911… Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: syzbot <syzbot+df47f81c226b31d89fb1(a)syzkaller.appspotmail.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/base/core.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/drivers/base/core.c b/drivers/base/core.c index b610816eb887..d680fd030316 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -1467,7 +1467,7 @@ class_dir_create_and_add(struct class *class, struct kobject *parent_kobj) dir = kzalloc(sizeof(*dir), GFP_KERNEL); if (!dir) - return NULL; + return ERR_PTR(-ENOMEM); dir->class = class; kobject_init(&dir->kobj, &class_dir_ktype); @@ -1477,7 +1477,7 @@ class_dir_create_and_add(struct class *class, struct kobject *parent_kobj) retval = kobject_add(&dir->kobj, parent_kobj, "%s", class->name); if (retval < 0) { kobject_put(&dir->kobj); - return NULL; + return ERR_PTR(retval); } return &dir->kobj; } @@ -1784,6 +1784,10 @@ int device_add(struct device *dev) parent = get_device(dev->parent); kobj = get_device_parent(dev, parent); + if (IS_ERR(kobj)) { + error = PTR_ERR(kobj); + goto parent_error; + } if (kobj) dev->kobj.parent = kobj; @@ -1882,6 +1886,7 @@ int device_add(struct device *dev) kobject_del(&dev->kobj); Error: cleanup_glue_dir(dev, glue_dir); +parent_error: put_device(parent); name_error: kfree(dev->p); @@ -2701,6 +2706,11 @@ int device_move(struct device *dev, struct device *new_parent, device_pm_lock(); new_parent = get_device(new_parent); new_parent_kobj = get_device_parent(dev, new_parent); + if (IS_ERR(new_parent_kobj)) { + error = PTR_ERR(new_parent_kobj); + put_device(new_parent); + goto out; + } pr_debug("device: '%s': %s: moving to '%s'\n", dev_name(dev), __func__, new_parent ? dev_name(new_parent) : "<NULL>"); -- 2.17.0

7 years, 1 month

1
0
0 0

patch "1wire: family module autoload fails because of upper/lower case" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled 1wire: family module autoload fails because of upper/lower case to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 065c09563c872e52813a17218c52cd642be1dca6 Mon Sep 17 00:00:00 2001 From: Ingo Flaschberger <ingo.flaschberger(a)gmail.com> Date: Tue, 1 May 2018 16:10:33 +0200 Subject: 1wire: family module autoload fails because of upper/lower case mismatch. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1wire family module autoload fails because of upper/lower case mismatch. Signed-off-by: Ingo Flaschberger <ingo.flaschberger(a)gmail.com> Acked-by: Evgeniy Polyakov <zbr(a)ioremap.net> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/w1/w1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/w1/w1.c b/drivers/w1/w1.c index 80a778b02f28..caef0e0fd817 100644 --- a/drivers/w1/w1.c +++ b/drivers/w1/w1.c @@ -751,7 +751,7 @@ int w1_attach_slave_device(struct w1_master *dev, struct w1_reg_num *rn) /* slave modules need to be loaded in a context with unlocked mutex */ mutex_unlock(&dev->mutex); - request_module("w1-family-0x%02x", rn->family); + request_module("w1-family-0x%02X", rn->family); mutex_lock(&dev->mutex); spin_lock(&w1_flock); -- 2.17.0

7 years, 1 month

1
0
0 0

patch "w1: mxc_w1: Enable clock before calling clk_get_rate() on it" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled w1: mxc_w1: Enable clock before calling clk_get_rate() on it to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 955bc61328dc0a297fb3baccd84e9d3aee501ed8 Mon Sep 17 00:00:00 2001 From: Stefan Potyra <Stefan.Potyra(a)elektrobit.com> Date: Wed, 2 May 2018 10:55:31 +0200 Subject: w1: mxc_w1: Enable clock before calling clk_get_rate() on it According to the API, you may only call clk_get_rate() after actually enabling it. Found by Linux Driver Verification project (linuxtesting.org). Fixes: a5fd9139f74c ("w1: add 1-wire master driver for i.MX27 / i.MX31") Signed-off-by: Stefan Potyra <Stefan.Potyra(a)elektrobit.com> Acked-by: Evgeniy Polyakov <zbr(a)ioremap.net> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/w1/masters/mxc_w1.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/drivers/w1/masters/mxc_w1.c b/drivers/w1/masters/mxc_w1.c index 74f2e6e6202a..8851d441e5fd 100644 --- a/drivers/w1/masters/mxc_w1.c +++ b/drivers/w1/masters/mxc_w1.c @@ -112,6 +112,10 @@ static int mxc_w1_probe(struct platform_device *pdev) if (IS_ERR(mdev->clk)) return PTR_ERR(mdev->clk); + err = clk_prepare_enable(mdev->clk); + if (err) + return err; + clkrate = clk_get_rate(mdev->clk); if (clkrate < 10000000) dev_warn(&pdev->dev, @@ -125,12 +129,10 @@ static int mxc_w1_probe(struct platform_device *pdev) res = platform_get_resource(pdev, IORESOURCE_MEM, 0); mdev->regs = devm_ioremap_resource(&pdev->dev, res); - if (IS_ERR(mdev->regs)) - return PTR_ERR(mdev->regs); - - err = clk_prepare_enable(mdev->clk); - if (err) - return err; + if (IS_ERR(mdev->regs)) { + err = PTR_ERR(mdev->regs); + goto out_disable_clk; + } /* Software reset 1-Wire module */ writeb(MXC_W1_RESET_RST, mdev->regs + MXC_W1_RESET); @@ -146,8 +148,12 @@ static int mxc_w1_probe(struct platform_device *pdev) err = w1_add_master_device(&mdev->bus_master); if (err) - clk_disable_unprepare(mdev->clk); + goto out_disable_clk; + return 0; + +out_disable_clk: + clk_disable_unprepare(mdev->clk); return err; } -- 2.17.0

7 years, 1 month

1
0
0 0

[PATCH] IB/srpt: Increase port count

by Bart Van Assche

Since there are adapters that have four ports, increase the size of the srpt_device.port[] array. This patch avoids that the following warning is hit with quad port Chelsio adapters: WARN_ON(sdev->device->phys_port_cnt > ARRAY_SIZE(sdev->port)); Reported-by: Steve Wise <swise(a)opengridcomputing.com> Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Steve Wise <swise(a)opengridcomputing.com> Cc: <stable(a)vger.kernel.org> --- drivers/infiniband/ulp/srpt/ib_srpt.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.h b/drivers/infiniband/ulp/srpt/ib_srpt.h index 2361483476a0..b72f1f4066fa 100644 --- a/drivers/infiniband/ulp/srpt/ib_srpt.h +++ b/drivers/infiniband/ulp/srpt/ib_srpt.h @@ -410,7 +410,7 @@ struct srpt_device { struct mutex sdev_mutex; bool use_srq; struct srpt_recv_ioctx **ioctx_ring; - struct srpt_port port[2]; + struct srpt_port port[4]; struct ib_event_handler event_handler; struct list_head list; }; -- 2.16.3

7 years, 1 month

4
3
0 0

patch "serial: 8250: omap: Fix idling of clocks for unused uarts" added to tty-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: 8250: omap: Fix idling of clocks for unused uarts to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the tty-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 13dc04d0e5fdc25c8f713ad23fdce51cf2bf96ba Mon Sep 17 00:00:00 2001 From: Tony Lindgren <tony(a)atomide.com> Date: Fri, 4 May 2018 10:44:09 -0700 Subject: serial: 8250: omap: Fix idling of clocks for unused uarts I noticed that unused UARTs won't necessarily idle properly always unless at least one byte tx transfer is done first. After some debugging I narrowed down the problem to the scr register dma configuration bits that need to be set before softreset for the clocks to idle. Unless we do this, the module clkctrl idlest bits may be set to 1 instead of 3 meaning the clock will never idle and is blocking deeper idle states for the whole domain. This might be related to the configuration done by the bootloader or kexec booting where certain configurations cause the 8250 or the clkctrl clock to jam in a way where setting of the scr bits and reset is needed to clear it. I've tried diffing the 8250 registers for the various modes, but did not see anything specific. So far I've only seen this on omap4 but I'm suspecting this might also happen on the other clkctrl using SoCs considering they already have a quirk enabled for UART_ERRATA_CLOCK_DISABLE. Let's fix the issue by configuring scr before reset for basic dma even if we don't use it. The scr register will be reset when we do softreset few lines after, and we restore scr on resume. We should do this for all the SoCs with UART_ERRATA_CLOCK_DISABLE quirk flag set since the ones with UART_ERRATA_CLOCK_DISABLE are all based using clkctrl similar to omap4. Looks like both OMAP_UART_SCR_DMAMODE_1 | OMAP_UART_SCR_DMAMODE_CTL bits are needed for the clkctrl to idle after a softreset. And we need to add omap4 to also use the UART_ERRATA_CLOCK_DISABLE for the related workaround to be enabled. This same compatible value will also be used for omap5. Fixes: cdb929e4452a ("serial: 8250_omap: workaround errata around idling UART after using DMA") Cc: Keerthy <j-keerthy(a)ti.com> Cc: Matthijs van Duin <matthijsvanduin(a)gmail.com> Cc: Sekhar Nori <nsekhar(a)ti.com> Cc: Tero Kristo <t-kristo(a)ti.com> Signed-off-by: Tony Lindgren <tony(a)atomide.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/8250/8250_omap.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c index 6aaa84355fd1..1b337fee07ed 100644 --- a/drivers/tty/serial/8250/8250_omap.c +++ b/drivers/tty/serial/8250/8250_omap.c @@ -1110,13 +1110,14 @@ static int omap8250_no_handle_irq(struct uart_port *port) return 0; } +static const u8 omap4_habit = UART_ERRATA_CLOCK_DISABLE; static const u8 am3352_habit = OMAP_DMA_TX_KICK | UART_ERRATA_CLOCK_DISABLE; static const u8 dra742_habit = UART_ERRATA_CLOCK_DISABLE; static const struct of_device_id omap8250_dt_ids[] = { { .compatible = "ti,omap2-uart" }, { .compatible = "ti,omap3-uart" }, - { .compatible = "ti,omap4-uart" }, + { .compatible = "ti,omap4-uart", .data = &omap4_habit, }, { .compatible = "ti,am3352-uart", .data = &am3352_habit, }, { .compatible = "ti,am4372-uart", .data = &am3352_habit, }, { .compatible = "ti,dra742-uart", .data = &dra742_habit, }, @@ -1362,6 +1363,19 @@ static int omap8250_soft_reset(struct device *dev) int sysc; int syss; + /* + * At least on omap4, unused uarts may not idle after reset without + * a basic scr dma configuration even with no dma in use. The + * module clkctrl status bits will be 1 instead of 3 blocking idle + * for the whole clockdomain. The softreset below will clear scr, + * and we restore it on resume so this is safe to do on all SoCs + * needing omap8250_soft_reset() quirk. Do it in two writes as + * recommended in the comment for omap8250_update_scr(). + */ + serial_out(up, UART_OMAP_SCR, OMAP_UART_SCR_DMAMODE_1); + serial_out(up, UART_OMAP_SCR, + OMAP_UART_SCR_DMAMODE_1 | OMAP_UART_SCR_DMAMODE_CTL); + sysc = serial_in(up, UART_OMAP_SYSC); /* softreset the UART */ -- 2.17.0

7 years, 1 month

1
0
0 0

patch "serial: samsung: fix maxburst parameter for DMA transactions" added to tty-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: samsung: fix maxburst parameter for DMA transactions to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the tty-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From aa2f80e752c75e593b3820f42c416ed9458fa73e Mon Sep 17 00:00:00 2001 From: Marek Szyprowski <m.szyprowski(a)samsung.com> Date: Thu, 10 May 2018 08:41:13 +0200 Subject: serial: samsung: fix maxburst parameter for DMA transactions The best granularity of residue that DMA engine can report is in the BURST units, so the serial driver must use MAXBURST = 1 and DMA_SLAVE_BUSWIDTH_1_BYTE if it relies on exact number of bytes transferred by DMA engine. Fixes: 62c37eedb74c ("serial: samsung: add dma reqest/release functions") Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Acked-by: Krzysztof Kozlowski <krzk(a)kernel.org> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/samsung.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c index 3f2f8c118ce0..64e96926f1ad 100644 --- a/drivers/tty/serial/samsung.c +++ b/drivers/tty/serial/samsung.c @@ -862,15 +862,12 @@ static int s3c24xx_serial_request_dma(struct s3c24xx_uart_port *p) dma->rx_conf.direction = DMA_DEV_TO_MEM; dma->rx_conf.src_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE; dma->rx_conf.src_addr = p->port.mapbase + S3C2410_URXH; - dma->rx_conf.src_maxburst = 16; + dma->rx_conf.src_maxburst = 1; dma->tx_conf.direction = DMA_MEM_TO_DEV; dma->tx_conf.dst_addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE; dma->tx_conf.dst_addr = p->port.mapbase + S3C2410_UTXH; - if (dma_get_cache_alignment() >= 16) - dma->tx_conf.dst_maxburst = 16; - else - dma->tx_conf.dst_maxburst = 1; + dma->tx_conf.dst_maxburst = 1; dma->rx_chan = dma_request_chan(p->port.dev, "rx"); -- 2.17.0

7 years, 1 month

1
0
0 0

patch "tty: pl011: Avoid spuriously stuck-off interrupts" added to tty-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tty: pl011: Avoid spuriously stuck-off interrupts to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the tty-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 4a7e625ce50412a7711efa0f2ef0b96ce3826759 Mon Sep 17 00:00:00 2001 From: Dave Martin <Dave.Martin(a)arm.com> Date: Thu, 10 May 2018 18:08:23 +0100 Subject: tty: pl011: Avoid spuriously stuck-off interrupts Commit 9b96fbacda34 ("serial: PL011: clear pending interrupts") clears the RX and receive timeout interrupts on pl011 startup, to avoid a screaming-interrupt scenario that can occur when the firmware or bootloader leaves these interrupts asserted. This has been noted as an issue when running Linux on qemu [1]. Unfortunately, the above fix seems to lead to potential misbehaviour if the RX FIFO interrupt is asserted _non_ spuriously on driver startup, if the RX FIFO is also already full to the trigger level. Clearing the RX FIFO interrupt does not change the FIFO fill level. In this scenario, because the interrupt is now clear and because the FIFO is already full to the trigger level, no new assertion of the RX FIFO interrupt can occur unless the FIFO is drained back below the trigger level. This never occurs because the pl011 driver is waiting for an RX FIFO interrupt to tell it that there is something to read, and does not read the FIFO at all until that interrupt occurs. Thus, simply clearing "spurious" interrupts on startup may be misguided, since there is no way to be sure that the interrupts are truly spurious, and things can go wrong if they are not. This patch instead clears the interrupt condition by draining the RX FIFO during UART startup, after clearing any potentially spurious interrupt. This should ensure that an interrupt will definitely be asserted if the RX FIFO subsequently becomes sufficiently full. The drain is done at the point of enabling interrupts only. This means that it will occur any time the UART is newly opened through the tty layer. It will not apply to polled-mode use of the UART by kgdboc: since that scenario cannot use interrupts by design, this should not matter. kgdboc will interact badly with "normal" use of the UART in any case: this patch makes no attempt to paper over such issues. This patch does not attempt to address the case where the RX FIFO fills faster than it can be drained: that is a pathological hardware design problem that is beyond the scope of the driver to work around. As a failsafe, the number of poll iterations for draining the FIFO is limited to twice the FIFO size. This will ensure that the kernel at least boots even if it is impossible to drain the FIFO for some reason. [1] [Qemu-devel] [Qemu-arm] [PATCH] pl011: do not put into fifo before enabled the interruption https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg06446.html Reported-by: Wei Xu <xuwei5(a)hisilicon.com> Cc: Russell King <linux(a)armlinux.org.uk> Cc: Linus Walleij <linus.walleij(a)linaro.org> Cc: Peter Maydell <peter.maydell(a)linaro.org> Fixes: 9b96fbacda34 ("serial: PL011: clear pending interrupts") Signed-off-by: Dave Martin <Dave.Martin(a)arm.com> Cc: stable <stable(a)vger.kernel.org> Tested-by: Wei Xu <xuwei5(a)hisilicon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/amba-pl011.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/tty/serial/amba-pl011.c b/drivers/tty/serial/amba-pl011.c index 4b40a5b449ee..ebd33c0232e6 100644 --- a/drivers/tty/serial/amba-pl011.c +++ b/drivers/tty/serial/amba-pl011.c @@ -1727,10 +1727,26 @@ static int pl011_allocate_irq(struct uart_amba_port *uap) */ static void pl011_enable_interrupts(struct uart_amba_port *uap) { + unsigned int i; + spin_lock_irq(&uap->port.lock); /* Clear out any spuriously appearing RX interrupts */ pl011_write(UART011_RTIS | UART011_RXIS, uap, REG_ICR); + + /* + * RXIS is asserted only when the RX FIFO transitions from below + * to above the trigger threshold. If the RX FIFO is already + * full to the threshold this can't happen and RXIS will now be + * stuck off. Drain the RX FIFO explicitly to fix this: + */ + for (i = 0; i < uap->fifosize * 2; ++i) { + if (pl011_read(uap, REG_FR) & UART01x_FR_RXFE) + break; + + pl011_read(uap, REG_DR); + } + uap->im = UART011_RTIM; if (!pl011_dma_rx_running(uap)) uap->im |= UART011_RXIM; -- 2.17.0

7 years, 1 month

1
0
0 0

patch "xhci: Fix USB3 NULL pointer dereference at logical disconnect." added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xhci: Fix USB3 NULL pointer dereference at logical disconnect. to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 2278446e2b7cd33ad894b32e7eb63afc7db6c86e Mon Sep 17 00:00:00 2001 From: Mathias Nyman <mathias.nyman(a)linux.intel.com> Date: Mon, 14 May 2018 11:57:23 +0300 Subject: xhci: Fix USB3 NULL pointer dereference at logical disconnect. Hub driver will try to disable a USB3 device twice at logical disconnect, racing with xhci_free_dev() callback from the first port disable. This can be triggered with "udisksctl power-off --block-device <disk>" or by writing "1" to the "remove" sysfs file for a USB3 device in 4.17-rc4. USB3 devices don't have a similar disabled link state as USB2 devices, and use a U3 suspended link state instead. In this state the port is still enabled and connected. hub_port_connect() first disconnects the device, then later it notices that device is still enabled (due to U3 states) it will try to disable the port again (set to U3). The xhci_free_dev() called during device disable is async, so checking for existing xhci->devs[i] when setting link state to U3 the second time was successful, even if device was being freed. The regression was caused by, and whole thing revealed by, Commit 44a182b9d177 ("xhci: Fix use-after-free in xhci_free_virt_device") which sets xhci->devs[i]->udev to NULL before xhci_virt_dev() returned. and causes a NULL pointer dereference the second time we try to set U3. Fix this by checking xhci->devs[i]->udev exists before setting link state. The original patch went to stable so this fix needs to be applied there as well. Fixes: 44a182b9d177 ("xhci: Fix use-after-free in xhci_free_virt_device") Cc: <stable(a)vger.kernel.org> Reported-by: Jordan Glover <Golden_Miller83(a)protonmail.ch> Tested-by: Jordan Glover <Golden_Miller83(a)protonmail.ch> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/xhci-hub.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index 72ebbc908e19..32cd52ca8318 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -354,7 +354,7 @@ int xhci_find_slot_id_by_port(struct usb_hcd *hcd, struct xhci_hcd *xhci, slot_id = 0; for (i = 0; i < MAX_HC_SLOTS; i++) { - if (!xhci->devs[i]) + if (!xhci->devs[i] || !xhci->devs[i]->udev) continue; speed = xhci->devs[i]->udev->speed; if (((speed >= USB_SPEED_SUPER) == (hcd->speed >= HCD_USB3)) -- 2.17.0

7 years, 1 month

1
0
0 0

[PATCH 1/1] xhci: Fix USB3 NULL pointer dereference at logical disconnect.

by Mathias Nyman

Hub driver will try to disable a USB3 device twice at logical disconnect, racing with xhci_free_dev() callback from the first port disable. This can be triggered with "udisksctl power-off --block-device <disk>" or by writing "1" to the "remove" sysfs file for a USB3 device in 4.17-rc4. USB3 devices don't have a similar disabled link state as USB2 devices, and use a U3 suspended link state instead. In this state the port is still enabled and connected. hub_port_connect() first disconnects the device, then later it notices that device is still enabled (due to U3 states) it will try to disable the port again (set to U3). The xhci_free_dev() called during device disable is async, so checking for existing xhci->devs[i] when setting link state to U3 the second time was successful, even if device was being freed. The regression was caused by, and whole thing revealed by, Commit 44a182b9d177 ("xhci: Fix use-after-free in xhci_free_virt_device") which sets xhci->devs[i]->udev to NULL before xhci_virt_dev() returned. and causes a NULL pointer dereference the second time we try to set U3. Fix this by checking xhci->devs[i]->udev exists before setting link state. The original patch went to stable so this fix needs to be applied there as well. Fixes: 44a182b9d177 ("xhci: Fix use-after-free in xhci_free_virt_device") Cc: <stable(a)vger.kernel.org> Reported-by: Jordan Glover <Golden_Miller83(a)protonmail.ch> Tested-by: Jordan Glover <Golden_Miller83(a)protonmail.ch> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-hub.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index 72ebbc9..32cd52c 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -354,7 +354,7 @@ int xhci_find_slot_id_by_port(struct usb_hcd *hcd, struct xhci_hcd *xhci, slot_id = 0; for (i = 0; i < MAX_HC_SLOTS; i++) { - if (!xhci->devs[i]) + if (!xhci->devs[i] || !xhci->devs[i]->udev) continue; speed = xhci->devs[i]->udev->speed; if (((speed >= USB_SPEED_SUPER) == (hcd->speed >= HCD_USB3)) -- 2.7.4

7 years, 1 month

1
0
0 0

[PATCH] drm/i915/oa: Disable OA on Haswell

by Chris Wilson

We observe that the OA architecture is clobbering random memory. Disable it until this can be resolved. References: https://bugs.freedesktop.org/show_bug.cgi?id=106379 Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/i915_perf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/i915_perf.c b/drivers/gpu/drm/i915/i915_perf.c index 019bd2d073ad..20187f3bf350 100644 --- a/drivers/gpu/drm/i915/i915_perf.c +++ b/drivers/gpu/drm/i915/i915_perf.c @@ -3425,7 +3425,7 @@ static struct ctl_table dev_root[] = { */ void i915_perf_init(struct drm_i915_private *dev_priv) { - if (IS_HASWELL(dev_priv)) { + if (IS_HASWELL(dev_priv) && 0) { dev_priv->perf.oa.ops.is_valid_b_counter_reg = gen7_is_valid_b_counter_addr; dev_priv->perf.oa.ops.is_valid_mux_reg = -- 2.17.0

7 years, 1 month

2
10
0 0

[tip:efi/core] efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode

by tip-bot for Ard Biesheuvel

Commit-ID: 0b3225ab9407f557a8e20f23f37aa7236c10a9b1 Gitweb: https://git.kernel.org/tip/0b3225ab9407f557a8e20f23f37aa7236c10a9b1 Author: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> AuthorDate: Fri, 4 May 2018 07:59:58 +0200 Committer: Ingo Molnar <mingo(a)kernel.org> CommitDate: Mon, 14 May 2018 08:56:29 +0200 efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode Mixed mode allows a kernel built for x86_64 to interact with 32-bit EFI firmware, but requires us to define all struct definitions carefully when it comes to pointer sizes. 'struct efi_pci_io_protocol_32' currently uses a 'void *' for the 'romimage' field, which will be interpreted as a 64-bit field on such kernels, potentially resulting in bogus memory references and subsequent crashes. Tested-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Cc: <stable(a)vger.kernel.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Matt Fleming <matt(a)codeblueprint.co.uk> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: linux-efi(a)vger.kernel.org Link: http://lkml.kernel.org/r/20180504060003.19618-13-ard.biesheuvel@linaro.org Signed-off-by: Ingo Molnar <mingo(a)kernel.org> --- arch/x86/boot/compressed/eboot.c | 6 ++++-- include/linux/efi.h | 8 ++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c index 47d3efff6805..09f36c0d9d4f 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c @@ -163,7 +163,8 @@ __setup_efi_pci32(efi_pci_io_protocol_32 *pci, struct pci_setup_rom **__rom) if (status != EFI_SUCCESS) goto free_struct; - memcpy(rom->romdata, pci->romimage, pci->romsize); + memcpy(rom->romdata, (void *)(unsigned long)pci->romimage, + pci->romsize); return status; free_struct: @@ -269,7 +270,8 @@ __setup_efi_pci64(efi_pci_io_protocol_64 *pci, struct pci_setup_rom **__rom) if (status != EFI_SUCCESS) goto free_struct; - memcpy(rom->romdata, pci->romimage, pci->romsize); + memcpy(rom->romdata, (void *)(unsigned long)pci->romimage, + pci->romsize); return status; free_struct: diff --git a/include/linux/efi.h b/include/linux/efi.h index f1b7d68ac460..3016d8c456bc 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -395,8 +395,8 @@ typedef struct { u32 attributes; u32 get_bar_attributes; u32 set_bar_attributes; - uint64_t romsize; - void *romimage; + u64 romsize; + u32 romimage; } efi_pci_io_protocol_32; typedef struct { @@ -415,8 +415,8 @@ typedef struct { u64 attributes; u64 get_bar_attributes; u64 set_bar_attributes; - uint64_t romsize; - void *romimage; + u64 romsize; + u64 romimage; } efi_pci_io_protocol_64; typedef struct {

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: remove APIC Timer periodic/oneshot spikes" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ecf08dad723d3e000aecff6c396f54772d124733 Mon Sep 17 00:00:00 2001 From: Anthoine Bourgeois <anthoine.bourgeois(a)blade-group.com> Date: Sun, 29 Apr 2018 22:05:58 +0000 Subject: [PATCH] KVM: x86: remove APIC Timer periodic/oneshot spikes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since the commit "8003c9ae204e: add APIC Timer periodic/oneshot mode VMX preemption timer support", a Windows 10 guest has some erratic timer spikes. Here the results on a 150000 times 1ms timer without any load: Before 8003c9ae204e | After 8003c9ae204e Max 1834us | 86000us Mean 1100us | 1021us Deviation 59us | 149us Here the results on a 150000 times 1ms timer with a cpu-z stress test: Before 8003c9ae204e | After 8003c9ae204e Max 32000us | 140000us Mean 1006us | 1997us Deviation 140us | 11095us The root cause of the problem is starting hrtimer with an expiry time already in the past can take more than 20 milliseconds to trigger the timer function. It can be solved by forward such past timers immediately, rather than submitting them to hrtimer_start(). In case the timer is periodic, update the target expiration and call hrtimer_start with it. v2: Check if the tsc deadline is already expired. Thank you Mika. v3: Execute the past timers immediately rather than submitting them to hrtimer_start(). v4: Rearm the periodic timer with advance_periodic_target_expiration() a simpler version of set_target_expiration(). Thank you Paolo. Cc: Mika Penttilä <mika.penttila(a)nextfour.com> Cc: Wanpeng Li <kernellwp(a)gmail.com> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: Anthoine Bourgeois <anthoine.bourgeois(a)blade-group.com> 8003c9ae204e ("KVM: LAPIC: add APIC Timer periodic/oneshot mode VMX preemption timer support") Signed-off-by: Radim Krčmář <rkrcmar(a)redhat.com> diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 70dcb5548022..b74c9c1405b9 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -1463,23 +1463,6 @@ static void start_sw_tscdeadline(struct kvm_lapic *apic) local_irq_restore(flags); } -static void start_sw_period(struct kvm_lapic *apic) -{ - if (!apic->lapic_timer.period) - return; - - if (apic_lvtt_oneshot(apic) && - ktime_after(ktime_get(), - apic->lapic_timer.target_expiration)) { - apic_timer_expired(apic); - return; - } - - hrtimer_start(&apic->lapic_timer.timer, - apic->lapic_timer.target_expiration, - HRTIMER_MODE_ABS_PINNED); -} - static void update_target_expiration(struct kvm_lapic *apic, uint32_t old_divisor) { ktime_t now, remaining; @@ -1546,6 +1529,26 @@ static void advance_periodic_target_expiration(struct kvm_lapic *apic) apic->lapic_timer.period); } +static void start_sw_period(struct kvm_lapic *apic) +{ + if (!apic->lapic_timer.period) + return; + + if (ktime_after(ktime_get(), + apic->lapic_timer.target_expiration)) { + apic_timer_expired(apic); + + if (apic_lvtt_oneshot(apic)) + return; + + advance_periodic_target_expiration(apic); + } + + hrtimer_start(&apic->lapic_timer.timer, + apic->lapic_timer.target_expiration, + HRTIMER_MODE_ABS_PINNED); +} + bool kvm_lapic_hv_timer_in_use(struct kvm_vcpu *vcpu) { if (!lapic_in_kernel(vcpu))

7 years, 1 month

3
2
0 0

[CVE-2018-1092][T/X/A/B/C] ext4: fail ext4_iget for root directory if unallocated

by Khalid Elmously

From: Theodore Ts'o <tytso(a)mit.edu> CVE-2018-1092 If the root directory has an i_links_count of zero, then when the file system is mounted, then when ext4_fill_super() notices the problem and tries to call iput() the root directory in the error return path, ext4_evict_inode() will try to free the inode on disk, before all of the file system structures are set up, and this will result in an OOPS caused by a NULL pointer dereference. This issue has been assigned CVE-2018-1092. https://bugzilla.kernel.org/show_bug.cgi?id=199179 https://bugzilla.redhat.com/show_bug.cgi?id=1560777 Reported-by: Wen Xu <wen.xu(a)gatech.edu> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org (cherry-picked from 8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44) Signed-off-by: Khalid Elmously <khalid.elmously(a)canonical.com> --- fs/ext4/inode.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 3d4d1dccc8a1..398faeff1938 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4745,6 +4745,12 @@ struct inode *ext4_iget(struct super_block *sb, unsigned long ino) goto bad_inode; raw_inode = ext4_raw_inode(&iloc); + if ((ino == EXT4_ROOT_INO) && (raw_inode->i_links_count == 0)) { + EXT4_ERROR_INODE(inode, "root inode unallocated"); + ret = -EFSCORRUPTED; + goto bad_inode; + } + if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE) { ei->i_extra_isize = le16_to_cpu(raw_inode->i_extra_isize); if (EXT4_GOOD_OLD_INODE_SIZE + ei->i_extra_isize > -- 2.17.0

7 years, 1 month

2
2
0 0

[PATCH v4.14] KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler

by Paul Mackerras

commit c3856aeb29402e94ad9b3879030165cc6a4fdc56 upstream. This fixes several bugs in the radix page fault handler relating to the way large pages in the memory backing the guest were handled. First, the check for large pages only checked for explicit huge pages and missed transparent huge pages. Then the check that the addresses (host virtual vs. guest physical) had appropriate alignment was wrong, meaning that the code never put a large page in the partition scoped radix tree; it was always demoted to a small page. Fixing this exposed bugs in kvmppc_create_pte(). We were never invalidating a 2MB PTE, which meant that if a page was initially faulted in without write permission and the guest then attempted to store to it, we would never update the PTE to have write permission. If we find a valid 2MB PTE in the PMD, we need to clear it and do a TLB invalidation before installing either the new 2MB PTE or a pointer to a page table page. This also corrects an assumption that get_user_pages_fast would set the _PAGE_DIRTY bit if we are writing, which is not true. Instead we mark the page dirty explicitly with set_page_dirty_lock(). This also means we don't need the dirty bit set on the host PTE when providing write access on a read fault. [paulus(a)ozlabs.org - use mark_pages_dirty instead of kvmppc_update_dirty_map] Signed-off-by: Paul Mackerras <paulus(a)ozlabs.org> --- arch/powerpc/kvm/book3s_64_mmu_radix.c | 72 ++++++++++++++++++++++------------ 1 file changed, 46 insertions(+), 26 deletions(-) diff --git a/arch/powerpc/kvm/book3s_64_mmu_radix.c b/arch/powerpc/kvm/book3s_64_mmu_radix.c index c5d7435455f1..27a41695fcfd 100644 --- a/arch/powerpc/kvm/book3s_64_mmu_radix.c +++ b/arch/powerpc/kvm/book3s_64_mmu_radix.c @@ -19,6 +19,9 @@ #include <asm/pgalloc.h> #include <asm/pte-walk.h> +static void mark_pages_dirty(struct kvm *kvm, struct kvm_memory_slot *memslot, + unsigned long gfn, unsigned int order); + /* * Supported radix tree geometry. * Like p9, we support either 5 or 9 bits at the first (lowest) level, @@ -195,6 +198,12 @@ static void kvmppc_pte_free(pte_t *ptep) kmem_cache_free(kvm_pte_cache, ptep); } +/* Like pmd_huge() and pmd_large(), but works regardless of config options */ +static inline int pmd_is_leaf(pmd_t pmd) +{ + return !!(pmd_val(pmd) & _PAGE_PTE); +} + static int kvmppc_create_pte(struct kvm *kvm, pte_t pte, unsigned long gpa, unsigned int level, unsigned long mmu_seq) { @@ -219,7 +228,7 @@ static int kvmppc_create_pte(struct kvm *kvm, pte_t pte, unsigned long gpa, else new_pmd = pmd_alloc_one(kvm->mm, gpa); - if (level == 0 && !(pmd && pmd_present(*pmd))) + if (level == 0 && !(pmd && pmd_present(*pmd) && !pmd_is_leaf(*pmd))) new_ptep = kvmppc_pte_alloc(); /* Check if we might have been invalidated; let the guest retry if so */ @@ -244,12 +253,30 @@ static int kvmppc_create_pte(struct kvm *kvm, pte_t pte, unsigned long gpa, new_pmd = NULL; } pmd = pmd_offset(pud, gpa); - if (pmd_large(*pmd)) { - /* Someone else has instantiated a large page here; retry */ - ret = -EAGAIN; - goto out_unlock; - } - if (level == 1 && !pmd_none(*pmd)) { + if (pmd_is_leaf(*pmd)) { + unsigned long lgpa = gpa & PMD_MASK; + + /* + * If we raced with another CPU which has just put + * a 2MB pte in after we saw a pte page, try again. + */ + if (level == 0 && !new_ptep) { + ret = -EAGAIN; + goto out_unlock; + } + /* Valid 2MB page here already, remove it */ + old = kvmppc_radix_update_pte(kvm, pmdp_ptep(pmd), + ~0UL, 0, lgpa, PMD_SHIFT); + kvmppc_radix_tlbie_page(kvm, lgpa, PMD_SHIFT); + if (old & _PAGE_DIRTY) { + unsigned long gfn = lgpa >> PAGE_SHIFT; + struct kvm_memory_slot *memslot; + memslot = gfn_to_memslot(kvm, gfn); + if (memslot) + mark_pages_dirty(kvm, memslot, gfn, + PMD_SHIFT - PAGE_SHIFT); + } + } else if (level == 1 && !pmd_none(*pmd)) { /* * There's a page table page here, but we wanted * to install a large page. Tell the caller and let @@ -412,28 +439,24 @@ int kvmppc_book3s_radix_page_fault(struct kvm_run *run, struct kvm_vcpu *vcpu, } else { page = pages[0]; pfn = page_to_pfn(page); - if (PageHuge(page)) { - page = compound_head(page); - pte_size <<= compound_order(page); + if (PageCompound(page)) { + pte_size <<= compound_order(compound_head(page)); /* See if we can insert a 2MB large-page PTE here */ if (pte_size >= PMD_SIZE && - (gpa & PMD_MASK & PAGE_MASK) == - (hva & PMD_MASK & PAGE_MASK)) { + (gpa & (PMD_SIZE - PAGE_SIZE)) == + (hva & (PMD_SIZE - PAGE_SIZE))) { level = 1; pfn &= ~((PMD_SIZE >> PAGE_SHIFT) - 1); } } /* See if we can provide write access */ if (writing) { - /* - * We assume gup_fast has set dirty on the host PTE. - */ pgflags |= _PAGE_WRITE; } else { local_irq_save(flags); ptep = find_current_mm_pte(current->mm->pgd, hva, NULL, NULL); - if (ptep && pte_write(*ptep) && pte_dirty(*ptep)) + if (ptep && pte_write(*ptep)) pgflags |= _PAGE_WRITE; local_irq_restore(flags); } @@ -459,18 +482,15 @@ int kvmppc_book3s_radix_page_fault(struct kvm_run *run, struct kvm_vcpu *vcpu, pte = pfn_pte(pfn, __pgprot(pgflags)); ret = kvmppc_create_pte(kvm, pte, gpa, level, mmu_seq); } - if (ret == 0 || ret == -EAGAIN) - ret = RESUME_GUEST; if (page) { - /* - * We drop pages[0] here, not page because page might - * have been set to the head page of a compound, but - * we have to drop the reference on the correct tail - * page to match the get inside gup() - */ - put_page(pages[0]); + if (!ret && (pgflags & _PAGE_WRITE)) + set_page_dirty_lock(page); + put_page(page); } + + if (ret == 0 || ret == -EAGAIN) + ret = RESUME_GUEST; return ret; } @@ -676,7 +696,7 @@ void kvmppc_free_radix(struct kvm *kvm) continue; pmd = pmd_offset(pud, 0); for (im = 0; im < PTRS_PER_PMD; ++im, ++pmd) { - if (pmd_huge(*pmd)) { + if (pmd_is_leaf(*pmd)) { pmd_clear(pmd); continue; } -- 2.11.0

7 years, 1 month

2
1
0 0

[PATCH v2 04/13] soc: rockchip: power-domain: Fix wrong value when power up pd

by Elaine Zhang

From: Finley Xiao <finley.xiao(a)rock-chips.com> Solve the pd could only ever turn off but never turn them on again, If the pd registers have the writemask bits. Fix up the code error for commit: commit 79bb17ce8edb3141339b5882e372d0ec7346217c Author: Elaine Zhang <zhangqing(a)rock-chips.com> Date: Fri Dec 23 11:47:52 2016 +0800 soc: rockchip: power-domain: Support domain control in hiword-registers New Rockchips SoCs may have their power-domain control in registers using a writemask-based access scheme (upper 16bit being the write mask). So add a DOMAIN_M type and handle this case accordingly. Signed-off-by: Elaine Zhang <zhangqing(a)rock-chips.com> Signed-off-by: Heiko Stuebner <heiko(a)sntech.de> Signed-off-by: Finley Xiao <finley.xiao(a)rock-chips.com> Signed-off-by: Elaine Zhang <zhangqing(a)rock-chips.com> --- drivers/soc/rockchip/pm_domains.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/soc/rockchip/pm_domains.c b/drivers/soc/rockchip/pm_domains.c index ebd7c41898c0..01d4ba26a054 100644 --- a/drivers/soc/rockchip/pm_domains.c +++ b/drivers/soc/rockchip/pm_domains.c @@ -264,7 +264,7 @@ static void rockchip_do_pmu_set_power_domain(struct rockchip_pm_domain *pd, return; else if (pd->info->pwr_w_mask) regmap_write(pmu->regmap, pmu->info->pwr_offset, - on ? pd->info->pwr_mask : + on ? pd->info->pwr_w_mask : (pd->info->pwr_mask | pd->info->pwr_w_mask)); else regmap_update_bits(pmu->regmap, pmu->info->pwr_offset, -- 1.9.1

7 years, 1 month

2
1
0 0

[PATCH v4.14 1/4] KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry

by Paul Mackerras

commit a8b48a4dccea77e29462e59f1dbf0d5aa1ff167c upstream. This fixes a bug where the trap number that is returned by __kvmppc_vcore_entry gets corrupted. The effect of the corruption is that IPIs get ignored on POWER9 systems when the IPI is sent via a doorbell interrupt to a CPU which is executing in a KVM guest. The effect of the IPI being ignored is often that another CPU locks up inside smp_call_function_many() (and if that CPU is holding a spinlock, other CPUs then lock up inside raw_spin_lock()). The trap number is currently held in register r12 for most of the assembly-language part of the guest exit path. In that path, we call kvmppc_subcore_exit_guest(), which is a C function, without restoring r12 afterwards. Depending on the kernel config and the compiler, it may modify r12 or it may not, so some config/compiler combinations see the bug and others don't. To fix this, we arrange for the trap number to be stored on the stack from the point where kvmhv_commence_exit is called until the end of the function, then the trap number is loaded and returned in r12 as before. Cc: stable(a)vger.kernel.org # v4.8+ Fixes: fd7bacbca47a ("KVM: PPC: Book3S HV: Fix TB corruption in guest exit path on HMI interrupt") Signed-off-by: Paul Mackerras <paulus(a)ozlabs.org> --- arch/powerpc/kvm/book3s_hv_rmhandlers.S | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S b/arch/powerpc/kvm/book3s_hv_rmhandlers.S index 2b3194b9608f..663a398449b7 100644 --- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S +++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S @@ -308,7 +308,6 @@ kvm_novcpu_exit: stw r12, STACK_SLOT_TRAP(r1) bl kvmhv_commence_exit nop - lwz r12, STACK_SLOT_TRAP(r1) b kvmhv_switch_to_host /* @@ -1136,6 +1135,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300) secondary_too_late: li r12, 0 + stw r12, STACK_SLOT_TRAP(r1) cmpdi r4, 0 beq 11f stw r12, VCPU_TRAP(r4) @@ -1445,12 +1445,12 @@ mc_cont: 1: #endif /* CONFIG_KVM_XICS */ + stw r12, STACK_SLOT_TRAP(r1) mr r3, r12 /* Increment exit count, poke other threads to exit */ bl kvmhv_commence_exit nop ld r9, HSTATE_KVM_VCPU(r13) - lwz r12, VCPU_TRAP(r9) /* Stop others sending VCPU interrupts to this physical CPU */ li r0, -1 @@ -1816,6 +1816,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_POWER9_DD1) * POWER7/POWER8 guest -> host partition switch code. * We don't have to lock against tlbies but we do * have to coordinate the hardware threads. + * Here STACK_SLOT_TRAP(r1) contains the trap number. */ kvmhv_switch_to_host: /* Secondary threads wait for primary to do partition switch */ @@ -1868,11 +1869,11 @@ BEGIN_FTR_SECTION END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S) /* If HMI, call kvmppc_realmode_hmi_handler() */ + lwz r12, STACK_SLOT_TRAP(r1) cmpwi r12, BOOK3S_INTERRUPT_HMI bne 27f bl kvmppc_realmode_hmi_handler nop - li r12, BOOK3S_INTERRUPT_HMI /* * At this point kvmppc_realmode_hmi_handler would have resync-ed * the TB. Hence it is not required to subtract guest timebase @@ -1950,6 +1951,7 @@ END_MMU_FTR_SECTION_IFSET(MMU_FTR_TYPE_RADIX) li r0, KVM_GUEST_MODE_NONE stb r0, HSTATE_IN_GUEST(r13) + lwz r12, STACK_SLOT_TRAP(r1) /* return trap # in r12 */ ld r0, SFS+PPC_LR_STKOFF(r1) addi r1, r1, SFS mtlr r0 -- 2.11.0

7 years, 1 month

2
8
0 0

[PATCH] ext4: update mtime in ext4_punch_hole even if no blocks are released

by Lukas Czerner

Currently in ext4_punch_hole we're going to skip the mtime update if there are no actual blocks to release. However we've actually modified the file by zeroing the partial block so the mtime should be updated. Moreover the sync and datasync handling is skipped as well, which is also wrong. Fix it. Signed-off-by: Lukas Czerner <lczerner(a)redhat.com> Reported-by: Joe Habermann <joe.habermann(a)quantum.com> Cc: <stable(a)vger.kernel.org> --- fs/ext4/inode.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 1e50c5e..6b4c5c0 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4298,28 +4298,28 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) EXT4_BLOCK_SIZE_BITS(sb); stop_block = (offset + length) >> EXT4_BLOCK_SIZE_BITS(sb); - /* If there are no blocks to remove, return now */ - if (first_block >= stop_block) - goto out_stop; + /* If there are blocks to remove, do it */ + if (stop_block > first_block) { - down_write(&EXT4_I(inode)->i_data_sem); - ext4_discard_preallocations(inode); + down_write(&EXT4_I(inode)->i_data_sem); + ext4_discard_preallocations(inode); - ret = ext4_es_remove_extent(inode, first_block, - stop_block - first_block); - if (ret) { - up_write(&EXT4_I(inode)->i_data_sem); - goto out_stop; - } + ret = ext4_es_remove_extent(inode, first_block, + stop_block - first_block); + if (ret) { + up_write(&EXT4_I(inode)->i_data_sem); + goto out_stop; + } - if (ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) - ret = ext4_ext_remove_space(inode, first_block, - stop_block - 1); - else - ret = ext4_ind_remove_space(handle, inode, first_block, - stop_block); + if (ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) + ret = ext4_ext_remove_space(inode, first_block, + stop_block - 1); + else + ret = ext4_ind_remove_space(handle, inode, first_block, + stop_block); - up_write(&EXT4_I(inode)->i_data_sem); + up_write(&EXT4_I(inode)->i_data_sem); + } if (IS_SYNC(inode)) ext4_handle_sync(handle); -- 2.7.5

7 years, 1 month

2
1
0 0

[PATCH] ext4: Fix hole length detection in ext4_ind_map_blocks()

by Jan Kara

When ext4_ind_map_blocks() computes a length of a hole, it doesn't count with the fact that mapped offset may be somewhere in the middle of the completely empty subtree. In such case it will return too large length of the hole which then results in lseek(SEEK_DATA) to end up returning an incorrect offset beyond the end of the hole. Fix the problem by correctly taking offset within a subtree into account when computing a length of a hole. Fixes: facab4d9711e7aa3532cb82643803e8f1b9518e8 CC: stable(a)vger.kernel.org Reported-by: Jeff Mahoney <jeffm(a)suse.com> Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/ext4/indirect.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) I'll submit corresponding fstest shortly. diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c index c32802c956d5..bf7fa1507e81 100644 --- a/fs/ext4/indirect.c +++ b/fs/ext4/indirect.c @@ -561,10 +561,16 @@ int ext4_ind_map_blocks(handle_t *handle, struct inode *inode, unsigned epb = inode->i_sb->s_blocksize / sizeof(u32); int i; - /* Count number blocks in a subtree under 'partial' */ - count = 1; - for (i = 0; partial + i != chain + depth - 1; i++) - count *= epb; + /* + * Count number blocks in a subtree under 'partial'. At each + * level we count number of complete empty subtrees beyond + * current offset and then descend into the subtree only + * partially beyond current offset. + */ + count = 0; + for (i = partial - chain + 1; i < depth; i++) + count = count * epb + (epb - offsets[i] - 1); + count++; /* Fill in size of a hole we found */ map->m_pblk = 0; map->m_len = min_t(unsigned int, map->m_len, count); -- 2.13.6

7 years, 1 month

2
1
0 0

[BUGFIX PATCH v3 0/4] arm: kprobes: Fix to prohibit probing on unsafe functions

by Masami Hiramatsu

Hi, This is the 3rd version of bugfix series for kprobes on arm. This series fixes 4 different issues which I found. - Fix to use smp_processor_id() after disabling preemption. - Prohibit probing on optimized_callback() for avoiding recursive probe. - Prohibit kprobes on do_undefinstr() by same reason. - Prohibit kprobes on get_user() by same reason. >From v2, I included another 2 bugfixes (1/4 and 2/4) which are not merged yet, and added "Cc: stable(a)vger.kernel.org", since there are obvious bugs. Thanks, --- Masami Hiramatsu (4): arm: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed arm: kprobes: Prohibit probing on optimized_callback arm: kprobes: Prohibit kprobes on do_undefinstr arm: kprobes: Prohibit kprobes on get_user functions arch/arm/include/asm/assembler.h | 10 ++++++++++ arch/arm/kernel/traps.c | 5 ++++- arch/arm/lib/getuser.S | 10 ++++++++++ arch/arm/probes/kprobes/opt-arm.c | 4 +++- 4 files changed, 27 insertions(+), 2 deletions(-) -- Masami Hiramatsu (Linaro) <mhiramat(a)kernel.org>

7 years, 1 month

4
11
0 0

[PATCH 4.4 00/50] 4.4.130-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.130 release. There are 50 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Apr 29 13:56:42 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.130-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.130-rc1 Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/uprobes: implement arch_uretprobe_is_alive() Sebastian Ott <sebott(a)linux.ibm.com> s390/cio: update chpid descriptor after resource accessibility event Dan Carpenter <dan.carpenter(a)oracle.com> cdrom: information leak in cdrom_ioctl_media_changed() Martin K. Petersen <martin.petersen(a)oracle.com> scsi: mptsas: Disable WRITE SAME Eric Dumazet <edumazet(a)google.com> ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy Eric Dumazet <edumazet(a)google.com> net: af_packet: fix race in PACKET_{R|T}X_RING Eric Dumazet <edumazet(a)google.com> tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets Wolfgang Bumiller <w.bumiller(a)proxmox.com> net: fix deadlock while clearing neighbor proxy table Eric Dumazet <edumazet(a)google.com> tipc: add policy for TIPC_NLA_NET_ADDR Cong Wang <xiyou.wangcong(a)gmail.com> llc: fix NULL pointer deref for SOCK_ZAPPED Cong Wang <xiyou.wangcong(a)gmail.com> llc: hold llc_sap before release_sock() Xin Long <lucien.xin(a)gmail.com> sctp: do not check port in sctp_inet6_cmp_addr Toshiaki Makita <makita.toshiaki(a)lab.ntt.co.jp> vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi Guillaume Nault <g.nault(a)alphalink.fr> pppoe: check sockaddr length in pppoe_connect() Willem de Bruijn <willemb(a)google.com> packet: fix bitfield update race Xin Long <lucien.xin(a)gmail.com> team: fix netconsole setup over team Paolo Abeni <pabeni(a)redhat.com> team: avoid adding twice the same option to the event list Jann Horn <jannh(a)google.com> tcp: don't read out-of-bounds opsize Cong Wang <xiyou.wangcong(a)gmail.com> llc: delete timers synchronously in llc_sk_free() Eric Dumazet <edumazet(a)google.com> net: validate attribute sizes in neigh_dump_table() Guillaume Nault <g.nault(a)alphalink.fr> l2tp: check sockaddr length in pppol2tp_connect() Eric Biggers <ebiggers(a)google.com> KEYS: DNS: limit the length of option strings Xin Long <lucien.xin(a)gmail.com> bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: correct module section names for expoline code revert Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: correct nospec auto detection init order Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: add sysfs attributes for spectre Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: report spectre mitigation via syslog Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: add automatic detection of the spectre defense Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: move nobp parameter functions to nospec-branch.c Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/entry.S: fix spurious zeroing of r0 Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: do not bypass BPENTER for interrupt system calls Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: introduce execute-trampolines for branches Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: run user space and KVM guests with modified branch prediction Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: add options to change branch prediction behaviour for the kernel Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/alternative: use a copy of the facility bit mask Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: add optimized array_index_mask_nospec Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: scrub registers on kernel entry and KVM exit Martin Schwidefsky <schwidefsky(a)de.ibm.com> KVM: s390: wire up bpb feature Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: enable CPU alternatives unconditionally Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: introduce CPU alternatives Karthikeyan Periyasamy <periyasa(a)codeaurora.org> Revert "ath10k: send (re)assoc peer command when NSS changed" Sahitya Tummala <stummala(a)codeaurora.org> jbd2: fix use after free in kjournald2() Felix Fietkau <nbd(a)nbd.name> ath9k_hw: check if the chip failed to wake up Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: drv260x - fix initializing overdrive voltage Grant Grundler <grundler(a)chromium.org> r8152: add Linksys USB3GIGV1 id Chen Feng <puck.chen(a)hisilicon.com> staging: ion : Donnot wakeup kswapd in ion system alloc Jiri Olsa <jolsa(a)kernel.org> perf: Return proper values for user stack errors Xiaoming Gao <gxm.linux.kernel(a)gmail.com> x86/tsc: Prevent 32bit truncation in calc_hpet_ref() Steve French <smfrench(a)gmail.com> cifs: do not allow creating sockets except with SMB1 posix exensions ------------- Diffstat: Documentation/kernel-parameters.txt | 3 + Makefile | 4 +- arch/s390/Kconfig | 47 +++++ arch/s390/Makefile | 10 ++ arch/s390/include/asm/alternative.h | 149 +++++++++++++++ arch/s390/include/asm/barrier.h | 24 +++ arch/s390/include/asm/facility.h | 18 ++ arch/s390/include/asm/kvm_host.h | 3 +- arch/s390/include/asm/lowcore.h | 7 +- arch/s390/include/asm/nospec-branch.h | 17 ++ arch/s390/include/asm/processor.h | 4 + arch/s390/include/asm/thread_info.h | 4 + arch/s390/include/uapi/asm/kvm.h | 3 + arch/s390/kernel/Makefile | 5 +- arch/s390/kernel/alternative.c | 112 ++++++++++++ arch/s390/kernel/early.c | 5 + arch/s390/kernel/entry.S | 250 +++++++++++++++++++++++--- arch/s390/kernel/ipl.c | 1 + arch/s390/kernel/module.c | 65 ++++++- arch/s390/kernel/nospec-branch.c | 169 +++++++++++++++++ arch/s390/kernel/processor.c | 18 ++ arch/s390/kernel/setup.c | 14 +- arch/s390/kernel/smp.c | 7 +- arch/s390/kernel/uprobes.c | 9 + arch/s390/kernel/vmlinux.lds.S | 37 ++++ arch/s390/kvm/kvm-s390.c | 13 +- arch/x86/kernel/tsc.c | 2 +- drivers/cdrom/cdrom.c | 2 +- drivers/input/misc/drv260x.c | 2 +- drivers/message/fusion/mptsas.c | 1 + drivers/net/bonding/bond_main.c | 3 +- drivers/net/ppp/pppoe.c | 4 + drivers/net/team/team.c | 38 +++- drivers/net/usb/cdc_ether.c | 10 ++ drivers/net/usb/r8152.c | 2 + drivers/net/wireless/ath/ath10k/mac.c | 5 +- drivers/net/wireless/ath/ath9k/hw.c | 4 + drivers/s390/char/Makefile | 2 + drivers/s390/cio/chsc.c | 14 +- drivers/staging/android/ion/ion_system_heap.c | 2 +- fs/cifs/dir.c | 9 +- fs/jbd2/journal.c | 2 +- include/linux/if_vlan.h | 7 +- include/net/llc_conn.h | 1 + include/uapi/linux/kvm.h | 1 + kernel/events/core.c | 4 +- net/core/dev.c | 2 +- net/core/neighbour.c | 40 +++-- net/dns_resolver/dns_key.c | 13 +- net/ipv4/tcp.c | 6 +- net/ipv4/tcp_input.c | 7 +- net/ipv6/route.c | 2 + net/l2tp/l2tp_ppp.c | 7 + net/llc/af_llc.c | 14 +- net/llc/llc_c_ac.c | 9 +- net/llc/llc_conn.c | 22 ++- net/packet/af_packet.c | 88 ++++++--- net/packet/internal.h | 10 +- net/sctp/ipv6.c | 60 +++---- net/tipc/net.c | 3 +- 60 files changed, 1228 insertions(+), 168 deletions(-)

7 years, 1 month

7
58
0 0

[PATCH] [stable 4.9] arm64: Add work around for Arm Cortex-A55 Erratum 1024718

by Suzuki K Poulose

commit ece1397cbc89c51914fae1aec729539cfd8bd62b upstream Some variants of the Arm Cortex-55 cores (r0p0, r0p1, r1p0) suffer from an erratum 1024718, which causes incorrect updates when DBM/AP bits in a page table entry is modified without a break-before-make sequence. The work around is to disable the hardware DBM feature on the affected cores. The hardware Access Flag management features is not affected. The hardware DBM feature is a non-conflicting capability, i.e, the kernel could handle cores using the feature and those without having the features running at the same time. So this work around is detected at early boot time, rather than delaying it until the CPUs are brought up into the kernel with MMU turned on. This also avoids other complexities with late CPUs turning online, with or without the hardware DBM features. Cc: stable(a)vger.kernel.org # v4.9 Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> --- Note: The upstream commit is on top of a reworked capability infrastructure for arm64 heterogeneous systems, which allows delaying the CPU model checks. This backport is based on the original version of the patch [0], which checks the affected CPU models during the early boot. [0] https://lkml.kernel.org/r/20180116102323.3470-1-suzuki.poulose@arm.com --- Documentation/arm64/silicon-errata.txt | 1 + arch/arm64/Kconfig | 14 ++++++++++++ arch/arm64/include/asm/assembler.h | 40 ++++++++++++++++++++++++++++++++++ arch/arm64/include/asm/cputype.h | 5 +++++ arch/arm64/mm/proc.S | 5 +++++ 5 files changed, 65 insertions(+) diff --git a/Documentation/arm64/silicon-errata.txt b/Documentation/arm64/silicon-errata.txt index d11af52..ac9489f 100644 --- a/Documentation/arm64/silicon-errata.txt +++ b/Documentation/arm64/silicon-errata.txt @@ -54,6 +54,7 @@ stable kernels. | ARM | Cortex-A57 | #852523 | N/A | | ARM | Cortex-A57 | #834220 | ARM64_ERRATUM_834220 | | ARM | Cortex-A72 | #853709 | N/A | +| ARM | Cortex-A55 | #1024718 | ARM64_ERRATUM_1024718 | | ARM | MMU-500 | #841119,#826419 | N/A | | | | | | | Cavium | ThunderX ITS | #22375, #24313 | CAVIUM_ERRATUM_22375 | diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 90e58bb..d0df361 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -427,6 +427,20 @@ config ARM64_ERRATUM_843419 If unsure, say Y. +config ARM64_ERRATUM_1024718 + bool "Cortex-A55: 1024718: Update of DBM/AP bits without break before make might result in incorrect update" + default y + help + This option adds work around for Arm Cortex-A55 Erratum 1024718. + + Affected Cortex-A55 cores (r0p0, r0p1, r1p0) could cause incorrect + update of the hardware dirty bit when the DBM/AP bits are updated + without a break-before-make. The work around is to disable the usage + of hardware DBM locally on the affected cores. CPUs not affected by + erratum will continue to use the feature. + + If unsure, say Y. + config CAVIUM_ERRATUM_22375 bool "Cavium erratum 22375, 24313" default y diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h index e60375c..bfcfec3 100644 --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -25,6 +25,7 @@ #include <asm/asm-offsets.h> #include <asm/cpufeature.h> +#include <asm/cputype.h> #include <asm/page.h> #include <asm/pgtable-hwdef.h> #include <asm/ptrace.h> @@ -435,4 +436,43 @@ alternative_endif and \phys, \pte, #(((1 << (48 - PAGE_SHIFT)) - 1) << PAGE_SHIFT) .endm +/* + * Check the MIDR_EL1 of the current CPU for a given model and a range of + * variant/revision. See asm/cputype.h for the macros used below. + * + * model: MIDR_CPU_MODEL of CPU + * rv_min: Minimum of MIDR_CPU_VAR_REV() + * rv_max: Maximum of MIDR_CPU_VAR_REV() + * res: Result register. + * tmp1, tmp2, tmp3: Temporary registers + * + * Corrupts: res, tmp1, tmp2, tmp3 + * Returns: 0, if the CPU id doesn't match. Non-zero otherwise + */ + .macro cpu_midr_match model, rv_min, rv_max, res, tmp1, tmp2, tmp3 + mrs \res, midr_el1 + mov_q \tmp1, (MIDR_REVISION_MASK | MIDR_VARIANT_MASK) + mov_q \tmp2, MIDR_CPU_MODEL_MASK + and \tmp3, \res, \tmp2 // Extract model + and \tmp1, \res, \tmp1 // rev & variant + mov_q \tmp2, \model + cmp \tmp3, \tmp2 + cset \res, eq + cbz \res, .Ldone\@ // Model matches ? + + .if (\rv_min != 0) // Skip min check if rv_min == 0 + mov_q \tmp3, \rv_min + cmp \tmp1, \tmp3 + cset \res, ge + .endif // \rv_min != 0 + /* Skip rv_max check if rv_min == rv_max && rv_min != 0 */ + .if ((\rv_min != \rv_max) || \rv_min == 0) + mov_q \tmp2, \rv_max + cmp \tmp1, \tmp2 + cset \tmp2, le + and \res, \res, \tmp2 + .endif +.Ldone\@: + .endm + #endif /* __ASM_ASSEMBLER_H */ diff --git a/arch/arm64/include/asm/cputype.h b/arch/arm64/include/asm/cputype.h index 9ee3038..39d1db6 100644 --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -56,6 +56,9 @@ (0xf << MIDR_ARCHITECTURE_SHIFT) | \ ((partnum) << MIDR_PARTNUM_SHIFT)) +#define MIDR_CPU_VAR_REV(var, rev) \ + (((var) << MIDR_VARIANT_SHIFT) | (rev)) + #define MIDR_CPU_MODEL_MASK (MIDR_IMPLEMENTOR_MASK | MIDR_PARTNUM_MASK | \ MIDR_ARCHITECTURE_MASK) @@ -74,6 +77,7 @@ #define ARM_CPU_PART_AEM_V8 0xD0F #define ARM_CPU_PART_FOUNDATION 0xD00 +#define ARM_CPU_PART_CORTEX_A55 0xD05 #define ARM_CPU_PART_CORTEX_A57 0xD07 #define ARM_CPU_PART_CORTEX_A72 0xD08 #define ARM_CPU_PART_CORTEX_A53 0xD03 @@ -89,6 +93,7 @@ #define BRCM_CPU_PART_VULCAN 0x516 #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) +#define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) #define MIDR_CORTEX_A73 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A73) diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S index 619da1c..66cce21 100644 --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -425,6 +425,11 @@ ENTRY(__cpu_setup) cbz x9, 2f cmp x9, #2 b.lt 1f +#ifdef CONFIG_ARM64_ERRATUM_1024718 + /* Disable hardware DBM on Cortex-A55 r0p0, r0p1 & r1p0 */ + cpu_midr_match MIDR_CORTEX_A55, MIDR_CPU_VAR_REV(0, 0), MIDR_CPU_VAR_REV(1, 0), x1, x2, x3, x4 + cbnz x1, 1f +#endif orr x10, x10, #TCR_HD // hardware Dirty flag update 1: orr x10, x10, #TCR_HA // hardware Access flag update 2: -- 2.7.4

7 years, 1 month

3
3
0 0

FAILED: patch "[PATCH] drm/i915: Adjust eDP's logical vco in a reliable place." failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9d219554d9bf59875b4e571a0392d620e8954879 Mon Sep 17 00:00:00 2001 From: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Date: Wed, 2 May 2018 10:52:55 -0700 Subject: [PATCH] drm/i915: Adjust eDP's logical vco in a reliable place. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On intel_dp_compute_config() we were calculating the needed vco for eDP on gen9 and we stashing it in intel_atomic_state.cdclk.logical.vco However few moments later on intel_modeset_checks() we fully replace entire intel_atomic_state.cdclk.logical with dev_priv->cdclk.logical fully overwriting the logical desired vco for eDP on gen9. So, with wrong VCO value we end up with wrong desired cdclk, but also it will raise a lot of WARNs: On gen9, when we read CDCLK_CTL to verify if we configured properly the desired frequency the CD Frequency Select bits [27:26] == 10b can mean 337.5 or 308.57 MHz depending on the VCO. So if we have wrong VCO value stashed we will believe the frequency selection didn't stick and start to raise WARNs of cdclk mismatch. [ 42.857519] [drm:intel_dump_cdclk_state [i915]] Changing CDCLK to 308571 kHz, VCO 8640000 kHz, ref 24000 kHz, bypass 24000 kHz, voltage level 0 [ 42.897269] cdclk state doesn't match! [ 42.901052] WARNING: CPU: 5 PID: 1116 at drivers/gpu/drm/i915/intel_cdclk.c:2084 intel_set_cdclk+0x5d/0x110 [i915] [ 42.938004] RIP: 0010:intel_set_cdclk+0x5d/0x110 [i915] [ 43.155253] WARNING: CPU: 5 PID: 1116 at drivers/gpu/drm/i915/intel_cdclk.c:2084 intel_set_cdclk+0x5d/0x110 [i915] [ 43.170277] [drm:intel_dump_cdclk_state [i915]] [hw state] 337500 kHz, VCO 8100000 kHz, ref 24000 kHz, bypass 24000 kHz, voltage level 0 [ 43.182566] [drm:intel_dump_cdclk_state [i915]] [sw state] 308571 kHz, VCO 8640000 kHz, ref 24000 kHz, bypass 24000 kHz, voltage level 0 v2: Move the entire eDP's vco logical adjustment to inside the skl_modeset_calc_cdclk as suggested by Ville. Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Reviewed-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Fixes: bb0f4aab0e76 ("drm/i915: Track full cdclk state for the logical and actual cdclk frequencies") Cc: <stable(a)vger.kernel.org> # v4.12+ Link: https://patchwork.freedesktop.org/patch/msgid/20180502175255.5344-1-rodrigo… (cherry picked from commit 3297234a05ab1e90091b0574db4c397ef0e90d5f) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/intel_cdclk.c b/drivers/gpu/drm/i915/intel_cdclk.c index 32d24c69da3c..704ddb4d3ca7 100644 --- a/drivers/gpu/drm/i915/intel_cdclk.c +++ b/drivers/gpu/drm/i915/intel_cdclk.c @@ -2302,9 +2302,44 @@ static int bdw_modeset_calc_cdclk(struct drm_atomic_state *state) return 0; } +static int skl_dpll0_vco(struct intel_atomic_state *intel_state) +{ + struct drm_i915_private *dev_priv = to_i915(intel_state->base.dev); + struct intel_crtc *crtc; + struct intel_crtc_state *crtc_state; + int vco, i; + + vco = intel_state->cdclk.logical.vco; + if (!vco) + vco = dev_priv->skl_preferred_vco_freq; + + for_each_new_intel_crtc_in_state(intel_state, crtc, crtc_state, i) { + if (!crtc_state->base.enable) + continue; + + if (!intel_crtc_has_type(crtc_state, INTEL_OUTPUT_EDP)) + continue; + + /* + * DPLL0 VCO may need to be adjusted to get the correct + * clock for eDP. This will affect cdclk as well. + */ + switch (crtc_state->port_clock / 2) { + case 108000: + case 216000: + vco = 8640000; + break; + default: + vco = 8100000; + break; + } + } + + return vco; +} + static int skl_modeset_calc_cdclk(struct drm_atomic_state *state) { - struct drm_i915_private *dev_priv = to_i915(state->dev); struct intel_atomic_state *intel_state = to_intel_atomic_state(state); int min_cdclk, cdclk, vco; @@ -2312,9 +2347,7 @@ static int skl_modeset_calc_cdclk(struct drm_atomic_state *state) if (min_cdclk < 0) return min_cdclk; - vco = intel_state->cdclk.logical.vco; - if (!vco) - vco = dev_priv->skl_preferred_vco_freq; + vco = skl_dpll0_vco(intel_state); /* * FIXME should also account for plane ratio diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c index 9a4a51e79fa1..b7b4cfdeb974 100644 --- a/drivers/gpu/drm/i915/intel_dp.c +++ b/drivers/gpu/drm/i915/intel_dp.c @@ -1881,26 +1881,6 @@ intel_dp_compute_config(struct intel_encoder *encoder, reduce_m_n); } - /* - * DPLL0 VCO may need to be adjusted to get the correct - * clock for eDP. This will affect cdclk as well. - */ - if (intel_dp_is_edp(intel_dp) && IS_GEN9_BC(dev_priv)) { - int vco; - - switch (pipe_config->port_clock / 2) { - case 108000: - case 216000: - vco = 8640000; - break; - default: - vco = 8100000; - break; - } - - to_intel_atomic_state(pipe_config->base.state)->cdclk.logical.vco = vco; - } - if (!HAS_DDI(dev_priv)) intel_dp_set_clock(encoder, pipe_config);

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] mm: treat indirectly reclaimable memory as free in overcommit" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From d79f7aa496fc94d763f67b833a1f36f4c171176f Mon Sep 17 00:00:00 2001 From: Roman Gushchin <guro(a)fb.com> Date: Tue, 10 Apr 2018 16:27:47 -0700 Subject: [PATCH] mm: treat indirectly reclaimable memory as free in overcommit logic Indirectly reclaimable memory can consume a significant part of total memory and it's actually reclaimable (it will be released under actual memory pressure). So, the overcommit logic should treat it as free. Otherwise, it's possible to cause random system-wide memory allocation failures by consuming a significant amount of memory by indirectly reclaimable memory, e.g. dentry external names. If overcommit policy GUESS is used, it might be used for denial of service attack under some conditions. The following program illustrates the approach. It causes the kernel to allocate an unreclaimable kmalloc-256 chunk for each stat() call, so that at some point the overcommit logic may start blocking large allocation system-wide. int main() { char buf[256]; unsigned long i; struct stat statbuf; buf[0] = '/'; for (i = 1; i < sizeof(buf); i++) buf[i] = '_'; for (i = 0; 1; i++) { sprintf(&buf[248], "%8lu", i); stat(buf, &statbuf); } return 0; } This patch in combination with related indirectly reclaimable memory patches closes this issue. Link: http://lkml.kernel.org/r/20180313130041.8078-1-guro@fb.com Signed-off-by: Roman Gushchin <guro(a)fb.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/mm/util.c b/mm/util.c index 029fc2f3b395..73676f0f1b43 100644 --- a/mm/util.c +++ b/mm/util.c @@ -667,6 +667,13 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) */ free += global_node_page_state(NR_SLAB_RECLAIMABLE); + /* + * Part of the kernel memory, which can be released + * under memory pressure. + */ + free += global_node_page_state( + NR_INDIRECTLY_RECLAIMABLE_BYTES) >> PAGE_SHIFT; + /* * Leave reserved pages. The pages are not for anonymous pages. */

7 years, 1 month

1
0
0 0

[PATCH] nvme/pci: Sync controller reset for AER slot_reset

by Keith Busch

AER handling expects a successful return from slot_reset means the driver made the device functional again. The nvme driver had been using an asynchronous reset to recover the device, so the device may still be initializing after control is returned to the AER handler. This creates problems for subsequent event handling, causing the initializion to fail. This patch fixes that by syncing the controller reset before returning to the AER driver, and reporting the true state of the reset. Link: https://bugzilla.kernel.org/show_bug.cgi?id=199657 Reported-by: Alex Gagniuc <mr.nuke.me(a)gmail.com> Cc: Sinan Kaya <okaya(a)codeaurora.org> Cc: Bjorn Helgaas <bhelgaas(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Keith Busch <keith.busch(a)intel.com> --- drivers/nvme/host/pci.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c index b542dce45927..2e221796257a 100644 --- a/drivers/nvme/host/pci.c +++ b/drivers/nvme/host/pci.c @@ -2681,8 +2681,15 @@ static pci_ers_result_t nvme_slot_reset(struct pci_dev *pdev) dev_info(dev->ctrl.device, "restart after slot reset\n"); pci_restore_state(pdev); - nvme_reset_ctrl(&dev->ctrl); - return PCI_ERS_RESULT_RECOVERED; + nvme_reset_ctrl_sync(&dev->ctrl); + + switch (dev->ctrl.state) { + case NVME_CTRL_LIVE: + case NVME_CTRL_ADMIN_ONLY: + return PCI_ERS_RESULT_RECOVERED; + default: + return PCI_ERS_RESULT_DISCONNECT; + } } static void nvme_error_resume(struct pci_dev *pdev) -- 2.14.3

7 years, 1 month

6
8
0 0

[PATCH 1/1] doc: fix sysfs ABI documentation

by kys＠linuxonhyperv.com

From: Stephen Hemminger <stephen(a)networkplumber.org> In 4.9 kernel, the sysfs files for Hyper-V VMBus changed name but the documentation files were not updated. The current sysfs file names are /sys/bus/vmbus/devices/<UUID>/... See commit 9a56e5d6a0ba ("Drivers: hv: make VMBus bus ids persistent") and commit f6b2db084b65 ("vmbus: make sysfs names consistent with PCI") Reported-by: Michael Kelley <mikelley(a)microsoft.com> Signed-off-by: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: stable(a)vger.kernel.org Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> --- Documentation/ABI/stable/sysfs-bus-vmbus | 40 ++++++++++++++++---------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/Documentation/ABI/stable/sysfs-bus-vmbus b/Documentation/ABI/stable/sysfs-bus-vmbus index 0c9d9dcd2151..3eaffbb2d468 100644 --- a/Documentation/ABI/stable/sysfs-bus-vmbus +++ b/Documentation/ABI/stable/sysfs-bus-vmbus @@ -1,25 +1,25 @@ -What: /sys/bus/vmbus/devices/vmbus_*/id +What: /sys/bus/vmbus/devices/<UUID>/id Date: Jul 2009 KernelVersion: 2.6.31 Contact: K. Y. Srinivasan <kys(a)microsoft.com> Description: The VMBus child_relid of the device's primary channel Users: tools/hv/lsvmbus -What: /sys/bus/vmbus/devices/vmbus_*/class_id +What: /sys/bus/vmbus/devices/<UUID>/class_id Date: Jul 2009 KernelVersion: 2.6.31 Contact: K. Y. Srinivasan <kys(a)microsoft.com> Description: The VMBus interface type GUID of the device Users: tools/hv/lsvmbus -What: /sys/bus/vmbus/devices/vmbus_*/device_id +What: /sys/bus/vmbus/devices/<UUID>/device_id Date: Jul 2009 KernelVersion: 2.6.31 Contact: K. Y. Srinivasan <kys(a)microsoft.com> Description: The VMBus interface instance GUID of the device Users: tools/hv/lsvmbus -What: /sys/bus/vmbus/devices/vmbus_*/channel_vp_mapping +What: /sys/bus/vmbus/devices/<UUID>/channel_vp_mapping Date: Jul 2015 KernelVersion: 4.2.0 Contact: K. Y. Srinivasan <kys(a)microsoft.com> @@ -28,112 +28,112 @@ Description: The mapping of which primary/sub channels are bound to which Format: <channel's child_relid:the bound cpu's number> Users: tools/hv/lsvmbus -What: /sys/bus/vmbus/devices/vmbus_*/device +What: /sys/bus/vmbus/devices/<UUID>/device Date: Dec. 2015 KernelVersion: 4.5 Contact: K. Y. Srinivasan <kys(a)microsoft.com> Description: The 16 bit device ID of the device Users: tools/hv/lsvmbus and user level RDMA libraries -What: /sys/bus/vmbus/devices/vmbus_*/vendor +What: /sys/bus/vmbus/devices/<UUID>/vendor Date: Dec. 2015 KernelVersion: 4.5 Contact: K. Y. Srinivasan <kys(a)microsoft.com> Description: The 16 bit vendor ID of the device Users: tools/hv/lsvmbus and user level RDMA libraries -What: /sys/bus/vmbus/devices/vmbus_*/channels/NN +What: /sys/bus/vmbus/devices/<UUID>/channels/<N> Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin(a)microsoft.com> Description: Directory for per-channel information NN is the VMBUS relid associtated with the channel. -What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/cpu +What: /sys/bus/vmbus/devices/<UUID>/channels/<N>/cpu Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin(a)microsoft.com> Description: VCPU (sub)channel is affinitized to Users: tools/hv/lsvmbus and other debugging tools -What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/cpu +What: /sys/bus/vmbus/devices/<UUID>/channels/<N>/cpu Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin(a)microsoft.com> Description: VCPU (sub)channel is affinitized to Users: tools/hv/lsvmbus and other debugging tools -What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/in_mask +What: /sys/bus/vmbus/devices/<UUID>/channels/<N>/in_mask Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin(a)microsoft.com> Description: Host to guest channel interrupt mask Users: Debugging tools -What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/latency +What: /sys/bus/vmbus/devices/<UUID>/channels/<N>/latency Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin(a)microsoft.com> Description: Channel signaling latency Users: Debugging tools -What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/out_mask +What: /sys/bus/vmbus/devices/<UUID>/channels/<N>/out_mask Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin(a)microsoft.com> Description: Guest to host channel interrupt mask Users: Debugging tools -What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/pending +What: /sys/bus/vmbus/devices/<UUID>/channels/<N>/pending Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin(a)microsoft.com> Description: Channel interrupt pending state Users: Debugging tools -What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/read_avail +What: /sys/bus/vmbus/devices/<UUID>/channels/<N>/read_avail Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin(a)microsoft.com> Description: Bytes available to read Users: Debugging tools -What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/write_avail +What: /sys/bus/vmbus/devices/<UUID>/channels/<N>/write_avail Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin(a)microsoft.com> Description: Bytes available to write Users: Debugging tools -What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/events +What: /sys/bus/vmbus/devices/<UUID>/channels/<N>/events Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin(a)microsoft.com> Description: Number of times we have signaled the host Users: Debugging tools -What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/interrupts +What: /sys/bus/vmbus/devices/<UUID>/channels/<N>/interrupts Date: September. 2017 KernelVersion: 4.14 Contact: Stephen Hemminger <sthemmin(a)microsoft.com> Description: Number of times we have taken an interrupt (incoming) Users: Debugging tools -What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/subchannel_id +What: /sys/bus/vmbus/devices/<UUID>/channels/<N>/subchannel_id Date: January. 2018 KernelVersion: 4.16 Contact: Stephen Hemminger <sthemmin(a)microsoft.com> Description: Subchannel ID associated with VMBUS channel Users: Debugging tools and userspace drivers -What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/monitor_id +What: /sys/bus/vmbus/devices/<UUID>/channels/<N>/monitor_id Date: January. 2018 KernelVersion: 4.16 Contact: Stephen Hemminger <sthemmin(a)microsoft.com> Description: Monitor bit associated with channel Users: Debugging tools and userspace drivers -What: /sys/bus/vmbus/devices/vmbus_*/channels/NN/ring +What: /sys/bus/vmbus/devices/<UUID>/channels/<N>/ring Date: January. 2018 KernelVersion: 4.16 Contact: Stephen Hemminger <sthemmin(a)microsoft.com> -- 2.15.1

7 years, 1 month

1
0
0 0

[PATCH v2 03/12] arm: dts: mt7623: fix invalid memory node being generated

by sean.wang＠mediatek.com

From: Sean Wang <sean.wang(a)mediatek.com> Below two wrong nodes in existing DTS files would cause a fail boot since in fact the address 0 is not the correct place the memory device locates at. memory { device_type = "memory"; reg = <0x0 0x0 0x0 0x0>; }; memory@80000000 { reg = <0x0 0x80000000 0x0 0x40000000>; }; In order to avoid having a memory node starting at address 0, we can't include file skeleton64.dtsi and instead need to explicitly manually define a few of properties the DTS relies on such as #address-cells and #size-cells in root node and device_type in the node memory@80000000. Cc: stable(a)vger.kernel.org Fixes: 31ac0d69a1d4 ("ARM: dts: mediatek: add MT7623 basic support") Signed-off-by: Sean Wang <sean.wang(a)mediatek.com> Cc: Rob Herring <robh+dt(a)kernel.org> --- arch/arm/boot/dts/mt7623.dtsi | 3 ++- arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts | 1 + arch/arm/boot/dts/mt7623n-rfb.dtsi | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/arm/boot/dts/mt7623.dtsi b/arch/arm/boot/dts/mt7623.dtsi index fec4715..406a9f3 100644 --- a/arch/arm/boot/dts/mt7623.dtsi +++ b/arch/arm/boot/dts/mt7623.dtsi @@ -15,11 +15,12 @@ #include <dt-bindings/phy/phy.h> #include <dt-bindings/reset/mt2701-resets.h> #include <dt-bindings/thermal/thermal.h> -#include "skeleton64.dtsi" / { compatible = "mediatek,mt7623"; interrupt-parent = <&sysirq>; + #address-cells = <2>; + #size-cells = <2>; cpu_opp_table: opp-table { compatible = "operating-points-v2"; diff --git a/arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts b/arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts index bbf56f8..5938e4c 100644 --- a/arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts +++ b/arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts @@ -109,6 +109,7 @@ }; memory@80000000 { + device_type = "memory"; reg = <0 0x80000000 0 0x40000000>; }; }; diff --git a/arch/arm/boot/dts/mt7623n-rfb.dtsi b/arch/arm/boot/dts/mt7623n-rfb.dtsi index a199ae7..343e8ef 100644 --- a/arch/arm/boot/dts/mt7623n-rfb.dtsi +++ b/arch/arm/boot/dts/mt7623n-rfb.dtsi @@ -40,6 +40,7 @@ }; memory@80000000 { + device_type = "memory"; reg = <0 0x80000000 0 0x40000000>; }; -- 2.7.4

7 years, 1 month

3
2
0 0

patch "xhci: Fix use-after-free in xhci_free_virt_device" causes kernel crashes on 4.16.8 on unplug

by Jacob Saunders

On Linux kernel 4.16.8 (using Arch Linux) if I eject a USB 3.0 device from my system (unplug or "udisksctl power-off --block-device /dev/sde), it freezes instantly with a null pointer error in XHCI. I've been unable to successfully capture a kernel log of the error (and my cameras did not return usable results) and the screen begins scrolling near-immediately with hung processors in a VT. I have done a git bisection (between 4.16.7 and 4.16.7) narrowing it down to the following commit: commit f5331826b0b7a5f2db56a9020ddbb8ce16acdfc0 Author: Mathias Nyman <mathias.nyman(a)linux.intel.com> Date: Thu May 3 17:30:07 2018 +0300 xhci: Fix use-after-free in xhci_free_virt_device commit 44a182b9d17765514fa2b1cc911e4e65134eef93 upstream. KASAN found a use-after-free in xhci_free_virt_device+0x33b/0x38e where xhci_free_virt_device() sets slot id to 0 if udev exists: if (dev->udev && dev->udev->slot_id) dev->udev->slot_id = 0; dev->udev will be true even if udev is freed because dev->udev is not set to NULL. set dev->udev pointer to NULL in xhci_free_dev() The original patch went to stable so this fix needs to be applied there as well. Fixes: a400efe455f7 ("xhci: zero usb device slot_id member when disabling and freeing a xhci slot") Cc: <stable(a)vger.kernel.org> Reported-by: Guenter Roeck <linux(a)roeck-us.net> Reviewed-by: Guenter Roeck <linux(a)roeck-us.net> Tested-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> :040000 040000 356ecdc13bf252535bd51b8558a8173dae546f19 d28f201228652e87e51ba48f5a0ad4539cca5c29 M drivers Can I be CC'd on future responses to this? I am not subscribed to the list. Jacob Saunders

7 years, 1 month

2
1
0 0

[patch 10/13] mm, oom: fix concurrent munlock and oom reaper unmap, v3

by akpm＠linux-foundation.org

From: David Rientjes <rientjes(a)google.com> Subject: mm, oom: fix concurrent munlock and oom reaper unmap, v3 Since exit_mmap() is done without the protection of mm->mmap_sem, it is possible for the oom reaper to concurrently operate on an mm until MMF_OOM_SKIP is set. This allows munlock_vma_pages_all() to concurrently run while the oom reaper is operating on a vma. Since munlock_vma_pages_range() depends on clearing VM_LOCKED from vm_flags before actually doing the munlock to determine if any other vmas are locking the same memory, the check for VM_LOCKED in the oom reaper is racy. This is especially noticeable on architectures such as powerpc where clearing a huge pmd requires serialize_against_pte_lookup(). If the pmd is zapped by the oom reaper during follow_page_mask() after the check for pmd_none() is bypassed, this ends up deferencing a NULL ptl or a kernel oops. Fix this by manually freeing all possible memory from the mm before doing the munlock and then setting MMF_OOM_SKIP. The oom reaper can not run on the mm anymore so the munlock is safe to do in exit_mmap(). It also matches the logic that the oom reaper currently uses for determining when to set MMF_OOM_SKIP itself, so there's no new risk of excessive oom killing. This issue fixes CVE-2018-1000200. Link: http://lkml.kernel.org/r/alpine.DEB.2.21.1804241526320.238665@chino.kir.cor… Fixes: 212925802454 ("mm: oom: let oom_reap_task and exit_mmap run concurrently") Signed-off-by: David Rientjes <rientjes(a)google.com> Suggested-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/oom.h | 2 + mm/mmap.c | 44 +++++++++++++--------- mm/oom_kill.c | 81 ++++++++++++++++++++++-------------------- 3 files changed, 71 insertions(+), 56 deletions(-) diff -puN include/linux/oom.h~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap include/linux/oom.h --- a/include/linux/oom.h~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap +++ a/include/linux/oom.h @@ -95,6 +95,8 @@ static inline int check_stable_address_s return 0; } +void __oom_reap_task_mm(struct mm_struct *mm); + extern unsigned long oom_badness(struct task_struct *p, struct mem_cgroup *memcg, const nodemask_t *nodemask, unsigned long totalpages); diff -puN mm/mmap.c~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap mm/mmap.c --- a/mm/mmap.c~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap +++ a/mm/mmap.c @@ -3024,6 +3024,32 @@ void exit_mmap(struct mm_struct *mm) /* mm's last user has gone, and its about to be pulled down */ mmu_notifier_release(mm); + if (unlikely(mm_is_oom_victim(mm))) { + /* + * Manually reap the mm to free as much memory as possible. + * Then, as the oom reaper does, set MMF_OOM_SKIP to disregard + * this mm from further consideration. Taking mm->mmap_sem for + * write after setting MMF_OOM_SKIP will guarantee that the oom + * reaper will not run on this mm again after mmap_sem is + * dropped. + * + * Nothing can be holding mm->mmap_sem here and the above call + * to mmu_notifier_release(mm) ensures mmu notifier callbacks in + * __oom_reap_task_mm() will not block. + * + * This needs to be done before calling munlock_vma_pages_all(), + * which clears VM_LOCKED, otherwise the oom reaper cannot + * reliably test it. + */ + mutex_lock(&oom_lock); + __oom_reap_task_mm(mm); + mutex_unlock(&oom_lock); + + set_bit(MMF_OOM_SKIP, &mm->flags); + down_write(&mm->mmap_sem); + up_write(&mm->mmap_sem); + } + if (mm->locked_vm) { vma = mm->mmap; while (vma) { @@ -3045,24 +3071,6 @@ void exit_mmap(struct mm_struct *mm) /* update_hiwater_rss(mm) here? but nobody should be looking */ /* Use -1 here to ensure all VMAs in the mm are unmapped */ unmap_vmas(&tlb, vma, 0, -1); - - if (unlikely(mm_is_oom_victim(mm))) { - /* - * Wait for oom_reap_task() to stop working on this - * mm. Because MMF_OOM_SKIP is already set before - * calling down_read(), oom_reap_task() will not run - * on this "mm" post up_write(). - * - * mm_is_oom_victim() cannot be set from under us - * either because victim->mm is already set to NULL - * under task_lock before calling mmput and oom_mm is - * set not NULL by the OOM killer only if victim->mm - * is found not NULL while holding the task_lock. - */ - set_bit(MMF_OOM_SKIP, &mm->flags); - down_write(&mm->mmap_sem); - up_write(&mm->mmap_sem); - } free_pgtables(&tlb, vma, FIRST_USER_ADDRESS, USER_PGTABLES_CEILING); tlb_finish_mmu(&tlb, 0, -1); diff -puN mm/oom_kill.c~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap mm/oom_kill.c --- a/mm/oom_kill.c~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap +++ a/mm/oom_kill.c @@ -469,7 +469,6 @@ bool process_shares_mm(struct task_struc return false; } - #ifdef CONFIG_MMU /* * OOM Reaper kernel thread which tries to reap the memory used by the OOM @@ -480,16 +479,54 @@ static DECLARE_WAIT_QUEUE_HEAD(oom_reape static struct task_struct *oom_reaper_list; static DEFINE_SPINLOCK(oom_reaper_lock); -static bool __oom_reap_task_mm(struct task_struct *tsk, struct mm_struct *mm) +void __oom_reap_task_mm(struct mm_struct *mm) { - struct mmu_gather tlb; struct vm_area_struct *vma; + + /* + * Tell all users of get_user/copy_from_user etc... that the content + * is no longer stable. No barriers really needed because unmapping + * should imply barriers already and the reader would hit a page fault + * if it stumbled over a reaped memory. + */ + set_bit(MMF_UNSTABLE, &mm->flags); + + for (vma = mm->mmap ; vma; vma = vma->vm_next) { + if (!can_madv_dontneed_vma(vma)) + continue; + + /* + * Only anonymous pages have a good chance to be dropped + * without additional steps which we cannot afford as we + * are OOM already. + * + * We do not even care about fs backed pages because all + * which are reclaimable have already been reclaimed and + * we do not want to block exit_mmap by keeping mm ref + * count elevated without a good reason. + */ + if (vma_is_anonymous(vma) || !(vma->vm_flags & VM_SHARED)) { + const unsigned long start = vma->vm_start; + const unsigned long end = vma->vm_end; + struct mmu_gather tlb; + + tlb_gather_mmu(&tlb, mm, start, end); + mmu_notifier_invalidate_range_start(mm, start, end); + unmap_page_range(&tlb, vma, start, end, NULL); + mmu_notifier_invalidate_range_end(mm, start, end); + tlb_finish_mmu(&tlb, start, end); + } + } +} + +static bool oom_reap_task_mm(struct task_struct *tsk, struct mm_struct *mm) +{ bool ret = true; /* * We have to make sure to not race with the victim exit path * and cause premature new oom victim selection: - * __oom_reap_task_mm exit_mm + * oom_reap_task_mm exit_mm * mmget_not_zero * mmput * atomic_dec_and_test @@ -534,39 +571,8 @@ static bool __oom_reap_task_mm(struct ta trace_start_task_reaping(tsk->pid); - /* - * Tell all users of get_user/copy_from_user etc... that the content - * is no longer stable. No barriers really needed because unmapping - * should imply barriers already and the reader would hit a page fault - * if it stumbled over a reaped memory. - */ - set_bit(MMF_UNSTABLE, &mm->flags); - - for (vma = mm->mmap ; vma; vma = vma->vm_next) { - if (!can_madv_dontneed_vma(vma)) - continue; + __oom_reap_task_mm(mm); - /* - * Only anonymous pages have a good chance to be dropped - * without additional steps which we cannot afford as we - * are OOM already. - * - * We do not even care about fs backed pages because all - * which are reclaimable have already been reclaimed and - * we do not want to block exit_mmap by keeping mm ref - * count elevated without a good reason. - */ - if (vma_is_anonymous(vma) || !(vma->vm_flags & VM_SHARED)) { - const unsigned long start = vma->vm_start; - const unsigned long end = vma->vm_end; - - tlb_gather_mmu(&tlb, mm, start, end); - mmu_notifier_invalidate_range_start(mm, start, end); - unmap_page_range(&tlb, vma, start, end, NULL); - mmu_notifier_invalidate_range_end(mm, start, end); - tlb_finish_mmu(&tlb, start, end); - } - } pr_info("oom_reaper: reaped process %d (%s), now anon-rss:%lukB, file-rss:%lukB, shmem-rss:%lukB\n", task_pid_nr(tsk), tsk->comm, K(get_mm_counter(mm, MM_ANONPAGES)), @@ -587,14 +593,13 @@ static void oom_reap_task(struct task_st struct mm_struct *mm = tsk->signal->oom_mm; /* Retry the down_read_trylock(mmap_sem) a few times */ - while (attempts++ < MAX_OOM_REAP_RETRIES && !__oom_reap_task_mm(tsk, mm)) + while (attempts++ < MAX_OOM_REAP_RETRIES && !oom_reap_task_mm(tsk, mm)) schedule_timeout_idle(HZ/10); if (attempts <= MAX_OOM_REAP_RETRIES || test_bit(MMF_OOM_SKIP, &mm->flags)) goto done; - pr_info("oom_reaper: unable to reap pid:%d (%s)\n", task_pid_nr(tsk), tsk->comm); debug_show_all_locks(); _

7 years, 1 month

1
0
0 0

[patch 06/13] mm: sections are not offlined during memory hotremove

by akpm＠linux-foundation.org

From: Pavel Tatashin <pasha.tatashin(a)oracle.com> Subject: mm: sections are not offlined during memory hotremove Memory hotplug and hotremove operate with per-block granularity. If the machine has a large amount of memory (more than 64G), the size of a memory block can span multiple sections. By mistake, during hotremove we set only the first section to offline state. The bug was discovered because kernel selftest started to fail: https://lkml.kernel.org/r/20180423011247.GK5563@yexl-desktop After commit, "mm/memory_hotplug: optimize probe routine". But, the bug is older than this commit. In this optimization we also added a check for sections to be in a proper state during hotplug operation. Link: http://lkml.kernel.org/r/20180427145257.15222-1-pasha.tatashin@oracle.com Fixes: 2d070eab2e82 ("mm: consider zone which is not fully populated to have holes") Signed-off-by: Pavel Tatashin <pasha.tatashin(a)oracle.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Steven Sistare <steven.sistare(a)oracle.com> Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com> Cc: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/sparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN mm/sparse.c~mm-sections-are-not-offlined-during-memory-hotremove mm/sparse.c --- a/mm/sparse.c~mm-sections-are-not-offlined-during-memory-hotremove +++ a/mm/sparse.c @@ -629,7 +629,7 @@ void offline_mem_sections(unsigned long unsigned long pfn; for (pfn = start_pfn; pfn < end_pfn; pfn += PAGES_PER_SECTION) { - unsigned long section_nr = pfn_to_section_nr(start_pfn); + unsigned long section_nr = pfn_to_section_nr(pfn); struct mem_section *ms; /* _

7 years, 1 month

1
0
0 0

[patch 05/13] z3fold: fix reclaim lock-ups

by akpm＠linux-foundation.org

From: Vitaly Wool <vitalywool(a)gmail.com> Subject: z3fold: fix reclaim lock-ups Do not try to optimize in-page object layout while the page is under reclaim. This fixes lock-ups on reclaim and improves reclaim performance at the same time. [akpm(a)linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/20180430125800.444cae9706489f412ad12621@gmail.com Signed-off-by: Vitaly Wool <vitaly.vul(a)sony.com> Reported-by: Guenter Roeck <linux(a)roeck-us.net> Tested-by: Guenter Roeck <linux(a)roeck-us.net> Cc: <Oleksiy.Avramchenko(a)sony.com> Cc: Matthew Wilcox <mawilcox(a)microsoft.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/z3fold.c | 42 ++++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) diff -puN mm/z3fold.c~z3fold-fix-reclaim-lock-ups mm/z3fold.c --- a/mm/z3fold.c~z3fold-fix-reclaim-lock-ups +++ a/mm/z3fold.c @@ -144,7 +144,8 @@ enum z3fold_page_flags { PAGE_HEADLESS = 0, MIDDLE_CHUNK_MAPPED, NEEDS_COMPACTING, - PAGE_STALE + PAGE_STALE, + UNDER_RECLAIM }; /***************** @@ -173,6 +174,7 @@ static struct z3fold_header *init_z3fold clear_bit(MIDDLE_CHUNK_MAPPED, &page->private); clear_bit(NEEDS_COMPACTING, &page->private); clear_bit(PAGE_STALE, &page->private); + clear_bit(UNDER_RECLAIM, &page->private); spin_lock_init(&zhdr->page_lock); kref_init(&zhdr->refcount); @@ -756,6 +758,10 @@ static void z3fold_free(struct z3fold_po atomic64_dec(&pool->pages_nr); return; } + if (test_bit(UNDER_RECLAIM, &page->private)) { + z3fold_page_unlock(zhdr); + return; + } if (test_and_set_bit(NEEDS_COMPACTING, &page->private)) { z3fold_page_unlock(zhdr); return; @@ -840,6 +846,8 @@ static int z3fold_reclaim_page(struct z3 kref_get(&zhdr->refcount); list_del_init(&zhdr->buddy); zhdr->cpu = -1; + set_bit(UNDER_RECLAIM, &page->private); + break; } list_del_init(&page->lru); @@ -887,25 +895,35 @@ static int z3fold_reclaim_page(struct z3 goto next; } next: - spin_lock(&pool->lock); if (test_bit(PAGE_HEADLESS, &page->private)) { if (ret == 0) { - spin_unlock(&pool->lock); free_z3fold_page(page); return 0; } - } else if (kref_put(&zhdr->refcount, release_z3fold_page)) { - atomic64_dec(&pool->pages_nr); + spin_lock(&pool->lock); + list_add(&page->lru, &pool->lru); + spin_unlock(&pool->lock); + } else { + z3fold_page_lock(zhdr); + clear_bit(UNDER_RECLAIM, &page->private); + if (kref_put(&zhdr->refcount, + release_z3fold_page_locked)) { + atomic64_dec(&pool->pages_nr); + return 0; + } + /* + * if we are here, the page is still not completely + * free. Take the global pool lock then to be able + * to add it back to the lru list + */ + spin_lock(&pool->lock); + list_add(&page->lru, &pool->lru); spin_unlock(&pool->lock); - return 0; + z3fold_page_unlock(zhdr); } - /* - * Add to the beginning of LRU. - * Pool lock has to be kept here to ensure the page has - * not already been released - */ - list_add(&page->lru, &pool->lru); + /* We started off locked to we need to lock the pool back */ + spin_lock(&pool->lock); } spin_unlock(&pool->lock); return -EAGAIN; _

7 years, 1 month

1
0
0 0

Re: [PATCH] drm/i915/oa: Disable OA on Haswell

by Chris Wilson

Quoting Lionel Landwerlin (2018-05-11 18:41:28) > On 11/05/18 16:51, Chris Wilson wrote: > > But I can't even startup a gdm on that machine with drm-tip. So maybe > there is some much more broken... > > Don't leave us in suspense... > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890614 > > > Not our bug :) You would not believe how relieved I am that someone else has bugs in their code. -Chris

7 years, 1 month

1
0
0 0

[GIT PULL] tracing: Fix regex_match_front() to not over compare the test string

by Steven Rostedt

Linus, Working on some new updates to trace filtering, I noticed that the regex_match_front() test was updated to be limited to the size of the pattern instead of the full test string. But as the test string is not guaranteed to be nul terminated, it still needs to consider the size of the test string. Please pull the latest trace-v4.17-rc4 tree, which can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git trace-v4.17-rc4 Tag SHA1: cb82e07247fa5f1a91940a2928fb260256727a14 Head SHA1: dc432c3d7f9bceb3de6f5b44fb9c657c9810ed6d Steven Rostedt (VMware) (1): tracing: Fix regex_match_front() to not over compare the test string ---- kernel/trace/trace_events_filter.c | 3 +++ 1 file changed, 3 insertions(+) --------------------------- commit dc432c3d7f9bceb3de6f5b44fb9c657c9810ed6d Author: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Date: Wed May 9 11:59:32 2018 -0400 tracing: Fix regex_match_front() to not over compare the test string The regex match function regex_match_front() in the tracing filter logic, was fixed to test just the pattern length from testing the entire test string. That is, it went from strncmp(str, r->pattern, len) to strcmp(str, r->pattern, r->len). The issue is that str is not guaranteed to be nul terminated, and if r->len is greater than the length of str, it can access more memory than is allocated. The solution is to add a simple test if (len < r->len) return 0. Cc: stable(a)vger.kernel.org Fixes: 285caad415f45 ("tracing/filters: Fix MATCH_FRONT_ONLY filter matching") Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c index 1f951b3df60c..7d306b74230f 100644 --- a/kernel/trace/trace_events_filter.c +++ b/kernel/trace/trace_events_filter.c @@ -762,6 +762,9 @@ static int regex_match_full(char *str, struct regex *r, int len) static int regex_match_front(char *str, struct regex *r, int len) { + if (len < r->len) + return 0; + if (strncmp(str, r->pattern, r->len) == 0) return 1; return 0;

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] test_firmware: fix setting old custom fw path back on exit, " failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e538409257d0217a9bc715686100a5328db75a15 Mon Sep 17 00:00:00 2001 From: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Date: Wed, 4 Apr 2018 22:38:49 +0200 Subject: [PATCH] test_firmware: fix setting old custom fw path back on exit, second try Commit 65c79230576 tried to clear the custom firmware path on exit by writing a single space to the firmware_class.path parameter. This doesn't work because nothing strips this space from the value stored and fw_get_filesystem_firmware() only ignores zero-length paths. Instead, write a null byte. Fixes: 0a8adf58475 ("test: add firmware_class loader test") Fixes: 65c79230576 ("test_firmware: fix setting old custom fw path back on exit") Signed-off-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Acked-by: Luis R. Rodriguez <mcgrof(a)kernel.org> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/tools/testing/selftests/firmware/fw_lib.sh b/tools/testing/selftests/firmware/fw_lib.sh index 9ea31b57d71a..962d7f4ac627 100755 --- a/tools/testing/selftests/firmware/fw_lib.sh +++ b/tools/testing/selftests/firmware/fw_lib.sh @@ -154,11 +154,13 @@ test_finish() if [ "$HAS_FW_LOADER_USER_HELPER" = "yes" ]; then echo "$OLD_TIMEOUT" >/sys/class/firmware/timeout fi - if [ "$OLD_FWPATH" = "" ]; then - OLD_FWPATH=" " - fi if [ "$TEST_REQS_FW_SET_CUSTOM_PATH" = "yes" ]; then - echo -n "$OLD_FWPATH" >/sys/module/firmware_class/parameters/path + if [ "$OLD_FWPATH" = "" ]; then + # A zero-length write won't work; write a null byte + printf '\000' >/sys/module/firmware_class/parameters/path + else + echo -n "$OLD_FWPATH" >/sys/module/firmware_class/parameters/path + fi fi if [ -f $FW ]; then rm -f "$FW"

7 years, 1 month

3
3
0 0

[PATCH 4/4] KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls

by Andre Przywara

kvm_read_guest() will eventually look up in kvm_memslots(), which requires either to hold the kvm->slots_lock or to be inside a kvm->srcu critical section. In contrast to x86 and s390 we don't take the SRCU lock on every guest exit, so we have to do it individually for each kvm_read_guest() call. Use the newly introduced wrapper for that. Cc: Stable <stable(a)vger.kernel.org> # 4.12+ Reported-by: Jan Glauber <jan.glauber(a)caviumnetworks.com> Signed-off-by: Andre Przywara <andre.przywara(a)arm.com> --- virt/kvm/arm/vgic/vgic-its.c | 4 ++-- virt/kvm/arm/vgic/vgic-v3.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c index 7cb060e01a76..4ed79c939fb4 100644 --- a/virt/kvm/arm/vgic/vgic-its.c +++ b/virt/kvm/arm/vgic/vgic-its.c @@ -1897,7 +1897,7 @@ static int scan_its_table(struct vgic_its *its, gpa_t base, int size, int esz, int next_offset; size_t byte_offset; - ret = kvm_read_guest(kvm, gpa, entry, esz); + ret = kvm_read_guest_lock(kvm, gpa, entry, esz); if (ret) return ret; @@ -2267,7 +2267,7 @@ static int vgic_its_restore_cte(struct vgic_its *its, gpa_t gpa, int esz) int ret; BUG_ON(esz > sizeof(val)); - ret = kvm_read_guest(kvm, gpa, &val, esz); + ret = kvm_read_guest_lock(kvm, gpa, &val, esz); if (ret) return ret; val = le64_to_cpu(val); diff --git a/virt/kvm/arm/vgic/vgic-v3.c b/virt/kvm/arm/vgic/vgic-v3.c index c7423f3768e5..bdcf8e7a6161 100644 --- a/virt/kvm/arm/vgic/vgic-v3.c +++ b/virt/kvm/arm/vgic/vgic-v3.c @@ -344,7 +344,7 @@ int vgic_v3_lpi_sync_pending_status(struct kvm *kvm, struct vgic_irq *irq) bit_nr = irq->intid % BITS_PER_BYTE; ptr = pendbase + byte_offset; - ret = kvm_read_guest(kvm, ptr, &val, 1); + ret = kvm_read_guest_lock(kvm, ptr, &val, 1); if (ret) return ret; @@ -397,7 +397,7 @@ int vgic_v3_save_pending_tables(struct kvm *kvm) ptr = pendbase + byte_offset; if (byte_offset != last_byte_offset) { - ret = kvm_read_guest(kvm, ptr, &val, 1); + ret = kvm_read_guest_lock(kvm, ptr, &val, 1); if (ret) return ret; last_byte_offset = byte_offset; -- 2.14.1

7 years, 1 month

1
0
0 0

[PATCH 3/4] KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock

by Andre Przywara

kvm_read_guest() will eventually look up in kvm_memslots(), which requires either to hold the kvm->slots_lock or to be inside a kvm->srcu critical section. In contrast to x86 and s390 we don't take the SRCU lock on every guest exit, so we have to do it individually for each kvm_read_guest() call. Provide a wrapper which does that and use that everywhere. Note that ending the SRCU critical section before returning from the kvm_read_guest() wrapper is safe, because the data has been *copied*, so we don't need to rely on valid references to the memslot anymore. Cc: Stable <stable(a)vger.kernel.org> # 4.8+ Reported-by: Jan Glauber <jan.glauber(a)caviumnetworks.com> Signed-off-by: Andre Przywara <andre.przywara(a)arm.com> --- arch/arm/include/asm/kvm_mmu.h | 16 ++++++++++++++++ arch/arm64/include/asm/kvm_mmu.h | 16 ++++++++++++++++ virt/kvm/arm/vgic/vgic-its.c | 15 ++++++++------- 3 files changed, 40 insertions(+), 7 deletions(-) diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h index 707a1f06dc5d..f675162663f0 100644 --- a/arch/arm/include/asm/kvm_mmu.h +++ b/arch/arm/include/asm/kvm_mmu.h @@ -309,6 +309,22 @@ static inline unsigned int kvm_get_vmid_bits(void) return 8; } +/* + * We are not in the kvm->srcu critical section most of the time, so we take + * the SRCU read lock here. Since we copy the data from the user page, we + * can immediately drop the lock again. + */ +static inline int kvm_read_guest_lock(struct kvm *kvm, + gpa_t gpa, void *data, unsigned long len) +{ + int srcu_idx = srcu_read_lock(&kvm->srcu); + int ret = kvm_read_guest(kvm, gpa, data, len); + + srcu_read_unlock(&kvm->srcu, srcu_idx); + + return ret; +} + static inline void *kvm_get_hyp_vector(void) { return kvm_ksym_ref(__kvm_hyp_vector); diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h index 082110993647..6128992c2ded 100644 --- a/arch/arm64/include/asm/kvm_mmu.h +++ b/arch/arm64/include/asm/kvm_mmu.h @@ -360,6 +360,22 @@ static inline unsigned int kvm_get_vmid_bits(void) return (cpuid_feature_extract_unsigned_field(reg, ID_AA64MMFR1_VMIDBITS_SHIFT) == 2) ? 16 : 8; } +/* + * We are not in the kvm->srcu critical section most of the time, so we take + * the SRCU read lock here. Since we copy the data from the user page, we + * can immediately drop the lock again. + */ +static inline int kvm_read_guest_lock(struct kvm *kvm, + gpa_t gpa, void *data, unsigned long len) +{ + int srcu_idx = srcu_read_lock(&kvm->srcu); + int ret = kvm_read_guest(kvm, gpa, data, len); + + srcu_read_unlock(&kvm->srcu, srcu_idx); + + return ret; +} + #ifdef CONFIG_KVM_INDIRECT_VECTORS /* * EL2 vectors can be mapped and rerouted in a number of ways, diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c index 51a80b600632..7cb060e01a76 100644 --- a/virt/kvm/arm/vgic/vgic-its.c +++ b/virt/kvm/arm/vgic/vgic-its.c @@ -281,8 +281,8 @@ static int update_lpi_config(struct kvm *kvm, struct vgic_irq *irq, int ret; unsigned long flags; - ret = kvm_read_guest(kvm, propbase + irq->intid - GIC_LPI_OFFSET, - &prop, 1); + ret = kvm_read_guest_lock(kvm, propbase + irq->intid - GIC_LPI_OFFSET, + &prop, 1); if (ret) return ret; @@ -444,8 +444,9 @@ static int its_sync_lpi_pending_table(struct kvm_vcpu *vcpu) * this very same byte in the last iteration. Reuse that. */ if (byte_offset != last_byte_offset) { - ret = kvm_read_guest(vcpu->kvm, pendbase + byte_offset, - &pendmask, 1); + ret = kvm_read_guest_lock(vcpu->kvm, + pendbase + byte_offset, + &pendmask, 1); if (ret) { kfree(intids); return ret; @@ -789,7 +790,7 @@ static bool vgic_its_check_id(struct vgic_its *its, u64 baser, u32 id, return false; /* Each 1st level entry is represented by a 64-bit value. */ - if (kvm_read_guest(its->dev->kvm, + if (kvm_read_guest_lock(its->dev->kvm, BASER_ADDRESS(baser) + index * sizeof(indirect_ptr), &indirect_ptr, sizeof(indirect_ptr))) return false; @@ -1370,8 +1371,8 @@ static void vgic_its_process_commands(struct kvm *kvm, struct vgic_its *its) cbaser = CBASER_ADDRESS(its->cbaser); while (its->cwriter != its->creadr) { - int ret = kvm_read_guest(kvm, cbaser + its->creadr, - cmd_buf, ITS_CMD_SIZE); + int ret = kvm_read_guest_lock(kvm, cbaser + its->creadr, + cmd_buf, ITS_CMD_SIZE); /* * If kvm_read_guest() fails, this could be due to the guest * programming a bogus value in CBASER or something else going -- 2.14.1

7 years, 1 month

1
0
0 0

[PATCH 2/4] KVM: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity

by Andre Przywara

Apparently the development of update_affinity() overlapped with the promotion of irq_lock to be _irqsave, so the patch didn't convert this lock over. This will make lockdep complain. Fix this by disabling IRQs around the lock. Cc: stable(a)vger.kernel.org Fixes: 08c9fd042117 ("KVM: arm/arm64: vITS: Add a helper to update the affinity of an LPI") Reported-by: Jan Glauber <jan.glauber(a)caviumnetworks.com> Signed-off-by: Andre Przywara <andre.przywara(a)arm.com> --- virt/kvm/arm/vgic/vgic-its.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c index 41abf92f2699..51a80b600632 100644 --- a/virt/kvm/arm/vgic/vgic-its.c +++ b/virt/kvm/arm/vgic/vgic-its.c @@ -350,10 +350,11 @@ static int vgic_copy_lpi_list(struct kvm_vcpu *vcpu, u32 **intid_ptr) static int update_affinity(struct vgic_irq *irq, struct kvm_vcpu *vcpu) { int ret = 0; + unsigned long flags; - spin_lock(&irq->irq_lock); + spin_lock_irqsave(&irq->irq_lock, flags); irq->target_vcpu = vcpu; - spin_unlock(&irq->irq_lock); + spin_unlock_irqrestore(&irq->irq_lock, flags); if (irq->hw) { struct its_vlpi_map map; -- 2.14.1

7 years, 1 month

1
0
0 0

[PATCH 1/4] KVM: arm/arm64: Properly protect VGIC locks from IRQs

by Andre Przywara

As Jan reported [1], lockdep complains about the VGIC not being bullet proof. This seems to be due to two issues: - When commit 006df0f34930 ("KVM: arm/arm64: Support calling vgic_update_irq_pending from irq context") promoted irq_lock and ap_list_lock to _irqsave, we forgot two instances of irq_lock. lockdeps seems to pick those up. - If a lock is _irqsave, any other locks we take inside them should be _irqsafe as well. So the lpi_list_lock needs to be promoted also. This fixes both issues by simply making the remaining instances of those locks _irqsave. One irq_lock is addressed in a separate patch, to simplify backporting. Cc: stable(a)vger.kernel.org Fixes: 006df0f34930 ("KVM: arm/arm64: Support calling vgic_update_irq_pending from irq context") Reported-by: Jan Glauber <jan.glauber(a)caviumnetworks.com> Signed-off-by: Andre Przywara <andre.przywara(a)arm.com> [1] http://lists.infradead.org/pipermail/linux-arm-kernel/2018-May/575718.html --- virt/kvm/arm/vgic/vgic-debug.c | 5 +++-- virt/kvm/arm/vgic/vgic-its.c | 10 ++++++---- virt/kvm/arm/vgic/vgic.c | 22 ++++++++++++++-------- 3 files changed, 23 insertions(+), 14 deletions(-) diff --git a/virt/kvm/arm/vgic/vgic-debug.c b/virt/kvm/arm/vgic/vgic-debug.c index 10b38178cff2..4ffc0b5e6105 100644 --- a/virt/kvm/arm/vgic/vgic-debug.c +++ b/virt/kvm/arm/vgic/vgic-debug.c @@ -211,6 +211,7 @@ static int vgic_debug_show(struct seq_file *s, void *v) struct vgic_state_iter *iter = (struct vgic_state_iter *)v; struct vgic_irq *irq; struct kvm_vcpu *vcpu = NULL; + unsigned long flags; if (iter->dist_id == 0) { print_dist_state(s, &kvm->arch.vgic); @@ -227,9 +228,9 @@ static int vgic_debug_show(struct seq_file *s, void *v) irq = &kvm->arch.vgic.spis[iter->intid - VGIC_NR_PRIVATE_IRQS]; } - spin_lock(&irq->irq_lock); + spin_lock_irqsave(&irq->irq_lock, flags); print_irq_state(s, irq, vcpu); - spin_unlock(&irq->irq_lock); + spin_unlock_irqrestore(&irq->irq_lock, flags); return 0; } diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c index a8f07243aa9f..41abf92f2699 100644 --- a/virt/kvm/arm/vgic/vgic-its.c +++ b/virt/kvm/arm/vgic/vgic-its.c @@ -52,6 +52,7 @@ static struct vgic_irq *vgic_add_lpi(struct kvm *kvm, u32 intid, { struct vgic_dist *dist = &kvm->arch.vgic; struct vgic_irq *irq = vgic_get_irq(kvm, NULL, intid), *oldirq; + unsigned long flags; int ret; /* In this case there is no put, since we keep the reference. */ @@ -71,7 +72,7 @@ static struct vgic_irq *vgic_add_lpi(struct kvm *kvm, u32 intid, irq->intid = intid; irq->target_vcpu = vcpu; - spin_lock(&dist->lpi_list_lock); + spin_lock_irqsave(&dist->lpi_list_lock, flags); /* * There could be a race with another vgic_add_lpi(), so we need to @@ -99,7 +100,7 @@ static struct vgic_irq *vgic_add_lpi(struct kvm *kvm, u32 intid, dist->lpi_list_count++; out_unlock: - spin_unlock(&dist->lpi_list_lock); + spin_unlock_irqrestore(&dist->lpi_list_lock, flags); /* * We "cache" the configuration table entries in our struct vgic_irq's. @@ -315,6 +316,7 @@ static int vgic_copy_lpi_list(struct kvm_vcpu *vcpu, u32 **intid_ptr) { struct vgic_dist *dist = &vcpu->kvm->arch.vgic; struct vgic_irq *irq; + unsigned long flags; u32 *intids; int irq_count, i = 0; @@ -330,7 +332,7 @@ static int vgic_copy_lpi_list(struct kvm_vcpu *vcpu, u32 **intid_ptr) if (!intids) return -ENOMEM; - spin_lock(&dist->lpi_list_lock); + spin_lock_irqsave(&dist->lpi_list_lock, flags); list_for_each_entry(irq, &dist->lpi_list_head, lpi_list) { if (i == irq_count) break; @@ -339,7 +341,7 @@ static int vgic_copy_lpi_list(struct kvm_vcpu *vcpu, u32 **intid_ptr) continue; intids[i++] = irq->intid; } - spin_unlock(&dist->lpi_list_lock); + spin_unlock_irqrestore(&dist->lpi_list_lock, flags); *intid_ptr = intids; return i; diff --git a/virt/kvm/arm/vgic/vgic.c b/virt/kvm/arm/vgic/vgic.c index 27219313a406..1dfb5b2f1b12 100644 --- a/virt/kvm/arm/vgic/vgic.c +++ b/virt/kvm/arm/vgic/vgic.c @@ -43,9 +43,13 @@ struct vgic_global kvm_vgic_global_state __ro_after_init = { * kvm->lock (mutex) * its->cmd_lock (mutex) * its->its_lock (mutex) - * vgic_cpu->ap_list_lock - * kvm->lpi_list_lock - * vgic_irq->irq_lock + * vgic_cpu->ap_list_lock must be taken with IRQs disabled + * kvm->lpi_list_lock must be taken with IRQs disabled + * vgic_irq->irq_lock must be taken with IRQs disabled + * + * As the ap_list_lock might be taken from the timer interrupt handler, + * we have to disable IRQs before taking this lock and everything lower + * than it. * * If you need to take multiple locks, always take the upper lock first, * then the lower ones, e.g. first take the its_lock, then the irq_lock. @@ -72,8 +76,9 @@ static struct vgic_irq *vgic_get_lpi(struct kvm *kvm, u32 intid) { struct vgic_dist *dist = &kvm->arch.vgic; struct vgic_irq *irq = NULL; + unsigned long flags; - spin_lock(&dist->lpi_list_lock); + spin_lock_irqsave(&dist->lpi_list_lock, flags); list_for_each_entry(irq, &dist->lpi_list_head, lpi_list) { if (irq->intid != intid) @@ -89,7 +94,7 @@ static struct vgic_irq *vgic_get_lpi(struct kvm *kvm, u32 intid) irq = NULL; out_unlock: - spin_unlock(&dist->lpi_list_lock); + spin_unlock_irqrestore(&dist->lpi_list_lock, flags); return irq; } @@ -134,19 +139,20 @@ static void vgic_irq_release(struct kref *ref) void vgic_put_irq(struct kvm *kvm, struct vgic_irq *irq) { struct vgic_dist *dist = &kvm->arch.vgic; + unsigned long flags; if (irq->intid < VGIC_MIN_LPI) return; - spin_lock(&dist->lpi_list_lock); + spin_lock_irqsave(&dist->lpi_list_lock, flags); if (!kref_put(&irq->refcount, vgic_irq_release)) { - spin_unlock(&dist->lpi_list_lock); + spin_unlock_irqrestore(&dist->lpi_list_lock, flags); return; }; list_del(&irq->lpi_list); dist->lpi_list_count--; - spin_unlock(&dist->lpi_list_lock); + spin_unlock_irqrestore(&dist->lpi_list_lock, flags); kfree(irq); } -- 2.14.1

7 years, 1 month

1
0
0 0

[PATCH] [stable 4.14] arm64: Add work around for Arm Cortex-A55 Erratum 1024718

by Suzuki K Poulose

commit ece1397cbc89c51914fae1aec729539cfd8bd62b upstream Some variants of the Arm Cortex-55 cores (r0p0, r0p1, r1p0) suffer from an erratum 1024718, which causes incorrect updates when DBM/AP bits in a page table entry is modified without a break-before-make sequence. The work around is to disable the hardware DBM feature on the affected cores. The hardware Access Flag management features is not affected. The hardware DBM feature is a non-conflicting capability, i.e, the kernel could handle cores using the feature and those without having the features running at the same time. So this work around is detected at early boot time, rather than delaying it until the CPUs are brought up into the kernel with MMU turned on. This also avoids other complexities with late CPUs turning online, with or without the hardware DBM features. Cc: stable(a)vger.kernel.org # v4.14 Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> --- Note: The upstream commit is on top of a reworked capability infrastructure for arm64 heterogeneous systems, which allows delaying the CPU model checks. This backport is based on the original version of the patch [0], which checks the affected CPU models during the early boot. [0] https://lkml.kernel.org/r/20180116102323.3470-1-suzuki.poulose@arm.com --- Documentation/arm64/silicon-errata.txt | 1 + arch/arm64/Kconfig | 14 ++++++++++++ arch/arm64/include/asm/assembler.h | 40 ++++++++++++++++++++++++++++++++++ arch/arm64/include/asm/cputype.h | 2 ++ arch/arm64/mm/proc.S | 5 +++++ 5 files changed, 62 insertions(+) diff --git a/Documentation/arm64/silicon-errata.txt b/Documentation/arm64/silicon-errata.txt index f3d0d31..e4fe6ad 100644 --- a/Documentation/arm64/silicon-errata.txt +++ b/Documentation/arm64/silicon-errata.txt @@ -55,6 +55,7 @@ stable kernels. | ARM | Cortex-A57 | #834220 | ARM64_ERRATUM_834220 | | ARM | Cortex-A72 | #853709 | N/A | | ARM | Cortex-A73 | #858921 | ARM64_ERRATUM_858921 | +| ARM | Cortex-A55 | #1024718 | ARM64_ERRATUM_1024718 | | ARM | MMU-500 | #841119,#826419 | N/A | | | | | | | Cavium | ThunderX ITS | #22375, #24313 | CAVIUM_ERRATUM_22375 | diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index c2abb4e..2d5f7ac 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -443,6 +443,20 @@ config ARM64_ERRATUM_843419 If unsure, say Y. +config ARM64_ERRATUM_1024718 + bool "Cortex-A55: 1024718: Update of DBM/AP bits without break before make might result in incorrect update" + default y + help + This option adds work around for Arm Cortex-A55 Erratum 1024718. + + Affected Cortex-A55 cores (r0p0, r0p1, r1p0) could cause incorrect + update of the hardware dirty bit when the DBM/AP bits are updated + without a break-before-make. The work around is to disable the usage + of hardware DBM locally on the affected cores. CPUs not affected by + erratum will continue to use the feature. + + If unsure, say Y. + config CAVIUM_ERRATUM_22375 bool "Cavium erratum 22375, 24313" default y diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h index 463619d..25b2a41 100644 --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -25,6 +25,7 @@ #include <asm/asm-offsets.h> #include <asm/cpufeature.h> +#include <asm/cputype.h> #include <asm/page.h> #include <asm/pgtable-hwdef.h> #include <asm/ptrace.h> @@ -495,4 +496,43 @@ alternative_endif and \phys, \pte, #(((1 << (48 - PAGE_SHIFT)) - 1) << PAGE_SHIFT) .endm +/* + * Check the MIDR_EL1 of the current CPU for a given model and a range of + * variant/revision. See asm/cputype.h for the macros used below. + * + * model: MIDR_CPU_MODEL of CPU + * rv_min: Minimum of MIDR_CPU_VAR_REV() + * rv_max: Maximum of MIDR_CPU_VAR_REV() + * res: Result register. + * tmp1, tmp2, tmp3: Temporary registers + * + * Corrupts: res, tmp1, tmp2, tmp3 + * Returns: 0, if the CPU id doesn't match. Non-zero otherwise + */ + .macro cpu_midr_match model, rv_min, rv_max, res, tmp1, tmp2, tmp3 + mrs \res, midr_el1 + mov_q \tmp1, (MIDR_REVISION_MASK | MIDR_VARIANT_MASK) + mov_q \tmp2, MIDR_CPU_MODEL_MASK + and \tmp3, \res, \tmp2 // Extract model + and \tmp1, \res, \tmp1 // rev & variant + mov_q \tmp2, \model + cmp \tmp3, \tmp2 + cset \res, eq + cbz \res, .Ldone\@ // Model matches ? + + .if (\rv_min != 0) // Skip min check if rv_min == 0 + mov_q \tmp3, \rv_min + cmp \tmp1, \tmp3 + cset \res, ge + .endif // \rv_min != 0 + /* Skip rv_max check if rv_min == rv_max && rv_min != 0 */ + .if ((\rv_min != \rv_max) || \rv_min == 0) + mov_q \tmp2, \rv_max + cmp \tmp1, \tmp2 + cset \tmp2, le + and \res, \res, \tmp2 + .endif +.Ldone\@: + .endm + #endif /* __ASM_ASSEMBLER_H */ diff --git a/arch/arm64/include/asm/cputype.h b/arch/arm64/include/asm/cputype.h index be7bd19..30da091 100644 --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -78,6 +78,7 @@ #define ARM_CPU_PART_AEM_V8 0xD0F #define ARM_CPU_PART_FOUNDATION 0xD00 +#define ARM_CPU_PART_CORTEX_A55 0xD05 #define ARM_CPU_PART_CORTEX_A57 0xD07 #define ARM_CPU_PART_CORTEX_A72 0xD08 #define ARM_CPU_PART_CORTEX_A53 0xD03 @@ -98,6 +99,7 @@ #define QCOM_CPU_PART_KRYO 0x200 #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) +#define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55) #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) #define MIDR_CORTEX_A73 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A73) diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S index 139320a..e338165 100644 --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -438,6 +438,11 @@ ENTRY(__cpu_setup) cbz x9, 2f cmp x9, #2 b.lt 1f +#ifdef CONFIG_ARM64_ERRATUM_1024718 + /* Disable hardware DBM on Cortex-A55 r0p0, r0p1 & r1p0 */ + cpu_midr_match MIDR_CORTEX_A55, MIDR_CPU_VAR_REV(0, 0), MIDR_CPU_VAR_REV(1, 0), x1, x2, x3, x4 + cbnz x1, 1f +#endif orr x10, x10, #TCR_HD // hardware Dirty flag update 1: orr x10, x10, #TCR_HA // hardware Access flag update 2: -- 2.7.4

7 years, 1 month

2
1
0 0

Please apply commit b86e33075ed1 to v4.4.y and v4.9.y

by Guenter Roeck

Hi Greg, commit b86e33075ed1 ("f2fs: fix a dead loop in f2fs_fiemap()") fixes CVE-2017-18257. Please apply to v4.4.y and v4.9.y. Thanks, Guenter

7 years, 1 month

2
1
0 0

patch "iio: sca3000: Fix an error handling path in 'sca3000_probe()'" added to staging-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: sca3000: Fix an error handling path in 'sca3000_probe()' to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 4a5b45383ca371e123ba103d34d4b3b87616245c Mon Sep 17 00:00:00 2001 From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Date: Sun, 8 Apr 2018 21:44:01 +0200 Subject: iio: sca3000: Fix an error handling path in 'sca3000_probe()' Use 'devm_iio_kfifo_allocate()' instead of 'iio_kfifo_allocate()' in order to simplify code and avoid a memory leak in an error path in 'sca3000_probe()'. A call to 'sca3000_unconfigure_ring()' was missing. Sent via the next merge window as unimportant bug and there are other patches dependent on it. Signed-off-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/accel/sca3000.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/drivers/iio/accel/sca3000.c b/drivers/iio/accel/sca3000.c index f33dadf7b262..562f125235db 100644 --- a/drivers/iio/accel/sca3000.c +++ b/drivers/iio/accel/sca3000.c @@ -1277,7 +1277,7 @@ static int sca3000_configure_ring(struct iio_dev *indio_dev) { struct iio_buffer *buffer; - buffer = iio_kfifo_allocate(); + buffer = devm_iio_kfifo_allocate(&indio_dev->dev); if (!buffer) return -ENOMEM; @@ -1287,11 +1287,6 @@ static int sca3000_configure_ring(struct iio_dev *indio_dev) return 0; } -static void sca3000_unconfigure_ring(struct iio_dev *indio_dev) -{ - iio_kfifo_free(indio_dev->buffer); -} - static inline int __sca3000_hw_ring_state_set(struct iio_dev *indio_dev, bool state) { @@ -1546,8 +1541,6 @@ static int sca3000_remove(struct spi_device *spi) if (spi->irq) free_irq(spi->irq, indio_dev); - sca3000_unconfigure_ring(indio_dev); - return 0; } -- 2.17.0

7 years, 1 month

1
0
0 0

patch "iio: adc: ad7791: remove sample freq sysfs attributes" added to staging-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7791: remove sample freq sysfs attributes to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 7eb6b35d93c356f1afebbfb808bc296d6351e708 Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean <alexandru.ardelean(a)analog.com> Date: Mon, 12 Mar 2018 14:06:53 +0200 Subject: iio: adc: ad7791: remove sample freq sysfs attributes In the current state, these attributes are broken, because they are registered already, and the kernel throws a warning. The first registration happens via the `IIO_CHAN_INFO_SAMP_FREQ` flag from the `ad_sigma_delta` driver. In this commit these attrs are removed, and in the following the IIO_CHAN_INFO_SAMP_FREQ behavior will be implemented, which replaces these hooks. This is done to make things a bit easier to review as there is a bit of overlap in the patch if it's done all at once. Fixes: a13e831fcaa7 ("staging: iio: ad7192: implement IIO_CHAN_INFO_SAMP_FREQ") Signed-off-by: Alexandru Ardelean <alexandru.ardelean(a)analog.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7791.c | 49 ---------------------------------------- 1 file changed, 49 deletions(-) diff --git a/drivers/iio/adc/ad7791.c b/drivers/iio/adc/ad7791.c index 70fbf92f9827..03a5f7d6cb0c 100644 --- a/drivers/iio/adc/ad7791.c +++ b/drivers/iio/adc/ad7791.c @@ -244,58 +244,9 @@ static int ad7791_read_raw(struct iio_dev *indio_dev, return -EINVAL; } -static const char * const ad7791_sample_freq_avail[] = { - [AD7791_FILTER_RATE_120] = "120", - [AD7791_FILTER_RATE_100] = "100", - [AD7791_FILTER_RATE_33_3] = "33.3", - [AD7791_FILTER_RATE_20] = "20", - [AD7791_FILTER_RATE_16_6] = "16.6", - [AD7791_FILTER_RATE_16_7] = "16.7", - [AD7791_FILTER_RATE_13_3] = "13.3", - [AD7791_FILTER_RATE_9_5] = "9.5", -}; - -static ssize_t ad7791_read_frequency(struct device *dev, - struct device_attribute *attr, char *buf) -{ - struct iio_dev *indio_dev = dev_to_iio_dev(dev); - struct ad7791_state *st = iio_priv(indio_dev); - unsigned int rate = st->filter & AD7791_FILTER_RATE_MASK; - - return sprintf(buf, "%s\n", ad7791_sample_freq_avail[rate]); -} - -static ssize_t ad7791_write_frequency(struct device *dev, - struct device_attribute *attr, const char *buf, size_t len) -{ - struct iio_dev *indio_dev = dev_to_iio_dev(dev); - struct ad7791_state *st = iio_priv(indio_dev); - int i, ret; - - i = sysfs_match_string(ad7791_sample_freq_avail, buf); - if (i < 0) - return i; - - ret = iio_device_claim_direct_mode(indio_dev); - if (ret) - return ret; - st->filter &= ~AD7791_FILTER_RATE_MASK; - st->filter |= i; - ad_sd_write_reg(&st->sd, AD7791_REG_FILTER, sizeof(st->filter), - st->filter); - iio_device_release_direct_mode(indio_dev); - - return len; -} - -static IIO_DEV_ATTR_SAMP_FREQ(S_IWUSR | S_IRUGO, - ad7791_read_frequency, - ad7791_write_frequency); - static IIO_CONST_ATTR_SAMP_FREQ_AVAIL("120 100 33.3 20 16.7 16.6 13.3 9.5"); static struct attribute *ad7791_attributes[] = { - &iio_dev_attr_sampling_frequency.dev_attr.attr, &iio_const_attr_sampling_frequency_available.dev_attr.attr, NULL }; -- 2.17.0

7 years, 1 month

1
0
0 0

Re: [PATCH] drm: Match sysfs name in link removal to link creation

by Sean Paul

On Fri, May 11, 2018 at 07:15:42AM +0300, Haneen Mohammed wrote: > This patch matches the sysfs name used in the unlinking with the > linking function. Otherwise, remove_compat_control_link() fails to remove > sysfs created by create_compat_control_link() in drm_dev_register(). > > Signed-off-by: Haneen Mohammed <hamohammed.sa(a)gmail.com> Hey Haneen, Nice catch! I've applied this to drm-misc-fixes with applicable Fixes and Cc tags. Sean > --- > drivers/gpu/drm/drm_drv.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c > index a1b9338736e3..c2c21d839727 100644 > --- a/drivers/gpu/drm/drm_drv.c > +++ b/drivers/gpu/drm/drm_drv.c > @@ -716,7 +716,7 @@ static void remove_compat_control_link(struct drm_device *dev) > if (!minor) > return; > > - name = kasprintf(GFP_KERNEL, "controlD%d", minor->index); > + name = kasprintf(GFP_KERNEL, "controlD%d", minor->index + 64); > if (!name) > return; > > -- > 2.17.0 > -- Sean Paul, Software Engineer, Google / Chromium OS

7 years, 1 month

1
0
0 0

[PATCH] mtd: nand: Do not check FAIL bit when executing a SET_FEATURES op

by Boris Brezillon

The ONFI spec clearly says that FAIL bit is only valid for PROGRAM, ERASE and READ-with-on-die-ECC operations, and should be ignored otherwise. It seems that checking it after sending a SET_FEATURES is a bad idea because a previous READ, PROGRAM or ERASE op may have failed, and depending on the implementation, the FAIL bit is not cleared until a new READ, PROGRAM or ERASE is started. This leads to ->set_features() returning -EIO while it actually worked, which can sometimes stop a batch of READ/PROGRAM ops. Note that we only fix the ->exec_op() path here, because some drivers are abusing the NAND_STATUS_FAIL flag in their ->waitfunc() implementation to propagate other kind of errors, like wait-ready-timeout or controller-related errors. Let's not try to fix those drivers since they worked fine so far. Fixes: 8878b126df76 ("mtd: nand: add ->exec_op() implementation") Cc: stable(a)vger.kernel.org Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- This patch is fixing a problem we had with on-die ECC on Micron NANDs [1]. On these chips, when you have an ECC failure, the FAIL bit is set and it's not cleared until the next READ operation, which led the following SET_FEATURES (used to re-enable on-die ECC) to fail with -EIO and stopped the batch of page reads started by UBIFS, which in turn led to unmountable FS. [1]http://patchwork.ozlabs.org/patch/907874/ --- drivers/mtd/nand/raw/nand_base.c | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index f28c3a555861..ee29f34562ab 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -2174,7 +2174,6 @@ static int nand_set_features_op(struct nand_chip *chip, u8 feature, struct mtd_info *mtd = nand_to_mtd(chip); const u8 *params = data; int i, ret; - u8 status; if (chip->exec_op) { const struct nand_sdr_timings *sdr = @@ -2188,26 +2187,18 @@ static int nand_set_features_op(struct nand_chip *chip, u8 feature, }; struct nand_operation op = NAND_OPERATION(instrs); - ret = nand_exec_op(chip, &op); - if (ret) - return ret; - - ret = nand_status_op(chip, &status); - if (ret) - return ret; - } else { - chip->cmdfunc(mtd, NAND_CMD_SET_FEATURES, feature, -1); - for (i = 0; i < ONFI_SUBFEATURE_PARAM_LEN; ++i) - chip->write_byte(mtd, params[i]); + return nand_exec_op(chip, &op); + } - ret = chip->waitfunc(mtd, chip); - if (ret < 0) - return ret; + chip->cmdfunc(mtd, NAND_CMD_SET_FEATURES, feature, -1); + for (i = 0; i < ONFI_SUBFEATURE_PARAM_LEN; ++i) + chip->write_byte(mtd, params[i]); - status = ret; - } + ret = chip->waitfunc(mtd, chip); + if (ret < 0) + return ret; - if (status & NAND_STATUS_FAIL) + if (ret & NAND_STATUS_FAIL) return -EIO; return 0; -- 2.14.1

7 years, 1 month

1
1
0 0

Re: [PATCH] idr: fix invalid ptr dereference on item delete

by Paolo Bonzini

On 10/05/2018 21:16, Roman Kagan wrote: > If an IDR contains a single entry at index==0, the underlying radix tree > has a single item in its root node, in which case > __radix_tree_lookup(index!=0) doesn't set its *@nodep argument (in > addition to returning NULL). > > However, the tree itself is not empty, i.e. the tree root doesn't have > IDR_FREE tag. > > As a result, on an attempt to remove an index!=0 entry from such an IDR, > radix_tree_delete_item doesn't return early and calls > __radix_tree_delete with invalid parameters which are then dereferenced. > > Reported-by: syzbot+35666cba7f0a337e2e79(a)syzkaller.appspotmail.com > Signed-off-by: Roman Kagan <rkagan(a)virtuozzo.com> > --- > lib/radix-tree.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/lib/radix-tree.c b/lib/radix-tree.c > index da9e10c827df..10ff1bfae952 100644 > --- a/lib/radix-tree.c > +++ b/lib/radix-tree.c > @@ -2040,8 +2040,9 @@ void *radix_tree_delete_item(struct radix_tree_root *root, > void *entry; > > entry = __radix_tree_lookup(root, index, &node, &slot); > - if (!entry && (!is_idr(root) || node_tag_get(root, node, IDR_FREE, > - get_slot_offset(node, slot)))) > + if (!entry && (!is_idr(root) || !node || > + node_tag_get(root, node, IDR_FREE, > + get_slot_offset(node, slot)))) > return NULL; > > if (item && entry != item) > I cannot really vouch for the patch, but if it is correct it's definitely stuff for stable. The KVM testcase is only for 4.17-rc but this is a really nasty bug in a core data structure. Cc: stable(a)vger.kernel.org Should radix-tree be compilable in userspace, so that we can add unit tests for it?... Paolo

7 years, 1 month

3
3
0 0

patch "iio: sca3000: Fix an error handling path in 'sca3000_probe()'" added to staging-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: sca3000: Fix an error handling path in 'sca3000_probe()' to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the staging-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 4a5b45383ca371e123ba103d34d4b3b87616245c Mon Sep 17 00:00:00 2001 From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Date: Sun, 8 Apr 2018 21:44:01 +0200 Subject: iio: sca3000: Fix an error handling path in 'sca3000_probe()' Use 'devm_iio_kfifo_allocate()' instead of 'iio_kfifo_allocate()' in order to simplify code and avoid a memory leak in an error path in 'sca3000_probe()'. A call to 'sca3000_unconfigure_ring()' was missing. Sent via the next merge window as unimportant bug and there are other patches dependent on it. Signed-off-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/accel/sca3000.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/drivers/iio/accel/sca3000.c b/drivers/iio/accel/sca3000.c index f33dadf7b262..562f125235db 100644 --- a/drivers/iio/accel/sca3000.c +++ b/drivers/iio/accel/sca3000.c @@ -1277,7 +1277,7 @@ static int sca3000_configure_ring(struct iio_dev *indio_dev) { struct iio_buffer *buffer; - buffer = iio_kfifo_allocate(); + buffer = devm_iio_kfifo_allocate(&indio_dev->dev); if (!buffer) return -ENOMEM; @@ -1287,11 +1287,6 @@ static int sca3000_configure_ring(struct iio_dev *indio_dev) return 0; } -static void sca3000_unconfigure_ring(struct iio_dev *indio_dev) -{ - iio_kfifo_free(indio_dev->buffer); -} - static inline int __sca3000_hw_ring_state_set(struct iio_dev *indio_dev, bool state) { @@ -1546,8 +1541,6 @@ static int sca3000_remove(struct spi_device *spi) if (spi->irq) free_irq(spi->irq, indio_dev); - sca3000_unconfigure_ring(indio_dev); - return 0; } -- 2.17.0

7 years, 1 month

1
0
0 0

patch "iio: adc: ad7791: remove sample freq sysfs attributes" added to staging-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7791: remove sample freq sysfs attributes to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the staging-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 7eb6b35d93c356f1afebbfb808bc296d6351e708 Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean <alexandru.ardelean(a)analog.com> Date: Mon, 12 Mar 2018 14:06:53 +0200 Subject: iio: adc: ad7791: remove sample freq sysfs attributes In the current state, these attributes are broken, because they are registered already, and the kernel throws a warning. The first registration happens via the `IIO_CHAN_INFO_SAMP_FREQ` flag from the `ad_sigma_delta` driver. In this commit these attrs are removed, and in the following the IIO_CHAN_INFO_SAMP_FREQ behavior will be implemented, which replaces these hooks. This is done to make things a bit easier to review as there is a bit of overlap in the patch if it's done all at once. Fixes: a13e831fcaa7 ("staging: iio: ad7192: implement IIO_CHAN_INFO_SAMP_FREQ") Signed-off-by: Alexandru Ardelean <alexandru.ardelean(a)analog.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7791.c | 49 ---------------------------------------- 1 file changed, 49 deletions(-) diff --git a/drivers/iio/adc/ad7791.c b/drivers/iio/adc/ad7791.c index 70fbf92f9827..03a5f7d6cb0c 100644 --- a/drivers/iio/adc/ad7791.c +++ b/drivers/iio/adc/ad7791.c @@ -244,58 +244,9 @@ static int ad7791_read_raw(struct iio_dev *indio_dev, return -EINVAL; } -static const char * const ad7791_sample_freq_avail[] = { - [AD7791_FILTER_RATE_120] = "120", - [AD7791_FILTER_RATE_100] = "100", - [AD7791_FILTER_RATE_33_3] = "33.3", - [AD7791_FILTER_RATE_20] = "20", - [AD7791_FILTER_RATE_16_6] = "16.6", - [AD7791_FILTER_RATE_16_7] = "16.7", - [AD7791_FILTER_RATE_13_3] = "13.3", - [AD7791_FILTER_RATE_9_5] = "9.5", -}; - -static ssize_t ad7791_read_frequency(struct device *dev, - struct device_attribute *attr, char *buf) -{ - struct iio_dev *indio_dev = dev_to_iio_dev(dev); - struct ad7791_state *st = iio_priv(indio_dev); - unsigned int rate = st->filter & AD7791_FILTER_RATE_MASK; - - return sprintf(buf, "%s\n", ad7791_sample_freq_avail[rate]); -} - -static ssize_t ad7791_write_frequency(struct device *dev, - struct device_attribute *attr, const char *buf, size_t len) -{ - struct iio_dev *indio_dev = dev_to_iio_dev(dev); - struct ad7791_state *st = iio_priv(indio_dev); - int i, ret; - - i = sysfs_match_string(ad7791_sample_freq_avail, buf); - if (i < 0) - return i; - - ret = iio_device_claim_direct_mode(indio_dev); - if (ret) - return ret; - st->filter &= ~AD7791_FILTER_RATE_MASK; - st->filter |= i; - ad_sd_write_reg(&st->sd, AD7791_REG_FILTER, sizeof(st->filter), - st->filter); - iio_device_release_direct_mode(indio_dev); - - return len; -} - -static IIO_DEV_ATTR_SAMP_FREQ(S_IWUSR | S_IRUGO, - ad7791_read_frequency, - ad7791_write_frequency); - static IIO_CONST_ATTR_SAMP_FREQ_AVAIL("120 100 33.3 20 16.7 16.6 13.3 9.5"); static struct attribute *ad7791_attributes[] = { - &iio_dev_attr_sampling_frequency.dev_attr.attr, &iio_const_attr_sampling_frequency_available.dev_attr.attr, NULL }; -- 2.17.0

7 years, 1 month

1
0
0 0

[PATCH v4.9] KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry

by Paul Mackerras

commit a8b48a4dccea77e29462e59f1dbf0d5aa1ff167c upstream. This fixes a bug where the trap number that is returned by __kvmppc_vcore_entry gets corrupted. The effect of the corruption is that IPIs get ignored on POWER9 systems when the IPI is sent via a doorbell interrupt to a CPU which is executing in a KVM guest. The effect of the IPI being ignored is often that another CPU locks up inside smp_call_function_many() (and if that CPU is holding a spinlock, other CPUs then lock up inside raw_spin_lock()). The trap number is currently held in register r12 for most of the assembly-language part of the guest exit path. In that path, we call kvmppc_subcore_exit_guest(), which is a C function, without restoring r12 afterwards. Depending on the kernel config and the compiler, it may modify r12 or it may not, so some config/compiler combinations see the bug and others don't. To fix this, we arrange for the trap number to be stored on the stack from the point where kvmhv_commence_exit is called until the end of the function, then the trap number is loaded and returned in r12 as before. Cc: stable(a)vger.kernel.org # v4.8+ Fixes: fd7bacbca47a ("KVM: PPC: Book3S HV: Fix TB corruption in guest exit path on HMI interrupt") Signed-off-by: Paul Mackerras <paulus(a)ozlabs.org> --- arch/powerpc/kvm/book3s_hv_rmhandlers.S | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S b/arch/powerpc/kvm/book3s_hv_rmhandlers.S index 55fbc0c78721..79a180cf4c94 100644 --- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S +++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S @@ -299,7 +299,6 @@ kvm_novcpu_exit: stw r12, STACK_SLOT_TRAP(r1) bl kvmhv_commence_exit nop - lwz r12, STACK_SLOT_TRAP(r1) b kvmhv_switch_to_host /* @@ -1023,6 +1022,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR) secondary_too_late: li r12, 0 + stw r12, STACK_SLOT_TRAP(r1) cmpdi r4, 0 beq 11f stw r12, VCPU_TRAP(r4) @@ -1266,12 +1266,12 @@ mc_cont: bl kvmhv_accumulate_time #endif + stw r12, STACK_SLOT_TRAP(r1) mr r3, r12 /* Increment exit count, poke other threads to exit */ bl kvmhv_commence_exit nop ld r9, HSTATE_KVM_VCPU(r13) - lwz r12, VCPU_TRAP(r9) /* Stop others sending VCPU interrupts to this physical CPU */ li r0, -1 @@ -1549,6 +1549,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S) * POWER7/POWER8 guest -> host partition switch code. * We don't have to lock against tlbies but we do * have to coordinate the hardware threads. + * Here STACK_SLOT_TRAP(r1) contains the trap number. */ kvmhv_switch_to_host: /* Secondary threads wait for primary to do partition switch */ @@ -1599,11 +1600,11 @@ BEGIN_FTR_SECTION END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S) /* If HMI, call kvmppc_realmode_hmi_handler() */ + lwz r12, STACK_SLOT_TRAP(r1) cmpwi r12, BOOK3S_INTERRUPT_HMI bne 27f bl kvmppc_realmode_hmi_handler nop - li r12, BOOK3S_INTERRUPT_HMI /* * At this point kvmppc_realmode_hmi_handler would have resync-ed * the TB. Hence it is not required to subtract guest timebase @@ -1678,6 +1679,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S) li r0, KVM_GUEST_MODE_NONE stb r0, HSTATE_IN_GUEST(r13) + lwz r12, STACK_SLOT_TRAP(r1) /* return trap # in r12 */ ld r0, SFS+PPC_LR_STKOFF(r1) addi r1, r1, SFS mtlr r0 -- 2.11.0

7 years, 1 month

2
1
0 0

[GIT PULL] commits for Linux 4.16

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.16 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit b42b71cd28f213cf4688b9891e66b57bdb6eefe8: Linux 4.16.4 (2018-04-24 09:43:11 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.16-26042018 for you to fetch changes up to bafaa8866f7137b7ed3df848b0e77c8cfc15066c: kdb: make "mdr" command repeat (2018-04-25 17:24:16 -0400) - ---------------------------------------------------------------- for-greg-4.16-26042018 - ---------------------------------------------------------------- Aapo Vienamo (1): ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet Aaro Koskinen (1): drivers: macintosh: rack-meter: really fix bogus memsets Akinobu Mita (1): media: ov5645: add missing of_node_put() in error path Alexander Graf (1): lan78xx: Connect phy early Alexander Shishkin (1): intel_th: Use correct method of finding hub Alexandre Belloni (4): rtc: hctosys: Ensure system time doesn't overflow time_t rtc: rk808: fix possible race condition rtc: m41t80: fix race conditions rtc: rp5c01: fix possible race condition Alexey Khoroshilov (3): watchdog: davinci_wdt: fix error handling in davinci_wdt_probe() watchdog: sprd_wdt: Fix error handling in sprd_wdt_enable() watchdog: asm9260_wdt: fix error handling in asm9260_wdt_probe() Alistair Popple (1): powerpc/powernv/npu: Fix deadlock in mmio_invalidate() Amitkumar Karwar (1): rsi: fix kernel panic observed on 64bit machine Anand Jain (1): btrfs: fix null pointer deref when target device is missing Andrea Parri (1): riscv/spinlock: Strengthen implementations with fences Andreas Gruenbacher (2): gfs2: Check for the end of metadata in punch_hole gfs2: Fix fallocate chunk size Andrey Konovalov (2): kasan: fix invalid-free test crashing the kernel kasan, slub: fix handling of kasan_slab_free hook Andrzej Hajda (6): clk: samsung: s3c2410: Fix PLL rates clk: samsung: exynos7: Fix PLL rates clk: samsung: exynos5260: Fix PLL rates clk: samsung: exynos5433: Fix PLL rates clk: samsung: exynos5250: Fix PLL rates clk: samsung: exynos3250: Fix PLL rates Anilkumar Kolli (1): ath10k: advertize beacon_int_min_gcd Anshuman Khandual (1): powerpc/fscr: Enable interrupts earlier before calling get_user() Antoine Tenart (8): crypto: inside-secure - move the digest to the request context crypto: inside-secure - wait for the request to complete if in the backlog crypto: atmel-aes - fix the keys zeroing on errors crypto: inside-secure - do not process request if no command was issued crypto: inside-secure - fix the cache_len computation crypto: inside-secure - fix the extra cache computation crypto: inside-secure - do not overwrite the threshold value crypto: inside-secure - fix the invalidation step during cra_exit Archit Taneja (1): dt-bindings: display: msm/dsi: Fix the PHY regulator supply props Arjun Vynipadath (2): cxgb4: Setup FW queues before registering netdev cxgb4: Fix queue free path of ULD drivers Arnd Bergmann (2): clk: hisilicon: mark wdt_mux_p[] as const media: s3c-camif: fix out-of-bounds array access Baoquan He (1): x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified Bart Van Assche (1): block: Fix a race between request queue removal and the block cgroup controller Ben Hutchings (1): usbip: Correct maximum value of CONFIG_USBIP_VHCI_HC_PORTS Benoit Parrot (1): drm/omap: Add pclk setting case when channel is DSS_WB Bjorn Andersson (2): soc: qcom: wcnss_ctrl: Fix increment in NV upload pinctrl: msm: Use dynamic GPIO numbering Bob Moore (1): ACPICA: Fix memory leak on unusual memory leak Borislav Petkov (1): x86/mce/AMD: Collect error info even if valid bits are not set Brad Love (6): media: cx23885: Override 888 ImpactVCBe crystal frequency media: cx23885: Set subdev host data to clk_freq pointer media: lgdt3306a: Fix a double kfree on i2c device remove media: lgdt3306a: Fix module count mismatch on usb unplug media: em28xx: Add Hauppauge SoloHD/DualHD bulk models media: em28xx: USB bulk packet size fix Brian Norris (1): watchdog: dw: RMW the control register Brijesh Singh (1): crypto: ccp - add check to get PSP master only when PSP is detected Bryan O'Donoghue (1): rtc: snvs: Fix usage of snvs_rtc_enable Carlos Maiolino (1): Force log to disk before reading the AGF during a fstrim Chao Yu (3): f2fs: fix to set KEEP_SIZE bit in f2fs_zero_range f2fs: fix to clear CP_TRIMMED_FLAG f2fs: fix to check extent cache in f2fs_drop_extent_tree Charles Keepax (1): regmap: Correct comparison in regmap_cached Chris Dickens (1): usb: gadget: composite: fix incorrect handling of OS desc requests Christophe JAILLET (4): remoteproc: imx_rproc: Fix an error handling path in 'imx_rproc_probe()' drm/meson: Fix some error handling paths in 'meson_drv_bind_master()' drm/meson: Fix an un-handled error path in 'meson_drv_bind_master()' regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' Christophe Jaillet (2): regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()' spi: bcm-qspi: fIX some error handling paths Christophe Leroy (1): powerpc/mm/slice: Fix hugepage allocation at hint address on 8xx Chunyu Hu (1): cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path Claudio Imbrenda (1): mm/ksm: fix interaction with THP Colin Ian King (4): net: qualcomm: rmnet: check for null ep to avoid null pointer dereference staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr rtc: tx4939: avoid unintended sign extension on a 24 bit shift media: cx25821: prevent out-of-bounds read on array card Coly Li (3): bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set bcache: fix cached_dev->count usage for bch_cache_set_error() bcache: stop dc->writeback_rate_update properly Cornelia Huck (1): vfio-ccw: fence off transport mode Dan Carpenter (2): platform/x86: dell-smbios: Fix memory leaks in build_tokens_sysfs() xen/acpi: off by one in read_acpi_id() Danilo Krummrich (1): fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table Dave Carroll (1): scsi: aacraid: Insure command thread is not recursively stopped Dave Hansen (1): x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init David Ahern (1): selftests: Add FIB onlink tests David Howells (3): fscache: Fix hanging wait on page discarded by writeback rxrpc: Fix Tx ring annotation after initial Tx failure rxrpc: Don't treat call aborts as conn aborts David Lechner (1): ARM: davinci_all_defconfig: set CONFIG_DAVINCI_WATCHDOG=y David S. Miller (1): sparc64: Make atomic_xchg() an inline function rather than a macro. Davidlohr Bueso (4): ipc/msg: introduce msgctl(MSG_STAT_ANY) ipc/sem: introduce semctl(SEM_STAT_ANY) ipc/shm: introduce shmctl(SHM_STAT_ANY) sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning Dexuan Cui (1): tools: hv: fix compiler warnings about major/target_fname Dhinakaran Pandiyan (1): drm/vblank: Data type fixes for 64-bit vblank sequences. Douglas Gilbert (1): scsi: core: Make SCSI Status CONDITION MET equivalent to GOOD Emily Deng (1): drm/amdgpu: Clean sdma wptr register when only enable wptr polling Emmanuel Grumbach (1): mac80211: don't WARN on bad WMM parameters from buggy APs Eran Ben Elisha (1): net/mlx5e: Move all TX timeout logic to be under state lock Eric Anholt (1): drm/panel: simple: Fix the bus format for the Ontat panel Eric Dumazet (3): crypto: af_alg - fix possible uninit-value in alg_bind() soreuseport: initialise timewait reuseport field dccp: initialize ireq->ir_mark Eric Sandeen (1): ext4: don't complain about incorrect features when probing Erik Schmauss (1): ACPICA: Events: add a return on failure from acpi_hw_register_read Esben Haabendal (2): dp83640: Ensure against premature access to PHY registers after reset ARM: dts: ls1021a: Specify TBIPA register address Ezequiel Garcia (1): ASoC: rockchip: rk3288-hdmi-analog: Select needed codecs Felipe Balbi (1): usb: dwc3: Makefile: fix link error on randconfig Filip Sadowski (1): i40e: Add delay after EMP reset for firmware to recover Filipe Manana (2): Btrfs: fix loss of prealloc extents past i_size after fsync log replay Btrfs: fix copy_items() return value when logging an inode Florian Fainelli (2): net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() net: bgmac: Correctly annotate register space Frank Asseg (1): tools/thermal: tmon: fix for segfault Fuyun Liang (3): net: hns3: fix for the wrong shift problem in hns3_set_txbd_baseinfo net: hns3: fix for returning wrong value problem in hns3_get_rss_indir_size net: hns3: fix for returning wrong value problem in hns3_get_rss_key_size Gabriel Matni (1): serial: mvebu-uart: fix tx lost characters Gao Xiang (1): f2fs: flush cp pack except cp pack 2 page at first Geert Uytterhoeven (8): dmaengine: rcar-dmac: Fix too early/late system suspend/resume callbacks serial: xuartps: Fix out-of-bounds access through DT alias serial: sh-sci: Fix out-of-bounds access through DT alias serial: samsung: Fix out-of-bounds access through serial port index serial: mxs-auart: Fix out-of-bounds access through serial port index serial: imx: Fix out-of-bounds access through serial port index serial: fsl_lpuart: Fix out-of-bounds access through DT alias serial: arc_uart: Fix out-of-bounds access through DT alias Govindarajulu Varadarajan (1): enic: enable rq before updating rq descriptors Greg Ungerer (1): m68k: set dma and coherent masks for platform FEC ethernets Gregory CLEMENT (1): i2c: mv64xxx: Apply errata delay only in standard mode Grigor Tovmasyan (1): usb: dwc2: Fix interval type issue Guenter Roeck (3): hwmon: (nct6775) Fix writing pwmX_mode hwmon: (pmbus/max8688) Accept negative page register values hwmon: (pmbus/adm1275) Accept negative page register values Haiyang Zhang (1): hv_netvsc: Fix the return status in RX path Hans Verkuil (1): media: vivid: fix incorrect capabilities for radio Harry Morris (1): ieee802154: ca8210: fix uninitialised data read Heiner Kallweit (1): soc: amlogic: meson-gx-pwrc-vpu: fix error on shutdown when domain is powered off Helge Deller (1): parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode Henry Zhang (1): ARM: dts: bcm283x: Fix pin function of JTAG pins Honggang Li (1): IB/mlx5: Set the default active rate and width to QDR and 4X Huang Ying (1): mm: fix races between address_space dereference and free in page_evicatable Icenowy Zheng (1): dt-bindings: add device tree binding for Allwinner H6 main CCU Igor Russkikh (1): net: aquantia: oops when shutdown on already stopped device Ilia Lin (1): arm64: dts: qcom: Fix SPI5 config on MSM8996 Ioana Radulescu (2): staging: fsl-dpaa2/eth: Fix incorrect kfree staging: fsl-dpaa2/eth: Fix incorrect casts Ivan Gorinov (2): x86/devicetree: Initialize device tree before using it x86/devicetree: Fix device IRQ settings in DT Jacob Keller (2): i40e: hold the RTNL lock while changing interrupt schemes ixgbe: prevent ptp_rx_hang from running when in FILTER_ALL mode Jake Moroni (1): dpaa_eth: fix pause capability advertisement logic James Hogan (1): rtc: goldfish: Add missing MODULE_LICENSE James Smart (8): nvme: expand nvmf_check_if_ready checks nvme_fc: fix abort race on teardown with lld reject scsi: lpfc: Fix NVME Initiator FirstBurst scsi: lpfc: Fix issue_lip if link is disabled scsi: lpfc: Fix nonrecovery of NVME controller after cable swap. scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing scsi: lpfc: Fix IO failure during hba reset testing with nvme io. scsi: lpfc: Fix frequency of Release WQE CQEs Jan Kara (2): udf: Provide saner default for invalid uid / gid fanotify: Avoid lost events due to ENOMEM for unlimited queues Jan KundrÃ¡t (1): pinctrl: mcp23s08: spi: Fix regmap debugfs entries JarosÅ‚aw Janik (1): nvme-pci: disable APST for Samsung NVMe SSD 960 EVO + ASUS PRIME Z370-A Javier Martinez Canillas (1): i2c: core: report OF style module alias for devices registered via OF Jay Vosburgh (1): virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS Jean Delvare (1): firmware: dmi_scan: Fix UUID length safety check Jeff Mahoney (1): btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers Jens Axboe (1): sr: get/drop reference to device in revalidate and check_events Jerome Brunet (1): clk: meson: axg: add the fractional part of the fixed_pll Jiandi An (1): ima: Fix Kconfig to select TPM 2.0 CRB interface Jin Yao (1): perf report: Fix wrong jump arrow Jiri Olsa (3): perf tests: Use arch__compare_symbol_names to compare symbols perf report: Fix memory corruption in --branch-history mode --branch-history perf tests: Fix dwarf unwind for stripped binaries Joe Perches (1): MIPS: Octeon: Fix logging messages with spurious periods after newlines Joerg Roedel (1): x86/pgtable: Don't set huge PUD/PMD on non-leaf entries Johannes Thumshirn (1): nvme: don't send keep-alives to the discovery controller John Allen (1): ibmvnic: Fix reset return from closed state Joonsoo Kim (1): ARM: CMA: avoid double mapping to the CMA area if CONFIG_HIGHMEM=y Juergen Gross (1): x86/xen: Add pvh specific rsdp address retrieval function Jun Piao (1): ocfs2/dlm: don't handle migrate lockres if already in shutdown Kamlakant Patel (1): ipmi_ssif: Fix kernel panic at msg_done_handler Kan Liang (5): perf mmap: Fix accessing unmapped mmap in perf_mmap__read_done() perf/x86/intel: Properly save/restore the PMU state in the NMI handler perf/x86/intel: Fix large period handling on Broadwell CPUs perf/x86/intel: Fix event update for auto-reload perf kvm: Switch to new perf_mmap__read_event() interface Karthikeyan Periyasamy (2): Revert "ath10k: send (re)assoc peer command when NSS changed" ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) Kieran Bingham (1): media: i2c: adv748x: fix HDMI field heights Kirill Marinushkin (1): staging: bcm2835-audio: Release resources on module_exit() Ladislav Michl (1): power: supply: ltc2941-battery-gauge: Fix temperature units Larry Finger (1): Bluetooth: btusb: Add device ID for RTL8822BE Lars-Peter Clausen (2): usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS usb: gadget: ffs: Execute copy_to_user() with USER_DS set Laurent Pinchart (3): drm: omapdrm: dss: Move initialization code from component bind to probe media: v4l: vsp1: Fix display stalls when requesting too many inputs ARM: dts: porter: Fix HDMI output routing Lenny Szubowicz (1): ACPI: acpi_pad: Fix memory leak in power saving threads Leo Yan (1): coresight: Use %px to print pcsr instead of %p Leon Romanovsky (2): net/mlx5: Protect from command bit overflow RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs Linus Walleij (1): drm/bridge: sii902x: Retry status read after DDI I2C Liu Bo (3): Btrfs: clean up resources during umount after trans is aborted Btrfs: bail out on error during replay_dir_deletes Btrfs: fix NULL pointer dereference in log_dir_items Lorenzo Bianconi (2): mt76x2: fix possible NULL pointer dereferencing in mt76x2_tx() mt76x2: fix warning in ieee80211_get_key_rx_seq() Luca Coelho (1): iwlwifi: mvm: check if mac80211_queue is valid in iwl_mvm_disable_txq Luis R. Rodriguez (1): firmware: fix checking for return values for fw_add_devm_name() Madalin Bucur (1): dpaa_eth: fix SG mapping Madhavan Srinivasan (1): powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer Marc Dionne (1): rxrpc: Fix resend event time calculation Marc Zyngier (1): arm64: insn: Allow ADD/SUB (immediate) with LSL #12 Marcel Ziswiler (1): clk: tegra: Fix pll_u rate configuration Mark Rutland (1): efi/arm*: Only register page tables when they exist Masami Hiramatsu (2): tracing/uprobe_event: Fix strncpy corner case media: vb2: Fix videobuf2 to map correct area Mathias Kresin (1): MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset Mathias Nyman (2): xhci: Show what USB release number the xHC supports from protocol capablity xhci: zero usb device slot_id member when disabling and freeing a xhci slot Mathieu Malaterre (1): powerpc: Add missing prototype for arch_irq_work_raise() Maurizio Lombardi (1): cdrom: do not call check_disk_change() inside cdrom_open() Michael Ellerman (4): powerpc/mpic: Check if cpu_possible() in mpic_physmask() powerpc/perf: Fix kernel address leak via sampling registers selftests: Print the test we're running to /dev/kmsg powerpc/pseries: Make plpar_wrappers.h safe to include when PSERIES=n Michael Schmitz (1): zorro: Set up z->dev.dma_mask for the DMA API Michal Hocko (1): memcg: fix per_node_info cleanup Mikhail Malygin (1): IB/rxe: Fix for oops in rxe_register_device on ppc64le arch Milton Miller (2): watchdog: aspeed: Allow configuring for alternate boot watchdog: aspeed: Fix translation of reset mode to ctrl register Mimi Zohar (1): ima: clear IMA_HASH Minas Harutyunyan (2): usb: dwc2: hcd: Fix host channel halt flow usb: dwc2: host: Fix transaction errors in host mode Ming Lei (1): block: null_blk: fix 'Invalid parameters' when loading module Monk Liu (2): drm/amdgpu: disable GFX ring and disable PQ wptr in hw_fini drm/amdgpu: adjust timeout for ib_ring_tests(v2) NeilBrown (2): staging: lustre: fix bug in osc_enter_cache_try staging: lustre: lmv: correctly iput lmo_root Nicholas Piggin (2): powerpc/64s/idle: Fix restore of AMOR on POWER9 after deep sleep powerpc/64s: sreset panic if there is no debugger or crash dump handlers Nicolin Chen (1): ASoC: fsl_ssi: Maintain a mask of active streams Niklas Cassel (4): pinctrl: artpec6: dt: add missing pin group uart5nocts net: stmmac: ensure that the device has released ownership before reading data net: stmmac: ensure that the MSS desc is the last desc to set the own bit net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() Nikolay Borisov (1): btrfs: Fix possible softlock on single core machines Nobutaka Okabe (1): ALSA: usb-audio: Add native DSD support for Luxman DA-06 Oded Gabbay (1): drm/amdkfd: add missing include of mm.h Omar Sandoval (1): loop: don't call into filesystem while holding lo_ctl_mutex Parav Pandit (1): IB/core: Honor port_num while resolving GID for IB link layer Paul E. McKenney (1): rcu: Create RCU-specific workqueues with rescuers PaweÅ‚ JabÅ‚oÅ„ski (1): i40e: Fix attach VF to VM issue Peter Robinson (1): crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss Peter Rosin (2): ARM: dts: at91: nattis: use the correct compatible for the eeprom ARM: dts: at91: tse850: use the correct compatible for the eeprom Peter Zijlstra (1): perf/core: Fix perf_output_read_group() Petr Vorel (1): ima: Fallback to the builtin hash algorithm Philipp Puschmann (1): arm: dts: socfpga: fix GIC PPI warning Pierre Bourdon (1): max17042: propagate of_node to power supply device Prashant Bhole (1): selftests/net: fixes psock_fanout eBPF test case Qi Hou (1): dmaengine: pl330: fix a race condition in case of threaded irqs Qu Wenruo (2): btrfs: tests/qgroup: Fix wrong tree backref level btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled Quytelda Kahja (1): staging: ks7010: Use constants from ieee80211_eid instead of literal ints. Rafael J. Wysocki (2): PCI: Restore config space on runtime resume despite being unbound PCMCIA / PM: Avoid noirq suspend aborts during suspend-to-idle Randy Dunlap (1): kdb: make "mdr" command repeat Ranjani Sridharan (1): ASoC: topology: create TLV data for dapm widgets Ravikumar Kattekola (1): ARM: dts: dra71-evm: Correct evm_sd regulator max voltage Rich Felker (1): sh: fix debug trap failure to process signals before return to user Richard Fitzgerald (1): pinctrl: devicetree: Fix dt_to_map_one_config handling of hogs Richard Guy Briggs (1): audit: return on memory error to avoid null pointer dereference Richard Haines (1): netlabel: If PF_INET6, check sk_buff ip header version Rolf Evers-Fischer (1): PCI: endpoint: Fix kernel panic after put_device() Sai Praneeth (1): x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead of this_cpu_has() in build_cr3_noflush() Sandipan Das (2): perf tools: Fix perf builds with clang support perf clang: Add support for recent clang versions Sara Sharon (1): iwlwifi: mvm: take RCU lock before dereferencing Scott Branden (1): bnxt_en: fix clear flags in ethtool reset handling Sean Christopherson (2): KVM: VMX: raise internal error for exception during invalid protected mode state Revert "KVM: X86: Fix SMRAM accessing even if VM is shutdown" Sebastian Andrzej Siewior (2): iommu/amd: Take into account that alloc_dev_data() may return NULL crypto: ccp - don't disable interrupts while setting up debugfs Sebastian Gottschall (1): ath9k: fix crash in spectral scan Sergei Shtylyov (4): sh_eth: fix TSU init on SH7734/R8A7740 soc: renesas: r8a77970-sysc: fix power area parents drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen3 drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen2 Seunghun Han (1): ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c Shawn Lin (4): clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228 clk: Don't show the incorrect clock phase phy: rockchip-emmc: retry calpad busy trimming clk: rockchip: Prevent calculating mmc phase if clock rate is zero Shunyong Yang (1): cpufreq: CPPC: Initialize shared perf capabilities of CPUs Sinan Kaya (1): net: qlge: Eliminate duplicate barriers on weakly-ordered archs Sowmini Varadhan (1): rds: tcp: must use spin_lock_irq* and not spin_lock_bh with rds_tcp_conn_lock Sriharsha Basavapatna (1): bnxt_en: Ignore src port field in decap filter nodes Srinivas Kandagatla (1): dmaengine: qcom: bam_dma: get num-channels and num-ees from dt Stefan Wahren (2): ARM: dts: bcm283x: Fix probing of bcm2835-i2s hwrng: bcm2835 - Handle deferred clock properly Sukadev Bhattiprolu (1): powerpc/vas: Fix cleanup when VAS is not configured Suman Anna (1): ARM: dts: keystone-k2e-clocks: Fix missing unit address separator Sylwester Nawrocki (2): ASoC: samsung: odroid: Fix 32000 sample rate handling ASoC: samsung: i2s: Ensure the RCLK rate is properly determined Takashi Iwai (1): ALSA: vmaster: Propagate slave error Takeshi Kihara (1): pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group Tao (1): drm/amd/display: Set vsc pack revision when DPCD revision is >= 1.2 Tedd Ho-Jeong An (1): Bluetooth: btusb: Add support for Intel Bluetooth device 22560 [8087:0026] Tejun Heo (1): rcu: Call touch_nmi_watchdog() while printing stall warnings Tero Kristo (1): clk: ti: fix flag space conflict with clkctrl clocks Thinh Nguyen (2): usb: dwc3: Add SoftReset PHY synchonization delay usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields Thomas Falcon (3): ibmvnic: Zero used TX descriptor counter on reset ibmvnic: Allocate statistics buffers during probe ibmvnic: Fix TX descriptor tracking again Thomas Gleixner (1): genirq/affinity: Don't return with empty affinity masks on error Thomas Hellstrom (1): drm/vmwgfx: Unpin the screen object backup buffer when not used Thomas Richter (2): perf stat: Fix core dump when flag T is used perf test: Fix test case inet_pton to accept inlines. Thomas Vincent-Cross (1): PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 Tom Abraham (1): swap: divide-by-zero when zero length swap file on ssd Ursula Braun (1): net/smc: pay attention to MAX_ORDER for CQ entries Uwe Kleine-KÃ¶nig (1): serial: altera: ensure port->regshift is honored consistently Vaibhav Jain (2): powerpc/xmon: Setup debugger hooks when first break-point is set cxl: Check if PSL data-cache is available before issue flush request Vicente Bergas (1): Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB Vignesh R (1): serial: 8250: Don't service RX FIFO if interrupts are disabled Viresh Kumar (1): cpufreq: Reorder cpufreq_online() error code path Vitaly Kuznetsov (1): KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use Vivek Gautam (1): phy: qcom-qmp: Fix phy pipe clock gating Wilfried Weissmann (1): scsi: mvsas: fix wrong endianness of sgpio api Wolfram Sang (1): usb: gadget: udc: change comparison to bitshift when dealing with a mask Xidong Wang (1): z3fold: fix memory leak Xose Vazquez Perez (1): scsi: devinfo: add HP DISK-SUBSYSTEM device, for HP XP arrays Yang Shi (1): mm: thp: fix potential clearing to referenced flag in page_idle_clear_pte_refs_one() Yisheng Xie (1): perf top: Fix top.call-graph config option reading Yixun Lan (1): clk: meson: axg: fix the od shift of the sys_pll Yong Wu (1): iommu/mediatek: Fix protect memory setting Yoshihiro Shimoda (1): dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue() leilei.lin (1): perf/core: Fix installing cgroup events on CPU lionel.debieve(a)st.com (1): hwrng: stm32 - add reset during probe Ã˜rjan Eide (1): drm/rockchip: Respect page offset for PRIME mmap calls .../devicetree/bindings/clock/sunxi-ccu.txt | 4 + .../devicetree/bindings/display/msm/dsi.txt | 4 + .../bindings/pinctrl/axis,artpec6-pinctrl.txt | 5 +- arch/arm/boot/dts/at91-nattis-2-natte-2.dts | 2 +- arch/arm/boot/dts/at91-tse850-3.dts | 2 +- arch/arm/boot/dts/bcm283x.dtsi | 6 +- arch/arm/boot/dts/dra71-evm.dts | 4 +- arch/arm/boot/dts/imx7d-cl-som-imx7.dts | 52 +-- arch/arm/boot/dts/keystone-k2e-clocks.dtsi | 2 +- arch/arm/boot/dts/ls1021a.dtsi | 3 +- arch/arm/boot/dts/r8a7791-porter.dts | 2 +- arch/arm/boot/dts/socfpga.dtsi | 2 +- arch/arm/configs/davinci_all_defconfig | 2 +- arch/arm/mm/dma-mapping.c | 16 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 4 +- arch/arm64/kernel/insn.c | 18 +- arch/m68k/coldfire/device.c | 12 +- arch/mips/cavium-octeon/octeon-irq.c | 10 +- arch/mips/include/asm/mach-ath79/ar71xx_regs.h | 2 +- arch/powerpc/include/asm/irq_work.h | 1 + arch/powerpc/include/asm/mmu-8xx.h | 6 + arch/powerpc/include/asm/plpar_wrappers.h | 4 + arch/powerpc/kernel/idle_book3s.S | 2 + arch/powerpc/kernel/setup-common.c | 2 + arch/powerpc/kernel/traps.c | 47 ++- arch/powerpc/mm/8xx_mmu.c | 2 +- arch/powerpc/mm/hugetlbpage.c | 2 + arch/powerpc/mm/mmu_context_nohash.c | 18 +- arch/powerpc/perf/core-book3s.c | 25 ++ arch/powerpc/platforms/Kconfig.cputype | 1 + arch/powerpc/platforms/powernv/npu-dma.c | 229 ++++++++----- arch/powerpc/platforms/powernv/vas-debug.c | 11 + arch/powerpc/platforms/powernv/vas.c | 6 +- arch/powerpc/sysdev/mpic.c | 2 +- arch/powerpc/xmon/xmon.c | 17 +- arch/riscv/include/asm/fence.h | 12 + arch/riscv/include/asm/spinlock.h | 29 +- arch/sh/kernel/entry-common.S | 2 +- arch/sparc/include/asm/atomic_64.h | 6 +- arch/x86/events/core.c | 15 +- arch/x86/events/intel/core.c | 12 +- arch/x86/events/intel/ds.c | 92 ++++- arch/x86/events/perf_event.h | 2 +- arch/x86/include/asm/tlbflush.h | 7 +- arch/x86/kernel/apic/apic.c | 2 +- arch/x86/kernel/cpu/mcheck/mce.c | 14 + arch/x86/kernel/devicetree.c | 21 +- arch/x86/kvm/lapic.c | 10 +- arch/x86/kvm/mmu.c | 2 +- arch/x86/kvm/vmx.c | 20 +- arch/x86/mm/pageattr.c | 6 +- arch/x86/mm/pgtable.c | 9 + arch/x86/xen/enlighten_pvh.c | 14 +- block/blk-core.c | 31 ++ block/blk-sysfs.c | 7 - crypto/af_alg.c | 8 +- drivers/acpi/acpi_pad.c | 3 + drivers/acpi/acpica/evevent.c | 9 +- drivers/acpi/acpica/nseval.c | 8 + drivers/acpi/acpica/psargs.c | 4 + drivers/base/firmware_class.c | 12 +- drivers/base/regmap/regmap.c | 2 +- drivers/block/loop.c | 38 ++- drivers/block/null_blk.c | 46 +-- drivers/block/paride/pcd.c | 2 + drivers/bluetooth/btusb.c | 13 + drivers/cdrom/cdrom.c | 3 - drivers/cdrom/gdrom.c | 3 + drivers/char/hw_random/bcm2835-rng.c | 2 + drivers/char/hw_random/stm32-rng.c | 9 + drivers/char/ipmi/ipmi_ssif.c | 4 +- drivers/clk/clk.c | 3 + drivers/clk/hisilicon/crg-hi3516cv300.c | 2 +- drivers/clk/meson/axg.c | 7 +- drivers/clk/rockchip/clk-mmc-phase.c | 23 ++ drivers/clk/rockchip/clk-rk3228.c | 2 +- drivers/clk/samsung/clk-exynos3250.c | 4 +- drivers/clk/samsung/clk-exynos5250.c | 8 +- drivers/clk/samsung/clk-exynos5260.c | 2 +- drivers/clk/samsung/clk-exynos5433.c | 12 +- drivers/clk/samsung/clk-exynos7.c | 2 +- drivers/clk/samsung/clk-s3c2410.c | 16 +- drivers/clk/tegra/clk-pll.c | 2 + drivers/clk/ti/clock.h | 9 +- drivers/cpufreq/cppc_cpufreq.c | 23 +- drivers/cpufreq/cpufreq.c | 6 +- drivers/crypto/atmel-aes.c | 2 +- drivers/crypto/ccp/ccp-debugfs.c | 7 +- drivers/crypto/ccp/sp-dev.c | 6 +- drivers/crypto/inside-secure/safexcel.c | 12 +- drivers/crypto/inside-secure/safexcel_cipher.c | 2 +- drivers/crypto/inside-secure/safexcel_hash.c | 38 ++- drivers/crypto/sunxi-ss/sun4i-ss-core.c | 1 + drivers/dma/pl330.c | 6 +- drivers/dma/qcom/bam_dma.c | 27 +- drivers/dma/sh/rcar-dmac.c | 13 +- drivers/firmware/dmi_scan.c | 2 +- drivers/firmware/efi/arm-runtime.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 33 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 +- drivers/gpu/drm/amd/amdgpu/sdma_v3_0.c | 7 +- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 4 +- drivers/gpu/drm/bridge/sii902x.c | 20 +- drivers/gpu/drm/drm_vblank.c | 8 +- drivers/gpu/drm/meson/meson_drv.c | 29 +- drivers/gpu/drm/omapdrm/dss/dispc.c | 4 + drivers/gpu/drm/omapdrm/dss/dss.c | 193 ++++++----- drivers/gpu/drm/panel/panel-simple.c | 2 +- drivers/gpu/drm/rcar-du/rcar_du_lvdsenc.c | 18 +- drivers/gpu/drm/rockchip/rockchip_drm_gem.c | 7 +- drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c | 29 +- drivers/hwmon/nct6775.c | 10 +- drivers/hwmon/pmbus/adm1275.c | 4 +- drivers/hwmon/pmbus/max8688.c | 2 +- drivers/hwtracing/coresight/coresight-cpu-debug.c | 2 +- drivers/hwtracing/intel_th/core.c | 2 +- drivers/i2c/busses/i2c-mv64xxx.c | 8 +- drivers/i2c/i2c-core-base.c | 8 + drivers/ide/ide-cd.c | 2 + drivers/infiniband/core/multicast.c | 26 +- drivers/infiniband/hw/mlx5/main.c | 3 + drivers/infiniband/hw/mlx5/qp.c | 3 +- drivers/infiniband/sw/rxe/rxe_verbs.c | 2 +- drivers/iommu/amd_iommu.c | 2 + drivers/iommu/mtk_iommu.c | 15 +- drivers/iommu/mtk_iommu.h | 1 + drivers/macintosh/rack-meter.c | 4 +- drivers/md/bcache/bcache.h | 9 +- drivers/md/bcache/super.c | 39 ++- drivers/md/bcache/sysfs.c | 3 +- drivers/md/bcache/writeback.c | 60 +++- drivers/md/bcache/writeback.h | 2 - drivers/media/common/videobuf2/videobuf2-vmalloc.c | 2 +- drivers/media/dvb-frontends/lgdt3306a.c | 10 +- drivers/media/i2c/adv748x/adv748x-hdmi.c | 3 + drivers/media/i2c/ov5645.c | 5 +- drivers/media/pci/cx23885/cx23885-cards.c | 4 + drivers/media/pci/cx23885/cx23885-core.c | 10 + drivers/media/pci/cx25821/cx25821-core.c | 7 +- drivers/media/platform/s3c-camif/camif-capture.c | 7 +- drivers/media/platform/vivid/vivid-ctrls.c | 2 + drivers/media/platform/vsp1/vsp1_drm.c | 9 + drivers/media/usb/em28xx/em28xx-cards.c | 22 +- drivers/media/usb/em28xx/em28xx.h | 2 +- drivers/misc/cxl/cxl.h | 4 + drivers/misc/cxl/native.c | 11 +- drivers/misc/cxl/pci.c | 19 +- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 8 +- drivers/net/ethernet/broadcom/bgmac.c | 3 +- drivers/net/ethernet/broadcom/bgmac.h | 6 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 8 +- drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 11 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c | 1 + drivers/net/ethernet/cisco/enic/enic_main.c | 10 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 23 +- drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 4 +- drivers/net/ethernet/ibm/ibmvnic.c | 32 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 30 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 3 +- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 61 ++-- drivers/net/ethernet/qlogic/qlge/qlge.h | 16 + drivers/net/ethernet/qlogic/qlge/qlge_main.c | 3 +- drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c | 2 + drivers/net/ethernet/renesas/sh_eth.c | 6 +- drivers/net/ethernet/renesas/sh_eth.h | 1 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 16 +- drivers/net/hyperv/netvsc.c | 8 +- drivers/net/hyperv/netvsc_drv.c | 2 +- drivers/net/hyperv/rndis_filter.c | 4 +- drivers/net/ieee802154/ca8210.c | 14 +- drivers/net/phy/dp83640.c | 18 + drivers/net/usb/lan78xx.c | 34 +- drivers/net/virtio_net.c | 2 +- drivers/net/wireless/ath/ath10k/mac.c | 17 +- drivers/net/wireless/ath/ath9k/common-spectral.c | 12 +- drivers/net/wireless/intel/iwlwifi/mvm/rs-fw.c | 6 +- drivers/net/wireless/intel/iwlwifi/mvm/utils.c | 11 +- drivers/net/wireless/mediatek/mt76/mt76x2_main.c | 11 + drivers/net/wireless/mediatek/mt76/mt76x2_tx.c | 5 +- drivers/net/wireless/rsi/rsi_91x_sdio.c | 32 +- drivers/net/wireless/rsi/rsi_sdio.h | 2 + drivers/nvme/host/core.c | 17 +- drivers/nvme/host/fabrics.c | 83 ++++- drivers/nvme/host/fabrics.h | 33 +- drivers/nvme/host/fc.c | 17 +- drivers/nvme/host/nvme.h | 1 + drivers/nvme/host/pci.c | 7 +- drivers/nvme/host/rdma.c | 14 +- drivers/nvme/target/loop.c | 11 +- drivers/parisc/lba_pci.c | 20 +- drivers/pci/endpoint/pci-epf-core.c | 2 +- drivers/pci/pci-driver.c | 17 +- drivers/pci/quirks.c | 3 + drivers/pcmcia/cs.c | 10 +- drivers/pcmcia/cs_internal.h | 1 + drivers/phy/qualcomm/phy-qcom-qmp.c | 4 +- drivers/phy/rockchip/phy-rockchip-emmc.c | 27 +- drivers/pinctrl/devicetree.c | 6 +- drivers/pinctrl/pinctrl-mcp23s08.c | 37 +- drivers/pinctrl/qcom/pinctrl-msm.c | 2 +- drivers/pinctrl/sh-pfc/pfc-r8a7796.c | 40 +-- drivers/platform/x86/dell-smbios-base.c | 4 +- drivers/power/supply/ltc2941-battery-gauge.c | 8 +- drivers/power/supply/max17042_battery.c | 1 + drivers/regulator/gpio-regulator.c | 16 +- drivers/regulator/of_regulator.c | 1 + drivers/remoteproc/imx_rproc.c | 6 +- drivers/rtc/hctosys.c | 5 + drivers/rtc/rtc-goldfish.c | 2 + drivers/rtc/rtc-m41t80.c | 18 +- drivers/rtc/rtc-rk808.c | 14 +- drivers/rtc/rtc-rp5c01.c | 12 +- drivers/rtc/rtc-snvs.c | 15 +- drivers/rtc/rtc-tx4939.c | 6 +- drivers/s390/cio/vfio_ccw_fsm.c | 5 + drivers/scsi/aacraid/commsup.c | 4 +- drivers/scsi/aacraid/linit.c | 1 + drivers/scsi/lpfc/lpfc_attr.c | 5 + drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_nportdisc.c | 15 +- drivers/scsi/lpfc/lpfc_nvme.c | 28 +- drivers/scsi/lpfc/lpfc_nvme.h | 2 + drivers/scsi/lpfc/lpfc_sli.c | 2 + drivers/scsi/mvsas/mv_94xx.c | 23 +- drivers/scsi/scsi_devinfo.c | 1 + drivers/scsi/scsi_lib.c | 11 + drivers/scsi/sr.c | 21 +- drivers/soc/amlogic/meson-gx-pwrc-vpu.c | 6 +- drivers/soc/qcom/wcnss_ctrl.c | 2 +- drivers/soc/renesas/r8a77970-sysc.c | 12 +- drivers/spi/spi-bcm-qspi.c | 4 +- drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c | 16 +- drivers/staging/ks7010/ks_hostif.c | 31 +- drivers/staging/ks7010/ks_hostif.h | 1 + drivers/staging/lustre/lustre/include/obd.h | 2 +- drivers/staging/lustre/lustre/lmv/lmv_obd.c | 2 +- drivers/staging/lustre/lustre/osc/osc_cache.c | 2 +- drivers/staging/rtl8192u/r8192U_core.c | 2 + .../staging/vc04_services/bcm2835-audio/bcm2835.c | 54 ++- drivers/tty/serial/8250/8250_port.c | 3 +- drivers/tty/serial/altera_uart.c | 12 +- drivers/tty/serial/arc_uart.c | 5 + drivers/tty/serial/fsl_lpuart.c | 4 + drivers/tty/serial/imx.c | 6 + drivers/tty/serial/mvebu-uart.c | 2 +- drivers/tty/serial/mxs-auart.c | 4 + drivers/tty/serial/samsung.c | 4 + drivers/tty/serial/sh-sci.c | 4 + drivers/tty/serial/xilinx_uartps.c | 2 +- drivers/usb/dwc2/core.h | 2 +- drivers/usb/dwc2/hcd.c | 32 +- drivers/usb/dwc3/Makefile | 2 +- drivers/usb/dwc3/core.c | 13 +- drivers/usb/dwc3/core.h | 2 + drivers/usb/gadget/composite.c | 40 ++- drivers/usb/gadget/function/f_fs.c | 6 +- drivers/usb/gadget/udc/goku_udc.h | 2 +- drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci.c | 14 +- drivers/usb/usbip/Kconfig | 2 +- drivers/watchdog/asm9260_wdt.c | 8 +- drivers/watchdog/aspeed_wdt.c | 13 +- drivers/watchdog/davinci_wdt.c | 15 +- drivers/watchdog/dw_wdt.c | 23 +- drivers/watchdog/sprd_wdt.c | 4 +- drivers/xen/xen-acpi-processor.c | 6 +- drivers/zorro/zorro.c | 12 + fs/btrfs/dev-replace.c | 2 +- fs/btrfs/disk-io.c | 5 +- fs/btrfs/extent-tree.c | 1 + fs/btrfs/tests/qgroup-tests.c | 2 +- fs/btrfs/transaction.c | 10 +- fs/btrfs/tree-log.c | 75 ++++- fs/ext4/super.c | 12 + fs/f2fs/checkpoint.c | 71 ++-- fs/f2fs/extent_cache.c | 3 + fs/f2fs/file.c | 8 +- fs/fscache/page.c | 13 +- fs/gfs2/bmap.c | 10 +- fs/gfs2/file.c | 5 +- fs/gfs2/quota.h | 2 + fs/notify/fanotify/fanotify.c | 19 +- fs/notify/fanotify/fanotify.h | 3 +- fs/notify/fanotify/fanotify_user.c | 2 +- fs/ocfs2/dlm/dlmdomain.c | 14 - fs/ocfs2/dlm/dlmdomain.h | 25 +- fs/ocfs2/dlm/dlmrecovery.c | 9 + fs/proc/proc_sysctl.c | 3 + fs/udf/super.c | 5 +- fs/xfs/xfs_discard.c | 14 +- include/drm/drm_vblank.h | 2 +- include/linux/usb/composite.h | 3 + include/net/inet_timewait_sock.h | 1 + include/scsi/scsi.h | 2 + include/uapi/linux/msg.h | 1 + include/uapi/linux/sem.h | 1 + include/uapi/linux/shm.h | 5 +- ipc/msg.c | 17 +- ipc/sem.c | 17 +- ipc/shm.c | 23 +- kernel/audit.c | 2 + kernel/debug/kdb/kdb_main.c | 27 +- kernel/events/core.c | 49 ++- kernel/irq/affinity.c | 15 +- kernel/rcu/rcu.h | 1 + kernel/rcu/srcutree.c | 8 +- kernel/rcu/tree.c | 6 + kernel/rcu/tree_exp.h | 2 +- kernel/rcu/tree_plugin.h | 14 +- kernel/sched/rt.c | 2 + kernel/trace/trace_uprobe.c | 2 + lib/test_kasan.c | 8 + mm/ksm.c | 28 ++ mm/memcontrol.c | 3 + mm/page_idle.c | 12 +- mm/slub.c | 57 ++-- mm/swapfile.c | 4 + mm/vmscan.c | 8 +- mm/z3fold.c | 9 +- net/dccp/ipv4.c | 1 + net/dccp/ipv6.c | 1 + net/ipv4/inet_timewait_sock.c | 1 + net/mac80211/mlme.c | 3 +- net/netlabel/netlabel_unlabeled.c | 10 + net/rds/tcp.c | 17 +- net/rxrpc/call_event.c | 2 +- net/rxrpc/input.c | 15 +- net/rxrpc/sendmsg.c | 4 +- net/smc/smc_ib.c | 10 +- net/smc/smc_wr.h | 1 - security/integrity/ima/Kconfig | 1 + security/integrity/ima/ima_crypto.c | 2 + security/integrity/ima/ima_main.c | 13 + security/integrity/ima/ima_policy.c | 2 +- security/selinux/hooks.c | 3 + security/smack/smack_lsm.c | 3 + sound/core/vmaster.c | 5 +- sound/soc/fsl/fsl_ssi.c | 15 +- sound/soc/rockchip/Kconfig | 3 + sound/soc/samsung/i2s.c | 13 +- sound/soc/samsung/odroid.c | 11 +- sound/soc/soc-topology.c | 3 + sound/usb/quirks.c | 29 +- tools/hv/hv_fcopy_daemon.c | 3 +- tools/hv/hv_vss_daemon.c | 1 + tools/perf/Makefile.perf | 3 +- tools/perf/builtin-kvm.c | 17 +- tools/perf/builtin-stat.c | 9 +- tools/perf/builtin-top.c | 6 +- tools/perf/tests/dwarf-unwind.c | 46 ++- .../perf/tests/shell/trace+probe_libc_inet_pton.sh | 6 +- tools/perf/tests/vmlinux-kallsyms.c | 2 +- tools/perf/ui/browsers/annotate.c | 9 +- tools/perf/util/c++/clang.cpp | 11 +- tools/perf/util/hist.c | 4 +- tools/perf/util/hist.h | 1 - tools/perf/util/mmap.c | 6 + tools/testing/selftests/Makefile | 1 + tools/testing/selftests/net/fib-onlink-tests.sh | 375 +++++++++++++++++++++ tools/testing/selftests/net/psock_fanout.c | 3 +- tools/thermal/tmon/sysfs.c | 12 +- tools/thermal/tmon/tmon.c | 1 - 368 files changed, 3410 insertions(+), 1253 deletions(-) create mode 100644 arch/riscv/include/asm/fence.h create mode 100755 tools/testing/selftests/net/fib-onlink-tests.sh -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlrihEMACgkQ3qZv95d3 LNz4qhAAqKT0kzQMLjCSKqrRx0B51Z50nxtr7Qa5QchvT/38SphIyXq/+5MCeRsE V4AA21ltul6rjVh84AWfcIGjkP4eCcFS6D/y2/0bkDO1r2zyJonZ2JvIGkx7kQyW Atomdc231mNzkaH45a+JwJ+fnbQQq9zLZVDDQCk1jXYSwAklC8TvCvCd9xB/Eqda 3ZB0/+rpNG42ZXwH5YGMTFbNdp+vhHhMW4sF4FWnSvX8pspyrHlyYlzlxZLoakHz TNOq2shWITPiBOEh3b2MpNJFmiD/980r+K6qwEPZIeDwoUF1ADVz2SgWiEcf2iTU 14URtiUGg5RTLW82xq1wxxa0g61G5JZplzwE3yrOM9SA5Kclsx2LlCdBYo14nB4R Cz1EBUtV/HxuXrMVf2YRWU0SEMGClm2XgZycLvx5tMgNXLgxA6/fTXmWiR3seBgH Fwnb5u/YGFtrzjkgQ9HlhvmT1hiy2a7hOAjiULx7mBtYo/Ns7FWWGGAYX3O9vML4 WvAlDUcts1t6h225G8o2rFHJfAPiipmEfzp2o0lFSXGiCsL47JRk8aq99XsjpI5G n5KesG0ndKgtnZuI9vi11fffKOREm0tRYuABncqIPqKIPVZoBq2gwiFDgVHDzai+ VZaipyeHdueAH/Fnenp0a05mBdg7m+4NfOUVqApH2SYQizWSYuM= =MB3S -----END PGP SIGNATURE-----

7 years, 1 month

4
9
0 0

+ radix-tree-fix-multi-order-iteration-race.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: radix tree: fix multi-order iteration race has been added to the -mm tree. Its filename is radix-tree-fix-multi-order-iteration-race.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/radix-tree-fix-multi-order-iterati… and later at http://ozlabs.org/~akpm/mmotm/broken-out/radix-tree-fix-multi-order-iterati… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Ross Zwisler <ross.zwisler(a)linux.intel.com> Subject: radix tree: fix multi-order iteration race Fix a race in the multi-order iteration code which causes the kernel to hit a GP fault. This was first seen with a production v4.15 based kernel (4.15.6-300.fc27.x86_64) utilizing a DAX workload which used order 9 PMD DAX entries. The race has to do with how we tear down multi-order sibling entries when we are removing an item from the tree. Remember for example that an order 2 entry looks like this: struct radix_tree_node.slots[] = [entry][sibling][sibling][sibling] where 'entry' is in some slot in the struct radix_tree_node, and the three slots following 'entry' contain sibling pointers which point back to 'entry.' When we delete 'entry' from the tree, we call : radix_tree_delete() radix_tree_delete_item() __radix_tree_delete() replace_slot() replace_slot() first removes the siblings in order from the first to the last, then at then replaces 'entry' with NULL. This means that for a brief period of time we end up with one or more of the siblings removed, so: struct radix_tree_node.slots[] = [entry][NULL][sibling][sibling] This causes an issue if you have a reader iterating over the slots in the tree via radix_tree_for_each_slot() while only under rcu_read_lock()/rcu_read_unlock() protection. This is a common case in mm/filemap.c. The issue is that when __radix_tree_next_slot() => skip_siblings() tries to skip over the sibling entries in the slots, it currently does so with an exact match on the slot directly preceding our current slot. Normally this works: V preceding slot struct radix_tree_node.slots[] = [entry][sibling][sibling][sibling] ^ current slot This lets you find the first sibling, and you skip them all in order. But in the case where one of the siblings is NULL, that slot is skipped and then our sibling detection is interrupted: V preceding slot struct radix_tree_node.slots[] = [entry][NULL][sibling][sibling] ^ current slot This means that the sibling pointers aren't recognized since they point all the way back to 'entry', so we think that they are normal internal radix tree pointers. This causes us to think we need to walk down to a struct radix_tree_node starting at the address of 'entry'. In a real running kernel this will crash the thread with a GP fault when you try and dereference the slots in your broken node starting at 'entry'. We fix this race by fixing the way that skip_siblings() detects sibling nodes. Instead of testing against the preceding slot we instead look for siblings via is_sibling_entry() which compares against the position of the struct radix_tree_node.slots[] array. This ensures that sibling entries are properly identified, even if they are no longer contiguous with the 'entry' they point to. Link: http://lkml.kernel.org/r/20180503192430.7582-6-ross.zwisler@linux.intel.com Fixes: 148deab223b2 ("radix-tree: improve multiorder iterators") Signed-off-by: Ross Zwisler <ross.zwisler(a)linux.intel.com> Reported-by: CR, Sapthagirish <sapthagirish.cr(a)intel.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dave Chinner <david(a)fromorbit.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/radix-tree.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff -puN lib/radix-tree.c~radix-tree-fix-multi-order-iteration-race lib/radix-tree.c --- a/lib/radix-tree.c~radix-tree-fix-multi-order-iteration-race +++ a/lib/radix-tree.c @@ -1612,11 +1612,9 @@ static void set_iter_tags(struct radix_t static void __rcu **skip_siblings(struct radix_tree_node **nodep, void __rcu **slot, struct radix_tree_iter *iter) { - void *sib = node_to_entry(slot - 1); - while (iter->index < iter->next_index) { *nodep = rcu_dereference_raw(*slot); - if (*nodep && *nodep != sib) + if (*nodep && !is_sibling_entry(iter->node, *nodep)) return slot; slot++; iter->index = __radix_tree_iter_add(iter, 1); @@ -1631,7 +1629,7 @@ void __rcu **__radix_tree_next_slot(void struct radix_tree_iter *iter, unsigned flags) { unsigned tag = flags & RADIX_TREE_ITER_TAG_MASK; - struct radix_tree_node *node = rcu_dereference_raw(*slot); + struct radix_tree_node *node; slot = skip_siblings(&node, slot, iter); _ Patches currently in -mm which might be from ross.zwisler(a)linux.intel.com are radix-tree-test-suite-fix-mapshift-build-target.patch radix-tree-test-suite-fix-compilation-issue.patch radix-tree-test-suite-add-item_delete_rcu.patch radix-tree-test-suite-multi-order-iteration-race.patch radix-tree-fix-multi-order-iteration-race.patch

7 years, 1 month

3
2
0 0

Backport commit b7363e67 to stable 4.9.y

by Raju Rangoju

Hi Greg, Could you please backport the below commit to 4.9 stable tree. With a CPU bounded workqueue we see much lower cpu utilization and the same IOPs performance. commit b7363e67b23e04c23c2a99437feefac7292a88bc Author: Sagi Grimberg <sagi(a)grimberg.me> Date: Wed Mar 8 22:03:17 2017 +0200 IB/device: Convert ib-comp-wq to be CPU-bound Thanks, Raju

7 years, 1 month

2
2
0 0

[PATCH 2/2] can: hi311x: Work around TX complete interrupt erratum

by Marc Kleine-Budde

From: Lukas Wunner <lukas(a)wunner.de> When sending packets as fast as possible using "cangen -g 0 -i -x", the HI-3110 occasionally latches the interrupt pin high on completion of a packet, but doesn't set the TXCPLT bit in the INTF register. The INTF register contains 0x00 as if no interrupt has occurred. Even waiting for a few milliseconds after the interrupt doesn't help. Work around this apparent erratum by instead checking the TXMTY bit in the STATF register ("TX FIFO empty"). We know that we've queued up a packet for transmission if priv->tx_len is nonzero. If the TX FIFO is empty, transmission of that packet must have completed. Note that this is congruent with our handling of received packets, which likewise gleans from the STATF register whether a packet is waiting in the RX FIFO, instead of looking at the INTF register. Cc: Mathias Duckeck <m.duckeck(a)kunbus.de> Cc: Akshay Bhat <akshay.bhat(a)timesys.com> Cc: Casey Fitzpatrick <casey.fitzpatrick(a)timesys.com> Cc: stable(a)vger.kernel.org # v4.12+ Signed-off-by: Lukas Wunner <lukas(a)wunner.de> Acked-by: Akshay Bhat <akshay.bhat(a)timesys.com> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/spi/hi311x.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/net/can/spi/hi311x.c b/drivers/net/can/spi/hi311x.c index c2cf254e4e95..53e320c92a8b 100644 --- a/drivers/net/can/spi/hi311x.c +++ b/drivers/net/can/spi/hi311x.c @@ -91,6 +91,7 @@ #define HI3110_STAT_BUSOFF BIT(2) #define HI3110_STAT_ERRP BIT(3) #define HI3110_STAT_ERRW BIT(4) +#define HI3110_STAT_TXMTY BIT(7) #define HI3110_BTR0_SJW_SHIFT 6 #define HI3110_BTR0_BRP_SHIFT 0 @@ -737,10 +738,7 @@ static irqreturn_t hi3110_can_ist(int irq, void *dev_id) } } - if (intf == 0) - break; - - if (intf & HI3110_INT_TXCPLT) { + if (priv->tx_len && statf & HI3110_STAT_TXMTY) { net->stats.tx_packets++; net->stats.tx_bytes += priv->tx_len - 1; can_led_event(net, CAN_LED_EVENT_TX); @@ -750,6 +748,9 @@ static irqreturn_t hi3110_can_ist(int irq, void *dev_id) } netif_wake_queue(net); } + + if (intf == 0) + break; } mutex_unlock(&priv->hi3110_lock); return IRQ_HANDLED; -- 2.17.0

7 years, 1 month

1
0
0 0

[PATCH 1/2] can: hi311x: Acquire SPI lock on ->do_get_berr_counter

by Marc Kleine-Budde

From: Lukas Wunner <lukas(a)wunner.de> hi3110_get_berr_counter() may run concurrently to the rest of the driver but neglects to acquire the lock protecting access to the SPI device. As a result, it and the rest of the driver may clobber each other's tx and rx buffers. We became aware of this issue because transmission of packets with "cangen -g 0 -i -x" frequently hung. It turns out that agetty executes ->do_get_berr_counter every few seconds via the following call stack: CPU: 2 PID: 1605 Comm: agetty [<7f3f7500>] (hi3110_get_berr_counter [hi311x]) [<7f130204>] (can_fill_info [can_dev]) [<80693bc0>] (rtnl_fill_ifinfo) [<806949ec>] (rtnl_dump_ifinfo) [<806b4834>] (netlink_dump) [<806b4bc8>] (netlink_recvmsg) [<8065f180>] (sock_recvmsg) [<80660f90>] (___sys_recvmsg) [<80661e7c>] (__sys_recvmsg) [<80661ec0>] (SyS_recvmsg) [<80108b20>] (ret_fast_syscall+0x0/0x1c) agetty listens to netlink messages in order to update the login prompt when IP addresses change (if /etc/issue contains \4 or \6 escape codes): https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=e… It's a useful feature, though it seems questionable that it causes CAN bit error statistics to be queried. Be that as it may, if hi3110_get_berr_counter() is invoked while a frame is sent by hi3110_hw_tx(), bogus SPI transfers like the following may occur: => 12 00 (hi3110_get_berr_counter() wanted to transmit EC 00 to query the transmit error counter, but the first byte was overwritten by hi3110_hw_tx_frame()) => EA 00 3E 80 01 FB (hi3110_hw_tx_frame() wanted to transmit a frame, but the first byte was overwritten by hi3110_get_berr_counter() because it wanted to query the receive error counter) This sequence hangs the transmission because the driver believes it has sent a frame and waits for the interrupt signaling completion, but in reality the chip has never sent away the frame since the commands it received were malformed. Fix by acquiring the SPI lock in hi3110_get_berr_counter(). I've scrutinized the entire driver for further unlocked SPI accesses but found no others. Cc: Mathias Duckeck <m.duckeck(a)kunbus.de> Cc: Akshay Bhat <akshay.bhat(a)timesys.com> Cc: Casey Fitzpatrick <casey.fitzpatrick(a)timesys.com> Cc: Stef Walter <stefw(a)redhat.com> Cc: Karel Zak <kzak(a)redhat.com> Cc: stable(a)vger.kernel.org # v4.12+ Signed-off-by: Lukas Wunner <lukas(a)wunner.de> Reviewed-by: Akshay Bhat <akshay.bhat(a)timesys.com> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/spi/hi311x.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/can/spi/hi311x.c b/drivers/net/can/spi/hi311x.c index 5590c559a8ca..c2cf254e4e95 100644 --- a/drivers/net/can/spi/hi311x.c +++ b/drivers/net/can/spi/hi311x.c @@ -427,8 +427,10 @@ static int hi3110_get_berr_counter(const struct net_device *net, struct hi3110_priv *priv = netdev_priv(net); struct spi_device *spi = priv->spi; + mutex_lock(&priv->hi3110_lock); bec->txerr = hi3110_read(spi, HI3110_READ_TEC); bec->rxerr = hi3110_read(spi, HI3110_READ_REC); + mutex_unlock(&priv->hi3110_lock); return 0; } -- 2.17.0

7 years, 1 month

1
0
0 0

[PATCH] mtd: rawnand: micron: Fix support for on-die ECC

by Boris Brezillon

It looks like the NAND_STATUS_FAIL bit is sticky after an ECC failure, which leads all READ operations following the failing one to report an ECC failure. Reset the chip to clear the NAND_STATUS_FAIL bit. Note that this behavior is not document in the datasheet, but resetting the chip is the only solution we found to fix the problem. Fixes: 9748e1d87573 ("mtd: nand: add support for Micron on-die ECC") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Cc: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Cc: Bean Huo <beanhuo(a)micron.com> Cc: Peter Pan <peterpandong(a)micron.com> --- Peter, Bean, Can you confirm this behavior, or ask someone in Micron who can confirm it? Also, if a RESET is actually needed, it would be good to update the datasheet accordingly. And if that's not the case, can you explain why the NAND_STATUS_FAIL bit is stuck and how to clear it (I tried a 0x00 command, A.K.A. READ STATUS EXIT, but it does not clear this bit, ERASE and PROGRAM seem to clear the bit, but that's clearly not the kind of operation I can do when the user asks for a READ)? Thanks, Boris --- drivers/mtd/nand/raw/nand_micron.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/drivers/mtd/nand/raw/nand_micron.c b/drivers/mtd/nand/raw/nand_micron.c index 0af45b134c0c..a915f568f6a3 100644 --- a/drivers/mtd/nand/raw/nand_micron.c +++ b/drivers/mtd/nand/raw/nand_micron.c @@ -153,6 +153,23 @@ micron_nand_read_page_on_die_ecc(struct mtd_info *mtd, struct nand_chip *chip, ret = nand_read_data_op(chip, chip->oob_poi, mtd->oobsize, false); + /* + * Looks like the NAND_STATUS_FAIL bit is sticky after an ECC failure, + * which leads all READ operations following the failing one to report + * an ECC failure. + * Reset the chip to clear it. + * + * Note that this behavior is not document in the datasheet, but + * resetting the chip is the only solution we found to clear this bit. + */ + if (status & NAND_STATUS_FAIL) { + int cs = page >> (chip->chip_shift - chip->page_shift); + + chip->select_chip(mtd, -1); + nand_reset(chip, cs); + chip->select_chip(mtd, cs); + } + out: micron_nand_on_die_ecc_setup(chip, false); -- 2.14.1

7 years, 1 month

2
3
0 0

[PATCH] swiotlb: fix inversed DMA_ATTR_NO_WARN test

by Prasanthi Chellakumar

From: Michel Dänzer <michel.daenzer(a)amd.com> The result was printing the warning only when we were explicitly asked not to. Cc: stable(a)vger.kernel.org Fixes: 0176adb004065d6815a8e67946752df4cd947c5b "swiotlb: refactor coherent buffer allocation" Signed-off-by: Michel Dänzer <michel.daenzer(a)amd.com> Reviewed-by: Christian König <christian.koenig(a)amd.com>. Signed-off-by: Christoph Hellwig <hch(a)lst.de> --- lib/swiotlb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/swiotlb.c b/lib/swiotlb.c index fece575..12fbaa4 100644 --- a/lib/swiotlb.c +++ b/lib/swiotlb.c @@ -737,7 +737,7 @@ swiotlb_alloc_buffer(struct device *dev, size_t size, dma_addr_t *dma_handle, swiotlb_tbl_unmap_single(dev, phys_addr, size, DMA_TO_DEVICE, DMA_ATTR_SKIP_CPU_SYNC); out_warn: - if ((attrs & DMA_ATTR_NO_WARN) && printk_ratelimit()) { + if (!(attrs & DMA_ATTR_NO_WARN) && printk_ratelimit()) { dev_warn(dev, "swiotlb: coherent allocation failed, size=%zu\n", size); -- 2.7.4

7 years, 1 month

1
0
0 0

+ lib-test_bitmapc-fix-bitmap-optimisation-tests-to-report-errors-correctly.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly has been added to the -mm tree. Its filename is lib-test_bitmapc-fix-bitmap-optimisation-tests-to-report-errors-correctly.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/lib-test_bitmapc-fix-bitmap-optimi… and later at http://ozlabs.org/~akpm/mmotm/broken-out/lib-test_bitmapc-fix-bitmap-optimi… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Matthew Wilcox <mawilcox(a)microsoft.com> Subject: lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly I had neglected to increment the error counter when the tests failed, which made the tests noisy when they fail, but not actually return an error code. Link: http://lkml.kernel.org/r/20180509114328.9887-1-mpe@ellerman.id.au Fixes: 3cc78125a081 ("lib/test_bitmap.c: add optimisation tests") Signed-off-by: Matthew Wilcox <mawilcox(a)microsoft.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Reported-by: Michael Ellerman <mpe(a)ellerman.id.au> Tested-by: Michael Ellerman <mpe(a)ellerman.id.au> Reviewed-by: Kees Cook <keescook(a)chromium.org> Cc: Yury Norov <ynorov(a)caviumnetworks.com> Cc: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Cc: Geert Uytterhoeven <geert(a)linux-m68k.org> Cc: <stable(a)vger.kernel.org> [4.13+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/test_bitmap.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff -puN lib/test_bitmap.c~lib-test_bitmapc-fix-bitmap-optimisation-tests-to-report-errors-correctly lib/test_bitmap.c --- a/lib/test_bitmap.c~lib-test_bitmapc-fix-bitmap-optimisation-tests-to-report-errors-correctly +++ a/lib/test_bitmap.c @@ -331,23 +331,32 @@ static void noinline __init test_mem_opt unsigned int start, nbits; for (start = 0; start < 1024; start += 8) { - memset(bmap1, 0x5a, sizeof(bmap1)); - memset(bmap2, 0x5a, sizeof(bmap2)); for (nbits = 0; nbits < 1024 - start; nbits += 8) { + memset(bmap1, 0x5a, sizeof(bmap1)); + memset(bmap2, 0x5a, sizeof(bmap2)); + bitmap_set(bmap1, start, nbits); __bitmap_set(bmap2, start, nbits); - if (!bitmap_equal(bmap1, bmap2, 1024)) + if (!bitmap_equal(bmap1, bmap2, 1024)) { printk("set not equal %d %d\n", start, nbits); - if (!__bitmap_equal(bmap1, bmap2, 1024)) + failed_tests++; + } + if (!__bitmap_equal(bmap1, bmap2, 1024)) { printk("set not __equal %d %d\n", start, nbits); + failed_tests++; + } bitmap_clear(bmap1, start, nbits); __bitmap_clear(bmap2, start, nbits); - if (!bitmap_equal(bmap1, bmap2, 1024)) + if (!bitmap_equal(bmap1, bmap2, 1024)) { printk("clear not equal %d %d\n", start, nbits); - if (!__bitmap_equal(bmap1, bmap2, 1024)) + failed_tests++; + } + if (!__bitmap_equal(bmap1, bmap2, 1024)) { printk("clear not __equal %d %d\n", start, nbits); + failed_tests++; + } } } } _ Patches currently in -mm which might be from mawilcox(a)microsoft.com are lib-test_bitmapc-fix-bitmap-optimisation-tests-to-report-errors-correctly.patch slab-__gfp_zero-is-incompatible-with-a-constructor.patch ida-remove-simple_ida_lock.patch

7 years, 1 month

1
0
0 0

[PATCH 13/13] x86/pkeys: Do not special case protection key 0

by Dave Hansen

From: Dave Hansen <dave.hansen(a)linux.intel.com> mm_pkey_is_allocated() treats pkey 0 as unallocated. That is inconsistent with the manpages, and also inconsistent with mm->context.pkey_allocation_map. Stop special casing it and only disallow values that are actually bad (< 0). The end-user visible effect of this is that you can now use mprotect_pkey() to set pkey=0. This is a bit nicer than what Ram proposed[1] because it is simpler and removes special-casing for pkey 0. On the other hand, it does allow applications to pkey_free() pkey-0, but that's just a silly thing to do, so we are not going to protect against it. The scenario that could happen is similar to what happens if you free any other pkey that is in use: it might get reallocated later and used to protect some other data. The most likely scenario is that pkey-0 comes back from pkey_alloc(), an access-disable or write-disable bit is set in PKRU for it, and the next stack access will SIGSEGV. It's not horribly different from if you mprotect()'d your stack or heap to be unreadable or unwritable, which is generally very foolish, but also not explicitly prevented by the kernel. 1. http://lkml.kernel.org/r/1522112702-27853-1-git-send-email-linuxram@us.ibm.… Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Fixes: 58ab9a088dda ("x86/pkeys: Check against max pkey to avoid overflows") Cc: stable(a)vger.kernel.org Cc: Ram Pai <linuxram(a)us.ibm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Michael Ellermen <mpe(a)ellerman.id.au> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org>p Cc: Shuah Khan <shuah(a)kernel.org> --- b/arch/x86/include/asm/mmu_context.h | 2 +- b/arch/x86/include/asm/pkeys.h | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff -puN arch/x86/include/asm/mmu_context.h~x86-pkey-0-default-allocated arch/x86/include/asm/mmu_context.h --- a/arch/x86/include/asm/mmu_context.h~x86-pkey-0-default-allocated 2018-05-09 09:20:24.362698393 -0700 +++ b/arch/x86/include/asm/mmu_context.h 2018-05-09 09:20:24.367698393 -0700 @@ -193,7 +193,7 @@ static inline int init_new_context(struc #ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS if (cpu_feature_enabled(X86_FEATURE_OSPKE)) { - /* pkey 0 is the default and always allocated */ + /* pkey 0 is the default and allocated implicitly */ mm->context.pkey_allocation_map = 0x1; /* -1 means unallocated or invalid */ mm->context.execute_only_pkey = -1; diff -puN arch/x86/include/asm/pkeys.h~x86-pkey-0-default-allocated arch/x86/include/asm/pkeys.h --- a/arch/x86/include/asm/pkeys.h~x86-pkey-0-default-allocated 2018-05-09 09:20:24.364698393 -0700 +++ b/arch/x86/include/asm/pkeys.h 2018-05-09 09:20:24.367698393 -0700 @@ -51,10 +51,10 @@ bool mm_pkey_is_allocated(struct mm_stru { /* * "Allocated" pkeys are those that have been returned - * from pkey_alloc(). pkey 0 is special, and never - * returned from pkey_alloc(). + * from pkey_alloc() or pkey 0 which is allocated + * implicitly when the mm is created. */ - if (pkey <= 0) + if (pkey < 0) return false; if (pkey >= arch_max_pkey()) return false; _

7 years, 1 month

1
0
0 0

[PATCH 09/13] x86/pkeys: Override pkey when moving away from PROT_EXEC

by Dave Hansen

From: Dave Hansen <dave.hansen(a)linux.intel.com> I got a bug report that the following code (roughly) was causing a SIGSEGV: mprotect(ptr, size, PROT_EXEC); mprotect(ptr, size, PROT_NONE); mprotect(ptr, size, PROT_READ); *ptr = 100; The problem is hit when the mprotect(PROT_EXEC) is implicitly assigned a protection key to the VMA, and made that key ACCESS_DENY|WRITE_DENY. The PROT_NONE mprotect() failed to remove the protection key, and the PROT_NONE-> PROT_READ left the PTE usable, but the pkey still in place and left the memory inaccessible. To fix this, we ensure that we always "override" the pkee at mprotect() if the VMA does not have execute-only permissions, but the VMA has the execute-only pkey. We had a check for PROT_READ/WRITE, but it did not work for PROT_NONE. This entirely removes the PROT_* checks, which ensures that PROT_NONE now works. Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Fixes: 62b5f7d013f ("mm/core, x86/mm/pkeys: Add execute-only protection keys support") Reported-by: Shakeel Butt <shakeelb(a)google.com> Cc: stable(a)vger.kernel.org Cc: Ram Pai <linuxram(a)us.ibm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Michael Ellermen <mpe(a)ellerman.id.au> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Shuah Khan <shuah(a)kernel.org> --- b/arch/x86/include/asm/pkeys.h | 12 +++++++++++- b/arch/x86/mm/pkeys.c | 21 +++++++++++---------- 2 files changed, 22 insertions(+), 11 deletions(-) diff -puN arch/x86/include/asm/pkeys.h~pkeys-abandon-exec-only-pkey-more-aggressively arch/x86/include/asm/pkeys.h --- a/arch/x86/include/asm/pkeys.h~pkeys-abandon-exec-only-pkey-more-aggressively 2018-05-09 09:20:22.295698398 -0700 +++ b/arch/x86/include/asm/pkeys.h 2018-05-09 09:20:22.300698398 -0700 @@ -2,6 +2,8 @@ #ifndef _ASM_X86_PKEYS_H #define _ASM_X86_PKEYS_H +#define ARCH_DEFAULT_PKEY 0 + #define arch_max_pkey() (boot_cpu_has(X86_FEATURE_OSPKE) ? 16 : 1) extern int arch_set_user_pkey_access(struct task_struct *tsk, int pkey, @@ -15,7 +17,7 @@ extern int __execute_only_pkey(struct mm static inline int execute_only_pkey(struct mm_struct *mm) { if (!boot_cpu_has(X86_FEATURE_OSPKE)) - return 0; + return ARCH_DEFAULT_PKEY; return __execute_only_pkey(mm); } @@ -56,6 +58,14 @@ bool mm_pkey_is_allocated(struct mm_stru return false; if (pkey >= arch_max_pkey()) return false; + /* + * The exec-only pkey is set in the allocation map, but + * is not available to any of the user interfaces like + * mprotect_pkey(). + */ + if (pkey == mm->context.execute_only_pkey) + return false; + return mm_pkey_allocation_map(mm) & (1U << pkey); } diff -puN arch/x86/mm/pkeys.c~pkeys-abandon-exec-only-pkey-more-aggressively arch/x86/mm/pkeys.c --- a/arch/x86/mm/pkeys.c~pkeys-abandon-exec-only-pkey-more-aggressively 2018-05-09 09:20:22.297698398 -0700 +++ b/arch/x86/mm/pkeys.c 2018-05-09 09:20:22.301698398 -0700 @@ -94,26 +94,27 @@ int __arch_override_mprotect_pkey(struct */ if (pkey != -1) return pkey; - /* - * Look for a protection-key-drive execute-only mapping - * which is now being given permissions that are not - * execute-only. Move it back to the default pkey. - */ - if (vma_is_pkey_exec_only(vma) && - (prot & (PROT_READ|PROT_WRITE))) { - return 0; - } + /* * The mapping is execute-only. Go try to get the * execute-only protection key. If we fail to do that, * fall through as if we do not have execute-only - * support. + * support in this mm. */ if (prot == PROT_EXEC) { pkey = execute_only_pkey(vma->vm_mm); if (pkey > 0) return pkey; + } else if (vma_is_pkey_exec_only(vma)) { + /* + * Protections are *not* PROT_EXEC, but the mapping + * is using the exec-only pkey. This mapping was + * PROT_EXEC and will no longer be. Move back to + * the default pkey. + */ + return ARCH_DEFAULT_PKEY; } + /* * This is a vanilla, non-pkey mprotect (or we failed to * setup execute-only), inherit the pkey from the VMA we _

7 years, 1 month

1
0
0 0

v4.9.99 build: 0 failures 2 warnings (v4.9.99)

by Build bot for Mark Brown

Tree/Branch: v4.9.99 Git describe: v4.9.99 Commit: 04cd74a759 Linux 4.9.99 Build Time: 83 min 17 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 2 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : arm64-allmodconfig 1 warnings 0 mismatches : x86_64-allmodconfig ------------------------------------------------------------------------------- Warnings Summary: 2 1 drivers/target/iscsi/iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78b: sibling call from callable instruction with changed frame pointer 1 ../include/linux/sched.h:2349:56: warning: 'noio_flag' may be used uninitialized in this function [-Wmaybe-uninitialized] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../include/linux/sched.h:2349:56: warning: 'noio_flag' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: drivers/target/iscsi/iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78b: sibling call from callable instruction with changed frame pointer ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 1 month

1
0
0 0

[PATCH 3/3] x86/mm: disable ioremap free page handling on x86-PAE

by Toshi Kani

ioremap() supports pmd mappings on x86-PAE. However, kernel's pmd tables are not shared among processes on x86-PAE. Therefore, any update to sync'd pmd entries need re-syncing. Freeing a pte page also leads to a vmalloc fault and hits the BUG_ON in vmalloc_sync_one(). Disable free page handling on x86-PAE. pud_free_pmd_page() and pmd_free_pte_page() simply return 0 if a given pud/pmd entry is present. This assures that ioremap() does not update sync'd pmd entries at the cost of falling back to pte mappings. Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Reported-by: Joerg Roedel <joro(a)8bytes.org> Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <stable(a)vger.kernel.org> --- arch/x86/mm/pgtable.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index 816fd41ee854..809115150d8b 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -715,6 +715,7 @@ int pmd_clear_huge(pmd_t *pmd) return 0; } +#ifdef CONFIG_X86_64 /** * pud_free_pmd_page - Clear pud entry and free pmd page. * @pud: Pointer to a PUD. @@ -784,4 +785,22 @@ int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) return 1; } + +#else /* !CONFIG_X86_64 */ + +int pud_free_pmd_page(pud_t *pud, unsigned long addr) +{ + return pud_none(*pud); +} + +/* + * Disable free page handling on x86-PAE. This assures that ioremap() + * does not update sync'd pmd entries. See vmalloc_sync_one(). + */ +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) +{ + return pmd_none(*pmd); +} + +#endif /* CONFIG_X86_64 */ #endif /* CONFIG_HAVE_ARCH_HUGE_VMAP */

7 years, 1 month

2
1
0 0

patch "iio: hid-sensor-trigger: Fix sometimes not powering up the sensor" added to staging-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: hid-sensor-trigger: Fix sometimes not powering up the sensor to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 6f92253024d9d947a4f454654840ce479e251376 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Sat, 14 Apr 2018 17:09:09 +0200 Subject: iio: hid-sensor-trigger: Fix sometimes not powering up the sensor after resume hid_sensor_set_power_work() powers the sensors back up after a resume based on the user_requested_state atomic_t. But hid_sensor_power_state() treats this as a boolean flag, leading to the following problematic scenario: 1) Some app starts using the iio-sensor in buffered / triggered mode, hid_sensor_data_rdy_trigger_set_state(true) gets called, setting user_requested_state to 1. 2) Something directly accesses a _raw value through sysfs, leading to a call to hid_sensor_power_state(true) followed by hid_sensor_power_state(false) call, this sets user_requested_state to 1 followed by setting it to 0. 3) Suspend/resume the machine, hid_sensor_set_power_work() now does NOT power the sensor back up because user_requested_state (wrongly) is 0. Which stops the app using the sensor in buffered mode from receiving any new values. This commit changes user_requested_state to a counter tracking how many times hid_sensor_power_state(true) was called instead, fixing this. Cc: Bastien Nocera <hadess(a)hadess.net> Cc: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Acked-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/common/hid-sensors/hid-sensor-trigger.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/iio/common/hid-sensors/hid-sensor-trigger.c b/drivers/iio/common/hid-sensors/hid-sensor-trigger.c index cfb6588565ba..4905a997a7ec 100644 --- a/drivers/iio/common/hid-sensors/hid-sensor-trigger.c +++ b/drivers/iio/common/hid-sensors/hid-sensor-trigger.c @@ -178,14 +178,14 @@ int hid_sensor_power_state(struct hid_sensor_common *st, bool state) #ifdef CONFIG_PM int ret; - atomic_set(&st->user_requested_state, state); - if (atomic_add_unless(&st->runtime_pm_enable, 1, 1)) pm_runtime_enable(&st->pdev->dev); - if (state) + if (state) { + atomic_inc(&st->user_requested_state); ret = pm_runtime_get_sync(&st->pdev->dev); - else { + } else { + atomic_dec(&st->user_requested_state); pm_runtime_mark_last_busy(&st->pdev->dev); pm_runtime_use_autosuspend(&st->pdev->dev); ret = pm_runtime_put_autosuspend(&st->pdev->dev); -- 2.17.0

7 years, 1 month

1
0
0 0

patch "iio: adc: select buffer for at91-sama5d2_adc" added to staging-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: select buffer for at91-sama5d2_adc to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 76974ef9d1bf397b7bb97892a3b3bc516a1fc2c2 Mon Sep 17 00:00:00 2001 From: Eugen Hristev <eugen.hristev(a)microchip.com> Date: Mon, 16 Apr 2018 09:54:03 +0300 Subject: iio: adc: select buffer for at91-sama5d2_adc We need to select the buffer code, otherwise we get build errors with undefined functions on the trigger and buffer, if we select just IIO and then AT91_SAMA5D2_ADC from menuconfig This adds a Kconfig 'select' statement like other ADC drivers have it already. Fixes: 5e1a1da0f8c9 ("iio: adc: at91-sama5d2_adc: add hw trigger and buffer support") Signed-off-by: Eugen Hristev <eugen.hristev(a)microchip.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iio/adc/Kconfig b/drivers/iio/adc/Kconfig index 72bc2b71765a..47bbed3afc8f 100644 --- a/drivers/iio/adc/Kconfig +++ b/drivers/iio/adc/Kconfig @@ -159,6 +159,7 @@ config AT91_SAMA5D2_ADC depends on ARCH_AT91 || COMPILE_TEST depends on HAS_IOMEM depends on HAS_DMA + select IIO_BUFFER select IIO_TRIGGERED_BUFFER help Say yes here to build support for Atmel SAMA5D2 ADC which is -- 2.17.0

7 years, 1 month

1
0
0 0

patch "iio: adc: at91-sama5d2_adc: fix channel configuration for" added to staging-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: at91-sama5d2_adc: fix channel configuration for to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From f0c8d1f6dc8eac5a1fbf441c8e080721a7b6c0ff Mon Sep 17 00:00:00 2001 From: Eugen Hristev <eugen.hristev(a)microchip.com> Date: Tue, 10 Apr 2018 11:57:47 +0300 Subject: iio: adc: at91-sama5d2_adc: fix channel configuration for differential channels When iterating through the channels, the index in the array is not the scan index. Added an xlate function to translate to the proper index. The result of the bug is that the channel array is indexed with a wrong index, thus instead of the proper channel, we access invalid memory, which may lead to invalid results and/or corruption. This will be used also for devicetree channel xlate. Fixes: 5e1a1da0f ("iio: adc: at91-sama5d2_adc: add hw trigger and buffer support") Fixes: 073c66201 ("iio: adc: at91-sama5d2_adc: add support for DMA") Signed-off-by: Eugen Hristev <eugen.hristev(a)microchip.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/at91-sama5d2_adc.c | 41 +++++++++++++++++++++++++++--- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c index 4eff8351ce29..8729d6524b4d 100644 --- a/drivers/iio/adc/at91-sama5d2_adc.c +++ b/drivers/iio/adc/at91-sama5d2_adc.c @@ -333,6 +333,27 @@ static const struct iio_chan_spec at91_adc_channels[] = { + AT91_SAMA5D2_DIFF_CHAN_CNT + 1), }; +static int at91_adc_chan_xlate(struct iio_dev *indio_dev, int chan) +{ + int i; + + for (i = 0; i < indio_dev->num_channels; i++) { + if (indio_dev->channels[i].scan_index == chan) + return i; + } + return -EINVAL; +} + +static inline struct iio_chan_spec const * +at91_adc_chan_get(struct iio_dev *indio_dev, int chan) +{ + int index = at91_adc_chan_xlate(indio_dev, chan); + + if (index < 0) + return NULL; + return indio_dev->channels + index; +} + static int at91_adc_configure_trigger(struct iio_trigger *trig, bool state) { struct iio_dev *indio = iio_trigger_get_drvdata(trig); @@ -350,8 +371,10 @@ static int at91_adc_configure_trigger(struct iio_trigger *trig, bool state) at91_adc_writel(st, AT91_SAMA5D2_TRGR, status); for_each_set_bit(bit, indio->active_scan_mask, indio->num_channels) { - struct iio_chan_spec const *chan = indio->channels + bit; + struct iio_chan_spec const *chan = at91_adc_chan_get(indio, bit); + if (!chan) + continue; if (state) { at91_adc_writel(st, AT91_SAMA5D2_CHER, BIT(chan->channel)); @@ -448,7 +471,11 @@ static int at91_adc_dma_start(struct iio_dev *indio_dev) for_each_set_bit(bit, indio_dev->active_scan_mask, indio_dev->num_channels) { - struct iio_chan_spec const *chan = indio_dev->channels + bit; + struct iio_chan_spec const *chan = + at91_adc_chan_get(indio_dev, bit); + + if (!chan) + continue; st->dma_st.rx_buf_sz += chan->scan_type.storagebits / 8; } @@ -526,8 +553,11 @@ static int at91_adc_buffer_predisable(struct iio_dev *indio_dev) */ for_each_set_bit(bit, indio_dev->active_scan_mask, indio_dev->num_channels) { - struct iio_chan_spec const *chan = indio_dev->channels + bit; + struct iio_chan_spec const *chan = + at91_adc_chan_get(indio_dev, bit); + if (!chan) + continue; if (st->dma_st.dma_chan) at91_adc_readl(st, chan->address); } @@ -587,8 +617,11 @@ static void at91_adc_trigger_handler_nodma(struct iio_dev *indio_dev, for_each_set_bit(bit, indio_dev->active_scan_mask, indio_dev->num_channels) { - struct iio_chan_spec const *chan = indio_dev->channels + bit; + struct iio_chan_spec const *chan = + at91_adc_chan_get(indio_dev, bit); + if (!chan) + continue; st->buffer[i] = at91_adc_readl(st, chan->address); i++; } -- 2.17.0

7 years, 1 month

1
0
0 0

patch "iio:kfifo_buf: check for uint overflow" added to staging-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio:kfifo_buf: check for uint overflow to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 3d13de4b027d5f6276c0f9d3a264f518747d83f2 Mon Sep 17 00:00:00 2001 From: Martin Kelly <mkelly(a)xevo.com> Date: Mon, 26 Mar 2018 14:27:52 -0700 Subject: iio:kfifo_buf: check for uint overflow Currently, the following causes a kernel OOPS in memcpy: echo 1073741825 > buffer/length echo 1 > buffer/enable Note that using 1073741824 instead of 1073741825 causes "write error: Cannot allocate memory" but no OOPS. This is because 1073741824 == 2^30 and 1073741825 == 2^30+1. Since kfifo rounds up to the nearest power of 2, it will actually call kmalloc with roundup_pow_of_two(length) * bytes_per_datum. Using length == 1073741825 and bytes_per_datum == 2, we get: kmalloc(roundup_pow_of_two(1073741825) * 2 or kmalloc(2147483648 * 2) or kmalloc(4294967296) or kmalloc(UINT_MAX + 1) so this overflows to 0, causing kmalloc to return ZERO_SIZE_PTR and subsequent memcpy to fail once the device is enabled. Fix this by checking for overflow prior to allocating a kfifo. With this check added, the above code returns -EINVAL when enabling the buffer, rather than causing an OOPS. Signed-off-by: Martin Kelly <mkelly(a)xevo.com> cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/buffer/kfifo_buf.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/iio/buffer/kfifo_buf.c b/drivers/iio/buffer/kfifo_buf.c index ac622edf2486..70c302a93d7f 100644 --- a/drivers/iio/buffer/kfifo_buf.c +++ b/drivers/iio/buffer/kfifo_buf.c @@ -27,6 +27,13 @@ static inline int __iio_allocate_kfifo(struct iio_kfifo *buf, if ((length == 0) || (bytes_per_datum == 0)) return -EINVAL; + /* + * Make sure we don't overflow an unsigned int after kfifo rounds up to + * the next power of 2. + */ + if (roundup_pow_of_two(length) > UINT_MAX / bytes_per_datum) + return -EINVAL; + return __kfifo_alloc((struct __kfifo *)&buf->kf, length, bytes_per_datum, GFP_KERNEL); } -- 2.17.0

7 years, 1 month

1
0
0 0

patch "iio:buffer: make length types match kfifo types" added to staging-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio:buffer: make length types match kfifo types to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From c043ec1ca5baae63726aae32abbe003192bc6eec Mon Sep 17 00:00:00 2001 From: Martin Kelly <mkelly(a)xevo.com> Date: Mon, 26 Mar 2018 14:27:51 -0700 Subject: iio:buffer: make length types match kfifo types Currently, we use int for buffer length and bytes_per_datum. However, kfifo uses unsigned int for length and size_t for element size. We need to make sure these matches or we will have bugs related to overflow (in the range between INT_MAX and UINT_MAX for length, for example). In addition, set_bytes_per_datum uses size_t while bytes_per_datum is an int, which would cause bugs for large values of bytes_per_datum. Change buffer length to use unsigned int and bytes_per_datum to use size_t. Signed-off-by: Martin Kelly <mkelly(a)xevo.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/buffer/industrialio-buffer-dma.c | 2 +- drivers/iio/buffer/kfifo_buf.c | 4 ++-- include/linux/iio/buffer_impl.h | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/iio/buffer/industrialio-buffer-dma.c b/drivers/iio/buffer/industrialio-buffer-dma.c index 05e0c353e089..b32bf57910ca 100644 --- a/drivers/iio/buffer/industrialio-buffer-dma.c +++ b/drivers/iio/buffer/industrialio-buffer-dma.c @@ -587,7 +587,7 @@ EXPORT_SYMBOL_GPL(iio_dma_buffer_set_bytes_per_datum); * Should be used as the set_length callback for iio_buffer_access_ops * struct for DMA buffers. */ -int iio_dma_buffer_set_length(struct iio_buffer *buffer, int length) +int iio_dma_buffer_set_length(struct iio_buffer *buffer, unsigned int length) { /* Avoid an invalid state */ if (length < 2) diff --git a/drivers/iio/buffer/kfifo_buf.c b/drivers/iio/buffer/kfifo_buf.c index 047fe757ab97..ac622edf2486 100644 --- a/drivers/iio/buffer/kfifo_buf.c +++ b/drivers/iio/buffer/kfifo_buf.c @@ -22,7 +22,7 @@ struct iio_kfifo { #define iio_to_kfifo(r) container_of(r, struct iio_kfifo, buffer) static inline int __iio_allocate_kfifo(struct iio_kfifo *buf, - int bytes_per_datum, int length) + size_t bytes_per_datum, unsigned int length) { if ((length == 0) || (bytes_per_datum == 0)) return -EINVAL; @@ -67,7 +67,7 @@ static int iio_set_bytes_per_datum_kfifo(struct iio_buffer *r, size_t bpd) return 0; } -static int iio_set_length_kfifo(struct iio_buffer *r, int length) +static int iio_set_length_kfifo(struct iio_buffer *r, unsigned int length) { /* Avoid an invalid state */ if (length < 2) diff --git a/include/linux/iio/buffer_impl.h b/include/linux/iio/buffer_impl.h index b9e22b7e2f28..d1171db23742 100644 --- a/include/linux/iio/buffer_impl.h +++ b/include/linux/iio/buffer_impl.h @@ -53,7 +53,7 @@ struct iio_buffer_access_funcs { int (*request_update)(struct iio_buffer *buffer); int (*set_bytes_per_datum)(struct iio_buffer *buffer, size_t bpd); - int (*set_length)(struct iio_buffer *buffer, int length); + int (*set_length)(struct iio_buffer *buffer, unsigned int length); int (*enable)(struct iio_buffer *buffer, struct iio_dev *indio_dev); int (*disable)(struct iio_buffer *buffer, struct iio_dev *indio_dev); @@ -72,10 +72,10 @@ struct iio_buffer_access_funcs { */ struct iio_buffer { /** @length: Number of datums in buffer. */ - int length; + unsigned int length; /** @bytes_per_datum: Size of individual datum including timestamp. */ - int bytes_per_datum; + size_t bytes_per_datum; /** * @access: Buffer access functions associated with the -- 2.17.0

7 years, 1 month

1
0
0 0

patch "iio: adc: stm32-dfsdm: fix successive oversampling settings" added to staging-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: stm32-dfsdm: fix successive oversampling settings to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 7531cf59bfa082769887ec70c2029838ea139f11 Mon Sep 17 00:00:00 2001 From: Fabrice Gasnier <fabrice.gasnier(a)st.com> Date: Tue, 13 Mar 2018 15:23:05 +0100 Subject: iio: adc: stm32-dfsdm: fix successive oversampling settings When doing successive oversampling settings, it may fail to update filter parameters silently: - First time oversampling is being set, it will be successful, as fl->res is 0 initially. - Next attempts with various oversamp value may return 0 (success), but keep previous filter parameters, due to 'res' never reaches above or equal current 'fl->res'. This is particularly true when setting sampling frequency (that relies on oversamp). Typical failure without error: - run 1st test @16kHz samp freq will succeed - run new test @8kHz will succeed as well - run new test @16kHz (again): sample rate will remain 8kHz without error Fixes: e2e6771c6462 ("IIO: ADC: add STM32 DFSDM sigma delta ADC support") Signed-off-by: Fabrice Gasnier <fabrice.gasnier(a)st.com> Acked-by: Arnaud Pouliquen <arnaud.pouliquen(a)st.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/stm32-dfsdm-adc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/iio/adc/stm32-dfsdm-adc.c b/drivers/iio/adc/stm32-dfsdm-adc.c index 01422d11753c..dc911b6fedd6 100644 --- a/drivers/iio/adc/stm32-dfsdm-adc.c +++ b/drivers/iio/adc/stm32-dfsdm-adc.c @@ -144,6 +144,7 @@ static int stm32_dfsdm_set_osrs(struct stm32_dfsdm_filter *fl, * Leave as soon as if exact resolution if reached. * Otherwise the higher resolution below 32 bits is kept. */ + fl->res = 0; for (fosr = 1; fosr <= DFSDM_MAX_FL_OVERSAMPLING; fosr++) { for (iosr = 1; iosr <= DFSDM_MAX_INT_OVERSAMPLING; iosr++) { if (fast) @@ -193,7 +194,7 @@ static int stm32_dfsdm_set_osrs(struct stm32_dfsdm_filter *fl, } } - if (!fl->fosr) + if (!fl->res) return -EINVAL; return 0; -- 2.17.0

7 years, 1 month

1
0
0 0

patch "iio: adc: stm32-dfsdm: fix sample rate for div2 spi clock" added to staging-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: stm32-dfsdm: fix sample rate for div2 spi clock to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From d58109dcf37fc9baec354385ec9fdcd8878d174d Mon Sep 17 00:00:00 2001 From: Fabrice Gasnier <fabrice.gasnier(a)st.com> Date: Tue, 13 Mar 2018 15:23:06 +0100 Subject: iio: adc: stm32-dfsdm: fix sample rate for div2 spi clock When channel clk source is set to "CLKOUT_F" or "CLKOUT_R" (e.g. div2), sample rate is currently set to half the requested value. Fixes: eca949800d2d ("IIO: ADC: add stm32 DFSDM support for PDM microphone") Signed-off-by: Fabrice Gasnier <fabrice.gasnier(a)st.com> Acked-by: Arnaud Pouliquen <arnaud.pouliquen(a)st.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/stm32-dfsdm-adc.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/drivers/iio/adc/stm32-dfsdm-adc.c b/drivers/iio/adc/stm32-dfsdm-adc.c index dc911b6fedd6..b28a716a23b2 100644 --- a/drivers/iio/adc/stm32-dfsdm-adc.c +++ b/drivers/iio/adc/stm32-dfsdm-adc.c @@ -771,7 +771,7 @@ static int stm32_dfsdm_write_raw(struct iio_dev *indio_dev, struct stm32_dfsdm_adc *adc = iio_priv(indio_dev); struct stm32_dfsdm_filter *fl = &adc->dfsdm->fl_list[adc->fl_id]; struct stm32_dfsdm_channel *ch = &adc->dfsdm->ch_list[chan->channel]; - unsigned int spi_freq = adc->spi_freq; + unsigned int spi_freq; int ret = -EINVAL; switch (mask) { @@ -785,8 +785,18 @@ static int stm32_dfsdm_write_raw(struct iio_dev *indio_dev, case IIO_CHAN_INFO_SAMP_FREQ: if (!val) return -EINVAL; - if (ch->src != DFSDM_CHANNEL_SPI_CLOCK_EXTERNAL) + + switch (ch->src) { + case DFSDM_CHANNEL_SPI_CLOCK_INTERNAL: spi_freq = adc->dfsdm->spi_master_freq; + break; + case DFSDM_CHANNEL_SPI_CLOCK_INTERNAL_DIV2_FALLING: + case DFSDM_CHANNEL_SPI_CLOCK_INTERNAL_DIV2_RISING: + spi_freq = adc->dfsdm->spi_master_freq / 2; + break; + default: + spi_freq = adc->spi_freq; + } if (spi_freq % val) dev_warn(&indio_dev->dev, -- 2.17.0

7 years, 1 month

1
0
0 0

patch "iio: ad7793: implement IIO_CHAN_INFO_SAMP_FREQ" added to staging-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: ad7793: implement IIO_CHAN_INFO_SAMP_FREQ to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 490fba90a90eb7b741f57fefd2bcf2c1e11eb471 Mon Sep 17 00:00:00 2001 From: Michael Nosthoff <committed(a)heine.so> Date: Fri, 9 Mar 2018 16:13:52 +0100 Subject: iio: ad7793: implement IIO_CHAN_INFO_SAMP_FREQ This commit is a follow-up to changes made to ad_sigma_delta.h in staging: iio: ad7192: implement IIO_CHAN_INFO_SAMP_FREQ which broke ad7793 as it was not altered to match those changes. This driver predates the availability of IIO_CHAN_INFO_SAMP_FREQ attribute wherein usage has some advantages like it can be accessed by in-kernel consumers as well as reduces the code size. Therefore, use IIO_CHAN_INFO_SAMP_FREQ to implement the sampling_frequency attribute instead of using IIO_DEV_ATTR_SAMP_FREQ() macro. Move code from the functions associated with IIO_DEV_ATTR_SAMP_FREQ() into respective read and write hooks with the mask set to IIO_CHAN_INFO_SAMP_FREQ. Fixes: a13e831fcaa7 ("staging: iio: ad7192: implement IIO_CHAN_INFO_SAMP_FREQ") Signed-off-by: Michael Nosthoff <committed(a)heine.so> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7793.c | 75 +++++++++++++--------------------------- 1 file changed, 24 insertions(+), 51 deletions(-) diff --git a/drivers/iio/adc/ad7793.c b/drivers/iio/adc/ad7793.c index 801afb61310b..d4bbe5b53318 100644 --- a/drivers/iio/adc/ad7793.c +++ b/drivers/iio/adc/ad7793.c @@ -348,55 +348,6 @@ static const u16 ad7793_sample_freq_avail[16] = {0, 470, 242, 123, 62, 50, 39, static const u16 ad7797_sample_freq_avail[16] = {0, 0, 0, 123, 62, 50, 0, 33, 0, 17, 16, 12, 10, 8, 6, 4}; -static ssize_t ad7793_read_frequency(struct device *dev, - struct device_attribute *attr, - char *buf) -{ - struct iio_dev *indio_dev = dev_to_iio_dev(dev); - struct ad7793_state *st = iio_priv(indio_dev); - - return sprintf(buf, "%d\n", - st->chip_info->sample_freq_avail[AD7793_MODE_RATE(st->mode)]); -} - -static ssize_t ad7793_write_frequency(struct device *dev, - struct device_attribute *attr, - const char *buf, - size_t len) -{ - struct iio_dev *indio_dev = dev_to_iio_dev(dev); - struct ad7793_state *st = iio_priv(indio_dev); - long lval; - int i, ret; - - ret = kstrtol(buf, 10, &lval); - if (ret) - return ret; - - if (lval == 0) - return -EINVAL; - - for (i = 0; i < 16; i++) - if (lval == st->chip_info->sample_freq_avail[i]) - break; - if (i == 16) - return -EINVAL; - - ret = iio_device_claim_direct_mode(indio_dev); - if (ret) - return ret; - st->mode &= ~AD7793_MODE_RATE(-1); - st->mode |= AD7793_MODE_RATE(i); - ad_sd_write_reg(&st->sd, AD7793_REG_MODE, sizeof(st->mode), st->mode); - iio_device_release_direct_mode(indio_dev); - - return len; -} - -static IIO_DEV_ATTR_SAMP_FREQ(S_IWUSR | S_IRUGO, - ad7793_read_frequency, - ad7793_write_frequency); - static IIO_CONST_ATTR_SAMP_FREQ_AVAIL( "470 242 123 62 50 39 33 19 17 16 12 10 8 6 4"); @@ -424,7 +375,6 @@ static IIO_DEVICE_ATTR_NAMED(in_m_in_scale_available, ad7793_show_scale_available, NULL, 0); static struct attribute *ad7793_attributes[] = { - &iio_dev_attr_sampling_frequency.dev_attr.attr, &iio_const_attr_sampling_frequency_available.dev_attr.attr, &iio_dev_attr_in_m_in_scale_available.dev_attr.attr, NULL @@ -435,7 +385,6 @@ static const struct attribute_group ad7793_attribute_group = { }; static struct attribute *ad7797_attributes[] = { - &iio_dev_attr_sampling_frequency.dev_attr.attr, &iio_const_attr_sampling_frequency_available_ad7797.dev_attr.attr, NULL }; @@ -505,6 +454,10 @@ static int ad7793_read_raw(struct iio_dev *indio_dev, *val -= offset; } return IIO_VAL_INT; + case IIO_CHAN_INFO_SAMP_FREQ: + *val = st->chip_info + ->sample_freq_avail[AD7793_MODE_RATE(st->mode)]; + return IIO_VAL_INT; } return -EINVAL; } @@ -542,6 +495,26 @@ static int ad7793_write_raw(struct iio_dev *indio_dev, break; } break; + case IIO_CHAN_INFO_SAMP_FREQ: + if (!val) { + ret = -EINVAL; + break; + } + + for (i = 0; i < 16; i++) + if (val == st->chip_info->sample_freq_avail[i]) + break; + + if (i == 16) { + ret = -EINVAL; + break; + } + + st->mode &= ~AD7793_MODE_RATE(-1); + st->mode |= AD7793_MODE_RATE(i); + ad_sd_write_reg(&st->sd, AD7793_REG_MODE, sizeof(st->mode), + st->mode); + break; default: ret = -EINVAL; } -- 2.17.0

7 years, 1 month

1
0
0 0

[PATCH 5/5] radix tree: fix multi-order iteration race

by Ross Zwisler

Fix a race in the multi-order iteration code which causes the kernel to hit a GP fault. This was first seen with a production v4.15 based kernel (4.15.6-300.fc27.x86_64) utilizing a DAX workload which used order 9 PMD DAX entries. The race has to do with how we tear down multi-order sibling entries when we are removing an item from the tree. Remember for example that an order 2 entry looks like this: struct radix_tree_node.slots[] = [entry][sibling][sibling][sibling] where 'entry' is in some slot in the struct radix_tree_node, and the three slots following 'entry' contain sibling pointers which point back to 'entry.' When we delete 'entry' from the tree, we call : radix_tree_delete() radix_tree_delete_item() __radix_tree_delete() replace_slot() replace_slot() first removes the siblings in order from the first to the last, then at then replaces 'entry' with NULL. This means that for a brief period of time we end up with one or more of the siblings removed, so: struct radix_tree_node.slots[] = [entry][NULL][sibling][sibling] This causes an issue if you have a reader iterating over the slots in the tree via radix_tree_for_each_slot() while only under rcu_read_lock()/rcu_read_unlock() protection. This is a common case in mm/filemap.c. The issue is that when __radix_tree_next_slot() => skip_siblings() tries to skip over the sibling entries in the slots, it currently does so with an exact match on the slot directly preceding our current slot. Normally this works: V preceding slot struct radix_tree_node.slots[] = [entry][sibling][sibling][sibling] ^ current slot This lets you find the first sibling, and you skip them all in order. But in the case where one of the siblings is NULL, that slot is skipped and then our sibling detection is interrupted: V preceding slot struct radix_tree_node.slots[] = [entry][NULL][sibling][sibling] ^ current slot This means that the sibling pointers aren't recognized since they point all the way back to 'entry', so we think that they are normal internal radix tree pointers. This causes us to think we need to walk down to a struct radix_tree_node starting at the address of 'entry'. In a real running kernel this will crash the thread with a GP fault when you try and dereference the slots in your broken node starting at 'entry'. We fix this race by fixing the way that skip_siblings() detects sibling nodes. Instead of testing against the preceding slot we instead look for siblings via is_sibling_entry() which compares against the position of the struct radix_tree_node.slots[] array. This ensures that sibling entries are properly identified, even if they are no longer contiguous with the 'entry' they point to. Signed-off-by: Ross Zwisler <ross.zwisler(a)linux.intel.com> Reported-by: CR, Sapthagirish <sapthagirish.cr(a)intel.com> Fixes: commit 148deab223b2 ("radix-tree: improve multiorder iterators") Cc: <stable(a)vger.kernel.org> --- lib/radix-tree.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/lib/radix-tree.c b/lib/radix-tree.c index da9e10c827df..43e0cbedc3a0 100644 --- a/lib/radix-tree.c +++ b/lib/radix-tree.c @@ -1612,11 +1612,9 @@ static void set_iter_tags(struct radix_tree_iter *iter, static void __rcu **skip_siblings(struct radix_tree_node **nodep, void __rcu **slot, struct radix_tree_iter *iter) { - void *sib = node_to_entry(slot - 1); - while (iter->index < iter->next_index) { *nodep = rcu_dereference_raw(*slot); - if (*nodep && *nodep != sib) + if (*nodep && !is_sibling_entry(iter->node, *nodep)) return slot; slot++; iter->index = __radix_tree_iter_add(iter, 1); @@ -1631,7 +1629,7 @@ void __rcu **__radix_tree_next_slot(void __rcu **slot, struct radix_tree_iter *iter, unsigned flags) { unsigned tag = flags & RADIX_TREE_ITER_TAG_MASK; - struct radix_tree_node *node = rcu_dereference_raw(*slot); + struct radix_tree_node *node; slot = skip_siblings(&node, slot, iter); -- 2.14.3

7 years, 1 month

2
2
0 0

Please apply 3f1e53abff84c (" netfilter: ebtables: don't attempt to allocate 0-sized compat array") to v4.14.y and later

by Guenter Roeck

Hi Greg, Commit 3f1e53abff84c fixes commit 7d7d7e02111e9 ("("netfilter: compat: reject huge allocation requests"), which has found its way into 4.14.y and 4.16.y. This causes syzcaller hiccups at least in 4.14.y (more specifically chromeos-4.14). Please apply 3f1e53abff84c to v4.14.y and v4.16.y to fix the problem. Copying Dave and netdev in case he wants to handle it. Sorry for the noise if this has already been queued. Thanks, Guenter

7 years, 1 month

2
1
0 0

v4.14.40 build: 0 failures 1 warnings (v4.14.40)

by Build bot for Mark Brown

Tree/Branch: v4.14.40 Git describe: v4.14.40 Commit: fc72a41711 Linux 4.14.40 Build Time: 98 min 2 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : x86_64-allmodconfig ------------------------------------------------------------------------------- Warnings Summary: 1 1 drivers/target/iscsi/.tmp_iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78f: sibling call from callable instruction with modified stack frame =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: drivers/target/iscsi/.tmp_iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78f: sibling call from callable instruction with modified stack frame ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 1 month

1
0
0 0

[PATCH 0/2] fixes for 4.9.96

by Jarkko Sakkinen

Decided to add Enric's commit because it is also a bug fix instead of modifying Chris commit. Chris Chiu (1): tpm: self test failure should not cause suspend to fail Enric Balletbo i Serra (1): tpm: do not suspend/resume if power stays on drivers/char/tpm/tpm-interface.c | 7 +++++++ drivers/char/tpm/tpm.h | 2 ++ drivers/char/tpm/tpm_of.c | 3 +++ 3 files changed, 12 insertions(+) -- 2.17.0

7 years, 1 month

3
7
0 0

[PATCH v9 0/9] dax: fix dma vs truncate/hole-punch

by Dan Williams

Changes since v8 [1]: * Rebase on v4.17-rc2 * Fix get_user_pages_fast() for ZONE_DEVICE pages to revalidate the pte, pmd, pud after taking references (Jan) * Kill dax_layout_lock(). With get_user_pages_fast() for ZONE_DEVICE fixed we can then rely on the {pte,pmd}_lock to synchronize dax_layout_busy_page() vs new page references (Jan) * Hold the iolock over repeated invocations of dax_layout_busy_page() to enable truncate/hole-punch to make forward progress in the presence of a constant stream of new direct-I/O requests (Jan). [1]: https://lists.01.org/pipermail/linux-nvdimm/2018-March/015058.html --- Background: get_user_pages() in the filesystem pins file backed memory pages for access by devices performing dma. However, it only pins the memory pages not the page-to-file offset association. If a file is truncated the pages are mapped out of the file and dma may continue indefinitely into a page that is owned by a device driver. This breaks coherency of the file vs dma, but the assumption is that if userspace wants the file-space truncated it does not matter what data is inbound from the device, it is not relevant anymore. The only expectation is that dma can safely continue while the filesystem reallocates the block(s). Problem: This expectation that dma can safely continue while the filesystem changes the block map is broken by dax. With dax the target dma page *is* the filesystem block. The model of leaving the page pinned for dma, but truncating the file block out of the file, means that the filesytem is free to reallocate a block under active dma to another file and now the expected data-incoherency situation has turned into active data-corruption. Solution: Defer all filesystem operations (fallocate(), truncate()) on a dax mode file while any page/block in the file is under active dma. This solution assumes that dma is transient. Cases where dma operations are known to not be transient, like RDMA, have been explicitly disabled via commits like 5f1d43de5416 "IB/core: disable memory registration of filesystem-dax vmas". The dax_layout_busy_page() routine is called by filesystems with a lock held against mm faults (i_mmap_lock) to find pinned / busy dax pages. The process of looking up a busy page invalidates all mappings to trigger any subsequent get_user_pages() to block on i_mmap_lock. The filesystem continues to call dax_layout_busy_page() until it finally returns no more active pages. This approach assumes that the page pinning is transient, if that assumption is violated the system would have likely hung from the uncompleted I/O. --- Dan Williams (9): dax, dm: introduce ->fs_{claim,release}() dax_device infrastructure mm, dax: enable filesystems to trigger dev_pagemap ->page_free callbacks memremap: split devm_memremap_pages() and memremap() infrastructure mm, dev_pagemap: introduce CONFIG_DEV_PAGEMAP_OPS mm: fix __gup_device_huge vs unmap mm, fs, dax: handle layout changes to pinned dax mappings xfs: prepare xfs_break_layouts() to be called with XFS_MMAPLOCK_EXCL xfs: prepare xfs_break_layouts() for another layout type xfs, dax: introduce xfs_break_dax_layouts() drivers/dax/super.c | 99 ++++++++++++++++++++-- drivers/md/dm.c | 57 +++++++++++++ drivers/nvdimm/pmem.c | 3 - fs/Kconfig | 2 fs/dax.c | 97 +++++++++++++++++++++ fs/ext2/super.c | 6 + fs/ext4/super.c | 6 + fs/xfs/xfs_file.c | 72 +++++++++++++++- fs/xfs/xfs_inode.h | 16 ++++ fs/xfs/xfs_ioctl.c | 8 -- fs/xfs/xfs_iops.c | 16 ++-- fs/xfs/xfs_pnfs.c | 16 ++-- fs/xfs/xfs_pnfs.h | 6 + fs/xfs/xfs_super.c | 20 ++-- include/linux/dax.h | 71 +++++++++++++++- include/linux/memremap.h | 25 ++---- include/linux/mm.h | 71 ++++++++++++---- kernel/Makefile | 3 - kernel/iomem.c | 167 +++++++++++++++++++++++++++++++++++++ kernel/memremap.c | 208 ++++++---------------------------------------- mm/Kconfig | 5 + mm/gup.c | 37 ++++++-- mm/hmm.c | 13 --- mm/swap.c | 3 - 24 files changed, 730 insertions(+), 297 deletions(-) create mode 100644 kernel/iomem.c

7 years, 1 month

3
4
0 0

Linux 4.16.8

by Greg KH

I'm announcing the release of the 4.16.8 kernel. All users of the 4.16 kernel series must upgrade. The updated 4.16.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.16.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arm64/silicon-errata.txt | 1 Makefile | 2 arch/arm64/Kconfig | 14 arch/arm64/include/asm/assembler.h | 40 arch/arm64/include/asm/cputype.h | 2 arch/arm64/mm/proc.S | 5 arch/x86/kernel/tsc.c | 22 arch/x86/kvm/lapic.c | 37 drivers/acpi/button.c | 24 drivers/gpu/drm/bridge/dumb-vga-dac.c | 4 drivers/gpu/drm/vc4/vc4_crtc.c | 46 - drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 1 drivers/infiniband/core/ucma.c | 2 drivers/infiniband/hw/cxgb4/cq.c | 11 drivers/infiniband/hw/cxgb4/device.c | 9 drivers/infiniband/hw/cxgb4/iw_cxgb4.h | 6 drivers/infiniband/hw/cxgb4/qp.c | 4 drivers/infiniband/hw/cxgb4/resource.c | 26 drivers/infiniband/hw/hfi1/driver.c | 19 drivers/infiniband/hw/hfi1/hfi.h | 8 drivers/infiniband/hw/hfi1/init.c | 2 drivers/infiniband/hw/hfi1/pcie.c | 3 drivers/infiniband/hw/hfi1/ruc.c | 50 - drivers/infiniband/hw/hfi1/ud.c | 4 drivers/infiniband/hw/mlx4/qp.c | 3 drivers/infiniband/hw/mlx5/Kconfig | 1 drivers/infiniband/hw/mlx5/mr.c | 32 drivers/infiniband/hw/mlx5/qp.c | 22 drivers/input/input-leds.c | 8 drivers/input/touchscreen/atmel_mxt_ts.c | 9 drivers/irqchip/qcom-irq-combiner.c | 4 drivers/net/usb/qmi_wwan.c | 1 drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c | 15 drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c | 11 drivers/net/wireless/realtek/rtlwifi/wifi.h | 5 drivers/platform/x86/Kconfig | 2 drivers/platform/x86/asus-wireless.c | 4 drivers/target/target_core_iblock.c | 8 drivers/usb/core/config.c | 4 drivers/usb/dwc3/gadget.c | 2 drivers/usb/host/xhci.c | 1 drivers/usb/musb/musb_gadget.c | 3 drivers/usb/musb/musb_host.c | 4 drivers/usb/serial/option.c | 451 +++------- drivers/usb/serial/visor.c | 69 - fs/btrfs/extent-tree.c | 7 fs/xfs/xfs_file.c | 14 kernel/time/clocksource.c | 57 - kernel/trace/trace_uprobe.c | 24 kernel/tracepoint.c | 4 lib/errseq.c | 23 lib/swiotlb.c | 2 sound/core/pcm_compat.c | 2 sound/core/seq/seq_virmidi.c | 4 sound/drivers/aloop.c | 29 sound/firewire/amdtp-stream.c | 5 sound/pci/hda/patch_realtek.c | 2 tools/power/acpi/Makefile.config | 1 tools/testing/selftests/firmware/fw_filesystem.sh | 6 59 files changed, 673 insertions(+), 508 deletions(-) Agustin Vega-Frias (1): irqchip/qcom: Fix check for spurious interrupts Alan Stern (1): USB: Accept bulk endpoints with 1024-byte maxpacket Anthoine Bourgeois (1): KVM: x86: remove APIC Timer periodic/oneshot spikes Ard Biesheuvel (1): ACPI / button: make module loadable when booted in non-ACPI mode Ben Hutchings (1): test_firmware: fix setting old custom fw path back on exit, second try Bharat Potnuri (1): iw_cxgb4: Atomically flush per QP HW CQEs Bin Liu (2): usb: musb: host: fix potential NULL pointer dereference usb: musb: trace: fix NULL pointer dereference in musb_g_tx() Boris Brezillon (1): drm/vc4: Make sure vc4_bo_{inc,dec}_usecnt() calls are balanced Bryant G Ly (1): scsi: target: Fix fortify_panic kernel exception Danit Goldberg (1): IB/mlx5: Use unlimited rate when static rate is not supported Darrick J. Wong (1): xfs: prevent creating negative-sized file via INSERT_RANGE Dmitry Torokhov (1): Input: leds - fix out of bound access Greg Kroah-Hartman (2): USB: serial: visor: handle potential invalid device configuration Linux 4.16.8 Jiri Slaby (1): tools: power/acpi, revert to LD = gcc Johan Hovold (1): USB: serial: option: reimplement interface masking João Paulo Rechi Vita (1): platform/x86: asus-wireless: Fix NULL pointer dereference Leon Romanovsky (3): RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow RDMA/mlx4: Add missed RSS hash inner header flag RDMA/mlx5: Protect from shift operand overflow Mario Limonciello (1): platform/x86: Kconfig: Fix dell-laptop dependency chain. Mathias Nyman (1): xhci: Fix use-after-free in xhci_free_virt_device Mathieu Desnoyers (1): tracepoint: Do not warn on ENOMEM Matthew Wilcox (1): errseq: Always report a writeback error once Mayank Rana (1): usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue Michel Dänzer (1): swiotlb: fix inversed DMA_ATTR_NO_WARN test Mike Marciniszyn (2): IB/hfi1: Fix handling of FECN marked multicast packet IB/hfi1: Fix loss of BECN with AHG Peter Zijlstra (5): x86/tsc: Always unregister clocksource_tsc_early x86/tsc: Fix mark_tsc_unstable() clocksource: Allow clocksource_mark_unstable() on unregistered clocksources clocksource: Initialize cs->wd_list clocksource: Consistent de-rate when marking unstable Ping-Ke Shih (1): rtlwifi: cleanup 8723be ant_sel definition Raju Rangoju (1): RDMA/cxgb4: release hw resources on device removal Randy Dunlap (1): infiniband: mlx5: fix build errors when INFINIBAND_USER_ACCESS=m Robert Rosengren (1): ALSA: aloop: Mark paused device as inactive Roland Dreier (1): RDMA/ucma: Allow resolving address w/o specifying source address SZ Lin (林上智) (2): NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 USB: serial: option: adding support for ublox R410M Sean Paul (1): drm/bridge: vga-dac: Fix edid memory leak Sebastian Sanchez (1): IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used Song Liu (1): tracing: Fix bad use of igrab in trace_uprobe.c Suzuki K Poulose (1): arm64: Add work around for Arm Cortex-A55 Erratum 1024718 Takashi Iwai (4): ALSA: hda - Fix incorrect usage of IS_REACHABLE() ALSA: pcm: Check PCM state at xfern compat ioctl ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() ALSA: aloop: Add missing cable lock to ctl API callbacks Takashi Sakamoto (1): ALSA: dice: fix kernel NULL pointer dereference due to invalid calculation for array index Thomas Hellstrom (1): drm/vmwgfx: Fix a buffer object leak Vittorio Gambaletta (VittGam) (1): Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro ethanwu (1): btrfs: Take trans lock before access running trans in check_delayed_ref

7 years, 1 month

1
1
0 0

Linux 4.14.40

by Greg KH

I'm announcing the release of the 4.14.40 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 drivers/acpi/button.c | 24 drivers/crypto/talitos.c | 41 drivers/gpu/drm/bridge/dumb-vga-dac.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 1 drivers/infiniband/core/ucma.c | 2 drivers/infiniband/hw/cxgb4/cq.c | 11 drivers/infiniband/hw/cxgb4/device.c | 9 drivers/infiniband/hw/cxgb4/iw_cxgb4.h | 6 drivers/infiniband/hw/cxgb4/qp.c | 4 drivers/infiniband/hw/cxgb4/resource.c | 26 drivers/infiniband/hw/hfi1/driver.c | 19 drivers/infiniband/hw/hfi1/hfi.h | 8 drivers/infiniband/hw/hfi1/init.c | 2 drivers/infiniband/hw/hfi1/pcie.c | 3 drivers/infiniband/hw/hfi1/ruc.c | 50 - drivers/infiniband/hw/hfi1/ud.c | 4 drivers/infiniband/hw/mlx5/mr.c | 32 drivers/infiniband/hw/mlx5/qp.c | 22 drivers/infiniband/ulp/ipoib/ipoib_cm.c | 3 drivers/input/input-leds.c | 8 drivers/input/touchscreen/atmel_mxt_ts.c | 9 drivers/irqchip/qcom-irq-combiner.c | 4 drivers/net/geneve.c | 14 drivers/net/usb/qmi_wwan.c | 1 drivers/net/vxlan.c | 6 drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c | 15 drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.h | 1 drivers/net/wireless/realtek/rtlwifi/btcoexist/rtl_btc.c | 6 drivers/net/wireless/realtek/rtlwifi/btcoexist/rtl_btc.h | 1 drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c | 11 drivers/net/wireless/realtek/rtlwifi/wifi.h | 6 drivers/platform/x86/asus-wireless.c | 4 drivers/target/target_core_iblock.c | 8 drivers/usb/core/config.c | 4 drivers/usb/dwc3/gadget.c | 2 drivers/usb/musb/musb_gadget.c | 3 drivers/usb/musb/musb_host.c | 4 drivers/usb/serial/option.c | 448 +++------- drivers/usb/serial/visor.c | 69 - fs/xfs/xfs_file.c | 14 include/net/dst.h | 8 kernel/trace/trace_uprobe.c | 24 kernel/tracepoint.c | 4 lib/errseq.c | 25 mm/percpu.c | 1 net/ipv4/ip_tunnel.c | 3 net/ipv4/ip_vti.c | 2 net/ipv6/ip6_tunnel.c | 5 net/ipv6/ip6_vti.c | 2 net/ipv6/sit.c | 4 sound/core/pcm_compat.c | 2 sound/core/seq/seq_virmidi.c | 4 sound/drivers/aloop.c | 29 sound/firewire/amdtp-stream.c | 5 sound/pci/hda/patch_realtek.c | 2 tools/testing/selftests/firmware/fw_filesystem.sh | 6 57 files changed, 546 insertions(+), 491 deletions(-) Agustin Vega-Frias (1): irqchip/qcom: Fix check for spurious interrupts Alan Stern (1): USB: Accept bulk endpoints with 1024-byte maxpacket Ard Biesheuvel (1): ACPI / button: make module loadable when booted in non-ACPI mode Ben Hutchings (1): test_firmware: fix setting old custom fw path back on exit, second try Bharat Potnuri (1): iw_cxgb4: Atomically flush per QP HW CQEs Bin Liu (2): usb: musb: host: fix potential NULL pointer dereference usb: musb: trace: fix NULL pointer dereference in musb_g_tx() Bryant G Ly (1): scsi: target: Fix fortify_panic kernel exception Danit Goldberg (1): IB/mlx5: Use unlimited rate when static rate is not supported Darrick J. Wong (1): xfs: prevent creating negative-sized file via INSERT_RANGE Dmitry Torokhov (1): Input: leds - fix out of bound access Greg Kroah-Hartman (2): USB: serial: visor: handle potential invalid device configuration Linux 4.14.40 Johan Hovold (1): USB: serial: option: reimplement interface masking João Paulo Rechi Vita (1): platform/x86: asus-wireless: Fix NULL pointer dereference Kristian Evensen (1): USB: serial: option: Add support for Quectel EP06 LEROY Christophe (1): crypto: talitos - fix IPsec cipher in length Leon Romanovsky (2): RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow RDMA/mlx5: Protect from shift operand overflow Mathieu Desnoyers (1): tracepoint: Do not warn on ENOMEM Matthew Wilcox (1): errseq: Always report a writeback error once Mayank Rana (1): usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue Mike Marciniszyn (2): IB/hfi1: Fix handling of FECN marked multicast packet IB/hfi1: Fix loss of BECN with AHG Nicolas Dichtel (1): net: don't call update_pmtu unconditionally Ping-Ke Shih (2): rtlwifi: btcoex: Add power_on_setting routine rtlwifi: cleanup 8723be ant_sel definition Raju Rangoju (1): RDMA/cxgb4: release hw resources on device removal Robert Rosengren (1): ALSA: aloop: Mark paused device as inactive Roland Dreier (1): RDMA/ucma: Allow resolving address w/o specifying source address SZ Lin (林上智) (2): NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 USB: serial: option: adding support for ublox R410M Sean Paul (1): drm/bridge: vga-dac: Fix edid memory leak Sebastian Sanchez (1): IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used Song Liu (1): tracing: Fix bad use of igrab in trace_uprobe.c Takashi Iwai (4): ALSA: hda - Fix incorrect usage of IS_REACHABLE() ALSA: pcm: Check PCM state at xfern compat ioctl ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() ALSA: aloop: Add missing cable lock to ctl API callbacks Takashi Sakamoto (1): ALSA: dice: fix kernel NULL pointer dereference due to invalid calculation for array index Tejun Heo (1): percpu: include linux/sched.h for cond_resched() Thomas Hellstrom (1): drm/vmwgfx: Fix a buffer object leak Vittorio Gambaletta (VittGam) (1): Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro Xin Long (1): geneve: update skb dst pmtu on tx path

7 years, 1 month

1
1
0 0

Linux 4.9.99

by Greg KH

I'm announcing the release of the 4.9.99 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/virtual/kvm/api.txt | 9 Documentation/virtual/kvm/arm/psci.txt | 30 + Makefile | 2 arch/arm/include/asm/kvm_host.h | 3 arch/arm/include/uapi/asm/kvm.h | 6 arch/arm/kvm/guest.c | 13 arch/arm/kvm/psci.c | 60 ++ arch/arm64/include/asm/kvm_host.h | 3 arch/arm64/include/uapi/asm/kvm.h | 6 arch/arm64/kvm/guest.c | 14 arch/s390/include/asm/facility.h | 2 drivers/crypto/talitos.c | 41 +- drivers/gpu/drm/bridge/dumb-vga-dac.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 1 drivers/infiniband/core/ucma.c | 2 drivers/infiniband/hw/cxgb4/device.c | 9 drivers/infiniband/hw/cxgb4/iw_cxgb4.h | 4 drivers/infiniband/hw/cxgb4/resource.c | 26 + drivers/infiniband/hw/hfi1/init.c | 2 drivers/infiniband/hw/hfi1/pcie.c | 3 drivers/infiniband/hw/mlx5/qp.c | 22 - drivers/input/input-leds.c | 8 drivers/input/touchscreen/atmel_mxt_ts.c | 9 drivers/net/usb/qmi_wwan.c | 1 drivers/platform/x86/asus-wireless.c | 4 drivers/tty/serial/imx.c | 14 drivers/usb/core/config.c | 4 drivers/usb/musb/musb_gadget.c | 3 drivers/usb/musb/musb_host.c | 4 drivers/usb/serial/option.c | 448 +++++++--------------- drivers/usb/serial/visor.c | 69 +-- fs/xfs/xfs_file.c | 14 include/kvm/arm_psci.h | 16 kernel/bpf/arraymap.c | 2 kernel/bpf/hashtab.c | 9 kernel/bpf/syscall.c | 20 kernel/events/core.c | 2 kernel/tracepoint.c | 4 mm/percpu.c | 1 sound/core/pcm_compat.c | 2 sound/core/seq/seq_virmidi.c | 4 sound/drivers/aloop.c | 29 + tools/testing/selftests/firmware/fw_filesystem.sh | 6 43 files changed, 529 insertions(+), 406 deletions(-) Alan Stern (1): USB: Accept bulk endpoints with 1024-byte maxpacket Ben Hutchings (1): test_firmware: fix setting old custom fw path back on exit, second try Bin Liu (2): usb: musb: host: fix potential NULL pointer dereference usb: musb: trace: fix NULL pointer dereference in musb_g_tx() Danit Goldberg (1): IB/mlx5: Use unlimited rate when static rate is not supported Darrick J. Wong (1): xfs: prevent creating negative-sized file via INSERT_RANGE Dmitry Torokhov (1): Input: leds - fix out of bound access Greg Kroah-Hartman (2): USB: serial: visor: handle potential invalid device configuration Linux 4.9.99 Heiko Carstens (1): s390/facilites: use stfle_fac_list array size for MAX_FACILITY_BIT Johan Hovold (1): USB: serial: option: reimplement interface masking João Paulo Rechi Vita (1): platform/x86: asus-wireless: Fix NULL pointer dereference Kristian Evensen (1): USB: serial: option: Add support for Quectel EP06 LEROY Christophe (1): crypto: talitos - fix IPsec cipher in length Leon Romanovsky (1): RDMA/mlx5: Protect from shift operand overflow Marc Zyngier (1): arm/arm64: KVM: Add PSCI version selection API Mathieu Desnoyers (1): tracepoint: Do not warn on ENOMEM Raju Rangoju (1): RDMA/cxgb4: release hw resources on device removal Robert Rosengren (1): ALSA: aloop: Mark paused device as inactive Roland Dreier (1): RDMA/ucma: Allow resolving address w/o specifying source address SZ Lin (林上智) (2): NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 USB: serial: option: adding support for ublox R410M Sean Paul (1): drm/bridge: vga-dac: Fix edid memory leak Sebastian Sanchez (1): IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used Takashi Iwai (3): ALSA: pcm: Check PCM state at xfern compat ioctl ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() ALSA: aloop: Add missing cable lock to ctl API callbacks Tan Xiaojun (1): perf/core: Fix the perf_cpu_time_max_percent check Tejun Heo (1): percpu: include linux/sched.h for cond_resched() Teng Qin (1): bpf: map_get_next_key to return first key on NULL Thomas Hellstrom (1): drm/vmwgfx: Fix a buffer object leak Uwe Kleine-König (1): serial: imx: ensure UCR3 and UFCR are setup correctly Vittorio Gambaletta (VittGam) (1): Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro

7 years, 1 month

1
1
0 0

[PATCH] sched/schedutil: Don't set next_freq to UINT_MAX

by Viresh Kumar

The schedutil driver sets sg_policy->next_freq to UINT_MAX on certain occasions: - In sugov_start(), when the schedutil governor is started for a group of CPUs. - And whenever we need to force a freq update before rate-limit duration, which happens when: - there is an update in cpufreq policy limits. - Or when the utilization of DL scheduling class increases. In return, get_next_freq() doesn't return a cached next_freq value but instead recalculates the next frequency. This has some side effects though and may significantly delay a required increase in frequency. In sugov_update_single() we try to avoid decreasing frequency if the CPU has not been idle recently. Consider this scenario, the available range of frequencies for a CPU are from 800 MHz to 2.5 GHz and current frequency is 800 MHz. From one of the call paths sg_policy->need_freq_update is set to true and hence sg_policy->next_freq is set to UINT_MAX. Now if the CPU had been busy, next_f will always be less than UINT_MAX, whatever the value of next_f is. And so even when we wanted to increase the frequency, we will overwrite next_f with UINT_MAX and will not change the frequency eventually. This will continue until the time CPU stays busy. This isn't cross checked with any specific test cases, but rather based on general code review. Fix that by not resetting the sg_policy->need_freq_update flag from sugov_should_update_freq() but get_next_freq() and we wouldn't need to overwrite sg_policy->next_freq anymore. Cc: 4.12+ <stable(a)vger.kernel.org> # 4.12+ Fixes: b7eaf1aab9f8 ("cpufreq: schedutil: Avoid reducing frequency of busy CPUs prematurely") Signed-off-by: Viresh Kumar <viresh.kumar(a)linaro.org> --- kernel/sched/cpufreq_schedutil.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/kernel/sched/cpufreq_schedutil.c b/kernel/sched/cpufreq_schedutil.c index d2c6083304b4..daaca23697dc 100644 --- a/kernel/sched/cpufreq_schedutil.c +++ b/kernel/sched/cpufreq_schedutil.c @@ -95,15 +95,8 @@ static bool sugov_should_update_freq(struct sugov_policy *sg_policy, u64 time) if (sg_policy->work_in_progress) return false; - if (unlikely(sg_policy->need_freq_update)) { - sg_policy->need_freq_update = false; - /* - * This happens when limits change, so forget the previous - * next_freq value and force an update. - */ - sg_policy->next_freq = UINT_MAX; + if (unlikely(sg_policy->need_freq_update)) return true; - } delta_ns = time - sg_policy->last_freq_update_time; @@ -165,8 +158,10 @@ static unsigned int get_next_freq(struct sugov_policy *sg_policy, freq = (freq + (freq >> 2)) * util / max; - if (freq == sg_policy->cached_raw_freq && sg_policy->next_freq != UINT_MAX) + if (freq == sg_policy->cached_raw_freq && !sg_policy->need_freq_update) return sg_policy->next_freq; + + sg_policy->need_freq_update = false; sg_policy->cached_raw_freq = freq; return cpufreq_driver_resolve_freq(policy, freq); } @@ -670,7 +665,7 @@ static int sugov_start(struct cpufreq_policy *policy) sg_policy->freq_update_delay_ns = sg_policy->tunables->rate_limit_us * NSEC_PER_USEC; sg_policy->last_freq_update_time = 0; - sg_policy->next_freq = UINT_MAX; + sg_policy->next_freq = 0; sg_policy->work_in_progress = false; sg_policy->need_freq_update = false; sg_policy->cached_raw_freq = 0; -- 2.15.0.194.g9af6a3dea062

7 years, 1 month

2
7
0 0

Applied "spi: pxa2xx: Allow 64-bit DMA" to the spi tree

by Mark Brown

The patch spi: pxa2xx: Allow 64-bit DMA has been applied to the spi tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From efc4a13724b852ddaa3358402a8dec024ffbcb17 Mon Sep 17 00:00:00 2001 From: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Date: Thu, 19 Apr 2018 19:53:32 +0300 Subject: [PATCH] spi: pxa2xx: Allow 64-bit DMA Currently the 32-bit device address only is supported for DMA. However, starting from Intel Sunrisepoint PCH the DMA address of the device FIFO can be 64-bit. Change the respective variable to be compatible with DMA engine expectations, i.e. to phys_addr_t. Fixes: 34cadd9c1bcb ("spi: pxa2xx: Add support for Intel Sunrisepoint") Signed-off-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/spi/spi-pxa2xx.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/spi/spi-pxa2xx.h b/drivers/spi/spi-pxa2xx.h index 513ec6c6e25b..0ae7defd3492 100644 --- a/drivers/spi/spi-pxa2xx.h +++ b/drivers/spi/spi-pxa2xx.h @@ -38,7 +38,7 @@ struct driver_data { /* SSP register addresses */ void __iomem *ioaddr; - u32 ssdr_physical; + phys_addr_t ssdr_physical; /* SSP masks*/ u32 dma_cr1; -- 2.17.0

7 years, 1 month

2
4
0 0

[PATCH] drm/vc4: Fix scaling of uni-planar formats

by Boris Brezillon

When using uni-planar formats (like RGB), the scaling parameters are stored in plane 0, not plane 1. Fixes: fc04023fafec ("drm/vc4: Add support for YUV planes.") Cc: stable(a)vger.kernel.org Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- drivers/gpu/drm/vc4/vc4_plane.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c index ebf081c7a53b..6831975604b5 100644 --- a/drivers/gpu/drm/vc4/vc4_plane.c +++ b/drivers/gpu/drm/vc4/vc4_plane.c @@ -541,7 +541,7 @@ static int vc4_plane_mode_set(struct drm_plane *plane, * the scl fields here. */ if (num_planes == 1) { - scl0 = vc4_get_scl_field(state, 1); + scl0 = vc4_get_scl_field(state, 0); scl1 = scl0; } else { scl0 = vc4_get_scl_field(state, 1); -- 2.14.1

7 years, 1 month

2
4
0 0

[PATCH 4.16 00/52] 4.16.8-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.16.8 release. There are 52 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu May 10 07:38:51 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.16.8-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.16.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.16.8-rc1 Song Liu <songliubraving(a)fb.com> tracing: Fix bad use of igrab in trace_uprobe.c Peter Zijlstra <peterz(a)infradead.org> clocksource: Consistent de-rate when marking unstable Peter Zijlstra <peterz(a)infradead.org> clocksource: Initialize cs->wd_list Peter Zijlstra <peterz(a)infradead.org> clocksource: Allow clocksource_mark_unstable() on unregistered clocksources Agustin Vega-Frias <agustinv(a)codeaurora.org> irqchip/qcom: Fix check for spurious interrupts Peter Zijlstra <peterz(a)infradead.org> x86/tsc: Fix mark_tsc_unstable() Peter Zijlstra <peterz(a)infradead.org> x86/tsc: Always unregister clocksource_tsc_early Anthoine Bourgeois <anthoine.bourgeois(a)blade-group.com> KVM: x86: remove APIC Timer periodic/oneshot spikes Mario Limonciello <mario.limonciello(a)dell.com> platform/x86: Kconfig: Fix dell-laptop dependency chain. João Paulo Rechi Vita <jprvita(a)gmail.com> platform/x86: asus-wireless: Fix NULL pointer dereference Bin Liu <b-liu(a)ti.com> usb: musb: trace: fix NULL pointer dereference in musb_g_tx() Bin Liu <b-liu(a)ti.com> usb: musb: host: fix potential NULL pointer dereference SZ Lin (林上智) <sz.lin(a)moxa.com> USB: serial: option: adding support for ublox R410M Johan Hovold <johan(a)kernel.org> USB: serial: option: reimplement interface masking Alan Stern <stern(a)rowland.harvard.edu> USB: Accept bulk endpoints with 1024-byte maxpacket Mayank Rana <mrana(a)codeaurora.org> usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> USB: serial: visor: handle potential invalid device configuration Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix use-after-free in xhci_free_virt_device Ben Hutchings <ben.hutchings(a)codethink.co.uk> test_firmware: fix setting old custom fw path back on exit, second try Sean Paul <seanpaul(a)chromium.org> drm/bridge: vga-dac: Fix edid memory leak Thomas Hellstrom <thellstrom(a)vmware.com> drm/vmwgfx: Fix a buffer object leak Boris Brezillon <boris.brezillon(a)bootlin.com> drm/vc4: Make sure vc4_bo_{inc,dec}_usecnt() calls are balanced ethanwu <ethanwu(a)synology.com> btrfs: Take trans lock before access running trans in check_delayed_ref Bharat Potnuri <bharat(a)chelsio.com> iw_cxgb4: Atomically flush per QP HW CQEs Sebastian Sanchez <sebastian.sanchez(a)intel.com> IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/hfi1: Fix loss of BECN with AHG Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/hfi1: Fix handling of FECN marked multicast packet Randy Dunlap <rdunlap(a)infradead.org> infiniband: mlx5: fix build errors when INFINIBAND_USER_ACCESS=m Danit Goldberg <danitg(a)mellanox.com> IB/mlx5: Use unlimited rate when static rate is not supported SZ Lin (林上智) <sz.lin(a)moxa.com> NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 Leon Romanovsky <leonro(a)mellanox.com> RDMA/mlx5: Protect from shift operand overflow Leon Romanovsky <leonro(a)mellanox.com> RDMA/mlx4: Add missed RSS hash inner header flag Leon Romanovsky <leonro(a)mellanox.com> RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow Roland Dreier <roland(a)purestorage.com> RDMA/ucma: Allow resolving address w/o specifying source address Raju Rangoju <rajur(a)chelsio.com> RDMA/cxgb4: release hw resources on device removal Jiri Slaby <jslaby(a)suse.cz> tools: power/acpi, revert to LD = gcc Darrick J. Wong <darrick.wong(a)oracle.com> xfs: prevent creating negative-sized file via INSERT_RANGE Ping-Ke Shih <pkshih(a)realtek.com> rtlwifi: cleanup 8723be ant_sel definition Michel Dänzer <michel.daenzer(a)amd.com> swiotlb: fix inversed DMA_ATTR_NO_WARN test Vittorio Gambaletta (VittGam) <linuxbugs(a)vittgam.net> Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: leds - fix out of bound access Bryant G Ly <bryantly(a)linux.vnet.ibm.com> scsi: target: Fix fortify_panic kernel exception Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> tracepoint: Do not warn on ENOMEM Matthew Wilcox <willy(a)infradead.org> errseq: Always report a writeback error once Takashi Iwai <tiwai(a)suse.de> ALSA: aloop: Add missing cable lock to ctl API callbacks Robert Rosengren <robert.rosengren(a)axis.com> ALSA: aloop: Mark paused device as inactive Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: dice: fix kernel NULL pointer dereference due to invalid calculation for array index Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Check PCM state at xfern compat ioctl Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Fix incorrect usage of IS_REACHABLE() Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: Add work around for Arm Cortex-A55 Erratum 1024718 Ard Biesheuvel <ard.biesheuvel(a)linaro.org> ACPI / button: make module loadable when booted in non-ACPI mode ------------- Diffstat: Documentation/arm64/silicon-errata.txt | 1 + Makefile | 4 +- arch/arm64/Kconfig | 14 + arch/arm64/include/asm/assembler.h | 40 ++ arch/arm64/include/asm/cputype.h | 2 + arch/arm64/mm/proc.S | 5 + arch/x86/kernel/tsc.c | 22 +- arch/x86/kvm/lapic.c | 37 +- drivers/acpi/button.c | 24 +- drivers/gpu/drm/bridge/dumb-vga-dac.c | 4 +- drivers/gpu/drm/vc4/vc4_crtc.c | 46 ++- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 1 + drivers/infiniband/core/ucma.c | 2 +- drivers/infiniband/hw/cxgb4/cq.c | 11 +- drivers/infiniband/hw/cxgb4/device.c | 9 +- drivers/infiniband/hw/cxgb4/iw_cxgb4.h | 6 +- drivers/infiniband/hw/cxgb4/qp.c | 4 +- drivers/infiniband/hw/cxgb4/resource.c | 26 +- drivers/infiniband/hw/hfi1/driver.c | 19 +- drivers/infiniband/hw/hfi1/hfi.h | 8 +- drivers/infiniband/hw/hfi1/init.c | 2 + drivers/infiniband/hw/hfi1/pcie.c | 3 - drivers/infiniband/hw/hfi1/ruc.c | 50 ++- drivers/infiniband/hw/hfi1/ud.c | 4 +- drivers/infiniband/hw/mlx4/qp.c | 3 +- drivers/infiniband/hw/mlx5/Kconfig | 1 + drivers/infiniband/hw/mlx5/mr.c | 32 +- drivers/infiniband/hw/mlx5/qp.c | 22 +- drivers/input/input-leds.c | 8 +- drivers/input/touchscreen/atmel_mxt_ts.c | 9 + drivers/irqchip/qcom-irq-combiner.c | 4 +- drivers/net/usb/qmi_wwan.c | 1 + .../realtek/rtlwifi/btcoexist/halbtcoutsrc.c | 15 - .../net/wireless/realtek/rtlwifi/rtl8723be/hw.c | 11 +- drivers/net/wireless/realtek/rtlwifi/wifi.h | 5 + drivers/platform/x86/Kconfig | 2 +- drivers/platform/x86/asus-wireless.c | 4 +- drivers/target/target_core_iblock.c | 8 +- drivers/usb/core/config.c | 4 +- drivers/usb/dwc3/gadget.c | 2 +- drivers/usb/host/xhci.c | 1 + drivers/usb/musb/musb_gadget.c | 3 +- drivers/usb/musb/musb_host.c | 4 +- drivers/usb/serial/option.c | 451 +++++++-------------- drivers/usb/serial/visor.c | 69 ++-- fs/btrfs/extent-tree.c | 7 + fs/xfs/xfs_file.c | 14 +- kernel/time/clocksource.c | 57 ++- kernel/trace/trace_uprobe.c | 24 +- kernel/tracepoint.c | 4 +- lib/errseq.c | 23 +- lib/swiotlb.c | 2 +- sound/core/pcm_compat.c | 2 + sound/core/seq/seq_virmidi.c | 4 +- sound/drivers/aloop.c | 29 +- sound/firewire/amdtp-stream.c | 5 +- sound/pci/hda/patch_realtek.c | 2 +- tools/power/acpi/Makefile.config | 1 + tools/testing/selftests/firmware/fw_filesystem.sh | 6 +- 59 files changed, 674 insertions(+), 509 deletions(-)

7 years, 1 month

4
53
0 0

[PATCH 4.14 00/43] 4.14.40-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.40 release. There are 43 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu May 10 07:39:32 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.40-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.40-rc1 Song Liu <songliubraving(a)fb.com> tracing: Fix bad use of igrab in trace_uprobe.c Agustin Vega-Frias <agustinv(a)codeaurora.org> irqchip/qcom: Fix check for spurious interrupts João Paulo Rechi Vita <jprvita(a)gmail.com> platform/x86: asus-wireless: Fix NULL pointer dereference Bin Liu <b-liu(a)ti.com> usb: musb: trace: fix NULL pointer dereference in musb_g_tx() Bin Liu <b-liu(a)ti.com> usb: musb: host: fix potential NULL pointer dereference SZ Lin (林上智) <sz.lin(a)moxa.com> USB: serial: option: adding support for ublox R410M Johan Hovold <johan(a)kernel.org> USB: serial: option: reimplement interface masking Alan Stern <stern(a)rowland.harvard.edu> USB: Accept bulk endpoints with 1024-byte maxpacket Mayank Rana <mrana(a)codeaurora.org> usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> USB: serial: visor: handle potential invalid device configuration Matthew Wilcox <willy(a)infradead.org> errseq: Always report a writeback error once Ben Hutchings <ben.hutchings(a)codethink.co.uk> test_firmware: fix setting old custom fw path back on exit, second try Sean Paul <seanpaul(a)chromium.org> drm/bridge: vga-dac: Fix edid memory leak Thomas Hellstrom <thellstrom(a)vmware.com> drm/vmwgfx: Fix a buffer object leak Bharat Potnuri <bharat(a)chelsio.com> iw_cxgb4: Atomically flush per QP HW CQEs Sebastian Sanchez <sebastian.sanchez(a)intel.com> IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/hfi1: Fix loss of BECN with AHG Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/hfi1: Fix handling of FECN marked multicast packet Danit Goldberg <danitg(a)mellanox.com> IB/mlx5: Use unlimited rate when static rate is not supported SZ Lin (林上智) <sz.lin(a)moxa.com> NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 Leon Romanovsky <leonro(a)mellanox.com> RDMA/mlx5: Protect from shift operand overflow Leon Romanovsky <leonro(a)mellanox.com> RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow Roland Dreier <roland(a)purestorage.com> RDMA/ucma: Allow resolving address w/o specifying source address Raju Rangoju <rajur(a)chelsio.com> RDMA/cxgb4: release hw resources on device removal Darrick J. Wong <darrick.wong(a)oracle.com> xfs: prevent creating negative-sized file via INSERT_RANGE Ping-Ke Shih <pkshih(a)realtek.com> rtlwifi: cleanup 8723be ant_sel definition Ping-Ke Shih <pkshih(a)realtek.com> rtlwifi: btcoex: Add power_on_setting routine Vittorio Gambaletta (VittGam) <linuxbugs(a)vittgam.net> Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: leds - fix out of bound access Bryant G Ly <bryantly(a)linux.vnet.ibm.com> scsi: target: Fix fortify_panic kernel exception Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> tracepoint: Do not warn on ENOMEM Takashi Iwai <tiwai(a)suse.de> ALSA: aloop: Add missing cable lock to ctl API callbacks Robert Rosengren <robert.rosengren(a)axis.com> ALSA: aloop: Mark paused device as inactive Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: dice: fix kernel NULL pointer dereference due to invalid calculation for array index Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Check PCM state at xfern compat ioctl Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Fix incorrect usage of IS_REACHABLE() Kristian Evensen <kristian.evensen(a)gmail.com> USB: serial: option: Add support for Quectel EP06 Ard Biesheuvel <ard.biesheuvel(a)linaro.org> ACPI / button: make module loadable when booted in non-ACPI mode LEROY Christophe <christophe.leroy(a)c-s.fr> crypto: talitos - fix IPsec cipher in length Tejun Heo <tj(a)kernel.org> percpu: include linux/sched.h for cond_resched() Nicolas Dichtel <nicolas.dichtel(a)6wind.com> net: don't call update_pmtu unconditionally Xin Long <lucien.xin(a)gmail.com> geneve: update skb dst pmtu on tx path ------------- Diffstat: Makefile | 4 +- drivers/acpi/button.c | 24 +- drivers/crypto/talitos.c | 41 +- drivers/gpu/drm/bridge/dumb-vga-dac.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 1 + drivers/infiniband/core/ucma.c | 2 +- drivers/infiniband/hw/cxgb4/cq.c | 11 +- drivers/infiniband/hw/cxgb4/device.c | 9 +- drivers/infiniband/hw/cxgb4/iw_cxgb4.h | 6 +- drivers/infiniband/hw/cxgb4/qp.c | 4 +- drivers/infiniband/hw/cxgb4/resource.c | 26 +- drivers/infiniband/hw/hfi1/driver.c | 19 +- drivers/infiniband/hw/hfi1/hfi.h | 8 +- drivers/infiniband/hw/hfi1/init.c | 2 + drivers/infiniband/hw/hfi1/pcie.c | 3 - drivers/infiniband/hw/hfi1/ruc.c | 50 ++- drivers/infiniband/hw/hfi1/ud.c | 4 +- drivers/infiniband/hw/mlx5/mr.c | 32 +- drivers/infiniband/hw/mlx5/qp.c | 22 +- drivers/infiniband/ulp/ipoib/ipoib_cm.c | 3 +- drivers/input/input-leds.c | 8 +- drivers/input/touchscreen/atmel_mxt_ts.c | 9 + drivers/irqchip/qcom-irq-combiner.c | 4 +- drivers/net/geneve.c | 14 + drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan.c | 6 +- .../realtek/rtlwifi/btcoexist/halbtcoutsrc.c | 15 - .../realtek/rtlwifi/btcoexist/halbtcoutsrc.h | 1 + .../wireless/realtek/rtlwifi/btcoexist/rtl_btc.c | 6 + .../wireless/realtek/rtlwifi/btcoexist/rtl_btc.h | 1 + .../net/wireless/realtek/rtlwifi/rtl8723be/hw.c | 11 +- drivers/net/wireless/realtek/rtlwifi/wifi.h | 6 + drivers/platform/x86/asus-wireless.c | 4 +- drivers/target/target_core_iblock.c | 8 +- drivers/usb/core/config.c | 4 +- drivers/usb/dwc3/gadget.c | 2 +- drivers/usb/musb/musb_gadget.c | 3 +- drivers/usb/musb/musb_host.c | 4 +- drivers/usb/serial/option.c | 448 ++++++++------------- drivers/usb/serial/visor.c | 69 ++-- fs/xfs/xfs_file.c | 14 +- include/net/dst.h | 8 + kernel/trace/trace_uprobe.c | 24 +- kernel/tracepoint.c | 4 +- lib/errseq.c | 25 +- mm/percpu.c | 1 + net/ipv4/ip_tunnel.c | 3 +- net/ipv4/ip_vti.c | 2 +- net/ipv6/ip6_tunnel.c | 5 +- net/ipv6/ip6_vti.c | 2 +- net/ipv6/sit.c | 4 +- sound/core/pcm_compat.c | 2 + sound/core/seq/seq_virmidi.c | 4 +- sound/drivers/aloop.c | 29 +- sound/firewire/amdtp-stream.c | 5 +- sound/pci/hda/patch_realtek.c | 2 +- tools/testing/selftests/firmware/fw_filesystem.sh | 6 +- 57 files changed, 547 insertions(+), 492 deletions(-)

7 years, 1 month

5
45
0 0

[PATCH 4.9 00/32] 4.9.99-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.99 release. There are 32 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu May 10 07:39:44 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.99-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.99-rc1 Heiko Carstens <heiko.carstens(a)de.ibm.com> s390/facilites: use stfle_fac_list array size for MAX_FACILITY_BIT João Paulo Rechi Vita <jprvita(a)gmail.com> platform/x86: asus-wireless: Fix NULL pointer dereference Bin Liu <b-liu(a)ti.com> usb: musb: trace: fix NULL pointer dereference in musb_g_tx() Bin Liu <b-liu(a)ti.com> usb: musb: host: fix potential NULL pointer dereference SZ Lin (林上智) <sz.lin(a)moxa.com> USB: serial: option: adding support for ublox R410M Johan Hovold <johan(a)kernel.org> USB: serial: option: reimplement interface masking Alan Stern <stern(a)rowland.harvard.edu> USB: Accept bulk endpoints with 1024-byte maxpacket Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> USB: serial: visor: handle potential invalid device configuration Ben Hutchings <ben.hutchings(a)codethink.co.uk> test_firmware: fix setting old custom fw path back on exit, second try Sean Paul <seanpaul(a)chromium.org> drm/bridge: vga-dac: Fix edid memory leak Thomas Hellstrom <thellstrom(a)vmware.com> drm/vmwgfx: Fix a buffer object leak Sebastian Sanchez <sebastian.sanchez(a)intel.com> IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used Danit Goldberg <danitg(a)mellanox.com> IB/mlx5: Use unlimited rate when static rate is not supported SZ Lin (林上智) <sz.lin(a)moxa.com> NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 Leon Romanovsky <leonro(a)mellanox.com> RDMA/mlx5: Protect from shift operand overflow Roland Dreier <roland(a)purestorage.com> RDMA/ucma: Allow resolving address w/o specifying source address Raju Rangoju <rajur(a)chelsio.com> RDMA/cxgb4: release hw resources on device removal Darrick J. Wong <darrick.wong(a)oracle.com> xfs: prevent creating negative-sized file via INSERT_RANGE Vittorio Gambaletta (VittGam) <linuxbugs(a)vittgam.net> Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: leds - fix out of bound access Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> tracepoint: Do not warn on ENOMEM Takashi Iwai <tiwai(a)suse.de> ALSA: aloop: Add missing cable lock to ctl API callbacks Robert Rosengren <robert.rosengren(a)axis.com> ALSA: aloop: Mark paused device as inactive Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Check PCM state at xfern compat ioctl Kristian Evensen <kristian.evensen(a)gmail.com> USB: serial: option: Add support for Quectel EP06 Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: imx: ensure UCR3 and UFCR are setup correctly LEROY Christophe <christophe.leroy(a)c-s.fr> crypto: talitos - fix IPsec cipher in length Marc Zyngier <marc.zyngier(a)arm.com> arm/arm64: KVM: Add PSCI version selection API Teng Qin <qinteng(a)fb.com> bpf: map_get_next_key to return first key on NULL Tejun Heo <tj(a)kernel.org> percpu: include linux/sched.h for cond_resched() Tan Xiaojun <tanxiaojun(a)huawei.com> perf/core: Fix the perf_cpu_time_max_percent check ------------- Diffstat: Documentation/virtual/kvm/api.txt | 9 +- Documentation/virtual/kvm/arm/psci.txt | 30 ++ Makefile | 4 +- arch/arm/include/asm/kvm_host.h | 3 + arch/arm/include/uapi/asm/kvm.h | 6 + arch/arm/kvm/guest.c | 13 + arch/arm/kvm/psci.c | 60 +++ arch/arm64/include/asm/kvm_host.h | 3 + arch/arm64/include/uapi/asm/kvm.h | 6 + arch/arm64/kvm/guest.c | 14 +- arch/s390/include/asm/facility.h | 2 +- drivers/crypto/talitos.c | 41 +- drivers/gpu/drm/bridge/dumb-vga-dac.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 1 + drivers/infiniband/core/ucma.c | 2 +- drivers/infiniband/hw/cxgb4/device.c | 9 +- drivers/infiniband/hw/cxgb4/iw_cxgb4.h | 4 + drivers/infiniband/hw/cxgb4/resource.c | 26 +- drivers/infiniband/hw/hfi1/init.c | 2 + drivers/infiniband/hw/hfi1/pcie.c | 3 - drivers/infiniband/hw/mlx5/qp.c | 22 +- drivers/input/input-leds.c | 8 +- drivers/input/touchscreen/atmel_mxt_ts.c | 9 + drivers/net/usb/qmi_wwan.c | 1 + drivers/platform/x86/asus-wireless.c | 4 +- drivers/tty/serial/imx.c | 14 +- drivers/usb/core/config.c | 4 +- drivers/usb/musb/musb_gadget.c | 3 +- drivers/usb/musb/musb_host.c | 4 +- drivers/usb/serial/option.c | 448 ++++++++-------------- drivers/usb/serial/visor.c | 69 ++-- fs/xfs/xfs_file.c | 14 +- include/kvm/arm_psci.h | 16 +- kernel/bpf/arraymap.c | 2 +- kernel/bpf/hashtab.c | 9 +- kernel/bpf/syscall.c | 20 +- kernel/events/core.c | 2 +- kernel/tracepoint.c | 4 +- mm/percpu.c | 1 + sound/core/pcm_compat.c | 2 + sound/core/seq/seq_virmidi.c | 4 +- sound/drivers/aloop.c | 29 +- tools/testing/selftests/firmware/fw_filesystem.sh | 6 +- 43 files changed, 530 insertions(+), 407 deletions(-)

7 years, 1 month

4
29
0 0

[PATCH] mtd: rawnand: marvell: fix command xtype in BCH write hook

by Miquel Raynal

One layout supported by the Marvell NAND controller supports NAND pages of 2048 bytes, all handled in one single chunk when using BCH with a strength of 4-bit per 512 bytes. In this case, instead of the generic XTYPE_WRITE_DISPATCH/XTYPE_LAST_NAKED_RW couple, the controller expects to receive XTYPE_MONOLITHIC_RW. This fixes problems at boot like: [ 1.315475] Scanning device for bad blocks [ 3.203108] marvell-nfc f10d0000.flash: Timeout waiting for RB signal [ 3.209564] nand_bbt: error while writing BBT block -110 [ 4.243106] marvell-nfc f10d0000.flash: Timeout waiting for RB signal [ 5.283106] marvell-nfc f10d0000.flash: Timeout waiting for RB signal [ 5.289562] nand_bbt: error -110 while marking block 2047 bad [ 6.323106] marvell-nfc f10d0000.flash: Timeout waiting for RB signal [ 6.329559] nand_bbt: error while writing BBT block -110 [ 7.363106] marvell-nfc f10d0000.flash: Timeout waiting for RB signal [ 8.403105] marvell-nfc f10d0000.flash: Timeout waiting for RB signal [ 8.409559] nand_bbt: error -110 while marking block 2046 bad ... Fixes: 02f26ecf8c772 ("mtd: nand: add reworked Marvell NAND controller driver") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- Chris, Can you please give this patch a try? This is very likely to solve your boot issue. Thanks, Miquèl drivers/mtd/nand/raw/marvell_nand.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/nand/raw/marvell_nand.c b/drivers/mtd/nand/raw/marvell_nand.c index e4b964fd40d8..db5ec4e8bde9 100644 --- a/drivers/mtd/nand/raw/marvell_nand.c +++ b/drivers/mtd/nand/raw/marvell_nand.c @@ -1408,6 +1408,7 @@ marvell_nfc_hw_ecc_bch_write_chunk(struct nand_chip *chip, int chunk, struct marvell_nand_chip *marvell_nand = to_marvell_nand(chip); struct marvell_nfc *nfc = to_marvell_nfc(chip->controller); const struct marvell_hw_ecc_layout *lt = to_marvell_nand(chip)->layout; + u32 xtype; int ret; struct marvell_nfc_op nfc_op = { .ndcb[0] = NDCB0_CMD_TYPE(TYPE_WRITE) | NDCB0_LEN_OVRD, @@ -1423,7 +1424,12 @@ marvell_nfc_hw_ecc_bch_write_chunk(struct nand_chip *chip, int chunk, * last naked write. */ if (chunk == 0) { - nfc_op.ndcb[0] |= NDCB0_CMD_XTYPE(XTYPE_WRITE_DISPATCH) | + if (lt->nchunks == 1) + xtype = XTYPE_MONOLITHIC_RW; + else + xtype = XTYPE_WRITE_DISPATCH; + + nfc_op.ndcb[0] |= NDCB0_CMD_XTYPE(xtype) | NDCB0_ADDR_CYC(marvell_nand->addr_cyc) | NDCB0_CMD1(NAND_CMD_SEQIN); nfc_op.ndcb[1] |= NDCB1_ADDRS_PAGE(page); -- 2.14.1

7 years, 1 month

3
8
0 0

[PATCH v4] PCI / PM: Always check PME wakeup capability for runtime wakeup support

by Kai-Heng Feng

USB controller ASM1042 stops working after commit de3ef1eb1cd0 ("PM / core: Drop run_wake flag from struct dev_pm_info"). The device in question is not power managed by platform firmware, furthermore, it only supports PME# from D3cold: Capabilities: [78] Power Management version 3 Flags: PMEClk- DSI- D1- D2- AuxCurrent=55mA PME(D0-,D1-,D2-,D3hot-,D3cold+) Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME- Before commit de3ef1eb1cd0, the device never gets runtime suspended. After that commit, the device gets runtime suspended to D3hot, which can not generate any PME#. usb_hcd_pci_probe() unconditionally calls device_wakeup_enable(), hence device_can_wakeup() in pci_dev_run_wake() always returns true. So pci_dev_run_wake() needs to check PME wakeup capability as its first condition. In addition, change wakeup flag passed to pci_target_state() from false to true, because we want to find the deepest state that the device can still generate PME#. In this case, it's D0 for the device in question. Fixes: de3ef1eb1cd0 ("PM / core: Drop run_wake flag from struct dev_pm_info") Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Kai-Heng Feng <kai.heng.feng(a)canonical.com> --- v4: Correct some errors in commit log. v3: State the reason why the wakeup flag gets changed. v2: Explicitly check dev->pme_support. drivers/pci/pci.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index a04197ce767d..c2616cad3a1d 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -2138,16 +2138,16 @@ bool pci_dev_run_wake(struct pci_dev *dev) { struct pci_bus *bus = dev->bus; - if (device_can_wakeup(&dev->dev)) - return true; - if (!dev->pme_support) return false; /* PME-capable in principle, but not from the target power state */ - if (!pci_pme_capable(dev, pci_target_state(dev, false))) + if (!pci_pme_capable(dev, pci_target_state(dev, true))) return false; + if (device_can_wakeup(&dev->dev)) + return true; + while (bus->parent) { struct pci_dev *bridge = bus->self; -- 2.17.0

7 years, 1 month

3
2
0 0

[PATCH v2] mtd: rawnand: Make sure we wait tWB before polling the STATUS reg

by Boris Brezillon

NAND chips require a bit of time to take the NAND operation into account and set the BUSY bit in the STATUS reg. Make sure we don't poll the STATUS reg too early in nand_soft_waitrdy(). Fixes: 8878b126df76 ("mtd: nand: add ->exec_op() implementation") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- Changes in v2: - Move the ndelay() to nand_soft_waitrdy() instead of having it in the FSMC driver --- drivers/mtd/nand/raw/nand_base.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index 72f3a89da513..da94fcb4dd9b 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -706,12 +706,17 @@ static void nand_wait_status_ready(struct mtd_info *mtd, unsigned long timeo) */ int nand_soft_waitrdy(struct nand_chip *chip, unsigned long timeout_ms) { + const struct nand_sdr_timings *timings; u8 status = 0; int ret; if (!chip->exec_op) return -ENOTSUPP; + /* Wait tWB before polling the STATUS reg. */ + timings = nand_get_sdr_timings(&chip->data_interface); + ndelay(PSEC_TO_NSEC(sdr->tWB_max)); + ret = nand_status_op(chip, NULL); if (ret) return ret; -- 2.14.1

7 years, 1 month

2
3
0 0

Re: [PATCH] compiler-gcc: disable -ftracer for __noclone functions

by Nadav Amit

Paolo Bonzini <pbonzini(a)redhat.com> wrote: > -ftracer can duplicate asm blocks causing compilation to fail in > noclone functions. For example, KVM declares a global variable > in an asm like > > asm("2: ... \n > .pushsection data \n > .global vmx_return \n > vmx_return: .long 2b"); > > and -ftracer causes a double declaration. > > Cc: Andrew Morton <akpm(a)linux-foundation.org> > Cc: Michal Marek <mmarek(a)suse.cz> > Cc: stable(a)vger.kernel.org > Cc: kvm(a)vger.kernel.org > Reported-by: Linda Walsh <lkml(a)tlinx.org> > Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> > --- > include/linux/compiler-gcc.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h > index 22ab246feed3..eeae401a2412 100644 > --- a/include/linux/compiler-gcc.h > +++ b/include/linux/compiler-gcc.h > @@ -199,7 +199,7 @@ > #define unreachable() __builtin_unreachable() > > /* Mark a function definition as prohibited from being cloned. */ > -#define __noclone __attribute__((__noclone__)) > +#define __noclone __attribute__((__noclone__, __optimize__("no-tracer"))) [ Bringing the thread back from the dead for context ] Setting different optimization attributes to certain functions apparently prevents gcc from inlining functions with different “optimizations”. This results in poor compilation - most notably of vmx_vcpu_run() - and causes short functions such as to_vmx() not to be inlined. Regards, Nadav

7 years, 1 month

2
2
0 0

[PATCH 25/25] drm/amd/display: Clear connector's edid pointer

by Harry Wentland

From: Mikita Lipski <mikita.lipski(a)amd.com> Clear connector's edid pointer on coonnector update, when unplugging the display. Fix poison EDID when hotplugging on previously used connector. Signed-off-by: Mikita Lipski <mikita.lipski(a)amd.com> Reviewed-by: Harry Wentland <Harry.Wentland(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 1a63c04b2016..b80d2134b9ea 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -907,6 +907,7 @@ amdgpu_dm_update_connector_after_detect(struct amdgpu_dm_connector *aconnector) drm_mode_connector_update_edid_property(connector, NULL); aconnector->num_modes = 0; aconnector->dc_sink = NULL; + aconnector->edid = NULL; } mutex_unlock(&dev->mode_config.mutex); -- 2.17.0

7 years, 1 month

1
0
0 0

[PATCH] s390/cpum_sf: Add descriptor sizes in sampling trailer entry

by Thomas Richter

The CPU Measurement sampling facility creates a trailer entry for each Sample-Data-Block of stored samples. The trailer entry contains the sizes (in bytes) of the stored samples types: - basic-sampling data entry size - diagnostic-sampling data entry size Both sizes are 2 bytes long. This patch changes the trailer entry definition to reflect this. Fixes: fcc77f507333 ("s390/cpum_sf: Atomically reset trailer entry fields of sample-data-blocks") Cc: stable(a)vger.kernel.org # v3.14+ Signed-off-by: Thomas Richter <tmricht(a)linux.ibm.com> Reviewed-by: Hendrik Brueckner <brueckner(a)linux.ibm.com> --- arch/s390/include/asm/cpu_mf.h | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/arch/s390/include/asm/cpu_mf.h b/arch/s390/include/asm/cpu_mf.h index 7093a27520ee..5c5b747671e8 100644 --- a/arch/s390/include/asm/cpu_mf.h +++ b/arch/s390/include/asm/cpu_mf.h @@ -129,11 +129,15 @@ struct hws_trailer_entry { unsigned int f:1; /* 0 - Block Full Indicator */ unsigned int a:1; /* 1 - Alert request control */ unsigned int t:1; /* 2 - Timestamp format */ - unsigned long long:61; /* 3 - 63: Reserved */ + unsigned long :29; /* 3 - 31: Reserved */ + }; + unsigned long flags; /* 0 - 31: All indicators */ + struct { + unsigned short bsdes; /* 32-47: Basic set desc size*/ + unsigned short dsdes; /* 48-63 Diag set desc size */ }; - unsigned long long flags; /* 0 - 63: All indicators */ }; - unsigned long long overflow; /* 64 - sample Overflow count */ + unsigned long long overflow; /* 8 - sample Overflow count */ unsigned char timestamp[16]; /* 16 - 31 timestamp */ unsigned long long reserved1; /* 32 -Reserved */ unsigned long long reserved2; /* */ -- 2.16.3

7 years, 1 month

1
0
0 0

[PATCH 4/7] can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg()

by Marc Kleine-Budde

From: Jimmy Assarsson <extja(a)kvaser.com> Increase rx_dropped, if alloc_can_skb() fails, not tx_dropped. Signed-off-by: Jimmy Assarsson <extja(a)kvaser.com> Cc: linux-stable <stable(a)vger.kernel.org> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/usb/kvaser_usb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/can/usb/kvaser_usb.c b/drivers/net/can/usb/kvaser_usb.c index 63587b8e6825..daed57d3d209 100644 --- a/drivers/net/can/usb/kvaser_usb.c +++ b/drivers/net/can/usb/kvaser_usb.c @@ -1179,7 +1179,7 @@ static void kvaser_usb_rx_can_msg(const struct kvaser_usb *dev, skb = alloc_can_skb(priv->netdev, &cf); if (!skb) { - stats->tx_dropped++; + stats->rx_dropped++; return; } -- 2.17.0

7 years, 1 month

1
0
0 0

[PATCH 3/7] arm: dts: imx[35]*: declare flexcan devices to be compatible to imx25's flexcan

by Marc Kleine-Budde

From: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Commit d50f4630c2e1 ("arm: dts: Remove p1010-flexcan compatible from imx series dts") removed the fallback compatible "fsl,p1010-flexcan" from the imx device trees. As the flexcan cores on i.MX25, i.MX35 and i.MX53 are identical, introduce the first as fallback for the two latter ones. Fixes: d50f4630c2e1 ("arm: dts: Remove p1010-flexcan compatible from imx series dts") Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Cc: linux-stable <stable(a)vger.kernel.org> # >= v4.16 Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- arch/arm/boot/dts/imx35.dtsi | 4 ++-- arch/arm/boot/dts/imx53.dtsi | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/arm/boot/dts/imx35.dtsi b/arch/arm/boot/dts/imx35.dtsi index bf343195697e..54111ed218b1 100644 --- a/arch/arm/boot/dts/imx35.dtsi +++ b/arch/arm/boot/dts/imx35.dtsi @@ -303,7 +303,7 @@ }; can1: can@53fe4000 { - compatible = "fsl,imx35-flexcan"; + compatible = "fsl,imx35-flexcan", "fsl,imx25-flexcan"; reg = <0x53fe4000 0x1000>; clocks = <&clks 33>, <&clks 33>; clock-names = "ipg", "per"; @@ -312,7 +312,7 @@ }; can2: can@53fe8000 { - compatible = "fsl,imx35-flexcan"; + compatible = "fsl,imx35-flexcan", "fsl,imx25-flexcan"; reg = <0x53fe8000 0x1000>; clocks = <&clks 34>, <&clks 34>; clock-names = "ipg", "per"; diff --git a/arch/arm/boot/dts/imx53.dtsi b/arch/arm/boot/dts/imx53.dtsi index 7d647d043f52..3d65c0192f69 100644 --- a/arch/arm/boot/dts/imx53.dtsi +++ b/arch/arm/boot/dts/imx53.dtsi @@ -551,7 +551,7 @@ }; can1: can@53fc8000 { - compatible = "fsl,imx53-flexcan"; + compatible = "fsl,imx53-flexcan", "fsl,imx25-flexcan"; reg = <0x53fc8000 0x4000>; interrupts = <82>; clocks = <&clks IMX5_CLK_CAN1_IPG_GATE>, @@ -561,7 +561,7 @@ }; can2: can@53fcc000 { - compatible = "fsl,imx53-flexcan"; + compatible = "fsl,imx53-flexcan", "fsl,imx25-flexcan"; reg = <0x53fcc000 0x4000>; interrupts = <83>; clocks = <&clks IMX5_CLK_CAN2_IPG_GATE>, -- 2.17.0

7 years, 1 month

1
0
0 0

[PATCH 2/7] can: flexcan: fix endianess detection

by Marc Kleine-Budde

From: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> In commit 88462d2a7830 ("can: flexcan: Remodel FlexCAN register r/w APIs for big endian FlexCAN controllers.") the following logic was implemented: if the dt property "big-endian" is given or the device is compatible to "fsl,p1010-flexcan": use big-endian mode; else use little-endian mode; This relies on commit d50f4630c2e1 ("arm: dts: Remove p1010-flexcan compatible from imx series dts") which was applied a few commits later. Without this commit (or an old device tree used for booting a new kernel) the flexcan devices on i.MX25, i.MX28, i.MX35 and i.MX53 match the 'the device is compatible to "fsl,p1010-flexcan"' test and so are switched erroneously to big endian mode. Instead of the check above put a quirk in devtype data and rely on of_match_device yielding the most compatible match Fixes: 88462d2a7830 ("can: flexcan: Remodel FlexCAN register r/w APIs for big endian FlexCAN controllers.") Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Tested-by: Gavin Schenk <g.schenk(a)eckelmann.de> Cc: linux-stable <stable(a)vger.kernel.org> # >= v4.16 Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/flexcan.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/drivers/net/can/flexcan.c b/drivers/net/can/flexcan.c index 634c51e6b8ae..d53a45bf2a72 100644 --- a/drivers/net/can/flexcan.c +++ b/drivers/net/can/flexcan.c @@ -200,6 +200,7 @@ #define FLEXCAN_QUIRK_DISABLE_MECR BIT(4) /* Disable Memory error detection */ #define FLEXCAN_QUIRK_USE_OFF_TIMESTAMP BIT(5) /* Use timestamp based offloading */ #define FLEXCAN_QUIRK_BROKEN_PERR_STATE BIT(6) /* No interrupt for error passive */ +#define FLEXCAN_QUIRK_DEFAULT_BIG_ENDIAN BIT(7) /* default to BE register access */ /* Structure of the message buffer */ struct flexcan_mb { @@ -287,6 +288,12 @@ struct flexcan_priv { }; static const struct flexcan_devtype_data fsl_p1010_devtype_data = { + .quirks = FLEXCAN_QUIRK_BROKEN_WERR_STATE | + FLEXCAN_QUIRK_BROKEN_PERR_STATE | + FLEXCAN_QUIRK_DEFAULT_BIG_ENDIAN, +}; + +static const struct flexcan_devtype_data fsl_imx25_devtype_data = { .quirks = FLEXCAN_QUIRK_BROKEN_WERR_STATE | FLEXCAN_QUIRK_BROKEN_PERR_STATE, }; @@ -1251,9 +1258,9 @@ static void unregister_flexcandev(struct net_device *dev) static const struct of_device_id flexcan_of_match[] = { { .compatible = "fsl,imx6q-flexcan", .data = &fsl_imx6q_devtype_data, }, { .compatible = "fsl,imx28-flexcan", .data = &fsl_imx28_devtype_data, }, - { .compatible = "fsl,imx53-flexcan", .data = &fsl_p1010_devtype_data, }, - { .compatible = "fsl,imx35-flexcan", .data = &fsl_p1010_devtype_data, }, - { .compatible = "fsl,imx25-flexcan", .data = &fsl_p1010_devtype_data, }, + { .compatible = "fsl,imx53-flexcan", .data = &fsl_imx25_devtype_data, }, + { .compatible = "fsl,imx35-flexcan", .data = &fsl_imx25_devtype_data, }, + { .compatible = "fsl,imx25-flexcan", .data = &fsl_imx25_devtype_data, }, { .compatible = "fsl,p1010-flexcan", .data = &fsl_p1010_devtype_data, }, { .compatible = "fsl,vf610-flexcan", .data = &fsl_vf610_devtype_data, }, { .compatible = "fsl,ls1021ar2-flexcan", .data = &fsl_ls1021a_r2_devtype_data, }, @@ -1337,18 +1344,13 @@ static int flexcan_probe(struct platform_device *pdev) priv = netdev_priv(dev); - if (of_property_read_bool(pdev->dev.of_node, "big-endian")) { + if (of_property_read_bool(pdev->dev.of_node, "big-endian") || + devtype_data->quirks & FLEXCAN_QUIRK_DEFAULT_BIG_ENDIAN) { priv->read = flexcan_read_be; priv->write = flexcan_write_be; } else { - if (of_device_is_compatible(pdev->dev.of_node, - "fsl,p1010-flexcan")) { - priv->read = flexcan_read_be; - priv->write = flexcan_write_be; - } else { - priv->read = flexcan_read_le; - priv->write = flexcan_write_le; - } + priv->read = flexcan_read_le; + priv->write = flexcan_write_le; } priv->can.clock.freq = clock_freq; -- 2.17.0

7 years, 1 month

1
0
0 0

[PATCH] perf: fix invalid bit in diagnostic entry

by Thomas Richter

The s390 CPU measurement facility sampling mode supports basic entries and diagnostic entries. Each entry has a valid bit to indicate the status of the entry as valid or invalid. This bit is bit 31 in the diagnostic entry, but the bit mask definition refers to bit 30. Fix this by making the reserved field one bit larger. Cc: stable(a)vger.kernel.org # v3.14+ Fixes: 7e75fc3ff4cf ("s390/cpum_sf: Add raw data sampling to support the diagnostic-sampling function") Signed-off-by: Thomas Richter <tmricht(a)linux.ibm.com> Reviewed-by: Hendrik Brueckner <brueckner(a)linux.vnet.ibm.com> --- arch/s390/include/asm/cpu_mf.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/s390/include/asm/cpu_mf.h b/arch/s390/include/asm/cpu_mf.h index f58d17e9dd65..7093a27520ee 100644 --- a/arch/s390/include/asm/cpu_mf.h +++ b/arch/s390/include/asm/cpu_mf.h @@ -113,7 +113,7 @@ struct hws_basic_entry { struct hws_diag_entry { unsigned int def:16; /* 0-15 Data Entry Format */ - unsigned int R:14; /* 16-19 and 20-30 reserved */ + unsigned int R:15; /* 16-19 and 20-30 reserved */ unsigned int I:1; /* 31 entry valid or invalid */ u8 data[]; /* Machine-dependent sample data */ } __packed; -- 2.16.3

7 years, 1 month

2
1
0 0

Re: Patch "mm/kmemleak.c: wait for scan completion before disabling free" has been added to the 3.18-stable tree

by Vinayak Menon

On 5/3/2018 2:13 AM, gregkh(a)linuxfoundation.org wrote: > This is a note to let you know that I've just added the patch titled > > mm/kmemleak.c: wait for scan completion before disabling free > > to the 3.18-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > mm-kmemleak.c-wait-for-scan-completion-before-disabling-free.patch > and it can be found in the queue-3.18 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > From foo@baz Wed May 2 13:21:44 PDT 2018 > From: Vinayak Menon <vinmenon(a)codeaurora.org> > Date: Wed, 28 Mar 2018 16:01:16 -0700 > Subject: mm/kmemleak.c: wait for scan completion before disabling free > > From: Vinayak Menon <vinmenon(a)codeaurora.org> > > [ Upstream commit 914b6dfff790544d9b77dfd1723adb3745ec9700 ] > > A crash is observed when kmemleak_scan accesses the object->pointer, > likely due to the following race. > > TASK A TASK B TASK C > kmemleak_write > (with "scan" and > NOT "scan=on") > kmemleak_scan() > create_object > kmem_cache_alloc fails > kmemleak_disable > kmemleak_do_cleanup > kmemleak_free_enabled = 0 > kfree > kmemleak_free bails out > (kmemleak_free_enabled is 0) > slub frees object->pointer > update_checksum > crash - object->pointer > freed (DEBUG_PAGEALLOC) > > kmemleak_do_cleanup waits for the scan thread to complete, but not for > direct call to kmemleak_scan via kmemleak_write. So add a wait for > kmemleak_scan completion before disabling kmemleak_free, and while at it > fix the comment on stop_scan_thread. > > [vinmenon(a)codeaurora.org: fix stop_scan_thread comment] > Link: http://lkml.kernel.org/r/1522219972-22809-1-git-send-email-vinmenon@codeaur… > Link: http://lkml.kernel.org/r/1522063429-18992-1-git-send-email-vinmenon@codeaur… > Signed-off-by: Vinayak Menon <vinmenon(a)codeaurora.org> > Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com> > Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> > Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> > Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > mm/kmemleak.c | 12 +++++++----- > 1 file changed, 7 insertions(+), 5 deletions(-) > > --- a/mm/kmemleak.c > +++ b/mm/kmemleak.c > @@ -1481,8 +1481,7 @@ static void start_scan_thread(void) > } > > /* > - * Stop the automatic memory scanning thread. This function must be called > - * with the scan_mutex held. > + * Stop the automatic memory scanning thread. > */ > static void stop_scan_thread(void) > { > @@ -1746,12 +1745,15 @@ static void kmemleak_do_cleanup(struct w > mutex_lock(&scan_mutex); > stop_scan_thread(); > > + mutex_lock(&scan_mutex); The lock is taken once above stop_scan_thread() and can result in a deadlock. The lock was removed from kmemleak_do_cleanup by following commit which is not present on 3.18 commit 5f369f374ba4889fe3c17883402db5ee8d254216 Author: Catalin Marinas <catalin.marinas(a)arm.com> Date: Wed Jun 24 16:58:31 2015 -0700 mm: kmemleak: do not acquire scan_mutex in kmemleak_do_cleanup() So we may have to pick the above patch too. > /* > - * Once the scan thread has stopped, it is safe to no longer track > - * object freeing. Ordering of the scan thread stopping and the memory > - * accesses below is guaranteed by the kthread_stop() function. > + * Once it is made sure that kmemleak_scan has stopped, it is safe to no > + * longer track object freeing. Ordering of the scan thread stopping and > + * the memory accesses below is guaranteed by the kthread_stop() > + * function. > */ > kmemleak_free_enabled = 0; > + mutex_unlock(&scan_mutex); > > if (!kmemleak_found_leaks) > __kmemleak_do_cleanup(); > > > Patches currently in stable-queue which might be from vinmenon(a)codeaurora.org are > > queue-3.18/mm-kmemleak.c-wait-for-scan-completion-before-disabling-free.patch

7 years, 1 month

2
1
0 0

Re: Patch "ASoC: samsung: i2s: Ensure the RCLK rate is properly determined" has been added to the 3.18-stable tree

by Sylwester Nawrocki

Hello, On 05/02/2018 10:43 PM, gregkh(a)linuxfoundation.org wrote: > This is a note to let you know that I've just added the patch titled > > ASoC: samsung: i2s: Ensure the RCLK rate is properly determined > > to the 3.18-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > asoc-samsung-i2s-ensure-the-rclk-rate-is-properly-determined.patch > and it can be found in the queue-3.18 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Please drop this patch from the stable queue for 3.18 as it depends on patch 074b89bb5fb7 ASoC: samsung: i2s: Add clock provider for the I2S internal clocks $ git describe 074b89bb5fb7 v3.19-rc1-14-g074b89bb5fb7 There is a related build break reported by kbuild test robot already. -- Thanks, Sylwester

7 years, 1 month

2
1
0 0

Re: Patch "clk: samsung: s3c2410: Fix PLL rates" has been added to the 3.18-stable tree

by Sylwester Nawrocki

Hello, On 05/02/2018 10:43 PM, gregkh(a)linuxfoundation.org wrote: > Patches currently in stable-queue which might be from a.hajda(a)samsung.com are > > queue-3.18/clk-samsung-exynos5260-fix-pll-rates.patch > queue-3.18/clk-samsung-exynos3250-fix-pll-rates.patch > queue-3.18/clk-samsung-s3c2410-fix-pll-rates.patch > queue-3.18/clk-samsung-exynos5250-fix-pll-rates.patch Please drop the above patches from 3.18 stable queue, they may potentially cause regressions if other drivers, like audio card, are not also updated accordingly. -- Thanks, Sylwester

7 years, 1 month

2
1
0 0

[PATCH] zfcp: fix infinite iteration on ERP ready list

by Steffen Maier

From: Jens Remus <jremus(a)linux.ibm.com> zfcp_erp_adapter_reopen() schedules blocking of all of the adapter's rports via zfcp_scsi_schedule_rports_block() and enqueues a reopen adapter ERP action via zfcp_erp_action_enqueue(). Both are separately processed asynchronously and concurrently. Blocking of rports is done in a kworker by zfcp_scsi_rport_work(). It calls zfcp_scsi_rport_block(), which then traces a DBF REC "scpdely" via zfcp_dbf_rec_trig(). zfcp_dbf_rec_trig() acquires the DBF REC spin lock and then iterates with list_for_each() over the adapter's ERP ready list without holding the ERP lock. This opens a race window in which the current list entry can be moved to another list, causing list_for_each() to iterate forever on the wrong list, as the erp_ready_head is never encountered as terminal condition. Meanwhile the ERP action can be processed in the ERP thread by zfcp_erp_thread(). It calls zfcp_erp_strategy(), which acquires the ERP lock and then calls zfcp_erp_action_to_running() to move the ERP action from the ready to the running list. zfcp_erp_action_to_running() can move the ERP action using list_move() just during the aforementioned race window. It then traces a REC RUN "erator1" via zfcp_dbf_rec_run(). zfcp_dbf_rec_run() tries to acquire the DBF REC spin lock. If this is held by the infinitely looping kworker, it effectively spins forever. Example Sequence Diagram: Process ERP Thread rport_work ------------------- ------------------- ------------------- zfcp_erp_adapter_reopen() zfcp_erp_adapter_block() zfcp_scsi_schedule_rports_block() lock ERP zfcp_scsi_rport_work() zfcp_erp_action_enqueue(ZFCP_ERP_ACTION_REOPEN_ADAPTER) list_add_tail() on ready !(rport_task==RPORT_ADD) wake_up() ERP thread zfcp_scsi_rport_block() zfcp_dbf_rec_trig() zfcp_erp_strategy() zfcp_dbf_rec_trig() unlock ERP lock DBF REC zfcp_erp_wait() lock ERP | zfcp_erp_action_to_running() | list_for_each() ready | list_move() current entry | ready to running | zfcp_dbf_rec_run() endless loop over running | zfcp_dbf_rec_run_lvl() | lock DBF REC spins forever Any adapter recovery can trigger this, such as setting the device offline or reboot. V4.9 commit 4eeaa4f3f1d6 ("zfcp: close window with unblocked rport during rport gone") introduced additional tracing of (un)blocking of rports. It missed that the adapter->erp_lock must be held when calling zfcp_dbf_rec_trig(). This fix uses the approach formerly introduced by commit aa0fec62391c ("[SCSI] zfcp: Fix sparse warning by providing new entry in dbf") that got later removed by commit ae0904f60fab ("[SCSI] zfcp: Redesign of the debug tracing for recovery actions."). Introduce zfcp_dbf_rec_trig_lock(), a wrapper for zfcp_dbf_rec_trig() that acquires and releases the adapter->erp_lock for read. Reported-by: Sebastian Ott <sebott(a)linux.ibm.com> Signed-off-by: Jens Remus <jremus(a)linux.ibm.com> Fixes: 4eeaa4f3f1d6 ("zfcp: close window with unblocked rport during rport gone") Cc: <stable(a)vger.kernel.org> # 2.6.32+ Reviewed-by: Benjamin Block <bblock(a)linux.vnet.ibm.com> Signed-off-by: Steffen Maier <maier(a)linux.ibm.com> --- James, Martin, this is an important zfcp regression fix. It would be nice if it could make it into 4.17-rcX. The patch applies to James' fixes branch or Martin's 4.17/scsi-fixes branch. Regards, Steffen drivers/s390/scsi/zfcp_dbf.c | 23 ++++++++++++++++++++++- drivers/s390/scsi/zfcp_ext.h | 5 ++++- drivers/s390/scsi/zfcp_scsi.c | 14 +++++++------- 3 files changed, 33 insertions(+), 9 deletions(-) diff --git a/drivers/s390/scsi/zfcp_dbf.c b/drivers/s390/scsi/zfcp_dbf.c index a8b831000b2d..18c4f933e8b9 100644 --- a/drivers/s390/scsi/zfcp_dbf.c +++ b/drivers/s390/scsi/zfcp_dbf.c @@ -4,7 +4,7 @@ * * Debug traces for zfcp. * - * Copyright IBM Corp. 2002, 2017 + * Copyright IBM Corp. 2002, 2018 */ #define KMSG_COMPONENT "zfcp" @@ -308,6 +308,27 @@ void zfcp_dbf_rec_trig(char *tag, struct zfcp_adapter *adapter, spin_unlock_irqrestore(&dbf->rec_lock, flags); } +/** + * zfcp_dbf_rec_trig_lock - trace event related to triggered recovery with lock + * @tag: identifier for event + * @adapter: adapter on which the erp_action should run + * @port: remote port involved in the erp_action + * @sdev: scsi device involved in the erp_action + * @want: wanted erp_action + * @need: required erp_action + * + * The adapter->erp_lock must not be held. + */ +void zfcp_dbf_rec_trig_lock(char *tag, struct zfcp_adapter *adapter, + struct zfcp_port *port, struct scsi_device *sdev, + u8 want, u8 need) +{ + unsigned long flags; + + read_lock_irqsave(&adapter->erp_lock, flags); + zfcp_dbf_rec_trig(tag, adapter, port, sdev, want, need); + read_unlock_irqrestore(&adapter->erp_lock, flags); +} /** * zfcp_dbf_rec_run_lvl - trace event related to running recovery diff --git a/drivers/s390/scsi/zfcp_ext.h b/drivers/s390/scsi/zfcp_ext.h index bf8ea4df2bb8..e5eed8aac0ce 100644 --- a/drivers/s390/scsi/zfcp_ext.h +++ b/drivers/s390/scsi/zfcp_ext.h @@ -4,7 +4,7 @@ * * External function declarations. * - * Copyright IBM Corp. 2002, 2016 + * Copyright IBM Corp. 2002, 2018 */ #ifndef ZFCP_EXT_H @@ -35,6 +35,9 @@ extern int zfcp_dbf_adapter_register(struct zfcp_adapter *); extern void zfcp_dbf_adapter_unregister(struct zfcp_adapter *); extern void zfcp_dbf_rec_trig(char *, struct zfcp_adapter *, struct zfcp_port *, struct scsi_device *, u8, u8); +extern void zfcp_dbf_rec_trig_lock(char *tag, struct zfcp_adapter *adapter, + struct zfcp_port *port, + struct scsi_device *sdev, u8 want, u8 need); extern void zfcp_dbf_rec_run(char *, struct zfcp_erp_action *); extern void zfcp_dbf_rec_run_lvl(int level, char *tag, struct zfcp_erp_action *erp); diff --git a/drivers/s390/scsi/zfcp_scsi.c b/drivers/s390/scsi/zfcp_scsi.c index 4d2ba5682493..22f9562f415c 100644 --- a/drivers/s390/scsi/zfcp_scsi.c +++ b/drivers/s390/scsi/zfcp_scsi.c @@ -4,7 +4,7 @@ * * Interface to Linux SCSI midlayer. * - * Copyright IBM Corp. 2002, 2017 + * Copyright IBM Corp. 2002, 2018 */ #define KMSG_COMPONENT "zfcp" @@ -618,9 +618,9 @@ static void zfcp_scsi_rport_register(struct zfcp_port *port) ids.port_id = port->d_id; ids.roles = FC_RPORT_ROLE_FCP_TARGET; - zfcp_dbf_rec_trig("scpaddy", port->adapter, port, NULL, - ZFCP_PSEUDO_ERP_ACTION_RPORT_ADD, - ZFCP_PSEUDO_ERP_ACTION_RPORT_ADD); + zfcp_dbf_rec_trig_lock("scpaddy", port->adapter, port, NULL, + ZFCP_PSEUDO_ERP_ACTION_RPORT_ADD, + ZFCP_PSEUDO_ERP_ACTION_RPORT_ADD); rport = fc_remote_port_add(port->adapter->scsi_host, 0, &ids); if (!rport) { dev_err(&port->adapter->ccw_device->dev, @@ -642,9 +642,9 @@ static void zfcp_scsi_rport_block(struct zfcp_port *port) struct fc_rport *rport = port->rport; if (rport) { - zfcp_dbf_rec_trig("scpdely", port->adapter, port, NULL, - ZFCP_PSEUDO_ERP_ACTION_RPORT_DEL, - ZFCP_PSEUDO_ERP_ACTION_RPORT_DEL); + zfcp_dbf_rec_trig_lock("scpdely", port->adapter, port, NULL, + ZFCP_PSEUDO_ERP_ACTION_RPORT_DEL, + ZFCP_PSEUDO_ERP_ACTION_RPORT_DEL); fc_remote_port_delete(rport); port->rport = NULL; } -- 2.13.5

7 years, 1 month

2
1
0 0

[PATCH 7/8] mtd: nand: pxa3xx: Fix READOOB implementation

by Chris Packham

From: Boris Brezillon <boris.brezillon(a)free-electrons.com> In the current driver, OOB bytes are accessed in raw mode, and when a page access is done with NDCR_SPARE_EN set and NDCR_ECC_EN cleared, the driver must read the whole spare area (64 bytes in case of a 2k page, 16 bytes for a 512 page). The driver was only reading the free OOB bytes, which was leaving some unread data in the FIFO and was somehow leading to a timeout. We could patch the driver to read ->spare_size + ->ecc_size instead of just ->spare_size when READOOB is requested, but we'd better make in-band and OOB accesses consistent. Since the driver is always accessing in-band data in non-raw mode (with the ECC engine enabled), we should also access OOB data in this mode. That's particularly useful when using the BCH engine because in this mode the free OOB bytes are also ECC protected. Fixes: 43bcfd2bb24a ("mtd: nand: pxa3xx: Add driver-specific ECC BCH support") Cc: stable(a)vger.kernel.org Reported-by: Sean Nyekjær <sean.nyekjaer(a)prevas.dk> Tested-by: Willy Tarreau <w(a)1wt.eu> Signed-off-by: Boris Brezillon <boris.brezillon(a)free-electrons.com> Acked-by: Ezequiel Garcia <ezequiel(a)vanguardiasur.com.ar> Tested-by: Sean Nyekjaer <sean.nyekjaer(a)prevas.dk> Acked-by: Robert Jarzmik <robert.jarzmik(a)free.fr> Signed-off-by: Richard Weinberger <richard(a)nod.at> [upstream commit fee4380f368e84ed216b62ccd2fbc4126f2bf40b] Change-Id: Ib3c8a40c72db79336bd2ddfc9463b82ead283036 Reviewed-by: Kalyan Kinthada <kalyan.kinthada(a)alliedtelesis.co.nz> Reviewed-by: Luuk Paulussen <luuk.paulussen(a)alliedtelesis.co.nz> Signed-off-by: Luuk Paulussen <luuk.paulussen(a)alliedtelesis.co.nz> --- drivers/mtd/nand/pxa3xx_nand.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mtd/nand/pxa3xx_nand.c b/drivers/mtd/nand/pxa3xx_nand.c index 51fe6a5f4e..bd71d536a5 100644 --- a/drivers/mtd/nand/pxa3xx_nand.c +++ b/drivers/mtd/nand/pxa3xx_nand.c @@ -1063,6 +1063,7 @@ static void prepare_start_command(struct pxa3xx_nand_info *info, int command) switch (command) { case NAND_CMD_READ0: + case NAND_CMD_READOOB: case NAND_CMD_PAGEPROG: info->use_ecc = 1; break; -- 2.17.0

7 years, 1 month

1
0
0 0

[PATCH] PCI: pciehp: Add quirk for QDF2400 Command Completed erratum

by Sinan Kaya

The QDF2400 controller does not set the Command Completed bit unless writes to the Slot Command register change "Control" bits. Command Completed is never set for writes that only change software notification "Enable" bits. This results in timeouts like this: pciehp 0000:00:00.0:pcie004: Timeout on hotplug command 0x1038 Cc: stable(a)vger.kernel.org Signed-off-by: Sinan Kaya <okaya(a)codeaurora.org> --- drivers/pci/hotplug/pciehp_hpc.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/pci/hotplug/pciehp_hpc.c b/drivers/pci/hotplug/pciehp_hpc.c index e70eba5..974a8f1 100644 --- a/drivers/pci/hotplug/pciehp_hpc.c +++ b/drivers/pci/hotplug/pciehp_hpc.c @@ -914,3 +914,9 @@ static void quirk_cmd_compl(struct pci_dev *pdev) } DECLARE_PCI_FIXUP_CLASS_EARLY(PCI_VENDOR_ID_INTEL, PCI_ANY_ID, PCI_CLASS_BRIDGE_PCI, 8, quirk_cmd_compl); + +DECLARE_PCI_FIXUP_CLASS_EARLY(0x17cb, 0x400, + PCI_CLASS_BRIDGE_PCI, 8, quirk_cmd_compl); + +DECLARE_PCI_FIXUP_CLASS_EARLY(0x17cb, 0x401, + PCI_CLASS_BRIDGE_PCI, 8, quirk_cmd_compl); -- 2.7.4

7 years, 1 month

4
3
0 0

Re: [PATCH 1/1] x86/xen: Reset VCPU0 info pointer after shared_info remap

by Boris Ostrovsky

On 05/07/2018 02:00 PM, van der Linden, Frank wrote: > Hi Boris, > > Thanks for the feedback. > > On 5/7/18, 8:13 AM, "Boris Ostrovsky" <boris.ostrovsky(a)oracle.com> wrote: > > > diff --git a/arch/x86/xen/enlighten_hvm.c b/arch/x86/xen/enlighten_hvm.c > > index 6b424da1ce75..c78b3e8fb2e5 100644 > > --- a/arch/x86/xen/enlighten_hvm.c > > +++ b/arch/x86/xen/enlighten_hvm.c > > @@ -71,6 +71,19 @@ static void __init xen_hvm_init_mem_mapping(void) > > { > > early_memunmap(HYPERVISOR_shared_info, PAGE_SIZE); > > HYPERVISOR_shared_info = __va(PFN_PHYS(shared_info_pfn)); > > + > > + /* > > + * The virtual address of the shared_info page has changed, so > > + * the vcpu_info pointer for VCPU 0 is now stale. > > Is it "has changed" or "has changed if kaslr is on"? > > It's "has changed". See commit 4ca83dcf4e3bc0c98836dbb97553792ca7ea5429 . It's a way to make kaslr work, but it's done regardless of whether it's enabled or not. I completely forgot about this one. > > > + * > > + * The prepare_boot_cpu callback will re-initialize it via > > + * xen_vcpu_setup, but we can't rely on that to be called for > > + * old Xen versions (xen_have_vector_callback == 0). > > + * > > + * It is, in any case, bad to have a stale vcpu_info pointer > > + * so reset it now. > > + */ > > + xen_vcpu_info_reset(0); > > > Why not xen_vcpu_setup(0)? > > Basically, I wanted to be minimally invasive. xen_vcpu_setup does a little more work (tries to do the VCPU placement hypercall), and will be called later in any case. So doing just the basic xen_vcpu_info_reset for VCPU 0 seems like the best way to do it; it just re-iterates what is done for VCPU 0 earlier in boot, which is also a vcpu_info_reset. OK, fair enough. This should go to stable as well I think (4.12+), copying them. Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com>

7 years, 1 month

2
1
0 0

[PATCH] tracing: Fix bad use of igrab in trace_uprobe.c

by Song Liu

commit 0c92c7a3c5d416f47b32c5f20a611dfeca5d5f2e upstream. As Miklos reported and suggested: This pattern repeats two times in trace_uprobe.c and in kernel/events/core.c as well: ret = kern_path(filename, LOOKUP_FOLLOW, &path); if (ret) goto fail_address_parse; inode = igrab(d_inode(path.dentry)); path_put(&path); And it's wrong. You can only hold a reference to the inode if you have an active ref to the superblock as well (which is normally through path.mnt) or holding s_umount. This way unmounting the containing filesystem while the tracepoint is active will give you the "VFS: Busy inodes after unmount..." message and a crash when the inode is finally put. Solution: store path instead of inode. This patch fixes two instances in trace_uprobe.c. struct path is added to struct trace_uprobe to keep the inode and containing mount point referenced. Link: http://lkml.kernel.org/r/20180423172135.4050588-1-songliubraving@fb.com Fixes: f3f096cfedf8 ("tracing: Provide trace events interface for uprobes") Fixes: 33ea4b24277b ("perf/core: Implement the 'perf_uprobe' PMU") Cc: stable(a)vger.kernel.org #4.14+ Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Howard McLauchlan <hmclauchlan(a)fb.com> Cc: Josef Bacik <jbacik(a)fb.com> Cc: Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> Cc: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Acked-by: Miklos Szeredi <mszeredi(a)redhat.com> Reported-by: Miklos Szeredi <miklos(a)szeredi.hu> Signed-off-by: Song Liu <songliubraving(a)fb.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_uprobe.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index 4525e02..14d3af6 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -55,6 +55,7 @@ struct trace_uprobe { struct list_head list; struct trace_uprobe_filter filter; struct uprobe_consumer consumer; + struct path path; struct inode *inode; char *filename; unsigned long offset; @@ -287,7 +288,7 @@ static void free_trace_uprobe(struct trace_uprobe *tu) for (i = 0; i < tu->tp.nr_args; i++) traceprobe_free_probe_arg(&tu->tp.args[i]); - iput(tu->inode); + path_put(&tu->path); kfree(tu->tp.call.class->system); kfree(tu->tp.call.name); kfree(tu->filename); @@ -361,7 +362,6 @@ static int register_trace_uprobe(struct trace_uprobe *tu) static int create_trace_uprobe(int argc, char **argv) { struct trace_uprobe *tu; - struct inode *inode; char *arg, *event, *group, *filename; char buf[MAX_EVENT_NAME_LEN]; struct path path; @@ -369,7 +369,6 @@ static int create_trace_uprobe(int argc, char **argv) bool is_delete, is_return; int i, ret; - inode = NULL; ret = 0; is_delete = false; is_return = false; @@ -435,21 +434,16 @@ static int create_trace_uprobe(int argc, char **argv) } /* Find the last occurrence, in case the path contains ':' too. */ arg = strrchr(argv[1], ':'); - if (!arg) { - ret = -EINVAL; - goto fail_address_parse; - } + if (!arg) + return -EINVAL; *arg++ = '\0'; filename = argv[1]; ret = kern_path(filename, LOOKUP_FOLLOW, &path); if (ret) - goto fail_address_parse; - - inode = igrab(d_inode(path.dentry)); - path_put(&path); + return ret; - if (!inode || !S_ISREG(inode->i_mode)) { + if (!d_is_reg(path.dentry)) { ret = -EINVAL; goto fail_address_parse; } @@ -488,7 +482,7 @@ static int create_trace_uprobe(int argc, char **argv) goto fail_address_parse; } tu->offset = offset; - tu->inode = inode; + tu->path = path; tu->filename = kstrdup(filename, GFP_KERNEL); if (!tu->filename) { @@ -556,7 +550,7 @@ static int create_trace_uprobe(int argc, char **argv) return ret; fail_address_parse: - iput(inode); + path_put(&path); pr_info("Failed to parse address or file.\n"); @@ -935,6 +929,7 @@ probe_event_enable(struct trace_uprobe *tu, struct trace_event_file *file, goto err_flags; tu->consumer.filter = filter; + tu->inode = d_real_inode(tu->path.dentry); ret = uprobe_register(tu->inode, tu->offset, &tu->consumer); if (ret) goto err_buffer; @@ -980,6 +975,7 @@ probe_event_disable(struct trace_uprobe *tu, struct trace_event_file *file) WARN_ON(!uprobe_filter_is_empty(&tu->filter)); uprobe_unregister(tu->inode, tu->offset, &tu->consumer); + tu->inode = NULL; tu->tp.flags &= file ? ~TP_FLAG_TRACE : ~TP_FLAG_PROFILE; uprobe_buffer_disable(); -- 2.9.5

7 years, 1 month

1
0
0 0

[PATCH v2] KVM: vmx: update sec exec controls for UMIP iff emulating UMIP

by Sean Christopherson

Update SECONDARY_EXEC_DESC for UMIP emulation if and only UMIP is actually being emulated. Skipping the VMCS update eliminates unnecessary VMREAD/VMWRITE when UMIP is supported in hardware, and on platforms that don't have SECONDARY_VM_EXEC_CONTROL. The latter case resolves a bug where KVM would fill the kernel log with warnings due to failed VMWRITEs on older platforms. Fixes: 0367f205a3b7 ("KVM: vmx: add support for emulating UMIP") Cc: stable(a)vger.kernel.org #4.16 Reported-by: Paolo Zeppegno <pzeppegno(a)gmail.com> Suggested-by: Paolo Bonzini <pbonzini(a)redhat.com> Suggested-by: Radim Krčmář <rkrcmar(a)redhat.com> Signed-off-by: Sean Christopherson <sean.j.christopherson(a)intel.com> --- v2: Fix the bug simply by skipping VMCS updates when UMIP is not being emulated, as suggested by Paolo and again by Radim. The approach of updating the VMCS only when CR4.UMIP changed was not guaranteed to work in all cases. Optimizing away VMREAD/VMWRITE will be tackled in a separate series. arch/x86/kvm/vmx.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index aafcc9881e88..53d85439e5e5 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1494,6 +1494,12 @@ static inline bool cpu_has_vmx_vmfunc(void) SECONDARY_EXEC_ENABLE_VMFUNC; } +static bool vmx_umip_emulated(void) +{ + return vmcs_config.cpu_based_2nd_exec_ctrl & + SECONDARY_EXEC_DESC; +} + static inline bool report_flexpriority(void) { return flexpriority_enabled; @@ -4776,14 +4782,16 @@ static int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) else hw_cr4 |= KVM_PMODE_VM_CR4_ALWAYS_ON; - if ((cr4 & X86_CR4_UMIP) && !boot_cpu_has(X86_FEATURE_UMIP)) { - vmcs_set_bits(SECONDARY_VM_EXEC_CONTROL, - SECONDARY_EXEC_DESC); - hw_cr4 &= ~X86_CR4_UMIP; - } else if (!is_guest_mode(vcpu) || - !nested_cpu_has2(get_vmcs12(vcpu), SECONDARY_EXEC_DESC)) - vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL, + if (!boot_cpu_has(X86_FEATURE_UMIP) && vmx_umip_emulated()) { + if (cr4 & X86_CR4_UMIP) { + vmcs_set_bits(SECONDARY_VM_EXEC_CONTROL, SECONDARY_EXEC_DESC); + hw_cr4 &= ~X86_CR4_UMIP; + } else if (!is_guest_mode(vcpu) || + !nested_cpu_has2(get_vmcs12(vcpu), SECONDARY_EXEC_DESC)) + vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL, + SECONDARY_EXEC_DESC); + } if (cr4 & X86_CR4_VMXE) { /* @@ -9512,12 +9520,6 @@ static bool vmx_xsaves_supported(void) SECONDARY_EXEC_XSAVES; } -static bool vmx_umip_emulated(void) -{ - return vmcs_config.cpu_based_2nd_exec_ctrl & - SECONDARY_EXEC_DESC; -} - static void vmx_recover_nmi_blocking(struct vcpu_vmx *vmx) { u32 exit_intr_info; -- 2.17.0

7 years, 1 month

2
1
0 0

[PATCH] mtd: rawnand: marvell: pass ms delay to wait_op

by Chris Packham

marvell_nfc_wait_op() expects the delay to be expressed in milliseconds but nand_sdr_timings uses picoseconds. Use PSEC_TO_MSEC when passing tPROG_max to marvell_nfc_wait_op(). Fixes: 02f26ecf8c772 ("mtd: nand: add reworked Marvell NAND controller driver") Cc: stable(a)vger.kernel.org Signed-off-by: Chris Packham <chris.packham(a)alliedtelesis.co.nz> --- drivers/mtd/nand/raw/marvell_nand.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/mtd/nand/raw/marvell_nand.c b/drivers/mtd/nand/raw/marvell_nand.c index 1d779a35ac8e..e4b964fd40d8 100644 --- a/drivers/mtd/nand/raw/marvell_nand.c +++ b/drivers/mtd/nand/raw/marvell_nand.c @@ -1074,7 +1074,7 @@ static int marvell_nfc_hw_ecc_hmg_do_write_page(struct nand_chip *chip, return ret; ret = marvell_nfc_wait_op(chip, - chip->data_interface.timings.sdr.tPROG_max); + PSEC_TO_MSEC(chip->data_interface.timings.sdr.tPROG_max)); return ret; } @@ -1494,7 +1494,7 @@ static int marvell_nfc_hw_ecc_bch_write_page(struct mtd_info *mtd, } ret = marvell_nfc_wait_op(chip, - chip->data_interface.timings.sdr.tPROG_max); + PSEC_TO_MSEC(chip->data_interface.timings.sdr.tPROG_max)); marvell_nfc_disable_hw_ecc(chip); -- 2.17.0

7 years, 1 month

4
5
0 0

[v4.14.y PATCH] errseq: Always report a writeback error once

by Jeff Layton

From: Matthew Wilcox <willy(a)infradead.org> The errseq_t infrastructure assumes that errors which occurred before the file descriptor was opened are of no interest to the application. This turns out to be a regression for some applications, notably Postgres. Before errseq_t, a writeback error would be reported exactly once (as long as the inode remained in memory), so Postgres could open a file, call fsync() and find out whether there had been a writeback error on that file from another process. This patch changes the errseq infrastructure to report errors to all file descriptors which are opened after the error occurred, but before it was reported to any file descriptor. This restores the user-visible behaviour. [ jlayton: fix up conflicts in comments ] Cc: stable(a)vger.kernel.org Fixes: 5660e13d2fd6 ("fs: new infrastructure for writeback error handling and reporting") Signed-off-by: Matthew Wilcox <mawilcox(a)microsoft.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Jeff Layton <jlayton(a)redhat.com> (cherry picked from commit b4678df184b314a2bd47d2329feca2c2534aa12b) --- lib/errseq.c | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) This is a backport to the v4.14 stable series. The only merge conflict was due to an earlier patch by Willy to flesh out the comments. There were no code changes necessary. diff --git a/lib/errseq.c b/lib/errseq.c index 79cc66897db4..b6ed81ec788d 100644 --- a/lib/errseq.c +++ b/lib/errseq.c @@ -111,25 +111,22 @@ EXPORT_SYMBOL(errseq_set); * errseq_sample - grab current errseq_t value * @eseq: pointer to errseq_t to be sampled * - * This function allows callers to sample an errseq_t value, marking it as - * "seen" if required. + * This function allows callers to initialise their errseq_t variable. + * If the error has been "seen", new callers will not see an old error. + * If there is an unseen error in @eseq, the caller of this function will + * see it the next time it checks for an error. + * + * Context: Any context. + * Return: The current errseq value. */ errseq_t errseq_sample(errseq_t *eseq) { errseq_t old = READ_ONCE(*eseq); - errseq_t new = old; - /* - * For the common case of no errors ever having been set, we can skip - * marking the SEEN bit. Once an error has been set, the value will - * never go back to zero. - */ - if (old != 0) { - new |= ERRSEQ_SEEN; - if (old != new) - cmpxchg(eseq, old, new); - } - return new; + /* If nobody has seen this error yet, then we can be the first. */ + if (!(old & ERRSEQ_SEEN)) + old = 0; + return old; } EXPORT_SYMBOL(errseq_sample); -- 2.17.0

7 years, 1 month

3
2
0 0

[PATCH 0/6] virtio-console: spec compliance fixes

by Michael S. Tsirkin

Turns out virtio console tries to take a buffer out of an active vq. Works by sheer luck, and is explicitly forbidden by spec. And while going over it I saw that error handling is also broken - failure is easy to trigger if I force allocations to fail. Lightly tested. Michael S. Tsirkin (6): virtio_console: don't tie bufs to a vq virtio: add ability to iterate over vqs virtio_console: free buffers after reset virtio_console: drop custom control queue cleanup virtio_console: move removal code virtio_console: reset on out of memory drivers/char/virtio_console.c | 155 ++++++++++++++++++++---------------------- include/linux/virtio.h | 3 + 2 files changed, 75 insertions(+), 83 deletions(-) -- MST

7 years, 1 month

5
18
0 0

[PATCH 2/4] iio: imu: inv_mpu6050: fix possible deadlock between mutex and iio

by Jean-Baptiste Maneyrol

Detected by kernel circular locking dependency checker. We are locking iio mutex (iio_device_claim_direct_mode) after locking our internal mutex. But when the buffer starts, iio first locks its mutex and then we lock our internal one. To avoid possible deadlock, we need to use the same order everwhere. So we change the ordering by locking first iio mutex, then our internal mutex. Fixes: 68cd6e5b206b ("iio: imu: inv_mpu6050: fix lock issues by using our own mutex") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jmaneyrol(a)invensense.com> --- drivers/iio/imu/inv_mpu6050/inv_mpu_core.c | 34 ++++++++++++++---------------- 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c index aafa777..7358935 100644 --- a/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c +++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c @@ -340,12 +340,9 @@ static int inv_mpu6050_read_channel_data(struct iio_dev *indio_dev, int result; int ret; - result = iio_device_claim_direct_mode(indio_dev); - if (result) - return result; result = inv_mpu6050_set_power_itg(st, true); if (result) - goto error_release; + return result; switch (chan->type) { case IIO_ANGL_VEL: @@ -386,14 +383,11 @@ static int inv_mpu6050_read_channel_data(struct iio_dev *indio_dev, result = inv_mpu6050_set_power_itg(st, false); if (result) goto error_power_off; - iio_device_release_direct_mode(indio_dev); return ret; error_power_off: inv_mpu6050_set_power_itg(st, false); -error_release: - iio_device_release_direct_mode(indio_dev); return result; } @@ -407,9 +401,13 @@ inv_mpu6050_read_raw(struct iio_dev *indio_dev, switch (mask) { case IIO_CHAN_INFO_RAW: + ret = iio_device_claim_direct_mode(indio_dev); + if (ret) + return ret; mutex_lock(&st->lock); ret = inv_mpu6050_read_channel_data(indio_dev, chan, val); mutex_unlock(&st->lock); + iio_device_release_direct_mode(indio_dev); return ret; case IIO_CHAN_INFO_SCALE: switch (chan->type) { @@ -532,17 +530,18 @@ static int inv_mpu6050_write_raw(struct iio_dev *indio_dev, struct inv_mpu6050_state *st = iio_priv(indio_dev); int result; - mutex_lock(&st->lock); /* * we should only update scale when the chip is disabled, i.e. * not running */ result = iio_device_claim_direct_mode(indio_dev); if (result) - goto error_write_raw_unlock; + return result; + + mutex_lock(&st->lock); result = inv_mpu6050_set_power_itg(st, true); if (result) - goto error_write_raw_release; + goto error_write_raw_unlock; switch (mask) { case IIO_CHAN_INFO_SCALE: @@ -581,10 +580,9 @@ static int inv_mpu6050_write_raw(struct iio_dev *indio_dev, } result |= inv_mpu6050_set_power_itg(st, false); -error_write_raw_release: - iio_device_release_direct_mode(indio_dev); error_write_raw_unlock: mutex_unlock(&st->lock); + iio_device_release_direct_mode(indio_dev); return result; } @@ -643,17 +641,18 @@ inv_mpu6050_fifo_rate_store(struct device *dev, struct device_attribute *attr, fifo_rate > INV_MPU6050_MAX_FIFO_RATE) return -EINVAL; + result = iio_device_claim_direct_mode(indio_dev); + if (result) + return result; + mutex_lock(&st->lock); if (fifo_rate == st->chip_config.fifo_rate) { result = 0; goto fifo_rate_fail_unlock; } - result = iio_device_claim_direct_mode(indio_dev); - if (result) - goto fifo_rate_fail_unlock; result = inv_mpu6050_set_power_itg(st, true); if (result) - goto fifo_rate_fail_release; + goto fifo_rate_fail_unlock; d = INV_MPU6050_ONE_K_HZ / fifo_rate - 1; result = regmap_write(st->map, st->reg->sample_rate_div, d); @@ -667,10 +666,9 @@ inv_mpu6050_fifo_rate_store(struct device *dev, struct device_attribute *attr, fifo_rate_fail_power_off: result |= inv_mpu6050_set_power_itg(st, false); -fifo_rate_fail_release: - iio_device_release_direct_mode(indio_dev); fifo_rate_fail_unlock: mutex_unlock(&st->lock); + iio_device_release_direct_mode(indio_dev); if (result) return result; -- 2.7.4

7 years, 1 month

2
1
0 0

FAILED: patch "[PATCH] cpufreq / CPPC: Set platform specific transition_delay_us" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From d4f3388afd488ed15368fa7413b8bd6d1f98bb1d Mon Sep 17 00:00:00 2001 From: Prashanth Prakash <pprakash(a)codeaurora.org> Date: Fri, 27 Apr 2018 11:35:27 -0600 Subject: [PATCH] cpufreq / CPPC: Set platform specific transition_delay_us Add support to specify platform specific transition_delay_us instead of using the transition delay derived from PCC. With commit 3d41386d556d (cpufreq: CPPC: Use transition_delay_us depending transition_latency) we are setting transition_delay_us directly and not applying the LATENCY_MULTIPLIER. Because of that, on Qualcomm Centriq we can end up with a very high rate of frequency change requests when using the schedutil governor (default rate_limit_us=10 compared to an earlier value of 10000). The PCC subspace describes the rate at which the platform can accept commands on the CPPC's PCC channel. This includes read and write command on the PCC channel that can be used for reasons other than frequency transitions. Moreover the same PCC subspace can be used by multiple freq domains and deriving transition_delay_us from it as we do now can be sub-optimal. Moreover if a platform does not use PCC for desired_perf register then there is no way to compute the transition latency or the delay_us. CPPC does not have a standard defined mechanism to get the transition rate or the latency at the moment. Given the above limitations, it is simpler to have a platform specific transition_delay_us and rely on PCC derived value only if a platform specific value is not available. Signed-off-by: Prashanth Prakash <pprakash(a)codeaurora.org> Cc: 4.14+ <stable(a)vger.kernel.org> # 4.14+ Fixes: 3d41386d556d (cpufreq: CPPC: Use transition_delay_us depending transition_latency) Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c index bc5fc1630876..b15115a48775 100644 --- a/drivers/cpufreq/cppc_cpufreq.c +++ b/drivers/cpufreq/cppc_cpufreq.c @@ -126,6 +126,49 @@ static void cppc_cpufreq_stop_cpu(struct cpufreq_policy *policy) cpu->perf_caps.lowest_perf, cpu_num, ret); } +/* + * The PCC subspace describes the rate at which platform can accept commands + * on the shared PCC channel (including READs which do not count towards freq + * trasition requests), so ideally we need to use the PCC values as a fallback + * if we don't have a platform specific transition_delay_us + */ +#ifdef CONFIG_ARM64 +#include <asm/cputype.h> + +static unsigned int cppc_cpufreq_get_transition_delay_us(int cpu) +{ + unsigned long implementor = read_cpuid_implementor(); + unsigned long part_num = read_cpuid_part_number(); + unsigned int delay_us = 0; + + switch (implementor) { + case ARM_CPU_IMP_QCOM: + switch (part_num) { + case QCOM_CPU_PART_FALKOR_V1: + case QCOM_CPU_PART_FALKOR: + delay_us = 10000; + break; + default: + delay_us = cppc_get_transition_latency(cpu) / NSEC_PER_USEC; + break; + } + break; + default: + delay_us = cppc_get_transition_latency(cpu) / NSEC_PER_USEC; + break; + } + + return delay_us; +} + +#else + +static unsigned int cppc_cpufreq_get_transition_delay_us(int cpu) +{ + return cppc_get_transition_latency(cpu) / NSEC_PER_USEC; +} +#endif + static int cppc_cpufreq_cpu_init(struct cpufreq_policy *policy) { struct cppc_cpudata *cpu; @@ -162,8 +205,7 @@ static int cppc_cpufreq_cpu_init(struct cpufreq_policy *policy) cpu->perf_caps.highest_perf; policy->cpuinfo.max_freq = cppc_dmi_max_khz; - policy->transition_delay_us = cppc_get_transition_latency(cpu_num) / - NSEC_PER_USEC; + policy->transition_delay_us = cppc_cpufreq_get_transition_delay_us(cpu_num); policy->shared_type = cpu->shared_type; if (policy->shared_type == CPUFREQ_SHARED_TYPE_ANY) {

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] cpufreq / CPPC: Set platform specific transition_delay_us" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From d4f3388afd488ed15368fa7413b8bd6d1f98bb1d Mon Sep 17 00:00:00 2001 From: Prashanth Prakash <pprakash(a)codeaurora.org> Date: Fri, 27 Apr 2018 11:35:27 -0600 Subject: [PATCH] cpufreq / CPPC: Set platform specific transition_delay_us Add support to specify platform specific transition_delay_us instead of using the transition delay derived from PCC. With commit 3d41386d556d (cpufreq: CPPC: Use transition_delay_us depending transition_latency) we are setting transition_delay_us directly and not applying the LATENCY_MULTIPLIER. Because of that, on Qualcomm Centriq we can end up with a very high rate of frequency change requests when using the schedutil governor (default rate_limit_us=10 compared to an earlier value of 10000). The PCC subspace describes the rate at which the platform can accept commands on the CPPC's PCC channel. This includes read and write command on the PCC channel that can be used for reasons other than frequency transitions. Moreover the same PCC subspace can be used by multiple freq domains and deriving transition_delay_us from it as we do now can be sub-optimal. Moreover if a platform does not use PCC for desired_perf register then there is no way to compute the transition latency or the delay_us. CPPC does not have a standard defined mechanism to get the transition rate or the latency at the moment. Given the above limitations, it is simpler to have a platform specific transition_delay_us and rely on PCC derived value only if a platform specific value is not available. Signed-off-by: Prashanth Prakash <pprakash(a)codeaurora.org> Cc: 4.14+ <stable(a)vger.kernel.org> # 4.14+ Fixes: 3d41386d556d (cpufreq: CPPC: Use transition_delay_us depending transition_latency) Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c index bc5fc1630876..b15115a48775 100644 --- a/drivers/cpufreq/cppc_cpufreq.c +++ b/drivers/cpufreq/cppc_cpufreq.c @@ -126,6 +126,49 @@ static void cppc_cpufreq_stop_cpu(struct cpufreq_policy *policy) cpu->perf_caps.lowest_perf, cpu_num, ret); } +/* + * The PCC subspace describes the rate at which platform can accept commands + * on the shared PCC channel (including READs which do not count towards freq + * trasition requests), so ideally we need to use the PCC values as a fallback + * if we don't have a platform specific transition_delay_us + */ +#ifdef CONFIG_ARM64 +#include <asm/cputype.h> + +static unsigned int cppc_cpufreq_get_transition_delay_us(int cpu) +{ + unsigned long implementor = read_cpuid_implementor(); + unsigned long part_num = read_cpuid_part_number(); + unsigned int delay_us = 0; + + switch (implementor) { + case ARM_CPU_IMP_QCOM: + switch (part_num) { + case QCOM_CPU_PART_FALKOR_V1: + case QCOM_CPU_PART_FALKOR: + delay_us = 10000; + break; + default: + delay_us = cppc_get_transition_latency(cpu) / NSEC_PER_USEC; + break; + } + break; + default: + delay_us = cppc_get_transition_latency(cpu) / NSEC_PER_USEC; + break; + } + + return delay_us; +} + +#else + +static unsigned int cppc_cpufreq_get_transition_delay_us(int cpu) +{ + return cppc_get_transition_latency(cpu) / NSEC_PER_USEC; +} +#endif + static int cppc_cpufreq_cpu_init(struct cpufreq_policy *policy) { struct cppc_cpudata *cpu; @@ -162,8 +205,7 @@ static int cppc_cpufreq_cpu_init(struct cpufreq_policy *policy) cpu->perf_caps.highest_perf; policy->cpuinfo.max_freq = cppc_dmi_max_khz; - policy->transition_delay_us = cppc_get_transition_latency(cpu_num) / - NSEC_PER_USEC; + policy->transition_delay_us = cppc_cpufreq_get_transition_delay_us(cpu_num); policy->shared_type = cpu->shared_type; if (policy->shared_type == CPUFREQ_SHARED_TYPE_ANY) {

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] IB/mlx5: Fix represent correct netdevice in dual port RoCE" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 84a6a7a99c0ac2f67366288c0625c9fba176b264 Mon Sep 17 00:00:00 2001 From: Parav Pandit <parav(a)mellanox.com> Date: Mon, 23 Apr 2018 17:01:55 +0300 Subject: [PATCH] IB/mlx5: Fix represent correct netdevice in dual port RoCE In commit bcf87f1dbbec ("IB/mlx5: Listen to netdev register/unresiter events in switchdev mode") incorrectly mapped primary device's netdevice to 2nd port netdevice. It always represented primary port's netdevice for 2nd port netdevice when ib representors were not used. This results into failing to process CM request arriving on 2nd port due to incorrect mapping of netdevice. This fix corrects it by considering the right mdev. Cc: <stable(a)vger.kernel.org> # 4.16 Fixes: bcf87f1dbbec ("IB/mlx5: Listen to netdev register/unresiter events in switchdev mode") Reviewed-by: Mark Bloch <markb(a)mellanox.com> Signed-off-by: Parav Pandit <parav(a)mellanox.com> Signed-off-by: Leon Romanovsky <leonro(a)mellanox.com> Signed-off-by: Doug Ledford <dledford(a)redhat.com> diff --git a/drivers/infiniband/hw/mlx5/main.c b/drivers/infiniband/hw/mlx5/main.c index 6a749c02b14c..78a4b2797057 100644 --- a/drivers/infiniband/hw/mlx5/main.c +++ b/drivers/infiniband/hw/mlx5/main.c @@ -179,7 +179,7 @@ static int mlx5_netdev_event(struct notifier_block *this, if (rep_ndev == ndev) roce->netdev = (event == NETDEV_UNREGISTER) ? NULL : ndev; - } else if (ndev->dev.parent == &ibdev->mdev->pdev->dev) { + } else if (ndev->dev.parent == &mdev->pdev->dev) { roce->netdev = (event == NETDEV_UNREGISTER) ? NULL : ndev; }

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b4bd701ac469075d94ed9699a28755f2862252b9 Mon Sep 17 00:00:00 2001 From: Leon Romanovsky <leonro(a)mellanox.com> Date: Mon, 23 Apr 2018 17:01:52 +0300 Subject: [PATCH] RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow Failure in rereg MR releases UMEM but leaves the MR to be destroyed by the user. As a result the following scenario may happen: "create MR -> rereg MR with failure -> call to rereg MR again" and hit "NULL-ptr deref or user memory access" errors. Ensure that rereg MR is only performed on a non-dead MR. Cc: syzkaller <syzkaller(a)googlegroups.com> Cc: <stable(a)vger.kernel.org> # 4.5 Fixes: 395a8e4c32ea ("IB/mlx5: Refactoring register MR code") Reported-by: Noa Osherovich <noaos(a)mellanox.com> Signed-off-by: Leon Romanovsky <leonro(a)mellanox.com> Signed-off-by: Doug Ledford <dledford(a)redhat.com> diff --git a/drivers/infiniband/hw/mlx5/mr.c b/drivers/infiniband/hw/mlx5/mr.c index 1520a2f20f98..90a9c461cedc 100644 --- a/drivers/infiniband/hw/mlx5/mr.c +++ b/drivers/infiniband/hw/mlx5/mr.c @@ -866,25 +866,28 @@ static int mr_umem_get(struct ib_pd *pd, u64 start, u64 length, int *order) { struct mlx5_ib_dev *dev = to_mdev(pd->device); + struct ib_umem *u; int err; - *umem = ib_umem_get(pd->uobject->context, start, length, - access_flags, 0); - err = PTR_ERR_OR_ZERO(*umem); + *umem = NULL; + + u = ib_umem_get(pd->uobject->context, start, length, access_flags, 0); + err = PTR_ERR_OR_ZERO(u); if (err) { - *umem = NULL; - mlx5_ib_err(dev, "umem get failed (%d)\n", err); + mlx5_ib_dbg(dev, "umem get failed (%d)\n", err); return err; } - mlx5_ib_cont_pages(*umem, start, MLX5_MKEY_PAGE_SHIFT_MASK, npages, + mlx5_ib_cont_pages(u, start, MLX5_MKEY_PAGE_SHIFT_MASK, npages, page_shift, ncont, order); if (!*npages) { mlx5_ib_warn(dev, "avoid zero region\n"); - ib_umem_release(*umem); + ib_umem_release(u); return -EINVAL; } + *umem = u; + mlx5_ib_dbg(dev, "npages %d, ncont %d, order %d, page_shift %d\n", *npages, *ncont, *order, *page_shift); @@ -1458,13 +1461,12 @@ int mlx5_ib_rereg_user_mr(struct ib_mr *ib_mr, int flags, u64 start, int access_flags = flags & IB_MR_REREG_ACCESS ? new_access_flags : mr->access_flags; - u64 addr = (flags & IB_MR_REREG_TRANS) ? virt_addr : mr->umem->address; - u64 len = (flags & IB_MR_REREG_TRANS) ? length : mr->umem->length; int page_shift = 0; int upd_flags = 0; int npages = 0; int ncont = 0; int order = 0; + u64 addr, len; int err; mlx5_ib_dbg(dev, "start 0x%llx, virt_addr 0x%llx, length 0x%llx, access_flags 0x%x\n", @@ -1472,6 +1474,17 @@ int mlx5_ib_rereg_user_mr(struct ib_mr *ib_mr, int flags, u64 start, atomic_sub(mr->npages, &dev->mdev->priv.reg_pages); + if (!mr->umem) + return -EINVAL; + + if (flags & IB_MR_REREG_TRANS) { + addr = virt_addr; + len = length; + } else { + addr = mr->umem->address; + len = mr->umem->length; + } + if (flags != IB_MR_REREG_PD) { /* * Replace umem. This needs to be done whether or not UMR is @@ -1479,6 +1492,7 @@ int mlx5_ib_rereg_user_mr(struct ib_mr *ib_mr, int flags, u64 start, */ flags |= IB_MR_REREG_TRANS; ib_umem_release(mr->umem); + mr->umem = NULL; err = mr_umem_get(pd, addr, len, access_flags, &mr->umem, &npages, &page_shift, &ncont, &order); if (err)

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] tracing: Fix bad use of igrab in trace_uprobe.c" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0c92c7a3c5d416f47b32c5f20a611dfeca5d5f2e Mon Sep 17 00:00:00 2001 From: Song Liu <songliubraving(a)fb.com> Date: Mon, 23 Apr 2018 10:21:34 -0700 Subject: [PATCH] tracing: Fix bad use of igrab in trace_uprobe.c As Miklos reported and suggested: This pattern repeats two times in trace_uprobe.c and in kernel/events/core.c as well: ret = kern_path(filename, LOOKUP_FOLLOW, &path); if (ret) goto fail_address_parse; inode = igrab(d_inode(path.dentry)); path_put(&path); And it's wrong. You can only hold a reference to the inode if you have an active ref to the superblock as well (which is normally through path.mnt) or holding s_umount. This way unmounting the containing filesystem while the tracepoint is active will give you the "VFS: Busy inodes after unmount..." message and a crash when the inode is finally put. Solution: store path instead of inode. This patch fixes two instances in trace_uprobe.c. struct path is added to struct trace_uprobe to keep the inode and containing mount point referenced. Link: http://lkml.kernel.org/r/20180423172135.4050588-1-songliubraving@fb.com Fixes: f3f096cfedf8 ("tracing: Provide trace events interface for uprobes") Fixes: 33ea4b24277b ("perf/core: Implement the 'perf_uprobe' PMU") Cc: stable(a)vger.kernel.org Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Howard McLauchlan <hmclauchlan(a)fb.com> Cc: Josef Bacik <jbacik(a)fb.com> Cc: Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> Acked-by: Miklos Szeredi <mszeredi(a)redhat.com> Reported-by: Miklos Szeredi <miklos(a)szeredi.hu> Signed-off-by: Song Liu <songliubraving(a)fb.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index 34fd0e0ec51d..ac892878dbe6 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -55,6 +55,7 @@ struct trace_uprobe { struct list_head list; struct trace_uprobe_filter filter; struct uprobe_consumer consumer; + struct path path; struct inode *inode; char *filename; unsigned long offset; @@ -289,7 +290,7 @@ static void free_trace_uprobe(struct trace_uprobe *tu) for (i = 0; i < tu->tp.nr_args; i++) traceprobe_free_probe_arg(&tu->tp.args[i]); - iput(tu->inode); + path_put(&tu->path); kfree(tu->tp.call.class->system); kfree(tu->tp.call.name); kfree(tu->filename); @@ -363,7 +364,6 @@ static int register_trace_uprobe(struct trace_uprobe *tu) static int create_trace_uprobe(int argc, char **argv) { struct trace_uprobe *tu; - struct inode *inode; char *arg, *event, *group, *filename; char buf[MAX_EVENT_NAME_LEN]; struct path path; @@ -371,7 +371,6 @@ static int create_trace_uprobe(int argc, char **argv) bool is_delete, is_return; int i, ret; - inode = NULL; ret = 0; is_delete = false; is_return = false; @@ -437,21 +436,16 @@ static int create_trace_uprobe(int argc, char **argv) } /* Find the last occurrence, in case the path contains ':' too. */ arg = strrchr(argv[1], ':'); - if (!arg) { - ret = -EINVAL; - goto fail_address_parse; - } + if (!arg) + return -EINVAL; *arg++ = '\0'; filename = argv[1]; ret = kern_path(filename, LOOKUP_FOLLOW, &path); if (ret) - goto fail_address_parse; - - inode = igrab(d_real_inode(path.dentry)); - path_put(&path); + return ret; - if (!inode || !S_ISREG(inode->i_mode)) { + if (!d_is_reg(path.dentry)) { ret = -EINVAL; goto fail_address_parse; } @@ -490,7 +484,7 @@ static int create_trace_uprobe(int argc, char **argv) goto fail_address_parse; } tu->offset = offset; - tu->inode = inode; + tu->path = path; tu->filename = kstrdup(filename, GFP_KERNEL); if (!tu->filename) { @@ -558,7 +552,7 @@ static int create_trace_uprobe(int argc, char **argv) return ret; fail_address_parse: - iput(inode); + path_put(&path); pr_info("Failed to parse address or file.\n"); @@ -922,6 +916,7 @@ probe_event_enable(struct trace_uprobe *tu, struct trace_event_file *file, goto err_flags; tu->consumer.filter = filter; + tu->inode = d_real_inode(tu->path.dentry); ret = uprobe_register(tu->inode, tu->offset, &tu->consumer); if (ret) goto err_buffer; @@ -967,6 +962,7 @@ probe_event_disable(struct trace_uprobe *tu, struct trace_event_file *file) WARN_ON(!uprobe_filter_is_empty(&tu->filter)); uprobe_unregister(tu->inode, tu->offset, &tu->consumer); + tu->inode = NULL; tu->tp.flags &= file ? ~TP_FLAG_TRACE : ~TP_FLAG_PROFILE; uprobe_buffer_disable(); @@ -1337,7 +1333,6 @@ struct trace_event_call * create_local_trace_uprobe(char *name, unsigned long offs, bool is_return) { struct trace_uprobe *tu; - struct inode *inode; struct path path; int ret; @@ -1345,11 +1340,8 @@ create_local_trace_uprobe(char *name, unsigned long offs, bool is_return) if (ret) return ERR_PTR(ret); - inode = igrab(d_inode(path.dentry)); - path_put(&path); - - if (!inode || !S_ISREG(inode->i_mode)) { - iput(inode); + if (!d_is_reg(path.dentry)) { + path_put(&path); return ERR_PTR(-EINVAL); } @@ -1364,11 +1356,12 @@ create_local_trace_uprobe(char *name, unsigned long offs, bool is_return) if (IS_ERR(tu)) { pr_info("Failed to allocate trace_uprobe.(%d)\n", (int)PTR_ERR(tu)); + path_put(&path); return ERR_CAST(tu); } tu->offset = offs; - tu->inode = inode; + tu->path = path; tu->filename = kstrdup(name, GFP_KERNEL); init_trace_event_call(tu, &tu->tp.call);

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] tracing: Fix bad use of igrab in trace_uprobe.c" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0c92c7a3c5d416f47b32c5f20a611dfeca5d5f2e Mon Sep 17 00:00:00 2001 From: Song Liu <songliubraving(a)fb.com> Date: Mon, 23 Apr 2018 10:21:34 -0700 Subject: [PATCH] tracing: Fix bad use of igrab in trace_uprobe.c As Miklos reported and suggested: This pattern repeats two times in trace_uprobe.c and in kernel/events/core.c as well: ret = kern_path(filename, LOOKUP_FOLLOW, &path); if (ret) goto fail_address_parse; inode = igrab(d_inode(path.dentry)); path_put(&path); And it's wrong. You can only hold a reference to the inode if you have an active ref to the superblock as well (which is normally through path.mnt) or holding s_umount. This way unmounting the containing filesystem while the tracepoint is active will give you the "VFS: Busy inodes after unmount..." message and a crash when the inode is finally put. Solution: store path instead of inode. This patch fixes two instances in trace_uprobe.c. struct path is added to struct trace_uprobe to keep the inode and containing mount point referenced. Link: http://lkml.kernel.org/r/20180423172135.4050588-1-songliubraving@fb.com Fixes: f3f096cfedf8 ("tracing: Provide trace events interface for uprobes") Fixes: 33ea4b24277b ("perf/core: Implement the 'perf_uprobe' PMU") Cc: stable(a)vger.kernel.org Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Howard McLauchlan <hmclauchlan(a)fb.com> Cc: Josef Bacik <jbacik(a)fb.com> Cc: Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> Acked-by: Miklos Szeredi <mszeredi(a)redhat.com> Reported-by: Miklos Szeredi <miklos(a)szeredi.hu> Signed-off-by: Song Liu <songliubraving(a)fb.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index 34fd0e0ec51d..ac892878dbe6 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -55,6 +55,7 @@ struct trace_uprobe { struct list_head list; struct trace_uprobe_filter filter; struct uprobe_consumer consumer; + struct path path; struct inode *inode; char *filename; unsigned long offset; @@ -289,7 +290,7 @@ static void free_trace_uprobe(struct trace_uprobe *tu) for (i = 0; i < tu->tp.nr_args; i++) traceprobe_free_probe_arg(&tu->tp.args[i]); - iput(tu->inode); + path_put(&tu->path); kfree(tu->tp.call.class->system); kfree(tu->tp.call.name); kfree(tu->filename); @@ -363,7 +364,6 @@ static int register_trace_uprobe(struct trace_uprobe *tu) static int create_trace_uprobe(int argc, char **argv) { struct trace_uprobe *tu; - struct inode *inode; char *arg, *event, *group, *filename; char buf[MAX_EVENT_NAME_LEN]; struct path path; @@ -371,7 +371,6 @@ static int create_trace_uprobe(int argc, char **argv) bool is_delete, is_return; int i, ret; - inode = NULL; ret = 0; is_delete = false; is_return = false; @@ -437,21 +436,16 @@ static int create_trace_uprobe(int argc, char **argv) } /* Find the last occurrence, in case the path contains ':' too. */ arg = strrchr(argv[1], ':'); - if (!arg) { - ret = -EINVAL; - goto fail_address_parse; - } + if (!arg) + return -EINVAL; *arg++ = '\0'; filename = argv[1]; ret = kern_path(filename, LOOKUP_FOLLOW, &path); if (ret) - goto fail_address_parse; - - inode = igrab(d_real_inode(path.dentry)); - path_put(&path); + return ret; - if (!inode || !S_ISREG(inode->i_mode)) { + if (!d_is_reg(path.dentry)) { ret = -EINVAL; goto fail_address_parse; } @@ -490,7 +484,7 @@ static int create_trace_uprobe(int argc, char **argv) goto fail_address_parse; } tu->offset = offset; - tu->inode = inode; + tu->path = path; tu->filename = kstrdup(filename, GFP_KERNEL); if (!tu->filename) { @@ -558,7 +552,7 @@ static int create_trace_uprobe(int argc, char **argv) return ret; fail_address_parse: - iput(inode); + path_put(&path); pr_info("Failed to parse address or file.\n"); @@ -922,6 +916,7 @@ probe_event_enable(struct trace_uprobe *tu, struct trace_event_file *file, goto err_flags; tu->consumer.filter = filter; + tu->inode = d_real_inode(tu->path.dentry); ret = uprobe_register(tu->inode, tu->offset, &tu->consumer); if (ret) goto err_buffer; @@ -967,6 +962,7 @@ probe_event_disable(struct trace_uprobe *tu, struct trace_event_file *file) WARN_ON(!uprobe_filter_is_empty(&tu->filter)); uprobe_unregister(tu->inode, tu->offset, &tu->consumer); + tu->inode = NULL; tu->tp.flags &= file ? ~TP_FLAG_TRACE : ~TP_FLAG_PROFILE; uprobe_buffer_disable(); @@ -1337,7 +1333,6 @@ struct trace_event_call * create_local_trace_uprobe(char *name, unsigned long offs, bool is_return) { struct trace_uprobe *tu; - struct inode *inode; struct path path; int ret; @@ -1345,11 +1340,8 @@ create_local_trace_uprobe(char *name, unsigned long offs, bool is_return) if (ret) return ERR_PTR(ret); - inode = igrab(d_inode(path.dentry)); - path_put(&path); - - if (!inode || !S_ISREG(inode->i_mode)) { - iput(inode); + if (!d_is_reg(path.dentry)) { + path_put(&path); return ERR_PTR(-EINVAL); } @@ -1364,11 +1356,12 @@ create_local_trace_uprobe(char *name, unsigned long offs, bool is_return) if (IS_ERR(tu)) { pr_info("Failed to allocate trace_uprobe.(%d)\n", (int)PTR_ERR(tu)); + path_put(&path); return ERR_CAST(tu); } tu->offset = offs; - tu->inode = inode; + tu->path = path; tu->filename = kstrdup(name, GFP_KERNEL); init_trace_event_call(tu, &tu->tp.call);

7 years, 1 month

1
0
0 0

FAILED: patch "[PATCH] errseq: Always report a writeback error once" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b4678df184b314a2bd47d2329feca2c2534aa12b Mon Sep 17 00:00:00 2001 From: Matthew Wilcox <willy(a)infradead.org> Date: Tue, 24 Apr 2018 14:02:57 -0700 Subject: [PATCH] errseq: Always report a writeback error once The errseq_t infrastructure assumes that errors which occurred before the file descriptor was opened are of no interest to the application. This turns out to be a regression for some applications, notably Postgres. Before errseq_t, a writeback error would be reported exactly once (as long as the inode remained in memory), so Postgres could open a file, call fsync() and find out whether there had been a writeback error on that file from another process. This patch changes the errseq infrastructure to report errors to all file descriptors which are opened after the error occurred, but before it was reported to any file descriptor. This restores the user-visible behaviour. Cc: stable(a)vger.kernel.org Fixes: 5660e13d2fd6 ("fs: new infrastructure for writeback error handling and reporting") Signed-off-by: Matthew Wilcox <mawilcox(a)microsoft.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Jeff Layton <jlayton(a)redhat.com> diff --git a/lib/errseq.c b/lib/errseq.c index df782418b333..81f9e33aa7e7 100644 --- a/lib/errseq.c +++ b/lib/errseq.c @@ -111,27 +111,22 @@ EXPORT_SYMBOL(errseq_set); * errseq_sample() - Grab current errseq_t value. * @eseq: Pointer to errseq_t to be sampled. * - * This function allows callers to sample an errseq_t value, marking it as - * "seen" if required. + * This function allows callers to initialise their errseq_t variable. + * If the error has been "seen", new callers will not see an old error. + * If there is an unseen error in @eseq, the caller of this function will + * see it the next time it checks for an error. * + * Context: Any context. * Return: The current errseq value. */ errseq_t errseq_sample(errseq_t *eseq) { errseq_t old = READ_ONCE(*eseq); - errseq_t new = old; - /* - * For the common case of no errors ever having been set, we can skip - * marking the SEEN bit. Once an error has been set, the value will - * never go back to zero. - */ - if (old != 0) { - new |= ERRSEQ_SEEN; - if (old != new) - cmpxchg(eseq, old, new); - } - return new; + /* If nobody has seen this error yet, then we can be the first. */ + if (!(old & ERRSEQ_SEEN)) + old = 0; + return old; } EXPORT_SYMBOL(errseq_sample);

7 years, 1 month

1
0
0 0

EOL for the 3.2 kernel?

by Charlemagne Lasse

Hi, will there be an announcement that Linux 3.2 is EOL or will there be another release which announces it as the last release of this stable series? The kernel release page https://www.kernel.org/category/releases.html lists it as EOL for this month. Charlemagne

7 years, 1 month

2
1
0 0

[git:media_tree/master] media: cx231xx: Ignore an i2c mux adapter

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: cx231xx: Ignore an i2c mux adapter Author: Brad Love <brad(a)nextdimension.cc> Date: Thu May 3 17:20:10 2018 -0400 Hauppauge 935C cannot communicate with the si2157 when using the mux adapter returned by the si2168, so disable it to fix the device. Signed-off-by: Brad Love <brad(a)nextdimension.cc> Cc: stable(a)vger.kernel.org Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/usb/cx231xx/cx231xx-dvb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- diff --git a/drivers/media/usb/cx231xx/cx231xx-dvb.c b/drivers/media/usb/cx231xx/cx231xx-dvb.c index 18be20ba8309..86c33f5ff1a3 100644 --- a/drivers/media/usb/cx231xx/cx231xx-dvb.c +++ b/drivers/media/usb/cx231xx/cx231xx-dvb.c @@ -1150,7 +1150,7 @@ static int dvb_init(struct cx231xx *dev) info.platform_data = &si2157_config; request_module("si2157"); - client = i2c_new_device(adapter, &info); + client = i2c_new_device(tuner_i2c, &info); if (client == NULL || client->dev.driver == NULL) { module_put(dvb->i2c_client_demod[0]->dev.driver->owner); i2c_unregister_device(dvb->i2c_client_demod[0]);

7 years, 1 month

1
0
0 0

[PATCH] [stable] arm64: Add work around for Arm Cortex-A55 Erratum 1024718

by Suzuki K Poulose

commit ece1397cbc89c51914fae1aec729539cfd8bd62b upstream Some variants of the Arm Cortex-55 cores (r0p0, r0p1, r1p0) suffer from an erratum 1024718, which causes incorrect updates when DBM/AP bits in a page table entry is modified without a break-before-make sequence. The work around is to disable the hardware DBM feature on the affected cores. The hardware Access Flag management features is not affected. The hardware DBM feature is a non-conflicting capability, i.e, the kernel could handle cores using the feature and those without having the features running at the same time. So this work around is detected at early boot time, rather than delaying it until the CPUs are brought up into the kernel with MMU turned on. This also avoids other complexities with late CPUs turning online, with or without the hardware DBM features. Note: The upstream commit is on top of a reworked capability infrastructure for arm64 heterogeneous systems, which allows handling this later in the boot process. This backport is based on the original version of the patch [0]. Folded the 3 patches into this single commit, removing the unncessary bits. [0] https://lkml.kernel.org/r/20180116102323.3470-1-suzuki.poulose@arm.com Cc: stable(a)vger.kernel.org # v4.3 to v4.16 Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> --- Documentation/arm64/silicon-errata.txt | 1 + arch/arm64/Kconfig | 14 ++++++++++++ arch/arm64/include/asm/assembler.h | 40 ++++++++++++++++++++++++++++++++++ arch/arm64/include/asm/cputype.h | 2 ++ arch/arm64/mm/proc.S | 5 +++++ 5 files changed, 62 insertions(+) diff --git a/Documentation/arm64/silicon-errata.txt b/Documentation/arm64/silicon-errata.txt index c1d520d..3b2f2dd 100644 --- a/Documentation/arm64/silicon-errata.txt +++ b/Documentation/arm64/silicon-errata.txt @@ -55,6 +55,7 @@ stable kernels. | ARM | Cortex-A57 | #834220 | ARM64_ERRATUM_834220 | | ARM | Cortex-A72 | #853709 | N/A | | ARM | Cortex-A73 | #858921 | ARM64_ERRATUM_858921 | +| ARM | Cortex-A55 | #1024718 | ARM64_ERRATUM_1024718 | | ARM | MMU-500 | #841119,#826419 | N/A | | | | | | | Cavium | ThunderX ITS | #22375, #24313 | CAVIUM_ERRATUM_22375 | diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 7381eeb..be66576 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -464,6 +464,20 @@ config ARM64_ERRATUM_843419 If unsure, say Y. +config ARM64_ERRATUM_1024718 + bool "Cortex-A55: 1024718: Update of DBM/AP bits without break before make might result in incorrect update" + default y + help + This option adds work around for Arm Cortex-A55 Erratum 1024718. + + Affected Cortex-A55 cores (r0p0, r0p1, r1p0) could cause incorrect + update of the hardware dirty bit when the DBM/AP bits are updated + without a break-before-make. The work around is to disable the usage + of hardware DBM locally on the affected cores. CPUs not affected by + erratum will continue to use the feature. + + If unsure, say Y. + config CAVIUM_ERRATUM_22375 bool "Cavium erratum 22375, 24313" default y diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h index 3c78835..a3ca19e 100644 --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -25,6 +25,7 @@ #include <asm/asm-offsets.h> #include <asm/cpufeature.h> +#include <asm/cputype.h> #include <asm/debug-monitors.h> #include <asm/page.h> #include <asm/pgtable-hwdef.h> @@ -595,4 +596,43 @@ USER(\label, ic ivau, \tmp2) // invalidate I line PoU #endif .endm +/* + * Check the MIDR_EL1 of the current CPU for a given model and a range of + * variant/revision. See asm/cputype.h for the macros used below. + * + * model: MIDR_CPU_MODEL of CPU + * rv_min: Minimum of MIDR_CPU_VAR_REV() + * rv_max: Maximum of MIDR_CPU_VAR_REV() + * res: Result register. + * tmp1, tmp2, tmp3: Temporary registers + * + * Corrupts: res, tmp1, tmp2, tmp3 + * Returns: 0, if the CPU id doesn't match. Non-zero otherwise + */ + .macro cpu_midr_match model, rv_min, rv_max, res, tmp1, tmp2, tmp3 + mrs \res, midr_el1 + mov_q \tmp1, (MIDR_REVISION_MASK | MIDR_VARIANT_MASK) + mov_q \tmp2, MIDR_CPU_MODEL_MASK + and \tmp3, \res, \tmp2 // Extract model + and \tmp1, \res, \tmp1 // rev & variant + mov_q \tmp2, \model + cmp \tmp3, \tmp2 + cset \res, eq + cbz \res, .Ldone\@ // Model matches ? + + .if (\rv_min != 0) // Skip min check if rv_min == 0 + mov_q \tmp3, \rv_min + cmp \tmp1, \tmp3 + cset \res, ge + .endif // \rv_min != 0 + /* Skip rv_max check if rv_min == rv_max && rv_min != 0 */ + .if ((\rv_min != \rv_max) || \rv_min == 0) + mov_q \tmp2, \rv_max + cmp \tmp1, \tmp2 + cset \tmp2, le + and \res, \res, \tmp2 + .endif +.Ldone\@: + .endm + #endif /* __ASM_ASSEMBLER_H */ diff --git a/arch/arm64/include/asm/cputype.h b/arch/arm64/include/asm/cputype.h index 350c76a..8e32a6f 100644 --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -83,6 +83,7 @@ #define ARM_CPU_PART_CORTEX_A53 0xD03 #define ARM_CPU_PART_CORTEX_A73 0xD09 #define ARM_CPU_PART_CORTEX_A75 0xD0A +#define ARM_CPU_PART_CORTEX_A55 0xD05 #define APM_CPU_PART_POTENZA 0x000 @@ -102,6 +103,7 @@ #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) #define MIDR_CORTEX_A73 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A73) #define MIDR_CORTEX_A75 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A75) +#define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55) #define MIDR_THUNDERX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX) #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX) #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_83XX) diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S index c0af476..5244440 100644 --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -448,6 +448,11 @@ ENTRY(__cpu_setup) cbz x9, 2f cmp x9, #2 b.lt 1f +#ifdef CONFIG_ARM64_ERRATUM_1024718 + /* Disable hardware DBM on Cortex-A55 r0p0, r0p1 & r1p0 */ + cpu_midr_match MIDR_CORTEX_A55, MIDR_CPU_VAR_REV(0, 0), MIDR_CPU_VAR_REV(1, 0), x1, x2, x3, x4 + cbnz x1, 1f +#endif orr x10, x10, #TCR_HD // hardware Dirty flag update 1: orr x10, x10, #TCR_HA // hardware Access flag update 2: -- 2.7.4

7 years, 1 month

2
2
0 0

Build problems in stable queue

by Guenter Roeck

Couple of powerpc problems. 4.14, 4.16: drivers/net/ethernet/ibm/ibmvnic.c:1460:10: error: 'struct ibmvnic_tx_buff' has no member named 'num_entries' 3.18, 4.4: arch/powerpc/xmon/xmon.c:1180:7: error: 'xmon_on' undeclared Also, {i386,x86_64}:allnoconfig in 3.18: arch/x86/mm/pageattr.c:281:6: error: ‘kernel_set_to_readonly’ undeclared Most boot tests pass, except for a couple of powerpc tests where the image fails to build. Guenter

7 years, 1 month

2
6
0 0

Applied "ASoC: cs35l35: Add use_single_rw to regmap config" to the asoc tree

by Mark Brown

The patch ASoC: cs35l35: Add use_single_rw to regmap config has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 6a6ad7face95af0b9e6aaf1eb2261eb70240b89b Mon Sep 17 00:00:00 2001 From: Paul Handrigan <Paul.Handrigan(a)cirrus.com> Date: Fri, 4 May 2018 16:37:41 -0500 Subject: [PATCH] ASoC: cs35l35: Add use_single_rw to regmap config Add the use_single_rw flag to regmap config since the device does not support bulk transactions over i2c. Signed-off-by: Paul Handrigan <Paul.Handrigan(a)cirrus.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- sound/soc/codecs/cs35l35.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/codecs/cs35l35.c b/sound/soc/codecs/cs35l35.c index a4a2cb171bdf..bd6226bde45f 100644 --- a/sound/soc/codecs/cs35l35.c +++ b/sound/soc/codecs/cs35l35.c @@ -1105,6 +1105,7 @@ static struct regmap_config cs35l35_regmap = { .readable_reg = cs35l35_readable_register, .precious_reg = cs35l35_precious_register, .cache_type = REGCACHE_RBTREE, + .use_single_rw = true, }; static irqreturn_t cs35l35_irq(int irq, void *data) -- 2.17.0

7 years, 1 month

1
0
0 0

USB: serial: option: Add support for Quectel EP06

by Bjørn Mork

Hello, Please add upstream commit 71a0483d56e7 ("USB: serial: option: Add support for Quectel EP06") to all maintained stable branches. Thanks, Bjørn

7 years, 1 month

2
1
0 0

v4.4-stable: GPMI nand controller broken

by Sascha Hauer

The following went into v4.4.120: 197190bc5c48 mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM This patch was backported to far for the stable tree. It only makes sense (and only works) together with: bd2e778c9ee3 gpmi-nand: Handle ECC Errors in erased pages which first appeared in v4.7. So either we revert 197190bc5c48 on the v4.4 stable tree or we apply the attached patch which is a backport of bd2e778c9ee3 for v4.4. I don't know which solution is prefered, personally I would prefer applying the attached patch which is also a bugfix. Without it erased pages may not be handled properly. Sascha ---------------------------8<------------------------------- >From ec42023a83778e524a024bdd25d970b8dc7a3966 Mon Sep 17 00:00:00 2001 From: Markus Pargmann <mpa(a)pengutronix.de> Date: Mon, 25 Apr 2016 14:35:12 +0200 Subject: [PATCH] gpmi-nand: Handle ECC Errors in erased pages ECC is only calculated for written pages. As erased pages are not actively written the ECC is always invalid. For this purpose the Hardware BCH unit is able to check for erased pages and does not raise an ECC error in this case. This behaviour can be influenced using the BCH_MODE register which sets the number of allowed bitflips in an erased page. Unfortunately the unit is not capable of fixing the bitflips in memory. To avoid complete software checks for erased pages, we can simply check buffers with uncorrectable ECC errors because we know that any erased page with errors is uncorrectable by the BCH unit. This patch adds the generic nand_check_erased_ecc_chunk() to gpmi-nand to correct erased pages. To have the valid data in the buffer before using them, this patch moves the read_page_swap_end() call before the ECC status checking for-loop. Fixes: 197190bc5c48 ("mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM") Signed-off-by: Markus Pargmann <mpa(a)pengutronix.de> [Squashed patches by Stefan and Boris to check ECC area] Tested-by: Stefan Christ <s.christ(a)phytec.de> Acked-by: Han xu <han.xu(a)nxp.com> Signed-off-by: Boris Brezillon <boris.brezillon(a)free-electrons.com> --- drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 78 ++++++++++++++++++++++++-- 1 file changed, 73 insertions(+), 5 deletions(-) diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c index e2a239c1f40b..40a335c6b792 100644 --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c @@ -1032,14 +1032,87 @@ static int gpmi_ecc_read_page(struct mtd_info *mtd, struct nand_chip *chip, /* Loop over status bytes, accumulating ECC status. */ status = auxiliary_virt + nfc_geo->auxiliary_status_offset; + read_page_swap_end(this, buf, nfc_geo->payload_size, + this->payload_virt, this->payload_phys, + nfc_geo->payload_size, + payload_virt, payload_phys); + for (i = 0; i < nfc_geo->ecc_chunk_count; i++, status++) { if ((*status == STATUS_GOOD) || (*status == STATUS_ERASED)) continue; if (*status == STATUS_UNCORRECTABLE) { + int eccbits = nfc_geo->ecc_strength * nfc_geo->gf_len; + u8 *eccbuf = this->raw_buffer; + int offset, bitoffset; + int eccbytes; + int flips; + + /* Read ECC bytes into our internal raw_buffer */ + offset = nfc_geo->metadata_size * 8; + offset += ((8 * nfc_geo->ecc_chunk_size) + eccbits) * (i + 1); + offset -= eccbits; + bitoffset = offset % 8; + eccbytes = DIV_ROUND_UP(offset + eccbits, 8); + offset /= 8; + eccbytes -= offset; + chip->cmdfunc(mtd, NAND_CMD_RNDOUT, offset, -1); + chip->read_buf(mtd, eccbuf, eccbytes); + + /* + * ECC data are not byte aligned and we may have + * in-band data in the first and last byte of + * eccbuf. Set non-eccbits to one so that + * nand_check_erased_ecc_chunk() does not count them + * as bitflips. + */ + if (bitoffset) + eccbuf[0] |= GENMASK(bitoffset - 1, 0); + + bitoffset = (bitoffset + eccbits) % 8; + if (bitoffset) + eccbuf[eccbytes - 1] |= GENMASK(7, bitoffset); + + /* + * The ECC hardware has an uncorrectable ECC status + * code in case we have bitflips in an erased page. As + * nothing was written into this subpage the ECC is + * obviously wrong and we can not trust it. We assume + * at this point that we are reading an erased page and + * try to correct the bitflips in buffer up to + * ecc_strength bitflips. If this is a page with random + * data, we exceed this number of bitflips and have a + * ECC failure. Otherwise we use the corrected buffer. + */ + if (i == 0) { + /* The first block includes metadata */ + flips = nand_check_erased_ecc_chunk( + buf + i * nfc_geo->ecc_chunk_size, + nfc_geo->ecc_chunk_size, + eccbuf, eccbytes, + auxiliary_virt, + nfc_geo->metadata_size, + nfc_geo->ecc_strength); + } else { + flips = nand_check_erased_ecc_chunk( + buf + i * nfc_geo->ecc_chunk_size, + nfc_geo->ecc_chunk_size, + eccbuf, eccbytes, + NULL, 0, + nfc_geo->ecc_strength); + } + + if (flips > 0) { + max_bitflips = max_t(unsigned int, max_bitflips, + flips); + mtd->ecc_stats.corrected += flips; + continue; + } + mtd->ecc_stats.failed++; continue; } + mtd->ecc_stats.corrected += *status; max_bitflips = max_t(unsigned int, max_bitflips, *status); } @@ -1062,11 +1135,6 @@ static int gpmi_ecc_read_page(struct mtd_info *mtd, struct nand_chip *chip, chip->oob_poi[0] = ((uint8_t *) auxiliary_virt)[0]; } - read_page_swap_end(this, buf, nfc_geo->payload_size, - this->payload_virt, this->payload_phys, - nfc_geo->payload_size, - payload_virt, payload_phys); - return max_bitflips; } -- 2.17.0 -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |

7 years, 1 month

2
1
0 0

patch "USB: serial: option: adding support for ublox R410M" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: option: adding support for ublox R410M to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 4205cb01f6e9ef2ae6daa7be4e8ac1edeb4c9d64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?SZ=20Lin=20=28=E6=9E=97=E4=B8=8A=E6=99=BA=29?= <sz.lin(a)moxa.com> Date: Thu, 26 Apr 2018 14:28:31 +0800 Subject: USB: serial: option: adding support for ublox R410M MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch adds support for ublox R410M PID 0x90b2 USB modem to option driver, this module supports LTE Cat M1 / NB1. Interface layout: 0: QCDM/DIAG 1: ADB 2: AT 3: RMNET Signed-off-by: SZ Lin (林上智) <sz.lin(a)moxa.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/option.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index c3f252283ab9..2058852a87fa 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -233,6 +233,8 @@ static void option_instat_callback(struct urb *urb); /* These Quectel products use Qualcomm's vendor ID */ #define QUECTEL_PRODUCT_UC20 0x9003 #define QUECTEL_PRODUCT_UC15 0x9090 +/* These u-blox products use Qualcomm's vendor ID */ +#define UBLOX_PRODUCT_R410M 0x90b2 /* These Yuga products use Qualcomm's vendor ID */ #define YUGA_PRODUCT_CLM920_NC5 0x9625 @@ -1065,6 +1067,9 @@ static const struct usb_device_id option_ids[] = { /* Yuga products use Qualcomm vendor ID */ { USB_DEVICE(QUALCOMM_VENDOR_ID, YUGA_PRODUCT_CLM920_NC5), .driver_info = RSVD(1) | RSVD(4) }, + /* u-blox products using Qualcomm vendor ID */ + { USB_DEVICE(QUALCOMM_VENDOR_ID, UBLOX_PRODUCT_R410M), + .driver_info = RSVD(1) | RSVD(3) }, /* Quectel products using Quectel vendor ID */ { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EC21), .driver_info = RSVD(4) }, -- 2.17.0

7 years, 1 month

1
0
0 0

patch "USB: serial: visor: handle potential invalid device configuration" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: visor: handle potential invalid device configuration to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 4842ed5bfcb9daf6660537d70503c18d38dbdbb8 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Date: Sun, 29 Apr 2018 17:41:55 +0200 Subject: USB: serial: visor: handle potential invalid device configuration If we get an invalid device configuration from a palm 3 type device, we might incorrectly parse things, and we have the potential to crash in "interesting" ways. Fix this up by verifying the size of the configuration passed to us by the device, and only if it is correct, will we handle it. Note that this also fixes an information leak of slab data. Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Reviewed-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [ johan: add comment about the info leak ] Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/visor.c | 69 +++++++++++++++++++------------------- 1 file changed, 35 insertions(+), 34 deletions(-) diff --git a/drivers/usb/serial/visor.c b/drivers/usb/serial/visor.c index f5373ed2cd45..8ddbecc25d89 100644 --- a/drivers/usb/serial/visor.c +++ b/drivers/usb/serial/visor.c @@ -335,47 +335,48 @@ static int palm_os_3_probe(struct usb_serial *serial, goto exit; } - if (retval == sizeof(*connection_info)) { - connection_info = (struct visor_connection_info *) - transfer_buffer; - - num_ports = le16_to_cpu(connection_info->num_ports); - for (i = 0; i < num_ports; ++i) { - switch ( - connection_info->connections[i].port_function_id) { - case VISOR_FUNCTION_GENERIC: - string = "Generic"; - break; - case VISOR_FUNCTION_DEBUGGER: - string = "Debugger"; - break; - case VISOR_FUNCTION_HOTSYNC: - string = "HotSync"; - break; - case VISOR_FUNCTION_CONSOLE: - string = "Console"; - break; - case VISOR_FUNCTION_REMOTE_FILE_SYS: - string = "Remote File System"; - break; - default: - string = "unknown"; - break; - } - dev_info(dev, "%s: port %d, is for %s use\n", - serial->type->description, - connection_info->connections[i].port, string); - } + if (retval != sizeof(*connection_info)) { + dev_err(dev, "Invalid connection information received from device\n"); + retval = -ENODEV; + goto exit; } - /* - * Handle devices that report invalid stuff here. - */ + + connection_info = (struct visor_connection_info *)transfer_buffer; + + num_ports = le16_to_cpu(connection_info->num_ports); + + /* Handle devices that report invalid stuff here. */ if (num_ports == 0 || num_ports > 2) { dev_warn(dev, "%s: No valid connect info available\n", serial->type->description); num_ports = 2; } + for (i = 0; i < num_ports; ++i) { + switch (connection_info->connections[i].port_function_id) { + case VISOR_FUNCTION_GENERIC: + string = "Generic"; + break; + case VISOR_FUNCTION_DEBUGGER: + string = "Debugger"; + break; + case VISOR_FUNCTION_HOTSYNC: + string = "HotSync"; + break; + case VISOR_FUNCTION_CONSOLE: + string = "Console"; + break; + case VISOR_FUNCTION_REMOTE_FILE_SYS: + string = "Remote File System"; + break; + default: + string = "unknown"; + break; + } + dev_info(dev, "%s: port %d, is for %s use\n", + serial->type->description, + connection_info->connections[i].port, string); + } dev_info(dev, "%s: Number of ports: %d\n", serial->type->description, num_ports); -- 2.17.0

7 years, 1 month

1
0
0 0

[PATCH] orangefs: set i_size on new symlink

by Martin Brandenburg

As long as a symlink inode remains in-core, the destination (and therefore size) will not be re-fetched from the server, as it cannot change. The original implementation of the attribute cache assumed that setting the expiry time in the past was sufficient to cause a re-fetch of all attributes on the next getattr. That does not work in this case. The bug manifested itself as follows. When the command sequence touch foo; ln -s foo bar; ls -l bar is run, the output was lrwxrwxrwx. 1 fedora fedora 4906 Apr 24 19:10 bar -> foo However, after a re-mount, ls -l bar produces lrwxrwxrwx. 1 fedora fedora 3 Apr 24 19:10 bar -> foo After this commit, even before a re-mount, the output is lrwxrwxrwx. 1 fedora fedora 3 Apr 24 19:10 bar -> foo Reported-by: Becky Ligon <ligon(a)clemson.edu> Signed-off-by: Martin Brandenburg <martin(a)omnibond.com> Fixes: 71680c18c8f2 ("orangefs: Cache getattr results.") Cc: stable(a)vger.kernel.org Cc: hubcap(a)omnibond.com --- fs/orangefs/namei.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/orangefs/namei.c b/fs/orangefs/namei.c index 6e3134e6d98a..bfc4b1028701 100644 --- a/fs/orangefs/namei.c +++ b/fs/orangefs/namei.c @@ -327,6 +327,13 @@ static int orangefs_symlink(struct inode *dir, ret = PTR_ERR(inode); goto out; } + /* + * This is necessary because orangefs_inode_getattr will not + * re-read symlink size as it is impossible for it to change. + * Invalidating the cache does not help. orangefs_new_inode + * does not set the correct size (it does not know symname). + */ + inode->i_size = strlen(symname); gossip_debug(GOSSIP_NAME_DEBUG, "Assigned symlink inode new number of %pU\n", -- 2.14.3

7 years, 1 month

1
0
0 0

please consider ac1e55b1fdb2 for stable

by Ard Biesheuvel

Please consider commit ac1e55b1fdb27c1b07a0a6fe519f1291ff1e7d40 ACPI / button: make module loadable when booted in non-ACPI mode at least for v4.16-stable. It likely applies much further back, but the relevance of v4.16 is that it is used in Fedora 28, and without this patch, arm64 systems booting in DT mode cannot run a desktop GUI on F28 if they rely on the nouveau driver. Regards, Ard.

7 years, 1 month

2
2
0 0

[PATCH 1/2] KVM: ARM: Properly protect VGIC locks from IRQs

by Andre Przywara

As Jan reported [1], lockdep complains about the VGIC not being bullet proof. This seems to be due to two issues: - When commit 006df0f34930 ("KVM: arm/arm64: Support calling vgic_update_irq_pending from irq context") promoted irq_lock and ap_list_lock to _irqsave, we forgot two instances of irq_lock. lockdeps seems to pick those up. - If a lock is _irqsave, any other locks we take inside them should be _irqsafe as well. So the lpi_list_lock needs to be promoted also. This fixes both issues by simply making the remaining instances of those locks _irqsave. One irq_lock is addressed in a separate patch, to simplify backporting. Cc: stable(a)vger.kernel.org Fixes: 006df0f34930 ("KVM: arm/arm64: Support calling vgic_update_irq_pending from irq context") Reported-by: Jan Glauber <jan.glauber(a)caviumnetworks.com> Signed-off-by: Andre Przywara <andre.przywara(a)arm.com> [1] http://lists.infradead.org/pipermail/linux-arm-kernel/2018-May/575718.html --- virt/kvm/arm/vgic/vgic-debug.c | 5 +++-- virt/kvm/arm/vgic/vgic-its.c | 10 ++++++---- virt/kvm/arm/vgic/vgic.c | 22 ++++++++++++++-------- 3 files changed, 23 insertions(+), 14 deletions(-) diff --git a/virt/kvm/arm/vgic/vgic-debug.c b/virt/kvm/arm/vgic/vgic-debug.c index 10b38178cff2..4ffc0b5e6105 100644 --- a/virt/kvm/arm/vgic/vgic-debug.c +++ b/virt/kvm/arm/vgic/vgic-debug.c @@ -211,6 +211,7 @@ static int vgic_debug_show(struct seq_file *s, void *v) struct vgic_state_iter *iter = (struct vgic_state_iter *)v; struct vgic_irq *irq; struct kvm_vcpu *vcpu = NULL; + unsigned long flags; if (iter->dist_id == 0) { print_dist_state(s, &kvm->arch.vgic); @@ -227,9 +228,9 @@ static int vgic_debug_show(struct seq_file *s, void *v) irq = &kvm->arch.vgic.spis[iter->intid - VGIC_NR_PRIVATE_IRQS]; } - spin_lock(&irq->irq_lock); + spin_lock_irqsave(&irq->irq_lock, flags); print_irq_state(s, irq, vcpu); - spin_unlock(&irq->irq_lock); + spin_unlock_irqrestore(&irq->irq_lock, flags); return 0; } diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c index a8f07243aa9f..41abf92f2699 100644 --- a/virt/kvm/arm/vgic/vgic-its.c +++ b/virt/kvm/arm/vgic/vgic-its.c @@ -52,6 +52,7 @@ static struct vgic_irq *vgic_add_lpi(struct kvm *kvm, u32 intid, { struct vgic_dist *dist = &kvm->arch.vgic; struct vgic_irq *irq = vgic_get_irq(kvm, NULL, intid), *oldirq; + unsigned long flags; int ret; /* In this case there is no put, since we keep the reference. */ @@ -71,7 +72,7 @@ static struct vgic_irq *vgic_add_lpi(struct kvm *kvm, u32 intid, irq->intid = intid; irq->target_vcpu = vcpu; - spin_lock(&dist->lpi_list_lock); + spin_lock_irqsave(&dist->lpi_list_lock, flags); /* * There could be a race with another vgic_add_lpi(), so we need to @@ -99,7 +100,7 @@ static struct vgic_irq *vgic_add_lpi(struct kvm *kvm, u32 intid, dist->lpi_list_count++; out_unlock: - spin_unlock(&dist->lpi_list_lock); + spin_unlock_irqrestore(&dist->lpi_list_lock, flags); /* * We "cache" the configuration table entries in our struct vgic_irq's. @@ -315,6 +316,7 @@ static int vgic_copy_lpi_list(struct kvm_vcpu *vcpu, u32 **intid_ptr) { struct vgic_dist *dist = &vcpu->kvm->arch.vgic; struct vgic_irq *irq; + unsigned long flags; u32 *intids; int irq_count, i = 0; @@ -330,7 +332,7 @@ static int vgic_copy_lpi_list(struct kvm_vcpu *vcpu, u32 **intid_ptr) if (!intids) return -ENOMEM; - spin_lock(&dist->lpi_list_lock); + spin_lock_irqsave(&dist->lpi_list_lock, flags); list_for_each_entry(irq, &dist->lpi_list_head, lpi_list) { if (i == irq_count) break; @@ -339,7 +341,7 @@ static int vgic_copy_lpi_list(struct kvm_vcpu *vcpu, u32 **intid_ptr) continue; intids[i++] = irq->intid; } - spin_unlock(&dist->lpi_list_lock); + spin_unlock_irqrestore(&dist->lpi_list_lock, flags); *intid_ptr = intids; return i; diff --git a/virt/kvm/arm/vgic/vgic.c b/virt/kvm/arm/vgic/vgic.c index c62ecca24579..f7dc2347395b 100644 --- a/virt/kvm/arm/vgic/vgic.c +++ b/virt/kvm/arm/vgic/vgic.c @@ -43,9 +43,13 @@ struct vgic_global kvm_vgic_global_state __ro_after_init = { * kvm->lock (mutex) * its->cmd_lock (mutex) * its->its_lock (mutex) - * vgic_cpu->ap_list_lock - * kvm->lpi_list_lock - * vgic_irq->irq_lock + * vgic_cpu->ap_list_lock must be taken with IRQs disabled + * kvm->lpi_list_lock must be taken with IRQs disabled + * vgic_irq->irq_lock must be taken with IRQs disabled + * + * As the ap_list_lock might be taken from the timer interrupt handler, + * we have to disable IRQs before taking this lock and everything lower + * than it. * * If you need to take multiple locks, always take the upper lock first, * then the lower ones, e.g. first take the its_lock, then the irq_lock. @@ -72,8 +76,9 @@ static struct vgic_irq *vgic_get_lpi(struct kvm *kvm, u32 intid) { struct vgic_dist *dist = &kvm->arch.vgic; struct vgic_irq *irq = NULL; + unsigned long flags; - spin_lock(&dist->lpi_list_lock); + spin_lock_irqsave(&dist->lpi_list_lock, flags); list_for_each_entry(irq, &dist->lpi_list_head, lpi_list) { if (irq->intid != intid) @@ -89,7 +94,7 @@ static struct vgic_irq *vgic_get_lpi(struct kvm *kvm, u32 intid) irq = NULL; out_unlock: - spin_unlock(&dist->lpi_list_lock); + spin_unlock_irqrestore(&dist->lpi_list_lock, flags); return irq; } @@ -134,19 +139,20 @@ static void vgic_irq_release(struct kref *ref) void vgic_put_irq(struct kvm *kvm, struct vgic_irq *irq) { struct vgic_dist *dist = &kvm->arch.vgic; + unsigned long flags; if (irq->intid < VGIC_MIN_LPI) return; - spin_lock(&dist->lpi_list_lock); + spin_lock_irqsave(&dist->lpi_list_lock, flags); if (!kref_put(&irq->refcount, vgic_irq_release)) { - spin_unlock(&dist->lpi_list_lock); + spin_unlock_irqrestore(&dist->lpi_list_lock, flags); return; }; list_del(&irq->lpi_list); dist->lpi_list_count--; - spin_unlock(&dist->lpi_list_lock); + spin_unlock_irqrestore(&dist->lpi_list_lock, flags); kfree(irq); } -- 2.14.1

7 years, 1 month

1
1
0 0

[PATCH v3] PCI / PM: Always check PME wakeup capability for runtime wakeup support

by Kai-Heng Feng

USB controller ASM1042 stops working after commit de3ef1eb1cd0 ("PM / core: Drop run_wake flag from struct dev_pm_info"). The device in question is not power managed by platform firmware, furthermore, it only supports PME# from D3cold: Capabilities: [78] Power Management version 3 Flags: PMEClk- DSI- D1- D2- AuxCurrent=55mA PME(D0-,D1-,D2-,D3hot-,D3cold+) Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME- Before commit de3ef1eb1cd0, the device never gets runtime suspended. After that commit, the device gets runtime suspended, so it does not respond to any PME#. usb_hcd_pci_probe() mandatorily calls device_wakeup_enable(), hence device_can_wakeup() in pci_dev_run_wake() always returns true. So pci_dev_run_wake() needs to check PME wakeup capability as its first condition. In addition, change wakeup flag passed to pci_target_state() from false to true, because we want to find the deepest state that the device can still generate PME#. Fixes: de3ef1eb1cd0 ("PM / core: Drop run_wake flag from struct dev_pm_info") Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Kai-Heng Feng <kai.heng.feng(a)canonical.com> --- v3: State the reason why the wakeup flag gets changed. v2: Explicitly check dev->pme_support. drivers/pci/pci.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index f6a4dd10d9b0..52821a21fc07 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -2125,16 +2125,16 @@ bool pci_dev_run_wake(struct pci_dev *dev) { struct pci_bus *bus = dev->bus; - if (device_can_wakeup(&dev->dev)) - return true; - if (!dev->pme_support) return false; /* PME-capable in principle, but not from the target power state */ - if (!pci_pme_capable(dev, pci_target_state(dev, false))) + if (!pci_pme_capable(dev, pci_target_state(dev, true))) return false; + if (device_can_wakeup(&dev->dev)) + return true; + while (bus->parent) { struct pci_dev *bridge = bus->self; -- 2.15.1

7 years, 1 month

4
8
0 0

[PATCH v2 1/6] drm/tegra: Fix a device_node leak when the DRM panel is not found

by Boris Brezillon

of_node_put(panel) is not called when of_drm_find_panel(panel) returns NULL, thus leaking the reference we hold on panel. Fixes: 9be7d864cf07 ("drm/tegra: Implement panel support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- drivers/gpu/drm/tegra/output.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/gpu/drm/tegra/output.c b/drivers/gpu/drm/tegra/output.c index ffe34bd0bb9d..676fd394836f 100644 --- a/drivers/gpu/drm/tegra/output.c +++ b/drivers/gpu/drm/tegra/output.c @@ -110,10 +110,9 @@ int tegra_output_probe(struct tegra_output *output) panel = of_parse_phandle(output->of_node, "nvidia,panel", 0); if (panel) { output->panel = of_drm_find_panel(panel); + of_node_put(panel); if (!output->panel) return -EPROBE_DEFER; - - of_node_put(panel); } output->edid = of_get_property(output->of_node, "nvidia,edid", &size); -- 2.14.1

7 years, 1 month

2
3
0 0

Repeating "unregister_netdevice: waiting for lo to become free" caused by upstream 76da0704507bb ("ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER")

by Rafał Miłecki

Hi, I've just updated my kernel 4.4.x and noticed a regression. Bisecting pointed me to the commit 2417da3f4d6bc ("ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER") [0] which is backport of upstream 76da0704507bb. That backported commit has appeared in a 4.4.103. I use OpenWrt/LEDE [1] distribution and LXC [2] 1.1.5. After stopping a container I start getting these messages: [ 229.419188] unregister_netdevice: waiting for lo to become free. Usage count = 1 [ 239.660408] unregister_netdevice: waiting for lo to become free. Usage count = 1 [ 249.839189] unregister_netdevice: waiting for lo to become free. Usage count = 1 (...) Trying to start LXC nevertheless results in lxc-start command hang around network configuration. Trying to query LXC state afterwards results in a lxc-info command hang too. I tried Googling for this issue and found similar reports: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1729637 https://github.com/fnproject/fn/issues/686 https://lime-technology.com/forums/topic/66863-kernelunregister_netdevice-w… all of them related to the Docker, which is probably a similar use case to the LXC. I couldn't find any reference to commit 76da0704507bb that could suggest fixing the problem I'm seeing. Does anyone have an idea what is the issue I'm seeing about? Or even better, how to fix it? Can I provide any additional info that would help? [0] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/com… [1] https://openwrt.org/ [2] https://linuxcontainers.org/ -- Rafał

7 years, 1 month

2
4
0 0

[PATCH 1/1] xhci: Fix use-after-free in xhci_free_virt_device

by Mathias Nyman

KASAN found a use-after-free in xhci_free_virt_device+0x33b/0x38e where xhci_free_virt_device() sets slot id to 0 if udev exists: if (dev->udev && dev->udev->slot_id) dev->udev->slot_id = 0; dev->udev will be true even if udev is freed because dev->udev is not set to NULL. set dev->udev pointer to NULL in xhci_free_dev() The original patch went to stable so this fix needs to be applied there as well. Fixes: a400efe455f7 ("xhci: zero usb device slot_id member when disabling and freeing a xhci slot") Cc: <stable(a)vger.kernel.org> Reported-by: Guenter Roeck <linux(a)roeck-us.net> Reviewed-by: Guenter Roeck <linux(a)roeck-us.net> Tested-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 9b27798..711da33 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -3621,6 +3621,7 @@ static void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev) del_timer_sync(&virt_dev->eps[i].stop_cmd_timer); } xhci_debugfs_remove_slot(xhci, udev->slot_id); + virt_dev->udev = NULL; ret = xhci_disable_slot(xhci, udev->slot_id); if (ret) xhci_free_virt_device(xhci, udev->slot_id); -- 2.7.4

7 years, 1 month

1
0
0 0

+ ipc-shm-fix-shmat-nil-address-after-round-down-when-remapping.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: ipc/shm: fix shmat() nil address after round-down when remapping has been added to the -mm tree. Its filename is ipc-shm-fix-shmat-nil-address-after-round-down-when-remapping.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/ipc-shm-fix-shmat-nil-address-afte… and later at http://ozlabs.org/~akpm/mmotm/broken-out/ipc-shm-fix-shmat-nil-address-afte… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Davidlohr Bueso <dave(a)stgolabs.net> Subject: ipc/shm: fix shmat() nil address after round-down when remapping shmat()'s SHM_REMAP option forbids passing a nil address for; this is in fact the very first thing we check for. Andrea reported that for SHM_RND|SHM_REMAP cases we can end up bypassing the initial addr check, but we need to check again if the address was rounded down to nil. As of this patch, such cases will return -EINVAL. Link: http://lkml.kernel.org/r/20180503204934.kk63josdu6u53fbd@linux-n805 Signed-off-by: Davidlohr Bueso <dbueso(a)suse.de> Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Joe Lawrence <joe.lawrence(a)redhat.com> Cc: Manfred Spraul <manfred(a)colorfullife.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- ipc/shm.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff -puN ipc/shm.c~ipc-shm-fix-shmat-nil-address-after-round-down-when-remapping ipc/shm.c --- a/ipc/shm.c~ipc-shm-fix-shmat-nil-address-after-round-down-when-remapping +++ a/ipc/shm.c @@ -1363,9 +1363,17 @@ long do_shmat(int shmid, char __user *sh if (addr) { if (addr & (shmlba - 1)) { - if (shmflg & SHM_RND) + if (shmflg & SHM_RND) { addr &= ~(shmlba - 1); /* round down */ - else + + /* + * Ensure that the round-down is non-nil + * when remapping. This can happen for + * cases when addr < shmlba. + */ + if (!addr && (shmflg & SHM_REMAP)) + goto out; + } else #ifndef __ARCH_FORCE_SHMLBA if (addr & ~PAGE_MASK) #endif _ Patches currently in -mm which might be from dave(a)stgolabs.net are ipc-sem-mitigate-semnum-index-against-spectre-v1.patch revert-ipc-shm-fix-shmat-mmap-nil-page-protection.patch ipc-shm-fix-shmat-nil-address-after-round-down-when-remapping.patch

7 years, 1 month

1
0
0 0

+ revert-ipc-shm-fix-shmat-mmap-nil-page-protection.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: Revert "ipc/shm: Fix shmat mmap nil-page protection" has been added to the -mm tree. Its filename is revert-ipc-shm-fix-shmat-mmap-nil-page-protection.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/revert-ipc-shm-fix-shmat-mmap-nil-… and later at http://ozlabs.org/~akpm/mmotm/broken-out/revert-ipc-shm-fix-shmat-mmap-nil-… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Davidlohr Bueso <dave(a)stgolabs.net> Subject: Revert "ipc/shm: Fix shmat mmap nil-page protection" Patch series "ipc/shm: shmat() fixes around nil-page". These patches fix two issues reported[1] a while back by Joe and Andrea around how shmat(2) behaves with nil-page. The first reverts a commit that it was incorrectly thought that mapping nil-page (address=0) was a no no with MAP_FIXED. This is not the case, with the exception of SHM_REMAP; which is address in the second patch. I chose two patches because it is easier to backport and it explicitly reverts bogus behaviour. Both patches ought to be in -stable and ltp testcases need updated (the added testcase around the cve can be modified to just test for SHM_RND|SHM_REMAP). [1] lkml.kernel.org/r/20180430172152.nfa564pvgpk3ut7p@linux-n805 This patch (of 2): 95e91b831f87 (ipc/shm: Fix shmat mmap nil-page protection) worked on the idea that we should not be mapping as root addr=0 and MAP_FIXED. However, it was reported that this scenario is in fact valid, thus making the patch both bogus and breaks userspace as well. For example X11's libint10.so relies on shmat(1, SHM_RND) for lowmem initialization[1]. [1] https://cgit.freedesktop.org/xorg/xserver/tree/hw/xfree86/os-support/linux/… Link: http://lkml.kernel.org/r/20180503203243.15045-2-dave@stgolabs.net Signed-off-by: Davidlohr Bueso <dbueso(a)suse.de> Reported-by: Joe Lawrence <joe.lawrence(a)redhat.com> Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Manfred Spraul <manfred(a)colorfullife.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- ipc/shm.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff -puN ipc/shm.c~revert-ipc-shm-fix-shmat-mmap-nil-page-protection ipc/shm.c --- a/ipc/shm.c~revert-ipc-shm-fix-shmat-mmap-nil-page-protection +++ a/ipc/shm.c @@ -1363,13 +1363,8 @@ long do_shmat(int shmid, char __user *sh if (addr) { if (addr & (shmlba - 1)) { - /* - * Round down to the nearest multiple of shmlba. - * For sane do_mmap_pgoff() parameters, avoid - * round downs that trigger nil-page and MAP_FIXED. - */ - if ((shmflg & SHM_RND) && addr >= shmlba) - addr &= ~(shmlba - 1); + if (shmflg & SHM_RND) + addr &= ~(shmlba - 1); /* round down */ else #ifndef __ARCH_FORCE_SHMLBA if (addr & ~PAGE_MASK) _ Patches currently in -mm which might be from dave(a)stgolabs.net are ipc-sem-mitigate-semnum-index-against-spectre-v1.patch revert-ipc-shm-fix-shmat-mmap-nil-page-protection.patch ipc-shm-fix-shmat-nil-address-after-round-down-when-remapping.patch

7 years, 1 month

1
0
0 0

[PATCH for-rc v2 0/6] IB/hfi1,rdmavt: Fixes for the 4.17 RC

by Dennis Dalessandro

Hi Jason and Doug, Here are 6 patches that might make the bar for RC. The first patch fixes something that came in pretty recently, I beleive 4.13. The second patch is trivial, but does modify user visible text. Patch 3 looks large but it's mostly comments. It just moves code. Patch 4 is also pretty simple. The last two patches fix memory leaks. If you don't think these pass muster for RC please carry over to for-next. Changes since V1: Correct version tag so it shows up as for-rc in patchworks. --- Michael J. Ruhl (1): IB/hfi1 Use correct type for num_user_context Mike Marciniszyn (2): IB/hfi1: Fix handling of FECN marked multicast packet IB/hfi1: Fix loss of BECN with AHG Sebastian Sanchez (3): IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used IB/{hfi1,rdmavt}: Fix memory leak in hfi1_alloc_devdata() upon failure IB/hfi1: Fix memory leak in exception path in get_irq_affinity() drivers/infiniband/hw/hfi1/affinity.c | 11 +++---- drivers/infiniband/hw/hfi1/driver.c | 19 ++++++++++--- drivers/infiniband/hw/hfi1/hfi.h | 8 +++-- drivers/infiniband/hw/hfi1/init.c | 43 ++++++++++++++++++++-------- drivers/infiniband/hw/hfi1/pcie.c | 3 -- drivers/infiniband/hw/hfi1/platform.c | 1 + drivers/infiniband/hw/hfi1/qsfp.c | 2 + drivers/infiniband/hw/hfi1/ruc.c | 50 ++++++++++++++++++++++++++------- drivers/infiniband/hw/hfi1/ud.c | 6 ++-- 9 files changed, 101 insertions(+), 42 deletions(-) -- -Denny

7 years, 1 month

4
10
0 0

[PATCH 0/1] KVM: s390: one more backport for 4.4

by Christian Borntraeger

Greg, this is a backport of a patch that is needed to make "KVM: s390: wire up bpb feature" useful in 4.4. Without that the bpb feature is available but the guest does not know that it can be used. Alexander Yarygin (1): KVM: s390: Enable all facility bits that are known good for passthrough arch/s390/kvm/kvm-s390.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.14.2

7 years, 1 month

3
3
0 0

[PATCH 0/2] fixes for v4.4

by Jarkko Sakkinen

Decided to add Enric's commit because it is also a bug fix instead of modifying Chris commit. Chris Chiu (1): tpm: self test failure should not cause suspend to fail Enric Balletbo i Serra (1): tpm: do not suspend/resume if power stays on drivers/char/tpm/tpm-interface.c | 7 +++++++ drivers/char/tpm/tpm.h | 1 + drivers/char/tpm/tpm_of.c | 3 +++ 3 files changed, 11 insertions(+) -- 2.17.0

7 years, 1 month

2
3
0 0

[PATCH 4.9] arm/arm64: KVM: Add PSCI version selection API

by Marc Zyngier

commit 85bd0ba1ff9875798fad94218b627ea9f768f3c3 upstream. Although we've implemented PSCI 0.1, 0.2 and 1.0, we expose either 0.1 or 1.0 to a guest, defaulting to the latest version of the PSCI implementation that is compatible with the requested version. This is no different from doing a firmware upgrade on KVM. But in order to give a chance to hypothetical badly implemented guests that would have a fit by discovering something other than PSCI 0.2, let's provide a new API that allows userspace to pick one particular version of the API. This is implemented as a new class of "firmware" registers, where we expose the PSCI version. This allows the PSCI version to be save/restored as part of a guest migration, and also set to any supported version if the guest requires it. Cc: stable(a)vger.kernel.org #4.16 Reviewed-by: Christoffer Dall <cdall(a)kernel.org> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> --- Documentation/virtual/kvm/api.txt | 9 ++++- Documentation/virtual/kvm/arm/psci.txt | 30 +++++++++++++++++ arch/arm/include/asm/kvm_host.h | 3 ++ arch/arm/include/uapi/asm/kvm.h | 6 ++++ arch/arm/kvm/guest.c | 13 ++++++++ arch/arm/kvm/psci.c | 60 ++++++++++++++++++++++++++++++++++ arch/arm64/include/asm/kvm_host.h | 3 ++ arch/arm64/include/uapi/asm/kvm.h | 6 ++++ arch/arm64/kvm/guest.c | 14 +++++++- include/kvm/arm_psci.h | 16 +++++++-- 10 files changed, 156 insertions(+), 4 deletions(-) create mode 100644 Documentation/virtual/kvm/arm/psci.txt diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt index 1f5eab4ef88f..e46c14fac9da 100644 --- a/Documentation/virtual/kvm/api.txt +++ b/Documentation/virtual/kvm/api.txt @@ -2118,6 +2118,9 @@ ARM 32-bit VFP control registers have the following id bit patterns: ARM 64-bit FP registers have the following id bit patterns: 0x4030 0000 0012 0 <regno:12> +ARM firmware pseudo-registers have the following bit pattern: + 0x4030 0000 0014 <regno:16> + arm64 registers are mapped using the lower 32 bits. The upper 16 of that is the register group type, or coprocessor number: @@ -2134,6 +2137,9 @@ arm64 CCSIDR registers are demultiplexed by CSSELR value: arm64 system registers have the following id bit patterns: 0x6030 0000 0013 <op0:2> <op1:3> <crn:4> <crm:4> <op2:3> +arm64 firmware pseudo-registers have the following bit pattern: + 0x6030 0000 0014 <regno:16> + MIPS registers are mapped using the lower 32 bits. The upper 16 of that is the register group type: @@ -2656,7 +2662,8 @@ Possible features: and execute guest code when KVM_RUN is called. - KVM_ARM_VCPU_EL1_32BIT: Starts the CPU in a 32bit mode. Depends on KVM_CAP_ARM_EL1_32BIT (arm64 only). - - KVM_ARM_VCPU_PSCI_0_2: Emulate PSCI v0.2 for the CPU. + - KVM_ARM_VCPU_PSCI_0_2: Emulate PSCI v0.2 (or a future revision + backward compatible with v0.2) for the CPU. Depends on KVM_CAP_ARM_PSCI_0_2. - KVM_ARM_VCPU_PMU_V3: Emulate PMUv3 for the CPU. Depends on KVM_CAP_ARM_PMU_V3. diff --git a/Documentation/virtual/kvm/arm/psci.txt b/Documentation/virtual/kvm/arm/psci.txt new file mode 100644 index 000000000000..aafdab887b04 --- /dev/null +++ b/Documentation/virtual/kvm/arm/psci.txt @@ -0,0 +1,30 @@ +KVM implements the PSCI (Power State Coordination Interface) +specification in order to provide services such as CPU on/off, reset +and power-off to the guest. + +The PSCI specification is regularly updated to provide new features, +and KVM implements these updates if they make sense from a virtualization +point of view. + +This means that a guest booted on two different versions of KVM can +observe two different "firmware" revisions. This could cause issues if +a given guest is tied to a particular PSCI revision (unlikely), or if +a migration causes a different PSCI version to be exposed out of the +blue to an unsuspecting guest. + +In order to remedy this situation, KVM exposes a set of "firmware +pseudo-registers" that can be manipulated using the GET/SET_ONE_REG +interface. These registers can be saved/restored by userspace, and set +to a convenient value if required. + +The following register is defined: + +* KVM_REG_ARM_PSCI_VERSION: + + - Only valid if the vcpu has the KVM_ARM_VCPU_PSCI_0_2 feature set + (and thus has already been initialized) + - Returns the current PSCI version on GET_ONE_REG (defaulting to the + highest PSCI version implemented by KVM and compatible with v0.2) + - Allows any PSCI version implemented by KVM and compatible with + v0.2 to be set with SET_ONE_REG + - Affects the whole VM (even if the register view is per-vcpu) diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h index 9fe1043e72d2..f4dab20ac9f3 100644 --- a/arch/arm/include/asm/kvm_host.h +++ b/arch/arm/include/asm/kvm_host.h @@ -78,6 +78,9 @@ struct kvm_arch { /* Interrupt controller */ struct vgic_dist vgic; int max_vcpus; + + /* Mandated version of PSCI */ + u32 psci_version; }; #define KVM_NR_MEM_OBJS 40 diff --git a/arch/arm/include/uapi/asm/kvm.h b/arch/arm/include/uapi/asm/kvm.h index b38c10c73579..0b8cf31d8416 100644 --- a/arch/arm/include/uapi/asm/kvm.h +++ b/arch/arm/include/uapi/asm/kvm.h @@ -173,6 +173,12 @@ struct kvm_arch_memory_slot { #define KVM_REG_ARM_VFP_FPINST 0x1009 #define KVM_REG_ARM_VFP_FPINST2 0x100A +/* KVM-as-firmware specific pseudo-registers */ +#define KVM_REG_ARM_FW (0x0014 << KVM_REG_ARM_COPROC_SHIFT) +#define KVM_REG_ARM_FW_REG(r) (KVM_REG_ARM | KVM_REG_SIZE_U64 | \ + KVM_REG_ARM_FW | ((r) & 0xffff)) +#define KVM_REG_ARM_PSCI_VERSION KVM_REG_ARM_FW_REG(0) + /* Device Control API: ARM VGIC */ #define KVM_DEV_ARM_VGIC_GRP_ADDR 0 #define KVM_DEV_ARM_VGIC_GRP_DIST_REGS 1 diff --git a/arch/arm/kvm/guest.c b/arch/arm/kvm/guest.c index 9aca92074f85..630117d2e8bd 100644 --- a/arch/arm/kvm/guest.c +++ b/arch/arm/kvm/guest.c @@ -22,6 +22,7 @@ #include <linux/module.h> #include <linux/vmalloc.h> #include <linux/fs.h> +#include <kvm/arm_psci.h> #include <asm/cputype.h> #include <asm/uaccess.h> #include <asm/kvm.h> @@ -176,6 +177,7 @@ static unsigned long num_core_regs(void) unsigned long kvm_arm_num_regs(struct kvm_vcpu *vcpu) { return num_core_regs() + kvm_arm_num_coproc_regs(vcpu) + + kvm_arm_get_fw_num_regs(vcpu) + NUM_TIMER_REGS; } @@ -196,6 +198,11 @@ int kvm_arm_copy_reg_indices(struct kvm_vcpu *vcpu, u64 __user *uindices) uindices++; } + ret = kvm_arm_copy_fw_reg_indices(vcpu, uindices); + if (ret) + return ret; + uindices += kvm_arm_get_fw_num_regs(vcpu); + ret = copy_timer_indices(vcpu, uindices); if (ret) return ret; @@ -214,6 +221,9 @@ int kvm_arm_get_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_CORE) return get_core_reg(vcpu, reg); + if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_FW) + return kvm_arm_get_fw_reg(vcpu, reg); + if (is_timer_reg(reg->id)) return get_timer_reg(vcpu, reg); @@ -230,6 +240,9 @@ int kvm_arm_set_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_CORE) return set_core_reg(vcpu, reg); + if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_FW) + return kvm_arm_set_fw_reg(vcpu, reg); + if (is_timer_reg(reg->id)) return set_timer_reg(vcpu, reg); diff --git a/arch/arm/kvm/psci.c b/arch/arm/kvm/psci.c index 3d962257c166..8a9c654f4f87 100644 --- a/arch/arm/kvm/psci.c +++ b/arch/arm/kvm/psci.c @@ -18,6 +18,7 @@ #include <linux/arm-smccc.h> #include <linux/preempt.h> #include <linux/kvm_host.h> +#include <linux/uaccess.h> #include <linux/wait.h> #include <asm/cputype.h> @@ -425,3 +426,62 @@ int kvm_hvc_call_handler(struct kvm_vcpu *vcpu) smccc_set_retval(vcpu, val, 0, 0, 0); return 1; } + +int kvm_arm_get_fw_num_regs(struct kvm_vcpu *vcpu) +{ + return 1; /* PSCI version */ +} + +int kvm_arm_copy_fw_reg_indices(struct kvm_vcpu *vcpu, u64 __user *uindices) +{ + if (put_user(KVM_REG_ARM_PSCI_VERSION, uindices)) + return -EFAULT; + + return 0; +} + +int kvm_arm_get_fw_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) +{ + if (reg->id == KVM_REG_ARM_PSCI_VERSION) { + void __user *uaddr = (void __user *)(long)reg->addr; + u64 val; + + val = kvm_psci_version(vcpu, vcpu->kvm); + if (copy_to_user(uaddr, &val, KVM_REG_SIZE(reg->id))) + return -EFAULT; + + return 0; + } + + return -EINVAL; +} + +int kvm_arm_set_fw_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) +{ + if (reg->id == KVM_REG_ARM_PSCI_VERSION) { + void __user *uaddr = (void __user *)(long)reg->addr; + bool wants_02; + u64 val; + + if (copy_from_user(&val, uaddr, KVM_REG_SIZE(reg->id))) + return -EFAULT; + + wants_02 = test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features); + + switch (val) { + case KVM_ARM_PSCI_0_1: + if (wants_02) + return -EINVAL; + vcpu->kvm->arch.psci_version = val; + return 0; + case KVM_ARM_PSCI_0_2: + case KVM_ARM_PSCI_1_0: + if (!wants_02) + return -EINVAL; + vcpu->kvm->arch.psci_version = val; + return 0; + } + } + + return -EINVAL; +} diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 37d56e85036e..0a33ea304e63 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -73,6 +73,9 @@ struct kvm_arch { /* Timer */ struct arch_timer_kvm timer; + + /* Mandated version of PSCI */ + u32 psci_version; }; #define KVM_NR_MEM_OBJS 40 diff --git a/arch/arm64/include/uapi/asm/kvm.h b/arch/arm64/include/uapi/asm/kvm.h index 3051f86a9b5f..702de7a2b024 100644 --- a/arch/arm64/include/uapi/asm/kvm.h +++ b/arch/arm64/include/uapi/asm/kvm.h @@ -195,6 +195,12 @@ struct kvm_arch_memory_slot { #define KVM_REG_ARM_TIMER_CNT ARM64_SYS_REG(3, 3, 14, 3, 2) #define KVM_REG_ARM_TIMER_CVAL ARM64_SYS_REG(3, 3, 14, 0, 2) +/* KVM-as-firmware specific pseudo-registers */ +#define KVM_REG_ARM_FW (0x0014 << KVM_REG_ARM_COPROC_SHIFT) +#define KVM_REG_ARM_FW_REG(r) (KVM_REG_ARM64 | KVM_REG_SIZE_U64 | \ + KVM_REG_ARM_FW | ((r) & 0xffff)) +#define KVM_REG_ARM_PSCI_VERSION KVM_REG_ARM_FW_REG(0) + /* Device Control API: ARM VGIC */ #define KVM_DEV_ARM_VGIC_GRP_ADDR 0 #define KVM_DEV_ARM_VGIC_GRP_DIST_REGS 1 diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c index 3f9e15722473..d3e0a2ffb383 100644 --- a/arch/arm64/kvm/guest.c +++ b/arch/arm64/kvm/guest.c @@ -25,6 +25,7 @@ #include <linux/module.h> #include <linux/vmalloc.h> #include <linux/fs.h> +#include <kvm/arm_psci.h> #include <asm/cputype.h> #include <asm/uaccess.h> #include <asm/kvm.h> @@ -205,7 +206,7 @@ static int get_timer_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) unsigned long kvm_arm_num_regs(struct kvm_vcpu *vcpu) { return num_core_regs() + kvm_arm_num_sys_reg_descs(vcpu) - + NUM_TIMER_REGS; + + kvm_arm_get_fw_num_regs(vcpu) + NUM_TIMER_REGS; } /** @@ -225,6 +226,11 @@ int kvm_arm_copy_reg_indices(struct kvm_vcpu *vcpu, u64 __user *uindices) uindices++; } + ret = kvm_arm_copy_fw_reg_indices(vcpu, uindices); + if (ret) + return ret; + uindices += kvm_arm_get_fw_num_regs(vcpu); + ret = copy_timer_indices(vcpu, uindices); if (ret) return ret; @@ -243,6 +249,9 @@ int kvm_arm_get_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_CORE) return get_core_reg(vcpu, reg); + if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_FW) + return kvm_arm_get_fw_reg(vcpu, reg); + if (is_timer_reg(reg->id)) return get_timer_reg(vcpu, reg); @@ -259,6 +268,9 @@ int kvm_arm_set_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_CORE) return set_core_reg(vcpu, reg); + if ((reg->id & KVM_REG_ARM_COPROC_MASK) == KVM_REG_ARM_FW) + return kvm_arm_set_fw_reg(vcpu, reg); + if (is_timer_reg(reg->id)) return set_timer_reg(vcpu, reg); diff --git a/include/kvm/arm_psci.h b/include/kvm/arm_psci.h index e518e4e3dfb5..4b1548129fa2 100644 --- a/include/kvm/arm_psci.h +++ b/include/kvm/arm_psci.h @@ -37,10 +37,15 @@ static inline int kvm_psci_version(struct kvm_vcpu *vcpu, struct kvm *kvm) * Our PSCI implementation stays the same across versions from * v0.2 onward, only adding the few mandatory functions (such * as FEATURES with 1.0) that are required by newer - * revisions. It is thus safe to return the latest. + * revisions. It is thus safe to return the latest, unless + * userspace has instructed us otherwise. */ - if (test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features)) + if (test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features)) { + if (vcpu->kvm->arch.psci_version) + return vcpu->kvm->arch.psci_version; + return KVM_ARM_PSCI_LATEST; + } return KVM_ARM_PSCI_0_1; } @@ -48,4 +53,11 @@ static inline int kvm_psci_version(struct kvm_vcpu *vcpu, struct kvm *kvm) int kvm_hvc_call_handler(struct kvm_vcpu *vcpu); +struct kvm_one_reg; + +int kvm_arm_get_fw_num_regs(struct kvm_vcpu *vcpu); +int kvm_arm_copy_fw_reg_indices(struct kvm_vcpu *vcpu, u64 __user *uindices); +int kvm_arm_get_fw_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg); +int kvm_arm_set_fw_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg); + #endif /* __KVM_ARM_PSCI_H__ */ -- 2.14.2

7 years, 1 month

2
1
0 0

patch "USB: Accept bulk endpoints with 1024-byte maxpacket" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: Accept bulk endpoints with 1024-byte maxpacket to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From fb5ee84ea72c5f1b6cabdd1c9d6e8648995ca7c6 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Thu, 3 May 2018 11:04:48 -0400 Subject: USB: Accept bulk endpoints with 1024-byte maxpacket Some non-compliant high-speed USB devices have bulk endpoints with a 1024-byte maxpacket size. Although such endpoints don't work with xHCI host controllers, they do work with EHCI controllers. We used to accept these invalid sizes (with a warning), but we no longer do because of an unintentional change introduced by commit aed9d65ac327 ("USB: validate wMaxPacketValue entries in endpoint descriptors"). This patch restores the old behavior, so that people with these peculiar devices can use them without patching their kernels by hand. Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Suggested-by: Elvinas <elvinas(a)veikia.lt> Fixes: aed9d65ac327 ("USB: validate wMaxPacketValue entries in endpoint descriptors") CC: <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/config.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c index c821b4b9647e..7b5cb28ffb35 100644 --- a/drivers/usb/core/config.c +++ b/drivers/usb/core/config.c @@ -191,7 +191,9 @@ static const unsigned short full_speed_maxpacket_maxes[4] = { static const unsigned short high_speed_maxpacket_maxes[4] = { [USB_ENDPOINT_XFER_CONTROL] = 64, [USB_ENDPOINT_XFER_ISOC] = 1024, - [USB_ENDPOINT_XFER_BULK] = 512, + + /* Bulk should be 512, but some devices use 1024: we will warn below */ + [USB_ENDPOINT_XFER_BULK] = 1024, [USB_ENDPOINT_XFER_INT] = 1024, }; static const unsigned short super_speed_maxpacket_maxes[4] = { -- 2.17.0

7 years, 1 month

1
0
0 0

4.14.y needs commit 71546d100422b

by Guenter Roeck

Hi Greg, please pull commit 71546d100422b ("percpu: include linux/sched.h for cond_resched()") into v4.14.y to avoid build errors for microblaze and other architectures. Also, with that many patches queued, can we possibly get more than the usual number of days for testing the next round of stable releases ? Thanks, Guenter

7 years, 1 month

2
6
0 0

[PATCH v4][for 4.17-rc3] cpufreq / CPPC: Set platform specific transition_delay_us

by Prashanth Prakash

Add support to specify platform specific transition_delay_us instead of using the transition delay derived from PCC. With commit "3d41386d556d: cpufreq: CPPC: Use transition_delay_us depending transition_latency" we are setting transition_delay_us directly and not applying the LATENCY_MULTIPLIER. With this on Qualcomm Centriq we can end up with a very high rate of frequency change requests when using schedutil governor (default rate_limit_us=10 compared to an earlier value of 10000). The PCC subspace describes the rate at which the platform can accept commands on the CPPC's PCC channel. This includes read and write command on the PCC channel that can be used for reasons other than frequency transitions. Moreover the same PCC subspace can be used by multiple freq domains and deriving transition_delay_us from it as we do now can be sub-optimal. Moreover if a platform does not use PCC for desired_perf register then there is no way to compute the transition latency or the delay_us. CPPC does not have a standard defined mechanism to get the transition rate or the latency at the moment. Given the above limitations, it is simpler to have a platform specific transition_delay_us and rely on PCC derived value only if a platform specific value is not available. Signed-off-by: Prashanth Prakash <pprakash(a)codeaurora.org> Cc: Viresh Kumar <viresh.kumar(a)linaro.org> Cc: Rafael J. Wysocki <rjw(a)rjwysocki.net> Cc: 4.14+ <stable(a)vger.kernel.org> Fixes: 3d41386d556d ("cpufreq: CPPC: Use transition_delay_us depending transition_latency) --- v2: * Return final delay_us from cppc_cpufreq_get_transition_delay_us (Viresh) v3 and v4: * code style changes (Viresh) --- drivers/cpufreq/cppc_cpufreq.c | 47 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 45 insertions(+), 2 deletions(-) diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c index bc5fc16..1b690f4 100644 --- a/drivers/cpufreq/cppc_cpufreq.c +++ b/drivers/cpufreq/cppc_cpufreq.c @@ -126,6 +126,50 @@ static void cppc_cpufreq_stop_cpu(struct cpufreq_policy *policy) cpu->perf_caps.lowest_perf, cpu_num, ret); } +/* + * The PCC subspace describes the rate at which platform can accept commands + * on the shared PCC channel (including READs which do not count towards freq + * trasition requests), so ideally we need to use the PCC values as a fallback + * if we don't have a platform specific transition_delay_us + */ +#ifdef CONFIG_ARM64 +#include <asm/cputype.h> + +static unsigned int cppc_cpufreq_get_transition_delay_us(int cpu) +{ + unsigned long implementor = read_cpuid_implementor(); + unsigned long part_num = read_cpuid_part_number(); + unsigned int delay_us = 0; + + switch (implementor) { + case ARM_CPU_IMP_QCOM: + switch (part_num) { + case QCOM_CPU_PART_FALKOR_V1: + case QCOM_CPU_PART_FALKOR: + delay_us = 10000; + break; + default: + delay_us = cppc_get_transition_latency(cpu) / + NSEC_PER_USEC; + break; + } + break; + default: + delay_us = cppc_get_transition_latency(cpu) / NSEC_PER_USEC; + break; + } + + return delay_us; +} + +#else + +static unsigned int cppc_cpufreq_get_transition_delay_us(int cpu) +{ + return cppc_get_transition_latency(cpu) / NSEC_PER_USEC; +} +#endif + static int cppc_cpufreq_cpu_init(struct cpufreq_policy *policy) { struct cppc_cpudata *cpu; @@ -162,8 +206,7 @@ static int cppc_cpufreq_cpu_init(struct cpufreq_policy *policy) cpu->perf_caps.highest_perf; policy->cpuinfo.max_freq = cppc_dmi_max_khz; - policy->transition_delay_us = cppc_get_transition_latency(cpu_num) / - NSEC_PER_USEC; + policy->transition_delay_us = cppc_cpufreq_get_transition_delay_us(cpu_num); policy->shared_type = cpu->shared_type; if (policy->shared_type == CPUFREQ_SHARED_TYPE_ANY) { -- Qualcomm Datacenter Technologies on behalf of Qualcomm Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.

7 years, 1 month

4
4
0 0

patch "xhci: Fix use-after-free in xhci_free_virt_device" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xhci: Fix use-after-free in xhci_free_virt_device to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 44a182b9d17765514fa2b1cc911e4e65134eef93 Mon Sep 17 00:00:00 2001 From: Mathias Nyman <mathias.nyman(a)linux.intel.com> Date: Thu, 3 May 2018 17:30:07 +0300 Subject: xhci: Fix use-after-free in xhci_free_virt_device KASAN found a use-after-free in xhci_free_virt_device+0x33b/0x38e where xhci_free_virt_device() sets slot id to 0 if udev exists: if (dev->udev && dev->udev->slot_id) dev->udev->slot_id = 0; dev->udev will be true even if udev is freed because dev->udev is not set to NULL. set dev->udev pointer to NULL in xhci_free_dev() The original patch went to stable so this fix needs to be applied there as well. Fixes: a400efe455f7 ("xhci: zero usb device slot_id member when disabling and freeing a xhci slot") Cc: <stable(a)vger.kernel.org> Reported-by: Guenter Roeck <linux(a)roeck-us.net> Reviewed-by: Guenter Roeck <linux(a)roeck-us.net> Tested-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/xhci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 9b27798ecce5..711da3306b14 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -3621,6 +3621,7 @@ static void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev) del_timer_sync(&virt_dev->eps[i].stop_cmd_timer); } xhci_debugfs_remove_slot(xhci, udev->slot_id); + virt_dev->udev = NULL; ret = xhci_disable_slot(xhci, udev->slot_id); if (ret) xhci_free_virt_device(xhci, udev->slot_id); -- 2.17.0

7 years, 1 month

1
0
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 8e2def054b2b088d18d7009aecf470aa62ab360e: Linux 4.4.129 (2018-04-24 09:32:12 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-26042018 for you to fetch changes up to 2ad01125dde476c91cd8ff0f1d5122243b2582bd: kdb: make "mdr" command repeat (2018-04-26 14:47:05 -0400) - ---------------------------------------------------------------- for-greg-4.4-26042018 - ---------------------------------------------------------------- Alex Estrin (1): IB/ipoib: Fix for potential no-carrier state Alex Williamson (1): PCI: Add function 1 DMA alias quirk for Marvell 9128 Alexandre Belloni (1): rtc: hctosys: Ensure system time doesn't overflow time_t Alexey Dobriyan (1): proc: fix /proc/*/map_files lookup Anders Roxell (1): selftests: memfd: add config fragment for fuse Andrea Parri (2): locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs Andreas Gruenbacher (1): gfs2: Fix fallocate chunk size Andreas Kemnade (1): usb: musb: fix enumeration after resume Andrzej Hajda (5): clk: samsung: s3c2410: Fix PLL rates clk: samsung: exynos5260: Fix PLL rates clk: samsung: exynos5433: Fix PLL rates clk: samsung: exynos5250: Fix PLL rates clk: samsung: exynos3250: Fix PLL rates Anna-Maria Gleixner (1): tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account Arnaldo Carvalho de Melo (1): perf callchain: Fix attr.sample_max_stack setting Arnd Bergmann (5): scsi: fas216: fix sense buffer initialization x86/power: Fix swsusp_arch_resume prototype cifs: silence compiler warnings showing up with gcc-8.0.0 md: raid5: avoid string overflow warning media: s3c-camif: fix out-of-bounds array access Arvind Yadav (2): xen: xenbus: use put_device() instead of kfree() workqueue: use put_device() instead of kfree() Baoquan He (1): x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified Bart Van Assche (1): scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() Benjamin Poirier (1): e1000e: Fix check_for_link return value with autoneg off Bjorn Andersson (1): pinctrl: msm: Use dynamic GPIO numbering Brad Love (3): media: cx23885: Override 888 ImpactVCBe crystal frequency media: cx23885: Set subdev host data to clk_freq pointer media: em28xx: USB bulk packet size fix Bryan O'Donoghue (1): rtc: snvs: Fix usage of snvs_rtc_enable Carlos Maiolino (1): Force log to disk before reading the AGF during a fstrim Cathy Zhou (1): sunvnet: does not support GSO for sctp Chad Dupuis (1): scsi: bnx2fc: Fix check in SCSI completion handler for timed out request Chen Yu (1): ACPI: processor_perflib: Do not send _PPC change notification if not ready Chien Tin Tung (1): RDMA/ucma: Correct option size check using optlen Chris Dickens (1): usb: gadget: composite: fix incorrect handling of OS desc requests Christophe JAILLET (1): regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' Chunyu Hu (1): cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path Claudio Imbrenda (1): mm/ksm: fix interaction with THP Claudiu Manoil (1): gianfar: Fix Rx byte accounting for ndev stats Colin Ian King (4): clocksource/drivers/fsl_ftm_timer: Fix error return checking staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr rtc: tx4939: avoid unintended sign extension on a 24 bit shift media: cx25821: prevent out-of-bounds read on array card Coly Li (2): bcache: properly set task state in bch_writeback_thread() bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set Cong Wang (1): llc: properly handle dev_queue_xmit() return value Dan Carpenter (5): ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() scsi: sym53c8xx_2: iterator underflow in sym_getsync() scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() xen/acpi: off by one in read_acpi_id() Danilo Krummrich (1): fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table Dave Airlie (1): virtio-gpu: fix ioctl and expose the fixed status to userspace. Dave Carroll (1): scsi: aacraid: Insure command thread is not recursively stopped Dave Hansen (1): x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init David Ahern (1): selftests: Add FIB onlink tests David Howells (1): fscache: Fix hanging wait on page discarded by writeback David Lechner (1): ARM: davinci_all_defconfig: set CONFIG_DAVINCI_WATCHDOG=y David Rientjes (1): kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE David S. Miller (1): sparc64: Make atomic_xchg() an inline function rather than a macro. Davidlohr Bueso (1): sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning Emmanuel Grumbach (1): mac80211: don't WARN on bad WMM parameters from buggy APs Eric Dumazet (6): smsc75xx: fix smsc75xx_set_features() percpu: add a schedule point in pcpu_balance_workfn() r8152: fix tx packets accounting crypto: af_alg - fix possible uninit-value in alg_bind() soreuseport: initialise timewait reuseport field dccp: initialize ireq->ir_mark Erik Schmauss (1): ACPICA: Events: add a return on failure from acpi_hw_register_read Esben Haabendal (2): dp83640: Ensure against premature access to PHY registers after reset ARM: dts: ls1021a: Specify TBIPA register address Felix Fietkau (1): mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 Filip Sadowski (1): i40e: Add delay after EMP reset for firmware to recover Filipe Manana (2): Btrfs: send, fix issuing write op when processing hole in no data mode Btrfs: fix copy_items() return value when logging an inode Florian Fainelli (1): net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() Florian Westphal (2): netfilter: ebtables: convert BUG_ONs to WARN_ONs netfilter: ebtables: fix erroneous reject of last rule Frank Asseg (1): tools/thermal: tmon: fix for segfault Fredrik Noring (1): USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM Geert Uytterhoeven (7): ARM: OMAP1: clock: Fix debugfs_create_*() usage serial: xuartps: Fix out-of-bounds access through DT alias serial: samsung: Fix out-of-bounds access through serial port index serial: mxs-auart: Fix out-of-bounds access through serial port index serial: imx: Fix out-of-bounds access through serial port index serial: fsl_lpuart: Fix out-of-bounds access through DT alias serial: arc_uart: Fix out-of-bounds access through DT alias Giuseppe Lippolis (1): net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 Govindarajulu Varadarajan (1): enic: enable rq before updating rq descriptors Greg Ungerer (1): m68k: set dma and coherent masks for platform FEC ethernets Gregory CLEMENT (2): mailmap: Update email address for Gregory CLEMENT i2c: mv64xxx: Apply errata delay only in standard mode Grigor Tovmasyan (1): usb: dwc2: Fix interval type issue Guanglei Li (1): RDS: IB: Fix null pointer issue Guenter Roeck (4): watchdog: sp5100_tco: Fix watchdog disable bit hwmon: (nct6775) Fix writing pwmX_mode hwmon: (pmbus/max8688) Accept negative page register values hwmon: (pmbus/adm1275) Accept negative page register values Hannes Reinecke (1): scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM Hector Martin (1): firewire-ohci: work around oversized DMA reads on JMicron controllers Helge Deller (1): parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode Huang Ying (1): mm: fix races between address_space dereference and free in page_evicatable Igor Pylypiv (1): watchdog: f71808e_wdt: Fix magic close handling Ivan Gorinov (2): x86/devicetree: Initialize device tree before using it x86/devicetree: Fix device IRQ settings in DT Jake Daryll Obina (1): jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path James Smart (3): scsi: lpfc: Fix issue_lip if link is disabled scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing scsi: lpfc: Fix frequency of Release WQE CQEs Jan Chochol (1): nfs: Do not convert nfs_idmap_cache_timeout to jiffies Jan Kara (1): udf: Provide saner default for invalid uid / gid Jason Yan (1): scsi: libsas: defer ata device eh commands to libata Jay Vosburgh (1): virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS Jean Delvare (1): firmware: dmi_scan: Fix handling of empty DMI strings Jeff Mahoney (1): btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers Jens Axboe (1): sr: get/drop reference to device in revalidate and check_events Jeremy Cline (1): scsi: sd: Keep disk read-only when re-reading partition Jesper Dangaard Brouer (1): tools/libbpf: handle issues with bpf ELF objects containing .eh_frames Jianchao Wang (1): nvme-pci: Fix nvme queue cleanup if IRQ setup fails Jiandi An (1): ima: Fix Kconfig to select TPM 2.0 CRB interface Jinbum Park (1): ARM: 8748/1: mm: Define vdso_start, vdso_end as array Jiri Olsa (2): perf tests: Use arch__compare_symbol_names to compare symbols perf report: Fix memory corruption in --branch-history mode --branch-history Joe Perches (1): MIPS: Octeon: Fix logging messages with spurious periods after newlines Joerg Roedel (1): x86/pgtable: Don't set huge PUD/PMD on non-leaf entries Joey Pabalinas (1): net/tcp/illinois: replace broken algorithm reference link Johannes Berg (1): regulatory: add NUL to request alpha2 John Keeping (1): usb: gadget: f_uac2: fix bFirstInterface in composite gadget Joonsoo Kim (1): ARM: CMA: avoid double mapping to the CMA area if CONFIG_HIGHMEM=y Jun Piao (1): ocfs2/dlm: don't handle migrate lockres if already in shutdown Kamlakant Patel (1): ipmi_ssif: Fix kernel panic at msg_done_handler Karthikeyan Periyasamy (2): Revert "ath10k: send (re)assoc peer command when NSS changed" ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) Kees Cook (1): NFC: llcp: Limit size of SDP URI Kirill A. Shutemov (1): asm-generic: provide generic_pmdp_establish() Kristian Evensen (1): USB: serial: option: Add support for Quectel EP06 Larry Finger (1): Bluetooth: btusb: Add device ID for RTL8822BE Lars-Peter Clausen (2): usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS usb: gadget: ffs: Execute copy_to_user() with USER_DS set Lenny Szubowicz (1): ACPI: acpi_pad: Fix memory leak in power saving threads Leon Romanovsky (2): RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure net/mlx5: Protect from command bit overflow Linus LÃ¼ssing (2): batman-adv: fix multicast-via-unicast transmission with AP isolation batman-adv: fix packet loss for broadcasted DHCP packets to a server Liu Bo (4): Btrfs: set plug for fsync Btrfs: fix scrub to repair raid6 corruption Btrfs: bail out on error during replay_dir_deletes Btrfs: fix NULL pointer dereference in log_dir_items Logan Gunthorpe (1): ntb_transport: Fix bug with max_mw_size parameter Madhavan Srinivasan (1): powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer Manish Rangankar (1): scsi: qla4xxx: skip error recovery in case of register disconnect. Mark Lord (1): powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access Mark Salter (1): irqchip/gic-v3: Change pr_debug message to pr_devel Markus Elfring (1): drm/exynos: g2d: Delete an error message for a failed memory allocation in two functions Masami Hiramatsu (5): selftests: ftrace: Add probe event argument syntax testcase selftests: ftrace: Add a testcase for string type with kprobe_event selftests: ftrace: Add a testcase for probepoint tracing/uprobe_event: Fix strncpy corner case media: vb2: Fix videobuf2 to map correct area Mathias Kresin (1): MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset Mathias Nyman (1): xhci: zero usb device slot_id member when disabling and freeing a xhci slot Mathieu Malaterre (1): powerpc: Add missing prototype for arch_irq_work_raise() Matt Redfearn (1): MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS Matthias Schiffer (3): batman-adv: fix packet checksum in receive path batman-adv: invalidate checksum on fragment reassembly batman-adv: fix header size check in batadv_dbg_arp() Maurizio Lombardi (1): cdrom: do not call check_disk_change() inside cdrom_open() Mauro Carvalho Chehab (1): media: dmxdev: fix error code for invalid ioctls Meelis Roos (1): scsi: aacraid: fix shutdown crash when init fails Mel Gorman (1): mm: pin address_space before dereferencing it while isolating an LRU page Merlijn Wajer (1): usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers Michael Bringmann (2): powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes powerpc/numa: Ensure nodes initialized for hotplug Michael Chan (1): bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa(). Michael Ellerman (5): selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable powerpc/mpic: Check if cpu_possible() in mpic_physmask() powerpc/perf: Fix kernel address leak via sampling registers selftests: Print the test we're running to /dev/kmsg powerpc/pseries: Make plpar_wrappers.h safe to include when PSERIES=n Michael Kelley (EOSG) (1): scsi: storvsc: Increase cmd_per_lun for higher speed devices Michael Schmitz (1): zorro: Set up z->dev.dma_mask for the DMA API NeilBrown (1): NFSv4: always set NFS_LOCK_LOST when a lock is lost. Nikolay Borisov (2): btrfs: Fix out of bounds access in btrfs_search_slot btrfs: Fix possible softlock on single core machines Paolo Bonzini (1): kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl Paul Mackerras (1): KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing Pawel Dembicki (1): net: qmi_wwan: add BroadMobi BM806U 2020:2033 Peter Malone (1): fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). Peter Robinson (1): crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss Peter Xu (1): iommu/vt-d: Use domain instead of cache fetching Peter Zijlstra (1): perf/core: Fix perf_output_read_group() Petr Vorel (1): ima: Fallback to the builtin hash algorithm Philipp Puschmann (1): arm: dts: socfpga: fix GIC PPI warning Pierre-Yves Kerbrat (1): e1000e: allocate ring descriptors with dma_zalloc_coherent Prashant Bhole (1): selftests/net: fixes psock_fanout eBPF test case Qi Hou (2): ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt dmaengine: pl330: fix a race condition in case of threaded irqs Qu Wenruo (1): btrfs: tests/qgroup: Fix wrong tree backref level Rafael J. Wysocki (1): PCI: Restore config space on runtime resume despite being unbound Randy Dunlap (2): fs/signalfd: fix build error for BUS_MCEERR_AR kdb: make "mdr" command repeat Ranjani Sridharan (1): ASoC: topology: create TLV data for dapm widgets Rich Felker (1): sh: fix debug trap failure to process signals before return to user Richard Guy Briggs (1): audit: return on memory error to avoid null pointer dereference Richard Haines (1): netlabel: If PF_INET6, check sk_buff ip header version Rob Herring (1): microblaze: switch to NO_BOOTMEM Roger Pau Monne (1): xen/pirq: fix error path cleanup when binding MSIs Ross Lagerwall (2): xen-netfront: Fix race between device setup and open xen/grant-table: Use put_page instead of free_page Sabrina Dubroca (1): ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu Samuel Neves (1): x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations Sean Christopherson (1): KVM: VMX: raise internal error for exception during invalid protected mode state Sebastian Ott (2): s390/cio: fix return code after missing interrupt s390/cio: clear timer when terminating driver I/O Seunghun Han (1): ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c Shawn Lin (2): clk: Don't show the incorrect clock phase clk: rockchip: Prevent calculating mmc phase if clock rate is zero Shunyong Yang (1): cpufreq: CPPC: Initialize shared perf capabilities of CPUs Sinan Kaya (1): net: qlge: Eliminate duplicate barriers on weakly-ordered archs Song Liu (1): perf/cgroup: Fix child event counting bug Stefan Agner (1): usb: gadget: fsl_udc_core: fix ep valid checks Stefano Brivio (2): vti4: Don't count header length twice on tunnel setup vti4: Don't override MTU passed on link creation via IFLA_MTU Steven Rostedt (VMware) (2): tools lib traceevent: Simplify pointer print logic and fix %pF tools lib traceevent: Fix get_field_str() for dynamic strings Sujit Reddy Thumma (1): scsi: ufs: Enable quirk to ignore sending WRITE_SAME command Sylwester Nawrocki (1): ASoC: samsung: i2s: Ensure the RCLK rate is properly determined Takashi Iwai (2): ALSA: hda - Use IS_REACHABLE() for dependency on input ALSA: vmaster: Propagate slave error Tang Junhui (4): bcache: fix for allocator and register thread race bcache: fix for data collapse after re-attaching an attached device bcache: return attach error when no cache set exist bcache: fix kcrashes with fio in RAID5 backend dev Thinh Nguyen (1): usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields Thomas Vincent-Cross (1): PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 Tom Abraham (1): swap: divide-by-zero when zero length swap file on ssd Tony Lindgren (2): ARM: OMAP3: Fix prm wake interrupt for resume ARM: OMAP: Fix dmtimer init for omap1 Torsten Hilbrich (1): net/usb/qmi_wwan.c: Add USB id for lt4120 modem Toshiaki Makita (2): net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off net: Fix untag for vlan packets without ethernet header Ulf Magnusson (4): kconfig: Don't leak main menus during parsing kconfig: Fix automatic menu creation mem leak kconfig: Fix expr_free() E_NOT leak ARC: Fix malformed ARC_EMUL_UNALIGNED default Vaibhav Jain (1): powerpc/xmon: Setup debugger hooks when first break-point is set Vardan Mikayelyan (1): usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() Vicente Bergas (1): Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB Vinayak Menon (1): mm/kmemleak.c: wait for scan completion before disabling free Vitaly Kuznetsov (1): KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use Wei Yongjun (1): ipmi/powernv: Fix error return code in ipmi_powernv_probe() Will Deacon (2): arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics locking/qspinlock: Ensure node->count is updated before initialising node Wolfram Sang (2): drm/exynos: fix comparison to bitshift when dealing with a mask usb: gadget: udc: change comparison to bitshift when dealing with a mask Xin Long (1): sit: fix IFLA_MTU ignored on NEWLINK Xose Vazquez Perez (1): scsi: devinfo: fix format of the device list Yelena Krivosheev (1): net: mvneta: fix enable of all initialized RXQs Yisheng Xie (3): mm/mempolicy: fix the check of nodemask from user mm/mempolicy: add nodes_empty check in SYSC_migrate_pages mm/mempolicy.c: avoid use uninitialized preferred_node Yonghong Song (1): bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y Yoshihiro Shimoda (1): dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 Yufen Yu (2): md raid10: fix NULL deference in handle_write_completed() md/raid1: fix NULL pointer dereference lionel.debieve(a)st.com (1): hwrng: stm32 - add reset during probe mulhern (1): dm thin: fix documentation relative to low water mark threshold piaojun (3): ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute ocfs2: return error when we attempt to access a dirty bh in jbd2 weiyongjun (A) (1): mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() Ã~rjan Eide (1): drm/rockchip: Respect page offset for PRIME mmap calls .mailmap | 1 + Documentation/device-mapper/thin-provisioning.txt | 8 +- arch/alpha/include/asm/xchg.h | 30 +- arch/arc/Kconfig | 1 - arch/arm/boot/dts/ls1021a.dtsi | 3 +- arch/arm/boot/dts/socfpga.dtsi | 2 +- arch/arm/configs/davinci_all_defconfig | 2 +- arch/arm/include/asm/vdso.h | 2 - arch/arm/kernel/vdso.c | 12 +- arch/arm/mach-omap1/clock.c | 6 +- arch/arm/mach-omap2/pm.c | 4 +- arch/arm/mach-omap2/timer.c | 19 +- arch/arm/mm/dma-mapping.c | 16 +- arch/arm/plat-omap/dmtimer.c | 7 +- arch/arm64/include/asm/spinlock.h | 4 +- arch/m68k/coldfire/device.c | 12 +- arch/microblaze/Kconfig | 1 + arch/microblaze/mm/init.c | 56 +-- arch/mips/cavium-octeon/octeon-irq.c | 10 +- arch/mips/include/asm/mach-ath79/ar71xx_regs.h | 2 +- arch/mips/txx9/rbtx4939/setup.c | 4 +- arch/powerpc/include/asm/irq_work.h | 1 + arch/powerpc/include/asm/plpar_wrappers.h | 4 + arch/powerpc/kvm/book3s_hv.c | 12 +- arch/powerpc/mm/numa.c | 78 ++++- arch/powerpc/net/bpf_jit_comp.c | 3 + arch/powerpc/perf/core-book3s.c | 25 ++ arch/powerpc/sysdev/mpic.c | 2 +- arch/powerpc/xmon/xmon.c | 17 +- arch/sh/kernel/entry-common.S | 2 +- arch/sparc/include/asm/atomic_64.h | 6 +- arch/x86/kernel/apic/apic.c | 2 +- arch/x86/kernel/devicetree.c | 21 +- arch/x86/kernel/smpboot.c | 1 + arch/x86/kvm/lapic.c | 10 +- arch/x86/kvm/vmx.c | 20 +- arch/x86/kvm/x86.c | 7 +- arch/x86/mm/pageattr.c | 6 +- arch/x86/mm/pgtable.c | 9 + arch/x86/power/hibernate_32.c | 2 +- arch/x86/power/hibernate_64.c | 2 +- crypto/af_alg.c | 8 +- drivers/acpi/acpi_pad.c | 3 + drivers/acpi/acpica/evevent.c | 9 +- drivers/acpi/acpica/nseval.c | 8 + drivers/acpi/processor_perflib.c | 2 +- drivers/block/paride/pcd.c | 2 + drivers/bluetooth/btusb.c | 6 + drivers/cdrom/cdrom.c | 3 - drivers/cdrom/gdrom.c | 3 + drivers/char/hw_random/stm32-rng.c | 9 + drivers/char/ipmi/ipmi_powernv.c | 5 +- drivers/char/ipmi/ipmi_ssif.c | 4 +- drivers/clk/clk.c | 3 + drivers/clk/rockchip/clk-mmc-phase.c | 23 ++ drivers/clk/samsung/clk-exynos3250.c | 4 +- drivers/clk/samsung/clk-exynos5250.c | 8 +- drivers/clk/samsung/clk-exynos5260.c | 2 +- drivers/clk/samsung/clk-exynos5433.c | 12 +- drivers/clk/samsung/clk-s3c2410.c | 16 +- drivers/clocksource/fsl_ftm_timer.c | 2 +- drivers/cpufreq/cppc_cpufreq.c | 23 +- drivers/crypto/sunxi-ss/sun4i-ss-core.c | 1 + drivers/dma/pl330.c | 6 +- drivers/dma/sh/rcar-dmac.c | 2 +- drivers/firewire/ohci.c | 8 +- drivers/firmware/dmi_scan.c | 22 +- drivers/gpu/drm/exynos/exynos_drm_g2d.c | 6 +- drivers/gpu/drm/exynos/regs-fimc.h | 2 +- drivers/gpu/drm/rockchip/rockchip_drm_gem.c | 7 +- drivers/gpu/drm/virtio/virtgpu_ioctl.c | 17 +- drivers/hid/hid-roccat-kovaplus.c | 2 + drivers/hwmon/nct6775.c | 10 +- drivers/hwmon/pmbus/adm1275.c | 4 +- drivers/hwmon/pmbus/max8688.c | 2 +- drivers/i2c/busses/i2c-mv64xxx.c | 8 +- drivers/ide/ide-cd.c | 2 + drivers/infiniband/core/ucma.c | 2 +- drivers/infiniband/hw/mlx5/qp.c | 5 +- drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 + drivers/iommu/intel-iommu.c | 3 +- drivers/irqchip/irq-gic-v3.c | 2 +- drivers/md/bcache/alloc.c | 4 +- drivers/md/bcache/bcache.h | 2 +- drivers/md/bcache/btree.c | 9 +- drivers/md/bcache/request.c | 2 +- drivers/md/bcache/super.c | 23 +- drivers/md/bcache/sysfs.c | 11 +- drivers/md/bcache/writeback.c | 27 +- drivers/md/raid1.c | 11 + drivers/md/raid10.c | 6 +- drivers/md/raid5.c | 7 +- drivers/media/dvb-core/dmxdev.c | 2 +- drivers/media/pci/cx23885/cx23885-cards.c | 4 + drivers/media/pci/cx23885/cx23885-core.c | 10 + drivers/media/pci/cx25821/cx25821-core.c | 7 +- drivers/media/platform/s3c-camif/camif-capture.c | 7 +- drivers/media/usb/em28xx/em28xx.h | 2 +- drivers/media/v4l2-core/videobuf2-vmalloc.c | 2 +- drivers/message/fusion/mptctl.c | 2 + drivers/net/ethernet/broadcom/bgmac.c | 3 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 3 + drivers/net/ethernet/cisco/enic/enic_main.c | 10 +- drivers/net/ethernet/freescale/gianfar.c | 7 +- drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 +- drivers/net/ethernet/intel/e1000e/mac.c | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 11 + drivers/net/ethernet/marvell/mvneta.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 2 +- drivers/net/ethernet/qlogic/qlge/qlge.h | 16 + drivers/net/ethernet/qlogic/qlge/qlge_main.c | 3 +- drivers/net/ethernet/sun/sunvnet.c | 2 +- drivers/net/phy/dp83640.c | 18 + drivers/net/usb/qmi_wwan.c | 5 + drivers/net/usb/r8152.c | 2 +- drivers/net/usb/smsc75xx.c | 7 +- drivers/net/virtio_net.c | 2 +- drivers/net/wireless/ath/ath10k/mac.c | 15 +- drivers/net/wireless/mac80211_hwsim.c | 4 +- drivers/net/xen-netfront.c | 46 +-- drivers/ntb/ntb_transport.c | 3 + drivers/nvme/host/pci.c | 5 +- drivers/parisc/lba_pci.c | 20 +- drivers/pci/pci-driver.c | 17 +- drivers/pci/quirks.c | 5 + drivers/pinctrl/qcom/pinctrl-msm.c | 2 +- drivers/regulator/of_regulator.c | 1 + drivers/rtc/hctosys.c | 5 + drivers/rtc/rtc-snvs.c | 15 +- drivers/rtc/rtc-tx4939.c | 6 +- drivers/s390/cio/device_fsm.c | 7 +- drivers/s390/cio/io_sch.h | 1 + drivers/scsi/aacraid/commsup.c | 4 +- drivers/scsi/aacraid/linit.c | 5 +- drivers/scsi/arm/fas216.c | 2 +- drivers/scsi/bnx2fc/bnx2fc_io.c | 1 + drivers/scsi/libsas/sas_scsi_host.c | 33 +- drivers/scsi/lpfc/lpfc_attr.c | 5 + drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_sli.c | 2 + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +- drivers/scsi/qla2xxx/qla_isr.c | 6 +- drivers/scsi/qla4xxx/ql4_def.h | 2 + drivers/scsi/qla4xxx/ql4_os.c | 46 +++ drivers/scsi/scsi_devinfo.c | 7 +- drivers/scsi/sd.c | 3 +- drivers/scsi/sr.c | 21 +- drivers/scsi/storvsc_drv.c | 2 +- drivers/scsi/sym53c8xx_2/sym_hipd.c | 2 +- drivers/scsi/ufs/ufshcd.c | 2 + drivers/staging/rtl8192u/r8192U_core.c | 2 + drivers/tty/serial/arc_uart.c | 5 + drivers/tty/serial/fsl_lpuart.c | 4 + drivers/tty/serial/imx.c | 6 + drivers/tty/serial/mxs-auart.c | 4 + drivers/tty/serial/samsung.c | 4 + drivers/tty/serial/xilinx_uartps.c | 2 +- drivers/usb/dwc2/core.h | 2 +- drivers/usb/dwc2/gadget.c | 12 +- drivers/usb/dwc3/core.h | 2 + drivers/usb/gadget/composite.c | 40 ++- drivers/usb/gadget/function/f_fs.c | 6 +- drivers/usb/gadget/function/f_uac2.c | 2 + drivers/usb/gadget/udc/fsl_udc_core.c | 4 +- drivers/usb/gadget/udc/goku_udc.h | 2 +- drivers/usb/host/ohci-hcd.c | 3 +- drivers/usb/host/xhci-mem.c | 2 + drivers/usb/musb/musb_core.c | 5 +- drivers/usb/serial/option.c | 7 + drivers/video/fbdev/sbuslib.c | 4 +- drivers/watchdog/f71808e_wdt.c | 3 +- drivers/watchdog/sp5100_tco.h | 2 +- drivers/xen/events/events_base.c | 4 +- drivers/xen/grant-table.c | 4 +- drivers/xen/xen-acpi-processor.c | 6 +- drivers/xen/xenbus/xenbus_probe.c | 5 +- drivers/zorro/zorro.c | 12 + fs/btrfs/ctree.c | 12 +- fs/btrfs/disk-io.c | 2 +- fs/btrfs/extent-tree.c | 1 + fs/btrfs/file.c | 9 + fs/btrfs/raid56.c | 18 +- fs/btrfs/send.c | 3 + fs/btrfs/tests/qgroup-tests.c | 2 +- fs/btrfs/tree-log.c | 12 +- fs/btrfs/volumes.c | 9 +- fs/cifs/cifssmb.c | 4 +- fs/fscache/page.c | 13 +- fs/gfs2/file.c | 5 +- fs/gfs2/quota.h | 2 + fs/jffs2/fs.c | 1 - fs/nfs/nfs4proc.c | 12 +- fs/nfs/nfs4state.c | 5 +- fs/nfs/nfs4sysctl.c | 2 +- fs/ocfs2/acl.c | 6 + fs/ocfs2/dlm/dlmdomain.c | 14 - fs/ocfs2/dlm/dlmdomain.h | 25 +- fs/ocfs2/dlm/dlmrecovery.c | 9 + fs/ocfs2/journal.c | 23 +- fs/ocfs2/super.c | 5 +- fs/ocfs2/xattr.c | 2 + fs/proc/base.c | 29 +- fs/proc/proc_sysctl.c | 3 + fs/signalfd.c | 15 +- fs/udf/super.c | 5 +- fs/xfs/xfs_discard.c | 14 +- include/asm-generic/pgtable.h | 15 + include/linux/suspend.h | 2 + include/linux/usb/composite.h | 3 + include/net/inet_timewait_sock.h | 1 + include/net/ip.h | 11 +- include/net/ip_fib.h | 1 + include/net/llc_conn.h | 2 +- include/net/mac80211.h | 2 +- include/net/regulatory.h | 2 +- include/net/route.h | 3 +- include/trace/events/timer.h | 20 +- include/uapi/drm/virtgpu_drm.h | 1 + include/uapi/linux/if_ether.h | 1 + kernel/audit.c | 2 + kernel/debug/kdb/kdb_main.c | 27 +- kernel/events/core.c | 24 +- kernel/locking/qspinlock.c | 8 + kernel/power/power.h | 3 - kernel/relay.c | 2 +- kernel/sched/rt.c | 2 + kernel/trace/trace_uprobe.c | 2 + kernel/workqueue.c | 2 +- lib/test_bpf.c | 31 +- mm/kmemleak.c | 12 +- mm/ksm.c | 28 ++ mm/mempolicy.c | 36 +- mm/percpu.c | 1 + mm/swapfile.c | 4 + mm/vmscan.c | 22 +- net/batman-adv/distributed-arp-table.c | 2 +- net/batman-adv/fragmentation.c | 3 +- net/batman-adv/gateway_client.c | 3 + net/batman-adv/multicast.c | 4 +- net/batman-adv/soft-interface.c | 8 +- net/bridge/netfilter/ebtables.c | 33 +- net/core/skbuff.c | 9 +- net/dccp/ipv4.c | 1 + net/dccp/ipv6.c | 1 + net/ipv4/inet_timewait_sock.c | 1 + net/ipv4/ip_vti.c | 2 - net/ipv4/route.c | 26 +- net/ipv4/tcp_illinois.c | 2 +- net/ipv4/xfrm4_policy.c | 1 + net/ipv6/sit.c | 7 + net/llc/llc_c_ac.c | 15 +- net/llc/llc_conn.c | 32 +- net/mac80211/mlme.c | 3 +- net/netlabel/netlabel_unlabeled.c | 10 + net/nfc/llcp_commands.c | 4 + net/nfc/netlink.c | 3 +- net/rds/ib.c | 3 +- scripts/kconfig/expr.c | 2 +- scripts/kconfig/menu.c | 1 + scripts/kconfig/zconf.y | 33 +- security/integrity/ima/Kconfig | 1 + security/integrity/ima/ima_crypto.c | 2 + security/integrity/ima/ima_main.c | 13 + sound/core/vmaster.c | 5 +- sound/pci/hda/Kconfig | 1 - sound/pci/hda/patch_realtek.c | 5 + sound/soc/au1x/ac97c.c | 6 +- sound/soc/samsung/i2s.c | 13 +- sound/soc/soc-topology.c | 3 + tools/lib/bpf/libbpf.c | 26 ++ tools/lib/traceevent/event-parse.c | 17 +- tools/lib/traceevent/parse-filter.c | 10 +- tools/perf/tests/vmlinux-kallsyms.c | 2 +- tools/perf/util/evsel.c | 8 +- tools/perf/util/hist.c | 4 +- tools/perf/util/hist.h | 1 - tools/testing/selftests/Makefile | 1 + .../ftrace/test.d/kprobe/kprobe_args_string.tc | 46 +++ .../ftrace/test.d/kprobe/kprobe_args_syntax.tc | 97 ++++++ .../selftests/ftrace/test.d/kprobe/probepoint.tc | 43 +++ tools/testing/selftests/memfd/config | 1 + tools/testing/selftests/net/fib-onlink-tests.sh | 375 +++++++++++++++++++++ tools/testing/selftests/net/psock_fanout.c | 3 +- tools/testing/selftests/powerpc/mm/subpage_prot.c | 14 + tools/thermal/tmon/sysfs.c | 12 +- tools/thermal/tmon/tmon.c | 1 - 287 files changed, 2221 insertions(+), 625 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_string.tc create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_syntax.tc create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/probepoint.tc create mode 100644 tools/testing/selftests/memfd/config create mode 100755 tools/testing/selftests/net/fib-onlink-tests.sh -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlrihG4ACgkQ3qZv95d3 LNxN5w//aXWCPDFRr+hEo1nYIonuomWEgS0Alpe9urOn9PD/h7G7h9lB5q36oI9N xBAsyPWb8jPQLjIXunXYNfwdqh4gS5XipXJ41+/+HX0YAhAFcTMp9IqzpeVOlTQX 0qegQMyh/iT5jaok0nA0+1xWT2mrRWQJ28klozGKNCubiyCBL8EkMMAgYe9+3nsa G/naOVdW8JiJN7y507B1NS99kXRZzYB79BzyZzHWrspkggx8N6LhRK+GkjcGDvTp R01sn8L7cZ9SGhO6tEAgTQOPB2AnbjiNr4uAH+mhkBJ9x2md7FgKNVMxiSYrABrd 4YNrK3ceb7+XlDaPMTC20OyiEb+/APmpafMr9uvXgJgak5IcXC0+OBQgVGCrHR+V ENH1lfQHc108GSFoMHOT2t1QUa2fQU2pqs9H5ZWxPiKirlEykGvBz+18gq520Pn+ uJ5XpPDEPxFrnIefHBTyhS5fmQjX2yQFLn8LNzOqLtyeZYrPfBwes+o4ZfWQ6TxB yGx/dMw+iQ9A+mfGJKzpTqQdUy4fqB/E2sQH25wGHFu3aKE8ETeMgJV8lPrvi9l2 7smBq/h4aJxMeGbhKMVsEtWfcR+RGHOxotPcJR1hyQlFOhVQVn5LZ1BKarlPSboL 6BpShrAc1UEy8W+muiFV82FOnph9JZ/NtUfzDOKoTBEoGQ9tmzI= =bhQX -----END PGP SIGNATURE-----

7 years, 1 month

7
15
0 0

4.9.y/4.14.y drm/sun4i build error

by Dan Rue

Please drop 'drm/sun4i: rgb: Fix potential division by zero' from 4.9.y/4.14.y. CC [M] drivers/gpu/drm/sun4i/sun4i_rgb.o ../drivers/gpu/drm/sun4i/sun4i_rgb.c: In function ‘sun4i_rgb_mode_valid’: ../drivers/gpu/drm/sun4i/sun4i_rgb.c:96:6: error: ‘struct sun4i_tcon’ has no member named ‘dclk_min_div’ tcon->dclk_min_div = 6; ^~ ../drivers/gpu/drm/sun4i/sun4i_rgb.c:97:6: error: ‘struct sun4i_tcon’ has no member named ‘dclk_max_div’ tcon->dclk_max_div = 127; ^~ make[5]: *** [../scripts/Makefile.build:294: drivers/gpu/drm/sun4i/sun4i_rgb.o] Error 1 make[4]: *** [../scripts/Makefile.build:544: drivers/gpu/drm/sun4i] Error 2 make[3]: *** [../scripts/Makefile.build:544: drivers/gpu/drm] Error 2 make[2]: *** [../scripts/Makefile.build:544: drivers/gpu] Error 2 make[1]: *** [/home/drue/src/linux/4.9-rc/Makefile:1006: drivers] Error 2 make[1]: Leaving directory '/home/drue/src/linux/4.9-rc/build-arm' make: *** [Makefile:152: sub-make] Error 2 Greg - is there a way that I can tell which build and boot problems 0-day is reporting so that I don't duplicate work on either of our sides? Thanks, Dan

7 years, 1 month

3
3
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 5cd35f3eb5384f30d1a10d87f088bacd8839c22b: Linux 4.9.96 (2018-04-24 09:34:18 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-26042018 for you to fetch changes up to f9563f278dffebdbb73c007e3b73c72b8084f6d7: kdb: make "mdr" command repeat (2018-04-26 11:31:54 -0400) - ---------------------------------------------------------------- for-greg-4.9-26042018 - ---------------------------------------------------------------- Aapo Vienamo (1): ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet Aaro Koskinen (1): drivers: macintosh: rack-meter: really fix bogus memsets Alex Estrin (1): IB/ipoib: Fix for potential no-carrier state Alex Williamson (1): PCI: Add function 1 DMA alias quirk for Marvell 9128 Alexandre Belloni (1): rtc: hctosys: Ensure system time doesn't overflow time_t Alexey Dobriyan (1): proc: fix /proc/*/map_files lookup Alexey Kodanev (1): macvlan: fix use-after-free in macvlan_common_newlink() Anand Jain (1): btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP Anders Roxell (1): selftests: memfd: add config fragment for fuse Andrea Parri (2): locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs Andreas Gruenbacher (1): gfs2: Fix fallocate chunk size Andreas Kemnade (1): usb: musb: fix enumeration after resume Andrzej Hajda (6): clk: samsung: s3c2410: Fix PLL rates clk: samsung: exynos7: Fix PLL rates clk: samsung: exynos5260: Fix PLL rates clk: samsung: exynos5433: Fix PLL rates clk: samsung: exynos5250: Fix PLL rates clk: samsung: exynos3250: Fix PLL rates Andy Shevchenko (1): device property: Define type of PROPERTY_ENRTY_*() macros Andy Spencer (1): gianfar: prevent integer wrapping in the rx handler Anna-Maria Gleixner (1): tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account Arjun Vynipadath (2): cxgb4: Setup FW queues before registering netdev cxgb4: Fix queue free path of ULD drivers Arnaldo Carvalho de Melo (1): perf callchain: Fix attr.sample_max_stack setting Arnd Bergmann (6): scsi: fas216: fix sense buffer initialization x86/power: Fix swsusp_arch_resume prototype cifs: silence compiler warnings showing up with gcc-8.0.0 drm/exynos: g2d: use monotonic timestamps md: raid5: avoid string overflow warning media: s3c-camif: fix out-of-bounds array access Arvind Yadav (2): xen: xenbus: use put_device() instead of kfree() workqueue: use put_device() instead of kfree() Baoquan He (1): x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified Bart Van Assche (1): scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() Benjamin Poirier (1): e1000e: Fix check_for_link return value with autoneg off Benoit Parrot (1): drm/omap: Add pclk setting case when channel is DSS_WB BingJing Chang (1): md: fix a potential deadlock of raid5/raid10 reshape Bjorn Andersson (2): soc: qcom: wcnss_ctrl: Fix increment in NV upload pinctrl: msm: Use dynamic GPIO numbering Borislav Petkov (1): x86/mce/AMD: Collect error info even if valid bits are not set Brad Love (3): media: cx23885: Override 888 ImpactVCBe crystal frequency media: cx23885: Set subdev host data to clk_freq pointer media: em28xx: USB bulk packet size fix Brian Norris (1): usb: dwc3: Undo PHY init if soft reset fails Bryan O'Donoghue (1): rtc: snvs: Fix usage of snvs_rtc_enable Carlos Maiolino (1): Force log to disk before reading the AGF during a fstrim Cathy Zhou (1): sunvnet: does not support GSO for sctp Chad Dupuis (1): scsi: bnx2fc: Fix check in SCSI completion handler for timed out request Chao Yu (1): f2fs: fix to check extent cache in f2fs_drop_extent_tree Charles Keepax (1): regmap: Correct comparison in regmap_cached Chen Yu (1): ACPI: processor_perflib: Do not send _PPC change notification if not ready Chengguang Xu (1): ceph: fix dentry leak when failing to init debugfs Chien Tin Tung (1): RDMA/ucma: Correct option size check using optlen Chris Dickens (1): usb: gadget: composite: fix incorrect handling of OS desc requests Christophe JAILLET (1): regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' Christophe Jaillet (2): regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()' spi: bcm-qspi: fIX some error handling paths Chunyu Hu (1): cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path Claudio Imbrenda (1): mm/ksm: fix interaction with THP Claudiu Manoil (1): gianfar: Fix Rx byte accounting for ndev stats Colin Ian King (4): clocksource/drivers/fsl_ftm_timer: Fix error return checking staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr rtc: tx4939: avoid unintended sign extension on a 24 bit shift media: cx25821: prevent out-of-bounds read on array card Coly Li (2): bcache: properly set task state in bch_writeback_thread() bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set Cong Wang (1): llc: properly handle dev_queue_xmit() return value Dan Carpenter (7): ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() scsi: sym53c8xx_2: iterator underflow in sym_getsync() scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() macsec: missing dev_put() on error in macsec_newlink() xen/acpi: off by one in read_acpi_id() Daniel Borkmann (1): bpf: fix rlimit in reuseport net selftest Danilo Krummrich (1): fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table Dave Airlie (1): virtio-gpu: fix ioctl and expose the fixed status to userspace. Dave Carroll (1): scsi: aacraid: Insure command thread is not recursively stopped Dave Hansen (1): x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init David Ahern (1): selftests: Add FIB onlink tests David Howells (4): rxrpc: Work around usercopy check fscache: Fix hanging wait on page discarded by writeback rxrpc: Fix Tx ring annotation after initial Tx failure rxrpc: Don't treat call aborts as conn aborts David Lechner (1): ARM: davinci_all_defconfig: set CONFIG_DAVINCI_WATCHDOG=y David Rientjes (2): kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE mm, thp: do not cause memcg oom for thp David S. Miller (2): ARM: orion5x: Revert commit 4904dbda41c8. sparc64: Make atomic_xchg() an inline function rather than a macro. Davidlohr Bueso (2): ia64/err-inject: Use get_user_pages_fast() sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning Denis Kirjanov (1): fsl/fman: avoid sleeping in atomic context while adding an address Dmitry Torokhov (1): Input: psmouse - fix Synaptics detection when protocol is disabled Dominik Bozek (1): usb: cdc_acm: prevent race at write to acm while system resumes Dong Bo (1): libata: Fix compile warning with ATA_DEBUG enabled Ed Swierk (1): openvswitch: Remove padding from packet before L3+ conntrack processing Emmanuel Grumbach (1): mac80211: don't WARN on bad WMM parameters from buggy APs Eric Anholt (1): drm/panel: simple: Fix the bus format for the Ontat panel Eric Biggers (1): PKCS#7: fix direct verification of SignerInfo signature Eric Dumazet (6): smsc75xx: fix smsc75xx_set_features() percpu: add a schedule point in pcpu_balance_workfn() r8152: fix tx packets accounting crypto: af_alg - fix possible uninit-value in alg_bind() soreuseport: initialise timewait reuseport field dccp: initialize ireq->ir_mark Erik Schmauss (1): ACPICA: Events: add a return on failure from acpi_hw_register_read Esben Haabendal (2): dp83640: Ensure against premature access to PHY registers after reset ARM: dts: ls1021a: Specify TBIPA register address Felix Fietkau (2): mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 mac80211: drop frames with unexpected DS bits from fast-rx to slow path Filip Sadowski (1): i40e: Add delay after EMP reset for firmware to recover Filipe Manana (2): Btrfs: send, fix issuing write op when processing hole in no data mode Btrfs: fix copy_items() return value when logging an inode Florian Fainelli (2): ARM: dts: NSP: Fix amount of RAM on BCM958625HR net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() Florian Westphal (2): netfilter: ebtables: convert BUG_ONs to WARN_ONs netfilter: ebtables: fix erroneous reject of last rule Frank Asseg (1): tools/thermal: tmon: fix for segfault Fredrik Noring (1): USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM Geert Uytterhoeven (7): ARM: OMAP1: clock: Fix debugfs_create_*() usage serial: xuartps: Fix out-of-bounds access through DT alias serial: samsung: Fix out-of-bounds access through serial port index serial: mxs-auart: Fix out-of-bounds access through serial port index serial: imx: Fix out-of-bounds access through serial port index serial: fsl_lpuart: Fix out-of-bounds access through DT alias serial: arc_uart: Fix out-of-bounds access through DT alias Giulio Benetti (1): drm/sun4i: Fix dclk_set_phase Giuseppe Lippolis (1): net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 Govindarajulu Varadarajan (1): enic: enable rq before updating rq descriptors Greg Ungerer (1): m68k: set dma and coherent masks for platform FEC ethernets Gregory CLEMENT (3): mailmap: Update email address for Gregory CLEMENT dmaengine: mv_xor_v2: Fix clock resource by adding a register clock i2c: mv64xxx: Apply errata delay only in standard mode Grigor Tovmasyan (1): usb: dwc2: Fix interval type issue Guanglei Li (1): RDS: IB: Fix null pointer issue Guenter Roeck (5): watchdog: sp5100_tco: Fix watchdog disable bit powerpc/boot: Fix random libfdt related build errors hwmon: (nct6775) Fix writing pwmX_mode hwmon: (pmbus/max8688) Accept negative page register values hwmon: (pmbus/adm1275) Accept negative page register values Gustavo A. R. Silva (1): tcp_nv: fix potential integer overflow in tcpnv_acked Hannes Reinecke (1): scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM Hans Verkuil (1): media: vivid: fix incorrect capabilities for radio Hans de Goede (1): ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs Hector Martin (1): firewire-ohci: work around oversized DMA reads on JMicron controllers Helge Deller (1): parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode Hemanth Puranik (1): net: qcom/emac: Use proper free methods during TX Huang Ying (1): mm: fix races between address_space dereference and free in page_evicatable Igor Pylypiv (1): watchdog: f71808e_wdt: Fix magic close handling Ilan Peer (1): mac80211: Do not disconnect on invalid operating class Ilia Lin (1): arm64: dts: qcom: Fix SPI5 config on MSM8996 Ivan Gorinov (2): x86/devicetree: Initialize device tree before using it x86/devicetree: Fix device IRQ settings in DT Jack M (1): IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE Jack Morgenstein (1): IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs Jake Daryll Obina (1): jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path James Hogan (1): MIPS: generic: Fix machine compatible matching James Smart (3): scsi: lpfc: Fix issue_lip if link is disabled scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing scsi: lpfc: Fix frequency of Release WQE CQEs Jan Chochol (1): nfs: Do not convert nfs_idmap_cache_timeout to jiffies Jan Kara (1): udf: Provide saner default for invalid uid / gid Jan Kiszka (1): builddeb: Fix header package regarding dtc source links Jason Wang (1): ptr_ring: prevent integer overflow when calculating size Jason Yan (1): scsi: libsas: defer ata device eh commands to libata Jay Vosburgh (1): virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS Jayachandran C (1): watchdog: sbsa: use 32-bit read for WCV Jean Delvare (1): firmware: dmi_scan: Fix handling of empty DMI strings Jeff Mahoney (1): btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers Jens Axboe (1): sr: get/drop reference to device in revalidate and check_events Jeremy Cline (1): scsi: sd: Keep disk read-only when re-reading partition Jeremy Linton (1): net: smsc911x: Fix unload crash when link is up Jesper Dangaard Brouer (1): tools/libbpf: handle issues with bpf ELF objects containing .eh_frames Jia Zhang (1): vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page Jianchao Wang (1): nvme-pci: Fix nvme queue cleanup if IRQ setup fails Jiandi An (1): ima: Fix Kconfig to select TPM 2.0 CRB interface Jinbum Park (1): ARM: 8748/1: mm: Define vdso_start, vdso_end as array Jiri Olsa (2): perf tests: Use arch__compare_symbol_names to compare symbols perf report: Fix memory corruption in --branch-history mode --branch-history Joe Perches (1): MIPS: Octeon: Fix logging messages with spurious periods after newlines Joerg Roedel (1): x86/pgtable: Don't set huge PUD/PMD on non-leaf entries Joey Pabalinas (1): net/tcp/illinois: replace broken algorithm reference link Johannes Berg (1): regulatory: add NUL to request alpha2 Johannes Thumshirn (1): nvme: don't send keep-alives to the discovery controller John Keeping (1): usb: gadget: f_uac2: fix bFirstInterface in composite gadget Joonsoo Kim (1): ARM: CMA: avoid double mapping to the CMA area if CONFIG_HIGHMEM=y Jun Piao (1): ocfs2/dlm: don't handle migrate lockres if already in shutdown Kalderon, Michal (4): RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA RDMA/qedr: Fix iWARP write and send with immediate RDMA/qedr: fix QP's ack timeout configuration RDMA/qedr: Fix rc initialization on CNQ allocation failure Kamlakant Patel (1): ipmi_ssif: Fix kernel panic at msg_done_handler Kan Liang (3): perf/x86/intel: Properly save/restore the PMU state in the NMI handler perf/x86/intel: Fix large period handling on Broadwell CPUs perf/x86/intel: Fix event update for auto-reload KarimAllah Ahmed (1): kvm: Map PFN-type memory regions as writable (if possible) Karol Herbst (1): drm/nouveau/pmu/fuc: don't use movw directly anymore Karthikeyan Periyasamy (2): Revert "ath10k: send (re)assoc peer command when NSS changed" ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) Kees Cook (1): NFC: llcp: Limit size of SDP URI Kirill A. Shutemov (1): asm-generic: provide generic_pmdp_establish() Kristian Evensen (1): USB: serial: option: Add support for Quectel EP06 Larry Finger (1): Bluetooth: btusb: Add device ID for RTL8822BE Lars-Peter Clausen (2): usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS usb: gadget: ffs: Execute copy_to_user() with USER_DS set Laurent Pinchart (1): ARM: dts: porter: Fix HDMI output routing Lenny Szubowicz (1): ACPI: acpi_pad: Fix memory leak in power saving threads Leon Romanovsky (3): RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure net/mlx5: Protect from command bit overflow RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs Linus LÃ¼ssing (3): batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag batman-adv: fix multicast-via-unicast transmission with AP isolation batman-adv: fix packet loss for broadcasted DHCP packets to a server Liu Bo (4): Btrfs: set plug for fsync Btrfs: fix scrub to repair raid6 corruption Btrfs: bail out on error during replay_dir_deletes Btrfs: fix NULL pointer dereference in log_dir_items Logan Gunthorpe (1): ntb_transport: Fix bug with max_mw_size parameter Lucas Stach (1): drm/imx: move arming of the vblank event to atomic_flush Madhavan Srinivasan (1): powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer Manish Rangankar (1): scsi: qla4xxx: skip error recovery in case of register disconnect. Manu Gautam (1): usb: gadget: core: Fix use-after-free of usb_request Marc Zyngier (2): arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery arm64: insn: Allow ADD/SUB (immediate) with LSL #12 Marcel Ziswiler (1): clk: tegra: Fix pll_u rate configuration Mark Lord (1): powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access Mark Salter (1): irqchip/gic-v3: Change pr_debug message to pr_devel Markus Elfring (1): drm/exynos: g2d: Delete an error message for a failed memory allocation in two functions Martin Blumenstingl (2): net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock Masami Hiramatsu (5): selftests: ftrace: Add probe event argument syntax testcase selftests: ftrace: Add a testcase for string type with kprobe_event selftests: ftrace: Add a testcase for probepoint tracing/uprobe_event: Fix strncpy corner case media: vb2: Fix videobuf2 to map correct area Mathias Kresin (1): MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset Mathias Nyman (1): xhci: zero usb device slot_id member when disabling and freeing a xhci slot Mathieu Malaterre (2): net: Extra '_get' in declaration of arch_get_platform_mac_address powerpc: Add missing prototype for arch_irq_work_raise() Matt Redfearn (1): MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS Matthias Schiffer (3): batman-adv: fix packet checksum in receive path batman-adv: invalidate checksum on fragment reassembly batman-adv: fix header size check in batadv_dbg_arp() Maurizio Lombardi (1): cdrom: do not call check_disk_change() inside cdrom_open() Mauro Carvalho Chehab (1): media: dmxdev: fix error code for invalid ioctls Max Gurtovoy (1): nvmet: fix PSDT field check in command format Maxime Ripard (1): drm/sun4i: rgb: Fix potential division by zero Meelis Roos (1): scsi: aacraid: fix shutdown crash when init fails Mel Gorman (1): mm: pin address_space before dereferencing it while isolating an LRU page Merlijn Wajer (1): usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers Michael Bringmann (2): powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes powerpc/numa: Ensure nodes initialized for hotplug Michael Chan (1): bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa(). Michael Ellerman (5): selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable powerpc/mpic: Check if cpu_possible() in mpic_physmask() powerpc/perf: Fix kernel address leak via sampling registers selftests: Print the test we're running to /dev/kmsg powerpc/pseries: Make plpar_wrappers.h safe to include when PSERIES=n Michael Kelley (1): cpumask: Make for_each_cpu_wrap() available on UP as well Michael Kelley (EOSG) (1): scsi: storvsc: Increase cmd_per_lun for higher speed devices Michael Schmitz (1): zorro: Set up z->dev.dma_mask for the DMA API Minas Harutyunyan (1): usb: dwc2: host: Fix transaction errors in host mode Naftali Goldstein (1): iwlwifi: mvm: always init rs with 20mhz bandwidth rates Naresh Kamboju (1): selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m NeilBrown (3): NFSv4: always set NFS_LOCK_LOST when a lock is lost. staging: lustre: fix bug in osc_enter_cache_try staging: lustre: lmv: correctly iput lmo_root Ngai-Mint Kwan (1): fm10k: fix "failed to kill vid" message for VF Nicolas Pitre (1): kbuild: make scripts/adjust_autoksyms.sh robust against timestamp races Niklas Cassel (2): net: stmmac: ensure that the device has released ownership before reading data net: stmmac: ensure that the MSS desc is the last desc to set the own bit Nikolay Borisov (2): btrfs: Fix out of bounds access in btrfs_search_slot btrfs: Fix possible softlock on single core machines Nitin Gupta (1): sparc64: update pmdp_invalidate() to return old pmd value Nobutaka Okabe (1): ALSA: usb-audio: Add native DSD support for Luxman DA-06 Paolo Bonzini (1): kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl Parav Pandit (2): IB/core: Fix possible crash to access NULL netdev IB/core: Honor port_num while resolving GID for IB link layer Paul Mackerras (1): KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing Pawel Dembicki (1): net: qmi_wwan: add BroadMobi BM806U 2020:2033 Peter Malone (1): fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). Peter Robinson (1): crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss Peter Xu (1): iommu/vt-d: Use domain instead of cache fetching Peter Zijlstra (2): x86/tsc: Allow TSC calibration without PIT perf/core: Fix perf_output_read_group() Petr Vorel (1): ima: Fallback to the builtin hash algorithm Philipp Puschmann (1): arm: dts: socfpga: fix GIC PPI warning Pierre-Yves Kerbrat (1): e1000e: allocate ring descriptors with dma_zalloc_coherent Prashant Bhole (1): selftests/net: fixes psock_fanout eBPF test case Pratyush Anand (1): arm64: fix unwind_frame() for filtered out fn for function graph tracing Qi Hou (2): ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt dmaengine: pl330: fix a race condition in case of threaded irqs Qu Wenruo (1): btrfs: tests/qgroup: Fix wrong tree backref level Rafael J. Wysocki (1): PCI: Restore config space on runtime resume despite being unbound Ramon Fried (1): qrtr: add MODULE_ALIAS macro to smd Randy Dunlap (3): fs/signalfd: fix build error for BUS_MCEERR_AR integrity/security: fix digsig.c build error with header file kdb: make "mdr" command repeat Ranjani Sridharan (1): ASoC: topology: create TLV data for dapm widgets Rich Felker (1): sh: fix debug trap failure to process signals before return to user Richard Guy Briggs (1): audit: return on memory error to avoid null pointer dereference Richard Haines (1): netlabel: If PF_INET6, check sk_buff ip header version Rob Herring (1): microblaze: switch to NO_BOOTMEM Roger Pau Monne (1): xen/pirq: fix error path cleanup when binding MSIs Roger Quadros (1): usb: dwc3: omap: don't miss events during suspend/resume Ross Lagerwall (2): xen-netfront: Fix race between device setup and open xen/grant-table: Use put_page instead of free_page Sabrina Dubroca (1): ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu Samuel Neves (1): x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations Sara Sharon (4): iwlwifi: mvm: fix security bug in PN checking mac80211: fix a possible leak of station stats mac80211: fix calling sleeping function in atomic context iwlwifi: mvm: fix TX of CCMP 256 Sean Christopherson (1): KVM: VMX: raise internal error for exception during invalid protected mode state Sebastian Ott (4): s390/cio: fix ccw_device_start_timeout API s390/cio: fix return code after missing interrupt s390/cio: clear timer when terminating driver I/O kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds Seunghun Han (1): ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c Shakeel Butt (1): mm, mlock, vmscan: no more skipping pagevecs Shawn Lin (3): clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228 clk: Don't show the incorrect clock phase clk: rockchip: Prevent calculating mmc phase if clock rate is zero Shiraz Saleem (1): i40iw: Zero-out consumer key on allocate stag for FMR Shunyong Yang (1): cpufreq: CPPC: Initialize shared perf capabilities of CPUs Sinan Kaya (1): net: qlge: Eliminate duplicate barriers on weakly-ordered archs Song Liu (1): perf/cgroup: Fix child event counting bug Srinivas Kandagatla (1): dmaengine: qcom: bam_dma: get num-channels and num-ees from dt Stefan Agner (1): usb: gadget: fsl_udc_core: fix ep valid checks Stefan Wahren (2): brcmfmac: Fix check for ISO3166 code ARM: dts: bcm283x: Fix probing of bcm2835-i2s Stefano Brivio (2): vti4: Don't count header length twice on tunnel setup vti4: Don't override MTU passed on link creation via IFLA_MTU Stephane Eranian (1): perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs Stephen Boyd (1): irqchip/gic-v3: Ignore disabled ITS nodes Steven Rostedt (VMware) (2): tools lib traceevent: Simplify pointer print logic and fix %pF tools lib traceevent: Fix get_field_str() for dynamic strings Subash Abhinov Kasiviswanathan (2): netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460 netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure Sujit Reddy Thumma (1): scsi: ufs: Enable quirk to ignore sending WRITE_SAME command Sven Eckelmann (5): batman-adv: Ignore invalid batadv_iv_gw during netlink send batman-adv: Ignore invalid batadv_v_gw during netlink send batman-adv: Fix netlink dumping of BLA claims batman-adv: Fix netlink dumping of BLA backbones batman-adv: Fix skbuff rcsum on packet reroute Sylwester Nawrocki (1): ASoC: samsung: i2s: Ensure the RCLK rate is properly determined Takashi Iwai (2): ALSA: hda - Use IS_REACHABLE() for dependency on input ALSA: vmaster: Propagate slave error Takeshi Kihara (1): pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group Tang Junhui (4): bcache: fix for allocator and register thread race bcache: fix for data collapse after re-attaching an attached device bcache: return attach error when no cache set exist bcache: fix kcrashes with fio in RAID5 backend dev Tejun Heo (1): rcu: Call touch_nmi_watchdog() while printing stall warnings Thinh Nguyen (2): usb: dwc3: Add SoftReset PHY synchonization delay usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields Thomas Falcon (2): ibmvnic: Free RX socket buffer in case of adapter error ibmvnic: Fix TX descriptor tracking again Thomas Richter (2): perf record: Fix failed memory allocation for get_cpuid_str perf stat: Fix core dump when flag T is used Thomas Vincent-Cross (1): PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 Tom Abraham (1): swap: divide-by-zero when zero length swap file on ssd Tony Lindgren (2): ARM: OMAP3: Fix prm wake interrupt for resume ARM: OMAP: Fix dmtimer init for omap1 Torsten Hilbrich (1): net/usb/qmi_wwan.c: Add USB id for lt4120 modem Toshiaki Makita (2): net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off net: Fix untag for vlan packets without ethernet header Ulf Magnusson (4): kconfig: Don't leak main menus during parsing kconfig: Fix automatic menu creation mem leak kconfig: Fix expr_free() E_NOT leak ARC: Fix malformed ARC_EMUL_UNALIGNED default Vaibhav Jain (1): powerpc/xmon: Setup debugger hooks when first break-point is set Vardan Mikayelyan (1): usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() Vicente Bergas (1): Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB Vignesh R (1): serial: 8250: Don't service RX FIFO if interrupts are disabled Vinayak Menon (1): mm/kmemleak.c: wait for scan completion before disabling free Viresh Kumar (1): cpufreq: Reorder cpufreq_online() error code path Vitaly Kuznetsov (1): KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use Wei Yongjun (1): ipmi/powernv: Fix error return code in ipmi_powernv_probe() Wilfried Weissmann (1): scsi: mvsas: fix wrong endianness of sgpio api Will Deacon (4): arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics locking/qspinlock: Ensure node->count is updated before initialising node fs: dcache: Avoid livelock between d_alloc_parallel and __d_add fs: dcache: Use READ_ONCE when accessing i_dir_seq Wolfram Sang (2): drm/exynos: fix comparison to bitshift when dealing with a mask usb: gadget: udc: change comparison to bitshift when dealing with a mask Xin Long (2): ip6_tunnel: fix IFLA_MTU ignored on NEWLINK sit: fix IFLA_MTU ignored on NEWLINK Xose Vazquez Perez (1): scsi: devinfo: fix format of the device list Yang Shi (1): mm: thp: use down_read_trylock() in khugepaged to avoid long block Yelena Krivosheev (1): net: mvneta: fix enable of all initialized RXQs Yisheng Xie (4): mm/mempolicy: fix the check of nodemask from user mm/mempolicy: add nodes_empty check in SYSC_migrate_pages mm/mempolicy.c: avoid use uninitialized preferred_node perf top: Fix top.call-graph config option reading Yonghong Song (1): bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y Yoshihiro Shimoda (2): dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue() Yufen Yu (2): md raid10: fix NULL deference in handle_write_completed() md/raid1: fix NULL pointer dereference lionel.debieve(a)st.com (1): hwrng: stm32 - add reset during probe mulhern (1): dm thin: fix documentation relative to low water mark threshold piaojun (3): ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute ocfs2: return error when we attempt to access a dirty bh in jbd2 shidao.ytt (1): mm/fadvise: discard partial page if endbyte is also EOF weiyongjun (A) (1): mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() Ã~rjan Eide (1): drm/rockchip: Respect page offset for PRIME mmap calls .mailmap | 1 + Documentation/device-mapper/thin-provisioning.txt | 8 +- .../devicetree/bindings/dma/mv-xor-v2.txt | 6 +- arch/alpha/include/asm/xchg.h | 30 +- arch/arc/Kconfig | 1 - arch/arm/boot/dts/bcm283x.dtsi | 4 +- arch/arm/boot/dts/bcm958625hr.dts | 2 +- arch/arm/boot/dts/imx7d-cl-som-imx7.dts | 52 +- arch/arm/boot/dts/ls1021a.dtsi | 3 +- arch/arm/boot/dts/r8a7791-porter.dts | 2 +- arch/arm/boot/dts/socfpga.dtsi | 2 +- arch/arm/configs/davinci_all_defconfig | 2 +- arch/arm/include/asm/vdso.h | 2 - arch/arm/kernel/vdso.c | 12 +- arch/arm/mach-omap1/clock.c | 6 +- arch/arm/mach-omap2/pm.c | 4 +- arch/arm/mach-omap2/timer.c | 19 +- arch/arm/mach-orion5x/Kconfig | 3 - arch/arm/mach-orion5x/dns323-setup.c | 53 +- arch/arm/mach-orion5x/tsx09-common.c | 49 +- arch/arm/mm/dma-mapping.c | 16 +- arch/arm/plat-omap/dmtimer.c | 7 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 4 +- arch/arm64/include/asm/spinlock.h | 4 +- arch/arm64/include/asm/stacktrace.h | 2 +- arch/arm64/kernel/cpu_errata.c | 4 +- arch/arm64/kernel/insn.c | 18 +- arch/arm64/kernel/stacktrace.c | 5 + arch/arm64/kernel/time.c | 2 +- arch/ia64/kernel/err_inject.c | 2 +- arch/m68k/coldfire/device.c | 12 +- arch/microblaze/Kconfig | 1 + arch/microblaze/mm/init.c | 56 +- arch/mips/cavium-octeon/octeon-irq.c | 10 +- arch/mips/include/asm/mach-ath79/ar71xx_regs.h | 2 +- arch/mips/include/asm/machine.h | 2 +- arch/mips/txx9/rbtx4939/setup.c | 4 +- arch/powerpc/boot/Makefile | 3 +- arch/powerpc/include/asm/irq_work.h | 1 + arch/powerpc/include/asm/plpar_wrappers.h | 4 + arch/powerpc/kvm/book3s_hv.c | 12 +- arch/powerpc/mm/numa.c | 78 +- arch/powerpc/net/bpf_jit_comp.c | 3 + arch/powerpc/perf/core-book3s.c | 25 + arch/powerpc/sysdev/mpic.c | 2 +- arch/powerpc/xmon/xmon.c | 17 +- arch/sh/kernel/entry-common.S | 2 +- arch/sparc/include/asm/atomic_64.h | 6 +- arch/sparc/include/asm/pgtable_64.h | 2 +- arch/sparc/mm/tlb.c | 23 +- arch/x86/events/core.c | 15 +- arch/x86/events/intel/core.c | 12 +- arch/x86/events/intel/ds.c | 117 ++- arch/x86/events/perf_event.h | 2 +- arch/x86/include/asm/i8259.h | 5 + arch/x86/kernel/apic/apic.c | 2 +- arch/x86/kernel/cpu/mcheck/mce.c | 14 + arch/x86/kernel/devicetree.c | 21 +- arch/x86/kernel/smpboot.c | 1 + arch/x86/kernel/tsc.c | 18 + arch/x86/kvm/lapic.c | 10 +- arch/x86/kvm/vmx.c | 20 +- arch/x86/kvm/x86.c | 7 +- arch/x86/mm/init_64.c | 3 +- arch/x86/mm/pageattr.c | 6 +- arch/x86/mm/pgtable.c | 9 + arch/x86/power/hibernate_32.c | 2 +- arch/x86/power/hibernate_64.c | 2 +- crypto/af_alg.c | 8 +- crypto/asymmetric_keys/pkcs7_trust.c | 1 + drivers/acpi/acpi_pad.c | 3 + drivers/acpi/acpica/evevent.c | 9 +- drivers/acpi/acpica/nseval.c | 8 + drivers/acpi/processor_perflib.c | 2 +- drivers/acpi/scan.c | 20 +- drivers/ata/libata-scsi.c | 2 +- drivers/base/regmap/regmap.c | 2 +- drivers/block/paride/pcd.c | 2 + drivers/bluetooth/btusb.c | 6 + drivers/cdrom/cdrom.c | 3 - drivers/cdrom/gdrom.c | 3 + drivers/char/hw_random/stm32-rng.c | 9 + drivers/char/ipmi/ipmi_powernv.c | 5 +- drivers/char/ipmi/ipmi_ssif.c | 4 +- drivers/clk/clk.c | 3 + drivers/clk/rockchip/clk-mmc-phase.c | 23 + drivers/clk/rockchip/clk-rk3228.c | 2 +- drivers/clk/samsung/clk-exynos3250.c | 4 +- drivers/clk/samsung/clk-exynos5250.c | 8 +- drivers/clk/samsung/clk-exynos5260.c | 2 +- drivers/clk/samsung/clk-exynos5433.c | 12 +- drivers/clk/samsung/clk-exynos7.c | 2 +- drivers/clk/samsung/clk-s3c2410.c | 16 +- drivers/clk/tegra/clk-pll.c | 2 + drivers/clocksource/fsl_ftm_timer.c | 2 +- drivers/cpufreq/cppc_cpufreq.c | 23 +- drivers/cpufreq/cpufreq.c | 6 +- drivers/crypto/sunxi-ss/sun4i-ss-core.c | 1 + drivers/dma/mv_xor_v2.c | 25 +- drivers/dma/pl330.c | 6 +- drivers/dma/qcom/bam_dma.c | 27 +- drivers/dma/sh/rcar-dmac.c | 11 +- drivers/firewire/ohci.c | 8 +- drivers/firmware/dmi_scan.c | 22 +- drivers/gpu/drm/exynos/exynos_drm_g2d.c | 12 +- drivers/gpu/drm/exynos/regs-fimc.h | 2 +- drivers/gpu/drm/imx/ipuv3-crtc.c | 5 + .../drm/nouveau/nvkm/subdev/pmu/fuc/gf100.fuc3.h | 746 +++++++-------- .../drm/nouveau/nvkm/subdev/pmu/fuc/gk208.fuc5.h | 802 ++++++++-------- .../drm/nouveau/nvkm/subdev/pmu/fuc/gt215.fuc3.h | 1006 ++++++++++---------- .../gpu/drm/nouveau/nvkm/subdev/pmu/fuc/memx.fuc | 30 +- drivers/gpu/drm/omapdrm/dss/dispc.c | 4 + drivers/gpu/drm/panel/panel-simple.c | 2 +- drivers/gpu/drm/rockchip/rockchip_drm_gem.c | 7 +- drivers/gpu/drm/sun4i/sun4i_dotclock.c | 5 +- drivers/gpu/drm/sun4i/sun4i_rgb.c | 2 + drivers/gpu/drm/virtio/virtgpu_ioctl.c | 17 +- drivers/hid/hid-roccat-kovaplus.c | 2 + drivers/hwmon/nct6775.c | 10 +- drivers/hwmon/pmbus/adm1275.c | 4 +- drivers/hwmon/pmbus/max8688.c | 2 +- drivers/i2c/busses/i2c-mv64xxx.c | 8 +- drivers/ide/ide-cd.c | 2 + drivers/infiniband/core/multicast.c | 26 +- drivers/infiniband/core/sa_query.c | 7 +- drivers/infiniband/core/ucma.c | 2 +- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 1 + drivers/infiniband/hw/mlx4/main.c | 11 +- drivers/infiniband/hw/mlx5/qp.c | 12 +- drivers/infiniband/hw/qedr/main.c | 3 +- drivers/infiniband/hw/qedr/verbs.c | 38 +- drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 + drivers/input/mouse/psmouse-base.c | 34 +- drivers/iommu/intel-iommu.c | 3 +- drivers/irqchip/irq-gic-v3-its-pci-msi.c | 2 + drivers/irqchip/irq-gic-v3-its-platform-msi.c | 2 + drivers/irqchip/irq-gic-v3-its.c | 2 + drivers/irqchip/irq-gic-v3.c | 2 +- drivers/macintosh/rack-meter.c | 4 +- drivers/md/bcache/alloc.c | 4 +- drivers/md/bcache/bcache.h | 2 +- drivers/md/bcache/btree.c | 9 +- drivers/md/bcache/request.c | 2 +- drivers/md/bcache/super.c | 23 +- drivers/md/bcache/sysfs.c | 11 +- drivers/md/bcache/writeback.c | 27 +- drivers/md/md.c | 13 + drivers/md/raid1.c | 11 + drivers/md/raid10.c | 14 +- drivers/md/raid5.c | 15 +- drivers/media/dvb-core/dmxdev.c | 2 +- drivers/media/pci/cx23885/cx23885-cards.c | 4 + drivers/media/pci/cx23885/cx23885-core.c | 10 + drivers/media/pci/cx25821/cx25821-core.c | 7 +- drivers/media/platform/s3c-camif/camif-capture.c | 7 +- drivers/media/platform/vivid/vivid-ctrls.c | 2 + drivers/media/usb/em28xx/em28xx.h | 2 +- drivers/media/v4l2-core/videobuf2-vmalloc.c | 2 +- drivers/message/fusion/mptctl.c | 2 + drivers/net/ethernet/broadcom/bgmac.c | 3 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 3 + drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 11 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c | 1 + drivers/net/ethernet/cisco/enic/enic_main.c | 10 +- drivers/net/ethernet/freescale/fman/fman_dtsec.c | 2 +- drivers/net/ethernet/freescale/gianfar.c | 16 +- drivers/net/ethernet/ibm/ibmvnic.c | 3 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 +- drivers/net/ethernet/intel/e1000e/mac.c | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 4 +- drivers/net/ethernet/intel/fm10k/fm10k_netdev.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 11 + drivers/net/ethernet/marvell/mvneta.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 2 +- drivers/net/ethernet/qlogic/qlge/qlge.h | 16 + drivers/net/ethernet/qlogic/qlge/qlge_main.c | 3 +- drivers/net/ethernet/qualcomm/emac/emac-mac.c | 23 +- drivers/net/ethernet/smsc/smsc911x.c | 4 +- .../net/ethernet/stmicro/stmmac/dwmac-meson8b.c | 6 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 14 +- drivers/net/ethernet/sun/sunvnet.c | 2 +- drivers/net/macsec.c | 5 +- drivers/net/macvlan.c | 2 +- drivers/net/phy/dp83640.c | 18 + drivers/net/usb/qmi_wwan.c | 5 + drivers/net/usb/r8152.c | 2 +- drivers/net/usb/smsc75xx.c | 7 +- drivers/net/virtio_net.c | 2 +- drivers/net/wireless/ath/ath10k/mac.c | 15 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 4 + drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 28 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 39 +- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 7 +- drivers/net/wireless/mac80211_hwsim.c | 4 +- drivers/net/xen-netfront.c | 46 +- drivers/ntb/ntb_transport.c | 3 + drivers/nvme/host/fabrics.c | 4 +- drivers/nvme/host/pci.c | 5 +- drivers/nvme/target/core.c | 9 +- drivers/parisc/lba_pci.c | 20 +- drivers/pci/pci-driver.c | 17 +- drivers/pci/quirks.c | 5 + drivers/pinctrl/qcom/pinctrl-msm.c | 2 +- drivers/pinctrl/sh-pfc/pfc-r8a7796.c | 40 +- drivers/regulator/gpio-regulator.c | 16 +- drivers/regulator/of_regulator.c | 1 + drivers/rtc/hctosys.c | 5 + drivers/rtc/rtc-snvs.c | 15 +- drivers/rtc/rtc-tx4939.c | 6 +- drivers/s390/cio/device_fsm.c | 7 +- drivers/s390/cio/device_ops.c | 72 +- drivers/s390/cio/io_sch.h | 1 + drivers/scsi/aacraid/commsup.c | 4 +- drivers/scsi/aacraid/linit.c | 5 +- drivers/scsi/arm/fas216.c | 2 +- drivers/scsi/bnx2fc/bnx2fc_io.c | 1 + drivers/scsi/libsas/sas_scsi_host.c | 33 +- drivers/scsi/lpfc/lpfc_attr.c | 5 + drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_sli.c | 2 + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +- drivers/scsi/mvsas/mv_94xx.c | 23 +- drivers/scsi/qla2xxx/qla_isr.c | 6 +- drivers/scsi/qla4xxx/ql4_def.h | 2 + drivers/scsi/qla4xxx/ql4_os.c | 46 + drivers/scsi/scsi_devinfo.c | 7 +- drivers/scsi/sd.c | 3 +- drivers/scsi/sr.c | 21 +- drivers/scsi/storvsc_drv.c | 2 +- drivers/scsi/sym53c8xx_2/sym_hipd.c | 2 +- drivers/scsi/ufs/ufshcd.c | 2 + drivers/soc/qcom/wcnss_ctrl.c | 2 +- drivers/spi/spi-bcm-qspi.c | 4 +- .../staging/fsl-mc/bus/irq-gic-v3-its-fsl-mc-msi.c | 2 + drivers/staging/lustre/lustre/include/obd.h | 2 +- drivers/staging/lustre/lustre/lmv/lmv_obd.c | 2 +- drivers/staging/lustre/lustre/osc/osc_cache.c | 2 +- drivers/staging/rtl8192u/r8192U_core.c | 2 + drivers/tty/serial/8250/8250_port.c | 3 +- drivers/tty/serial/arc_uart.c | 5 + drivers/tty/serial/fsl_lpuart.c | 4 + drivers/tty/serial/imx.c | 6 + drivers/tty/serial/mxs-auart.c | 4 + drivers/tty/serial/samsung.c | 4 + drivers/tty/serial/xilinx_uartps.c | 2 +- drivers/usb/class/cdc-acm.c | 9 +- drivers/usb/dwc2/core.h | 2 +- drivers/usb/dwc2/gadget.c | 12 +- drivers/usb/dwc2/hcd.c | 14 +- drivers/usb/dwc3/core.c | 16 +- drivers/usb/dwc3/core.h | 2 + drivers/usb/dwc3/dwc3-omap.c | 16 + drivers/usb/gadget/composite.c | 40 +- drivers/usb/gadget/function/f_fs.c | 6 +- drivers/usb/gadget/function/f_uac2.c | 2 + drivers/usb/gadget/udc/core.c | 2 +- drivers/usb/gadget/udc/fsl_udc_core.c | 4 +- drivers/usb/gadget/udc/goku_udc.h | 2 +- drivers/usb/host/ohci-hcd.c | 3 +- drivers/usb/host/xhci-mem.c | 2 + drivers/usb/musb/musb_core.c | 5 +- drivers/usb/serial/option.c | 7 + drivers/video/fbdev/sbuslib.c | 4 +- drivers/watchdog/f71808e_wdt.c | 3 +- drivers/watchdog/sbsa_gwdt.c | 3 +- drivers/watchdog/sp5100_tco.h | 2 +- drivers/xen/events/events_base.c | 4 +- drivers/xen/grant-table.c | 4 +- drivers/xen/xen-acpi-processor.c | 6 +- drivers/xen/xenbus/xenbus_probe.c | 5 +- drivers/zorro/zorro.c | 12 + fs/btrfs/ctree.c | 12 +- fs/btrfs/disk-io.c | 8 +- fs/btrfs/extent-tree.c | 1 + fs/btrfs/file.c | 9 + fs/btrfs/raid56.c | 18 +- fs/btrfs/send.c | 3 + fs/btrfs/tests/qgroup-tests.c | 2 +- fs/btrfs/tree-log.c | 12 +- fs/btrfs/volumes.c | 9 +- fs/ceph/super.c | 16 +- fs/cifs/cifssmb.c | 4 +- fs/dcache.c | 10 +- fs/f2fs/extent_cache.c | 3 + fs/fscache/page.c | 13 +- fs/gfs2/file.c | 5 +- fs/gfs2/quota.h | 2 + fs/jffs2/fs.c | 1 - fs/nfs/nfs4proc.c | 12 +- fs/nfs/nfs4state.c | 5 +- fs/nfs/nfs4sysctl.c | 2 +- fs/ocfs2/acl.c | 6 + fs/ocfs2/dlm/dlmdomain.c | 14 - fs/ocfs2/dlm/dlmdomain.h | 25 +- fs/ocfs2/dlm/dlmrecovery.c | 9 + fs/ocfs2/journal.c | 23 +- fs/ocfs2/super.c | 5 +- fs/ocfs2/xattr.c | 2 + fs/proc/base.c | 29 +- fs/proc/kcore.c | 4 + fs/proc/proc_sysctl.c | 3 + fs/signalfd.c | 15 +- fs/udf/super.c | 5 +- fs/xfs/xfs_discard.c | 14 +- include/asm-generic/pgtable.h | 15 + include/linux/cpumask.h | 2 + include/linux/etherdevice.h | 2 +- include/linux/kcore.h | 1 + include/linux/kvm_host.h | 3 +- include/linux/property.h | 10 +- include/linux/ptr_ring.h | 2 +- include/linux/suspend.h | 2 + include/linux/swap.h | 2 - include/linux/usb/composite.h | 3 + include/net/inet_timewait_sock.h | 1 + include/net/ip.h | 11 +- include/net/ip_fib.h | 1 + include/net/llc_conn.h | 2 +- include/net/mac80211.h | 2 +- include/net/regulatory.h | 2 +- include/net/route.h | 3 +- include/trace/events/timer.h | 20 +- include/uapi/drm/virtgpu_drm.h | 1 + include/uapi/linux/if_ether.h | 1 + kernel/audit.c | 2 + kernel/debug/kdb/kdb_main.c | 27 +- kernel/events/core.c | 24 +- kernel/locking/qspinlock.c | 8 + kernel/power/power.h | 3 - kernel/rcu/tree_plugin.h | 14 +- kernel/relay.c | 2 +- kernel/sched/rt.c | 2 + kernel/trace/trace_uprobe.c | 2 + kernel/workqueue.c | 2 +- lib/test_bpf.c | 31 +- mm/fadvise.c | 10 +- mm/huge_memory.c | 5 +- mm/khugepaged.c | 20 +- mm/kmemleak.c | 12 +- mm/ksm.c | 28 + mm/mempolicy.c | 36 +- mm/mlock.c | 6 + mm/percpu.c | 1 + mm/swap.c | 82 +- mm/swapfile.c | 4 + mm/vmscan.c | 81 +- net/batman-adv/bat_iv_ogm.c | 2 +- net/batman-adv/bat_v.c | 2 +- net/batman-adv/bridge_loop_avoidance.c | 22 +- net/batman-adv/distributed-arp-table.c | 2 +- net/batman-adv/fragmentation.c | 3 +- net/batman-adv/gateway_client.c | 3 + net/batman-adv/multicast.c | 8 +- net/batman-adv/routing.c | 15 +- net/batman-adv/soft-interface.c | 8 +- net/bridge/netfilter/ebtables.c | 33 +- net/core/skbuff.c | 9 +- net/dccp/ipv4.c | 1 + net/dccp/ipv6.c | 1 + net/ipv4/inet_timewait_sock.c | 1 + net/ipv4/ip_vti.c | 2 - net/ipv4/route.c | 26 +- net/ipv4/tcp_illinois.c | 2 +- net/ipv4/tcp_nv.c | 2 +- net/ipv4/xfrm4_policy.c | 1 + net/ipv6/ip6_tunnel.c | 12 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 16 +- net/ipv6/sit.c | 7 + net/llc/llc_c_ac.c | 15 +- net/llc/llc_conn.c | 32 +- net/mac80211/mlme.c | 3 +- net/mac80211/rx.c | 2 +- net/mac80211/spectmgmt.c | 7 +- net/mac80211/sta_info.c | 3 +- net/netlabel/netlabel_unlabeled.c | 10 + net/nfc/llcp_commands.c | 4 + net/nfc/netlink.c | 3 +- net/openvswitch/conntrack.c | 34 + net/qrtr/smd.c | 1 + net/rds/ib.c | 3 +- net/rxrpc/input.c | 15 +- net/rxrpc/recvmsg.c | 5 +- net/rxrpc/sendmsg.c | 4 +- scripts/adjust_autoksyms.sh | 7 + scripts/kconfig/expr.c | 2 +- scripts/kconfig/menu.c | 1 + scripts/kconfig/zconf.y | 33 +- scripts/package/builddeb | 2 +- security/integrity/digsig.c | 1 + security/integrity/ima/Kconfig | 1 + security/integrity/ima/ima_crypto.c | 2 + security/integrity/ima/ima_main.c | 13 + sound/core/vmaster.c | 5 +- sound/pci/hda/Kconfig | 1 - sound/pci/hda/patch_realtek.c | 5 + sound/soc/au1x/ac97c.c | 6 +- sound/soc/samsung/i2s.c | 13 +- sound/soc/soc-topology.c | 3 + sound/usb/quirks.c | 29 +- tools/lib/bpf/libbpf.c | 26 + tools/lib/traceevent/event-parse.c | 17 +- tools/lib/traceevent/parse-filter.c | 10 +- tools/perf/arch/x86/util/header.c | 2 +- tools/perf/builtin-stat.c | 9 +- tools/perf/builtin-top.c | 6 +- tools/perf/tests/vmlinux-kallsyms.c | 2 +- tools/perf/util/evsel.c | 8 +- tools/perf/util/hist.c | 4 +- tools/perf/util/hist.h | 1 - tools/testing/selftests/Makefile | 1 + .../ftrace/test.d/kprobe/kprobe_args_string.tc | 46 + .../ftrace/test.d/kprobe/kprobe_args_syntax.tc | 97 ++ .../selftests/ftrace/test.d/kprobe/probepoint.tc | 43 + tools/testing/selftests/memfd/config | 1 + tools/testing/selftests/net/fib-onlink-tests.sh | 375 ++++++++ tools/testing/selftests/net/psock_fanout.c | 3 +- tools/testing/selftests/net/reuseport_bpf.c | 21 +- tools/testing/selftests/powerpc/mm/subpage_prot.c | 14 + tools/testing/selftests/pstore/config | 1 + tools/thermal/tmon/sysfs.c | 12 +- tools/thermal/tmon/tmon.c | 1 - virt/kvm/kvm_main.c | 7 +- 423 files changed, 4611 insertions(+), 2436 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_string.tc create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_syntax.tc create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/probepoint.tc create mode 100644 tools/testing/selftests/memfd/config create mode 100755 tools/testing/selftests/net/fib-onlink-tests.sh -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlrihF0ACgkQ3qZv95d3 LNy+Cw//R+yO9ksv6RYoO2P8XcUi2PKgyiQBR+dVog4vwWGKMHD/pqonm66RKM1D Af1wAeuwgu83aDo6tT0cbvO5DMCPc3Bp+T3dmnlAgqrta81XkT8O7YXX+UJRQuOI WzM4NStV8Tgym3xI0eCUnWlZQFxlLJof1jM9b+CVKXUG5bLimQgvKyo1J88XsVZU NzlZ4+l94617iM0i8iq11vn2WbtDtTf8rdG6TlrwVb8cl1JIyoFahGU9L1cyCsBP VGTukGc44BqV2nKHA1jFJzKtK7Rx3u2vRYxO+WHDl1L3IvSgcth9kNLWOCV8uhbW zJQiyO0TGXNFzbdwf1zygcoazVN8frVU3boSxyef7myvme/shItYk0lMDk13XfkL 1lt2mxOPxo0thf2uiLj/bcZOD48LaQ738TVhCDJyeqMCkAhRgBp5SdkUKzlpPUBD zOrv5fSCkgei0dCXwgeOa0wEa7HtVi3lZK5YlPXP1ngooMbMsVevS00elFS/slhg gDGeUg3eqQrDJUgYDifqWS17y87Jhjoyf0yOuCxx9uoy2jHOz+D4qDxbO+ID+mUv E5yxY6YCbJ47t7rwRWsTmCvdw4HILa6qkvqtSYtU1+8G4PvcY7OJXY06IriMospU nTgBKn3iCeAjunDJIbJw2YuZTlZkm8gc6YklkEiw/GqW5NDTw+E= =B6mh -----END PGP SIGNATURE-----

7 years, 1 month

3
3
0 0

[PATCH] drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear()

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Clear the old_state and new_state pointers for every object in drm_atomic_state_default_clear(). Otherwise drm_atomic_get_{new,old}_*_state() will hand out stale pointers to anyone who hasn't first confirmed that the object is in fact part of the current atomic transcation, if they are called after we've done the ww backoff dance while hanging on to the same drm_atomic_state. For example, handle_conflicting_encoders() looks like it could hit this since it iterates the full connector list and just calls drm_atomic_get_new_connector_state() for each. And I believe we have now witnessed this happening at least once in i915 check_digital_port_conflicts(). Commit 8b69449d2663 ("drm/i915: Remove last references to drm_atomic_get_existing* macros") changed the safe drm_atomic_get_existing_connector_state() to the unsafe drm_atomic_get_new_connector_state(), which opened the doors for this particular bug there as well. Cc: stable(a)vger.kernel.org Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Cc: Abhay Kumar <abhay.kumar(a)intel.com> Fixes: 581e49fe6b41 ("drm/atomic: Add new iterators over all state, v3.") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/drm_atomic.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/gpu/drm/drm_atomic.c b/drivers/gpu/drm/drm_atomic.c index 7d25c42f22db..c825c76edc1d 100644 --- a/drivers/gpu/drm/drm_atomic.c +++ b/drivers/gpu/drm/drm_atomic.c @@ -155,6 +155,8 @@ void drm_atomic_state_default_clear(struct drm_atomic_state *state) state->connectors[i].state); state->connectors[i].ptr = NULL; state->connectors[i].state = NULL; + state->connectors[i].old_state = NULL; + state->connectors[i].new_state = NULL; drm_connector_put(connector); } @@ -169,6 +171,8 @@ void drm_atomic_state_default_clear(struct drm_atomic_state *state) state->crtcs[i].ptr = NULL; state->crtcs[i].state = NULL; + state->crtcs[i].old_state = NULL; + state->crtcs[i].new_state = NULL; } for (i = 0; i < config->num_total_plane; i++) { @@ -181,6 +185,8 @@ void drm_atomic_state_default_clear(struct drm_atomic_state *state) state->planes[i].state); state->planes[i].ptr = NULL; state->planes[i].state = NULL; + state->planes[i].old_state = NULL; + state->planes[i].new_state = NULL; } for (i = 0; i < state->num_private_objs; i++) { @@ -190,6 +196,8 @@ void drm_atomic_state_default_clear(struct drm_atomic_state *state) state->private_objs[i].state); state->private_objs[i].ptr = NULL; state->private_objs[i].state = NULL; + state->private_objs[i].old_state = NULL; + state->private_objs[i].new_state = NULL; } state->num_private_objs = 0; -- 2.16.1

7 years, 1 month

4
4
0 0

[PATCH 1/1] xhci: Fix use-after-free in xhci_free_virt_device

by Mathias Nyman

KASAN found a use-after-free in xhci_free_virt_device+0x33b/0x38e where xhci_free_virt_device() sets slot id to 0 if udev exists: if (dev->udev && dev->udev->slot_id) dev->udev->slot_id = 0; dev->udev will be true even if udev is freed because dev->udev is not set to NULL. set dev->udev pointer to NULL in xhci_free_dev() The original patch went to stable so this fix needs to be applied there as well. Fixes: a400efe455f7 ("xhci: zero usb device slot_id member when disabling and freeing a xhci slot") Cc: <stable(a)vger.kernel.org> Reported-by: Guenter Roeck <linux(a)roeck-us.net> Reviewed-by: Guenter Roeck <linux(a)roeck-us.net> Tested-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 9b27798..711da33 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -3621,6 +3621,7 @@ static void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev) del_timer_sync(&virt_dev->eps[i].stop_cmd_timer); } xhci_debugfs_remove_slot(xhci, udev->slot_id); + virt_dev->udev = NULL; ret = xhci_disable_slot(xhci, udev->slot_id); if (ret) xhci_free_virt_device(xhci, udev->slot_id); -- 2.7.4

7 years, 1 month

1
0
0 0

[PATCH AUTOSEL for 4.14 001/161] firewire-ohci: work around oversized DMA reads on JMicron controllers

by Sasha Levin

From: Hector Martin <marcan(a)marcan.st> [ Upstream commit 188775181bc05f29372b305ef96485840e351fde ] At least some JMicron controllers issue buggy oversized DMA reads when fetching context descriptors, always fetching 0x20 bytes at once for descriptors which are only 0x10 bytes long. This is often harmless, but can cause page faults on modern systems with IOMMUs: DMAR: [DMA Read] Request device [05:00.0] fault addr fff56000 [fault reason 06] PTE Read access is not set firewire_ohci 0000:05:00.0: DMA context IT0 has stopped, error code: evt_descriptor_read This works around the problem by always leaving 0x10 padding bytes at the end of descriptor buffer pages, which should be harmless to do unconditionally for controllers in case others have the same behavior. Signed-off-by: Hector Martin <marcan(a)marcan.st> Reviewed-by: Clemens Ladisch <clemens(a)ladisch.de> Signed-off-by: Stefan Richter <stefanr(a)s5r6.in-berlin.de> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/firewire/ohci.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/firewire/ohci.c b/drivers/firewire/ohci.c index 8bf89267dc25..d731b413cb2c 100644 --- a/drivers/firewire/ohci.c +++ b/drivers/firewire/ohci.c @@ -1130,7 +1130,13 @@ static int context_add_buffer(struct context *ctx) return -ENOMEM; offset = (void *)&desc->buffer - (void *)desc; - desc->buffer_size = PAGE_SIZE - offset; + /* + * Some controllers, like JMicron ones, always issue 0x20-byte DMA reads + * for descriptors, even 0x10-byte ones. This can cause page faults when + * an IOMMU is in use and the oversized read crosses a page boundary. + * Work around this by always leaving at least 0x10 bytes of padding. + */ + desc->buffer_size = PAGE_SIZE - offset - 0x10; desc->buffer_bus = bus_addr + offset; desc->used = 0; -- 2.15.1

7 years, 1 month

14
274
0 0

[BUG stable v4.14.40-rc1] Kernel boot fail on Exynos5422

by Krzysztof Kozlowski

Hi, On stable v4.14.40-rc1, commit below breaks kernel boot on ARMv7 board (Odroid XU3 with Samsung Exynos5422, exynos_defconfig). The kernel hangs on "Starting kernel ...". Full log: http://www.krzk.eu/#/builders/1/builds/1897 The board boots from TFTP with NFS root (NFSv4). commit 449a8040a3b68a58131453b8f3dcfb411e85b1f5 Author: Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> Date: Mon Jan 8 14:35:52 2018 -0800 rcu: Create RCU-specific workqueues with rescuers [ Upstream commit ad7c946b35ad455417fdd4bc0e17deda4011841b ] Bisect log: git bisect start # good: [7d6240f0fb85430ae4f490824fdf8d0a078dfcd2] Linux 4.14.39 git bisect good 7d6240f0fb85430ae4f490824fdf8d0a078dfcd2 # bad: [c8cd674cefa12376b3f7f993ddb5b262f9c64dbf] Linux 4.14.40-rc1 git bisect bad c8cd674cefa12376b3f7f993ddb5b262f9c64dbf # good: [f122a2d150d85721e1c48561ed9073154a9afcc8] bonding: fix the err path for dev hwaddr sync in bond_enslave git bisect good f122a2d150d85721e1c48561ed9073154a9afcc8 # good: [e353b1ee991a8aa64103db2b8dba975f1c7f1f0f] usb: dwc2: hcd: Fix host channel halt flow git bisect good e353b1ee991a8aa64103db2b8dba975f1c7f1f0f # good: [95bcea0185094ba218ab24261658993a9af29d9f] serial: xuartps: Fix out-of-bounds access through DT alias git bisect good 95bcea0185094ba218ab24261658993a9af29d9f # good: [58d6d43c0d69602b9325bbc6194188711d1132cd] crypto: inside-secure - fix the extra cache computation git bisect good 58d6d43c0d69602b9325bbc6194188711d1132cd # good: [e1c90fdb0fd515dabb4e56a0cf5ebc276e16c3c7] drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen3 git bisect good e1c90fdb0fd515dabb4e56a0cf5ebc276e16c3c7 # good: [d3ab1eddcbca4b4eb8ba43451e04df07d2ca5c99] ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet git bisect good d3ab1eddcbca4b4eb8ba43451e04df07d2ca5c99 # good: [6a4469c29bddd0e7c646b2534787d47c77729720] ASoC: samsung: i2s: Ensure the RCLK rate is properly determined git bisect good 6a4469c29bddd0e7c646b2534787d47c77729720 # good: [60f7a71df26eca547c542d7d80895257ba10fda6] kdb: make "mdr" command repeat git bisect good 60f7a71df26eca547c542d7d80895257ba10fda6 # bad: [449a8040a3b68a58131453b8f3dcfb411e85b1f5] rcu: Create RCU-specific workqueues with rescuers git bisect bad 449a8040a3b68a58131453b8f3dcfb411e85b1f5 # good: [b5e56644256a462033f6b52212b9dd135e5fed10] xhci: Show what USB release number the xHC supports from protocol capablity git bisect good b5e56644256a462033f6b52212b9dd135e5fed10 # first bad commit: [449a8040a3b68a58131453b8f3dcfb411e85b1f5] rcu: Create RCU-specific workqueues with rescuers Let me know if you need any more information. Best regards, Krzysztof

7 years, 1 month

3
3
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit d6949f48093c2d862d9bc39a7a89f2825c55edc4: Linux 4.14.36 (2018-04-24 09:36:40 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-26042018 for you to fetch changes up to 758b78c496ad393050d16eb6765f1482d71cc4f1: kdb: make "mdr" command repeat (2018-04-25 19:20:10 -0400) - ---------------------------------------------------------------- for-greg-4.14-26042018 - ---------------------------------------------------------------- Aapo Vienamo (1): ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet Aaro Koskinen (1): drivers: macintosh: rack-meter: really fix bogus memsets Aaron Sierra (1): tty: serial: exar: Relocate sleep wake-up handling Akinobu Mita (1): media: ov5645: add missing of_node_put() in error path Alan Brady (1): i40evf: ignore link up if not running Alex Estrin (2): IB/hfi1: Fix for potential refcount leak in hfi1_open_file() IB/ipoib: Fix for potential no-carrier state Alex Williamson (1): PCI: Add function 1 DMA alias quirk for Marvell 9128 Alexander Graf (1): lan78xx: Connect phy early Alexander Shishkin (1): intel_th: Use correct method of finding hub Alexandre Belloni (4): rtc: hctosys: Ensure system time doesn't overflow time_t rtc: rk808: fix possible race condition rtc: m41t80: fix race conditions rtc: rp5c01: fix possible race condition Alexey Dobriyan (2): proc: fix /proc/*/map_files lookup x86/alternatives: Fixup alternative_call_2 Alexey Khoroshilov (2): watchdog: davinci_wdt: fix error handling in davinci_wdt_probe() watchdog: asm9260_wdt: fix error handling in asm9260_wdt_probe() Alexey Kodanev (1): macvlan: fix use-after-free in macvlan_common_newlink() Alistair Popple (1): powerpc/powernv/npu: Fix deadlock in mmio_invalidate() Amitkumar Karwar (1): rsi: fix kernel panic observed on 64bit machine Anand Jain (1): btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP Anders Roxell (3): selftests: sync: missing CFLAGS while compiling selftests: memfd: add config fragment for fuse selftests/memfd: add run_fuse_test.sh to TEST_FILES Andi Shyti (1): Input: stmfts - set IRQ_NOAUTOEN to the irq flag Andre Przywara (1): KVM: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending Andrea Parri (2): locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs Andreas Gruenbacher (1): gfs2: Fix fallocate chunk size Andreas Kemnade (1): usb: musb: fix enumeration after resume Andrei Otcheretianski (2): iwlwifi: mvm: Fix channel switch for count 0 and 1 iwlwifi: mvm: Increase session protection time after CS Andrew Vasquez (1): scsi: qedi: Fix truncation of CHAP name and secret Andrzej Hajda (6): clk: samsung: s3c2410: Fix PLL rates clk: samsung: exynos7: Fix PLL rates clk: samsung: exynos5260: Fix PLL rates clk: samsung: exynos5433: Fix PLL rates clk: samsung: exynos5250: Fix PLL rates clk: samsung: exynos3250: Fix PLL rates Andy Shevchenko (1): device property: Define type of PROPERTY_ENRTY_*() macros Andy Spencer (1): gianfar: prevent integer wrapping in the rx handler Aneesh Kumar K.V (1): powerpc/mm/hash64: Zero PGD pages on allocation Anilkumar Kolli (1): ath10k: advertize beacon_int_min_gcd Anna-Maria Gleixner (1): tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account Anshuman Khandual (1): powerpc/fscr: Enable interrupts earlier before calling get_user() Antoine Tenart (6): crypto: inside-secure - wait for the request to complete if in the backlog crypto: atmel-aes - fix the keys zeroing on errors crypto: inside-secure - do not process request if no command was issued crypto: inside-secure - fix the cache_len computation crypto: inside-secure - fix the extra cache computation crypto: inside-secure - fix the invalidation step during cra_exit Arjun Vynipadath (2): cxgb4: Setup FW queues before registering netdev cxgb4: Fix queue free path of ULD drivers Arnaldo Carvalho de Melo (2): perf unwind: Do not look just at the global callchain_param.record_mode perf callchain: Fix attr.sample_max_stack setting Arnd Bergmann (10): scsi: fas216: fix sense buffer initialization x86/power: Fix swsusp_arch_resume prototype x86/dumpstack: Avoid uninitlized variable cifs: silence compiler warnings showing up with gcc-8.0.0 drm/exynos: g2d: use monotonic timestamps md: raid5: avoid string overflow warning bug.h: work around GCC PR82365 in BUG() gpu: ipu-v3: prg: avoid possible array underflow clk: hisilicon: mark wdt_mux_p[] as const media: s3c-camif: fix out-of-bounds array access Arvind Yadav (2): xen: xenbus: use put_device() instead of kfree() workqueue: use put_device() instead of kfree() Avinash Dayanand (1): i40evf: Don't schedule reset_task when device is being removed Avraham Stern (4): cfg80211: clear wep keys after disconnection iwlwifi: mvm: clear tx queue id when unreserving aggregation queue iwlwifi: mvm: make sure internal station has a valid id iwlwifi: mvm: fix array out of bounds reference Baoquan He (1): x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified Bart Van Assche (2): scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() block: Fix a race between request queue removal and the block cgroup controller Bartosz Golaszewski (1): ARM: davinci: fix the GPIO lookup for omapl138-hawk Ben Hutchings (1): usbip: Correct maximum value of CONFIG_USBIP_VHCI_HC_PORTS Beni Lev (1): iwlwifi: mvm: Correctly set IGTK for AP Benjamin Poirier (1): e1000e: Fix check_for_link return value with autoneg off Benoit Parrot (1): drm/omap: Add pclk setting case when channel is DSS_WB Bhavesh Davda (1): xen-blkfront: move negotiate_mq to cover all cases of new VBDs Bich HEMON (1): can: m_can: select pinctrl state in each suspend/resume function Bill.Baker(a)oracle.com (1): nfs: system crashes after NFS4ERR_MOVED recovery BingJing Chang (1): md: fix a potential deadlock of raid5/raid10 reshape Bjorn Andersson (2): soc: qcom: wcnss_ctrl: Fix increment in NV upload pinctrl: msm: Use dynamic GPIO numbering Bob Moore (1): ACPICA: Fix memory leak on unusual memory leak Boris Pismenny (2): tls: retrun the correct IV in getsockopt tls: reset the crypto info if copy_from_user fails Borislav Petkov (1): x86/mce/AMD: Collect error info even if valid bits are not set Brad Love (6): media: cx23885: Override 888 ImpactVCBe crystal frequency media: cx23885: Set subdev host data to clk_freq pointer media: lgdt3306a: Fix a double kfree on i2c device remove media: lgdt3306a: Fix module count mismatch on usb unplug media: em28xx: Add Hauppauge SoloHD/DualHD bulk models media: em28xx: USB bulk packet size fix Brian Norris (2): usb: dwc3: Undo PHY init if soft reset fails watchdog: dw: RMW the control register Bryan O'Donoghue (1): rtc: snvs: Fix usage of snvs_rtc_enable Carlos Maiolino (1): Force log to disk before reading the AGF during a fstrim Cathy Zhou (1): sunvnet: does not support GSO for sctp Chad Dupuis (1): scsi: bnx2fc: Fix check in SCSI completion handler for timed out request Chao Gao (1): KVM: nVMX: Don't halt vcpu when L1 is injecting events to L2 Chao Yu (3): f2fs: fix to set KEEP_SIZE bit in f2fs_zero_range f2fs: fix to clear CP_TRIMMED_FLAG f2fs: fix to check extent cache in f2fs_drop_extent_tree Charles Keepax (1): regmap: Correct comparison in regmap_cached Chen Yu (2): ACPI: processor_perflib: Do not send _PPC change notification if not ready cpufreq: intel_pstate: Enable HWP during system resume on CPU0 Chengguang Xu (3): libceph, ceph: avoid memory leak when specifying same option several times ceph: fix dentry leak when failing to init debugfs ceph: fix potential memory leak in init_caches() Chien Tin Tung (1): RDMA/ucma: Correct option size check using optlen Chris Dickens (1): usb: gadget: composite: fix incorrect handling of OS desc requests Christian Borntraeger (1): KVM: s390: use created_vcpus in more places Christophe JAILLET (4): remoteproc: imx_rproc: Fix an error handling path in 'imx_rproc_probe()' drm/meson: Fix some error handling paths in 'meson_drv_bind_master()' drm/meson: Fix an un-handled error path in 'meson_drv_bind_master()' regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' Christophe Jaillet (2): regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()' spi: bcm-qspi: fIX some error handling paths Chuck Lever (2): xprtrdma: Fix backchannel allocation of extra rpcrdma_reps svcrdma: Fix Read chunk round-up Chunyu Hu (1): cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path Claudio Imbrenda (1): mm/ksm: fix interaction with THP Claudiu Manoil (1): gianfar: Fix Rx byte accounting for ndev stats Colin Ian King (5): clocksource/drivers/fsl_ftm_timer: Fix error return checking xen/pvcalls: fix null pointer dereference on map->sock staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr rtc: tx4939: avoid unintended sign extension on a 24 bit shift media: cx25821: prevent out-of-bounds read on array card Coly Li (2): bcache: properly set task state in bch_writeback_thread() bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set Cong Wang (1): llc: properly handle dev_queue_xmit() return value Corentin LABBE (1): crypto: artpec6 - remove select on non-existing CRYPTO_SHA384 Corinna Vinschen (1): igb: Allow to remove administratively set MAC on VFs Cornelia Huck (1): vfio-ccw: fence off transport mode Dan Carpenter (7): ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() scsi: sym53c8xx_2: iterator underflow in sym_getsync() scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() macsec: missing dev_put() on error in macsec_newlink() xen/acpi: off by one in read_acpi_id() Daniel Borkmann (1): bpf: fix rlimit in reuseport net selftest Daniel DÃaz (1): selftests/futex: Fix line continuation in Makefile Daniel Hua (1): igb: Clear TXSTMP when ptp_tx_work() is timeout Danilo Krummrich (1): fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table Dave Airlie (1): virtio-gpu: fix ioctl and expose the fixed status to userspace. Dave Carroll (1): scsi: aacraid: Insure command thread is not recursively stopped Dave Hansen (1): x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init David Ahern (1): selftests: Add FIB onlink tests David Herrmann (1): platform/x86: thinkpad_acpi: suppress warning about palm detection David Hildenbrand (1): KVM: s390: vsie: use READ_ONCE to access some SCB fields David Howells (5): rxrpc: Don't put crypto buffers on the stack rxrpc: Work around usercopy check fscache: Fix hanging wait on page discarded by writeback rxrpc: Fix Tx ring annotation after initial Tx failure rxrpc: Don't treat call aborts as conn aborts David Lechner (1): ARM: davinci_all_defconfig: set CONFIG_DAVINCI_WATCHDOG=y David Rientjes (2): kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE mm, thp: do not cause memcg oom for thp David S. Miller (2): ARM: orion5x: Revert commit 4904dbda41c8. sparc64: Make atomic_xchg() an inline function rather than a macro. Davide Caratti (7): net/sched: fix NULL dereference in the error path of tcf_sample_init() net/sched: fix idr leak on the error path of tcf_bpf_init() net/sched: fix idr leak in the error path of tcf_simp_init() net/sched: fix idr leak in the error path of tcf_act_police_init() net/sched: fix idr leak in the error path of tcp_pedit_init() net/sched: fix idr leak in the error path of __tcf_ipt_init() net/sched: fix idr leak in the error path of tcf_skbmod_init() Davidlohr Bueso (3): ia64/err-inject: Use get_user_pages_fast() ipc/sem: introduce semctl(SEM_STAT_ANY) sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning Denis Kirjanov (1): fsl/fman: avoid sleeping in atomic context while adding an address Devesh Sharma (3): RDMA/bnxt_re: Unpin SQ and RQ memory if QP create fails RDMA/bnxt_re: Unconditionly fence non wire memory operations RDMA/bnxt_re: Fix incorrect DB offset calculation Dexuan Cui (1): tools: hv: fix compiler warnings about major/target_fname Dmitry Torokhov (1): Input: psmouse - fix Synaptics detection when protocol is disabled Dmitry Vyukov (1): netfilter: x_tables: fix pointer leaks to userspace Dominik Bozek (1): usb: cdc_acm: prevent race at write to acm while system resumes Dominik Brodowski (1): selftest/vDSO: fix O= Don Hiatt (1): IB/core: Map iWarp AH type to undefined in rdma_ah_find_type Dong Bo (1): libata: Fix compile warning with ATA_DEBUG enabled Douglas Anderson (1): arm64: dts: rockchip: Fix rk3399-gru-* s2r (pinctrl hogs, wifi reset) Douglas Gilbert (1): scsi: core: Make SCSI Status CONDITION MET equivalent to GOOD Ed Swierk (1): openvswitch: Remove padding from packet before L3+ conntrack processing Edward Cree (1): net: ethtool: don't ignore return from driver get_fecparam method Emil Tantilov (1): ixgbe: don't set RXDCTL.RLPML for 82599 Emmanuel Grumbach (2): iwlwifi: mvm: set the correct tid when we flush the MCAST sta mac80211: don't WARN on bad WMM parameters from buggy APs Eric Anholt (1): drm/panel: simple: Fix the bus format for the Ontat panel Eric Biggers (1): PKCS#7: fix direct verification of SignerInfo signature Eric Dumazet (7): smsc75xx: fix smsc75xx_set_features() percpu: add a schedule point in pcpu_balance_workfn() r8152: fix tx packets accounting net: usbnet: fix potential deadlock on 32bit hosts crypto: af_alg - fix possible uninit-value in alg_bind() soreuseport: initialise timewait reuseport field dccp: initialize ireq->ir_mark Eric Sandeen (1): ext4: don't complain about incorrect features when probing Erik Schmauss (1): ACPICA: Events: add a return on failure from acpi_hw_register_read Eryu Guan (1): blk-mq-debugfs: don't allow write on attributes with seq_operations set Esben Haabendal (2): dp83640: Ensure against premature access to PHY registers after reset ARM: dts: ls1021a: Specify TBIPA register address Eugeniy Paltsev (3): ARC: mcip: halt GFRC counter when ARC cores halt ARC: mcip: update MCIP debug mask when the new cpu came online ARC: setup cpu possible mask according to possible-cpus dts property Ezequiel Garcia (1): ASoC: rockchip: rk3288-hdmi-analog: Select needed codecs Felipe Balbi (1): usb: dwc3: Makefile: fix link error on randconfig Felix Fietkau (3): mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 mac80211: drop frames with unexpected DS bits from fast-rx to slow path clocksource/drivers/mips-gic-timer: Use correct shift count to extract data Felix Kuehling (1): drm/amdkfd: Fix scratch memory with HWS enabled Filip Sadowski (1): i40e: Add delay after EMP reset for firmware to recover Filipe Manana (4): Btrfs: send, fix issuing write op when processing hole in no data mode Btrfs: fix log replay failure after linking special file and fsync Btrfs: fix loss of prealloc extents past i_size after fsync log replay Btrfs: fix copy_items() return value when logging an inode Florian Fainelli (4): ARM: dts: NSP: Fix amount of RAM on BCM958625HR net: dsa: Fix functional dsa-loop dependency on FIXED_PHY net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() net: bgmac: Correctly annotate register space Florian Westphal (5): netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct refcount netfilter: ipt_CLUSTERIP: put config instead of freeing it netfilter: ebtables: convert BUG_ONs to WARN_ONs netfilter: don't set F_IFACE on ipv6 fib lookups netfilter: ebtables: fix erroneous reject of last rule Frank Asseg (1): tools/thermal: tmon: fix for segfault Fredrik Noring (1): USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM Ganesh Goudar (1): cxgb4: do not set needs_free_netdev for mgmt dev's Geert Uytterhoeven (9): ubifs: Fix uninitialized variable in search_dh_cookie() ARM: OMAP1: clock: Fix debugfs_create_*() usage serial: xuartps: Fix out-of-bounds access through DT alias serial: sh-sci: Fix out-of-bounds access through DT alias serial: samsung: Fix out-of-bounds access through serial port index serial: mxs-auart: Fix out-of-bounds access through serial port index serial: imx: Fix out-of-bounds access through serial port index serial: fsl_lpuart: Fix out-of-bounds access through DT alias serial: arc_uart: Fix out-of-bounds access through DT alias Giulio Benetti (1): drm/sun4i: Fix dclk_set_phase Giuseppe Lippolis (1): net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 Goldwyn Rodrigues (1): block: Set BIO_TRACE_COMPLETION on new bio during split Govindarajulu Varadarajan (1): enic: enable rq before updating rq descriptors Greg Ungerer (1): m68k: set dma and coherent masks for platform FEC ethernets Gregory CLEMENT (3): mailmap: Update email address for Gregory CLEMENT dmaengine: mv_xor_v2: Fix clock resource by adding a register clock i2c: mv64xxx: Apply errata delay only in standard mode Grigor Tovmasyan (1): usb: dwc2: Fix interval type issue Guanglei Li (1): RDS: IB: Fix null pointer issue Guenter Roeck (5): watchdog: sp5100_tco: Fix watchdog disable bit powerpc/boot: Fix random libfdt related build errors hwmon: (nct6775) Fix writing pwmX_mode hwmon: (pmbus/max8688) Accept negative page register values hwmon: (pmbus/adm1275) Accept negative page register values Gustavo A. R. Silva (2): tcp_nv: fix potential integer overflow in tcpnv_acked nbd: fix return value in error handling path Hannes Reinecke (2): scsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte() scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM Hans Verkuil (1): media: vivid: fix incorrect capabilities for radio Hans de Goede (4): ACPI / LPSS: Do not instiate platform_dev for devs without MMIO resources platform/x86: dell-laptop: Filter out spurious keyboard backlight change events ACPI / bus: Do not call _STA on battery devices with unmet dependencies ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs Harry Morris (1): ieee802154: ca8210: fix uninitialised data read Hector Martin (1): firewire-ohci: work around oversized DMA reads on JMicron controllers Heinz Mauelshagen (1): md: fix md_write_start() deadlock w/o metadata devices Helge Deller (1): parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode Hemanth Puranik (1): net: qcom/emac: Use proper free methods during TX Henry Zhang (1): ARM: dts: bcm283x: Fix pin function of JTAG pins Honggang Li (1): IB/mlx5: Set the default active rate and width to QDR and 4X Huang Ying (1): mm: fix races between address_space dereference and free in page_evicatable Icenowy Zheng (1): dt-bindings: add device tree binding for Allwinner H6 main CCU Ido Schimmel (2): mlxsw: spectrum: Treat IPv6 unregistered multicast as broadcast spectrum: Reference count VLAN entries Igor Pylypiv (1): watchdog: f71808e_wdt: Fix magic close handling Ilan Peer (4): mac80211: Do not disconnect on invalid operating class mac80211: Fix sending ADDBA response for an ongoing session iwlwifi: mvm: Direct multicast frames to the correct station iwlwifi: mvm: Correctly set the tid for mcast queue Ilia Lin (1): arm64: dts: qcom: Fix SPI5 config on MSM8996 Ioana Radulescu (1): staging: fsl-dpaa2/eth: Fix incorrect casts Ivan Gorinov (2): x86/devicetree: Initialize device tree before using it x86/devicetree: Fix device IRQ settings in DT Jack M (1): IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE Jack Morgenstein (1): IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs Jacob Keller (3): i40e: program fragmented IPv4 filter input set i40e: fix reported mask for ntuple filters ixgbe: prevent ptp_rx_hang from running when in FILTER_ALL mode Jake Daryll Obina (1): jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path Jake Moroni (1): dpaa_eth: fix pause capability advertisement logic James Hogan (3): MIPS: Fix clean of vmlinuz.{32,ecoff,bin,srec} MIPS: generic: Fix machine compatible matching rtc: goldfish: Add missing MODULE_LICENSE James Smart (3): scsi: lpfc: Fix issue_lip if link is disabled scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing scsi: lpfc: Fix frequency of Release WQE CQEs Jan Chochol (1): nfs: Do not convert nfs_idmap_cache_timeout to jiffies Jan H. SchÃ¶nherr (1): fs/dax.c: release PMD lock even when there is no PMD support in DAX Jan Kara (1): udf: Provide saner default for invalid uid / gid Jan Kiszka (1): builddeb: Fix header package regarding dtc source links Jan KundrÃ¡t (1): pinctrl: mcp23s08: spi: Fix regmap debugfs entries JarosÅ,aw Janik (1): nvme-pci: disable APST for Samsung NVMe SSD 960 EVO + ASUS PRIME Z370-A Jason Gunthorpe (2): RDMA/uverbs: Use an unambiguous errno for method not supported IB/uverbs: Fix unbalanced unlock on error path for rdma_explicit_destroy Jason Wang (1): ptr_ring: prevent integer overflow when calculating size Jason Yan (1): scsi: libsas: defer ata device eh commands to libata Javier Martinez Canillas (1): i2c: core: report OF style module alias for devices registered via OF Jay Vosburgh (1): virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS Jayachandran C (1): watchdog: sbsa: use 32-bit read for WCV Jean Delvare (2): firmware: dmi_scan: Fix handling of empty DMI strings firmware: dmi_scan: Fix UUID length safety check Jeff Mahoney (2): btrfs: use kvzalloc to allocate btrfs_fs_info btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers Jeffy Chen (1): ASoC: rockchip: Use dummy_dai for rt5514 dsp dailink Jens Axboe (2): blk-mq: fix discard merge with scheduler attached sr: get/drop reference to device in revalidate and check_events Jeremy Cline (1): scsi: sd: Keep disk read-only when re-reading partition Jeremy Linton (1): net: smsc911x: Fix unload crash when link is up Jesper Dangaard Brouer (3): libbpf: Makefile set specified permission mode tools/libbpf: handle issues with bpf ELF objects containing .eh_frames virtio_net: fix XDP code path in receive_small() Jia Zhang (1): vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page Jianchao Wang (2): nvme-pci: Fix nvme queue cleanup if IRQ setup fails scsi: iscsi_tcp: set BDI_CAP_STABLE_WRITES when data digest enabled Jiandi An (1): ima: Fix Kconfig to select TPM 2.0 CRB interface Jin Yao (1): perf report: Fix wrong jump arrow Jinbum Park (1): ARM: 8748/1: mm: Define vdso_start, vdso_end as array Jiri Olsa (6): perf record: Fix period option handling perf evsel: Fix period/freq terms setup perf record: Fix crash in pipe mode perf tests: Use arch__compare_symbol_names to compare symbols perf report: Fix memory corruption in --branch-history mode --branch-history perf tests: Fix dwarf unwind for stripped binaries Jiri Pirko (1): mlxsw: core: Fix flex keys scratchpad offset conflict Jiufei Xue (1): block: display the correct diskname for bio Joe Lee (1): xhci: workaround for AMD Promontory disabled ports wakeup Joe Perches (1): MIPS: Octeon: Fix logging messages with spurious periods after newlines Joerg Roedel (1): x86/pgtable: Don't set huge PUD/PMD on non-leaf entries Joey Pabalinas (1): net/tcp/illinois: replace broken algorithm reference link Johannes Berg (2): regulatory: add NUL to request alpha2 iwlwifi: mvm: fix error checking for multi/broadcast sta Johannes Thumshirn (1): nvme: don't send keep-alives to the discovery controller John Fastabend (1): bpf: sockmap, fix leaking maps with attached but not detached progs John Keeping (1): usb: gadget: f_uac2: fix bFirstInterface in composite gadget Joonsoo Kim (1): ARM: CMA: avoid double mapping to the CMA area if CONFIG_HIGHMEM=y Julian Anastasov (1): ipvs: remove IPS_NAT_MASK check to fix passive FTP Jun Piao (1): ocfs2/dlm: don't handle migrate lockres if already in shutdown Ka-Cheong Poon (1): rds: Incorrect reference counting in TCP socket creation Kalderon, Michal (5): RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA RDMA/qedr: Fix iWARP write and send with immediate RDMA/qedr: fix QP's ack timeout configuration RDMA/qedr: Fix rc initialization on CNQ allocation failure RDMA/qedr: Fix QP state initialization race Kamil TrzciÅ"ski (1): arm64: dts: rockchip: fix rock64 gmac2io stability issues Kamlakant Patel (1): ipmi_ssif: Fix kernel panic at msg_done_handler Kan Liang (3): perf/x86/intel: Properly save/restore the PMU state in the NMI handler perf/x86/intel: Fix large period handling on Broadwell CPUs perf/x86/intel: Fix event update for auto-reload KarimAllah Ahmed (1): kvm: Map PFN-type memory regions as writable (if possible) Karol Herbst (2): drm/nouveau/pmu/fuc: don't use movw directly anymore drm/nouveau/bl: fix backlight regression Karsten Graul (1): net/smc: use link_id of server in confirm link reply Karthikeyan Periyasamy (2): Revert "ath10k: send (re)assoc peer command when NSS changed" ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) Kees Cook (1): NFC: llcp: Limit size of SDP URI Khiem Nguyen (1): sata_rcar: Reset SATA PHY when Salvator-X board resumes Kieran Bingham (1): media: i2c: adv748x: fix HDMI field heights Kirill A. Shutemov (1): asm-generic: provide generic_pmdp_establish() Kirill Marinushkin (1): staging: bcm2835-audio: Release resources on module_exit() Kristian Evensen (1): USB: serial: option: Add support for Quectel EP06 Ladislav Michl (1): power: supply: ltc2941-battery-gauge: Fix temperature units Larry Finger (1): Bluetooth: btusb: Add device ID for RTL8822BE Lars-Peter Clausen (2): usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS usb: gadget: ffs: Execute copy_to_user() with USER_DS set Laurent Pinchart (3): drm: omapdrm: dss: Move initialization code from component bind to probe media: v4l: vsp1: Fix display stalls when requesting too many inputs ARM: dts: porter: Fix HDMI output routing Laurent Vivier (1): KVM: PPC: Book3S HV: Fix guest time accounting with VIRT_CPU_ACCOUNTING_GEN Lenny Szubowicz (1): ACPI: acpi_pad: Fix memory leak in power saving threads Leo Yan (1): coresight: Use %px to print pcsr instead of %p Leon Romanovsky (3): RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure net/mlx5: Protect from command bit overflow RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs Leonard Crestez (1): ARM: dts: imx7d-sdb: Fix regulator-usb-otg2-vbus node name Li Zhijian (2): selftests/bpf/test_maps: exit child process without error in ENOMEM case selftests/vm/run_vmtests: adjust hugetlb size according to nr_cpus Linus LÃ¼ssing (3): batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag batman-adv: fix multicast-via-unicast transmission with AP isolation batman-adv: fix packet loss for broadcasted DHCP packets to a server Linus Walleij (1): drm/bridge: sii902x: Retry status read after DDI I2C Liu Bo (7): Btrfs: set plug for fsync Btrfs: fix scrub to repair raid6 corruption Btrfs: fix unexpected EEXIST from btrfs_get_extent Btrfs: raid56: fix race between merge_bio and rbio_orig_end_io Btrfs: clean up resources during umount after trans is aborted Btrfs: bail out on error during replay_dir_deletes Btrfs: fix NULL pointer dereference in log_dir_items Logan Gunthorpe (1): ntb_transport: Fix bug with max_mw_size parameter Luca Coelho (1): iwlwifi: mvm: check if mac80211_queue is valid in iwl_mvm_disable_txq Lucas Stach (1): drm/imx: move arming of the vblank event to atomic_flush Luis R. Rodriguez (1): lib/test_kmod.c: fix limit check on number of test devices created Madalin Bucur (1): dpaa_eth: fix SG mapping Madhavan Srinivasan (1): powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer Maninder Singh (1): mm/page_owner: fix recursion bug after changing skip entries Manish Chopra (2): qede: Fix barrier usage after tx doorbell write. qede: Do not drop rx-checksum invalidated packets. Manish Rangankar (2): scsi: qla4xxx: skip error recovery in case of register disconnect. scsi: qedi: Fix kernel crash during port toggle Manu Gautam (1): usb: gadget: core: Fix use-after-free of usb_request Marc Zyngier (2): arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery arm64: insn: Allow ADD/SUB (immediate) with LSL #12 Marcel Ziswiler (1): clk: tegra: Fix pll_u rate configuration Mark Lord (1): powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access Mark Rutland (2): arm64: perf: correct PMUVer probing efi/arm*: Only register page tables when they exist Mark Salter (1): irqchip/gic-v3: Change pr_debug message to pr_devel Markus Elfring (1): drm/exynos: g2d: Delete an error message for a failed memory allocation in two functions Martin Blumenstingl (2): net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock Masami Hiramatsu (6): selftest: ftrace: Fix to pick text symbols for kprobes selftests: ftrace: Add probe event argument syntax testcase selftests: ftrace: Add a testcase for string type with kprobe_event selftests: ftrace: Add a testcase for probepoint tracing/uprobe_event: Fix strncpy corner case media: vb2: Fix videobuf2 to map correct area Matan Barak (2): IB/uverbs: Fix method merging in uverbs_ioctl_merge IB/uverbs: Fix possible oops with duplicate ioctl attributes Mathias Kresin (1): MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset Mathias Nyman (2): xhci: Show what USB release number the xHC supports from protocol capablity xhci: zero usb device slot_id member when disabling and freeing a xhci slot Mathieu Malaterre (2): net: Extra '_get' in declaration of arch_get_platform_mac_address powerpc: Add missing prototype for arch_irq_work_raise() Matt Redfearn (2): MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS MIPS: Generic: Support GIC in EIC mode Matthias Schiffer (3): batman-adv: fix packet checksum in receive path batman-adv: invalidate checksum on fragment reassembly batman-adv: fix header size check in batadv_dbg_arp() Maurizio Lombardi (1): cdrom: do not call check_disk_change() inside cdrom_open() Mauro Carvalho Chehab (2): media: dmxdev: fix error code for invalid ioctls media: Don't let tvp5150_get_vbi() go out of vbi_ram_default array Max Gurtovoy (2): RDMA/core: Reduce poll batch for direct cq polling nvmet: fix PSDT field check in command format Maxime Chevallier (1): spi: a3700: Clear DATA_OUT when performing a read Maxime Ripard (1): drm/sun4i: rgb: Fix potential division by zero Meelis Roos (1): scsi: aacraid: fix shutdown crash when init fails Mel Gorman (1): mm: pin address_space before dereferencing it while isolating an LRU page Merlijn Wajer (2): usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers usb: musb: Fix external abort in musb_remove on omap2430 Michael Bringmann (2): powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes powerpc/numa: Ensure nodes initialized for hotplug Michael Chan (1): bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa(). Michael Ellerman (5): selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable powerpc/mpic: Check if cpu_possible() in mpic_physmask() powerpc/perf: Fix kernel address leak via sampling registers selftests: Print the test we're running to /dev/kmsg powerpc/pseries: Make plpar_wrappers.h safe to include when PSERIES=n Michael J. Ruhl (1): IB/hfi1: Re-order IRQ cleanup to address driver cleanup race Michael Kelley (1): cpumask: Make for_each_cpu_wrap() available on UP as well Michael Kelley (EOSG) (1): scsi: storvsc: Increase cmd_per_lun for higher speed devices Michael Schmitz (1): zorro: Set up z->dev.dma_mask for the DMA API Michal Kalderon (1): qed: Free RoCE ILT Memory on rmmod qedr MickaÃ«l SalaÃ¼n (1): samples/bpf: Partially fixes the bpf.o build Mikhail Malygin (1): IB/rxe: Fix for oops in rxe_register_device on ppc64le arch Milton Miller (2): watchdog: aspeed: Allow configuring for alternate boot watchdog: aspeed: Fix translation of reset mode to ctrl register Minas Harutyunyan (2): usb: dwc2: hcd: Fix host channel halt flow usb: dwc2: host: Fix transaction errors in host mode Ming Lei (4): dm mpath: return DM_MAPIO_REQUEUE on blk-mq rq allocation failure blk-mq: turn WARN_ON in __blk_mq_run_hw_queue into printk nvme: pci: pass max vectors as num_possible_cpus() to pci_alloc_irq_vectors block: null_blk: fix 'Invalid parameters' when loading module Moni Shoua (1): IB/mlx: Set slid to zero in Ethernet completion struct Monk Liu (2): drm/amdgpu: disable GFX ring and disable PQ wptr in hw_fini drm/amdgpu: adjust timeout for ib_ring_tests(v2) Mustafa Ismail (1): i40iw: Free IEQ resources Naftali Goldstein (1): iwlwifi: mvm: always init rs with 20mhz bandwidth rates Naresh Kamboju (1): selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m Neil Armstrong (1): drm/meson: fix vsync buffer update NeilBrown (3): NFSv4: always set NFS_LOCK_LOST when a lock is lost. staging: lustre: fix bug in osc_enter_cache_try staging: lustre: lmv: correctly iput lmo_root Ngai-Mint Kwan (1): fm10k: fix "failed to kill vid" message for VF Nicholas Piggin (4): powerpc: System reset avoid interleaving oops using die synchronisation powerpc/powernv: IMC fix out of bounds memory access at shutdown powerpc/64s/idle: Fix restore of AMOR on POWER9 after deep sleep powerpc/64s: sreset panic if there is no debugger or crash dump handlers Nicolas Pitre (1): kbuild: make scripts/adjust_autoksyms.sh robust against timestamp races Niklas Cassel (6): PCI: Add dummy pci_irqd_intx_xlate() for CONFIG_PCI=n build net: stmmac: discard disabled flags in interrupt status register pinctrl: artpec6: dt: add missing pin group uart5nocts net: stmmac: ensure that the device has released ownership before reading data net: stmmac: ensure that the MSS desc is the last desc to set the own bit net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() Nikolay Borisov (2): btrfs: Fix out of bounds access in btrfs_search_slot btrfs: Fix possible softlock on single core machines Nitin Gupta (1): sparc64: update pmdp_invalidate() to return old pmd value Nobutaka Okabe (1): ALSA: usb-audio: Add native DSD support for Luxman DA-06 Oded Gabbay (1): drm/amdkfd: add missing include of mm.h Omar Sandoval (1): loop: don't call into filesystem while holding lo_ctl_mutex Or Gerlitz (2): net/mlx5e: Return error if prio is specified when offloading eswitch vlan push net/mlx5: Make eswitch support to depend on switchdev Paolo Bonzini (1): kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl Parav Pandit (4): RDMA/core: Clarify rdma_ah_find_type RDMA/cma: Check existence of netdevice during port validation IB/core: Fix possible crash to access NULL netdev IB/core: Honor port_num while resolving GID for IB link layer Paul E. McKenney (1): rcu: Create RCU-specific workqueues with rescuers Paul Mackerras (4): KVM: PPC: Book3S HV: Enable migration of decrementer register KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing Pawel Dembicki (1): net: qmi_wwan: add BroadMobi BM806U 2020:2033 PaweÅ, JabÅ,oÅ"ski (1): i40e: Fix attach VF to VM issue Peter Hutterer (1): Input: synaptics - reset the ABS_X/Y fuzz after initializing MT axes Peter Malone (1): fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). Peter Oh (1): mac80211: mesh: fix wrong mesh TTL offset calculation Peter Robinson (1): crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss Peter Rosin (1): ARM: dts: at91: tse850: use the correct compatible for the eeprom Peter Ujfalusi (1): ASoC: hdmi-codec: Fix module unloading caused kernel crash Peter Xu (1): iommu/vt-d: Use domain instead of cache fetching Peter Zijlstra (2): x86/tsc: Allow TSC calibration without PIT perf/core: Fix perf_output_read_group() Petr Vorel (1): ima: Fallback to the builtin hash algorithm Philipp Puschmann (1): arm: dts: socfpga: fix GIC PPI warning Pierre Bourdon (1): max17042: propagate of_node to power supply device Pierre-Yves Kerbrat (1): e1000e: allocate ring descriptors with dma_zalloc_coherent Prashant Bhole (2): bpf: test_maps: cleanup sockmaps when test ends selftests/net: fixes psock_fanout eBPF test case Pratyush Anand (1): arm64: fix unwind_frame() for filtered out fn for function graph tracing Qi Hou (2): ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt dmaengine: pl330: fix a race condition in case of threaded irqs Qu Wenruo (2): btrfs: tests/qgroup: Fix wrong tree backref level btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled Quinn Tran (1): scsi: qla2xxx: Fix memory corruption during hba reset test Quytelda Kahja (1): staging: ks7010: Use constants from ieee80211_eid instead of literal ints. Rafael J. Wysocki (3): ACPI / EC: Restore polling during noirq suspend/resume phases PCI: Restore config space on runtime resume despite being unbound PCMCIA / PM: Avoid noirq suspend aborts during suspend-to-idle Raghuram Chary J (1): lan78xx: Set ASD in MAC_CR when EEE is enabled. Ramon Fried (1): qrtr: add MODULE_ALIAS macro to smd Randy Dunlap (3): fs/signalfd: fix build error for BUS_MCEERR_AR integrity/security: fix digsig.c build error with header file kdb: make "mdr" command repeat Ranjani Sridharan (1): ASoC: topology: create TLV data for dapm widgets Ravikumar Kattekola (1): ARM: dts: dra71-evm: Correct evm_sd regulator max voltage Rich Felker (1): sh: fix debug trap failure to process signals before return to user Richard Fitzgerald (1): pinctrl: devicetree: Fix dt_to_map_one_config handling of hogs Richard Guy Briggs (1): audit: return on memory error to avoid null pointer dereference Richard Haines (1): netlabel: If PF_INET6, check sk_buff ip header version Rob Herring (3): arm64: dts: cavium: fix PCI bus dtc warnings ARM: dts: rockchip: Add missing #sound-dai-cells on rk3288 microblaze: switch to NO_BOOTMEM Robin Murphy (3): iommu/exynos: Don't unconditionally steal bus ops arm64: dts: rockchip: Fix DWMMC clocks ARM: dts: rockchip: Fix DWMMC clocks Roger Pau Monne (1): xen/pirq: fix error path cleanup when binding MSIs Roger Quadros (1): usb: dwc3: omap: don't miss events during suspend/resume Rolf Evers-Fischer (1): PCI: endpoint: Fix kernel panic after put_device() Ross Lagerwall (2): xen-netfront: Fix race between device setup and open xen/grant-table: Use put_page instead of free_page Sabrina Dubroca (1): ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu Sagi Grimberg (1): IB/cq: Don't force IB_POLL_DIRECT poll context for ib_process_cq_direct Sai Praneeth (1): x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead of this_cpu_has() in build_cr3_noflush() Samuel Neves (1): x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations Sandipan Das (2): perf tools: Fix perf builds with clang support perf clang: Add support for recent clang versions Sara Sharon (7): iwlwifi: mvm: fix security bug in PN checking iwlwifi: mvm: fix IBSS for devices that support station type API mac80211: fix a possible leak of station stats mac80211: fix calling sleeping function in atomic context iwlwifi: mvm: fix TX of CCMP 256 iwlwifi: mvm: fix assert 0x2B00 on older FWs iwlwifi: mvm: fix "failed to remove key" message Sean Christopherson (2): KVM: VMX: raise internal error for exception during invalid protected mode state Revert "KVM: X86: Fix SMRAM accessing even if VM is shutdown" Sean Wang (1): net: dsa: mt7530: fix module autoloading for OF platform drivers Sebastian Andrzej Siewior (2): iommu/amd: Take into account that alloc_dev_data() may return NULL crypto: ccp - don't disable interrupts while setting up debugfs Sebastian Gottschall (1): ath9k: fix crash in spectral scan Sebastian Ott (5): s390/eadm: fix CONFIG_BLOCK include dependency s390/cio: fix ccw_device_start_timeout API s390/cio: fix return code after missing interrupt s390/cio: clear timer when terminating driver I/O kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds Selvin Xavier (2): RDMA/bnxt_re: Fix system crash during load/unload RDMA/bnxt_re: Fix the ib_reg failure cleanup Sergei Shtylyov (3): sh_eth: fix TSU init on SH7734/R8A7740 drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen3 drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen2 Seunghun Han (1): ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c Shakeel Butt (2): mm, mlock, vmscan: no more skipping pagevecs mm, slab: memcg_link the SLAB's kmem_cache Shaul Triebitz (1): iwlwifi: avoid collecting firmware dump if not loaded Shawn Lin (5): arm64: dts: rockchip: correct ep-gpios for rk3399-sapphire clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228 clk: Don't show the incorrect clock phase phy: rockchip-emmc: retry calpad busy trimming clk: rockchip: Prevent calculating mmc phase if clock rate is zero Sheng Yong (1): f2fs: avoid hungtask when GC encrypted block if io_bits is set Shiraz Saleem (1): i40iw: Zero-out consumer key on allocate stag for FMR Shunyong Yang (1): cpufreq: CPPC: Initialize shared perf capabilities of CPUs Shyam Saini (1): ARM: dts: imx6dl: Include correct dtsi file for Engicam i.CoreM6 DualLite/Solo RQS Sinan Kaya (1): net: qlge: Eliminate duplicate barriers on weakly-ordered archs Song Liu (1): perf/cgroup: Fix child event counting bug Srinivas Kandagatla (1): dmaengine: qcom: bam_dma: get num-channels and num-ees from dt Stefan Agner (2): usb: gadget: fsl_udc_core: fix ep valid checks soc: imx: gpc: de-register power domains only if initialized Stefan Haberland (1): s390/dasd: fix handling of internal requests Stefan Wahren (3): ARM: dts: bcm283x: Fix unit address of local_intc brcmfmac: Fix check for ISO3166 code ARM: dts: bcm283x: Fix probing of bcm2835-i2s Stefano Brivio (4): vti4: Don't count header length twice on tunnel setup ip_tunnel: Clamp MTU to bounds on new link vti4: Don't override MTU passed on link creation via IFLA_MTU vti6: Fix dev->max_mtu setting Steffen Klassert (2): xfrm: Fix ESN sequence number handling for IPsec GSO packets. xfrm: Fix transport mode skb control buffer usage. Stephane Eranian (1): perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs Stephen Boyd (1): irqchip/gic-v3: Ignore disabled ITS nodes Stephen Hemminger (13): hv_netvsc: avoid retry on send during shutdown hv_netvsc: only wake transmit queue if link is up hv_netvsc: fix error unwind handling if vmbus_open fails hv_netvsc: cancel subchannel setup before halting device hv_netvsc: fix race in napi poll when rescheduling hv_netvsc: use napi_schedule_irqoff hv_netvsc: defer queue selection to VF hv_netvsc: filter multicast/broadcast hv_netvsc: propagate rx filters to VF hv_netvsc: fix filter flags hv_netvsc: fix locking for rx_mode hv_netvsc: fix locking during VF setup hv_netvsc: enable multicast if necessary Steven J. Hill (1): mm/vmstat.c: fix vmstat_update() preemption BUG Steven Rostedt (VMware) (3): tools lib traceevent: Simplify pointer print logic and fix %pF tools lib traceevent: Fix get_field_str() for dynamic strings selftests/ftrace: Add some missing glob checks Subash Abhinov Kasiviswanathan (3): netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460 netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} Sujit Reddy Thumma (1): scsi: ufs: Enable quirk to ignore sending WRITE_SAME command Sven Eckelmann (5): batman-adv: Ignore invalid batadv_iv_gw during netlink send batman-adv: Ignore invalid batadv_v_gw during netlink send batman-adv: Fix netlink dumping of BLA claims batman-adv: Fix netlink dumping of BLA backbones batman-adv: Fix skbuff rcsum on packet reroute Sylwester Nawrocki (2): ASoC: samsung: odroid: Fix 32000 sample rate handling ASoC: samsung: i2s: Ensure the RCLK rate is properly determined Taehee Yoo (1): xfrm: fix rcu_read_unlock usage in xfrm_local_error Takashi Iwai (2): ALSA: hda - Use IS_REACHABLE() for dependency on input ALSA: vmaster: Propagate slave error Takeshi Kihara (1): pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group Tang Junhui (4): bcache: fix for allocator and register thread race bcache: fix for data collapse after re-attaching an attached device bcache: return attach error when no cache set exist bcache: fix kcrashes with fio in RAID5 backend dev Tejun Heo (1): rcu: Call touch_nmi_watchdog() while printing stall warnings Thierry Reding (1): drm/tegra: Shutdown on driver unbind Thinh Nguyen (2): usb: dwc3: Add SoftReset PHY synchonization delay usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields Thomas Falcon (6): ibmvnic: Wait until reset is complete to set carrier on ibmvnic: Free RX socket buffer in case of adapter error ibmvnic: Clean RX pool buffers during device close ibmvnic: Check for NULL skb's in NAPI poll routine ibmvnic: Zero used TX descriptor counter on reset ibmvnic: Fix TX descriptor tracking again Thomas Hellstrom (1): drm/vmwgfx: Unpin the screen object backup buffer when not used Thomas Richter (4): perf record: Fix failed memory allocation for get_cpuid_str perf test: Fix test trace+probe_libc_inet_pton.sh for s390x perf stat: Fix core dump when flag T is used perf test: Fix test case inet_pton to accept inlines. Thomas Vincent-Cross (1): PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 Tobias Jordan (2): gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle Tom Abraham (1): swap: divide-by-zero when zero length swap file on ssd Tom St Denis (1): drm/amd/amdgpu: Correct VRAM width for APUs with GMC9 Tomas Henzl (1): scsi: mpt3sas: fix an out of bound write Tony Lindgren (4): PM / wakeirq: Fix unbalanced IRQ enable for wakeirq ARM: OMAP3: Fix prm wake interrupt for resume ARM: OMAP2+: Fix sar_base inititalization for HS omaps ARM: OMAP: Fix dmtimer init for omap1 Torsten Hilbrich (1): net/usb/qmi_wwan.c: Add USB id for lt4120 modem Toshiaki Makita (4): net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off vlan: Fix out of order vlan headers with reorder header off net: Fix untag for vlan packets without ethernet header vlan: Fix vlan insertion for packets without ethernet header Trond Myklebust (1): SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context Tycho Andersen (1): seccomp: add a selftest for get_metadata Ulf Hansson (1): PM / domains: Fix up domain-idle-states OF parsing Ulf Magnusson (4): kconfig: Don't leak main menus during parsing kconfig: Fix automatic menu creation mem leak kconfig: Fix expr_free() E_NOT leak ARC: Fix malformed ARC_EMUL_UNALIGNED default Ursula Braun (1): net/smc: pay attention to MAX_ORDER for CQ entries Uwe Kleine-KÃ¶nig (1): serial: altera: ensure port->regshift is honored consistently Vaibhav Jain (2): powerpc/xmon: Setup debugger hooks when first break-point is set cxl: Check if PSL data-cache is available before issue flush request Vardan Mikayelyan (1): usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() Vicente Bergas (1): Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB Vignesh R (1): serial: 8250: Don't service RX FIFO if interrupts are disabled Vinayak Menon (1): mm/kmemleak.c: wait for scan completion before disabling free Viresh Kumar (1): cpufreq: Reorder cpufreq_online() error code path Vitaly Kuznetsov (4): x86/hyperv: Stop suppressing X86_FEATURE_PCID x86/hyperv: Check for required priviliges in hyperv_init() x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use Vivek Gautam (1): phy: qcom-qmp: Fix phy pipe clock gating Wang Hui (1): x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-directory in resctrl file system Wei Yongjun (2): ipmi/powernv: Fix error return code in ipmi_powernv_probe() nfp: fix error return code in nfp_pci_probe() Wen Xiong (1): nvme-pci: Fix EEH failure on ppc Wilfried Weissmann (1): scsi: mvsas: fix wrong endianness of sgpio api Will Deacon (4): arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics locking/qspinlock: Ensure node->count is updated before initialising node fs: dcache: Avoid livelock between d_alloc_parallel and __d_add fs: dcache: Use READ_ONCE when accessing i_dir_seq Wolfram Sang (3): drm/exynos: fix comparison to bitshift when dealing with a mask can: m_can: change comparison to bitshift when dealing with a mask usb: gadget: udc: change comparison to bitshift when dealing with a mask Xiao Ni (1): MD: Free bioset when md_run fails Xidong Wang (1): z3fold: fix memory leak Xin Long (5): xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos ip_gre: fix IFLA_MTU ignored on NEWLINK ip6_tunnel: fix IFLA_MTU ignored on NEWLINK sit: fix IFLA_MTU ignored on NEWLINK bonding: fix the err path for dev hwaddr sync in bond_enslave Xose Vazquez Perez (1): scsi: devinfo: fix format of the device list Y.C. Chen (1): drm/ast: Fixed 1280x800 Display Issue Yang Shi (2): mm: thp: use down_read_trylock() in khugepaged to avoid long block mm: thp: fix potential clearing to referenced flag in page_idle_clear_pte_refs_one() Yelena Krivosheev (1): net: mvneta: fix enable of all initialized RXQs Yisheng Xie (4): mm/mempolicy: fix the check of nodemask from user mm/mempolicy: add nodes_empty check in SYSC_migrate_pages mm/mempolicy.c: avoid use uninitialized preferred_node perf top: Fix top.call-graph config option reading Yong Wu (1): iommu/mediatek: Fix protect memory setting Yonghong Song (1): bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y Yoshihiro Shimoda (3): dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 usb: host: xhci-plat: revert "usb: host: xhci-plat: enable clk in resume timing" dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue() Yufen Yu (2): md raid10: fix NULL deference in handle_write_completed() md/raid1: fix NULL pointer dereference himanshu.madhani(a)cavium.com (1): scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout() leilei.lin (1): perf/core: Fix installing cgroup events on CPU lionel.debieve(a)st.com (1): hwrng: stm32 - add reset during probe mike.travis(a)hpe.com (1): x86/platform/UV: Fix GAM Range Table entries less than 1GB mulhern (1): dm thin: fix documentation relative to low water mark threshold piaojun (3): ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute ocfs2: return error when we attempt to access a dirty bh in jbd2 shidao.ytt (1): mm/fadvise: discard partial page if endbyte is also EOF weiyongjun (A) (1): mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() Ã~rjan Eide (1): drm/rockchip: Respect page offset for PRIME mmap calls .mailmap | 1 + Documentation/device-mapper/thin-provisioning.txt | 8 +- .../devicetree/bindings/clock/sunxi-ccu.txt | 4 + .../devicetree/bindings/dma/mv-xor-v2.txt | 6 +- .../bindings/pinctrl/axis,artpec6-pinctrl.txt | 5 +- Documentation/virtual/kvm/api.txt | 1 + arch/alpha/include/asm/xchg.h | 30 +- arch/arc/Kconfig | 1 - arch/arc/include/asm/bug.h | 3 +- arch/arc/kernel/mcip.c | 74 +- arch/arc/kernel/smp.c | 50 +- arch/arm/boot/dts/at91-tse850-3.dts | 2 +- arch/arm/boot/dts/bcm2836.dtsi | 2 +- arch/arm/boot/dts/bcm2837.dtsi | 2 +- arch/arm/boot/dts/bcm283x.dtsi | 6 +- arch/arm/boot/dts/bcm958625hr.dts | 2 +- arch/arm/boot/dts/dra71-evm.dts | 4 +- arch/arm/boot/dts/imx6dl-icore-rqs.dts | 2 +- arch/arm/boot/dts/imx7d-cl-som-imx7.dts | 52 +- arch/arm/boot/dts/imx7d-sdb.dts | 2 +- arch/arm/boot/dts/ls1021a.dtsi | 3 +- arch/arm/boot/dts/r8a7791-porter.dts | 2 +- arch/arm/boot/dts/rk3036.dtsi | 4 +- arch/arm/boot/dts/rk322x.dtsi | 6 +- arch/arm/boot/dts/rk3288.dtsi | 2 + arch/arm/boot/dts/socfpga.dtsi | 2 +- arch/arm/configs/davinci_all_defconfig | 2 +- arch/arm/include/asm/vdso.h | 2 - arch/arm/kernel/vdso.c | 12 +- arch/arm/mach-davinci/board-omapl138-hawk.c | 4 +- arch/arm/mach-omap1/clock.c | 6 +- arch/arm/mach-omap2/omap-wakeupgen.c | 4 +- arch/arm/mach-omap2/pm.c | 4 +- arch/arm/mach-omap2/timer.c | 19 +- arch/arm/mach-orion5x/Kconfig | 3 - arch/arm/mach-orion5x/dns323-setup.c | 53 +- arch/arm/mach-orion5x/tsx09-common.c | 49 +- arch/arm/mm/dma-mapping.c | 16 +- arch/arm/plat-omap/dmtimer.c | 7 +- arch/arm64/boot/dts/cavium/thunder2-99xx.dtsi | 3 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 4 +- arch/arm64/boot/dts/rockchip/rk3328-rock64.dts | 5 +- arch/arm64/boot/dts/rockchip/rk3328.dtsi | 6 +- arch/arm64/boot/dts/rockchip/rk3368.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3399-gru.dtsi | 16 +- arch/arm64/boot/dts/rockchip/rk3399-sapphire.dtsi | 2 +- arch/arm64/include/asm/spinlock.h | 4 +- arch/arm64/include/asm/stacktrace.h | 2 +- arch/arm64/kernel/cpu_errata.c | 4 +- arch/arm64/kernel/insn.c | 18 +- arch/arm64/kernel/perf_event.c | 4 +- arch/arm64/kernel/stacktrace.c | 5 + arch/arm64/kernel/time.c | 2 +- arch/cris/include/arch-v10/arch/bug.h | 11 +- arch/ia64/include/asm/bug.h | 6 +- arch/ia64/kernel/err_inject.c | 2 +- arch/m68k/coldfire/device.c | 12 +- arch/m68k/include/asm/bug.h | 3 + arch/microblaze/Kconfig | 1 + arch/microblaze/mm/init.c | 56 +- arch/mips/boot/compressed/Makefile | 6 +- arch/mips/cavium-octeon/octeon-irq.c | 10 +- arch/mips/generic/irq.c | 18 +- arch/mips/include/asm/mach-ath79/ar71xx_regs.h | 2 +- arch/mips/include/asm/machine.h | 2 +- arch/mips/txx9/rbtx4939/setup.c | 4 +- arch/powerpc/boot/Makefile | 3 +- arch/powerpc/include/asm/book3s/64/pgalloc.h | 10 +- arch/powerpc/include/asm/irq_work.h | 1 + arch/powerpc/include/asm/plpar_wrappers.h | 4 + arch/powerpc/include/uapi/asm/kvm.h | 2 + arch/powerpc/kernel/idle_book3s.S | 2 + arch/powerpc/kernel/traps.c | 49 +- arch/powerpc/kvm/book3s_64_mmu_hv.c | 8 +- arch/powerpc/kvm/book3s_64_mmu_radix.c | 69 +- arch/powerpc/kvm/book3s_hv.c | 25 +- arch/powerpc/kvm/powerpc.c | 2 +- arch/powerpc/mm/numa.c | 78 +- arch/powerpc/net/bpf_jit_comp.c | 3 + arch/powerpc/perf/core-book3s.c | 25 + arch/powerpc/platforms/powernv/npu-dma.c | 229 +++-- arch/powerpc/platforms/powernv/opal-imc.c | 6 +- arch/powerpc/sysdev/mpic.c | 2 +- arch/powerpc/xmon/xmon.c | 17 +- arch/s390/include/asm/eadm.h | 2 +- arch/s390/kvm/kvm-s390.c | 4 +- arch/s390/kvm/vsie.c | 50 +- arch/sh/kernel/entry-common.S | 2 +- arch/sparc/include/asm/atomic_64.h | 6 +- arch/sparc/include/asm/bug.h | 6 +- arch/sparc/include/asm/pgtable_64.h | 2 +- arch/sparc/mm/tlb.c | 23 +- arch/x86/events/core.c | 15 +- arch/x86/events/intel/core.c | 12 +- arch/x86/events/intel/ds.c | 117 ++- arch/x86/events/perf_event.h | 2 +- arch/x86/hyperv/hv_init.c | 9 +- arch/x86/hyperv/mmu.c | 12 +- arch/x86/include/asm/alternative.h | 4 +- arch/x86/include/asm/i8259.h | 5 + arch/x86/include/asm/tlbflush.h | 7 +- arch/x86/kernel/apic/apic.c | 2 +- arch/x86/kernel/apic/x2apic_uv_x.c | 15 +- arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 1 + arch/x86/kernel/cpu/mcheck/mce.c | 14 + arch/x86/kernel/devicetree.c | 21 +- arch/x86/kernel/dumpstack.c | 2 +- arch/x86/kernel/smpboot.c | 1 + arch/x86/kernel/tsc.c | 18 + arch/x86/kvm/lapic.c | 10 +- arch/x86/kvm/mmu.c | 2 +- arch/x86/kvm/vmx.c | 43 +- arch/x86/kvm/x86.c | 10 +- arch/x86/mm/init_64.c | 3 +- arch/x86/mm/pageattr.c | 6 +- arch/x86/mm/pgtable.c | 9 + arch/x86/power/hibernate_32.c | 2 +- arch/x86/power/hibernate_64.c | 2 +- block/bio.c | 2 +- block/blk-core.c | 33 + block/blk-merge.c | 29 +- block/blk-mq-debugfs.c | 6 +- block/blk-mq.c | 22 +- block/blk-sysfs.c | 7 - block/partition-generic.c | 6 + crypto/af_alg.c | 8 +- crypto/asymmetric_keys/pkcs7_trust.c | 1 + drivers/acpi/acpi_lpss.c | 2 + drivers/acpi/acpi_pad.c | 3 + drivers/acpi/acpica/evevent.c | 9 +- drivers/acpi/acpica/nseval.c | 8 + drivers/acpi/acpica/psargs.c | 4 + drivers/acpi/bus.c | 6 + drivers/acpi/ec.c | 6 + drivers/acpi/processor_perflib.c | 2 +- drivers/acpi/scan.c | 20 +- drivers/ata/libata-scsi.c | 2 +- drivers/ata/sata_rcar.c | 63 +- drivers/base/power/domain.c | 76 +- drivers/base/power/wakeirq.c | 6 +- drivers/base/regmap/regmap.c | 2 +- drivers/block/loop.c | 38 +- drivers/block/nbd.c | 2 +- drivers/block/null_blk.c | 46 +- drivers/block/paride/pcd.c | 2 + drivers/block/xen-blkfront.c | 17 +- drivers/bluetooth/btusb.c | 6 + drivers/cdrom/cdrom.c | 3 - drivers/cdrom/gdrom.c | 3 + drivers/char/hw_random/stm32-rng.c | 9 + drivers/char/ipmi/ipmi_powernv.c | 5 +- drivers/char/ipmi/ipmi_ssif.c | 4 +- drivers/clk/clk.c | 3 + drivers/clk/hisilicon/crg-hi3516cv300.c | 2 +- drivers/clk/rockchip/clk-mmc-phase.c | 23 + drivers/clk/rockchip/clk-rk3228.c | 2 +- drivers/clk/samsung/clk-exynos3250.c | 4 +- drivers/clk/samsung/clk-exynos5250.c | 8 +- drivers/clk/samsung/clk-exynos5260.c | 2 +- drivers/clk/samsung/clk-exynos5433.c | 12 +- drivers/clk/samsung/clk-exynos7.c | 2 +- drivers/clk/samsung/clk-s3c2410.c | 16 +- drivers/clk/tegra/clk-pll.c | 2 + drivers/clocksource/fsl_ftm_timer.c | 2 +- drivers/clocksource/mips-gic-timer.c | 2 +- drivers/cpufreq/cppc_cpufreq.c | 23 +- drivers/cpufreq/cpufreq.c | 6 +- drivers/cpufreq/intel_pstate.c | 5 + drivers/crypto/Kconfig | 1 - drivers/crypto/atmel-aes.c | 2 +- drivers/crypto/ccp/ccp-debugfs.c | 7 +- drivers/crypto/inside-secure/safexcel.c | 9 + drivers/crypto/inside-secure/safexcel_cipher.c | 2 +- drivers/crypto/inside-secure/safexcel_hash.c | 8 +- drivers/crypto/sunxi-ss/sun4i-ss-core.c | 1 + drivers/dma/mv_xor_v2.c | 25 +- drivers/dma/pl330.c | 6 +- drivers/dma/qcom/bam_dma.c | 27 +- drivers/dma/sh/rcar-dmac.c | 11 +- drivers/firewire/ohci.c | 8 +- drivers/firmware/dmi_scan.c | 24 +- drivers/firmware/efi/arm-runtime.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_ib.c | 33 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 8 +- drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 5 +- drivers/gpu/drm/amd/amdkfd/kfd_packet_manager.c | 3 +- drivers/gpu/drm/ast/ast_tables.h | 4 +- drivers/gpu/drm/bridge/sii902x.c | 20 +- drivers/gpu/drm/exynos/exynos_drm_g2d.c | 12 +- drivers/gpu/drm/exynos/regs-fimc.h | 2 +- drivers/gpu/drm/imx/ipuv3-crtc.c | 5 + drivers/gpu/drm/meson/meson_crtc.c | 6 + drivers/gpu/drm/meson/meson_drv.c | 29 +- drivers/gpu/drm/meson/meson_drv.h | 3 + drivers/gpu/drm/meson/meson_plane.c | 7 +- drivers/gpu/drm/nouveau/nouveau_backlight.c | 10 +- .../drm/nouveau/nvkm/subdev/pmu/fuc/gf100.fuc3.h | 746 +++++++-------- .../drm/nouveau/nvkm/subdev/pmu/fuc/gk208.fuc5.h | 802 ++++++++-------- .../drm/nouveau/nvkm/subdev/pmu/fuc/gt215.fuc3.h | 1006 ++++++++++---------- .../gpu/drm/nouveau/nvkm/subdev/pmu/fuc/memx.fuc | 30 +- drivers/gpu/drm/omapdrm/dss/dispc.c | 4 + drivers/gpu/drm/omapdrm/dss/dss.c | 193 ++-- drivers/gpu/drm/panel/panel-simple.c | 2 +- drivers/gpu/drm/rcar-du/rcar_du_lvdsenc.c | 18 +- drivers/gpu/drm/rockchip/rockchip_drm_gem.c | 7 +- drivers/gpu/drm/sun4i/sun4i_dotclock.c | 5 +- drivers/gpu/drm/sun4i/sun4i_rgb.c | 2 + drivers/gpu/drm/tegra/drm.c | 1 + drivers/gpu/drm/virtio/virtgpu_ioctl.c | 17 +- drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c | 29 +- drivers/gpu/ipu-v3/ipu-pre.c | 3 + drivers/gpu/ipu-v3/ipu-prg.c | 15 +- drivers/hid/hid-roccat-kovaplus.c | 2 + drivers/hwmon/nct6775.c | 10 +- drivers/hwmon/pmbus/adm1275.c | 4 +- drivers/hwmon/pmbus/max8688.c | 2 +- drivers/hwtracing/coresight/coresight-cpu-debug.c | 2 +- drivers/hwtracing/intel_th/core.c | 2 +- drivers/i2c/busses/i2c-mv64xxx.c | 8 +- drivers/i2c/i2c-core-base.c | 8 + drivers/ide/ide-cd.c | 2 + drivers/infiniband/core/cma.c | 8 +- drivers/infiniband/core/cq.c | 30 +- drivers/infiniband/core/multicast.c | 26 +- drivers/infiniband/core/rdma_core.c | 5 +- drivers/infiniband/core/sa_query.c | 7 +- drivers/infiniband/core/ucma.c | 2 +- drivers/infiniband/core/uverbs_ioctl.c | 22 +- drivers/infiniband/core/uverbs_ioctl_merge.c | 18 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 24 +- drivers/infiniband/hw/bnxt_re/main.c | 10 +- drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 6 +- drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 1 + drivers/infiniband/hw/bnxt_re/qplib_sp.c | 3 +- drivers/infiniband/hw/bnxt_re/roce_hsi.h | 25 +- drivers/infiniband/hw/hfi1/chip.c | 18 +- drivers/infiniband/hw/hfi1/file_ops.c | 4 +- drivers/infiniband/hw/hfi1/hfi.h | 1 + drivers/infiniband/hw/hfi1/init.c | 4 +- drivers/infiniband/hw/i40iw/i40iw_puda.c | 3 +- drivers/infiniband/hw/i40iw/i40iw_puda.h | 1 + drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 + drivers/infiniband/hw/mlx4/cq.c | 4 +- drivers/infiniband/hw/mlx4/main.c | 11 +- drivers/infiniband/hw/mlx5/cq.c | 3 +- drivers/infiniband/hw/mlx5/main.c | 3 + drivers/infiniband/hw/mlx5/qp.c | 12 +- drivers/infiniband/hw/qedr/main.c | 3 +- drivers/infiniband/hw/qedr/verbs.c | 58 +- drivers/infiniband/sw/rxe/rxe_verbs.c | 2 +- drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 + drivers/input/mouse/psmouse-base.c | 34 +- drivers/input/mouse/synaptics.c | 10 + drivers/input/touchscreen/stmfts.c | 11 +- drivers/iommu/amd_iommu.c | 2 + drivers/iommu/exynos-iommu.c | 7 + drivers/iommu/intel-iommu.c | 3 +- drivers/iommu/mtk_iommu.c | 15 +- drivers/iommu/mtk_iommu.h | 1 + drivers/irqchip/irq-gic-v3-its-pci-msi.c | 2 + drivers/irqchip/irq-gic-v3-its-platform-msi.c | 2 + drivers/irqchip/irq-gic-v3-its.c | 2 + drivers/irqchip/irq-gic-v3.c | 2 +- drivers/macintosh/rack-meter.c | 4 +- drivers/md/bcache/alloc.c | 4 +- drivers/md/bcache/bcache.h | 2 +- drivers/md/bcache/btree.c | 9 +- drivers/md/bcache/request.c | 2 +- drivers/md/bcache/super.c | 23 +- drivers/md/bcache/sysfs.c | 11 +- drivers/md/bcache/writeback.c | 27 +- drivers/md/dm-mpath.c | 14 +- drivers/md/md.c | 49 +- drivers/md/md.h | 2 + drivers/md/raid1.c | 11 + drivers/md/raid10.c | 14 +- drivers/md/raid5.c | 15 +- drivers/media/dvb-core/dmxdev.c | 2 +- drivers/media/dvb-frontends/lgdt3306a.c | 10 +- drivers/media/i2c/adv748x/adv748x-hdmi.c | 3 + drivers/media/i2c/ov5645.c | 5 +- drivers/media/i2c/tvp5150.c | 88 +- drivers/media/pci/cx23885/cx23885-cards.c | 4 + drivers/media/pci/cx23885/cx23885-core.c | 10 + drivers/media/pci/cx25821/cx25821-core.c | 7 +- drivers/media/platform/s3c-camif/camif-capture.c | 7 +- drivers/media/platform/vivid/vivid-ctrls.c | 2 + drivers/media/platform/vsp1/vsp1_drm.c | 9 + drivers/media/usb/em28xx/em28xx-cards.c | 22 +- drivers/media/usb/em28xx/em28xx.h | 2 +- drivers/media/v4l2-core/videobuf2-vmalloc.c | 2 +- drivers/message/fusion/mptctl.c | 2 + drivers/misc/cxl/cxl.h | 4 + drivers/misc/cxl/native.c | 11 +- drivers/misc/cxl/pci.c | 19 +- drivers/net/bonding/bond_main.c | 6 +- drivers/net/can/m_can/m_can.c | 7 +- drivers/net/dsa/Makefile | 5 +- drivers/net/dsa/mt7530.c | 1 + drivers/net/ethernet/broadcom/bgmac.c | 3 +- drivers/net/ethernet/broadcom/bgmac.h | 6 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 3 + drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 12 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c | 1 + drivers/net/ethernet/cisco/enic/enic_main.c | 10 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 23 +- drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 2 +- drivers/net/ethernet/freescale/fman/fman_dtsec.c | 2 +- drivers/net/ethernet/freescale/gianfar.c | 16 +- drivers/net/ethernet/ibm/ibmvnic.c | 44 +- drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 +- drivers/net/ethernet/intel/e1000e/mac.c | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 4 +- drivers/net/ethernet/intel/fm10k/fm10k_netdev.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 18 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 14 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 + drivers/net/ethernet/intel/i40evf/i40evf.h | 1 + drivers/net/ethernet/intel/i40evf/i40evf_main.c | 9 +- .../net/ethernet/intel/i40evf/i40evf_virtchnl.c | 35 +- drivers/net/ethernet/intel/igb/igb_main.c | 42 +- drivers/net/ethernet/intel/igb/igb_ptp.c | 9 + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 11 +- drivers/net/ethernet/marvell/mvneta.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/Kconfig | 2 +- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 2 - drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 3 +- .../ethernet/mellanox/mlxsw/core_acl_flex_keys.h | 20 +- drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 8 +- drivers/net/ethernet/mellanox/mlxsw/spectrum.h | 1 + drivers/net/ethernet/mellanox/mlxsw/spectrum_fid.c | 2 +- drivers/net/ethernet/netronome/nfp/nfp_main.c | 1 + drivers/net/ethernet/qlogic/qed/qed_cxt.c | 5 +- drivers/net/ethernet/qlogic/qed/qed_rdma.c | 1 + drivers/net/ethernet/qlogic/qede/qede_fp.c | 20 +- drivers/net/ethernet/qlogic/qlge/qlge.h | 16 + drivers/net/ethernet/qlogic/qlge/qlge_main.c | 3 +- drivers/net/ethernet/qualcomm/emac/emac-mac.c | 23 +- drivers/net/ethernet/renesas/sh_eth.c | 6 +- drivers/net/ethernet/renesas/sh_eth.h | 1 + drivers/net/ethernet/smsc/smsc911x.c | 4 +- .../net/ethernet/stmicro/stmmac/dwmac-meson8b.c | 6 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 6 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 16 +- drivers/net/ethernet/sun/sunvnet.c | 2 +- drivers/net/hyperv/netvsc.c | 33 +- drivers/net/hyperv/netvsc_drv.c | 73 +- drivers/net/hyperv/rndis_filter.c | 23 +- drivers/net/ieee802154/ca8210.c | 14 +- drivers/net/macsec.c | 5 +- drivers/net/macvlan.c | 2 +- drivers/net/phy/dp83640.c | 18 + drivers/net/usb/lan78xx.c | 44 +- drivers/net/usb/qmi_wwan.c | 5 + drivers/net/usb/r8152.c | 2 +- drivers/net/usb/smsc75xx.c | 7 +- drivers/net/usb/usbnet.c | 10 +- drivers/net/virtio_net.c | 4 +- drivers/net/wireless/ath/ath10k/mac.c | 17 +- drivers/net/wireless/ath/ath9k/common-spectral.c | 12 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 2 +- .../net/wireless/intel/iwlwifi/fw/api/time-event.h | 4 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 13 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.h | 3 + drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 3 + drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c | 5 +- drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 3 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 54 +- drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 3 + drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 8 + drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 28 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 39 +- drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 107 +-- .../net/wireless/intel/iwlwifi/mvm/time-event.c | 21 +- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 23 +- drivers/net/wireless/intel/iwlwifi/mvm/utils.c | 11 +- drivers/net/wireless/mac80211_hwsim.c | 4 +- drivers/net/wireless/rsi/rsi_91x_sdio.c | 32 +- drivers/net/wireless/rsi/rsi_sdio.h | 2 + drivers/net/xen-netfront.c | 46 +- drivers/ntb/ntb_transport.c | 3 + drivers/nvme/host/fabrics.c | 4 +- drivers/nvme/host/pci.c | 27 +- drivers/nvme/target/core.c | 9 +- drivers/parisc/lba_pci.c | 20 +- drivers/pci/endpoint/pci-epf-core.c | 2 +- drivers/pci/pci-driver.c | 17 +- drivers/pci/quirks.c | 5 + drivers/pcmcia/cs.c | 10 +- drivers/pcmcia/cs_internal.h | 1 + drivers/phy/qualcomm/phy-qcom-qmp.c | 4 +- drivers/phy/rockchip/phy-rockchip-emmc.c | 27 +- drivers/pinctrl/devicetree.c | 6 +- drivers/pinctrl/pinctrl-mcp23s08.c | 37 +- drivers/pinctrl/qcom/pinctrl-msm.c | 2 +- drivers/pinctrl/sh-pfc/pfc-r8a7796.c | 40 +- drivers/platform/x86/dell-laptop.c | 24 +- drivers/platform/x86/thinkpad_acpi.c | 10 + drivers/power/supply/ltc2941-battery-gauge.c | 8 +- drivers/power/supply/max17042_battery.c | 1 + drivers/regulator/gpio-regulator.c | 16 +- drivers/regulator/of_regulator.c | 1 + drivers/remoteproc/imx_rproc.c | 6 +- drivers/rtc/hctosys.c | 5 + drivers/rtc/rtc-goldfish.c | 2 + drivers/rtc/rtc-m41t80.c | 18 +- drivers/rtc/rtc-rk808.c | 14 +- drivers/rtc/rtc-rp5c01.c | 12 +- drivers/rtc/rtc-snvs.c | 15 +- drivers/rtc/rtc-tx4939.c | 6 +- drivers/s390/block/dasd.c | 21 +- drivers/s390/cio/device_fsm.c | 7 +- drivers/s390/cio/device_ops.c | 72 +- drivers/s390/cio/io_sch.h | 1 + drivers/s390/cio/vfio_ccw_fsm.c | 5 + drivers/scsi/aacraid/commsup.c | 4 +- drivers/scsi/aacraid/linit.c | 5 +- drivers/scsi/arm/fas216.c | 2 +- drivers/scsi/bnx2fc/bnx2fc_io.c | 1 + drivers/scsi/iscsi_tcp.c | 8 + drivers/scsi/libsas/sas_scsi_host.c | 33 +- drivers/scsi/lpfc/lpfc_attr.c | 5 + drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_sli.c | 2 + drivers/scsi/mpt3sas/mpt3sas_base.c | 5 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +- drivers/scsi/mvsas/mv_94xx.c | 23 +- drivers/scsi/qedi/qedi_fw.c | 5 + drivers/scsi/qedi/qedi_main.c | 24 +- drivers/scsi/qla2xxx/qla_init.c | 4 + drivers/scsi/qla2xxx/qla_isr.c | 6 +- drivers/scsi/qla2xxx/qla_os.c | 2 + drivers/scsi/qla4xxx/ql4_def.h | 2 + drivers/scsi/qla4xxx/ql4_os.c | 46 + drivers/scsi/scsi_devinfo.c | 7 +- drivers/scsi/scsi_lib.c | 13 + drivers/scsi/sd.c | 3 +- drivers/scsi/sr.c | 21 +- drivers/scsi/storvsc_drv.c | 2 +- drivers/scsi/sym53c8xx_2/sym_hipd.c | 2 +- drivers/scsi/ufs/ufshcd.c | 2 + drivers/soc/imx/gpc.c | 10 +- drivers/soc/qcom/wcnss_ctrl.c | 2 +- drivers/spi/spi-armada-3700.c | 5 + drivers/spi/spi-bcm-qspi.c | 4 +- drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c | 6 +- .../staging/fsl-mc/bus/irq-gic-v3-its-fsl-mc-msi.c | 2 + drivers/staging/ks7010/ks_hostif.c | 31 +- drivers/staging/ks7010/ks_hostif.h | 1 + drivers/staging/lustre/lustre/include/obd.h | 2 +- drivers/staging/lustre/lustre/lmv/lmv_obd.c | 2 +- drivers/staging/lustre/lustre/osc/osc_cache.c | 2 +- drivers/staging/rtl8192u/r8192U_core.c | 2 + .../staging/vc04_services/bcm2835-audio/bcm2835.c | 54 +- drivers/tty/serial/8250/8250_exar.c | 34 +- drivers/tty/serial/8250/8250_port.c | 29 +- drivers/tty/serial/altera_uart.c | 12 +- drivers/tty/serial/arc_uart.c | 5 + drivers/tty/serial/fsl_lpuart.c | 4 + drivers/tty/serial/imx.c | 6 + drivers/tty/serial/mxs-auart.c | 4 + drivers/tty/serial/samsung.c | 4 + drivers/tty/serial/sh-sci.c | 4 + drivers/tty/serial/xilinx_uartps.c | 2 +- drivers/usb/class/cdc-acm.c | 9 +- drivers/usb/dwc2/core.h | 2 +- drivers/usb/dwc2/gadget.c | 12 +- drivers/usb/dwc2/hcd.c | 32 +- drivers/usb/dwc3/Makefile | 2 +- drivers/usb/dwc3/core.c | 16 +- drivers/usb/dwc3/core.h | 2 + drivers/usb/dwc3/dwc3-omap.c | 16 + drivers/usb/gadget/composite.c | 40 +- drivers/usb/gadget/function/f_fs.c | 6 +- drivers/usb/gadget/function/f_uac2.c | 2 + drivers/usb/gadget/udc/core.c | 2 +- drivers/usb/gadget/udc/fsl_udc_core.c | 4 +- drivers/usb/gadget/udc/goku_udc.h | 2 +- drivers/usb/host/ohci-hcd.c | 3 +- drivers/usb/host/pci-quirks.c | 109 +++ drivers/usb/host/pci-quirks.h | 5 + drivers/usb/host/xhci-hub.c | 7 + drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci-pci.c | 11 + drivers/usb/host/xhci-plat.c | 11 +- drivers/usb/host/xhci.c | 14 +- drivers/usb/host/xhci.h | 2 +- drivers/usb/musb/musb_core.c | 7 +- drivers/usb/serial/option.c | 7 + drivers/usb/usbip/Kconfig | 2 +- drivers/video/fbdev/sbuslib.c | 4 +- drivers/watchdog/asm9260_wdt.c | 8 +- drivers/watchdog/aspeed_wdt.c | 13 +- drivers/watchdog/davinci_wdt.c | 15 +- drivers/watchdog/dw_wdt.c | 23 +- drivers/watchdog/f71808e_wdt.c | 3 +- drivers/watchdog/sbsa_gwdt.c | 3 +- drivers/watchdog/sp5100_tco.h | 2 +- drivers/xen/events/events_base.c | 4 +- drivers/xen/grant-table.c | 4 +- drivers/xen/pvcalls-back.c | 2 +- drivers/xen/xen-acpi-processor.c | 6 +- drivers/xen/xenbus/xenbus_probe.c | 5 +- drivers/zorro/zorro.c | 12 + fs/btrfs/ctree.c | 12 +- fs/btrfs/ctree.h | 2 +- fs/btrfs/disk-io.c | 11 +- fs/btrfs/extent-tree.c | 1 + fs/btrfs/file.c | 9 + fs/btrfs/inode.c | 17 +- fs/btrfs/raid56.c | 55 +- fs/btrfs/send.c | 3 + fs/btrfs/super.c | 2 +- fs/btrfs/tests/qgroup-tests.c | 2 +- fs/btrfs/transaction.c | 10 +- fs/btrfs/tree-log.c | 77 +- fs/btrfs/volumes.c | 9 +- fs/ceph/super.c | 27 +- fs/cifs/cifssmb.c | 4 +- fs/dax.c | 2 +- fs/dcache.c | 10 +- fs/ext4/super.c | 12 + fs/f2fs/checkpoint.c | 2 + fs/f2fs/extent_cache.c | 3 + fs/f2fs/file.c | 8 +- fs/f2fs/gc.c | 7 +- fs/fscache/page.c | 13 +- fs/gfs2/file.c | 5 +- fs/gfs2/quota.h | 2 + fs/jffs2/fs.c | 1 - fs/nfs/nfs4client.c | 6 +- fs/nfs/nfs4proc.c | 12 +- fs/nfs/nfs4state.c | 5 +- fs/nfs/nfs4sysctl.c | 2 +- fs/ocfs2/acl.c | 6 + fs/ocfs2/dlm/dlmdomain.c | 14 - fs/ocfs2/dlm/dlmdomain.h | 25 +- fs/ocfs2/dlm/dlmrecovery.c | 9 + fs/ocfs2/journal.c | 23 +- fs/ocfs2/super.c | 5 +- fs/ocfs2/xattr.c | 2 + fs/proc/base.c | 29 +- fs/proc/kcore.c | 4 + fs/proc/proc_sysctl.c | 3 + fs/signalfd.c | 15 +- fs/ubifs/tnc.c | 21 +- fs/udf/super.c | 5 +- fs/xfs/xfs_discard.c | 14 +- include/asm-generic/bug.h | 1 + include/asm-generic/pgtable.h | 15 + include/linux/bio.h | 4 +- include/linux/compiler-gcc.h | 15 +- include/linux/compiler.h | 5 + include/linux/cpumask.h | 2 + include/linux/etherdevice.h | 2 +- include/linux/if_vlan.h | 79 +- include/linux/kcore.h | 1 + include/linux/kvm_host.h | 3 +- include/linux/pci.h | 7 + include/linux/property.h | 10 +- include/linux/ptr_ring.h | 2 +- include/linux/suspend.h | 2 + include/linux/swap.h | 2 - include/linux/u64_stats_sync.h | 22 + include/linux/usb/composite.h | 3 + include/net/inet_timewait_sock.h | 1 + include/net/ip.h | 11 +- include/net/ip_fib.h | 1 + include/net/llc_conn.h | 2 +- include/net/mac80211.h | 2 +- include/net/regulatory.h | 2 +- include/net/route.h | 3 +- include/rdma/ib_verbs.h | 23 +- include/scsi/scsi.h | 2 + include/soc/arc/mcip.h | 5 + include/trace/events/timer.h | 20 +- include/uapi/drm/virtgpu_drm.h | 1 + include/uapi/linux/if_ether.h | 1 + include/uapi/linux/sem.h | 1 + ipc/sem.c | 17 +- kernel/audit.c | 2 + kernel/bpf/sockmap.c | 19 +- kernel/debug/kdb/kdb_main.c | 27 +- kernel/events/core.c | 70 +- kernel/locking/qspinlock.c | 8 + kernel/power/power.h | 3 - kernel/rcu/rcu.h | 1 + kernel/rcu/srcutree.c | 8 +- kernel/rcu/tree.c | 6 + kernel/rcu/tree_exp.h | 2 +- kernel/rcu/tree_plugin.h | 14 +- kernel/relay.c | 2 +- kernel/sched/rt.c | 2 + kernel/trace/trace_uprobe.c | 2 + kernel/workqueue.c | 2 +- lib/test_bpf.c | 31 +- lib/test_kmod.c | 2 +- mm/fadvise.c | 10 +- mm/huge_memory.c | 5 +- mm/khugepaged.c | 20 +- mm/kmemleak.c | 12 +- mm/ksm.c | 28 + mm/mempolicy.c | 36 +- mm/mlock.c | 6 + mm/page_idle.c | 12 +- mm/page_owner.c | 6 +- mm/percpu.c | 1 + mm/slab.c | 1 + mm/swap.c | 82 +- mm/swapfile.c | 4 + mm/vmscan.c | 81 +- mm/vmstat.c | 2 + mm/z3fold.c | 9 +- net/8021q/vlan_core.c | 4 +- net/batman-adv/bat_iv_ogm.c | 2 +- net/batman-adv/bat_v.c | 2 +- net/batman-adv/bridge_loop_avoidance.c | 22 +- net/batman-adv/distributed-arp-table.c | 2 +- net/batman-adv/fragmentation.c | 3 +- net/batman-adv/gateway_client.c | 5 +- net/batman-adv/multicast.c | 8 +- net/batman-adv/routing.c | 15 +- net/batman-adv/soft-interface.c | 8 +- net/bridge/netfilter/ebtables.c | 33 +- net/ceph/ceph_common.c | 7 + net/core/ethtool.c | 5 +- net/core/skbuff.c | 9 +- net/dccp/ipv4.c | 1 + net/dccp/ipv6.c | 1 + net/ipv4/inet_timewait_sock.c | 1 + net/ipv4/ip_gre.c | 5 - net/ipv4/ip_tunnel.c | 8 +- net/ipv4/ip_vti.c | 2 - net/ipv4/netfilter/ipt_CLUSTERIP.c | 15 +- net/ipv4/netfilter/nf_socket_ipv4.c | 6 +- net/ipv4/route.c | 26 +- net/ipv4/tcp_illinois.c | 2 +- net/ipv4/tcp_nv.c | 2 +- net/ipv4/xfrm4_policy.c | 1 + net/ipv6/ip6_tunnel.c | 12 +- net/ipv6/ip6_vti.c | 2 +- net/ipv6/netfilter/ip6t_rpfilter.c | 4 - net/ipv6/netfilter/nf_conntrack_reasm.c | 16 +- net/ipv6/netfilter/nf_socket_ipv6.c | 6 +- net/ipv6/netfilter/nft_fib_ipv6.c | 12 +- net/ipv6/sit.c | 7 + net/llc/llc_c_ac.c | 15 +- net/llc/llc_conn.c | 32 +- net/mac80211/agg-rx.c | 4 +- net/mac80211/ieee80211_i.h | 2 +- net/mac80211/mesh.c | 17 +- net/mac80211/mlme.c | 3 +- net/mac80211/rx.c | 2 +- net/mac80211/spectmgmt.c | 7 +- net/mac80211/sta_info.c | 3 +- net/netfilter/ipvs/ip_vs_ftp.c | 2 +- net/netfilter/xt_IDLETIMER.c | 1 + net/netfilter/xt_LED.c | 1 + net/netfilter/xt_limit.c | 3 +- net/netfilter/xt_nfacct.c | 1 + net/netfilter/xt_statistic.c | 1 + net/netlabel/netlabel_unlabeled.c | 10 + net/nfc/llcp_commands.c | 4 + net/nfc/netlink.c | 3 +- net/openvswitch/conntrack.c | 34 + net/qrtr/smd.c | 1 + net/rds/ib.c | 3 +- net/rds/tcp_listen.c | 14 +- net/rxrpc/conn_event.c | 1 + net/rxrpc/input.c | 15 +- net/rxrpc/recvmsg.c | 5 +- net/rxrpc/rxkad.c | 92 +- net/rxrpc/sendmsg.c | 4 +- net/sched/act_bpf.c | 2 +- net/sched/act_ipt.c | 9 +- net/sched/act_pedit.c | 2 +- net/sched/act_police.c | 2 +- net/sched/act_sample.c | 3 +- net/sched/act_simple.c | 2 +- net/sched/act_skbmod.c | 2 +- net/smc/smc_core.c | 1 + net/smc/smc_ib.c | 10 +- net/smc/smc_llc.c | 2 +- net/smc/smc_wr.h | 1 - net/sunrpc/xprtrdma/backchannel.c | 12 +- net/sunrpc/xprtrdma/svc_rdma_rw.c | 12 +- net/sunrpc/xprtrdma/verbs.c | 32 +- net/sunrpc/xprtrdma/xprt_rdma.h | 2 +- net/sunrpc/xprtsock.c | 4 +- net/tls/tls_main.c | 5 +- net/wireless/sme.c | 2 + net/xfrm/xfrm_input.c | 6 + net/xfrm/xfrm_output.c | 5 +- net/xfrm/xfrm_policy.c | 7 +- net/xfrm/xfrm_replay.c | 2 +- samples/bpf/Makefile | 5 +- scripts/adjust_autoksyms.sh | 7 + scripts/kconfig/expr.c | 2 +- scripts/kconfig/menu.c | 1 + scripts/kconfig/zconf.y | 33 +- scripts/package/builddeb | 2 +- security/integrity/digsig.c | 1 + security/integrity/ima/Kconfig | 1 + security/integrity/ima/ima_crypto.c | 2 + security/integrity/ima/ima_main.c | 13 + security/selinux/hooks.c | 1 + security/smack/smack_lsm.c | 1 + sound/core/vmaster.c | 5 +- sound/pci/hda/Kconfig | 1 - sound/pci/hda/patch_realtek.c | 5 + sound/soc/au1x/ac97c.c | 6 +- sound/soc/codecs/hdmi-codec.c | 7 +- sound/soc/rockchip/Kconfig | 3 + sound/soc/rockchip/rk3399_gru_sound.c | 19 +- sound/soc/samsung/i2s.c | 13 +- sound/soc/samsung/odroid.c | 11 +- sound/soc/soc-topology.c | 3 + sound/usb/quirks.c | 29 +- tools/hv/hv_fcopy_daemon.c | 3 +- tools/hv/hv_vss_daemon.c | 1 + tools/lib/bpf/Makefile | 2 +- tools/lib/bpf/libbpf.c | 26 + tools/lib/traceevent/event-parse.c | 17 +- tools/lib/traceevent/parse-filter.c | 10 +- tools/perf/Makefile.perf | 3 +- tools/perf/arch/x86/util/header.c | 2 +- tools/perf/builtin-c2c.c | 5 +- tools/perf/builtin-record.c | 12 +- tools/perf/builtin-report.c | 5 +- tools/perf/builtin-script.c | 5 +- tools/perf/builtin-stat.c | 9 +- tools/perf/builtin-top.c | 6 +- tools/perf/perf.h | 2 + tools/perf/tests/dwarf-unwind.c | 47 +- .../perf/tests/shell/trace+probe_libc_inet_pton.sh | 23 +- tools/perf/tests/vmlinux-kallsyms.c | 2 +- tools/perf/ui/browsers/annotate.c | 9 +- tools/perf/util/c++/clang.cpp | 11 +- tools/perf/util/callchain.c | 10 + tools/perf/util/callchain.h | 2 + tools/perf/util/evsel.c | 21 +- tools/perf/util/hist.c | 4 +- tools/perf/util/hist.h | 1 - tools/perf/util/record.c | 8 +- tools/perf/util/unwind-libunwind-local.c | 9 +- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/bpf/test_maps.c | 18 +- .../ftrace/test.d/ftrace/func-filter-glob.tc | 6 + .../ftrace/test.d/kprobe/kprobe_args_string.tc | 46 + .../ftrace/test.d/kprobe/kprobe_args_syntax.tc | 97 ++ .../ftrace/test.d/kprobe/multiple_kprobes.tc | 4 +- .../selftests/ftrace/test.d/kprobe/probepoint.tc | 43 + tools/testing/selftests/futex/Makefile | 6 +- tools/testing/selftests/memfd/Makefile | 1 + tools/testing/selftests/memfd/config | 1 + tools/testing/selftests/net/fib-onlink-tests.sh | 375 ++++++++ tools/testing/selftests/net/psock_fanout.c | 3 +- tools/testing/selftests/net/reuseport_bpf.c | 21 +- tools/testing/selftests/powerpc/mm/subpage_prot.c | 14 + tools/testing/selftests/pstore/config | 1 + tools/testing/selftests/seccomp/seccomp_bpf.c | 61 ++ tools/testing/selftests/sync/Makefile | 2 +- tools/testing/selftests/vDSO/Makefile | 14 +- tools/testing/selftests/vm/run_vmtests | 25 +- tools/thermal/tmon/sysfs.c | 12 +- tools/thermal/tmon/tmon.c | 1 - virt/kvm/arm/vgic/vgic-mmio.c | 3 + virt/kvm/arm/vgic/vgic.h | 1 + virt/kvm/kvm_main.c | 7 +- 772 files changed, 7942 insertions(+), 3914 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_string.tc create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_syntax.tc create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/probepoint.tc create mode 100644 tools/testing/selftests/memfd/config create mode 100755 tools/testing/selftests/net/fib-onlink-tests.sh -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlrihFIACgkQ3qZv95d3 LNwtPg//eHrFgOH28zk88TUI6VQ/34UFrbL3KUTt84/+A/pFhTmgn6kq0Jikun/o aJljR3CRN9UuCSjBSXV+oxX/n12bgdIGsVcP37h2yJWybTRI2XYRjOg6YPanzob7 PycEKMyLOoUQUamDbaHFhNMOuQOMjL+4OkTPsvItW7XakftSZJLB1a5G8HExPRZA 5GAAMyqwKNPNZLPN+4QN/MDQj/0ijeOKCT22GdGuEkRiagl4AUBn+j8U2j9VTJtC R5xJ/XXGNxiIdUYROIH6rHF3uulyM9WmPStQIKBOugqidgowU8RUYjgqkVo+nIMu byw57sQGxxCHbLOqPP8mb0JwUPZm+1SKcgkMy4v2AZ7ypMpGAk5Bq6qF8DmiEUZ9 KMM1qE7NP6nw4quEcKk8xSvT9q4efFbP7NzFaLZ54j8huryfBCWwC1XwTNaiSpTt xh8/j8zUhuOIKeoJ6Uztm65HPLk8j0GiCdWhuL5aXtBd9+B7flMle68IvMVPZ0Gb 9YfzJ+Wo1I+jJnEPVMemiNuKMCyv8xfZEy0UhKavbXGn2EyRp9V7GQR3gQLcPl0z 5YnCN2JgEeWJ1MdQrR/n0Lip1hpxOJWqpXMYCqjP8E1lh1IRKqeaLYN6Syg6wEgo ExA30Xd8rtJare8Jgej2lGrfeO4GhD/WTlAEXqnYhhWfc0Yiro0= =d0Pn -----END PGP SIGNATURE-----

7 years, 1 month

2
12
0 0

v4.14.39 build: 0 failures 1 warnings (v4.14.39)

by Build bot for Mark Brown

Tree/Branch: v4.14.39 Git describe: v4.14.39 Commit: 7d6240f0fb Linux 4.14.39 Build Time: 97 min 56 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : x86_64-allmodconfig ------------------------------------------------------------------------------- Warnings Summary: 1 1 drivers/target/iscsi/.tmp_iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78f: sibling call from callable instruction with modified stack frame =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: drivers/target/iscsi/.tmp_iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78f: sibling call from callable instruction with modified stack frame ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 1 month

1
0
0 0

[PATCH 4.9.y, 4.14.y] crypto: talitos - fix IPsec cipher in length

by Horia Geantă

commit 2b1227301a8e4729409694e323b72c064c47cb6b upstream. For SEC 2.x+, cipher in length must contain only the ciphertext length. In case of using hardware ICV checking, the ICV length is provided via the "extent" field of the descriptor pointer. Cc: <stable(a)vger.kernel.org> # 4.8+ Fixes: 549bd8bc5987 ("crypto: talitos - Implement AEAD for SEC1 using HMAC_SNOOP_NO_AFEU") Reported-by: Horia Geantă <horia.geanta(a)nxp.com> Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Tested-by: Horia Geantă <horia.geanta(a)nxp.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> [backported to 4.9.y, 4.14.y] Signed-off-by: Horia Geantă <horia.geanta(a)nxp.com> --- The upstream fix has already been applied "as is" on 4.15.y. Submitting this backport since it failed to apply on 4.9.y and 4.14.y. drivers/crypto/talitos.c | 41 +++++++++++++++++++++-------------------- 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c index 42c060c7ae15..7c71722be395 100644 --- a/drivers/crypto/talitos.c +++ b/drivers/crypto/talitos.c @@ -1116,10 +1116,10 @@ static int sg_to_link_tbl_offset(struct scatterlist *sg, int sg_count, return count; } -int talitos_sg_map(struct device *dev, struct scatterlist *src, - unsigned int len, struct talitos_edesc *edesc, - struct talitos_ptr *ptr, - int sg_count, unsigned int offset, int tbl_off) +static int talitos_sg_map_ext(struct device *dev, struct scatterlist *src, + unsigned int len, struct talitos_edesc *edesc, + struct talitos_ptr *ptr, int sg_count, + unsigned int offset, int tbl_off, int elen) { struct talitos_private *priv = dev_get_drvdata(dev); bool is_sec1 = has_ftr_sec1(priv); @@ -1130,7 +1130,7 @@ int talitos_sg_map(struct device *dev, struct scatterlist *src, } to_talitos_ptr_len(ptr, len, is_sec1); - to_talitos_ptr_ext_set(ptr, 0, is_sec1); + to_talitos_ptr_ext_set(ptr, elen, is_sec1); if (sg_count == 1) { to_talitos_ptr(ptr, sg_dma_address(src) + offset, is_sec1); @@ -1140,7 +1140,7 @@ int talitos_sg_map(struct device *dev, struct scatterlist *src, to_talitos_ptr(ptr, edesc->dma_link_tbl + offset, is_sec1); return sg_count; } - sg_count = sg_to_link_tbl_offset(src, sg_count, offset, len, + sg_count = sg_to_link_tbl_offset(src, sg_count, offset, len + elen, &edesc->link_tbl[tbl_off]); if (sg_count == 1) { /* Only one segment now, so no link tbl needed*/ @@ -1154,6 +1154,15 @@ int talitos_sg_map(struct device *dev, struct scatterlist *src, return sg_count; } +static int talitos_sg_map(struct device *dev, struct scatterlist *src, + unsigned int len, struct talitos_edesc *edesc, + struct talitos_ptr *ptr, int sg_count, + unsigned int offset, int tbl_off) +{ + return talitos_sg_map_ext(dev, src, len, edesc, ptr, sg_count, offset, + tbl_off, 0); +} + /* * fill in and submit ipsec_esp descriptor */ @@ -1171,7 +1180,7 @@ static int ipsec_esp(struct talitos_edesc *edesc, struct aead_request *areq, unsigned int ivsize = crypto_aead_ivsize(aead); int tbl_off = 0; int sg_count, ret; - int sg_link_tbl_len; + int elen = 0; bool sync_needed = false; struct talitos_private *priv = dev_get_drvdata(dev); bool is_sec1 = has_ftr_sec1(priv); @@ -1225,20 +1234,12 @@ static int ipsec_esp(struct talitos_edesc *edesc, struct aead_request *areq, * extent is bytes of HMAC postpended to ciphertext, * typically 12 for ipsec */ - to_talitos_ptr_len(&desc->ptr[4], cryptlen, is_sec1); - to_talitos_ptr_ext_set(&desc->ptr[4], 0, is_sec1); - - sg_link_tbl_len = cryptlen; - - if (desc->hdr & DESC_HDR_TYPE_IPSEC_ESP) { - to_talitos_ptr_ext_set(&desc->ptr[4], authsize, is_sec1); - - if (edesc->desc.hdr & DESC_HDR_MODE1_MDEU_CICV) - sg_link_tbl_len += authsize; - } + if ((desc->hdr & DESC_HDR_TYPE_IPSEC_ESP) && + (desc->hdr & DESC_HDR_MODE1_MDEU_CICV)) + elen = authsize; - ret = talitos_sg_map(dev, areq->src, sg_link_tbl_len, edesc, - &desc->ptr[4], sg_count, areq->assoclen, tbl_off); + ret = talitos_sg_map_ext(dev, areq->src, cryptlen, edesc, &desc->ptr[4], + sg_count, areq->assoclen, tbl_off, elen); if (ret > 1) { tbl_off += ret; -- 2.16.2

7 years, 1 month

1
0
0 0

[PATCH 3/4] xen/PVH: Set up GS segment for stack canary

by Boris Ostrovsky

We are making calls to C code (e.g. xen_prepare_pvh()) which may use stack canary (stored in GS segment). Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: stable(a)vger.kernel.org --- arch/x86/xen/xen-pvh.S | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/xen/xen-pvh.S b/arch/x86/xen/xen-pvh.S index 373fef0..4eed586 100644 --- a/arch/x86/xen/xen-pvh.S +++ b/arch/x86/xen/xen-pvh.S @@ -54,6 +54,9 @@ * charge of setting up it's own stack, GDT and IDT. */ +#define PVH_GDT_ENTRY_CANARY 4 +#define PVH_CANARY_SEL (PVH_GDT_ENTRY_CANARY * 8) + ENTRY(pvh_start_xen) cld @@ -64,6 +67,9 @@ ENTRY(pvh_start_xen) mov %eax,%es mov %eax,%ss + mov $(PVH_CANARY_SEL),%eax + mov %eax,%gs + /* Stash hvm_start_info. */ mov $_pa(pvh_start_info), %edi mov %ebx, %esi @@ -150,6 +156,7 @@ gdt_start: .quad 0x00cf9a000000ffff /* __BOOT_CS */ #endif .quad 0x00cf92000000ffff /* __BOOT_DS */ + .quad 0x0040900000000018 /* PVH_CANARY_SEL */ gdt_end: .balign 4 -- 2.9.3

7 years, 1 month

2
7
0 0

v3.18.108 build: 0 failures 1 warnings (v3.18.108)

by Build bot for Mark Brown

Tree/Branch: v3.18.108 Git describe: v3.18.108 Commit: 6d05aadb69 Linux 3.18.108 Build Time: 44 min 55 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 7 warnings 0 mismatches : x86_64-allmodconfig 2 warnings 0 mismatches : x86_64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 1 9 ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 7 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- x86_64-defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 1 month

1
0
0 0

[PATCH v2] libata: blacklist Micron SSD

by Sudip Mukherjee

From: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> While whitelisting Micron M500DC drives, the tweaked blacklist entry enabled queued TRIM for M500IT variants also. But these do not support queued TRIM. And while using those SSDs with the latest kernel we have seen errors and even the partition table getting corrupted. Some part from the dmesg: [ 6.727384] ata1.00: ATA-9: Micron_M500IT_MTFDDAK060MBD, MU01, max UDMA/133 [ 6.727390] ata1.00: 117231408 sectors, multi 16: LBA48 NCQ (depth 31/32), AA [ 6.741026] ata1.00: supports DRM functions and may not be fully accessible [ 6.759887] ata1.00: configured for UDMA/133 [ 6.762256] scsi 0:0:0:0: Direct-Access ATA Micron_M500IT_MT MU01 PQ: 0 ANSI: 5 and then for the error: [ 120.860334] ata1.00: exception Emask 0x1 SAct 0x7ffc0007 SErr 0x0 action 0x6 frozen [ 120.860338] ata1.00: irq_stat 0x40000008 [ 120.860342] ata1.00: failed command: SEND FPDMA QUEUED [ 120.860351] ata1.00: cmd 64/01:00:00:00:00/00:00:00:00:00/a0 tag 0 ncq dma 512 out res 40/00:00:00:00:00/00:00:00:00:00/00 Emask 0x5 (timeout) [ 120.860353] ata1.00: status: { DRDY } [ 120.860543] ata1: hard resetting link [ 121.166128] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300) [ 121.166376] ata1.00: supports DRM functions and may not be fully accessible [ 121.186238] ata1.00: supports DRM functions and may not be fully accessible [ 121.204445] ata1.00: configured for UDMA/133 [ 121.204454] ata1.00: device reported invalid CHS sector 0 [ 121.204541] sd 0:0:0:0: [sda] tag#18 UNKNOWN(0x2003) Result: hostbyte=0x00 driverbyte=0x08 [ 121.204546] sd 0:0:0:0: [sda] tag#18 Sense Key : 0x5 [current] [ 121.204550] sd 0:0:0:0: [sda] tag#18 ASC=0x21 ASCQ=0x4 [ 121.204555] sd 0:0:0:0: [sda] tag#18 CDB: opcode=0x93 93 08 00 00 00 00 00 04 28 80 00 00 00 30 00 00 [ 121.204559] print_req_error: I/O error, dev sda, sector 272512 After few reboots with these errors, and the SSD is corrupted. After blacklisting it, the errors are not seen and the SSD does not get corrupted any more. We know that M500IT MG02 and M500DC support this feature, Martin asked Micron for a list of SSDs which have support for this feature. But there was no reply. It is best to blacklst all Micron SSDs for now, except the known two variants, to prevent corrupting other Micron SSDs which do not support this. Fixes: 243918be6393 ("libata: Do not blacklist Micron M500DC") Cc: stable(a)vger.kernel.org Cc: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> --- v1: Only M500IT MU01 was blacklisted. v2: Whitelist M500IT BG02 and M500DC and then blacklist all other Micron. drivers/ata/libata-core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c index 8bc71ca61e7f..df5d716c0a07 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -4550,7 +4550,9 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = { ATA_HORKAGE_NOLPM, }, /* devices that don't properly handle queued TRIM commands */ - { "Micron_M500_*", NULL, ATA_HORKAGE_NO_NCQ_TRIM | + { "Micron_M500DC*", NULL, 0}, + { "Micron_M500IT_*", "MG02", 0}, + { "Micron_M500*", NULL, ATA_HORKAGE_NO_NCQ_TRIM | ATA_HORKAGE_ZERO_AFTER_TRIM, }, { "Crucial_CT*M500*", NULL, ATA_HORKAGE_NO_NCQ_TRIM | ATA_HORKAGE_ZERO_AFTER_TRIM, }, -- 2.11.0

7 years, 1 month

2
3
0 0

[PATCH] drivers: dma-buf: Change %p to %pK in debug messages

by Daniel Rosenberg

The format specifier %p can leak kernel addresses while not valuing the kptr_restrict system settings. Use %pK instead of %p, which also evaluates whether kptr_restrict is set. Signed-off-by: Divya Ponnusamy <pdivya(a)codeaurora.org> Signed-off-by: Daniel Rosenberg <drosen(a)google.com> Cc: stable <stable(a)vger.kernel.org> --- drivers/dma-buf/sync_debug.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/dma-buf/sync_debug.c b/drivers/dma-buf/sync_debug.c index c4c8ecb24aa9..d8d340542a79 100644 --- a/drivers/dma-buf/sync_debug.c +++ b/drivers/dma-buf/sync_debug.c @@ -133,7 +133,7 @@ static void sync_print_sync_file(struct seq_file *s, char buf[128]; int i; - seq_printf(s, "[%p] %s: %s\n", sync_file, + seq_printf(s, "[%pK] %s: %s\n", sync_file, sync_file_get_name(sync_file, buf, sizeof(buf)), sync_status_str(dma_fence_get_status(sync_file->fence))); -- 2.17.0.441.gb46fe60e1d-goog

7 years, 1 month

1
0
0 0

[PATCH] drm/nouveau: Fix deadlock in nv50_mstm_register_connector()

by Lyude Paul

Currently; we're grabbing all of the modesetting locks before adding MST connectors to fbdev. This isn't actually necessary, and causes a deadlock as well: ====================================================== WARNING: possible circular locking dependency detected 4.17.0-rc3Lyude-Test+ #1 Tainted: G O ------------------------------------------------------ kworker/1:0/18 is trying to acquire lock: 00000000c832f62d (&helper->lock){+.+.}, at: drm_fb_helper_add_one_connector+0x2a/0x60 [drm_kms_helper] but task is already holding lock: 00000000942e28e2 (crtc_ww_class_mutex){+.+.}, at: drm_modeset_backoff+0x8e/0x1c0 [drm] which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (crtc_ww_class_mutex){+.+.}: ww_mutex_lock+0x43/0x80 drm_modeset_lock+0x71/0x130 [drm] drm_helper_probe_single_connector_modes+0x7d/0x6b0 [drm_kms_helper] drm_setup_crtcs+0x15e/0xc90 [drm_kms_helper] __drm_fb_helper_initial_config_and_unlock+0x29/0x480 [drm_kms_helper] nouveau_fbcon_init+0x138/0x1a0 [nouveau] nouveau_drm_load+0x173/0x7e0 [nouveau] drm_dev_register+0x134/0x1c0 [drm] drm_get_pci_dev+0x8e/0x160 [drm] nouveau_drm_probe+0x1a9/0x230 [nouveau] pci_device_probe+0xcd/0x150 driver_probe_device+0x30b/0x480 __driver_attach+0xbc/0xe0 bus_for_each_dev+0x67/0x90 bus_add_driver+0x164/0x260 driver_register+0x57/0xc0 do_one_initcall+0x4d/0x323 do_init_module+0x5b/0x1f8 load_module+0x20e5/0x2ac0 __do_sys_finit_module+0xb7/0xd0 do_syscall_64+0x60/0x1b0 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #2 (crtc_ww_class_acquire){+.+.}: drm_helper_probe_single_connector_modes+0x58/0x6b0 [drm_kms_helper] drm_setup_crtcs+0x15e/0xc90 [drm_kms_helper] __drm_fb_helper_initial_config_and_unlock+0x29/0x480 [drm_kms_helper] nouveau_fbcon_init+0x138/0x1a0 [nouveau] nouveau_drm_load+0x173/0x7e0 [nouveau] drm_dev_register+0x134/0x1c0 [drm] drm_get_pci_dev+0x8e/0x160 [drm] nouveau_drm_probe+0x1a9/0x230 [nouveau] pci_device_probe+0xcd/0x150 driver_probe_device+0x30b/0x480 __driver_attach+0xbc/0xe0 bus_for_each_dev+0x67/0x90 bus_add_driver+0x164/0x260 driver_register+0x57/0xc0 do_one_initcall+0x4d/0x323 do_init_module+0x5b/0x1f8 load_module+0x20e5/0x2ac0 __do_sys_finit_module+0xb7/0xd0 do_syscall_64+0x60/0x1b0 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #1 (&dev->mode_config.mutex){+.+.}: drm_setup_crtcs+0x10c/0xc90 [drm_kms_helper] __drm_fb_helper_initial_config_and_unlock+0x29/0x480 [drm_kms_helper] nouveau_fbcon_init+0x138/0x1a0 [nouveau] nouveau_drm_load+0x173/0x7e0 [nouveau] drm_dev_register+0x134/0x1c0 [drm] drm_get_pci_dev+0x8e/0x160 [drm] nouveau_drm_probe+0x1a9/0x230 [nouveau] pci_device_probe+0xcd/0x150 driver_probe_device+0x30b/0x480 __driver_attach+0xbc/0xe0 bus_for_each_dev+0x67/0x90 bus_add_driver+0x164/0x260 driver_register+0x57/0xc0 do_one_initcall+0x4d/0x323 do_init_module+0x5b/0x1f8 load_module+0x20e5/0x2ac0 __do_sys_finit_module+0xb7/0xd0 do_syscall_64+0x60/0x1b0 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&helper->lock){+.+.}: __mutex_lock+0x70/0x9d0 drm_fb_helper_add_one_connector+0x2a/0x60 [drm_kms_helper] nv50_mstm_register_connector+0x2c/0x50 [nouveau] drm_dp_add_port+0x2f5/0x420 [drm_kms_helper] drm_dp_send_link_address+0x155/0x1e0 [drm_kms_helper] drm_dp_add_port+0x33f/0x420 [drm_kms_helper] drm_dp_send_link_address+0x155/0x1e0 [drm_kms_helper] drm_dp_check_and_send_link_address+0x87/0xd0 [drm_kms_helper] drm_dp_mst_link_probe_work+0x4d/0x80 [drm_kms_helper] process_one_work+0x20d/0x650 worker_thread+0x3a/0x390 kthread+0x11e/0x140 ret_from_fork+0x3a/0x50 other info that might help us debug this: Chain exists of: &helper->lock --> crtc_ww_class_acquire --> crtc_ww_class_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(crtc_ww_class_mutex); lock(crtc_ww_class_acquire); lock(crtc_ww_class_mutex); lock(&helper->lock); *** DEADLOCK *** 5 locks held by kworker/1:0/18: #0: 000000004a05cd50 ((wq_completion)"events_long"){+.+.}, at: process_one_work+0x187/0x650 #1: 00000000601c11d1 ((work_completion)(&mgr->work)){+.+.}, at: process_one_work+0x187/0x650 #2: 00000000586ca0df (&dev->mode_config.mutex){+.+.}, at: drm_modeset_lock_all+0x3a/0x1b0 [drm] #3: 00000000d3ca0ffa (crtc_ww_class_acquire){+.+.}, at: drm_modeset_lock_all+0x44/0x1b0 [drm] #4: 00000000942e28e2 (crtc_ww_class_mutex){+.+.}, at: drm_modeset_backoff+0x8e/0x1c0 [drm] stack backtrace: CPU: 1 PID: 18 Comm: kworker/1:0 Tainted: G O 4.17.0-rc3Lyude-Test+ #1 Hardware name: Gateway FX6840/FX6840, BIOS P01-A3 05/17/2010 Workqueue: events_long drm_dp_mst_link_probe_work [drm_kms_helper] Call Trace: dump_stack+0x85/0xcb print_circular_bug.isra.38+0x1ce/0x1db __lock_acquire+0x128f/0x1350 ? lock_acquire+0x9f/0x200 ? lock_acquire+0x9f/0x200 ? __ww_mutex_lock.constprop.13+0x8f/0x1000 lock_acquire+0x9f/0x200 ? drm_fb_helper_add_one_connector+0x2a/0x60 [drm_kms_helper] ? drm_fb_helper_add_one_connector+0x2a/0x60 [drm_kms_helper] __mutex_lock+0x70/0x9d0 ? drm_fb_helper_add_one_connector+0x2a/0x60 [drm_kms_helper] ? ww_mutex_lock+0x43/0x80 ? _cond_resched+0x15/0x30 ? ww_mutex_lock+0x43/0x80 ? drm_modeset_lock+0xb2/0x130 [drm] ? drm_fb_helper_add_one_connector+0x2a/0x60 [drm_kms_helper] drm_fb_helper_add_one_connector+0x2a/0x60 [drm_kms_helper] nv50_mstm_register_connector+0x2c/0x50 [nouveau] drm_dp_add_port+0x2f5/0x420 [drm_kms_helper] ? mark_held_locks+0x50/0x80 ? kfree+0xcf/0x2a0 ? drm_dp_check_mstb_guid+0xd6/0x120 [drm_kms_helper] ? trace_hardirqs_on_caller+0xed/0x180 ? drm_dp_check_mstb_guid+0xd6/0x120 [drm_kms_helper] drm_dp_send_link_address+0x155/0x1e0 [drm_kms_helper] drm_dp_add_port+0x33f/0x420 [drm_kms_helper] ? nouveau_connector_aux_xfer+0x7c/0xb0 [nouveau] ? find_held_lock+0x2d/0x90 ? drm_dp_dpcd_access+0xd9/0xf0 [drm_kms_helper] ? __mutex_unlock_slowpath+0x3b/0x280 ? drm_dp_dpcd_access+0xd9/0xf0 [drm_kms_helper] drm_dp_send_link_address+0x155/0x1e0 [drm_kms_helper] drm_dp_check_and_send_link_address+0x87/0xd0 [drm_kms_helper] drm_dp_mst_link_probe_work+0x4d/0x80 [drm_kms_helper] process_one_work+0x20d/0x650 worker_thread+0x3a/0x390 ? process_one_work+0x650/0x650 kthread+0x11e/0x140 ? kthread_create_worker_on_cpu+0x50/0x50 ret_from_fork+0x3a/0x50 Taking example from i915, the only time we need to hold any modesetting locks is when changing the port on the mstc, and in that case we only need to hold the connection mutex. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: Karol Herbst <kherbst(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/nouveau/nv50_display.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nv50_display.c b/drivers/gpu/drm/nouveau/nv50_display.c index 8bd739cfd00d..2b3ccd850750 100644 --- a/drivers/gpu/drm/nouveau/nv50_display.c +++ b/drivers/gpu/drm/nouveau/nv50_display.c @@ -3264,10 +3264,11 @@ nv50_mstm_destroy_connector(struct drm_dp_mst_topology_mgr *mgr, drm_connector_unregister(&mstc->connector); - drm_modeset_lock_all(drm->dev); drm_fb_helper_remove_one_connector(&drm->fbcon->helper, &mstc->connector); + + drm_modeset_lock(&drm->dev->mode_config.connection_mutex, NULL); mstc->port = NULL; - drm_modeset_unlock_all(drm->dev); + drm_modeset_unlock(&drm->dev->mode_config.connection_mutex); drm_connector_unreference(&mstc->connector); } @@ -3277,9 +3278,7 @@ nv50_mstm_register_connector(struct drm_connector *connector) { struct nouveau_drm *drm = nouveau_drm(connector->dev); - drm_modeset_lock_all(drm->dev); drm_fb_helper_add_one_connector(&drm->fbcon->helper, connector); - drm_modeset_unlock_all(drm->dev); drm_connector_register(connector); } -- 2.14.3

7 years, 1 month

1
0
0 0

v4.9.98 build: 0 failures 2 warnings (v4.9.98)

by Build bot for Mark Brown

Tree/Branch: v4.9.98 Git describe: v4.9.98 Commit: eff40cb190 Linux 4.9.98 Build Time: 83 min 3 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 2 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : arm64-allmodconfig 1 warnings 0 mismatches : x86_64-allmodconfig ------------------------------------------------------------------------------- Warnings Summary: 2 1 drivers/target/iscsi/iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78b: sibling call from callable instruction with changed frame pointer 1 ../include/linux/sched.h:2349:56: warning: 'noio_flag' may be used uninitialized in this function [-Wmaybe-uninitialized] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../include/linux/sched.h:2349:56: warning: 'noio_flag' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: drivers/target/iscsi/iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78b: sibling call from callable instruction with changed frame pointer ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 1 month

1
0
0 0

[PATCH v5 3/7] phy: qcom-qusb2: Fix crash if nvmem cell not specified

by Manu Gautam

Driver currently crashes due to NULL pointer deference while updating PHY tune register if nvmem cell is NULL. Since, fused value for Tune1/2 register is optional, we'd rather bail out. Fixes: ca04d9d3e1b1 ("phy: qcom-qusb2: New driver for QUSB2 PHY on Qcom chips") Reviewed-by: Vivek Gautam <vivek.gautam(a)codeaurora.org> Reviewed-by: Evan Green <evgreen(a)chromium.org> Cc: stable <stable(a)vger.kernel.org> # 4.14+ Signed-off-by: Manu Gautam <mgautam(a)codeaurora.org> --- drivers/phy/qualcomm/phy-qcom-qusb2.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/phy/qualcomm/phy-qcom-qusb2.c b/drivers/phy/qualcomm/phy-qcom-qusb2.c index 94afeac..40fdef8 100644 --- a/drivers/phy/qualcomm/phy-qcom-qusb2.c +++ b/drivers/phy/qualcomm/phy-qcom-qusb2.c @@ -315,6 +315,10 @@ static void qusb2_phy_set_tune2_param(struct qusb2_phy *qphy) const struct qusb2_phy_cfg *cfg = qphy->cfg; u8 *val; + /* efuse register is optional */ + if (!qphy->cell) + return; + /* * Read efuse register having TUNE2/1 parameter's high nibble. * If efuse register shows value as 0x0, or if we fail to find -- The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project

7 years, 1 month

1
0
0 0

[PATCH 0/2 linux-stable-4.4] ath10k: rebuild crypto header in rx data frames

by Sriram R

ath10k has a replay detection issue which was fixed in v4.14 and we would like to get this security fix also to linux-stable-4.4.But for that it depends on 3 mac80211 patches so the below mac80211 commits needs to be picked first in the same order and then apply this patchset. f980ebc058c2 : mac80211: allow not sending MIC up from driver for HW crypto f631a77ba920 : mac80211: allow same PN for AMSDU sub-frames cef0acd4d7d4 : mac80211: Add RX flag to indicate ICV stripped These patches should be applied in that order(commit f980ebc058c2 first) and they should apply cleanly with 3-way merge. Sriram R (2): ath10k: Add new hw param to identify alignment for different chipsets ath10k: rebuild crypto header in rx data frames drivers/net/wireless/ath/ath10k/core.c | 8 +++ drivers/net/wireless/ath/ath10k/core.h | 4 ++ drivers/net/wireless/ath/ath10k/htt_rx.c | 108 +++++++++++++++++++++++++----- drivers/net/wireless/ath/ath10k/rx_desc.h | 3 + 4 files changed, 107 insertions(+), 16 deletions(-) -- 2.7.4

7 years, 1 month

3
9
0 0

[PATCH] pmem: fix badblocks population for raw mode

by Toshi Kani

pmem_attach_disk() calls nvdimm_badblocks_populate() with resource range uninitialized in the case of raw mode. This leads the pmem driver to hit MCE despite of ARS reporting the range bad. Initialize 'bb_res' for raw mode. Fixes: e8d513483300 ("memremap: change devm_memremap_pages interface to use struct dev_pagemap") Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: <stable(a)vger.kernel.org> --- drivers/nvdimm/pmem.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/nvdimm/pmem.c b/drivers/nvdimm/pmem.c index 9d714926ecf5..2d7875209bce 100644 --- a/drivers/nvdimm/pmem.c +++ b/drivers/nvdimm/pmem.c @@ -367,9 +367,11 @@ static int pmem_attach_disk(struct device *dev, addr = devm_memremap_pages(dev, &pmem->pgmap); pmem->pfn_flags |= PFN_MAP; memcpy(&bb_res, &pmem->pgmap.res, sizeof(bb_res)); - } else + } else { addr = devm_memremap(dev, pmem->phys_addr, pmem->size, ARCH_MEMREMAP_PMEM); + memcpy(&bb_res, res, sizeof(bb_res)); + } /* * At release time the queue must be frozen before

7 years, 1 month

2
1
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 915b8f498b1a2dacc4f81dc949e310915c7374f2: Linux 3.18.106 (2018-04-24 09:29:29 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-26042018 for you to fetch changes up to 681b9d8dc055d044336e643b611f58e6e6caa9b4: kdb: make "mdr" command repeat (2018-04-26 17:22:04 -0400) - ---------------------------------------------------------------- for-greg-3.18-26042018 - ---------------------------------------------------------------- Alex Estrin (1): IB/ipoib: Fix for potential no-carrier state Alex Williamson (1): PCI: Add function 1 DMA alias quirk for Marvell 9128 Alexey Dobriyan (1): proc: fix /proc/*/map_files lookup Anders Roxell (1): selftests: memfd: add config fragment for fuse Andrea Parri (2): locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs Andrzej Hajda (4): clk: samsung: s3c2410: Fix PLL rates clk: samsung: exynos5260: Fix PLL rates clk: samsung: exynos5250: Fix PLL rates clk: samsung: exynos3250: Fix PLL rates Anna-Maria Gleixner (1): tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account Arnd Bergmann (5): scsi: fas216: fix sense buffer initialization x86/power: Fix swsusp_arch_resume prototype cifs: silence compiler warnings showing up with gcc-8.0.0 md: raid5: avoid string overflow warning media: s3c-camif: fix out-of-bounds array access Arvind Yadav (1): xen: xenbus: use put_device() instead of kfree() Baoquan He (1): x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified Bart Van Assche (1): scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() Benjamin Poirier (1): e1000e: Fix check_for_link return value with autoneg off Bjorn Andersson (1): pinctrl: msm: Use dynamic GPIO numbering Brad Love (3): media: cx23885: Override 888 ImpactVCBe crystal frequency media: cx23885: Set subdev host data to clk_freq pointer media: em28xx: USB bulk packet size fix Carlos Maiolino (1): Force log to disk before reading the AGF during a fstrim Chad Dupuis (1): scsi: bnx2fc: Fix check in SCSI completion handler for timed out request Chen Yu (1): ACPI: processor_perflib: Do not send _PPC change notification if not ready Chris Dickens (1): usb: gadget: composite: fix incorrect handling of OS desc requests Christophe JAILLET (1): regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' Claudio Imbrenda (1): mm/ksm: fix interaction with THP Colin Ian King (4): clocksource/drivers/fsl_ftm_timer: Fix error return checking staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr rtc: tx4939: avoid unintended sign extension on a 24 bit shift media: cx25821: prevent out-of-bounds read on array card Coly Li (2): bcache: properly set task state in bch_writeback_thread() bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set Cong Wang (1): llc: properly handle dev_queue_xmit() return value Dan Carpenter (5): ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() scsi: sym53c8xx_2: iterator underflow in sym_getsync() scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() xen/acpi: off by one in read_acpi_id() Danilo Krummrich (1): fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table Dave Carroll (1): scsi: aacraid: Insure command thread is not recursively stopped Dave Hansen (1): x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init David Ahern (1): selftests: Add FIB onlink tests David Lechner (1): ARM: davinci_all_defconfig: set CONFIG_DAVINCI_WATCHDOG=y David Rientjes (1): kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE David S. Miller (1): sparc64: Make atomic_xchg() an inline function rather than a macro. Davidlohr Bueso (1): sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning Eric Dumazet (4): smsc75xx: fix smsc75xx_set_features() percpu: add a schedule point in pcpu_balance_workfn() r8152: fix tx packets accounting soreuseport: initialise timewait reuseport field Erik Schmauss (1): ACPICA: Events: add a return on failure from acpi_hw_register_read Esben Haabendal (1): dp83640: Ensure against premature access to PHY registers after reset Felix Fietkau (1): mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 Filipe Manana (2): Btrfs: send, fix issuing write op when processing hole in no data mode Btrfs: fix copy_items() return value when logging an inode Florian Westphal (2): netfilter: ebtables: convert BUG_ONs to WARN_ONs netfilter: ebtables: fix erroneous reject of last rule Frank Asseg (1): tools/thermal: tmon: fix for segfault Fredrik Noring (1): USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM Geert Uytterhoeven (6): ARM: OMAP1: clock: Fix debugfs_create_*() usage serial: xuartps: Fix out-of-bounds access through DT alias serial: samsung: Fix out-of-bounds access through serial port index serial: imx: Fix out-of-bounds access through serial port index serial: fsl_lpuart: Fix out-of-bounds access through DT alias serial: arc_uart: Fix out-of-bounds access through DT alias Giuseppe Lippolis (1): net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 Greg Ungerer (1): m68k: set dma and coherent masks for platform FEC ethernets Gregory CLEMENT (2): mailmap: Update email address for Gregory CLEMENT i2c: mv64xxx: Apply errata delay only in standard mode Grigor Tovmasyan (1): usb: dwc2: Fix interval type issue Guenter Roeck (4): watchdog: sp5100_tco: Fix watchdog disable bit hwmon: (nct6775) Fix writing pwmX_mode hwmon: (pmbus/max8688) Accept negative page register values hwmon: (pmbus/adm1275) Accept negative page register values Hector Martin (1): firewire-ohci: work around oversized DMA reads on JMicron controllers Helge Deller (1): parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode Huang Ying (1): mm: fix races between address_space dereference and free in page_evicatable Igor Pylypiv (1): watchdog: f71808e_wdt: Fix magic close handling Jake Daryll Obina (1): jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path James Smart (3): scsi: lpfc: Fix issue_lip if link is disabled scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing scsi: lpfc: Fix frequency of Release WQE CQEs Jan Chochol (1): nfs: Do not convert nfs_idmap_cache_timeout to jiffies Jan Kara (1): udf: Provide saner default for invalid uid / gid Jason Yan (1): scsi: libsas: defer ata device eh commands to libata Jay Vosburgh (1): virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS Jean Delvare (1): firmware: dmi_scan: Fix handling of empty DMI strings Jeff Mahoney (1): btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers Jens Axboe (1): sr: get/drop reference to device in revalidate and check_events Jeremy Cline (1): scsi: sd: Keep disk read-only when re-reading partition Joey Pabalinas (1): net/tcp/illinois: replace broken algorithm reference link Johannes Berg (1): regulatory: add NUL to request alpha2 John Keeping (1): usb: gadget: f_uac2: fix bFirstInterface in composite gadget Joonsoo Kim (1): ARM: CMA: avoid double mapping to the CMA area if CONFIG_HIGHMEM=y Karthikeyan Periyasamy (1): ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) Kees Cook (1): NFC: llcp: Limit size of SDP URI Kirill A. Shutemov (1): asm-generic: provide generic_pmdp_establish() Lars-Peter Clausen (1): usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS Lenny Szubowicz (1): ACPI: acpi_pad: Fix memory leak in power saving threads Leon Romanovsky (2): RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure net/mlx5: Protect from command bit overflow Linus LÃ¼ssing (2): batman-adv: fix multicast-via-unicast transmission with AP isolation batman-adv: fix packet loss for broadcasted DHCP packets to a server Liu Bo (2): Btrfs: bail out on error during replay_dir_deletes Btrfs: fix NULL pointer dereference in log_dir_items Madhavan Srinivasan (1): powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer Manish Rangankar (1): scsi: qla4xxx: skip error recovery in case of register disconnect. Mark Salter (1): irqchip/gic-v3: Change pr_debug message to pr_devel Markus Elfring (1): drm/exynos: g2d: Delete an error message for a failed memory allocation in two functions Masami Hiramatsu (4): selftests: ftrace: Add probe event argument syntax testcase selftests: ftrace: Add a testcase for string type with kprobe_event selftests: ftrace: Add a testcase for probepoint tracing/uprobe_event: Fix strncpy corner case Mathias Kresin (1): MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset Mathias Nyman (1): xhci: zero usb device slot_id member when disabling and freeing a xhci slot Mathieu Malaterre (1): powerpc: Add missing prototype for arch_irq_work_raise() Matt Redfearn (1): MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS Matthias Schiffer (3): batman-adv: fix packet checksum in receive path batman-adv: invalidate checksum on fragment reassembly batman-adv: fix header size check in batadv_dbg_arp() Maurizio Lombardi (1): cdrom: do not call check_disk_change() inside cdrom_open() Mauro Carvalho Chehab (1): media: dmxdev: fix error code for invalid ioctls Meelis Roos (1): scsi: aacraid: fix shutdown crash when init fails Mel Gorman (1): mm: pin address_space before dereferencing it while isolating an LRU page Merlijn Wajer (1): usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers Michael Ellerman (2): powerpc/mpic: Check if cpu_possible() in mpic_physmask() powerpc/perf: Fix kernel address leak via sampling registers Michael Schmitz (1): zorro: Set up z->dev.dma_mask for the DMA API Nikolay Borisov (2): btrfs: Fix out of bounds access in btrfs_search_slot btrfs: Fix possible softlock on single core machines Paolo Bonzini (1): kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl Pawel Dembicki (1): net: qmi_wwan: add BroadMobi BM806U 2020:2033 Peter Malone (1): fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). Peter Zijlstra (1): perf/core: Fix perf_output_read_group() Petr Vorel (1): ima: Fallback to the builtin hash algorithm Philipp Puschmann (1): arm: dts: socfpga: fix GIC PPI warning Pierre-Yves Kerbrat (1): e1000e: allocate ring descriptors with dma_zalloc_coherent Qi Hou (1): dmaengine: pl330: fix a race condition in case of threaded irqs Qu Wenruo (1): btrfs: tests/qgroup: Fix wrong tree backref level Rafael J. Wysocki (1): PCI: Restore config space on runtime resume despite being unbound Randy Dunlap (2): fs/signalfd: fix build error for BUS_MCEERR_AR kdb: make "mdr" command repeat Rich Felker (1): sh: fix debug trap failure to process signals before return to user Richard Guy Briggs (1): audit: return on memory error to avoid null pointer dereference Richard Haines (1): netlabel: If PF_INET6, check sk_buff ip header version Rob Herring (1): microblaze: switch to NO_BOOTMEM Roger Pau Monne (1): xen/pirq: fix error path cleanup when binding MSIs Ross Lagerwall (1): xen/grant-table: Use put_page instead of free_page Samuel Neves (1): x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations Sean Christopherson (1): KVM: VMX: raise internal error for exception during invalid protected mode state Sebastian Ott (2): s390/cio: fix return code after missing interrupt s390/cio: clear timer when terminating driver I/O Seunghun Han (1): ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c Stefan Agner (1): usb: gadget: fsl_udc_core: fix ep valid checks Stefano Brivio (2): vti4: Don't count header length twice on tunnel setup vti4: Don't override MTU passed on link creation via IFLA_MTU Steven Rostedt (VMware) (1): tools lib traceevent: Fix get_field_str() for dynamic strings Sujit Reddy Thumma (1): scsi: ufs: Enable quirk to ignore sending WRITE_SAME command Sylwester Nawrocki (1): ASoC: samsung: i2s: Ensure the RCLK rate is properly determined Takashi Iwai (1): ALSA: vmaster: Propagate slave error Tang Junhui (4): bcache: fix for allocator and register thread race bcache: fix for data collapse after re-attaching an attached device bcache: return attach error when no cache set exist bcache: fix kcrashes with fio in RAID5 backend dev Thinh Nguyen (1): usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields Thomas Vincent-Cross (1): PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 Tom Abraham (1): swap: divide-by-zero when zero length swap file on ssd Tony Lindgren (2): ARM: OMAP3: Fix prm wake interrupt for resume ARM: OMAP: Fix dmtimer init for omap1 Toshiaki Makita (2): net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off net: Fix untag for vlan packets without ethernet header Ulf Magnusson (3): kconfig: Don't leak main menus during parsing kconfig: Fix automatic menu creation mem leak kconfig: Fix expr_free() E_NOT leak Vaibhav Jain (1): powerpc/xmon: Setup debugger hooks when first break-point is set Vinayak Menon (1): mm/kmemleak.c: wait for scan completion before disabling free Wolfram Sang (2): drm/exynos: fix comparison to bitshift when dealing with a mask usb: gadget: udc: change comparison to bitshift when dealing with a mask Xin Long (1): sit: fix IFLA_MTU ignored on NEWLINK Xose Vazquez Perez (1): scsi: devinfo: fix format of the device list Yelena Krivosheev (1): net: mvneta: fix enable of all initialized RXQs Yisheng Xie (3): mm/mempolicy: fix the check of nodemask from user mm/mempolicy: add nodes_empty check in SYSC_migrate_pages mm/mempolicy.c: avoid use uninitialized preferred_node Yufen Yu (2): md raid10: fix NULL deference in handle_write_completed() md/raid1: fix NULL pointer dereference mulhern (1): dm thin: fix documentation relative to low water mark threshold piaojun (2): ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute .mailmap | 1 + Documentation/device-mapper/thin-provisioning.txt | 8 +- arch/alpha/include/asm/xchg.h | 30 +- arch/arm/boot/dts/socfpga.dtsi | 2 +- arch/arm/configs/davinci_all_defconfig | 2 +- arch/arm/mach-omap1/clock.c | 6 +- arch/arm/mach-omap2/pm.c | 4 +- arch/arm/mm/dma-mapping.c | 16 +- arch/arm/plat-omap/dmtimer.c | 7 +- arch/m68k/coldfire/device.c | 12 +- arch/microblaze/Kconfig | 1 + arch/microblaze/mm/init.c | 56 +-- arch/mips/include/asm/mach-ath79/ar71xx_regs.h | 2 +- arch/mips/txx9/rbtx4939/setup.c | 4 +- arch/powerpc/include/asm/irq_work.h | 1 + arch/powerpc/perf/core-book3s.c | 25 ++ arch/powerpc/sysdev/mpic.c | 2 +- arch/powerpc/xmon/xmon.c | 17 +- arch/sh/kernel/entry-common.S | 2 +- arch/sparc/include/asm/atomic_64.h | 6 +- arch/x86/kernel/apic/apic.c | 2 +- arch/x86/kernel/smpboot.c | 1 + arch/x86/kvm/vmx.c | 20 +- arch/x86/kvm/x86.c | 7 +- arch/x86/mm/pageattr.c | 6 +- arch/x86/power/hibernate_32.c | 2 +- arch/x86/power/hibernate_64.c | 2 +- drivers/acpi/acpi_pad.c | 3 + drivers/acpi/acpica/evevent.c | 9 +- drivers/acpi/acpica/nseval.c | 8 + drivers/acpi/processor_perflib.c | 2 +- drivers/block/paride/pcd.c | 2 + drivers/cdrom/cdrom.c | 3 - drivers/cdrom/gdrom.c | 3 + drivers/clk/samsung/clk-exynos3250.c | 4 +- drivers/clk/samsung/clk-exynos5250.c | 8 +- drivers/clk/samsung/clk-exynos5260.c | 2 +- drivers/clk/samsung/clk-s3c2410.c | 16 +- drivers/clocksource/fsl_ftm_timer.c | 2 +- drivers/dma/pl330.c | 6 +- drivers/firewire/ohci.c | 8 +- drivers/firmware/dmi_scan.c | 22 +- drivers/gpu/drm/exynos/exynos_drm_g2d.c | 6 +- drivers/gpu/drm/exynos/regs-fimc.h | 2 +- drivers/hid/hid-roccat-kovaplus.c | 2 + drivers/hwmon/nct6775.c | 10 +- drivers/hwmon/pmbus/adm1275.c | 4 +- drivers/hwmon/pmbus/max8688.c | 2 +- drivers/i2c/busses/i2c-mv64xxx.c | 8 +- drivers/ide/ide-cd.c | 2 + drivers/infiniband/hw/mlx5/qp.c | 5 +- drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 + drivers/irqchip/irq-gic-v3.c | 2 +- drivers/md/bcache/alloc.c | 4 +- drivers/md/bcache/bcache.h | 2 +- drivers/md/bcache/btree.c | 9 +- drivers/md/bcache/request.c | 2 +- drivers/md/bcache/super.c | 23 +- drivers/md/bcache/sysfs.c | 11 +- drivers/md/bcache/writeback.c | 27 +- drivers/md/raid1.c | 11 + drivers/md/raid10.c | 6 +- drivers/md/raid5.c | 7 +- drivers/media/dvb-core/dmxdev.c | 2 +- drivers/media/pci/cx23885/cx23885-cards.c | 4 + drivers/media/pci/cx23885/cx23885-core.c | 10 + drivers/media/pci/cx25821/cx25821-core.c | 7 +- drivers/media/platform/s3c-camif/camif-capture.c | 7 +- drivers/media/usb/em28xx/em28xx.h | 2 +- drivers/message/fusion/mptctl.c | 2 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 +- drivers/net/ethernet/intel/e1000e/mac.c | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 4 +- drivers/net/ethernet/marvell/mvneta.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 2 +- drivers/net/phy/dp83640.c | 18 + drivers/net/usb/qmi_wwan.c | 4 + drivers/net/usb/r8152.c | 2 +- drivers/net/usb/smsc75xx.c | 7 +- drivers/net/virtio_net.c | 2 +- drivers/net/wireless/ath/ath10k/mac.c | 10 + drivers/parisc/lba_pci.c | 20 +- drivers/pci/pci-driver.c | 17 +- drivers/pci/quirks.c | 5 + drivers/pinctrl/qcom/pinctrl-msm.c | 2 +- drivers/regulator/of_regulator.c | 1 + drivers/rtc/rtc-tx4939.c | 6 +- drivers/s390/cio/device_fsm.c | 7 +- drivers/s390/cio/io_sch.h | 1 + drivers/scsi/aacraid/commsup.c | 4 +- drivers/scsi/aacraid/linit.c | 5 +- drivers/scsi/arm/fas216.c | 2 +- drivers/scsi/bnx2fc/bnx2fc_io.c | 1 + drivers/scsi/libsas/sas_scsi_host.c | 33 +- drivers/scsi/lpfc/lpfc_attr.c | 5 + drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_sli.c | 2 + drivers/scsi/qla2xxx/qla_isr.c | 6 +- drivers/scsi/qla4xxx/ql4_def.h | 2 + drivers/scsi/qla4xxx/ql4_os.c | 46 +++ drivers/scsi/scsi_devinfo.c | 7 +- drivers/scsi/sd.c | 3 +- drivers/scsi/sr.c | 21 +- drivers/scsi/sym53c8xx_2/sym_hipd.c | 2 +- drivers/scsi/ufs/ufshcd.c | 2 + drivers/staging/rtl8192u/r8192U_core.c | 2 + drivers/tty/serial/arc_uart.c | 5 + drivers/tty/serial/fsl_lpuart.c | 4 + drivers/tty/serial/imx.c | 6 + drivers/tty/serial/samsung.c | 4 + drivers/tty/serial/xilinx_uartps.c | 2 +- drivers/usb/dwc2/core.h | 2 +- drivers/usb/dwc3/core.h | 2 + drivers/usb/gadget/composite.c | 40 ++- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/gadget/function/f_uac2.c | 2 + drivers/usb/gadget/udc/fsl_udc_core.c | 4 +- drivers/usb/gadget/udc/goku_udc.h | 2 +- drivers/usb/host/ohci-hcd.c | 3 +- drivers/usb/host/xhci-mem.c | 2 + drivers/usb/musb/musb_core.c | 2 + drivers/video/fbdev/sbuslib.c | 4 +- drivers/watchdog/f71808e_wdt.c | 3 +- drivers/watchdog/sp5100_tco.h | 2 +- drivers/xen/events/events_base.c | 4 +- drivers/xen/grant-table.c | 4 +- drivers/xen/xen-acpi-processor.c | 6 +- drivers/xen/xenbus/xenbus_probe.c | 5 +- drivers/zorro/zorro.c | 12 + fs/btrfs/ctree.c | 12 +- fs/btrfs/disk-io.c | 2 +- fs/btrfs/extent-tree.c | 1 + fs/btrfs/send.c | 3 + fs/btrfs/tests/qgroup-tests.c | 2 +- fs/btrfs/tree-log.c | 12 +- fs/cifs/cifssmb.c | 4 +- fs/jffs2/fs.c | 1 - fs/nfs/nfs4sysctl.c | 2 +- fs/ocfs2/acl.c | 6 + fs/ocfs2/super.c | 5 +- fs/ocfs2/xattr.c | 2 + fs/proc/base.c | 29 +- fs/proc/proc_sysctl.c | 3 + fs/signalfd.c | 15 +- fs/udf/super.c | 5 +- fs/xfs/xfs_discard.c | 14 +- include/asm-generic/pgtable.h | 15 + include/linux/suspend.h | 2 + include/linux/usb/composite.h | 3 + include/net/inet_timewait_sock.h | 1 + include/net/llc_conn.h | 2 +- include/net/mac80211.h | 2 +- include/net/regulatory.h | 2 +- include/trace/events/timer.h | 20 +- include/uapi/linux/if_ether.h | 1 + kernel/audit.c | 2 + kernel/debug/kdb/kdb_main.c | 27 +- kernel/events/core.c | 3 +- kernel/power/power.h | 3 - kernel/relay.c | 2 +- kernel/sched/rt.c | 2 + kernel/trace/trace_uprobe.c | 2 + mm/kmemleak.c | 12 +- mm/ksm.c | 28 ++ mm/mempolicy.c | 36 +- mm/percpu.c | 1 + mm/swapfile.c | 4 + mm/vmscan.c | 22 +- net/batman-adv/distributed-arp-table.c | 2 +- net/batman-adv/fragmentation.c | 3 +- net/batman-adv/gateway_client.c | 3 + net/batman-adv/multicast.c | 4 +- net/batman-adv/soft-interface.c | 8 +- net/bridge/netfilter/ebtables.c | 33 +- net/core/skbuff.c | 9 +- net/ipv4/inet_timewait_sock.c | 1 + net/ipv4/ip_vti.c | 2 - net/ipv4/tcp_illinois.c | 2 +- net/ipv6/sit.c | 7 + net/llc/llc_c_ac.c | 15 +- net/llc/llc_conn.c | 32 +- net/netlabel/netlabel_unlabeled.c | 10 + net/nfc/llcp_commands.c | 4 + net/nfc/netlink.c | 3 +- scripts/kconfig/expr.c | 2 +- scripts/kconfig/menu.c | 1 + scripts/kconfig/zconf.y | 33 +- security/integrity/ima/ima_crypto.c | 2 + security/integrity/ima/ima_main.c | 13 + sound/core/vmaster.c | 5 +- sound/soc/au1x/ac97c.c | 6 +- sound/soc/samsung/i2s.c | 13 +- tools/lib/traceevent/parse-filter.c | 10 +- .../ftrace/test.d/kprobe/kprobe_args_string.tc | 46 +++ .../ftrace/test.d/kprobe/kprobe_args_syntax.tc | 97 ++++++ .../selftests/ftrace/test.d/kprobe/probepoint.tc | 43 +++ tools/testing/selftests/memfd/config | 1 + tools/testing/selftests/net/fib-onlink-tests.sh | 375 +++++++++++++++++++++ tools/thermal/tmon/sysfs.c | 12 +- tools/thermal/tmon/tmon.c | 1 - 200 files changed, 1602 insertions(+), 413 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_string.tc create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_syntax.tc create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/probepoint.tc create mode 100644 tools/testing/selftests/memfd/config create mode 100755 tools/testing/selftests/net/fib-onlink-tests.sh -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlrihHcACgkQ3qZv95d3 LNynWw//ZB82jJUQHRHsJTTS/ele1QYmORYiC1XNJnlExdATWkHMl5x4EgxOaEyn iNhPa0Uxnh+ESh/qFAyjS6SBAVKQ5JvhLE34ipFNetplc1VikteW1ziD6ZnJdKmq x6+hj5HsSZnYJH7FNJzThAfufEpG8s1UBiZY3GWTO8vVCI+EwDHqDm5uCwiskE1B /Z0Tz97WNOAv9sT5xb4iljbw8nssUIbBfD9CEjf7Sk6MT6Hdd4ap3x3BTK+a7JDN YGMuGp3N8Bc8aTNj9mX3r2IRzm1KxM1WgLf9p62NWD4braAJPXAKLD27fUqLUt5b t5L44mBf9bTgcXn9Y2SRBCY1DqeBmALXLWT/69Hrh4v4FnqvfDCNXb1alTOSKoeT AE0ld6fyIOZ24xSHrqIC7kfozxsLzQ04ByNsuipeU9AdHEsPg0f9PX0p/DSnbYTr MXlNfTxaXtVzqSNzsNeC2rxvCCze3V+Usf2sDMADdIW9mDEYlj2bHCr3+M6E1z2F qZxoTu2/qFWboBBPzlIiIRmSfpCaLx/AefG3JG/r8KBIM9Lxrpq/YL5B59SZUg3E PCHQIrgOgifzGd/UNEZfisDZTKBwbr+/5FSi2a6qkF8jcHpmqNi+62ijSNdLhoHE dgZLEEryNkaYXoxjBr7KhOkt2dA49oBbpxdQ3bF6BE1o0BgMHPU= =gb8l -----END PGP SIGNATURE-----

7 years, 1 month

2
1
0 0

[PATCH 7/7] tracepoint: Do not warn on ENOMEM

by Steven Rostedt

From: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Tracepoint should only warn when a kernel API user does not respect the required preconditions (e.g. same tracepoint enabled twice, or called to remove a tracepoint that does not exist). Silence warning in out-of-memory conditions, given that the error is returned to the caller. This ensures that out-of-memory error-injection testing does not trigger warnings in tracepoint.c, which were seen by syzbot. Link: https://lkml.kernel.org/r/001a114465e241a8720567419a72@google.com Link: https://lkml.kernel.org/r/001a1140e0de15fc910567464190@google.com Link: http://lkml.kernel.org/r/20180315124424.32319-1-mathieu.desnoyers@efficios.… CC: Peter Zijlstra <peterz(a)infradead.org> CC: Jiri Olsa <jolsa(a)redhat.com> CC: Arnaldo Carvalho de Melo <acme(a)kernel.org> CC: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> CC: Namhyung Kim <namhyung(a)kernel.org> CC: stable(a)vger.kernel.org Fixes: de7b2973903c6 ("tracepoint: Use struct pointer instead of name hash for reg/unreg tracepoints") Reported-by: syzbot+9c0d616860575a73166a(a)syzkaller.appspotmail.com Reported-by: syzbot+4e9ae7fa46233396f64d(a)syzkaller.appspotmail.com Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/tracepoint.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/tracepoint.c b/kernel/tracepoint.c index 671b13457387..1e37da2e0c25 100644 --- a/kernel/tracepoint.c +++ b/kernel/tracepoint.c @@ -207,7 +207,7 @@ static int tracepoint_add_func(struct tracepoint *tp, lockdep_is_held(&tracepoints_mutex)); old = func_add(&tp_funcs, func, prio); if (IS_ERR(old)) { - WARN_ON_ONCE(1); + WARN_ON_ONCE(PTR_ERR(old) != -ENOMEM); return PTR_ERR(old); } @@ -239,7 +239,7 @@ static int tracepoint_remove_func(struct tracepoint *tp, lockdep_is_held(&tracepoints_mutex)); old = func_remove(&tp_funcs, func); if (IS_ERR(old)) { - WARN_ON_ONCE(1); + WARN_ON_ONCE(PTR_ERR(old) != -ENOMEM); return PTR_ERR(old); } -- 2.17.0

7 years, 1 month

1
0
0 0

[PATCH 1/7] tracing: Fix bad use of igrab in trace_uprobe.c

by Steven Rostedt

From: Song Liu <songliubraving(a)fb.com> As Miklos reported and suggested: This pattern repeats two times in trace_uprobe.c and in kernel/events/core.c as well: ret = kern_path(filename, LOOKUP_FOLLOW, &path); if (ret) goto fail_address_parse; inode = igrab(d_inode(path.dentry)); path_put(&path); And it's wrong. You can only hold a reference to the inode if you have an active ref to the superblock as well (which is normally through path.mnt) or holding s_umount. This way unmounting the containing filesystem while the tracepoint is active will give you the "VFS: Busy inodes after unmount..." message and a crash when the inode is finally put. Solution: store path instead of inode. This patch fixes two instances in trace_uprobe.c. struct path is added to struct trace_uprobe to keep the inode and containing mount point referenced. Link: http://lkml.kernel.org/r/20180423172135.4050588-1-songliubraving@fb.com Fixes: f3f096cfedf8 ("tracing: Provide trace events interface for uprobes") Fixes: 33ea4b24277b ("perf/core: Implement the 'perf_uprobe' PMU") Cc: stable(a)vger.kernel.org Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Howard McLauchlan <hmclauchlan(a)fb.com> Cc: Josef Bacik <jbacik(a)fb.com> Cc: Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> Acked-by: Miklos Szeredi <mszeredi(a)redhat.com> Reported-by: Miklos Szeredi <miklos(a)szeredi.hu> Signed-off-by: Song Liu <songliubraving(a)fb.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_uprobe.c | 35 ++++++++++++++--------------------- 1 file changed, 14 insertions(+), 21 deletions(-) diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index 34fd0e0ec51d..ac892878dbe6 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -55,6 +55,7 @@ struct trace_uprobe { struct list_head list; struct trace_uprobe_filter filter; struct uprobe_consumer consumer; + struct path path; struct inode *inode; char *filename; unsigned long offset; @@ -289,7 +290,7 @@ static void free_trace_uprobe(struct trace_uprobe *tu) for (i = 0; i < tu->tp.nr_args; i++) traceprobe_free_probe_arg(&tu->tp.args[i]); - iput(tu->inode); + path_put(&tu->path); kfree(tu->tp.call.class->system); kfree(tu->tp.call.name); kfree(tu->filename); @@ -363,7 +364,6 @@ static int register_trace_uprobe(struct trace_uprobe *tu) static int create_trace_uprobe(int argc, char **argv) { struct trace_uprobe *tu; - struct inode *inode; char *arg, *event, *group, *filename; char buf[MAX_EVENT_NAME_LEN]; struct path path; @@ -371,7 +371,6 @@ static int create_trace_uprobe(int argc, char **argv) bool is_delete, is_return; int i, ret; - inode = NULL; ret = 0; is_delete = false; is_return = false; @@ -437,21 +436,16 @@ static int create_trace_uprobe(int argc, char **argv) } /* Find the last occurrence, in case the path contains ':' too. */ arg = strrchr(argv[1], ':'); - if (!arg) { - ret = -EINVAL; - goto fail_address_parse; - } + if (!arg) + return -EINVAL; *arg++ = '\0'; filename = argv[1]; ret = kern_path(filename, LOOKUP_FOLLOW, &path); if (ret) - goto fail_address_parse; - - inode = igrab(d_real_inode(path.dentry)); - path_put(&path); + return ret; - if (!inode || !S_ISREG(inode->i_mode)) { + if (!d_is_reg(path.dentry)) { ret = -EINVAL; goto fail_address_parse; } @@ -490,7 +484,7 @@ static int create_trace_uprobe(int argc, char **argv) goto fail_address_parse; } tu->offset = offset; - tu->inode = inode; + tu->path = path; tu->filename = kstrdup(filename, GFP_KERNEL); if (!tu->filename) { @@ -558,7 +552,7 @@ static int create_trace_uprobe(int argc, char **argv) return ret; fail_address_parse: - iput(inode); + path_put(&path); pr_info("Failed to parse address or file.\n"); @@ -922,6 +916,7 @@ probe_event_enable(struct trace_uprobe *tu, struct trace_event_file *file, goto err_flags; tu->consumer.filter = filter; + tu->inode = d_real_inode(tu->path.dentry); ret = uprobe_register(tu->inode, tu->offset, &tu->consumer); if (ret) goto err_buffer; @@ -967,6 +962,7 @@ probe_event_disable(struct trace_uprobe *tu, struct trace_event_file *file) WARN_ON(!uprobe_filter_is_empty(&tu->filter)); uprobe_unregister(tu->inode, tu->offset, &tu->consumer); + tu->inode = NULL; tu->tp.flags &= file ? ~TP_FLAG_TRACE : ~TP_FLAG_PROFILE; uprobe_buffer_disable(); @@ -1337,7 +1333,6 @@ struct trace_event_call * create_local_trace_uprobe(char *name, unsigned long offs, bool is_return) { struct trace_uprobe *tu; - struct inode *inode; struct path path; int ret; @@ -1345,11 +1340,8 @@ create_local_trace_uprobe(char *name, unsigned long offs, bool is_return) if (ret) return ERR_PTR(ret); - inode = igrab(d_inode(path.dentry)); - path_put(&path); - - if (!inode || !S_ISREG(inode->i_mode)) { - iput(inode); + if (!d_is_reg(path.dentry)) { + path_put(&path); return ERR_PTR(-EINVAL); } @@ -1364,11 +1356,12 @@ create_local_trace_uprobe(char *name, unsigned long offs, bool is_return) if (IS_ERR(tu)) { pr_info("Failed to allocate trace_uprobe.(%d)\n", (int)PTR_ERR(tu)); + path_put(&path); return ERR_CAST(tu); } tu->offset = offs; - tu->inode = inode; + tu->path = path; tu->filename = kstrdup(name, GFP_KERNEL); init_trace_event_call(tu, &tu->tp.call); -- 2.17.0

7 years, 1 month

1
0
0 0

[PATCH] drm/bridge: vga-dac: Fix edid memory leak

by Sean Paul

edid should be freed once it's finished being used. Fixes: 56fe8b6f4991 ("drm/bridge: Add RGB to VGA bridge support") Cc: Rob Herring <robh(a)kernel.org> Cc: Sean Paul <seanpaul(a)chromium.org> Cc: Maxime Ripard <maxime.ripard(a)free-electrons.com> Cc: Archit Taneja <architt(a)codeaurora.org> Cc: Andrzej Hajda <a.hajda(a)samsung.com> Cc: Laurent Pinchart <Laurent.pinchart(a)ideasonboard.com> Cc: <stable(a)vger.kernel.org> # v4.9+ Signed-off-by: Sean Paul <seanpaul(a)chromium.org> --- drivers/gpu/drm/bridge/dumb-vga-dac.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/bridge/dumb-vga-dac.c b/drivers/gpu/drm/bridge/dumb-vga-dac.c index 498d5948d1a8..9837c8d69e69 100644 --- a/drivers/gpu/drm/bridge/dumb-vga-dac.c +++ b/drivers/gpu/drm/bridge/dumb-vga-dac.c @@ -56,7 +56,9 @@ static int dumb_vga_get_modes(struct drm_connector *connector) } drm_mode_connector_update_edid_property(connector, edid); - return drm_add_edid_modes(connector, edid); + ret = drm_add_edid_modes(connector, edid); + kfree(edid); + return ret; fallback: /* -- Sean Paul, Software Engineer, Google / Chromium OS

7 years, 1 month

3
3
0 0

[PATCH 3.18 v3] perf session: Fix undeclared 'oe'

by Murilo Opsfelder Araujo

Using linux-3.18.y branch, perf build fails with the following: $ make -s -j16 -C tools/perf V=1 WERROR=0 NO_LIBUNWIND=1 HAVE_CPLUS_DEMANGLE=1 NO_GTK2=1 NO_LIBNUMA=1 NO_STRLCPY=1 NO_BIONIC=1 prefix=/usr DESTDIR=/tmp/builddir/build all [...] util/session.c: In function ‘__perf_session__process_pipe_events’: util/session.c:1093:36: error: ‘oe’ undeclared (first use in this function) ordered_events__set_copy_on_queue(oe, true); ^ util/session.c:1093:36: note: each undeclared identifier is reported only once for each function it appears in This patch fixes it for linux-3.18.y branch. Fixes: 95b33b99cdd6 ("perf inject: Copy events when reordering events in pipe mode") Cc: <stable(a)vger.kernel.org> # 3.18.x Cc: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Arnaldo Carvalho de Melo <acme(a)redhat.com> Cc: David Carrillo-Cisneros <davidcc(a)google.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: He Kuang <hekuang(a)huawei.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Jiri Olsa <jolsa(a)kernel.org> Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Paul Mackerras <paulus(a)samba.org> Cc: Paul Turner <pjt(a)google.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Sasha Levin <alexander.levin(a)microsoft.com> Cc: Simon Que <sque(a)chromium.org> Cc: Stephane Eranian <eranian(a)google.com> Cc: Wang Nan <wangnan0(a)huawei.com> Signed-off-by: Murilo Opsfelder Araujo <muriloo(a)linux.ibm.com> --- Hi, Greg. Perf build on linux-3.18.y is broken since v3.18.101 (v3.18.100 worked just fine). This fixes it. Changes since v2: - rebased on v3.18.108 tools/perf/util/session.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c index dc3d3b1b813e..c2d4a7ec40df 100644 --- a/tools/perf/util/session.c +++ b/tools/perf/util/session.c @@ -1073,6 +1073,7 @@ volatile int session_done; static int __perf_session__process_pipe_events(struct perf_session *session, struct perf_tool *tool) { + struct ordered_events *oe = &session->ordered_events; int fd = perf_data_file__fd(session->file); union perf_event *event; uint32_t size, cur_size = 0; -- 2.14.3

7 years, 1 month

1
0
0 0

v4.4.131 build: 0 failures 0 warnings (v4.4.131)

by Build bot for Mark Brown

Tree/Branch: v4.4.131 Git describe: v4.4.131 Commit: 8719027e78 Linux 4.4.131 Build Time: 59 min 59 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig x86_64-allmodconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

7 years, 1 month

1
0
0 0

Re: Patch "ASoC: fsl_ssi: Maintain a mask of active streams" has been added to the 4.16-stable tree

by Maciej S. Szmigiero

On 02.05.2018 00:32, gregkh(a)linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > ASoC: fsl_ssi: Maintain a mask of active streams > > to the 4.16-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > asoc-fsl_ssi-maintain-a-mask-of-active-streams.patch > and it can be found in the queue-4.16 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. This patch was a part of a wider fsl_ssi driver clean up series so I don't think it should go into stable. Maciej

7 years, 1 month

2
1
0 0

Linux 3.18.108

by Greg KH

I'm announcing the release of the 3.18.108 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - drivers/char/virtio_console.c | 49 +++++++++++++++++------------------- drivers/mtd/chips/cfi_cmdset_0001.c | 33 ++++++++++++++++++++---- drivers/mtd/chips/cfi_cmdset_0002.c | 9 ++++-- drivers/scsi/sd.c | 2 + drivers/tty/n_gsm.c | 23 ++++++++++++++++ drivers/tty/tty_ldisc.c | 11 +++----- drivers/usb/core/hcd.c | 1 drivers/usb/core/hub.c | 10 ++++++- drivers/usb/core/quirks.c | 3 ++ drivers/usb/serial/cp210x.c | 1 drivers/usb/serial/ftdi_sio.c | 3 +- drivers/usb/usbip/stub_main.c | 5 +++ drivers/usb/usbip/usbip_common.h | 2 - fs/ext4/balloc.c | 17 +++++++++++- fs/ext4/ialloc.c | 8 +++++ fs/jbd2/transaction.c | 1 include/linux/mtd/flashchip.h | 1 include/linux/virtio.h | 3 ++ lib/kobject.c | 12 +++----- net/ceph/messenger.c | 7 +++++ sound/core/pcm_native.c | 1 sound/core/seq/oss/seq_oss_synth.c | 12 +++++--- sound/soc/fsl/fsl_esai.c | 7 +++++ sound/usb/mixer_maps.c | 3 ++ tools/perf/tests/code-reading.c | 20 -------------- 26 files changed, 169 insertions(+), 77 deletions(-) David Henningsson (1): ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr Dmitry Vyukov (1): kobject: don't use WARN for registration failures Greg Kroah-Hartman (2): Revert "perf tests: Decompress kernel module before objdump" Linux 3.18.108 Ilya Dryomov (1): libceph: validate con->state at the top of try_write() Joakim Tjernlund (3): mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block. mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug. mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block. Kamil Lulko (1): usb: core: Add quirk for HP v222w 16GB Mini Kyle Roeschley (1): USB: serial: cp210x: add ID for NI USB serial console Lukas Czerner (1): ext4: fix bitmap position validation Mahesh Rajashekhara (1): scsi: sd: Defer spinning up drive while SANITIZE is in progress Michael S. Tsirkin (2): virtio: add ability to iterate over vqs virtio_console: free buffers after reset Nicolin Chen (1): ASoC: fsl_esai: Fix divisor calculation failure at lower ratio Ravi Chandra Sadineni (1): USB: Increment wakeup count on remote wakeup. Shuah Khan (2): usbip: usbip_host: fix to hold parent lock for device_attach() calls usbip: vhci_hcd: Fix usb device and sockfd leaks Takashi Iwai (2): ALSA: usb-audio: Skip broken EU on Dell dock USB-audio ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device Tetsuo Handa (1): tty: Use __GFP_NOFAIL for tty_ldisc_get() Theodore Ts'o (2): ext4: set h_journal if there is a failure starting a reserved handle ext4: add validity checks for bitmap block numbers Tony Lindgren (2): tty: n_gsm: Fix long delays with control frame timeouts in ADM mode tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set Vasyl Vavrychuk (1): USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster

7 years, 1 month

1
1
0 0

Linux 4.4.131

by Greg KH

I'm announcing the release of the 4.4.131 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/x86/include/uapi/asm/msgbuf.h | 31 ++++++++++++ arch/x86/include/uapi/asm/shmbuf.h | 42 ++++++++++++++++ arch/x86/kernel/smpboot.c | 2 drivers/amba/bus.c | 17 ++++-- drivers/char/virtio_console.c | 49 +++++++++---------- drivers/gpu/drm/virtio/virtgpu_vq.c | 4 - drivers/mtd/chips/cfi_cmdset_0001.c | 33 ++++++++++-- drivers/mtd/chips/cfi_cmdset_0002.c | 9 ++- drivers/scsi/sd.c | 2 drivers/tty/n_gsm.c | 23 ++++++++ drivers/tty/serial/serial_mctrl_gpio.c | 5 + drivers/tty/tty_io.c | 5 + drivers/tty/tty_ldisc.c | 16 +++--- drivers/usb/core/hcd.c | 1 drivers/usb/core/hub.c | 10 +++ drivers/usb/core/quirks.c | 3 + drivers/usb/serial/Kconfig | 1 drivers/usb/serial/cp210x.c | 1 drivers/usb/serial/ftdi_sio.c | 3 - drivers/usb/serial/usb-serial-simple.c | 7 ++ drivers/usb/usbip/stub_main.c | 5 + drivers/usb/usbip/usbip_common.h | 2 fs/ext4/balloc.c | 17 +++++- fs/ext4/extents.c | 16 ++++-- fs/ext4/ialloc.c | 7 ++ fs/jbd2/transaction.c | 1 include/linux/mtd/flashchip.h | 1 include/linux/tty.h | 2 include/linux/virtio.h | 3 + include/sound/control.h | 7 +- lib/kobject.c | 12 +--- net/ceph/messenger.c | 7 ++ sound/core/pcm_native.c | 1 sound/core/seq/oss/seq_oss_event.c | 15 +++-- sound/core/seq/oss/seq_oss_midi.c | 2 sound/core/seq/oss/seq_oss_synth.c | 85 +++++++++++++++++++-------------- sound/core/seq/oss/seq_oss_synth.h | 3 - sound/drivers/opl3/opl3_synth.c | 7 +- sound/pci/asihpi/hpimsginit.c | 13 +++-- sound/pci/asihpi/hpioctl.c | 4 + sound/pci/hda/hda_hwdep.c | 12 ++++ sound/pci/hda/patch_realtek.c | 2 sound/pci/rme9652/hdspm.c | 24 +++++---- sound/pci/rme9652/rme9652.c | 6 +- sound/soc/fsl/fsl_esai.c | 7 ++ sound/usb/mixer_maps.c | 3 + 47 files changed, 395 insertions(+), 135 deletions(-) Arnd Bergmann (1): x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds Collin May (1): USB: serial: simple: add libtransistor console David Henningsson (1): ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr Dmitry Vyukov (1): kobject: don't use WARN for registration failures Eric Biggers (1): ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS Geert Uytterhoeven (3): ARM: amba: Make driver_override output consistent with other buses ARM: amba: Fix race condition with driver_override ARM: amba: Don't read past the end of sysfs "driver_override" buffer Gerd Hoffmann (1): drm/virtio: fix vq wait_event condition Greg Kroah-Hartman (1): Linux 4.4.131 Ilya Dryomov (1): libceph: validate con->state at the top of try_write() Joakim Tjernlund (3): mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block. mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug. mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block. Kailang Yang (1): ALSA: hda/realtek - Add some fixes for ALC233 Kamil Lulko (1): usb: core: Add quirk for HP v222w 16GB Mini Kyle Roeschley (1): USB: serial: cp210x: add ID for NI USB serial console Lukas Czerner (1): ext4: fix bitmap position validation Mahesh Rajashekhara (1): scsi: sd: Defer spinning up drive while SANITIZE is in progress Michael S. Tsirkin (2): virtio: add ability to iterate over vqs virtio_console: free buffers after reset Nicolin Chen (1): ASoC: fsl_esai: Fix divisor calculation failure at lower ratio Ravi Chandra Sadineni (1): USB: Increment wakeup count on remote wakeup. Romain Izard (1): serial: mctrl_gpio: Add missing module license Shuah Khan (2): usbip: usbip_host: fix to hold parent lock for device_attach() calls usbip: vhci_hcd: Fix usb device and sockfd leaks Takashi Iwai (9): ALSA: usb-audio: Skip broken EU on Dell dock USB-audio ALSA: opl3: Hardening for potential Spectre v1 ALSA: asihpi: Hardening for potential Spectre v1 ALSA: hdspm: Hardening for potential Spectre v1 ALSA: rme9652: Hardening for potential Spectre v1 ALSA: control: Hardening for potential Spectre v1 ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device ALSA: seq: oss: Hardening for potential Spectre v1 ALSA: hda: Hardening for potential Spectre v1 Tetsuo Handa (2): tty: Don't call panic() at tty_ldisc_init() tty: Use __GFP_NOFAIL for tty_ldisc_get() Theodore Ts'o (2): ext4: set h_journal if there is a failure starting a reserved handle ext4: add validity checks for bitmap block numbers Tony Lindgren (2): tty: n_gsm: Fix long delays with control frame timeouts in ADM mode tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set Uwe Kleine-König (1): serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init Vasyl Vavrychuk (1): USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster Yazen Ghannam (1): x86/smpboot: Don't use mwait_play_dead() on AMD systems

7 years, 1 month

1
1
0 0

Linux 4.9.98

by Greg KH

I'm announcing the release of the 4.9.98 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/powerpc/kernel/eeh_driver.c | 61 +++++++++++++-------- arch/powerpc/platforms/powernv/opal-rtc.c | 8 +- arch/x86/include/uapi/asm/msgbuf.h | 31 ++++++++++ arch/x86/include/uapi/asm/shmbuf.h | 42 ++++++++++++++ arch/x86/kernel/cpu/microcode/intel.c | 2 arch/x86/kernel/smpboot.c | 2 crypto/drbg.c | 2 drivers/amba/bus.c | 17 +++--- drivers/char/random.c | 85 ++++++++++++++++++++++-------- drivers/char/virtio_console.c | 49 ++++++++--------- drivers/cpufreq/powernv-cpufreq.c | 14 +++- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 7 +- drivers/gpu/drm/virtio/virtgpu_vq.c | 4 - drivers/mtd/chips/cfi_cmdset_0001.c | 33 +++++++++-- drivers/mtd/chips/cfi_cmdset_0002.c | 9 ++- drivers/of/fdt.c | 7 +- drivers/pci/host/pci-aardvark.c | 12 ++-- drivers/rtc/rtc-opal.c | 37 ++++++++----- drivers/scsi/sd.c | 2 drivers/tty/n_gsm.c | 23 +++++++- drivers/tty/serial/earlycon.c | 6 +- drivers/tty/tty_io.c | 5 + drivers/tty/tty_ldisc.c | 16 ++--- drivers/usb/core/hcd.c | 1 drivers/usb/core/hub.c | 10 +++ drivers/usb/core/quirks.c | 3 + drivers/usb/serial/Kconfig | 1 drivers/usb/serial/cp210x.c | 1 drivers/usb/serial/ftdi_sio.c | 3 - drivers/usb/serial/usb-serial-simple.c | 7 ++ drivers/usb/usbip/stub_main.c | 5 + drivers/usb/usbip/usbip_common.h | 2 drivers/usb/usbip/usbip_event.c | 4 - fs/ext4/balloc.c | 17 +++++- fs/ext4/extents.c | 16 +++-- fs/ext4/ialloc.c | 7 ++ fs/jbd2/transaction.c | 1 include/asm-generic/vmlinux.lds.h | 2 include/linux/mtd/flashchip.h | 1 include/linux/serial_core.h | 21 ++++--- include/linux/tty.h | 2 include/linux/virtio.h | 3 + include/sound/control.h | 7 +- lib/kobject.c | 12 +--- net/ceph/messenger.c | 7 ++ net/ceph/mon_client.c | 14 +++- sound/core/pcm_native.c | 1 sound/core/seq/oss/seq_oss_event.c | 15 +++-- sound/core/seq/oss/seq_oss_midi.c | 2 sound/core/seq/oss/seq_oss_synth.c | 85 +++++++++++++++++------------- sound/core/seq/oss/seq_oss_synth.h | 3 - sound/drivers/opl3/opl3_synth.c | 7 +- sound/firewire/dice/dice-stream.c | 2 sound/firewire/dice/dice.c | 2 sound/pci/asihpi/hpimsginit.c | 13 +++- sound/pci/asihpi/hpioctl.c | 4 + sound/pci/hda/hda_hwdep.c | 12 +++- sound/pci/hda/patch_realtek.c | 2 sound/pci/rme9652/hdspm.c | 24 ++++---- sound/pci/rme9652/rme9652.c | 6 +- sound/soc/fsl/fsl_esai.c | 7 ++ sound/usb/mixer_maps.c | 3 + tools/lib/str_error_r.c | 2 tools/lib/subcmd/pager.c | 5 + 65 files changed, 586 insertions(+), 232 deletions(-) Arnd Bergmann (1): x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds Borislav Petkov (1): x86/microcode/intel: Save microcode patch unconditionally Collin May (1): USB: serial: simple: add libtransistor console Daniel Kurtz (1): earlycon: Use a pointer table to fix __earlycon_table stride David Henningsson (1): ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr Dmitry Vyukov (1): kobject: don't use WARN for registration failures Eric Biggers (1): ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS Evan Wang (1): PCI: aardvark: Fix PCIe Max Read Request Size setting Geert Uytterhoeven (3): ARM: amba: Make driver_override output consistent with other buses ARM: amba: Fix race condition with driver_override ARM: amba: Don't read past the end of sysfs "driver_override" buffer Gerd Hoffmann (1): drm/virtio: fix vq wait_event condition Greg Kroah-Hartman (1): Linux 4.9.98 Ilya Dryomov (3): libceph: un-backoff on tick when we have a authenticated session libceph: reschedule a tick in finish_hunting() libceph: validate con->state at the top of try_write() Joakim Tjernlund (3): mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block. mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug. mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block. Josh Poimboeuf (1): objtool, perf: Fix GCC 8 -Wrestrict error Kailang Yang (1): ALSA: hda/realtek - Add some fixes for ALC233 Kamil Lulko (1): usb: core: Add quirk for HP v222w 16GB Mini Kyle Roeschley (1): USB: serial: cp210x: add ID for NI USB serial console Lukas Czerner (1): ext4: fix bitmap position validation Mahesh Rajashekhara (1): scsi: sd: Defer spinning up drive while SANITIZE is in progress Michael Neuling (1): powerpc/eeh: Fix race with driver un/bind Michael S. Tsirkin (2): virtio: add ability to iterate over vqs virtio_console: free buffers after reset Nicholas Piggin (1): rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops Nicolai Hähnle (1): drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders Nicolin Chen (1): ASoC: fsl_esai: Fix divisor calculation failure at lower ratio Ravi Chandra Sadineni (1): USB: Increment wakeup count on remote wakeup. Sergey Senozhatsky (1): tools/lib/subcmd/pager.c: do not alias select() params Shilpasri G Bhat (1): cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt Shuah Khan (3): usbip: usbip_event: fix to not print kernel pointer address usbip: usbip_host: fix to hold parent lock for device_attach() calls usbip: vhci_hcd: Fix usb device and sockfd leaks Stephan Mueller (1): crypto: drbg - set freed buffers to NULL Takashi Iwai (9): ALSA: usb-audio: Skip broken EU on Dell dock USB-audio ALSA: opl3: Hardening for potential Spectre v1 ALSA: asihpi: Hardening for potential Spectre v1 ALSA: hdspm: Hardening for potential Spectre v1 ALSA: rme9652: Hardening for potential Spectre v1 ALSA: control: Hardening for potential Spectre v1 ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device ALSA: seq: oss: Hardening for potential Spectre v1 ALSA: hda: Hardening for potential Spectre v1 Takashi Sakamoto (2): ALSA: dice: fix OUI for TC group ALSA: dice: fix error path to destroy initialized stream data Tetsuo Handa (2): tty: Don't call panic() at tty_ldisc_init() tty: Use __GFP_NOFAIL for tty_ldisc_get() Theodore Ts'o (5): ext4: set h_journal if there is a failure starting a reserved handle ext4: add validity checks for bitmap block numbers random: set up the NUMA crng instances after the CRNG is fully initialized random: fix possible sleeping allocation from irq context random: rate limit unseeded randomness warnings Tony Lindgren (2): tty: n_gsm: Fix long delays with control frame timeouts in ADM mode tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set Vasyl Vavrychuk (1): USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster Victor Gu (2): PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf() PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf() Yazen Ghannam (1): x86/smpboot: Don't use mwait_play_dead() on AMD systems

7 years, 1 month

1
1
0 0

Linux 4.14.39

by Greg KH

I'm announcing the release of the 4.14.39 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/virtual/kvm/api.txt | 9 + Documentation/virtual/kvm/arm/psci.txt | 30 +++++ Makefile | 2 arch/arm/configs/socfpga_defconfig | 1 arch/arm/include/asm/kvm_host.h | 3 arch/arm/include/uapi/asm/kvm.h | 6 + arch/arm/kvm/guest.c | 13 ++ arch/arm64/include/asm/kvm_host.h | 3 arch/arm64/include/uapi/asm/kvm.h | 6 + arch/arm64/kvm/guest.c | 14 ++ arch/powerpc/kernel/eeh_driver.c | 61 +++++++---- arch/powerpc/mm/mem.c | 2 arch/powerpc/platforms/powernv/npu-dma.c | 23 +++- arch/powerpc/platforms/powernv/opal-rtc.c | 8 - arch/x86/include/uapi/asm/msgbuf.h | 31 +++++ arch/x86/include/uapi/asm/shmbuf.h | 42 ++++++++ arch/x86/kernel/cpu/microcode/core.c | 6 - arch/x86/kernel/cpu/microcode/intel.c | 2 arch/x86/kernel/smpboot.c | 2 block/bfq-iosched.c | 10 + crypto/drbg.c | 2 drivers/amba/bus.c | 17 ++- drivers/android/binder.c | 8 + drivers/char/random.c | 90 ++++++++++++----- drivers/char/virtio_console.c | 157 +++++++++++++----------------- drivers/cpufreq/powernv-cpufreq.c | 14 ++ drivers/fpga/altera-ps-spi.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 7 - drivers/gpu/drm/i915/intel_runtime_pm.c | 11 -- drivers/gpu/drm/virtio/virtgpu_vq.c | 4 drivers/mtd/chips/cfi_cmdset_0001.c | 33 +++++- drivers/mtd/chips/cfi_cmdset_0002.c | 9 + drivers/mtd/nand/tango_nand.c | 2 drivers/mtd/spi-nor/cadence-quadspi.c | 19 +++ drivers/of/fdt.c | 7 - drivers/pci/host/pci-aardvark.c | 53 +++++----- drivers/rtc/rtc-opal.c | 37 ++++--- drivers/s390/cio/vfio_ccw_fsm.c | 19 ++- drivers/scsi/sd.c | 2 drivers/tty/n_gsm.c | 23 ++++ drivers/tty/serial/earlycon.c | 6 - drivers/tty/tty_io.c | 5 drivers/tty/tty_ldisc.c | 29 ++--- drivers/usb/core/hcd.c | 1 drivers/usb/core/hub.c | 10 + drivers/usb/core/quirks.c | 3 drivers/usb/host/xhci-pci.c | 5 drivers/usb/host/xhci-plat.c | 1 drivers/usb/serial/Kconfig | 1 drivers/usb/serial/cp210x.c | 1 drivers/usb/serial/ftdi_sio.c | 3 drivers/usb/serial/usb-serial-simple.c | 7 + drivers/usb/typec/ucsi/ucsi.c | 2 drivers/usb/usbip/stub_main.c | 5 drivers/usb/usbip/usbip_common.h | 2 drivers/usb/usbip/usbip_event.c | 4 drivers/usb/usbip/vhci_hcd.c | 13 ++ fs/ext4/balloc.c | 17 ++- fs/ext4/extents.c | 16 ++- fs/ext4/ialloc.c | 7 + fs/ext4/super.c | 1 fs/jbd2/transaction.c | 1 include/asm-generic/vmlinux.lds.h | 2 include/kvm/arm_psci.h | 16 ++- include/linux/mtd/flashchip.h | 1 include/linux/serial_core.h | 21 ++-- include/linux/tty.h | 2 include/linux/virtio.h | 3 include/sound/control.h | 7 - kernel/time/tick-sched.c | 11 +- lib/kobject.c | 12 -- net/ceph/messenger.c | 7 + net/ceph/mon_client.c | 14 ++ sound/core/pcm_compat.c | 7 - sound/core/pcm_native.c | 24 ++-- sound/core/seq/oss/seq_oss_event.c | 15 +- sound/core/seq/oss/seq_oss_midi.c | 2 sound/core/seq/oss/seq_oss_synth.c | 85 +++++++++------- sound/core/seq/oss/seq_oss_synth.h | 3 sound/drivers/opl3/opl3_synth.c | 7 - sound/firewire/dice/dice-stream.c | 2 sound/firewire/dice/dice.c | 2 sound/pci/asihpi/hpimsginit.c | 13 +- sound/pci/asihpi/hpioctl.c | 4 sound/pci/hda/hda_hwdep.c | 12 ++ sound/pci/hda/patch_hdmi.c | 9 + sound/pci/hda/patch_realtek.c | 5 sound/pci/rme9652/hdspm.c | 24 ++-- sound/pci/rme9652/rme9652.c | 6 - sound/soc/fsl/fsl_esai.c | 7 + sound/usb/mixer_maps.c | 3 tools/lib/str_error_r.c | 2 tools/lib/subcmd/pager.c | 5 virt/kvm/arm/arm.c | 15 +- virt/kvm/arm/psci.c | 60 +++++++++++ 95 files changed, 959 insertions(+), 379 deletions(-) Alistair Popple (1): powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large address range Anatolij Gustschin (1): fpga-manager: altera-ps-spi: preserve nCONFIG state Arnd Bergmann (1): x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds Balbir Singh (1): powerpc/mm: Flush cache on memory hot(un)plug Borislav Petkov (2): x86/microcode/intel: Save microcode patch unconditionally x86/microcode: Do not exit early from __reload_late() Collin May (1): USB: serial: simple: add libtransistor console Cornelia Huck (1): vfio: ccw: process ssch with interrupts disabled Daniel Kurtz (1): earlycon: Use a pointer table to fix __earlycon_table stride David Henningsson (1): ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr Dmitry Vyukov (1): kobject: don't use WARN for registration failures Eric Biggers (1): ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS Evan Wang (1): PCI: aardvark: Fix PCIe Max Read Request Size setting Geert Uytterhoeven (3): ARM: amba: Make driver_override output consistent with other buses ARM: amba: Fix race condition with driver_override ARM: amba: Don't read past the end of sysfs "driver_override" buffer Gerd Hoffmann (1): drm/virtio: fix vq wait_event condition Greg Kroah-Hartman (2): Revert "xhci: plat: Register shutdown for xhci_plat" Linux 4.14.39 Heikki Krogerus (1): usb: typec: ucsi: Increase command completion timeout value Ilya Dryomov (3): libceph: un-backoff on tick when we have a authenticated session libceph: reschedule a tick in finish_hunting() libceph: validate con->state at the top of try_write() Imre Deak (1): drm/i915: Enable display WA#1183 from its correct spot Jeffery Miller (1): ALSA: pcm: Return negative delays from SNDRV_PCM_IOCTL_DELAY. Jens Axboe (1): bfq-iosched: ensure to clear bic/bfqq pointers when preparing request Joakim Tjernlund (3): mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block. mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug. mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block. Josh Poimboeuf (1): objtool, perf: Fix GCC 8 -Wrestrict error Kai-Heng Feng (1): xhci: Fix USB ports for Dell Inspiron 5775 Kailang Yang (3): ALSA: hda/realtek - Add some fixes for ALC233 ALSA: hda/realtek - Update ALC255 depop optimize ALSA: hda/realtek - change the location for one of two front mics Kamil Lulko (1): usb: core: Add quirk for HP v222w 16GB Mini Kyle Roeschley (1): USB: serial: cp210x: add ID for NI USB serial console Lukas Czerner (1): ext4: fix bitmap position validation Mahesh Rajashekhara (1): scsi: sd: Defer spinning up drive while SANITIZE is in progress Marc Gonzalez (1): mtd: rawnand: tango: Fix struct clk memory leak Marc Zyngier (2): KVM: arm/arm64: Close VMID generation race arm/arm64: KVM: Add PSCI version selection API Martijn Coenen (1): ANDROID: binder: prevent transactions into own process. Michael Neuling (1): powerpc/eeh: Fix race with driver un/bind Michael S. Tsirkin (6): virtio: add ability to iterate over vqs virtio_console: don't tie bufs to a vq virtio_console: free buffers after reset virtio_console: drop custom control queue cleanup virtio_console: move removal code virtio_console: reset on out of memory Nicholas Piggin (1): rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops Nicolai Hähnle (1): drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders Nicolin Chen (1): ASoC: fsl_esai: Fix divisor calculation failure at lower ratio Ravi Chandra Sadineni (1): USB: Increment wakeup count on remote wakeup. Sergey Senozhatsky (1): tools/lib/subcmd/pager.c: do not alias select() params Shilpasri G Bhat (1): cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt Shuah Khan (4): usbip: usbip_event: fix to not print kernel pointer address usbip: usbip_host: fix to hold parent lock for device_attach() calls usbip: vhci_hcd: Fix usb device and sockfd leaks usbip: vhci_hcd: check rhport before using in vhci_hub_control() Stephan Mueller (1): crypto: drbg - set freed buffers to NULL Takashi Iwai (10): ALSA: usb-audio: Skip broken EU on Dell dock USB-audio ALSA: hda - Skip jack and others for non-existing PCM streams ALSA: opl3: Hardening for potential Spectre v1 ALSA: asihpi: Hardening for potential Spectre v1 ALSA: hdspm: Hardening for potential Spectre v1 ALSA: rme9652: Hardening for potential Spectre v1 ALSA: control: Hardening for potential Spectre v1 ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device ALSA: seq: oss: Hardening for potential Spectre v1 ALSA: hda: Hardening for potential Spectre v1 Takashi Sakamoto (2): ALSA: dice: fix OUI for TC group ALSA: dice: fix error path to destroy initialized stream data Tetsuo Handa (3): tty: Don't call panic() at tty_ldisc_init() tty: Avoid possible error pointer dereference at tty_ldisc_restore(). tty: Use __GFP_NOFAIL for tty_ldisc_get() Theodore Ts'o (6): ext4: set h_journal if there is a failure starting a reserved handle ext4: add MODULE_SOFTDEP to ensure crc32c is included in the initramfs ext4: add validity checks for bitmap block numbers random: set up the NUMA crng instances after the CRNG is fully initialized random: fix possible sleeping allocation from irq context random: rate limit unseeded randomness warnings Thomas Gleixner (1): tick/sched: Do not mess with an enqueued hrtimer Thor Thayer (2): mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic ARM: socfpga_defconfig: Remove QSPI Sector 4K size force Tony Lindgren (2): tty: n_gsm: Fix long delays with control frame timeouts in ADM mode tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set Vasyl Vavrychuk (1): USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster Victor Gu (3): PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf() PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf() PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode Yazen Ghannam (1): x86/smpboot: Don't use mwait_play_dead() on AMD systems

7 years, 1 month

1
1
0 0

Re: Patch "PCI: endpoint: Fix kernel panic after put_device()" has been added to the 4.16-stable tree

by Rolf Evers-Fischer

On Wed, May 2, 2018 at 00:35 AM <gregkh(a)linuxfoundation.org> wrote: > This is a note to let you know that I've just added the patch titled > PCI: endpoint: Fix kernel panic after put_device() > to the 4.16-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > The filename of the patch is: > pci-endpoint-fix-kernel-panic-after-put_device.patch > and it can be found in the queue-4.16 subdirectory. > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. This patch is the 2nd one of a series of patches. If you want to add it to the stable tree without the first patch, you must add a + kfree(func_name); before returning from the function. The upstream commit of the first patch is 36cc14ac14c0d49d33820a82dab52a7edc802fef PCI: endpoint: Simplify name allocation for EPF device Kind regards, Rolf > From foo@baz Tue May 1 14:59:17 PDT 2018 > From: Rolf Evers-Fischer <rolf.evers.fischer(a)aptiv.com> > Date: Wed, 28 Feb 2018 18:32:19 +0100 > Subject: PCI: endpoint: Fix kernel panic after put_device() > From: Rolf Evers-Fischer <rolf.evers.fischer(a)aptiv.com> > [ Upstream commit 9eef6a5c3b0bf90eb292d462ea267bcb6ad1c334 ] > 'put_device()' calls the relase function 'pci_epf_dev_release()', > which already frees 'epf->name' and 'epf'. > Therefore we must not free them again after 'put_device()'. > Fixes: 5e8cb4033807 ("PCI: endpoint: Add EP core layer to enable EP > controller and EP functions") > Signed-off-by: Rolf Evers-Fischer <rolf.evers.fischer(a)aptiv.com> > Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> > Acked-by: Kishon Vijay Abraham I <kishon(a)ti.com> > Reviewed-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> > Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > drivers/pci/endpoint/pci-epf-core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > --- a/drivers/pci/endpoint/pci-epf-core.c > +++ b/drivers/pci/endpoint/pci-epf-core.c > @@ -243,7 +243,7 @@ struct pci_epf *pci_epf_create(const cha > put_dev: > put_device(dev); > - kfree(epf->name); > + return ERR_PTR(ret); > free_func_name: > kfree(func_name); > Patches currently in stable-queue which might be from > rolf.evers.fischer(a)aptiv.com are > queue-4.16/pci-endpoint-fix-kernel-panic-after-put_device.patch

7 years, 1 month

2
3
0 0

Linux 4.16.7

by Greg KH

I'm announcing the release of the 4.16.7 kernel. All users of the 4.16 kernel series must upgrade. The updated 4.16.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.16.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/virtual/kvm/api.txt | 9 Documentation/virtual/kvm/arm/psci.txt | 30 ++ Makefile | 2 arch/arm/boot/dts/gemini-nas4220b.dts | 28 +- arch/arm/configs/socfpga_defconfig | 1 arch/arm/include/asm/kvm_host.h | 3 arch/arm/include/uapi/asm/kvm.h | 6 arch/arm/kvm/guest.c | 13 arch/arm64/include/asm/kvm_host.h | 3 arch/arm64/include/uapi/asm/kvm.h | 6 arch/arm64/kvm/guest.c | 14 - arch/powerpc/kernel/mce_power.c | 7 arch/powerpc/mm/mem.c | 2 arch/powerpc/platforms/powernv/npu-dma.c | 23 + arch/powerpc/platforms/powernv/opal-rtc.c | 8 arch/sparc/include/uapi/asm/oradax.h | 2 arch/x86/include/uapi/asm/msgbuf.h | 31 ++ arch/x86/include/uapi/asm/shmbuf.h | 42 +++ arch/x86/kernel/cpu/microcode/core.c | 6 arch/x86/kernel/cpu/microcode/intel.c | 2 arch/x86/kernel/smpboot.c | 2 block/bfq-iosched.c | 10 block/blk-core.c | 15 - block/blk-mq.c | 7 crypto/drbg.c | 2 drivers/amba/bus.c | 17 - drivers/android/binder.c | 8 drivers/char/random.c | 90 +++++- drivers/char/virtio_console.c | 157 +++++------- drivers/cpufreq/powernv-cpufreq.c | 14 - drivers/crypto/ccp/sp-dev.c | 6 drivers/fpga/altera-ps-spi.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 7 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_irq.c | 5 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 32 -- drivers/gpu/drm/drm_edid.c | 11 drivers/gpu/drm/i915/intel_cdclk.c | 16 + drivers/gpu/drm/i915/intel_fbdev.c | 2 drivers/gpu/drm/i915/intel_runtime_pm.c | 11 drivers/gpu/drm/virtio/virtgpu_vq.c | 4 drivers/mtd/chips/cfi_cmdset_0001.c | 33 ++ drivers/mtd/chips/cfi_cmdset_0002.c | 9 drivers/mtd/nand/marvell_nand.c | 25 - drivers/mtd/nand/tango_nand.c | 2 drivers/mtd/spi-nor/cadence-quadspi.c | 19 + drivers/of/fdt.c | 7 drivers/pci/host/pci-aardvark.c | 53 ++-- drivers/pci/pci-driver.c | 5 drivers/rtc/rtc-opal.c | 37 +- drivers/s390/cio/vfio_ccw_fsm.c | 19 - drivers/sbus/char/oradax.c | 2 drivers/scsi/sd.c | 2 drivers/scsi/sd_zbc.c | 140 ++++++---- drivers/slimbus/messaging.c | 2 drivers/tty/n_gsm.c | 23 + drivers/tty/serial/earlycon.c | 6 drivers/tty/serial/mvebu-uart.c | 1 drivers/tty/tty_io.c | 5 drivers/tty/tty_ldisc.c | 29 -- drivers/usb/core/hcd.c | 1 drivers/usb/core/hub.c | 10 drivers/usb/core/quirks.c | 3 drivers/usb/host/xhci-dbgtty.c | 8 drivers/usb/host/xhci-pci.c | 5 drivers/usb/host/xhci-plat.c | 1 drivers/usb/serial/Kconfig | 1 drivers/usb/serial/cp210x.c | 1 drivers/usb/serial/ftdi_sio.c | 3 drivers/usb/serial/usb-serial-simple.c | 7 drivers/usb/typec/ucsi/ucsi.c | 2 drivers/usb/usbip/stub_main.c | 5 drivers/usb/usbip/usbip_common.h | 2 drivers/usb/usbip/usbip_event.c | 4 drivers/usb/usbip/vhci_hcd.c | 13 drivers/virt/vboxguest/vboxguest_core.c | 66 ++--- drivers/virt/vboxguest/vboxguest_core.h | 9 drivers/virt/vboxguest/vboxguest_linux.c | 19 + drivers/virt/vboxguest/vboxguest_utils.c | 17 - fs/cifs/cifssmb.c | 3 fs/cifs/smb2ops.c | 18 + fs/cifs/smb2pdu.c | 4 fs/cifs/smbdirect.c | 36 -- fs/cifs/transport.c | 4 fs/ext4/balloc.c | 17 + fs/ext4/extents.c | 16 - fs/ext4/ialloc.c | 7 fs/ext4/super.c | 1 fs/jbd2/transaction.c | 1 include/asm-generic/vmlinux.lds.h | 2 include/kvm/arm_psci.h | 16 + include/linux/blkdev.h | 5 include/linux/mtd/flashchip.h | 1 include/linux/serial_core.h | 21 + include/linux/tty.h | 2 include/linux/vbox_utils.h | 23 - include/linux/virtio.h | 3 include/sound/control.h | 7 kernel/module.c | 3 kernel/time/tick-sched.c | 11 lib/kobject.c | 12 net/ceph/messenger.c | 7 net/ceph/mon_client.c | 14 - sound/core/pcm_compat.c | 7 sound/core/pcm_native.c | 24 - sound/core/seq/oss/seq_oss_event.c | 15 - sound/core/seq/oss/seq_oss_midi.c | 2 sound/core/seq/oss/seq_oss_synth.c | 85 +++--- sound/core/seq/oss/seq_oss_synth.h | 3 sound/drivers/opl3/opl3_synth.c | 7 sound/firewire/dice/dice-stream.c | 2 sound/firewire/dice/dice.c | 2 sound/pci/asihpi/hpimsginit.c | 13 sound/pci/asihpi/hpioctl.c | 4 sound/pci/hda/hda_hwdep.c | 12 sound/pci/hda/patch_hdmi.c | 9 sound/pci/hda/patch_realtek.c | 5 sound/pci/rme9652/hdspm.c | 24 + sound/pci/rme9652/rme9652.c | 6 sound/soc/fsl/fsl_esai.c | 7 sound/soc/omap/omap-dmic.c | 14 - sound/usb/mixer_maps.c | 3 tools/lib/str_error_r.c | 2 virt/kvm/arm/arm.c | 15 - virt/kvm/arm/psci.c | 60 ++++ 125 files changed, 1216 insertions(+), 601 deletions(-) Abhay Kumar (1): drm/i915/audio: set minimum CD clock to twice the BCLK Alan Jenkins (1): block: do not use interruptible wait anywhere Alistair Popple (1): powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large address range Anatolij Gustschin (1): fpga-manager: altera-ps-spi: preserve nCONFIG state Arnd Bergmann (1): x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds Balbir Singh (1): powerpc/mm: Flush cache on memory hot(un)plug Bart Van Assche (1): scsi: sd_zbc: Avoid that resetting a zone fails sporadically Borislav Petkov (2): x86/microcode/intel: Save microcode patch unconditionally x86/microcode: Do not exit early from __reload_late() Brijesh Singh (1): crypto: ccp - add check to get PSP master only when PSP is detected Collin May (1): USB: serial: simple: add libtransistor console Cornelia Huck (1): vfio: ccw: process ssch with interrupts disabled Daniel Kurtz (1): earlycon: Use a pointer table to fix __earlycon_table stride David Henningsson (1): ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr Dmitry Vyukov (1): kobject: don't use WARN for registration failures Eric Biggers (1): ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS Evan Wang (1): PCI: aardvark: Fix PCIe Max Read Request Size setting Geert Uytterhoeven (4): ARM: amba: Make driver_override output consistent with other buses ARM: amba: Fix race condition with driver_override ARM: amba: Don't read past the end of sysfs "driver_override" buffer slimbus: Fix out-of-bounds access in slim_slicesize() Gerd Hoffmann (1): drm/virtio: fix vq wait_event condition Greg Kroah-Hartman (2): Revert "xhci: plat: Register shutdown for xhci_plat" Linux 4.16.7 Hans de Goede (3): virt: vbox: Move declarations of vboxguest private functions to private header virt: vbox: Add vbg_req_free() helper function virt: vbox: Use __get_free_pages instead of kmalloc for DMA32 memory Harry Wentland (2): drm/amd/display: Don't read EDID in atomic_check drm/amd/display: Disallow enabling CRTC without primary plane with FB Heikki Krogerus (1): usb: typec: ucsi: Increase command completion timeout value Ilya Dryomov (3): libceph: un-backoff on tick when we have a authenticated session libceph: reschedule a tick in finish_hunting() libceph: validate con->state at the top of try_write() Imre Deak (1): drm/i915: Enable display WA#1183 from its correct spot Jeffery Miller (1): ALSA: pcm: Return negative delays from SNDRV_PCM_IOCTL_DELAY. Jens Axboe (1): bfq-iosched: ensure to clear bic/bfqq pointers when preparing request Jianchao Wang (1): blk-mq: start request gstate with gen 1 Joakim Tjernlund (3): mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block. mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug. mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block. Josh Poimboeuf (1): objtool, perf: Fix GCC 8 -Wrestrict error José Roberto de Souza (1): drm/i915/fbdev: Enable late fbdev initial configuration Kai-Heng Feng (1): xhci: Fix USB ports for Dell Inspiron 5775 Kailang Yang (3): ALSA: hda/realtek - Add some fixes for ALC233 ALSA: hda/realtek - Update ALC255 depop optimize ALSA: hda/realtek - change the location for one of two front mics Kamil Lulko (1): usb: core: Add quirk for HP v222w 16GB Mini Kyle Roeschley (1): USB: serial: cp210x: add ID for NI USB serial console Linus Walleij (1): ARM: dts: Fix NAS4220B pin config Long Li (2): cifs: smbd: Avoid allocating iov on the stack cifs: smbd: Don't use RDMA read/write when signing is used Lukas Czerner (1): ext4: fix bitmap position validation Mahesh Rajashekhara (1): scsi: sd: Defer spinning up drive while SANITIZE is in progress Mahesh Salgaonkar (1): powerpc/mce: Fix a bug where mce loops on memory UE. Marc Gonzalez (1): mtd: rawnand: tango: Fix struct clk memory leak Marc Zyngier (3): serial: mvebu-uart: Fix local flags handling on termios update KVM: arm/arm64: Close VMID generation race arm/arm64: KVM: Add PSCI version selection API Martijn Coenen (1): ANDROID: binder: prevent transactions into own process. Michael S. Tsirkin (6): virtio: add ability to iterate over vqs virtio_console: don't tie bufs to a vq virtio_console: free buffers after reset virtio_console: drop custom control queue cleanup virtio_console: move removal code virtio_console: reset on out of memory Mika Westerberg (1): PCI / PM: Do not clear state_saved in pci_pm_freeze() when smart suspend is set Mikita Lipski (1): drm/amd/display: Fix deadlock when flushing irq Miquel Raynal (1): mtd: rawnand: marvell: fix the chip-select DT parsing logic Nicholas Piggin (1): rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops Nicolai Hähnle (1): drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders Nicolin Chen (1): ASoC: fsl_esai: Fix divisor calculation failure at lower ratio Ravi Chandra Sadineni (1): USB: Increment wakeup count on remote wakeup. Rob Gardner (1): sparc64: Fix mistake in oradax license text Shilpasri G Bhat (1): cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt Shuah Khan (4): usbip: usbip_event: fix to not print kernel pointer address usbip: usbip_host: fix to hold parent lock for device_attach() calls usbip: vhci_hcd: Fix usb device and sockfd leaks usbip: vhci_hcd: check rhport before using in vhci_hub_control() Stephan Mueller (1): crypto: drbg - set freed buffers to NULL Steve French (1): SMB311: Fix reconnect Takashi Iwai (10): ALSA: usb-audio: Skip broken EU on Dell dock USB-audio ALSA: hda - Skip jack and others for non-existing PCM streams ALSA: opl3: Hardening for potential Spectre v1 ALSA: asihpi: Hardening for potential Spectre v1 ALSA: hdspm: Hardening for potential Spectre v1 ALSA: rme9652: Hardening for potential Spectre v1 ALSA: control: Hardening for potential Spectre v1 ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device ALSA: seq: oss: Hardening for potential Spectre v1 ALSA: hda: Hardening for potential Spectre v1 Takashi Sakamoto (2): ALSA: dice: fix OUI for TC group ALSA: dice: fix error path to destroy initialized stream data Tero Kristo (1): ASoC: dmic: Fix clock parenting Tetsuo Handa (3): tty: Don't call panic() at tty_ldisc_init() tty: Avoid possible error pointer dereference at tty_ldisc_restore(). tty: Use __GFP_NOFAIL for tty_ldisc_get() Theodore Ts'o (6): ext4: set h_journal if there is a failure starting a reserved handle ext4: add MODULE_SOFTDEP to ensure crc32c is included in the initramfs ext4: add validity checks for bitmap block numbers random: set up the NUMA crng instances after the CRNG is fully initialized random: fix possible sleeping allocation from irq context random: rate limit unseeded randomness warnings Thomas Gleixner (1): tick/sched: Do not mess with an enqueued hrtimer Thomas Richter (1): module: Fix display of wrong module .text address Thor Thayer (2): mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic ARM: socfpga_defconfig: Remove QSPI Sector 4K size force Tony Lindgren (2): tty: n_gsm: Fix long delays with control frame timeouts in ADM mode tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set Vasyl Vavrychuk (1): USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster Victor Gu (3): PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf() PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf() PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode Ville Syrjälä (1): drm/edid: Reset more of the display info Yazen Ghannam (1): x86/smpboot: Don't use mwait_play_dead() on AMD systems Zhengjun Xing (1): xhci: Fix Kernel oops in xhci dbgtty

7 years, 1 month

1
1
0 0

Please apply 1572e45a924f ("perf/core: Fix the perf_cpu_time ...") to v4.9.y and older

by Guenter Roeck

Hi Greg, upstream commit 1572e45a924f ("perf/core: Fix the perf_cpu_time_max_percent check") fixes CVE-2017-18255. Please apply to v4.9.y and older. The patch applies cleanly to v4.9.y and v4.4.y; I didn't check older kernels. More recent kernels are not affected. Thanks, Guenter

7 years, 1 month

2
1
0 0

Re: Patch "PCI: endpoint: Fix kernel panic after put_device()" has been added to the 4.14-stable tree

by Rolf Evers-Fischer

On Wed, May 2, 2018 at 1:49 AM <gregkh(a)linuxfoundation.org> wrote: > This is a note to let you know that I've just added the patch titled > PCI: endpoint: Fix kernel panic after put_device() > to the 4.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > The filename of the patch is: > pci-endpoint-fix-kernel-panic-after-put_device.patch > and it can be found in the queue-4.14 subdirectory. > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. This patch is the 2nd one of a series of patches. If you want to add it to the stable tree without the first patch, you must add a + kfree(func_name); before returning from the function. The upstream commit of the first patch is 36cc14ac14c0d49d33820a82dab52a7edc802fef PCI: endpoint: Simplify name allocation for EPF device Kind regards, Rolf > From foo@baz Tue May 1 16:18:20 PDT 2018 > From: Rolf Evers-Fischer <rolf.evers.fischer(a)aptiv.com> > Date: Wed, 28 Feb 2018 18:32:19 +0100 > Subject: PCI: endpoint: Fix kernel panic after put_device() > From: Rolf Evers-Fischer <rolf.evers.fischer(a)aptiv.com> > [ Upstream commit 9eef6a5c3b0bf90eb292d462ea267bcb6ad1c334 ] > 'put_device()' calls the relase function 'pci_epf_dev_release()', > which already frees 'epf->name' and 'epf'. > Therefore we must not free them again after 'put_device()'. > Fixes: 5e8cb4033807 ("PCI: endpoint: Add EP core layer to enable EP > controller and EP functions") > Signed-off-by: Rolf Evers-Fischer <rolf.evers.fischer(a)aptiv.com> > Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> > Acked-by: Kishon Vijay Abraham I <kishon(a)ti.com> > Reviewed-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> > Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > drivers/pci/endpoint/pci-epf-core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > --- a/drivers/pci/endpoint/pci-epf-core.c > +++ b/drivers/pci/endpoint/pci-epf-core.c > @@ -254,7 +254,7 @@ struct pci_epf *pci_epf_create(const cha > put_dev: > put_device(dev); > - kfree(epf->name); > + return ERR_PTR(ret); > free_func_name: > kfree(func_name); > Patches currently in stable-queue which might be from > rolf.evers.fischer(a)aptiv.com are > queue-4.14/pci-endpoint-fix-kernel-panic-after-put_device.patch

7 years, 1 month

2
1
0 0

[PATCH 2/4] xen/PVH: Use proper CS selector in long mode

by Boris Ostrovsky

Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: stable(a)vger.kernel.org --- arch/x86/xen/xen-pvh.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/xen/xen-pvh.S b/arch/x86/xen/xen-pvh.S index 934f7d4..373fef0 100644 --- a/arch/x86/xen/xen-pvh.S +++ b/arch/x86/xen/xen-pvh.S @@ -93,7 +93,7 @@ ENTRY(pvh_start_xen) mov %eax, %cr0 /* Jump to 64-bit mode. */ - ljmp $__KERNEL_CS, $_pa(1f) + ljmp $__BOOT_CS, $_pa(1f) /* 64-bit entry point. */ .code64 -- 2.9.3

7 years, 1 month

3
6
0 0

Re: Patch "mm, mlock, vmscan: no more skipping pagevecs" has been added to the 4.14-stable tree

by Shakeel Butt

On Tue, May 1, 2018 at 4:52 PM <gregkh(a)linuxfoundation.org> wrote: > This is a note to let you know that I've just added the patch titled > mm, mlock, vmscan: no more skipping pagevecs > to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > The filename of the patch is: > mm-mlock-vmscan-no-more-skipping-pagevecs.patch > and it can be found in the queue-4.14 subdirectory. > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. I would advise not to include this patch in the previous stable trees. This patch does not fix any critical bug and for some very specific microbenchmarks on very large machines, it has shown performance regression. So, I don't think it is worth the risk. > From foo@baz Tue May 1 16:18:19 PDT 2018 > From: Shakeel Butt <shakeelb(a)google.com> > Date: Wed, 21 Feb 2018 14:45:28 -0800 > Subject: mm, mlock, vmscan: no more skipping pagevecs > From: Shakeel Butt <shakeelb(a)google.com> > [ Upstream commit 9c4e6b1a7027f102990c0395296015a812525f4d ] > When a thread mlocks an address space backed either by file pages which > are currently not present in memory or swapped out anon pages (not in > swapcache), a new page is allocated and added to the local pagevec > (lru_add_pvec), I/O is triggered and the thread then sleeps on the page. > On I/O completion, the thread can wake on a different CPU, the mlock > syscall will then sets the PageMlocked() bit of the page but will not be > able to put that page in unevictable LRU as the page is on the pagevec > of a different CPU. Even on drain, that page will go to evictable LRU > because the PageMlocked() bit is not checked on pagevec drain. > The page will eventually go to right LRU on reclaim but the LRU stats > will remain skewed for a long time. > This patch puts all the pages, even unevictable, to the pagevecs and on > the drain, the pages will be added on their LRUs correctly by checking > their evictability. This resolves the mlocked pages on pagevec of other > CPUs issue because when those pagevecs will be drained, the mlocked file > pages will go to unevictable LRU. Also this makes the race with munlock > easier to resolve because the pagevec drains happen in LRU lock. > However there is still one place which makes a page evictable and does > PageLRU check on that page without LRU lock and needs special attention. > TestClearPageMlocked() and isolate_lru_page() in clear_page_mlock(). > #0: __pagevec_lru_add_fn #1: clear_page_mlock > SetPageLRU() if (!TestClearPageMlocked()) > return > smp_mb() // <--required > // inside does PageLRU > if (!PageMlocked()) if (isolate_lru_page()) > move to evictable LRU putback_lru_page() > else > move to unevictable LRU > In '#1', TestClearPageMlocked() provides full memory barrier semantics > and thus the PageLRU check (inside isolate_lru_page) can not be > reordered before it. > In '#0', without explicit memory barrier, the PageMlocked() check can be > reordered before SetPageLRU(). If that happens, '#0' can put a page in > unevictable LRU and '#1' might have just cleared the Mlocked bit of that > page but fails to isolate as PageLRU fails as '#0' still hasn't set > PageLRU bit of that page. That page will be stranded on the unevictable > LRU. > There is one (good) side effect though. Without this patch, the pages > allocated for System V shared memory segment are added to evictable LRUs > even after shmctl(SHM_LOCK) on that segment. This patch will correctly > put such pages to unevictable LRU. > Link: http://lkml.kernel.org/r/20171121211241.18877-1-shakeelb@google.com > Signed-off-by: Shakeel Butt <shakeelb(a)google.com> > Acked-by: Vlastimil Babka <vbabka(a)suse.cz> > Cc: Jérôme Glisse <jglisse(a)redhat.com> > Cc: Huang Ying <ying.huang(a)intel.com> > Cc: Tim Chen <tim.c.chen(a)linux.intel.com> > Cc: Michal Hocko <mhocko(a)kernel.org> > Cc: Greg Thelen <gthelen(a)google.com> > Cc: Johannes Weiner <hannes(a)cmpxchg.org> > Cc: Balbir Singh <bsingharora(a)gmail.com> > Cc: Minchan Kim <minchan(a)kernel.org> > Cc: Shaohua Li <shli(a)fb.com> > Cc: Jan Kara <jack(a)suse.cz> > Cc: Nicholas Piggin <npiggin(a)gmail.com> > Cc: Dan Williams <dan.j.williams(a)intel.com> > Cc: Mel Gorman <mgorman(a)suse.de> > Cc: Hugh Dickins <hughd(a)google.com> > Cc: Vlastimil Babka <vbabka(a)suse.cz> > Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> > Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> > Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > include/linux/swap.h | 2 - > mm/mlock.c | 6 +++ > mm/swap.c | 82 +++++++++++++++++++++++++++++---------------------- > mm/vmscan.c | 59 ------------------------------------ > 4 files changed, 54 insertions(+), 95 deletions(-) > --- a/include/linux/swap.h > +++ b/include/linux/swap.h > @@ -326,8 +326,6 @@ extern void deactivate_file_page(struct > extern void mark_page_lazyfree(struct page *page); > extern void swap_setup(void); > -extern void add_page_to_unevictable_list(struct page *page); > - > extern void lru_cache_add_active_or_unevictable(struct page *page, > struct vm_area_struct *vma); > --- a/mm/mlock.c > +++ b/mm/mlock.c > @@ -64,6 +64,12 @@ void clear_page_mlock(struct page *page) > mod_zone_page_state(page_zone(page), NR_MLOCK, > -hpage_nr_pages(page)); > count_vm_event(UNEVICTABLE_PGCLEARED); > + /* > + * The previous TestClearPageMlocked() corresponds to the smp_mb() > + * in __pagevec_lru_add_fn(). > + * > + * See __pagevec_lru_add_fn for more explanation. > + */ > if (!isolate_lru_page(page)) { > putback_lru_page(page); > } else { > --- a/mm/swap.c > +++ b/mm/swap.c > @@ -446,30 +446,6 @@ void lru_cache_add(struct page *page) > } > /** > - * add_page_to_unevictable_list - add a page to the unevictable list > - * @page: the page to be added to the unevictable list > - * > - * Add page directly to its zone's unevictable list. To avoid races with > - * tasks that might be making the page evictable, through eg. munlock, > - * munmap or exit, while it's not on the lru, we want to add the page > - * while it's locked or otherwise "invisible" to other tasks. This is > - * difficult to do when using the pagevec cache, so bypass that. > - */ > -void add_page_to_unevictable_list(struct page *page) > -{ > - struct pglist_data *pgdat = page_pgdat(page); > - struct lruvec *lruvec; > - > - spin_lock_irq(&pgdat->lru_lock); > - lruvec = mem_cgroup_page_lruvec(page, pgdat); > - ClearPageActive(page); > - SetPageUnevictable(page); > - SetPageLRU(page); > - add_page_to_lru_list(page, lruvec, LRU_UNEVICTABLE); > - spin_unlock_irq(&pgdat->lru_lock); > -} > - > -/** > * lru_cache_add_active_or_unevictable > * @page: the page to be added to LRU > * @vma: vma in which page is mapped for determining reclaimability > @@ -484,13 +460,9 @@ void lru_cache_add_active_or_unevictable > { > VM_BUG_ON_PAGE(PageLRU(page), page); > - if (likely((vma->vm_flags & (VM_LOCKED | VM_SPECIAL)) != VM_LOCKED)) { > + if (likely((vma->vm_flags & (VM_LOCKED | VM_SPECIAL)) != VM_LOCKED)) > SetPageActive(page); > - lru_cache_add(page); > - return; > - } > - > - if (!TestSetPageMlocked(page)) { > + else if (!TestSetPageMlocked(page)) { > /* > * We use the irq-unsafe __mod_zone_page_stat because this > * counter is not modified from interrupt context, and the pte > @@ -500,7 +472,7 @@ void lru_cache_add_active_or_unevictable > hpage_nr_pages(page)); > count_vm_event(UNEVICTABLE_PGMLOCKED); > } > - add_page_to_unevictable_list(page); > + lru_cache_add(page); > } > /* > @@ -883,15 +855,55 @@ void lru_add_page_tail(struct page *page > static void __pagevec_lru_add_fn(struct page *page, struct lruvec *lruvec, > void *arg) > { > - int file = page_is_file_cache(page); > - int active = PageActive(page); > - enum lru_list lru = page_lru(page); > + enum lru_list lru; > + int was_unevictable = TestClearPageUnevictable(page); > VM_BUG_ON_PAGE(PageLRU(page), page); > SetPageLRU(page); > + /* > + * Page becomes evictable in two ways: > + * 1) Within LRU lock [munlock_vma_pages() and __munlock_pagevec()]. > + * 2) Before acquiring LRU lock to put the page to correct LRU and then > + * a) do PageLRU check with lock [check_move_unevictable_pages] > + * b) do PageLRU check before lock [clear_page_mlock] > + * > + * (1) & (2a) are ok as LRU lock will serialize them. For (2b), we need > + * following strict ordering: > + * > + * #0: __pagevec_lru_add_fn #1: clear_page_mlock > + * > + * SetPageLRU() TestClearPageMlocked() > + * smp_mb() // explicit ordering // above provides strict > + * // ordering > + * PageMlocked() PageLRU() > + * > + * > + * if '#1' does not observe setting of PG_lru by '#0' and fails > + * isolation, the explicit barrier will make sure that page_evictable > + * check will put the page in correct LRU. Without smp_mb(), SetPageLRU > + * can be reordered after PageMlocked check and can make '#1' to fail > + * the isolation of the page whose Mlocked bit is cleared (#0 is also > + * looking at the same page) and the evictable page will be stranded > + * in an unevictable LRU. > + */ > + smp_mb(); > + > + if (page_evictable(page)) { > + lru = page_lru(page); > + update_page_reclaim_stat(lruvec, page_is_file_cache(page), > + PageActive(page)); > + if (was_unevictable) > + count_vm_event(UNEVICTABLE_PGRESCUED); > + } else { > + lru = LRU_UNEVICTABLE; > + ClearPageActive(page); > + SetPageUnevictable(page); > + if (!was_unevictable) > + count_vm_event(UNEVICTABLE_PGCULLED); > + } > + > add_page_to_lru_list(page, lruvec, lru); > - update_page_reclaim_stat(lruvec, file, active); > trace_mm_lru_insertion(page, lru); > } > --- a/mm/vmscan.c > +++ b/mm/vmscan.c > @@ -790,64 +790,7 @@ int remove_mapping(struct address_space > */ > void putback_lru_page(struct page *page) > { > - bool is_unevictable; > - int was_unevictable = PageUnevictable(page); > - > - VM_BUG_ON_PAGE(PageLRU(page), page); > - > -redo: > - ClearPageUnevictable(page); > - > - if (page_evictable(page)) { > - /* > - * For evictable pages, we can use the cache. > - * In event of a race, worst case is we end up with an > - * unevictable page on [in]active list. > - * We know how to handle that. > - */ > - is_unevictable = false; > - lru_cache_add(page); > - } else { > - /* > - * Put unevictable pages directly on zone's unevictable > - * list. > - */ > - is_unevictable = true; > - add_page_to_unevictable_list(page); > - /* > - * When racing with an mlock or AS_UNEVICTABLE clearing > - * (page is unlocked) make sure that if the other thread > - * does not observe our setting of PG_lru and fails > - * isolation/check_move_unevictable_pages, > - * we see PG_mlocked/AS_UNEVICTABLE cleared below and move > - * the page back to the evictable list. > - * > - * The other side is TestClearPageMlocked() or shmem_lock(). > - */ > - smp_mb(); > - } > - > - /* > - * page's status can change while we move it among lru. If an evictable > - * page is on unevictable list, it never be freed. To avoid that, > - * check after we added it to the list, again. > - */ > - if (is_unevictable && page_evictable(page)) { > - if (!isolate_lru_page(page)) { > - put_page(page); > - goto redo; > - } > - /* This means someone else dropped this page from LRU > - * So, it will be freed or putback to LRU again. There is > - * nothing to do here. > - */ > - } > - > - if (was_unevictable && !is_unevictable) > - count_vm_event(UNEVICTABLE_PGRESCUED); > - else if (!was_unevictable && is_unevictable) > - count_vm_event(UNEVICTABLE_PGCULLED); > - > + lru_cache_add(page); > put_page(page); /* drop ref from isolate */ > } > Patches currently in stable-queue which might be from shakeelb(a)google.com are > queue-4.14/mm-slab-memcg_link-the-slab-s-kmem_cache.patch > queue-4.14/mm-mlock-vmscan-no-more-skipping-pagevecs.patch

7 years, 1 month

2
1
0 0

[PATCH 1/4] xen/PVH: Replace GDT_ENTRY with explicit constant

by Boris Ostrovsky

Latest binutils release (2.29.1) will no longer allow proper computation of GDT entries on 32-bits, with warning: arch/x86/xen/xen-pvh.S: Assembler messages: arch/x86/xen/xen-pvh.S:150: Warning: shift count out of range (32 is not between 0 and 31) arch/x86/xen/xen-pvh.S:150: Warning: shift count out of range (40 is not between 0 and 31) arch/x86/xen/xen-pvh.S:150: Warning: shift count out of range (32 is not between 0 and 31) arch/x86/xen/xen-pvh.S:152: Warning: shift count out of range (32 is not between 0 and 31) arch/x86/xen/xen-pvh.S:152: Warning: shift count out of range (40 is not between 0 and 31) arch/x86/xen/xen-pvh.S:152: Warning: shift count out of range (32 is not between 0 and 31) Use explicit value of the entry instead of using GDT_ENTRY() macro. Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: stable(a)vger.kernel.org --- arch/x86/xen/xen-pvh.S | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/xen/xen-pvh.S b/arch/x86/xen/xen-pvh.S index e1a5fbe..934f7d4 100644 --- a/arch/x86/xen/xen-pvh.S +++ b/arch/x86/xen/xen-pvh.S @@ -145,11 +145,11 @@ gdt_start: .quad 0x0000000000000000 /* NULL descriptor */ .quad 0x0000000000000000 /* reserved */ #ifdef CONFIG_X86_64 - .quad GDT_ENTRY(0xa09a, 0, 0xfffff) /* __KERNEL_CS */ + .quad 0x00af9a000000ffff /* __BOOT_CS */ #else - .quad GDT_ENTRY(0xc09a, 0, 0xfffff) /* __KERNEL_CS */ + .quad 0x00cf9a000000ffff /* __BOOT_CS */ #endif - .quad GDT_ENTRY(0xc092, 0, 0xfffff) /* __KERNEL_DS */ + .quad 0x00cf92000000ffff /* __BOOT_DS */ gdt_end: .balign 4 -- 2.9.3

7 years, 1 month

4
8
0 0

[PATCH v3] module: Fix display of wrong module .text address

by Thomas Richter

Reading file /proc/modules shows the correct address: [root@s35lp76 ~]# cat /proc/modules | egrep '^qeth_l2' qeth_l2 94208 1 - Live 0x000003ff80401000 and reading file /sys/module/qeth_l2/sections/.text [root@s35lp76 ~]# cat /sys/module/qeth_l2/sections/.text 0x0000000018ea8363 displays a random address. This breaks the perf tool which uses this address on s390 to calculate start of .text section in memory. Fix this by printing the correct (unhashed) address. Thanks to Jessica Yu for helping on this. Fixes: ef0010a30935 ("vsprintf: don't use 'restricted_pointer()' when not restricting") Cc: <stable(a)vger.kernel.org> # v4.15+ Suggested-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Thomas Richter <tmricht(a)linux.ibm.com> Cc: Jessica Yu <jeyu(a)kernel.org> --- kernel/module.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/module.c b/kernel/module.c index a6e43a5806a1..40b42000bd80 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -1472,7 +1472,8 @@ static ssize_t module_sect_show(struct module_attribute *mattr, { struct module_sect_attr *sattr = container_of(mattr, struct module_sect_attr, mattr); - return sprintf(buf, "0x%pK\n", (void *)sattr->address); + return sprintf(buf, "0x%px\n", kptr_restrict < 2 ? + (void *)sattr->address : NULL); } static void free_sect_attrs(struct module_sect_attrs *sect_attrs) -- 2.14.3

7 years, 1 month

6
7
0 0

[PATCH] ext4: fix bitmap position validation

by Lukas Czerner

Currently in ext4_valid_block_bitmap() we expect the bitmap to be positioned anywhere between 0 and s_blocksize clusters, but that's wrong because the bitmap can be placed anywhere in the block group. This causes false positives when validating bitmaps on perfectly valid file system layouts. Fix it by checking whether the bitmap is within the group boundary. The problem can be reproduced using the following mkfs -t ext3 -E stride=256 /dev/vdb1 mount /dev/vdb1 /mnt/test cd /mnt/test wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz tar xf linux-4.16.3.tar.xz This will result in the warnings in the logs EXT4-fs error (device vdb1): ext4_validate_block_bitmap:399: comm tar: bg 84: block 2774529: invalid block bitmap Signed-off-by: Lukas Czerner <lczerner(a)redhat.com> Reported-by: Ilya Dryomov <idryomov(a)gmail.com> Fixes: 7dac4a1726a9 ("ext4: add validity checks for bitmap block numbers") Cc: stable(a)vger.kernel.org --- fs/ext4/balloc.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c index a33d8fb..0c0e383 100644 --- a/fs/ext4/balloc.c +++ b/fs/ext4/balloc.c @@ -338,7 +338,8 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb, /* check whether block bitmap block number is set */ blk = ext4_block_bitmap(sb, desc); offset = blk - group_first_block; - if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || + if (offset < 0 || + EXT4_B2C(sbi, offset) >= EXT4_CLUSTERS_PER_GROUP(sb) || !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) /* bad block bitmap */ return blk; @@ -346,7 +347,8 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb, /* check whether the inode bitmap block number is set */ blk = ext4_inode_bitmap(sb, desc); offset = blk - group_first_block; - if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || + if (offset < 0 || + EXT4_B2C(sbi, offset) >= EXT4_CLUSTERS_PER_GROUP(sb) || !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) /* bad block bitmap */ return blk; @@ -354,8 +356,8 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb, /* check whether the inode table block number is set */ blk = ext4_inode_table(sb, desc); offset = blk - group_first_block; - if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || - EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= sb->s_blocksize) + if (offset < 0 || EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= + EXT4_CLUSTERS_PER_GROUP(sb)) return blk; next_zero_bit = ext4_find_next_zero_bit(bh->b_data, EXT4_B2C(sbi, offset + sbi->s_itb_per_group), -- 2.7.5

7 years, 1 month

2
5
0 0

[PATCH] USB: serial: option: adding support for ublox R410M

by SZ Lin (林上智)

This patch adds support for ublox R410M PID 0x90b2 USB modem to option driver, this module supports LTE Cat M1 / NB1. Interface layout: 0: QCDM/DIAG 1: ADB 2: AT 3: RMNET Signed-off-by: SZ Lin (林上智) <sz.lin(a)moxa.com> Cc: stable <stable(a)vger.kernel.org> --- Please refer to following lsusb output: Bus 001 Device 003: ID 05c6:90b2 Qualcomm, Inc. Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass 0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 idVendor 0x05c6 Qualcomm, Inc. idProduct 0x90b2 bcdDevice 0.00 iManufacturer 3 Qualcomm, Incorporated iProduct 2 Qualcomm CDMA Technologies MSM iSerial 4 fb854106 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 108 bNumInterfaces 4 bConfigurationValue 1 iConfiguration 1 Qualcomm Configuration bmAttributes 0xe0 Self Powered Remote Wakeup MaxPower 500mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 2 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 255 Vendor Specific Subclass bInterfaceProtocol 255 Vendor Specific Protocol iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x01 EP 1 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 0 bNumEndpoints 1 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 255 Vendor Specific Subclass bInterfaceProtocol 255 Vendor Specific Protocol iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x82 EP 2 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 2 bAlternateSetting 0 bNumEndpoints 3 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 255 Vendor Specific Subclass bInterfaceProtocol 255 Vendor Specific Protocol iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x83 EP 3 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 5 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x84 EP 4 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x02 EP 2 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 3 bAlternateSetting 0 bNumEndpoints 3 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 255 Vendor Specific Subclass bInterfaceProtocol 255 Vendor Specific Protocol iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x85 EP 5 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 5 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x86 EP 6 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x03 EP 3 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0200 1x 512 bytes bInterval 0 Device Qualifier (for other device speed): bLength 10 bDescriptorType 6 bcdUSB 2.00 bDeviceClass 0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 bNumConfigurations 1 Device Status: 0x0000 (Bus Powered) --- drivers/usb/serial/option.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index f0c3612467a3..184691caee64 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -233,6 +233,8 @@ static void option_instat_callback(struct urb *urb); /* These Quectel products use Qualcomm's vendor ID */ #define QUECTEL_PRODUCT_UC20 0x9003 #define QUECTEL_PRODUCT_UC15 0x9090 +/* These ublox products use Qualcomm's vendor ID */ +#define UBLOX_PRODUCT_R410M 0x90b2 /* These Yuga products use Qualcomm's vendor ID */ #define YUGA_PRODUCT_CLM920_NC5 0x9625 @@ -1065,6 +1067,9 @@ static const struct usb_device_id option_ids[] = { /* Yuga products use Qualcomm vendor ID */ { USB_DEVICE(QUALCOMM_VENDOR_ID, YUGA_PRODUCT_CLM920_NC5), .driver_info = RSVD(1) | RSVD(4) }, + /* ublox products use Qualcomm vendor ID */ + { USB_DEVICE(QUALCOMM_VENDOR_ID, UBLOX_PRODUCT_R410M), + .driver_info = RSVD(1) | RSVD(3) }, /* Quectel products using Quectel vendor ID */ { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EC21), .driver_info = RSVD(4) }, -- 2.17.0

7 years, 1 month

6
12
0 0

[PATCH 0/6] Fix XSA-155-like bugs in frontend drivers

by Marek Marczykowski-Górecki

Patches in original Xen Security Advisory 155 cared only about backend drivers while leaving frontend patches to be "developed and released (publicly) after the embargo date". This is said series. Marek Marczykowski-Górecki (6): xen: Add RING_COPY_RESPONSE() xen-netfront: copy response out of shared buffer before accessing it xen-netfront: do not use data already exposed to backend xen-netfront: add range check for Tx response id xen-blkfront: make local copy of response before using it xen-blkfront: prepare request locally, only then put it on the shared ring drivers/block/xen-blkfront.c | 110 ++++++++++++++++++--------------- drivers/net/xen-netfront.c | 61 +++++++++--------- include/xen/interface/io/ring.h | 14 ++++- 3 files changed, 106 insertions(+), 79 deletions(-) base-commit: 6d08b06e67cd117f6992c46611dfb4ce267cd71e -- git-series 0.9.1

7 years, 1 month

5
13
0 0

[PATCH] aacraid: Correct hba_send to include iu_type

by Dave Carroll

commit b60710ec7d7ab ("aacraid: enable sending of TMFs from aac_hba_send()") allows aac_hba_send() to send scsi commands, and TMF requests, but the existing code only updates the iu_type for scsi commands. For TMF requests we are sending an unknown iu_type to firmware, which causes a fault. Include iu_type prior to determining the validity of the command Reported-by: Noah Misner <nmisner(a)us.ibm.com> Fixes: b60710ec7d7ab ("aacraid: enable sending of TMFs from aac_hba_send()") Fixes: 423400e64d377 ("aacraid: Include HBA direct interface") Tested-by: Noah Misner <nmisner(a)us.ibm.com> cc: stable(a)vger.kernel.org Signed-off-by: Dave Carroll <david.carroll(a)microsemi.com> Reviewed-by: Raghava Aditya Renukunta <RaghavaAditya.Renukunta(a)microsemi.com> --- drivers/scsi/aacraid/commsup.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/aacraid/commsup.c b/drivers/scsi/aacraid/commsup.c index 0156c96..d62ddd6 100644 --- a/drivers/scsi/aacraid/commsup.c +++ b/drivers/scsi/aacraid/commsup.c @@ -724,6 +724,8 @@ int aac_hba_send(u8 command, struct fib *fibptr, fib_callback callback, int wait; unsigned long flags = 0; unsigned long mflags = 0; + struct aac_hba_cmd_req *hbacmd = (struct aac_hba_cmd_req *) + fibptr->hw_fib_va; fibptr->flags = (FIB_CONTEXT_FLAG | FIB_CONTEXT_FLAG_NATIVE_HBA); if (callback) { @@ -734,11 +736,9 @@ int aac_hba_send(u8 command, struct fib *fibptr, fib_callback callback, wait = 1; - if (command == HBA_IU_TYPE_SCSI_CMD_REQ) { - struct aac_hba_cmd_req *hbacmd = - (struct aac_hba_cmd_req *)fibptr->hw_fib_va; + hbacmd->iu_type = command; - hbacmd->iu_type = command; + if (command == HBA_IU_TYPE_SCSI_CMD_REQ) { /* bit1 of request_id must be 0 */ hbacmd->request_id = cpu_to_le32((((u32)(fibptr - dev->fibs)) << 2) + 1); -- 2.8.4

7 years, 1 month

3
2
0 0

+ mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, oom: fix concurrent munlock and oom reaper unmap, v3 has been added to the -mm tree. Its filename is mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-oom-fix-concurrent-munlock-and-… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-oom-fix-concurrent-munlock-and-… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: David Rientjes <rientjes(a)google.com> Subject: mm, oom: fix concurrent munlock and oom reaper unmap, v3 Since exit_mmap() is done without the protection of mm->mmap_sem, it is possible for the oom reaper to concurrently operate on an mm until MMF_OOM_SKIP is set. This allows munlock_vma_pages_all() to concurrently run while the oom reaper is operating on a vma. Since munlock_vma_pages_range() depends on clearing VM_LOCKED from vm_flags before actually doing the munlock to determine if any other vmas are locking the same memory, the check for VM_LOCKED in the oom reaper is racy. This is especially noticeable on architectures such as powerpc where clearing a huge pmd requires serialize_against_pte_lookup(). If the pmd is zapped by the oom reaper during follow_page_mask() after the check for pmd_none() is bypassed, this ends up deferencing a NULL ptl or a kernel oops. Fix this by manually freeing all possible memory from the mm before doing the munlock and then setting MMF_OOM_SKIP. The oom reaper can not run on the mm anymore so the munlock is safe to do in exit_mmap(). It also matches the logic that the oom reaper currently uses for determining when to set MMF_OOM_SKIP itself, so there's no new risk of excessive oom killing. This issue fixes CVE-2018-1000200. Link: http://lkml.kernel.org/r/alpine.DEB.2.21.1804241526320.238665@chino.kir.cor… Fixes: 212925802454 ("mm: oom: let oom_reap_task and exit_mmap run concurrently") Signed-off-by: David Rientjes <rientjes(a)google.com> Suggested-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/oom.h | 2 + mm/mmap.c | 44 +++++++++++++--------- mm/oom_kill.c | 81 ++++++++++++++++++++++-------------------- 3 files changed, 71 insertions(+), 56 deletions(-) diff -puN include/linux/oom.h~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap include/linux/oom.h --- a/include/linux/oom.h~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap +++ a/include/linux/oom.h @@ -95,6 +95,8 @@ static inline int check_stable_address_s return 0; } +void __oom_reap_task_mm(struct mm_struct *mm); + extern unsigned long oom_badness(struct task_struct *p, struct mem_cgroup *memcg, const nodemask_t *nodemask, unsigned long totalpages); diff -puN mm/mmap.c~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap mm/mmap.c --- a/mm/mmap.c~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap +++ a/mm/mmap.c @@ -3024,6 +3024,32 @@ void exit_mmap(struct mm_struct *mm) /* mm's last user has gone, and its about to be pulled down */ mmu_notifier_release(mm); + if (unlikely(mm_is_oom_victim(mm))) { + /* + * Manually reap the mm to free as much memory as possible. + * Then, as the oom reaper does, set MMF_OOM_SKIP to disregard + * this mm from further consideration. Taking mm->mmap_sem for + * write after setting MMF_OOM_SKIP will guarantee that the oom + * reaper will not run on this mm again after mmap_sem is + * dropped. + * + * Nothing can be holding mm->mmap_sem here and the above call + * to mmu_notifier_release(mm) ensures mmu notifier callbacks in + * __oom_reap_task_mm() will not block. + * + * This needs to be done before calling munlock_vma_pages_all(), + * which clears VM_LOCKED, otherwise the oom reaper cannot + * reliably test it. + */ + mutex_lock(&oom_lock); + __oom_reap_task_mm(mm); + mutex_unlock(&oom_lock); + + set_bit(MMF_OOM_SKIP, &mm->flags); + down_write(&mm->mmap_sem); + up_write(&mm->mmap_sem); + } + if (mm->locked_vm) { vma = mm->mmap; while (vma) { @@ -3045,24 +3071,6 @@ void exit_mmap(struct mm_struct *mm) /* update_hiwater_rss(mm) here? but nobody should be looking */ /* Use -1 here to ensure all VMAs in the mm are unmapped */ unmap_vmas(&tlb, vma, 0, -1); - - if (unlikely(mm_is_oom_victim(mm))) { - /* - * Wait for oom_reap_task() to stop working on this - * mm. Because MMF_OOM_SKIP is already set before - * calling down_read(), oom_reap_task() will not run - * on this "mm" post up_write(). - * - * mm_is_oom_victim() cannot be set from under us - * either because victim->mm is already set to NULL - * under task_lock before calling mmput and oom_mm is - * set not NULL by the OOM killer only if victim->mm - * is found not NULL while holding the task_lock. - */ - set_bit(MMF_OOM_SKIP, &mm->flags); - down_write(&mm->mmap_sem); - up_write(&mm->mmap_sem); - } free_pgtables(&tlb, vma, FIRST_USER_ADDRESS, USER_PGTABLES_CEILING); tlb_finish_mmu(&tlb, 0, -1); diff -puN mm/oom_kill.c~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap mm/oom_kill.c --- a/mm/oom_kill.c~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap +++ a/mm/oom_kill.c @@ -469,7 +469,6 @@ bool process_shares_mm(struct task_struc return false; } - #ifdef CONFIG_MMU /* * OOM Reaper kernel thread which tries to reap the memory used by the OOM @@ -480,16 +479,54 @@ static DECLARE_WAIT_QUEUE_HEAD(oom_reape static struct task_struct *oom_reaper_list; static DEFINE_SPINLOCK(oom_reaper_lock); -static bool __oom_reap_task_mm(struct task_struct *tsk, struct mm_struct *mm) +void __oom_reap_task_mm(struct mm_struct *mm) { - struct mmu_gather tlb; struct vm_area_struct *vma; + + /* + * Tell all users of get_user/copy_from_user etc... that the content + * is no longer stable. No barriers really needed because unmapping + * should imply barriers already and the reader would hit a page fault + * if it stumbled over a reaped memory. + */ + set_bit(MMF_UNSTABLE, &mm->flags); + + for (vma = mm->mmap ; vma; vma = vma->vm_next) { + if (!can_madv_dontneed_vma(vma)) + continue; + + /* + * Only anonymous pages have a good chance to be dropped + * without additional steps which we cannot afford as we + * are OOM already. + * + * We do not even care about fs backed pages because all + * which are reclaimable have already been reclaimed and + * we do not want to block exit_mmap by keeping mm ref + * count elevated without a good reason. + */ + if (vma_is_anonymous(vma) || !(vma->vm_flags & VM_SHARED)) { + const unsigned long start = vma->vm_start; + const unsigned long end = vma->vm_end; + struct mmu_gather tlb; + + tlb_gather_mmu(&tlb, mm, start, end); + mmu_notifier_invalidate_range_start(mm, start, end); + unmap_page_range(&tlb, vma, start, end, NULL); + mmu_notifier_invalidate_range_end(mm, start, end); + tlb_finish_mmu(&tlb, start, end); + } + } +} + +static bool oom_reap_task_mm(struct task_struct *tsk, struct mm_struct *mm) +{ bool ret = true; /* * We have to make sure to not race with the victim exit path * and cause premature new oom victim selection: - * __oom_reap_task_mm exit_mm + * oom_reap_task_mm exit_mm * mmget_not_zero * mmput * atomic_dec_and_test @@ -534,39 +571,8 @@ static bool __oom_reap_task_mm(struct ta trace_start_task_reaping(tsk->pid); - /* - * Tell all users of get_user/copy_from_user etc... that the content - * is no longer stable. No barriers really needed because unmapping - * should imply barriers already and the reader would hit a page fault - * if it stumbled over a reaped memory. - */ - set_bit(MMF_UNSTABLE, &mm->flags); - - for (vma = mm->mmap ; vma; vma = vma->vm_next) { - if (!can_madv_dontneed_vma(vma)) - continue; + __oom_reap_task_mm(mm); - /* - * Only anonymous pages have a good chance to be dropped - * without additional steps which we cannot afford as we - * are OOM already. - * - * We do not even care about fs backed pages because all - * which are reclaimable have already been reclaimed and - * we do not want to block exit_mmap by keeping mm ref - * count elevated without a good reason. - */ - if (vma_is_anonymous(vma) || !(vma->vm_flags & VM_SHARED)) { - const unsigned long start = vma->vm_start; - const unsigned long end = vma->vm_end; - - tlb_gather_mmu(&tlb, mm, start, end); - mmu_notifier_invalidate_range_start(mm, start, end); - unmap_page_range(&tlb, vma, start, end, NULL); - mmu_notifier_invalidate_range_end(mm, start, end); - tlb_finish_mmu(&tlb, start, end); - } - } pr_info("oom_reaper: reaped process %d (%s), now anon-rss:%lukB, file-rss:%lukB, shmem-rss:%lukB\n", task_pid_nr(tsk), tsk->comm, K(get_mm_counter(mm, MM_ANONPAGES)), @@ -587,14 +593,13 @@ static void oom_reap_task(struct task_st struct mm_struct *mm = tsk->signal->oom_mm; /* Retry the down_read_trylock(mmap_sem) a few times */ - while (attempts++ < MAX_OOM_REAP_RETRIES && !__oom_reap_task_mm(tsk, mm)) + while (attempts++ < MAX_OOM_REAP_RETRIES && !oom_reap_task_mm(tsk, mm)) schedule_timeout_idle(HZ/10); if (attempts <= MAX_OOM_REAP_RETRIES || test_bit(MMF_OOM_SKIP, &mm->flags)) goto done; - pr_info("oom_reaper: unable to reap pid:%d (%s)\n", task_pid_nr(tsk), tsk->comm); debug_show_all_locks(); _ Patches currently in -mm which might be from rientjes(a)google.com are mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap.patch

7 years, 1 month

1
0
0 0

[to-be-updated] mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, oom: fix concurrent munlock and oom reaper unmap has been removed from the -mm tree. Its filename was mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap.patch This patch was dropped because an updated version will be merged ------------------------------------------------------ From: David Rientjes <rientjes(a)google.com> Subject: mm, oom: fix concurrent munlock and oom reaper unmap Since exit_mmap() is done without the protection of mm->mmap_sem, it is possible for the oom reaper to concurrently operate on an mm until MMF_OOM_SKIP is set. This allows munlock_vma_pages_all() to concurrently run while the oom reaper is operating on a vma. Since munlock_vma_pages_range() depends on clearing VM_LOCKED from vm_flags before actually doing the munlock to determine if any other vmas are locking the same memory, the check for VM_LOCKED in the oom reaper is racy. This is especially noticeable on architectures such as powerpc where clearing a huge pmd requires serialize_against_pte_lookup(). If the pmd is zapped by the oom reaper during follow_page_mask() after the check for pmd_none() is bypassed, this ends up deferencing a NULL ptl. Fix this by reusing MMF_UNSTABLE to specify that an mm should not be reaped. This prevents the concurrent munlock_vma_pages_range() and unmap_page_range(). The oom reaper will simply not operate on an mm that has the bit set and leave the unmapping to exit_mmap(). [rientjes(a)google.com: v2] Link: http://lkml.kernel.org/r/alpine.DEB.2.21.1804171951440.105401@chino.kir.cor… Link: http://lkml.kernel.org/r/alpine.DEB.2.21.1804171545460.53786@chino.kir.corp… Fixes: 212925802454 ("mm: oom: let oom_reap_task and exit_mmap run concurrently") Signed-off-by: David Rientjes <rientjes(a)google.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Cc: Roman Gushchin <guro(a)fb.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mmap.c | 38 ++++++++++++++++++++------------------ mm/oom_kill.c | 28 +++++++++++++--------------- 2 files changed, 33 insertions(+), 33 deletions(-) diff -puN mm/mmap.c~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap mm/mmap.c --- a/mm/mmap.c~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap +++ a/mm/mmap.c @@ -3024,6 +3024,25 @@ void exit_mmap(struct mm_struct *mm) /* mm's last user has gone, and its about to be pulled down */ mmu_notifier_release(mm); + if (unlikely(mm_is_oom_victim(mm))) { + /* + * Wait for oom_reap_task() to stop working on this mm. Because + * MMF_UNSTABLE is already set before calling down_read(), + * oom_reap_task() will not run on this mm after up_write(). + * oom_reap_task() also depends on a stable VM_LOCKED flag to + * indicate it should not unmap during munlock_vma_pages_all(). + * + * mm_is_oom_victim() cannot be set from under us because + * victim->mm is already set to NULL under task_lock before + * calling mmput() and victim->signal->oom_mm is set by the oom + * killer only if victim->mm is non-NULL while holding + * task_lock(). + */ + set_bit(MMF_UNSTABLE, &mm->flags); + down_write(&mm->mmap_sem); + up_write(&mm->mmap_sem); + } + if (mm->locked_vm) { vma = mm->mmap; while (vma) { @@ -3045,26 +3064,9 @@ void exit_mmap(struct mm_struct *mm) /* update_hiwater_rss(mm) here? but nobody should be looking */ /* Use -1 here to ensure all VMAs in the mm are unmapped */ unmap_vmas(&tlb, vma, 0, -1); - - if (unlikely(mm_is_oom_victim(mm))) { - /* - * Wait for oom_reap_task() to stop working on this - * mm. Because MMF_OOM_SKIP is already set before - * calling down_read(), oom_reap_task() will not run - * on this "mm" post up_write(). - * - * mm_is_oom_victim() cannot be set from under us - * either because victim->mm is already set to NULL - * under task_lock before calling mmput and oom_mm is - * set not NULL by the OOM killer only if victim->mm - * is found not NULL while holding the task_lock. - */ - set_bit(MMF_OOM_SKIP, &mm->flags); - down_write(&mm->mmap_sem); - up_write(&mm->mmap_sem); - } free_pgtables(&tlb, vma, FIRST_USER_ADDRESS, USER_PGTABLES_CEILING); tlb_finish_mmu(&tlb, 0, -1); + set_bit(MMF_OOM_SKIP, &mm->flags); /* * Walk the list again, actually closing and freeing it, diff -puN mm/oom_kill.c~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap mm/oom_kill.c --- a/mm/oom_kill.c~mm-oom-fix-concurrent-munlock-and-oom-reaper-unmap +++ a/mm/oom_kill.c @@ -521,12 +521,17 @@ static bool __oom_reap_task_mm(struct ta } /* - * MMF_OOM_SKIP is set by exit_mmap when the OOM reaper can't - * work on the mm anymore. The check for MMF_OOM_SKIP must run + * Tell all users of get_user/copy_from_user etc... that the content + * is no longer stable. No barriers really needed because unmapping + * should imply barriers already and the reader would hit a page fault + * if it stumbled over reaped memory. + * + * MMF_UNSTABLE is also set by exit_mmap when the OOM reaper shouldn't + * work on the mm anymore. The check for MMF_OOM_UNSTABLE must run * under mmap_sem for reading because it serializes against the * down_write();up_write() cycle in exit_mmap(). */ - if (test_bit(MMF_OOM_SKIP, &mm->flags)) { + if (test_and_set_bit(MMF_UNSTABLE, &mm->flags)) { up_read(&mm->mmap_sem); trace_skip_task_reaping(tsk->pid); goto unlock_oom; @@ -534,14 +539,6 @@ static bool __oom_reap_task_mm(struct ta trace_start_task_reaping(tsk->pid); - /* - * Tell all users of get_user/copy_from_user etc... that the content - * is no longer stable. No barriers really needed because unmapping - * should imply barriers already and the reader would hit a page fault - * if it stumbled over a reaped memory. - */ - set_bit(MMF_UNSTABLE, &mm->flags); - for (vma = mm->mmap ; vma; vma = vma->vm_next) { if (!can_madv_dontneed_vma(vma)) continue; @@ -567,6 +564,7 @@ static bool __oom_reap_task_mm(struct ta tlb_finish_mmu(&tlb, start, end); } } + set_bit(MMF_OOM_SKIP, &mm->flags); pr_info("oom_reaper: reaped process %d (%s), now anon-rss:%lukB, file-rss:%lukB, shmem-rss:%lukB\n", task_pid_nr(tsk), tsk->comm, K(get_mm_counter(mm, MM_ANONPAGES)), @@ -594,7 +592,6 @@ static void oom_reap_task(struct task_st test_bit(MMF_OOM_SKIP, &mm->flags)) goto done; - pr_info("oom_reaper: unable to reap pid:%d (%s)\n", task_pid_nr(tsk), tsk->comm); debug_show_all_locks(); @@ -603,10 +600,11 @@ done: tsk->oom_reaper_list = NULL; /* - * Hide this mm from OOM killer because it has been either reaped or - * somebody can't call up_write(mmap_sem). + * If the oom reaper could not get started on this mm and it has not yet + * reached exit_mmap(), set MMF_OOM_SKIP to disregard. */ - set_bit(MMF_OOM_SKIP, &mm->flags); + if (!test_bit(MMF_UNSTABLE, &mm->flags)) + set_bit(MMF_OOM_SKIP, &mm->flags); /* Drop a reference taken by wake_oom_reaper */ put_task_struct(tsk); _ Patches currently in -mm which might be from rientjes(a)google.com are

7 years, 1 month

1
0
0 0

Re: Patch "net: qlge: Eliminate duplicate barriers on weakly-ordered archs" has been added to the 4.16-stable tree

by Sinan Kaya

On 5/1/2018 6:32 PM, gregkh(a)linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > net: qlge: Eliminate duplicate barriers on weakly-ordered archs > > to the 4.16-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > net-qlge-eliminate-duplicate-barriers-on-weakly-ordered-archs.patch > and it can be found in the queue-4.16 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > I don't think these should be pulled at this moment. There is still more barrier work to be done and the patch below goes in the wrong direction after discussion with Linus. I'm waiting for all architectures to reach to functional parity at the end of 4.17 to pick up from where I left. There are still few architectures still violating writel() guarantee. > >>From foo@baz Tue May 1 14:59:17 PDT 2018 > From: Sinan Kaya <okaya(a)codeaurora.org> > Date: Sun, 25 Mar 2018 10:39:19 -0400 > Subject: net: qlge: Eliminate duplicate barriers on weakly-ordered archs > > From: Sinan Kaya <okaya(a)codeaurora.org> > > [ Upstream commit e42d8cee343a545ac2d9557a3b28708bbca2bd31 ] > > Code includes wmb() followed by writel(). writel() already has a barrier on > some architectures like arm64. > > This ends up CPU observing two barriers back to back before executing the > register write. > > Create a new wrapper function with relaxed write operator. Use the new > wrapper when a write is following a wmb(). > > Signed-off-by: Sinan Kaya <okaya(a)codeaurora.org> > Signed-off-by: David S. Miller <davem(a)davemloft.net> > Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > drivers/net/ethernet/qlogic/qlge/qlge.h | 16 ++++++++++++++++ > drivers/net/ethernet/qlogic/qlge/qlge_main.c | 3 ++- > 2 files changed, 18 insertions(+), 1 deletion(-) > > --- a/drivers/net/ethernet/qlogic/qlge/qlge.h > +++ b/drivers/net/ethernet/qlogic/qlge/qlge.h > @@ -2185,6 +2185,22 @@ static inline void ql_write_db_reg(u32 v > } > > /* > + * Doorbell Registers: > + * Doorbell registers are virtual registers in the PCI memory space. > + * The space is allocated by the chip during PCI initialization. The > + * device driver finds the doorbell address in BAR 3 in PCI config space. > + * The registers are used to control outbound and inbound queues. For > + * example, the producer index for an outbound queue. Each queue uses > + * 1 4k chunk of memory. The lower half of the space is for outbound > + * queues. The upper half is for inbound queues. > + * Caller has to guarantee ordering. > + */ > +static inline void ql_write_db_reg_relaxed(u32 val, void __iomem *addr) > +{ > + writel_relaxed(val, addr); > +} > + > +/* > * Shadow Registers: > * Outbound queues have a consumer index that is maintained by the chip. > * Inbound queues have a producer index that is maintained by the chip. > --- a/drivers/net/ethernet/qlogic/qlge/qlge_main.c > +++ b/drivers/net/ethernet/qlogic/qlge/qlge_main.c > @@ -2700,7 +2700,8 @@ static netdev_tx_t qlge_send(struct sk_b > tx_ring->prod_idx = 0; > wmb(); > > - ql_write_db_reg(tx_ring->prod_idx, tx_ring->prod_idx_db_reg); > + ql_write_db_reg_relaxed(tx_ring->prod_idx, tx_ring->prod_idx_db_reg); > + mmiowb(); > netif_printk(qdev, tx_queued, KERN_DEBUG, qdev->ndev, > "tx queued, slot %d, len %d\n", > tx_ring->prod_idx, skb->len); > > > Patches currently in stable-queue which might be from okaya(a)codeaurora.org are > > queue-4.16/net-qlge-eliminate-duplicate-barriers-on-weakly-ordered-archs.patch > -- Sinan Kaya Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.

7 years, 1 month

2
1
0 0

Formatting of stable commit messages

by Paul Menzel

Dear Greg, Looking at the change-log of the stable series, there are two lines between the commit messages summary [1] and the first line of the commit message body. > commit 4c8e0270dc7afb10d4e06be4adfd177db5cb3cb8 > Author: Tang Junhui <tang.junhui(a)zte.com.cn> > Date: Wed Feb 7 11:41:46 2018 -0800 > > bcache: fix for data collapse after re-attaching an attached device > > > [ Upstream commit 73ac105be390c1de42a2f21643c9778a5e002930 ] I assume you scripts generate that. Could they be changed to just add one blank line? Kind regards, Paul [1] https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.37

7 years, 1 month

3
3
0 0

Applied "ASoC: cirrus: i2s: Fix LRCLK configuration" to the asoc tree

by Mark Brown

The patch ASoC: cirrus: i2s: Fix LRCLK configuration has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 2d534113be9a2aa532a1ae127a57e83558aed358 Mon Sep 17 00:00:00 2001 From: Alexander Sverdlin <alexander.sverdlin(a)gmail.com> Date: Sat, 28 Apr 2018 22:51:38 +0200 Subject: [PATCH] ASoC: cirrus: i2s: Fix LRCLK configuration The bit responsible for LRCLK polarity is i2s_tlrs (0), not i2s_trel (2) (refer to "EP93xx User's Guide"). Previously card drivers which specified SND_SOC_DAIFMT_NB_IF actually got SND_SOC_DAIFMT_NB_NF, an adaptation is necessary to retain the old behavior. Signed-off-by: Alexander Sverdlin <alexander.sverdlin(a)gmail.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- sound/soc/cirrus/edb93xx.c | 2 +- sound/soc/cirrus/ep93xx-i2s.c | 8 ++++---- sound/soc/cirrus/snappercl15.c | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/sound/soc/cirrus/edb93xx.c b/sound/soc/cirrus/edb93xx.c index c53bd6f2c2d7..3d011abaa266 100644 --- a/sound/soc/cirrus/edb93xx.c +++ b/sound/soc/cirrus/edb93xx.c @@ -67,7 +67,7 @@ static struct snd_soc_dai_link edb93xx_dai = { .cpu_dai_name = "ep93xx-i2s", .codec_name = "spi0.0", .codec_dai_name = "cs4271-hifi", - .dai_fmt = SND_SOC_DAIFMT_I2S | SND_SOC_DAIFMT_NB_IF | + .dai_fmt = SND_SOC_DAIFMT_I2S | SND_SOC_DAIFMT_NB_NF | SND_SOC_DAIFMT_CBS_CFS, .ops = &edb93xx_ops, }; diff --git a/sound/soc/cirrus/ep93xx-i2s.c b/sound/soc/cirrus/ep93xx-i2s.c index 934f8aefdd90..38c240c97041 100644 --- a/sound/soc/cirrus/ep93xx-i2s.c +++ b/sound/soc/cirrus/ep93xx-i2s.c @@ -213,24 +213,24 @@ static int ep93xx_i2s_set_dai_fmt(struct snd_soc_dai *cpu_dai, switch (fmt & SND_SOC_DAIFMT_INV_MASK) { case SND_SOC_DAIFMT_NB_NF: /* Negative bit clock, lrclk low on left word */ - clk_cfg &= ~(EP93XX_I2S_CLKCFG_CKP | EP93XX_I2S_CLKCFG_REL); + clk_cfg &= ~(EP93XX_I2S_CLKCFG_CKP | EP93XX_I2S_CLKCFG_LRS); break; case SND_SOC_DAIFMT_NB_IF: /* Negative bit clock, lrclk low on right word */ clk_cfg &= ~EP93XX_I2S_CLKCFG_CKP; - clk_cfg |= EP93XX_I2S_CLKCFG_REL; + clk_cfg |= EP93XX_I2S_CLKCFG_LRS; break; case SND_SOC_DAIFMT_IB_NF: /* Positive bit clock, lrclk low on left word */ clk_cfg |= EP93XX_I2S_CLKCFG_CKP; - clk_cfg &= ~EP93XX_I2S_CLKCFG_REL; + clk_cfg &= ~EP93XX_I2S_CLKCFG_LRS; break; case SND_SOC_DAIFMT_IB_IF: /* Positive bit clock, lrclk low on right word */ - clk_cfg |= EP93XX_I2S_CLKCFG_CKP | EP93XX_I2S_CLKCFG_REL; + clk_cfg |= EP93XX_I2S_CLKCFG_CKP | EP93XX_I2S_CLKCFG_LRS; break; } diff --git a/sound/soc/cirrus/snappercl15.c b/sound/soc/cirrus/snappercl15.c index 2334ec19e7eb..11ff7b2672b2 100644 --- a/sound/soc/cirrus/snappercl15.c +++ b/sound/soc/cirrus/snappercl15.c @@ -72,7 +72,7 @@ static struct snd_soc_dai_link snappercl15_dai = { .codec_dai_name = "tlv320aic23-hifi", .codec_name = "tlv320aic23-codec.0-001a", .platform_name = "ep93xx-i2s", - .dai_fmt = SND_SOC_DAIFMT_I2S | SND_SOC_DAIFMT_NB_IF | + .dai_fmt = SND_SOC_DAIFMT_I2S | SND_SOC_DAIFMT_NB_NF | SND_SOC_DAIFMT_CBS_CFS, .ops = &snappercl15_ops, }; -- 2.17.0

7 years, 1 month

1
0
0 0

Applied "ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup" to the asoc tree

by Mark Brown

The patch ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 5d302ed3cc80564fb835bed5fdba1e1250ecc9e5 Mon Sep 17 00:00:00 2001 From: Alexander Sverdlin <alexander.sverdlin(a)gmail.com> Date: Sat, 28 Apr 2018 22:51:39 +0200 Subject: [PATCH] ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit According to "EP93xx User’s Guide", I2STXLinCtrlData and I2SRXLinCtrlData registers actually have different format. The only currently used bit (Left_Right_Justify) has different position. Fix this and simplify the whole setup taking into account the fact that both registers have zero default value. The practical effect of the above is repaired SND_SOC_DAIFMT_RIGHT_J support (currently unused). Signed-off-by: Alexander Sverdlin <alexander.sverdlin(a)gmail.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- sound/soc/cirrus/ep93xx-i2s.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/sound/soc/cirrus/ep93xx-i2s.c b/sound/soc/cirrus/ep93xx-i2s.c index 38c240c97041..0dc3852c4621 100644 --- a/sound/soc/cirrus/ep93xx-i2s.c +++ b/sound/soc/cirrus/ep93xx-i2s.c @@ -51,7 +51,9 @@ #define EP93XX_I2S_WRDLEN_24 (1 << 0) #define EP93XX_I2S_WRDLEN_32 (2 << 0) -#define EP93XX_I2S_LINCTRLDATA_R_JUST (1 << 2) /* Right justify */ +#define EP93XX_I2S_RXLINCTRLDATA_R_JUST BIT(1) /* Right justify */ + +#define EP93XX_I2S_TXLINCTRLDATA_R_JUST BIT(2) /* Right justify */ #define EP93XX_I2S_CLKCFG_LRS (1 << 0) /* lrclk polarity */ #define EP93XX_I2S_CLKCFG_CKP (1 << 1) /* Bit clock polarity */ @@ -170,25 +172,25 @@ static int ep93xx_i2s_set_dai_fmt(struct snd_soc_dai *cpu_dai, unsigned int fmt) { struct ep93xx_i2s_info *info = snd_soc_dai_get_drvdata(cpu_dai); - unsigned int clk_cfg, lin_ctrl; + unsigned int clk_cfg; + unsigned int txlin_ctrl = 0; + unsigned int rxlin_ctrl = 0; clk_cfg = ep93xx_i2s_read_reg(info, EP93XX_I2S_RXCLKCFG); - lin_ctrl = ep93xx_i2s_read_reg(info, EP93XX_I2S_RXLINCTRLDATA); switch (fmt & SND_SOC_DAIFMT_FORMAT_MASK) { case SND_SOC_DAIFMT_I2S: clk_cfg |= EP93XX_I2S_CLKCFG_REL; - lin_ctrl &= ~EP93XX_I2S_LINCTRLDATA_R_JUST; break; case SND_SOC_DAIFMT_LEFT_J: clk_cfg &= ~EP93XX_I2S_CLKCFG_REL; - lin_ctrl &= ~EP93XX_I2S_LINCTRLDATA_R_JUST; break; case SND_SOC_DAIFMT_RIGHT_J: clk_cfg &= ~EP93XX_I2S_CLKCFG_REL; - lin_ctrl |= EP93XX_I2S_LINCTRLDATA_R_JUST; + rxlin_ctrl |= EP93XX_I2S_RXLINCTRLDATA_R_JUST; + txlin_ctrl |= EP93XX_I2S_TXLINCTRLDATA_R_JUST; break; default: @@ -237,8 +239,8 @@ static int ep93xx_i2s_set_dai_fmt(struct snd_soc_dai *cpu_dai, /* Write new register values */ ep93xx_i2s_write_reg(info, EP93XX_I2S_RXCLKCFG, clk_cfg); ep93xx_i2s_write_reg(info, EP93XX_I2S_TXCLKCFG, clk_cfg); - ep93xx_i2s_write_reg(info, EP93XX_I2S_RXLINCTRLDATA, lin_ctrl); - ep93xx_i2s_write_reg(info, EP93XX_I2S_TXLINCTRLDATA, lin_ctrl); + ep93xx_i2s_write_reg(info, EP93XX_I2S_RXLINCTRLDATA, rxlin_ctrl); + ep93xx_i2s_write_reg(info, EP93XX_I2S_TXLINCTRLDATA, txlin_ctrl); return 0; } -- 2.17.0

7 years, 1 month

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror