- Linux-stable-mirror - lists.linaro.org

Patch "mac80211: ibss: Fix channel type enum in ieee80211_sta_join_ibss()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mac80211: ibss: Fix channel type enum in ieee80211_sta_join_ibss() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mac80211-ibss-fix-channel-type-enum-in-ieee80211_sta_join_ibss.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From a4ac6f2e53e568a77a2eb3710efd99ca08634c0a Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke <mka(a)chromium.org> Date: Mon, 17 Apr 2017 13:59:53 -0700 Subject: mac80211: ibss: Fix channel type enum in ieee80211_sta_join_ibss() From: Matthias Kaehlcke <mka(a)chromium.org> commit a4ac6f2e53e568a77a2eb3710efd99ca08634c0a upstream. cfg80211_chandef_create() expects an 'enum nl80211_channel_type' as channel type however in ieee80211_sta_join_ibss() NL80211_CHAN_WIDTH_20_NOHT is passed in two occasions, which is of the enum type 'nl80211_chan_width'. Change the value to NL80211_CHAN_NO_HT (20 MHz, non-HT channel) of the channel type enum. Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/mac80211/ibss.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/net/mac80211/ibss.c +++ b/net/mac80211/ibss.c @@ -427,7 +427,7 @@ static void ieee80211_sta_join_ibss(stru case NL80211_CHAN_WIDTH_5: case NL80211_CHAN_WIDTH_10: cfg80211_chandef_create(&chandef, cbss->channel, - NL80211_CHAN_WIDTH_20_NOHT); + NL80211_CHAN_NO_HT); chandef.width = sdata->u.ibss.chandef.width; break; case NL80211_CHAN_WIDTH_80: @@ -439,7 +439,7 @@ static void ieee80211_sta_join_ibss(stru default: /* fall back to 20 MHz for unsupported modes */ cfg80211_chandef_create(&chandef, cbss->channel, - NL80211_CHAN_WIDTH_20_NOHT); + NL80211_CHAN_NO_HT); break; } Patches currently in stable-queue which might be from mka(a)chromium.org are queue-4.9/dm-ioctl-remove-double-parentheses.patch queue-4.9/arm64-avoid-overflow-in-va_start-and-page_offset.patch queue-4.9/btrfs-remove-extra-parentheses-from-condition-in-copy_items.patch queue-4.9/genirq-use-cpumask_available-for-check-of-cpumask-variable.patch queue-4.9/nl80211-fix-enum-type-of-variable-in-nl80211_put_sta_rate.patch queue-4.9/selinux-remove-redundant-check-for-unknown-labeling-behavior.patch queue-4.9/fs-compat-remove-warning-from-compatible_ioctl.patch queue-4.9/jiffies.h-declare-jiffies-and-jiffies_64-with-____cacheline_aligned_in_smp.patch queue-4.9/selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch queue-4.9/pci-make-pci_rom_address_mask-a-32-bit-constant.patch queue-4.9/frv-declare-jiffies-to-be-located-in-the-.data-section.patch queue-4.9/mac80211-ibss-fix-channel-type-enum-in-ieee80211_sta_join_ibss.patch queue-4.9/cfg80211-fix-array-bounds-warning-in-fragment-copy.patch queue-4.9/netfilter-ctnetlink-make-some-parameters-integer-to-avoid-enum-mismatch.patch queue-4.9/mac80211-fix-clang-warning-about-constant-operand-in-logical-operation.patch queue-4.9/cpumask-add-helper-cpumask_available.patch

7 years, 2 months

1
0
0 0

Patch "HID: sony: Use LED_CORE_SUSPENDRESUME" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled HID: sony: Use LED_CORE_SUSPENDRESUME to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: hid-sony-use-led_core_suspendresume.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 765a1077c85e5f2efcc43582f80caf43a052e903 Mon Sep 17 00:00:00 2001 From: Frank Praznik <frank.praznik(a)gmail.com> Date: Wed, 8 Feb 2017 13:58:43 -0500 Subject: HID: sony: Use LED_CORE_SUSPENDRESUME From: Frank Praznik <frank.praznik(a)gmail.com> commit 765a1077c85e5f2efcc43582f80caf43a052e903 upstream. The LED subsystem provides the LED_CORE_SUSPENDRESUME flag to handle automatically turning off and restoring the state of device LEDs during suspend/resume. Use this flag instead of saving and restoring the state locally. Signed-off-by: Frank Praznik <frank.praznik(a)gmail.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.cz> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hid/hid-sony.c | 45 +++++++++++++++------------------------------ 1 file changed, 15 insertions(+), 30 deletions(-) --- a/drivers/hid/hid-sony.c +++ b/drivers/hid/hid-sony.c @@ -1056,7 +1056,6 @@ struct sony_sc { u8 battery_charging; u8 battery_capacity; u8 led_state[MAX_LEDS]; - u8 resume_led_state[MAX_LEDS]; u8 led_delay_on[MAX_LEDS]; u8 led_delay_off[MAX_LEDS]; u8 led_count; @@ -1793,6 +1792,7 @@ static int sony_leds_init(struct sony_sc led->name = name; led->brightness = sc->led_state[n]; led->max_brightness = max_brightness[n]; + led->flags = LED_CORE_SUSPENDRESUME; led->brightness_get = sony_led_get_brightness; led->brightness_set = sony_led_set_brightness; @@ -2509,47 +2509,32 @@ static void sony_remove(struct hid_devic static int sony_suspend(struct hid_device *hdev, pm_message_t message) { - /* - * On suspend save the current LED state, - * stop running force-feedback and blank the LEDS. - */ - if (SONY_LED_SUPPORT || SONY_FF_SUPPORT) { - struct sony_sc *sc = hid_get_drvdata(hdev); - #ifdef CONFIG_SONY_FF - sc->left = sc->right = 0; -#endif - memcpy(sc->resume_led_state, sc->led_state, - sizeof(sc->resume_led_state)); - memset(sc->led_state, 0, sizeof(sc->led_state)); + /* On suspend stop any running force-feedback events */ + if (SONY_FF_SUPPORT) { + struct sony_sc *sc = hid_get_drvdata(hdev); + sc->left = sc->right = 0; sony_send_output_report(sc); } +#endif return 0; } static int sony_resume(struct hid_device *hdev) { - /* Restore the state of controller LEDs on resume */ - if (SONY_LED_SUPPORT) { - struct sony_sc *sc = hid_get_drvdata(hdev); - - memcpy(sc->led_state, sc->resume_led_state, - sizeof(sc->led_state)); - - /* - * The Sixaxis and navigation controllers on USB need to be - * reinitialized on resume or they won't behave properly. - */ - if ((sc->quirks & SIXAXIS_CONTROLLER_USB) || - (sc->quirks & NAVIGATION_CONTROLLER_USB)) { - sixaxis_set_operational_usb(sc->hdev); - sc->defer_initialization = 1; - } + struct sony_sc *sc = hid_get_drvdata(hdev); - sony_set_leds(sc); + /* + * The Sixaxis and navigation controllers on USB need to be + * reinitialized on resume or they won't behave properly. + */ + if ((sc->quirks & SIXAXIS_CONTROLLER_USB) || + (sc->quirks & NAVIGATION_CONTROLLER_USB)) { + sixaxis_set_operational_usb(sc->hdev); + sc->defer_initialization = 1; } return 0; Patches currently in stable-queue which might be from frank.praznik(a)gmail.com are queue-4.9/hid-sony-use-led_core_suspendresume.patch

7 years, 2 months

1
0
0 0

Patch "cfg80211: Fix array-bounds warning in fragment copy" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cfg80211: Fix array-bounds warning in fragment copy to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cfg80211-fix-array-bounds-warning-in-fragment-copy.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From aa1702dd162f420bf85ecef0c77686ef0dbc1496 Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke <mka(a)chromium.org> Date: Thu, 13 Apr 2017 10:05:04 -0700 Subject: cfg80211: Fix array-bounds warning in fragment copy From: Matthias Kaehlcke <mka(a)chromium.org> commit aa1702dd162f420bf85ecef0c77686ef0dbc1496 upstream. __ieee80211_amsdu_copy_frag intentionally initializes a pointer to array[-1] to increment it later to valid values. clang rightfully generates an array-bounds warning on the initialization statement. Initialize the pointer to array[0] and change the algorithm from increment before to increment after consume. Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/wireless/util.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/net/wireless/util.c +++ b/net/wireless/util.c @@ -663,7 +663,7 @@ __ieee80211_amsdu_copy_frag(struct sk_bu int offset, int len) { struct skb_shared_info *sh = skb_shinfo(skb); - const skb_frag_t *frag = &sh->frags[-1]; + const skb_frag_t *frag = &sh->frags[0]; struct page *frag_page; void *frag_ptr; int frag_len, frag_size; @@ -676,10 +676,10 @@ __ieee80211_amsdu_copy_frag(struct sk_bu while (offset >= frag_size) { offset -= frag_size; - frag++; frag_page = skb_frag_page(frag); frag_ptr = skb_frag_address(frag); frag_size = skb_frag_size(frag); + frag++; } frag_ptr += offset; @@ -691,12 +691,12 @@ __ieee80211_amsdu_copy_frag(struct sk_bu len -= cur_len; while (len > 0) { - frag++; frag_len = skb_frag_size(frag); cur_len = min(len, frag_len); __frame_add_frag(frame, skb_frag_page(frag), skb_frag_address(frag), cur_len, frag_len); len -= cur_len; + frag++; } } Patches currently in stable-queue which might be from mka(a)chromium.org are queue-4.9/dm-ioctl-remove-double-parentheses.patch queue-4.9/arm64-avoid-overflow-in-va_start-and-page_offset.patch queue-4.9/btrfs-remove-extra-parentheses-from-condition-in-copy_items.patch queue-4.9/genirq-use-cpumask_available-for-check-of-cpumask-variable.patch queue-4.9/nl80211-fix-enum-type-of-variable-in-nl80211_put_sta_rate.patch queue-4.9/selinux-remove-redundant-check-for-unknown-labeling-behavior.patch queue-4.9/fs-compat-remove-warning-from-compatible_ioctl.patch queue-4.9/jiffies.h-declare-jiffies-and-jiffies_64-with-____cacheline_aligned_in_smp.patch queue-4.9/selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch queue-4.9/pci-make-pci_rom_address_mask-a-32-bit-constant.patch queue-4.9/frv-declare-jiffies-to-be-located-in-the-.data-section.patch queue-4.9/mac80211-ibss-fix-channel-type-enum-in-ieee80211_sta_join_ibss.patch queue-4.9/cfg80211-fix-array-bounds-warning-in-fragment-copy.patch queue-4.9/netfilter-ctnetlink-make-some-parameters-integer-to-avoid-enum-mismatch.patch queue-4.9/mac80211-fix-clang-warning-about-constant-operand-in-logical-operation.patch queue-4.9/cpumask-add-helper-cpumask_available.patch

7 years, 2 months

1
0
0 0

Patch "btrfs: Remove extra parentheses from condition in copy_items()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled btrfs: Remove extra parentheses from condition in copy_items() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: btrfs-remove-extra-parentheses-from-condition-in-copy_items.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 0dde10bed2c44a4024eb446cc72fe4e0cb97ec06 Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke <mka(a)chromium.org> Date: Thu, 27 Jul 2017 14:30:23 -0700 Subject: btrfs: Remove extra parentheses from condition in copy_items() From: Matthias Kaehlcke <mka(a)chromium.org> commit 0dde10bed2c44a4024eb446cc72fe4e0cb97ec06 upstream. There is no need for the extra pair of parentheses, remove it. This fixes the following warning when building with clang: fs/btrfs/tree-log.c:3694:10: warning: equality comparison with extraneous parentheses [-Wparentheses-equality] if ((i == (nr - 1))) ~~^~~~~~~~~~~ Also remove the unnecessary parentheses around the substraction. Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: David Sterba <dsterba(a)suse.com> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/btrfs/tree-log.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -3664,7 +3664,7 @@ static noinline int copy_items(struct bt src_offset = btrfs_item_ptr_offset(src, start_slot + i); - if ((i == (nr - 1))) + if (i == nr - 1) last_key = ins_keys[i]; if (ins_keys[i].type == BTRFS_INODE_ITEM_KEY) { Patches currently in stable-queue which might be from mka(a)chromium.org are queue-4.9/dm-ioctl-remove-double-parentheses.patch queue-4.9/arm64-avoid-overflow-in-va_start-and-page_offset.patch queue-4.9/btrfs-remove-extra-parentheses-from-condition-in-copy_items.patch queue-4.9/genirq-use-cpumask_available-for-check-of-cpumask-variable.patch queue-4.9/nl80211-fix-enum-type-of-variable-in-nl80211_put_sta_rate.patch queue-4.9/selinux-remove-redundant-check-for-unknown-labeling-behavior.patch queue-4.9/fs-compat-remove-warning-from-compatible_ioctl.patch queue-4.9/jiffies.h-declare-jiffies-and-jiffies_64-with-____cacheline_aligned_in_smp.patch queue-4.9/selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch queue-4.9/pci-make-pci_rom_address_mask-a-32-bit-constant.patch queue-4.9/frv-declare-jiffies-to-be-located-in-the-.data-section.patch queue-4.9/mac80211-ibss-fix-channel-type-enum-in-ieee80211_sta_join_ibss.patch queue-4.9/cfg80211-fix-array-bounds-warning-in-fragment-copy.patch queue-4.9/netfilter-ctnetlink-make-some-parameters-integer-to-avoid-enum-mismatch.patch queue-4.9/mac80211-fix-clang-warning-about-constant-operand-in-logical-operation.patch queue-4.9/cpumask-add-helper-cpumask_available.patch

7 years, 2 months

1
0
0 0

Patch "arm64: avoid overflow in VA_START and PAGE_OFFSET" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled arm64: avoid overflow in VA_START and PAGE_OFFSET to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm64-avoid-overflow-in-va_start-and-page_offset.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 82cd588052815eb4146f9f7c5347ca5e32c56360 Mon Sep 17 00:00:00 2001 From: Nick Desaulniers <ndesaulniers(a)google.com> Date: Thu, 3 Aug 2017 11:03:58 -0700 Subject: arm64: avoid overflow in VA_START and PAGE_OFFSET From: Nick Desaulniers <ndesaulniers(a)google.com> commit 82cd588052815eb4146f9f7c5347ca5e32c56360 upstream. The bitmask used to define these values produces overflow, as seen by this compiler warning: arch/arm64/kernel/head.S:47:8: warning: integer overflow in preprocessor expression #elif (PAGE_OFFSET & 0x1fffff) != 0 ^~~~~~~~~~~ arch/arm64/include/asm/memory.h:52:46: note: expanded from macro 'PAGE_OFFSET' #define PAGE_OFFSET (UL(0xffffffffffffffff) << (VA_BITS - 1)) ~~~~~~~~~~~~~~~~~~ ^ It would be preferrable to use GENMASK_ULL() instead, but it's not set up to be used from assembly (the UL() macro token pastes UL suffixes when not included in assembly sources). Suggested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Suggested-by: Yury Norov <ynorov(a)caviumnetworks.com> Suggested-by: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Nick Desaulniers <ndesaulniers(a)google.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm64/include/asm/memory.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/arch/arm64/include/asm/memory.h +++ b/arch/arm64/include/asm/memory.h @@ -64,8 +64,10 @@ * TASK_UNMAPPED_BASE - the lower boundary of the mmap VM area. */ #define VA_BITS (CONFIG_ARM64_VA_BITS) -#define VA_START (UL(0xffffffffffffffff) << VA_BITS) -#define PAGE_OFFSET (UL(0xffffffffffffffff) << (VA_BITS - 1)) +#define VA_START (UL(0xffffffffffffffff) - \ + (UL(1) << VA_BITS) + 1) +#define PAGE_OFFSET (UL(0xffffffffffffffff) - \ + (UL(1) << (VA_BITS - 1)) + 1) #define KIMAGE_VADDR (MODULES_END) #define MODULES_END (MODULES_VADDR + MODULES_VSIZE) #define MODULES_VADDR (VA_START + KASAN_SHADOW_SIZE) Patches currently in stable-queue which might be from ndesaulniers(a)google.com are queue-4.9/arm64-avoid-overflow-in-va_start-and-page_offset.patch queue-4.9/netfilter-nf_nat_h323-fix-logical-not-parentheses-warning.patch

7 years, 2 months

1
0
0 0

Clang warning fixes for 4.4 and 4.9

by Nathan Chancellor

Hi Greg, Please apply the following commits to both 4.4 and 4.9: 9280cdd6fe5b ("fs: compat: Remove warning from COMPATIBLE_IOCTL") 342e91578eb6 ("selinux: Remove unnecessary check of array base in selinux_set_mapping()") f7e30f01a9e2 ("cpumask: Add helper cpumask_available()") d170fe7dd992 ("genirq: Use cpumask_available() for check of cpumask variable") 7c30f352c852 ("jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp") 60b0a8c3d248 ("frv: declare jiffies to be located in the .data section") eee6ebbac18a ("netfilter: nf_nat_h323: fix logical-not-parentheses warning") dae1a432ab1f ("Input: mousedev - fix implicit conversion warning") e36215d87f30 ("dm ioctl: remove double parentheses") 76dc52684d0f ("PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant") Please apply the following commits to only 4.4: c877ef8ae7b8 ("writeback: fix the wrong congested state variable definition") 452889788591 ("ACPI, PCI, irq: remove redundant check for null string pointer") db0a6fb5d97a ("audit: add tty field to LOGIN event") Please apply the following commits to only 4.9: 270e8573145a ("selinux: Remove redundant check for unknown labeling behavior") 82cd58805281 ("arm64: avoid overflow in VA_START and PAGE_OFFSET") 0dde10bed2c4 ("btrfs: Remove extra parentheses from condition in copy_items()") a4ac6f2e53e5 ("mac80211: ibss: Fix channel type enum in ieee80211_sta_join_ibss()") 93f56de25937 ("mac80211: Fix clang warning about constant operand in logical operation") a2b7cbdd2559 ("netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch") 765a1077c85e ("HID: sony: Use LED_CORE_SUSPENDRESUME") aa1702dd162f ("cfg80211: Fix array-bounds warning in fragment copy") bbf67e450a5d ("nl80211: Fix enum type of variable in nl80211_put_sta_rate()") 1f3d62090d3b ("xgene_enet: remove bogus forward declarations") 8a8b161df5ce ("usb: gadget: remove redundant self assignment") I have verified these all pick clean. I will send separate patches for the fixes that did not. I have verified everything builds properly with both GCC and Clang on arm and arm64. Thanks! Nathan

7 years, 2 months

2
7
0 0

[RESEND] [PATCH] rtc: snvs: Fix usage of snvs_rtc_enable

by Bryan O'Donoghue

commit 179a502f8c46 ("rtc: snvs: add Freescale rtc-snvs driver") introduces the SNVS RTC driver with a function snvs_rtc_enable(). snvs_rtc_enable() can return an error on the enable path however this driver does not currently trap that failure on the probe() path and consequently if enabling the RTC fails we encounter a later error spinning forever in rtc_write_sync_lp(). [ 36.093481] [<c010d630>] (__irq_svc) from [<c0c2e9ec>] (_raw_spin_unlock_irqrestore+0x34/0x44) [ 36.102122] [<c0c2e9ec>] (_raw_spin_unlock_irqrestore) from [<c072e32c>] (regmap_read+0x4c/0x5c) [ 36.110938] [<c072e32c>] (regmap_read) from [<c085d0f4>] (rtc_write_sync_lp+0x6c/0x98) [ 36.118881] [<c085d0f4>] (rtc_write_sync_lp) from [<c085d160>] (snvs_rtc_alarm_irq_enable+0x40/0x4c) [ 36.128041] [<c085d160>] (snvs_rtc_alarm_irq_enable) from [<c08567b4>] (rtc_timer_do_work+0xd8/0x1a8) [ 36.137291] [<c08567b4>] (rtc_timer_do_work) from [<c01441b8>] (process_one_work+0x28c/0x76c) [ 36.145840] [<c01441b8>] (process_one_work) from [<c01446cc>] (worker_thread+0x34/0x58c) [ 36.153961] [<c01446cc>] (worker_thread) from [<c014aee4>] (kthread+0x138/0x150) [ 36.161388] [<c014aee4>] (kthread) from [<c0107e14>] (ret_from_fork+0x14/0x20) [ 36.168635] rcu_sched kthread starved for 2602 jiffies! g496 c495 f0x2 RCU_GP_WAIT_FQS(3) ->state=0x0 ->cpu=0 [ 36.178564] rcu_sched R running task 0 8 2 0x00000000 [ 36.185664] [<c0c288b0>] (__schedule) from [<c0c29134>] (schedule+0x3c/0xa0) [ 36.192739] [<c0c29134>] (schedule) from [<c0c2db80>] (schedule_timeout+0x78/0x4e0) [ 36.200422] [<c0c2db80>] (schedule_timeout) from [<c01a7ab0>] (rcu_gp_kthread+0x648/0x1864) [ 36.208800] [<c01a7ab0>] (rcu_gp_kthread) from [<c014aee4>] (kthread+0x138/0x150) [ 36.216309] [<c014aee4>] (kthread) from [<c0107e14>] (ret_from_fork+0x14/0x20) This patch fixes by parsing the result of rtc_write_sync_lp() and propagating both in the probe and elsewhere. If the RTC doesn't start we don't proceed loading the driver and don't get into this loop mess later on. Fixes: 179a502f8c46 ("rtc: snvs: add Freescale rtc-snvs driver") Signed-off-by: Bryan O'Donoghue <pure.logic(a)nexus-software.ie> Cc: a.zummo(a)towertech.it Cc: alexandre.belloni(a)free-electrons.com Cc: Pan Bian <bianpan2016(a)163.com> Cc: Guy Shapiro <guy.shapiro(a)mobi-wize.com> Cc: Stefan Agner <stefan(a)agner.ch> Cc: Frank Li <Frank.Li(a)freescale.com> Cc: Shawn Guo <shawn.guo(a)linaro.org> Cc: linux-rtc(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: <stable(a)vger.kernel.org> # v3.16+ --- drivers/rtc/rtc-snvs.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/rtc/rtc-snvs.c b/drivers/rtc/rtc-snvs.c index d8ef9e0..9af591d 100644 --- a/drivers/rtc/rtc-snvs.c +++ b/drivers/rtc/rtc-snvs.c @@ -132,20 +132,23 @@ static int snvs_rtc_set_time(struct device *dev, struct rtc_time *tm) { struct snvs_rtc_data *data = dev_get_drvdata(dev); unsigned long time; + int ret; rtc_tm_to_time(tm, &time); /* Disable RTC first */ - snvs_rtc_enable(data, false); + ret = snvs_rtc_enable(data, false); + if (ret) + return ret; /* Write 32-bit time to 47-bit timer, leaving 15 LSBs blank */ regmap_write(data->regmap, data->offset + SNVS_LPSRTCLR, time << CNTR_TO_SECS_SH); regmap_write(data->regmap, data->offset + SNVS_LPSRTCMR, time >> (32 - CNTR_TO_SECS_SH)); /* Enable RTC again */ - snvs_rtc_enable(data, true); + ret = snvs_rtc_enable(data, true); - return 0; + return ret; } static int snvs_rtc_read_alarm(struct device *dev, struct rtc_wkalrm *alrm) @@ -288,7 +291,11 @@ static int snvs_rtc_probe(struct platform_device *pdev) regmap_write(data->regmap, data->offset + SNVS_LPSR, 0xffffffff); /* Enable RTC */ - snvs_rtc_enable(data, true); + ret = snvs_rtc_enable(data, true); + if (ret) { + dev_err(&pdev->dev, "failed to enable rtc %d\n", ret); + goto error_rtc_device_register; + } device_init_wakeup(&pdev->dev, true); -- 2.7.4

7 years, 2 months

4
7
0 0

[PATCH v2] Bluetooth: Fix connection if directed advertising and privacy is used

by Szymon Janc

Local random address needs to be updated before creating connection if RPA from LE Direct Advertising Report was resolved in host. Otherwise remote device might ignore connection request due to address mismatch. This was affecting following qualification test cases: GAP/CONN/SCEP/BV-03-C, GAP/CONN/GCEP/BV-05-C, GAP/CONN/DCEP/BV-05-C Before patch: < HCI Command: LE Set Random Address (0x08|0x0005) plen 6 #11350 [hci0] 84680.231216 Address: 56:BC:E8:24:11:68 (Resolvable) Identity type: Random (0x01) Identity: F2:F1:06:3D:9C:42 (Static) > HCI Event: Command Complete (0x0e) plen 4 #11351 [hci0] 84680.246022 LE Set Random Address (0x08|0x0005) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 #11352 [hci0] 84680.246417 Type: Passive (0x00) Interval: 60.000 msec (0x0060) Window: 30.000 msec (0x0030) Own address type: Random (0x01) Filter policy: Accept all advertisement, inc. directed unresolved RPA (0x02) > HCI Event: Command Complete (0x0e) plen 4 #11353 [hci0] 84680.248854 LE Set Scan Parameters (0x08|0x000b) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #11354 [hci0] 84680.249466 Scanning: Enabled (0x01) Filter duplicates: Enabled (0x01) > HCI Event: Command Complete (0x0e) plen 4 #11355 [hci0] 84680.253222 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 18 #11356 [hci0] 84680.458387 LE Direct Advertising Report (0x0b) Num reports: 1 Event type: Connectable directed - ADV_DIRECT_IND (0x01) Address type: Random (0x01) Address: 53:38:DA:46:8C:45 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Direct address type: Random (0x01) Direct address: 7C:D6:76:8C:DF:82 (Resolvable) Identity type: Random (0x01) Identity: F2:F1:06:3D:9C:42 (Static) RSSI: -74 dBm (0xb6) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #11357 [hci0] 84680.458737 Scanning: Disabled (0x00) Filter duplicates: Disabled (0x00) > HCI Event: Command Complete (0x0e) plen 4 #11358 [hci0] 84680.469982 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) < HCI Command: LE Create Connection (0x08|0x000d) plen 25 #11359 [hci0] 84680.470444 Scan interval: 60.000 msec (0x0060) Scan window: 60.000 msec (0x0060) Filter policy: White list is not used (0x00) Peer address type: Random (0x01) Peer address: 53:38:DA:46:8C:45 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Own address type: Random (0x01) Min connection interval: 30.00 msec (0x0018) Max connection interval: 50.00 msec (0x0028) Connection latency: 0 (0x0000) Supervision timeout: 420 msec (0x002a) Min connection length: 0.000 msec (0x0000) Max connection length: 0.000 msec (0x0000) > HCI Event: Command Status (0x0f) plen 4 #11360 [hci0] 84680.474971 LE Create Connection (0x08|0x000d) ncmd 1 Status: Success (0x00) < HCI Command: LE Create Connection Cancel (0x08|0x000e) plen 0 #11361 [hci0] 84682.545385 > HCI Event: Command Complete (0x0e) plen 4 #11362 [hci0] 84682.551014 LE Create Connection Cancel (0x08|0x000e) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 19 #11363 [hci0] 84682.551074 LE Connection Complete (0x01) Status: Unknown Connection Identifier (0x02) Handle: 0 Role: Master (0x00) Peer address type: Public (0x00) Peer address: 00:00:00:00:00:00 (OUI 00-00-00) Connection interval: 0.00 msec (0x0000) Connection latency: 0 (0x0000) Supervision timeout: 0 msec (0x0000) Master clock accuracy: 0x00 After patch: < HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 #210 [hci0] 667.152459 Type: Passive (0x00) Interval: 60.000 msec (0x0060) Window: 30.000 msec (0x0030) Own address type: Random (0x01) Filter policy: Accept all advertisement, inc. directed unresolved RPA (0x02) > HCI Event: Command Complete (0x0e) plen 4 #211 [hci0] 667.153613 LE Set Scan Parameters (0x08|0x000b) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #212 [hci0] 667.153704 Scanning: Enabled (0x01) Filter duplicates: Enabled (0x01) > HCI Event: Command Complete (0x0e) plen 4 #213 [hci0] 667.154584 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 18 #214 [hci0] 667.182619 LE Direct Advertising Report (0x0b) Num reports: 1 Event type: Connectable directed - ADV_DIRECT_IND (0x01) Address type: Random (0x01) Address: 50:52:D9:A6:48:A0 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Direct address type: Random (0x01) Direct address: 7C:C1:57:A5:B7:A8 (Resolvable) Identity type: Random (0x01) Identity: F4:28:73:5D:38:B0 (Static) RSSI: -70 dBm (0xba) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #215 [hci0] 667.182704 Scanning: Disabled (0x00) Filter duplicates: Disabled (0x00) > HCI Event: Command Complete (0x0e) plen 4 #216 [hci0] 667.183599 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Random Address (0x08|0x0005) plen 6 #217 [hci0] 667.183645 Address: 7C:C1:57:A5:B7:A8 (Resolvable) Identity type: Random (0x01) Identity: F4:28:73:5D:38:B0 (Static) > HCI Event: Command Complete (0x0e) plen 4 #218 [hci0] 667.184590 LE Set Random Address (0x08|0x0005) ncmd 1 Status: Success (0x00) < HCI Command: LE Create Connection (0x08|0x000d) plen 25 #219 [hci0] 667.184613 Scan interval: 60.000 msec (0x0060) Scan window: 60.000 msec (0x0060) Filter policy: White list is not used (0x00) Peer address type: Random (0x01) Peer address: 50:52:D9:A6:48:A0 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Own address type: Random (0x01) Min connection interval: 30.00 msec (0x0018) Max connection interval: 50.00 msec (0x0028) Connection latency: 0 (0x0000) Supervision timeout: 420 msec (0x002a) Min connection length: 0.000 msec (0x0000) Max connection length: 0.000 msec (0x0000) > HCI Event: Command Status (0x0f) plen 4 #220 [hci0] 667.186558 LE Create Connection (0x08|0x000d) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 19 #221 [hci0] 667.485824 LE Connection Complete (0x01) Status: Success (0x00) Handle: 0 Role: Master (0x00) Peer address type: Random (0x01) Peer address: 50:52:D9:A6:48:A0 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Connection interval: 50.00 msec (0x0028) Connection latency: 0 (0x0000) Supervision timeout: 420 msec (0x002a) Master clock accuracy: 0x07 @ MGMT Event: Device Connected (0x000b) plen 13 {0x0002} [hci0] 667.485996 LE Address: 11:22:33:44:55:66 (OUI 11-22-33) Flags: 0x00000000 Data length: 0 Signed-off-by: Szymon Janc <szymon.janc(a)codecoup.pl> Cc: stable(a)vger.kernel.org --- include/net/bluetooth/hci_core.h | 2 +- net/bluetooth/hci_conn.c | 29 +++++++++++++++++++++-------- net/bluetooth/hci_event.c | 15 +++++++++++---- net/bluetooth/l2cap_core.c | 2 +- 4 files changed, 34 insertions(+), 14 deletions(-) diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 95ccc1eef558..b619a190ff12 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h @@ -895,7 +895,7 @@ struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, u16 conn_timeout); struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, u8 dst_type, u8 sec_level, u16 conn_timeout, - u8 role); + u8 role, bdaddr_t *direct_rpa); struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, u8 sec_level, u8 auth_type); struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index a9682534c377..45ff5dc124cc 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -749,18 +749,31 @@ static bool conn_use_rpa(struct hci_conn *conn) } static void hci_req_add_le_create_conn(struct hci_request *req, - struct hci_conn *conn) + struct hci_conn *conn, + bdaddr_t *direct_rpa) { struct hci_cp_le_create_conn cp; struct hci_dev *hdev = conn->hdev; u8 own_addr_type; - /* Update random address, but set require_privacy to false so - * that we never connect with an non-resolvable address. + /* If direct address was provided we use it instead of current + * address. */ - if (hci_update_random_address(req, false, conn_use_rpa(conn), - &own_addr_type)) - return; + if (direct_rpa) { + if (bacmp(&req->hdev->random_addr, direct_rpa)) + hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, + direct_rpa); + + /* direct address is always RPA */ + own_addr_type = ADDR_LE_DEV_RANDOM; + } else { + /* Update random address, but set require_privacy to false so + * that we never connect with an non-resolvable address. + */ + if (hci_update_random_address(req, false, conn_use_rpa(conn), + &own_addr_type)) + return; + } memset(&cp, 0, sizeof(cp)); @@ -825,7 +838,7 @@ static void hci_req_directed_advertising(struct hci_request *req, struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, u8 dst_type, u8 sec_level, u16 conn_timeout, - u8 role) + u8 role, bdaddr_t *direct_rpa) { struct hci_conn_params *params; struct hci_conn *conn; @@ -940,7 +953,7 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, hci_dev_set_flag(hdev, HCI_LE_SCAN_INTERRUPTED); } - hci_req_add_le_create_conn(&req, conn); + hci_req_add_le_create_conn(&req, conn, direct_rpa); create_conn: err = hci_req_run(&req, create_le_conn_complete); diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index cd3bbb766c24..139707cd9d35 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -4648,7 +4648,8 @@ static void hci_le_conn_update_complete_evt(struct hci_dev *hdev, /* This function requires the caller holds hdev->lock */ static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr, - u8 addr_type, u8 adv_type) + u8 addr_type, u8 adv_type, + bdaddr_t *direct_rpa) { struct hci_conn *conn; struct hci_conn_params *params; @@ -4699,7 +4700,8 @@ static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, } conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW, - HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER); + HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER, + direct_rpa); if (!IS_ERR(conn)) { /* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned * by higher layer that tried to connect, if no then @@ -4808,8 +4810,13 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr, bdaddr_type = irk->addr_type; } - /* Check if we have been requested to connect to this device */ - conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type); + /* Check if we have been requested to connect to this device. + * + * direct_addr is set only for directed advertising reports (it is NULL + * for advertising reports) and is already verified to be RPA above. + */ + conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type, + direct_addr); if (conn && type == LE_ADV_IND) { /* Store report for later inclusion by * mgmt_device_connected diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index fc6615d59165..9b7907ebfa01 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -7156,7 +7156,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, hcon = hci_connect_le(hdev, dst, dst_type, chan->sec_level, HCI_LE_CONN_TIMEOUT, - HCI_ROLE_SLAVE); + HCI_ROLE_SLAVE, NULL); else hcon = hci_connect_le_scan(hdev, dst, dst_type, chan->sec_level, -- 2.14.3

7 years, 2 months

2
1
0 0

Patch "jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: jiffies.h-declare-jiffies-and-jiffies_64-with-____cacheline_aligned_in_smp.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 7c30f352c852bae2715ad65ac4a38ca9af7d7696 Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke <mka(a)chromium.org> Date: Mon, 8 May 2017 15:55:05 -0700 Subject: jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp From: Matthias Kaehlcke <mka(a)chromium.org> commit 7c30f352c852bae2715ad65ac4a38ca9af7d7696 upstream. jiffies_64 is defined in kernel/time/timer.c with ____cacheline_aligned_in_smp, however this macro is not part of the declaration of jiffies and jiffies_64 in jiffies.h. As a result clang generates the following warning: kernel/time/timer.c:57:26: error: section does not match previous declaration [-Werror,-Wsection] __visible u64 jiffies_64 __cacheline_aligned_in_smp = INITIAL_JIFFIES; ^ include/linux/cache.h:39:36: note: expanded from macro '__cacheline_aligned_in_smp' ^ include/linux/cache.h:34:4: note: expanded from macro '__cacheline_aligned' __section__(".data..cacheline_aligned"))) ^ include/linux/jiffies.h:77:12: note: previous attribute is here extern u64 __jiffy_data jiffies_64; ^ include/linux/jiffies.h:70:38: note: expanded from macro '__jiffy_data' Link: http://lkml.kernel.org/r/20170403190200.70273-1-mka@chromium.org Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Cc: "Jason A . Donenfeld" <Jason(a)zx2c4.com> Cc: Grant Grundler <grundler(a)chromium.org> Cc: Michael Davidson <md(a)google.com> Cc: Greg Hackmann <ghackmann(a)google.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/linux/jiffies.h | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) --- a/include/linux/jiffies.h +++ b/include/linux/jiffies.h @@ -1,6 +1,7 @@ #ifndef _LINUX_JIFFIES_H #define _LINUX_JIFFIES_H +#include <linux/cache.h> #include <linux/math64.h> #include <linux/kernel.h> #include <linux/types.h> @@ -63,19 +64,13 @@ extern int register_refined_jiffies(long /* TICK_USEC is the time between ticks in usec assuming fake USER_HZ */ #define TICK_USEC ((1000000UL + USER_HZ/2) / USER_HZ) -/* some arch's have a small-data section that can be accessed register-relative - * but that can only take up to, say, 4-byte variables. jiffies being part of - * an 8-byte variable may not be correctly accessed unless we force the issue - */ -#define __jiffy_data __attribute__((section(".data"))) - /* * The 64-bit value is not atomic - you MUST NOT read it * without sampling the sequence number in jiffies_lock. * get_jiffies_64() will do this for you as appropriate. */ -extern u64 __jiffy_data jiffies_64; -extern unsigned long volatile __jiffy_data jiffies; +extern u64 __cacheline_aligned_in_smp jiffies_64; +extern unsigned long volatile __cacheline_aligned_in_smp jiffies; #if (BITS_PER_LONG < 64) u64 get_jiffies_64(void); Patches currently in stable-queue which might be from mka(a)chromium.org are queue-4.9/dm-ioctl-remove-double-parentheses.patch queue-4.9/genirq-use-cpumask_available-for-check-of-cpumask-variable.patch queue-4.9/fs-compat-remove-warning-from-compatible_ioctl.patch queue-4.9/jiffies.h-declare-jiffies-and-jiffies_64-with-____cacheline_aligned_in_smp.patch queue-4.9/selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch queue-4.9/pci-make-pci_rom_address_mask-a-32-bit-constant.patch queue-4.9/frv-declare-jiffies-to-be-located-in-the-.data-section.patch queue-4.9/cpumask-add-helper-cpumask_available.patch

7 years, 2 months

1
0
0 0

Patch "frv: declare jiffies to be located in the .data section" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled frv: declare jiffies to be located in the .data section to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: frv-declare-jiffies-to-be-located-in-the-.data-section.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 60b0a8c3d2480f3b57282b47b7cae7ee71c48635 Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke <mka(a)chromium.org> Date: Fri, 2 Jun 2017 14:46:16 -0700 Subject: frv: declare jiffies to be located in the .data section From: Matthias Kaehlcke <mka(a)chromium.org> commit 60b0a8c3d2480f3b57282b47b7cae7ee71c48635 upstream. Commit 7c30f352c852 ("jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp") removed a section specification from the jiffies declaration that caused conflicts on some platforms. Unfortunately this change broke the build for frv: kernel/built-in.o: In function `__do_softirq': (.text+0x6460): relocation truncated to fit: R_FRV_GPREL12 against symbol `jiffies' defined in *ABS* section in .tmp_vmlinux1 kernel/built-in.o: In function `__do_softirq': (.text+0x6574): relocation truncated to fit: R_FRV_GPREL12 against symbol `jiffies' defined in *ABS* section in .tmp_vmlinux1 kernel/built-in.o: In function `pwq_activate_delayed_work': workqueue.c:(.text+0x15b9c): relocation truncated to fit: R_FRV_GPREL12 against symbol `jiffies' defined in *ABS* section in .tmp_vmlinux1 ... Add __jiffy_arch_data to the declaration of jiffies and use it on frv to include the section specification. For all other platforms __jiffy_arch_data (currently) has no effect. Fixes: 7c30f352c852 ("jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp") Link: http://lkml.kernel.org/r/20170516221333.177280-1-mka@chromium.org Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Reported-by: Guenter Roeck <linux(a)roeck-us.net> Tested-by: Guenter Roeck <linux(a)roeck-us.net> Reviewed-by: David Howells <dhowells(a)redhat.com> Cc: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/frv/include/asm/timex.h | 6 ++++++ include/linux/jiffies.h | 6 +++++- 2 files changed, 11 insertions(+), 1 deletion(-) --- a/arch/frv/include/asm/timex.h +++ b/arch/frv/include/asm/timex.h @@ -16,5 +16,11 @@ static inline cycles_t get_cycles(void) #define vxtime_lock() do {} while (0) #define vxtime_unlock() do {} while (0) +/* This attribute is used in include/linux/jiffies.h alongside with + * __cacheline_aligned_in_smp. It is assumed that __cacheline_aligned_in_smp + * for frv does not contain another section specification. + */ +#define __jiffy_arch_data __attribute__((__section__(".data"))) + #endif --- a/include/linux/jiffies.h +++ b/include/linux/jiffies.h @@ -64,13 +64,17 @@ extern int register_refined_jiffies(long /* TICK_USEC is the time between ticks in usec assuming fake USER_HZ */ #define TICK_USEC ((1000000UL + USER_HZ/2) / USER_HZ) +#ifndef __jiffy_arch_data +#define __jiffy_arch_data +#endif + /* * The 64-bit value is not atomic - you MUST NOT read it * without sampling the sequence number in jiffies_lock. * get_jiffies_64() will do this for you as appropriate. */ extern u64 __cacheline_aligned_in_smp jiffies_64; -extern unsigned long volatile __cacheline_aligned_in_smp jiffies; +extern unsigned long volatile __cacheline_aligned_in_smp __jiffy_arch_data jiffies; #if (BITS_PER_LONG < 64) u64 get_jiffies_64(void); Patches currently in stable-queue which might be from mka(a)chromium.org are queue-4.9/dm-ioctl-remove-double-parentheses.patch queue-4.9/genirq-use-cpumask_available-for-check-of-cpumask-variable.patch queue-4.9/fs-compat-remove-warning-from-compatible_ioctl.patch queue-4.9/jiffies.h-declare-jiffies-and-jiffies_64-with-____cacheline_aligned_in_smp.patch queue-4.9/selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch queue-4.9/pci-make-pci_rom_address_mask-a-32-bit-constant.patch queue-4.9/frv-declare-jiffies-to-be-located-in-the-.data-section.patch queue-4.9/cpumask-add-helper-cpumask_available.patch

7 years, 2 months

1
0
0 0

Patch "jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: jiffies.h-declare-jiffies-and-jiffies_64-with-____cacheline_aligned_in_smp.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 7c30f352c852bae2715ad65ac4a38ca9af7d7696 Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke <mka(a)chromium.org> Date: Mon, 8 May 2017 15:55:05 -0700 Subject: jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp From: Matthias Kaehlcke <mka(a)chromium.org> commit 7c30f352c852bae2715ad65ac4a38ca9af7d7696 upstream. jiffies_64 is defined in kernel/time/timer.c with ____cacheline_aligned_in_smp, however this macro is not part of the declaration of jiffies and jiffies_64 in jiffies.h. As a result clang generates the following warning: kernel/time/timer.c:57:26: error: section does not match previous declaration [-Werror,-Wsection] __visible u64 jiffies_64 __cacheline_aligned_in_smp = INITIAL_JIFFIES; ^ include/linux/cache.h:39:36: note: expanded from macro '__cacheline_aligned_in_smp' ^ include/linux/cache.h:34:4: note: expanded from macro '__cacheline_aligned' __section__(".data..cacheline_aligned"))) ^ include/linux/jiffies.h:77:12: note: previous attribute is here extern u64 __jiffy_data jiffies_64; ^ include/linux/jiffies.h:70:38: note: expanded from macro '__jiffy_data' Link: http://lkml.kernel.org/r/20170403190200.70273-1-mka@chromium.org Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Cc: "Jason A . Donenfeld" <Jason(a)zx2c4.com> Cc: Grant Grundler <grundler(a)chromium.org> Cc: Michael Davidson <md(a)google.com> Cc: Greg Hackmann <ghackmann(a)google.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/linux/jiffies.h | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) --- a/include/linux/jiffies.h +++ b/include/linux/jiffies.h @@ -1,6 +1,7 @@ #ifndef _LINUX_JIFFIES_H #define _LINUX_JIFFIES_H +#include <linux/cache.h> #include <linux/math64.h> #include <linux/kernel.h> #include <linux/types.h> @@ -63,19 +64,13 @@ extern int register_refined_jiffies(long /* TICK_USEC is the time between ticks in usec assuming fake USER_HZ */ #define TICK_USEC ((1000000UL + USER_HZ/2) / USER_HZ) -/* some arch's have a small-data section that can be accessed register-relative - * but that can only take up to, say, 4-byte variables. jiffies being part of - * an 8-byte variable may not be correctly accessed unless we force the issue - */ -#define __jiffy_data __attribute__((section(".data"))) - /* * The 64-bit value is not atomic - you MUST NOT read it * without sampling the sequence number in jiffies_lock. * get_jiffies_64() will do this for you as appropriate. */ -extern u64 __jiffy_data jiffies_64; -extern unsigned long volatile __jiffy_data jiffies; +extern u64 __cacheline_aligned_in_smp jiffies_64; +extern unsigned long volatile __cacheline_aligned_in_smp jiffies; #if (BITS_PER_LONG < 64) u64 get_jiffies_64(void); Patches currently in stable-queue which might be from mka(a)chromium.org are queue-4.4/dm-ioctl-remove-double-parentheses.patch queue-4.4/genirq-use-cpumask_available-for-check-of-cpumask-variable.patch queue-4.4/fs-compat-remove-warning-from-compatible_ioctl.patch queue-4.4/jiffies.h-declare-jiffies-and-jiffies_64-with-____cacheline_aligned_in_smp.patch queue-4.4/selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch queue-4.4/pci-make-pci_rom_address_mask-a-32-bit-constant.patch queue-4.4/frv-declare-jiffies-to-be-located-in-the-.data-section.patch queue-4.4/cpumask-add-helper-cpumask_available.patch

7 years, 2 months

1
0
0 0

Patch "frv: declare jiffies to be located in the .data section" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled frv: declare jiffies to be located in the .data section to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: frv-declare-jiffies-to-be-located-in-the-.data-section.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 60b0a8c3d2480f3b57282b47b7cae7ee71c48635 Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke <mka(a)chromium.org> Date: Fri, 2 Jun 2017 14:46:16 -0700 Subject: frv: declare jiffies to be located in the .data section From: Matthias Kaehlcke <mka(a)chromium.org> commit 60b0a8c3d2480f3b57282b47b7cae7ee71c48635 upstream. Commit 7c30f352c852 ("jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp") removed a section specification from the jiffies declaration that caused conflicts on some platforms. Unfortunately this change broke the build for frv: kernel/built-in.o: In function `__do_softirq': (.text+0x6460): relocation truncated to fit: R_FRV_GPREL12 against symbol `jiffies' defined in *ABS* section in .tmp_vmlinux1 kernel/built-in.o: In function `__do_softirq': (.text+0x6574): relocation truncated to fit: R_FRV_GPREL12 against symbol `jiffies' defined in *ABS* section in .tmp_vmlinux1 kernel/built-in.o: In function `pwq_activate_delayed_work': workqueue.c:(.text+0x15b9c): relocation truncated to fit: R_FRV_GPREL12 against symbol `jiffies' defined in *ABS* section in .tmp_vmlinux1 ... Add __jiffy_arch_data to the declaration of jiffies and use it on frv to include the section specification. For all other platforms __jiffy_arch_data (currently) has no effect. Fixes: 7c30f352c852 ("jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp") Link: http://lkml.kernel.org/r/20170516221333.177280-1-mka@chromium.org Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Reported-by: Guenter Roeck <linux(a)roeck-us.net> Tested-by: Guenter Roeck <linux(a)roeck-us.net> Reviewed-by: David Howells <dhowells(a)redhat.com> Cc: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/frv/include/asm/timex.h | 6 ++++++ include/linux/jiffies.h | 6 +++++- 2 files changed, 11 insertions(+), 1 deletion(-) --- a/arch/frv/include/asm/timex.h +++ b/arch/frv/include/asm/timex.h @@ -16,5 +16,11 @@ static inline cycles_t get_cycles(void) #define vxtime_lock() do {} while (0) #define vxtime_unlock() do {} while (0) +/* This attribute is used in include/linux/jiffies.h alongside with + * __cacheline_aligned_in_smp. It is assumed that __cacheline_aligned_in_smp + * for frv does not contain another section specification. + */ +#define __jiffy_arch_data __attribute__((__section__(".data"))) + #endif --- a/include/linux/jiffies.h +++ b/include/linux/jiffies.h @@ -64,13 +64,17 @@ extern int register_refined_jiffies(long /* TICK_USEC is the time between ticks in usec assuming fake USER_HZ */ #define TICK_USEC ((1000000UL + USER_HZ/2) / USER_HZ) +#ifndef __jiffy_arch_data +#define __jiffy_arch_data +#endif + /* * The 64-bit value is not atomic - you MUST NOT read it * without sampling the sequence number in jiffies_lock. * get_jiffies_64() will do this for you as appropriate. */ extern u64 __cacheline_aligned_in_smp jiffies_64; -extern unsigned long volatile __cacheline_aligned_in_smp jiffies; +extern unsigned long volatile __cacheline_aligned_in_smp __jiffy_arch_data jiffies; #if (BITS_PER_LONG < 64) u64 get_jiffies_64(void); Patches currently in stable-queue which might be from mka(a)chromium.org are queue-4.4/dm-ioctl-remove-double-parentheses.patch queue-4.4/genirq-use-cpumask_available-for-check-of-cpumask-variable.patch queue-4.4/fs-compat-remove-warning-from-compatible_ioctl.patch queue-4.4/jiffies.h-declare-jiffies-and-jiffies_64-with-____cacheline_aligned_in_smp.patch queue-4.4/selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch queue-4.4/pci-make-pci_rom_address_mask-a-32-bit-constant.patch queue-4.4/frv-declare-jiffies-to-be-located-in-the-.data-section.patch queue-4.4/cpumask-add-helper-cpumask_available.patch

7 years, 2 months

1
0
0 0

[PATCH 1/3] virt: vbox: Add vbg_req_free() helper function

by Hans de Goede

This is a preparation patch for fixing issues on x86_64 virtual-machines with more then 4G of RAM, atm we pass __GFP_DMA32 to kmalloc, but kmalloc does not honor that, so we need to switch to get_pages, which means we will not be able to use kfree to free memory allocated with vbg_alloc_req. While at it also remove a comment on a vbg_alloc_req call which talks about Windows (inherited from the vbox upstream cross-platform code). Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/virt/vboxguest/vboxguest_core.c | 66 +++++++++++++----------- drivers/virt/vboxguest/vboxguest_utils.c | 14 +++-- include/linux/vbox_utils.h | 7 +++ 3 files changed, 53 insertions(+), 34 deletions(-) diff --git a/drivers/virt/vboxguest/vboxguest_core.c b/drivers/virt/vboxguest/vboxguest_core.c index 190dbf8cfcb5..7411a535fda2 100644 --- a/drivers/virt/vboxguest/vboxguest_core.c +++ b/drivers/virt/vboxguest/vboxguest_core.c @@ -114,7 +114,7 @@ static void vbg_guest_mappings_init(struct vbg_dev *gdev) } out: - kfree(req); + vbg_req_free(req, sizeof(*req)); kfree(pages); } @@ -144,7 +144,7 @@ static void vbg_guest_mappings_exit(struct vbg_dev *gdev) rc = vbg_req_perform(gdev, req); - kfree(req); + vbg_req_free(req, sizeof(*req)); if (rc < 0) { vbg_err("%s error: %d\n", __func__, rc); @@ -214,8 +214,8 @@ static int vbg_report_guest_info(struct vbg_dev *gdev) ret = vbg_status_code_to_errno(rc); out_free: - kfree(req2); - kfree(req1); + vbg_req_free(req2, sizeof(*req2)); + vbg_req_free(req1, sizeof(*req1)); return ret; } @@ -245,7 +245,7 @@ static int vbg_report_driver_status(struct vbg_dev *gdev, bool active) if (rc == VERR_NOT_IMPLEMENTED) /* Compatibility with older hosts. */ rc = VINF_SUCCESS; - kfree(req); + vbg_req_free(req, sizeof(*req)); return vbg_status_code_to_errno(rc); } @@ -431,7 +431,7 @@ static int vbg_heartbeat_host_config(struct vbg_dev *gdev, bool enabled) rc = vbg_req_perform(gdev, req); do_div(req->interval_ns, 1000000); /* ns -> ms */ gdev->heartbeat_interval_ms = req->interval_ns; - kfree(req); + vbg_req_free(req, sizeof(*req)); return vbg_status_code_to_errno(rc); } @@ -454,12 +454,6 @@ static int vbg_heartbeat_init(struct vbg_dev *gdev) if (ret < 0) return ret; - /* - * Preallocate the request to use it from the timer callback because: - * 1) on Windows vbg_req_alloc must be called at IRQL <= APC_LEVEL - * and the timer callback runs at DISPATCH_LEVEL; - * 2) avoid repeated allocations. - */ gdev->guest_heartbeat_req = vbg_req_alloc( sizeof(*gdev->guest_heartbeat_req), VMMDEVREQ_GUEST_HEARTBEAT); @@ -481,8 +475,8 @@ static void vbg_heartbeat_exit(struct vbg_dev *gdev) { del_timer_sync(&gdev->heartbeat_timer); vbg_heartbeat_host_config(gdev, false); - kfree(gdev->guest_heartbeat_req); - + vbg_req_free(gdev->guest_heartbeat_req, + sizeof(*gdev->guest_heartbeat_req)); } /** @@ -543,7 +537,7 @@ static int vbg_reset_host_event_filter(struct vbg_dev *gdev, if (rc < 0) vbg_err("%s error, rc: %d\n", __func__, rc); - kfree(req); + vbg_req_free(req, sizeof(*req)); return vbg_status_code_to_errno(rc); } @@ -617,7 +611,7 @@ static int vbg_set_session_event_filter(struct vbg_dev *gdev, out: mutex_unlock(&gdev->session_mutex); - kfree(req); + vbg_req_free(req, sizeof(*req)); return ret; } @@ -642,7 +636,7 @@ static int vbg_reset_host_capabilities(struct vbg_dev *gdev) if (rc < 0) vbg_err("%s error, rc: %d\n", __func__, rc); - kfree(req); + vbg_req_free(req, sizeof(*req)); return vbg_status_code_to_errno(rc); } @@ -712,7 +706,7 @@ static int vbg_set_session_capabilities(struct vbg_dev *gdev, out: mutex_unlock(&gdev->session_mutex); - kfree(req); + vbg_req_free(req, sizeof(*req)); return ret; } @@ -749,7 +743,7 @@ static int vbg_query_host_version(struct vbg_dev *gdev) } out: - kfree(req); + vbg_req_free(req, sizeof(*req)); return ret; } @@ -847,11 +841,16 @@ int vbg_core_init(struct vbg_dev *gdev, u32 fixed_events) return 0; err_free_reqs: - kfree(gdev->mouse_status_req); - kfree(gdev->ack_events_req); - kfree(gdev->cancel_req); - kfree(gdev->mem_balloon.change_req); - kfree(gdev->mem_balloon.get_req); + vbg_req_free(gdev->mouse_status_req, + sizeof(*gdev->mouse_status_req)); + vbg_req_free(gdev->ack_events_req, + sizeof(*gdev->ack_events_req)); + vbg_req_free(gdev->cancel_req, + sizeof(*gdev->cancel_req)); + vbg_req_free(gdev->mem_balloon.change_req, + sizeof(*gdev->mem_balloon.change_req)); + vbg_req_free(gdev->mem_balloon.get_req, + sizeof(*gdev->mem_balloon.get_req)); return ret; } @@ -872,11 +871,16 @@ void vbg_core_exit(struct vbg_dev *gdev) vbg_reset_host_capabilities(gdev); vbg_core_set_mouse_status(gdev, 0); - kfree(gdev->mouse_status_req); - kfree(gdev->ack_events_req); - kfree(gdev->cancel_req); - kfree(gdev->mem_balloon.change_req); - kfree(gdev->mem_balloon.get_req); + vbg_req_free(gdev->mouse_status_req, + sizeof(*gdev->mouse_status_req)); + vbg_req_free(gdev->ack_events_req, + sizeof(*gdev->ack_events_req)); + vbg_req_free(gdev->cancel_req, + sizeof(*gdev->cancel_req)); + vbg_req_free(gdev->mem_balloon.change_req, + sizeof(*gdev->mem_balloon.change_req)); + vbg_req_free(gdev->mem_balloon.get_req, + sizeof(*gdev->mem_balloon.get_req)); } /** @@ -1415,7 +1419,7 @@ static int vbg_ioctl_write_core_dump(struct vbg_dev *gdev, req->flags = dump->u.in.flags; dump->hdr.rc = vbg_req_perform(gdev, req); - kfree(req); + vbg_req_free(req, sizeof(*req)); return 0; } @@ -1513,7 +1517,7 @@ int vbg_core_set_mouse_status(struct vbg_dev *gdev, u32 features) if (rc < 0) vbg_err("%s error, rc: %d\n", __func__, rc); - kfree(req); + vbg_req_free(req, sizeof(*req)); return vbg_status_code_to_errno(rc); } diff --git a/drivers/virt/vboxguest/vboxguest_utils.c b/drivers/virt/vboxguest/vboxguest_utils.c index 0f0dab8023cf..bad915463359 100644 --- a/drivers/virt/vboxguest/vboxguest_utils.c +++ b/drivers/virt/vboxguest/vboxguest_utils.c @@ -82,6 +82,14 @@ void *vbg_req_alloc(size_t len, enum vmmdev_request_type req_type) return req; } +void vbg_req_free(void *req, size_t len) +{ + if (!req) + return; + + kfree(req); +} + /* Note this function returns a VBox status code, not a negative errno!! */ int vbg_req_perform(struct vbg_dev *gdev, void *req) { @@ -137,7 +145,7 @@ int vbg_hgcm_connect(struct vbg_dev *gdev, rc = hgcm_connect->header.result; } - kfree(hgcm_connect); + vbg_req_free(hgcm_connect, sizeof(*hgcm_connect)); *vbox_status = rc; return 0; @@ -166,7 +174,7 @@ int vbg_hgcm_disconnect(struct vbg_dev *gdev, u32 client_id, int *vbox_status) if (rc >= 0) rc = hgcm_disconnect->header.result; - kfree(hgcm_disconnect); + vbg_req_free(hgcm_disconnect, sizeof(*hgcm_disconnect)); *vbox_status = rc; return 0; @@ -623,7 +631,7 @@ int vbg_hgcm_call(struct vbg_dev *gdev, u32 client_id, u32 function, } if (!leak_it) - kfree(call); + vbg_req_free(call, size); free_bounce_bufs: if (bounce_bufs) { diff --git a/include/linux/vbox_utils.h b/include/linux/vbox_utils.h index c71def6b310f..0b7cd179f2ee 100644 --- a/include/linux/vbox_utils.h +++ b/include/linux/vbox_utils.h @@ -33,6 +33,13 @@ __printf(1, 2) void vbg_debug(const char *fmt, ...); */ void *vbg_req_alloc(size_t len, enum vmmdev_request_type req_type); +/** + * Free a request allocated by vbg_req_alloc() + * @req: Request to free. + * @len: Length, must be the same as the value used for alloc. + */ +void vbg_req_free(void *req, size_t len); + /** * Perform a generic request. * -- 2.17.0.rc1

7 years, 2 months

2
10
0 0

Patch "selinux: Remove unnecessary check of array base in selinux_set_mapping()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled selinux: Remove unnecessary check of array base in selinux_set_mapping() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 342e91578eb6909529bc7095964cd44b9c057c4e Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke <mka(a)chromium.org> Date: Thu, 16 Mar 2017 15:26:52 -0700 Subject: selinux: Remove unnecessary check of array base in selinux_set_mapping() From: Matthias Kaehlcke <mka(a)chromium.org> commit 342e91578eb6909529bc7095964cd44b9c057c4e upstream. 'perms' will never be NULL since it isn't a plain pointer but an array of u32 values. This fixes the following warning when building with clang: security/selinux/ss/services.c:158:16: error: address of array 'p_in->perms' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] while (p_in->perms && p_in->perms[k]) { Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Paul Moore <paul(a)paul-moore.com> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- security/selinux/ss/services.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -155,7 +155,7 @@ static int selinux_set_mapping(struct po } k = 0; - while (p_in->perms && p_in->perms[k]) { + while (p_in->perms[k]) { /* An empty permission string skips ahead */ if (!*p_in->perms[k]) { k++; Patches currently in stable-queue which might be from mka(a)chromium.org are queue-4.9/dm-ioctl-remove-double-parentheses.patch queue-4.9/genirq-use-cpumask_available-for-check-of-cpumask-variable.patch queue-4.9/fs-compat-remove-warning-from-compatible_ioctl.patch queue-4.9/selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch queue-4.9/pci-make-pci_rom_address_mask-a-32-bit-constant.patch queue-4.9/cpumask-add-helper-cpumask_available.patch

7 years, 2 months

1
0
0 0

Patch "PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: pci-make-pci_rom_address_mask-a-32-bit-constant.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 76dc52684d0f72971d9f6cc7d5ae198061b715bd Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke <mka(a)chromium.org> Date: Fri, 14 Apr 2017 13:38:02 -0700 Subject: PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant From: Matthias Kaehlcke <mka(a)chromium.org> commit 76dc52684d0f72971d9f6cc7d5ae198061b715bd upstream. A 64-bit value is not needed since a PCI ROM address consists in 32 bits. This fixes a clang warning about "implicit conversion from 'unsigned long' to 'u32'". Also remove now unnecessary casts to u32 from __pci_read_base() and pci_std_update_resource(). Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/pci/probe.c | 2 +- drivers/pci/setup-res.c | 2 +- include/uapi/linux/pci_regs.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -231,7 +231,7 @@ int __pci_read_base(struct pci_dev *dev, res->flags |= IORESOURCE_ROM_ENABLE; l64 = l & PCI_ROM_ADDRESS_MASK; sz64 = sz & PCI_ROM_ADDRESS_MASK; - mask64 = (u32)PCI_ROM_ADDRESS_MASK; + mask64 = PCI_ROM_ADDRESS_MASK; } if (res->flags & IORESOURCE_MEM_64) { --- a/drivers/pci/setup-res.c +++ b/drivers/pci/setup-res.c @@ -63,7 +63,7 @@ static void pci_std_update_resource(stru mask = (u32)PCI_BASE_ADDRESS_IO_MASK; new |= res->flags & ~PCI_BASE_ADDRESS_IO_MASK; } else if (resno == PCI_ROM_RESOURCE) { - mask = (u32)PCI_ROM_ADDRESS_MASK; + mask = PCI_ROM_ADDRESS_MASK; } else { mask = (u32)PCI_BASE_ADDRESS_MEM_MASK; new |= res->flags & ~PCI_BASE_ADDRESS_MEM_MASK; --- a/include/uapi/linux/pci_regs.h +++ b/include/uapi/linux/pci_regs.h @@ -106,7 +106,7 @@ #define PCI_SUBSYSTEM_ID 0x2e #define PCI_ROM_ADDRESS 0x30 /* Bits 31..11 are address, 10..1 reserved */ #define PCI_ROM_ADDRESS_ENABLE 0x01 -#define PCI_ROM_ADDRESS_MASK (~0x7ffUL) +#define PCI_ROM_ADDRESS_MASK (~0x7ffU) #define PCI_CAPABILITY_LIST 0x34 /* Offset of first capability list entry */ Patches currently in stable-queue which might be from mka(a)chromium.org are queue-4.9/dm-ioctl-remove-double-parentheses.patch queue-4.9/genirq-use-cpumask_available-for-check-of-cpumask-variable.patch queue-4.9/fs-compat-remove-warning-from-compatible_ioctl.patch queue-4.9/selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch queue-4.9/pci-make-pci_rom_address_mask-a-32-bit-constant.patch queue-4.9/cpumask-add-helper-cpumask_available.patch

7 years, 2 months

1
0
0 0

Patch "netfilter: nf_nat_h323: fix logical-not-parentheses warning" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netfilter: nf_nat_h323: fix logical-not-parentheses warning to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netfilter-nf_nat_h323-fix-logical-not-parentheses-warning.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From eee6ebbac18a189ef33d25ea9b8bcae176515e49 Mon Sep 17 00:00:00 2001 From: Nick Desaulniers <ndesaulniers(a)google.com> Date: Fri, 11 Aug 2017 11:16:07 -0700 Subject: netfilter: nf_nat_h323: fix logical-not-parentheses warning From: Nick Desaulniers <ndesaulniers(a)google.com> commit eee6ebbac18a189ef33d25ea9b8bcae176515e49 upstream. Clang produces the following warning: net/ipv4/netfilter/nf_nat_h323.c:553:6: error: logical not is only applied to the left hand side of this comparison [-Werror,-Wlogical-not-parentheses] if (!set_h225_addr(skb, protoff, data, dataoff, taddr, ^ add parentheses after the '!' to evaluate the comparison first add parentheses around left hand side expression to silence this warning There's not necessarily a bug here, but it's cleaner to return early, ex: if (x) return ... rather than: if (x == 0) ... else return Also added a return code check that seemed to be missing in one instance. Signed-off-by: Nick Desaulniers <ndesaulniers(a)google.com> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/netfilter/nf_nat_h323.c | 57 ++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 27 deletions(-) --- a/net/ipv4/netfilter/nf_nat_h323.c +++ b/net/ipv4/netfilter/nf_nat_h323.c @@ -252,16 +252,16 @@ static int nat_rtp_rtcp(struct sk_buff * if (set_h245_addr(skb, protoff, data, dataoff, taddr, &ct->tuplehash[!dir].tuple.dst.u3, htons((port & htons(1)) ? nated_port + 1 : - nated_port)) == 0) { - /* Save ports */ - info->rtp_port[i][dir] = rtp_port; - info->rtp_port[i][!dir] = htons(nated_port); - } else { + nated_port))) { nf_ct_unexpect_related(rtp_exp); nf_ct_unexpect_related(rtcp_exp); return -1; } + /* Save ports */ + info->rtp_port[i][dir] = rtp_port; + info->rtp_port[i][!dir] = htons(nated_port); + /* Success */ pr_debug("nf_nat_h323: expect RTP %pI4:%hu->%pI4:%hu\n", &rtp_exp->tuple.src.u3.ip, @@ -370,15 +370,15 @@ static int nat_h245(struct sk_buff *skb, /* Modify signal */ if (set_h225_addr(skb, protoff, data, dataoff, taddr, &ct->tuplehash[!dir].tuple.dst.u3, - htons(nated_port)) == 0) { - /* Save ports */ - info->sig_port[dir] = port; - info->sig_port[!dir] = htons(nated_port); - } else { + htons(nated_port))) { nf_ct_unexpect_related(exp); return -1; } + /* Save ports */ + info->sig_port[dir] = port; + info->sig_port[!dir] = htons(nated_port); + pr_debug("nf_nat_q931: expect H.245 %pI4:%hu->%pI4:%hu\n", &exp->tuple.src.u3.ip, ntohs(exp->tuple.src.u.tcp.port), @@ -462,24 +462,27 @@ static int nat_q931(struct sk_buff *skb, /* Modify signal */ if (set_h225_addr(skb, protoff, data, 0, &taddr[idx], &ct->tuplehash[!dir].tuple.dst.u3, - htons(nated_port)) == 0) { - /* Save ports */ - info->sig_port[dir] = port; - info->sig_port[!dir] = htons(nated_port); - - /* Fix for Gnomemeeting */ - if (idx > 0 && - get_h225_addr(ct, *data, &taddr[0], &addr, &port) && - (ntohl(addr.ip) & 0xff000000) == 0x7f000000) { - set_h225_addr(skb, protoff, data, 0, &taddr[0], - &ct->tuplehash[!dir].tuple.dst.u3, - info->sig_port[!dir]); - } - } else { + htons(nated_port))) { nf_ct_unexpect_related(exp); return -1; } + /* Save ports */ + info->sig_port[dir] = port; + info->sig_port[!dir] = htons(nated_port); + + /* Fix for Gnomemeeting */ + if (idx > 0 && + get_h225_addr(ct, *data, &taddr[0], &addr, &port) && + (ntohl(addr.ip) & 0xff000000) == 0x7f000000) { + if (set_h225_addr(skb, protoff, data, 0, &taddr[0], + &ct->tuplehash[!dir].tuple.dst.u3, + info->sig_port[!dir])) { + nf_ct_unexpect_related(exp); + return -1; + } + } + /* Success */ pr_debug("nf_nat_ras: expect Q.931 %pI4:%hu->%pI4:%hu\n", &exp->tuple.src.u3.ip, @@ -550,9 +553,9 @@ static int nat_callforwarding(struct sk_ } /* Modify signal */ - if (!set_h225_addr(skb, protoff, data, dataoff, taddr, - &ct->tuplehash[!dir].tuple.dst.u3, - htons(nated_port)) == 0) { + if (set_h225_addr(skb, protoff, data, dataoff, taddr, + &ct->tuplehash[!dir].tuple.dst.u3, + htons(nated_port))) { nf_ct_unexpect_related(exp); return -1; } Patches currently in stable-queue which might be from ndesaulniers(a)google.com are queue-4.9/netfilter-nf_nat_h323-fix-logical-not-parentheses-warning.patch

7 years, 2 months

1
0
0 0

Patch "Input: mousedev - fix implicit conversion warning" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Input: mousedev - fix implicit conversion warning to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: input-mousedev-fix-implicit-conversion-warning.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From dae1a432ab1fe79ae53129ededeaece35a2dc14d Mon Sep 17 00:00:00 2001 From: Nick Desaulniers <nick.desaulniers(a)gmail.com> Date: Sat, 24 Jun 2017 22:50:12 -0700 Subject: Input: mousedev - fix implicit conversion warning From: Nick Desaulniers <nick.desaulniers(a)gmail.com> commit dae1a432ab1fe79ae53129ededeaece35a2dc14d upstream. Clang warns: drivers/input/mousedev.c:653:63: error: implicit conversion from 'int' to 'signed char' changes value from 200 to -56 [-Wconstant-conversion] client->ps2[1] = 0x60; client->ps2[2] = 3; client->ps2[3] = 200; ~ ^~~ As the PS2 data is really a stream of bytes, let's switch to using u8 type for it, which silences this warning. Signed-off-by: Nick Desaulniers <nick.desaulniers(a)gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/input/mousedev.c | 62 +++++++++++++++++++++++++---------------------- 1 file changed, 34 insertions(+), 28 deletions(-) --- a/drivers/input/mousedev.c +++ b/drivers/input/mousedev.c @@ -15,6 +15,7 @@ #define MOUSEDEV_MINORS 31 #define MOUSEDEV_MIX 63 +#include <linux/bitops.h> #include <linux/sched.h> #include <linux/slab.h> #include <linux/poll.h> @@ -103,7 +104,7 @@ struct mousedev_client { spinlock_t packet_lock; int pos_x, pos_y; - signed char ps2[6]; + u8 ps2[6]; unsigned char ready, buffer, bufsiz; unsigned char imexseq, impsseq; enum mousedev_emul mode; @@ -291,11 +292,10 @@ static void mousedev_notify_readers(stru } client->pos_x += packet->dx; - client->pos_x = client->pos_x < 0 ? - 0 : (client->pos_x >= xres ? xres : client->pos_x); + client->pos_x = clamp_val(client->pos_x, 0, xres); + client->pos_y += packet->dy; - client->pos_y = client->pos_y < 0 ? - 0 : (client->pos_y >= yres ? yres : client->pos_y); + client->pos_y = clamp_val(client->pos_y, 0, yres); p->dx += packet->dx; p->dy += packet->dy; @@ -571,44 +571,50 @@ static int mousedev_open(struct inode *i return error; } -static inline int mousedev_limit_delta(int delta, int limit) -{ - return delta > limit ? limit : (delta < -limit ? -limit : delta); -} - -static void mousedev_packet(struct mousedev_client *client, - signed char *ps2_data) +static void mousedev_packet(struct mousedev_client *client, u8 *ps2_data) { struct mousedev_motion *p = &client->packets[client->tail]; + s8 dx, dy, dz; + + dx = clamp_val(p->dx, -127, 127); + p->dx -= dx; + + dy = clamp_val(p->dy, -127, 127); + p->dy -= dy; - ps2_data[0] = 0x08 | - ((p->dx < 0) << 4) | ((p->dy < 0) << 5) | (p->buttons & 0x07); - ps2_data[1] = mousedev_limit_delta(p->dx, 127); - ps2_data[2] = mousedev_limit_delta(p->dy, 127); - p->dx -= ps2_data[1]; - p->dy -= ps2_data[2]; + ps2_data[0] = BIT(3); + ps2_data[0] |= ((dx & BIT(7)) >> 3) | ((dy & BIT(7)) >> 2); + ps2_data[0] |= p->buttons & 0x07; + ps2_data[1] = dx; + ps2_data[2] = dy; switch (client->mode) { case MOUSEDEV_EMUL_EXPS: - ps2_data[3] = mousedev_limit_delta(p->dz, 7); - p->dz -= ps2_data[3]; - ps2_data[3] = (ps2_data[3] & 0x0f) | ((p->buttons & 0x18) << 1); + dz = clamp_val(p->dz, -7, 7); + p->dz -= dz; + + ps2_data[3] = (dz & 0x0f) | ((p->buttons & 0x18) << 1); client->bufsiz = 4; break; case MOUSEDEV_EMUL_IMPS: - ps2_data[0] |= - ((p->buttons & 0x10) >> 3) | ((p->buttons & 0x08) >> 1); - ps2_data[3] = mousedev_limit_delta(p->dz, 127); - p->dz -= ps2_data[3]; + dz = clamp_val(p->dz, -127, 127); + p->dz -= dz; + + ps2_data[0] |= ((p->buttons & 0x10) >> 3) | + ((p->buttons & 0x08) >> 1); + ps2_data[3] = dz; + client->bufsiz = 4; break; case MOUSEDEV_EMUL_PS2: default: - ps2_data[0] |= - ((p->buttons & 0x10) >> 3) | ((p->buttons & 0x08) >> 1); p->dz = 0; + + ps2_data[0] |= ((p->buttons & 0x10) >> 3) | + ((p->buttons & 0x08) >> 1); + client->bufsiz = 3; break; } @@ -714,7 +720,7 @@ static ssize_t mousedev_read(struct file { struct mousedev_client *client = file->private_data; struct mousedev *mousedev = client->mousedev; - signed char data[sizeof(client->ps2)]; + u8 data[sizeof(client->ps2)]; int retval = 0; if (!client->ready && !client->buffer && mousedev->exist && Patches currently in stable-queue which might be from nick.desaulniers(a)gmail.com are queue-4.9/input-mousedev-fix-implicit-conversion-warning.patch

7 years, 2 months

1
0
0 0

Patch "genirq: Use cpumask_available() for check of cpumask variable" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled genirq: Use cpumask_available() for check of cpumask variable to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: genirq-use-cpumask_available-for-check-of-cpumask-variable.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From d170fe7dd992b313d4851ae5ab77ee7a51ed8c72 Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke <mka(a)chromium.org> Date: Wed, 12 Apr 2017 11:20:30 -0700 Subject: genirq: Use cpumask_available() for check of cpumask variable From: Matthias Kaehlcke <mka(a)chromium.org> commit d170fe7dd992b313d4851ae5ab77ee7a51ed8c72 upstream. This fixes the following clang warning when CONFIG_CPUMASK_OFFSTACK=n: kernel/irq/manage.c:839:28: error: address of array 'desc->irq_common_data.affinity' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Cc: Grant Grundler <grundler(a)chromium.org> Cc: Rusty Russell <rusty(a)rustcorp.com.au> Cc: Greg Hackmann <ghackmann(a)google.com> Cc: Michael Davidson <md(a)google.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Link: http://lkml.kernel.org/r/20170412182030.83657-2-mka@chromium.org Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/irq/manage.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/irq/manage.c +++ b/kernel/irq/manage.c @@ -850,7 +850,7 @@ irq_thread_check_affinity(struct irq_des * This code is triggered unconditionally. Check the affinity * mask pointer. For CPU_MASK_OFFSTACK=n this is optimized out. */ - if (desc->irq_common_data.affinity) + if (cpumask_available(desc->irq_common_data.affinity)) cpumask_copy(mask, desc->irq_common_data.affinity); else valid = false; Patches currently in stable-queue which might be from mka(a)chromium.org are queue-4.9/dm-ioctl-remove-double-parentheses.patch queue-4.9/genirq-use-cpumask_available-for-check-of-cpumask-variable.patch queue-4.9/fs-compat-remove-warning-from-compatible_ioctl.patch queue-4.9/selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch queue-4.9/pci-make-pci_rom_address_mask-a-32-bit-constant.patch queue-4.9/cpumask-add-helper-cpumask_available.patch

7 years, 2 months

1
0
0 0

Patch "fs: compat: Remove warning from COMPATIBLE_IOCTL" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled fs: compat: Remove warning from COMPATIBLE_IOCTL to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: fs-compat-remove-warning-from-compatible_ioctl.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9280cdd6fe5b8287a726d24cc1d558b96c8491d7 Mon Sep 17 00:00:00 2001 From: Mark Charlebois <charlebm(a)gmail.com> Date: Fri, 28 Apr 2017 15:15:12 -0700 Subject: fs: compat: Remove warning from COMPATIBLE_IOCTL From: Mark Charlebois <charlebm(a)gmail.com> commit 9280cdd6fe5b8287a726d24cc1d558b96c8491d7 upstream. cmd in COMPATIBLE_IOCTL is always a u32, so cast it so there isn't a warning about an overflow in XFORM. From: Mark Charlebois <charlebm(a)gmail.com> Signed-off-by: Mark Charlebois <charlebm(a)gmail.com> Signed-off-by: Behan Webster <behanw(a)converseincode.com> Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Acked-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/compat_ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c @@ -833,7 +833,7 @@ static int compat_ioctl_preallocate(stru */ #define XFORM(i) (((i) ^ ((i) << 27) ^ ((i) << 17)) & 0xffffffff) -#define COMPATIBLE_IOCTL(cmd) XFORM(cmd), +#define COMPATIBLE_IOCTL(cmd) XFORM((u32)cmd), /* ioctl should not be warned about even if it's not implemented. Valid reasons to use this: - It is implemented with ->compat_ioctl on some device, but programs Patches currently in stable-queue which might be from charlebm(a)gmail.com are queue-4.9/fs-compat-remove-warning-from-compatible_ioctl.patch

7 years, 2 months

1
0
0 0

Patch "dm ioctl: remove double parentheses" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dm ioctl: remove double parentheses to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dm-ioctl-remove-double-parentheses.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From e36215d87f301f9567c8c99fd34e6c3521a94ddf Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke <mka(a)chromium.org> Date: Mon, 17 Apr 2017 11:05:03 -0700 Subject: dm ioctl: remove double parentheses From: Matthias Kaehlcke <mka(a)chromium.org> commit e36215d87f301f9567c8c99fd34e6c3521a94ddf upstream. The extra pair of parantheses is not needed and causes clang to generate warnings about the DM_DEV_CREATE_CMD comparison in validate_params(). Also remove another double parentheses that doesn't cause a warning. Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/md/dm-ioctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1777,12 +1777,12 @@ static int validate_params(uint cmd, str cmd == DM_LIST_VERSIONS_CMD) return 0; - if ((cmd == DM_DEV_CREATE_CMD)) { + if (cmd == DM_DEV_CREATE_CMD) { if (!*param->name) { DMWARN("name not supplied when creating device"); return -EINVAL; } - } else if ((*param->uuid && *param->name)) { + } else if (*param->uuid && *param->name) { DMWARN("only supply one of name or uuid, cmd(%u)", cmd); return -EINVAL; } Patches currently in stable-queue which might be from mka(a)chromium.org are queue-4.9/dm-ioctl-remove-double-parentheses.patch queue-4.9/genirq-use-cpumask_available-for-check-of-cpumask-variable.patch queue-4.9/fs-compat-remove-warning-from-compatible_ioctl.patch queue-4.9/selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch queue-4.9/pci-make-pci_rom_address_mask-a-32-bit-constant.patch queue-4.9/cpumask-add-helper-cpumask_available.patch

7 years, 2 months

1
0
0 0

Patch "cpumask: Add helper cpumask_available()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cpumask: Add helper cpumask_available() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cpumask-add-helper-cpumask_available.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From f7e30f01a9e221067bb4b579e3cfc25cd2617467 Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke <mka(a)chromium.org> Date: Wed, 12 Apr 2017 11:20:29 -0700 Subject: cpumask: Add helper cpumask_available() From: Matthias Kaehlcke <mka(a)chromium.org> commit f7e30f01a9e221067bb4b579e3cfc25cd2617467 upstream. With CONFIG_CPUMASK_OFFSTACK=y cpumask_var_t is a struct cpumask pointer, otherwise a struct cpumask array with a single element. Some code dealing with cpumasks needs to validate that a cpumask_var_t is not a NULL pointer when CONFIG_CPUMASK_OFFSTACK=y. This is typically done by performing the check always, regardless of the underlying type of cpumask_var_t. This works in both cases, however clang raises a warning like this when CONFIG_CPUMASK_OFFSTACK=n: kernel/irq/manage.c:839:28: error: address of array 'desc->irq_common_data.affinity' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] Add the inline helper cpumask_available() which only performs the pointer check if CONFIG_CPUMASK_OFFSTACK=y. Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Cc: Grant Grundler <grundler(a)chromium.org> Cc: Rusty Russell <rusty(a)rustcorp.com.au> Cc: Greg Hackmann <ghackmann(a)google.com> Cc: Michael Davidson <md(a)google.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Link: http://lkml.kernel.org/r/20170412182030.83657-1-mka@chromium.org Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/linux/cpumask.h | 10 ++++++++++ 1 file changed, 10 insertions(+) --- a/include/linux/cpumask.h +++ b/include/linux/cpumask.h @@ -680,6 +680,11 @@ void alloc_bootmem_cpumask_var(cpumask_v void free_cpumask_var(cpumask_var_t mask); void free_bootmem_cpumask_var(cpumask_var_t mask); +static inline bool cpumask_available(cpumask_var_t mask) +{ + return mask != NULL; +} + #else typedef struct cpumask cpumask_var_t[1]; @@ -720,6 +725,11 @@ static inline void free_cpumask_var(cpum static inline void free_bootmem_cpumask_var(cpumask_var_t mask) { } + +static inline bool cpumask_available(cpumask_var_t mask) +{ + return true; +} #endif /* CONFIG_CPUMASK_OFFSTACK */ /* It's common to want to use cpu_all_mask in struct member initializers, Patches currently in stable-queue which might be from mka(a)chromium.org are queue-4.9/dm-ioctl-remove-double-parentheses.patch queue-4.9/genirq-use-cpumask_available-for-check-of-cpumask-variable.patch queue-4.9/fs-compat-remove-warning-from-compatible_ioctl.patch queue-4.9/selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch queue-4.9/pci-make-pci_rom_address_mask-a-32-bit-constant.patch queue-4.9/cpumask-add-helper-cpumask_available.patch

7 years, 2 months

1
0
0 0

[PATCH] drm/amdgpu/si: implement get/set pcie_lanes asic callback

by Alex Deucher

Required for dpm setup on some asics. Fixes a NULL dereference on asics that require it. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=102553 Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/si.c | 67 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/drivers/gpu/drm/amd/amdgpu/si.c b/drivers/gpu/drm/amd/amdgpu/si.c index 775cacfe9917..c364ef94cc36 100644 --- a/drivers/gpu/drm/amd/amdgpu/si.c +++ b/drivers/gpu/drm/amd/amdgpu/si.c @@ -1258,6 +1258,71 @@ static bool si_need_full_reset(struct amdgpu_device *adev) return true; } +static int si_get_pcie_lanes(struct amdgpu_device *adev) +{ + u32 link_width_cntl; + + if (adev->flags & AMD_IS_APU) + return 0; + + link_width_cntl = RREG32_PCIE_PORT(PCIE_LC_LINK_WIDTH_CNTL); + + switch ((link_width_cntl & LC_LINK_WIDTH_RD_MASK) >> LC_LINK_WIDTH_RD_SHIFT) { + case LC_LINK_WIDTH_X1: + return 1; + case LC_LINK_WIDTH_X2: + return 2; + case LC_LINK_WIDTH_X4: + return 4; + case LC_LINK_WIDTH_X8: + return 8; + case LC_LINK_WIDTH_X0: + case LC_LINK_WIDTH_X16: + default: + return 16; + } +} + +static void si_set_pcie_lanes(struct amdgpu_device *adev, int lanes) +{ + u32 link_width_cntl, mask; + + if (adev->flags & AMD_IS_APU) + return; + + switch (lanes) { + case 0: + mask = LC_LINK_WIDTH_X0; + break; + case 1: + mask = LC_LINK_WIDTH_X1; + break; + case 2: + mask = LC_LINK_WIDTH_X2; + break; + case 4: + mask = LC_LINK_WIDTH_X4; + break; + case 8: + mask = LC_LINK_WIDTH_X8; + break; + case 16: + mask = LC_LINK_WIDTH_X16; + break; + default: + DRM_ERROR("invalid pcie lane request: %d\n", lanes); + return; + } + + link_width_cntl = RREG32_PCIE_PORT(PCIE_LC_LINK_WIDTH_CNTL); + link_width_cntl &= ~LC_LINK_WIDTH_MASK; + link_width_cntl |= mask << LC_LINK_WIDTH_SHIFT; + link_width_cntl |= (LC_RECONFIG_NOW | + LC_RECONFIG_ARC_MISSING_ESCAPE); + + WREG32_PCIE_PORT(PCIE_LC_LINK_WIDTH_CNTL, link_width_cntl); +} + static const struct amdgpu_asic_funcs si_asic_funcs = { .read_disabled_bios = &si_read_disabled_bios, @@ -1268,6 +1333,8 @@ static const struct amdgpu_asic_funcs si_asic_funcs = .get_xclk = &si_get_xclk, .set_uvd_clocks = &si_set_uvd_clocks, .set_vce_clocks = NULL, + .get_pcie_lanes = &si_get_pcie_lanes, + .set_pcie_lanes = &si_set_pcie_lanes, .get_config_memsize = &si_get_config_memsize, .flush_hdp = &si_flush_hdp, .invalidate_hdp = &si_invalidate_hdp, -- 2.13.6

7 years, 2 months

2
1
0 0

Patch "selinux: Remove unnecessary check of array base in selinux_set_mapping()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled selinux: Remove unnecessary check of array base in selinux_set_mapping() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 342e91578eb6909529bc7095964cd44b9c057c4e Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke <mka(a)chromium.org> Date: Thu, 16 Mar 2017 15:26:52 -0700 Subject: selinux: Remove unnecessary check of array base in selinux_set_mapping() From: Matthias Kaehlcke <mka(a)chromium.org> commit 342e91578eb6909529bc7095964cd44b9c057c4e upstream. 'perms' will never be NULL since it isn't a plain pointer but an array of u32 values. This fixes the following warning when building with clang: security/selinux/ss/services.c:158:16: error: address of array 'p_in->perms' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] while (p_in->perms && p_in->perms[k]) { Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Paul Moore <paul(a)paul-moore.com> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- security/selinux/ss/services.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -155,7 +155,7 @@ static int selinux_set_mapping(struct po } k = 0; - while (p_in->perms && p_in->perms[k]) { + while (p_in->perms[k]) { /* An empty permission string skips ahead */ if (!*p_in->perms[k]) { k++; Patches currently in stable-queue which might be from mka(a)chromium.org are queue-4.4/dm-ioctl-remove-double-parentheses.patch queue-4.4/genirq-use-cpumask_available-for-check-of-cpumask-variable.patch queue-4.4/fs-compat-remove-warning-from-compatible_ioctl.patch queue-4.4/selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch queue-4.4/pci-make-pci_rom_address_mask-a-32-bit-constant.patch queue-4.4/cpumask-add-helper-cpumask_available.patch

7 years, 2 months

1
0
0 0

Patch "PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: pci-make-pci_rom_address_mask-a-32-bit-constant.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 76dc52684d0f72971d9f6cc7d5ae198061b715bd Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke <mka(a)chromium.org> Date: Fri, 14 Apr 2017 13:38:02 -0700 Subject: PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant From: Matthias Kaehlcke <mka(a)chromium.org> commit 76dc52684d0f72971d9f6cc7d5ae198061b715bd upstream. A 64-bit value is not needed since a PCI ROM address consists in 32 bits. This fixes a clang warning about "implicit conversion from 'unsigned long' to 'u32'". Also remove now unnecessary casts to u32 from __pci_read_base() and pci_std_update_resource(). Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/pci/probe.c | 2 +- drivers/pci/setup-res.c | 2 +- include/uapi/linux/pci_regs.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -230,7 +230,7 @@ int __pci_read_base(struct pci_dev *dev, res->flags |= IORESOURCE_ROM_ENABLE; l64 = l & PCI_ROM_ADDRESS_MASK; sz64 = sz & PCI_ROM_ADDRESS_MASK; - mask64 = (u32)PCI_ROM_ADDRESS_MASK; + mask64 = PCI_ROM_ADDRESS_MASK; } if (res->flags & IORESOURCE_MEM_64) { --- a/drivers/pci/setup-res.c +++ b/drivers/pci/setup-res.c @@ -63,7 +63,7 @@ static void pci_std_update_resource(stru mask = (u32)PCI_BASE_ADDRESS_IO_MASK; new |= res->flags & ~PCI_BASE_ADDRESS_IO_MASK; } else if (resno == PCI_ROM_RESOURCE) { - mask = (u32)PCI_ROM_ADDRESS_MASK; + mask = PCI_ROM_ADDRESS_MASK; } else { mask = (u32)PCI_BASE_ADDRESS_MEM_MASK; new |= res->flags & ~PCI_BASE_ADDRESS_MEM_MASK; --- a/include/uapi/linux/pci_regs.h +++ b/include/uapi/linux/pci_regs.h @@ -106,7 +106,7 @@ #define PCI_SUBSYSTEM_ID 0x2e #define PCI_ROM_ADDRESS 0x30 /* Bits 31..11 are address, 10..1 reserved */ #define PCI_ROM_ADDRESS_ENABLE 0x01 -#define PCI_ROM_ADDRESS_MASK (~0x7ffUL) +#define PCI_ROM_ADDRESS_MASK (~0x7ffU) #define PCI_CAPABILITY_LIST 0x34 /* Offset of first capability list entry */ Patches currently in stable-queue which might be from mka(a)chromium.org are queue-4.4/dm-ioctl-remove-double-parentheses.patch queue-4.4/genirq-use-cpumask_available-for-check-of-cpumask-variable.patch queue-4.4/fs-compat-remove-warning-from-compatible_ioctl.patch queue-4.4/selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch queue-4.4/pci-make-pci_rom_address_mask-a-32-bit-constant.patch queue-4.4/cpumask-add-helper-cpumask_available.patch

7 years, 2 months

1
0
0 0

Patch "netfilter: nf_nat_h323: fix logical-not-parentheses warning" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netfilter: nf_nat_h323: fix logical-not-parentheses warning to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netfilter-nf_nat_h323-fix-logical-not-parentheses-warning.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From eee6ebbac18a189ef33d25ea9b8bcae176515e49 Mon Sep 17 00:00:00 2001 From: Nick Desaulniers <ndesaulniers(a)google.com> Date: Fri, 11 Aug 2017 11:16:07 -0700 Subject: netfilter: nf_nat_h323: fix logical-not-parentheses warning From: Nick Desaulniers <ndesaulniers(a)google.com> commit eee6ebbac18a189ef33d25ea9b8bcae176515e49 upstream. Clang produces the following warning: net/ipv4/netfilter/nf_nat_h323.c:553:6: error: logical not is only applied to the left hand side of this comparison [-Werror,-Wlogical-not-parentheses] if (!set_h225_addr(skb, protoff, data, dataoff, taddr, ^ add parentheses after the '!' to evaluate the comparison first add parentheses around left hand side expression to silence this warning There's not necessarily a bug here, but it's cleaner to return early, ex: if (x) return ... rather than: if (x == 0) ... else return Also added a return code check that seemed to be missing in one instance. Signed-off-by: Nick Desaulniers <ndesaulniers(a)google.com> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/netfilter/nf_nat_h323.c | 57 ++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 27 deletions(-) --- a/net/ipv4/netfilter/nf_nat_h323.c +++ b/net/ipv4/netfilter/nf_nat_h323.c @@ -252,16 +252,16 @@ static int nat_rtp_rtcp(struct sk_buff * if (set_h245_addr(skb, protoff, data, dataoff, taddr, &ct->tuplehash[!dir].tuple.dst.u3, htons((port & htons(1)) ? nated_port + 1 : - nated_port)) == 0) { - /* Save ports */ - info->rtp_port[i][dir] = rtp_port; - info->rtp_port[i][!dir] = htons(nated_port); - } else { + nated_port))) { nf_ct_unexpect_related(rtp_exp); nf_ct_unexpect_related(rtcp_exp); return -1; } + /* Save ports */ + info->rtp_port[i][dir] = rtp_port; + info->rtp_port[i][!dir] = htons(nated_port); + /* Success */ pr_debug("nf_nat_h323: expect RTP %pI4:%hu->%pI4:%hu\n", &rtp_exp->tuple.src.u3.ip, @@ -370,15 +370,15 @@ static int nat_h245(struct sk_buff *skb, /* Modify signal */ if (set_h225_addr(skb, protoff, data, dataoff, taddr, &ct->tuplehash[!dir].tuple.dst.u3, - htons(nated_port)) == 0) { - /* Save ports */ - info->sig_port[dir] = port; - info->sig_port[!dir] = htons(nated_port); - } else { + htons(nated_port))) { nf_ct_unexpect_related(exp); return -1; } + /* Save ports */ + info->sig_port[dir] = port; + info->sig_port[!dir] = htons(nated_port); + pr_debug("nf_nat_q931: expect H.245 %pI4:%hu->%pI4:%hu\n", &exp->tuple.src.u3.ip, ntohs(exp->tuple.src.u.tcp.port), @@ -462,24 +462,27 @@ static int nat_q931(struct sk_buff *skb, /* Modify signal */ if (set_h225_addr(skb, protoff, data, 0, &taddr[idx], &ct->tuplehash[!dir].tuple.dst.u3, - htons(nated_port)) == 0) { - /* Save ports */ - info->sig_port[dir] = port; - info->sig_port[!dir] = htons(nated_port); - - /* Fix for Gnomemeeting */ - if (idx > 0 && - get_h225_addr(ct, *data, &taddr[0], &addr, &port) && - (ntohl(addr.ip) & 0xff000000) == 0x7f000000) { - set_h225_addr(skb, protoff, data, 0, &taddr[0], - &ct->tuplehash[!dir].tuple.dst.u3, - info->sig_port[!dir]); - } - } else { + htons(nated_port))) { nf_ct_unexpect_related(exp); return -1; } + /* Save ports */ + info->sig_port[dir] = port; + info->sig_port[!dir] = htons(nated_port); + + /* Fix for Gnomemeeting */ + if (idx > 0 && + get_h225_addr(ct, *data, &taddr[0], &addr, &port) && + (ntohl(addr.ip) & 0xff000000) == 0x7f000000) { + if (set_h225_addr(skb, protoff, data, 0, &taddr[0], + &ct->tuplehash[!dir].tuple.dst.u3, + info->sig_port[!dir])) { + nf_ct_unexpect_related(exp); + return -1; + } + } + /* Success */ pr_debug("nf_nat_ras: expect Q.931 %pI4:%hu->%pI4:%hu\n", &exp->tuple.src.u3.ip, @@ -550,9 +553,9 @@ static int nat_callforwarding(struct sk_ } /* Modify signal */ - if (!set_h225_addr(skb, protoff, data, dataoff, taddr, - &ct->tuplehash[!dir].tuple.dst.u3, - htons(nated_port)) == 0) { + if (set_h225_addr(skb, protoff, data, dataoff, taddr, + &ct->tuplehash[!dir].tuple.dst.u3, + htons(nated_port))) { nf_ct_unexpect_related(exp); return -1; } Patches currently in stable-queue which might be from ndesaulniers(a)google.com are queue-4.4/netfilter-nf_nat_h323-fix-logical-not-parentheses-warning.patch

7 years, 2 months

1
0
0 0

Patch "Input: mousedev - fix implicit conversion warning" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Input: mousedev - fix implicit conversion warning to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: input-mousedev-fix-implicit-conversion-warning.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From dae1a432ab1fe79ae53129ededeaece35a2dc14d Mon Sep 17 00:00:00 2001 From: Nick Desaulniers <nick.desaulniers(a)gmail.com> Date: Sat, 24 Jun 2017 22:50:12 -0700 Subject: Input: mousedev - fix implicit conversion warning From: Nick Desaulniers <nick.desaulniers(a)gmail.com> commit dae1a432ab1fe79ae53129ededeaece35a2dc14d upstream. Clang warns: drivers/input/mousedev.c:653:63: error: implicit conversion from 'int' to 'signed char' changes value from 200 to -56 [-Wconstant-conversion] client->ps2[1] = 0x60; client->ps2[2] = 3; client->ps2[3] = 200; ~ ^~~ As the PS2 data is really a stream of bytes, let's switch to using u8 type for it, which silences this warning. Signed-off-by: Nick Desaulniers <nick.desaulniers(a)gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/input/mousedev.c | 62 +++++++++++++++++++++++++---------------------- 1 file changed, 34 insertions(+), 28 deletions(-) --- a/drivers/input/mousedev.c +++ b/drivers/input/mousedev.c @@ -15,6 +15,7 @@ #define MOUSEDEV_MINORS 31 #define MOUSEDEV_MIX 63 +#include <linux/bitops.h> #include <linux/sched.h> #include <linux/slab.h> #include <linux/poll.h> @@ -103,7 +104,7 @@ struct mousedev_client { spinlock_t packet_lock; int pos_x, pos_y; - signed char ps2[6]; + u8 ps2[6]; unsigned char ready, buffer, bufsiz; unsigned char imexseq, impsseq; enum mousedev_emul mode; @@ -291,11 +292,10 @@ static void mousedev_notify_readers(stru } client->pos_x += packet->dx; - client->pos_x = client->pos_x < 0 ? - 0 : (client->pos_x >= xres ? xres : client->pos_x); + client->pos_x = clamp_val(client->pos_x, 0, xres); + client->pos_y += packet->dy; - client->pos_y = client->pos_y < 0 ? - 0 : (client->pos_y >= yres ? yres : client->pos_y); + client->pos_y = clamp_val(client->pos_y, 0, yres); p->dx += packet->dx; p->dy += packet->dy; @@ -571,44 +571,50 @@ static int mousedev_open(struct inode *i return error; } -static inline int mousedev_limit_delta(int delta, int limit) -{ - return delta > limit ? limit : (delta < -limit ? -limit : delta); -} - -static void mousedev_packet(struct mousedev_client *client, - signed char *ps2_data) +static void mousedev_packet(struct mousedev_client *client, u8 *ps2_data) { struct mousedev_motion *p = &client->packets[client->tail]; + s8 dx, dy, dz; + + dx = clamp_val(p->dx, -127, 127); + p->dx -= dx; + + dy = clamp_val(p->dy, -127, 127); + p->dy -= dy; - ps2_data[0] = 0x08 | - ((p->dx < 0) << 4) | ((p->dy < 0) << 5) | (p->buttons & 0x07); - ps2_data[1] = mousedev_limit_delta(p->dx, 127); - ps2_data[2] = mousedev_limit_delta(p->dy, 127); - p->dx -= ps2_data[1]; - p->dy -= ps2_data[2]; + ps2_data[0] = BIT(3); + ps2_data[0] |= ((dx & BIT(7)) >> 3) | ((dy & BIT(7)) >> 2); + ps2_data[0] |= p->buttons & 0x07; + ps2_data[1] = dx; + ps2_data[2] = dy; switch (client->mode) { case MOUSEDEV_EMUL_EXPS: - ps2_data[3] = mousedev_limit_delta(p->dz, 7); - p->dz -= ps2_data[3]; - ps2_data[3] = (ps2_data[3] & 0x0f) | ((p->buttons & 0x18) << 1); + dz = clamp_val(p->dz, -7, 7); + p->dz -= dz; + + ps2_data[3] = (dz & 0x0f) | ((p->buttons & 0x18) << 1); client->bufsiz = 4; break; case MOUSEDEV_EMUL_IMPS: - ps2_data[0] |= - ((p->buttons & 0x10) >> 3) | ((p->buttons & 0x08) >> 1); - ps2_data[3] = mousedev_limit_delta(p->dz, 127); - p->dz -= ps2_data[3]; + dz = clamp_val(p->dz, -127, 127); + p->dz -= dz; + + ps2_data[0] |= ((p->buttons & 0x10) >> 3) | + ((p->buttons & 0x08) >> 1); + ps2_data[3] = dz; + client->bufsiz = 4; break; case MOUSEDEV_EMUL_PS2: default: - ps2_data[0] |= - ((p->buttons & 0x10) >> 3) | ((p->buttons & 0x08) >> 1); p->dz = 0; + + ps2_data[0] |= ((p->buttons & 0x10) >> 3) | + ((p->buttons & 0x08) >> 1); + client->bufsiz = 3; break; } @@ -714,7 +720,7 @@ static ssize_t mousedev_read(struct file { struct mousedev_client *client = file->private_data; struct mousedev *mousedev = client->mousedev; - signed char data[sizeof(client->ps2)]; + u8 data[sizeof(client->ps2)]; int retval = 0; if (!client->ready && !client->buffer && mousedev->exist && Patches currently in stable-queue which might be from nick.desaulniers(a)gmail.com are queue-4.4/input-mousedev-fix-implicit-conversion-warning.patch

7 years, 2 months

1
0
0 0

Patch "genirq: Use cpumask_available() for check of cpumask variable" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled genirq: Use cpumask_available() for check of cpumask variable to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: genirq-use-cpumask_available-for-check-of-cpumask-variable.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From d170fe7dd992b313d4851ae5ab77ee7a51ed8c72 Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke <mka(a)chromium.org> Date: Wed, 12 Apr 2017 11:20:30 -0700 Subject: genirq: Use cpumask_available() for check of cpumask variable From: Matthias Kaehlcke <mka(a)chromium.org> commit d170fe7dd992b313d4851ae5ab77ee7a51ed8c72 upstream. This fixes the following clang warning when CONFIG_CPUMASK_OFFSTACK=n: kernel/irq/manage.c:839:28: error: address of array 'desc->irq_common_data.affinity' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Cc: Grant Grundler <grundler(a)chromium.org> Cc: Rusty Russell <rusty(a)rustcorp.com.au> Cc: Greg Hackmann <ghackmann(a)google.com> Cc: Michael Davidson <md(a)google.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Link: http://lkml.kernel.org/r/20170412182030.83657-2-mka@chromium.org Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/irq/manage.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/irq/manage.c +++ b/kernel/irq/manage.c @@ -836,7 +836,7 @@ irq_thread_check_affinity(struct irq_des * This code is triggered unconditionally. Check the affinity * mask pointer. For CPU_MASK_OFFSTACK=n this is optimized out. */ - if (desc->irq_common_data.affinity) + if (cpumask_available(desc->irq_common_data.affinity)) cpumask_copy(mask, desc->irq_common_data.affinity); else valid = false; Patches currently in stable-queue which might be from mka(a)chromium.org are queue-4.4/dm-ioctl-remove-double-parentheses.patch queue-4.4/genirq-use-cpumask_available-for-check-of-cpumask-variable.patch queue-4.4/fs-compat-remove-warning-from-compatible_ioctl.patch queue-4.4/selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch queue-4.4/pci-make-pci_rom_address_mask-a-32-bit-constant.patch queue-4.4/cpumask-add-helper-cpumask_available.patch

7 years, 2 months

1
0
0 0

Patch "fs: compat: Remove warning from COMPATIBLE_IOCTL" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled fs: compat: Remove warning from COMPATIBLE_IOCTL to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: fs-compat-remove-warning-from-compatible_ioctl.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9280cdd6fe5b8287a726d24cc1d558b96c8491d7 Mon Sep 17 00:00:00 2001 From: Mark Charlebois <charlebm(a)gmail.com> Date: Fri, 28 Apr 2017 15:15:12 -0700 Subject: fs: compat: Remove warning from COMPATIBLE_IOCTL From: Mark Charlebois <charlebm(a)gmail.com> commit 9280cdd6fe5b8287a726d24cc1d558b96c8491d7 upstream. cmd in COMPATIBLE_IOCTL is always a u32, so cast it so there isn't a warning about an overflow in XFORM. From: Mark Charlebois <charlebm(a)gmail.com> Signed-off-by: Mark Charlebois <charlebm(a)gmail.com> Signed-off-by: Behan Webster <behanw(a)converseincode.com> Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Acked-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/compat_ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c @@ -811,7 +811,7 @@ static int compat_ioctl_preallocate(stru */ #define XFORM(i) (((i) ^ ((i) << 27) ^ ((i) << 17)) & 0xffffffff) -#define COMPATIBLE_IOCTL(cmd) XFORM(cmd), +#define COMPATIBLE_IOCTL(cmd) XFORM((u32)cmd), /* ioctl should not be warned about even if it's not implemented. Valid reasons to use this: - It is implemented with ->compat_ioctl on some device, but programs Patches currently in stable-queue which might be from charlebm(a)gmail.com are queue-4.4/fs-compat-remove-warning-from-compatible_ioctl.patch

7 years, 2 months

1
0
0 0

Patch "dm ioctl: remove double parentheses" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dm ioctl: remove double parentheses to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dm-ioctl-remove-double-parentheses.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From e36215d87f301f9567c8c99fd34e6c3521a94ddf Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke <mka(a)chromium.org> Date: Mon, 17 Apr 2017 11:05:03 -0700 Subject: dm ioctl: remove double parentheses From: Matthias Kaehlcke <mka(a)chromium.org> commit e36215d87f301f9567c8c99fd34e6c3521a94ddf upstream. The extra pair of parantheses is not needed and causes clang to generate warnings about the DM_DEV_CREATE_CMD comparison in validate_params(). Also remove another double parentheses that doesn't cause a warning. Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/md/dm-ioctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1773,12 +1773,12 @@ static int validate_params(uint cmd, str cmd == DM_LIST_VERSIONS_CMD) return 0; - if ((cmd == DM_DEV_CREATE_CMD)) { + if (cmd == DM_DEV_CREATE_CMD) { if (!*param->name) { DMWARN("name not supplied when creating device"); return -EINVAL; } - } else if ((*param->uuid && *param->name)) { + } else if (*param->uuid && *param->name) { DMWARN("only supply one of name or uuid, cmd(%u)", cmd); return -EINVAL; } Patches currently in stable-queue which might be from mka(a)chromium.org are queue-4.4/dm-ioctl-remove-double-parentheses.patch queue-4.4/genirq-use-cpumask_available-for-check-of-cpumask-variable.patch queue-4.4/fs-compat-remove-warning-from-compatible_ioctl.patch queue-4.4/selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch queue-4.4/pci-make-pci_rom_address_mask-a-32-bit-constant.patch queue-4.4/cpumask-add-helper-cpumask_available.patch

7 years, 2 months

1
0
0 0

Patch "cpumask: Add helper cpumask_available()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cpumask: Add helper cpumask_available() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: cpumask-add-helper-cpumask_available.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From f7e30f01a9e221067bb4b579e3cfc25cd2617467 Mon Sep 17 00:00:00 2001 From: Matthias Kaehlcke <mka(a)chromium.org> Date: Wed, 12 Apr 2017 11:20:29 -0700 Subject: cpumask: Add helper cpumask_available() From: Matthias Kaehlcke <mka(a)chromium.org> commit f7e30f01a9e221067bb4b579e3cfc25cd2617467 upstream. With CONFIG_CPUMASK_OFFSTACK=y cpumask_var_t is a struct cpumask pointer, otherwise a struct cpumask array with a single element. Some code dealing with cpumasks needs to validate that a cpumask_var_t is not a NULL pointer when CONFIG_CPUMASK_OFFSTACK=y. This is typically done by performing the check always, regardless of the underlying type of cpumask_var_t. This works in both cases, however clang raises a warning like this when CONFIG_CPUMASK_OFFSTACK=n: kernel/irq/manage.c:839:28: error: address of array 'desc->irq_common_data.affinity' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] Add the inline helper cpumask_available() which only performs the pointer check if CONFIG_CPUMASK_OFFSTACK=y. Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> Cc: Grant Grundler <grundler(a)chromium.org> Cc: Rusty Russell <rusty(a)rustcorp.com.au> Cc: Greg Hackmann <ghackmann(a)google.com> Cc: Michael Davidson <md(a)google.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Link: http://lkml.kernel.org/r/20170412182030.83657-1-mka@chromium.org Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/linux/cpumask.h | 10 ++++++++++ 1 file changed, 10 insertions(+) --- a/include/linux/cpumask.h +++ b/include/linux/cpumask.h @@ -661,6 +661,11 @@ void alloc_bootmem_cpumask_var(cpumask_v void free_cpumask_var(cpumask_var_t mask); void free_bootmem_cpumask_var(cpumask_var_t mask); +static inline bool cpumask_available(cpumask_var_t mask) +{ + return mask != NULL; +} + #else typedef struct cpumask cpumask_var_t[1]; @@ -701,6 +706,11 @@ static inline void free_cpumask_var(cpum static inline void free_bootmem_cpumask_var(cpumask_var_t mask) { } + +static inline bool cpumask_available(cpumask_var_t mask) +{ + return true; +} #endif /* CONFIG_CPUMASK_OFFSTACK */ /* It's common to want to use cpu_all_mask in struct member initializers, Patches currently in stable-queue which might be from mka(a)chromium.org are queue-4.4/dm-ioctl-remove-double-parentheses.patch queue-4.4/genirq-use-cpumask_available-for-check-of-cpumask-variable.patch queue-4.4/fs-compat-remove-warning-from-compatible_ioctl.patch queue-4.4/selinux-remove-unnecessary-check-of-array-base-in-selinux_set_mapping.patch queue-4.4/pci-make-pci_rom_address_mask-a-32-bit-constant.patch queue-4.4/cpumask-add-helper-cpumask_available.patch

7 years, 2 months

1
0
0 0

Patch "writeback: fix the wrong congested state variable definition" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled writeback: fix the wrong congested state variable definition to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: writeback-fix-the-wrong-congested-state-variable-definition.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c877ef8ae7b8edaedccad0fc8c23d4d1de7e2480 Mon Sep 17 00:00:00 2001 From: Kaixu Xia <xiakaixu(a)huawei.com> Date: Thu, 31 Mar 2016 13:19:41 +0000 Subject: writeback: fix the wrong congested state variable definition From: Kaixu Xia <xiakaixu(a)huawei.com> commit c877ef8ae7b8edaedccad0fc8c23d4d1de7e2480 upstream. The right variable definition should be wb_congested_state that include WB_async_congested and WB_sync_congested. So fix it. Signed-off-by: Kaixu Xia <xiakaixu(a)huawei.com> Acked-by: Tejun Heo <tj(a)kernel.org> Signed-off-by: Jens Axboe <axboe(a)fb.com> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- mm/backing-dev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/mm/backing-dev.c +++ b/mm/backing-dev.c @@ -922,7 +922,7 @@ static atomic_t nr_wb_congested[2]; void clear_wb_congested(struct bdi_writeback_congested *congested, int sync) { wait_queue_head_t *wqh = &congestion_wqh[sync]; - enum wb_state bit; + enum wb_congested_state bit; bit = sync ? WB_sync_congested : WB_async_congested; if (test_and_clear_bit(bit, &congested->state)) @@ -935,7 +935,7 @@ EXPORT_SYMBOL(clear_wb_congested); void set_wb_congested(struct bdi_writeback_congested *congested, int sync) { - enum wb_state bit; + enum wb_congested_state bit; bit = sync ? WB_sync_congested : WB_async_congested; if (!test_and_set_bit(bit, &congested->state)) Patches currently in stable-queue which might be from xiakaixu(a)huawei.com are queue-4.4/writeback-fix-the-wrong-congested-state-variable-definition.patch

7 years, 2 months

1
0
0 0

Patch "ACPI, PCI, irq: remove redundant check for null string pointer" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ACPI, PCI, irq: remove redundant check for null string pointer to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: acpi-pci-irq-remove-redundant-check-for-null-string-pointer.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 45288978859119c019eff93f0cb838a0de100bcc Mon Sep 17 00:00:00 2001 From: Colin Ian King <colin.king(a)canonical.com> Date: Tue, 5 Jan 2016 10:57:11 +0000 Subject: ACPI, PCI, irq: remove redundant check for null string pointer From: Colin Ian King <colin.king(a)canonical.com> commit 45288978859119c019eff93f0cb838a0de100bcc upstream. source is decleared as a 4 byte char array in struct acpi_pci_routing_table so !prt->source is a redundant null string pointer check. Detected with smatch: drivers/acpi/pci_irq.c:134 do_prt_fixups() warn: this array is probably non-NULL. 'prt->source' Signed-off-by: Colin Ian King <colin.king(a)canonical.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Cc: Nathan Chancellor <natechancellor(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/acpi/pci_irq.c | 3 --- 1 file changed, 3 deletions(-) --- a/drivers/acpi/pci_irq.c +++ b/drivers/acpi/pci_irq.c @@ -131,9 +131,6 @@ static void do_prt_fixups(struct acpi_pr quirk = &prt_quirks[i]; /* All current quirks involve link devices, not GSIs */ - if (!prt->source) - continue; - if (dmi_check_system(quirk->system) && entry->id.segment == quirk->segment && entry->id.bus == quirk->bus && Patches currently in stable-queue which might be from colin.king(a)canonical.com are queue-4.4/acpi-pci-irq-remove-redundant-check-for-null-string-pointer.patch

7 years, 2 months

1
0
0 0

Re: 4.14.28 crash on tcp_push

by Pavlos Parissis

On 20/03/2018 01:25 μμ, Pavlos Parissis wrote: > On 20/03/2018 01:01 μμ, Pavlos Parissis wrote: >> Hi, >> >> We were upgrading a production system from 4.14.20 to 4.14.28 and we got the following crash and I >> was wondering if anyone has seen similar crash: > > According to https://www.spinics.net/lists/netdev/msg490330.html the > https://patchwork.ozlabs.org/patch/886324/ should have fixed it, but it is not in 4.14.2[678] releases. > > Cheers, > Pavlos > I can confirm that kernel version 4.14.32 resolves the issue. Thanks, Pavlos

7 years, 2 months

1
0
0 0

[PATCH 1/2] drm/radeon: Fix PCIe lane width calculation

by Alex Deucher

From: Paul Parsons <lost.distance(a)yahoo.com> Two years ago I tried an AMD Radeon E8860 embedded GPU with the drm driver. The dmesg output included driver warnings about an invalid PCIe lane width. Tracking the problem back led to si_set_pcie_lane_width_in_smc(). The calculation of the lane widths via ATOM_PPLIB_PCIE_LINK_WIDTH_MASK and ATOM_PPLIB_PCIE_LINK_WIDTH_SHIFT macros did not increment the resulting value, per the comment in pptable.h ("lanes - 1"), and per usage elsewhere. Applying the increment silenced the warnings. The code has not changed since, so either my analysis was incorrect or the bug has gone unnoticed. Hence submitting this as an RFC. Signed-off-by: Paul Parsons <lost.distance(a)yahoo.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/radeon/si_dpm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/radeon/si_dpm.c b/drivers/gpu/drm/radeon/si_dpm.c index 97a0a639dad9..90d5b41007bf 100644 --- a/drivers/gpu/drm/radeon/si_dpm.c +++ b/drivers/gpu/drm/radeon/si_dpm.c @@ -5912,9 +5912,9 @@ static void si_set_pcie_lane_width_in_smc(struct radeon_device *rdev, { u32 lane_width; u32 new_lane_width = - (radeon_new_state->caps & ATOM_PPLIB_PCIE_LINK_WIDTH_MASK) >> ATOM_PPLIB_PCIE_LINK_WIDTH_SHIFT; + ((radeon_new_state->caps & ATOM_PPLIB_PCIE_LINK_WIDTH_MASK) >> ATOM_PPLIB_PCIE_LINK_WIDTH_SHIFT) + 1; u32 current_lane_width = - (radeon_current_state->caps & ATOM_PPLIB_PCIE_LINK_WIDTH_MASK) >> ATOM_PPLIB_PCIE_LINK_WIDTH_SHIFT; + ((radeon_current_state->caps & ATOM_PPLIB_PCIE_LINK_WIDTH_MASK) >> ATOM_PPLIB_PCIE_LINK_WIDTH_SHIFT) + 1; if (new_lane_width != current_lane_width) { radeon_set_pcie_lanes(rdev, new_lane_width); -- 2.13.6

7 years, 2 months

3
3
0 0

[PATCH] Bluetooth: Fix connection if directed advertising and privacy is used

by Szymon Janc

Local random address needs to be updated before creating connection if RPA from LE Direct Advertising Report was resolved in host. Otherwise remote device might ignore connection request due to address mismatch. This was affecting following qualification test cases: GAP/CONN/SCEP/BV-03-C, GAP/CONN/GCEP/BV-05-C, GAP/CONN/DCEP/BV-05-C Before patch: < HCI Command: LE Set Random Address (0x08|0x0005) plen 6 #11350 [hci0] 84680.231216 Address: 56:BC:E8:24:11:68 (Resolvable) Identity type: Random (0x01) Identity: F2:F1:06:3D:9C:42 (Static) > HCI Event: Command Complete (0x0e) plen 4 #11351 [hci0] 84680.246022 LE Set Random Address (0x08|0x0005) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 #11352 [hci0] 84680.246417 Type: Passive (0x00) Interval: 60.000 msec (0x0060) Window: 30.000 msec (0x0030) Own address type: Random (0x01) Filter policy: Accept all advertisement, inc. directed unresolved RPA (0x02) > HCI Event: Command Complete (0x0e) plen 4 #11353 [hci0] 84680.248854 LE Set Scan Parameters (0x08|0x000b) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #11354 [hci0] 84680.249466 Scanning: Enabled (0x01) Filter duplicates: Enabled (0x01) > HCI Event: Command Complete (0x0e) plen 4 #11355 [hci0] 84680.253222 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 18 #11356 [hci0] 84680.458387 LE Direct Advertising Report (0x0b) Num reports: 1 Event type: Connectable directed - ADV_DIRECT_IND (0x01) Address type: Random (0x01) Address: 53:38:DA:46:8C:45 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Direct address type: Random (0x01) Direct address: 7C:D6:76:8C:DF:82 (Resolvable) Identity type: Random (0x01) Identity: F2:F1:06:3D:9C:42 (Static) RSSI: -74 dBm (0xb6) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #11357 [hci0] 84680.458737 Scanning: Disabled (0x00) Filter duplicates: Disabled (0x00) > HCI Event: Command Complete (0x0e) plen 4 #11358 [hci0] 84680.469982 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) < HCI Command: LE Create Connection (0x08|0x000d) plen 25 #11359 [hci0] 84680.470444 Scan interval: 60.000 msec (0x0060) Scan window: 60.000 msec (0x0060) Filter policy: White list is not used (0x00) Peer address type: Random (0x01) Peer address: 53:38:DA:46:8C:45 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Own address type: Random (0x01) Min connection interval: 30.00 msec (0x0018) Max connection interval: 50.00 msec (0x0028) Connection latency: 0 (0x0000) Supervision timeout: 420 msec (0x002a) Min connection length: 0.000 msec (0x0000) Max connection length: 0.000 msec (0x0000) > HCI Event: Command Status (0x0f) plen 4 #11360 [hci0] 84680.474971 LE Create Connection (0x08|0x000d) ncmd 1 Status: Success (0x00) < HCI Command: LE Create Connection Cancel (0x08|0x000e) plen 0 #11361 [hci0] 84682.545385 > HCI Event: Command Complete (0x0e) plen 4 #11362 [hci0] 84682.551014 LE Create Connection Cancel (0x08|0x000e) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 19 #11363 [hci0] 84682.551074 LE Connection Complete (0x01) Status: Unknown Connection Identifier (0x02) Handle: 0 Role: Master (0x00) Peer address type: Public (0x00) Peer address: 00:00:00:00:00:00 (OUI 00-00-00) Connection interval: 0.00 msec (0x0000) Connection latency: 0 (0x0000) Supervision timeout: 0 msec (0x0000) Master clock accuracy: 0x00 After patch: < HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 #210 [hci0] 667.152459 Type: Passive (0x00) Interval: 60.000 msec (0x0060) Window: 30.000 msec (0x0030) Own address type: Random (0x01) Filter policy: Accept all advertisement, inc. directed unresolved RPA (0x02) > HCI Event: Command Complete (0x0e) plen 4 #211 [hci0] 667.153613 LE Set Scan Parameters (0x08|0x000b) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #212 [hci0] 667.153704 Scanning: Enabled (0x01) Filter duplicates: Enabled (0x01) > HCI Event: Command Complete (0x0e) plen 4 #213 [hci0] 667.154584 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 18 #214 [hci0] 667.182619 LE Direct Advertising Report (0x0b) Num reports: 1 Event type: Connectable directed - ADV_DIRECT_IND (0x01) Address type: Random (0x01) Address: 50:52:D9:A6:48:A0 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Direct address type: Random (0x01) Direct address: 7C:C1:57:A5:B7:A8 (Resolvable) Identity type: Random (0x01) Identity: F4:28:73:5D:38:B0 (Static) RSSI: -70 dBm (0xba) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #215 [hci0] 667.182704 Scanning: Disabled (0x00) Filter duplicates: Disabled (0x00) > HCI Event: Command Complete (0x0e) plen 4 #216 [hci0] 667.183599 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Random Address (0x08|0x0005) plen 6 #217 [hci0] 667.183645 Address: 7C:C1:57:A5:B7:A8 (Resolvable) Identity type: Random (0x01) Identity: F4:28:73:5D:38:B0 (Static) > HCI Event: Command Complete (0x0e) plen 4 #218 [hci0] 667.184590 LE Set Random Address (0x08|0x0005) ncmd 1 Status: Success (0x00) < HCI Command: LE Create Connection (0x08|0x000d) plen 25 #219 [hci0] 667.184613 Scan interval: 60.000 msec (0x0060) Scan window: 60.000 msec (0x0060) Filter policy: White list is not used (0x00) Peer address type: Random (0x01) Peer address: 50:52:D9:A6:48:A0 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Own address type: Random (0x01) Min connection interval: 30.00 msec (0x0018) Max connection interval: 50.00 msec (0x0028) Connection latency: 0 (0x0000) Supervision timeout: 420 msec (0x002a) Min connection length: 0.000 msec (0x0000) Max connection length: 0.000 msec (0x0000) > HCI Event: Command Status (0x0f) plen 4 #220 [hci0] 667.186558 LE Create Connection (0x08|0x000d) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 19 #221 [hci0] 667.485824 LE Connection Complete (0x01) Status: Success (0x00) Handle: 0 Role: Master (0x00) Peer address type: Random (0x01) Peer address: 50:52:D9:A6:48:A0 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Connection interval: 50.00 msec (0x0028) Connection latency: 0 (0x0000) Supervision timeout: 420 msec (0x002a) Master clock accuracy: 0x07 @ MGMT Event: Device Connected (0x000b) plen 13 {0x0002} [hci0] 667.485996 LE Address: 11:22:33:44:55:66 (OUI 11-22-33) Flags: 0x00000000 Data length: 0 Signed-off-by: Szymon Janc <szymon.janc(a)codecoup.pl> Cc: stable(a)vger.kernel.org --- include/net/bluetooth/hci_core.h | 2 +- net/bluetooth/hci_conn.c | 29 +++++++++++++++++++++-------- net/bluetooth/hci_event.c | 9 ++++++--- net/bluetooth/l2cap_core.c | 2 +- 4 files changed, 29 insertions(+), 13 deletions(-) diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 95ccc1eef558..b619a190ff12 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h @@ -895,7 +895,7 @@ struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, u16 conn_timeout); struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, u8 dst_type, u8 sec_level, u16 conn_timeout, - u8 role); + u8 role, bdaddr_t *direct_rpa); struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, u8 sec_level, u8 auth_type); struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index a9682534c377..45ff5dc124cc 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -749,18 +749,31 @@ static bool conn_use_rpa(struct hci_conn *conn) } static void hci_req_add_le_create_conn(struct hci_request *req, - struct hci_conn *conn) + struct hci_conn *conn, + bdaddr_t *direct_rpa) { struct hci_cp_le_create_conn cp; struct hci_dev *hdev = conn->hdev; u8 own_addr_type; - /* Update random address, but set require_privacy to false so - * that we never connect with an non-resolvable address. + /* If direct address was provided we use it instead of current + * address. */ - if (hci_update_random_address(req, false, conn_use_rpa(conn), - &own_addr_type)) - return; + if (direct_rpa) { + if (bacmp(&req->hdev->random_addr, direct_rpa)) + hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, + direct_rpa); + + /* direct address is always RPA */ + own_addr_type = ADDR_LE_DEV_RANDOM; + } else { + /* Update random address, but set require_privacy to false so + * that we never connect with an non-resolvable address. + */ + if (hci_update_random_address(req, false, conn_use_rpa(conn), + &own_addr_type)) + return; + } memset(&cp, 0, sizeof(cp)); @@ -825,7 +838,7 @@ static void hci_req_directed_advertising(struct hci_request *req, struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, u8 dst_type, u8 sec_level, u16 conn_timeout, - u8 role) + u8 role, bdaddr_t *direct_rpa) { struct hci_conn_params *params; struct hci_conn *conn; @@ -940,7 +953,7 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, hci_dev_set_flag(hdev, HCI_LE_SCAN_INTERRUPTED); } - hci_req_add_le_create_conn(&req, conn); + hci_req_add_le_create_conn(&req, conn, direct_rpa); create_conn: err = hci_req_run(&req, create_le_conn_complete); diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index cd3bbb766c24..4d3f19e86bee 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -4648,7 +4648,8 @@ static void hci_le_conn_update_complete_evt(struct hci_dev *hdev, /* This function requires the caller holds hdev->lock */ static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr, - u8 addr_type, u8 adv_type) + u8 addr_type, u8 adv_type, + bdaddr_t *direct_rpa) { struct hci_conn *conn; struct hci_conn_params *params; @@ -4699,7 +4700,8 @@ static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, } conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW, - HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER); + HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER, + direct_rpa); if (!IS_ERR(conn)) { /* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned * by higher layer that tried to connect, if no then @@ -4809,7 +4811,8 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr, } /* Check if we have been requested to connect to this device */ - conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type); + conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type, + direct_addr); if (conn && type == LE_ADV_IND) { /* Store report for later inclusion by * mgmt_device_connected diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index fc6615d59165..9b7907ebfa01 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -7156,7 +7156,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, hcon = hci_connect_le(hdev, dst, dst_type, chan->sec_level, HCI_LE_CONN_TIMEOUT, - HCI_ROLE_SLAVE); + HCI_ROLE_SLAVE, NULL); else hcon = hci_connect_le_scan(hdev, dst, dst_type, chan->sec_level, -- 2.14.3

7 years, 2 months

2
1
0 0

Patch "kprobes/x86: Fix to set RWX bits correctly before releasing trampoline" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled kprobes/x86: Fix to set RWX bits correctly before releasing trampoline to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: kprobes-x86-fix-to-set-rwx-bits-correctly-before-releasing-trampoline.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c93f5cf571e7795f97d49ef51b766cf25e328545 Mon Sep 17 00:00:00 2001 From: Masami Hiramatsu <mhiramat(a)kernel.org> Date: Thu, 25 May 2017 19:38:17 +0900 Subject: kprobes/x86: Fix to set RWX bits correctly before releasing trampoline From: Masami Hiramatsu <mhiramat(a)kernel.org> commit c93f5cf571e7795f97d49ef51b766cf25e328545 upstream. Fix kprobes to set(recover) RWX bits correctly on trampoline buffer before releasing it. Releasing readonly page to module_memfree() crash the kernel. Without this fix, if kprobes user register a bunch of kprobes in function body (since kprobes on function entry usually use ftrace) and unregister it, kernel hits a BUG and crash. Link: http://lkml.kernel.org/r/149570868652.3518.14120169373590420503.stgit@devbox Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Fixes: d0381c81c2f7 ("kprobes/x86: Set kprobes pages read-only") Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/kprobes/core.c | 9 +++++++++ kernel/kprobes.c | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) --- a/arch/x86/kernel/kprobes/core.c +++ b/arch/x86/kernel/kprobes/core.c @@ -51,6 +51,7 @@ #include <linux/ftrace.h> #include <linux/frame.h> #include <linux/kasan.h> +#include <linux/moduleloader.h> #include <asm/text-patching.h> #include <asm/cacheflush.h> @@ -405,6 +406,14 @@ int __copy_instruction(u8 *dest, u8 *src return length; } +/* Recover page to RW mode before releasing it */ +void free_insn_page(void *page) +{ + set_memory_nx((unsigned long)page & PAGE_MASK, 1); + set_memory_rw((unsigned long)page & PAGE_MASK, 1); + module_memfree(page); +} + static int arch_copy_kprobe(struct kprobe *p) { int ret; --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -125,7 +125,7 @@ static void *alloc_insn_page(void) return module_alloc(PAGE_SIZE); } -static void free_insn_page(void *page) +void __weak free_insn_page(void *page) { module_memfree(page); } Patches currently in stable-queue which might be from mhiramat(a)kernel.org are queue-4.9/kprobes-x86-fix-to-set-rwx-bits-correctly-before-releasing-trampoline.patch

7 years, 2 months

1
0
0 0

Patch "kprobes/x86: Fix to set RWX bits correctly before releasing trampoline" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled kprobes/x86: Fix to set RWX bits correctly before releasing trampoline to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: kprobes-x86-fix-to-set-rwx-bits-correctly-before-releasing-trampoline.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c93f5cf571e7795f97d49ef51b766cf25e328545 Mon Sep 17 00:00:00 2001 From: Masami Hiramatsu <mhiramat(a)kernel.org> Date: Thu, 25 May 2017 19:38:17 +0900 Subject: kprobes/x86: Fix to set RWX bits correctly before releasing trampoline From: Masami Hiramatsu <mhiramat(a)kernel.org> commit c93f5cf571e7795f97d49ef51b766cf25e328545 upstream. Fix kprobes to set(recover) RWX bits correctly on trampoline buffer before releasing it. Releasing readonly page to module_memfree() crash the kernel. Without this fix, if kprobes user register a bunch of kprobes in function body (since kprobes on function entry usually use ftrace) and unregister it, kernel hits a BUG and crash. Link: http://lkml.kernel.org/r/149570868652.3518.14120169373590420503.stgit@devbox Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Fixes: d0381c81c2f7 ("kprobes/x86: Set kprobes pages read-only") Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/kprobes/core.c | 9 +++++++++ kernel/kprobes.c | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) --- a/arch/x86/kernel/kprobes/core.c +++ b/arch/x86/kernel/kprobes/core.c @@ -49,6 +49,7 @@ #include <linux/kdebug.h> #include <linux/kallsyms.h> #include <linux/ftrace.h> +#include <linux/moduleloader.h> #include <asm/cacheflush.h> #include <asm/desc.h> @@ -402,6 +403,14 @@ int __copy_instruction(u8 *dest, u8 *src return length; } +/* Recover page to RW mode before releasing it */ +void free_insn_page(void *page) +{ + set_memory_nx((unsigned long)page & PAGE_MASK, 1); + set_memory_rw((unsigned long)page & PAGE_MASK, 1); + module_memfree(page); +} + static int arch_copy_kprobe(struct kprobe *p) { int ret; --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -125,7 +125,7 @@ static void *alloc_insn_page(void) return module_alloc(PAGE_SIZE); } -static void free_insn_page(void *page) +void __weak free_insn_page(void *page) { module_memfree(page); } Patches currently in stable-queue which might be from mhiramat(a)kernel.org are queue-4.4/kprobes-x86-fix-to-set-rwx-bits-correctly-before-releasing-trampoline.patch

7 years, 2 months

1
0
0 0

Patch "kprobes/x86: Fix to set RWX bits correctly before releasing trampoline" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled kprobes/x86: Fix to set RWX bits correctly before releasing trampoline to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: kprobes-x86-fix-to-set-rwx-bits-correctly-before-releasing-trampoline.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c93f5cf571e7795f97d49ef51b766cf25e328545 Mon Sep 17 00:00:00 2001 From: Masami Hiramatsu <mhiramat(a)kernel.org> Date: Thu, 25 May 2017 19:38:17 +0900 Subject: kprobes/x86: Fix to set RWX bits correctly before releasing trampoline From: Masami Hiramatsu <mhiramat(a)kernel.org> commit c93f5cf571e7795f97d49ef51b766cf25e328545 upstream. Fix kprobes to set(recover) RWX bits correctly on trampoline buffer before releasing it. Releasing readonly page to module_memfree() crash the kernel. Without this fix, if kprobes user register a bunch of kprobes in function body (since kprobes on function entry usually use ftrace) and unregister it, kernel hits a BUG and crash. Link: http://lkml.kernel.org/r/149570868652.3518.14120169373590420503.stgit@devbox Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Fixes: d0381c81c2f7 ("kprobes/x86: Set kprobes pages read-only") Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/kernel/kprobes/core.c | 9 +++++++++ kernel/kprobes.c | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) --- a/arch/x86/kernel/kprobes/core.c +++ b/arch/x86/kernel/kprobes/core.c @@ -49,6 +49,7 @@ #include <linux/kdebug.h> #include <linux/kallsyms.h> #include <linux/ftrace.h> +#include <linux/moduleloader.h> #include <asm/cacheflush.h> #include <asm/desc.h> @@ -374,6 +375,14 @@ int __copy_instruction(u8 *dest, u8 *src return length; } +/* Recover page to RW mode before releasing it */ +void free_insn_page(void *page) +{ + set_memory_nx((unsigned long)page & PAGE_MASK, 1); + set_memory_rw((unsigned long)page & PAGE_MASK, 1); + vfree(page); +} + static int arch_copy_kprobe(struct kprobe *p) { int ret; --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -125,7 +125,7 @@ static void *alloc_insn_page(void) return module_alloc(PAGE_SIZE); } -static void free_insn_page(void *page) +void __weak free_insn_page(void *page) { module_free(NULL, page); } Patches currently in stable-queue which might be from mhiramat(a)kernel.org are queue-3.18/tracing-probeevent-fix-to-support-minus-offset-from-symbol.patch queue-3.18/kprobes-x86-fix-to-set-rwx-bits-correctly-before-releasing-trampoline.patch

7 years, 2 months

1
0
0 0

Two patches request for 3.18 stable

by Wang Han

When going through the tree, I found some of the patches are backported incorrectly and they have been fixed on 4.4. So I would like to request these 2 patches from 4.4 stable to get ported to 3.18: Revert "led: core: Fix brightness setting when setting delay_off=0" (https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/com…) xhci: Fix ring leak in failure path of xhci_alloc_virt_device() (https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/com…) Thanks. Wang

7 years, 2 months

2
1
0 0

Patch "xhci: Fix ring leak in failure path of xhci_alloc_virt_device()" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xhci: Fix ring leak in failure path of xhci_alloc_virt_device() to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xhci-fix-ring-leak-in-failure-path-of-xhci_alloc_virt_device.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3ae43090f13b7f6b6a8d4f4889727d2db4e81dd8 Mon Sep 17 00:00:00 2001 From: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Date: Thu, 11 Jan 2018 17:01:36 +0000 Subject: xhci: Fix ring leak in failure path of xhci_alloc_virt_device() From: Ben Hutchings <ben.hutchings(a)codethink.co.uk> This is a stable-only fix for the backport of commit 5d9b70f7d52e ("xhci: Don't add a virt_dev to the devs array before it's fully allocated"). In branches that predate commit c5628a2af83a ("xhci: remove endpoint ring cache") there is an additional failure path in xhci_alloc_virt_device() where ring cache allocation fails, in which case we need to free the ring allocated for endpoint 0. Signed-off-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Cc: Mathias Nyman <mathias.nyman(a)intel.com> Cc: Wang Han <wanghan1995315(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/xhci-mem.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -1032,7 +1032,8 @@ int xhci_alloc_virt_device(struct xhci_h return 1; fail: - + if (dev->eps[0].ring) + xhci_ring_free(xhci, dev->eps[0].ring); if (dev->in_ctx) xhci_free_container_ctx(xhci, dev->in_ctx); if (dev->out_ctx) Patches currently in stable-queue which might be from ben.hutchings(a)codethink.co.uk are queue-3.18/netlink-avoid-a-double-skb-free-in-genlmsg_mcast.patch queue-3.18/revert-led-core-fix-brightness-setting-when-setting-delay_off-0.patch queue-3.18/xhci-fix-ring-leak-in-failure-path-of-xhci_alloc_virt_device.patch

7 years, 2 months

1
0
0 0

Patch "Revert "led: core: Fix brightness setting when setting delay_off=0"" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Revert "led: core: Fix brightness setting when setting delay_off=0" to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: revert-led-core-fix-brightness-setting-when-setting-delay_off-0.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3f3437fbb2d8f780e84f507282d03facb4ccf248 Mon Sep 17 00:00:00 2001 From: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Date: Thu, 8 Mar 2018 15:59:07 +0000 Subject: Revert "led: core: Fix brightness setting when setting delay_off=0" From: Ben Hutchings <ben.hutchings(a)codethink.co.uk> This reverts commit 20f6d9c2af33da892a0e03ffd6249c7ab81edfb7, which was commit 2b83ff96f51d0b039c4561b9f95c824d7bddb85c upstream. The bug that it should fix was only introduced in Linux 4.7, and in 4.4 it causes a regression. Reported-by: Jacek Anaszewski <jacek.anaszewski(a)gmail.com> Cc: Matthieu CASTET <matthieu.castet(a)parrot.com> Signed-off-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Cc: Wang Han <wanghan1995315(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/leds/led-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/leds/led-core.c +++ b/drivers/leds/led-core.c @@ -76,7 +76,7 @@ void led_blink_set(struct led_classdev * unsigned long *delay_on, unsigned long *delay_off) { - led_stop_software_blink(led_cdev); + del_timer_sync(&led_cdev->blink_timer); led_cdev->flags &= ~LED_BLINK_ONESHOT; led_cdev->flags &= ~LED_BLINK_ONESHOT_STOP; Patches currently in stable-queue which might be from ben.hutchings(a)codethink.co.uk are queue-3.18/netlink-avoid-a-double-skb-free-in-genlmsg_mcast.patch queue-3.18/revert-led-core-fix-brightness-setting-when-setting-delay_off-0.patch queue-3.18/xhci-fix-ring-leak-in-failure-path-of-xhci_alloc_virt_device.patch

7 years, 2 months

1
0
0 0

Patch "usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-gadget-fix-usb_ep_align_maybe-endianness-and-new-usb_ep_align.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 16b114a6d7973cf027e4c2b23eae1076eaf98c25 Mon Sep 17 00:00:00 2001 From: "Felipe F. Tonello" <eu(a)felipetonello.com> Date: Mon, 8 Aug 2016 21:30:04 +0100 Subject: usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align From: Felipe F. Tonello <eu(a)felipetonello.com> commit 16b114a6d7973cf027e4c2b23eae1076eaf98c25 upstream. USB spec specifies wMaxPacketSize to be little endian (as other properties), so when using this variable in the driver we should convert to the current CPU endianness if necessary. This patch also introduces usb_ep_align() which does always returns the aligned buffer size for an endpoint. This is useful to be used by USB requests allocator functions. Signed-off-by: Felipe F. Tonello <eu(a)felipetonello.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/linux/usb/gadget.h | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) --- a/include/linux/usb/gadget.h +++ b/include/linux/usb/gadget.h @@ -663,8 +663,20 @@ static inline struct usb_gadget *dev_to_ list_for_each_entry(tmp, &(gadget)->ep_list, ep_list) /** + * usb_ep_align - returns @len aligned to ep's maxpacketsize. + * @ep: the endpoint whose maxpacketsize is used to align @len + * @len: buffer size's length to align to @ep's maxpacketsize + * + * This helper is used to align buffer's size to an ep's maxpacketsize. + */ +static inline size_t usb_ep_align(struct usb_ep *ep, size_t len) +{ + return round_up(len, (size_t)le16_to_cpu(ep->desc->wMaxPacketSize)); +} + +/** * usb_ep_align_maybe - returns @len aligned to ep's maxpacketsize if gadget - * requires quirk_ep_out_aligned_size, otherwise reguens len. + * requires quirk_ep_out_aligned_size, otherwise returns len. * @g: controller to check for quirk * @ep: the endpoint whose maxpacketsize is used to align @len * @len: buffer size's length to align to @ep's maxpacketsize @@ -675,8 +687,7 @@ static inline struct usb_gadget *dev_to_ static inline size_t usb_ep_align_maybe(struct usb_gadget *g, struct usb_ep *ep, size_t len) { - return !g->quirk_ep_out_aligned_size ? len : - round_up(len, (size_t)ep->desc->wMaxPacketSize); + return g->quirk_ep_out_aligned_size ? usb_ep_align(ep, len) : len; } /** Patches currently in stable-queue which might be from eu(a)felipetonello.com are queue-4.4/usb-gadget-change-len-to-size_t-on-alloc_ep_req.patch queue-4.4/usb-gadget-define-free_ep_req-as-universal-function.patch queue-4.4/usb-gadget-fix-usb_ep_align_maybe-endianness-and-new-usb_ep_align.patch queue-4.4/usb-gadget-align-buffer-size-when-allocating-for-out-endpoint.patch

7 years, 2 months

1
0
0 0

Patch "usb: gadget: f_hid: fix: Prevent accessing released memory" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: f_hid: fix: Prevent accessing released memory to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-gadget-f_hid-fix-prevent-accessing-released-memory.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From aa65d11aa008f4de58a9cee7e121666d9d68505e Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak <kopasiak90(a)gmail.com> Date: Thu, 19 Jan 2017 18:55:28 +0100 Subject: usb: gadget: f_hid: fix: Prevent accessing released memory From: Krzysztof Opasiak <kopasiak90(a)gmail.com> commit aa65d11aa008f4de58a9cee7e121666d9d68505e upstream. When we unlock our spinlock to copy data to user we may get disabled by USB host and free the whole list of completed out requests including the one from which we are copying the data to user memory. To prevent from this let's remove our working element from the list and place it back only if there is sth left when we finish with it. Fixes: 99c515005857 ("usb: gadget: hidg: register OUT INT endpoint for SET_REPORT") Cc: stable(a)vger.kernel.org Tested-by: David Lechner <david(a)lechnology.com> Signed-off-by: Krzysztof Opasiak <k.opasiak(a)samsung.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Cc: Jerry Zhang <zhangjerry(a)google.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/gadget/function/f_hid.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) --- a/drivers/usb/gadget/function/f_hid.c +++ b/drivers/usb/gadget/function/f_hid.c @@ -223,6 +223,13 @@ static ssize_t f_hidg_read(struct file * /* pick the first one */ list = list_first_entry(&hidg->completed_out_req, struct f_hidg_req_list, list); + + /* + * Remove this from list to protect it from beign free() + * while host disables our function + */ + list_del(&list->list); + req = list->req; count = min_t(unsigned int, count, req->actual - list->pos); spin_unlock_irqrestore(&hidg->spinlock, flags); @@ -238,15 +245,20 @@ static ssize_t f_hidg_read(struct file * * call, taking into account its current read position. */ if (list->pos == req->actual) { - spin_lock_irqsave(&hidg->spinlock, flags); - list_del(&list->list); kfree(list); - spin_unlock_irqrestore(&hidg->spinlock, flags); req->length = hidg->report_length; ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL); - if (ret < 0) + if (ret < 0) { + free_ep_req(hidg->out_ep, req); return ret; + } + } else { + spin_lock_irqsave(&hidg->spinlock, flags); + list_add(&list->list, &hidg->completed_out_req); + spin_unlock_irqrestore(&hidg->spinlock, flags); + + wake_up(&hidg->read_queue); } return count; @@ -490,14 +502,18 @@ static void hidg_disable(struct usb_func { struct f_hidg *hidg = func_to_hidg(f); struct f_hidg_req_list *list, *next; + unsigned long flags; usb_ep_disable(hidg->in_ep); usb_ep_disable(hidg->out_ep); + spin_lock_irqsave(&hidg->spinlock, flags); list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) { + free_ep_req(hidg->out_ep, list->req); list_del(&list->list); kfree(list); } + spin_unlock_irqrestore(&hidg->spinlock, flags); } static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt) Patches currently in stable-queue which might be from kopasiak90(a)gmail.com are queue-4.4/usb-gadget-f_hid-fix-prevent-accessing-released-memory.patch

7 years, 2 months

1
0
0 0

Patch "usb: gadget: define free_ep_req as universal function" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: define free_ep_req as universal function to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-gadget-define-free_ep_req-as-universal-function.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 079fe5a6da616891cca1a26e803e1df2a87e9ae5 Mon Sep 17 00:00:00 2001 From: "Felipe F. Tonello" <eu(a)felipetonello.com> Date: Tue, 10 Nov 2015 17:52:05 +0000 Subject: usb: gadget: define free_ep_req as universal function From: Felipe F. Tonello <eu(a)felipetonello.com> commit 079fe5a6da616891cca1a26e803e1df2a87e9ae5 upstream. This function is shared between gadget functions, so this avoid unnecessary duplicated code and potentially avoid memory leaks. Reviewed-by: Robert Baldyga <r.baldyga(a)samsung.com> Signed-off-by: Felipe F. Tonello <eu(a)felipetonello.com> Signed-off-by: Felipe Balbi <balbi(a)ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/gadget/function/f_midi.c | 6 ------ drivers/usb/gadget/function/f_sourcesink.c | 6 ------ drivers/usb/gadget/function/g_zero.h | 1 - drivers/usb/gadget/u_f.c | 1 - drivers/usb/gadget/u_f.h | 10 ++++++++-- 5 files changed, 8 insertions(+), 16 deletions(-) --- a/drivers/usb/gadget/function/f_midi.c +++ b/drivers/usb/gadget/function/f_midi.c @@ -201,12 +201,6 @@ static inline struct usb_request *midi_a return alloc_ep_req(ep, length, length); } -static void free_ep_req(struct usb_ep *ep, struct usb_request *req) -{ - kfree(req->buf); - usb_ep_free_request(ep, req); -} - static const uint8_t f_midi_cin_length[] = { 0, 0, 2, 3, 3, 1, 2, 3, 3, 3, 3, 3, 2, 2, 3, 1 }; --- a/drivers/usb/gadget/function/f_sourcesink.c +++ b/drivers/usb/gadget/function/f_sourcesink.c @@ -303,12 +303,6 @@ static inline struct usb_request *ss_all return alloc_ep_req(ep, len, ss->buflen); } -void free_ep_req(struct usb_ep *ep, struct usb_request *req) -{ - kfree(req->buf); - usb_ep_free_request(ep, req); -} - static void disable_ep(struct usb_composite_dev *cdev, struct usb_ep *ep) { int value; --- a/drivers/usb/gadget/function/g_zero.h +++ b/drivers/usb/gadget/function/g_zero.h @@ -59,7 +59,6 @@ void lb_modexit(void); int lb_modinit(void); /* common utilities */ -void free_ep_req(struct usb_ep *ep, struct usb_request *req); void disable_endpoints(struct usb_composite_dev *cdev, struct usb_ep *in, struct usb_ep *out, struct usb_ep *iso_in, struct usb_ep *iso_out); --- a/drivers/usb/gadget/u_f.c +++ b/drivers/usb/gadget/u_f.c @@ -11,7 +11,6 @@ * published by the Free Software Foundation. */ -#include <linux/usb/gadget.h> #include "u_f.h" struct usb_request *alloc_ep_req(struct usb_ep *ep, int len, int default_len) --- a/drivers/usb/gadget/u_f.h +++ b/drivers/usb/gadget/u_f.h @@ -16,6 +16,8 @@ #ifndef __U_F_H__ #define __U_F_H__ +#include <linux/usb/gadget.h> + /* Variable Length Array Macros **********************************************/ #define vla_group(groupname) size_t groupname##__next = 0 #define vla_group_size(groupname) groupname##__next @@ -45,8 +47,12 @@ struct usb_ep; struct usb_request; +/* Requests allocated via alloc_ep_req() must be freed by free_ep_req(). */ struct usb_request *alloc_ep_req(struct usb_ep *ep, int len, int default_len); +static inline void free_ep_req(struct usb_ep *ep, struct usb_request *req) +{ + kfree(req->buf); + usb_ep_free_request(ep, req); +} #endif /* __U_F_H__ */ - - Patches currently in stable-queue which might be from eu(a)felipetonello.com are queue-4.4/usb-gadget-change-len-to-size_t-on-alloc_ep_req.patch queue-4.4/usb-gadget-define-free_ep_req-as-universal-function.patch queue-4.4/usb-gadget-fix-usb_ep_align_maybe-endianness-and-new-usb_ep_align.patch queue-4.4/usb-gadget-align-buffer-size-when-allocating-for-out-endpoint.patch

7 years, 2 months

1
0
0 0

Patch "usb: gadget: change len to size_t on alloc_ep_req()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: change len to size_t on alloc_ep_req() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-gadget-change-len-to-size_t-on-alloc_ep_req.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 69bb99738b5c6d56d2b1a75db9cbb4d187453c1a Mon Sep 17 00:00:00 2001 From: "Felipe F. Tonello" <eu(a)felipetonello.com> Date: Mon, 8 Aug 2016 21:30:05 +0100 Subject: usb: gadget: change len to size_t on alloc_ep_req() From: Felipe F. Tonello <eu(a)felipetonello.com> commit 69bb99738b5c6d56d2b1a75db9cbb4d187453c1a upstream. Length of buffers should be of type size_t whenever possible. Altough recommended, this change has no real practical change, unless a driver has a uses a huge or negative buffer size - it might help find these bugs. Signed-off-by: Felipe F. Tonello <eu(a)felipetonello.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/gadget/u_f.c | 2 +- drivers/usb/gadget/u_f.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/drivers/usb/gadget/u_f.c +++ b/drivers/usb/gadget/u_f.c @@ -13,7 +13,7 @@ #include "u_f.h" -struct usb_request *alloc_ep_req(struct usb_ep *ep, int len, int default_len) +struct usb_request *alloc_ep_req(struct usb_ep *ep, size_t len, int default_len) { struct usb_request *req; --- a/drivers/usb/gadget/u_f.h +++ b/drivers/usb/gadget/u_f.h @@ -48,7 +48,7 @@ struct usb_ep; struct usb_request; /* Requests allocated via alloc_ep_req() must be freed by free_ep_req(). */ -struct usb_request *alloc_ep_req(struct usb_ep *ep, int len, int default_len); +struct usb_request *alloc_ep_req(struct usb_ep *ep, size_t len, int default_len); static inline void free_ep_req(struct usb_ep *ep, struct usb_request *req) { kfree(req->buf); Patches currently in stable-queue which might be from eu(a)felipetonello.com are queue-4.4/usb-gadget-change-len-to-size_t-on-alloc_ep_req.patch queue-4.4/usb-gadget-define-free_ep_req-as-universal-function.patch queue-4.4/usb-gadget-fix-usb_ep_align_maybe-endianness-and-new-usb_ep_align.patch queue-4.4/usb-gadget-align-buffer-size-when-allocating-for-out-endpoint.patch

7 years, 2 months

1
0
0 0

Patch "usb: gadget: align buffer size when allocating for OUT endpoint" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: align buffer size when allocating for OUT endpoint to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-gadget-align-buffer-size-when-allocating-for-out-endpoint.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From e0466156ee2e944fb47a3fa00932c3698a6d2c67 Mon Sep 17 00:00:00 2001 From: "Felipe F. Tonello" <eu(a)felipetonello.com> Date: Mon, 8 Aug 2016 21:30:06 +0100 Subject: usb: gadget: align buffer size when allocating for OUT endpoint From: Felipe F. Tonello <eu(a)felipetonello.com> commit e0466156ee2e944fb47a3fa00932c3698a6d2c67 upstream. Using usb_ep_align() makes sure that the buffer size for OUT endpoints is always aligned with wMaxPacketSize (512 usually). This makes sure that no buffer has the wrong size, which can cause nasty bugs. Signed-off-by: Felipe F. Tonello <eu(a)felipetonello.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/gadget/u_f.c | 3 +++ drivers/usb/gadget/u_f.h | 16 +++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) --- a/drivers/usb/gadget/u_f.c +++ b/drivers/usb/gadget/u_f.c @@ -12,6 +12,7 @@ */ #include "u_f.h" +#include <linux/usb/ch9.h> struct usb_request *alloc_ep_req(struct usb_ep *ep, size_t len, int default_len) { @@ -20,6 +21,8 @@ struct usb_request *alloc_ep_req(struct req = usb_ep_alloc_request(ep, GFP_ATOMIC); if (req) { req->length = len ?: default_len; + if (usb_endpoint_dir_out(ep->desc)) + req->length = usb_ep_align(ep, req->length); req->buf = kmalloc(req->length, GFP_ATOMIC); if (!req->buf) { usb_ep_free_request(ep, req); --- a/drivers/usb/gadget/u_f.h +++ b/drivers/usb/gadget/u_f.h @@ -47,8 +47,22 @@ struct usb_ep; struct usb_request; -/* Requests allocated via alloc_ep_req() must be freed by free_ep_req(). */ +/** + * alloc_ep_req - returns a usb_request allocated by the gadget driver and + * allocates the request's buffer. + * + * @ep: the endpoint to allocate a usb_request + * @len: usb_requests's buffer suggested size + * @default_len: used if @len is not provided, ie, is 0 + * + * In case @ep direction is OUT, the @len will be aligned to ep's + * wMaxPacketSize. In order to avoid memory leaks or drops, *always* use + * usb_requests's length (req->length) to refer to the allocated buffer size. + * Requests allocated via alloc_ep_req() *must* be freed by free_ep_req(). + */ struct usb_request *alloc_ep_req(struct usb_ep *ep, size_t len, int default_len); + +/* Frees a usb_request previously allocated by alloc_ep_req() */ static inline void free_ep_req(struct usb_ep *ep, struct usb_request *req) { kfree(req->buf); Patches currently in stable-queue which might be from eu(a)felipetonello.com are queue-4.4/usb-gadget-change-len-to-size_t-on-alloc_ep_req.patch queue-4.4/usb-gadget-define-free_ep_req-as-universal-function.patch queue-4.4/usb-gadget-fix-usb_ep_align_maybe-endianness-and-new-usb_ep_align.patch queue-4.4/usb-gadget-align-buffer-size-when-allocating-for-out-endpoint.patch

7 years, 2 months

1
0
0 0

Patch "usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-gadget-fix-usb_ep_align_maybe-endianness-and-new-usb_ep_align.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 16b114a6d7973cf027e4c2b23eae1076eaf98c25 Mon Sep 17 00:00:00 2001 From: "Felipe F. Tonello" <eu(a)felipetonello.com> Date: Mon, 8 Aug 2016 21:30:04 +0100 Subject: usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align From: Felipe F. Tonello <eu(a)felipetonello.com> commit 16b114a6d7973cf027e4c2b23eae1076eaf98c25 upstream. USB spec specifies wMaxPacketSize to be little endian (as other properties), so when using this variable in the driver we should convert to the current CPU endianness if necessary. This patch also introduces usb_ep_align() which does always returns the aligned buffer size for an endpoint. This is useful to be used by USB requests allocator functions. Signed-off-by: Felipe F. Tonello <eu(a)felipetonello.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/linux/usb/gadget.h | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) --- a/include/linux/usb/gadget.h +++ b/include/linux/usb/gadget.h @@ -582,8 +582,20 @@ static inline struct usb_gadget *dev_to_ /** + * usb_ep_align - returns @len aligned to ep's maxpacketsize. + * @ep: the endpoint whose maxpacketsize is used to align @len + * @len: buffer size's length to align to @ep's maxpacketsize + * + * This helper is used to align buffer's size to an ep's maxpacketsize. + */ +static inline size_t usb_ep_align(struct usb_ep *ep, size_t len) +{ + return round_up(len, (size_t)le16_to_cpu(ep->desc->wMaxPacketSize)); +} + +/** * usb_ep_align_maybe - returns @len aligned to ep's maxpacketsize if gadget - * requires quirk_ep_out_aligned_size, otherwise reguens len. + * requires quirk_ep_out_aligned_size, otherwise returns len. * @g: controller to check for quirk * @ep: the endpoint whose maxpacketsize is used to align @len * @len: buffer size's length to align to @ep's maxpacketsize @@ -594,8 +606,7 @@ static inline struct usb_gadget *dev_to_ static inline size_t usb_ep_align_maybe(struct usb_gadget *g, struct usb_ep *ep, size_t len) { - return !g->quirk_ep_out_aligned_size ? len : - round_up(len, (size_t)ep->desc->wMaxPacketSize); + return g->quirk_ep_out_aligned_size ? usb_ep_align(ep, len) : len; } /** Patches currently in stable-queue which might be from eu(a)felipetonello.com are queue-3.18/usb-gadget-change-len-to-size_t-on-alloc_ep_req.patch queue-3.18/usb-gadget-define-free_ep_req-as-universal-function.patch queue-3.18/usb-gadget-fix-usb_ep_align_maybe-endianness-and-new-usb_ep_align.patch queue-3.18/usb-gadget-align-buffer-size-when-allocating-for-out-endpoint.patch

7 years, 2 months

1
0
0 0

Patch "usb: gadget: change len to size_t on alloc_ep_req()" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: change len to size_t on alloc_ep_req() to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-gadget-change-len-to-size_t-on-alloc_ep_req.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 69bb99738b5c6d56d2b1a75db9cbb4d187453c1a Mon Sep 17 00:00:00 2001 From: "Felipe F. Tonello" <eu(a)felipetonello.com> Date: Mon, 8 Aug 2016 21:30:05 +0100 Subject: usb: gadget: change len to size_t on alloc_ep_req() From: Felipe F. Tonello <eu(a)felipetonello.com> commit 69bb99738b5c6d56d2b1a75db9cbb4d187453c1a upstream. Length of buffers should be of type size_t whenever possible. Altough recommended, this change has no real practical change, unless a driver has a uses a huge or negative buffer size - it might help find these bugs. Signed-off-by: Felipe F. Tonello <eu(a)felipetonello.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/gadget/u_f.c | 2 +- drivers/usb/gadget/u_f.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/drivers/usb/gadget/u_f.c +++ b/drivers/usb/gadget/u_f.c @@ -13,7 +13,7 @@ #include "u_f.h" -struct usb_request *alloc_ep_req(struct usb_ep *ep, int len, int default_len) +struct usb_request *alloc_ep_req(struct usb_ep *ep, size_t len, int default_len) { struct usb_request *req; --- a/drivers/usb/gadget/u_f.h +++ b/drivers/usb/gadget/u_f.h @@ -48,7 +48,7 @@ struct usb_ep; struct usb_request; /* Requests allocated via alloc_ep_req() must be freed by free_ep_req(). */ -struct usb_request *alloc_ep_req(struct usb_ep *ep, int len, int default_len); +struct usb_request *alloc_ep_req(struct usb_ep *ep, size_t len, int default_len); static inline void free_ep_req(struct usb_ep *ep, struct usb_request *req) { kfree(req->buf); Patches currently in stable-queue which might be from eu(a)felipetonello.com are queue-3.18/usb-gadget-change-len-to-size_t-on-alloc_ep_req.patch queue-3.18/usb-gadget-define-free_ep_req-as-universal-function.patch queue-3.18/usb-gadget-fix-usb_ep_align_maybe-endianness-and-new-usb_ep_align.patch queue-3.18/usb-gadget-align-buffer-size-when-allocating-for-out-endpoint.patch

7 years, 2 months

1
0
0 0

Patch "usb: gadget: define free_ep_req as universal function" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: define free_ep_req as universal function to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-gadget-define-free_ep_req-as-universal-function.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 079fe5a6da616891cca1a26e803e1df2a87e9ae5 Mon Sep 17 00:00:00 2001 From: "Felipe F. Tonello" <eu(a)felipetonello.com> Date: Tue, 10 Nov 2015 17:52:05 +0000 Subject: usb: gadget: define free_ep_req as universal function From: Felipe F. Tonello <eu(a)felipetonello.com> commit 079fe5a6da616891cca1a26e803e1df2a87e9ae5 upstream. This function is shared between gadget functions, so this avoid unnecessary duplicated code and potentially avoid memory leaks. Reviewed-by: Robert Baldyga <r.baldyga(a)samsung.com> Signed-off-by: Felipe F. Tonello <eu(a)felipetonello.com> Signed-off-by: Felipe Balbi <balbi(a)ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/gadget/function/f_midi.c | 6 ------ drivers/usb/gadget/function/f_sourcesink.c | 6 ------ drivers/usb/gadget/function/g_zero.h | 1 - drivers/usb/gadget/u_f.c | 1 - drivers/usb/gadget/u_f.h | 10 ++++++++-- 5 files changed, 8 insertions(+), 16 deletions(-) --- a/drivers/usb/gadget/function/f_midi.c +++ b/drivers/usb/gadget/function/f_midi.c @@ -199,12 +199,6 @@ static inline struct usb_request *midi_a return alloc_ep_req(ep, length, length); } -static void free_ep_req(struct usb_ep *ep, struct usb_request *req) -{ - kfree(req->buf); - usb_ep_free_request(ep, req); -} - static const uint8_t f_midi_cin_length[] = { 0, 0, 2, 3, 3, 1, 2, 3, 3, 3, 3, 3, 2, 2, 3, 1 }; --- a/drivers/usb/gadget/function/f_sourcesink.c +++ b/drivers/usb/gadget/function/f_sourcesink.c @@ -435,12 +435,6 @@ static inline struct usb_request *ss_all return alloc_ep_req(ep, len, buflen); } -void free_ep_req(struct usb_ep *ep, struct usb_request *req) -{ - kfree(req->buf); - usb_ep_free_request(ep, req); -} - static void disable_ep(struct usb_composite_dev *cdev, struct usb_ep *ep) { int value; --- a/drivers/usb/gadget/function/g_zero.h +++ b/drivers/usb/gadget/function/g_zero.h @@ -69,7 +69,6 @@ void lb_modexit(void); int lb_modinit(void); /* common utilities */ -void free_ep_req(struct usb_ep *ep, struct usb_request *req); void disable_endpoints(struct usb_composite_dev *cdev, struct usb_ep *in, struct usb_ep *out, struct usb_ep *iso_in, struct usb_ep *iso_out, --- a/drivers/usb/gadget/u_f.c +++ b/drivers/usb/gadget/u_f.c @@ -11,7 +11,6 @@ * published by the Free Software Foundation. */ -#include <linux/usb/gadget.h> #include "u_f.h" struct usb_request *alloc_ep_req(struct usb_ep *ep, int len, int default_len) --- a/drivers/usb/gadget/u_f.h +++ b/drivers/usb/gadget/u_f.h @@ -16,6 +16,8 @@ #ifndef __U_F_H__ #define __U_F_H__ +#include <linux/usb/gadget.h> + /* Variable Length Array Macros **********************************************/ #define vla_group(groupname) size_t groupname##__next = 0 #define vla_group_size(groupname) groupname##__next @@ -45,8 +47,12 @@ struct usb_ep; struct usb_request; +/* Requests allocated via alloc_ep_req() must be freed by free_ep_req(). */ struct usb_request *alloc_ep_req(struct usb_ep *ep, int len, int default_len); +static inline void free_ep_req(struct usb_ep *ep, struct usb_request *req) +{ + kfree(req->buf); + usb_ep_free_request(ep, req); +} #endif /* __U_F_H__ */ - - Patches currently in stable-queue which might be from eu(a)felipetonello.com are queue-3.18/usb-gadget-change-len-to-size_t-on-alloc_ep_req.patch queue-3.18/usb-gadget-define-free_ep_req-as-universal-function.patch queue-3.18/usb-gadget-fix-usb_ep_align_maybe-endianness-and-new-usb_ep_align.patch queue-3.18/usb-gadget-align-buffer-size-when-allocating-for-out-endpoint.patch

7 years, 2 months

1
0
0 0

Patch "usb: gadget: f_hid: fix: Prevent accessing released memory" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: f_hid: fix: Prevent accessing released memory to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-gadget-f_hid-fix-prevent-accessing-released-memory.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From aa65d11aa008f4de58a9cee7e121666d9d68505e Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak <kopasiak90(a)gmail.com> Date: Thu, 19 Jan 2017 18:55:28 +0100 Subject: usb: gadget: f_hid: fix: Prevent accessing released memory From: Krzysztof Opasiak <kopasiak90(a)gmail.com> commit aa65d11aa008f4de58a9cee7e121666d9d68505e upstream. When we unlock our spinlock to copy data to user we may get disabled by USB host and free the whole list of completed out requests including the one from which we are copying the data to user memory. To prevent from this let's remove our working element from the list and place it back only if there is sth left when we finish with it. Fixes: 99c515005857 ("usb: gadget: hidg: register OUT INT endpoint for SET_REPORT") Cc: stable(a)vger.kernel.org Tested-by: David Lechner <david(a)lechnology.com> Signed-off-by: Krzysztof Opasiak <k.opasiak(a)samsung.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Cc: Jerry Zhang <zhangjerry(a)google.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/gadget/function/f_hid.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) --- a/drivers/usb/gadget/function/f_hid.c +++ b/drivers/usb/gadget/function/f_hid.c @@ -197,6 +197,13 @@ static ssize_t f_hidg_read(struct file * /* pick the first one */ list = list_first_entry(&hidg->completed_out_req, struct f_hidg_req_list, list); + + /* + * Remove this from list to protect it from beign free() + * while host disables our function + */ + list_del(&list->list); + req = list->req; count = min_t(unsigned int, count, req->actual - list->pos); spin_unlock_irqrestore(&hidg->spinlock, flags); @@ -212,15 +219,20 @@ static ssize_t f_hidg_read(struct file * * call, taking into account its current read position. */ if (list->pos == req->actual) { - spin_lock_irqsave(&hidg->spinlock, flags); - list_del(&list->list); kfree(list); - spin_unlock_irqrestore(&hidg->spinlock, flags); req->length = hidg->report_length; ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL); - if (ret < 0) + if (ret < 0) { + free_ep_req(hidg->out_ep, req); return ret; + } + } else { + spin_lock_irqsave(&hidg->spinlock, flags); + list_add(&list->list, &hidg->completed_out_req); + spin_unlock_irqrestore(&hidg->spinlock, flags); + + wake_up(&hidg->read_queue); } return count; @@ -455,6 +467,7 @@ static void hidg_disable(struct usb_func { struct f_hidg *hidg = func_to_hidg(f); struct f_hidg_req_list *list, *next; + unsigned long flags; usb_ep_disable(hidg->in_ep); hidg->in_ep->driver_data = NULL; @@ -462,10 +475,13 @@ static void hidg_disable(struct usb_func usb_ep_disable(hidg->out_ep); hidg->out_ep->driver_data = NULL; + spin_lock_irqsave(&hidg->spinlock, flags); list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) { + free_ep_req(hidg->out_ep, list->req); list_del(&list->list); kfree(list); } + spin_unlock_irqrestore(&hidg->spinlock, flags); } static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt) Patches currently in stable-queue which might be from kopasiak90(a)gmail.com are queue-3.18/usb-gadget-f_hid-fix-prevent-accessing-released-memory.patch

7 years, 2 months

1
0
0 0

Patch "usb: gadget: align buffer size when allocating for OUT endpoint" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: gadget: align buffer size when allocating for OUT endpoint to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-gadget-align-buffer-size-when-allocating-for-out-endpoint.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From e0466156ee2e944fb47a3fa00932c3698a6d2c67 Mon Sep 17 00:00:00 2001 From: "Felipe F. Tonello" <eu(a)felipetonello.com> Date: Mon, 8 Aug 2016 21:30:06 +0100 Subject: usb: gadget: align buffer size when allocating for OUT endpoint From: Felipe F. Tonello <eu(a)felipetonello.com> commit e0466156ee2e944fb47a3fa00932c3698a6d2c67 upstream. Using usb_ep_align() makes sure that the buffer size for OUT endpoints is always aligned with wMaxPacketSize (512 usually). This makes sure that no buffer has the wrong size, which can cause nasty bugs. Signed-off-by: Felipe F. Tonello <eu(a)felipetonello.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/gadget/u_f.c | 3 +++ drivers/usb/gadget/u_f.h | 16 +++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) --- a/drivers/usb/gadget/u_f.c +++ b/drivers/usb/gadget/u_f.c @@ -12,6 +12,7 @@ */ #include "u_f.h" +#include <linux/usb/ch9.h> struct usb_request *alloc_ep_req(struct usb_ep *ep, size_t len, int default_len) { @@ -20,6 +21,8 @@ struct usb_request *alloc_ep_req(struct req = usb_ep_alloc_request(ep, GFP_ATOMIC); if (req) { req->length = len ?: default_len; + if (usb_endpoint_dir_out(ep->desc)) + req->length = usb_ep_align(ep, req->length); req->buf = kmalloc(req->length, GFP_ATOMIC); if (!req->buf) { usb_ep_free_request(ep, req); --- a/drivers/usb/gadget/u_f.h +++ b/drivers/usb/gadget/u_f.h @@ -47,8 +47,22 @@ struct usb_ep; struct usb_request; -/* Requests allocated via alloc_ep_req() must be freed by free_ep_req(). */ +/** + * alloc_ep_req - returns a usb_request allocated by the gadget driver and + * allocates the request's buffer. + * + * @ep: the endpoint to allocate a usb_request + * @len: usb_requests's buffer suggested size + * @default_len: used if @len is not provided, ie, is 0 + * + * In case @ep direction is OUT, the @len will be aligned to ep's + * wMaxPacketSize. In order to avoid memory leaks or drops, *always* use + * usb_requests's length (req->length) to refer to the allocated buffer size. + * Requests allocated via alloc_ep_req() *must* be freed by free_ep_req(). + */ struct usb_request *alloc_ep_req(struct usb_ep *ep, size_t len, int default_len); + +/* Frees a usb_request previously allocated by alloc_ep_req() */ static inline void free_ep_req(struct usb_ep *ep, struct usb_request *req) { kfree(req->buf); Patches currently in stable-queue which might be from eu(a)felipetonello.com are queue-3.18/usb-gadget-change-len-to-size_t-on-alloc_ep_req.patch queue-3.18/usb-gadget-define-free_ep_req-as-universal-function.patch queue-3.18/usb-gadget-fix-usb_ep_align_maybe-endianness-and-new-usb_ep_align.patch queue-3.18/usb-gadget-align-buffer-size-when-allocating-for-out-endpoint.patch

7 years, 2 months

1
0
0 0

[PATCH AUTOSEL for 4.15 001/124] i40iw: Fix sequence number for the first partial FPDU

by Sasha Levin

From: Shiraz Saleem <shiraz.saleem(a)intel.com> [ Upstream commit df8b13a1b23356d01dfc4647a5629cdb0f4ce566 ] Partial FPDU processing is broken as the sequence number for the first partial FPDU is wrong due to incorrect Q2 buffer offset. The offset should be 64 rather than 16. Fixes: 786c6adb3a94 ("i40iw: add puda code") Signed-off-by: Shiraz Saleem <shiraz.saleem(a)intel.com> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/infiniband/hw/i40iw/i40iw_d.h | 1 + drivers/infiniband/hw/i40iw/i40iw_puda.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/infiniband/hw/i40iw/i40iw_d.h b/drivers/infiniband/hw/i40iw/i40iw_d.h index 029083cb81d5..4b65e4140bd7 100644 --- a/drivers/infiniband/hw/i40iw/i40iw_d.h +++ b/drivers/infiniband/hw/i40iw/i40iw_d.h @@ -97,6 +97,7 @@ #define RDMA_OPCODE_MASK 0x0f #define RDMA_READ_REQ_OPCODE 1 #define Q2_BAD_FRAME_OFFSET 72 +#define Q2_FPSN_OFFSET 64 #define CQE_MAJOR_DRV 0x8000 #define I40IW_TERM_SENT 0x01 diff --git a/drivers/infiniband/hw/i40iw/i40iw_puda.c b/drivers/infiniband/hw/i40iw/i40iw_puda.c index 796a815b53fd..f64b6700f43f 100644 --- a/drivers/infiniband/hw/i40iw/i40iw_puda.c +++ b/drivers/infiniband/hw/i40iw/i40iw_puda.c @@ -1378,7 +1378,7 @@ static void i40iw_ieq_handle_exception(struct i40iw_puda_rsrc *ieq, u32 *hw_host_ctx = (u32 *)qp->hw_host_ctx; u32 rcv_wnd = hw_host_ctx[23]; /* first partial seq # in q2 */ - u32 fps = qp->q2_buf[16]; + u32 fps = *(u32 *)(qp->q2_buf + Q2_FPSN_OFFSET); struct list_head *rxlist = &pfpdu->rxlist; struct list_head *plist; -- 2.14.1

7 years, 2 months

8
141
0 0

[PATCH] f2fs: truncate preallocated blocks in error case

by Jaegeuk Kim

If write is failed, we must deallocate the blocks that we couldn't write. Cc: stable(a)vger.kernel.org Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> --- fs/f2fs/file.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 8068b015ece5..f18f62dd60a3 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2911,6 +2911,8 @@ static ssize_t f2fs_file_write_iter(struct kiocb *iocb, struct iov_iter *from) ret = generic_write_checks(iocb, from); if (ret > 0) { + bool preallocated = false; + size_t target_size; int err; if (iov_iter_fault_in_readable(from, iov_iter_count(from))) @@ -2927,6 +2929,9 @@ static ssize_t f2fs_file_write_iter(struct kiocb *iocb, struct iov_iter *from) } } else { + preallocated = true; + target_size = iocb->ki_pos + iov_iter_count(from); + err = f2fs_preallocate_blocks(iocb, from); if (err) { clear_inode_flag(inode, FI_NO_PREALLOC); @@ -2939,6 +2944,10 @@ static ssize_t f2fs_file_write_iter(struct kiocb *iocb, struct iov_iter *from) blk_finish_plug(&plug); clear_inode_flag(inode, FI_NO_PREALLOC); + /* if we couldn't write data, we should deallocate blocks. */ + if (preallocated && i_size_read(inode) < target_size) + f2fs_truncate(inode); + if (ret > 0) f2fs_update_iostat(F2FS_I_SB(inode), APP_WRITE_IO, ret); } -- 2.15.0.531.g2ccb3012c9-goog

7 years, 2 months

2
1
0 0

Re: [PATCH] bitmap: fix memset optimization on big-endian systems

by Omar Sandoval

On Mon, Apr 02, 2018 at 03:58:31PM -0700, Omar Sandoval wrote: > From: Omar Sandoval <osandov(a)fb.com> > > Commit 2a98dc028f91 introduced an optimization to bitmap_{set,clear}() > which uses memset() when the start and length are constants aligned to a > byte. This is wrong on big-endian systems; our bitmaps are arrays of > unsigned long, so bit n is not at byte n / 8 in memory. This was caught > by the Btrfs selftests, but the bitmap selftests also fail when run on a > big-endian machine. > > We can still use memset if the start and length are aligned to an > unsigned long, so do that on big-endian. The same problem applies to the > memcmp in bitmap_equal(), so fix it there, too. > > Fixes: 2a98dc028f91 ("include/linux/bitmap.h: turn bitmap_set and bitmap_clear into memset when possible") > Fixes: 2c6deb01525a ("bitmap: use memcmp optimisation in more situations") > Cc: stable(a)kernel.org This should be stable(a)vger.kernel.org, of course

7 years, 2 months

1
0
0 0

[PATCH v2] hugetlbfs: fix bug in pgoff overflow checking

by Mike Kravetz

This is a fix for a regression in 32 bit kernels caused by an invalid check for pgoff overflow in hugetlbfs mmap setup. The check incorrectly specified that the size of a loff_t was the same as the size of a long. The regression prevents mapping hugetlbfs files at offsets greater than 4GB on 32 bit kernels. On 32 bit kernels conversion from a page based unsigned long can not overflow a loff_t byte offset. Therefore, skip this check if sizeof(unsigned long) != sizeof(loff_t). Fixes: 63489f8e8211 ("hugetlbfs: check for pgoff value overflow") Cc: <stable(a)vger.kernel.org> Reported-by: Dan Rue <dan.rue(a)linaro.org> Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> --- fs/hugetlbfs/inode.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index b9a254dcc0e7..d508c7844681 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -138,10 +138,14 @@ static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma) /* * page based offset in vm_pgoff could be sufficiently large to - * overflow a (l)off_t when converted to byte offset. + * overflow a loff_t when converted to byte offset. This can + * only happen on architectures where sizeof(loff_t) == + * sizeof(unsigned long). So, only check in those instances. */ - if (vma->vm_pgoff & PGOFF_LOFFT_MAX) - return -EINVAL; + if (sizeof(unsigned long) == sizeof(loff_t)) { + if (vma->vm_pgoff & PGOFF_LOFFT_MAX) + return -EINVAL; + } /* must be huge page aligned */ if (vma->vm_pgoff & (~huge_page_mask(h) >> PAGE_SHIFT)) -- 2.13.6

7 years, 2 months

2
1
0 0

[PATCH] sky2: Increase D3 delay to sky2 stops working after suspend

by Kai-Heng Feng

The sky2 ethernet stops working after system resume from suspend: [ 582.852065] sky2 0000:04:00.0: Refused to change power state, currently in D3 The current 150ms delay is not enough, change it to 200ms can solve the issue. BugLink: https://bugs.launchpad.net/bugs/1758507 Cc: Stable <stable(a)vger.kernel.org> Signed-off-by: Kai-Heng Feng <kai.heng.feng(a)canonical.com> --- drivers/net/ethernet/marvell/sky2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c index 9fe85300e7b6..5754116a6a4d 100644 --- a/drivers/net/ethernet/marvell/sky2.c +++ b/drivers/net/ethernet/marvell/sky2.c @@ -5087,7 +5087,7 @@ static int sky2_probe(struct pci_dev *pdev, const struct pci_device_id *ent) INIT_WORK(&hw->restart_work, sky2_restart); pci_set_drvdata(pdev, hw); - pdev->d3_delay = 150; + pdev->d3_delay = 200; return 0; -- 2.15.1

7 years, 2 months

2
1
0 0

[PATCH 1/2] ext4: always initialize the crc32c checksum driver

by Theodore Ts'o

The extended attribute code now uses the crc32c checksum for hashing purposes, so we should just always always initialize it. We also want to prevent NULL pointer dereferences if one of the metadata checksum features is enabled after the file sytsem is originally mounted. https://bugzilla.kernel.org/show_bug.cgi?id=199183 Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org --- fs/ext4/super.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 9d1da40c1f62..7cd022c344d1 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -3492,15 +3492,12 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) } /* Load the checksum driver */ - if (ext4_has_feature_metadata_csum(sb) || - ext4_has_feature_ea_inode(sb)) { - sbi->s_chksum_driver = crypto_alloc_shash("crc32c", 0, 0); - if (IS_ERR(sbi->s_chksum_driver)) { - ext4_msg(sb, KERN_ERR, "Cannot load crc32c driver."); - ret = PTR_ERR(sbi->s_chksum_driver); - sbi->s_chksum_driver = NULL; - goto failed_mount; - } + sbi->s_chksum_driver = crypto_alloc_shash("crc32c", 0, 0); + if (IS_ERR(sbi->s_chksum_driver)) { + ext4_msg(sb, KERN_ERR, "Cannot load crc32c driver."); + ret = PTR_ERR(sbi->s_chksum_driver); + sbi->s_chksum_driver = NULL; + goto failed_mount; } /* Check superblock checksum */ -- 2.16.1.72.g5be1f00a9a

7 years, 2 months

3
3
0 0

Patch "partitions/msdos: Unable to mount UFS 44bsd partitions" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled partitions/msdos: Unable to mount UFS 44bsd partitions to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: partitions-msdos-unable-to-mount-ufs-44bsd-partitions.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 5f15684bd5e5ef39d4337988864fec8012471dda Mon Sep 17 00:00:00 2001 From: Richard Narron <comet.berkeley(a)gmail.com> Date: Wed, 10 Jan 2018 09:12:16 -0700 Subject: partitions/msdos: Unable to mount UFS 44bsd partitions From: Richard Narron <comet.berkeley(a)gmail.com> commit 5f15684bd5e5ef39d4337988864fec8012471dda upstream. UFS partitions from newer versions of FreeBSD 10 and 11 use relative addressing for their subpartitions. But older versions of FreeBSD still use absolute addressing just like OpenBSD and NetBSD. Instead of simply testing for a FreeBSD partition, the code needs to also test if the starting offset of the C subpartition is zero. https://bugzilla.kernel.org/show_bug.cgi?id=197733 Signed-off-by: Richard Narron <comet.berkeley(a)gmail.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- block/partitions/msdos.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/block/partitions/msdos.c +++ b/block/partitions/msdos.c @@ -300,7 +300,9 @@ static void parse_bsd(struct parsed_part continue; bsd_start = le32_to_cpu(p->p_offset); bsd_size = le32_to_cpu(p->p_size); - if (memcmp(flavour, "bsd\0", 4) == 0) + /* FreeBSD has relative offset if C partition offset is zero */ + if (memcmp(flavour, "bsd\0", 4) == 0 && + le32_to_cpu(l->d_partitions[2].p_offset) == 0) bsd_start += offset; if (offset == bsd_start && size == bsd_size) /* full parent partition, we have it already */ Patches currently in stable-queue which might be from comet.berkeley(a)gmail.com are queue-4.9/partitions-msdos-unable-to-mount-ufs-44bsd-partitions.patch

7 years, 2 months

1
0
0 0

Patch "partitions/msdos: Unable to mount UFS 44bsd partitions" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled partitions/msdos: Unable to mount UFS 44bsd partitions to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: partitions-msdos-unable-to-mount-ufs-44bsd-partitions.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 5f15684bd5e5ef39d4337988864fec8012471dda Mon Sep 17 00:00:00 2001 From: Richard Narron <comet.berkeley(a)gmail.com> Date: Wed, 10 Jan 2018 09:12:16 -0700 Subject: partitions/msdos: Unable to mount UFS 44bsd partitions From: Richard Narron <comet.berkeley(a)gmail.com> commit 5f15684bd5e5ef39d4337988864fec8012471dda upstream. UFS partitions from newer versions of FreeBSD 10 and 11 use relative addressing for their subpartitions. But older versions of FreeBSD still use absolute addressing just like OpenBSD and NetBSD. Instead of simply testing for a FreeBSD partition, the code needs to also test if the starting offset of the C subpartition is zero. https://bugzilla.kernel.org/show_bug.cgi?id=197733 Signed-off-by: Richard Narron <comet.berkeley(a)gmail.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- block/partitions/msdos.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/block/partitions/msdos.c +++ b/block/partitions/msdos.c @@ -300,7 +300,9 @@ static void parse_bsd(struct parsed_part continue; bsd_start = le32_to_cpu(p->p_offset); bsd_size = le32_to_cpu(p->p_size); - if (memcmp(flavour, "bsd\0", 4) == 0) + /* FreeBSD has relative offset if C partition offset is zero */ + if (memcmp(flavour, "bsd\0", 4) == 0 && + le32_to_cpu(l->d_partitions[2].p_offset) == 0) bsd_start += offset; if (offset == bsd_start && size == bsd_size) /* full parent partition, we have it already */ Patches currently in stable-queue which might be from comet.berkeley(a)gmail.com are queue-4.4/partitions-msdos-unable-to-mount-ufs-44bsd-partitions.patch

7 years, 2 months

1
0
0 0

Patch "partitions/msdos: Unable to mount UFS 44bsd partitions" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled partitions/msdos: Unable to mount UFS 44bsd partitions to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: partitions-msdos-unable-to-mount-ufs-44bsd-partitions.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 5f15684bd5e5ef39d4337988864fec8012471dda Mon Sep 17 00:00:00 2001 From: Richard Narron <comet.berkeley(a)gmail.com> Date: Wed, 10 Jan 2018 09:12:16 -0700 Subject: partitions/msdos: Unable to mount UFS 44bsd partitions From: Richard Narron <comet.berkeley(a)gmail.com> commit 5f15684bd5e5ef39d4337988864fec8012471dda upstream. UFS partitions from newer versions of FreeBSD 10 and 11 use relative addressing for their subpartitions. But older versions of FreeBSD still use absolute addressing just like OpenBSD and NetBSD. Instead of simply testing for a FreeBSD partition, the code needs to also test if the starting offset of the C subpartition is zero. https://bugzilla.kernel.org/show_bug.cgi?id=197733 Signed-off-by: Richard Narron <comet.berkeley(a)gmail.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- block/partitions/msdos.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/block/partitions/msdos.c +++ b/block/partitions/msdos.c @@ -301,7 +301,9 @@ static void parse_bsd(struct parsed_part continue; bsd_start = le32_to_cpu(p->p_offset); bsd_size = le32_to_cpu(p->p_size); - if (memcmp(flavour, "bsd\0", 4) == 0) + /* FreeBSD has relative offset if C partition offset is zero */ + if (memcmp(flavour, "bsd\0", 4) == 0 && + le32_to_cpu(l->d_partitions[2].p_offset) == 0) bsd_start += offset; if (offset == bsd_start && size == bsd_size) /* full parent partition, we have it already */ Patches currently in stable-queue which might be from comet.berkeley(a)gmail.com are queue-4.15/partitions-msdos-unable-to-mount-ufs-44bsd-partitions.patch

7 years, 2 months

1
0
0 0

Patch "partitions/msdos: Unable to mount UFS 44bsd partitions" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled partitions/msdos: Unable to mount UFS 44bsd partitions to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: partitions-msdos-unable-to-mount-ufs-44bsd-partitions.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 5f15684bd5e5ef39d4337988864fec8012471dda Mon Sep 17 00:00:00 2001 From: Richard Narron <comet.berkeley(a)gmail.com> Date: Wed, 10 Jan 2018 09:12:16 -0700 Subject: partitions/msdos: Unable to mount UFS 44bsd partitions From: Richard Narron <comet.berkeley(a)gmail.com> commit 5f15684bd5e5ef39d4337988864fec8012471dda upstream. UFS partitions from newer versions of FreeBSD 10 and 11 use relative addressing for their subpartitions. But older versions of FreeBSD still use absolute addressing just like OpenBSD and NetBSD. Instead of simply testing for a FreeBSD partition, the code needs to also test if the starting offset of the C subpartition is zero. https://bugzilla.kernel.org/show_bug.cgi?id=197733 Signed-off-by: Richard Narron <comet.berkeley(a)gmail.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- block/partitions/msdos.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/block/partitions/msdos.c +++ b/block/partitions/msdos.c @@ -301,7 +301,9 @@ static void parse_bsd(struct parsed_part continue; bsd_start = le32_to_cpu(p->p_offset); bsd_size = le32_to_cpu(p->p_size); - if (memcmp(flavour, "bsd\0", 4) == 0) + /* FreeBSD has relative offset if C partition offset is zero */ + if (memcmp(flavour, "bsd\0", 4) == 0 && + le32_to_cpu(l->d_partitions[2].p_offset) == 0) bsd_start += offset; if (offset == bsd_start && size == bsd_size) /* full parent partition, we have it already */ Patches currently in stable-queue which might be from comet.berkeley(a)gmail.com are queue-4.14/partitions-msdos-unable-to-mount-ufs-44bsd-partitions.patch

7 years, 2 months

1
0
0 0

[PATCH 1/1] partitions/msdos: Unable to mount UFS 44bsd partitions

by Richard Narron

The patch below was installed in Linux 4.16-rc1 as commit 5f15684bd5e5ef39d4337988864fec8012471dda It is a fix to the following 4.12-rc3 patch: commit 223220356d5ebc05ead9a8d697abb0c0a906fc81 Please install the new patch wherever the old patch was installed. -------------------------------------------------------------------------------- UFS partitions from newer versions of FreeBSD 10 and 11 use relative addressing for their subpartitions. But older versions of FreeBSD still use absolute addressing just like OpenBSD and NetBSD. Instead of simply testing for a FreeBSD partition, the code needs to also test if the starting offset of the C subpartition is zero. https://bugzilla.kernel.org/show_bug.cgi?id=197733 Signed-off-by: Richard Narron <comet.berkeley(a)gmail.com> --- --- a/block/partitions/msdos.c.orig 2017-11-05 13:05:14.000000000 -0800 +++ b/block/partitions/msdos.c 2017-11-06 09:46:00.148228242 -0800 @@ -301,7 +301,9 @@ static void parse_bsd(struct parsed_part continue; bsd_start = le32_to_cpu(p->p_offset); bsd_size = le32_to_cpu(p->p_size); - if (memcmp(flavour, "bsd\0", 4) == 0) + /* FreeBSD has relative offset if C partition offset is zero */ + if (memcmp(flavour, "bsd\0", 4) == 0 && + le32_to_cpu(l->d_partitions[2].p_offset) == 0) bsd_start += offset; if (offset == bsd_start && size == bsd_size) /* full parent partition, we have it already */

7 years, 2 months

2
1
0 0

Patch "partitions/msdos: Unable to mount UFS 44bsd partitions" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled partitions/msdos: Unable to mount UFS 44bsd partitions to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: partitions-msdos-unable-to-mount-ufs-44bsd-partitions.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 5f15684bd5e5ef39d4337988864fec8012471dda Mon Sep 17 00:00:00 2001 From: Richard Narron <comet.berkeley(a)gmail.com> Date: Wed, 10 Jan 2018 09:12:16 -0700 Subject: partitions/msdos: Unable to mount UFS 44bsd partitions From: Richard Narron <comet.berkeley(a)gmail.com> commit 5f15684bd5e5ef39d4337988864fec8012471dda upstream. UFS partitions from newer versions of FreeBSD 10 and 11 use relative addressing for their subpartitions. But older versions of FreeBSD still use absolute addressing just like OpenBSD and NetBSD. Instead of simply testing for a FreeBSD partition, the code needs to also test if the starting offset of the C subpartition is zero. https://bugzilla.kernel.org/show_bug.cgi?id=197733 Signed-off-by: Richard Narron <comet.berkeley(a)gmail.com> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- block/partitions/msdos.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/block/partitions/msdos.c +++ b/block/partitions/msdos.c @@ -300,7 +300,9 @@ static void parse_bsd(struct parsed_part continue; bsd_start = le32_to_cpu(p->p_offset); bsd_size = le32_to_cpu(p->p_size); - if (memcmp(flavour, "bsd\0", 4) == 0) + /* FreeBSD has relative offset if C partition offset is zero */ + if (memcmp(flavour, "bsd\0", 4) == 0 && + le32_to_cpu(l->d_partitions[2].p_offset) == 0) bsd_start += offset; if (offset == bsd_start && size == bsd_size) /* full parent partition, we have it already */ Patches currently in stable-queue which might be from comet.berkeley(a)gmail.com are queue-3.18/partitions-msdos-unable-to-mount-ufs-44bsd-partitions.patch

7 years, 2 months

1
0
0 0

Patch "powerpc/64s: Fix lost pending interrupt due to race causing lost update to irq_happened" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/64s: Fix lost pending interrupt due to race causing lost update to irq_happened to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-64s-fix-lost-pending-interrupt-due-to-race-causing-lost-update-to-irq_happened.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ff6781fd1bb404d8a551c02c35c70cec1da17ff1 Mon Sep 17 00:00:00 2001 From: Nicholas Piggin <npiggin(a)gmail.com> Date: Wed, 21 Mar 2018 12:22:28 +1000 Subject: powerpc/64s: Fix lost pending interrupt due to race causing lost update to irq_happened From: Nicholas Piggin <npiggin(a)gmail.com> commit ff6781fd1bb404d8a551c02c35c70cec1da17ff1 upstream. force_external_irq_replay() can be called in the do_IRQ path with interrupts hard enabled and soft disabled if may_hard_irq_enable() set MSR[EE]=1. It updates local_paca->irq_happened with a load, modify, store sequence. If a maskable interrupt hits during this sequence, it will go to the masked handler to be marked pending in irq_happened. This update will be lost when the interrupt returns and the store instruction executes. This can result in unpredictable latencies, timeouts, lockups, etc. Fix this by ensuring hard interrupts are disabled before modifying irq_happened. This could cause any maskable asynchronous interrupt to get lost, but it was noticed on P9 SMP system doing RDMA NVMe target over 100GbE, so very high external interrupt rate and high IPI rate. The hang was bisected down to enabling doorbell interrupts for IPIs. These provided an interrupt type that could run at high rates in the do_IRQ path, stressing the race. Fixes: 1d607bb3bd60 ("powerpc/irq: Add mechanism to force a replay of interrupts") Cc: stable(a)vger.kernel.org # v4.8+ Reported-by: Carol L. Soto <clsoto(a)us.ibm.com> Signed-off-by: Nicholas Piggin <npiggin(a)gmail.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/kernel/irq.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/arch/powerpc/kernel/irq.c +++ b/arch/powerpc/kernel/irq.c @@ -372,6 +372,14 @@ void force_external_irq_replay(void) */ WARN_ON(!arch_irqs_disabled()); + /* + * Interrupts must always be hard disabled before irq_happened is + * modified (to prevent lost update in case of interrupt between + * load and store). + */ + __hard_irq_disable(); + local_paca->irq_happened |= PACA_IRQ_HARD_DIS; + /* Indicate in the PACA that we have an interrupt to replay */ local_paca->irq_happened |= PACA_IRQ_EE; } Patches currently in stable-queue which might be from npiggin(a)gmail.com are queue-4.9/powerpc-64s-fix-lost-pending-interrupt-due-to-race-causing-lost-update-to-irq_happened.patch queue-4.9/powerpc-64s-fix-i-side-slb-miss-bad-address-handler-saving-nonvolatile-gprs.patch

7 years, 2 months

1
0
0 0

Patch "powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-64s-fix-i-side-slb-miss-bad-address-handler-saving-nonvolatile-gprs.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 52396500f97c53860164debc7d4f759077853423 Mon Sep 17 00:00:00 2001 From: Nicholas Piggin <npiggin(a)gmail.com> Date: Fri, 23 Mar 2018 15:53:38 +1000 Subject: powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs From: Nicholas Piggin <npiggin(a)gmail.com> commit 52396500f97c53860164debc7d4f759077853423 upstream. The SLB bad address handler's trap number fixup does not preserve the low bit that indicates nonvolatile GPRs have not been saved. This leads save_nvgprs to skip saving them, and subsequent functions and return from interrupt will think they are saved. This causes kernel branch-to-garbage debugging to not have correct registers, can also cause userspace to have its registers clobbered after a segfault. Fixes: f0f558b131db ("powerpc/mm: Preserve CFAR value on SLB miss caused by access to bogus address") Cc: stable(a)vger.kernel.org # v4.9+ Signed-off-by: Nicholas Piggin <npiggin(a)gmail.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/kernel/exceptions-64s.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/powerpc/kernel/exceptions-64s.S +++ b/arch/powerpc/kernel/exceptions-64s.S @@ -723,7 +723,7 @@ EXC_COMMON_BEGIN(bad_addr_slb) ld r3, PACA_EXSLB+EX_DAR(r13) std r3, _DAR(r1) beq cr6, 2f - li r10, 0x480 /* fix trap number for I-SLB miss */ + li r10, 0x481 /* fix trap number for I-SLB miss */ std r10, _TRAP(r1) 2: bl save_nvgprs addi r3, r1, STACK_FRAME_OVERHEAD Patches currently in stable-queue which might be from npiggin(a)gmail.com are queue-4.9/powerpc-64s-fix-lost-pending-interrupt-due-to-race-causing-lost-update-to-irq_happened.patch queue-4.9/powerpc-64s-fix-i-side-slb-miss-bad-address-handler-saving-nonvolatile-gprs.patch

7 years, 2 months

1
0
0 0

Patch "perf/hwbp: Simplify the perf-hwbp code, fix documentation" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled perf/hwbp: Simplify the perf-hwbp code, fix documentation to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: perf-hwbp-simplify-the-perf-hwbp-code-fix-documentation.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From f67b15037a7a50c57f72e69a6d59941ad90a0f0f Mon Sep 17 00:00:00 2001 From: Linus Torvalds <torvalds(a)linux-foundation.org> Date: Mon, 26 Mar 2018 15:39:07 -1000 Subject: perf/hwbp: Simplify the perf-hwbp code, fix documentation From: Linus Torvalds <torvalds(a)linux-foundation.org> commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f upstream. Annoyingly, modify_user_hw_breakpoint() unnecessarily complicates the modification of a breakpoint - simplify it and remove the pointless local variables. Also update the stale Docbook while at it. Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Cc: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arnaldo Carvalho de Melo <acme(a)redhat.com> Cc: Frederic Weisbecker <fweisbec(a)gmail.com> Cc: Jiri Olsa <jolsa(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Stephane Eranian <eranian(a)google.com> Cc: Vince Weaver <vincent.weaver(a)maine.edu> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/events/hw_breakpoint.c | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) --- a/kernel/events/hw_breakpoint.c +++ b/kernel/events/hw_breakpoint.c @@ -427,16 +427,9 @@ EXPORT_SYMBOL_GPL(register_user_hw_break * modify_user_hw_breakpoint - modify a user-space hardware breakpoint * @bp: the breakpoint structure to modify * @attr: new breakpoint attributes - * @triggered: callback to trigger when we hit the breakpoint - * @tsk: pointer to 'task_struct' of the process to which the address belongs */ int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *attr) { - u64 old_addr = bp->attr.bp_addr; - u64 old_len = bp->attr.bp_len; - int old_type = bp->attr.bp_type; - int err = 0; - /* * modify_user_hw_breakpoint can be invoked with IRQs disabled and hence it * will not be possible to raise IPIs that invoke __perf_event_disable. @@ -451,27 +444,18 @@ int modify_user_hw_breakpoint(struct per bp->attr.bp_addr = attr->bp_addr; bp->attr.bp_type = attr->bp_type; bp->attr.bp_len = attr->bp_len; + bp->attr.disabled = 1; - if (attr->disabled) - goto end; - - err = validate_hw_breakpoint(bp); - if (!err) - perf_event_enable(bp); + if (!attr->disabled) { + int err = validate_hw_breakpoint(bp); - if (err) { - bp->attr.bp_addr = old_addr; - bp->attr.bp_type = old_type; - bp->attr.bp_len = old_len; - if (!bp->attr.disabled) - perf_event_enable(bp); + if (err) + return err; - return err; + perf_event_enable(bp); + bp->attr.disabled = 0; } -end: - bp->attr.disabled = attr->disabled; - return 0; } EXPORT_SYMBOL_GPL(modify_user_hw_breakpoint); Patches currently in stable-queue which might be from torvalds(a)linux-foundation.org are queue-4.9/perf-hwbp-simplify-the-perf-hwbp-code-fix-documentation.patch queue-4.9/ipc-shm.c-add-split-function-to-shm_vm_ops.patch

7 years, 2 months

1
0
0 0

Patch "mtd: jedec_probe: Fix crash in jedec_read_mfr()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mtd: jedec_probe: Fix crash in jedec_read_mfr() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mtd-jedec_probe-fix-crash-in-jedec_read_mfr.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 87a73eb5b56fd6e07c8e499fe8608ef2d8912b82 Mon Sep 17 00:00:00 2001 From: Linus Walleij <linus.walleij(a)linaro.org> Date: Sat, 3 Mar 2018 23:29:03 +0100 Subject: mtd: jedec_probe: Fix crash in jedec_read_mfr() From: Linus Walleij <linus.walleij(a)linaro.org> commit 87a73eb5b56fd6e07c8e499fe8608ef2d8912b82 upstream. It turns out that the loop where we read manufacturer jedec_read_mfd() can under some circumstances get a CFI_MFR_CONTINUATION repeatedly, making the loop go over all banks and eventually hit the end of the map and crash because of an access violation: Unable to handle kernel paging request at virtual address c4980000 pgd = (ptrval) [c4980000] *pgd=03808811, *pte=00000000, *ppte=00000000 Internal error: Oops: 7 [#1] PREEMPT ARM CPU: 0 PID: 1 Comm: swapper Not tainted 4.16.0-rc1+ #150 Hardware name: Gemini (Device Tree) PC is at jedec_probe_chip+0x6ec/0xcd0 LR is at 0x4 pc : [<c03a2bf4>] lr : [<00000004>] psr: 60000013 sp : c382dd18 ip : 0000ffff fp : 00000000 r10: c0626388 r9 : 00020000 r8 : c0626340 r7 : 00000000 r6 : 00000001 r5 : c3a71afc r4 : c382dd70 r3 : 00000001 r2 : c4900000 r1 : 00000002 r0 : 00080000 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 0000397f Table: 00004000 DAC: 00000053 Process swapper (pid: 1, stack limit = 0x(ptrval)) Fix this by breaking the loop with a return 0 if the offset exceeds the map size. Fixes: 5c9c11e1c47c ("[MTD] [NOR] Add support for flash chips with ID in bank other than 0") Cc: <stable(a)vger.kernel.org> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/mtd/chips/jedec_probe.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/mtd/chips/jedec_probe.c +++ b/drivers/mtd/chips/jedec_probe.c @@ -1889,6 +1889,8 @@ static inline u32 jedec_read_mfr(struct do { uint32_t ofs = cfi_build_cmd_addr(0 + (bank << 8), map, cfi); mask = (1 << (cfi->device_type * 8)) - 1; + if (ofs >= map->size) + return 0; result = map_read(map, base + ofs); bank++; } while ((result.x[0] & mask) == CFI_MFR_CONTINUATION); Patches currently in stable-queue which might be from linus.walleij(a)linaro.org are queue-4.9/mtd-jedec_probe-fix-crash-in-jedec_read_mfr.patch

7 years, 2 months

1
0
0 0

Patch "ipc/shm.c: add split function to shm_vm_ops" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipc/shm.c: add split function to shm_vm_ops to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipc-shm.c-add-split-function-to-shm_vm_ops.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3d942ee079b917b24e2a0c5f18d35ac8ec9fee48 Mon Sep 17 00:00:00 2001 From: Mike Kravetz <mike.kravetz(a)oracle.com> Date: Wed, 28 Mar 2018 16:01:01 -0700 Subject: ipc/shm.c: add split function to shm_vm_ops From: Mike Kravetz <mike.kravetz(a)oracle.com> commit 3d942ee079b917b24e2a0c5f18d35ac8ec9fee48 upstream. If System V shmget/shmat operations are used to create a hugetlbfs backed mapping, it is possible to munmap part of the mapping and split the underlying vma such that it is not huge page aligned. This will untimately result in the following BUG: kernel BUG at /build/linux-jWa1Fv/linux-4.15.0/mm/hugetlb.c:3310! Oops: Exception in kernel mode, sig: 5 [#1] LE SMP NR_CPUS=2048 NUMA PowerNV Modules linked in: kcm nfc af_alg caif_socket caif phonet fcrypt CPU: 18 PID: 43243 Comm: trinity-subchil Tainted: G C E 4.15.0-10-generic #11-Ubuntu NIP: c00000000036e764 LR: c00000000036ee48 CTR: 0000000000000009 REGS: c000003fbcdcf810 TRAP: 0700 Tainted: G C E (4.15.0-10-generic) MSR: 9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 24002222 XER: 20040000 CFAR: c00000000036ee44 SOFTE: 1 NIP __unmap_hugepage_range+0xa4/0x760 LR __unmap_hugepage_range_final+0x28/0x50 Call Trace: 0x7115e4e00000 (unreliable) __unmap_hugepage_range_final+0x28/0x50 unmap_single_vma+0x11c/0x190 unmap_vmas+0x94/0x140 exit_mmap+0x9c/0x1d0 mmput+0xa8/0x1d0 do_exit+0x360/0xc80 do_group_exit+0x60/0x100 SyS_exit_group+0x24/0x30 system_call+0x58/0x6c ---[ end trace ee88f958a1c62605 ]--- This bug was introduced by commit 31383c6865a5 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct"). A split function was added to vm_operations_struct to determine if a mapping can be split. This was mostly for device-dax and hugetlbfs mappings which have specific alignment constraints. Mappings initiated via shmget/shmat have their original vm_ops overwritten with shm_vm_ops. shm_vm_ops functions will call back to the original vm_ops if needed. Add such a split function to shm_vm_ops. Link: http://lkml.kernel.org/r/20180321161314.7711-1-mike.kravetz@oracle.com Fixes: 31383c6865a5 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Reported-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Reviewed-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Tested-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Manfred Spraul <manfred(a)colorfullife.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- ipc/shm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) --- a/ipc/shm.c +++ b/ipc/shm.c @@ -381,6 +381,17 @@ static int shm_fault(struct vm_area_stru return sfd->vm_ops->fault(vma, vmf); } +static int shm_split(struct vm_area_struct *vma, unsigned long addr) +{ + struct file *file = vma->vm_file; + struct shm_file_data *sfd = shm_file_data(file); + + if (sfd->vm_ops && sfd->vm_ops->split) + return sfd->vm_ops->split(vma, addr); + + return 0; +} + #ifdef CONFIG_NUMA static int shm_set_policy(struct vm_area_struct *vma, struct mempolicy *new) { @@ -503,6 +514,7 @@ static const struct vm_operations_struct .open = shm_open, /* callback for a new vm-area open */ .close = shm_close, /* callback for when the vm-area is released */ .fault = shm_fault, + .split = shm_split, #if defined(CONFIG_NUMA) .set_policy = shm_set_policy, .get_policy = shm_get_policy, Patches currently in stable-queue which might be from mike.kravetz(a)oracle.com are queue-4.9/ipc-shm.c-add-split-function-to-shm_vm_ops.patch

7 years, 2 months

1
0
0 0

Patch "ceph: only dirty ITER_IOVEC pages for direct read" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ceph: only dirty ITER_IOVEC pages for direct read to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ceph-only-dirty-iter_iovec-pages-for-direct-read.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 85784f9395987a422fa04263e7c0fb13da11eb5c Mon Sep 17 00:00:00 2001 From: "Yan, Zheng" <zyan(a)redhat.com> Date: Fri, 16 Mar 2018 11:22:29 +0800 Subject: ceph: only dirty ITER_IOVEC pages for direct read From: Yan, Zheng <zyan(a)redhat.com> commit 85784f9395987a422fa04263e7c0fb13da11eb5c upstream. If a page is already locked, attempting to dirty it leads to a deadlock in lock_page(). This is what currently happens to ITER_BVEC pages when a dio-enabled loop device is backed by ceph: $ losetup --direct-io /dev/loop0 /mnt/cephfs/img $ xfs_io -c 'pread 0 4k' /dev/loop0 Follow other file systems and only dirty ITER_IOVEC pages. Cc: stable(a)kernel.org Signed-off-by: "Yan, Zheng" <zyan(a)redhat.com> Reviewed-by: Ilya Dryomov <idryomov(a)gmail.com> Signed-off-by: Ilya Dryomov <idryomov(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/ceph/file.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) --- a/fs/ceph/file.c +++ b/fs/ceph/file.c @@ -598,7 +598,8 @@ static ssize_t ceph_sync_read(struct kio struct ceph_aio_request { struct kiocb *iocb; size_t total_len; - int write; + bool write; + bool should_dirty; int error; struct list_head osd_reqs; unsigned num_reqs; @@ -708,7 +709,7 @@ static void ceph_aio_complete_req(struct } } - ceph_put_page_vector(osd_data->pages, num_pages, !aio_req->write); + ceph_put_page_vector(osd_data->pages, num_pages, aio_req->should_dirty); ceph_osdc_put_request(req); if (rc < 0) @@ -890,6 +891,7 @@ ceph_direct_read_write(struct kiocb *ioc size_t count = iov_iter_count(iter); loff_t pos = iocb->ki_pos; bool write = iov_iter_rw(iter) == WRITE; + bool should_dirty = !write && iter_is_iovec(iter); if (write && ceph_snap(file_inode(file)) != CEPH_NOSNAP) return -EROFS; @@ -954,6 +956,7 @@ ceph_direct_read_write(struct kiocb *ioc if (aio_req) { aio_req->iocb = iocb; aio_req->write = write; + aio_req->should_dirty = should_dirty; INIT_LIST_HEAD(&aio_req->osd_reqs); if (write) { aio_req->mtime = mtime; @@ -1012,7 +1015,7 @@ ceph_direct_read_write(struct kiocb *ioc len = ret; } - ceph_put_page_vector(pages, num_pages, !write); + ceph_put_page_vector(pages, num_pages, should_dirty); ceph_osdc_put_request(req); if (ret < 0) Patches currently in stable-queue which might be from zyan(a)redhat.com are queue-4.9/ceph-only-dirty-iter_iovec-pages-for-direct-read.patch

7 years, 2 months

1
0
0 0

Patch "ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[]" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-8746-1-vfp-go-back-to-clearing-vfp_current_hw_state.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 1328f02005bbbaed15b9d5b7f3ab5ec9d4d5268a Mon Sep 17 00:00:00 2001 From: Fabio Estevam <festevam(a)gmail.com> Date: Mon, 22 Jan 2018 12:20:26 +0100 Subject: ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] From: Fabio Estevam <festevam(a)gmail.com> commit 1328f02005bbbaed15b9d5b7f3ab5ec9d4d5268a upstream. Commit 384b38b66947 ("ARM: 7873/1: vfp: clear vfp_current_hw_state for dying cpu") fixed the cpu dying notifier by clearing vfp_current_hw_state[]. However commit e5b61bafe704 ("arm: Convert VFP hotplug notifiers to state machine") incorrectly used the original vfp_force_reload() function in the cpu dying notifier. Fix it by going back to clearing vfp_current_hw_state[]. Fixes: e5b61bafe704 ("arm: Convert VFP hotplug notifiers to state machine") Cc: linux-stable <stable(a)vger.kernel.org> Reported-by: Kohji Okuno <okuno.kohji(a)jp.panasonic.com> Signed-off-by: Fabio Estevam <fabio.estevam(a)nxp.com> Signed-off-by: Russell King <rmk+kernel(a)armlinux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/vfp/vfpmodule.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/arm/vfp/vfpmodule.c +++ b/arch/arm/vfp/vfpmodule.c @@ -648,7 +648,7 @@ int vfp_restore_user_hwstate(struct user */ static int vfp_dying_cpu(unsigned int cpu) { - vfp_force_reload(cpu, current_thread_info()); + vfp_current_hw_state[cpu] = NULL; return 0; } Patches currently in stable-queue which might be from festevam(a)gmail.com are queue-4.9/arm-8746-1-vfp-go-back-to-clearing-vfp_current_hw_state.patch

7 years, 2 months

1
0
0 0

Patch "ALSA: usb-audio: Add native DSD support for TEAC UD-301" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: usb-audio: Add native DSD support for TEAC UD-301 to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-usb-audio-add-native-dsd-support-for-teac-ud-301.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b00214865d65100163574ba250008f182cf90869 Mon Sep 17 00:00:00 2001 From: Nobutaka Okabe <nob77413(a)gmail.com> Date: Fri, 23 Mar 2018 19:49:44 +0900 Subject: ALSA: usb-audio: Add native DSD support for TEAC UD-301 From: Nobutaka Okabe <nob77413(a)gmail.com> commit b00214865d65100163574ba250008f182cf90869 upstream. Add native DSD support quirk for TEAC UD-301 DAC, by adding the PID/VID 0644:804a. Signed-off-by: Nobutaka Okabe <nob77413(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/usb/quirks.c | 1 + 1 file changed, 1 insertion(+) --- a/sound/usb/quirks.c +++ b/sound/usb/quirks.c @@ -1175,6 +1175,7 @@ static bool is_teac_dsd_dac(unsigned int switch (id) { case USB_ID(0x0644, 0x8043): /* TEAC UD-501/UD-503/NT-503 */ case USB_ID(0x0644, 0x8044): /* Esoteric D-05X */ + case USB_ID(0x0644, 0x804a): /* TEAC UD-301 */ return true; } return false; Patches currently in stable-queue which might be from nob77413(a)gmail.com are queue-4.9/alsa-usb-audio-add-native-dsd-support-for-teac-ud-301.patch

7 years, 2 months

1
0
0 0

Patch "ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-pcm-use-dma_bytes-as-size-parameter-in-dma_mmap_coherent.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9066ae7ff5d89c0b5daa271e2d573540097a94fa Mon Sep 17 00:00:00 2001 From: Stefan Roese <sr(a)denx.de> Date: Mon, 26 Mar 2018 16:10:21 +0200 Subject: ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() From: Stefan Roese <sr(a)denx.de> commit 9066ae7ff5d89c0b5daa271e2d573540097a94fa upstream. When trying to use the driver (e.g. aplay *.wav), the 4MiB DMA buffer will get mmapp'ed in 16KiB chunks. But this fails with the 2nd 16KiB area, as the page offset is outside of the VMA range (size), which is currently used as size parameter in snd_pcm_lib_default_mmap(). By using the DMA buffer size (dma_bytes) instead, the complete DMA buffer can be mmapp'ed and the issue is fixed. This issue was detected on an ARM platform (TI AM57xx) using the RME HDSP MADI PCIe soundcard. Fixes: 657b1989dacf ("ALSA: pcm - Use dma_mmap_coherent() if available") Signed-off-by: Stefan Roese <sr(a)denx.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/core/pcm_native.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c @@ -3410,7 +3410,7 @@ int snd_pcm_lib_default_mmap(struct snd_ area, substream->runtime->dma_area, substream->runtime->dma_addr, - area->vm_end - area->vm_start); + substream->runtime->dma_bytes); #endif /* CONFIG_X86 */ /* mmap with fault handler */ area->vm_ops = &snd_pcm_vm_ops_data_fault; Patches currently in stable-queue which might be from sr(a)denx.de are queue-4.9/alsa-pcm-use-dma_bytes-as-size-parameter-in-dma_mmap_coherent.patch

7 years, 2 months

1
0
0 0

Patch "ALSA: pcm: potential uninitialized return values" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: pcm: potential uninitialized return values to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-pcm-potential-uninitialized-return-values.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 5607dddbfca774fb38bffadcb077fe03aa4ac5c6 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Tue, 27 Mar 2018 16:07:52 +0300 Subject: ALSA: pcm: potential uninitialized return values From: Dan Carpenter <dan.carpenter(a)oracle.com> commit 5607dddbfca774fb38bffadcb077fe03aa4ac5c6 upstream. Smatch complains that "tmp" can be uninitialized if we do a zero size write. Fixes: 02a5d6925cd3 ("ALSA: pcm: Avoid potential races between OSS ioctls and read/write") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/core/oss/pcm_oss.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/sound/core/oss/pcm_oss.c +++ b/sound/core/oss/pcm_oss.c @@ -1361,7 +1361,7 @@ static ssize_t snd_pcm_oss_write2(struct static ssize_t snd_pcm_oss_write1(struct snd_pcm_substream *substream, const char __user *buf, size_t bytes) { size_t xfer = 0; - ssize_t tmp; + ssize_t tmp = 0; struct snd_pcm_runtime *runtime = substream->runtime; if (atomic_read(&substream->mmap_count)) @@ -1468,7 +1468,7 @@ static ssize_t snd_pcm_oss_read2(struct static ssize_t snd_pcm_oss_read1(struct snd_pcm_substream *substream, char __user *buf, size_t bytes) { size_t xfer = 0; - ssize_t tmp; + ssize_t tmp = 0; struct snd_pcm_runtime *runtime = substream->runtime; if (atomic_read(&substream->mmap_count)) Patches currently in stable-queue which might be from dan.carpenter(a)oracle.com are queue-4.9/alsa-pcm-potential-uninitialized-return-values.patch

7 years, 2 months

1
0
0 0

Patch "perf/hwbp: Simplify the perf-hwbp code, fix documentation" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled perf/hwbp: Simplify the perf-hwbp code, fix documentation to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: perf-hwbp-simplify-the-perf-hwbp-code-fix-documentation.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From f67b15037a7a50c57f72e69a6d59941ad90a0f0f Mon Sep 17 00:00:00 2001 From: Linus Torvalds <torvalds(a)linux-foundation.org> Date: Mon, 26 Mar 2018 15:39:07 -1000 Subject: perf/hwbp: Simplify the perf-hwbp code, fix documentation From: Linus Torvalds <torvalds(a)linux-foundation.org> commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f upstream. Annoyingly, modify_user_hw_breakpoint() unnecessarily complicates the modification of a breakpoint - simplify it and remove the pointless local variables. Also update the stale Docbook while at it. Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Cc: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arnaldo Carvalho de Melo <acme(a)redhat.com> Cc: Frederic Weisbecker <fweisbec(a)gmail.com> Cc: Jiri Olsa <jolsa(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Stephane Eranian <eranian(a)google.com> Cc: Vince Weaver <vincent.weaver(a)maine.edu> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/events/hw_breakpoint.c | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) --- a/kernel/events/hw_breakpoint.c +++ b/kernel/events/hw_breakpoint.c @@ -427,16 +427,9 @@ EXPORT_SYMBOL_GPL(register_user_hw_break * modify_user_hw_breakpoint - modify a user-space hardware breakpoint * @bp: the breakpoint structure to modify * @attr: new breakpoint attributes - * @triggered: callback to trigger when we hit the breakpoint - * @tsk: pointer to 'task_struct' of the process to which the address belongs */ int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *attr) { - u64 old_addr = bp->attr.bp_addr; - u64 old_len = bp->attr.bp_len; - int old_type = bp->attr.bp_type; - int err = 0; - /* * modify_user_hw_breakpoint can be invoked with IRQs disabled and hence it * will not be possible to raise IPIs that invoke __perf_event_disable. @@ -451,27 +444,18 @@ int modify_user_hw_breakpoint(struct per bp->attr.bp_addr = attr->bp_addr; bp->attr.bp_type = attr->bp_type; bp->attr.bp_len = attr->bp_len; + bp->attr.disabled = 1; - if (attr->disabled) - goto end; - - err = validate_hw_breakpoint(bp); - if (!err) - perf_event_enable(bp); + if (!attr->disabled) { + int err = validate_hw_breakpoint(bp); - if (err) { - bp->attr.bp_addr = old_addr; - bp->attr.bp_type = old_type; - bp->attr.bp_len = old_len; - if (!bp->attr.disabled) - perf_event_enable(bp); + if (err) + return err; - return err; + perf_event_enable(bp); + bp->attr.disabled = 0; } -end: - bp->attr.disabled = attr->disabled; - return 0; } EXPORT_SYMBOL_GPL(modify_user_hw_breakpoint); Patches currently in stable-queue which might be from torvalds(a)linux-foundation.org are queue-4.4/perf-hwbp-simplify-the-perf-hwbp-code-fix-documentation.patch

7 years, 2 months

1
0
0 0

Patch "mtd: jedec_probe: Fix crash in jedec_read_mfr()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mtd: jedec_probe: Fix crash in jedec_read_mfr() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mtd-jedec_probe-fix-crash-in-jedec_read_mfr.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 87a73eb5b56fd6e07c8e499fe8608ef2d8912b82 Mon Sep 17 00:00:00 2001 From: Linus Walleij <linus.walleij(a)linaro.org> Date: Sat, 3 Mar 2018 23:29:03 +0100 Subject: mtd: jedec_probe: Fix crash in jedec_read_mfr() From: Linus Walleij <linus.walleij(a)linaro.org> commit 87a73eb5b56fd6e07c8e499fe8608ef2d8912b82 upstream. It turns out that the loop where we read manufacturer jedec_read_mfd() can under some circumstances get a CFI_MFR_CONTINUATION repeatedly, making the loop go over all banks and eventually hit the end of the map and crash because of an access violation: Unable to handle kernel paging request at virtual address c4980000 pgd = (ptrval) [c4980000] *pgd=03808811, *pte=00000000, *ppte=00000000 Internal error: Oops: 7 [#1] PREEMPT ARM CPU: 0 PID: 1 Comm: swapper Not tainted 4.16.0-rc1+ #150 Hardware name: Gemini (Device Tree) PC is at jedec_probe_chip+0x6ec/0xcd0 LR is at 0x4 pc : [<c03a2bf4>] lr : [<00000004>] psr: 60000013 sp : c382dd18 ip : 0000ffff fp : 00000000 r10: c0626388 r9 : 00020000 r8 : c0626340 r7 : 00000000 r6 : 00000001 r5 : c3a71afc r4 : c382dd70 r3 : 00000001 r2 : c4900000 r1 : 00000002 r0 : 00080000 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 0000397f Table: 00004000 DAC: 00000053 Process swapper (pid: 1, stack limit = 0x(ptrval)) Fix this by breaking the loop with a return 0 if the offset exceeds the map size. Fixes: 5c9c11e1c47c ("[MTD] [NOR] Add support for flash chips with ID in bank other than 0") Cc: <stable(a)vger.kernel.org> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/mtd/chips/jedec_probe.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/mtd/chips/jedec_probe.c +++ b/drivers/mtd/chips/jedec_probe.c @@ -1889,6 +1889,8 @@ static inline u32 jedec_read_mfr(struct do { uint32_t ofs = cfi_build_cmd_addr(0 + (bank << 8), map, cfi); mask = (1 << (cfi->device_type * 8)) - 1; + if (ofs >= map->size) + return 0; result = map_read(map, base + ofs); bank++; } while ((result.x[0] & mask) == CFI_MFR_CONTINUATION); Patches currently in stable-queue which might be from linus.walleij(a)linaro.org are queue-4.4/mtd-jedec_probe-fix-crash-in-jedec_read_mfr.patch

7 years, 2 months

1
0
0 0

Patch "ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-pcm-use-dma_bytes-as-size-parameter-in-dma_mmap_coherent.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9066ae7ff5d89c0b5daa271e2d573540097a94fa Mon Sep 17 00:00:00 2001 From: Stefan Roese <sr(a)denx.de> Date: Mon, 26 Mar 2018 16:10:21 +0200 Subject: ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() From: Stefan Roese <sr(a)denx.de> commit 9066ae7ff5d89c0b5daa271e2d573540097a94fa upstream. When trying to use the driver (e.g. aplay *.wav), the 4MiB DMA buffer will get mmapp'ed in 16KiB chunks. But this fails with the 2nd 16KiB area, as the page offset is outside of the VMA range (size), which is currently used as size parameter in snd_pcm_lib_default_mmap(). By using the DMA buffer size (dma_bytes) instead, the complete DMA buffer can be mmapp'ed and the issue is fixed. This issue was detected on an ARM platform (TI AM57xx) using the RME HDSP MADI PCIe soundcard. Fixes: 657b1989dacf ("ALSA: pcm - Use dma_mmap_coherent() if available") Signed-off-by: Stefan Roese <sr(a)denx.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/core/pcm_native.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c @@ -3408,7 +3408,7 @@ int snd_pcm_lib_default_mmap(struct snd_ area, substream->runtime->dma_area, substream->runtime->dma_addr, - area->vm_end - area->vm_start); + substream->runtime->dma_bytes); #endif /* CONFIG_X86 */ /* mmap with fault handler */ area->vm_ops = &snd_pcm_vm_ops_data_fault; Patches currently in stable-queue which might be from sr(a)denx.de are queue-4.4/alsa-pcm-use-dma_bytes-as-size-parameter-in-dma_mmap_coherent.patch

7 years, 2 months

1
0
0 0

Patch "ALSA: pcm: potential uninitialized return values" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: pcm: potential uninitialized return values to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-pcm-potential-uninitialized-return-values.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 5607dddbfca774fb38bffadcb077fe03aa4ac5c6 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Tue, 27 Mar 2018 16:07:52 +0300 Subject: ALSA: pcm: potential uninitialized return values From: Dan Carpenter <dan.carpenter(a)oracle.com> commit 5607dddbfca774fb38bffadcb077fe03aa4ac5c6 upstream. Smatch complains that "tmp" can be uninitialized if we do a zero size write. Fixes: 02a5d6925cd3 ("ALSA: pcm: Avoid potential races between OSS ioctls and read/write") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/core/oss/pcm_oss.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/sound/core/oss/pcm_oss.c +++ b/sound/core/oss/pcm_oss.c @@ -1361,7 +1361,7 @@ static ssize_t snd_pcm_oss_write2(struct static ssize_t snd_pcm_oss_write1(struct snd_pcm_substream *substream, const char __user *buf, size_t bytes) { size_t xfer = 0; - ssize_t tmp; + ssize_t tmp = 0; struct snd_pcm_runtime *runtime = substream->runtime; if (atomic_read(&substream->mmap_count)) @@ -1468,7 +1468,7 @@ static ssize_t snd_pcm_oss_read2(struct static ssize_t snd_pcm_oss_read1(struct snd_pcm_substream *substream, char __user *buf, size_t bytes) { size_t xfer = 0; - ssize_t tmp; + ssize_t tmp = 0; struct snd_pcm_runtime *runtime = substream->runtime; if (atomic_read(&substream->mmap_count)) Patches currently in stable-queue which might be from dan.carpenter(a)oracle.com are queue-4.4/alsa-pcm-potential-uninitialized-return-values.patch

7 years, 2 months

1
0
0 0

Patch "x86/platform/uv/BAU: Add APIC idt entry" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/platform/uv/BAU: Add APIC idt entry to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-platform-uv-bau-add-apic-idt-entry.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 151ad17fbe5e56afa59709f41980508672c777ce Mon Sep 17 00:00:00 2001 From: Andrew Banman <abanman(a)hpe.com> Date: Tue, 27 Mar 2018 17:09:06 -0500 Subject: x86/platform/uv/BAU: Add APIC idt entry From: Andrew Banman <abanman(a)hpe.com> commit 151ad17fbe5e56afa59709f41980508672c777ce upstream. BAU uses the old alloc_initr_gate90 method to setup its interrupt. This fails silently as the BAU vector is in the range of APIC vectors that are registered to the spurious interrupt handler. As a consequence BAU broadcasts are not handled, and the broadcast source CPU hangs. Update BAU to use new idt structure. Fixes: dc20b2d52653 ("x86/idt: Move interrupt gate initialization to IDT code") Signed-off-by: Andrew Banman <abanman(a)hpe.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Mike Travis <mike.travis(a)hpe.com> Cc: Dimitri Sivanich <sivanich(a)hpe.com> Cc: Russ Anderson <rja(a)hpe.com> Cc: stable(a)vger.kernel.org Cc: "H. Peter Anvin" <hpa(a)zytor.com> Link: https://lkml.kernel.org/r/1522188546-196177-1-git-send-email-abanman@hpe.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/hw_irq.h | 1 + arch/x86/kernel/idt.c | 3 +++ arch/x86/platform/uv/tlb_uv.c | 2 -- 3 files changed, 4 insertions(+), 2 deletions(-) --- a/arch/x86/include/asm/hw_irq.h +++ b/arch/x86/include/asm/hw_irq.h @@ -36,6 +36,7 @@ extern asmlinkage void kvm_posted_intr_w extern asmlinkage void kvm_posted_intr_nested_ipi(void); extern asmlinkage void error_interrupt(void); extern asmlinkage void irq_work_interrupt(void); +extern asmlinkage void uv_bau_message_intr1(void); extern asmlinkage void spurious_interrupt(void); extern asmlinkage void thermal_interrupt(void); --- a/arch/x86/kernel/idt.c +++ b/arch/x86/kernel/idt.c @@ -140,6 +140,9 @@ static const __initconst struct idt_data # ifdef CONFIG_IRQ_WORK INTG(IRQ_WORK_VECTOR, irq_work_interrupt), # endif +#ifdef CONFIG_X86_UV + INTG(UV_BAU_MESSAGE, uv_bau_message_intr1), +#endif INTG(SPURIOUS_APIC_VECTOR, spurious_interrupt), INTG(ERROR_APIC_VECTOR, error_interrupt), #endif --- a/arch/x86/platform/uv/tlb_uv.c +++ b/arch/x86/platform/uv/tlb_uv.c @@ -2254,8 +2254,6 @@ static int __init uv_bau_init(void) init_uvhub(uvhub, vector, uv_base_pnode); } - alloc_intr_gate(vector, uv_bau_message_intr1); - for_each_possible_blade(uvhub) { if (uv_blade_nr_possible_cpus(uvhub)) { unsigned long val; Patches currently in stable-queue which might be from abanman(a)hpe.com are queue-4.15/x86-platform-uv-bau-add-apic-idt-entry.patch

7 years, 2 months

1
0
0 0

Patch "powerpc/mm: Workaround Nest MMU bug with TLB invalidations" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/mm: Workaround Nest MMU bug with TLB invalidations to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-mm-workaround-nest-mmu-bug-with-tlb-invalidations.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 80a4ae202f2d319eced8bbf612a4e8b0f11c21f5 Mon Sep 17 00:00:00 2001 From: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> Date: Fri, 23 Mar 2018 09:29:06 +1100 Subject: powerpc/mm: Workaround Nest MMU bug with TLB invalidations From: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> commit 80a4ae202f2d319eced8bbf612a4e8b0f11c21f5 upstream. On POWER9 the Nest MMU may fail to invalidate some translations when doing a tlbie "by PID" or "by LPID" that is targeted at the TLB only and not the page walk cache. This works around it by forcing such invalidations to escalate to RIC=2 (full invalidation of TLB *and* PWC) when a coprocessor is in use for the context. Fixes: 03b8abedf4f4 ("cxl: Enable global TLBIs for cxl contexts") Cc: stable(a)vger.kernel.org # v4.15+ Signed-off-by: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> Signed-off-by: Balbir Singh <bsingharora(a)gmail.com> [balbirs: fixed spelling and coding style to quiesce checkpatch.pl] Tested-by: Balbir Singh <bsingharora(a)gmail.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/mm/tlb-radix.c | 50 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 43 insertions(+), 7 deletions(-) --- a/arch/powerpc/mm/tlb-radix.c +++ b/arch/powerpc/mm/tlb-radix.c @@ -85,7 +85,23 @@ static inline void _tlbiel_pid(unsigned static inline void _tlbie_pid(unsigned long pid, unsigned long ric) { asm volatile("ptesync": : :"memory"); - __tlbie_pid(pid, ric); + + /* + * Workaround the fact that the "ric" argument to __tlbie_pid + * must be a compile-time contraint to match the "i" constraint + * in the asm statement. + */ + switch (ric) { + case RIC_FLUSH_TLB: + __tlbie_pid(pid, RIC_FLUSH_TLB); + break; + case RIC_FLUSH_PWC: + __tlbie_pid(pid, RIC_FLUSH_PWC); + break; + case RIC_FLUSH_ALL: + default: + __tlbie_pid(pid, RIC_FLUSH_ALL); + } asm volatile("eieio; tlbsync; ptesync": : :"memory"); } @@ -245,6 +261,16 @@ void radix__local_flush_tlb_page(struct } EXPORT_SYMBOL(radix__local_flush_tlb_page); +static bool mm_needs_flush_escalation(struct mm_struct *mm) +{ + /* + * P9 nest MMU has issues with the page walk cache + * caching PTEs and not flushing them properly when + * RIC = 0 for a PID/LPID invalidate + */ + return atomic_read(&mm->context.copros) != 0; +} + #ifdef CONFIG_SMP void radix__flush_tlb_mm(struct mm_struct *mm) { @@ -255,9 +281,12 @@ void radix__flush_tlb_mm(struct mm_struc return; preempt_disable(); - if (!mm_is_thread_local(mm)) - _tlbie_pid(pid, RIC_FLUSH_TLB); - else + if (!mm_is_thread_local(mm)) { + if (mm_needs_flush_escalation(mm)) + _tlbie_pid(pid, RIC_FLUSH_ALL); + else + _tlbie_pid(pid, RIC_FLUSH_TLB); + } else _tlbiel_pid(pid, RIC_FLUSH_TLB); preempt_enable(); } @@ -369,10 +398,14 @@ void radix__flush_tlb_range(struct vm_ar } if (full) { - if (local) + if (local) { _tlbiel_pid(pid, RIC_FLUSH_TLB); - else - _tlbie_pid(pid, RIC_FLUSH_TLB); + } else { + if (mm_needs_flush_escalation(mm)) + _tlbie_pid(pid, RIC_FLUSH_ALL); + else + _tlbie_pid(pid, RIC_FLUSH_TLB); + } } else { bool hflush = false; unsigned long hstart, hend; @@ -482,6 +515,9 @@ static inline void __radix__flush_tlb_ra } if (full) { + if (!local && mm_needs_flush_escalation(mm)) + also_pwc = true; + if (local) _tlbiel_pid(pid, also_pwc ? RIC_FLUSH_ALL : RIC_FLUSH_TLB); else Patches currently in stable-queue which might be from benh(a)kernel.crashing.org are queue-4.15/powerpc-mm-add-tracking-of-the-number-of-coprocessors-using-a-context.patch queue-4.15/powerpc-mm-workaround-nest-mmu-bug-with-tlb-invalidations.patch

7 years, 2 months

1
0
0 0

Patch "powerpc/mm: Add tracking of the number of coprocessors using a context" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/mm: Add tracking of the number of coprocessors using a context to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-mm-add-tracking-of-the-number-of-coprocessors-using-a-context.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From aff6f8cb3e2170b9e58b0932bce7bfb492775e23 Mon Sep 17 00:00:00 2001 From: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> Date: Fri, 23 Mar 2018 09:29:05 +1100 Subject: powerpc/mm: Add tracking of the number of coprocessors using a context From: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> commit aff6f8cb3e2170b9e58b0932bce7bfb492775e23 upstream. Currently, when using coprocessors (which use the Nest MMU), we simply increment the active_cpu count to force all TLB invalidations to be come broadcast. Unfortunately, due to an errata in POWER9, we will need to know more specifically that coprocessors are in use. This maintains a separate copros counter in the MMU context for that purpose. NB. The commit mentioned in the fixes tag below is not at fault for the bug we're fixing in this commit and the next, but this fix applies on top the infrastructure it introduced. Fixes: 03b8abedf4f4 ("cxl: Enable global TLBIs for cxl contexts") Cc: stable(a)vger.kernel.org # v4.15+ Signed-off-by: Benjamin Herrenschmidt <benh(a)kernel.crashing.org> Tested-by: Balbir Singh <bsingharora(a)gmail.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/include/asm/book3s/64/mmu.h | 3 +++ arch/powerpc/include/asm/mmu_context.h | 18 +++++++++++++----- arch/powerpc/mm/mmu_context_book3s64.c | 1 + 3 files changed, 17 insertions(+), 5 deletions(-) --- a/arch/powerpc/include/asm/book3s/64/mmu.h +++ b/arch/powerpc/include/asm/book3s/64/mmu.h @@ -87,6 +87,9 @@ typedef struct { /* Number of bits in the mm_cpumask */ atomic_t active_cpus; + /* Number of users of the external (Nest) MMU */ + atomic_t copros; + /* NPU NMMU context */ struct npu_context *npu_context; --- a/arch/powerpc/include/asm/mmu_context.h +++ b/arch/powerpc/include/asm/mmu_context.h @@ -92,15 +92,23 @@ static inline void dec_mm_active_cpus(st static inline void mm_context_add_copro(struct mm_struct *mm) { /* - * On hash, should only be called once over the lifetime of - * the context, as we can't decrement the active cpus count - * and flush properly for the time being. + * If any copro is in use, increment the active CPU count + * in order to force TLB invalidations to be global as to + * propagate to the Nest MMU. */ - inc_mm_active_cpus(mm); + if (atomic_inc_return(&mm->context.copros) == 1) + inc_mm_active_cpus(mm); } static inline void mm_context_remove_copro(struct mm_struct *mm) { + int c; + + c = atomic_dec_if_positive(&mm->context.copros); + + /* Detect imbalance between add and remove */ + WARN_ON(c < 0); + /* * Need to broadcast a global flush of the full mm before * decrementing active_cpus count, as the next TLBI may be @@ -111,7 +119,7 @@ static inline void mm_context_remove_cop * for the time being. Invalidations will remain global if * used on hash. */ - if (radix_enabled()) { + if (c == 0 && radix_enabled()) { flush_all_mm(mm); dec_mm_active_cpus(mm); } --- a/arch/powerpc/mm/mmu_context_book3s64.c +++ b/arch/powerpc/mm/mmu_context_book3s64.c @@ -171,6 +171,7 @@ int init_new_context(struct task_struct mm_iommu_init(mm); #endif atomic_set(&mm->context.active_cpus, 0); + atomic_set(&mm->context.copros, 0); return 0; } Patches currently in stable-queue which might be from benh(a)kernel.crashing.org are queue-4.15/powerpc-mm-add-tracking-of-the-number-of-coprocessors-using-a-context.patch queue-4.15/powerpc-mm-workaround-nest-mmu-bug-with-tlb-invalidations.patch

7 years, 2 months

1
0
0 0

Patch "powerpc/64s: Fix lost pending interrupt due to race causing lost update to irq_happened" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/64s: Fix lost pending interrupt due to race causing lost update to irq_happened to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-64s-fix-lost-pending-interrupt-due-to-race-causing-lost-update-to-irq_happened.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ff6781fd1bb404d8a551c02c35c70cec1da17ff1 Mon Sep 17 00:00:00 2001 From: Nicholas Piggin <npiggin(a)gmail.com> Date: Wed, 21 Mar 2018 12:22:28 +1000 Subject: powerpc/64s: Fix lost pending interrupt due to race causing lost update to irq_happened From: Nicholas Piggin <npiggin(a)gmail.com> commit ff6781fd1bb404d8a551c02c35c70cec1da17ff1 upstream. force_external_irq_replay() can be called in the do_IRQ path with interrupts hard enabled and soft disabled if may_hard_irq_enable() set MSR[EE]=1. It updates local_paca->irq_happened with a load, modify, store sequence. If a maskable interrupt hits during this sequence, it will go to the masked handler to be marked pending in irq_happened. This update will be lost when the interrupt returns and the store instruction executes. This can result in unpredictable latencies, timeouts, lockups, etc. Fix this by ensuring hard interrupts are disabled before modifying irq_happened. This could cause any maskable asynchronous interrupt to get lost, but it was noticed on P9 SMP system doing RDMA NVMe target over 100GbE, so very high external interrupt rate and high IPI rate. The hang was bisected down to enabling doorbell interrupts for IPIs. These provided an interrupt type that could run at high rates in the do_IRQ path, stressing the race. Fixes: 1d607bb3bd60 ("powerpc/irq: Add mechanism to force a replay of interrupts") Cc: stable(a)vger.kernel.org # v4.8+ Reported-by: Carol L. Soto <clsoto(a)us.ibm.com> Signed-off-by: Nicholas Piggin <npiggin(a)gmail.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/kernel/irq.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/arch/powerpc/kernel/irq.c +++ b/arch/powerpc/kernel/irq.c @@ -475,6 +475,14 @@ void force_external_irq_replay(void) */ WARN_ON(!arch_irqs_disabled()); + /* + * Interrupts must always be hard disabled before irq_happened is + * modified (to prevent lost update in case of interrupt between + * load and store). + */ + __hard_irq_disable(); + local_paca->irq_happened |= PACA_IRQ_HARD_DIS; + /* Indicate in the PACA that we have an interrupt to replay */ local_paca->irq_happened |= PACA_IRQ_EE; } Patches currently in stable-queue which might be from npiggin(a)gmail.com are queue-4.15/powerpc-64s-fix-lost-pending-interrupt-due-to-race-causing-lost-update-to-irq_happened.patch queue-4.15/powerpc-64s-fix-i-side-slb-miss-bad-address-handler-saving-nonvolatile-gprs.patch

7 years, 2 months

1
0
0 0

Patch "powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-64s-fix-i-side-slb-miss-bad-address-handler-saving-nonvolatile-gprs.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 52396500f97c53860164debc7d4f759077853423 Mon Sep 17 00:00:00 2001 From: Nicholas Piggin <npiggin(a)gmail.com> Date: Fri, 23 Mar 2018 15:53:38 +1000 Subject: powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs From: Nicholas Piggin <npiggin(a)gmail.com> commit 52396500f97c53860164debc7d4f759077853423 upstream. The SLB bad address handler's trap number fixup does not preserve the low bit that indicates nonvolatile GPRs have not been saved. This leads save_nvgprs to skip saving them, and subsequent functions and return from interrupt will think they are saved. This causes kernel branch-to-garbage debugging to not have correct registers, can also cause userspace to have its registers clobbered after a segfault. Fixes: f0f558b131db ("powerpc/mm: Preserve CFAR value on SLB miss caused by access to bogus address") Cc: stable(a)vger.kernel.org # v4.9+ Signed-off-by: Nicholas Piggin <npiggin(a)gmail.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/kernel/exceptions-64s.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/powerpc/kernel/exceptions-64s.S +++ b/arch/powerpc/kernel/exceptions-64s.S @@ -706,7 +706,7 @@ EXC_COMMON_BEGIN(bad_addr_slb) ld r3, PACA_EXSLB+EX_DAR(r13) std r3, _DAR(r1) beq cr6, 2f - li r10, 0x480 /* fix trap number for I-SLB miss */ + li r10, 0x481 /* fix trap number for I-SLB miss */ std r10, _TRAP(r1) 2: bl save_nvgprs addi r3, r1, STACK_FRAME_OVERHEAD Patches currently in stable-queue which might be from npiggin(a)gmail.com are queue-4.15/powerpc-64s-fix-lost-pending-interrupt-due-to-race-causing-lost-update-to-irq_happened.patch queue-4.15/powerpc-64s-fix-i-side-slb-miss-bad-address-handler-saving-nonvolatile-gprs.patch

7 years, 2 months

1
0
0 0

Patch "perf/hwbp: Simplify the perf-hwbp code, fix documentation" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled perf/hwbp: Simplify the perf-hwbp code, fix documentation to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: perf-hwbp-simplify-the-perf-hwbp-code-fix-documentation.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From f67b15037a7a50c57f72e69a6d59941ad90a0f0f Mon Sep 17 00:00:00 2001 From: Linus Torvalds <torvalds(a)linux-foundation.org> Date: Mon, 26 Mar 2018 15:39:07 -1000 Subject: perf/hwbp: Simplify the perf-hwbp code, fix documentation From: Linus Torvalds <torvalds(a)linux-foundation.org> commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f upstream. Annoyingly, modify_user_hw_breakpoint() unnecessarily complicates the modification of a breakpoint - simplify it and remove the pointless local variables. Also update the stale Docbook while at it. Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Cc: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arnaldo Carvalho de Melo <acme(a)redhat.com> Cc: Frederic Weisbecker <fweisbec(a)gmail.com> Cc: Jiri Olsa <jolsa(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Stephane Eranian <eranian(a)google.com> Cc: Vince Weaver <vincent.weaver(a)maine.edu> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/events/hw_breakpoint.c | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) --- a/kernel/events/hw_breakpoint.c +++ b/kernel/events/hw_breakpoint.c @@ -427,16 +427,9 @@ EXPORT_SYMBOL_GPL(register_user_hw_break * modify_user_hw_breakpoint - modify a user-space hardware breakpoint * @bp: the breakpoint structure to modify * @attr: new breakpoint attributes - * @triggered: callback to trigger when we hit the breakpoint - * @tsk: pointer to 'task_struct' of the process to which the address belongs */ int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *attr) { - u64 old_addr = bp->attr.bp_addr; - u64 old_len = bp->attr.bp_len; - int old_type = bp->attr.bp_type; - int err = 0; - /* * modify_user_hw_breakpoint can be invoked with IRQs disabled and hence it * will not be possible to raise IPIs that invoke __perf_event_disable. @@ -451,27 +444,18 @@ int modify_user_hw_breakpoint(struct per bp->attr.bp_addr = attr->bp_addr; bp->attr.bp_type = attr->bp_type; bp->attr.bp_len = attr->bp_len; + bp->attr.disabled = 1; - if (attr->disabled) - goto end; - - err = validate_hw_breakpoint(bp); - if (!err) - perf_event_enable(bp); + if (!attr->disabled) { + int err = validate_hw_breakpoint(bp); - if (err) { - bp->attr.bp_addr = old_addr; - bp->attr.bp_type = old_type; - bp->attr.bp_len = old_len; - if (!bp->attr.disabled) - perf_event_enable(bp); + if (err) + return err; - return err; + perf_event_enable(bp); + bp->attr.disabled = 0; } -end: - bp->attr.disabled = attr->disabled; - return 0; } EXPORT_SYMBOL_GPL(modify_user_hw_breakpoint); Patches currently in stable-queue which might be from torvalds(a)linux-foundation.org are queue-4.15/perf-hwbp-simplify-the-perf-hwbp-code-fix-documentation.patch queue-4.15/ipc-shm.c-add-split-function-to-shm_vm_ops.patch

7 years, 2 months

1
0
0 0

Patch "mtd: nand: atmel: Fix get_sectorsize() function" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mtd: nand: atmel: Fix get_sectorsize() function to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mtd-nand-atmel-fix-get_sectorsize-function.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 2b1b1b4ac716fd929a2d221bd4ade62263bed915 Mon Sep 17 00:00:00 2001 From: Boris Brezillon <boris.brezillon(a)bootlin.com> Date: Tue, 27 Mar 2018 19:01:58 +0200 Subject: mtd: nand: atmel: Fix get_sectorsize() function From: Boris Brezillon <boris.brezillon(a)bootlin.com> commit 2b1b1b4ac716fd929a2d221bd4ade62263bed915 upstream. get_sectorsize() was not using the appropriate macro to extract the ECC sector size from the config cache, which led to buggy ECC when using 1024 byte sectors. Fixes: f88fc122cc34 ("mtd: nand: Cleanup/rework the atmel_nand driver") Cc: <stable(a)vger.kernel.org> Reported-by: Olivier Schonken <olivier.schonken(a)gmail.com> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Reviewed-by: Richard Weinberger <richard(a)nod.at> Acked-by: Nicolas Ferre <nicolas.ferre(a)microchip.com> Tested-by: Olivier Schonken <olivier.schonken(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/mtd/nand/atmel/pmecc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/mtd/nand/atmel/pmecc.c +++ b/drivers/mtd/nand/atmel/pmecc.c @@ -426,7 +426,7 @@ static int get_strength(struct atmel_pme static int get_sectorsize(struct atmel_pmecc_user *user) { - return user->cache.cfg & PMECC_LOOKUP_TABLE_SIZE_1024 ? 1024 : 512; + return user->cache.cfg & PMECC_CFG_SECTOR1024 ? 1024 : 512; } static void atmel_pmecc_gen_syndrome(struct atmel_pmecc_user *user, int sector) Patches currently in stable-queue which might be from boris.brezillon(a)bootlin.com are queue-4.15/mtd-jedec_probe-fix-crash-in-jedec_read_mfr.patch queue-4.15/mtd-nand-atmel-fix-get_sectorsize-function.patch

7 years, 2 months

1
0
0 0

Patch "mtd: jedec_probe: Fix crash in jedec_read_mfr()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mtd: jedec_probe: Fix crash in jedec_read_mfr() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mtd-jedec_probe-fix-crash-in-jedec_read_mfr.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 87a73eb5b56fd6e07c8e499fe8608ef2d8912b82 Mon Sep 17 00:00:00 2001 From: Linus Walleij <linus.walleij(a)linaro.org> Date: Sat, 3 Mar 2018 23:29:03 +0100 Subject: mtd: jedec_probe: Fix crash in jedec_read_mfr() From: Linus Walleij <linus.walleij(a)linaro.org> commit 87a73eb5b56fd6e07c8e499fe8608ef2d8912b82 upstream. It turns out that the loop where we read manufacturer jedec_read_mfd() can under some circumstances get a CFI_MFR_CONTINUATION repeatedly, making the loop go over all banks and eventually hit the end of the map and crash because of an access violation: Unable to handle kernel paging request at virtual address c4980000 pgd = (ptrval) [c4980000] *pgd=03808811, *pte=00000000, *ppte=00000000 Internal error: Oops: 7 [#1] PREEMPT ARM CPU: 0 PID: 1 Comm: swapper Not tainted 4.16.0-rc1+ #150 Hardware name: Gemini (Device Tree) PC is at jedec_probe_chip+0x6ec/0xcd0 LR is at 0x4 pc : [<c03a2bf4>] lr : [<00000004>] psr: 60000013 sp : c382dd18 ip : 0000ffff fp : 00000000 r10: c0626388 r9 : 00020000 r8 : c0626340 r7 : 00000000 r6 : 00000001 r5 : c3a71afc r4 : c382dd70 r3 : 00000001 r2 : c4900000 r1 : 00000002 r0 : 00080000 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 0000397f Table: 00004000 DAC: 00000053 Process swapper (pid: 1, stack limit = 0x(ptrval)) Fix this by breaking the loop with a return 0 if the offset exceeds the map size. Fixes: 5c9c11e1c47c ("[MTD] [NOR] Add support for flash chips with ID in bank other than 0") Cc: <stable(a)vger.kernel.org> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/mtd/chips/jedec_probe.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/mtd/chips/jedec_probe.c +++ b/drivers/mtd/chips/jedec_probe.c @@ -1889,6 +1889,8 @@ static inline u32 jedec_read_mfr(struct do { uint32_t ofs = cfi_build_cmd_addr(0 + (bank << 8), map, cfi); mask = (1 << (cfi->device_type * 8)) - 1; + if (ofs >= map->size) + return 0; result = map_read(map, base + ofs); bank++; } while ((result.x[0] & mask) == CFI_MFR_CONTINUATION); Patches currently in stable-queue which might be from linus.walleij(a)linaro.org are queue-4.15/mtd-jedec_probe-fix-crash-in-jedec_read_mfr.patch

7 years, 2 months

1
0
0 0

Patch "ipc/shm.c: add split function to shm_vm_ops" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipc/shm.c: add split function to shm_vm_ops to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipc-shm.c-add-split-function-to-shm_vm_ops.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3d942ee079b917b24e2a0c5f18d35ac8ec9fee48 Mon Sep 17 00:00:00 2001 From: Mike Kravetz <mike.kravetz(a)oracle.com> Date: Wed, 28 Mar 2018 16:01:01 -0700 Subject: ipc/shm.c: add split function to shm_vm_ops From: Mike Kravetz <mike.kravetz(a)oracle.com> commit 3d942ee079b917b24e2a0c5f18d35ac8ec9fee48 upstream. If System V shmget/shmat operations are used to create a hugetlbfs backed mapping, it is possible to munmap part of the mapping and split the underlying vma such that it is not huge page aligned. This will untimately result in the following BUG: kernel BUG at /build/linux-jWa1Fv/linux-4.15.0/mm/hugetlb.c:3310! Oops: Exception in kernel mode, sig: 5 [#1] LE SMP NR_CPUS=2048 NUMA PowerNV Modules linked in: kcm nfc af_alg caif_socket caif phonet fcrypt CPU: 18 PID: 43243 Comm: trinity-subchil Tainted: G C E 4.15.0-10-generic #11-Ubuntu NIP: c00000000036e764 LR: c00000000036ee48 CTR: 0000000000000009 REGS: c000003fbcdcf810 TRAP: 0700 Tainted: G C E (4.15.0-10-generic) MSR: 9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 24002222 XER: 20040000 CFAR: c00000000036ee44 SOFTE: 1 NIP __unmap_hugepage_range+0xa4/0x760 LR __unmap_hugepage_range_final+0x28/0x50 Call Trace: 0x7115e4e00000 (unreliable) __unmap_hugepage_range_final+0x28/0x50 unmap_single_vma+0x11c/0x190 unmap_vmas+0x94/0x140 exit_mmap+0x9c/0x1d0 mmput+0xa8/0x1d0 do_exit+0x360/0xc80 do_group_exit+0x60/0x100 SyS_exit_group+0x24/0x30 system_call+0x58/0x6c ---[ end trace ee88f958a1c62605 ]--- This bug was introduced by commit 31383c6865a5 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct"). A split function was added to vm_operations_struct to determine if a mapping can be split. This was mostly for device-dax and hugetlbfs mappings which have specific alignment constraints. Mappings initiated via shmget/shmat have their original vm_ops overwritten with shm_vm_ops. shm_vm_ops functions will call back to the original vm_ops if needed. Add such a split function to shm_vm_ops. Link: http://lkml.kernel.org/r/20180321161314.7711-1-mike.kravetz@oracle.com Fixes: 31383c6865a5 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Reported-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Reviewed-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Tested-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Manfred Spraul <manfred(a)colorfullife.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- ipc/shm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) --- a/ipc/shm.c +++ b/ipc/shm.c @@ -386,6 +386,17 @@ static int shm_fault(struct vm_fault *vm return sfd->vm_ops->fault(vmf); } +static int shm_split(struct vm_area_struct *vma, unsigned long addr) +{ + struct file *file = vma->vm_file; + struct shm_file_data *sfd = shm_file_data(file); + + if (sfd->vm_ops && sfd->vm_ops->split) + return sfd->vm_ops->split(vma, addr); + + return 0; +} + #ifdef CONFIG_NUMA static int shm_set_policy(struct vm_area_struct *vma, struct mempolicy *new) { @@ -510,6 +521,7 @@ static const struct vm_operations_struct .open = shm_open, /* callback for a new vm-area open */ .close = shm_close, /* callback for when the vm-area is released */ .fault = shm_fault, + .split = shm_split, #if defined(CONFIG_NUMA) .set_policy = shm_set_policy, .get_policy = shm_get_policy, Patches currently in stable-queue which might be from mike.kravetz(a)oracle.com are queue-4.15/ipc-shm.c-add-split-function-to-shm_vm_ops.patch

7 years, 2 months

1
0
0 0

Patch "i2c: i2c-stm32f7: fix no check on returned setup" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled i2c: i2c-stm32f7: fix no check on returned setup to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: i2c-i2c-stm32f7-fix-no-check-on-returned-setup.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 771b7bf05339081019d22452ebcab6929372e13e Mon Sep 17 00:00:00 2001 From: Pierre-Yves MORDRET <pierre-yves.mordret(a)st.com> Date: Wed, 21 Mar 2018 17:48:40 +0100 Subject: i2c: i2c-stm32f7: fix no check on returned setup From: Pierre-Yves MORDRET <pierre-yves.mordret(a)st.com> commit 771b7bf05339081019d22452ebcab6929372e13e upstream. Before assigning returned setup structure check if not null Fixes: 463a9215f3ca7600b5ff ("i2c: stm32f7: fix setup structure") Signed-off-by: Pierre-Yves MORDRET <pierre-yves.mordret(a)st.com> Acked-by: Alexandre TORGUE <alexandre.torgue(a)st.com> Signed-off-by: Wolfram Sang <wsa(a)the-dreams.de> Cc: stable(a)kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/i2c/busses/i2c-stm32f7.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/drivers/i2c/busses/i2c-stm32f7.c +++ b/drivers/i2c/busses/i2c-stm32f7.c @@ -888,6 +888,11 @@ static int stm32f7_i2c_probe(struct plat } setup = of_device_get_match_data(&pdev->dev); + if (!setup) { + dev_err(&pdev->dev, "Can't get device data\n"); + ret = -ENODEV; + goto clk_free; + } i2c_dev->setup = *setup; ret = device_property_read_u32(i2c_dev->dev, "i2c-scl-rising-time-ns", Patches currently in stable-queue which might be from pierre-yves.mordret(a)st.com are queue-4.15/i2c-i2c-stm32f7-fix-no-check-on-returned-setup.patch

7 years, 2 months

1
0
0 0

Patch "ceph: only dirty ITER_IOVEC pages for direct read" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ceph: only dirty ITER_IOVEC pages for direct read to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ceph-only-dirty-iter_iovec-pages-for-direct-read.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 85784f9395987a422fa04263e7c0fb13da11eb5c Mon Sep 17 00:00:00 2001 From: "Yan, Zheng" <zyan(a)redhat.com> Date: Fri, 16 Mar 2018 11:22:29 +0800 Subject: ceph: only dirty ITER_IOVEC pages for direct read From: Yan, Zheng <zyan(a)redhat.com> commit 85784f9395987a422fa04263e7c0fb13da11eb5c upstream. If a page is already locked, attempting to dirty it leads to a deadlock in lock_page(). This is what currently happens to ITER_BVEC pages when a dio-enabled loop device is backed by ceph: $ losetup --direct-io /dev/loop0 /mnt/cephfs/img $ xfs_io -c 'pread 0 4k' /dev/loop0 Follow other file systems and only dirty ITER_IOVEC pages. Cc: stable(a)kernel.org Signed-off-by: "Yan, Zheng" <zyan(a)redhat.com> Reviewed-by: Ilya Dryomov <idryomov(a)gmail.com> Signed-off-by: Ilya Dryomov <idryomov(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/ceph/file.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) --- a/fs/ceph/file.c +++ b/fs/ceph/file.c @@ -635,7 +635,8 @@ static ssize_t ceph_sync_read(struct kio struct ceph_aio_request { struct kiocb *iocb; size_t total_len; - int write; + bool write; + bool should_dirty; int error; struct list_head osd_reqs; unsigned num_reqs; @@ -745,7 +746,7 @@ static void ceph_aio_complete_req(struct } } - ceph_put_page_vector(osd_data->pages, num_pages, !aio_req->write); + ceph_put_page_vector(osd_data->pages, num_pages, aio_req->should_dirty); ceph_osdc_put_request(req); if (rc < 0) @@ -842,6 +843,7 @@ ceph_direct_read_write(struct kiocb *ioc size_t count = iov_iter_count(iter); loff_t pos = iocb->ki_pos; bool write = iov_iter_rw(iter) == WRITE; + bool should_dirty = !write && iter_is_iovec(iter); if (write && ceph_snap(file_inode(file)) != CEPH_NOSNAP) return -EROFS; @@ -909,6 +911,7 @@ ceph_direct_read_write(struct kiocb *ioc if (aio_req) { aio_req->iocb = iocb; aio_req->write = write; + aio_req->should_dirty = should_dirty; INIT_LIST_HEAD(&aio_req->osd_reqs); if (write) { aio_req->mtime = mtime; @@ -966,7 +969,7 @@ ceph_direct_read_write(struct kiocb *ioc len = ret; } - ceph_put_page_vector(pages, num_pages, !write); + ceph_put_page_vector(pages, num_pages, should_dirty); ceph_osdc_put_request(req); if (ret < 0) Patches currently in stable-queue which might be from zyan(a)redhat.com are queue-4.15/ceph-only-dirty-iter_iovec-pages-for-direct-read.patch

7 years, 2 months

1
0
0 0

Patch "ARM: OMAP: Fix SRAM W+X mapping" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: OMAP: Fix SRAM W+X mapping to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-omap-fix-sram-w-x-mapping.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From eb85a355c3afd9379f5953cfe2df73632d14c884 Mon Sep 17 00:00:00 2001 From: Tony Lindgren <tony(a)atomide.com> Date: Wed, 21 Mar 2018 08:16:29 -0700 Subject: ARM: OMAP: Fix SRAM W+X mapping From: Tony Lindgren <tony(a)atomide.com> commit eb85a355c3afd9379f5953cfe2df73632d14c884 upstream. We are still using custom SRAM code for some SoCs and are not marking the PM code mapped to SRAM as read-only and executable after we're done. With CONFIG_DEBUG_WX=y, we will get "Found insecure W+X mapping at address" warning. Let's fix this issue the same way as commit 728bbe75c82f ("misc: sram: Introduce support code for protect-exec sram type") is doing for drivers/misc/sram-exec.c. On omap3, we need to restore SRAM when returning from off mode after idle, so init time configuration is not enough. And as we no longer have users for omap_sram_push_address() we can make it static while at it. Note that eventually we should be using sram-exec.c for all SoCs. Cc: stable(a)vger.kernel.org # v4.12+ Cc: Dave Gerlach <d-gerlach(a)ti.com> Reported-by: Pavel Machek <pavel(a)ucw.cz> Signed-off-by: Tony Lindgren <tony(a)atomide.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/plat-omap/include/plat/sram.h | 11 ---------- arch/arm/plat-omap/sram.c | 36 ++++++++++++++++++++++++++++++++- 2 files changed, 36 insertions(+), 11 deletions(-) --- a/arch/arm/plat-omap/include/plat/sram.h +++ b/arch/arm/plat-omap/include/plat/sram.h @@ -5,13 +5,4 @@ void omap_map_sram(unsigned long start, unsigned long skip, int cached); void omap_sram_reset(void); -extern void *omap_sram_push_address(unsigned long size); - -/* Macro to push a function to the internal SRAM, using the fncpy API */ -#define omap_sram_push(funcp, size) ({ \ - typeof(&(funcp)) _res = NULL; \ - void *_sram_address = omap_sram_push_address(size); \ - if (_sram_address) \ - _res = fncpy(_sram_address, &(funcp), size); \ - _res; \ -}) +extern void *omap_sram_push(void *funcp, unsigned long size); --- a/arch/arm/plat-omap/sram.c +++ b/arch/arm/plat-omap/sram.c @@ -23,6 +23,7 @@ #include <asm/fncpy.h> #include <asm/tlb.h> #include <asm/cacheflush.h> +#include <asm/set_memory.h> #include <asm/mach/map.h> @@ -42,7 +43,7 @@ static void __iomem *omap_sram_ceil; * Note that fncpy requires the returned address to be aligned * to an 8-byte boundary. */ -void *omap_sram_push_address(unsigned long size) +static void *omap_sram_push_address(unsigned long size) { unsigned long available, new_ceil = (unsigned long)omap_sram_ceil; @@ -60,6 +61,30 @@ void *omap_sram_push_address(unsigned lo return (void *)omap_sram_ceil; } +void *omap_sram_push(void *funcp, unsigned long size) +{ + void *sram; + unsigned long base; + int pages; + void *dst = NULL; + + sram = omap_sram_push_address(size); + if (!sram) + return NULL; + + base = (unsigned long)sram & PAGE_MASK; + pages = PAGE_ALIGN(size) / PAGE_SIZE; + + set_memory_rw(base, pages); + + dst = fncpy(sram, funcp, size); + + set_memory_ro(base, pages); + set_memory_x(base, pages); + + return dst; +} + /* * The SRAM context is lost during off-idle and stack * needs to be reset. @@ -75,6 +100,9 @@ void omap_sram_reset(void) void __init omap_map_sram(unsigned long start, unsigned long size, unsigned long skip, int cached) { + unsigned long base; + int pages; + if (size == 0) return; @@ -95,4 +123,10 @@ void __init omap_map_sram(unsigned long */ memset_io(omap_sram_base + omap_sram_skip, 0, omap_sram_size - omap_sram_skip); + + base = (unsigned long)omap_sram_base; + pages = PAGE_ALIGN(omap_sram_size) / PAGE_SIZE; + + set_memory_ro(base, pages); + set_memory_x(base, pages); } Patches currently in stable-queue which might be from tony(a)atomide.com are queue-4.15/arm-omap-fix-sram-w-x-mapping.patch

7 years, 2 months

1
0
0 0

Patch "ARM: dts: sun6i: a31s: bpi-m2: improve pmic properties" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: dts: sun6i: a31s: bpi-m2: improve pmic properties to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-dts-sun6i-a31s-bpi-m2-improve-pmic-properties.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b23af6ad8d2f708c4c3f92dd8f82c233247ba8bf Mon Sep 17 00:00:00 2001 From: Philipp Rossak <embed3d(a)gmail.com> Date: Wed, 14 Feb 2018 15:10:24 +0100 Subject: ARM: dts: sun6i: a31s: bpi-m2: improve pmic properties From: Philipp Rossak <embed3d(a)gmail.com> commit b23af6ad8d2f708c4c3f92dd8f82c233247ba8bf upstream. The eldoin is supplied from the dcdc1 regulator. The N_VBUSEN pin is connected to an external power regulator (SY6280AAC). With this commit we update the pmic binding properties to support those features. Fixes: 7daa21370075 ("ARM: dts: sunxi: Add regulators for Sinovoip BPI-M2") Cc: <stable(a)vger.kernel.org> Signed-off-by: Philipp Rossak <embed3d(a)gmail.com> Signed-off-by: Maxime Ripard <maxime.ripard(a)bootlin.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/boot/dts/sun6i-a31s-sinovoip-bpi-m2.dts | 2 ++ 1 file changed, 2 insertions(+) --- a/arch/arm/boot/dts/sun6i-a31s-sinovoip-bpi-m2.dts +++ b/arch/arm/boot/dts/sun6i-a31s-sinovoip-bpi-m2.dts @@ -163,6 +163,8 @@ reg = <0x68>; interrupt-parent = <&nmi_intc>; interrupts = <0 IRQ_TYPE_LEVEL_LOW>; + eldoin-supply = <&reg_dcdc1>; + x-powers,drive-vbus-en; }; }; Patches currently in stable-queue which might be from embed3d(a)gmail.com are queue-4.15/arm-dts-sun6i-a31s-bpi-m2-improve-pmic-properties.patch queue-4.15/arm-dts-sun6i-a31s-bpi-m2-add-missing-regulators.patch

7 years, 2 months

1
0
0 0

Patch "ARM: dts: sun6i: a31s: bpi-m2: add missing regulators" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: dts: sun6i: a31s: bpi-m2: add missing regulators to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-dts-sun6i-a31s-bpi-m2-add-missing-regulators.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 70b8d21496758dd7ff600ec9de0ee3812fac7a40 Mon Sep 17 00:00:00 2001 From: Philipp Rossak <embed3d(a)gmail.com> Date: Wed, 14 Feb 2018 15:10:25 +0100 Subject: ARM: dts: sun6i: a31s: bpi-m2: add missing regulators From: Philipp Rossak <embed3d(a)gmail.com> commit 70b8d21496758dd7ff600ec9de0ee3812fac7a40 upstream. This patch fixes a bootproblem with the Bananapi M2 board. Since there are some regulators missing we add them right now. Those values come from the schematic, below you can find a small overview: * reg_aldo1: 3,3V, powers the wifi * reg_aldo2: 2,5V, powers the IO of the RTL8211E * reg_aldo3: 3,3V, powers the audio * reg_dldo1: 3,0V, powers the RTL8211E * reg_dldo2: 2,8V, powers the analog part of the csi * reg_dldo3: 3,3V, powers misc * reg_eldo1: 1,8V, powers the csi * reg_ldo_io1:1,8V, powers the gpio * reg_dc5ldo: needs to be always on This patch updates also the vmmc-supply properties on the mmc0 and mmc2 node to use the allready existent regulators. We can now remove the sunxi-common-regulators.dtsi include since we don't need it anymore. Fixes: 7daa21370075 ("ARM: dts: sunxi: Add regulators for Sinovoip BPI-M2") Cc: <stable(a)vger.kernel.org> Signed-off-by: Philipp Rossak <embed3d(a)gmail.com> Signed-off-by: Maxime Ripard <maxime.ripard(a)bootlin.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/boot/dts/sun6i-a31s-sinovoip-bpi-m2.dts | 61 +++++++++++++++++++++-- 1 file changed, 58 insertions(+), 3 deletions(-) --- a/arch/arm/boot/dts/sun6i-a31s-sinovoip-bpi-m2.dts +++ b/arch/arm/boot/dts/sun6i-a31s-sinovoip-bpi-m2.dts @@ -42,7 +42,6 @@ /dts-v1/; #include "sun6i-a31s.dtsi" -#include "sunxi-common-regulators.dtsi" #include <dt-bindings/gpio/gpio.h> / { @@ -99,6 +98,7 @@ pinctrl-0 = <&gmac_pins_rgmii_a>, <&gmac_phy_reset_pin_bpi_m2>; phy = <&phy1>; phy-mode = "rgmii"; + phy-supply = <&reg_dldo1>; snps,reset-gpio = <&pio 0 21 GPIO_ACTIVE_HIGH>; /* PA21 */ snps,reset-active-low; snps,reset-delays-us = <0 10000 30000>; @@ -118,7 +118,7 @@ &mmc0 { pinctrl-names = "default"; pinctrl-0 = <&mmc0_pins_a>, <&mmc0_cd_pin_bpi_m2>; - vmmc-supply = <&reg_vcc3v0>; + vmmc-supply = <&reg_dcdc1>; bus-width = <4>; cd-gpios = <&pio 0 4 GPIO_ACTIVE_HIGH>; /* PA4 */ cd-inverted; @@ -132,7 +132,7 @@ &mmc2 { pinctrl-names = "default"; pinctrl-0 = <&mmc2_pins_a>; - vmmc-supply = <&reg_vcc3v0>; + vmmc-supply = <&reg_aldo1>; mmc-pwrseq = <&mmc2_pwrseq>; bus-width = <4>; non-removable; @@ -195,7 +195,28 @@ #include "axp22x.dtsi" +&reg_aldo1 { + regulator-min-microvolt = <3300000>; + regulator-max-microvolt = <3300000>; + regulator-name = "vcc-wifi"; +}; + +&reg_aldo2 { + regulator-always-on; + regulator-min-microvolt = <2500000>; + regulator-max-microvolt = <2500000>; + regulator-name = "vcc-gmac"; +}; + +&reg_aldo3 { + regulator-always-on; + regulator-min-microvolt = <3000000>; + regulator-max-microvolt = <3000000>; + regulator-name = "avcc"; +}; + &reg_dc5ldo { + regulator-always-on; regulator-min-microvolt = <700000>; regulator-max-microvolt = <1320000>; regulator-name = "vdd-cpus"; @@ -235,6 +256,40 @@ regulator-name = "vcc-dram"; }; +&reg_dldo1 { + regulator-min-microvolt = <3000000>; + regulator-max-microvolt = <3000000>; + regulator-name = "vcc-mac"; +}; + +&reg_dldo2 { + regulator-min-microvolt = <2800000>; + regulator-max-microvolt = <2800000>; + regulator-name = "avdd-csi"; +}; + +&reg_dldo3 { + regulator-always-on; + regulator-min-microvolt = <3300000>; + regulator-max-microvolt = <3300000>; + regulator-name = "vcc-pb"; +}; + +&reg_eldo1 { + regulator-min-microvolt = <1800000>; + regulator-max-microvolt = <1800000>; + regulator-name = "vdd-csi"; + status = "okay"; +}; + +&reg_ldo_io1 { + regulator-always-on; + regulator-min-microvolt = <1800000>; + regulator-max-microvolt = <1800000>; + regulator-name = "vcc-pm-cpus"; + status = "okay"; +}; + &uart0 { pinctrl-names = "default"; pinctrl-0 = <&uart0_pins_a>; Patches currently in stable-queue which might be from embed3d(a)gmail.com are queue-4.15/arm-dts-sun6i-a31s-bpi-m2-improve-pmic-properties.patch queue-4.15/arm-dts-sun6i-a31s-bpi-m2-add-missing-regulators.patch

7 years, 2 months

1
0
0 0

Patch "ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[]" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-8746-1-vfp-go-back-to-clearing-vfp_current_hw_state.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 1328f02005bbbaed15b9d5b7f3ab5ec9d4d5268a Mon Sep 17 00:00:00 2001 From: Fabio Estevam <festevam(a)gmail.com> Date: Mon, 22 Jan 2018 12:20:26 +0100 Subject: ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] From: Fabio Estevam <festevam(a)gmail.com> commit 1328f02005bbbaed15b9d5b7f3ab5ec9d4d5268a upstream. Commit 384b38b66947 ("ARM: 7873/1: vfp: clear vfp_current_hw_state for dying cpu") fixed the cpu dying notifier by clearing vfp_current_hw_state[]. However commit e5b61bafe704 ("arm: Convert VFP hotplug notifiers to state machine") incorrectly used the original vfp_force_reload() function in the cpu dying notifier. Fix it by going back to clearing vfp_current_hw_state[]. Fixes: e5b61bafe704 ("arm: Convert VFP hotplug notifiers to state machine") Cc: linux-stable <stable(a)vger.kernel.org> Reported-by: Kohji Okuno <okuno.kohji(a)jp.panasonic.com> Signed-off-by: Fabio Estevam <fabio.estevam(a)nxp.com> Signed-off-by: Russell King <rmk+kernel(a)armlinux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/vfp/vfpmodule.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/arm/vfp/vfpmodule.c +++ b/arch/arm/vfp/vfpmodule.c @@ -648,7 +648,7 @@ int vfp_restore_user_hwstate(struct user */ static int vfp_dying_cpu(unsigned int cpu) { - vfp_force_reload(cpu, current_thread_info()); + vfp_current_hw_state[cpu] = NULL; return 0; } Patches currently in stable-queue which might be from festevam(a)gmail.com are queue-4.15/arm-8746-1-vfp-go-back-to-clearing-vfp_current_hw_state.patch

7 years, 2 months

1
0
0 0

Patch "ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-pcm-use-dma_bytes-as-size-parameter-in-dma_mmap_coherent.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9066ae7ff5d89c0b5daa271e2d573540097a94fa Mon Sep 17 00:00:00 2001 From: Stefan Roese <sr(a)denx.de> Date: Mon, 26 Mar 2018 16:10:21 +0200 Subject: ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() From: Stefan Roese <sr(a)denx.de> commit 9066ae7ff5d89c0b5daa271e2d573540097a94fa upstream. When trying to use the driver (e.g. aplay *.wav), the 4MiB DMA buffer will get mmapp'ed in 16KiB chunks. But this fails with the 2nd 16KiB area, as the page offset is outside of the VMA range (size), which is currently used as size parameter in snd_pcm_lib_default_mmap(). By using the DMA buffer size (dma_bytes) instead, the complete DMA buffer can be mmapp'ed and the issue is fixed. This issue was detected on an ARM platform (TI AM57xx) using the RME HDSP MADI PCIe soundcard. Fixes: 657b1989dacf ("ALSA: pcm - Use dma_mmap_coherent() if available") Signed-off-by: Stefan Roese <sr(a)denx.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/core/pcm_native.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c @@ -3422,7 +3422,7 @@ int snd_pcm_lib_default_mmap(struct snd_ area, substream->runtime->dma_area, substream->runtime->dma_addr, - area->vm_end - area->vm_start); + substream->runtime->dma_bytes); #endif /* CONFIG_X86 */ /* mmap with fault handler */ area->vm_ops = &snd_pcm_vm_ops_data_fault; Patches currently in stable-queue which might be from sr(a)denx.de are queue-4.15/alsa-pcm-use-dma_bytes-as-size-parameter-in-dma_mmap_coherent.patch

7 years, 2 months

1
0
0 0

Patch "ALSA: usb-audio: Add native DSD support for TEAC UD-301" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: usb-audio: Add native DSD support for TEAC UD-301 to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-usb-audio-add-native-dsd-support-for-teac-ud-301.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b00214865d65100163574ba250008f182cf90869 Mon Sep 17 00:00:00 2001 From: Nobutaka Okabe <nob77413(a)gmail.com> Date: Fri, 23 Mar 2018 19:49:44 +0900 Subject: ALSA: usb-audio: Add native DSD support for TEAC UD-301 From: Nobutaka Okabe <nob77413(a)gmail.com> commit b00214865d65100163574ba250008f182cf90869 upstream. Add native DSD support quirk for TEAC UD-301 DAC, by adding the PID/VID 0644:804a. Signed-off-by: Nobutaka Okabe <nob77413(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/usb/quirks.c | 1 + 1 file changed, 1 insertion(+) --- a/sound/usb/quirks.c +++ b/sound/usb/quirks.c @@ -1171,6 +1171,7 @@ static bool is_teac_dsd_dac(unsigned int switch (id) { case USB_ID(0x0644, 0x8043): /* TEAC UD-501/UD-503/NT-503 */ case USB_ID(0x0644, 0x8044): /* Esoteric D-05X */ + case USB_ID(0x0644, 0x804a): /* TEAC UD-301 */ return true; } return false; Patches currently in stable-queue which might be from nob77413(a)gmail.com are queue-4.15/alsa-usb-audio-add-native-dsd-support-for-teac-ud-301.patch

7 years, 2 months

1
0
0 0

Patch "ALSA: pcm: potential uninitialized return values" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: pcm: potential uninitialized return values to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-pcm-potential-uninitialized-return-values.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 5607dddbfca774fb38bffadcb077fe03aa4ac5c6 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Tue, 27 Mar 2018 16:07:52 +0300 Subject: ALSA: pcm: potential uninitialized return values From: Dan Carpenter <dan.carpenter(a)oracle.com> commit 5607dddbfca774fb38bffadcb077fe03aa4ac5c6 upstream. Smatch complains that "tmp" can be uninitialized if we do a zero size write. Fixes: 02a5d6925cd3 ("ALSA: pcm: Avoid potential races between OSS ioctls and read/write") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/core/oss/pcm_oss.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/sound/core/oss/pcm_oss.c +++ b/sound/core/oss/pcm_oss.c @@ -1326,7 +1326,7 @@ static ssize_t snd_pcm_oss_write2(struct static ssize_t snd_pcm_oss_write1(struct snd_pcm_substream *substream, const char __user *buf, size_t bytes) { size_t xfer = 0; - ssize_t tmp; + ssize_t tmp = 0; struct snd_pcm_runtime *runtime = substream->runtime; if (atomic_read(&substream->mmap_count)) @@ -1433,7 +1433,7 @@ static ssize_t snd_pcm_oss_read2(struct static ssize_t snd_pcm_oss_read1(struct snd_pcm_substream *substream, char __user *buf, size_t bytes) { size_t xfer = 0; - ssize_t tmp; + ssize_t tmp = 0; struct snd_pcm_runtime *runtime = substream->runtime; if (atomic_read(&substream->mmap_count)) Patches currently in stable-queue which might be from dan.carpenter(a)oracle.com are queue-4.15/alsa-pcm-potential-uninitialized-return-values.patch

7 years, 2 months

1
0
0 0

Patch "x86/platform/uv/BAU: Add APIC idt entry" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled x86/platform/uv/BAU: Add APIC idt entry to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: x86-platform-uv-bau-add-apic-idt-entry.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 151ad17fbe5e56afa59709f41980508672c777ce Mon Sep 17 00:00:00 2001 From: Andrew Banman <abanman(a)hpe.com> Date: Tue, 27 Mar 2018 17:09:06 -0500 Subject: x86/platform/uv/BAU: Add APIC idt entry From: Andrew Banman <abanman(a)hpe.com> commit 151ad17fbe5e56afa59709f41980508672c777ce upstream. BAU uses the old alloc_initr_gate90 method to setup its interrupt. This fails silently as the BAU vector is in the range of APIC vectors that are registered to the spurious interrupt handler. As a consequence BAU broadcasts are not handled, and the broadcast source CPU hangs. Update BAU to use new idt structure. Fixes: dc20b2d52653 ("x86/idt: Move interrupt gate initialization to IDT code") Signed-off-by: Andrew Banman <abanman(a)hpe.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Mike Travis <mike.travis(a)hpe.com> Cc: Dimitri Sivanich <sivanich(a)hpe.com> Cc: Russ Anderson <rja(a)hpe.com> Cc: stable(a)vger.kernel.org Cc: "H. Peter Anvin" <hpa(a)zytor.com> Link: https://lkml.kernel.org/r/1522188546-196177-1-git-send-email-abanman@hpe.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/include/asm/hw_irq.h | 1 + arch/x86/kernel/idt.c | 3 +++ arch/x86/platform/uv/tlb_uv.c | 2 -- 3 files changed, 4 insertions(+), 2 deletions(-) --- a/arch/x86/include/asm/hw_irq.h +++ b/arch/x86/include/asm/hw_irq.h @@ -34,6 +34,7 @@ extern asmlinkage void kvm_posted_intr_w extern asmlinkage void kvm_posted_intr_nested_ipi(void); extern asmlinkage void error_interrupt(void); extern asmlinkage void irq_work_interrupt(void); +extern asmlinkage void uv_bau_message_intr1(void); extern asmlinkage void spurious_interrupt(void); extern asmlinkage void thermal_interrupt(void); --- a/arch/x86/kernel/idt.c +++ b/arch/x86/kernel/idt.c @@ -140,6 +140,9 @@ static const __initconst struct idt_data # ifdef CONFIG_IRQ_WORK INTG(IRQ_WORK_VECTOR, irq_work_interrupt), # endif +#ifdef CONFIG_X86_UV + INTG(UV_BAU_MESSAGE, uv_bau_message_intr1), +#endif INTG(SPURIOUS_APIC_VECTOR, spurious_interrupt), INTG(ERROR_APIC_VECTOR, error_interrupt), #endif --- a/arch/x86/platform/uv/tlb_uv.c +++ b/arch/x86/platform/uv/tlb_uv.c @@ -2254,8 +2254,6 @@ static int __init uv_bau_init(void) init_uvhub(uvhub, vector, uv_base_pnode); } - alloc_intr_gate(vector, uv_bau_message_intr1); - for_each_possible_blade(uvhub) { if (uv_blade_nr_possible_cpus(uvhub)) { unsigned long val; Patches currently in stable-queue which might be from abanman(a)hpe.com are queue-4.14/x86-platform-uv-bau-add-apic-idt-entry.patch

7 years, 2 months

1
0
0 0

Patch "powerpc/64s: Fix lost pending interrupt due to race causing lost update to irq_happened" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/64s: Fix lost pending interrupt due to race causing lost update to irq_happened to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-64s-fix-lost-pending-interrupt-due-to-race-causing-lost-update-to-irq_happened.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ff6781fd1bb404d8a551c02c35c70cec1da17ff1 Mon Sep 17 00:00:00 2001 From: Nicholas Piggin <npiggin(a)gmail.com> Date: Wed, 21 Mar 2018 12:22:28 +1000 Subject: powerpc/64s: Fix lost pending interrupt due to race causing lost update to irq_happened From: Nicholas Piggin <npiggin(a)gmail.com> commit ff6781fd1bb404d8a551c02c35c70cec1da17ff1 upstream. force_external_irq_replay() can be called in the do_IRQ path with interrupts hard enabled and soft disabled if may_hard_irq_enable() set MSR[EE]=1. It updates local_paca->irq_happened with a load, modify, store sequence. If a maskable interrupt hits during this sequence, it will go to the masked handler to be marked pending in irq_happened. This update will be lost when the interrupt returns and the store instruction executes. This can result in unpredictable latencies, timeouts, lockups, etc. Fix this by ensuring hard interrupts are disabled before modifying irq_happened. This could cause any maskable asynchronous interrupt to get lost, but it was noticed on P9 SMP system doing RDMA NVMe target over 100GbE, so very high external interrupt rate and high IPI rate. The hang was bisected down to enabling doorbell interrupts for IPIs. These provided an interrupt type that could run at high rates in the do_IRQ path, stressing the race. Fixes: 1d607bb3bd60 ("powerpc/irq: Add mechanism to force a replay of interrupts") Cc: stable(a)vger.kernel.org # v4.8+ Reported-by: Carol L. Soto <clsoto(a)us.ibm.com> Signed-off-by: Nicholas Piggin <npiggin(a)gmail.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/kernel/irq.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/arch/powerpc/kernel/irq.c +++ b/arch/powerpc/kernel/irq.c @@ -430,6 +430,14 @@ void force_external_irq_replay(void) */ WARN_ON(!arch_irqs_disabled()); + /* + * Interrupts must always be hard disabled before irq_happened is + * modified (to prevent lost update in case of interrupt between + * load and store). + */ + __hard_irq_disable(); + local_paca->irq_happened |= PACA_IRQ_HARD_DIS; + /* Indicate in the PACA that we have an interrupt to replay */ local_paca->irq_happened |= PACA_IRQ_EE; } Patches currently in stable-queue which might be from npiggin(a)gmail.com are queue-4.14/powerpc-64s-fix-lost-pending-interrupt-due-to-race-causing-lost-update-to-irq_happened.patch queue-4.14/powerpc-64s-fix-i-side-slb-miss-bad-address-handler-saving-nonvolatile-gprs.patch

7 years, 2 months

1
0
0 0

Patch "powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-64s-fix-i-side-slb-miss-bad-address-handler-saving-nonvolatile-gprs.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 52396500f97c53860164debc7d4f759077853423 Mon Sep 17 00:00:00 2001 From: Nicholas Piggin <npiggin(a)gmail.com> Date: Fri, 23 Mar 2018 15:53:38 +1000 Subject: powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs From: Nicholas Piggin <npiggin(a)gmail.com> commit 52396500f97c53860164debc7d4f759077853423 upstream. The SLB bad address handler's trap number fixup does not preserve the low bit that indicates nonvolatile GPRs have not been saved. This leads save_nvgprs to skip saving them, and subsequent functions and return from interrupt will think they are saved. This causes kernel branch-to-garbage debugging to not have correct registers, can also cause userspace to have its registers clobbered after a segfault. Fixes: f0f558b131db ("powerpc/mm: Preserve CFAR value on SLB miss caused by access to bogus address") Cc: stable(a)vger.kernel.org # v4.9+ Signed-off-by: Nicholas Piggin <npiggin(a)gmail.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/kernel/exceptions-64s.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/powerpc/kernel/exceptions-64s.S +++ b/arch/powerpc/kernel/exceptions-64s.S @@ -704,7 +704,7 @@ EXC_COMMON_BEGIN(bad_addr_slb) ld r3, PACA_EXSLB+EX_DAR(r13) std r3, _DAR(r1) beq cr6, 2f - li r10, 0x480 /* fix trap number for I-SLB miss */ + li r10, 0x481 /* fix trap number for I-SLB miss */ std r10, _TRAP(r1) 2: bl save_nvgprs addi r3, r1, STACK_FRAME_OVERHEAD Patches currently in stable-queue which might be from npiggin(a)gmail.com are queue-4.14/powerpc-64s-fix-lost-pending-interrupt-due-to-race-causing-lost-update-to-irq_happened.patch queue-4.14/powerpc-64s-fix-i-side-slb-miss-bad-address-handler-saving-nonvolatile-gprs.patch

7 years, 2 months

1
0
0 0

Patch "perf/hwbp: Simplify the perf-hwbp code, fix documentation" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled perf/hwbp: Simplify the perf-hwbp code, fix documentation to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: perf-hwbp-simplify-the-perf-hwbp-code-fix-documentation.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From f67b15037a7a50c57f72e69a6d59941ad90a0f0f Mon Sep 17 00:00:00 2001 From: Linus Torvalds <torvalds(a)linux-foundation.org> Date: Mon, 26 Mar 2018 15:39:07 -1000 Subject: perf/hwbp: Simplify the perf-hwbp code, fix documentation From: Linus Torvalds <torvalds(a)linux-foundation.org> commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f upstream. Annoyingly, modify_user_hw_breakpoint() unnecessarily complicates the modification of a breakpoint - simplify it and remove the pointless local variables. Also update the stale Docbook while at it. Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Cc: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arnaldo Carvalho de Melo <acme(a)redhat.com> Cc: Frederic Weisbecker <fweisbec(a)gmail.com> Cc: Jiri Olsa <jolsa(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Stephane Eranian <eranian(a)google.com> Cc: Vince Weaver <vincent.weaver(a)maine.edu> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/events/hw_breakpoint.c | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) --- a/kernel/events/hw_breakpoint.c +++ b/kernel/events/hw_breakpoint.c @@ -427,16 +427,9 @@ EXPORT_SYMBOL_GPL(register_user_hw_break * modify_user_hw_breakpoint - modify a user-space hardware breakpoint * @bp: the breakpoint structure to modify * @attr: new breakpoint attributes - * @triggered: callback to trigger when we hit the breakpoint - * @tsk: pointer to 'task_struct' of the process to which the address belongs */ int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *attr) { - u64 old_addr = bp->attr.bp_addr; - u64 old_len = bp->attr.bp_len; - int old_type = bp->attr.bp_type; - int err = 0; - /* * modify_user_hw_breakpoint can be invoked with IRQs disabled and hence it * will not be possible to raise IPIs that invoke __perf_event_disable. @@ -451,27 +444,18 @@ int modify_user_hw_breakpoint(struct per bp->attr.bp_addr = attr->bp_addr; bp->attr.bp_type = attr->bp_type; bp->attr.bp_len = attr->bp_len; + bp->attr.disabled = 1; - if (attr->disabled) - goto end; - - err = validate_hw_breakpoint(bp); - if (!err) - perf_event_enable(bp); + if (!attr->disabled) { + int err = validate_hw_breakpoint(bp); - if (err) { - bp->attr.bp_addr = old_addr; - bp->attr.bp_type = old_type; - bp->attr.bp_len = old_len; - if (!bp->attr.disabled) - perf_event_enable(bp); + if (err) + return err; - return err; + perf_event_enable(bp); + bp->attr.disabled = 0; } -end: - bp->attr.disabled = attr->disabled; - return 0; } EXPORT_SYMBOL_GPL(modify_user_hw_breakpoint); Patches currently in stable-queue which might be from torvalds(a)linux-foundation.org are queue-4.14/perf-hwbp-simplify-the-perf-hwbp-code-fix-documentation.patch queue-4.14/ipc-shm.c-add-split-function-to-shm_vm_ops.patch

7 years, 2 months

1
0
0 0

Patch "mtd: nand: atmel: Fix get_sectorsize() function" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mtd: nand: atmel: Fix get_sectorsize() function to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mtd-nand-atmel-fix-get_sectorsize-function.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 2b1b1b4ac716fd929a2d221bd4ade62263bed915 Mon Sep 17 00:00:00 2001 From: Boris Brezillon <boris.brezillon(a)bootlin.com> Date: Tue, 27 Mar 2018 19:01:58 +0200 Subject: mtd: nand: atmel: Fix get_sectorsize() function From: Boris Brezillon <boris.brezillon(a)bootlin.com> commit 2b1b1b4ac716fd929a2d221bd4ade62263bed915 upstream. get_sectorsize() was not using the appropriate macro to extract the ECC sector size from the config cache, which led to buggy ECC when using 1024 byte sectors. Fixes: f88fc122cc34 ("mtd: nand: Cleanup/rework the atmel_nand driver") Cc: <stable(a)vger.kernel.org> Reported-by: Olivier Schonken <olivier.schonken(a)gmail.com> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Reviewed-by: Richard Weinberger <richard(a)nod.at> Acked-by: Nicolas Ferre <nicolas.ferre(a)microchip.com> Tested-by: Olivier Schonken <olivier.schonken(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/mtd/nand/atmel/pmecc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/mtd/nand/atmel/pmecc.c +++ b/drivers/mtd/nand/atmel/pmecc.c @@ -426,7 +426,7 @@ static int get_strength(struct atmel_pme static int get_sectorsize(struct atmel_pmecc_user *user) { - return user->cache.cfg & PMECC_LOOKUP_TABLE_SIZE_1024 ? 1024 : 512; + return user->cache.cfg & PMECC_CFG_SECTOR1024 ? 1024 : 512; } static void atmel_pmecc_gen_syndrome(struct atmel_pmecc_user *user, int sector) Patches currently in stable-queue which might be from boris.brezillon(a)bootlin.com are queue-4.14/mtd-jedec_probe-fix-crash-in-jedec_read_mfr.patch queue-4.14/mtd-nand-atmel-fix-get_sectorsize-function.patch

7 years, 2 months

1
0
0 0

Patch "mtd: jedec_probe: Fix crash in jedec_read_mfr()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mtd: jedec_probe: Fix crash in jedec_read_mfr() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mtd-jedec_probe-fix-crash-in-jedec_read_mfr.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 87a73eb5b56fd6e07c8e499fe8608ef2d8912b82 Mon Sep 17 00:00:00 2001 From: Linus Walleij <linus.walleij(a)linaro.org> Date: Sat, 3 Mar 2018 23:29:03 +0100 Subject: mtd: jedec_probe: Fix crash in jedec_read_mfr() From: Linus Walleij <linus.walleij(a)linaro.org> commit 87a73eb5b56fd6e07c8e499fe8608ef2d8912b82 upstream. It turns out that the loop where we read manufacturer jedec_read_mfd() can under some circumstances get a CFI_MFR_CONTINUATION repeatedly, making the loop go over all banks and eventually hit the end of the map and crash because of an access violation: Unable to handle kernel paging request at virtual address c4980000 pgd = (ptrval) [c4980000] *pgd=03808811, *pte=00000000, *ppte=00000000 Internal error: Oops: 7 [#1] PREEMPT ARM CPU: 0 PID: 1 Comm: swapper Not tainted 4.16.0-rc1+ #150 Hardware name: Gemini (Device Tree) PC is at jedec_probe_chip+0x6ec/0xcd0 LR is at 0x4 pc : [<c03a2bf4>] lr : [<00000004>] psr: 60000013 sp : c382dd18 ip : 0000ffff fp : 00000000 r10: c0626388 r9 : 00020000 r8 : c0626340 r7 : 00000000 r6 : 00000001 r5 : c3a71afc r4 : c382dd70 r3 : 00000001 r2 : c4900000 r1 : 00000002 r0 : 00080000 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 0000397f Table: 00004000 DAC: 00000053 Process swapper (pid: 1, stack limit = 0x(ptrval)) Fix this by breaking the loop with a return 0 if the offset exceeds the map size. Fixes: 5c9c11e1c47c ("[MTD] [NOR] Add support for flash chips with ID in bank other than 0") Cc: <stable(a)vger.kernel.org> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/mtd/chips/jedec_probe.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/mtd/chips/jedec_probe.c +++ b/drivers/mtd/chips/jedec_probe.c @@ -1889,6 +1889,8 @@ static inline u32 jedec_read_mfr(struct do { uint32_t ofs = cfi_build_cmd_addr(0 + (bank << 8), map, cfi); mask = (1 << (cfi->device_type * 8)) - 1; + if (ofs >= map->size) + return 0; result = map_read(map, base + ofs); bank++; } while ((result.x[0] & mask) == CFI_MFR_CONTINUATION); Patches currently in stable-queue which might be from linus.walleij(a)linaro.org are queue-4.14/mtd-jedec_probe-fix-crash-in-jedec_read_mfr.patch

7 years, 2 months

1
0
0 0

Patch "ipc/shm.c: add split function to shm_vm_ops" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipc/shm.c: add split function to shm_vm_ops to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipc-shm.c-add-split-function-to-shm_vm_ops.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3d942ee079b917b24e2a0c5f18d35ac8ec9fee48 Mon Sep 17 00:00:00 2001 From: Mike Kravetz <mike.kravetz(a)oracle.com> Date: Wed, 28 Mar 2018 16:01:01 -0700 Subject: ipc/shm.c: add split function to shm_vm_ops From: Mike Kravetz <mike.kravetz(a)oracle.com> commit 3d942ee079b917b24e2a0c5f18d35ac8ec9fee48 upstream. If System V shmget/shmat operations are used to create a hugetlbfs backed mapping, it is possible to munmap part of the mapping and split the underlying vma such that it is not huge page aligned. This will untimately result in the following BUG: kernel BUG at /build/linux-jWa1Fv/linux-4.15.0/mm/hugetlb.c:3310! Oops: Exception in kernel mode, sig: 5 [#1] LE SMP NR_CPUS=2048 NUMA PowerNV Modules linked in: kcm nfc af_alg caif_socket caif phonet fcrypt CPU: 18 PID: 43243 Comm: trinity-subchil Tainted: G C E 4.15.0-10-generic #11-Ubuntu NIP: c00000000036e764 LR: c00000000036ee48 CTR: 0000000000000009 REGS: c000003fbcdcf810 TRAP: 0700 Tainted: G C E (4.15.0-10-generic) MSR: 9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 24002222 XER: 20040000 CFAR: c00000000036ee44 SOFTE: 1 NIP __unmap_hugepage_range+0xa4/0x760 LR __unmap_hugepage_range_final+0x28/0x50 Call Trace: 0x7115e4e00000 (unreliable) __unmap_hugepage_range_final+0x28/0x50 unmap_single_vma+0x11c/0x190 unmap_vmas+0x94/0x140 exit_mmap+0x9c/0x1d0 mmput+0xa8/0x1d0 do_exit+0x360/0xc80 do_group_exit+0x60/0x100 SyS_exit_group+0x24/0x30 system_call+0x58/0x6c ---[ end trace ee88f958a1c62605 ]--- This bug was introduced by commit 31383c6865a5 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct"). A split function was added to vm_operations_struct to determine if a mapping can be split. This was mostly for device-dax and hugetlbfs mappings which have specific alignment constraints. Mappings initiated via shmget/shmat have their original vm_ops overwritten with shm_vm_ops. shm_vm_ops functions will call back to the original vm_ops if needed. Add such a split function to shm_vm_ops. Link: http://lkml.kernel.org/r/20180321161314.7711-1-mike.kravetz@oracle.com Fixes: 31383c6865a5 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Reported-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Reviewed-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Tested-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Manfred Spraul <manfred(a)colorfullife.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- ipc/shm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) --- a/ipc/shm.c +++ b/ipc/shm.c @@ -386,6 +386,17 @@ static int shm_fault(struct vm_fault *vm return sfd->vm_ops->fault(vmf); } +static int shm_split(struct vm_area_struct *vma, unsigned long addr) +{ + struct file *file = vma->vm_file; + struct shm_file_data *sfd = shm_file_data(file); + + if (sfd->vm_ops && sfd->vm_ops->split) + return sfd->vm_ops->split(vma, addr); + + return 0; +} + #ifdef CONFIG_NUMA static int shm_set_policy(struct vm_area_struct *vma, struct mempolicy *new) { @@ -510,6 +521,7 @@ static const struct vm_operations_struct .open = shm_open, /* callback for a new vm-area open */ .close = shm_close, /* callback for when the vm-area is released */ .fault = shm_fault, + .split = shm_split, #if defined(CONFIG_NUMA) .set_policy = shm_set_policy, .get_policy = shm_get_policy, Patches currently in stable-queue which might be from mike.kravetz(a)oracle.com are queue-4.14/ipc-shm.c-add-split-function-to-shm_vm_ops.patch

7 years, 2 months

1
0
0 0

Patch "i2c: i2c-stm32f7: fix no check on returned setup" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled i2c: i2c-stm32f7: fix no check on returned setup to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: i2c-i2c-stm32f7-fix-no-check-on-returned-setup.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 771b7bf05339081019d22452ebcab6929372e13e Mon Sep 17 00:00:00 2001 From: Pierre-Yves MORDRET <pierre-yves.mordret(a)st.com> Date: Wed, 21 Mar 2018 17:48:40 +0100 Subject: i2c: i2c-stm32f7: fix no check on returned setup From: Pierre-Yves MORDRET <pierre-yves.mordret(a)st.com> commit 771b7bf05339081019d22452ebcab6929372e13e upstream. Before assigning returned setup structure check if not null Fixes: 463a9215f3ca7600b5ff ("i2c: stm32f7: fix setup structure") Signed-off-by: Pierre-Yves MORDRET <pierre-yves.mordret(a)st.com> Acked-by: Alexandre TORGUE <alexandre.torgue(a)st.com> Signed-off-by: Wolfram Sang <wsa(a)the-dreams.de> Cc: stable(a)kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/i2c/busses/i2c-stm32f7.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/drivers/i2c/busses/i2c-stm32f7.c +++ b/drivers/i2c/busses/i2c-stm32f7.c @@ -887,6 +887,11 @@ static int stm32f7_i2c_probe(struct plat } setup = of_device_get_match_data(&pdev->dev); + if (!setup) { + dev_err(&pdev->dev, "Can't get device data\n"); + ret = -ENODEV; + goto clk_free; + } i2c_dev->setup = *setup; ret = device_property_read_u32(i2c_dev->dev, "i2c-scl-rising-time-ns", Patches currently in stable-queue which might be from pierre-yves.mordret(a)st.com are queue-4.14/i2c-i2c-stm32f7-fix-no-check-on-returned-setup.patch

7 years, 2 months

1
0
0 0

Patch "ceph: only dirty ITER_IOVEC pages for direct read" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ceph: only dirty ITER_IOVEC pages for direct read to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ceph-only-dirty-iter_iovec-pages-for-direct-read.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 85784f9395987a422fa04263e7c0fb13da11eb5c Mon Sep 17 00:00:00 2001 From: "Yan, Zheng" <zyan(a)redhat.com> Date: Fri, 16 Mar 2018 11:22:29 +0800 Subject: ceph: only dirty ITER_IOVEC pages for direct read From: Yan, Zheng <zyan(a)redhat.com> commit 85784f9395987a422fa04263e7c0fb13da11eb5c upstream. If a page is already locked, attempting to dirty it leads to a deadlock in lock_page(). This is what currently happens to ITER_BVEC pages when a dio-enabled loop device is backed by ceph: $ losetup --direct-io /dev/loop0 /mnt/cephfs/img $ xfs_io -c 'pread 0 4k' /dev/loop0 Follow other file systems and only dirty ITER_IOVEC pages. Cc: stable(a)kernel.org Signed-off-by: "Yan, Zheng" <zyan(a)redhat.com> Reviewed-by: Ilya Dryomov <idryomov(a)gmail.com> Signed-off-by: Ilya Dryomov <idryomov(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/ceph/file.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) --- a/fs/ceph/file.c +++ b/fs/ceph/file.c @@ -635,7 +635,8 @@ static ssize_t ceph_sync_read(struct kio struct ceph_aio_request { struct kiocb *iocb; size_t total_len; - int write; + bool write; + bool should_dirty; int error; struct list_head osd_reqs; unsigned num_reqs; @@ -745,7 +746,7 @@ static void ceph_aio_complete_req(struct } } - ceph_put_page_vector(osd_data->pages, num_pages, !aio_req->write); + ceph_put_page_vector(osd_data->pages, num_pages, aio_req->should_dirty); ceph_osdc_put_request(req); if (rc < 0) @@ -842,6 +843,7 @@ ceph_direct_read_write(struct kiocb *ioc size_t count = iov_iter_count(iter); loff_t pos = iocb->ki_pos; bool write = iov_iter_rw(iter) == WRITE; + bool should_dirty = !write && iter_is_iovec(iter); if (write && ceph_snap(file_inode(file)) != CEPH_NOSNAP) return -EROFS; @@ -909,6 +911,7 @@ ceph_direct_read_write(struct kiocb *ioc if (aio_req) { aio_req->iocb = iocb; aio_req->write = write; + aio_req->should_dirty = should_dirty; INIT_LIST_HEAD(&aio_req->osd_reqs); if (write) { aio_req->mtime = mtime; @@ -966,7 +969,7 @@ ceph_direct_read_write(struct kiocb *ioc len = ret; } - ceph_put_page_vector(pages, num_pages, !write); + ceph_put_page_vector(pages, num_pages, should_dirty); ceph_osdc_put_request(req); if (ret < 0) Patches currently in stable-queue which might be from zyan(a)redhat.com are queue-4.14/ceph-only-dirty-iter_iovec-pages-for-direct-read.patch

7 years, 2 months

1
0
0 0

Patch "ARM: OMAP: Fix SRAM W+X mapping" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: OMAP: Fix SRAM W+X mapping to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-omap-fix-sram-w-x-mapping.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From eb85a355c3afd9379f5953cfe2df73632d14c884 Mon Sep 17 00:00:00 2001 From: Tony Lindgren <tony(a)atomide.com> Date: Wed, 21 Mar 2018 08:16:29 -0700 Subject: ARM: OMAP: Fix SRAM W+X mapping From: Tony Lindgren <tony(a)atomide.com> commit eb85a355c3afd9379f5953cfe2df73632d14c884 upstream. We are still using custom SRAM code for some SoCs and are not marking the PM code mapped to SRAM as read-only and executable after we're done. With CONFIG_DEBUG_WX=y, we will get "Found insecure W+X mapping at address" warning. Let's fix this issue the same way as commit 728bbe75c82f ("misc: sram: Introduce support code for protect-exec sram type") is doing for drivers/misc/sram-exec.c. On omap3, we need to restore SRAM when returning from off mode after idle, so init time configuration is not enough. And as we no longer have users for omap_sram_push_address() we can make it static while at it. Note that eventually we should be using sram-exec.c for all SoCs. Cc: stable(a)vger.kernel.org # v4.12+ Cc: Dave Gerlach <d-gerlach(a)ti.com> Reported-by: Pavel Machek <pavel(a)ucw.cz> Signed-off-by: Tony Lindgren <tony(a)atomide.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/plat-omap/include/plat/sram.h | 11 ---------- arch/arm/plat-omap/sram.c | 36 ++++++++++++++++++++++++++++++++- 2 files changed, 36 insertions(+), 11 deletions(-) --- a/arch/arm/plat-omap/include/plat/sram.h +++ b/arch/arm/plat-omap/include/plat/sram.h @@ -5,13 +5,4 @@ void omap_map_sram(unsigned long start, unsigned long skip, int cached); void omap_sram_reset(void); -extern void *omap_sram_push_address(unsigned long size); - -/* Macro to push a function to the internal SRAM, using the fncpy API */ -#define omap_sram_push(funcp, size) ({ \ - typeof(&(funcp)) _res = NULL; \ - void *_sram_address = omap_sram_push_address(size); \ - if (_sram_address) \ - _res = fncpy(_sram_address, &(funcp), size); \ - _res; \ -}) +extern void *omap_sram_push(void *funcp, unsigned long size); --- a/arch/arm/plat-omap/sram.c +++ b/arch/arm/plat-omap/sram.c @@ -23,6 +23,7 @@ #include <asm/fncpy.h> #include <asm/tlb.h> #include <asm/cacheflush.h> +#include <asm/set_memory.h> #include <asm/mach/map.h> @@ -42,7 +43,7 @@ static void __iomem *omap_sram_ceil; * Note that fncpy requires the returned address to be aligned * to an 8-byte boundary. */ -void *omap_sram_push_address(unsigned long size) +static void *omap_sram_push_address(unsigned long size) { unsigned long available, new_ceil = (unsigned long)omap_sram_ceil; @@ -60,6 +61,30 @@ void *omap_sram_push_address(unsigned lo return (void *)omap_sram_ceil; } +void *omap_sram_push(void *funcp, unsigned long size) +{ + void *sram; + unsigned long base; + int pages; + void *dst = NULL; + + sram = omap_sram_push_address(size); + if (!sram) + return NULL; + + base = (unsigned long)sram & PAGE_MASK; + pages = PAGE_ALIGN(size) / PAGE_SIZE; + + set_memory_rw(base, pages); + + dst = fncpy(sram, funcp, size); + + set_memory_ro(base, pages); + set_memory_x(base, pages); + + return dst; +} + /* * The SRAM context is lost during off-idle and stack * needs to be reset. @@ -75,6 +100,9 @@ void omap_sram_reset(void) void __init omap_map_sram(unsigned long start, unsigned long size, unsigned long skip, int cached) { + unsigned long base; + int pages; + if (size == 0) return; @@ -95,4 +123,10 @@ void __init omap_map_sram(unsigned long */ memset_io(omap_sram_base + omap_sram_skip, 0, omap_sram_size - omap_sram_skip); + + base = (unsigned long)omap_sram_base; + pages = PAGE_ALIGN(omap_sram_size) / PAGE_SIZE; + + set_memory_ro(base, pages); + set_memory_x(base, pages); } Patches currently in stable-queue which might be from tony(a)atomide.com are queue-4.14/arm-omap-fix-sram-w-x-mapping.patch

7 years, 2 months

1
0
0 0

Patch "ARM: dts: sun6i: a31s: bpi-m2: improve pmic properties" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: dts: sun6i: a31s: bpi-m2: improve pmic properties to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-dts-sun6i-a31s-bpi-m2-improve-pmic-properties.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b23af6ad8d2f708c4c3f92dd8f82c233247ba8bf Mon Sep 17 00:00:00 2001 From: Philipp Rossak <embed3d(a)gmail.com> Date: Wed, 14 Feb 2018 15:10:24 +0100 Subject: ARM: dts: sun6i: a31s: bpi-m2: improve pmic properties From: Philipp Rossak <embed3d(a)gmail.com> commit b23af6ad8d2f708c4c3f92dd8f82c233247ba8bf upstream. The eldoin is supplied from the dcdc1 regulator. The N_VBUSEN pin is connected to an external power regulator (SY6280AAC). With this commit we update the pmic binding properties to support those features. Fixes: 7daa21370075 ("ARM: dts: sunxi: Add regulators for Sinovoip BPI-M2") Cc: <stable(a)vger.kernel.org> Signed-off-by: Philipp Rossak <embed3d(a)gmail.com> Signed-off-by: Maxime Ripard <maxime.ripard(a)bootlin.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/boot/dts/sun6i-a31s-sinovoip-bpi-m2.dts | 2 ++ 1 file changed, 2 insertions(+) --- a/arch/arm/boot/dts/sun6i-a31s-sinovoip-bpi-m2.dts +++ b/arch/arm/boot/dts/sun6i-a31s-sinovoip-bpi-m2.dts @@ -163,6 +163,8 @@ reg = <0x68>; interrupt-parent = <&nmi_intc>; interrupts = <0 IRQ_TYPE_LEVEL_LOW>; + eldoin-supply = <&reg_dcdc1>; + x-powers,drive-vbus-en; }; }; Patches currently in stable-queue which might be from embed3d(a)gmail.com are queue-4.14/arm-dts-sun6i-a31s-bpi-m2-improve-pmic-properties.patch queue-4.14/arm-dts-sun6i-a31s-bpi-m2-add-missing-regulators.patch

7 years, 2 months

1
0
0 0

Patch "ARM: dts: sun6i: a31s: bpi-m2: add missing regulators" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: dts: sun6i: a31s: bpi-m2: add missing regulators to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-dts-sun6i-a31s-bpi-m2-add-missing-regulators.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 70b8d21496758dd7ff600ec9de0ee3812fac7a40 Mon Sep 17 00:00:00 2001 From: Philipp Rossak <embed3d(a)gmail.com> Date: Wed, 14 Feb 2018 15:10:25 +0100 Subject: ARM: dts: sun6i: a31s: bpi-m2: add missing regulators From: Philipp Rossak <embed3d(a)gmail.com> commit 70b8d21496758dd7ff600ec9de0ee3812fac7a40 upstream. This patch fixes a bootproblem with the Bananapi M2 board. Since there are some regulators missing we add them right now. Those values come from the schematic, below you can find a small overview: * reg_aldo1: 3,3V, powers the wifi * reg_aldo2: 2,5V, powers the IO of the RTL8211E * reg_aldo3: 3,3V, powers the audio * reg_dldo1: 3,0V, powers the RTL8211E * reg_dldo2: 2,8V, powers the analog part of the csi * reg_dldo3: 3,3V, powers misc * reg_eldo1: 1,8V, powers the csi * reg_ldo_io1:1,8V, powers the gpio * reg_dc5ldo: needs to be always on This patch updates also the vmmc-supply properties on the mmc0 and mmc2 node to use the allready existent regulators. We can now remove the sunxi-common-regulators.dtsi include since we don't need it anymore. Fixes: 7daa21370075 ("ARM: dts: sunxi: Add regulators for Sinovoip BPI-M2") Cc: <stable(a)vger.kernel.org> Signed-off-by: Philipp Rossak <embed3d(a)gmail.com> Signed-off-by: Maxime Ripard <maxime.ripard(a)bootlin.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/boot/dts/sun6i-a31s-sinovoip-bpi-m2.dts | 61 +++++++++++++++++++++-- 1 file changed, 58 insertions(+), 3 deletions(-) --- a/arch/arm/boot/dts/sun6i-a31s-sinovoip-bpi-m2.dts +++ b/arch/arm/boot/dts/sun6i-a31s-sinovoip-bpi-m2.dts @@ -42,7 +42,6 @@ /dts-v1/; #include "sun6i-a31s.dtsi" -#include "sunxi-common-regulators.dtsi" #include <dt-bindings/gpio/gpio.h> / { @@ -99,6 +98,7 @@ pinctrl-0 = <&gmac_pins_rgmii_a>, <&gmac_phy_reset_pin_bpi_m2>; phy = <&phy1>; phy-mode = "rgmii"; + phy-supply = <&reg_dldo1>; snps,reset-gpio = <&pio 0 21 GPIO_ACTIVE_HIGH>; /* PA21 */ snps,reset-active-low; snps,reset-delays-us = <0 10000 30000>; @@ -118,7 +118,7 @@ &mmc0 { pinctrl-names = "default"; pinctrl-0 = <&mmc0_pins_a>, <&mmc0_cd_pin_bpi_m2>; - vmmc-supply = <&reg_vcc3v0>; + vmmc-supply = <&reg_dcdc1>; bus-width = <4>; cd-gpios = <&pio 0 4 GPIO_ACTIVE_HIGH>; /* PA4 */ cd-inverted; @@ -132,7 +132,7 @@ &mmc2 { pinctrl-names = "default"; pinctrl-0 = <&mmc2_pins_a>; - vmmc-supply = <&reg_vcc3v0>; + vmmc-supply = <&reg_aldo1>; mmc-pwrseq = <&mmc2_pwrseq>; bus-width = <4>; non-removable; @@ -195,7 +195,28 @@ #include "axp22x.dtsi" +&reg_aldo1 { + regulator-min-microvolt = <3300000>; + regulator-max-microvolt = <3300000>; + regulator-name = "vcc-wifi"; +}; + +&reg_aldo2 { + regulator-always-on; + regulator-min-microvolt = <2500000>; + regulator-max-microvolt = <2500000>; + regulator-name = "vcc-gmac"; +}; + +&reg_aldo3 { + regulator-always-on; + regulator-min-microvolt = <3000000>; + regulator-max-microvolt = <3000000>; + regulator-name = "avcc"; +}; + &reg_dc5ldo { + regulator-always-on; regulator-min-microvolt = <700000>; regulator-max-microvolt = <1320000>; regulator-name = "vdd-cpus"; @@ -235,6 +256,40 @@ regulator-name = "vcc-dram"; }; +&reg_dldo1 { + regulator-min-microvolt = <3000000>; + regulator-max-microvolt = <3000000>; + regulator-name = "vcc-mac"; +}; + +&reg_dldo2 { + regulator-min-microvolt = <2800000>; + regulator-max-microvolt = <2800000>; + regulator-name = "avdd-csi"; +}; + +&reg_dldo3 { + regulator-always-on; + regulator-min-microvolt = <3300000>; + regulator-max-microvolt = <3300000>; + regulator-name = "vcc-pb"; +}; + +&reg_eldo1 { + regulator-min-microvolt = <1800000>; + regulator-max-microvolt = <1800000>; + regulator-name = "vdd-csi"; + status = "okay"; +}; + +&reg_ldo_io1 { + regulator-always-on; + regulator-min-microvolt = <1800000>; + regulator-max-microvolt = <1800000>; + regulator-name = "vcc-pm-cpus"; + status = "okay"; +}; + &uart0 { pinctrl-names = "default"; pinctrl-0 = <&uart0_pins_a>; Patches currently in stable-queue which might be from embed3d(a)gmail.com are queue-4.14/arm-dts-sun6i-a31s-bpi-m2-improve-pmic-properties.patch queue-4.14/arm-dts-sun6i-a31s-bpi-m2-add-missing-regulators.patch

7 years, 2 months

1
0
0 0

Patch "ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[]" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-8746-1-vfp-go-back-to-clearing-vfp_current_hw_state.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 1328f02005bbbaed15b9d5b7f3ab5ec9d4d5268a Mon Sep 17 00:00:00 2001 From: Fabio Estevam <festevam(a)gmail.com> Date: Mon, 22 Jan 2018 12:20:26 +0100 Subject: ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] From: Fabio Estevam <festevam(a)gmail.com> commit 1328f02005bbbaed15b9d5b7f3ab5ec9d4d5268a upstream. Commit 384b38b66947 ("ARM: 7873/1: vfp: clear vfp_current_hw_state for dying cpu") fixed the cpu dying notifier by clearing vfp_current_hw_state[]. However commit e5b61bafe704 ("arm: Convert VFP hotplug notifiers to state machine") incorrectly used the original vfp_force_reload() function in the cpu dying notifier. Fix it by going back to clearing vfp_current_hw_state[]. Fixes: e5b61bafe704 ("arm: Convert VFP hotplug notifiers to state machine") Cc: linux-stable <stable(a)vger.kernel.org> Reported-by: Kohji Okuno <okuno.kohji(a)jp.panasonic.com> Signed-off-by: Fabio Estevam <fabio.estevam(a)nxp.com> Signed-off-by: Russell King <rmk+kernel(a)armlinux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/vfp/vfpmodule.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/arm/vfp/vfpmodule.c +++ b/arch/arm/vfp/vfpmodule.c @@ -648,7 +648,7 @@ int vfp_restore_user_hwstate(struct user */ static int vfp_dying_cpu(unsigned int cpu) { - vfp_force_reload(cpu, current_thread_info()); + vfp_current_hw_state[cpu] = NULL; return 0; } Patches currently in stable-queue which might be from festevam(a)gmail.com are queue-4.14/arm-8746-1-vfp-go-back-to-clearing-vfp_current_hw_state.patch

7 years, 2 months

1
0
0 0

Patch "ALSA: usb-audio: Add native DSD support for TEAC UD-301" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: usb-audio: Add native DSD support for TEAC UD-301 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-usb-audio-add-native-dsd-support-for-teac-ud-301.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b00214865d65100163574ba250008f182cf90869 Mon Sep 17 00:00:00 2001 From: Nobutaka Okabe <nob77413(a)gmail.com> Date: Fri, 23 Mar 2018 19:49:44 +0900 Subject: ALSA: usb-audio: Add native DSD support for TEAC UD-301 From: Nobutaka Okabe <nob77413(a)gmail.com> commit b00214865d65100163574ba250008f182cf90869 upstream. Add native DSD support quirk for TEAC UD-301 DAC, by adding the PID/VID 0644:804a. Signed-off-by: Nobutaka Okabe <nob77413(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/usb/quirks.c | 1 + 1 file changed, 1 insertion(+) --- a/sound/usb/quirks.c +++ b/sound/usb/quirks.c @@ -1177,6 +1177,7 @@ static bool is_teac_dsd_dac(unsigned int switch (id) { case USB_ID(0x0644, 0x8043): /* TEAC UD-501/UD-503/NT-503 */ case USB_ID(0x0644, 0x8044): /* Esoteric D-05X */ + case USB_ID(0x0644, 0x804a): /* TEAC UD-301 */ return true; } return false; Patches currently in stable-queue which might be from nob77413(a)gmail.com are queue-4.14/alsa-usb-audio-add-native-dsd-support-for-teac-ud-301.patch

7 years, 2 months

1
0
0 0

Patch "ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-pcm-use-dma_bytes-as-size-parameter-in-dma_mmap_coherent.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9066ae7ff5d89c0b5daa271e2d573540097a94fa Mon Sep 17 00:00:00 2001 From: Stefan Roese <sr(a)denx.de> Date: Mon, 26 Mar 2018 16:10:21 +0200 Subject: ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() From: Stefan Roese <sr(a)denx.de> commit 9066ae7ff5d89c0b5daa271e2d573540097a94fa upstream. When trying to use the driver (e.g. aplay *.wav), the 4MiB DMA buffer will get mmapp'ed in 16KiB chunks. But this fails with the 2nd 16KiB area, as the page offset is outside of the VMA range (size), which is currently used as size parameter in snd_pcm_lib_default_mmap(). By using the DMA buffer size (dma_bytes) instead, the complete DMA buffer can be mmapp'ed and the issue is fixed. This issue was detected on an ARM platform (TI AM57xx) using the RME HDSP MADI PCIe soundcard. Fixes: 657b1989dacf ("ALSA: pcm - Use dma_mmap_coherent() if available") Signed-off-by: Stefan Roese <sr(a)denx.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/core/pcm_native.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c @@ -3424,7 +3424,7 @@ int snd_pcm_lib_default_mmap(struct snd_ area, substream->runtime->dma_area, substream->runtime->dma_addr, - area->vm_end - area->vm_start); + substream->runtime->dma_bytes); #endif /* CONFIG_X86 */ /* mmap with fault handler */ area->vm_ops = &snd_pcm_vm_ops_data_fault; Patches currently in stable-queue which might be from sr(a)denx.de are queue-4.14/alsa-pcm-use-dma_bytes-as-size-parameter-in-dma_mmap_coherent.patch

7 years, 2 months

1
0
0 0

Patch "ALSA: pcm: potential uninitialized return values" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: pcm: potential uninitialized return values to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-pcm-potential-uninitialized-return-values.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 5607dddbfca774fb38bffadcb077fe03aa4ac5c6 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Tue, 27 Mar 2018 16:07:52 +0300 Subject: ALSA: pcm: potential uninitialized return values From: Dan Carpenter <dan.carpenter(a)oracle.com> commit 5607dddbfca774fb38bffadcb077fe03aa4ac5c6 upstream. Smatch complains that "tmp" can be uninitialized if we do a zero size write. Fixes: 02a5d6925cd3 ("ALSA: pcm: Avoid potential races between OSS ioctls and read/write") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/core/oss/pcm_oss.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/sound/core/oss/pcm_oss.c +++ b/sound/core/oss/pcm_oss.c @@ -1326,7 +1326,7 @@ static ssize_t snd_pcm_oss_write2(struct static ssize_t snd_pcm_oss_write1(struct snd_pcm_substream *substream, const char __user *buf, size_t bytes) { size_t xfer = 0; - ssize_t tmp; + ssize_t tmp = 0; struct snd_pcm_runtime *runtime = substream->runtime; if (atomic_read(&substream->mmap_count)) @@ -1433,7 +1433,7 @@ static ssize_t snd_pcm_oss_read2(struct static ssize_t snd_pcm_oss_read1(struct snd_pcm_substream *substream, char __user *buf, size_t bytes) { size_t xfer = 0; - ssize_t tmp; + ssize_t tmp = 0; struct snd_pcm_runtime *runtime = substream->runtime; if (atomic_read(&substream->mmap_count)) Patches currently in stable-queue which might be from dan.carpenter(a)oracle.com are queue-4.14/alsa-pcm-potential-uninitialized-return-values.patch

7 years, 2 months

1
0
0 0

Patch "perf/hwbp: Simplify the perf-hwbp code, fix documentation" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled perf/hwbp: Simplify the perf-hwbp code, fix documentation to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: perf-hwbp-simplify-the-perf-hwbp-code-fix-documentation.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From f67b15037a7a50c57f72e69a6d59941ad90a0f0f Mon Sep 17 00:00:00 2001 From: Linus Torvalds <torvalds(a)linux-foundation.org> Date: Mon, 26 Mar 2018 15:39:07 -1000 Subject: perf/hwbp: Simplify the perf-hwbp code, fix documentation From: Linus Torvalds <torvalds(a)linux-foundation.org> commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f upstream. Annoyingly, modify_user_hw_breakpoint() unnecessarily complicates the modification of a breakpoint - simplify it and remove the pointless local variables. Also update the stale Docbook while at it. Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Cc: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arnaldo Carvalho de Melo <acme(a)redhat.com> Cc: Frederic Weisbecker <fweisbec(a)gmail.com> Cc: Jiri Olsa <jolsa(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Stephane Eranian <eranian(a)google.com> Cc: Vince Weaver <vincent.weaver(a)maine.edu> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/events/hw_breakpoint.c | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) --- a/kernel/events/hw_breakpoint.c +++ b/kernel/events/hw_breakpoint.c @@ -427,16 +427,9 @@ EXPORT_SYMBOL_GPL(register_user_hw_break * modify_user_hw_breakpoint - modify a user-space hardware breakpoint * @bp: the breakpoint structure to modify * @attr: new breakpoint attributes - * @triggered: callback to trigger when we hit the breakpoint - * @tsk: pointer to 'task_struct' of the process to which the address belongs */ int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *attr) { - u64 old_addr = bp->attr.bp_addr; - u64 old_len = bp->attr.bp_len; - int old_type = bp->attr.bp_type; - int err = 0; - /* * modify_user_hw_breakpoint can be invoked with IRQs disabled and hence it * will not be possible to raise IPIs that invoke __perf_event_disable. @@ -451,27 +444,18 @@ int modify_user_hw_breakpoint(struct per bp->attr.bp_addr = attr->bp_addr; bp->attr.bp_type = attr->bp_type; bp->attr.bp_len = attr->bp_len; + bp->attr.disabled = 1; - if (attr->disabled) - goto end; - - err = validate_hw_breakpoint(bp); - if (!err) - perf_event_enable(bp); + if (!attr->disabled) { + int err = validate_hw_breakpoint(bp); - if (err) { - bp->attr.bp_addr = old_addr; - bp->attr.bp_type = old_type; - bp->attr.bp_len = old_len; - if (!bp->attr.disabled) - perf_event_enable(bp); + if (err) + return err; - return err; + perf_event_enable(bp); + bp->attr.disabled = 0; } -end: - bp->attr.disabled = attr->disabled; - return 0; } EXPORT_SYMBOL_GPL(modify_user_hw_breakpoint); Patches currently in stable-queue which might be from torvalds(a)linux-foundation.org are queue-3.18/tty-vt-fix-up-tabstops-properly.patch queue-3.18/perf-hwbp-simplify-the-perf-hwbp-code-fix-documentation.patch queue-3.18/kvm-x86-fix-icebp-instruction-handling.patch

7 years, 2 months

1
0
0 0

Patch "mtd: jedec_probe: Fix crash in jedec_read_mfr()" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mtd: jedec_probe: Fix crash in jedec_read_mfr() to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mtd-jedec_probe-fix-crash-in-jedec_read_mfr.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 87a73eb5b56fd6e07c8e499fe8608ef2d8912b82 Mon Sep 17 00:00:00 2001 From: Linus Walleij <linus.walleij(a)linaro.org> Date: Sat, 3 Mar 2018 23:29:03 +0100 Subject: mtd: jedec_probe: Fix crash in jedec_read_mfr() From: Linus Walleij <linus.walleij(a)linaro.org> commit 87a73eb5b56fd6e07c8e499fe8608ef2d8912b82 upstream. It turns out that the loop where we read manufacturer jedec_read_mfd() can under some circumstances get a CFI_MFR_CONTINUATION repeatedly, making the loop go over all banks and eventually hit the end of the map and crash because of an access violation: Unable to handle kernel paging request at virtual address c4980000 pgd = (ptrval) [c4980000] *pgd=03808811, *pte=00000000, *ppte=00000000 Internal error: Oops: 7 [#1] PREEMPT ARM CPU: 0 PID: 1 Comm: swapper Not tainted 4.16.0-rc1+ #150 Hardware name: Gemini (Device Tree) PC is at jedec_probe_chip+0x6ec/0xcd0 LR is at 0x4 pc : [<c03a2bf4>] lr : [<00000004>] psr: 60000013 sp : c382dd18 ip : 0000ffff fp : 00000000 r10: c0626388 r9 : 00020000 r8 : c0626340 r7 : 00000000 r6 : 00000001 r5 : c3a71afc r4 : c382dd70 r3 : 00000001 r2 : c4900000 r1 : 00000002 r0 : 00080000 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 0000397f Table: 00004000 DAC: 00000053 Process swapper (pid: 1, stack limit = 0x(ptrval)) Fix this by breaking the loop with a return 0 if the offset exceeds the map size. Fixes: 5c9c11e1c47c ("[MTD] [NOR] Add support for flash chips with ID in bank other than 0") Cc: <stable(a)vger.kernel.org> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/mtd/chips/jedec_probe.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/mtd/chips/jedec_probe.c +++ b/drivers/mtd/chips/jedec_probe.c @@ -1889,6 +1889,8 @@ static inline u32 jedec_read_mfr(struct do { uint32_t ofs = cfi_build_cmd_addr(0 + (bank << 8), map, cfi); mask = (1 << (cfi->device_type * 8)) - 1; + if (ofs >= map->size) + return 0; result = map_read(map, base + ofs); bank++; } while ((result.x[0] & mask) == CFI_MFR_CONTINUATION); Patches currently in stable-queue which might be from linus.walleij(a)linaro.org are queue-3.18/mtd-jedec_probe-fix-crash-in-jedec_read_mfr.patch

7 years, 2 months

1
0
0 0

Patch "ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-pcm-use-dma_bytes-as-size-parameter-in-dma_mmap_coherent.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9066ae7ff5d89c0b5daa271e2d573540097a94fa Mon Sep 17 00:00:00 2001 From: Stefan Roese <sr(a)denx.de> Date: Mon, 26 Mar 2018 16:10:21 +0200 Subject: ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() From: Stefan Roese <sr(a)denx.de> commit 9066ae7ff5d89c0b5daa271e2d573540097a94fa upstream. When trying to use the driver (e.g. aplay *.wav), the 4MiB DMA buffer will get mmapp'ed in 16KiB chunks. But this fails with the 2nd 16KiB area, as the page offset is outside of the VMA range (size), which is currently used as size parameter in snd_pcm_lib_default_mmap(). By using the DMA buffer size (dma_bytes) instead, the complete DMA buffer can be mmapp'ed and the issue is fixed. This issue was detected on an ARM platform (TI AM57xx) using the RME HDSP MADI PCIe soundcard. Fixes: 657b1989dacf ("ALSA: pcm - Use dma_mmap_coherent() if available") Signed-off-by: Stefan Roese <sr(a)denx.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/core/pcm_native.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c @@ -3394,7 +3394,7 @@ int snd_pcm_lib_default_mmap(struct snd_ area, substream->runtime->dma_area, substream->runtime->dma_addr, - area->vm_end - area->vm_start); + substream->runtime->dma_bytes); #elif defined(CONFIG_MIPS) && defined(CONFIG_DMA_NONCOHERENT) if (substream->dma_buffer.dev.type == SNDRV_DMA_TYPE_DEV && !plat_device_is_coherent(substream->dma_buffer.dev.dev)) Patches currently in stable-queue which might be from sr(a)denx.de are queue-3.18/alsa-pcm-use-dma_bytes-as-size-parameter-in-dma_mmap_coherent.patch

7 years, 2 months

1
0
0 0

Patch "ALSA: pcm: potential uninitialized return values" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ALSA: pcm: potential uninitialized return values to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: alsa-pcm-potential-uninitialized-return-values.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 5607dddbfca774fb38bffadcb077fe03aa4ac5c6 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Tue, 27 Mar 2018 16:07:52 +0300 Subject: ALSA: pcm: potential uninitialized return values From: Dan Carpenter <dan.carpenter(a)oracle.com> commit 5607dddbfca774fb38bffadcb077fe03aa4ac5c6 upstream. Smatch complains that "tmp" can be uninitialized if we do a zero size write. Fixes: 02a5d6925cd3 ("ALSA: pcm: Avoid potential races between OSS ioctls and read/write") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- sound/core/oss/pcm_oss.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/sound/core/oss/pcm_oss.c +++ b/sound/core/oss/pcm_oss.c @@ -1362,7 +1362,7 @@ static ssize_t snd_pcm_oss_write2(struct static ssize_t snd_pcm_oss_write1(struct snd_pcm_substream *substream, const char __user *buf, size_t bytes) { size_t xfer = 0; - ssize_t tmp; + ssize_t tmp = 0; struct snd_pcm_runtime *runtime = substream->runtime; if (atomic_read(&substream->mmap_count)) @@ -1469,7 +1469,7 @@ static ssize_t snd_pcm_oss_read2(struct static ssize_t snd_pcm_oss_read1(struct snd_pcm_substream *substream, char __user *buf, size_t bytes) { size_t xfer = 0; - ssize_t tmp; + ssize_t tmp = 0; struct snd_pcm_runtime *runtime = substream->runtime; if (atomic_read(&substream->mmap_count)) Patches currently in stable-queue which might be from dan.carpenter(a)oracle.com are queue-3.18/alsa-pcm-potential-uninitialized-return-values.patch queue-3.18/staging-ncpfs-memory-corruption-in-ncp_read_kernel.patch

7 years, 2 months

1
0
0 0

4.16-rc7 not (yet?) in stable.git

by Rainer Fiebig

Hi! 4.16-rc7 doesn't seem to be in stable.git yet. Am I too impatient or perhaps having a git-pull-problem here? Thanks! Rainer Fiebig -- The truth always turns out to be simpler than you thought. Richard Feynman

7 years, 2 months

3
3
0 0

Re: [PATCH] x86/xen: Delay get_cpu_cap until stack canary is established

by Boris Ostrovsky

On 03/31/2018 01:38 PM, Jason Andryuk wrote: > On Wed, Mar 21, 2018, 5:12 PM Boris Ostrovsky > <boris.ostrovsky(a)oracle.com <mailto:boris.ostrovsky@oracle.com>> wrote: > > On 03/19/2018 12:58 PM, Jason Andryuk wrote: > > Commit 2cc42bac1c79 ("x86-64/Xen: eliminate W+X mappings") > introduced a > > call to get_cpu_cap, which is fstack-protected. This is works on > x86-64 > > as commit 4f277295e54c ("x86/xen: init %gs very early to avoid page > > faults with stack protector") ensures the stack protector is > configured, > > but it it did not cover x86-32. > > > > Delay calling get_cpu_cap until after xen_setup_gdt has > initialized the > > stack canary. Without this, a 32bit PV machine crashes early > > in boot. > > (XEN) Domain 0 (vcpu#0) crashed on cpu#0: > > (XEN) ----[ Xen-4.6.6-xc x86_64 debug=n Tainted: C ]---- > > (XEN) CPU: 0 > > (XEN) RIP: e019:[<00000000c10362f8>] > > > > And the PV kernel IP corresponds to init_scattered_cpuid_features > > 0xc10362f8 <+24>: mov %gs:0x14,%eax > > > > Fixes 2cc42bac1c79 ("x86-64/Xen: eliminate W+X mappings") > > > > Signed-off-by: Jason Andryuk <jandryuk(a)gmail.com > <mailto:jandryuk@gmail.com>> > > > > > Applied to for-linus-4.17 > > > Thanks. If it's not too late, can this be cc: stable? We can always try ;-) This is 4.15 and 4.16 only, I believe. -boris > If not, I'll > submit the request after it is in Linus's tree. > > -Jason >

7 years, 2 months

2
1
0 0

Linux 4.4.126

by Greg KH

I'm announcing the release of the 4.4.126 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - drivers/net/ethernet/arc/emac_rockchip.c | 6 +++-- drivers/net/ethernet/broadcom/bcmsysport.c | 33 +++++++++++++---------------- drivers/net/ethernet/broadcom/bcmsysport.h | 2 - drivers/net/ethernet/freescale/fec_main.c | 2 + drivers/net/ethernet/ti/cpsw.c | 3 +- drivers/net/team/team.c | 4 +-- drivers/s390/net/qeth_core_main.c | 21 +++++++++++++----- drivers/s390/net/qeth_l2_main.c | 2 - drivers/s390/net/qeth_l3_main.c | 2 - drivers/scsi/sg.c | 5 ++-- kernel/irq/manage.c | 4 --- net/core/skbuff.c | 2 - net/dccp/proto.c | 5 ++++ net/ieee802154/6lowpan/core.c | 12 +++++++--- net/ipv4/inet_fragment.c | 3 ++ net/ipv4/ip_sockglue.c | 6 +++-- net/ipv6/ndisc.c | 3 +- net/iucv/af_iucv.c | 4 ++- net/l2tp/l2tp_core.c | 8 +++++-- net/netlink/genetlink.c | 2 - 21 files changed, 81 insertions(+), 50 deletions(-) Alexey Kodanev (1): dccp: check sk for closed state in dccp_sendmsg() Arkadi Sharshevsky (1): team: Fix double free in error path Arvind Yadav (1): net/iucv: Free memory obtained by kzalloc Christophe JAILLET (1): net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred David Ahern (1): net: Only honor ifindex in IP_PKTINFO if non-0 Eric Dumazet (2): l2tp: do not accept arbitrary sockets ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() Florian Fainelli (2): net: fec: Fix unbalanced PM runtime calls net: systemport: Rewrite __bcm_sysport_tx_reclaim() Greg Kroah-Hartman (2): Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" Linux 4.4.126 Johannes Thumshirn (1): scsi: sg: don't return bogus Sg_requests Julian Wiedmann (4): s390/qeth: free netdevice when removing a card s390/qeth: when thread completes, wake up all waiters s390/qeth: lock read device while queueing next buffer s390/qeth: on channel error, reject further cmd requests Kirill Tkhai (1): net: Fix hlist corruptions in inet_evict_bucket() Lorenzo Bianconi (1): ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() Nicolas Dichtel (1): netlink: avoid a double skb free in genlmsg_mcast() SZ Lin (林上智) (1): net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface Vinicius Costa Gomes (1): skbuff: Fix not waking applications when errors are enqueued

7 years, 2 months

1
1
0 0

Linux 4.9.92

by Greg KH

I'm announcing the release of the 4.9.92 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - drivers/net/ethernet/arc/emac_rockchip.c | 6 +++- drivers/net/ethernet/broadcom/bcmsysport.c | 33 +++++++++++--------------- drivers/net/ethernet/broadcom/bcmsysport.h | 2 - drivers/net/ethernet/freescale/fec_main.c | 2 + drivers/net/ethernet/hisilicon/hns/hns_enet.c | 22 +++++++---------- drivers/net/ethernet/hisilicon/hns/hns_enet.h | 6 ++-- drivers/net/ethernet/ti/cpsw.c | 3 +- drivers/net/ppp/ppp_generic.c | 26 +++++++++++--------- drivers/net/team/team.c | 4 +-- drivers/s390/net/qeth_core_main.c | 21 +++++++++++----- drivers/s390/net/qeth_l2_main.c | 2 - drivers/s390/net/qeth_l3_main.c | 2 - drivers/scsi/sg.c | 5 ++- drivers/soc/fsl/qbman/qman.c | 28 +++------------------- include/linux/cgroup-defs.h | 4 +-- include/linux/rhashtable.h | 4 ++- include/net/sch_generic.h | 19 ++++++++++++++ kernel/irq/manage.c | 4 --- lib/rhashtable.c | 4 ++- net/core/dev.c | 22 +++++++++++------ net/core/skbuff.c | 2 - net/dccp/proto.c | 5 +++ net/ieee802154/6lowpan/core.c | 12 ++++++--- net/ipv4/inet_fragment.c | 3 ++ net/ipv4/ip_sockglue.c | 6 +++- net/ipv6/ndisc.c | 3 +- net/iucv/af_iucv.c | 4 ++- net/kcm/kcmsock.c | 33 ++++++++++++++++++-------- net/l2tp/l2tp_core.c | 8 ++++-- net/netlink/genetlink.c | 2 - net/sched/act_tunnel_key.c | 1 net/sched/sch_netem.c | 2 - 33 files changed, 180 insertions(+), 122 deletions(-) Alexey Kodanev (2): sch_netem: fix skb leak in netem_enqueue() dccp: check sk for closed state in dccp_sendmsg() Arkadi Sharshevsky (1): team: Fix double free in error path Arvind Yadav (1): net/iucv: Free memory obtained by kzalloc Christophe JAILLET (1): net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred David Ahern (1): net: Only honor ifindex in IP_PKTINFO if non-0 Eric Dumazet (3): ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() net: use skb_to_full_sk() in skb_update_prio() l2tp: do not accept arbitrary sockets Florian Fainelli (2): net: fec: Fix unbalanced PM runtime calls net: systemport: Rewrite __bcm_sysport_tx_reclaim() Greg Kroah-Hartman (2): Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" Linux 4.9.92 Guillaume Nault (1): ppp: avoid loop in xmit recursion detection code Johannes Thumshirn (1): scsi: sg: don't return bogus Sg_requests Julian Wiedmann (4): s390/qeth: free netdevice when removing a card s390/qeth: when thread completes, wake up all waiters s390/qeth: lock read device while queueing next buffer s390/qeth: on channel error, reject further cmd requests Kirill Tkhai (1): net: Fix hlist corruptions in inet_evict_bucket() Lorenzo Bianconi (1): ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() Madalin Bucur (1): soc/fsl/qbman: fix issue in qman_delete_cgr_safe() Nicolas Dichtel (1): netlink: avoid a double skb free in genlmsg_mcast() Paul Blakey (1): rhashtable: Fix rhlist duplicates insertion Roman Mashak (1): net sched actions: return explicit error when tunnel_key mode is not specified SZ Lin (林上智) (1): net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface Tom Herbert (1): kcm: lock lower socket in kcm_attach Vinicius Costa Gomes (1): skbuff: Fix not waking applications when errors are enqueued Yunsheng Lin (1): net: hns: Fix a skb used after free bug

7 years, 2 months

1
1
0 0

Linux 4.14.32

by Greg KH

I'm announcing the release of the 4.14.32 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 drivers/net/ethernet/arc/emac_rockchip.c | 6 drivers/net/ethernet/broadcom/bcmsysport.c | 33 +-- drivers/net/ethernet/broadcom/bcmsysport.h | 2 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 8 drivers/net/ethernet/freescale/fec_main.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_buffers.c | 12 - drivers/net/ethernet/qlogic/qed/qed_iwarp.c | 15 + drivers/net/ethernet/qlogic/qede/qede_main.c | 4 drivers/net/ethernet/ti/cpsw.c | 3 drivers/net/macvlan.c | 2 drivers/net/phy/phy.c | 173 ++++++++--------- drivers/net/phy/phy_device.c | 15 + drivers/net/ppp/ppp_generic.c | 26 +- drivers/net/team/team.c | 4 drivers/s390/net/qeth_core_main.c | 21 +- drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/soc/fsl/qbman/qman.c | 28 -- fs/sysfs/symlink.c | 1 include/linux/cgroup-defs.h | 4 include/linux/phy.h | 1 include/linux/rhashtable.h | 4 include/net/sch_generic.h | 19 + include/net/tcp.h | 11 - lib/rhashtable.c | 4 net/core/dev.c | 22 +- net/core/devlink.c | 16 - net/core/skbuff.c | 2 net/dccp/proto.c | 5 net/ieee802154/6lowpan/core.c | 12 - net/ipv4/inet_fragment.c | 3 net/ipv4/ip_sockglue.c | 6 net/ipv4/tcp.c | 1 net/ipv4/tcp_timer.c | 1 net/ipv6/datagram.c | 21 +- net/ipv6/ndisc.c | 3 net/ipv6/seg6_iptunnel.c | 7 net/iucv/af_iucv.c | 4 net/kcm/kcmsock.c | 33 ++- net/l2tp/l2tp_core.c | 8 net/netlink/genetlink.c | 2 net/sched/act_tunnel_key.c | 1 net/sched/sch_netem.c | 2 44 files changed, 319 insertions(+), 234 deletions(-) Alexey Kodanev (2): sch_netem: fix skb leak in netem_enqueue() dccp: check sk for closed state in dccp_sendmsg() Arkadi Sharshevsky (2): devlink: Remove redundant free on error path team: Fix double free in error path Arvind Yadav (1): net/iucv: Free memory obtained by kzalloc Brad Mouring (1): net: phy: Tell caller result of phy_change() Camelia Groza (3): dpaa_eth: remove duplicate initialization dpaa_eth: increment the RX dropped counter when needed dpaa_eth: remove duplicate increment of the tx_errors counter Christophe JAILLET (1): net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred David Ahern (1): net: Only honor ifindex in IP_PKTINFO if non-0 David Lebrun (2): ipv6: sr: fix NULL pointer dereference when setting encap source address ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state Eric Dumazet (3): ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() net: use skb_to_full_sk() in skb_update_prio() l2tp: do not accept arbitrary sockets Florian Fainelli (2): net: fec: Fix unbalanced PM runtime calls net: systemport: Rewrite __bcm_sysport_tx_reclaim() Greg Kroah-Hartman (1): Linux 4.14.32 Grygorii Strashko (2): sysfs: symlink: export sysfs_create_link_nowarn() net: phy: relax error checking when creating sysfs link netdev->phydev Guillaume Nault (1): ppp: avoid loop in xmit recursion detection code Ido Schimmel (1): mlxsw: spectrum_buffers: Set a minimum quota for CPU port traffic Julian Wiedmann (4): s390/qeth: free netdevice when removing a card s390/qeth: when thread completes, wake up all waiters s390/qeth: lock read device while queueing next buffer s390/qeth: on channel error, reject further cmd requests Kirill Tkhai (1): net: Fix hlist corruptions in inet_evict_bucket() Lorenzo Bianconi (1): ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() Madalin Bucur (2): soc/fsl/qbman: fix issue in qman_delete_cgr_safe() dpaa_eth: fix error in dpaa_remove() Michal Kalderon (2): qed: Fix non TCP packets should be dropped on iWARP ll2 connection qede: Fix qedr link update Nicolas Dichtel (1): netlink: avoid a double skb free in genlmsg_mcast() Paolo Abeni (1): net: ipv6: keep sk status consistent after datagram connect failure Paul Blakey (1): rhashtable: Fix rhlist duplicates insertion Roman Mashak (1): net sched actions: return explicit error when tunnel_key mode is not specified SZ Lin (林上智) (1): net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface Shannon Nelson (1): macvlan: filter out unsupported feature flags Soheil Hassas Yeganeh (2): tcp: reset sk_send_head in tcp_write_queue_purge tcp: purge write queue upon aborting the connection Stefano Brivio (1): ipv6: old_dport should be a __be16 in __ip6_datagram_connect() Tom Herbert (1): kcm: lock lower socket in kcm_attach Vinicius Costa Gomes (1): skbuff: Fix not waking applications when errors are enqueued

7 years, 2 months

1
1
0 0

Linux 4.15.15

by Greg KH

I'm announcing the release of the 4.15.15 kernel. All users of the 4.15 kernel series must upgrade. The updated 4.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.15.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 drivers/net/ethernet/arc/emac_rockchip.c | 6 drivers/net/ethernet/broadcom/bcmsysport.c | 33 +-- drivers/net/ethernet/broadcom/bcmsysport.h | 2 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 8 drivers/net/ethernet/freescale/fec_main.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_buffers.c | 12 - drivers/net/ethernet/qlogic/qed/qed_iwarp.c | 17 + drivers/net/ethernet/qlogic/qede/qede_main.c | 4 drivers/net/ethernet/ti/cpsw.c | 3 drivers/net/macvlan.c | 2 drivers/net/phy/phy.c | 173 ++++++++--------- drivers/net/phy/phy_device.c | 15 + drivers/net/ppp/ppp_generic.c | 26 +- drivers/net/team/team.c | 4 drivers/s390/net/qeth_core_main.c | 21 +- drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/soc/fsl/qbman/qman.c | 28 -- fs/sysfs/symlink.c | 1 include/linux/cgroup-defs.h | 4 include/linux/phy.h | 1 include/linux/rhashtable.h | 4 include/net/sch_generic.h | 19 + lib/rhashtable.c | 4 lib/test_rhashtable.c | 134 +++++++++++++ net/core/dev.c | 22 +- net/core/devlink.c | 16 - net/core/skbuff.c | 2 net/dccp/proto.c | 5 net/dsa/legacy.c | 2 net/ieee802154/6lowpan/core.c | 12 - net/ipv4/inet_fragment.c | 3 net/ipv4/ip_sockglue.c | 6 net/ipv4/tcp.c | 1 net/ipv4/tcp_timer.c | 1 net/ipv6/datagram.c | 21 +- net/ipv6/ndisc.c | 3 net/ipv6/route.c | 71 ++++-- net/ipv6/seg6_iptunnel.c | 7 net/iucv/af_iucv.c | 4 net/kcm/kcmsock.c | 33 ++- net/l2tp/l2tp_core.c | 8 net/netlink/genetlink.c | 2 net/openvswitch/meter.c | 12 - net/sched/act_tunnel_key.c | 1 net/sched/sch_netem.c | 2 47 files changed, 500 insertions(+), 263 deletions(-) Alexey Kodanev (2): sch_netem: fix skb leak in netem_enqueue() dccp: check sk for closed state in dccp_sendmsg() Arkadi Sharshevsky (2): devlink: Remove redundant free on error path team: Fix double free in error path Arvind Yadav (1): net/iucv: Free memory obtained by kzalloc Brad Mouring (1): net: phy: Tell caller result of phy_change() Camelia Groza (3): dpaa_eth: remove duplicate initialization dpaa_eth: increment the RX dropped counter when needed dpaa_eth: remove duplicate increment of the tx_errors counter Christophe JAILLET (1): net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred David Ahern (1): net: Only honor ifindex in IP_PKTINFO if non-0 David Lebrun (2): ipv6: sr: fix NULL pointer dereference when setting encap source address ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state Eric Dumazet (3): ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() net: use skb_to_full_sk() in skb_update_prio() l2tp: do not accept arbitrary sockets Florian Fainelli (3): net: dsa: Fix dsa_is_user_port() test inversion net: fec: Fix unbalanced PM runtime calls net: systemport: Rewrite __bcm_sysport_tx_reclaim() Greg Kroah-Hartman (1): Linux 4.15.15 Grygorii Strashko (2): sysfs: symlink: export sysfs_create_link_nowarn() net: phy: relax error checking when creating sysfs link netdev->phydev Guillaume Nault (1): ppp: avoid loop in xmit recursion detection code Ido Schimmel (1): mlxsw: spectrum_buffers: Set a minimum quota for CPU port traffic Julian Wiedmann (4): s390/qeth: free netdevice when removing a card s390/qeth: when thread completes, wake up all waiters s390/qeth: lock read device while queueing next buffer s390/qeth: on channel error, reject further cmd requests Kirill Tkhai (1): net: Fix hlist corruptions in inet_evict_bucket() Lorenzo Bianconi (1): ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() Madalin Bucur (2): soc/fsl/qbman: fix issue in qman_delete_cgr_safe() dpaa_eth: fix error in dpaa_remove() Michal Kalderon (3): qed: Fix MPA unalign flow in case header is split across two packets. qed: Fix non TCP packets should be dropped on iWARP ll2 connection qede: Fix qedr link update Nicolas Dichtel (1): netlink: avoid a double skb free in genlmsg_mcast() Paolo Abeni (1): net: ipv6: keep sk status consistent after datagram connect failure Paul Blakey (2): rhashtable: Fix rhlist duplicates insertion test_rhashtable: add test case for rhltable with duplicate objects Roman Mashak (1): net sched actions: return explicit error when tunnel_key mode is not specified SZ Lin (林上智) (1): net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface Shannon Nelson (1): macvlan: filter out unsupported feature flags Soheil Hassas Yeganeh (1): tcp: purge write queue upon aborting the connection Stefano Brivio (2): ipv6: old_dport should be a __be16 in __ip6_datagram_connect() ipv6: Reflect MTU changes on PMTU of exceptions for MTU-less routes Tom Herbert (1): kcm: lock lower socket in kcm_attach Vinicius Costa Gomes (1): skbuff: Fix not waking applications when errors are enqueued zhangliping (1): openvswitch: meter: fix the incorrect calculation of max delta_t

7 years, 2 months

1
1
0 0

Patch "[PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: revert-genirq-use-irqd_get_trigger_type-to-compare-the.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 5512cca5c518c20037b10369a4725327202dd80b Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Date: Fri, 30 Mar 2018 10:53:44 +0200 Subject: [PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" This reverts commit f2596a9808acfd02ce1ee389f0e1c37e64aec5f6 which is commit 382bd4de61827dbaaf5fb4fb7b1f4be4a86505e7 upstream. It causes too many problems with the stable tree, and would require too many other things to be backported, so just revert it. Reported-by: Guenter Roeck <linux(a)roeck-us.net> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: Marc Zyngier <marc.zyngier(a)arm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/irq/manage.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) --- a/kernel/irq/manage.c +++ b/kernel/irq/manage.c @@ -1210,10 +1210,8 @@ __setup_irq(unsigned int irq, struct irq * set the trigger type must match. Also all must * agree on ONESHOT. */ - unsigned int oldtype = irqd_get_trigger_type(&desc->irq_data); - if (!((old->flags & new->flags) & IRQF_SHARED) || - (oldtype != (new->flags & IRQF_TRIGGER_MASK)) || + ((old->flags ^ new->flags) & IRQF_TRIGGER_MASK) || ((old->flags ^ new->flags) & IRQF_ONESHOT)) goto mismatch; Patches currently in stable-queue which might be from gregkh(a)linuxfoundation.org are queue-4.9/net-fix-hlist-corruptions-in-inet_evict_bucket.patch queue-4.9/ppp-avoid-loop-in-xmit-recursion-detection-code.patch queue-4.9/ipv6-fix-access-to-non-linear-packet-in-ndisc_fill_redirect_hdr_option.patch queue-4.9/net-only-honor-ifindex-in-ip_pktinfo-if-non-0.patch queue-4.9/skbuff-fix-not-waking-applications-when-errors-are-enqueued.patch queue-4.9/rhashtable-fix-rhlist-duplicates-insertion.patch queue-4.9/kcm-lock-lower-socket-in-kcm_attach.patch queue-4.9/s390-qeth-when-thread-completes-wake-up-all-waiters.patch queue-4.9/sch_netem-fix-skb-leak-in-netem_enqueue.patch queue-4.9/s390-qeth-lock-read-device-while-queueing-next-buffer.patch queue-4.9/net-systemport-rewrite-__bcm_sysport_tx_reclaim.patch queue-4.9/revert-genirq-use-irqd_get_trigger_type-to-compare-the.patch queue-4.9/l2tp-do-not-accept-arbitrary-sockets.patch queue-4.9/netlink-avoid-a-double-skb-free-in-genlmsg_mcast.patch queue-4.9/team-fix-double-free-in-error-path.patch queue-4.9/net-use-skb_to_full_sk-in-skb_update_prio.patch queue-4.9/ieee802154-6lowpan-fix-possible-null-deref-in-lowpan_device_event.patch queue-4.9/net-hns-fix-a-skb-used-after-free-bug.patch queue-4.9/soc-fsl-qbman-fix-issue-in-qman_delete_cgr_safe.patch queue-4.9/net-iucv-free-memory-obtained-by-kzalloc.patch queue-4.9/net-ethernet-arc-fix-a-potential-memory-leak-if-an-optional-regulator-is-deferred.patch queue-4.9/s390-qeth-on-channel-error-reject-further-cmd-requests.patch queue-4.9/scsi-sg-don-t-return-bogus-sg_requests.patch queue-4.9/dccp-check-sk-for-closed-state-in-dccp_sendmsg.patch queue-4.9/net-fec-fix-unbalanced-pm-runtime-calls.patch queue-4.9/net-ethernet-ti-cpsw-add-check-for-in-band-mode-setting-with-rgmii-phy-interface.patch queue-4.9/net-sched-actions-return-explicit-error-when-tunnel_key-mode-is-not-specified.patch queue-4.9/s390-qeth-free-netdevice-when-removing-a-card.patch

7 years, 2 months

1
0
0 0

[PATCH 4.15 00/47] 4.15.15-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.15.15 release. There are 47 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Mar 31 17:57:05 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.15.15-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.15.15-rc1 Arkadi Sharshevsky <arkadis(a)mellanox.com> team: Fix double free in error path Vinicius Costa Gomes <vinicius.gomes(a)intel.com> skbuff: Fix not waking applications when errors are enqueued Michal Kalderon <Michal.Kalderon(a)cavium.com> qede: Fix qedr link update Florian Fainelli <f.fainelli(a)gmail.com> net: systemport: Rewrite __bcm_sysport_tx_reclaim() David Ahern <dsahern(a)gmail.com> net: Only honor ifindex in IP_PKTINFO if non-0 Nicolas Dichtel <nicolas.dichtel(a)6wind.com> netlink: avoid a double skb free in genlmsg_mcast() Arvind Yadav <arvind.yadav.cs(a)gmail.com> net/iucv: Free memory obtained by kzalloc Florian Fainelli <f.fainelli(a)gmail.com> net: fec: Fix unbalanced PM runtime calls SZ Lin (林上智) <sz.lin(a)moxa.com> net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred Eric Dumazet <edumazet(a)google.com> l2tp: do not accept arbitrary sockets Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: check sk for closed state in dccp_sendmsg() Camelia Groza <camelia.groza(a)nxp.com> dpaa_eth: remove duplicate increment of the tx_errors counter Camelia Groza <camelia.groza(a)nxp.com> dpaa_eth: increment the RX dropped counter when needed Camelia Groza <camelia.groza(a)nxp.com> dpaa_eth: remove duplicate initialization Madalin Bucur <madalin.bucur(a)nxp.com> dpaa_eth: fix error in dpaa_remove() Madalin Bucur <madalin.bucur(a)nxp.com> soc/fsl/qbman: fix issue in qman_delete_cgr_safe() Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: on channel error, reject further cmd requests Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: lock read device while queueing next buffer Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: when thread completes, wake up all waiters Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: free netdevice when removing a card Kirill Tkhai <ktkhai(a)virtuozzo.com> net: Fix hlist corruptions in inet_evict_bucket() Eric Dumazet <edumazet(a)google.com> net: use skb_to_full_sk() in skb_update_prio() Eric Dumazet <edumazet(a)google.com> ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() Alexey Kodanev <alexey.kodanev(a)oracle.com> sch_netem: fix skb leak in netem_enqueue() Tom Herbert <tom(a)quantonium.net> kcm: lock lower socket in kcm_attach Paul Blakey <paulb(a)mellanox.com> test_rhashtable: add test case for rhltable with duplicate objects Paul Blakey <paulb(a)mellanox.com> rhashtable: Fix rhlist duplicates insertion Guillaume Nault <g.nault(a)alphalink.fr> ppp: avoid loop in xmit recursion detection code Roman Mashak <mrv(a)mojatatu.com> net sched actions: return explicit error when tunnel_key mode is not specified Stefano Brivio <sbrivio(a)redhat.com> ipv6: Reflect MTU changes on PMTU of exceptions for MTU-less routes Brad Mouring <brad.mouring(a)ni.com> net: phy: Tell caller result of phy_change() Ido Schimmel <idosch(a)mellanox.com> mlxsw: spectrum_buffers: Set a minimum quota for CPU port traffic David Lebrun <dlebrun(a)google.com> ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state David Lebrun <dlebrun(a)google.com> ipv6: sr: fix NULL pointer dereference when setting encap source address Stefano Brivio <sbrivio(a)redhat.com> ipv6: old_dport should be a __be16 in __ip6_datagram_connect() Paolo Abeni <pabeni(a)redhat.com> net: ipv6: keep sk status consistent after datagram connect failure Shannon Nelson <shannon.nelson(a)oracle.com> macvlan: filter out unsupported feature flags Arkadi Sharshevsky <arkadis(a)mellanox.com> devlink: Remove redundant free on error path Grygorii Strashko <grygorii.strashko(a)ti.com> net: phy: relax error checking when creating sysfs link netdev->phydev Grygorii Strashko <grygorii.strashko(a)ti.com> sysfs: symlink: export sysfs_create_link_nowarn() Michal Kalderon <Michal.Kalderon(a)cavium.com> qed: Fix non TCP packets should be dropped on iWARP ll2 connection Soheil Hassas Yeganeh <soheil(a)google.com> tcp: purge write queue upon aborting the connection Michal Kalderon <Michal.Kalderon(a)cavium.com> qed: Fix MPA unalign flow in case header is split across two packets. zhangliping <zhangliping02(a)baidu.com> openvswitch: meter: fix the incorrect calculation of max delta_t Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: Fix dsa_is_user_port() test inversion ------------- Diffstat: Makefile | 4 +- drivers/net/ethernet/arc/emac_rockchip.c | 6 +- drivers/net/ethernet/broadcom/bcmsysport.c | 33 ++-- drivers/net/ethernet/broadcom/bcmsysport.h | 2 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 8 +- drivers/net/ethernet/freescale/fec_main.c | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_buffers.c | 12 +- drivers/net/ethernet/qlogic/qed/qed_iwarp.c | 17 +- drivers/net/ethernet/qlogic/qede/qede_main.c | 4 +- drivers/net/ethernet/ti/cpsw.c | 3 +- drivers/net/macvlan.c | 2 +- drivers/net/phy/phy.c | 173 ++++++++++----------- drivers/net/phy/phy_device.c | 15 +- drivers/net/ppp/ppp_generic.c | 26 ++-- drivers/net/team/team.c | 4 +- drivers/s390/net/qeth_core_main.c | 21 ++- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/soc/fsl/qbman/qman.c | 28 +--- fs/sysfs/symlink.c | 1 + include/linux/cgroup-defs.h | 4 +- include/linux/phy.h | 1 - include/linux/rhashtable.h | 4 +- include/net/sch_generic.h | 19 +++ lib/rhashtable.c | 4 +- lib/test_rhashtable.c | 134 ++++++++++++++++ net/core/dev.c | 22 ++- net/core/devlink.c | 16 +- net/core/skbuff.c | 2 +- net/dccp/proto.c | 5 + net/dsa/legacy.c | 2 +- net/ieee802154/6lowpan/core.c | 12 +- net/ipv4/inet_fragment.c | 3 + net/ipv4/ip_sockglue.c | 6 +- net/ipv4/tcp.c | 1 + net/ipv4/tcp_timer.c | 1 + net/ipv6/datagram.c | 21 ++- net/ipv6/ndisc.c | 3 +- net/ipv6/route.c | 71 +++++---- net/ipv6/seg6_iptunnel.c | 7 +- net/iucv/af_iucv.c | 4 +- net/kcm/kcmsock.c | 33 ++-- net/l2tp/l2tp_core.c | 8 +- net/netlink/genetlink.c | 2 +- net/openvswitch/meter.c | 12 +- net/sched/act_tunnel_key.c | 1 + net/sched/sch_netem.c | 2 +- 47 files changed, 501 insertions(+), 264 deletions(-)

7 years, 2 months

4
52
0 0

[PATCH 4.4 00/20] 4.4.126-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.126 release. There are 20 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Mar 31 17:57:30 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.126-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.126-rc1 Florian Fainelli <f.fainelli(a)gmail.com> net: systemport: Rewrite __bcm_sysport_tx_reclaim() Florian Fainelli <f.fainelli(a)gmail.com> net: fec: Fix unbalanced PM runtime calls Eric Dumazet <edumazet(a)google.com> ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: on channel error, reject further cmd requests Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: lock read device while queueing next buffer Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: when thread completes, wake up all waiters Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: free netdevice when removing a card Arkadi Sharshevsky <arkadis(a)mellanox.com> team: Fix double free in error path Vinicius Costa Gomes <vinicius.gomes(a)intel.com> skbuff: Fix not waking applications when errors are enqueued David Ahern <dsahern(a)gmail.com> net: Only honor ifindex in IP_PKTINFO if non-0 Nicolas Dichtel <nicolas.dichtel(a)6wind.com> netlink: avoid a double skb free in genlmsg_mcast() Arvind Yadav <arvind.yadav.cs(a)gmail.com> net/iucv: Free memory obtained by kzalloc SZ Lin (林上智) <sz.lin(a)moxa.com> net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred Eric Dumazet <edumazet(a)google.com> l2tp: do not accept arbitrary sockets Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: check sk for closed state in dccp_sendmsg() Kirill Tkhai <ktkhai(a)virtuozzo.com> net: Fix hlist corruptions in inet_evict_bucket() Marc Zyngier <marc.zyngier(a)arm.com> genirq: Track whether the trigger type has been set Johannes Thumshirn <jthumshirn(a)suse.de> scsi: sg: don't return bogus Sg_requests ------------- Diffstat: Makefile | 4 ++-- drivers/net/ethernet/arc/emac_rockchip.c | 6 ++++-- drivers/net/ethernet/broadcom/bcmsysport.c | 33 ++++++++++++++---------------- drivers/net/ethernet/broadcom/bcmsysport.h | 2 +- drivers/net/ethernet/freescale/fec_main.c | 2 ++ drivers/net/ethernet/ti/cpsw.c | 3 ++- drivers/net/team/team.c | 4 ++-- drivers/s390/net/qeth_core_main.c | 21 +++++++++++++------ drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/sg.c | 5 +++-- include/linux/irq.h | 11 +++++++++- kernel/irq/manage.c | 13 +++++++++++- net/core/skbuff.c | 2 +- net/dccp/proto.c | 5 +++++ net/ieee802154/6lowpan/core.c | 12 +++++++---- net/ipv4/inet_fragment.c | 3 +++ net/ipv4/ip_sockglue.c | 6 ++++-- net/ipv6/ndisc.c | 3 ++- net/iucv/af_iucv.c | 4 +++- net/l2tp/l2tp_core.c | 8 ++++++-- net/netlink/genetlink.c | 2 +- 22 files changed, 103 insertions(+), 50 deletions(-)

7 years, 2 months

5
26
0 0

Status of arm64 spectre backport for v4.4.y

by Guenter Roeck

Hi Greg, Hi Alex, do you have an idea if and when the arm64 Spectre backport to v4.4.y [1] might make it into a stable release ? Thanks, Guenter --- [1] https://www.spinics.net/lists/arm-kernel/msg639767.html

7 years, 2 months

2
1
0 0

[PATCH -v2] ext4: limit xattr size to INT_MAX

by Theodore Ts'o

From: Eric Biggers <ebiggers(a)google.com> ext4 isn't validating the sizes of xattrs. This is problematic because ->e_value_size is a u32, but ext4_xattr_get() returns an int. A very large size is misinterpreted as an error code, which ext4_get_acl() translates into a bogus ERR_PTR() for which IS_ERR() returns false, causing a crash. Fix this by validating that all xattrs are <= INT_MAX bytes. Also add explicit checks in ext4_xattr_block_get() and ext4_xattr_ibody_get() just in case the xattr block is corrupted in memory. Also if the xattr block is corrupted, mark the file system as containing an error. This issue has been assigned CVE-2018-1095. https://bugzilla.kernel.org/show_bug.cgi?id=199185 https://bugzilla.redhat.com/show_bug.cgi?id=1560793 Reported-by: Wen Xu <wen.xu(a)gatech.edu> Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org --- fs/ext4/xattr.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index 63656dbafdc4..d2a9b078e121 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -195,10 +195,14 @@ ext4_xattr_check_entries(struct ext4_xattr_entry *entry, void *end, /* Check the values */ while (!IS_LAST_ENTRY(entry)) { + u32 size = le32_to_cpu(entry->e_value_size); + + if (size > INT_MAX) + return -EFSCORRUPTED; + if (entry->e_value_size != 0 && entry->e_value_inum == 0) { u16 offs = le16_to_cpu(entry->e_value_offs); - u32 size = le32_to_cpu(entry->e_value_size); void *value; /* @@ -523,8 +527,10 @@ ext4_xattr_block_get(struct inode *inode, int name_index, const char *name, if (error) goto cleanup; size = le32_to_cpu(entry->e_value_size); + error = -ERANGE; + if (unlikely(size > INT_MAX)) + goto cleanup; if (buffer) { - error = -ERANGE; if (size > buffer_size) goto cleanup; if (entry->e_value_inum) { @@ -572,8 +578,10 @@ ext4_xattr_ibody_get(struct inode *inode, int name_index, const char *name, if (error) goto cleanup; size = le32_to_cpu(entry->e_value_size); + error = -ERANGE; + if (unlikely(size > INT_MAX)) + goto cleanup; if (buffer) { - error = -ERANGE; if (size > buffer_size) goto cleanup; if (entry->e_value_inum) { -- 2.16.1.72.g5be1f00a9a

7 years, 2 months

3
2
0 0

+ hugetlbfs-fix-bug-in-pgoff-overflow-checking.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: hugetlbfs: fix bug in pgoff overflow checking has been added to the -mm tree. Its filename is hugetlbfs-fix-bug-in-pgoff-overflow-checking.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/hugetlbfs-fix-bug-in-pgoff-overflo… and later at http://ozlabs.org/~akpm/mmotm/broken-out/hugetlbfs-fix-bug-in-pgoff-overflo… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: hugetlbfs: fix bug in pgoff overflow checking This is a fix for a regression in 32 bit kernels caused by an invalid check for pgoff overflow in hugetlbfs mmap setup. The check incorrectly specified that the size of a loff_t was the same as the size of a long. The regression prevents mapping hugetlbfs files at offsets greater than 4GB on 32 bit kernels. On 32 bit kernels conversion from a page based unsigned long can not overflow a loff_t byte offset. Therefore, skip this check if sizeof(unsigned long) != sizeof(loff_t). Link: http://lkml.kernel.org/r/20180330145402.5053-1-mike.kravetz@oracle.com Fixes: 63489f8e8211 ("hugetlbfs: check for pgoff value overflow") Reported-by: Dan Rue <dan.rue(a)linaro.org> Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Yisheng Xie <xieyisheng1(a)huawei.com> Cc: "Kirill A . Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Nic Losby <blurbdust(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/hugetlbfs/inode.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff -puN fs/hugetlbfs/inode.c~hugetlbfs-fix-bug-in-pgoff-overflow-checking fs/hugetlbfs/inode.c --- a/fs/hugetlbfs/inode.c~hugetlbfs-fix-bug-in-pgoff-overflow-checking +++ a/fs/hugetlbfs/inode.c @@ -138,10 +138,14 @@ static int hugetlbfs_file_mmap(struct fi /* * page based offset in vm_pgoff could be sufficiently large to - * overflow a (l)off_t when converted to byte offset. + * overflow a loff_t when converted to byte offset. This can + * only happen on architectures where sizeof(loff_t) == + * sizeof(unsigned long). So, only check in those instances. */ - if (vma->vm_pgoff & PGOFF_LOFFT_MAX) - return -EINVAL; + if (sizeof(unsigned long) == sizeof(loff_t)) { + if (vma->vm_pgoff & PGOFF_LOFFT_MAX) + return -EINVAL; + } /* must be huge page aligned */ if (vma->vm_pgoff & (~huge_page_mask(h) >> PAGE_SHIFT)) _ Patches currently in -mm which might be from mike.kravetz(a)oracle.com are hugetlbfs-fix-bug-in-pgoff-overflow-checking.patch mm-hugetlbfs-move-hugetlbfs_i-outside-ifdef-config_hugetlbfs.patch mm-memfd-split-out-memfd-for-use-by-multiple-filesystems.patch mm-memfd-remove-memfd-code-from-shmem-files-and-use-new-memfd-files.patch mm-make-start_isolate_page_range-fail-if-already-isolated.patch

7 years, 2 months

1
0
0 0

+ mm-memblock-fix-potential-issue-in-memblock_search_pfn_nid.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/memblock: fix potential issue in memblock_search_pfn_nid() has been added to the -mm tree. Its filename is mm-memblock-fix-potential-issue-in-memblock_search_pfn_nid.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-memblock-fix-potential-issue-in… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-memblock-fix-potential-issue-in… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Wei Yang <richard.weiyang(a)gmail.com> Subject: mm/memblock: fix potential issue in memblock_search_pfn_nid() memblock_search_pfn_nid() returns the nid and the [start|end]_pfn of the memory region where pfn sits in. While the calculation of start_pfn has potential issue when the regions base is not page aligned. For example, we assume PAGE_SHIFT is 12 and base is 0x1234. Current implementation would return 1 while this is not correct. This patch fixes this by using PFN_UP(). The original commit is commit e76b63f80d93 ("memblock, numa: binary search node id") and merged in v3.12. Link: http://lkml.kernel.org/r/20180330033055.22340-1-richard.weiyang@gmail.com Fixes: e76b63f80d93 ("memblock, numa: binary search node id") Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Yinghai Lu <yinghai(a)kernel.org> Cc: Jia He <hejianet(a)gmail.com> Cc: <stable(a)vger.kernel.org> [3.12+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memblock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN mm/memblock.c~mm-memblock-fix-potential-issue-in-memblock_search_pfn_nid mm/memblock.c --- a/mm/memblock.c~mm-memblock-fix-potential-issue-in-memblock_search_pfn_nid +++ a/mm/memblock.c @@ -1646,7 +1646,7 @@ int __init_memblock memblock_search_pfn_ if (mid == -1) return -1; - *start_pfn = PFN_DOWN(type->regions[mid].base); + *start_pfn = PFN_UP(type->regions[mid].base); *end_pfn = PFN_DOWN(type->regions[mid].base + type->regions[mid].size); return type->regions[mid].nid; _ Patches currently in -mm which might be from richard.weiyang(a)gmail.com are mm-check-__highest_present_sectioin_nr-directly-in-memory_dev_init.patch mm-memblock-fix-potential-issue-in-memblock_search_pfn_nid.patch

7 years, 2 months

1
0
0 0

[PATCH] ext4: move call to ext4_error() into ext4_xattr_check_block()

by Theodore Ts'o

Refactor the call to EXT4_ERROR_INODE() into ext4_xattr_check_block(). This simplifies the code, and fixes a problem where not all callers of ext4_xattr_check_block() were not resulting in ext4_error() getting called when the xattr block is corrupted. Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org --- fs/ext4/xattr.c | 60 ++++++++++++++++++++++++++------------------------------- 1 file changed, 27 insertions(+), 33 deletions(-) diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index d2a9b078e121..b0a9ba8e576a 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -226,25 +226,36 @@ ext4_xattr_check_entries(struct ext4_xattr_entry *entry, void *end, } static inline int -ext4_xattr_check_block(struct inode *inode, struct buffer_head *bh) +__ext4_xattr_check_block(struct inode *inode, struct buffer_head *bh, + const char *function, unsigned int line) { - int error; + int error = -EFSCORRUPTED; if (buffer_verified(bh)) return 0; if (BHDR(bh)->h_magic != cpu_to_le32(EXT4_XATTR_MAGIC) || BHDR(bh)->h_blocks != cpu_to_le32(1)) - return -EFSCORRUPTED; + goto errout; + error = -EFSBADCRC; if (!ext4_xattr_block_csum_verify(inode, bh)) - return -EFSBADCRC; + goto errout; error = ext4_xattr_check_entries(BFIRST(bh), bh->b_data + bh->b_size, bh->b_data); - if (!error) +errout: + if (error) + __ext4_error_inode(inode, function, line, 0, + "corrupted xattr block %llu", + (unsigned long long) bh->b_blocknr); + else set_buffer_verified(bh); return error; } +#define ext4_xattr_check_block(inode, bh) \ + __ext4_xattr_check_block((inode), (bh), __func__, __LINE__) + + static int __xattr_check_inode(struct inode *inode, struct ext4_xattr_ibody_header *header, void *end, const char *function, unsigned int line) @@ -515,12 +526,9 @@ ext4_xattr_block_get(struct inode *inode, int name_index, const char *name, goto cleanup; ea_bdebug(bh, "b_count=%d, refcount=%d", atomic_read(&(bh->b_count)), le32_to_cpu(BHDR(bh)->h_refcount)); - if (ext4_xattr_check_block(inode, bh)) { - EXT4_ERROR_INODE(inode, "bad block %llu", - EXT4_I(inode)->i_file_acl); - error = -EFSCORRUPTED; + error = ext4_xattr_check_block(inode, bh); + if (error) goto cleanup; - } ext4_xattr_block_cache_insert(ea_block_cache, bh); entry = BFIRST(bh); error = ext4_xattr_find_entry(&entry, name_index, name, 1); @@ -684,12 +692,9 @@ ext4_xattr_block_list(struct dentry *dentry, char *buffer, size_t buffer_size) goto cleanup; ea_bdebug(bh, "b_count=%d, refcount=%d", atomic_read(&(bh->b_count)), le32_to_cpu(BHDR(bh)->h_refcount)); - if (ext4_xattr_check_block(inode, bh)) { - EXT4_ERROR_INODE(inode, "bad block %llu", - EXT4_I(inode)->i_file_acl); - error = -EFSCORRUPTED; + error = ext4_xattr_check_block(inode, bh); + if (error) goto cleanup; - } ext4_xattr_block_cache_insert(EA_BLOCK_CACHE(inode), bh); error = ext4_xattr_list_entries(dentry, BFIRST(bh), buffer, buffer_size); @@ -816,10 +821,9 @@ int ext4_get_inode_usage(struct inode *inode, qsize_t *usage) goto out; } - if (ext4_xattr_check_block(inode, bh)) { - ret = -EFSCORRUPTED; + ret = ext4_xattr_check_block(inode, bh); + if (ret) goto out; - } for (entry = BFIRST(bh); !IS_LAST_ENTRY(entry); entry = EXT4_XATTR_NEXT(entry)) @@ -1801,12 +1805,9 @@ ext4_xattr_block_find(struct inode *inode, struct ext4_xattr_info *i, ea_bdebug(bs->bh, "b_count=%d, refcount=%d", atomic_read(&(bs->bh->b_count)), le32_to_cpu(BHDR(bs->bh)->h_refcount)); - if (ext4_xattr_check_block(inode, bs->bh)) { - EXT4_ERROR_INODE(inode, "bad block %llu", - EXT4_I(inode)->i_file_acl); - error = -EFSCORRUPTED; + error = ext4_xattr_check_block(inode, bs->bh); + if (error) goto cleanup; - } /* Find the named attribute. */ bs->s.base = BHDR(bs->bh); bs->s.first = BFIRST(bs->bh); @@ -2729,13 +2730,9 @@ int ext4_expand_extra_isize_ea(struct inode *inode, int new_extra_isize, error = -EIO; if (!bh) goto cleanup; - if (ext4_xattr_check_block(inode, bh)) { - EXT4_ERROR_INODE(inode, "bad block %llu", - EXT4_I(inode)->i_file_acl); - error = -EFSCORRUPTED; - brelse(bh); + error = ext4_xattr_check_block(inode, bh); + if (error) goto cleanup; - } base = BHDR(bh); end = bh->b_data + bh->b_size; min_offs = end - base; @@ -2892,11 +2889,8 @@ int ext4_xattr_delete_inode(handle_t *handle, struct inode *inode, goto cleanup; } error = ext4_xattr_check_block(inode, bh); - if (error) { - EXT4_ERROR_INODE(inode, "bad block %llu (error %d)", - EXT4_I(inode)->i_file_acl, error); + if (error) goto cleanup; - } if (ext4_has_feature_ea_inode(inode->i_sb)) { for (entry = BFIRST(bh); !IS_LAST_ENTRY(entry); -- 2.16.1.72.g5be1f00a9a

7 years, 2 months

1
0
0 0

[merged] shm-add-split-function-to-shm_vm_ops.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: ipc/shm.c: add split function to shm_vm_ops has been removed from the -mm tree. Its filename was shm-add-split-function-to-shm_vm_ops.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: ipc/shm.c: add split function to shm_vm_ops If System V shmget/shmat operations are used to create a hugetlbfs backed mapping, it is possible to munmap part of the mapping and split the underlying vma such that it is not huge page aligned. This will untimately result in the following BUG: kernel BUG at /build/linux-jWa1Fv/linux-4.15.0/mm/hugetlb.c:3310! Oops: Exception in kernel mode, sig: 5 [#1] LE SMP NR_CPUS=2048 NUMA PowerNV Modules linked in: kcm nfc af_alg caif_socket caif phonet fcrypt 8<--8<--8<--8< snip 8<--8<--8<--8< CPU: 18 PID: 43243 Comm: trinity-subchil Tainted: G C E 4.15.0-10-generic #11-Ubuntu NIP: c00000000036e764 LR: c00000000036ee48 CTR: 0000000000000009 REGS: c000003fbcdcf810 TRAP: 0700 Tainted: G C E (4.15.0-10-generic) MSR: 9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 24002222 XER: 20040000 CFAR: c00000000036ee44 SOFTE: 1 GPR00: c00000000036ee48 c000003fbcdcfa90 c0000000016ea600 c000003fbcdcfc40 GPR04: c000003fd9858950 00007115e4e00000 00007115e4e10000 0000000000000000 GPR08: 0000000000000010 0000000000010000 0000000000000000 0000000000000000 GPR12: 0000000000002000 c000000007a2c600 00000fe3985954d0 00007115e4e00000 GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR20: 00000fe398595a94 000000000000a6fc c000003fd9858950 0000000000018554 GPR24: c000003fdcd84500 c0000000019acd00 00007115e4e10000 c000003fbcdcfc40 GPR28: 0000000000200000 00007115e4e00000 c000003fbc9ac600 c000003fd9858950 NIP [c00000000036e764] __unmap_hugepage_range+0xa4/0x760 LR [c00000000036ee48] __unmap_hugepage_range_final+0x28/0x50 Call Trace: [c000003fbcdcfa90] [00007115e4e00000] 0x7115e4e00000 (unreliable) [c000003fbcdcfb50] [c00000000036ee48] __unmap_hugepage_range_final+0x28/0x50 [c000003fbcdcfb80] [c00000000033497c] unmap_single_vma+0x11c/0x190 [c000003fbcdcfbd0] [c000000000334e14] unmap_vmas+0x94/0x140 [c000003fbcdcfc20] [c00000000034265c] exit_mmap+0x9c/0x1d0 [c000003fbcdcfce0] [c000000000105448] mmput+0xa8/0x1d0 [c000003fbcdcfd10] [c00000000010fad0] do_exit+0x360/0xc80 [c000003fbcdcfdd0] [c0000000001104c0] do_group_exit+0x60/0x100 [c000003fbcdcfe10] [c000000000110584] SyS_exit_group+0x24/0x30 [c000003fbcdcfe30] [c00000000000b184] system_call+0x58/0x6c Instruction dump: 552907fe e94a0028 e94a0408 eb2a0018 81590008 7f9c5036 0b090000 e9390010 7d2948f8 7d2a2838 0b0a0000 7d293038 <0b090000> e9230086 2fa90000 419e0468 ---[ end trace ee88f958a1c62605 ]--- This bug was introduced by 31383c6865a5 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct"). A split function was added to vm_operations_struct to determine if a mapping can be split. This was mostly for device-dax and hugetlbfs mappings which have specific alignment constraints. Mappings initiated via shmget/shmat have their original vm_ops overwritten with shm_vm_ops. shm_vm_ops functions will call back to the original vm_ops if needed. Add such a split function to shm_vm_ops. Link: http://lkml.kernel.org/r/20180321161314.7711-1-mike.kravetz@oracle.com Fixes: 31383c6865a5 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Reported-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Reviewed-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Tested-by: Laurent Dufour <ldufour(a)linux.vnet.ibm.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Manfred Spraul <manfred(a)colorfullife.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- ipc/shm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff -puN ipc/shm.c~shm-add-split-function-to-shm_vm_ops ipc/shm.c --- a/ipc/shm.c~shm-add-split-function-to-shm_vm_ops +++ a/ipc/shm.c @@ -386,6 +386,17 @@ static int shm_fault(struct vm_fault *vm return sfd->vm_ops->fault(vmf); } +static int shm_split(struct vm_area_struct *vma, unsigned long addr) +{ + struct file *file = vma->vm_file; + struct shm_file_data *sfd = shm_file_data(file); + + if (sfd->vm_ops && sfd->vm_ops->split) + return sfd->vm_ops->split(vma, addr); + + return 0; +} + #ifdef CONFIG_NUMA static int shm_set_policy(struct vm_area_struct *vma, struct mempolicy *new) { @@ -510,6 +521,7 @@ static const struct vm_operations_struct .open = shm_open, /* callback for a new vm-area open */ .close = shm_close, /* callback for when the vm-area is released */ .fault = shm_fault, + .split = shm_split, #if defined(CONFIG_NUMA) .set_policy = shm_set_policy, .get_policy = shm_get_policy, _ Patches currently in -mm which might be from mike.kravetz(a)oracle.com are mm-hugetlbfs-move-hugetlbfs_i-outside-ifdef-config_hugetlbfs.patch mm-memfd-split-out-memfd-for-use-by-multiple-filesystems.patch mm-memfd-remove-memfd-code-from-shmem-files-and-use-new-memfd-files.patch mm-make-start_isolate_page_range-fail-if-already-isolated.patch

7 years, 2 months

1
0
0 0

Re: [PATCH] ext4: protect i_disksize update by i_data_sem in direct write path

by Sasha Levin

Hi again EXT4 ML! Here's a mail that would be sent as a result of an autoselection. It will note the "score" of the patch, and will run the same tests we do for patches tagged for stable. As before, please let me know your thoughts on this. Thanks! === Hi Eryu Guan, [This is an automated email] This commit has been processed by the -stable helper bot and determined to be a high probability candidate for -stable trees. (score: 59.259) The bot has tested the following trees: v4.15.12, v4.14.29, v4.9.89, v4.4.123, v4.1.50, v3.18.101. v4.15.12: Build OK! v4.14.29: Build OK! v4.9.89: Build OK! v4.4.123: Failed to apply! Possible dependencies: 914f82a32d02: ("ext4: refactor direct IO code") 705965bd6dfa: ("ext4: rename and split get blocks functions") ba5843f51d46: ("ext4: use pre-zeroed blocks for DAX page faults") c86d8db33a92: ("ext4: implement allocation of pre-zeroed blocks") 2dcba4781fa3: ("ext4: get rid of EXT4_GET_BLOCKS_NO_LOCK flag") v4.1.50: Failed to apply! Possible dependencies: 914f82a32d02: ("ext4: refactor direct IO code") 705965bd6dfa: ("ext4: rename and split get blocks functions") ba5843f51d46: ("ext4: use pre-zeroed blocks for DAX page faults") ed923b5776a2: ("ext4: add ext4_get_block_dax()") e676a4c19165: ("ext4: use ext4_get_block_write() for DAX") 11bd1a9ecdd6: ("ext4: huge page fault support") e676a4c19165: ("ext4: use ext4_get_block_write() for DAX") 01a33b4ace68: ("ext4: start transaction before calling into DAX") ed923b5776a2: ("ext4: add ext4_get_block_dax()") e676a4c19165: ("ext4: use ext4_get_block_write() for DAX") 11bd1a9ecdd6: ("ext4: huge page fault support") 11bd1a9ecdd6: ("ext4: huge page fault support") v3.18.101: Failed to apply! Possible dependencies: 914f82a32d02: ("ext4: refactor direct IO code") 6f67376318ab: ("direct_IO: use iov_iter_rw() instead of rw everywhere") ef96fdddcd38: ("staging: lustre: lustre: llite: use DIV_ROUND_UP") 42b1ab979d92: ("9p: get rid of v9fs_direct_file_read()") 9565a5445240: ("9p: get rid of v9fs_direct_file_write()") 9abb40830700: ("fs/affs/file.c: add support to O_DIRECT") 92b20708f9f0: ("fs/affs/file.c: fix direct IO writes beyond EOF") 9abb40830700: ("fs/affs/file.c: add support to O_DIRECT") 17f8c842d24a: ("Remove rw from {,__,do_}blockdev_direct_IO()") 92b20708f9f0: ("fs/affs/file.c: fix direct IO writes beyond EOF") 9abb40830700: ("fs/affs/file.c: add support to O_DIRECT") 9abb40830700: ("fs/affs/file.c: add support to O_DIRECT") EXT4 Specific tests: v4.15.12 (http://stable-bot.westus2.cloudapp.azure.com/ext4-test2/v4.15.12/tests/): Tests complete. v4.14.29 (http://stable-bot.westus2.cloudapp.azure.com/ext4-test2/v4.14.29/tests/): Tests complete. v4.9.89 (http://stable-bot.westus2.cloudapp.azure.com/ext4-test2/v4.9.89/tests/): Tests complete. Please let us know if you'd like to have this patch included in a stable tree. -- Thanks, Sasha

7 years, 2 months

2
1
0 0

[PATCH 4.9 00/28] 4.9.92-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.92 release. There are 28 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Mar 31 17:57:18 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.92-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.92-rc1 Yunsheng Lin <linyunsheng(a)huawei.com> net: hns: Fix a skb used after free bug Tom Herbert <tom(a)quantonium.net> kcm: lock lower socket in kcm_attach Florian Fainelli <f.fainelli(a)gmail.com> net: systemport: Rewrite __bcm_sysport_tx_reclaim() Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: on channel error, reject further cmd requests Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: lock read device while queueing next buffer Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: when thread completes, wake up all waiters Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: free netdevice when removing a card Madalin Bucur <madalin.bucur(a)nxp.com> soc/fsl/qbman: fix issue in qman_delete_cgr_safe() Arkadi Sharshevsky <arkadis(a)mellanox.com> team: Fix double free in error path Vinicius Costa Gomes <vinicius.gomes(a)intel.com> skbuff: Fix not waking applications when errors are enqueued David Ahern <dsahern(a)gmail.com> net: Only honor ifindex in IP_PKTINFO if non-0 Nicolas Dichtel <nicolas.dichtel(a)6wind.com> netlink: avoid a double skb free in genlmsg_mcast() Arvind Yadav <arvind.yadav.cs(a)gmail.com> net/iucv: Free memory obtained by kzalloc Florian Fainelli <f.fainelli(a)gmail.com> net: fec: Fix unbalanced PM runtime calls SZ Lin (林上智) <sz.lin(a)moxa.com> net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred Eric Dumazet <edumazet(a)google.com> l2tp: do not accept arbitrary sockets Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: check sk for closed state in dccp_sendmsg() Kirill Tkhai <ktkhai(a)virtuozzo.com> net: Fix hlist corruptions in inet_evict_bucket() Eric Dumazet <edumazet(a)google.com> net: use skb_to_full_sk() in skb_update_prio() Eric Dumazet <edumazet(a)google.com> ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() Alexey Kodanev <alexey.kodanev(a)oracle.com> sch_netem: fix skb leak in netem_enqueue() Paul Blakey <paulb(a)mellanox.com> rhashtable: Fix rhlist duplicates insertion Guillaume Nault <g.nault(a)alphalink.fr> ppp: avoid loop in xmit recursion detection code Roman Mashak <mrv(a)mojatatu.com> net sched actions: return explicit error when tunnel_key mode is not specified Marc Zyngier <marc.zyngier(a)arm.com> genirq: Track whether the trigger type has been set Johannes Thumshirn <jthumshirn(a)suse.de> scsi: sg: don't return bogus Sg_requests ------------- Diffstat: Makefile | 4 ++-- drivers/net/ethernet/arc/emac_rockchip.c | 6 +++-- drivers/net/ethernet/broadcom/bcmsysport.c | 33 ++++++++++++--------------- drivers/net/ethernet/broadcom/bcmsysport.h | 2 +- drivers/net/ethernet/freescale/fec_main.c | 2 ++ drivers/net/ethernet/hisilicon/hns/hns_enet.c | 22 ++++++++---------- drivers/net/ethernet/hisilicon/hns/hns_enet.h | 6 ++--- drivers/net/ethernet/ti/cpsw.c | 3 ++- drivers/net/ppp/ppp_generic.c | 26 +++++++++++---------- drivers/net/team/team.c | 4 ++-- drivers/s390/net/qeth_core_main.c | 21 ++++++++++++----- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/sg.c | 5 ++-- drivers/soc/fsl/qbman/qman.c | 28 ++++------------------- include/linux/cgroup-defs.h | 4 ++-- include/linux/irq.h | 11 ++++++++- include/linux/rhashtable.h | 4 +++- include/net/sch_generic.h | 19 +++++++++++++++ kernel/irq/manage.c | 13 ++++++++++- lib/rhashtable.c | 4 +++- net/core/dev.c | 22 ++++++++++++------ net/core/skbuff.c | 2 +- net/dccp/proto.c | 5 ++++ net/ieee802154/6lowpan/core.c | 12 ++++++---- net/ipv4/inet_fragment.c | 3 +++ net/ipv4/ip_sockglue.c | 6 +++-- net/ipv6/ndisc.c | 3 ++- net/iucv/af_iucv.c | 4 +++- net/kcm/kcmsock.c | 33 +++++++++++++++++++-------- net/l2tp/l2tp_core.c | 8 +++++-- net/netlink/genetlink.c | 2 +- net/sched/act_tunnel_key.c | 1 + net/sched/sch_netem.c | 2 +- 34 files changed, 202 insertions(+), 122 deletions(-)

7 years, 2 months

4
33
0 0

[PATCH 4.14 00/43] 4.14.32-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.32 release. There are 43 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Mar 31 17:57:12 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.32-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.32-rc1 Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: on channel error, reject further cmd requests Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: lock read device while queueing next buffer Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: when thread completes, wake up all waiters Julian Wiedmann <jwi(a)linux.vnet.ibm.com> s390/qeth: free netdevice when removing a card Camelia Groza <camelia.groza(a)nxp.com> dpaa_eth: remove duplicate increment of the tx_errors counter Camelia Groza <camelia.groza(a)nxp.com> dpaa_eth: increment the RX dropped counter when needed Camelia Groza <camelia.groza(a)nxp.com> dpaa_eth: remove duplicate initialization Madalin Bucur <madalin.bucur(a)nxp.com> dpaa_eth: fix error in dpaa_remove() Madalin Bucur <madalin.bucur(a)nxp.com> soc/fsl/qbman: fix issue in qman_delete_cgr_safe() Arkadi Sharshevsky <arkadis(a)mellanox.com> team: Fix double free in error path Vinicius Costa Gomes <vinicius.gomes(a)intel.com> skbuff: Fix not waking applications when errors are enqueued Michal Kalderon <Michal.Kalderon(a)cavium.com> qede: Fix qedr link update Florian Fainelli <f.fainelli(a)gmail.com> net: systemport: Rewrite __bcm_sysport_tx_reclaim() David Ahern <dsahern(a)gmail.com> net: Only honor ifindex in IP_PKTINFO if non-0 Nicolas Dichtel <nicolas.dichtel(a)6wind.com> netlink: avoid a double skb free in genlmsg_mcast() Arvind Yadav <arvind.yadav.cs(a)gmail.com> net/iucv: Free memory obtained by kzalloc Florian Fainelli <f.fainelli(a)gmail.com> net: fec: Fix unbalanced PM runtime calls SZ Lin (林上智) <sz.lin(a)moxa.com> net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred Eric Dumazet <edumazet(a)google.com> l2tp: do not accept arbitrary sockets Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: check sk for closed state in dccp_sendmsg() Kirill Tkhai <ktkhai(a)virtuozzo.com> net: Fix hlist corruptions in inet_evict_bucket() Eric Dumazet <edumazet(a)google.com> net: use skb_to_full_sk() in skb_update_prio() Eric Dumazet <edumazet(a)google.com> ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() Alexey Kodanev <alexey.kodanev(a)oracle.com> sch_netem: fix skb leak in netem_enqueue() Tom Herbert <tom(a)quantonium.net> kcm: lock lower socket in kcm_attach Paul Blakey <paulb(a)mellanox.com> rhashtable: Fix rhlist duplicates insertion Guillaume Nault <g.nault(a)alphalink.fr> ppp: avoid loop in xmit recursion detection code Roman Mashak <mrv(a)mojatatu.com> net sched actions: return explicit error when tunnel_key mode is not specified Brad Mouring <brad.mouring(a)ni.com> net: phy: Tell caller result of phy_change() Ido Schimmel <idosch(a)mellanox.com> mlxsw: spectrum_buffers: Set a minimum quota for CPU port traffic David Lebrun <dlebrun(a)google.com> ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state David Lebrun <dlebrun(a)google.com> ipv6: sr: fix NULL pointer dereference when setting encap source address Stefano Brivio <sbrivio(a)redhat.com> ipv6: old_dport should be a __be16 in __ip6_datagram_connect() Paolo Abeni <pabeni(a)redhat.com> net: ipv6: keep sk status consistent after datagram connect failure Shannon Nelson <shannon.nelson(a)oracle.com> macvlan: filter out unsupported feature flags Arkadi Sharshevsky <arkadis(a)mellanox.com> devlink: Remove redundant free on error path Grygorii Strashko <grygorii.strashko(a)ti.com> net: phy: relax error checking when creating sysfs link netdev->phydev Grygorii Strashko <grygorii.strashko(a)ti.com> sysfs: symlink: export sysfs_create_link_nowarn() Michal Kalderon <Michal.Kalderon(a)cavium.com> qed: Fix non TCP packets should be dropped on iWARP ll2 connection Soheil Hassas Yeganeh <soheil(a)google.com> tcp: purge write queue upon aborting the connection Soheil Hassas Yeganeh <soheil(a)google.com> tcp: reset sk_send_head in tcp_write_queue_purge ------------- Diffstat: Makefile | 4 +- drivers/net/ethernet/arc/emac_rockchip.c | 6 +- drivers/net/ethernet/broadcom/bcmsysport.c | 33 ++-- drivers/net/ethernet/broadcom/bcmsysport.h | 2 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 8 +- drivers/net/ethernet/freescale/fec_main.c | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_buffers.c | 12 +- drivers/net/ethernet/qlogic/qed/qed_iwarp.c | 15 ++ drivers/net/ethernet/qlogic/qede/qede_main.c | 4 +- drivers/net/ethernet/ti/cpsw.c | 3 +- drivers/net/macvlan.c | 2 +- drivers/net/phy/phy.c | 173 ++++++++++----------- drivers/net/phy/phy_device.c | 15 +- drivers/net/ppp/ppp_generic.c | 26 ++-- drivers/net/team/team.c | 4 +- drivers/s390/net/qeth_core_main.c | 21 ++- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/soc/fsl/qbman/qman.c | 28 +--- fs/sysfs/symlink.c | 1 + include/linux/cgroup-defs.h | 4 +- include/linux/phy.h | 1 - include/linux/rhashtable.h | 4 +- include/net/sch_generic.h | 19 +++ include/net/tcp.h | 11 +- lib/rhashtable.c | 4 +- net/core/dev.c | 22 ++- net/core/devlink.c | 16 +- net/core/skbuff.c | 2 +- net/dccp/proto.c | 5 + net/ieee802154/6lowpan/core.c | 12 +- net/ipv4/inet_fragment.c | 3 + net/ipv4/ip_sockglue.c | 6 +- net/ipv4/tcp.c | 1 + net/ipv4/tcp_timer.c | 1 + net/ipv6/datagram.c | 21 ++- net/ipv6/ndisc.c | 3 +- net/ipv6/seg6_iptunnel.c | 7 +- net/iucv/af_iucv.c | 4 +- net/kcm/kcmsock.c | 33 ++-- net/l2tp/l2tp_core.c | 8 +- net/netlink/genetlink.c | 2 +- net/sched/act_tunnel_key.c | 1 + net/sched/sch_netem.c | 2 +- 44 files changed, 320 insertions(+), 235 deletions(-)

7 years, 2 months

4
45
0 0

[PATCH v2] PCI / PM: Always check PME wakeup capability for runtime wakeup support

by Kai-Heng Feng

USB controller ASM1042 stops working after commit de3ef1eb1cd0 ("PM / core: Drop run_wake flag from struct dev_pm_info"). The device in question is not power managed by platform firmware, furthermore, it only supports PME# from D3cold: Capabilities: [78] Power Management version 3 Flags: PMEClk- DSI- D1- D2- AuxCurrent=55mA PME(D0-,D1-,D2-,D3hot-,D3cold+) Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME- Before commit de3ef1eb1cd0, the device never gets runtime suspended. After that commit, the device gets runtime suspended, so it does not respond to any PME#. usb_hcd_pci_probe() mandatorily calls device_wakeup_enable(), hence device_can_wakeup() in pci_dev_run_wake() always returns true. So pci_dev_run_wake() needs to check PME wakeup capability as its first condition. Fixes: de3ef1eb1cd0 ("PM / core: Drop run_wake flag from struct dev_pm_info") Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Kai-Heng Feng <kai.heng.feng(a)canonical.com> --- v2: Explicitly check dev->pme_support. drivers/pci/pci.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index f6a4dd10d9b0..52821a21fc07 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -2125,16 +2125,16 @@ bool pci_dev_run_wake(struct pci_dev *dev) { struct pci_bus *bus = dev->bus; - if (device_can_wakeup(&dev->dev)) - return true; - if (!dev->pme_support) return false; /* PME-capable in principle, but not from the target power state */ - if (!pci_pme_capable(dev, pci_target_state(dev, false))) + if (!pci_pme_capable(dev, pci_target_state(dev, true))) return false; + if (device_can_wakeup(&dev->dev)) + return true; + while (bus->parent) { struct pci_dev *bridge = bus->self; -- 2.15.1

7 years, 2 months

3
3
0 0

Regression in v4.4.124 due to 'genirq: Use irqd_get_trigger_type to compare ..'

by Guenter Roeck

Hi Greg, commit 9d0273bb1c4b64 ("genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs") causes a regression in v4.4.124. The problem has been fixed upstream with commit 4f8413a3a799 ("genirq: Track whether the trigger type has been set"). Please apply that patch to v4.4.y at your earliest convenience. The patch does not apply cleanly; you'll get a conflict include/linux/irq.h. The fix is simple - just take the version introduced by the patch. It adds a couple of extra defines, but those don't hurt and just keep the code aligned with upstream. Thanks, Guenter

7 years, 2 months

3
7
0 0

Patch "[PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: revert-genirq-use-irqd_get_trigger_type-to-compare-the.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 6ac05ec9c1bdefb8a88aefd4681869814b3f6c73 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Date: Fri, 30 Mar 2018 10:56:51 +0200 Subject: [PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" This reverts commit 093c265afffb0a91a7611c3bb74d0883731a807b which is commit 382bd4de61827dbaaf5fb4fb7b1f4be4a86505e7 upstream. It causes too many problems with the stable tree, and would require too many other things to be backported, so just revert it. Reported-by: Guenter Roeck <linux(a)roeck-us.net> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: Marc Zyngier <marc.zyngier(a)arm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/irq/manage.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) --- a/kernel/irq/manage.c +++ b/kernel/irq/manage.c @@ -1058,10 +1058,8 @@ __setup_irq(unsigned int irq, struct irq * set the trigger type must match. Also all must * agree on ONESHOT. */ - unsigned int oldtype = irqd_get_trigger_type(&desc->irq_data); - if (!((old->flags & new->flags) & IRQF_SHARED) || - (oldtype != (new->flags & IRQF_TRIGGER_MASK)) || + ((old->flags ^ new->flags) & IRQF_TRIGGER_MASK) || ((old->flags ^ new->flags) & IRQF_ONESHOT)) goto mismatch; Patches currently in stable-queue which might be from gregkh(a)linuxfoundation.org are queue-3.18/tty-vt-fix-up-tabstops-properly.patch queue-3.18/alsa-aloop-fix-access-to-not-yet-ready-substream-via-cable.patch queue-3.18/ipv6-fix-access-to-non-linear-packet-in-ndisc_fill_redirect_hdr_option.patch queue-3.18/net-only-honor-ifindex-in-ip_pktinfo-if-non-0.patch queue-3.18/libata-disable-lpm-for-crucial-bx100-ssd-500gb-drive.patch queue-3.18/skbuff-fix-not-waking-applications-when-errors-are-enqueued.patch queue-3.18/libata-apply-nolpm-quirk-to-crucial-m500-480-and-960gb-ssds.patch queue-3.18/s390-qeth-when-thread-completes-wake-up-all-waiters.patch queue-3.18/libata-fix-length-validation-of-atapi-relayed-scsi-commands.patch queue-3.18/tracing-probeevent-fix-to-support-minus-offset-from-symbol.patch queue-3.18/can-cc770-fix-use-after-free-in-cc770_tx_interrupt.patch queue-3.18/s390-qeth-lock-read-device-while-queueing-next-buffer.patch queue-3.18/libata-apply-nolpm-quirk-to-crucial-mx100-512gb-ssds.patch queue-3.18/libata-modify-quirks-for-mx100-to-limit-ncq_trim-quirk-to-mu01-version.patch queue-3.18/revert-genirq-use-irqd_get_trigger_type-to-compare-the.patch queue-3.18/l2tp-do-not-accept-arbitrary-sockets.patch queue-3.18/can-cc770-fix-queue-stall-dropped-rtr-reply.patch queue-3.18/netlink-avoid-a-double-skb-free-in-genlmsg_mcast.patch queue-3.18/libata-enable-queued-trim-for-samsung-ssd-860.patch queue-3.18/staging-ncpfs-memory-corruption-in-ncp_read_kernel.patch queue-3.18/drm-udl-properly-check-framebuffer-mmap-offsets.patch queue-3.18/can-cc770-fix-stalls-on-rt-linux-remove-redundant-irq-ack.patch queue-3.18/team-fix-double-free-in-error-path.patch queue-3.18/brcmfmac-fix-p2p_device-ethernet-address-generation.patch queue-3.18/alsa-usb-audio-fix-parsing-descriptor-of-uac2-processing-unit.patch queue-3.18/net-iucv-free-memory-obtained-by-kzalloc.patch queue-3.18/alsa-aloop-sync-stale-timer-before-release.patch queue-3.18/net-ethernet-arc-fix-a-potential-memory-leak-if-an-optional-regulator-is-deferred.patch queue-3.18/s390-qeth-on-channel-error-reject-further-cmd-requests.patch queue-3.18/scsi-sg-don-t-return-bogus-sg_requests.patch queue-3.18/dccp-check-sk-for-closed-state-in-dccp_sendmsg.patch queue-3.18/net-fec-fix-unbalanced-pm-runtime-calls.patch queue-3.18/libata-make-crucial-bx100-500gb-lpm-quirk-apply-to-all-firmware-versions.patch queue-3.18/libata-remove-warn-for-dma-or-pio-command-without-data.patch queue-3.18/s390-qeth-free-netdevice-when-removing-a-card.patch queue-3.18/kvm-x86-fix-icebp-instruction-handling.patch

7 years, 2 months

1
0
0 0

Patch "[PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: revert-genirq-use-irqd_get_trigger_type-to-compare-the.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 5512cca5c518c20037b10369a4725327202dd80b Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Date: Fri, 30 Mar 2018 10:53:44 +0200 Subject: [PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" This reverts commit 9d0273bb1c4b645817eccfe5c5975ea29add3300 which is commit 382bd4de61827dbaaf5fb4fb7b1f4be4a86505e7 upstream. It causes too many problems with the stable tree, and would require too many other things to be backported, so just revert it. Reported-by: Guenter Roeck <linux(a)roeck-us.net> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: Marc Zyngier <marc.zyngier(a)arm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/irq/manage.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) --- a/kernel/irq/manage.c +++ b/kernel/irq/manage.c @@ -1189,10 +1189,8 @@ __setup_irq(unsigned int irq, struct irq * set the trigger type must match. Also all must * agree on ONESHOT. */ - unsigned int oldtype = irqd_get_trigger_type(&desc->irq_data); - if (!((old->flags & new->flags) & IRQF_SHARED) || - (oldtype != (new->flags & IRQF_TRIGGER_MASK)) || + ((old->flags ^ new->flags) & IRQF_TRIGGER_MASK) || ((old->flags ^ new->flags) & IRQF_ONESHOT)) goto mismatch; Patches currently in stable-queue which might be from gregkh(a)linuxfoundation.org are queue-4.4/net-fix-hlist-corruptions-in-inet_evict_bucket.patch queue-4.4/ipv6-fix-access-to-non-linear-packet-in-ndisc_fill_redirect_hdr_option.patch queue-4.4/net-only-honor-ifindex-in-ip_pktinfo-if-non-0.patch queue-4.4/skbuff-fix-not-waking-applications-when-errors-are-enqueued.patch queue-4.4/s390-qeth-when-thread-completes-wake-up-all-waiters.patch queue-4.4/s390-qeth-lock-read-device-while-queueing-next-buffer.patch queue-4.4/net-systemport-rewrite-__bcm_sysport_tx_reclaim.patch queue-4.4/revert-genirq-use-irqd_get_trigger_type-to-compare-the.patch queue-4.4/l2tp-do-not-accept-arbitrary-sockets.patch queue-4.4/netlink-avoid-a-double-skb-free-in-genlmsg_mcast.patch queue-4.4/team-fix-double-free-in-error-path.patch queue-4.4/ieee802154-6lowpan-fix-possible-null-deref-in-lowpan_device_event.patch queue-4.4/net-iucv-free-memory-obtained-by-kzalloc.patch queue-4.4/net-ethernet-arc-fix-a-potential-memory-leak-if-an-optional-regulator-is-deferred.patch queue-4.4/s390-qeth-on-channel-error-reject-further-cmd-requests.patch queue-4.4/scsi-sg-don-t-return-bogus-sg_requests.patch queue-4.4/dccp-check-sk-for-closed-state-in-dccp_sendmsg.patch queue-4.4/net-fec-fix-unbalanced-pm-runtime-calls.patch queue-4.4/net-ethernet-ti-cpsw-add-check-for-in-band-mode-setting-with-rgmii-phy-interface.patch queue-4.4/s390-qeth-free-netdevice-when-removing-a-card.patch

7 years, 2 months

1
0
0 0

Patch "[PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled [PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: revert-genirq-use-irqd_get_trigger_type-to-compare-the.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 399af491b3f604277121f817ab0da9be6801bcef Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Date: Fri, 30 Mar 2018 10:43:30 +0200 Subject: [PATCH] Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" This reverts commit f2596a9808acfd02ce1ee389f0e1c37e64aec5f6 which is commit 382bd4de61827dbaaf5fb4fb7b1f4be4a86505e7 upstream. It causes too many problems with the stable tree, and would require too many other things to be backported, so just revert it. Reported-by: Guenter Roeck <linux(a)roeck-us.net> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: Marc Zyngier <marc.zyngier(a)arm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- kernel/irq/manage.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) --- a/kernel/irq/manage.c +++ b/kernel/irq/manage.c @@ -1210,10 +1210,8 @@ __setup_irq(unsigned int irq, struct irq * set the trigger type must match. Also all must * agree on ONESHOT. */ - unsigned int oldtype = irqd_get_trigger_type(&desc->irq_data); - if (!((old->flags & new->flags) & IRQF_SHARED) || - (oldtype != (new->flags & IRQF_TRIGGER_MASK)) || + ((old->flags ^ new->flags) & IRQF_TRIGGER_MASK) || ((old->flags ^ new->flags) & IRQF_ONESHOT)) goto mismatch; Patches currently in stable-queue which might be from gregkh(a)linuxfoundation.org are queue-4.9/net-fix-hlist-corruptions-in-inet_evict_bucket.patch queue-4.9/ppp-avoid-loop-in-xmit-recursion-detection-code.patch queue-4.9/ipv6-fix-access-to-non-linear-packet-in-ndisc_fill_redirect_hdr_option.patch queue-4.9/net-only-honor-ifindex-in-ip_pktinfo-if-non-0.patch queue-4.9/skbuff-fix-not-waking-applications-when-errors-are-enqueued.patch queue-4.9/rhashtable-fix-rhlist-duplicates-insertion.patch queue-4.9/kcm-lock-lower-socket-in-kcm_attach.patch queue-4.9/s390-qeth-when-thread-completes-wake-up-all-waiters.patch queue-4.9/sch_netem-fix-skb-leak-in-netem_enqueue.patch queue-4.9/s390-qeth-lock-read-device-while-queueing-next-buffer.patch queue-4.9/net-systemport-rewrite-__bcm_sysport_tx_reclaim.patch queue-4.9/revert-genirq-use-irqd_get_trigger_type-to-compare-the.patch queue-4.9/l2tp-do-not-accept-arbitrary-sockets.patch queue-4.9/netlink-avoid-a-double-skb-free-in-genlmsg_mcast.patch queue-4.9/team-fix-double-free-in-error-path.patch queue-4.9/net-use-skb_to_full_sk-in-skb_update_prio.patch queue-4.9/ieee802154-6lowpan-fix-possible-null-deref-in-lowpan_device_event.patch queue-4.9/net-hns-fix-a-skb-used-after-free-bug.patch queue-4.9/soc-fsl-qbman-fix-issue-in-qman_delete_cgr_safe.patch queue-4.9/net-iucv-free-memory-obtained-by-kzalloc.patch queue-4.9/net-ethernet-arc-fix-a-potential-memory-leak-if-an-optional-regulator-is-deferred.patch queue-4.9/s390-qeth-on-channel-error-reject-further-cmd-requests.patch queue-4.9/scsi-sg-don-t-return-bogus-sg_requests.patch queue-4.9/dccp-check-sk-for-closed-state-in-dccp_sendmsg.patch queue-4.9/net-fec-fix-unbalanced-pm-runtime-calls.patch queue-4.9/net-ethernet-ti-cpsw-add-check-for-in-band-mode-setting-with-rgmii-phy-interface.patch queue-4.9/net-sched-actions-return-explicit-error-when-tunnel_key-mode-is-not-specified.patch queue-4.9/s390-qeth-free-netdevice-when-removing-a-card.patch

7 years, 2 months

1
0
0 0

[PATCH] mm/memblock: fix potential issue in memblock_search_pfn_nid()

by Wei Yang

memblock_search_pfn_nid() returns the nid and the [start|end]_pfn of the memory region where pfn sits in. While the calculation of start_pfn has potential issue when the regions base is not page aligned. For example, we assume PAGE_SHIFT is 12 and base is 0x1234. Current implementation would return 1 while this is not correct. This patch fixes this by using PFN_UP(). The original commit is commit e76b63f80d93 ("memblock, numa: binary search node id") and merged in v3.12. Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com> Cc: 3.12 <stable(a)vger.kernel.org> --- mm/memblock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/memblock.c b/mm/memblock.c index b6ba6b7adadc..de768307696d 100644 --- a/mm/memblock.c +++ b/mm/memblock.c @@ -1673,7 +1673,7 @@ int __init_memblock memblock_search_pfn_nid(unsigned long pfn, if (mid == -1) return -1; - *start_pfn = PFN_DOWN(type->regions[mid].base); + *start_pfn = PFN_UP(type->regions[mid].base); *end_pfn = PFN_DOWN(type->regions[mid].base + type->regions[mid].size); return type->regions[mid].nid; -- 2.15.1

7 years, 2 months

1
1
0 0

Re: [PATCH 4.9 00/28] 4.9.92-stable review

by Guenter Roeck

On Thu, Mar 29, 2018 at 03:01:18PM -0700, kernelci.org bot wrote: > stable-rc/linux-4.9.y boot: 122 boots: 1 failed, 104 passed with 14 offline, 3 untried/unknown (v4.9.91-29-gcdf42b7a5c27) > > Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.9.y/kernel/v4.9.… > Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.9.y/kernel/v4.9.91-29-g… > > Tree: stable-rc > Branch: linux-4.9.y > Git Describe: v4.9.91-29-gcdf42b7a5c27 > Git Commit: cdf42b7a5c277bc4a4dd0853f6e2155a3ead8b02 > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git > Tested: 63 unique boards, 22 SoC families, 19 builds out of 183 > > Boot Regressions Detected: > > arm: > > multi_v7_defconfig: > sun8i-a33-sinlinx-sina33: > lab-free-electrons: new failure (last pass: v4.9.91) > This is an actual crash. > Boot Failure Detected: > > arm: > > multi_v7_defconfig > sun8i-a33-sinlinx-sina33: 1 failed lab > > Offline Platforms: > > arm: > > sunxi_defconfig: > sun5i-r8-chip: 1 offline lab > sun7i-a20-cubietruck: 1 offline lab > > multi_v7_defconfig: > exynos5410-odroidxu: 1 offline lab > exynos5800-peach-pi: 1 offline lab > sun5i-r8-chip: 1 offline lab > sun7i-a20-cubietruck: 1 offline lab > tegra20-iris-512: 1 offline lab > tegra30-beaver: 1 offline lab > > exynos_defconfig: > exynos5410-odroidxu: 1 offline lab > exynos5800-peach-pi: 1 offline lab > > davinci_all_defconfig: > dm365evm,legacy: 1 offline lab > > tegra_defconfig: > tegra20-iris-512: 1 offline lab > tegra30-beaver: 1 offline lab > > arm64: > > defconfig: > meson-gxbb-odroidc2: 1 offline lab > > --- > For more info write to <info(a)kernelci.org>

7 years, 2 months

1
0
0 0

Re: [PATCH 4.4 00/20] 4.4.126-stable review

by Guenter Roeck

On Thu, Mar 29, 2018 at 03:01:19PM -0700, kernelci.org bot wrote: > stable-rc/linux-4.4.y boot: 105 boots: 1 failed, 92 passed with 10 offline, 2 untried/unknown (v4.4.125-21-g290572f02954) > > Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.4.y/kernel/v4.4.… > Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.4.y/kernel/v4.4.125-21-… > > Tree: stable-rc > Branch: linux-4.4.y > Git Describe: v4.4.125-21-g290572f02954 > Git Commit: 290572f02954767c84991efa816fbfb56c7da9df > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git > Tested: 53 unique boards, 20 SoC families, 16 builds out of 177 > > Boot Regressions Detected: > > arm: > > at91_dt_defconfig: > at91sam9261ek: > lab-free-electrons: failing since 6 days (last pass: v4.4.123 - first fail: v4.4.123-97-g3054df73e9af) >From the boot log, this may suffer from the regression I have been talking about. The boot log repeats 13:42:46.064162 genirq: Flags mismatch irq 16. 00040080 (ttyS0) vs. 00040080 (pmc) 13:42:46.071500 atmel_usart fffff200.serial: atmel_startup - Can't get irq forever. Guenter > > Boot Failure Detected: > > arm: > > at91_dt_defconfig > at91sam9261ek: 1 failed lab > > Offline Platforms: > > arm: > > sunxi_defconfig: > sun5i-r8-chip: 1 offline lab > sun7i-a20-cubietruck: 1 offline lab > > multi_v7_defconfig: > exynos5410-odroidxu: 1 offline lab > sun5i-r8-chip: 1 offline lab > sun7i-a20-cubietruck: 1 offline lab > tegra20-iris-512: 1 offline lab > tegra30-beaver: 1 offline lab > > exynos_defconfig: > exynos5410-odroidxu: 1 offline lab > > tegra_defconfig: > tegra20-iris-512: 1 offline lab > tegra30-beaver: 1 offline lab > > --- > For more info write to <info(a)kernelci.org>

7 years, 2 months

1
0
0 0

[PATCH] ext4: limit xattr size to INT_MAX

by Theodore Ts'o

From: Eric Biggers <ebiggers(a)google.com> ext4 isn't validating the sizes of xattrs. This is problematic because ->e_value_size is a u32, but ext4_xattr_get() returns an int. A very large size is misinterpreted as an error code, which ext4_get_acl() translates into a bogus ERR_PTR() for which IS_ERR() returns false, causing a crash. Fix this by validating that all xattrs are <= INT_MAX bytes. Also add explicit checks in ext4_xattr_block_get() and ext4_xattr_ibody_get() just in case the xattr block is corrupted in memory. This issue has been assigned CVE-2018-1095. https://bugzilla.kernel.org/show_bug.cgi?id=199185 https://bugzilla.redhat.com/show_bug.cgi?id=1560793 Reported-by: Wen Xu <wen.xu(a)gatech.edu> Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org --- fs/ext4/xattr.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index 63656dbafdc4..fea1108c3bea 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -201,6 +201,9 @@ ext4_xattr_check_entries(struct ext4_xattr_entry *entry, void *end, u32 size = le32_to_cpu(entry->e_value_size); void *value; + if (size > INT_MAX) + return -EFSCORRUPTED; + /* * The value cannot overlap the names, and the value * with padding cannot extend beyond 'end'. Check both @@ -523,8 +526,10 @@ ext4_xattr_block_get(struct inode *inode, int name_index, const char *name, if (error) goto cleanup; size = le32_to_cpu(entry->e_value_size); + error = -ERANGE; + if (unlikely(size > INT_MAX)) + goto cleanup; if (buffer) { - error = -ERANGE; if (size > buffer_size) goto cleanup; if (entry->e_value_inum) { @@ -572,8 +577,10 @@ ext4_xattr_ibody_get(struct inode *inode, int name_index, const char *name, if (error) goto cleanup; size = le32_to_cpu(entry->e_value_size); + error = -ERANGE; + if (unlikely(size > INT_MAX)) + goto cleanup; if (buffer) { - error = -ERANGE; if (size > buffer_size) goto cleanup; if (entry->e_value_inum) { -- 2.16.1.72.g5be1f00a9a

7 years, 2 months

2
1
0 0

patch "Revert "USB: serial: ftdi_sio: add Id for Physik Instrumente E-870"" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Revert "USB: serial: ftdi_sio: add Id for Physik Instrumente E-870" to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 5267c5e09c25e2ee6242b37833a9bdf9d97f54a2 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Thu, 29 Mar 2018 14:35:40 +0200 Subject: Revert "USB: serial: ftdi_sio: add Id for Physik Instrumente E-870" This reverts commit 79a0b33165d8d8ec0840fcfc74fd0a8f219abeee. Turns out this is not an FTDI device after all. Fixes: 79a0b33165d8 ("USB: serial: ftdi_sio: add Id for Physik Instrumente E-870") Reported-by: Martin Teichmann <martin.teichmann(a)xfel.eu> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/serial/ftdi_sio.c | 1 - drivers/usb/serial/ftdi_sio_ids.h | 1 - 2 files changed, 2 deletions(-) diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c index 566f25781ea0..87202ad5a50d 100644 --- a/drivers/usb/serial/ftdi_sio.c +++ b/drivers/usb/serial/ftdi_sio.c @@ -894,7 +894,6 @@ static const struct usb_device_id id_table_combined[] = { { USB_DEVICE(PI_VID, PI_1014_PID) }, { USB_DEVICE(PI_VID, PI_1015_PID) }, { USB_DEVICE(PI_VID, PI_1016_PID) }, - { USB_DEVICE(PI_VID, PI_E870_PID) }, { USB_DEVICE(KONDO_VID, KONDO_USB_SERIAL_PID) }, { USB_DEVICE(BAYER_VID, BAYER_CONTOUR_CABLE_PID) }, { USB_DEVICE(FTDI_VID, MARVELL_OPENRD_PID), diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h index f7790758de7c..975d02666c5a 100644 --- a/drivers/usb/serial/ftdi_sio_ids.h +++ b/drivers/usb/serial/ftdi_sio_ids.h @@ -981,7 +981,6 @@ #define PI_1014_PID 0x1014 /* PI Device */ #define PI_1015_PID 0x1015 /* PI Device */ #define PI_1016_PID 0x1016 /* PI Digital Servo Module */ -#define PI_E870_PID 0x1019 /* PI E-870 Piezomotor Controller */ /* * Kondo Kagaku Co.Ltd. -- 2.16.3

7 years, 2 months

1
0
0 0

patch "usb: musb: gadget: misplaced out of bounds check" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: musb: gadget: misplaced out of bounds check to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From af6f8529098aeb0e56a68671b450cf74e7a64fcd Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt <xypron.glpk(a)gmx.de> Date: Thu, 29 Mar 2018 10:48:28 -0500 Subject: usb: musb: gadget: misplaced out of bounds check musb->endpoints[] has array size MUSB_C_NUM_EPS. We must check array bounds before accessing the array and not afterwards. Signed-off-by: Heinrich Schuchardt <xypron.glpk(a)gmx.de> Signed-off-by: Bin Liu <b-liu(a)ti.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/musb/musb_gadget_ep0.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/drivers/usb/musb/musb_gadget_ep0.c b/drivers/usb/musb/musb_gadget_ep0.c index 18da4873e52e..91a5027b5c1f 100644 --- a/drivers/usb/musb/musb_gadget_ep0.c +++ b/drivers/usb/musb/musb_gadget_ep0.c @@ -89,15 +89,19 @@ static int service_tx_status_request( } is_in = epnum & USB_DIR_IN; - if (is_in) { - epnum &= 0x0f; + epnum &= 0x0f; + if (epnum >= MUSB_C_NUM_EPS) { + handled = -EINVAL; + break; + } + + if (is_in) ep = &musb->endpoints[epnum].ep_in; - } else { + else ep = &musb->endpoints[epnum].ep_out; - } regs = musb->endpoints[epnum].regs; - if (epnum >= MUSB_C_NUM_EPS || !ep->desc) { + if (!ep->desc) { handled = -EINVAL; break; } -- 2.16.3

7 years, 2 months

1
0
0 0

[PATCH AUTOSEL for 4.4 001/115] Input: tsc2007 - check for presence and power down tsc2007 during probe

by Sasha Levin

From: "H. Nikolaus Schaller" <hns(a)goldelico.com> [ Upstream commit 934df23171e7c5b71d937104d4957891c39748ff ] 1. check if chip is really present and don't succeed if it isn't. 2. if it succeeds, power down the chip until accessed Signed-off-by: H. Nikolaus Schaller <hns(a)goldelico.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/input/touchscreen/tsc2007.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/input/touchscreen/tsc2007.c b/drivers/input/touchscreen/tsc2007.c index 5d0cd51c6f41..a4b7b4c3d27b 100644 --- a/drivers/input/touchscreen/tsc2007.c +++ b/drivers/input/touchscreen/tsc2007.c @@ -455,6 +455,14 @@ static int tsc2007_probe(struct i2c_client *client, tsc2007_stop(ts); + /* power down the chip (TSC2007_SETUP does not ACK on I2C) */ + err = tsc2007_xfer(ts, PWRDOWN); + if (err < 0) { + dev_err(&client->dev, + "Failed to setup chip: %d\n", err); + return err; /* usually, chip does not respond */ + } + err = input_register_device(input_dev); if (err) { dev_err(&client->dev, -- 2.14.1

7 years, 2 months

4
117
0 0

[PATCH] mtd: nand: atmel: Fix get_sectorsize() function

by Boris Brezillon

get_sectorsize() was not using the appropriate macro to extract the ECC sector size from the config cache, which led to buggy ECC when using 1024 byte sectors. Fixes: f88fc122cc34 ("mtd: nand: Cleanup/rework the atmel_nand driver") Cc: <stable(a)vger.kernel.org> Reported-by: Olivier Schonken <olivier.schonken(a)gmail.com> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- drivers/mtd/nand/atmel/pmecc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/nand/atmel/pmecc.c b/drivers/mtd/nand/atmel/pmecc.c index 8268636675ef..4124bf91bee6 100644 --- a/drivers/mtd/nand/atmel/pmecc.c +++ b/drivers/mtd/nand/atmel/pmecc.c @@ -426,7 +426,7 @@ static int get_strength(struct atmel_pmecc_user *user) static int get_sectorsize(struct atmel_pmecc_user *user) { - return user->cache.cfg & PMECC_LOOKUP_TABLE_SIZE_1024 ? 1024 : 512; + return user->cache.cfg & PMECC_CFG_SECTOR1024 ? 1024 : 512; } static void atmel_pmecc_gen_syndrome(struct atmel_pmecc_user *user, int sector) -- 2.14.1

7 years, 2 months

4
4
0 0

patch "Revert "USB: serial: ftdi_sio: add Id for Physik Instrumente E-870"" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Revert "USB: serial: ftdi_sio: add Id for Physik Instrumente E-870" to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 5267c5e09c25e2ee6242b37833a9bdf9d97f54a2 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Thu, 29 Mar 2018 14:35:40 +0200 Subject: Revert "USB: serial: ftdi_sio: add Id for Physik Instrumente E-870" This reverts commit 79a0b33165d8d8ec0840fcfc74fd0a8f219abeee. Turns out this is not an FTDI device after all. Fixes: 79a0b33165d8 ("USB: serial: ftdi_sio: add Id for Physik Instrumente E-870") Reported-by: Martin Teichmann <martin.teichmann(a)xfel.eu> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/serial/ftdi_sio.c | 1 - drivers/usb/serial/ftdi_sio_ids.h | 1 - 2 files changed, 2 deletions(-) diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c index 566f25781ea0..87202ad5a50d 100644 --- a/drivers/usb/serial/ftdi_sio.c +++ b/drivers/usb/serial/ftdi_sio.c @@ -894,7 +894,6 @@ static const struct usb_device_id id_table_combined[] = { { USB_DEVICE(PI_VID, PI_1014_PID) }, { USB_DEVICE(PI_VID, PI_1015_PID) }, { USB_DEVICE(PI_VID, PI_1016_PID) }, - { USB_DEVICE(PI_VID, PI_E870_PID) }, { USB_DEVICE(KONDO_VID, KONDO_USB_SERIAL_PID) }, { USB_DEVICE(BAYER_VID, BAYER_CONTOUR_CABLE_PID) }, { USB_DEVICE(FTDI_VID, MARVELL_OPENRD_PID), diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h index f7790758de7c..975d02666c5a 100644 --- a/drivers/usb/serial/ftdi_sio_ids.h +++ b/drivers/usb/serial/ftdi_sio_ids.h @@ -981,7 +981,6 @@ #define PI_1014_PID 0x1014 /* PI Device */ #define PI_1015_PID 0x1015 /* PI Device */ #define PI_1016_PID 0x1016 /* PI Digital Servo Module */ -#define PI_E870_PID 0x1019 /* PI E-870 Piezomotor Controller */ /* * Kondo Kagaku Co.Ltd. -- 2.16.3

7 years, 2 months

1
0
0 0

patch "usb: musb: gadget: misplaced out of bounds check" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: musb: gadget: misplaced out of bounds check to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From af6f8529098aeb0e56a68671b450cf74e7a64fcd Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt <xypron.glpk(a)gmx.de> Date: Thu, 29 Mar 2018 10:48:28 -0500 Subject: usb: musb: gadget: misplaced out of bounds check musb->endpoints[] has array size MUSB_C_NUM_EPS. We must check array bounds before accessing the array and not afterwards. Signed-off-by: Heinrich Schuchardt <xypron.glpk(a)gmx.de> Signed-off-by: Bin Liu <b-liu(a)ti.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/musb/musb_gadget_ep0.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/drivers/usb/musb/musb_gadget_ep0.c b/drivers/usb/musb/musb_gadget_ep0.c index 18da4873e52e..91a5027b5c1f 100644 --- a/drivers/usb/musb/musb_gadget_ep0.c +++ b/drivers/usb/musb/musb_gadget_ep0.c @@ -89,15 +89,19 @@ static int service_tx_status_request( } is_in = epnum & USB_DIR_IN; - if (is_in) { - epnum &= 0x0f; + epnum &= 0x0f; + if (epnum >= MUSB_C_NUM_EPS) { + handled = -EINVAL; + break; + } + + if (is_in) ep = &musb->endpoints[epnum].ep_in; - } else { + else ep = &musb->endpoints[epnum].ep_out; - } regs = musb->endpoints[epnum].regs; - if (epnum >= MUSB_C_NUM_EPS || !ep->desc) { + if (!ep->desc) { handled = -EINVAL; break; } -- 2.16.3

7 years, 2 months

1
0
0 0

[PATCH 1/1] hugetlbfs: fix bug in pgoff overflow checking

by Mike Kravetz

This is a fix for a regression in 32 bit kernels caused by an invalid check for pgoff overflow in hugetlbfs mmap setup. The check incorrectly specified that the size of a loff_t was the same as the size of a long. The regression prevents mapping hugetlbfs files at offset greater than 4GB on 32 bit kernels. Fix the check by using sizeof(loff_t) to get size. In addition, make sure pgoff + length can be represented by a signed long huge page offset. This check is only necessary on 32 bit kernels. Fixes: 63489f8e8211 ("hugetlbfs: check for pgoff value overflow") Cc: <stable(a)vger.kernel.org> Reported-by: Dan Rue <dan.rue(a)linaro.org> Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> --- fs/hugetlbfs/inode.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index b9a254dcc0e7..8450a1d75dfa 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -116,7 +116,8 @@ static void huge_pagevec_release(struct pagevec *pvec) * bit into account. */ #define PGOFF_LOFFT_MAX \ - (((1UL << (PAGE_SHIFT + 1)) - 1) << (BITS_PER_LONG - (PAGE_SHIFT + 1))) + (((1UL << (PAGE_SHIFT + 1)) - 1) << \ + ((sizeof(loff_t) * BITS_PER_BYTE) - (PAGE_SHIFT + 1))) static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma) { @@ -138,21 +139,32 @@ static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma) /* * page based offset in vm_pgoff could be sufficiently large to - * overflow a (l)off_t when converted to byte offset. + * overflow a loff_t when converted to byte offset. */ - if (vma->vm_pgoff & PGOFF_LOFFT_MAX) + if ((loff_t)vma->vm_pgoff & (loff_t)PGOFF_LOFFT_MAX) return -EINVAL; - /* must be huge page aligned */ + /* vm_pgoff must be huge page aligned */ if (vma->vm_pgoff & (~huge_page_mask(h) >> PAGE_SHIFT)) return -EINVAL; + /* + * Compute file offset of the end of this mapping + */ vma_len = (loff_t)(vma->vm_end - vma->vm_start); len = vma_len + ((loff_t)vma->vm_pgoff << PAGE_SHIFT); - /* check for overflow */ + + /* Check to ensure this did not overflow loff_t */ if (len < vma_len) return -EINVAL; + /* + * On 32 bit systems, this check is necessary to ensure the last page + * of mapping can be represented as a signed long huge page index. + */ + if ((len >> huge_page_shift(h)) > LONG_MAX) + return -EINVAL; + inode_lock(inode); file_accessed(file); -- 2.13.6

7 years, 2 months

2
1
0 0

[PATCH v2 1/4] virt: vbox: Move declarations of vboxguest private functions to private header

by Hans de Goede

Move the declarations of functions from vboxguest_utils.c which are only meant for vboxguest internal use from include/linux/vbox_utils.h to drivers/virt/vboxguest/vboxguest_core.h. Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/virt/vboxguest/vboxguest_core.h | 8 ++++++++ include/linux/vbox_utils.h | 23 ----------------------- 2 files changed, 8 insertions(+), 23 deletions(-) diff --git a/drivers/virt/vboxguest/vboxguest_core.h b/drivers/virt/vboxguest/vboxguest_core.h index 6c784bf4fa6d..39ed85cf9244 100644 --- a/drivers/virt/vboxguest/vboxguest_core.h +++ b/drivers/virt/vboxguest/vboxguest_core.h @@ -171,4 +171,12 @@ irqreturn_t vbg_core_isr(int irq, void *dev_id); void vbg_linux_mouse_event(struct vbg_dev *gdev); +/* Private (non exported) functions form vboxguest_utils.c */ +void *vbg_req_alloc(size_t len, enum vmmdev_request_type req_type); +int vbg_req_perform(struct vbg_dev *gdev, void *req); +int vbg_hgcm_call32( + struct vbg_dev *gdev, u32 client_id, u32 function, u32 timeout_ms, + struct vmmdev_hgcm_function_parameter32 *parm32, u32 parm_count, + int *vbox_status); + #endif diff --git a/include/linux/vbox_utils.h b/include/linux/vbox_utils.h index c71def6b310f..a240ed2a0372 100644 --- a/include/linux/vbox_utils.h +++ b/include/linux/vbox_utils.h @@ -24,24 +24,6 @@ __printf(1, 2) void vbg_debug(const char *fmt, ...); #define vbg_debug pr_debug #endif -/** - * Allocate memory for generic request and initialize the request header. - * - * Return: the allocated memory - * @len: Size of memory block required for the request. - * @req_type: The generic request type. - */ -void *vbg_req_alloc(size_t len, enum vmmdev_request_type req_type); - -/** - * Perform a generic request. - * - * Return: VBox status code - * @gdev: The Guest extension device. - * @req: Pointer to the request structure. - */ -int vbg_req_perform(struct vbg_dev *gdev, void *req); - int vbg_hgcm_connect(struct vbg_dev *gdev, struct vmmdev_hgcm_service_location *loc, u32 *client_id, int *vbox_status); @@ -52,11 +34,6 @@ int vbg_hgcm_call(struct vbg_dev *gdev, u32 client_id, u32 function, u32 timeout_ms, struct vmmdev_hgcm_function_parameter *parms, u32 parm_count, int *vbox_status); -int vbg_hgcm_call32( - struct vbg_dev *gdev, u32 client_id, u32 function, u32 timeout_ms, - struct vmmdev_hgcm_function_parameter32 *parm32, u32 parm_count, - int *vbox_status); - /** * Convert a VirtualBox status code to a standard Linux kernel return value. * Return: 0 or negative errno value. -- 2.17.0.rc1

7 years, 2 months

1
2
0 0

[PATCH v4 2/6] PCI: aardvark: Fix logic in advk_pcie_valid_device()

by Thomas Petazzoni

From: Victor Gu <xigu(a)marvell.com> The PCI configuration space read/write functions were special casing the situation where PCI_SLOT(devfn) != 0, and returned PCIBIOS_DEVICE_NOT_FOUND in this case. However, while this is what is intended for the root bus, it is not intended for the child busses, as it prevents discovering devices with PCI_SLOT(x) != 0. Therefore, we return PCIBIOS_DEVICE_NOT_FOUND only if we're on the root bus. Fixes: 8c39d710363c1 ("PCI: aardvark: Add Aardvark PCI host controller driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Victor Gu <xigu(a)marvell.com> Reviewed-by: Wilson Ding <dingwei(a)marvell.com> Reviewed-by: Nadav Haklai <nadavh(a)marvell.com> [Thomas: tweak commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> --- Changes since v2: - The logic has been factorized into a advk_pcie_valid_device() helper in a previous patch, so this patch was adjusted accordingly. --- drivers/pci/host/pci-aardvark.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/host/pci-aardvark.c b/drivers/pci/host/pci-aardvark.c index 82bff709a4b3..9d7f9f1c6837 100644 --- a/drivers/pci/host/pci-aardvark.c +++ b/drivers/pci/host/pci-aardvark.c @@ -433,7 +433,7 @@ static int advk_pcie_wait_pio(struct advk_pcie *pcie) static bool advk_pcie_valid_device(struct advk_pcie *pcie, struct pci_bus *bus, int devfn) { - if (PCI_SLOT(devfn) != 0) + if ((bus->number == pcie->root_bus_nr) && PCI_SLOT(devfn) != 0) return false; return true; -- 2.14.3

7 years, 2 months

2
2
0 0

[PATCH] media: v4l2-compat-ioctl32: don't oops on overlay

by Mauro Carvalho Chehab

At put_v4l2_window32(), it tries to access kp->clips. However, kp points to an userspace pointer. So, it should be obtained via get_user(), otherwise it can OOPS: vivid-000: ================== END STATUS ================== BUG: unable to handle kernel paging request at 00000000fffb18e0 IP: [<ffffffffc05468d9>] __put_v4l2_format32+0x169/0x220 [videodev] PGD 3f5776067 PUD 3f576f067 PMD 3f5769067 PTE 800000042548f067 Oops: 0001 [#1] SMP Modules linked in: vivid videobuf2_vmalloc videobuf2_memops v4l2_dv_timings videobuf2_core v4l2_common videodev media xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack tun bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables bluetooth rfkill binfmt_misc snd_hda_codec_hdmi i915 snd_hda_intel snd_hda_controller snd_hda_codec intel_rapl x86_pkg_temp_thermal snd_hwdep intel_powerclamp snd_pcm coretemp snd_seq_midi kvm_intel kvm snd_seq_midi_event snd_rawmidi i2c_algo_bit drm_kms_helper snd_seq drm crct10dif_pclmul e1000e snd_seq_device crc32_pclmul snd_timer ghash_clmulni_intel snd mei_me mei ptp pps_core soundcore lpc_ich video crc32c_intel [last unloaded: media] CPU: 2 PID: 28332 Comm: v4l2-compliance Not tainted 3.18.102+ #107 Hardware name: /NUC5i7RYB, BIOS RYBDWi35.86A.0364.2017.0511.0949 05/11/2017 task: ffff8804293f8000 ti: ffff8803f5640000 task.ti: ffff8803f5640000 RIP: 0010:[<ffffffffc05468d9>] [<ffffffffc05468d9>] __put_v4l2_format32+0x169/0x220 [videodev] RSP: 0018:ffff8803f5643e28 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000fffb1ab4 RDX: 00000000fffb1a68 RSI: 00000000fffb18d8 RDI: 00000000fffb1aa8 RBP: ffff8803f5643e48 R08: 0000000000000001 R09: ffff8803f54b0378 R10: 0000000000000000 R11: 0000000000000168 R12: 00000000fffb18c0 R13: 00000000fffb1a94 R14: 00000000fffb18c8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff880456d00000(0063) knlGS:00000000f7100980 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 00000000fffb18e0 CR3: 00000003f552b000 CR4: 00000000003407e0 Stack: 00000000fffb1a94 00000000c0cc5640 0000000000000056 ffff8804274f3600 ffff8803f5643ed0 ffffffffc0547e16 0000000000000003 ffff8803f5643eb0 ffffffff81301460 ffff88009db44b01 ffff880441942520 ffff8800c0d05640 Call Trace: [<ffffffffc0547e16>] v4l2_compat_ioctl32+0x12d6/0x1b1d [videodev] [<ffffffff81301460>] ? file_has_perm+0x70/0xc0 [<ffffffff81252a2c>] compat_SyS_ioctl+0xec/0x1200 [<ffffffff8173241a>] sysenter_dispatch+0x7/0x21 Code: 00 00 48 8b 80 48 c0 ff ff 48 83 e8 38 49 39 c6 0f 87 2b ff ff ff 49 8d 45 1c e8 a3 ce e3 c0 85 c0 0f 85 1a ff ff ff 41 8d 40 ff <4d> 8b 64 24 20 41 89 d5 48 8d 44 40 03 4d 8d 34 c4 eb 15 0f 1f RIP [<ffffffffc05468d9>] __put_v4l2_format32+0x169/0x220 [videodev] RSP <ffff8803f5643e28> CR2: 00000000fffb18e0 Tested with vivid driver on Kernel v3.18.102. Same bug happens upstream too: BUG: KASAN: user-memory-access in __put_v4l2_format32+0x98/0x4d0 [videodev] Read of size 8 at addr 00000000ffe48400 by task v4l2-compliance/8713 CPU: 0 PID: 8713 Comm: v4l2-compliance Not tainted 4.16.0-rc4+ #108 Hardware name: /NUC5i7RYB, BIOS RYBDWi35.86A.0364.2017.0511.0949 05/11/2017 Call Trace: dump_stack+0x5c/0x7c kasan_report+0x164/0x380 ? __put_v4l2_format32+0x98/0x4d0 [videodev] __put_v4l2_format32+0x98/0x4d0 [videodev] v4l2_compat_ioctl32+0x1aec/0x27a0 [videodev] ? __fsnotify_inode_delete+0x20/0x20 ? __put_v4l2_format32+0x4d0/0x4d0 [videodev] compat_SyS_ioctl+0x646/0x14d0 ? do_ioctl+0x30/0x30 do_fast_syscall_32+0x191/0x3f4 entry_SYSENTER_compat+0x6b/0x7a ================================================================== Disabling lock debugging due to kernel taint BUG: unable to handle kernel paging request at 00000000ffe48400 IP: __put_v4l2_format32+0x98/0x4d0 [videodev] PGD 3a22fb067 P4D 3a22fb067 PUD 39b6f0067 PMD 39b6f1067 PTE 80000003256af067 Oops: 0001 [#1] SMP KASAN Modules linked in: vivid videobuf2_vmalloc videobuf2_dma_contig videobuf2_memops v4l2_tpg v4l2_dv_timings videobuf2_v4l2 videobuf2_common v4l2_common videodev xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack libcrc32c tun bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables bluetooth rfkill ecdh_generic binfmt_misc snd_hda_codec_hdmi intel_rapl x86_pkg_temp_thermal intel_powerclamp i915 coretemp snd_hda_intel snd_hda_codec kvm_intel snd_hwdep snd_hda_core kvm snd_pcm irqbypass crct10dif_pclmul crc32_pclmul snd_seq_midi ghash_clmulni_intel snd_seq_midi_event i2c_algo_bit intel_cstate snd_rawmidi intel_uncore snd_seq drm_kms_helper e1000e snd_seq_device snd_timer intel_rapl_perf drm ptp snd mei_me mei lpc_ich pps_core soundcore video crc32c_intel CPU: 0 PID: 8713 Comm: v4l2-compliance Tainted: G B 4.16.0-rc4+ #108 Hardware name: /NUC5i7RYB, BIOS RYBDWi35.86A.0364.2017.0511.0949 05/11/2017 RIP: 0010:__put_v4l2_format32+0x98/0x4d0 [videodev] RSP: 0018:ffff8803b9be7d30 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff8803ac983e80 RCX: ffffffff8cd929f2 RDX: 1ffffffff1d0a149 RSI: 0000000000000297 RDI: 0000000000000297 RBP: 00000000ffe485c0 R08: fffffbfff1cf5123 R09: ffffffff8e7a8948 R10: 0000000000000001 R11: fffffbfff1cf5122 R12: 00000000ffe483e0 R13: 00000000ffe485c4 R14: ffff8803ac985918 R15: 00000000ffe483e8 FS: 0000000000000000(0000) GS:ffff880407400000(0063) knlGS:00000000f7a46980 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 00000000ffe48400 CR3: 00000003a83f2003 CR4: 00000000003606f0 Call Trace: v4l2_compat_ioctl32+0x1aec/0x27a0 [videodev] ? __fsnotify_inode_delete+0x20/0x20 ? __put_v4l2_format32+0x4d0/0x4d0 [videodev] compat_SyS_ioctl+0x646/0x14d0 ? do_ioctl+0x30/0x30 do_fast_syscall_32+0x191/0x3f4 entry_SYSENTER_compat+0x6b/0x7a Code: 4c 89 f7 4d 8d 7c 24 08 e8 e6 a4 69 cb 48 8b 83 98 1a 00 00 48 83 e8 10 49 39 c7 0f 87 9d 01 00 00 49 8d 7c 24 20 e8 c8 a4 69 cb <4d> 8b 74 24 20 4c 89 ef 4c 89 fe ba 10 00 00 00 e8 23 d9 08 cc RIP: __put_v4l2_format32+0x98/0x4d0 [videodev] RSP: ffff8803b9be7d30 CR2: 00000000ffe48400 cc: stable(a)vger.kernel.org Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index 5198c9eeb348..4312935f1dfc 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -101,7 +101,7 @@ static int get_v4l2_window32(struct v4l2_window __user *kp, static int put_v4l2_window32(struct v4l2_window __user *kp, struct v4l2_window32 __user *up) { - struct v4l2_clip __user *kclips = kp->clips; + struct v4l2_clip __user *kclips; struct v4l2_clip32 __user *uclips; compat_caddr_t p; u32 clipcount; @@ -116,6 +116,8 @@ static int put_v4l2_window32(struct v4l2_window __user *kp, if (!clipcount) return 0; + if (get_user(kclips, &kp->clips)) + return -EFAULT; if (get_user(p, &up->clips)) return -EFAULT; uclips = compat_ptr(p); -- 2.14.3

7 years, 2 months

4
7
0 0

patch "USB: serial: ftdi_sio: add Id for Physik Instrumente E-870" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: ftdi_sio: add Id for Physik Instrumente E-870 to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 79a0b33165d8d8ec0840fcfc74fd0a8f219abeee Mon Sep 17 00:00:00 2001 From: "Teichmann, Martin" <martin.teichmann(a)xfel.eu> Date: Thu, 29 Mar 2018 08:39:37 +0200 Subject: USB: serial: ftdi_sio: add Id for Physik Instrumente E-870 This adds support for the Physik Instrumente E-870 PIShift Drive Electronics, a Piezo motor driver. Signed-off-by: Martin Teichmann <martin.teichmann(a)xfel.eu> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/ftdi_sio.c | 1 + drivers/usb/serial/ftdi_sio_ids.h | 1 + 2 files changed, 2 insertions(+) diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c index f58c4ff6b387..85774cf4cc8f 100644 --- a/drivers/usb/serial/ftdi_sio.c +++ b/drivers/usb/serial/ftdi_sio.c @@ -893,6 +893,7 @@ static const struct usb_device_id id_table_combined[] = { { USB_DEVICE(PI_VID, PI_1014_PID) }, { USB_DEVICE(PI_VID, PI_1015_PID) }, { USB_DEVICE(PI_VID, PI_1016_PID) }, + { USB_DEVICE(PI_VID, PI_E870_PID) }, { USB_DEVICE(KONDO_VID, KONDO_USB_SERIAL_PID) }, { USB_DEVICE(BAYER_VID, BAYER_CONTOUR_CABLE_PID) }, { USB_DEVICE(FTDI_VID, MARVELL_OPENRD_PID), diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h index 8b4ecd2bd297..14dff44a2a93 100644 --- a/drivers/usb/serial/ftdi_sio_ids.h +++ b/drivers/usb/serial/ftdi_sio_ids.h @@ -978,6 +978,7 @@ #define PI_1014_PID 0x1014 /* PI Device */ #define PI_1015_PID 0x1015 /* PI Device */ #define PI_1016_PID 0x1016 /* PI Digital Servo Module */ +#define PI_E870_PID 0x1019 /* PI E-870 Piezomotor Controller */ /* * Kondo Kagaku Co.Ltd. -- 2.16.3

7 years, 2 months

3
2
0 0

[PATCH] Revert "USB: serial: ftdi_sio: add Id for Physik Instrumente E-870"

by Johan Hovold

This reverts commit 79a0b33165d8d8ec0840fcfc74fd0a8f219abeee. Turns out this is not an FTDI device after all. Reported-by: Martin Teichmann <martin.teichmann(a)xfel.eu> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- Greg, I included the stable tag above as the offending patch had it, but I will try to remember to speak out in case it gets added to the stable queue in the first place. Thanks, Johan drivers/usb/serial/ftdi_sio.c | 1 - drivers/usb/serial/ftdi_sio_ids.h | 1 - 2 files changed, 2 deletions(-) diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c index 85774cf4cc8f..f58c4ff6b387 100644 --- a/drivers/usb/serial/ftdi_sio.c +++ b/drivers/usb/serial/ftdi_sio.c @@ -893,7 +893,6 @@ static const struct usb_device_id id_table_combined[] = { { USB_DEVICE(PI_VID, PI_1014_PID) }, { USB_DEVICE(PI_VID, PI_1015_PID) }, { USB_DEVICE(PI_VID, PI_1016_PID) }, - { USB_DEVICE(PI_VID, PI_E870_PID) }, { USB_DEVICE(KONDO_VID, KONDO_USB_SERIAL_PID) }, { USB_DEVICE(BAYER_VID, BAYER_CONTOUR_CABLE_PID) }, { USB_DEVICE(FTDI_VID, MARVELL_OPENRD_PID), diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h index 14dff44a2a93..8b4ecd2bd297 100644 --- a/drivers/usb/serial/ftdi_sio_ids.h +++ b/drivers/usb/serial/ftdi_sio_ids.h @@ -978,7 +978,6 @@ #define PI_1014_PID 0x1014 /* PI Device */ #define PI_1015_PID 0x1015 /* PI Device */ #define PI_1016_PID 0x1016 /* PI Digital Servo Module */ -#define PI_E870_PID 0x1019 /* PI E-870 Piezomotor Controller */ /* * Kondo Kagaku Co.Ltd. -- 2.16.3

7 years, 2 months

1
0
0 0

patch "USB: serial: ftdi_sio: add Id for Physik Instrumente E-870" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: ftdi_sio: add Id for Physik Instrumente E-870 to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 79a0b33165d8d8ec0840fcfc74fd0a8f219abeee Mon Sep 17 00:00:00 2001 From: "Teichmann, Martin" <martin.teichmann(a)xfel.eu> Date: Thu, 29 Mar 2018 08:39:37 +0200 Subject: USB: serial: ftdi_sio: add Id for Physik Instrumente E-870 This adds support for the Physik Instrumente E-870 PIShift Drive Electronics, a Piezo motor driver. Signed-off-by: Martin Teichmann <martin.teichmann(a)xfel.eu> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/ftdi_sio.c | 1 + drivers/usb/serial/ftdi_sio_ids.h | 1 + 2 files changed, 2 insertions(+) diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c index f58c4ff6b387..85774cf4cc8f 100644 --- a/drivers/usb/serial/ftdi_sio.c +++ b/drivers/usb/serial/ftdi_sio.c @@ -893,6 +893,7 @@ static const struct usb_device_id id_table_combined[] = { { USB_DEVICE(PI_VID, PI_1014_PID) }, { USB_DEVICE(PI_VID, PI_1015_PID) }, { USB_DEVICE(PI_VID, PI_1016_PID) }, + { USB_DEVICE(PI_VID, PI_E870_PID) }, { USB_DEVICE(KONDO_VID, KONDO_USB_SERIAL_PID) }, { USB_DEVICE(BAYER_VID, BAYER_CONTOUR_CABLE_PID) }, { USB_DEVICE(FTDI_VID, MARVELL_OPENRD_PID), diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h index 8b4ecd2bd297..14dff44a2a93 100644 --- a/drivers/usb/serial/ftdi_sio_ids.h +++ b/drivers/usb/serial/ftdi_sio_ids.h @@ -978,6 +978,7 @@ #define PI_1014_PID 0x1014 /* PI Device */ #define PI_1015_PID 0x1015 /* PI Device */ #define PI_1016_PID 0x1016 /* PI Digital Servo Module */ +#define PI_E870_PID 0x1019 /* PI E-870 Piezomotor Controller */ /* * Kondo Kagaku Co.Ltd. -- 2.16.3

7 years, 2 months

1
0
0 0

[PATCH v4 3/7] phy: qcom-qusb2: Fix crash if nvmem cell not specified

by Manu Gautam

Driver currently crashes due to NULL pointer deference while updating PHY tune register if nvmem cell is NULL. Since, fused value for Tune1/2 register is optional, we'd rather bail out. Fixes: ca04d9d3e1b1 ("phy: qcom-qusb2: New driver for QUSB2 PHY on Qcom chips") Reviewed-by: Vivek Gautam <vivek.gautam(a)codeaurora.org> Reviewed-by: Evan Green <evgreen(a)chromium.org> Cc: stable <stable(a)vger.kernel.org> # 4.14+ Signed-off-by: Manu Gautam <mgautam(a)codeaurora.org> --- drivers/phy/qualcomm/phy-qcom-qusb2.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/phy/qualcomm/phy-qcom-qusb2.c b/drivers/phy/qualcomm/phy-qcom-qusb2.c index 94afeac..40fdef8 100644 --- a/drivers/phy/qualcomm/phy-qcom-qusb2.c +++ b/drivers/phy/qualcomm/phy-qcom-qusb2.c @@ -315,6 +315,10 @@ static void qusb2_phy_set_tune2_param(struct qusb2_phy *qphy) const struct qusb2_phy_cfg *cfg = qphy->cfg; u8 *val; + /* efuse register is optional */ + if (!qphy->cell) + return; + /* * Read efuse register having TUNE2/1 parameter's high nibble. * If efuse register shows value as 0x0, or if we fail to find -- The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project

7 years, 2 months

1
0
0 0

Patch "net: hns: Fix a skb used after free bug" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: hns: Fix a skb used after free bug to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-hns-fix-a-skb-used-after-free-bug.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 27463ad99f738ed93c7c8b3e2e5bc8c4853a2ff2 Mon Sep 17 00:00:00 2001 From: Yunsheng Lin <linyunsheng(a)huawei.com> Date: Thu, 6 Jul 2017 10:22:00 +0800 Subject: net: hns: Fix a skb used after free bug From: Yunsheng Lin <linyunsheng(a)huawei.com> commit 27463ad99f738ed93c7c8b3e2e5bc8c4853a2ff2 upstream. skb maybe freed in hns_nic_net_xmit_hw() and return NETDEV_TX_OK, which cause hns_nic_net_xmit to use a freed skb. BUG: KASAN: use-after-free in hns_nic_net_xmit_hw+0x62c/0x940... [17659.112635] alloc_debug_processing+0x18c/0x1a0 [17659.117208] __slab_alloc+0x52c/0x560 [17659.120909] kmem_cache_alloc_node+0xac/0x2c0 [17659.125309] __alloc_skb+0x6c/0x260 [17659.128837] tcp_send_ack+0x8c/0x280 [17659.132449] __tcp_ack_snd_check+0x9c/0xf0 [17659.136587] tcp_rcv_established+0x5a4/0xa70 [17659.140899] tcp_v4_do_rcv+0x27c/0x620 [17659.144687] tcp_prequeue_process+0x108/0x170 [17659.149085] tcp_recvmsg+0x940/0x1020 [17659.152787] inet_recvmsg+0x124/0x180 [17659.156488] sock_recvmsg+0x64/0x80 [17659.160012] SyS_recvfrom+0xd8/0x180 [17659.163626] __sys_trace_return+0x0/0x4 [17659.167506] INFO: Freed in kfree_skbmem+0xa0/0xb0 age=23 cpu=1 pid=13 [17659.174000] free_debug_processing+0x1d4/0x2c0 [17659.178486] __slab_free+0x240/0x390 [17659.182100] kmem_cache_free+0x24c/0x270 [17659.186062] kfree_skbmem+0xa0/0xb0 [17659.189587] __kfree_skb+0x28/0x40 [17659.193025] napi_gro_receive+0x168/0x1c0 [17659.197074] hns_nic_rx_up_pro+0x58/0x90 [17659.201038] hns_nic_rx_poll_one+0x518/0xbc0 [17659.205352] hns_nic_common_poll+0x94/0x140 [17659.209576] net_rx_action+0x458/0x5e0 [17659.213363] __do_softirq+0x1b8/0x480 [17659.217062] run_ksoftirqd+0x64/0x80 [17659.220679] smpboot_thread_fn+0x224/0x310 [17659.224821] kthread+0x150/0x170 [17659.228084] ret_from_fork+0x10/0x40 BUG: KASAN: use-after-free in hns_nic_net_xmit+0x8c/0xc0... [17751.080490] __slab_alloc+0x52c/0x560 [17751.084188] kmem_cache_alloc+0x244/0x280 [17751.088238] __build_skb+0x40/0x150 [17751.091764] build_skb+0x28/0x100 [17751.095115] __alloc_rx_skb+0x94/0x150 [17751.098900] __napi_alloc_skb+0x34/0x90 [17751.102776] hns_nic_rx_poll_one+0x180/0xbc0 [17751.107097] hns_nic_common_poll+0x94/0x140 [17751.111333] net_rx_action+0x458/0x5e0 [17751.115123] __do_softirq+0x1b8/0x480 [17751.118823] run_ksoftirqd+0x64/0x80 [17751.122437] smpboot_thread_fn+0x224/0x310 [17751.126575] kthread+0x150/0x170 [17751.129838] ret_from_fork+0x10/0x40 [17751.133454] INFO: Freed in kfree_skbmem+0xa0/0xb0 age=19 cpu=7 pid=43 [17751.139951] free_debug_processing+0x1d4/0x2c0 [17751.144436] __slab_free+0x240/0x390 [17751.148051] kmem_cache_free+0x24c/0x270 [17751.152014] kfree_skbmem+0xa0/0xb0 [17751.155543] __kfree_skb+0x28/0x40 [17751.159022] napi_gro_receive+0x168/0x1c0 [17751.163074] hns_nic_rx_up_pro+0x58/0x90 [17751.167041] hns_nic_rx_poll_one+0x518/0xbc0 [17751.171358] hns_nic_common_poll+0x94/0x140 [17751.175585] net_rx_action+0x458/0x5e0 [17751.179373] __do_softirq+0x1b8/0x480 [17751.183076] run_ksoftirqd+0x64/0x80 [17751.186691] smpboot_thread_fn+0x224/0x310 [17751.190826] kthread+0x150/0x170 [17751.194093] ret_from_fork+0x10/0x40 Fixes: 13ac695e7ea1 ("net:hns: Add support of Hip06 SoC to the Hislicon Network Subsystem") Signed-off-by: Yunsheng Lin <linyunsheng(a)huawei.com> Signed-off-by: lipeng <lipeng321(a)huawei.com> Reported-by: Jun He <hjat2005(a)huawei.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Erick Reyes <erickreyes(a)google.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 22 ++++++++++------------ drivers/net/ethernet/hisilicon/hns/hns_enet.h | 6 +++--- 2 files changed, 13 insertions(+), 15 deletions(-) --- a/drivers/net/ethernet/hisilicon/hns/hns_enet.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_enet.c @@ -299,9 +299,9 @@ static void fill_tso_desc(struct hnae_ri mtu); } -int hns_nic_net_xmit_hw(struct net_device *ndev, - struct sk_buff *skb, - struct hns_nic_ring_data *ring_data) +netdev_tx_t hns_nic_net_xmit_hw(struct net_device *ndev, + struct sk_buff *skb, + struct hns_nic_ring_data *ring_data) { struct hns_nic_priv *priv = netdev_priv(ndev); struct hnae_ring *ring = ring_data->ring; @@ -360,6 +360,10 @@ int hns_nic_net_xmit_hw(struct net_devic dev_queue = netdev_get_tx_queue(ndev, skb->queue_mapping); netdev_tx_sent_queue(dev_queue, skb->len); + netif_trans_update(ndev); + ndev->stats.tx_bytes += skb->len; + ndev->stats.tx_packets++; + wmb(); /* commit all data before submit */ assert(skb->queue_mapping < priv->ae_handle->q_num); hnae_queue_xmit(priv->ae_handle->qs[skb->queue_mapping], buf_num); @@ -1408,17 +1412,11 @@ static netdev_tx_t hns_nic_net_xmit(stru struct net_device *ndev) { struct hns_nic_priv *priv = netdev_priv(ndev); - int ret; assert(skb->queue_mapping < ndev->ae_handle->q_num); - ret = hns_nic_net_xmit_hw(ndev, skb, - &tx_ring_data(priv, skb->queue_mapping)); - if (ret == NETDEV_TX_OK) { - netif_trans_update(ndev); - ndev->stats.tx_bytes += skb->len; - ndev->stats.tx_packets++; - } - return (netdev_tx_t)ret; + + return hns_nic_net_xmit_hw(ndev, skb, + &tx_ring_data(priv, skb->queue_mapping)); } static int hns_nic_change_mtu(struct net_device *ndev, int new_mtu) --- a/drivers/net/ethernet/hisilicon/hns/hns_enet.h +++ b/drivers/net/ethernet/hisilicon/hns/hns_enet.h @@ -91,8 +91,8 @@ void hns_ethtool_set_ops(struct net_devi void hns_nic_net_reset(struct net_device *ndev); void hns_nic_net_reinit(struct net_device *netdev); int hns_nic_init_phy(struct net_device *ndev, struct hnae_handle *h); -int hns_nic_net_xmit_hw(struct net_device *ndev, - struct sk_buff *skb, - struct hns_nic_ring_data *ring_data); +netdev_tx_t hns_nic_net_xmit_hw(struct net_device *ndev, + struct sk_buff *skb, + struct hns_nic_ring_data *ring_data); #endif /**__HNS_ENET_H */ Patches currently in stable-queue which might be from linyunsheng(a)huawei.com are queue-4.9/net-hns-fix-a-skb-used-after-free-bug.patch

7 years, 2 months

1
0
0 0

[PATCH v4 5/6] PCI: aardvark: Fix PCIe Max Read Request Size setting

by Thomas Petazzoni

From: Evan Wang <xswang(a)marvell.com> There is an obvious typo issue in the definition of the PCIe maximum read request size: a bit shift is directly used as a value, while it should be used to shift the correct value. Fixes: 8c39d710363c1 ("PCI: aardvark: Add Aardvark PCI host controller driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Evan Wang <xswang(a)marvell.com> Reviewed-by: Victor Gu <xigu(a)marvell.com> Reviewed-by: Nadav Haklai <nadavh(a)marvell.com> [Thomas: tweak commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> --- drivers/pci/host/pci-aardvark.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/pci/host/pci-aardvark.c b/drivers/pci/host/pci-aardvark.c index f94bd70a8f6d..69c4fd50947e 100644 --- a/drivers/pci/host/pci-aardvark.c +++ b/drivers/pci/host/pci-aardvark.c @@ -29,6 +29,7 @@ #define PCIE_CORE_DEV_CTRL_STATS_MAX_PAYLOAD_SZ_SHIFT 5 #define PCIE_CORE_DEV_CTRL_STATS_SNOOP_DISABLE (0 << 11) #define PCIE_CORE_DEV_CTRL_STATS_MAX_RD_REQ_SIZE_SHIFT 12 +#define PCIE_CORE_DEV_CTRL_STATS_MAX_RD_REQ_SZ 0x2 #define PCIE_CORE_LINK_CTRL_STAT_REG 0xd0 #define PCIE_CORE_LINK_L0S_ENTRY BIT(0) #define PCIE_CORE_LINK_TRAINING BIT(5) @@ -295,7 +296,8 @@ static void advk_pcie_setup_hw(struct advk_pcie *pcie) reg = PCIE_CORE_DEV_CTRL_STATS_RELAX_ORDER_DISABLE | (7 << PCIE_CORE_DEV_CTRL_STATS_MAX_PAYLOAD_SZ_SHIFT) | PCIE_CORE_DEV_CTRL_STATS_SNOOP_DISABLE | - PCIE_CORE_DEV_CTRL_STATS_MAX_RD_REQ_SIZE_SHIFT; + (PCIE_CORE_DEV_CTRL_STATS_MAX_RD_REQ_SZ << + PCIE_CORE_DEV_CTRL_STATS_MAX_RD_REQ_SIZE_SHIFT); advk_writel(pcie, reg, PCIE_CORE_DEV_CTRL_STATS_REG); /* Program PCIe Control 2 to disable strict ordering */ -- 2.14.3

7 years, 2 months

1
0
0 0

[PATCH v4 4/6] PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode

by Thomas Petazzoni

From: Victor Gu <xigu(a)marvell.com> The Aardvark has two interrupts sets: - first set is bit[23:16] of PCIe ISR 0 register(RD0074840h) - second set is bit[11:8] of PCIe ISR 1 register(RD0074848h) Only one set should be used, while another set should be masked. The second set, ISR1, is more advanced, the Legacy INT_X status bit is asserted once Assert_INTX message is received, and de-asserted after Deassert_INTX message is received. Therefore, it matches what the driver is currently doing in the ->irq_mask() and ->irq_unmask() functions. The ISR0 requires additional work to deassert the interrupt, which the driver doesn't do currently. This commit resolves a number of issues with legacy interrupts. This is part of fixing bug https://bugzilla.kernel.org/show_bug.cgi?id=196339, this commit was reported as the user to be important to get a Intel 7260 mini-PCIe WiFi card working. Fixes: 8c39d710363c1 ("PCI: aardvark: Add Aardvark PCI host controller driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Victor Gu <xigu(a)marvell.com> Reviewed-by: Evan Wang <xswang(a)marvell.com> Reviewed-by: Nadav Haklai <nadavh(a)marvell.com> [Thomas: tweak commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> --- drivers/pci/host/pci-aardvark.c | 41 ++++++++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/drivers/pci/host/pci-aardvark.c b/drivers/pci/host/pci-aardvark.c index 2d0f8148ae9b..f94bd70a8f6d 100644 --- a/drivers/pci/host/pci-aardvark.c +++ b/drivers/pci/host/pci-aardvark.c @@ -100,7 +100,8 @@ #define PCIE_ISR1_MASK_REG (CONTROL_BASE_ADDR + 0x4C) #define PCIE_ISR1_POWER_STATE_CHANGE BIT(4) #define PCIE_ISR1_FLUSH BIT(5) -#define PCIE_ISR1_ALL_MASK GENMASK(5, 4) +#define PCIE_ISR1_INTX_ASSERT(val) BIT(8 + (val)) +#define PCIE_ISR1_ALL_MASK GENMASK(11, 4) #define PCIE_MSI_ADDR_LOW_REG (CONTROL_BASE_ADDR + 0x50) #define PCIE_MSI_ADDR_HIGH_REG (CONTROL_BASE_ADDR + 0x54) #define PCIE_MSI_STATUS_REG (CONTROL_BASE_ADDR + 0x58) @@ -616,9 +617,9 @@ static void advk_pcie_irq_mask(struct irq_data *d) irq_hw_number_t hwirq = irqd_to_hwirq(d); u32 mask; - mask = advk_readl(pcie, PCIE_ISR0_MASK_REG); - mask |= PCIE_ISR0_INTX_ASSERT(hwirq); - advk_writel(pcie, mask, PCIE_ISR0_MASK_REG); + mask = advk_readl(pcie, PCIE_ISR1_MASK_REG); + mask |= PCIE_ISR1_INTX_ASSERT(hwirq); + advk_writel(pcie, mask, PCIE_ISR1_MASK_REG); } static void advk_pcie_irq_unmask(struct irq_data *d) @@ -627,9 +628,9 @@ static void advk_pcie_irq_unmask(struct irq_data *d) irq_hw_number_t hwirq = irqd_to_hwirq(d); u32 mask; - mask = advk_readl(pcie, PCIE_ISR0_MASK_REG); - mask &= ~PCIE_ISR0_INTX_ASSERT(hwirq); - advk_writel(pcie, mask, PCIE_ISR0_MASK_REG); + mask = advk_readl(pcie, PCIE_ISR1_MASK_REG); + mask &= ~PCIE_ISR1_INTX_ASSERT(hwirq); + advk_writel(pcie, mask, PCIE_ISR1_MASK_REG); } static int advk_pcie_irq_map(struct irq_domain *h, @@ -772,29 +773,35 @@ static void advk_pcie_handle_msi(struct advk_pcie *pcie) static void advk_pcie_handle_int(struct advk_pcie *pcie) { - u32 val, mask, status; + u32 isr0_val, isr0_mask, isr0_status; + u32 isr1_val, isr1_mask, isr1_status; int i, virq; - val = advk_readl(pcie, PCIE_ISR0_REG); - mask = advk_readl(pcie, PCIE_ISR0_MASK_REG); - status = val & ((~mask) & PCIE_ISR0_ALL_MASK); + isr0_val = advk_readl(pcie, PCIE_ISR0_REG); + isr0_mask = advk_readl(pcie, PCIE_ISR0_MASK_REG); + isr0_status = isr0_val & ((~isr0_mask) & PCIE_ISR0_ALL_MASK); - if (!status) { - advk_writel(pcie, val, PCIE_ISR0_REG); + isr1_val = advk_readl(pcie, PCIE_ISR1_REG); + isr1_mask = advk_readl(pcie, PCIE_ISR1_MASK_REG); + isr1_status = isr1_val & ((~isr1_mask) & PCIE_ISR1_ALL_MASK); + + if (!isr0_status && !isr1_status) { + advk_writel(pcie, isr0_val, PCIE_ISR0_REG); + advk_writel(pcie, isr1_val, PCIE_ISR1_REG); return; } /* Process MSI interrupts */ - if (status & PCIE_ISR0_MSI_INT_PENDING) + if (isr0_status & PCIE_ISR0_MSI_INT_PENDING) advk_pcie_handle_msi(pcie); /* Process legacy interrupts */ for (i = 0; i < PCI_NUM_INTX; i++) { - if (!(status & PCIE_ISR0_INTX_ASSERT(i))) + if (!(isr1_status & PCIE_ISR1_INTX_ASSERT(i))) continue; - advk_writel(pcie, PCIE_ISR0_INTX_ASSERT(i), - PCIE_ISR0_REG); + advk_writel(pcie, PCIE_ISR1_INTX_ASSERT(i), + PCIE_ISR1_REG); virq = irq_find_mapping(pcie->irq_domain, i); generic_handle_irq(virq); -- 2.14.3

7 years, 2 months

1
0
0 0

[PATCH v4 3/6] PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf()

by Thomas Petazzoni

From: Victor Gu <xigu(a)marvell.com> When setting the PIO_ADDR_LS register during a configuration read, we were properly passing the device number, function number and register number, but not the bus number, causing issues when reading the configuration of PCIe devices. Fixes: 8c39d710363c1 ("PCI: aardvark: Add Aardvark PCI host controller driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Victor Gu <xigu(a)marvell.com> Reviewed-by: Wilson Ding <dingwei(a)marvell.com> Reviewed-by: Nadav Haklai <nadavh(a)marvell.com> [Thomas: tweak commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> --- Changes since v2: - Drop PCIE_BDF() macro, since it's no longer used. Noticed by Bjorn Helgaas. --- drivers/pci/host/pci-aardvark.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/pci/host/pci-aardvark.c b/drivers/pci/host/pci-aardvark.c index 9d7f9f1c6837..2d0f8148ae9b 100644 --- a/drivers/pci/host/pci-aardvark.c +++ b/drivers/pci/host/pci-aardvark.c @@ -172,8 +172,6 @@ #define PCIE_CONFIG_WR_TYPE0 0xa #define PCIE_CONFIG_WR_TYPE1 0xb -/* PCI_BDF shifts 8bit, so we need extra 4bit shift */ -#define PCIE_BDF(dev) (dev << 4) #define PCIE_CONF_BUS(bus) (((bus) & 0xff) << 20) #define PCIE_CONF_DEV(dev) (((dev) & 0x1f) << 15) #define PCIE_CONF_FUNC(fun) (((fun) & 0x7) << 12) @@ -465,7 +463,7 @@ static int advk_pcie_rd_conf(struct pci_bus *bus, u32 devfn, advk_writel(pcie, reg, PIO_CTRL); /* Program the address registers */ - reg = PCIE_BDF(devfn) | PCIE_CONF_REG(where); + reg = PCIE_CONF_ADDR(bus->number, devfn, where); advk_writel(pcie, reg, PIO_ADDR_LS); advk_writel(pcie, 0, PIO_ADDR_MS); -- 2.14.3

7 years, 2 months

1
0
0 0

Linux 4.4.125

by Greg KH

I'm announcing the release of the 4.4.125 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 11 ++ arch/arm64/mm/mmu.c | 12 ++ arch/mips/ralink/reset.c | 7 - arch/x86/Makefile | 9 + arch/x86/boot/compressed/misc.c | 4 arch/x86/entry/entry_64.S | 2 arch/x86/include/asm/vmx.h | 1 arch/x86/kernel/cpu/perf_event_intel.c | 2 arch/x86/kernel/traps.c | 24 ++-- arch/x86/kvm/vmx.c | 9 + arch/x86/mm/pgtable.c | 48 +++++++++ arch/x86/net/bpf_jit_comp.c | 3 drivers/acpi/numa.c | 10 +- drivers/ata/ahci.c | 4 drivers/ata/libata-core.c | 26 ++++- drivers/ata/libata-scsi.c | 4 drivers/bluetooth/btusb.c | 2 drivers/clk/bcm/clk-bcm2835.c | 4 drivers/gpu/drm/radeon/radeon_connectors.c | 31 ++---- drivers/gpu/drm/udl/udl_fb.c | 9 + drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 28 +++-- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 12 +- drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c | 5 - drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c | 5 - drivers/iio/accel/st_accel_core.c | 2 drivers/iio/pressure/st_pressure_core.c | 2 drivers/mmc/host/dw_mmc.c | 6 - drivers/mtd/nand/fsl_ifc_nand.c | 5 - drivers/net/can/cc770/cc770.c | 100 ++++++++++++-------- drivers/net/can/cc770/cc770.h | 2 drivers/net/wireless/brcm80211/brcmfmac/p2p.c | 24 ++-- drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c | 3 drivers/pci/quirks.c | 2 drivers/staging/lustre/lustre/ptlrpc/sec.c | 2 drivers/tty/vt/vt.c | 8 - fs/ncpfs/ncplib_kernel.c | 4 include/asm-generic/pgtable.h | 10 ++ include/uapi/linux/usb/audio.h | 4 kernel/bpf/syscall.c | 2 kernel/trace/trace_kprobe.c | 4 kernel/trace/trace_probe.c | 8 - kernel/trace/trace_probe.h | 2 lib/ioremap.c | 6 - sound/drivers/aloop.c | 17 +++ sound/pci/hda/patch_realtek.c | 6 + 45 files changed, 339 insertions(+), 152 deletions(-) Andri Yngvason (3): can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack can: cc770: Fix queue stall & dropped RTR reply can: cc770: Fix use after free in cc770_tx_interrupt() Andy Lutomirski (1): x86/entry/64: Don't use IST entry for #BP stack Arend Van Spriel (1): brcmfmac: fix P2P_DEVICE ethernet address generation Boris Brezillon (1): clk: bcm2835: Protect sections updating shared registers Chenbo Feng (1): bpf: skip unnecessary capability check Dan Carpenter (2): staging: ncpfs: memory corruption in ncp_read_kernel() perf/x86/intel: Don't accidentally clear high bits in bdw_limit_period() Dan Williams (1): acpi, numa: fix pxm to online numa node associations Daniel Borkmann (2): kbuild: disable clang's default use of -fmerge-all-constants bpf, x64: increase number of passes Eric Biggers (2): libata: fix length validation of ATAPI-relayed SCSI commands libata: remove WARN() for DMA or PIO command without data Evgeniy Didin (1): mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs Greg Kroah-Hartman (2): drm: udl: Properly check framebuffer mmap offsets Linux 4.4.125 H.J. Lu (2): x86/build/64: Force the linker to use 2MB page size x86/boot/64: Verify alignment of the LOAD segment Hans de Goede (6): PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L ahci: Add PCI-id for the Highpoint Rocketraid 644L card libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version Jagdish Gediya (1): mtd: nand: fsl_ifc: Fix nand waitfunc return value Ju Hyung Park (1): libata: Enable queued TRIM for Samsung SSD 860 Kai-Heng Feng (1): libata: disable LPM for Crucial BX100 SSD 500GB drive Kirill Marinushkin (1): ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit Larry Finger (1): rtlwifi: rtl8723be: Fix loss of signal Linus Torvalds (2): tty: vt: fix up tabstops properly kvm/x86: fix icebp instruction handling Masami Hiramatsu (1): tracing: probeevent: Fix to support minus offset from symbol Michael Nosthoff (1): iio: st_pressure: st_accel: pass correct platform data to init Michel Dänzer (1): drm/radeon: Don't turn off DP sink when disconnected Nadav Amit (1): staging: lustre: ptlrpc: kfree used instead of kvfree NeilBrown (1): MIPS: ralink: Remove ralink_halt() Takashi Iwai (4): ALSA: aloop: Sync stale timer before release ALSA: aloop: Fix access to not-yet-ready substream via cable ALSA: hda/realtek - Always immediately update mute LED with pin VREF Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 Thomas Hellstrom (1): drm/vmwgfx: Fix a destoy-while-held mutex problem. Toshi Kani (2): mm/vmalloc: add interfaces to free unmapped page table x86/mm: implement free pmd/pte page interfaces

7 years, 2 months

1
1
0 0

Linux 4.9.91

by Greg KH

I'm announcing the release of the 4.9.91 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-bus-iio | 2 Makefile | 11 + arch/arm64/mm/mmu.c | 10 + arch/mips/ralink/reset.c | 7 - arch/x86/Makefile | 9 + arch/x86/boot/compressed/misc.c | 4 arch/x86/entry/entry_64.S | 2 arch/x86/events/intel/core.c | 2 arch/x86/events/intel/uncore_snbep.c | 33 +++-- arch/x86/include/asm/vmx.h | 1 arch/x86/kernel/traps.c | 24 +--- arch/x86/kvm/vmx.c | 9 + arch/x86/mm/pgtable.c | 48 ++++++++ arch/x86/net/bpf_jit_comp.c | 3 drivers/acpi/acpi_watchdog.c | 4 drivers/acpi/numa.c | 10 + drivers/ata/ahci.c | 4 drivers/ata/libata-core.c | 26 +++- drivers/ata/libata-scsi.c | 10 + drivers/bluetooth/btusb.c | 2 drivers/clk/bcm/clk-bcm2835.c | 12 +- drivers/clk/sunxi-ng/ccu-sun6i-a31.c | 6 - drivers/gpu/drm/radeon/radeon_connectors.c | 31 ++--- drivers/gpu/drm/udl/udl_fb.c | 9 + drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 28 +++- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 12 +- drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c | 5 drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c | 5 drivers/iio/accel/st_accel_core.c | 2 drivers/iio/pressure/st_pressure_core.c | 2 drivers/mmc/host/dw_mmc.c | 6 - drivers/mtd/mtdchar.c | 4 drivers/mtd/nand/fsl_ifc_nand.c | 32 ++--- drivers/net/can/cc770/cc770.c | 100 ++++++++++------- drivers/net/can/cc770/cc770.h | 2 drivers/net/can/ifi_canfd/ifi_canfd.c | 75 +++++++----- drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 24 +--- drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c | 3 drivers/nvdimm/blk.c | 3 drivers/nvdimm/btt.c | 3 drivers/pci/quirks.c | 2 drivers/staging/lustre/lustre/ptlrpc/sec.c | 2 drivers/tty/vt/vt.c | 8 - drivers/watchdog/wdat_wdt.c | 2 fs/ncpfs/ncplib_kernel.c | 4 fs/nfsd/nfs4state.c | 62 +++++++--- include/asm-generic/pgtable.h | 10 + include/linux/fsl_ifc.h | 6 - include/uapi/linux/usb/audio.h | 4 kernel/bpf/syscall.c | 2 kernel/trace/trace_kprobe.c | 4 kernel/trace/trace_probe.c | 8 - kernel/trace/trace_probe.h | 2 lib/ioremap.c | 6 - mm/huge_memory.c | 4 mm/khugepaged.c | 7 + mm/shmem.c | 31 +++-- sound/drivers/aloop.c | 17 ++ sound/pci/hda/patch_realtek.c | 6 - tools/perf/builtin-stat.c | 2 tools/testing/selftests/x86/Makefile | 2 tools/testing/selftests/x86/mpx-mini-test.c | 3 tools/testing/selftests/x86/protection_keys.c | 49 +++++--- tools/testing/selftests/x86/ptrace_syscall.c | 8 + 64 files changed, 545 insertions(+), 291 deletions(-) Andri Yngvason (3): can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack can: cc770: Fix queue stall & dropped RTR reply can: cc770: Fix use after free in cc770_tx_interrupt() Andy Lutomirski (3): selftests/x86/ptrace_syscall: Fix for yet more glibc interference x86/entry/64: Don't use IST entry for #BP stack selftests/x86/protection_keys: Fix syscall NR redefinition warnings Arend Van Spriel (1): brcmfmac: fix P2P_DEVICE ethernet address generation Boris Brezillon (2): clk: bcm2835: Fix ana->maskX definitions clk: bcm2835: Protect sections updating shared registers Chen-Yu Tsai (1): clk: sunxi-ng: a31: Fix CLK_OUT_* clock ops Chenbo Feng (1): bpf: skip unnecessary capability check Dan Carpenter (2): staging: ncpfs: memory corruption in ncp_read_kernel() perf/x86/intel: Don't accidentally clear high bits in bdw_limit_period() Dan Williams (1): acpi, numa: fix pxm to online numa node associations Daniel Borkmann (2): kbuild: disable clang's default use of -fmerge-all-constants bpf, x64: increase number of passes Dave Hansen (2): selftests, x86, protection_keys: fix wrong offset in siginfo x86/pkeys/selftests: Rename 'si_pkey' to 'siginfo_pkey' Eric Biggers (3): libata: fix length validation of ATAPI-relayed SCSI commands libata: remove WARN() for DMA or PIO command without data libata: don't try to pass through NCQ commands to non-NCQ devices Eric W. Biederman (1): signal/testing: Don't look for __SI_FAULT in userspace Evgeniy Didin (1): mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs Greg Kroah-Hartman (2): drm: udl: Properly check framebuffer mmap offsets Linux 4.9.91 H.J. Lu (2): x86/build/64: Force the linker to use 2MB page size x86/boot/64: Verify alignment of the LOAD segment Hans de Goede (6): PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L ahci: Add PCI-id for the Highpoint Rocketraid 644L card libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version Ilya Pronin (1): perf stat: Fix CVS output format for non-supported counters Jagdish Gediya (3): mtd: nand: fsl_ifc: Fix nand waitfunc return value mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0 mtd: nand: fsl_ifc: Read ECCSTAT0 and ECCSTAT1 registers for IFC 2.0 Jeff Layton (1): nfsd: remove blocked locks on client teardown Ju Hyung Park (1): libata: Enable queued TRIM for Samsung SSD 860 Kai-Heng Feng (1): libata: disable LPM for Crucial BX100 SSD 500GB drive Kan Liang (2): perf/x86/intel/uncore: Fix Skylake UPI event format perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on Skylake servers Kirill A. Shutemov (3): mm/khugepaged.c: convert VM_BUG_ON() to collapse fail mm/thp: do not wait for lock_page() in deferred_split_scan() mm/shmem: do not wait for lock_page() in shmem_unused_huge_shrink() Kirill Marinushkin (1): ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit Larry Finger (1): rtlwifi: rtl8723be: Fix loss of signal Linus Torvalds (2): tty: vt: fix up tabstops properly kvm/x86: fix icebp instruction handling Linus Walleij (1): iio: ABI: Fix name of timestamp sysfs file Marek Vasut (2): can: ifi: Repair the error handling can: ifi: Check core revision upon probe Masami Hiramatsu (1): tracing: probeevent: Fix to support minus offset from symbol Michael Nosthoff (1): iio: st_pressure: st_accel: pass correct platform data to init Michel Dänzer (1): drm/radeon: Don't turn off DP sink when disconnected Nadav Amit (1): staging: lustre: ptlrpc: kfree used instead of kvfree NeilBrown (1): MIPS: ralink: Remove ralink_halt() OuYang ZhiZhong (1): mtdchar: fix usage of mtd_ooblayout_ecc() Shuah Khan (1): selftests: x86: sysret_ss_attrs doesn't build on a PIE build Takashi Iwai (5): ALSA: aloop: Sync stale timer before release ALSA: aloop: Fix access to not-yet-ready substream via cable ALSA: hda/realtek - Always immediately update mute LED with pin VREF Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 ACPI / watchdog: Fix off-by-one error at resource assignment Thomas Hellstrom (1): drm/vmwgfx: Fix a destoy-while-held mutex problem. Toshi Kani (2): mm/vmalloc: add interfaces to free unmapped page table x86/mm: implement free pmd/pte page interfaces Vishal Verma (1): libnvdimm, {btt, blk}: do integrity setup before add_disk()

7 years, 2 months

1
1
0 0

Linux 4.14.31

by Greg KH

I'm announcing the release of the 4.14.31 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-bus-iio | 2 Makefile | 11 + arch/arm64/mm/mmu.c | 10 + arch/h8300/include/asm/byteorder.h | 1 arch/mips/lantiq/Kconfig | 2 arch/mips/lantiq/xway/sysctrl.c | 6 - arch/mips/ralink/mt7621.c | 42 +++---- arch/mips/ralink/reset.c | 7 - arch/x86/Makefile | 9 + arch/x86/boot/compressed/misc.c | 4 arch/x86/entry/entry_64.S | 2 arch/x86/entry/vsyscall/vsyscall_64.c | 2 arch/x86/events/intel/core.c | 2 arch/x86/events/intel/uncore_snbep.c | 33 +++-- arch/x86/include/asm/vmx.h | 1 arch/x86/kernel/idt.c | 2 arch/x86/kernel/traps.c | 15 +- arch/x86/kvm/vmx.c | 9 + arch/x86/mm/pgtable.c | 48 ++++++++ arch/x86/net/bpf_jit_comp.c | 3 arch/x86/platform/efi/efi_64.c | 2 drivers/acpi/acpi_watchdog.c | 4 drivers/acpi/numa.c | 10 + drivers/ata/ahci.c | 4 drivers/ata/libata-core.c | 26 +++- drivers/ata/libata-scsi.c | 10 + drivers/bluetooth/btusb.c | 8 - drivers/clk/bcm/clk-bcm2835.c | 12 +- drivers/clk/sunxi-ng/ccu-sun6i-a31.c | 6 - drivers/gpu/drm/drm_framebuffer.c | 7 + drivers/gpu/drm/drm_syncobj.c | 81 +++++-------- drivers/gpu/drm/radeon/radeon_connectors.c | 31 ++--- drivers/gpu/drm/udl/udl_fb.c | 9 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 13 ++ drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 1 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 39 +++++- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 13 +- drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c | 5 drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c | 5 drivers/hv/ring_buffer.c | 52 +++++--- drivers/iio/accel/st_accel_core.c | 2 drivers/iio/adc/meson_saradc.c | 4 drivers/iio/chemical/ccs811.c | 3 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c | 2 drivers/iio/pressure/st_pressure_core.c | 2 drivers/infiniband/hw/mlx5/mr.c | 12 +- drivers/mmc/core/block.c | 19 +++ drivers/mmc/core/card.h | 1 drivers/mmc/core/quirks.h | 6 + drivers/mmc/host/dw_mmc-exynos.c | 8 + drivers/mmc/host/dw_mmc.c | 15 +- drivers/mtd/mtdchar.c | 4 drivers/mtd/nand/fsl_ifc_nand.c | 32 ++--- drivers/net/can/cc770/cc770.c | 100 ++++++++++------- drivers/net/can/cc770/cc770.h | 2 drivers/net/can/ifi_canfd/ifi_canfd.c | 75 +++++++----- drivers/net/can/peak_canfd/peak_canfd.c | 25 +--- drivers/net/can/peak_canfd/peak_pciefd_main.c | 8 + drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 24 +--- drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c | 3 drivers/nvdimm/blk.c | 3 drivers/nvdimm/btt.c | 3 drivers/pci/quirks.c | 2 drivers/pinctrl/samsung/pinctrl-exynos-arm.c | 56 ++++++++- drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 14 ++ drivers/pinctrl/samsung/pinctrl-s3c24xx.c | 28 ++++ drivers/pinctrl/samsung/pinctrl-s3c64xx.c | 7 + drivers/pinctrl/samsung/pinctrl-samsung.c | 61 ++++++---- drivers/pinctrl/samsung/pinctrl-samsung.h | 40 ++++-- drivers/staging/android/ion/ion_cma_heap.c | 17 ++ drivers/staging/lustre/lustre/ptlrpc/sec.c | 2 drivers/tty/vt/vt.c | 8 - drivers/usb/host/xhci-hub.c | 5 drivers/usb/host/xhci.c | 34 +---- drivers/usb/host/xhci.h | 3 drivers/watchdog/wdat_wdt.c | 2 fs/hugetlbfs/inode.c | 17 ++ fs/ncpfs/ncplib_kernel.c | 4 fs/nfsd/nfs4state.c | 62 +++++++--- include/asm-generic/pgtable.h | 10 + include/drm/drm_syncobj.h | 5 include/linux/fsl_ifc.h | 6 - include/linux/memblock.h | 1 include/trace/events/mmc.h | 4 include/uapi/linux/usb/audio.h | 4 kernel/bpf/syscall.c | 2 kernel/cgroup/cgroup.c | 10 + kernel/events/core.c | 4 kernel/time/posix-timers.c | 11 + kernel/trace/trace_kprobe.c | 4 kernel/trace/trace_probe.c | 8 - kernel/trace/trace_probe.h | 2 lib/ioremap.c | 6 - mm/huge_memory.c | 4 mm/hugetlb.c | 7 + mm/khugepaged.c | 7 + mm/memblock.c | 28 ---- mm/page_alloc.c | 13 -- mm/shmem.c | 31 +++-- mm/vmscan.c | 31 ++--- sound/drivers/aloop.c | 17 ++ sound/pci/hda/hda_intel.c | 5 sound/pci/hda/patch_realtek.c | 20 +++ tools/perf/builtin-stat.c | 2 tools/testing/selftests/x86/protection_keys.c | 10 - tools/testing/selftests/x86/ptrace_syscall.c | 8 + 106 files changed, 978 insertions(+), 546 deletions(-) Adrian Hunter (1): mmc: core: Fix tracepoint print of blk_addr and blksz Andrey Ryabinin (1): mm/vmscan: wake up flushers for legacy cgroups too Andri Yngvason (3): can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack can: cc770: Fix queue stall & dropped RTR reply can: cc770: Fix use after free in cc770_tx_interrupt() Andy Lutomirski (2): x86/entry/64: Don't use IST entry for #BP stack selftests/x86/ptrace_syscall: Fix for yet more glibc interference Arend Van Spriel (1): brcmfmac: fix P2P_DEVICE ethernet address generation Arnd Bergmann (1): h8300: remove extraneous __BIG_ENDIAN definition Bastian Stender (1): mmc: block: fix updating ext_csd caches on ioctl call Boris Brezillon (2): clk: bcm2835: Fix ana->maskX definitions clk: bcm2835: Protect sections updating shared registers Boris Ostrovsky (1): x86/vsyscall/64: Use proper accessor to update P4D entry Chen-Yu Tsai (1): clk: sunxi-ng: a31: Fix CLK_OUT_* clock ops Chenbo Feng (1): bpf: skip unnecessary capability check Chris Wilson (1): drm/syncobj: Stop reusing the same struct file for all syncobj -> fd Dan Carpenter (3): iio: adc: meson-saradc: unlock on error in meson_sar_adc_lock() staging: ncpfs: memory corruption in ncp_read_kernel() perf/x86/intel: Don't accidentally clear high bits in bdw_limit_period() Dan Williams (1): acpi, numa: fix pxm to online numa node associations Daniel Borkmann (2): kbuild: disable clang's default use of -fmerge-all-constants bpf, x64: increase number of passes Daniel Stone (1): drm: Reject getfb for multi-plane framebuffers Daniel Vacek (1): Revert "mm: page_alloc: skip over regions of invalid pfns where possible" Dave Hansen (1): x86/pkeys/selftests: Rename 'si_pkey' to 'siginfo_pkey' Dirk Behme (1): mmc: core: Disable HPI for certain Micron (Numonyx) eMMC cards Eric Biggers (3): libata: fix length validation of ATAPI-relayed SCSI commands libata: remove WARN() for DMA or PIO command without data libata: don't try to pass through NCQ commands to non-NCQ devices Evgeniy Didin (2): mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit systems mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs Greg Kroah-Hartman (2): drm: udl: Properly check framebuffer mmap offsets Linux 4.14.31 H.J. Lu (2): x86/build/64: Force the linker to use 2MB page size x86/boot/64: Verify alignment of the LOAD segment Hans de Goede (7): PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L ahci: Add PCI-id for the Highpoint Rocketraid 644L card Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version Ilya Pronin (1): perf stat: Fix CVS output format for non-supported counters Jaehoon Chung (1): mmc: dw_mmc: exynos: fix the suspend/resume issue for exynos5433 Jagdish Gediya (3): mtd: nand: fsl_ifc: Fix nand waitfunc return value mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0 mtd: nand: fsl_ifc: Read ECCSTAT0 and ECCSTAT1 registers for IFC 2.0 Jeff Layton (1): nfsd: remove blocked locks on client teardown Ju Hyung Park (1): libata: Enable queued TRIM for Samsung SSD 860 Kai-Heng Feng (2): Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table libata: disable LPM for Crucial BX100 SSD 500GB drive Kailang Yang (2): ALSA: hda/realtek - Fix speaker no sound after system resume ALSA: hda/realtek - Fix Dell headset Mic can't record Kan Liang (2): perf/x86/intel/uncore: Fix Skylake UPI event format perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on Skylake servers Kirill A. Shutemov (3): mm/khugepaged.c: convert VM_BUG_ON() to collapse fail mm/thp: do not wait for lock_page() in deferred_split_scan() mm/shmem: do not wait for lock_page() in shmem_unused_huge_shrink() Kirill Marinushkin (1): ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit Krzysztof Kozlowski (1): pinctrl: samsung: Validate alias coming from DT Larry Finger (1): rtlwifi: rtl8723be: Fix loss of signal Leon Romanovsky (1): RDMA/mlx5: Fix crash while accessing garbage pointer and freed memory Liam Mark (1): staging: android: ion: Zero CMA allocated memory Linus Torvalds (2): tty: vt: fix up tabstops properly kvm/x86: fix icebp instruction handling Linus Walleij (1): iio: ABI: Fix name of timestamp sysfs file Lorenzo Bianconi (1): iio: imu: st_lsm6dsx: fix endianness in st_lsm6dsx_read_oneshot() Lu Baolu (2): usb: xhci: Disable slot even when virt-dev is null usb: xhci: Fix potential memory leak in xhci_disable_slot() Marek Vasut (2): can: ifi: Repair the error handling can: ifi: Check core revision upon probe Masami Hiramatsu (1): tracing: probeevent: Fix to support minus offset from symbol Mathias Kresin (3): MIPS: lantiq: Fix Danube USB clock MIPS: lantiq: Enable AHB Bus for USB MIPS: lantiq: ase: Enable MFD_SYSCON Michael Kelley (1): Drivers: hv: vmbus: Fix ring buffer signaling Michael Nosthoff (1): iio: st_pressure: st_accel: pass correct platform data to init Michel Dänzer (1): drm/radeon: Don't turn off DP sink when disconnected Mike Kravetz (1): hugetlbfs: check for pgoff value overflow Nadav Amit (1): staging: lustre: ptlrpc: kfree used instead of kvfree NeilBrown (2): MIPS: ralink: Remove ralink_halt() MIPS: ralink: Fix booting on MT7621 OuYang ZhiZhong (1): mtdchar: fix usage of mtd_ooblayout_ecc() Richard Lai (1): iio: chemical: ccs811: Corrected firmware boot/application mode transition Song Liu (1): perf/core: Fix ctx_event_type in ctx_resched() Stephane Grosjean (2): can: peak/pcie_fd: fix echo_skb is occupied! bug can: peak/pcie_fd: remove useless code when interface starts Takashi Iwai (6): ALSA: aloop: Sync stale timer before release ALSA: aloop: Fix access to not-yet-ready substream via cable ALSA: hda - Force polling mode on CFL for fixing codec communication ALSA: hda/realtek - Always immediately update mute LED with pin VREF Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 ACPI / watchdog: Fix off-by-one error at resource assignment Tejun Heo (1): cgroup: fix rule checking for threaded mode switching Tetsuo Handa (1): lockdep: fix fs_reclaim warning Thomas Gleixner (1): posix-timers: Protect posix clock array access against speculation Thomas Hellstrom (2): drm/vmwgfx: Fix black screen and device errors when running without fbdev drm/vmwgfx: Fix a destoy-while-held mutex problem. Toshi Kani (2): mm/vmalloc: add interfaces to free unmapped page table x86/mm: implement free pmd/pte page interfaces Vishal Verma (1): libnvdimm, {btt, blk}: do integrity setup before add_disk() Waiman Long (1): x86/efi: Free efi_pgd with free_pages()

7 years, 2 months

1
1
0 0

Linux 4.15.14

by Greg KH

I'm announcing the release of the 4.15.14 kernel. All users of the 4.15 kernel series must upgrade. The updated 4.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.15.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-bus-iio | 2 Makefile | 11 + arch/arm64/mm/mmu.c | 10 + arch/h8300/include/asm/byteorder.h | 1 arch/mips/lantiq/Kconfig | 2 arch/mips/lantiq/xway/sysctrl.c | 6 arch/mips/ralink/mt7621.c | 42 +++-- arch/mips/ralink/reset.c | 7 arch/x86/Makefile | 9 + arch/x86/boot/compressed/misc.c | 4 arch/x86/entry/entry_64.S | 2 arch/x86/entry/vsyscall/vsyscall_64.c | 2 arch/x86/events/intel/core.c | 2 arch/x86/events/intel/uncore_snbep.c | 33 ++-- arch/x86/include/asm/vmx.h | 1 arch/x86/kernel/idt.c | 2 arch/x86/kernel/traps.c | 15 +- arch/x86/kvm/vmx.c | 9 + arch/x86/mm/pgtable.c | 48 ++++++ arch/x86/net/bpf_jit_comp.c | 3 arch/x86/platform/efi/efi_64.c | 2 drivers/acpi/acpi_watchdog.c | 4 drivers/acpi/numa.c | 10 - drivers/ata/ahci.c | 4 drivers/ata/libata-core.c | 26 +++ drivers/ata/libata-scsi.c | 10 + drivers/bluetooth/btusb.c | 8 - drivers/clk/bcm/clk-bcm2835.c | 12 + drivers/clk/sunxi-ng/ccu-sun6i-a31.c | 6 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 2 drivers/gpu/drm/drm_framebuffer.c | 7 drivers/gpu/drm/radeon/radeon_connectors.c | 31 +--- drivers/gpu/drm/udl/udl_fb.c | 9 - drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 13 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 1 drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 39 ++++- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 13 + drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c | 5 drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c | 5 drivers/hv/ring_buffer.c | 52 ++++--- drivers/hwmon/k10temp.c | 6 drivers/iio/accel/st_accel_core.c | 2 drivers/iio/adc/meson_saradc.c | 4 drivers/iio/chemical/ccs811.c | 3 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 2 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 21 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c | 8 - drivers/iio/pressure/st_pressure_core.c | 2 drivers/infiniband/hw/mlx5/mr.c | 12 + drivers/media/platform/tegra-cec/tegra_cec.c | 17 -- drivers/mmc/core/block.c | 19 ++ drivers/mmc/core/card.h | 1 drivers/mmc/core/quirks.h | 6 drivers/mmc/host/dw_mmc-exynos.c | 8 - drivers/mmc/host/dw_mmc.c | 15 +- drivers/mtd/mtdchar.c | 4 drivers/mtd/nand/fsl_ifc_nand.c | 32 +--- drivers/net/can/cc770/cc770.c | 100 ++++++++------ drivers/net/can/cc770/cc770.h | 2 drivers/net/can/ifi_canfd/ifi_canfd.c | 75 ++++++---- drivers/net/can/peak_canfd/peak_canfd.c | 25 +-- drivers/net/can/peak_canfd/peak_pciefd_main.c | 8 - drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 24 +-- drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c | 3 drivers/nvdimm/blk.c | 3 drivers/nvdimm/btt.c | 3 drivers/pci/quirks.c | 2 drivers/pinctrl/samsung/pinctrl-exynos-arm.c | 56 ++++++- drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 14 + drivers/pinctrl/samsung/pinctrl-s3c24xx.c | 28 +++ drivers/pinctrl/samsung/pinctrl-s3c64xx.c | 7 drivers/pinctrl/samsung/pinctrl-samsung.c | 61 +++++--- drivers/pinctrl/samsung/pinctrl-samsung.h | 40 +++-- drivers/staging/android/ion/ion_cma_heap.c | 17 ++ drivers/tty/vt/vt.c | 8 - drivers/watchdog/wdat_wdt.c | 2 fs/hugetlbfs/inode.c | 17 +- fs/ncpfs/ncplib_kernel.c | 4 fs/nfsd/nfs4state.c | 62 ++++++-- include/asm-generic/pgtable.h | 10 + include/linux/fsl_ifc.h | 6 include/linux/memblock.h | 1 include/trace/events/mmc.h | 4 include/uapi/linux/usb/audio.h | 4 kernel/bpf/syscall.c | 2 kernel/cgroup/cgroup.c | 10 + kernel/events/core.c | 4 kernel/module.c | 2 kernel/sched/core.c | 15 +- kernel/time/posix-timers.c | 11 + kernel/trace/bpf_trace.c | 68 +++++---- kernel/trace/trace_kprobe.c | 4 kernel/trace/trace_probe.c | 8 - kernel/trace/trace_probe.h | 2 lib/ioremap.c | 6 mm/huge_memory.c | 4 mm/hugetlb.c | 7 mm/khugepaged.c | 7 mm/memblock.c | 28 --- mm/page_alloc.c | 13 - mm/shmem.c | 31 ++-- mm/vmscan.c | 31 ++-- sound/drivers/aloop.c | 17 ++ sound/pci/hda/hda_intel.c | 5 sound/pci/hda/patch_realtek.c | 20 ++ tools/perf/builtin-stat.c | 2 tools/testing/selftests/x86/ptrace_syscall.c | 8 - 108 files changed, 1013 insertions(+), 512 deletions(-) Adrian Hunter (1): mmc: core: Fix tracepoint print of blk_addr and blksz Andrey Ryabinin (1): mm/vmscan: wake up flushers for legacy cgroups too Andri Yngvason (3): can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack can: cc770: Fix queue stall & dropped RTR reply can: cc770: Fix use after free in cc770_tx_interrupt() Andy Lutomirski (2): x86/entry/64: Don't use IST entry for #BP stack selftests/x86/ptrace_syscall: Fix for yet more glibc interference Arend Van Spriel (1): brcmfmac: fix P2P_DEVICE ethernet address generation Arnd Bergmann (1): h8300: remove extraneous __BIG_ENDIAN definition Bastian Stender (1): mmc: block: fix updating ext_csd caches on ioctl call Boris Brezillon (2): clk: bcm2835: Fix ana->maskX definitions clk: bcm2835: Protect sections updating shared registers Boris Ostrovsky (1): x86/vsyscall/64: Use proper accessor to update P4D entry Chen-Yu Tsai (1): clk: sunxi-ng: a31: Fix CLK_OUT_* clock ops Chenbo Feng (1): bpf: skip unnecessary capability check Dan Carpenter (3): iio: adc: meson-saradc: unlock on error in meson_sar_adc_lock() staging: ncpfs: memory corruption in ncp_read_kernel() perf/x86/intel: Don't accidentally clear high bits in bdw_limit_period() Dan Williams (1): acpi, numa: fix pxm to online numa node associations Daniel Borkmann (2): kbuild: disable clang's default use of -fmerge-all-constants bpf, x64: increase number of passes Daniel Stone (1): drm: Reject getfb for multi-plane framebuffers Daniel Vacek (1): Revert "mm: page_alloc: skip over regions of invalid pfns where possible" Dirk Behme (1): mmc: core: Disable HPI for certain Micron (Numonyx) eMMC cards Eric Biggers (3): libata: fix length validation of ATAPI-relayed SCSI commands libata: remove WARN() for DMA or PIO command without data libata: don't try to pass through NCQ commands to non-NCQ devices Evgeniy Didin (2): mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit systems mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs Greg Kroah-Hartman (2): drm: udl: Properly check framebuffer mmap offsets Linux 4.15.14 Guenter Roeck (2): hwmon: (k10temp) Only apply temperature offset if result is positive hwmon: (k10temp) Add temperature offset for Ryzen 1900X H.J. Lu (2): x86/build/64: Force the linker to use 2MB page size x86/boot/64: Verify alignment of the LOAD segment Hans Verkuil (1): media: tegra-cec: reset rx_buf_cnt when start bit detected Hans de Goede (7): PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L ahci: Add PCI-id for the Highpoint Rocketraid 644L card Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version Harry Wentland (2): drm/amd/display: We shouldn't set format_default on plane as atomic driver drm/amd/display: Add one to EDID's audio channel count when passing to DC Ilya Pronin (1): perf stat: Fix CVS output format for non-supported counters Jaehoon Chung (1): mmc: dw_mmc: exynos: fix the suspend/resume issue for exynos5433 Jagdish Gediya (3): mtd: nand: fsl_ifc: Fix nand waitfunc return value mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0 mtd: nand: fsl_ifc: Read ECCSTAT0 and ECCSTAT1 registers for IFC 2.0 Jeff Layton (1): nfsd: remove blocked locks on client teardown Ju Hyung Park (1): libata: Enable queued TRIM for Samsung SSD 860 Kai-Heng Feng (2): Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table libata: disable LPM for Crucial BX100 SSD 500GB drive Kailang Yang (2): ALSA: hda/realtek - Fix speaker no sound after system resume ALSA: hda/realtek - Fix Dell headset Mic can't record Kan Liang (2): perf/x86/intel/uncore: Fix Skylake UPI event format perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on Skylake servers Kirill A. Shutemov (3): mm/khugepaged.c: convert VM_BUG_ON() to collapse fail mm/thp: do not wait for lock_page() in deferred_split_scan() mm/shmem: do not wait for lock_page() in shmem_unused_huge_shrink() Kirill Marinushkin (1): ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit Krzysztof Kozlowski (1): pinctrl: samsung: Validate alias coming from DT Larry Finger (1): rtlwifi: rtl8723be: Fix loss of signal Leon Romanovsky (1): RDMA/mlx5: Fix crash while accessing garbage pointer and freed memory Leon Yu (1): module: propagate error in modules_open() Liam Mark (1): staging: android: ion: Zero CMA allocated memory Linus Torvalds (2): tty: vt: fix up tabstops properly kvm/x86: fix icebp instruction handling Linus Walleij (1): iio: ABI: Fix name of timestamp sysfs file Lorenzo Bianconi (2): iio: imu: st_lsm6dsx: fix endianness in st_lsm6dsx_read_oneshot() iio: imu: st_lsm6dsx: introduce conf_lock mutex Marek Vasut (2): can: ifi: Repair the error handling can: ifi: Check core revision upon probe Masami Hiramatsu (1): tracing: probeevent: Fix to support minus offset from symbol Mathias Kresin (3): MIPS: lantiq: Fix Danube USB clock MIPS: lantiq: Enable AHB Bus for USB MIPS: lantiq: ase: Enable MFD_SYSCON Michael Kelley (1): Drivers: hv: vmbus: Fix ring buffer signaling Michael Nosthoff (1): iio: st_pressure: st_accel: pass correct platform data to init Michel Dänzer (1): drm/radeon: Don't turn off DP sink when disconnected Mike Kravetz (1): hugetlbfs: check for pgoff value overflow NeilBrown (2): MIPS: ralink: Remove ralink_halt() MIPS: ralink: Fix booting on MT7621 OuYang ZhiZhong (1): mtdchar: fix usage of mtd_ooblayout_ecc() Richard Lai (1): iio: chemical: ccs811: Corrected firmware boot/application mode transition Song Liu (1): perf/core: Fix ctx_event_type in ctx_resched() Stephane Grosjean (2): can: peak/pcie_fd: fix echo_skb is occupied! bug can: peak/pcie_fd: remove useless code when interface starts Takashi Iwai (6): ALSA: aloop: Sync stale timer before release ALSA: aloop: Fix access to not-yet-ready substream via cable ALSA: hda - Force polling mode on CFL for fixing codec communication ALSA: hda/realtek - Always immediately update mute LED with pin VREF Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 ACPI / watchdog: Fix off-by-one error at resource assignment Tejun Heo (2): sched, cgroup: Don't reject lower cpu.max on ancestors cgroup: fix rule checking for threaded mode switching Tetsuo Handa (1): lockdep: fix fs_reclaim warning Thomas Gleixner (1): posix-timers: Protect posix clock array access against speculation Thomas Hellstrom (2): drm/vmwgfx: Fix black screen and device errors when running without fbdev drm/vmwgfx: Fix a destoy-while-held mutex problem. Toshi Kani (2): mm/vmalloc: add interfaces to free unmapped page table x86/mm: implement free pmd/pte page interfaces Vishal Verma (1): libnvdimm, {btt, blk}: do integrity setup before add_disk() Waiman Long (1): x86/efi: Free efi_pgd with free_pages() Yonghong Song (1): trace/bpf: remove helper bpf_perf_prog_read_value from tracepoint type programs

7 years, 2 months

1
1
0 0

[PATCH 1/1] Drivers: hv: vmbus: Fix ring buffer signaling

by kys＠exchange.microsoft.com

From: Michael Kelley <mhkelley(a)outlook.com> Fix bugs in signaling the Hyper-V host when freeing space in the host->guest ring buffer: 1. The interrupt_mask must not be used to determine whether to signal on the host->guest ring buffer 2. The ring buffer write_index must be read (via hv_get_bytes_to_write) *after* pending_send_sz is read in order to avoid a race condition 3. Comparisons with pending_send_sz must treat the "equals" case as not-enough-space 4. Don't signal if the pending_send_sz feature is not present. Older versions of Hyper-V that don't implement this feature will poll. Fixes: 03bad714a161 ("vmbus: more host signalling avoidance") Cc: Stable <stable(a)vger.kernel.org> # 4.14 and above Signed-off-by: Michael Kelley <mhkelley(a)outlook.com> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> --- drivers/hv/ring_buffer.c | 52 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 35 insertions(+), 17 deletions(-) diff --git a/drivers/hv/ring_buffer.c b/drivers/hv/ring_buffer.c index 1aa17795727b..3cd7f29906ae 100644 --- a/drivers/hv/ring_buffer.c +++ b/drivers/hv/ring_buffer.c @@ -376,13 +376,24 @@ __hv_pkt_iter_next(struct vmbus_channel *channel, } EXPORT_SYMBOL_GPL(__hv_pkt_iter_next); +/* How many bytes were read in this iterator cycle */ +static u32 hv_pkt_iter_bytes_read(const struct hv_ring_buffer_info *rbi, + u32 start_read_index) +{ + if (rbi->priv_read_index >= start_read_index) + return rbi->priv_read_index - start_read_index; + else + return rbi->ring_datasize - start_read_index + + rbi->priv_read_index; +} + /* * Update host ring buffer after iterating over packets. */ void hv_pkt_iter_close(struct vmbus_channel *channel) { struct hv_ring_buffer_info *rbi = &channel->inbound; - u32 orig_write_sz = hv_get_bytes_to_write(rbi); + u32 curr_write_sz, pending_sz, bytes_read, start_read_index; /* * Make sure all reads are done before we update the read index since @@ -390,8 +401,12 @@ void hv_pkt_iter_close(struct vmbus_channel *channel) * is updated. */ virt_rmb(); + start_read_index = rbi->ring_buffer->read_index; rbi->ring_buffer->read_index = rbi->priv_read_index; + if (!rbi->ring_buffer->feature_bits.feat_pending_send_sz) + return; + /* * Issue a full memory barrier before making the signaling decision. * Here is the reason for having this barrier: @@ -405,26 +420,29 @@ void hv_pkt_iter_close(struct vmbus_channel *channel) */ virt_mb(); - /* If host has disabled notifications then skip */ - if (rbi->ring_buffer->interrupt_mask) + pending_sz = READ_ONCE(rbi->ring_buffer->pending_send_sz); + if (!pending_sz) return; - if (rbi->ring_buffer->feature_bits.feat_pending_send_sz) { - u32 pending_sz = READ_ONCE(rbi->ring_buffer->pending_send_sz); + /* + * Ensure the read of write_index in hv_get_bytes_to_write() + * happens after the read of pending_send_sz. + */ + virt_rmb(); + curr_write_sz = hv_get_bytes_to_write(rbi); + bytes_read = hv_pkt_iter_bytes_read(rbi, start_read_index); - /* - * If there was space before we began iteration, - * then host was not blocked. Also handles case where - * pending_sz is zero then host has nothing pending - * and does not need to be signaled. - */ - if (orig_write_sz > pending_sz) - return; + /* + * If there was space before we began iteration, + * then host was not blocked. + */ - /* If pending write will not fit, don't give false hope. */ - if (hv_get_bytes_to_write(rbi) < pending_sz) - return; - } + if (curr_write_sz - bytes_read > pending_sz) + return; + + /* If pending write will not fit, don't give false hope. */ + if (curr_write_sz <= pending_sz) + return; vmbus_setevent(channel); } -- 2.15.1

7 years, 2 months

4
4
0 0

Patch "team: Fix double free in error path" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled team: Fix double free in error path to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: team-fix-double-free-in-error-path.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:33:08 CEST 2018 From: Arkadi Sharshevsky <arkadis(a)mellanox.com> Date: Thu, 8 Mar 2018 12:42:10 +0200 Subject: team: Fix double free in error path From: Arkadi Sharshevsky <arkadis(a)mellanox.com> [ Upstream commit cbcc607e18422555db569b593608aec26111cb0b ] The __send_and_alloc_skb() receives a skb ptr as a parameter but in case it fails the skb is not valid: - Send failed and released the skb internally. - Allocation failed. The current code tries to release the skb in case of failure which causes redundant freeing. Fixes: 9b00cf2d1024 ("team: implement multipart netlink messages for options transfers") Signed-off-by: Arkadi Sharshevsky <arkadis(a)mellanox.com> Acked-by: Jiri Pirko <jiri(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/team/team.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/net/team/team.c +++ b/drivers/net/team/team.c @@ -2380,7 +2380,7 @@ send_done: if (!nlh) { err = __send_and_alloc_skb(&skb, team, portid, send_func); if (err) - goto errout; + return err; goto send_done; } @@ -2660,7 +2660,7 @@ send_done: if (!nlh) { err = __send_and_alloc_skb(&skb, team, portid, send_func); if (err) - goto errout; + return err; goto send_done; } Patches currently in stable-queue which might be from arkadis(a)mellanox.com are queue-4.4/team-fix-double-free-in-error-path.patch

7 years, 2 months

1
0
0 0

Patch "s390/qeth: when thread completes, wake up all waiters" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled s390/qeth: when thread completes, wake up all waiters to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: s390-qeth-when-thread-completes-wake-up-all-waiters.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:33:08 CEST 2018 From: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Date: Tue, 20 Mar 2018 07:59:13 +0100 Subject: s390/qeth: when thread completes, wake up all waiters From: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> [ Upstream commit 1063e432bb45be209427ed3f1ca3908e4aa3c7d7 ] qeth_wait_for_threads() is potentially called by multiple users, make sure to notify all of them after qeth_clear_thread_running_bit() adjusted the thread_running_mask. With no timeout, callers would otherwise stall. Signed-off-by: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/s390/net/qeth_core_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/s390/net/qeth_core_main.c +++ b/drivers/s390/net/qeth_core_main.c @@ -952,7 +952,7 @@ void qeth_clear_thread_running_bit(struc spin_lock_irqsave(&card->thread_mask_lock, flags); card->thread_running_mask &= ~thread; spin_unlock_irqrestore(&card->thread_mask_lock, flags); - wake_up(&card->wait_q); + wake_up_all(&card->wait_q); } EXPORT_SYMBOL_GPL(qeth_clear_thread_running_bit); Patches currently in stable-queue which might be from jwi(a)linux.vnet.ibm.com are queue-4.4/s390-qeth-when-thread-completes-wake-up-all-waiters.patch queue-4.4/s390-qeth-lock-read-device-while-queueing-next-buffer.patch queue-4.4/net-iucv-free-memory-obtained-by-kzalloc.patch queue-4.4/s390-qeth-on-channel-error-reject-further-cmd-requests.patch queue-4.4/s390-qeth-free-netdevice-when-removing-a-card.patch

7 years, 2 months

1
0
0 0

Patch "skbuff: Fix not waking applications when errors are enqueued" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled skbuff: Fix not waking applications when errors are enqueued to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: skbuff-fix-not-waking-applications-when-errors-are-enqueued.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:33:08 CEST 2018 From: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> Date: Wed, 14 Mar 2018 13:32:09 -0700 Subject: skbuff: Fix not waking applications when errors are enqueued From: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> [ Upstream commit 6e5d58fdc9bedd0255a8781b258f10bbdc63e975 ] When errors are enqueued to the error queue via sock_queue_err_skb() function, it is possible that the waiting application is not notified. Calling 'sk->sk_data_ready()' would not notify applications that selected only POLLERR events in poll() (for example). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Randy E. Witt <randy.e.witt(a)intel.com> Reviewed-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/core/skbuff.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -3571,7 +3571,7 @@ int sock_queue_err_skb(struct sock *sk, skb_queue_tail(&sk->sk_error_queue, skb); if (!sock_flag(sk, SOCK_DEAD)) - sk->sk_data_ready(sk); + sk->sk_error_report(sk); return 0; } EXPORT_SYMBOL(sock_queue_err_skb); Patches currently in stable-queue which might be from vinicius.gomes(a)intel.com are queue-4.4/skbuff-fix-not-waking-applications-when-errors-are-enqueued.patch

7 years, 2 months

1
0
0 0

Patch "s390/qeth: on channel error, reject further cmd requests" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled s390/qeth: on channel error, reject further cmd requests to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: s390-qeth-on-channel-error-reject-further-cmd-requests.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:33:08 CEST 2018 From: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Date: Tue, 20 Mar 2018 07:59:15 +0100 Subject: s390/qeth: on channel error, reject further cmd requests From: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> [ Upstream commit a6c3d93963e4b333c764fde69802c3ea9eaa9d5c ] When the IRQ handler determines that one of the cmd IO channels has failed and schedules recovery, block any further cmd requests from being submitted. The request would inevitably stall, and prevent the recovery from making progress until the request times out. This sort of error was observed after Live Guest Relocation, where the pending IO on the READ channel intentionally gets terminated to kick-start recovery. Simultaneously the guest executed SIOCETHTOOL, triggering qeth to issue a QUERY CARD INFO command. The command then stalled in the inoperabel WRITE channel. Signed-off-by: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/s390/net/qeth_core_main.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/s390/net/qeth_core_main.c +++ b/drivers/s390/net/qeth_core_main.c @@ -1166,6 +1166,7 @@ static void qeth_irq(struct ccw_device * } rc = qeth_get_problem(cdev, irb); if (rc) { + card->read_or_write_problem = 1; qeth_clear_ipacmd_list(card); qeth_schedule_recovery(card); goto out; Patches currently in stable-queue which might be from jwi(a)linux.vnet.ibm.com are queue-4.4/s390-qeth-when-thread-completes-wake-up-all-waiters.patch queue-4.4/s390-qeth-lock-read-device-while-queueing-next-buffer.patch queue-4.4/net-iucv-free-memory-obtained-by-kzalloc.patch queue-4.4/s390-qeth-on-channel-error-reject-further-cmd-requests.patch queue-4.4/s390-qeth-free-netdevice-when-removing-a-card.patch

7 years, 2 months

1
0
0 0

Patch "s390/qeth: lock read device while queueing next buffer" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled s390/qeth: lock read device while queueing next buffer to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: s390-qeth-lock-read-device-while-queueing-next-buffer.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:33:08 CEST 2018 From: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Date: Tue, 20 Mar 2018 07:59:14 +0100 Subject: s390/qeth: lock read device while queueing next buffer From: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> [ Upstream commit 17bf8c9b3d499d5168537c98b61eb7a1fcbca6c2 ] For calling ccw_device_start(), issue_next_read() needs to hold the device's ccwlock. This is satisfied for the IRQ handler path (where qeth_irq() gets called under the ccwlock), but we need explicit locking for the initial call by the MPC initialization. Signed-off-by: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/s390/net/qeth_core_main.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) --- a/drivers/s390/net/qeth_core_main.c +++ b/drivers/s390/net/qeth_core_main.c @@ -517,8 +517,7 @@ static inline int qeth_is_cq(struct qeth queue == card->qdio.no_in_queues - 1; } - -static int qeth_issue_next_read(struct qeth_card *card) +static int __qeth_issue_next_read(struct qeth_card *card) { int rc; struct qeth_cmd_buffer *iob; @@ -549,6 +548,17 @@ static int qeth_issue_next_read(struct q return rc; } +static int qeth_issue_next_read(struct qeth_card *card) +{ + int ret; + + spin_lock_irq(get_ccwdev_lock(CARD_RDEV(card))); + ret = __qeth_issue_next_read(card); + spin_unlock_irq(get_ccwdev_lock(CARD_RDEV(card))); + + return ret; +} + static struct qeth_reply *qeth_alloc_reply(struct qeth_card *card) { struct qeth_reply *reply; @@ -1174,7 +1184,7 @@ static void qeth_irq(struct ccw_device * return; if (channel == &card->read && channel->state == CH_STATE_UP) - qeth_issue_next_read(card); + __qeth_issue_next_read(card); iob = channel->iob; index = channel->buf_no; Patches currently in stable-queue which might be from jwi(a)linux.vnet.ibm.com are queue-4.4/s390-qeth-when-thread-completes-wake-up-all-waiters.patch queue-4.4/s390-qeth-lock-read-device-while-queueing-next-buffer.patch queue-4.4/net-iucv-free-memory-obtained-by-kzalloc.patch queue-4.4/s390-qeth-on-channel-error-reject-further-cmd-requests.patch queue-4.4/s390-qeth-free-netdevice-when-removing-a-card.patch

7 years, 2 months

1
0
0 0

Patch "s390/qeth: free netdevice when removing a card" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled s390/qeth: free netdevice when removing a card to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: s390-qeth-free-netdevice-when-removing-a-card.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:33:08 CEST 2018 From: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Date: Tue, 20 Mar 2018 07:59:12 +0100 Subject: s390/qeth: free netdevice when removing a card From: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> [ Upstream commit 6be687395b3124f002a653c1a50b3260222b3cd7 ] On removal, a qeth card's netdevice is currently not properly freed because the call chain looks as follows: qeth_core_remove_device(card) lx_remove_device(card) unregister_netdev(card->dev) card->dev = NULL !!! qeth_core_free_card(card) if (card->dev) !!! free_netdev(card->dev) Fix it by free'ing the netdev straight after unregistering. This also fixes the sysfs-driven layer switch case (qeth_dev_layer2_store()), where the need to free the current netdevice was not considered at all. Note that free_netdev() takes care of the netif_napi_del() for us too. Fixes: 4a71df50047f ("qeth: new qeth device driver") Signed-off-by: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Reviewed-by: Ursula Braun <ubraun(a)linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/s390/net/qeth_core_main.c | 2 -- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- 3 files changed, 2 insertions(+), 4 deletions(-) --- a/drivers/s390/net/qeth_core_main.c +++ b/drivers/s390/net/qeth_core_main.c @@ -4969,8 +4969,6 @@ static void qeth_core_free_card(struct q QETH_DBF_HEX(SETUP, 2, &card, sizeof(void *)); qeth_clean_channel(&card->read); qeth_clean_channel(&card->write); - if (card->dev) - free_netdev(card->dev); kfree(card->ip_tbd_list); qeth_free_qdio_buffers(card); unregister_service_level(&card->qeth_service_level); --- a/drivers/s390/net/qeth_l2_main.c +++ b/drivers/s390/net/qeth_l2_main.c @@ -1062,8 +1062,8 @@ static void qeth_l2_remove_device(struct qeth_l2_set_offline(cgdev); if (card->dev) { - netif_napi_del(&card->napi); unregister_netdev(card->dev); + free_netdev(card->dev); card->dev = NULL; } return; --- a/drivers/s390/net/qeth_l3_main.c +++ b/drivers/s390/net/qeth_l3_main.c @@ -3243,8 +3243,8 @@ static void qeth_l3_remove_device(struct qeth_l3_set_offline(cgdev); if (card->dev) { - netif_napi_del(&card->napi); unregister_netdev(card->dev); + free_netdev(card->dev); card->dev = NULL; } Patches currently in stable-queue which might be from jwi(a)linux.vnet.ibm.com are queue-4.4/s390-qeth-when-thread-completes-wake-up-all-waiters.patch queue-4.4/s390-qeth-lock-read-device-while-queueing-next-buffer.patch queue-4.4/net-iucv-free-memory-obtained-by-kzalloc.patch queue-4.4/s390-qeth-on-channel-error-reject-further-cmd-requests.patch queue-4.4/s390-qeth-free-netdevice-when-removing-a-card.patch

7 years, 2 months

1
0
0 0

Patch "netlink: avoid a double skb free in genlmsg_mcast()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netlink: avoid a double skb free in genlmsg_mcast() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netlink-avoid-a-double-skb-free-in-genlmsg_mcast.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:33:08 CEST 2018 From: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Date: Wed, 14 Mar 2018 21:10:23 +0100 Subject: netlink: avoid a double skb free in genlmsg_mcast() From: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> [ Upstream commit 02a2385f37a7c6594c9d89b64c4a1451276f08eb ] nlmsg_multicast() consumes always the skb, thus the original skb must be freed only when this function is called with a clone. Fixes: cb9f7a9a5c96 ("netlink: ensure to loop over all netns in genlmsg_multicast_allns()") Reported-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/netlink/genetlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c @@ -1143,7 +1143,7 @@ static int genlmsg_mcast(struct sk_buff if (!err) delivered = true; else if (err != -ESRCH) - goto error; + return err; return delivered ? 0 : -ESRCH; error: kfree_skb(skb); Patches currently in stable-queue which might be from nicolas.dichtel(a)6wind.com are queue-4.4/netlink-avoid-a-double-skb-free-in-genlmsg_mcast.patch

7 years, 2 months

1
0
0 0

Patch "net: systemport: Rewrite __bcm_sysport_tx_reclaim()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: systemport: Rewrite __bcm_sysport_tx_reclaim() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-systemport-rewrite-__bcm_sysport_tx_reclaim.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Mar 28 20:16:33 CEST 2018 From: Florian Fainelli <f.fainelli(a)gmail.com> Date: Tue, 13 Mar 2018 14:45:07 -0700 Subject: net: systemport: Rewrite __bcm_sysport_tx_reclaim() From: Florian Fainelli <f.fainelli(a)gmail.com> [ Upstream commit 484d802d0f2f29c335563fcac2a8facf174a1bbc ] There is no need for complex checking between the last consumed index and current consumed index, a simple subtraction will do. This also eliminates the possibility of a permanent transmit queue stall under the following conditions: - one CPU bursts ring->size worth of traffic (up to 256 buffers), to the point where we run out of free descriptors, so we stop the transmit queue at the end of bcm_sysport_xmit() - because of our locking, we have the transmit process disable interrupts which means we can be blocking the TX reclamation process - when TX reclamation finally runs, we will be computing the difference between ring->c_index (last consumed index by SW) and what the HW reports through its register - this register is masked with (ring->size - 1) = 0xff, which will lead to stripping the upper bits of the index (register is 16-bits wide) - we will be computing last_tx_cn as 0, which means there is no work to be done, and we never wake-up the transmit queue, leaving it permanently disabled A practical example is e.g: ring->c_index aka last_c_index = 12, we pushed 256 entries, HW consumer index = 268, we mask it with 0xff = 12, so last_tx_cn == 0, nothing happens. Fixes: 80105befdb4b ("net: systemport: add Broadcom SYSTEMPORT Ethernet MAC driver") Signed-off-by: Florian Fainelli <f.fainelli(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/broadcom/bcmsysport.c | 33 +++++++++++++---------------- drivers/net/ethernet/broadcom/bcmsysport.h | 2 - 2 files changed, 16 insertions(+), 19 deletions(-) --- a/drivers/net/ethernet/broadcom/bcmsysport.c +++ b/drivers/net/ethernet/broadcom/bcmsysport.c @@ -729,37 +729,33 @@ static unsigned int __bcm_sysport_tx_rec struct bcm_sysport_tx_ring *ring) { struct net_device *ndev = priv->netdev; - unsigned int c_index, last_c_index, last_tx_cn, num_tx_cbs; unsigned int pkts_compl = 0, bytes_compl = 0; + unsigned int txbds_processed = 0; struct bcm_sysport_cb *cb; + unsigned int txbds_ready; + unsigned int c_index; u32 hw_ind; /* Compute how many descriptors have been processed since last call */ hw_ind = tdma_readl(priv, TDMA_DESC_RING_PROD_CONS_INDEX(ring->index)); c_index = (hw_ind >> RING_CONS_INDEX_SHIFT) & RING_CONS_INDEX_MASK; - ring->p_index = (hw_ind & RING_PROD_INDEX_MASK); - - last_c_index = ring->c_index; - num_tx_cbs = ring->size; - - c_index &= (num_tx_cbs - 1); - - if (c_index >= last_c_index) - last_tx_cn = c_index - last_c_index; - else - last_tx_cn = num_tx_cbs - last_c_index + c_index; + txbds_ready = (c_index - ring->c_index) & RING_CONS_INDEX_MASK; netif_dbg(priv, tx_done, ndev, - "ring=%d c_index=%d last_tx_cn=%d last_c_index=%d\n", - ring->index, c_index, last_tx_cn, last_c_index); + "ring=%d old_c_index=%u c_index=%u txbds_ready=%u\n", + ring->index, ring->c_index, c_index, txbds_ready); - while (last_tx_cn-- > 0) { - cb = ring->cbs + last_c_index; + while (txbds_processed < txbds_ready) { + cb = &ring->cbs[ring->clean_index]; bcm_sysport_tx_reclaim_one(priv, cb, &bytes_compl, &pkts_compl); ring->desc_count++; - last_c_index++; - last_c_index &= (num_tx_cbs - 1); + txbds_processed++; + + if (likely(ring->clean_index < ring->size - 1)) + ring->clean_index++; + else + ring->clean_index = 0; } ring->c_index = c_index; @@ -1229,6 +1225,7 @@ static int bcm_sysport_init_tx_ring(stru netif_napi_add(priv->netdev, &ring->napi, bcm_sysport_tx_poll, 64); ring->index = index; ring->size = size; + ring->clean_index = 0; ring->alloc_size = ring->size; ring->desc_cpu = p; ring->desc_count = ring->size; --- a/drivers/net/ethernet/broadcom/bcmsysport.h +++ b/drivers/net/ethernet/broadcom/bcmsysport.h @@ -638,7 +638,7 @@ struct bcm_sysport_tx_ring { unsigned int desc_count; /* Number of descriptors */ unsigned int curr_desc; /* Current descriptor */ unsigned int c_index; /* Last consumer index */ - unsigned int p_index; /* Current producer index */ + unsigned int clean_index; /* Current clean index */ struct bcm_sysport_cb *cbs; /* Transmit control blocks */ struct dma_desc *desc_cpu; /* CPU view of the descriptor */ struct bcm_sysport_priv *priv; /* private context backpointer */ Patches currently in stable-queue which might be from f.fainelli(a)gmail.com are queue-4.4/net-systemport-rewrite-__bcm_sysport_tx_reclaim.patch queue-4.4/net-fec-fix-unbalanced-pm-runtime-calls.patch

7 years, 2 months

1
0
0 0

Patch "net/iucv: Free memory obtained by kzalloc" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/iucv: Free memory obtained by kzalloc to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-iucv-free-memory-obtained-by-kzalloc.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:33:08 CEST 2018 From: Arvind Yadav <arvind.yadav.cs(a)gmail.com> Date: Tue, 13 Mar 2018 16:50:06 +0100 Subject: net/iucv: Free memory obtained by kzalloc From: Arvind Yadav <arvind.yadav.cs(a)gmail.com> [ Upstream commit fa6a91e9b907231d2e38ea5ed89c537b3525df3d ] Free memory by calling put_device(), if afiucv_iucv_init is not successful. Signed-off-by: Arvind Yadav <arvind.yadav.cs(a)gmail.com> Reviewed-by: Cornelia Huck <cohuck(a)redhat.com> Signed-off-by: Ursula Braun <ursula.braun(a)de.ibm.com> Signed-off-by: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/iucv/af_iucv.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c @@ -2381,9 +2381,11 @@ static int afiucv_iucv_init(void) af_iucv_dev->driver = &af_iucv_driver; err = device_register(af_iucv_dev); if (err) - goto out_driver; + goto out_iucv_dev; return 0; +out_iucv_dev: + put_device(af_iucv_dev); out_driver: driver_unregister(&af_iucv_driver); out_iucv: Patches currently in stable-queue which might be from arvind.yadav.cs(a)gmail.com are queue-4.4/net-iucv-free-memory-obtained-by-kzalloc.patch

7 years, 2 months

1
0
0 0

Patch "net: Only honor ifindex in IP_PKTINFO if non-0" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: Only honor ifindex in IP_PKTINFO if non-0 to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-only-honor-ifindex-in-ip_pktinfo-if-non-0.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:33:08 CEST 2018 From: David Ahern <dsahern(a)gmail.com> Date: Fri, 16 Feb 2018 11:03:03 -0800 Subject: net: Only honor ifindex in IP_PKTINFO if non-0 From: David Ahern <dsahern(a)gmail.com> [ Upstream commit 2cbb4ea7de167b02ffa63e9cdfdb07a7e7094615 ] Only allow ifindex from IP_PKTINFO to override SO_BINDTODEVICE settings if the index is actually set in the message. Signed-off-by: David Ahern <dsahern(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/ip_sockglue.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -241,7 +241,8 @@ int ip_cmsg_send(struct net *net, struct src_info = (struct in6_pktinfo *)CMSG_DATA(cmsg); if (!ipv6_addr_v4mapped(&src_info->ipi6_addr)) return -EINVAL; - ipc->oif = src_info->ipi6_ifindex; + if (src_info->ipi6_ifindex) + ipc->oif = src_info->ipi6_ifindex; ipc->addr = src_info->ipi6_addr.s6_addr32[3]; continue; } @@ -264,7 +265,8 @@ int ip_cmsg_send(struct net *net, struct if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct in_pktinfo))) return -EINVAL; info = (struct in_pktinfo *)CMSG_DATA(cmsg); - ipc->oif = info->ipi_ifindex; + if (info->ipi_ifindex) + ipc->oif = info->ipi_ifindex; ipc->addr = info->ipi_spec_dst.s_addr; break; } Patches currently in stable-queue which might be from dsahern(a)gmail.com are queue-4.4/net-only-honor-ifindex-in-ip_pktinfo-if-non-0.patch

7 years, 2 months

1
0
0 0

Patch "net: Fix hlist corruptions in inet_evict_bucket()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: Fix hlist corruptions in inet_evict_bucket() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-fix-hlist-corruptions-in-inet_evict_bucket.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:33:08 CEST 2018 From: Kirill Tkhai <ktkhai(a)virtuozzo.com> Date: Tue, 6 Mar 2018 18:46:39 +0300 Subject: net: Fix hlist corruptions in inet_evict_bucket() From: Kirill Tkhai <ktkhai(a)virtuozzo.com> [ Upstream commit a560002437d3646dafccecb1bf32d1685112ddda ] inet_evict_bucket() iterates global list, and several tasks may call it in parallel. All of them hash the same fq->list_evictor to different lists, which leads to list corruption. This patch makes fq be hashed to expired list only if this has not been made yet by another task. Since inet_frag_alloc() allocates fq using kmem_cache_zalloc(), we may rely on list_evictor is initially unhashed. The problem seems to exist before async pernet_operations, as there was possible to have exit method to be executed in parallel with inet_frags::frags_work, so I add two Fixes tags. This also may go to stable. Fixes: d1fe19444d82 "inet: frag: don't re-use chainlist for evictor" Fixes: f84c6821aa54 "net: Convert pernet_subsys, registered from inet_init()" Signed-off-by: Kirill Tkhai <ktkhai(a)virtuozzo.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/inet_fragment.c | 3 +++ 1 file changed, 3 insertions(+) --- a/net/ipv4/inet_fragment.c +++ b/net/ipv4/inet_fragment.c @@ -119,6 +119,9 @@ out: static bool inet_fragq_should_evict(const struct inet_frag_queue *q) { + if (!hlist_unhashed(&q->list_evictor)) + return false; + return q->net->low_thresh == 0 || frag_mem_limit(q->net) >= q->net->low_thresh; } Patches currently in stable-queue which might be from ktkhai(a)virtuozzo.com are queue-4.4/net-fix-hlist-corruptions-in-inet_evict_bucket.patch

7 years, 2 months

1
0
0 0

Patch "net: fec: Fix unbalanced PM runtime calls" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: fec: Fix unbalanced PM runtime calls to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-fec-fix-unbalanced-pm-runtime-calls.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:33:08 CEST 2018 From: Florian Fainelli <f.fainelli(a)gmail.com> Date: Sun, 18 Mar 2018 12:49:51 -0700 Subject: net: fec: Fix unbalanced PM runtime calls From: Florian Fainelli <f.fainelli(a)gmail.com> [ Upstream commit a069215cf5985f3aa1bba550264907d6bd05c5f7 ] When unbinding/removing the driver, we will run into the following warnings: [ 259.655198] fec 400d1000.ethernet: 400d1000.ethernet supply phy not found, using dummy regulator [ 259.665065] fec 400d1000.ethernet: Unbalanced pm_runtime_enable! [ 259.672770] fec 400d1000.ethernet (unnamed net_device) (uninitialized): Invalid MAC address: 00:00:00:00:00:00 [ 259.683062] fec 400d1000.ethernet (unnamed net_device) (uninitialized): Using random MAC address: f2:3e:93:b7:29:c1 [ 259.696239] libphy: fec_enet_mii_bus: probed Avoid these warnings by balancing the runtime PM calls during fec_drv_remove(). Signed-off-by: Florian Fainelli <f.fainelli(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/freescale/fec_main.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/net/ethernet/freescale/fec_main.c +++ b/drivers/net/ethernet/freescale/fec_main.c @@ -3539,6 +3539,8 @@ fec_drv_remove(struct platform_device *p fec_enet_mii_remove(fep); if (fep->reg_phy) regulator_disable(fep->reg_phy); + pm_runtime_put(&pdev->dev); + pm_runtime_disable(&pdev->dev); of_node_put(fep->phy_node); free_netdev(ndev); Patches currently in stable-queue which might be from f.fainelli(a)gmail.com are queue-4.4/net-systemport-rewrite-__bcm_sysport_tx_reclaim.patch queue-4.4/net-fec-fix-unbalanced-pm-runtime-calls.patch

7 years, 2 months

1
0
0 0

Patch "net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-ethernet-arc-fix-a-potential-memory-leak-if-an-optional-regulator-is-deferred.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:33:08 CEST 2018 From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Date: Sun, 18 Mar 2018 23:59:36 +0100 Subject: net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> [ Upstream commit 00777fac28ba3e126b9e63e789a613e8bd2cab25 ] If the optional regulator is deferred, we must release some resources. They will be re-allocated when the probe function will be called again. Fixes: 6eacf31139bf ("ethernet: arc: Add support for Rockchip SoC layer device tree bindings") Signed-off-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/arc/emac_rockchip.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/net/ethernet/arc/emac_rockchip.c +++ b/drivers/net/ethernet/arc/emac_rockchip.c @@ -150,8 +150,10 @@ static int emac_rockchip_probe(struct pl /* Optional regulator for PHY */ priv->regulator = devm_regulator_get_optional(dev, "phy"); if (IS_ERR(priv->regulator)) { - if (PTR_ERR(priv->regulator) == -EPROBE_DEFER) - return -EPROBE_DEFER; + if (PTR_ERR(priv->regulator) == -EPROBE_DEFER) { + err = -EPROBE_DEFER; + goto out_clk_disable; + } dev_err(dev, "no regulator found\n"); priv->regulator = NULL; } Patches currently in stable-queue which might be from christophe.jaillet(a)wanadoo.fr are queue-4.4/net-ethernet-arc-fix-a-potential-memory-leak-if-an-optional-regulator-is-deferred.patch

7 years, 2 months

1
0
0 0

Patch "net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-ethernet-ti-cpsw-add-check-for-in-band-mode-setting-with-rgmii-phy-interface.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:33:08 CEST 2018 From: "SZ Lin (林上智)" <sz.lin(a)moxa.com> Date: Fri, 16 Mar 2018 00:56:01 +0800 Subject: net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface From: "SZ Lin (林上智)" <sz.lin(a)moxa.com> [ Upstream commit f9db50691db4a7d860fce985f080bb3fc23a7ede ] According to AM335x TRM[1] 14.3.6.2, AM437x TRM[2] 15.3.6.2 and DRA7 TRM[3] 24.11.4.8.7.3.3, in-band mode in EXT_EN(bit18) register is only available when PHY is configured in RGMII mode with 10Mbps speed. It will cause some networking issues without RGMII mode, such as carrier sense errors and low throughput. TI also mentioned this issue in their forum[4]. This patch adds the check mechanism for PHY interface with RGMII interface type, the in-band mode can only be set in RGMII mode with 10Mbps speed. References: [1]: https://www.ti.com/lit/ug/spruh73p/spruh73p.pdf [2]: http://www.ti.com/lit/ug/spruhl7h/spruhl7h.pdf [3]: http://www.ti.com/lit/ug/spruic2b/spruic2b.pdf [4]: https://e2e.ti.com/support/arm/sitara_arm/f/791/p/640765/2392155 Suggested-by: Holsety Chen (陳憲輝) <Holsety.Chen(a)moxa.com> Signed-off-by: SZ Lin (林上智) <sz.lin(a)moxa.com> Signed-off-by: Schuyler Patton <spatton(a)ti.com> Reviewed-by: Grygorii Strashko <grygorii.strashko(a)ti.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/ti/cpsw.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/net/ethernet/ti/cpsw.c +++ b/drivers/net/ethernet/ti/cpsw.c @@ -878,7 +878,8 @@ static void _cpsw_adjust_link(struct cps /* set speed_in input in case RMII mode is used in 100Mbps */ if (phy->speed == 100) mac_control |= BIT(15); - else if (phy->speed == 10) + /* in band mode only works in 10Mbps RGMII mode */ + else if ((phy->speed == 10) && phy_interface_is_rgmii(phy)) mac_control |= BIT(18); /* In Band mode */ if (priv->rx_pause) Patches currently in stable-queue which might be from sz.lin(a)moxa.com are queue-4.4/net-ethernet-ti-cpsw-add-check-for-in-band-mode-setting-with-rgmii-phy-interface.patch

7 years, 2 months

1
0
0 0

Patch "l2tp: do not accept arbitrary sockets" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled l2tp: do not accept arbitrary sockets to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: l2tp-do-not-accept-arbitrary-sockets.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:33:08 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Tue, 6 Mar 2018 07:54:53 -0800 Subject: l2tp: do not accept arbitrary sockets From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 17cfe79a65f98abe535261856c5aef14f306dff7 ] syzkaller found an issue caused by lack of sufficient checks in l2tp_tunnel_create() RAW sockets can not be considered as UDP ones for instance. In another patch, we shall replace all pr_err() by less intrusive pr_debug() so that syzkaller can find other bugs faster. Acked-by: Guillaume Nault <g.nault(a)alphalink.fr> Acked-by: James Chapman <jchapman(a)katalix.com> ================================================================== BUG: KASAN: slab-out-of-bounds in setup_udp_tunnel_sock+0x3ee/0x5f0 net/ipv4/udp_tunnel.c:69 dst_release: dst:00000000d53d0d0f refcnt:-1 Write of size 1 at addr ffff8801d013b798 by task syz-executor3/6242 CPU: 1 PID: 6242 Comm: syz-executor3 Not tainted 4.16.0-rc2+ #253 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 print_address_description+0x73/0x250 mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report+0x23b/0x360 mm/kasan/report.c:412 __asan_report_store1_noabort+0x17/0x20 mm/kasan/report.c:435 setup_udp_tunnel_sock+0x3ee/0x5f0 net/ipv4/udp_tunnel.c:69 l2tp_tunnel_create+0x1354/0x17f0 net/l2tp/l2tp_core.c:1596 pppol2tp_connect+0x14b1/0x1dd0 net/l2tp/l2tp_ppp.c:707 SYSC_connect+0x213/0x4a0 net/socket.c:1640 SyS_connect+0x24/0x30 net/socket.c:1621 do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/l2tp/l2tp_core.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/net/l2tp/l2tp_core.c +++ b/net/l2tp/l2tp_core.c @@ -1518,9 +1518,14 @@ int l2tp_tunnel_create(struct net *net, encap = cfg->encap; /* Quick sanity checks */ + err = -EPROTONOSUPPORT; + if (sk->sk_type != SOCK_DGRAM) { + pr_debug("tunl %hu: fd %d wrong socket type\n", + tunnel_id, fd); + goto err; + } switch (encap) { case L2TP_ENCAPTYPE_UDP: - err = -EPROTONOSUPPORT; if (sk->sk_protocol != IPPROTO_UDP) { pr_err("tunl %hu: fd %d wrong protocol, got %d, expected %d\n", tunnel_id, fd, sk->sk_protocol, IPPROTO_UDP); @@ -1528,7 +1533,6 @@ int l2tp_tunnel_create(struct net *net, } break; case L2TP_ENCAPTYPE_IP: - err = -EPROTONOSUPPORT; if (sk->sk_protocol != IPPROTO_L2TP) { pr_err("tunl %hu: fd %d wrong protocol, got %d, expected %d\n", tunnel_id, fd, sk->sk_protocol, IPPROTO_L2TP); Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.4/ipv6-fix-access-to-non-linear-packet-in-ndisc_fill_redirect_hdr_option.patch queue-4.4/skbuff-fix-not-waking-applications-when-errors-are-enqueued.patch queue-4.4/l2tp-do-not-accept-arbitrary-sockets.patch queue-4.4/ieee802154-6lowpan-fix-possible-null-deref-in-lowpan_device_event.patch

7 years, 2 months

1
0
0 0

Patch "ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipv6-fix-access-to-non-linear-packet-in-ndisc_fill_redirect_hdr_option.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:33:08 CEST 2018 From: Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> Date: Thu, 8 Mar 2018 17:00:02 +0100 Subject: ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() From: Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> [ Upstream commit 9f62c15f28b0d1d746734666d88a79f08ba1e43e ] Fix the following slab-out-of-bounds kasan report in ndisc_fill_redirect_hdr_option when the incoming ipv6 packet is not linear and the accessed data are not in the linear data region of orig_skb. [ 1503.122508] ================================================================== [ 1503.122832] BUG: KASAN: slab-out-of-bounds in ndisc_send_redirect+0x94e/0x990 [ 1503.123036] Read of size 1184 at addr ffff8800298ab6b0 by task netperf/1932 [ 1503.123220] CPU: 0 PID: 1932 Comm: netperf Not tainted 4.16.0-rc2+ #124 [ 1503.123347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.10.2-2.fc27 04/01/2014 [ 1503.123527] Call Trace: [ 1503.123579] <IRQ> [ 1503.123638] print_address_description+0x6e/0x280 [ 1503.123849] kasan_report+0x233/0x350 [ 1503.123946] memcpy+0x1f/0x50 [ 1503.124037] ndisc_send_redirect+0x94e/0x990 [ 1503.125150] ip6_forward+0x1242/0x13b0 [...] [ 1503.153890] Allocated by task 1932: [ 1503.153982] kasan_kmalloc+0x9f/0xd0 [ 1503.154074] __kmalloc_track_caller+0xb5/0x160 [ 1503.154198] __kmalloc_reserve.isra.41+0x24/0x70 [ 1503.154324] __alloc_skb+0x130/0x3e0 [ 1503.154415] sctp_packet_transmit+0x21a/0x1810 [ 1503.154533] sctp_outq_flush+0xc14/0x1db0 [ 1503.154624] sctp_do_sm+0x34e/0x2740 [ 1503.154715] sctp_primitive_SEND+0x57/0x70 [ 1503.154807] sctp_sendmsg+0xaa6/0x1b10 [ 1503.154897] sock_sendmsg+0x68/0x80 [ 1503.154987] ___sys_sendmsg+0x431/0x4b0 [ 1503.155078] __sys_sendmsg+0xa4/0x130 [ 1503.155168] do_syscall_64+0x171/0x3f0 [ 1503.155259] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1503.155436] Freed by task 1932: [ 1503.155527] __kasan_slab_free+0x134/0x180 [ 1503.155618] kfree+0xbc/0x180 [ 1503.155709] skb_release_data+0x27f/0x2c0 [ 1503.155800] consume_skb+0x94/0xe0 [ 1503.155889] sctp_chunk_put+0x1aa/0x1f0 [ 1503.155979] sctp_inq_pop+0x2f8/0x6e0 [ 1503.156070] sctp_assoc_bh_rcv+0x6a/0x230 [ 1503.156164] sctp_inq_push+0x117/0x150 [ 1503.156255] sctp_backlog_rcv+0xdf/0x4a0 [ 1503.156346] __release_sock+0x142/0x250 [ 1503.156436] release_sock+0x80/0x180 [ 1503.156526] sctp_sendmsg+0xbb0/0x1b10 [ 1503.156617] sock_sendmsg+0x68/0x80 [ 1503.156708] ___sys_sendmsg+0x431/0x4b0 [ 1503.156799] __sys_sendmsg+0xa4/0x130 [ 1503.156889] do_syscall_64+0x171/0x3f0 [ 1503.156980] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1503.157158] The buggy address belongs to the object at ffff8800298ab600 which belongs to the cache kmalloc-1024 of size 1024 [ 1503.157444] The buggy address is located 176 bytes inside of 1024-byte region [ffff8800298ab600, ffff8800298aba00) [ 1503.157702] The buggy address belongs to the page: [ 1503.157820] page:ffffea0000a62a00 count:1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0 [ 1503.158053] flags: 0x4000000000008100(slab|head) [ 1503.158171] raw: 4000000000008100 0000000000000000 0000000000000000 00000001800e000e [ 1503.158350] raw: dead000000000100 dead000000000200 ffff880036002600 0000000000000000 [ 1503.158523] page dumped because: kasan: bad access detected [ 1503.158698] Memory state around the buggy address: [ 1503.158816] ffff8800298ab900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1503.158988] ffff8800298ab980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1503.159165] >ffff8800298aba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1503.159338] ^ [ 1503.159436] ffff8800298aba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1503.159610] ffff8800298abb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1503.159785] ================================================================== [ 1503.159964] Disabling lock debugging due to kernel taint The test scenario to trigger the issue consists of 4 devices: - H0: data sender, connected to LAN0 - H1: data receiver, connected to LAN1 - GW0 and GW1: routers between LAN0 and LAN1. Both of them have an ethernet connection on LAN0 and LAN1 On H{0,1} set GW0 as default gateway while on GW0 set GW1 as next hop for data from LAN0 to LAN1. Moreover create an ip6ip6 tunnel between H0 and H1 and send 3 concurrent data streams (TCP/UDP/SCTP) from H0 to H1 through ip6ip6 tunnel (send buffer size is set to 16K). While data streams are active flush the route cache on HA multiple times. I have not been able to identify a given commit that introduced the issue since, using the reproducer described above, the kasan report has been triggered from 4.14 and I have not gone back further. Reported-by: Jianlin Shi <jishi(a)redhat.com> Reviewed-by: Stefano Brivio <sbrivio(a)redhat.com> Reviewed-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ndisc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/ipv6/ndisc.c +++ b/net/ipv6/ndisc.c @@ -1478,7 +1478,8 @@ static void ndisc_fill_redirect_hdr_opti *(opt++) = (rd_len >> 3); opt += 6; - memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8); + skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt, + rd_len - 8); } void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target) Patches currently in stable-queue which might be from lorenzo.bianconi(a)redhat.com are queue-4.4/ipv6-fix-access-to-non-linear-packet-in-ndisc_fill_redirect_hdr_option.patch

7 years, 2 months

1
0
0 0

Patch "ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ieee802154-6lowpan-fix-possible-null-deref-in-lowpan_device_event.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:33:08 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Mon, 5 Mar 2018 08:51:03 -0800 Subject: ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit ca0edb131bdf1e6beaeb2b8289fd6b374b74147d ] A tun device type can trivially be set to arbitrary value using TUNSETLINK ioctl(). Therefore, lowpan_device_event() must really check that ieee802154_ptr is not NULL. Fixes: 2c88b5283f60d ("ieee802154: 6lowpan: remove check on null") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Alexander Aring <alex.aring(a)gmail.com> Cc: Stefan Schmidt <stefan(a)osg.samsung.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Acked-by: Stefan Schmidt <stefan(a)osg.samsung.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ieee802154/6lowpan/core.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) --- a/net/ieee802154/6lowpan/core.c +++ b/net/ieee802154/6lowpan/core.c @@ -206,9 +206,13 @@ static inline void lowpan_netlink_fini(v static int lowpan_device_event(struct notifier_block *unused, unsigned long event, void *ptr) { - struct net_device *wdev = netdev_notifier_info_to_dev(ptr); + struct net_device *ndev = netdev_notifier_info_to_dev(ptr); + struct wpan_dev *wpan_dev; - if (wdev->type != ARPHRD_IEEE802154) + if (ndev->type != ARPHRD_IEEE802154) + return NOTIFY_DONE; + wpan_dev = ndev->ieee802154_ptr; + if (!wpan_dev) goto out; switch (event) { @@ -217,8 +221,8 @@ static int lowpan_device_event(struct no * also delete possible lowpan interfaces which belongs * to the wpan interface. */ - if (wdev->ieee802154_ptr->lowpan_dev) - lowpan_dellink(wdev->ieee802154_ptr->lowpan_dev, NULL); + if (wpan_dev->lowpan_dev) + lowpan_dellink(wpan_dev->lowpan_dev, NULL); break; default: break; Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.4/ipv6-fix-access-to-non-linear-packet-in-ndisc_fill_redirect_hdr_option.patch queue-4.4/skbuff-fix-not-waking-applications-when-errors-are-enqueued.patch queue-4.4/l2tp-do-not-accept-arbitrary-sockets.patch queue-4.4/ieee802154-6lowpan-fix-possible-null-deref-in-lowpan_device_event.patch

7 years, 2 months

1
0
0 0

Patch "dccp: check sk for closed state in dccp_sendmsg()" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dccp: check sk for closed state in dccp_sendmsg() to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dccp-check-sk-for-closed-state-in-dccp_sendmsg.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:33:08 CEST 2018 From: Alexey Kodanev <alexey.kodanev(a)oracle.com> Date: Tue, 6 Mar 2018 22:57:01 +0300 Subject: dccp: check sk for closed state in dccp_sendmsg() From: Alexey Kodanev <alexey.kodanev(a)oracle.com> [ Upstream commit 67f93df79aeefc3add4e4b31a752600f834236e2 ] dccp_disconnect() sets 'dp->dccps_hc_tx_ccid' tx handler to NULL, therefore if DCCP socket is disconnected and dccp_sendmsg() is called after it, it will cause a NULL pointer dereference in dccp_write_xmit(). This crash and the reproducer was reported by syzbot. Looks like it is reproduced if commit 69c64866ce07 ("dccp: CVE-2017-8824: use-after-free in DCCP code") is applied. Reported-by: syzbot+f99ab3887ab65d70f816(a)syzkaller.appspotmail.com Signed-off-by: Alexey Kodanev <alexey.kodanev(a)oracle.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/dccp/proto.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/net/dccp/proto.c +++ b/net/dccp/proto.c @@ -789,6 +789,11 @@ int dccp_sendmsg(struct sock *sk, struct if (skb == NULL) goto out_release; + if (sk->sk_state == DCCP_CLOSED) { + rc = -ENOTCONN; + goto out_discard; + } + skb_reserve(skb, sk->sk_prot->max_header); rc = memcpy_from_msg(skb_put(skb, len), msg, len); if (rc != 0) Patches currently in stable-queue which might be from alexey.kodanev(a)oracle.com are queue-4.4/dccp-check-sk-for-closed-state-in-dccp_sendmsg.patch

7 years, 2 months

1
0
0 0

Patch "team: Fix double free in error path" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled team: Fix double free in error path to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: team-fix-double-free-in-error-path.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:53:48 CEST 2018 From: Arkadi Sharshevsky <arkadis(a)mellanox.com> Date: Thu, 8 Mar 2018 12:42:10 +0200 Subject: team: Fix double free in error path From: Arkadi Sharshevsky <arkadis(a)mellanox.com> [ Upstream commit cbcc607e18422555db569b593608aec26111cb0b ] The __send_and_alloc_skb() receives a skb ptr as a parameter but in case it fails the skb is not valid: - Send failed and released the skb internally. - Allocation failed. The current code tries to release the skb in case of failure which causes redundant freeing. Fixes: 9b00cf2d1024 ("team: implement multipart netlink messages for options transfers") Signed-off-by: Arkadi Sharshevsky <arkadis(a)mellanox.com> Acked-by: Jiri Pirko <jiri(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/team/team.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/net/team/team.c +++ b/drivers/net/team/team.c @@ -2368,7 +2368,7 @@ send_done: if (!nlh) { err = __send_and_alloc_skb(&skb, team, portid, send_func); if (err) - goto errout; + return err; goto send_done; } @@ -2648,7 +2648,7 @@ send_done: if (!nlh) { err = __send_and_alloc_skb(&skb, team, portid, send_func); if (err) - goto errout; + return err; goto send_done; } Patches currently in stable-queue which might be from arkadis(a)mellanox.com are queue-3.18/team-fix-double-free-in-error-path.patch

7 years, 2 months

1
0
0 0

Patch "skbuff: Fix not waking applications when errors are enqueued" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled skbuff: Fix not waking applications when errors are enqueued to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: skbuff-fix-not-waking-applications-when-errors-are-enqueued.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:53:48 CEST 2018 From: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> Date: Wed, 14 Mar 2018 13:32:09 -0700 Subject: skbuff: Fix not waking applications when errors are enqueued From: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> [ Upstream commit 6e5d58fdc9bedd0255a8781b258f10bbdc63e975 ] When errors are enqueued to the error queue via sock_queue_err_skb() function, it is possible that the waiting application is not notified. Calling 'sk->sk_data_ready()' would not notify applications that selected only POLLERR events in poll() (for example). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Randy E. Witt <randy.e.witt(a)intel.com> Reviewed-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/core/skbuff.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -3527,7 +3527,7 @@ int sock_queue_err_skb(struct sock *sk, skb_queue_tail(&sk->sk_error_queue, skb); if (!sock_flag(sk, SOCK_DEAD)) - sk->sk_data_ready(sk); + sk->sk_error_report(sk); return 0; } EXPORT_SYMBOL(sock_queue_err_skb); Patches currently in stable-queue which might be from vinicius.gomes(a)intel.com are queue-3.18/skbuff-fix-not-waking-applications-when-errors-are-enqueued.patch

7 years, 2 months

1
0
0 0

Patch "s390/qeth: when thread completes, wake up all waiters" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled s390/qeth: when thread completes, wake up all waiters to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: s390-qeth-when-thread-completes-wake-up-all-waiters.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:53:48 CEST 2018 From: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Date: Tue, 20 Mar 2018 07:59:13 +0100 Subject: s390/qeth: when thread completes, wake up all waiters From: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> [ Upstream commit 1063e432bb45be209427ed3f1ca3908e4aa3c7d7 ] qeth_wait_for_threads() is potentially called by multiple users, make sure to notify all of them after qeth_clear_thread_running_bit() adjusted the thread_running_mask. With no timeout, callers would otherwise stall. Signed-off-by: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/s390/net/qeth_core_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/s390/net/qeth_core_main.c +++ b/drivers/s390/net/qeth_core_main.c @@ -944,7 +944,7 @@ void qeth_clear_thread_running_bit(struc spin_lock_irqsave(&card->thread_mask_lock, flags); card->thread_running_mask &= ~thread; spin_unlock_irqrestore(&card->thread_mask_lock, flags); - wake_up(&card->wait_q); + wake_up_all(&card->wait_q); } EXPORT_SYMBOL_GPL(qeth_clear_thread_running_bit); Patches currently in stable-queue which might be from jwi(a)linux.vnet.ibm.com are queue-3.18/s390-qeth-when-thread-completes-wake-up-all-waiters.patch queue-3.18/s390-qeth-lock-read-device-while-queueing-next-buffer.patch queue-3.18/net-iucv-free-memory-obtained-by-kzalloc.patch queue-3.18/s390-qeth-on-channel-error-reject-further-cmd-requests.patch queue-3.18/s390-qeth-free-netdevice-when-removing-a-card.patch

7 years, 2 months

1
0
0 0

Patch "s390/qeth: on channel error, reject further cmd requests" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled s390/qeth: on channel error, reject further cmd requests to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: s390-qeth-on-channel-error-reject-further-cmd-requests.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:53:48 CEST 2018 From: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Date: Tue, 20 Mar 2018 07:59:15 +0100 Subject: s390/qeth: on channel error, reject further cmd requests From: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> [ Upstream commit a6c3d93963e4b333c764fde69802c3ea9eaa9d5c ] When the IRQ handler determines that one of the cmd IO channels has failed and schedules recovery, block any further cmd requests from being submitted. The request would inevitably stall, and prevent the recovery from making progress until the request times out. This sort of error was observed after Live Guest Relocation, where the pending IO on the READ channel intentionally gets terminated to kick-start recovery. Simultaneously the guest executed SIOCETHTOOL, triggering qeth to issue a QUERY CARD INFO command. The command then stalled in the inoperabel WRITE channel. Signed-off-by: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/s390/net/qeth_core_main.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/s390/net/qeth_core_main.c +++ b/drivers/s390/net/qeth_core_main.c @@ -1158,6 +1158,7 @@ static void qeth_irq(struct ccw_device * } rc = qeth_get_problem(cdev, irb); if (rc) { + card->read_or_write_problem = 1; qeth_clear_ipacmd_list(card); qeth_schedule_recovery(card); goto out; Patches currently in stable-queue which might be from jwi(a)linux.vnet.ibm.com are queue-3.18/s390-qeth-when-thread-completes-wake-up-all-waiters.patch queue-3.18/s390-qeth-lock-read-device-while-queueing-next-buffer.patch queue-3.18/net-iucv-free-memory-obtained-by-kzalloc.patch queue-3.18/s390-qeth-on-channel-error-reject-further-cmd-requests.patch queue-3.18/s390-qeth-free-netdevice-when-removing-a-card.patch

7 years, 2 months

1
0
0 0

Patch "s390/qeth: lock read device while queueing next buffer" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled s390/qeth: lock read device while queueing next buffer to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: s390-qeth-lock-read-device-while-queueing-next-buffer.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:53:48 CEST 2018 From: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Date: Tue, 20 Mar 2018 07:59:14 +0100 Subject: s390/qeth: lock read device while queueing next buffer From: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> [ Upstream commit 17bf8c9b3d499d5168537c98b61eb7a1fcbca6c2 ] For calling ccw_device_start(), issue_next_read() needs to hold the device's ccwlock. This is satisfied for the IRQ handler path (where qeth_irq() gets called under the ccwlock), but we need explicit locking for the initial call by the MPC initialization. Signed-off-by: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/s390/net/qeth_core_main.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) --- a/drivers/s390/net/qeth_core_main.c +++ b/drivers/s390/net/qeth_core_main.c @@ -517,8 +517,7 @@ static inline int qeth_is_cq(struct qeth queue == card->qdio.no_in_queues - 1; } - -static int qeth_issue_next_read(struct qeth_card *card) +static int __qeth_issue_next_read(struct qeth_card *card) { int rc; struct qeth_cmd_buffer *iob; @@ -549,6 +548,17 @@ static int qeth_issue_next_read(struct q return rc; } +static int qeth_issue_next_read(struct qeth_card *card) +{ + int ret; + + spin_lock_irq(get_ccwdev_lock(CARD_RDEV(card))); + ret = __qeth_issue_next_read(card); + spin_unlock_irq(get_ccwdev_lock(CARD_RDEV(card))); + + return ret; +} + static struct qeth_reply *qeth_alloc_reply(struct qeth_card *card) { struct qeth_reply *reply; @@ -1166,7 +1176,7 @@ static void qeth_irq(struct ccw_device * return; if (channel == &card->read && channel->state == CH_STATE_UP) - qeth_issue_next_read(card); + __qeth_issue_next_read(card); iob = channel->iob; index = channel->buf_no; Patches currently in stable-queue which might be from jwi(a)linux.vnet.ibm.com are queue-3.18/s390-qeth-when-thread-completes-wake-up-all-waiters.patch queue-3.18/s390-qeth-lock-read-device-while-queueing-next-buffer.patch queue-3.18/net-iucv-free-memory-obtained-by-kzalloc.patch queue-3.18/s390-qeth-on-channel-error-reject-further-cmd-requests.patch queue-3.18/s390-qeth-free-netdevice-when-removing-a-card.patch

7 years, 2 months

1
0
0 0

Patch "netlink: avoid a double skb free in genlmsg_mcast()" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netlink: avoid a double skb free in genlmsg_mcast() to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netlink-avoid-a-double-skb-free-in-genlmsg_mcast.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:53:48 CEST 2018 From: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Date: Wed, 14 Mar 2018 21:10:23 +0100 Subject: netlink: avoid a double skb free in genlmsg_mcast() From: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> [ Upstream commit 02a2385f37a7c6594c9d89b64c4a1451276f08eb ] nlmsg_multicast() consumes always the skb, thus the original skb must be freed only when this function is called with a clone. Fixes: cb9f7a9a5c96 ("netlink: ensure to loop over all netns in genlmsg_multicast_allns()") Reported-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/netlink/genetlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c @@ -1083,7 +1083,7 @@ static int genlmsg_mcast(struct sk_buff if (!err) delivered = true; else if (err != -ESRCH) - goto error; + return err; return delivered ? 0 : -ESRCH; error: kfree_skb(skb); Patches currently in stable-queue which might be from nicolas.dichtel(a)6wind.com are queue-3.18/netlink-avoid-a-double-skb-free-in-genlmsg_mcast.patch

7 years, 2 months

1
0
0 0

Patch "s390/qeth: free netdevice when removing a card" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled s390/qeth: free netdevice when removing a card to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: s390-qeth-free-netdevice-when-removing-a-card.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:33:08 CEST 2018 From: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Date: Tue, 20 Mar 2018 07:59:12 +0100 Subject: s390/qeth: free netdevice when removing a card From: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> [ Upstream commit 6be687395b3124f002a653c1a50b3260222b3cd7 ] On removal, a qeth card's netdevice is currently not properly freed because the call chain looks as follows: qeth_core_remove_device(card) lx_remove_device(card) unregister_netdev(card->dev) card->dev = NULL !!! qeth_core_free_card(card) if (card->dev) !!! free_netdev(card->dev) Fix it by free'ing the netdev straight after unregistering. This also fixes the sysfs-driven layer switch case (qeth_dev_layer2_store()), where the need to free the current netdevice was not considered at all. Note that free_netdev() takes care of the netif_napi_del() for us too. Fixes: 4a71df50047f ("qeth: new qeth device driver") Signed-off-by: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Reviewed-by: Ursula Braun <ubraun(a)linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/s390/net/qeth_core_main.c | 2 -- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- 3 files changed, 2 insertions(+), 4 deletions(-) --- a/drivers/s390/net/qeth_core_main.c +++ b/drivers/s390/net/qeth_core_main.c @@ -4937,8 +4937,6 @@ static void qeth_core_free_card(struct q QETH_DBF_HEX(SETUP, 2, &card, sizeof(void *)); qeth_clean_channel(&card->read); qeth_clean_channel(&card->write); - if (card->dev) - free_netdev(card->dev); kfree(card->ip_tbd_list); qeth_free_qdio_buffers(card); unregister_service_level(&card->qeth_service_level); --- a/drivers/s390/net/qeth_l2_main.c +++ b/drivers/s390/net/qeth_l2_main.c @@ -922,8 +922,8 @@ static void qeth_l2_remove_device(struct qeth_l2_set_offline(cgdev); if (card->dev) { - netif_napi_del(&card->napi); unregister_netdev(card->dev); + free_netdev(card->dev); card->dev = NULL; } return; --- a/drivers/s390/net/qeth_l3_main.c +++ b/drivers/s390/net/qeth_l3_main.c @@ -3333,8 +3333,8 @@ static void qeth_l3_remove_device(struct qeth_l3_set_offline(cgdev); if (card->dev) { - netif_napi_del(&card->napi); unregister_netdev(card->dev); + free_netdev(card->dev); card->dev = NULL; } Patches currently in stable-queue which might be from jwi(a)linux.vnet.ibm.com are queue-3.18/s390-qeth-when-thread-completes-wake-up-all-waiters.patch queue-3.18/s390-qeth-lock-read-device-while-queueing-next-buffer.patch queue-3.18/net-iucv-free-memory-obtained-by-kzalloc.patch queue-3.18/s390-qeth-on-channel-error-reject-further-cmd-requests.patch queue-3.18/s390-qeth-free-netdevice-when-removing-a-card.patch

7 years, 2 months

1
0
0 0

Patch "net/iucv: Free memory obtained by kzalloc" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/iucv: Free memory obtained by kzalloc to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-iucv-free-memory-obtained-by-kzalloc.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:53:48 CEST 2018 From: Arvind Yadav <arvind.yadav.cs(a)gmail.com> Date: Tue, 13 Mar 2018 16:50:06 +0100 Subject: net/iucv: Free memory obtained by kzalloc From: Arvind Yadav <arvind.yadav.cs(a)gmail.com> [ Upstream commit fa6a91e9b907231d2e38ea5ed89c537b3525df3d ] Free memory by calling put_device(), if afiucv_iucv_init is not successful. Signed-off-by: Arvind Yadav <arvind.yadav.cs(a)gmail.com> Reviewed-by: Cornelia Huck <cohuck(a)redhat.com> Signed-off-by: Ursula Braun <ursula.braun(a)de.ibm.com> Signed-off-by: Julian Wiedmann <jwi(a)linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/iucv/af_iucv.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c @@ -2383,9 +2383,11 @@ static int afiucv_iucv_init(void) af_iucv_dev->driver = &af_iucv_driver; err = device_register(af_iucv_dev); if (err) - goto out_driver; + goto out_iucv_dev; return 0; +out_iucv_dev: + put_device(af_iucv_dev); out_driver: driver_unregister(&af_iucv_driver); out_iucv: Patches currently in stable-queue which might be from arvind.yadav.cs(a)gmail.com are queue-3.18/net-iucv-free-memory-obtained-by-kzalloc.patch

7 years, 2 months

1
0
0 0

Patch "net: fec: Fix unbalanced PM runtime calls" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: fec: Fix unbalanced PM runtime calls to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-fec-fix-unbalanced-pm-runtime-calls.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:53:48 CEST 2018 From: Florian Fainelli <f.fainelli(a)gmail.com> Date: Sun, 18 Mar 2018 12:49:51 -0700 Subject: net: fec: Fix unbalanced PM runtime calls From: Florian Fainelli <f.fainelli(a)gmail.com> [ Upstream commit a069215cf5985f3aa1bba550264907d6bd05c5f7 ] When unbinding/removing the driver, we will run into the following warnings: [ 259.655198] fec 400d1000.ethernet: 400d1000.ethernet supply phy not found, using dummy regulator [ 259.665065] fec 400d1000.ethernet: Unbalanced pm_runtime_enable! [ 259.672770] fec 400d1000.ethernet (unnamed net_device) (uninitialized): Invalid MAC address: 00:00:00:00:00:00 [ 259.683062] fec 400d1000.ethernet (unnamed net_device) (uninitialized): Using random MAC address: f2:3e:93:b7:29:c1 [ 259.696239] libphy: fec_enet_mii_bus: probed Avoid these warnings by balancing the runtime PM calls during fec_drv_remove(). Signed-off-by: Florian Fainelli <f.fainelli(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/freescale/fec_main.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/net/ethernet/freescale/fec_main.c +++ b/drivers/net/ethernet/freescale/fec_main.c @@ -3339,6 +3339,8 @@ fec_drv_remove(struct platform_device *p if (fep->reg_phy) regulator_disable(fep->reg_phy); fec_enet_clk_enable(ndev, false); + pm_runtime_put(&pdev->dev); + pm_runtime_disable(&pdev->dev); of_node_put(fep->phy_node); free_netdev(ndev); Patches currently in stable-queue which might be from f.fainelli(a)gmail.com are queue-3.18/net-fec-fix-unbalanced-pm-runtime-calls.patch

7 years, 2 months

1
0
0 0

Patch "net: Only honor ifindex in IP_PKTINFO if non-0" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: Only honor ifindex in IP_PKTINFO if non-0 to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-only-honor-ifindex-in-ip_pktinfo-if-non-0.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:53:48 CEST 2018 From: David Ahern <dsahern(a)gmail.com> Date: Fri, 16 Feb 2018 11:03:03 -0800 Subject: net: Only honor ifindex in IP_PKTINFO if non-0 From: David Ahern <dsahern(a)gmail.com> [ Upstream commit 2cbb4ea7de167b02ffa63e9cdfdb07a7e7094615 ] Only allow ifindex from IP_PKTINFO to override SO_BINDTODEVICE settings if the index is actually set in the message. Signed-off-by: David Ahern <dsahern(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/ip_sockglue.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -206,7 +206,8 @@ int ip_cmsg_send(struct net *net, struct src_info = (struct in6_pktinfo *)CMSG_DATA(cmsg); if (!ipv6_addr_v4mapped(&src_info->ipi6_addr)) return -EINVAL; - ipc->oif = src_info->ipi6_ifindex; + if (src_info->ipi6_ifindex) + ipc->oif = src_info->ipi6_ifindex; ipc->addr = src_info->ipi6_addr.s6_addr32[3]; continue; } @@ -227,7 +228,8 @@ int ip_cmsg_send(struct net *net, struct if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct in_pktinfo))) return -EINVAL; info = (struct in_pktinfo *)CMSG_DATA(cmsg); - ipc->oif = info->ipi_ifindex; + if (info->ipi_ifindex) + ipc->oif = info->ipi_ifindex; ipc->addr = info->ipi_spec_dst.s_addr; break; } Patches currently in stable-queue which might be from dsahern(a)gmail.com are queue-3.18/net-only-honor-ifindex-in-ip_pktinfo-if-non-0.patch

7 years, 2 months

1
0
0 0

Patch "net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-ethernet-ti-cpsw-add-check-for-in-band-mode-setting-with-rgmii-phy-interface.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:53:48 CEST 2018 From: "SZ Lin (林上智)" <sz.lin(a)moxa.com> Date: Fri, 16 Mar 2018 00:56:01 +0800 Subject: net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface From: "SZ Lin (林上智)" <sz.lin(a)moxa.com> [ Upstream commit f9db50691db4a7d860fce985f080bb3fc23a7ede ] According to AM335x TRM[1] 14.3.6.2, AM437x TRM[2] 15.3.6.2 and DRA7 TRM[3] 24.11.4.8.7.3.3, in-band mode in EXT_EN(bit18) register is only available when PHY is configured in RGMII mode with 10Mbps speed. It will cause some networking issues without RGMII mode, such as carrier sense errors and low throughput. TI also mentioned this issue in their forum[4]. This patch adds the check mechanism for PHY interface with RGMII interface type, the in-band mode can only be set in RGMII mode with 10Mbps speed. References: [1]: https://www.ti.com/lit/ug/spruh73p/spruh73p.pdf [2]: http://www.ti.com/lit/ug/spruhl7h/spruhl7h.pdf [3]: http://www.ti.com/lit/ug/spruic2b/spruic2b.pdf [4]: https://e2e.ti.com/support/arm/sitara_arm/f/791/p/640765/2392155 Suggested-by: Holsety Chen (陳憲輝) <Holsety.Chen(a)moxa.com> Signed-off-by: SZ Lin (林上智) <sz.lin(a)moxa.com> Signed-off-by: Schuyler Patton <spatton(a)ti.com> Reviewed-by: Grygorii Strashko <grygorii.strashko(a)ti.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/ti/cpsw.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/net/ethernet/ti/cpsw.c +++ b/drivers/net/ethernet/ti/cpsw.c @@ -872,7 +872,8 @@ static void _cpsw_adjust_link(struct cps /* set speed_in input in case RMII mode is used in 100Mbps */ if (phy->speed == 100) mac_control |= BIT(15); - else if (phy->speed == 10) + /* in band mode only works in 10Mbps RGMII mode */ + else if ((phy->speed == 10) && phy_interface_is_rgmii(phy)) mac_control |= BIT(18); /* In Band mode */ if (priv->rx_pause) Patches currently in stable-queue which might be from sz.lin(a)moxa.com are queue-3.18/net-ethernet-ti-cpsw-add-check-for-in-band-mode-setting-with-rgmii-phy-interface.patch

7 years, 2 months

1
0
0 0

Patch "net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-ethernet-arc-fix-a-potential-memory-leak-if-an-optional-regulator-is-deferred.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:53:48 CEST 2018 From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Date: Sun, 18 Mar 2018 23:59:36 +0100 Subject: net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred From: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> [ Upstream commit 00777fac28ba3e126b9e63e789a613e8bd2cab25 ] If the optional regulator is deferred, we must release some resources. They will be re-allocated when the probe function will be called again. Fixes: 6eacf31139bf ("ethernet: arc: Add support for Rockchip SoC layer device tree bindings") Signed-off-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/arc/emac_rockchip.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/net/ethernet/arc/emac_rockchip.c +++ b/drivers/net/ethernet/arc/emac_rockchip.c @@ -150,8 +150,10 @@ static int emac_rockchip_probe(struct pl /* Optional regulator for PHY */ priv->regulator = devm_regulator_get_optional(dev, "phy"); if (IS_ERR(priv->regulator)) { - if (PTR_ERR(priv->regulator) == -EPROBE_DEFER) - return -EPROBE_DEFER; + if (PTR_ERR(priv->regulator) == -EPROBE_DEFER) { + err = -EPROBE_DEFER; + goto out_clk_disable; + } dev_err(dev, "no regulator found\n"); priv->regulator = NULL; } Patches currently in stable-queue which might be from christophe.jaillet(a)wanadoo.fr are queue-3.18/net-ethernet-arc-fix-a-potential-memory-leak-if-an-optional-regulator-is-deferred.patch

7 years, 2 months

1
0
0 0

Patch "l2tp: do not accept arbitrary sockets" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled l2tp: do not accept arbitrary sockets to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: l2tp-do-not-accept-arbitrary-sockets.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:53:48 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Tue, 6 Mar 2018 07:54:53 -0800 Subject: l2tp: do not accept arbitrary sockets From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 17cfe79a65f98abe535261856c5aef14f306dff7 ] syzkaller found an issue caused by lack of sufficient checks in l2tp_tunnel_create() RAW sockets can not be considered as UDP ones for instance. In another patch, we shall replace all pr_err() by less intrusive pr_debug() so that syzkaller can find other bugs faster. Acked-by: Guillaume Nault <g.nault(a)alphalink.fr> Acked-by: James Chapman <jchapman(a)katalix.com> ================================================================== BUG: KASAN: slab-out-of-bounds in setup_udp_tunnel_sock+0x3ee/0x5f0 net/ipv4/udp_tunnel.c:69 dst_release: dst:00000000d53d0d0f refcnt:-1 Write of size 1 at addr ffff8801d013b798 by task syz-executor3/6242 CPU: 1 PID: 6242 Comm: syz-executor3 Not tainted 4.16.0-rc2+ #253 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 print_address_description+0x73/0x250 mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report+0x23b/0x360 mm/kasan/report.c:412 __asan_report_store1_noabort+0x17/0x20 mm/kasan/report.c:435 setup_udp_tunnel_sock+0x3ee/0x5f0 net/ipv4/udp_tunnel.c:69 l2tp_tunnel_create+0x1354/0x17f0 net/l2tp/l2tp_core.c:1596 pppol2tp_connect+0x14b1/0x1dd0 net/l2tp/l2tp_ppp.c:707 SYSC_connect+0x213/0x4a0 net/socket.c:1640 SyS_connect+0x24/0x30 net/socket.c:1621 do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/l2tp/l2tp_core.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/net/l2tp/l2tp_core.c +++ b/net/l2tp/l2tp_core.c @@ -1517,9 +1517,14 @@ int l2tp_tunnel_create(struct net *net, encap = cfg->encap; /* Quick sanity checks */ + err = -EPROTONOSUPPORT; + if (sk->sk_type != SOCK_DGRAM) { + pr_debug("tunl %hu: fd %d wrong socket type\n", + tunnel_id, fd); + goto err; + } switch (encap) { case L2TP_ENCAPTYPE_UDP: - err = -EPROTONOSUPPORT; if (sk->sk_protocol != IPPROTO_UDP) { pr_err("tunl %hu: fd %d wrong protocol, got %d, expected %d\n", tunnel_id, fd, sk->sk_protocol, IPPROTO_UDP); @@ -1527,7 +1532,6 @@ int l2tp_tunnel_create(struct net *net, } break; case L2TP_ENCAPTYPE_IP: - err = -EPROTONOSUPPORT; if (sk->sk_protocol != IPPROTO_L2TP) { pr_err("tunl %hu: fd %d wrong protocol, got %d, expected %d\n", tunnel_id, fd, sk->sk_protocol, IPPROTO_L2TP); Patches currently in stable-queue which might be from edumazet(a)google.com are queue-3.18/ipv6-fix-access-to-non-linear-packet-in-ndisc_fill_redirect_hdr_option.patch queue-3.18/skbuff-fix-not-waking-applications-when-errors-are-enqueued.patch queue-3.18/l2tp-do-not-accept-arbitrary-sockets.patch

7 years, 2 months

1
0
0 0

Patch "ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option()" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipv6-fix-access-to-non-linear-packet-in-ndisc_fill_redirect_hdr_option.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:53:48 CEST 2018 From: Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> Date: Thu, 8 Mar 2018 17:00:02 +0100 Subject: ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() From: Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> [ Upstream commit 9f62c15f28b0d1d746734666d88a79f08ba1e43e ] Fix the following slab-out-of-bounds kasan report in ndisc_fill_redirect_hdr_option when the incoming ipv6 packet is not linear and the accessed data are not in the linear data region of orig_skb. [ 1503.122508] ================================================================== [ 1503.122832] BUG: KASAN: slab-out-of-bounds in ndisc_send_redirect+0x94e/0x990 [ 1503.123036] Read of size 1184 at addr ffff8800298ab6b0 by task netperf/1932 [ 1503.123220] CPU: 0 PID: 1932 Comm: netperf Not tainted 4.16.0-rc2+ #124 [ 1503.123347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.10.2-2.fc27 04/01/2014 [ 1503.123527] Call Trace: [ 1503.123579] <IRQ> [ 1503.123638] print_address_description+0x6e/0x280 [ 1503.123849] kasan_report+0x233/0x350 [ 1503.123946] memcpy+0x1f/0x50 [ 1503.124037] ndisc_send_redirect+0x94e/0x990 [ 1503.125150] ip6_forward+0x1242/0x13b0 [...] [ 1503.153890] Allocated by task 1932: [ 1503.153982] kasan_kmalloc+0x9f/0xd0 [ 1503.154074] __kmalloc_track_caller+0xb5/0x160 [ 1503.154198] __kmalloc_reserve.isra.41+0x24/0x70 [ 1503.154324] __alloc_skb+0x130/0x3e0 [ 1503.154415] sctp_packet_transmit+0x21a/0x1810 [ 1503.154533] sctp_outq_flush+0xc14/0x1db0 [ 1503.154624] sctp_do_sm+0x34e/0x2740 [ 1503.154715] sctp_primitive_SEND+0x57/0x70 [ 1503.154807] sctp_sendmsg+0xaa6/0x1b10 [ 1503.154897] sock_sendmsg+0x68/0x80 [ 1503.154987] ___sys_sendmsg+0x431/0x4b0 [ 1503.155078] __sys_sendmsg+0xa4/0x130 [ 1503.155168] do_syscall_64+0x171/0x3f0 [ 1503.155259] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1503.155436] Freed by task 1932: [ 1503.155527] __kasan_slab_free+0x134/0x180 [ 1503.155618] kfree+0xbc/0x180 [ 1503.155709] skb_release_data+0x27f/0x2c0 [ 1503.155800] consume_skb+0x94/0xe0 [ 1503.155889] sctp_chunk_put+0x1aa/0x1f0 [ 1503.155979] sctp_inq_pop+0x2f8/0x6e0 [ 1503.156070] sctp_assoc_bh_rcv+0x6a/0x230 [ 1503.156164] sctp_inq_push+0x117/0x150 [ 1503.156255] sctp_backlog_rcv+0xdf/0x4a0 [ 1503.156346] __release_sock+0x142/0x250 [ 1503.156436] release_sock+0x80/0x180 [ 1503.156526] sctp_sendmsg+0xbb0/0x1b10 [ 1503.156617] sock_sendmsg+0x68/0x80 [ 1503.156708] ___sys_sendmsg+0x431/0x4b0 [ 1503.156799] __sys_sendmsg+0xa4/0x130 [ 1503.156889] do_syscall_64+0x171/0x3f0 [ 1503.156980] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1503.157158] The buggy address belongs to the object at ffff8800298ab600 which belongs to the cache kmalloc-1024 of size 1024 [ 1503.157444] The buggy address is located 176 bytes inside of 1024-byte region [ffff8800298ab600, ffff8800298aba00) [ 1503.157702] The buggy address belongs to the page: [ 1503.157820] page:ffffea0000a62a00 count:1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0 [ 1503.158053] flags: 0x4000000000008100(slab|head) [ 1503.158171] raw: 4000000000008100 0000000000000000 0000000000000000 00000001800e000e [ 1503.158350] raw: dead000000000100 dead000000000200 ffff880036002600 0000000000000000 [ 1503.158523] page dumped because: kasan: bad access detected [ 1503.158698] Memory state around the buggy address: [ 1503.158816] ffff8800298ab900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1503.158988] ffff8800298ab980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1503.159165] >ffff8800298aba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1503.159338] ^ [ 1503.159436] ffff8800298aba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1503.159610] ffff8800298abb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1503.159785] ================================================================== [ 1503.159964] Disabling lock debugging due to kernel taint The test scenario to trigger the issue consists of 4 devices: - H0: data sender, connected to LAN0 - H1: data receiver, connected to LAN1 - GW0 and GW1: routers between LAN0 and LAN1. Both of them have an ethernet connection on LAN0 and LAN1 On H{0,1} set GW0 as default gateway while on GW0 set GW1 as next hop for data from LAN0 to LAN1. Moreover create an ip6ip6 tunnel between H0 and H1 and send 3 concurrent data streams (TCP/UDP/SCTP) from H0 to H1 through ip6ip6 tunnel (send buffer size is set to 16K). While data streams are active flush the route cache on HA multiple times. I have not been able to identify a given commit that introduced the issue since, using the reproducer described above, the kasan report has been triggered from 4.14 and I have not gone back further. Reported-by: Jianlin Shi <jishi(a)redhat.com> Reviewed-by: Stefano Brivio <sbrivio(a)redhat.com> Reviewed-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ndisc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/ipv6/ndisc.c +++ b/net/ipv6/ndisc.c @@ -1443,7 +1443,8 @@ static void ndisc_fill_redirect_hdr_opti *(opt++) = (rd_len >> 3); opt += 6; - memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8); + skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt, + rd_len - 8); } void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target) Patches currently in stable-queue which might be from lorenzo.bianconi(a)redhat.com are queue-3.18/ipv6-fix-access-to-non-linear-packet-in-ndisc_fill_redirect_hdr_option.patch

7 years, 2 months

1
0
0 0

Patch "dccp: check sk for closed state in dccp_sendmsg()" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dccp: check sk for closed state in dccp_sendmsg() to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dccp-check-sk-for-closed-state-in-dccp_sendmsg.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 29 08:53:48 CEST 2018 From: Alexey Kodanev <alexey.kodanev(a)oracle.com> Date: Tue, 6 Mar 2018 22:57:01 +0300 Subject: dccp: check sk for closed state in dccp_sendmsg() From: Alexey Kodanev <alexey.kodanev(a)oracle.com> [ Upstream commit 67f93df79aeefc3add4e4b31a752600f834236e2 ] dccp_disconnect() sets 'dp->dccps_hc_tx_ccid' tx handler to NULL, therefore if DCCP socket is disconnected and dccp_sendmsg() is called after it, it will cause a NULL pointer dereference in dccp_write_xmit(). This crash and the reproducer was reported by syzbot. Looks like it is reproduced if commit 69c64866ce07 ("dccp: CVE-2017-8824: use-after-free in DCCP code") is applied. Reported-by: syzbot+f99ab3887ab65d70f816(a)syzkaller.appspotmail.com Signed-off-by: Alexey Kodanev <alexey.kodanev(a)oracle.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/dccp/proto.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/net/dccp/proto.c +++ b/net/dccp/proto.c @@ -792,6 +792,11 @@ int dccp_sendmsg(struct kiocb *iocb, str if (skb == NULL) goto out_release; + if (sk->sk_state == DCCP_CLOSED) { + rc = -ENOTCONN; + goto out_discard; + } + skb_reserve(skb, sk->sk_prot->max_header); rc = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len); if (rc != 0) Patches currently in stable-queue which might be from alexey.kodanev(a)oracle.com are queue-3.18/dccp-check-sk-for-closed-state-in-dccp_sendmsg.patch

7 years, 2 months

1
0
0 0

[tip:perf/urgent] perf/hwbp: Simplify the perf-hwbp code, fix documentation

by tip-bot for Linus Torvalds

Commit-ID: f67b15037a7a50c57f72e69a6d59941ad90a0f0f Gitweb: https://git.kernel.org/tip/f67b15037a7a50c57f72e69a6d59941ad90a0f0f Author: Linus Torvalds <torvalds(a)linux-foundation.org> AuthorDate: Mon, 26 Mar 2018 15:39:07 -1000 Committer: Ingo Molnar <mingo(a)kernel.org> CommitDate: Wed, 28 Mar 2018 17:41:50 +0200 perf/hwbp: Simplify the perf-hwbp code, fix documentation Annoyingly, modify_user_hw_breakpoint() unnecessarily complicates the modification of a breakpoint - simplify it and remove the pointless local variables. Also update the stale Docbook while at it. Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Acked-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Cc: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Arnaldo Carvalho de Melo <acme(a)redhat.com> Cc: Frederic Weisbecker <fweisbec(a)gmail.com> Cc: Jiri Olsa <jolsa(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Stephane Eranian <eranian(a)google.com> Cc: Vince Weaver <vincent.weaver(a)maine.edu> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> --- kernel/events/hw_breakpoint.c | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) diff --git a/kernel/events/hw_breakpoint.c b/kernel/events/hw_breakpoint.c index 3f8cb1e14588..253ae2da13c3 100644 --- a/kernel/events/hw_breakpoint.c +++ b/kernel/events/hw_breakpoint.c @@ -427,16 +427,9 @@ EXPORT_SYMBOL_GPL(register_user_hw_breakpoint); * modify_user_hw_breakpoint - modify a user-space hardware breakpoint * @bp: the breakpoint structure to modify * @attr: new breakpoint attributes - * @triggered: callback to trigger when we hit the breakpoint - * @tsk: pointer to 'task_struct' of the process to which the address belongs */ int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *attr) { - u64 old_addr = bp->attr.bp_addr; - u64 old_len = bp->attr.bp_len; - int old_type = bp->attr.bp_type; - int err = 0; - /* * modify_user_hw_breakpoint can be invoked with IRQs disabled and hence it * will not be possible to raise IPIs that invoke __perf_event_disable. @@ -451,27 +444,18 @@ int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *att bp->attr.bp_addr = attr->bp_addr; bp->attr.bp_type = attr->bp_type; bp->attr.bp_len = attr->bp_len; + bp->attr.disabled = 1; - if (attr->disabled) - goto end; - - err = validate_hw_breakpoint(bp); - if (!err) - perf_event_enable(bp); + if (!attr->disabled) { + int err = validate_hw_breakpoint(bp); - if (err) { - bp->attr.bp_addr = old_addr; - bp->attr.bp_type = old_type; - bp->attr.bp_len = old_len; - if (!bp->attr.disabled) - perf_event_enable(bp); + if (err) + return err; - return err; + perf_event_enable(bp); + bp->attr.disabled = 0; } -end: - bp->attr.disabled = attr->disabled; - return 0; } EXPORT_SYMBOL_GPL(modify_user_hw_breakpoint);

7 years, 2 months

1
0
0 0

FAILED: patch "[PATCH] net: use skb_to_full_sk() in skb_update_prio()" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4dcb31d4649df36297296b819437709f5407059c Mon Sep 17 00:00:00 2001 From: Eric Dumazet <edumazet(a)google.com> Date: Wed, 14 Mar 2018 09:04:16 -0700 Subject: [PATCH] net: use skb_to_full_sk() in skb_update_prio() Andrei Vagin reported a KASAN: slab-out-of-bounds error in skb_update_prio() Since SYNACK might be attached to a request socket, we need to get back to the listener socket. Since this listener is manipulated without locks, add const qualifiers to sock_cgroup_prioidx() so that the const can also be used in skb_update_prio() Also add the const qualifier to sock_cgroup_classid() for consistency. Fixes: ca6fb0651883 ("tcp: attach SYNACK messages to request sockets instead of listener") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: Andrei Vagin <avagin(a)virtuozzo.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/include/linux/cgroup-defs.h b/include/linux/cgroup-defs.h index 9f242b876fde..f8e76d01a5ad 100644 --- a/include/linux/cgroup-defs.h +++ b/include/linux/cgroup-defs.h @@ -755,13 +755,13 @@ struct sock_cgroup_data { * updaters and return part of the previous pointer as the prioidx or * classid. Such races are short-lived and the result isn't critical. */ -static inline u16 sock_cgroup_prioidx(struct sock_cgroup_data *skcd) +static inline u16 sock_cgroup_prioidx(const struct sock_cgroup_data *skcd) { /* fallback to 1 which is always the ID of the root cgroup */ return (skcd->is_data & 1) ? skcd->prioidx : 1; } -static inline u32 sock_cgroup_classid(struct sock_cgroup_data *skcd) +static inline u32 sock_cgroup_classid(const struct sock_cgroup_data *skcd) { /* fallback to 0 which is the unconfigured default classid */ return (skcd->is_data & 1) ? skcd->classid : 0; diff --git a/net/core/dev.c b/net/core/dev.c index 2cedf520cb28..12be20535714 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -3278,15 +3278,23 @@ static inline int __dev_xmit_skb(struct sk_buff *skb, struct Qdisc *q, #if IS_ENABLED(CONFIG_CGROUP_NET_PRIO) static void skb_update_prio(struct sk_buff *skb) { - struct netprio_map *map = rcu_dereference_bh(skb->dev->priomap); + const struct netprio_map *map; + const struct sock *sk; + unsigned int prioidx; - if (!skb->priority && skb->sk && map) { - unsigned int prioidx = - sock_cgroup_prioidx(&skb->sk->sk_cgrp_data); + if (skb->priority) + return; + map = rcu_dereference_bh(skb->dev->priomap); + if (!map) + return; + sk = skb_to_full_sk(skb); + if (!sk) + return; - if (prioidx < map->priomap_len) - skb->priority = map->priomap[prioidx]; - } + prioidx = sock_cgroup_prioidx(&sk->sk_cgrp_data); + + if (prioidx < map->priomap_len) + skb->priority = map->priomap[prioidx]; } #else #define skb_update_prio(skb)

7 years, 2 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror