December 2018 - Linux-stable-mirror

[PATCH V2] SCSI: fix queue cleanup race before queue initialization is done

by Ming Lei

c2856ae2f315d ("blk-mq: quiesce queue before freeing queue") has already fixed this race, however the implied synchronize_rcu() in blk_mq_quiesce_queue() can slow down LUN probe a lot, so caused performance regression. Then 1311326cf4755c7 ("blk-mq: avoid to synchronize rcu inside blk_cleanup_queue()") tried to quiesce queue for avoiding unnecessary synchronize_rcu() only when queue initialization is done, because it is usual to see lots of inexistent LUNs which need to be probed. However, turns out it isn't safe to quiesce queue only when queue initialization is done. Because when one SCSI command is completed, the user of sending command can be waken up immediately, then the scsi device may be removed, meantime the run queue in scsi_end_request() is still in-progress, so kernel panic can be caused. In Red Hat QE lab, there are several reports about this kind of kernel panic triggered during kernel booting. This patch tries to address the issue by grabing one queue usage counter during freeing one request and the following run queue. Fixes: 1311326cf4755c7 ("blk-mq: avoid to synchronize rcu inside blk_cleanup_queue()") Cc: Andrew Jones <drjones(a)redhat.com> Cc: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: linux-scsi(a)vger.kernel.org Cc: Martin K. Petersen <martin.petersen(a)oracle.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: James E.J. Bottomley <jejb(a)linux.vnet.ibm.com> Cc: stable <stable(a)vger.kernel.org> Cc: jianchao.wang <jianchao.w.wang(a)oracle.com> Signed-off-by: Ming Lei <ming.lei(a)redhat.com> --- block/blk-core.c | 5 ++--- drivers/scsi/scsi_lib.c | 8 ++++++++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/block/blk-core.c b/block/blk-core.c index ce12515f9b9b..deb56932f8c4 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -798,9 +798,8 @@ void blk_cleanup_queue(struct request_queue *q) * dispatch may still be in-progress since we dispatch requests * from more than one contexts. * - * No need to quiesce queue if it isn't initialized yet since - * blk_freeze_queue() should be enough for cases of passthrough - * request. + * We rely on driver to deal with the race in case that queue + * initialization isn't done. */ if (q->mq_ops && blk_queue_init_done(q)) blk_mq_quiesce_queue(q); diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index c7fccbb8f554..fa6e0c3b3aa6 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -697,6 +697,12 @@ static bool scsi_end_request(struct request *req, blk_status_t error, */ scsi_mq_uninit_cmd(cmd); + /* + * queue is still alive, so grab the ref for preventing it + * from being cleaned up during running queue. + */ + percpu_ref_get(&q->q_usage_counter); + __blk_mq_end_request(req, error); if (scsi_target(sdev)->single_lun || @@ -704,6 +710,8 @@ static bool scsi_end_request(struct request *req, blk_status_t error, kblockd_schedule_work(&sdev->requeue_work); else blk_mq_run_hw_queues(q, true); + + percpu_ref_put(&q->q_usage_counter); } else { unsigned long flags; -- 2.9.5

5 years

6
15
0 0

[PATCH 3.16 000/366] 3.16.60-rc1 review

by Ben Hutchings

This is the start of the stable review cycle for the 3.16.60 release. There are 366 patches in this series, which will be posted as responses to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Oct 19 17:00:00 UTC 2018. Anything received after that time might be too late. All the patches have also been committed to the linux-3.16.y-rc branch of https://git.kernel.org/pub/scm/linux/kernel/git/bwh/linux-stable-rc.git . A shortlog and diffstat can be found below. Ben. ------------- Aaron Ma (2): HID: core: Fix size as type u32 [6de0b13cc0b4ba10e98a9263d7a83b940720b77a] HID: i2c-hid: fix size check and type usage [ac75a041048b8c1f7418e27621ca5efda8571043] Al Viro (12): Don't leak MNT_INTERNAL away from internal mounts [16a34adb9392b2fe4195267475ab5b472e55292c] affs_lookup(): close a race with affs_remove_link() [30da870ce4a4e007c901858a96e9e394a1daa74a] aio: fix io_destroy(2) vs. lookup_ioctx() race [baf10564fbb66ea222cae66fbff11c444590ffd9] do d_instantiate/unlock_new_inode combinations safely [1e2e547a93a00ebc21582c06ca3c6cfea2a309ee] ext2: fix a block leak [5aa1437d2d9a068c0334bd7c9dafa8ec4f97f13b] fix io_destroy()/aio_complete() race [4faa99965e027cc057c5145ce45fa772caa04e8d] hypfs_kill_super(): deal with failed allocations [a24cd490739586a7d2da3549a1844e1d7c4f4fc4] jffs2_kill_sb(): deal with failed allocations [c66b23c2840446a82c389e4cb1a12eb2a71fa2e4] rpc_pipefs: fix double-dput() [4a3877c4cedd95543f8726b0a98743ed8db0c0fb] udf: fix the udf_iget() vs. udf_new_inode() races [b231509616feb911c2a7a8814d58c0014ef5b17f] udf: merge the pieces inserting a new non-directory object into directory [d2be51cb34dc501791f3b8c01a99a3f2064bd8d1] ufs: deal with nfsd/iget races [e4502c63f56aeca887ced37f24e0def1ef11cec8] Alan Cox (1): tty: handle the case where we cannot restore a line discipline [8a8dabf2dd68caff842d38057097c23bc514ea6e] Alan Stern (1): USB: Accept bulk endpoints with 1024-byte maxpacket [fb5ee84ea72c5f1b6cabdd1c9d6e8648995ca7c6] Alex Smith (1): mmc: jz4740: Fix race condition in IRQ mask update [a04f0017c22453613d5f423326b190c61e3b4f98] Alexander Gerasiov (1): parport_pc: Add support for WCH CH382L PCI-E single parallel port card. [823f7923833c6cc2b16e601546d607dcfb368004] Alexey Khoroshilov (2): vmxnet3: avoid assumption about invalid dma_pa in vmxnet3_set_mc() [fb5c6cfaec126d9a96b9dd471d4711bf4c737a6f] vmxnet3: fix checks for dma mapping errors [5738a09d58d5ad2871f1f9a42bf6a3aa9ece5b3c] Amir Goldstein (1): fanotify: fix logic of events on child [54a307ba8d3cd00a3902337ffaae28f436eeb1a4] Andrew Morton (1): fs/reiserfs/journal.c: add missing resierfs_warning() arg [9ad553abe66f8be3f4755e9fa0a6ba137ce76341] Andrey Ignatov (1): ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg [1b97013bfb11d66f041de691de6f0fec748ce016] Andy King (1): VMXNET3: Check for map error in vmxnet3_set_mc [4ad9a64f53c619969dede1143d56ccda1a453c39] Aneesh Kumar K.V (1): powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb [6fa504835d6969144b2bd3699684dd447c789ba2] Ard Biesheuvel (1): efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode [0b3225ab9407f557a8e20f23f37aa7236c10a9b1] Arnaldo Carvalho de Melo (1): perf top: Document --ignore-vmlinux [a8403912d04e2c8271653bb5b7f6294dc6d322ac] Arnd Bergmann (1): media: s3c-camif: fix out-of-bounds array access [a398e043637a4819a0e96467bfecaabf3224dd62] Bai Ping (1): thermal: imx: register irq handler later in probe [84866ee5818e95f6e97194656777c10ac24cb9d3] Bart Van Assche (1): IB/srp: Fix srp_abort() [e68088e78d82920632eba112b968e49d588d02a2] Ben Hutchings (4): ALSA: timer: Fix pause event notification [3ae180972564846e6d794e3615e1ab0a1e6c4ef9] drm/msm: Fix possible null dereference on failure of get_pages() [3976626ea3d2011f8fd3f3a47070a8b792018253] ppp: Fix null pointer dereference on registration failure [96d934c70db6e1bc135600c57da1285eaf7efb26] scsi: qla2xxx: Avoid double completion of abort command [3a9910d7b686546dcc9986e790af17e148f1c888] Bharat Potnuri (1): iw_cxgb4: Atomically flush per QP HW CQEs [2df19e19ae90d94fd8724083f161f368a2797537] Bin Liu (1): usb: musb: host: fix potential NULL pointer dereference [2b63f1329df2cd814c1f8353fae4853ace6521d1] Bjorn Helgaas (1): drm/radeon: make MacBook Pro d3_delay quirk more generic [5938628c51a711ae2169d68b2e3a4f7d93d4dbea] Bjørn Mork (1): qmi_wwan: do not steal interfaces from class drivers [5697db4a696c41601a1d15c1922150b4dbf5726c] Brad Volkin (1): drm/i915: Log a message when rejecting LRM to OACONTROL [00caf0199f66871b0e2c28d7c2079de0ce1d646c] Bryan O'Donoghue (1): rtc: snvs: Fix usage of snvs_rtc_enable [1485991c024603b2fb4ae77beb7a0d741128a48e] Chao Yu (2): f2fs: reposition unlock_new_inode to prevent accessing invalid inode [b73e52824c8920a5ff754e3c8ff68466a7dd61f9] udf: avoid unneeded up_write when fail to add entry in ->symlink [85cd083b498572fb9fa575cce3ed910c8ee84294] Charles Keepax (2): regmap: Correct offset handling in regmap_volatile_range [b8f9a03b741ddfdde4aa8b607fa7d88eb63a6338] regmap: Don't use format_val in regmap_bulk_read [9ae27a8d1f3ebff09191fb8cb1341414547293b2] Chris Mason (1): Btrfs: use insert_inode_locked4 for inode creation [b0d5d10f41a0f1cd839408dd94427f2db3553bca] Chris Metcalf (3): Make asm/word-at-a-time.h available on all architectures [a6e2f029ae34f41adb6ae3812c32c5d326e1abd2] string: provide strscpy() [30035e45753b708e7d47a98398500ca005e02b86] word-at-a-time.h: fix some Kbuild files [19c22f3a29fa8669c477f20a65f6c7c27108972a] Clemens Werther (1): USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator [6555ad13a01952c16485c82a52ad1f3e07e34b3a] Colin Ian King (5): KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" [ba3696e94d9d590d9a7e55f68e81c25dba515191] RDMA/iwpm: fix memory leak on map_info [f96416cea7bce9afe619c15e87fced70f93f9098] media: cx25821: prevent out-of-bounds read on array card [67300abdbe9f1717532aaf4e037222762716d0f6] rtc: tx4939: avoid unintended sign extension on a 24 bit shift [347876ad47b9923ce26e686173bbf46581802ffa] staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr [e1a7418529e33bc4efc346324557251a16a3e79b] Collin May (1): USB: serial: simple: add libtransistor console [fe710508b6ba9d28730f3021fed70e7043433b2e] Cong Wang (2): llc: fix NULL pointer deref for SOCK_ZAPPED [3a04ce7130a7e5dad4e78d45d50313747f8c830f] llc: hold llc_sap before release_sock() [f7e43672683b097bb074a8fe7af9bc600a23f231] Dan Carpenter (2): net: ethernet: davinci_emac: fix error handling in probe() [8005b09d99fac78e6f5fb9da30b5ae94840af03b] xen/acpi: off by one in read_acpi_id() [c37a3c94775855567b90f91775b9691e10bd2806] Daniel Borkmann (1): bpf, x64: fix memleak when not converging after image [3aab8884c9eb99189a3569ac4e6b205371c9ac0b] Danilo Krummrich (1): fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table [a0b0d1c345d0317efe594df268feb5ccc99f651e] Danit Goldberg (1): IB/mlx5: Use unlimited rate when static rate is not supported [4f32ac2e452c2180cd2df581cbadac183e27ecd0] Dave Airlie (1): drm: set FMODE_UNSIGNED_OFFSET for drm files [76ef6b28ea4f81c3d511866a9b31392caa833126] David Henningsson (1): ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr [f853dcaae2f5bbe021161e421bd1576845bae8f6] David Howells (1): afs: Fix directory permissions check [378831e4daec75fbba6d3612bcf3b4dd00ddbf08] David Lechner (1): pinctrl: pinctrl-single: Fix pcs_request_gpio() when bits_per_mux != 0 [45dcb54f014d3d1f5cc3919b5f0c97087d7cb3dd] Davidlohr Bueso (5): Revert "ipc/shm: Fix shmat mmap nil-page protection" [a73ab244f0dad8fffb3291b905f73e2d3eaa7c00] ipc,shm: move BUG_ON check into shm_lock [c5c8975b2eb4eb7604e8ce4f762987f56d2a96a2] ipc/sem: make semctl setting sempid consistent [a5f4db877177d2a3d7ae62a7bac3a5a27e083d7f] ipc/shm: fix shmat() nil address after round-down when remapping [8f89c007b6dec16a1793cb88de88fcc02117bbbc] ipc: convert invalid scenarios to use WARN_ON [d0edd8528362c07216498340e928159510595e7b] Dennis Wassenberg (1): Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list [b56af54ac78c54a519d82813836f305d7f76ef27] Dexuan Cui (1): tick/broadcast: Use for_each_cpu() specially on UP kernels [5596fe34495cf0f645f417eb928ef224df3e3cb4] Dmitry Safonov (1): tracing/uprobe: Drop isdigit() check in create_trace_uprobe [5ba8a4a96f6eaa6af88e24c7794f142217aa3b6f] Dou Liyang (1): x86/acpi: Prevent X2APIC id 0xffffffff from being accounted [10daf10ab154e31237a8c07242be3063fb6a9bf4] Eliot Blennerhassett (1): ALSA: asihpi: used parts of message/response are zeroed before use [51e6f47dd2e3463dac6f37128fd7b7cb40c500de] Eric Biggers (5): KEYS: DNS: limit the length of option strings [9c438d7a3a52dcc2b9ed095cb87d3a5e83cf7e60] crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one [8f461b1e02ed546fbd0f11611138da67fd85a30f] ext4: correctly detect when an xattr value has an invalid size [d7614cc16146e3f0b4c33e71875c19607602aed5] ipc/shm: fix use-after-free of shm file via remap_file_pages() [3f05317d9889ab75c7190dcd39491d2a97921984] ppp: remove the PPPIOCDETACH ioctl [af8d3c7c001ae7df1ed2b2715f058113efc86187] Eric Dumazet (21): crypto: af_alg - fix possible uninit-value in alg_bind() [a466856e0b7ab269cdf9461886d007e88ff575b0] dccp: fix tasklet usage [a8d7aa17bbc970971ccdf71988ea19230ab368b1] ip6_gre: better validate user provided tunnel names [5f42df013b8bc1b6511af7a04bf93b014884ae2a] ip6_tunnel: better validate user provided tunnel names [db7a65e3ab78e5b1c4b17c0870ebee35a4ee3257] ip_tunnel: better validate user provided tunnel names [9cb726a212a82c88c98aa9f0037fd04777cd8fe5] ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy [aa8f8778493c85fff480cdf8b349b1e1dcb5f243] ipv6: sit: better validate user provided tunnel names [b95211e066fc3494b7c115060b2297b4ba21f025] llc: better deal with too small mtu [2c5d5b13c6eb79f5677e206b8aad59b3a2097f60] net: af_packet: fix race in PACKET_{R|T}X_RING [5171b37d959641bbc619781caf62e61f7b940871] net: fix rtnh_ok() [b1993a2de12c9e75c35729e2ffbc3a92d50c0d31] net: fix uninit-value in __hw_addr_add_ex() [77d36398d99f2565c0a8d43a86fd520a82e64bb8] net: initialize skb->peeked when cloning [b13dda9f9aa7caceeee61c080c2e544d5f5d85e5] net_sched: fq: take care of throttled flows before reuse [7df40c2673a1307c3260aab6f9d4b9bf97ca8fd7] netlink: fix uninit-value in netlink_sendmsg [6091f09c2f79730d895149bcfe3d66140288cd0e] sctp: do not leak kernel memory to user space [6780db244d6b1537d139dea0ec8aad10cf9e4adb] soreuseport: initialise timewait reuseport field [3099a52918937ab86ec47038ad80d377ba16c531] tcp: fix TCP_REPAIR_QUEUE bound checking [bf2acc943a45d2b2e8a9f1a5ddff6b6e43cc69d9] tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets [7212303268918b9a203aebeacfdbd83b5e87b20d] tcp: purge write queue in tcp_connect_init() [7f582b248d0a86bae5788c548d7bb5bca6f7691a] vti6: better validate user provided tunnel names [537b361fbcbcc3cd6fe2bb47069fd292b9256d16] xfrm6: avoid potential infinite loop in _decode_session6() [d9f92772e8ec388d070752ee8f187ef8fa18621f] Eric W. Biederman (4): ipc/msg: Fix msgctl(..., IPC_STAT, ...) between pid namespaces [39a4940eaa185910bb802ca9829c12268fd2c855] ipc/sem: Fix semctl(..., GETPID, ...) between pid namespaces [51d6f2635b39709ee5e62479be23d423b760292c] ipc/shm: Fix shmctl(..., IPC_STAT, ...) between pid namespaces. [98f929b1bd4d0b7c7a77d0d9776d1b924db2e454] ipc/util: Helpers for making the sysvipc operations pid namespace aware [03f1fc09180b345582889a344b012d069b3a6dbe] Eryu Guan (1): ext4: protect i_disksize update by i_data_sem in direct write path [73fdad00b208b139cf43f3163fbc0f67e4c6047c] Fabián Inostroza (1): ALSA: line6: Use correct endpoint type for midi output [7ecb46e9ee9af18e304eb9e7d6804c59a408e846] Federico Cuello (1): ALSA: usb: mixer: volume quirk for CM102-A+/102S+ [21493316a3c4598f308d5a9fa31cc74639c4caff] Filipe Manana (3): Btrfs: don't leave dangling dentry if symlink creation failed [d50866d00fb39fcf72307001763ee9cc92625a43] Btrfs: ensure tmpfile inode is always persisted with link count of 0 [5762b5c958abbecb7fb9f4596a6476d1ce91ecf6] Btrfs: fix copy_items() return value when logging an inode [8434ec46c6e3232cebc25a910363b29f5c617820] Florent Flament (1): drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log [280b54ade5914d3b4abe4f0ebe083ddbd4603246] Florian Fainelli (2): net: bcmgenet: Fix sparse warnings in bcmgenet_put_tx_csum() [6f89421180f15867dc1472d9edf68f82b0ed5ee6] net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb() [c0eb05585d4184596453622b5abba7d13dd20667] Florian Westphal (1): netfilter: nf_tables: can't fail after linking rule into active rule list [569ccae68b38654f04b6842b034aa33857f605fe] Francisco Jerez (1): drm/i915: Fix command parser to validate multiple register access with the same command. [6a65c5b9326c9dd391afb1b3df75cbedffbaccdb] Geert Uytterhoeven (6): serial: arc_uart: Fix out-of-bounds access through DT alias [f9f5786987e81d166c60833edcb7d1836aa16944] serial: fsl_lpuart: Fix out-of-bounds access through DT alias [ffab87fdecc655cc676f8be8dd1a2c5e22bd6d47] serial: imx: Fix out-of-bounds access through serial port index [5673444821406dda5fc25e4b52aca419f8065a19] serial: mxs-auart: Fix out-of-bounds access through serial port index [dd345a31bfdec350d2593e6de5964e55c7f19c76] serial: pxa: Fix out-of-bounds access through serial port index [afc7851fab8329eddcf321c9e0a58c893f351dd6] serial: xuartps: Fix out-of-bounds access through DT alias [e7d75e18d0fc3f7193b65282b651f980c778d935] Govindarajulu Varadarajan (1): enic: set DMA mask to 47 bit [322eaa06d55ebc1402a4a8d140945cff536638b4] Greg Kroah-Hartman (1): USB: serial: visor: handle potential invalid device configuration [4842ed5bfcb9daf6660537d70503c18d38dbdbb8] Guenter Roeck (4): hwmon: (nct6683) Enable EC access if disabled at boot [dbac00f0cf634120d77edee10d25e3f6899d7636] hwmon: (nct6775) Fix writing pwmX_mode [415eb2a1aaa4881cf85bd86c683356fdd8094a23] hwmon: (pmbus/adm1275) Accept negative page register values [ecb29abd4cb0670c616fb563a078f25d777ce530] hwmon: (pmbus/max8688) Accept negative page register values [a46f8cd696624ef757be0311eb28f119c36778e8] Guillaume Nault (12): l2tp: check sockaddr length in pppol2tp_connect() [eb1c28c05894a4b1f6b56c5bf072205e64cfa280] l2tp: fix race in duplicate tunnel detection [f6cd651b056ffd3b4e8496afd44d4ed44bf69136] l2tp: fix races in tunnel creation [6b9f34239b00e6956a267abed2bc559ede556ad6] l2tp: fix {pppol2tp, l2tp_dfs}_seq_stop() in case of seq_file overflow [5411b6187adf62909e3b998ac782e722904c7487] l2tp: hold reference on tunnels in netlink dumps [5846c131c39b6d0add36ec19dc8650700690f930] l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs file [f726214d9b23e5fce8c11937577a289a3202498f] l2tp: hold reference on tunnels printed in pppol2tp proc file [0e0c3fee3a59a387aeecc4fca6f3a2e9615a5443] ppp: fix device unregistration upon netns deletion [8cb775bc0a34dc596837e7da03fd22c747be618b] ppp: fix lockdep splat in ppp_dev_uninit() [58a89ecaca53736aa465170530acea4f8be34ab4] ppp: fix race in ppp device destruction [6151b8b37b119e8e3a8401b080d532520c95faf4] ppp: unlock all_ppp_mutex before registering device [0171c41835591e9aa2e384b703ef9a6ae367c610] pppoe: check sockaddr length in pppoe_connect() [a49e2f5d5fb141884452ddb428f551b123d436b5] Gustavo A. R. Silva (3): atm: zatm: Fix potential Spectre v1 [2be147f7459db5bbf292e0a6f135037b55e20b39] kernel/sys.c: fix potential Spectre v1 issue [23d6aef74da86a33fa6bb75f79565e0a16ee97c2] net: atm: Fix potential Spectre v1 [acf784bd0ce257fe43da7ca266f7a10b837479d2] Hans de Goede (1): libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs [184add2ca23ce5edcac0ab9c3b9be13f91e7b567] Heinrich Schuchardt (1): usb: musb: gadget: misplaced out of bounds check [af6f8529098aeb0e56a68671b450cf74e7a64fcd] Helge Deller (2): parisc: Fix HPMC handler by increasing size to multiple of 16 bytes [d5654e156bc4d68a87bbaa6d7e020baceddf6e68] parisc: Fix out of array access in match_pci_device() [615b2665fd20c327b631ff1e79426775de748094] Hendrik Brueckner (1): s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero [4bbaf2584b86b0772413edeac22ff448f36351b1] Herbert Xu (1): crypto: ahash - Fix early termination in hash walk [900a081f6912a8985dc15380ec912752cb66025a] Himanshu.Madhani(a)Cavium.Com (1): scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS [1514839b366417934e2f1328edb50ed1e8a719f5] Hpreg(a)Vmware.Com (1): vmxnet3: set the DMA mask before the first DMA map operation [61aeecea40afb2b89933e27cd4adb10fc2e75cfd] Huacai Chen (1): zboot: fix stack protector in compressed boot phase [7bbaf27d9c83037b6e60a818e57bdbedf6bc15be] Ian Kent (1): autofs: mount point create should honour passed in mode [1e6306652ba18723015d1b4967fe9de55f042499] Igor Pylypiv (1): watchdog: f71808e_wdt: Fix WD_EN register read [977f6f68331f94bb72ad84ee96b7b87ce737d89d] Ilya Dryomov (1): libceph: validate con->state at the top of try_write() [9c55ad1c214d9f8c4594ac2c3fa392c1c32431a7] Ivan Khoronzhuk (1): net: ethernet: ti: cpdma: correct error handling for chan create [8a83c5d7969b8433584e3cf658a8d76c4dc37f4d] Jack Morgenstein (1): net/mlx4: Fix irq-unsafe spinlock usage [d546b67cda015fb92bfee93d5dc0ceadb91deaee] Jaegeuk Kim (2): f2fs: call f2fs_unlock_op after error was handled [44c16156512f33c81e382a1e1df9524e26a7026a] f2fs: go out for insert_inode_locked failure [a21c20f0c812925085204fced932ac95f2a76bf0] James Kelly (1): ASoC: ssm2602: Replace reg_default_raw with reg_default [a01df75ce737951ad13a08d101306e88c3f57cb2] Jan Kara (3): bdi: Fix oops in wb_workfn() [b8b784958eccbf8f51ebeee65282ca3fd59ea391] ufs: Fix possible deadlock when looking up directories [514d748f69c97a51a2645eb198ac5c6218f22ff9] ufs: Fix warning from unlock_new_inode() [12ecbb4b1d765a5076920999298d9625439dbe58] Jann Horn (1): tcp: don't read out-of-bounds opsize [7e5a206ab686f098367b61aca989f5cdfa8114a3] Jason Andryuk (1): HID: i2c-hid: Fix "incomplete report" noise [ef6eaf27274c0351f7059163918f3795da13199c] Jeff Moyer (1): block_invalidatepage(): only release page if the full page was invalidated [3172485f4f8032649c144e4aafa550e1e6179332] Jens Remus (1): scsi: zfcp: fix infinite iteration on ERP ready list [fa89adba1941e4f3b213399b81732a5c12fd9131] Jerome Brunet (1): clk: fix mux clock documentation [fe3f338f0cb2ed4d4f06da054c21ae2f8a36ef2d] Jimmy Assarsson (1): can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() [6ee00865ffe4e8c8ba4a68d26db53c7ec09bbb89] Jiri Olsa (1): perf record: Put new line after target override warning [c3dec27b7f70a9ad5f777d943d51ecdfcd9824d0] Joakim Tjernlund (3): mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block. [6510bbc88e3258631831ade49033537081950605] mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug. [46a16a2283f9e678a4e26829175e0c37a5191860] mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block. [7b70eb14392a7cf505f9b358d06c33b5af73d1e7] Joe Jin (1): xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent [4855c92dbb7b3b85c23e88ab7ca04f99b9677b41] Joerg Roedel (1): x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y [d6ef1f194b7569af8b8397876dc9ab07649d63cb] Johan Hovold (2): USB: serial: cp210x: add ELDAT Easywave RX09 id [1f1e82f74c0947e40144688c9e36abe4b3999f49] rfkill: gpio: fix memory leak in probe error path [4bf01ca21e2e0e4561d1a03c48c3d740418702db] Jonathan Neuschäfer (1): net: core: dst: Add kernel-doc for 'net' parameter [8eb1a8590f5ca114fabf16ebb26a4bce0255ace9] Julian Anastasov (3): ipv4: fix fnhe usage by non-cached routes [94720e3aee6884d8c8beb678001629da60ec6366] ipvs: fix buffer overflow with sync daemon and service [52f96757905bbf0edef47f3ee6c7c784e7f8ff8a] ipvs: fix stats update from local clients [d5e032fc5697b6c0d6b4958bcacb981a08f8174e] Julian Wiedmann (5): s390/qdio: don't merge ERROR output buffers [0cf1e05157b9e5530dcc3ca9fec9bf617fc93375] s390/qdio: don't release memory in qdio_setup_irq() [2e68adcd2fb21b7188ba449f0fab3bee2910e500] s390/qdio: don't retry EQBS after CCQ 96 [dae55b6fef58530c13df074bcc182c096609339e] s390/qdio: fix access to uninitialized qdio_q fields [e521813468f786271a87e78e8644243bead48fad] s390/qeth: handle failure on workqueue creation [a936b1ef37ce1e996533878f4b23944f9444dcdf] Kai-Heng Feng (2): sky2: Increase D3 delay to sky2 stops working after suspend [afb133637071be6deeb8b3d0e55593ffbf63c527] xhci: Fix USB ports for Dell Inspiron 5775 [621faf4f6a181b6e012c1d1865213f36f4159b7f] Kamil Lulko (1): usb: core: Add quirk for HP v222w 16GB Mini [3180dabe08e3653bf0a838553905d88f3773f29c] Kenny Yu (1): uprobe: Find last occurrence of ':' when parsing uprobe PATH:OFFSET [6496bb72bf20c1c7e4d6be44dfa663163e709116] Kirill A. Shutemov (1): ipc/shm: handle removed segments gracefully in shm_mmap() [1ac0b6dec656f3f78d1c3dd216fad84cb4d0a01e] Krzysztof Mazur (1): um: Use POSIX ucontext_t instead of struct ucontext [4d1a535b8ec5e74b42dfd9dc809142653b2597f6] Kyle Roeschley (1): USB: serial: cp210x: add ID for NI USB serial console [1e23aace21515a8f7615a1de016c0ea8d4e0cc6e] Lance Richardson (1): net: support compat 64-bit time in {s,g}etsockopt [988bf7243e03ef69238381594e0334a79cef74a6] Leon Romanovsky (1): RDMA/mlx5: Protect from shift operand overflow [002bf2282b2d7318e444dca9ffcb994afc5d5f15] Leonard Crestez (1): crypto: arm,arm64 - Fix random regeneration of S_shipped [6aaf49b495b446ff6eec0ac983f781ca0dc56a73] Li RongQing (1): x86/apic: Fix signedness bug in APIC ID validity checks [a774635db5c430cbf21fa5d2f2df3d23aaa8e782] Linus Lüssing (1): batman-adv: Fix TT sync flags for intermediate TT responses [7072337e52b3e9d5460500d8dc9cbc1ba2db084c] Linus Torvalds (3): give up on gcc ilog2() constant optimizations [474c90156c8dcc2fa815e6716cc9394d7930cb9c] mmap: introduce sane default mmap limits [be83bbf806822b1b89e0a0f23cd87cddc409e429] mmap: relax file size limit for regular files [423913ad4ae5b3e8fb8983f70969fb522261ba26] Liu Bo (3): Btrfs: bail out on error during replay_dir_deletes [b98def7ca6e152ee55e36863dddf6f41f12d1dc6] Btrfs: fix NULL pointer dereference in log_dir_items [80c0b4210a963e31529e15bf90519708ec947596] Btrfs: fix unexpected cow in run_delalloc_nocow [5811375325420052fcadd944792a416a43072b7f] Long Li (1): cifs: Allocate validate negotiation request through kmalloc [2796d303e3c5ec213c578ed3a66872205c126eb8] Maciej W. Rozycki (3): MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs [9a3a92ccfe3620743d4ae57c987dc8e9c5f88996] MIPS: ptrace: Expose FIR register through FP regset [71e909c0cdad28a1df1fa14442929e68615dee45] MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs [c7e814628df65f424fe197dde73bfc67e4a244d7] Mahesh Rajashekhara (1): scsi: sd: Defer spinning up drive while SANITIZE is in progress [505aa4b6a8834a2300971c5220c380c3271ebde3] Major Hayden (1): USB: serial: ftdi_sio: add RT Systems VX-8 cable [9608e5c0f079390473b484ef92334dfd3431bb89] Marc Dionne (1): afs: Ignore AFS_ACE_READ and AFS_ACE_WRITE for directories [fd2498211a551fd42b2d6b9050d649d43536e75c] Marc Zyngier (1): KVM: arm/arm64: Close VMID generation race [f0cf47d939d0b4b4f660c5aaa4276fa3488f3391] Marek Lindner (1): batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs [16116dac23396e73c01eeee97b102e4833a4b205] Mark Brown (1): regmap: Support bulk reads for devices without raw formatting [d5b98eb12420ce856caaf57dc5256eedc56a3747] Markus Elfring (2): tracing: Deletion of an unnecessary check before iput() [16a8ef2751801346f1f76a18685b2beb63cd170f] video/fbdev/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() [f9815f945aff2204b8afbbb9d2182024eb44a194] Martin K. Petersen (1): scsi: mptsas: Disable WRITE SAME [94e5395d2403c8bc2504a7cbe4c4caaacb7b8b84] Martin Kelly (2): iio:buffer: make length types match kfifo types [c043ec1ca5baae63726aae32abbe003192bc6eec] iio:kfifo_buf: check for uint overflow [3d13de4b027d5f6276c0f9d3a264f518747d83f2] Masami Hiramatsu (3): ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr [eb0146daefdde65665b7f076fbff7b49dade95b9] ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions [0d73c3f8e7f6ee2aab1bb350f60c180f5ae21a2c] tracing/uprobe_event: Fix strncpy corner case [50268a3d266ecfdd6c5873d62b2758d9732fc598] Mathieu Desnoyers (1): tracepoint: Do not warn on ENOMEM [d66a270be3310d7aa132fec0cea77d3d32a0ff75] Matt Redfearn (4): MIPS: memset.S: EVA & fault support for small_memset [8a8158c85e1e774a44fbe81106fa41138580dfd1] MIPS: memset.S: Fix clobber of v1 in last_fixup [c96eebf07692e53bf4dd5987510d8b550e793598] MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup [daf70d89f80c6e1772233da9e020114b1254e7e0] MIPS: uaccess: Add micromips clobbers to bzero invocation [b3d7e55c3f886493235bfee08e1e5a4a27cbcce8] Matthew Auld (1): drm/i915/userptr: reject zero user_size [c11c7bfd213495784b22ef82a69b6489f8d0092f] Matthew Wilcox (1): mm/filemap.c: fix NULL pointer in page_cache_tree_insert() [abc1be13fd113ddef5e2d807a466286b864caed3] Mauro Carvalho Chehab (1): media: v4l2-compat-ioctl32: don't oops on overlay [85ea29f19eab56ec16ec6b92bc67305998706afa] Michael Ellerman (1): powerpc/lib: Fix off-by-one in alternate feature patching [b8858581febb050688e276b956796bc4a78299ed] Michael Neuling (3): powerpc/64s: Clear PCR on boot [faf37c44a105f3608115785f17cbbf3500f8bc71] powerpc/eeh: Fix enabling bridge MMIO windows [13a83eac373c49c0a081cbcd137e79210fe78acd] powerpc/eeh: Fix race with driver un/bind [f0295e047fcf52ccb42561fb7de6942f5201b676] Michael S. Tsirkin (6): virtio: add ability to iterate over vqs [24a7e4d20783c0514850f24a5c41ede46ab058f0] virtio_console: don't tie bufs to a vq [2855b33514d290c51d52d94e25d3ef942cd4d578] virtio_console: drop custom control queue cleanup [61a8950c5c5708cf2068b29ffde94e454e528208] virtio_console: free buffers after reset [a7a69ec0d8e4a58be7db88d33cbfa2912807bb2b] virtio_console: move removal code [aa44ec867030a72e8aa127977e37dec551d8df19] virtio_console: reset on out of memory [5c60300d68da32ca77f7f978039dc72bfc78b06b] Michal Srb (1): drm/i915/cmdparser: Do not check past the cmd length. [3aec7f871c65eb5f76b4125fda432593c834a6f2] Mika Westerberg (2): ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() [13d3047c81505cc0fb9bdae7810676e70523c8bf] ahci: Add PCI ID for Cannon Lake PCH-LP AHCI [4544e403eb25552aed7f0ee181a7a506b8800403] Mike Frysinger (1): vt: change SGR 21 to follow the standards [65d9982d7e523a1a8e7c9af012da0d166f72fc56] Mike Galbraith (1): sched/autogroup: Fix 64-bit kernel nice level adjustment [83929cce95251cc77e5659bf493bd424ae0e7a67] Mike Kravetz (1): hugetlbfs: fix bug in pgoff overflow checking [5df63c2a149ae65a9ec239e7c2af44efa6f79beb] Mikhail Lappo (1): thermal: imx: Fix race condition in imx_thermal_probe() [cf1ba1d73a33944d8c1a75370a35434bf146b8a7] Moshe Shemesh (1): net/mlx4_en: Verify coalescing parameters are in range [6ad4e91c6d796b38a7f0e724db1de28eeb122bad] Nicholas Piggin (5): powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently [0bfdf598900fd62869659f360d3387ed80eb71cf] powerpc/powernv: Fix NVRAM sleep in invalid context when crashing [c1d2a31397ec51f0370f6bd17b19b39152c263cb] powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops [3b8070335f751aac9f1526ae2e012e6f5b8b0f21] powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() [741de617661794246f84a21a02fc5e327bffc9ad] powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops [34dd25de9fe3f60bfdb31b473bf04b28262d0896] Nico Sneck (1): drm/radeon: add PX quirk for Asus K73TK [b1550359d1eb392ee54f7cf47cffcfe0a602f6a7] Nicolas Dichtel (1): ip_tunnel: restore binding to ifaces with a large mtu [82612de1c98e610d194e34178bde3cca7dedce41] Nicolas Ferre (1): ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property [e8fd0adf105e132fd84545997bbef3d5edc2c9c1] Nicolin Chen (1): ASoC: fsl_esai: Fix divisor calculation failure at lower ratio [c656941df9bc80f7ec65b92ca73c42f8b0b62628] Nikolay Borisov (3): btrfs: Fix possible softlock on single core machines [1e1c50a929bc9e49bc3f9935b92450d9e69f8158] btrfs: Handle error from btrfs_uuid_tree_rem call in _btrfs_ioctl_set_received_subvol [d87ff75863e92a500538ab53318c5740f196631e] btrfs: Refactor transaction handling in received subvolume ioctl [efd38150af45375b46576d0110a323d7fab7e142] Ondrej Zary (2): Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad [04bb1719c4de94700056241d4c0fe3c1413f5aff] drm/i915: Disable LVDS on Radiant P845 [7f7105f99b75aca4f8c2a748ed6b82c7f8be3293] Paolo Abeni (2): netfilter: ebtables: handle string from userspace with care [94c752f99954797da583a84c4907ff19e92550a4] team: avoid adding twice the same option to the event list [4fb0534fb7bbc2346ba7d3a072b538007f4135a5] Paul Parsons (1): drm/radeon: Fix PCIe lane width calculation [85e290d92b4b794d0c758c53007eb4248d385386] Peng Hao (1): kvm: x86: fix a compile warning [3140c156e919b0f5fad5c5f6cf7876c39d1d4f06] Peter Rosin (3): i2c: pmcmsp: fix error return from master_xfer [12d9bbc5a7f347eaa65ff2a9d34995cadc05eb1b] i2c: pmcmsp: return message count on master_xfer success [de9a8634f1cb4560a35696d472cc7f1383d9b866] i2c: viperboard: return message count on master_xfer success [35cd67a0caf767aba472452865dcb4471fcce2b1] Peter Zijlstra (5): clocksource: Initialize cs->wd_list [5b9e886a4af97574ca3ce1147f35545da0e7afc7] perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* [ef9ee4ad38445a30909c48998624861716f2a994] perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() [46b1b577229a091b137831becaa0fae8690ee15a] sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] [354d7793070611b4df5a79fbb0f12752d0ed0cc5] sched/core: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] [7281c8dec8a87685cb54d503d8cceef5a0fc2fdd] Piaojun (1): ocfs2/dlm: wait for dlm recovery done when migrating all lock resources [60c7ec9ee4a3410c2cb08850102d363c7e207f48] Prakash Kamliya (1): drm/msm: fix leak in failed get_pages [62e3a3e342af3c313ab38603811ecdb1fcc79edb] Qu Wenruo (1): btrfs: tests/qgroup: Fix wrong tree backref level [3c0efdf03b2d127f0e40e30db4e7aa0429b1b79a] Raju Rangoju (1): RDMA/cxgb4: release hw resources on device removal [26bff1bd74a4f7417509a83295614e9dab995b2a] Rasmus Villemoes (1): drivers: tty: Merge alloc_tty_struct and initialize_tty_struct [2c964a2f4191f2229566895f1a0e85f8339f5dd1] Ravi Chandra Sadineni (1): USB: Increment wakeup count on remote wakeup. [83a62c51ba7b3c0bf45150c4eac7aefc6c785e94] Richard Weinberger (2): ubi: Reject MLC NAND [b5094b7f135be34630e3ea8a98fa215715d0f29d] ubifs: Check ubifs_wbuf_sync() return code [aac17948a7ce01fb60b9ee6cf902967a47b3ce26] Robbie Ko (1): Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting [6f2f0b394b54e2b159ef969a0b5274e9bbf82ff2] Rodrigo Rivas Costa (1): HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device [a955358d54695e4ad9f7d6489a7ac4d69a8fc711] Roland Dreier (3): RDMA/ucma: Allow resolving address w/o specifying source address [09abfe7b5b2f442a85f4c4d59ecf582ad76088d7] RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device [8435168d50e66fa5eae01852769d20a36f9e5e83] RDMA/ucma: Introduce safer rdma_addr_size() variants [84652aefb347297aa08e91e283adf7b18f77c2d5] Romain Izard (1): ubi: Fix error for write access [78a8dfbabbece22bee58ac4cb26cab10e7a19c5d] Ronnie Sahlberg (1): cifs: fix memory leak in SMB2_open() [b7a73c84eb96dabd6bb8e9d7c56f796d83efee8e] Russell King (1): ARM: keystone: fix platform_domain_notifier array overrun [9954b80b8c0e8abc98e17bba0fccd9876211ceaa] SZ Lin (1): NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 [9306b38e42cb266f98bff6f6f4c1c652aa79ba45] Sachin Grover (1): selinux: KASAN: slab-out-of-bounds in xattr_getsecurity [efe3de79e0b52ca281ef6691480c8c68c82a4657] Sean Young (1): media: rc: oops in ir_timer_keyup after device unplug [8d4068810d9926250dd2435719a080b889eb44c3] Sebastian Ott (1): s390/cio: update chpid descriptor after resource accessibility event [af2e460ade0b0180d0f3812ca4f4f59cc9597f3e] Sekhar Nori (1): ARM: davinci: board-dm646x-evm: set VPIF capture card name [bb7298a7e87cf3430eb62be8746e5d7a07ca9d7c] Sergei Shtylyov (1): drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen2 [8525d04ba8a6a9ecfa4bd619c988ca873a5fc2a4] Shamir Rabinovitch (1): RDMA/ucma: ucma_context reference leak in error path [ef95a90ae6f4f21990e1f7ced6719784a409e811] Shuah Khan (2): usbip: vhci_hcd: Fix usb device and sockfd leaks [9020a7efe537856eb3e826ebebdf38a5d07a7857] usbip: vhci_hcd: check rhport before using in vhci_hub_control() [5b22f676118ff25049382041da0db8012e57c9e8] Song Liu (1): tracing: Fix bad use of igrab in trace_uprobe.c [0c92c7a3c5d416f47b32c5f20a611dfeca5d5f2e] Stefan Brüns (1): drm/i915: Try EDID bitbanging on HDMI after failed read [cfb926e148e99acc02351d72e8b85e32b5f786ef] Stefan Haberland (1): s390/dasd: fix IO error for newly defined devices [5d27a2bf6e14f5c7d1033ad1e993fcd0eba43e83] Steve French (2): cifs: do not allow creating sockets except with SMB1 posix exensions [1d0cffa674cfa7d185a302c8c6850fc50b893bed] smb3: directory sync should not return an error [6e70c267e68d77679534dcf4aaf84e66f2cf1425] Steven Rostedt (3): tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} [45dd9b0666a162f8e4be76096716670cf1741f0e] tracing: Fix crash when freeing instances with event triggers [86b389ff22bd6ad8fd3cb98e41cd271886c6d023] tracing: Fix regex_match_front() to not over compare the test string [dc432c3d7f9bceb3de6f5b44fb9c657c9810ed6d] Sudhir Sreedharan (1): rtl8187: Fix NULL pointer dereference in priv->conf_mutex [7972326a26b5bf8dc2adac575c4e03ee7e9d193a] Sudip Mukherjee (1): libata: blacklist Micron 500IT SSD with MU01 firmware [136d769e0b3475d71350aa3648a116a6ee7a8f6c] Sven Eckelmann (1): batman-adv: Avoid race in TT TVLV allocator helper [8ba0f9bd3bdea1058c2b2676bec7905724418e40] Takashi Iwai (21): ALSA: aloop: Add missing cable lock to ctl API callbacks [76b3421b39bd610546931fc923edcf90c18fa395] ALSA: asihpi: Hardening for potential Spectre v1 [f9d94b57e30fd1575b4935045b32d738668aa74b] ALSA: control: Hardening for potential Spectre v1 [088e861edffb84879cf0c0d1b02eda078c3a0ffe] ALSA: hda: Hardening for potential Spectre v1 [69fa6f19b95597618ab30438a27b67ad93daa7c7] ALSA: hdspm: Hardening for potential Spectre v1 [10513142a7114d251670361ad40cba2c61403406] ALSA: opl3: Hardening for potential Spectre v1 [7f054a5bee0987f1e2d4e59daea462421c76f2cb] ALSA: pcm: Avoid potential races between OSS ioctls and read/write [02a5d6925cd34c3b774bdb8eefb057c40a30e870] ALSA: pcm: Check PCM state at xfern compat ioctl [f13876e2c33a657a71bcbb10f767c0951b165020] ALSA: pcm: Fix UAF at PCM release via PCM timer access [a820ccbe21e8ce8e86c39cd1d3bc8c7d1cbb949b] ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation [e15dc99dbb9cf99f6432e8e3c0b3a8f7a3403a86] ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls [f6d297df4dd47ef949540e4a201230d0c5308325] ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams [40cab6e88cb0b6c56d3f30b7491a20e803f948f6] ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation [c64ed5dd9feba193c76eb460b451225ac2a0d87b] ALSA: rawmidi: Fix missing input substream checks in compat ioctls [8a56ef4f3ffba9ebf4967b61ef600b0a7ba10f11] ALSA: rme9652: Hardening for potential Spectre v1 [f526afcd8f71945c23ce581d7864ace93de8a4f7] ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() [8f22e52528cc372b218b5f100457469615c733ce] ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device [f5e94b4c6ebdabe0f602d796e0430180927521a0] ALSA: seq: oss: Hardening for potential Spectre v1 [8d218dd8116695ecda7164f97631c069938aa22e] ALSA: timer: Call notifier in the same spinlock [f65e0d299807d8a11812845c972493c3f9a18e10] ALSA: usb-audio: Skip broken EU on Dell dock USB-audio [1d8d6428d1da642ddd75b0be2d1bb1123ff8e017] resource: fix integer overflow at reallocation [60bb83b81169820c691fbfa33a6a4aef32aa4b0b] Tarick Bedeir (1): net/mlx4_core: Fix error handling in mlx4_init_port_info. [57f6f99fdad9984801cde05c1db68fe39b474a10] Tejun Heo (1): libata: Blacklist some Sandisk SSDs for NCQ [322579dcc865b94b47345ad1b6002ad167f85405] Tetsuo Handa (4): tty: Avoid possible error pointer dereference at tty_ldisc_restore(). [598c2d41ff44889dd8eced4f117403e472158d85] tty: Don't call panic() at tty_ldisc_init() [903f9db10f18f735e62ba447147b6c434b6af003] tty: Use __GFP_NOFAIL for tty_ldisc_get() [bcdd0ca8cb8730573afebcaae4138f8f4c8eaa20] x86/kexec: Avoid double free_page() upon do_kexec_load() failure [a466ef76b815b86748d9870ef2a430af7b39c710] Theodore Ts'o (6): ext4: add bounds checking to ext4_xattr_find_entry() [9496005d6ca4cf8f5ee8f828165a8956872dc59d] ext4: add extra checks to ext4_xattr_block_get() [54dd0e0a1b255f115f8647fc6fb93273251b01b9] ext4: don't update checksum of new initialized bitmaps [044e6e3d74a3d7103a0c8a9305dfd94d64000660] ext4: force revalidation of directory pointer after seekdir(2) [e40ff213898502d299351cc2fe1e350cd186f0d3] ext4: set h_journal if there is a failure starting a reserved handle [b2569260d55228b617bd82aba6d0db2faeeb4116] jbd2: if the journal is aborted then don't allow update of the log tail [85e0c4e89c1b864e763c4e3bb15d0b6d501ad5d9] Thinh Nguyen (1): usb: dwc3: pci: Properly cleanup resource [cabdf83dadfb3d83eec31e0f0638a92dbd716435] Tony Lindgren (1): net: davinci_emac: Fix runtime pm calls for davinci_emac [b5133e7a988b2cf8e1cd2b23231f36aff35ceffc] Toshiaki Makita (1): vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi [7ce2367254e84753bceb07327aaf5c953cfce117] Uwe Kleine-König (1): serial: altera: ensure port->regshift is honored consistently [0e254963b6ba4d63ac911e79537fea38dd03dc50] Vasily Gorbik (1): s390/ipl: ensure loadparm valid flag is set [15deb080a6087b73089139569558965750e69d67] Vasyl Vavrychuk (1): USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster [470b5d6f0cf4674be2d1ec94e54283a1770b6a1a] Wei Huang (1): KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed [c4d2188206bafa177ea58e9a25b952baa0bf7712] Wenwen Wang (1): ALSA: control: fix a redundant-copy issue [3f12888dfae2a48741c4caa9214885b3aaf350f9] Willem de Bruijn (2): net: test tailroom before appending to linear skb [113f99c3358564a0647d444c2ae34e8b1abfd5b9] packet: fix bitfield update race [a6361f0ca4b25460f2cdf3235ebe8115f622901e] Wolfgang Bumiller (1): net: fix deadlock while clearing neighbor proxy table [53b76cdf7e8fecec1d09e38aad2f8579882591a8] Xiaoming Gao (1): x86/tsc: Prevent 32bit truncation in calc_hpet_ref() [d3878e164dcd3925a237a20e879432400e369172] Xin Long (5): bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave [ddea788c63094f7c483783265563dd5b50052e28] sctp: do not check port in sctp_inet6_cmp_addr [1071ec9d453a38023579714b64a951a2fb982071] sctp: fix the issue that the cookie-ack with auth can't get processed [ce402f044e4e432c296f90eaabb8dbe8f3624391] sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr [d625329b06e46bd20baf9ee40847d11982569204] team: fix netconsole setup over team [9cf2f437ca5b39828984064fad213e68fc17ef11] Yazen Ghannam (1): x86/smpboot: Don't use mwait_play_dead() on AMD systems [da6fa7ef67f07108a1b0cb9fd9e7fcaabd39c051] Yishai Hadas (1): RDMA/mlx5: Don't assume that medium blueFlame register exists [18b0362e87dfa09e355093b897b9db854e360d28] Zheng Yan (1): ceph: always update atime/mtime/ctime for new inode [ffdeec7aa41aa61ca4ee68fddf4669df9ce661d1] Zhengjun Xing (1): USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw [64627388b50158fd24d6ad88132525b95a5ef573] Łukasz Stelmach (1): ARM: 8753/1: decompressor: add a missing parameter to the addruart macro [e07e3c33b9c0b5751ade624f44325c9bf2487ea6] Documentation/networking/ppp_generic.txt | 6 - Makefile | 4 +- arch/arc/include/asm/Kbuild | 1 + arch/arm/boot/compressed/head.S | 16 +- arch/arm/boot/compressed/misc.c | 9 +- arch/arm/boot/dts/at91sam9g25.dtsi | 2 +- arch/arm/crypto/Makefile | 2 + arch/arm/include/asm/assembler.h | 10 + arch/arm/kernel/traps.c | 5 +- arch/arm/kvm/arm.c | 15 +- arch/arm/lib/getuser.S | 4 + arch/arm/mach-davinci/board-dm646x-evm.c | 3 +- arch/arm/mach-keystone/pm_domain.c | 1 + arch/avr32/include/asm/Kbuild | 1 + arch/blackfin/include/asm/Kbuild | 1 + arch/c6x/include/asm/Kbuild | 1 + arch/cris/include/asm/Kbuild | 1 + arch/frv/include/asm/Kbuild | 1 + arch/hexagon/include/asm/Kbuild | 1 + arch/ia64/include/asm/Kbuild | 1 + arch/m32r/include/asm/Kbuild | 1 + arch/metag/include/asm/Kbuild | 1 + arch/microblaze/include/asm/Kbuild | 1 + arch/mips/include/asm/Kbuild | 1 + arch/mips/include/asm/uaccess.h | 11 +- arch/mips/kernel/ptrace.c | 24 ++- arch/mips/kernel/ptrace32.c | 6 +- arch/mips/kvm/kvm_mips.c | 2 +- arch/mips/lib/memset.S | 11 +- arch/mn10300/include/asm/Kbuild | 1 + arch/parisc/kernel/drivers.c | 4 + arch/parisc/kernel/hpmc.S | 6 +- arch/powerpc/include/asm/barrier.h | 3 +- arch/powerpc/include/asm/opal.h | 3 + arch/powerpc/include/asm/synch.h | 4 - arch/powerpc/kernel/cpu_setup_power.S | 4 + arch/powerpc/kernel/eeh_driver.c | 61 ++++-- arch/powerpc/kernel/eeh_pe.c | 3 +- arch/powerpc/lib/feature-fixups.c | 2 +- arch/powerpc/mm/hugetlbpage.c | 17 +- arch/powerpc/platforms/powernv/opal-nvram.c | 21 +- arch/s390/hypfs/inode.c | 2 +- arch/s390/include/asm/Kbuild | 1 + arch/s390/kernel/ipl.c | 1 + arch/s390/kernel/perf_cpum_sf.c | 4 + arch/score/include/asm/Kbuild | 1 + arch/tile/include/asm/Kbuild | 1 + arch/um/include/asm/Kbuild | 1 + arch/um/os-Linux/signal.c | 2 +- arch/unicore32/include/asm/Kbuild | 1 + arch/x86/boot/compressed/eboot.c | 6 +- arch/x86/crypto/cast5_avx_glue.c | 3 +- arch/x86/include/asm/apic.h | 4 +- arch/x86/include/asm/x2apic.h | 2 +- arch/x86/kernel/acpi/boot.c | 18 +- arch/x86/kernel/apic/apic_numachip.c | 2 +- arch/x86/kernel/apic/x2apic_uv_x.c | 2 +- arch/x86/kernel/cpu/perf_event.c | 8 +- arch/x86/kernel/machine_kexec_32.c | 6 +- arch/x86/kernel/machine_kexec_64.c | 4 +- arch/x86/kernel/smpboot.c | 2 + arch/x86/kernel/tsc.c | 2 +- arch/x86/kvm/x86.c | 7 +- arch/x86/mm/dump_pagetables.c | 10 +- arch/x86/net/bpf_jit_comp.c | 3 +- arch/x86/um/stub_segv.c | 2 +- arch/x86/xen/mmu.c | 6 +- arch/xtensa/include/asm/Kbuild | 1 + crypto/af_alg.c | 8 +- crypto/ahash.c | 7 +- drivers/ata/ahci.c | 1 + drivers/ata/libata-core.c | 8 + drivers/atm/zatm.c | 3 + drivers/base/regmap/regmap.c | 22 +- drivers/char/virtio_console.c | 157 +++++++------- drivers/gpu/drm/drm_fops.c | 1 + drivers/gpu/drm/i915/i915_cmd_parser.c | 80 ++++--- drivers/gpu/drm/i915/i915_drv.h | 5 + drivers/gpu/drm/i915/i915_gem_userptr.c | 3 + drivers/gpu/drm/i915/intel_hdmi.c | 14 +- drivers/gpu/drm/i915/intel_lvds.c | 11 +- drivers/gpu/drm/msm/msm_gem.c | 30 ++- drivers/gpu/drm/radeon/radeon_device.c | 15 +- drivers/gpu/drm/radeon/si_dpm.c | 4 +- drivers/gpu/drm/rcar-du/rcar_du_lvdsenc.c | 10 +- drivers/hid/hid-core.c | 12 +- drivers/hid/hidraw.c | 5 + drivers/hid/i2c-hid/i2c-hid.c | 13 +- drivers/hwmon/nct6683.c | 4 +- drivers/hwmon/nct6775.c | 10 +- drivers/hwmon/pmbus/adm1275.c | 4 +- drivers/hwmon/pmbus/max8688.c | 2 +- drivers/i2c/busses/i2c-pmcmsp.c | 4 +- drivers/i2c/busses/i2c-viperboard.c | 2 +- drivers/iio/kfifo_buf.c | 11 +- drivers/infiniband/core/addr.c | 16 ++ drivers/infiniband/core/iwpm_util.c | 5 +- drivers/infiniband/core/ucma.c | 43 ++-- drivers/infiniband/hw/cxgb4/cq.c | 11 +- drivers/infiniband/hw/cxgb4/device.c | 8 + drivers/infiniband/hw/cxgb4/iw_cxgb4.h | 6 +- drivers/infiniband/hw/cxgb4/qp.c | 4 +- drivers/infiniband/hw/cxgb4/resource.c | 26 ++- drivers/infiniband/hw/mlx5/qp.c | 39 ++-- drivers/infiniband/ulp/srp/ib_srp.c | 8 +- drivers/input/serio/i8042-x86ia64io.h | 24 +++ drivers/media/pci/cx25821/cx25821-core.c | 7 +- drivers/media/platform/s3c-camif/camif-capture.c | 7 +- drivers/media/rc/rc-main.c | 4 +- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 4 +- drivers/message/fusion/mptsas.c | 1 + drivers/mmc/host/jz4740_mmc.c | 2 +- drivers/mtd/chips/cfi_cmdset_0001.c | 33 ++- drivers/mtd/chips/cfi_cmdset_0002.c | 9 +- drivers/mtd/ubi/block.c | 2 +- drivers/mtd/ubi/build.c | 11 + drivers/net/bonding/bond_main.c | 3 +- drivers/net/can/usb/kvaser_usb.c | 2 +- drivers/net/ethernet/broadcom/bcmsysport.c | 11 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 11 +- drivers/net/ethernet/cisco/enic/enic_main.c | 8 +- drivers/net/ethernet/marvell/sky2.c | 2 +- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 16 ++ drivers/net/ethernet/mellanox/mlx4/main.c | 4 +- drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 7 +- drivers/net/ethernet/mellanox/mlx4/qp.c | 4 +- drivers/net/ethernet/ti/cpsw.c | 13 +- drivers/net/ethernet/ti/davinci_cpdma.c | 2 +- drivers/net/ethernet/ti/davinci_emac.c | 62 ++++-- drivers/net/ppp/ppp_generic.c | 136 +++++++----- drivers/net/ppp/pppoe.c | 4 + drivers/net/team/team.c | 38 +++- drivers/net/usb/qmi_wwan.c | 13 ++ drivers/net/vmxnet3/vmxnet3_drv.c | 137 ++++++++---- drivers/net/vmxnet3/vmxnet3_int.h | 8 +- drivers/net/wireless/rtl818x/rtl8187/dev.c | 2 +- drivers/parport/parport_pc.c | 4 + drivers/pci/hotplug/acpiphp_glue.c | 23 +- drivers/pci/quirks.c | 13 ++ drivers/pinctrl/pinctrl-single.c | 22 +- drivers/rtc/rtc-snvs.c | 15 +- drivers/rtc/rtc-tx4939.c | 6 +- drivers/s390/block/dasd_alias.c | 16 +- drivers/s390/cio/chsc.c | 14 +- drivers/s390/cio/qdio_main.c | 42 ++-- drivers/s390/cio/qdio_setup.c | 12 +- drivers/s390/net/qeth_core_main.c | 8 +- drivers/s390/scsi/zfcp_dbf.c | 23 +- drivers/s390/scsi/zfcp_ext.h | 5 +- drivers/s390/scsi/zfcp_scsi.c | 14 +- drivers/scsi/qla2xxx/qla_init.c | 3 +- drivers/scsi/sd.c | 2 + drivers/staging/line6/midi.c | 2 +- drivers/staging/rtl8192u/r8192U_core.c | 2 + drivers/staging/usbip/usbip_common.h | 2 +- drivers/staging/usbip/vhci_hcd.c | 8 +- drivers/thermal/imx_thermal.c | 19 +- drivers/tty/Makefile | 3 +- drivers/tty/n_null.c | 80 +++++++ drivers/tty/pty.c | 19 +- drivers/tty/serial/altera_uart.c | 6 +- drivers/tty/serial/arc_uart.c | 8 +- drivers/tty/serial/fsl_lpuart.c | 4 + drivers/tty/serial/imx.c | 6 + drivers/tty/serial/mxs-auart.c | 5 + drivers/tty/serial/pxa.c | 4 + drivers/tty/serial/xilinx_uartps.c | 2 +- drivers/tty/tty_io.c | 42 ++-- drivers/tty/tty_ldisc.c | 68 +++--- drivers/tty/vt/vt.c | 6 +- drivers/usb/core/config.c | 4 +- drivers/usb/core/generic.c | 9 +- drivers/usb/core/hcd.c | 1 + drivers/usb/core/hub.c | 10 +- drivers/usb/core/quirks.c | 3 + drivers/usb/dwc3/dwc3-pci.c | 2 +- drivers/usb/host/xhci-pci.c | 5 +- drivers/usb/musb/musb_gadget_ep0.c | 14 +- drivers/usb/musb/musb_host.c | 4 +- drivers/usb/serial/Kconfig | 1 + drivers/usb/serial/cp210x.c | 2 + drivers/usb/serial/ftdi_sio.c | 5 +- drivers/usb/serial/ftdi_sio_ids.h | 9 + drivers/usb/serial/usb-serial-simple.c | 7 + drivers/usb/serial/visor.c | 69 +++--- drivers/video/fbdev/stifb.c | 2 +- drivers/watchdog/f71808e_wdt.c | 2 +- drivers/xen/swiotlb-xen.c | 2 +- drivers/xen/xen-acpi-processor.c | 6 +- fs/affs/namei.c | 10 +- fs/afs/security.c | 13 +- fs/aio.c | 7 +- fs/autofs4/root.c | 2 +- fs/btrfs/ctree.c | 16 +- fs/btrfs/extent-tree.c | 1 + fs/btrfs/inode.c | 231 +++++++++++++------- fs/btrfs/ioctl.c | 22 +- fs/btrfs/tests/qgroup-tests.c | 2 +- fs/btrfs/tree-log.c | 12 +- fs/buffer.c | 2 +- fs/ceph/inode.c | 10 +- fs/cifs/cifsfs.c | 13 ++ fs/cifs/dir.c | 9 +- fs/cifs/smb2pdu.c | 49 +++-- fs/dcache.c | 22 ++ fs/ecryptfs/inode.c | 3 +- fs/ext2/inode.c | 10 - fs/ext2/namei.c | 6 +- fs/ext3/namei.c | 6 +- fs/ext4/balloc.c | 3 +- fs/ext4/dir.c | 8 +- fs/ext4/ialloc.c | 43 +--- fs/ext4/indirect.c | 5 +- fs/ext4/namei.c | 6 +- fs/ext4/xattr.c | 86 +++++--- fs/ext4/xattr.h | 11 + fs/f2fs/f2fs.h | 1 + fs/f2fs/gc.c | 2 +- fs/f2fs/inode.c | 23 ++ fs/f2fs/namei.c | 52 ++--- fs/fs-writeback.c | 2 +- fs/hugetlbfs/inode.c | 10 +- fs/jbd2/journal.c | 5 +- fs/jbd2/transaction.c | 1 + fs/jffs2/dir.c | 12 +- fs/jffs2/super.c | 2 +- fs/jfs/namei.c | 12 +- fs/namespace.c | 3 +- fs/nilfs2/namei.c | 6 +- fs/notify/fanotify/fanotify.c | 34 ++- fs/ocfs2/dlm/dlmcommon.h | 1 + fs/ocfs2/dlm/dlmdomain.c | 15 ++ fs/ocfs2/dlm/dlmrecovery.c | 13 +- fs/proc/proc_sysctl.c | 3 + fs/reiserfs/journal.c | 2 +- fs/reiserfs/namei.c | 12 +- fs/ubifs/super.c | 14 +- fs/udf/ialloc.c | 7 +- fs/udf/namei.c | 106 ++++----- fs/ufs/ialloc.c | 6 +- fs/ufs/namei.c | 14 +- include/asm-generic/word-at-a-time.h | 80 ++++++- include/linux/clk-provider.h | 3 +- include/linux/dcache.h | 1 + include/linux/efi.h | 8 +- include/linux/hid.h | 4 +- include/linux/iio/buffer.h | 6 +- include/linux/log2.h | 13 +- include/linux/msg.h | 4 +- include/linux/mtd/flashchip.h | 1 + include/linux/shm.h | 4 +- include/linux/string.h | 3 + include/linux/tty.h | 6 +- include/linux/virtio.h | 3 + include/net/dst.h | 1 + include/net/inet_timewait_sock.h | 1 + include/net/nexthop.h | 2 +- include/rdma/ib_addr.h | 2 + include/sound/control.h | 7 +- include/sound/pcm_oss.h | 1 + include/trace/events/xen.h | 16 -- include/uapi/linux/ppp-ioctl.h | 2 +- include/uapi/linux/tty.h | 1 + ipc/msg.c | 19 +- ipc/msgutil.c | 2 +- ipc/sem.c | 38 ++-- ipc/shm.c | 116 +++++++--- ipc/util.c | 9 + ipc/util.h | 11 + kernel/resource.c | 3 +- kernel/sched/auto_group.c | 9 +- kernel/sched/core.c | 3 + kernel/sys.c | 4 + kernel/time/clocksource.c | 2 + kernel/time/tick-broadcast.c | 8 + kernel/trace/trace_events_filter.c | 3 + kernel/trace/trace_events_trigger.c | 5 +- kernel/trace/trace_uprobe.c | 32 ++- kernel/tracepoint.c | 4 +- lib/string.c | 88 ++++++++ mm/filemap.c | 7 +- mm/mmap.c | 32 +++ net/atm/lec.c | 9 +- net/batman-adv/translation-table.c | 93 ++++++-- net/bridge/netfilter/ebtables.c | 3 +- net/ceph/messenger.c | 7 + net/compat.c | 6 +- net/core/dev.c | 3 +- net/core/dev_addr_lists.c | 4 +- net/core/neighbour.c | 30 ++- net/core/skbuff.c | 1 + net/dccp/ccids/ccid2.c | 14 +- net/dccp/timer.c | 2 +- net/dns_resolver/dns_key.c | 14 +- net/ipv4/inet_timewait_sock.c | 1 + net/ipv4/ip_output.c | 3 +- net/ipv4/ip_tunnel.c | 17 +- net/ipv4/ping.c | 7 +- net/ipv4/route.c | 118 +++++----- net/ipv4/tcp.c | 8 +- net/ipv4/tcp_input.c | 7 +- net/ipv4/tcp_output.c | 7 +- net/ipv4/udp.c | 7 +- net/ipv6/ip6_gre.c | 8 +- net/ipv6/ip6_output.c | 3 +- net/ipv6/ip6_tunnel.c | 8 +- net/ipv6/ip6_vti.c | 7 +- net/ipv6/route.c | 2 + net/ipv6/sit.c | 8 +- net/ipv6/xfrm6_policy.c | 2 +- net/l2tp/l2tp_core.c | 260 ++++++++++------------- net/l2tp/l2tp_core.h | 7 +- net/l2tp/l2tp_debugfs.c | 18 +- net/l2tp/l2tp_netlink.c | 28 ++- net/l2tp/l2tp_ppp.c | 43 +++- net/llc/af_llc.c | 17 +- net/netfilter/ipvs/ip_vs_core.c | 8 + net/netfilter/ipvs/ip_vs_ctl.c | 15 +- net/netfilter/ipvs/ip_vs_sync.c | 10 +- net/netfilter/nf_tables_api.c | 59 ++--- net/netlink/af_netlink.c | 2 + net/packet/af_packet.c | 86 +++++--- net/packet/internal.h | 10 +- net/rfkill/rfkill-gpio.c | 7 +- net/sched/sch_fq.c | 37 ++-- net/sctp/inqueue.c | 2 +- net/sctp/ipv6.c | 65 +++--- net/sunrpc/rpc_pipe.c | 1 + security/selinux/ss/services.c | 2 +- sound/core/control_compat.c | 3 +- sound/core/oss/pcm_oss.c | 186 ++++++++++++---- sound/core/pcm.c | 8 +- sound/core/pcm_compat.c | 2 + sound/core/pcm_native.c | 1 + sound/core/rawmidi_compat.c | 18 +- sound/core/seq/oss/seq_oss_event.c | 15 +- sound/core/seq/oss/seq_oss_midi.c | 2 + sound/core/seq/oss/seq_oss_synth.c | 85 ++++---- sound/core/seq/oss/seq_oss_synth.h | 3 +- sound/core/seq/seq_virmidi.c | 4 +- sound/core/timer.c | 222 +++++++++---------- sound/drivers/aloop.c | 17 +- sound/drivers/opl3/opl3_synth.c | 7 +- sound/pci/asihpi/hpimsginit.c | 39 ++-- sound/pci/asihpi/hpioctl.c | 4 +- sound/pci/hda/hda_hwdep.c | 12 +- sound/pci/rme9652/hdspm.c | 24 ++- sound/pci/rme9652/rme9652.c | 6 +- sound/soc/codecs/ssm2602.c | 19 +- sound/soc/fsl/fsl_esai.c | 7 + sound/usb/mixer.c | 8 + sound/usb/mixer_maps.c | 3 + tools/perf/Documentation/perf-top.txt | 3 + tools/perf/builtin-record.c | 2 +- 354 files changed, 3603 insertions(+), 1941 deletions(-) -- Ben Hutchings I haven't lost my mind; it's backed up on tape somewhere.

5 years

4
369
0 0

[PATCH v6 0/3] iommu/io-pgtable-arm-v7s: Use DMA32 zone for page tables

by Nicolas Boichat

This is a follow-up to the discussion in [1], [2]. IOMMUs using ARMv7 short-descriptor format require page tables (level 1 and 2) to be allocated within the first 4GB of RAM, even on 64-bit systems. For L1 tables that are bigger than a page, we can just use __get_free_pages with GFP_DMA32 (on arm64 systems only, arm would still use GFP_DMA). For L2 tables that only take 1KB, it would be a waste to allocate a full page, so we considered 3 approaches: 1. This series, adding support for GFP_DMA32 slab caches. 2. genalloc, which requires pre-allocating the maximum number of L2 page tables (4096, so 4MB of memory). 3. page_frag, which is not very memory-efficient as it is unable to reuse freed fragments until the whole page is freed. [3] This series is the most memory-efficient approach. stable@ note: We confirmed that this is a regression, and IOMMU errors happen on 4.19 and linux-next/master on MT8173 (elm, Acer Chromebook R13). The issue most likely starts from commit ad67f5a6545f ("arm64: replace ZONE_DMA with ZONE_DMA32"), i.e. 4.15, and presumably breaks a number of Mediatek platforms (and maybe others?). [1] https://lists.linuxfoundation.org/pipermail/iommu/2018-November/030876.html [2] https://lists.linuxfoundation.org/pipermail/iommu/2018-December/031696.html [3] https://patchwork.codeaurora.org/patch/671639/ Changes since v1: - Add support for SLAB_CACHE_DMA32 in slab and slub (patches 1/2) - iommu/io-pgtable-arm-v7s (patch 3): - Changed approach to use SLAB_CACHE_DMA32 added by the previous commit. - Use DMA or DMA32 depending on the architecture (DMA for arm, DMA32 for arm64). Changes since v2: - Reworded and expanded commit messages - Added cache_dma32 documentation in PATCH 2/3. v3 used the page_frag approach, see [3]. Changes since v4: - Dropped change that removed GFP_DMA32 from GFP_SLAB_BUG_MASK: instead we can just call kmem_cache_*alloc without GFP_DMA32 parameter. This also means that we can drop PATCH v4 1/3, as we do not make any changes in GFP flag verification. - Dropped hunks that added cache_dma32 sysfs file, and moved the hunks to PATCH v5 3/3, so that maintainer can decide whether to pick the change independently. Changes since v5: - Rename ARM_V7S_TABLE_SLAB_CACHE to ARM_V7S_TABLE_SLAB_FLAGS. - Add stable@ to cc. Nicolas Boichat (3): mm: Add support for kmem caches in DMA32 zone iommu/io-pgtable-arm-v7s: Request DMA32 memory, and improve debugging mm: Add /sys/kernel/slab/cache/cache_dma32 Documentation/ABI/testing/sysfs-kernel-slab | 9 +++++++++ drivers/iommu/io-pgtable-arm-v7s.c | 19 +++++++++++++++---- include/linux/slab.h | 2 ++ mm/slab.c | 2 ++ mm/slab.h | 3 ++- mm/slab_common.c | 2 +- mm/slub.c | 16 ++++++++++++++++ tools/vm/slabinfo.c | 7 ++++++- 8 files changed, 53 insertions(+), 7 deletions(-) -- 2.20.0.rc2.403.gdbc3b29805-goog

5 years

5
13
0 0

[PATCH 4.19 00/24] 4.19.1-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.1 release. There are 24 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Nov 4 18:28:10 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.1-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.1-rc1 Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: remove ipv6 zero address check in mcast queries David S. Miller <davem(a)davemloft.net> sparc64: Wire up compat getpeername and getsockname. David Miller <davem(a)redhat.com> sparc64: Make corrupted user stacks more debuggable. David S. Miller <davem(a)davemloft.net> sparc64: Export __node_distance. Xin Long <lucien.xin(a)gmail.com> sctp: check policy more carefully when getting pr status Ivan Vecera <ivecera(a)redhat.com> Revert "be2net: remove desc field from be_eq_obj" Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix broken Wake-on-LAN from S5 (poweroff) David S. Miller <davem(a)davemloft.net> net: Properly unlink GRO packets on overflow. Cong Wang <xiyou.wangcong(a)gmail.com> net: drop skb on failure in ip_check_defrag() Shalom Toledo <shalomt(a)mellanox.com> mlxsw: core: Fix devlink unregister flow Petr Machata <petrm(a)mellanox.com> mlxsw: spectrum_switchdev: Don't ignore deletions of learned MACs Karsten Graul <kgraul(a)linux.ibm.com> net/smc: fix smc_buf_unuse to use the lgr pointer David Ahern <dsahern(a)gmail.com> net/ipv6: Allow onlink routes to have a device mismatch if it is the default route Jaime Caamaño Ruiz <jcaamano(a)suse.com> openvswitch: Fix push/pop ethernet validation Tobias Jungel <tobias.jungel(a)gmail.com> bonding: fix length of actor system Jason Wang <jasowang(a)redhat.com> vhost: Fix Spectre V1 vulnerability Ido Schimmel <idosch(a)mellanox.com> rtnetlink: Disallow FDB configuration for non-Ethernet device Karsten Graul <kgraul(a)linux.ibm.com> Revert "net: simplify sock_poll_wait" Sean Tranchetti <stranche(a)codeaurora.org> net: udp: fix handling of CHECKSUM_COMPLETE packets Niklas Cassel <niklas.cassel(a)linaro.org> net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules Jakub Kicinski <jakub.kicinski(a)netronome.com> net: sched: gred: pass the right attribute to gred_change_table_def() Eric Dumazet <edumazet(a)google.com> net/mlx5e: fix csum adjustments caused by RXFCS Stefano Brivio <sbrivio(a)redhat.com> ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called Hangbin Liu <liuhangbin(a)gmail.com> bridge: do not add port to router list when receives query with source 0.0.0.0 ------------- Diffstat: Makefile | 4 +- arch/sparc/include/asm/switch_to_64.h | 3 +- arch/sparc/kernel/process_64.c | 25 +++++++++--- arch/sparc/kernel/rtrap_64.S | 1 + arch/sparc/kernel/signal32.c | 12 +++++- arch/sparc/kernel/signal_64.c | 6 ++- arch/sparc/kernel/systbls_64.S | 4 +- arch/sparc/mm/init_64.c | 1 + crypto/af_alg.c | 2 +- drivers/net/bonding/bond_netlink.c | 3 +- drivers/net/ethernet/emulex/benet/be.h | 1 + drivers/net/ethernet/emulex/benet/be_main.c | 6 +-- drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 45 +++++----------------- drivers/net/ethernet/mellanox/mlxsw/core.c | 24 ++++++++---- .../ethernet/mellanox/mlxsw/spectrum_switchdev.c | 2 - drivers/net/ethernet/realtek/r8169.c | 9 ++++- drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c | 2 +- drivers/vhost/vhost.c | 2 + include/net/sock.h | 12 ++++-- net/atm/common.c | 2 +- net/bridge/br_multicast.c | 9 ++++- net/caif/caif_socket.c | 2 +- net/core/datagram.c | 7 ++-- net/core/dev.c | 1 + net/core/rtnetlink.c | 10 +++++ net/dccp/proto.c | 2 +- net/ipv4/ip_fragment.c | 12 ++++-- net/ipv4/tcp.c | 2 +- net/ipv4/udp.c | 20 +++++++++- net/ipv6/ip6_checksum.c | 20 +++++++++- net/ipv6/ndisc.c | 3 +- net/ipv6/route.c | 2 + net/iucv/af_iucv.c | 2 +- net/nfc/llcp_sock.c | 2 +- net/openvswitch/flow_netlink.c | 4 +- net/rxrpc/af_rxrpc.c | 2 +- net/sched/sch_gred.c | 2 +- net/sctp/socket.c | 8 ++-- net/smc/af_smc.c | 2 +- net/smc/smc_core.c | 25 ++++++------ net/tipc/socket.c | 2 +- net/unix/af_unix.c | 4 +- tools/testing/selftests/net/fib-onlink-tests.sh | 14 +++---- 43 files changed, 200 insertions(+), 123 deletions(-)

5 years, 1 month

6
36
0 0

[PATCH v3 1/2] nfit, mce: only handle uncorrectable machine checks

by Vishal Verma

The mce handler for 'nfit' devices is called for memory errors on a Non-Volatile DIMM, and adds the error location to a 'badblocks' list. This list is used by the various NVDIMM drivers to avoid consuming known poison locations during IO. The mce handler gets called for both corrected and uncorrectable errors. Until now, both kinds of errors have been added to the badblocks list. However, corrected memory errors indicate that the problem has already been fixed by hardware, and the resulting interrupt is merely a notification to Linux. As far as future accesses to that location are concerned, it is perfectly fine to use, and thus doesn't need to be included in the above badblocks list. Add a check in the nfit mce handler to filter out corrected mce events, and only process uncorrectable errors. Reported-by: Omar Avelar <omar.avelar(a)intel.com> Fixes: 6839a6d96f4e ("nfit: do an ARS scrub on hitting a latent media error") Cc: stable(a)vger.kernel.org Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Tony Luck <tony.luck(a)intel.com> Cc: Borislav Petkov <bp(a)alien8.de> Signed-off-by: Vishal Verma <vishal.l.verma(a)intel.com> --- arch/x86/include/asm/mce.h | 1 + arch/x86/kernel/cpu/mcheck/mce.c | 3 ++- drivers/acpi/nfit/mce.c | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) v3: Unchanged from v2 diff --git a/arch/x86/include/asm/mce.h b/arch/x86/include/asm/mce.h index 3a17107594c8..3111b3cee2ee 100644 --- a/arch/x86/include/asm/mce.h +++ b/arch/x86/include/asm/mce.h @@ -216,6 +216,7 @@ static inline int umc_normaddr_to_sysaddr(u64 norm_addr, u16 nid, u8 umc, u64 *s int mce_available(struct cpuinfo_x86 *c); bool mce_is_memory_error(struct mce *m); +bool mce_is_correctable(struct mce *m); DECLARE_PER_CPU(unsigned, mce_exception_count); DECLARE_PER_CPU(unsigned, mce_poll_count); diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c index 953b3ce92dcc..27015948bc41 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -534,7 +534,7 @@ bool mce_is_memory_error(struct mce *m) } EXPORT_SYMBOL_GPL(mce_is_memory_error); -static bool mce_is_correctable(struct mce *m) +bool mce_is_correctable(struct mce *m) { if (m->cpuvendor == X86_VENDOR_AMD && m->status & MCI_STATUS_DEFERRED) return false; @@ -544,6 +544,7 @@ static bool mce_is_correctable(struct mce *m) return true; } +EXPORT_SYMBOL_GPL(mce_is_correctable); static bool cec_add_mce(struct mce *m) { diff --git a/drivers/acpi/nfit/mce.c b/drivers/acpi/nfit/mce.c index e9626bf6ca29..7a51707f87e9 100644 --- a/drivers/acpi/nfit/mce.c +++ b/drivers/acpi/nfit/mce.c @@ -25,8 +25,8 @@ static int nfit_handle_mce(struct notifier_block *nb, unsigned long val, struct acpi_nfit_desc *acpi_desc; struct nfit_spa *nfit_spa; - /* We only care about memory errors */ - if (!mce_is_memory_error(mce)) + /* We only care about uncorrectable memory errors */ + if (!mce_is_memory_error(mce) || mce_is_correctable(mce)) return NOTIFY_DONE; /* -- 2.17.1

5 years, 1 month

5
9
0 0

FAILED: patch "[PATCH] futex: Cure exit race" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From da791a667536bf8322042e38ca85d55a78d3c273 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner <tglx(a)linutronix.de> Date: Mon, 10 Dec 2018 14:35:14 +0100 Subject: [PATCH] futex: Cure exit race Stefan reported, that the glibc tst-robustpi4 test case fails occasionally. That case creates the following race between sys_exit() and sys_futex_lock_pi(): CPU0 CPU1 sys_exit() sys_futex() do_exit() futex_lock_pi() exit_signals(tsk) No waiters: tsk->flags |= PF_EXITING; *uaddr == 0x00000PID mm_release(tsk) Set waiter bit exit_robust_list(tsk) { *uaddr = 0x80000PID; Set owner died attach_to_pi_owner() { *uaddr = 0xC0000000; tsk = get_task(PID); } if (!tsk->flags & PF_EXITING) { ... attach(); tsk->flags |= PF_EXITPIDONE; } else { if (!(tsk->flags & PF_EXITPIDONE)) return -EAGAIN; return -ESRCH; <--- FAIL } ESRCH is returned all the way to user space, which triggers the glibc test case assert. Returning ESRCH unconditionally is wrong here because the user space value has been changed by the exiting task to 0xC0000000, i.e. the FUTEX_OWNER_DIED bit is set and the futex PID value has been cleared. This is a valid state and the kernel has to handle it, i.e. taking the futex. Cure it by rereading the user space value when PF_EXITING and PF_EXITPIDONE is set in the task which 'owns' the futex. If the value has changed, let the kernel retry the operation, which includes all regular sanity checks and correctly handles the FUTEX_OWNER_DIED case. If it hasn't changed, then return ESRCH as there is no way to distinguish this case from malfunctioning user space. This happens when the exiting task did not have a robust list, the robust list was corrupted or the user space value in the futex was simply bogus. Reported-by: Stefan Liebler <stli(a)linux.ibm.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Peter Zijlstra <peterz(a)infradead.org> Cc: Heiko Carstens <heiko.carstens(a)de.ibm.com> Cc: Darren Hart <dvhart(a)infradead.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Sasha Levin <sashal(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://bugzilla.kernel.org/show_bug.cgi?id=200467 Link: https://lkml.kernel.org/r/20181210152311.986181245@linutronix.de diff --git a/kernel/futex.c b/kernel/futex.c index f423f9b6577e..5cc8083a4c89 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -1148,11 +1148,65 @@ static int attach_to_pi_state(u32 __user *uaddr, u32 uval, return ret; } +static int handle_exit_race(u32 __user *uaddr, u32 uval, + struct task_struct *tsk) +{ + u32 uval2; + + /* + * If PF_EXITPIDONE is not yet set, then try again. + */ + if (tsk && !(tsk->flags & PF_EXITPIDONE)) + return -EAGAIN; + + /* + * Reread the user space value to handle the following situation: + * + * CPU0 CPU1 + * + * sys_exit() sys_futex() + * do_exit() futex_lock_pi() + * futex_lock_pi_atomic() + * exit_signals(tsk) No waiters: + * tsk->flags |= PF_EXITING; *uaddr == 0x00000PID + * mm_release(tsk) Set waiter bit + * exit_robust_list(tsk) { *uaddr = 0x80000PID; + * Set owner died attach_to_pi_owner() { + * *uaddr = 0xC0000000; tsk = get_task(PID); + * } if (!tsk->flags & PF_EXITING) { + * ... attach(); + * tsk->flags |= PF_EXITPIDONE; } else { + * if (!(tsk->flags & PF_EXITPIDONE)) + * return -EAGAIN; + * return -ESRCH; <--- FAIL + * } + * + * Returning ESRCH unconditionally is wrong here because the + * user space value has been changed by the exiting task. + * + * The same logic applies to the case where the exiting task is + * already gone. + */ + if (get_futex_value_locked(&uval2, uaddr)) + return -EFAULT; + + /* If the user space value has changed, try again. */ + if (uval2 != uval) + return -EAGAIN; + + /* + * The exiting task did not have a robust list, the robust list was + * corrupted or the user space value in *uaddr is simply bogus. + * Give up and tell user space. + */ + return -ESRCH; +} + /* * Lookup the task for the TID provided from user space and attach to * it after doing proper sanity checks. */ -static int attach_to_pi_owner(u32 uval, union futex_key *key, +static int attach_to_pi_owner(u32 __user *uaddr, u32 uval, union futex_key *key, struct futex_pi_state **ps) { pid_t pid = uval & FUTEX_TID_MASK; @@ -1162,12 +1216,15 @@ static int attach_to_pi_owner(u32 uval, union futex_key *key, /* * We are the first waiter - try to look up the real owner and attach * the new pi_state to it, but bail out when TID = 0 [1] + * + * The !pid check is paranoid. None of the call sites should end up + * with pid == 0, but better safe than sorry. Let the caller retry */ if (!pid) - return -ESRCH; + return -EAGAIN; p = find_get_task_by_vpid(pid); if (!p) - return -ESRCH; + return handle_exit_race(uaddr, uval, NULL); if (unlikely(p->flags & PF_KTHREAD)) { put_task_struct(p); @@ -1187,7 +1244,7 @@ static int attach_to_pi_owner(u32 uval, union futex_key *key, * set, we know that the task has finished the * cleanup: */ - int ret = (p->flags & PF_EXITPIDONE) ? -ESRCH : -EAGAIN; + int ret = handle_exit_race(uaddr, uval, p); raw_spin_unlock_irq(&p->pi_lock); put_task_struct(p); @@ -1244,7 +1301,7 @@ static int lookup_pi_state(u32 __user *uaddr, u32 uval, * We are the first waiter - try to look up the owner based on * @uval and attach to it. */ - return attach_to_pi_owner(uval, key, ps); + return attach_to_pi_owner(uaddr, uval, key, ps); } static int lock_pi_update_atomic(u32 __user *uaddr, u32 uval, u32 newval) @@ -1352,7 +1409,7 @@ static int futex_lock_pi_atomic(u32 __user *uaddr, struct futex_hash_bucket *hb, * attach to the owner. If that fails, no harm done, we only * set the FUTEX_WAITERS bit in the user space variable. */ - return attach_to_pi_owner(uval, key, ps); + return attach_to_pi_owner(uaddr, newval, key, ps); } /**

5 years, 1 month

5
7
0 0

aacraid: Regression in 4.14.56 with *genirq/affinity: assign vectors to all possible CPUs*

by Paul Menzel

Dear Greg, Commit ef86f3a7 (genirq/affinity: assign vectors to all possible CPUs) added for Linux 4.14.56 causes the aacraid module to not detect the attached devices anymore on a Dell PowerEdge R720 with two six core 24x E5-2630 @ 2.30GHz. ``` $ dmesg | grep raid [ 0.269768] raid6: sse2x1 gen() 7179 MB/s [ 0.290069] raid6: sse2x1 xor() 5636 MB/s [ 0.311068] raid6: sse2x2 gen() 9160 MB/s [ 0.332076] raid6: sse2x2 xor() 6375 MB/s [ 0.353075] raid6: sse2x4 gen() 11164 MB/s [ 0.374064] raid6: sse2x4 xor() 7429 MB/s [ 0.379001] raid6: using algorithm sse2x4 gen() 11164 MB/s [ 0.386001] raid6: .... xor() 7429 MB/s, rmw enabled [ 0.391008] raid6: using ssse3x2 recovery algorithm [ 3.559682] megaraid cmm: 2.20.2.7 (Release Date: Sun Jul 16 00:01:03 EST 2006) [ 3.570061] megaraid: 2.20.5.1 (Release Date: Thu Nov 16 15:32:35 EST 2006) [ 10.725767] Adaptec aacraid driver 1.2.1[50834]-custom [ 10.731724] aacraid 0000:04:00.0: can't disable ASPM; OS doesn't have ASPM control [ 10.743295] aacraid: Comm Interface type3 enabled $ lspci -nn | grep Adaptec 04:00.0 Serial Attached SCSI controller [0107]: Adaptec Series 8 12G SAS/PCIe 3 [9005:028d] (rev 01) 42:00.0 Serial Attached SCSI controller [0107]: Adaptec Smart Storage PQI 12G SAS/PCIe 3 [9005:028f] (rev 01) ``` But, it still works with a Dell PowerEdge R715 with two eight core AMD Opteron 6136, the card below. ``` $ lspci -nn | grep Adaptec 22:00.0 Serial Attached SCSI controller [0107]: Adaptec Series 8 12G SAS/PCIe 3 [9005:028d] (rev 01) ``` Reverting the commit fixes the issue. commit ef86f3a72adb8a7931f67335560740a7ad696d1d Author: Christoph Hellwig <hch(a)lst.de> Date: Fri Jan 12 10:53:05 2018 +0800 genirq/affinity: assign vectors to all possible CPUs commit 84676c1f21e8ff54befe985f4f14dc1edc10046b upstream. Currently we assign managed interrupt vectors to all present CPUs. This works fine for systems were we only online/offline CPUs. But in case of systems that support physical CPU hotplug (or the virtualized version of it) this means the additional CPUs covered for in the ACPI tables or on the command line are not catered for. To fix this we'd either need to introduce new hotplug CPU states just for this case, or we can start assining vectors to possible but not present CPUs. Reported-by: Christian Borntraeger <borntraeger(a)de.ibm.com> Tested-by: Christian Borntraeger <borntraeger(a)de.ibm.com> Tested-by: Stefan Haberland <sth(a)linux.vnet.ibm.com> Fixes: 4b855ad37194 ("blk-mq: Create hctx for each present CPU") Cc: linux-kernel(a)vger.kernel.org Cc: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> The problem doesn’t happen with Linux 4.17.11, so there are commits in Linux master fixing this. Unfortunately, my attempts to find out failed. I was able to cherry-pick the three commits below on top of 4.14.62, but the problem persists. 6aba81b5a2f5 genirq/affinity: Don't return with empty affinity masks on error 355d7ecdea35 scsi: hpsa: fix selection of reply queue e944e9615741 scsi: virtio_scsi: fix IO hang caused by automatic irq vector affinity Trying to cherry-pick the commits below, referencing the commit in question, gave conflicts. 1. adbe552349f2 scsi: megaraid_sas: fix selection of reply queue 2. d3056812e7df genirq/affinity: Spread irq vectors among present CPUs as far as possible To avoid further trial and error with the server with a slow firmware, do you know what commits should fix the issue? Kind regards, Paul PS: I couldn’t find, who suggested this for stable, that means how it was picked to be added to stable. Is there an easy way to find that out?

5 years, 1 month

6
20
0 0

[PATCH] x86/speculation: Add document to describe Spectre and its mitigations

by Tim Chen

Thomas, Andi and I have made an update to our draft of the Spectre admin guide. We may be out on Christmas vacation for a while. But we want to send it out for everyone to take a look. Thanks. Tim From: Andi Kleen <ak(a)linux.intel.com> There are no document in admin guides describing Spectre v1 and v2 side channels and their mitigations in Linux. Create a document to describe Spectre and the mitigation methods used in the kernel. Signed-off-by: Andi Kleen <ak(a)linux.intel.com> Signed-off-by: Tim Chen <tim.c.chen(a)linux.intel.com> --- Documentation/admin-guide/spectre.rst | 502 ++++++++++++++++++++++++++++++++++ 1 file changed, 502 insertions(+) create mode 100644 Documentation/admin-guide/spectre.rst diff --git a/Documentation/admin-guide/spectre.rst b/Documentation/admin-guide/spectre.rst new file mode 100644 index 0000000..0ba708e --- /dev/null +++ b/Documentation/admin-guide/spectre.rst @@ -0,0 +1,502 @@ +Spectre side channels +===================== + +Spectre is a class of side channel attacks against modern CPUs that +exploit branch prediction and speculative execution to read memory, +possibly bypassing access controls. These exploits do not modify memory. + +This document covers Spectre variant 1 and 2. + +Affected processors +------------------- + +The vulnerability affects a wide range of modern high performance +processors, since most modern high speed processors use branch prediction +and speculative execution. + +The following CPUs are vulnerable: + + - Intel Core, Atom, Pentium, Xeon CPUs + - AMD CPUs like Phenom, EPYC, Zen. + - IBM processors like POWER and zSeries + - Higher end ARM processors + - Apple CPUs + - Higher end MIPS CPUs + - Likely most other high performance CPUs. Contact your CPU vendor for details. + +This document describes the mitigations on Intel CPUs. Mitigations +on other architectures may be different. + +Related CVEs +------------ + +The following CVE entries describe Spectre variants: + + ============= ======================= ========== + CVE-2017-5753 Bounds check bypass Spectre-V1 + CVE-2017-5715 Branch target injection Spectre-V2 + +Problem +------- + +CPUs have shared caches, such as buffers for branch prediction, which are +later used to guide speculative execution. These buffers are not flushed +over context switches or change in privilege levels. Malicious software +might influence these buffers and trigger specific speculative execution +in the kernel or different user processes. This speculative execution can +then be used to read data in memory and cause side effects, such as displacing +data in a data cache. The side effect can then later be measured by the +malicious software, and used to determine the memory values read speculatively. + +Spectre attacks allow tricking other software to disclose +values in their memory. + +In a typical Spectre variant 1 attack, the attacker passes an parameter +to a victim. The victim boundary checks the parameter and rejects illegal +values. However due to speculation over branch prediction the code path +for correct values might be speculatively executed, then reference memory +controlled by the input parameter and leave measurable side effects in +the caches. The attacker could then measure these side effects +and determine the leaked value. + +There are some extensions of Spectre variant 1 attacks for reading +data over the network, see [2]. However the attacks are very +difficult, low bandwidth and fragile and considered low risk. + +For Spectre variant 2 the attacker poisons the indirect branch +predictors of the CPU. Then control is passed to the victim, which +executes indirect branches. Due to the poisoned branch predictor data +the CPU can speculatively execute arbitrary code in the victim's +address space, such as a code sequence ("disclosure gadget") that +reads arbitrary data on some input parameter and causes a measurable +cache side effect based on the value. The attacker can then measure +this side effect after gaining control again and determine the value. + +The most useful gadgets take an attacker-controlled input parameter so +that the memory read can be controlled. Gadgets without input parameters +might be possible, but the attacker would have very little control over what +memory can be read, reducing the risk of the attack revealing useful data. + +Attack scenarios +---------------- + +Here is a list of attack scenarios that have been anticipated, but +may not cover all possible attack patterns. Reduing the occurrences of +attack pre-requisites listed can reduce the risk that a spectre attack +leaks useful data. + +1. Local User process attacking kernel +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Code in system calls often enforces access controls with conditional +branches based on user data. These branches are potential targets for +Spectre v2 exploits. Interrupt handlers, on the other hand, rarely +handle user data or enforce access controls, which makes them unlikely +exploit targets. + +For typical variant 2 attack, the attacker may poison the CPU branch +buffers first, and then enter the kernel and trick it into jumping to a +disclosure gadget through an indirect branch. If the attacker wants to control the +memory addresses leaked, it would also need to pass a parameter +to the gadget, either through a register or through a known address in +memory. Finally when it executes again it can measure the side effect. + +Necessary Prequisites: +1. Malicious local process passing parameters to kernel +2. Kernel has secrets. + +2. User process attacking another user process +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +In this scenario an malicious user process wants to attack another +user process through a context switch. + +For variant 1 this generally requires passing some parameter between +the processes, which needs a data passing relationship, such a remote +procedure calls (RPC). + +For variant 2 the poisoning can happen through a context switch, or +on CPUs with simultaneous multi-threading (SMT) potentially on the +thread sibling executing in parallel on the same core. In either case, +controlling the memory leaked by the disclosure gadget also requires a data +passing relationship to the victim process, otherwise while it may +observe values through side effects, it won't know which memory +addresses they relate to. + +Necessary Prerequisites: +1. Malicious code running as local process +2. Victim processes containing secrets running on same core. + +3. User sandbox attacking runtime in process +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +A process, such as a web browser, might be running interpreted or JITed +untrusted code, such as javascript code downloaded from a website. +It uses restrictions in the JIT code generator and checks in a run time +to prevent the untrusted code from attacking the hosting process. + +The untrusted code might either use variant 1 or 2 to trick +a disclosure gadget in the run time to read memory inside the process. + +Necessary Prerequisites: +1. Sandbox in process running untrusted code. +2. Runtime in same process containing secrets. + +4. Kernel sandbox attacking kernel +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The kernel has support for running user-supplied programs within the +kernel. Specific rules (such as bounds checking) are enforced on these +programs by the kernel to ensure that they do not violate access controls. + +eBPF is a kernel sub-system that uses user-supplied program +to execute JITed untrusted byte code inside the kernel. eBPF is used +for manipulating and examining network packets, examining system call +parameters for sand boxes and other uses. + +A malicious local process could upload and trigger an malicious +eBPF script to the kernel, with the script attacking the kernel +using variant 1 or 2 and reading memory. + +Necessary Prerequisites: +1. Malicious local process +2. eBPF JIT enabled for unprivileged users, attacking kernel with secrets +on the same machine. + +5. Virtualization guest attacking host +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +An untrusted guest might attack the host through a hyper call +or other virtualization exit. + +Necessary Prerequisites: +1. Untrusted guest attacking host +2. Host has secrets on local machine. + +For variant 1 VM exits use appropriate mitigations +("bounds clipping") to prevent speculation leaking data +in kernel code. For variant 2 the kernel flushes the branch buffer. + +6. Virtualization guest attacking other guest +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +An untrusted guest attacking another guest containing +secrets. Mitigations are similar to when a guest attack +the host. + +Runtime vulnerability information +--------------------------------- + +The kernel reports the vulnerability and mitigation status in +/sys/devices/system/cpu/vulnerabilities/* + +The spectre_v1 file describes the always enabled variant 1 +mitigation: + +/sys/devices/system/cpu/vulnerabilities/spectre_v1 + +The value in this file: + + ======================================= ================================= + 'Mitigation: __user pointer sanitation' Protection in kernel on a case by + case base with explicit pointer + sanitation. + ======================================= ================================= + +The spectre_v2 kernel file reports if the kernel has been compiled with a +retpoline aware compiler, if the CPU has hardware mitigation, and if the +CPU has microcode support for additional process specific mitigations. + +It also reports CPU features enabled by microcode to mitigate attack +between user processes: + +1. Indirect Branch Prediction Barrier (IBPB) to add additional + isolation between processes of different users +2. Single Thread Indirect Branch Prediction (STIBP) to additional + isolation between CPU threads running on the same core. + +These CPU features may impact performance when used and can +be enabled per process on a case-by-case base. + +/sys/devices/system/cpu/vulnerabilities/spectre_v2 + +The values in this file: + + - Kernel status: + + ==================================== ================================= + 'Not affected' The processor is not vulnerable + 'Vulnerable' Vulnerable, no mitigation + 'Mitigation: Full generic retpoline' Software-focused mitigation + 'Mitigation: Full AMD retpoline' AMD-specific software mitigation + 'Mitigation: Enhanced IBRS' Hardware-focused mitigation + ==================================== ================================= + + - Firmware status: + + ========== ============================================================= + 'IBRS_FW' Protection against user program attacks when calling firmware + ========== ============================================================= + + - Indirect branch prediction barrier (IBPB) status for protection between + processes of different users. This feature can be controlled through + prctl per process, or through kernel command line options. For more details + see below. + + =================== ======================================================== + 'IBPB: disabled' IBPB unused + 'IBPB: always-on' Use IBPB on all tasks + 'IBPB: conditional' Use IBPB on SECCOMP or indirect branch restricted tasks + =================== ======================================================== + + - Single threaded indirect branch prediction (STIBP) status for protection + between different hyper threads. This feature can be controlled through + prctl per process, or through kernel command line options. For more details + see below. + + ==================== ======================================================== + 'STIBP: disabled' STIBP unused + 'STIBP: forced' Use STIBP on all tasks + 'STIBP: conditional' Use STIBP on SECCOMP or indirect branch restricted tasks + ==================== ======================================================== + + - Return stack buffer (RSB) protection status: + + ============= =========================================== + 'RSB filling' Protection of RSB on context switch enabled + ============= =========================================== + +Full mitigations might require an microcode update from the CPU +vendor. When the necessary microcode is not available the kernel +will report vulnerability. + +Kernel mitigation +----------------- + +The kernel has default on mitigations for Variant 1 and Variant 2 +against attacks from user programs or guests. For variant 1 it +annotates vulnerable kernel code (as determined by the sparse code +scanning tool and code audits) to use "bounds clipping" to avoid any +usable disclosure gadgets. + +For variant 2 the kernel employs "retpoline" with compiler help to secure +the indirect branches inside the kernel, when CONFIG_RETPOLINE is enabled +and the compiler supports retpoline. On Intel Skylake-era systems the +mitigation covers most, but not all, cases, see [1] for more details. + +On CPUs with hardware mitigations for variant 2, retpoline is +automatically disabled at runtime. + +Using kernel address space randomization (CONFIG_RANDOMIZE_SLAB=y +and CONFIG_SLAB_FREELIST_RANDOM=y in the kernel configuration) +makes attacks on the kernel generally more difficult. + +Host mitigation +--------------- + +The Linux kernel uses retpoline to eliminate attacks on indirect +branches. It also flushes the Return Branch Stack on every VM exit to +prevent guests from attacking the host kernel when retpoline is +enabled. + +Variant 1 attacks are mitigated unconditionally. + +The kernel also allows guests to use any microcode based mitigations +they chose to use (such as IBPB or STIBP), assuming the +host has an updated microcode and reports the feature in +/sys/devices/system/cpu/vulnerabilities/spectre_v2. + +Mitigation control at kernel build time +--------------------------------------- + +When the CONFIG_RETPOLINE option is enabled the kernel uses special +code sequences to avoid attacks on indirect branches through +Variant 2 attacks. + +The compiler also needs to support retpoline and support the +-mindirect-branch=thunk-extern -mindirect-branch-register options +for gcc, or -mretpoline-external-thunk option for clang. + +When the compiler doesn't support these options the kernel +will report that it is vulnerable. + +Variant 1 mitigations and other side channel related user APIs are +enabled unconditionally. + +Hardware mitigation +------------------- + +Some CPUs have hardware mitigations (e.g. enhanced IBRS) for Spectre +variant 2. The 4.19 kernel has support for detecting this capability +and automatically disable any unnecessary workarounds at runtime. + +User program mitigation +----------------------- + +For variant 1 user programs can use LFENCE or bounds clipping. For more +details see [3]. + +For variant 2 user programs can be compiled with retpoline or +restricting its indirect branch speculation via prctl. (See +Documenation/speculation.txt for detailed API.) + +User programs should use address space randomization +(/proc/sys/kernel/randomize_va_space = 1 or 2) to make any attacks +more difficult. + +Mitigation control on the kernel command line +--------------------------------------------- + +Spectre v2 mitigations can be disabled and force enabled at the kernel +command line. + + nospectre_v2 [X86] Disable all mitigations for the Spectre variant 2 + (indirect branch prediction) vulnerability. System may + allow data leaks with this option, which is equivalent + to spectre_v2=off. + + + spectre_v2= [X86] Control mitigation of Spectre variant 2 + (indirect branch speculation) vulnerability. + The default operation protects the kernel from + user space attacks. + + on - unconditionally enable, implies + spectre_v2_user=on + off - unconditionally disable, implies + spectre_v2_user=off + auto - kernel detects whether your CPU model is + vulnerable + + Selecting 'on' will, and 'auto' may, choose a + mitigation method at run time according to the + CPU, the available microcode, the setting of the + CONFIG_RETPOLINE configuration option, and the + compiler with which the kernel was built. + + Selecting 'on' will also enable the mitigation + against user space to user space task attacks. + + Selecting 'off' will disable both the kernel and + the user space protections. + + Specific mitigations can also be selected manually: + + retpoline - replace indirect branches + retpoline,generic - google's original retpoline + retpoline,amd - AMD-specific minimal thunk + + Not specifying this option is equivalent to + spectre_v2=auto. + +For user space mitigation: + + spectre_v2_user= + [X86] Control mitigation of Spectre variant 2 + (indirect branch speculation) vulnerability between + user space tasks + + on - Unconditionally enable mitigations. Is + enforced by spectre_v2=on + + off - Unconditionally disable mitigations. Is + enforced by spectre_v2=off + + prctl - Indirect branch speculation is enabled, + but mitigation can be enabled via prctl + per thread. The mitigation control state + is inherited on fork. + + prctl,ibpb + - Like "prctl" above, but only STIBP is + controlled per thread. IBPB is issued + always when switching between different user + space processes. + + seccomp + - Same as "prctl" above, but all seccomp + threads will enable the mitigation unless + they explicitly opt out. + + seccomp,ibpb + - Like "seccomp" above, but only STIBP is + controlled per thread. IBPB is issued + always when switching between different + user space processes. + + auto - Kernel selects the mitigation depending on + the available CPU features and vulnerability. + + Default mitigation: + If CONFIG_SECCOMP=y then "seccomp", otherwise "prctl" + + Not specifying this option is equivalent to + spectre_v2_user=auto. + + In general the kernel by default selects + reasonable mitigations for the current CPU. To + disable Spectre v2 mitigations boot with + spectre_v2=off. Spectre v1 mitigations cannot + be disabled. + +APIs for mitigation control of user process +------------------------------------------- + +When enabling the "prctl" option for spectre_v2_user boot parameter, +prctl can be used to restrict indirect branch speculation on a process. +See Documenation/speculation.txt for detailed API. + +Processes containing secrets, such as cryptographic keys, may invoke +this prctl for extra protection against Spectre v2. + +Before running untrusted processes, restricting their indirect branch +speculation will prevent such processes from launching Spectre v2 attacks. + +Restricting indirect branch speuclation on a process should be only used +as needed, as restricting speculation reduces both performance of the +process, and also process running on the sibling CPU thread. + +Under the "seccomp" option, the processes sandboxed with SECCOMP will +have indirect branch speculation restricted automatically. + +References +---------- + +Intel white papers and documents on Spectre: + +https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf + +[1] +https://software.intel.com/security-software-guidance/api-app/sites/default/files/Retpoline-A-Branch-Target-Injection-Mitigation.pdf + +https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html + +[3] https://software.intel.com/security-software-guidance/ + +https://software.intel.com/security-software-guidance/insights/deep-dive-single-thread-indirect-branch-predictors + +AMD white papers: + +https://developer.amd.com/wp-content/resources/90343-B_SoftwareTechniquesforManagingSpeculation_WP_7-18Update_FNL.pdf + +https://www.amd.com/en/corporate/security-updates + +ARM white papers: + +https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/download-the-whitepaper + +https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/latest-updates/cache-speculation-issues-update + +MIPS: + +https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/ + +Academic papers: + +https://spectreattack.com/spectre.pdf [original spectre paper] + +[2] https://arxiv.org/abs/1807.10535 [NetSpectre] + +https://arxiv.org/abs/1811.05441 [generalization of Spectre] + +https://arxiv.org/abs/1807.07940 [Spectre RSB, a variant of Spectre v2] -- 2.9.4

5 years, 2 months

8
24
0 0

patch "devres: Align data[] to ARCH_KMALLOC_MINALIGN" added to driver-core-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled devres: Align data[] to ARCH_KMALLOC_MINALIGN to my driver-core git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git in the driver-core-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From a66d972465d15b1d89281258805eb8b47d66bd36 Mon Sep 17 00:00:00 2001 From: Alexey Brodkin <alexey.brodkin(a)synopsys.com> Date: Wed, 31 Oct 2018 18:25:47 +0300 Subject: devres: Align data[] to ARCH_KMALLOC_MINALIGN Initially we bumped into problem with 32-bit aligned atomic64_t on ARC, see [1]. And then during quite lengthly discussion Peter Z. mentioned ARCH_KMALLOC_MINALIGN which IMHO makes perfect sense. If allocation is done by plain kmalloc() obtained buffer will be ARCH_KMALLOC_MINALIGN aligned and then why buffer obtained via devm_kmalloc() should have any other alignment? This way we at least get the same behavior for both types of allocation. [1] http://lists.infradead.org/pipermail/linux-snps-arc/2018-July/004009.html [2] http://lists.infradead.org/pipermail/linux-snps-arc/2018-July/004036.html Signed-off-by: Alexey Brodkin <abrodkin(a)synopsys.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Geert Uytterhoeven <geert(a)linux-m68k.org> Cc: David Laight <David.Laight(a)ACULAB.COM> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Vineet Gupta <vgupta(a)synopsys.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Greg KH <greg(a)kroah.com> Cc: <stable(a)vger.kernel.org> # 4.8+ Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/base/devres.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/base/devres.c b/drivers/base/devres.c index 4aaf00d2098b..e038e2b3b7ea 100644 --- a/drivers/base/devres.c +++ b/drivers/base/devres.c @@ -26,8 +26,14 @@ struct devres_node { struct devres { struct devres_node node; - /* -- 3 pointers */ - unsigned long long data[]; /* guarantee ull alignment */ + /* + * Some archs want to perform DMA into kmalloc caches + * and need a guaranteed alignment larger than + * the alignment of a 64-bit integer. + * Thus we use ARCH_KMALLOC_MINALIGN here and get exactly the same + * buffer alignment as if it was allocated by plain kmalloc(). + */ + u8 __aligned(ARCH_KMALLOC_MINALIGN) data[]; }; struct devres_group { -- 2.19.1

5 years, 2 months

2
4
0 0

[PATCH REGRESSION] Revert "ath10k: add quiet mode support for QCA6174/QCA9377"

by Brian Norris

This reverts commit cfb353c0dc058bc1619cc226d3cbbda1f360bdd3. WCN3990 firmware does not yet implement this feature, and so it crashes like this: fatal error received: err_qdi.c:456:EX:wlan_process:1:WLAN RT:207a:PC=b001b4f0 This feature can be re-implemented with a proper service bitmap or other feature-discovery mechanism in the future. But it should not break working boards. Fixes: cfb353c0dc05 ("ath10k: add quiet mode support for QCA6174/QCA9377") Cc: Yu Wang <yyuwang(a)codeaurora.org> Cc: Rakesh Pillai <pillair(a)codeaurora.org> Cc: Govind Singh <govinds(a)codeaurora.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Brian Norris <briannorris(a)chromium.org> --- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 33 +---------------------- drivers/net/wireless/ath/ath10k/wmi-tlv.h | 16 ----------- 2 files changed, 1 insertion(+), 48 deletions(-) diff --git a/drivers/net/wireless/ath/ath10k/wmi-tlv.c b/drivers/net/wireless/ath/ath10k/wmi-tlv.c index ad4114a88170..099e78b5de1f 100644 --- a/drivers/net/wireless/ath/ath10k/wmi-tlv.c +++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.c @@ -3209,37 +3209,6 @@ ath10k_wmi_tlv_op_gen_tdls_peer_update(struct ath10k *ar, return skb; } -static struct sk_buff * -ath10k_wmi_tlv_op_gen_pdev_set_quiet_mode(struct ath10k *ar, u32 period, - u32 duration, u32 next_offset, - u32 enabled) -{ - struct wmi_tlv_set_quiet_cmd *cmd; - struct wmi_tlv *tlv; - struct sk_buff *skb; - - skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd)); - if (!skb) - return ERR_PTR(-ENOMEM); - - tlv = (void *)skb->data; - tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_PDEV_SET_QUIET_CMD); - tlv->len = __cpu_to_le16(sizeof(*cmd)); - cmd = (void *)tlv->value; - - /* vdev_id is not in use, set to 0 */ - cmd->vdev_id = __cpu_to_le32(0); - cmd->period = __cpu_to_le32(period); - cmd->duration = __cpu_to_le32(duration); - cmd->next_start = __cpu_to_le32(next_offset); - cmd->enabled = __cpu_to_le32(enabled); - - ath10k_dbg(ar, ATH10K_DBG_WMI, - "wmi tlv quiet param: period %u duration %u enabled %d\n", - period, duration, enabled); - return skb; -} - static struct sk_buff * ath10k_wmi_tlv_op_gen_wow_enable(struct ath10k *ar) { @@ -4143,7 +4112,7 @@ static const struct wmi_ops wmi_tlv_ops = { .gen_dbglog_cfg = ath10k_wmi_tlv_op_gen_dbglog_cfg, .gen_pktlog_enable = ath10k_wmi_tlv_op_gen_pktlog_enable, .gen_pktlog_disable = ath10k_wmi_tlv_op_gen_pktlog_disable, - .gen_pdev_set_quiet_mode = ath10k_wmi_tlv_op_gen_pdev_set_quiet_mode, + /* .gen_pdev_set_quiet_mode not implemented */ .gen_pdev_get_temperature = ath10k_wmi_tlv_op_gen_pdev_get_temperature, /* .gen_addba_clear_resp not implemented */ /* .gen_addba_send not implemented */ diff --git a/drivers/net/wireless/ath/ath10k/wmi-tlv.h b/drivers/net/wireless/ath/ath10k/wmi-tlv.h index bf8a4320c39c..5db294558ce5 100644 --- a/drivers/net/wireless/ath/ath10k/wmi-tlv.h +++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.h @@ -1,7 +1,6 @@ /* * Copyright (c) 2005-2011 Atheros Communications Inc. * Copyright (c) 2011-2017 Qualcomm Atheros, Inc. - * Copyright (c) 2018, The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -1980,21 +1979,6 @@ struct wmi_tlv_wow_add_del_event_cmd { __le32 event_bitmap; } __packed; -/* Command to set/unset chip in quiet mode */ -struct wmi_tlv_set_quiet_cmd { - __le32 vdev_id; - - /* in TUs */ - __le32 period; - - /* in TUs */ - __le32 duration; - - /* offset in TUs */ - __le32 next_start; - __le32 enabled; -} __packed; - struct wmi_tlv_wow_enable_cmd { __le32 enable; } __packed; -- 2.19.1.930.g4563a0d9d0-goog

5 years, 2 months

4
8
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror December 2018