May 2018 - Linux-stable-mirror

[PATCH] [Patch v2] usbtv: Fix refcounting mixup

by Oliver Neukum

The premature free in the error path is blocked by V4L refcounting, not USB refcounting. Thanks to Ben Hutchings for review. [v2] corrected attributions Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Fixes: 50e704453553 ("media: usbtv: prevent double free in error case") CC: stable(a)vger.kernel.org Reported-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk> --- drivers/media/usb/usbtv/usbtv-core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/media/usb/usbtv/usbtv-core.c b/drivers/media/usb/usbtv/usbtv-core.c index 5095c380b2c1..4a03c4d66314 100644 --- a/drivers/media/usb/usbtv/usbtv-core.c +++ b/drivers/media/usb/usbtv/usbtv-core.c @@ -113,7 +113,8 @@ static int usbtv_probe(struct usb_interface *intf, usbtv_audio_fail: /* we must not free at this point */ - usb_get_dev(usbtv->udev); + v4l2_device_get(&usbtv->v4l2_dev); + /* this will undo the v4l2_device_get() */ usbtv_video_free(usbtv); usbtv_video_fail: -- 2.13.6

4 years, 2 months

3
7
0 0

[Linux-stable-mirror] [PATCH] drbd: fix discard_zeroes_if_aligned regression

by Eric Wheeler

From: Eric Wheeler <git(a)linux.ewheeler.net> According to drbd.conf documentation, "To not break established and expected behaviour, and suddenly cause fstrim on thin-provisioned LVs to run out-of-space instead of freeing up space, the default value is yes." This behavior regressed in the REQ_OP_WRITE_ZEROES refactor near 45c21793 drbd: implement REQ_OP_WRITE_ZEROES 0dbed96 drbd: make intelligent use of blkdev_issue_zeroout which caused dm-thin backed DRBD volumes to zero blocks and run out of space instead of passing discard to the backing device as defined by the discard_zeroes_if_aligned option. A helper function could reduce code duplication. Signed-off-by: Eric Wheeler <drbd(a)linux.ewheeler.net> Cc: <stable(a)vger.kernel.org> # 4.14 --- drivers/block/drbd/drbd_receiver.c | 22 ++++++++++++++++++++-- drivers/block/drbd/drbd_req.c | 23 +++++++++++++++++++++-- 2 files changed, 41 insertions(+), 4 deletions(-) diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c index 62a902f..58f0e43 100644 --- a/drivers/block/drbd/drbd_receiver.c +++ b/drivers/block/drbd/drbd_receiver.c @@ -1507,9 +1507,27 @@ void drbd_bump_write_ordering(struct drbd_resource *resource, struct drbd_backin static void drbd_issue_peer_discard(struct drbd_device *device, struct drbd_peer_request *peer_req) { struct block_device *bdev = device->ldev->backing_bdev; + struct disk_conf *dc; + bool discard_zeroes_if_aligned, zeroout; - if (blkdev_issue_zeroout(bdev, peer_req->i.sector, peer_req->i.size >> 9, - GFP_NOIO, 0)) + rcu_read_lock(); + dc = rcu_dereference(device->ldev->disk_conf); + discard_zeroes_if_aligned = dc->discard_zeroes_if_aligned; + rcu_read_unlock(); + + /* Use zeroout unless discard_zeroes_if_aligned is set. + * If blkdev_issue_discard fails, then retry with blkdev_issue_zeroout. + * See also drbd_process_discard_req() in drbd_req.c. + */ + zeroout = true; + if (discard_zeroes_if_aligned && + blkdev_issue_discard(bdev, peer_req->i.sector, + peer_req->i.size >> 9, GFP_NOIO, 0) == 0) + zeroout = false; + + if (zeroout && + blkdev_issue_zeroout(bdev, peer_req->i.sector, + peer_req->i.size >> 9, GFP_NOIO, 0) != 0) peer_req->flags |= EE_WAS_ERROR; drbd_endio_write_sec_final(peer_req); diff --git a/drivers/block/drbd/drbd_req.c b/drivers/block/drbd/drbd_req.c index de8566e..070b5e7 100644 --- a/drivers/block/drbd/drbd_req.c +++ b/drivers/block/drbd/drbd_req.c @@ -1158,9 +1158,28 @@ static int drbd_process_write_request(struct drbd_request *req) static void drbd_process_discard_req(struct drbd_request *req) { struct block_device *bdev = req->device->ldev->backing_bdev; + struct drbd_device *device = req->device; + struct disk_conf *dc; + bool discard_zeroes_if_aligned, zeroout; - if (blkdev_issue_zeroout(bdev, req->i.sector, req->i.size >> 9, - GFP_NOIO, 0)) + rcu_read_lock(); + dc = rcu_dereference(device->ldev->disk_conf); + discard_zeroes_if_aligned = dc->discard_zeroes_if_aligned; + rcu_read_unlock(); + + /* Use zeroout unless discard_zeroes_if_aligned is set. + * If blkdev_issue_discard fails, then retry with blkdev_issue_zeroout. + * See also drbd_issue_peer_discard() in drbd_receiver.c. + */ + zeroout = true; + if (discard_zeroes_if_aligned && + blkdev_issue_discard(bdev, req->i.sector, req->i.size >> 9, + GFP_NOIO, 0) == 0) + zeroout = false; + + if (zeroout && + blkdev_issue_zeroout(bdev, req->i.sector, req->i.size >> 9, + GFP_NOIO, 0) != 0) req->private_bio->bi_status = BLK_STS_IOERR; bio_endio(req->private_bio); } -- 1.8.3.1

5 years, 6 months

3
4
0 0

Please include d391f120706726826 in v4.9.y [x86/kvm/vmx]: do not use vm-exit instruction length for fast MMIO when running nested

by Mike Haboustak

The following commit fixes freezes in virtio device drivers when KVM is nested under VMWare Workstation/ESXi or Hyper-V. I've encountered problems running KVM inside VMWare since upgrading to Debian 9 (currently testing 4.9.88-1+deb9u1). d391f1207067268261add0485f0f34503539c5b0 The same issue affects 4.4.y as well. A git-bisect within my environment stopped at e9ea5069d9e569c32ab913c39467df32e056b3a7, where the KVM capability was added that QEMU checks before enabling fast mmio. Thanks, Mike

5 years, 10 months

2
4
0 0

Re: [PATCH v5 2/3] ARM: ftrace/recordmcount: filter relocation types

by Sasha Levin

Hi, [This is an automated email] This commit has been processed by the -stable helper bot and determined to be a high probability candidate for -stable trees. (score: 46.9374) The bot has tested the following trees: v4.16.1, v4.15.16, v4.14.33, v4.9.93, v4.4.127. v4.16.1: Build OK! v4.15.16: Build OK! v4.14.33: Build OK! v4.9.93: Failed to apply! Possible dependencies: 9648dc15772d ("recordmcount: arm: Implement make_nop") v4.4.127: Failed to apply! Possible dependencies: 9648dc15772d ("recordmcount: arm: Implement make_nop") Please let us know if you'd like to have this patch included in a stable tree. -- Thanks, Sasha

5 years, 11 months

3
2
0 0

[Linux-stable-mirror] [PATCH v2] usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during suspend/resume

by Roger Quadros

In order for ULPI PHYs to work, dwc3_phy_setup() and dwc3_ulpi_init() must be doene before dwc3_core_get_phy(). commit 541768b08a40 ("usb: dwc3: core: Call dwc3_core_get_phy() before initializing phys") broke this. The other issue is that dwc3_core_get_phy() and dwc3_ulpi_init() should be called only once during the life cycle of the driver. However, as dwc3_core_init() is called during system suspend/resume it will result in multiple calls to dwc3_core_get_phy() and dwc3_ulpi_init() which is wrong. Fix this by moving dwc3_ulpi_init() out of dwc3_phy_setup() into dwc3_core_ulpi_init(). Use a flag 'ulpi_ready' to ensure that dwc3_core_ulpi_init() is called only once from dwc3_core_init(). Use another flag 'phys_ready' to call dwc3_core_get_phy() only once from dwc3_core_init(). Fixes: 541768b08a40 ("usb: dwc3: core: Call dwc3_core_get_phy() before initializing phys") Fixes: f54edb539c11 ("usb: dwc3: core: initialize ULPI before trying to get the PHY") Cc: linux-stable <stable(a)vger.kernel.org> # >= v4.13 Signed-off-by: Roger Quadros <rogerq(a)ti.com> --- Changelog: v2: - don't break ULPI case. Also take into consideration suspend/resume for ULPI case. drivers/usb/dwc3/core.c | 47 ++++++++++++++++++++++++++++++++++++----------- drivers/usb/dwc3/core.h | 5 +++++ 2 files changed, 41 insertions(+), 11 deletions(-) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 0783250..84382f6 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -482,6 +482,22 @@ static void dwc3_cache_hwparams(struct dwc3 *dwc) parms->hwparams8 = dwc3_readl(dwc->regs, DWC3_GHWPARAMS8); } +static int dwc3_core_ulpi_init(struct dwc3 *dwc) +{ + int intf; + int ret = 0; + + intf = DWC3_GHWPARAMS3_HSPHY_IFC(dwc->hwparams.hwparams3); + + if (intf == DWC3_GHWPARAMS3_HSPHY_IFC_ULPI || + (intf == DWC3_GHWPARAMS3_HSPHY_IFC_UTMI_ULPI && + dwc->hsphy_interface && + !strncmp(dwc->hsphy_interface, "ulpi", 4))) + ret = dwc3_ulpi_init(dwc); + + return ret; +} + /** * dwc3_phy_setup - Configure USB PHY Interface of DWC3 Core * @dwc: Pointer to our controller context structure @@ -493,7 +509,6 @@ static void dwc3_cache_hwparams(struct dwc3 *dwc) static int dwc3_phy_setup(struct dwc3 *dwc) { u32 reg; - int ret; reg = dwc3_readl(dwc->regs, DWC3_GUSB3PIPECTL(0)); @@ -564,9 +579,6 @@ static int dwc3_phy_setup(struct dwc3 *dwc) } /* FALLTHROUGH */ case DWC3_GHWPARAMS3_HSPHY_IFC_ULPI: - ret = dwc3_ulpi_init(dwc); - if (ret) - return ret; /* FALLTHROUGH */ default: break; @@ -723,6 +735,7 @@ static void dwc3_core_setup_global_control(struct dwc3 *dwc) } static int dwc3_core_get_phy(struct dwc3 *dwc); +static int dwc3_core_ulpi_init(struct dwc3 *dwc); /** * dwc3_core_init - Low-level initialization of DWC3 Core @@ -754,17 +767,27 @@ static int dwc3_core_init(struct dwc3 *dwc) dwc->maximum_speed = USB_SPEED_HIGH; } - ret = dwc3_core_get_phy(dwc); + ret = dwc3_phy_setup(dwc); if (ret) goto err0; - ret = dwc3_core_soft_reset(dwc); - if (ret) - goto err0; + if (!dwc->ulpi_ready) { + ret = dwc3_core_ulpi_init(dwc); + if (ret) + goto err0; + dwc->ulpi_ready = true; + } - ret = dwc3_phy_setup(dwc); + if (!dwc->phys_ready) { + ret = dwc3_core_get_phy(dwc); + if (ret) + goto err0a; + dwc->phys_ready = true; + } + + ret = dwc3_core_soft_reset(dwc); if (ret) - goto err0; + goto err0a; dwc3_core_setup_global_control(dwc); dwc3_core_num_eps(dwc); @@ -837,6 +860,9 @@ static int dwc3_core_init(struct dwc3 *dwc) phy_exit(dwc->usb2_generic_phy); phy_exit(dwc->usb3_generic_phy); +err0a: + dwc3_ulpi_exit(dwc); + err0: return ret; } @@ -1229,7 +1255,6 @@ static int dwc3_probe(struct platform_device *pdev) err3: dwc3_free_event_buffers(dwc); - dwc3_ulpi_exit(dwc); err2: pm_runtime_allow(&pdev->dev); diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index 4a4a4c9..6b202e3 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -795,7 +795,9 @@ struct dwc3_scratchpad_array { * @usb3_phy: pointer to USB3 PHY * @usb2_generic_phy: pointer to USB2 PHY * @usb3_generic_phy: pointer to USB3 PHY + * @phys_ready: flag to indicate that PHYs are ready * @ulpi: pointer to ulpi interface + * @ulpi_ready: flag to indicate that ULPI is initialized * @isoch_delay: wValue from Set Isochronous Delay request; * @u2sel: parameter from Set SEL request. * @u2pel: parameter from Set SEL request. @@ -893,7 +895,10 @@ struct dwc3 { struct phy *usb2_generic_phy; struct phy *usb3_generic_phy; + bool phys_ready; + struct ulpi *ulpi; + bool ulpi_ready; void __iomem *regs; size_t regs_size; -- cheers, -roger Texas Instruments Finland Oy, Porkkalankatu 22, 00180 Helsinki. Y-tunnus/Business ID: 0615521-4. Kotipaikka/Domicile: Helsinki

5 years, 11 months

3
7
0 0

Re: [Linux-stable-mirror] stable/linux-3.16.y build: 178 builds: 1 failed, 177 passed, 2 errors, 57 warnings (v3.16.52)

by Arnd Bergmann

On Tue, Jan 2, 2018 at 12:48 PM, kernelci.org bot <bot(a)kernelci.org> wrote: Hi Ben, almost a clean build with kernelci! > Errors summary: > 1 drivers/scsi/mpt2sas/mpt2sas_base.c:3550:1: internal compiler error: in extract_constrain_insn, at recog.c:2190 > 1 drivers/scsi/mpt2sas/mpt2sas_base.c:3550:1: error: insn does not satisfy its constraints: See earlier discussion https://www.spinics.net/lists/stable/msg195996.html > Warnings summary: > 54 include/linux/stddef.h:8:14: warning: 'return' with a value, in function returning void This comes from an incorrect backport of commit 49e67dd17649 ("of: fdt: add missing allocation-failure check") It's harmless, and stable/linux-3.18.y has the correct version: --- a/drivers/of/fdt.c +++ b/drivers/of/fdt.c @@ -380,6 +380,6 @@ static void __unflatten_device_tree(void *blob, /* Allocate memory for the expanded device tree */ mem = dt_alloc(size + 4, __alignof__(struct device_node)); if (!mem) - return NULL; + return; memset(mem, 0, size); > 2 ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized] This code was last touched in 3.16 by the backport of commit 5864a2fd3088 ("ipc/sem.c: fix complex_count vs. simple op race") The warning is in "smp_load_acquire(&sma->complex_mode))", and I suspect that commit 27d7be1801a4 ("ipc/sem.c: avoid using spin_unlock_wait()") avoided the warning upstream by removing the smp_mb() before it. The code is way too complex for a fly-by analysis, so I'm adding Manfred to Cc here. It may be worth comparing the full list of backports that went into ipc/sem.c in 3.16.y with those in 3.18.y and 4.1.y that don't have the warning. Here is what I see in the git history: $ git log --oneline v3.16..stable/linux-3.16.y ipc/sem.c accb9f16adba ipc/sem.c: fix complex_count vs. simple op race 5b11c133308b ipc: remove use of seq_printf return value 08397b1a5cd4 sysv, ipc: fix security-layer leaking 35cfc2b3a9da ipc/sem.c: fully initialize sem_array before making it visible 69a9a86b645f ipc/sem.c: update/correct memory barriers 30f995ba77ca ipc/sem.c: change memory barrier in sem_lock() to smp_rmb() 76ce4fe19d6b ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits $ git log --oneline v3.16..stable/linux-3.18.y ipc/sem.c 7dd90826dfba sysv, ipc: fix security-layer leaking ff12efa03da1 ipc/sem.c: update/correct memory barriers 38b50c47c25e ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits e8577d1f0329 ipc/sem.c: fully initialize sem_array before making it visible $ git log --oneline v3.16..stable/linux-4.1.y ipc/sem.c e2b438fdfa4d sysv, ipc: fix security-layer leaking b6805da60f01 ipc/sem.c: update/correct memory barriers 7be83cf01024 ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits 7f032d6ef615 ipc: remove use of seq_printf return value 52644c9ab3fa ipc,sem: use current->state helpers 2e094abfd1f2 ipc/sem.c: change memory barrier in sem_lock() to smp_rmb() e8577d1f0329 ipc/sem.c: fully initialize sem_array before making it visible $ git log --oneline v3.16..stable/linux-4.4.y ipc/sem.c f6031d95320d ipc/sem.c: fix complex_count vs. simple op race 62659f0b9ed7 sysv, ipc: fix security-layer leaking 3ed1f8a99d70 ipc/sem.c: update/correct memory barriers a97955844807 ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem() 602b8593d2b4 ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits 55b7ae50167e ipc: rename ipc_obtain_object 7f032d6ef615 ipc: remove use of seq_printf return value 52644c9ab3fa ipc,sem: use current->state helpers 2e094abfd1f2 ipc/sem.c: change memory barrier in sem_lock() to smp_rmb() e8577d1f0329 ipc/sem.c: fully initialize sem_array before making it visible $ git log --oneline v3.16..stable/linux-4.9.y ipc/sem.c 2a1613a586de ipc/sem.c: add cond_resched in exit_sme 5864a2fd3088 ipc/sem.c: fix complex_count vs. simple op race 9b24fef9f041 sysv, ipc: fix security-layer leaking be3e78449803 locking/spinlock: Update spin_unlock_wait() users 33ac279677dc locking/barriers: Introduce smp_acquire__after_ctrl_dep() a5f4db877177 ipc/sem: make semctl setting sempid consistent 1d5cfdb07628 tree wide: use kvfree() than conditional kfree()/vfree() 3ed1f8a99d70 ipc/sem.c: update/correct memory barriers a97955844807 ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem() 602b8593d2b4 ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits 55b7ae50167e ipc: rename ipc_obtain_object 7f032d6ef615 ipc: remove use of seq_printf return value 52644c9ab3fa ipc,sem: use current->state helpers 2e094abfd1f2 ipc/sem.c: change memory barrier in sem_lock() to smp_rmb() e8577d1f0329 ipc/sem.c: fully initialize sem_array before making it visible > 1 arch/arm/kernel/head-nommu.S:167: Warning: Use of r13 as a source register is deprecated when r15 is the destination register. Fixed by backporting: 970d96f9a81b ("ARM: 8383/1: nommu: avoid deprecated source register on mov") Arnd

6 years

3
2
0 0

Re: [linux-stable-rc:linux-3.16.y 2872/3488] head64.c:undefined reference to `__gcov_exit'

by Arnd Bergmann

On Fri, Feb 16, 2018 at 7:21 PM, kbuild test robot <fengguang.wu(a)intel.com> wrote: > Hi Andrey, > > It's probably a bug fix that unveils the link errors. > > tree: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.16.y > head: 0b9f4cdd4d75131d8886b919bbf6e0c98906d36e > commit: 3cb0dc19883f0c69225311d4f76aa8128d3681a4 [2872/3488] module: fix types of device tables aliases > config: x86_64-allmodconfig (attached as .config) > compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 > reproduce: > git checkout 3cb0dc19883f0c69225311d4f76aa8128d3681a4 > # save the attached .config to linux build tree > make ARCH=x86_64 > > All errors (new ones prefixed by >>): > > arch/x86/kernel/head64.o: In function `_GLOBAL__sub_D_00100_1_early_pmd_flags': >>> head64.c:(.text.exit+0x5): undefined reference to `__gcov_exit' > arch/x86/kernel/head.o: In function `_GLOBAL__sub_D_00100_1_reserve_ebda_region': > head.c:(.text.exit+0x5): undefined reference to `__gcov_exit' > init/built-in.o: In function `_GLOBAL__sub_D_00100_1___ksymtab_system_state': > main.c:(.text.exit+0x5): undefined reference to `__gcov_exit' > init/built-in.o: In function `_GLOBAL__sub_D_00100_1_root_mountflags': > do_mounts.c:(.text.exit+0x10): undefined reference to `__gcov_exit' > init/built-in.o: In function `_GLOBAL__sub_D_00100_1_initrd_load': > do_mounts_initrd.c:(.text.exit+0x1b): undefined reference to `__gcov_exit' > init/built-in.o:initramfs.c:(.text.exit+0x26): more undefined references to `__gcov_exit' follow I think this is a result of using a too new compiler with the old 3.16 kernel. In order to build with gcc-7.3, you need to backport 05384213436a ("gcov: support GCC 7.1") It's already part of stable-3.18 and later, but not 3.2 and 3.16. Arnd

6 years

2
1
0 0

[PATCH 3.16] staging: usbip stub_rx fix static checker warning on unnecessary checks

by Shuah Khan

Upstream commit 10c901209306 ("usbip: stub_rx: fix static checker warning on unnecessary checks") Back-port fix for static checker warning on unnecessary checks smatch warnings: drivers/staging/usbip/stub_rx.c:360 get_pipe() warn: impossible condition '(pdu->u.cmd_submit.transfer_buffer_length > ((~0 >> 1))) => (s32min-s32max > s32max)' drivers/staging/usbip/stub_rx.c:501 stub_recv_cmd_submit() warn: always true condition '(pdu->u.cmd_submit.transfer_buffer_length <= ((~0 >> 1))) => (s32min-s32max <= s32max)' Reported-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Shuah Khan <shuahkh(a)osg.samsung.com> --- drivers/staging/usbip/stub_rx.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/drivers/staging/usbip/stub_rx.c b/drivers/staging/usbip/stub_rx.c index 35f59747122a..d8544ab9577b 100644 --- a/drivers/staging/usbip/stub_rx.c +++ b/drivers/staging/usbip/stub_rx.c @@ -356,14 +356,6 @@ static int get_pipe(struct stub_device *sdev, struct usbip_header *pdu) epd = &ep->desc; - /* validate transfer_buffer_length */ - if (pdu->u.cmd_submit.transfer_buffer_length > INT_MAX) { - dev_err(&sdev->udev->dev, - "CMD_SUBMIT: -EMSGSIZE transfer_buffer_length %d\n", - pdu->u.cmd_submit.transfer_buffer_length); - return -1; - } - if (usb_endpoint_xfer_control(epd)) { if (dir == USBIP_DIR_OUT) return usb_sndctrlpipe(udev, epnum); @@ -497,8 +489,7 @@ static void stub_recv_cmd_submit(struct stub_device *sdev, } /* allocate urb transfer buffer, if needed */ - if (pdu->u.cmd_submit.transfer_buffer_length > 0 && - pdu->u.cmd_submit.transfer_buffer_length <= INT_MAX) { + if (pdu->u.cmd_submit.transfer_buffer_length > 0) { priv->urb->transfer_buffer = kzalloc(pdu->u.cmd_submit.transfer_buffer_length, GFP_KERNEL); -- 2.14.1

6 years

2
1
0 0

Patch to consider for stable 3.18, 4.4 and 4.9

by Tomasz Kramkowski

In September last year, Ben Hutchings submitted commit [9547837bdccb] for 3.16.48-rc1 and I informed him that it would be useless without [3f3752705dbd] (and that maybe [c3883fe06488] would be useful as well). Ben dropped the patch but suggested I email this list with the information of the other two patches but I never quite got around to it. Now I see Sasha Levin is submitting [3f3752705dbd] and [c3883fe06488] for 4.9, 4.4 and 3.18 it would now make sense to include [9547837bdccb]. This patch fixes a minor problem where a certain USB adapter for Sega Genesis controllers appears as one input device when it has two ports for two controllers. I imagine some users of emulator distributions might use stable kernels and might benefit from this fix. I'm actually not entirely sure that patch is something suitable for stable but since it was already submitted once then I don't think it hurts to bring it up again (despite it breaking stable-kernel-rules as far as I understand it). Commits mentioned: [9547837bdccb]: HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter [3f3752705dbd]: HID: reject input outside logical range only if null state is set [c3883fe06488]: HID: clamp input to logical range if no null state If the patch [9547837bdccb] is not relevant then feel free to ignore this email. Thanks, -- Tomasz Kramkowski

6 years

3
2
0 0

[PATCH RESEND] ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry

by Changwei Ge

From: Changwei Ge <ge.changwei(a)h3c.com> Somehow, file system metadata was corrupted, which causes ocfs2_check_dir_entry() to fail in function ocfs2_dir_foreach_blk_el(). According to the original design intention, if above happens we should skip the problematic block and continue to retrieve dir entry. But there is obviouse misuse of brelse around related code. After failure of ocfs2_check_dir_entry(), currunt code just moves to next position and uses the problematic buffer head again and again during which the problematic buffer head is released for multiple times. I suppose, this a serious issue which is long-lived in ocfs2. This may cause other file systems which is also used in a the same host insane. So we should also consider about bakcporting this patch into linux -stable. Suggested-by: Changkuo Shi <shi.changkuo(a)h3c.com> Cc: stable(a)vger.kernel.org Signed-off-by: Changwei Ge <ge.changwei(a)h3c.com> --- fs/ocfs2/dir.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c index b048d4f..c121abb 100644 --- a/fs/ocfs2/dir.c +++ b/fs/ocfs2/dir.c @@ -1897,8 +1897,7 @@ static int ocfs2_dir_foreach_blk_el(struct inode *inode, /* On error, skip the f_pos to the next block. */ ctx->pos = (ctx->pos | (sb->s_blocksize - 1)) + 1; - brelse(bh); - continue; + break; } if (le64_to_cpu(de->inode)) { unsigned char d_type = DT_UNKNOWN; -- 2.7.4

6 years

3
3
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2018