October 2019 - Linux-stable-mirror

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.3.4 release. There are 344 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat 05 Oct 2019 03:37:47 PM UTC. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.3.4-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.3.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.3.4-rc1 Pi-Hsun Shih <pihsun(a)chromium.org> platform/chrome: cros_ec_rpmsg: Fix race with host command when probe failed Lorenzo Bianconi <lorenzo(a)kernel.org> mt76: mt7615: fix mt7615 firmware path definitions Lorenzo Bianconi <lorenzo(a)kernel.org> mt76: mt7615: always release sem in mt7615_load_patch NeilBrown <neilb(a)suse.de> md/raid0: avoid RAID0 data corruption due to layout confusion. Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/display: fix 64 bit divide Zhan Liu <zhan.liu(a)amd.com> drm/amd/display: Add missing HBM support and raise Vega20's uclk. Charlene Liu <charlene.liu(a)amd.com> drm/amd/display: dce11.x /dce12 update formula input Kai-Heng Feng <kai.heng.feng(a)canonical.com> drm/amd/display: Restore backlight brightness after system resume Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Fix oplock handling for SMB 2.1+ protocols Murphy Zhou <jencce.kernel(a)gmail.com> CIFS: fix max ea value size Chris Brandt <chris.brandt(a)renesas.com> i2c: riic: Clear NACK in tend isr Laurent Vivier <lvivier(a)redhat.com> hwrng: core - don't wait on add_early_randomness() Chao Yu <yuchao0(a)huawei.com> quota: fix wrong condition in is_quota_modification() Theodore Ts'o <tytso(a)mit.edu> ext4: fix punch hole for inline_data file systems Rakesh Pandit <rakesh(a)tuxera.com> ext4: fix warning inside ext4_convert_unwritten_extents_endio Christophe Kerello <christophe.kerello(a)st.com> mtd: rawnand: stm32_fmc2: avoid warnings when building with W=1 option Tony Camuso <tcamuso(a)redhat.com> ipmi: move message error checking to avoid deadlock Jan Kara <jack(a)suse.cz> xfs: Fix stale data exposure when readahead races with hole punch Jan Kara <jack(a)suse.cz> mm: Handle MADV_WILLNEED through vfs_fadvise() Jan Kara <jack(a)suse.cz> fs: Export generic_fadvise() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> /dev/mem: Bail out upon SIGKILL. Denis Kenzior <denkenz(a)gmail.com> cfg80211: Purge frame registrations on iftype change NeilBrown <neilb(a)suse.com> md: only call set_in_sync() when it is expected to succeed. NeilBrown <neilb(a)suse.com> md: don't report active array_state until after revalidate_disk() completes. Xiao Ni <xni(a)redhat.com> md/raid6: Set R5_ReadError when there is read failure on parity disk Jarkko Nikula <jarkko.nikula(a)linux.intel.com> ACPI / LPSS: Save/restore LPSS private registers also on Lynxpoint Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Fix buffer handling of GSS MIC without slack Trond Myklebust <trondmy(a)gmail.com> SUNRPC: Dequeue the request from the receive queue while we're re-encoding Qu Wenruo <wqu(a)suse.com> btrfs: Fix a regression which we can't convert to SINGLE profile Filipe Manana <fdmanana(a)suse.com> Btrfs: fix race setting up and completing qgroup rescan workers Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space Dennis Zhou <dennis(a)kernel.org> btrfs: adjust dirty_metadata_bytes after writeback failure of extent buffer Nikolay Borisov <nborisov(a)suse.com> btrfs: Relinquish CPUs in btrfs_compare_trees Filipe Manana <fdmanana(a)suse.com> Btrfs: fix use-after-free when using the tree modification log Christophe Leroy <christophe.leroy(a)c-s.fr> btrfs: fix allocation of free space cache v1 bitmap pages Mark Salyzyn <salyzyn(a)android.com> ovl: filter of trusted xattr results in audit Ding Xiang <dingxiang(a)cmss.chinamobile.com> ovl: Fix dereferencing possible ERR_PTR() Steve French <stfrench(a)microsoft.com> smb3: fix leak in "open on server" perf counter Steve French <stfrench(a)microsoft.com> smb3: fix unmount hang in open_shroot Steve French <stfrench(a)microsoft.com> smb3: allow disabling requesting leases Yufen Yu <yuyufen(a)huawei.com> block: fix null pointer dereference in blk_mq_rq_timed_out() Damien Le Moal <damien.lemoal(a)wdc.com> block: mq-deadline: Fix queue restart handling Stefan Assmann <sassmann(a)kpanic.de> i40e: check __I40E_VF_DISABLE bit in i40e_sync_filters_subtask Rakesh Pillai <pillair(a)codeaurora.org> ath10k: fix channel info parsing for non tlv target Jian-Hong Pan <jian-hong(a)endlessm.com> rtw88: pci: Use DMA sync instead of remapping in RX ISR Jian-Hong Pan <jian-hong(a)endlessm.com> rtw88: pci: Rearrange the memory usage for skb in RX ISR Roberto Sassu <roberto.sassu(a)huawei.com> KEYS: trusted: correctly initialize digests and fix locking issue Felix Fietkau <nbd(a)nbd.name> mt76: round up length on mt76_wr_copy Dave Rodgman <dave.rodgman(a)arm.com> lib/lzo/lzo1x_compress.c: fix alignment bug in lzo-rle Michal Hocko <mhocko(a)suse.com> memcg, kmem: do not fail __GFP_NOFAIL charges Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> memcg, oom: don't require __GFP_FS when invoking memcg OOM killer Yafang Shao <laoar.shao(a)gmail.com> mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone Vitaly Wool <vitalywool(a)gmail.com> z3fold: fix memory leak in kmem cache Vitaly Wool <vitalywool(a)gmail.com> z3fold: fix retry mechanism in page reclaim Bob Peterson <rpeterso(a)redhat.com> gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps Hans de Goede <hdegoede(a)redhat.com> efifb: BGRT: Improve efifb_bgrt_sanity_check Mark Brown <broonie(a)kernel.org> regulator: Defer init completion for a while after late_initcall Nadav Amit <namit(a)vmware.com> iommu/vt-d: Fix wrong analysis whether devices share the same bus Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP Will Deacon <will(a)kernel.org> iommu/arm-smmu-v3: Disable detection of ATS and PRI Shawn Lin <shawn.lin(a)rock-chips.com> arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328 Will Deacon <will(a)kernel.org> arm64: tlb: Ensure we execute an ISB following walk cache invalidation Luis Araneda <luaraneda(a)gmail.com> ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up Lihua Yao <ylhuajnu(a)outlook.com> ARM: samsung: Fix system restart on S3C6410 Gao Xiang <gaoxiang25(a)huawei.com> staging: erofs: cannot set EROFS_V_Z_INITED_BIT if fill_inode_lazy fails Amadeusz Sławiński <amadeuszx.slawinski(a)intel.com> ASoC: Intel: Fix use of potentially uninitialized variable Amadeusz Sławiński <amadeuszx.slawinski(a)intel.com> ASoC: Intel: Skylake: Use correct function to access iomem space Amadeusz Sławiński <amadeuszx.slawinski(a)intel.com> ASoC: Intel: NHLT: Fix debug print format Kees Cook <keescook(a)chromium.org> binfmt_elf: Do not move brk for INTERP-less ET_EXEC Vladimir Oltean <olteanv(a)gmail.com> spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours Alexander Sverdlin <alexander.sverdlin(a)gmail.com> spi: ep93xx: Repair SPI CS lookup tables Guillaume Tucker <guillaume.tucker(a)collabora.com> media: vivid: fix device init when no_error_inj=1 and fb disabled Arnd Bergmann <arnd(a)arndb.de> media: don't drop front-end reference count for ->detach Francois Buergisser <fbuergisser(a)chromium.org> media: hantro: Set DMA max segment size Hans de Goede <hdegoede(a)redhat.com> media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: videobuf-core.c: poll_wait needs a non-NULL buf pointer Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86/mmu: Use fast invalidate mechanism to zap MMIO sptes Jim Mattson <jmattson(a)google.com> kvm: x86: Add "significant index" flag to a few CPUID leaves Alexander Graf <graf(a)amazon.com> KVM: x86: Disable posted interrupts for non-standard IRQs delivery modes Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: Manually calculate reserved bits when loading PDPTRS Jan Dakinevich <jan.dakinevich(a)virtuozzo.com> KVM: x86: set ctxt->have_exception in x86_decode_insn() Jan Dakinevich <jan.dakinevich(a)virtuozzo.com> KVM: x86: always stop emulation on page fault Hans de Goede <hdegoede(a)redhat.com> platform/x86: intel_int0002_vgpio: Fix wakeups not working on Cherry Trail Helge Deller <deller(a)gmx.de> parisc: Disable HP HSC-PCI Cards to prevent kernel crash Tejun Heo <tj(a)kernel.org> fuse: fix beyond-end-of-page access in fuse_parse_cache() Vasily Averin <vvs(a)virtuozzo.com> fuse: fix missing unlock_page in fuse_writepage() Eric Biggers <ebiggers(a)google.com> fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> tpm: Wrap the buffer from the caller to tpm_buf in tpm_send() Stefan Berger <stefanb(a)linux.ibm.com> tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts Stefan Berger <stefanb(a)linux.ibm.com> tpm_tis_core: Turn on the TPM before probing IRQ's Madhavan Srinivasan <maddy(a)linux.vnet.ibm.com> powerpc/imc: Dont create debugfs files for cpu-less nodes Ming Lei <ming.lei(a)redhat.com> scsi: implement .cleanup_rq callback Ming Lei <ming.lei(a)redhat.com> blk-mq: add callback of .cleanup_rq Jan-Marek Glogowski <glogow(a)fbihome.de> ALSA: hda/realtek - PCI quirk for Medion E4254 Peter Zijlstra <peterz(a)infradead.org> rcu/tree: Fix SCHED_FIFO params Adam Ford <aford173(a)gmail.com> ARM: dts: am3517-evm: Fix missing video Joonwon Kang <kjw1627(a)gmail.com> randstruct: Check member structs in is_pure_ops_struct() Jack Morgenstein <jackm(a)dev.mellanox.co.il> RDMA: Fix double-free in srq creation error flow Kaike Wan <kaike.wan(a)intel.com> IB/hfi1: Do not update hcrc for a KDETH packet during fault injection Ira Weiny <ira.weiny(a)intel.com> IB/hfi1: Define variables as unsigned long to fix KASAN warning Danit Goldberg <danitg(a)mellanox.com> IB/mlx5: Free mpi in mp_slave mode Vincent Whitchurch <vincent.whitchurch(a)axis.com> printk: Do not lose last line in kmsg buffer dump Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag Martin Wilck <Martin.Wilck(a)suse.com> scsi: scsi_dh_rdac: zero cdb in send_mode_select() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-tascam: check intermediate state of clock status and retry Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-tascam: handle error code when getting current source of clock Luca Coelho <luciano.coelho(a)intel.com> iwlwifi: fw: don't send GEO_TX_POWER_LIMIT command to FW version 36 Adam Ford <aford173(a)gmail.com> ARM: omap2plus_defconfig: Fix missing video Adam Ford <aford173(a)gmail.com> ARM: dts: logicpd-torpedo-baseboard: Fix missing video MyungJoo Ham <myungjoo.ham(a)samsung.com> PM / devfreq: passive: fix compiler warning Sakari Ailus <sakari.ailus(a)linux.intel.com> media: omap3isp: Set device on omap3isp subdevs Jiří Paleček <jpalecek(a)web.de> kvm: Nested KVM MMUs need PAE root too Qu Wenruo <wqu(a)suse.com> btrfs: Detect unbalanced tree with empty leaf before crashing btree operations Qu Wenruo <wqu(a)suse.com> btrfs: tree-checker: Add ROOT_ITEM check Qu Wenruo <wqu(a)suse.com> btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type Qu Wenruo <wqu(a)suse.com> btrfs: delayed-inode: Kill the BUG_ON() in btrfs_delete_delayed_dir_index() Oliver Neukum <oneukum(a)suse.com> zd1211rw: remove false assertion from zd_mac_clear() Kai-Heng Feng <kai.heng.feng(a)canonical.com> iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 Jani Nikula <jani.nikula(a)intel.com> drm: fix module name in edid_firmware log message Tomas Bortoli <tomasbortoli(a)gmail.com> media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() Ahzo <Ahzo(a)tutanota.com> drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Drop unsol event handler for Intel HDMI codecs Tomas Espeleta <tomas.espeleta(a)gmail.com> ALSA: hda - Add a quirk model for fixing Huawei Matebook X right speaker Kai-Heng Feng <kai.heng.feng(a)canonical.com> e1000e: add workaround for possible stalled packet Kevin Easton <kevin(a)guarana.org> libertas: Add missing sentinel at end of if_usb.c fw_table Ulf Hansson <ulf.hansson(a)linaro.org> mmc: mtk-sd: Re-store SDIO IRQs mask at system resume Nigel Croxon <ncroxon(a)redhat.com> raid5: don't increment read_errors on EILSEQ return Ulf Hansson <ulf.hansson(a)linaro.org> mmc: dw_mmc: Re-store SDIO IRQs mask at system resume Ulf Hansson <ulf.hansson(a)linaro.org> mmc: core: Add helper function to indicate if SDIO IRQs is enabled Al Cooper <alcooperx(a)gmail.com> mmc: sdhci: Fix incorrect switch to HS mode Miles Chen <miles.chen(a)mediatek.com> sched/psi: Correct overly pessimistic size calculation Ulf Hansson <ulf.hansson(a)linaro.org> mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD Guoqing Jiang <guoqing.jiang(a)cloud.ionos.com> raid5: don't set STRIPE_HANDLE to stripe which is in batch list Hou Tao <houtao1(a)huawei.com> block: make rq sector size accessible for block stats Jackie Liu <liuyun01(a)kylinos.cn> io_uring: fix wrong sequence setting logic Lukas Wunner <lukas(a)wunner.de> spi: bcm2835: Work around DONE bit erratum Prarit Bhargava <prarit(a)redhat.com> tools/power/x86/intel-speed-select: Fix memory leak Peter Ujfalusi <peter.ujfalusi(a)ti.com> ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set Katsuhiro Suzuki <katsuhiro(a)katsuster.net> SoC: simple-card-utils: set 0Hz to sysclk when shutdown M. Vefa Bicakci <m.v.b(a)runbox.com> platform/x86: intel_pmc_core_pltdrv: Module removal warning fix M. Vefa Bicakci <m.v.b(a)runbox.com> platform/x86: intel_pmc_core: Do not ioremap RAM Gayatri Kammela <gayatri.kammela(a)intel.com> x86/cpu: Add Tiger Lake to Intel family Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices Harald Freudenberger <freude(a)linux.ibm.com> s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding Christoph Hellwig <hch(a)lst.de> irqchip/sifive-plic: set max threshold for ignored handlers Peter Zijlstra <peterz(a)infradead.org> x86/mm: Fix cpumask_of_node() error condition Masami Hiramatsu <mhiramat(a)kernel.org> kprobes: Prohibit probing on BUG() and WARN() address Peter Ujfalusi <peter.ujfalusi(a)ti.com> dmaengine: ti: edma: Do not reset reserved paRAM slots Yufen Yu <yuyufen(a)huawei.com> md/raid1: fail run raid1 array when active disk less than one Wang Shenran <shenran268(a)gmail.com> hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' Marcel Bocu <marcel.p.bocu(a)gmail.com> hwmon: (k10temp) Add support for AMD family 17h, model 70h CPUs Kent Overstreet <kent.overstreet(a)gmail.com> closures: fix a race on wakeup from closure_sync Wenwen Wang <wenwen(a)cs.uga.edu> ACPI / PCI: fix acpi_pci_irq_enable() memory leak Wenwen Wang <wenwen(a)cs.uga.edu> ACPI: custom_method: fix memory leaks Marcel Bocu <marcel.p.bocu(a)gmail.com> x86/amd_nb: Add PCI device IDs for family 17h, model 70h Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks Maxime Ripard <mripard(a)kernel.org> ASoC: dt-bindings: sun4i-spdif: Fix dma-names warning Tzvetomir Stoyanov <tstoyanov(a)vmware.com> libtraceevent: Change users plugin directory Eric Dumazet <edumazet(a)google.com> iommu/iova: Avoid false sharing on fq_timer_on Dan Williams <dan.j.williams(a)intel.com> libata/ahci: Drop PCS quirk for Denverton and beyond Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: Haswell: Adjust machine device private context Qian Cai <cai(a)lca.pw> iommu/amd: Silence warnings under memory pressure Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-motu: add support for MOTU 4pre Anton Eidelman <anton(a)lightbitslabs.com> nvme-multipath: fix ana log nsid lookup when nsid is not found Tom Wu <tomwu(a)mellanox.com> nvmet: fix data units read and written counters in SMART log Song Liu <songliubraving(a)fb.com> x86/mm/pti: Handle unaligned address gracefully in pti_clone_pagetable() Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_ssi: Fix clock control issue in master mode Thomas Gleixner <tglx(a)linutronix.de> x86/mm/pti: Do not invoke PTI functions when PTI is disabled Andrew Murray <andrew.murray(a)arm.com> jump_label: Don't warn on __exit jump entries Andrew Murray <andrew.murray(a)arm.com> arm64: Use correct ll/sc atomic constraints Arnaldo Carvalho de Melo <acme(a)redhat.com> perf evlist: Use unshare(CLONE_FS) in sb threads to let setns(CLONE_NEWNS) work Mark Rutland <mark.rutland(a)arm.com> arm64: kpti: ensure patched kernel text is fetched from PoU Neil Horman <nhorman(a)tuxdriver.com> x86/apic/vector: Warn when vector space exhaustion breaks affinity Neil Armstrong <narmstrong(a)baylibre.com> arm64: dts: meson: fix boards regulators states format Douglas RAILLARD <douglas.raillard(a)arm.com> sched/cpufreq: Align trace event behavior of fast switching Al Stone <ahs3(a)redhat.com> ACPI / CPPC: do not require the _PSD method Katsuhiro Suzuki <katsuhiro(a)katsuster.net> ASoC: es8316: fix headphone mixer volume table Dan Murphy <dmurphy(a)ti.com> leds: lm3532: Fixes for the driver for stability Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> media: ov9650: add a sanity check Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> media: aspeed-video: address a protential usage of an unitialized var Gustavo A. R. Silva <gustavo(a)embeddedor.com> perf script: Fix memory leaks in list_scripts() Andi Kleen <ak(a)linux.intel.com> perf report: Fix --ns time sort key output Benjamin Peterson <benjamin(a)python.org> perf trace beauty ioctl: Fix off-by-one error in cmd->string table Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() Wenwen Wang <wenwen(a)cs.uga.edu> media: cpia2_usb: fix memory leaks Wenwen Wang <wenwen(a)cs.uga.edu> media: saa7146: add cleanup in hexium_attach() Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec-notifier: clear cec_adap in cec_notifier_unregister Kamil Konieczny <k.konieczny(a)partner.samsung.com> PM / devfreq: exynos-bus: Correct clock enable sequence Leonard Crestez <leonard.crestez(a)nxp.com> PM / devfreq: passive: Use non-devm notifiers Masahiro Yamada <yamada.masahiro(a)socionext.com> ARM: OMAP2+: move platform-specific asm-offset.h to arch/arm/mach-omap2 Ezequiel Garcia <ezequiel(a)collabora.com> PM / devfreq: Fix kernel oops on governor module load Geert Uytterhoeven <geert+renesas(a)glider.be> soc: renesas: Enable ARM_ERRATA_754322 for affected Cortex-A9 Geert Uytterhoeven <geert+renesas(a)glider.be> soc: renesas: rmobile-sysc: Set GENPD_FLAG_ALWAYS_ON for always-on domain Masahiro Yamada <yamada.masahiro(a)socionext.com> ARM: at91: move platform-specific asm-offset.h to arch/arm/mach-at91 Yazen Ghannam <yazen.ghannam(a)amd.com> EDAC/amd64: Decode syndrome before translating address Yazen Ghannam <yazen.ghannam(a)amd.com> EDAC/amd64: Recognize DRAM device type ECC capability Gerald BAEZA <gerald.baeza(a)st.com> libperf: Fix alignment trap with xyarray contents in 'perf stat' Anson Huang <Anson.Huang(a)nxp.com> cpufreq: imx-cpufreq-dt: Add i.MX8MN support Yazen Ghannam <yazen.ghannam(a)amd.com> EDAC/amd64: Support more than two controllers for chip selects handling Wenwen Wang <wenwen(a)cs.uga.edu> media: dvb-core: fix a memory leak bug Thomas Gleixner <tglx(a)linutronix.de> posix-cpu-timers: Sanitize bogus WARNONS Sean Young <sean(a)mess.org> media: dvb-frontends: use ida for pll number A Sun <as1033x(a)comcast.net> media: mceusb: fix (eliminate) TX IR signal length limit Vasily Gorbik <gor(a)linux.ibm.com> s390/kasan: provide uninstrumented __strlen James Morse <james.morse(a)arm.com> arm64: entry: Move ct_user_exit before any other exception Liguang Zhang <zhangliguang(a)linux.alibaba.com> ACPI / APEI: Release resources if gen_pool_add() fails Mike Christie <mchristi(a)redhat.com> nbd: add missing config put Codrin Ciubotariu <codrin.ciubotariu(a)microchip.com> ASoC: mchp-i2s-mcc: Fix unprepare of GCLK Wenwen Wang <wenwen(a)cs.uga.edu> led: triggers: Fix a memory leak bug Codrin Ciubotariu <codrin.ciubotariu(a)microchip.com> ASoC: mchp-i2s-mcc: Wait for RX/TX RDY only if controller is running Maxime Ripard <mripard(a)kernel.org> ASoC: sun4i-i2s: Don't use the oversample to calculate BCLK Arnaldo Carvalho de Melo <acme(a)redhat.com> tools headers: Fixup bitsperlong per arch includes Michael Ellerman <mpe(a)ellerman.id.au> powerpc/Makefile: Always pass --synthetic to nm if supported Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> ASoC: uniphier: Fix double reset assersion when transitioning to suspend state Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: hdpvr: add terminating 0 at end of string Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: radio/si470x: kill urb on error Hans de Goede <hdegoede(a)redhat.com> x86/platform/intel/iosf_mbi Rewrite locking Stefan Agner <stefan.agner(a)toradex.com> ARM: dts: imx7-colibri: disable HS400 Bjorn Andersson <bjorn.andersson(a)linaro.org> arm64: dts: qcom: qcs404-evb: Mark WCSS clocks protected André Draszik <git(a)andred.net> ARM: dts: imx7d: cl-som-imx7: make ethernet work again Finn Thain <fthain(a)telegraphics.com.au> m68k: Prevent some compiler warnings in Coldfire builds Arnd Bergmann <arnd(a)arndb.de> net: lpc-enet: fix printk format strings Mark Rutland <mark.rutland(a)arm.com> kasan/arm64: fix CONFIG_KASAN_SW_TAGS && KASAN_INLINE Ezequiel Garcia <ezequiel(a)collabora.com> media: imx: mipi csi-2: Don't fail if initial state times-out Sakari Ailus <sakari.ailus(a)linux.intel.com> media: omap3isp: Don't set streaming state on random subdevs Ezequiel Garcia <ezequiel(a)collabora.com> media: i2c: ov5645: Fix power sequence Colin Ian King <colin.king(a)canonical.com> media: vsp1: fix memory leak of dl on error return path Tan Xiaojun <tanxiaojun(a)huawei.com> perf record: Support aarch64 random socket_id assignment Arnd Bergmann <arnd(a)arndb.de> ARM: xscale: fix multi-cpu compilation Arnd Bergmann <arnd(a)arndb.de> dmaengine: iop-adma: use correct printk format strings Darius Rad <alpha(a)area49.net> media: rc: imon: Allow iMON RC protocol for ffdc 7e device John Keeping <john(a)metanate.com> perf unwind: Fix libunwind when tid != pid Kees Cook <keescook(a)chromium.org> arm64/efi: Move variable assignments after SECTIONS Sean Young <sean(a)mess.org> media: em28xx: modules workqueue not inited for 2nd device Geert Uytterhoeven <geert+renesas(a)glider.be> media: fdp1: Reduce FCP not found message level to debug Wolfram Sang <wsa+renesas(a)sang-engineering.com> media: i2c: tda1997x: prevent potential NULL pointer access Matthias Brugger <matthias.bgg(a)gmail.com> media: mtk-mdp: fix reference count on old device tree Arnaldo Carvalho de Melo <acme(a)redhat.com> perf test vfs_getname: Disable ~/.perfconfig to get default output Arnaldo Carvalho de Melo <acme(a)redhat.com> perf config: Honour $PERF_CONFIG env var to specify alternate .perfconfig Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: gspca: zero usb_buf on error zhengbin <zhengbin13(a)huawei.com> blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling Peter Zijlstra <peterz(a)infradead.org> idle: Prevent late-arriving interrupts from disrupting offline Phil Auld <pauld(a)redhat.com> sched/fair: Use rq_lock/unlock in online_fair_sched_group Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_scmi: Check if platform has released shmem before using Xiaofei Tan <tanxiaofei(a)huawei.com> efi: cper: print AER info of PCIe fatal error Stephen Douthit <stephend(a)silicom-usa.com> EDAC, pnd2: Fix ioremap() size in dnv_rd_reg() Luke Mujica <lukemujica(a)google.com> perf tools: Fix paths in include statements Alessio Balsini <balsini(a)android.com> loop: Add LOOP_SET_DIRECT_IO to compat ioctl Jiri Slaby <jslaby(a)suse.cz> ACPI / processor: don't print errors for processorIDs == 0xff Keyon Jie <yang.jie(a)linux.intel.com> ASoC: hdac_hda: fix page fault issue by removing race Valdis Kletnieks <valdis.kletnieks(a)vt.edu> RAS: Build debugfs.o only when enabled in Kconfig Valdis Kletnieks <valdis.kletnieks(a)vt.edu> RAS: Fix prototype warnings YueHaibing <yuehaibing(a)huawei.com> media: staging: tegra-vde: Fix build error Randy Dunlap <rdunlap(a)infradead.org> media: media/platform: fsl-viu.c: fix build for MICROBLAZE Guoqing Jiang <jgq516(a)gmail.com> md: don't set In_sync if array is frozen Guoqing Jiang <jgq516(a)gmail.com> md: don't call spare_active in md_reap_sync_thread if all member devices can't work Yufen Yu <yuyufen(a)huawei.com> md/raid1: end bio when the device faulty Qian Cai <cai(a)lca.pw> arm64/prefetch: fix a -Wtype-limits warning Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: don't call clk_get_rate() under atomic context Dan Carpenter <dan.carpenter(a)oracle.com> EDAC/altera: Use the proper type for the IRQ status bits chenzefeng <chenzefeng2(a)huawei.com> ia64:unwind: fix double free for mod->arch.init_unw_table Ard van Breemen <ard(a)kwaak.net> ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid Vinod Koul <vkoul(a)kernel.org> base: soc: Export soc_device_register/unregister APIs Neil Armstrong <narmstrong(a)baylibre.com> soc: amlogic: meson-clk-measure: protect measure with a mutex Junhua Huang <huang.junhua(a)zte.com.cn> arm64: mm: free the initrd reserved memblock in a aligned manner Charles Keepax <ckeepax(a)opensource.cirrus.com> gpio: madera: Add support for Cirrus Logic CS47L92 Richard Fitzgerald <rf(a)opensource.cirrus.com> gpio: madera: Add support for Cirrus Logic CS47L15 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: teo: Allow tick to be stopped if PM QoS is used Oliver Neukum <oneukum(a)suse.com> media: iguanair: add sanity checks Anson Huang <Anson.Huang(a)nxp.com> arm64: dts: imx8mq: Correct OPP table according to latest datasheet Robert Richter <rrichter(a)marvell.com> EDAC/mc: Fix grain_bits calculation Paul E. McKenney <paulmck(a)linux.ibm.com> rcu: Add destroy_work_on_stack() to match INIT_WORK_ONSTACK() Jia-Ju Bai <baijiaju1990(a)gmail.com> ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Show the fatal CORB/RIRB error more clearly Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Soft disable APIC before initializing it Juri Lelli <juri.lelli(a)redhat.com> rcu/tree: Call setschedule() gp ktread to SCHED_FIFO outside of atomic region Grzegorz Halat <ghalat(a)redhat.com> x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Fix bandwidth accounting at all levels after offline migration Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Make apic_pending_intr_clear() more robust Juri Lelli <juri.lelli(a)redhat.com> sched/core: Fix CPU controller for !RT_GROUP_SCHED Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix imbalance due to CPU affinity Paul E. McKenney <paulmck(a)linux.ibm.com> time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint Fabio Estevam <festevam(a)gmail.com> media: i2c: ov5640: Check for devm_gpiod_get_optional() error Luke Nowakowski-Krijger <lnowakow(a)eng.ucsd.edu> media: hdpvr: Add device num check and handling Arnd Bergmann <arnd(a)arndb.de> media: vivid: work around high stack usage with clang Michael Tretter <m.tretter(a)pengutronix.de> media: vb2: reorder checks in vb2_poll() Vandana BN <bnvandana(a)gmail.com> media: vivid:add sanity check to avoid divide error and set value to 1 if 0. Wen Yang <wen.yang99(a)zte.com.cn> media: exynos4-is: fix leaked of_node references Pan Xiuli <xiuli.pan(a)linux.intel.com> ASoC: SOF: pci: mark last_busy value at runtime PM init Sean Young <sean(a)mess.org> media: mtk-cir: lower de-glitch counter for rc-mm protocol Arnd Bergmann <arnd(a)arndb.de> media: dib0700: fix link error for dibx000_i2c_set_speed Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ASoC: SOF: reset DMA state in prepare Nick Stoughton <nstoughton(a)logitech.com> leds: leds-lp5562 allow firmware files up to the maximum length Stefan Wahren <wahrenst(a)gmx.net> dmaengine: bcm2835: Print error in case setting DMA mask fails Stephen Boyd <swboyd(a)chromium.org> firmware: qcom_scm: Use proper types for dma mappings Oleksandr Suvorov <oleksandr.suvorov(a)toradex.com> ASoC: sgtl5000: Fix charge pump source assignment Oleksandr Suvorov <oleksandr.suvorov(a)toradex.com> ASoC: sgtl5000: Fix of unmute outputs on probe Lucas Stach <l.stach(a)pengutronix.de> ASoC: tlv320aic31xx: suppress error message for EPROBE_DEFER Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: dw-mmio: Clock should be shut when error occurs Axel Lin <axel.lin(a)ingics.com> regulator: lm363x: Fix n_voltages setting for lm36274 Axel Lin <axel.lin(a)ingics.com> regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg Takashi Iwai <tiwai(a)suse.de> ALSA: hda/hdmi - Don't report spurious jack state changes Hariprasad Kelam <hariprasad.kelam(a)gmail.com> cpufreq: ap806: Add NULL check after kcalloc Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> ASoC: SOF: Intel: hda: Make hdac_device device-managed Chris Wilson <chris(a)chris-wilson.co.uk> ALSA: hda: Flush interrupts on disabling Ori Nimron <orinimron123(a)gmail.com> nfc: enforce CAP_NET_RAW for raw sockets Ori Nimron <orinimron123(a)gmail.com> ieee802154: enforce CAP_NET_RAW for raw sockets Ori Nimron <orinimron123(a)gmail.com> ax25: enforce CAP_NET_RAW for raw sockets Ori Nimron <orinimron123(a)gmail.com> appletalk: enforce CAP_NET_RAW for raw sockets Ori Nimron <orinimron123(a)gmail.com> mISDN: enforce CAP_NET_RAW for raw sockets Bodong Wang <bodong(a)mellanox.com> net/mlx5: Add device ID of upcoming BlueField-2 Eric Dumazet <edumazet(a)google.com> tcp: better handle TCP_USER_TIMEOUT in SYN_SENT state Eric Dumazet <edumazet(a)google.com> net: sched: fix possible crash in tcf_action_destroy() Saeed Mahameed <saeedm(a)mellanox.com> net/mlx5e: Fix traffic duplication in ethtool steering David Ahern <dsahern(a)gmail.com> vrf: Do not attempt to create IPv6 mcast rule if IPv6 is disabled Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: add policy validation for action attributes David Ahern <dsahern(a)gmail.com> ipv4: Revert removal of rt_uses_gateway Vinicius Costa Gomes <vinicius.gomes(a)intel.com> net/sched: cbs: Fix not adding cbs instance to list Hans Andersson <hans.andersson(a)cellavision.se> net: phy: micrel: add Asym Pause workaround for KSZ9021 David Ahern <dsahern(a)gmail.com> selftests: Update fib_nexthop_multiprefix to handle missing ping6 Eric Dumazet <edumazet(a)google.com> ipv6: fix a typo in fib6_rule_lookup() Dmytro Linkin <dmitrolin(a)mellanox.com> net/mlx5e: Fix matching on tunnel addresses type Ka-Cheong Poon <ka-cheong.poon(a)oracle.com> net/rds: Check laddr_check before calling it Oliver Neukum <oneukum(a)suse.com> usbnet: sanity checking of packet sizes and device mtu Bjørn Mork <bjorn(a)mork.no> usbnet: ignore endpoints with invalid wMaxPacketSize Kevin(Yudong) Yang <yyd(a)google.com> tcp_bbr: fix quantization code to not raise cwnd if not probing bandwidth Stephen Hemminger <stephen(a)networkplumber.org> skge: fix checksum byte order David Ahern <dsahern(a)gmail.com> selftests: Update fib_tests to handle missing ping6 Eric Dumazet <edumazet(a)google.com> sch_netem: fix a divide by zero in tabledist() Takeshi Misawa <jeliantsurux(a)gmail.com> ppp: Fix memory leak in ppp_write Li RongQing <lirongqing(a)baidu.com> openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC Navid Emamdoost <navid.emamdoost(a)gmail.com> nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs Navid Emamdoost <navid.emamdoost(a)gmail.com> nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs Thierry Reding <treding(a)nvidia.com> net: stmmac: Fix page pool size Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: add max len check for TCA_KIND Davide Caratti <dcaratti(a)redhat.com> net/sched: act_sample: don't push mac header on ip6gre ingress Bjorn Andersson <bjorn.andersson(a)linaro.org> net: qrtr: Stop rx_worker before freeing node Peter Mamonov <pmamonov(a)gmail.com> net/phy: fix DP83865 10 Mbps HDX loopback disable function Xin Long <lucien.xin(a)gmail.com> macsec: drop skb sk before calling gro_cells_receive Jason A. Donenfeld <Jason(a)zx2c4.com> ipv6: do not free rt if FIB_LOOKUP_NOREF is set on suppress rule Bjørn Mork <bjorn(a)mork.no> cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> arcnet: provide a buffer big enough to actually receive packets ------------- Diffstat: .../bindings/sound/allwinner,sun4i-a10-spdif.yaml | 4 +- Documentation/sound/hd-audio/models.rst | 3 + Makefile | 4 +- arch/arm/boot/dts/am3517-evm.dts | 23 +- arch/arm/boot/dts/exynos5420-peach-pit.dts | 1 + arch/arm/boot/dts/exynos5800-peach-pi.dts | 1 + arch/arm/boot/dts/imx7-colibri.dtsi | 1 + arch/arm/boot/dts/imx7d-cl-som-imx7.dts | 4 +- arch/arm/boot/dts/logicpd-torpedo-baseboard.dtsi | 37 +-- arch/arm/configs/omap2plus_defconfig | 1 + arch/arm/mach-at91/.gitignore | 1 + arch/arm/mach-at91/Makefile | 5 +- arch/arm/mach-at91/pm_suspend.S | 2 +- arch/arm/mach-ep93xx/edb93xx.c | 2 +- arch/arm/mach-ep93xx/simone.c | 2 +- arch/arm/mach-ep93xx/ts72xx.c | 4 +- arch/arm/mach-ep93xx/vision_ep9307.c | 2 +- arch/arm/mach-omap2/.gitignore | 1 + arch/arm/mach-omap2/Makefile | 5 +- arch/arm/mach-omap2/sleep33xx.S | 2 +- arch/arm/mach-omap2/sleep43xx.S | 2 +- arch/arm/mach-zynq/platsmp.c | 2 +- arch/arm/mm/copypage-xscale.c | 6 +- arch/arm/plat-samsung/watchdog-reset.c | 1 + .../boot/dts/amlogic/meson-g12b-odroid-n2.dts | 4 +- .../boot/dts/amlogic/meson-gxbb-nexbox-a95x.dts | 4 +- .../arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts | 4 +- arch/arm64/boot/dts/amlogic/meson-gxbb-p20x.dtsi | 4 +- .../dts/amlogic/meson-gxl-s905x-hwacom-amazetv.dts | 4 +- .../dts/amlogic/meson-gxl-s905x-nexbox-a95x.dts | 4 +- arch/arm64/boot/dts/freescale/imx8mq.dtsi | 5 +- arch/arm64/boot/dts/qcom/qcs404-evb.dtsi | 4 +- arch/arm64/boot/dts/rockchip/rk3328.dtsi | 3 + arch/arm64/include/asm/atomic_ll_sc.h | 89 +++--- arch/arm64/include/asm/cputype.h | 21 +- arch/arm64/include/asm/exception.h | 2 + arch/arm64/include/asm/tlbflush.h | 1 + arch/arm64/kernel/cpufeature.c | 2 +- arch/arm64/kernel/entry.S | 36 +-- arch/arm64/kernel/image-vars.h | 51 ++++ arch/arm64/kernel/image.h | 42 --- arch/arm64/kernel/traps.c | 9 + arch/arm64/kernel/vmlinux.lds.S | 2 + arch/arm64/mm/init.c | 6 +- arch/arm64/mm/proc.S | 9 + arch/ia64/kernel/module.c | 8 +- arch/m68k/include/asm/atarihw.h | 9 - arch/m68k/include/asm/io_mm.h | 6 +- arch/m68k/include/asm/macintosh.h | 1 + arch/powerpc/Makefile | 2 - arch/powerpc/platforms/powernv/opal-imc.c | 12 +- arch/s390/crypto/aes_s390.c | 6 + arch/s390/include/asm/string.h | 9 +- arch/x86/include/asm/intel-family.h | 3 + arch/x86/include/asm/kvm_host.h | 7 + arch/x86/kernel/amd_nb.c | 3 + arch/x86/kernel/apic/apic.c | 115 ++++--- arch/x86/kernel/apic/vector.c | 11 + arch/x86/kernel/smp.c | 46 +-- arch/x86/kvm/cpuid.c | 6 + arch/x86/kvm/emulate.c | 2 + arch/x86/kvm/mmu.c | 47 +-- arch/x86/kvm/svm.c | 4 +- arch/x86/kvm/vmx/vmx.c | 6 +- arch/x86/kvm/x86.c | 21 +- arch/x86/mm/numa.c | 4 +- arch/x86/mm/pti.c | 8 +- arch/x86/platform/intel/iosf_mbi.c | 100 +++--- block/blk-flush.c | 10 + block/blk-mq.c | 25 +- block/blk-throttle.c | 3 +- block/blk.h | 7 + block/mq-deadline.c | 19 +- drivers/acpi/acpi_lpss.c | 8 +- drivers/acpi/acpi_processor.c | 10 +- drivers/acpi/apei/ghes.c | 17 +- drivers/acpi/cppc_acpi.c | 6 +- drivers/acpi/custom_method.c | 5 +- drivers/acpi/pci_irq.c | 4 +- drivers/ata/ahci.c | 116 ++++--- drivers/ata/ahci.h | 2 + drivers/base/soc.c | 2 + drivers/block/loop.c | 1 + drivers/block/nbd.c | 4 +- drivers/char/hw_random/core.c | 2 +- drivers/char/ipmi/ipmi_msghandler.c | 114 +++---- drivers/char/mem.c | 21 ++ drivers/char/tpm/tpm-interface.c | 23 +- drivers/char/tpm/tpm_tis_core.c | 3 + drivers/cpufreq/armada-8k-cpufreq.c | 2 + drivers/cpufreq/imx-cpufreq-dt.c | 8 +- drivers/cpuidle/governors/teo.c | 32 +- drivers/devfreq/devfreq.c | 2 +- drivers/devfreq/exynos-bus.c | 31 +- drivers/devfreq/governor_passive.c | 7 +- drivers/dma/bcm2835-dma.c | 4 +- drivers/dma/iop-adma.c | 18 +- drivers/dma/ti/edma.c | 9 +- drivers/edac/altera_edac.c | 4 +- drivers/edac/amd64_edac.c | 151 ++++++---- drivers/edac/amd64_edac.h | 5 +- drivers/edac/edac_mc.c | 8 +- drivers/edac/pnd2_edac.c | 7 +- drivers/firmware/arm_scmi/driver.c | 8 + drivers/firmware/efi/cper.c | 15 + drivers/firmware/qcom_scm.c | 7 +- drivers/gpio/gpio-madera.c | 8 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 + .../amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 27 +- drivers/gpu/drm/amd/display/dc/dce/dce_mem_input.c | 4 +- .../drm/amd/display/dc/dce112/dce112_resource.c | 16 +- .../drm/amd/display/dc/dce120/dce120_resource.c | 11 +- drivers/gpu/drm/amd/display/dc/inc/resource.h | 2 + drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 5 + drivers/gpu/drm/drm_kms_helper_common.c | 2 +- drivers/hwmon/acpi_power_meter.c | 4 +- drivers/hwmon/k10temp.c | 1 + drivers/i2c/busses/i2c-riic.c | 1 + drivers/infiniband/core/addr.c | 2 +- drivers/infiniband/core/uverbs_cmd.c | 3 +- drivers/infiniband/hw/hfi1/mad.c | 45 ++- drivers/infiniband/hw/hfi1/verbs.c | 17 +- drivers/infiniband/hw/mlx5/main.c | 1 + drivers/iommu/Makefile | 2 +- drivers/iommu/amd_iommu.c | 4 +- drivers/iommu/amd_iommu.h | 14 + drivers/iommu/amd_iommu_init.c | 5 +- drivers/iommu/amd_iommu_quirks.c | 92 ++++++ drivers/iommu/arm-smmu-v3.c | 2 + drivers/iommu/intel_irq_remapping.c | 6 +- drivers/iommu/iova.c | 4 +- drivers/irqchip/irq-gic-v3-its.c | 9 +- drivers/irqchip/irq-sifive-plic.c | 12 +- drivers/isdn/mISDN/socket.c | 2 + drivers/leds/led-triggers.c | 1 + drivers/leds/leds-lm3532.c | 17 +- drivers/leds/leds-lp5562.c | 6 +- drivers/md/bcache/closure.c | 10 +- drivers/md/dm-rq.c | 1 + drivers/md/md.c | 28 +- drivers/md/md.h | 3 + drivers/md/raid0.c | 33 +- drivers/md/raid0.h | 14 + drivers/md/raid1.c | 39 ++- drivers/md/raid5.c | 10 +- drivers/media/cec/cec-notifier.c | 2 + drivers/media/common/videobuf2/videobuf2-v4l2.c | 8 +- drivers/media/dvb-core/dvb_frontend.c | 4 +- drivers/media/dvb-core/dvbdev.c | 4 +- drivers/media/dvb-frontends/dvb-pll.c | 40 ++- drivers/media/i2c/ov5640.c | 5 + drivers/media/i2c/ov5645.c | 26 +- drivers/media/i2c/ov9650.c | 5 + drivers/media/i2c/tda1997x.c | 9 +- drivers/media/pci/saa7134/saa7134-i2c.c | 12 +- drivers/media/pci/saa7146/hexium_gemini.c | 3 + drivers/media/platform/aspeed-video.c | 5 +- drivers/media/platform/exynos4-is/fimc-is.c | 1 + drivers/media/platform/exynos4-is/media-dev.c | 2 + drivers/media/platform/fsl-viu.c | 2 +- drivers/media/platform/mtk-mdp/mtk_mdp_core.c | 4 +- drivers/media/platform/omap3isp/isp.c | 8 + drivers/media/platform/omap3isp/ispccdc.c | 1 + drivers/media/platform/omap3isp/ispccp2.c | 1 + drivers/media/platform/omap3isp/ispcsi2.c | 1 + drivers/media/platform/omap3isp/isppreview.c | 1 + drivers/media/platform/omap3isp/ispresizer.c | 1 + drivers/media/platform/omap3isp/ispstat.c | 2 + drivers/media/platform/rcar_fdp1.c | 2 +- drivers/media/platform/vivid/vivid-ctrls.c | 2 +- drivers/media/platform/vivid/vivid-kthread-cap.c | 9 +- drivers/media/platform/vsp1/vsp1_dl.c | 4 +- drivers/media/radio/si470x/radio-si470x-usb.c | 5 +- drivers/media/rc/iguanair.c | 15 +- drivers/media/rc/imon.c | 7 +- drivers/media/rc/mceusb.c | 334 ++++++++++++--------- drivers/media/rc/mtk-cir.c | 8 + drivers/media/usb/cpia2/cpia2_usb.c | 4 + drivers/media/usb/dvb-usb/dib0700_devices.c | 8 + drivers/media/usb/dvb-usb/pctv452e.c | 8 - drivers/media/usb/em28xx/em28xx-cards.c | 1 - drivers/media/usb/gspca/konica.c | 5 + drivers/media/usb/gspca/nw80x.c | 5 + drivers/media/usb/gspca/ov519.c | 10 + drivers/media/usb/gspca/ov534.c | 5 + drivers/media/usb/gspca/ov534_9.c | 1 + drivers/media/usb/gspca/se401.c | 5 + drivers/media/usb/gspca/sn9c20x.c | 12 + drivers/media/usb/gspca/sonixb.c | 5 + drivers/media/usb/gspca/sonixj.c | 5 + drivers/media/usb/gspca/spca1528.c | 5 + drivers/media/usb/gspca/sq930x.c | 5 + drivers/media/usb/gspca/sunplus.c | 5 + drivers/media/usb/gspca/vc032x.c | 5 + drivers/media/usb/gspca/w996Xcf.c | 5 + drivers/media/usb/hdpvr/hdpvr-core.c | 13 +- drivers/media/usb/ttusb-dec/ttusb_dec.c | 2 +- drivers/media/v4l2-core/videobuf-core.c | 5 +- drivers/mmc/core/sdio_irq.c | 9 +- drivers/mmc/host/dw_mmc.c | 4 + drivers/mmc/host/mtk-sd.c | 3 + drivers/mmc/host/sdhci.c | 4 +- drivers/mtd/nand/raw/stm32_fmc2_nand.c | 90 ++---- drivers/net/arcnet/arcnet.c | 31 +- drivers/net/ethernet/intel/e1000e/ich8lan.c | 10 + drivers/net/ethernet/intel/e1000e/ich8lan.h | 2 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 5 + drivers/net/ethernet/marvell/skge.c | 2 +- .../ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 89 +++--- drivers/net/ethernet/mellanox/mlx5/core/main.c | 1 + drivers/net/ethernet/netronome/nfp/flower/main.c | 7 + drivers/net/ethernet/nxp/lpc_eth.c | 13 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/macsec.c | 1 + drivers/net/phy/micrel.c | 3 + drivers/net/phy/national.c | 9 +- drivers/net/ppp/ppp_generic.c | 2 + drivers/net/usb/cdc_ncm.c | 6 +- drivers/net/usb/usbnet.c | 8 + drivers/net/vrf.c | 3 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 2 +- drivers/net/wireless/ath/ath10k/wmi-tlv.h | 16 + drivers/net/wireless/ath/ath10k/wmi.h | 8 - drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 8 +- drivers/net/wireless/marvell/libertas/if_usb.c | 3 +- drivers/net/wireless/mediatek/mt76/mmio.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 15 +- drivers/net/wireless/mediatek/mt76/mt7615/mt7615.h | 6 +- drivers/net/wireless/mediatek/mt76/usb.c | 2 +- drivers/net/wireless/realtek/rtw88/pci.c | 71 +++-- drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 1 - drivers/nvme/host/multipath.c | 8 +- drivers/nvme/target/admin-cmd.c | 14 +- drivers/parisc/dino.c | 24 ++ drivers/platform/chrome/cros_ec_rpmsg.c | 32 +- drivers/platform/x86/intel_int0002_vgpio.c | 1 + drivers/platform/x86/intel_pmc_core.c | 8 +- drivers/platform/x86/intel_pmc_core_pltdrv.c | 8 + drivers/ras/Makefile | 3 +- drivers/ras/cec.c | 1 + drivers/ras/debugfs.c | 2 + drivers/regulator/core.c | 42 ++- drivers/regulator/lm363x-regulator.c | 10 +- drivers/scsi/device_handler/scsi_dh_rdac.c | 2 + drivers/scsi/qla2xxx/qla_init.c | 25 +- drivers/scsi/qla2xxx/qla_os.c | 1 + drivers/scsi/qla2xxx/qla_target.c | 1 - drivers/scsi/scsi_lib.c | 13 + drivers/soc/amlogic/meson-clk-measure.c | 12 +- drivers/soc/renesas/Kconfig | 5 + drivers/soc/renesas/rmobile-sysc.c | 31 +- drivers/spi/spi-bcm2835.c | 14 +- drivers/spi/spi-dw-mmio.c | 6 +- drivers/spi/spi-fsl-dspi.c | 4 +- drivers/staging/erofs/zmap.c | 3 +- drivers/staging/media/hantro/hantro_drv.c | 1 + drivers/staging/media/imx/imx6-mipi-csi2.c | 12 +- drivers/staging/media/tegra-vde/Kconfig | 2 +- drivers/video/fbdev/efifb.c | 27 +- fs/binfmt_elf.c | 3 +- fs/btrfs/ctree.c | 5 +- fs/btrfs/ctree.h | 1 + fs/btrfs/delayed-inode.c | 13 +- fs/btrfs/disk-io.c | 10 + fs/btrfs/extent-tree.c | 8 + fs/btrfs/extent_io.c | 9 + fs/btrfs/free-space-cache.c | 20 +- fs/btrfs/inode.c | 8 + fs/btrfs/qgroup.c | 38 ++- fs/btrfs/tree-checker.c | 98 ++++++ fs/btrfs/volumes.c | 8 +- fs/cifs/cifsfs.c | 2 + fs/cifs/cifsglob.h | 2 + fs/cifs/connect.c | 9 +- fs/cifs/smb2ops.c | 31 +- fs/cifs/smb2pdu.c | 3 +- fs/cifs/xattr.c | 2 +- fs/ext4/extents.c | 4 +- fs/ext4/inode.c | 9 + fs/fuse/dev.c | 93 +++--- fs/fuse/file.c | 1 + fs/fuse/fuse_i.h | 3 + fs/fuse/inode.c | 1 + fs/fuse/readdir.c | 4 +- fs/gfs2/bmap.c | 1 + fs/io_uring.c | 4 +- fs/overlayfs/export.c | 3 +- fs/overlayfs/inode.c | 3 +- fs/xfs/xfs_file.c | 26 ++ include/linux/blk-mq.h | 13 + include/linux/blkdev.h | 15 +- include/linux/bug.h | 5 + include/linux/fs.h | 2 + include/linux/mmc/host.h | 9 + include/linux/pci_ids.h | 1 + include/linux/quotaops.h | 2 +- include/linux/sunrpc/xprt.h | 1 + include/net/route.h | 3 +- kernel/jump_label.c | 4 +- kernel/kprobes.c | 3 +- kernel/printk/printk.c | 2 +- kernel/rcu/tree.c | 6 +- kernel/rcu/tree_exp.h | 6 +- kernel/sched/core.c | 61 +++- kernel/sched/cpufreq_schedutil.c | 7 +- kernel/sched/deadline.c | 33 ++ kernel/sched/fair.c | 11 +- kernel/sched/idle.c | 5 +- kernel/sched/psi.c | 2 +- kernel/time/alarmtimer.c | 4 +- kernel/time/posix-cpu-timers.c | 20 +- lib/lzo/lzo1x_compress.c | 14 +- mm/compaction.c | 35 +-- mm/fadvise.c | 4 +- mm/madvise.c | 22 +- mm/memcontrol.c | 10 + mm/oom_kill.c | 5 +- mm/z3fold.c | 64 ++-- net/appletalk/ddp.c | 5 + net/ax25/af_ax25.c | 2 + net/ieee802154/socket.c | 3 + net/ipv4/inet_connection_sock.c | 4 +- net/ipv4/ip_forward.c | 2 +- net/ipv4/ip_output.c | 2 +- net/ipv4/route.c | 36 ++- net/ipv4/tcp_bbr.c | 8 +- net/ipv4/tcp_timer.c | 5 +- net/ipv4/xfrm4_policy.c | 1 + net/ipv6/fib6_rules.c | 3 +- net/ipv6/ip6_fib.c | 2 +- net/nfc/llcp_sock.c | 7 +- net/openvswitch/datapath.c | 2 +- net/qrtr/qrtr.c | 1 + net/rds/bind.c | 5 +- net/sched/act_api.c | 34 ++- net/sched/act_sample.c | 1 + net/sched/cls_api.c | 6 +- net/sched/sch_api.c | 3 +- net/sched/sch_cbs.c | 30 +- net/sched/sch_netem.c | 2 +- net/sunrpc/clnt.c | 6 +- net/sunrpc/xdr.c | 27 +- net/sunrpc/xprt.c | 54 ++-- net/wireless/util.c | 1 + scripts/Makefile.kasan | 11 +- scripts/gcc-plugins/randomize_layout_plugin.c | 10 +- security/keys/trusted.c | 5 + sound/firewire/motu/motu.c | 12 + sound/firewire/tascam/tascam-pcm.c | 3 + sound/firewire/tascam/tascam-stream.c | 42 ++- sound/hda/hdac_controller.c | 2 + sound/i2c/other/ak4xxx-adda.c | 7 +- sound/pci/hda/hda_codec.c | 8 +- sound/pci/hda/hda_controller.c | 5 +- sound/pci/hda/hda_intel.c | 2 +- sound/pci/hda/patch_hdmi.c | 41 ++- sound/pci/hda/patch_realtek.c | 90 ++++++ sound/soc/atmel/mchp-i2s-mcc.c | 41 ++- sound/soc/codecs/es8316.c | 7 +- sound/soc/codecs/hdac_hda.c | 4 + sound/soc/codecs/sgtl5000.c | 21 +- sound/soc/codecs/tlv320aic31xx.c | 7 +- sound/soc/fsl/fsl_ssi.c | 18 +- sound/soc/generic/simple-card-utils.c | 7 + sound/soc/intel/common/sst-acpi.c | 3 +- sound/soc/intel/common/sst-ipc.c | 2 + sound/soc/intel/skylake/skl-debug.c | 2 +- sound/soc/intel/skylake/skl-nhlt.c | 2 +- sound/soc/sh/rcar/adg.c | 21 +- sound/soc/soc-generic-dmaengine-pcm.c | 6 + sound/soc/sof/intel/hda-codec.c | 6 +- sound/soc/sof/pcm.c | 27 +- sound/soc/sof/pm.c | 2 +- sound/soc/sof/sof-pci-dev.c | 3 + sound/soc/sof/sof-priv.h | 2 +- sound/soc/sunxi/sun4i-i2s.c | 9 +- sound/soc/uniphier/aio-cpu.c | 31 +- sound/soc/uniphier/aio.h | 1 + sound/usb/pcm.c | 1 + tools/include/uapi/asm/bitsperlong.h | 18 +- tools/lib/traceevent/Makefile | 6 +- tools/lib/traceevent/event-plugin.c | 2 +- tools/perf/arch/x86/util/kvm-stat.c | 4 +- tools/perf/arch/x86/util/tsc.c | 6 +- tools/perf/perf.c | 3 + tools/perf/tests/shell/trace+probe_vfs_getname.sh | 4 + tools/perf/trace/beauty/ioctl.c | 2 +- tools/perf/ui/browsers/scripts.c | 6 +- tools/perf/ui/helpline.c | 4 +- tools/perf/ui/util.c | 2 +- tools/perf/util/evlist.c | 9 + tools/perf/util/header.c | 4 +- tools/perf/util/hist.c | 5 +- tools/perf/util/map.c | 3 +- tools/perf/util/map_groups.h | 4 + tools/perf/util/thread.c | 7 +- tools/perf/util/thread.h | 4 - tools/perf/util/unwind-libunwind-local.c | 18 +- tools/perf/util/unwind-libunwind.c | 34 +-- tools/perf/util/unwind.h | 25 +- tools/perf/util/xyarray.h | 3 +- tools/power/x86/intel-speed-select/isst-config.c | 16 +- .../selftests/net/fib_nexthop_multiprefix.sh | 6 +- tools/testing/selftests/net/fib_tests.sh | 21 +- 405 files changed, 3458 insertions(+), 1712 deletions(-)

4 years, 5 months

7
359
0 0

[PATCH 4.19 00/93] 4.19.81-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.81 release. There are 93 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue 29 Oct 2019 08:27:02 PM UTC. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.81-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.81-rc1 Greg KH <gregkh(a)linuxfoundation.org> RDMA/cxgb4: Do not dma memory off of the stack Tejun Heo <tj(a)kernel.org> blk-rq-qos: fix first node deletion of rq_qos_del() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI: PM: Fix pci_power_up() Juergen Gross <jgross(a)suse.com> xen/netback: fix error path of xenvif_connect_data() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' Qu Wenruo <wqu(a)suse.com> btrfs: tracepoints: Fix bad entry members of qgroup events Filipe Manana <fdmanana(a)suse.com> Btrfs: check for the full sync flag while holding the inode lock during fsync Filipe Manana <fdmanana(a)suse.com> Btrfs: add missing extents release on file extent cluster relocation error Qu Wenruo <wqu(a)suse.com> btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() Patrick Williams <alpawi(a)amazon.com> pinctrl: armada-37xx: swap polarity on LED group Patrick Williams <alpawi(a)amazon.com> pinctrl: armada-37xx: fix control of pins 32 and up Dmitry Torokhov <dmitry.torokhov(a)gmail.com> pinctrl: cherryview: restore Strago DMI workaround for all versions Sean Christopherson <sean.j.christopherson(a)intel.com> x86/apic/x2apic: Fix a NULL pointer deref when handling a dying cpu Steve Wahl <steve.wahl(a)hpe.com> x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area Mikulas Patocka <mpatocka(a)redhat.com> dm cache: fix bugs when a GFP_NOWAIT allocation fails Prateek Sood <prsood(a)codeaurora.org> tracing: Fix race in perf_trace_buf initialization Alexander Shishkin <alexander.shishkin(a)linux.intel.com> perf/aux: Fix AUX output stopping Pavel Shilovsky <pshilov(a)microsoft.com> CIFS: Fix use after free of file info structures Roberto Bergantinos Corpas <rbergant(a)redhat.com> CIFS: avoid using MID 0xFFFF Marc Zyngier <marc.zyngier(a)arm.com> arm64: Enable workaround for Cavium TX2 erratum 219 when running SMT James Morse <james.morse(a)arm.com> EDAC/ghes: Fix Use after free in ghes_edac remove path Helge Deller <deller(a)gmx.de> parisc: Fix vmap memory leak in ioremap()/iounmap() Max Filippov <jcmvbkbc(a)gmail.com> xtensa: drop EXPORT_SYMBOL for outs*/ins* Jane Chu <jane.chu(a)oracle.com> mm/memory-failure: poison read receives SIGKILL instead of SIGBUS if mmaped more than once David Hildenbrand <david(a)redhat.com> hugetlbfs: don't access uninitialized memmaps in pfn_range_valid_gigantic() Qian Cai <cai(a)lca.pw> mm/page_owner: don't access uninitialized memmaps when reading /proc/pagetypeinfo Qian Cai <cai(a)lca.pw> mm/slub: fix a deadlock in show_slab_objects() David Hildenbrand <david(a)redhat.com> mm/memory-failure.c: don't access uninitialized memmaps in memory_failure() Faiz Abbas <faiz_abbas(a)ti.com> mmc: cqhci: Commit descriptors before setting the doorbell David Hildenbrand <david(a)redhat.com> fs/proc/page.c: don't access uninitialized memmaps in fs/proc/page.c David Hildenbrand <david(a)redhat.com> drivers/base/memory.c: don't access uninitialized memmaps in soft_offline_page_store() Hans de Goede <hdegoede(a)redhat.com> drm/amdgpu: Bail earlier when amdgpu.cik_/si_support is not set to 1 Thomas Hellstrom <thellstrom(a)vmware.com> drm/ttm: Restore ttm prefaulting Kai-Heng Feng <kai.heng.feng(a)canonical.com> drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 Will Deacon <will(a)kernel.org> mac80211: Reject malformed SSID elements Will Deacon <will(a)kernel.org> cfg80211: wext: avoid copying malformed SSIDs John Garry <john.garry(a)huawei.com> ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() Junya Monden <jmonden(a)jp.adit-jv.com> ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting Evan Green <evgreen(a)chromium.org> Input: synaptics-rmi4 - avoid processing unknown IRQs Marco Felsch <m.felsch(a)pengutronix.de> Input: da9063 - fix capability and drop KEY_SLEEP Bart Van Assche <bvanassche(a)acm.org> scsi: ch: Make it possible to open a ch device multiple times again Yufen Yu <yuyufen(a)huawei.com> scsi: core: try to get module before removing device Damien Le Moal <damien.lemoal(a)wdc.com> scsi: core: save/restore command resid for error handling Oliver Neukum <oneukum(a)suse.com> scsi: sd: Ignore a failure to sync cache due to lack of authorization Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix reaction on bit error threshold notification Colin Ian King <colin.king(a)canonical.com> staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS Paul Burton <paulburton(a)kernel.org> MIPS: tlbex: Fix build_restore_pagemask KScratch restore Johan Hovold <johan(a)kernel.org> USB: ldusb: fix read info leaks Johan Hovold <johan(a)kernel.org> USB: usblp: fix use-after-free on disconnect Johan Hovold <johan(a)kernel.org> USB: ldusb: fix memleak on disconnect Johan Hovold <johan(a)kernel.org> USB: serial: ti_usb_3410_5052: fix port-close races Gustavo A. R. Silva <gustavo(a)embeddedor.com> usb: udc: lpc32xx: fix bad bit shift operation Lukas Wunner <lukas(a)wunner.de> ALSA: hda - Force runtime PM on Nvidia HDMI codecs Szabolcs Szőke <szszoke.code(a)gmail.com> ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers Daniel Drake <drake(a)endlessm.com> ALSA: hda/realtek - Enable headset mic on Asus MJ401TA Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Add support for ALC711 Johan Hovold <johan(a)kernel.org> USB: legousbtower: fix memleak on disconnect Matthew Wilcox (Oracle) <willy(a)infradead.org> memfd: Fix locking when tagging pins Xin Long <lucien.xin(a)gmail.com> sctp: change sctp_prot .no_autobind with true Biao Huang <biao.huang(a)mediatek.com> net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow Xin Long <lucien.xin(a)gmail.com> net: ipv6: fix listify ip6_rcv_finish in case of forwarding Cédric Le Goater <clg(a)kaod.org> net/ibmvnic: Fix EOI when running in XIVE mode. Thomas Bogendoerfer <tbogendoerfer(a)suse.de> net: i82596: fix dma_alloc_attr for sni_82596 Florian Fainelli <f.fainelli(a)gmail.com> net: bcmgenet: Set phydev->dev_flags only for internal PHYs Florian Fainelli <f.fainelli(a)gmail.com> net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 Eric Dumazet <edumazet(a)google.com> net: avoid potential infinite loop in tc_ctl_action() Stefano Brivio <sbrivio(a)redhat.com> ipv4: Return -ENETUNREACH if we can't create route but saddr is valid Wei Wang <weiwan(a)google.com> ipv4: fix race condition between route lookup and invalidation Yi Li <yilikernel(a)gmail.com> ocfs2: fix panic due to ocfs2_wq is null Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/radeon: Fix EEH during kexec" Song Liu <songliubraving(a)fb.com> md/raid0: fix warning message for parameter default_layout Dan Williams <dan.j.williams(a)intel.com> libata/ahci: Fix PCS quirk application Jacob Keller <jacob.e.keller(a)intel.com> namespace: fix namespace.pl script to support relative paths Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8152: Set macpassthru in reset_resume callback Randy Dunlap <rdunlap(a)infradead.org> lib: textsearch: fix escapes in example code Yizhuo <yzhai003(a)ucr.edu> net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mips: Loongson: Fix the link time qualifier of 'serial_exit()' Wen Yang <wenyang(a)linux.alibaba.com> net: dsa: rtl8366rb: add missing of_node_put after calling of_get_child_by_name Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_connlimit: disable bh on garbage collection Miaoqing Pan <miaoqing(a)codeaurora.org> mac80211: fix txq null pointer dereference Miaoqing Pan <miaoqing(a)codeaurora.org> nl80211: fix null pointer dereference Ross Lagerwall <ross.lagerwall(a)citrix.com> xen/efi: Set nonblocking callbacks Oleksij Rempel <o.rempel(a)pengutronix.de> MIPS: dts: ar9331: fix interrupt-controller size Michal Vokáč <michal.vokac(a)ysoft.com> net: dsa: qca8k: Use up to 7 ports for all operations Peter Ujfalusi <peter.ujfalusi(a)ti.com> ARM: dts: am4372: Set memory bandwidth limit for DISPC Navid Emamdoost <navid.emamdoost(a)gmail.com> ieee802154: ca8210: prevent memory leak Tony Lindgren <tony(a)atomide.com> ARM: OMAP2+: Fix warnings with broken omap2_set_init_voltage() Tony Lindgren <tony(a)atomide.com> ARM: OMAP2+: Fix missing reset done flag for am3 and am43 Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix unbound sleep in fcport delete path. Xiang Chen <chenxiang66(a)hisilicon.com> scsi: megaraid: disable device when probe failed after enabled device Stanley Chu <stanley.chu(a)mediatek.com> scsi: ufs: skip shutdown if hba is not powered Balbir Singh <sblbir(a)amzn.com> nvme-pci: Fix a race in controller removal ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/am4372.dtsi | 2 + .../mach-omap2/omap_hwmod_33xx_43xx_ipblock_data.c | 3 +- arch/arm/mach-omap2/pm.c | 100 --------------------- arch/arm/xen/efi.c | 2 + arch/arm64/kernel/cpu_errata.c | 33 +++++++ arch/mips/boot/dts/qca/ar9331.dtsi | 2 +- arch/mips/loongson64/common/serial.c | 2 +- arch/mips/mm/tlbex.c | 23 +++-- arch/parisc/mm/ioremap.c | 12 +-- arch/x86/kernel/apic/x2apic_cluster.c | 3 +- arch/x86/kernel/head64.c | 22 ++++- arch/x86/xen/efi.c | 2 + arch/xtensa/kernel/xtensa_ksyms.c | 7 -- block/blk-rq-qos.h | 13 ++- drivers/acpi/cppc_acpi.c | 2 +- drivers/ata/ahci.c | 4 +- drivers/base/core.c | 3 + drivers/base/memory.c | 3 + drivers/cpufreq/cpufreq.c | 10 --- drivers/edac/ghes_edac.c | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 35 ++++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 35 -------- drivers/gpu/drm/drm_edid.c | 3 + drivers/gpu/drm/radeon/radeon_drv.c | 8 -- drivers/gpu/drm/ttm/ttm_bo_vm.c | 16 ++-- drivers/infiniband/hw/cxgb4/mem.c | 28 +++--- drivers/input/misc/da9063_onkey.c | 5 +- drivers/input/rmi4/rmi_driver.c | 6 +- drivers/md/dm-cache-target.c | 28 +----- drivers/md/raid0.c | 2 +- drivers/memstick/host/jmb38x_ms.c | 2 +- drivers/mmc/host/cqhci.c | 3 +- drivers/net/dsa/qca8k.c | 4 +- drivers/net/dsa/rtl8366rb.c | 16 ++-- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 1 + drivers/net/ethernet/broadcom/genet/bcmmii.c | 11 ++- drivers/net/ethernet/hisilicon/hns_mdio.c | 6 +- drivers/net/ethernet/i825xx/lasi_82596.c | 4 +- drivers/net/ethernet/i825xx/lib82596.c | 4 +- drivers/net/ethernet/i825xx/sni_82596.c | 4 +- drivers/net/ethernet/ibm/ibmvnic.c | 8 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 12 ++- drivers/net/ieee802154/ca8210.c | 2 +- drivers/net/usb/r8152.c | 3 +- drivers/net/xen-netback/interface.c | 1 - drivers/nvme/host/core.c | 5 +- drivers/pci/pci.c | 24 +++-- drivers/pinctrl/intel/pinctrl-cherryview.c | 4 - drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 26 +++--- drivers/s390/scsi/zfcp_fsf.c | 16 +++- drivers/scsi/ch.c | 1 - drivers/scsi/megaraid.c | 4 +- drivers/scsi/qla2xxx/qla_target.c | 4 + drivers/scsi/scsi_error.c | 3 + drivers/scsi/scsi_sysfs.c | 11 ++- drivers/scsi/sd.c | 3 +- drivers/scsi/ufs/ufshcd.c | 3 + drivers/staging/wlan-ng/cfg80211.c | 6 +- drivers/usb/class/usblp.c | 4 +- drivers/usb/gadget/udc/lpc32xx_udc.c | 6 +- drivers/usb/misc/ldusb.c | 23 ++--- drivers/usb/misc/legousbtower.c | 5 +- drivers/usb/serial/ti_usb_3410_5052.c | 10 +-- fs/btrfs/extent-tree.c | 1 + fs/btrfs/file.c | 36 ++++---- fs/btrfs/relocation.c | 2 + fs/cifs/file.c | 6 +- fs/cifs/smb1ops.c | 3 + fs/ocfs2/journal.c | 3 +- fs/ocfs2/localalloc.c | 3 +- fs/proc/page.c | 28 +++--- include/scsi/scsi_eh.h | 1 + include/trace/events/btrfs.h | 3 +- kernel/events/core.c | 2 +- kernel/trace/trace_event_perf.c | 4 + lib/textsearch.c | 4 +- mm/hugetlb.c | 5 +- mm/memfd.c | 18 ++-- mm/memory-failure.c | 36 ++++---- mm/page_owner.c | 5 +- mm/slub.c | 13 ++- net/ipv4/route.c | 11 ++- net/ipv6/ip6_input.c | 4 +- net/mac80211/debugfs_netdev.c | 11 ++- net/mac80211/mlme.c | 5 +- net/netfilter/nft_connlimit.c | 7 +- net/sched/act_api.c | 14 +-- net/sctp/socket.c | 4 +- net/wireless/nl80211.c | 3 + net/wireless/wext-sme.c | 8 +- scripts/namespace.pl | 13 +-- sound/pci/hda/patch_hdmi.c | 2 + sound/pci/hda/patch_realtek.c | 14 +++ sound/soc/sh/rcar/core.c | 1 + sound/usb/pcm.c | 3 + 96 files changed, 495 insertions(+), 439 deletions(-)

4 years, 5 months

9
106
0 0

[PATCH stable 5.3 1/2] selftests/powerpc: Add test case for tlbie vs mtpidr ordering issue

by Sandipan Das

From: "Aneesh Kumar K.V" <aneesh.kumar(a)linux.ibm.com> commit 93cad5f789951eaa27c3392b15294b4e51253944 upstream. Cc: stable(a)vger.kernel.org # v5.3 Signed-off-by: Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> [mpe: Some minor fixes to make it build] Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://lore.kernel.org/r/20190924035254.24612-4-aneesh.kumar@linux.ibm.com [sandipan: Backported to v5.3] Signed-off-by: Sandipan Das <sandipan(a)linux.ibm.com> --- tools/testing/selftests/powerpc/mm/Makefile | 2 + .../testing/selftests/powerpc/mm/tlbie_test.c | 734 ++++++++++++++++++ 2 files changed, 736 insertions(+) create mode 100644 tools/testing/selftests/powerpc/mm/tlbie_test.c diff --git a/tools/testing/selftests/powerpc/mm/Makefile b/tools/testing/selftests/powerpc/mm/Makefile index f1fbc15800c4..ed1565809d2b 100644 --- a/tools/testing/selftests/powerpc/mm/Makefile +++ b/tools/testing/selftests/powerpc/mm/Makefile @@ -4,6 +4,7 @@ noarg: TEST_GEN_PROGS := hugetlb_vs_thp_test subpage_prot prot_sao segv_errors wild_bctr \ large_vm_fork_separation +TEST_GEN_PROGS_EXTENDED := tlbie_test TEST_GEN_FILES := tempfile top_srcdir = ../../../../.. @@ -19,3 +20,4 @@ $(OUTPUT)/large_vm_fork_separation: CFLAGS += -m64 $(OUTPUT)/tempfile: dd if=/dev/zero of=$@ bs=64k count=1 +$(OUTPUT)/tlbie_test: LDLIBS += -lpthread diff --git a/tools/testing/selftests/powerpc/mm/tlbie_test.c b/tools/testing/selftests/powerpc/mm/tlbie_test.c new file mode 100644 index 000000000000..9868a5ddd847 --- /dev/null +++ b/tools/testing/selftests/powerpc/mm/tlbie_test.c @@ -0,0 +1,734 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * Copyright 2019, Nick Piggin, Gautham R. Shenoy, Aneesh Kumar K.V, IBM Corp. + */ + +/* + * + * Test tlbie/mtpidr race. We have 4 threads doing flush/load/compare/store + * sequence in a loop. The same threads also rung a context switch task + * that does sched_yield() in loop. + * + * The snapshot thread mark the mmap area PROT_READ in between, make a copy + * and copy it back to the original area. This helps us to detect if any + * store continued to happen after we marked the memory PROT_READ. + */ + +#define _GNU_SOURCE +#include <stdio.h> +#include <sys/mman.h> +#include <sys/types.h> +#include <sys/wait.h> +#include <sys/ipc.h> +#include <sys/shm.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <linux/futex.h> +#include <unistd.h> +#include <asm/unistd.h> +#include <string.h> +#include <stdlib.h> +#include <fcntl.h> +#include <sched.h> +#include <time.h> +#include <stdarg.h> +#include <sched.h> +#include <pthread.h> +#include <signal.h> +#include <sys/prctl.h> + +static inline void dcbf(volatile unsigned int *addr) +{ + __asm__ __volatile__ ("dcbf %y0; sync" : : "Z"(*(unsigned char *)addr) : "memory"); +} + +static void err_msg(char *msg) +{ + + time_t now; + time(&now); + printf("=================================\n"); + printf(" Error: %s\n", msg); + printf(" %s", ctime(&now)); + printf("=================================\n"); + exit(1); +} + +static char *map1; +static char *map2; +static pid_t rim_process_pid; + +/* + * A "rim-sequence" is defined to be the sequence of the following + * operations performed on a memory word: + * 1) FLUSH the contents of that word. + * 2) LOAD the contents of that word. + * 3) COMPARE the contents of that word with the content that was + * previously stored at that word + * 4) STORE new content into that word. + * + * The threads in this test that perform the rim-sequence are termed + * as rim_threads. + */ + +/* + * A "corruption" is defined to be the failed COMPARE operation in a + * rim-sequence. + * + * A rim_thread that detects a corruption informs about it to all the + * other rim_threads, and the mem_snapshot thread. + */ +static volatile unsigned int corruption_found; + +/* + * This defines the maximum number of rim_threads in this test. + * + * The THREAD_ID_BITS denote the number of bits required + * to represent the thread_ids [0..MAX_THREADS - 1]. + * We are being a bit paranoid here and set it to 8 bits, + * though 6 bits suffice. + * + */ +#define MAX_THREADS 64 +#define THREAD_ID_BITS 8 +#define THREAD_ID_MASK ((1 << THREAD_ID_BITS) - 1) +static unsigned int rim_thread_ids[MAX_THREADS]; +static pthread_t rim_threads[MAX_THREADS]; + + +/* + * Each rim_thread works on an exclusive "chunk" of size + * RIM_CHUNK_SIZE. + * + * The ith rim_thread works on the ith chunk. + * + * The ith chunk begins at + * map1 + (i * RIM_CHUNK_SIZE) + */ +#define RIM_CHUNK_SIZE 1024 +#define BITS_PER_BYTE 8 +#define WORD_SIZE (sizeof(unsigned int)) +#define WORD_BITS (WORD_SIZE * BITS_PER_BYTE) +#define WORDS_PER_CHUNK (RIM_CHUNK_SIZE/WORD_SIZE) + +static inline char *compute_chunk_start_addr(unsigned int thread_id) +{ + char *chunk_start; + + chunk_start = (char *)((unsigned long)map1 + + (thread_id * RIM_CHUNK_SIZE)); + + return chunk_start; +} + +/* + * The "word-offset" of a word-aligned address inside a chunk, is + * defined to be the number of words that precede the address in that + * chunk. + * + * WORD_OFFSET_BITS denote the number of bits required to represent + * the word-offsets of all the word-aligned addresses of a chunk. + */ +#define WORD_OFFSET_BITS (__builtin_ctz(WORDS_PER_CHUNK)) +#define WORD_OFFSET_MASK ((1 << WORD_OFFSET_BITS) - 1) + +static inline unsigned int compute_word_offset(char *start, unsigned int *addr) +{ + unsigned int delta_bytes, ret; + delta_bytes = (unsigned long)addr - (unsigned long)start; + + ret = delta_bytes/WORD_SIZE; + + return ret; +} + +/* + * A "sweep" is defined to be the sequential execution of the + * rim-sequence by a rim_thread on its chunk one word at a time, + * starting from the first word of its chunk and ending with the last + * word of its chunk. + * + * Each sweep of a rim_thread is uniquely identified by a sweep_id. + * SWEEP_ID_BITS denote the number of bits required to represent + * the sweep_ids of rim_threads. + * + * As to why SWEEP_ID_BITS are computed as a function of THREAD_ID_BITS, + * WORD_OFFSET_BITS, and WORD_BITS, see the "store-pattern" below. + */ +#define SWEEP_ID_BITS (WORD_BITS - (THREAD_ID_BITS + WORD_OFFSET_BITS)) +#define SWEEP_ID_MASK ((1 << SWEEP_ID_BITS) - 1) + +/* + * A "store-pattern" is the word-pattern that is stored into a word + * location in the 4)STORE step of the rim-sequence. + * + * In the store-pattern, we shall encode: + * + * - The thread-id of the rim_thread performing the store + * (The most significant THREAD_ID_BITS) + * + * - The word-offset of the address into which the store is being + * performed (The next WORD_OFFSET_BITS) + * + * - The sweep_id of the current sweep in which the store is + * being performed. (The lower SWEEP_ID_BITS) + * + * Store Pattern: 32 bits + * |------------------|--------------------|---------------------------------| + * | Thread id | Word offset | sweep_id | + * |------------------|--------------------|---------------------------------| + * THREAD_ID_BITS WORD_OFFSET_BITS SWEEP_ID_BITS + * + * In the store pattern, the (Thread-id + Word-offset) uniquely identify the + * address to which the store is being performed i.e, + * address == map1 + + * (Thread-id * RIM_CHUNK_SIZE) + (Word-offset * WORD_SIZE) + * + * And the sweep_id in the store pattern identifies the time when the + * store was performed by the rim_thread. + * + * We shall use this property in the 3)COMPARE step of the + * rim-sequence. + */ +#define SWEEP_ID_SHIFT 0 +#define WORD_OFFSET_SHIFT (SWEEP_ID_BITS) +#define THREAD_ID_SHIFT (WORD_OFFSET_BITS + SWEEP_ID_BITS) + +/* + * Compute the store pattern for a given thread with id @tid, at + * location @addr in the sweep identified by @sweep_id + */ +static inline unsigned int compute_store_pattern(unsigned int tid, + unsigned int *addr, + unsigned int sweep_id) +{ + unsigned int ret = 0; + char *start = compute_chunk_start_addr(tid); + unsigned int word_offset = compute_word_offset(start, addr); + + ret += (tid & THREAD_ID_MASK) << THREAD_ID_SHIFT; + ret += (word_offset & WORD_OFFSET_MASK) << WORD_OFFSET_SHIFT; + ret += (sweep_id & SWEEP_ID_MASK) << SWEEP_ID_SHIFT; + return ret; +} + +/* Extract the thread-id from the given store-pattern */ +static inline unsigned int extract_tid(unsigned int pattern) +{ + unsigned int ret; + + ret = (pattern >> THREAD_ID_SHIFT) & THREAD_ID_MASK; + return ret; +} + +/* Extract the word-offset from the given store-pattern */ +static inline unsigned int extract_word_offset(unsigned int pattern) +{ + unsigned int ret; + + ret = (pattern >> WORD_OFFSET_SHIFT) & WORD_OFFSET_MASK; + + return ret; +} + +/* Extract the sweep-id from the given store-pattern */ +static inline unsigned int extract_sweep_id(unsigned int pattern) + +{ + unsigned int ret; + + ret = (pattern >> SWEEP_ID_SHIFT) & SWEEP_ID_MASK; + + return ret; +} + +/************************************************************ + * * + * Logging the output of the verification * + * * + ************************************************************/ +#define LOGDIR_NAME_SIZE 100 +static char logdir[LOGDIR_NAME_SIZE]; + +static FILE *fp[MAX_THREADS]; +static const char logfilename[] ="Thread-%02d-Chunk"; + +static inline void start_verification_log(unsigned int tid, + unsigned int *addr, + unsigned int cur_sweep_id, + unsigned int prev_sweep_id) +{ + FILE *f; + char logfile[30]; + char path[LOGDIR_NAME_SIZE + 30]; + char separator[2] = "/"; + char *chunk_start = compute_chunk_start_addr(tid); + unsigned int size = RIM_CHUNK_SIZE; + + sprintf(logfile, logfilename, tid); + strcpy(path, logdir); + strcat(path, separator); + strcat(path, logfile); + f = fopen(path, "w"); + + if (!f) { + err_msg("Unable to create logfile\n"); + } + + fp[tid] = f; + + fprintf(f, "----------------------------------------------------------\n"); + fprintf(f, "PID = %d\n", rim_process_pid); + fprintf(f, "Thread id = %02d\n", tid); + fprintf(f, "Chunk Start Addr = 0x%016lx\n", (unsigned long)chunk_start); + fprintf(f, "Chunk Size = %d\n", size); + fprintf(f, "Next Store Addr = 0x%016lx\n", (unsigned long)addr); + fprintf(f, "Current sweep-id = 0x%08x\n", cur_sweep_id); + fprintf(f, "Previous sweep-id = 0x%08x\n", prev_sweep_id); + fprintf(f, "----------------------------------------------------------\n"); +} + +static inline void log_anamoly(unsigned int tid, unsigned int *addr, + unsigned int expected, unsigned int observed) +{ + FILE *f = fp[tid]; + + fprintf(f, "Thread %02d: Addr 0x%lx: Expected 0x%x, Observed 0x%x\n", + tid, (unsigned long)addr, expected, observed); + fprintf(f, "Thread %02d: Expected Thread id = %02d\n", tid, extract_tid(expected)); + fprintf(f, "Thread %02d: Observed Thread id = %02d\n", tid, extract_tid(observed)); + fprintf(f, "Thread %02d: Expected Word offset = %03d\n", tid, extract_word_offset(expected)); + fprintf(f, "Thread %02d: Observed Word offset = %03d\n", tid, extract_word_offset(observed)); + fprintf(f, "Thread %02d: Expected sweep-id = 0x%x\n", tid, extract_sweep_id(expected)); + fprintf(f, "Thread %02d: Observed sweep-id = 0x%x\n", tid, extract_sweep_id(observed)); + fprintf(f, "----------------------------------------------------------\n"); +} + +static inline void end_verification_log(unsigned int tid, unsigned nr_anamolies) +{ + FILE *f = fp[tid]; + char logfile[30]; + char path[LOGDIR_NAME_SIZE + 30]; + char separator[] = "/"; + + fclose(f); + + if (nr_anamolies == 0) { + remove(path); + return; + } + + sprintf(logfile, logfilename, tid); + strcpy(path, logdir); + strcat(path, separator); + strcat(path, logfile); + + printf("Thread %02d chunk has %d corrupted words. For details check %s\n", + tid, nr_anamolies, path); +} + +/* + * When a COMPARE step of a rim-sequence fails, the rim_thread informs + * everyone else via the shared_memory pointed to by + * corruption_found variable. On seeing this, every thread verifies the + * content of its chunk as follows. + * + * Suppose a thread identified with @tid was about to store (but not + * yet stored) to @next_store_addr in its current sweep identified + * @cur_sweep_id. Let @prev_sweep_id indicate the previous sweep_id. + * + * This implies that for all the addresses @addr < @next_store_addr, + * Thread @tid has already performed a store as part of its current + * sweep. Hence we expect the content of such @addr to be: + * |-------------------------------------------------| + * | tid | word_offset(addr) | cur_sweep_id | + * |-------------------------------------------------| + * + * Since Thread @tid is yet to perform stores on address + * @next_store_addr and above, we expect the content of such an + * address @addr to be: + * |-------------------------------------------------| + * | tid | word_offset(addr) | prev_sweep_id | + * |-------------------------------------------------| + * + * The verifier function @verify_chunk does this verification and logs + * any anamolies that it finds. + */ +static void verify_chunk(unsigned int tid, unsigned int *next_store_addr, + unsigned int cur_sweep_id, + unsigned int prev_sweep_id) +{ + unsigned int *iter_ptr; + unsigned int size = RIM_CHUNK_SIZE; + unsigned int expected; + unsigned int observed; + char *chunk_start = compute_chunk_start_addr(tid); + + int nr_anamolies = 0; + + start_verification_log(tid, next_store_addr, + cur_sweep_id, prev_sweep_id); + + for (iter_ptr = (unsigned int *)chunk_start; + (unsigned long)iter_ptr < (unsigned long)chunk_start + size; + iter_ptr++) { + unsigned int expected_sweep_id; + + if (iter_ptr < next_store_addr) { + expected_sweep_id = cur_sweep_id; + } else { + expected_sweep_id = prev_sweep_id; + } + + expected = compute_store_pattern(tid, iter_ptr, expected_sweep_id); + + dcbf((volatile unsigned int*)iter_ptr); //Flush before reading + observed = *iter_ptr; + + if (observed != expected) { + nr_anamolies++; + log_anamoly(tid, iter_ptr, expected, observed); + } + } + + end_verification_log(tid, nr_anamolies); +} + +static void set_pthread_cpu(pthread_t th, int cpu) +{ + cpu_set_t run_cpu_mask; + struct sched_param param; + + CPU_ZERO(&run_cpu_mask); + CPU_SET(cpu, &run_cpu_mask); + pthread_setaffinity_np(th, sizeof(cpu_set_t), &run_cpu_mask); + + param.sched_priority = 1; + if (0 && sched_setscheduler(0, SCHED_FIFO, &param) == -1) { + /* haven't reproduced with this setting, it kills random preemption which may be a factor */ + fprintf(stderr, "could not set SCHED_FIFO, run as root?\n"); + } +} + +static void set_mycpu(int cpu) +{ + cpu_set_t run_cpu_mask; + struct sched_param param; + + CPU_ZERO(&run_cpu_mask); + CPU_SET(cpu, &run_cpu_mask); + sched_setaffinity(0, sizeof(cpu_set_t), &run_cpu_mask); + + param.sched_priority = 1; + if (0 && sched_setscheduler(0, SCHED_FIFO, &param) == -1) { + fprintf(stderr, "could not set SCHED_FIFO, run as root?\n"); + } +} + +static volatile int segv_wait; + +static void segv_handler(int signo, siginfo_t *info, void *extra) +{ + while (segv_wait) { + sched_yield(); + } + +} + +static void set_segv_handler(void) +{ + struct sigaction sa; + + sa.sa_flags = SA_SIGINFO; + sa.sa_sigaction = segv_handler; + + if (sigaction(SIGSEGV, &sa, NULL) == -1) { + perror("sigaction"); + exit(EXIT_FAILURE); + } +} + +int timeout = 0; +/* + * This function is executed by every rim_thread. + * + * This function performs sweeps over the exclusive chunks of the + * rim_threads executing the rim-sequence one word at a time. + */ +static void *rim_fn(void *arg) +{ + unsigned int tid = *((unsigned int *)arg); + + int size = RIM_CHUNK_SIZE; + char *chunk_start = compute_chunk_start_addr(tid); + + unsigned int prev_sweep_id; + unsigned int cur_sweep_id = 0; + + /* word access */ + unsigned int pattern = cur_sweep_id; + unsigned int *pattern_ptr = &pattern; + unsigned int *w_ptr, read_data; + + set_segv_handler(); + + /* + * Let us initialize the chunk: + * + * Each word-aligned address addr in the chunk, + * is initialized to : + * |-------------------------------------------------| + * | tid | word_offset(addr) | 0 | + * |-------------------------------------------------| + */ + for (w_ptr = (unsigned int *)chunk_start; + (unsigned long)w_ptr < (unsigned long)(chunk_start) + size; + w_ptr++) { + + *pattern_ptr = compute_store_pattern(tid, w_ptr, cur_sweep_id); + *w_ptr = *pattern_ptr; + } + + while (!corruption_found && !timeout) { + prev_sweep_id = cur_sweep_id; + cur_sweep_id = cur_sweep_id + 1; + + for (w_ptr = (unsigned int *)chunk_start; + (unsigned long)w_ptr < (unsigned long)(chunk_start) + size; + w_ptr++) { + unsigned int old_pattern; + + /* + * Compute the pattern that we would have + * stored at this location in the previous + * sweep. + */ + old_pattern = compute_store_pattern(tid, w_ptr, prev_sweep_id); + + /* + * FLUSH:Ensure that we flush the contents of + * the cache before loading + */ + dcbf((volatile unsigned int*)w_ptr); //Flush + + /* LOAD: Read the value */ + read_data = *w_ptr; //Load + + /* + * COMPARE: Is it the same as what we had stored + * in the previous sweep ? It better be! + */ + if (read_data != old_pattern) { + /* No it isn't! Tell everyone */ + corruption_found = 1; + } + + /* + * Before performing a store, let us check if + * any rim_thread has found a corruption. + */ + if (corruption_found || timeout) { + /* + * Yes. Someone (including us!) has found + * a corruption :( + * + * Let us verify that our chunk is + * correct. + */ + /* But first, let us allow the dust to settle down! */ + verify_chunk(tid, w_ptr, cur_sweep_id, prev_sweep_id); + + return 0; + } + + /* + * Compute the new pattern that we are going + * to write to this location + */ + *pattern_ptr = compute_store_pattern(tid, w_ptr, cur_sweep_id); + + /* + * STORE: Now let us write this pattern into + * the location + */ + *w_ptr = *pattern_ptr; + } + } + + return NULL; +} + + +static unsigned long start_cpu = 0; +static unsigned long nrthreads = 4; + +static pthread_t mem_snapshot_thread; + +static void *mem_snapshot_fn(void *arg) +{ + int page_size = getpagesize(); + size_t size = page_size; + void *tmp = malloc(size); + + while (!corruption_found && !timeout) { + /* Stop memory migration once corruption is found */ + segv_wait = 1; + + mprotect(map1, size, PROT_READ); + + /* + * Load from the working alias (map1). Loading from map2 + * also fails. + */ + memcpy(tmp, map1, size); + + /* + * Stores must go via map2 which has write permissions, but + * the corrupted data tends to be seen in the snapshot buffer, + * so corruption does not appear to be introduced at the + * copy-back via map2 alias here. + */ + memcpy(map2, tmp, size); + /* + * Before releasing other threads, must ensure the copy + * back to + */ + asm volatile("sync" ::: "memory"); + mprotect(map1, size, PROT_READ|PROT_WRITE); + asm volatile("sync" ::: "memory"); + segv_wait = 0; + + usleep(1); /* This value makes a big difference */ + } + + return 0; +} + +void alrm_sighandler(int sig) +{ + timeout = 1; +} + +int main(int argc, char *argv[]) +{ + int c; + int page_size = getpagesize(); + time_t now; + int i, dir_error; + pthread_attr_t attr; + key_t shm_key = (key_t) getpid(); + int shmid, run_time = 20 * 60; + struct sigaction sa_alrm; + + snprintf(logdir, LOGDIR_NAME_SIZE, + "/tmp/logdir-%u", (unsigned int)getpid()); + while ((c = getopt(argc, argv, "r:hn:l:t:")) != -1) { + switch(c) { + case 'r': + start_cpu = strtoul(optarg, NULL, 10); + break; + case 'h': + printf("%s [-r <start_cpu>] [-n <nrthreads>] [-l <logdir>] [-t <timeout>]\n", argv[0]); + exit(0); + break; + case 'n': + nrthreads = strtoul(optarg, NULL, 10); + break; + case 'l': + strncpy(logdir, optarg, LOGDIR_NAME_SIZE); + break; + case 't': + run_time = strtoul(optarg, NULL, 10); + break; + default: + printf("invalid option\n"); + exit(0); + break; + } + } + + if (nrthreads > MAX_THREADS) + nrthreads = MAX_THREADS; + + shmid = shmget(shm_key, page_size, IPC_CREAT|0666); + if (shmid < 0) { + err_msg("Failed shmget\n"); + } + + map1 = shmat(shmid, NULL, 0); + if (map1 == (void *) -1) { + err_msg("Failed shmat"); + } + + map2 = shmat(shmid, NULL, 0); + if (map2 == (void *) -1) { + err_msg("Failed shmat"); + } + + dir_error = mkdir(logdir, 0755); + + if (dir_error) { + err_msg("Failed mkdir"); + } + + printf("start_cpu list:%lu\n", start_cpu); + printf("number of worker threads:%lu + 1 snapshot thread\n", nrthreads); + printf("Allocated address:0x%016lx + secondary map:0x%016lx\n", (unsigned long)map1, (unsigned long)map2); + printf("logdir at : %s\n", logdir); + printf("Timeout: %d seconds\n", run_time); + + time(&now); + printf("=================================\n"); + printf(" Starting Test\n"); + printf(" %s", ctime(&now)); + printf("=================================\n"); + + for (i = 0; i < nrthreads; i++) { + if (1 && !fork()) { + prctl(PR_SET_PDEATHSIG, SIGKILL); + set_mycpu(start_cpu + i); + for (;;) + sched_yield(); + exit(0); + } + } + + + sa_alrm.sa_handler = &alrm_sighandler; + sigemptyset(&sa_alrm.sa_mask); + sa_alrm.sa_flags = 0; + + if (sigaction(SIGALRM, &sa_alrm, 0) == -1) { + err_msg("Failed signal handler registration\n"); + } + + alarm(run_time); + + pthread_attr_init(&attr); + for (i = 0; i < nrthreads; i++) { + rim_thread_ids[i] = i; + pthread_create(&rim_threads[i], &attr, rim_fn, &rim_thread_ids[i]); + set_pthread_cpu(rim_threads[i], start_cpu + i); + } + + pthread_create(&mem_snapshot_thread, &attr, mem_snapshot_fn, map1); + set_pthread_cpu(mem_snapshot_thread, start_cpu + i); + + + pthread_join(mem_snapshot_thread, NULL); + for (i = 0; i < nrthreads; i++) { + pthread_join(rim_threads[i], NULL); + } + + if (!timeout) { + time(&now); + printf("=================================\n"); + printf(" Data Corruption Detected\n"); + printf(" %s", ctime(&now)); + printf(" See logfiles in %s\n", logdir); + printf("=================================\n"); + return 1; + } + return 0; +} -- 2.21.0

4 years, 5 months

2
2
0 0

[PATCH 4.14 0/2] backport iio: stm32-adc: fix a race with dma and irq

by Fabrice Gasnier

This is a backport of "iio: stm32-adc: fix a race with dma and irq" series on top of v4.14.148 at the time of writing. The original series doesn't apply cleanly on v4.14.x: the precursor patch needed a slight update. Original series can be found in [1]. [1] https://www.lkml.org/lkml/2019/9/17/394 Original cover-letter: This series fixes a race condition observed when using several ADCs with DMA and irq. There's a precusor patch to the fix. It keeps registers definitions as a whole block, to ease readability and allow simple (readl) access path to EOC bits in stm32-adc-core driver. Fabrice Gasnier (2): iio: adc: stm32-adc: move registers definitions iio: adc: stm32-adc: fix a race when using several adcs with dma and irq drivers/iio/adc/stm32-adc-core.c | 70 +++++++++++--------- drivers/iio/adc/stm32-adc-core.h | 135 +++++++++++++++++++++++++++++++++++++++ drivers/iio/adc/stm32-adc.c | 107 ------------------------------- 3 files changed, 175 insertions(+), 137 deletions(-) -- 2.7.4

4 years, 5 months

2
3
0 0

[PATCH] fbdev/omap: fix max fclk divider for omap36xx

by Adam Ford

The OMAP36xx and AM/DM37x TRMs say that the maximum divider for DSS fclk (in CM_CLKSEL_DSS) is 32. Experimentation shows that this is not correct, and using divider of 32 breaks DSS with a flood or underflows and sync losts. Dividers up to 31 seem to work fine. There is another patch to the DT files to limit the divider correctly, but as the DSS driver also needs to know the maximum divider to be able to iteratively find good rates, we also need to do the fix in the DSS driver. Signed-off-by: Adam Ford <aford173(a)gmail.com> Cc: Tomi Valkeinen <tomi.valkeinen(a)ti.com> Cc: stable(a)vger.kernel.org # linux-4.4.y only diff --git a/drivers/video/fbdev/omap2/dss/dss.c b/drivers/video/fbdev/omap2/dss/dss.c index 9200a8668b49..a57c3a5f4bf8 100644 --- a/drivers/video/fbdev/omap2/dss/dss.c +++ b/drivers/video/fbdev/omap2/dss/dss.c @@ -843,7 +843,7 @@ static const struct dss_features omap34xx_dss_feats = { }; static const struct dss_features omap3630_dss_feats = { - .fck_div_max = 32, + .fck_div_max = 31, .dss_fck_multiplier = 1, .parent_clk_name = "dpll4_ck", .dpi_select_source = &dss_dpi_select_source_omap2_omap3, -- 2.17.1

4 years, 5 months

2
3
0 0

[PATCH] fbdev/omap: fix max fclk divider for omap36xx

by Adam Ford

The OMAP36xx and AM/DM37x TRMs say that the maximum divider for DSS fclk (in CM_CLKSEL_DSS) is 32. Experimentation shows that this is not correct, and using divider of 32 breaks DSS with a flood or underflows and sync losts. Dividers up to 31 seem to work fine. There is another patch to the DT files to limit the divider correctly, but as the DSS driver also needs to know the maximum divider to be able to iteratively find good rates, we also need to do the fix in the DSS driver. Signed-off-by: Adam Ford <aford173(a)gmail.com> Cc: Tomi Valkeinen <tomi.valkeinen(a)ti.com> Cc: stable(a)vger.kernel.org #linux-4.9.y+ diff --git a/drivers/video/fbdev/omap2/omapfb/dss/dss.c b/drivers/video/fbdev/omap2/omapfb/dss/dss.c index 48c6500c24e1..4429ad37b64c 100644 --- a/drivers/video/fbdev/omap2/omapfb/dss/dss.c +++ b/drivers/video/fbdev/omap2/omapfb/dss/dss.c @@ -843,7 +843,7 @@ static const struct dss_features omap34xx_dss_feats = { }; static const struct dss_features omap3630_dss_feats = { - .fck_div_max = 32, + .fck_div_max = 31, .dss_fck_multiplier = 1, .parent_clk_name = "dpll4_ck", .dpi_select_source = &dss_dpi_select_source_omap2_omap3, -- 2.17.1

4 years, 5 months

2
2
0 0

[PATCH STABLE 4.9] x86, mm, gup: prevent get_page() race with munmap in paravirt guest

by Vlastimil Babka

The x86 version of get_user_pages_fast() relies on disabled interrupts to synchronize gup_pte_range() between gup_get_pte(ptep); and get_page() against a parallel munmap. The munmap side nulls the pte, then flushes TLBs, then releases the page. As TLB flush is done synchronously via IPI disabling interrupts blocks the page release, and get_page(), which assumes existing reference on page, is thus safe. However when TLB flush is done by a hypercall, e.g. in a Xen PV guest, there is no blocking thanks to disabled interrupts, and get_page() can succeed on a page that was already freed or even reused. We have recently seen this happen with our 4.4 and 4.12 based kernels, with userspace (java) that exits a thread, where mm_release() performs a futex_wake() on tsk->clear_child_tid, and another thread in parallel unmaps the page where tsk->clear_child_tid points to. The spurious get_page() succeeds, but futex code immediately releases the page again, while it's already on a freelist. Symptoms include a bad page state warning, general protection faults acessing a poisoned list prev/next pointer in the freelist, or free page pcplists of two cpus joined together in a single list. Oscar has also reproduced this scenario, with a patch inserting delays before the get_page() to make the race window larger. Fix this by removing the dependency on TLB flush interrupts the same way as the generic get_user_pages_fast() code by using page_cache_add_speculative() and revalidating the PTE contents after pinning the page. Mainline is safe since 4.13 where the x86 gup code was removed in favor of the common code. Accessing the page table itself safely also relies on disabled interrupts and TLB flush IPIs that don't happen with hypercalls, which was acknowledged in commit 9e52fc2b50de ("x86/mm: Enable RCU based page table freeing (CONFIG_HAVE_RCU_TABLE_FREE=y)"). That commit with follups should also be backported for full safety, although our reproducer didn't hit a problem without that backport. Reproduced-by: Oscar Salvador <osalvador(a)suse.de> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Juergen Gross <jgross(a)suse.com> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Vitaly Kuznetsov <vkuznets(a)redhat.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> --- Hi, I'm sending this stable-only patch for consideration because it's probably unrealistic to backport the 4.13 switch to generic GUP. I can look at 4.4 and 3.16 if accepted. The RCU page table freeing could be also considered. Note the patch also includes page refcount protection. I found out that 8fde12ca79af ("mm: prevent get_user_pages() from overflowing page refcount") backport to 4.9 missed the arch-specific gup implementations: https://lore.kernel.org/lkml/6650323f-dbc9-f069-000b-f6b0f941a065@suse.cz/ arch/x86/mm/gup.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c index 1680768d392c..d7db45bdfb3b 100644 --- a/arch/x86/mm/gup.c +++ b/arch/x86/mm/gup.c @@ -97,6 +97,20 @@ static inline int pte_allows_gup(unsigned long pteval, int write) return 1; } +/* + * Return the compund head page with ref appropriately incremented, + * or NULL if that failed. + */ +static inline struct page *try_get_compound_head(struct page *page, int refs) +{ + struct page *head = compound_head(page); + if (WARN_ON_ONCE(page_ref_count(head) < 0)) + return NULL; + if (unlikely(!page_cache_add_speculative(head, refs))) + return NULL; + return head; +} + /* * The performance critical leaf functions are made noinline otherwise gcc * inlines everything into a single function which results in too much @@ -112,7 +126,7 @@ static noinline int gup_pte_range(pmd_t pmd, unsigned long addr, ptep = pte_offset_map(&pmd, addr); do { pte_t pte = gup_get_pte(ptep); - struct page *page; + struct page *head, *page; /* Similar to the PMD case, NUMA hinting must take slow path */ if (pte_protnone(pte)) { @@ -138,7 +152,21 @@ static noinline int gup_pte_range(pmd_t pmd, unsigned long addr, } VM_BUG_ON(!pfn_valid(pte_pfn(pte))); page = pte_page(pte); - get_page(page); + + head = try_get_compound_head(page, 1); + if (!head) { + put_dev_pagemap(pgmap); + pte_unmap(ptep); + return 0; + } + + if (unlikely(pte_val(pte) != pte_val(*ptep))) { + put_page(head); + put_dev_pagemap(pgmap); + pte_unmap(ptep); + return 0; + } + put_dev_pagemap(pgmap); SetPageReferenced(page); pages[*nr] = page; -- 2.22.0

4 years, 5 months

3
4
0 0

[PATCH] arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default

by Catalin Marinas

Shared and writable mappings (__S.1.) should be clean (!dirty) initially and made dirty on a subsequent write either through the hardware DBM (dirty bit management) mechanism or through a write page fault. A clean pte for the arm64 kernel is one that has PTE_RDONLY set and PTE_DIRTY clear. The PAGE_SHARED{,_EXEC} attributes have PTE_WRITE set (PTE_DBM) and PTE_DIRTY clear. Prior to commit 73e86cb03cf2 ("arm64: Move PTE_RDONLY bit handling out of set_pte_at()"), it was the responsibility of set_pte_at() to set the PTE_RDONLY bit and mark the pte clean if the software PTE_DIRTY bit was not set. However, the above commit removed the pte_sw_dirty() check and the subsequent setting of PTE_RDONLY in set_pte_at() while leaving the PAGE_SHARED{,_EXEC} definitions unchanged. The result is that shared+writable mappings are now dirty by default Fix the above by explicitly setting PTE_RDONLY in PAGE_SHARED{,_EXEC}. In addition, remove the superfluous PTE_DIRTY bit from the kernel PROT_* attributes. Fixes: 73e86cb03cf2 ("arm64: Move PTE_RDONLY bit handling out of set_pte_at()") Cc: <stable(a)vger.kernel.org> # 4.14.x- Cc: Will Deacon <will(a)kernel.org> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> --- arch/arm64/include/asm/pgtable-prot.h | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h index 9a21b84536f2..8dc6c5cdabe6 100644 --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -32,11 +32,11 @@ #define PROT_DEFAULT (_PROT_DEFAULT | PTE_MAYBE_NG) #define PROT_SECT_DEFAULT (_PROT_SECT_DEFAULT | PMD_MAYBE_NG) -#define PROT_DEVICE_nGnRnE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRnE)) -#define PROT_DEVICE_nGnRE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRE)) -#define PROT_NORMAL_NC (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL_NC)) -#define PROT_NORMAL_WT (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL_WT)) -#define PROT_NORMAL (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL)) +#define PROT_DEVICE_nGnRnE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRnE)) +#define PROT_DEVICE_nGnRE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRE)) +#define PROT_NORMAL_NC (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL_NC)) +#define PROT_NORMAL_WT (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL_WT)) +#define PROT_NORMAL (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL)) #define PROT_SECT_DEVICE_nGnRE (PROT_SECT_DEFAULT | PMD_SECT_PXN | PMD_SECT_UXN | PMD_ATTRINDX(MT_DEVICE_nGnRE)) #define PROT_SECT_NORMAL (PROT_SECT_DEFAULT | PMD_SECT_PXN | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL)) @@ -80,8 +80,9 @@ #define PAGE_S2_DEVICE __pgprot(_PROT_DEFAULT | PAGE_S2_MEMATTR(DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_S2_XN) #define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN) -#define PAGE_SHARED __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN | PTE_WRITE) -#define PAGE_SHARED_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_WRITE) +/* shared+writable pages are clean by default, hence PTE_RDONLY|PTE_WRITE */ +#define PAGE_SHARED __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN | PTE_WRITE) +#define PAGE_SHARED_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_WRITE) #define PAGE_READONLY __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN) #define PAGE_READONLY_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN) #define PAGE_EXECONLY __pgprot(_PAGE_DEFAULT | PTE_RDONLY | PTE_NG | PTE_PXN)

4 years, 5 months

3
11
0 0

[PATCH 1/5] drm/i915/userptr: Beware recursive lock_page()

by Chris Wilson

Following a try_to_unmap() we may want to remove the userptr and so call put_pages(). However, try_to_unmap() acquires the page lock and so we must avoid recursively locking the pages ourselves -- which means that we cannot safely acquire the lock around set_page_dirty(). Since we can't be sure of the lock, we have to risk skip dirtying the page, or else risk calling set_page_dirty() without a lock and so risk fs corruption. Reported-by: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> Fixes: cb6d7c7dc7ff ("drm/i915/userptr: Acquire the page lock around set_page_dirty()") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Lionel Landwerlin <lionel.g.landwerlin(a)intel.com> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c index b9d2bb15e4a6..1ad2047a6dbd 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c @@ -672,7 +672,7 @@ i915_gem_userptr_put_pages(struct drm_i915_gem_object *obj, obj->mm.dirty = false; for_each_sgt_page(page, sgt_iter, pages) { - if (obj->mm.dirty) + if (obj->mm.dirty && trylock_page(page)) { /* * As this may not be anonymous memory (e.g. shmem) * but exist on a real mapping, we have to lock @@ -680,8 +680,20 @@ i915_gem_userptr_put_pages(struct drm_i915_gem_object *obj, * the page reference is not sufficient to * prevent the inode from being truncated. * Play safe and take the lock. + * + * However...! + * + * The mmu-notifier can be invalidated for a + * migrate_page, that is alreadying holding the lock + * on the page. Such a try_to_unmap() will result + * in us calling put_pages() and so recursively try + * to lock the page. We avoid that deadlock with + * a trylock_page() and in exchange we risk missing + * some page dirtying. */ - set_page_dirty_lock(page); + set_page_dirty(page); + unlock_page(page); + } mark_page_accessed(page); put_page(page); -- 2.22.0

4 years, 5 months

3
15
0 0

[PATCH] clone3: validate stack arguments

by Christian Brauner

Validate the stack arguments and setup the stack depening on whether or not it is growing down or up. Legacy clone() required userspace to know in which direction the stack is growing and pass down the stack pointer appropriately. To make things more confusing microblaze uses a variant of the clone() syscall selected by CONFIG_CLONE_BACKWARDS3 that takes an additional stack_size argument. IA64 has a separate clone2() syscall which also takes an additional stack_size argument. Finally, parisc has a stack that is growing upwards. Userspace therefore has a lot nasty code like the following: #define __STACK_SIZE (8 * 1024 * 1024) pid_t sys_clone(int (*fn)(void *), void *arg, int flags, int *pidfd) { pid_t ret; void *stack; stack = malloc(__STACK_SIZE); if (!stack) return -ENOMEM; #ifdef __ia64__ ret = __clone2(fn, stack, __STACK_SIZE, flags | SIGCHLD, arg, pidfd); #elif defined(__parisc__) /* stack grows up */ ret = clone(fn, stack, flags | SIGCHLD, arg, pidfd); #else ret = clone(fn, stack + __STACK_SIZE, flags | SIGCHLD, arg, pidfd); #endif return ret; } or even crazier variants such as [3]. With clone3() we have the ability to validate the stack. We can check that when stack_size is passed, the stack pointer is valid and the other way around. We can also check that the memory area userspace gave us is fine to use via access_ok(). Furthermore, we probably should not require userspace to know in which direction the stack is growing. It is easy for us to do this in the kernel and I couldn't find the original reasoning behind exposing this detail to userspace. /* Intentional user visible API change */ clone3() was released with 5.3. Currently, it is not documented and very unclear to userspace how the stack and stack_size argument have to be passed. After talking to glibc folks we concluded that trying to change clone3() to setup the stack instead of requiring userspace to do this is the right course of action. Note, that this is an explicit change in user visible behavior we introduce with this patch. If it breaks someone's use-case we will revert! (And then e.g. place the new behavior under an appropriate flag.) Breaking someone's use-case is very unlikely though. First, neither glibc nor musl currently expose a wrapper for clone3(). Second, there is no real motivation for anyone to use clone3() directly since it does not provide features that legacy clone doesn't. New features for clone3() will first happen in v5.5 which is why v5.4 is still a good time to try and make that change now and backport it to v5.3. Searches on [4] did not reveal any packages calling clone3(). [1]: https://lore.kernel.org/r/CAG48ez3q=BeNcuVTKBN79kJui4vC6nw0Bfq6xc-i0neheT17… [2]: https://lore.kernel.org/r/20191028172143.4vnnjpdljfnexaq5@wittgenstein [3]: https://github.com/systemd/systemd/blob/5238e9575906297608ff802a27e2ff9effa… [4]: https://codesearch.debian.net Fixes: 7f192e3cd316 ("fork: add clone3") Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Kees Cook <keescook(a)chromium.org> Cc: Jann Horn <jannh(a)google.com> Cc: David Howells <dhowells(a)redhat.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Florian Weimer <fweimer(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: linux-api(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: <stable(a)vger.kernel.org> # 5.3 Cc: GNU C Library <libc-alpha(a)sourceware.org> Signed-off-by: Christian Brauner <christian.brauner(a)ubuntu.com> --- include/uapi/linux/sched.h | 4 ++++ kernel/fork.c | 33 ++++++++++++++++++++++++++++++++- 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/sched.h b/include/uapi/linux/sched.h index 99335e1f4a27..25b4fa00bad1 100644 --- a/include/uapi/linux/sched.h +++ b/include/uapi/linux/sched.h @@ -51,6 +51,10 @@ * sent when the child exits. * @stack: Specify the location of the stack for the * child process. + * Note, @stack is expected to point to the + * lowest address. The stack direction will be + * determined by the kernel and set up + * appropriately based on @stack_size. * @stack_size: The size of the stack for the child process. * @tls: If CLONE_SETTLS is set, the tls descriptor * is set to tls. diff --git a/kernel/fork.c b/kernel/fork.c index bcdf53125210..55af6931c6ec 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2561,7 +2561,35 @@ noinline static int copy_clone_args_from_user(struct kernel_clone_args *kargs, return 0; } -static bool clone3_args_valid(const struct kernel_clone_args *kargs) +/** + * clone3_stack_valid - check and prepare stack + * @kargs: kernel clone args + * + * Verify that the stack arguments userspace gave us are sane. + * In addition, set the stack direction for userspace since it's easy for us to + * determine. + */ +static inline bool clone3_stack_valid(struct kernel_clone_args *kargs) +{ + if (kargs->stack == 0) { + if (kargs->stack_size > 0) + return false; + } else { + if (kargs->stack_size == 0) + return false; + + if (!access_ok((void __user *)kargs->stack, kargs->stack_size)) + return false; + +#if !defined(CONFIG_STACK_GROWSUP) && !defined(CONFIG_IA64) + kargs->stack += kargs->stack_size; +#endif + } + + return true; +} + +static bool clone3_args_valid(struct kernel_clone_args *kargs) { /* * All lower bits of the flag word are taken. @@ -2581,6 +2609,9 @@ static bool clone3_args_valid(const struct kernel_clone_args *kargs) kargs->exit_signal) return false; + if (!clone3_stack_valid(kargs)) + return false; + return true; } -- 2.23.0

4 years, 5 months

7
11
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2019