February 2019 - Linux-stable-mirror

[PATCH 35/46] drm/i915: Fix I915_EXEC_RING_MASK

by Chris Wilson

This was supposed to be a mask of all known rings, but it is being used by execbuffer to filter out invalid rings, and so is instead mapping high unused values onto valid rings. Instead of a mask of all known rings, we need it to be the mask of all possible rings. Fixes: 549f7365820a ("drm/i915: Enable SandyBridge blitter ring") Fixes: de1add360522 ("drm/i915: Decouple execbuf uAPI from internal implementation") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Cc: <stable(a)vger.kernel.org> # v4.6+ --- include/uapi/drm/i915_drm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/uapi/drm/i915_drm.h b/include/uapi/drm/i915_drm.h index 0c1f97fa2101..79f7299783a8 100644 --- a/include/uapi/drm/i915_drm.h +++ b/include/uapi/drm/i915_drm.h @@ -999,7 +999,7 @@ struct drm_i915_gem_execbuffer2 { * struct drm_i915_gem_exec_fence *fences. */ __u64 cliprects_ptr; -#define I915_EXEC_RING_MASK (7<<0) +#define I915_EXEC_RING_MASK (0x3f) #define I915_EXEC_DEFAULT (0<<0) #define I915_EXEC_RENDER (1<<0) #define I915_EXEC_BSD (2<<0) -- 2.20.1

5 years, 10 months

1
0
0 0

Stable queue: queue-4.20

by CKI

Hello, We ran automated tests on a patchset that was proposed for merging into this kernel tree. The patches were applied to: Kernel repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: 65f42a73e553 Linux 4.20.6 The results of these automated tests are provided below. Overall result: FAILED (see details below) Patch merge: OK Compile: FAILED We attempted to compile the kernel for multiple architectures, but the compile failed on one or more architectures: s390x: FAILED (build log attached: build_s390.log.gz) powerpc64le: FAILED (build log attached: build_powerpc.log.gz) aarch64: FAILED (build log attached: build_arm64.log.gz) x86_64: FAILED (build log attached: build_x86_64.log.gz) We hope that these logs can help you find the problem quickly. For the full detail on our testing procedures, please scroll to the bottom of this message. Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Merge testing ------------- We cloned this repository and checked out a ref: Repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Ref: 65f42a73e553 Linux 4.20.6 We then merged the following patches with `git am`: drm-msm-gpu-fix-building-without-debugfs.patch ipv6-sr-clear-ip6cb-skb-on-srh-ip4ip6-encapsulation.patch ipvlan-l3mdev-fix-broken-l3s-mode-wrt-local-routes.patch l2tp-copy-4-more-bytes-to-linear-part-if-necessary.patch l2tp-fix-reading-optional-fields-of-l2tpv3.patch net-ip_gre-always-reports-o_key-to-userspace.patch net-ip_gre-use-erspan-key-field-for-tunnel-lookup.patch net-ipv6-don-t-return-positive-numbers-when-nothing-was-dumped.patch net-mlx4_core-add-masking-for-a-few-queries-on-hca-caps.patch netrom-switch-to-sock-timer-api.patch net-rose-fix-null-ax25_cb-kernel-panic.patch net-set-default-network-namespace-in-init_dummy_netdev.patch ravb-expand-rx-descriptor-data-to-accommodate-hw-checksum.patch sctp-improve-the-events-for-sctp-stream-reset.patch tun-move-the-call-to-tun_set_real_num_queues.patch ucc_geth-reset-bql-queue-when-stopping-device.patch vhost-fix-oob-in-get_rx_bufs.patch net-ip6_gre-always-reports-o_key-to-userspace.patch sctp-improve-the-events-for-sctp-stream-adding.patch net-mlx5e-allow-mac-invalidation-while-spoofchk-is-on.patch ip6mr-fix-notifiers-call-on-mroute_clean_tables.patch revert-net-mlx5e-e-switch-initialize-eswitch-only-if-eswitch-manager.patch sctp-set-chunk-transport-correctly-when-it-s-a-new-asoc.patch sctp-set-flow-sport-from-saddr-only-when-it-s-0.patch net-tls-fix-deadlock-in-free_resources-tx.patch net-tls-save-iv-in-tls_rec-for-async-crypto-requests.patch virtio_net-don-t-enable-napi-when-interface-is-down.patch virtio_net-don-t-call-free_old_xmit_skbs-for-xdp_frames.patch virtio_net-fix-not-restoring-real_num_rx_queues.patch virtio_net-fix-out-of-bounds-access-of-sq.patch virtio_net-don-t-process-redirected-xdp-frames-when-xdp-is-disabled.patch virtio_net-use-xdp_return_frame-to-free-xdp_frames-on-destroying-vqs.patch virtio_net-differentiate-sk_buff-and-xdp_frame-on-freeing.patch ipv6-consider-sk_bound_dev_if-when-binding-a-socket-to-an-address.patch cifs-do-not-count-enodata-as-failure-for-query-directory.patch cifs-fix-possible-oops-and-memory-leaks-in-async-io.patch cifs-fix-trace-command-logging-for-smb2-reads-and-writes.patch cifs-fix-use-after-free-of-the-lease-keys.patch cifs-do-not-consider-enodata-as-stat-failure-for-reads.patch fs-dcache-fix-incorrect-nr_dentry_unused-accounting-in-shrink_dcache_sb.patch iommu-vt-d-fix-memory-leak-in-intel_iommu_put_resv_regions.patch selftests-seccomp-enhance-per-arch-ptrace-syscall-skip-tests.patch nfs-fix-up-return-value-on-fatal-errors-in-nfs_page_async_flush.patch arm-cns3xxx-fix-writing-to-wrong-pci-config-registers-after-alignment.patch arm64-kaslr-ensure-randomized-quantities-are-clean-also-when-kaslr-is-off.patch arm64-do-not-issue-ipis-for-user-executable-ptes.patch arm64-hyp-stub-forbid-kprobing-of-the-hyp-stub.patch arm64-hibernate-clean-the-__hyp_text-to-poc-after-resume.patch gpio-altera-a10sr-set-proper-output-level-for-direction_output.patch gpiolib-fix-line-event-timestamps-for-nested-irqs.patch gpio-pcf857x-fix-interrupts-on-multiple-instances.patch gpio-sprd-fix-the-incorrect-data-register.patch gpio-sprd-fix-incorrect-irq-type-setting-for-the-async-eic.patch gfs2-revert-fix-loop-in-gfs2_rbm_find.patch mmc-bcm2835-fix-dma-channel-leak-on-probe-error.patch mmc-mediatek-fix-incorrect-register-setting-of-hs400_cmd_int_delay.patch alsa-usb-audio-add-opus-3-to-quirks-for-native-dsd-support.patch alsa-hda-realtek-fixed-hp_pin-no-value.patch alsa-pcm-fix-tight-loop-of-oss-capture-stream.patch ib-uverbs-fix-oops-upon-device-disassociation.patch ib-uverbs-fix-oops-in-uverbs_user_mmap_disassociate.patch ib-hfi1-remove-overly-conservative-vm_exec-flag-check.patch ib-hfi1-add-limit-test-for-rc-uc-send-via-loopback.patch platform-x86-asus-nb-wmi-map-0x35-to-key_screenlock.patch platform-x86-asus-nb-wmi-drop-mapping-of-0x33-and-0x.patch btrfs-clean-up-pending-block-groups-when-transaction-commit-aborts.patch btrfs-fix-deadlock-when-allocating-tree-block-during-leaf-node-split.patch btrfs-on-error-always-free-subvol_name-in-btrfs_mount.patch kernel-exit.c-release-ptraced-tasks-before-zap_pid_ns_processes.patch mm-hugetlb.c-teach-follow_hugetlb_page-to-handle-foll_nowait.patch oom-oom_reaper-do-not-enqueue-same-task-twice.patch mm-memory_hotplug-fix-scan_movable_pages-for-gigantic-hugepages.patch mm-oom-fix-use-after-free-in-oom_kill_process.patch mm-hwpoison-use-do_send_sig_info-instead-of-force_sig.patch mm-migrate-don-t-rely-on-__pagemovable-of-newpage-after-unlocking-it.patch Compile testing --------------- We compiled the kernel for 4 architectures: s390x: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: powerpc64le: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: aarch64: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: x86_64: make options: make INSTALL_MOD_STRIP=1 -j64 targz-pkg -j64 configuration: Hardware testing ---------------- We booted each kernel and ran the following tests: s390: powerpc: arm64: x86_64:

5 years, 10 months

3
2
0 0

[PATCH v2] mtd: rawnand: gpmi: fix MX28 bus master lockup problem

by Martin Kepplinger

Disable BCH soft reset according to MX23 erratum #2847 ("BCH soft reset may cause bus master lock up") for MX28 too. It has the same problem. Observed problem: once per 100,000+ MX28 reboots NAND read failed on DMA timeout errors: [ 1.770823] UBI: attaching mtd3 to ubi0 [ 2.768088] gpmi_nand: DMA timeout, last DMA :1 [ 3.958087] gpmi_nand: BCH timeout, last DMA :1 [ 4.156033] gpmi_nand: Error in ECC-based read: -110 [ 4.161136] UBI warning: ubi_io_read: error -110 while reading 64 bytes from PEB 0:0, read only 0 bytes, retry [ 4.171283] step 1 error [ 4.173846] gpmi_nand: Chip: 0, Error -1 Without BCH soft reset we successfully executed 1,000,000 MX28 reboots. I have a quote from NXP regarding this problem, from July 18th 2016: "As the i.MX23 and i.MX28 are of the same generation, they share many characteristics. Unfortunately, also the erratas may be shared. In case of the documented erratas and the workarounds, you can also apply the workaround solution of one device on the other one. This have been reported, but I’m afraid that there are not an estimated date for updating the Errata documents. Please accept our apologies for any inconveniences this may cause." Fixes: 6f2a6a52560a ("mtd: nand: gpmi: reset BCH earlier, too, to avoid NAND startup problems") Cc: stable(a)vger.kernel.org Signed-off-by: Manfred Schlaegl <manfred.schlaegl(a)ginzinger.com> Signed-off-by: Martin Kepplinger <martin.kepplinger(a)ginzinger.com> Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Reviewed-by: Fabio Estevam <festevam(a)gmail.com> --- revision history ---------------- v2: add Fixes tag, Cc stable and add recent Reviewed-by tags drivers/mtd/nand/raw/gpmi-nand/gpmi-lib.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/drivers/mtd/nand/raw/gpmi-nand/gpmi-lib.c b/drivers/mtd/nand/raw/gpmi-nand/gpmi-lib.c index bd4cfac6b5aa..a4768df5083f 100644 --- a/drivers/mtd/nand/raw/gpmi-nand/gpmi-lib.c +++ b/drivers/mtd/nand/raw/gpmi-nand/gpmi-lib.c @@ -155,9 +155,10 @@ int gpmi_init(struct gpmi_nand_data *this) /* * Reset BCH here, too. We got failures otherwise :( - * See later BCH reset for explanation of MX23 handling + * See later BCH reset for explanation of MX23 and MX28 handling */ - ret = gpmi_reset_block(r->bch_regs, GPMI_IS_MX23(this)); + ret = gpmi_reset_block(r->bch_regs, + GPMI_IS_MX23(this) || GPMI_IS_MX28(this)); if (ret) goto err_out; @@ -263,12 +264,10 @@ int bch_set_geometry(struct gpmi_nand_data *this) /* * Due to erratum #2847 of the MX23, the BCH cannot be soft reset on this * chip, otherwise it will lock up. So we skip resetting BCH on the MX23. - * On the other hand, the MX28 needs the reset, because one case has been - * seen where the BCH produced ECC errors constantly after 10000 - * consecutive reboots. The latter case has not been seen on the MX23 - * yet, still we don't know if it could happen there as well. + * and MX28. */ - ret = gpmi_reset_block(r->bch_regs, GPMI_IS_MX23(this)); + ret = gpmi_reset_block(r->bch_regs, + GPMI_IS_MX23(this) || GPMI_IS_MX28(this)); if (ret) goto err_out; -- 2.20.1

5 years, 10 months

4
3
0 0

[PATCH] mtd: Make sure mtd->erasesize is valid even if the partition is of size 0

by Boris Brezillon

Commit 33f45c44d68b ("mtd: Do not allow MTD devices with inconsistent erase properties") introduced a check to make sure ->erasesize and ->_erase values are consistent with the MTD_NO_ERASE flag. This patch did not take the 0 bytes partition case into account which can happen when the defined partition is outside the flash device memory range. Fix that by setting the partition erasesize to the parent erasesize. Fixes: 33f45c44d68b ("mtd: Do not allow MTD devices with inconsistent erase properties") Reported-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Cc: <stable(a)vger.kernel.org> Cc: Geert Uytterhoeven <geert(a)linux-m68k.org> Signed-off-by: Boris Brezillon <bbrezillon(a)kernel.org> --- drivers/mtd/mtdpart.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/mtd/mtdpart.c b/drivers/mtd/mtdpart.c index e6d9467f6be0..37f174ccbcec 100644 --- a/drivers/mtd/mtdpart.c +++ b/drivers/mtd/mtdpart.c @@ -480,6 +480,10 @@ static struct mtd_part *allocate_partition(struct mtd_info *parent, /* let's register it anyway to preserve ordering */ slave->offset = 0; slave->mtd.size = 0; + + /* Initialize ->erasesize to make add_mtd_device() happy. */ + slave->mtd.erasesize = parent->erasesize; + printk(KERN_ERR"mtd: partition \"%s\" is out of reach -- disabled\n", part->name); goto out_register; -- 2.17.1

5 years, 10 months

3
2
0 0

[PATCH] pinctrl: qcom: qcs404: Correct SDC tile

by Bjorn Andersson

The SDC controls live in the south tile, not the north one. Correct this so that we program the right registers. Cc: stable(a)vger.kernel.org Fixes: 22eb8301dbc1 ("pinctrl: qcom: Add qcs404 pinctrl driver") Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> --- drivers/pinctrl/qcom/pinctrl-qcs404.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pinctrl/qcom/pinctrl-qcs404.c b/drivers/pinctrl/qcom/pinctrl-qcs404.c index 7aae52a09ff0..4ffd56ff809e 100644 --- a/drivers/pinctrl/qcom/pinctrl-qcs404.c +++ b/drivers/pinctrl/qcom/pinctrl-qcs404.c @@ -79,7 +79,7 @@ enum { .intr_cfg_reg = 0, \ .intr_status_reg = 0, \ .intr_target_reg = 0, \ - .tile = NORTH, \ + .tile = SOUTH, \ .mux_bit = -1, \ .pull_bit = pull, \ .drv_bit = drv, \ -- 2.18.0

5 years, 10 months

3
2
0 0

[PATCH -fixes] drm/i915: Try to sanitize bogus DPLL state left over by broken SNB BIOSen

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Certain SNB machines (eg. ASUS K53SV) seem to have a broken BIOS which misprograms the hardware badly when encountering a suitably high resolution display. The programmed pipe timings are somewhat bonkers and the DPLL is totally misprogrammed (P divider == 0). That will result in atomic commit timeouts as apparently the pipe is sufficiently stuck to not signal vblank interrupts. IIRC something like this was also observed on some other SNB machine years ago (might have been a Dell XPS 8300) but a BIOS update cured it. Sadly looks like this was never fixed for the ASUS K53SV as the latest BIOS (K53SV.320 11/11/2011) is still broken. The quickest way to deal with this seems to be to shut down the pipe+ports+DPLL. Unfortunately doing this during the normal sanitization phase isn't quite soon enough as we already spew several WARNs about the bogus hardware state. But it's better than hanging the boot for a few dozen seconds. Since this is limited to a few old machines it doesn't seem entirely worthwile to try and rework the readout+sanitization code to handle it more gracefully. v2: Fix potential NULL deref (kbuild test robot) Constify has_bogus_dpll_config() Cc: stable(a)vger.kernel.org # v4.20+ Cc: Daniel Kamil Kozar <dkk089(a)gmail.com> Reported-by: Daniel Kamil Kozar <dkk089(a)gmail.com> Tested-by: Daniel Kamil Kozar <dkk089(a)gmail.com> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=109245 Fixes: 516a49cc1946 ("drm/i915: Fix assert_plane() warning on bootup with external display") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20190111174950.10681-1-ville.… Reviewed-by: Mika Kahola <mika.kahola(a)intel.com> (cherry picked from commit 7bed8adcd9f86231bb69bbc02f88ad89330f99e3) --- drivers/gpu/drm/i915/intel_display.c | 50 ++++++++++++++++++++++++---- 1 file changed, 44 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c index 3da9c0f9e948..248128126422 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -15415,16 +15415,45 @@ static void intel_sanitize_crtc(struct intel_crtc *crtc, } } +static bool has_bogus_dpll_config(const struct intel_crtc_state *crtc_state) +{ + struct drm_i915_private *dev_priv = to_i915(crtc_state->base.crtc->dev); + + /* + * Some SNB BIOSen (eg. ASUS K53SV) are known to misprogram + * the hardware when a high res displays plugged in. DPLL P + * divider is zero, and the pipe timings are bonkers. We'll + * try to disable everything in that case. + * + * FIXME would be nice to be able to sanitize this state + * without several WARNs, but for now let's take the easy + * road. + */ + return IS_GEN6(dev_priv) && + crtc_state->base.active && + crtc_state->shared_dpll && + crtc_state->port_clock == 0; +} + static void intel_sanitize_encoder(struct intel_encoder *encoder) { struct drm_i915_private *dev_priv = to_i915(encoder->base.dev); struct intel_connector *connector; + struct intel_crtc *crtc = to_intel_crtc(encoder->base.crtc); + struct intel_crtc_state *crtc_state = crtc ? + to_intel_crtc_state(crtc->base.state) : NULL; /* We need to check both for a crtc link (meaning that the * encoder is active and trying to read from a pipe) and the * pipe itself being active. */ - bool has_active_crtc = encoder->base.crtc && - to_intel_crtc(encoder->base.crtc)->active; + bool has_active_crtc = crtc_state && + crtc_state->base.active; + + if (crtc_state && has_bogus_dpll_config(crtc_state)) { + DRM_DEBUG_KMS("BIOS has misprogrammed the hardware. Disabling pipe %c\n", + pipe_name(crtc->pipe)); + has_active_crtc = false; + } connector = intel_encoder_find_connector(encoder); if (connector && !has_active_crtc) { @@ -15435,16 +15464,25 @@ static void intel_sanitize_encoder(struct intel_encoder *encoder) /* Connector is active, but has no active pipe. This is * fallout from our resume register restoring. Disable * the encoder manually again. */ - if (encoder->base.crtc) { - struct drm_crtc_state *crtc_state = encoder->base.crtc->state; + if (crtc_state) { + struct drm_encoder *best_encoder; DRM_DEBUG_KMS("[ENCODER:%d:%s] manually disabled\n", encoder->base.base.id, encoder->base.name); + + /* avoid oopsing in case the hooks consult best_encoder */ + best_encoder = connector->base.state->best_encoder; + connector->base.state->best_encoder = &encoder->base; + if (encoder->disable) - encoder->disable(encoder, to_intel_crtc_state(crtc_state), connector->base.state); + encoder->disable(encoder, crtc_state, + connector->base.state); if (encoder->post_disable) - encoder->post_disable(encoder, to_intel_crtc_state(crtc_state), connector->base.state); + encoder->post_disable(encoder, crtc_state, + connector->base.state); + + connector->base.state->best_encoder = best_encoder; } encoder->base.crtc = NULL; -- 2.19.2

5 years, 10 months

2
1
0 0

[PATCH 1/1] Fix: arm: kprobes: optimized kprobes illegal instruction

by Mathieu Desnoyers

commit e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE") introduced a regression in optimized kprobes. It triggers "invalid instruction" oopses when using kprobes instrumentation through lttng and perf. This commit was introduced in kernel v4.20, and has been backported to stable kernels 4.19 and 4.14. This crash was also reported by Hongzhi Song on the redhat bugzilla where the patch was originally introduced. Link: https://bugzilla.redhat.com/show_bug.cgi?id=1639397 Link: https://bugs.lttng.org/issues/1174 Link: https://lore.kernel.org/lkml/342740659.2887.1549307721609.JavaMail.zimbra@e… Fixes: e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE") Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Reported-by: Robert Berger <Robert.Berger(a)ReliableEmbeddedSystems.com> Tested-by: Robert Berger <Robert.Berger(a)ReliableEmbeddedSystems.com> Acked-by: Kees Cook <keescook(a)chromium.org> CC: Robert Berger <Robert.Berger(a)ReliableEmbeddedSystems.com> CC: Masami Hiramatsu <mhiramat(a)kernel.org> CC: William Cohen <wcohen(a)redhat.com> CC: Laura Abbott <labbott(a)redhat.com> CC: Kees Cook <keescook(a)chromium.org> CC: Russell King <rmk+kernel(a)armlinux.org.uk> CC: <stable(a)vger.kernel.org> # v4.14+ CC: linux-arm-kernel(a)lists.infradead.org CC: patches(a)armlinux.org.uk --- KernelVersion: 5.0.0-rc5 arch/arm/probes/kprobes/opt-arm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/probes/kprobes/opt-arm.c b/arch/arm/probes/kprobes/opt-arm.c index 2c118a6ab358..0dc23fc227ed 100644 --- a/arch/arm/probes/kprobes/opt-arm.c +++ b/arch/arm/probes/kprobes/opt-arm.c @@ -247,7 +247,7 @@ int arch_prepare_optimized_kprobe(struct optimized_kprobe *op, struct kprobe *or } /* Copy arch-dep-instance from template. */ - memcpy(code, (unsigned char *)optprobe_template_entry, + memcpy(code, (unsigned long *)&optprobe_template_entry, TMPL_END_IDX * sizeof(kprobe_opcode_t)); /* Adjust buffer according to instruction. */ -- 2.11.0

5 years, 10 months

2
1
0 0

[PATCH] libnvdimm: Fix altmap reservation size calculation

by Oliver O'Halloran

Libnvdimm reserves the first 8K of pfn and devicedax namespaces to store a superblock describing the namespace. This 8K reservation is contained within the altmap area which the kernel uses for the vmemmap backing for the pages within the namespace. The altmap allows for some pages at the start of the altmap area to be reserved and that mechanism is used to protect the superblock from being re-used as vmemmap backing. The number of PFNs to reserve is calculated using: PHYS_PFN(SZ_8K) Which is implemented as: #define PHYS_PFN(x) ((unsigned long)((x) >> PAGE_SHIFT)) So on systems where PAGE_SIZE is greater than 8K the reservation size is truncated to zero and the superblock area is re-used as vmemmap backing. As a result all the namespace information stored in the superblock (i.e. if it's a PFN or DAX namespace) is lost and the namespace needs to be re-created to get access to the contents. This patch fixes this by using PFN_UP() rather than PHYS_PFN() to ensure that at least one page is reserved. On systems with a 4K pages size this patch should have no effect. Cc: stable(a)vger.kernel.org Cc: Dan Williams <dan.j.williams(a)intel.com> Fixes: ac515c084be9 ("libnvdimm, pmem, pfn: move pfn setup to the core") Signed-off-by: Oliver O'Halloran <oohall(a)gmail.com> --- --- drivers/nvdimm/pfn_devs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/nvdimm/pfn_devs.c b/drivers/nvdimm/pfn_devs.c index 6f22272e8d80..9b9be83da0e7 100644 --- a/drivers/nvdimm/pfn_devs.c +++ b/drivers/nvdimm/pfn_devs.c @@ -593,7 +593,7 @@ static unsigned long init_altmap_base(resource_size_t base) static unsigned long init_altmap_reserve(resource_size_t base) { - unsigned long reserve = PHYS_PFN(SZ_8K); + unsigned long reserve = PFN_UP(SZ_8K); unsigned long base_pfn = PHYS_PFN(base); reserve += base_pfn - PFN_SECTION_ALIGN_DOWN(base_pfn); -- 2.20.1

5 years, 10 months

3
3
0 0

[PATCH v2] tpm/st33zp24: Fix the name collisions in tpm_st33zp24_spi and tpm_i2c_infineon

by Jarkko Sakkinen

Rename TPM_BUFSIZE defined in drivers/char/tpm/st33zp24/st33zp24.h to ST33ZP24_BUFSIZE. Rename TPM_BUFSIZE defined in drivers/char/tpm/tpm_i2c_infineon.c to TPM_I2C_INFINEON_BUFSIZE. Cc: stable(a)vger.kernel.org Fixes: bf38b8710892 ("tpm/tpm_i2c_stm_st33: Split tpm_i2c_tpm_st33 in 2 layers (core + phy)") Fixes: aad628c1d91a ("char/tpm: Add new driver for Infineon I2C TIS TPM") Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> --- v2: Fix also the name collision in tpm_ic2_infineon. drivers/char/tpm/st33zp24/i2c.c | 2 +- drivers/char/tpm/st33zp24/spi.c | 2 +- drivers/char/tpm/st33zp24/st33zp24.h | 4 ++-- drivers/char/tpm/tpm_i2c_infineon.c | 15 ++++++++------- 4 files changed, 12 insertions(+), 11 deletions(-) diff --git a/drivers/char/tpm/st33zp24/i2c.c b/drivers/char/tpm/st33zp24/i2c.c index be5d1abd3e8e..8390c5b54c3b 100644 --- a/drivers/char/tpm/st33zp24/i2c.c +++ b/drivers/char/tpm/st33zp24/i2c.c @@ -33,7 +33,7 @@ struct st33zp24_i2c_phy { struct i2c_client *client; - u8 buf[TPM_BUFSIZE + 1]; + u8 buf[ST33ZP24_BUFSIZE + 1]; int io_lpcpd; }; diff --git a/drivers/char/tpm/st33zp24/spi.c b/drivers/char/tpm/st33zp24/spi.c index d7909ab287a8..ff019a1e3c68 100644 --- a/drivers/char/tpm/st33zp24/spi.c +++ b/drivers/char/tpm/st33zp24/spi.c @@ -63,7 +63,7 @@ * some latency byte before the answer is available (max 15). * We have 2048 + 1024 + 15. */ -#define ST33ZP24_SPI_BUFFER_SIZE (TPM_BUFSIZE + (TPM_BUFSIZE / 2) +\ +#define ST33ZP24_SPI_BUFFER_SIZE (ST33ZP24_BUFSIZE + (ST33ZP24_BUFSIZE / 2) +\ MAX_SPI_LATENCY) diff --git a/drivers/char/tpm/st33zp24/st33zp24.h b/drivers/char/tpm/st33zp24/st33zp24.h index 6f4a4198af6a..20da0a84988d 100644 --- a/drivers/char/tpm/st33zp24/st33zp24.h +++ b/drivers/char/tpm/st33zp24/st33zp24.h @@ -18,8 +18,8 @@ #ifndef __LOCAL_ST33ZP24_H__ #define __LOCAL_ST33ZP24_H__ -#define TPM_WRITE_DIRECTION 0x80 -#define TPM_BUFSIZE 2048 +#define TPM_WRITE_DIRECTION 0x80 +#define ST33ZP24_BUFSIZE 2048 struct st33zp24_dev { struct tpm_chip *chip; diff --git a/drivers/char/tpm/tpm_i2c_infineon.c b/drivers/char/tpm/tpm_i2c_infineon.c index 9086edc9066b..b9d5a1dda8d2 100644 --- a/drivers/char/tpm/tpm_i2c_infineon.c +++ b/drivers/char/tpm/tpm_i2c_infineon.c @@ -26,8 +26,7 @@ #include <linux/wait.h> #include "tpm.h" -/* max. buffer size supported by our TPM */ -#define TPM_BUFSIZE 1260 +#define TPM_I2C_INFINEON_MAX_BUFSIZE 1260 /* max. number of iterations after I2C NAK */ #define MAX_COUNT 3 @@ -63,11 +62,13 @@ enum i2c_chip_type { UNKNOWN, }; -/* Structure to store I2C TPM specific stuff */ struct tpm_inf_dev { struct i2c_client *client; int locality; - u8 buf[TPM_BUFSIZE + sizeof(u8)]; /* max. buffer size + addr */ + /* In addition to the data itself, the buffer must fit the 7-bit I2C + * address and the direction bit. + */ + u8 buf[TPM_I2C_INFINEON_MAX_BUFSIZE + 1]; struct tpm_chip *chip; enum i2c_chip_type chip_type; unsigned int adapterlimit; @@ -219,7 +220,7 @@ static int iic_tpm_write_generic(u8 addr, u8 *buffer, size_t len, .buf = tpm_dev.buf }; - if (len > TPM_BUFSIZE) + if (len > TPM_I2C_INFINEON_MAX_BUFSIZE) return -EINVAL; if (!tpm_dev.client->adapter->algo->master_xfer) @@ -527,8 +528,8 @@ static int tpm_tis_i2c_send(struct tpm_chip *chip, u8 *buf, size_t len) u8 retries = 0; u8 sts = TPM_STS_GO; - if (len > TPM_BUFSIZE) - return -E2BIG; /* command is too long for our tpm, sorry */ + if (len > TPM_I2C_INFINEON_BUFSIZE) + return -E2BIG; if (request_locality(chip, 0) < 0) return -EBUSY; -- 2.19.1

5 years, 10 months

4
9
0 0

[PATCH 1/1] Fix: arm: kprobes: optimized kprobes illegal instruction

by Mathieu Desnoyers

commit e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE") introduced a regression in optimized kprobes. It triggers "invalid instruction" oopses when using kprobes instrumentation through lttng and perf. This commit was introduced in kernel v4.20, and has been backported to stable kernels 4.19 and 4.14. This crash was also reported by Hongzhi Song on the redhat bugzilla where the patch was originally introduced. Link: https://bugzilla.redhat.com/show_bug.cgi?id=1639397 Link: https://bugs.lttng.org/issues/1174 Link: https://lore.kernel.org/lkml/342740659.2887.1549307721609.JavaMail.zimbra@e… Fixes: e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE") Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Reported-by: Robert Berger <Robert.Berger(a)ReliableEmbeddedSystems.com> Tested-by: Robert Berger <Robert.Berger(a)ReliableEmbeddedSystems.com> Acked-by: Kees Cook <keescook(a)chromium.org> CC: Robert Berger <Robert.Berger(a)ReliableEmbeddedSystems.com> CC: Masami Hiramatsu <mhiramat(a)kernel.org> CC: William Cohen <wcohen(a)redhat.com> CC: Laura Abbott <labbott(a)redhat.com> CC: Kees Cook <keescook(a)chromium.org> CC: Russell King <rmk+kernel(a)armlinux.org.uk> CC: <stable(a)vger.kernel.org> # v4.14+ CC: linux-arm-kernel(a)lists.infradead.org CC: patches(a)armlinux.org.uk --- arch/arm/probes/kprobes/opt-arm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/probes/kprobes/opt-arm.c b/arch/arm/probes/kprobes/opt-arm.c index 2c118a6ab358..0dc23fc227ed 100644 --- a/arch/arm/probes/kprobes/opt-arm.c +++ b/arch/arm/probes/kprobes/opt-arm.c @@ -247,7 +247,7 @@ int arch_prepare_optimized_kprobe(struct optimized_kprobe *op, struct kprobe *or } /* Copy arch-dep-instance from template. */ - memcpy(code, (unsigned char *)optprobe_template_entry, + memcpy(code, (unsigned long *)&optprobe_template_entry, TMPL_END_IDX * sizeof(kprobe_opcode_t)); /* Adjust buffer according to instruction. */ -- 2.11.0

5 years, 10 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2019