February 2020 - Linux-stable-mirror

Random memory corruption may occur due to incorrent tlb flushes

by Santosh Sivaraj

Hi Greg/Sasha, The commit a46cc7a90fd (powerpc/mm/radix: Improve TLB/PWC flushes) picked up in 4.14 release has the potential to cause random memory corruption. This was fixed in 5.5 by the following patches. 12e4d53f3f powerpc/mmu_gather: enable RCU_TABLE_FREE even for !SMP case 0ed1325967 mm/mmu_gather: invalidate TLB correctly on batch allocation failure and flush 0758cd8304 asm-generic/tlb: avoid potential double flush It's a bit tricky to backport to 4.14 stable (though I have a backport to 4.19 stable, which I will post shortly). If you think it's important to fix this in 4.14, it would easier to revert the above mentioned commit (a46cc7a90fd). Please let me know your thoughts. Thanks, Santosh

4 years, 8 months

3
2
0 0

stable-rc 5.4: arm64 make dtbs failed

by Naresh Kamboju

# make -sk KBUILD_BUILD_USER=TuxBuild -C/linux ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- HOSTCC=gcc CC="sccache aarch64-linux-gnu-gcc" O=build dtbs ../arch/arm64/boot/dts/exynos/exynos5433.dtsi:254.3-29: Warning (reg_format): /gpu@14ac0000:reg: property has invalid length (8 bytes) (#address-cells == 2, #size-cells == 2) arch/arm64/boot/dts/exynos/exynos5433-tm2.dtb: Warning (pci_device_bus_num): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos5433-tm2.dtb: Warning (i2c_bus_reg): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos5433-tm2.dtb: Warning (spi_bus_reg): Failed prerequisite 'reg_format' ../arch/arm64/boot/dts/exynos/exynos5433.dtsi:254.3-29: Warning (reg_format): /gpu@14ac0000:reg: property has invalid length (8 bytes) (#address-cells == 2, #size-cells == 2) arch/arm64/boot/dts/exynos/exynos5433-tm2e.dtb: Warning (pci_device_bus_num): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos5433-tm2e.dtb: Warning (i2c_bus_reg): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos5433-tm2e.dtb: Warning (spi_bus_reg): Failed prerequisite 'reg_format' ../arch/arm64/boot/dts/exynos/exynos7.dtsi:83.3-29: Warning (reg_format): /gpu@14ac0000:reg: property has invalid length (8 bytes) (#address-cells == 2, #size-cells == 2) arch/arm64/boot/dts/exynos/exynos7-espresso.dtb: Warning (pci_device_bus_num): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos7-espresso.dtb: Warning (i2c_bus_reg): Failed prerequisite 'reg_format' arch/arm64/boot/dts/exynos/exynos7-espresso.dtb: Warning (spi_bus_reg): Failed prerequisite 'reg_format' ../arch/arm64/boot/dts/qcom/msm8998-mtp.dtsi:10.10-13.4: ERROR (path_references): /aliases: Reference to non-existent node or label "blsp1_uart3" ERROR: Input tree has errors, aborting (use -f to force output) make[3]: *** [scripts/Makefile.lib:299: arch/arm64/boot/dts/qcom/msm8998-mtp.dtb] Error 2 ref: https://gitlab.com/Linaro/lkft/kernel-runs/-/jobs/435619179 -- Linaro LKFT https://lkft.linaro.org

4 years, 8 months

3
2
0 0

[PATCH resend] mm, memcg: reset memcg's memory.{min, low} for reclaiming itself

by Yafang Shao

memory.{emin, elow} are set in mem_cgroup_protected(), and the values of them won't be changed until next recalculation in this function. After either or both of them are set, the next reclaimer to relcaim this memcg may be a different reclaimer, e.g. this memcg is also the root memcg of the new reclaimer, and then in mem_cgroup_protection() in get_scan_count() the old values of them will be used to calculate scan count, that is not proper. We should reset them to zero in this case. Here's an example of this issue. root_mem_cgroup / A memory.max=1024M memory.min=512M memory.current=800M Once kswapd is waked up, it will try to scan all MEMCGs, including this A, and it will assign memory.emin of A with 512M. After that, A may reach its hard limit(memory.max), and then it will do memcg reclaim. Because A is the root of this reclaimer, so it will not calculate its memory.emin. So the memory.emin is the old value 512M, and then this old value will be used in mem_cgroup_protection() in get_scan_count() to get the scan count. That is not proper. Fixes: 9783aa9917f8 ("mm, memcg: proportional memory.{low,min} reclaim") Signed-off-by: Yafang Shao <laoar.shao(a)gmail.com> Acked-by: Roman Gushchin <guro(a)fb.com> Cc: Chris Down <chris(a)chrisdown.name> Cc: stable(a)vger.kernel.org --- mm/memcontrol.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/mm/memcontrol.c b/mm/memcontrol.c index 6f6dc8712e39..df7fedbfc211 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -6250,8 +6250,17 @@ enum mem_cgroup_protection mem_cgroup_protected(struct mem_cgroup *root, if (!root) root = root_mem_cgroup; - if (memcg == root) + if (memcg == root) { + /* + * Reset memory.(emin, elow) for reclaiming the memcg + * itself. + */ + if (memcg != root_mem_cgroup) { + memcg->memory.emin = 0; + memcg->memory.elow = 0; + } return MEMCG_PROT_NONE; + } usage = page_counter_read(&memcg->memory); if (!usage) -- 2.14.1

4 years, 8 months

2
12
0 0

[PATCH 4.19 1/2] jbd2: move the clearing of b_modified flag to the journal_unmap_buffer()

by zhangyi (F)

[ Upstream commit 6a66a7ded12baa6ebbb2e3e82f8cb91382814839 ] There is no need to delay the clearing of b_modified flag to the transaction committing time when unmapping the journalled buffer, so just move it to the journal_unmap_buffer(). Link: https://lore.kernel.org/r/20200213063821.30455-2-yi.zhang@huawei.com Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: zhangyi (F) <yi.zhang(a)huawei.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)kernel.org --- fs/jbd2/commit.c | 43 +++++++++++++++---------------------------- fs/jbd2/transaction.c | 10 ++++++---- 2 files changed, 21 insertions(+), 32 deletions(-) diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c index 020bd7a0d8e0..3fe9b7c27ce8 100644 --- a/fs/jbd2/commit.c +++ b/fs/jbd2/commit.c @@ -971,34 +971,21 @@ void jbd2_journal_commit_transaction(journal_t *journal) * it. */ /* - * A buffer which has been freed while still being journaled by - * a previous transaction. - */ - if (buffer_freed(bh)) { - /* - * If the running transaction is the one containing - * "add to orphan" operation (b_next_transaction != - * NULL), we have to wait for that transaction to - * commit before we can really get rid of the buffer. - * So just clear b_modified to not confuse transaction - * credit accounting and refile the buffer to - * BJ_Forget of the running transaction. If the just - * committed transaction contains "add to orphan" - * operation, we can completely invalidate the buffer - * now. We are rather through in that since the - * buffer may be still accessible when blocksize < - * pagesize and it is attached to the last partial - * page. - */ - jh->b_modified = 0; - if (!jh->b_next_transaction) { - clear_buffer_freed(bh); - clear_buffer_jbddirty(bh); - clear_buffer_mapped(bh); - clear_buffer_new(bh); - clear_buffer_req(bh); - bh->b_bdev = NULL; - } + * A buffer which has been freed while still being journaled + * by a previous transaction, refile the buffer to BJ_Forget of + * the running transaction. If the just committed transaction + * contains "add to orphan" operation, we can completely + * invalidate the buffer now. We are rather through in that + * since the buffer may be still accessible when blocksize < + * pagesize and it is attached to the last partial page. + */ + if (buffer_freed(bh) && !jh->b_next_transaction) { + clear_buffer_freed(bh); + clear_buffer_jbddirty(bh); + clear_buffer_mapped(bh); + clear_buffer_new(bh); + clear_buffer_req(bh); + bh->b_bdev = NULL; } if (buffer_jbddirty(bh)) { diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c index 911ff18249b7..97ffe12a2262 100644 --- a/fs/jbd2/transaction.c +++ b/fs/jbd2/transaction.c @@ -2228,14 +2228,16 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh, return -EBUSY; } /* - * OK, buffer won't be reachable after truncate. We just set - * j_next_transaction to the running transaction (if there is - * one) and mark buffer as freed so that commit code knows it - * should clear dirty bits when it is done with the buffer. + * OK, buffer won't be reachable after truncate. We just clear + * b_modified to not confuse transaction credit accounting, and + * set j_next_transaction to the running transaction (if there + * is one) and mark buffer as freed so that commit code knows + * it should clear dirty bits when it is done with the buffer. */ set_buffer_freed(bh); if (journal->j_running_transaction && buffer_jbddirty(bh)) jh->b_next_transaction = journal->j_running_transaction; + jh->b_modified = 0; jbd2_journal_put_journal_head(jh); spin_unlock(&journal->j_list_lock); jbd_unlock_bh_state(bh); -- 2.17.2

4 years, 8 months

1
1
0 0

[PATCH 4.14 1/2] jbd2: move the clearing of b_modified flag to the journal_unmap_buffer()

by zhangyi (F)

[ Upstream commit 6a66a7ded12baa6ebbb2e3e82f8cb91382814839 ] There is no need to delay the clearing of b_modified flag to the transaction committing time when unmapping the journalled buffer, so just move it to the journal_unmap_buffer(). Link: https://lore.kernel.org/r/20200213063821.30455-2-yi.zhang@huawei.com Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: zhangyi (F) <yi.zhang(a)huawei.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)kernel.org --- fs/jbd2/commit.c | 43 +++++++++++++++---------------------------- fs/jbd2/transaction.c | 10 ++++++---- 2 files changed, 21 insertions(+), 32 deletions(-) diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c index 7dd613392592..89cbf45a1dcd 100644 --- a/fs/jbd2/commit.c +++ b/fs/jbd2/commit.c @@ -973,34 +973,21 @@ void jbd2_journal_commit_transaction(journal_t *journal) * it. */ /* - * A buffer which has been freed while still being journaled by - * a previous transaction. - */ - if (buffer_freed(bh)) { - /* - * If the running transaction is the one containing - * "add to orphan" operation (b_next_transaction != - * NULL), we have to wait for that transaction to - * commit before we can really get rid of the buffer. - * So just clear b_modified to not confuse transaction - * credit accounting and refile the buffer to - * BJ_Forget of the running transaction. If the just - * committed transaction contains "add to orphan" - * operation, we can completely invalidate the buffer - * now. We are rather through in that since the - * buffer may be still accessible when blocksize < - * pagesize and it is attached to the last partial - * page. - */ - jh->b_modified = 0; - if (!jh->b_next_transaction) { - clear_buffer_freed(bh); - clear_buffer_jbddirty(bh); - clear_buffer_mapped(bh); - clear_buffer_new(bh); - clear_buffer_req(bh); - bh->b_bdev = NULL; - } + * A buffer which has been freed while still being journaled + * by a previous transaction, refile the buffer to BJ_Forget of + * the running transaction. If the just committed transaction + * contains "add to orphan" operation, we can completely + * invalidate the buffer now. We are rather through in that + * since the buffer may be still accessible when blocksize < + * pagesize and it is attached to the last partial page. + */ + if (buffer_freed(bh) && !jh->b_next_transaction) { + clear_buffer_freed(bh); + clear_buffer_jbddirty(bh); + clear_buffer_mapped(bh); + clear_buffer_new(bh); + clear_buffer_req(bh); + bh->b_bdev = NULL; } if (buffer_jbddirty(bh)) { diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c index 7fe422eced89..f2ff141a4479 100644 --- a/fs/jbd2/transaction.c +++ b/fs/jbd2/transaction.c @@ -2231,14 +2231,16 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh, return -EBUSY; } /* - * OK, buffer won't be reachable after truncate. We just set - * j_next_transaction to the running transaction (if there is - * one) and mark buffer as freed so that commit code knows it - * should clear dirty bits when it is done with the buffer. + * OK, buffer won't be reachable after truncate. We just clear + * b_modified to not confuse transaction credit accounting, and + * set j_next_transaction to the running transaction (if there + * is one) and mark buffer as freed so that commit code knows + * it should clear dirty bits when it is done with the buffer. */ set_buffer_freed(bh); if (journal->j_running_transaction && buffer_jbddirty(bh)) jh->b_next_transaction = journal->j_running_transaction; + jh->b_modified = 0; jbd2_journal_put_journal_head(jh); spin_unlock(&journal->j_list_lock); jbd_unlock_bh_state(bh); -- 2.17.2

4 years, 8 months

1
1
0 0

[PATCH 4.9 1/2] jbd2: move the clearing of b_modified flag to the journal_unmap_buffer()

by zhangyi (F)

[ Upstream commit 6a66a7ded12baa6ebbb2e3e82f8cb91382814839 ] There is no need to delay the clearing of b_modified flag to the transaction committing time when unmapping the journalled buffer, so just move it to the journal_unmap_buffer(). Link: https://lore.kernel.org/r/20200213063821.30455-2-yi.zhang@huawei.com Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: zhangyi (F) <yi.zhang(a)huawei.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)kernel.org --- fs/jbd2/commit.c | 43 +++++++++++++++---------------------------- fs/jbd2/transaction.c | 10 ++++++---- 2 files changed, 21 insertions(+), 32 deletions(-) diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c index d002b2b6895f..2ee0013d86af 100644 --- a/fs/jbd2/commit.c +++ b/fs/jbd2/commit.c @@ -969,34 +969,21 @@ void jbd2_journal_commit_transaction(journal_t *journal) * it. */ /* - * A buffer which has been freed while still being journaled by - * a previous transaction. - */ - if (buffer_freed(bh)) { - /* - * If the running transaction is the one containing - * "add to orphan" operation (b_next_transaction != - * NULL), we have to wait for that transaction to - * commit before we can really get rid of the buffer. - * So just clear b_modified to not confuse transaction - * credit accounting and refile the buffer to - * BJ_Forget of the running transaction. If the just - * committed transaction contains "add to orphan" - * operation, we can completely invalidate the buffer - * now. We are rather through in that since the - * buffer may be still accessible when blocksize < - * pagesize and it is attached to the last partial - * page. - */ - jh->b_modified = 0; - if (!jh->b_next_transaction) { - clear_buffer_freed(bh); - clear_buffer_jbddirty(bh); - clear_buffer_mapped(bh); - clear_buffer_new(bh); - clear_buffer_req(bh); - bh->b_bdev = NULL; - } + * A buffer which has been freed while still being journaled + * by a previous transaction, refile the buffer to BJ_Forget of + * the running transaction. If the just committed transaction + * contains "add to orphan" operation, we can completely + * invalidate the buffer now. We are rather through in that + * since the buffer may be still accessible when blocksize < + * pagesize and it is attached to the last partial page. + */ + if (buffer_freed(bh) && !jh->b_next_transaction) { + clear_buffer_freed(bh); + clear_buffer_jbddirty(bh); + clear_buffer_mapped(bh); + clear_buffer_new(bh); + clear_buffer_req(bh); + bh->b_bdev = NULL; } if (buffer_jbddirty(bh)) { diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c index 799f96c67211..04dd0652bb5c 100644 --- a/fs/jbd2/transaction.c +++ b/fs/jbd2/transaction.c @@ -2213,14 +2213,16 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh, return -EBUSY; } /* - * OK, buffer won't be reachable after truncate. We just set - * j_next_transaction to the running transaction (if there is - * one) and mark buffer as freed so that commit code knows it - * should clear dirty bits when it is done with the buffer. + * OK, buffer won't be reachable after truncate. We just clear + * b_modified to not confuse transaction credit accounting, and + * set j_next_transaction to the running transaction (if there + * is one) and mark buffer as freed so that commit code knows + * it should clear dirty bits when it is done with the buffer. */ set_buffer_freed(bh); if (journal->j_running_transaction && buffer_jbddirty(bh)) jh->b_next_transaction = journal->j_running_transaction; + jh->b_modified = 0; jbd2_journal_put_journal_head(jh); spin_unlock(&journal->j_list_lock); jbd_unlock_bh_state(bh); -- 2.17.2

4 years, 8 months

1
1
0 0

[PATCH 4.4 1/2] jbd2: move the clearing of b_modified flag to the journal_unmap_buffer()

by zhangyi (F)

[ Upstream commit 6a66a7ded12baa6ebbb2e3e82f8cb91382814839 ] There is no need to delay the clearing of b_modified flag to the transaction committing time when unmapping the journalled buffer, so just move it to the journal_unmap_buffer(). Link: https://lore.kernel.org/r/20200213063821.30455-2-yi.zhang@huawei.com Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: zhangyi (F) <yi.zhang(a)huawei.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)kernel.org --- fs/jbd2/commit.c | 43 +++++++++++++++---------------------------- fs/jbd2/transaction.c | 10 ++++++---- 2 files changed, 21 insertions(+), 32 deletions(-) diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c index ebbd7d054cab..3bf86d912b76 100644 --- a/fs/jbd2/commit.c +++ b/fs/jbd2/commit.c @@ -987,34 +987,21 @@ restart_loop: * it. */ /* - * A buffer which has been freed while still being journaled by - * a previous transaction. - */ - if (buffer_freed(bh)) { - /* - * If the running transaction is the one containing - * "add to orphan" operation (b_next_transaction != - * NULL), we have to wait for that transaction to - * commit before we can really get rid of the buffer. - * So just clear b_modified to not confuse transaction - * credit accounting and refile the buffer to - * BJ_Forget of the running transaction. If the just - * committed transaction contains "add to orphan" - * operation, we can completely invalidate the buffer - * now. We are rather through in that since the - * buffer may be still accessible when blocksize < - * pagesize and it is attached to the last partial - * page. - */ - jh->b_modified = 0; - if (!jh->b_next_transaction) { - clear_buffer_freed(bh); - clear_buffer_jbddirty(bh); - clear_buffer_mapped(bh); - clear_buffer_new(bh); - clear_buffer_req(bh); - bh->b_bdev = NULL; - } + * A buffer which has been freed while still being journaled + * by a previous transaction, refile the buffer to BJ_Forget of + * the running transaction. If the just committed transaction + * contains "add to orphan" operation, we can completely + * invalidate the buffer now. We are rather through in that + * since the buffer may be still accessible when blocksize < + * pagesize and it is attached to the last partial page. + */ + if (buffer_freed(bh) && !jh->b_next_transaction) { + clear_buffer_freed(bh); + clear_buffer_jbddirty(bh); + clear_buffer_mapped(bh); + clear_buffer_new(bh); + clear_buffer_req(bh); + bh->b_bdev = NULL; } if (buffer_jbddirty(bh)) { diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c index c34433432d47..6457023d8fac 100644 --- a/fs/jbd2/transaction.c +++ b/fs/jbd2/transaction.c @@ -2223,14 +2223,16 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh, return -EBUSY; } /* - * OK, buffer won't be reachable after truncate. We just set - * j_next_transaction to the running transaction (if there is - * one) and mark buffer as freed so that commit code knows it - * should clear dirty bits when it is done with the buffer. + * OK, buffer won't be reachable after truncate. We just clear + * b_modified to not confuse transaction credit accounting, and + * set j_next_transaction to the running transaction (if there + * is one) and mark buffer as freed so that commit code knows + * it should clear dirty bits when it is done with the buffer. */ set_buffer_freed(bh); if (journal->j_running_transaction && buffer_jbddirty(bh)) jh->b_next_transaction = journal->j_running_transaction; + jh->b_modified = 0; jbd2_journal_put_journal_head(jh); spin_unlock(&journal->j_list_lock); jbd_unlock_bh_state(bh); -- 2.17.2

4 years, 8 months

1
1
0 0

[PATCH v2 2/7] nvmem: fix another memory leak in error path

by Bartosz Golaszewski

From: Bartosz Golaszewski <bgolaszewski(a)baylibre.com> The nvmem struct is only freed on the first error check after its allocation and leaked after that. Fix it with a new label. Cc: <stable(a)vger.kernel.org> Signed-off-by: Bartosz Golaszewski <bgolaszewski(a)baylibre.com> --- drivers/nvmem/core.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c index b0be03d5f240..c9b3f4047154 100644 --- a/drivers/nvmem/core.c +++ b/drivers/nvmem/core.c @@ -343,10 +343,8 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config) return ERR_PTR(-ENOMEM); rval = ida_simple_get(&nvmem_ida, 0, 0, GFP_KERNEL); - if (rval < 0) { - kfree(nvmem); - return ERR_PTR(rval); - } + if (rval < 0) + goto err_free_nvmem; if (config->wp_gpio) nvmem->wp_gpio = config->wp_gpio; else @@ -432,6 +430,8 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config) put_device(&nvmem->dev); err_ida_remove: ida_simple_remove(&nvmem_ida, nvmem->id); +err_free_nvmem: + kfree(nvmem); return ERR_PTR(rval); } -- 2.25.0

4 years, 8 months

3
6
0 0

[PATCH 0/2] serial: imx: Backport fixes for irq handling to v4.14

by Schrempf Frieder

From: Frieder Schrempf <frieder.schrempf(a)kontron.de> A customer of ours has problems with RS485 on i.MX6UL with the latest v4.14 kernel. They get an exception like below from time to time (the trace is from an older kernel, but the problem also exists in v4.14.170). As the cpuidle state 2 causes large delays for the interrupt that controls the RS485 RTS signal (which can lead to collisions on the bus), cpuidle state 2 was disabled on this system. This aspect might cause the exception happening more often on this system than on other systems with default cpuidle settings. Looking for solutions I found Uwe's patches that were applied in v4.17 being mentioned here [1] and here [2]. In [1] Uwe notes that backporting these fixes to v4.14 might not be trivial, but I tried and in my opinion found it not to be too problematic either. With the backported patches applied, our customer reports that the exceptions stopped occuring. Given this and the fact that the problem seems to be known and quite common, it would be nice to get this into the v4.14 stable tree. [1] https://patchwork.kernel.org/patch/11342831/ [2] https://community.nxp.com/thread/481000 Stack trace: Unhandled fault: external abort on non-linefetch (0x1008) at 0x90928000 pgd = 8ce1c000 [90928000] *pgd=8d806811, *pte=021ec653, *ppte=021ec453 Internal error: : 1008 [#1] PREEMPT SMP ARM Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite xt_tcpudp iptable_filter ip_tables x_tables spidev CPU: 0 PID: 277 Comm: mtiosSys5.elf Not tainted 4.14.89-exceet #4015 Hardware name: Freescale i.MX6 Ultralite (Device Tree) task: 8da9de00 task.stack: 8cd50000 PC is at imx_rxint+0x58/0x298 LR is at _raw_spin_lock_irqsave+0x18/0x5c pc : [<8044fa08>] lr : [<80711208>] psr: 20070193 sp : 8cd51ce0 ip : 8d400234 fp : 8da94010 r10: 80957900 r9 : 80c3e7ed r8 : 00000004 r7 : 80c02d00 r6 : 00000000 r5 : 8dae49f0 r4 : 00000001 r3 : 0000e38e r2 : 00021500 r1 : 90928000 r0 : 40070193 Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment none Control: 10c5387d Table: 8ce1c06a DAC: 00000051 Process mtiosSys5.elf (pid: 277, stack limit = 0x8cd50210) Stack: (0x8cd51ce0 to 0x8cd52000) [...] [<8044fa08>] (imx_rxint) from [<80450c1c>] (imx_int+0x124/0x20c) [<80450c1c>] (imx_int) from [<8015ea94>] (__handle_irq_event_percpu+0x50/0x11c) [<8015ea94>] (__handle_irq_event_percpu) from [<8015eb7c>] (handle_irq_event_percpu+0x1c/0x58) [<8015eb7c>] (handle_irq_event_percpu) from [<8015ebf0>] (handle_irq_event+0x38/0x5c) [<8015ebf0>] (handle_irq_event) from [<801621d4>] (handle_fasteoi_irq+0xb8/0x16c) [<801621d4>] (handle_fasteoi_irq) from [<8015dd98>] (generic_handle_irq+0x24/0x34) [<8015dd98>] (generic_handle_irq) from [<8015e2c0>] (__handle_domain_irq+0x7c/0xec) [<8015e2c0>] (__handle_domain_irq) from [<80101448>] (gic_handle_irq+0x4c/0x90) [<80101448>] (gic_handle_irq) from [<8010bf4c>] (__irq_svc+0x6c/0xa8) [...] [<8010bf4c>] (__irq_svc) from [<80711580>] (_raw_spin_unlock_irqrestore+0x20/0x54) [<80711580>] (_raw_spin_unlock_irqrestore) from [<8044baf4>] (uart_write+0x110/0x178) [<8044baf4>] (uart_write) from [<804339b8>] (n_tty_write+0x350/0x440) [<804339b8>] (n_tty_write) from [<8042fbe8>] (tty_write+0x180/0x354) [<8042fbe8>] (tty_write) from [<801f93bc>] (__vfs_write+0x1c/0x120) [<801f93bc>] (__vfs_write) from [<801f9634>] (vfs_write+0xa4/0x168) [<801f9634>] (vfs_write) from [<801f97f8>] (SyS_write+0x3c/0x90) [<801f97f8>] (SyS_write) from [<80107900>] (ret_fast_syscall+0x0/0x54) Code: e59b2074 e59b1008 e2822001 e58b2074 (e591a000) Uwe Kleine-König (2): serial: imx: ensure that RX irqs are off if RX is off serial: imx: Only handle irqs that are actually enabled drivers/tty/serial/imx.c | 169 +++++++++++++++++++++++++++------------ 1 file changed, 117 insertions(+), 52 deletions(-) -- 2.17.1

4 years, 8 months

3
6
0 0

[PATCH v2 1/7] nvmem: fix memory leak in error path

by Bartosz Golaszewski

From: Bartosz Golaszewski <bgolaszewski(a)baylibre.com> We need to remove the ida mapping when returning from nvmem_register() with an error. Cc: <stable(a)vger.kernel.org> Signed-off-by: Bartosz Golaszewski <bgolaszewski(a)baylibre.com> --- drivers/nvmem/core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c index ef326f243f36..b0be03d5f240 100644 --- a/drivers/nvmem/core.c +++ b/drivers/nvmem/core.c @@ -353,7 +353,7 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config) nvmem->wp_gpio = gpiod_get_optional(config->dev, "wp", GPIOD_OUT_HIGH); if (IS_ERR(nvmem->wp_gpio)) - return ERR_CAST(nvmem->wp_gpio); + goto err_ida_remove; kref_init(&nvmem->refcnt); @@ -430,6 +430,8 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config) device_del(&nvmem->dev); err_put_device: put_device(&nvmem->dev); +err_ida_remove: + ida_simple_remove(&nvmem_ida, nvmem->id); return ERR_PTR(rval); } -- 2.25.0

4 years, 8 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2020