March 2020 - Linux-stable-mirror

FAILED: patch "[PATCH] audit: always check the netlink payload length in" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 756125289285f6e55a03861bf4b6257aa3d19a93 Mon Sep 17 00:00:00 2001 From: Paul Moore <paul(a)paul-moore.com> Date: Mon, 24 Feb 2020 16:38:57 -0500 Subject: [PATCH] audit: always check the netlink payload length in audit_receive_msg() This patch ensures that we always check the netlink payload length in audit_receive_msg() before we take any action on the payload itself. Cc: stable(a)vger.kernel.org Reported-by: syzbot+399c44bf1f43b8747403(a)syzkaller.appspotmail.com Reported-by: syzbot+e4b12d8d202701f08b6d(a)syzkaller.appspotmail.com Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/kernel/audit.c b/kernel/audit.c index 17b0d523afb3..9ddfe2aa6671 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1101,13 +1101,11 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature audit_log_end(ab); } -static int audit_set_feature(struct sk_buff *skb) +static int audit_set_feature(struct audit_features *uaf) { - struct audit_features *uaf; int i; BUILD_BUG_ON(AUDIT_LAST_FEATURE + 1 > ARRAY_SIZE(audit_feature_names)); - uaf = nlmsg_data(nlmsg_hdr(skb)); /* if there is ever a version 2 we should handle that here */ @@ -1175,6 +1173,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) { u32 seq; void *data; + int data_len; int err; struct audit_buffer *ab; u16 msg_type = nlh->nlmsg_type; @@ -1188,6 +1187,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) seq = nlh->nlmsg_seq; data = nlmsg_data(nlh); + data_len = nlmsg_len(nlh); switch (msg_type) { case AUDIT_GET: { @@ -1211,7 +1211,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) struct audit_status s; memset(&s, 0, sizeof(s)); /* guard against past and future API changes */ - memcpy(&s, data, min_t(size_t, sizeof(s), nlmsg_len(nlh))); + memcpy(&s, data, min_t(size_t, sizeof(s), data_len)); if (s.mask & AUDIT_STATUS_ENABLED) { err = audit_set_enabled(s.enabled); if (err < 0) @@ -1315,7 +1315,9 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) return err; break; case AUDIT_SET_FEATURE: - err = audit_set_feature(skb); + if (data_len < sizeof(struct audit_features)) + return -EINVAL; + err = audit_set_feature(data); if (err) return err; break; @@ -1327,6 +1329,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) err = audit_filter(msg_type, AUDIT_FILTER_USER); if (err == 1) { /* match or error */ + char *str = data; + err = 0; if (msg_type == AUDIT_USER_TTY) { err = tty_audit_push(); @@ -1334,26 +1338,24 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) break; } audit_log_user_recv_msg(&ab, msg_type); - if (msg_type != AUDIT_USER_TTY) + if (msg_type != AUDIT_USER_TTY) { + /* ensure NULL termination */ + str[data_len - 1] = '\0'; audit_log_format(ab, " msg='%.*s'", AUDIT_MESSAGE_TEXT_MAX, - (char *)data); - else { - int size; - + str); + } else { audit_log_format(ab, " data="); - size = nlmsg_len(nlh); - if (size > 0 && - ((unsigned char *)data)[size - 1] == '\0') - size--; - audit_log_n_untrustedstring(ab, data, size); + if (data_len > 0 && str[data_len - 1] == '\0') + data_len--; + audit_log_n_untrustedstring(ab, str, data_len); } audit_log_end(ab); } break; case AUDIT_ADD_RULE: case AUDIT_DEL_RULE: - if (nlmsg_len(nlh) < sizeof(struct audit_rule_data)) + if (data_len < sizeof(struct audit_rule_data)) return -EINVAL; if (audit_enabled == AUDIT_LOCKED) { audit_log_common_recv_msg(audit_context(), &ab, @@ -1365,7 +1367,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) audit_log_end(ab); return -EPERM; } - err = audit_rule_change(msg_type, seq, data, nlmsg_len(nlh)); + err = audit_rule_change(msg_type, seq, data, data_len); break; case AUDIT_LIST_RULES: err = audit_list_rules_send(skb, seq); @@ -1380,7 +1382,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) case AUDIT_MAKE_EQUIV: { void *bufp = data; u32 sizes[2]; - size_t msglen = nlmsg_len(nlh); + size_t msglen = data_len; char *old, *new; err = -EINVAL; @@ -1456,7 +1458,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) memset(&s, 0, sizeof(s)); /* guard against past and future API changes */ - memcpy(&s, data, min_t(size_t, sizeof(s), nlmsg_len(nlh))); + memcpy(&s, data, min_t(size_t, sizeof(s), data_len)); /* check if new data is valid */ if ((s.enabled != 0 && s.enabled != 1) || (s.log_passwd != 0 && s.log_passwd != 1))

4 years, 9 months

1
0
0 0

[PATCH v3 2/8] ima: Switch to ima_hash_algo for boot aggregate

by Roberto Sassu

boot_aggregate is the first entry of IMA measurement list. Its purpose is to link pre-boot measurements to IMA measurements. As IMA was designed to work with a TPM 1.2, the SHA1 PCR bank was always selected. Currently, even if a TPM 2.0 is used, the SHA1 PCR bank is selected. However, the assumption that the SHA1 PCR bank is always available is not correct, as PCR banks can be selected with the PCR_Allocate() TPM command. This patch tries to use ima_hash_algo as hash algorithm for boot_aggregate. If no PCR bank uses that algorithm, the patch tries to find the SHA256 PCR bank (which is mandatory in the TCG PC Client specification). If also this bank is not found, the patch selects the first one. If the TPM algorithm of that bank is not mapped to a crypto ID, boot_aggregate is set to zero. Changelog v1: - add Mimi's comments - if there is no PCR bank for the IMA default algorithm use SHA256 (suggested by James Bottomley) Cc: stable(a)vger.kernel.org # 5.1.x Fixes: 879b589210a9 ("tpm: retrieve digest size of unknown algorithms with PCR read") Reported-by: Jerry Snitselaar <jsnitsel(a)redhat.com> Suggested-by: James Bottomley <James.Bottomley(a)HansenPartnership.com> Signed-off-by: Roberto Sassu <roberto.sassu(a)huawei.com> --- security/integrity/ima/ima_crypto.c | 45 +++++++++++++++++++++++++---- security/integrity/ima/ima_init.c | 22 ++++++++++---- 2 files changed, 56 insertions(+), 11 deletions(-) diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 73044fc6a952..f2f41a2bc3d4 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -655,18 +655,29 @@ static void __init ima_pcrread(u32 idx, struct tpm_digest *d) } /* - * Calculate the boot aggregate hash + * The boot_aggregate is a cumulative hash over TPM registers 0 - 7. With + * TPM 1.2 the boot_aggregate was based on reading the SHA1 PCRs, but with + * TPM 2.0 hash agility, TPM chips could support multiple TPM PCR banks, + * allowing firmware to configure and enable different banks. + * + * Knowing which TPM bank is read to calculate the boot_aggregate digest + * needs to be conveyed to a verifier. For this reason, use the same + * hash algorithm for reading the TPM PCRs as for calculating the boot + * aggregate digest as stored in the measurement list. */ -static int __init ima_calc_boot_aggregate_tfm(char *digest, +static int __init ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id, struct crypto_shash *tfm) { - struct tpm_digest d = { .alg_id = TPM_ALG_SHA1, .digest = {0} }; + struct tpm_digest d = { .alg_id = alg_id, .digest = {0} }; int rc; u32 i; SHASH_DESC_ON_STACK(shash, tfm); shash->tfm = tfm; + pr_devel("calculating the boot-aggregate based on TPM bank: %04x\n", + d.alg_id); + rc = crypto_shash_init(shash); if (rc != 0) return rc; @@ -675,7 +686,8 @@ static int __init ima_calc_boot_aggregate_tfm(char *digest, for (i = TPM_PCR0; i < TPM_PCR8; i++) { ima_pcrread(i, &d); /* now accumulate with current aggregate */ - rc = crypto_shash_update(shash, d.digest, TPM_DIGEST_SIZE); + rc = crypto_shash_update(shash, d.digest, + crypto_shash_digestsize(tfm)); } if (!rc) crypto_shash_final(shash, digest); @@ -685,14 +697,35 @@ static int __init ima_calc_boot_aggregate_tfm(char *digest, int __init ima_calc_boot_aggregate(struct ima_digest_data *hash) { struct crypto_shash *tfm; - int rc; + u16 crypto_id, alg_id; + int rc, i, bank_idx = 0; + + for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) { + crypto_id = ima_tpm_chip->allocated_banks[i].crypto_id; + if (crypto_id == hash->algo) { + bank_idx = i; + break; + } + + if (crypto_id == HASH_ALGO_SHA256) + bank_idx = i; + } + + if (bank_idx == 0 && + ima_tpm_chip->allocated_banks[0].crypto_id == HASH_ALGO__LAST) { + pr_err("No suitable TPM algorithm for boot aggregate\n"); + return 0; + } + + hash->algo = ima_tpm_chip->allocated_banks[bank_idx].crypto_id; tfm = ima_alloc_tfm(hash->algo); if (IS_ERR(tfm)) return PTR_ERR(tfm); hash->length = crypto_shash_digestsize(tfm); - rc = ima_calc_boot_aggregate_tfm(hash->digest, tfm); + alg_id = ima_tpm_chip->allocated_banks[bank_idx].alg_id; + rc = ima_calc_boot_aggregate_tfm(hash->digest, alg_id, tfm); ima_free_tfm(tfm); diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index 5d55ade5f3b9..fbd7a8e28a6b 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -27,7 +27,7 @@ struct tpm_chip *ima_tpm_chip; /* Add the boot aggregate to the IMA measurement list and extend * the PCR register. * - * Calculate the boot aggregate, a SHA1 over tpm registers 0-7, + * Calculate the boot aggregate, a hash over tpm registers 0-7, * assuming a TPM chip exists, and zeroes if the TPM chip does not * exist. Add the boot aggregate measurement to the measurement * list and extend the PCR register. @@ -51,15 +51,27 @@ static int __init ima_add_boot_aggregate(void) int violation = 0; struct { struct ima_digest_data hdr; - char digest[TPM_DIGEST_SIZE]; + char digest[TPM_MAX_DIGEST_SIZE]; } hash; memset(iint, 0, sizeof(*iint)); memset(&hash, 0, sizeof(hash)); iint->ima_hash = &hash.hdr; - iint->ima_hash->algo = HASH_ALGO_SHA1; - iint->ima_hash->length = SHA1_DIGEST_SIZE; - + iint->ima_hash->algo = ima_hash_algo; + iint->ima_hash->length = hash_digest_size[ima_hash_algo]; + + /* + * With TPM 2.0 hash agility, TPM chips could support multiple TPM + * PCR banks, allowing firmware to configure and enable different + * banks. The SHA1 bank is not necessarily enabled. + * + * Use the same hash algorithm for reading the TPM PCRs as for + * calculating the boot aggregate digest. Preference is given to + * the configured IMA default hash algorithm. Otherwise, use the + * TPM required banks - SHA256 for TPM 2.0, SHA1 for TPM 1.2. If + * SHA256 is not available, use the first PCR bank and if that is + * not mapped to a crypto ID, set boot_aggregate to zero. + */ if (ima_tpm_chip) { result = ima_calc_boot_aggregate(&hash.hdr); if (result < 0) { -- 2.17.1

4 years, 9 months

2
7
0 0

[PATCH v3] usb: gadget: f_fs: try to fix AIO issue under ARM 64 bit TAGGED mode

by Macpaul Lin

This issue was found when adbd trying to open functionfs with AIO mode. Usually, we need to set "setprop sys.usb.ffs.aio_compat 0" to enable adbd with AIO mode on Android. When adbd is opening functionfs, it will try to read 24 bytes at the first read I/O control. If this reading has been failed, adbd will try to send FUNCTIONFS_CLEAR_HALT to functionfs. When adbd is in AIO mode, functionfs will be acted with asyncronized I/O path. After the successful read transfer has been completed by gadget hardware, the following series of functions will be called. ffs_epfile_async_io_complete() -> ffs_user_copy_worker() -> copy_to_iter() -> _copy_to_iter() -> copyout() -> iterate_and_advance() -> iterate_iovec() Adding debug trace to these functions, it has been found that in copyout(), access_ok() will check if the user space address is valid to write. However if CONFIG_ARM64_TAGGED_ADDR_ABI is enabled, adbd always passes user space address start with "0x3C" to gadget's AIO blocks. This tagged address will cause access_ok() check always fail. Which causes later calculation in iterate_iovec() turn zero. Copyout() won't copy data to userspace since the length to be copied "v.iov_len" will be zero. Finally leads ffs_copy_to_iter() always return -EFAULT, causes adbd cannot open functionfs and send FUNCTIONFS_CLEAR_HALT. Signed-off-by: Macpaul Lin <macpaul.lin(a)mediatek.com> --- Changes for v3: - Fix misspelling in commit message. Changes for v2: - Fix build error for 32-bit load. An #if defined(CONFIG_ARM64) still need for avoiding undeclared defines. drivers/usb/gadget/function/f_fs.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index ce1d023..728c260 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -35,6 +35,7 @@ #include <linux/mmu_context.h> #include <linux/poll.h> #include <linux/eventfd.h> +#include <linux/thread_info.h> #include "u_fs.h" #include "u_f.h" @@ -826,6 +827,10 @@ static void ffs_user_copy_worker(struct work_struct *work) if (io_data->read && ret > 0) { mm_segment_t oldfs = get_fs(); +#if defined(CONFIG_ARM64) + if (IS_ENABLED(CONFIG_ARM64_TAGGED_ADDR_ABI)) + set_thread_flag(TIF_TAGGED_ADDR); +#endif set_fs(USER_DS); use_mm(io_data->mm); ret = ffs_copy_to_iter(io_data->buf, ret, &io_data->data); -- 1.7.9.5

4 years, 9 months

3
8
0 0

[PATCH v3] iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page

by Yonghyun Hwang

intel_iommu_iova_to_phys() has a bug when it translates an IOVA for a huge page onto its corresponding physical address. This commit fixes the bug by accomodating the level of page entry for the IOVA and adds IOVA's lower address to the physical address. Cc: <stable(a)vger.kernel.org> Acked-by: Lu Baolu <baolu.lu(a)linux.intel.com> Reviewed-by: Moritz Fischer <mdf(a)kernel.org> Signed-off-by: Yonghyun Hwang <yonghyun(a)google.com> --- Changes from v2: - a new condition is added to check whether the pte is present. Changes from v1: - level cannot be 0. So, the condition, "if (level > 1)", is removed, which results in a simple code. - a macro, BIT_MASK, is used to have a bit mask --- drivers/iommu/intel-iommu.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c index 932267f49f9a..0837e0063973 100644 --- a/drivers/iommu/intel-iommu.c +++ b/drivers/iommu/intel-iommu.c @@ -5553,8 +5553,10 @@ static phys_addr_t intel_iommu_iova_to_phys(struct iommu_domain *domain, u64 phys = 0; pte = pfn_to_dma_pte(dmar_domain, iova >> VTD_PAGE_SHIFT, &level); - if (pte) - phys = dma_pte_addr(pte); + if (pte && dma_pte_present(pte)) + phys = dma_pte_addr(pte) + + (iova & (BIT_MASK(level_to_offset_bits(level) + + VTD_PAGE_SHIFT) - 1)); return phys; } -- 2.25.0.265.gbab2e86ba0-goog

4 years, 9 months

2
1
0 0

[PATCH v5 3/5] MIPS: DTS: CI20: fix interrupt for pcf8563 RTC

by H. Nikolaus Schaller

Interrupts should not be specified by interrupt line but by gpio parent and reference. Fixes: 73f2b940474d ("MIPS: CI20: DTS: Add I2C nodes") Cc: stable(a)vger.kernel.org Signed-off-by: H. Nikolaus Schaller <hns(a)goldelico.com> Reviewed-by: Paul Cercueil <paul(a)crapouillou.net> --- arch/mips/boot/dts/ingenic/ci20.dts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/mips/boot/dts/ingenic/ci20.dts b/arch/mips/boot/dts/ingenic/ci20.dts index ae391e0cd38a..0251ca154ccb 100644 --- a/arch/mips/boot/dts/ingenic/ci20.dts +++ b/arch/mips/boot/dts/ingenic/ci20.dts @@ -4,6 +4,7 @@ #include "jz4780.dtsi" #include <dt-bindings/clock/ingenic,tcu.h> #include <dt-bindings/gpio/gpio.h> +#include <dt-bindings/interrupt-controller/irq.h> #include <dt-bindings/regulator/active-semi,8865-regulator.h> / { @@ -283,7 +284,9 @@ Optional input supply properties: rtc@51 { compatible = "nxp,pcf8563"; reg = <0x51>; - interrupts = <110>; + + interrupt-parent = <&gpf>; + interrupts = <30 IRQ_TYPE_LEVEL_LOW>; }; }; -- 2.23.0

4 years, 9 months

2
1
0 0

[PATCH v2] KVM: arm64: pmu: Don't increment SW_INCR if PMCR.E is unset

by Eric Auger

commit 3837407c1aa1 upstream. The specification says PMSWINC increments PMEVCNTR<n>_EL1 by 1 if PMEVCNTR<n>_EL0 is enabled and configured to count SW_INCR. For PMEVCNTR<n>_EL0 to be enabled, we need both PMCNTENSET to be set for the corresponding event counter but we also need the PMCR.E bit to be set. Fixes: 7a0adc7064b8 ("arm64: KVM: Add access handler for PMSWINC register") Signed-off-by: Eric Auger <eric.auger(a)redhat.com> Cc: <stable(a)vger.kernel.org> # 4.9 and 4.14 only --- This is a backport of 3837407c1aa1 ("KVM: arm64: pmu: Don't increment SW_INCR if PMCR.E is unset") which did not apply on 4.9-stable and 4.14-stable trees. Compared to the original patch __vcpu_sys_reg() is replaced by vcpu_sys_reg(). v1 -> v2: - this patch also is candidate for 4.9-stable --- virt/kvm/arm/pmu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/virt/kvm/arm/pmu.c b/virt/kvm/arm/pmu.c index 69ccce308458..9a47b0cfb01d 100644 --- a/virt/kvm/arm/pmu.c +++ b/virt/kvm/arm/pmu.c @@ -299,6 +299,9 @@ void kvm_pmu_software_increment(struct kvm_vcpu *vcpu, u64 val) if (val == 0) return; + if (!(vcpu_sys_reg(vcpu, PMCR_EL0) & ARMV8_PMU_PMCR_E)) + return; + enable = vcpu_sys_reg(vcpu, PMCNTENSET_EL0); for (i = 0; i < ARMV8_PMU_CYCLE_IDX; i++) { if (!(val & BIT(i))) -- 2.20.1

4 years, 9 months

2
1
0 0

[PATCH] mtd: rawnand: ingenic: Fix unmet dependency if COMPILE_TEST

by Paul Cercueil

Commit 7c779cf7c1f7 ("mtd: rawnand: ingenic: Allow to compile test the new Ingenic driver") dropped the dependency on JZ4780_NEMC when COMPILE_TEST was set, which is wrong, as the driver requires symbols provided by the jz4780-nemc driver. Change the dependency to (MIPS || COMPILE_TEST) && JZ4780_NEMC to address the issue. Fixes: 7c779cf7c1f7 ("mtd: rawnand: ingenic: Allow to compile test the new Ingenic driver") Cc: stable(a)vger.kernel.org Signed-off-by: Paul Cercueil <paul(a)crapouillou.net> --- drivers/mtd/nand/raw/ingenic/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/nand/raw/ingenic/Kconfig b/drivers/mtd/nand/raw/ingenic/Kconfig index 485abfa3f80b..96c5ae8b1bbc 100644 --- a/drivers/mtd/nand/raw/ingenic/Kconfig +++ b/drivers/mtd/nand/raw/ingenic/Kconfig @@ -1,7 +1,8 @@ # SPDX-License-Identifier: GPL-2.0-only config MTD_NAND_JZ4780 tristate "JZ4780 NAND controller" - depends on JZ4780_NEMC || COMPILE_TEST + depends on MIPS || COMPILE_TEST + depends on JZ4780_NEMC help Enables support for NAND Flash connected to the NEMC on JZ4780 SoC based boards, using the BCH controller for hardware error correction. -- 2.25.1

4 years, 9 months

2
1
0 0

[PATCH] KVM: arm64: pmu: Don't increment SW_INCR if PMCR.E is unset

by Eric Auger

commit 3837407c1aa1 upstream. The specification says PMSWINC increments PMEVCNTR<n>_EL1 by 1 if PMEVCNTR<n>_EL0 is enabled and configured to count SW_INCR. For PMEVCNTR<n>_EL0 to be enabled, we need both PMCNTENSET to be set for the corresponding event counter but we also need the PMCR.E bit to be set. Fixes: 7a0adc7064b8 ("arm64: KVM: Add access handler for PMSWINC register") Signed-off-by: Eric Auger <eric.auger(a)redhat.com> Cc: <stable(a)vger.kernel.org> # 4.14 only --- This is a backport of 3837407c1aa1 ("KVM: arm64: pmu: Don't increment SW_INCR if PMCR.E is unset") which did not apply on 4.14-stable. Compared to the original patch __vcpu_sys_reg() is replaced by vcpu_sys_reg(). --- virt/kvm/arm/pmu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/virt/kvm/arm/pmu.c b/virt/kvm/arm/pmu.c index 8a9c42366db7..3998add436da 100644 --- a/virt/kvm/arm/pmu.c +++ b/virt/kvm/arm/pmu.c @@ -316,6 +316,9 @@ void kvm_pmu_software_increment(struct kvm_vcpu *vcpu, u64 val) if (val == 0) return; + if (!(vcpu_sys_reg(vcpu, PMCR_EL0) & ARMV8_PMU_PMCR_E)) + return; + enable = vcpu_sys_reg(vcpu, PMCNTENSET_EL0); for (i = 0; i < ARMV8_PMU_CYCLE_IDX; i++) { if (!(val & BIT(i))) -- 2.20.1

4 years, 9 months

1
0
0 0

LTS "sysrq: Restore original console_loglevel when sysrq disabled"

by Rantala, Tommi T. (Nokia - FI/Espoo)

Hi Greg, Sasha, Can you cherry-pick these two sysrq patches to LTS kernels? They're introduced in v5.1-rc1 and should go to all prior LTS versions. commit 075e1a0c50f59ea210561d0d0fedbd945615df78 Author: Petr Mladek <pmladek(a)suse.com> Date: Fri Jan 11 13:45:15 2019 +0100 sysrq: Restore original console_loglevel when sysrq disabled The sysrq header line is printed with an increased loglevel to provide users some positive feedback. The original loglevel is not restored when the sysrq operation is disabled. This bug was introduced in 2.6.12 (pre-git-history) by the commit ("Allow admin to enable only some of the Magic-Sysrq functions"). commit c3fee60908db4a8594f2e4a2131998384b8fa006 Author: Petr Mladek <pmladek(a)suse.com> Date: Fri Jan 11 17:20:37 2019 +0100 sysrq: Remove duplicated sysrq message The commit 97f5f0cd8cd0a0544 ("Input: implement SysRq as a separate input handler") added pr_fmt() definition. It caused a duplicated message prefix in the sysrq header messages, for example: [ 177.053931] sysrq: SysRq : Show backtrace of all active CPUs [ 742.864776] sysrq: SysRq : HELP : loglevel(0-9) reboot(b) crash(c) Fixes: 97f5f0cd8cd0a05 ("Input: implement SysRq as a separate input handler")

4 years, 9 months

2
1
0 0

[PATCH] dmaengine: imx-sdma: fix context cache

by Martin Fuzzey

There is a DMA problem with the serial ports on i.MX6. When the following sequence is performed: 1) Open a port 2) Write some data 3) Close the port 4) Open a *different* port 5) Write some data 6) Close the port The second write sends nothing and the second close hangs. If the first close() is omitted it works. Adding logs to the the UART driver shows that the DMA is being setup but the callback is never invoked for the second write. This used to work in 4.19. Git bisect leads to: ad0d92d: "dmaengine: imx-sdma: refine to load context only once" This commit adds a "context_loaded" flag used to avoid unnecessary context setups. However the flag is only reset in sdma_channel_terminate_work(), which is only invoked in a worker triggered by sdma_terminate_all() IF there is an active descriptor. So, if no active descriptor remains when the channel is terminated, the flag is not reset and, when the channel is later reused the old context is used. Fix the problem by always resetting the flag in sdma_free_chan_resources(). Fixes: ad0d92d: "dmaengine: imx-sdma: refine to load context only once" Cc: stable(a)vger.kernel.org Signed-off-by: Martin Fuzzey <martin.fuzzey(a)flowbird.group> --- The following python script may be used to reproduce the problem: import re, serial, sys ports=(0, 4) # Can be any ports not used (no need to connect anything) NOT console... def get_tx_counts(): pattern = re.compile("(\d+):.*tx:(\d+).*") tx_counts = {} with open("/proc/tty/driver/IMX-uart", "r") as f: for line in f: match = pattern.match(line) if match: tx_counts[int(match.group(1))] = int(match.group(2)) return tx_counts before = get_tx_counts() a = serial.Serial("/dev/ttymxc%d" % ports[0]) a.write("polop") a.close() b = serial.Serial("/dev/ttymxc%d" % ports[1]) b.write("test") after = get_tx_counts() if (after[ports[0]] - before[ports[0]] > 0) and (after[ports[1]] - before[ports[1]] > 0): print "PASS" sys.exit(0) else: print "FAIL" print "Before: %s" % before print "After: %s" % after sys.exit(1) --- drivers/dma/imx-sdma.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/dma/imx-sdma.c b/drivers/dma/imx-sdma.c index 066b21a..332ca50 100644 --- a/drivers/dma/imx-sdma.c +++ b/drivers/dma/imx-sdma.c @@ -1338,6 +1338,7 @@ static void sdma_free_chan_resources(struct dma_chan *chan) sdmac->event_id0 = 0; sdmac->event_id1 = 0; + sdmac->context_loaded = false; sdma_set_channel_priority(sdmac, 0); -- 1.9.1

4 years, 9 months

5
4
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror March 2020