July 2020 - Linux-stable-mirror

[PATCH v5 13/36] vmlinux.lds.h: add PGO and AutoFDO input sections

by Kees Cook

From: Nick Desaulniers <ndesaulniers(a)google.com> Basically, consider .text.{hot|unlikely|unknown}.* part of .text, too. When compiling with profiling information (collected via PGO instrumentations or AutoFDO sampling), Clang will separate code into .text.hot, .text.unlikely, or .text.unknown sections based on profiling information. After D79600 (clang-11), these sections will have a trailing `.` suffix, ie. .text.hot., .text.unlikely., .text.unknown.. When using -ffunction-sections together with profiling infomation, either explicitly (FGKASLR) or implicitly (LTO), code may be placed in sections following the convention: .text.hot.<foo>, .text.unlikely.<bar>, .text.unknown.<baz> where <foo>, <bar>, and <baz> are functions. (This produces one section per function; we generally try to merge these all back via linker script so that we don't have 50k sections). For the above cases, we need to teach our linker scripts that such sections might exist and that we'd explicitly like them grouped together, otherwise we can wind up with code outside of the _stext/_etext boundaries that might not be mapped properly for some architectures, resulting in boot failures. If the linker script is not told about possible input sections, then where the section is placed as output is a heuristic-laiden mess that's non-portable between linkers (ie. BFD and LLD), and has resulted in many hard to debug bugs. Kees Cook is working on cleaning this up by adding --orphan-handling=warn linker flag used in ARCH=powerpc to additional architectures. In the case of linker scripts, borrowing from the Zen of Python: explicit is better than implicit. Also, ld.bfd's internal linker script considers .text.hot AND .text.hot.* to be part of .text, as well as .text.unlikely and .text.unlikely.*. I didn't see support for .text.unknown.*, and didn't see Clang producing such code in our kernel builds, but I see code in LLVM that can produce such section names if profiling information is missing. That may point to a larger issue with generating or collecting profiles, but I would much rather be safe and explicit than have to debug yet another issue related to orphan section placement. Reported-by: Jian Cai <jiancai(a)google.com> Suggested-by: Fāng-ruì Sòng <maskray(a)google.com> Tested-by: Luis Lozano <llozano(a)google.com> Tested-by: Manoj Gupta <manojgupta(a)google.com> Acked-by: Kees Cook <keescook(a)chromium.org> Cc: stable(a)vger.kernel.org Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=add44f8d5c5c0… Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1de778ed23ce7… Link: https://reviews.llvm.org/D79600 Link: https://bugs.chromium.org/p/chromium/issues/detail?id=1084760 Debugged-by: Luis Lozano <llozano(a)google.com> Signed-off-by: Nick Desaulniers <ndesaulniers(a)google.com> Signed-off-by: Kees Cook <keescook(a)chromium.org> --- include/asm-generic/vmlinux.lds.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 2593957f6e8b..af5211ca857c 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -561,7 +561,10 @@ */ #define TEXT_TEXT \ ALIGN_FUNCTION(); \ - *(.text.hot TEXT_MAIN .text.fixup .text.unlikely) \ + *(.text.hot .text.hot.*) \ + *(TEXT_MAIN .text.fixup) \ + *(.text.unlikely .text.unlikely.*) \ + *(.text.unknown .text.unknown.*) \ NOINSTR_TEXT \ *(.text..refcount) \ *(.ref.text) \ -- 2.25.1

3 years, 8 months

6
13
0 0

[PATCH] xen: don't reschedule in preemption off sections

by Juergen Gross

For support of long running hypercalls xen_maybe_preempt_hcall() is calling cond_resched() in case a hypercall marked as preemptible has been interrupted. Normally this is no problem, as only hypercalls done via some ioctl()s are marked to be preemptible. In rare cases when during such a preemptible hypercall an interrupt occurs and any softirq action is started from irq_exit(), a further hypercall issued by the softirq handler will be regarded to be preemptible, too. This might lead to rescheduling in spite of the softirq handler potentially having set preempt_disable(), leading to splats like: BUG: sleeping function called from invalid context at drivers/xen/preempt.c:37 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 20775, name: xl INFO: lockdep is turned off. CPU: 1 PID: 20775 Comm: xl Tainted: G D W 5.4.46-1_prgmr_debug.el7.x86_64 #1 Call Trace: <IRQ> dump_stack+0x8f/0xd0 ___might_sleep.cold.76+0xb2/0x103 xen_maybe_preempt_hcall+0x48/0x70 xen_do_hypervisor_callback+0x37/0x40 RIP: e030:xen_hypercall_xen_version+0xa/0x20 Code: ... RSP: e02b:ffffc900400dcc30 EFLAGS: 00000246 RAX: 000000000004000d RBX: 0000000000000200 RCX: ffffffff8100122a RDX: ffff88812e788000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffffff83ee3ad0 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000246 R12: ffff8881824aa0b0 R13: 0000000865496000 R14: 0000000865496000 R15: ffff88815d040000 ? xen_hypercall_xen_version+0xa/0x20 ? xen_force_evtchn_callback+0x9/0x10 ? check_events+0x12/0x20 ? xen_restore_fl_direct+0x1f/0x20 ? _raw_spin_unlock_irqrestore+0x53/0x60 ? debug_dma_sync_single_for_cpu+0x91/0xc0 ? _raw_spin_unlock_irqrestore+0x53/0x60 ? xen_swiotlb_sync_single_for_cpu+0x3d/0x140 ? mlx4_en_process_rx_cq+0x6b6/0x1110 [mlx4_en] ? mlx4_en_poll_rx_cq+0x64/0x100 [mlx4_en] ? net_rx_action+0x151/0x4a0 ? __do_softirq+0xed/0x55b ? irq_exit+0xea/0x100 ? xen_evtchn_do_upcall+0x2c/0x40 ? xen_do_hypervisor_callback+0x29/0x40 </IRQ> ? xen_hypercall_domctl+0xa/0x20 ? xen_hypercall_domctl+0x8/0x20 ? privcmd_ioctl+0x221/0x990 [xen_privcmd] ? do_vfs_ioctl+0xa5/0x6f0 ? ksys_ioctl+0x60/0x90 ? trace_hardirqs_off_thunk+0x1a/0x20 ? __x64_sys_ioctl+0x16/0x20 ? do_syscall_64+0x62/0x250 ? entry_SYSCALL_64_after_hwframe+0x49/0xbe Fix that by testing preempt_count() before calling cond_resched(). In kernel 5.8 this can't happen any more due to the entry code rework. Reported-by: Sarah Newman <srn(a)prgmr.com> Fixes: 0fa2f5cb2b0ecd8 ("sched/preempt, xen: Use need_resched() instead of should_resched()") Cc: Sarah Newman <srn(a)prgmr.com> Signed-off-by: Juergen Gross <jgross(a)suse.com> --- drivers/xen/preempt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/xen/preempt.c b/drivers/xen/preempt.c index 17240c5325a3..6ad87b5c95ed 100644 --- a/drivers/xen/preempt.c +++ b/drivers/xen/preempt.c @@ -27,7 +27,7 @@ EXPORT_SYMBOL_GPL(xen_in_preemptible_hcall); asmlinkage __visible void xen_maybe_preempt_hcall(void) { if (unlikely(__this_cpu_read(xen_in_preemptible_hcall) - && need_resched())) { + && need_resched() && !preempt_count())) { /* * Clear flag as we may be rescheduled on a different * cpu. -- 2.26.2

3 years, 8 months

5
9
0 0

[PATCH 2/4] ARM: backtrace-clang: add fixup for lr dereference

by Nick Desaulniers

If the value of the link register is not correct (tail call from asm that didn't set it, stack corruption, memory no longer mapped), then using it for an address calculation may trigger an exception. Without a fixup handler, this will lead to a panic, which will unwind, which will trigger the fault repeatedly in an infinite loop. We don't observe such failures currently, but we have. Just to be safe, add a fixup handler here so that at least we don't have an infinite loop. Cc: stable(a)vger.kernel.org Fixes: commit 6dc5fd93b2f1 ("ARM: 8900/1: UNWINDER_FRAME_POINTER implementation for Clang") Reported-by: Miles Chen <miles.chen(a)mediatek.com> Signed-off-by: Nick Desaulniers <ndesaulniers(a)google.com> --- arch/arm/lib/backtrace-clang.S | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/arm/lib/backtrace-clang.S b/arch/arm/lib/backtrace-clang.S index 5388ac664c12..40eb2215eaf4 100644 --- a/arch/arm/lib/backtrace-clang.S +++ b/arch/arm/lib/backtrace-clang.S @@ -146,7 +146,7 @@ for_each_frame: tst frame, mask @ Check for address exceptions tst sv_lr, #0 @ If there's no previous lr, beq finished_setup @ we're done. - ldr r0, [sv_lr, #-4] @ get call instruction +prev_call: ldr r0, [sv_lr, #-4] @ get call instruction ldr r3, .Lopcode+4 and r2, r3, r0 @ is this a bl call teq r2, r3 @@ -206,6 +206,13 @@ finished_setup: mov r2, frame bl printk no_frame: ldmfd sp!, {r4 - r9, fp, pc} +/* + * Accessing the address pointed to by the link register triggered an + * exception, don't try to unwind through it. + */ +bad_lr: mov sv_fp, #0 + mov sv_lr, #0 + b finished_setup ENDPROC(c_backtrace) .pushsection __ex_table,"a" .align 3 @@ -214,6 +221,7 @@ ENDPROC(c_backtrace) .long 1003b, 1006b .long 1004b, 1006b .long 1005b, 1006b + .long prev_call, bad_lr .popsection .Lbad: .asciz "%sBacktrace aborted due to bad frame pointer <%p>\n" -- 2.28.0.163.g6104cc2f0b6-goog

3 years, 8 months

4
9
0 0

[PATCH 1/2] riscv: ptrace: Use the correct API for `fcsr' access

by Maciej W. Rozycki

Adjust the calls to `user_regset_copyout' and `user_regset_copyin' in `riscv_fpr_get' and `riscv_fpr_set' respectively so as to use @start_pos and @end_pos according to API documentation in <linux/regset.h>, that is to point at the beginning and the end respectively of the data chunk to be copied. Update @data accordingly, also for the first call, to make it clear which structure member is accessed. We currently have @start_pos fixed at 0 across all calls, which works as a result of the implementation, in particular because we have no padding between the FP general registers and the FP control and status register, but appears not to have been the intent of the API and is not what other ports do, requiring one to study the copy handlers to understand what is going on here. Signed-off-by: Maciej W. Rozycki <macro(a)wdc.com> Fixes: b8c8a9590e4f ("RISC-V: Add FP register ptrace support for gdb.") Cc: stable(a)vger.kernel.org # 4.20+ --- arch/riscv/kernel/ptrace.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) linux-riscv-ptrace-fcsr.diff Index: linux-hv/arch/riscv/kernel/ptrace.c =================================================================== --- linux-hv.orig/arch/riscv/kernel/ptrace.c +++ linux-hv/arch/riscv/kernel/ptrace.c @@ -61,10 +61,13 @@ static int riscv_fpr_get(struct task_str int ret; struct __riscv_d_ext_state *fstate = &target->thread.fstate; - ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, fstate, 0, + ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, &fstate->f, 0, offsetof(struct __riscv_d_ext_state, fcsr)); if (!ret) { - ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, fstate, 0, + ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, + &fstate->fcsr, + offsetof(struct __riscv_d_ext_state, + fcsr), offsetof(struct __riscv_d_ext_state, fcsr) + sizeof(fstate->fcsr)); } @@ -80,10 +83,13 @@ static int riscv_fpr_set(struct task_str int ret; struct __riscv_d_ext_state *fstate = &target->thread.fstate; - ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, fstate, 0, + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &fstate->f, 0, offsetof(struct __riscv_d_ext_state, fcsr)); if (!ret) { - ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, fstate, 0, + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, + &fstate->fcsr, + offsetof(struct __riscv_d_ext_state, + fcsr), offsetof(struct __riscv_d_ext_state, fcsr) + sizeof(fstate->fcsr)); }

3 years, 8 months

3
8
0 0

[PATCH] pinctrl: cherryview: Add quirk with custom translation of ACPI GPIO numbers

by Michal Stanek

Dropping custom Linux GPIO translation caused some Intel_Strago based Chromebooks with old firmware to detect GPIOs incorrectly. Add quirk which restores some code removed by commit 03c4749dd6c7ff94 ("gpio / ACPI: Drop unnecessary ACPI GPIO to Linux GPIO translation"). Fixes: 03c4749dd6c7ff94 ("gpio / ACPI: Drop unnecessary ACPI GPIO to Linux GPIO translation") Cc: <stable(a)vger.kernel.org> Reported-by: Alex Levin <levinale(a)chromium.org> Signed-off-by: Michal Stanek <mst(a)semihalf.com> --- drivers/gpio/gpiolib-acpi.c | 102 ++++++++++++++++++++- drivers/pinctrl/intel/pinctrl-cherryview.c | 63 ++++++++++--- 2 files changed, 150 insertions(+), 15 deletions(-) diff --git a/drivers/gpio/gpiolib-acpi.c b/drivers/gpio/gpiolib-acpi.c index 31fee5e918b7..b5358facf3fb 100644 --- a/drivers/gpio/gpiolib-acpi.c +++ b/drivers/gpio/gpiolib-acpi.c @@ -23,6 +23,7 @@ #define QUIRK_NO_EDGE_EVENTS_ON_BOOT 0x01l #define QUIRK_NO_WAKEUP 0x02l +#define QUIRK_NEED_ACPI_GPIO_TRANSLATION 0x04l static int run_edge_events_on_boot = -1; module_param(run_edge_events_on_boot, int, 0444); @@ -34,6 +35,11 @@ module_param(honor_wakeup, int, 0444); MODULE_PARM_DESC(honor_wakeup, "Honor the ACPI wake-capable flag: 0=no, 1=yes, -1=auto"); +static int need_acpi_gpio_translation = -1; +module_param(need_acpi_gpio_translation, int, 0444); +MODULE_PARM_DESC(need_acpi_gpio_translation, + "Do custom ACPI GPIO number translation: 0=no, 1=yes, -1=auto"); + /** * struct acpi_gpio_event - ACPI GPIO event handler data * @@ -98,6 +104,62 @@ static int acpi_gpiochip_find(struct gpio_chip *gc, void *data) return ACPI_HANDLE(gc->parent) == data; } +#ifdef CONFIG_PINCTRL +/** + * acpi_gpiochip_pin_to_gpio_offset() - translates ACPI GPIO to Linux GPIO + * @gdev: GPIO device + * @pin: ACPI GPIO pin number from GpioIo/GpioInt resource + * + * Function takes ACPI GpioIo/GpioInt pin number as a parameter and + * translates it to a corresponding offset suitable to be passed to a + * GPIO controller driver. + * + * Typically the returned offset is same as @pin, but if the GPIO + * controller uses pin controller and the mapping is not contiguous the + * offset might be different. + */ +static int acpi_gpiochip_pin_to_gpio_offset(struct gpio_device *gdev, int pin) +{ + struct gpio_pin_range *pin_range; + + /* Only do translation on selected platforms */ + if (!need_acpi_gpio_translation) + return pin; + + /* If there are no ranges in this chip, use 1:1 mapping */ + if (list_empty(&gdev->pin_ranges)) + return pin; + + list_for_each_entry(pin_range, &gdev->pin_ranges, node) { + const struct pinctrl_gpio_range *range = &pin_range->range; + int i; + + if (range->pins) { + for (i = 0; i < range->npins; i++) { + if (range->pins[i] == pin) + return range->base + i - gdev->base; + } + } else { + if (pin >= range->pin_base && + pin < range->pin_base + range->npins) { + unsigned int gpio_base; + + gpio_base = range->base - gdev->base; + return gpio_base + pin - range->pin_base; + } + } + } + + return -EINVAL; +} +#else +static inline int acpi_gpiochip_pin_to_gpio_offset(struct gpio_device *gdev, + int pin) +{ + return pin; +} +#endif + /** * acpi_get_gpiod() - Translate ACPI GPIO pin to GPIO descriptor usable with GPIO API * @path: ACPI GPIO controller full path name, (e.g. "\\_SB.GPO1") @@ -113,6 +175,7 @@ static struct gpio_desc *acpi_get_gpiod(char *path, int pin) struct gpio_chip *chip; acpi_handle handle; acpi_status status; + int offset; status = acpi_get_handle(NULL, path, &handle); if (ACPI_FAILURE(status)) @@ -122,7 +185,11 @@ static struct gpio_desc *acpi_get_gpiod(char *path, int pin) if (!chip) return ERR_PTR(-EPROBE_DEFER); - return gpiochip_get_desc(chip, pin); + offset = acpi_gpiochip_pin_to_gpio_offset(chip->gpiodev, pin); + if (offset < 0) + return ERR_PTR(offset); + + return gpiochip_get_desc(chip, offset); } static irqreturn_t acpi_gpio_irq_handler(int irq, void *data) @@ -236,6 +303,10 @@ static acpi_status acpi_gpiochip_alloc_event(struct acpi_resource *ares, if (!handler) return AE_OK; + pin = acpi_gpiochip_pin_to_gpio_offset(chip->gpiodev, pin); + if (pin < 0) + return AE_BAD_PARAMETER; + desc = gpiochip_request_own_desc(chip, pin, "ACPI:Event", GPIO_ACTIVE_HIGH, GPIOD_IN); if (IS_ERR(desc)) { @@ -958,6 +1029,12 @@ acpi_gpio_adr_space_handler(u32 function, acpi_physical_address address, struct gpio_desc *desc; bool found; + pin = acpi_gpiochip_pin_to_gpio_offset(chip->gpiodev, pin); + if (pin < 0) { + status = AE_BAD_PARAMETER; + goto out; + } + mutex_lock(&achip->conn_lock); found = false; @@ -1086,7 +1163,11 @@ acpi_gpiochip_parse_own_gpio(struct acpi_gpio_chip *achip, if (ret < 0) return ERR_PTR(ret); - desc = gpiochip_get_desc(chip, gpios[0]); + ret = acpi_gpiochip_pin_to_gpio_offset(chip->gpiodev, gpios[0]); + if (ret < 0) + return ERR_PTR(ret); + + desc = gpiochip_get_desc(chip, ret); if (IS_ERR(desc)) return desc; @@ -1360,6 +1441,17 @@ static const struct dmi_system_id gpiolib_acpi_quirks[] = { }, .driver_data = (void *)QUIRK_NO_WAKEUP, }, + { + /* + * Some Braswell based Google Chromebooks need custom ACPI GPIO + * number translation due to hardcoded GPIO numbers in firmware. + */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "GOOGLE"), + DMI_MATCH(DMI_PRODUCT_FAMILY, "Intel_Strago"), + }, + .driver_data = (void *)QUIRK_NEED_ACPI_GPIO_TRANSLATION, + }, {} /* Terminating entry */ }; @@ -1385,6 +1477,12 @@ static int acpi_gpio_setup_params(void) else honor_wakeup = 1; } + if (need_acpi_gpio_translation < 0) { + if (quirks & QUIRK_NEED_ACPI_GPIO_TRANSLATION) + need_acpi_gpio_translation = 1; + else + need_acpi_gpio_translation = 0; + } return 0; } diff --git a/drivers/pinctrl/intel/pinctrl-cherryview.c b/drivers/pinctrl/intel/pinctrl-cherryview.c index 4c74fdde576d..dd190ac6b11c 100644 --- a/drivers/pinctrl/intel/pinctrl-cherryview.c +++ b/drivers/pinctrl/intel/pinctrl-cherryview.c @@ -119,6 +119,7 @@ struct chv_gpio_pinrange { * @nfunctions: Number of functions * @gpio_ranges: An array of GPIO ranges in this community * @ngpio_ranges: Number of GPIO ranges + * @ngpios: Total number of GPIOs in this community * @nirqs: Total number of IRQs this community can generate * @acpi_space_id: An address space ID for ACPI OpRegion handler */ @@ -132,6 +133,7 @@ struct chv_community { size_t nfunctions; const struct chv_gpio_pinrange *gpio_ranges; size_t ngpio_ranges; + size_t ngpios; size_t nirqs; acpi_adr_space_type acpi_space_id; }; @@ -380,6 +382,7 @@ static const struct chv_community southwest_community = { .nfunctions = ARRAY_SIZE(southwest_functions), .gpio_ranges = southwest_gpio_ranges, .ngpio_ranges = ARRAY_SIZE(southwest_gpio_ranges), + .ngpios = ARRAY_SIZE(southwest_pins), /* * Southwest community can generate GPIO interrupts only for the * first 8 interrupts. The upper half (8-15) can only be used to @@ -469,6 +472,7 @@ static const struct chv_community north_community = { .npins = ARRAY_SIZE(north_pins), .gpio_ranges = north_gpio_ranges, .ngpio_ranges = ARRAY_SIZE(north_gpio_ranges), + .ngpios = ARRAY_SIZE(north_pins), /* * North community can generate GPIO interrupts only for the first * 8 interrupts. The upper half (8-15) can only be used to trigger @@ -517,6 +521,7 @@ static const struct chv_community east_community = { .npins = ARRAY_SIZE(east_pins), .gpio_ranges = east_gpio_ranges, .ngpio_ranges = ARRAY_SIZE(east_gpio_ranges), + .ngpios = ARRAY_SIZE(east_pins), .nirqs = 16, .acpi_space_id = 0x93, }; @@ -643,6 +648,7 @@ static const struct chv_community southeast_community = { .nfunctions = ARRAY_SIZE(southeast_functions), .gpio_ranges = southeast_gpio_ranges, .ngpio_ranges = ARRAY_SIZE(southeast_gpio_ranges), + .ngpios = ARRAY_SIZE(southeast_pins), .nirqs = 16, .acpi_space_id = 0x94, }; @@ -1236,14 +1242,39 @@ static struct pinctrl_desc chv_pinctrl_desc = { .owner = THIS_MODULE, }; +static const struct dmi_system_id need_acpi_gpio_translation[] = { + { + /* + * Some Braswell based Google Chromebooks need custom ACPI GPIO + * number translation due to hardcoded GPIO numbers in firmware. + */ + .ident = "Intel_Strago based Chromebooks (All models)", + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "GOOGLE"), + DMI_MATCH(DMI_PRODUCT_FAMILY, "Intel_Strago"), + }, + }, +}; + +static unsigned int chv_gpio_offset_to_pin(struct chv_pinctrl *pctrl, + unsigned int offset) +{ + /* Mapping is not 1:1 on some platforms */ + if (dmi_check_system(need_acpi_gpio_translation)) + return pctrl->community->pins[offset].number; + else + return offset; +} + static int chv_gpio_get(struct gpio_chip *chip, unsigned int offset) { struct chv_pinctrl *pctrl = gpiochip_get_data(chip); + unsigned int pin = chv_gpio_offset_to_pin(pctrl, offset); unsigned long flags; u32 ctrl0, cfg; raw_spin_lock_irqsave(&chv_lock, flags); - ctrl0 = readl(chv_padreg(pctrl, offset, CHV_PADCTRL0)); + ctrl0 = readl(chv_padreg(pctrl, pin, CHV_PADCTRL0)); raw_spin_unlock_irqrestore(&chv_lock, flags); cfg = ctrl0 & CHV_PADCTRL0_GPIOCFG_MASK; @@ -1257,13 +1288,14 @@ static int chv_gpio_get(struct gpio_chip *chip, unsigned int offset) static void chv_gpio_set(struct gpio_chip *chip, unsigned int offset, int value) { struct chv_pinctrl *pctrl = gpiochip_get_data(chip); + unsigned int pin = chv_gpio_offset_to_pin(pctrl, offset); unsigned long flags; void __iomem *reg; u32 ctrl0; raw_spin_lock_irqsave(&chv_lock, flags); - reg = chv_padreg(pctrl, offset, CHV_PADCTRL0); + reg = chv_padreg(pctrl, pin, CHV_PADCTRL0); ctrl0 = readl(reg); if (value) @@ -1279,11 +1311,12 @@ static void chv_gpio_set(struct gpio_chip *chip, unsigned int offset, int value) static int chv_gpio_get_direction(struct gpio_chip *chip, unsigned int offset) { struct chv_pinctrl *pctrl = gpiochip_get_data(chip); + unsigned int pin = chv_gpio_offset_to_pin(pctrl, offset); u32 ctrl0, direction; unsigned long flags; raw_spin_lock_irqsave(&chv_lock, flags); - ctrl0 = readl(chv_padreg(pctrl, offset, CHV_PADCTRL0)); + ctrl0 = readl(chv_padreg(pctrl, pin, CHV_PADCTRL0)); raw_spin_unlock_irqrestore(&chv_lock, flags); direction = ctrl0 & CHV_PADCTRL0_GPIOCFG_MASK; @@ -1322,7 +1355,7 @@ static void chv_gpio_irq_ack(struct irq_data *d) { struct gpio_chip *gc = irq_data_get_irq_chip_data(d); struct chv_pinctrl *pctrl = gpiochip_get_data(gc); - int pin = irqd_to_hwirq(d); + unsigned int pin = chv_gpio_offset_to_pin(pctrl, irqd_to_hwirq(d)); u32 intr_line; raw_spin_lock(&chv_lock); @@ -1339,7 +1372,7 @@ static void chv_gpio_irq_mask_unmask(struct irq_data *d, bool mask) { struct gpio_chip *gc = irq_data_get_irq_chip_data(d); struct chv_pinctrl *pctrl = gpiochip_get_data(gc); - int pin = irqd_to_hwirq(d); + unsigned int pin = chv_gpio_offset_to_pin(pctrl, irqd_to_hwirq(d)); u32 value, intr_line; unsigned long flags; @@ -1384,7 +1417,8 @@ static unsigned chv_gpio_irq_startup(struct irq_data *d) if (irqd_get_trigger_type(d) == IRQ_TYPE_NONE) { struct gpio_chip *gc = irq_data_get_irq_chip_data(d); struct chv_pinctrl *pctrl = gpiochip_get_data(gc); - unsigned int pin = irqd_to_hwirq(d); + unsigned int offset = irqd_to_hwirq(d); + unsigned int pin = chv_gpio_offset_to_pin(pctrl, offset); irq_flow_handler_t handler; unsigned long flags; u32 intsel, value; @@ -1402,7 +1436,7 @@ static unsigned chv_gpio_irq_startup(struct irq_data *d) if (!pctrl->intr_lines[intsel]) { irq_set_handler_locked(d, handler); - pctrl->intr_lines[intsel] = pin; + pctrl->intr_lines[intsel] = offset; } raw_spin_unlock_irqrestore(&chv_lock, flags); } @@ -1415,7 +1449,8 @@ static int chv_gpio_irq_type(struct irq_data *d, unsigned int type) { struct gpio_chip *gc = irq_data_get_irq_chip_data(d); struct chv_pinctrl *pctrl = gpiochip_get_data(gc); - unsigned int pin = irqd_to_hwirq(d); + unsigned int offset = irqd_to_hwirq(d); + unsigned int pin = chv_gpio_offset_to_pin(pctrl, offset); unsigned long flags; u32 value; @@ -1461,7 +1496,7 @@ static int chv_gpio_irq_type(struct irq_data *d, unsigned int type) value &= CHV_PADCTRL0_INTSEL_MASK; value >>= CHV_PADCTRL0_INTSEL_SHIFT; - pctrl->intr_lines[value] = pin; + pctrl->intr_lines[value] = offset; if (type & IRQ_TYPE_EDGE_BOTH) irq_set_handler_locked(d, handle_edge_irq); @@ -1591,17 +1626,19 @@ static int chv_gpio_add_pin_ranges(struct gpio_chip *chip) struct chv_pinctrl *pctrl = gpiochip_get_data(chip); const struct chv_community *community = pctrl->community; const struct chv_gpio_pinrange *range; - int ret, i; + int ret, i, offset; - for (i = 0; i < community->ngpio_ranges; i++) { + for (i = 0, offset = 0; i < community->ngpio_ranges; i++) { range = &community->gpio_ranges[i]; ret = gpiochip_add_pin_range(chip, dev_name(pctrl->dev), - range->base, range->base, + offset, range->base, range->npins); if (ret) { dev_err(pctrl->dev, "failed to add GPIO pin range\n"); return ret; } + + offset += range->npins; } return 0; @@ -1617,7 +1654,7 @@ static int chv_gpio_probe(struct chv_pinctrl *pctrl, int irq) *chip = chv_gpio_chip; - chip->ngpio = community->pins[community->npins - 1].number + 1; + chip->ngpio = community->ngpios; chip->label = dev_name(pctrl->dev); chip->add_pin_ranges = chv_gpio_add_pin_ranges; chip->parent = pctrl->dev; -- 2.17.1

3 years, 8 months

7
15
0 0

[PATCH][for v4.4 only] udp: drop corrupt packets earlier to avoid data corruption

by Dexuan Cui

The v4.4 stable kernel lacks this bugfix: commit 327868212381 ("make skb_copy_datagram_msg() et.al. preserve ->msg_iter on error"). As a result, the v4.4 kernel can deliver corrupt data to the application when a corrupt UDP packet is closely followed by a valid UDP packet: the same invocation of the recvmsg() syscall can deliver the corrupt packet's UDP payload to the application with the UDP payload length and the "from IP/Port" of the valid packet. Details: For a UDP packet longer than 76 bytes (see the v5.8-rc6 kernel's include/linux/skbuff.h:3951), Linux delays the UDP checksum verification until the application invokes the syscall recvmsg(). In the recvmsg() syscall handler, while Linux is copying the UDP payload to the application's memory, it calculates the UDP checksum. If the calculated checksum doesn't match the received checksum, Linux drops the corrupt UDP packet, and then starts to process the next packet (if any), and if the next packet is valid (i.e. the checksum is correct), Linux will copy the valid UDP packet's payload to the application's receiver buffer. The bug is: before Linux starts to copy the valid UDP packet, the data structure used to track how many more bytes should be copied to the application memory is not reset to what it was when the application just entered the kernel by the syscall! Consequently, only a small portion or none of the valid packet's payload is copied to the application's receive buffer, and later when the application exits from the kernel, actually most of the application's receive buffer contains the payload of the corrupt packet while recvmsg() returns the length of the UDP payload of the valid packet. For the mainline kernel, the bug was fixed in commit 327868212381, but unluckily the bugfix is only backported to v4.9+. It turns out backporting 327868212381 to v4.4 means that some supporting patches must be backported first, so the overall changes seem too big, so the alternative is performs the csum validation earlier and drops the corrupt packets earlier. Signed-off-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Dexuan Cui <decui(a)microsoft.com> --- net/ipv4/udp.c | 3 +-- net/ipv6/udp.c | 6 ++---- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index bb30699..49ab587 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -1589,8 +1589,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) } } - if (rcu_access_pointer(sk->sk_filter) && - udp_lib_checksum_complete(skb)) + if (udp_lib_checksum_complete(skb)) goto csum_error; if (sk_rcvqueues_full(sk, sk->sk_rcvbuf)) { diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index 73f1112..2d6703d 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -686,10 +686,8 @@ int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) } } - if (rcu_access_pointer(sk->sk_filter)) { - if (udp_lib_checksum_complete(skb)) - goto csum_error; - } + if (udp_lib_checksum_complete(skb)) + goto csum_error; if (sk_rcvqueues_full(sk, sk->sk_rcvbuf)) { UDP6_INC_STATS_BH(sock_net(sk), -- 1.8.3.1

3 years, 8 months

3
4
0 0

[PATCH] vdpasim: protect concurrent access to iommu iotlb

by Jason Wang

From: Max Gurtovoy <maxg(a)mellanox.com> Iommu iotlb can be accessed by different cores for performing IO using multiple virt queues. Add a spinlock to synchronize iotlb accesses. This could be easily reproduced when using more than 1 pktgen threads to inject traffic to vdpa simulator. Fixes: 2c53d0f64c06f("vdpasim: vDPA device simulator") Cc: stable(a)vger.kernel.org Signed-off-by: Max Gurtovoy <maxg(a)mellanox.com> Signed-off-by: Jason Wang <jasowang(a)redhat.com> --- drivers/vdpa/vdpa_sim/vdpa_sim.c | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/drivers/vdpa/vdpa_sim/vdpa_sim.c b/drivers/vdpa/vdpa_sim/vdpa_sim.c index a9bc5e0fb353..5b5725d951ce 100644 --- a/drivers/vdpa/vdpa_sim/vdpa_sim.c +++ b/drivers/vdpa/vdpa_sim/vdpa_sim.c @@ -70,6 +70,8 @@ struct vdpasim { u32 status; u32 generation; u64 features; + /* spinlock to synchronize iommu table */ + spinlock_t iommu_lock; }; static struct vdpasim *vdpasim_dev; @@ -118,7 +120,9 @@ static void vdpasim_reset(struct vdpasim *vdpasim) for (i = 0; i < VDPASIM_VQ_NUM; i++) vdpasim_vq_reset(&vdpasim->vqs[i]); + spin_lock(&vdpasim->iommu_lock); vhost_iotlb_reset(vdpasim->iommu); + spin_unlock(&vdpasim->iommu_lock); vdpasim->features = 0; vdpasim->status = 0; @@ -236,8 +240,10 @@ static dma_addr_t vdpasim_map_page(struct device *dev, struct page *page, /* For simplicity, use identical mapping to avoid e.g iova * allocator. */ + spin_lock(&vdpasim->iommu_lock); ret = vhost_iotlb_add_range(iommu, pa, pa + size - 1, pa, dir_to_perm(dir)); + spin_unlock(&vdpasim->iommu_lock); if (ret) return DMA_MAPPING_ERROR; @@ -251,8 +257,10 @@ static void vdpasim_unmap_page(struct device *dev, dma_addr_t dma_addr, struct vdpasim *vdpasim = dev_to_sim(dev); struct vhost_iotlb *iommu = vdpasim->iommu; + spin_lock(&vdpasim->iommu_lock); vhost_iotlb_del_range(iommu, (u64)dma_addr, (u64)dma_addr + size - 1); + spin_unlock(&vdpasim->iommu_lock); } static void *vdpasim_alloc_coherent(struct device *dev, size_t size, @@ -264,9 +272,10 @@ static void *vdpasim_alloc_coherent(struct device *dev, size_t size, void *addr = kmalloc(size, flag); int ret; - if (!addr) + spin_lock(&vdpasim->iommu_lock); + if (!addr) { *dma_addr = DMA_MAPPING_ERROR; - else { + } else { u64 pa = virt_to_phys(addr); ret = vhost_iotlb_add_range(iommu, (u64)pa, @@ -279,6 +288,7 @@ static void *vdpasim_alloc_coherent(struct device *dev, size_t size, } else *dma_addr = (dma_addr_t)pa; } + spin_unlock(&vdpasim->iommu_lock); return addr; } @@ -290,8 +300,11 @@ static void vdpasim_free_coherent(struct device *dev, size_t size, struct vdpasim *vdpasim = dev_to_sim(dev); struct vhost_iotlb *iommu = vdpasim->iommu; + spin_lock(&vdpasim->iommu_lock); vhost_iotlb_del_range(iommu, (u64)dma_addr, (u64)dma_addr + size - 1); + spin_unlock(&vdpasim->iommu_lock); + kfree(phys_to_virt((uintptr_t)dma_addr)); } @@ -532,6 +545,7 @@ static int vdpasim_set_map(struct vdpa_device *vdpa, u64 start = 0ULL, last = 0ULL - 1; int ret; + spin_lock(&vdpasim->iommu_lock); vhost_iotlb_reset(vdpasim->iommu); for (map = vhost_iotlb_itree_first(iotlb, start, last); map; @@ -541,10 +555,12 @@ static int vdpasim_set_map(struct vdpa_device *vdpa, if (ret) goto err; } + spin_unlock(&vdpasim->iommu_lock); return 0; err: vhost_iotlb_reset(vdpasim->iommu); + spin_unlock(&vdpasim->iommu_lock); return ret; } @@ -552,16 +568,23 @@ static int vdpasim_dma_map(struct vdpa_device *vdpa, u64 iova, u64 size, u64 pa, u32 perm) { struct vdpasim *vdpasim = vdpa_to_sim(vdpa); + int ret; - return vhost_iotlb_add_range(vdpasim->iommu, iova, - iova + size - 1, pa, perm); + spin_lock(&vdpasim->iommu_lock); + ret = vhost_iotlb_add_range(vdpasim->iommu, iova, iova + size - 1, pa, + perm); + spin_unlock(&vdpasim->iommu_lock); + + return ret; } static int vdpasim_dma_unmap(struct vdpa_device *vdpa, u64 iova, u64 size) { struct vdpasim *vdpasim = vdpa_to_sim(vdpa); + spin_lock(&vdpasim->iommu_lock); vhost_iotlb_del_range(vdpasim->iommu, iova, iova + size - 1); + spin_unlock(&vdpasim->iommu_lock); return 0; } -- 2.20.1

3 years, 8 months

3
5
0 0

[PATCH 4.19 000/133] 4.19.134-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.134 release. There are 133 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 22 Jul 2020 15:27:31 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.134-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.134-rc1 Lingling Xu <ling_ling.xu(a)unisoc.com> spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH David Howells <dhowells(a)redhat.com> rxrpc: Fix trace string Ilya Dryomov <idryomov(a)gmail.com> libceph: don't omit recovery_deletes in target_copy() Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> printk: queue wake_up_klogd irq_work only if per-CPU areas are ready Thomas Gleixner <tglx(a)linutronix.de> genirq/affinity: Handle affinity setting on inactive interrupts correctly Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: handle case of task_h_load() returning 0 Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> sched: Fix unreliable rseq cpu_id for new tasks Will Deacon <will(a)kernel.org> arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return Will Deacon <will(a)kernel.org> arm64: ptrace: Consistently use pseudo-singlestep exceptions Will Deacon <will(a)kernel.org> arm64: ptrace: Override SPSR.SS when single-stepping is enabled Finley Xiao <finley.xiao(a)rock-chips.com> thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power Michał Mirosław <mirq-linux(a)rere.qmqm.pl> misc: atmel-ssc: lock with mutex instead of spinlock Krzysztof Kozlowski <krzk(a)kernel.org> dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: Fix a NULL dereference when hub driver is not loaded Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Emmitsburg PCH support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Tiger Lake PCH-H support Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Jasper Lake CPU support Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey Vishwas M <vishwas.reddy.vr(a)gmail.com> hwmon: (emc2103) fix unable to change fan pwm1_enable attribute Andreas Schwab <schwab(a)suse.de> riscv: use 16KB kernel stack on 64-bit Huacai Chen <chenhc(a)lemote.com> MIPS: Fix build for LTS kernel caused by backporting lpj adjustment Frederic Weisbecker <frederic(a)kernel.org> timer: Fix wheel index calculation on last level Frederic Weisbecker <frederic(a)kernel.org> timer: Prevent base->clk from moving backward Esben Haabendal <esben(a)geanix.com> uio_pdrv_genirq: fix use without device tree and no interrupt David Pedersen <limero1337(a)gmail.com> Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list Alexander Usyskin <alexander.usyskin(a)intel.com> mei: bus: don't clean driver pointer Wade Mealing <wmealing(a)redhat.com> Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()" Chirantan Ekbote <chirantan(a)chromium.org> fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS Amir Goldstein <amir73il(a)gmail.com> ovl: fix unneeded call to ovl_change_flags() Amir Goldstein <amir73il(a)gmail.com> ovl: relax WARN_ON() when decoding lower directory file handle youngjun <her0gyugyu(a)gmail.com> ovl: inode reference leak in ovl_is_inuse true case. Chuhong Yuan <hslester96(a)gmail.com> serial: mxs-auart: add missed iounmap() in probe failure and remove Alexander Lobakin <alobakin(a)pm.me> virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial Hans de Goede <hdegoede(a)redhat.com> virt: vbox: Fix guest capabilities mask check Hans de Goede <hdegoede(a)redhat.com> virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream AceLan Kao <acelan.kao(a)canonical.com> USB: serial: option: add Quectel EG95 LTE modem Jörgen Storvist <jorgen.storvist(a)gmail.com> USB: serial: option: add GosunCn GM500 series Igor Moura <imphilippini(a)gmail.com> USB: serial: ch341: add new Product ID for CH340 James Hilliard <james.hilliard1(a)gmail.com> USB: serial: cypress_m8: enable Simply Automated UPB PIM Johan Hovold <johan(a)kernel.org> USB: serial: iuu_phoenix: fix memory corruption Zhang Qiang <qiang.zhang(a)windriver.com> usb: gadget: function: fix missing spinlock in f_uac1_legacy Peter Chen <peter.chen(a)nxp.com> usb: chipidea: core: add wakeup support for extcon Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: Fix shutdown callback in platform Tom Rix <trix(a)redhat.com> USB: c67x00: fix use after free in c67x00_giveback_urb Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - change to suitable link model for ASUS platform Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix race against the error recovery URB submission Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Sync the pending work cancel at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Perform sanity check for each URB creation James Hilliard <james.hilliard1(a)gmail.com> HID: quirks: Ignore Simply Automated UPB PIM Sebastian Parschauer <s.parschauer(a)gmx.de> HID: quirks: Always poll Obins Anne Pro 2 keyboard Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: magicmouse: do not set up autorepeat Saravana Kannan <saravanak(a)google.com> slimbus: core: Fix mismatch in of_node_get/put Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: oxnas: Release all devices in the _remove() path Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: oxnas: Unregister all devices on error Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: oxnas: Keep track of registered devices Álvaro Fernández Rojas <noltari(a)gmail.com> mtd: rawnand: brcmnand: fix CS0 layout Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: timings: Fix default tR_max and tCCS_min timings Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: marvell: Fix probe error path Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet registered Maulik Shah <mkshah(a)codeaurora.org> soc: qcom: rpmh-rsc: Allow using free WAKE TCS for active request Raju P.L.S.S.S.N <rplsssn(a)codeaurora.org> soc: qcom: rpmh-rsc: Clear active mode configuration for wake TCS Maulik Shah <mkshah(a)codeaurora.org> soc: qcom: rpmh: Invalidate SLEEP and WAKE TCSes before flushing new data Maulik Shah <mkshah(a)codeaurora.org> soc: qcom: rpmh: Update dirty flag only when data changes Jin Yao <yao.jin(a)linux.intel.com> perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode John Johansen <john.johansen(a)canonical.com> apparmor: ensure that dfa state tables have entries Kevin Buettner <kevinb(a)redhat.com> copy_xstate_to_kernel: Fix typo which caused GDB regression Douglas Anderson <dianders(a)chromium.org> regmap: debugfs: Don't sleep while atomic for fast_io regmaps Krzysztof Kozlowski <krzk(a)kernel.org> ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema Enric Balletbo i Serra <enric.balletbo(a)collabora.com> Revert "thermal: mediatek: fix register index error" Dan Carpenter <dan.carpenter(a)oracle.com> staging: comedi: verify array index is correct before using it Michał Mirosław <mirq-linux(a)rere.qmqm.pl> usb: gadget: udc: atmel: fix uninitialized read in debug printk Marc Kleine-Budde <mkl(a)pengutronix.de> spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate Jerome Brunet <jbrunet(a)baylibre.com> arm64: dts: meson: add missing gxl rng clock Colin Ian King <colin.king(a)canonical.com> phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio:health:afe4404 Fix timestamp alignment and prevent data leak. Christoffer Nielsen <cn(a)obviux.dk> ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S Paul Menzel <pmenzel(a)molgen.mpg.de> ACPI: video: Use native backlight on Acer TravelMate 5735Z Stephan Gerhold <stephan(a)gerhold.net> Input: mms114 - add extra compatible for mms345l Emmanuel Pescosta <emmanuelpescosta099(a)gmail.com> ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S Hans de Goede <hdegoede(a)redhat.com> ACPI: video: Use native backlight on Acer Aspire 5783z Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Rewrite registration quirk handling Haibo Chen <haibo.chen(a)nxp.com> mmc: sdhci: do not enable card detect interrupt for gpio cd type Neil Armstrong <narmstrong(a)baylibre.com> doc: dt: bindings: usb: dwc3: Update entries for disabling SS instances in park mode Chris Wulff <crwulff(a)gmail.com> ALSA: usb-audio: Create a registration quirk for Kingston HyperX Amp (0951:16d8) Diego Elio Pettenò <flameeyes(a)flameeyes.com> scsi: sr: remove references to BLK_DEV_SR_VENDOR, leave it enabled Claudiu Beznea <claudiu.beznea(a)microchip.com> ARM: at91: pm: add quirk for sam9x60's ulp1 Hans de Goede <hdegoede(a)redhat.com> HID: quirks: Remove ITE 8595 entry from hid_have_special_driver Russell King <rmk+kernel(a)armlinux.org.uk> net: sfp: add some quirks for GPON modules Russell King <rmk+kernel(a)armlinux.org.uk> net: sfp: add support for module quirks Sasha Levin <sashal(a)kernel.org> Revert "usb/ehci-platform: Set PM runtime as active on resume" Sasha Levin <sashal(a)kernel.org> Revert "usb/xhci-plat: Set PM runtime as active on resume" Sasha Levin <sashal(a)kernel.org> Revert "usb/ohci-platform: Fix a warning when hibernating" Florian Fainelli <f.fainelli(a)gmail.com> of: of_mdio: Correct loop scanning logic Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: bcm_sf2: Fix node reference count Krzysztof Kozlowski <krzk(a)kernel.org> spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer Angelo Dureghello <angelo(a)sysam.it> spi: fix initial SPI_SR value in spi-fsl-dspi Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio:health:afe4403 Fix timestamp alignment and prevent data leak. Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio:pressure:ms5611 Fix buffer element alignment Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio:humidity:hts221 Fix alignment and data leak issues Navid Emamdoost <navid.emamdoost(a)gmail.com> iio: pressure: zpa2326: handle pm_runtime_get_sync failure Chuhong Yuan <hslester96(a)gmail.com> iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() Dinghao Liu <dinghao.liu(a)zju.edu.cn> iio: magnetometer: ak8974: Fix runtime PM imbalance on error Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio:humidity:hdc100x Fix alignment and data leak issues Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio:magnetometer:ak8974: Fix alignment and data leak issues Ard Biesheuvel <ardb(a)kernel.org> arm64/alternatives: don't patch up internal branches Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> i2c: eg20t: Load module automatically if ID matches Bob Peterson <rpeterso(a)redhat.com> gfs2: read-only mounts should grab the sd_freeze_gl glock Vasily Averin <vvs(a)virtuozzo.com> tpm_tis: extra chip->ops check on error path in tpm_tis_core_init Ard Biesheuvel <ardb(a)kernel.org> arm64/alternatives: use subsections for replacement sequences Angelo Dureghello <angelo.dureghello(a)timesys.com> m68k: mm: fix node memblock init Mike Rapoport <rppt(a)linux.ibm.com> m68k: nommu: register start of the memory with memblock Navid Emamdoost <navid.emamdoost(a)gmail.com> drm/exynos: fix ref count leak in mic_pre_enable Bernard Zhao <bernard(a)vivo.com> drm/msm: fix potential memleak in error branch Toke Høiland-Jørgensen <toke(a)redhat.com> vlan: consolidate VLAN parsing code and limit max parsing depth Toke Høiland-Jørgensen <toke(a)redhat.com> sched: consistently handle layer3 header accesses in the presence of VLANs Cong Wang <xiyou.wangcong(a)gmail.com> cgroup: Fix sock_cgroup_data on big-endian. Cong Wang <xiyou.wangcong(a)gmail.com> cgroup: fix cgroup_sk_alloc() for sk_clone_lock() Eric Dumazet <edumazet(a)google.com> tcp: md5: allow changing MD5 keys in all socket states Eric Dumazet <edumazet(a)google.com> tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers Eric Dumazet <edumazet(a)google.com> tcp: md5: do not send silly options in SYNCOOKIES Eric Dumazet <edumazet(a)google.com> tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() Christoph Paasch <cpaasch(a)apple.com> tcp: make sure listeners don't initialize congestion-control state Eric Dumazet <edumazet(a)google.com> tcp: fix SO_RCVLOWAT possible hangs under high mem pressure AceLan Kao <acelan.kao(a)canonical.com> net: usb: qmi_wwan: add support for Quectel EG95 LTE modem Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: fix a memory leak in atm_tc_init() Martin Varghese <martin.varghese(a)nokia.com> net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb Eric Dumazet <edumazet(a)google.com> llc: make sure applications use ARPHRD_ETHER Xin Long <lucien.xin(a)gmail.com> l2tp: remove skb_dst_set() from l2tp_xmit_skb() Sabrina Dubroca <sd(a)queasysnail.net> ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg Sean Tranchetti <stranche(a)codeaurora.org> genetlink: remove genl_bind Taehee Yoo <ap420073(a)gmail.com> net: rmnet: fix lower interface leak Changbin Du <changbin.du(a)gmail.com> perf: Make perf able to build with latest libbfd ------------- Diffstat: Documentation/devicetree/bindings/usb/dwc3.txt | 2 + Makefile | 4 +- arch/alpha/defconfig | 1 - arch/arm/boot/dts/socfpga.dtsi | 2 +- arch/arm/boot/dts/socfpga_arria10.dtsi | 2 +- arch/arm/configs/rpc_defconfig | 1 - arch/arm/configs/s3c2410_defconfig | 1 - arch/arm/mach-at91/pm_suspend.S | 4 + arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 5 ++ arch/arm64/include/asm/alternative.h | 16 ++-- arch/arm64/include/asm/debug-monitors.h | 2 + arch/arm64/include/asm/syscall.h | 12 ++- arch/arm64/include/asm/thread_info.h | 1 + arch/arm64/kernel/alternative.c | 16 +--- arch/arm64/kernel/debug-monitors.c | 20 ++++- arch/arm64/kernel/ptrace.c | 29 +++++-- arch/arm64/kernel/signal.c | 11 +-- arch/arm64/kernel/syscall.c | 5 +- arch/arm64/kernel/vmlinux.lds.S | 3 - arch/ia64/configs/zx1_defconfig | 1 - arch/m68k/configs/amiga_defconfig | 1 - arch/m68k/configs/apollo_defconfig | 1 - arch/m68k/configs/atari_defconfig | 1 - arch/m68k/configs/bvme6000_defconfig | 1 - arch/m68k/configs/hp300_defconfig | 1 - arch/m68k/configs/mac_defconfig | 1 - arch/m68k/configs/multi_defconfig | 1 - arch/m68k/configs/mvme147_defconfig | 1 - arch/m68k/configs/mvme16x_defconfig | 1 - arch/m68k/configs/q40_defconfig | 1 - arch/m68k/configs/sun3_defconfig | 1 - arch/m68k/configs/sun3x_defconfig | 1 - arch/m68k/kernel/setup_no.c | 3 +- arch/m68k/mm/mcfmmu.c | 2 +- arch/mips/configs/bigsur_defconfig | 1 - arch/mips/configs/fuloong2e_defconfig | 1 - arch/mips/configs/ip27_defconfig | 1 - arch/mips/configs/ip32_defconfig | 1 - arch/mips/configs/jazz_defconfig | 1 - arch/mips/configs/malta_defconfig | 1 - arch/mips/configs/malta_kvm_defconfig | 1 - arch/mips/configs/malta_kvm_guest_defconfig | 1 - arch/mips/configs/maltaup_xpa_defconfig | 1 - arch/mips/configs/rm200_defconfig | 1 - arch/mips/kernel/time.c | 13 +-- arch/powerpc/configs/85xx-hw.config | 1 - arch/powerpc/configs/amigaone_defconfig | 1 - arch/powerpc/configs/chrp32_defconfig | 1 - arch/powerpc/configs/g5_defconfig | 1 - arch/powerpc/configs/maple_defconfig | 1 - arch/powerpc/configs/pasemi_defconfig | 1 - arch/powerpc/configs/pmac32_defconfig | 1 - arch/powerpc/configs/powernv_defconfig | 1 - arch/powerpc/configs/ppc64_defconfig | 1 - arch/powerpc/configs/ppc64e_defconfig | 1 - arch/powerpc/configs/ppc6xx_defconfig | 1 - arch/powerpc/configs/pseries_defconfig | 1 - arch/powerpc/configs/skiroot_defconfig | 1 - arch/powerpc/mm/pkeys.c | 12 +-- arch/riscv/include/asm/thread_info.h | 4 + arch/sh/configs/sh03_defconfig | 1 - arch/sparc/configs/sparc64_defconfig | 1 - arch/x86/configs/i386_defconfig | 1 - arch/x86/configs/x86_64_defconfig | 1 - arch/x86/kernel/apic/vector.c | 22 ++--- arch/x86/kernel/fpu/xstate.c | 2 +- drivers/acpi/video_detect.c | 19 +++++ drivers/base/regmap/regmap-debugfs.c | 52 +++++++----- drivers/block/zram/zram_drv.c | 3 +- drivers/char/tpm/tpm_tis_core.c | 2 +- drivers/char/virtio_console.c | 3 +- drivers/dma/fsl-edma.c | 7 ++ drivers/gpu/drm/exynos/exynos_drm_mic.c | 4 +- drivers/gpu/drm/msm/msm_submitqueue.c | 4 +- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-magicmouse.c | 6 ++ drivers/hid/hid-quirks.c | 5 +- drivers/hwmon/emc2103.c | 2 +- drivers/hwtracing/intel_th/core.c | 21 ++++- drivers/hwtracing/intel_th/pci.c | 15 ++++ drivers/hwtracing/intel_th/sth.c | 4 +- drivers/i2c/busses/i2c-eg20t.c | 1 + drivers/iio/accel/mma8452.c | 5 +- drivers/iio/health/afe4403.c | 13 +-- drivers/iio/health/afe4404.c | 8 +- drivers/iio/humidity/hdc100x.c | 10 ++- drivers/iio/humidity/hts221.h | 7 +- drivers/iio/humidity/hts221_buffer.c | 9 +- drivers/iio/magnetometer/ak8974.c | 29 ++++--- drivers/iio/pressure/ms5611_core.c | 11 ++- drivers/iio/pressure/zpa2326.c | 4 +- drivers/input/serio/i8042-x86ia64io.h | 7 ++ drivers/input/touchscreen/mms114.c | 17 +++- drivers/misc/atmel-ssc.c | 24 +++--- drivers/misc/mei/bus.c | 3 +- drivers/mmc/host/sdhci.c | 2 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 +- drivers/mtd/nand/raw/marvell_nand.c | 25 +++--- drivers/mtd/nand/raw/nand_timings.c | 5 +- drivers/mtd/nand/raw/oxnas_nand.c | 24 ++++-- drivers/net/dsa/bcm_sf2.c | 2 + drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c | 19 +++-- drivers/net/phy/sfp-bus.c | 79 +++++++++++++++++ drivers/net/usb/qmi_wwan.c | 1 + drivers/of/of_mdio.c | 9 +- drivers/phy/allwinner/phy-sun4i-usb.c | 5 +- drivers/scsi/Kconfig | 9 -- drivers/scsi/sr_vendor.c | 8 -- drivers/slimbus/core.c | 1 + drivers/soc/qcom/rpmh-rsc.c | 98 ++++++++++++++-------- drivers/soc/qcom/rpmh.c | 56 ++++++------- drivers/spi/spi-fsl-dspi.c | 17 +--- drivers/spi/spi-sprd-adi.c | 2 +- drivers/spi/spi-sun6i.c | 14 ++-- drivers/staging/comedi/drivers/addi_apci_1500.c | 10 ++- drivers/thermal/cpu_cooling.c | 6 +- drivers/thermal/mtk_thermal.c | 6 +- drivers/tty/serial/mxs-auart.c | 12 ++- drivers/uio/uio_pdrv_genirq.c | 2 +- drivers/usb/c67x00/c67x00-sched.c | 2 +- drivers/usb/chipidea/core.c | 24 ++++++ drivers/usb/dwc2/platform.c | 3 +- drivers/usb/gadget/function/f_uac1_legacy.c | 2 + drivers/usb/gadget/udc/atmel_usba_udc.c | 2 +- drivers/usb/host/ehci-platform.c | 4 - drivers/usb/host/ohci-platform.c | 5 -- drivers/usb/host/xhci-plat.c | 10 +-- drivers/usb/serial/ch341.c | 1 + drivers/usb/serial/cypress_m8.c | 2 + drivers/usb/serial/cypress_m8.h | 3 + drivers/usb/serial/iuu_phoenix.c | 8 +- drivers/usb/serial/option.c | 6 ++ drivers/virt/vboxguest/vboxguest_core.c | 6 +- drivers/virt/vboxguest/vboxguest_core.h | 15 ++++ drivers/virt/vboxguest/vboxguest_linux.c | 3 +- drivers/virt/vboxguest/vmmdev.h | 2 + fs/fuse/file.c | 12 ++- fs/gfs2/ops_fstype.c | 12 ++- fs/overlayfs/export.c | 2 +- fs/overlayfs/file.c | 10 ++- fs/overlayfs/super.c | 11 ++- include/linux/cgroup-defs.h | 8 +- include/linux/cgroup.h | 4 +- include/linux/if_vlan.h | 29 +++++-- include/linux/printk.h | 5 -- include/net/dst.h | 10 ++- include/net/genetlink.h | 8 -- include/net/inet_ecn.h | 23 +++-- include/net/pkt_sched.h | 11 --- include/trace/events/rxrpc.h | 2 +- include/uapi/linux/vboxguest.h | 4 +- init/main.c | 1 - kernel/cgroup/cgroup.c | 29 ++++--- kernel/irq/manage.c | 37 +++++++- kernel/printk/internal.h | 5 ++ kernel/printk/printk.c | 34 ++++++++ kernel/printk/printk_safe.c | 11 +-- kernel/sched/core.c | 2 + kernel/sched/fair.c | 10 ++- kernel/time/timer.c | 21 +++-- net/ceph/osd_client.c | 1 + net/core/filter.c | 8 +- net/core/sock.c | 2 +- net/ipv4/ping.c | 3 + net/ipv4/tcp.c | 15 ++-- net/ipv4/tcp_cong.c | 2 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 15 +++- net/ipv4/tcp_output.c | 8 +- net/l2tp/l2tp_core.c | 5 +- net/llc/af_llc.c | 10 ++- net/netlink/genetlink.c | 49 ----------- net/sched/act_connmark.c | 9 +- net/sched/act_csum.c | 2 +- net/sched/act_skbedit.c | 2 +- net/sched/cls_api.c | 2 +- net/sched/cls_flow.c | 8 +- net/sched/cls_flower.c | 2 +- net/sched/em_ipset.c | 2 +- net/sched/em_meta.c | 2 +- net/sched/sch_atm.c | 8 +- net/sched/sch_cake.c | 4 +- net/sched/sch_dsmark.c | 6 +- net/sched/sch_teql.c | 2 +- security/apparmor/match.c | 5 ++ sound/pci/hda/patch_realtek.c | 6 +- sound/usb/card.c | 12 ++- sound/usb/line6/capture.c | 2 + sound/usb/line6/driver.c | 2 +- sound/usb/line6/playback.c | 2 + sound/usb/midi.c | 17 ++-- sound/usb/quirks.c | 36 ++++++++ sound/usb/quirks.h | 2 + tools/perf/util/srcline.c | 16 +++- tools/perf/util/stat.c | 6 +- 195 files changed, 1033 insertions(+), 591 deletions(-)

3 years, 8 months

13
164
0 0

[PATCH] iio: trigger: sysfs: Disable irqs before calling iio_trigger_poll()

by Christian Eggers

iio_trigger_poll() calls generic_handle_irq(). This function expects to be run with local IRQs disabled. Signed-off-by: Christian Eggers <ceggers(a)arri.de> Cc: stable(a)vger.kernel.org --- drivers/iio/trigger/iio-trig-sysfs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/trigger/iio-trig-sysfs.c b/drivers/iio/trigger/iio-trig-sysfs.c index e09e58072872..66a96b1632f8 100644 --- a/drivers/iio/trigger/iio-trig-sysfs.c +++ b/drivers/iio/trigger/iio-trig-sysfs.c @@ -94,7 +94,9 @@ static void iio_sysfs_trigger_work(struct irq_work *work) struct iio_sysfs_trig *trig = container_of(work, struct iio_sysfs_trig, work); + local_irq_disable(); iio_trigger_poll(trig->trig); + local_irq_enable(); } static ssize_t iio_sysfs_trigger_poll(struct device *dev, -- Christian Eggers Embedded software developer Arnold & Richter Cine Technik GmbH & Co. Betriebs KG Sitz: Muenchen - Registergericht: Amtsgericht Muenchen - Handelsregisternummer: HRA 57918 Persoenlich haftender Gesellschafter: Arnold & Richter Cine Technik GmbH Sitz: Muenchen - Registergericht: Amtsgericht Muenchen - Handelsregisternummer: HRB 54477 Geschaeftsfuehrer: Dr. Michael Neuhaeuser; Stephan Schenk; Walter Trauninger; Markus Zeiler

3 years, 8 months

3
8
0 0

[PATCH 1/4] ARM: backtrace-clang: check for NULL lr

by Nick Desaulniers

If the link register was zeroed out, do not attempt to use it for address calculations for which there are currently no fixup handlers, which can lead to a panic during unwind. Since panicking triggers another unwind, this can lead to an infinite loop. If this occurs during start_kernel(), this can prevent a kernel from booting. commit 59b6359dd92d ("ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel()") intentionally zeros out the link register in __mmap_switched which tail calls into start kernel. Test for this condition so that we can stop unwinding when initiated within start_kernel() correctly. Cc: stable(a)vger.kernel.org Fixes: commit 6dc5fd93b2f1 ("ARM: 8900/1: UNWINDER_FRAME_POINTER implementation for Clang") Reported-by: Miles Chen <miles.chen(a)mediatek.com> Signed-off-by: Nick Desaulniers <ndesaulniers(a)google.com> --- arch/arm/lib/backtrace-clang.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/lib/backtrace-clang.S b/arch/arm/lib/backtrace-clang.S index 6174c45f53a5..5388ac664c12 100644 --- a/arch/arm/lib/backtrace-clang.S +++ b/arch/arm/lib/backtrace-clang.S @@ -144,6 +144,8 @@ for_each_frame: tst frame, mask @ Check for address exceptions */ 1003: ldr sv_lr, [sv_fp, #4] @ get saved lr from next frame + tst sv_lr, #0 @ If there's no previous lr, + beq finished_setup @ we're done. ldr r0, [sv_lr, #-4] @ get call instruction ldr r3, .Lopcode+4 and r2, r3, r0 @ is this a bl call -- 2.28.0.163.g6104cc2f0b6-goog

3 years, 9 months

2
1
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror July 2020