October 2022 - Linux-stable-mirror

[PATCH v5.10.y] ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC

by Zubin Mithra

From: Takashi Iwai <tiwai(a)suse.de> commit 8423f0b6d513b259fdab9c9bf4aaa6188d054c2d upstream. There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls snd_pcm_oss_make_ready() at first, then takes the params_lock mutex for the rest. When the stream is set up again by another thread between them, it leads to inconsistency, and may result in unexpected results such as NULL dereference of OSS buffer as a fuzzer spotted recently. The fix is simply to cover snd_pcm_oss_make_ready() call into the same params_lock mutex with snd_pcm_oss_make_ready_locked() variant. Reported-and-tested-by: butt3rflyh4ck <butterflyhuangxx(a)gmail.com> Reviewed-by: Jaroslav Kysela <perex(a)perex.cz> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/CAFcO6XN7JDM4xSXGhtusQfS2mSBcx50VJKwQpCq=WeLt57aa… Link: https://lore.kernel.org/r/20220905060714.22549-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Zubin Mithra <zsm(a)google.com> --- Note: * 8423f0b6d513 is present in linux-5.15.y and linux-5.4.y; missing in linux-5.10.y. * Backport addresses conflict due to surrounding context. * Tests run: build and boot. sound/core/oss/pcm_oss.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c index f88de74da1eb..de6f94bee50b 100644 --- a/sound/core/oss/pcm_oss.c +++ b/sound/core/oss/pcm_oss.c @@ -1662,13 +1662,14 @@ static int snd_pcm_oss_sync(struct snd_pcm_oss_file *pcm_oss_file) runtime = substream->runtime; if (atomic_read(&substream->mmap_count)) goto __direct; - if ((err = snd_pcm_oss_make_ready(substream)) < 0) - return err; atomic_inc(&runtime->oss.rw_ref); if (mutex_lock_interruptible(&runtime->oss.params_lock)) { atomic_dec(&runtime->oss.rw_ref); return -ERESTARTSYS; } + err = snd_pcm_oss_make_ready_locked(substream); + if (err < 0) + goto unlock; format = snd_pcm_oss_format_from(runtime->oss.format); width = snd_pcm_format_physical_width(format); if (runtime->oss.buffer_used > 0) { -- 2.38.0.rc1.362.ged0d419d3c-goog

1 year, 11 months

3
3
0 0

[PATCH] firmware: coreboot: Register bus in module init

by Brian Norris

The coreboot_table driver registers a coreboot bus while probing a "coreboot_table" device representing the coreboot table memory region. Probing this device (i.e., registering the bus) is a dependency for the module_init() functions of any driver for this bus (e.g., memconsole-coreboot.c / memconsole_driver_init()). With synchronous probe, this dependency works OK, as the link order in the Makefile ensures coreboot_table_driver_init() (and thus, coreboot_table_probe()) completes before a coreboot device driver tries to add itself to the bus. With asynchronous probe, however, coreboot_table_probe() may race with memconsole_driver_init(), and so we're liable to hit one of these two: 1. coreboot_driver_register() eventually hits "[...] the bus was not initialized.", and the memconsole driver fails to register; or 2. coreboot_driver_register() gets past #1, but still races with bus_register() and hits some other undefined/crashing behavior (e.g., in driver_find() [1]) We can resolve this by registering the bus in our initcall, and only deferring "device" work (scanning the coreboot memory region and creating sub-devices) to probe(). [1] Example failure, using 'driver_async_probe=*' kernel command line: [ 0.114217] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 ... [ 0.114307] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.1.0-rc1 #63 [ 0.114316] Hardware name: Google Scarlet (DT) ... [ 0.114488] Call trace: [ 0.114494] _raw_spin_lock+0x34/0x60 [ 0.114502] kset_find_obj+0x28/0x84 [ 0.114511] driver_find+0x30/0x50 [ 0.114520] driver_register+0x64/0x10c [ 0.114528] coreboot_driver_register+0x30/0x3c [ 0.114540] memconsole_driver_init+0x24/0x30 [ 0.114550] do_one_initcall+0x154/0x2e0 [ 0.114560] do_initcall_level+0x134/0x160 [ 0.114571] do_initcalls+0x60/0xa0 [ 0.114579] do_basic_setup+0x28/0x34 [ 0.114588] kernel_init_freeable+0xf8/0x150 [ 0.114596] kernel_init+0x2c/0x12c [ 0.114607] ret_from_fork+0x10/0x20 [ 0.114624] Code: 5280002b 1100054a b900092a f9800011 (885ffc01) [ 0.114631] ---[ end trace 0000000000000000 ]--- Fixes: b81e3140e412 ("firmware: coreboot: Make bus registration symmetric") Cc: <stable(a)vger.kernel.org> Signed-off-by: Brian Norris <briannorris(a)chromium.org> --- Currently, get_maintainers.pl tells me Greg should pick this up. But I CC the chrome-platform list too, since it seems reasonable for Google folks (probably ChromeOS folks are most active here?) to maintain Google/Chrome drivers. Let me know if y'all would like this official, and I'll push out a MAINTAINERS patch. drivers/firmware/google/coreboot_table.c | 37 +++++++++++++++++++----- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/drivers/firmware/google/coreboot_table.c b/drivers/firmware/google/coreboot_table.c index c52bcaa9def6..9ca21feb9d45 100644 --- a/drivers/firmware/google/coreboot_table.c +++ b/drivers/firmware/google/coreboot_table.c @@ -149,12 +149,8 @@ static int coreboot_table_probe(struct platform_device *pdev) if (!ptr) return -ENOMEM; - ret = bus_register(&coreboot_bus_type); - if (!ret) { - ret = coreboot_table_populate(dev, ptr); - if (ret) - bus_unregister(&coreboot_bus_type); - } + ret = coreboot_table_populate(dev, ptr); + memunmap(ptr); return ret; @@ -169,7 +165,6 @@ static int __cb_dev_unregister(struct device *dev, void *dummy) static int coreboot_table_remove(struct platform_device *pdev) { bus_for_each_dev(&coreboot_bus_type, NULL, NULL, __cb_dev_unregister); - bus_unregister(&coreboot_bus_type); return 0; } @@ -199,6 +194,32 @@ static struct platform_driver coreboot_table_driver = { .of_match_table = of_match_ptr(coreboot_of_match), }, }; -module_platform_driver(coreboot_table_driver); + +static int __init coreboot_table_driver_init(void) +{ + int ret; + + ret = bus_register(&coreboot_bus_type); + if (ret) + return ret; + + ret = platform_driver_register(&coreboot_table_driver); + if (ret) { + bus_unregister(&coreboot_bus_type); + return ret; + } + + return 0; +} + +static void __exit coreboot_table_driver_exit(void) +{ + platform_driver_unregister(&coreboot_table_driver); + bus_unregister(&coreboot_bus_type); +} + +module_init(coreboot_table_driver_init); +module_exit(coreboot_table_driver_exit); + MODULE_AUTHOR("Google, Inc."); MODULE_LICENSE("GPL"); -- 2.38.0.413.g74048e4d9e-goog

1 year, 12 months

4
5
0 0

[PATCH 4.19 000/338] 4.19.238-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.238 release. There are 338 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 16 Apr 2022 11:07:54 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.238-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.238-rc1 Felix Kuehling <Felix.Kuehling(a)amd.com> drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu Bas Nieuwenhuizen <bas(a)basnieuwenhuizen.nl> drm/amdgpu: Check if fd really is an amdgpu fd. Xin Long <lucien.xin(a)gmail.com> xfrm: policy: match with both mark and mask on user interfaces Tejun Heo <tj(a)kernel.org> selftests: cgroup: Test open-time cgroup namespace usage for migration checks Tejun Heo <tj(a)kernel.org> selftests: cgroup: Test open-time credential usage for migration checks Tejun Heo <tj(a)kernel.org> selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 Tejun Heo <tj(a)kernel.org> cgroup: Use open-time cgroup namespace for process migration perm checks Tejun Heo <tj(a)kernel.org> cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv Tejun Heo <tj(a)kernel.org> cgroup: Use open-time credentials for process migraton perm checks Waiman Long <longman(a)redhat.com> mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning Fangrui Song <maskray(a)google.com> arm64: module: remove (NOLOAD) from linker script Peter Xu <peterx(a)redhat.com> mm: don't skip swap entry even if zap_details specified Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error" Arnaldo Carvalho de Melo <acme(a)redhat.com> tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts Arnaldo Carvalho de Melo <acme(a)redhat.com> tools build: Filter out options and warnings not supported by clang Marc Zyngier <maz(a)kernel.org> irqchip/gic-v3: Fix GICR_CTLR.RWP polling Xiaomeng Tong <xiam0nd.tong(a)gmail.com> perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator Christian Lamparter <chunkeey(a)gmail.com> ata: sata_dwc_460ex: Fix crash due to OOB write Guo Ren <guoren(a)linux.alibaba.com> arm64: patch_text: Fixup last cpu should be master Ethan Lien <ethanlien(a)synology.com> btrfs: fix qgroup reserve overflow the qgroup limit Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/speculation: Restore speculation related MSRs during S3 resume Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/pm: Save the MSR validity status at context setup Miaohe Lin <linmiaohe(a)huawei.com> mm/mempolicy: fix mpol_new leak in shared_policy_replace Paolo Bonzini <pbonzini(a)redhat.com> mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: renesas_sdhi: don't overwrite TAP settings when HS400 tuning is complete Pali Rohár <pali(a)kernel.org> Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning" Lv Yunlong <lyl2019(a)mail.ustc.edu.cn> drbd: Fix five use after free bugs in get_initial_state Kamal Dasu <kdasu.kdev(a)gmail.com> spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() Jamie Bainbridge <jamie.bainbridge(a)gmail.com> qede: confirm skb is allocated before using Eric Dumazet <edumazet(a)google.com> rxrpc: fix a race in rxrpc_exit_net() Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: don't send internal clone attribute to the userspace. José Expósito <jose.exposito89(a)gmail.com> drm/imx: Fix memory leak in imx_pd_connector_get_modes Chen-Yu Tsai <wens(a)csie.org> net: stmmac: Fix unset max_speed difference between DT and non-DT platforms Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() Guilherme G. Piccoli <gpiccoli(a)igalia.com> Drivers: hv: vmbus: Fix potential crash on module unload Dan Carpenter <dan.carpenter(a)oracle.com> drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() James Morse <james.morse(a)arm.com> KVM: arm64: Check arm64_get_bp_hardening_data() didn't return NULL Mauricio Faria de Oliveira <mfo(a)canonical.com> mm: fix race between MADV_FREE reclaim and blkdev direct IO read Willem de Bruijn <willemb(a)google.com> net: add missing SOF_TIMESTAMPING_OPT_ID support Helge Deller <deller(a)gmx.de> parisc: Fix CPU affinity for Lasi, WAX and Dino chips Haimin Zhang <tcs_kernel(a)tencent.com> jfs: prevent NULL deref in diFree Randy Dunlap <rdunlap(a)infradead.org> virtio_console: eliminate anonymous module_init & module_exit Jiri Slaby <jslaby(a)suse.cz> serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() NeilBrown <neilb(a)suse.de> NFS: swap-out must always use STABLE writes. NeilBrown <neilb(a)suse.de> NFS: swap IO handling is slightly different for O_DIRECT IO NeilBrown <neilb(a)suse.de> SUNRPC/call_alloc: async tasks mustn't block waiting for memory Maxime Ripard <maxime(a)cerno.tech> clk: Enforce that disjoints limits are invalid Dongli Zhang <dongli.zhang(a)oracle.com> xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Protect the state recovery thread against direct reclaim Lucas Denefle <lucas.denefle(a)converge.io> w1: w1_therm: fixes w1_seq for ds28ea00 sensors Qinghua Jin <qhjin.dev(a)gmail.com> minix: fix bug when opening a file with O_DIRECT Randy Dunlap <rdunlap(a)infradead.org> init/main.c: return 1 from handled __setup() functions Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: Fix use after free in hci_send_acl Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix DTC warning unit_address_format H. Nikolaus Schaller <hns(a)goldelico.com> usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm Jianglei Nie <niejianglei2021(a)163.com> scsi: libfc: Fix use after free in fc_exch_abts_resp() Alexander Lobakin <alobakin(a)pm.me> MIPS: fix fortify panic when copying asm exception handlers Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Eliminate unintended link toggle during FW reset Sven Eckelmann <sven(a)narfation.org> macvtap: advertise link netns via netlink Dust Li <dust.li(a)linux.alibaba.com> net/smc: correct settings of RMB window update limit Randy Dunlap <rdunlap(a)infradead.org> scsi: aha152x: Fix aha152x_setup() __setup handler return value Damien Le Moal <damien.lemoal(a)opensource.wdc.com> scsi: pm8001: Fix pm8001_mpi_task_abort_resp() Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: make CRAT table missing message informational only Jordy Zomer <jordy(a)jordyzomer.github.io> dm ioctl: prevent potential spectre v1 gadget Ido Schimmel <idosch(a)nvidia.com> ipv4: Invalidate neighbour for broadcast address upon address addition Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: pciehp: Add Qualcomm quirk for Command Completed erratum Neal Liu <neal_liu(a)aspeedtech.com> usb: ehci: add pci device support for Aspeed platforms Zhou Guanghui <zhouguanghui1(a)huawei.com> iommu/arm-smmu-v3: fix event handling soft lockup Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix support for MSI interrupts Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc: Set crashkernel offset to mid of RMA region Evgeny Boger <boger(a)wirenboard.com> power: supply: axp20x_battery: properly report current when discharging Yang Guang <yang.guang5(a)zte.com.cn> scsi: bfa: Replace snprintf() with sysfs_emit() Yang Guang <yang.guang5(a)zte.com.cn> scsi: mvsas: Replace snprintf() with sysfs_emit() Maxim Kiselev <bigunclemax(a)gmail.com> powerpc: dts: t104xrdb: fix phy type for FMAN 4/5 Yang Guang <yang.guang5(a)zte.com.cn> ptp: replace snprintf with sysfs_emit Xin Xiong <xiongx18(a)fudan.edu.cn> drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj Zekun Shen <bruceshenzk(a)gmail.com> ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 Anisse Astier <anisse(a)astier.eu> drm: Add orientation quirk for GPD Win Max Jim Mattson <jmattson(a)google.com> KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs Randy Dunlap <rdunlap(a)infradead.org> ARM: 9187/1: JIVE: fix return value of __setup handler Fangrui Song <maskray(a)google.com> riscv module: remove (NOLOAD) Jiasheng Jiang <jiasheng(a)iscas.ac.cn> rtc: wm8350: Handle error for wm8350_register_irq Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Rectify space amount budget for mkdir/tmpfile operations Vitaly Kuznetsov <vkuznets(a)redhat.com> KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated Martin Varghese <martin.varghese(a)nokia.com> openvswitch: Fixed nd target mask field in the flow dump. Anton Ivanov <anton.ivanov(a)cambridgegreys.com> um: Fix uml_mconsole stop/go Kuldeep Singh <singh.kuldeep87k(a)gmail.com> ARM: dts: spear13xx: Update SPI dma properties Kuldeep Singh <singh.kuldeep87k(a)gmail.com> ARM: dts: spear1340: Update serial node properties Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Allow TLV control to be either read or write Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: fastmap: Return error code if memory allocation fails in add_aeb() Hengqi Chen <hengqi.chen(a)gmail.com> bpf: Fix comment for helper bpf_current_task_under_cgroup() Randy Dunlap <rdunlap(a)infradead.org> mm/usercopy: return 1 from hardened_usercopy __setup() handler Randy Dunlap <rdunlap(a)infradead.org> mm/memcontrol: return 1 from cgroup.memory __setup() handler Randy Dunlap <rdunlap(a)infradead.org> mm/mmap: return 1 from stack_guard_gap __setup() handler Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: CPPC: Avoid out of bounds access when parsing _CPC data Baokun Li <libaokun1(a)huawei.com> ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: pinconf-generic: Print arguments for bias-pull-* Andrew Price <anprice(a)redhat.com> gfs2: Make sure FITRIM minlen is rounded up to fs block size Pavel Skripkin <paskripkin(a)gmail.com> can: mcba_usb: properly check endpoint type Hangyu Hua <hbh25y(a)gmail.com> can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path Baokun Li <libaokun1(a)huawei.com> ubifs: rename_whiteout: correct old_dir size computing Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: setflags: Make dirtied_ino_d 8 bytes aligned Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Add missing iput if do_tmpfile() failed in rename whiteout Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Fix deadlock in concurrent rename whiteout and inode writeback Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: rename_whiteout: Fix double free for whiteout_ui->data Li RongQing <lirongqing(a)baidu.com> KVM: x86: fix sending PV IPI David Matlack <dmatlack(a)google.com> KVM: Prevent module exit until all VMs are freed Manish Rangankar <mrangankar(a)marvell.com> scsi: qla2xxx: Use correct feature type field during RFF_ID processing Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Reduce false trigger to login Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix hang due to session stuck Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix incorrect reporting of task management failure Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() Joe Carnuccio <joe.carnuccio(a)cavium.com> scsi: qla2xxx: Check for firmware dump already collected Nilesh Javali <njavali(a)marvell.com> scsi: qla2xxx: Fix warning for missing error code Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix stuck session in gpdb Anders Roxell <anders.roxell(a)linaro.org> powerpc: Fix build errors with newer binutils Anders Roxell <anders.roxell(a)linaro.org> powerpc/lib/sstep: Fix build errors with newer binutils Anders Roxell <anders.roxell(a)linaro.org> powerpc/lib/sstep: Fix 'sthcx' instruction Ulf Hansson <ulf.hansson(a)linaro.org> mmc: host: Return an error when ->enable_sdio_irq() ops is missing Dongliang Mu <mudongliangabcd(a)gmail.com> media: hdpvr: initialize dev->worker at hdpvr_register_videodev Pavel Skripkin <paskripkin(a)gmail.com> media: Revert "media: em28xx: add missing em28xx_close_extension" Zheyu Ma <zheyuma97(a)gmail.com> video: fbdev: sm712fb: Fix crash in smtcfb_write() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> ARM: mmp: Fix failure to remove sram device Richard Leitner <richard.leitner(a)skidata.com> ARM: tegra: tamonten: Fix I2C3 pad setting Daniel González Cabanelas <dgcbueu(a)gmail.com> media: cx88-mpeg: clear interrupt status register before streaming video Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: soc-core: skip zero num_dai component in searching dai name Jing Yao <yao.jing2(a)zte.com.cn> video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit Jing Yao <yao.jing2(a)zte.com.cn> video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() Jing Yao <yao.jing2(a)zte.com.cn> video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() Ard Biesheuvel <ardb(a)kernel.org> ARM: ftrace: avoid redundant loads or clobbering IP Richard Schleich <rs(a)noreya.tech> ARM: dts: bcm2837: Add the missing L1/L2 cache information David Heidelberg <david(a)ixit.cz> ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 Yang Guang <yang.guang5(a)zte.com.cn> video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit George Kennedy <george.kennedy(a)oracle.com> video: fbdev: cirrusfb: check pixclock to avoid divide by zero Evgeny Novikov <novikov(a)ispras.ru> video: fbdev: w100fb: Reset global state Tim Gardner <tim.gardner(a)canonical.com> video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow Dongliang Mu <mudongliangabcd(a)gmail.com> ntfs: add sanity check on allocation size Theodore Ts'o <tytso(a)mit.edu> ext4: don't BUG if someone dirty pages without asking ext4 first Minghao Chi <chi.minghao(a)zte.com.cn> spi: tegra20: Use of_device_get_match_data() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> PM: core: keep irq flags in device_pm_check_callbacks() Darren Hart <darren(a)os.amperecomputing.com> ACPI/APEI: Limit printable size of BERT table data Paolo Valente <paolo.valente(a)linaro.org> Revert "Revert "block, bfq: honor already-setup queue merges"" Paul Menzel <pmenzel(a)molgen.mpg.de> lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Avoid walking the ACPI Namespace if it is not there Zhang Wensheng <zhangwensheng5(a)huawei.com> bfq: fix use-after-free in bfq_dispatch_request Souptick Joarder (HPE) <jrdr.linux(a)gmail.com> irqchip/nvic: Release nvic_base upon failure Marc Zyngier <maz(a)kernel.org> irqchip/qcom-pdc: Fix broken locking Casey Schaufler <casey(a)schaufler-ca.com> Fix incorrect type in assignment of ipv6 port for audit Chaitanya Kulkarni <kch(a)nvidia.com> loop: use sysfs_emit() in the sysfs xxx show() Christian Göttsche <cgzones(a)googlemail.com> selinux: use correct type for context length Dan Carpenter <dan.carpenter(a)oracle.com> lib/test: use after free in register_test_dev_kmod() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/pNFS: Fix another issue with a list iterator pointing to the head Duoming Zhou <duoming(a)zju.edu.cn> net/x25: Fix null-ptr-deref caused by x25_disconnect Tom Rix <trix(a)redhat.com> qlcnic: dcb: default to returning -EOPNOTSUPP Florian Fainelli <f.fainelli(a)gmail.com> net: phy: broadcom: Fix brcm_fet_config_init() Juergen Gross <jgross(a)suse.com> xen: fix is_xen_pmu() Konrad Dybcio <konrad.dybcio(a)somainline.org> clk: qcom: gcc-msm8994: Fix gpll4 width Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options Pavel Skripkin <paskripkin(a)gmail.com> jfs: fix divide error in dbNextAG Randy Dunlap <rdunlap(a)infradead.org> kgdbts: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> kgdboc: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> tty: hvc: fix return value of __setup handler Miaoqian Lin <linmq006(a)gmail.com> pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe Miaoqian Lin <linmq006(a)gmail.com> pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe Miaoqian Lin <linmq006(a)gmail.com> pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init Alexey Khoroshilov <khoroshilov(a)ispras.ru> NFS: remove unneeded check in decode_devicenotify_args() Miaoqian Lin <linmq006(a)gmail.com> clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver Jonathan Neuschäfer <j.neuschaefer(a)gmx.net> clk: clps711x: Terminate clk_div_table with sentinel element Jonathan Neuschäfer <j.neuschaefer(a)gmx.net> clk: loongson1: Terminate clk_div_table with sentinel element Jonathan Neuschäfer <j.neuschaefer(a)gmx.net> clk: actions: Terminate clk_div_table with sentinel element Miaoqian Lin <linmq006(a)gmail.com> remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region Taniya Das <tdas(a)codeaurora.org> clk: qcom: clk-rcg2: Update the frac table for pixel clock Randy Dunlap <rdunlap(a)infradead.org> dma-debug: fix return value of __setup handlers Jiasheng Jiang <jiasheng(a)iscas.ac.cn> iio: adc: Add check for devm_request_threaded_irq Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: 8250: Fix race condition in RTS-after-send handling Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_mid: Balance reference count for PCI DMA device Dirk Buchwalder <buchwalder(a)posteo.de> clk: qcom: ipq8074: Use floor ops for SDCC1 clock Jonathan Cameron <Jonathan.Cameron(a)huawei.com> staging:iio:adc:ad7280a: Fix handing of device address bit reversing. Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() Jiri Slaby <jslaby(a)suse.cz> mxser: fix xmit_buf leak in activate when LSR == 0xff Miaoqian Lin <linmq006(a)gmail.com> mfd: asic3: Add missing iounmap() on error asic3_mfd_probe Jakub Kicinski <kuba(a)kernel.org> tcp: ensure PMTU updates are processed during fastopen Jeremy Linton <jeremy.linton(a)arm.com> net: bcmgenet: Use stronger register read/writes to assure ordering Hangbin Liu <liuhangbin(a)gmail.com> selftests/bpf/test_lirc_mode2.sh: Exit with proper code Peter Rosin <peda(a)axentia.se> i2c: mux: demux-pinctrl: do not deactivate a master that is not active Petr Machata <petrm(a)nvidia.com> af_netlink: Fix shift out of bounds in group mask calculation Dan Carpenter <dan.carpenter(a)oracle.com> USB: storage: ums-realtek: fix error code in rts51x_read_mem() Xin Xiong <xiongx18(a)fudan.edu.cn> mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init Randy Dunlap <rdunlap(a)infradead.org> MIPS: RB532: fix return value of __setup handler Oliver Hartkopp <socketcan(a)hartkopp.net> vxcan: enable local echo for sent CAN frames Jiasheng Jiang <jiasheng(a)iscas.ac.cn> mfd: mc13xxx: Add check for mc13xxx_irq_request Jakob Koschel <jakobkoschel(a)gmail.com> powerpc/sysdev: fix incorrect use to determine if list is empty Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> PCI: Reduce warnings on possible RW1C corruption Jiasheng Jiang <jiasheng(a)iscas.ac.cn> power: supply: wm8350-power: Add missing free in free_charger_irq Jiasheng Jiang <jiasheng(a)iscas.ac.cn> power: supply: wm8350-power: Handle error for wm8350_register_irq Robert Hancock <robert.hancock(a)calian.com> i2c: xiic: Make bus names unique Anssi Hannula <anssi.hannula(a)bitwise.fi> hv_balloon: rate-limit "Unhandled message" warning Hou Wenlong <houwenlong.hwl(a)antgroup.com> KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() Zhenzhong Duan <zhenzhong.duan(a)intel.com> KVM: x86: Fix emulation in writing cr8 Michael Ellerman <mpe(a)ellerman.id.au> powerpc/Makefile: Don't pass -mcpu=powerpc64 when building 32-bit Nishanth Menon <nm(a)ti.com> drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt Hans de Goede <hdegoede(a)redhat.com> power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return Miaoqian Lin <linmq006(a)gmail.com> drm/tegra: Fix reference leak in tegra_dsi_ganged_probe Zhang Yi <yi.zhang(a)huawei.com> ext2: correct max file size computing Randy Dunlap <rdunlap(a)infradead.org> TOMOYO: fix __setup handlers return values Damien Le Moal <damien.lemoal(a)opensource.wdc.com> scsi: pm8001: Fix abort all task initialization Damien Le Moal <damien.lemoal(a)opensource.wdc.com> scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() Damien Le Moal <damien.lemoal(a)opensource.wdc.com> scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() Damien Le Moal <damien.lemoal(a)opensource.wdc.com> scsi: pm8001: Fix command initialization in pm80XX_send_read_log() Aashish Sharma <shraash(a)google.com> dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS Colin Ian King <colin.king(a)canonical.com> iwlwifi: Fix -EIO error code that is never returned Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports Miaoqian Lin <linmq006(a)gmail.com> power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ray_cs: Check ioremap return value Miaoqian Lin <linmq006(a)gmail.com> power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe Fabiano Rosas <farosas(a)linux.ibm.com> KVM: PPC: Fix vmx/vsx mixup in mmio emulation Pavel Skripkin <paskripkin(a)gmail.com> ath9k_htc: fix uninit value bugs Zhou Qingyang <zhou1615(a)umn.edu> drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() Maxime Ripard <maxime(a)cerno.tech> drm/edid: Don't clear formats if using deep color Jiasheng Jiang <jiasheng(a)iscas.ac.cn> mtd: onenand: Check for error irq Pavel Skripkin <paskripkin(a)gmail.com> Bluetooth: hci_serdev: call init_rwsem() before p->open() Wen Gong <quic_wgong(a)quicinc.com> ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern Miaoqian Lin <linmq006(a)gmail.com> drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev Jiasheng Jiang <jiasheng(a)iscas.ac.cn> mmc: davinci_mmc: Handle error for clk_enable Miaoqian Lin <linmq006(a)gmail.com> ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe Wang Wensheng <wangwensheng4(a)huawei.com> ASoC: imx-es8328: Fix error return code in imx_es8328_probe() Miaoqian Lin <linmq006(a)gmail.com> ASoC: mxs: Fix error handling in mxs_sgtl5000_probe Codrin Ciubotariu <codrin.ciubotariu(a)microchip.com> ASoC: dmaengine: do not use a NULL prepare_slave_config() callback Miaoqian Lin <linmq006(a)gmail.com> video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ASoC: fsi: Add check for clk_enable Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ASoC: wm8350: Handle error for wm8350_register_irq Miaoqian Lin <linmq006(a)gmail.com> ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe Dafna Hirschfeld <dafna.hirschfeld(a)collabora.com> media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction Jia-Ju Bai <baijiaju1990(a)gmail.com> memory: emif: check the pointer temp in get_device_details() Jiasheng Jiang <jiasheng(a)iscas.ac.cn> memory: emif: Add check for setup_interrupts Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ASoC: atmel_ssc_dai: Handle errors for clk_enable Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ASoC: mxs-saif: Handle errors for clk_enable Randy Dunlap <rdunlap(a)infradead.org> printk: fix return value of printk.devkmsg __setup handler Frank Wunderlich <frank-w(a)public-files.de> arm64: dts: broadcom: Fix sata nodename Kuldeep Singh <singh.kuldeep87k(a)gmail.com> arm64: dts: ns2: Fix spi-cpol and spi-cpha property Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ALSA: spi: Add check for clk_enable() Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ASoC: ti: davinci-i2s: Add check for clk_enable() Jia-Ju Bai <baijiaju1990(a)gmail.com> ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() Dan Carpenter <dan.carpenter(a)oracle.com> media: usb: go7007: s2250-board: fix leak in probe() Dongliang Mu <mudongliangabcd(a)gmail.com> media: em28xx: initialize refcount before kref_get Miaoqian Lin <linmq006(a)gmail.com> soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe Pavel Kubelun <be.dissent(a)gmail.com> ARM: dts: qcom: ipq4019: fix sleep clock Dan Carpenter <dan.carpenter(a)oracle.com> video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() Wang Hai <wanghai38(a)huawei.com> video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() Miaoqian Lin <linmq006(a)gmail.com> media: coda: Fix missing put_device() call in coda_get_vdoa_data Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix address filter config for 32-bit kernel Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix address filter parser for multiple filters Bharata B Rao <bharata(a)amd.com> sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa Randy Dunlap <rdunlap(a)infradead.org> clocksource: acpi_pm: fix return value of __setup handler Brandon Wyman <bjwyman(a)gmail.com> hwmon: (pmbus) Add Vin unit off handling Dāvis Mosāns <davispuh(a)gmail.com> crypto: ccp - ccp_dmaengine_unregister release dma channels Randy Dunlap <rdunlap(a)infradead.org> ACPI: APEI: fix return value of __setup handlers Guillaume Ranquet <granquet(a)baylibre.com> clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() Petr Vorel <pvorel(a)suse.cz> crypto: vmx - add missing dependencies Claudiu Beznea <claudiu.beznea(a)microchip.com> hwrng: atmel - disable trng on failure path Randy Dunlap <rdunlap(a)infradead.org> PM: suspend: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> PM: hibernate: fix __setup handler error handling Eric Biggers <ebiggers(a)google.com> block: don't delete queue kobject before its children Armin Wolf <W_Armin(a)gmx.de> hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING Patrick Rudolph <patrick.rudolph(a)9elements.com> hwmon: (pmbus) Add mutex to regulator ops Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: pxa2xx-pci: Balance reference count for PCI DMA device Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/x86: Add validity check and allow field splitting Miaoqian Lin <linmq006(a)gmail.com> spi: tegra114: Add missing IRQ check in tegra_spi_probe Tomas Paukrt <tomaspaukrt(a)email.cz> crypto: mxs-dcp - Fix scatterlist processing Herbert Xu <herbert(a)gondor.apana.org.au> crypto: authenc - Fix sleep in atomic context in decrypt_tail kernel test robot <lkp(a)intel.com> regulator: qcom_smd: fix for_each_child.cocci warnings Liguang Zhang <zhangliguang(a)linux.alibaba.com> PCI: pciehp: Clear cmd_busy bit in polling mode Hector Martin <marcan(a)marcan.st> brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio Hector Martin <marcan(a)marcan.st> brcmfmac: firmware: Allocate space for default boardrev in nvram Johan Hovold <johan(a)kernel.org> media: davinci: vpif: fix unbalanced runtime PM get Maciej W. Rozycki <macro(a)orcam.me.uk> DEC: Limit PMAX memory probing to R3k systems Dirk Müller <dmueller(a)suse.de> lib/raid6/test: fix multiple definition linking error Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> thermal: int340x: Increase bitmap size Colin Ian King <colin.i.king(a)gmail.com> carl9170: fix missing bit-wise or operator for tx_params Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> ARM: dts: exynos: add missing HDMI supplies on SMDK5420 Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> ARM: dts: exynos: add missing HDMI supplies on SMDK5250 Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 Tudor Ambarus <tudor.ambarus(a)microchip.com> ARM: dts: at91: sama5d2: Fix PMERRLOC resource size Michael Schmitz <schmitzmic(a)gmail.com> video: fbdev: atari: Atari 2 bpp (STe) palette bugfix Helge Deller <deller(a)gmx.de> video: fbdev: sm712fb: Fix crash in smtcfb_read() Cooper Chiou <cooper.chiou(a)intel.com> drm/edid: check basic audio support on CEA extension block Tejun Heo <tj(a)kernel.org> block: don't merge across cgroup boundaries if blkcg is enabled Duoming Zhou <duoming(a)zju.edu.cn> drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() Sakari Ailus <sakari.ailus(a)linux.intel.com> ACPI: properties: Consistently return -ENOENT if there are no more references Andreas Gruenbacher <agruenba(a)redhat.com> powerpc/kvm: Fix kvm_use_magic_page Lars Ellenberg <lars.ellenberg(a)linbit.com> drbd: fix potential silent data corruption Rik van Riel <riel(a)surriel.com> mm,hwpoison: unmap poisoned page before invalidation Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 Xiaomeng Tong <xiam0nd.tong(a)gmail.com> ALSA: cs4236: fix an incorrect NULL check on list iterator José Expósito <jose.exposito89(a)gmail.com> Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" Manish Chopra <manishc(a)marvell.com> qed: validate and restrict untrusted VFs vlan promisc mode Manish Chopra <manishc(a)marvell.com> qed: display VF trust config Damien Le Moal <damien.lemoal(a)opensource.wdc.com> scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands Hugh Dickins <hughd(a)google.com> mempolicy: mbind_range() set_policy() after vma_merge() Rik van Riel <riel(a)surriel.com> mm: invalidate hwpoison page cache page in fault path Alistair Popple <apopple(a)nvidia.com> mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node Baokun Li <libaokun1(a)huawei.com> jffs2: fix memory leak in jffs2_scan_medium Baokun Li <libaokun1(a)huawei.com> jffs2: fix memory leak in jffs2_do_mount_fs Baokun Li <libaokun1(a)huawei.com> jffs2: fix use-after-free in jffs2_clear_xattr_subsystem Hangyu Hua <hbh25y(a)gmail.com> can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> pinctrl: samsung: drop pin banks references on error paths Chao Yu <chao(a)kernel.org> f2fs: fix to unlock page correctly in error path of is_alive() Dan Carpenter <dan.carpenter(a)oracle.com> NFSD: prevent integer overflow on 32 bit systems Dan Carpenter <dan.carpenter(a)oracle.com> NFSD: prevent underflow in nfssvc_decode_writeargs() NeilBrown <neilb(a)suse.de> SUNRPC: avoid race between mod_timer() and del_timer_sync() Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: update stable tree link Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: add link to stable release candidate tree Jann Horn <jannh(a)google.com> ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> clk: uniphier: Fix fixed-rate initialization Liam Beguin <liambeguin(a)gmail.com> iio: inkern: make a best effort on offset calculation Liam Beguin <liambeguin(a)gmail.com> iio: inkern: apply consumer scale when no channel scale is available Liam Beguin <liambeguin(a)gmail.com> iio: inkern: apply consumer scale on IIO_VAL_INT cases Liam Beguin <liambeguin(a)gmail.com> iio: afe: rescale: use s64 for temporary scale calculations James Clark <james.clark(a)arm.com> coresight: Fix TRCCONFIGR.QE sysfs interface Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: make xhci_handshake timeout for xhci_reset() adjustable Alan Stern <stern(a)rowland.harvard.edu> USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c Xie Yongji <xieyongji(a)bytedance.com> virtio-blk: Use blk_validate_block_size() to validate block size Xie Yongji <xieyongji(a)bytedance.com> block: Add a helper to validate the block size Lino Sanfilippo <LinoSanfilippo(a)gmx.de> tpm: fix reference counting for struct tpm_chip Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix pipe buffer lifetime for direct_io Haimin Zhang <tcs_kernel(a)tencent.com> af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register Biju Das <biju.das.jz(a)bp.renesas.com> spi: Fix erroneous sgs value with min_t() Minghao Chi (CGEL ZTE) <chi.minghao(a)zte.com.cn> net:mcf8390: Use platform_get_irq() to get the interrupt Biju Das <biju.das.jz(a)bp.renesas.com> spi: Fix invalid sgs value Zheyu Ma <zheyuma97(a)gmail.com> ethernet: sun: Free the coherent when failing in probing Michael S. Tsirkin <mst(a)redhat.com> virtio_console: break out of buf poll on remove Lina Wang <lina.wang(a)mediatek.com> xfrm: fix tunnel model fragmentation behavior Yajun Deng <yajun.deng(a)linux.dev> netdevice: add the case if dev is NULL Randy Dunlap <rdunlap(a)infradead.org> hv: utils: add PTP_1588_CLOCK to Kconfig to fix build Johan Hovold <johan(a)kernel.org> USB: serial: simple: add Nokia phone driver Eddie James <eajames(a)linux.ibm.com> USB: serial: pl2303: add IBM device IDs ------------- Diffstat: Documentation/process/stable-kernel-rules.rst | 11 +- Makefile | 4 +- arch/arm/boot/dts/bcm2837.dtsi | 49 ++++++ arch/arm/boot/dts/exynos5250-pinctrl.dtsi | 2 +- arch/arm/boot/dts/exynos5250-smdk5250.dts | 3 + arch/arm/boot/dts/exynos5420-smdk5420.dts | 3 + arch/arm/boot/dts/qcom-ipq4019.dtsi | 3 +- arch/arm/boot/dts/qcom-msm8960.dtsi | 8 +- arch/arm/boot/dts/sama5d2.dtsi | 2 +- arch/arm/boot/dts/spear1340.dtsi | 6 +- arch/arm/boot/dts/spear13xx.dtsi | 6 +- arch/arm/boot/dts/tegra20-tamonten.dtsi | 6 +- arch/arm/kernel/entry-ftrace.S | 51 +++---- arch/arm/mach-mmp/sram.c | 22 +-- arch/arm/mach-s3c24xx/mach-jive.c | 6 +- .../arm64/boot/dts/broadcom/northstar2/ns2-svk.dts | 8 +- arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 2 +- arch/arm64/include/asm/kvm_mmu.h | 3 +- arch/arm64/kernel/insn.c | 4 +- arch/arm64/kernel/module.lds | 6 +- arch/mips/dec/prom/Makefile | 2 +- arch/mips/include/asm/dec/prom.h | 15 +- arch/mips/include/asm/setup.h | 2 +- arch/mips/kernel/traps.c | 22 +-- arch/mips/rb532/devices.c | 6 +- arch/powerpc/Makefile | 2 +- arch/powerpc/boot/dts/fsl/t104xrdb.dtsi | 4 +- arch/powerpc/include/asm/io.h | 40 ++++- arch/powerpc/include/asm/uaccess.h | 3 + arch/powerpc/kernel/kvm.c | 2 +- arch/powerpc/kernel/machine_kexec.c | 15 +- arch/powerpc/kernel/rtas.c | 6 + arch/powerpc/kvm/powerpc.c | 4 +- arch/powerpc/lib/sstep.c | 8 +- arch/powerpc/platforms/powernv/rng.c | 6 +- arch/powerpc/sysdev/fsl_gtm.c | 4 +- arch/riscv/kernel/module.lds | 6 +- arch/um/drivers/mconsole_kern.c | 3 +- arch/x86/events/intel/pt.c | 2 +- arch/x86/kernel/kvm.c | 2 +- arch/x86/kvm/emulate.c | 14 +- arch/x86/kvm/hyperv.c | 17 ++- arch/x86/kvm/lapic.c | 5 +- arch/x86/kvm/pmu_amd.c | 8 +- arch/x86/power/cpu.c | 21 ++- arch/x86/xen/pmu.c | 10 +- arch/x86/xen/pmu.h | 3 +- arch/x86/xen/smp_hvm.c | 6 + arch/x86/xen/smp_pv.c | 2 +- arch/x86/xen/time.c | 24 ++- arch/xtensa/boot/dts/xtfpga-flash-128m.dtsi | 8 +- arch/xtensa/boot/dts/xtfpga-flash-16m.dtsi | 8 +- arch/xtensa/boot/dts/xtfpga-flash-4m.dtsi | 4 +- block/bfq-iosched.c | 31 ++-- block/blk-merge.c | 12 ++ block/blk-sysfs.c | 8 +- crypto/authenc.c | 2 +- drivers/acpi/acpica/nswalk.c | 3 + drivers/acpi/apei/bert.c | 10 +- drivers/acpi/apei/erst.c | 2 +- drivers/acpi/apei/hest.c | 2 +- drivers/acpi/cppc_acpi.c | 5 + drivers/acpi/property.c | 2 +- drivers/ata/sata_dwc_460ex.c | 6 +- drivers/base/power/main.c | 6 +- drivers/block/drbd/drbd_int.h | 8 +- drivers/block/drbd/drbd_nl.c | 41 +++-- drivers/block/drbd/drbd_req.c | 3 +- drivers/block/drbd/drbd_state.c | 18 +-- drivers/block/drbd/drbd_state_change.h | 8 +- drivers/block/loop.c | 10 +- drivers/block/virtio_blk.c | 12 +- drivers/bluetooth/hci_serdev.c | 3 +- drivers/char/hw_random/atmel-rng.c | 1 + drivers/char/tpm/tpm-chip.c | 46 +----- drivers/char/tpm/tpm.h | 2 + drivers/char/tpm/tpm2-space.c | 65 ++++++++ drivers/char/virtio_console.c | 15 +- drivers/clk/actions/owl-s700.c | 1 + drivers/clk/actions/owl-s900.c | 2 +- drivers/clk/clk-clps711x.c | 2 + drivers/clk/clk.c | 24 +++ drivers/clk/loongson1/clk-loongson1c.c | 1 + drivers/clk/qcom/clk-rcg2.c | 1 + drivers/clk/qcom/gcc-ipq8074.c | 2 +- drivers/clk/qcom/gcc-msm8994.c | 1 + drivers/clk/tegra/clk-emc.c | 1 + drivers/clk/uniphier/clk-uniphier-fixed-rate.c | 1 + drivers/clocksource/acpi_pm.c | 6 +- drivers/clocksource/timer-of.c | 6 +- drivers/crypto/ccp/ccp-dmaengine.c | 16 ++ drivers/crypto/mxs-dcp.c | 2 +- drivers/crypto/vmx/Kconfig | 4 + drivers/dma/sh/shdma-base.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 10 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 16 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c | 10 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 + drivers/gpu/drm/bridge/cdns-dsi.c | 1 + drivers/gpu/drm/bridge/sil-sii8620.c | 2 +- drivers/gpu/drm/drm_edid.c | 11 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/imx/parallel-display.c | 4 +- drivers/gpu/drm/tegra/dsi.c | 4 +- drivers/hid/i2c-hid/i2c-hid-core.c | 32 +++- drivers/hv/Kconfig | 1 + drivers/hv/hv_balloon.c | 2 +- drivers/hv/vmbus_drv.c | 9 +- drivers/hwmon/pmbus/pmbus.h | 1 + drivers/hwmon/pmbus/pmbus_core.c | 18 ++- drivers/hwmon/sch56xx-common.c | 2 +- .../hwtracing/coresight/coresight-etm4x-sysfs.c | 8 +- drivers/i2c/busses/i2c-xiic.c | 3 +- drivers/i2c/muxes/i2c-demux-pinctrl.c | 5 +- drivers/iio/adc/twl6030-gpadc.c | 2 + drivers/iio/afe/iio-rescale.c | 8 +- drivers/iio/inkern.c | 40 +++-- drivers/input/input.c | 6 - drivers/iommu/arm-smmu-v3.c | 1 + drivers/irqchip/irq-gic-v3.c | 8 +- drivers/irqchip/irq-nvic.c | 2 + drivers/irqchip/qcom-pdc.c | 5 +- drivers/md/dm-crypt.c | 2 +- drivers/md/dm-ioctl.c | 2 + drivers/media/pci/cx88/cx88-mpeg.c | 3 + drivers/media/platform/coda/coda-common.c | 1 + drivers/media/platform/davinci/vpif.c | 1 + drivers/media/usb/em28xx/em28xx-cards.c | 13 +- drivers/media/usb/go7007/s2250-board.c | 10 +- drivers/media/usb/hdpvr/hdpvr-video.c | 4 +- drivers/media/usb/stk1160/stk1160-core.c | 2 +- drivers/media/usb/stk1160/stk1160-v4l.c | 10 +- drivers/media/usb/stk1160/stk1160.h | 2 +- drivers/memory/emif.c | 8 +- drivers/mfd/asic3.c | 10 +- drivers/mfd/mc13xxx-core.c | 4 +- drivers/misc/kgdbts.c | 4 +- drivers/mmc/core/host.c | 15 +- drivers/mmc/host/davinci_mmc.c | 6 +- drivers/mmc/host/renesas_sdhi_core.c | 4 +- drivers/mmc/host/sdhci-xenon.c | 10 -- drivers/mtd/nand/onenand/generic.c | 7 +- drivers/mtd/nand/raw/atmel/nand-controller.c | 14 +- drivers/mtd/ubi/build.c | 9 +- drivers/mtd/ubi/fastmap.c | 28 ++-- drivers/mtd/ubi/vmt.c | 8 +- drivers/net/can/usb/ems_usb.c | 1 - drivers/net/can/usb/mcba_usb.c | 27 ++-- drivers/net/can/vxcan.c | 2 +- drivers/net/ethernet/8390/mcf8390.c | 10 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_sriov.c | 29 +++- drivers/net/ethernet/qlogic/qed/qed_sriov.h | 1 + drivers/net/ethernet/qlogic/qede/qede_fp.c | 3 + drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.h | 10 +- .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 3 +- drivers/net/ethernet/sun/sunhme.c | 6 +- drivers/net/hamradio/6pack.c | 4 +- drivers/net/macvtap.c | 6 + drivers/net/phy/broadcom.c | 21 +++ drivers/net/wireless/ath/ath10k/wow.c | 7 +- drivers/net/wireless/ath/ath5k/eeprom.c | 3 + drivers/net/wireless/ath/ath9k/htc_hst.c | 5 + drivers/net/wireless/ath/carl9170/main.c | 2 +- .../broadcom/brcm80211/brcmfmac/firmware.c | 2 + .../wireless/broadcom/brcm80211/brcmfmac/pcie.c | 48 +----- drivers/net/wireless/intel/iwlwifi/dvm/mac80211.c | 2 +- drivers/net/wireless/ray_cs.c | 6 + drivers/parisc/dino.c | 41 ++++- drivers/parisc/gsc.c | 31 ++++ drivers/parisc/gsc.h | 1 + drivers/parisc/lasi.c | 7 +- drivers/parisc/wax.c | 7 +- drivers/pci/access.c | 9 +- drivers/pci/controller/pci-aardvark.c | 16 +- drivers/pci/hotplug/pciehp_hpc.c | 4 + drivers/perf/qcom_l2_pmu.c | 6 +- drivers/pinctrl/mediatek/pinctrl-mtk-common.c | 2 + drivers/pinctrl/nomadik/pinctrl-nomadik.c | 4 +- drivers/pinctrl/pinconf-generic.c | 6 +- drivers/pinctrl/pinctrl-rockchip.c | 2 + drivers/pinctrl/samsung/pinctrl-samsung.c | 30 +++- drivers/power/reset/gemini-poweroff.c | 4 +- drivers/power/supply/ab8500_fg.c | 4 +- drivers/power/supply/axp20x_battery.c | 13 +- drivers/power/supply/bq24190_charger.c | 7 +- drivers/power/supply/wm8350_power.c | 97 ++++++++++-- drivers/ptp/ptp_sysfs.c | 4 +- drivers/pwm/pwm-lpc18xx-sct.c | 20 ++- drivers/regulator/qcom_smd-regulator.c | 4 +- drivers/remoteproc/qcom_wcnss.c | 1 + drivers/rtc/rtc-wm8350.c | 11 +- drivers/scsi/aha152x.c | 6 +- drivers/scsi/bfa/bfad_attr.c | 26 ++-- drivers/scsi/libfc/fc_exch.c | 1 + drivers/scsi/libsas/sas_ata.c | 2 +- drivers/scsi/mvsas/mv_init.c | 4 +- drivers/scsi/pm8001/pm8001_hwi.c | 13 +- drivers/scsi/pm8001/pm80xx_hwi.c | 11 +- drivers/scsi/qla2xxx/qla_def.h | 4 + drivers/scsi/qla2xxx/qla_gs.c | 5 +- drivers/scsi/qla2xxx/qla_init.c | 40 ++++- drivers/scsi/qla2xxx/qla_isr.c | 1 + drivers/scsi/qla2xxx/qla_target.c | 1 + drivers/scsi/zorro7xx.c | 2 + drivers/soc/ti/wkup_m3_ipc.c | 4 +- drivers/spi/spi-bcm-qspi.c | 4 +- drivers/spi/spi-pxa2xx-pci.c | 17 ++- drivers/spi/spi-tegra114.c | 4 + drivers/spi/spi-tegra20-slink.c | 8 +- drivers/spi/spi.c | 4 +- drivers/staging/iio/adc/ad7280a.c | 4 +- drivers/thermal/int340x_thermal/int3400_thermal.c | 2 +- drivers/tty/hvc/hvc_iucv.c | 4 +- drivers/tty/mxser.c | 15 +- drivers/tty/serial/8250/8250_mid.c | 19 ++- drivers/tty/serial/8250/8250_port.c | 12 ++ drivers/tty/serial/kgdboc.c | 6 +- drivers/tty/serial/samsung.c | 5 +- drivers/usb/dwc3/dwc3-omap.c | 2 +- drivers/usb/host/ehci-pci.c | 9 ++ drivers/usb/host/xhci-hub.c | 2 +- drivers/usb/host/xhci-mem.c | 2 +- drivers/usb/host/xhci.c | 20 ++- drivers/usb/host/xhci.h | 7 +- drivers/usb/serial/Kconfig | 1 + drivers/usb/serial/pl2303.c | 1 + drivers/usb/serial/pl2303.h | 3 + drivers/usb/serial/usb-serial-simple.c | 7 + drivers/usb/storage/ene_ub6250.c | 155 ++++++++++--------- drivers/usb/storage/realtek_cr.c | 2 +- drivers/video/fbdev/atafb.c | 12 +- drivers/video/fbdev/cirrusfb.c | 16 +- drivers/video/fbdev/core/fbcvt.c | 53 +++---- drivers/video/fbdev/nvidia/nv_i2c.c | 2 +- .../fbdev/omap2/omapfb/displays/connector-dvi.c | 1 + .../fbdev/omap2/omapfb/displays/panel-dsi-cm.c | 8 +- .../omap2/omapfb/displays/panel-sony-acx565akm.c | 2 +- .../omap2/omapfb/displays/panel-tpo-td043mtea1.c | 4 +- drivers/video/fbdev/sm712fb.c | 46 ++---- drivers/video/fbdev/smscufx.c | 3 +- drivers/video/fbdev/udlfb.c | 8 +- drivers/video/fbdev/w100fb.c | 15 +- drivers/w1/slaves/w1_therm.c | 8 +- fs/btrfs/extent_io.h | 2 +- fs/ext2/super.c | 6 +- fs/ext4/inode.c | 25 +++ fs/f2fs/gc.c | 4 +- fs/fuse/dev.c | 12 +- fs/fuse/file.c | 1 + fs/fuse/fuse_i.h | 2 + fs/gfs2/rgrp.c | 3 +- fs/jffs2/build.c | 4 +- fs/jffs2/fs.c | 2 +- fs/jffs2/scan.c | 6 +- fs/jfs/inode.c | 3 +- fs/jfs/jfs_dmap.c | 7 + fs/minix/inode.c | 3 +- fs/nfs/callback_proc.c | 27 ++-- fs/nfs/callback_xdr.c | 4 - fs/nfs/direct.c | 48 ++++-- fs/nfs/file.c | 4 +- fs/nfs/nfs4state.c | 12 ++ fs/nfs/pnfs.c | 11 ++ fs/nfs/pnfs.h | 2 + fs/nfsd/nfsproc.c | 2 +- fs/nfsd/xdr.h | 2 +- fs/ntfs/inode.c | 4 + fs/ubifs/dir.c | 44 ++++-- fs/ubifs/io.c | 34 ++++- fs/ubifs/ioctl.c | 2 +- include/linux/blk-cgroup.h | 17 +++ include/linux/blkdev.h | 8 + include/linux/mmzone.h | 11 +- include/linux/netdevice.h | 6 +- include/linux/nfs_fs.h | 8 +- include/linux/pci.h | 1 + include/linux/sunrpc/xdr.h | 2 + include/net/arp.h | 1 + include/net/sock.h | 25 ++- include/net/xfrm.h | 11 +- include/uapi/linux/bpf.h | 4 +- init/main.c | 6 +- kernel/cgroup/cgroup-internal.h | 19 +++ kernel/cgroup/cgroup-v1.c | 33 ++-- kernel/cgroup/cgroup.c | 81 +++++++--- kernel/dma/debug.c | 4 +- kernel/events/core.c | 3 + kernel/power/hibernate.c | 2 +- kernel/power/suspend_test.c | 8 +- kernel/printk/printk.c | 6 +- kernel/ptrace.c | 47 ++++-- kernel/sched/debug.c | 10 -- lib/raid6/test/Makefile | 4 +- lib/raid6/test/test.c | 1 - lib/test_kmod.c | 1 + mm/memcontrol.c | 2 +- mm/memory.c | 42 ++++-- mm/mempolicy.c | 9 +- mm/mmap.c | 2 +- mm/mremap.c | 3 + mm/page_alloc.c | 9 +- mm/rmap.c | 25 ++- mm/usercopy.c | 5 +- net/bluetooth/hci_event.c | 3 +- net/can/raw.c | 2 +- net/ipv4/arp.c | 9 +- net/ipv4/fib_frontend.c | 5 +- net/ipv4/raw.c | 2 +- net/ipv4/tcp_output.c | 5 +- net/ipv6/raw.c | 2 +- net/ipv6/xfrm6_output.c | 16 ++ net/key/af_key.c | 6 +- net/netfilter/nf_conntrack_proto_tcp.c | 17 ++- net/netlink/af_netlink.c | 2 + net/openvswitch/actions.c | 2 +- net/openvswitch/flow_netlink.c | 8 +- net/packet/af_packet.c | 6 +- net/rxrpc/net_ns.c | 2 +- net/smc/smc_core.c | 2 +- net/sunrpc/sched.c | 4 +- net/sunrpc/xprt.c | 7 + net/sunrpc/xprtrdma/transport.c | 4 +- net/x25/af_x25.c | 11 +- net/xfrm/xfrm_interface.c | 5 +- net/xfrm/xfrm_policy.c | 32 ++-- net/xfrm/xfrm_user.c | 18 ++- security/selinux/xfrm.c | 2 +- security/smack/smack_lsm.c | 2 +- security/tomoyo/load_policy.c | 4 +- sound/firewire/fcp.c | 4 +- sound/isa/cs423x/cs4236.c | 8 +- sound/pci/hda/patch_realtek.c | 4 +- sound/soc/atmel/atmel_ssc_dai.c | 5 +- sound/soc/atmel/sam9g20_wm8731.c | 1 + sound/soc/codecs/msm8916-wcd-digital.c | 5 +- sound/soc/codecs/rt5663.c | 2 + sound/soc/codecs/wm8350.c | 28 +++- sound/soc/davinci/davinci-i2s.c | 5 +- sound/soc/fsl/imx-es8328.c | 1 + sound/soc/mxs/mxs-saif.c | 5 +- sound/soc/mxs/mxs-sgtl5000.c | 3 + sound/soc/sh/fsi.c | 19 ++- sound/soc/soc-core.c | 2 +- sound/soc/soc-generic-dmaengine-pcm.c | 6 +- sound/soc/soc-topology.c | 3 +- sound/spi/at73c213.c | 27 +++- tools/build/feature/Makefile | 9 +- tools/include/uapi/linux/bpf.h | 4 +- tools/perf/Makefile.config | 3 + tools/testing/selftests/bpf/test_lirc_mode2.sh | 5 +- tools/testing/selftests/cgroup/cgroup_util.c | 2 +- tools/testing/selftests/cgroup/test_core.c | 167 +++++++++++++++++++++ tools/testing/selftests/x86/check_cc.sh | 2 +- virt/kvm/kvm_main.c | 13 ++ 360 files changed, 2494 insertions(+), 1147 deletions(-)

2 years

15
356
0 0

[PATCH 3/9] bfq: Split shared queues on move between cgroups

by Jan Kara

When bfqq is shared by multiple processes it can happen that one of the processes gets moved to a different cgroup (or just starts submitting IO for different cgroup). In case that happens we need to split the merged bfqq as otherwise we will have IO for multiple cgroups in one bfqq and we will just account IO time to wrong entities etc. Similarly if the bfqq is scheduled to merge with another bfqq but the merge didn't happen yet, cancel the merge as it need not be valid anymore. CC: stable(a)vger.kernel.org Fixes: e21b7a0b9887 ("block, bfq: add full hierarchical scheduling and cgroups support") Signed-off-by: Jan Kara <jack(a)suse.cz> --- block/bfq-cgroup.c | 36 +++++++++++++++++++++++++++++++++--- block/bfq-iosched.c | 2 +- block/bfq-iosched.h | 1 + 3 files changed, 35 insertions(+), 4 deletions(-) diff --git a/block/bfq-cgroup.c b/block/bfq-cgroup.c index 420eda2589c0..9352f3cc2377 100644 --- a/block/bfq-cgroup.c +++ b/block/bfq-cgroup.c @@ -743,9 +743,39 @@ static struct bfq_group *__bfq_bic_change_cgroup(struct bfq_data *bfqd, } if (sync_bfqq) { - entity = &sync_bfqq->entity; - if (entity->sched_data != &bfqg->sched_data) - bfq_bfqq_move(bfqd, sync_bfqq, bfqg); + if (!sync_bfqq->new_bfqq && !bfq_bfqq_coop(sync_bfqq)) { + /* We are the only user of this bfqq, just move it */ + if (sync_bfqq->entity.sched_data != &bfqg->sched_data) + bfq_bfqq_move(bfqd, sync_bfqq, bfqg); + } else { + struct bfq_queue *bfqq; + + /* + * The queue was merged to a different queue. Check + * that the merge chain still belongs to the same + * cgroup. + */ + for (bfqq = sync_bfqq; bfqq; bfqq = bfqq->new_bfqq) + if (bfqq->entity.sched_data != + &bfqg->sched_data) + break; + if (bfqq) { + /* + * Some queue changed cgroup so the merge is + * not valid anymore. We cannot easily just + * cancel the merge (by clearing new_bfqq) as + * there may be other processes using this + * queue and holding refs to all queues below + * sync_bfqq->new_bfqq. Similarly if the merge + * already happened, we need to detach from + * bfqq now so that we cannot merge bio to a + * request from the old cgroup. + */ + bfq_put_cooperator(sync_bfqq); + bfq_release_process_ref(bfqd, sync_bfqq); + bic_set_bfqq(bic, NULL, 1); + } + } } return bfqg; diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index 7d00b21ebe5d..89fe3f85eb3c 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -5315,7 +5315,7 @@ static void bfq_put_stable_ref(struct bfq_queue *bfqq) bfq_put_queue(bfqq); } -static void bfq_put_cooperator(struct bfq_queue *bfqq) +void bfq_put_cooperator(struct bfq_queue *bfqq) { struct bfq_queue *__bfqq, *next; diff --git a/block/bfq-iosched.h b/block/bfq-iosched.h index 3b83e3d1c2e5..a56763045d19 100644 --- a/block/bfq-iosched.h +++ b/block/bfq-iosched.h @@ -979,6 +979,7 @@ void bfq_weights_tree_remove(struct bfq_data *bfqd, void bfq_bfqq_expire(struct bfq_data *bfqd, struct bfq_queue *bfqq, bool compensate, enum bfqq_expiration reason); void bfq_put_queue(struct bfq_queue *bfqq); +void bfq_put_cooperator(struct bfq_queue *bfqq); void bfq_end_wr_async_queues(struct bfq_data *bfqd, struct bfq_group *bfqg); void bfq_release_process_ref(struct bfq_data *bfqd, struct bfq_queue *bfqq); void bfq_schedule_dispatch(struct bfq_data *bfqd); -- 2.34.1

2 years

2
3
0 0

[PATCH] ext4: fix a NULL pointer when validating an inode bitmap

by Luís Henriques

It's possible to hit a NULL pointer exception while accessing the sb->s_group_info in ext4_validate_inode_bitmap(), when calling ext4_get_group_info(). EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended EXT4-fs error (device loop0): ext4_clear_blocks:866: inode #32: comm mount: attempt to clear invalid blocks 16777450 len 1 EXT4-fs error (device loop0): ext4_free_branches:1012: inode #32: comm mount: invalid indirect mapped block 1258291200 (level 1) EXT4-fs error (device loop0): ext4_free_branches:1012: inode #32: comm mount: invalid indirect mapped block 7379847 (level 2) BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:ext4_read_inode_bitmap+0x21b/0x5a0 ... Call Trace: <TASK> ext4_free_inode+0x172/0x5c0 ext4_evict_inode+0x4a5/0x730 evict+0xc1/0x1c0 ext4_setup_system_zone+0x2ea/0x380 ext4_fill_super+0x249f/0x3910 ? ext4_reconfigure+0x880/0x880 ? snprintf+0x49/0x60 ? ext4_reconfigure+0x880/0x880 get_tree_bdev+0x169/0x260 vfs_get_tree+0x16/0x70 path_mount+0x77d/0xa30 __x64_sys_mount+0x101/0x140 do_syscall_64+0x3c/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Fix the issue by adding an extra NULL check. And, while there, also ensure the right error code (-EFSCORRUPTED) is propagated to user-space. EUCLEAN is more informative than ENOMEM. CC: stable(a)vger.kernel.org Link: https://bugzilla.kernel.org/show_bug.cgi?id=216541 Signed-off-by: Luís Henriques <lhenriques(a)suse.de> --- fs/ext4/ext4.h | 17 ++++++++++------- fs/ext4/ialloc.c | 2 +- fs/ext4/indirect.c | 14 ++++++++++++-- 3 files changed, 23 insertions(+), 10 deletions(-) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index 3bf9a6926798..91317f592999 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -3323,13 +3323,16 @@ static inline struct ext4_group_info *ext4_get_group_info(struct super_block *sb, ext4_group_t group) { - struct ext4_group_info **grp_info; - long indexv, indexh; - BUG_ON(group >= EXT4_SB(sb)->s_groups_count); - indexv = group >> (EXT4_DESC_PER_BLOCK_BITS(sb)); - indexh = group & ((EXT4_DESC_PER_BLOCK(sb)) - 1); - grp_info = sbi_array_rcu_deref(EXT4_SB(sb), s_group_info, indexv); - return grp_info[indexh]; + struct ext4_group_info **grp_info; + long indexv, indexh; + + BUG_ON(group >= EXT4_SB(sb)->s_groups_count); + if (!EXT4_SB(sb)->s_group_info) + return NULL; + indexv = group >> (EXT4_DESC_PER_BLOCK_BITS(sb)); + indexh = group & ((EXT4_DESC_PER_BLOCK(sb)) - 1); + grp_info = sbi_array_rcu_deref(EXT4_SB(sb), s_group_info, indexv); + return grp_info[indexh]; } /* diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c index 208b87ce8858..0e8d35d05b69 100644 --- a/fs/ext4/ialloc.c +++ b/fs/ext4/ialloc.c @@ -91,7 +91,7 @@ static int ext4_validate_inode_bitmap(struct super_block *sb, if (buffer_verified(bh)) return 0; - if (EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) + if (!grp || EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) return -EFSCORRUPTED; ext4_lock_group(sb, block_group); diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c index 860fc5119009..e5ac5c2363df 100644 --- a/fs/ext4/indirect.c +++ b/fs/ext4/indirect.c @@ -148,6 +148,7 @@ static Indirect *ext4_get_branch(struct inode *inode, int depth, struct super_block *sb = inode->i_sb; Indirect *p = chain; struct buffer_head *bh; + unsigned int key; int ret = -EIO; *err = 0; @@ -156,9 +157,18 @@ static Indirect *ext4_get_branch(struct inode *inode, int depth, if (!p->key) goto no_block; while (--depth) { - bh = sb_getblk(sb, le32_to_cpu(p->key)); + key = le32_to_cpu(p->key); + bh = sb_getblk(sb, key); if (unlikely(!bh)) { - ret = -ENOMEM; + /* + * sb_getblk() masks different errors by always + * returning NULL. Let's distinguish at least the case + * where the block is out of range. + */ + if (key > ext4_blocks_count(EXT4_SB(sb)->s_es)) + ret = -EFSCORRUPTED; + else + ret = -ENOMEM; goto failure; }

2 years

3
14
0 0

[PATCH 4.9 00/42] 4.9.328-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.328 release. There are 42 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 15 Sep 2022 14:03:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.328-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.328-rc1 NeilBrown <neilb(a)suse.de> SUNRPC: use _bh spinlocking on ->transport_lock Yang Ling <gnaygnil(a)gmail.com> MIPS: loongson32: ls1c: Fix hang during startup Johan Hovold <johan+linaro(a)kernel.org> usb: dwc3: fix PHY disable sequence Toke Høiland-Jørgensen <toke(a)toke.dk> sch_sfb: Also store skb len before calling child enqueue Neal Cardwell <ncardwell(a)google.com> tcp: fix early ETIMEDOUT after spurious non-SACK RTO Dan Carpenter <dan.carpenter(a)oracle.com> tipc: fix shift wrapping bug in map_get() Toke Høiland-Jørgensen <toke(a)toke.dk> sch_sfb: Don't assume the skb is still around after enqueueing to child David Leadbeater <dgl(a)dgl.cx> netfilter: nf_conntrack_irc: Fix forged IP logic Harsh Modi <harshmodi(a)google.com> netfilter: br_netfilter: Drop dst references before setting. Isaac J. Manjarres <isaacmanjarres(a)google.com> driver core: Don't probe devices after bus_type.match() probe deferral Sreekanth Reddy <sreekanth.reddy(a)broadcom.com> scsi: mpt3sas: Fix use-after-free warning Dongxiang Ke <kdx.glider(a)gmail.com> ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() Pattara Teerapong <pteerapong(a)chromium.org> ALSA: aloop: Fix random zeros in capture data when using jiffies timer Tasos Sahanidis <tasos(a)tasossah.com> ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() Yang Yingliang <yangyingliang(a)huawei.com> fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() Helge Deller <deller(a)gmx.de> parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines Li Qiong <liqiong(a)nfschina.com> parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() Zhenneng Li <lizhenneng(a)kylinos.cn> drm/radeon: add a force flush to delay work when radeon Yee Lee <yee.lee(a)mediatek.com> Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()" Linus Torvalds <torvalds(a)linux-foundation.org> fs: only do a memory barrier for the first set_buffer_uptodate() Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix data-race at module auto-loading Takashi Iwai <tiwai(a)suse.de> ALSA: seq: oss: Fix data-race for max_midi_devs access Miquel Raynal <miquel.raynal(a)bootlin.com> net: mac802154: Fix a condition in the receive path Siddh Raman Pant <code(a)siddh.me> wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS Alan Stern <stern(a)rowland.harvard.edu> USB: core: Prevent nested device-reset calls Josh Poimboeuf <jpoimboe(a)kernel.org> s390: fix nospec table alignments Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages Witold Lipieta <witold.lipieta(a)thaumatec.com> usb-storage: Add ignore-residue quirk for NXP PN7462AU Thierry GUIBERT <thierry.guibert(a)croix-rouge.fr> USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode Yan Xinyu <sdlyyxy(a)bupt.edu.cn> USB: serial: option: add support for OPPO R11 diag port Johan Hovold <johan(a)kernel.org> USB: serial: cp210x: add Decagon UCA device id Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Add grace period after xHC start to prevent premature runtime suspend. Armin Wolf <W_Armin(a)gmx.de> hwmon: (gpio-fan) Fix array out of bounds access Niek Nooijens <niek.nooijens(a)omron.com> USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id Helge Deller <deller(a)gmx.de> vt: Clear selection before changing the font Dan Carpenter <dan.carpenter(a)oracle.com> staging: rtl8712: fix use after free bugs Shenwei Wang <shenwei.wang(a)nxp.com> serial: fsl_lpuart: RS485 RTS polariy is inverse Dan Carpenter <dan.carpenter(a)oracle.com> wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask Letu Ren <fantasquex(a)gmail.com> fbdev: fb_pm2fb: Avoid potential divide by zero error ------------- Diffstat: Makefile | 4 +-- arch/mips/loongson32/ls1c/board.c | 1 - arch/parisc/kernel/head.S | 43 +++++++++++++++++++++++++++- arch/s390/include/asm/hugetlb.h | 6 ++-- arch/s390/kernel/vmlinux.lds.S | 1 + arch/x86/include/asm/pmc_atom.h | 6 ++-- arch/x86/platform/atom/pmc_atom.c | 2 +- drivers/base/dd.c | 10 +++++++ drivers/gpu/drm/radeon/radeon_device.c | 3 ++ drivers/hwmon/gpio-fan.c | 3 ++ drivers/parisc/ccio-dma.c | 11 +++++-- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +- drivers/staging/rtl8712/rtl8712_cmd.c | 36 ----------------------- drivers/tty/serial/fsl_lpuart.c | 4 +-- drivers/tty/vt/vt.c | 12 +++++--- drivers/usb/class/cdc-acm.c | 3 ++ drivers/usb/core/hub.c | 10 +++++++ drivers/usb/dwc3/core.c | 20 ++++++------- drivers/usb/gadget/function/storage_common.c | 6 ++-- drivers/usb/host/xhci-hub.c | 11 +++++++ drivers/usb/host/xhci.c | 4 ++- drivers/usb/host/xhci.h | 2 +- drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/ftdi_sio.c | 2 ++ drivers/usb/serial/ftdi_sio_ids.h | 6 ++++ drivers/usb/serial/option.c | 11 +++++++ drivers/usb/storage/unusual_devs.h | 7 +++++ drivers/video/fbdev/chipsfb.c | 1 + drivers/video/fbdev/pm2fb.c | 5 ++++ include/linux/buffer_head.h | 11 +++++++ include/linux/usb.h | 2 ++ mm/kmemleak.c | 8 +++--- net/bridge/br_netfilter_hooks.c | 2 ++ net/bridge/br_netfilter_ipv6.c | 1 + net/ipv4/tcp_input.c | 25 +++++++++++----- net/mac80211/ibss.c | 4 +++ net/mac802154/rx.c | 2 +- net/netfilter/nf_conntrack_irc.c | 5 ++-- net/sched/sch_sfb.c | 13 +++++---- net/sunrpc/xprt.c | 4 +-- net/tipc/monitor.c | 2 +- net/wireless/debugfs.c | 3 +- sound/core/seq/oss/seq_oss_midi.c | 2 ++ sound/core/seq/seq_clientmgr.c | 12 ++++---- sound/drivers/aloop.c | 7 +++-- sound/pci/emu10k1/emupcm.c | 2 +- sound/usb/stream.c | 2 +- 47 files changed, 236 insertions(+), 104 deletions(-)

2 years

7
49
0 0

Re: [PATCH 5.4 051/389] epoll: autoremove wakers even more aggressively

by Shakeel Butt

On Wed, Oct 26, 2022 at 11:44 AM Michele Jr De Candia <mdecandia(a)gmail.com> wrote: > > Hi Greg, > sorry for the confusion. > > I'm running a container-based app on top of Ubuntu Linux 20.04 and linux kernel 5.4 always updated with latest patches. > > Updating from 5.4.210 to 5.4.211 we faced the hang up issue and searching for the cause we have tested that > hangup occurs only with this patch > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… > > While understanding root cause, wt the moment we reverted it and hang up does not occurs (actually we are running 5.4.219 without that patch). > > Michele > Hi Michele, can you try the latest upstream kernel and see if the issue repro ther? Also is it possible to provide a simplified repro of the issue? Shakeel

2 years

3
2
0 0

[PATCH 2/5] pwm: jz4740: Fix pin level of disabled TCU2 channels, part 2

by Paul Cercueil

After commit a020f22a4ff5 ("pwm: jz4740: Make PWM start with the active part"), the trick to set duty > period to properly shut down TCU2 channels did not work anymore, because of the polarity inversion. Address this issue by restoring the proper polarity before disabling the channels. Fixes: a020f22a4ff5 ("pwm: jz4740: Make PWM start with the active part") Signed-off-by: Paul Cercueil <paul(a)crapouillou.net> Cc: stable(a)vger.kernel.org --- drivers/pwm/pwm-jz4740.c | 62 ++++++++++++++++++++++++++-------------- 1 file changed, 40 insertions(+), 22 deletions(-) diff --git a/drivers/pwm/pwm-jz4740.c b/drivers/pwm/pwm-jz4740.c index 228eb104bf1e..65462a0052af 100644 --- a/drivers/pwm/pwm-jz4740.c +++ b/drivers/pwm/pwm-jz4740.c @@ -97,6 +97,19 @@ static int jz4740_pwm_enable(struct pwm_chip *chip, struct pwm_device *pwm) return 0; } +static void jz4740_pwm_set_polarity(struct jz4740_pwm_chip *jz, + unsigned int hwpwm, + enum pwm_polarity polarity) +{ + unsigned int value = 0; + + if (polarity == PWM_POLARITY_INVERSED) + value = TCU_TCSR_PWM_INITL_HIGH; + + regmap_update_bits(jz->map, TCU_REG_TCSRc(hwpwm), + TCU_TCSR_PWM_INITL_HIGH, value); +} + static void jz4740_pwm_disable(struct pwm_chip *chip, struct pwm_device *pwm) { struct jz4740_pwm_chip *jz = to_jz4740(chip); @@ -130,6 +143,7 @@ static int jz4740_pwm_apply(struct pwm_chip *chip, struct pwm_device *pwm, unsigned long long tmp = 0xffffull * NSEC_PER_SEC; struct clk *clk = pwm_get_chip_data(pwm); unsigned long period, duty; + enum pwm_polarity polarity; long rate; int err; @@ -169,6 +183,9 @@ static int jz4740_pwm_apply(struct pwm_chip *chip, struct pwm_device *pwm, if (duty >= period) duty = period - 1; + /* Restore regular polarity before disabling the channel. */ + jz4740_pwm_set_polarity(jz4740, pwm->hwpwm, state->polarity); + jz4740_pwm_disable(chip, pwm); err = clk_set_rate(clk, rate); @@ -190,29 +207,30 @@ static int jz4740_pwm_apply(struct pwm_chip *chip, struct pwm_device *pwm, regmap_update_bits(jz4740->map, TCU_REG_TCSRc(pwm->hwpwm), TCU_TCSR_PWM_SD, TCU_TCSR_PWM_SD); - /* - * Set polarity. - * - * The PWM starts in inactive state until the internal timer reaches the - * duty value, then becomes active until the timer reaches the period - * value. In theory, we should then use (period - duty) as the real duty - * value, as a high duty value would otherwise result in the PWM pin - * being inactive most of the time. - * - * Here, we don't do that, and instead invert the polarity of the PWM - * when it is active. This trick makes the PWM start with its active - * state instead of its inactive state. - */ - if ((state->polarity == PWM_POLARITY_NORMAL) ^ state->enabled) - regmap_update_bits(jz4740->map, TCU_REG_TCSRc(pwm->hwpwm), - TCU_TCSR_PWM_INITL_HIGH, 0); - else - regmap_update_bits(jz4740->map, TCU_REG_TCSRc(pwm->hwpwm), - TCU_TCSR_PWM_INITL_HIGH, - TCU_TCSR_PWM_INITL_HIGH); - - if (state->enabled) + if (state->enabled) { + /* + * Set polarity. + * + * The PWM starts in inactive state until the internal timer + * reaches the duty value, then becomes active until the timer + * reaches the period value. In theory, we should then use + * (period - duty) as the real duty value, as a high duty value + * would otherwise result in the PWM pin being inactive most of + * the time. + * + * Here, we don't do that, and instead invert the polarity of + * the PWM when it is active. This trick makes the PWM start + * with its active state instead of its inactive state. + */ + if (state->polarity == PWM_POLARITY_NORMAL) + polarity = PWM_POLARITY_INVERSED; + else + polarity = PWM_POLARITY_NORMAL; + + jz4740_pwm_set_polarity(jz4740, pwm->hwpwm, polarity); + jz4740_pwm_enable(chip, pwm); + } return 0; } -- 2.35.1

2 years

3
9
0 0

[PATCH] ext4: Add extend check to prevent BUG() in ext4_es_end

by Tadeusz Struk

Syzbot reported an issue with ext4 extents. The reproducer creates a corrupted ext4 fs image in memory, and mounts it as a loop device. It invokes the ext4_cache_extents() and ext4_find_extent(), which eventually triggers a BUG() in ext4_es_end() causing a kernel crash. It triggers on mainline, and every kernel version back to v4.14. Add a call ext4_ext_check_inode() in ext4_find_extent() to prevent the crash. To: "Theodore Ts'o" <tytso(a)mit.edu> Cc: "Andreas Dilger" <adilger.kernel(a)dilger.ca> Cc: <linux-ext4(a)vger.kernel.org> Cc: <linux-kernel(a)vger.kernel.org> Cc: <stable(a)vger.kernel.org> Link: https://syzkaller.appspot.com/bug?id=641e7a4b900015c5d7a729d6cc1fba7a928a88… Reported-by: syzbot+a22dc4b0744ac658ed9b(a)syzkaller.appspotmail.com Signed-off-by: Tadeusz Struk <tadeusz.struk(a)linaro.org> --- fs/ext4/extents.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 5235974126bd..c7b5a11e1abc 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -897,6 +897,12 @@ ext4_find_extent(struct inode *inode, ext4_lblk_t block, goto err; } + ret = ext4_ext_check_inode(inode); + if (ret) { + EXT4_ERROR_INODE(inode, "inode has invalid extent"); + goto err; + } + if (path) { ext4_ext_drop_refs(path); if (depth > path[0].p_maxdepth) { -- 2.37.3

2 years

2
2
0 0

[PATCH v2] mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type()

by Alexander A Sverdlin

From: Alexander Sverdlin <alexander.sverdlin(a)nokia.com> Erase can be zeroed in spi_nor_parse_4bait() or spi_nor_init_non_uniform_erase_map(). In practice it happened with mt25qu256a, which supports 4K, 32K, 64K erases with 3b address commands, but only 4K and 64K erase with 4b address commands. Fixes: dc92843159a7 ("mtd: spi-nor: fix erase_type array to indicate current map conf") Cc: stable(a)vger.kernel.org Signed-off-by: Alexander Sverdlin <alexander.sverdlin(a)nokia.com> --- Changes in v2: erase->opcode -> erase->size drivers/mtd/spi-nor/core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/mtd/spi-nor/core.c b/drivers/mtd/spi-nor/core.c index 88dd090..183ea9d 100644 --- a/drivers/mtd/spi-nor/core.c +++ b/drivers/mtd/spi-nor/core.c @@ -1400,6 +1400,8 @@ spi_nor_find_best_erase_type(const struct spi_nor_erase_map *map, continue; erase = &map->erase_type[i]; + if (!erase->size) + continue; /* Alignment is not mandatory for overlaid regions */ if (region->offset & SNOR_OVERLAID_REGION && -- 2.10.2

2 years, 1 month

4
5
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2022