July 2022 - Linux-stable-mirror

[RESEND][PATCH v2] PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge

by Maciej W. Rozycki

Fix an issue with the Tyan Tomcat IV S1564D system, the BIOS of which does not assign PCI buses beyond #2, where our resource reallocation code preserves the reset default of an I/O BAR assignment outside its upstream PCI-to-PCI bridge's I/O forwarding range for device 06:08.0 in this log: pci_bus 0000:00: max bus depth: 4 pci_try_num: 5 [...] pci 0000:06:08.0: BAR 4: no space for [io size 0x0020] pci 0000:06:08.0: BAR 4: trying firmware assignment [io 0xfce0-0xfcff] pci 0000:06:08.0: BAR 4: assigned [io 0xfce0-0xfcff] pci 0000:06:08.1: BAR 4: no space for [io size 0x0020] pci 0000:06:08.1: BAR 4: trying firmware assignment [io 0xfce0-0xfcff] pci 0000:06:08.1: BAR 4: [io 0xfce0-0xfcff] conflicts with 0000:06:08.0 [io 0xfce0-0xfcff] pci 0000:06:08.1: BAR 4: failed to assign [io size 0x0020] pci 0000:05:00.0: PCI bridge to [bus 06] pci 0000:05:00.0: bridge window [mem 0xd8000000-0xd85fffff] [...] pci 0000:00:11.0: PCI bridge to [bus 01-06] pci 0000:00:11.0: bridge window [io 0xe000-0xefff] pci 0000:00:11.0: bridge window [mem 0xd8000000-0xdfffffff] pci 0000:00:11.0: bridge window [mem 0xa8000000-0xafffffff 64bit pref] pci_bus 0000:00: No. 2 try to assign unassigned res [...] pci 0000:06:08.1: BAR 4: no space for [io size 0x0020] pci 0000:06:08.1: BAR 4: trying firmware assignment [io 0xfce0-0xfcff] pci 0000:06:08.1: BAR 4: [io 0xfce0-0xfcff] conflicts with 0000:06:08.0 [io 0xfce0-0xfcff] pci 0000:06:08.1: BAR 4: failed to assign [io size 0x0020] pci 0000:05:00.0: PCI bridge to [bus 06] pci 0000:05:00.0: bridge window [mem 0xd8000000-0xd85fffff] [...] pci 0000:00:11.0: PCI bridge to [bus 01-06] pci 0000:00:11.0: bridge window [io 0xe000-0xefff] pci 0000:00:11.0: bridge window [mem 0xd8000000-0xdfffffff] pci 0000:00:11.0: bridge window [mem 0xa8000000-0xafffffff 64bit pref] pci_bus 0000:00: No. 3 try to assign unassigned res pci 0000:00:11.0: resource 7 [io 0xe000-0xefff] released [...] pci 0000:06:08.1: BAR 4: assigned [io 0x2000-0x201f] pci 0000:05:00.0: PCI bridge to [bus 06] pci 0000:05:00.0: bridge window [io 0x2000-0x2fff] pci 0000:05:00.0: bridge window [mem 0xd8000000-0xd85fffff] [...] pci 0000:00:11.0: PCI bridge to [bus 01-06] pci 0000:00:11.0: bridge window [io 0x1000-0x2fff] pci 0000:00:11.0: bridge window [mem 0xd8000000-0xdfffffff] pci 0000:00:11.0: bridge window [mem 0xa8000000-0xafffffff 64bit pref] pci_bus 0000:00: resource 4 [io 0x0000-0xffff] pci_bus 0000:00: resource 5 [mem 0x00000000-0xffffffff] pci_bus 0000:01: resource 0 [io 0x1000-0x2fff] pci_bus 0000:01: resource 1 [mem 0xd8000000-0xdfffffff] pci_bus 0000:01: resource 2 [mem 0xa8000000-0xafffffff 64bit pref] pci_bus 0000:02: resource 0 [io 0x1000-0x2fff] pci_bus 0000:02: resource 1 [mem 0xd8000000-0xd8bfffff] pci_bus 0000:04: resource 0 [io 0x1000-0x1fff] pci_bus 0000:04: resource 1 [mem 0xd8600000-0xd8afffff] pci_bus 0000:05: resource 0 [io 0x2000-0x2fff] pci_bus 0000:05: resource 1 [mem 0xd8000000-0xd85fffff] pci_bus 0000:06: resource 0 [io 0x2000-0x2fff] pci_bus 0000:06: resource 1 [mem 0xd8000000-0xd85fffff] -- note that the assignment of 0xfce0-0xfcff is outside the range of 0x2000-0x2fff assigned to bus #6: 05:00.0 PCI bridge: Texas Instruments XIO2000(A)/XIO2200A PCI Express-to-PCI Bridge (rev 03) (prog-if 00 [Normal decode]) Flags: bus master, fast devsel, latency 0 Bus: primary=05, secondary=06, subordinate=06, sec-latency=0 I/O behind bridge: 00002000-00002fff Memory behind bridge: d8000000-d85fffff Capabilities: [50] Power Management version 2 Capabilities: [60] Message Signalled Interrupts: 64bit+ Queue=0/4 Enable- Capabilities: [80] #0d [0000] Capabilities: [90] Express PCI/PCI-X Bridge IRQ 0 06:08.0 USB controller: VIA Technologies, Inc. VT82xx/62xx/VX700/8x0/900 UHCI USB 1.1 Controller (rev 61) (prog-if 00 [UHCI]) Subsystem: VIA Technologies, Inc. VT82xx/62xx/VX700/8x0/900 UHCI USB 1.1 Controller Flags: bus master, medium devsel, latency 22, IRQ 5 I/O ports at fce0 [size=32] Capabilities: [80] Power Management version 2 06:08.1 USB controller: VIA Technologies, Inc. VT82xx/62xx/VX700/8x0/900 UHCI USB 1.1 Controller (rev 61) (prog-if 00 [UHCI]) Subsystem: VIA Technologies, Inc. VT82xx/62xx/VX700/8x0/900 UHCI USB 1.1 Controller Flags: bus master, medium devsel, latency 22, IRQ 5 I/O ports at 2000 [size=32] Capabilities: [80] Power Management version 2 Since both 06:08.0 and 06:08.1 have the same reset defaults the latter device escapes its fate and gets a good assignment owing to an address conflict with the former device. Consequently when the device driver tries to access 06:08.0 according to its designated address range it pokes at an unassigned I/O location, likely subtractively decoded by the southbridge and forwarded to ISA, causing the driver to become confused and bail out: uhci_hcd 0000:06:08.0: host system error, PCI problems? uhci_hcd 0000:06:08.0: host controller process error, something bad happened! uhci_hcd 0000:06:08.0: host controller halted, very bad! uhci_hcd 0000:06:08.0: HCRESET not completed yet! uhci_hcd 0000:06:08.0: HC died; cleaning up if good luck happens or if bad luck does, an infinite flood of messages: uhci_hcd 0000:06:08.0: host system error, PCI problems? uhci_hcd 0000:06:08.0: host controller process error, something bad happened! uhci_hcd 0000:06:08.0: host system error, PCI problems? uhci_hcd 0000:06:08.0: host controller process error, something bad happened! uhci_hcd 0000:06:08.0: host system error, PCI problems? uhci_hcd 0000:06:08.0: host controller process error, something bad happened! [...] making the system virtually unusuable. This is because we have code to deal with a situation from PR #16263, where broken ACPI firmware reports the wrong address range for the host bridge's decoding window and trying to adjust to the window causes more breakage than leaving the BIOS assignments intact. This may work for a device directly on the root bus decoded by the host bridge only, but for a device behind one or more PCI-to-PCI (or CardBus) bridges those bridges' forwarding windows have been standardised and need to be respected, or leaving whatever has been there in a downstream device's BAR will have no effect as cycles for the addresses recorded there will have no chance to appear on the bus the device has been immediately attached to. Make sure then for a device behind a PCI-to-PCI bridge that any firmware assignment is within the bridge's relevant forwarding window or do not restore the assignment, fixing the system concerned as follows: pci_bus 0000:00: max bus depth: 4 pci_try_num: 5 [...] pci 0000:06:08.0: BAR 4: no space for [io size 0x0020] pci 0000:06:08.0: BAR 4: failed to assign [io 0xfce0-0xfcff] pci 0000:06:08.1: BAR 4: no space for [io size 0x0020] pci 0000:06:08.1: BAR 4: failed to assign [io 0xfce0-0xfcff] [...] pci_bus 0000:00: No. 2 try to assign unassigned res [...] pci 0000:06:08.0: BAR 4: no space for [io size 0x0020] pci 0000:06:08.0: BAR 4: failed to assign [io 0xfce0-0xfcff] pci 0000:06:08.1: BAR 4: no space for [io size 0x0020] pci 0000:06:08.1: BAR 4: failed to assign [io 0xfce0-0xfcff] [...] pci_bus 0000:00: No. 3 try to assign unassigned res [...] pci 0000:06:08.0: BAR 4: assigned [io 0x2000-0x201f] pci 0000:06:08.1: BAR 4: assigned [io 0x2020-0x203f] and making device 06:08.0 work correctly. Cf. <https://bugzilla.kernel.org/show_bug.cgi?id=16263> Signed-off-by: Maciej W. Rozycki <macro(a)orcam.me.uk> Fixes: 58c84eda0756 ("PCI: fall back to original BIOS BAR addresses") Cc: stable(a)vger.kernel.org # v2.6.35+ --- Hi, Resending this patch as it has gone into void. Patch re-verified against 5.17-rc2. For the record the system's bus topology is as follows: -[0000:00]-+-00.0 +-07.0 +-07.1 +-07.2 +-11.0-[0000:01-06]----00.0-[0000:02-06]--+-00.0-[0000:03]-- | +-01.0-[0000:04]--+-00.0 | | \-00.3 | \-02.0-[0000:05-06]----00.0-[0000:06]--+-05.0 | +-08.0 | +-08.1 | \-08.2 +-12.0 +-13.0 \-14.0 Maciej Changes from v1: - Do restore firmware BAR assignments behind a PCI-PCI bridge, but only if within the bridge's forwarding window. - Update the change description and heading accordingly (was: PCI: Do not restore firmware BAR assignments behind a PCI-PCI bridge). --- drivers/pci/setup-res.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) linux-pci-setup-res-fw-address-nobridge.diff Index: linux-macro/drivers/pci/setup-res.c =================================================================== --- linux-macro.orig/drivers/pci/setup-res.c +++ linux-macro/drivers/pci/setup-res.c @@ -212,9 +212,19 @@ static int pci_revert_fw_address(struct res->end = res->start + size - 1; res->flags &= ~IORESOURCE_UNSET; + /* + * If we're behind a P2P or CardBus bridge, make sure we're + * inside the relevant forwarding window, or otherwise the + * assignment must have been bogus and accesses intended for + * the range assigned would not reach the device anyway. + * On the root bus accept anything under the assumption the + * host bridge will let it through. + */ root = pci_find_parent_resource(dev, res); if (!root) { - if (res->flags & IORESOURCE_IO) + if (dev->bus->parent) + return -ENXIO; + else if (res->flags & IORESOURCE_IO) root = &ioport_resource; else root = &iomem_resource;

2 years, 2 months

2
8
0 0

[PATCH v3] dmaengine: mxs: fix driver registering

by Dario Binacchi

Driver registration fails on SOC imx8mn as its supplier, the clock control module, is not ready. Since platform_driver_probe(), as reported by its description, is incompatible with deferred probing, we have to use platform_driver_register(). Fixes: a580b8c5429a ("dmaengine: mxs-dma: add dma support for i.MX23/28") Co-developed-by: Michael Trimarchi <michael(a)amarulasolutions.com> Signed-off-by: Michael Trimarchi <michael(a)amarulasolutions.com> Signed-off-by: Dario Binacchi <dario.binacchi(a)amarulasolutions.com> Cc: stable(a)vger.kernel.org --- Changes in v3: - Restore __init in front of mxs_dma_init() definition. Changes in v2: - Add the tag "Cc: stable(a)vger.kernel.org" in the sign-off area. drivers/dma/mxs-dma.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/drivers/dma/mxs-dma.c b/drivers/dma/mxs-dma.c index 994fc4d2aca4..6e90540fedc4 100644 --- a/drivers/dma/mxs-dma.c +++ b/drivers/dma/mxs-dma.c @@ -741,7 +741,7 @@ static struct dma_chan *mxs_dma_xlate(struct of_phandle_args *dma_spec, ofdma->of_node); } -static int __init mxs_dma_probe(struct platform_device *pdev) +static int mxs_dma_probe(struct platform_device *pdev) { struct device_node *np = pdev->dev.of_node; const struct mxs_dma_type *dma_type; @@ -839,10 +839,7 @@ static struct platform_driver mxs_dma_driver = { .name = "mxs-dma", .of_match_table = mxs_dma_dt_ids, }, + .probe = mxs_dma_probe, }; -static int __init mxs_dma_module_init(void) -{ - return platform_driver_probe(&mxs_dma_driver, mxs_dma_probe); -} -subsys_initcall(mxs_dma_module_init); +module_platform_driver(mxs_dma_driver); -- 2.32.0

2 years, 2 months

3
2
0 0

[PATCH 4.14 000/284] 4.14.276-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.276 release. There are 284 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 20 Apr 2022 12:11:14 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.276-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.276-rc1 Martin Povišer <povik+lin(a)cutebit.org> i2c: pasemi: Wait for write xfers to finish Nadav Amit <namit(a)vmware.com> smp: Fix offline cpu check in flush_smp_call_function_queue() Nathan Chancellor <nathan(a)kernel.org> ARM: davinci: da850-evm: Avoid NULL pointer dereference Fabio M. De Francesco <fmdefrancesco(a)gmail.com> ALSA: pcm: Test for "silence" field in struct "pcm_format_data" Jason A. Donenfeld <Jason(a)zx2c4.com> gcc-plugins: latent_entropy: use /dev/urandom Patrick Wang <patrick.wang.shcn(a)gmail.com> mm: kmemleak: take a full lowmem check in kmemleak_*_phys() Juergen Gross <jgross(a)suse.com> mm, page_alloc: fix build_zonerefs_node() Duoming Zhou <duoming(a)zju.edu.cn> drivers: net: slip: fix NPD bug in sl_tx_timeout() Alexey Galakhov <agalakhov(a)gmail.com> scsi: mvsas: Add PCI ID of RocketRaid 2640 Leo Ruan <tingquan.ruan(a)cn.bosch.com> gpu: ipu-v3: Fix dev_dbg frequency output Christian Lamparter <chunkeey(a)gmail.com> ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs Randy Dunlap <rdunlap(a)infradead.org> net: micrel: fix KS8851_MLL Kconfig Tyrel Datwyler <tyreld(a)linux.ibm.com> scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 Xiaoguang Wang <xiaoguang.wang(a)linux.alibaba.com> scsi: target: tcmu: Fix possible page UAF Michael Kelley <mikelley(a)microsoft.com> Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer QintaoShen <unSimple1993(a)163.com> drm/amdkfd: Check for potential null return of kmalloc_array() Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd: Add USBC connector ID Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> cifs: potential buffer overflow in handling symlinks Lin Ma <linma(a)zju.edu.cn> nfc: nci: add flush_workqueue to prevent uaf Dinh Nguyen <dinguyen(a)kernel.org> net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link Vadim Pasternak <vadimp(a)nvidia.com> mlxsw: i2c: Fix initialization error flow Linus Torvalds <torvalds(a)linux-foundation.org> gpiolib: acpi: use correct format characters Guillaume Nault <gnault(a)redhat.com> veth: Ensure eth header is in skb's linear part Miaoqian Lin <linmq006(a)gmail.com> memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe Xin Long <lucien.xin(a)gmail.com> xfrm: policy: match with both mark and mask on user interfaces Tejun Heo <tj(a)kernel.org> cgroup: Use open-time cgroup namespace for process migration perm checks Tejun Heo <tj(a)kernel.org> cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv Tejun Heo <tj(a)kernel.org> cgroup: Use open-time credentials for process migraton perm checks Waiman Long <longman(a)redhat.com> mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning Fangrui Song <maskray(a)google.com> arm64: module: remove (NOLOAD) from linker script Peter Xu <peterx(a)redhat.com> mm: don't skip swap entry even if zap_details specified Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error" Arnaldo Carvalho de Melo <acme(a)redhat.com> tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts Xiaomeng Tong <xiam0nd.tong(a)gmail.com> perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator Guo Ren <guoren(a)linux.alibaba.com> arm64: patch_text: Fixup last cpu should be master Ethan Lien <ethanlien(a)synology.com> btrfs: fix qgroup reserve overflow the qgroup limit Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/speculation: Restore speculation related MSRs during S3 resume Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/pm: Save the MSR validity status at context setup Miaohe Lin <linmiaohe(a)huawei.com> mm/mempolicy: fix mpol_new leak in shared_policy_replace Paolo Bonzini <pbonzini(a)redhat.com> mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) Pali Rohár <pali(a)kernel.org> Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning" Lv Yunlong <lyl2019(a)mail.ustc.edu.cn> drbd: Fix five use after free bugs in get_initial_state José Expósito <jose.exposito89(a)gmail.com> drm/imx: Fix memory leak in imx_pd_connector_get_modes Chen-Yu Tsai <wens(a)csie.org> net: stmmac: Fix unset max_speed difference between DT and non-DT platforms Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() Dan Carpenter <dan.carpenter(a)oracle.com> drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() Mauricio Faria de Oliveira <mfo(a)canonical.com> mm: fix race between MADV_FREE reclaim and blkdev direct IO read Willem de Bruijn <willemb(a)google.com> net: add missing SOF_TIMESTAMPING_OPT_ID support Willem de Bruijn <willemb(a)google.com> ipv6: add missing tx timestamping on IPPROTO_RAW Helge Deller <deller(a)gmx.de> parisc: Fix CPU affinity for Lasi, WAX and Dino chips Haimin Zhang <tcs_kernel(a)tencent.com> jfs: prevent NULL deref in diFree Randy Dunlap <rdunlap(a)infradead.org> virtio_console: eliminate anonymous module_init & module_exit Jiri Slaby <jslaby(a)suse.cz> serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() NeilBrown <neilb(a)suse.de> NFS: swap-out must always use STABLE writes. NeilBrown <neilb(a)suse.de> NFS: swap IO handling is slightly different for O_DIRECT IO NeilBrown <neilb(a)suse.de> SUNRPC/call_alloc: async tasks mustn't block waiting for memory Lucas Denefle <lucas.denefle(a)converge.io> w1: w1_therm: fixes w1_seq for ds28ea00 sensors Randy Dunlap <rdunlap(a)infradead.org> init/main.c: return 1 from handled __setup() functions Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: Fix use after free in hci_send_acl Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix DTC warning unit_address_format H. Nikolaus Schaller <hns(a)goldelico.com> usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm Jianglei Nie <niejianglei2021(a)163.com> scsi: libfc: Fix use after free in fc_exch_abts_resp() Alexander Lobakin <alobakin(a)pm.me> MIPS: fix fortify panic when copying asm exception handlers Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Eliminate unintended link toggle during FW reset Sven Eckelmann <sven(a)narfation.org> macvtap: advertise link netns via netlink Dust Li <dust.li(a)linux.alibaba.com> net/smc: correct settings of RMB window update limit Randy Dunlap <rdunlap(a)infradead.org> scsi: aha152x: Fix aha152x_setup() __setup handler return value Damien Le Moal <damien.lemoal(a)opensource.wdc.com> scsi: pm8001: Fix pm8001_mpi_task_abort_resp() Jordy Zomer <jordy(a)jordyzomer.github.io> dm ioctl: prevent potential spectre v1 gadget Zhou Guanghui <zhouguanghui1(a)huawei.com> iommu/arm-smmu-v3: fix event handling soft lockup Pali Rohár <pali(a)kernel.org> PCI: aardvark: Fix support for MSI interrupts Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc: Set crashkernel offset to mid of RMA region Evgeny Boger <boger(a)wirenboard.com> power: supply: axp20x_battery: properly report current when discharging Yang Guang <yang.guang5(a)zte.com.cn> scsi: bfa: Replace snprintf() with sysfs_emit() Yang Guang <yang.guang5(a)zte.com.cn> scsi: mvsas: Replace snprintf() with sysfs_emit() Maxim Kiselev <bigunclemax(a)gmail.com> powerpc: dts: t104xrdb: fix phy type for FMAN 4/5 Yang Guang <yang.guang5(a)zte.com.cn> ptp: replace snprintf with sysfs_emit Zekun Shen <bruceshenzk(a)gmail.com> ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 Jim Mattson <jmattson(a)google.com> KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs Randy Dunlap <rdunlap(a)infradead.org> ARM: 9187/1: JIVE: fix return value of __setup handler Jiasheng Jiang <jiasheng(a)iscas.ac.cn> rtc: wm8350: Handle error for wm8350_register_irq Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Rectify space amount budget for mkdir/tmpfile operations Vitaly Kuznetsov <vkuznets(a)redhat.com> KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated Martin Varghese <martin.varghese(a)nokia.com> openvswitch: Fixed nd target mask field in the flow dump. Kuldeep Singh <singh.kuldeep87k(a)gmail.com> ARM: dts: spear13xx: Update SPI dma properties Kuldeep Singh <singh.kuldeep87k(a)gmail.com> ARM: dts: spear1340: Update serial node properties Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Allow TLV control to be either read or write Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: fastmap: Return error code if memory allocation fails in add_aeb() Randy Dunlap <rdunlap(a)infradead.org> mm/memcontrol: return 1 from cgroup.memory __setup() handler Randy Dunlap <rdunlap(a)infradead.org> mm/mmap: return 1 from stack_guard_gap __setup() handler Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: CPPC: Avoid out of bounds access when parsing _CPC data Baokun Li <libaokun1(a)huawei.com> ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: pinconf-generic: Print arguments for bias-pull-* Andrew Price <anprice(a)redhat.com> gfs2: Make sure FITRIM minlen is rounded up to fs block size Pavel Skripkin <paskripkin(a)gmail.com> can: mcba_usb: properly check endpoint type Hangyu Hua <hbh25y(a)gmail.com> can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path Baokun Li <libaokun1(a)huawei.com> ubifs: rename_whiteout: correct old_dir size computing Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: setflags: Make dirtied_ino_d 8 bytes aligned Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Add missing iput if do_tmpfile() failed in rename whiteout Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: rename_whiteout: Fix double free for whiteout_ui->data David Matlack <dmatlack(a)google.com> KVM: Prevent module exit until all VMs are freed Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() Nilesh Javali <njavali(a)marvell.com> scsi: qla2xxx: Fix warning for missing error code Anders Roxell <anders.roxell(a)linaro.org> powerpc/lib/sstep: Fix build errors with newer binutils Anders Roxell <anders.roxell(a)linaro.org> powerpc/lib/sstep: Fix 'sthcx' instruction Ulf Hansson <ulf.hansson(a)linaro.org> mmc: host: Return an error when ->enable_sdio_irq() ops is missing Dongliang Mu <mudongliangabcd(a)gmail.com> media: hdpvr: initialize dev->worker at hdpvr_register_videodev Zheyu Ma <zheyuma97(a)gmail.com> video: fbdev: sm712fb: Fix crash in smtcfb_write() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> ARM: mmp: Fix failure to remove sram device Richard Leitner <richard.leitner(a)skidata.com> ARM: tegra: tamonten: Fix I2C3 pad setting Daniel González Cabanelas <dgcbueu(a)gmail.com> media: cx88-mpeg: clear interrupt status register before streaming video Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: soc-core: skip zero num_dai component in searching dai name Jing Yao <yao.jing2(a)zte.com.cn> video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() Jing Yao <yao.jing2(a)zte.com.cn> video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() Richard Schleich <rs(a)noreya.tech> ARM: dts: bcm2837: Add the missing L1/L2 cache information David Heidelberg <david(a)ixit.cz> ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 Yang Guang <yang.guang5(a)zte.com.cn> video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit George Kennedy <george.kennedy(a)oracle.com> video: fbdev: cirrusfb: check pixclock to avoid divide by zero Evgeny Novikov <novikov(a)ispras.ru> video: fbdev: w100fb: Reset global state Tim Gardner <tim.gardner(a)canonical.com> video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow Dongliang Mu <mudongliangabcd(a)gmail.com> ntfs: add sanity check on allocation size Theodore Ts'o <tytso(a)mit.edu> ext4: don't BUG if someone dirty pages without asking ext4 first Minghao Chi <chi.minghao(a)zte.com.cn> spi: tegra20: Use of_device_get_match_data() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> PM: core: keep irq flags in device_pm_check_callbacks() Darren Hart <darren(a)os.amperecomputing.com> ACPI/APEI: Limit printable size of BERT table data Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Avoid walking the ACPI Namespace if it is not there Souptick Joarder (HPE) <jrdr.linux(a)gmail.com> irqchip/nvic: Release nvic_base upon failure Casey Schaufler <casey(a)schaufler-ca.com> Fix incorrect type in assignment of ipv6 port for audit Chaitanya Kulkarni <kch(a)nvidia.com> loop: use sysfs_emit() in the sysfs xxx show() Christian Göttsche <cgzones(a)googlemail.com> selinux: use correct type for context length Dan Carpenter <dan.carpenter(a)oracle.com> lib/test: use after free in register_test_dev_kmod() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/pNFS: Fix another issue with a list iterator pointing to the head Duoming Zhou <duoming(a)zju.edu.cn> net/x25: Fix null-ptr-deref caused by x25_disconnect Tom Rix <trix(a)redhat.com> qlcnic: dcb: default to returning -EOPNOTSUPP Florian Fainelli <f.fainelli(a)gmail.com> net: phy: broadcom: Fix brcm_fet_config_init() Juergen Gross <jgross(a)suse.com> xen: fix is_xen_pmu() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options Pavel Skripkin <paskripkin(a)gmail.com> jfs: fix divide error in dbNextAG Randy Dunlap <rdunlap(a)infradead.org> kgdbts: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> kgdboc: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> tty: hvc: fix return value of __setup handler Miaoqian Lin <linmq006(a)gmail.com> pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe Miaoqian Lin <linmq006(a)gmail.com> pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe Miaoqian Lin <linmq006(a)gmail.com> pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init Alexey Khoroshilov <khoroshilov(a)ispras.ru> NFS: remove unneeded check in decode_devicenotify_args() Miaoqian Lin <linmq006(a)gmail.com> clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver Jonathan Neuschäfer <j.neuschaefer(a)gmx.net> clk: clps711x: Terminate clk_div_table with sentinel element Jonathan Neuschäfer <j.neuschaefer(a)gmx.net> clk: loongson1: Terminate clk_div_table with sentinel element Miaoqian Lin <linmq006(a)gmail.com> remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region Taniya Das <tdas(a)codeaurora.org> clk: qcom: clk-rcg2: Update the frac table for pixel clock Jiasheng Jiang <jiasheng(a)iscas.ac.cn> iio: adc: Add check for devm_request_threaded_irq Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: 8250: Fix race condition in RTS-after-send handling Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_mid: Balance reference count for PCI DMA device Jonathan Cameron <Jonathan.Cameron(a)huawei.com> staging:iio:adc:ad7280a: Fix handing of device address bit reversing. Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() Jiri Slaby <jslaby(a)suse.cz> mxser: fix xmit_buf leak in activate when LSR == 0xff Miaoqian Lin <linmq006(a)gmail.com> mfd: asic3: Add missing iounmap() on error asic3_mfd_probe Jakub Kicinski <kuba(a)kernel.org> tcp: ensure PMTU updates are processed during fastopen Peter Rosin <peda(a)axentia.se> i2c: mux: demux-pinctrl: do not deactivate a master that is not active Petr Machata <petrm(a)nvidia.com> af_netlink: Fix shift out of bounds in group mask calculation Dan Carpenter <dan.carpenter(a)oracle.com> USB: storage: ums-realtek: fix error code in rts51x_read_mem() Xin Xiong <xiongx18(a)fudan.edu.cn> mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init Randy Dunlap <rdunlap(a)infradead.org> MIPS: RB532: fix return value of __setup handler Oliver Hartkopp <socketcan(a)hartkopp.net> vxcan: enable local echo for sent CAN frames Jiasheng Jiang <jiasheng(a)iscas.ac.cn> mfd: mc13xxx: Add check for mc13xxx_irq_request Jakob Koschel <jakobkoschel(a)gmail.com> powerpc/sysdev: fix incorrect use to determine if list is empty Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> PCI: Reduce warnings on possible RW1C corruption Jiasheng Jiang <jiasheng(a)iscas.ac.cn> power: supply: wm8350-power: Add missing free in free_charger_irq Jiasheng Jiang <jiasheng(a)iscas.ac.cn> power: supply: wm8350-power: Handle error for wm8350_register_irq Robert Hancock <robert.hancock(a)calian.com> i2c: xiic: Make bus names unique Hou Wenlong <houwenlong.hwl(a)antgroup.com> KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() Zhenzhong Duan <zhenzhong.duan(a)intel.com> KVM: x86: Fix emulation in writing cr8 Hans de Goede <hdegoede(a)redhat.com> power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return Miaoqian Lin <linmq006(a)gmail.com> drm/tegra: Fix reference leak in tegra_dsi_ganged_probe Zhang Yi <yi.zhang(a)huawei.com> ext2: correct max file size computing Randy Dunlap <rdunlap(a)infradead.org> TOMOYO: fix __setup handlers return values Damien Le Moal <damien.lemoal(a)opensource.wdc.com> scsi: pm8001: Fix abort all task initialization Damien Le Moal <damien.lemoal(a)opensource.wdc.com> scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() Damien Le Moal <damien.lemoal(a)opensource.wdc.com> scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() Damien Le Moal <damien.lemoal(a)opensource.wdc.com> scsi: pm8001: Fix command initialization in pm80XX_send_read_log() Aashish Sharma <shraash(a)google.com> dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS Colin Ian King <colin.king(a)canonical.com> iwlwifi: Fix -EIO error code that is never returned Dmitry Torokhov <dmitry.torokhov(a)gmail.com> HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports Miaoqian Lin <linmq006(a)gmail.com> power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ray_cs: Check ioremap return value Miaoqian Lin <linmq006(a)gmail.com> power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe Pavel Skripkin <paskripkin(a)gmail.com> ath9k_htc: fix uninit value bugs Maxime Ripard <maxime(a)cerno.tech> drm/edid: Don't clear formats if using deep color Jiasheng Jiang <jiasheng(a)iscas.ac.cn> mtd: onenand: Check for error irq Miaoqian Lin <linmq006(a)gmail.com> ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe Wang Wensheng <wangwensheng4(a)huawei.com> ASoC: imx-es8328: Fix error return code in imx_es8328_probe() Miaoqian Lin <linmq006(a)gmail.com> ASoC: mxs: Fix error handling in mxs_sgtl5000_probe Codrin Ciubotariu <codrin.ciubotariu(a)microchip.com> ASoC: dmaengine: do not use a NULL prepare_slave_config() callback Miaoqian Lin <linmq006(a)gmail.com> video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ASoC: fsi: Add check for clk_enable Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ASoC: wm8350: Handle error for wm8350_register_irq Miaoqian Lin <linmq006(a)gmail.com> ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe Dafna Hirschfeld <dafna.hirschfeld(a)collabora.com> media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction Jia-Ju Bai <baijiaju1990(a)gmail.com> memory: emif: check the pointer temp in get_device_details() Jiasheng Jiang <jiasheng(a)iscas.ac.cn> memory: emif: Add check for setup_interrupts Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ASoC: atmel_ssc_dai: Handle errors for clk_enable Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ASoC: mxs-saif: Handle errors for clk_enable Randy Dunlap <rdunlap(a)infradead.org> printk: fix return value of printk.devkmsg __setup handler Frank Wunderlich <frank-w(a)public-files.de> arm64: dts: broadcom: Fix sata nodename Kuldeep Singh <singh.kuldeep87k(a)gmail.com> arm64: dts: ns2: Fix spi-cpol and spi-cpha property Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ALSA: spi: Add check for clk_enable() Jiasheng Jiang <jiasheng(a)iscas.ac.cn> ASoC: ti: davinci-i2s: Add check for clk_enable() Dan Carpenter <dan.carpenter(a)oracle.com> media: usb: go7007: s2250-board: fix leak in probe() Miaoqian Lin <linmq006(a)gmail.com> soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe Pavel Kubelun <be.dissent(a)gmail.com> ARM: dts: qcom: ipq4019: fix sleep clock Dan Carpenter <dan.carpenter(a)oracle.com> video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() Wang Hai <wanghai38(a)huawei.com> video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() Miaoqian Lin <linmq006(a)gmail.com> media: coda: Fix missing put_device() call in coda_get_vdoa_data Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix address filter config for 32-bit kernel Adrian Hunter <adrian.hunter(a)intel.com> perf/core: Fix address filter parser for multiple filters Bharata B Rao <bharata(a)amd.com> sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa Randy Dunlap <rdunlap(a)infradead.org> clocksource: acpi_pm: fix return value of __setup handler Brandon Wyman <bjwyman(a)gmail.com> hwmon: (pmbus) Add Vin unit off handling Dāvis Mosāns <davispuh(a)gmail.com> crypto: ccp - ccp_dmaengine_unregister release dma channels Randy Dunlap <rdunlap(a)infradead.org> ACPI: APEI: fix return value of __setup handlers Petr Vorel <pvorel(a)suse.cz> crypto: vmx - add missing dependencies Claudiu Beznea <claudiu.beznea(a)microchip.com> hwrng: atmel - disable trng on failure path Randy Dunlap <rdunlap(a)infradead.org> PM: suspend: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> PM: hibernate: fix __setup handler error handling Armin Wolf <W_Armin(a)gmx.de> hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING Patrick Rudolph <patrick.rudolph(a)9elements.com> hwmon: (pmbus) Add mutex to regulator ops Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: pxa2xx-pci: Balance reference count for PCI DMA device Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/x86: Add validity check and allow field splitting Miaoqian Lin <linmq006(a)gmail.com> spi: tegra114: Add missing IRQ check in tegra_spi_probe Tomas Paukrt <tomaspaukrt(a)email.cz> crypto: mxs-dcp - Fix scatterlist processing Herbert Xu <herbert(a)gondor.apana.org.au> crypto: authenc - Fix sleep in atomic context in decrypt_tail Liguang Zhang <zhangliguang(a)linux.alibaba.com> PCI: pciehp: Clear cmd_busy bit in polling mode Hector Martin <marcan(a)marcan.st> brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio Hector Martin <marcan(a)marcan.st> brcmfmac: firmware: Allocate space for default boardrev in nvram Johan Hovold <johan(a)kernel.org> media: davinci: vpif: fix unbalanced runtime PM get Maciej W. Rozycki <macro(a)orcam.me.uk> DEC: Limit PMAX memory probing to R3k systems Dirk Müller <dmueller(a)suse.de> lib/raid6/test: fix multiple definition linking error Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> thermal: int340x: Increase bitmap size Colin Ian King <colin.i.king(a)gmail.com> carl9170: fix missing bit-wise or operator for tx_params Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> ARM: dts: exynos: add missing HDMI supplies on SMDK5420 Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> ARM: dts: exynos: add missing HDMI supplies on SMDK5250 Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 Tudor Ambarus <tudor.ambarus(a)microchip.com> ARM: dts: at91: sama5d2: Fix PMERRLOC resource size Michael Schmitz <schmitzmic(a)gmail.com> video: fbdev: atari: Atari 2 bpp (STe) palette bugfix Helge Deller <deller(a)gmx.de> video: fbdev: sm712fb: Fix crash in smtcfb_read() Duoming Zhou <duoming(a)zju.edu.cn> drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() Sakari Ailus <sakari.ailus(a)linux.intel.com> ACPI: properties: Consistently return -ENOENT if there are no more references Lars Ellenberg <lars.ellenberg(a)linbit.com> drbd: fix potential silent data corruption Xiaomeng Tong <xiam0nd.tong(a)gmail.com> ALSA: cs4236: fix an incorrect NULL check on list iterator José Expósito <jose.exposito89(a)gmail.com> Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" Manish Chopra <manishc(a)marvell.com> qed: validate and restrict untrusted VFs vlan promisc mode Manish Chopra <manishc(a)marvell.com> qed: display VF trust config Damien Le Moal <damien.lemoal(a)opensource.wdc.com> scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands Hugh Dickins <hughd(a)google.com> mempolicy: mbind_range() set_policy() after vma_merge() Alistair Popple <apopple(a)nvidia.com> mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node Baokun Li <libaokun1(a)huawei.com> jffs2: fix memory leak in jffs2_scan_medium Baokun Li <libaokun1(a)huawei.com> jffs2: fix memory leak in jffs2_do_mount_fs Baokun Li <libaokun1(a)huawei.com> jffs2: fix use-after-free in jffs2_clear_xattr_subsystem Hangyu Hua <hbh25y(a)gmail.com> can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> pinctrl: samsung: drop pin banks references on error paths Dan Carpenter <dan.carpenter(a)oracle.com> NFSD: prevent underflow in nfssvc_decode_writeargs() NeilBrown <neilb(a)suse.de> SUNRPC: avoid race between mod_timer() and del_timer_sync() Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: update stable tree link Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: add link to stable release candidate tree Jann Horn <jannh(a)google.com> ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> clk: uniphier: Fix fixed-rate initialization Liam Beguin <liambeguin(a)gmail.com> iio: inkern: make a best effort on offset calculation Liam Beguin <liambeguin(a)gmail.com> iio: inkern: apply consumer scale when no channel scale is available Liam Beguin <liambeguin(a)gmail.com> iio: inkern: apply consumer scale on IIO_VAL_INT cases James Clark <james.clark(a)arm.com> coresight: Fix TRCCONFIGR.QE sysfs interface Alan Stern <stern(a)rowland.harvard.edu> USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c Xie Yongji <xieyongji(a)bytedance.com> virtio-blk: Use blk_validate_block_size() to validate block size Xie Yongji <xieyongji(a)bytedance.com> block: Add a helper to validate the block size Lino Sanfilippo <LinoSanfilippo(a)gmx.de> tpm: fix reference counting for struct tpm_chip Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix pipe buffer lifetime for direct_io Haimin Zhang <tcs_kernel(a)tencent.com> af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register Biju Das <biju.das.jz(a)bp.renesas.com> spi: Fix erroneous sgs value with min_t() Biju Das <biju.das.jz(a)bp.renesas.com> spi: Fix invalid sgs value Zheyu Ma <zheyuma97(a)gmail.com> ethernet: sun: Free the coherent when failing in probing Michael S. Tsirkin <mst(a)redhat.com> virtio_console: break out of buf poll on remove Yajun Deng <yajun.deng(a)linux.dev> netdevice: add the case if dev is NULL Johan Hovold <johan(a)kernel.org> USB: serial: simple: add Nokia phone driver Eddie James <eajames(a)linux.ibm.com> USB: serial: pl2303: add IBM device IDs ------------- Diffstat: Documentation/process/stable-kernel-rules.rst | 11 +- Makefile | 4 +- arch/arm/boot/dts/bcm2837.dtsi | 49 +++++++ arch/arm/boot/dts/exynos5250-pinctrl.dtsi | 2 +- arch/arm/boot/dts/exynos5250-smdk5250.dts | 3 + arch/arm/boot/dts/exynos5420-smdk5420.dts | 3 + arch/arm/boot/dts/qcom-ipq4019.dtsi | 3 +- arch/arm/boot/dts/qcom-msm8960.dtsi | 8 +- arch/arm/boot/dts/sama5d2.dtsi | 2 +- arch/arm/boot/dts/spear1340.dtsi | 6 +- arch/arm/boot/dts/spear13xx.dtsi | 6 +- arch/arm/boot/dts/tegra20-tamonten.dtsi | 6 +- arch/arm/mach-davinci/board-da850-evm.c | 4 +- arch/arm/mach-mmp/sram.c | 22 +-- arch/arm/mach-s3c24xx/mach-jive.c | 6 +- .../arm64/boot/dts/broadcom/northstar2/ns2-svk.dts | 8 +- arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 2 +- arch/arm64/kernel/insn.c | 4 +- arch/arm64/kernel/module.lds | 6 +- arch/mips/dec/prom/Makefile | 2 +- arch/mips/include/asm/dec/prom.h | 15 +- arch/mips/include/asm/setup.h | 2 +- arch/mips/kernel/traps.c | 22 +-- arch/mips/rb532/devices.c | 6 +- arch/powerpc/boot/dts/fsl/t104xrdb.dtsi | 4 +- arch/powerpc/kernel/machine_kexec.c | 15 +- arch/powerpc/kernel/rtas.c | 6 + arch/powerpc/lib/sstep.c | 8 +- arch/powerpc/sysdev/fsl_gtm.c | 4 +- arch/x86/events/intel/pt.c | 2 +- arch/x86/kvm/emulate.c | 14 +- arch/x86/kvm/hyperv.c | 15 ++ arch/x86/kvm/lapic.c | 5 +- arch/x86/kvm/pmu_amd.c | 8 +- arch/x86/power/cpu.c | 21 ++- arch/x86/xen/pmu.c | 10 +- arch/x86/xen/pmu.h | 3 +- arch/x86/xen/smp_pv.c | 2 +- arch/xtensa/boot/dts/xtfpga-flash-128m.dtsi | 8 +- arch/xtensa/boot/dts/xtfpga-flash-16m.dtsi | 8 +- arch/xtensa/boot/dts/xtfpga-flash-4m.dtsi | 4 +- crypto/authenc.c | 2 +- drivers/acpi/acpica/nswalk.c | 3 + drivers/acpi/apei/bert.c | 10 +- drivers/acpi/apei/erst.c | 2 +- drivers/acpi/apei/hest.c | 2 +- drivers/acpi/cppc_acpi.c | 5 + drivers/acpi/property.c | 2 +- drivers/ata/libata-core.c | 3 + drivers/base/power/main.c | 6 +- drivers/block/drbd/drbd_int.h | 8 +- drivers/block/drbd/drbd_nl.c | 41 +++--- drivers/block/drbd/drbd_req.c | 3 +- drivers/block/drbd/drbd_state.c | 18 +-- drivers/block/drbd/drbd_state_change.h | 8 +- drivers/block/loop.c | 10 +- drivers/block/virtio_blk.c | 12 +- drivers/char/hw_random/atmel-rng.c | 1 + drivers/char/tpm/tpm-chip.c | 46 ++---- drivers/char/tpm/tpm.h | 2 + drivers/char/tpm/tpm2-space.c | 65 +++++++++ drivers/char/virtio_console.c | 15 +- drivers/clk/clk-clps711x.c | 2 + drivers/clk/loongson1/clk-loongson1c.c | 1 + drivers/clk/qcom/clk-rcg2.c | 1 + drivers/clk/tegra/clk-emc.c | 1 + drivers/clk/uniphier/clk-uniphier-fixed-rate.c | 1 + drivers/clocksource/acpi_pm.c | 6 +- drivers/crypto/ccp/ccp-dmaengine.c | 16 +++ drivers/crypto/mxs-dcp.c | 2 +- drivers/crypto/vmx/Kconfig | 4 + drivers/dma/sh/shdma-base.c | 4 +- drivers/gpio/gpiolib-acpi.c | 4 +- drivers/gpu/drm/amd/amdgpu/ObjectID.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_events.c | 2 + drivers/gpu/drm/drm_edid.c | 8 -- drivers/gpu/drm/imx/parallel-display.c | 4 +- drivers/gpu/drm/tegra/dsi.c | 4 +- drivers/gpu/ipu-v3/ipu-di.c | 5 +- drivers/hid/i2c-hid/i2c-hid-core.c | 32 +++-- drivers/hv/ring_buffer.c | 11 +- drivers/hwmon/pmbus/pmbus.h | 1 + drivers/hwmon/pmbus/pmbus_core.c | 18 ++- drivers/hwmon/sch56xx-common.c | 2 +- .../hwtracing/coresight/coresight-etm4x-sysfs.c | 8 +- drivers/i2c/busses/i2c-pasemi.c | 6 + drivers/i2c/busses/i2c-xiic.c | 3 +- drivers/i2c/muxes/i2c-demux-pinctrl.c | 5 +- drivers/iio/adc/twl6030-gpadc.c | 2 + drivers/iio/inkern.c | 40 ++++-- drivers/input/input.c | 6 - drivers/iommu/arm-smmu-v3.c | 1 + drivers/irqchip/irq-nvic.c | 2 + drivers/md/dm-crypt.c | 2 +- drivers/md/dm-ioctl.c | 2 + drivers/media/pci/cx88/cx88-mpeg.c | 3 + drivers/media/platform/coda/coda-common.c | 1 + drivers/media/platform/davinci/vpif.c | 1 + drivers/media/usb/go7007/s2250-board.c | 10 +- drivers/media/usb/hdpvr/hdpvr-video.c | 4 +- drivers/media/usb/stk1160/stk1160-core.c | 2 +- drivers/media/usb/stk1160/stk1160-v4l.c | 10 +- drivers/media/usb/stk1160/stk1160.h | 2 +- drivers/memory/atmel-ebi.c | 23 ++- drivers/memory/emif.c | 8 +- drivers/mfd/asic3.c | 10 +- drivers/mfd/mc13xxx-core.c | 4 +- drivers/misc/kgdbts.c | 4 +- drivers/mmc/core/host.c | 15 +- drivers/mmc/host/sdhci-xenon.c | 10 -- drivers/mtd/nand/atmel/nand-controller.c | 14 +- drivers/mtd/onenand/generic.c | 7 +- drivers/mtd/ubi/build.c | 9 +- drivers/mtd/ubi/fastmap.c | 28 ++-- drivers/mtd/ubi/vmt.c | 8 +- drivers/net/can/usb/ems_usb.c | 1 - drivers/net/can/usb/mcba_usb.c | 27 ++-- drivers/net/can/vxcan.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 4 +- drivers/net/ethernet/mellanox/mlxsw/i2c.c | 1 + drivers/net/ethernet/micrel/Kconfig | 1 + drivers/net/ethernet/qlogic/qed/qed_sriov.c | 29 +++- drivers/net/ethernet/qlogic/qed/qed_sriov.h | 1 + drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.h | 10 +- drivers/net/ethernet/stmicro/stmmac/altr_tse_pcs.c | 8 -- drivers/net/ethernet/stmicro/stmmac/altr_tse_pcs.h | 4 + .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 13 +- .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 3 +- drivers/net/ethernet/sun/sunhme.c | 6 +- drivers/net/hamradio/6pack.c | 4 +- drivers/net/macvtap.c | 6 + drivers/net/phy/broadcom.c | 21 +++ drivers/net/slip/slip.c | 2 +- drivers/net/veth.c | 2 +- drivers/net/wireless/ath/ath5k/eeprom.c | 3 + drivers/net/wireless/ath/ath9k/htc_hst.c | 5 + drivers/net/wireless/ath/carl9170/main.c | 2 +- .../broadcom/brcm80211/brcmfmac/firmware.c | 2 + .../wireless/broadcom/brcm80211/brcmfmac/pcie.c | 48 +------ drivers/net/wireless/intel/iwlwifi/dvm/mac80211.c | 2 +- drivers/net/wireless/ray_cs.c | 6 + drivers/parisc/dino.c | 41 ++++-- drivers/parisc/gsc.c | 31 +++++ drivers/parisc/gsc.h | 1 + drivers/parisc/lasi.c | 7 +- drivers/parisc/wax.c | 7 +- drivers/pci/access.c | 9 +- drivers/pci/host/pci-aardvark.c | 16 +-- drivers/pci/hotplug/pciehp_hpc.c | 2 + drivers/perf/qcom_l2_pmu.c | 6 +- drivers/pinctrl/mediatek/pinctrl-mtk-common.c | 2 + drivers/pinctrl/nomadik/pinctrl-nomadik.c | 4 +- drivers/pinctrl/pinconf-generic.c | 6 +- drivers/pinctrl/pinctrl-rockchip.c | 2 + drivers/pinctrl/samsung/pinctrl-samsung.c | 30 +++- drivers/power/reset/gemini-poweroff.c | 4 +- drivers/power/supply/ab8500_fg.c | 4 +- drivers/power/supply/axp20x_battery.c | 13 +- drivers/power/supply/bq24190_charger.c | 7 +- drivers/power/supply/wm8350_power.c | 97 +++++++++++-- drivers/ptp/ptp_sysfs.c | 4 +- drivers/pwm/pwm-lpc18xx-sct.c | 20 ++- drivers/remoteproc/qcom_wcnss.c | 1 + drivers/rtc/rtc-wm8350.c | 11 +- drivers/scsi/aha152x.c | 6 +- drivers/scsi/bfa/bfad_attr.c | 26 ++-- drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 2 +- drivers/scsi/libfc/fc_exch.c | 1 + drivers/scsi/libsas/sas_ata.c | 2 +- drivers/scsi/mvsas/mv_init.c | 5 +- drivers/scsi/pm8001/pm8001_hwi.c | 13 +- drivers/scsi/pm8001/pm80xx_hwi.c | 11 +- drivers/scsi/qla2xxx/qla_init.c | 2 +- drivers/scsi/qla2xxx/qla_target.c | 1 + drivers/scsi/zorro7xx.c | 2 + drivers/soc/ti/wkup_m3_ipc.c | 4 +- drivers/spi/spi-pxa2xx-pci.c | 17 ++- drivers/spi/spi-tegra114.c | 4 + drivers/spi/spi-tegra20-slink.c | 8 +- drivers/spi/spi.c | 4 +- drivers/staging/iio/adc/ad7280a.c | 4 +- drivers/target/target_core_user.c | 3 +- drivers/thermal/int340x_thermal/int3400_thermal.c | 2 +- drivers/tty/hvc/hvc_iucv.c | 4 +- drivers/tty/mxser.c | 15 +- drivers/tty/serial/8250/8250_mid.c | 19 ++- drivers/tty/serial/8250/8250_port.c | 12 ++ drivers/tty/serial/kgdboc.c | 6 +- drivers/tty/serial/samsung.c | 5 +- drivers/usb/dwc3/dwc3-omap.c | 2 +- drivers/usb/serial/Kconfig | 1 + drivers/usb/serial/pl2303.c | 1 + drivers/usb/serial/pl2303.h | 3 + drivers/usb/serial/usb-serial-simple.c | 7 + drivers/usb/storage/ene_ub6250.c | 155 ++++++++++----------- drivers/usb/storage/realtek_cr.c | 2 +- drivers/video/fbdev/atafb.c | 12 +- drivers/video/fbdev/cirrusfb.c | 16 +-- drivers/video/fbdev/core/fbcvt.c | 53 +++---- drivers/video/fbdev/nvidia/nv_i2c.c | 2 +- .../fbdev/omap2/omapfb/displays/connector-dvi.c | 1 + .../fbdev/omap2/omapfb/displays/panel-dsi-cm.c | 8 +- .../omap2/omapfb/displays/panel-sony-acx565akm.c | 2 +- .../omap2/omapfb/displays/panel-tpo-td043mtea1.c | 4 +- drivers/video/fbdev/sm712fb.c | 46 ++---- drivers/video/fbdev/smscufx.c | 3 +- drivers/video/fbdev/w100fb.c | 15 +- drivers/w1/slaves/w1_therm.c | 8 +- fs/btrfs/extent_io.h | 2 +- fs/cifs/link.c | 3 + fs/ext2/super.c | 6 +- fs/ext4/inode.c | 25 ++++ fs/fuse/dev.c | 12 +- fs/fuse/file.c | 1 + fs/fuse/fuse_i.h | 2 + fs/gfs2/rgrp.c | 3 +- fs/jffs2/build.c | 4 +- fs/jffs2/fs.c | 2 +- fs/jffs2/scan.c | 6 +- fs/jfs/inode.c | 3 +- fs/jfs/jfs_dmap.c | 7 + fs/nfs/callback_proc.c | 27 ++-- fs/nfs/callback_xdr.c | 4 - fs/nfs/direct.c | 48 ++++--- fs/nfs/file.c | 4 +- fs/nfs/pnfs.c | 11 ++ fs/nfs/pnfs.h | 2 + fs/nfsd/nfsproc.c | 2 +- fs/nfsd/xdr.h | 2 +- fs/ntfs/inode.c | 4 + fs/ubifs/dir.c | 19 ++- fs/ubifs/ioctl.c | 2 +- include/linux/blkdev.h | 8 ++ include/linux/mmzone.h | 11 +- include/linux/netdevice.h | 6 +- include/linux/nfs_fs.h | 8 +- include/linux/pci.h | 1 + include/net/sock.h | 25 +++- include/net/xfrm.h | 9 +- init/main.c | 6 +- kernel/cgroup/cgroup-internal.h | 19 +++ kernel/cgroup/cgroup-v1.c | 33 +++-- kernel/cgroup/cgroup.c | 81 ++++++++--- kernel/events/core.c | 3 + kernel/power/hibernate.c | 2 +- kernel/power/suspend_test.c | 8 +- kernel/printk/printk.c | 6 +- kernel/ptrace.c | 47 +++++-- kernel/sched/debug.c | 10 -- kernel/smp.c | 2 +- lib/raid6/test/test.c | 1 - lib/test_kmod.c | 1 + mm/kmemleak.c | 8 +- mm/memcontrol.c | 2 +- mm/memory.c | 25 +++- mm/mempolicy.c | 9 +- mm/mmap.c | 2 +- mm/mremap.c | 3 + mm/page_alloc.c | 11 +- mm/rmap.c | 25 +++- net/bluetooth/hci_event.c | 3 +- net/can/raw.c | 2 +- net/ipv4/raw.c | 2 +- net/ipv4/tcp_output.c | 5 +- net/ipv6/raw.c | 7 +- net/key/af_key.c | 6 +- net/netfilter/nf_conntrack_proto_tcp.c | 17 ++- net/netlink/af_netlink.c | 2 + net/nfc/nci/core.c | 4 + net/openvswitch/flow_netlink.c | 4 +- net/packet/af_packet.c | 6 +- net/smc/smc_core.c | 2 +- net/sunrpc/sched.c | 4 +- net/sunrpc/xprt.c | 7 + net/sunrpc/xprtrdma/transport.c | 4 +- net/x25/af_x25.c | 11 +- net/xfrm/xfrm_policy.c | 24 ++-- net/xfrm/xfrm_user.c | 14 +- scripts/gcc-plugins/latent_entropy_plugin.c | 44 +++--- security/selinux/xfrm.c | 2 +- security/smack/smack_lsm.c | 2 +- security/tomoyo/load_policy.c | 4 +- sound/core/pcm_misc.c | 2 +- sound/firewire/fcp.c | 4 +- sound/isa/cs423x/cs4236.c | 8 +- sound/soc/atmel/atmel_ssc_dai.c | 5 +- sound/soc/atmel/sam9g20_wm8731.c | 1 + sound/soc/codecs/msm8916-wcd-digital.c | 5 +- sound/soc/codecs/wm8350.c | 28 +++- sound/soc/davinci/davinci-i2s.c | 5 +- sound/soc/fsl/imx-es8328.c | 1 + sound/soc/mxs/mxs-saif.c | 5 +- sound/soc/mxs/mxs-sgtl5000.c | 3 + sound/soc/sh/fsi.c | 19 ++- sound/soc/soc-core.c | 2 +- sound/soc/soc-generic-dmaengine-pcm.c | 6 +- sound/soc/soc-topology.c | 3 +- sound/spi/at73c213.c | 27 +++- tools/build/feature/Makefile | 2 +- tools/testing/selftests/x86/check_cc.sh | 2 +- virt/kvm/kvm_main.c | 13 ++ 302 files changed, 1919 insertions(+), 1013 deletions(-)

2 years, 2 months

11
298
0 0

[PATCH AUTOSEL 5.4 01/16] Revert "evm: Fix memleak in init_desc"

by Sasha Levin

From: Xiu Jianfeng <xiujianfeng(a)huawei.com> [ Upstream commit 51dd64bb99e4478fc5280171acd8e1b529eadaf7 ] This reverts commit ccf11dbaa07b328fa469415c362d33459c140a37. Commit ccf11dbaa07b ("evm: Fix memleak in init_desc") said there is memleak in init_desc. That may be incorrect, as we can see, tmp_tfm is saved in one of the two global variables hmac_tfm or evm_tfm[hash_algo], then if init_desc is called next time, there is no need to alloc tfm again, so in the error path of kmalloc desc or crypto_shash_init(desc), It is not a problem without freeing tmp_tfm. And also that commit did not reset the global variable to NULL after freeing tmp_tfm and this makes *tfm a dangling pointer which may cause a UAF issue. Reported-by: Guozihua (Scott) <guozihua(a)huawei.com> Signed-off-by: Xiu Jianfeng <xiujianfeng(a)huawei.com> Signed-off-by: Mimi Zohar <zohar(a)linux.ibm.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- security/integrity/evm/evm_crypto.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index 25dac691491b..ee6bd945f3d6 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c @@ -75,7 +75,7 @@ static struct shash_desc *init_desc(char type, uint8_t hash_algo) { long rc; const char *algo; - struct crypto_shash **tfm, *tmp_tfm = NULL; + struct crypto_shash **tfm, *tmp_tfm; struct shash_desc *desc; if (type == EVM_XATTR_HMAC) { @@ -120,16 +120,13 @@ static struct shash_desc *init_desc(char type, uint8_t hash_algo) alloc: desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm), GFP_KERNEL); - if (!desc) { - crypto_free_shash(tmp_tfm); + if (!desc) return ERR_PTR(-ENOMEM); - } desc->tfm = *tfm; rc = crypto_shash_init(desc); if (rc) { - crypto_free_shash(tmp_tfm); kfree(desc); return ERR_PTR(rc); } -- 2.35.1

2 years, 2 months

3
18
0 0

[PATCH v2] ntfs: Ensure $Extend is a directory

by Soumya Negi

Fix Syzbot bug: kernel BUG in ntfs_lookup_inode_by_name https://syzkaller.appspot.com/bug?id=32cf53b48c1846ffc25a185a2e92e170d1a95d… Check whether $Extend is a directory or not( for NTFS3.0+) while loading system files. If it isn't(as in the case of this bug where the mft record for $Extend contains a regular file), load_system_files() returns false. Reported-by: syzbot+30b7f850c6d98ea461d2(a)syzkaller.appspotmail.com CC: stable(a)vger.kernel.org # 4.9+ Signed-off-by: Soumya Negi <soumya.negi97(a)gmail.com> --- Changes since v1: * Added CC tag for stable * Formatted changelog to fit within 72 cols --- fs/ntfs/super.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/fs/ntfs/super.c b/fs/ntfs/super.c index 5ae8de09b271..18e2902531f9 100644 --- a/fs/ntfs/super.c +++ b/fs/ntfs/super.c @@ -2092,10 +2092,15 @@ static bool load_system_files(ntfs_volume *vol) // TODO: Initialize security. /* Get the extended system files' directory inode. */ vol->extend_ino = ntfs_iget(sb, FILE_Extend); - if (IS_ERR(vol->extend_ino) || is_bad_inode(vol->extend_ino)) { + if (IS_ERR(vol->extend_ino) || is_bad_inode(vol->extend_ino) || + !S_ISDIR(vol->extend_ino->i_mode)) { + static const char *es1 = "$Extend is not a directory"; + static const char *es2 = "Failed to load $Extend"; + const char *es = !S_ISDIR(vol->extend_ino->i_mode) ? es1 : es2; + if (!IS_ERR(vol->extend_ino)) iput(vol->extend_ino); - ntfs_error(sb, "Failed to load $Extend."); + ntfs_error(sb, "%s.", es); goto iput_sec_err_out; } #ifdef NTFS_RW -- 2.17.1

2 years, 3 months

1
1
0 0

[PATCH] drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk

by Jani Nikula

From: Diego Santa Cruz <Diego.SantaCruz(a)spinetix.com> The quirk added in upstream commit 90c3e2198777 ("drm/i915/glk: Add Quirk for GLK NUC HDMI port issues.") is also required on the ECS Liva Q2. Note: Would be nicer to figure out the extra delay required for the retimer without quirks, however don't know how to check for that. Cc: stable(a)vger.kernel.org Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/1326 Signed-off-by: Diego Santa Cruz <Diego.SantaCruz(a)spinetix.com> Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> --- drivers/gpu/drm/i915/display/intel_quirks.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/i915/display/intel_quirks.c b/drivers/gpu/drm/i915/display/intel_quirks.c index c8488f5ebd04..e415cd7c0b84 100644 --- a/drivers/gpu/drm/i915/display/intel_quirks.c +++ b/drivers/gpu/drm/i915/display/intel_quirks.c @@ -191,6 +191,9 @@ static struct intel_quirk intel_quirks[] = { /* ASRock ITX*/ { 0x3185, 0x1849, 0x2212, quirk_increase_ddi_disabled_time }, { 0x3184, 0x1849, 0x2212, quirk_increase_ddi_disabled_time }, + /* ECS Liva Q2 */ + { 0x3185, 0x1019, 0xa94d, quirk_increase_ddi_disabled_time }, + { 0x3184, 0x1019, 0xa94d, quirk_increase_ddi_disabled_time }, }; void intel_init_quirks(struct drm_i915_private *i915) -- 2.30.2

2 years, 3 months

2
2
0 0

[RESEND RFC PATCH] x86/bugs: Add "unknown" reporting for MMIO Stale Data

by Pawan Gupta

Older CPUs beyond its Servicing period are not listed in the affected processor list for MMIO Stale Data vulnerabilities. These CPUs currently report "Not affected" in sysfs, which may not be correct. Add support for "Unknown" reporting for such CPUs. Mitigation is not deployed when the status is "Unknown". "CPU is beyond its Servicing period" means these CPUs are beyond their Servicing [1] period and have reached End of Servicing Updates (ESU) [2]. [1] Servicing: The process of providing functional and security updates to Intel processors or platforms, utilizing the Intel Platform Update (IPU) process or other similar mechanisms. [2] End of Servicing Updates (ESU): ESU is the date at which Intel will no longer provide Servicing, such as through IPU or other similar update processes. ESU dates will typically be aligned to end of quarter. Suggested-by: Andrew Cooper <andrew.cooper3(a)citrix.com> Suggested-by: Tony Luck <tony.luck(a)intel.com> Fixes: 8d50cdf8b834 ("x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data") Cc: stable(a)vger.kernel.org Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> --- CPU vulnerability is unknown if, hardware doesn't set the immunity bits and CPU is not in the known-affected-list. In order to report the unknown status, this patch sets the MMIO bug for all Intel CPUs that don't have the hardware immunity bits set. Based on the known-affected-list of CPUs, mitigation selection then deploys the mitigation or sets the "Unknown" status; which is ugly. I will appreciate suggestions to improve this. Thanks, Pawan .../hw-vuln/processor_mmio_stale_data.rst | 3 +++ arch/x86/kernel/cpu/bugs.c | 11 +++++++- arch/x86/kernel/cpu/common.c | 26 +++++++++++++------ arch/x86/kernel/cpu/cpu.h | 1 + 4 files changed, 32 insertions(+), 9 deletions(-) diff --git a/Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst b/Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst index 9393c50b5afc..55524e0798da 100644 --- a/Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst +++ b/Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst @@ -230,6 +230,9 @@ The possible values in this file are: * - 'Mitigation: Clear CPU buffers' - The processor is vulnerable and the CPU buffer clearing mitigation is enabled. + * - 'Unknown: CPU is beyond its Servicing period' + - The processor vulnerability status is unknown because it is + out of Servicing period. Mitigation is not attempted. If the processor is vulnerable then the following information is appended to the above information: diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 0dd04713434b..dd6e78d370bc 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -416,6 +416,7 @@ enum mmio_mitigations { MMIO_MITIGATION_OFF, MMIO_MITIGATION_UCODE_NEEDED, MMIO_MITIGATION_VERW, + MMIO_MITIGATION_UNKNOWN, }; /* Default mitigation for Processor MMIO Stale Data vulnerabilities */ @@ -426,12 +427,18 @@ static const char * const mmio_strings[] = { [MMIO_MITIGATION_OFF] = "Vulnerable", [MMIO_MITIGATION_UCODE_NEEDED] = "Vulnerable: Clear CPU buffers attempted, no microcode", [MMIO_MITIGATION_VERW] = "Mitigation: Clear CPU buffers", + [MMIO_MITIGATION_UNKNOWN] = "Unknown: CPU is beyond its servicing period", }; static void __init mmio_select_mitigation(void) { u64 ia32_cap; + if (mmio_stale_data_unknown()) { + mmio_mitigation = MMIO_MITIGATION_UNKNOWN; + return; + } + if (!boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA) || cpu_mitigations_off()) { mmio_mitigation = MMIO_MITIGATION_OFF; @@ -1638,6 +1645,7 @@ void cpu_bugs_smt_update(void) pr_warn_once(MMIO_MSG_SMT); break; case MMIO_MITIGATION_OFF: + case MMIO_MITIGATION_UNKNOWN: break; } @@ -2235,7 +2243,8 @@ static ssize_t tsx_async_abort_show_state(char *buf) static ssize_t mmio_stale_data_show_state(char *buf) { - if (mmio_mitigation == MMIO_MITIGATION_OFF) + if (mmio_mitigation == MMIO_MITIGATION_OFF || + mmio_mitigation == MMIO_MITIGATION_UNKNOWN) return sysfs_emit(buf, "%s\n", mmio_strings[mmio_mitigation]); if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) { diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 736262a76a12..82088410870e 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1286,6 +1286,22 @@ static bool arch_cap_mmio_immune(u64 ia32_cap) ia32_cap & ARCH_CAP_SBDR_SSDP_NO); } +bool __init mmio_stale_data_unknown(void) +{ + u64 ia32_cap = x86_read_arch_cap_msr(); + + if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL) + return false; + /* + * CPU vulnerability is unknown when, hardware doesn't set the + * immunity bits and CPU is not in the known affected list. + */ + if (!cpu_matches(cpu_vuln_blacklist, MMIO) && + !arch_cap_mmio_immune(ia32_cap)) + return true; + return false; +} + static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) { u64 ia32_cap = x86_read_arch_cap_msr(); @@ -1349,14 +1365,8 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) cpu_matches(cpu_vuln_blacklist, SRBDS | MMIO_SBDS)) setup_force_cpu_bug(X86_BUG_SRBDS); - /* - * Processor MMIO Stale Data bug enumeration - * - * Affected CPU list is generally enough to enumerate the vulnerability, - * but for virtualization case check for ARCH_CAP MSR bits also, VMM may - * not want the guest to enumerate the bug. - */ - if (cpu_matches(cpu_vuln_blacklist, MMIO) && + /* Processor MMIO Stale Data bug enumeration */ + if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && !arch_cap_mmio_immune(ia32_cap)) setup_force_cpu_bug(X86_BUG_MMIO_STALE_DATA); diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h index 7c9b5893c30a..a2dbfc1bbc49 100644 --- a/arch/x86/kernel/cpu/cpu.h +++ b/arch/x86/kernel/cpu/cpu.h @@ -82,6 +82,7 @@ unsigned int aperfmperf_get_khz(int cpu); extern void x86_spec_ctrl_setup_ap(void); extern void update_srbds_msr(void); +extern bool mmio_stale_data_unknown(void); extern u64 x86_read_arch_cap_msr(void); base-commit: 4a57a8400075bc5287c5c877702c68aeae2a033d -- 2.35.3

2 years, 3 months

7
19
0 0

[PATCH v2] Subject: x86/PAT: Report PAT on CPUs that support PAT without MTRR

by Chuck Zmudzinski

The commit 99c13b8c8896d7bcb92753bf ("x86/mm/pat: Don't report PAT on CPUs that don't support it") incorrectly failed to account for the case in init_cache_modes() when CPUs do support PAT and falsely reported PAT to be disabled when in fact PAT is enabled. In some environments, notably in Xen PV domains, MTRR is disabled but PAT is still enabled, and that is the case that the aforementioned commit failed to account for. As an unfortunate consequnce, the pat_enabled() function currently does not correctly report that PAT is enabled in such environments. The fix is implemented in init_cache_modes() by setting pat_bp_enabled to true in init_cache_modes() for the case that commit 99c13b8c8896d7bcb92753bf ("x86/mm/pat: Don't report PAT on CPUs that don't support it") failed to account for. This approach arranges for pat_enabled() to return true in the Xen PV environment without undermining the rest of PAT MSR management logic that considers PAT to be disabled: Specifically, no writes to the PAT MSR should occur. This patch fixes a regression that some users are experiencing with Linux as a Xen Dom0 driving particular Intel graphics devices by correctly reporting to the Intel i915 driver that PAT is enabled where previously it was falsely reporting that PAT is disabled. Some users are experiencing system hangs in Xen PV Dom0 and all users on Xen PV Dom0 are experiencing reduced graphics performance because the keying of the use of WC mappings to pat_enabled() (see arch_can_pci_mmap_wc()) means that in particular graphics frame buffer accesses are quite a bit less performant than possible without this patch. Also, with the current code, in the Xen PV environment, PAT will not be disabled if the administrator sets the "nopat" boot option. Introduce a new boolean variable, pat_force_disable, to forcibly disable PAT when the administrator sets the "nopat" option to override the default behavior of using the PAT configuration that Xen has provided. For the new boolean to live in .init.data, init_cache_modes() also needs moving to .init.text (where it could/should have lived already before). Fixes: 99c13b8c8896d7bcb92753bf ("x86/mm/pat: Don't report PAT on CPUs that don't support it") Co-developed-by: Jan Beulich <jbeulich(a)suse.com> Cc: stable(a)vger.kernel.org Signed-off-by: Chuck Zmudzinski <brchuckz(a)aol.com> --- v2: *Add force_pat_disabled variable to fix "nopat" on Xen PV (Jan Beulich) *Add the necessary code to incorporate the "nopat" fix *void init_cache_modes(void) -> void __init init_cache_modes(void) *Add Jan Beulich as Co-developer (Jan has not signed off yet) *Expand the commit message to include relevant parts of the commit message of Jan Beulich's proposed patch for this problem *Fix 'else if ... {' placement and indentation *Remove indication the backport to stable branches is only back to 5.17.y I think these changes address all the comments on the original patch I added Jan Beulich as a Co-developer because Juergen Gross asked me to include Jan's idea for fixing "nopat" that was missing from the first version of the patch. The patch has been tested, it works as expected with and without nopat in the Xen PV Dom0 environment. That is, "nopat" causes the system to exhibit the effects and problems that lack of PAT support causes. arch/x86/mm/pat/memtype.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c index d5ef64ddd35e..10a37d309d23 100644 --- a/arch/x86/mm/pat/memtype.c +++ b/arch/x86/mm/pat/memtype.c @@ -62,6 +62,7 @@ static bool __read_mostly pat_bp_initialized; static bool __read_mostly pat_disabled = !IS_ENABLED(CONFIG_X86_PAT); +static bool __initdata pat_force_disabled = !IS_ENABLED(CONFIG_X86_PAT); static bool __read_mostly pat_bp_enabled; static bool __read_mostly pat_cm_initialized; @@ -86,6 +87,7 @@ void pat_disable(const char *msg_reason) static int __init nopat(char *str) { pat_disable("PAT support disabled via boot option."); + pat_force_disabled = true; return 0; } early_param("nopat", nopat); @@ -272,7 +274,7 @@ static void pat_ap_init(u64 pat) wrmsrl(MSR_IA32_CR_PAT, pat); } -void init_cache_modes(void) +void __init init_cache_modes(void) { u64 pat = 0; @@ -292,7 +294,7 @@ void init_cache_modes(void) rdmsrl(MSR_IA32_CR_PAT, pat); } - if (!pat) { + if (!pat || pat_force_disabled) { /* * No PAT. Emulate the PAT table that corresponds to the two * cache bits, PWT (Write Through) and PCD (Cache Disable). @@ -313,6 +315,16 @@ void init_cache_modes(void) */ pat = PAT(0, WB) | PAT(1, WT) | PAT(2, UC_MINUS) | PAT(3, UC) | PAT(4, WB) | PAT(5, WT) | PAT(6, UC_MINUS) | PAT(7, UC); + } else if (!pat_bp_enabled) { + /* + * In some environments, specifically Xen PV, PAT + * initialization is skipped because MTRRs are disabled even + * though PAT is available. In such environments, set PAT to + * enabled to correctly indicate to callers of pat_enabled() + * that CPU support for PAT is available. + */ + pat_bp_enabled = true; + pr_info("x86/PAT: PAT enabled by init_cache_modes\n"); } __init_cache_modes(pat); -- 2.36.1

2 years, 3 months

5
33
0 0

FAILED: patch "[PATCH] Revert "tcp: change pingpong threshold to 3"" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4d8f24eeedc58d5f87b650ddda73c16e8ba56559 Mon Sep 17 00:00:00 2001 From: Wei Wang <weiwan(a)google.com> Date: Thu, 21 Jul 2022 20:44:04 +0000 Subject: [PATCH] Revert "tcp: change pingpong threshold to 3" This reverts commit 4a41f453bedfd5e9cd040bad509d9da49feb3e2c. This to-be-reverted commit was meant to apply a stricter rule for the stack to enter pingpong mode. However, the condition used to check for interactive session "before(tp->lsndtime, icsk->icsk_ack.lrcvtime)" is jiffy based and might be too coarse, which delays the stack entering pingpong mode. We revert this patch so that we no longer use the above condition to determine interactive session, and also reduce pingpong threshold to 1. Fixes: 4a41f453bedf ("tcp: change pingpong threshold to 3") Reported-by: LemmyHuang <hlm3280(a)163.com> Suggested-by: Neal Cardwell <ncardwell(a)google.com> Signed-off-by: Wei Wang <weiwan(a)google.com> Acked-by: Neal Cardwell <ncardwell(a)google.com> Reviewed-by: Eric Dumazet <edumazet(a)google.com> Link: https://lore.kernel.org/r/20220721204404.388396-1-weiwan@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h index 85cd695e7fd1..ee88f0f1350f 100644 --- a/include/net/inet_connection_sock.h +++ b/include/net/inet_connection_sock.h @@ -321,7 +321,7 @@ void inet_csk_update_fastreuse(struct inet_bind_bucket *tb, struct dst_entry *inet_csk_update_pmtu(struct sock *sk, u32 mtu); -#define TCP_PINGPONG_THRESH 3 +#define TCP_PINGPONG_THRESH 1 static inline void inet_csk_enter_pingpong_mode(struct sock *sk) { @@ -338,14 +338,6 @@ static inline bool inet_csk_in_pingpong_mode(struct sock *sk) return inet_csk(sk)->icsk_ack.pingpong >= TCP_PINGPONG_THRESH; } -static inline void inet_csk_inc_pingpong_cnt(struct sock *sk) -{ - struct inet_connection_sock *icsk = inet_csk(sk); - - if (icsk->icsk_ack.pingpong < U8_MAX) - icsk->icsk_ack.pingpong++; -} - static inline bool inet_csk_has_ulp(struct sock *sk) { return inet_sk(sk)->is_icsk && !!inet_csk(sk)->icsk_ulp_ops; diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index cf6713c9567e..2efe41c84ee8 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -167,16 +167,13 @@ static void tcp_event_data_sent(struct tcp_sock *tp, if (tcp_packets_in_flight(tp) == 0) tcp_ca_event(sk, CA_EVENT_TX_START); - /* If this is the first data packet sent in response to the - * previous received data, - * and it is a reply for ato after last received packet, - * increase pingpong count. - */ - if (before(tp->lsndtime, icsk->icsk_ack.lrcvtime) && - (u32)(now - icsk->icsk_ack.lrcvtime) < icsk->icsk_ack.ato) - inet_csk_inc_pingpong_cnt(sk); - tp->lsndtime = now; + + /* If it is a reply for ato after last received + * packet, enter pingpong mode. + */ + if ((u32)(now - icsk->icsk_ack.lrcvtime) < icsk->icsk_ack.ato) + inet_csk_enter_pingpong_mode(sk); } /* Account for an ACK we sent. */

2 years, 3 months

5
4
0 0

[PATCH 0/3] x86: make pat and mtrr independent from each other

by Juergen Gross

Today PAT can't be used without MTRR being available, unless MTRR is at least configured via CONFIG_MTRR and the system is running as Xen PV guest. In this case PAT is automatically available via the hypervisor, but the PAT MSR can't be modified by the kernel and MTRR is disabled. As an additional complexity the availability of PAT can't be queried via pat_enabled() in the Xen PV case, as the lack of MTRR will set PAT to be disabled. This leads to some drivers believing that not all cache modes are available, resulting in failures or degraded functionality. The same applies to a kernel built with no MTRR support: it won't allow to use the PAT MSR, even if there is no technical reason for that, other than setting up PAT on all cpus the same way (which is a requirement of the processor's cache management) is relying on some MTRR specific code. Fix all of that by: - moving the function needed by PAT from MTRR specific code one level up - adding a PAT indirection layer supporting the 3 cases "no or disabled PAT", "PAT under kernel control", and "PAT under Xen control" - removing the dependency of PAT on MTRR Juergen Gross (3): x86: move some code out of arch/x86/kernel/cpu/mtrr x86: add wrapper functions for mtrr functions handling also pat x86: decouple pat and mtrr handling arch/x86/include/asm/memtype.h | 13 ++- arch/x86/include/asm/mtrr.h | 27 ++++-- arch/x86/include/asm/processor.h | 10 +++ arch/x86/kernel/cpu/common.c | 123 +++++++++++++++++++++++++++- arch/x86/kernel/cpu/mtrr/generic.c | 90 ++------------------ arch/x86/kernel/cpu/mtrr/mtrr.c | 58 ++++--------- arch/x86/kernel/cpu/mtrr/mtrr.h | 1 - arch/x86/kernel/setup.c | 12 +-- arch/x86/kernel/smpboot.c | 8 +- arch/x86/mm/pat/memtype.c | 127 +++++++++++++++++++++-------- arch/x86/power/cpu.c | 2 +- arch/x86/xen/enlighten_pv.c | 4 + 12 files changed, 289 insertions(+), 186 deletions(-) -- 2.35.3

2 years, 3 months

5
14
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror July 2022