- Linux-stable-mirror - lists.linaro.org

Please apply 4ea77014af0d620 ("kernel/signal.c: avoid undefined behaviour in kill_something_info") to v4.9.y and earlier

by Guenter Roeck

Hi Greg, Please apply commit 4ea77014af0d620 ("kernel/signal.c: avoid undefined behaviour in kill_something_info") to v4.9.y and earlier to fix CVE-2018-10124. Thanks, Guenter

7 years, 7 months

2
1
0 0

FAILED: patch "[PATCH] IB/umem: Use the correct mm during ib_umem_release" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8e907ed4882714fd13cfe670681fc6cb5284c780 Mon Sep 17 00:00:00 2001 From: Lidong Chen <jemmy858585(a)gmail.com> Date: Tue, 8 May 2018 16:50:16 +0800 Subject: [PATCH] IB/umem: Use the correct mm during ib_umem_release User-space may invoke ibv_reg_mr and ibv_dereg_mr in different threads. If ibv_dereg_mr is called after the thread which invoked ibv_reg_mr has exited, get_pid_task will return NULL and ib_umem_release will not decrease mm->pinned_vm. Instead of using threads to locate the mm, use the overall tgid from the ib_ucontext struct instead. This matches the behavior of ODP and disassociate in handling the mm of the process that called ibv_reg_mr. Cc: <stable(a)vger.kernel.org> Fixes: 87773dd56d54 ("IB: ib_umem_release() should decrement mm->pinned_vm from ib_umem_get") Signed-off-by: Lidong Chen <lidongchen(a)tencent.com> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c index 9a4e899d94b3..2b6c9b516070 100644 --- a/drivers/infiniband/core/umem.c +++ b/drivers/infiniband/core/umem.c @@ -119,7 +119,6 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr, umem->length = size; umem->address = addr; umem->page_shift = PAGE_SHIFT; - umem->pid = get_task_pid(current, PIDTYPE_PID); /* * We ask for writable memory if any of the following * access flags are set. "Local write" and "remote write" @@ -132,7 +131,6 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr, IB_ACCESS_REMOTE_ATOMIC | IB_ACCESS_MW_BIND)); if (access & IB_ACCESS_ON_DEMAND) { - put_pid(umem->pid); ret = ib_umem_odp_get(context, umem, access); if (ret) { kfree(umem); @@ -148,7 +146,6 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr, page_list = (struct page **) __get_free_page(GFP_KERNEL); if (!page_list) { - put_pid(umem->pid); kfree(umem); return ERR_PTR(-ENOMEM); } @@ -231,7 +228,6 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr, if (ret < 0) { if (need_release) __ib_umem_release(context->device, umem, 0); - put_pid(umem->pid); kfree(umem); } else current->mm->pinned_vm = locked; @@ -274,8 +270,7 @@ void ib_umem_release(struct ib_umem *umem) __ib_umem_release(umem->context->device, umem, 1); - task = get_pid_task(umem->pid, PIDTYPE_PID); - put_pid(umem->pid); + task = get_pid_task(umem->context->tgid, PIDTYPE_PID); if (!task) goto out; mm = get_task_mm(task); diff --git a/include/rdma/ib_umem.h b/include/rdma/ib_umem.h index 23159dd5be18..a1fd63871d17 100644 --- a/include/rdma/ib_umem.h +++ b/include/rdma/ib_umem.h @@ -48,7 +48,6 @@ struct ib_umem { int writable; int hugetlb; struct work_struct work; - struct pid *pid; struct mm_struct *mm; unsigned long diff; struct ib_umem_odp *odp_data;

7 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] IB/umem: Use the correct mm during ib_umem_release" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8e907ed4882714fd13cfe670681fc6cb5284c780 Mon Sep 17 00:00:00 2001 From: Lidong Chen <jemmy858585(a)gmail.com> Date: Tue, 8 May 2018 16:50:16 +0800 Subject: [PATCH] IB/umem: Use the correct mm during ib_umem_release User-space may invoke ibv_reg_mr and ibv_dereg_mr in different threads. If ibv_dereg_mr is called after the thread which invoked ibv_reg_mr has exited, get_pid_task will return NULL and ib_umem_release will not decrease mm->pinned_vm. Instead of using threads to locate the mm, use the overall tgid from the ib_ucontext struct instead. This matches the behavior of ODP and disassociate in handling the mm of the process that called ibv_reg_mr. Cc: <stable(a)vger.kernel.org> Fixes: 87773dd56d54 ("IB: ib_umem_release() should decrement mm->pinned_vm from ib_umem_get") Signed-off-by: Lidong Chen <lidongchen(a)tencent.com> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c index 9a4e899d94b3..2b6c9b516070 100644 --- a/drivers/infiniband/core/umem.c +++ b/drivers/infiniband/core/umem.c @@ -119,7 +119,6 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr, umem->length = size; umem->address = addr; umem->page_shift = PAGE_SHIFT; - umem->pid = get_task_pid(current, PIDTYPE_PID); /* * We ask for writable memory if any of the following * access flags are set. "Local write" and "remote write" @@ -132,7 +131,6 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr, IB_ACCESS_REMOTE_ATOMIC | IB_ACCESS_MW_BIND)); if (access & IB_ACCESS_ON_DEMAND) { - put_pid(umem->pid); ret = ib_umem_odp_get(context, umem, access); if (ret) { kfree(umem); @@ -148,7 +146,6 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr, page_list = (struct page **) __get_free_page(GFP_KERNEL); if (!page_list) { - put_pid(umem->pid); kfree(umem); return ERR_PTR(-ENOMEM); } @@ -231,7 +228,6 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr, if (ret < 0) { if (need_release) __ib_umem_release(context->device, umem, 0); - put_pid(umem->pid); kfree(umem); } else current->mm->pinned_vm = locked; @@ -274,8 +270,7 @@ void ib_umem_release(struct ib_umem *umem) __ib_umem_release(umem->context->device, umem, 1); - task = get_pid_task(umem->pid, PIDTYPE_PID); - put_pid(umem->pid); + task = get_pid_task(umem->context->tgid, PIDTYPE_PID); if (!task) goto out; mm = get_task_mm(task); diff --git a/include/rdma/ib_umem.h b/include/rdma/ib_umem.h index 23159dd5be18..a1fd63871d17 100644 --- a/include/rdma/ib_umem.h +++ b/include/rdma/ib_umem.h @@ -48,7 +48,6 @@ struct ib_umem { int writable; int hugetlb; struct work_struct work; - struct pid *pid; struct mm_struct *mm; unsigned long diff; struct ib_umem_odp *odp_data;

7 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] powerpc/64s: Clear PCR on boot" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From faf37c44a105f3608115785f17cbbf3500f8bc71 Mon Sep 17 00:00:00 2001 From: Michael Neuling <mikey(a)neuling.org> Date: Fri, 18 May 2018 11:37:42 +1000 Subject: [PATCH] powerpc/64s: Clear PCR on boot Clear the PCR (Processor Compatibility Register) on boot to ensure we are not running in a compatibility mode. We've seen this cause problems when a crash (and kdump) occurs while running compat mode guests. The kdump kernel then runs with the PCR set and causes problems. The symptom in the kdump kernel (also seen in petitboot after fast-reboot) is early userspace programs taking sigills on newer instructions (seen in libc). Signed-off-by: Michael Neuling <mikey(a)neuling.org> Cc: stable(a)vger.kernel.org Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/kernel/cpu_setup_power.S b/arch/powerpc/kernel/cpu_setup_power.S index 3f30c994e931..458b928dbd84 100644 --- a/arch/powerpc/kernel/cpu_setup_power.S +++ b/arch/powerpc/kernel/cpu_setup_power.S @@ -28,6 +28,7 @@ _GLOBAL(__setup_cpu_power7) beqlr li r0,0 mtspr SPRN_LPID,r0 + mtspr SPRN_PCR,r0 mfspr r3,SPRN_LPCR li r4,(LPCR_LPES1 >> LPCR_LPES_SH) bl __init_LPCR_ISA206 @@ -41,6 +42,7 @@ _GLOBAL(__restore_cpu_power7) beqlr li r0,0 mtspr SPRN_LPID,r0 + mtspr SPRN_PCR,r0 mfspr r3,SPRN_LPCR li r4,(LPCR_LPES1 >> LPCR_LPES_SH) bl __init_LPCR_ISA206 @@ -57,6 +59,7 @@ _GLOBAL(__setup_cpu_power8) beqlr li r0,0 mtspr SPRN_LPID,r0 + mtspr SPRN_PCR,r0 mfspr r3,SPRN_LPCR ori r3, r3, LPCR_PECEDH li r4,0 /* LPES = 0 */ @@ -78,6 +81,7 @@ _GLOBAL(__restore_cpu_power8) beqlr li r0,0 mtspr SPRN_LPID,r0 + mtspr SPRN_PCR,r0 mfspr r3,SPRN_LPCR ori r3, r3, LPCR_PECEDH li r4,0 /* LPES = 0 */ @@ -99,6 +103,7 @@ _GLOBAL(__setup_cpu_power9) mtspr SPRN_PSSCR,r0 mtspr SPRN_LPID,r0 mtspr SPRN_PID,r0 + mtspr SPRN_PCR,r0 mfspr r3,SPRN_LPCR LOAD_REG_IMMEDIATE(r4, LPCR_PECEDH | LPCR_PECE_HVEE | LPCR_HVICE | LPCR_HEIC) or r3, r3, r4 @@ -123,6 +128,7 @@ _GLOBAL(__restore_cpu_power9) mtspr SPRN_PSSCR,r0 mtspr SPRN_LPID,r0 mtspr SPRN_PID,r0 + mtspr SPRN_PCR,r0 mfspr r3,SPRN_LPCR LOAD_REG_IMMEDIATE(r4, LPCR_PECEDH | LPCR_PECE_HVEE | LPCR_HVICE | LPCR_HEIC) or r3, r3, r4 diff --git a/arch/powerpc/kernel/dt_cpu_ftrs.c b/arch/powerpc/kernel/dt_cpu_ftrs.c index 8ab51f6ca03a..c904477abaf3 100644 --- a/arch/powerpc/kernel/dt_cpu_ftrs.c +++ b/arch/powerpc/kernel/dt_cpu_ftrs.c @@ -101,6 +101,7 @@ static void __restore_cpu_cpufeatures(void) if (hv_mode) { mtspr(SPRN_LPID, 0); mtspr(SPRN_HFSCR, system_registers.hfscr); + mtspr(SPRN_PCR, 0); } mtspr(SPRN_FSCR, system_registers.fscr);

7 years, 7 months

1
0
0 0

FAILED: patch "[PATCH] powerpc/64s: Clear PCR on boot" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From faf37c44a105f3608115785f17cbbf3500f8bc71 Mon Sep 17 00:00:00 2001 From: Michael Neuling <mikey(a)neuling.org> Date: Fri, 18 May 2018 11:37:42 +1000 Subject: [PATCH] powerpc/64s: Clear PCR on boot Clear the PCR (Processor Compatibility Register) on boot to ensure we are not running in a compatibility mode. We've seen this cause problems when a crash (and kdump) occurs while running compat mode guests. The kdump kernel then runs with the PCR set and causes problems. The symptom in the kdump kernel (also seen in petitboot after fast-reboot) is early userspace programs taking sigills on newer instructions (seen in libc). Signed-off-by: Michael Neuling <mikey(a)neuling.org> Cc: stable(a)vger.kernel.org Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/kernel/cpu_setup_power.S b/arch/powerpc/kernel/cpu_setup_power.S index 3f30c994e931..458b928dbd84 100644 --- a/arch/powerpc/kernel/cpu_setup_power.S +++ b/arch/powerpc/kernel/cpu_setup_power.S @@ -28,6 +28,7 @@ _GLOBAL(__setup_cpu_power7) beqlr li r0,0 mtspr SPRN_LPID,r0 + mtspr SPRN_PCR,r0 mfspr r3,SPRN_LPCR li r4,(LPCR_LPES1 >> LPCR_LPES_SH) bl __init_LPCR_ISA206 @@ -41,6 +42,7 @@ _GLOBAL(__restore_cpu_power7) beqlr li r0,0 mtspr SPRN_LPID,r0 + mtspr SPRN_PCR,r0 mfspr r3,SPRN_LPCR li r4,(LPCR_LPES1 >> LPCR_LPES_SH) bl __init_LPCR_ISA206 @@ -57,6 +59,7 @@ _GLOBAL(__setup_cpu_power8) beqlr li r0,0 mtspr SPRN_LPID,r0 + mtspr SPRN_PCR,r0 mfspr r3,SPRN_LPCR ori r3, r3, LPCR_PECEDH li r4,0 /* LPES = 0 */ @@ -78,6 +81,7 @@ _GLOBAL(__restore_cpu_power8) beqlr li r0,0 mtspr SPRN_LPID,r0 + mtspr SPRN_PCR,r0 mfspr r3,SPRN_LPCR ori r3, r3, LPCR_PECEDH li r4,0 /* LPES = 0 */ @@ -99,6 +103,7 @@ _GLOBAL(__setup_cpu_power9) mtspr SPRN_PSSCR,r0 mtspr SPRN_LPID,r0 mtspr SPRN_PID,r0 + mtspr SPRN_PCR,r0 mfspr r3,SPRN_LPCR LOAD_REG_IMMEDIATE(r4, LPCR_PECEDH | LPCR_PECE_HVEE | LPCR_HVICE | LPCR_HEIC) or r3, r3, r4 @@ -123,6 +128,7 @@ _GLOBAL(__restore_cpu_power9) mtspr SPRN_PSSCR,r0 mtspr SPRN_LPID,r0 mtspr SPRN_PID,r0 + mtspr SPRN_PCR,r0 mfspr r3,SPRN_LPCR LOAD_REG_IMMEDIATE(r4, LPCR_PECEDH | LPCR_PECE_HVEE | LPCR_HVICE | LPCR_HEIC) or r3, r3, r4 diff --git a/arch/powerpc/kernel/dt_cpu_ftrs.c b/arch/powerpc/kernel/dt_cpu_ftrs.c index 8ab51f6ca03a..c904477abaf3 100644 --- a/arch/powerpc/kernel/dt_cpu_ftrs.c +++ b/arch/powerpc/kernel/dt_cpu_ftrs.c @@ -101,6 +101,7 @@ static void __restore_cpu_cpufeatures(void) if (hv_mode) { mtspr(SPRN_LPID, 0); mtspr(SPRN_HFSCR, system_registers.hfscr); + mtspr(SPRN_PCR, 0); } mtspr(SPRN_FSCR, system_registers.fscr);

7 years, 7 months

1
0
0 0

[PATCH v3 07/16] mtd: rawnand: qcom: wait for desc completion in all BAM channels

by Abhishek Sahu

The BAM has 3 channels - tx, rx and command. command channel is used for register read/writes, tx channel for data writes and rx channel for data reads. Currently, the driver assumes the transfer completion once it gets all the command descriptors completed. Sometimes, there is race condition between data channel (tx/rx) and command channel completion. In these cases, the data present in buffer is not valid during small window between command descriptor completion and data descriptor completion. This patch generates NAND transfer completion when both (Data and Command) DMA channels have completed all its DMA descriptors. It assigns completion callback in last DMA descriptors of that channel and wait for completion. Fixes: 8d6b6d7e135e ("mtd: nand: qcom: support for command descriptor formation") Cc: stable(a)vger.kernel.org Signed-off-by: Abhishek Sahu <absahu(a)codeaurora.org> --- * Changes from v2: 1. Changed commit message and comments slightly 2. Renamed wait_second_completion from first_chan_done and set it before submit desc 3. Mark for stable tree * Changes from v1: NONE drivers/mtd/nand/raw/qcom_nandc.c | 53 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/nand/raw/qcom_nandc.c b/drivers/mtd/nand/raw/qcom_nandc.c index 7377923..7f85ef8 100644 --- a/drivers/mtd/nand/raw/qcom_nandc.c +++ b/drivers/mtd/nand/raw/qcom_nandc.c @@ -213,6 +213,8 @@ #define QPIC_PER_CW_CMD_SGL 32 #define QPIC_PER_CW_DATA_SGL 8 +#define QPIC_NAND_COMPLETION_TIMEOUT msecs_to_jiffies(2000) + /* * Flags used in DMA descriptor preparation helper functions * (i.e. read_reg_dma/write_reg_dma/read_data_dma/write_data_dma) @@ -245,6 +247,11 @@ * @tx_sgl_start - start index in data sgl for tx. * @rx_sgl_pos - current index in data sgl for rx. * @rx_sgl_start - start index in data sgl for rx. + * @wait_second_completion - wait for second DMA desc completion before making + * the NAND transfer completion. + * @txn_done - completion for NAND transfer. + * @last_data_desc - last DMA desc in data channel (tx/rx). + * @last_cmd_desc - last DMA desc in command channel. */ struct bam_transaction { struct bam_cmd_element *bam_ce; @@ -258,6 +265,10 @@ struct bam_transaction { u32 tx_sgl_start; u32 rx_sgl_pos; u32 rx_sgl_start; + bool wait_second_completion; + struct completion txn_done; + struct dma_async_tx_descriptor *last_data_desc; + struct dma_async_tx_descriptor *last_cmd_desc; }; /* @@ -504,6 +515,8 @@ static void free_bam_transaction(struct qcom_nand_controller *nandc) bam_txn->data_sgl = bam_txn_buf; + init_completion(&bam_txn->txn_done); + return bam_txn; } @@ -523,11 +536,33 @@ static void clear_bam_transaction(struct qcom_nand_controller *nandc) bam_txn->tx_sgl_start = 0; bam_txn->rx_sgl_pos = 0; bam_txn->rx_sgl_start = 0; + bam_txn->last_data_desc = NULL; + bam_txn->wait_second_completion = false; sg_init_table(bam_txn->cmd_sgl, nandc->max_cwperpage * QPIC_PER_CW_CMD_SGL); sg_init_table(bam_txn->data_sgl, nandc->max_cwperpage * QPIC_PER_CW_DATA_SGL); + + reinit_completion(&bam_txn->txn_done); +} + +/* Callback for DMA descriptor completion */ +static void qpic_bam_dma_done(void *data) +{ + struct bam_transaction *bam_txn = data; + + /* + * In case of data transfer with NAND, 2 callbacks will be generated. + * One for command channel and another one for data channel. + * If current transaction has data descriptors + * (i.e. wait_second_completion is true), then set this to false + * and wait for second DMA descriptor completion. + */ + if (bam_txn->wait_second_completion) + bam_txn->wait_second_completion = false; + else + complete(&bam_txn->txn_done); } static inline struct qcom_nand_host *to_qcom_nand_host(struct nand_chip *chip) @@ -756,6 +791,12 @@ static int prepare_bam_async_desc(struct qcom_nand_controller *nandc, desc->dma_desc = dma_desc; + /* update last data/command descriptor */ + if (chan == nandc->cmd_chan) + bam_txn->last_cmd_desc = dma_desc; + else + bam_txn->last_data_desc = dma_desc; + list_add_tail(&desc->node, &nandc->desc_list); return 0; @@ -1273,10 +1314,20 @@ static int submit_descs(struct qcom_nand_controller *nandc) cookie = dmaengine_submit(desc->dma_desc); if (nandc->props->is_bam) { + bam_txn->last_cmd_desc->callback = qpic_bam_dma_done; + bam_txn->last_cmd_desc->callback_param = bam_txn; + if (bam_txn->last_data_desc) { + bam_txn->last_data_desc->callback = qpic_bam_dma_done; + bam_txn->last_data_desc->callback_param = bam_txn; + bam_txn->wait_second_completion = true; + } + dma_async_issue_pending(nandc->tx_chan); dma_async_issue_pending(nandc->rx_chan); + dma_async_issue_pending(nandc->cmd_chan); - if (dma_sync_wait(nandc->cmd_chan, cookie) != DMA_COMPLETE) + if (!wait_for_completion_timeout(&bam_txn->txn_done, + QPIC_NAND_COMPLETION_TIMEOUT)) return -ETIMEDOUT; } else { if (dma_sync_wait(nandc->chan, cookie) != DMA_COMPLETE) -- QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, hosted by The Linux Foundation

7 years, 7 months

2
1
0 0

Linux 4.4.133

by Greg KH

I'm announcing the release of the 4.4.133 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/alpha/include/asm/futex.h | 26 -- arch/arc/include/asm/futex.h | 40 ---- arch/arm/boot/dts/imx6qdl-wandboard.dtsi | 1 arch/arm/include/asm/assembler.h | 10 + arch/arm/include/asm/futex.h | 26 -- arch/arm/kernel/traps.c | 5 arch/arm/lib/getuser.S | 10 + arch/arm/probes/kprobes/opt-arm.c | 4 arch/arm64/Kconfig | 14 + arch/arm64/include/asm/assembler.h | 60 ++++++ arch/arm64/include/asm/cputype.h | 11 + arch/arm64/include/asm/futex.h | 26 -- arch/arm64/mm/proc.S | 5 arch/frv/include/asm/futex.h | 3 arch/frv/kernel/futex.c | 27 -- arch/hexagon/include/asm/futex.h | 38 ---- arch/ia64/include/asm/futex.h | 25 -- arch/microblaze/include/asm/futex.h | 38 ---- arch/mips/include/asm/futex.h | 25 -- arch/parisc/include/asm/futex.h | 25 -- arch/powerpc/include/asm/firmware.h | 5 arch/powerpc/include/asm/futex.h | 26 -- arch/powerpc/kernel/setup-common.c | 11 - arch/powerpc/platforms/powernv/eeh-powernv.c | 4 arch/powerpc/platforms/powernv/idle.c | 2 arch/powerpc/platforms/powernv/opal-nvram.c | 14 + arch/powerpc/platforms/powernv/opal-xscom.c | 2 arch/powerpc/platforms/powernv/opal.c | 36 +-- arch/powerpc/platforms/powernv/pci-ioda.c | 2 arch/powerpc/platforms/powernv/setup.c | 12 - arch/powerpc/platforms/powernv/smp.c | 74 +++----- arch/s390/include/asm/alternative-asm.h | 108 +++++++++++ arch/s390/include/asm/futex.h | 23 -- arch/s390/include/asm/nospec-insn.h | 182 +++++++++++++++++++ arch/s390/kernel/Makefile | 1 arch/s390/kernel/base.S | 24 +- arch/s390/kernel/entry.S | 105 ++--------- arch/s390/kernel/irq.c | 5 arch/s390/kernel/nospec-branch.c | 43 ++-- arch/s390/kernel/nospec-sysfs.c | 21 ++ arch/s390/kernel/perf_cpum_sf.c | 4 arch/s390/kernel/reipl.S | 5 arch/s390/kernel/swsusp.S | 10 - arch/s390/lib/mem.S | 9 arch/s390/net/bpf_jit.S | 16 + arch/s390/net/bpf_jit_comp.c | 63 ++++++ arch/sh/include/asm/futex.h | 26 -- arch/sparc/include/asm/futex_64.h | 26 -- arch/tile/include/asm/futex.h | 40 ---- arch/x86/boot/compressed/eboot.c | 6 arch/x86/include/asm/futex.h | 40 ---- arch/x86/kernel/machine_kexec_32.c | 6 arch/x86/kernel/machine_kexec_64.c | 4 arch/x86/xen/mmu.c | 4 arch/xtensa/include/asm/futex.h | 27 -- drivers/cpufreq/intel_pstate.c | 34 ++- drivers/cpufreq/powernv-cpufreq.c | 2 drivers/cpuidle/coupled.c | 1 drivers/cpuidle/cpuidle-powernv.c | 2 drivers/gpio/gpio-rcar.c | 46 +++++ drivers/net/bonding/bond_alb.c | 2 drivers/net/ethernet/broadcom/tg3.c | 9 drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 16 + drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 7 drivers/net/ethernet/realtek/8139too.c | 2 drivers/net/ethernet/realtek/r8169.c | 3 drivers/net/ethernet/sun/niu.c | 5 drivers/net/usb/qmi_wwan.c | 12 + drivers/s390/cio/qdio_setup.c | 12 - drivers/s390/scsi/zfcp_dbf.c | 23 ++ drivers/s390/scsi/zfcp_ext.h | 5 drivers/s390/scsi/zfcp_scsi.c | 14 - drivers/scsi/libsas/sas_scsi_host.c | 33 +-- drivers/scsi/sg.c | 2 drivers/spi/spi-pxa2xx.h | 2 drivers/usb/usbip/stub.h | 2 drivers/usb/usbip/stub_dev.c | 43 ++-- drivers/usb/usbip/stub_main.c | 105 ++++++++++- fs/btrfs/ctree.c | 6 fs/btrfs/tree-log.c | 7 fs/btrfs/volumes.c | 9 fs/ext2/inode.c | 10 - fs/hfsplus/super.c | 1 fs/lockd/svc.c | 2 fs/pipe.c | 3 fs/proc/base.c | 55 +++++- fs/proc/meminfo.c | 5 include/asm-generic/futex.h | 50 ----- include/linux/dmaengine.h | 20 ++ include/linux/efi.h | 8 include/linux/signal.h | 17 + include/linux/timekeeper_internal.h | 4 include/trace/events/xen.h | 16 - include/uapi/linux/nl80211.h | 2 kernel/auditsc.c | 7 kernel/exit.c | 4 kernel/futex.c | 44 ++++ kernel/signal.c | 7 kernel/time/tick-broadcast.c | 8 kernel/time/timekeeping.c | 20 +- mm/Kconfig | 1 mm/filemap.c | 90 ++++++--- mm/util.c | 16 + mm/vmscan.c | 12 - net/bridge/br_if.c | 4 net/compat.c | 6 net/core/sock.c | 2 net/dccp/ccids/ccid2.c | 14 + net/dccp/timer.c | 2 net/ipv4/ip_output.c | 3 net/ipv4/ping.c | 7 net/ipv4/tcp.c | 2 net/ipv4/tcp_output.c | 7 net/ipv4/udp.c | 7 net/ipv6/ip6_output.c | 3 net/l2tp/l2tp_netlink.c | 2 net/llc/af_llc.c | 3 net/openvswitch/flow_netlink.c | 9 net/packet/af_packet.c | 4 net/sched/sch_fq.c | 37 ++-- net/sctp/associola.c | 30 +++ net/sctp/inqueue.c | 2 net/sctp/ipv6.c | 3 net/sctp/sm_statefuns.c | 89 +++++---- net/wireless/core.c | 3 net/xfrm/xfrm_state.c | 1 sound/core/control_compat.c | 3 sound/core/timer.c | 220 +++++++++++------------- sound/pci/hda/hda_intel.c | 2 sound/usb/mixer.c | 8 131 files changed, 1583 insertions(+), 1103 deletions(-) Al Viro (1): ext2: fix a block leak Alexander Potapenko (1): scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() Anand Jain (1): btrfs: fix crash when trying to resume balance without the resume flag Anders Roxell (1): cpuidle: coupled: remove unused define cpuidle_coupled_lock Andrey Ignatov (1): ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg Andy Shevchenko (1): spi: pxa2xx: Allow 64-bit DMA Antony Antony (1): xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) Ard Biesheuvel (2): arm64: introduce mov_q macro to move a constant into a 64-bit register efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode Benjamin Herrenschmidt (1): powerpc: Don't preempt_disable() in show_cpuinfo() Bjørn Mork (1): qmi_wwan: do not steal interfaces from class drivers Debabrata Banerjee (1): bonding: do not allow rlb updates to invalid mac Dexuan Cui (1): tick/broadcast: Use for_each_cpu() specially on UP kernels Eric Dumazet (5): dccp: fix tasklet usage llc: better deal with too small mtu net_sched: fq: take care of throttled flows before reuse sock_diag: fix use-after-free read in __sk_free tcp: purge write queue in tcp_connect_init() Federico Cuello (1): ALSA: usb: mixer: volume quirk for CM102-A+/102S+ Filipe Manana (1): Btrfs: fix xattr loss after power failure Geert Uytterhoeven (1): gpio: rcar: Add Runtime PM handling for interrupts Greg Kroah-Hartman (2): Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap" Linux 4.4.133 Hangbin Liu (1): bridge: check iface upper dev when setting master via ioctl Hans de Goede (1): ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist Heiner Kallweit (1): r8169: fix powering up RTL8168h Hendrik Brueckner (1): s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero Ingo Molnar (1): 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() James Chapman (1): l2tp: revert "l2tp: fix missing print session offset info" Janis Danisevskis (1): procfs: fix pthread cross-thread naming if !PR_DUMPABLE Jason Yan (1): scsi: libsas: defer ata device eh commands to libata Jens Remus (1): scsi: zfcp: fix infinite iteration on ERP ready list Jiri Slaby (2): futex: Remove duplicated code and fix undefined behaviour futex: futex_wake_op, fix sign_extend32 sign bits Johannes Berg (1): cfg80211: limit wiphy names to 128 bytes Johannes Weiner (1): proc: meminfo: estimate available memory more conservatively John Stultz (1): time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting Julian Wiedmann (2): s390/qdio: fix access to uninitialized qdio_q fields s390/qdio: don't release memory in qdio_setup_irq() Lance Richardson (1): net: support compat 64-bit time in {s,g}etsockopt Liu Bo (1): btrfs: fix reading stale metadata blocks after degraded raid1 mounts Martin Schwidefsky (8): s390: remove indirect branch from do_softirq_own_stack s390: add assembler macros for CPU alternatives s390: move expoline assembler macros to a header s390/lib: use expoline for indirect branches s390/kernel: use expoline for indirect branches s390: move spectre sysfs attribute code s390: extend expoline to BC instructions s390: use expoline thunks in the BPF JIT Masami Hiramatsu (4): ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed ARM: 8770/1: kprobes: Prohibit probing on optimized_callback ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions Mateusz Guzik (1): proc read mm's {arg,env}_{start,end} with mmap semaphore taken. Mel Gorman (3): futex: Remove unnecessary warning from get_futex_key mm: filemap: remove redundant code in do_read_cache_page mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to complete during a read Michael Chan (1): tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent(). Michael Kerrisk (man-pages) (1): pipe: cap initial pipe capacity according to pipe-max-size limit Moshe Shemesh (1): net/mlx4_en: Verify coalescing parameters are in range Nicholas Piggin (1): powerpc/powernv: Fix NVRAM sleep in invalid context when crashing Pavel Tatashin (1): mm: don't allow deferred pages with NEED_PER_CPU_KM Richard Guy Briggs (1): audit: move calcs after alloc and check when logging set loginuid Rob Taglang (1): net: ethernet: sun: niu set correct packet size in skb Shuah Khan (1): usbip: usbip_host: refine probe and disconnect debug msgs to be useful Shuah Khan (Samsung OSG) (4): usbip: usbip_host: delete device from busid_table after rebind usbip: usbip_host: run rebind from exit when module is removed usbip: usbip_host: fix NULL-ptr deref and use-after-free errors usbip: usbip_host: fix bad unlock balance during stub_probe() Srinivas Pandruvada (1): cpufreq: intel_pstate: Enable HWP by default Stefano Brivio (1): openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found Steven Rostedt (VMware) (1): tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} Stewart Smith (3): powerpc/powernv: panic() on OPAL < V3 powerpc/powernv: Remove OPALv2 firmware define and references powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL Suzuki K Poulose (1): arm64: Add work around for Arm Cortex-A55 Erratum 1024718 Takashi Iwai (1): ALSA: timer: Call notifier in the same spinlock Tetsuo Handa (2): hfsplus: stop workqueue when fill_super() failed x86/kexec: Avoid double free_page() upon do_kexec_load() failure Vasily Averin (1): lockd: lost rollback of set_grace_period() in lockd_down_net() Vinod Koul (1): dmaengine: ensure dmaengine helpers check valid callback Vladimir Davydov (1): vmscan: do not force-scan file lru if its absolute size is small Waiman Long (1): signals: avoid unnecessary taking of sighand->siglock Wenwen Wang (1): ALSA: control: fix a redundant-copy issue Willem de Bruijn (2): net: test tailroom before appending to linear skb packet: in packet_snd start writing at link layer allocation Xin Long (4): sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr sctp: use the old asoc when making the cookie-ack chunk in dupcook_d sctp: fix the issue that the cookie-ack with auth can't get processed sctp: delay the authentication for the duplicated cookie-echo chunk Yuchung Cheng (1): tcp: ignore Fast Open on repair mode zhongjiang (1): kernel/exit.c: avoid undefined behaviour when calling wait4()

7 years, 7 months

1
1
0 0

[PATCH stable 4.14 00/23] powerpc backports for 4.14

by Michael Ellerman

Hi Greg, Please queue up this series of patches for 4.14 if you have no objections. cheers Mauricio Faria de Oliveira (4): powerpc/rfi-flush: Differentiate enabled and patched flush types powerpc/pseries: Fix clearing of security feature flags powerpc: Move default security feature flags powerpc/pseries: Restore default security feature flags on setup Michael Ellerman (17): powerpc/pseries: Support firmware disable of RFI flush powerpc/powernv: Support firmware disable of RFI flush powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again powerpc/rfi-flush: Always enable fallback flush on pseries powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags powerpc: Add security feature flags for Spectre/Meltdown powerpc/pseries: Set or clear security feature flags powerpc/powernv: Set or clear security feature flags powerpc/64s: Move cpu_show_meltdown() powerpc/64s: Enhance the information in cpu_show_meltdown() powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() powerpc/64s: Wire up cpu_show_spectre_v1() powerpc/64s: Wire up cpu_show_spectre_v2() powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() Nicholas Piggin (2): powerpc/64s: Improve RFI L1-D cache flush fallback powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit arch/powerpc/include/asm/exception-64s.h | 29 ++++ arch/powerpc/include/asm/feature-fixups.h | 19 +++ arch/powerpc/include/asm/hvcall.h | 3 + arch/powerpc/include/asm/paca.h | 3 +- arch/powerpc/include/asm/security_features.h | 85 ++++++++++ arch/powerpc/include/asm/setup.h | 2 +- arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kernel/asm-offsets.c | 3 +- arch/powerpc/kernel/exceptions-64s.S | 95 ++++++----- arch/powerpc/kernel/security.c | 237 +++++++++++++++++++++++++++ arch/powerpc/kernel/setup_64.c | 48 ++---- arch/powerpc/kernel/vmlinux.lds.S | 14 ++ arch/powerpc/lib/feature-fixups.c | 124 +++++++++++++- arch/powerpc/platforms/powernv/setup.c | 92 ++++++++--- arch/powerpc/platforms/pseries/mobility.c | 3 + arch/powerpc/platforms/pseries/pseries.h | 2 + arch/powerpc/platforms/pseries/setup.c | 81 +++++++-- arch/powerpc/xmon/xmon.c | 2 + 18 files changed, 721 insertions(+), 123 deletions(-) create mode 100644 arch/powerpc/include/asm/security_features.h create mode 100644 arch/powerpc/kernel/security.c -- 2.14.1

7 years, 7 months

2
26
0 0

[git:media_tree/master] media: vsp1: Release buffers for each video node

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: vsp1: Release buffers for each video node Author: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> Date: Fri May 18 16:41:54 2018 -0400 Commit 372b2b0399fc ("media: v4l: vsp1: Release buffers in start_streaming error path") introduced a helper to clean up buffers on error paths, but inadvertently changed the code such that only the output WPF buffers were cleaned, rather than the video node being operated on. Since then vsp1_video_cleanup_pipeline() has grown to perform both video node cleanup, as well as pipeline cleanup. Split the implementation into two distinct functions that perform the required work, so that each video node can release its buffers correctly on streamoff. The pipe cleanup that was performed in the vsp1_video_stop_streaming() (releasing the pipe->dl) is moved to the function for clarity. Fixes: 372b2b0399fc ("media: v4l: vsp1: Release buffers in start_streaming error path") Cc: stable(a)vger.kernel.org # v4.14+ Signed-off-by: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/platform/vsp1/vsp1_video.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) --- diff --git a/drivers/media/platform/vsp1/vsp1_video.c b/drivers/media/platform/vsp1/vsp1_video.c index c8c12223a267..ba89dd176a13 100644 --- a/drivers/media/platform/vsp1/vsp1_video.c +++ b/drivers/media/platform/vsp1/vsp1_video.c @@ -842,9 +842,8 @@ static int vsp1_video_setup_pipeline(struct vsp1_pipeline *pipe) return 0; } -static void vsp1_video_cleanup_pipeline(struct vsp1_pipeline *pipe) +static void vsp1_video_release_buffers(struct vsp1_video *video) { - struct vsp1_video *video = pipe->output->video; struct vsp1_vb2_buffer *buffer; unsigned long flags; @@ -854,12 +853,18 @@ static void vsp1_video_cleanup_pipeline(struct vsp1_pipeline *pipe) vb2_buffer_done(&buffer->buf.vb2_buf, VB2_BUF_STATE_ERROR); INIT_LIST_HEAD(&video->irqqueue); spin_unlock_irqrestore(&video->irqlock, flags); +} + +static void vsp1_video_cleanup_pipeline(struct vsp1_pipeline *pipe) +{ + lockdep_assert_held(&pipe->lock); /* Release our partition table allocation */ - mutex_lock(&pipe->lock); kfree(pipe->part_table); pipe->part_table = NULL; - mutex_unlock(&pipe->lock); + + vsp1_dl_list_put(pipe->dl); + pipe->dl = NULL; } static int vsp1_video_start_streaming(struct vb2_queue *vq, unsigned int count) @@ -874,8 +879,9 @@ static int vsp1_video_start_streaming(struct vb2_queue *vq, unsigned int count) if (pipe->stream_count == pipe->num_inputs) { ret = vsp1_video_setup_pipeline(pipe); if (ret < 0) { - mutex_unlock(&pipe->lock); + vsp1_video_release_buffers(video); vsp1_video_cleanup_pipeline(pipe); + mutex_unlock(&pipe->lock); return ret; } @@ -925,13 +931,12 @@ static void vsp1_video_stop_streaming(struct vb2_queue *vq) if (ret == -ETIMEDOUT) dev_err(video->vsp1->dev, "pipeline stop timeout\n"); - vsp1_dl_list_put(pipe->dl); - pipe->dl = NULL; + vsp1_video_cleanup_pipeline(pipe); } mutex_unlock(&pipe->lock); media_pipeline_stop(&video->video.entity); - vsp1_video_cleanup_pipeline(pipe); + vsp1_video_release_buffers(video); vsp1_video_pipeline_put(pipe); }

7 years, 7 months

1
0
0 0

[patch 16/16] kasan: fix memory hotplug during boot

by akpm＠linux-foundation.org

From: David Hildenbrand <david(a)redhat.com> Subject: kasan: fix memory hotplug during boot Using module_init() is wrong. E.g. ACPI adds and onlines memory before our memory notifier gets registered. This makes sure that ACPI memory detected during boot up will not result in a kernel crash. Easily reproducible with QEMU, just specify a DIMM when starting up. Link: http://lkml.kernel.org/r/20180522100756.18478-3-david@redhat.com Fixes: 786a8959912e ("kasan: disable memory hotplug") Signed-off-by: David Hildenbrand <david(a)redhat.com> Acked-by: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/kasan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN mm/kasan/kasan.c~kasan-fix-memory-hotplug-during-boot mm/kasan/kasan.c --- a/mm/kasan/kasan.c~kasan-fix-memory-hotplug-during-boot +++ a/mm/kasan/kasan.c @@ -898,5 +898,5 @@ static int __init kasan_memhotplug_init( return 0; } -module_init(kasan_memhotplug_init); +core_initcall(kasan_memhotplug_init); #endif _

7 years, 7 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror