- Linux-stable-mirror - lists.linaro.org

Patch "clk: axi-clkgen: Correctly handle nocount bit in recalc_rate()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled clk: axi-clkgen: Correctly handle nocount bit in recalc_rate() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: clk-axi-clkgen-correctly-handle-nocount-bit-in-recalc_rate.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:03:40 CET 2018 From: Lars-Peter Clausen <lars(a)metafoo.de> Date: Tue, 5 Sep 2017 11:32:40 +0200 Subject: clk: axi-clkgen: Correctly handle nocount bit in recalc_rate() From: Lars-Peter Clausen <lars(a)metafoo.de> [ Upstream commit 063578dc5f407f67d149133818efabe457daafda ] If the nocount bit is set the divider is bypassed and the settings for the divider count should be ignored and a divider value of 1 should be assumed. Handle this correctly in the driver recalc_rate() callback. While the driver sets up the part so that the read back dividers values yield the correct result the power-on reset settings of the part might not reflect this and hence calling e.g. clk_get_rate() without prior calls to clk_set_rate() will yield the wrong result. Signed-off-by: Lars-Peter Clausen <lars(a)metafoo.de> Signed-off-by: Stephen Boyd <sboyd(a)codeaurora.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/clk/clk-axi-clkgen.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) --- a/drivers/clk/clk-axi-clkgen.c +++ b/drivers/clk/clk-axi-clkgen.c @@ -40,6 +40,10 @@ #define MMCM_REG_FILTER1 0x4e #define MMCM_REG_FILTER2 0x4f +#define MMCM_CLKOUT_NOCOUNT BIT(6) + +#define MMCM_CLK_DIV_NOCOUNT BIT(12) + struct axi_clkgen { void __iomem *base; struct clk_hw clk_hw; @@ -315,12 +319,27 @@ static unsigned long axi_clkgen_recalc_r unsigned int reg; unsigned long long tmp; - axi_clkgen_mmcm_read(axi_clkgen, MMCM_REG_CLKOUT0_1, &reg); - dout = (reg & 0x3f) + ((reg >> 6) & 0x3f); + axi_clkgen_mmcm_read(axi_clkgen, MMCM_REG_CLKOUT0_2, &reg); + if (reg & MMCM_CLKOUT_NOCOUNT) { + dout = 1; + } else { + axi_clkgen_mmcm_read(axi_clkgen, MMCM_REG_CLKOUT0_1, &reg); + dout = (reg & 0x3f) + ((reg >> 6) & 0x3f); + } + axi_clkgen_mmcm_read(axi_clkgen, MMCM_REG_CLK_DIV, &reg); - d = (reg & 0x3f) + ((reg >> 6) & 0x3f); - axi_clkgen_mmcm_read(axi_clkgen, MMCM_REG_CLK_FB1, &reg); - m = (reg & 0x3f) + ((reg >> 6) & 0x3f); + if (reg & MMCM_CLK_DIV_NOCOUNT) + d = 1; + else + d = (reg & 0x3f) + ((reg >> 6) & 0x3f); + + axi_clkgen_mmcm_read(axi_clkgen, MMCM_REG_CLK_FB2, &reg); + if (reg & MMCM_CLKOUT_NOCOUNT) { + m = 1; + } else { + axi_clkgen_mmcm_read(axi_clkgen, MMCM_REG_CLK_FB1, &reg); + m = (reg & 0x3f) + ((reg >> 6) & 0x3f); + } if (d == 0 || dout == 0) return 0; Patches currently in stable-queue which might be from lars(a)metafoo.de are queue-4.15/clk-axi-clkgen-correctly-handle-nocount-bit-in-recalc_rate.patch

7 years, 5 months

1
0
0 0

Patch "clk: at91: pmc: Wait for clocks when resuming" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled clk: at91: pmc: Wait for clocks when resuming to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: clk-at91-pmc-wait-for-clocks-when-resuming.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:03:40 CET 2018 From: Romain Izard <romain.izard.pro(a)gmail.com> Date: Mon, 11 Dec 2017 17:55:33 +0100 Subject: clk: at91: pmc: Wait for clocks when resuming From: Romain Izard <romain.izard.pro(a)gmail.com> [ Upstream commit 960e1c4d93be86d3b118fe22d4edc69e401b28b5 ] Wait for the syncronization of all clocks when resuming, not only the UPLL clock. Do not use regmap_read_poll_timeout, as it will call BUG() when interrupts are masked, which is the case in here. Signed-off-by: Romain Izard <romain.izard.pro(a)gmail.com> Acked-by: Ludovic Desroches <ludovic.desroches(a)microchip.com> Acked-by: Nicolas Ferre <nicolas.ferre(a)microchip.com> Acked-by: Alexandre Belloni <alexandre.belloni(a)free-electrons.com> Signed-off-by: Stephen Boyd <sboyd(a)codeaurora.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/clk/at91/pmc.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) --- a/drivers/clk/at91/pmc.c +++ b/drivers/clk/at91/pmc.c @@ -107,10 +107,20 @@ static int pmc_suspend(void) return 0; } +static bool pmc_ready(unsigned int mask) +{ + unsigned int status; + + regmap_read(pmcreg, AT91_PMC_SR, &status); + + return ((status & mask) == mask) ? 1 : 0; +} + static void pmc_resume(void) { - int i, ret = 0; + int i; u32 tmp; + u32 mask = AT91_PMC_MCKRDY | AT91_PMC_LOCKA; regmap_read(pmcreg, AT91_PMC_MCKR, &tmp); if (pmc_cache.mckr != tmp) @@ -134,13 +144,11 @@ static void pmc_resume(void) AT91_PMC_PCR_CMD); } - if (pmc_cache.uckr & AT91_PMC_UPLLEN) { - ret = regmap_read_poll_timeout(pmcreg, AT91_PMC_SR, tmp, - !(tmp & AT91_PMC_LOCKU), - 10, 5000); - if (ret) - pr_crit("USB PLL didn't lock when resuming\n"); - } + if (pmc_cache.uckr & AT91_PMC_UPLLEN) + mask |= AT91_PMC_LOCKU; + + while (!pmc_ready(mask)) + cpu_relax(); } static struct syscore_ops pmc_syscore_ops = { Patches currently in stable-queue which might be from romain.izard.pro(a)gmail.com are queue-4.15/clk-at91-pmc-wait-for-clocks-when-resuming.patch

7 years, 5 months

1
0
0 0

Patch "bpf/cgroup: fix a verification error for a CGROUP_DEVICE type prog" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bpf/cgroup: fix a verification error for a CGROUP_DEVICE type prog to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bpf-cgroup-fix-a-verification-error-for-a-cgroup_device-type-prog.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:03:39 CET 2018 From: Yonghong Song <yhs(a)fb.com> Date: Mon, 18 Dec 2017 10:13:44 -0800 Subject: bpf/cgroup: fix a verification error for a CGROUP_DEVICE type prog From: Yonghong Song <yhs(a)fb.com> [ Upstream commit 06ef0ccb5a36e1feba9b413ff59a04ecc4407c1c ] The tools/testing/selftests/bpf test program test_dev_cgroup fails with the following error when compiled with llvm 6.0. (I did not try with earlier versions.) libbpf: load bpf program failed: Permission denied libbpf: -- BEGIN DUMP LOG --- libbpf: 0: (61) r2 = *(u32 *)(r1 +4) 1: (b7) r0 = 0 2: (55) if r2 != 0x1 goto pc+8 R0=inv0 R1=ctx(id=0,off=0,imm=0) R2=inv1 R10=fp0 3: (69) r2 = *(u16 *)(r1 +0) invalid bpf_context access off=0 size=2 ... The culprit is the following statement in dev_cgroup.c: short type = ctx->access_type & 0xFFFF; This code is typical as the ctx->access_type is assigned as below in kernel/bpf/cgroup.c: struct bpf_cgroup_dev_ctx ctx = { .access_type = (access << 16) | dev_type, .major = major, .minor = minor, }; The compiler converts it to u16 access while the verifier cgroup_dev_is_valid_access rejects any non u32 access. This patch permits the field access_type to be accessible with type u16 and u8 as well. Signed-off-by: Yonghong Song <yhs(a)fb.com> Tested-by: Roman Gushchin <guro(a)fb.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/uapi/linux/bpf.h | 3 ++- kernel/bpf/cgroup.c | 15 +++++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -995,7 +995,8 @@ struct bpf_perf_event_value { #define BPF_DEVCG_DEV_CHAR (1ULL << 1) struct bpf_cgroup_dev_ctx { - __u32 access_type; /* (access << 16) | type */ + /* access_type encoded as (BPF_DEVCG_ACC_* << 16) | BPF_DEVCG_DEV_* */ + __u32 access_type; __u32 major; __u32 minor; }; --- a/kernel/bpf/cgroup.c +++ b/kernel/bpf/cgroup.c @@ -568,6 +568,8 @@ static bool cgroup_dev_is_valid_access(i enum bpf_access_type type, struct bpf_insn_access_aux *info) { + const int size_default = sizeof(__u32); + if (type == BPF_WRITE) return false; @@ -576,8 +578,17 @@ static bool cgroup_dev_is_valid_access(i /* The verifier guarantees that size > 0. */ if (off % size != 0) return false; - if (size != sizeof(__u32)) - return false; + + switch (off) { + case bpf_ctx_range(struct bpf_cgroup_dev_ctx, access_type): + bpf_ctx_record_field_size(info, size_default); + if (!bpf_ctx_narrow_access_ok(off, size, size_default)) + return false; + break; + default: + if (size != size_default) + return false; + } return true; } Patches currently in stable-queue which might be from yhs(a)fb.com are queue-4.15/bpf-cgroup-fix-a-verification-error-for-a-cgroup_device-type-prog.patch

7 years, 5 months

1
0
0 0

Patch "Bluetooth: hci_qca: Avoid setup failure on missing rampatch" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Bluetooth: hci_qca: Avoid setup failure on missing rampatch to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bluetooth-hci_qca-avoid-setup-failure-on-missing-rampatch.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:03:39 CET 2018 From: Loic Poulain <loic.poulain(a)linaro.org> Date: Mon, 6 Nov 2017 12:16:56 +0100 Subject: Bluetooth: hci_qca: Avoid setup failure on missing rampatch From: Loic Poulain <loic.poulain(a)linaro.org> [ Upstream commit ba8f3597900291a93604643017fff66a14546015 ] Assuming that the original code idea was to enable in-band sleeping only if the setup_rome method returns succes and run in 'standard' mode otherwise, we should not return setup_rome return value which makes qca_setup fail if no rampatch/nvm file found. This fixes BT issue on the dragonboard-820C p4 which includes the following QCA controller: hci0: Product:0x00000008 hci0: Patch :0x00000111 hci0: ROM :0x00000302 hci0: SOC :0x00000044 Since there is no rampatch for this controller revision, just make it work as is. Signed-off-by: Loic Poulain <loic.poulain(a)linaro.org> Signed-off-by: Marcel Holtmann <marcel(a)holtmann.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/bluetooth/hci_qca.c | 3 +++ 1 file changed, 3 insertions(+) --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -932,6 +932,9 @@ static int qca_setup(struct hci_uart *hu if (!ret) { set_bit(STATE_IN_BAND_SLEEP_ENABLED, &qca->flags); qca_debugfs_init(hdev); + } else if (ret == -ENOENT) { + /* No patch/nvm-config found, run with original fw/config */ + ret = 0; } /* Setup bdaddr */ Patches currently in stable-queue which might be from loic.poulain(a)linaro.org are queue-4.15/bluetooth-btqcomsmd-fix-skb-double-free-corruption.patch queue-4.15/bluetooth-hci_qca-avoid-setup-failure-on-missing-rampatch.patch

7 years, 5 months

1
0
0 0

Patch "Bluetooth: btqcomsmd: Fix skb double free corruption" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Bluetooth: btqcomsmd: Fix skb double free corruption to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bluetooth-btqcomsmd-fix-skb-double-free-corruption.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:03:39 CET 2018 From: Loic Poulain <loic.poulain(a)linaro.org> Date: Wed, 22 Nov 2017 15:03:17 +0100 Subject: Bluetooth: btqcomsmd: Fix skb double free corruption From: Loic Poulain <loic.poulain(a)linaro.org> [ Upstream commit 67b8fbead4685b36d290a0ef91c6ddffc4920ec9 ] In case of hci send frame failure, skb is still owned by the caller (hci_core) and then should not be freed. This fixes crash on dragonboard-410c when sending SCO packet. skb is freed by both btqcomsmd and hci_core. Fixes: 1511cc750c3d ("Bluetooth: Introduce Qualcomm WCNSS SMD based HCI driver") Signed-off-by: Loic Poulain <loic.poulain(a)linaro.org> Signed-off-by: Marcel Holtmann <marcel(a)holtmann.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/bluetooth/btqcomsmd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/bluetooth/btqcomsmd.c +++ b/drivers/bluetooth/btqcomsmd.c @@ -88,7 +88,8 @@ static int btqcomsmd_send(struct hci_dev break; } - kfree_skb(skb); + if (!ret) + kfree_skb(skb); return ret; } Patches currently in stable-queue which might be from loic.poulain(a)linaro.org are queue-4.15/bluetooth-btqcomsmd-fix-skb-double-free-corruption.patch queue-4.15/bluetooth-hci_qca-avoid-setup-failure-on-missing-rampatch.patch

7 years, 5 months

1
0
0 0

Patch "ath10k: handling qos at STA side based on AP WMM enable/disable" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ath10k: handling qos at STA side based on AP WMM enable/disable to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ath10k-handling-qos-at-sta-side-based-on-ap-wmm-enable-disable.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:03:39 CET 2018 From: Balaji Pothunoori <bpothuno(a)qti.qualcomm.com> Date: Thu, 7 Dec 2017 16:58:04 +0200 Subject: ath10k: handling qos at STA side based on AP WMM enable/disable From: Balaji Pothunoori <bpothuno(a)qti.qualcomm.com> [ Upstream commit 07ffb4497360ae8789f05555fec8171ee952304d ] Data packets are not sent by STA in case of STA joined to non QOS AP (WMM disabled AP). This is happening because of STA is sending data packets to firmware from host with qos enabled along with non qos queue value(TID = 16). Due to qos enabled, firmware is discarding the packet. This patch fixes this issue by updating the qos based on station WME capability field if WMM is disabled in AP. This patch is required by 10.4 family chipsets like QCA4019/QCA9888/QCA9884/QCA99X0. Firmware Versoin : 10.4-3.5.1-00018. For 10.2.4 family chipsets QCA988X/QCA9887 and QCA6174 this patch has no effect. Signed-off-by: Balaji Pothunoori <bpothuno(a)qti.qualcomm.com> Signed-off-by: Kalle Valo <kvalo(a)qca.qualcomm.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/wireless/ath/ath10k/mac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/wireless/ath/ath10k/mac.c +++ b/drivers/net/wireless/ath/ath10k/mac.c @@ -2563,7 +2563,7 @@ static void ath10k_peer_assoc_h_qos(stru } break; case WMI_VDEV_TYPE_STA: - if (vif->bss_conf.qos) + if (sta->wme) arg->peer_flags |= arvif->ar->wmi.peer_flags->qos; break; case WMI_VDEV_TYPE_IBSS: Patches currently in stable-queue which might be from bpothuno(a)qti.qualcomm.com are queue-4.15/ath10k-handling-qos-at-sta-side-based-on-ap-wmm-enable-disable.patch

7 years, 5 months

1
0
0 0

Patch "ARM: dts: aspeed-evb: Add unit name to memory node" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ARM: dts: aspeed-evb: Add unit name to memory node to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arm-dts-aspeed-evb-add-unit-name-to-memory-node.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Mar 22 14:03:40 CET 2018 From: Joel Stanley <joel(a)jms.id.au> Date: Mon, 18 Dec 2017 23:27:03 +1030 Subject: ARM: dts: aspeed-evb: Add unit name to memory node From: Joel Stanley <joel(a)jms.id.au> [ Upstream commit e40ed274489a5f516da120186578eb379b452ac6 ] Fixes a warning when building with W=1. All of the ASPEED device trees build without warnings now. Signed-off-by: Joel Stanley <joel(a)jms.id.au> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/boot/dts/aspeed-ast2500-evb.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/arm/boot/dts/aspeed-ast2500-evb.dts +++ b/arch/arm/boot/dts/aspeed-ast2500-evb.dts @@ -16,7 +16,7 @@ bootargs = "console=ttyS4,115200 earlyprintk"; }; - memory { + memory@80000000 { reg = <0x80000000 0x20000000>; }; }; Patches currently in stable-queue which might be from joel(a)jms.id.au are queue-4.15/arm-dts-aspeed-evb-add-unit-name-to-memory-node.patch

7 years, 5 months

1
0
0 0

Linux 3.18.101

by Greg KH

I'm announcing the release of the 3.18.101 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/am335x-pepper.dts | 2 arch/arm/boot/dts/moxart-uc7112lx.dts | 2 arch/arm/boot/dts/moxart.dtsi | 17 ++++--- arch/arm/boot/dts/omap3-n900.dts | 4 - arch/arm/boot/dts/r8a7790.dtsi | 7 ++- arch/arm/boot/dts/r8a7791.dtsi | 7 ++- arch/mips/net/bpf_jit.c | 16 +++++-- arch/powerpc/mm/fault.c | 2 arch/x86/kernel/kprobes/core.c | 6 ++ arch/x86/kernel/kprobes/opt.c | 3 + block/blk-throttle.c | 11 ++++ drivers/gpu/drm/drm_irq.c | 14 +++++- drivers/gpu/drm/radeon/radeon_display.c | 6 ++ drivers/hid/hid-elo.c | 6 ++ drivers/hid/hid-input.c | 20 ++++++--- drivers/input/touchscreen/tsc2007.c | 8 +++ drivers/iommu/iova.c | 2 drivers/media/i2c/soc_camera/ov6650.c | 2 drivers/media/usb/cpia2/cpia2_v4l.c | 4 - drivers/mtd/nand/nand_base.c | 9 +++- drivers/net/ethernet/apm/xgene/xgene_enet_hw.c | 1 drivers/net/ethernet/apm/xgene/xgene_enet_hw.h | 1 drivers/net/ethernet/faraday/ftgmac100.c | 1 drivers/net/ethernet/intel/fm10k/fm10k_ethtool.c | 2 drivers/net/veth.c | 3 + drivers/net/wireless/ath/ath10k/debug.c | 9 ++++ drivers/net/wireless/ath/wil6210/main.c | 20 +++++++-- drivers/of/device.c | 2 drivers/pci/pci-driver.c | 2 drivers/scsi/ipr.c | 16 +++++-- drivers/scsi/scsi_devinfo.c | 2 drivers/scsi/sg.c | 36 +++++++++------- drivers/spi/spi-omap2-mcspi.c | 9 ++-- drivers/spi/spi-sun6i.c | 2 drivers/usb/gadget/udc/dummy_hcd.c | 20 +++------ drivers/video/fbdev/amba-clcd.c | 4 - fs/aio.c | 42 +++++++++++++------ fs/dcache.c | 11 +++- fs/reiserfs/journal.c | 2 fs/reiserfs/reiserfs.h | 1 fs/reiserfs/super.c | 21 ++++++--- include/linux/pagemap.h | 4 - include/linux/platform_data/isl9305.h | 2 include/net/tcp.h | 8 ++- kernel/printk/braille.c | 15 +++--- kernel/printk/braille.h | 13 ++++- kernel/sched/core.c | 3 - kernel/time/sched_clock.c | 5 ++ net/batman-adv/bridge_loop_avoidance.c | 20 +++++++-- net/mac80211/iface.c | 2 net/sched/act_csum.c | 12 +++++ net/xfrm/xfrm_policy.c | 2 net/xfrm/xfrm_state.c | 7 +++ security/apparmor/lsm.c | 2 security/integrity/ima/ima_appraise.c | 3 - security/selinux/hooks.c | 8 +++ sound/core/oss/pcm_oss.c | 10 ++-- sound/core/seq/seq_clientmgr.c | 4 - sound/core/seq/seq_prioq.c | 28 ++++++------ sound/core/seq/seq_prioq.h | 6 -- sound/core/seq/seq_queue.c | 28 ++++-------- sound/soc/nuc900/nuc900-ac97.c | 4 - tools/perf/util/event.c | 4 - tools/perf/util/ordered-events.c | 3 - tools/perf/util/session.c | 17 ++++++- tools/testing/selftests/rcutorture/bin/configinit.sh | 2 tools/usb/usbip/src/usbipd.c | 2 68 files changed, 389 insertions(+), 182 deletions(-) Akinobu Mita (1): spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer Al Viro (1): lock_parent() needs to recheck if dentry got __dentry_kill'ed under it Alexander Potapenko (1): selinux: check for address length in selinux_socket_bind() Andreas Pape (1): batman-adv: handle race condition for claims between gateways Andrew F. Davis (2): ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin ARM: dts: omap3-n900: Fix the audio CODEC's reset pin Andrew Lunn (1): net/faraday: Add missing include of of.h Anton Blanchard (1): powerpc: Avoid taking a data miss on every userspace instruction miss Brian King (1): scsi: ipr: Fix missed EH wakeup Chris Wilson (1): drm: Defer disabling the vblank IRQ until the next interrupt (for instant-off) Christopher James Halse Rogers (1): drm/radeon: Fail fb creation from imported dma-bufs. Dan Carpenter (2): media: cpia2: Fix a couple off by one bugs ASoC: nuc900: Fix a loop timeout test David Carrillo-Cisneros (2): perf inject: Copy events when reordering events in pipe mode perf session: Don't rely on evlist in pipe mode David Daney (1): MIPS: BPF: Quit clobbering callee saved registers in JIT code. David Engraf (1): timers, sched_clock: Update timeout for clock wrap Davide Caratti (1): sched: act_csum: don't mangle TCP and UDP GSO packets Dedy Lansky (1): wil6210: fix memory access violation in wil_memcpy_from/toio_32 Gao Feng (1): tcp: sysctl: Fix a race to avoid unexpected 0 window from space Geert Uytterhoeven (2): ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks ARM: dts: r8a7791: Correct parent of SSI[0-9] clocks Greg Kroah-Hartman (1): Linux 3.18.101 H. Nikolaus Schaller (1): Input: tsc2007 - check for presence and power down tsc2007 during probe Hannes Reinecke (1): scsi: sg: close race condition in sg_remove_sfp_usercontext() Jan Kara (1): reiserfs: Make cancel_old_flush() reliable Janusz Krzysztofik (1): media: i2c/soc_camera: fix ov6650 sensor getting wrong clock Jiri Kosina (1): HID: elo: clear BTN_LEFT mapping Johannes Thumshirn (4): scsi: sg: check for valid direction before starting the request scsi: sg: fix SG_DXFER_FROM_DEV transfers scsi: sg: fix static checker warning in sg_is_valid_dxfer scsi: sg: only check for dxfer_len greater than 256M John Johansen (1): apparmor: Make path_max parameter readonly Julien BOIBESSOT (1): tools/usbip: fixes build with musl libc toolchain Kirill A. Shutemov (1): mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative() Liam Beguin (1): video: ARM CLCD: fix dma allocation size Linus Walleij (1): ARM: dts: Adjust moxart IRQ controller and flags Lorenzo Colitti (1): net: xfrm: allow clearing socket xfrm policies. Luca Coelho (1): mac80211: remove BUG() when interface type is invalid Masami Hiramatsu (2): kprobes/x86: Fix kprobe-booster not to boost far call instructions kprobes/x86: Set kprobes pages read-only Mimi Zohar (1): ima: relax requiring a file signature for new files with zero length Miquel Raynal (1): mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() Mohammed Shafi Shajakhan (1): ath10k: disallow DFS simulation if DFS channel is not enabled Nate Watterson (1): iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range Paul E. McKenney (1): sched: Stop resched_cpu() from sending IPIs to offline CPUs Phil Turnbull (1): fm10k: correctly check if interface is removed Prarit Bhargava (1): PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown() Quan Nguyen (1): drivers: net: xgene: Fix hardware checksum setting Rob Herring (1): of: fix of_device_get_modalias returned length when truncating buffers Samuel Thibault (1): braille-console: Fix value returned by _braille_console_setup SeongJae Park (1): rcutorture/configinit: Fix build directory error message Shaohua Li (1): blk-throttle: make sure expire time isn't too big Stephane Eranian (1): perf tools: Make perf_event__synthesize_mmap_events() scale Stephen Hemminger (1): veth: set peer GSO values Takashi Iwai (3): ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats() ALSA: seq: Fix possible UAF in snd_seq_check_queue() ALSA: seq: Clear client entry before deleting else at closing Tejun Heo (2): fs/aio: Add explicit RCU grace period when freeing kioctx fs/aio: Use RCU accessors for kioctx_table->table[] Tobias Jordan (1): spi: sun6i: disable/unprepare clocks on remove Tomasz Kramkowski (1): HID: clamp input to logical range if no null state Valtteri Heikkilä (1): HID: reject input outside logical range only if null state is set Vincent Stehlé (1): regulator: isl9305: fix array size Xose Vazquez Perez (1): scsi: devinfo: apply to HP XP the same flags as Hitachi VSP Yuyang Du (1): usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control()

7 years, 5 months

2
2
0 0

Patch "staging: android: ashmem: Fix possible deadlock in ashmem_ioctl" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: android: ashmem: Fix possible deadlock in ashmem_ioctl to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: staging-android-ashmem-fix-possible-deadlock-in-ashmem_ioctl.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 740a5759bf222332fbb5eda42f89aa25ba38f9b2 Mon Sep 17 00:00:00 2001 From: Yisheng Xie <xieyisheng1(a)huawei.com> Date: Wed, 28 Feb 2018 14:59:22 +0800 Subject: staging: android: ashmem: Fix possible deadlock in ashmem_ioctl From: Yisheng Xie <xieyisheng1(a)huawei.com> commit 740a5759bf222332fbb5eda42f89aa25ba38f9b2 upstream. ashmem_mutex may create a chain of dependencies like: CPU0 CPU1 mmap syscall ioctl syscall -> mmap_sem (acquired) -> ashmem_ioctl -> ashmem_mmap -> ashmem_mutex (acquired) -> ashmem_mutex (try to acquire) -> copy_from_user -> mmap_sem (try to acquire) There is a lock odering problem between mmap_sem and ashmem_mutex causing a lockdep splat[1] during a syzcaller test. This patch fixes the problem by move copy_from_user out of ashmem_mutex. [1] https://www.spinics.net/lists/kernel/msg2733200.html Fixes: ce8a3a9e76d0 (staging: android: ashmem: Fix a race condition in pin ioctls) Reported-by: syzbot+d7a918a7a8e1c952bc36(a)syzkaller.appspotmail.com Signed-off-by: Yisheng Xie <xieyisheng1(a)huawei.com> Cc: "Joel Fernandes (Google)" <joel.opensrc(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/android/ashmem.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) --- a/drivers/staging/android/ashmem.c +++ b/drivers/staging/android/ashmem.c @@ -718,16 +718,14 @@ static int ashmem_pin_unpin(struct ashme size_t pgstart, pgend; int ret = -EINVAL; + if (unlikely(copy_from_user(&pin, p, sizeof(pin)))) + return -EFAULT; + mutex_lock(&ashmem_mutex); if (unlikely(!asma->file)) goto out_unlock; - if (unlikely(copy_from_user(&pin, p, sizeof(pin)))) { - ret = -EFAULT; - goto out_unlock; - } - /* per custom, you can pass zero for len to mean "everything onward" */ if (!pin.len) pin.len = PAGE_ALIGN(asma->size) - pin.offset; Patches currently in stable-queue which might be from xieyisheng1(a)huawei.com are queue-4.9/staging-android-ashmem-fix-possible-deadlock-in-ashmem_ioctl.patch

7 years, 5 months

1
0
0 0

[PATCH 4.9 v2 0/2] Clear LED_BLINK_SW flag in led_blink_set()

by Jacek Anaszewski

The fix for brightness setting when setting delay_off=0 introduces a regression and has truncated commit message. Revert that patch and apply the one-line change required to fix the original issue in the way appropriate for the 4.9 code base. Changes from v1: - added Reported-by and Signed-off-by tags Thanks, Jacek Anaszewski Jacek Anaszewski (2): Revert "led: core: Fix brightness setting when setting delay_off=0" led: core: Clear LED_BLINK_SW flag in led_blink_set() drivers/leds/led-core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.1.4

7 years, 5 months

3
5
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror