This is a note to let you know that I've just added the patch titled
crypto: talitos - fix ctr-aes-talitos
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
crypto-talitos-fix-ctr-aes-talitos.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From 70d355ccea899dad47dc22d3a4406998f55143fd Mon Sep 17 00:00:00 2001
From: LEROY Christophe <christophe.leroy(a)c-s.fr>
Date: Fri, 6 Oct 2017 15:04:43 +0200
Subject: crypto: talitos - fix ctr-aes-talitos
From: LEROY Christophe <christophe.leroy(a)c-s.fr>
commit 70d355ccea899dad47dc22d3a4406998f55143fd upstream.
ctr-aes-talitos test fails as follows on SEC2
[ 0.837427] alg: skcipher: Test 1 failed (invalid result) on encryption for ctr-aes-talitos
[ 0.845763] 00000000: 16 36 d5 ee 34 f8 06 25 d7 7f 8e 56 ca 88 43 45
[ 0.852345] 00000010: f9 3f f7 17 2a b2 12 23 30 43 09 15 82 dd e1 97
[ 0.858940] 00000020: a7 f7 32 b5 eb 25 06 13 9a ec f5 29 25 f8 4d 66
[ 0.865366] 00000030: b0 03 5b 8e aa 9a 42 b6 19 33 8a e2 9d 65 96 95
This patch fixes the descriptor type which is special for CTR AES
Fixes: 5e75ae1b3cef6 ("crypto: talitos - add new crypto modes")
Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr>
Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/crypto/talitos.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -2635,7 +2635,7 @@ static struct talitos_alg_template drive
.ivsize = AES_BLOCK_SIZE,
}
},
- .desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
+ .desc_hdr_template = DESC_HDR_TYPE_AESU_CTR_NONSNOOP |
DESC_HDR_SEL0_AESU |
DESC_HDR_MODE0_AESU_CTR,
},
Patches currently in stable-queue which might be from christophe.leroy(a)c-s.fr are
queue-4.14/crypto-talitos-fix-aead-for-sha224-on-non-sha224-capable-chips.patch
queue-4.14/crypto-talitos-fix-memory-corruption-on-sec2.patch
queue-4.14/crypto-talitos-fix-use-of-sg_link_tbl_len.patch
queue-4.14/crypto-talitos-fix-setkey-to-check-key-weakness.patch
queue-4.14/crypto-talitos-fix-aead-test-failures.patch
queue-4.14/crypto-talitos-fix-ctr-aes-talitos.patch
This is a note to let you know that I've just added the patch titled
crypto: talitos - fix AEAD for sha224 on non sha224 capable chips
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
crypto-talitos-fix-aead-for-sha224-on-non-sha224-capable-chips.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From 6cda075aff67a1b9b5ba1b2818091dc939643b6c Mon Sep 17 00:00:00 2001
From: LEROY Christophe <christophe.leroy(a)c-s.fr>
Date: Fri, 6 Oct 2017 15:04:39 +0200
Subject: crypto: talitos - fix AEAD for sha224 on non sha224 capable chips
From: LEROY Christophe <christophe.leroy(a)c-s.fr>
commit 6cda075aff67a1b9b5ba1b2818091dc939643b6c upstream.
sha224 AEAD test fails with:
[ 2.803125] talitos ff020000.crypto: DEUISR 0x00000000_00000000
[ 2.808743] talitos ff020000.crypto: MDEUISR 0x80100000_00000000
[ 2.814678] talitos ff020000.crypto: DESCBUF 0x20731f21_00000018
[ 2.820616] talitos ff020000.crypto: DESCBUF 0x0628d64c_00000010
[ 2.826554] talitos ff020000.crypto: DESCBUF 0x0631005c_00000018
[ 2.832492] talitos ff020000.crypto: DESCBUF 0x0628d664_00000008
[ 2.838430] talitos ff020000.crypto: DESCBUF 0x061b13a0_00000080
[ 2.844369] talitos ff020000.crypto: DESCBUF 0x0631006c_00000080
[ 2.850307] talitos ff020000.crypto: DESCBUF 0x0631006c_00000018
[ 2.856245] talitos ff020000.crypto: DESCBUF 0x063100ec_00000000
[ 2.884972] talitos ff020000.crypto: failed to reset channel 0
[ 2.890503] talitos ff020000.crypto: done overflow, internal time out, or rngu error: ISR 0x20000000_00020000
[ 2.900652] alg: aead: encryption failed on test 1 for authenc-hmac-sha224-cbc-3des-talitos: ret=22
This is due to SHA224 not being supported by the HW. Allthough for
hash we are able to init the hash context by SW, it is not
possible for AEAD. Therefore SHA224 AEAD has to be deactivated.
Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr>
Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/crypto/talitos.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -3068,6 +3068,11 @@ static struct talitos_crypto_alg *talito
t_alg->algt.alg.aead.setkey = aead_setkey;
t_alg->algt.alg.aead.encrypt = aead_encrypt;
t_alg->algt.alg.aead.decrypt = aead_decrypt;
+ if (!(priv->features & TALITOS_FTR_SHA224_HWINIT) &&
+ !strncmp(alg->cra_name, "authenc(hmac(sha224)", 20)) {
+ kfree(t_alg);
+ return ERR_PTR(-ENOTSUPP);
+ }
break;
case CRYPTO_ALG_TYPE_AHASH:
alg = &t_alg->algt.alg.hash.halg.base;
Patches currently in stable-queue which might be from christophe.leroy(a)c-s.fr are
queue-4.14/crypto-talitos-fix-aead-for-sha224-on-non-sha224-capable-chips.patch
queue-4.14/crypto-talitos-fix-memory-corruption-on-sec2.patch
queue-4.14/crypto-talitos-fix-use-of-sg_link_tbl_len.patch
queue-4.14/crypto-talitos-fix-setkey-to-check-key-weakness.patch
queue-4.14/crypto-talitos-fix-aead-test-failures.patch
queue-4.14/crypto-talitos-fix-ctr-aes-talitos.patch
This is a note to let you know that I've just added the patch titled
ARM: BUG if jumping to usermode address in kernel mode
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
arm-bug-if-jumping-to-usermode-address-in-kernel-mode.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From 8bafae202c82dc257f649ea3c275a0f35ee15113 Mon Sep 17 00:00:00 2001
From: Russell King <rmk+kernel(a)armlinux.org.uk>
Date: Fri, 24 Nov 2017 23:49:34 +0000
Subject: ARM: BUG if jumping to usermode address in kernel mode
From: Russell King <rmk+kernel(a)armlinux.org.uk>
commit 8bafae202c82dc257f649ea3c275a0f35ee15113 upstream.
Detect if we are returning to usermode via the normal kernel exit paths
but the saved PSR value indicates that we are in kernel mode. This
could occur due to corrupted stack state, which has been observed with
"ftracetest".
This ensures that we catch the problem case before we get to user code.
Signed-off-by: Russell King <rmk+kernel(a)armlinux.org.uk>
Cc: Alex Shi <alex.shi(a)linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
arch/arm/include/asm/assembler.h | 18 ++++++++++++++++++
arch/arm/kernel/entry-header.S | 6 ++++++
2 files changed, 24 insertions(+)
--- a/arch/arm/include/asm/assembler.h
+++ b/arch/arm/include/asm/assembler.h
@@ -518,4 +518,22 @@ THUMB( orr \reg , \reg , #PSR_T_BIT )
#endif
.endm
+ .macro bug, msg, line
+#ifdef CONFIG_THUMB2_KERNEL
+1: .inst 0xde02
+#else
+1: .inst 0xe7f001f2
+#endif
+#ifdef CONFIG_DEBUG_BUGVERBOSE
+ .pushsection .rodata.str, "aMS", %progbits, 1
+2: .asciz "\msg"
+ .popsection
+ .pushsection __bug_table, "aw"
+ .align 2
+ .word 1b, 2b
+ .hword \line
+ .popsection
+#endif
+ .endm
+
#endif /* __ASM_ASSEMBLER_H__ */
--- a/arch/arm/kernel/entry-header.S
+++ b/arch/arm/kernel/entry-header.S
@@ -300,6 +300,8 @@
mov r2, sp
ldr r1, [r2, #\offset + S_PSR] @ get calling cpsr
ldr lr, [r2, #\offset + S_PC]! @ get pc
+ tst r1, #0xcf
+ bne 1f
msr spsr_cxsf, r1 @ save in spsr_svc
#if defined(CONFIG_CPU_V6) || defined(CONFIG_CPU_32v6K)
@ We must avoid clrex due to Cortex-A15 erratum #830321
@@ -314,6 +316,7 @@
@ after ldm {}^
add sp, sp, #\offset + PT_REGS_SIZE
movs pc, lr @ return & move spsr_svc into cpsr
+1: bug "Returning to usermode but unexpected PSR bits set?", \@
#elif defined(CONFIG_CPU_V7M)
@ V7M restore.
@ Note that we don't need to do clrex here as clearing the local
@@ -329,6 +332,8 @@
ldr r1, [sp, #\offset + S_PSR] @ get calling cpsr
ldr lr, [sp, #\offset + S_PC] @ get pc
add sp, sp, #\offset + S_SP
+ tst r1, #0xcf
+ bne 1f
msr spsr_cxsf, r1 @ save in spsr_svc
@ We must avoid clrex due to Cortex-A15 erratum #830321
@@ -341,6 +346,7 @@
.endif
add sp, sp, #PT_REGS_SIZE - S_SP
movs pc, lr @ return & move spsr_svc into cpsr
+1: bug "Returning to usermode but unexpected PSR bits set?", \@
#endif /* !CONFIG_THUMB2_KERNEL */
.endm
Patches currently in stable-queue which might be from rmk+kernel(a)armlinux.org.uk are
queue-4.14/arm-avoid-faulting-on-qemu.patch
queue-4.14/arm-bug-if-jumping-to-usermode-address-in-kernel-mode.patch
This is a note to let you know that I've just added the patch titled
ARM: avoid faulting on qemu
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
arm-avoid-faulting-on-qemu.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From 3aaf33bebda8d4ffcc0fc8ef39e6c1ac68823b11 Mon Sep 17 00:00:00 2001
From: Russell King <rmk+kernel(a)armlinux.org.uk>
Date: Mon, 27 Nov 2017 11:22:42 +0000
Subject: ARM: avoid faulting on qemu
From: Russell King <rmk+kernel(a)armlinux.org.uk>
commit 3aaf33bebda8d4ffcc0fc8ef39e6c1ac68823b11 upstream.
When qemu starts a kernel in a bare environment, the default SCR has
the AW and FW bits clear, which means that the kernel can't modify
the PSR A or PSR F bits, and means that FIQs and imprecise aborts are
always masked.
When running uboot under qemu, the AW and FW SCR bits are set, and the
kernel functions normally - and this is how real hardware behaves.
Fix this for qemu by ignoring the FIQ bit.
Fixes: 8bafae202c82 ("ARM: BUG if jumping to usermode address in kernel mode")
Signed-off-by: Russell King <rmk+kernel(a)armlinux.org.uk>
Cc: Alex Shi <alex.shi(a)linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
arch/arm/kernel/entry-header.S | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/arm/kernel/entry-header.S
+++ b/arch/arm/kernel/entry-header.S
@@ -300,7 +300,7 @@
mov r2, sp
ldr r1, [r2, #\offset + S_PSR] @ get calling cpsr
ldr lr, [r2, #\offset + S_PC]! @ get pc
- tst r1, #0xcf
+ tst r1, #PSR_I_BIT | 0x0f
bne 1f
msr spsr_cxsf, r1 @ save in spsr_svc
#if defined(CONFIG_CPU_V6) || defined(CONFIG_CPU_32v6K)
@@ -332,7 +332,7 @@
ldr r1, [sp, #\offset + S_PSR] @ get calling cpsr
ldr lr, [sp, #\offset + S_PC] @ get pc
add sp, sp, #\offset + S_SP
- tst r1, #0xcf
+ tst r1, #PSR_I_BIT | 0x0f
bne 1f
msr spsr_cxsf, r1 @ save in spsr_svc
Patches currently in stable-queue which might be from rmk+kernel(a)armlinux.org.uk are
queue-4.14/arm-avoid-faulting-on-qemu.patch
queue-4.14/arm-bug-if-jumping-to-usermode-address-in-kernel-mode.patch
Hi All,
BUG if we attempt to return to userspace but the to-be-restored PSR
value keeps us in privileged mode (defeating an issue that ftracetest
found).
Fixing patches are following, apply top down on LTS *v4.14/4.9/4.4*
They are tested by lkft and kernelci build/boot, no regression found.
8bafae202c82 ARM: BUG if jumping to usermode address in kernel mode
3aaf33bebda8 ARM: avoid faulting on qemu
Thanks
Alex
commit a3acc696085e112733d191a77b106e67a4fa110b upstream.
The specification says that the Reserved1 field in OS_DESC_EXT_COMPAT
must have the value "1", but when this feature was first implemented we
rejected any non-zero values.
This was adjusted to accept all non-zero values (while now rejecting
zero) in commit 53642399aa71 ("usb: gadget: f_fs: Fix wrong check on
reserved1 of OS_DESC_EXT_COMPAT"), but that breaks any userspace
programs that worked previously by returning EINVAL when Reserved1 == 0
which was previously the only value that succeeded!
If we just set the field to "1" ourselves, both old and new userspace
programs continue to work correctly and, as a bonus, old programs are
now compliant with the specification without having to fix anything
themselves.
Fixes: 53642399aa71 ("usb: gadget: f_fs: Fix wrong check on reserved1 of OS_DESC_EXT_COMPAT")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: John Keeping <john(a)metanate.com>
Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com>
---
drivers/usb/gadget/function/f_fs.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
index 4fce83266926..346a630cebd5 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -2262,9 +2262,18 @@ static int __ffs_data_do_os_desc(enum ffs_os_desc_type type,
int i;
if (len < sizeof(*d) ||
- d->bFirstInterfaceNumber >= ffs->interfaces_count ||
- d->Reserved1)
+ d->bFirstInterfaceNumber >= ffs->interfaces_count)
return -EINVAL;
+ if (d->Reserved1 != 1) {
+ /*
+ * According to the spec, Reserved1 must be set to 1
+ * but older kernels incorrectly rejected non-zero
+ * values. We fix it here to avoid returning EINVAL
+ * in response to values we used to accept.
+ */
+ pr_debug("usb_ext_compat_desc::Reserved1 forced to 1\n");
+ d->Reserved1 = 1;
+ }
for (i = 0; i < ARRAY_SIZE(d->Reserved2); ++i)
if (d->Reserved2[i])
return -EINVAL;
--
2.15.1
This is the start of the stable review cycle for the 4.4.105 release.
There are 49 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat Dec 9 12:46:41 UTC 2017.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.105-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.4.105-rc1
Colin Ian King <colin.king(a)canonical.com>
usb: host: fix incorrect updating of offset
Oliver Neukum <oneukum(a)suse.com>
USB: usbfs: Filter flags passed in from user space
Dan Carpenter <dan.carpenter(a)oracle.com>
USB: devio: Prevent integer overflow in proc_do_submiturb()
Mateusz Berezecki <mateuszb(a)fastmail.fm>
USB: Increase usbfs transfer limit
Masakazu Mokuno <masakazu.mokuno(a)gmail.com>
USB: core: Add type-specific length check of BOS descriptors
John Youn <John.Youn(a)synopsys.com>
usb: ch9: Add size macro for SSP dev cap descriptor
Mathias Nyman <mathias.nyman(a)linux.intel.com>
usb: Add USB 3.1 Precision time measurement capability descriptor support
Yu Chen <chenyu56(a)huawei.com>
usb: xhci: fix panic in xhci_free_virt_devices_depth_first
Mike Looijmans <mike.looijmans(a)topic.nl>
usb: hub: Cycle HUB power when initialization fails
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()"
Rui Sousa <rui.sousa(a)nxp.com>
net: fec: fix multicast filtering hardware setup
Ross Lagerwall <ross.lagerwall(a)citrix.com>
xen-netfront: Improve error handling during initialization
Jan Kara <jack(a)suse.cz>
mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers
Jason Baron <jbaron(a)akamai.com>
tcp: correct memory barrier usage in tcp_check_space()
Iago Abal <mail(a)iagoabal.eu>
dmaengine: pl330: fix double lock
Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan(a)ericsson.com>
tipc: fix cleanup at module unload
Colin Ian King <colin.king(a)canonical.com>
net: sctp: fix array overrun read on sctp_timer_tbl
Andrzej Hajda <a.hajda(a)samsung.com>
drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement
Trond Myklebust <trond.myklebust(a)primarydata.com>
NFSv4: Fix client recovery when server reboots multiple times
Christoffer Dall <christoffer.dall(a)linaro.org>
KVM: arm/arm64: Fix occasional warning from the timer work function
Benjamin Coddington <bcodding(a)redhat.com>
nfs: Don't take a reference on fl->fl_file for LOCK operation
Kazuya Mizuguchi <kazuya.mizuguchi.ks(a)renesas.com>
ravb: Remove Rx overflow log messages
Vlad Tsyrklevich <vlad(a)tsyrklevich.net>
net/appletalk: Fix kernel memory disclosure
David Forster <dforster(a)brocade.com>
vti6: fix device register to report IFLA_INFO_KIND
Peter Ujfalusi <peter.ujfalusi(a)ti.com>
ARM: OMAP1: DMA: Correct the number of logical channels
Florian Fainelli <f.fainelli(a)gmail.com>
net: systemport: Pad packet before inserting TSB
Florian Fainelli <f.fainelli(a)gmail.com>
net: systemport: Utilize skb_put_padto()
Masami Hiramatsu <mhiramat(a)kernel.org>
kprobes/x86: Disable preemption in ftrace-based jprobes
Thomas Richter <tmricht(a)linux.vnet.ibm.com>
perf test attr: Fix ignored test case result
Ben Hutchings <ben(a)decadent.org.uk>
usbip: tools: Install all headers needed for libusbip development
Jibin Xu <jibin.xu(a)windriver.com>
sysrq : fix Show Regs call trace on ARM
Gustavo A. R. Silva <garsilva(a)embeddedor.com>
EDAC, sb_edac: Fix missing break in switch
Dave Hansen <dave.hansen(a)linux.intel.com>
x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
Aaron Sierra <asierra(a)xes-inc.com>
serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
Alexey Khoroshilov <khoroshilov(a)ispras.ru>
usb: phy: tahvo: fix error handling in tahvo_usb_probe()
John Stultz <john.stultz(a)linaro.org>
usb: dwc2: Error out of dwc2_hsotg_ep_disable() if we're in host mode
John Stultz <john.stultz(a)linaro.org>
usb: dwc2: Fix UDC state tracking
Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com>
spi: sh-msiof: Fix DMA transfer size check
Lukas Wunner <lukas(a)wunner.de>
serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
Andy Lutomirski <luto(a)kernel.org>
selftests/x86/ldt_get: Add a few additional tests for limits
Christian Borntraeger <borntraeger(a)de.ibm.com>
s390/pci: do not require AIS facility
Boshi Wang <wangboshi(a)huawei.com>
ima: fix hash algorithm initialization
Sebastian Sjoholm <ssjoholm(a)mac.com>
USB: serial: option: add Quectel BG96 id
Heiko Carstens <heiko.carstens(a)de.ibm.com>
s390/runtime instrumentation: simplify task exit handling
Matt Wilson <msw(a)amazon.com>
serial: 8250_pci: Add Amazon PCI serial device ID
Kai-Heng Feng <kai.heng.feng(a)canonical.com>
usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
Hans de Goede <hdegoede(a)redhat.com>
uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
Rui Hua <huarui.dev(a)gmail.com>
bcache: recover data from backing when data is clean
Coly Li <colyli(a)suse.de>
bcache: only permit to recovery read error when cache device is clean
-------------
Diffstat:
Makefile | 4 +-
arch/arm/mach-omap1/dma.c | 16 +++----
arch/s390/include/asm/pci_insn.h | 2 +-
arch/s390/include/asm/runtime_instr.h | 4 +-
arch/s390/kernel/process.c | 2 +-
arch/s390/kernel/runtime_instr.c | 30 ++++++-------
arch/s390/pci/pci.c | 5 ++-
arch/s390/pci/pci_insn.c | 6 ++-
arch/x86/include/asm/syscalls.h | 2 +-
arch/x86/kernel/kprobes/ftrace.c | 23 ++++++----
arch/x86/kernel/ldt.c | 16 +++++--
arch/x86/um/ldt.c | 7 ++-
drivers/dma/pl330.c | 19 +++-----
drivers/edac/sb_edac.c | 1 +
drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 2 +
drivers/md/bcache/request.c | 9 +++-
drivers/net/appletalk/ipddp.c | 2 +-
drivers/net/ethernet/broadcom/bcmsysport.c | 23 +++++-----
drivers/net/ethernet/freescale/fec_main.c | 23 ++++------
drivers/net/ethernet/renesas/ravb_main.c | 8 +---
drivers/net/xen-netfront.c | 29 +++++-------
drivers/spi/spi-sh-msiof.c | 2 +-
drivers/staging/lustre/lustre/llite/llite_mmap.c | 4 +-
drivers/tty/serial/8250/8250_fintek.c | 2 +-
drivers/tty/serial/8250/8250_pci.c | 3 ++
drivers/tty/serial/8250/8250_port.c | 5 ++-
drivers/tty/sysrq.c | 9 +++-
drivers/usb/core/config.c | 31 +++++++++++--
drivers/usb/core/devio.c | 56 ++++++++++++------------
drivers/usb/core/hub.c | 9 ++++
drivers/usb/core/quirks.c | 3 ++
drivers/usb/dwc2/gadget.c | 7 +++
drivers/usb/host/ehci-dbg.c | 2 +-
drivers/usb/host/xhci-mem.c | 7 +++
drivers/usb/phy/phy-tahvo.c | 3 +-
drivers/usb/serial/option.c | 3 ++
drivers/usb/storage/uas-detect.h | 4 ++
fs/nfs/nfs4proc.c | 3 --
fs/nfs/nfs4state.c | 1 -
fs/ocfs2/file.c | 9 +---
include/linux/buffer_head.h | 4 +-
include/linux/usb.h | 1 +
include/uapi/linux/usb/ch9.h | 19 ++++++++
net/ipv4/tcp_input.c | 2 +-
net/ipv6/ip6_vti.c | 2 +-
net/sctp/debug.c | 2 +-
net/tipc/server.c | 4 +-
security/integrity/ima/ima_main.c | 4 ++
tools/perf/tests/attr.c | 2 +-
tools/testing/selftests/x86/ldt_gdt.c | 17 ++++++-
tools/usb/usbip/Makefile.am | 3 +-
virt/kvm/arm/arch_timer.c | 3 --
52 files changed, 278 insertions(+), 181 deletions(-)
commit 18f77393796848e68909e65d692c1d1436f06e06 upstream.
When fsl-imx25-tsadc is compiled as a module, loading, unloading and
reloading the module will lead to a crash.
Unable to handle kernel paging request at virtual address bf005430
[<c004df6c>] (irq_find_matching_fwspec)
from [<c028d5ec>] (of_irq_get+0x58/0x74)
[<c028d594>] (of_irq_get)
from [<c01ff970>] (platform_get_irq+0x48/0xc8)
[<c01ff928>] (platform_get_irq)
from [<bf00e33c>] (mx25_tsadc_probe+0x220/0x2f4 [fsl_imx25_tsadc])
irq_find_matching_fwspec() loops over all registered irq domains. The
irq domain is still registered from last time the module was loaded but
the pointer to its operations is invalid after the module was unloaded.
Add a removal function which clears the irq handler and removes the irq
domain. With this cleanup in place, it's possible to unload and reload
the module.
Cc: <stable(a)vger.kernel.org> # 4.14.x
Signed-off-by: Martin Kaiser <martin(a)kaiser.cx>
Reviewed-by: Lucas Stach <l.stach(a)pengutronix.de>
Signed-off-by: Lee Jones <lee.jones(a)linaro.org>
---
drivers/mfd/fsl-imx25-tsadc.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/drivers/mfd/fsl-imx25-tsadc.c b/drivers/mfd/fsl-imx25-tsadc.c
index 14189ef..dbb85ca 100644
--- a/drivers/mfd/fsl-imx25-tsadc.c
+++ b/drivers/mfd/fsl-imx25-tsadc.c
@@ -179,6 +179,19 @@ static int mx25_tsadc_probe(struct platform_device *pdev)
return devm_of_platform_populate(dev);
}
+static int mx25_tsadc_remove(struct platform_device *pdev)
+{
+ struct mx25_tsadc *tsadc = platform_get_drvdata(pdev);
+ int irq = platform_get_irq(pdev, 0);
+
+ if (irq) {
+ irq_set_chained_handler_and_data(irq, NULL, NULL);
+ irq_domain_remove(tsadc->domain);
+ }
+
+ return 0;
+}
+
static const struct of_device_id mx25_tsadc_ids[] = {
{ .compatible = "fsl,imx25-tsadc" },
{ /* Sentinel */ }
@@ -191,6 +204,7 @@ static struct platform_driver mx25_tsadc_driver = {
.of_match_table = of_match_ptr(mx25_tsadc_ids),
},
.probe = mx25_tsadc_probe,
+ .remove = mx25_tsadc_remove,
};
module_platform_driver(mx25_tsadc_driver);
--
2.1.4