- Linux-stable-mirror - lists.linaro.org

[PATCH v4] selinux: policydb - fix byte order and alignment issues

by Ondrej Mosnacek

Do the LE conversions before doing the Infiniband-related range checks. The incorrect checks are otherwise causing a failure to load any policy with an ibendportcon rule on BE systems. This can be reproduced by running (on e.g. ppc64): cat >my_module.cil <<EOF (type test_ibendport_t) (roletype object_r test_ibendport_t) (ibendportcon mlx4_0 1 (system_u object_r test_ibendport_t ((s0) (s0)))) EOF semodule -i my_module.cil Also, fix loading/storing the 64-bit subnet prefix for OCON_IBPKEY to use a correctly aligned buffer. Finally, do not use the 'nodebuf' (u32) buffer where 'buf' (__le32) should be used instead. Tested internally on a ppc64 machine with a RHEL 7 kernel with this patch applied. Cc: Daniel Jurgens <danielj(a)mellanox.com> Cc: Eli Cohen <eli(a)mellanox.com> Cc: James Morris <jmorris(a)namei.org> Cc: Doug Ledford <dledford(a)redhat.com> Cc: <stable(a)vger.kernel.org> # 4.13+ Fixes: a806f7a1616f ("selinux: Create policydb version for Infiniband support") Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- security/selinux/ss/policydb.c | 46 +++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 14 deletions(-) Changes in v4: - defer assignment to 16-bit struct fields to after the range check Changes in v3: - use separate buffer for the 64-bit subnet_prefix - add comments on the byte ordering of subnet_prefix - deduplicate the le32_to_cpu() calls from checks Changes in v2: - add reproducer to commit message - update e-mail address of James Morris - better Cc also the old SELinux ML diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index f4eadd3f7350..d50668006a52 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -2108,6 +2108,7 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, { int i, j, rc; u32 nel, len; + __be64 prefixbuf[1]; __le32 buf[3]; struct ocontext *l, *c; u32 nodebuf[8]; @@ -2217,21 +2218,30 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, goto out; break; } - case OCON_IBPKEY: - rc = next_entry(nodebuf, fp, sizeof(u32) * 4); + case OCON_IBPKEY: { + u32 pkey_lo, pkey_hi; + + rc = next_entry(prefixbuf, fp, sizeof(u64)); + if (rc) + goto out; + + /* we need to have subnet_prefix in CPU order */ + c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]); + + rc = next_entry(buf, fp, sizeof(u32) * 2); if (rc) goto out; - c->u.ibpkey.subnet_prefix = be64_to_cpu(*((__be64 *)nodebuf)); + pkey_lo = le32_to_cpu(buf[0]); + pkey_hi = le32_to_cpu(buf[1]); - if (nodebuf[2] > 0xffff || - nodebuf[3] > 0xffff) { + if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) { rc = -EINVAL; goto out; } - c->u.ibpkey.low_pkey = le32_to_cpu(nodebuf[2]); - c->u.ibpkey.high_pkey = le32_to_cpu(nodebuf[3]); + c->u.ibpkey.low_pkey = pkey_lo; + c->u.ibpkey.high_pkey = pkey_hi; rc = context_read_and_validate(&c->context[0], p, @@ -2239,6 +2249,7 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, if (rc) goto out; break; + } case OCON_IBENDPORT: rc = next_entry(buf, fp, sizeof(u32) * 2); if (rc) @@ -2249,13 +2260,14 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, if (rc) goto out; - if (buf[1] > 0xff || buf[1] == 0) { + c->u.ibendport.port = le32_to_cpu(buf[1]); + + if (c->u.ibendport.port > 0xff || + c->u.ibendport.port == 0) { rc = -EINVAL; goto out; } - c->u.ibendport.port = le32_to_cpu(buf[1]); - rc = context_read_and_validate(&c->context[0], p, fp); @@ -3105,6 +3117,7 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, { unsigned int i, j, rc; size_t nel, len; + __be64 prefixbuf[1]; __le32 buf[3]; u32 nodebuf[8]; struct ocontext *c; @@ -3192,12 +3205,17 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, return rc; break; case OCON_IBPKEY: - *((__be64 *)nodebuf) = cpu_to_be64(c->u.ibpkey.subnet_prefix); + /* subnet_prefix is in CPU order */ + prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix); - nodebuf[2] = cpu_to_le32(c->u.ibpkey.low_pkey); - nodebuf[3] = cpu_to_le32(c->u.ibpkey.high_pkey); + rc = put_entry(prefixbuf, sizeof(u64), 1, fp); + if (rc) + return rc; - rc = put_entry(nodebuf, sizeof(u32), 4, fp); + buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); + buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); + + rc = put_entry(buf, sizeof(u32), 2, fp); if (rc) return rc; rc = context_write(p, &c->context[0], fp); -- 2.17.2

6 years, 8 months

3
5
0 0

[PATCH] PCI / PM: Allow runtime PM without callback functions

by Jarkko Nikula

Allow PCI core to do runtime PM to devices without needing to use dummy runtime PM callback functions if there is no need to do anything device specific beyond PCI device power state management. Implement this by letting core to change device power state during runtime PM transitions even if no callback functions are defined. Fixes: a9c8088c7988 ("i2c: i801: Don't restore config registers on runtime PM") Reported-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Jarkko Nikula <jarkko.nikula(a)linux.intel.com> --- This is related to my i2c-i801.c fix thread back in June which I completely forgot till now: https://lkml.org/lkml/2018/6/27/642 Discussion back then was that it should be handled in the PCI PM instead of having dummy functions in the drivers. I wanted to respin with a patch. --- drivers/pci/pci-driver.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index bef17c3fca67..6185b878ede1 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -1239,7 +1239,7 @@ static int pci_pm_runtime_suspend(struct device *dev) struct pci_dev *pci_dev = to_pci_dev(dev); const struct dev_pm_ops *pm = dev->driver ? dev->driver->pm : NULL; pci_power_t prev = pci_dev->current_state; - int error; + int error = 0; /* * If pci_dev->driver is not set (unbound), we leave the device in D0, @@ -1251,11 +1251,9 @@ static int pci_pm_runtime_suspend(struct device *dev) return 0; } - if (!pm || !pm->runtime_suspend) - return -ENOSYS; - pci_dev->state_saved = false; - error = pm->runtime_suspend(dev); + if (pm && pm->runtime_suspend) + error = pm->runtime_suspend(dev); if (error) { /* * -EBUSY and -EAGAIN is used to request the runtime PM core @@ -1292,7 +1290,7 @@ static int pci_pm_runtime_suspend(struct device *dev) static int pci_pm_runtime_resume(struct device *dev) { - int rc; + int rc = 0; struct pci_dev *pci_dev = to_pci_dev(dev); const struct dev_pm_ops *pm = dev->driver ? dev->driver->pm : NULL; @@ -1306,14 +1304,12 @@ static int pci_pm_runtime_resume(struct device *dev) if (!pci_dev->driver) return 0; - if (!pm || !pm->runtime_resume) - return -ENOSYS; - pci_fixup_device(pci_fixup_resume_early, pci_dev); pci_enable_wake(pci_dev, PCI_D0, false); pci_fixup_device(pci_fixup_resume, pci_dev); - rc = pm->runtime_resume(dev); + if (pm && pm->runtime_resume) + rc = pm->runtime_resume(dev); pci_dev->runtime_d3cold = false; -- 2.19.1

6 years, 8 months

4
7
0 0

[tip:perf/core] kprobes/x86: Use preempt_enable() in optimized_callback()

by tip-bot for Masami Hiramatsu

Commit-ID: 2e62024c265aa69315ed02835623740030435380 Gitweb: https://git.kernel.org/tip/2e62024c265aa69315ed02835623740030435380 Author: Masami Hiramatsu <mhiramat(a)kernel.org> AuthorDate: Sat, 20 Oct 2018 18:47:53 +0900 Committer: Ingo Molnar <mingo(a)kernel.org> CommitDate: Mon, 22 Oct 2018 03:31:01 +0200 kprobes/x86: Use preempt_enable() in optimized_callback() The following commit: a19b2e3d7839 ("kprobes/x86: Remove IRQ disabling from ftrace-based/optimized kprobes”) removed local_irq_save/restore() from optimized_callback(), the handler might be interrupted by the rescheduling interrupt and might be rescheduled - so we must not use the preempt_enable_no_resched() macro. Use preempt_enable() instead, to not lose preemption events. [ mingo: Improved the changelog. ] Reported-by: Nadav Amit <namit(a)vmware.com> Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Acked-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: <stable(a)vger.kernel.org> Cc: Alexei Starovoitov <alexei.starovoitov(a)gmail.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: dwmw(a)amazon.co.uk Fixes: a19b2e3d7839 ("kprobes/x86: Remove IRQ disabling from ftrace-based/optimized kprobes”) Link: http://lkml.kernel.org/r/154002887331.7627.10194920925792947001.stgit@devbox Signed-off-by: Ingo Molnar <mingo(a)kernel.org> --- arch/x86/kernel/kprobes/opt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/kprobes/opt.c b/arch/x86/kernel/kprobes/opt.c index eaf02f2e7300..40b16b270656 100644 --- a/arch/x86/kernel/kprobes/opt.c +++ b/arch/x86/kernel/kprobes/opt.c @@ -179,7 +179,7 @@ optimized_callback(struct optimized_kprobe *op, struct pt_regs *regs) opt_pre_handler(&op->kp, regs); __this_cpu_write(current_kprobe, NULL); } - preempt_enable_no_resched(); + preempt_enable(); } NOKPROBE_SYMBOL(optimized_callback);

6 years, 8 months

1
0
0 0

[PATCH v2] f2fs: fix to account IO correctly

by Chao Yu

Below race can cause reversed reference on dirty count, fix it by relocating __submit_bio() and inc_page_count(). Thread A Thread B - f2fs_inplace_write_data - f2fs_submit_page_bio - __submit_bio - f2fs_write_end_io - dec_page_count - inc_page_count Cc: <stable(a)vger.kernel.org> Fixes: d1b3e72d5490 ("f2fs: submit bio of in-place-update pages") Signed-off-by: Chao Yu <yuchao0(a)huawei.com> --- v2: - split into two parts, fix previous bug in this part, merge another part into other related patch. fs/f2fs/data.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 9ef6f1f01eda..83b1983094bd 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -462,10 +462,10 @@ int f2fs_submit_page_bio(struct f2fs_io_info *fio) } bio_set_op_attrs(bio, fio->op, fio->op_flags); - __submit_bio(fio->sbi, bio, fio->type); - if (!is_read_io(fio->op)) inc_page_count(fio->sbi, WB_DATA_TYPE(fio->page)); + + __submit_bio(fio->sbi, bio, fio->type); return 0; } -- 2.18.0.rc1

6 years, 8 months

1
0
0 0

[PATCH 2/2] selftests/ftrace: Fix synthetic event test to delete event correctly

by Masami Hiramatsu

Fix the synthetic event test case to remove event correctly. If redirecting command to synthetic_event file without append mode, it cleans up all existing events and execute (parse) the command. This means "delete event" always fails to find the target event. Since previous synthetic event has a bug which doesn't return -ENOENT even if it fails to find the deleting event, this test passed. But fixing that bug, this test fails because this test itself has a bug. This fixes that bug by trying to delete event right after adding an event, and use append mode redirection ('>>') instead of normal redirection ('>'). Fixes: f06eec4d0f2c ('selftests: ftrace: Add inter-event hist triggers testcases') Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: stable(a)vger.kernel.org Cc: Rajvi Jingar <rajvi.jingar(a)intel.com> Cc: Tom Zanussi <tom.zanussi(a)linux.intel.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- .../trigger-synthetic-event-createremove.tc | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-synthetic-event-createremove.tc b/tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-synthetic-event-createremove.tc index cef11377dcbd..c604438df13b 100644 --- a/tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-synthetic-event-createremove.tc +++ b/tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-synthetic-event-createremove.tc @@ -35,18 +35,18 @@ fi reset_trigger -echo "Test create synthetic event with an error" -echo 'wakeup_latency u64 lat pid_t pid char' > synthetic_events > /dev/null +echo "Test remove synthetic event" +echo '!wakeup_latency u64 lat pid_t pid char comm[16]' >> synthetic_events if [ -d events/synthetic/wakeup_latency ]; then - fail "Created wakeup_latency synthetic event with an invalid format" + fail "Failed to delete wakeup_latency synthetic event" fi reset_trigger -echo "Test remove synthetic event" -echo '!wakeup_latency u64 lat pid_t pid char comm[16]' > synthetic_events +echo "Test create synthetic event with an error" +echo 'wakeup_latency u64 lat pid_t pid char' > synthetic_events > /dev/null if [ -d events/synthetic/wakeup_latency ]; then - fail "Failed to delete wakeup_latency synthetic event" + fail "Created wakeup_latency synthetic event with an invalid format" fi do_reset

6 years, 8 months

1
0
0 0

[PATCH 1/2] tracing: Return -ENOENT if there is no target synthetic event

by Masami Hiramatsu

Return -ENOENT error if there is no target synthetic event. This notices an operation failure to user as below; # echo 'wakeup_latency u64 lat; pid_t pid;' > synthetic_events # echo '!wakeup' >> synthetic_events sh: write error: No such file or directory Fixes: 4b147936fa50 ('tracing: Add support for 'synthetic' events') Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: stable(a)vger.kernel.org Cc: Tom Zanussi <tom.zanussi(a)linux.intel.com> Cc: Steven Rostedt <rostedt(a)goodmis.org> --- kernel/trace/trace_events_hist.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index d239004aaf29..eb908ef2ecec 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -1063,8 +1063,10 @@ static int create_synth_event(int argc, char **argv) event = NULL; ret = -EEXIST; goto out; - } else if (delete_event) + } else if (delete_event) { + ret = -ENOENT; goto out; + } if (argc < 2) { ret = -EINVAL;

6 years, 8 months

1
0
0 0

4.14: Regression on ppc32 (early crash)

by Christoph Biedl

Hello, on both my ppc32 systems I've tested (G4 PowerMac and G4 Mac-mini), I see a regression after upgrading from 4.14.74 to 4.14.76: Very soon after starting the kernel from yaboot, they drop me into a OF prompt, message is "invalid memory access at" on the mini, and another one I forgot on the PowerMac. FWIW, the ppc64 G5 PowerMac does fine. Before I start bisecting - might take a few days -, is this already on radar? Christoph

6 years, 8 months

2
2
0 0

Re: [PATCH] [fs] exportfs/expfs.c Validate the dentry in exportfs_decode_fh function

by Amir Goldstein

On Sun, Oct 21, 2018 at 10:26 AM Monthero <rhmcruiser(a)gmail.com> wrote: > > Hi Amir thanks for the pointer. > I will get in touch with maintainer of 3.16 > Yes it covers Neil's commit and apart from that it would need this replacement for dentry check in 3.16 > > > - if (S_ISDIR(result->d_inode->i_mode)) { > > + if (d_is_dir(result)) { > Fine, but Why? How is dereferencing dentry->d_flags any better than dereferencing->d_inode when dentry has an invalid value? Thanks, Amir.

6 years, 8 months

1
0
0 0

[PATCH 3/5] Drivers: hv: kvp: Fix the recent regression caused by incorrect clean-up

by kys＠linuxonhyperv.com

From: Dexuan Cui <decui(a)microsoft.com> In kvp_send_key(), we do need call process_ib_ipinfo() if message->kvp_hdr.operation is KVP_OP_GET_IP_INFO, because it turns out the userland hv_kvp_daemon needs the info of operation, adapter_id and addr_family. With the incorrect fc62c3b1977d, the host can't get the VM's IP via KVP. And, fc62c3b1977d added a "break;", but actually forgot to initialize the key_size/value in the case of KVP_OP_SET, so the default key_size of 0 is passed to the kvp daemon, and the pool files /var/lib/hyperv/.kvp_pool_* can't be updated. This patch effectively rolls back the previous fc62c3b1977d, and correctly fixes the "this statement may fall through" warnings. This patch is tested on WS 2012 R2 and 2016. Fixes: fc62c3b1977d ("Drivers: hv: kvp: Fix two "this statement may fall through" warnings") Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> --- drivers/hv/hv_kvp.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index a7513a8a8e37..9fbb15c62c6c 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -353,6 +353,9 @@ static void process_ib_ipinfo(void *in_msg, void *out_msg, int op) out->body.kvp_ip_val.dhcp_enabled = in->kvp_ip_val.dhcp_enabled; + __attribute__ ((fallthrough)); + + case KVP_OP_GET_IP_INFO: utf16s_to_utf8s((wchar_t *)in->kvp_ip_val.adapter_id, MAX_ADAPTER_ID_SIZE, UTF16_LITTLE_ENDIAN, @@ -405,7 +408,11 @@ kvp_send_key(struct work_struct *dummy) process_ib_ipinfo(in_msg, message, KVP_OP_SET_IP_INFO); break; case KVP_OP_GET_IP_INFO: - /* We only need to pass on message->kvp_hdr.operation. */ + /* + * We only need to pass on the info of operation, adapter_id + * and addr_family to the userland kvp daemon. + */ + process_ib_ipinfo(in_msg, message, KVP_OP_GET_IP_INFO); break; case KVP_OP_SET: switch (in_msg->body.kvp_set.data.value_type) { @@ -446,9 +453,9 @@ kvp_send_key(struct work_struct *dummy) } - break; - - case KVP_OP_GET: + /* + * The key is always a string - utf16 encoding. + */ message->body.kvp_set.data.key_size = utf16s_to_utf8s( (wchar_t *)in_msg->body.kvp_set.data.key, @@ -456,6 +463,17 @@ kvp_send_key(struct work_struct *dummy) UTF16_LITTLE_ENDIAN, message->body.kvp_set.data.key, HV_KVP_EXCHANGE_MAX_KEY_SIZE - 1) + 1; + + break; + + case KVP_OP_GET: + message->body.kvp_get.data.key_size = + utf16s_to_utf8s( + (wchar_t *)in_msg->body.kvp_get.data.key, + in_msg->body.kvp_get.data.key_size, + UTF16_LITTLE_ENDIAN, + message->body.kvp_get.data.key, + HV_KVP_EXCHANGE_MAX_KEY_SIZE - 1) + 1; break; case KVP_OP_DELETE: -- 2.18.0

6 years, 8 months

7
9
0 0

[PATCH v2] x86/microcode: Handle negative microcode revisions

by Andi Kleen

From: Andi Kleen <ak(a)linux.intel.com> The Intel microcode revision space is unsigned. Inside Intel there are special microcodes that have the highest bit set, and they are considered to have a higher revision than any microcodes that don't have this bit set. The function comparing the microcode revision in the Linux driver compares u32 with int, which ends up being signed extended to long on 64bit systems. This results in these highest bit set microcode revision not loading because their revision appears negative and smaller than the existing microcode. Change the comparison to unsigned. With that the loading works as expected. Cc: stable(a)vger.kernel.org # Any supported stable Signed-off-by: Andi Kleen <ak(a)linux.intel.com> -- v2: White space changes. --- arch/x86/kernel/cpu/microcode/intel.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c index 16936a24795c..e54d402500d3 100644 --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -93,7 +93,8 @@ static int find_matching_signature(void *mc, unsigned int csig, int cpf) /* * Returns 1 if update has been found, 0 otherwise. */ -static int has_newer_microcode(void *mc, unsigned int csig, int cpf, int new_rev) +static int has_newer_microcode(void *mc, unsigned int csig, int cpf, + unsigned new_rev) { struct microcode_header_intel *mc_hdr = mc; -- 2.17.1

6 years, 8 months

1
0
0 0

Solutions

by Linda

We are one image studio who is able to process 300+ photos a day. If you need any image editing, please let us know. We can do it for you such as: Image cut out for photos and clipping path, masking for your photos, They are mostly used for ecommerce photos, jewelry photos retouching, beauty and skin images and wedding photos. We do also different kind of beauty retouching, portraits retouching. We can send editing for your photos if you send us one or two photos. Thanks, Linda

6 years, 8 months

1
0
0 0

Linux 4.18.16

by Greg KH

I'm announcing the release of the 4.18.16 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/Makefile | 24 ------ arch/powerpc/kernel/tm.S | 20 ++++- arch/powerpc/mm/numa.c | 4 - arch/riscv/include/asm/asm-prototypes.h | 7 + arch/x86/boot/compressed/mem_encrypt.S | 19 ---- drivers/clocksource/timer-fttmr010.c | 18 ++-- drivers/clocksource/timer-ti-32k.c | 3 drivers/gpu/drm/arm/malidp_drv.c | 1 drivers/hwtracing/intel_th/pci.c | 5 + drivers/infiniband/core/uverbs_cmd.c | 68 +++++++++++------ drivers/infiniband/hw/bnxt_re/main.c | 93 +++++++++-------------- drivers/input/keyboard/atakbd.c | 74 +++++++----------- drivers/iommu/amd_iommu.c | 6 + drivers/iommu/rockchip-iommu.c | 6 + drivers/media/usb/dvb-usb-v2/af9035.c | 6 + drivers/net/ethernet/chelsio/cxgb4/t4_msg.h | 1 drivers/net/ethernet/ibm/emac/core.c | 15 ++- drivers/net/ethernet/mellanox/mlx4/eq.c | 3 drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 9 ++ drivers/net/ethernet/qlogic/qed/qed_dcbx.h | 1 drivers/net/ethernet/qlogic/qed/qed_dev.c | 15 +++ drivers/net/ethernet/qlogic/qed/qed_hsi.h | 4 + drivers/net/ethernet/renesas/ravb.h | 5 + drivers/net/ethernet/renesas/ravb_main.c | 11 +- drivers/net/ethernet/renesas/ravb_ptp.c | 2 drivers/pci/controller/dwc/pcie-designware.c | 8 +- drivers/pci/controller/dwc/pcie-designware.h | 3 drivers/pinctrl/pinctrl-amd.c | 33 +++++--- drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 5 - drivers/scsi/ipr.c | 106 +++++++++++++++------------ drivers/scsi/ipr.h | 1 drivers/scsi/lpfc/lpfc_attr.c | 15 ++- drivers/scsi/lpfc/lpfc_debugfs.c | 10 +- drivers/scsi/lpfc/lpfc_nvme.c | 11 ++ drivers/scsi/sd.c | 3 drivers/soundwire/stream.c | 23 ++++- drivers/spi/spi-gpio.c | 4 - fs/namespace.c | 7 - include/linux/huge_mm.h | 2 kernel/bpf/sockmap.c | 91 ++++++++++++++++++----- mm/huge_memory.c | 10 +- mm/mremap.c | 30 +++---- net/batman-adv/bat_v_elp.c | 10 +- net/batman-adv/bridge_loop_avoidance.c | 10 ++ net/batman-adv/gateway_client.c | 11 ++ net/batman-adv/network-coding.c | 27 +++--- net/batman-adv/soft-interface.c | 25 ++++-- net/batman-adv/sysfs.c | 30 +++++-- net/batman-adv/translation-table.c | 6 + net/batman-adv/tvlv.c | 8 +- net/smc/af_smc.c | 7 + net/smc/smc_clc.c | 14 +-- tools/testing/selftests/bpf/test_maps.c | 10 +- tools/testing/selftests/net/pmtu.sh | 4 - 55 files changed, 562 insertions(+), 384 deletions(-) Alexander Shishkin (1): intel_th: pci: Add Ice Lake PCH support Alexandru Gheorghe (1): drm: mali-dp: Call drm_crtc_vblank_reset on device init Alexey Brodkin (2): ARC: build: Get rid of toolchain check ARC: build: Don't set CROSS_COMPILE in arch's Makefile Andreas Schwab (1): Input: atakbd - fix Atari keymap Arindam Nath (1): iommu/amd: Return devid as alias for ACPI HID devices Christian Lamparter (1): net: emac: fix fixed-link setup for the RTL8363SB switch Daniel Kurtz (1): pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type Greg Kroah-Hartman (2): Revert "vfs: fix freeze protection in mnt_want_write_file() for overlayfs" Linux 4.18.16 Heiko Stuebner (1): iommu/rockchip: Free irqs in shutdown handler James Cowgill (1): RISC-V: include linux/ftrace.h in asm-prototypes.h James Smart (1): scsi: lpfc: Synchronize access to remoteport via rport Jisheng Zhang (1): PCI: dwc: Fix scheduling while atomic issues Johannes Thumshirn (1): scsi: sd: don't crash the host on invalid commands John Fastabend (3): bpf: sockmap only allow ESTABLISHED sock state bpf: sockmap, fix transition through disconnect without close bpf: test_maps, only support ESTABLISHED socks Jozef Balga (1): media: af9035: prevent buffer overflow on write Kairui Song (1): x86/boot: Fix kexec booting failure in the SEV bit detection code Kazuya Mizuguchi (1): ravb: do not write 1 to reserved bits Keerthy (1): clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs Laura Abbott (2): scsi: ibmvscsis: Fix a stringop-overflow warning scsi: ibmvscsis: Ensure partition name is properly NUL terminated Linus Torvalds (1): mremap: properly flush TLB before releasing the page Linus Walleij (1): spi: gpio: Fix copy-and-paste error Majd Dibbiny (1): RDMA/uverbs: Fix validity check for modify QP Marek Lindner (2): batman-adv: fix backbone_gw refcount on queue_work() failure batman-adv: fix hardif_neigh refcount on queue_work() failure Michael Neuling (2): powerpc/tm: Fix userspace r13 corruption powerpc/tm: Avoid possible userspace r1 corruption on reclaim Michael Schmitz (1): Input: atakbd - fix Atari CapsLock behaviour Nathan Chancellor (1): net/mlx4: Use cpumask_available for eq->affinity_mask Sabrina Dubroca (1): selftests: pmtu: properly redirect stderr to /dev/null Sanyog Kale (1): soundwire: Fix acquiring bus lock twice during master release Selvin Xavier (1): RDMA/bnxt_re: Fix system crash during RDMA resource initialization Shreyas NC (2): soundwire: Fix duplicate stream state assignment soundwire: Fix incorrect exit after configuring stream Srikar Dronamraju (1): powerpc/numa: Use associativity if VPHN hcall is successful Steve Wise (1): cxgb4: fix abort_req_rss6 struct Sudarsana Reddy Kalluru (2): qed: Fix populating the invalid stag value in multi function mode. qed: Do not add VLAN 0 tag to untagged frames in multi-function mode. Sven Eckelmann (8): batman-adv: Avoid probe ELP information leak batman-adv: Fix segfault when writing to throughput_override batman-adv: Fix segfault when writing to sysfs elp_interval batman-adv: Prevent duplicated gateway_node entry batman-adv: Prevent duplicated nc_node entry batman-adv: Prevent duplicated softif_vlan entry batman-adv: Prevent duplicated global TT entry batman-adv: Prevent duplicated tvlv handler Tao Ren (1): clocksource/drivers/fttmr010: Fix set_next_event handler Ursula Braun (1): net/smc: fix non-blocking connect problem Wen Xiong (1): scsi: ipr: System hung while dlpar adding primary ipr adapter back YueHaibing (1): net/smc: fix sizeof to int comparison

6 years, 8 months

1
1
0 0

Linux 4.14.78

by Greg KH

I'm announcing the release of the 4.14.78 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/Makefile | 24 ----- arch/powerpc/include/asm/code-patching.h | 1 arch/powerpc/kernel/tm.S | 20 +++- arch/powerpc/lib/code-patching.c | 4 arch/powerpc/lib/feature-fixups.c | 8 - drivers/clocksource/timer-fttmr010.c | 18 ++-- drivers/clocksource/timer-ti-32k.c | 3 drivers/gpu/drm/arm/malidp_drv.c | 1 drivers/gpu/drm/i915/i915_drv.c | 10 -- drivers/gpu/drm/i915/i915_drv.h | 9 -- drivers/gpu/drm/i915/intel_ddi.c | 13 ++ drivers/gpu/drm/i915/intel_display.c | 21 ++++ drivers/gpu/drm/i915/intel_drv.h | 3 drivers/gpu/drm/i915/intel_lvds.c | 136 ------------------------------- drivers/hid/hid-core.c | 3 drivers/hwtracing/intel_th/pci.c | 5 + drivers/i2c/busses/i2c-rcar.c | 54 +++++++++++- drivers/infiniband/hw/hfi1/chip.c | 7 + drivers/infiniband/hw/hfi1/pio.c | 42 +++++++-- drivers/infiniband/hw/hfi1/pio.h | 2 drivers/input/keyboard/atakbd.c | 74 ++++++---------- drivers/iommu/amd_iommu.c | 6 + drivers/media/usb/dvb-usb-v2/af9035.c | 6 - drivers/net/ethernet/ibm/emac/core.c | 15 ++- drivers/net/ethernet/mellanox/mlx4/eq.c | 3 drivers/net/ethernet/renesas/ravb.h | 5 + drivers/net/ethernet/renesas/ravb_main.c | 11 +- drivers/net/ethernet/renesas/ravb_ptp.c | 2 drivers/pci/dwc/pcie-designware.c | 8 - drivers/pci/dwc/pcie-designware.h | 3 drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 5 - drivers/scsi/ipr.c | 106 +++++++++++++----------- drivers/scsi/ipr.h | 1 drivers/scsi/sd.c | 3 drivers/staging/ccree/ssi_buffer_mgr.c | 3 fs/namespace.c | 7 - include/linux/huge_mm.h | 2 kernel/memremap.c | 18 +++- mm/huge_memory.c | 10 -- mm/mremap.c | 30 ++---- net/batman-adv/bat_v_elp.c | 10 +- net/batman-adv/bridge_loop_avoidance.c | 10 +- net/batman-adv/gateway_client.c | 11 ++ net/batman-adv/network-coding.c | 27 +++--- net/batman-adv/soft-interface.c | 25 ++++- net/batman-adv/sysfs.c | 30 ++++-- net/batman-adv/translation-table.c | 6 - net/batman-adv/tvlv.c | 8 + 49 files changed, 437 insertions(+), 394 deletions(-) Alexander Shishkin (1): intel_th: pci: Add Ice Lake PCH support Alexandru Gheorghe (1): drm: mali-dp: Call drm_crtc_vblank_reset on device init Alexey Brodkin (2): ARC: build: Get rid of toolchain check ARC: build: Don't set CROSS_COMPILE in arch's Makefile Andreas Schwab (1): Input: atakbd - fix Atari keymap Arindam Nath (1): iommu/amd: Return devid as alias for ACPI HID devices Christian Lamparter (1): net: emac: fix fixed-link setup for the RTL8363SB switch Christophe Leroy (1): powerpc/lib/feature-fixups: use raw_patch_instruction() Clint Taylor (1): drm/i915/glk: Add Quirk for GLK NUC HDMI port issues. Dave Jiang (1): mm: disallow mappings that conflict for devm_memremap_pages() Gilad Ben-Yossef (1): staging: ccree: check DMA pool buf !NULL before free Greg Kroah-Hartman (2): Revert "vfs: fix freeze protection in mnt_want_write_file() for overlayfs" Linux 4.14.78 Jisheng Zhang (1): PCI: dwc: Fix scheduling while atomic issues Johannes Thumshirn (1): scsi: sd: don't crash the host on invalid commands Jozef Balga (1): media: af9035: prevent buffer overflow on write Kazuya Mizuguchi (1): ravb: do not write 1 to reserved bits Keerthy (1): clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs Laura Abbott (2): scsi: ibmvscsis: Fix a stringop-overflow warning scsi: ibmvscsis: Ensure partition name is properly NUL terminated Linus Torvalds (1): mremap: properly flush TLB before releasing the page Marek Lindner (2): batman-adv: fix backbone_gw refcount on queue_work() failure batman-adv: fix hardif_neigh refcount on queue_work() failure Michael J. Ruhl (1): IB/hfi1: Fix destroy_qp hang after a link down Michael Neuling (2): powerpc/tm: Fix userspace r13 corruption powerpc/tm: Avoid possible userspace r1 corruption on reclaim Michael Schmitz (1): Input: atakbd - fix Atari CapsLock behaviour Natanael Copa (1): HID: quirks: fix support for Apple Magic Keyboards Nathan Chancellor (1): net/mlx4: Use cpumask_available for eq->affinity_mask Sven Eckelmann (8): batman-adv: Avoid probe ELP information leak batman-adv: Fix segfault when writing to throughput_override batman-adv: Fix segfault when writing to sysfs elp_interval batman-adv: Prevent duplicated gateway_node entry batman-adv: Prevent duplicated nc_node entry batman-adv: Prevent duplicated softif_vlan entry batman-adv: Prevent duplicated global TT entry batman-adv: Prevent duplicated tvlv handler Tao Ren (1): clocksource/drivers/fttmr010: Fix set_next_event handler Ville Syrjälä (1): drm/i915: Nuke the LVDS lid notifier Wen Xiong (1): scsi: ipr: System hung while dlpar adding primary ipr adapter back Wolfram Sang (1): i2c: rcar: handle RXDMA HW behaviour on Gen3

6 years, 8 months

1
1
0 0

Linux 4.9.135

by Greg KH

I'm announcing the release of the 4.9.135 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/Makefile | 24 --------- arch/powerpc/kernel/tm.S | 20 +++++++- arch/s390/appldata/appldata_os.c | 16 +++--- arch/x86/include/asm/pgtable_types.h | 2 drivers/clocksource/timer-ti-32k.c | 3 + drivers/cpufreq/cpufreq.c | 6 +- drivers/cpufreq/cpufreq_governor.c | 2 drivers/cpufreq/cpufreq_stats.c | 1 drivers/gpu/drm/arm/malidp_drv.c | 1 drivers/hid/hid-core.c | 3 + drivers/hv/hv_kvp.c | 13 +++-- drivers/input/keyboard/atakbd.c | 74 +++++++++++------------------- drivers/iommu/amd_iommu.c | 6 ++ drivers/macintosh/rack-meter.c | 28 +++++------ drivers/media/usb/dvb-usb-v2/af9035.c | 6 +- drivers/net/ethernet/mellanox/mlx4/eq.c | 3 - drivers/net/ethernet/renesas/ravb.h | 5 ++ drivers/net/ethernet/renesas/ravb_main.c | 11 ++-- drivers/net/ethernet/renesas/ravb_ptp.c | 2 drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 5 -- drivers/scsi/sd.c | 3 - drivers/usb/gadget/function/u_serial.c | 2 fs/ext4/ext4.h | 3 - fs/ext4/inline.c | 38 --------------- fs/ext4/xattr.c | 18 ------- fs/proc/stat.c | 68 ++++++++++++++-------------- fs/proc/uptime.c | 7 -- include/linux/huge_mm.h | 2 kernel/sched/cpuacct.c | 2 kernel/sched/cputime.c | 75 +++++++++++++------------------ kernel/sched/sched.h | 12 +++- mm/huge_memory.c | 10 +--- mm/mremap.c | 30 +++++------- net/batman-adv/bat_v_elp.c | 8 ++- net/batman-adv/bridge_loop_avoidance.c | 10 +++- net/batman-adv/network-coding.c | 27 ++++++----- net/batman-adv/soft-interface.c | 25 +++++++--- net/batman-adv/sysfs.c | 30 ++++++++---- net/batman-adv/translation-table.c | 6 +- net/batman-adv/tvlv.c | 8 ++- net/netfilter/nf_nat_core.c | 2 42 files changed, 295 insertions(+), 324 deletions(-) Alexandru Gheorghe (1): drm: mali-dp: Call drm_crtc_vblank_reset on device init Alexey Brodkin (2): ARC: build: Get rid of toolchain check ARC: build: Don't set CROSS_COMPILE in arch's Makefile Andreas Schwab (1): Input: atakbd - fix Atari keymap Arindam Nath (1): iommu/amd: Return devid as alias for ACPI HID devices Frederic Weisbecker (4): sched/cputime: Convert kcpustat to nsecs macintosh/rack-meter: Convert cputime64_t use to u64 sched/cputime: Increment kcpustat directly on irqtime account sched/cputime: Fix ksoftirqd cputime accounting regression Greg Kroah-Hartman (1): Linux 4.9.135 Jan Kara (1): mm: Preserve _PAGE_DEVMAP across mprotect() calls Johannes Thumshirn (1): scsi: sd: don't crash the host on invalid commands Jozef Balga (1): media: af9035: prevent buffer overflow on write Kazuya Mizuguchi (1): ravb: do not write 1 to reserved bits Keerthy (1): clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs Laura Abbott (2): scsi: ibmvscsis: Fix a stringop-overflow warning scsi: ibmvscsis: Ensure partition name is properly NUL terminated Linus Torvalds (1): mremap: properly flush TLB before releasing the page Long Li (1): HV: properly delay KVP packets when negotiation is in progress Marek Lindner (2): batman-adv: fix backbone_gw refcount on queue_work() failure batman-adv: fix hardif_neigh refcount on queue_work() failure Michael Neuling (2): powerpc/tm: Fix userspace r13 corruption powerpc/tm: Avoid possible userspace r1 corruption on reclaim Michael Schmitz (1): Input: atakbd - fix Atari CapsLock behaviour Natanael Copa (1): HID: quirks: fix support for Apple Magic Keyboards Nathan Chancellor (1): net/mlx4: Use cpumask_available for eq->affinity_mask Stephen Warren (1): usb: gadget: serial: fix oops when data rx'd after close Sven Eckelmann (6): batman-adv: Fix segfault when writing to throughput_override batman-adv: Fix segfault when writing to sysfs elp_interval batman-adv: Prevent duplicated nc_node entry batman-adv: Prevent duplicated softif_vlan entry batman-adv: Prevent duplicated global TT entry batman-adv: Prevent duplicated tvlv handler Theodore Ts'o (1): ext4: avoid running out of journal credits when appending to an inline file Xin Long (1): netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info

6 years, 8 months

1
1
0 0

Linux 4.4.162

by Greg KH

I'm announcing the release of the 4.4.162 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/net/macb.txt | 1 Documentation/kernel-parameters.txt | 5 - Makefile | 2 arch/arc/Makefile | 14 --- arch/arm/boot/dts/sama5d3_emac.dtsi | 2 arch/powerpc/kernel/tm.S | 20 ++++ arch/x86/crypto/crc32c-intel_glue.c | 17 ---- arch/x86/include/asm/cpufeatures.h | 1 arch/x86/include/asm/fpu/internal.h | 37 --------- arch/x86/include/asm/fpu/types.h | 34 -------- arch/x86/include/asm/kvm_host.h | 1 arch/x86/kernel/fpu/core.c | 41 +-------- arch/x86/kernel/fpu/signal.c | 8 - arch/x86/kvm/cpuid.c | 5 - arch/x86/kvm/x86.c | 10 -- drivers/clocksource/timer-ti-32k.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 drivers/hv/hv_fcopy.c | 2 drivers/hv/hv_kvp.c | 40 +++++++++ drivers/hv/hv_snapshot.c | 4 drivers/hv/hv_util.c | 1 drivers/hv/hyperv_vmbus.h | 5 + drivers/i2c/busses/i2c-scmi.c | 1 drivers/input/keyboard/atakbd.c | 74 ++++++------------ drivers/media/usb/dvb-usb-v2/af9035.c | 6 - drivers/mfd/omap-usb-host.c | 11 +- drivers/net/bonding/bond_main.c | 43 ++++------ drivers/net/ethernet/broadcom/bcmsysport.c | 22 ++--- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 ++- drivers/net/ethernet/cadence/macb.c | 8 + drivers/net/ethernet/marvell/mvpp2.c | 10 +- drivers/net/ethernet/mellanox/mlx4/eq.c | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic.h | 8 + drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.h | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.h | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c | 12 +- drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 - drivers/net/team/team.c | 5 + drivers/net/usb/smsc75xx.c | 1 drivers/usb/gadget/function/u_serial.c | 2 drivers/usb/host/xhci-hub.c | 18 ++-- drivers/video/fbdev/aty/atyfb.h | 3 drivers/video/fbdev/aty/atyfb_base.c | 7 - drivers/video/fbdev/aty/mach64_ct.c | 10 +- fs/ext4/xattr.c | 22 +++-- fs/jffs2/xattr.c | 6 - include/linux/hyperv.h | 1 include/linux/netdevice.h | 7 + include/net/bonding.h | 7 - include/net/ip_fib.h | 1 mm/vmstat.c | 1 net/core/dev.c | 28 ++++++ net/core/rtnetlink.c | 6 + net/ipv4/fib_frontend.c | 12 +- net/ipv4/fib_semantics.c | 50 ++++++++++++ net/ipv4/ip_sockglue.c | 3 net/ipv4/ip_tunnel.c | 9 ++ net/ipv6/addrconf.c | 4 net/ipv6/ip6_tunnel.c | 13 ++- net/netlabel/netlabel_unlabeled.c | 3 sound/hda/hdac_controller.c | 8 + sound/soc/codecs/sigmadsp.c | 3 sound/soc/codecs/wm8804-i2c.c | 15 +++ tools/perf/scripts/python/export-to-postgresql.py | 9 ++ tools/testing/selftests/efivarfs/config | 1 66 files changed, 396 insertions(+), 339 deletions(-) Adrian Hunter (1): perf script python: Fix export-to-postgresql.py occasional failure Alexey Brodkin (1): ARC: build: Get rid of toolchain check Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Andreas Schwab (1): Input: atakbd - fix Atari keymap Andy Lutomirski (2): x86/fpu: Remove use_eager_fpu() x86/fpu: Finish excising 'eagerfpu' Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit Edgar Cherkasov (1): i2c: i2c-scmi: fix for i2c_smbus_write_block_data Eric Dumazet (2): ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 Florian Fainelli (1): net: systemport: Fix wake-up interrupt race during resume Greg Kroah-Hartman (1): Linux 4.4.162 Hou Tao (1): jffs2: return -ERANGE when xattr buffer is too small Ido Schimmel (1): team: Forbid enslaving team device to itself Jann Horn (1): mm/vmstat.c: fix outdated vmstat_text Jeff Barnhill (1): net/ipv6: Display all addresses in output of /proc/net/if_inet6 Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Jozef Balga (1): media: af9035: prevent buffer overflow on write K. Y. Srinivasan (2): Drivers: hv: utils: Invoke the poll function after handshake Drivers: hv: util: Pass the channel information during the init call Keerthy (1): clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs Lei Yang (1): selftests/efivarfs: add required kernel configs Long Li (1): HV: properly delay KVP packets when negotiation is in progress Mahesh Bandewar (1): bonding: avoid possible dead-lock Mathias Nyman (1): xhci: Don't print a warning when setting link state for disabled ports Maxime Chevallier (1): net: mvpp2: Extract the correct ethtype from the skb for tx csum offload Michael Chan (1): bnxt_en: Fix TX timeout during netpoll. Michael Neuling (2): powerpc/tm: Fix userspace r13 corruption powerpc/tm: Avoid possible userspace r1 corruption on reclaim Michael Schmitz (1): Input: atakbd - fix Atari CapsLock behaviour Mikulas Patocka (1): mach64: detect the dot clock divider correctly on sparc Nathan Chancellor (1): net/mlx4: Use cpumask_available for eq->affinity_mask Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Paolo Abeni (2): ip6_tunnel: be careful when accessing the inner header ip_tunnel: be careful when accessing the inner header Paolo Bonzini (1): KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Rik van Riel (1): x86/fpu: Remove struct fpu::counter Sabrina Dubroca (1): net: ipv4: update fnhe_pmtu when first hop's MTU changes Sean Tranchetti (1): netlabel: check for IPV4MASK in addrinfo_get Shahed Shaikh (1): qlcnic: fix Tx descriptor corruption on 82xx devices Stephen Warren (1): usb: gadget: serial: fix oops when data rx'd after close Theodore Ts'o (1): ext4: add corruption check in ext4_xattr_set_entry() Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Vitaly Kuznetsov (1): Drivers: hv: kvp: fix IP Failover Yu Zhao (2): sound: enable interrupt after dma buffer initialization net/usb: cancel pending work when unbinding smsc75xx

6 years, 8 months

1
1
0 0

[PATCH 4.18 00/53] 4.18.16-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.16 release. There are 53 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Oct 20 17:53:52 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.16-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.16-rc1 Alexey Brodkin <abrodkin(a)synopsys.com> ARC: build: Don't set CROSS_COMPILE in arch's Makefile Alexey Brodkin <abrodkin(a)synopsys.com> ARC: build: Get rid of toolchain check Linus Torvalds <torvalds(a)linux-foundation.org> mremap: properly flush TLB before releasing the page Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "vfs: fix freeze protection in mnt_want_write_file() for overlayfs" Kairui Song <kasong(a)redhat.com> x86/boot: Fix kexec booting failure in the SEV bit detection code Arindam Nath <arindam.nath(a)amd.com> iommu/amd: Return devid as alias for ACPI HID devices Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> powerpc/numa: Use associativity if VPHN hcall is successful Michael Neuling <mikey(a)neuling.org> powerpc/tm: Avoid possible userspace r1 corruption on reclaim Michael Neuling <mikey(a)neuling.org> powerpc/tm: Fix userspace r13 corruption Daniel Kurtz <djkurtz(a)chromium.org> pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type Heiko Stuebner <heiko(a)sntech.de> iommu/rockchip: Free irqs in shutdown handler James Cowgill <jcowgill(a)debian.org> RISC-V: include linux/ftrace.h in asm-prototypes.h Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix system crash during RDMA resource initialization Tao Ren <taoren(a)fb.com> clocksource/drivers/fttmr010: Fix set_next_event handler Nathan Chancellor <natechancellor(a)gmail.com> net/mlx4: Use cpumask_available for eq->affinity_mask John Fastabend <john.fastabend(a)gmail.com> bpf: test_maps, only support ESTABLISHED socks John Fastabend <john.fastabend(a)gmail.com> bpf: sockmap, fix transition through disconnect without close John Fastabend <john.fastabend(a)gmail.com> bpf: sockmap only allow ESTABLISHED sock state Johannes Thumshirn <jthumshirn(a)suse.de> scsi: sd: don't crash the host on invalid commands Wen Xiong <wenxiong(a)linux.vnet.ibm.com> scsi: ipr: System hung while dlpar adding primary ipr adapter back Alexandru Gheorghe <alexandru-cosmin.gheorghe(a)arm.com> drm: mali-dp: Call drm_crtc_vblank_reset on device init James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Synchronize access to remoteport via rport Majd Dibbiny <majd(a)mellanox.com> RDMA/uverbs: Fix validity check for modify QP Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> PCI: dwc: Fix scheduling while atomic issues Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Do not add VLAN 0 tag to untagged frames in multi-function mode. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Fix populating the invalid stag value in multi function mode. YueHaibing <yuehaibing(a)huawei.com> net/smc: fix sizeof to int comparison Ursula Braun <ubraun(a)linux.ibm.com> net/smc: fix non-blocking connect problem Kazuya Mizuguchi <kazuya.mizuguchi.ks(a)renesas.com> ravb: do not write 1 to reserved bits Christian Lamparter <chunkeey(a)gmail.com> net: emac: fix fixed-link setup for the RTL8363SB switch Sabrina Dubroca <sd(a)queasysnail.net> selftests: pmtu: properly redirect stderr to /dev/null Michael Schmitz <schmitzmic(a)gmail.com> Input: atakbd - fix Atari CapsLock behaviour Andreas Schwab <schwab(a)linux-m68k.org> Input: atakbd - fix Atari keymap Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Ice Lake PCH support Laura Abbott <labbott(a)redhat.com> scsi: ibmvscsis: Ensure partition name is properly NUL terminated Laura Abbott <labbott(a)redhat.com> scsi: ibmvscsis: Fix a stringop-overflow warning Keerthy <j-keerthy(a)ti.com> clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs Steve Wise <swise(a)opengridcomputing.com> cxgb4: fix abort_req_rss6 struct Marek Lindner <mareklindner(a)neomailbox.ch> batman-adv: fix hardif_neigh refcount on queue_work() failure Marek Lindner <mareklindner(a)neomailbox.ch> batman-adv: fix backbone_gw refcount on queue_work() failure Sven Eckelmann <sven(a)narfation.org> batman-adv: Prevent duplicated tvlv handler Sven Eckelmann <sven(a)narfation.org> batman-adv: Prevent duplicated global TT entry Sven Eckelmann <sven(a)narfation.org> batman-adv: Prevent duplicated softif_vlan entry Sven Eckelmann <sven(a)narfation.org> batman-adv: Prevent duplicated nc_node entry Sven Eckelmann <sven(a)narfation.org> batman-adv: Prevent duplicated gateway_node entry Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix segfault when writing to sysfs elp_interval Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix segfault when writing to throughput_override Sven Eckelmann <sven(a)narfation.org> batman-adv: Avoid probe ELP information leak Linus Walleij <linus.walleij(a)linaro.org> spi: gpio: Fix copy-and-paste error Jozef Balga <jozef.balga(a)gmail.com> media: af9035: prevent buffer overflow on write Sanyog Kale <sanyog.r.kale(a)intel.com> soundwire: Fix acquiring bus lock twice during master release Shreyas NC <shreyas.nc(a)intel.com> soundwire: Fix incorrect exit after configuring stream Shreyas NC <shreyas.nc(a)intel.com> soundwire: Fix duplicate stream state assignment ------------- Diffstat: Makefile | 4 +- arch/arc/Makefile | 24 +----- arch/powerpc/kernel/tm.S | 20 ++++- arch/powerpc/mm/numa.c | 4 +- arch/riscv/include/asm/asm-prototypes.h | 7 ++ arch/x86/boot/compressed/mem_encrypt.S | 19 ----- drivers/clocksource/timer-fttmr010.c | 18 +++-- drivers/clocksource/timer-ti-32k.c | 3 + drivers/gpu/drm/arm/malidp_drv.c | 1 + drivers/hwtracing/intel_th/pci.c | 5 ++ drivers/infiniband/core/uverbs_cmd.c | 68 +++++++++++------ drivers/infiniband/hw/bnxt_re/main.c | 93 ++++++++++------------- drivers/input/keyboard/atakbd.c | 74 +++++++------------ drivers/iommu/amd_iommu.c | 6 ++ drivers/iommu/rockchip-iommu.c | 6 ++ drivers/media/usb/dvb-usb-v2/af9035.c | 6 +- drivers/net/ethernet/chelsio/cxgb4/t4_msg.h | 1 - drivers/net/ethernet/ibm/emac/core.c | 15 ++-- drivers/net/ethernet/mellanox/mlx4/eq.c | 3 +- drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 9 ++- drivers/net/ethernet/qlogic/qed/qed_dcbx.h | 1 + drivers/net/ethernet/qlogic/qed/qed_dev.c | 15 +++- drivers/net/ethernet/qlogic/qed/qed_hsi.h | 4 + drivers/net/ethernet/renesas/ravb.h | 5 ++ drivers/net/ethernet/renesas/ravb_main.c | 11 +-- drivers/net/ethernet/renesas/ravb_ptp.c | 2 +- drivers/pci/controller/dwc/pcie-designware.c | 8 +- drivers/pci/controller/dwc/pcie-designware.h | 3 +- drivers/pinctrl/pinctrl-amd.c | 33 ++++++--- drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 5 +- drivers/scsi/ipr.c | 106 +++++++++++++++------------ drivers/scsi/ipr.h | 1 + drivers/scsi/lpfc/lpfc_attr.c | 15 ++-- drivers/scsi/lpfc/lpfc_debugfs.c | 10 +-- drivers/scsi/lpfc/lpfc_nvme.c | 11 ++- drivers/scsi/sd.c | 3 +- drivers/soundwire/stream.c | 23 ++++-- drivers/spi/spi-gpio.c | 4 +- fs/namespace.c | 7 +- include/linux/huge_mm.h | 2 +- kernel/bpf/sockmap.c | 91 ++++++++++++++++++----- mm/huge_memory.c | 10 +-- mm/mremap.c | 30 ++++---- net/batman-adv/bat_v_elp.c | 10 ++- net/batman-adv/bridge_loop_avoidance.c | 10 ++- net/batman-adv/gateway_client.c | 11 ++- net/batman-adv/network-coding.c | 27 ++++--- net/batman-adv/soft-interface.c | 25 +++++-- net/batman-adv/sysfs.c | 30 +++++--- net/batman-adv/translation-table.c | 6 +- net/batman-adv/tvlv.c | 8 +- net/smc/af_smc.c | 7 +- net/smc/smc_clc.c | 14 ++-- tools/testing/selftests/bpf/test_maps.c | 10 ++- tools/testing/selftests/net/pmtu.sh | 4 +- 55 files changed, 563 insertions(+), 385 deletions(-)

6 years, 8 months

4
59
0 0

[PATCH 2/3] tracing: Fix synthetic event to allow semicolon at end

by Steven Rostedt

From: Masami Hiramatsu <mhiramat(a)kernel.org> Fix synthetic event to allow independent semicolon at end. The synthetic_events interface accepts a semicolon after the last word if there is no space. # echo "myevent u64 var;" >> synthetic_events But if there is a space, it returns an error. # echo "myevent u64 var ;" > synthetic_events sh: write error: Invalid argument This behavior is difficult for users to understand. Let's allow the last independent semicolon too. Link: http://lkml.kernel.org/r/153986835420.18251.2191216690677025744.stgit@devbox Cc: Shuah Khan <shuah(a)kernel.org> Cc: Tom Zanussi <tom.zanussi(a)linux.intel.com> Cc: stable(a)vger.kernel.org Fixes: commit 4b147936fa50 ("tracing: Add support for 'synthetic' events") Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_events_hist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 6ff83941065a..d239004aaf29 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -1088,7 +1088,7 @@ static int create_synth_event(int argc, char **argv) i += consumed - 1; } - if (i < argc) { + if (i < argc && strcmp(argv[i], ";") != 0) { ret = -EINVAL; goto err; } -- 2.19.0

6 years, 8 months

1
0
0 0

[PATCH 1/3] tracing: Fix synthetic event to accept unsigned modifier

by Steven Rostedt

From: Masami Hiramatsu <mhiramat(a)kernel.org> Fix synthetic event to accept unsigned modifier for its field type correctly. Currently, synthetic_events interface returns error for "unsigned" modifiers as below; # echo "myevent unsigned long var" >> synthetic_events sh: write error: Invalid argument This is because argv_split() breaks "unsigned long" into "unsigned" and "long", but parse_synth_field() doesn't expected it. With this fix, synthetic_events can handle the "unsigned long" correctly like as below; # echo "myevent unsigned long var" >> synthetic_events # cat synthetic_events myevent unsigned long var Link: http://lkml.kernel.org/r/153986832571.18251.8448135724590496531.stgit@devbox Cc: Shuah Khan <shuah(a)kernel.org> Cc: Tom Zanussi <tom.zanussi(a)linux.intel.com> Cc: stable(a)vger.kernel.org Fixes: commit 4b147936fa50 ("tracing: Add support for 'synthetic' events") Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_events_hist.c | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 85f6b01431c7..6ff83941065a 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -738,16 +738,30 @@ static void free_synth_field(struct synth_field *field) kfree(field); } -static struct synth_field *parse_synth_field(char *field_type, - char *field_name) +static struct synth_field *parse_synth_field(int argc, char **argv, + int *consumed) { struct synth_field *field; + const char *prefix = NULL; + char *field_type = argv[0], *field_name; int len, ret = 0; char *array; if (field_type[0] == ';') field_type++; + if (!strcmp(field_type, "unsigned")) { + if (argc < 3) + return ERR_PTR(-EINVAL); + prefix = "unsigned "; + field_type = argv[1]; + field_name = argv[2]; + *consumed = 3; + } else { + field_name = argv[1]; + *consumed = 2; + } + len = strlen(field_name); if (field_name[len - 1] == ';') field_name[len - 1] = '\0'; @@ -760,11 +774,15 @@ static struct synth_field *parse_synth_field(char *field_type, array = strchr(field_name, '['); if (array) len += strlen(array); + if (prefix) + len += strlen(prefix); field->type = kzalloc(len, GFP_KERNEL); if (!field->type) { ret = -ENOMEM; goto free; } + if (prefix) + strcat(field->type, prefix); strcat(field->type, field_type); if (array) { strcat(field->type, array); @@ -1009,7 +1027,7 @@ static int create_synth_event(int argc, char **argv) struct synth_field *field, *fields[SYNTH_FIELDS_MAX]; struct synth_event *event = NULL; bool delete_event = false; - int i, n_fields = 0, ret = 0; + int i, consumed = 0, n_fields = 0, ret = 0; char *name; mutex_lock(&synth_event_mutex); @@ -1061,13 +1079,13 @@ static int create_synth_event(int argc, char **argv) goto err; } - field = parse_synth_field(argv[i], argv[i + 1]); + field = parse_synth_field(argc - i, &argv[i], &consumed); if (IS_ERR(field)) { ret = PTR_ERR(field); goto err; } - fields[n_fields] = field; - i++; n_fields++; + fields[n_fields++] = field; + i += consumed - 1; } if (i < argc) { -- 2.19.0

6 years, 8 months

1
0
0 0

[PATCH v7 01/21] tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x

by Tomas Winkler

tpm_i2c_nuvoton calculated commands duration using TPM 1.x values via tpm_calc_ordinal_duration() also for TPM 2.x chips. Call tpm2_calc_ordinal_duration() for retrieving ordinal duration for TPM 2.X chips. Cc: stable(a)vger.kernel.org Cc: Nayna Jain <nayna(a)linux.vnet.ibm.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Reviewed-by: Nayna Jain <nayna(a)linux.ibm.com> Tested-by: Nayna Jain <nayna(a)linux.ibm.com> (For TPM 2.0) --- V7: new in the series. drivers/char/tpm/tpm_i2c_nuvoton.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/char/tpm/tpm_i2c_nuvoton.c b/drivers/char/tpm/tpm_i2c_nuvoton.c index caa86b19c76d..f74f451baf6a 100644 --- a/drivers/char/tpm/tpm_i2c_nuvoton.c +++ b/drivers/char/tpm/tpm_i2c_nuvoton.c @@ -369,6 +369,7 @@ static int i2c_nuvoton_send(struct tpm_chip *chip, u8 *buf, size_t len) struct device *dev = chip->dev.parent; struct i2c_client *client = to_i2c_client(dev); u32 ordinal; + unsigned long duration; size_t count = 0; int burst_count, bytes2write, retries, rc = -EIO; @@ -455,10 +456,12 @@ static int i2c_nuvoton_send(struct tpm_chip *chip, u8 *buf, size_t len) return rc; } ordinal = be32_to_cpu(*((__be32 *) (buf + 6))); - rc = i2c_nuvoton_wait_for_data_avail(chip, - tpm_calc_ordinal_duration(chip, - ordinal), - &priv->read_queue); + if (chip->flags & TPM_CHIP_FLAG_TPM2) + duration = tpm2_calc_ordinal_duration(chip, ordinal); + else + duration = tpm_calc_ordinal_duration(chip, ordinal); + + rc = i2c_nuvoton_wait_for_data_avail(chip, duration, &priv->read_queue); if (rc) { dev_err(dev, "%s() timeout command duration\n", __func__); i2c_nuvoton_ready(chip); -- 2.14.4

6 years, 8 months

2
1
0 0

[PATCH 4.9 00/35] 4.9.135-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.135 release. There are 35 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Oct 20 17:54:00 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.135-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.135-rc1 Long Li <longli(a)microsoft.com> HV: properly delay KVP packets when negotiation is in progress Theodore Ts'o <tytso(a)mit.edu> ext4: avoid running out of journal credits when appending to an inline file Frederic Weisbecker <fweisbec(a)gmail.com> sched/cputime: Fix ksoftirqd cputime accounting regression Frederic Weisbecker <fweisbec(a)gmail.com> sched/cputime: Increment kcpustat directly on irqtime account Frederic Weisbecker <fweisbec(a)gmail.com> macintosh/rack-meter: Convert cputime64_t use to u64 Frederic Weisbecker <fweisbec(a)gmail.com> sched/cputime: Convert kcpustat to nsecs Stephen Warren <swarren(a)nvidia.com> usb: gadget: serial: fix oops when data rx'd after close Natanael Copa <ncopa(a)alpinelinux.org> HID: quirks: fix support for Apple Magic Keyboards Alexey Brodkin <abrodkin(a)synopsys.com> ARC: build: Don't set CROSS_COMPILE in arch's Makefile Alexey Brodkin <abrodkin(a)synopsys.com> ARC: build: Get rid of toolchain check Xin Long <lucien.xin(a)gmail.com> netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info Jan Kara <jack(a)suse.cz> mm: Preserve _PAGE_DEVMAP across mprotect() calls Linus Torvalds <torvalds(a)linux-foundation.org> mremap: properly flush TLB before releasing the page Arindam Nath <arindam.nath(a)amd.com> iommu/amd: Return devid as alias for ACPI HID devices Michael Neuling <mikey(a)neuling.org> powerpc/tm: Avoid possible userspace r1 corruption on reclaim Michael Neuling <mikey(a)neuling.org> powerpc/tm: Fix userspace r13 corruption James Cowgill <jcowgill(a)debian.org> RISC-V: include linux/ftrace.h in asm-prototypes.h Nathan Chancellor <natechancellor(a)gmail.com> net/mlx4: Use cpumask_available for eq->affinity_mask Johannes Thumshirn <jthumshirn(a)suse.de> scsi: sd: don't crash the host on invalid commands Alexandru Gheorghe <alexandru-cosmin.gheorghe(a)arm.com> drm: mali-dp: Call drm_crtc_vblank_reset on device init Kazuya Mizuguchi <kazuya.mizuguchi.ks(a)renesas.com> ravb: do not write 1 to reserved bits Michael Schmitz <schmitzmic(a)gmail.com> Input: atakbd - fix Atari CapsLock behaviour Andreas Schwab <schwab(a)linux-m68k.org> Input: atakbd - fix Atari keymap Laura Abbott <labbott(a)redhat.com> scsi: ibmvscsis: Ensure partition name is properly NUL terminated Laura Abbott <labbott(a)redhat.com> scsi: ibmvscsis: Fix a stringop-overflow warning Keerthy <j-keerthy(a)ti.com> clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs Marek Lindner <mareklindner(a)neomailbox.ch> batman-adv: fix hardif_neigh refcount on queue_work() failure Marek Lindner <mareklindner(a)neomailbox.ch> batman-adv: fix backbone_gw refcount on queue_work() failure Sven Eckelmann <sven(a)narfation.org> batman-adv: Prevent duplicated tvlv handler Sven Eckelmann <sven(a)narfation.org> batman-adv: Prevent duplicated global TT entry Sven Eckelmann <sven(a)narfation.org> batman-adv: Prevent duplicated softif_vlan entry Sven Eckelmann <sven(a)narfation.org> batman-adv: Prevent duplicated nc_node entry Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix segfault when writing to sysfs elp_interval Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix segfault when writing to throughput_override Jozef Balga <jozef.balga(a)gmail.com> media: af9035: prevent buffer overflow on write ------------- Diffstat: Makefile | 4 +- arch/arc/Makefile | 24 +--------- arch/powerpc/kernel/tm.S | 20 +++++++-- arch/riscv/include/asm/asm-prototypes.h | 7 +++ arch/s390/appldata/appldata_os.c | 16 +++---- arch/x86/include/asm/pgtable_types.h | 2 +- drivers/clocksource/timer-ti-32k.c | 3 ++ drivers/cpufreq/cpufreq.c | 6 +-- drivers/cpufreq/cpufreq_governor.c | 2 +- drivers/cpufreq/cpufreq_stats.c | 1 - drivers/gpu/drm/arm/malidp_drv.c | 1 + drivers/hid/hid-core.c | 3 ++ drivers/hv/hv_kvp.c | 13 +++--- drivers/input/keyboard/atakbd.c | 74 ++++++++++++------------------- drivers/iommu/amd_iommu.c | 6 +++ drivers/macintosh/rack-meter.c | 28 ++++++------ drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++- drivers/net/ethernet/mellanox/mlx4/eq.c | 3 +- drivers/net/ethernet/renesas/ravb.h | 5 +++ drivers/net/ethernet/renesas/ravb_main.c | 11 ++--- drivers/net/ethernet/renesas/ravb_ptp.c | 2 +- drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 5 +-- drivers/scsi/sd.c | 3 +- drivers/usb/gadget/function/u_serial.c | 2 +- fs/ext4/ext4.h | 3 -- fs/ext4/inline.c | 38 +--------------- fs/ext4/xattr.c | 18 +------- fs/proc/stat.c | 68 ++++++++++++++--------------- fs/proc/uptime.c | 7 +-- include/linux/huge_mm.h | 2 +- kernel/sched/cpuacct.c | 2 +- kernel/sched/cputime.c | 75 ++++++++++++++------------------ kernel/sched/sched.h | 12 +++-- mm/huge_memory.c | 10 ++--- mm/mremap.c | 30 ++++++------- net/batman-adv/bat_v_elp.c | 8 +++- net/batman-adv/bridge_loop_avoidance.c | 10 ++++- net/batman-adv/network-coding.c | 27 +++++++----- net/batman-adv/soft-interface.c | 25 ++++++++--- net/batman-adv/sysfs.c | 30 ++++++++----- net/batman-adv/translation-table.c | 6 ++- net/batman-adv/tvlv.c | 8 +++- net/netfilter/nf_nat_core.c | 2 +- 43 files changed, 303 insertions(+), 325 deletions(-)

6 years, 8 months

5
40
0 0

[PATCH 2/6] mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly v3

by jglisse＠redhat.com

From: Ralph Campbell <rcampbell(a)nvidia.com> Private ZONE_DEVICE pages use a special pte entry and thus are not present. Properly handle this case in map_pte(), it is already handled in check_pte(), the map_pte() part was lost in some rebase most probably. Without this patch the slow migration path can not migrate back to any private ZONE_DEVICE memory to regular memory. This was found after stress testing migration back to system memory. This ultimatly can lead to the CPU constantly page fault looping on the special swap entry. Changes since v2: - add comments explaining what is going on Changes since v1: - properly lock pte directory in map_pte() Signed-off-by: Ralph Campbell <rcampbell(a)nvidia.com> Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Reviewed-by: Balbir Singh <bsingharora(a)gmail.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- mm/page_vma_mapped.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/mm/page_vma_mapped.c b/mm/page_vma_mapped.c index ae3c2a35d61b..11df03e71288 100644 --- a/mm/page_vma_mapped.c +++ b/mm/page_vma_mapped.c @@ -21,7 +21,29 @@ static bool map_pte(struct page_vma_mapped_walk *pvmw) if (!is_swap_pte(*pvmw->pte)) return false; } else { - if (!pte_present(*pvmw->pte)) + /* + * We get here when we are trying to unmap a private + * device page from the process address space. Such + * page is not CPU accessible and thus is mapped as + * a special swap entry, nonetheless it still does + * count as a valid regular mapping for the page (and + * is accounted as such in page maps count). + * + * So handle this special case as if it was a normal + * page mapping ie lock CPU page table and returns + * true. + * + * For more details on device private memory see HMM + * (include/linux/hmm.h or mm/hmm.c). + */ + if (is_swap_pte(*pvmw->pte)) { + swp_entry_t entry; + + /* Handle un-addressable ZONE_DEVICE memory */ + entry = pte_to_swp_entry(*pvmw->pte); + if (!is_device_private_entry(entry)) + return false; + } else if (!pte_present(*pvmw->pte)) return false; } } -- 2.17.2

6 years, 8 months

1
0
0 0

[PATCH v2] fsnotify: Fix busy inodes during unmount

by Jan Kara

Detaching of mark connector from fsnotify_put_mark() can race with unmounting of the filesystem like: CPU1 CPU2 fsnotify_put_mark() spin_lock(&conn->lock); ... inode = fsnotify_detach_connector_from_object(conn) spin_unlock(&conn->lock); generic_shutdown_super() fsnotify_unmount_inodes() sees connector detached for inode -> nothing to do evict_inode() barfs on pending inode reference iput(inode); Resulting in "Busy inodes after unmount" message and possible kernel oops. Make fsnotify_unmount_inodes() properly wait for outstanding inode references from detached connectors. Note that the accounting of outstanding inode references in the superblock can cause some cacheline contention on the counter. OTOH it happens only during deletion of the last notification mark from an inode (or during unlinking of watched inode) and that is not too bad. I have measured time to create & delete inotify watch 100000 times from 64 processes in parallel (each process having its own inotify group and its own file on a shared superblock) on a 64 CPU machine. Average and standard deviation of 15 runs look like: Avg Stddev Vanilla 9.817400 0.276165 Fixed 9.710467 0.228294 So there's no statistically significant difference. Fixes: 6b3f05d24d35 ("fsnotify: Detach mark from object list when last reference is dropped") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/notify/fsnotify.c | 3 +++ fs/notify/mark.c | 39 +++++++++++++++++++++++++++++++-------- include/linux/fs.h | 3 +++ 3 files changed, 37 insertions(+), 8 deletions(-) Changes since v1: * added Fixes tag * improved fsnotify_drop_object to take object type diff --git a/fs/notify/fsnotify.c b/fs/notify/fsnotify.c index f174397b63a0..00d4f4357724 100644 --- a/fs/notify/fsnotify.c +++ b/fs/notify/fsnotify.c @@ -96,6 +96,9 @@ void fsnotify_unmount_inodes(struct super_block *sb) if (iput_inode) iput(iput_inode); + /* Wait for outstanding inode references from connectors */ + wait_var_event(&sb->s_fsnotify_inode_refs, + !atomic_long_read(&sb->s_fsnotify_inode_refs)); } /* diff --git a/fs/notify/mark.c b/fs/notify/mark.c index 59cdb27826de..f4e330b5b379 100644 --- a/fs/notify/mark.c +++ b/fs/notify/mark.c @@ -179,17 +179,20 @@ static void fsnotify_connector_destroy_workfn(struct work_struct *work) } } -static struct inode *fsnotify_detach_connector_from_object( - struct fsnotify_mark_connector *conn) +static void *fsnotify_detach_connector_from_object( + struct fsnotify_mark_connector *conn, + unsigned int *type) { struct inode *inode = NULL; + *type = conn->type; if (conn->type == FSNOTIFY_OBJ_TYPE_DETACHED) return NULL; if (conn->type == FSNOTIFY_OBJ_TYPE_INODE) { inode = fsnotify_conn_inode(conn); inode->i_fsnotify_mask = 0; + atomic_long_inc(&inode->i_sb->s_fsnotify_inode_refs); } else if (conn->type == FSNOTIFY_OBJ_TYPE_VFSMOUNT) { fsnotify_conn_mount(conn)->mnt_fsnotify_mask = 0; } @@ -211,10 +214,29 @@ static void fsnotify_final_mark_destroy(struct fsnotify_mark *mark) fsnotify_put_group(group); } +/* Drop object reference originally held by a connector */ +static void fsnotify_drop_object(unsigned int type, void *objp) +{ + struct inode *inode; + struct super_block *sb; + + if (!objp) + return; + /* Currently only inode references are passed to be dropped */ + if (WARN_ON_ONCE(type != FSNOTIFY_OBJ_TYPE_INODE)) + return; + inode = objp; + sb = inode->i_sb; + iput(inode); + if (atomic_long_dec_and_test(&sb->s_fsnotify_inode_refs)) + wake_up_var(&sb->s_fsnotify_inode_refs); +} + void fsnotify_put_mark(struct fsnotify_mark *mark) { struct fsnotify_mark_connector *conn; - struct inode *inode = NULL; + void *objp = NULL; + unsigned int type; bool free_conn = false; /* Catch marks that were actually never attached to object */ @@ -234,7 +256,7 @@ void fsnotify_put_mark(struct fsnotify_mark *mark) conn = mark->connector; hlist_del_init_rcu(&mark->obj_list); if (hlist_empty(&conn->list)) { - inode = fsnotify_detach_connector_from_object(conn); + objp = fsnotify_detach_connector_from_object(conn, &type); free_conn = true; } else { __fsnotify_recalc_mask(conn); @@ -242,7 +264,7 @@ void fsnotify_put_mark(struct fsnotify_mark *mark) mark->connector = NULL; spin_unlock(&conn->lock); - iput(inode); + fsnotify_drop_object(type, objp); if (free_conn) { spin_lock(&destroy_lock); @@ -709,7 +731,8 @@ void fsnotify_destroy_marks(fsnotify_connp_t *connp) { struct fsnotify_mark_connector *conn; struct fsnotify_mark *mark, *old_mark = NULL; - struct inode *inode; + void *objp; + unsigned int type; conn = fsnotify_grab_connector(connp); if (!conn) @@ -735,11 +758,11 @@ void fsnotify_destroy_marks(fsnotify_connp_t *connp) * mark references get dropped. It would lead to strange results such * as delaying inode deletion or blocking unmount. */ - inode = fsnotify_detach_connector_from_object(conn); + objp = fsnotify_detach_connector_from_object(conn, &type); spin_unlock(&conn->lock); if (old_mark) fsnotify_put_mark(old_mark); - iput(inode); + fsnotify_drop_object(type, objp); } /* diff --git a/include/linux/fs.h b/include/linux/fs.h index 33322702c910..5090f3dcec3b 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1428,6 +1428,9 @@ struct super_block { /* Number of inodes with nlink == 0 but still referenced */ atomic_long_t s_remove_count; + /* Pending fsnotify inode refs */ + atomic_long_t s_fsnotify_inode_refs; + /* Being remounted read-only */ int s_readonly_remount; -- 2.16.4

6 years, 8 months

2
2
0 0

[PATCH v3] fsnotify: Fix busy inodes during unmount

by Jan Kara

Detaching of mark connector from fsnotify_put_mark() can race with unmounting of the filesystem like: CPU1 CPU2 fsnotify_put_mark() spin_lock(&conn->lock); ... inode = fsnotify_detach_connector_from_object(conn) spin_unlock(&conn->lock); generic_shutdown_super() fsnotify_unmount_inodes() sees connector detached for inode -> nothing to do evict_inode() barfs on pending inode reference iput(inode); Resulting in "Busy inodes after unmount" message and possible kernel oops. Make fsnotify_unmount_inodes() properly wait for outstanding inode references from detached connectors. Note that the accounting of outstanding inode references in the superblock can cause some cacheline contention on the counter. OTOH it happens only during deletion of the last notification mark from an inode (or during unlinking of watched inode) and that is not too bad. I have measured time to create & delete inotify watch 100000 times from 64 processes in parallel (each process having its own inotify group and its own file on a shared superblock) on a 64 CPU machine. Average and standard deviation of 15 runs look like: Avg Stddev Vanilla 9.817400 0.276165 Fixed 9.710467 0.228294 So there's no statistically significant difference. Fixes: 6b3f05d24d35 ("fsnotify: Detach mark from object list when last reference is dropped") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/notify/fsnotify.c | 3 +++ fs/notify/mark.c | 39 +++++++++++++++++++++++++++++++-------- include/linux/fs.h | 3 +++ 3 files changed, 37 insertions(+), 8 deletions(-) Changes since v2: * fixed uninitialized warning Changes since v1: * added Fixes tag * fsnotify_drop_object() now takes type diff --git a/fs/notify/fsnotify.c b/fs/notify/fsnotify.c index f174397b63a0..00d4f4357724 100644 --- a/fs/notify/fsnotify.c +++ b/fs/notify/fsnotify.c @@ -96,6 +96,9 @@ void fsnotify_unmount_inodes(struct super_block *sb) if (iput_inode) iput(iput_inode); + /* Wait for outstanding inode references from connectors */ + wait_var_event(&sb->s_fsnotify_inode_refs, + !atomic_long_read(&sb->s_fsnotify_inode_refs)); } /* diff --git a/fs/notify/mark.c b/fs/notify/mark.c index 59cdb27826de..09535f6423fc 100644 --- a/fs/notify/mark.c +++ b/fs/notify/mark.c @@ -179,17 +179,20 @@ static void fsnotify_connector_destroy_workfn(struct work_struct *work) } } -static struct inode *fsnotify_detach_connector_from_object( - struct fsnotify_mark_connector *conn) +static void *fsnotify_detach_connector_from_object( + struct fsnotify_mark_connector *conn, + unsigned int *type) { struct inode *inode = NULL; + *type = conn->type; if (conn->type == FSNOTIFY_OBJ_TYPE_DETACHED) return NULL; if (conn->type == FSNOTIFY_OBJ_TYPE_INODE) { inode = fsnotify_conn_inode(conn); inode->i_fsnotify_mask = 0; + atomic_long_inc(&inode->i_sb->s_fsnotify_inode_refs); } else if (conn->type == FSNOTIFY_OBJ_TYPE_VFSMOUNT) { fsnotify_conn_mount(conn)->mnt_fsnotify_mask = 0; } @@ -211,10 +214,29 @@ static void fsnotify_final_mark_destroy(struct fsnotify_mark *mark) fsnotify_put_group(group); } +/* Drop object reference originally held by a connector */ +static void fsnotify_drop_object(unsigned int type, void *objp) +{ + struct inode *inode; + struct super_block *sb; + + if (!objp) + return; + /* Currently only inode references are passed to be dropped */ + if (WARN_ON_ONCE(type != FSNOTIFY_OBJ_TYPE_INODE)) + return; + inode = objp; + sb = inode->i_sb; + iput(inode); + if (atomic_long_dec_and_test(&sb->s_fsnotify_inode_refs)) + wake_up_var(&sb->s_fsnotify_inode_refs); +} + void fsnotify_put_mark(struct fsnotify_mark *mark) { struct fsnotify_mark_connector *conn; - struct inode *inode = NULL; + void *objp = NULL; + unsigned int type = FSNOTIFY_OBJ_TYPE_DETACHED; bool free_conn = false; /* Catch marks that were actually never attached to object */ @@ -234,7 +256,7 @@ void fsnotify_put_mark(struct fsnotify_mark *mark) conn = mark->connector; hlist_del_init_rcu(&mark->obj_list); if (hlist_empty(&conn->list)) { - inode = fsnotify_detach_connector_from_object(conn); + objp = fsnotify_detach_connector_from_object(conn, &type); free_conn = true; } else { __fsnotify_recalc_mask(conn); @@ -242,7 +264,7 @@ void fsnotify_put_mark(struct fsnotify_mark *mark) mark->connector = NULL; spin_unlock(&conn->lock); - iput(inode); + fsnotify_drop_object(type, objp); if (free_conn) { spin_lock(&destroy_lock); @@ -709,7 +731,8 @@ void fsnotify_destroy_marks(fsnotify_connp_t *connp) { struct fsnotify_mark_connector *conn; struct fsnotify_mark *mark, *old_mark = NULL; - struct inode *inode; + void *objp; + unsigned int type; conn = fsnotify_grab_connector(connp); if (!conn) @@ -735,11 +758,11 @@ void fsnotify_destroy_marks(fsnotify_connp_t *connp) * mark references get dropped. It would lead to strange results such * as delaying inode deletion or blocking unmount. */ - inode = fsnotify_detach_connector_from_object(conn); + objp = fsnotify_detach_connector_from_object(conn, &type); spin_unlock(&conn->lock); if (old_mark) fsnotify_put_mark(old_mark); - iput(inode); + fsnotify_drop_object(type, objp); } /* diff --git a/include/linux/fs.h b/include/linux/fs.h index 33322702c910..5090f3dcec3b 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1428,6 +1428,9 @@ struct super_block { /* Number of inodes with nlink == 0 but still referenced */ atomic_long_t s_remove_count; + /* Pending fsnotify inode refs */ + atomic_long_t s_fsnotify_inode_refs; + /* Being remounted read-only */ int s_readonly_remount; -- 2.16.4

6 years, 8 months

1
0
0 0

[PATCH] ACPICA: Use 'jiffies' as the time bassis for acpi_os_get_timer()

by Bart Van Assche

Since acpi_os_get_timer() may be called after the timer subsystem has been suspended, use the jiffies counter instead of ktime_get(). This patch avoids that the following warning is reported during hibernation: WARNING: CPU: 0 PID: 612 at kernel/time/timekeeping.c:751 ktime_get+0x116/0x120 RIP: 0010:ktime_get+0x116/0x120 Call Trace: acpi_os_get_timer+0xe/0x30 acpi_ds_exec_begin_control_op+0x175/0x1de acpi_ds_exec_begin_op+0x2c7/0x39a acpi_ps_create_op+0x573/0x5e4 acpi_ps_parse_loop+0x349/0x1220 acpi_ps_parse_aml+0x25b/0x6da acpi_ps_execute_method+0x327/0x41b acpi_ns_evaluate+0x4e9/0x6f5 acpi_ut_evaluate_object+0xd9/0x2f2 acpi_rs_get_method_data+0x8f/0x114 acpi_walk_resources+0x122/0x1b6 acpi_pci_link_get_current.isra.2+0x157/0x280 acpi_pci_link_set+0x32f/0x4a0 irqrouter_resume+0x58/0x80 syscore_resume+0x84/0x380 hibernation_snapshot+0x20c/0x4f0 hibernate+0x22d/0x3a6 state_store+0x99/0xa0 kobj_attr_store+0x37/0x50 sysfs_kf_write+0x87/0xa0 kernfs_fop_write+0x1a5/0x240 __vfs_write+0xd2/0x410 vfs_write+0x101/0x250 ksys_write+0xab/0x120 __x64_sys_write+0x43/0x50 do_syscall_64+0x71/0x220 entry_SYSCALL_64_after_hwframe+0x49/0xbe Fixes: 164a08cee135 ("ACPICA: Dispatcher: Introduce timeout mechanism for infinite loop detection") Reported-by: Fengguang Wu <fengguang.wu(a)intel.com> References: https://lists.01.org/pipermail/lkp/2018-April/008406.html Cc: Rafael J. Wysocki <rjw(a)rjwysocki.net> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Len Brown <lenb(a)kernel.org> Cc: Yu Chen <yu.c.chen(a)intel.com> Cc: Fengguang Wu <fengguang.wu(a)intel.com> Cc: linux-acpi(a)vger.kernel.org Cc: stable(a)vger.kernel.org Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/acpi/osl.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c index 8df9abfa947b..ed73f6fb0779 100644 --- a/drivers/acpi/osl.c +++ b/drivers/acpi/osl.c @@ -617,15 +617,18 @@ void acpi_os_stall(u32 us) } /* - * Support ACPI 3.0 AML Timer operand - * Returns 64-bit free-running, monotonically increasing timer - * with 100ns granularity + * Support ACPI 3.0 AML Timer operand. Returns a 64-bit free-running, + * monotonically increasing timer with 100ns granularity. Do not use + * ktime_get() to implement this function because this function may get + * called after timekeeping has been suspended. Note: calling this function + * after timekeeping has been suspended may lead to unexpected results + * because when timekeeping is suspended the jiffies counter is not + * incremented. See also timekeeping_suspend(). */ u64 acpi_os_get_timer(void) { - u64 time_ns = ktime_to_ns(ktime_get()); - do_div(time_ns, 100); - return time_ns; + return (get_jiffies_64() - INITIAL_JIFFIES) * + (ACPI_100NSEC_PER_SEC / HZ); } acpi_status acpi_os_read_port(acpi_io_address port, u32 * value, u32 width) -- 2.19.1.568.g152ad8e336-goog

6 years, 8 months

2
1
0 0

[PATCH v2] drm/sun4i: Fix an ulong overflow in the dotclock driver

by Boris Brezillon

The calculated ideal rate can easily overflow an unsigned long, thus making the best div selection buggy as soon as no ideal match is found before the overflow occurs. Fixes: 4731a72df273 ("drm/sun4i: request exact rates to our parents") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Acked-by: Maxime Ripard <maxime.ripard(a)bootlin.com> --- Changes in v2: - Add a comment to explain why we bail out after an overflow - Add Maxime ack - Use a goto instead of a break --- drivers/gpu/drm/sun4i/sun4i_dotclock.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/sun4i/sun4i_dotclock.c b/drivers/gpu/drm/sun4i/sun4i_dotclock.c index e36004fbe453..2a15f2f9271e 100644 --- a/drivers/gpu/drm/sun4i/sun4i_dotclock.c +++ b/drivers/gpu/drm/sun4i/sun4i_dotclock.c @@ -81,9 +81,19 @@ static long sun4i_dclk_round_rate(struct clk_hw *hw, unsigned long rate, int i; for (i = tcon->dclk_min_div; i <= tcon->dclk_max_div; i++) { - unsigned long ideal = rate * i; + u64 ideal = (u64)rate * i; unsigned long rounded; + /* + * ideal has overflowed the max value that can be stored in an + * unsigned long, and every clk operation we might do on a + * truncated u64 value will give us incorrect results. + * Let's just stop there since bigger dividers will result in + * the same overflow issue. + */ + if (ideal > ULONG_MAX) + goto out; + rounded = clk_hw_round_rate(clk_hw_get_parent(hw), ideal); -- 2.14.1

6 years, 8 months

2
1
0 0

patch "usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From e28fd56ad5273be67d0fae5bedc7e1680e729952 Mon Sep 17 00:00:00 2001 From: "Shuah Khan (Samsung OSG)" <shuah(a)kernel.org> Date: Thu, 18 Oct 2018 10:19:29 -0600 Subject: usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten In rmmod path, usbip_vudc does platform_device_put() twice once from platform_device_unregister() and then from put_vudc_device(). The second put results in: BUG kmalloc-2048 (Not tainted): Poison overwritten error or BUG: KASAN: use-after-free in kobject_put+0x1e/0x230 if KASAN is enabled. [ 169.042156] calling init+0x0/0x1000 [usbip_vudc] @ 1697 [ 169.042396] ============================================================================= [ 169.043678] probe of usbip-vudc.0 returned 1 after 350 usecs [ 169.044508] BUG kmalloc-2048 (Not tainted): Poison overwritten [ 169.044509] ----------------------------------------------------------------------------- ... [ 169.057849] INFO: Freed in device_release+0x2b/0x80 age=4223 cpu=3 pid=1693 [ 169.057852] kobject_put+0x86/0x1b0 [ 169.057853] 0xffffffffc0c30a96 [ 169.057855] __x64_sys_delete_module+0x157/0x240 Fix it to call platform_device_del() instead and let put_vudc_device() do the platform_device_put(). Reported-by: Randy Dunlap <rdunlap(a)infradead.org> Signed-off-by: Shuah Khan (Samsung OSG) <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/usbip/vudc_main.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/usb/usbip/vudc_main.c b/drivers/usb/usbip/vudc_main.c index 3fc22037a82f..390733e6937e 100644 --- a/drivers/usb/usbip/vudc_main.c +++ b/drivers/usb/usbip/vudc_main.c @@ -73,6 +73,10 @@ static int __init init(void) cleanup: list_for_each_entry_safe(udc_dev, udc_dev2, &vudc_devices, dev_entry) { list_del(&udc_dev->dev_entry); + /* + * Just do platform_device_del() here, put_vudc_device() + * calls the platform_device_put() + */ platform_device_del(udc_dev->pdev); put_vudc_device(udc_dev); } @@ -89,7 +93,11 @@ static void __exit cleanup(void) list_for_each_entry_safe(udc_dev, udc_dev2, &vudc_devices, dev_entry) { list_del(&udc_dev->dev_entry); - platform_device_unregister(udc_dev->pdev); + /* + * Just do platform_device_del() here, put_vudc_device() + * calls the platform_device_put() + */ + platform_device_del(udc_dev->pdev); put_vudc_device(udc_dev); } platform_driver_unregister(&vudc_driver); -- 2.19.1

6 years, 8 months

1
0
0 0

[PATCH] usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten

by Shuah Khan (Samsung OSG)

In rmmod path, usbip_vudc does platform_device_put() twice once from platform_device_unregister() and then from put_vudc_device(). The second put results in: BUG kmalloc-2048 (Not tainted): Poison overwritten error or BUG: KASAN: use-after-free in kobject_put+0x1e/0x230 if KASAN is enabled. [ 169.042156] calling init+0x0/0x1000 [usbip_vudc] @ 1697 [ 169.042396] ============================================================================= [ 169.043678] probe of usbip-vudc.0 returned 1 after 350 usecs [ 169.044508] BUG kmalloc-2048 (Not tainted): Poison overwritten [ 169.044509] ----------------------------------------------------------------------------- ... [ 169.057849] INFO: Freed in device_release+0x2b/0x80 age=4223 cpu=3 pid=1693 [ 169.057852] kobject_put+0x86/0x1b0 [ 169.057853] 0xffffffffc0c30a96 [ 169.057855] __x64_sys_delete_module+0x157/0x240 Fix it to call platform_device_del() instead and let put_vudc_device() do the platform_device_put(). Reported-by: Randy Dunlap <rdunlap(a)infradead.org> Signed-off-by: Shuah Khan (Samsung OSG) <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> --- drivers/usb/usbip/vudc_main.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/usb/usbip/vudc_main.c b/drivers/usb/usbip/vudc_main.c index 3fc22037a82f..390733e6937e 100644 --- a/drivers/usb/usbip/vudc_main.c +++ b/drivers/usb/usbip/vudc_main.c @@ -73,6 +73,10 @@ static int __init init(void) cleanup: list_for_each_entry_safe(udc_dev, udc_dev2, &vudc_devices, dev_entry) { list_del(&udc_dev->dev_entry); + /* + * Just do platform_device_del() here, put_vudc_device() + * calls the platform_device_put() + */ platform_device_del(udc_dev->pdev); put_vudc_device(udc_dev); } @@ -89,7 +93,11 @@ static void __exit cleanup(void) list_for_each_entry_safe(udc_dev, udc_dev2, &vudc_devices, dev_entry) { list_del(&udc_dev->dev_entry); - platform_device_unregister(udc_dev->pdev); + /* + * Just do platform_device_del() here, put_vudc_device() + * calls the platform_device_put() + */ + platform_device_del(udc_dev->pdev); put_vudc_device(udc_dev); } platform_driver_unregister(&vudc_driver); -- 2.17.0

6 years, 8 months

2
1
0 0

+ hugetlbfs-dirty-pages-as-they-are-added-to-pagecache.patch tentatively added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: hugetlbfs: dirty pages as they are added to pagecache has been added to the -mm tree. Its filename is hugetlbfs-dirty-pages-as-they-are-added-to-pagecache.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/hugetlbfs-dirty-pages-as-they-are-… and later at http://ozlabs.org/~akpm/mmotm/broken-out/hugetlbfs-dirty-pages-as-they-are-… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: hugetlbfs: dirty pages as they are added to pagecache Some test systems were experiencing negative huge page reserve counts and incorrect file block counts. This was traced to /proc/sys/vm/drop_caches removing clean pages from hugetlbfs file pagecaches. When non-hugetlbfs explicit code removes the pages, the appropriate accounting is not performed. This can be recreated as follows: fallocate -l 2M /dev/hugepages/foo echo 1 > /proc/sys/vm/drop_caches fallocate -l 2M /dev/hugepages/foo grep -i huge /proc/meminfo AnonHugePages: 0 kB ShmemHugePages: 0 kB HugePages_Total: 2048 HugePages_Free: 2047 HugePages_Rsvd: 18446744073709551615 HugePages_Surp: 0 Hugepagesize: 2048 kB Hugetlb: 4194304 kB ls -lsh /dev/hugepages/foo 4.0M -rw-r--r--. 1 root root 2.0M Oct 17 20:05 /dev/hugepages/foo To address this issue, dirty pages as they are added to pagecache. This can easily be reproduced with fallocate as shown above. Read faulted pages will eventually end up being marked dirty. But there is a window where they are clean and could be impacted by code such as drop_caches. So, just dirty them all as they are added to the pagecache. In addition, it makes little sense to even try to drop hugetlbfs pagecache pages, so disable calls to these filesystems in drop_caches code. Link: http://lkml.kernel.org/r/20181018041022.4529-1-mike.kravetz@oracle.com Fixes: 70c3547e36f5 ("hugetlbfs: add hugetlbfs_fallocate()") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)linux.vnet.ibm.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: "Kirill A . Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- --- a/fs/drop_caches.c~hugetlbfs-dirty-pages-as-they-are-added-to-pagecache +++ a/fs/drop_caches.c @@ -9,6 +9,7 @@ #include <linux/writeback.h> #include <linux/sysctl.h> #include <linux/gfp.h> +#include <linux/magic.h> #include "internal.h" /* A global variable is a bit ugly, but it keeps the code simple */ @@ -18,6 +19,12 @@ static void drop_pagecache_sb(struct sup { struct inode *inode, *toput_inode = NULL; + /* + * It makes no sense to try and drop hugetlbfs page cache pages. + */ + if (sb->s_magic == HUGETLBFS_MAGIC) + return; + spin_lock(&sb->s_inode_list_lock); list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { spin_lock(&inode->i_lock); --- a/mm/hugetlb.c~hugetlbfs-dirty-pages-as-they-are-added-to-pagecache +++ a/mm/hugetlb.c @@ -3690,6 +3690,12 @@ int huge_add_to_page_cache(struct page * return err; ClearPagePrivate(page); + /* + * set page dirty so that it will not be removed from cache/file + * by non-hugetlbfs specific code paths. + */ + set_page_dirty(page); + spin_lock(&inode->i_lock); inode->i_blocks += blocks_per_huge_page(h); spin_unlock(&inode->i_lock); _ Patches currently in -mm which might be from mike.kravetz(a)oracle.com are hugetlbfs-dirty-pages-as-they-are-added-to-pagecache.patch

6 years, 8 months

1
0
0 0

Re: Patch "RISC-V: include linux/ftrace.h in asm-prototypes.h" has been added to the 4.4-stable tree

by Palmer Dabbelt

On Thu, 18 Oct 2018 11:23:12 PDT (-0700), merker(a)debian.org wrote: > On Thu, Oct 18, 2018 at 11:13:02AM +0200, gregkh(a)linuxfoundation.org wrote: >> >> This is a note to let you know that I've just added the patch titled >> >> RISC-V: include linux/ftrace.h in asm-prototypes.h >> >> to the 4.4-stable tree which can be found at: >> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… >> >> The filename of the patch is: >> risc-v-include-linux-ftrace.h-in-asm-prototypes.h.patch >> and it can be found in the queue-4.4 subdirectory. >> >> If you, or anyone else, feels it should not be added to the stable tree, >> please let <stable(a)vger.kernel.org> know about it. > [...] >> From: James Cowgill <jcowgill(a)debian.org> >> Date: Thu, 6 Sep 2018 22:57:56 +0100 >> Subject: RISC-V: include linux/ftrace.h in asm-prototypes.h >> >> From: James Cowgill <jcowgill(a)debian.org> >> >> [ Upstream commit 57a489786de9ec37d6e25ef1305dc337047f0236 ] > > I guess it doesn't make much sense to add this patch to the 4.4 > and 3.18 stable trees. The patch creates an arch-specific header > (arch/riscv/include/asm/asm-prototypes.h), but the first mainline > kernel with support for the RISC-V architecture has been kernel > 4.15. I agree.

6 years, 8 months

1
0
0 0

[4.4.y v2] ext4: avoid running out of journal credits when appending to an inline file

by Chenbo Feng

From: Theodore Ts'o <tytso(a)mit.edu> commit 8bc1379b82b8e809eef77a9fedbb75c6c297be19 upstream. Use a separate journal transaction if it turns out that we need to convert an inline file to use an data block. Otherwise we could end up failing due to not having journal credits. This addresses CVE-2018-10883. https://bugzilla.kernel.org/show_bug.cgi?id=200071 Change-Id: Ifbe92e379f7a25fb252a2584356ccb91f902ea8f Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)kernel.org [fengc(a)google.com: 4.4 and 4.9 backport: adjust context] Signed-off-by: Chenbo Feng <fengc(a)google.com> --- fs/ext4/ext4.h | 3 --- fs/ext4/inline.c | 38 +------------------------------------- fs/ext4/xattr.c | 18 ++---------------- 3 files changed, 3 insertions(+), 56 deletions(-) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index f5d9f82b173a..b6e25d771eea 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -3039,9 +3039,6 @@ extern struct buffer_head *ext4_get_first_inline_block(struct inode *inode, extern int ext4_inline_data_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, int *has_inline, __u64 start, __u64 len); -extern int ext4_try_to_evict_inline_data(handle_t *handle, - struct inode *inode, - int needed); extern void ext4_inline_data_truncate(struct inode *inode, int *has_inline); extern int ext4_convert_inline_data(struct inode *inode); diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c index 1e7a9774119c..5ead3b0f3d34 100644 --- a/fs/ext4/inline.c +++ b/fs/ext4/inline.c @@ -888,11 +888,11 @@ retry_journal: flags |= AOP_FLAG_NOFS; if (ret == -ENOSPC) { + ext4_journal_stop(handle); ret = ext4_da_convert_inline_data_to_extent(mapping, inode, flags, fsdata); - ext4_journal_stop(handle); if (ret == -ENOSPC && ext4_should_retry_alloc(inode->i_sb, &retries)) goto retry_journal; @@ -1867,42 +1867,6 @@ out: return (error < 0 ? error : 0); } -/* - * Called during xattr set, and if we can sparse space 'needed', - * just create the extent tree evict the data to the outer block. - * - * We use jbd2 instead of page cache to move data to the 1st block - * so that the whole transaction can be committed as a whole and - * the data isn't lost because of the delayed page cache write. - */ -int ext4_try_to_evict_inline_data(handle_t *handle, - struct inode *inode, - int needed) -{ - int error; - struct ext4_xattr_entry *entry; - struct ext4_inode *raw_inode; - struct ext4_iloc iloc; - - error = ext4_get_inode_loc(inode, &iloc); - if (error) - return error; - - raw_inode = ext4_raw_inode(&iloc); - entry = (struct ext4_xattr_entry *)((void *)raw_inode + - EXT4_I(inode)->i_inline_off); - if (EXT4_XATTR_LEN(entry->e_name_len) + - EXT4_XATTR_SIZE(le32_to_cpu(entry->e_value_size)) < needed) { - error = -ENOSPC; - goto out; - } - - error = ext4_convert_inline_data_nolock(handle, inode, &iloc); -out: - brelse(iloc.bh); - return error; -} - void ext4_inline_data_truncate(struct inode *inode, int *has_inline) { handle_t *handle; diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index b51bb73b06a6..b555b5ee0839 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -1038,22 +1038,8 @@ int ext4_xattr_ibody_inline_set(handle_t *handle, struct inode *inode, if (EXT4_I(inode)->i_extra_isize == 0) return -ENOSPC; error = ext4_xattr_set_entry(i, s); - if (error) { - if (error == -ENOSPC && - ext4_has_inline_data(inode)) { - error = ext4_try_to_evict_inline_data(handle, inode, - EXT4_XATTR_LEN(strlen(i->name) + - EXT4_XATTR_SIZE(i->value_len))); - if (error) - return error; - error = ext4_xattr_ibody_find(inode, i, is); - if (error) - return error; - error = ext4_xattr_set_entry(i, s); - } - if (error) - return error; - } + if (error) + return error; header = IHDR(inode, ext4_raw_inode(&is->iloc)); if (!IS_LAST_ENTRY(s->first)) { header->h_magic = cpu_to_le32(EXT4_XATTR_MAGIC); -- 2.19.0.605.g01d371f741-goog

6 years, 8 months

2
5
0 0

[PATCH 0/4] [for linux-4.4.y only] Hyper-V: backport 4 KVP fixes

by Dexuan Cui

Recently Wang Jian reported some KVP issues on the v4.4 kernel: https://github.com/LIS/lis-next/issues/593: e.g. the /var/lib/hyperv/.kvp_pool_* files can not be updated, and sometimes if the hv_kvp_daemon doesn't timely start, the host may not be able to query the VM's IP address via KVP. I identified these 4 mainline patches to fix the issues. The patches can be applied cleanly to the latest 4.4.y branch (currently it's v4.4.161). The first 3 are simply cherry-picked from the mainline, and the 4th has to be reworked for the v4.4 kernel. Wang Jian tested the 4 patches, and the issues can be fixed. I also did some tests and found no regression. Thanks! -- Dexuan K. Y. Srinivasan (2): Drivers: hv: utils: Invoke the poll function after handshake Drivers: hv: util: Pass the channel information during the init call Long Li (1): -- Reworked by Dexuan HV: properly delay KVP packets when negotiation is in progress Vitaly Kuznetsov (1): Drivers: hv: kvp: fix IP Failover drivers/hv/hv_fcopy.c | 2 +- drivers/hv/hv_kvp.c | 40 +++++++++++++++++++++++++++++++++++++--- drivers/hv/hv_snapshot.c | 4 ++-- drivers/hv/hv_util.c | 1 + drivers/hv/hyperv_vmbus.h | 5 +++++ include/linux/hyperv.h | 1 + 6 files changed, 47 insertions(+), 6 deletions(-) -- 2.7.4

6 years, 8 months

2
2
0 0

[PATCH 4/4] [for linux-4.4.y only] HV: properly delay KVP packets when negotiation is in progress

by Dexuan Cui

The host may send multiple negotiation packets (due to timeout) before the KVP user-mode daemon is connected. KVP user-mode daemon is connected. We need to defer processing those packets until the daemon is negotiated and connected. It's okay for guest to respond to all negotiation packets. In addition, the host may send multiple staged KVP requests as soon as negotiation is done. We need to properly process those packets using one tasklet for exclusive access to ring buffer. This patch is based on the work of Nick Meier <Nick.Meier(a)microsoft.com>. Signed-off-by: Long Li <longli(a)microsoft.com> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> The above is the original changelog of a3ade8cc474d ("HV: properly delay KVP packets when negotiation is in progress" Here I re-worked the original patch because the mainline version can't work for the linux-4.4.y branch, on which channel->callback_event doesn't exist yet. In the mainline, channel->callback_event was added by: 631e63a9f346 ("vmbus: change to per channel tasklet"). Here we don't want to backport it to v4.4, as it requires extra supporting changes and fixes, which are unnecessary as to the KVP bug we're trying to resolve. NOTE: before this patch is used, we should cherry-pick the other related 3 patches from the mainline first: The background of this backport request is that: recently Wang Jian reported some KVP issues: https://github.com/LIS/lis-next/issues/593: e.g. the /var/lib/hyperv/.kvp_pool_* files can not be updated, and sometimes if the hv_kvp_daemon doesn't timely start, the host may not be able to query the VM's IP address via KVP. Reported-by: Wang Jian <jianjian.wang1(a)gmail.com> Tested-by: Wang Jian <jianjian.wang1(a)gmail.com> Signed-off-by: Dexuan Cui <decui(a)microsoft.com> --- This is re-worked by me from the mainline: a3ade8cc474d ("HV: properly delay KVP packets when negotiation is in progress" I added my Signed-off-by as I identified and tested the patches. If this is unnecessary, please feel free to remove it. drivers/hv/hv_kvp.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index ff0a426..1771a96 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -612,21 +612,22 @@ void hv_kvp_onchannelcallback(void *context) NEGO_IN_PROGRESS, NEGO_FINISHED} host_negotiatied = NEGO_NOT_STARTED; - if (host_negotiatied == NEGO_NOT_STARTED && - kvp_transaction.state < HVUTIL_READY) { + if (kvp_transaction.state < HVUTIL_READY) { /* * If userspace daemon is not connected and host is asking * us to negotiate we need to delay to not lose messages. * This is important for Failover IP setting. */ - host_negotiatied = NEGO_IN_PROGRESS; - schedule_delayed_work(&kvp_host_handshake_work, + if (host_negotiatied == NEGO_NOT_STARTED) { + host_negotiatied = NEGO_IN_PROGRESS; + schedule_delayed_work(&kvp_host_handshake_work, HV_UTIL_NEGO_TIMEOUT * HZ); + } return; } if (kvp_transaction.state > HVUTIL_READY) return; - +recheck: vmbus_recvpacket(channel, recv_buffer, PAGE_SIZE * 4, &recvlen, &requestid); @@ -703,6 +704,8 @@ void hv_kvp_onchannelcallback(void *context) VM_PKT_DATA_INBAND, 0); host_negotiatied = NEGO_FINISHED; + + goto recheck; } } -- 2.7.4

6 years, 8 months

2
2
0 0

[4.9.y v3] ext4: avoid running out of journal credits when appending to an inline file

by Chenbo Feng

From: Theodore Ts'o <tytso(a)mit.edu> commit 8bc1379b82b8e809eef77a9fedbb75c6c297be19 upstream. Use a separate journal transaction if it turns out that we need to convert an inline file to use an data block. Otherwise we could end up failing due to not having journal credits. This addresses CVE-2018-10883. https://bugzilla.kernel.org/show_bug.cgi?id=200071 Change-Id: Ifbe92e379f7a25fb252a2584356ccb91f902ea8f Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)kernel.org [fengc(a)google.com: 4.4 and 4.9 backport: adjust context] Signed-off-by: Chenbo Feng <fengc(a)google.com> --- fs/ext4/ext4.h | 3 --- fs/ext4/inline.c | 38 +------------------------------------- fs/ext4/xattr.c | 18 ++---------------- 3 files changed, 3 insertions(+), 56 deletions(-) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index 43e27d8ec770..567a6c7af677 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -3038,9 +3038,6 @@ extern struct buffer_head *ext4_get_first_inline_block(struct inode *inode, extern int ext4_inline_data_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, int *has_inline, __u64 start, __u64 len); -extern int ext4_try_to_evict_inline_data(handle_t *handle, - struct inode *inode, - int needed); extern void ext4_inline_data_truncate(struct inode *inode, int *has_inline); extern int ext4_convert_inline_data(struct inode *inode); diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c index 211539a7adfc..6779a9f1de3b 100644 --- a/fs/ext4/inline.c +++ b/fs/ext4/inline.c @@ -889,11 +889,11 @@ int ext4_da_write_inline_data_begin(struct address_space *mapping, flags |= AOP_FLAG_NOFS; if (ret == -ENOSPC) { + ext4_journal_stop(handle); ret = ext4_da_convert_inline_data_to_extent(mapping, inode, flags, fsdata); - ext4_journal_stop(handle); if (ret == -ENOSPC && ext4_should_retry_alloc(inode->i_sb, &retries)) goto retry_journal; @@ -1865,42 +1865,6 @@ int ext4_inline_data_fiemap(struct inode *inode, return (error < 0 ? error : 0); } -/* - * Called during xattr set, and if we can sparse space 'needed', - * just create the extent tree evict the data to the outer block. - * - * We use jbd2 instead of page cache to move data to the 1st block - * so that the whole transaction can be committed as a whole and - * the data isn't lost because of the delayed page cache write. - */ -int ext4_try_to_evict_inline_data(handle_t *handle, - struct inode *inode, - int needed) -{ - int error; - struct ext4_xattr_entry *entry; - struct ext4_inode *raw_inode; - struct ext4_iloc iloc; - - error = ext4_get_inode_loc(inode, &iloc); - if (error) - return error; - - raw_inode = ext4_raw_inode(&iloc); - entry = (struct ext4_xattr_entry *)((void *)raw_inode + - EXT4_I(inode)->i_inline_off); - if (EXT4_XATTR_LEN(entry->e_name_len) + - EXT4_XATTR_SIZE(le32_to_cpu(entry->e_value_size)) < needed) { - error = -ENOSPC; - goto out; - } - - error = ext4_convert_inline_data_nolock(handle, inode, &iloc); -out: - brelse(iloc.bh); - return error; -} - void ext4_inline_data_truncate(struct inode *inode, int *has_inline) { handle_t *handle; diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index c10180d0b018..d6d59b92da6d 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -1086,22 +1086,8 @@ int ext4_xattr_ibody_inline_set(handle_t *handle, struct inode *inode, if (EXT4_I(inode)->i_extra_isize == 0) return -ENOSPC; error = ext4_xattr_set_entry(i, s, inode); - if (error) { - if (error == -ENOSPC && - ext4_has_inline_data(inode)) { - error = ext4_try_to_evict_inline_data(handle, inode, - EXT4_XATTR_LEN(strlen(i->name) + - EXT4_XATTR_SIZE(i->value_len))); - if (error) - return error; - error = ext4_xattr_ibody_find(inode, i, is); - if (error) - return error; - error = ext4_xattr_set_entry(i, s, inode); - } - if (error) - return error; - } + if (error) + return error; header = IHDR(inode, ext4_raw_inode(&is->iloc)); if (!IS_LAST_ENTRY(s->first)) { header->h_magic = cpu_to_le32(EXT4_XATTR_MAGIC); -- 2.19.1.331.ge82ca0e54c-goog

6 years, 8 months

2
1
0 0

[PATCH 4.9 v2 0/4] Fix softirq time accounting issues on 4.9

by Ivan Delalande

Hi Greg, This series fixes issues we've seen with softirq time accounting in 4.9: - when ksoftirqd is running at 100% on a CPU, none of the values reported by /proc/stat for that CPU will change, sometimes for dozens of seconds, - large deviations in the total number of ticks accumulated over a fixed time for a CPU, probably because of the first issue hitting for shorter periods. We found out that something pretty similar had been reported 9 months ago, see the reference link below. In that discussion, Rabin Vincent had made a 4.9 specific patch which fixes our first issue, but we were still seeing some deviation from the total number of ticks (up to 1.7% from expected, where we had only 0.2% on older kernels), and you had also asked for a direct backport from the mainline series, if possible. As mentioned in that thread, a lot of changes (probably 50+) went into 4.11 to remove cputime, but we could get something working with only the 4 attached patches to fix these two issues. Three of these patches apply without change, and the second one in the series ("sched/cputime: Convert kcpustat to nsecs") needed a minor change as a cast had been added in 527b0a76f41d ("sched/cpuacct: Avoid %lld seq_printf warning") to fix a build warning on s390. I guess we could also include that patch in this series, let me know if this is the preferred way to handle this. We ran our tests on 3.18, 4.4 and 4.9 and confirmed that only 4.9 would need this series, and that this series indeed restores the behavior we were seeing on those older kernels. Thanks! Reference: http://lkml.kernel.org/r/%3C1513159876-5125-1-git-send-email-rabin.vincent@… v2: - drop "time: Introduce jiffies64_to_nsecs()" as it has already been merged into v4.9.132, - include backport of commit 564b733c899f ("macintosh/rack-meter: Convert cputime64_t use to u64") to avoid introducing a build failure on powerpc. Frederic Weisbecker (4): sched/cputime: Convert kcpustat to nsecs macintosh/rack-meter: Convert cputime64_t use to u64 sched/cputime: Increment kcpustat directly on irqtime account sched/cputime: Fix ksoftirqd cputime accounting regression arch/s390/appldata/appldata_os.c | 16 +++---- drivers/cpufreq/cpufreq.c | 6 +-- drivers/cpufreq/cpufreq_governor.c | 2 +- drivers/cpufreq/cpufreq_stats.c | 1 - drivers/macintosh/rack-meter.c | 28 +++++------ fs/proc/stat.c | 68 +++++++++++++-------------- fs/proc/uptime.c | 7 +-- kernel/sched/cpuacct.c | 2 +- kernel/sched/cputime.c | 75 +++++++++++++----------------- kernel/sched/sched.h | 12 +++-- 10 files changed, 104 insertions(+), 113 deletions(-) -- 2.19.1

6 years, 8 months

2
5
0 0

request for 4.14-stable: 2b16fd63059a ("i2c: rcar: handle RXDMA HW behaviour on Gen3")

by Sudip Mukherjee

Hi Greg, This was missing in 4.14-stable. Please apply to your queue. -- Regards Sudip

6 years, 8 months

2
1
0 0

request for 4.14-stable: 0ca9488193e6 ("drm/i915/glk: Add Quirk for GLK NUC HDMI port issues.")

by Sudip Mukherjee

Hi Greg, This was missing in 4.14-stable. Please apply to your queue. -- Regards Sudip

6 years, 8 months

2
1
0 0

request for 4.14-stable: 15d36fecd0bd ("mm: disallow mappings that conflict for devm_memremap_pages()")

by Sudip Mukherjee

Hi Greg, This was missing in 4.14-stable. Please apply to your queue. -- Regards Sudip

6 years, 8 months

2
1
0 0

request for 4.14-stable: 2f7caf6b0214 ("staging: ccree: check DMA pool buf !NULL before free")

by Sudip Mukherjee

Hi Greg, This was missing in 4.14-stable. Please apply to your queue. -- Regards Sudip

6 years, 8 months

2
1
0 0

FAILED: patch "[PATCH] drm/i915: Nuke the LVDS lid notifier" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 05c72e77ccda89ff624108b1b59a0fc43843f343 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 17 Jul 2018 20:42:14 +0300 Subject: [PATCH] drm/i915: Nuke the LVDS lid notifier MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We broke the LVDS notifier resume thing in (presumably) commit e2c8b8701e2d ("drm/i915: Use atomic helpers for suspend, v2.") as we no longer duplicate the current state in the LVDS notifier and thus we never resume it properly either. Instead of trying to fix it again let's just kill off the lid notifier entirely. None of the machines tested thus far have apparently needed it. Originally the lid notifier was added to work around cases where the VBIOS was clobbering some of the hardware state behind the driver's back, mostly on Thinkpads. We now have a few report of Thinkpads working just fine without the notifier. So maybe it was misdiagnosed originally, or something else has changed (ACPI video stuff perhaps?). If we do end up finding a machine where the VBIOS is still causing problems I would suggest that we first try setting various bits in the VBIOS scratch registers. There are several to choose from that may instruct the VBIOS to steer clear. With the notifier gone we'll also stop looking at the panel status in ->detect(). v2: Nuke enum modeset_restore (Rodrigo) Cc: stable(a)vger.kernel.org Cc: Wolfgang Draxinger <wdraxinger.maillist(a)draxit.de> Cc: Vito Caputo <vcaputo(a)pengaru.com> Cc: kitsunyan <kitsunyan(a)airmail.cc> Cc: Joonas Saarinen <jza(a)saunalahti.fi> Tested-by: Vito Caputo <vcaputo(a)pengaru.com> # Thinkapd X61s Tested-by: kitsunyan <kitsunyan(a)airmail.cc> # ThinkPad X200 Tested-by: Joonas Saarinen <jza(a)saunalahti.fi> # Fujitsu Siemens U9210 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105902 References: https://lists.freedesktop.org/archives/intel-gfx/2018-June/169315.html References: https://bugs.freedesktop.org/show_bug.cgi?id=21230 Fixes: e2c8b8701e2d ("drm/i915: Use atomic helpers for suspend, v2.") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180717174216.22252-1-ville.… Reviewed-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c index 337b1aad5212..343e79a44abd 100644 --- a/drivers/gpu/drm/i915/i915_drv.c +++ b/drivers/gpu/drm/i915/i915_drv.c @@ -900,7 +900,6 @@ static int i915_driver_init_early(struct drm_i915_private *dev_priv, spin_lock_init(&dev_priv->uncore.lock); mutex_init(&dev_priv->sb_lock); - mutex_init(&dev_priv->modeset_restore_lock); mutex_init(&dev_priv->av_mutex); mutex_init(&dev_priv->wm.wm_mutex); mutex_init(&dev_priv->pps_mutex); @@ -1570,11 +1569,6 @@ static int i915_drm_suspend(struct drm_device *dev) struct pci_dev *pdev = dev_priv->drm.pdev; pci_power_t opregion_target_state; - /* ignore lid events during suspend */ - mutex_lock(&dev_priv->modeset_restore_lock); - dev_priv->modeset_restore = MODESET_SUSPENDED; - mutex_unlock(&dev_priv->modeset_restore_lock); - disable_rpm_wakeref_asserts(dev_priv); /* We do a lot of poking in a lot of registers, make sure they work @@ -1770,10 +1764,6 @@ static int i915_drm_resume(struct drm_device *dev) intel_fbdev_set_suspend(dev, FBINFO_STATE_RUNNING, false); - mutex_lock(&dev_priv->modeset_restore_lock); - dev_priv->modeset_restore = MODESET_DONE; - mutex_unlock(&dev_priv->modeset_restore_lock); - intel_opregion_notify_adapter(dev_priv, PCI_D0); enable_rpm_wakeref_asserts(dev_priv); diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h index 08d4303abb14..995656f51b57 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h @@ -1002,12 +1002,6 @@ struct i915_gem_mm { #define I915_ENGINE_WEDGED_TIMEOUT (60 * HZ) /* Reset but no recovery? */ -enum modeset_restore { - MODESET_ON_LID_OPEN, - MODESET_DONE, - MODESET_SUSPENDED, -}; - #define DP_AUX_A 0x40 #define DP_AUX_B 0x10 #define DP_AUX_C 0x20 @@ -1730,8 +1724,6 @@ struct drm_i915_private { unsigned long quirks; - enum modeset_restore modeset_restore; - struct mutex modeset_restore_lock; struct drm_atomic_state *modeset_restore_state; struct drm_modeset_acquire_ctx reset_ctx; diff --git a/drivers/gpu/drm/i915/intel_lvds.c b/drivers/gpu/drm/i915/intel_lvds.c index bb06744d28a4..a35404119257 100644 --- a/drivers/gpu/drm/i915/intel_lvds.c +++ b/drivers/gpu/drm/i915/intel_lvds.c @@ -44,8 +44,6 @@ /* Private structure for the integrated LVDS support */ struct intel_lvds_connector { struct intel_connector base; - - struct notifier_block lid_notifier; }; struct intel_lvds_pps { @@ -452,26 +450,9 @@ static bool intel_lvds_compute_config(struct intel_encoder *intel_encoder, return true; } -/* - * Detect the LVDS connection. - * - * Since LVDS doesn't have hotlug, we use the lid as a proxy. Open means - * connected and closed means disconnected. We also send hotplug events as - * needed, using lid status notification from the input layer. - */ static enum drm_connector_status intel_lvds_detect(struct drm_connector *connector, bool force) { - struct drm_i915_private *dev_priv = to_i915(connector->dev); - enum drm_connector_status status; - - DRM_DEBUG_KMS("[CONNECTOR:%d:%s]\n", - connector->base.id, connector->name); - - status = intel_panel_detect(dev_priv); - if (status != connector_status_unknown) - return status; - return connector_status_connected; } @@ -496,117 +477,6 @@ static int intel_lvds_get_modes(struct drm_connector *connector) return 1; } -static int intel_no_modeset_on_lid_dmi_callback(const struct dmi_system_id *id) -{ - DRM_INFO("Skipping forced modeset for %s\n", id->ident); - return 1; -} - -/* The GPU hangs up on these systems if modeset is performed on LID open */ -static const struct dmi_system_id intel_no_modeset_on_lid[] = { - { - .callback = intel_no_modeset_on_lid_dmi_callback, - .ident = "Toshiba Tecra A11", - .matches = { - DMI_MATCH(DMI_SYS_VENDOR, "TOSHIBA"), - DMI_MATCH(DMI_PRODUCT_NAME, "TECRA A11"), - }, - }, - - { } /* terminating entry */ -}; - -/* - * Lid events. Note the use of 'modeset': - * - we set it to MODESET_ON_LID_OPEN on lid close, - * and set it to MODESET_DONE on open - * - we use it as a "only once" bit (ie we ignore - * duplicate events where it was already properly set) - * - the suspend/resume paths will set it to - * MODESET_SUSPENDED and ignore the lid open event, - * because they restore the mode ("lid open"). - */ -static int intel_lid_notify(struct notifier_block *nb, unsigned long val, - void *unused) -{ - struct intel_lvds_connector *lvds_connector = - container_of(nb, struct intel_lvds_connector, lid_notifier); - struct drm_connector *connector = &lvds_connector->base.base; - struct drm_device *dev = connector->dev; - struct drm_i915_private *dev_priv = to_i915(dev); - - if (dev->switch_power_state != DRM_SWITCH_POWER_ON) - return NOTIFY_OK; - - mutex_lock(&dev_priv->modeset_restore_lock); - if (dev_priv->modeset_restore == MODESET_SUSPENDED) - goto exit; - /* - * check and update the status of LVDS connector after receiving - * the LID nofication event. - */ - connector->status = connector->funcs->detect(connector, false); - - /* Don't force modeset on machines where it causes a GPU lockup */ - if (dmi_check_system(intel_no_modeset_on_lid)) - goto exit; - if (!acpi_lid_open()) { - /* do modeset on next lid open event */ - dev_priv->modeset_restore = MODESET_ON_LID_OPEN; - goto exit; - } - - if (dev_priv->modeset_restore == MODESET_DONE) - goto exit; - - /* - * Some old platform's BIOS love to wreak havoc while the lid is closed. - * We try to detect this here and undo any damage. The split for PCH - * platforms is rather conservative and a bit arbitrary expect that on - * those platforms VGA disabling requires actual legacy VGA I/O access, - * and as part of the cleanup in the hw state restore we also redisable - * the vga plane. - */ - if (!HAS_PCH_SPLIT(dev_priv)) - intel_display_resume(dev); - - dev_priv->modeset_restore = MODESET_DONE; - -exit: - mutex_unlock(&dev_priv->modeset_restore_lock); - return NOTIFY_OK; -} - -static int -intel_lvds_connector_register(struct drm_connector *connector) -{ - struct intel_lvds_connector *lvds = to_lvds_connector(connector); - int ret; - - ret = intel_connector_register(connector); - if (ret) - return ret; - - lvds->lid_notifier.notifier_call = intel_lid_notify; - if (acpi_lid_notifier_register(&lvds->lid_notifier)) { - DRM_DEBUG_KMS("lid notifier registration failed\n"); - lvds->lid_notifier.notifier_call = NULL; - } - - return 0; -} - -static void -intel_lvds_connector_unregister(struct drm_connector *connector) -{ - struct intel_lvds_connector *lvds = to_lvds_connector(connector); - - if (lvds->lid_notifier.notifier_call) - acpi_lid_notifier_unregister(&lvds->lid_notifier); - - intel_connector_unregister(connector); -} - /** * intel_lvds_destroy - unregister and free LVDS structures * @connector: connector to free @@ -639,8 +509,8 @@ static const struct drm_connector_funcs intel_lvds_connector_funcs = { .fill_modes = drm_helper_probe_single_connector_modes, .atomic_get_property = intel_digital_connector_atomic_get_property, .atomic_set_property = intel_digital_connector_atomic_set_property, - .late_register = intel_lvds_connector_register, - .early_unregister = intel_lvds_connector_unregister, + .late_register = intel_connector_register, + .early_unregister = intel_connector_unregister, .destroy = intel_lvds_destroy, .atomic_destroy_state = drm_atomic_helper_connector_destroy_state, .atomic_duplicate_state = intel_digital_connector_duplicate_state, @@ -1114,8 +984,6 @@ void intel_lvds_init(struct drm_i915_private *dev_priv) * 2) check for VBT data * 3) check to see if LVDS is already on * if none of the above, no panel - * 4) make sure lid is open - * if closed, act like it's not there for now */ /*

6 years, 8 months

3
2
0 0

patch "usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 55a9300cea58007741f7d6b4b132e37d84a4329e Mon Sep 17 00:00:00 2001 From: "Shuah Khan (Samsung OSG)" <shuah(a)kernel.org> Date: Thu, 18 Oct 2018 10:19:29 -0600 Subject: usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten In rmmod path, usbip_vudc does platform_device_put() twice once from platform_device_unregister() and then from put_vudc_device(). The second put results in: BUG kmalloc-2048 (Not tainted): Poison overwritten error or BUG: KASAN: use-after-free in kobject_put+0x1e/0x230 if KASAN is enabled. [ 169.042156] calling init+0x0/0x1000 [usbip_vudc] @ 1697 [ 169.042396] ============================================================================= [ 169.043678] probe of usbip-vudc.0 returned 1 after 350 usecs [ 169.044508] BUG kmalloc-2048 (Not tainted): Poison overwritten [ 169.044509] ----------------------------------------------------------------------------- ... [ 169.057849] INFO: Freed in device_release+0x2b/0x80 age=4223 cpu=3 pid=1693 [ 169.057852] kobject_put+0x86/0x1b0 [ 169.057853] 0xffffffffc0c30a96 [ 169.057855] __x64_sys_delete_module+0x157/0x240 Fix it to call platform_device_del() instead and let put_vudc_device() do the platform_device_put(). Reported-by: Randy Dunlap <rdunlap(a)infradead.org> Signed-off-by: Shuah Khan (Samsung OSG) <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/usbip/vudc_main.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/usb/usbip/vudc_main.c b/drivers/usb/usbip/vudc_main.c index 3fc22037a82f..390733e6937e 100644 --- a/drivers/usb/usbip/vudc_main.c +++ b/drivers/usb/usbip/vudc_main.c @@ -73,6 +73,10 @@ static int __init init(void) cleanup: list_for_each_entry_safe(udc_dev, udc_dev2, &vudc_devices, dev_entry) { list_del(&udc_dev->dev_entry); + /* + * Just do platform_device_del() here, put_vudc_device() + * calls the platform_device_put() + */ platform_device_del(udc_dev->pdev); put_vudc_device(udc_dev); } @@ -89,7 +93,11 @@ static void __exit cleanup(void) list_for_each_entry_safe(udc_dev, udc_dev2, &vudc_devices, dev_entry) { list_del(&udc_dev->dev_entry); - platform_device_unregister(udc_dev->pdev); + /* + * Just do platform_device_del() here, put_vudc_device() + * calls the platform_device_put() + */ + platform_device_del(udc_dev->pdev); put_vudc_device(udc_dev); } platform_driver_unregister(&vudc_driver); -- 2.19.1

6 years, 8 months

1
0
0 0

[PATCH v3 00/30] backport of IP fragmentation fixes

by Stephen Hemminger

Took the set of patches from 4.19 to handle IP fragmentation DoS and applied them against 4.14.69. Most of these are from Eric. In a couple case, it required some manual merge conflict resolution. Tested normal IP fragmentation with iperf3 and malicious IP fragments with fragmentsmack. Under fragmentation attack (700Kpps) the original 4.14.69 consumes 97% CPU; with this patch it drops to 5%. v3 - send to wider audience v2 - added patch from 4.19 linux-next to fix ip fragmentation crash Dan Carpenter (1): ipv4: frags: precedence bug in ip_expire() Eric Dumazet (22): inet: frags: change inet_frags_init_net() return value inet: frags: add a pointer to struct netns_frags inet: frags: refactor ipfrag_init() inet: frags: refactor ipv6_frag_init() inet: frags: refactor lowpan_net_frag_init() ipv6: export ip6 fragments sysctl to unprivileged users rhashtable: add schedule points inet: frags: use rhashtables for reassembly units inet: frags: remove some helpers inet: frags: get rif of inet_frag_evicting() inet: frags: remove inet_frag_maybe_warn_overflow() inet: frags: break the 2GB limit for frags storage inet: frags: do not clone skb in ip_expire() ipv6: frags: rewrite ip6_expire_frag_queue() rhashtable: reorganize struct rhashtable layout inet: frags: reorganize struct netns_frags inet: frags: get rid of ipfrag_skb_cb/FRAG_CB inet: frags: fix ip6frag_low_thresh boundary net: speed up skb_rbtree_purge() net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends net: add rb_to_skb() and other rb tree helpers net: sk_buff rbnode reorg Florian Westphal (1): ipv6: defrag: drop non-last frags smaller than min mtu Kees Cook (1): inet: frags: Convert timers to use timer_setup() Peter Oskolkov (4): ip: discard IPv4 datagrams with overlapping segments. net: modify skb_rbtree_purge to return the truesize of all purged skbs. ip: add helpers to process in-order fragments faster. ip: process in-order fragments efficiently Taehee Yoo (1): ip: frags: fix crash in ip_do_fragment() Documentation/networking/ip-sysctl.txt | 13 +- include/linux/rhashtable.h | 8 +- include/linux/skbuff.h | 50 +- include/net/inet_frag.h | 135 +++--- include/net/ip.h | 1 - include/net/ipv6.h | 26 +- include/uapi/linux/snmp.h | 1 + lib/rhashtable.c | 2 + net/core/skbuff.c | 31 +- net/ieee802154/6lowpan/6lowpan_i.h | 26 +- net/ieee802154/6lowpan/reassembly.c | 153 ++++--- net/ipv4/inet_fragment.c | 378 ++++------------ net/ipv4/ip_fragment.c | 578 +++++++++++++----------- net/ipv4/proc.c | 7 +- net/ipv4/tcp_fastopen.c | 8 +- net/ipv4/tcp_input.c | 33 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 105 ++--- net/ipv6/proc.c | 5 +- net/ipv6/reassembly.c | 217 ++++----- net/sched/sch_netem.c | 14 +- 20 files changed, 802 insertions(+), 989 deletions(-) -- 2.18.0

6 years, 8 months

3
32
0 0

[GIT PULL] commits for Linux 4.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit e7d199e92956587695510d147c8de795f944cec9: Linux 4.18.14 (2018-10-13 09:33:17 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.18-16102018 for you to fetch changes up to c8e6deb507081660532500fb97cf8901a582d8f5: x86/boot: Fix kexec booting failure in the SEV bit detection code (2018-10-15 18:01:55 -0400) - ---------------------------------------------------------------- for-greg-4.18-16102018 - ---------------------------------------------------------------- Alaa Hleihel (1): net/mlx5: Check for SQ and not RQ state when modifying hairpin SQ Alexander Shishkin (1): intel_th: pci: Add Ice Lake PCH support Alexandru Gheorghe (1): drm: mali-dp: Call drm_crtc_vblank_reset on device init Andreas Schwab (1): Input: atakbd - fix Atari keymap Antoine Tenart (2): net: mvpp2: fix a txq_done race condition net: mscc: fix the frame extraction into the skb Arindam Nath (1): iommu/amd: Return devid as alias for ACPI HID devices Christian Lamparter (1): net: emac: fix fixed-link setup for the RTL8363SB switch Daniel Kurtz (1): pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type Davide Caratti (1): bnxt_en: don't try to offload VLAN 'modify' action Friedemann Gerold (1): net: aquantia: memory corruption on jumbo frames Heiko Stuebner (1): iommu/rockchip: Free irqs in shutdown handler James Cowgill (1): RISC-V: include linux/ftrace.h in asm-prototypes.h James Smart (1): scsi: lpfc: Synchronize access to remoteport via rport Jisheng Zhang (1): PCI: dwc: Fix scheduling while atomic issues Johannes Thumshirn (1): scsi: sd: don't crash the host on invalid commands John Fastabend (3): bpf: sockmap only allow ESTABLISHED sock state bpf: sockmap, fix transition through disconnect without close bpf: test_maps, only support ESTABLISHED socks Jose Abreu (2): net: stmmac: Rework coalesce timer and fix multi-queue races net: stmmac: Fixup the tail addr setting in xmit path Jozef Balga (1): media: af9035: prevent buffer overflow on write Kairui Song (1): x86/boot: Fix kexec booting failure in the SEV bit detection code Kazuya Mizuguchi (1): ravb: do not write 1 to reserved bits Keerthy (1): clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs Laura Abbott (2): scsi: ibmvscsis: Fix a stringop-overflow warning scsi: ibmvscsis: Ensure partition name is properly NUL terminated Linus Walleij (1): spi: gpio: Fix copy-and-paste error Majd Dibbiny (1): RDMA/uverbs: Fix validity check for modify QP Marek Lindner (2): batman-adv: fix backbone_gw refcount on queue_work() failure batman-adv: fix hardif_neigh refcount on queue_work() failure Michael Neuling (2): powerpc/tm: Fix userspace r13 corruption powerpc/tm: Avoid possible userspace r1 corruption on reclaim Michael Schmitz (1): Input: atakbd - fix Atari CapsLock behaviour Nathan Chancellor (1): net/mlx4: Use cpumask_available for eq->affinity_mask Russell King (1): sfp: fix oops with ethtool -m Sabrina Dubroca (1): selftests: pmtu: properly redirect stderr to /dev/null Sanyog Kale (1): soundwire: Fix acquiring bus lock twice during master release Selvin Xavier (1): RDMA/bnxt_re: Fix system crash during RDMA resource initialization Shreyas NC (2): soundwire: Fix duplicate stream state assignment soundwire: Fix incorrect exit after configuring stream Srikar Dronamraju (1): powerpc/numa: Use associativity if VPHN hcall is successful Steve Wise (1): cxgb4: fix abort_req_rss6 struct Sudarsana Reddy Kalluru (2): qed: Fix populating the invalid stag value in multi function mode. qed: Do not add VLAN 0 tag to untagged frames in multi-function mode. Sven Eckelmann (8): batman-adv: Avoid probe ELP information leak batman-adv: Fix segfault when writing to throughput_override batman-adv: Fix segfault when writing to sysfs elp_interval batman-adv: Prevent duplicated gateway_node entry batman-adv: Prevent duplicated nc_node entry batman-adv: Prevent duplicated softif_vlan entry batman-adv: Prevent duplicated global TT entry batman-adv: Prevent duplicated tvlv handler Tao Ren (1): clocksource/drivers/fttmr010: Fix set_next_event handler Ursula Braun (1): net/smc: fix non-blocking connect problem Wen Xiong (1): scsi: ipr: System hung while dlpar adding primary ipr adapter back YueHaibing (1): net/smc: fix sizeof to int comparison arch/powerpc/kernel/tm.S | 20 +- arch/powerpc/mm/numa.c | 4 +- arch/riscv/include/asm/asm-prototypes.h | 7 + arch/x86/boot/compressed/mem_encrypt.S | 19 -- drivers/clocksource/timer-fttmr010.c | 18 +- drivers/clocksource/timer-ti-32k.c | 3 + drivers/gpu/drm/arm/malidp_drv.c | 1 + drivers/hwtracing/intel_th/pci.c | 5 + drivers/infiniband/core/uverbs_cmd.c | 68 ++++-- drivers/infiniband/hw/bnxt_re/main.c | 93 ++++---- drivers/input/keyboard/atakbd.c | 74 +++---- drivers/iommu/amd_iommu.c | 6 + drivers/iommu/rockchip-iommu.c | 6 + drivers/media/usb/dvb-usb-v2/af9035.c | 6 +- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 32 +-- drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 20 +- drivers/net/ethernet/chelsio/cxgb4/t4_msg.h | 1 - drivers/net/ethernet/ibm/emac/core.c | 15 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 10 +- drivers/net/ethernet/mellanox/mlx4/eq.c | 3 +- drivers/net/ethernet/mellanox/mlx5/core/transobj.c | 2 +- drivers/net/ethernet/mscc/ocelot_board.c | 12 +- drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 9 +- drivers/net/ethernet/qlogic/qed/qed_dcbx.h | 1 + drivers/net/ethernet/qlogic/qed/qed_dev.c | 15 +- drivers/net/ethernet/qlogic/qed/qed_hsi.h | 4 + drivers/net/ethernet/renesas/ravb.h | 5 + drivers/net/ethernet/renesas/ravb_main.c | 11 +- drivers/net/ethernet/renesas/ravb_ptp.c | 2 +- drivers/net/ethernet/stmicro/stmmac/common.h | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac.h | 14 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 238 ++++++++++++--------- drivers/net/phy/sfp-bus.c | 4 +- drivers/pci/controller/dwc/pcie-designware.c | 8 +- drivers/pci/controller/dwc/pcie-designware.h | 3 +- drivers/pinctrl/pinctrl-amd.c | 33 ++- drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 5 +- drivers/scsi/ipr.c | 106 +++++---- drivers/scsi/ipr.h | 1 + drivers/scsi/lpfc/lpfc_attr.c | 15 +- drivers/scsi/lpfc/lpfc_debugfs.c | 10 +- drivers/scsi/lpfc/lpfc_nvme.c | 11 +- drivers/scsi/sd.c | 3 +- drivers/soundwire/stream.c | 23 +- drivers/spi/spi-gpio.c | 4 +- include/linux/stmmac.h | 1 + kernel/bpf/sockmap.c | 91 ++++++-- net/batman-adv/bat_v_elp.c | 10 +- net/batman-adv/bridge_loop_avoidance.c | 10 +- net/batman-adv/gateway_client.c | 11 +- net/batman-adv/network-coding.c | 27 +-- net/batman-adv/soft-interface.c | 25 ++- net/batman-adv/sysfs.c | 30 ++- net/batman-adv/translation-table.c | 6 +- net/batman-adv/tvlv.c | 8 +- net/smc/af_smc.c | 7 +- net/smc/smc_clc.c | 14 +- tools/testing/selftests/bpf/test_maps.c | 10 +- tools/testing/selftests/net/pmtu.sh | 4 +- 59 files changed, 738 insertions(+), 470 deletions(-) create mode 100644 arch/riscv/include/asm/asm-prototypes.h -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvGFGoACgkQ3qZv95d3 LNxF8A/+KAEtzAlffVw0aUCqQa2Y87cjAQC9xXM6SkW27j8+trsBRoyZY+DmWPB3 Pud7sy55U5ETnmqfX1VHOs9S4KSICEiPrRkkfnE8BTq7N/hSOeNYTXeEwHppBVhZ pal4eWgjHdypbFCiJaiEbppH+14CgxYElfIPm0frPlsjfdPgTe5hS7j8/bRdtrxF JtG4IY0sLyFtD1piP31AglYetv3ETqe+uLXyqDSfTgNC6kfiSgtqLDoVKHUKH5ec wP8Aen+QN3YAJnaWq9JUlse74wPvLriysqvbgzL57KM9GDgUl1RECsN2koSh6fph MLzD9WrwdmSpiH37MVodjmriT8iSUp+a78eHT9FC7GKVhigTK4dnXLAkqXYBdJxU OwZCEzJwqmNsdJP6qXaFjHMv6t3dJUtvPls90/zshyEl/krxue+loYiKoHEn9vUS 8E4FPBqbsGih3cwZlloZMF5yqjnTdcKYWQ8Olwjs6/bIbtkINl9b3LQavHdzvdy3 KKBhWyW8ciIaL7Gr+HmrCGnqA4WsbXBIE9A3eXXALN2wWtNae6o03Czdw6EOpEdZ jRndNGsq93lfqdE7Zk8gJzUFoVGo/Ani5v+2ULBdMvlUgo8Xw1ZpuU/D63v/zMWp ZyOXvK/dkLm5bRtQf90nJln0z6Hf6q4ww6IFaEKSc5wn2zt+EW0= =jgQ+ -----END PGP SIGNATURE-----

6 years, 8 months

2
1
0 0

[PATCH stable v4.4+] usb: gadget: serial: fix oops when data rx'd after close

by Krzysztof Kozlowski

From: Stephen Warren <swarren(a)nvidia.com> commit daa35bd95634a2a2d72d1049c93576a02711cb1a upstream When the gadget serial device has no associated TTY, do not pass any received data into the TTY layer for processing; simply drop it instead. This prevents the TTY layer from calling back into the gadget serial driver, which will then crash in e.g. gs_write_room() due to lack of gadget serial device to TTY association (i.e. a NULL pointer dereference). Signed-off-by: Stephen Warren <swarren(a)nvidia.com> Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> Signed-off-by: Krzysztof Kozlowski <krzk(a)kernel.org> --- This is necessary for v4.4+ to fix: [ 134.015750] Unable to handle kernel NULL pointer dereference at virtual address 000000a8 [ 134.023988] pgd = 80004000 [ 134.026749] [000000a8] *pgd=00000000 [ 134.030417] Internal error: Oops: 17 [#1] ARM [ 134.034826] Modules linked in: ctr ccm usb_f_acm u_serial ath9k_htc ath9k_common ath9k_hw ath mac80211 cfg80211 libcomposite configfs [ 134.047166] CPU: 0 PID: 51 Comm: kworker/u2:1 Not tainted 4.9.133 #60 [ 134.053664] Hardware name: Freescale Vybrid VF5xx/VF6xx (Device Tree) [ 134.060195] Workqueue: events_unbound flush_to_ldisc [ 134.065244] task: 86a42140 task.stack: 86a9a000 [ 134.069872] PC is at gs_flush_chars+0x18/0x30 [u_serial] [ 134.075261] LR is at n_tty_receive_buf_common+0x648/0xa54 [ 134.080726] pc : [<7f169d4c>] lr : [<803cce74>] psr: 200f0093 [ 134.080726] sp : 86a9be08 ip : 86a9be20 fp : 86a9be1c [ 134.092310] r10: 86bff600 r9 : 862240cc r8 : 00000000 [ 134.097589] r7 : 862240cc r6 : 00000000 r5 : 00000000 r4 : 200f0013 [ 134.104177] r3 : 7f169d34 r2 : 0000000a r1 : 0000003c r0 : 00000000 [ 134.110763] Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment none [ 134.118081] Control: 10c5387d Table: 85fb8059 DAC: 00000051 [ 134.123882] Process kworker/u2:1 (pid: 51, stack limit = 0x86a9a208) [ 134.130293] Stack: (0x86a9be08 to 0x86a9c000) [ 134.134717] be00: 89f0b000 00000000 86a9be8c 86a9be20 803cce74 7f169d40 [ 134.143000] be20: 86bff658 00020001 86bff73c 86a9be38 55555556 89f0b000 86a9be6c 8061f090 [ 134.151282] be40: 89f0b018 89f0d000 89f0b000 00000000 86224090 0000003c 00000000 0000003c [ 134.159567] be60: 86a9be94 0000003c 803cd280 86be5e00 8604ea40 86be5e14 00000000 86802014 [ 134.167852] be80: 86a9bea4 86a9be90 803cd29c 803cc838 00000001 80101438 86a9bebc 86a9bea8 [ 134.176135] bea0: 803d00c4 803cd28c 86224000 86be5e04 86a9bee4 86a9bec0 803d05fc 803d00a8 [ 134.184419] bec0: 86be5e04 86acf980 00000000 86808700 86802000 00000000 86a9bf1c 86a9bee8 [ 134.192703] bee0: 8012ef38 803d054c 00000088 8090cac0 86a9a000 86acf980 86802000 86acf998 [ 134.200988] bf00: 00000088 8090cac0 86a9a000 86802014 86a9bf5c 86a9bf20 8012f260 8012ee20 [ 134.209270] bf20: 86ad1dc0 8070ee70 8092c91c 86802000 00000000 00000000 86ad1dc0 86a9a000 [ 134.217554] bf40: 86acf980 8012f1f4 00000000 00000000 86a9bfac 86a9bf60 80134a78 8012f200 [ 134.225838] bf60: 00000000 00000000 86ad1dc0 86acf980 00000000 86a9bf74 86a9bf74 00000000 [ 134.234122] bf80: 86a9bf80 86a9bf80 8013b048 86ad1dc0 80134980 00000000 00000000 00000000 [ 134.242406] bfa0: 00000000 86a9bfb0 80107990 8013498c 00000000 00000000 00000000 00000000 [ 134.250688] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 134.258970] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 134.267228] Backtrace: [ 134.269785] [<7f169d34>] (gs_flush_chars [u_serial]) from [<803cce74>] (n_tty_receive_buf_common+0x648/0xa54) [ 134.279800] r5:00000000 r4:89f0b000 [ 134.283449] [<803cc82c>] (n_tty_receive_buf_common) from [<803cd29c>] (n_tty_receive_buf2+0x1c/0x24) [ 134.292695] r10:86802014 r9:00000000 r8:86be5e14 r7:8604ea40 r6:86be5e00 r5:803cd280 [ 134.300610] r4:0000003c [ 134.303216] [<803cd280>] (n_tty_receive_buf2) from [<803d00c4>] (tty_ldisc_receive_buf+0x28/0x64) [ 134.312201] [<803d009c>] (tty_ldisc_receive_buf) from [<803d05fc>] (flush_to_ldisc+0xbc/0xd4) [ 134.320822] r5:86be5e04 r4:86224000 [ 134.324476] [<803d0540>] (flush_to_ldisc) from [<8012ef38>] (process_one_work+0x124/0x3e0) [ 134.332851] r9:00000000 r8:86802000 r7:86808700 r6:00000000 r5:86acf980 r4:86be5e04 [ 134.340706] [<8012ee14>] (process_one_work) from [<8012f260>] (worker_thread+0x6c/0x5a8) [ 134.348905] r10:86802014 r9:86a9a000 r8:8090cac0 r7:00000088 r6:86acf998 r5:86802000 [ 134.356828] r4:86acf980 [ 134.359431] [<8012f1f4>] (worker_thread) from [<80134a78>] (kthread+0xf8/0x110) [ 134.366847] r10:00000000 r9:00000000 r8:8012f1f4 r7:86acf980 r6:86a9a000 r5:86ad1dc0 [ 134.374765] r4:00000000 [ 134.377375] [<80134980>] (kthread) from [<80107990>] (ret_from_fork+0x14/0x24) [ 134.384708] r8:00000000 r7:00000000 r6:00000000 r5:80134980 r4:86ad1dc0 [ 134.391483] Code: e24cb004 e5900168 e10f4000 f10c0080 (e59030a8) [ 134.397643] ---[ end trace 6d6c0a94eccf9fda ]--- Reproduction: 1. Set up USB serial gadget and connect to device. 2. On device: while true; do echo "abcdefgh01234567890" > /dev/ttyGS0; done 3. On PC, execute simultaneously: while true; do cat /dev/ttyACM0 >> /tmp/tmp-dl; done for i in `seq 10000` ; do echo "XXXXXXXXXXXXXX" > /dev/ttyACM0 ; done --- drivers/usb/gadget/function/u_serial.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index f7771d86ad6c..4ea44f7122ee 100644 --- a/drivers/usb/gadget/function/u_serial.c +++ b/drivers/usb/gadget/function/u_serial.c @@ -518,7 +518,7 @@ static void gs_rx_push(unsigned long _port) } /* push data to (open) tty */ - if (req->actual) { + if (req->actual && tty) { char *packet = req->buf; unsigned size = req->actual; unsigned n; -- 2.7.4

6 years, 8 months

2
1
0 0

Re: [PATCH] HID: quirks: fix support for Apple Magic Keyboards

by Benjamin Tissoires

On Wed, Oct 17, 2018 at 5:55 PM Natanael Copa <ncopa(a)alpinelinux.org> wrote: > > On Wed, 17 Oct 2018 16:59:15 +0200 > Benjamin Tissoires <benjamin.tissoires(a)redhat.com> wrote: > > > Hi Natanael, > > > > On Wed, Oct 17, 2018 at 4:52 PM Natanael Copa <ncopa(a)alpinelinux.org> wrote: > > > > > > Commit ee3454924370 ("HID: add support for Apple Magic Keyboards") added > > > support for the Magic Keyboard over Bluetooth, but did not add the > > > BT_VENDOR_ID_APPLE to hid-quirks. Fix this so hid-apple driver is used > > > over hid-generic. > > > > > > This fixes the Fn key, which does not work at all with hid-generic. > > > > > > Fixes: ee3454924370 ("HID: add support for Apple Magic Keyboards") > > > Bugzilla-id: https://bugzilla.kernel.org/show_bug.cgi?id=99881 > > > Signed-off-by: Natanael Copa <ncopa(a)alpinelinux.org> > > > --- > > > This should be backported to stable too. > > > > > > drivers/hid/hid-quirks.c | 3 +++ > > > 1 file changed, 3 insertions(+) > > > > > > diff --git a/drivers/hid/hid-quirks.c b/drivers/hid/hid-quirks.c > > > index 249d49b6b16c..a3b3aecf8628 100644 > > > --- a/drivers/hid/hid-quirks.c > > > +++ b/drivers/hid/hid-quirks.c > > > @@ -270,6 +270,9 @@ static const struct hid_device_id hid_have_special_driver[] = { > > > { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_ALU_WIRELESS_2011_ISO) }, > > > { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_ALU_WIRELESS_2011_JIS) }, > > > { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_MAGIC_KEYBOARD_ANSI) }, > > > + { HID_BLUETOOTH_DEVICE(BT_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_MAGIC_KEYBOARD_ANSI) }, > > > + { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_MAGIC_KEYBOARD_NUMPAD_ANSI) }, > > > + { HID_BLUETOOTH_DEVICE(BT_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_MAGIC_KEYBOARD_NUMPAD_ANSI) }, > > > > NACK, this should not be required with kernels v4.17+ IIRC. > > > > If it doesn't work on a recent kernel, please raise the issue, but I > > am actually chasing down the new inclusions of these when we add new > > device support. > > Fair enough. I think it may be needed for 4.14.y kernels though, to fix > commit b6cc0ba2cbf4 (HID: add support for Apple Magic Keyboards). > > Fn key did not work without this patch on 4.14.76 for me. Right, b6cc0ba2cbf4 has been added to 4.14.75 and is not working because tweaking hid_have_special_driver[] is not required in current kernels anymore. @stable folks, would it be possible to take this patch in the v4.9 and v4.14 trees? It can't go into Linus' tree, but I'd be glad to give my Acked-by for a stable backport. > > > There is even a high chance that we remove the list entirely as this > > would tremendously help the distributions to just have to ship > > hid-generic in the initramfs instead of a bunch of random hid drivers. > > I doubt that distros will want Bluetooth keyboards there though. (which > this is about) I was talking more generally, killing this list of devices, as some are keyboard and useful, and some are not needed as you say. But the point is that distro folks won't have to decide which module to ship: only hid-generic will be sufficient. Cheers, Benjamin > > > By the way, if the driver is not autoloaded by udev, it is a problem > > in udev likely. > > > > Cheers, > > Benjamin > > > > > { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, > > > USB_DEVICE_ID_APPLE_FOUNTAIN_TP_ONLY) }, > > > { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, > > > USB_DEVICE_ID_APPLE_GEYSER1_TP_ONLY) }, #endif -- > > > 2.19.1 > > > >

6 years, 8 months

3
4
0 0

[PATCH] block: don't deal with discard limit in blkdev_issue_discard()

by Ming Lei

blk_queue_split() does respect this limit via bio splitting, so no need to do that in blkdev_issue_discard(), then we can align to normal bio submit(bio_add_page() & submit_bio()). More importantly, this patch fixes one issue introduced in a22c4d7e34402cc ("block: re-add discard_granularity and alignment checks"), in which zero discard bio may be generated in case of zero alignment. Fixes: a22c4d7e34402ccdf3 ("block: re-add discard_granularity and alignment checks") Cc: stable(a)vger.kernel.org Cc: Mariusz Dabrowski <mariusz.dabrowski(a)intel.com> Cc: Ming Lin <ming.l(a)ssi.samsung.com> Cc: Mike Snitzer <snitzer(a)redhat.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Xiao Ni <xni(a)redhat.com> Signed-off-by: Ming Lei <ming.lei(a)redhat.com> --- block/blk-lib.c | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-) diff --git a/block/blk-lib.c b/block/blk-lib.c index d1b9dd03da25..bbd44666f2b5 100644 --- a/block/blk-lib.c +++ b/block/blk-lib.c @@ -29,9 +29,7 @@ int __blkdev_issue_discard(struct block_device *bdev, sector_t sector, { struct request_queue *q = bdev_get_queue(bdev); struct bio *bio = *biop; - unsigned int granularity; unsigned int op; - int alignment; sector_t bs_mask; if (!q) @@ -54,38 +52,16 @@ int __blkdev_issue_discard(struct block_device *bdev, sector_t sector, if ((sector | nr_sects) & bs_mask) return -EINVAL; - /* Zero-sector (unknown) and one-sector granularities are the same. */ - granularity = max(q->limits.discard_granularity >> 9, 1U); - alignment = (bdev_discard_alignment(bdev) >> 9) % granularity; - while (nr_sects) { - unsigned int req_sects; - sector_t end_sect, tmp; + unsigned int req_sects = nr_sects; + sector_t end_sect; - /* - * Issue in chunks of the user defined max discard setting, - * ensuring that bi_size doesn't overflow - */ - req_sects = min_t(sector_t, nr_sects, - q->limits.max_discard_sectors); if (!req_sects) goto fail; if (req_sects > UINT_MAX >> 9) req_sects = UINT_MAX >> 9; - /* - * If splitting a request, and the next starting sector would be - * misaligned, stop the discard at the previous aligned sector. - */ end_sect = sector + req_sects; - tmp = end_sect; - if (req_sects < nr_sects && - sector_div(tmp, granularity) != alignment) { - end_sect = end_sect - alignment; - sector_div(end_sect, granularity); - end_sect = end_sect * granularity + alignment; - req_sects = end_sect - sector; - } bio = next_bio(bio, 0, gfp_mask); bio->bi_iter.bi_sector = sector; -- 2.9.5

6 years, 8 months

3
3
0 0

[PATCH v2 2/3] tracing: Fix synthetic event to allow semicolon at end

by Masami Hiramatsu

Fix synthetic event to allow independent semicolon at end. The synthetic_events interface accepts a semicolon after the last word if there is no space. # echo "myevent u64 var;" >> synthetic_events But if there is a space, it returns an error. # echo "myevent u64 var ;" > synthetic_events sh: write error: Invalid argument This behavior is difficult for users to understand. Let's allow the last independent semicolon too. Fixes: commit 4b147936fa50 ("tracing: Add support for 'synthetic' events") Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: stable(a)vger.kernel.org Cc: Tom Zanussi <tom.zanussi(a)linux.intel.com> Cc: Steven Rostedt <rostedt(a)goodmis.org> --- kernel/trace/trace_events_hist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 6ff83941065a..d239004aaf29 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -1088,7 +1088,7 @@ static int create_synth_event(int argc, char **argv) i += consumed - 1; } - if (i < argc) { + if (i < argc && strcmp(argv[i], ";") != 0) { ret = -EINVAL; goto err; }

6 years, 8 months

1
0
0 0

[PATCH v2 1/3] tracing: Fix synthetic event to accept unsigned modifier

by Masami Hiramatsu

Fix synthetic event to accept unsigned modifier for its field type correctly. Currently, synthetic_events interface returns error for "unsigned" modifiers as below; # echo "myevent unsigned long var" >> synthetic_events sh: write error: Invalid argument This is because argv_split() breaks "unsigned long" into "unsigned" and "long", but parse_synth_field() doesn't expected it. With this fix, synthetic_events can handle the "unsigned long" correctly like as below; # echo "myevent unsigned long var" >> synthetic_events # cat synthetic_events myevent unsigned long var Fixes: commit 4b147936fa50 ("tracing: Add support for 'synthetic' events") Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: stable(a)vger.kernel.org Cc: Tom Zanussi <tom.zanussi(a)linux.intel.com> Cc: Steven Rostedt <rostedt(a)goodmis.org> --- Changes in v2: - Fix a typo of stable ML. --- kernel/trace/trace_events_hist.c | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 85f6b01431c7..6ff83941065a 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -738,16 +738,30 @@ static void free_synth_field(struct synth_field *field) kfree(field); } -static struct synth_field *parse_synth_field(char *field_type, - char *field_name) +static struct synth_field *parse_synth_field(int argc, char **argv, + int *consumed) { struct synth_field *field; + const char *prefix = NULL; + char *field_type = argv[0], *field_name; int len, ret = 0; char *array; if (field_type[0] == ';') field_type++; + if (!strcmp(field_type, "unsigned")) { + if (argc < 3) + return ERR_PTR(-EINVAL); + prefix = "unsigned "; + field_type = argv[1]; + field_name = argv[2]; + *consumed = 3; + } else { + field_name = argv[1]; + *consumed = 2; + } + len = strlen(field_name); if (field_name[len - 1] == ';') field_name[len - 1] = '\0'; @@ -760,11 +774,15 @@ static struct synth_field *parse_synth_field(char *field_type, array = strchr(field_name, '['); if (array) len += strlen(array); + if (prefix) + len += strlen(prefix); field->type = kzalloc(len, GFP_KERNEL); if (!field->type) { ret = -ENOMEM; goto free; } + if (prefix) + strcat(field->type, prefix); strcat(field->type, field_type); if (array) { strcat(field->type, array); @@ -1009,7 +1027,7 @@ static int create_synth_event(int argc, char **argv) struct synth_field *field, *fields[SYNTH_FIELDS_MAX]; struct synth_event *event = NULL; bool delete_event = false; - int i, n_fields = 0, ret = 0; + int i, consumed = 0, n_fields = 0, ret = 0; char *name; mutex_lock(&synth_event_mutex); @@ -1061,13 +1079,13 @@ static int create_synth_event(int argc, char **argv) goto err; } - field = parse_synth_field(argv[i], argv[i + 1]); + field = parse_synth_field(argc - i, &argv[i], &consumed); if (IS_ERR(field)) { ret = PTR_ERR(field); goto err; } - fields[n_fields] = field; - i++; n_fields++; + fields[n_fields++] = field; + i += consumed - 1; } if (i < argc) {

6 years, 8 months

1
0
0 0

RE: [PATCH] ARC: Get rid of toolchain check

by Alexey Brodkin

Hello, > -----Original Message----- > From: Rob Herring [mailto:robh@kernel.org] > Sent: Friday, September 14, 2018 12:04 AM > To: Alexey.Brodkin(a)synopsys.com > Cc: linux-snps-arc(a)lists.infradead.org; Linux Kernel Mailing List <linux-kernel(a)vger.kernel.org>; Vineet.Gupta1(a)synopsys.com > Subject: Re: [PATCH] ARC: Get rid of toolchain check > > On Thu, Sep 13, 2018 at 3:24 PM Alexey Brodkin > <Alexey.Brodkin(a)synopsys.com> wrote: > > > > This check is very naive: we simply test if GCC invoked without > > "-mcpu=XXX" has ARC700 define set. In that case we think that GCC > > was built with "--with-cpu=arc700" and has libgcc built for ARC700. > > > > Otherwise if ARC700 is not defined we think that everythng was built > > for ARCv2. > > > > But in reality our life is much more interesting. > > > > 1. Regardless of GCC configuration (i.e. what we pass in "--with-cpu" > > it may generate code for any ARC core). > > > > 2. libgcc might be built with explicitly specified "--mcpu=YYY" > > > > That's exactly what happens in case of multilibbed toolchains: > > - GCC is configured with default settings > > - All the libs built for many different CPU flavors > > > > I.e. that check gets in the way of usage of multilibbed > > toolchains. And even non-multilibbed toolchains are affected. > > OpenEmbedded also builds GCC without "--with-cpu" because > > each and every target component later is compiled with explicitly > > set "-mcpu=ZZZ". > > > > Signed-off-by: Alexey Brodkin <abrodkin(a)synopsys.com> > > --- > > arch/arc/Makefile | 14 -------------- > > 1 file changed, 14 deletions(-) > > +1 for this. Removing it also helps with my work to be able to build > all the .dts files with only a host compiler. That also needs the hunk > setting CROSS_COMPILE removed and not having a built-in dtb by > default, but this is a step in the right direction. > > Acked-by: Rob Herring <robh(a)kernel.org> May we get this one back-ported to stable trees? Upstream commit in Linus' tree is 615f64458ad8 ("ARC: build: Get rid of toolchain check"). This fixes kernel configuration for ARC in case of missing ARC cross-tools in current PATH. -Alexey

6 years, 8 months

2
1
0 0

RE: [PATCH] ARC: Don't set CROSS_COMPILE in arch's Makefile

by Alexey Brodkin

Hello, > -----Original Message----- > From: Alexey Brodkin [mailto:abrodkin@synopsys.com] > Sent: Sunday, September 16, 2018 11:48 PM > To: linux-snps-arc(a)lists.infradead.org > Cc: linux-kernel(a)vger.kernel.org; Vineet Gupta <vgupta(a)synopsys.com>; Alexey Brodkin <abrodkin(a)synopsys.com>; Masahiro > Yamada <yamada.masahiro(a)socionext.com>; Rob Herring <robh(a)kernel.org> > Subject: [PATCH] ARC: Don't set CROSS_COMPILE in arch's Makefile > > There's not much sense in doing that because if user or > his build-system didn't set CROSS_COMPILE we still may > very well make incorrect guess. > > But as it turned out setting CROSS_COMPILE is not as harmless > as one may think: with recent changes that implemented automatic > discovery of __host__ gcc features unconditional setup of > CROSS_COMPILE leads to failures on execution of "make xxx_defconfig" > with absent cross-compiler, for more info see [1]. > > Set CROSS_COMPILE as well gets in the way if we want only to build > .dtb's (again with absent cross-compiler which is not really needed > for building .dtb's), see [2]. > > Note, we had to change LIBGCC assignment type from ":=" to "=" > so that is is resolved on its usage, otherwise if it is resolved > at declaration time with missing CROSS_COMPILE we're getting this > error message from host GCC: > ------------------------->8------------------------- > gcc: error: unrecognized command line option ‘-mmedium-calls’ > gcc: error: unrecognized command line option ‘-mno-sdata’; did you mean ‘-fno-stats’? > ------------------------->8------------------------- > > [1] http://lists.infradead.org/pipermail/linux-snps-arc/2018-September/004308.h… > [2] http://lists.infradead.org/pipermail/linux-snps-arc/2018-September/004320.h… > > Signed-off-by: Alexey Brodkin <abrodkin(a)synopsys.com> > Cc: Masahiro Yamada <yamada.masahiro(a)socionext.com> > Cc: Rob Herring <robh(a)kernel.org> > --- > arch/arc/Makefile | 10 +--------- > 1 file changed, 1 insertion(+), 9 deletions(-) > > diff --git a/arch/arc/Makefile b/arch/arc/Makefile > index 99cce77ab98f..5f6b67917dc2 100644 > --- a/arch/arc/Makefile > +++ b/arch/arc/Makefile > @@ -6,14 +6,6 @@ > # published by the Free Software Foundation. > # > > -ifeq ($(CROSS_COMPILE),) > -ifndef CONFIG_CPU_BIG_ENDIAN > -CROSS_COMPILE := arc-linux- > -else > -CROSS_COMPILE := arceb-linux- > -endif > -endif > - > KBUILD_DEFCONFIG := nsim_700_defconfig > > cflags-y += -fno-common -pipe -fno-builtin -mmedium-calls -D__linux__ > @@ -79,7 +71,7 @@ cflags-$(disable_small_data) += -mno-sdata -fcall-used-gp > cflags-$(CONFIG_CPU_BIG_ENDIAN) += -mbig-endian > ldflags-$(CONFIG_CPU_BIG_ENDIAN) += -EB > > -LIBGCC := $(shell $(CC) $(cflags-y) --print-libgcc-file-name) > +LIBGCC = $(shell $(CC) $(cflags-y) --print-libgcc-file-name) > > # Modules with short calls might break for calls into builtin-kernel > KBUILD_CFLAGS_MODULE += -mlong-calls -mno-millicode > -- > 2.17.1 May we have this one back-ported to stable branches? Upstream commit in Linus' tree is: 40660f1fcee8 ("ARC: build: Don't set CROSS_COMPILE in arch's Makefile"). Regards, Alexey

6 years, 8 months

2
1
0 0

netfilter request for -stable 4.9.x inclusion

by Pablo Neira Ayuso

Hi Greg, Could you enqueue the following patch for -stable 4.9.x? commit ab6dd1beac7be3c17f8bf3d38bdf29ecb7293f1e Author: Xin Long <lucien.xin(a)gmail.com> Date: Thu Aug 10 10:22:24 2017 +0800 netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info Cc'ing Laura, combining SNAT+DNAT+ftp helper is currently broken with 4.9.x. The patch above cures the issues. Thanks.

6 years, 8 months

2
1
0 0

[PATCH 2/3] tracing: Fix synthetic event to allow semicolon at end

by Masami Hiramatsu

Fix synthetic event to allow independent semicolon at end. The synthetic_events interface accepts a semicolon after the last word if there is no space. # echo "myevent u64 var;" >> synthetic_events But if there is a space, it returns an error. # echo "myevent u64 var ;" > synthetic_events sh: write error: Invalid argument This behavior is difficult for users to understand. Let's allow the last independent semicolon too. Fixes: commit 4b147936fa50 ("tracing: Add support for 'synthetic' events") Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: <stable(a)vger.kernel.org> Cc: Tom Zanussi <tom.zanussi(a)linux.intel.com> Cc: Steven Rostedt <rostedt(a)goodmis.org> --- kernel/trace/trace_events_hist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 6ff83941065a..d239004aaf29 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -1088,7 +1088,7 @@ static int create_synth_event(int argc, char **argv) i += consumed - 1; } - if (i < argc) { + if (i < argc && strcmp(argv[i], ";") != 0) { ret = -EINVAL; goto err; }

6 years, 8 months

1
0
0 0

Images 34

by Nancy

We are an image team who can process 400+ images each day. If you need any image editing service, please let us know. Image cut out and clipping path, masking. Such as for ecommerce photos, jewelry photos retouching, beauty and skin images and wedding photos. We give test editing for your photos if you send us some. Thanks, Nancy

6 years, 8 months

1
0
0 0

[PATCH 0/4] FS-Cache: Miscellaneous fixes

by David Howells

Attached are another couple of miscellaneous fixes for FS-Cache and CacheFiles: (1) Fix a race between object burial in cachefiles and external rmdir. (2) Fix a race from a split atomic op. (3) Fix incomplete initialisation of cookie key space. (4) Fix out-of-bounds read. The patches are tagged here: git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git fscache-fixes-20181017 and can also be found on the following branch: http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=fs… David --- Al Viro (1): cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) David Howells (1): fscache: Fix incomplete initialisation of inline key space Eric Sandeen (1): fscache: Fix out of bound read in long cookie keys kiran.modukuri (1): fscache: Fix race in fscache_op_complete() due to split atomic_sub & read fs/cachefiles/namei.c | 2 +- fs/fscache/cookie.c | 31 ++++++++++--------------------- fs/fscache/internal.h | 1 - fs/fscache/main.c | 4 +--- include/linux/fscache-cache.h | 4 ++-- 5 files changed, 14 insertions(+), 28 deletions(-)

6 years, 8 months

2
2
0 0

[PATCH] drm/sun4i: Fix an ulong overflow in the dotclock driver

by Boris Brezillon

The calculated ideal rate can easily overflow an unsigned long, thus making the best div selection buggy as soon as no ideal match is found before the overflow occurs. Fixes: 4731a72df273 ("drm/sun4i: request exact rates to our parents") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- drivers/gpu/drm/sun4i/sun4i_dotclock.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/sun4i/sun4i_dotclock.c b/drivers/gpu/drm/sun4i/sun4i_dotclock.c index e36004fbe453..82132a9bd1d5 100644 --- a/drivers/gpu/drm/sun4i/sun4i_dotclock.c +++ b/drivers/gpu/drm/sun4i/sun4i_dotclock.c @@ -81,9 +81,12 @@ static long sun4i_dclk_round_rate(struct clk_hw *hw, unsigned long rate, int i; for (i = tcon->dclk_min_div; i <= tcon->dclk_max_div; i++) { - unsigned long ideal = rate * i; + u64 ideal = (u64)rate * i; unsigned long rounded; + if (ideal > ULONG_MAX) + break; + rounded = clk_hw_round_rate(clk_hw_get_parent(hw), ideal); -- 2.14.1

6 years, 8 months

2
1
0 0

Re: SV: MPC8321 boot failure

by gregkh＠linuxfoundation.org

On Thu, Oct 18, 2018 at 08:51:46AM +0000, David Gounaris wrote: > Hi, I can also confirm that it works after cherry-picking the proposed commit. > > Reported-and-tested-by: David Gounaris <david.gounaris(a)infinera.com<mailto:David.Gounaris@infinera.com>> > Now queued up, thanks. greg k-h

6 years, 8 months

1
0
0 0

Linux 4.18.15

by Greg KH

I'm announcing the release of the 4.18.15 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/net/macb.txt | 1 Makefile | 16 - arch/arm/boot/dts/sama5d3_emac.dtsi | 2 arch/arm64/kernel/perf_event.c | 7 arch/mips/include/asm/processor.h | 10 arch/mips/kernel/process.c | 25 + arch/mips/kernel/setup.c | 48 +-- arch/mips/kernel/vdso.c | 18 + arch/powerpc/include/asm/book3s/64/pgtable.h | 4 arch/powerpc/kvm/book3s_64_mmu_radix.c | 101 ++---- arch/x86/include/asm/pgtable_types.h | 2 arch/x86/include/uapi/asm/kvm.h | 1 arch/x86/kvm/lapic.c | 22 + drivers/bluetooth/hci_ldisc.c | 2 drivers/clk/x86/clk-pmc-atom.c | 18 - drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_iommu.c | 13 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 1 drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 21 + drivers/gpu/drm/amd/include/kgd_kfd_interface.h | 2 drivers/gpu/drm/nouveau/dispnv50/disp.c | 15 drivers/gpu/drm/pl111/pl111_vexpress.c | 3 drivers/hwmon/nct6775.c | 70 +++- drivers/i2c/busses/i2c-scmi.c | 1 drivers/input/joystick/xpad.c | 3 drivers/md/dm-cache-target.c | 5 drivers/md/dm-flakey.c | 2 drivers/md/dm-linear.c | 8 drivers/md/dm.c | 27 + drivers/mfd/omap-usb-host.c | 11 drivers/mmc/core/block.c | 10 drivers/net/bonding/bond_main.c | 65 ++-- drivers/net/dsa/b53/b53_common.c | 4 drivers/net/dsa/bcm_sf2.c | 14 drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 32 +- drivers/net/ethernet/broadcom/bcmsysport.c | 22 - drivers/net/ethernet/broadcom/bnxt/bnxt.c | 27 + drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 6 drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 20 - drivers/net/ethernet/cadence/macb_main.c | 8 drivers/net/ethernet/hisilicon/hns/hnae.c | 2 drivers/net/ethernet/hisilicon/hns/hns_enet.c | 30 + drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 19 - drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 3 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 4 drivers/net/ethernet/mellanox/mlx5/core/transobj.c | 2 drivers/net/ethernet/mscc/ocelot_board.c | 12 drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 17 - drivers/net/ethernet/qlogic/qed/qed_hsi.h | 1 drivers/net/ethernet/qlogic/qlcnic/qlcnic.h | 8 drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.h | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.h | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c | 12 drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c | 7 drivers/net/ethernet/realtek/r8169.c | 24 - drivers/net/ethernet/stmicro/stmmac/common.h | 4 drivers/net/ethernet/stmicro/stmmac/stmmac.h | 14 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 238 ++++++++------- drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 drivers/net/ethernet/ti/Kconfig | 1 drivers/net/phy/phylink.c | 48 +-- drivers/net/phy/sfp-bus.c | 4 drivers/net/team/team.c | 6 drivers/net/tun.c | 43 +- drivers/net/usb/qmi_wwan.c | 1 drivers/net/usb/smsc75xx.c | 1 drivers/net/vxlan.c | 3 drivers/pci/controller/pci-hyperv.c | 37 ++ drivers/perf/arm_pmu.c | 8 drivers/pinctrl/intel/pinctrl-cannonlake.c | 2 drivers/pinctrl/pinctrl-mcp23s08.c | 13 drivers/s390/cio/vfio_ccw_cp.c | 2 drivers/scsi/qla2xxx/qla_target.h | 4 drivers/target/iscsi/iscsi_target.c | 22 - drivers/video/fbdev/aty/atyfb.h | 3 drivers/video/fbdev/aty/atyfb_base.c | 7 drivers/video/fbdev/aty/mach64_ct.c | 10 fs/afs/rxrpc.c | 2 fs/dax.c | 13 include/linux/cgroup-defs.h | 1 include/linux/netdevice.h | 7 include/linux/perf/arm_pmu.h | 1 include/linux/stmmac.h | 1 include/linux/virtio_net.h | 18 + include/net/bonding.h | 7 include/net/inet_sock.h | 6 include/net/ip_fib.h | 1 include/sound/hdaudio.h | 1 include/sound/soc-dapm.h | 1 kernel/bpf/btf.c | 2 kernel/cgroup/cgroup.c | 25 + lib/vsprintf.c | 2 mm/huge_memory.c | 6 mm/mmap.c | 2 mm/percpu.c | 1 mm/vmscan.c | 11 mm/vmstat.c | 1 net/bluetooth/smp.c | 16 - net/core/dev.c | 28 + net/core/ethtool.c | 1 net/core/filter.c | 3 net/core/rtnetlink.c | 41 +- net/dccp/input.c | 4 net/dccp/ipv4.c | 4 net/ipv4/fib_frontend.c | 12 net/ipv4/fib_semantics.c | 50 +++ net/ipv4/inet_connection_sock.c | 5 net/ipv4/ip_sockglue.c | 3 net/ipv4/ip_tunnel.c | 9 net/ipv4/route.c | 7 net/ipv4/tcp_input.c | 4 net/ipv4/tcp_ipv4.c | 4 net/ipv4/udp.c | 2 net/ipv6/addrconf.c | 4 net/ipv6/ip6_fib.c | 2 net/ipv6/ip6_tunnel.c | 13 net/ipv6/raw.c | 29 + net/ipv6/route.c | 5 net/netlabel/netlabel_unlabeled.c | 3 net/packet/af_packet.c | 11 net/sched/cls_u32.c | 10 net/sched/sch_api.c | 24 + net/sctp/transport.c | 12 net/tipc/socket.c | 4 scripts/subarch.include | 13 sound/hda/hdac_controller.c | 15 sound/soc/amd/acp-pcm-dma.c | 21 + sound/soc/codecs/max98373.c | 3 sound/soc/codecs/rt5514.c | 8 sound/soc/codecs/sigmadsp.c | 3 sound/soc/codecs/wm8804-i2c.c | 15 sound/soc/intel/skylake/skl.c | 2 sound/soc/qcom/qdsp6/q6routing.c | 4 sound/soc/sh/rcar/adg.c | 5 sound/soc/sh/rcar/core.c | 10 sound/soc/sh/rcar/dma.c | 4 sound/soc/soc-core.c | 4 sound/soc/soc-dapm.c | 4 tools/perf/scripts/python/export-to-postgresql.py | 9 tools/perf/scripts/python/export-to-sqlite.py | 6 tools/testing/selftests/android/Makefile | 2 tools/testing/selftests/android/config | 5 tools/testing/selftests/android/ion/Makefile | 2 tools/testing/selftests/android/ion/config | 5 tools/testing/selftests/cgroup/cgroup_util.c | 17 - tools/testing/selftests/efivarfs/config | 1 tools/testing/selftests/futex/functional/Makefile | 1 tools/testing/selftests/gpio/Makefile | 7 tools/testing/selftests/kselftest.h | 1 tools/testing/selftests/kvm/Makefile | 7 tools/testing/selftests/lib.mk | 12 tools/testing/selftests/memory-hotplug/config | 1 tools/testing/selftests/net/Makefile | 1 tools/testing/selftests/networking/timestamping/Makefile | 1 tools/testing/selftests/vm/Makefile | 4 160 files changed, 1294 insertions(+), 626 deletions(-) Adrian Hunter (2): perf script python: Fix export-to-postgresql.py occasional failure perf script python: Fix export-to-sqlite.py sample columns Akshu Agrawal (1): ASoC: AMD: Ensure reset bit is cleared before configuring Al Viro (1): net: sched: cls_u32: fix hnode refcounting Alaa Hleihel (1): net/mlx5: Check for SQ and not RQ state when modifying hairpin SQ Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Anders Roxell (2): selftests: android: move config up a level selftests: add headers_install to lib.mk Antoine Tenart (2): net: mvpp2: fix a txq_done race condition net: mscc: fix the frame extraction into the skb Baruch Siach (1): net: phy: phylink: fix SFP interface autodetection Charles Keepax (1): ASoC: dapm: Fix NULL pointer deference on CODEC to CODEC DAIs Chris Boot (1): mmc: block: avoid multiblock reads for the last sector in SPI mode Corentin Labbe (1): net: ethernet: ti: add missing GENERIC_ALLOCATOR dependency Damien Le Moal (2): dm: fix report zone remapping to account for partition offset dm linear: fix linear_end_io conditional definition Dan Carpenter (1): scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Dan Williams (1): filesystem-dax: Fix dax_layout_busy_page() livelock Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit David Ahern (3): net: sched: Add policy validation for tc attributes rtnetlink: Fail dump if target netnsid is invalid net/ipv6: Remove extra call to ip6_convert_metrics for multipath case David Howells (2): afs: Fix afs_server struct leak afs: Fix clearance of reply Davide Caratti (1): bnxt_en: don't try to offload VLAN 'modify' action Edgar Cherkasov (1): i2c: i2c-scmi: fix for i2c_smbus_write_block_data Eran Ben Elisha (1): net/mlx5: E-Switch, Fix out of bound access when setting vport rate Eric Dumazet (7): ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 tun: remove unused parameters tun: initialize napi_mutex unconditionally tun: napi flags belong to tfile tcp/dccp: fix lockdep issue when SYN is backlogged inet: make sure to grab rcu_read_lock before using ireq->ireq_opt Eric Farman (1): s390/cio: Fix how vfio-ccw checks pinned pages Florian Fainelli (4): net: dsa: bcm_sf2: Call setup during switch resume net: systemport: Fix wake-up interrupt race during resume net: dsa: bcm_sf2: Fix unbind ordering net: dsa: b53: Keep CPU port as tagged in all VLANs Friedemann Gerold (1): net: aquantia: memory corruption on jumbo frames Giacinto Cifelli (1): qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface Greg Kroah-Hartman (1): Linux 4.18.15 Guenter Roeck (4): hwmon: (nct6775) Fix access to fan pulse registers hwmon: (nct6775) Fix virtual temperature sources for NCT6796D hwmon: (nct6775) Fix RPM output for fan7 on NCT6796D hwmon: (nct6775) Use different register to get fan RPM for fan7 Hangbin Liu (1): vxlan: fill ttl inherit info Hans de Goede (2): clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail clk: x86: Stop marking clocks as CLK_IS_CRITICAL Heiner Kallweit (1): r8169: fix network stalls due to missing bit TXCFG_AUTO_FIFO Hermes Zhang (1): Bluetooth: hci_ldisc: Free rw_semaphore on close Ido Schimmel (1): team: Forbid enslaving team device to itself Jakub Kicinski (1): nfp: avoid soft lockups under control message storm Jan Kara (1): mm: Preserve _PAGE_DEVMAP across mprotect() calls Jann Horn (2): mm/vmstat.c: fix outdated vmstat_text mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE Jay Kamat (1): Fix cg_read_strcmp() Jeff Barnhill (1): net/ipv6: Display all addresses in output of /proc/net/if_inet6 Jianbo Liu (1): net/mlx5e: Set vlan masks for all offloaded TC rules Jianfeng Tan (1): net/packet: fix packet drop as of virtio gso Jiri Kosina (1): udp: Unbreak modules that rely on external __skb_recv_udp() availability Johan Hedberg (1): Bluetooth: SMP: Fix trying to use non-existent local OOB data Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Jose Abreu (2): net: stmmac: Fixup the tail addr setting in xmit path net: stmmac: Rework coalesce timer and fix multi-queue races Jérôme Glisse (1): mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 Kuninori Morimoto (2): ASoC: rsnd: adg: care clock-frequency size ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER Laura Abbott (1): scsi: iscsi: target: Don't use stack buffer for scatterlist Lei Yang (2): selftests/efivarfs: add required kernel configs selftests: memory-hotplug: add required configs Lyude Paul (1): drm/nouveau/drm/nouveau: Grab runtime PM ref in nv50_mstc_detect() Maciej S. Szmigiero (1): r8169: set RX_MULTI_EN bit in RxConfig for 8168F-family chips Maciej Żenczykowski (1): net-ethtool: ETHTOOL_GUFO did not and should not require CAP_NET_ADMIN Mahesh Bandewar (3): bonding: avoid possible dead-lock bonding: pass link-local packets to bonding master also. bonding: fix warning message Marco Felsch (1): pinctrl: mcp23s08: fix irq and irqchip setup order Martin KaFai Lau (1): bpf: btf: Fix end boundary calculation for type section Matias Karhumaa (1): Bluetooth: Use correct tfm to generate OOB data Mauricio Faria de Oliveira (1): rtnetlink: fix rtnl_fdb_dump() for ndmsg header Maxime Chevallier (1): net: mvpp2: Extract the correct ethtype from the skb for tx csum offload Michael Chan (2): bnxt_en: Fix TX timeout during netpoll. bnxt_en: Fix VNIC reservations on the PF. Mike Rapoport (2): net/ipv6: stop leaking percpu memory in fib6 info percpu: stop leaking bitmap metadata blocks Mike Snitzer (1): dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled Mikulas Patocka (1): mach64: detect the dot clock divider correctly on sparc Nicholas Piggin (1): KVM: PPC: Book3S HV: Don't use compound_order to determine host mapping size Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Oder Chiou (1): ASoC: rt5514: Fix the issue of the delay volume applied again Paolo Abeni (2): ip6_tunnel: be careful when accessing the inner header ip_tunnel: be careful when accessing the inner header Parthasarathy Bhuvaragan (1): tipc: fix flow control accounting for implicit connect Paul Burton (2): MIPS: Fix CONFIG_CMDLINE handling MIPS: VDSO: Always map near top of user memory Paul Mackerras (1): KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Ramses Ramírez (1): Input: xpad - add support for Xbox1 PDP Camo series gamepad Roman Gushchin (1): mm: slowly shrink slabs with a relatively small number of objects Russell King (1): sfp: fix oops with ethtool -m Ryan Lee (2): ASoC: max98373: Added speaker FS gain cotnrol register to volatile. ASoC: max98373: Added 10ms sleep after amp software reset Sabrina Dubroca (2): net: ipv4: update fnhe_pmtu when first hop's MTU changes net: ipv4: don't let PMTU updates increase route MTU Sean Tranchetti (2): netlabel: check for IPV4MASK in addrinfo_get net: qualcomm: rmnet: Skip processing loopback packets Shahed Shaikh (1): qlcnic: fix Tx descriptor corruption on 82xx devices Shenghui Wang (1): dm cache: destroy migration_cache if cache target registration failed Simon Detheridge (1): pinctrl: cannonlake: Fix gpio base for GPP-E Srinivas Kandagatla (1): ASoC: q6routing: initialize data correctly Stephen Hemminger (1): PCI: hv: support reporting serial number as slot information Steven Rostedt (VMware) (1): vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers Subash Abhinov Kasiviswanathan (2): net: qualcomm: rmnet: Fix incorrect allocation flag in transmit net: qualcomm: rmnet: Fix incorrect allocation flag in receive path Sudarsana Reddy Kalluru (1): qed: Fix shmem structure inconsistency between driver and the mfw. Tejun Heo (1): cgroup: Fix dom_cgrp propagation when enabling threaded mode Thiago Jung Bauermann (1): selftests: kselftest: Remove outdated comment Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Tushar Dave (1): bpf: use __GFP_COMP while allocating page Vasundhara Volam (2): bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request bnxt_en: get the reduced max_irqs by the ones used by RDMA Venkat Duvvuru (1): bnxt_en: free hwrm resources, if driver probe fails. Vitaly Kuznetsov (1): x86/kvm/lapic: always disable MMIO interface in x2APIC mode Wei Wang (1): ipv6: take rcu lock in rawv6_send_hdrinc() Will Deacon (1): arm64: perf: Reject stand-alone CHAIN events for PMUv3 Xin Long (1): sctp: update dst pmtu with the correct daddr Yong Zhao (2): drm/amdkfd: Change the control stack MTYPE from UC to NC on GFX9 drm/amdkfd: Fix ATS capablity was not reported correctly on some APUs Yu Zhao (3): net/usb: cancel pending work when unbinding smsc75xx sound: enable interrupt after dma buffer initialization sound: don't call skl_init_chip() to reset intel skl soc Yunsheng Lin (1): net: hns: fix for unmapping problem when SMMU is on zhong jiang (1): drm/pl111: Make sure of_device_id tables are NULL terminated

6 years, 8 months

1
1
0 0

Linux 4.14.77

by Greg KH

I'm announcing the release of the 4.14.77 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/net/macb.txt | 1 Makefile | 2 arch/arm/boot/dts/sama5d3_emac.dtsi | 2 arch/arm/include/asm/assembler.h | 12 + arch/arm/include/asm/barrier.h | 32 +++ arch/arm/include/asm/bugs.h | 6 arch/arm/include/asm/cp15.h | 3 arch/arm/include/asm/cputype.h | 8 arch/arm/include/asm/kvm_asm.h | 2 arch/arm/include/asm/kvm_host.h | 14 + arch/arm/include/asm/kvm_mmu.h | 23 ++ arch/arm/include/asm/proc-fns.h | 4 arch/arm/include/asm/system_misc.h | 15 + arch/arm/include/asm/thread_info.h | 4 arch/arm/include/asm/uaccess.h | 26 +- arch/arm/kernel/Makefile | 1 arch/arm/kernel/bugs.c | 18 + arch/arm/kernel/entry-common.S | 18 - arch/arm/kernel/entry-header.S | 25 ++ arch/arm/kernel/signal.c | 58 +++--- arch/arm/kernel/smp.c | 4 arch/arm/kernel/suspend.c | 2 arch/arm/kernel/sys_oabi-compat.c | 8 arch/arm/kvm/hyp/hyp-entry.S | 112 +++++++++++ arch/arm/lib/copy_from_user.S | 9 arch/arm/mm/Kconfig | 23 ++ arch/arm/mm/Makefile | 2 arch/arm/mm/fault.c | 3 arch/arm/mm/proc-macros.S | 3 arch/arm/mm/proc-v7-2level.S | 6 arch/arm/mm/proc-v7-bugs.c | 174 ++++++++++++++++++ arch/arm/mm/proc-v7.S | 154 ++++++++++++--- arch/arm/vfp/vfpmodule.c | 17 - arch/arm64/kernel/perf_event.c | 7 arch/mips/include/asm/processor.h | 10 - arch/mips/kernel/process.c | 25 ++ arch/mips/kernel/vdso.c | 18 + arch/powerpc/include/asm/book3s/64/pgtable.h | 4 arch/x86/include/asm/pgtable_types.h | 2 arch/x86/include/uapi/asm/kvm.h | 1 arch/x86/kvm/lapic.c | 22 +- drivers/bluetooth/hci_ldisc.c | 2 drivers/clk/x86/clk-pmc-atom.c | 18 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 drivers/i2c/busses/i2c-scmi.c | 1 drivers/md/dm-cache-target.c | 5 drivers/md/dm-flakey.c | 2 drivers/md/dm-linear.c | 8 drivers/md/dm.c | 27 ++ drivers/mfd/omap-usb-host.c | 11 - drivers/mmc/core/block.c | 10 + drivers/net/bonding/bond_main.c | 65 +++--- drivers/net/dsa/bcm_sf2.c | 12 - drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 32 +-- drivers/net/ethernet/broadcom/bcmsysport.c | 22 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 23 +- drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 20 +- drivers/net/ethernet/cadence/macb_main.c | 8 drivers/net/ethernet/hisilicon/hns/hnae.c | 2 drivers/net/ethernet/hisilicon/hns/hns_enet.c | 30 +-- drivers/net/ethernet/marvell/mvpp2.c | 20 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 3 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 4 drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 17 + drivers/net/ethernet/qlogic/qlcnic/qlcnic.h | 8 drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.h | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.h | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c | 12 - drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 8 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 drivers/net/hyperv/netvsc_drv.c | 9 drivers/net/team/team.c | 5 drivers/net/usb/qmi_wwan.c | 1 drivers/net/usb/smsc75xx.c | 1 drivers/pci/host/pci-hyperv.c | 37 +++ drivers/perf/arm_pmu.c | 8 drivers/pinctrl/pinctrl-mcp23s08.c | 13 + drivers/s390/cio/vfio_ccw_cp.c | 2 drivers/scsi/qla2xxx/qla_target.h | 4 drivers/target/iscsi/iscsi_target.c | 22 +- drivers/usb/host/xhci-hub.c | 18 - drivers/video/fbdev/aty/atyfb.h | 3 drivers/video/fbdev/aty/atyfb_base.c | 7 drivers/video/fbdev/aty/mach64_ct.c | 10 - fs/dcache.c | 38 +++ include/linux/cgroup-defs.h | 1 include/linux/mmzone.h | 1 include/linux/netdevice.h | 7 include/linux/perf/arm_pmu.h | 1 include/linux/virtio_net.h | 18 + include/net/bonding.h | 7 include/net/inet_sock.h | 6 include/net/ip_fib.h | 1 include/sound/hdaudio.h | 1 kernel/cgroup/cgroup.c | 25 +- mm/huge_memory.c | 6 mm/page_alloc.c | 7 mm/percpu.c | 1 mm/util.c | 7 mm/vmstat.c | 6 net/core/dev.c | 28 ++ net/core/ethtool.c | 1 net/core/rtnetlink.c | 35 ++- net/dccp/input.c | 4 net/dccp/ipv4.c | 4 net/ipv4/fib_frontend.c | 12 - net/ipv4/fib_semantics.c | 50 +++++ net/ipv4/inet_connection_sock.c | 5 net/ipv4/ip_sockglue.c | 3 net/ipv4/ip_tunnel.c | 9 net/ipv4/tcp_input.c | 4 net/ipv4/tcp_ipv4.c | 4 net/ipv4/udp.c | 2 net/ipv6/addrconf.c | 4 net/ipv6/ip6_tunnel.c | 13 + net/ipv6/raw.c | 29 ++- net/netlabel/netlabel_unlabeled.c | 3 net/packet/af_packet.c | 11 - net/sched/sch_api.c | 22 +- net/sctp/transport.c | 12 + net/tipc/socket.c | 4 sound/hda/hdac_controller.c | 15 + sound/soc/codecs/rt5514.c | 8 sound/soc/codecs/sigmadsp.c | 3 sound/soc/codecs/wm8804-i2c.c | 15 + sound/soc/intel/skylake/skl.c | 2 sound/soc/sh/rcar/adg.c | 5 sound/soc/sh/rcar/core.c | 10 - sound/soc/sh/rcar/dma.c | 4 tools/perf/builtin-script.c | 22 +- tools/perf/scripts/python/export-to-postgresql.py | 9 tools/perf/scripts/python/export-to-sqlite.py | 6 tools/perf/tests/attr.c | 4 tools/perf/tests/mem.c | 2 tools/perf/tests/pmu.c | 2 tools/perf/util/cgroup.c | 2 tools/perf/util/parse-events.c | 4 tools/perf/util/pmu.c | 2 tools/testing/selftests/efivarfs/config | 1 tools/testing/selftests/memory-hotplug/config | 1 141 files changed, 1488 insertions(+), 427 deletions(-) Adrian Hunter (2): perf script python: Fix export-to-postgresql.py occasional failure perf script python: Fix export-to-sqlite.py sample columns Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Antoine Tenart (1): net: mvpp2: fix a txq_done race condition Chris Boot (1): mmc: block: avoid multiblock reads for the last sector in SPI mode Damien Le Moal (2): dm: fix report zone remapping to account for partition offset dm linear: fix linear_end_io conditional definition Dan Carpenter (1): scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit David Ahern (1): net: sched: Add policy validation for tc attributes Davide Caratti (1): bnxt_en: don't try to offload VLAN 'modify' action Edgar Cherkasov (1): i2c: i2c-scmi: fix for i2c_smbus_write_block_data Eran Ben Elisha (1): net/mlx5: E-Switch, Fix out of bound access when setting vport rate Eric Dumazet (4): ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 tcp/dccp: fix lockdep issue when SYN is backlogged inet: make sure to grab rcu_read_lock before using ireq->ireq_opt Eric Farman (1): s390/cio: Fix how vfio-ccw checks pinned pages Florian Fainelli (3): net: dsa: bcm_sf2: Call setup during switch resume net: systemport: Fix wake-up interrupt race during resume net: dsa: bcm_sf2: Fix unbind ordering Friedemann Gerold (1): net: aquantia: memory corruption on jumbo frames Giacinto Cifelli (1): qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface Greg Kroah-Hartman (1): Linux 4.14.77 Hans de Goede (2): clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail clk: x86: Stop marking clocks as CLK_IS_CRITICAL Hermes Zhang (1): Bluetooth: hci_ldisc: Free rw_semaphore on close Ido Schimmel (1): team: Forbid enslaving team device to itself Jakub Kicinski (1): nfp: avoid soft lockups under control message storm Jan Kara (1): mm: Preserve _PAGE_DEVMAP across mprotect() calls Jann Horn (1): mm/vmstat.c: fix outdated vmstat_text Jeff Barnhill (1): net/ipv6: Display all addresses in output of /proc/net/if_inet6 Jianbo Liu (1): net/mlx5e: Set vlan masks for all offloaded TC rules Jianfeng Tan (1): net/packet: fix packet drop as of virtio gso Jiri Kosina (1): udp: Unbreak modules that rely on external __skb_recv_udp() availability Jiri Olsa (1): perf tools: Fix snprint warnings for gcc 8 Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Jose Abreu (1): net: stmmac: Fixup the tail addr setting in xmit path Jérôme Glisse (1): mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 Kuninori Morimoto (2): ASoC: rsnd: adg: care clock-frequency size ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER Laura Abbott (1): scsi: iscsi: target: Don't use stack buffer for scatterlist Lei Yang (2): selftests/efivarfs: add required kernel configs selftests: memory-hotplug: add required configs Maciej Żenczykowski (1): net-ethtool: ETHTOOL_GUFO did not and should not require CAP_NET_ADMIN Mahesh Bandewar (3): bonding: avoid possible dead-lock bonding: pass link-local packets to bonding master also. bonding: fix warning message Marc Zyngier (2): ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 ARM: KVM: invalidate icache on guest exit for Cortex-A15 Marco Felsch (1): pinctrl: mcp23s08: fix irq and irqchip setup order Mathias Nyman (1): xhci: Don't print a warning when setting link state for disabled ports Mauricio Faria de Oliveira (1): rtnetlink: fix rtnl_fdb_dump() for ndmsg header Maxime Chevallier (1): net: mvpp2: Extract the correct ethtype from the skb for tx csum offload Michael Chan (1): bnxt_en: Fix TX timeout during netpoll. Mike Rapoport (1): percpu: stop leaking bitmap metadata blocks Mike Snitzer (1): dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled Mikulas Patocka (1): mach64: detect the dot clock divider correctly on sparc Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Oder Chiou (1): ASoC: rt5514: Fix the issue of the delay volume applied again Paolo Abeni (2): ip6_tunnel: be careful when accessing the inner header ip_tunnel: be careful when accessing the inner header Parthasarathy Bhuvaragan (1): tipc: fix flow control accounting for implicit connect Paul Burton (1): MIPS: VDSO: Always map near top of user memory Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Roman Gushchin (5): mm: introduce NR_INDIRECTLY_RECLAIMABLE_BYTES mm: treat indirectly reclaimable memory as available in MemAvailable dcache: account external names as indirectly reclaimable memory mm: treat indirectly reclaimable memory as free in overcommit logic mm: don't show nr_indirectly_reclaimable in /proc/vmstat Russell King (22): ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs ARM: bugs: prepare processor bug infrastructure ARM: bugs: hook processor bug checking into SMP and suspend paths ARM: bugs: add support for per-processor bug checking ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre ARM: spectre-v2: harden branch predictor on context switches ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit ARM: spectre-v2: harden user aborts in kernel space ARM: spectre-v2: add firmware based hardening ARM: spectre-v2: warn about incorrect context switching functions ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 ARM: spectre-v1: add speculation barrier (csdb) macros ARM: spectre-v1: add array_index_mask_nospec() implementation ARM: spectre-v1: fix syscall entry ARM: signal: copy registers using __copy_from_user() ARM: vfp: use __copy_from_user() when restoring VFP state ARM: oabi-compat: copy semops using __copy_from_user() ARM: use __inttype() in get_user() ARM: spectre-v1: use get_user() for __get_user() ARM: spectre-v1: mitigate user accesses Sabrina Dubroca (1): net: ipv4: update fnhe_pmtu when first hop's MTU changes Sean Tranchetti (1): netlabel: check for IPV4MASK in addrinfo_get Shahed Shaikh (1): qlcnic: fix Tx descriptor corruption on 82xx devices Shenghui Wang (1): dm cache: destroy migration_cache if cache target registration failed Stephen Hemminger (2): hv_netvsc: fix schedule in RCU context PCI: hv: support reporting serial number as slot information Tejun Heo (1): cgroup: Fix dom_cgrp propagation when enabling threaded mode Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Venkat Duvvuru (1): bnxt_en: free hwrm resources, if driver probe fails. Vitaly Kuznetsov (1): x86/kvm/lapic: always disable MMIO interface in x2APIC mode Wei Wang (1): ipv6: take rcu lock in rawv6_send_hdrinc() Will Deacon (1): arm64: perf: Reject stand-alone CHAIN events for PMUv3 Xin Long (1): sctp: update dst pmtu with the correct daddr Yu Zhao (3): net/usb: cancel pending work when unbinding smsc75xx sound: enable interrupt after dma buffer initialization sound: don't call skl_init_chip() to reset intel skl soc Yunsheng Lin (1): net: hns: fix for unmapping problem when SMMU is on

6 years, 8 months

1
1
0 0

Linux 4.9.134

by Greg KH

I'm announcing the release of the 4.9.134 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/net/macb.txt | 1 Documentation/networking/ip-sysctl.txt | 13 Makefile | 2 arch/arm/boot/dts/sama5d3_emac.dtsi | 2 arch/x86/include/uapi/asm/kvm.h | 1 arch/x86/kvm/lapic.c | 22 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 drivers/i2c/busses/i2c-scmi.c | 1 drivers/mfd/omap-usb-host.c | 11 drivers/net/bonding/bond_main.c | 43 - drivers/net/dsa/bcm_sf2.c | 12 drivers/net/ethernet/broadcom/bcmsysport.c | 22 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 drivers/net/ethernet/cadence/macb.c | 8 drivers/net/ethernet/hisilicon/hns/hnae.c | 2 drivers/net/ethernet/hisilicon/hns/hns_enet.c | 30 drivers/net/ethernet/marvell/mvpp2.c | 10 drivers/net/ethernet/qlogic/qlcnic/qlcnic.h | 8 drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.h | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.h | 3 drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c | 12 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 drivers/net/team/team.c | 5 drivers/net/usb/qmi_wwan.c | 1 drivers/net/usb/smsc75xx.c | 1 drivers/scsi/qla2xxx/qla_target.h | 4 drivers/target/iscsi/iscsi_target.c | 22 drivers/usb/host/xhci-hub.c | 18 drivers/video/fbdev/aty/atyfb.h | 3 drivers/video/fbdev/aty/atyfb_base.c | 7 drivers/video/fbdev/aty/mach64_ct.c | 10 fs/ext4/xattr.c | 2 include/linux/netdevice.h | 7 include/linux/rhashtable.h | 4 include/linux/skbuff.h | 34 - include/net/bonding.h | 7 include/net/inet_frag.h | 133 +--- include/net/inet_sock.h | 6 include/net/ip.h | 1 include/net/ip_fib.h | 1 include/net/ipv6.h | 26 include/uapi/linux/snmp.h | 1 lib/rhashtable.c | 5 mm/vmstat.c | 1 net/core/dev.c | 28 net/core/rtnetlink.c | 6 net/core/skbuff.c | 31 net/dccp/input.c | 4 net/dccp/ipv4.c | 4 net/ieee802154/6lowpan/6lowpan_i.h | 26 net/ieee802154/6lowpan/reassembly.c | 148 ++-- net/ipv4/fib_frontend.c | 12 net/ipv4/fib_semantics.c | 50 + net/ipv4/inet_connection_sock.c | 5 net/ipv4/inet_fragment.c | 379 ++--------- net/ipv4/ip_fragment.c | 573 +++++++++--------- net/ipv4/ip_sockglue.c | 3 net/ipv4/ip_tunnel.c | 9 net/ipv4/proc.c | 7 net/ipv4/tcp_input.c | 37 - net/ipv4/tcp_ipv4.c | 4 net/ipv6/addrconf.c | 4 net/ipv6/ip6_tunnel.c | 13 net/ipv6/netfilter/nf_conntrack_reasm.c | 100 +-- net/ipv6/proc.c | 5 net/ipv6/raw.c | 29 net/ipv6/reassembly.c | 212 +++--- net/netlabel/netlabel_unlabeled.c | 3 sound/hda/hdac_controller.c | 8 sound/soc/codecs/sigmadsp.c | 3 sound/soc/codecs/wm8804-i2c.c | 15 tools/perf/scripts/python/export-to-postgresql.py | 9 tools/testing/selftests/efivarfs/config | 1 tools/testing/selftests/memory-hotplug/config | 1 75 files changed, 1134 insertions(+), 1123 deletions(-) Adrian Hunter (1): perf script python: Fix export-to-postgresql.py occasional failure Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Dan Carpenter (2): scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() ipv4: frags: precedence bug in ip_expire() Daniel Rosenberg (1): ext4: Fix error code in ext4_xattr_set_entry() Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit Edgar Cherkasov (1): i2c: i2c-scmi: fix for i2c_smbus_write_block_data Eric Dumazet (25): ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 tcp/dccp: fix lockdep issue when SYN is backlogged inet: make sure to grab rcu_read_lock before using ireq->ireq_opt inet: frags: change inet_frags_init_net() return value inet: frags: add a pointer to struct netns_frags inet: frags: refactor ipfrag_init() inet: frags: refactor ipv6_frag_init() inet: frags: refactor lowpan_net_frag_init() ipv6: export ip6 fragments sysctl to unprivileged users rhashtable: add schedule points inet: frags: use rhashtables for reassembly units inet: frags: remove some helpers inet: frags: get rif of inet_frag_evicting() inet: frags: remove inet_frag_maybe_warn_overflow() inet: frags: break the 2GB limit for frags storage inet: frags: do not clone skb in ip_expire() ipv6: frags: rewrite ip6_expire_frag_queue() rhashtable: reorganize struct rhashtable layout inet: frags: reorganize struct netns_frags inet: frags: get rid of ipfrag_skb_cb/FRAG_CB inet: frags: fix ip6frag_low_thresh boundary net: speed up skb_rbtree_purge() net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends net: add rb_to_skb() and other rb tree helpers Florian Fainelli (3): net: dsa: bcm_sf2: Call setup during switch resume net: dsa: bcm_sf2: Fix unbind ordering net: systemport: Fix wake-up interrupt race during resume Florian Westphal (1): ipv6: defrag: drop non-last frags smaller than min mtu Giacinto Cifelli (1): qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface Greg Kroah-Hartman (1): Linux 4.9.134 Ido Schimmel (1): team: Forbid enslaving team device to itself Jann Horn (1): mm/vmstat.c: fix outdated vmstat_text Jeff Barnhill (1): net/ipv6: Display all addresses in output of /proc/net/if_inet6 Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Laura Abbott (1): scsi: iscsi: target: Don't use stack buffer for scatterlist Lei Yang (2): selftests/efivarfs: add required kernel configs selftests: memory-hotplug: add required configs Mahesh Bandewar (1): bonding: avoid possible dead-lock Mathias Nyman (1): xhci: Don't print a warning when setting link state for disabled ports Maxime Chevallier (1): net: mvpp2: Extract the correct ethtype from the skb for tx csum offload Michael Chan (1): bnxt_en: Fix TX timeout during netpoll. Mikulas Patocka (1): mach64: detect the dot clock divider correctly on sparc Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Paolo Abeni (2): ip6_tunnel: be careful when accessing the inner header ip_tunnel: be careful when accessing the inner header Peter Oskolkov (5): ip: discard IPv4 datagrams with overlapping segments. net: modify skb_rbtree_purge to return the truesize of all purged skbs. ip: use rb trees for IP frag queue. ip: add helpers to process in-order fragments faster. ip: process in-order fragments efficiently Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Sabrina Dubroca (1): net: ipv4: update fnhe_pmtu when first hop's MTU changes Sean Tranchetti (1): netlabel: check for IPV4MASK in addrinfo_get Shahed Shaikh (1): qlcnic: fix Tx descriptor corruption on 82xx devices Taehee Yoo (1): ip: frags: fix crash in ip_do_fragment() Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Vitaly Kuznetsov (1): x86/kvm/lapic: always disable MMIO interface in x2APIC mode Wei Wang (1): ipv6: take rcu lock in rawv6_send_hdrinc() Yu Zhao (2): sound: enable interrupt after dma buffer initialization net/usb: cancel pending work when unbinding smsc75xx Yunsheng Lin (1): net: hns: fix for unmapping problem when SMMU is on

6 years, 8 months

1
1
0 0

[PATCH 4.14 000/109] 4.14.77-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.77 release. There are 109 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Oct 18 17:04:58 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.77-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.77-rc1 Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix snprint warnings for gcc 8 Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v1: mitigate user accesses Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v1: use get_user() for __get_user() Russell King <rmk+kernel(a)armlinux.org.uk> ARM: use __inttype() in get_user() Russell King <rmk+kernel(a)armlinux.org.uk> ARM: oabi-compat: copy semops using __copy_from_user() Russell King <rmk+kernel(a)armlinux.org.uk> ARM: vfp: use __copy_from_user() when restoring VFP state Russell King <rmk+kernel(a)armlinux.org.uk> ARM: signal: copy registers using __copy_from_user() Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v1: fix syscall entry Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v1: add array_index_mask_nospec() implementation Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v1: add speculation barrier (csdb) macros Russell King <rmk+kernel(a)armlinux.org.uk> ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 Russell King <rmk+kernel(a)armlinux.org.uk> ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 Marc Zyngier <marc.zyngier(a)arm.com> ARM: KVM: invalidate icache on guest exit for Cortex-A15 Marc Zyngier <marc.zyngier(a)arm.com> ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v2: warn about incorrect context switching functions Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v2: add firmware based hardening Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v2: harden user aborts in kernel space Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre-v2: harden branch predictor on context switches Russell King <rmk+kernel(a)armlinux.org.uk> ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre Russell King <rmk+kernel(a)armlinux.org.uk> ARM: bugs: add support for per-processor bug checking Russell King <rmk+kernel(a)armlinux.org.uk> ARM: bugs: hook processor bug checking into SMP and suspend paths Russell King <rmk+kernel(a)armlinux.org.uk> ARM: bugs: prepare processor bug infrastructure Russell King <rmk+kernel(a)armlinux.org.uk> ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs Roman Gushchin <guro(a)fb.com> mm: don't show nr_indirectly_reclaimable in /proc/vmstat Roman Gushchin <guro(a)fb.com> mm: treat indirectly reclaimable memory as free in overcommit logic Roman Gushchin <guro(a)fb.com> dcache: account external names as indirectly reclaimable memory Roman Gushchin <guro(a)fb.com> mm: treat indirectly reclaimable memory as available in MemAvailable Roman Gushchin <guro(a)fb.com> mm: introduce NR_INDIRECTLY_RECLAIMABLE_BYTES Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Don't print a warning when setting link state for disabled ports Edgar Cherkasov <echerkasov(a)dev.rtsoft.ru> i2c: i2c-scmi: fix for i2c_smbus_write_block_data Jan Kara <jack(a)suse.cz> mm: Preserve _PAGE_DEVMAP across mprotect() calls Jérôme Glisse <jglisse(a)redhat.com> mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 Will Deacon <will.deacon(a)arm.com> arm64: perf: Reject stand-alone CHAIN events for PMUv3 Marco Felsch <m.felsch(a)pengutronix.de> pinctrl: mcp23s08: fix irq and irqchip setup order Chris Boot <bootc(a)bootc.net> mmc: block: avoid multiblock reads for the last sector in SPI mode Tejun Heo <tj(a)kernel.org> cgroup: Fix dom_cgrp propagation when enabling threaded mode Damien Le Moal <damien.lemoal(a)wdc.com> dm linear: fix linear_end_io conditional definition Mike Snitzer <snitzer(a)redhat.com> dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled Damien Le Moal <damien.lemoal(a)wdc.com> dm: fix report zone remapping to account for partition offset Shenghui Wang <shhuiw(a)foxmail.com> dm cache: destroy migration_cache if cache target registration failed Eric Farman <farman(a)linux.ibm.com> s390/cio: Fix how vfio-ccw checks pinned pages Adrian Hunter <adrian.hunter(a)intel.com> perf script python: Fix export-to-sqlite.py sample columns Adrian Hunter <adrian.hunter(a)intel.com> perf script python: Fix export-to-postgresql.py occasional failure Mike Rapoport <rppt(a)linux.vnet.ibm.com> percpu: stop leaking bitmap metadata blocks Mikulas Patocka <mpatocka(a)redhat.com> mach64: detect the dot clock divider correctly on sparc Paul Burton <paul.burton(a)mips.com> MIPS: VDSO: Always map near top of user memory Jann Horn <jannh(a)google.com> mm/vmstat.c: fix outdated vmstat_text Amber Lin <Amber.Lin(a)amd.com> drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/kvm/lapic: always disable MMIO interface in x2APIC mode Hans de Goede <hdegoede(a)redhat.com> clk: x86: Stop marking clocks as CLK_IS_CRITICAL Hans de Goede <hdegoede(a)redhat.com> clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail Stephen Hemminger <stephen(a)networkplumber.org> PCI: hv: support reporting serial number as slot information Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: at91: add new compatibility string for macb on sama5d3 Nicolas Ferre <nicolas.ferre(a)microchip.com> net: macb: disable scatter-gather for macb on sama5d3 Jongsung Kim <neidhard.kim(a)lge.com> stmmac: fix valid numbers of unicast filter entries Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: fix schedule in RCU context Yu Zhao <yuzhao(a)google.com> sound: don't call skl_init_chip() to reset intel skl soc Yu Zhao <yuzhao(a)google.com> sound: enable interrupt after dma buffer initialization Dan Carpenter <dan.carpenter(a)oracle.com> scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Laura Abbott <labbott(a)redhat.com> scsi: iscsi: target: Don't use stack buffer for scatterlist Tony Lindgren <tony(a)atomide.com> mfd: omap-usb-host: Fix dts probe of children Hermes Zhang <chenhuiz(a)axis.com> Bluetooth: hci_ldisc: Free rw_semaphore on close Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: adg: care clock-frequency size Lei Yang <Lei.Yang(a)windriver.com> selftests: memory-hotplug: add required configs Lei Yang <Lei.Yang(a)windriver.com> selftests/efivarfs: add required kernel configs Danny Smith <danny.smith(a)axis.com> ASoC: sigmadsp: safeload should not have lower byte limit Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: wm8804: Add ACPI support Oder Chiou <oder_chiou(a)realtek.com> ASoC: rt5514: Fix the issue of the delay volume applied again Eric Dumazet <edumazet(a)google.com> inet: make sure to grab rcu_read_lock before using ireq->ireq_opt Eric Dumazet <edumazet(a)google.com> tcp/dccp: fix lockdep issue when SYN is backlogged Maciej Żenczykowski <maze(a)google.com> net-ethtool: ETHTOOL_GUFO did not and should not require CAP_NET_ADMIN Davide Caratti <dcaratti(a)redhat.com> bnxt_en: don't try to offload VLAN 'modify' action Jakub Kicinski <jakub.kicinski(a)netronome.com> nfp: avoid soft lockups under control message storm Mahesh Bandewar <maheshb(a)google.com> bonding: fix warning message Mahesh Bandewar <maheshb(a)google.com> bonding: pass link-local packets to bonding master also. Eran Ben Elisha <eranbe(a)mellanox.com> net/mlx5: E-Switch, Fix out of bound access when setting vport rate Friedemann Gerold <f.gerold(a)b-c-s.de> net: aquantia: memory corruption on jumbo frames Jianbo Liu <jianbol(a)mellanox.com> net/mlx5e: Set vlan masks for all offloaded TC rules Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: bcm_sf2: Fix unbind ordering Jianfeng Tan <jianfeng.tan(a)linux.alibaba.com> net/packet: fix packet drop as of virtio gso Jose Abreu <Jose.Abreu(a)synopsys.com> net: stmmac: Fixup the tail addr setting in xmit path Jiri Kosina <jkosina(a)suse.cz> udp: Unbreak modules that rely on external __skb_recv_udp() availability Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan(a)ericsson.com> tipc: fix flow control accounting for implicit connect Ido Schimmel <idosch(a)mellanox.com> team: Forbid enslaving team device to itself Xin Long <lucien.xin(a)gmail.com> sctp: update dst pmtu with the correct daddr Eric Dumazet <edumazet(a)google.com> rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 Mauricio Faria de Oliveira <mfo(a)canonical.com> rtnetlink: fix rtnl_fdb_dump() for ndmsg header Giacinto Cifelli <gciofono(a)gmail.com> qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface Shahed Shaikh <shahed.shaikh(a)cavium.com> qlcnic: fix Tx descriptor corruption on 82xx devices Yu Zhao <yuzhao(a)google.com> net/usb: cancel pending work when unbinding smsc75xx Florian Fainelli <f.fainelli(a)gmail.com> net: systemport: Fix wake-up interrupt race during resume David Ahern <dsahern(a)gmail.com> net: sched: Add policy validation for tc attributes Antoine Tenart <antoine.tenart(a)bootlin.com> net: mvpp2: fix a txq_done race condition Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: mvpp2: Extract the correct ethtype from the skb for tx csum offload Sean Tranchetti <stranche(a)codeaurora.org> netlabel: check for IPV4MASK in addrinfo_get Jeff Barnhill <0xeffeff(a)gmail.com> net/ipv6: Display all addresses in output of /proc/net/if_inet6 Sabrina Dubroca <sd(a)queasysnail.net> net: ipv4: update fnhe_pmtu when first hop's MTU changes Yunsheng Lin <linyunsheng(a)huawei.com> net: hns: fix for unmapping problem when SMMU is on Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: bcm_sf2: Call setup during switch resume Wei Wang <weiwan(a)google.com> ipv6: take rcu lock in rawv6_send_hdrinc() Eric Dumazet <edumazet(a)google.com> ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() Paolo Abeni <pabeni(a)redhat.com> ip_tunnel: be careful when accessing the inner header Paolo Abeni <pabeni(a)redhat.com> ip6_tunnel: be careful when accessing the inner header Mahesh Bandewar <maheshb(a)google.com> bonding: avoid possible dead-lock Venkat Duvvuru <venkatkumar.duvvuru(a)broadcom.com> bnxt_en: free hwrm resources, if driver probe fails. Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix TX timeout during netpoll. ------------- Diffstat: Documentation/devicetree/bindings/net/macb.txt | 1 + Makefile | 4 +- arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- arch/arm/include/asm/assembler.h | 12 ++ arch/arm/include/asm/barrier.h | 32 ++++ arch/arm/include/asm/bugs.h | 6 +- arch/arm/include/asm/cp15.h | 3 + arch/arm/include/asm/cputype.h | 8 + arch/arm/include/asm/kvm_asm.h | 2 - arch/arm/include/asm/kvm_host.h | 14 +- arch/arm/include/asm/kvm_mmu.h | 23 ++- arch/arm/include/asm/proc-fns.h | 4 + arch/arm/include/asm/system_misc.h | 15 ++ arch/arm/include/asm/thread_info.h | 4 +- arch/arm/include/asm/uaccess.h | 26 ++- arch/arm/kernel/Makefile | 1 + arch/arm/kernel/bugs.c | 18 +++ arch/arm/kernel/entry-common.S | 18 +-- arch/arm/kernel/entry-header.S | 25 +++ arch/arm/kernel/signal.c | 58 +++---- arch/arm/kernel/smp.c | 4 + arch/arm/kernel/suspend.c | 2 + arch/arm/kernel/sys_oabi-compat.c | 8 +- arch/arm/kvm/hyp/hyp-entry.S | 112 ++++++++++++- arch/arm/lib/copy_from_user.S | 9 ++ arch/arm/mm/Kconfig | 23 +++ arch/arm/mm/Makefile | 2 +- arch/arm/mm/fault.c | 3 + arch/arm/mm/proc-macros.S | 3 +- arch/arm/mm/proc-v7-2level.S | 6 - arch/arm/mm/proc-v7-bugs.c | 174 +++++++++++++++++++++ arch/arm/mm/proc-v7.S | 154 ++++++++++++++---- arch/arm/vfp/vfpmodule.c | 17 +- arch/arm64/kernel/perf_event.c | 7 + arch/mips/include/asm/processor.h | 10 +- arch/mips/kernel/process.c | 25 +++ arch/mips/kernel/vdso.c | 18 ++- arch/powerpc/include/asm/book3s/64/pgtable.h | 4 +- arch/x86/include/asm/pgtable_types.h | 2 +- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/lapic.c | 22 ++- drivers/bluetooth/hci_ldisc.c | 2 + drivers/clk/x86/clk-pmc-atom.c | 18 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/i2c/busses/i2c-scmi.c | 1 + drivers/md/dm-cache-target.c | 5 +- drivers/md/dm-flakey.c | 2 + drivers/md/dm-linear.c | 8 +- drivers/md/dm.c | 27 +++- drivers/mfd/omap-usb-host.c | 11 +- drivers/mmc/core/block.c | 10 ++ drivers/net/bonding/bond_main.c | 65 ++++---- drivers/net/dsa/bcm_sf2.c | 12 +- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 32 ++-- drivers/net/ethernet/broadcom/bcmsysport.c | 22 +-- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 23 ++- drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 20 ++- drivers/net/ethernet/cadence/macb_main.c | 8 + drivers/net/ethernet/hisilicon/hns/hnae.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 30 ++-- drivers/net/ethernet/marvell/mvpp2.c | 20 ++- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 3 + drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 4 +- .../net/ethernet/netronome/nfp/nfp_net_common.c | 17 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic.h | 8 +- .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 3 +- .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.h | 3 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.h | 3 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c | 12 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 8 +- .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 +- drivers/net/hyperv/netvsc_drv.c | 9 +- drivers/net/team/team.c | 5 + drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/smsc75xx.c | 1 + drivers/pci/host/pci-hyperv.c | 37 +++++ drivers/perf/arm_pmu.c | 8 +- drivers/pinctrl/pinctrl-mcp23s08.c | 13 +- drivers/s390/cio/vfio_ccw_cp.c | 2 +- drivers/scsi/qla2xxx/qla_target.h | 4 +- drivers/target/iscsi/iscsi_target.c | 22 ++- drivers/usb/host/xhci-hub.c | 18 +-- drivers/video/fbdev/aty/atyfb.h | 3 +- drivers/video/fbdev/aty/atyfb_base.c | 7 +- drivers/video/fbdev/aty/mach64_ct.c | 10 +- fs/dcache.c | 38 +++-- include/linux/cgroup-defs.h | 1 + include/linux/mmzone.h | 1 + include/linux/netdevice.h | 7 + include/linux/perf/arm_pmu.h | 1 + include/linux/virtio_net.h | 18 +++ include/net/bonding.h | 7 +- include/net/inet_sock.h | 6 - include/net/ip_fib.h | 1 + include/sound/hdaudio.h | 1 + kernel/cgroup/cgroup.c | 25 +-- mm/huge_memory.c | 6 - mm/page_alloc.c | 7 + mm/percpu.c | 1 + mm/util.c | 7 + mm/vmstat.c | 6 +- net/core/dev.c | 28 +++- net/core/ethtool.c | 1 + net/core/rtnetlink.c | 35 +++-- net/dccp/input.c | 4 +- net/dccp/ipv4.c | 4 +- net/ipv4/fib_frontend.c | 12 +- net/ipv4/fib_semantics.c | 50 ++++++ net/ipv4/inet_connection_sock.c | 5 +- net/ipv4/ip_sockglue.c | 3 +- net/ipv4/ip_tunnel.c | 9 ++ net/ipv4/tcp_input.c | 4 +- net/ipv4/tcp_ipv4.c | 4 +- net/ipv4/udp.c | 2 +- net/ipv6/addrconf.c | 4 +- net/ipv6/ip6_tunnel.c | 13 +- net/ipv6/raw.c | 29 ++-- net/netlabel/netlabel_unlabeled.c | 3 +- net/packet/af_packet.c | 11 +- net/sched/sch_api.c | 22 ++- net/sctp/transport.c | 12 +- net/tipc/socket.c | 4 +- sound/hda/hdac_controller.c | 15 +- sound/soc/codecs/rt5514.c | 8 +- sound/soc/codecs/sigmadsp.c | 3 +- sound/soc/codecs/wm8804-i2c.c | 15 +- sound/soc/intel/skylake/skl.c | 2 +- sound/soc/sh/rcar/adg.c | 5 + sound/soc/sh/rcar/core.c | 10 +- sound/soc/sh/rcar/dma.c | 4 + tools/perf/builtin-script.c | 22 +-- tools/perf/scripts/python/export-to-postgresql.py | 9 ++ tools/perf/scripts/python/export-to-sqlite.py | 6 +- tools/perf/tests/attr.c | 4 +- tools/perf/tests/mem.c | 2 +- tools/perf/tests/pmu.c | 2 +- tools/perf/util/cgroup.c | 2 +- tools/perf/util/parse-events.c | 4 +- tools/perf/util/pmu.c | 2 +- tools/testing/selftests/efivarfs/config | 1 + tools/testing/selftests/memory-hotplug/config | 1 + 141 files changed, 1489 insertions(+), 428 deletions(-)

6 years, 8 months

5
115
0 0

[PATCH 4.18 000/135] 4.18.15-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.15 release. There are 135 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Oct 18 17:04:43 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.15-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.15-rc1 Edgar Cherkasov <echerkasov(a)dev.rtsoft.ru> i2c: i2c-scmi: fix for i2c_smbus_write_block_data Jan Kara <jack(a)suse.cz> mm: Preserve _PAGE_DEVMAP across mprotect() calls Dan Williams <dan.j.williams(a)intel.com> filesystem-dax: Fix dax_layout_busy_page() livelock Jérôme Glisse <jglisse(a)redhat.com> mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 Jann Horn <jannh(a)google.com> mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE Will Deacon <will.deacon(a)arm.com> arm64: perf: Reject stand-alone CHAIN events for PMUv3 Marco Felsch <m.felsch(a)pengutronix.de> pinctrl: mcp23s08: fix irq and irqchip setup order Chris Boot <bootc(a)bootc.net> mmc: block: avoid multiblock reads for the last sector in SPI mode Lyude Paul <lyude(a)redhat.com> drm/nouveau/drm/nouveau: Grab runtime PM ref in nv50_mstc_detect() Ramses Ramírez <ramzeto(a)gmail.com> Input: xpad - add support for Xbox1 PDP Camo series gamepad Tejun Heo <tj(a)kernel.org> cgroup: Fix dom_cgrp propagation when enabling threaded mode Damien Le Moal <damien.lemoal(a)wdc.com> dm linear: fix linear_end_io conditional definition Mike Snitzer <snitzer(a)redhat.com> dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled Damien Le Moal <damien.lemoal(a)wdc.com> dm: fix report zone remapping to account for partition offset Shenghui Wang <shhuiw(a)foxmail.com> dm cache: destroy migration_cache if cache target registration failed Eric Farman <farman(a)linux.ibm.com> s390/cio: Fix how vfio-ccw checks pinned pages Adrian Hunter <adrian.hunter(a)intel.com> perf script python: Fix export-to-sqlite.py sample columns Adrian Hunter <adrian.hunter(a)intel.com> perf script python: Fix export-to-postgresql.py occasional failure Mike Rapoport <rppt(a)linux.vnet.ibm.com> percpu: stop leaking bitmap metadata blocks Steven Rostedt (VMware) <rostedt(a)goodmis.org> vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers Mikulas Patocka <mpatocka(a)redhat.com> mach64: detect the dot clock divider correctly on sparc Paul Burton <paul.burton(a)mips.com> MIPS: VDSO: Always map near top of user memory Paul Burton <paul.burton(a)mips.com> MIPS: Fix CONFIG_CMDLINE handling David Howells <dhowells(a)redhat.com> afs: Fix clearance of reply David Howells <dhowells(a)redhat.com> afs: Fix afs_server struct leak Jann Horn <jannh(a)google.com> mm/vmstat.c: fix outdated vmstat_text Roman Gushchin <guro(a)fb.com> mm: slowly shrink slabs with a relatively small number of objects Yong Zhao <Yong.Zhao(a)amd.com> drm/amdkfd: Fix ATS capablity was not reported correctly on some APUs Yong Zhao <yong.zhao(a)amd.com> drm/amdkfd: Change the control stack MTYPE from UC to NC on GFX9 Amber Lin <Amber.Lin(a)amd.com> drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Vitaly Kuznetsov <vkuznets(a)redhat.com> x86/kvm/lapic: always disable MMIO interface in x2APIC mode Simon Detheridge <s(a)sd.ai> pinctrl: cannonlake: Fix gpio base for GPP-E Hans de Goede <hdegoede(a)redhat.com> clk: x86: Stop marking clocks as CLK_IS_CRITICAL Hans de Goede <hdegoede(a)redhat.com> clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: pair VF based on serial number Stephen Hemminger <stephen(a)networkplumber.org> PCI: hv: support reporting serial number as slot information Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: at91: add new compatibility string for macb on sama5d3 Nicolas Ferre <nicolas.ferre(a)microchip.com> net: macb: disable scatter-gather for macb on sama5d3 Corentin Labbe <clabbe(a)baylibre.com> net: ethernet: ti: add missing GENERIC_ALLOCATOR dependency Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Use different register to get fan RPM for fan7 Jongsung Kim <neidhard.kim(a)lge.com> stmmac: fix valid numbers of unicast filter entries Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Fix RPM output for fan7 on NCT6796D Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Fix virtual temperature sources for NCT6796D Tushar Dave <tushar.n.dave(a)oracle.com> bpf: use __GFP_COMP while allocating page Martin KaFai Lau <kafai(a)fb.com> bpf: btf: Fix end boundary calculation for type section Yu Zhao <yuzhao(a)google.com> sound: don't call skl_init_chip() to reset intel skl soc Yu Zhao <yuzhao(a)google.com> sound: enable interrupt after dma buffer initialization Dan Carpenter <dan.carpenter(a)oracle.com> scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Laura Abbott <labbott(a)redhat.com> scsi: iscsi: target: Don't use stack buffer for scatterlist Nicholas Piggin <npiggin(a)gmail.com> KVM: PPC: Book3S HV: Don't use compound_order to determine host mapping size Tony Lindgren <tony(a)atomide.com> mfd: omap-usb-host: Fix dts probe of children Hermes Zhang <chenhuiz(a)axis.com> Bluetooth: hci_ldisc: Free rw_semaphore on close Matias Karhumaa <matias.karhumaa(a)gmail.com> Bluetooth: Use correct tfm to generate OOB data Johan Hedberg <johan.hedberg(a)intel.com> Bluetooth: SMP: Fix trying to use non-existent local OOB data zhong jiang <zhongjiang(a)huawei.com> drm/pl111: Make sure of_device_id tables are NULL terminated Akshu Agrawal <akshu.agrawal(a)amd.com> ASoC: AMD: Ensure reset bit is cleared before configuring Jay Kamat <jgkamat(a)fb.com> Add tests for memory.oom.group Jay Kamat <jgkamat(a)fb.com> Fix cg_read_strcmp() Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Fix access to fan pulse registers Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: adg: care clock-frequency size Lei Yang <Lei.Yang(a)windriver.com> selftests: memory-hotplug: add required configs Lei Yang <Lei.Yang(a)windriver.com> selftests/efivarfs: add required kernel configs Anders Roxell <anders.roxell(a)linaro.org> selftests: add headers_install to lib.mk Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: q6routing: initialize data correctly Danny Smith <danny.smith(a)axis.com> ASoC: sigmadsp: safeload should not have lower byte limit Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: wm8804: Add ACPI support Ryan Lee <ryans.lee(a)maximintegrated.com> ASoC: max98373: Added 10ms sleep after amp software reset Thiago Jung Bauermann <bauerman(a)linux.ibm.com> selftests: kselftest: Remove outdated comment Anders Roxell <anders.roxell(a)linaro.org> selftests: android: move config up a level Oder Chiou <oder_chiou(a)realtek.com> ASoC: rt5514: Fix the issue of the delay volume applied again Ryan Lee <ryans.lee(a)maximintegrated.com> ASoC: max98373: Added speaker FS gain cotnrol register to volatile. Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: dapm: Fix NULL pointer deference on CODEC to CODEC DAIs Hangbin Liu <liuhangbin(a)gmail.com> vxlan: fill ttl inherit info Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> r8169: set RX_MULTI_EN bit in RxConfig for 8168F-family chips Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix network stalls due to missing bit TXCFG_AUTO_FIFO Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Fix shmem structure inconsistency between driver and the mfw. Antoine Tenart <antoine.tenart(a)bootlin.com> net: mscc: fix the frame extraction into the skb Mike Rapoport <rppt(a)linux.vnet.ibm.com> net/ipv6: stop leaking percpu memory in fib6 info David Ahern <dsahern(a)gmail.com> net/ipv6: Remove extra call to ip6_convert_metrics for multipath case Vasundhara Volam <vasundhara-v.volam(a)broadcom.com> bnxt_en: get the reduced max_irqs by the ones used by RDMA Vasundhara Volam <vasundhara-v.volam(a)broadcom.com> bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request Alaa Hleihel <alaa(a)mellanox.com> net/mlx5: Check for SQ and not RQ state when modifying hairpin SQ Sabrina Dubroca <sd(a)queasysnail.net> net: ipv4: don't let PMTU updates increase route MTU Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix VNIC reservations on the PF. David Ahern <dsahern(a)gmail.com> rtnetlink: Fail dump if target netnsid is invalid Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: b53: Keep CPU port as tagged in all VLANs Eric Dumazet <edumazet(a)google.com> inet: make sure to grab rcu_read_lock before using ireq->ireq_opt Eric Dumazet <edumazet(a)google.com> tcp/dccp: fix lockdep issue when SYN is backlogged Russell King <rmk+kernel(a)armlinux.org.uk> sfp: fix oops with ethtool -m Baruch Siach <baruch(a)tkos.co.il> net: phy: phylink: fix SFP interface autodetection Maciej Żenczykowski <maze(a)google.com> net-ethtool: ETHTOOL_GUFO did not and should not require CAP_NET_ADMIN Davide Caratti <dcaratti(a)redhat.com> bnxt_en: don't try to offload VLAN 'modify' action Jakub Kicinski <jakub.kicinski(a)netronome.com> nfp: avoid soft lockups under control message storm Jose Abreu <Jose.Abreu(a)synopsys.com> net: stmmac: Rework coalesce timer and fix multi-queue races Mahesh Bandewar <maheshb(a)google.com> bonding: fix warning message Mahesh Bandewar <maheshb(a)google.com> bonding: pass link-local packets to bonding master also. Eran Ben Elisha <eranbe(a)mellanox.com> net/mlx5: E-Switch, Fix out of bound access when setting vport rate Friedemann Gerold <f.gerold(a)b-c-s.de> net: aquantia: memory corruption on jumbo frames Jianbo Liu <jianbol(a)mellanox.com> net/mlx5e: Set vlan masks for all offloaded TC rules Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: bcm_sf2: Fix unbind ordering Jianfeng Tan <jianfeng.tan(a)linux.alibaba.com> net/packet: fix packet drop as of virtio gso Jose Abreu <Jose.Abreu(a)synopsys.com> net: stmmac: Fixup the tail addr setting in xmit path Eric Dumazet <edumazet(a)google.com> tun: napi flags belong to tfile Eric Dumazet <edumazet(a)google.com> tun: initialize napi_mutex unconditionally Eric Dumazet <edumazet(a)google.com> tun: remove unused parameters Subash Abhinov Kasiviswanathan <subashab(a)codeaurora.org> net: qualcomm: rmnet: Fix incorrect allocation flag in receive path Subash Abhinov Kasiviswanathan <subashab(a)codeaurora.org> net: qualcomm: rmnet: Fix incorrect allocation flag in transmit Sean Tranchetti <stranche(a)codeaurora.org> net: qualcomm: rmnet: Skip processing loopback packets Jiri Kosina <jkosina(a)suse.cz> udp: Unbreak modules that rely on external __skb_recv_udp() availability Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan(a)ericsson.com> tipc: fix flow control accounting for implicit connect Ido Schimmel <idosch(a)mellanox.com> team: Forbid enslaving team device to itself Xin Long <lucien.xin(a)gmail.com> sctp: update dst pmtu with the correct daddr Eric Dumazet <edumazet(a)google.com> rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 Mauricio Faria de Oliveira <mfo(a)canonical.com> rtnetlink: fix rtnl_fdb_dump() for ndmsg header Giacinto Cifelli <gciofono(a)gmail.com> qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface Shahed Shaikh <shahed.shaikh(a)cavium.com> qlcnic: fix Tx descriptor corruption on 82xx devices Yu Zhao <yuzhao(a)google.com> net/usb: cancel pending work when unbinding smsc75xx Florian Fainelli <f.fainelli(a)gmail.com> net: systemport: Fix wake-up interrupt race during resume Al Viro <viro(a)zeniv.linux.org.uk> net: sched: cls_u32: fix hnode refcounting David Ahern <dsahern(a)gmail.com> net: sched: Add policy validation for tc attributes Antoine Tenart <antoine.tenart(a)bootlin.com> net: mvpp2: fix a txq_done race condition Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: mvpp2: Extract the correct ethtype from the skb for tx csum offload Sean Tranchetti <stranche(a)codeaurora.org> netlabel: check for IPV4MASK in addrinfo_get Jeff Barnhill <0xeffeff(a)gmail.com> net/ipv6: Display all addresses in output of /proc/net/if_inet6 Sabrina Dubroca <sd(a)queasysnail.net> net: ipv4: update fnhe_pmtu when first hop's MTU changes Yunsheng Lin <linyunsheng(a)huawei.com> net: hns: fix for unmapping problem when SMMU is on Florian Fainelli <f.fainelli(a)gmail.com> net: dsa: bcm_sf2: Call setup during switch resume Wei Wang <weiwan(a)google.com> ipv6: take rcu lock in rawv6_send_hdrinc() Eric Dumazet <edumazet(a)google.com> ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() Paolo Abeni <pabeni(a)redhat.com> ip_tunnel: be careful when accessing the inner header Paolo Abeni <pabeni(a)redhat.com> ip6_tunnel: be careful when accessing the inner header Mahesh Bandewar <maheshb(a)google.com> bonding: avoid possible dead-lock Venkat Duvvuru <venkatkumar.duvvuru(a)broadcom.com> bnxt_en: free hwrm resources, if driver probe fails. Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix TX timeout during netpoll. ------------- Diffstat: Documentation/devicetree/bindings/net/macb.txt | 1 + Makefile | 18 +- arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- arch/arm64/kernel/perf_event.c | 7 + arch/mips/include/asm/processor.h | 10 +- arch/mips/kernel/process.c | 25 +++ arch/mips/kernel/setup.c | 48 +++-- arch/mips/kernel/vdso.c | 18 +- arch/powerpc/include/asm/book3s/64/pgtable.h | 4 +- arch/powerpc/kvm/book3s_64_mmu_radix.c | 91 ++++---- arch/x86/include/asm/pgtable_types.h | 2 +- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/lapic.c | 22 +- drivers/bluetooth/hci_ldisc.c | 2 + drivers/clk/x86/clk-pmc-atom.c | 18 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_iommu.c | 13 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 1 + drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 21 +- drivers/gpu/drm/amd/include/kgd_kfd_interface.h | 2 +- drivers/gpu/drm/nouveau/dispnv50/disp.c | 15 +- drivers/gpu/drm/pl111/pl111_vexpress.c | 3 +- drivers/hwmon/nct6775.c | 70 ++++-- drivers/i2c/busses/i2c-scmi.c | 1 + drivers/input/joystick/xpad.c | 3 + drivers/md/dm-cache-target.c | 5 +- drivers/md/dm-flakey.c | 2 + drivers/md/dm-linear.c | 8 +- drivers/md/dm.c | 27 ++- drivers/mfd/omap-usb-host.c | 11 +- drivers/mmc/core/block.c | 10 + drivers/net/bonding/bond_main.c | 65 +++--- drivers/net/dsa/b53/b53_common.c | 4 +- drivers/net/dsa/bcm_sf2.c | 14 +- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 32 +-- drivers/net/ethernet/broadcom/bcmsysport.c | 22 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 27 ++- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 6 +- drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 20 +- drivers/net/ethernet/cadence/macb_main.c | 8 + drivers/net/ethernet/hisilicon/hns/hnae.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_enet.c | 30 ++- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 19 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 3 + drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/transobj.c | 2 +- drivers/net/ethernet/mscc/ocelot_board.c | 12 +- .../net/ethernet/netronome/nfp/nfp_net_common.c | 17 +- drivers/net/ethernet/qlogic/qed/qed_hsi.h | 1 + drivers/net/ethernet/qlogic/qlcnic/qlcnic.h | 8 +- .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 3 +- .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.h | 3 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.h | 3 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c | 12 +- .../net/ethernet/qualcomm/rmnet/rmnet_handlers.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 24 +-- drivers/net/ethernet/stmicro/stmmac/common.h | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac.h | 14 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 238 ++++++++++++--------- .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 +- drivers/net/ethernet/ti/Kconfig | 1 + drivers/net/hyperv/netvsc.c | 3 + drivers/net/hyperv/netvsc_drv.c | 58 ++--- drivers/net/phy/phylink.c | 48 +++-- drivers/net/phy/sfp-bus.c | 4 +- drivers/net/team/team.c | 6 + drivers/net/tun.c | 43 ++-- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/smsc75xx.c | 1 + drivers/net/vxlan.c | 3 + drivers/pci/controller/pci-hyperv.c | 37 ++++ drivers/perf/arm_pmu.c | 8 +- drivers/pinctrl/intel/pinctrl-cannonlake.c | 2 +- drivers/pinctrl/pinctrl-mcp23s08.c | 13 +- drivers/s390/cio/vfio_ccw_cp.c | 2 +- drivers/scsi/qla2xxx/qla_target.h | 4 +- drivers/target/iscsi/iscsi_target.c | 22 +- drivers/video/fbdev/aty/atyfb.h | 3 +- drivers/video/fbdev/aty/atyfb_base.c | 7 +- drivers/video/fbdev/aty/mach64_ct.c | 10 +- fs/afs/rxrpc.c | 2 - fs/dax.c | 13 +- include/linux/cgroup-defs.h | 1 + include/linux/netdevice.h | 7 + include/linux/perf/arm_pmu.h | 1 + include/linux/stmmac.h | 1 + include/linux/virtio_net.h | 18 ++ include/net/bonding.h | 7 +- include/net/inet_sock.h | 6 - include/net/ip_fib.h | 1 + include/sound/hdaudio.h | 1 + include/sound/soc-dapm.h | 1 + kernel/bpf/btf.c | 2 +- kernel/cgroup/cgroup.c | 25 ++- lib/vsprintf.c | 2 +- mm/huge_memory.c | 6 - mm/mmap.c | 2 +- mm/percpu.c | 1 + mm/vmscan.c | 11 + mm/vmstat.c | 1 - net/bluetooth/smp.c | 16 +- net/core/dev.c | 28 ++- net/core/ethtool.c | 1 + net/core/filter.c | 3 +- net/core/rtnetlink.c | 41 ++-- net/dccp/input.c | 4 +- net/dccp/ipv4.c | 4 +- net/ipv4/fib_frontend.c | 12 +- net/ipv4/fib_semantics.c | 50 +++++ net/ipv4/inet_connection_sock.c | 5 +- net/ipv4/ip_sockglue.c | 3 +- net/ipv4/ip_tunnel.c | 9 + net/ipv4/route.c | 7 +- net/ipv4/tcp_input.c | 4 +- net/ipv4/tcp_ipv4.c | 4 +- net/ipv4/udp.c | 2 +- net/ipv6/addrconf.c | 4 +- net/ipv6/ip6_fib.c | 2 + net/ipv6/ip6_tunnel.c | 13 +- net/ipv6/raw.c | 29 ++- net/ipv6/route.c | 5 - net/netlabel/netlabel_unlabeled.c | 3 +- net/packet/af_packet.c | 11 +- net/sched/cls_u32.c | 10 +- net/sched/sch_api.c | 24 ++- net/sctp/transport.c | 12 +- net/tipc/socket.c | 4 +- scripts/subarch.include | 13 ++ sound/hda/hdac_controller.c | 15 +- sound/soc/amd/acp-pcm-dma.c | 21 ++ sound/soc/codecs/max98373.c | 3 + sound/soc/codecs/rt5514.c | 8 +- sound/soc/codecs/sigmadsp.c | 3 +- sound/soc/codecs/wm8804-i2c.c | 15 +- sound/soc/intel/skylake/skl.c | 2 +- sound/soc/qcom/qdsp6/q6routing.c | 4 +- sound/soc/sh/rcar/adg.c | 5 + sound/soc/sh/rcar/core.c | 10 +- sound/soc/sh/rcar/dma.c | 4 + sound/soc/soc-core.c | 4 +- sound/soc/soc-dapm.c | 4 + tools/perf/scripts/python/export-to-postgresql.py | 9 + tools/perf/scripts/python/export-to-sqlite.py | 6 +- tools/testing/selftests/android/Makefile | 2 +- tools/testing/selftests/android/{ion => }/config | 0 tools/testing/selftests/android/ion/Makefile | 2 + tools/testing/selftests/cgroup/cgroup_util.c | 38 +++- tools/testing/selftests/cgroup/cgroup_util.h | 1 + tools/testing/selftests/cgroup/test_memcontrol.c | 205 ++++++++++++++++++ tools/testing/selftests/efivarfs/config | 1 + tools/testing/selftests/futex/functional/Makefile | 1 + tools/testing/selftests/gpio/Makefile | 7 +- tools/testing/selftests/kselftest.h | 1 - tools/testing/selftests/kvm/Makefile | 7 +- tools/testing/selftests/lib.mk | 12 ++ tools/testing/selftests/memory-hotplug/config | 1 + tools/testing/selftests/net/Makefile | 1 + .../selftests/networking/timestamping/Makefile | 1 + tools/testing/selftests/vm/Makefile | 4 - 163 files changed, 1543 insertions(+), 647 deletions(-)

6 years, 8 months

9
155
0 0

[PATCH] ACPICA: AML Parser: fix parse loop to correctly skip erroneous extended opcodes

by Erik Schmauss

AML opcodes come in two lengths: 1-byte opcodes and 2-byte, extended opcodes. If an error occurs due to illegal opcodes during table load, the AML parser needs to continue loading the table. In order to do this, it needs to skip parsing of the offending opcode and operands associated with that opcode. This change fixes the AML parse loop to correctly skip parsing of incorrect extended opcodes. Previously, only the short opcodes were skipped correctly. Signed-off-by: Erik Schmauss <erik.schmauss(a)intel.com> --- drivers/acpi/acpica/psloop.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/acpica/psloop.c b/drivers/acpi/acpica/psloop.c index 34fc2f7476ed..b0789c483b0f 100644 --- a/drivers/acpi/acpica/psloop.c +++ b/drivers/acpi/acpica/psloop.c @@ -417,6 +417,7 @@ acpi_status acpi_ps_parse_loop(struct acpi_walk_state *walk_state) union acpi_parse_object *op = NULL; /* current op */ struct acpi_parse_state *parser_state; u8 *aml_op_start = NULL; + u8 opcode_length; ACPI_FUNCTION_TRACE_PTR(ps_parse_loop, walk_state); @@ -540,8 +541,19 @@ acpi_status acpi_ps_parse_loop(struct acpi_walk_state *walk_state) "Skip parsing opcode %s", acpi_ps_get_opcode_name (walk_state->opcode))); + + /* + * Determine the opcode length before skipping the opcode. + * An opcode can be 1 byte or 2 bytes in length. + */ + opcode_length = 1; + if ((walk_state->opcode & 0xFF00) == + AML_EXTENDED_OPCODE) { + opcode_length = 2; + } walk_state->parser_state.aml = - walk_state->aml + 1; + walk_state->aml + opcode_length; + walk_state->parser_state.aml = acpi_ps_get_next_package_end (&walk_state->parser_state); -- 2.17.1

6 years, 8 months

2
1
0 0

[PATCH] ACPICA: AML interpreter: add region addresses in global list during initialization

by Erik Schmauss

The table load process omitted adding the operation region address range to the global list. This omission is problematic because the OS queries the global list to check for address range conflicts before deciding which drivers to load. This commit may result in warning messages that look like the following: [ 7.871761] ACPI Warning: system_IO range 0x00000428-0x0000042F conflicts with op_region 0x00000400-0x0000047F (\PMIO) (20180531/utaddress-213) [ 7.871769] ACPI: If an ACPI driver is available for this device, you should use it instead of the native driver However, these messages do not signify regressions. It is a result of properly adding address ranges within the global address list. Link: https://bugzilla.kernel.org/show_bug.cgi?id=200011 Tested-by: Jean-Marc Lenoir <archlinux(a)jihemel.com> Signed-off-by: Erik Schmauss <erik.schmauss(a)intel.com> --- drivers/acpi/acpica/dsopcode.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/acpi/acpica/dsopcode.c b/drivers/acpi/acpica/dsopcode.c index e9fb0bf3c8d2..78f9de260d5f 100644 --- a/drivers/acpi/acpica/dsopcode.c +++ b/drivers/acpi/acpica/dsopcode.c @@ -417,6 +417,10 @@ acpi_ds_eval_region_operands(struct acpi_walk_state *walk_state, ACPI_FORMAT_UINT64(obj_desc->region.address), obj_desc->region.length)); + status = acpi_ut_add_address_range(obj_desc->region.space_id, + obj_desc->region.address, + obj_desc->region.length, node); + /* Now the address and length are valid for this opregion */ obj_desc->region.flags |= AOPOBJ_DATA_VALID; -- 2.17.1

6 years, 8 months

2
1
0 0

Re: MPC8321 boot failure

by Christophe LEROY

Hi, I can now confirm that the boot failure is due to the absence of commit 8183d99f4a22 ("powerpc/lib/feature-fixups: use raw_patch_instruction()") Greg, could you please apply that patch to 4.14 stable ? Thanks Christophe Le 17/10/2018 à 18:36, Christophe LEROY a écrit : > Hi, > > Yes I discovered the same issue today on MPC8321E, I plan to look at it > more closely tomorrow morning (Paris Time). > > I think we are missing commit 8183d99f4a22c2abbc543847a588df3666ef0c0c , > I didn't realise it when we applied the serie to 4.14, > patch_instruction() is called too early without that patch. > > If you have opportunity to test now, you are welcome, otherwise I'll > test it tomorrow. > > Christophe > > Le 17/10/2018 à 17:18, David Gounaris a écrit : >> Hello, I got into troubles when I upgraded to Linux kernel 4.14.76 on >> boards with MPC8321. >> >> >> The symptom that I see is that the boot process gets cyclic, and no >> printouts are seen from the Linux kernel. It seems like it resets. >> >> >> When I revert the following commits it works again. >> >> af1a8101794dfea897290e057f61086dabfe6c91, powerpc/lib: fix book3s/32 >> boot failure due to code patching >> 609fbeddb24c4035d24fc32d82dc08b30ae3dfc0, powerpc: Avoid code patching >> freed init sections >> >> Any ideas of how to continue? >> >> BR / David Gounaris >> >> >>

6 years, 8 months

1
0
0 0

[PATCH v2 5/7] sd: Avoid that hibernation triggers a kernel warning

by Bart Van Assche

Although the power management code never calls the system-wide and runtime suspend callbacks concurrently, runtime power state changes can happen while the system is being suspended or resumed. See also the dpm_suspend() and dpm_resume() calls in hibernation_snapshot(). Make sure the sd driver supports this. This patch avoids that the following call trace is reported during system-wide suspend: WARNING: CPU: 0 PID: 701 at drivers/scsi/scsi_lib.c:3047 scsi_device_quiesce+0x4b/0xd0 Workqueue: events_unbound async_run_entry_fn RIP: 0010:scsi_device_quiesce+0x4b/0xd0 Call Trace: scsi_bus_suspend_common+0x71/0xe0 scsi_bus_freeze+0x15/0x20 dpm_run_callback+0x88/0x360 __device_suspend+0x1c4/0x840 async_suspend+0x1f/0xb0 async_run_entry_fn+0x6e/0x2c0 process_one_work+0x4ae/0xa20 worker_thread+0x63/0x5a0 kthread+0x1cf/0x1f0 ret_from_fork+0x24/0x30 Fixes: cd84a62e0078 ("block, scsi: Change the preempt-only flag into a counter") Cc: Lee Duncan <lduncan(a)suse.com> Cc: Hannes Reinecke <hare(a)suse.com> Cc: Luis Chamberlain <mcgrof(a)kernel.org> Cc: Johannes Thumshirn <jthumshirn(a)suse.de> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/scsi/scsi_lib.c | 15 ++++++--------- include/scsi/scsi_device.h | 1 - 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index 7db3c5fae469..6c18a61176e5 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -3052,11 +3052,12 @@ scsi_device_quiesce(struct scsi_device *sdev) int err; /* - * It is allowed to call scsi_device_quiesce() multiple times from - * the same context but concurrent scsi_device_quiesce() calls are - * not allowed. + * Since all scsi_device_quiesce() and scsi_device_resume() calls + * are serialized it is safe here to check the device state without + * holding the SCSI device state mutex. */ - WARN_ON_ONCE(sdev->quiesced_by && sdev->quiesced_by != current); + if (sdev->sdev_state == SDEV_QUIESCE) + return 0; blk_set_preempt_only(q); @@ -3072,9 +3073,7 @@ scsi_device_quiesce(struct scsi_device *sdev) mutex_lock(&sdev->state_mutex); err = scsi_device_set_state(sdev, SDEV_QUIESCE); - if (err == 0) - sdev->quiesced_by = current; - else + if (err) blk_clear_preempt_only(q); mutex_unlock(&sdev->state_mutex); @@ -3098,8 +3097,6 @@ void scsi_device_resume(struct scsi_device *sdev) * device deleted during suspend) */ mutex_lock(&sdev->state_mutex); - WARN_ON_ONCE(!sdev->quiesced_by); - sdev->quiesced_by = NULL; blk_clear_preempt_only(sdev->request_queue); if (sdev->sdev_state == SDEV_QUIESCE) scsi_device_set_state(sdev, SDEV_RUNNING); diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h index 202f4d6a4342..ef86c8adc5d5 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h @@ -226,7 +226,6 @@ struct scsi_device { unsigned char access_state; struct mutex state_mutex; enum scsi_device_state sdev_state; - struct task_struct *quiesced_by; unsigned long sdev_data[0]; } __attribute__((aligned(sizeof(unsigned long)))); -- 2.19.1.568.g152ad8e336-goog

6 years, 8 months

1
0
0 0

[PATCH] scsi/sd: Avoid that hibernation triggers a kernel warning

by Bart Van Assche

Although the power management code never calls the system-wide and runtime suspend callbacks concurrently, runtime power state changes can happen while the system is being suspended or resumed. See also the dpm_suspend() and dpm_resume() calls in hibernation_snapshot(). Make sure the sd driver supports this. This patch avoids that the following call trace is reported during system-wide suspend: WARNING: CPU: 0 PID: 701 at drivers/scsi/scsi_lib.c:3047 scsi_device_quiesce+0x4b/0xd0 Workqueue: events_unbound async_run_entry_fn RIP: 0010:scsi_device_quiesce+0x4b/0xd0 Call Trace: scsi_bus_suspend_common+0x71/0xe0 scsi_bus_freeze+0x15/0x20 dpm_run_callback+0x88/0x360 __device_suspend+0x1c4/0x840 async_suspend+0x1f/0xb0 async_run_entry_fn+0x6e/0x2c0 process_one_work+0x4ae/0xa20 worker_thread+0x63/0x5a0 kthread+0x1cf/0x1f0 ret_from_fork+0x24/0x30 Fixes: cd84a62e0078 ("block, scsi: Change the preempt-only flag into a counter") Cc: Lee Duncan <lduncan(a)suse.com> Cc: Hannes Reinecke <hare(a)suse.com> Cc: Luis Chamberlain <mcgrof(a)kernel.org> Cc: Johannes Thumshirn <jthumshirn(a)suse.de> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/scsi/scsi_lib.c | 16 +++++----------- include/scsi/scsi_device.h | 1 - 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index 62348412ed1b..3106e910e766 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -3040,13 +3040,11 @@ scsi_device_quiesce(struct scsi_device *sdev) int err; /* - * It is allowed to call scsi_device_quiesce() multiple times from - * the same context but concurrent scsi_device_quiesce() calls are - * not allowed. + * Since all scsi_device_quiesce() and scsi_device_resume() calls + * are serialized it is safe to check the device state without holding + * the SCSI device state mutex. */ - WARN_ON_ONCE(sdev->quiesced_by && sdev->quiesced_by != current); - - if (sdev->quiesced_by == current) + if (sdev->sdev_state == SDEV_QUIESCE) return 0; blk_set_pm_only(q); @@ -3063,9 +3061,7 @@ scsi_device_quiesce(struct scsi_device *sdev) mutex_lock(&sdev->state_mutex); err = scsi_device_set_state(sdev, SDEV_QUIESCE); - if (err == 0) - sdev->quiesced_by = current; - else + if (err) blk_clear_pm_only(q); mutex_unlock(&sdev->state_mutex); @@ -3089,8 +3085,6 @@ void scsi_device_resume(struct scsi_device *sdev) * device deleted during suspend) */ mutex_lock(&sdev->state_mutex); - WARN_ON_ONCE(!sdev->quiesced_by); - sdev->quiesced_by = NULL; blk_clear_pm_only(sdev->request_queue); if (sdev->sdev_state == SDEV_QUIESCE) scsi_device_set_state(sdev, SDEV_RUNNING); diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h index 202f4d6a4342..ef86c8adc5d5 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h @@ -226,7 +226,6 @@ struct scsi_device { unsigned char access_state; struct mutex state_mutex; enum scsi_device_state sdev_state; - struct task_struct *quiesced_by; unsigned long sdev_data[0]; } __attribute__((aligned(sizeof(unsigned long)))); -- 2.19.1.568.g152ad8e336-goog

6 years, 8 months

1
1
0 0

[PATCH v3] selinux: policydb - fix byte order and alignment issues

by Ondrej Mosnacek

Do the LE conversions before doing the Infiniband-related range checks. The incorrect checks are otherwise causing a failure to load any policy with an ibendportcon rule on BE systems. This can be reproduced by running (on e.g. ppc64): cat >my_module.cil <<EOF (type test_ibendport_t) (roletype object_r test_ibendport_t) (ibendportcon mlx4_0 1 (system_u object_r test_ibendport_t ((s0) (s0)))) EOF semodule -i my_module.cil Also, fix loading/storing the 64-bit subnet prefix for OCON_IBPKEY to use a correctly aligned buffer. Finally, do not use the 'nodebuf' (u32) buffer where 'buf' (__le32) should be used instead. Tested internally on a ppc64 machine with a RHEL 7 kernel with this patch applied. Cc: Daniel Jurgens <danielj(a)mellanox.com> Cc: Eli Cohen <eli(a)mellanox.com> Cc: James Morris <jmorris(a)namei.org> Cc: Doug Ledford <dledford(a)redhat.com> Cc: <stable(a)vger.kernel.org> # 4.13+ Fixes: a806f7a1616f ("selinux: Create policydb version for Infiniband support") Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- security/selinux/ss/policydb.c | 41 ++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 14 deletions(-) Changes in v3: - use separate buffer for the 64-bit subnet_prefix - add comments on the byte ordering of subnet_prefix - deduplicate the le32_to_cpu() calls from checks Changes in v2: - add reproducer to commit message - update e-mail address of James Morris - better Cc also the old SELinux ML diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index f4eadd3f7350..b9029491869b 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -2108,6 +2108,7 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, { int i, j, rc; u32 nel, len; + __be64 prefixbuf[1]; __le32 buf[3]; struct ocontext *l, *c; u32 nodebuf[8]; @@ -2218,21 +2219,26 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, break; } case OCON_IBPKEY: - rc = next_entry(nodebuf, fp, sizeof(u32) * 4); + rc = next_entry(prefixbuf, fp, sizeof(u64)); if (rc) goto out; - c->u.ibpkey.subnet_prefix = be64_to_cpu(*((__be64 *)nodebuf)); + /* we need to have subnet_prefix in CPU order */ + c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]); - if (nodebuf[2] > 0xffff || - nodebuf[3] > 0xffff) { + rc = next_entry(buf, fp, sizeof(u32) * 2); + if (rc) + goto out; + + c->u.ibpkey.low_pkey = le32_to_cpu(buf[0]); + c->u.ibpkey.high_pkey = le32_to_cpu(buf[1]); + + if (c->u.ibpkey.low_pkey > 0xffff || + c->u.ibpkey.high_pkey > 0xffff) { rc = -EINVAL; goto out; } - c->u.ibpkey.low_pkey = le32_to_cpu(nodebuf[2]); - c->u.ibpkey.high_pkey = le32_to_cpu(nodebuf[3]); - rc = context_read_and_validate(&c->context[0], p, fp); @@ -2249,13 +2255,14 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, if (rc) goto out; - if (buf[1] > 0xff || buf[1] == 0) { + c->u.ibendport.port = le32_to_cpu(buf[1]); + + if (c->u.ibendport.port > 0xff || + c->u.ibendport.port == 0) { rc = -EINVAL; goto out; } - c->u.ibendport.port = le32_to_cpu(buf[1]); - rc = context_read_and_validate(&c->context[0], p, fp); @@ -3105,6 +3112,7 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, { unsigned int i, j, rc; size_t nel, len; + __be64 prefixbuf[1]; __le32 buf[3]; u32 nodebuf[8]; struct ocontext *c; @@ -3192,12 +3200,17 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, return rc; break; case OCON_IBPKEY: - *((__be64 *)nodebuf) = cpu_to_be64(c->u.ibpkey.subnet_prefix); + /* subnet_prefix is in CPU order */ + prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix); - nodebuf[2] = cpu_to_le32(c->u.ibpkey.low_pkey); - nodebuf[3] = cpu_to_le32(c->u.ibpkey.high_pkey); + rc = put_entry(prefixbuf, sizeof(u64), 1, fp); + if (rc) + return rc; + + buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); + buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); - rc = put_entry(nodebuf, sizeof(u32), 4, fp); + rc = put_entry(buf, sizeof(u32), 2, fp); if (rc) return rc; rc = context_write(p, &c->context[0], fp); -- 2.17.2

6 years, 8 months

3
2
0 0

[PATCH 5/5] Tools: hv: kvp: Fix a warning of buffer overflow with gcc 8.0.1

by kys＠linuxonhyperv.com

From: Dexuan Cui <decui(a)microsoft.com> The patch fixes: hv_kvp_daemon.c: In function 'kvp_set_ip_info': hv_kvp_daemon.c:1305:2: note: 'snprintf' output between 41 and 4136 bytes into a destination of size 4096 Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> --- tools/hv/hv_kvp_daemon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index bbb2a8ef367c..b7c2cf7eaba5 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -1176,7 +1176,7 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val) int error = 0; char if_file[PATH_MAX]; FILE *file; - char cmd[PATH_MAX]; + char cmd[PATH_MAX * 2]; char *mac_addr; /* -- 2.18.0

6 years, 8 months

3
2
0 0

[PATCH 2/2] tracing: Use trace_clock_local() for looping in preemptirq_delay_test.c

by Steven Rostedt

From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> The preemptirq_delay_test module is used for the ftrace selftest code that tests the latency tracers. The problem is that it uses ktime for the delay loop, and then checks the tracer to see if the delay loop is caught, but the tracer uses trace_clock_local() which uses various different other clocks to measure the latency. As ktime uses the clock cycles, and the code then converts that to nanoseconds, it causes rounding errors, and the preemptirq latency tests are failing due to being off by 1 (it expects to see a delay of 500000 us, but the delay is only 499999 us). This is happening due to a rounding error in the ktime (which is totally legit). The purpose of the test is to see if it can catch the delay, not to test the accuracy between trace_clock_local() and ktime_get(). Best to use apples to apples, and have the delay loop use the same clock as the latency tracer does. Cc: stable(a)vger.kernel.org Fixes: f96e8577da102 ("lib: Add module for testing preemptoff/irqsoff latency tracers") Acked-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/preemptirq_delay_test.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/kernel/trace/preemptirq_delay_test.c b/kernel/trace/preemptirq_delay_test.c index f704390db9fc..d8765c952fab 100644 --- a/kernel/trace/preemptirq_delay_test.c +++ b/kernel/trace/preemptirq_delay_test.c @@ -5,12 +5,12 @@ * Copyright (C) 2018 Joel Fernandes (Google) <joel(a)joelfernandes.org> */ +#include <linux/trace_clock.h> #include <linux/delay.h> #include <linux/interrupt.h> #include <linux/irq.h> #include <linux/kernel.h> #include <linux/kthread.h> -#include <linux/ktime.h> #include <linux/module.h> #include <linux/printk.h> #include <linux/string.h> @@ -25,13 +25,13 @@ MODULE_PARM_DESC(test_mode, "Mode of the test such as preempt or irq (default ir static void busy_wait(ulong time) { - ktime_t start, end; - start = ktime_get(); + u64 start, end; + start = trace_clock_local(); do { - end = ktime_get(); + end = trace_clock_local(); if (kthread_should_stop()) break; - } while (ktime_to_ns(ktime_sub(end, start)) < (time * 1000)); + } while ((end - start) < (time * 1000)); } static int preemptirq_delay_run(void *data) -- 2.19.0

6 years, 8 months

1
0
0 0

[PATCH 0/4] FS-Cache: Miscellaneous fixes

by David Howells

Attached are another couple of miscellaneous fixes for FS-Cache and CacheFiles: (1) Fix a race between object burial in cachefiles and external rmdir. (2) Fix a race from a split atomic op. (3) Fix incomplete initialisation of cookie key space. (4) Fix out-of-bounds read. The patches are tagged here: git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git fscache-fixes-20181017 and can also be found on the following branch: http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=fs… David --- Al Viro (1): cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) David Howells (1): fscache: Fix incomplete initialisation of inline key space Eric Sandeen (1): fscache: Fix out of bound read in long cookie keys kiran.modukuri (1): fscache: Fix race in fscache_op_complete() due to split atomic_sub & read fs/cachefiles/namei.c | 2 +- fs/fscache/cookie.c | 31 ++++++++++--------------------- fs/fscache/internal.h | 1 - fs/fscache/main.c | 4 +--- include/linux/fscache-cache.h | 4 ++-- 5 files changed, 14 insertions(+), 28 deletions(-)

6 years, 8 months

1
1
0 0

For your photos 25

by Jenny

We provide photoshop services to some of the companies from around the world. Some online stores use our services for retouching portraits, jewelry, apparels, furnitures etc. Here are the details of what we provide: Clipping path Deep etching Image masking Portrait retouching Jewelry retouching Fashion retouching Please reply back for further info. We can provide testing for your photos if needed. Thanks, Jenny

6 years, 8 months

1
0
0 0

[PATCH] drm/i915/gen9+: Fix initial readout for Y tiled framebuffers

by Imre Deak

If BIOS configured a Y tiled FB we failed to set up the backing object tiling accordingly, leading to a lack of GT fence installed and a garbled console. The problem was bisected to commit 011f22eb545a ("drm/i915: Do NOT skip the first 4k of stolen memory for pre-allocated buffers v2") but it just revealed a pre-existing issue. Kudos to Ville who suspected a missing fence looking at the corruption on the screen. Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Mika Westerberg <mika.westerberg(a)linux.intel.com> Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: ronald(a)innovation.ch Cc: <stable(a)vger.kernel.org> Reported-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Reported-by: ronald(a)innovation.ch Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=108264 Fixes: bc8d7dffacb1 ("drm/i915/skl: Provide a Skylake version of get_plane_config()") Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- drivers/gpu/drm/i915/intel_display.c | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c index a2e729fa8d64..3d34b98c4634 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -2674,6 +2674,17 @@ intel_alloc_initial_plane_obj(struct intel_crtc *crtc, if (size_aligned * 2 > dev_priv->stolen_usable_size) return false; + switch (fb->modifier) { + case DRM_FORMAT_MOD_LINEAR: + case I915_FORMAT_MOD_X_TILED: + case I915_FORMAT_MOD_Y_TILED: + break; + default: + DRM_DEBUG_DRIVER("Unsupported modifier for initial FB: 0x%llx\n", + fb->modifier); + return false; + } + mutex_lock(&dev->struct_mutex); obj = i915_gem_object_create_stolen_for_preallocated(dev_priv, base_aligned, @@ -2683,8 +2694,17 @@ intel_alloc_initial_plane_obj(struct intel_crtc *crtc, if (!obj) return false; - if (plane_config->tiling == I915_TILING_X) - obj->tiling_and_stride = fb->pitches[0] | I915_TILING_X; + switch (plane_config->tiling) { + case I915_TILING_NONE: + break; + case I915_TILING_X: + case I915_TILING_Y: + obj->tiling_and_stride = fb->pitches[0] | plane_config->tiling; + break; + default: + MISSING_CASE(plane_config->tiling); + return false; + } mode_cmd.pixel_format = fb->format->format; mode_cmd.width = fb->width; @@ -8827,6 +8847,7 @@ skylake_get_initial_plane_config(struct intel_crtc *crtc, fb->modifier = I915_FORMAT_MOD_X_TILED; break; case PLANE_CTL_TILED_Y: + plane_config->tiling = I915_TILING_Y; if (val & PLANE_CTL_RENDER_DECOMPRESSION_ENABLE) fb->modifier = I915_FORMAT_MOD_Y_TILED_CCS; else -- 2.13.2

6 years, 8 months

3
2
0 0

[PATCH v2] selinux: fix byte order and alignment issues in policydb.c

by Ondrej Mosnacek

Add missing LE conversions to the Infiniband-related range checks. These were causing a failure to load any policy with an ibendportcon rule on BE systems. This can be reproduced by running: cat >my_module.cil <<EOF (type test_ibendport_t) (roletype object_r test_ibendport_t) (ibendportcon mlx4_0 1 (system_u object_r test_ibendport_t ((s0) (s0)))) EOF semodule -i my_module.cil (On ppc64 it fails with "/sbin/load_policy: Can't load policy: Invalid argument") Also, the temporary buffers are only guaranteed to be aligned for 32-bit access so use (get/put)_unaligned_be64() for 64-bit accesses. Finally, do not use the 'nodebuf' (u32) buffer where 'buf' (__le32) should be used instead. Tested internally on a ppc64 machine with a RHEL 7 kernel with this patch applied. Cc: Daniel Jurgens <danielj(a)mellanox.com> Cc: Eli Cohen <eli(a)mellanox.com> Cc: James Morris <jmorris(a)namei.org> Cc: Doug Ledford <dledford(a)redhat.com> Cc: <stable(a)vger.kernel.org> # 4.13+ Fixes: a806f7a1616f ("selinux: Create policydb version for Infiniband support") Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- security/selinux/ss/policydb.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) Changes in v2: - add reproducer to commit message - update e-mail address of James Morris - better Cc also the old SELinux ML diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index f4eadd3f7350..2b310e8f2923 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -37,6 +37,7 @@ #include <linux/errno.h> #include <linux/audit.h> #include <linux/flex_array.h> +#include <asm/unaligned.h> #include "security.h" #include "policydb.h" @@ -2108,7 +2109,7 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, { int i, j, rc; u32 nel, len; - __le32 buf[3]; + __le32 buf[4]; struct ocontext *l, *c; u32 nodebuf[8]; @@ -2218,20 +2219,20 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, break; } case OCON_IBPKEY: - rc = next_entry(nodebuf, fp, sizeof(u32) * 4); + rc = next_entry(buf, fp, sizeof(u32) * 4); if (rc) goto out; - c->u.ibpkey.subnet_prefix = be64_to_cpu(*((__be64 *)nodebuf)); + c->u.ibpkey.subnet_prefix = get_unaligned_be64(buf); - if (nodebuf[2] > 0xffff || - nodebuf[3] > 0xffff) { + if (le32_to_cpu(buf[2]) > 0xffff || + le32_to_cpu(buf[3]) > 0xffff) { rc = -EINVAL; goto out; } - c->u.ibpkey.low_pkey = le32_to_cpu(nodebuf[2]); - c->u.ibpkey.high_pkey = le32_to_cpu(nodebuf[3]); + c->u.ibpkey.low_pkey = le32_to_cpu(buf[2]); + c->u.ibpkey.high_pkey = le32_to_cpu(buf[3]); rc = context_read_and_validate(&c->context[0], p, @@ -2249,7 +2250,8 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, if (rc) goto out; - if (buf[1] > 0xff || buf[1] == 0) { + if (le32_to_cpu(buf[1]) > 0xff || + le32_to_cpu(buf[1]) == 0) { rc = -EINVAL; goto out; } @@ -3105,7 +3107,7 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, { unsigned int i, j, rc; size_t nel, len; - __le32 buf[3]; + __le32 buf[4]; u32 nodebuf[8]; struct ocontext *c; for (i = 0; i < info->ocon_num; i++) { @@ -3192,12 +3194,12 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, return rc; break; case OCON_IBPKEY: - *((__be64 *)nodebuf) = cpu_to_be64(c->u.ibpkey.subnet_prefix); + put_unaligned_be64(c->u.ibpkey.subnet_prefix, buf); - nodebuf[2] = cpu_to_le32(c->u.ibpkey.low_pkey); - nodebuf[3] = cpu_to_le32(c->u.ibpkey.high_pkey); + buf[2] = cpu_to_le32(c->u.ibpkey.low_pkey); + buf[3] = cpu_to_le32(c->u.ibpkey.high_pkey); - rc = put_entry(nodebuf, sizeof(u32), 4, fp); + rc = put_entry(buf, sizeof(u32), 4, fp); if (rc) return rc; rc = context_write(p, &c->context[0], fp); -- 2.17.2

6 years, 8 months

2
3
0 0

[PATCH v2] drm/atomic_helper: Stop modesets on unregistered connectors harder

by Lyude Paul

Unfortunately, it appears our fix in: commit b5d29843d8ef ("drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors") Which attempted to work around the problems introduced by: commit 4d80273976bf ("drm/atomic_helper: Disallow new modesets on unregistered connectors") Is still not the right solution, as modesets can still be triggered outside of drm_atomic_set_crtc_for_connector(). So in order to fix this, while still being careful that we don't break modesets that a driver may perform before being registered with userspace, we replace connector->registered with a tristate member, connector->registration_state. This allows us to keep track of whether or not a connector is still initializing and hasn't been exposed to userspace, is currently registered and exposed to userspace, or has been legitimately removed from the system after having once been present. Using this info, we can prevent userspace from performing new modesets on unregistered connectors while still allowing the driver to perform modesets on unregistered connectors before the driver has finished being registered. Changes since v1: - Fix WARN_ON() in drm_connector_cleanup() that CI caught with this patchset in igt@drv_module_reload@basic-reload-inject and igt@drv_module_reload@basic-reload by checking if the connector is registered instead of unregistered, as calling drm_connector_cleanup() on a connector that hasn't been registered with userspace yet should stay valid. - Remove unregistered_connector_check(), and just go back to what we were doing before in commit 4d80273976bf ("drm/atomic_helper: Disallow new modesets on unregistered connectors") except replacing READ_ONCE(connector->registered) with drm_connector_is_unregistered(). This gets rid of the behavior of allowing DPMS On<->Off, but that should be fine as it's more consistent with the UAPI we had before - danvet - s/drm_connector_unregistered/drm_connector_is_unregistered/ - danvet - Update documentation, fix some typos. Fixes: b5d29843d8ef ("drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors") Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: stable(a)vger.kernel.org Cc: David Airlie <airlied(a)linux.ie> Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++- drivers/gpu/drm/drm_atomic_uapi.c | 21 --------- drivers/gpu/drm/drm_connector.c | 11 +++-- drivers/gpu/drm/i915/intel_dp_mst.c | 8 ++-- include/drm/drm_connector.h | 71 ++++++++++++++++++++++++++++- 5 files changed, 99 insertions(+), 33 deletions(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 6f66777dca4b..ee6b2987a3c7 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -319,6 +319,26 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } + crtc_state = drm_atomic_get_new_crtc_state(state, + new_connector_state->crtc); + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On->Off modesets on unregistered connectors. Modesets + * which would result in anything else must be considered invalid, to + * avoid turning on new displays on dead connectors. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't do anything but shut off the + * display on a connector that was destroyed after its been notified, + * not before. + */ + if (drm_connector_is_unregistered(connector) && crtc_state->active) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -363,7 +383,6 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); - crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", diff --git a/drivers/gpu/drm/drm_atomic_uapi.c b/drivers/gpu/drm/drm_atomic_uapi.c index a22d6f269b07..d5b7f315098c 100644 --- a/drivers/gpu/drm/drm_atomic_uapi.c +++ b/drivers/gpu/drm/drm_atomic_uapi.c @@ -299,27 +299,6 @@ drm_atomic_set_crtc_for_connector(struct drm_connector_state *conn_state, struct drm_connector *connector = conn_state->connector; struct drm_crtc_state *crtc_state; - /* - * For compatibility with legacy users, we want to make sure that - * we allow DPMS On<->Off modesets on unregistered connectors, since - * legacy modesetting users will not be expecting these to fail. We do - * not however, want to allow legacy users to assign a connector - * that's been unregistered from sysfs to another CRTC, since doing - * this with a now non-existent connector could potentially leave us - * in an invalid state. - * - * Since the connector can be unregistered at any point during an - * atomic check or commit, this is racy. But that's OK: all we care - * about is ensuring that userspace can't use this connector for new - * configurations after it's been notified that the connector is no - * longer present. - */ - if (!READ_ONCE(connector->registered) && crtc) { - DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", - connector->base.id, connector->name); - return -EINVAL; - } - if (conn_state->crtc == crtc) return 0; diff --git a/drivers/gpu/drm/drm_connector.c b/drivers/gpu/drm/drm_connector.c index 5d01414ec9f7..891f9458d29e 100644 --- a/drivers/gpu/drm/drm_connector.c +++ b/drivers/gpu/drm/drm_connector.c @@ -396,7 +396,8 @@ void drm_connector_cleanup(struct drm_connector *connector) /* The connector should have been removed from userspace long before * it is finally destroyed. */ - if (WARN_ON(connector->registered)) + if (WARN_ON(connector->registration_state == + DRM_CONNECTOR_REGISTERED)) drm_connector_unregister(connector); if (connector->tile_group) { @@ -453,7 +454,7 @@ int drm_connector_register(struct drm_connector *connector) return 0; mutex_lock(&connector->mutex); - if (connector->registered) + if (connector->registration_state != DRM_CONNECTOR_INITIALIZING) goto unlock; ret = drm_sysfs_connector_add(connector); @@ -473,7 +474,7 @@ int drm_connector_register(struct drm_connector *connector) drm_mode_object_register(connector->dev, &connector->base); - connector->registered = true; + connector->registration_state = DRM_CONNECTOR_REGISTERED; goto unlock; err_debugfs: @@ -495,7 +496,7 @@ EXPORT_SYMBOL(drm_connector_register); void drm_connector_unregister(struct drm_connector *connector) { mutex_lock(&connector->mutex); - if (!connector->registered) { + if (connector->registration_state != DRM_CONNECTOR_REGISTERED) { mutex_unlock(&connector->mutex); return; } @@ -506,7 +507,7 @@ void drm_connector_unregister(struct drm_connector *connector) drm_sysfs_connector_remove(connector); drm_debugfs_connector_remove(connector); - connector->registered = false; + connector->registration_state = DRM_CONNECTOR_UNREGISTERED; mutex_unlock(&connector->mutex); } EXPORT_SYMBOL(drm_connector_unregister); diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index b268bdd71bd3..8b71d64ebd9d 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -78,7 +78,7 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, pipe_config->pbn = mst_pbn; /* Zombie connectors can't have VCPI slots */ - if (READ_ONCE(connector->registered)) { + if (!drm_connector_is_unregistered(connector)) { slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, port, @@ -314,7 +314,7 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!READ_ONCE(connector->registered)) + if (drm_connector_is_unregistered(connector)) return intel_connector_update_modes(connector, NULL); edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); @@ -330,7 +330,7 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!READ_ONCE(connector->registered)) + if (drm_connector_is_unregistered(connector)) return connector_status_disconnected; return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); @@ -361,7 +361,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!READ_ONCE(connector->registered)) + if (drm_connector_is_unregistered(connector)) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) diff --git a/include/drm/drm_connector.h b/include/drm/drm_connector.h index 5b3cf909fd5e..dd0552cb7472 100644 --- a/include/drm/drm_connector.h +++ b/include/drm/drm_connector.h @@ -82,6 +82,53 @@ enum drm_connector_status { connector_status_unknown = 3, }; +/** + * enum drm_connector_registration_status - userspace registration status for + * a &drm_connector + * + * This enum is used to track the status of initializing a connector and + * registering it with userspace, so that DRM can prevent bogus modesets on + * connectors that no longer exist. + */ +enum drm_connector_registration_state { + /** + * @DRM_CONNECTOR_INITIALIZING: The connector has just been created, + * but has yet to be exposed to userspace. There should be no + * additional restrictions to how the state of this connector may be + * modified. + */ + DRM_CONNECTOR_INITIALIZING = 0, + + /** + * @DRM_CONNECTOR_REGISTERED: The connector has been fully initialized + * and registered with sysfs, as such it has been exposed to + * userspace. There should be no additional restrictions to how the + * state of this connector may be modified. + */ + DRM_CONNECTOR_REGISTERED = 1, + + /** + * @DRM_CONNECTOR_UNREGISTERED: The connector has either been exposed + * to userspace and has since been unregistered and removed from + * userspace, or the connector was unregistered before it had a chance + * to be exposed to userspace (e.g. still in the + * @DRM_CONNECTOR_INITIALIZING state). When a connector is + * unregistered, there are additional restrictions to how its state + * may be modified: + * + * - An unregistered connector may only have its DPMS changed from + * On->Off. Once DPMS is changed to Off, it may not be switched back + * to On. + * - Modesets are not allowed on unregistered connectors, unless they + * would result in disabling its assigned CRTCs. This means + * disabling a CRTC on an unregistered connector is OK, but enabling + * one is not. + * - Removing a CRTC from an unregistered connector is OK, but new + * CRTCs may never be assigned to an unregistered connector. + */ + DRM_CONNECTOR_UNREGISTERED = 2, +}; + enum subpixel_order { SubPixelUnknown = 0, SubPixelHorizontalRGB, @@ -853,10 +900,12 @@ struct drm_connector { bool ycbcr_420_allowed; /** - * @registered: Is this connector exposed (registered) with userspace? + * @registration_state: Is this connector initializing, exposed + * (registered) with userspace, or unregistered? + * * Protected by @mutex. */ - bool registered; + enum drm_connector_registration_state registration_state; /** * @modes: @@ -1167,6 +1216,24 @@ static inline void drm_connector_unreference(struct drm_connector *connector) drm_connector_put(connector); } +/** + * drm_connector_is_unregistered - has the connector been unregistered from + * userspace? + * @connector: DRM connector + * + * Checks whether or not @connector has been unregistered from userspace. + * + * Returns: + * True if the connector was unregistered, false if the connector is + * registered or has not yet been registered with userspace. + */ +static inline bool +drm_connector_is_unregistered(struct drm_connector *connector) +{ + return READ_ONCE(connector->registration_state) == + DRM_CONNECTOR_UNREGISTERED; +} + const char *drm_get_connector_status_name(enum drm_connector_status status); const char *drm_get_subpixel_order_name(enum subpixel_order order); const char *drm_get_dpms_name(int val); -- 2.17.2

6 years, 8 months

2
1
0 0

[PATCH 4/5] Drivers: hv: kvp: Use %u to print U32

by kys＠linuxonhyperv.com

From: Dexuan Cui <decui(a)microsoft.com> I didn't find a real issue. Let's just make it consistent with the next "case REG_U64:" where %llu is used. Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: <Stable(a)vger.kernel.org> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> --- drivers/hv/hv_kvp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index 9fbb15c62c6c..3b8590ff94ba 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -437,7 +437,7 @@ kvp_send_key(struct work_struct *dummy) val32 = in_msg->body.kvp_set.data.value_u32; message->body.kvp_set.data.value_size = sprintf(message->body.kvp_set.data.value, - "%d", val32) + 1; + "%u", val32) + 1; break; case REG_U64: -- 2.18.0

6 years, 8 months

3
2
0 0

[PATCH 3/4] [for linux-4.4.y only] Drivers: hv: kvp: fix IP Failover

by Dexuan Cui

Hyper-V VMs can be replicated to another hosts and there is a feature to set different IP for replicas, it is called 'Failover TCP/IP'. When such guest starts Hyper-V host sends it KVP_OP_SET_IP_INFO message as soon as we finish negotiation procedure. The problem is that it can happen (and it actually happens) before userspace daemon connects and we reply with HV_E_FAIL to the message. As there are no repetitions we fail to set the requested IP. Solve the issue by postponing our reply to the negotiation message till userspace daemon is connected. We can't wait too long as there is a host-side timeout (cca. 75 seconds) and if we fail to reply in this time frame the whole KVP service will become inactive. The solution is not ideal - if it takes userspace daemon more than 60 seconds to connect IP Failover will still fail but I don't see a solution with our current separation between kernel and userspace parts. Other two modules (VSS and FCOPY) don't require such delay, leave them untouched. Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Dexuan Cui <decui(a)microsoft.com> --- This is cherry-picked from the mainline: 4dbfc2e ("Drivers: hv: kvp: fix IP Failover") I added my Signed-off-by as I identified and tested the patches. If this is unnecessary, please feel free to remove it. drivers/hv/hv_kvp.c | 31 +++++++++++++++++++++++++++++++ drivers/hv/hyperv_vmbus.h | 5 +++++ 2 files changed, 36 insertions(+) diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index cd3fb01..ff0a426 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -78,9 +78,11 @@ static void kvp_send_key(struct work_struct *dummy); static void kvp_respond_to_host(struct hv_kvp_msg *msg, int error); static void kvp_timeout_func(struct work_struct *dummy); +static void kvp_host_handshake_func(struct work_struct *dummy); static void kvp_register(int); static DECLARE_DELAYED_WORK(kvp_timeout_work, kvp_timeout_func); +static DECLARE_DELAYED_WORK(kvp_host_handshake_work, kvp_host_handshake_func); static DECLARE_WORK(kvp_sendkey_work, kvp_send_key); static const char kvp_devname[] = "vmbus/hv_kvp"; @@ -131,6 +133,11 @@ static void kvp_timeout_func(struct work_struct *dummy) hv_poll_channel(kvp_transaction.recv_channel, kvp_poll_wrapper); } +static void kvp_host_handshake_func(struct work_struct *dummy) +{ + hv_poll_channel(kvp_transaction.recv_channel, hv_kvp_onchannelcallback); +} + static int kvp_handle_handshake(struct hv_kvp_msg *msg) { switch (msg->kvp_hdr.operation) { @@ -155,6 +162,12 @@ static int kvp_handle_handshake(struct hv_kvp_msg *msg) pr_debug("KVP: userspace daemon ver. %d registered\n", KVP_OP_REGISTER); kvp_register(dm_reg_value); + + /* + * If we're still negotiating with the host cancel the timeout + * work to not poll the channel twice. + */ + cancel_delayed_work_sync(&kvp_host_handshake_work); hv_poll_channel(kvp_transaction.recv_channel, kvp_poll_wrapper); return 0; @@ -595,7 +608,22 @@ void hv_kvp_onchannelcallback(void *context) struct icmsg_negotiate *negop = NULL; int util_fw_version; int kvp_srv_version; + static enum {NEGO_NOT_STARTED, + NEGO_IN_PROGRESS, + NEGO_FINISHED} host_negotiatied = NEGO_NOT_STARTED; + if (host_negotiatied == NEGO_NOT_STARTED && + kvp_transaction.state < HVUTIL_READY) { + /* + * If userspace daemon is not connected and host is asking + * us to negotiate we need to delay to not lose messages. + * This is important for Failover IP setting. + */ + host_negotiatied = NEGO_IN_PROGRESS; + schedule_delayed_work(&kvp_host_handshake_work, + HV_UTIL_NEGO_TIMEOUT * HZ); + return; + } if (kvp_transaction.state > HVUTIL_READY) return; @@ -673,6 +701,8 @@ void hv_kvp_onchannelcallback(void *context) vmbus_sendpacket(channel, recv_buffer, recvlen, requestid, VM_PKT_DATA_INBAND, 0); + + host_negotiatied = NEGO_FINISHED; } } @@ -711,6 +741,7 @@ hv_kvp_init(struct hv_util_service *srv) void hv_kvp_deinit(void) { kvp_transaction.state = HVUTIL_DEVICE_DYING; + cancel_delayed_work_sync(&kvp_host_handshake_work); cancel_delayed_work_sync(&kvp_timeout_work); cancel_work_sync(&kvp_sendkey_work); hvutil_transport_destroy(hvt); diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h index 75e383e..15e0649 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h @@ -36,6 +36,11 @@ #define HV_UTIL_TIMEOUT 30 /* + * Timeout for guest-host handshake for services. + */ +#define HV_UTIL_NEGO_TIMEOUT 60 + +/* * The below CPUID leaves are present if VersionAndFeatures.HypervisorPresent * is set by CPUID(HVCPUID_VERSION_FEATURES). */ -- 2.7.4

6 years, 8 months

1
0
0 0

[PATCH 2/4] [for linux-4.4.y only] Drivers: hv: util: Pass the channel information during the init call

by Dexuan Cui

Pass the channel information to the util drivers that need to defer reading the channel while they are processing a request. This would address the following issue reported by Vitaly: Commit 3cace4a61610 ("Drivers: hv: utils: run polling callback always in interrupt context") removed direct *_transaction.state = HVUTIL_READY assignments from *_handle_handshake() functions introducing the following race: if a userspace daemon connects before we get first non-negotiation request from the server hv_poll_channel() won't set transaction state to HVUTIL_READY as (!channel) condition will fail, we set it to non-NULL on the first real request from the server. Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Reported-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Dexuan Cui <decui(a)microsoft.com> --- This is cherry-picked from the mainline: b9830d1 ("Drivers: hv: util: Pass the channel information during the init call") I added my Signed-off-by as I identified and tested the patches. If this is unnecessary, please feel free to remove it. drivers/hv/hv_fcopy.c | 2 +- drivers/hv/hv_kvp.c | 2 +- drivers/hv/hv_snapshot.c | 2 +- drivers/hv/hv_util.c | 1 + include/linux/hyperv.h | 1 + 5 files changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/hv/hv_fcopy.c b/drivers/hv/hv_fcopy.c index 12dcbd8..2cce48d 100644 --- a/drivers/hv/hv_fcopy.c +++ b/drivers/hv/hv_fcopy.c @@ -256,7 +256,6 @@ void hv_fcopy_onchannelcallback(void *context) */ fcopy_transaction.recv_len = recvlen; - fcopy_transaction.recv_channel = channel; fcopy_transaction.recv_req_id = requestid; fcopy_transaction.fcopy_msg = fcopy_msg; @@ -323,6 +322,7 @@ static void fcopy_on_reset(void) int hv_fcopy_init(struct hv_util_service *srv) { recv_buffer = srv->recv_buffer; + fcopy_transaction.recv_channel = srv->channel; init_completion(&release_event); /* diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index b97ef3e..cd3fb01 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -640,7 +640,6 @@ void hv_kvp_onchannelcallback(void *context) */ kvp_transaction.recv_len = recvlen; - kvp_transaction.recv_channel = channel; kvp_transaction.recv_req_id = requestid; kvp_transaction.kvp_msg = kvp_msg; @@ -690,6 +689,7 @@ int hv_kvp_init(struct hv_util_service *srv) { recv_buffer = srv->recv_buffer; + kvp_transaction.recv_channel = srv->channel; init_completion(&release_event); /* diff --git a/drivers/hv/hv_snapshot.c b/drivers/hv/hv_snapshot.c index c5fb249..b0feddb 100644 --- a/drivers/hv/hv_snapshot.c +++ b/drivers/hv/hv_snapshot.c @@ -264,7 +264,6 @@ void hv_vss_onchannelcallback(void *context) */ vss_transaction.recv_len = recvlen; - vss_transaction.recv_channel = channel; vss_transaction.recv_req_id = requestid; vss_transaction.msg = (struct hv_vss_msg *)vss_msg; @@ -340,6 +339,7 @@ hv_vss_init(struct hv_util_service *srv) return -ENOTSUPP; } recv_buffer = srv->recv_buffer; + vss_transaction.recv_channel = srv->channel; /* * When this driver loads, the user level daemon that diff --git a/drivers/hv/hv_util.c b/drivers/hv/hv_util.c index 41f5896..9dc6372 100644 --- a/drivers/hv/hv_util.c +++ b/drivers/hv/hv_util.c @@ -326,6 +326,7 @@ static int util_probe(struct hv_device *dev, srv->recv_buffer = kmalloc(PAGE_SIZE * 4, GFP_KERNEL); if (!srv->recv_buffer) return -ENOMEM; + srv->channel = dev->channel; if (srv->util_init) { ret = srv->util_init(srv); if (ret) { diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h index ae6a711..281bb00 100644 --- a/include/linux/hyperv.h +++ b/include/linux/hyperv.h @@ -1179,6 +1179,7 @@ int vmbus_allocate_mmio(struct resource **new, struct hv_device *device_obj, struct hv_util_service { u8 *recv_buffer; + void *channel; void (*util_cb)(void *); int (*util_init)(struct hv_util_service *); void (*util_deinit)(void); -- 2.7.4

6 years, 8 months

1
0
0 0

[PATCH 1/4] [for linux-4.4.y only] Drivers: hv: utils: Invoke the poll function after handshake

by Dexuan Cui

When the handshake with daemon is complete, we should poll the channel since during the handshake, we will not be processing any messages. This is a potential bug if the host is waiting for a response from the guest. I would like to thank Dexuan for pointing this out. Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Dexuan Cui <decui(a)microsoft.com> --- This is cherry-picked from the mainline: 2d0c3b5 ("Drivers: hv: utils: Invoke the poll function after handshake") I added my Signed-off-by as I identified and tested the patches. If this is unnecessary, please feel free to remove it. drivers/hv/hv_kvp.c | 2 +- drivers/hv/hv_snapshot.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index ce4d3a9..b97ef3e 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -155,7 +155,7 @@ static int kvp_handle_handshake(struct hv_kvp_msg *msg) pr_debug("KVP: userspace daemon ver. %d registered\n", KVP_OP_REGISTER); kvp_register(dm_reg_value); - kvp_transaction.state = HVUTIL_READY; + hv_poll_channel(kvp_transaction.recv_channel, kvp_poll_wrapper); return 0; } diff --git a/drivers/hv/hv_snapshot.c b/drivers/hv/hv_snapshot.c index faad79a..c5fb249 100644 --- a/drivers/hv/hv_snapshot.c +++ b/drivers/hv/hv_snapshot.c @@ -114,7 +114,7 @@ static int vss_handle_handshake(struct hv_vss_msg *vss_msg) default: return -EINVAL; } - vss_transaction.state = HVUTIL_READY; + hv_poll_channel(vss_transaction.recv_channel, vss_poll_wrapper); pr_debug("VSS: userspace daemon ver. %d registered\n", dm_reg_value); return 0; } -- 2.7.4

6 years, 8 months

1
0
0 0

[PATCH] [linux-4.4.y only] HV: properly delay KVP packets when negotiation is in progress

by Dexuan Cui

The host may send multiple negotiation packets (due to timeout) before the KVP user-mode daemon is connected. KVP user-mode daemon is connected. We need to defer processing those packets until the daemon is negotiated and connected. It's okay for guest to respond to all negotiation packets. In addition, the host may send multiple staged KVP requests as soon as negotiation is done. We need to properly process those packets using one tasklet for exclusive access to ring buffer. This patch is based on the work of Nick Meier <Nick.Meier(a)microsoft.com>. Signed-off-by: Long Li <longli(a)microsoft.com> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> The above is the original changelog of a3ade8cc474d ("HV: properly delay KVP packets when negotiation is in progress" Here I re-worked the original patch because the mainline version can't work for the linux-4.4.y branch, on which channel->callback_event doesn't exist yet. In the mainline, channel->callback_event was added by: 631e63a9f346 ("vmbus: change to per channel tasklet"). Here we don't want to backport it to v4.4, as it requires extra supporting changes and fixes, which are unnecessary as to the KVP bug we're trying to resolve. NOTE: before this patch is used, we should cherry-pick the other related 3 patches from the mainline first: 2d0c3b5 ("Drivers: hv: utils: Invoke the poll function after handshake") b9830d1 ("Drivers: hv: util: Pass the channel information during the init call") 4dbfc2e ("Drivers: hv: kvp: fix IP Failover") And, actually it would better if we can cherry-pick more fixes from the mainline first (the 3 above patches are also included in this 27-patch list): 01 b003596 Drivers: hv: utils: use memdup_user in hvt_op_write 02 2d0c3b5 Drivers: hv: utils: Invoke the poll function after handshake 03 1f75338 Drivers: hv: utils: fix memory leak on on_msg() failure 04 a72f3a4 Drivers: hv: utils: rename outmsg_lock 05 a150256 Drivers: hv: utils: introduce HVUTIL_TRANSPORT_DESTROY mode 06 9420098 Drivers: hv: utils: fix crash when device is removed from host side 07 77b744a Drivers: hv: utils: fix hvt_op_poll() return value on transport destroy 08 b9830d1 Drivers: hv: util: Pass the channel information during the init call 09 e66853b Drivers: hv: utils: Remove util transport handler from list if registration fails 10 4dbfc2e Drivers: hv: kvp: fix IP Failover 11 e0fa3e5 Drivers: hv: utils: fix a race on userspace daemons registration 12 497af84 Drivers: hv: utils: Continue to poll VSS channel after handling requests. 13 db886e4 Drivers: hv: utils: Check VSS daemon is listening before a hot backup 14 abeda47 Drivers: hv: utils: Rename version definitions to reflect protocol version. 15 2e338f7 Drivers: hv: utils: Use TimeSync samples to adjust the clock after boot. 16 8e1d260 Drivers: hv: utils: Support TimeSync version 4.0 protocol samples. 17 3ba1eb1 Drivers: hv: hv_util: Avoid dynamic allocation in time synch 18 3da0401b Drivers: hv: utils: Fix the mapping between host version and protocol to use 19 23d2cc0 Drivers: hv: vss: Improve log messages. 20 b357fd3 Drivers: hv: vss: Operation timeouts should match host expectation 21 1724462 hv_util: switch to using timespec64 22 a165645 Drivers: hv: vmbus: Use all supported IC versions to negotiate 23 1274a69 Drivers: hv: Log the negotiated IC versions. 24 bb6a4db Drivers: hv: util: Fix a typo 25 e9c18ae Drivers: hv: util: move waiting for release to hv_utils_transport itself 26 bdc1dd4 vmbus: fix spelling errors 27 ddce54b Drivers: hv: kvp: Use MAX_ADAPTER_ID_SIZE for translating adapter id This to to say, we're requesting a backport of 4 patches or 28 patches. If 28 patches seem too many, we hope at least the 4 patches can be backported. The patches can be applied cleanly to the latest v4.4 branch (currently it's v4.4.160). The background of this backport request is that: recently Wang Jian reported some KVP issues: https://github.com/LIS/lis-next/issues/593: e.g. the /var/lib/hyperv/.kvp_pool_* files can not be updated, and sometimes if the hv_kvp_daemon doesn't timely start, the host may not be able to query the VM's IP address via KVP. Wang Jian tested the 4 patches and the 28 patches, and the issues can be fixed by the patches. Reported-by: Wang Jian <jianjian.wang1(a)gmail.com> Tested-by: Wang Jian <jianjian.wang1(a)gmail.com> Signed-off-by: Dexuan Cui <decui(a)microsoft.com> --- drivers/hv/hv_kvp.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c index f3d3d75ac913e..e4fbc17bbe190 100644 --- a/drivers/hv/hv_kvp.c +++ b/drivers/hv/hv_kvp.c @@ -627,21 +627,22 @@ void hv_kvp_onchannelcallback(void *context) NEGO_IN_PROGRESS, NEGO_FINISHED} host_negotiatied = NEGO_NOT_STARTED; - if (host_negotiatied == NEGO_NOT_STARTED && - kvp_transaction.state < HVUTIL_READY) { + if (kvp_transaction.state < HVUTIL_READY) { /* * If userspace daemon is not connected and host is asking * us to negotiate we need to delay to not lose messages. * This is important for Failover IP setting. */ - host_negotiatied = NEGO_IN_PROGRESS; - schedule_delayed_work(&kvp_host_handshake_work, + if (host_negotiatied == NEGO_NOT_STARTED) { + host_negotiatied = NEGO_IN_PROGRESS; + schedule_delayed_work(&kvp_host_handshake_work, HV_UTIL_NEGO_TIMEOUT * HZ); + } return; } if (kvp_transaction.state > HVUTIL_READY) return; - +recheck: vmbus_recvpacket(channel, recv_buffer, PAGE_SIZE * 4, &recvlen, &requestid); @@ -704,6 +705,8 @@ void hv_kvp_onchannelcallback(void *context) VM_PKT_DATA_INBAND, 0); host_negotiatied = NEGO_FINISHED; + + goto recheck; } }

6 years, 8 months

3
3
0 0

[PATCH 0/7] NULL pointer deref fix for stm32-dma

by Joel Fernandes (Google)

Hi Greg, While looking at android-4.14, I found a NULL pointer deref with stm32-dma driver using Coccicheck errors. I found that upstream had a bunch of patches on stm32-dma that have fixed this and other issues, I applied these patches cleanly onto Android 4.14. I believe these should goto stable and flow into Android 4.14 from there, but I haven't tested this since I have no hardware to do so. Atleast I can say that the coccicheck error below goes away when running: make coccicheck MODE=report ./drivers/dma/stm32-dma.c:567:18-24: ERROR: chan -> desc is NULL but dereferenced. Anyway, please consider this series for 4.14 stable, I have CC'd the author and others, thanks. Pierre Yves MORDRET (7): dmaengine: stm32-dma: threshold manages with bitfield feature dmaengine: stm32-dma: fix incomplete configuration in cyclic mode dmaengine: stm32-dma: fix typo and reported checkpatch warnings dmaengine: stm32-dma: Improve memory burst management dmaengine: stm32-dma: fix DMA IRQ status handling dmaengine: stm32-dma: fix max items per transfer dmaengine: stm32-dma: properly mask irq bits drivers/dma/stm32-dma.c | 287 +++++++++++++++++++++++++++++++++------- 1 file changed, 240 insertions(+), 47 deletions(-) -- 2.19.0.605.g01d371f741-goog

6 years, 8 months

4
10
0 0

[PATCH 3/3] x86/fpu: Save FPU registers on context switch if there is a FPU

by Sebastian Andrzej Siewior

Booting a 486 with "no387 nofxsr" ends with | math_emulate: 0060:c101987d | Kernel panic - not syncing: Math emulation needed in kernel on the first context switch in user land. The reason is that copy_fpregs_to_fpstate() tries `fnsave' which does not work. This happens since commit f1c8cd0176078 ("x86/fpu: Change fpu->fpregs_active users to fpu->fpstate_active"). Add a check for X86_FEATURE_FPU before trying to save FPU registers (we have such a check switch_fpu_finish() already). Fixes: f1c8cd0176078 ("x86/fpu: Change fpu->fpregs_active users to fpu->fpstate_active") Cc: stable(a)vger.kernel.org Signed-off-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> --- arch/x86/include/asm/fpu/internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h index a38bf5a1e37ad..69dcdf195b611 100644 --- a/arch/x86/include/asm/fpu/internal.h +++ b/arch/x86/include/asm/fpu/internal.h @@ -528,7 +528,7 @@ static inline void fpregs_activate(struct fpu *fpu) static inline void switch_fpu_prepare(struct fpu *old_fpu, int cpu) { - if (old_fpu->initialized) { + if (static_cpu_has(X86_FEATURE_FPU) && old_fpu->initialized) { if (!copy_fpregs_to_fpstate(old_fpu)) old_fpu->last_cpu = -1; else -- 2.19.1

6 years, 8 months

2
1
0 0

[PATCH v2] clk: s2mps11: Fix matching when built as module and DT node contains compatible

by Krzysztof Kozlowski

When driver is built as module and DT node contains clocks compatible (e.g. "samsung,s2mps11-clk"), the module will not be autoloaded because module aliases won't match. The modalias from uevent: of:NclocksT<NULL>Csamsung,s2mps11-clk The modalias from driver: platform:s2mps11-clk The devices are instantiated by parent's MFD. However both Device Tree bindings and parent define the compatible for clocks devices. In case of module matching this DT compatible will be used. The issue will not happen if this is a built-in (no need for module matching) or when clocks DT node does not contain compatible (not correct from bindings perspective but working for driver). Note when backporting to stable kernels: adjust the list of device ID entries. Cc: <stable(a)vger.kernel.org> Fixes: 53c31b3437a6 ("mfd: sec-core: Add of_compatible strings for clock MFD cells") Signed-off-by: Krzysztof Kozlowski <krzk(a)kernel.org> Acked-by: Stephen Boyd <sboyd(a)kernel.org> --- Changes since v1: 1. Add Stephen's ack. 2. Minor language changes to comment. Stephen, can you apply it to clk tree? I think you acked it so I could take it... but anyway I cannot combine it with DT changes. --- drivers/clk/clk-s2mps11.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/drivers/clk/clk-s2mps11.c b/drivers/clk/clk-s2mps11.c index d44e0eea31ec..0934d3724495 100644 --- a/drivers/clk/clk-s2mps11.c +++ b/drivers/clk/clk-s2mps11.c @@ -245,6 +245,36 @@ static const struct platform_device_id s2mps11_clk_id[] = { }; MODULE_DEVICE_TABLE(platform, s2mps11_clk_id); +#ifdef CONFIG_OF +/* + * Device is instantiated through parent MFD device and device matching is done + * through platform_device_id. + * + * However if device's DT node contains proper clock compatible and driver is + * built as a module, then the *module* matching will be done trough DT aliases. + * This requires of_device_id table. In the same time this will not change the + * actual *device* matching so do not add .of_match_table. + */ +static const struct of_device_id s2mps11_dt_match[] = { + { + .compatible = "samsung,s2mps11-clk", + .data = (void *)S2MPS11X, + }, { + .compatible = "samsung,s2mps13-clk", + .data = (void *)S2MPS13X, + }, { + .compatible = "samsung,s2mps14-clk", + .data = (void *)S2MPS14X, + }, { + .compatible = "samsung,s5m8767-clk", + .data = (void *)S5M8767X, + }, { + /* Sentinel */ + }, +}; +MODULE_DEVICE_TABLE(of, s2mps11_dt_match); +#endif + static struct platform_driver s2mps11_clk_driver = { .driver = { .name = "s2mps11-clk", -- 2.14.1

6 years, 8 months

2
1
0 0

[PATCH] IB/hfi1: Fix destroy_qp hang after a link down

by Michael J. Ruhl

From: Michael J. Ruhl <michael.j.ruhl(a)intel.com> commit b4a4957d3d1c328b733fce783b7264996f866ad2 upstream. rvt_destroy_qp() cannot complete until all in process packets have been released from the underlying hardware. If a link down event occurs, an application can hang with a kernel stack similar to: cat /proc/<app PID>/stack quiesce_qp+0x178/0x250 [hfi1] rvt_reset_qp+0x23d/0x400 [rdmavt] rvt_destroy_qp+0x69/0x210 [rdmavt] ib_destroy_qp+0xba/0x1c0 [ib_core] nvme_rdma_destroy_queue_ib+0x46/0x80 [nvme_rdma] nvme_rdma_free_queue+0x3c/0xd0 [nvme_rdma] nvme_rdma_destroy_io_queues+0x88/0xd0 [nvme_rdma] nvme_rdma_error_recovery_work+0x52/0xf0 [nvme_rdma] process_one_work+0x17a/0x440 worker_thread+0x126/0x3c0 kthread+0xcf/0xe0 ret_from_fork+0x58/0x90 0xffffffffffffffff quiesce_qp() waits until all outstanding packets have been freed. This wait should be momentary. During a link down event, the cleanup handling does not ensure that all packets caught by the link down are flushed properly. This is caused by the fact that the freeze path and the link down event is handled the same. This is not correct. The freeze path waits until the HFI is unfrozen and then restarts PIO. A link down is not a freeze event. The link down path cannot restart the PIO until link is restored. If the PIO path is restarted before the link comes up, the application (QP) using the PIO path will hang (until link is restored). Fix by separating the linkdown path from the freeze path and use the link down path for link down events. Close a race condition sc_disable() by acquiring both the progress and release locks. Close a race condition in sc_stop() by moving the setting of the flag bits under the alloc lock. Fixes: 7724105686e7 ("IB/hfi1: add driver files") Cc: <stable(a)vger.kernel.org> # 4.14.x Reviewed-by: Mike Marciniszyn <mike.marciniszyn(a)intel.com> Signed-off-by: Michael J. Ruhl <michael.j.ruhl(a)intel.com> Signed-off-by: Dennis Dalessandro <dennis.dalessandro(a)intel.com> --- drivers/infiniband/hw/hfi1/chip.c | 7 +++++- drivers/infiniband/hw/hfi1/pio.c | 42 ++++++++++++++++++++++++++++++------- drivers/infiniband/hw/hfi1/pio.h | 2 ++ 3 files changed, 42 insertions(+), 9 deletions(-) diff --git a/drivers/infiniband/hw/hfi1/chip.c b/drivers/infiniband/hw/hfi1/chip.c index 33cf173..f9faacc 100644 --- a/drivers/infiniband/hw/hfi1/chip.c +++ b/drivers/infiniband/hw/hfi1/chip.c @@ -6722,6 +6722,7 @@ void start_freeze_handling(struct hfi1_pportdata *ppd, int flags) struct hfi1_devdata *dd = ppd->dd; struct send_context *sc; int i; + int sc_flags; if (flags & FREEZE_SELF) write_csr(dd, CCE_CTRL, CCE_CTRL_SPC_FREEZE_SMASK); @@ -6732,11 +6733,13 @@ void start_freeze_handling(struct hfi1_pportdata *ppd, int flags) /* notify all SDMA engines that they are going into a freeze */ sdma_freeze_notify(dd, !!(flags & FREEZE_LINK_DOWN)); + sc_flags = SCF_FROZEN | SCF_HALTED | (flags & FREEZE_LINK_DOWN ? + SCF_LINK_DOWN : 0); /* do halt pre-handling on all enabled send contexts */ for (i = 0; i < dd->num_send_contexts; i++) { sc = dd->send_contexts[i].sc; if (sc && (sc->flags & SCF_ENABLED)) - sc_stop(sc, SCF_FROZEN | SCF_HALTED); + sc_stop(sc, sc_flags); } /* Send context are frozen. Notify user space */ @@ -10646,6 +10649,8 @@ int set_link_state(struct hfi1_pportdata *ppd, u32 state) add_rcvctrl(dd, RCV_CTRL_RCV_PORT_ENABLE_SMASK); handle_linkup_change(dd, 1); + pio_kernel_linkup(dd); + ppd->host_link_state = HLS_UP_INIT; break; case HLS_UP_ARMED: diff --git a/drivers/infiniband/hw/hfi1/pio.c b/drivers/infiniband/hw/hfi1/pio.c index a95ac62..44a8940 100644 --- a/drivers/infiniband/hw/hfi1/pio.c +++ b/drivers/infiniband/hw/hfi1/pio.c @@ -937,20 +937,18 @@ void sc_free(struct send_context *sc) void sc_disable(struct send_context *sc) { u64 reg; - unsigned long flags; struct pio_buf *pbuf; if (!sc) return; /* do all steps, even if already disabled */ - spin_lock_irqsave(&sc->alloc_lock, flags); + spin_lock_irq(&sc->alloc_lock); reg = read_kctxt_csr(sc->dd, sc->hw_context, SC(CTRL)); reg &= ~SC(CTRL_CTXT_ENABLE_SMASK); sc->flags &= ~SCF_ENABLED; sc_wait_for_packet_egress(sc, 1); write_kctxt_csr(sc->dd, sc->hw_context, SC(CTRL), reg); - spin_unlock_irqrestore(&sc->alloc_lock, flags); /* * Flush any waiters. Once the context is disabled, @@ -960,7 +958,7 @@ void sc_disable(struct send_context *sc) * proceed with the flush. */ udelay(1); - spin_lock_irqsave(&sc->release_lock, flags); + spin_lock(&sc->release_lock); if (sc->sr) { /* this context has a shadow ring */ while (sc->sr_tail != sc->sr_head) { pbuf = &sc->sr[sc->sr_tail].pbuf; @@ -971,7 +969,8 @@ void sc_disable(struct send_context *sc) sc->sr_tail = 0; } } - spin_unlock_irqrestore(&sc->release_lock, flags); + spin_unlock(&sc->release_lock); + spin_unlock_irq(&sc->alloc_lock); } /* return SendEgressCtxtStatus.PacketOccupancy */ @@ -1194,11 +1193,39 @@ void pio_kernel_unfreeze(struct hfi1_devdata *dd) sc = dd->send_contexts[i].sc; if (!sc || !(sc->flags & SCF_FROZEN) || sc->type == SC_USER) continue; + if (sc->flags & SCF_LINK_DOWN) + continue; sc_enable(sc); /* will clear the sc frozen flag */ } } +/** + * pio_kernel_linkup() - Re-enable send contexts after linkup event + * @dd: valid devive data + * + * When the link goes down, the freeze path is taken. However, a link down + * event is different from a freeze because if the send context is re-enabled + * whowever is sending data will start sending data again, which will hang + * any QP that is sending data. + * + * The freeze path now looks at the type of event that occurs and takes this + * path for link down event. + */ +void pio_kernel_linkup(struct hfi1_devdata *dd) +{ + struct send_context *sc; + int i; + + for (i = 0; i < dd->num_send_contexts; i++) { + sc = dd->send_contexts[i].sc; + if (!sc || !(sc->flags & SCF_LINK_DOWN) || sc->type == SC_USER) + continue; + + sc_enable(sc); /* will clear the sc link down flag */ + } +} + /* * Wait for the SendPioInitCtxt.PioInitInProgress bit to clear. * Returns: @@ -1398,11 +1425,10 @@ void sc_stop(struct send_context *sc, int flag) { unsigned long flags; - /* mark the context */ - sc->flags |= flag; - /* stop buffer allocations */ spin_lock_irqsave(&sc->alloc_lock, flags); + /* mark the context */ + sc->flags |= flag; sc->flags &= ~SCF_ENABLED; spin_unlock_irqrestore(&sc->alloc_lock, flags); wake_up(&sc->halt_wait); diff --git a/drivers/infiniband/hw/hfi1/pio.h b/drivers/infiniband/hw/hfi1/pio.h index 99ca5ed..c7c4e6e 100644 --- a/drivers/infiniband/hw/hfi1/pio.h +++ b/drivers/infiniband/hw/hfi1/pio.h @@ -145,6 +145,7 @@ struct send_context { #define SCF_IN_FREE 0x02 #define SCF_HALTED 0x04 #define SCF_FROZEN 0x08 +#define SCF_LINK_DOWN 0x10 struct send_context_info { struct send_context *sc; /* allocated working context */ @@ -312,6 +313,7 @@ struct pio_buf *sc_buffer_alloc(struct send_context *sc, u32 dw_len, void pio_reset_all(struct hfi1_devdata *dd); void pio_freeze(struct hfi1_devdata *dd); void pio_kernel_unfreeze(struct hfi1_devdata *dd); +void pio_kernel_linkup(struct hfi1_devdata *dd); /* global PIO send control operations */ #define PSC_GLOBAL_ENABLE 0

6 years, 8 months

1
0
0 0

[PATCH 4.14 00/45] 4.14.76-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.76 release. There are 45 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Oct 13 15:24:53 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.76-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.76-rc1 Zhi Chen <zhichen(a)codeaurora.org> ath10k: fix scan crash due to incorrect length calculation Jan Stancek <jstancek(a)redhat.com> virtio_balloon: fix increment of vb->num_pfns in fill_balloon() Michael S. Tsirkin <mst(a)redhat.com> virtio_balloon: fix deadlock on OOM Ka-Cheong Poon <ka-cheong.poon(a)oracle.com> rds: rds_ib_recv_alloc_cache() should call alloc_percpu_gfp() instead Richard Weinberger <richard(a)nod.at> ubifs: Check for name being NULL while mounting Cong Wang <xiyou.wangcong(a)gmail.com> ucma: fix a use-after-free in ucma_resolve_ip() Chao Yu <yuchao0(a)huawei.com> f2fs: fix invalid memory access Jiri Olsa <jolsa(a)kernel.org> perf utils: Move is_directory() to path.h Harsh Jain <harsh(a)chelsio.com> crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Vineet Gupta <vgupta(a)synopsys.com> ARC: clone syscall to setp r25 as thread pointer Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc/lib: fix book3s/32 boot failure due to code patching Michael Neuling <mikey(a)neuling.org> powerpc: Avoid code patching freed init sections Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc/lib/code-patching: refactor patch_instruction() James Smart <jsmart2021(a)gmail.com> nvme_fc: fix ctrl create failures racing with workq items Yu Wang <yyuwang(a)codeaurora.org> ath10k: fix kernel panic issue during pci probe Carl Huang <cjhuang(a)codeaurora.org> ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait Prateek Sood <prsood(a)codeaurora.org> cgroup/cpuset: remove circular dependency deadlock Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix python extension build for gcc 8 Arnaldo Carvalho de Melo <acme(a)redhat.com> perf annotate: Use asprintf when formatting objdump command line Guenter Roeck <linux(a)roeck-us.net> of: unittest: Disable interrupt node tests for old world MAC systems Dmitry Safonov <dima(a)arista.com> tty: Drop tty->count on tty_reopen() failure Romain Izard <romain.izard.pro(a)gmail.com> usb: cdc_acm: Do not leak URB buffers Johan Hovold <johan(a)kernel.org> USB: serial: simple: add Motorola Tetra MTP6550 id Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: xhci-mtk: resume USB3 roothub first Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Mike Snitzer <snitzer(a)redhat.com> dm cache: fix resize crash if user doesn't reload cache table Joe Thornber <ejt(a)redhat.com> dm cache metadata: ignore hints array being too small during resize Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM / core: Clear the direct_complete flag on errors Felix Fietkau <nbd(a)nbd.name> mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Daniel Drake <drake(a)endlessm.com> PCI: Reprogram bridge prefetch registers on resume Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix vDSO syscall fallback asm constraint regression Andy Lutomirski <luto(a)kernel.org> x86/vdso: Only enable vDSO retpolines when enabled and supported Andy Lutomirski <luto(a)kernel.org> selftests/x86: Add clock_gettime() tests to test_vdso Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix asm constraints on vDSO syscall fallbacks Jason Ekstrand <jason(a)jlekstrand.net> drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Fix vce work queue was not cancelled when suspend Jan Beulich <JBeulich(a)suse.com> xen-netback: fix input validation in xenvif_set_hash_mapping() Tomi Valkeinen <tomi.valkeinen(a)ti.com> fbdev/omapfb: fix omapfb_memory_read infoleak Alexandre Belloni <alexandre.belloni(a)bootlin.com> clocksource/drivers/timer-atmel-pit: Properly handle error cases Ilya Dryomov <idryomov(a)gmail.com> blk-mq: I/O and timer unplugs are inverted in blktrace Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: fix L1TF's MMIO GFN calculation Jann Horn <jannh(a)google.com> mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm, thp: fix mlocking THP page with migration enabled Mike Kravetz <mike.kravetz(a)oracle.com> mm: migration: fix migration of huge PMD shared pages Reinette Chatre <reinette.chatre(a)intel.com> perf/core: Add sanity check to deal with pinned event failure ------------- Diffstat: Makefile | 4 +- arch/arc/kernel/process.c | 20 +++ arch/powerpc/include/asm/setup.h | 1 + arch/powerpc/lib/code-patching.c | 44 +++--- arch/powerpc/mm/mem.c | 2 + arch/x86/entry/vdso/Makefile | 16 ++- arch/x86/entry/vdso/vclock_gettime.c | 26 ++-- arch/x86/kvm/mmu.c | 24 +++- block/blk-mq.c | 4 +- drivers/base/power/main.c | 5 +- drivers/clocksource/timer-atmel-pit.c | 20 ++- drivers/crypto/chelsio/chcr_algo.c | 41 ++++-- drivers/crypto/chelsio/chcr_crypto.h | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 4 +- drivers/gpu/drm/drm_syncobj.c | 5 + drivers/infiniband/core/ucma.c | 2 + drivers/md/dm-cache-metadata.c | 4 +- drivers/md/dm-cache-target.c | 9 +- drivers/net/wireless/ath/ath10k/debug.c | 12 +- drivers/net/wireless/ath/ath10k/trace.h | 12 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 +- drivers/net/wireless/ath/ath10k/wmi.c | 2 +- drivers/net/xen-netback/hash.c | 12 +- drivers/nvme/host/fc.c | 4 + drivers/of/unittest.c | 26 ++-- drivers/pci/pci.c | 27 ++-- drivers/tty/tty_io.c | 11 +- drivers/usb/class/cdc-acm.c | 6 + drivers/usb/host/xhci-mtk.c | 4 +- drivers/usb/host/xhci-pci.c | 2 + drivers/usb/serial/usb-serial-simple.c | 3 +- drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 +- drivers/virtio/virtio_balloon.c | 23 +++- fs/f2fs/checkpoint.c | 9 +- fs/ubifs/super.c | 3 + include/linux/balloon_compaction.h | 35 ++++- include/linux/hugetlb.h | 14 ++ include/linux/mm.h | 6 + kernel/cgroup/cpuset.c | 53 ++++---- kernel/events/core.c | 6 + mm/balloon_compaction.c | 28 +++- mm/huge_memory.c | 2 +- mm/hugetlb.c | 37 ++++- mm/migrate.c | 3 + mm/rmap.c | 42 +++++- mm/vmstat.c | 3 + net/mac80211/cfg.c | 2 +- net/rds/ib.h | 2 +- net/rds/ib_cm.c | 2 +- net/rds/ib_recv.c | 10 +- tools/perf/builtin-script.c | 14 +- tools/perf/util/annotate.c | 17 ++- tools/perf/util/path.c | 14 ++ tools/perf/util/path.h | 3 + tools/perf/util/setup.py | 2 + tools/testing/selftests/x86/test_vdso.c | 172 ++++++++++++++++++++++++ 57 files changed, 690 insertions(+), 182 deletions(-)

6 years, 8 months

7
53
0 0

Building 4.14 LTS kernel with GCC 8

by Ignat Korchagin

Hello, We were trying to build 4.14 kernel with GCC 8, but perf failed to compile. The upstream tree seems to have necessary commits to support GCC 8, but they were not ported to 4.14 branch. With backporting the following commits we were able to restore perf compilation and compile a working 4.14 kernel with GCC 8.2: 6810158d526e483868e519befff407b91e76b3db: perf annotate: Use asprintf when formatting objdump command b7a313d84e853049062011d78cb04b6decd12f5c: perf tools: Fix python extension build for gcc 8 77f18153c080855e1c3fb520ca31a4e61530121d: perf tools: Fix snprint warnings for gcc 8 06c3f2aa9fc68e7f3fe3d83e7569d2a2801d9f99: perf utils: Move is_directory() to path.h Propose to apply the above commits to 4.14 to be able to compile it with GCC 8 (mostly to properly support CONFIG_RETPOLINE) Commit 6810158d526e483868e519befff407b91e76b3db might need adjustment to cleanly apply on 4.14 branch. Regards, Ignat

6 years, 8 months

3
6
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 0d63979c1bc9c85578be4c589768a13dc0a7c5eb: Linux 3.18.124 (2018-10-13 09:09:32 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-16102018 for you to fetch changes up to 8103cbfd1edd20d4de51defa9d6914e33b043f91: powerpc/tm: Avoid possible userspace r1 corruption on reclaim (2018-10-15 18:02:23 -0400) - ---------------------------------------------------------------- for-greg-3.18-16102018 - ---------------------------------------------------------------- James Cowgill (1): RISC-V: include linux/ftrace.h in asm-prototypes.h Jozef Balga (1): media: af9035: prevent buffer overflow on write Michael Neuling (2): powerpc/tm: Fix userspace r13 corruption powerpc/tm: Avoid possible userspace r1 corruption on reclaim arch/powerpc/kernel/tm.S | 20 +++++++++++++++++--- arch/riscv/include/asm/asm-prototypes.h | 7 +++++++ drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++++-- 3 files changed, 28 insertions(+), 5 deletions(-) create mode 100644 arch/riscv/include/asm/asm-prototypes.h -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvGFIkACgkQ3qZv95d3 LNz4Kw//VdIsXsVwvtQ3NCLX5PUgxqzP+oJO7JpOP53HpbmkUbpq2tqs4BxIsc5e 4/1HXQjkP4of+y82mLmX6lsH0QMPusrmzWMv5+fcUL3hA2pN9/6a5EVEFdiwCrhy siVoXIEXCFIzw+bKOziSW3Zeggmju0pCjP7dNn2td3Fj+f/vBF9Yd7WUsKSbrWrY 2/U4HRbySBQEtphElk5HjpEJ4zdy6z2OZs+oPXjEjL0akoDo3JSHmYySrZiUj0Gr ZcRqm1aPp0+5AgSTrmxpznSoUlj3Aivc9XuqRo2/wxbasaNVmF7CsYoj9ErUB7YR NKXM7xhgd1zwTr3pW1n/p2Gwf5qTrOt1oOM22hLqOp/KgoUXNGMWrM3nyEAC9cvH ysaVBcj1wDz6Si4wUMyaMrWqNZl/gBRxYQW9UvS7Zi7i+qdAZ1MpdXR9LIKWv1uN f490e1HHuid3qWa2QtRR4LGxIves74uHORUs0xnEsXtoqHy51ozTY9y+6NIfikDQ TDk7+a5JV/9XKRnNTl3flwEmQIkWJ6mpZ1JPM/XeSpmoEFQYAaKJg6DC6V8kgdHM INYbCY8DOqxhdCTN6+qDEkOVwuClpEpWntQF8rxg/W/NdiiXnzCUlOQBmjok8kXW ajgcPZ2n9SzjpbqiXvBPNsXGs5Akt9Vyo6Kyosq+YEY/Jn0HQcM= =j/HW -----END PGP SIGNATURE-----

6 years, 8 months

1
0
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit b001adea66f0e0a7803adfbf9128a2d7969daa4e: Linux 4.4.161 (2018-10-13 09:11:36 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-16102018 for you to fetch changes up to 0d850290d80e46758e82d87904cec458113f923e: powerpc/tm: Avoid possible userspace r1 corruption on reclaim (2018-10-15 18:02:16 -0400) - ---------------------------------------------------------------- for-greg-4.4-16102018 - ---------------------------------------------------------------- Andreas Schwab (1): Input: atakbd - fix Atari keymap James Cowgill (1): RISC-V: include linux/ftrace.h in asm-prototypes.h Jozef Balga (1): media: af9035: prevent buffer overflow on write Keerthy (1): clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs Michael Neuling (2): powerpc/tm: Fix userspace r13 corruption powerpc/tm: Avoid possible userspace r1 corruption on reclaim Michael Schmitz (1): Input: atakbd - fix Atari CapsLock behaviour Nathan Chancellor (1): net/mlx4: Use cpumask_available for eq->affinity_mask arch/powerpc/kernel/tm.S | 20 +++++++-- arch/riscv/include/asm/asm-prototypes.h | 7 ++++ drivers/clocksource/timer-ti-32k.c | 3 ++ drivers/input/keyboard/atakbd.c | 74 +++++++++++++-------------------- drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++- drivers/net/ethernet/mellanox/mlx4/eq.c | 3 +- 6 files changed, 61 insertions(+), 52 deletions(-) create mode 100644 arch/riscv/include/asm/asm-prototypes.h -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvGFIEACgkQ3qZv95d3 LNxv3g//ZDlmu6pfxVo4C+l0pRa+uZvBorGmr+6hHlTYe19kbttuAGykjm+QCCb5 QXvUAft6YJaclXPXWi6NtEEG0TYrEtz7f7GWJyAr9FQ4kHHck2cUZrMq/marpK7i nkFD8ERCqixSV6VWk3PFQGv1oaEJnEi4ygEQXaSwSgVi47GZUS3MxkzUn1T9JAL0 eDR/DhoMOg9IXD8KVlg6yrkOoiSEbUIaYdXoa2JYGalJbAMvsPB4KqOnVe/Ry+/j RAGOzAok3Y8yvpmFSiz/gpkjSL3jQpdlsfvZFZcnnTks3Q6MlHuWt+SNRbRgtmdG VN2ijzyyhdvewj78KIz5V6uewSaw8TauWq6HqLdnTadisA9mvicDuHNkhn8dm54/ irawJcLsVn+KNA6m8fFRgpfRNMP92DvVz25tTbF08QeKGtr/aF/XelPEj2B3YD/R CFE0f5n/vkv6KSs8GSjqvJD8w4vpP1P8TqJwNAdU7yF+aisNWJqaueKdQ8FA8q54 TDPSFUWqqLuDkDyLwfidMJl0R60PhmkVuAFLBqPkIo7m05AFm3Ab71nq7+U45g3C ELw1z/hFSlmj8z9l8VwlxqAdTa/ppKVHnK9eYAnCItpO5G26FNcbpeAZF3lT74XK mzutvuFZznNX6cxxc5fsan5r7c5+oENNMlNlgPplY97mTyUs2/w= =uvan -----END PGP SIGNATURE-----

6 years, 8 months

1
0
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit deb3303f665b31c29210ef4b30b1e69cb06cc397: Linux 4.9.133 (2018-10-13 09:18:59 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-16102018 for you to fetch changes up to 088da20301ef9c8cf3a2b3a16945e7675b90e66e: iommu/amd: Return devid as alias for ACPI HID devices (2018-10-15 18:02:10 -0400) - ---------------------------------------------------------------- for-greg-4.9-16102018 - ---------------------------------------------------------------- Alexandru Gheorghe (1): drm: mali-dp: Call drm_crtc_vblank_reset on device init Andreas Schwab (1): Input: atakbd - fix Atari keymap Arindam Nath (1): iommu/amd: Return devid as alias for ACPI HID devices James Cowgill (1): RISC-V: include linux/ftrace.h in asm-prototypes.h Johannes Thumshirn (1): scsi: sd: don't crash the host on invalid commands Jozef Balga (1): media: af9035: prevent buffer overflow on write Kazuya Mizuguchi (1): ravb: do not write 1 to reserved bits Keerthy (1): clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs Laura Abbott (2): scsi: ibmvscsis: Fix a stringop-overflow warning scsi: ibmvscsis: Ensure partition name is properly NUL terminated Marek Lindner (2): batman-adv: fix backbone_gw refcount on queue_work() failure batman-adv: fix hardif_neigh refcount on queue_work() failure Michael Neuling (2): powerpc/tm: Fix userspace r13 corruption powerpc/tm: Avoid possible userspace r1 corruption on reclaim Michael Schmitz (1): Input: atakbd - fix Atari CapsLock behaviour Nathan Chancellor (1): net/mlx4: Use cpumask_available for eq->affinity_mask Sven Eckelmann (6): batman-adv: Fix segfault when writing to throughput_override batman-adv: Fix segfault when writing to sysfs elp_interval batman-adv: Prevent duplicated nc_node entry batman-adv: Prevent duplicated softif_vlan entry batman-adv: Prevent duplicated global TT entry batman-adv: Prevent duplicated tvlv handler arch/powerpc/kernel/tm.S | 20 +++++++-- arch/riscv/include/asm/asm-prototypes.h | 7 +++ drivers/clocksource/timer-ti-32k.c | 3 ++ drivers/gpu/drm/arm/malidp_drv.c | 1 + drivers/input/keyboard/atakbd.c | 74 ++++++++++++-------------------- drivers/iommu/amd_iommu.c | 6 +++ drivers/media/usb/dvb-usb-v2/af9035.c | 6 ++- drivers/net/ethernet/mellanox/mlx4/eq.c | 3 +- drivers/net/ethernet/renesas/ravb.h | 5 +++ drivers/net/ethernet/renesas/ravb_main.c | 11 ++--- drivers/net/ethernet/renesas/ravb_ptp.c | 2 +- drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 5 +-- drivers/scsi/sd.c | 3 +- net/batman-adv/bat_v_elp.c | 8 +++- net/batman-adv/bridge_loop_avoidance.c | 10 ++++- net/batman-adv/network-coding.c | 27 ++++++------ net/batman-adv/soft-interface.c | 25 ++++++++--- net/batman-adv/sysfs.c | 30 ++++++++----- net/batman-adv/translation-table.c | 6 ++- net/batman-adv/tvlv.c | 8 +++- 20 files changed, 161 insertions(+), 99 deletions(-) create mode 100644 arch/riscv/include/asm/asm-prototypes.h -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvGFHoACgkQ3qZv95d3 LNx+DBAAuEHwt9B1fQdY9RCXkJdOzi1nTvuJsw9BbCcM2iyHFpn2Cz4GVe4DLKy0 ochgEkOKoeUEdJe10twylhyL2H+awkq1EcSmz6/Ncnltft9t+y8zg+/t5GD2yrI9 L0wZcI6vs3kIhJXDZah7b/xapcwcLRq+qiM7+HfYuaG0g9TauzphOr9bwwSIkEW5 qWkJMd1iMrvr9ZTcjTTtrrgW9MnOWpewRIGxaLEDoZ+EzRGgw/NBdDb8CJU6vH6G 9Hsd/IWk/ObWSwToauy02g+lNqwKBc3Y+Vb79YKJfY8k1KXjnyVNtXHCkF63dG7J h+zbdd/mII7fA8b99pfdNlFLPxAXpF6jPpXQsb8wvGw/kWeq+s8ek22ly4p9zIDP 9ZQheepIWL5ATDPwNH8dZ7iuJW3JvBRftBuyyJNcCfCC6dXbhtXSFECmKB+xI5vq iwO01ZGw81yX8N3kSnqmtZBgU1mmFYkvUDe38s63P9rDZOdhshm9XHBwBu54KDyA tF81VuxVvEvYRpPO3a6d/fIZEMcGIplDA/97yIHaNvZWWnURJMnDo+OsphqM5h5c Dt2xvi/t0Hc8RKmILCP6jXrOowj+hrUYjV3Sp7Pb9XtrKPvkKiL1cqu3I3GdeG3i OuXnHApabuLSU0RW21D7LZeHkrRKM+Rj2aaJlyT+ln7j/G8fl74= =C4kD -----END PGP SIGNATURE-----

6 years, 8 months

1
0
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 0b46ce3e3423aee80d28d296e1806176cdcec7ad: Linux 4.14.76 (2018-10-13 09:27:30 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-16102018 for you to fetch changes up to d4c8a84b095877b071d34320c5abcd3a2fb33094: iommu/amd: Return devid as alias for ACPI HID devices (2018-10-15 18:02:03 -0400) - ---------------------------------------------------------------- for-greg-4.14-16102018 - ---------------------------------------------------------------- Alexander Shishkin (1): intel_th: pci: Add Ice Lake PCH support Alexandru Gheorghe (1): drm: mali-dp: Call drm_crtc_vblank_reset on device init Andreas Schwab (1): Input: atakbd - fix Atari keymap Arindam Nath (1): iommu/amd: Return devid as alias for ACPI HID devices Christian Lamparter (1): net: emac: fix fixed-link setup for the RTL8363SB switch Davide Caratti (1): bnxt_en: don't try to offload VLAN 'modify' action Friedemann Gerold (1): net: aquantia: memory corruption on jumbo frames James Cowgill (1): RISC-V: include linux/ftrace.h in asm-prototypes.h Jisheng Zhang (1): PCI: dwc: Fix scheduling while atomic issues Johannes Thumshirn (1): scsi: sd: don't crash the host on invalid commands Jozef Balga (1): media: af9035: prevent buffer overflow on write Kazuya Mizuguchi (1): ravb: do not write 1 to reserved bits Keerthy (1): clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs Laura Abbott (2): scsi: ibmvscsis: Fix a stringop-overflow warning scsi: ibmvscsis: Ensure partition name is properly NUL terminated Marek Lindner (2): batman-adv: fix backbone_gw refcount on queue_work() failure batman-adv: fix hardif_neigh refcount on queue_work() failure Michael Neuling (2): powerpc/tm: Fix userspace r13 corruption powerpc/tm: Avoid possible userspace r1 corruption on reclaim Michael Schmitz (1): Input: atakbd - fix Atari CapsLock behaviour Nathan Chancellor (1): net/mlx4: Use cpumask_available for eq->affinity_mask Sven Eckelmann (8): batman-adv: Avoid probe ELP information leak batman-adv: Fix segfault when writing to throughput_override batman-adv: Fix segfault when writing to sysfs elp_interval batman-adv: Prevent duplicated gateway_node entry batman-adv: Prevent duplicated nc_node entry batman-adv: Prevent duplicated softif_vlan entry batman-adv: Prevent duplicated global TT entry batman-adv: Prevent duplicated tvlv handler Tao Ren (1): clocksource/drivers/fttmr010: Fix set_next_event handler Wen Xiong (1): scsi: ipr: System hung while dlpar adding primary ipr adapter back arch/powerpc/kernel/tm.S | 20 ++++- arch/riscv/include/asm/asm-prototypes.h | 7 ++ drivers/clocksource/timer-fttmr010.c | 18 ++-- drivers/clocksource/timer-ti-32k.c | 3 + drivers/gpu/drm/arm/malidp_drv.c | 1 + drivers/hwtracing/intel_th/pci.c | 5 ++ drivers/input/keyboard/atakbd.c | 74 ++++++---------- drivers/iommu/amd_iommu.c | 6 ++ drivers/media/usb/dvb-usb-v2/af9035.c | 6 +- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 32 ++++--- drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 20 +++-- drivers/net/ethernet/ibm/emac/core.c | 15 ++-- drivers/net/ethernet/mellanox/mlx4/eq.c | 3 +- drivers/net/ethernet/renesas/ravb.h | 5 ++ drivers/net/ethernet/renesas/ravb_main.c | 11 +-- drivers/net/ethernet/renesas/ravb_ptp.c | 2 +- drivers/pci/dwc/pcie-designware.c | 8 +- drivers/pci/dwc/pcie-designware.h | 3 +- drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 5 +- drivers/scsi/ipr.c | 106 +++++++++++++---------- drivers/scsi/ipr.h | 1 + drivers/scsi/sd.c | 3 +- net/batman-adv/bat_v_elp.c | 10 ++- net/batman-adv/bridge_loop_avoidance.c | 10 ++- net/batman-adv/gateway_client.c | 11 ++- net/batman-adv/network-coding.c | 27 +++--- net/batman-adv/soft-interface.c | 25 ++++-- net/batman-adv/sysfs.c | 30 ++++--- net/batman-adv/translation-table.c | 6 +- net/batman-adv/tvlv.c | 8 +- 30 files changed, 296 insertions(+), 185 deletions(-) create mode 100644 arch/riscv/include/asm/asm-prototypes.h -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvGFHMACgkQ3qZv95d3 LNxd3w//el01UZYBcr5IwNl+TCESFIpZu0fKopnSqBcKA5o7I6saYNrWBV3bgoTx Ob+XSfKe0FtXFsvXVveLCyEa/ctAz3wj+6D00kV1x6fbIknAg8GjKogu0rpZgXEG 5acEKpw/zutWSGJcZ166gN0sPH8TZDZJDj3qAXLiSmu0CHAJlTooD+tQd6gtKhrG 8pL7HUoJXIK1PVvghaLhiJh01m7iPAjA5rS1M359dWlNwpgCdOfeAjWThy+3QUaM DEs35AvRFPq+kzGRsJyy++NCp2rqgctorhh1O0FUO8tqBN59poMyPXImjtj/NwJG pRqFaohwjDpIaKjWUiP63dVglrlxshI9uSebVGZwEOJm4tq9nkQtzKtaLYirjiIe nOHPuIYG9u8en9MIImw0m3vmfViHAxATh9/dEZuk4rYyTjVMrNC2d9RPbnpARITH PGHsgysAgFt95f3YQbe7ZnCiojS82sc9+Nn6fi9RXzF3q9k9SyIQ4JF1+fjF45LV Uz5EK08tDS2LcvqdqYeR3Ws5nlhGZVVO7q0ec4b0TBZZ4IxWME6jLGQT6g8UTmwG UV4gVL8/kZ2UlqClk/rYoelYYFo5fL8ntImbGvr+BckRSYcV2+DsQ1t3sHM04fVL kkYMASseaPyGC/c+Xfdcod05lzKdwx0uBdFxb+Wce3qSuefei04= =aLi0 -----END PGP SIGNATURE-----

6 years, 8 months

1
0
0 0

Backports that remove FPU lazy-mode deadcode (4.4)

by Daniel Sangorrin

Hello Greg, This series contains patches that complete the removal of FPU lazy-mode code, documentation and comments for kernel 4.4.y. The patches are mostly cleanups and they can be useful to backport future patches if more bugs on the FPU code are found. [PATCH v4 4.4 1/4] KVM: x86: remove eager_fpu field of struct [PATCH v4 4.4 2/4] x86/fpu: Remove use_eager_fpu() [PATCH v4 4.4 3/4] x86/fpu: Remove struct fpu::counter [PATCH v4 4.4 4/4] x86/fpu: Finish excising 'eagerfpu' Diffstat: Documentation/kernel-parameters.txt | 5 ----- arch/x86/crypto/crc32c-intel_glue.c | 17 ++++------------- arch/x86/include/asm/cpufeatures.h | 1 - arch/x86/include/asm/fpu/internal.h | 37 +------------------------------------ arch/x86/include/asm/fpu/types.h | 34 ---------------------------------- arch/x86/include/asm/kvm_host.h | 1 - arch/x86/kernel/fpu/core.c | 41 +++++------------------------------------ arch/x86/kernel/fpu/signal.c | 8 +++----- arch/x86/kvm/cpuid.c | 5 +---- arch/x86/kvm/x86.c | 10 ---------- 10 files changed, 14 insertions(+), 145 deletions(-) Thanks, Daniel

6 years, 8 months

2
5
0 0

[PATCH stable 4.9 v2 00/29] backport of IP fragmentation fixes

by Florian Fainelli

This is based on Stephen's v4.14 patches, with the necessary merge conflicts, and the lack of timer_setup() on the 4.9 baseline. Perf results on a gigabit capable system, before and after are below. Series can also be found here: https://github.com/ffainelli/linux/commits/fragment-stack-v4.9-v2 Changes in v2: - drop "net: sk_buff rbnode reorg" - added original "ip: use rb trees for IP frag queue." commit Before patches: PerfTop: 180 irqs/sec kernel:78.9% exact: 0.0% [4000Hz cycles:ppp], (all, 4 CPUs) ------------------------------------------------------------------------------- 34.81% [kernel] [k] ip_defrag 4.57% [kernel] [k] arch_cpu_idle 2.09% [kernel] [k] fib_table_lookup 1.74% [kernel] [k] finish_task_switch 1.57% [kernel] [k] v7_dma_inv_range 1.47% [kernel] [k] __netif_receive_skb_core 1.06% [kernel] [k] __slab_free 1.04% [kernel] [k] __netdev_alloc_skb 0.99% [kernel] [k] ip_route_input_noref 0.96% [kernel] [k] dev_gro_receive 0.96% [kernel] [k] tick_nohz_idle_enter 0.93% [kernel] [k] bcm_sysport_poll 0.92% [kernel] [k] skb_release_data 0.91% [kernel] [k] __memzero 0.90% [kernel] [k] __free_page_frag 0.87% [kernel] [k] ip_rcv 0.77% [kernel] [k] eth_type_trans 0.71% [kernel] [k] _raw_spin_unlock_irqrestore 0.68% [kernel] [k] tick_nohz_idle_exit 0.65% [kernel] [k] bcm_sysport_rx_refill After patches: PerfTop: 214 irqs/sec kernel:80.4% exact: 0.0% [4000Hz cycles:ppp], (all, 4 CPUs) ------------------------------------------------------------------------------- 6.61% [kernel] [k] arch_cpu_idle 3.77% [kernel] [k] ip_defrag 3.65% [kernel] [k] v7_dma_inv_range 3.18% [kernel] [k] fib_table_lookup 3.04% [kernel] [k] __netif_receive_skb_core 2.31% [kernel] [k] finish_task_switch 2.31% [kernel] [k] _raw_spin_unlock_irqrestore 1.65% [kernel] [k] bcm_sysport_poll 1.63% [kernel] [k] ip_route_input_noref 1.63% [kernel] [k] __memzero 1.58% [kernel] [k] __netdev_alloc_skb 1.47% [kernel] [k] tick_nohz_idle_enter 1.40% [kernel] [k] __slab_free 1.32% [kernel] [k] ip_rcv 1.32% [kernel] [k] __softirqentry_text_start 1.30% [kernel] [k] dev_gro_receive 1.23% [kernel] [k] bcm_sysport_rx_refill 1.11% [kernel] [k] tick_nohz_idle_exit 1.06% [kernel] [k] memcmp 1.02% [kernel] [k] dma_cache_maint_page Dan Carpenter (1): ipv4: frags: precedence bug in ip_expire() Eric Dumazet (21): inet: frags: change inet_frags_init_net() return value inet: frags: add a pointer to struct netns_frags inet: frags: refactor ipfrag_init() inet: frags: refactor ipv6_frag_init() inet: frags: refactor lowpan_net_frag_init() ipv6: export ip6 fragments sysctl to unprivileged users rhashtable: add schedule points inet: frags: use rhashtables for reassembly units inet: frags: remove some helpers inet: frags: get rif of inet_frag_evicting() inet: frags: remove inet_frag_maybe_warn_overflow() inet: frags: break the 2GB limit for frags storage inet: frags: do not clone skb in ip_expire() ipv6: frags: rewrite ip6_expire_frag_queue() rhashtable: reorganize struct rhashtable layout inet: frags: reorganize struct netns_frags inet: frags: get rid of ipfrag_skb_cb/FRAG_CB inet: frags: fix ip6frag_low_thresh boundary net: speed up skb_rbtree_purge() net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends net: add rb_to_skb() and other rb tree helpers Florian Westphal (1): ipv6: defrag: drop non-last frags smaller than min mtu Peter Oskolkov (5): ip: discard IPv4 datagrams with overlapping segments. net: modify skb_rbtree_purge to return the truesize of all purged skbs. ip: use rb trees for IP frag queue. ip: add helpers to process in-order fragments faster. ip: process in-order fragments efficiently Taehee Yoo (1): ip: frags: fix crash in ip_do_fragment() Documentation/networking/ip-sysctl.txt | 13 +- include/linux/rhashtable.h | 4 +- include/linux/skbuff.h | 34 +- include/net/inet_frag.h | 133 +++--- include/net/ip.h | 1 - include/net/ipv6.h | 26 +- include/uapi/linux/snmp.h | 1 + lib/rhashtable.c | 5 +- net/core/skbuff.c | 31 +- net/ieee802154/6lowpan/6lowpan_i.h | 26 +- net/ieee802154/6lowpan/reassembly.c | 148 +++--- net/ipv4/inet_fragment.c | 379 ++++------------ net/ipv4/ip_fragment.c | 573 +++++++++++++----------- net/ipv4/proc.c | 7 +- net/ipv4/tcp_input.c | 33 +- net/ipv6/netfilter/nf_conntrack_reasm.c | 100 ++--- net/ipv6/proc.c | 5 +- net/ipv6/reassembly.c | 212 ++++----- 18 files changed, 774 insertions(+), 957 deletions(-) -- 2.17.1

6 years, 8 months

3
32
0 0

[PATCH 4.14 00/24] V4.14 backport of 32-bit arm spectre patches

by David Long

From: "David A. Long" <dave.long(a)linaro.org> V4.14 backport of spectre patches from Russell M. King's spectre branch. Patches not yet in upstream are excluded. Marc Zyngier (2): ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 ARM: KVM: invalidate icache on guest exit for Cortex-A15 Russell King (22): ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs ARM: bugs: prepare processor bug infrastructure ARM: bugs: hook processor bug checking into SMP and suspend paths ARM: bugs: add support for per-processor bug checking ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre ARM: spectre-v2: harden branch predictor on context switches ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit ARM: spectre-v2: harden user aborts in kernel space ARM: spectre-v2: add firmware based hardening ARM: spectre-v2: warn about incorrect context switching functions ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 ARM: spectre-v1: add speculation barrier (csdb) macros ARM: spectre-v1: add array_index_mask_nospec() implementation ARM: spectre-v1: fix syscall entry ARM: signal: copy registers using __copy_from_user() ARM: vfp: use __copy_from_user() when restoring VFP state ARM: oabi-compat: copy semops using __copy_from_user() ARM: use __inttype() in get_user() ARM: spectre-v1: use get_user() for __get_user() ARM: spectre-v1: mitigate user accesses arch/arm/include/asm/assembler.h | 12 +++ arch/arm/include/asm/barrier.h | 32 +++++++ arch/arm/include/asm/bugs.h | 6 +- arch/arm/include/asm/cp15.h | 3 + arch/arm/include/asm/cputype.h | 8 ++ arch/arm/include/asm/kvm_asm.h | 2 - arch/arm/include/asm/kvm_host.h | 14 ++- arch/arm/include/asm/kvm_mmu.h | 23 ++++- arch/arm/include/asm/proc-fns.h | 4 + arch/arm/include/asm/system_misc.h | 15 ++++ arch/arm/include/asm/thread_info.h | 4 +- arch/arm/include/asm/uaccess.h | 26 ++++-- arch/arm/kernel/Makefile | 1 + arch/arm/kernel/bugs.c | 18 ++++ arch/arm/kernel/entry-common.S | 18 ++-- arch/arm/kernel/entry-header.S | 25 ++++++ arch/arm/kernel/signal.c | 58 ++++++------- arch/arm/kernel/smp.c | 4 + arch/arm/kernel/suspend.c | 2 + arch/arm/kernel/sys_oabi-compat.c | 8 +- arch/arm/kvm/hyp/hyp-entry.S | 112 +++++++++++++++++++++++- arch/arm/lib/copy_from_user.S | 9 ++ arch/arm/mm/Kconfig | 23 +++++ arch/arm/mm/Makefile | 2 +- arch/arm/mm/fault.c | 3 + arch/arm/mm/proc-macros.S | 3 +- arch/arm/mm/proc-v7-2level.S | 6 -- arch/arm/mm/proc-v7-bugs.c | 174 +++++++++++++++++++++++++++++++++++++ arch/arm/mm/proc-v7.S | 154 +++++++++++++++++++++++++------- arch/arm/vfp/vfpmodule.c | 17 ++-- 30 files changed, 674 insertions(+), 112 deletions(-) create mode 100644 arch/arm/kernel/bugs.c create mode 100644 arch/arm/mm/proc-v7-bugs.c -- 2.5.0

6 years, 8 months

2
25
0 0

[PATCH] ACPICA: Fix dispatcher timeout mechanism

by Bart Van Assche

This patch avoids that the following warning is reported during hibernation: WARNING: CPU: 0 PID: 612 at kernel/time/timekeeping.c:751 ktime_get+0x116/0x120 RIP: 0010:ktime_get+0x116/0x120 Call Trace: acpi_os_get_timer+0xe/0x30 acpi_ds_exec_begin_control_op+0x175/0x1de acpi_ds_exec_begin_op+0x2c7/0x39a acpi_ps_create_op+0x573/0x5e4 acpi_ps_parse_loop+0x349/0x1220 acpi_ps_parse_aml+0x25b/0x6da acpi_ps_execute_method+0x327/0x41b acpi_ns_evaluate+0x4e9/0x6f5 acpi_ut_evaluate_object+0xd9/0x2f2 acpi_rs_get_method_data+0x8f/0x114 acpi_walk_resources+0x122/0x1b6 acpi_pci_link_get_current.isra.2+0x157/0x280 acpi_pci_link_set+0x32f/0x4a0 irqrouter_resume+0x58/0x80 syscore_resume+0x84/0x380 hibernation_snapshot+0x20c/0x4f0 hibernate+0x22d/0x3a6 state_store+0x99/0xa0 kobj_attr_store+0x37/0x50 sysfs_kf_write+0x87/0xa0 kernfs_fop_write+0x1a5/0x240 __vfs_write+0xd2/0x410 vfs_write+0x101/0x250 ksys_write+0xab/0x120 __x64_sys_write+0x43/0x50 do_syscall_64+0x71/0x220 entry_SYSCALL_64_after_hwframe+0x49/0xbe Reported-by: Fengguang Wu <fengguang.wu(a)intel.com> Fixes: 164a08cee135 ("ACPICA: Dispatcher: Introduce timeout mechanism for infinite loop detection") References: https://lists.01.org/pipermail/lkp/2018-April/008406.html Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> Cc: Rafael J. Wysocki <rjw(a)rjwysocki.net> Cc: Len Brown <lenb(a)kernel.org> Cc: Fengguang Wu <fengguang.wu(a)intel.com> Cc: linux-acpi(a)vger.kernel.org Cc: stable(a)vger.kernel.org --- drivers/acpi/acpica/aclocal.h | 2 +- drivers/acpi/acpica/dscontrol.c | 9 ++++----- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/drivers/acpi/acpica/aclocal.h b/drivers/acpi/acpica/aclocal.h index 0f28a38a43ea..7b093bcbaef5 100644 --- a/drivers/acpi/acpica/aclocal.h +++ b/drivers/acpi/acpica/aclocal.h @@ -588,7 +588,7 @@ struct acpi_control_state { union acpi_parse_object *predicate_op; u8 *aml_predicate_start; /* Start of if/while predicate */ u8 *package_end; /* End of if/while block */ - u64 loop_timeout; /* While() loop timeout */ + unsigned long loop_timeout; /* While() loop timeout */ }; /* diff --git a/drivers/acpi/acpica/dscontrol.c b/drivers/acpi/acpica/dscontrol.c index 0da96268deb5..9dbea4549484 100644 --- a/drivers/acpi/acpica/dscontrol.c +++ b/drivers/acpi/acpica/dscontrol.c @@ -84,8 +84,8 @@ acpi_ds_exec_begin_control_op(struct acpi_walk_state *walk_state, control_state->control.package_end = walk_state->parser_state.pkg_end; control_state->control.opcode = op->common.aml_opcode; - control_state->control.loop_timeout = acpi_os_get_timer() + - (u64)(acpi_gbl_max_loop_iterations * ACPI_100NSEC_PER_SEC); + control_state->control.loop_timeout = jiffies + + acpi_gbl_max_loop_iterations * HZ; /* Push the control state on this walk's control stack */ @@ -179,9 +179,8 @@ acpi_ds_exec_end_control_op(struct acpi_walk_state *walk_state, * written AML when the hardware does not respond within a while * loop and the loop does not implement a timeout. */ - if (ACPI_TIME_AFTER(acpi_os_get_timer(), - control_state->control. - loop_timeout)) { + if (time_after(jiffies, + control_state->control.loop_timeout)) { status = AE_AML_LOOP_TIMEOUT; break; } -- 2.19.1.331.ge82ca0e54c-goog

6 years, 8 months

3
4
0 0

FAILED: patch "[PATCH] mm: treat indirectly reclaimable memory as free in overcommit" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From d79f7aa496fc94d763f67b833a1f36f4c171176f Mon Sep 17 00:00:00 2001 From: Roman Gushchin <guro(a)fb.com> Date: Tue, 10 Apr 2018 16:27:47 -0700 Subject: [PATCH] mm: treat indirectly reclaimable memory as free in overcommit logic Indirectly reclaimable memory can consume a significant part of total memory and it's actually reclaimable (it will be released under actual memory pressure). So, the overcommit logic should treat it as free. Otherwise, it's possible to cause random system-wide memory allocation failures by consuming a significant amount of memory by indirectly reclaimable memory, e.g. dentry external names. If overcommit policy GUESS is used, it might be used for denial of service attack under some conditions. The following program illustrates the approach. It causes the kernel to allocate an unreclaimable kmalloc-256 chunk for each stat() call, so that at some point the overcommit logic may start blocking large allocation system-wide. int main() { char buf[256]; unsigned long i; struct stat statbuf; buf[0] = '/'; for (i = 1; i < sizeof(buf); i++) buf[i] = '_'; for (i = 0; 1; i++) { sprintf(&buf[248], "%8lu", i); stat(buf, &statbuf); } return 0; } This patch in combination with related indirectly reclaimable memory patches closes this issue. Link: http://lkml.kernel.org/r/20180313130041.8078-1-guro@fb.com Signed-off-by: Roman Gushchin <guro(a)fb.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/mm/util.c b/mm/util.c index 029fc2f3b395..73676f0f1b43 100644 --- a/mm/util.c +++ b/mm/util.c @@ -667,6 +667,13 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) */ free += global_node_page_state(NR_SLAB_RECLAIMABLE); + /* + * Part of the kernel memory, which can be released + * under memory pressure. + */ + free += global_node_page_state( + NR_INDIRECTLY_RECLAIMABLE_BYTES) >> PAGE_SHIFT; + /* * Leave reserved pages. The pages are not for anonymous pages. */

6 years, 8 months

3
4
0 0

[stable PATCH] xhci: Don't print a warning when setting link state for disabled ports

by Ross Zwisler

From: Mathias Nyman <mathias.nyman(a)linux.intel.com> commit 1208d8a84fdcae6b395c57911cdf907450d30e70 upstream. When disabling a USB3 port the hub driver will set the port link state to U3 to prevent "ejected" or "safely removed" devices that are still physically connected from immediately re-enumerating. If the device was really unplugged, then error messages were printed as the hub tries to set the U3 link state for a port that is no longer enabled. xhci-hcd ee000000.usb: Cannot set link state. usb usb8-port1: cannot disable (err = -32) Don't print error message in xhci-hub if hub tries to set port link state for a disabled port. Return -ENODEV instead which also silences hub driver. Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Ross Zwisler <zwisler(a)google.com> --- We'd like to get this commit added to linux-4.14.y, linux-4.9.y and linux-4.4.y, please. We continue to get error reports from users who are concerned about the USB error messages referred to in the changelog. The upstream commit 1208d8a84fdc can be cherry-picked cleanly to linux-4.14.y, and this patch applies cleanly to both linux-4.9.y and linux-4.4.y. I've tested both the clean cherry-pick and this version of the patch on real hardware. --- drivers/usb/host/xhci-hub.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index 0722f75f1d6a..54bde0f45666 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -1073,13 +1073,15 @@ int xhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, break; } - /* Software should not attempt to set - * port link state above '3' (U3) and the port - * must be enabled. - */ - if ((temp & PORT_PE) == 0 || - (link_state > USB_SS_PORT_LS_U3)) { - xhci_warn(xhci, "Cannot set link state.\n"); + /* Port must be enabled */ + if (!(temp & PORT_PE)) { + retval = -ENODEV; + break; + } + /* Can't set port link state above '3' (U3) */ + if (link_state > USB_SS_PORT_LS_U3) { + xhci_warn(xhci, "Cannot set port %d link state %d\n", + wIndex, link_state); goto error; } -- 2.19.0.605.g01d371f741-goog

6 years, 8 months

2
1
0 0

i2c: i2c-scmi: fix for i2c_smbus_write_block_data

by Wolfram Sang

Hi, upstream commit 08d9db00fe0e ("i2c: i2c-scmi: fix for i2c_smbus_write_block_data") should go to stable. I simply forgot to tag it accordingly. I am sorry about that. It should have: Fixes: dc9854212e0d ("i2c: Add driver for SMBus Control Method Interface") # v2.6.32+ Thanks, Wolfram

6 years, 8 months

2
1
0 0

FAILED: patch "[PATCH] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup'" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 148b9aba99e0bbadf361747d21456e1589015f74 Mon Sep 17 00:00:00 2001 From: "Maciej W. Rozycki" <macro(a)linux-mips.org> Date: Tue, 2 Oct 2018 12:50:11 +0100 Subject: [PATCH] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup' regression Fix a commit 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") regression and remove assembly warnings: arch/mips/lib/memset.S: Assembler messages: arch/mips/lib/memset.S:243: Warning: Macro instruction expanded into multiple instructions in a branch delay slot triggering with the CPU_DADDI_WORKAROUNDS option set and this code: PTR_SUBU a2, t1, a0 jr ra PTR_ADDIU a2, 1 This is because with that option in place the DADDIU instruction, which the PTR_ADDIU CPP macro expands to, becomes a GAS macro, which in turn expands to an LI/DADDU (or actually ADDIU/DADDU) sequence: 13c: 01a4302f dsubu a2,t1,a0 140: 03e00008 jr ra 144: 24010001 li at,1 148: 00c1302d daddu a2,a2,at ... Correct this by switching off the `noreorder' assembly mode and letting GAS schedule this jump's delay slot, as there is nothing special about it that would require manual scheduling. With this change in place correct code is produced: 13c: 01a4302f dsubu a2,t1,a0 140: 24010001 li at,1 144: 03e00008 jr ra 148: 00c1302d daddu a2,a2,at ... Signed-off-by: Maciej W. Rozycki <macro(a)linux-mips.org> Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") Patchwork: https://patchwork.linux-mips.org/patch/20833/ Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: stable(a)vger.kernel.org # 4.17+ diff --git a/arch/mips/lib/memset.S b/arch/mips/lib/memset.S index 3a6f34ef5ffc..069acec3df9f 100644 --- a/arch/mips/lib/memset.S +++ b/arch/mips/lib/memset.S @@ -280,9 +280,11 @@ * unset_bytes = end_addr - current_addr + 1 * a2 = t1 - a0 + 1 */ + .set reorder PTR_SUBU a2, t1, a0 + PTR_ADDIU a2, 1 jr ra - PTR_ADDIU a2, 1 + .set noreorder .endm

6 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup'" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 148b9aba99e0bbadf361747d21456e1589015f74 Mon Sep 17 00:00:00 2001 From: "Maciej W. Rozycki" <macro(a)linux-mips.org> Date: Tue, 2 Oct 2018 12:50:11 +0100 Subject: [PATCH] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup' regression Fix a commit 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") regression and remove assembly warnings: arch/mips/lib/memset.S: Assembler messages: arch/mips/lib/memset.S:243: Warning: Macro instruction expanded into multiple instructions in a branch delay slot triggering with the CPU_DADDI_WORKAROUNDS option set and this code: PTR_SUBU a2, t1, a0 jr ra PTR_ADDIU a2, 1 This is because with that option in place the DADDIU instruction, which the PTR_ADDIU CPP macro expands to, becomes a GAS macro, which in turn expands to an LI/DADDU (or actually ADDIU/DADDU) sequence: 13c: 01a4302f dsubu a2,t1,a0 140: 03e00008 jr ra 144: 24010001 li at,1 148: 00c1302d daddu a2,a2,at ... Correct this by switching off the `noreorder' assembly mode and letting GAS schedule this jump's delay slot, as there is nothing special about it that would require manual scheduling. With this change in place correct code is produced: 13c: 01a4302f dsubu a2,t1,a0 140: 24010001 li at,1 144: 03e00008 jr ra 148: 00c1302d daddu a2,a2,at ... Signed-off-by: Maciej W. Rozycki <macro(a)linux-mips.org> Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") Patchwork: https://patchwork.linux-mips.org/patch/20833/ Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: stable(a)vger.kernel.org # 4.17+ diff --git a/arch/mips/lib/memset.S b/arch/mips/lib/memset.S index 3a6f34ef5ffc..069acec3df9f 100644 --- a/arch/mips/lib/memset.S +++ b/arch/mips/lib/memset.S @@ -280,9 +280,11 @@ * unset_bytes = end_addr - current_addr + 1 * a2 = t1 - a0 + 1 */ + .set reorder PTR_SUBU a2, t1, a0 + PTR_ADDIU a2, 1 jr ra - PTR_ADDIU a2, 1 + .set noreorder .endm

6 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup'" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 148b9aba99e0bbadf361747d21456e1589015f74 Mon Sep 17 00:00:00 2001 From: "Maciej W. Rozycki" <macro(a)linux-mips.org> Date: Tue, 2 Oct 2018 12:50:11 +0100 Subject: [PATCH] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup' regression Fix a commit 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") regression and remove assembly warnings: arch/mips/lib/memset.S: Assembler messages: arch/mips/lib/memset.S:243: Warning: Macro instruction expanded into multiple instructions in a branch delay slot triggering with the CPU_DADDI_WORKAROUNDS option set and this code: PTR_SUBU a2, t1, a0 jr ra PTR_ADDIU a2, 1 This is because with that option in place the DADDIU instruction, which the PTR_ADDIU CPP macro expands to, becomes a GAS macro, which in turn expands to an LI/DADDU (or actually ADDIU/DADDU) sequence: 13c: 01a4302f dsubu a2,t1,a0 140: 03e00008 jr ra 144: 24010001 li at,1 148: 00c1302d daddu a2,a2,at ... Correct this by switching off the `noreorder' assembly mode and letting GAS schedule this jump's delay slot, as there is nothing special about it that would require manual scheduling. With this change in place correct code is produced: 13c: 01a4302f dsubu a2,t1,a0 140: 24010001 li at,1 144: 03e00008 jr ra 148: 00c1302d daddu a2,a2,at ... Signed-off-by: Maciej W. Rozycki <macro(a)linux-mips.org> Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") Patchwork: https://patchwork.linux-mips.org/patch/20833/ Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: stable(a)vger.kernel.org # 4.17+ diff --git a/arch/mips/lib/memset.S b/arch/mips/lib/memset.S index 3a6f34ef5ffc..069acec3df9f 100644 --- a/arch/mips/lib/memset.S +++ b/arch/mips/lib/memset.S @@ -280,9 +280,11 @@ * unset_bytes = end_addr - current_addr + 1 * a2 = t1 - a0 + 1 */ + .set reorder PTR_SUBU a2, t1, a0 + PTR_ADDIU a2, 1 jr ra - PTR_ADDIU a2, 1 + .set noreorder .endm

6 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup'" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 148b9aba99e0bbadf361747d21456e1589015f74 Mon Sep 17 00:00:00 2001 From: "Maciej W. Rozycki" <macro(a)linux-mips.org> Date: Tue, 2 Oct 2018 12:50:11 +0100 Subject: [PATCH] MIPS: memset: Fix CPU_DADDI_WORKAROUNDS `small_fixup' regression Fix a commit 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") regression and remove assembly warnings: arch/mips/lib/memset.S: Assembler messages: arch/mips/lib/memset.S:243: Warning: Macro instruction expanded into multiple instructions in a branch delay slot triggering with the CPU_DADDI_WORKAROUNDS option set and this code: PTR_SUBU a2, t1, a0 jr ra PTR_ADDIU a2, 1 This is because with that option in place the DADDIU instruction, which the PTR_ADDIU CPP macro expands to, becomes a GAS macro, which in turn expands to an LI/DADDU (or actually ADDIU/DADDU) sequence: 13c: 01a4302f dsubu a2,t1,a0 140: 03e00008 jr ra 144: 24010001 li at,1 148: 00c1302d daddu a2,a2,at ... Correct this by switching off the `noreorder' assembly mode and letting GAS schedule this jump's delay slot, as there is nothing special about it that would require manual scheduling. With this change in place correct code is produced: 13c: 01a4302f dsubu a2,t1,a0 140: 24010001 li at,1 144: 03e00008 jr ra 148: 00c1302d daddu a2,a2,at ... Signed-off-by: Maciej W. Rozycki <macro(a)linux-mips.org> Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 8a8158c85e1e ("MIPS: memset.S: EVA & fault support for small_memset") Patchwork: https://patchwork.linux-mips.org/patch/20833/ Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: stable(a)vger.kernel.org # 4.17+ diff --git a/arch/mips/lib/memset.S b/arch/mips/lib/memset.S index 3a6f34ef5ffc..069acec3df9f 100644 --- a/arch/mips/lib/memset.S +++ b/arch/mips/lib/memset.S @@ -280,9 +280,11 @@ * unset_bytes = end_addr - current_addr + 1 * a2 = t1 - a0 + 1 */ + .set reorder PTR_SUBU a2, t1, a0 + PTR_ADDIU a2, 1 jr ra - PTR_ADDIU a2, 1 + .set noreorder .endm

6 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: VDSO: Always map near top of user memory" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ea7e0480a4b695d0aa6b3fa99bd658a003122113 Mon Sep 17 00:00:00 2001 From: Paul Burton <paul.burton(a)mips.com> Date: Tue, 25 Sep 2018 15:51:26 -0700 Subject: [PATCH] MIPS: VDSO: Always map near top of user memory When using the legacy mmap layout, for example triggered using ulimit -s unlimited, get_unmapped_area() fills memory from bottom to top starting from a fairly low address near TASK_UNMAPPED_BASE. This placement is suboptimal if the user application wishes to allocate large amounts of heap memory using the brk syscall. With the VDSO being located low in the user's virtual address space, the amount of space available for access using brk is limited much more than it was prior to the introduction of the VDSO. For example: # ulimit -s unlimited; cat /proc/self/maps 00400000-004ec000 r-xp 00000000 08:00 71436 /usr/bin/coreutils 004fc000-004fd000 rwxp 000ec000 08:00 71436 /usr/bin/coreutils 004fd000-0050f000 rwxp 00000000 00:00 0 00cc3000-00ce4000 rwxp 00000000 00:00 0 [heap] 2ab96000-2ab98000 r--p 00000000 00:00 0 [vvar] 2ab98000-2ab99000 r-xp 00000000 00:00 0 [vdso] 2ab99000-2ab9d000 rwxp 00000000 00:00 0 ... Resolve this by adjusting STACK_TOP to reserve space for the VDSO & providing an address hint to get_unmapped_area() causing it to use this space even when using the legacy mmap layout. We reserve enough space for the VDSO, plus 1MB or 256MB for 32 bit & 64 bit systems respectively within which we randomize the VDSO base address. Previously this randomization was taken care of by the mmap base address randomization performed by arch_mmap_rnd(). The 1MB & 256MB sizes are somewhat arbitrary but chosen such that we have some randomization without taking up too much of the user's virtual address space, which is often in short supply for 32 bit systems. With this the VDSO is always mapped at a high address, leaving lots of space for statically linked programs to make use of brk: # ulimit -s unlimited; cat /proc/self/maps 00400000-004ec000 r-xp 00000000 08:00 71436 /usr/bin/coreutils 004fc000-004fd000 rwxp 000ec000 08:00 71436 /usr/bin/coreutils 004fd000-0050f000 rwxp 00000000 00:00 0 00c28000-00c49000 rwxp 00000000 00:00 0 [heap] ... 7f67c000-7f69d000 rwxp 00000000 00:00 0 [stack] 7f7fc000-7f7fd000 rwxp 00000000 00:00 0 7fcf1000-7fcf3000 r--p 00000000 00:00 0 [vvar] 7fcf3000-7fcf4000 r-xp 00000000 00:00 0 [vdso] Signed-off-by: Paul Burton <paul.burton(a)mips.com> Reported-by: Huacai Chen <chenhc(a)lemote.com> Fixes: ebb5e78cc634 ("MIPS: Initial implementation of a VDSO") Cc: Huacai Chen <chenhc(a)lemote.com> Cc: linux-mips(a)linux-mips.org Cc: stable(a)vger.kernel.org # v4.4+ diff --git a/arch/mips/include/asm/processor.h b/arch/mips/include/asm/processor.h index b2fa62922d88..49d6046ca1d0 100644 --- a/arch/mips/include/asm/processor.h +++ b/arch/mips/include/asm/processor.h @@ -13,6 +13,7 @@ #include <linux/atomic.h> #include <linux/cpumask.h> +#include <linux/sizes.h> #include <linux/threads.h> #include <asm/cachectl.h> @@ -80,11 +81,10 @@ extern unsigned int vced_count, vcei_count; #endif -/* - * One page above the stack is used for branch delay slot "emulation". - * See dsemul.c for details. - */ -#define STACK_TOP ((TASK_SIZE & PAGE_MASK) - PAGE_SIZE) +#define VDSO_RANDOMIZE_SIZE (TASK_IS_32BIT_ADDR ? SZ_1M : SZ_256M) + +extern unsigned long mips_stack_top(void); +#define STACK_TOP mips_stack_top() /* * This decides where the kernel will search for a free chunk of vm diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c index 8fc69891e117..d4f7fd4550e1 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c @@ -32,6 +32,7 @@ #include <linux/nmi.h> #include <linux/cpu.h> +#include <asm/abi.h> #include <asm/asm.h> #include <asm/bootinfo.h> #include <asm/cpu.h> @@ -39,6 +40,7 @@ #include <asm/dsp.h> #include <asm/fpu.h> #include <asm/irq.h> +#include <asm/mips-cps.h> #include <asm/msa.h> #include <asm/pgtable.h> #include <asm/mipsregs.h> @@ -645,6 +647,29 @@ unsigned long get_wchan(struct task_struct *task) return pc; } +unsigned long mips_stack_top(void) +{ + unsigned long top = TASK_SIZE & PAGE_MASK; + + /* One page for branch delay slot "emulation" */ + top -= PAGE_SIZE; + + /* Space for the VDSO, data page & GIC user page */ + top -= PAGE_ALIGN(current->thread.abi->vdso->size); + top -= PAGE_SIZE; + top -= mips_gic_present() ? PAGE_SIZE : 0; + + /* Space for cache colour alignment */ + if (cpu_has_dc_aliases) + top -= shm_align_mask + 1; + + /* Space to randomize the VDSO base */ + if (current->flags & PF_RANDOMIZE) + top -= VDSO_RANDOMIZE_SIZE; + + return top; +} + /* * Don't forget that the stack pointer must be aligned on a 8 bytes * boundary for 32-bits ABI and 16 bytes for 64-bits ABI. diff --git a/arch/mips/kernel/vdso.c b/arch/mips/kernel/vdso.c index 8f845f6e5f42..48a9c6b90e07 100644 --- a/arch/mips/kernel/vdso.c +++ b/arch/mips/kernel/vdso.c @@ -15,6 +15,7 @@ #include <linux/ioport.h> #include <linux/kernel.h> #include <linux/mm.h> +#include <linux/random.h> #include <linux/sched.h> #include <linux/slab.h> #include <linux/timekeeper_internal.h> @@ -97,6 +98,21 @@ void update_vsyscall_tz(void) } } +static unsigned long vdso_base(void) +{ + unsigned long base; + + /* Skip the delay slot emulation page */ + base = STACK_TOP + PAGE_SIZE; + + if (current->flags & PF_RANDOMIZE) { + base += get_random_int() & (VDSO_RANDOMIZE_SIZE - 1); + base = PAGE_ALIGN(base); + } + + return base; +} + int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) { struct mips_vdso_image *image = current->thread.abi->vdso; @@ -137,7 +153,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) if (cpu_has_dc_aliases) size += shm_align_mask + 1; - base = get_unmapped_area(NULL, 0, size, 0, 0); + base = get_unmapped_area(NULL, vdso_base(), size, 0, 0); if (IS_ERR_VALUE(base)) { ret = base; goto out;

6 years, 8 months

1
0
0 0

stable backport request: 28e2c4bb99aa ("mm/vmstat.c: fix outdated vmstat_text")

by Jann Horn

I guess I should put more stable backport tags on stuff, I've been bugged about not having requested a backport for the following: commit 28e2c4bb99aa ("mm/vmstat.c: fix outdated vmstat_text"), for stable kernels 4.14 and 4.18.

6 years, 8 months

2
1
0 0

[PATCH] drm/atomic_helper: Stop modesets on unregistered connectors harder

by Lyude Paul

Unfortunately, it appears our fix in: commit b5d29843d8ef ("drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors") Which attempted to work around the problems introduced by: commit 4d80273976bf ("drm/atomic_helper: Disallow new modesets on unregistered connectors") Is still not the right solution, as modesets can still be triggered outside of drm_atomic_set_crtc_for_connector(). So in order to fix this, while still being careful that we don't break modesets that a driver may perform before being registered with userspace, we replace connector->registered with a tristate member, connector->registration_state. This allows us to keep track of whether or not a connector is still initializing and hasn't been exposed to userspace, is currently registered and exposed to userspace, or has been legitimately removed from the system after having once been present. Using this info, we can prevent userspace from performing new modesets on unregistered connectors while still allowing the driver to perform modesets on unregistered connectors before the driver has finished being registered. Fixes: b5d29843d8ef ("drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors") Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: stable(a)vger.kernel.org Cc: David Airlie <airlied(a)linux.ie> Signed-off-by: Lyude Paul <lyude(a)redhat.com> --- drivers/gpu/drm/drm_atomic_helper.c | 60 +++++++++++++++++++++---- drivers/gpu/drm/drm_atomic_uapi.c | 21 --------- drivers/gpu/drm/drm_connector.c | 10 ++--- drivers/gpu/drm/i915/intel_dp_mst.c | 8 ++-- include/drm/drm_connector.h | 68 ++++++++++++++++++++++++++++- 5 files changed, 127 insertions(+), 40 deletions(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 6f66777dca4b..6cadeaf28ae4 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -529,6 +529,35 @@ mode_valid(struct drm_atomic_state *state) return 0; } +static int +unregistered_connector_check(struct drm_atomic_state *state, + struct drm_connector *connector, + struct drm_connector_state *old_conn_state, + struct drm_connector_state *new_conn_state) +{ + struct drm_crtc_state *crtc_state; + struct drm_crtc *crtc; + + if (!drm_connector_unregistered(connector)) + return 0; + + crtc = new_conn_state->crtc; + if (!crtc) + return 0; + + crtc_state = drm_atomic_get_new_crtc_state(state, crtc); + if (!crtc_state || !drm_atomic_crtc_needs_modeset(crtc_state)) + return 0; + + if (crtc_state->mode_changed) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] can't change mode on unregistered connector\n", + connector->base.id, connector->name); + return -EINVAL; + } + + return 0; +} + /** * drm_atomic_helper_check_modeset - validate state object for modeset changes * @dev: DRM device @@ -684,18 +713,33 @@ drm_atomic_helper_check_modeset(struct drm_device *dev, return ret; } - /* - * Iterate over all connectors again, to make sure atomic_check() - * has been called on them when a modeset is forced. - */ for_each_oldnew_connector_in_state(state, connector, old_connector_state, new_connector_state, i) { const struct drm_connector_helper_funcs *funcs = connector->helper_private; - if (connectors_mask & BIT(i)) - continue; + /* Make sure atomic_check() is called on any unchecked + * connectors when a modeset has been forced + */ + if (connectors_mask & BIT(i) && funcs->atomic_check) { + ret = funcs->atomic_check(connector, + new_connector_state); + if (ret) + return ret; + } - if (funcs->atomic_check) - ret = funcs->atomic_check(connector, new_connector_state); + /* + * Prevent userspace from turning on new displays or setting + * new modes using connectors which have been removed from + * userspace. This is racy since an unplug could happen at any + * time including after this check, but that's OK: we only + * care about preventing userspace from trying to set invalid + * state using destroyed connectors that it's been notified + * about. No one can save us after the atomic check completes + * but ourselves. + */ + ret = unregistered_connector_check(state, + connector, + old_connector_state, + new_connector_state); if (ret) return ret; } diff --git a/drivers/gpu/drm/drm_atomic_uapi.c b/drivers/gpu/drm/drm_atomic_uapi.c index a22d6f269b07..d5b7f315098c 100644 --- a/drivers/gpu/drm/drm_atomic_uapi.c +++ b/drivers/gpu/drm/drm_atomic_uapi.c @@ -299,27 +299,6 @@ drm_atomic_set_crtc_for_connector(struct drm_connector_state *conn_state, struct drm_connector *connector = conn_state->connector; struct drm_crtc_state *crtc_state; - /* - * For compatibility with legacy users, we want to make sure that - * we allow DPMS On<->Off modesets on unregistered connectors, since - * legacy modesetting users will not be expecting these to fail. We do - * not however, want to allow legacy users to assign a connector - * that's been unregistered from sysfs to another CRTC, since doing - * this with a now non-existent connector could potentially leave us - * in an invalid state. - * - * Since the connector can be unregistered at any point during an - * atomic check or commit, this is racy. But that's OK: all we care - * about is ensuring that userspace can't use this connector for new - * configurations after it's been notified that the connector is no - * longer present. - */ - if (!READ_ONCE(connector->registered) && crtc) { - DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", - connector->base.id, connector->name); - return -EINVAL; - } - if (conn_state->crtc == crtc) return 0; diff --git a/drivers/gpu/drm/drm_connector.c b/drivers/gpu/drm/drm_connector.c index 5d01414ec9f7..79943102fe18 100644 --- a/drivers/gpu/drm/drm_connector.c +++ b/drivers/gpu/drm/drm_connector.c @@ -396,7 +396,7 @@ void drm_connector_cleanup(struct drm_connector *connector) /* The connector should have been removed from userspace long before * it is finally destroyed. */ - if (WARN_ON(connector->registered)) + if (WARN_ON(!drm_connector_unregistered(connector))) drm_connector_unregister(connector); if (connector->tile_group) { @@ -453,7 +453,7 @@ int drm_connector_register(struct drm_connector *connector) return 0; mutex_lock(&connector->mutex); - if (connector->registered) + if (connector->registration_state != DRM_CONNECTOR_INITIALIZING) goto unlock; ret = drm_sysfs_connector_add(connector); @@ -473,7 +473,7 @@ int drm_connector_register(struct drm_connector *connector) drm_mode_object_register(connector->dev, &connector->base); - connector->registered = true; + connector->registration_state = DRM_CONNECTOR_REGISTERED; goto unlock; err_debugfs: @@ -495,7 +495,7 @@ EXPORT_SYMBOL(drm_connector_register); void drm_connector_unregister(struct drm_connector *connector) { mutex_lock(&connector->mutex); - if (!connector->registered) { + if (connector->registration_state != DRM_CONNECTOR_REGISTERED) { mutex_unlock(&connector->mutex); return; } @@ -506,7 +506,7 @@ void drm_connector_unregister(struct drm_connector *connector) drm_sysfs_connector_remove(connector); drm_debugfs_connector_remove(connector); - connector->registered = false; + connector->registration_state = DRM_CONNECTOR_UNREGISTERED; mutex_unlock(&connector->mutex); } EXPORT_SYMBOL(drm_connector_unregister); diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index b268bdd71bd3..ad367309e10b 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -78,7 +78,7 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, pipe_config->pbn = mst_pbn; /* Zombie connectors can't have VCPI slots */ - if (READ_ONCE(connector->registered)) { + if (!drm_connector_unregistered(connector)) { slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, port, @@ -314,7 +314,7 @@ static int intel_dp_mst_get_ddc_modes(struct drm_connector *connector) struct edid *edid; int ret; - if (!READ_ONCE(connector->registered)) + if (drm_connector_unregistered(connector)) return intel_connector_update_modes(connector, NULL); edid = drm_dp_mst_get_edid(connector, &intel_dp->mst_mgr, intel_connector->port); @@ -330,7 +330,7 @@ intel_dp_mst_detect(struct drm_connector *connector, bool force) struct intel_connector *intel_connector = to_intel_connector(connector); struct intel_dp *intel_dp = intel_connector->mst_port; - if (!READ_ONCE(connector->registered)) + if (drm_connector_unregistered(connector)) return connector_status_disconnected; return drm_dp_mst_detect_port(connector, &intel_dp->mst_mgr, intel_connector->port); @@ -361,7 +361,7 @@ intel_dp_mst_mode_valid(struct drm_connector *connector, int bpp = 24; /* MST uses fixed bpp */ int max_rate, mode_rate, max_lanes, max_link_clock; - if (!READ_ONCE(connector->registered)) + if (drm_connector_unregistered(connector)) return MODE_ERROR; if (mode->flags & DRM_MODE_FLAG_DBLSCAN) diff --git a/include/drm/drm_connector.h b/include/drm/drm_connector.h index 5b3cf909fd5e..5f3e4a37bcd2 100644 --- a/include/drm/drm_connector.h +++ b/include/drm/drm_connector.h @@ -82,6 +82,51 @@ enum drm_connector_status { connector_status_unknown = 3, }; +/** + * enum drm_connector_registration_status - userspace registration status for + * a &drm_connector + * + * This enum is used to track the status of initializing a connector and + * registering it with userspace, so that DRM can prevent bogus modesets on + * connectors that no longer exist. + */ +enum drm_connector_registration_state { + /** + * @DRM_CONNECTOR_INITIALIZING: The connector has just been created, + * but has yet to be exposed to userspace. There should be no + * additional restrictions to how the state of this connector may be + * modified. connector to a new CRTC. + */ + DRM_CONNECTOR_INITIALIZING = 0, + + /** + * @DRM_CONNECTOR_REGISTERED: The connector has been fully initialized + * and registered with sysfs, as such it has been exposed to + * userspace. There should be no additional restrictions to how the + * state of this connector may be modified. + */ + DRM_CONNECTOR_REGISTERED = 1, + + /** + * @DRM_CONNECTOR_UNREGISTERED: The connector has either been exposed + * to userspace and has since been unregistered and removed from + * userspace, or the connector was destroyed before it had a chance to + * be exposed to userspace. There are additional restrictions to how + * the state of an unregistered connector may be modified: + * + * - The current display mode as exposed to userspace must remain the + * same as it was when the connector was unregistered. + * - The connector's currently assigned CRTC may be unassigned from + * this connector. Unassigning the connector's CRTC must be + * permanent. + * - New CRTCs must not be assigned to this connector. + * - The DPMS state of the connector (for compatibility with legacy + * modesetting) may modified freely, so long as doing so does not + * cause the new atomic state to violate any of these rules. + */ + DRM_CONNECTOR_UNREGISTERED = 2, +}; + enum subpixel_order { SubPixelUnknown = 0, SubPixelHorizontalRGB, @@ -853,10 +898,12 @@ struct drm_connector { bool ycbcr_420_allowed; /** - * @registered: Is this connector exposed (registered) with userspace? + * @registration_state: Is this connector initializing, exposed + * (registered) with userspace, or unregistered? + * * Protected by @mutex. */ - bool registered; + enum drm_connector_registration_state registration_state; /** * @modes: @@ -1167,6 +1214,23 @@ static inline void drm_connector_unreference(struct drm_connector *connector) drm_connector_put(connector); } +/** + * drm_connector_unregistered - has the connector been unregistered from + * userspace? + * @connector: DRM connector + * + * Checks whether or not @connector has been unregistered from userspace. + * + * Returns: + * True if the connector was unregistered, false if the connector is + * registered or has not yet been registered with userspace. + */ +static inline bool drm_connector_unregistered(struct drm_connector *connector) +{ + return READ_ONCE(connector->registration_state) == + DRM_CONNECTOR_UNREGISTERED; +} + const char *drm_get_connector_status_name(enum drm_connector_status status); const char *drm_get_subpixel_order_name(enum subpixel_order order); const char *drm_get_dpms_name(int val); -- 2.17.2

6 years, 8 months

2
1
0 0

patch "USB: fix the usbfs flag sanitization for control transfers" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: fix the usbfs flag sanitization for control transfers to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 665c365a77fbfeabe52694aedf3446d5f2f1ce42 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Mon, 15 Oct 2018 16:55:04 -0400 Subject: USB: fix the usbfs flag sanitization for control transfers Commit 7a68d9fb8510 ("USB: usbdevfs: sanitize flags more") checks the transfer flags for URBs submitted from userspace via usbfs. However, the check for whether the USBDEVFS_URB_SHORT_NOT_OK flag should be allowed for a control transfer was added in the wrong place, before the code has properly determined the direction of the control transfer. (Control transfers are special because for them, the direction is set by the bRequestType byte of the Setup packet rather than direction bit of the endpoint address.) This patch moves code which sets up the allow_short flag for control transfers down after is_in has been set to the correct value. Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Reported-and-tested-by: syzbot+24a30223a4b609bb802e(a)syzkaller.appspotmail.com Fixes: 7a68d9fb8510 ("USB: usbdevfs: sanitize flags more") CC: Oliver Neukum <oneukum(a)suse.com> CC: <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/devio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index 244417d0dfd1..ffccd40ea67d 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -1474,8 +1474,6 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb u = 0; switch (uurb->type) { case USBDEVFS_URB_TYPE_CONTROL: - if (is_in) - allow_short = true; if (!usb_endpoint_xfer_control(&ep->desc)) return -EINVAL; /* min 8 byte setup packet */ @@ -1505,6 +1503,8 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb is_in = 0; uurb->endpoint &= ~USB_DIR_IN; } + if (is_in) + allow_short = true; snoop(&ps->dev->dev, "control urb: bRequestType=%02x " "bRequest=%02x wValue=%04x " "wIndex=%04x wLength=%04x\n", -- 2.19.1

6 years, 8 months

1
0
0 0

[GIT PULL] commits for Linux 4.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 7da07a3216a00aa3c523db4539fc6914497d0576: Linux 4.18.12 (2018-10-03 16:59:28 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.18-12102018 for you to fetch changes up to 6504d46ffb696d2b116606dbb44a16b06241cf49: mm: slowly shrink slabs with a relatively small number of objects (2018-10-03 22:24:11 -0400) - ---------------------------------------------------------------- for-greg-4.18-12102018 - ---------------------------------------------------------------- Akshu Agrawal (1): ASoC: AMD: Ensure reset bit is cleared before configuring Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Anders Roxell (2): selftests: android: move config up a level selftests: add headers_install to lib.mk Charles Keepax (1): ASoC: dapm: Fix NULL pointer deference on CODEC to CODEC DAIs Corentin Labbe (1): net: ethernet: ti: add missing GENERIC_ALLOCATOR dependency Dan Carpenter (1): scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit Guenter Roeck (4): hwmon: (nct6775) Fix access to fan pulse registers hwmon: (nct6775) Fix virtual temperature sources for NCT6796D hwmon: (nct6775) Fix RPM output for fan7 on NCT6796D hwmon: (nct6775) Use different register to get fan RPM for fan7 Hans de Goede (2): clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail clk: x86: Stop marking clocks as CLK_IS_CRITICAL Hermes Zhang (1): Bluetooth: hci_ldisc: Free rw_semaphore on close Jay Kamat (2): Fix cg_read_strcmp() Add tests for memory.oom.group Johan Hedberg (1): Bluetooth: SMP: Fix trying to use non-existent local OOB data Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Kuninori Morimoto (2): ASoC: rsnd: adg: care clock-frequency size ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER Laura Abbott (1): scsi: iscsi: target: Don't use stack buffer for scatterlist Lei Yang (2): selftests/efivarfs: add required kernel configs selftests: memory-hotplug: add required configs Martin KaFai Lau (1): bpf: btf: Fix end boundary calculation for type section Matias Karhumaa (1): Bluetooth: Use correct tfm to generate OOB data Nicholas Piggin (1): KVM: PPC: Book3S HV: Don't use compound_order to determine host mapping size Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Oder Chiou (1): ASoC: rt5514: Fix the issue of the delay volume applied again Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Richard Weinberger (1): ubifs: Check for name being NULL while mounting Roman Gushchin (1): mm: slowly shrink slabs with a relatively small number of objects Ryan Lee (2): ASoC: max98373: Added speaker FS gain cotnrol register to volatile. ASoC: max98373: Added 10ms sleep after amp software reset Simon Detheridge (1): pinctrl: cannonlake: Fix gpio base for GPP-E Srinivas Kandagatla (1): ASoC: q6routing: initialize data correctly Stephen Hemminger (2): PCI: hv: support reporting serial number as slot information hv_netvsc: pair VF based on serial number Thiago Jung Bauermann (1): selftests: kselftest: Remove outdated comment Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Tushar Dave (1): bpf: use __GFP_COMP while allocating page Vitaly Kuznetsov (1): x86/kvm/lapic: always disable MMIO interface in x2APIC mode Yong Zhao (2): drm/amdkfd: Change the control stack MTYPE from UC to NC on GFX9 drm/amdkfd: Fix ATS capablity was not reported correctly on some APUs Yu Zhao (2): sound: enable interrupt after dma buffer initialization sound: don't call skl_init_chip() to reset intel skl soc zhong jiang (1): drm/pl111: Make sure of_device_id tables are NULL terminated Documentation/devicetree/bindings/net/macb.txt | 1 + Makefile | 14 +- arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- arch/powerpc/kvm/book3s_64_mmu_radix.c | 91 ++++----- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/lapic.c | 22 ++- drivers/bluetooth/hci_ldisc.c | 2 + drivers/clk/x86/clk-pmc-atom.c | 18 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_iommu.c | 13 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 1 + drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 21 ++- drivers/gpu/drm/amd/include/kgd_kfd_interface.h | 2 +- drivers/gpu/drm/pl111/pl111_vexpress.c | 3 +- drivers/hwmon/nct6775.c | 70 ++++--- drivers/mfd/omap-usb-host.c | 11 +- drivers/net/ethernet/cadence/macb_main.c | 8 + .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 +- drivers/net/ethernet/ti/Kconfig | 1 + drivers/net/hyperv/netvsc.c | 3 + drivers/net/hyperv/netvsc_drv.c | 58 +++--- drivers/pci/controller/pci-hyperv.c | 37 ++++ drivers/pinctrl/intel/pinctrl-cannonlake.c | 2 +- drivers/scsi/qla2xxx/qla_target.h | 4 +- drivers/target/iscsi/iscsi_target.c | 22 ++- fs/ubifs/super.c | 3 + include/sound/hdaudio.h | 1 + include/sound/soc-dapm.h | 1 + kernel/bpf/btf.c | 2 +- mm/vmscan.c | 11 ++ net/bluetooth/smp.c | 16 +- net/core/filter.c | 3 +- scripts/subarch.include | 13 ++ sound/hda/hdac_controller.c | 15 +- sound/soc/amd/acp-pcm-dma.c | 21 +++ sound/soc/codecs/max98373.c | 3 + sound/soc/codecs/rt5514.c | 8 +- sound/soc/codecs/sigmadsp.c | 3 +- sound/soc/codecs/wm8804-i2c.c | 15 +- sound/soc/intel/skylake/skl.c | 2 +- sound/soc/qcom/qdsp6/q6routing.c | 4 +- sound/soc/sh/rcar/adg.c | 5 + sound/soc/sh/rcar/core.c | 10 +- sound/soc/sh/rcar/dma.c | 4 + sound/soc/soc-core.c | 4 +- sound/soc/soc-dapm.c | 4 + tools/testing/selftests/android/Makefile | 2 +- tools/testing/selftests/android/{ion => }/config | 0 tools/testing/selftests/android/ion/Makefile | 2 + tools/testing/selftests/cgroup/cgroup_util.c | 38 +++- tools/testing/selftests/cgroup/cgroup_util.h | 1 + tools/testing/selftests/cgroup/test_memcontrol.c | 205 +++++++++++++++++++++ tools/testing/selftests/efivarfs/config | 1 + tools/testing/selftests/futex/functional/Makefile | 1 + tools/testing/selftests/gpio/Makefile | 7 +- tools/testing/selftests/kselftest.h | 1 - tools/testing/selftests/kvm/Makefile | 7 +- tools/testing/selftests/lib.mk | 12 ++ tools/testing/selftests/memory-hotplug/config | 1 + tools/testing/selftests/net/Makefile | 1 + .../selftests/networking/timestamping/Makefile | 1 + tools/testing/selftests/vm/Makefile | 4 - 66 files changed, 661 insertions(+), 198 deletions(-) create mode 100644 scripts/subarch.include rename tools/testing/selftests/android/{ion => }/config (100%) create mode 100644 tools/testing/selftests/efivarfs/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvAsVIACgkQ3qZv95d3 LNzS0A/+LZrhb4rh1ifRLjDSnBSMWN6vAhRvxHt1qzmU+aFjfyhYjAUmyYjt5mVC z+zO6rHsWbplvVdQnKK+/PJdyROsOwSxpTwlsCAC7AfneMpcBdxAs+fJUczkVxgz AI8e3/hbAfqGf+RaLTDnj6muuFK1RlQCjxCjX5iu5jkWaQj1OJ+BdXXMpkynaxiz OwRRUtV8jmpv3VhU/2ae0Posk96qJoogtj/sDfWQB9t1R/pnsU8udUwFft1NfB7x 2OSwfIGm84gMrzVhgbcvHaSKzj4SqC/tsZ3Q9+cdmtA2WDOlJcwI7E7kNYeeo+tD VhVJuqtGZRQUT81WIVPIK+bLBn8tF0kkTBQyKopsHvGfxRT/+k9/nGz+WNn8Zm7G r8Uhf4c/YkXprsxvbIc+2TRaJ3hmu71HigXakdowndu42ndZmqQSPJtLZPHBP27E LBI1gz/hFCiLv13cN7cvlGmy2SVM2LbYh10st8nw6buEY4S7CKRcXxuVDrBI7wtQ PlbjdM1FWW9BnfIv8yJuzQpBycB/R9Fz+++qWV3uAXqN52tiW/51ylh+9fvEKfid +gEuAyL1pVHh1RFcRzHbX2lEZ3kDAzrWS22IRBSmQSdkForiidNZbOHyCMCV6gLt o4OUAAHzu5XnjGHZ3+dRBEPBEjTvWQPLmbDEiEtHjXiKQsI8vW4= =DhcF -----END PGP SIGNATURE-----

6 years, 8 months

2
1
0 0

[PATCH 1/2] arm64: dts: meson: fix reserve memory regions

by Jerome Brunet

Since commit 50d7ba36b916 ("arm64: export memblock_reserve()d regions via /proc/iomem") was merged Amlogic's boards using mainline u-boot started showing the following warning: WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/setup.c:271 reserve_memblock_reserved_regions+0xd8/0x144 Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.19.0-rc7-00263-g385684b3eb27-dirty #254 pstate: 40000005 (nZcv daif -PAN -UAO) pc : reserve_memblock_reserved_regions+0xd8/0x144 lr : reserve_memblock_reserved_regions+0xd0/0x144 [...] This is due to u-boot setting some /reservedmem/ region while our dts declares reserved memory on the same region with no-map. The conflict produce the warning. This is fixed by using /reservedmem/ in our dts as well, which is probably something we should have done from the beginning. Cc: stable(a)vger.kernel.org Cc: Neil Armstrong <narmstrong(a)baylibre.com> Signed-off-by: Jerome Brunet <jbrunet(a)baylibre.com> --- Hi Kevin, I would have liked to put a Fixes tag above but I could not figure out which commit to pick, considering how much we changed those regions in the past. If you have suggestion, I'll be happy to repost this patch. If you prefer, feel free to amend this patch directly. Cheers Jerome arch/arm64/boot/dts/amlogic/meson-axg.dtsi | 24 +++++-------------- arch/arm64/boot/dts/amlogic/meson-gx.dtsi | 27 ++++++++-------------- 2 files changed, 15 insertions(+), 36 deletions(-) diff --git a/arch/arm64/boot/dts/amlogic/meson-axg.dtsi b/arch/arm64/boot/dts/amlogic/meson-axg.dtsi index 178d8e8c56b8..06a06f11f114 100644 --- a/arch/arm64/boot/dts/amlogic/meson-axg.dtsi +++ b/arch/arm64/boot/dts/amlogic/meson-axg.dtsi @@ -13,6 +13,12 @@ #include <dt-bindings/reset/amlogic,meson-axg-audio-arb.h> #include <dt-bindings/reset/amlogic,meson-axg-reset.h> +/* 16 MiB reserved for Hardware ROM Firmware */ +/memreserve/ 0x0 0x1000000; + +/* 3 MiB reserved for ARM Trusted Firmware (BL31) */ +/memreserve/ 0x05000000 0x300000; + / { compatible = "amlogic,meson-axg"; @@ -115,24 +121,6 @@ method = "smc"; }; - reserved-memory { - #address-cells = <2>; - #size-cells = <2>; - ranges; - - /* 16 MiB reserved for Hardware ROM Firmware */ - hwrom_reserved: hwrom@0 { - reg = <0x0 0x0 0x0 0x1000000>; - no-map; - }; - - /* Alternate 3 MiB reserved for ARM Trusted Firmware (BL31) */ - secmon_reserved: secmon@5000000 { - reg = <0x0 0x05000000 0x0 0x300000>; - no-map; - }; - }; - soc { compatible = "simple-bus"; #address-cells = <2>; diff --git a/arch/arm64/boot/dts/amlogic/meson-gx.dtsi b/arch/arm64/boot/dts/amlogic/meson-gx.dtsi index 676a995fb912..23e879b29b1e 100644 --- a/arch/arm64/boot/dts/amlogic/meson-gx.dtsi +++ b/arch/arm64/boot/dts/amlogic/meson-gx.dtsi @@ -13,6 +13,15 @@ #include <dt-bindings/interrupt-controller/irq.h> #include <dt-bindings/interrupt-controller/arm-gic.h> +/* 16 MiB reserved for Hardware ROM Firmware */ +/memreserve/ 0x0 0x1000000; + +/* 2 MiB reserved for ARM Trusted Firmware (BL31) */ +/memreserve/ 0x10000000 0x200000; + +/* Alternate 3 MiB reserved for ARM Trusted Firmware (BL31) */ +/memreserve/ 0x05000000 0x300000; + / { interrupt-parent = <&gic>; #address-cells = <2>; @@ -23,24 +32,6 @@ #size-cells = <2>; ranges; - /* 16 MiB reserved for Hardware ROM Firmware */ - hwrom_reserved: hwrom@0 { - reg = <0x0 0x0 0x0 0x1000000>; - no-map; - }; - - /* 2 MiB reserved for ARM Trusted Firmware (BL31) */ - secmon_reserved: secmon@10000000 { - reg = <0x0 0x10000000 0x0 0x200000>; - no-map; - }; - - /* Alternate 3 MiB reserved for ARM Trusted Firmware (BL31) */ - secmon_reserved_alt: secmon@5000000 { - reg = <0x0 0x05000000 0x0 0x300000>; - no-map; - }; - linux,cma { compatible = "shared-dma-pool"; reusable; -- 2.17.2

6 years, 8 months

3
3
0 0

+ mm-proc-pid-smaps_rollup-fix-null-pointer-deref-in-smaps_pte_range.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range() has been added to the -mm tree. Its filename is mm-proc-pid-smaps_rollup-fix-null-pointer-deref-in-smaps_pte_range.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-proc-pid-smaps_rollup-fix-null-… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-proc-pid-smaps_rollup-fix-null-… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Vlastimil Babka <vbabka(a)suse.cz> Subject: mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range() Leonardo reports an apparent regression in 4.19-rc7: BUG: unable to handle kernel NULL pointer dereference at 00000000000000f0 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 3 PID: 6032 Comm: python Not tainted 4.19.0-041900rc7-lowlatency #201810071631 Hardware name: LENOVO 80UG/Toronto 4A2, BIOS 0XCN45WW 08/09/2018 RIP: 0010:smaps_pte_range+0x32d/0x540 Code: 80 00 00 00 00 74 a9 48 89 de 41 f6 40 52 40 0f 85 04 02 00 00 49 2b 30 48 c1 ee 0c 49 03 b0 98 00 00 00 49 8b 80 a0 00 00 00 <48> 8b b8 f0 00 00 00 e8 b7 ef ec ff 48 85 c0 0f 84 71 ff ff ff a8 RSP: 0018:ffffb0cbc484fb88 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000560ddb9e9000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000560ddb9e9 RDI: 0000000000000001 RBP: ffffb0cbc484fbc0 R08: ffff94a5a227a578 R09: ffff94a5a227a578 R10: 0000000000000000 R11: 0000560ddbbe7000 R12: ffffe903098ba728 R13: ffffb0cbc484fc78 R14: ffffb0cbc484fcf8 R15: ffff94a5a2e9cf48 FS: 00007f6dfb683740(0000) GS:ffff94a5aaf80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000f0 CR3: 000000011c118001 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __walk_page_range+0x3c2/0x6f0 walk_page_vma+0x42/0x60 smap_gather_stats+0x79/0xe0 ? gather_pte_stats+0x320/0x320 ? gather_hugetlb_stats+0x70/0x70 show_smaps_rollup+0xcd/0x1c0 seq_read+0x157/0x400 __vfs_read+0x3a/0x180 ? security_file_permission+0x93/0xc0 ? security_file_permission+0x93/0xc0 vfs_read+0x8f/0x140 ksys_read+0x55/0xc0 __x64_sys_read+0x1a/0x20 do_syscall_64+0x5a/0x110 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Decoded code matched to local compilation+disassembly points to smaps_pte_entry(): } else if (unlikely(IS_ENABLED(CONFIG_SHMEM) && mss->check_shmem_swap && pte_none(*pte))) { page = find_get_entry(vma->vm_file->f_mapping, linear_page_index(vma, addr)); Here, vma->vm_file is NULL. mss->check_shmem_swap should be false in that case, however for smaps_rollup, smap_gather_stats() can set the flag true for one vma and leave it true for subsequent vma's where it should be false. To fix, reset the check_shmem_swap flag to false. There's also related bug which sets mss->swap to shmem_swapped, which in the context of smaps_rollup overwrites any value accumulated from previous vma's. Fix that as well. Note that the report suggests a regression between 4.17.19 and 4.19-rc7, which makes the 4.19 series ending with commit 258f669e7e88 ("mm: /proc/pid/smaps_rollup: convert to single value seq_file") suspicious. But the mss was reused for rollup since 493b0e9d945f ("mm: add /proc/pid/smaps_rollup") so let's play it safe with the stable backport. Link: http://lkml.kernel.org/r/555fbd1f-4ac9-0b58-dcd4-5dc4380ff7ca@suse.cz Link: https://bugzilla.kernel.org/show_bug.cgi?id=201377 Fixes: 493b0e9d945f ("mm: add /proc/pid/smaps_rollup") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Leonardo Soares Mller <leozinho29_eu(a)hotmail.com> Tested-by: Leonardo Soares Mller <leozinho29_eu(a)hotmail.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Daniel Colascione <dancol(a)google.com> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/fs/proc/task_mmu.c~mm-proc-pid-smaps_rollup-fix-null-pointer-deref-in-smaps_pte_range +++ a/fs/proc/task_mmu.c @@ -713,6 +713,8 @@ static void smap_gather_stats(struct vm_ smaps_walk.private = mss; #ifdef CONFIG_SHMEM + /* In case of smaps_rollup, reset the value from previous vma */ + mss->check_shmem_swap = false; if (vma->vm_file && shmem_mapping(vma->vm_file->f_mapping)) { /* * For shared or readonly shmem mappings we know that all @@ -728,7 +730,7 @@ static void smap_gather_stats(struct vm_ if (!shmem_swapped || (vma->vm_flags & VM_SHARED) || !(vma->vm_flags & VM_WRITE)) { - mss->swap = shmem_swapped; + mss->swap += shmem_swapped; } else { mss->check_shmem_swap = true; smaps_walk.pte_hole = smaps_pte_hole; _ Patches currently in -mm which might be from vbabka(a)suse.cz are mm-proc-pid-smaps_rollup-fix-null-pointer-deref-in-smaps_pte_range.patch mm-slab-combine-kmalloc_caches-and-kmalloc_dma_caches.patch mm-slab-slub-introduce-kmalloc-reclaimable-caches.patch dcache-allocate-external-names-from-reclaimable-kmalloc-caches.patch mm-rename-and-change-semantics-of-nr_indirectly_reclaimable_bytes.patch mm-proc-add-kreclaimable-to-proc-meminfo.patch mm-slab-shorten-kmalloc-cache-names-for-large-sizes.patch

6 years, 8 months

2
1
0 0

[GIT] PATCHES

by David Miller

Please queue up the following networking bug fixes for v4.14 and v4.18 -stable, respectively. Thanks!

6 years, 8 months

2
1
0 0

[PATCH AUTOSEL 3.18 01/15] xfrm: Validate address prefix lengths in the xfrm selector.

by Sasha Levin

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit 07bf7908950a8b14e81aa1807e3c667eab39287a ] We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Air Icy <icytxw(a)gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/xfrm/xfrm_user.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 4fe43d80c153..ca99638b5d5a 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -150,10 +150,16 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, err = -EINVAL; switch (p->family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + goto out; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + goto out; + break; #else err = -EAFNOSUPPORT; @@ -1285,10 +1291,16 @@ static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) switch (p->sel.family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + return -EINVAL; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + return -EINVAL; + break; #else return -EAFNOSUPPORT; -- 2.17.1

6 years, 8 months

1
14
0 0

[PATCH AUTOSEL 4.9 01/38] xfrm: Validate address prefix lengths in the xfrm selector.

by Sasha Levin

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit 07bf7908950a8b14e81aa1807e3c667eab39287a ] We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Air Icy <icytxw(a)gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/xfrm/xfrm_user.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 6e768093d7c8..b7ac834a6091 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -151,10 +151,16 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, err = -EINVAL; switch (p->family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + goto out; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + goto out; + break; #else err = -EAFNOSUPPORT; @@ -1316,10 +1322,16 @@ static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) switch (p->sel.family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + return -EINVAL; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + return -EINVAL; + break; #else return -EAFNOSUPPORT; -- 2.17.1

6 years, 8 months

1
37
0 0

[PATCH AUTOSEL 4.14 01/61] xfrm: Validate address prefix lengths in the xfrm selector.

by Sasha Levin

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit 07bf7908950a8b14e81aa1807e3c667eab39287a ] We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Air Icy <icytxw(a)gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/xfrm/xfrm_user.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 5554d28a32eb..4292347bf45e 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -151,10 +151,16 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, err = -EINVAL; switch (p->family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + goto out; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + goto out; + break; #else err = -EAFNOSUPPORT; @@ -1353,10 +1359,16 @@ static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) switch (p->sel.family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + return -EINVAL; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + return -EINVAL; + break; #else return -EAFNOSUPPORT; -- 2.17.1

6 years, 8 months

1
60
0 0

[PATCH AUTOSEL 4.18 001/100] xfrm: Validate address prefix lengths in the xfrm selector.

by Sasha Levin

From: Steffen Klassert <steffen.klassert(a)secunet.com> [ Upstream commit 07bf7908950a8b14e81aa1807e3c667eab39287a ] We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Air Icy <icytxw(a)gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/xfrm/xfrm_user.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 33878e6e0d0a..5151b3ebf068 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -151,10 +151,16 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, err = -EINVAL; switch (p->family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + goto out; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + goto out; + break; #else err = -EAFNOSUPPORT; @@ -1359,10 +1365,16 @@ static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) switch (p->sel.family) { case AF_INET: + if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) + return -EINVAL; + break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) + if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) + return -EINVAL; + break; #else return -EAFNOSUPPORT; -- 2.17.1

6 years, 8 months

1
99
0 0

Re: [PATCH] powerpc/traps: restore recoverability of machine_check interrupts

by Christophe LEROY

Cc: stable(a)vger.kernel.org <stable(a)vger.kernel.org> Le 13/10/2018 à 11:16, Christophe Leroy a écrit : > commit b96672dd840f ("powerpc: Machine check interrupt is a non- > maskable interrupt") added a call to nmi_enter() at the beginning of > machine check restart exception handler. Due to that, in_interrupt() > always returns true regardless of the state before entering the > exception, and die() panics even when the system was not already in > interrupt. > > This patch calls nmi_exit() before calling die() in order to restore > the interrupt state we had before calling nmi_enter() > > Fixes: b96672dd840f ("powerpc: Machine check interrupt is a non-maskable interrupt") > Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> > --- > arch/powerpc/kernel/traps.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c > index fd58749b4d6b..4f880c2a6e4c 100644 > --- a/arch/powerpc/kernel/traps.c > +++ b/arch/powerpc/kernel/traps.c > @@ -765,12 +765,17 @@ void machine_check_exception(struct pt_regs *regs) > if (check_io_access(regs)) > goto bail; > > - die("Machine check", regs, SIGBUS); > - > /* Must die if the interrupt is not recoverable */ > if (!(regs->msr & MSR_RI)) > nmi_panic(regs, "Unrecoverable Machine check"); > > + if (!nested) > + nmi_exit(); > + > + die("Machine check", regs, SIGBUS); > + > + return; > + > bail: > if (!nested) > nmi_exit(); >

6 years, 8 months

2
1
0 0

[PATCH] ext4: Fix error code in ext4_xattr_set_entry()

by Daniel Rosenberg

ext4_xattr_set_entry should return EFSCORRUPTED instead of EIO for corrupted xattr entries. Fixes b469713e0c0c ("ext4: add corruption check in ext4_xattr_set_entry()") Signed-off-by: Daniel Rosenberg <drosen(a)google.com> --- Apply to 4.9 fs/ext4/xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index c10180d0b0189..7d6da09e637b7 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -657,7 +657,7 @@ ext4_xattr_set_entry(struct ext4_xattr_info *i, struct ext4_xattr_search *s, next = EXT4_XATTR_NEXT(last); if ((void *)next >= s->end) { EXT4_ERROR_INODE(inode, "corrupted xattr entries"); - return -EIO; + return -EFSCORRUPTED; } if (last->e_value_size) { size_t offs = le16_to_cpu(last->e_value_offs); -- 2.19.1.331.ge82ca0e54c-goog

6 years, 8 months

1
0
0 0

[PATCH v2] ext4: add corruption check in ext4_xattr_set_entry()

by Daniel Rosenberg

From: Theodore Ts'o <tytso(a)mit.edu> commit 5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d upstream. In theory this should have been caught earlier when the xattr list was verified, but in case it got missed, it's simple enough to add check to make sure we don't overrun the xattr buffer. This addresses CVE-2018-10879. https://bugzilla.kernel.org/show_bug.cgi?id=200001 Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Reviewed-by: Andreas Dilger <adilger(a)dilger.ca> [bwh: Backported to 3.16: - Add inode parameter to ext4_xattr_set_entry() and update callers - Adjust context] Signed-off-by: Ben Hutchings <ben(a)decadent.org.uk> [adjusted for 4.4 context] Signed-off-by: Daniel Rosenberg <drosen(a)google.com> --- fs/ext4/xattr.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index d0aaf338fa9fa..d6bae37489af0 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -638,14 +638,20 @@ static size_t ext4_xattr_free_space(struct ext4_xattr_entry *last, } static int -ext4_xattr_set_entry(struct ext4_xattr_info *i, struct ext4_xattr_search *s) +ext4_xattr_set_entry(struct ext4_xattr_info *i, struct ext4_xattr_search *s, + struct inode *inode) { - struct ext4_xattr_entry *last; + struct ext4_xattr_entry *last, *next; size_t free, min_offs = s->end - s->base, name_len = strlen(i->name); /* Compute min_offs and last. */ last = s->first; - for (; !IS_LAST_ENTRY(last); last = EXT4_XATTR_NEXT(last)) { + for (; !IS_LAST_ENTRY(last); last = next) { + next = EXT4_XATTR_NEXT(last); + if ((void *)next >= s->end) { + EXT4_ERROR_INODE(inode, "corrupted xattr entries"); + return -EFSCORRUPTED; + } if (!last->e_value_block && last->e_value_size) { size_t offs = le16_to_cpu(last->e_value_offs); if (offs < min_offs) @@ -825,7 +831,7 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode, ce = NULL; } ea_bdebug(bs->bh, "modifying in-place"); - error = ext4_xattr_set_entry(i, s); + error = ext4_xattr_set_entry(i, s, inode); if (!error) { if (!IS_LAST_ENTRY(s->first)) ext4_xattr_rehash(header(s->base), @@ -875,7 +881,7 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode, s->end = s->base + sb->s_blocksize; } - error = ext4_xattr_set_entry(i, s); + error = ext4_xattr_set_entry(i, s, inode); if (error == -EFSCORRUPTED) goto bad_block; if (error) @@ -1037,7 +1043,7 @@ int ext4_xattr_ibody_inline_set(handle_t *handle, struct inode *inode, if (EXT4_I(inode)->i_extra_isize == 0) return -ENOSPC; - error = ext4_xattr_set_entry(i, s); + error = ext4_xattr_set_entry(i, s, inode); if (error) { if (error == -ENOSPC && ext4_has_inline_data(inode)) { @@ -1049,7 +1055,7 @@ int ext4_xattr_ibody_inline_set(handle_t *handle, struct inode *inode, error = ext4_xattr_ibody_find(inode, i, is); if (error) return error; - error = ext4_xattr_set_entry(i, s); + error = ext4_xattr_set_entry(i, s, inode); } if (error) return error; @@ -1075,7 +1081,7 @@ static int ext4_xattr_ibody_set(handle_t *handle, struct inode *inode, if (EXT4_I(inode)->i_extra_isize == 0) return -ENOSPC; - error = ext4_xattr_set_entry(i, s); + error = ext4_xattr_set_entry(i, s, inode); if (error) return error; header = IHDR(inode, ext4_raw_inode(&is->iloc)); -- 2.19.1.331.ge82ca0e54c-goog

6 years, 8 months

1
0
0 0

[PATCH] Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM

by Mikhail Nikiforov

Add ELAN061C to the ACPI table to support Elan touchpad found in Lenovo IdeaPad 330-15IGM. Signed-off-by: Mikhail Nikiforov <jackxviichaos(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/input/mouse/elan_i2c_core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/input/mouse/elan_i2c_core.c b/drivers/input/mouse/elan_i2c_core.c index f5ae24865355..b0f9d19b3410 100644 --- a/drivers/input/mouse/elan_i2c_core.c +++ b/drivers/input/mouse/elan_i2c_core.c @@ -1346,6 +1346,7 @@ static const struct acpi_device_id elan_acpi_id[] = { { "ELAN0611", 0 }, { "ELAN0612", 0 }, { "ELAN0618", 0 }, + { "ELAN061C", 0 }, { "ELAN061D", 0 }, { "ELAN0622", 0 }, { "ELAN1000", 0 }, -- 2.17.1

6 years, 8 months

2
1
0 0

[PATCH] acpi, nfit: Fix Address Range Scrub completion tracking

by Dan Williams

The Address Range Scrub implementation tried to skip running scrubs against ranges that were already scrubbed by the BIOS. Unfortunately that support also resulted in early scrub completions as evidenced by this debug output from nfit_test: nd_region region9: ARS: range 1 short complete nd_region region3: ARS: range 1 short complete nd_region region4: ARS: range 2 ARS start (0) nd_region region4: ARS: range 2 short complete ...i.e. completions without any indications that the scrub was started. This state of affairs was hard to see in the code due to the proliferation of state bits and mistakenly trying to track done state per-range when the completion is a global property of the bus. So, kill the four ARS state bits (ARS_REQ, ARS_REQ_REDO, ARS_DONE, and ARS_SHORT), and replace them with just 2 request flags ARS_REQ_SHORT and ARS_REQ_LONG. The implementation will still complete and reap the results of BIOS initiated ARS, but it will not attempt to use that information to affect the completion status of scrubbing the ranges from a Linux perspective. Instead, try to synchronously run a short ARS per range at init time and schedule a long scrub in the background. If ARS is busy with an ARS request schedule both a short and a long scrub for when ARS returns to idle. This logic also satisfies the intent of what ARS_REQ_REDO was trying to achieve. The new rule is that the REQ flag stays set until the next successful ars_start() for that range. With the new policy that the REQ flags are not cleared until the next start, the implementation no longer loses requests as can be seen from the following log: nd_region region3: ARS: range 1 ARS start short (0) nd_region region9: ARS: range 1 ARS start short (0) nd_region region3: ARS: range 1 complete nd_region region4: ARS: range 2 ARS start short (0) nd_region region9: ARS: range 1 complete nd_region region9: ARS: range 1 ARS start long (0) nd_region region4: ARS: range 2 complete nd_region region3: ARS: range 1 ARS start long (0) nd_region region9: ARS: range 1 complete nd_region region3: ARS: range 1 complete nd_region region4: ARS: range 2 ARS start long (0) nd_region region4: ARS: range 2 complete ...note that the nfit_test emulated driver provides 2 buses, that is why some of the range indices are duplicated. Notice that each range now successfully completes a short and long scrub. Cc: <stable(a)vger.kernel.org> Fixes: 14c73f997a5e ("nfit, address-range-scrub: introduce nfit_spa->ars_state") Fixes: cc3d3458d46f ("acpi/nfit: queue issuing of ars when an uc error...") Reported-by: Jacek Zloch <jacek.zloch(a)intel.com> Reported-by: Krzysztof Rusocki <krzysztof.rusocki(a)intel.com> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- drivers/acpi/nfit/core.c | 169 ++++++++++++++++++++++++++-------------------- drivers/acpi/nfit/nfit.h | 10 +-- 2 files changed, 101 insertions(+), 78 deletions(-) diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c index a0dfbcf8220d..f7efcd9843e0 100644 --- a/drivers/acpi/nfit/core.c +++ b/drivers/acpi/nfit/core.c @@ -2572,7 +2572,8 @@ static int ars_get_cap(struct acpi_nfit_desc *acpi_desc, return cmd_rc; } -static int ars_start(struct acpi_nfit_desc *acpi_desc, struct nfit_spa *nfit_spa) +static int ars_start(struct acpi_nfit_desc *acpi_desc, + struct nfit_spa *nfit_spa, enum nfit_ars_state req_type) { int rc; int cmd_rc; @@ -2583,7 +2584,7 @@ static int ars_start(struct acpi_nfit_desc *acpi_desc, struct nfit_spa *nfit_spa memset(&ars_start, 0, sizeof(ars_start)); ars_start.address = spa->address; ars_start.length = spa->length; - if (test_bit(ARS_SHORT, &nfit_spa->ars_state)) + if (req_type == ARS_REQ_SHORT) ars_start.flags = ND_ARS_RETURN_PREV_DATA; if (nfit_spa_type(spa) == NFIT_SPA_PM) ars_start.type = ND_ARS_PERSISTENT; @@ -2640,6 +2641,15 @@ static void ars_complete(struct acpi_nfit_desc *acpi_desc, struct nd_region *nd_region = nfit_spa->nd_region; struct device *dev; + lockdep_assert_held(&acpi_desc->init_mutex); + /* + * Only advance the ARS state for ARS runs initiated by the + * kernel, ignore ARS results from BIOS initiated runs for scrub + * completion tracking. + */ + if (acpi_desc->scrub_spa != nfit_spa) + return; + if ((ars_status->address >= spa->address && ars_status->address < spa->address + spa->length) || (ars_status->address < spa->address)) { @@ -2659,28 +2669,13 @@ static void ars_complete(struct acpi_nfit_desc *acpi_desc, } else return; - if (test_bit(ARS_DONE, &nfit_spa->ars_state)) - return; - - if (!test_and_clear_bit(ARS_REQ, &nfit_spa->ars_state)) - return; - + acpi_desc->scrub_spa = NULL; if (nd_region) { dev = nd_region_dev(nd_region); nvdimm_region_notify(nd_region, NVDIMM_REVALIDATE_POISON); } else dev = acpi_desc->dev; - - dev_dbg(dev, "ARS: range %d %s complete\n", spa->range_index, - test_bit(ARS_SHORT, &nfit_spa->ars_state) - ? "short" : "long"); - clear_bit(ARS_SHORT, &nfit_spa->ars_state); - if (test_and_clear_bit(ARS_REQ_REDO, &nfit_spa->ars_state)) { - set_bit(ARS_SHORT, &nfit_spa->ars_state); - set_bit(ARS_REQ, &nfit_spa->ars_state); - dev_dbg(dev, "ARS: processing scrub request received while in progress\n"); - } else - set_bit(ARS_DONE, &nfit_spa->ars_state); + dev_dbg(dev, "ARS: range %d complete\n", spa->range_index); } static int ars_status_process_records(struct acpi_nfit_desc *acpi_desc) @@ -2961,46 +2956,55 @@ static int acpi_nfit_query_poison(struct acpi_nfit_desc *acpi_desc) return 0; } -static int ars_register(struct acpi_nfit_desc *acpi_desc, struct nfit_spa *nfit_spa, - int *query_rc) +static int ars_register(struct acpi_nfit_desc *acpi_desc, + struct nfit_spa *nfit_spa) { - int rc = *query_rc; + int rc; - if (no_init_ars) + if (no_init_ars || test_bit(ARS_FAILED, &nfit_spa->ars_state)) return acpi_nfit_register_region(acpi_desc, nfit_spa); - set_bit(ARS_REQ, &nfit_spa->ars_state); - set_bit(ARS_SHORT, &nfit_spa->ars_state); + set_bit(ARS_REQ_SHORT, &nfit_spa->ars_state); + set_bit(ARS_REQ_LONG, &nfit_spa->ars_state); - switch (rc) { + switch (acpi_nfit_query_poison(acpi_desc)) { case 0: case -EAGAIN: - rc = ars_start(acpi_desc, nfit_spa); - if (rc == -EBUSY) { - *query_rc = rc; + rc = ars_start(acpi_desc, nfit_spa, ARS_REQ_SHORT); + /* shouldn't happen, try again later */ + if (rc == -EBUSY) break; - } else if (rc == 0) { - rc = acpi_nfit_query_poison(acpi_desc); - } else { + if (rc) { set_bit(ARS_FAILED, &nfit_spa->ars_state); break; } - if (rc == -EAGAIN) - clear_bit(ARS_SHORT, &nfit_spa->ars_state); - else if (rc == 0) - ars_complete(acpi_desc, nfit_spa); + clear_bit(ARS_REQ_SHORT, &nfit_spa->ars_state); + rc = acpi_nfit_query_poison(acpi_desc); + if (rc) + break; + acpi_desc->scrub_spa = nfit_spa; + ars_complete(acpi_desc, nfit_spa); + /* + * If ars_complete() says we didn't complete the + * short scrub, we'll try again with a long + * request. + */ + acpi_desc->scrub_spa = NULL; break; case -EBUSY: + case -ENOMEM: case -ENOSPC: + /* + * BIOS was using ARS, wait for it to complete (or + * resources to become available) and then perform our + * own scrubs. + */ break; default: set_bit(ARS_FAILED, &nfit_spa->ars_state); break; } - if (test_and_clear_bit(ARS_DONE, &nfit_spa->ars_state)) - set_bit(ARS_REQ, &nfit_spa->ars_state); - return acpi_nfit_register_region(acpi_desc, nfit_spa); } @@ -3022,6 +3026,8 @@ static unsigned int __acpi_nfit_scrub(struct acpi_nfit_desc *acpi_desc, struct device *dev = acpi_desc->dev; struct nfit_spa *nfit_spa; + lockdep_assert_held(&acpi_desc->init_mutex); + if (acpi_desc->cancel) return 0; @@ -3045,21 +3051,49 @@ static unsigned int __acpi_nfit_scrub(struct acpi_nfit_desc *acpi_desc, ars_complete_all(acpi_desc); list_for_each_entry(nfit_spa, &acpi_desc->spas, list) { + enum nfit_ars_state req_type; + int rc; + if (test_bit(ARS_FAILED, &nfit_spa->ars_state)) continue; - if (test_bit(ARS_REQ, &nfit_spa->ars_state)) { - int rc = ars_start(acpi_desc, nfit_spa); - - clear_bit(ARS_DONE, &nfit_spa->ars_state); - dev = nd_region_dev(nfit_spa->nd_region); - dev_dbg(dev, "ARS: range %d ARS start (%d)\n", - nfit_spa->spa->range_index, rc); - if (rc == 0 || rc == -EBUSY) - return 1; - dev_err(dev, "ARS: range %d ARS failed (%d)\n", - nfit_spa->spa->range_index, rc); - set_bit(ARS_FAILED, &nfit_spa->ars_state); + + /* prefer short ARS requests first */ + if (test_bit(ARS_REQ_SHORT, &nfit_spa->ars_state)) + req_type = ARS_REQ_SHORT; + else if (test_bit(ARS_REQ_LONG, &nfit_spa->ars_state)) + req_type = ARS_REQ_LONG; + else + continue; + rc = ars_start(acpi_desc, nfit_spa, req_type); + + dev = nd_region_dev(nfit_spa->nd_region); + dev_dbg(dev, "ARS: range %d ARS start %s (%d)\n", + nfit_spa->spa->range_index, + req_type == ARS_REQ_SHORT ? "short" : "long", + rc); + /* + * Hmm, we raced someone else starting ARS? Try again in + * a bit. + */ + if (rc == -EBUSY) + return 1; + if (rc == 0) { + dev_WARN_ONCE(dev, acpi_desc->scrub_spa, + "scrub start while range %d active\n", + acpi_desc->scrub_spa->spa->range_index); + clear_bit(req_type, &nfit_spa->ars_state); + acpi_desc->scrub_spa = nfit_spa; + /* + * Consider this spa last for future scrub + * requests + */ + list_move_tail(&nfit_spa->list, &acpi_desc->spas); + return 1; } + + dev_err(dev, "ARS: range %d ARS failed (%d)\n", + nfit_spa->spa->range_index, rc); + set_bit(ARS_FAILED, &nfit_spa->ars_state); } return 0; } @@ -3115,6 +3149,7 @@ static void acpi_nfit_init_ars(struct acpi_nfit_desc *acpi_desc, struct nd_cmd_ars_cap ars_cap; int rc; + set_bit(ARS_FAILED, &nfit_spa->ars_state); memset(&ars_cap, 0, sizeof(ars_cap)); rc = ars_get_cap(acpi_desc, &ars_cap, nfit_spa); if (rc < 0) @@ -3131,16 +3166,14 @@ static void acpi_nfit_init_ars(struct acpi_nfit_desc *acpi_desc, nfit_spa->clear_err_unit = ars_cap.clear_err_unit; acpi_desc->max_ars = max(nfit_spa->max_ars, acpi_desc->max_ars); clear_bit(ARS_FAILED, &nfit_spa->ars_state); - set_bit(ARS_REQ, &nfit_spa->ars_state); } static int acpi_nfit_register_regions(struct acpi_nfit_desc *acpi_desc) { struct nfit_spa *nfit_spa; - int rc, query_rc; + int rc; list_for_each_entry(nfit_spa, &acpi_desc->spas, list) { - set_bit(ARS_FAILED, &nfit_spa->ars_state); switch (nfit_spa_type(nfit_spa->spa)) { case NFIT_SPA_VOLATILE: case NFIT_SPA_PM: @@ -3149,20 +3182,12 @@ static int acpi_nfit_register_regions(struct acpi_nfit_desc *acpi_desc) } } - /* - * Reap any results that might be pending before starting new - * short requests. - */ - query_rc = acpi_nfit_query_poison(acpi_desc); - if (query_rc == 0) - ars_complete_all(acpi_desc); - list_for_each_entry(nfit_spa, &acpi_desc->spas, list) switch (nfit_spa_type(nfit_spa->spa)) { case NFIT_SPA_VOLATILE: case NFIT_SPA_PM: /* register regions and kick off initial ARS run */ - rc = ars_register(acpi_desc, nfit_spa, &query_rc); + rc = ars_register(acpi_desc, nfit_spa); if (rc) return rc; break; @@ -3374,7 +3399,8 @@ static int acpi_nfit_clear_to_send(struct nvdimm_bus_descriptor *nd_desc, return __acpi_nfit_clear_to_send(nd_desc, nvdimm, cmd); } -int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, unsigned long flags) +int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, + enum nfit_ars_state req_type) { struct device *dev = acpi_desc->dev; int scheduled = 0, busy = 0; @@ -3394,14 +3420,10 @@ int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, unsigned long flags) if (test_bit(ARS_FAILED, &nfit_spa->ars_state)) continue; - if (test_and_set_bit(ARS_REQ, &nfit_spa->ars_state)) { + if (test_and_set_bit(req_type, &nfit_spa->ars_state)) busy++; - set_bit(ARS_REQ_REDO, &nfit_spa->ars_state); - } else { - if (test_bit(ARS_SHORT, &flags)) - set_bit(ARS_SHORT, &nfit_spa->ars_state); + else scheduled++; - } } if (scheduled) { sched_ars(acpi_desc); @@ -3587,10 +3609,11 @@ static void acpi_nfit_update_notify(struct device *dev, acpi_handle handle) static void acpi_nfit_uc_error_notify(struct device *dev, acpi_handle handle) { struct acpi_nfit_desc *acpi_desc = dev_get_drvdata(dev); - unsigned long flags = (acpi_desc->scrub_mode == HW_ERROR_SCRUB_ON) ? - 0 : 1 << ARS_SHORT; - acpi_nfit_ars_rescan(acpi_desc, flags); + if (acpi_desc->scrub_mode == HW_ERROR_SCRUB_ON) + acpi_nfit_ars_rescan(acpi_desc, ARS_REQ_LONG); + else + acpi_nfit_ars_rescan(acpi_desc, ARS_REQ_SHORT); } void __acpi_nfit_notify(struct device *dev, acpi_handle handle, u32 event) diff --git a/drivers/acpi/nfit/nfit.h b/drivers/acpi/nfit/nfit.h index 8c1af38a5dee..a7d95b427efd 100644 --- a/drivers/acpi/nfit/nfit.h +++ b/drivers/acpi/nfit/nfit.h @@ -133,10 +133,8 @@ enum nfit_dimm_notifiers { }; enum nfit_ars_state { - ARS_REQ, - ARS_REQ_REDO, - ARS_DONE, - ARS_SHORT, + ARS_REQ_SHORT, + ARS_REQ_LONG, ARS_FAILED, }; @@ -223,6 +221,7 @@ struct acpi_nfit_desc { struct device *dev; u8 ars_start_flags; struct nd_cmd_ars_status *ars_status; + struct nfit_spa *scrub_spa; struct delayed_work dwork; struct list_head list; struct kernfs_node *scrub_count_state; @@ -277,7 +276,8 @@ struct nfit_blk { extern struct list_head acpi_descs; extern struct mutex acpi_desc_lock; -int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, unsigned long flags); +int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, + enum nfit_ars_state req_type); #ifdef CONFIG_X86_MCE void nfit_mce_register(void);

6 years, 8 months

2
1
0 0

Working test 5

by Judy

Did you get my email from last week? Let me know if you have photos for cutting out or retouching? We are an image team who can do editing for your the web store photos, industry photos or portrait photos. Send photos, we will do testing for you to check quality. Waiting for your reply soon. Thanks, Judy

6 years, 8 months

1
0
0 0

[PATCH] afs: Fix clearance of reply

by David Howells

The recent patch to fix the afs_server struct leak didn't actually fix the bug, but rather fixed some of the symptoms. The problem is that an asynchronous call that holds a resource pointed to by call->reply[0] will find the pointer cleared in the call destructor, thereby preventing the resource from being cleaned up. In the case of the server record leak, the afs_fs_get_capabilities() function in devel code sets up a call with reply[0] pointing at the server record that should be altered when the result is obtained, but this was being cleared before the destructor was called, so the put in the destructor does nothing and the record is leaked. Commit f014ffb025c1 removed the additional ref obtained by afs_install_server(), but the removal of this ref is actually used by the garbage collector to mark a server record as being defunct after the record has expired through lack of use. The offending clearance of call->reply[0] upon completion in afs_process_async_call() has been there from the origin of the code, but none of the asynchronous calls actually use that pointer currently, so it should be safe to remove (note that synchronous calls don't involve this function). Fix this by the following means: (1) Revert commit f014ffb025c1. (2) Remove the clearance of reply[0] from afs_process_async_call(). Without this, afs_manage_servers() will suffer an assertion failure if it sees a server record that didn't get used because the usage count is not 1. Fixes: f014ffb025c1 ("afs: Fix afs_server struct leak") Fixes: 08e0e7c82eea ("[AF_RXRPC]: Make the in-kernel AFS filesystem use AF_RXRPC.") Signed-off-by: David Howells <dhowells(a)redhat.com> --- fs/afs/rxrpc.c | 2 -- fs/afs/server.c | 2 -- 2 files changed, 4 deletions(-) diff --git a/fs/afs/rxrpc.c b/fs/afs/rxrpc.c index 748b37b130a2..9bbb8af000b4 100644 --- a/fs/afs/rxrpc.c +++ b/fs/afs/rxrpc.c @@ -620,8 +620,6 @@ static void afs_process_async_call(struct work_struct *work) } if (call->state == AFS_CALL_COMPLETE) { - call->reply[0] = NULL; - /* We have two refs to release - one from the alloc and one * queued with the work item - and we can't just deallocate the * call because the work item may be queued again. diff --git a/fs/afs/server.c b/fs/afs/server.c index d5ef05e24e18..1a087eb8f2d7 100644 --- a/fs/afs/server.c +++ b/fs/afs/server.c @@ -199,11 +199,9 @@ static struct afs_server *afs_install_server(struct afs_net *net, write_sequnlock(&net->fs_addr_lock); ret = 0; - goto out; exists: afs_get_server(server); -out: write_sequnlock(&net->fs_lock); return server; }

6 years, 8 months

2
1
0 0

[git:media_tree/master] media: cec: forgot to cancel delayed work

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: cec: forgot to cancel delayed work Author: Hans Verkuil <hverkuil(a)xs4all.nl> Date: Mon Oct 15 06:14:22 2018 -0400 If the wait for completion was interrupted, then make sure to cancel any delayed work. This can only happen if a transmit is waiting for a reply, and you press Ctrl-C or reboot/poweroff or something like that which interrupts the thread waiting for the reply and then proceeds to delete the CEC message. Since the delayed work wasn't canceled, once it would trigger it referred to stale data and resulted in a kernel oops. Fixes: 7ec2b3b941a6 ("cec: add new tx/rx status bits to detect aborts/timeouts") Signed-off-by: Hans Verkuil <hans.verkuil(a)cisco.com> Cc: <stable(a)vger.kernel.org> # for v4.18 and up Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/cec/cec-adap.c | 2 ++ 1 file changed, 2 insertions(+) --- diff --git a/drivers/media/cec/cec-adap.c b/drivers/media/cec/cec-adap.c index 0c0d9107383e..31d1f4ab915e 100644 --- a/drivers/media/cec/cec-adap.c +++ b/drivers/media/cec/cec-adap.c @@ -844,6 +844,8 @@ int cec_transmit_msg_fh(struct cec_adapter *adap, struct cec_msg *msg, */ mutex_unlock(&adap->lock); wait_for_completion_killable(&data->c); + if (!data->completed) + cancel_delayed_work_sync(&data->work); mutex_lock(&adap->lock); /* Cancel the transmit if it was interrupted */

6 years, 8 months

1
0
0 0

[PATCHv5 0/7] tty: Hold write ldisc sem in tty_reopen()

by Dmitry Safonov

Hi all, Three fixes that worth to have in the @stable, as they were hit by different people, including Arista on v4.9 stable. And for linux-next - adding lockdep asserts for line discipline changing code, verifying that write ldisc sem will be held forthwith. The last patch is an optional and probably, timeout can be dropped for read_lock(). I'll do it if everyone agrees. (Or as per discussion with Peter in v3, just convert ldisc to a regular rwsem). Thanks, Dima Changes since v4: - back to lock ldisc with (5*HZ) timeout in tty_reopen() (LKP report link: lkml.kernel.org/r/<1536940609.3185.29.camel(a)arista.com>) - reordered 3/7 with 2/7 for LKP robot Changes since v3: - Added tested-by Mark Rutland (thanks!) - Dropped patch with smp_wmb() - wrong idea - lockdep_assert_held() should be actually lockdep_assert_held_exclusive() - Described why tty_ldisc_open() can be called without ldisc_sem held for pty slave end (o_tty). - Added Peter's patch for dropping self-made lockdep annotations - Fix for a reader(s) of ldisc semaphore waiting for an active reader(s) Changes since v2: - Added reviewed-by tags - Hopefully, fixed reported by 0-day issue. - Added optional fix for wait_readers decrement Changes since v1: - Added tested-by/reported-by tags - Dropped 3/4 (locking tty pair for lockdep sake), Because of that - not adding lockdep_assert_held() in tty_ldisc_open() - Added 4/4 cleanup to inc tty->count only on success of tty_ldisc_reinit() - lock ldisc without (5*HZ) timeout in tty_reopen() v1 link: lkml.kernel.org/r/<20180829022353.23568-1-dima(a)arista.com> v2 link: lkml.kernel.org/r/<20180903165257.29227-1-dima(a)arista.com> v3 link: lkml.kernel.org/r/<20180911014821.26286-1-dima(a)arista.com> v4 link: lkml.kernel.org/r/<20180912001702.18522-1-dima(a)arista.com> Cc: Daniel Axtens <dja(a)axtens.net> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Michael Neuling <mikey(a)neuling.org> Cc: Mikulas Patocka <mpatocka(a)redhat.com> Cc: Nathan March <nathan(a)gt.net> Cc: Pasi Kärkkäinen <pasik(a)iki.fi> Cc: Peter Hurley <peter(a)hurleysoftware.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: "Rong, Chen" <rong.a.chen(a)intel.com> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Tan Xiaojun <tanxiaojun(a)huawei.com> Cc: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> (please, ignore if I Cc'ed you mistakenly) Dmitry Safonov (6): tty: Drop tty->count on tty_reopen() failure tty/ldsem: Wake up readers after timed out down_write() tty: Hold tty_ldisc_lock() during tty_reopen() tty: Simplify tty->count math in tty_reopen() tty/ldsem: Add lockdep asserts for ldisc_sem tty/ldsem: Decrement wait_readers on timeouted down_read() Peter Zijlstra (1): tty/ldsem: Convert to regular lockdep annotations drivers/tty/tty_io.c | 13 ++++++++--- drivers/tty/tty_ldisc.c | 9 +++++++ drivers/tty/tty_ldsem.c | 62 ++++++++++++++++++++----------------------------- 3 files changed, 44 insertions(+), 40 deletions(-) -- 2.13.6

6 years, 8 months

4
13
0 0

[PATCH] fs: fix possible Spectre V1 indexing in __close_fd()

by Greg Hackmann

__close_fd() is reachable via the close() syscall with a userspace-controlled fd. Ensure that it can't be used to speculatively access past the end of current->fdt. Reported-by: Omer Tripp <trippo(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Greg Hackmann <ghackmann(a)google.com> --- fs/file.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/file.c b/fs/file.c index 7ffd6e9d103d..a80cf82be96b 100644 --- a/fs/file.c +++ b/fs/file.c @@ -18,6 +18,7 @@ #include <linux/bitops.h> #include <linux/spinlock.h> #include <linux/rcupdate.h> +#include <linux/nospec.h> unsigned int sysctl_nr_open __read_mostly = 1024*1024; unsigned int sysctl_nr_open_min = BITS_PER_LONG; @@ -626,6 +627,7 @@ int __close_fd(struct files_struct *files, unsigned fd) fdt = files_fdtable(files); if (fd >= fdt->max_fds) goto out_unlock; + fd = array_index_nospec(fd, fdt->max_fds); file = fdt->fd[fd]; if (!file) goto out_unlock; -- 2.19.0.397.gdd90340f6a-goog

6 years, 8 months

2
2
0 0

Apply For Affordable Loan Offer

by rifat

Do you need a loan? If YES Kindly contact us via: citigrouploaninvestment(a)aol.com

6 years, 8 months

1
0
0 0

Re: [PATCH 3.16 194/366] drivers: tty: Merge alloc_tty_struct and initialize_tty_struct

by Ben Hutchings

On Sun, 2018-10-14 at 19:22 +0200, Rasmus Villemoes wrote: > IIRC, I messed up back then, so you'll need some followup as well, but I'm > on my phone ATM. I guess that's commit 07584d4a356e "drivers: tty: Fix use-after-free in pty_common_install"? I missed that but will add it now. > I assume you're taking this to make it easier to backport > some actual fix? This is required as preparation for commit 903f9db10f18 "tty: Don't call panic() at tty_ldisc_init()". Ben. > > On Sun, Oct 14, 2018, 17:39 Ben Hutchings <ben(a)decadent.org.uk> wrote: > > > 3.16.60-rc1 review patch. If anyone has any objections, please let me > > know. > > > > ------------------ > > > > From: Rasmus Villemoes <linux(a)rasmusvillemoes.dk> > > > > commit 2c964a2f4191f2229566895f1a0e85f8339f5dd1 upstream. > > > > The two functions alloc_tty_struct and initialize_tty_struct are > > always called together. Merge them into alloc_tty_struct, updating its > > prototype and the only two callers of these functions. > > > > Signed-off-by: Rasmus Villemoes <linux(a)rasmusvillemoes.dk> > > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > > Signed-off-by: Ben Hutchings <ben(a)decadent.org.uk> > > --- > > drivers/tty/pty.c | 19 +++++++++---------- > > drivers/tty/tty_io.c | 37 +++++++++++++------------------------ > > include/linux/tty.h | 4 +--- > > 3 files changed, 23 insertions(+), 37 deletions(-) > > > > --- a/drivers/tty/pty.c > > +++ b/drivers/tty/pty.c > > @@ -319,7 +319,7 @@ done: > > * pty_common_install - set up the pty pair > > * @driver: the pty driver > > * @tty: the tty being instantiated > > - * @bool: legacy, true if this is BSD style > > + * @legacy: true if this is BSD style > > * > > * Perform the initial set up for the tty/pty pair. Called from the > > * tty layer when the port is first opened. > > @@ -334,18 +334,17 @@ static int pty_common_install(struct tty > > int idx = tty->index; > > int retval = -ENOMEM; > > > > - o_tty = alloc_tty_struct(); > > - if (!o_tty) > > - goto err; > > ports[0] = kmalloc(sizeof **ports, GFP_KERNEL); > > ports[1] = kmalloc(sizeof **ports, GFP_KERNEL); > > if (!ports[0] || !ports[1]) > > - goto err_free_tty; > > + goto err; > > if (!try_module_get(driver->other->owner)) { > > /* This cannot in fact currently happen */ > > - goto err_free_tty; > > + goto err; > > } > > - initialize_tty_struct(o_tty, driver->other, idx); > > + o_tty = alloc_tty_struct(driver->other, idx); > > + if (!o_tty) > > + goto err_put_module; > > > > if (legacy) { > > /* We always use new tty termios data so we can do this > > @@ -390,12 +389,12 @@ err_free_termios: > > tty_free_termios(tty); > > err_deinit_tty: > > deinitialize_tty_struct(o_tty); > > + free_tty_struct(o_tty); > > +err_put_module: > > module_put(o_tty->driver->owner); > > -err_free_tty: > > +err: > > kfree(ports[0]); > > kfree(ports[1]); > > - free_tty_struct(o_tty); > > -err: > > return retval; > > } > > > > --- a/drivers/tty/tty_io.c > > +++ b/drivers/tty/tty_io.c > > @@ -157,20 +157,6 @@ static void __proc_set_tty(struct task_s > > static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty); > > > > /** > > - * alloc_tty_struct - allocate a tty object > > - * > > - * Return a new empty tty structure. The data fields have not > > - * been initialized in any way but has been zeroed > > - * > > - * Locking: none > > - */ > > - > > -struct tty_struct *alloc_tty_struct(void) > > -{ > > - return kzalloc(sizeof(struct tty_struct), GFP_KERNEL); > > -} > > - > > -/** > > * free_tty_struct - free a disused tty > > * @tty: tty struct to free > > * > > @@ -1455,12 +1441,11 @@ struct tty_struct *tty_init_dev(struct t > > if (!try_module_get(driver->owner)) > > return ERR_PTR(-ENODEV); > > > > - tty = alloc_tty_struct(); > > + tty = alloc_tty_struct(driver, idx); > > if (!tty) { > > retval = -ENOMEM; > > goto err_module_put; > > } > > - initialize_tty_struct(tty, driver, idx); > > > > tty_lock(tty); > > retval = tty_driver_install_tty(driver, tty); > > @@ -3034,19 +3019,21 @@ static struct device *tty_get_device(str > > > > > > /** > > - * initialize_tty_struct > > - * @tty: tty to initialize > > + * alloc_tty_struct > > * > > - * This subroutine initializes a tty structure that has been newly > > - * allocated. > > + * This subroutine allocates and initializes a tty structure. > > * > > - * Locking: none - tty in question must not be exposed at this point > > + * Locking: none - tty in question is not exposed at this point > > */ > > > > -void initialize_tty_struct(struct tty_struct *tty, > > - struct tty_driver *driver, int idx) > > +struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) > > { > > - memset(tty, 0, sizeof(struct tty_struct)); > > + struct tty_struct *tty; > > + > > + tty = kzalloc(sizeof(*tty), GFP_KERNEL); > > + if (!tty) > > + return NULL; > > + > > kref_init(&tty->kref); > > tty->magic = TTY_MAGIC; > > tty_ldisc_init(tty); > > @@ -3070,6 +3057,8 @@ void initialize_tty_struct(struct tty_st > > tty->index = idx; > > tty_line_name(driver, idx, tty->name); > > tty->dev = tty_get_device(tty); > > + > > + return tty; > > } > > > > /** > > --- a/include/linux/tty.h > > +++ b/include/linux/tty.h > > @@ -477,13 +477,11 @@ extern int tty_mode_ioctl(struct tty_str > > unsigned int cmd, unsigned long arg); > > extern int tty_perform_flush(struct tty_struct *tty, unsigned long arg); > > extern void tty_default_fops(struct file_operations *fops); > > -extern struct tty_struct *alloc_tty_struct(void); > > +extern struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int > > idx); > > extern int tty_alloc_file(struct file *file); > > extern void tty_add_file(struct tty_struct *tty, struct file *file); > > extern void tty_free_file(struct file *file); > > extern void free_tty_struct(struct tty_struct *tty); > > -extern void initialize_tty_struct(struct tty_struct *tty, > > - struct tty_driver *driver, int idx); > > extern void deinitialize_tty_struct(struct tty_struct *tty); > > extern struct tty_struct *tty_init_dev(struct tty_driver *driver, int > > idx); > > extern int tty_release(struct inode *inode, struct file *filp); > > > > -- Ben Hutchings I haven't lost my mind; it's backed up on tape somewhere.

6 years, 8 months

1
0
0 0

What is the expected date of release for 4.19

by salil GK

Hello I would like to know the expected date of release of 4.19 kernel. Thanks ~S

6 years, 8 months

2
1
0 0

URGENT RESPONSE NEEDED

by Sean Kim.

Hello my dear. Did you receive my email message to you? Please, get back to me ASAP as the matter is becoming late. Expecting your urgent response. Sean.

6 years, 8 months

1
0
0 0

patch "usb: xhci: pci: Enable Intel USB role mux on Apollo Lake platforms" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: xhci: pci: Enable Intel USB role mux on Apollo Lake platforms to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From c02588a352defaf985fc1816eb6232663159e1b8 Mon Sep 17 00:00:00 2001 From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Date: Mon, 1 Oct 2018 18:53:05 +0300 Subject: usb: xhci: pci: Enable Intel USB role mux on Apollo Lake platforms Intel Apollo Lake has the same internal USB role mux as Intel Cherry Trail. Cc: <stable(a)vger.kernel.org> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/xhci-pci.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 722860eb5a91..51dd8e00c4f8 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -179,10 +179,12 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) xhci->quirks |= XHCI_PME_STUCK_QUIRK; } if (pdev->vendor == PCI_VENDOR_ID_INTEL && - pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) { + pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) xhci->quirks |= XHCI_SSIC_PORT_UNUSED; + if (pdev->vendor == PCI_VENDOR_ID_INTEL && + (pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || + pdev->device == PCI_DEVICE_ID_INTEL_APL_XHCI)) xhci->quirks |= XHCI_INTEL_USB_ROLE_SW; - } if (pdev->vendor == PCI_VENDOR_ID_INTEL && (pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI || -- 2.19.1

6 years, 8 months

1
0
0 0

patch "usb: roles: intel_xhci: Fix Unbalanced pm_runtime_enable" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: roles: intel_xhci: Fix Unbalanced pm_runtime_enable to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 009b1948e153ae448f62f1887e2b58d0e05db51b Mon Sep 17 00:00:00 2001 From: Wan Ahmad Zainie <wan.ahmad.zainie.wan.mohamad(a)intel.com> Date: Tue, 9 Oct 2018 12:52:47 +0800 Subject: usb: roles: intel_xhci: Fix Unbalanced pm_runtime_enable Add missing pm_runtime_disable() to remove(), in order to avoid an Unbalanced pm_runtime_enable when the module is removed and re-probed. Error log: root@intel-corei7-64:~# modprobe -r intel_xhci_usb_role_switch root@intel-corei7-64:~# modprobe intel_xhci_usb_role_switch intel_xhci_usb_sw intel_xhci_usb_sw: Unbalanced pm_runtime_enable! Fixes: cb2968468605 (usb: roles: intel_xhci: Enable runtime PM) Cc: <stable(a)vger.kernel.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Signed-off-by: Wan Ahmad Zainie <wan.ahmad.zainie.wan.mohamad(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/roles/intel-xhci-usb-role-switch.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/roles/intel-xhci-usb-role-switch.c b/drivers/usb/roles/intel-xhci-usb-role-switch.c index 1fb3dd0f1dfa..277de96181f9 100644 --- a/drivers/usb/roles/intel-xhci-usb-role-switch.c +++ b/drivers/usb/roles/intel-xhci-usb-role-switch.c @@ -161,6 +161,8 @@ static int intel_xhci_usb_remove(struct platform_device *pdev) { struct intel_xhci_usb_data *data = platform_get_drvdata(pdev); + pm_runtime_disable(&pdev->dev); + usb_role_switch_unregister(data->role_sw); return 0; } -- 2.19.1

6 years, 8 months

1
0
0 0

patch "cdc-acm: correct counting of UART states in serial state notification" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cdc-acm: correct counting of UART states in serial state notification to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From f976d0e5747ca65ccd0fb2a4118b193d70aa1836 Mon Sep 17 00:00:00 2001 From: Tobias Herzog <t-herzog(a)gmx.de> Date: Sat, 22 Sep 2018 22:11:11 +0200 Subject: cdc-acm: correct counting of UART states in serial state notification The usb standard ("Universal Serial Bus Class Definitions for Communication Devices") distiguishes between "consistent signals" (DSR, DCD), and "irregular signals" (break, ring, parity error, framing error, overrun). The bits of "irregular signals" are set, if this error/event occurred on the device side and are immeadeatly unset, if the serial state notification was sent. Like other drivers of real serial ports do, just the occurence of those events should be counted in serial_icounter_struct (but no 1->0 transitions). Signed-off-by: Tobias Herzog <t-herzog(a)gmx.de> Acked-by: Oliver Neukum <oneukum(a)suse.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/class/cdc-acm.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index e43ea9641416..9ede35cecb12 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -310,17 +310,17 @@ static void acm_process_notification(struct acm *acm, unsigned char *buf) if (difference & ACM_CTRL_DSR) acm->iocount.dsr++; - if (difference & ACM_CTRL_BRK) - acm->iocount.brk++; - if (difference & ACM_CTRL_RI) - acm->iocount.rng++; if (difference & ACM_CTRL_DCD) acm->iocount.dcd++; - if (difference & ACM_CTRL_FRAMING) + if (newctrl & ACM_CTRL_BRK) + acm->iocount.brk++; + if (newctrl & ACM_CTRL_RI) + acm->iocount.rng++; + if (newctrl & ACM_CTRL_FRAMING) acm->iocount.frame++; - if (difference & ACM_CTRL_PARITY) + if (newctrl & ACM_CTRL_PARITY) acm->iocount.parity++; - if (difference & ACM_CTRL_OVERRUN) + if (newctrl & ACM_CTRL_OVERRUN) acm->iocount.overrun++; spin_unlock_irqrestore(&acm->read_lock, flags); -- 2.19.1

6 years, 8 months

1
0
0 0

patch "usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control()" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 81f7567c51ad97668d1c3a48e8ecc482e64d4161 Mon Sep 17 00:00:00 2001 From: "Shuah Khan (Samsung OSG)" <shuah(a)kernel.org> Date: Fri, 5 Oct 2018 16:17:44 -0600 Subject: usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() vhci_hub_control() accesses port_status array with out of bounds port value. Fix it to reference port_status[] only with a valid rhport value when invalid_rhport flag is true. The invalid_rhport flag is set early on after detecting in port value is within the bounds or not. The following is used reproduce the problem and verify the fix: C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14ed8ab6400000 Reported-by: syzbot+bccc1fe10b70fadc78d0(a)syzkaller.appspotmail.com Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Shuah Khan (Samsung OSG) <shuah(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/usbip/vhci_hcd.c | 57 ++++++++++++++++++++++++++---------- 1 file changed, 42 insertions(+), 15 deletions(-) diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c index d11f3f8dad40..1e592ec94ba4 100644 --- a/drivers/usb/usbip/vhci_hcd.c +++ b/drivers/usb/usbip/vhci_hcd.c @@ -318,8 +318,9 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, struct vhci_hcd *vhci_hcd; struct vhci *vhci; int retval = 0; - int rhport; + int rhport = -1; unsigned long flags; + bool invalid_rhport = false; u32 prev_port_status[VHCI_HC_PORTS]; @@ -334,9 +335,19 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, usbip_dbg_vhci_rh("typeReq %x wValue %x wIndex %x\n", typeReq, wValue, wIndex); - if (wIndex > VHCI_HC_PORTS) - pr_err("invalid port number %d\n", wIndex); - rhport = wIndex - 1; + /* + * wIndex can be 0 for some request types (typeReq). rhport is + * in valid range when wIndex >= 1 and < VHCI_HC_PORTS. + * + * Reference port_status[] only with valid rhport when + * invalid_rhport is false. + */ + if (wIndex < 1 || wIndex > VHCI_HC_PORTS) { + invalid_rhport = true; + if (wIndex > VHCI_HC_PORTS) + pr_err("invalid port number %d\n", wIndex); + } else + rhport = wIndex - 1; vhci_hcd = hcd_to_vhci_hcd(hcd); vhci = vhci_hcd->vhci; @@ -345,8 +356,9 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, /* store old status and compare now and old later */ if (usbip_dbg_flag_vhci_rh) { - memcpy(prev_port_status, vhci_hcd->port_status, - sizeof(prev_port_status)); + if (!invalid_rhport) + memcpy(prev_port_status, vhci_hcd->port_status, + sizeof(prev_port_status)); } switch (typeReq) { @@ -354,8 +366,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, usbip_dbg_vhci_rh(" ClearHubFeature\n"); break; case ClearPortFeature: - if (rhport < 0) + if (invalid_rhport) { + pr_err("invalid port number %d\n", wIndex); goto error; + } switch (wValue) { case USB_PORT_FEAT_SUSPEND: if (hcd->speed == HCD_USB3) { @@ -415,9 +429,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, break; case GetPortStatus: usbip_dbg_vhci_rh(" GetPortStatus port %x\n", wIndex); - if (wIndex < 1) { + if (invalid_rhport) { pr_err("invalid port number %d\n", wIndex); retval = -EPIPE; + goto error; } /* we do not care about resume. */ @@ -513,16 +528,20 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, goto error; } - if (rhport < 0) + if (invalid_rhport) { + pr_err("invalid port number %d\n", wIndex); goto error; + } vhci_hcd->port_status[rhport] |= USB_PORT_STAT_SUSPEND; break; case USB_PORT_FEAT_POWER: usbip_dbg_vhci_rh( " SetPortFeature: USB_PORT_FEAT_POWER\n"); - if (rhport < 0) + if (invalid_rhport) { + pr_err("invalid port number %d\n", wIndex); goto error; + } if (hcd->speed == HCD_USB3) vhci_hcd->port_status[rhport] |= USB_SS_PORT_STAT_POWER; else @@ -531,8 +550,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, case USB_PORT_FEAT_BH_PORT_RESET: usbip_dbg_vhci_rh( " SetPortFeature: USB_PORT_FEAT_BH_PORT_RESET\n"); - if (rhport < 0) + if (invalid_rhport) { + pr_err("invalid port number %d\n", wIndex); goto error; + } /* Applicable only for USB3.0 hub */ if (hcd->speed != HCD_USB3) { pr_err("USB_PORT_FEAT_BH_PORT_RESET req not " @@ -543,8 +564,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, case USB_PORT_FEAT_RESET: usbip_dbg_vhci_rh( " SetPortFeature: USB_PORT_FEAT_RESET\n"); - if (rhport < 0) + if (invalid_rhport) { + pr_err("invalid port number %d\n", wIndex); goto error; + } /* if it's already enabled, disable */ if (hcd->speed == HCD_USB3) { vhci_hcd->port_status[rhport] = 0; @@ -565,8 +588,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, default: usbip_dbg_vhci_rh(" SetPortFeature: default %d\n", wValue); - if (rhport < 0) + if (invalid_rhport) { + pr_err("invalid port number %d\n", wIndex); goto error; + } if (hcd->speed == HCD_USB3) { if ((vhci_hcd->port_status[rhport] & USB_SS_PORT_STAT_POWER) != 0) { @@ -608,7 +633,7 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, if (usbip_dbg_flag_vhci_rh) { pr_debug("port %d\n", rhport); /* Only dump valid port status */ - if (rhport >= 0) { + if (!invalid_rhport) { dump_port_status_diff(prev_port_status[rhport], vhci_hcd->port_status[rhport], hcd->speed == HCD_USB3); @@ -618,8 +643,10 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, spin_unlock_irqrestore(&vhci->lock, flags); - if ((vhci_hcd->port_status[rhport] & PORT_C_MASK) != 0) + if (!invalid_rhport && + (vhci_hcd->port_status[rhport] & PORT_C_MASK) != 0) { usb_hcd_poll_rh_status(hcd); + } return retval; } -- 2.19.1

6 years, 8 months

1
0
0 0

patch "cdc-acm: fix race between reset and control messaging" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cdc-acm: fix race between reset and control messaging to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 9397940ed812b942c520e0c25ed4b2c64d57e8b9 Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum(a)suse.com> Date: Thu, 4 Oct 2018 15:49:06 +0200 Subject: cdc-acm: fix race between reset and control messaging If a device splits up a control message and a reset() happens between the parts, the message is lost and already recieved parts must be dropped. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Fixes: 1aba579f3cf51 ("cdc-acm: handle read pipe errors") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/class/cdc-acm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index bc03b0a690b4..1833912f7f5f 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -1642,6 +1642,7 @@ static int acm_pre_reset(struct usb_interface *intf) struct acm *acm = usb_get_intfdata(intf); clear_bit(EVENT_RX_STALL, &acm->flags); + acm->nb_index = 0; /* pending control transfers are lost */ return 0; } -- 2.19.1

6 years, 8 months

1
0
0 0

patch "cdc-acm: do not reset notification buffer index upon urb unlinking" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled cdc-acm: do not reset notification buffer index upon urb unlinking to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From dae3ddba36f8c337fb59cef07d564da6fc9b7551 Mon Sep 17 00:00:00 2001 From: Tobias Herzog <t-herzog(a)gmx.de> Date: Sat, 22 Sep 2018 22:11:10 +0200 Subject: cdc-acm: do not reset notification buffer index upon urb unlinking Resetting the write index of the notification buffer on urb unlink (e.g. closing a cdc-acm device from userspace) may lead to wrong interpretation of further received notifications, in case the index is not 0 when urb unlink happens (i.e. when parts of a notification already have been transferred). On the device side there is no "reset" of the notification transimission and thus we would get out of sync with the device. Signed-off-by: Tobias Herzog <t-herzog(a)gmx.de> Acked-by: Oliver Neukum <oneukum(a)suse.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/class/cdc-acm.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c index 1833912f7f5f..e43ea9641416 100644 --- a/drivers/usb/class/cdc-acm.c +++ b/drivers/usb/class/cdc-acm.c @@ -355,7 +355,6 @@ static void acm_ctrl_irq(struct urb *urb) case -ENOENT: case -ESHUTDOWN: /* this urb is terminated, clean up */ - acm->nb_index = 0; dev_dbg(&acm->control->dev, "%s - urb shutting down with status: %d\n", __func__, status); -- 2.19.1

6 years, 8 months

1
0
0 0

[PATCH] iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()

by Luca Coelho

From: Luca Coelho <luciano.coelho(a)intel.com> The rs_rate_from_ucode_rate() function may return -EINVAL if the rate is invalid, but none of the callsites check for the error, potentially making us access arrays with index IWL_RATE_INVALID, which is larger than the arrays, causing an out-of-bounds access. This will trigger KASAN warnings, such as the one reported in the bugzilla issue mentioned below. This fixes https://bugzilla.kernel.org/show_bug.cgi?id=200659 Cc: stable(a)vger.kernel.org Signed-off-by: Luca Coelho <luciano.coelho(a)intel.com> --- drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 24 ++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rs.c b/drivers/net/wireless/intel/iwlwifi/mvm/rs.c index 2c75f51a04e4..089972280daa 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/rs.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/rs.c @@ -1239,7 +1239,11 @@ void iwl_mvm_rs_tx_status(struct iwl_mvm *mvm, struct ieee80211_sta *sta, !(info->flags & IEEE80211_TX_STAT_AMPDU)) return; - rs_rate_from_ucode_rate(tx_resp_hwrate, info->band, &tx_resp_rate); + if (rs_rate_from_ucode_rate(tx_resp_hwrate, info->band, + &tx_resp_rate)) { + WARN_ON_ONCE(1); + return; + } #ifdef CONFIG_MAC80211_DEBUGFS /* Disable last tx check if we are debugging with fixed rate but @@ -1290,7 +1294,10 @@ void iwl_mvm_rs_tx_status(struct iwl_mvm *mvm, struct ieee80211_sta *sta, */ table = &lq_sta->lq; lq_hwrate = le32_to_cpu(table->rs_table[0]); - rs_rate_from_ucode_rate(lq_hwrate, info->band, &lq_rate); + if (rs_rate_from_ucode_rate(lq_hwrate, info->band, &lq_rate)) { + WARN_ON_ONCE(1); + return; + } /* Here we actually compare this rate to the latest LQ command */ if (lq_color != LQ_FLAG_COLOR_GET(table->flags)) { @@ -1392,8 +1399,12 @@ void iwl_mvm_rs_tx_status(struct iwl_mvm *mvm, struct ieee80211_sta *sta, /* Collect data for each rate used during failed TX attempts */ for (i = 0; i <= retries; ++i) { lq_hwrate = le32_to_cpu(table->rs_table[i]); - rs_rate_from_ucode_rate(lq_hwrate, info->band, - &lq_rate); + if (rs_rate_from_ucode_rate(lq_hwrate, info->band, + &lq_rate)) { + WARN_ON_ONCE(1); + return; + } + /* * Only collect stats if retried rate is in the same RS * table as active/search. @@ -3260,7 +3271,10 @@ static void rs_build_rates_table_from_fixed(struct iwl_mvm *mvm, for (i = 0; i < num_rates; i++) lq_cmd->rs_table[i] = ucode_rate_le32; - rs_rate_from_ucode_rate(ucode_rate, band, &rate); + if (rs_rate_from_ucode_rate(ucode_rate, band, &rate)) { + WARN_ON_ONCE(1); + return; + } if (is_mimo(&rate)) lq_cmd->mimo_delim = num_rates - 1; -- 2.19.1

6 years, 8 months

3
2
0 0

Linux 3.18.124

by Greg KH

I'm announcing the release of the 3.18.124 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-mvebu/pmsu.c | 6 - arch/arm64/include/asm/kvm_emulate.h | 5 + arch/arm64/kernel/entry.S | 3 arch/arm64/kvm/guest.c | 55 +++++++++++++++ arch/hexagon/include/asm/bitops.h | 4 - arch/hexagon/kernel/dma.c | 2 arch/powerpc/kernel/machine_kexec.c | 7 +- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 arch/s390/mm/extmem.c | 4 - arch/x86/kernel/tsc_msr.c | 1 arch/x86/mm/numa_emulation.c | 2 arch/x86/vdso/vclock_gettime.c | 26 ++++--- crypto/ablkcipher.c | 2 crypto/blkcipher.c | 1 drivers/base/power/main.c | 5 + drivers/block/floppy.c | 3 drivers/crypto/mxs-dcp.c | 53 ++++++++------- drivers/gpio/gpio-adp5588.c | 24 +++++- drivers/hid/hid-core.c | 3 drivers/hid/hid-ids.h | 2 drivers/hid/hid-ntrig.c | 2 drivers/hid/hid-sony.c | 6 + drivers/hwmon/adt7475.c | 14 ++-- drivers/infiniband/core/ucma.c | 6 + drivers/md/dm-thin-metadata.c | 34 +++++++++ drivers/md/dm-thin.c | 73 ++++++++++++++++++--- drivers/md/raid10.c | 5 + drivers/media/i2c/soc_camera/ov772x.c | 2 drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 ++- drivers/media/platform/s3c-camif/camif-capture.c | 2 drivers/media/usb/tm6000/tm6000-dvb.c | 5 + drivers/media/usb/uvc/uvc_video.c | 24 +++++- drivers/media/v4l2-core/v4l2-event.c | 37 +++++----- drivers/media/v4l2-core/v4l2-fh.c | 2 drivers/misc/tsl2550.c | 2 drivers/mtd/spi-nor/fsl-quadspi.c | 20 ++--- drivers/net/appletalk/ipddp.c | 8 +- drivers/net/ethernet/cadence/macb.c | 2 drivers/net/ethernet/hp/hp100.c | 2 drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 9 +- drivers/net/wireless/rndis_wlan.c | 2 drivers/net/wireless/ti/wlcore/cmd.c | 6 + drivers/pci/pci.c | 27 +++++-- drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/scsi/bnx2i/bnx2i_hwi.c | 2 drivers/scsi/ibmvscsi/ibmvscsi.c | 4 - drivers/spi/spi-rspi.c | 10 +- drivers/spi/spi-sh-msiof.c | 3 drivers/spi/spi-tegra20-slink.c | 31 ++++++-- drivers/staging/android/ashmem.c | 6 + drivers/staging/android/ion/ion.c | 60 ++++++++++------- drivers/target/iscsi/iscsi_target_auth.c | 45 ++++-------- drivers/target/iscsi/iscsi_target_tpg.c | 3 drivers/thermal/of-thermal.c | 7 +- drivers/tty/serial/8250/serial_cs.c | 6 + drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 ++ drivers/usb/class/cdc-wdm.c | 2 drivers/usb/core/devio.c | 24 ++++++ drivers/usb/core/driver.c | 28 ++++---- drivers/usb/core/usb.c | 2 drivers/usb/misc/yurex.c | 3 drivers/usb/serial/kobil_sct.c | 12 ++- drivers/usb/serial/usb-serial-simple.c | 3 drivers/usb/wusbcore/security.c | 2 drivers/uwb/hwa-rc.c | 1 drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 + drivers/xen/events/events_base.c | 2 drivers/xen/manage.c | 6 + fs/cifs/cifs_unicode.c | 3 fs/cifs/cifssmb.c | 11 ++- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 fs/ext4/balloc.c | 21 +++--- fs/ext4/dir.c | 20 ++--- fs/ext4/ext4.h | 8 -- fs/ext4/ext4_extents.h | 1 fs/ext4/extents.c | 6 + fs/ext4/ialloc.c | 19 ++++- fs/ext4/inline.c | 42 +----------- fs/ext4/inode.c | 3 fs/ext4/mballoc.c | 6 + fs/ext4/mmp.c | 1 fs/ext4/resize.c | 20 +++++ fs/ext4/super.c | 14 +++- fs/ext4/xattr.c | 49 ++++++-------- fs/jbd2/transaction.c | 2 fs/nfsd/nfs4proc.c | 1 fs/ocfs2/buffer_head_io.c | 1 fs/ocfs2/dlm/dlmmaster.c | 4 - fs/proc/base.c | 14 ++++ fs/seq_file.c | 7 +- fs/ubifs/super.c | 3 include/linux/netfilter_bridge/ebtables.h | 5 + include/linux/seq_file.h | 13 +-- include/linux/slub_def.h | 3 include/media/v4l2-fh.h | 1 kernel/cgroup.c | 6 + kernel/module.c | 6 + kernel/time/alarmtimer.c | 3 kernel/trace/ring_buffer.c | 2 mm/madvise.c | 2 mm/shmem.c | 2 mm/slub.c | 6 - net/bridge/netfilter/ebt_arpreply.c | 3 net/core/neighbour.c | 13 ++- net/ipv4/af_inet.c | 1 net/ipv6/ip6_offload.c | 1 net/ipv6/ip6_output.c | 3 net/mac80211/cfg.c | 2 net/mac80211/ibss.c | 22 +++--- net/mac80211/main.c | 26 ++++++- net/mac80211/mlme.c | 53 +++++++++++++++ net/wireless/nl80211.c | 1 sound/aoa/core/gpio-feature.c | 4 - sound/firewire/bebob/bebob_maudio.c | 24 ++++-- sound/pci/emu10k1/emufx.c | 2 sound/pci/hda/hda_intel.c | 3 sound/soc/codecs/cs4265.c | 4 - sound/soc/soc-dapm.c | 7 ++ tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 - 124 files changed, 891 insertions(+), 404 deletions(-) Akinobu Mita (2): media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power media: soc_camera: ov772x: correct setting of banding filter Alan Stern (3): USB: fix error handling in usb_driver_claim_interface() USB: handle NULL config in usb_find_alt_setting() USB: remove LPM management from usb_driver_claim_interface() Alexey Dobriyan (1): slub: make ->cpu_partial unsigned int Alistair Strachan (1): staging: android: ashmem: Fix mmap size validation Andy Lutomirski (2): x86/vdso: Fix asm constraints on vDSO syscall fallbacks x86/vdso: Fix vDSO syscall fallback asm constraint regression Andy Shevchenko (1): x86/tsc: Add missing header to tsc_msr.c Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Anton Vasilyev (1): uwb: hwa-rc: fix memory leak at probe Arunk Khandavalli (1): cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Ashish Samant (1): ocfs2: fix locking for res->tracking and dlm->tracking_list Aurelien Aptel (1): smb2: fix missing files in root share directory listing Bart Van Assche (1): scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Breno Leitao (1): scsi: ibmvscsi: Improve strings handling Catalin Marinas (1): arm64: Add trace_hardirqs_off annotation in ret_to_user Christophe Leroy (1): serial: cpm_uart: return immediately from console poll Colin Ian King (1): net: hp100: fix always-true check for link up state Dan Carpenter (3): rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() hwmon: (adt7475) Make adt7475_read_word() return errors cifs: read overflow in is_valid_oplock_break() Dan Williams (1): x86/numa_emulation: Fix emulated-to-physical node mapping Danek Duvall (1): mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Daniel Black (1): mm: madvise(MADV_DODUMP): allow hugetlbfs pages Daniel Drake (1): PCI: Reprogram bridge prefetch registers on resume Dave Martin (1): arm64: KVM: Tighten guest core register access from userspace Emmanuel Grumbach (2): mac80211: fix a race between restart and CSA flows mac80211: shorten the IBSS debug messages Eric Dumazet (1): ipv6: fix possible use-after-free in ip6_xmit() Ethan Tuttle (1): ARM: mvebu: declare asm symbols as character arrays in pmsu.c Felix Fietkau (1): mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Gao Feng (1): ebtables: arpreply: Add the standard target sanity check Geert Uytterhoeven (1): spi: rspi: Fix interrupted DMA transfers Greg Hackmann (1): staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free Greg Kroah-Hartman (1): Linux 3.18.124 Han Xu (1): mtd: fsl-quadspi: fix macro collision problems with READ/WRITE Hari Bathini (1): powerpc/kdump: Handle crashkernel memory reservation failure Hiromitsu Yamasaki (1): spi: sh-msiof: Fix handling of write value for SISTR register Ilan Peer (1): mac80211: Fix station bandwidth setting after channel switch J. Bruce Fields (1): nfsd: fix corrupted reply to badly ordered compound Jann Horn (2): RDMA/ucma: check fd type in ucma_migrate_id() proc: restrict kernel stack dumps to root Jessica Yu (1): module: exclude SHN_UNDEF symbols from kallsyms api Jia-Ju Bai (1): net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Joel Fernandes (Google) (1): mm: shmem.c: Correctly annotate new inodes for lockdep Johan Hovold (2): USB: serial: kobil_sct: fix modem-status error handling USB: serial: simple: add Motorola Tetra MTP6550 id Jon Kuhn (1): fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julia Lawall (1): usb: wusbcore: security: cast sizeof to int for comparison Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Junxiao Bi (1): ocfs2: fix ocfs2 read block panic Kai-Heng Feng (2): ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Leonard Crestez (1): crypto: mxs-dcp - Fix wait logic on chan threads Li Dongyang (1): ext4: don't mark mmp buffer head dirty Liam Girdwood (1): ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Linus Torvalds (1): Make file credentials available to the seqfile interfaces Marc Zyngier (1): arm64: KVM: Sanitize PSTATE.M when being set from userspace Marcel Ziswiler (1): spi: tegra20-slink: explicitly enable/disable clock Matt Ranostay (1): tsl2550: fix lux1_input error in low light Michael Hennerich (1): gpio: adp5588: Fix sleep-in-atomic-context bug Mike Snitzer (1): dm thin metadata: fix __udivdi3 undefined on 32-bit Naoya Horiguchi (2): tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning Nicholas Mc Guire (1): ALSA: snd-aoa: add of_node_put() in error path Oliver Neukum (2): USB: usbdevfs: sanitize flags more USB: usbdevfs: restore warning for nonsensical flags Paul Mackerras (1): KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Prateek Sood (1): cgroup: Fix deadlock in cpu hotplug path Rafael J. Wysocki (1): PM / core: Clear the direct_complete flag on errors Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Richard Weinberger (1): ubifs: Check for name being NULL while mounting Roderick Colenbrander (2): HID: sony: Update device ids HID: sony: Support DS4 dongle Sakari Ailus (1): media: v4l: event: Prevent freeing event subscriptions while accessed Sebastian Andrzej Siewior (1): Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Stafford Horne (1): crypto: skcipher - Fix -Wstringop-truncation warnings Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Sylwester Nawrocki (1): media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Sébastien Szymanski (1): ASoC: cs4265: fix MMTLR Data switch control Takashi Sakamoto (1): ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping Theodore Ts'o (14): ext4: avoid divide by zero fault when deleting corrupted inline directories ext4: recalucate superblock checksum after updating free blocks/inodes ext4: fix online resize's handling of a too-small final block group ext4: verify the depth of extent tree in ext4_find_extent() ext4: only look at the bg_flags field if it is valid ext4: fix check to prevent initializing reserved inodes ext4: always check block group bounds in ext4_init_block_bitmap() ext4: fix false negatives *and* false positives in ext4_check_descriptors() ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks ext4: never move the system.data xattr out of the inode body ext4: add more inode number paranoia checks jbd2: don't mark block as modified if the handle is out of credits ext4: avoid running out of journal credits when appending to an inline file Thomas Gleixner (1): alarmtimer: Prevent overflow for relative nanosleep Toke Høiland-Jørgensen (1): gso_segment: Reset skb->mac_len after modifying network header Tomi Valkeinen (1): fbdev/omapfb: fix omapfb_memory_read infoleak Tony Lindgren (1): wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Vaibhav Nagarnaik (1): ring-buffer: Allow for rescheduling when removing pages Vasily Gorbik (1): s390/extmem: fix gcc 8 stringop-overflow warning Vasily Khoruzhick (1): neighbour: confirm neigh entries when ARP packet is received Vincent Pelletier (2): scsi: target: iscsi: Use hex2bin instead of a re-implementation scsi: target: iscsi: Use bin2hex instead of a re-implementation Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Willy Tarreau (2): ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT Xiao Ni (1): RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Zhouyang Jia (4): drivers/tty: add error handling for pcmcia_loop_config media: tm6000: add error handling for dvb_register_adapter HID: hid-ntrig: add error handling for sysfs_create_group scsi: bnx2i: add error handling for ioremap_nocache ming_qian (1): media: uvcvideo: Support realtek's UVC 1.5 device

6 years, 8 months

1
1
0 0

Linux 3.18.123

by Greg KH

I'm announcing the release of the 3.18.124 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-mvebu/pmsu.c | 6 - arch/arm64/include/asm/kvm_emulate.h | 5 + arch/arm64/kernel/entry.S | 3 arch/arm64/kvm/guest.c | 55 +++++++++++++++ arch/hexagon/include/asm/bitops.h | 4 - arch/hexagon/kernel/dma.c | 2 arch/powerpc/kernel/machine_kexec.c | 7 +- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 arch/s390/mm/extmem.c | 4 - arch/x86/kernel/tsc_msr.c | 1 arch/x86/mm/numa_emulation.c | 2 arch/x86/vdso/vclock_gettime.c | 26 ++++--- crypto/ablkcipher.c | 2 crypto/blkcipher.c | 1 drivers/base/power/main.c | 5 + drivers/block/floppy.c | 3 drivers/crypto/mxs-dcp.c | 53 ++++++++------- drivers/gpio/gpio-adp5588.c | 24 +++++- drivers/hid/hid-core.c | 3 drivers/hid/hid-ids.h | 2 drivers/hid/hid-ntrig.c | 2 drivers/hid/hid-sony.c | 6 + drivers/hwmon/adt7475.c | 14 ++-- drivers/infiniband/core/ucma.c | 6 + drivers/md/dm-thin-metadata.c | 34 +++++++++ drivers/md/dm-thin.c | 73 ++++++++++++++++++--- drivers/md/raid10.c | 5 + drivers/media/i2c/soc_camera/ov772x.c | 2 drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 ++- drivers/media/platform/s3c-camif/camif-capture.c | 2 drivers/media/usb/tm6000/tm6000-dvb.c | 5 + drivers/media/usb/uvc/uvc_video.c | 24 +++++- drivers/media/v4l2-core/v4l2-event.c | 37 +++++----- drivers/media/v4l2-core/v4l2-fh.c | 2 drivers/misc/tsl2550.c | 2 drivers/mtd/spi-nor/fsl-quadspi.c | 20 ++--- drivers/net/appletalk/ipddp.c | 8 +- drivers/net/ethernet/cadence/macb.c | 2 drivers/net/ethernet/hp/hp100.c | 2 drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 +- drivers/net/ethernet/realtek/r8169.c | 9 +- drivers/net/wireless/rndis_wlan.c | 2 drivers/net/wireless/ti/wlcore/cmd.c | 6 + drivers/pci/pci.c | 27 +++++-- drivers/s390/net/qeth_l2_main.c | 2 drivers/s390/net/qeth_l3_main.c | 2 drivers/scsi/bnx2i/bnx2i_hwi.c | 2 drivers/scsi/ibmvscsi/ibmvscsi.c | 4 - drivers/spi/spi-rspi.c | 10 +- drivers/spi/spi-sh-msiof.c | 3 drivers/spi/spi-tegra20-slink.c | 31 ++++++-- drivers/staging/android/ashmem.c | 6 + drivers/staging/android/ion/ion.c | 60 ++++++++++------- drivers/target/iscsi/iscsi_target_auth.c | 45 ++++-------- drivers/target/iscsi/iscsi_target_tpg.c | 3 drivers/thermal/of-thermal.c | 7 +- drivers/tty/serial/8250/serial_cs.c | 6 + drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 ++ drivers/usb/class/cdc-wdm.c | 2 drivers/usb/core/devio.c | 24 ++++++ drivers/usb/core/driver.c | 28 ++++---- drivers/usb/core/usb.c | 2 drivers/usb/misc/yurex.c | 3 drivers/usb/serial/kobil_sct.c | 12 ++- drivers/usb/serial/usb-serial-simple.c | 3 drivers/usb/wusbcore/security.c | 2 drivers/uwb/hwa-rc.c | 1 drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 + drivers/xen/events/events_base.c | 2 drivers/xen/manage.c | 6 + fs/cifs/cifs_unicode.c | 3 fs/cifs/cifssmb.c | 11 ++- fs/cifs/misc.c | 8 ++ fs/cifs/smb2ops.c | 2 fs/ext4/balloc.c | 21 +++--- fs/ext4/dir.c | 20 ++--- fs/ext4/ext4.h | 8 -- fs/ext4/ext4_extents.h | 1 fs/ext4/extents.c | 6 + fs/ext4/ialloc.c | 19 ++++- fs/ext4/inline.c | 42 +----------- fs/ext4/inode.c | 3 fs/ext4/mballoc.c | 6 + fs/ext4/mmp.c | 1 fs/ext4/resize.c | 20 +++++ fs/ext4/super.c | 14 +++- fs/ext4/xattr.c | 49 ++++++-------- fs/jbd2/transaction.c | 2 fs/nfsd/nfs4proc.c | 1 fs/ocfs2/buffer_head_io.c | 1 fs/ocfs2/dlm/dlmmaster.c | 4 - fs/proc/base.c | 14 ++++ fs/seq_file.c | 7 +- fs/ubifs/super.c | 3 include/linux/netfilter_bridge/ebtables.h | 5 + include/linux/seq_file.h | 13 +-- include/linux/slub_def.h | 3 include/media/v4l2-fh.h | 1 kernel/cgroup.c | 6 + kernel/module.c | 6 + kernel/time/alarmtimer.c | 3 kernel/trace/ring_buffer.c | 2 mm/madvise.c | 2 mm/shmem.c | 2 mm/slub.c | 6 - net/bridge/netfilter/ebt_arpreply.c | 3 net/core/neighbour.c | 13 ++- net/ipv4/af_inet.c | 1 net/ipv6/ip6_offload.c | 1 net/ipv6/ip6_output.c | 3 net/mac80211/cfg.c | 2 net/mac80211/ibss.c | 22 +++--- net/mac80211/main.c | 26 ++++++- net/mac80211/mlme.c | 53 +++++++++++++++ net/wireless/nl80211.c | 1 sound/aoa/core/gpio-feature.c | 4 - sound/firewire/bebob/bebob_maudio.c | 24 ++++-- sound/pci/emu10k1/emufx.c | 2 sound/pci/hda/hda_intel.c | 3 sound/soc/codecs/cs4265.c | 4 - sound/soc/soc-dapm.c | 7 ++ tools/vm/page-types.c | 6 - tools/vm/slabinfo.c | 4 - 124 files changed, 891 insertions(+), 404 deletions(-) Akinobu Mita (2): media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power media: soc_camera: ov772x: correct setting of banding filter Alan Stern (3): USB: fix error handling in usb_driver_claim_interface() USB: handle NULL config in usb_find_alt_setting() USB: remove LPM management from usb_driver_claim_interface() Alexey Dobriyan (1): slub: make ->cpu_partial unsigned int Alistair Strachan (1): staging: android: ashmem: Fix mmap size validation Andy Lutomirski (2): x86/vdso: Fix asm constraints on vDSO syscall fallbacks x86/vdso: Fix vDSO syscall fallback asm constraint regression Andy Shevchenko (1): x86/tsc: Add missing header to tsc_msr.c Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Anson Huang (1): thermal: of-thermal: disable passive polling when thermal zone is disabled Anton Vasilyev (1): uwb: hwa-rc: fix memory leak at probe Arunk Khandavalli (1): cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Ashish Samant (1): ocfs2: fix locking for res->tracking and dlm->tracking_list Aurelien Aptel (1): smb2: fix missing files in root share directory listing Bart Van Assche (1): scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Ben Hutchings (1): USB: yurex: Check for truncation in yurex_read() Bo Chen (2): e1000: check on netif_running() before calling e1000_up() e1000: ensure to free old tx/rx rings in set_ringparam() Breno Leitao (1): scsi: ibmvscsi: Improve strings handling Catalin Marinas (1): arm64: Add trace_hardirqs_off annotation in ret_to_user Christophe Leroy (1): serial: cpm_uart: return immediately from console poll Colin Ian King (1): net: hp100: fix always-true check for link up state Dan Carpenter (3): rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() hwmon: (adt7475) Make adt7475_read_word() return errors cifs: read overflow in is_valid_oplock_break() Dan Williams (1): x86/numa_emulation: Fix emulated-to-physical node mapping Danek Duvall (1): mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Daniel Black (1): mm: madvise(MADV_DODUMP): allow hugetlbfs pages Daniel Drake (1): PCI: Reprogram bridge prefetch registers on resume Dave Martin (1): arm64: KVM: Tighten guest core register access from userspace Emmanuel Grumbach (2): mac80211: fix a race between restart and CSA flows mac80211: shorten the IBSS debug messages Eric Dumazet (1): ipv6: fix possible use-after-free in ip6_xmit() Ethan Tuttle (1): ARM: mvebu: declare asm symbols as character arrays in pmsu.c Felix Fietkau (1): mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Gao Feng (1): ebtables: arpreply: Add the standard target sanity check Geert Uytterhoeven (1): spi: rspi: Fix interrupted DMA transfers Greg Hackmann (1): staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free Greg Kroah-Hartman (1): Linux 3.18.124 Han Xu (1): mtd: fsl-quadspi: fix macro collision problems with READ/WRITE Hari Bathini (1): powerpc/kdump: Handle crashkernel memory reservation failure Hiromitsu Yamasaki (1): spi: sh-msiof: Fix handling of write value for SISTR register Ilan Peer (1): mac80211: Fix station bandwidth setting after channel switch J. Bruce Fields (1): nfsd: fix corrupted reply to badly ordered compound Jann Horn (2): RDMA/ucma: check fd type in ucma_migrate_id() proc: restrict kernel stack dumps to root Jessica Yu (1): module: exclude SHN_UNDEF symbols from kallsyms api Jia-Ju Bai (1): net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Joe Thornber (1): dm thin metadata: try to avoid ever aborting transactions Joel Fernandes (Google) (1): mm: shmem.c: Correctly annotate new inodes for lockdep Johan Hovold (2): USB: serial: kobil_sct: fix modem-status error handling USB: serial: simple: add Motorola Tetra MTP6550 id Jon Kuhn (1): fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Josh Abraham (1): xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Julia Lawall (1): usb: wusbcore: security: cast sizeof to int for comparison Julian Wiedmann (1): s390/qeth: don't dump past end of unknown HW header Junxiao Bi (1): ocfs2: fix ocfs2 read block panic Kai-Heng Feng (2): ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Leonard Crestez (1): crypto: mxs-dcp - Fix wait logic on chan threads Li Dongyang (1): ext4: don't mark mmp buffer head dirty Liam Girdwood (1): ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Linus Torvalds (1): Make file credentials available to the seqfile interfaces Marc Zyngier (1): arm64: KVM: Sanitize PSTATE.M when being set from userspace Marcel Ziswiler (1): spi: tegra20-slink: explicitly enable/disable clock Matt Ranostay (1): tsl2550: fix lux1_input error in low light Michael Hennerich (1): gpio: adp5588: Fix sleep-in-atomic-context bug Mike Snitzer (1): dm thin metadata: fix __udivdi3 undefined on 32-bit Naoya Horiguchi (2): tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning Nicholas Mc Guire (1): ALSA: snd-aoa: add of_node_put() in error path Oliver Neukum (2): USB: usbdevfs: sanitize flags more USB: usbdevfs: restore warning for nonsensical flags Paul Mackerras (1): KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Prateek Sood (1): cgroup: Fix deadlock in cpu hotplug path Rafael J. Wysocki (1): PM / core: Clear the direct_complete flag on errors Randy Dunlap (2): arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int Richard Weinberger (1): ubifs: Check for name being NULL while mounting Roderick Colenbrander (2): HID: sony: Update device ids HID: sony: Support DS4 dongle Sakari Ailus (1): media: v4l: event: Prevent freeing event subscriptions while accessed Sebastian Andrzej Siewior (1): Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Stafford Horne (1): crypto: skcipher - Fix -Wstringop-truncation warnings Stephen Rothwell (1): fs/cifs: suppress a string overflow warning Sylwester Nawrocki (1): media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Sébastien Szymanski (1): ASoC: cs4265: fix MMTLR Data switch control Takashi Sakamoto (1): ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping Theodore Ts'o (14): ext4: avoid divide by zero fault when deleting corrupted inline directories ext4: recalucate superblock checksum after updating free blocks/inodes ext4: fix online resize's handling of a too-small final block group ext4: verify the depth of extent tree in ext4_find_extent() ext4: only look at the bg_flags field if it is valid ext4: fix check to prevent initializing reserved inodes ext4: always check block group bounds in ext4_init_block_bitmap() ext4: fix false negatives *and* false positives in ext4_check_descriptors() ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks ext4: never move the system.data xattr out of the inode body ext4: add more inode number paranoia checks jbd2: don't mark block as modified if the handle is out of credits ext4: avoid running out of journal credits when appending to an inline file Thomas Gleixner (1): alarmtimer: Prevent overflow for relative nanosleep Toke Høiland-Jørgensen (1): gso_segment: Reset skb->mac_len after modifying network header Tomi Valkeinen (1): fbdev/omapfb: fix omapfb_memory_read infoleak Tony Lindgren (1): wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Vaibhav Nagarnaik (1): ring-buffer: Allow for rescheduling when removing pages Vasily Gorbik (1): s390/extmem: fix gcc 8 stringop-overflow warning Vasily Khoruzhick (1): neighbour: confirm neigh entries when ARP packet is received Vincent Pelletier (2): scsi: target: iscsi: Use hex2bin instead of a re-implementation scsi: target: iscsi: Use bin2hex instead of a re-implementation Vitaly Kuznetsov (1): xen/manage: don't complain about an empty value in control/sysrq node Willy Tarreau (2): ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT Xiao Ni (1): RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Zhouyang Jia (4): drivers/tty: add error handling for pcmcia_loop_config media: tm6000: add error handling for dvb_register_adapter HID: hid-ntrig: add error handling for sysfs_create_group scsi: bnx2i: add error handling for ioremap_nocache ming_qian (1): media: uvcvideo: Support realtek's UVC 1.5 device

6 years, 8 months

2
3
0 0

Linux 4.18.14

by Greg KH

I'm announcing the release of the 4.18.14 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/kernel/process.c | 20 ++ arch/powerpc/include/asm/setup.h | 1 arch/powerpc/lib/code-patching.c | 14 + arch/powerpc/mm/mem.c | 2 arch/x86/entry/vdso/Makefile | 16 +- arch/x86/entry/vdso/vclock_gettime.c | 26 +-- arch/x86/kvm/mmu.c | 24 ++- arch/x86/kvm/vmx.c | 7 block/blk-mq.c | 4 drivers/base/power/main.c | 5 drivers/clocksource/timer-atmel-pit.c | 20 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 4 drivers/gpu/drm/drm_lease.c | 6 drivers/gpu/drm/drm_syncobj.c | 5 drivers/infiniband/core/ucma.c | 2 drivers/md/dm-cache-metadata.c | 4 drivers/md/dm-cache-target.c | 9 - drivers/md/dm-mpath.c | 14 + drivers/mmc/core/host.c | 2 drivers/mmc/core/slot-gpio.c | 2 drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 - drivers/net/xen-netback/hash.c | 12 - drivers/of/unittest.c | 26 ++- drivers/pci/pci.c | 27 ++- drivers/tty/tty_io.c | 11 + drivers/usb/class/cdc-acm.c | 6 drivers/usb/host/xhci-mtk.c | 4 drivers/usb/host/xhci-pci.c | 2 drivers/usb/serial/option.c | 15 +- drivers/usb/serial/usb-serial-simple.c | 3 drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 fs/f2fs/checkpoint.c | 9 - fs/pstore/ram.c | 29 +++- fs/ubifs/super.c | 3 include/linux/hugetlb.h | 14 + include/linux/mm.h | 6 kernel/events/core.c | 6 mm/huge_memory.c | 2 mm/hugetlb.c | 37 ++++- mm/migrate.c | 3 mm/rmap.c | 42 +++++ mm/vmstat.c | 3 net/mac80211/cfg.c | 2 net/mac80211/iface.c | 3 net/rds/ib.h | 2 net/rds/ib_cm.c | 2 net/rds/ib_recv.c | 10 - net/tipc/netlink_compat.c | 2 net/tipc/socket.c | 17 +- net/tipc/socket.h | 1 tools/testing/selftests/x86/test_vdso.c | 172 ++++++++++++++++++++++++ 53 files changed, 562 insertions(+), 114 deletions(-) Alexandre Belloni (1): clocksource/drivers/timer-atmel-pit: Properly handle error cases Andy Lutomirski (4): x86/vdso: Fix asm constraints on vDSO syscall fallbacks selftests/x86: Add clock_gettime() tests to test_vdso x86/vdso: Only enable vDSO retpolines when enabled and supported x86/vdso: Fix vDSO syscall fallback asm constraint regression Chao Yu (1): f2fs: fix invalid memory access Christophe Leroy (1): powerpc/lib: fix book3s/32 boot failure due to code patching Chunfeng Yun (1): usb: xhci-mtk: resume USB3 roothub first Cong Wang (2): tipc: call start and done ops directly in __tipc_nl_compat_dumpit() ucma: fix a use-after-free in ucma_resolve_ip() Daniel Drake (1): PCI: Reprogram bridge prefetch registers on resume Dmitry Safonov (1): tty: Drop tty->count on tty_reopen() failure Felix Fietkau (2): mac80211: allocate TXQs for active monitor interfaces mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Greg Kroah-Hartman (1): Linux 4.18.14 Guenter Roeck (1): of: unittest: Disable interrupt node tests for old world MAC systems Ilya Dryomov (1): blk-mq: I/O and timer unplugs are inverted in blktrace Jan Beulich (1): xen-netback: fix input validation in xenvif_set_hash_mapping() Jann Horn (2): mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly drm: fix use-after-free read in drm_mode_create_lease_ioctl() Jason Ekstrand (1): drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set Joe Thornber (1): dm cache metadata: ignore hints array being too small during resize Johan Hovold (2): USB: serial: simple: add Motorola Tetra MTP6550 id USB: serial: option: add two-endpoints device-id flag Ka-Cheong Poon (1): rds: rds_ib_recv_alloc_cache() should call alloc_percpu_gfp() instead Kees Cook (1): pstore/ram: Fix failure-path memory leak in ramoops_init Kirill A. Shutemov (1): mm, thp: fix mlocking THP page with migration enabled Kristian Evensen (1): USB: serial: option: improve Quectel EP06 detection Marek Szyprowski (1): mmc: slot-gpio: Fix debounce time to use miliseconds again Mathias Nyman (1): xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Michael Neuling (1): powerpc: Avoid code patching freed init sections Mike Kravetz (1): mm: migration: fix migration of huge PMD shared pages Mike Snitzer (2): dm mpath: fix attached_handler_name leak and dangling hw_handler_name pointer dm cache: fix resize crash if user doesn't reload cache table Rafael J. Wysocki (1): PM / core: Clear the direct_complete flag on errors Reinette Chatre (1): perf/core: Add sanity check to deal with pinned event failure Rex Zhu (1): drm/amdgpu: Fix vce work queue was not cancelled when suspend Richard Weinberger (1): ubifs: Check for name being NULL while mounting Romain Izard (1): usb: cdc_acm: Do not leak URB buffers Sean Christopherson (2): KVM: x86: fix L1TF's MMIO GFN calculation KVM: VMX: check for existence of secondary exec controls before accessing Tomi Valkeinen (1): fbdev/omapfb: fix omapfb_memory_read infoleak Tony Lindgren (1): mmc: core: Fix debounce time to use microseconds Vineet Gupta (1): ARC: clone syscall to setp r25 as thread pointer Zhi Chen (1): ath10k: fix scan crash due to incorrect length calculation

6 years, 8 months

1
1
0 0

Linux 4.14.76

by Greg KH

I'm announcing the release of the 4.14.76 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/kernel/process.c | 20 ++ arch/powerpc/include/asm/setup.h | 1 arch/powerpc/lib/code-patching.c | 45 +++--- arch/powerpc/mm/mem.c | 2 arch/x86/entry/vdso/Makefile | 16 +- arch/x86/entry/vdso/vclock_gettime.c | 26 +-- arch/x86/kvm/mmu.c | 24 ++- block/blk-mq.c | 4 drivers/base/power/main.c | 5 drivers/clocksource/timer-atmel-pit.c | 20 +- drivers/crypto/chelsio/chcr_algo.c | 41 +++-- drivers/crypto/chelsio/chcr_crypto.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 4 drivers/gpu/drm/drm_syncobj.c | 5 drivers/infiniband/core/ucma.c | 2 drivers/md/dm-cache-metadata.c | 4 drivers/md/dm-cache-target.c | 9 - drivers/net/wireless/ath/ath10k/debug.c | 12 + drivers/net/wireless/ath/ath10k/trace.h | 12 - drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 - drivers/net/wireless/ath/ath10k/wmi.c | 2 drivers/net/xen-netback/hash.c | 12 - drivers/nvme/host/fc.c | 4 drivers/of/unittest.c | 26 ++- drivers/pci/pci.c | 27 ++- drivers/tty/tty_io.c | 11 + drivers/usb/class/cdc-acm.c | 6 drivers/usb/host/xhci-mtk.c | 4 drivers/usb/host/xhci-pci.c | 2 drivers/usb/serial/usb-serial-simple.c | 3 drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 drivers/virtio/virtio_balloon.c | 23 ++- fs/f2fs/checkpoint.c | 9 - fs/ubifs/super.c | 3 include/linux/balloon_compaction.h | 35 ++++ include/linux/hugetlb.h | 14 + include/linux/mm.h | 6 kernel/events/core.c | 6 mm/balloon_compaction.c | 28 ++- mm/huge_memory.c | 2 mm/hugetlb.c | 37 ++++- mm/migrate.c | 3 mm/rmap.c | 42 +++++ mm/vmstat.c | 3 net/mac80211/cfg.c | 2 net/rds/ib.h | 2 net/rds/ib_cm.c | 2 net/rds/ib_recv.c | 10 - tools/perf/builtin-script.c | 14 - tools/perf/util/annotate.c | 17 +- tools/perf/util/path.c | 14 + tools/perf/util/path.h | 3 tools/perf/util/setup.py | 2 tools/testing/selftests/x86/test_vdso.c | 172 ++++++++++++++++++++++++ 56 files changed, 660 insertions(+), 158 deletions(-) Alexandre Belloni (1): clocksource/drivers/timer-atmel-pit: Properly handle error cases Andy Lutomirski (4): x86/vdso: Fix asm constraints on vDSO syscall fallbacks selftests/x86: Add clock_gettime() tests to test_vdso x86/vdso: Only enable vDSO retpolines when enabled and supported x86/vdso: Fix vDSO syscall fallback asm constraint regression Arnaldo Carvalho de Melo (1): perf annotate: Use asprintf when formatting objdump command line Carl Huang (1): ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait Chao Yu (1): f2fs: fix invalid memory access Christophe Leroy (2): powerpc/lib/code-patching: refactor patch_instruction() powerpc/lib: fix book3s/32 boot failure due to code patching Chunfeng Yun (1): usb: xhci-mtk: resume USB3 roothub first Cong Wang (1): ucma: fix a use-after-free in ucma_resolve_ip() Daniel Drake (1): PCI: Reprogram bridge prefetch registers on resume Dmitry Safonov (1): tty: Drop tty->count on tty_reopen() failure Felix Fietkau (1): mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Greg Kroah-Hartman (1): Linux 4.14.76 Guenter Roeck (1): of: unittest: Disable interrupt node tests for old world MAC systems Harsh Jain (1): crypto: chelsio - Fix memory corruption in DMA Mapped buffers. Ilya Dryomov (1): blk-mq: I/O and timer unplugs are inverted in blktrace James Smart (1): nvme_fc: fix ctrl create failures racing with workq items Jan Beulich (1): xen-netback: fix input validation in xenvif_set_hash_mapping() Jan Stancek (1): virtio_balloon: fix increment of vb->num_pfns in fill_balloon() Jann Horn (1): mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly Jason Ekstrand (1): drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set Jiri Olsa (2): perf tools: Fix python extension build for gcc 8 perf utils: Move is_directory() to path.h Joe Thornber (1): dm cache metadata: ignore hints array being too small during resize Johan Hovold (1): USB: serial: simple: add Motorola Tetra MTP6550 id Ka-Cheong Poon (1): rds: rds_ib_recv_alloc_cache() should call alloc_percpu_gfp() instead Kirill A. Shutemov (1): mm, thp: fix mlocking THP page with migration enabled Mathias Nyman (1): xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Michael Neuling (1): powerpc: Avoid code patching freed init sections Michael S. Tsirkin (1): virtio_balloon: fix deadlock on OOM Mike Kravetz (1): mm: migration: fix migration of huge PMD shared pages Mike Snitzer (1): dm cache: fix resize crash if user doesn't reload cache table Rafael J. Wysocki (1): PM / core: Clear the direct_complete flag on errors Reinette Chatre (1): perf/core: Add sanity check to deal with pinned event failure Rex Zhu (1): drm/amdgpu: Fix vce work queue was not cancelled when suspend Richard Weinberger (1): ubifs: Check for name being NULL while mounting Romain Izard (1): usb: cdc_acm: Do not leak URB buffers Sean Christopherson (1): KVM: x86: fix L1TF's MMIO GFN calculation Tomi Valkeinen (1): fbdev/omapfb: fix omapfb_memory_read infoleak Vineet Gupta (1): ARC: clone syscall to setp r25 as thread pointer Yu Wang (1): ath10k: fix kernel panic issue during pci probe Zhi Chen (1): ath10k: fix scan crash due to incorrect length calculation

6 years, 8 months

1
1
0 0

Linux 4.9.133

by Greg KH

I'm announcing the release of the 4.9.133 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/kernel-parameters.txt | 6 --- Makefile | 2 - arch/arc/kernel/process.c | 20 ++++++++++++ arch/powerpc/kernel/fadump.c | 23 +++++++++----- arch/x86/crypto/crc32c-intel_glue.c | 17 ++-------- arch/x86/entry/vdso/vclock_gettime.c | 26 ++++++++-------- arch/x86/include/asm/cpufeatures.h | 1 arch/x86/include/asm/fixmap.h | 10 ++++++ arch/x86/include/asm/fpu/internal.h | 37 ---------------------- arch/x86/include/asm/fpu/types.h | 34 -------------------- arch/x86/include/asm/pgtable_64.h | 3 + arch/x86/include/asm/trace/fpu.h | 5 --- arch/x86/kernel/fpu/core.c | 39 ++---------------------- arch/x86/kernel/fpu/signal.c | 8 +--- arch/x86/kernel/fpu/xstate.c | 9 ----- arch/x86/kernel/head_64.S | 16 +++++++-- arch/x86/kvm/cpuid.c | 4 -- arch/x86/kvm/x86.c | 10 ------ arch/x86/mm/pgtable.c | 9 +++++ arch/x86/mm/pkeys.c | 3 - arch/x86/xen/mmu.c | 8 +++- drivers/base/power/main.c | 5 ++- drivers/infiniband/core/ucma.c | 2 + drivers/md/dm-cache-metadata.c | 4 +- drivers/md/dm-cache-target.c | 9 ++++- drivers/net/wireless/ath/ath10k/debug.c | 12 ++++++- drivers/net/wireless/ath/ath10k/trace.h | 12 ++----- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 ++-- drivers/net/wireless/ath/ath10k/wmi.c | 2 - drivers/net/xen-netback/hash.c | 12 ++++--- drivers/of/unittest.c | 28 +++++++++++------ drivers/pci/pci.c | 27 +++++++++++----- drivers/tty/tty_io.c | 11 ++++-- drivers/usb/host/xhci-mtk.c | 4 +- drivers/usb/host/xhci-pci.c | 2 + drivers/usb/serial/usb-serial-simple.c | 3 + drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 ++- fs/ext4/xattr.c | 28 ++++++++++------- fs/f2fs/checkpoint.c | 9 +++-- fs/ubifs/super.c | 3 + include/linux/netfilter_bridge/ebtables.h | 5 +++ kernel/cgroup.c | 6 +++ mm/vmstat.c | 3 + net/bridge/netfilter/ebt_arpreply.c | 3 + net/mac80211/cfg.c | 2 - tools/arch/x86/include/asm/cpufeatures.h | 1 46 files changed, 243 insertions(+), 253 deletions(-) Andy Lutomirski (4): x86/vdso: Fix asm constraints on vDSO syscall fallbacks x86/vdso: Fix vDSO syscall fallback asm constraint regression x86/fpu: Remove use_eager_fpu() x86/fpu: Finish excising 'eagerfpu' Carl Huang (1): ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait Chao Yu (1): f2fs: fix invalid memory access Chunfeng Yun (1): usb: xhci-mtk: resume USB3 roothub first Cong Wang (1): ucma: fix a use-after-free in ucma_resolve_ip() Daniel Drake (1): PCI: Reprogram bridge prefetch registers on resume Dmitry Safonov (1): tty: Drop tty->count on tty_reopen() failure Felix Fietkau (1): mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Feng Tang (1): x86/mm: Expand static page table for fixmap space Gao Feng (1): ebtables: arpreply: Add the standard target sanity check Greg Kroah-Hartman (2): Revert "perf: sync up x86/.../cpufeatures.h" Linux 4.9.133 Guenter Roeck (1): of: unittest: Disable interrupt node tests for old world MAC systems Jan Beulich (1): xen-netback: fix input validation in xenvif_set_hash_mapping() Jann Horn (1): mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly Joe Thornber (1): dm cache metadata: ignore hints array being too small during resize Johan Hovold (1): USB: serial: simple: add Motorola Tetra MTP6550 id Mathias Nyman (1): xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Michal Suchanek (1): powerpc/fadump: Return error when fadump registration fails Mike Snitzer (1): dm cache: fix resize crash if user doesn't reload cache table Prateek Sood (1): cgroup: Fix deadlock in cpu hotplug path Rafael J. Wysocki (1): PM / core: Clear the direct_complete flag on errors Richard Weinberger (1): ubifs: Check for name being NULL while mounting Rik van Riel (1): x86/fpu: Remove struct fpu::counter Theodore Ts'o (2): ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks Tomi Valkeinen (1): fbdev/omapfb: fix omapfb_memory_read infoleak Vineet Gupta (1): ARC: clone syscall to setp r25 as thread pointer Yu Wang (1): ath10k: fix kernel panic issue during pci probe Zhi Chen (1): ath10k: fix scan crash due to incorrect length calculation

6 years, 8 months

1
1
0 0

Linux 4.4.161

by Greg KH

I'm announcing the release of the 4.4.161 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/kernel/process.c | 20 + arch/powerpc/kernel/fadump.c | 23 - arch/x86/entry/vdso/vclock_gettime.c | 26 - drivers/base/power/main.c | 5 drivers/infiniband/core/ucma.c | 2 drivers/md/dm-cache-target.c | 9 drivers/net/wireless/ath/ath10k/trace.h | 12 drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 drivers/net/wireless/ath/ath10k/wmi.c | 2 drivers/of/unittest.c | 28 + drivers/pci/pci.c | 27 + drivers/usb/host/xhci-pci.c | 2 drivers/usb/serial/usb-serial-simple.c | 3 drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 fs/ext4/xattr.c | 6 fs/ubifs/super.c | 3 include/linux/netfilter_bridge/ebtables.h | 5 include/linux/skbuff.h | 8 include/linux/tcp.h | 7 include/net/sock.h | 7 include/net/tcp.h | 2 kernel/cgroup.c | 6 mm/vmstat.c | 3 net/bridge/netfilter/ebt_arpreply.c | 3 net/core/skbuff.c | 19 + net/ipv4/tcp.c | 4 net/ipv4/tcp_input.c | 417 ++++++++++++++---------- net/ipv4/tcp_ipv4.c | 3 net/ipv4/tcp_minisocks.c | 1 net/ipv6/tcp_ipv6.c | 1 net/mac80211/cfg.c | 2 32 files changed, 438 insertions(+), 233 deletions(-) Andy Lutomirski (2): x86/vdso: Fix asm constraints on vDSO syscall fallbacks x86/vdso: Fix vDSO syscall fallback asm constraint regression Carl Huang (1): ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait Cong Wang (1): ucma: fix a use-after-free in ucma_resolve_ip() Daniel Drake (1): PCI: Reprogram bridge prefetch registers on resume Eric Dumazet (5): tcp: increment sk_drops for dropped rx packets tcp: fix a stale ooo_last_skb after a replace tcp: free batches of packets in tcp_prune_ofo_queue() tcp: call tcp_drop() from tcp_data_queue_ofo() tcp: add tcp_ooo_try_coalesce() helper Felix Fietkau (1): mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Gao Feng (1): ebtables: arpreply: Add the standard target sanity check Greg Kroah-Hartman (1): Linux 4.4.161 Guenter Roeck (1): of: unittest: Disable interrupt node tests for old world MAC systems Jann Horn (1): mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly Johan Hovold (1): USB: serial: simple: add Motorola Tetra MTP6550 id Mathias Nyman (1): xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Michal Suchanek (1): powerpc/fadump: Return error when fadump registration fails Mike Snitzer (1): dm cache: fix resize crash if user doesn't reload cache table Prateek Sood (1): cgroup: Fix deadlock in cpu hotplug path Rafael J. Wysocki (1): PM / core: Clear the direct_complete flag on errors Richard Weinberger (1): ubifs: Check for name being NULL while mounting Theodore Ts'o (1): ext4: always verify the magic number in xattr blocks Tomi Valkeinen (1): fbdev/omapfb: fix omapfb_memory_read infoleak Vineet Gupta (1): ARC: clone syscall to setp r25 as thread pointer Yaogong Wang (1): tcp: use an RB tree for ooo receive queue Zhi Chen (1): ath10k: fix scan crash due to incorrect length calculation

6 years, 8 months

1
1
0 0

[PATCH 3.18 000/120] 3.18.124-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.124 release. There are 120 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Oct 13 15:25:29 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.124-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.124-rc1 Gao Feng <gfree.wind(a)vip.163.com> ebtables: arpreply: Add the standard target sanity check Richard Weinberger <richard(a)nod.at> ubifs: Check for name being NULL while mounting Prateek Sood <prsood(a)codeaurora.org> cgroup: Fix deadlock in cpu hotplug path Theodore Ts'o <tytso(a)mit.edu> ext4: avoid running out of journal credits when appending to an inline file Theodore Ts'o <tytso(a)mit.edu> jbd2: don't mark block as modified if the handle is out of credits Theodore Ts'o <tytso(a)mit.edu> ext4: add more inode number paranoia checks Theodore Ts'o <tytso(a)mit.edu> ext4: never move the system.data xattr out of the inode body Theodore Ts'o <tytso(a)mit.edu> ext4: always verify the magic number in xattr blocks Theodore Ts'o <tytso(a)mit.edu> ext4: add corruption check in ext4_xattr_set_entry() Theodore Ts'o <tytso(a)mit.edu> ext4: fix false negatives *and* false positives in ext4_check_descriptors() Theodore Ts'o <tytso(a)mit.edu> ext4: always check block group bounds in ext4_init_block_bitmap() Theodore Ts'o <tytso(a)mit.edu> ext4: fix check to prevent initializing reserved inodes Theodore Ts'o <tytso(a)mit.edu> ext4: only look at the bg_flags field if it is valid Johan Hovold <johan(a)kernel.org> USB: serial: simple: add Motorola Tetra MTP6550 id Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM / core: Clear the direct_complete flag on errors Felix Fietkau <nbd(a)nbd.name> mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Daniel Drake <drake(a)endlessm.com> PCI: Reprogram bridge prefetch registers on resume Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix vDSO syscall fallback asm constraint regression Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix asm constraints on vDSO syscall fallbacks Tomi Valkeinen <tomi.valkeinen(a)ti.com> fbdev/omapfb: fix omapfb_memory_read infoleak Jann Horn <jannh(a)google.com> proc: restrict kernel stack dumps to root Linus Torvalds <torvalds(a)linux-foundation.org> Make file credentials available to the seqfile interfaces Mike Snitzer <snitzer(a)redhat.com> dm thin metadata: fix __udivdi3 undefined on 32-bit Ashish Samant <ashish.samant(a)oracle.com> ocfs2: fix locking for res->tracking and dlm->tracking_list Leonard Crestez <leonard.crestez(a)nxp.com> crypto: mxs-dcp - Fix wait logic on chan threads Aurelien Aptel <aaptel(a)suse.com> smb2: fix missing files in root share directory listing Josh Abraham <j.abraham1776(a)gmail.com> xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage Vitaly Kuznetsov <vkuznets(a)redhat.com> xen/manage: don't complain about an empty value in control/sysrq node Dan Carpenter <dan.carpenter(a)oracle.com> cifs: read overflow in is_valid_oplock_break() Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't dump past end of unknown HW header Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED Randy Dunlap <rdunlap(a)infradead.org> hexagon: modify ffs() and fls() to return int Randy Dunlap <rdunlap(a)infradead.org> arch/hexagon: fix kernel/dma.c build warning Joe Thornber <ejt(a)redhat.com> dm thin metadata: try to avoid ever aborting transactions Stephen Rothwell <sfr(a)canb.auug.org.au> fs/cifs: suppress a string overflow warning Ben Hutchings <ben.hutchings(a)codethink.co.uk> USB: yurex: Check for truncation in yurex_read() Jann Horn <jannh(a)google.com> RDMA/ucma: check fd type in ucma_migrate_id() Daniel Black <daniel(a)linux.ibm.com> mm: madvise(MADV_DODUMP): allow hugetlbfs pages Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/page-types.c: fix "defined but not used" warning Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> tools/vm/slabinfo.c: fix sign-compare warning Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: shorten the IBSS debug messages Ilan Peer <ilan.peer(a)intel.com> mac80211: Fix station bandwidth setting after channel switch Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: fix a race between restart and CSA flows Jon Kuhn <jkuhn(a)barracuda.com> fs/cifs: don't translate SFM_SLASH (U+F026) to backslash Jia-Ju Bai <baijiaju1990(a)gmail.com> net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() Xiao Ni <xni(a)redhat.com> RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 Arunk Khandavalli <akhandav(a)codeaurora.org> cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE Michael Hennerich <michael.hennerich(a)analog.com> gpio: adp5588: Fix sleep-in-atomic-context bug Danek Duvall <duvall(a)comfychair.org> mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l: event: Prevent freeing event subscriptions while accessed Marc Zyngier <marc.zyngier(a)arm.com> arm64: KVM: Sanitize PSTATE.M when being set from userspace Dan Carpenter <dan.carpenter(a)oracle.com> hwmon: (adt7475) Make adt7475_read_word() return errors Bo Chen <chenbo(a)pdx.edu> e1000: ensure to free old tx/rx rings in set_ringparam() Bo Chen <chenbo(a)pdx.edu> e1000: check on netif_running() before calling e1000_up() Anson Huang <Anson.Huang(a)nxp.com> thermal: of-thermal: disable passive polling when thermal zone is disabled Theodore Ts'o <tytso(a)mit.edu> ext4: verify the depth of extent tree in ext4_find_extent() Dave Martin <Dave.Martin(a)arm.com> arm64: KVM: Tighten guest core register access from userspace Greg Hackmann <ghackmann(a)android.com> staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free Vincent Pelletier <plr.vincent(a)gmail.com> scsi: target: iscsi: Use bin2hex instead of a re-implementation Alan Stern <stern(a)rowland.harvard.edu> USB: remove LPM management from usb_driver_claim_interface() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: restore warning for nonsensical flags Oliver Neukum <oneukum(a)suse.com> USB: usbdevfs: sanitize flags more ming_qian <ming_qian(a)realsil.com.cn> media: uvcvideo: Support realtek's UVC 1.5 device Alexey Dobriyan <adobriyan(a)gmail.com> slub: make ->cpu_partial unsigned int Alan Stern <stern(a)rowland.harvard.edu> USB: handle NULL config in usb_find_alt_setting() Alan Stern <stern(a)rowland.harvard.edu> USB: fix error handling in usb_driver_claim_interface() Geert Uytterhoeven <geert+renesas(a)glider.be> spi: rspi: Fix interrupted DMA transfers Hiromitsu Yamasaki <hiromitsu.yamasaki.ym(a)renesas.com> spi: sh-msiof: Fix handling of write value for SISTR register Marcel Ziswiler <marcel.ziswiler(a)toradex.com> spi: tegra20-slink: explicitly enable/disable clock Christophe Leroy <christophe.leroy(a)c-s.fr> serial: cpm_uart: return immediately from console poll Andy Whitcroft <apw(a)canonical.com> floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl J. Bruce Fields <bfields(a)redhat.com> nfsd: fix corrupted reply to badly ordered compound Jessica Yu <jeyu(a)kernel.org> module: exclude SHN_UNDEF symbols from kallsyms api Liam Girdwood <liam.r.girdwood(a)linux.intel.com> ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: bnx2i: add error handling for ioremap_nocache Zhouyang Jia <jiazhouyang09(a)gmail.com> HID: hid-ntrig: add error handling for sysfs_create_group Ethan Tuttle <ethan(a)ethantuttle.com> ARM: mvebu: declare asm symbols as character arrays in pmsu.c Tony Lindgren <tony(a)atomide.com> wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Dan Carpenter <dan.carpenter(a)oracle.com> rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Kai-Heng Feng <kai.heng.feng(a)canonical.com> ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Zhouyang Jia <jiazhouyang09(a)gmail.com> media: tm6000: add error handling for dvb_register_adapter Zhouyang Jia <jiazhouyang09(a)gmail.com> drivers/tty: add error handling for pcmcia_loop_config Alistair Strachan <astrachan(a)google.com> staging: android: ashmem: Fix mmap size validation Akinobu Mita <akinobu.mita(a)gmail.com> media: soc_camera: ov772x: correct setting of banding filter Akinobu Mita <akinobu.mita(a)gmail.com> media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Nicholas Mc Guire <hofrat(a)osadl.org> ALSA: snd-aoa: add of_node_put() in error path Vasily Gorbik <gor(a)linux.ibm.com> s390/extmem: fix gcc 8 stringop-overflow warning Thomas Gleixner <tglx(a)linutronix.de> alarmtimer: Prevent overflow for relative nanosleep Julia Lawall <Julia.Lawall(a)lip6.fr> usb: wusbcore: security: cast sizeof to int for comparison Breno Leitao <leitao(a)debian.org> scsi: ibmvscsi: Improve strings handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> x86/tsc: Add missing header to tsc_msr.c Hari Bathini <hbathini(a)linux.ibm.com> powerpc/kdump: Handle crashkernel memory reservation failure Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix modem-status error handling Anton Vasilyev <vasilyev(a)ispras.ru> uwb: hwa-rc: fix memory leak at probe Dan Williams <dan.j.williams(a)intel.com> x86/numa_emulation: Fix emulated-to-physical node mapping Matt Ranostay <matt.ranostay(a)konsulko.com> tsl2550: fix lux1_input error in low light Stafford Horne <shorne(a)gmail.com> crypto: skcipher - Fix -Wstringop-truncation warnings Roderick Colenbrander <roderick.colenbrander(a)sony.com> HID: sony: Support DS4 dongle Roderick Colenbrander <roderick.colenbrander(a)sony.com> HID: sony: Update device ids Catalin Marinas <catalin.marinas(a)arm.com> arm64: Add trace_hardirqs_off annotation in ret_to_user Li Dongyang <dongyangli(a)ddn.com> ext4: don't mark mmp buffer head dirty Theodore Ts'o <tytso(a)mit.edu> ext4: fix online resize's handling of a too-small final block group Theodore Ts'o <tytso(a)mit.edu> ext4: recalucate superblock checksum after updating free blocks/inodes Theodore Ts'o <tytso(a)mit.edu> ext4: avoid divide by zero fault when deleting corrupted inline directories Junxiao Bi <junxiao.bi(a)oracle.com> ocfs2: fix ocfs2 read block panic Vincent Pelletier <plr.vincent(a)gmail.com> scsi: target: iscsi: Use hex2bin instead of a re-implementation Eric Dumazet <edumazet(a)google.com> ipv6: fix possible use-after-free in ip6_xmit() Vasily Khoruzhick <vasilykh(a)arista.com> neighbour: confirm neigh entries when ARP packet is received Colin Ian King <colin.king(a)canonical.com> net: hp100: fix always-true check for link up state Willy Tarreau <w(a)1wt.eu> net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT Toke Høiland-Jørgensen <toke(a)toke.dk> gso_segment: Reset skb->mac_len after modifying network header Joel Fernandes (Google) <joel(a)joelfernandes.org> mm: shmem.c: Correctly annotate new inodes for lockdep Vaibhav Nagarnaik <vnagarnaik(a)google.com> ring-buffer: Allow for rescheduling when removing pages Willy Tarreau <w(a)1wt.eu> ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping Sébastien Szymanski <sebastien.szymanski(a)armadeus.com> ASoC: cs4265: fix MMTLR Data switch control ------------- Diffstat: Makefile | 4 +- arch/arm/mach-mvebu/pmsu.c | 6 +- arch/arm64/include/asm/kvm_emulate.h | 5 ++ arch/arm64/kernel/entry.S | 3 + arch/arm64/kvm/guest.c | 55 +++++++++++++++- arch/hexagon/include/asm/bitops.h | 4 +- arch/hexagon/kernel/dma.c | 2 +- arch/powerpc/kernel/machine_kexec.c | 7 ++- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 +- arch/s390/mm/extmem.c | 4 +- arch/x86/kernel/tsc_msr.c | 1 + arch/x86/mm/numa_emulation.c | 2 +- arch/x86/vdso/vclock_gettime.c | 26 ++++---- crypto/ablkcipher.c | 2 + crypto/blkcipher.c | 1 + drivers/base/power/main.c | 5 +- drivers/block/floppy.c | 3 + drivers/crypto/mxs-dcp.c | 53 +++++++++------- drivers/gpio/gpio-adp5588.c | 24 +++++-- drivers/hid/hid-core.c | 3 + drivers/hid/hid-ids.h | 2 + drivers/hid/hid-ntrig.c | 2 + drivers/hid/hid-sony.c | 6 ++ drivers/hwmon/adt7475.c | 14 +++-- drivers/infiniband/core/ucma.c | 6 ++ drivers/md/dm-thin-metadata.c | 34 +++++++++- drivers/md/dm-thin.c | 73 +++++++++++++++++++--- drivers/md/raid10.c | 5 +- drivers/media/i2c/soc_camera/ov772x.c | 2 +- drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 +++- drivers/media/platform/s3c-camif/camif-capture.c | 2 + drivers/media/usb/tm6000/tm6000-dvb.c | 5 ++ drivers/media/usb/uvc/uvc_video.c | 24 +++++-- drivers/media/v4l2-core/v4l2-event.c | 37 +++++------ drivers/media/v4l2-core/v4l2-fh.c | 2 + drivers/misc/tsl2550.c | 2 +- drivers/net/appletalk/ipddp.c | 8 ++- drivers/net/ethernet/cadence/macb.c | 2 +- drivers/net/ethernet/hp/hp100.c | 2 +- drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 7 ++- drivers/net/ethernet/realtek/r8169.c | 9 ++- drivers/net/wireless/rndis_wlan.c | 2 + drivers/net/wireless/ti/wlcore/cmd.c | 6 ++ drivers/pci/pci.c | 27 +++++--- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/bnx2i/bnx2i_hwi.c | 2 + drivers/scsi/ibmvscsi/ibmvscsi.c | 4 +- drivers/spi/spi-rspi.c | 10 +-- drivers/spi/spi-sh-msiof.c | 3 +- drivers/spi/spi-tegra20-slink.c | 31 ++++++--- drivers/staging/android/ashmem.c | 6 ++ drivers/staging/android/ion/ion.c | 60 +++++++++++------- drivers/target/iscsi/iscsi_target_auth.c | 45 +++++-------- drivers/target/iscsi/iscsi_target_tpg.c | 3 +- drivers/thermal/of-thermal.c | 7 ++- drivers/tty/serial/8250/serial_cs.c | 6 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 ++- drivers/usb/class/cdc-wdm.c | 2 +- drivers/usb/core/devio.c | 24 ++++++- drivers/usb/core/driver.c | 28 ++++----- drivers/usb/core/usb.c | 2 + drivers/usb/misc/yurex.c | 3 + drivers/usb/serial/kobil_sct.c | 12 +++- drivers/usb/serial/usb-serial-simple.c | 3 +- drivers/usb/wusbcore/security.c | 2 +- drivers/uwb/hwa-rc.c | 1 + drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 +- drivers/xen/events/events_base.c | 2 +- drivers/xen/manage.c | 6 +- fs/cifs/cifs_unicode.c | 3 - fs/cifs/cifssmb.c | 11 +++- fs/cifs/misc.c | 8 +++ fs/cifs/smb2ops.c | 2 +- fs/ext4/balloc.c | 21 ++++--- fs/ext4/dir.c | 20 +++--- fs/ext4/ext4.h | 8 --- fs/ext4/ext4_extents.h | 1 + fs/ext4/extents.c | 6 ++ fs/ext4/ialloc.c | 19 +++++- fs/ext4/inline.c | 42 ++----------- fs/ext4/inode.c | 3 +- fs/ext4/mballoc.c | 6 +- fs/ext4/mmp.c | 1 - fs/ext4/resize.c | 20 ++++++ fs/ext4/super.c | 14 ++++- fs/ext4/xattr.c | 49 +++++++-------- fs/jbd2/transaction.c | 2 +- fs/nfsd/nfs4proc.c | 1 + fs/ocfs2/buffer_head_io.c | 1 + fs/ocfs2/dlm/dlmmaster.c | 4 +- fs/proc/base.c | 14 +++++ fs/seq_file.c | 7 ++- fs/ubifs/super.c | 3 + include/linux/netfilter_bridge/ebtables.h | 5 ++ include/linux/seq_file.h | 13 ++-- include/linux/slub_def.h | 3 +- include/media/v4l2-fh.h | 1 + kernel/cgroup.c | 6 +- kernel/module.c | 6 +- kernel/time/alarmtimer.c | 3 +- kernel/trace/ring_buffer.c | 2 + mm/madvise.c | 2 +- mm/shmem.c | 2 + mm/slub.c | 6 +- net/bridge/netfilter/ebt_arpreply.c | 3 + net/core/neighbour.c | 13 ++-- net/ipv4/af_inet.c | 1 + net/ipv6/ip6_offload.c | 1 + net/ipv6/ip6_output.c | 3 +- net/mac80211/cfg.c | 2 +- net/mac80211/ibss.c | 22 +++---- net/mac80211/main.c | 26 ++++++-- net/mac80211/mlme.c | 53 ++++++++++++++++ net/wireless/nl80211.c | 1 + sound/aoa/core/gpio-feature.c | 4 +- sound/firewire/bebob/bebob_maudio.c | 24 ++++--- sound/pci/emu10k1/emufx.c | 2 +- sound/pci/hda/hda_intel.c | 3 +- sound/soc/codecs/cs4265.c | 4 +- sound/soc/soc-dapm.c | 7 +++ tools/vm/page-types.c | 6 -- tools/vm/slabinfo.c | 4 +- 123 files changed, 882 insertions(+), 395 deletions(-)

6 years, 8 months

4
133
0 0

[patch 3/4] mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2

by akpm＠linux-foundation.org

From: Jérôme Glisse <jglisse(a)redhat.com> Subject: mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 Inside set_pmd_migration_entry() we are holding page table locks and thus we can not sleep so we can not call invalidate_range_start/end() So remove call to mmu_notifier_invalidate_range_start/end() because they are call inside the function calling set_pmd_migration_entry() (see try_to_unmap_one()). Link: http://lkml.kernel.org/r/20181012181056.7864-1-jglisse@redhat.com Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Acked-by: Michal Hocko <mhocko(a)kernel.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Anshuman Khandual <khandual(a)linux.vnet.ibm.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: David Nellans <dnellans(a)nvidia.com> Cc: Ingo Molnar <mingo(a)elte.hu> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- --- a/mm/huge_memory.c~mm-thp-fix-call-to-mmu_notifier-in-set_pmd_migration_entry-v2 +++ a/mm/huge_memory.c @@ -2885,9 +2885,6 @@ void set_pmd_migration_entry(struct page if (!(pvmw->pmd && !pvmw->pte)) return; - mmu_notifier_invalidate_range_start(mm, address, - address + HPAGE_PMD_SIZE); - flush_cache_range(vma, address, address + HPAGE_PMD_SIZE); pmdval = *pvmw->pmd; pmdp_invalidate(vma, address, pvmw->pmd); @@ -2900,9 +2897,6 @@ void set_pmd_migration_entry(struct page set_pmd_at(mm, address, pvmw->pmd, pmdswp); page_remove_rmap(page, true); put_page(page); - - mmu_notifier_invalidate_range_end(mm, address, - address + HPAGE_PMD_SIZE); } void remove_migration_pmd(struct page_vma_mapped_walk *pvmw, struct page *new) _

6 years, 8 months

1
0
0 0

[patch 2/4] mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE

by akpm＠linux-foundation.org

From: Jann Horn <jannh(a)google.com> Subject: mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE Daniel Micay reports that attempting to use MAP_FIXED_NOREPLACE in an application causes that application to randomly crash. The existing check for handling MAP_FIXED_NOREPLACE looks up the first VMA that either overlaps or follows the requested region, and then bails out if that VMA overlaps *the start* of the requested region. It does not bail out if the VMA only overlaps another part of the requested region. Fix it by checking that the found VMA only starts at or after the end of the requested region, in which case there is no overlap. Test case: user@debian:~$ cat mmap_fixed_simple.c #include <sys/mman.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #ifndef MAP_FIXED_NOREPLACE #define MAP_FIXED_NOREPLACE 0x100000 #endif int main(void) { char *p; errno = 0; p = mmap((void*)0x10001000, 0x4000, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED_NOREPLACE, -1, 0); printf("p1=%p err=%m\n", p); errno = 0; p = mmap((void*)0x10000000, 0x2000, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED_NOREPLACE, -1, 0); printf("p2=%p err=%m\n", p); char cmd[100]; sprintf(cmd, "cat /proc/%d/maps", getpid()); system(cmd); return 0; } user@debian:~$ gcc -o mmap_fixed_simple mmap_fixed_simple.c user@debian:~$ ./mmap_fixed_simple p1=0x10001000 err=Success p2=0x10000000 err=Success 10000000-10002000 r--p 00000000 00:00 0 10002000-10005000 ---p 00000000 00:00 0 564a9a06f000-564a9a070000 r-xp 00000000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a26f000-564a9a270000 r--p 00000000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a270000-564a9a271000 rw-p 00001000 fe:01 264004 /home/user/mmap_fixed_simple 564a9a54a000-564a9a56b000 rw-p 00000000 00:00 0 [heap] 7f8eba447000-7f8eba5dc000 r-xp 00000000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba5dc000-7f8eba7dc000 ---p 00195000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7dc000-7f8eba7e0000 r--p 00195000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7e0000-7f8eba7e2000 rw-p 00199000 fe:01 405885 /lib/x86_64-linux-gnu/libc-2.24.so 7f8eba7e2000-7f8eba7e6000 rw-p 00000000 00:00 0 7f8eba7e6000-7f8eba809000 r-xp 00000000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8eba9e9000-7f8eba9eb000 rw-p 00000000 00:00 0 7f8ebaa06000-7f8ebaa09000 rw-p 00000000 00:00 0 7f8ebaa09000-7f8ebaa0a000 r--p 00023000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8ebaa0a000-7f8ebaa0b000 rw-p 00024000 fe:01 405876 /lib/x86_64-linux-gnu/ld-2.24.so 7f8ebaa0b000-7f8ebaa0c000 rw-p 00000000 00:00 0 7ffcc99fa000-7ffcc9a1b000 rw-p 00000000 00:00 0 [stack] 7ffcc9b44000-7ffcc9b47000 r--p 00000000 00:00 0 [vvar] 7ffcc9b47000-7ffcc9b49000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] user@debian:~$ uname -a Linux debian 4.19.0-rc6+ #181 SMP Wed Oct 3 23:43:42 CEST 2018 x86_64 GNU/Linux user@debian:~$ As you can see, the first page of the mapping at 0x10001000 was clobbered. Link: http://lkml.kernel.org/r/20181010152736.99475-1-jannh@google.com Fixes: a4ff8e8620d3 ("mm: introduce MAP_FIXED_NOREPLACE") Signed-off-by: Jann Horn <jannh(a)google.com> Reported-by: Daniel Micay <danielmicay(a)gmail.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: John Hubbard <jhubbard(a)nvidia.com> Acked-by: Kees Cook <keescook(a)chromium.org> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- --- a/mm/mmap.c~mm-dont-clobber-partially-overlapping-vma-with-map_fixed_noreplace +++ a/mm/mmap.c @@ -1410,7 +1410,7 @@ unsigned long do_mmap(struct file *file, if (flags & MAP_FIXED_NOREPLACE) { struct vm_area_struct *vma = find_vma(mm, addr); - if (vma && vma->vm_start <= addr) + if (vma && vma->vm_start < addr + len) return -EEXIST; } _

6 years, 8 months

1
0
0 0

+ mm-thp-fix-call-to-mmu_notifier-in-set_pmd_migration_entry-v2.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 has been added to the -mm tree. Its filename is mm-thp-fix-call-to-mmu_notifier-in-set_pmd_migration_entry-v2.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-thp-fix-call-to-mmu_notifier-in… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-thp-fix-call-to-mmu_notifier-in… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Jérôme Glisse <jglisse(a)redhat.com> Subject: mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 Inside set_pmd_migration_entry() we are holding page table locks and thus we can not sleep so we can not call invalidate_range_start/end() So remove call to mmu_notifier_invalidate_range_start/end() because they are call inside the function calling set_pmd_migration_entry() (see try_to_unmap_one()). Link: http://lkml.kernel.org/r/20181012181056.7864-1-jglisse@redhat.com Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Acked-by: Michal Hocko <mhocko(a)kernel.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Anshuman Khandual <khandual(a)linux.vnet.ibm.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: David Nellans <dnellans(a)nvidia.com> Cc: Ingo Molnar <mingo(a)elte.hu> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- --- a/mm/huge_memory.c~mm-thp-fix-call-to-mmu_notifier-in-set_pmd_migration_entry-v2 +++ a/mm/huge_memory.c @@ -2885,9 +2885,6 @@ void set_pmd_migration_entry(struct page if (!(pvmw->pmd && !pvmw->pte)) return; - mmu_notifier_invalidate_range_start(mm, address, - address + HPAGE_PMD_SIZE); - flush_cache_range(vma, address, address + HPAGE_PMD_SIZE); pmdval = *pvmw->pmd; pmdp_invalidate(vma, address, pvmw->pmd); @@ -2900,9 +2897,6 @@ void set_pmd_migration_entry(struct page set_pmd_at(mm, address, pvmw->pmd, pmdswp); page_remove_rmap(page, true); put_page(page); - - mmu_notifier_invalidate_range_end(mm, address, - address + HPAGE_PMD_SIZE); } void remove_migration_pmd(struct page_vma_mapped_walk *pvmw, struct page *new) _ Patches currently in -mm which might be from jglisse(a)redhat.com are mm-thp-fix-call-to-mmu_notifier-in-set_pmd_migration_entry-v2.patch

6 years, 8 months

1
0
0 0

[PATCH v7 0/7] mm: Merge hmm into devm_memremap_pages, mark GPL-only

by Dan Williams

[ apologies for the resend, script error ] Changes since v6 [1]: * Rebase on next-20181008 and fixup conflicts with the xarray conversion and hotplug optimizations * It has soaked on a 0day visible branch for a few days without any reports. [1]: https://lkml.org/lkml/2018/9/13/104 --- Hi Andrew, Jérôme has reviewed the cleanups, thanks Jérôme. We still disagree on the EXPORT_SYMBOL_GPL status of the core HMM implementation, but Logan, Christoph and I continue to support marking all devm_memremap_pages() derivatives EXPORT_SYMBOL_GPL. HMM has been upstream for over a year, with no in-tree users it is clear it was designed first and foremost for out of tree drivers. It takes advantage of a facility Christoph and I spearheaded to support persistent memory. It continues to see expanding use cases with no clear end date when it will stop attracting features / revisions. It is not suitable to export devm_memremap_pages() as a stable 3rd party driver api. devm_memremap_pages() is a facility that can create struct page entries for any arbitrary range and give out-of-tree drivers the ability to subvert core aspects of page management. It, and anything derived from it (e.g. hmm, pcip2p, etc...), is a deep integration point into the core kernel, and an EXPORT_SYMBOL_GPL() interface. Commit 31c5bda3a656 "mm: fix exports that inadvertently make put_page() EXPORT_SYMBOL_GPL" was merged ahead of this series to relieve some of the pressure from innocent consumers of put_page(), but now we need this series to address *producers* of device pages. More details and justification in the changelogs. The 0day infrastructure has reported success across 152 configs and this survives the libnvdimm unit test suite. Aside from the controversial bits the diffstat is compelling at: 7 files changed, 126 insertions(+), 323 deletions(-) Note that the series has some minor collisions with Alex's recent series to improve devm_memremap_pages() scalability [2]. So, whichever you take first the other will need a minor rebase. [2]: https://www.lkml.org/lkml/2018/9/11/10 Dan Williams (7): mm, devm_memremap_pages: Mark devm_memremap_pages() EXPORT_SYMBOL_GPL mm, devm_memremap_pages: Kill mapping "System RAM" support mm, devm_memremap_pages: Fix shutdown handling mm, devm_memremap_pages: Add MEMORY_DEVICE_PRIVATE support mm, hmm: Use devm semantics for hmm_devmem_{add,remove} mm, hmm: Replace hmm_devmem_pages_create() with devm_memremap_pages() mm, hmm: Mark hmm_devmem_{add,add_resource} EXPORT_SYMBOL_GPL drivers/dax/pmem.c | 14 -- drivers/nvdimm/pmem.c | 13 +- include/linux/hmm.h | 4 include/linux/memremap.h | 2 kernel/memremap.c | 94 +++++++---- mm/hmm.c | 305 +++++-------------------------------- tools/testing/nvdimm/test/iomap.c | 17 ++ 7 files changed, 126 insertions(+), 323 deletions(-)

6 years, 8 months

2
2
0 0

[PATCH] mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2

by jglisse＠redhat.com

From: Jérôme Glisse <jglisse(a)redhat.com> Inside set_pmd_migration_entry() we are holding page table locks and thus we can not sleep so we can not call invalidate_range_start/end() So remove call to mmu_notifier_invalidate_range_start/end() because they are call inside the function calling set_pmd_migration_entry() (see try_to_unmap_one()). Changed since v1: - removed call to invalidate_range() and updated commit message Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Acked-by: Michal Hocko <mhocko(a)kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Anshuman Khandual <khandual(a)linux.vnet.ibm.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: David Nellans <dnellans(a)nvidia.com> Cc: Ingo Molnar <mingo(a)elte.hu> Cc: Mel Gorman <mgorman(a)techsingularity.net> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: stable(a)vger.kernel.org --- mm/huge_memory.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 533f9b00147d..a5b28547e321 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -2885,9 +2885,6 @@ void set_pmd_migration_entry(struct page_vma_mapped_walk *pvmw, if (!(pvmw->pmd && !pvmw->pte)) return; - mmu_notifier_invalidate_range_start(mm, address, - address + HPAGE_PMD_SIZE); - flush_cache_range(vma, address, address + HPAGE_PMD_SIZE); pmdval = *pvmw->pmd; pmdp_invalidate(vma, address, pvmw->pmd); @@ -2900,9 +2897,6 @@ void set_pmd_migration_entry(struct page_vma_mapped_walk *pvmw, set_pmd_at(mm, address, pvmw->pmd, pmdswp); page_remove_rmap(page, true); put_page(page); - - mmu_notifier_invalidate_range_end(mm, address, - address + HPAGE_PMD_SIZE); } void remove_migration_pmd(struct page_vma_mapped_walk *pvmw, struct page *new) -- 2.17.2

6 years, 8 months

1
0
0 0

[PATCH v7 0/7] mm: Merge hmm into devm_memremap_pages, mark GPL-only

by Dan Williams

Changes since v6 [1]: * Rebase on next-20181008 and fixup conflicts with the xarray conversion and hotplug optimizations * It has soaked on a 0day visible branch for a few days without any reports. [1]: https://lkml.org/lkml/2018/9/13/104 --- Hi Andrew, Jérôme has reviewed the cleanups, thanks Jérôme. We still disagree on the EXPORT_SYMBOL_GPL status of the core HMM implementation, but Logan, Christoph and I continue to support marking all devm_memremap_pages() derivatives EXPORT_SYMBOL_GPL. HMM has been upstream for over a year, with no in-tree users it is clear it was designed first and foremost for out of tree drivers. It takes advantage of a facility Christoph and I spearheaded to support persistent memory. It continues to see expanding use cases with no clear end date when it will stop attracting features / revisions. It is not suitable to export devm_memremap_pages() as a stable 3rd party driver api. devm_memremap_pages() is a facility that can create struct page entries for any arbitrary range and give out-of-tree drivers the ability to subvert core aspects of page management. It, and anything derived from it (e.g. hmm, pcip2p, etc...), is a deep integration point into the core kernel, and an EXPORT_SYMBOL_GPL() interface. Commit 31c5bda3a656 "mm: fix exports that inadvertently make put_page() EXPORT_SYMBOL_GPL" was merged ahead of this series to relieve some of the pressure from innocent consumers of put_page(), but now we need this series to address *producers* of device pages. More details and justification in the changelogs. The 0day infrastructure has reported success across 152 configs and this survives the libnvdimm unit test suite. Aside from the controversial bits the diffstat is compelling at: 7 files changed, 126 insertions(+), 323 deletions(-) Note that the series has some minor collisions with Alex's recent series to improve devm_memremap_pages() scalability [2]. So, whichever you take first the other will need a minor rebase. [2]: https://www.lkml.org/lkml/2018/9/11/10 Dan Williams (7): mm, devm_memremap_pages: Mark devm_memremap_pages() EXPORT_SYMBOL_GPL mm, devm_memremap_pages: Kill mapping "System RAM" support mm, devm_memremap_pages: Fix shutdown handling mm, devm_memremap_pages: Add MEMORY_DEVICE_PRIVATE support mm, hmm: Use devm semantics for hmm_devmem_{add,remove} mm, hmm: Replace hmm_devmem_pages_create() with devm_memremap_pages() mm, hmm: Mark hmm_devmem_{add,add_resource} EXPORT_SYMBOL_GPL drivers/dax/pmem.c | 14 -- drivers/nvdimm/pmem.c | 13 +- include/linux/hmm.h | 4 include/linux/memremap.h | 2 kernel/memremap.c | 94 +++++++---- mm/hmm.c | 305 +++++-------------------------------- tools/testing/nvdimm/test/iomap.c | 17 ++ 7 files changed, 126 insertions(+), 323 deletions(-)

6 years, 8 months

1
0
0 0

[PATCH 4.4 00/27] 4.4.161-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.161 release. There are 27 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Oct 13 15:25:23 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.161-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.161-rc1 Gao Feng <gfree.wind(a)vip.163.com> ebtables: arpreply: Add the standard target sanity check Zhi Chen <zhichen(a)codeaurora.org> ath10k: fix scan crash due to incorrect length calculation Eric Dumazet <edumazet(a)google.com> tcp: add tcp_ooo_try_coalesce() helper Eric Dumazet <edumazet(a)google.com> tcp: call tcp_drop() from tcp_data_queue_ofo() Eric Dumazet <edumazet(a)google.com> tcp: free batches of packets in tcp_prune_ofo_queue() Eric Dumazet <edumazet(a)google.com> tcp: fix a stale ooo_last_skb after a replace Yaogong Wang <wygivan(a)google.com> tcp: use an RB tree for ooo receive queue Eric Dumazet <edumazet(a)google.com> tcp: increment sk_drops for dropped rx packets Richard Weinberger <richard(a)nod.at> ubifs: Check for name being NULL while mounting Cong Wang <xiyou.wangcong(a)gmail.com> ucma: fix a use-after-free in ucma_resolve_ip() Vineet Gupta <vgupta(a)synopsys.com> ARC: clone syscall to setp r25 as thread pointer Michal Suchanek <msuchanek(a)suse.de> powerpc/fadump: Return error when fadump registration fails Carl Huang <cjhuang(a)codeaurora.org> ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait Prateek Sood <prsood(a)codeaurora.org> cgroup: Fix deadlock in cpu hotplug path Theodore Ts'o <tytso(a)mit.edu> ext4: always verify the magic number in xattr blocks Theodore Ts'o <tytso(a)mit.edu> ext4: add corruption check in ext4_xattr_set_entry() Guenter Roeck <linux(a)roeck-us.net> of: unittest: Disable interrupt node tests for old world MAC systems Johan Hovold <johan(a)kernel.org> USB: serial: simple: add Motorola Tetra MTP6550 id Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Mike Snitzer <snitzer(a)redhat.com> dm cache: fix resize crash if user doesn't reload cache table Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM / core: Clear the direct_complete flag on errors Felix Fietkau <nbd(a)nbd.name> mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Daniel Drake <drake(a)endlessm.com> PCI: Reprogram bridge prefetch registers on resume Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix vDSO syscall fallback asm constraint regression Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix asm constraints on vDSO syscall fallbacks Tomi Valkeinen <tomi.valkeinen(a)ti.com> fbdev/omapfb: fix omapfb_memory_read infoleak Jann Horn <jannh(a)google.com> mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly ------------- Diffstat: Makefile | 4 +- arch/arc/kernel/process.c | 20 ++ arch/powerpc/kernel/fadump.c | 23 +- arch/x86/entry/vdso/vclock_gettime.c | 26 +- drivers/base/power/main.c | 5 +- drivers/infiniband/core/ucma.c | 2 + drivers/md/dm-cache-target.c | 9 +- drivers/net/wireless/ath/ath10k/trace.h | 12 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 +- drivers/net/wireless/ath/ath10k/wmi.c | 2 +- drivers/of/unittest.c | 28 +- drivers/pci/pci.c | 27 +- drivers/usb/host/xhci-pci.c | 2 + drivers/usb/serial/usb-serial-simple.c | 3 +- drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 +- fs/ext4/xattr.c | 28 +- fs/ubifs/super.c | 3 + include/linux/netfilter_bridge/ebtables.h | 5 + include/linux/skbuff.h | 8 + include/linux/tcp.h | 7 +- include/net/sock.h | 7 + include/net/tcp.h | 2 +- kernel/cgroup.c | 6 +- mm/vmstat.c | 3 + net/bridge/netfilter/ebt_arpreply.c | 3 + net/core/skbuff.c | 19 ++ net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 417 +++++++++++++++--------- net/ipv4/tcp_ipv4.c | 3 +- net/ipv4/tcp_minisocks.c | 1 - net/ipv6/tcp_ipv6.c | 1 + net/mac80211/cfg.c | 2 +- 32 files changed, 453 insertions(+), 242 deletions(-)

6 years, 8 months

6
32
0 0

Re: [PATCH] mm/thp: fix call to mmu_notifier in set_pmd_migration_entry()

by Jerome Glisse

On Fri, Oct 12, 2018 at 06:55:48PM +0200, Michal Hocko wrote: > On Fri 12-10-18 12:09:53, jglisse(a)redhat.com wrote: > > From: Jérôme Glisse <jglisse(a)redhat.com> > > > > Inside set_pmd_migration_entry() we are holding page table locks and > > thus we can not sleep so we can not call invalidate_range_start/end() > > > > So remove call to mmu_notifier_invalidate_range_start/end() and add > > call to mmu_notifier_invalidate_range(). Note that we are already > > calling mmu_notifier_invalidate_range_start/end() inside the function > > calling set_pmd_migration_entry() (see try_to_unmap_one()). > > > > Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> > > Reported-by: Andrea Arcangeli <aarcange(a)redhat.com> > > Cc: Andrew Morton <akpm(a)linux-foundation.org> > > Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > > Cc: Zi Yan <zi.yan(a)cs.rutgers.edu> > > Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> > > Cc: "H. Peter Anvin" <hpa(a)zytor.com> > > Cc: Anshuman Khandual <khandual(a)linux.vnet.ibm.com> > > Cc: Dave Hansen <dave.hansen(a)intel.com> > > Cc: David Nellans <dnellans(a)nvidia.com> > > Cc: Ingo Molnar <mingo(a)elte.hu> > > Cc: Mel Gorman <mgorman(a)techsingularity.net> > > Cc: Minchan Kim <minchan(a)kernel.org> > > Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> > > Cc: Thomas Gleixner <tglx(a)linutronix.de> > > Cc: Vlastimil Babka <vbabka(a)suse.cz> > > Cc: Michal Hocko <mhocko(a)kernel.org> > > Cc: Andrea Arcangeli <aarcange(a)redhat.com> > > Is this worth backporting to stable trees? Yes it is i forgot to cc stable :( > > The patch looks good to me > Acked-by: Michal Hocko <mhocko(a)suse.com> > > > --- > > mm/huge_memory.c | 7 +------ > > 1 file changed, 1 insertion(+), 6 deletions(-) > > > > diff --git a/mm/huge_memory.c b/mm/huge_memory.c > > index 533f9b00147d..93cb80fe12cb 100644 > > --- a/mm/huge_memory.c > > +++ b/mm/huge_memory.c > > @@ -2885,9 +2885,6 @@ void set_pmd_migration_entry(struct page_vma_mapped_walk *pvmw, > > if (!(pvmw->pmd && !pvmw->pte)) > > return; > > > > - mmu_notifier_invalidate_range_start(mm, address, > > - address + HPAGE_PMD_SIZE); > > - > > flush_cache_range(vma, address, address + HPAGE_PMD_SIZE); > > pmdval = *pvmw->pmd; > > pmdp_invalidate(vma, address, pvmw->pmd); > > @@ -2898,11 +2895,9 @@ void set_pmd_migration_entry(struct page_vma_mapped_walk *pvmw, > > if (pmd_soft_dirty(pmdval)) > > pmdswp = pmd_swp_mksoft_dirty(pmdswp); > > set_pmd_at(mm, address, pvmw->pmd, pmdswp); > > + mmu_notifier_invalidate_range(mm, address, address + HPAGE_PMD_SIZE); > > page_remove_rmap(page, true); > > put_page(page); > > - > > - mmu_notifier_invalidate_range_end(mm, address, > > - address + HPAGE_PMD_SIZE); > > } > > > > void remove_migration_pmd(struct page_vma_mapped_walk *pvmw, struct page *new) > > -- > > 2.17.2 > > -- > Michal Hocko > SUSE Labs

6 years, 8 months

1
0
0 0

Applied "ASoC: sta32x: set ->component pointer in private struct" to the asoc tree

by Mark Brown

The patch ASoC: sta32x: set ->component pointer in private struct has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 747df19747bc9752cd40b9cce761e17a033aa5c2 Mon Sep 17 00:00:00 2001 From: Daniel Mack <daniel(a)zonque.org> Date: Thu, 11 Oct 2018 20:32:05 +0200 Subject: [PATCH] ASoC: sta32x: set ->component pointer in private struct The ESD watchdog code in sta32x_watchdog() dereferences the pointer which is never assigned. This is a regression from a1be4cead9b950 ("ASoC: sta32x: Convert to direct regmap API usage.") which went unnoticed since nobody seems to use that ESD workaround. Fixes: a1be4cead9b950 ("ASoC: sta32x: Convert to direct regmap API usage.") Signed-off-by: Daniel Mack <daniel(a)zonque.org> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- sound/soc/codecs/sta32x.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sound/soc/codecs/sta32x.c b/sound/soc/codecs/sta32x.c index d5035f2f2b2b..ce508b4cc85c 100644 --- a/sound/soc/codecs/sta32x.c +++ b/sound/soc/codecs/sta32x.c @@ -879,6 +879,9 @@ static int sta32x_probe(struct snd_soc_component *component) struct sta32x_priv *sta32x = snd_soc_component_get_drvdata(component); struct sta32x_platform_data *pdata = sta32x->pdata; int i, ret = 0, thermal = 0; + + sta32x->component = component; + ret = regulator_bulk_enable(ARRAY_SIZE(sta32x->supplies), sta32x->supplies); if (ret != 0) { -- 2.19.0

6 years, 8 months

1
0
0 0

[PATCH 4.18 00/44] 4.18.14-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.14 release. There are 44 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Oct 13 15:24:36 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.14-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.14-rc1 Zhi Chen <zhichen(a)codeaurora.org> ath10k: fix scan crash due to incorrect length calculation Ka-Cheong Poon <ka-cheong.poon(a)oracle.com> rds: rds_ib_recv_alloc_cache() should call alloc_percpu_gfp() instead Richard Weinberger <richard(a)nod.at> ubifs: Check for name being NULL while mounting Cong Wang <xiyou.wangcong(a)gmail.com> ucma: fix a use-after-free in ucma_resolve_ip() Cong Wang <xiyou.wangcong(a)gmail.com> tipc: call start and done ops directly in __tipc_nl_compat_dumpit() Chao Yu <yuchao0(a)huawei.com> f2fs: fix invalid memory access Vineet Gupta <vgupta(a)synopsys.com> ARC: clone syscall to setp r25 as thread pointer Christophe Leroy <christophe.leroy(a)c-s.fr> powerpc/lib: fix book3s/32 boot failure due to code patching Michael Neuling <mikey(a)neuling.org> powerpc: Avoid code patching freed init sections Guenter Roeck <linux(a)roeck-us.net> of: unittest: Disable interrupt node tests for old world MAC systems Dmitry Safonov <dima(a)arista.com> tty: Drop tty->count on tty_reopen() failure Romain Izard <romain.izard.pro(a)gmail.com> usb: cdc_acm: Do not leak URB buffers Johan Hovold <johan(a)kernel.org> USB: serial: option: add two-endpoints device-id flag Kristian Evensen <kristian.evensen(a)gmail.com> USB: serial: option: improve Quectel EP06 detection Johan Hovold <johan(a)kernel.org> USB: serial: simple: add Motorola Tetra MTP6550 id Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: xhci-mtk: resume USB3 roothub first Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Add missing CAS workaround for Intel Sunrise Point xHCI Mike Snitzer <snitzer(a)redhat.com> dm cache: fix resize crash if user doesn't reload cache table Joe Thornber <ejt(a)redhat.com> dm cache metadata: ignore hints array being too small during resize Mike Snitzer <snitzer(a)redhat.com> dm mpath: fix attached_handler_name leak and dangling hw_handler_name pointer Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM / core: Clear the direct_complete flag on errors Felix Fietkau <nbd(a)nbd.name> mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys Daniel Drake <drake(a)endlessm.com> PCI: Reprogram bridge prefetch registers on resume Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix vDSO syscall fallback asm constraint regression Andy Lutomirski <luto(a)kernel.org> x86/vdso: Only enable vDSO retpolines when enabled and supported Andy Lutomirski <luto(a)kernel.org> selftests/x86: Add clock_gettime() tests to test_vdso Andy Lutomirski <luto(a)kernel.org> x86/vdso: Fix asm constraints on vDSO syscall fallbacks Jann Horn <jannh(a)google.com> drm: fix use-after-free read in drm_mode_create_lease_ioctl() Jason Ekstrand <jason(a)jlekstrand.net> drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Fix vce work queue was not cancelled when suspend Felix Fietkau <nbd(a)nbd.name> mac80211: allocate TXQs for active monitor interfaces Marek Szyprowski <m.szyprowski(a)samsung.com> mmc: slot-gpio: Fix debounce time to use miliseconds again Tony Lindgren <tony(a)atomide.com> mmc: core: Fix debounce time to use microseconds Jan Beulich <JBeulich(a)suse.com> xen-netback: fix input validation in xenvif_set_hash_mapping() Tomi Valkeinen <tomi.valkeinen(a)ti.com> fbdev/omapfb: fix omapfb_memory_read infoleak Alexandre Belloni <alexandre.belloni(a)bootlin.com> clocksource/drivers/timer-atmel-pit: Properly handle error cases Kees Cook <keescook(a)chromium.org> pstore/ram: Fix failure-path memory leak in ramoops_init Ilya Dryomov <idryomov(a)gmail.com> blk-mq: I/O and timer unplugs are inverted in blktrace Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: VMX: check for existence of secondary exec controls before accessing Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: fix L1TF's MMIO GFN calculation Jann Horn <jannh(a)google.com> mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm, thp: fix mlocking THP page with migration enabled Mike Kravetz <mike.kravetz(a)oracle.com> mm: migration: fix migration of huge PMD shared pages Reinette Chatre <reinette.chatre(a)intel.com> perf/core: Add sanity check to deal with pinned event failure ------------- Diffstat: Makefile | 4 +- arch/arc/kernel/process.c | 20 +++ arch/powerpc/include/asm/setup.h | 1 + arch/powerpc/lib/code-patching.c | 14 +- arch/powerpc/mm/mem.c | 2 + arch/x86/entry/vdso/Makefile | 16 ++- arch/x86/entry/vdso/vclock_gettime.c | 26 ++-- arch/x86/kvm/mmu.c | 24 +++- arch/x86/kvm/vmx.c | 7 +- block/blk-mq.c | 4 +- drivers/base/power/main.c | 5 +- drivers/clocksource/timer-atmel-pit.c | 20 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 4 +- drivers/gpu/drm/drm_lease.c | 6 +- drivers/gpu/drm/drm_syncobj.c | 5 + drivers/infiniband/core/ucma.c | 2 + drivers/md/dm-cache-metadata.c | 4 +- drivers/md/dm-cache-target.c | 9 +- drivers/md/dm-mpath.c | 14 +- drivers/mmc/core/host.c | 2 +- drivers/mmc/core/slot-gpio.c | 2 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 8 +- drivers/net/xen-netback/hash.c | 12 +- drivers/of/unittest.c | 26 ++-- drivers/pci/pci.c | 27 ++-- drivers/tty/tty_io.c | 11 +- drivers/usb/class/cdc-acm.c | 6 + drivers/usb/host/xhci-mtk.c | 4 +- drivers/usb/host/xhci-pci.c | 2 + drivers/usb/serial/option.c | 15 ++- drivers/usb/serial/usb-serial-simple.c | 3 +- drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c | 5 +- fs/f2fs/checkpoint.c | 9 +- fs/pstore/ram.c | 29 +++- fs/ubifs/super.c | 3 + include/linux/hugetlb.h | 14 ++ include/linux/mm.h | 6 + kernel/events/core.c | 6 + mm/huge_memory.c | 2 +- mm/hugetlb.c | 37 ++++- mm/migrate.c | 3 + mm/rmap.c | 42 +++++- mm/vmstat.c | 3 + net/mac80211/cfg.c | 2 +- net/mac80211/iface.c | 3 +- net/rds/ib.h | 2 +- net/rds/ib_cm.c | 2 +- net/rds/ib_recv.c | 10 +- net/tipc/netlink_compat.c | 2 + net/tipc/socket.c | 17 ++- net/tipc/socket.h | 1 + tools/testing/selftests/x86/test_vdso.c | 172 ++++++++++++++++++++++++ 53 files changed, 563 insertions(+), 115 deletions(-)

6 years, 8 months

4
48
0 0

[PATCH] afs: Fix afs_server struct leak

by David Howells

Fix a leak of afs_server structs. The routine that installs them in the various lookup lists and trees gets a ref on leaving the function, whether it added the server or a server already exists. It shouldn't increment the refcount if it added the server. The effect of this that "rmmod kafs" will hang waiting for the leaked server to become unused. Fixes: d2ddc776a458 ("afs: Overhaul volume and server record caching and fileserver rotation") Signed-off-by: David Howells <dhowells(a)redhat.com> --- fs/afs/server.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/afs/server.c b/fs/afs/server.c index 1d329e6981d5..2f306c0cc4ee 100644 --- a/fs/afs/server.c +++ b/fs/afs/server.c @@ -199,9 +199,11 @@ static struct afs_server *afs_install_server(struct afs_net *net, write_sequnlock(&net->fs_addr_lock); ret = 0; + goto out; exists: afs_get_server(server); +out: write_sequnlock(&net->fs_lock); return server; }

6 years, 8 months

2
1
0 0

[PATCH 4.9 0/4] Fix softirq time accounting issues on 4.9

by Ivan Delalande

Hi Greg, This series fixes issues we've seen with softirq time accounting in 4.9: - when ksoftirqd is running at 100% on a CPU, none of the values reported by /proc/stat for that CPU will change, sometimes for dozens of seconds, - large deviations in the total number of ticks accumulated over a fixed time for a CPU, probably because of the first issue hitting for shorter periods. We found out that something pretty similar had been reported 9 months ago, see the reference link below. In that discussion, Rabin Vincent had made a 4.9 specific patch which fixes our first issue, but we were still seeing some deviation from the total number of ticks (up to 1.7% from expected, where we had only 0.2% on older kernels), and you had also asked for a direct backport from the mainline series, if possible. As mentioned in that thread, a lot of changes (probably 50+) went into 4.11 to remove cputime, but we could get something working with only the 4 attached patches to fix these two issues. Three of these patches apply without change, and the second one in the series ("sched/cputime: Convert kcpustat to nsecs") needed a minor change as a cast had been added in 527b0a76f41d ("sched/cpuacct: Avoid %lld seq_printf warning") to fix a build warning on s390. I guess we could also include that patch in this series, let me know if this is the preferred way to handle this. We ran our tests on 3.18, 4.4 and 4.9 and confirmed that only 4.9 would need this series, and that this series indeed restores the behavior we were seeing on those older kernels. Thanks! Reference: http://lkml.kernel.org/r/%3C1513159876-5125-1-git-send-email-rabin.vincent@… Frederic Weisbecker (4): time: Introduce jiffies64_to_nsecs() sched/cputime: Convert kcpustat to nsecs sched/cputime: Increment kcpustat directly on irqtime account sched/cputime: Fix ksoftirqd cputime accounting regression arch/s390/appldata/appldata_os.c | 16 +++---- drivers/cpufreq/cpufreq.c | 6 +-- drivers/cpufreq/cpufreq_governor.c | 2 +- drivers/cpufreq/cpufreq_stats.c | 1 - drivers/macintosh/rack-meter.c | 2 +- fs/proc/stat.c | 68 +++++++++++++-------------- fs/proc/uptime.c | 7 +-- include/linux/jiffies.h | 2 + kernel/sched/cpuacct.c | 2 +- kernel/sched/cputime.c | 75 +++++++++++++----------------- kernel/sched/sched.h | 12 +++-- kernel/time/time.c | 10 ++++ kernel/time/timeconst.bc | 6 +++ 13 files changed, 109 insertions(+), 100 deletions(-) -- 2.18.0

6 years, 8 months

2
8
0 0

[PATCH] drm/i915: Large page offsets for pread/pwrite

by Chris Wilson

Handle integer overflow when computing the sub-page length for shmem backed pread/pwrite. Reported-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/i915_gem.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c index 7d45e71100bc..93d09282710d 100644 --- a/drivers/gpu/drm/i915/i915_gem.c +++ b/drivers/gpu/drm/i915/i915_gem.c @@ -1127,11 +1127,7 @@ i915_gem_shmem_pread(struct drm_i915_gem_object *obj, offset = offset_in_page(args->offset); for (idx = args->offset >> PAGE_SHIFT; remain; idx++) { struct page *page = i915_gem_object_get_page(obj, idx); - int length; - - length = remain; - if (offset + length > PAGE_SIZE) - length = PAGE_SIZE - offset; + unsigned int length = min_t(u64, remain, PAGE_SIZE - offset); ret = shmem_pread(page, offset, length, user_data, page_to_phys(page) & obj_do_bit17_swizzling, @@ -1575,11 +1571,7 @@ i915_gem_shmem_pwrite(struct drm_i915_gem_object *obj, offset = offset_in_page(args->offset); for (idx = args->offset >> PAGE_SHIFT; remain; idx++) { struct page *page = i915_gem_object_get_page(obj, idx); - int length; - - length = remain; - if (offset + length > PAGE_SIZE) - length = PAGE_SIZE - offset; + unsigned int length = min_t(u64, remain, PAGE_SIZE - offset); ret = shmem_pwrite(page, offset, length, user_data, page_to_phys(page) & obj_do_bit17_swizzling, -- 2.19.1

6 years, 8 months

2
1
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 921b2fed6a79439ef1609ef4af0ada5cccb3555c: Linux 3.18.123 (2018-09-26 08:33:59 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-12102018 for you to fetch changes up to a2d2ae775f75f02d321a460304a08bd54ba5035c: ubifs: Check for name being NULL while mounting (2018-09-30 09:20:38 -0400) - ---------------------------------------------------------------- for-greg-3.18-12102018 - ---------------------------------------------------------------- Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Colin Ian King (1): net: hp100: fix always-true check for link up state Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Lei Yang (1): selftests/efivarfs: add required kernel configs Richard Weinberger (1): ubifs: Check for name being NULL while mounting Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children drivers/block/floppy.c | 3 +++ drivers/mfd/omap-usb-host.c | 11 ++++++----- drivers/net/ethernet/hp/hp100.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 ++--- fs/ubifs/super.c | 3 +++ tools/testing/selftests/efivarfs/config | 1 + 6 files changed, 16 insertions(+), 9 deletions(-) create mode 100644 tools/testing/selftests/efivarfs/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvAsXMACgkQ3qZv95d3 LNxOlQ//ZAaryjy7Ag365v91Oil+S+khKLagLFG76rWWsI5i2ANRM9ZJa4acr56u T4sbqPEZMsIVY5c6xhq6ZwvHVk1nxesihbfGh30KNvsRh+WtIvhmozYPXX7F3X9K PpUBFVomZHl5b3K58R1cF/NFOJwcMo7Mj1oDf0ojYXhtNmwhPaosqnfjOpzBZ3By 3Zqf41srQfbVMuHe5G58gVh3hsKqqrTzvCZRjPk1OyuFeLv0t5dCtXkIjDbskeii sQEyqcykplD05g1sZjkt9YaSvVH9Pn7B9oTIML1Bbyl/gbCitRMAPeoX3sJUUCWA 3nbzNSOCyFHPjmoGIrBth8gFeo68lsbHPRgh2KeWMLBYoQDuPADnCnioFuvEEdg0 m0sr0V3X+RAf2dq5fmLwG24FbTqb227tU73R8uf/bmtD9QbgEdJwZ5pxFAWOqKvX unaQAwIUiACMoajzK/46sfdTMZUeZy8aHxgwPuhoIL7JGxhdAJ4/qjEysykxrVr0 vw/IPvFAklDCMnSQfBuLvbzPwE5uXpBetc3A1rUE4OLAWGxa5ofYBEYSkWcZIp6S vloi8jWVkb7oqTLcM8YoUN3WlMJxSOVKJbcr53H4E/3nF77a6X+7igxf99ah35II NtkqIxrE4PPbj2616Azb6manOJHyTLzRt7bRh/mod7+6U9URNAM= =hSsg -----END PGP SIGNATURE-----

6 years, 8 months

1
0
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 9c6cd3f3a4b8194e82fa927bc00028c7a505e3b3: Linux 4.4.159 (2018-09-29 03:08:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-12102018 for you to fetch changes up to b31f37e2464344b280d92298f7330803c887376b: ubifs: Check for name being NULL while mounting (2018-09-30 09:20:30 -0400) - ---------------------------------------------------------------- for-greg-4.4-12102018 - ---------------------------------------------------------------- Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Andy Whitcroft (1): floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Lei Yang (1): selftests/efivarfs: add required kernel configs Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Richard Weinberger (1): ubifs: Check for name being NULL while mounting Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Yu Zhao (1): sound: enable interrupt after dma buffer initialization Documentation/devicetree/bindings/net/macb.txt | 1 + arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- drivers/block/floppy.c | 3 +++ drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/mfd/omap-usb-host.c | 11 ++++++----- drivers/net/ethernet/cadence/macb.c | 8 ++++++++ drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 ++--- fs/ubifs/super.c | 3 +++ sound/hda/hdac_controller.c | 8 ++++++-- sound/soc/codecs/sigmadsp.c | 3 +-- sound/soc/codecs/wm8804-i2c.c | 15 ++++++++++++++- tools/testing/selftests/efivarfs/config | 1 + 12 files changed, 47 insertions(+), 15 deletions(-) create mode 100644 tools/testing/selftests/efivarfs/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvAsWsACgkQ3qZv95d3 LNxOsg//UcgqG5gMEQkgrEhj5E8zjY4gJLptiwXywYcHSjE22lost/kRMEoZltcq eqew1h9IIpn/MWuuxaz0Yt/bDhtlU1hxSbsW03J/j6MAbdae0SP9Gy7U3bVUQwOS 3JtozDcGc6KzSVqZzzlZXupo+2gpU60MkGUF0NT2p3lInO9MLxeH05bUd3FXo+2p t0RLnSNBgutyb9kMIPu1ZTRMADBIldwlGWYZHkKdUNxycUj7a1A2pCwaVdxUHsp9 zNnyHRBjRQhOe9VQDYra9lMkqDGnt6BNK0UyfugYfeBOCZE11OWNU0WGACX9vMpP +CMvZUO5vglHJOrk1hYhwEaIffODbY4LGSKdTofx57eBzIF62BP2Ia2X5oHUkkjA K7jJZiMWa5T+qDqhrvGXYZNx2CKfwI534pU+M45Jl5oF1oSgYAjFugpAHPX37PQK /BFQN8ckkJ4UlQLqaEUsJLxlKZj0ZSe0HQOaf4cJz/I2konvP6rajD6DBOaoZvxW FPkzAH7iEY6EaMksnoRZOmmI+nRXwaAmTO+J4yOfvICDm84080PXwUhVWCyB4gbn TSiV51Zn2cdvWofi0o7TOSRiNixlZrXJQJdW1CExM1RhHa66Z6kGefjhNYn+hjQg 5yqU0srpClNd6HR4wz+j52VkbZBe11bL0GVA6hcFZN7QVdf/saU= =Oywh -----END PGP SIGNATURE-----

6 years, 8 months

1
0
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit cdd48f386d7e6671e7cc21e517ae258b298ec877: Linux 4.9.131 (2018-10-03 17:01:55 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-12102018 for you to fetch changes up to d514c460687636708db3def7a68150092dc785c0: ubifs: Check for name being NULL while mounting (2018-10-03 22:24:27 -0400) - ---------------------------------------------------------------- for-greg-4.9-12102018 - ---------------------------------------------------------------- Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Dan Carpenter (1): scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Laura Abbott (1): scsi: iscsi: target: Don't use stack buffer for scatterlist Lei Yang (2): selftests/efivarfs: add required kernel configs selftests: memory-hotplug: add required configs Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Richard Weinberger (1): ubifs: Check for name being NULL while mounting Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Vitaly Kuznetsov (1): x86/kvm/lapic: always disable MMIO interface in x2APIC mode Yu Zhao (1): sound: enable interrupt after dma buffer initialization Documentation/devicetree/bindings/net/macb.txt | 1 + arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/lapic.c | 22 +++++++++++++++++++--- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/mfd/omap-usb-host.c | 11 ++++++----- drivers/net/ethernet/cadence/macb.c | 8 ++++++++ .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 ++--- drivers/scsi/qla2xxx/qla_target.h | 4 ++-- drivers/target/iscsi/iscsi_target.c | 22 ++++++++++++++-------- fs/ubifs/super.c | 3 +++ sound/hda/hdac_controller.c | 8 ++++++-- sound/soc/codecs/sigmadsp.c | 3 +-- sound/soc/codecs/wm8804-i2c.c | 15 ++++++++++++++- tools/testing/selftests/efivarfs/config | 1 + tools/testing/selftests/memory-hotplug/config | 1 + 16 files changed, 81 insertions(+), 28 deletions(-) create mode 100644 tools/testing/selftests/efivarfs/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvAsWUACgkQ3qZv95d3 LNw2dxAAknTmD/Y3wcfhcAEK3xci39b3ouXaCUABLe8zL/jwOiJzgZrq4JQbqCNL Kd0p5JK4gGSaokfU65aYeTFAAKOPyoaK0fzP1avfFI5FuaKqrMoZtcZCGerfL6dX HolN96N2qEDMCpgl+Uzb2+OtJi+ZBcWqZgnaYuLQVgfS/4S7+Rqh2NptdPXJNU3h ZVsJ3oZ9y3clOpSF3om5UWsicXC+4MRRor+Bi32K0aEI+XvDxgqIUNxA9wd43jHf UDxsRTG4R8om66aWB87lTUJONTquRCIw/bJIj9mDnpa6tOZ3AIwjcj42QlObuJEw PSuLA7Yuup8QaySaulyGazDs9Z/ARhJw8SKlBQjdIrg07Ld6NZMOl7iOQVdM9HWG Rl3pynuPjBOLmIC3FH6qKr4qabEoKHo7BoIA728FQ7hh5UoyKkSWDfDTmjOF+jAd RyojoRqC4V5MSrPpaTvyjya68Wn2RMDAWH2SpUUTUkkRo+tNG95+N/xIR1Pe0bLv 9cUycnMNIJKXVvp2h3AgaisFz7Kx1PaN88fxWNPKVsjqziZKND9S/PrGKuTmZIF2 gml7Nb5zgUrWaFZm8xKiVOFWu5BCbHTZvasAhcCU8qO8Llm7C9GoVkGo6bqrRdYW 7JUgFFilululaoGch/824F/MGchxTtbymnlrj97FxZeKK/Bpw84= =JL5/ -----END PGP SIGNATURE-----

6 years, 8 months

1
0
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit e6abbe80c8838e9c0bdb51835e6218008fa49386: Linux 4.14.74 (2018-10-03 17:01:00 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-12102018 for you to fetch changes up to cb9c65e3917e1f240e8a30729afeffe1b1f1338f: ubifs: Check for name being NULL while mounting (2018-10-03 22:24:19 -0400) - ---------------------------------------------------------------- for-greg-4.14-12102018 - ---------------------------------------------------------------- Amber Lin (1): drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 Dan Carpenter (1): scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() Danny Smith (1): ASoC: sigmadsp: safeload should not have lower byte limit Hans de Goede (2): clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail clk: x86: Stop marking clocks as CLK_IS_CRITICAL Hermes Zhang (1): Bluetooth: hci_ldisc: Free rw_semaphore on close Jongsung Kim (1): stmmac: fix valid numbers of unicast filter entries Kuninori Morimoto (2): ASoC: rsnd: adg: care clock-frequency size ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER Laura Abbott (1): scsi: iscsi: target: Don't use stack buffer for scatterlist Lei Yang (2): selftests/efivarfs: add required kernel configs selftests: memory-hotplug: add required configs Nicolas Ferre (2): net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 Oder Chiou (1): ASoC: rt5514: Fix the issue of the delay volume applied again Pierre-Louis Bossart (1): ASoC: wm8804: Add ACPI support Richard Weinberger (1): ubifs: Check for name being NULL while mounting Stephen Hemminger (2): hv_netvsc: fix schedule in RCU context PCI: hv: support reporting serial number as slot information Tony Lindgren (1): mfd: omap-usb-host: Fix dts probe of children Vitaly Kuznetsov (1): x86/kvm/lapic: always disable MMIO interface in x2APIC mode Yu Zhao (2): sound: enable interrupt after dma buffer initialization sound: don't call skl_init_chip() to reset intel skl soc Documentation/devicetree/bindings/net/macb.txt | 1 + arch/arm/boot/dts/sama5d3_emac.dtsi | 2 +- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/lapic.c | 22 +++++++++++-- drivers/bluetooth/hci_ldisc.c | 2 ++ drivers/clk/x86/clk-pmc-atom.c | 18 +++++++---- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 2 +- drivers/mfd/omap-usb-host.c | 11 ++++--- drivers/net/ethernet/cadence/macb_main.c | 8 +++++ .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 5 ++- drivers/net/hyperv/netvsc_drv.c | 9 ++---- drivers/pci/host/pci-hyperv.c | 37 ++++++++++++++++++++++ drivers/scsi/qla2xxx/qla_target.h | 4 +-- drivers/target/iscsi/iscsi_target.c | 22 ++++++++----- fs/ubifs/super.c | 3 ++ include/sound/hdaudio.h | 1 + sound/hda/hdac_controller.c | 15 ++++++--- sound/soc/codecs/rt5514.c | 8 ++--- sound/soc/codecs/sigmadsp.c | 3 +- sound/soc/codecs/wm8804-i2c.c | 15 ++++++++- sound/soc/intel/skylake/skl.c | 2 +- sound/soc/sh/rcar/adg.c | 5 +++ sound/soc/sh/rcar/core.c | 10 +++++- sound/soc/sh/rcar/dma.c | 4 +++ tools/testing/selftests/efivarfs/config | 1 + tools/testing/selftests/memory-hotplug/config | 1 + 26 files changed, 162 insertions(+), 50 deletions(-) create mode 100644 tools/testing/selftests/efivarfs/config -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlvAsV4ACgkQ3qZv95d3 LNyWgQ//XANh5mQDMTeunoBjoec8HKAhmEnQgvldgovAeQ0xZobjzliIj4N8vWQ0 XGsCc/LD1Vhe1LhTwoY2GHzS2NayHOMq5X4/+kgUakBJaBFS5i76J24mFcJK7rZq Qmgl51xfiIk9Y/tdk3vjAUfp4bv+hZnOv+WvRSTA22l07wTh0yh7btODNmYtNoRl +Xgwi73O1tmUyBY3fAiu1Gyo4nTrJlOHtXBUyvoJKlGoZuL2C5A4uU/r5sOf1ROt ng+2dTU9KaGsI5z8MyjTS9ZyI+3mUyXtWhsBlnzTHgMRw/AnbJIWTn6Sq9Ij8yYO 4BRIJfmz4mn2EC5m2T/u/RbDdmArwjaygwZwP/20rr8ChqAiqwvOMjAjmzV3pToT AqEnlwZZSMd+sdP/HnAC1qQJCgt1Kk6G+98klZlSTYXx2iGekkshL+jAX1WPOSwS mu4HUKjsKdusQTuikFhKOdvLULcizQ3isMVmIGKKBQVeg/zr4tPopNGrW/kpyr9L eEed6B/g5ioi3Oel1nLHNalu2sjuFuScbxuyXDEVYvA8Yhb07lbNpAMEfH9xF0wn OCv8l48+Gp25c7rtVZ0+erkmAmfWKXS0Kv9mVrNHSREzbGVmwLsBh5jX72jwLRiT P7JOMZvSI9BYhYI8sieJWJI8K8J9z69KgCmTe/oeqFD75St3ggg= =+Ugj -----END PGP SIGNATURE-----

6 years, 8 months

1
0
0 0

[PATCH v3] mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB

by Liu Xiang

If the size of spi-nor flash is larger than 16MB, the read_opcode is set to SPINOR_OP_READ_1_1_4_4B, and fsl_qspi_get_seqid() will return -EINVAL when cmd is SPINOR_OP_READ_1_1_4_4B. This can cause read operation fail. Fixes: e46ecda764dc ("mtd: spi-nor: Add Freescale QuadSPI driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Liu Xiang <liu.xiang6(a)zte.com.cn> --- Changes in v3: move changelog position. drivers/mtd/spi-nor/fsl-quadspi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mtd/spi-nor/fsl-quadspi.c b/drivers/mtd/spi-nor/fsl-quadspi.c index 7d9620c..64304a3 100644 --- a/drivers/mtd/spi-nor/fsl-quadspi.c +++ b/drivers/mtd/spi-nor/fsl-quadspi.c @@ -478,6 +478,7 @@ static int fsl_qspi_get_seqid(struct fsl_qspi *q, u8 cmd) { switch (cmd) { case SPINOR_OP_READ_1_1_4: + case SPINOR_OP_READ_1_1_4_4B: return SEQID_READ; case SPINOR_OP_WREN: return SEQID_WREN; -- 1.9.1

6 years, 8 months

2
2
0 0

Re: PROBLEM: brcmfmac driver crashes on resuming if no firmware is loaded

by Jon Hunter

Correcting stable address ... On 12/10/18 13:37, Jon Hunter wrote: > [1.] One line summary of the problem: > brcmfmac driver crashes on resuming if no firmware is loaded > > [2.] Full description of the problem/report: > In stable-v4.4, if the brcmfmac driver fails to load the required > firmware on boot for an SDIO based device, then the driver fails > to remove one of the two devices it registered during probe with > the kernel. If the kernel then enters suspend, on resume the > kernel tries to resume the device registered by brcmfmac driver > and crashes due to a NULL pointer deference (see 6 below). > > This issue is seen in stable-v4.4 but not in stable-v4.9 and I > believe is fixed by commit 7a51461fc2da ("brcmfmac: unbind all > devices upon failure in firmware callback"). Unfortunately, this > fix is dependent on other changes and so is not easily > back-ported AFAICT. > > This issue is seen on Tegra20 Ventana and Tegra30 Cardhu. > > [3.] Keywords (i.e., modules, networking, kernel): > BROADCOM BRCM80211 > > [4.] Kernel information > [4.1.] Kernel version (from /proc/version): > Linux version 4.4.160-rc1-00116-g5826f1d1ce56 > [4.2.] Kernel .config file: > Generated using tegra_defconfig > > [5.] Most recent kernel version which did not have the bug: > Not seen in current mainline or -next. > > [6.] Output of Oops.. message (if applicable) with symbolic information > > [ 51.941094] Unable to handle kernel NULL pointer dereference at virtual address 00000000 > > [ 51.949836] pgd = eee54000 > > [ 51.952771] [00000000] *pgd=2db16831, *pte=00000000, *ppte=00000000 > > [ 51.959722] Internal error: Oops: 17 [#1] SMP ARM > > [ 51.964774] Modules linked in: snd_soc_tegra_wm8903 snd_soc_wm8903 snd_soc_tegra_utils snd_soc_core snd_pcm_dmaengine snd_pcm brcmfmac brcmutil cfg80211 snd_timer snd soundcore ac97_bus snd_soc_tegra20_das > > [ 51.984922] CPU: 1 PID: 512 Comm: rtcwake Not tainted 4.4.160-rc1-00116-g5826f1d1ce56 #1 > > [ 51.993577] Hardware name: NVIDIA Tegra SoC (Flattened Device Tree) > > [ 52.000303] task: eefa3900 ti: ed93c000 task.ti: ed93c000 > > [ 52.006294] PC is at brcmf_ops_sdio_resume+0x10/0x5c [brcmfmac] > > [ 52.012672] LR is at pm_generic_resume+0x2c/0x38 > > [ 52.017641] pc : [<bf12bbb8>] lr : [<c06502d4>] psr: 60000113 > > [ 52.017641] sp : ed93ddb8 ip : eed72e74 fp : c0f4a2d8 > > [ 52.029914] r10: c0fa7580 r9 : 00000010 r8 : 00000000 > > [ 52.035522] r7 : 00000010 r6 : eed7303c r5 : 00000001 r4 : c06502a8 > > [ 52.042514] r3 : 00000000 r2 : 00000002 r1 : eed73008 r0 : eed73008 > > [ 52.049511] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none > > [ 52.057156] Control: 10c5387d Table: 2ee5404a DAC: 00000051 > > [ 52.063319] Process rtcwake (pid: 512, stack limit = 0xed93c220) > > [ 52.069761] Stack: (0xed93ddb8 to 0xed93e000) > > [ 52.074450] dda0: c06502a8 c06502d4 > > [ 52.083225] ddc0: c0cae914 c0653674 17c10408 c027fc00 eed72e08 eed73008 00000001 c0653cdc > > [ 52.091993] dde0: eed73070 eed73008 c0fa7548 c0fa7578 c104ce7c c0655018 c0f4a2d8 c0654ee8 > > [ 52.100757] de00: 0ea73a40 0000000c 0ea73a40 0000000c 0e3050d8 00000010 00000003 00000000 > > [ 52.109529] de20: c0f1650c c10109f4 c0f170a4 00000000 00000000 c06552e8 c10109f4 c02870b0 > > [ 52.118399] de40: 00000000 c028a464 c0d3b71c ed93de6c c0f49314 c02cd350 00000003 c10109f4 > > [ 52.127166] de60: 00000003 00000000 00000003 edbb45c0 00000004 00000000 00000000 c0287540 > > [ 52.135933] de80: 00000003 c0c8401c c1010a04 c02862fc 00000004 ee8f86e0 edbb45c0 edbb4fcc > > [ 52.144698] dea0: 00000004 ed93df80 00028290 c048c684 00000004 c036dec8 c036de84 edbb4fc0 > > [ 52.169613] dec0: edbb45c0 c036d70c 00000000 00000000 000081a4 c0a0113c 00028290 eee13b40 > > [ 52.194484] dee0: ed93df80 00000004 00028290 00000000 00000005 c030f990 c0f1ba64 ed93dfb0 > > [ 52.219219] df00: 00002710 000001ff b6fb42e4 c020a29c 5a9fd343 0b532b80 5a9fd343 0b532b80 > > [ 52.244031] df20: 0000050e 00000000 eee13b40 becb54b8 00028128 00028128 000000c5 eee13b40 > > [ 52.268893] df40: eee13b40 00028290 ed93df80 00000004 00000004 c031018c 0000000f 000081a4 > > [ 52.293765] df60: 00000001 00000000 00000000 eee13b40 eee13b40 00000004 00028290 c0310994 > > [ 52.318818] df80: 00000000 00000000 5a9fd343 00000004 00028290 00028128 00000004 c0210c44 > > [ 52.343980] dfa0: ed93c000 c0210a80 00000004 00028290 00000004 00028290 00000004 00000000 > > [ 52.369292] dfc0: 00000004 00028290 00028128 00000004 00014f40 00026180 00014ca4 00000005 > > [ 52.394701] dfe0: 00000000 becb5a1c b6f3479b b6f700d6 000f0030 00000004 00000000 00000000 > > [ 52.420294] [<bf12bbb8>] (brcmf_ops_sdio_resume [brcmfmac]) from [<c06502d4>] (pm_generic_resume+0x2c/0x38) > > [ 52.447649] [<c06502d4>] (pm_generic_resume) from [<c0653674>] (dpm_run_callback+0x1c/0x58) > > [ 52.474009] [<c0653674>] (dpm_run_callback) from [<c0653cdc>] (device_resume+0x98/0x260) > > [ 52.500177] [<c0653cdc>] (device_resume) from [<c0655018>] (dpm_resume+0x100/0x228) > > [ 52.525931] [<c0655018>] (dpm_resume) from [<c06552e8>] (dpm_resume_end+0xc/0x18) > > [ 52.551807] [<c06552e8>] (dpm_resume_end) from [<c02870b0>] (suspend_devices_and_enter+0x124/0x420) > > [ 52.579701] [<c02870b0>] (suspend_devices_and_enter) from [<c0287540>] (pm_suspend+0x194/0x254) > > [ 52.607599] [<c0287540>] (pm_suspend) from [<c02862fc>] (state_store+0x6c/0xbc) > > [ 52.634364] [<c02862fc>] (state_store) from [<c048c684>] (kobj_attr_store+0x14/0x20) > > [ 52.661518] [<c048c684>] (kobj_attr_store) from [<c036dec8>] (sysfs_kf_write+0x44/0x48) > > [ 52.688909] [<c036dec8>] (sysfs_kf_write) from [<c036d70c>] (kernfs_fop_write+0xbc/0x1b0) > > [ 52.716566] [<c036d70c>] (kernfs_fop_write) from [<c030f990>] (__vfs_write+0x24/0xd8) > > [ 52.743917] [<c030f990>] (__vfs_write) from [<c031018c>] (vfs_write+0x94/0x154) > > [ 52.770230] [<c031018c>] (vfs_write) from [<c0310994>] (SyS_write+0x40/0x94) > > [ 52.795713] [<c0310994>] (SyS_write) from [<c0210a80>] (ret_fast_syscall+0x0/0x48) > > [ 52.821478] Code: e92d4010 e590218c e5903058 e3520002 (e5934000) > > [ 52.845762] ---[ end trace d797b5b1ce195377 ]--- > -- nvpublic

6 years, 8 months

1
0
0 0

Re: [PATCH 4.4 00/27] 4.4.161-stable review

by Greg Kroah-Hartman

On Thu, Oct 11, 2018 at 03:22:11PM -0700, kernelci.org bot wrote: > > > Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.4.y/kernel/v4.4.… > Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.4.y/kernel/v4.4.160-28-… > > Tree: stable-rc > Branch: linux-4.4.y > Git Describe: v4.4.160-28-gb3522afcec59 > Git Commit: b3522afcec59a6a8030ebf4397f5b285b3e804d2 > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git > Tested: 39 unique boards, 20 SoC families, 13 builds out of 178 > > Boot Regressions Detected: > > x86: > > x86_64_defconfig: > qemu: > lab-baylibre: new failure (last pass: v4.4.160) Should I worry about this? thanks, greg k-h

6 years, 8 months

2
1
0 0

URGENT RESPONSE NEEDED

by Sean Kim.

Hello my dear. Did you receive my email message to you? Please, get back to me ASAP as the matter is becoming late. Expecting your urgent response. Sean.

6 years, 8 months

1
0
0 0

[PATCH] ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)

by Jeremy Cline

The Lenovo G50-30, like other G50 models, has a Conexant codec that requires a quirk for its inverted stereo dmic. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1249364 Reported-by: Alexander Ploumistos <alex.ploumistos(a)gmail.com> Tested-by: Alexander Ploumistos <alex.ploumistos(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Jeremy Cline <jcline(a)redhat.com> --- sound/pci/hda/patch_conexant.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c index 5592557fe50e..950e02e71766 100644 --- a/sound/pci/hda/patch_conexant.c +++ b/sound/pci/hda/patch_conexant.c @@ -943,6 +943,7 @@ static const struct snd_pci_quirk cxt5066_fixups[] = { SND_PCI_QUIRK(0x17aa, 0x21da, "Lenovo X220", CXT_PINCFG_LENOVO_TP410), SND_PCI_QUIRK(0x17aa, 0x21db, "Lenovo X220-tablet", CXT_PINCFG_LENOVO_TP410), SND_PCI_QUIRK(0x17aa, 0x38af, "Lenovo IdeaPad Z560", CXT_FIXUP_MUTE_LED_EAPD), + SND_PCI_QUIRK(0x17aa, 0x3905, "Lenovo G50-30", CXT_FIXUP_STEREO_DMIC), SND_PCI_QUIRK(0x17aa, 0x390b, "Lenovo G50-80", CXT_FIXUP_STEREO_DMIC), SND_PCI_QUIRK(0x17aa, 0x3975, "Lenovo U300s", CXT_FIXUP_STEREO_DMIC), SND_PCI_QUIRK(0x17aa, 0x3977, "Lenovo IdeaPad U310", CXT_FIXUP_STEREO_DMIC), -- 2.19.1

6 years, 8 months

2
1
0 0

[RESEND][PATCH 4.4-stable] jffs2: return -ERANGE when xattr buffer is too small

by Hou Tao

When a file have multiple xattrs and the passed buffer is smaller than the required size, jffs2_listxattr() should return -ERANGE instead of continue, else Oops may occur due to memory corruption. Also remove the unnecessary check ("rc < 0"), because xhandle->list(...) will not return an error number. Spotted by generic/377 in xfstests-dev. NB: The problem had been fixed by commit 764a5c6b1fa4 ("xattr handlers: Simplify list operation") in v4.5-rc1, but the modification in that commit may be too much because it modifies all file-systems which implement xattr, so I create a single patch for jffs2 to fix the problem. Signed-off-by: Hou Tao <houtao1(a)huawei.com> --- fs/jffs2/xattr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/jffs2/xattr.c b/fs/jffs2/xattr.c index 4c2c03663533..8e1427762eeb 100644 --- a/fs/jffs2/xattr.c +++ b/fs/jffs2/xattr.c @@ -1004,12 +1004,14 @@ ssize_t jffs2_listxattr(struct dentry *dentry, char *buffer, size_t size) rc = xhandle->list(xhandle, dentry, buffer + len, size - len, xd->xname, xd->name_len); + if (rc > size - len) { + rc = -ERANGE; + goto out; + } } else { rc = xhandle->list(xhandle, dentry, NULL, 0, xd->xname, xd->name_len); } - if (rc < 0) - goto out; len += rc; } rc = len; -- 2.16.2.dirty

6 years, 8 months

1
0
0 0

Fwd: [PATCH stable 4.4 V2 0/6] fix SegmentSmack in stable branch (CVE-2018-5390)

by salil GK

I was looking for fix for CVE-2018-5390 and CVE-2018-5390) in 4.18.x. Will these fix be available in 4.18 train ? PS: Sorry for sending again - I got a rejection message as my previous message contains html tags ! Thanks ~S On Oct 11, 2018 7:38 PM, "Greg KH" <gregkh(a)linux-foundation.org> wrote: On Wed, Sep 26, 2018 at 10:21:21PM +0200, Greg KH wrote: > On Tue, Sep 25, 2018 at 10:10:15PM +0800, maowenan wrote: > > Hi Greg: > > > > can you review this patch set? > > It is still in the queue, don't worry. It will take some more time to > properly review and test it. > > Ideally you could get someone else to test this and provide a > "tested-by:" tag for it? All now queued up, let's see what breaks :) thanks, greg k-h

6 years, 8 months

1
0
0 0

Re: [PATCH stable 4.4 V2 0/6] fix SegmentSmack in stable branch (CVE-2018-5390)

by maowenan

On 2018/10/12 10:28, salil GK wrote: > I was looking for fix for CVE-2018-5390 and CVE-2018-5390) in 4.18.x. Will these fix be available in 4.18 train ? The fixes of CVE-2018-5390 have already existed in stable 4.18. These fixes only available with < 4.9 that don't using RB tree. 58152ec tcp: add tcp_ooo_try_coalesce() helper 8541b21 tcp: call tcp_drop() from tcp_data_queue_ofo() 3d4bf93 tcp: detect malicious patterns in tcp_collapse_ofo_queue() f4a3313 tcp: avoid collapses in tcp_prune_queue() if possible 72cd43b tcp: free batches of packets in tcp_prune_ofo_queue() > > Thanks > ~S > > On Oct 11, 2018 7:38 PM, "Greg KH" <gregkh(a)linux-foundation.org <mailto:gregkh@linux-foundation.org>> wrote: > > On Wed, Sep 26, 2018 at 10:21:21PM +0200, Greg KH wrote: > > On Tue, Sep 25, 2018 at 10:10:15PM +0800, maowenan wrote: > > > Hi Greg: > > > > > > can you review this patch set? > > > > It is still in the queue, don't worry. It will take some more time to > > properly review and test it. > > > > Ideally you could get someone else to test this and provide a > > "tested-by:" tag for it? > > All now queued up, let's see what breaks :) > > thanks, > > greg k-h > >

6 years, 8 months

1
0
0 0

[PATCH AUTOSEL 4.18 01/58] soundwire: Fix duplicate stream state assignment

by Sasha Levin

From: Shreyas NC <shreyas.nc(a)intel.com> [ Upstream commit 0aebe40bae6cf5652fdc3d05ecee15fbf5748194 ] For a SoundWire stream it is expected that a Slave is added to the stream before Master is added. So, move the stream state to CONFIGURED after the first Slave is added and remove the stream state assignment for Master add. Along with these changes, add additional comments to explain the same. Signed-off-by: Shreyas NC <shreyas.nc(a)intel.com> Acked-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Signed-off-by: Vinod Koul <vkoul(a)kernel.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/soundwire/stream.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/soundwire/stream.c b/drivers/soundwire/stream.c index 4b5e250e8615..7ba6d4d8cd03 100644 --- a/drivers/soundwire/stream.c +++ b/drivers/soundwire/stream.c @@ -1123,8 +1123,6 @@ int sdw_stream_add_master(struct sdw_bus *bus, if (ret) goto stream_error; - stream->state = SDW_STREAM_CONFIGURED; - stream_error: sdw_release_master_stream(stream); error: @@ -1141,6 +1139,10 @@ EXPORT_SYMBOL(sdw_stream_add_master); * @stream: SoundWire stream * @port_config: Port configuration for audio stream * @num_ports: Number of ports + * + * It is expected that Slave is added before adding Master + * to the Stream. + * */ int sdw_stream_add_slave(struct sdw_slave *slave, struct sdw_stream_config *stream_config, @@ -1186,6 +1188,12 @@ int sdw_stream_add_slave(struct sdw_slave *slave, if (ret) goto stream_error; + /* + * Change stream state to CONFIGURED on first Slave add. + * Bus is not aware of number of Slave(s) in a stream at this + * point so cannot depend on all Slave(s) to be added in order to + * change stream state to CONFIGURED. + */ stream->state = SDW_STREAM_CONFIGURED; goto error; -- 2.17.1

6 years, 8 months

5
75
0 0

[PATCH 4/6] ocfs2: fix locking for res->tracking and dlm->tracking_list

by Rodrigo Vivi

From: Ashish Samant <ashish.samant(a)oracle.com> In dlm_init_lockres() we access and modify res->tracking and dlm->tracking_list without holding dlm->track_lock. This can cause list corruptions and can end up in kernel panic. Fix this by locking res->tracking and dlm->tracking_list with dlm->track_lock instead of dlm->spinlock. Link: http://lkml.kernel.org/r/1529951192-4686-1-git-send-email-ashish.samant@ora… Signed-off-by: Ashish Samant <ashish.samant(a)oracle.com> Reviewed-by: Changwei Ge <ge.changwei(a)h3c.com> Acked-by: Joseph Qi <jiangqi903(a)gmail.com> Acked-by: Jun Piao <piaojun(a)huawei.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/ocfs2/dlm/dlmmaster.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ocfs2/dlm/dlmmaster.c b/fs/ocfs2/dlm/dlmmaster.c index aaca0949fe53..826f0567ec43 100644 --- a/fs/ocfs2/dlm/dlmmaster.c +++ b/fs/ocfs2/dlm/dlmmaster.c @@ -584,9 +584,9 @@ static void dlm_init_lockres(struct dlm_ctxt *dlm, res->last_used = 0; - spin_lock(&dlm->spinlock); + spin_lock(&dlm->track_lock); list_add_tail(&res->tracking, &dlm->tracking_list); - spin_unlock(&dlm->spinlock); + spin_unlock(&dlm->track_lock); memset(res->lvb, 0, DLM_LVB_LEN); memset(res->refmap, 0, sizeof(res->refmap)); -- 2.17.1

6 years, 8 months

1
0
0 0

[PATCH 2/6] mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly

by Rodrigo Vivi

From: Jann Horn <jannh(a)google.com> 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") made the availability of the NR_TLB_REMOTE_FLUSH* counters inside the kernel unconditional to reduce #ifdef soup, but (either to avoid showing dummy zero counters to userspace, or because that code was missed) didn't update the vmstat_array, meaning that all following counters would be shown with incorrect values. This only affects kernel builds with CONFIG_VM_EVENT_COUNTERS=y && CONFIG_DEBUG_TLBFLUSH=y && CONFIG_SMP=n. Link: http://lkml.kernel.org/r/20181001143138.95119-2-jannh@google.com Fixes: 5dd0b16cdaff ("mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP") Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Roman Gushchin <guro(a)fb.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Christoph Lameter <clameter(a)sgi.com> Cc: Kemi Wang <kemi.wang(a)intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- mm/vmstat.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mm/vmstat.c b/mm/vmstat.c index 4cea7b8f519d..7878da76abf2 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c @@ -1275,6 +1275,9 @@ const char * const vmstat_text[] = { #ifdef CONFIG_SMP "nr_tlb_remote_flush", "nr_tlb_remote_flush_received", +#else + "", /* nr_tlb_remote_flush */ + "", /* nr_tlb_remote_flush_received */ #endif /* CONFIG_SMP */ "nr_tlb_local_flush_all", "nr_tlb_local_flush_one", -- 2.17.1

6 years, 8 months

1
0
0 0

[PATCH] blk-wbt: wake up all when we scale up, not down

by Josef Bacik

Tetsuo brought to my attention that I screwed up the scale_up/scale_down helpers when I factored out the rq-qos code. We need to wake up all the waiters when we add slots for requests to make, not when we shrink the slots. Otherwise we'll end up things waiting forever. This was a mistake and simply puts everything back the way it was. cc: stable(a)vger.kernel.org Fixes: a79050434b45 ("blk-rq-qos: refactor out common elements of blk-wbt") eported-by: Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> --- JENS! I did this on for-4.20/block FYI block/blk-wbt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/blk-wbt.c b/block/blk-wbt.c index 8e20a0677dcf..8ac93fcbaa2e 100644 --- a/block/blk-wbt.c +++ b/block/blk-wbt.c @@ -310,6 +310,7 @@ static void scale_up(struct rq_wb *rwb) rq_depth_scale_up(&rwb->rq_depth); calc_wb_limits(rwb); rwb->unknown_cnt = 0; + rwb_wake_all(rwb); rwb_trace_step(rwb, "scale up"); } @@ -318,7 +319,6 @@ static void scale_down(struct rq_wb *rwb, bool hard_throttle) rq_depth_scale_down(&rwb->rq_depth, hard_throttle); calc_wb_limits(rwb); rwb->unknown_cnt = 0; - rwb_wake_all(rwb); rwb_trace_step(rwb, "scale down"); } -- 2.14.3

6 years, 8 months

2
1
0 0

[PATCH] pci: Add a few new IDs for Intel GPU "spurious interrupt" quirk

by Bin Meng

Add more PCI IDs to the Intel GPU "spurious interrupt" quirk table, which are known to break. See commit f67fd55fa96f ("PCI: Add quirk for still enabled interrupts on Intel Sandy Bridge GPUs"), and commit 7c82126a94e6 ("PCI: Add new ID for Intel GPU "spurious interrupt" quirk") for some history. Based on current findings, it is highly possible that all Intel 1st/2nd/3rd generation Core processors' IGD has such quirk. Signed-off-by: Bin Meng <bmeng.cn(a)gmail.com> Cc: <stable(a)vger.kernel.org> # v3.4+ --- drivers/pci/quirks.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c index 6bc27b7..c0673a7 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -3190,7 +3190,11 @@ static void disable_igfx_irq(struct pci_dev *dev) pci_iounmap(dev, regs); } +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0042, disable_igfx_irq); +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0046, disable_igfx_irq); +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x004a, disable_igfx_irq); DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0102, disable_igfx_irq); +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0106, disable_igfx_irq); DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x010a, disable_igfx_irq); DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0152, disable_igfx_irq); -- 2.7.4

6 years, 8 months

4
12
0 0

Backports that remove FPU lazy-mode deadcode

by Daniel Sangorrin

Hello Greg, This is my 3rd attempt* at sending to you the FPU backported patches that complete the removal of FPU lazy-mode code, documentation and comments. Please apply the next patch before the 4.4.y 3-patch series. - a1dbf52c1a38 ("KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch") [PATCH v3 4.4.y 1/3] x86/fpu: Remove use_eager_fpu() [PATCH v3 4.4.y 2/3] x86/fpu: Remove struct fpu::counter [PATCH v3 4.4.y 3/3] x86/fpu: Finish excising 'eagerfpu' [Note] I already sent to you a patch backported for 4.9.y (please make sure you follow the annotations). https://www.spinics.net/lists/stable/msg247014.html Thanks, Daniel *Sorry if I mess up again. I am going to use the get_maintainer.pl from the upstream kernel because last time I had some "returned e-mails".

6 years, 8 months

2
4
0 0

Backports that remove FPU lazy-mode deadcode for 4.9.y

by Daniel Sangorrin

Hello Greg, Please consider this backport for 4.9.y. It completes the removal of FPU lazy-mode code, documentation and comments. [PATCH v3 4.9] x86/fpu: Remove use_eager_fpu() After applying the patch, please do the following: - cherry-pick: 3913cc350757 ("x86/fpu: Remove struct fpu::counter") - revert: f09a7b0eead7 ("perf: sync up x86/.../cpufeatures.h") - Because the modification in this patch actually belongs to e63650840e8b ("x86/fpu: Finish excising 'eagerfpu'") - cherry-pick: e63650840e8b ("x86/fpu: Finish excising 'eagerfpu'") Thanks, Daniel

6 years, 8 months

3
4
0 0

[PATCH] selinux: fix byte order and alignment issues in policydb.c

by Ondrej Mosnacek

Add missing LE conversions to the Infiniband-related range checks. These were causing a failure to load any policy with an ibendportcon rule on BE systems. Also, the temporary buffers are only guaranteed to be aligned for 32-bit access so use (get/put)_unaligned_be64() for 64-bit accesses. Finally, do not use the 'nodebuf' (u32) buffer where 'buf' (__le32) should be used instead. Tested internally on a ppc64 machine with a RHEL 7 kernel with this patch applied. Cc: Daniel Jurgens <danielj(a)mellanox.com> Cc: Eli Cohen <eli(a)mellanox.com> Cc: James Morris <james.l.morris(a)oracle.com> Cc: Doug Ledford <dledford(a)redhat.com> Cc: <stable(a)vger.kernel.org> # 4.13+ Fixes: a806f7a1616f ("selinux: Create policydb version for Infiniband support") Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- security/selinux/ss/policydb.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index f4eadd3f7350..2b310e8f2923 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -37,6 +37,7 @@ #include <linux/errno.h> #include <linux/audit.h> #include <linux/flex_array.h> +#include <asm/unaligned.h> #include "security.h" #include "policydb.h" @@ -2108,7 +2109,7 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, { int i, j, rc; u32 nel, len; - __le32 buf[3]; + __le32 buf[4]; struct ocontext *l, *c; u32 nodebuf[8]; @@ -2218,20 +2219,20 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, break; } case OCON_IBPKEY: - rc = next_entry(nodebuf, fp, sizeof(u32) * 4); + rc = next_entry(buf, fp, sizeof(u32) * 4); if (rc) goto out; - c->u.ibpkey.subnet_prefix = be64_to_cpu(*((__be64 *)nodebuf)); + c->u.ibpkey.subnet_prefix = get_unaligned_be64(buf); - if (nodebuf[2] > 0xffff || - nodebuf[3] > 0xffff) { + if (le32_to_cpu(buf[2]) > 0xffff || + le32_to_cpu(buf[3]) > 0xffff) { rc = -EINVAL; goto out; } - c->u.ibpkey.low_pkey = le32_to_cpu(nodebuf[2]); - c->u.ibpkey.high_pkey = le32_to_cpu(nodebuf[3]); + c->u.ibpkey.low_pkey = le32_to_cpu(buf[2]); + c->u.ibpkey.high_pkey = le32_to_cpu(buf[3]); rc = context_read_and_validate(&c->context[0], p, @@ -2249,7 +2250,8 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, if (rc) goto out; - if (buf[1] > 0xff || buf[1] == 0) { + if (le32_to_cpu(buf[1]) > 0xff || + le32_to_cpu(buf[1]) == 0) { rc = -EINVAL; goto out; } @@ -3105,7 +3107,7 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, { unsigned int i, j, rc; size_t nel, len; - __le32 buf[3]; + __le32 buf[4]; u32 nodebuf[8]; struct ocontext *c; for (i = 0; i < info->ocon_num; i++) { @@ -3192,12 +3194,12 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, return rc; break; case OCON_IBPKEY: - *((__be64 *)nodebuf) = cpu_to_be64(c->u.ibpkey.subnet_prefix); + put_unaligned_be64(c->u.ibpkey.subnet_prefix, buf); - nodebuf[2] = cpu_to_le32(c->u.ibpkey.low_pkey); - nodebuf[3] = cpu_to_le32(c->u.ibpkey.high_pkey); + buf[2] = cpu_to_le32(c->u.ibpkey.low_pkey); + buf[3] = cpu_to_le32(c->u.ibpkey.high_pkey); - rc = put_entry(nodebuf, sizeof(u32), 4, fp); + rc = put_entry(buf, sizeof(u32), 4, fp); if (rc) return rc; rc = context_write(p, &c->context[0], fp); -- 2.17.1

6 years, 8 months

1
0
0 0

[for -stable] commit "c82919888064 ath10k: fix scan crash due to incorrect length calculation"

by Brian Norris

Hi Greg / stable maintainer(s), IIUC, this commit is a good candidate for -stable. I just hit the bug on 4.14, because of new vendor firmware that noticed the mismatched length (an internal "assert"), but it seems like this is equally problematic from the kernel side for as long as this code existed [1]: commit c8291988806407e02a01b4b15b4504eafbcc04e0 Author: Zhi Chen <zhichen(a)codeaurora.org> Date: Mon Jun 18 17:00:39 2018 +0300 ath10k: fix scan crash due to incorrect length calculation Thanks, Brian [1] I guess that would be: Fixes: ca996ec56608 ("ath10k: implement wmi-tlv backend") which was in v4.0.

6 years, 8 months

3
2
0 0

request for 4.14-stable: c7cdff0e8647 ("virtio_balloon: fix deadlock on OOM")

by Sudip Mukherjee

Hi Greg, This was not marked for stable but seems it should be in stable. Please apply to your queue of 4.14-stable. And at the same time, there was another later patch which fixed a bug in this patch. Both are attached as a series to this mail. -- Regards Sudip

6 years, 8 months

2
1
0 0

[PATCH stable 4.4 V2 0/6] fix SegmentSmack in stable branch (CVE-2018-5390)

by Mao Wenan

There are five patches to fix CVE-2018-5390 in latest mainline branch, but only two patches exist in stable 4.4 and 3.18: dc6ae4d tcp: detect malicious patterns in tcp_collapse_ofo_queue() 5fbec48 tcp: avoid collapses in tcp_prune_queue() if possible I have tested with stable 4.4 kernel, and found the cpu usage was very high. So I think only two patches can't fix the CVE-2018-5390. test results: with fix patch： 78.2% ksoftirqd withoutfix patch： 90% ksoftirqd Then I try to imitate 72cd43ba(tcp: free batches of packets in tcp_prune_ofo_queue()) to drop at least 12.5 % of sk_rcvbuf to avoid malicious attacks with simple queue instead of RB tree. The result is not very well. After analysing the codes of stable 4.4, and debuging the system, shows that search of ofo_queue(tcp ofo using a simple queue) cost more cycles. So I try to backport "tcp: use an RB tree for ooo receive queue" using RB tree instead of simple queue, then backport Eric Dumazet 5 fixed patches in mainline, good news is that ksoftirqd is turn to about 20%, which is the same with mainline now. Stable 4.4 have already back port two patches, f4a3313d(tcp: avoid collapses in tcp_prune_queue() if possible) 3d4bf93a(tcp: detect malicious patterns in tcp_collapse_ofo_queue()) If we want to change simple queue to RB tree to finally resolve, we should apply previous patch 9f5afeae(tcp: use an RB tree for ooo receive queue.) firstly, but 9f5afeae have many conflicts with 3d4bf93a and f4a3313d, which are part of patch series from Eric in mainline to fix CVE-2018-5390, so I need revert part of patches in stable 4.4 firstly, then apply 9f5afeae, and reapply five patches from Eric. V1->V2: 1) Don't revert 3d4bf93a and f4a3313d firstly, all of 6 patches based on 4.4.155. 2) Add one bug fix patch for RB tree:76f0dcbb5ae1a7c3dbeec13dd98233b8e6b0b32a tcp: fix a stale ooo_last_skb Eric Dumazet (5): tcp: increment sk_drops for dropped rx packets tcp: fix a stale ooo_last_skb after a replace tcp: free batches of packets in tcp_prune_ofo_queue() tcp: call tcp_drop() from tcp_data_queue_ofo() tcp: add tcp_ooo_try_coalesce() helper Yaogong Wang (1): tcp: use an RB tree for ooo receive queue include/linux/skbuff.h | 8 + include/linux/tcp.h | 7 +- include/net/sock.h | 7 + include/net/tcp.h | 2 +- net/core/skbuff.c | 19 +++ net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 417 +++++++++++++++++++++++++++++------------------ net/ipv4/tcp_ipv4.c | 3 +- net/ipv4/tcp_minisocks.c | 1 - net/ipv6/tcp_ipv6.c | 1 + 10 files changed, 297 insertions(+), 172 deletions(-) -- 1.8.3.1

6 years, 8 months

3
9
0 0

[PATCH 4.4-stable] jffs2: return -ERANGE when xattr buffer is too small

by Hou Tao

Hi Greg, The problem had been fixed by 764a5c6b1fa4 ("xattr handlers: Simplify list operation") in v4.5-rc1, but the modification in that commit may be too much because it modifies all file-systems which implement xattr, so I create a single patch for jffs2 to fix the problem. Which one is your preference ? Hi Andreas, Could you please help review the patch ? Thanks, Tao --- From: Hou Tao <houtao1(a)huawei.com> When a file have multiple xattrs and the passed buffer is smaller than the required size, jffs2_listxattr() should return -ERANGE instead of continue, else Oops may occurs due to memory corruption. Also remove the unnecessary check ("rc < 0"), because xhandle->list(...) will not return an error number. Spotted by generic/377 in xfstests-dev. Signed-off-by: Hou Tao <houtao1(a)huawei.com> --- fs/jffs2/xattr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/jffs2/xattr.c b/fs/jffs2/xattr.c index 4c2c03663533..8e1427762eeb 100644 --- a/fs/jffs2/xattr.c +++ b/fs/jffs2/xattr.c @@ -1004,12 +1004,14 @@ ssize_t jffs2_listxattr(struct dentry *dentry, char *buffer, size_t size) rc = xhandle->list(xhandle, dentry, buffer + len, size - len, xd->xname, xd->name_len); + if (rc > size - len) { + rc = -ERANGE; + goto out; + } } else { rc = xhandle->list(xhandle, dentry, NULL, 0, xd->xname, xd->name_len); } - if (rc < 0) - goto out; len += rc; } rc = len; --

6 years, 8 months

2
1
0 0

[PATCH] HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452

by Jason Gerecke

The DTK-2451 and DTH-2452 have a buggy HID descriptor which incorrectly contains a Cintiq-like report, complete with pen tilt, rotation, twist, serial number, etc. The hardware doesn't actually support this data but our driver duitifully sets up the device as though it does. To ensure userspace has a correct view of devices without updated firmware, we clean up this incorrect data in wacom_setup_device_quirks. We're also careful to clear the WACOM_QUIRK_TOOLSERIAL flag since its presence causes the driver to wait for serial number information (via wacom_wac_pen_serial_enforce) that never comes, resulting in the pen being non-responsive. Signed-off-by: Jason Gerecke <jason.gerecke(a)wacom.com> Fixes: 8341720642 ("HID: wacom: Queue events with missing type/serial data for later processing") Cc: stable(a)vger.kernel.org # v4.16+ --- drivers/hid/wacom_wac.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c index e0a06be5ef5c..b4b4a30e3982 100644 --- a/drivers/hid/wacom_wac.c +++ b/drivers/hid/wacom_wac.c @@ -3335,6 +3335,7 @@ static void wacom_setup_intuos(struct wacom_wac *wacom_wac) void wacom_setup_device_quirks(struct wacom *wacom) { + struct wacom_wac *wacom_wac = &wacom->wacom_wac; struct wacom_features *features = &wacom->wacom_wac.features; /* The pen and pad share the same interface on most devices */ @@ -3464,6 +3465,25 @@ void wacom_setup_device_quirks(struct wacom *wacom) if (features->type == REMOTE) features->device_type |= WACOM_DEVICETYPE_WL_MONITOR; + + /* HID descriptor for DTK-2451 / DTH-2452 claims to report lots + * of things it shouldn't. Lets fix up the damage... + */ + if (wacom->hdev->product == 0x382 || wacom->hdev->product == 0x37d) { + features->quirks &= ~WACOM_QUIRK_TOOLSERIAL; + __clear_bit(BTN_TOOL_BRUSH, wacom_wac->pen_input->keybit); + __clear_bit(BTN_TOOL_PENCIL, wacom_wac->pen_input->keybit); + __clear_bit(BTN_TOOL_AIRBRUSH, wacom_wac->pen_input->keybit); + __clear_bit(ABS_Z, wacom_wac->pen_input->absbit); + __clear_bit(ABS_DISTANCE, wacom_wac->pen_input->absbit); + __clear_bit(ABS_TILT_X, wacom_wac->pen_input->absbit); + __clear_bit(ABS_TILT_Y, wacom_wac->pen_input->absbit); + __clear_bit(ABS_WHEEL, wacom_wac->pen_input->absbit); + __clear_bit(ABS_MISC, wacom_wac->pen_input->absbit); + __clear_bit(MSC_SERIAL, wacom_wac->pen_input->mscbit); + __clear_bit(EV_MSC, wacom_wac->pen_input->evbit); + } } int wacom_setup_pen_input_capabilities(struct input_dev *input_dev, -- 2.19.1

6 years, 8 months

2
1
0 0

[PATCH 1/1] crypto:chelsio: Fix memory corruption in DMA Mapped buffers.

by Harsh Jain

commit add92a817e60e308a419693413a38d9d1e663aff upstream Update PCI Id in "cpl_rx_phys_dsgl" header. In case pci_chan_id and tx_chan_id are not derived from same queue, H/W can send request completion indication before completing DMA Transfer. Cc: <stable(a)vger.kernel.org> # 4.14.x Signed-off-by: Harsh Jain <harsh(a)chelsio.com> --- drivers/crypto/chelsio/chcr_algo.c | 41 ++++++++++++++++++++++++------------ drivers/crypto/chelsio/chcr_crypto.h | 2 ++ 2 files changed, 29 insertions(+), 14 deletions(-) diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index 0e81607..bb7b59f 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -384,7 +384,8 @@ static inline int is_hmac(struct crypto_tfm *tfm) static void write_phys_cpl(struct cpl_rx_phys_dsgl *phys_cpl, struct scatterlist *sg, - struct phys_sge_parm *sg_param) + struct phys_sge_parm *sg_param, + int pci_chan_id) { struct phys_sge_pairs *to; unsigned int len = 0, left_size = sg_param->obsize; @@ -402,6 +403,7 @@ static void write_phys_cpl(struct cpl_rx_phys_dsgl *phys_cpl, phys_cpl->rss_hdr_int.opcode = CPL_RX_PHYS_ADDR; phys_cpl->rss_hdr_int.qid = htons(sg_param->qid); phys_cpl->rss_hdr_int.hash_val = 0; + phys_cpl->rss_hdr_int.channel = pci_chan_id; to = (struct phys_sge_pairs *)((unsigned char *)phys_cpl + sizeof(struct cpl_rx_phys_dsgl)); for (i = 0; nents && left_size; to++) { @@ -418,7 +420,8 @@ static void write_phys_cpl(struct cpl_rx_phys_dsgl *phys_cpl, static inline int map_writesg_phys_cpl(struct device *dev, struct cpl_rx_phys_dsgl *phys_cpl, struct scatterlist *sg, - struct phys_sge_parm *sg_param) + struct phys_sge_parm *sg_param, + int pci_chan_id) { if (!sg || !sg_param->nents) return -EINVAL; @@ -428,7 +431,7 @@ static inline int map_writesg_phys_cpl(struct device *dev, pr_err("CHCR : DMA mapping failed\n"); return -EINVAL; } - write_phys_cpl(phys_cpl, sg, sg_param); + write_phys_cpl(phys_cpl, sg, sg_param, pci_chan_id); return 0; } @@ -608,7 +611,7 @@ static inline void create_wreq(struct chcr_context *ctx, is_iv ? iv_loc : IV_NOP, !!lcb, ctx->tx_qidx); - chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->dev->tx_channel_id, + chcr_req->ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(ctx->tx_chan_id, qid); chcr_req->ulptx.len = htonl((DIV_ROUND_UP((calc_tx_flits_ofld(skb) * 8), 16) - ((sizeof(chcr_req->wreq)) >> 4))); @@ -698,7 +701,8 @@ static struct sk_buff *create_cipher_wr(struct cipher_wr_param *wrparam) sg_param.obsize = wrparam->bytes; sg_param.qid = wrparam->qid; error = map_writesg_phys_cpl(&u_ctx->lldi.pdev->dev, phys_cpl, - reqctx->dst, &sg_param); + reqctx->dst, &sg_param, + ctx->pci_chan_id); if (error) goto map_fail1; @@ -1228,16 +1232,23 @@ static int chcr_device_init(struct chcr_context *ctx) adap->vres.ncrypto_fc); rxq_perchan = u_ctx->lldi.nrxq / u_ctx->lldi.nchan; txq_perchan = ntxq / u_ctx->lldi.nchan; - rxq_idx = ctx->dev->tx_channel_id * rxq_perchan; - rxq_idx += id % rxq_perchan; - txq_idx = ctx->dev->tx_channel_id * txq_perchan; - txq_idx += id % txq_perchan; spin_lock(&ctx->dev->lock_chcr_dev); - ctx->rx_qidx = rxq_idx; - ctx->tx_qidx = txq_idx; + ctx->tx_chan_id = ctx->dev->tx_channel_id; ctx->dev->tx_channel_id = !ctx->dev->tx_channel_id; ctx->dev->rx_channel_id = 0; spin_unlock(&ctx->dev->lock_chcr_dev); + rxq_idx = ctx->tx_chan_id * rxq_perchan; + rxq_idx += id % rxq_perchan; + txq_idx = ctx->tx_chan_id * txq_perchan; + txq_idx += id % txq_perchan; + ctx->rx_qidx = rxq_idx; + ctx->tx_qidx = txq_idx; + /* Channel Id used by SGE to forward packet to Host. + * Same value should be used in cpl_fw6_pld RSS_CH field + * by FW. Driver programs PCI channel ID to be used in fw + * at the time of queue allocation with value "pi->tx_chan" + */ + ctx->pci_chan_id = txq_idx / txq_perchan; } out: return err; @@ -2066,7 +2077,8 @@ static struct sk_buff *create_authenc_wr(struct aead_request *req, sg_param.obsize = req->cryptlen + (op_type ? -authsize : authsize); sg_param.qid = qid; error = map_writesg_phys_cpl(&u_ctx->lldi.pdev->dev, phys_cpl, - reqctx->dst, &sg_param); + reqctx->dst, &sg_param, + ctx->pci_chan_id); if (error) goto dstmap_fail; @@ -2389,7 +2401,7 @@ static struct sk_buff *create_aead_ccm_wr(struct aead_request *req, sg_param.obsize = req->cryptlen + (op_type ? -authsize : authsize); sg_param.qid = qid; error = map_writesg_phys_cpl(&u_ctx->lldi.pdev->dev, phys_cpl, - reqctx->dst, &sg_param); + reqctx->dst, &sg_param, ctx->pci_chan_id); if (error) goto dstmap_fail; @@ -2545,7 +2557,8 @@ static struct sk_buff *create_gcm_wr(struct aead_request *req, sg_param.obsize = req->cryptlen + (op_type ? -authsize : authsize); sg_param.qid = qid; error = map_writesg_phys_cpl(&u_ctx->lldi.pdev->dev, phys_cpl, - reqctx->dst, &sg_param); + reqctx->dst, &sg_param, + ctx->pci_chan_id); if (error) goto dstmap_fail; diff --git a/drivers/crypto/chelsio/chcr_crypto.h b/drivers/crypto/chelsio/chcr_crypto.h index 30af1ee..e039d9a 100644 --- a/drivers/crypto/chelsio/chcr_crypto.h +++ b/drivers/crypto/chelsio/chcr_crypto.h @@ -222,6 +222,8 @@ struct chcr_context { struct chcr_dev *dev; unsigned char tx_qidx; unsigned char rx_qidx; + unsigned char tx_chan_id; + unsigned char pci_chan_id; struct __crypto_ctx crypto_ctx[0]; }; -- 2.1.4

6 years, 8 months

2
1
0 0

[PATCH backport for 4.9] x86/mm: Expand static page table for fixmap space

by Feng Tang

commit 05ab1d8a4b36ee912b7087c6da127439ed0a903e upstream We met a kernel panic when enabling earlycon, which is due to the fixmap address of earlycon is not statically setup. Currently the static fixmap setup in head_64.S only covers 2M virtual address space, while it actually could be in 4M space with different kernel configurations, e.g. when VSYSCALL emulation is disabled. So increase the static space to 4M for now by defining FIXMAP_PMD_NUM to 2, and add a build time check to ensure that the fixmap is covered by the initial static page tables. Fixes: 1ad83c858c7d ("x86_64,vsyscall: Make vsyscall emulation configurable") Suggested-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Feng Tang <feng.tang(a)intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> # v4.9 Cc: Juergen Gross <jgross(a)suse.com> Cc: H Peter Anvin <hpa(a)linux.intel.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Yinghai Lu <yinghai(a)kernel.org> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Andy Lutomirsky <luto(a)kernel.org> --- arch/x86/include/asm/fixmap.h | 10 ++++++++++ arch/x86/include/asm/pgtable_64.h | 3 ++- arch/x86/kernel/head_64.S | 16 ++++++++++++---- arch/x86/mm/pgtable.c | 9 +++++++++ arch/x86/xen/mmu.c | 8 ++++++-- 5 files changed, 39 insertions(+), 7 deletions(-) diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h index 8554f960..2515284 100644 --- a/arch/x86/include/asm/fixmap.h +++ b/arch/x86/include/asm/fixmap.h @@ -14,6 +14,16 @@ #ifndef _ASM_X86_FIXMAP_H #define _ASM_X86_FIXMAP_H +/* + * Exposed to assembly code for setting up initial page tables. Cannot be + * calculated in assembly code (fixmap entries are an enum), but is sanity + * checked in the actual fixmap C code to make sure that the fixmap is + * covered fully. + */ +#define FIXMAP_PMD_NUM 2 +/* fixmap starts downwards from the 507th entry in level2_fixmap_pgt */ +#define FIXMAP_PMD_TOP 507 + #ifndef __ASSEMBLY__ #include <linux/kernel.h> #include <asm/acpi.h> diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h index 221a32e..d5c4df9 100644 --- a/arch/x86/include/asm/pgtable_64.h +++ b/arch/x86/include/asm/pgtable_64.h @@ -13,13 +13,14 @@ #include <asm/processor.h> #include <linux/bitops.h> #include <linux/threads.h> +#include <asm/fixmap.h> extern pud_t level3_kernel_pgt[512]; extern pud_t level3_ident_pgt[512]; extern pmd_t level2_kernel_pgt[512]; extern pmd_t level2_fixmap_pgt[512]; extern pmd_t level2_ident_pgt[512]; -extern pte_t level1_fixmap_pgt[512]; +extern pte_t level1_fixmap_pgt[512 * FIXMAP_PMD_NUM]; extern pgd_t init_level4_pgt[]; #define swapper_pg_dir init_level4_pgt diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index 9d72cf5..b0d6697 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -23,6 +23,7 @@ #include "../entry/calling.h" #include <asm/export.h> #include <asm/nospec-branch.h> +#include <asm/fixmap.h> #ifdef CONFIG_PARAVIRT #include <asm/asm-offsets.h> @@ -493,13 +494,20 @@ NEXT_PAGE(level2_kernel_pgt) KERNEL_IMAGE_SIZE/PMD_SIZE) NEXT_PAGE(level2_fixmap_pgt) - .fill 506,8,0 - .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE - /* 8MB reserved for vsyscalls + a 2MB hole = 4 + 1 entries */ - .fill 5,8,0 + .fill (512 - 4 - FIXMAP_PMD_NUM),8,0 + pgtno = 0 + .rept (FIXMAP_PMD_NUM) + .quad level1_fixmap_pgt + (pgtno << PAGE_SHIFT) - __START_KERNEL_map \ + + _PAGE_TABLE; + pgtno = pgtno + 1 + .endr + /* 6 MB reserved space + a 2MB hole */ + .fill 4,8,0 NEXT_PAGE(level1_fixmap_pgt) + .rept (FIXMAP_PMD_NUM) .fill 512,8,0 + .endr #undef PMDS diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index e30baa8..8cbed30 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -536,6 +536,15 @@ void __native_set_fixmap(enum fixed_addresses idx, pte_t pte) { unsigned long address = __fix_to_virt(idx); +#ifdef CONFIG_X86_64 + /* + * Ensure that the static initial page tables are covering the + * fixmap completely. + */ + BUILD_BUG_ON(__end_of_permanent_fixed_addresses > + (FIXMAP_PMD_NUM * PTRS_PER_PTE)); +#endif + if (idx >= __end_of_fixed_addresses) { BUG(); return; diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c index c92f75f..ebceaba 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c @@ -1936,7 +1936,7 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) * L3_k[511] -> level2_fixmap_pgt */ convert_pfn_mfn(level3_kernel_pgt); - /* L3_k[511][506] -> level1_fixmap_pgt */ + /* L3_k[511][508-FIXMAP_PMD_NUM ... 507] -> level1_fixmap_pgt */ convert_pfn_mfn(level2_fixmap_pgt); } /* We get [511][511] and have Xen's version of level2_kernel_pgt */ @@ -1970,7 +1970,11 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) set_page_prot(level2_ident_pgt, PAGE_KERNEL_RO); set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); - set_page_prot(level1_fixmap_pgt, PAGE_KERNEL_RO); + + for (i = 0; i < FIXMAP_PMD_NUM; i++) { + set_page_prot(level1_fixmap_pgt + i * PTRS_PER_PTE, + PAGE_KERNEL_RO); + } /* Pin down new L4 */ pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE, -- 2.7.4

6 years, 8 months

2
1
0 0

[PATCH 0/1] Fix 4.4-stable and 4.9-stable ppc build

by Kleber Sacilotto de Souza

Hi Greg, The backport of upstream commit 1bd6a1c4b80a ("powerpc/fadump: handle crash memory ranges array index overflow") introduced a ppc build failure on 4.4-stable and 4.9-stable when CONFIG_FA_DUMP is enabled: arch/powerpc/kernel/fadump.c: In function ‘register_fadump’: arch/powerpc/kernel/fadump.c:1015:10: error: ‘return’ with a value, in function returning void [-Werror] return ret; ^~~ arch/powerpc/kernel/fadump.c:1000:13: note: declared here static void register_fadump(void) ^~~~~~~~~~~~~~~ I am suggesting to fix it by backporting 98b8cd7f7564 ("powerpc/fadump: Return error when fadump registration fails"), which is an earlier commit that (among other things) set the return of register_fadump() to int and has little functional changes. It was applied upstream for v4.13, so 4.14-stable and later are already fixed. Thanks, Kleber Michal Suchanek (1): powerpc/fadump: Return error when fadump registration fails arch/powerpc/kernel/fadump.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) -- 2.17.1

6 years, 8 months

2
2
0 0

FAILED: patch "[PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b45ba4a51cde29b2939365ef0c07ad34c8321789 Mon Sep 17 00:00:00 2001 From: Christophe Leroy <christophe.leroy(a)c-s.fr> Date: Mon, 1 Oct 2018 12:21:10 +0000 Subject: [PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching Commit 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") accesses 'init_mem_is_free' flag too early, before the kernel is relocated. This provokes early boot failure (before the console is active). As it is not necessary to do this verification that early, this patch moves the test into patch_instruction() instead of __patch_instruction(). This modification also has the advantage of avoiding unnecessary remappings. Fixes: 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c index 6ae2777c220d..5ffee298745f 100644 --- a/arch/powerpc/lib/code-patching.c +++ b/arch/powerpc/lib/code-patching.c @@ -28,12 +28,6 @@ static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, { int err; - /* Make sure we aren't patching a freed init section */ - if (init_mem_is_free && init_section_contains(exec_addr, 4)) { - pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); - return 0; - } - __put_user_size(instr, patch_addr, 4, err); if (err) return err; @@ -148,7 +142,7 @@ static inline int unmap_patch_area(unsigned long addr) return 0; } -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { int err; unsigned int *patch_addr = NULL; @@ -188,12 +182,22 @@ int patch_instruction(unsigned int *addr, unsigned int instr) } #else /* !CONFIG_STRICT_KERNEL_RWX */ -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { return raw_patch_instruction(addr, instr); } #endif /* CONFIG_STRICT_KERNEL_RWX */ + +int patch_instruction(unsigned int *addr, unsigned int instr) +{ + /* Make sure we aren't patching a freed init section */ + if (init_mem_is_free && init_section_contains(addr, 4)) { + pr_debug("Skipping init section patching addr: 0x%px\n", addr); + return 0; + } + return do_patch_instruction(addr, instr); +} NOKPROBE_SYMBOL(patch_instruction); int patch_branch(unsigned int *addr, unsigned long target, int flags)

6 years, 8 months

3
2
0 0

[PATCH for-4.14.y 1/4] cgroup/cpuset: remove circular dependency deadlock

by Amit Pundir

From: Prateek Sood <prsood(a)codeaurora.org> commit aa24163b2ee5c92120e32e99b5a93143a0f4258e upstream. Remove circular dependency deadlock in a scenario where hotplug of CPU is being done while there is updation in cgroup and cpuset triggered from userspace. Process A => kthreadd => Process B => Process C => Process A Process A cpu_subsys_offline(); cpu_down(); _cpu_down(); percpu_down_write(&cpu_hotplug_lock); //held cpuhp_invoke_callback(); workqueue_offline_cpu(); queue_work_on(); // unbind_work on system_highpri_wq __queue_work(); insert_work(); wake_up_worker(); flush_work(); wait_for_completion(); worker_thread(); manage_workers(); create_worker(); kthread_create_on_node(); wake_up_process(kthreadd_task); kthreadd kthreadd(); kernel_thread(); do_fork(); copy_process(); percpu_down_read(&cgroup_threadgroup_rwsem); __rwsem_down_read_failed_common(); //waiting Process B kernfs_fop_write(); cgroup_file_write(); cgroup_procs_write(); percpu_down_write(&cgroup_threadgroup_rwsem); //held cgroup_attach_task(); cgroup_migrate(); cgroup_migrate_execute(); cpuset_can_attach(); mutex_lock(&cpuset_mutex); //waiting Process C kernfs_fop_write(); cgroup_file_write(); cpuset_write_resmask(); mutex_lock(&cpuset_mutex); //held update_cpumask(); update_cpumasks_hier(); rebuild_sched_domains_locked(); get_online_cpus(); percpu_down_read(&cpu_hotplug_lock); //waiting Eliminating deadlock by reversing the locking order for cpuset_mutex and cpu_hotplug_lock. Signed-off-by: Prateek Sood <prsood(a)codeaurora.org> Signed-off-by: Tejun Heo <tj(a)kernel.org> Signed-off-by: Amit Pundir <amit.pundir(a)linaro.org> --- Build tested on 4.14.74 for ARCH=arm/arm64 allmodconfig. kernel/cgroup/cpuset.c | 53 ++++++++++++++++++++++++++++---------------------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c index 4657e2924ecb..54f4855b92fa 100644 --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -817,6 +817,18 @@ static int generate_sched_domains(cpumask_var_t **domains, return ndoms; } +static void cpuset_sched_change_begin(void) +{ + cpus_read_lock(); + mutex_lock(&cpuset_mutex); +} + +static void cpuset_sched_change_end(void) +{ + mutex_unlock(&cpuset_mutex); + cpus_read_unlock(); +} + /* * Rebuild scheduler domains. * @@ -826,16 +838,14 @@ static int generate_sched_domains(cpumask_var_t **domains, * 'cpus' is removed, then call this routine to rebuild the * scheduler's dynamic sched domains. * - * Call with cpuset_mutex held. Takes get_online_cpus(). */ -static void rebuild_sched_domains_locked(void) +static void rebuild_sched_domains_cpuslocked(void) { struct sched_domain_attr *attr; cpumask_var_t *doms; int ndoms; lockdep_assert_held(&cpuset_mutex); - get_online_cpus(); /* * We have raced with CPU hotplug. Don't do anything to avoid @@ -843,27 +853,25 @@ static void rebuild_sched_domains_locked(void) * Anyways, hotplug work item will rebuild sched domains. */ if (!cpumask_equal(top_cpuset.effective_cpus, cpu_active_mask)) - goto out; + return; /* Generate domain masks and attrs */ ndoms = generate_sched_domains(&doms, &attr); /* Have scheduler rebuild the domains */ partition_sched_domains(ndoms, doms, attr); -out: - put_online_cpus(); } #else /* !CONFIG_SMP */ -static void rebuild_sched_domains_locked(void) +static void rebuild_sched_domains_cpuslocked(void) { } #endif /* CONFIG_SMP */ void rebuild_sched_domains(void) { - mutex_lock(&cpuset_mutex); - rebuild_sched_domains_locked(); - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_begin(); + rebuild_sched_domains_cpuslocked(); + cpuset_sched_change_end(); } /** @@ -949,7 +957,7 @@ static void update_cpumasks_hier(struct cpuset *cs, struct cpumask *new_cpus) rcu_read_unlock(); if (need_rebuild_sched_domains) - rebuild_sched_domains_locked(); + rebuild_sched_domains_cpuslocked(); } /** @@ -1281,7 +1289,7 @@ static int update_relax_domain_level(struct cpuset *cs, s64 val) cs->relax_domain_level = val; if (!cpumask_empty(cs->cpus_allowed) && is_sched_load_balance(cs)) - rebuild_sched_domains_locked(); + rebuild_sched_domains_cpuslocked(); } return 0; @@ -1314,7 +1322,6 @@ static void update_tasks_flags(struct cpuset *cs) * * Call with cpuset_mutex held. */ - static int update_flag(cpuset_flagbits_t bit, struct cpuset *cs, int turning_on) { @@ -1347,7 +1354,7 @@ static int update_flag(cpuset_flagbits_t bit, struct cpuset *cs, spin_unlock_irq(&callback_lock); if (!cpumask_empty(trialcs->cpus_allowed) && balance_flag_changed) - rebuild_sched_domains_locked(); + rebuild_sched_domains_cpuslocked(); if (spread_flag_changed) update_tasks_flags(cs); @@ -1615,7 +1622,7 @@ static int cpuset_write_u64(struct cgroup_subsys_state *css, struct cftype *cft, cpuset_filetype_t type = cft->private; int retval = 0; - mutex_lock(&cpuset_mutex); + cpuset_sched_change_begin(); if (!is_cpuset_online(cs)) { retval = -ENODEV; goto out_unlock; @@ -1651,7 +1658,7 @@ static int cpuset_write_u64(struct cgroup_subsys_state *css, struct cftype *cft, break; } out_unlock: - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_end(); return retval; } @@ -1662,7 +1669,7 @@ static int cpuset_write_s64(struct cgroup_subsys_state *css, struct cftype *cft, cpuset_filetype_t type = cft->private; int retval = -ENODEV; - mutex_lock(&cpuset_mutex); + cpuset_sched_change_begin(); if (!is_cpuset_online(cs)) goto out_unlock; @@ -1675,7 +1682,7 @@ static int cpuset_write_s64(struct cgroup_subsys_state *css, struct cftype *cft, break; } out_unlock: - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_end(); return retval; } @@ -1714,7 +1721,7 @@ static ssize_t cpuset_write_resmask(struct kernfs_open_file *of, kernfs_break_active_protection(of->kn); flush_work(&cpuset_hotplug_work); - mutex_lock(&cpuset_mutex); + cpuset_sched_change_begin(); if (!is_cpuset_online(cs)) goto out_unlock; @@ -1738,7 +1745,7 @@ static ssize_t cpuset_write_resmask(struct kernfs_open_file *of, free_trial_cpuset(trialcs); out_unlock: - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_end(); kernfs_unbreak_active_protection(of->kn); css_put(&cs->css); flush_workqueue(cpuset_migrate_mm_wq); @@ -2039,14 +2046,14 @@ static int cpuset_css_online(struct cgroup_subsys_state *css) /* * If the cpuset being removed has its flag 'sched_load_balance' * enabled, then simulate turning sched_load_balance off, which - * will call rebuild_sched_domains_locked(). + * will call rebuild_sched_domains_cpuslocked(). */ static void cpuset_css_offline(struct cgroup_subsys_state *css) { struct cpuset *cs = css_cs(css); - mutex_lock(&cpuset_mutex); + cpuset_sched_change_begin(); if (is_sched_load_balance(cs)) update_flag(CS_SCHED_LOAD_BALANCE, cs, 0); @@ -2054,7 +2061,7 @@ static void cpuset_css_offline(struct cgroup_subsys_state *css) cpuset_dec(); clear_bit(CS_ONLINE, &cs->flags); - mutex_unlock(&cpuset_mutex); + cpuset_sched_change_end(); } static void cpuset_css_free(struct cgroup_subsys_state *css) -- 2.7.4

6 years, 8 months

2
6
0 0

[PATCH for-4.9.y] cgroup: Fix deadlock in cpu hotplug path

by Amit Pundir

From: Prateek Sood <prsood(a)codeaurora.org> commit 116d2f7496c51b2e02e8e4ecdd2bdf5fb9d5a641 upstream. Deadlock during cgroup migration from cpu hotplug path when a task T is being moved from source to destination cgroup. kworker/0:0 cpuset_hotplug_workfn() cpuset_hotplug_update_tasks() hotplug_update_tasks_legacy() remove_tasks_in_empty_cpuset() cgroup_transfer_tasks() // stuck in iterator loop cgroup_migrate() cgroup_migrate_add_task() In cgroup_migrate_add_task() it checks for PF_EXITING flag of task T. Task T will not migrate to destination cgroup. css_task_iter_start() will keep pointing to task T in loop waiting for task T cg_list node to be removed. Task T do_exit() exit_signals() // sets PF_EXITING exit_task_namespaces() switch_task_namespaces() free_nsproxy() put_mnt_ns() drop_collected_mounts() namespace_unlock() synchronize_rcu() _synchronize_rcu_expedited() schedule_work() // on cpu0 low priority worker pool wait_event() // waiting for work item to execute Task T inserted a work item in the worklist of cpu0 low priority worker pool. It is waiting for expedited grace period work item to execute. This work item will only be executed once kworker/0:0 complete execution of cpuset_hotplug_workfn(). kworker/0:0 ==> Task T ==>kworker/0:0 In case of PF_EXITING task being migrated from source to destination cgroup, migrate next available task in source cgroup. Signed-off-by: Prateek Sood <prsood(a)codeaurora.org> Signed-off-by: Tejun Heo <tj(a)kernel.org> [AmitP: Upstream commit cherry-pick failed, so I picked the backported changes from CAF/msm-4.9 tree instead: https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=49b74f16964…] Signed-off-by: Amit Pundir <amit.pundir(a)linaro.org> --- This patch can be cleanly applied and build tested on 4.4.y and 3.18.y as well but I couldn't find it in msm-4.4 and msm-3.18 trees. So this patch is really untested on those stable trees. Build tested on 4.9.131, 4.4.159 and 3.18.123 for ARCH=arm/arm64 allmodconfig. kernel/cgroup.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/cgroup.c b/kernel/cgroup.c index 4c233437ee1a..bb0cf1caf1cd 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -4386,7 +4386,11 @@ int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from) */ do { css_task_iter_start(&from->self, &it); - task = css_task_iter_next(&it); + + do { + task = css_task_iter_next(&it); + } while (task && (task->flags & PF_EXITING)); + if (task) get_task_struct(task); css_task_iter_end(&it); -- 2.7.4

6 years, 8 months

2
1
0 0

[4.4.y 4.9.y 0/1] ext4 CVE fixes for 4.9 and 4.4

by Chenbo Feng

This patch is aimed to fixing CVE-2018-10883 and is already in 4.14 stable. The upstream one has minor conflicts when backporting to 4.4 and 4.9 but it is trivial to resolve. I have tested the patch with xfstests on kvm and there is no regression. Theodore Ts'o (1): ext4: avoid running out of journal credits when appending to an inline file fs/ext4/ext4.h | 3 --- fs/ext4/inline.c | 38 +------------------------------------- fs/ext4/xattr.c | 18 ++---------------- 3 files changed, 3 insertions(+), 56 deletions(-) -- 2.19.0.605.g01d371f741-goog

6 years, 8 months

2
2
0 0

[PATCH 0/2] A couple recent ext4 CVE fixes

by Daniel Rosenberg

A couple ext4-related CVE fixes were released to other kernels in linux-stable, but didn't cleanly apply to 4.9.y. These are adjusted cherry-picks of Ben Hutching's 3.16.y backports. Theodore Ts'o (2): ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks fs/ext4/xattr.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) -- 2.19.0.605.g01d371f741-goog

6 years, 8 months

2
3
0 0

[PATCH 0/2] A couple recent ext4 CVE fixes

by Daniel Rosenberg

A couple ext4-related CVE fixes were released to other kernels in linux-stable, but didn't cleanly apply to 4.4.y. These are adjusted cherry-picks of Ben Hutching's 3.16.y backports. Theodore Ts'o (2): ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks fs/ext4/xattr.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) -- 2.19.0.605.g01d371f741-goog

6 years, 8 months

2
3
0 0

Re: [PATCH] platform-msi: Free descriptors in platform_msi_domain_free()

by Miquel Raynal

Hi Marc, Marc Zyngier <marc.zyngier(a)arm.com> wrote on Thu, 11 Oct 2018 09:36:04 +0100: > Miquel, > > On Fri, 28 Sep 2018 16:10:29 +0100, > Miquel Raynal <miquel.raynal(a)bootlin.com> wrote: > > > > Hi Marc, > > > > [...] > > > > > At that stage, you're better off just calling > > > > > > list_del(&desc->list); > > > free_msi_entry(desc); > > > > > > I like this approach better as we only traverse the list once. > > > > Right. > > > > > > > > > } > > > > } > > > > > /** > > > > diff --git a/include/linux/msi.h b/include/linux/msi.h > > > > index 5839d8062dfc..be8ec813dbfb 100644 > > > > --- a/include/linux/msi.h > > > > +++ b/include/linux/msi.h > > > > @@ -116,6 +116,8 @@ struct msi_desc { > > > > list_first_entry(dev_to_msi_list((dev)), struct msi_desc, list) > > > > #define for_each_msi_entry(desc, dev) \ > > > > list_for_each_entry((desc), dev_to_msi_list((dev)), list) > > > > +#define for_each_msi_entry_safe(desc, tmp, dev) \ > > > > + list_for_each_entry_safe((desc), (tmp), dev_to_msi_list((dev)), list) > > > > > #ifdef CONFIG_PCI_MSI > > > > #define first_pci_msi_entry(pdev) first_msi_entry(&(pdev)->dev) > > > > > > If you repin this, I'll queue it right away. > > > > Let me test the new version to be sure I'm not breaking anything and > > I'll send a v2. > > What is the status of this? Are you still planning to send a v2? I'd > really like this fix to reach 4.19 before we put the last nail on it. Sorry about that, I was sure I already sent the v2, now it's done. The changes in this v2 are that instead of creating a platform_msi_domain_free_descs() helper that iterates over the list of descriptors, the descriptor itself is removed from the list and destroyed directly in platform_msi_domain_free(). The for_each_msi_entry() loop is also transformed to use the "_safe" alternative. Thanks, Miquèl

6 years, 8 months

1
0
0 0

[PATCH 3.18.y 00/10] recent ext4 CVE fixes

by Greg Hackmann

A batch of ext4-related CVE fixes were released to other kernels in linux-stable, but don't apply cleanly to 3.18.y. For the most part these are unmodified cherry-picks of Ben Hutchings's 3.16.y backports (exceptions are noted above my Signed-off-by). Theodore Ts'o (10): ext4: only look at the bg_flags field if it is valid ext4: fix check to prevent initializing reserved inodes ext4: always check block group bounds in ext4_init_block_bitmap() ext4: fix false negatives *and* false positives in ext4_check_descriptors() ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks ext4: never move the system.data xattr out of the inode body ext4: add more inode number paranoia checks jbd2: don't mark block as modified if the handle is out of credits ext4: avoid running out of journal credits when appending to an inline file fs/ext4/balloc.c | 21 ++++++++++++------- fs/ext4/ext4.h | 8 ------- fs/ext4/ialloc.c | 19 ++++++++++++++--- fs/ext4/inline.c | 38 +-------------------------------- fs/ext4/inode.c | 3 ++- fs/ext4/mballoc.c | 6 ++++-- fs/ext4/super.c | 12 +++++++++-- fs/ext4/xattr.c | 49 ++++++++++++++++++++----------------------- fs/jbd2/transaction.c | 2 +- 9 files changed, 70 insertions(+), 88 deletions(-) -- 2.19.0.605.g01d371f741-goog

6 years, 8 months

2
11
0 0

[PATCH 1/6] arm64: perf: Reject stand-alone CHAIN events for PMUv3

by Will Deacon

It doesn't make sense for a perf event to be configured as a CHAIN event in isolation, so extend the arm_pmu structure with a ->filter_match() function to allow the backend PMU implementation to reject CHAIN events early. Cc: <stable(a)vger.kernel.org> Signed-off-by: Will Deacon <will.deacon(a)arm.com> --- arch/arm64/kernel/perf_event.c | 7 +++++++ drivers/perf/arm_pmu.c | 8 +++++++- include/linux/perf/arm_pmu.h | 1 + 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/perf_event.c b/arch/arm64/kernel/perf_event.c index 8e38d5267f22..e213f8e867f6 100644 --- a/arch/arm64/kernel/perf_event.c +++ b/arch/arm64/kernel/perf_event.c @@ -966,6 +966,12 @@ static int armv8pmu_set_event_filter(struct hw_perf_event *event, return 0; } +static int armv8pmu_filter_match(struct perf_event *event) +{ + unsigned long evtype = event->hw.config_base & ARMV8_PMU_EVTYPE_EVENT; + return evtype != ARMV8_PMUV3_PERFCTR_CHAIN; +} + static void armv8pmu_reset(void *info) { struct arm_pmu *cpu_pmu = (struct arm_pmu *)info; @@ -1114,6 +1120,7 @@ static int armv8_pmu_init(struct arm_pmu *cpu_pmu) cpu_pmu->stop = armv8pmu_stop, cpu_pmu->reset = armv8pmu_reset, cpu_pmu->set_event_filter = armv8pmu_set_event_filter; + cpu_pmu->filter_match = armv8pmu_filter_match; return 0; } diff --git a/drivers/perf/arm_pmu.c b/drivers/perf/arm_pmu.c index 7f01f6f60b87..d0b7dd8fb184 100644 --- a/drivers/perf/arm_pmu.c +++ b/drivers/perf/arm_pmu.c @@ -485,7 +485,13 @@ static int armpmu_filter_match(struct perf_event *event) { struct arm_pmu *armpmu = to_arm_pmu(event->pmu); unsigned int cpu = smp_processor_id(); - return cpumask_test_cpu(cpu, &armpmu->supported_cpus); + int ret; + + ret = cpumask_test_cpu(cpu, &armpmu->supported_cpus); + if (ret && armpmu->filter_match) + return armpmu->filter_match(event); + + return ret; } static ssize_t armpmu_cpumask_show(struct device *dev, diff --git a/include/linux/perf/arm_pmu.h b/include/linux/perf/arm_pmu.h index 10f92e1d8e7b..bf309ff6f244 100644 --- a/include/linux/perf/arm_pmu.h +++ b/include/linux/perf/arm_pmu.h @@ -99,6 +99,7 @@ struct arm_pmu { void (*stop)(struct arm_pmu *); void (*reset)(void *); int (*map_event)(struct perf_event *event); + int (*filter_match)(struct perf_event *event); int num_events; bool secure_access; /* 32-bit ARM only */ #define ARMV8_PMUV3_MAX_COMMON_EVENTS 0x40 -- 2.1.4

6 years, 8 months

2
2
0 0

[PATCH] drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors

by Lyude Paul

It appears when testing my previous fix for some of the legacy modesetting issues with MST, I misattributed some kernel splats that started appearing on my machine after a rebase as being from upstream. But it appears they actually came from my patch series: [ 2.980512] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] Updating routing for [CONNECTOR:65:eDP-1] [ 2.980516] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] [CONNECTOR:65:eDP-1] is not registered [ 2.980516] ------------[ cut here ]------------ [ 2.980519] Could not determine valid watermarks for inherited state [ 2.980553] WARNING: CPU: 3 PID: 551 at drivers/gpu/drm/i915/intel_display.c:14983 intel_modeset_init+0x14d7/0x19f0 [i915] [ 2.980556] Modules linked in: i915(O+) i2c_algo_bit drm_kms_helper(O) syscopyarea sysfillrect sysimgblt fb_sys_fops drm(O) intel_rapl x86_pkg_temp_thermal iTCO_wdt wmi_bmof coretemp crc32_pclmul psmouse i2c_i801 mei_me mei i2c_core lpc_ich mfd_core tpm_tis tpm_tis_core wmi tpm thinkpad_acpi pcc_cpufreq video ehci_pci crc32c_intel serio_raw ehci_hcd xhci_pci xhci_hcd [ 2.980577] CPU: 3 PID: 551 Comm: systemd-udevd Tainted: G O 4.19.0-rc7Lyude-Test+ #1 [ 2.980579] Hardware name: LENOVO 20BWS1KY00/20BWS1KY00, BIOS JBET63WW (1.27 ) 11/10/2016 [ 2.980605] RIP: 0010:intel_modeset_init+0x14d7/0x19f0 [i915] [ 2.980607] Code: 89 df e8 ec 27 02 00 e9 24 f2 ff ff be 03 00 00 00 48 89 df e8 da 27 02 00 e9 26 f2 ff ff 48 c7 c7 c8 d1 34 a0 e8 23 cf dc e0 <0f> 0b e9 7c fd ff ff f6 c4 04 0f 85 37 f7 ff ff 48 8b 83 60 08 00 [ 2.980611] RSP: 0018:ffffc90000287988 EFLAGS: 00010282 [ 2.980614] RAX: 0000000000000000 RBX: ffff88031b488000 RCX: 0000000000000006 [ 2.980617] RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffff880321ad54d0 [ 2.980620] RBP: ffffc90000287a10 R08: 000000000000040a R09: 0000000000000065 [ 2.980623] R10: ffff88030ebb8f00 R11: ffffffff81416590 R12: ffff88031b488000 [ 2.980626] R13: ffff88031b4883a0 R14: ffffc900002879a8 R15: ffff880319099800 [ 2.980630] FS: 00007f475620d180(0000) GS:ffff880321ac0000(0000) knlGS:0000000000000000 [ 2.980633] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2.980636] CR2: 00007f9ef28018a0 CR3: 000000031b72c001 CR4: 00000000003606e0 [ 2.980639] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2.980642] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2.980645] Call Trace: [ 2.980675] i915_driver_load+0xb0e/0xdc0 [i915] [ 2.980681] ? kernfs_add_one+0xe7/0x130 [ 2.980709] i915_pci_probe+0x46/0x60 [i915] [ 2.980715] pci_device_probe+0xd4/0x150 [ 2.980719] really_probe+0x243/0x3b0 [ 2.980722] driver_probe_device+0xba/0x100 [ 2.980726] __driver_attach+0xe4/0x110 [ 2.980729] ? driver_probe_device+0x100/0x100 [ 2.980733] bus_for_each_dev+0x74/0xb0 [ 2.980736] driver_attach+0x1e/0x20 [ 2.980739] bus_add_driver+0x159/0x230 [ 2.980743] ? 0xffffffffa0393000 [ 2.980746] driver_register+0x70/0xc0 [ 2.980749] ? 0xffffffffa0393000 [ 2.980753] __pci_register_driver+0x57/0x60 [ 2.980780] i915_init+0x55/0x58 [i915] [ 2.980785] do_one_initcall+0x4a/0x1c4 [ 2.980789] ? do_init_module+0x27/0x210 [ 2.980793] ? kmem_cache_alloc_trace+0x131/0x190 [ 2.980797] do_init_module+0x60/0x210 [ 2.980800] load_module+0x2063/0x22e0 [ 2.980804] ? vfs_read+0x116/0x140 [ 2.980807] ? vfs_read+0x116/0x140 [ 2.980811] __do_sys_finit_module+0xbd/0x120 [ 2.980814] ? __do_sys_finit_module+0xbd/0x120 [ 2.980818] __x64_sys_finit_module+0x1a/0x20 [ 2.980821] do_syscall_64+0x5a/0x110 [ 2.980824] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2.980826] RIP: 0033:0x7f4754e32879 [ 2.980828] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d f7 45 2c 00 f7 d8 64 89 01 48 [ 2.980831] RSP: 002b:00007fff43fd97d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 2.980834] RAX: ffffffffffffffda RBX: 0000559a44ca64f0 RCX: 00007f4754e32879 [ 2.980836] RDX: 0000000000000000 RSI: 00007f475599f4cd RDI: 0000000000000018 [ 2.980838] RBP: 00007f475599f4cd R08: 0000000000000000 R09: 0000000000000000 [ 2.980839] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000000 [ 2.980841] R13: 0000559a44c92fd0 R14: 0000000000020000 R15: 0000000000000000 [ 2.980881] WARNING: CPU: 3 PID: 551 at drivers/gpu/drm/i915/intel_display.c:14983 intel_modeset_init+0x14d7/0x19f0 [i915] [ 2.980884] ---[ end trace 5eb47a76277d4731 ]--- The cause of this appears to be due to the fact that if there's pre-existing display state that was set by the BIOS when i915 loads, it will attempt to perform a modeset before the driver is registered with userspace. Since this happens before the driver's registered with userspace, it's connectors are also unregistered and thus-states which would turn on DPMS on a connector end up getting rejected since the connector isn't registered. These bugs managed to get past Intel's CI partially due to the fact it never ran a full test on my patches for some reason, but also because all of the tests unload the GPU once before running. Since this bug is only really triggered when the drivers tries to perform a modeset before it's been fully registered with userspace when coming from whatever display configuration the firmware left us with, it likely would never have been picked up by CI in the first place. After some discussion with vsyrjala, we decided the best course of action would be to just move the unregistered connector checks out of update_connector_routing() and into drm_atomic_set_crtc_for_connector(). The reason for this being that legacy modesetting isn't going to be expecting failures anywhere (at least this is the case with X), so ideally we want to ensure that any DPMS changes will still work even on unregistered connectors. Instead, we now only reject new modesets which would change the current CRTC assigned to an unregistered connector unless no new CRTC is being assigned to replace the connector's previous one. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reported-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Fixes: 4d80273976bf ("drm/atomic_helper: Disallow new modesets on unregistered connectors") Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 +-------------------- drivers/gpu/drm/drm_atomic_uapi.c | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 20 deletions(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index e6a2cf72de5e..6f66777dca4b 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -319,26 +319,6 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } - crtc_state = drm_atomic_get_new_crtc_state(state, - new_connector_state->crtc); - /* - * For compatibility with legacy users, we want to make sure that - * we allow DPMS On->Off modesets on unregistered connectors. Modesets - * which would result in anything else must be considered invalid, to - * avoid turning on new displays on dead connectors. - * - * Since the connector can be unregistered at any point during an - * atomic check or commit, this is racy. But that's OK: all we care - * about is ensuring that userspace can't do anything but shut off the - * display on a connector that was destroyed after its been notified, - * not before. - */ - if (!READ_ONCE(connector->registered) && crtc_state->active) { - DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", - connector->base.id, connector->name); - return -EINVAL; - } - funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -383,6 +363,7 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); + crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", diff --git a/drivers/gpu/drm/drm_atomic_uapi.c b/drivers/gpu/drm/drm_atomic_uapi.c index d5b7f315098c..7acec863b10c 100644 --- a/drivers/gpu/drm/drm_atomic_uapi.c +++ b/drivers/gpu/drm/drm_atomic_uapi.c @@ -299,6 +299,27 @@ drm_atomic_set_crtc_for_connector(struct drm_connector_state *conn_state, struct drm_connector *connector = conn_state->connector; struct drm_crtc_state *crtc_state; + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On<->Off modesets on unregistered connectors, since + * legacy modesetting users will not be expecting these to fail. We do + * not however, want to allow legacy users to assign a connector + * that's been unregistered from sysfs to another CRTC, since doing + * this with a now non-existant connector could potentially leave us + * in an invalid state. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't use this connector for new + * configurations after it's been notified that the connector is no + * longer present. + */ + if (!READ_ONCE(connector->registered) && crtc) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + if (conn_state->crtc == crtc) return 0; -- 2.17.1

6 years, 8 months

3
2
0 0

[PATCH v7 1/5] drm/atomic_helper: Disallow new modesets on unregistered connectors

by Lyude Paul

With the exception of modesets which would switch the DPMS state of a connector from on to off, we want to make sure that we disallow all modesets which would result in enabling a new monitor or a new mode configuration on a monitor if the connector for the display in question is no longer registered. This allows us to stop userspace from trying to enable new displays on connectors for an MST topology that were just removed from the system, without preventing userspace from disabling DPMS on those connectors. Changes since v5: - Fix typo in comment, nothing else Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic_helper.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 6f66777dca4b..e6a2cf72de5e 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -319,6 +319,26 @@ update_connector_routing(struct drm_atomic_state *state, return 0; } + crtc_state = drm_atomic_get_new_crtc_state(state, + new_connector_state->crtc); + /* + * For compatibility with legacy users, we want to make sure that + * we allow DPMS On->Off modesets on unregistered connectors. Modesets + * which would result in anything else must be considered invalid, to + * avoid turning on new displays on dead connectors. + * + * Since the connector can be unregistered at any point during an + * atomic check or commit, this is racy. But that's OK: all we care + * about is ensuring that userspace can't do anything but shut off the + * display on a connector that was destroyed after its been notified, + * not before. + */ + if (!READ_ONCE(connector->registered) && crtc_state->active) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] is not registered\n", + connector->base.id, connector->name); + return -EINVAL; + } + funcs = connector->helper_private; if (funcs->atomic_best_encoder) @@ -363,7 +383,6 @@ update_connector_routing(struct drm_atomic_state *state, set_best_encoder(state, new_connector_state, new_encoder); - crtc_state = drm_atomic_get_new_crtc_state(state, new_connector_state->crtc); crtc_state->connectors_changed = true; DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] using [ENCODER:%d:%s] on [CRTC:%d:%s]\n", -- 2.17.1

6 years, 8 months

3
2
0 0

FAILED: patch "[PATCH] USB: serial: option: improve Quectel EP06 detection" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 36cae568404a298a19a6e8a3f18641075d4cab04 Mon Sep 17 00:00:00 2001 From: Kristian Evensen <kristian.evensen(a)gmail.com> Date: Thu, 13 Sep 2018 11:21:49 +0200 Subject: [PATCH] USB: serial: option: improve Quectel EP06 detection The Quectel EP06 (and EM06/EG06) LTE modem supports updating the USB configuration, without the VID/PID or configuration number changing. When the configuration is updated and interfaces are added/removed, the interface numbers are updated. This causes our current code for matching EP06 not to work as intended, as the assumption about reserved interfaces no longer holds. If for example the diagnostic (first) interface is removed, option will (try to) bind to the QMI interface. This patch improves EP06 detection by replacing the current match with two matches, and those matches check class, subclass and protocol as well as VID and PID. The diag interface exports class, subclass and protocol as 0xff. For the other serial interfaces, class is 0xff and subclass and protocol are both 0x0. The modem can export the following devices and always in this order: diag, nmea, at, ppp. qmi and adb. This means that diag can only ever be interface 0, and interface numbers 1-5 should be marked as reserved. The three other serial devices can have interface numbers 0-3, but I have not marked any interfaces as reserved. The reason is that the serial devices are the only interfaces exported by the device where subclass and protocol is 0x0. QMI exports the same class, subclass and protocol values as the diag interface. However, the two interfaces have different number of endpoints, QMI has three and diag two. I have added a check for number of interfaces if VID/PID matches the EP06, and we ignore the device if number of interfaces equals three (and subclass is set). Signed-off-by: Kristian Evensen <kristian.evensen(a)gmail.com> Acked-by: Dan Williams <dcbw(a)redhat.com> [ johan: drop uneeded RSVD(5) for ADB ] Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 0215b70c4efc..382feafbd127 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1081,8 +1081,9 @@ static const struct usb_device_id option_ids[] = { .driver_info = RSVD(4) }, { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_BG96), .driver_info = RSVD(4) }, - { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06), - .driver_info = RSVD(4) | RSVD(5) }, + { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0xff, 0xff), + .driver_info = RSVD(1) | RSVD(2) | RSVD(3) | RSVD(4) }, + { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0, 0) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6001) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_CMU_300) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6003), @@ -1985,6 +1986,7 @@ static int option_probe(struct usb_serial *serial, { struct usb_interface_descriptor *iface_desc = &serial->interface->cur_altsetting->desc; + struct usb_device_descriptor *dev_desc = &serial->dev->descriptor; unsigned long device_flags = id->driver_info; /* Never bind to the CD-Rom emulation interface */ @@ -1999,6 +2001,18 @@ static int option_probe(struct usb_serial *serial, if (device_flags & RSVD(iface_desc->bInterfaceNumber)) return -ENODEV; + /* + * Don't bind to the QMI device of the Quectel EP06/EG06/EM06. Class, + * subclass and protocol is 0xff for both the diagnostic port and the + * QMI interface, but the diagnostic port only has two endpoints (QMI + * has three). + */ + if (dev_desc->idVendor == cpu_to_le16(QUECTEL_VENDOR_ID) && + dev_desc->idProduct == cpu_to_le16(QUECTEL_PRODUCT_EP06) && + iface_desc->bInterfaceSubClass && iface_desc->bNumEndpoints == 3) { + return -ENODEV; + } + /* Store the device flags so we can use them during attach. */ usb_set_serial_data(serial, (void *)device_flags);

6 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] USB: serial: option: add two-endpoints device-id flag" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 35aecc02b5b621782111f64cbb032c7f6a90bb32 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Thu, 13 Sep 2018 11:21:50 +0200 Subject: [PATCH] USB: serial: option: add two-endpoints device-id flag Allow matching on interfaces having two endpoints by adding a new device-id flag. This allows for the handling of devices whose interface numbers can change (e.g. Quectel EP06) to be contained in the device-id table. Tested-by: Kristian Evensen <kristian.evensen(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 382feafbd127..e72ad9f81c73 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -561,6 +561,9 @@ static void option_instat_callback(struct urb *urb); /* Interface is reserved */ #define RSVD(ifnum) ((BIT(ifnum) & 0xff) << 0) +/* Interface must have two endpoints */ +#define NUMEP2 BIT(16) + static const struct usb_device_id option_ids[] = { { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_COLT) }, @@ -1082,7 +1085,7 @@ static const struct usb_device_id option_ids[] = { { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_BG96), .driver_info = RSVD(4) }, { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0xff, 0xff), - .driver_info = RSVD(1) | RSVD(2) | RSVD(3) | RSVD(4) }, + .driver_info = RSVD(1) | RSVD(2) | RSVD(3) | RSVD(4) | NUMEP2 }, { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0, 0) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6001) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_CMU_300) }, @@ -1986,7 +1989,6 @@ static int option_probe(struct usb_serial *serial, { struct usb_interface_descriptor *iface_desc = &serial->interface->cur_altsetting->desc; - struct usb_device_descriptor *dev_desc = &serial->dev->descriptor; unsigned long device_flags = id->driver_info; /* Never bind to the CD-Rom emulation interface */ @@ -2002,16 +2004,11 @@ static int option_probe(struct usb_serial *serial, return -ENODEV; /* - * Don't bind to the QMI device of the Quectel EP06/EG06/EM06. Class, - * subclass and protocol is 0xff for both the diagnostic port and the - * QMI interface, but the diagnostic port only has two endpoints (QMI - * has three). + * Allow matching on bNumEndpoints for devices whose interface numbers + * can change (e.g. Quectel EP06). */ - if (dev_desc->idVendor == cpu_to_le16(QUECTEL_VENDOR_ID) && - dev_desc->idProduct == cpu_to_le16(QUECTEL_PRODUCT_EP06) && - iface_desc->bInterfaceSubClass && iface_desc->bNumEndpoints == 3) { + if (device_flags & NUMEP2 && iface_desc->bNumEndpoints != 2) return -ENODEV; - } /* Store the device flags so we can use them during attach. */ usb_set_serial_data(serial, (void *)device_flags);

6 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b45ba4a51cde29b2939365ef0c07ad34c8321789 Mon Sep 17 00:00:00 2001 From: Christophe Leroy <christophe.leroy(a)c-s.fr> Date: Mon, 1 Oct 2018 12:21:10 +0000 Subject: [PATCH] powerpc/lib: fix book3s/32 boot failure due to code patching Commit 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") accesses 'init_mem_is_free' flag too early, before the kernel is relocated. This provokes early boot failure (before the console is active). As it is not necessary to do this verification that early, this patch moves the test into patch_instruction() instead of __patch_instruction(). This modification also has the advantage of avoiding unnecessary remappings. Fixes: 51c3c62b58b3 ("powerpc: Avoid code patching freed init sections") Cc: stable(a)vger.kernel.org # 4.13+ Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c index 6ae2777c220d..5ffee298745f 100644 --- a/arch/powerpc/lib/code-patching.c +++ b/arch/powerpc/lib/code-patching.c @@ -28,12 +28,6 @@ static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, { int err; - /* Make sure we aren't patching a freed init section */ - if (init_mem_is_free && init_section_contains(exec_addr, 4)) { - pr_debug("Skipping init section patching addr: 0x%px\n", exec_addr); - return 0; - } - __put_user_size(instr, patch_addr, 4, err); if (err) return err; @@ -148,7 +142,7 @@ static inline int unmap_patch_area(unsigned long addr) return 0; } -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { int err; unsigned int *patch_addr = NULL; @@ -188,12 +182,22 @@ int patch_instruction(unsigned int *addr, unsigned int instr) } #else /* !CONFIG_STRICT_KERNEL_RWX */ -int patch_instruction(unsigned int *addr, unsigned int instr) +static int do_patch_instruction(unsigned int *addr, unsigned int instr) { return raw_patch_instruction(addr, instr); } #endif /* CONFIG_STRICT_KERNEL_RWX */ + +int patch_instruction(unsigned int *addr, unsigned int instr) +{ + /* Make sure we aren't patching a freed init section */ + if (init_mem_is_free && init_section_contains(addr, 4)) { + pr_debug("Skipping init section patching addr: 0x%px\n", addr); + return 0; + } + return do_patch_instruction(addr, instr); +} NOKPROBE_SYMBOL(patch_instruction); int patch_branch(unsigned int *addr, unsigned long target, int flags)

6 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] dm cache metadata: ignore hints array being too small during" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4561ffca88c546f96367f94b8f1e4715a9c62314 Mon Sep 17 00:00:00 2001 From: Joe Thornber <ejt(a)redhat.com> Date: Mon, 24 Sep 2018 16:19:30 -0400 Subject: [PATCH] dm cache metadata: ignore hints array being too small during resize Commit fd2fa9541 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock") enabled previously written policy hints to be used after a cache is reactivated. But in doing so the cache metadata's hint array was left exposed to out of bounds access because on resize the metadata's on-disk hint array wasn't ever extended. Fix this by ignoring that there are no on-disk hints associated with the newly added cache blocks. An expanded on-disk hint array is later rewritten upon the next clean shutdown of the cache. Fixes: fd2fa9541 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock") Cc: stable(a)vger.kernel.org Signed-off-by: Joe Thornber <ejt(a)redhat.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/md/dm-cache-metadata.c b/drivers/md/dm-cache-metadata.c index 69dddeab124c..5936de71883f 100644 --- a/drivers/md/dm-cache-metadata.c +++ b/drivers/md/dm-cache-metadata.c @@ -1455,8 +1455,8 @@ static int __load_mappings(struct dm_cache_metadata *cmd, if (hints_valid) { r = dm_array_cursor_next(&cmd->hint_cursor); if (r) { - DMERR("dm_array_cursor_next for hint failed"); - goto out; + dm_array_cursor_end(&cmd->hint_cursor); + hints_valid = false; } }

6 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] dm cache metadata: ignore hints array being too small during" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4561ffca88c546f96367f94b8f1e4715a9c62314 Mon Sep 17 00:00:00 2001 From: Joe Thornber <ejt(a)redhat.com> Date: Mon, 24 Sep 2018 16:19:30 -0400 Subject: [PATCH] dm cache metadata: ignore hints array being too small during resize Commit fd2fa9541 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock") enabled previously written policy hints to be used after a cache is reactivated. But in doing so the cache metadata's hint array was left exposed to out of bounds access because on resize the metadata's on-disk hint array wasn't ever extended. Fix this by ignoring that there are no on-disk hints associated with the newly added cache blocks. An expanded on-disk hint array is later rewritten upon the next clean shutdown of the cache. Fixes: fd2fa9541 ("dm cache metadata: save in-core policy_hint_size to on-disk superblock") Cc: stable(a)vger.kernel.org Signed-off-by: Joe Thornber <ejt(a)redhat.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/md/dm-cache-metadata.c b/drivers/md/dm-cache-metadata.c index 69dddeab124c..5936de71883f 100644 --- a/drivers/md/dm-cache-metadata.c +++ b/drivers/md/dm-cache-metadata.c @@ -1455,8 +1455,8 @@ static int __load_mappings(struct dm_cache_metadata *cmd, if (hints_valid) { r = dm_array_cursor_next(&cmd->hint_cursor); if (r) { - DMERR("dm_array_cursor_next for hint failed"); - goto out; + dm_array_cursor_end(&cmd->hint_cursor); + hints_valid = false; } }

6 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Handle incomplete Z_FINISH for compressed error" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4c9613ce556fdeb671e779668b627ea3a2b61728 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Wed, 3 Oct 2018 09:24:22 +0100 Subject: [PATCH] drm/i915: Handle incomplete Z_FINISH for compressed error states The final call to zlib_deflate(Z_FINISH) may require more output space to be allocated and so needs to re-invoked. Failure to do so in the current code leads to incomplete zlib streams (albeit intact due to the use of Z_SYNC_FLUSH) resulting in the occasional short object capture. v2: Check against overrunning our pre-allocated page array v3: Drop Z_SYNC_FLUSH entirely Testcase: igt/i915-error-capture.js Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.10+ Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20181003082422.23214-1-chris@… (cherry picked from commit 83bc0f5b432f60394466deef16fc753e27371d0b) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index f7f2aa71d8d9..a262a64f5625 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -232,6 +232,20 @@ static bool compress_init(struct compress *c) return true; } +static void *compress_next_page(struct drm_i915_error_object *dst) +{ + unsigned long page; + + if (dst->page_count >= dst->num_pages) + return ERR_PTR(-ENOSPC); + + page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); + if (!page) + return ERR_PTR(-ENOMEM); + + return dst->pages[dst->page_count++] = (void *)page; +} + static int compress_page(struct compress *c, void *src, struct drm_i915_error_object *dst) @@ -245,19 +259,14 @@ static int compress_page(struct compress *c, do { if (zstream->avail_out == 0) { - unsigned long page; - - page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); - if (!page) - return -ENOMEM; + zstream->next_out = compress_next_page(dst); + if (IS_ERR(zstream->next_out)) + return PTR_ERR(zstream->next_out); - dst->pages[dst->page_count++] = (void *)page; - - zstream->next_out = (void *)page; zstream->avail_out = PAGE_SIZE; } - if (zlib_deflate(zstream, Z_SYNC_FLUSH) != Z_OK) + if (zlib_deflate(zstream, Z_NO_FLUSH) != Z_OK) return -EIO; } while (zstream->avail_in); @@ -268,19 +277,42 @@ static int compress_page(struct compress *c, return 0; } -static void compress_fini(struct compress *c, +static int compress_flush(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; - if (dst) { - zlib_deflate(zstream, Z_FINISH); - dst->unused = zstream->avail_out; - } + do { + switch (zlib_deflate(zstream, Z_FINISH)) { + case Z_OK: /* more space requested */ + zstream->next_out = compress_next_page(dst); + if (IS_ERR(zstream->next_out)) + return PTR_ERR(zstream->next_out); + + zstream->avail_out = PAGE_SIZE; + break; + + case Z_STREAM_END: + goto end; + + default: /* any error */ + return -EIO; + } + } while (1); + +end: + memset(zstream->next_out, 0, zstream->avail_out); + dst->unused = zstream->avail_out; + return 0; +} + +static void compress_fini(struct compress *c, + struct drm_i915_error_object *dst) +{ + struct z_stream_s *zstream = &c->zstream; zlib_deflateEnd(zstream); kfree(zstream->workspace); - if (c->tmp) free_page((unsigned long)c->tmp); } @@ -319,6 +351,12 @@ static int compress_page(struct compress *c, return 0; } +static int compress_flush(struct compress *c, + struct drm_i915_error_object *dst) +{ + return 0; +} + static void compress_fini(struct compress *c, struct drm_i915_error_object *dst) { @@ -917,6 +955,7 @@ i915_error_object_create(struct drm_i915_private *i915, unsigned long num_pages; struct sgt_iter iter; dma_addr_t dma; + int ret; if (!vma) return NULL; @@ -930,6 +969,7 @@ i915_error_object_create(struct drm_i915_private *i915, dst->gtt_offset = vma->node.start; dst->gtt_size = vma->node.size; + dst->num_pages = num_pages; dst->page_count = 0; dst->unused = 0; @@ -938,28 +978,26 @@ i915_error_object_create(struct drm_i915_private *i915, return NULL; } + ret = -EINVAL; for_each_sgt_dma(dma, iter, vma->pages) { void __iomem *s; - int ret; ggtt->vm.insert_page(&ggtt->vm, dma, slot, I915_CACHE_NONE, 0); s = io_mapping_map_atomic_wc(&ggtt->iomap, slot); ret = compress_page(&compress, (void __force *)s, dst); io_mapping_unmap_atomic(s); - if (ret) - goto unwind; + break; } - goto out; -unwind: - while (dst->page_count--) - free_page((unsigned long)dst->pages[dst->page_count]); - kfree(dst); - dst = NULL; + if (ret || compress_flush(&compress, dst)) { + while (dst->page_count--) + free_page((unsigned long)dst->pages[dst->page_count]); + kfree(dst); + dst = NULL; + } -out: compress_fini(&compress, dst); ggtt->vm.clear_range(&ggtt->vm, slot, PAGE_SIZE); return dst; diff --git a/drivers/gpu/drm/i915/i915_gpu_error.h b/drivers/gpu/drm/i915/i915_gpu_error.h index f893a4e8b783..8710fb18ed74 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.h +++ b/drivers/gpu/drm/i915/i915_gpu_error.h @@ -135,6 +135,7 @@ struct i915_gpu_state { struct drm_i915_error_object { u64 gtt_offset; u64 gtt_size; + int num_pages; int page_count; int unused; u32 *pages[0];

6 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915: Handle incomplete Z_FINISH for compressed error" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4c9613ce556fdeb671e779668b627ea3a2b61728 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Wed, 3 Oct 2018 09:24:22 +0100 Subject: [PATCH] drm/i915: Handle incomplete Z_FINISH for compressed error states The final call to zlib_deflate(Z_FINISH) may require more output space to be allocated and so needs to re-invoked. Failure to do so in the current code leads to incomplete zlib streams (albeit intact due to the use of Z_SYNC_FLUSH) resulting in the occasional short object capture. v2: Check against overrunning our pre-allocated page array v3: Drop Z_SYNC_FLUSH entirely Testcase: igt/i915-error-capture.js Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.10+ Cc: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20181003082422.23214-1-chris@… (cherry picked from commit 83bc0f5b432f60394466deef16fc753e27371d0b) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index f7f2aa71d8d9..a262a64f5625 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -232,6 +232,20 @@ static bool compress_init(struct compress *c) return true; } +static void *compress_next_page(struct drm_i915_error_object *dst) +{ + unsigned long page; + + if (dst->page_count >= dst->num_pages) + return ERR_PTR(-ENOSPC); + + page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); + if (!page) + return ERR_PTR(-ENOMEM); + + return dst->pages[dst->page_count++] = (void *)page; +} + static int compress_page(struct compress *c, void *src, struct drm_i915_error_object *dst) @@ -245,19 +259,14 @@ static int compress_page(struct compress *c, do { if (zstream->avail_out == 0) { - unsigned long page; - - page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); - if (!page) - return -ENOMEM; + zstream->next_out = compress_next_page(dst); + if (IS_ERR(zstream->next_out)) + return PTR_ERR(zstream->next_out); - dst->pages[dst->page_count++] = (void *)page; - - zstream->next_out = (void *)page; zstream->avail_out = PAGE_SIZE; } - if (zlib_deflate(zstream, Z_SYNC_FLUSH) != Z_OK) + if (zlib_deflate(zstream, Z_NO_FLUSH) != Z_OK) return -EIO; } while (zstream->avail_in); @@ -268,19 +277,42 @@ static int compress_page(struct compress *c, return 0; } -static void compress_fini(struct compress *c, +static int compress_flush(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; - if (dst) { - zlib_deflate(zstream, Z_FINISH); - dst->unused = zstream->avail_out; - } + do { + switch (zlib_deflate(zstream, Z_FINISH)) { + case Z_OK: /* more space requested */ + zstream->next_out = compress_next_page(dst); + if (IS_ERR(zstream->next_out)) + return PTR_ERR(zstream->next_out); + + zstream->avail_out = PAGE_SIZE; + break; + + case Z_STREAM_END: + goto end; + + default: /* any error */ + return -EIO; + } + } while (1); + +end: + memset(zstream->next_out, 0, zstream->avail_out); + dst->unused = zstream->avail_out; + return 0; +} + +static void compress_fini(struct compress *c, + struct drm_i915_error_object *dst) +{ + struct z_stream_s *zstream = &c->zstream; zlib_deflateEnd(zstream); kfree(zstream->workspace); - if (c->tmp) free_page((unsigned long)c->tmp); } @@ -319,6 +351,12 @@ static int compress_page(struct compress *c, return 0; } +static int compress_flush(struct compress *c, + struct drm_i915_error_object *dst) +{ + return 0; +} + static void compress_fini(struct compress *c, struct drm_i915_error_object *dst) { @@ -917,6 +955,7 @@ i915_error_object_create(struct drm_i915_private *i915, unsigned long num_pages; struct sgt_iter iter; dma_addr_t dma; + int ret; if (!vma) return NULL; @@ -930,6 +969,7 @@ i915_error_object_create(struct drm_i915_private *i915, dst->gtt_offset = vma->node.start; dst->gtt_size = vma->node.size; + dst->num_pages = num_pages; dst->page_count = 0; dst->unused = 0; @@ -938,28 +978,26 @@ i915_error_object_create(struct drm_i915_private *i915, return NULL; } + ret = -EINVAL; for_each_sgt_dma(dma, iter, vma->pages) { void __iomem *s; - int ret; ggtt->vm.insert_page(&ggtt->vm, dma, slot, I915_CACHE_NONE, 0); s = io_mapping_map_atomic_wc(&ggtt->iomap, slot); ret = compress_page(&compress, (void __force *)s, dst); io_mapping_unmap_atomic(s); - if (ret) - goto unwind; + break; } - goto out; -unwind: - while (dst->page_count--) - free_page((unsigned long)dst->pages[dst->page_count]); - kfree(dst); - dst = NULL; + if (ret || compress_flush(&compress, dst)) { + while (dst->page_count--) + free_page((unsigned long)dst->pages[dst->page_count]); + kfree(dst); + dst = NULL; + } -out: compress_fini(&compress, dst); ggtt->vm.clear_range(&ggtt->vm, slot, PAGE_SIZE); return dst; diff --git a/drivers/gpu/drm/i915/i915_gpu_error.h b/drivers/gpu/drm/i915/i915_gpu_error.h index f893a4e8b783..8710fb18ed74 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.h +++ b/drivers/gpu/drm/i915/i915_gpu_error.h @@ -135,6 +135,7 @@ struct i915_gpu_state { struct drm_i915_error_object { u64 gtt_offset; u64 gtt_size; + int num_pages; int page_count; int unused; u32 *pages[0];

6 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] bcache: add separate workqueue for journal_write to avoid" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0f843e65d9eef4936929bb036c5f771fb261eea4 Mon Sep 17 00:00:00 2001 From: Guoju Fang <fangguoju(a)gmail.com> Date: Thu, 27 Sep 2018 23:41:46 +0800 Subject: [PATCH] bcache: add separate workqueue for journal_write to avoid deadlock After write SSD completed, bcache schedules journal_write work to system_wq, which is a public workqueue in system, without WQ_MEM_RECLAIM flag. system_wq is also a bound wq, and there may be no idle kworker on current processor. Creating a new kworker may unfortunately need to reclaim memory first, by shrinking cache and slab used by vfs, which depends on bcache device. That's a deadlock. This patch create a new workqueue for journal_write with WQ_MEM_RECLAIM flag. It's rescuer thread will work to avoid the deadlock. Signed-off-by: Guoju Fang <fangguoju(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h index 83504dd8100a..954dad29e6e8 100644 --- a/drivers/md/bcache/bcache.h +++ b/drivers/md/bcache/bcache.h @@ -965,6 +965,7 @@ void bch_prio_write(struct cache *ca); void bch_write_bdev_super(struct cached_dev *dc, struct closure *parent); extern struct workqueue_struct *bcache_wq; +extern struct workqueue_struct *bch_journal_wq; extern struct mutex bch_register_lock; extern struct list_head bch_cache_sets; diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c index 6116bbf870d8..522c7426f3a0 100644 --- a/drivers/md/bcache/journal.c +++ b/drivers/md/bcache/journal.c @@ -485,7 +485,7 @@ static void do_journal_discard(struct cache *ca) closure_get(&ca->set->cl); INIT_WORK(&ja->discard_work, journal_discard_work); - schedule_work(&ja->discard_work); + queue_work(bch_journal_wq, &ja->discard_work); } } @@ -592,7 +592,7 @@ static void journal_write_done(struct closure *cl) : &j->w[0]; __closure_wake_up(&w->wait); - continue_at_nobarrier(cl, journal_write, system_wq); + continue_at_nobarrier(cl, journal_write, bch_journal_wq); } static void journal_write_unlock(struct closure *cl) @@ -627,7 +627,7 @@ static void journal_write_unlocked(struct closure *cl) spin_unlock(&c->journal.lock); btree_flush_write(c); - continue_at(cl, journal_write, system_wq); + continue_at(cl, journal_write, bch_journal_wq); return; } diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index 94c756c66bd7..30ba9aeb5ee8 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -47,6 +47,7 @@ static int bcache_major; static DEFINE_IDA(bcache_device_idx); static wait_queue_head_t unregister_wait; struct workqueue_struct *bcache_wq; +struct workqueue_struct *bch_journal_wq; #define BTREE_MAX_PAGES (256 * 1024 / PAGE_SIZE) /* limitation of partitions number on single bcache device */ @@ -2341,6 +2342,9 @@ static void bcache_exit(void) kobject_put(bcache_kobj); if (bcache_wq) destroy_workqueue(bcache_wq); + if (bch_journal_wq) + destroy_workqueue(bch_journal_wq); + if (bcache_major) unregister_blkdev(bcache_major, "bcache"); unregister_reboot_notifier(&reboot); @@ -2370,6 +2374,10 @@ static int __init bcache_init(void) if (!bcache_wq) goto err; + bch_journal_wq = alloc_workqueue("bch_journal", WQ_MEM_RECLAIM, 0); + if (!bch_journal_wq) + goto err; + bcache_kobj = kobject_create_and_add("bcache", fs_kobj); if (!bcache_kobj) goto err;

6 years, 8 months

1
0
0 0

FAILED: patch "[PATCH] bcache: add separate workqueue for journal_write to avoid" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0f843e65d9eef4936929bb036c5f771fb261eea4 Mon Sep 17 00:00:00 2001 From: Guoju Fang <fangguoju(a)gmail.com> Date: Thu, 27 Sep 2018 23:41:46 +0800 Subject: [PATCH] bcache: add separate workqueue for journal_write to avoid deadlock After write SSD completed, bcache schedules journal_write work to system_wq, which is a public workqueue in system, without WQ_MEM_RECLAIM flag. system_wq is also a bound wq, and there may be no idle kworker on current processor. Creating a new kworker may unfortunately need to reclaim memory first, by shrinking cache and slab used by vfs, which depends on bcache device. That's a deadlock. This patch create a new workqueue for journal_write with WQ_MEM_RECLAIM flag. It's rescuer thread will work to avoid the deadlock. Signed-off-by: Guoju Fang <fangguoju(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Coly Li <colyli(a)suse.de> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h index 83504dd8100a..954dad29e6e8 100644 --- a/drivers/md/bcache/bcache.h +++ b/drivers/md/bcache/bcache.h @@ -965,6 +965,7 @@ void bch_prio_write(struct cache *ca); void bch_write_bdev_super(struct cached_dev *dc, struct closure *parent); extern struct workqueue_struct *bcache_wq; +extern struct workqueue_struct *bch_journal_wq; extern struct mutex bch_register_lock; extern struct list_head bch_cache_sets; diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c index 6116bbf870d8..522c7426f3a0 100644 --- a/drivers/md/bcache/journal.c +++ b/drivers/md/bcache/journal.c @@ -485,7 +485,7 @@ static void do_journal_discard(struct cache *ca) closure_get(&ca->set->cl); INIT_WORK(&ja->discard_work, journal_discard_work); - schedule_work(&ja->discard_work); + queue_work(bch_journal_wq, &ja->discard_work); } } @@ -592,7 +592,7 @@ static void journal_write_done(struct closure *cl) : &j->w[0]; __closure_wake_up(&w->wait); - continue_at_nobarrier(cl, journal_write, system_wq); + continue_at_nobarrier(cl, journal_write, bch_journal_wq); } static void journal_write_unlock(struct closure *cl) @@ -627,7 +627,7 @@ static void journal_write_unlocked(struct closure *cl) spin_unlock(&c->journal.lock); btree_flush_write(c); - continue_at(cl, journal_write, system_wq); + continue_at(cl, journal_write, bch_journal_wq); return; } diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index 94c756c66bd7..30ba9aeb5ee8 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -47,6 +47,7 @@ static int bcache_major; static DEFINE_IDA(bcache_device_idx); static wait_queue_head_t unregister_wait; struct workqueue_struct *bcache_wq; +struct workqueue_struct *bch_journal_wq; #define BTREE_MAX_PAGES (256 * 1024 / PAGE_SIZE) /* limitation of partitions number on single bcache device */ @@ -2341,6 +2342,9 @@ static void bcache_exit(void) kobject_put(bcache_kobj); if (bcache_wq) destroy_workqueue(bcache_wq); + if (bch_journal_wq) + destroy_workqueue(bch_journal_wq); + if (bcache_major) unregister_blkdev(bcache_major, "bcache"); unregister_reboot_notifier(&reboot); @@ -2370,6 +2374,10 @@ static int __init bcache_init(void) if (!bcache_wq) goto err; + bch_journal_wq = alloc_workqueue("bch_journal", WQ_MEM_RECLAIM, 0); + if (!bch_journal_wq) + goto err; + bcache_kobj = kobject_create_and_add("bcache", fs_kobj); if (!bcache_kobj) goto err;

6 years, 8 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror