- Linux-stable-mirror - lists.linaro.org

Re: [PATCH v6 1/2] iio: proximity: Add driver support for ST's VL53L0X ToF ranging sensor.

by Sasha Levin

Hi, [This is an automated email] This commit has been processed because it contains a -stable tag. The stable tag indicates that it's relevant for the following trees: all The bot has tested the following trees: v4.18.8, v4.14.70, v4.9.127, v4.4.156, v3.18.122, v4.18.8: Build OK! v4.14.70: Failed to apply! Possible dependencies: 22aac3eb0c46 ("MAINTAINERS: add entry for STM32 I2C driver") v4.9.127: Failed to apply! Possible dependencies: 22aac3eb0c46 ("MAINTAINERS: add entry for STM32 I2C driver") 78f839029e1d ("iio: distance: srf08: add IIO driver for us ranger") v4.4.156: Failed to apply! Possible dependencies: 22aac3eb0c46 ("MAINTAINERS: add entry for STM32 I2C driver") 78f839029e1d ("iio: distance: srf08: add IIO driver for us ranger") v3.18.122: Failed to apply! Possible dependencies: 22aac3eb0c46 ("MAINTAINERS: add entry for STM32 I2C driver") 4193c0f1d863 ("iio: driver for Semtech SX9500 proximity solution") 78f839029e1d ("iio: distance: srf08: add IIO driver for us ranger") Please let us know how to resolve this. -- Thanks, Sasha

6 years, 9 months

2
2
0 0

[PATCH] perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> The counters on M3UPI Link 0 and Link 3 don't count. Writing 0 to these counters may causes system crash on some machines. The PCI BDF addresses of M3UPI in current code are incorrect. The correct addresses should be D18:F1 0x204D D18:F2 0x204E D18:F5 0x204D Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> --- arch/x86/events/intel/uncore_snbep.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/arch/x86/events/intel/uncore_snbep.c b/arch/x86/events/intel/uncore_snbep.c index 51d7c11..3b3fc92 100644 --- a/arch/x86/events/intel/uncore_snbep.c +++ b/arch/x86/events/intel/uncore_snbep.c @@ -3931,16 +3931,16 @@ static const struct pci_device_id skx_uncore_pci_ids[] = { .driver_data = UNCORE_PCI_DEV_FULL_DATA(21, 5, SKX_PCI_UNCORE_M2PCIE, 3), }, { /* M3UPI0 Link 0 */ - PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x204C), - .driver_data = UNCORE_PCI_DEV_FULL_DATA(18, 0, SKX_PCI_UNCORE_M3UPI, 0), + PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x204D), + .driver_data = UNCORE_PCI_DEV_FULL_DATA(18, 1, SKX_PCI_UNCORE_M3UPI, 0), }, { /* M3UPI0 Link 1 */ - PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x204D), - .driver_data = UNCORE_PCI_DEV_FULL_DATA(18, 1, SKX_PCI_UNCORE_M3UPI, 1), + PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x204E), + .driver_data = UNCORE_PCI_DEV_FULL_DATA(18, 2, SKX_PCI_UNCORE_M3UPI, 1), }, { /* M3UPI1 Link 2 */ - PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x204C), - .driver_data = UNCORE_PCI_DEV_FULL_DATA(18, 4, SKX_PCI_UNCORE_M3UPI, 2), + PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x204D), + .driver_data = UNCORE_PCI_DEV_FULL_DATA(18, 5, SKX_PCI_UNCORE_M3UPI, 2), }, { /* end: all zeroes */ } }; -- 2.7.4

6 years, 9 months

3
2
0 0

[GIT PULL] commits for Linux 4.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit dfba61ec760efc578a3f3702e752b51ca1dfed52: Linux 4.18.8 (2018-09-15 09:47:02 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.18-17092018 for you to fetch changes up to 77d141736c922f90410b6acf877fe335335d9571: xen-netfront: fix warn message as irq device name has '/' (2018-09-15 10:22:00 -0400) - ---------------------------------------------------------------- for-greg-4.18-17092018 - ---------------------------------------------------------------- Alexandru Gagniuc (1): PCI/AER: Honor "pcie_ports=native" even if HEST sets FIRMWARE_FIRST Andreas Gruenbacher (1): gfs2: Special-case rindex for gfs2_grow Anton Vasilyev (1): video: goldfishfb: fix memory leak on driver remove Ard Biesheuvel (1): efi/arm: preserve early mapping of UEFI memory map longer for BGRT Arnd Bergmann (1): omapfb: rename omap2 module to omap2fb.ko Bhushan Shah (1): ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci Bjorn Andersson (1): soc: qcom: smem: Correct check for global partition Bob Peterson (1): gfs2: Don't reject a supposedly full bitmap if we have blocks reserved Christoffer Dall (1): KVM: arm/arm64: Fix vgic init race Dan Carpenter (1): fbdev: omapfb: off by one in omapfb_register_client() Daniel Mack (1): video: fbdev: pxafb: clear allocated memory for video modes Dmitry Torokhov (1): Input: pxrc - fix freeing URB on device teardown Erich E. Hoover (1): usb: dwc3: change stream event enable bit back to 13 Felix Fietkau (1): MIPS: ath79: fix system restart Fredrik Noring (1): fbdev: Distinguish between interlaced and progressive modes Golan Ben Ami (1): iwlwifi: cancel the injective function between hw pointers to tfd entry index Gregory CLEMENT (1): clk: mvebu: armada-37xx-periph: Fix wrong return value in get_parent Hanna Hawa (1): dmaengine: mv_xor_v2: kill the tasklets upon exit Hans Verkuil (1): media: videobuf2-core: check for q->error in vb2_core_qbuf() Jae Hyun Yoo (1): i2c: aspeed: Fix initial values of master and slave state Jakub Kicinski (2): nfp: don't fail probe on pci_sriov_set_totalvfs() errors nfp: avoid buffer leak when FW communication fails Jean-Philippe Brucker (2): iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE iommu/io-pgtable-arm: Fix pgtable allocation in selftest Jeff Crukley (1): ALSA: usb-audio: Add support for Encore mDSD USB DAC Jiang Biao (2): x86/pti: Check the return value of pti_user_pagetable_walk_p4d() x86/pti: Check the return value of pti_user_pagetable_walk_pmd() Jiri Olsa (2): perf tools: Synthesize GROUP_DESC feature in pipe mode perf tools: Fix struct comm_str removal crash Joerg Roedel (1): x86/mm/pti: Add an overflow check to pti_clone_pmds() John Keeping (1): dmaengine: pl330: fix irq race with terminate_all Julian Wiedmann (2): s390/qeth: fix race in used-buffer accounting s390/qeth: reset layer2 attribute on layer switch Krzysztof Ha?asa (1): media: tw686x: Fix oops on buffer alloc failure Krzysztof Kozlowski (1): ARM: exynos: Clear global variable on init error path Leonard Crestez (1): reset: imx7: Fix always writing bits as 0 Loic Poulain (1): arm64: dts: qcom: db410c: Fix Bluetooth LED trigger Manikanta Pubbisetty (1): mac80211: restrict delayed tailroom needed decrement Mark Rutland (2): KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr() arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() Masahiro Yamada (2): kbuild: add .DELETE_ON_ERROR special target kbuild: do not update config when running install targets Miao Zhong (1): iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register Michael MÃ¼ller (1): crypto: sharah - Unregister correct algorithms for SAHARA 3 Mike Snitzer (1): block: allow max_discard_segments to be stacked Mikko Perttunen (1): clk: core: Potentially free connection id Nicholas Mc Guire (4): clk: imx6ul: fix missing of_node_put() clk: imx6sll: fix missing of_node_put() staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout staging: bcm2835-camera: handle wait_for_completion_timeout return properly Nicholas Piggin (1): powerpc/powernv: opal_put_chars partial write fix Niklas Cassel (2): regulator: qcom_spmi: Use correct regmap when checking for error regulator: qcom_spmi: Fix warning Bad of_node_put() Oder Chiou (1): ASoC: rt5514: Fix the issue of the delay volume applied Paul Cercueil (1): MIPS: jz4740: Bump zload address Pingfan Liu (1): drivers/base: stop new probing during shutdown Piotr Sawicki (1): Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets Rajan Vaja (1): clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure Randy Dunlap (3): mtd/maps: fix solutionengine.c printk format warnings fbdev/via: fix defined but not used warning platform/x86: toshiba_acpi: Fix defined but not used build warnings Rex Zhu (1): drm/amd/pp: Set Max clock level to display by default Sagi Grimberg (2): nvmet: fix file discard return status nvme-rdma: unquiesce queues when deleting the controller Sandipan Das (6): perf tests: Fix record+probe_libc_inet_pton.sh for powerpc64 perf tests: Fix record+probe_libc_inet_pton.sh when event exists perf tests: Fix record+probe_libc_inet_pton.sh to ensure cleanups perf powerpc: Fix callchain ip filtering when return address is in a register perf powerpc: Fix callchain ip filtering perf script: Show correct offsets for DWARF-based unwinding Takashi Iwai (3): ALSA: pcm: Add __force to cast in snd_pcm_lib_read/write() ALSA: msnd: Fix the default sample sizes ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro Thomas Richter (1): perf test: Fix subtest number when showing results Todor Tomov (1): media: ov5645: Supported external clock is 24MHz Vitaly Kuznetsov (1): xen-netfront: fix queue name setting Wei Yongjun (1): IB/ipoib: Fix error return code in ipoib_dev_init() Xiao Liang (1): xen-netfront: fix warn message as irq device name has '/' Yoshihiro Shimoda (1): iommu/ipmmu-vmsa: IMUCTRn.TTSEL needs a special usage on R-Car Gen3 Yue Wang (1): ALSA: usb-audio: Generic DSD detection for Thesycon-based implementations YueHaibing (3): xfrm: fix 'passing zero to ERR_PTR()' warning amd-xgbe: use dma_mapping_error to check map errors wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc Zhu Yanjun (1): IB/rxe: Drop QP0 silently Makefile | 27 ++++++--- .../dts/qcom-msm8974-lge-nexus5-hammerhead.dts | 2 + arch/arm/mach-exynos/suspend.c | 1 + arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi | 2 +- arch/arm64/kernel/ptrace.c | 19 ++++--- arch/mips/ath79/setup.c | 1 + arch/mips/include/asm/mach-ath79/ath79.h | 1 + arch/mips/jz4740/Platform | 2 +- arch/powerpc/platforms/powernv/opal.c | 2 +- arch/x86/mm/pti.c | 25 ++++++-- block/blk-settings.c | 2 +- drivers/base/core.c | 3 + drivers/clk/clk-fixed-factor.c | 9 ++- drivers/clk/clk.c | 3 + drivers/clk/imx/clk-imx6sll.c | 1 + drivers/clk/imx/clk-imx6ul.c | 1 + drivers/clk/mvebu/armada-37xx-periph.c | 3 - drivers/crypto/sahara.c | 4 +- drivers/dma/mv_xor_v2.c | 2 + drivers/dma/pl330.c | 5 +- drivers/firmware/efi/arm-init.c | 1 - drivers/firmware/efi/arm-runtime.c | 4 +- drivers/gpu/drm/amd/powerplay/amd_powerplay.c | 9 ++- drivers/i2c/busses/i2c-aspeed.c | 4 +- drivers/infiniband/sw/rxe/rxe_recv.c | 9 ++- drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 +- drivers/input/joystick/pxrc.c | 66 ++++++++++------------ drivers/iommu/arm-smmu-v3.c | 1 + drivers/iommu/io-pgtable-arm-v7s.c | 7 ++- drivers/iommu/io-pgtable-arm.c | 3 +- drivers/iommu/ipmmu-vmsa.c | 8 +++ drivers/media/common/videobuf2/videobuf2-core.c | 5 ++ drivers/media/i2c/ov5645.c | 13 +++-- drivers/media/pci/tw686x/tw686x-video.c | 11 +++- drivers/mtd/maps/solutionengine.c | 6 +- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 7 +-- drivers/net/ethernet/netronome/nfp/nfp_main.c | 20 ++++--- .../net/ethernet/netronome/nfp/nfp_net_common.c | 13 ++++- drivers/net/wan/fsl_ucc_hdlc.c | 6 +- drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 12 ++-- drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 11 +++- drivers/net/xen-netfront.c | 6 +- drivers/nvme/host/rdma.c | 2 + drivers/nvme/target/io-cmd-file.c | 18 +++--- drivers/pci/pcie/aer.c | 6 ++ drivers/platform/x86/toshiba_acpi.c | 3 +- drivers/regulator/qcom_spmi-regulator.c | 34 ++++++----- drivers/reset/reset-imx7.c | 2 +- drivers/s390/net/qeth_core_main.c | 3 +- drivers/s390/net/qeth_core_sys.c | 1 + drivers/soc/qcom/smem.c | 10 ++-- .../vc04_services/bcm2835-camera/bcm2835-camera.c | 7 ++- .../vc04_services/bcm2835-camera/mmal-vchiq.c | 11 ++-- drivers/usb/dwc3/gadget.h | 2 +- drivers/video/fbdev/core/modedb.c | 41 ++++++++++---- drivers/video/fbdev/goldfishfb.c | 1 + drivers/video/fbdev/omap/omapfb_main.c | 2 +- drivers/video/fbdev/omap2/omapfb/Makefile | 4 +- drivers/video/fbdev/pxafb.c | 4 +- drivers/video/fbdev/via/viafbdev.c | 3 +- fs/gfs2/bmap.c | 2 +- fs/gfs2/rgrp.c | 3 +- include/sound/pcm.h | 4 +- net/mac80211/cfg.c | 2 +- net/mac80211/key.c | 24 +++++--- net/xfrm/xfrm_policy.c | 5 +- scripts/Kbuild.include | 3 + security/smack/smack_lsm.c | 14 +++-- sound/isa/msnd/msnd_pinnacle.c | 4 +- sound/soc/codecs/rt5514.c | 8 +-- sound/usb/quirks-table.h | 3 +- sound/usb/quirks.c | 2 + tools/perf/arch/powerpc/util/skip-callchain-idx.c | 10 +++- tools/perf/tests/builtin-test.c | 2 +- .../tests/shell/record+probe_libc_inet_pton.sh | 36 ++++++++++-- tools/perf/util/comm.c | 16 ++++-- tools/perf/util/header.c | 2 +- tools/perf/util/machine.c | 9 ++- tools/perf/util/unwind-libdw.c | 2 +- tools/perf/util/unwind-libunwind-local.c | 2 +- virt/kvm/arm/vgic/vgic-init.c | 4 ++ virt/kvm/arm/vgic/vgic-mmio-v2.c | 3 + 82 files changed, 436 insertions(+), 218 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlugPMwACgkQ3qZv95d3 LNyyIw//fOsB+VO3qSfxAB+nCIH6xaO7jWW8EIAaFYGIFjhgm8dDvXmTR2zv4OsW MoDPTfQXCmsWnwnymTEvlopu3tEMKK0R8uHXMpkSByCP6ie5WE6DJ2zjex+yqEDM W5gUBQVK9Qj3OzQxA4YbHtUKRXNVE/EtMqOrgjuRw08brdCXxbqt48iOm3EC+lFq nrKquXCvRggBguPV1xKoFP9bwTafClQ0owuPS6OWdTBWNu2B7X2dua3jBW64yX1V wru3/MznYgcC/yKsauimLeS99x2Y3I+He0udEyCII4ylsgWzZJg6O9uvNi9HnuP+ qFg+ew4ecb+MFH31RjEkipHg3thAFdMdMC1pNzZLdaof03wMWV2DsioA4newv+Px jzW8vikqQC51MeVIbEIiCAkoFf4yZjIOehvi70s4TsaCOwxKusntP0jvUGDxWS6A GmU6wpoeqBAUZoWFspLbhrkOZanOCncdBUFSBgS0xX4som9j+jnHYAf3cyz7Iuj0 jeenjgM5vqL2jyOh18gz2BYTQT+kHsuJ/bD6OS5AEcgNlnTLC5SRlVYrFHopzt8Z 8yp1kko8LhTAXDaTwXuhi30DrStJzM1Cnm0pbi/XnRSLEpXRLWx3f5ODTQvID4d9 IksJxN7G+Mm7Bc/obEVytvnslSVvFFWzmJKhYRYbpAmfHT4Byo8= =A0j/ -----END PGP SIGNATURE-----

6 years, 9 months

2
1
0 0

[PATCH] powerpc: fix csum_ipv6_magic() on little endian platforms

by Christophe Leroy

On little endian platforms, csum_ipv6_magic() keeps len and proto in CPU byte order. This generates a bad results leading to ICMPv6 packets from other hosts being dropped by powerpc64le platforms. In order to fix this, len and proto should be converted to network byte order ie bigendian byte order. However checksumming 0x12345678 and 0x56341278 provide the exact same result so it is enough to rotate the sum of len and proto by 1 byte. PPC32 only support bigendian so the fix is needed for PPC64 only Fixes: e9c4943a107b ("powerpc: Implement csum_ipv6_magic in assembly") Reported-by: Jianlin Shi <jishi(a)redhat.com> Reported-by: Xin Long <lucien.xin(a)gmail.com> Cc: <stable(a)vger.kernel.org> # 4.18+ Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> --- arch/powerpc/lib/checksum_64.S | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/powerpc/lib/checksum_64.S b/arch/powerpc/lib/checksum_64.S index 886ed94b9c13..2a68c43e13f5 100644 --- a/arch/powerpc/lib/checksum_64.S +++ b/arch/powerpc/lib/checksum_64.S @@ -443,6 +443,9 @@ _GLOBAL(csum_ipv6_magic) addc r0, r8, r9 ld r10, 0(r4) ld r11, 8(r4) +#ifndef CONFIG_CPU_BIG_ENDIAN + rotldi r5, r5, 8 +#endif adde r0, r0, r10 add r5, r5, r7 adde r0, r0, r11 -- 2.13.3

6 years, 9 months

4
3
0 0

[PATCH] spi: spi-mem: Adjust op len based on message/transfer size limitations

by Chuanhua Han

We need that to adjust the len of the 2nd transfer (called data in spi-mem) if it's too long to fit in a SPI message or SPI transfer. Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Chuanhua Han <chuanhua.han(a)nxp.com> Reviewed-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> --- drivers/spi/spi-mem.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/drivers/spi/spi-mem.c b/drivers/spi/spi-mem.c index 990770dfa5cf..ec0c24e873cd 100644 --- a/drivers/spi/spi-mem.c +++ b/drivers/spi/spi-mem.c @@ -328,10 +328,25 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) { struct spi_controller *ctlr = mem->spi->controller; + size_t len; + + len = sizeof(op->cmd.opcode) + op->addr.nbytes + op->dummy.nbytes; if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) return ctlr->mem_ops->adjust_op_size(mem, op); + if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { + if (len > spi_max_transfer_size(mem->spi)) + return -EINVAL; + + op->data.nbytes = min3((size_t)op->data.nbytes, + spi_max_transfer_size(mem->spi), + spi_max_message_size(mem->spi) - + len); + if (!op->data.nbytes) + return -EINVAL; + } + return 0; } EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size); -- 2.17.1

6 years, 9 months

1
1
0 0

[PATCH] apparmor: fix SECURITY_APPARMOR_HASH_DEFAULT parameter handling

by Loic

Hello, Tested without any problem so please picked up this for 4.4 to fix the problem. The patch below is slightly modified to adapt to this version. [ Upstream commit 7616ac70d1bb4f2e9d25c1a82d283f3368a7b632 ] The newly added Kconfig option could never work and just causes a build error when disabled: security/apparmor/lsm.c:675:25: error: 'CONFIG_SECURITY_APPARMOR_HASH_DEFAULT' undeclared here (not in a function) bool aa_g_hash_policy = CONFIG_SECURITY_APPARMOR_HASH_DEFAULT; The problem is that the macro undefined in this case, and we need to use the IS_ENABLED() helper to turn it into a boolean constant. Another minor problem with the original patch is that the option is even offered in sysfs when SECURITY_APPARMOR_HASH is not enabled, so this also hides the option in that case. Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Fixes: 6059f71f1e94 ("apparmor: add parameter to control whether policy hashing is used") Signed-off-by: John Johansen <john.johansen(a)canonical.com> Signed-off-by: James Morris <james.l.morris(a)oracle.com> --- diff -Nurp a/security/apparmor/crypto.c b/security/apparmor/crypto.c --- a/security/apparmor/crypto.c +++ b/security/apparmor/crypto.c @@ -39,6 +39,9 @@ int aa_calc_profile_hash(struct aa_profi int error = -ENOMEM; u32 le32_version = cpu_to_le32(version); + if (!aa_g_hash_policy) + return 0; + if (!apparmor_tfm) return 0; diff -Nurp a/security/apparmor/lsm.c b/security/apparmor/lsm.c --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -692,6 +692,12 @@ enum profile_mode aa_g_profile_mode = AP module_param_call(mode, param_set_mode, param_get_mode, &aa_g_profile_mode, S_IRUSR | S_IWUSR); +#ifdef CONFIG_SECURITY_APPARMOR_HASH +/* whether policy verification hashing is enabled */ +bool aa_g_hash_policy = IS_ENABLED(CONFIG_SECURITY_APPARMOR_HASH_DEFAULT); +module_param_named(hash_policy, aa_g_hash_policy, aabool, S_IRUSR | S_IWUSR); +#endif + /* Debug mode */ bool aa_g_debug; module_param_named(debug, aa_g_debug, aabool, S_IRUSR | S_IWUSR); ---

6 years, 9 months

4
10
0 0

[PATCH for-rc 0/4] IB/hfi1: Couple more for the RC cycle

by Dennis Dalessandro

Hi Doug and Jason, Mike and Ira have identified some fixes that they would like to see land in the RC, these are serious problems and are marked as stable. Changes since v1: Update Lukasz' email address and fix subject tag. --- Ira Weiny (1): IB/hfi1: Fix SL array bounds check Michael J. Ruhl (3): IB/hfi1: Invalid user input can result in crash IB/hfi1: Fix context recovery when PBC has an UnsupportedVL IB/hfi1: Fix destroy_qp hang after a link down drivers/infiniband/hw/hfi1/chip.c | 6 +++- drivers/infiniband/hw/hfi1/pio.c | 51 ++++++++++++++++++++++++++------ drivers/infiniband/hw/hfi1/pio.h | 2 + drivers/infiniband/hw/hfi1/user_sdma.c | 2 + drivers/infiniband/hw/hfi1/verbs.c | 8 ++++- 5 files changed, 56 insertions(+), 13 deletions(-) -- -Denny

6 years, 9 months

2
5
0 0

[PATCH v2 1/6] drm/dp_mst: Introduce drm_dp_mst_connector_atomic_check()

by Lyude Paul

Currently the way that we prevent userspace from performing new modesets on MST connectors that have just been destroyed is rather broken. There's nothing in the actual DRM DP MST topology helpers that checks whether or not a connector still exists, instead each DRM driver does this on it's own, usually by returning NULL from the best_encoder callback which in turn, causes the atomic commit to fail. However, this is wrong in a rather subtle way. If ->best_encoder() returns NULL, this makes ALL modesets involving the connector fail. This includes modesets from userspace that would shut off the CRTCs being used by the connector. Since this results in blocking any changes to a connector's DPMS prop, it has the sideaffect of preventing legacy modesetting users from ever disabling a CRTC that was previously enabled for use in an MST topology. An example of this, where X tries to change the DPMS property of an MST connector that was just detached from the system: [ 2908.320131] [drm:drm_helper_probe_single_connector_modes [drm_kms_helper]] [CONNECTOR:82:DP-6] [ 2908.320148] [drm:drm_helper_probe_single_connector_modes [drm_kms_helper]] [CONNECTOR:82:DP-6] status updated from connected to disconnected [ 2908.320166] [drm:drm_helper_probe_single_connector_modes [drm_kms_helper]] [CONNECTOR:82:DP-6] disconnected [ 2908.320193] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 111 (1) [ 2908.320230] [drm:drm_sysfs_hotplug_event [drm]] generating hotplug event ... [ 2908.638539] [drm:drm_ioctl [drm]] pid=12928, dev=0xe201, auth=1, DRM_IOCTL_MODE_SETPROPERTY [ 2908.638546] [drm:drm_atomic_state_init [drm]] Allocated atomic state 000000007155ba49 [ 2908.638553] [drm:drm_mode_object_get [drm]] OBJ ID: 114 (1) [ 2908.638560] [drm:drm_mode_object_get [drm]] OBJ ID: 108 (1) [ 2908.638568] [drm:drm_atomic_get_crtc_state [drm]] Added [CRTC:41:head-0] 0000000097a6396e state to 000000007155ba49 [ 2908.638575] [drm:drm_atomic_add_affected_connectors [drm]] Adding all current connectors for [CRTC:41:head-0] to 000000007155ba49 [ 2908.638582] [drm:drm_mode_object_get [drm]] OBJ ID: 82 (3) [ 2908.638589] [drm:drm_mode_object_get [drm]] OBJ ID: 82 (4) [ 2908.638596] [drm:drm_atomic_get_connector_state [drm]] Added [CONNECTOR:82:DP-6] 0000000087427144 state to 000000007155ba49 [ 2908.638603] [drm:drm_atomic_check_only [drm]] checking 000000007155ba49 [ 2908.638609] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] [CRTC:41:head-0] active changed [ 2908.638613] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] Updating routing for [CONNECTOR:82:DP-6] [ 2908.638616] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] No suitable encoder found for [CONNECTOR:82:DP-6] [ 2908.638623] [drm:drm_atomic_check_only [drm]] atomic driver check for 000000007155ba49 failed: -22 [ 2908.638630] [drm:drm_atomic_state_default_clear [drm]] Clearing atomic state 000000007155ba49 [ 2908.638637] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 82 (4) [ 2908.638643] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 82 (3) [ 2908.638650] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 114 (2) [ 2908.638656] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 108 (2) [ 2908.638663] [drm:__drm_atomic_state_free [drm]] Freeing atomic state 000000007155ba49 [ 2908.638669] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 82 (2) [ 2908.638676] [drm:drm_ioctl [drm]] pid=12928, ret = -22 While this doesn't usually result in any errors that would be obvious to the user, it does result in us leaving display resources on. This in turn leads to unwanted sideaffects like inactive GPUs being left on (usually from the resulting leaked runtime PM ref). So, provide an easier way of doing this that doesn't require breaking ->best_encoder(): add a common drm_dp_mst_connector_atomic_check() function that DRM drivers can call in order to have CRTC enabling commits fail automatically if the MST port driving the connector no longer exists. We'll also be able to expand upon this later as well once we add MST fallback retraining support. Changes since v1: - Use list_for_each_entry_safe in drm_dp_mst_connector_still_exists() - Julia Lawall Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: Julia Lawall <julia.lawall(a)lip6.fr> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_dp_mst_topology.c | 76 +++++++++++++++++++++++++++ include/drm/drm_dp_mst_helper.h | 3 ++ 2 files changed, 79 insertions(+) diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c index 7780567aa669..58b9554711c7 100644 --- a/drivers/gpu/drm/drm_dp_mst_topology.c +++ b/drivers/gpu/drm/drm_dp_mst_topology.c @@ -3129,6 +3129,82 @@ static const struct drm_private_state_funcs mst_state_funcs = { .atomic_destroy_state = drm_dp_mst_destroy_state, }; +static bool +drm_dp_mst_connector_still_exists(struct drm_connector *connector, + struct drm_dp_mst_topology_mgr *mgr, + struct drm_dp_mst_branch *mstb) +{ + struct drm_dp_mst_port *port, *tmp; + bool exists = false; + + mstb = drm_dp_get_validated_mstb_ref(mgr, mstb); + if (!mstb) + return false; + + list_for_each_entry_safe(port, tmp, &mstb->ports, next) { + port = drm_dp_get_validated_port_ref(mgr, port); + if (!port) + continue; + + exists = (port->connector == connector || + (port->mstb && + drm_dp_mst_connector_still_exists(connector, mgr, + port->mstb))); + + drm_dp_put_port(port); + if (exists) + break; + } + + drm_dp_put_mst_branch_device(mstb); + return exists; +} + +/** + * drm_dp_mst_connector_atomic_check - Helper for validating a new atomic + * state on an MST connector + * @connector: drm connector + * @connector_state: the new atomic state of @connector + * @mgr: the MST topology mgr for @connector + * + * This function performs various atomic checks that apply to all drivers + * using the DRM DP MST helpers. This should be called by all drivers at the + * start of the atomic_check function for their MST connectors. + * + * Return 0 for success, or negative error code on failure. + */ +int +drm_dp_mst_connector_atomic_check(struct drm_connector *connector, + struct drm_connector_state *connector_state, + struct drm_dp_mst_topology_mgr *mgr) +{ + struct drm_atomic_state *state = connector_state->state; + struct drm_crtc *crtc = connector_state->crtc; + struct drm_crtc_state *new_crtc_state; + + if (!crtc) + return 0; + + new_crtc_state = drm_atomic_get_new_crtc_state(state, crtc); + if (!new_crtc_state) + return 0; + + if (!drm_atomic_crtc_needs_modeset(new_crtc_state) || + !new_crtc_state->active) + return 0; + + /* Make sure that the port for this MST connector still exists */ + if (!drm_dp_mst_connector_still_exists(connector, mgr, + mgr->mst_primary)) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] has disappeared from the MST topology\n", + connector->base.id, connector->name); + return -EINVAL; + } + + return 0; +} +EXPORT_SYMBOL(drm_dp_mst_connector_atomic_check); + /** * drm_atomic_get_mst_topology_state: get MST topology state * diff --git a/include/drm/drm_dp_mst_helper.h b/include/drm/drm_dp_mst_helper.h index 7f78d26a0766..8e33c2c85d1e 100644 --- a/include/drm/drm_dp_mst_helper.h +++ b/include/drm/drm_dp_mst_helper.h @@ -625,6 +625,9 @@ void drm_dp_mst_topology_mgr_suspend(struct drm_dp_mst_topology_mgr *mgr); int drm_dp_mst_topology_mgr_resume(struct drm_dp_mst_topology_mgr *mgr); struct drm_dp_mst_topology_state *drm_atomic_get_mst_topology_state(struct drm_atomic_state *state, struct drm_dp_mst_topology_mgr *mgr); +int drm_dp_mst_connector_atomic_check(struct drm_connector *connector, + struct drm_connector_state *connector_state, + struct drm_dp_mst_topology_mgr *mgr); int drm_dp_atomic_find_vcpi_slots(struct drm_atomic_state *state, struct drm_dp_mst_topology_mgr *mgr, struct drm_dp_mst_port *port, int pbn); -- 2.17.1

6 years, 9 months

2
1
0 0

[PATCH 1/6] drm/dp_mst: Introduce drm_dp_mst_connector_atomic_check()

by Lyude Paul

Currently the way that we prevent userspace from performing new modesets on MST connectors that have just been destroyed is rather broken. There's nothing in the actual DRM DP MST topology helpers that checks whether or not a connector still exists, instead each DRM driver does this on it's own, usually by returning NULL from the best_encoder callback which in turn, causes the atomic commit to fail. However, this is wrong in a rather subtle way. If ->best_encoder() returns NULL, this makes ALL modesets involving the connector fail. This includes modesets from userspace that would shut off the CRTCs being used by the connector. Since this results in blocking any changes to a connector's DPMS prop, it has the sideaffect of preventing legacy modesetting users from ever disabling a CRTC that was previously enabled for use in an MST topology. An example of this, where X tries to change the DPMS property of an MST connector that was just detached from the system: [ 2908.320131] [drm:drm_helper_probe_single_connector_modes [drm_kms_helper]] [CONNECTOR:82:DP-6] [ 2908.320148] [drm:drm_helper_probe_single_connector_modes [drm_kms_helper]] [CONNECTOR:82:DP-6] status updated from connected to disconnected [ 2908.320166] [drm:drm_helper_probe_single_connector_modes [drm_kms_helper]] [CONNECTOR:82:DP-6] disconnected [ 2908.320193] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 111 (1) [ 2908.320230] [drm:drm_sysfs_hotplug_event [drm]] generating hotplug event ... [ 2908.638539] [drm:drm_ioctl [drm]] pid=12928, dev=0xe201, auth=1, DRM_IOCTL_MODE_SETPROPERTY [ 2908.638546] [drm:drm_atomic_state_init [drm]] Allocated atomic state 000000007155ba49 [ 2908.638553] [drm:drm_mode_object_get [drm]] OBJ ID: 114 (1) [ 2908.638560] [drm:drm_mode_object_get [drm]] OBJ ID: 108 (1) [ 2908.638568] [drm:drm_atomic_get_crtc_state [drm]] Added [CRTC:41:head-0] 0000000097a6396e state to 000000007155ba49 [ 2908.638575] [drm:drm_atomic_add_affected_connectors [drm]] Adding all current connectors for [CRTC:41:head-0] to 000000007155ba49 [ 2908.638582] [drm:drm_mode_object_get [drm]] OBJ ID: 82 (3) [ 2908.638589] [drm:drm_mode_object_get [drm]] OBJ ID: 82 (4) [ 2908.638596] [drm:drm_atomic_get_connector_state [drm]] Added [CONNECTOR:82:DP-6] 0000000087427144 state to 000000007155ba49 [ 2908.638603] [drm:drm_atomic_check_only [drm]] checking 000000007155ba49 [ 2908.638609] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] [CRTC:41:head-0] active changed [ 2908.638613] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] Updating routing for [CONNECTOR:82:DP-6] [ 2908.638616] [drm:drm_atomic_helper_check_modeset [drm_kms_helper]] No suitable encoder found for [CONNECTOR:82:DP-6] [ 2908.638623] [drm:drm_atomic_check_only [drm]] atomic driver check for 000000007155ba49 failed: -22 [ 2908.638630] [drm:drm_atomic_state_default_clear [drm]] Clearing atomic state 000000007155ba49 [ 2908.638637] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 82 (4) [ 2908.638643] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 82 (3) [ 2908.638650] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 114 (2) [ 2908.638656] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 108 (2) [ 2908.638663] [drm:__drm_atomic_state_free [drm]] Freeing atomic state 000000007155ba49 [ 2908.638669] [drm:drm_mode_object_put.part.2 [drm]] OBJ ID: 82 (2) [ 2908.638676] [drm:drm_ioctl [drm]] pid=12928, ret = -22 While this doesn't usually result in any errors that would be obvious to the user, it does result in us leaving display resources on. This in turn leads to unwanted sideaffects like inactive GPUs being left on (usually from the resulting leaked runtime PM ref). So, provide an easier way of doing this that doesn't require breaking ->best_encoder(): add a common drm_dp_mst_connector_atomic_check() function that DRM drivers can call in order to have CRTC enabling commits fail automatically if the MST port driving the connector no longer exists. We'll also be able to expand upon this later as well once we add MST fallback retraining support. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_dp_mst_topology.c | 76 +++++++++++++++++++++++++++ include/drm/drm_dp_mst_helper.h | 3 ++ 2 files changed, 79 insertions(+) diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c index 7780567aa669..0162d4bf2549 100644 --- a/drivers/gpu/drm/drm_dp_mst_topology.c +++ b/drivers/gpu/drm/drm_dp_mst_topology.c @@ -3129,6 +3129,82 @@ static const struct drm_private_state_funcs mst_state_funcs = { .atomic_destroy_state = drm_dp_mst_destroy_state, }; +static bool +drm_dp_mst_connector_still_exists(struct drm_connector *connector, + struct drm_dp_mst_topology_mgr *mgr, + struct drm_dp_mst_branch *mstb) +{ + struct drm_dp_mst_port *port; + bool exists = false; + + mstb = drm_dp_get_validated_mstb_ref(mgr, mstb); + if (!mstb) + return false; + + list_for_each_entry(port, &mstb->ports, next) { + port = drm_dp_get_validated_port_ref(mgr, port); + if (!port) + continue; + + exists = (port->connector == connector || + (port->mstb && + drm_dp_mst_connector_still_exists(connector, mgr, + port->mstb))); + + drm_dp_put_port(port); + if (exists) + break; + } + + drm_dp_put_mst_branch_device(mstb); + return exists; +} + +/** + * drm_dp_mst_connector_atomic_check - Helper for validating a new atomic + * state on an MST connector + * @connector: drm connector + * @connector_state: the new atomic state of @connector + * @mgr: the MST topology mgr for @connector + * + * This function performs various atomic checks that apply to all drivers + * using the DRM DP MST helpers. This should be called by all drivers at the + * start of the atomic_check function for their MST connectors. + * + * Return 0 for success, or negative error code on failure. + */ +int +drm_dp_mst_connector_atomic_check(struct drm_connector *connector, + struct drm_connector_state *connector_state, + struct drm_dp_mst_topology_mgr *mgr) +{ + struct drm_atomic_state *state = connector_state->state; + struct drm_crtc *crtc = connector_state->crtc; + struct drm_crtc_state *new_crtc_state; + + if (!crtc) + return 0; + + new_crtc_state = drm_atomic_get_new_crtc_state(state, crtc); + if (!new_crtc_state) + return 0; + + if (!drm_atomic_crtc_needs_modeset(new_crtc_state) || + !new_crtc_state->active) + return 0; + + /* Make sure that the port for this MST connector still exists */ + if (!drm_dp_mst_connector_still_exists(connector, mgr, + mgr->mst_primary)) { + DRM_DEBUG_ATOMIC("[CONNECTOR:%d:%s] has disappeared from the MST topology\n", + connector->base.id, connector->name); + return -EINVAL; + } + + return 0; +} +EXPORT_SYMBOL(drm_dp_mst_connector_atomic_check); + /** * drm_atomic_get_mst_topology_state: get MST topology state * diff --git a/include/drm/drm_dp_mst_helper.h b/include/drm/drm_dp_mst_helper.h index 7f78d26a0766..8e33c2c85d1e 100644 --- a/include/drm/drm_dp_mst_helper.h +++ b/include/drm/drm_dp_mst_helper.h @@ -625,6 +625,9 @@ void drm_dp_mst_topology_mgr_suspend(struct drm_dp_mst_topology_mgr *mgr); int drm_dp_mst_topology_mgr_resume(struct drm_dp_mst_topology_mgr *mgr); struct drm_dp_mst_topology_state *drm_atomic_get_mst_topology_state(struct drm_atomic_state *state, struct drm_dp_mst_topology_mgr *mgr); +int drm_dp_mst_connector_atomic_check(struct drm_connector *connector, + struct drm_connector_state *connector_state, + struct drm_dp_mst_topology_mgr *mgr); int drm_dp_atomic_find_vcpi_slots(struct drm_atomic_state *state, struct drm_dp_mst_topology_mgr *mgr, struct drm_dp_mst_port *port, int pbn); -- 2.17.1

6 years, 9 months

4
4
0 0

Re: [PATCH] nohz: Fix missing tick reprog while interrupting inline timer softirq

by Thomas Gleixner

On Thu, 20 Sep 2018, Evan Green wrote: > On Thu, Aug 30, 2018 at 7:29 AM Thomas Gleixner <tglx(a)linutronix.de> wrote: > > > > On Thu, 30 Aug 2018, John Crispin wrote: > > > > > > Sry, that disturbing you all, but what are the conclusion here for 4.14.y? > > > > - take Thomas's patch https://lore.kernel.org/patchwork/patch/969521/#1162900 > > > > - revert commit 2d898915ccf4838c04531c51a598469e921a5eb5 > > > > > > Hi Frederic, > > > > > > I reported this very issue to tglx last night and he asked me to verify his > > > proposed patch which i just did. I can confirm the the patch fixes the issue > > > on 4.14.67 and Greg should add it to the stable queue please. > > > > > > Tested-by: John Crispin <john(a)phrozen.org> > > > > Let me whip up a proper patch with changelog. > > > Hi Thomas, > Did this patch ever go anywhere? I believe it fixes the prints I'm > seeing in our kernel, and I wondered if the official patch was > somewhere. It's out there: https://lore.kernel.org/patchwork/patch/979451/ I assume that it has fallen through the stable cracks. Thanks, tglx

6 years, 9 months

2
1
0 0

[PATCH for-next 0/4] IB/hfi1: Couple more for the RC cycle

by Dennis Dalessandro

Hi Doug and Jason, Mike and Ira have identified some fixes that they would like to see land in the RC, these are serious problems and are marked as stable. --- Ira Weiny (1): IB/hfi1: Fix SL array bounds check Michael J. Ruhl (3): IB/hfi1: Invalid user input can result in crash IB/hfi1: Fix context recovery when PBC has an UnsupportedVL IB/hfi1: Fix destroy_qp hang after a link down drivers/infiniband/hw/hfi1/chip.c | 6 +++- drivers/infiniband/hw/hfi1/pio.c | 51 ++++++++++++++++++++++++++------ drivers/infiniband/hw/hfi1/pio.h | 2 + drivers/infiniband/hw/hfi1/user_sdma.c | 2 + drivers/infiniband/hw/hfi1/verbs.c | 8 ++++- 5 files changed, 56 insertions(+), 13 deletions(-) -- -Denny

6 years, 9 months

1
5
0 0

[patch 7/7] ocfs2: fix ocfs2 read block panic

by akpm＠linux-foundation.org

From: Junxiao Bi <junxiao.bi(a)oracle.com> Subject: ocfs2: fix ocfs2 read block panic While reading block, it is possible that io error return due to underlying storage issue, in this case, BH_NeedsValidate was left in the buffer head. Then when reading the very block next time, if it was already linked into journal, that will trigger the following panic. [203748.702517] kernel BUG at fs/ocfs2/buffer_head_io.c:342! [203748.702533] invalid opcode: 0000 [#1] SMP [203748.702561] Modules linked in: ocfs2 ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs sunrpc dm_switch dm_queue_length dm_multipath bonding be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i iw_cxgb4 cxgb4 cxgb3i libcxgbi iw_cxgb3 cxgb3 mdio ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr ipv6 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipmi_devintf iTCO_wdt iTCO_vendor_support dcdbas ipmi_ssif i2c_core ipmi_si ipmi_msghandler acpi_pad pcspkr sb_edac edac_core lpc_ich mfd_core shpchp sg tg3 ptp pps_core ext4 jbd2 mbcache2 sr_mod cdrom sd_mod ahci libahci megaraid_sas wmi dm_mirror dm_region_hash dm_log dm_mod [203748.703024] CPU: 7 PID: 38369 Comm: touch Not tainted 4.1.12-124.18.6.el6uek.x86_64 #2 [203748.703045] Hardware name: Dell Inc. PowerEdge R620/0PXXHP, BIOS 2.5.2 01/28/2015 [203748.703067] task: ffff880768139c00 ti: ffff88006ff48000 task.ti: ffff88006ff48000 [203748.703088] RIP: 0010:[<ffffffffa05e9f09>] [<ffffffffa05e9f09>] ocfs2_read_blocks+0x669/0x7f0 [ocfs2] [203748.703130] RSP: 0018:ffff88006ff4b818 EFLAGS: 00010206 [203748.703389] RAX: 0000000008620029 RBX: ffff88006ff4b910 RCX: 0000000000000000 [203748.703885] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 00000000023079fe [203748.704382] RBP: ffff88006ff4b8d8 R08: 0000000000000000 R09: ffff8807578c25b0 [203748.704877] R10: 000000000f637376 R11: 000000003030322e R12: 0000000000000000 [203748.705373] R13: ffff88006ff4b910 R14: ffff880732fe38f0 R15: 0000000000000000 [203748.705871] FS: 00007f401992c700(0000) GS:ffff880bfebc0000(0000) knlGS:0000000000000000 [203748.706370] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [203748.706627] CR2: 00007f4019252440 CR3: 00000000a621e000 CR4: 0000000000060670 [203748.707124] Stack: [203748.707371] ffff88006ff4b828 ffffffffa0609f52 ffff88006ff4b838 0000000000000001 [203748.707885] 0000000000000000 0000000000000000 ffff880bf67c3800 ffffffffa05eca00 [203748.708399] 00000000023079ff ffffffff81c58b80 0000000000000000 0000000000000000 [203748.708915] Call Trace: [203748.709175] [<ffffffffa0609f52>] ? ocfs2_inode_cache_io_unlock+0x12/0x20 [ocfs2] [203748.709680] [<ffffffffa05eca00>] ? ocfs2_empty_dir_filldir+0x80/0x80 [ocfs2] [203748.710185] [<ffffffffa05ec0cb>] ocfs2_read_dir_block_direct+0x3b/0x200 [ocfs2] [203748.710691] [<ffffffffa05f0fbf>] ocfs2_prepare_dx_dir_for_insert.isra.57+0x19f/0xf60 [ocfs2] [203748.711204] [<ffffffffa065660f>] ? ocfs2_metadata_cache_io_unlock+0x1f/0x30 [ocfs2] [203748.711716] [<ffffffffa05f4f3a>] ocfs2_prepare_dir_for_insert+0x13a/0x890 [ocfs2] [203748.712227] [<ffffffffa05f442e>] ? ocfs2_check_dir_for_entry+0x8e/0x140 [ocfs2] [203748.712737] [<ffffffffa061b2f2>] ocfs2_mknod+0x4b2/0x1370 [ocfs2] [203748.713003] [<ffffffffa061c385>] ocfs2_create+0x65/0x170 [ocfs2] [203748.713263] [<ffffffff8121714b>] vfs_create+0xdb/0x150 [203748.713518] [<ffffffff8121b225>] do_last+0x815/0x1210 [203748.713772] [<ffffffff812192e9>] ? path_init+0xb9/0x450 [203748.714123] [<ffffffff8121bca0>] path_openat+0x80/0x600 [203748.714378] [<ffffffff811bcd45>] ? handle_pte_fault+0xd15/0x1620 [203748.714634] [<ffffffff8121d7ba>] do_filp_open+0x3a/0xb0 [203748.714888] [<ffffffff8122a767>] ? __alloc_fd+0xa7/0x130 [203748.715143] [<ffffffff81209ffc>] do_sys_open+0x12c/0x220 [203748.715403] [<ffffffff81026ddb>] ? syscall_trace_enter_phase1+0x11b/0x180 [203748.715668] [<ffffffff816f0c9f>] ? system_call_after_swapgs+0xe9/0x190 [203748.715928] [<ffffffff8120a10e>] SyS_open+0x1e/0x20 [203748.716184] [<ffffffff816f0d5e>] system_call_fastpath+0x18/0xd7 [203748.716440] Code: 00 00 48 8b 7b 08 48 83 c3 10 45 89 f8 44 89 e1 44 89 f2 4c 89 ee e8 07 06 11 e1 48 8b 03 48 85 c0 75 df 8b 5d c8 e9 4d fa ff ff <0f> 0b 48 8b 7d a0 e8 dc c6 06 00 48 b8 00 00 00 00 00 00 00 10 [203748.717505] RIP [<ffffffffa05e9f09>] ocfs2_read_blocks+0x669/0x7f0 [ocfs2] [203748.717775] RSP <ffff88006ff4b818> Joesph ever reported a similar panic. Link: https://oss.oracle.com/pipermail/ocfs2-devel/2013-May/008931.html Link: http://lkml.kernel.org/r/20180912063207.29484-1-junxiao.bi@oracle.com Signed-off-by: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Joseph Qi <jiangqi903(a)gmail.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN fs/ocfs2/buffer_head_io.c~ocfs2-fix-ocfs2-read-block-panic fs/ocfs2/buffer_head_io.c --- a/fs/ocfs2/buffer_head_io.c~ocfs2-fix-ocfs2-read-block-panic +++ a/fs/ocfs2/buffer_head_io.c @@ -342,6 +342,7 @@ int ocfs2_read_blocks(struct ocfs2_cachi * for this bh as it's not marked locally * uptodate. */ status = -EIO; + clear_buffer_needs_validate(bh); put_bh(bh); bhs[i] = NULL; continue; _

6 years, 9 months

1
0
0 0

[patch 4/7] mm: shmem.c: Correctly annotate new inodes for lockdep

by akpm＠linux-foundation.org

From: "Joel Fernandes (Google)" <joel(a)joelfernandes.org> Subject: mm: shmem.c: Correctly annotate new inodes for lockdep Directories and inodes don't necessarily need to be in the same lockdep class. For ex, hugetlbfs splits them out too to prevent false positives in lockdep. Annotate correctly after new inode creation. If its a directory inode, it will be put into a different class. This should fix a lockdep splat reported by syzbot: > ====================================================== > WARNING: possible circular locking dependency detected > 4.18.0-rc8-next-20180810+ #36 Not tainted > ------------------------------------------------------ > syz-executor900/4483 is trying to acquire lock: > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: inode_lock > include/linux/fs.h:765 [inline] > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > > but task is already holding lock: > 0000000025208078 (ashmem_mutex){+.+.}, at: ashmem_shrink_scan+0xb4/0x630 > drivers/staging/android/ashmem.c:448 > > which lock already depends on the new lock. > > -> #2 (ashmem_mutex){+.+.}: > __mutex_lock_common kernel/locking/mutex.c:925 [inline] > __mutex_lock+0x171/0x1700 kernel/locking/mutex.c:1073 > mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1088 > ashmem_mmap+0x55/0x520 drivers/staging/android/ashmem.c:361 > call_mmap include/linux/fs.h:1844 [inline] > mmap_region+0xf27/0x1c50 mm/mmap.c:1762 > do_mmap+0xa10/0x1220 mm/mmap.c:1535 > do_mmap_pgoff include/linux/mm.h:2298 [inline] > vm_mmap_pgoff+0x213/0x2c0 mm/util.c:357 > ksys_mmap_pgoff+0x4da/0x660 mm/mmap.c:1585 > __do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] > __se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline] > __x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #1 (&mm->mmap_sem){++++}: > __might_fault+0x155/0x1e0 mm/memory.c:4568 > _copy_to_user+0x30/0x110 lib/usercopy.c:25 > copy_to_user include/linux/uaccess.h:155 [inline] > filldir+0x1ea/0x3a0 fs/readdir.c:196 > dir_emit_dot include/linux/fs.h:3464 [inline] > dir_emit_dots include/linux/fs.h:3475 [inline] > dcache_readdir+0x13a/0x620 fs/libfs.c:193 > iterate_dir+0x48b/0x5d0 fs/readdir.c:51 > __do_sys_getdents fs/readdir.c:231 [inline] > __se_sys_getdents fs/readdir.c:212 [inline] > __x64_sys_getdents+0x29f/0x510 fs/readdir.c:212 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #0 (&sb->s_type->i_mutex_key#9){++++}: > lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924 > down_write+0x8f/0x130 kernel/locking/rwsem.c:70 > inode_lock include/linux/fs.h:765 [inline] > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > ashmem_shrink_scan+0x236/0x630 drivers/staging/android/ashmem.c:455 > ashmem_ioctl+0x3ae/0x13a0 drivers/staging/android/ashmem.c:797 > vfs_ioctl fs/ioctl.c:46 [inline] > file_ioctl fs/ioctl.c:501 [inline] > do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:685 > ksys_ioctl+0xa9/0xd0 fs/ioctl.c:702 > __do_sys_ioctl fs/ioctl.c:709 [inline] > __se_sys_ioctl fs/ioctl.c:707 [inline] > __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:707 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > other info that might help us debug this: > > Chain exists of: > &sb->s_type->i_mutex_key#9 --> &mm->mmap_sem --> ashmem_mutex > > Possible unsafe locking scenario: > > CPU0 CPU1 > ---- ---- > lock(ashmem_mutex); > lock(&mm->mmap_sem); > lock(ashmem_mutex); > lock(&sb->s_type->i_mutex_key#9); > > *** DEADLOCK *** > > 1 lock held by syz-executor900/4483: > #0: 0000000025208078 (ashmem_mutex){+.+.}, at: > ashmem_shrink_scan+0xb4/0x630 drivers/staging/android/ashmem.c:448 Link: http://lkml.kernel.org/r/20180821231835.166639-1-joel@joelfernandes.org Signed-off-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> Reported-by: syzbot <syzkaller(a)googlegroups.com> Reviewed-by: NeilBrown <neilb(a)suse.com> Suggested-by: NeilBrown <neilb(a)suse.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN mm/shmem.c~mm-shmem-correctly-annotate-new-inodes-for-lockdep mm/shmem.c --- a/mm/shmem.c~mm-shmem-correctly-annotate-new-inodes-for-lockdep +++ a/mm/shmem.c @@ -2227,6 +2227,8 @@ static struct inode *shmem_get_inode(str mpol_shared_policy_init(&info->policy, NULL); break; } + + lockdep_annotate_inode_mutex_key(inode); } else shmem_free_inode(sb); return inode; _

6 years, 9 months

1
0
0 0

[patch 2/7] mm: disable deferred struct page for 32-bit arches

by akpm＠linux-foundation.org

From: Pasha Tatashin <Pavel.Tatashin(a)microsoft.com> Subject: mm: disable deferred struct page for 32-bit arches Deferred struct page init is needed only on systems with large amount of physical memory to improve boot performance. 32-bit systems do not benefit from this feature. Jiri reported a problem where deferred struct pages do not work well with x86-32: [ 0.035162] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes) [ 0.035725] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes) [ 0.036269] Initializing CPU#0 [ 0.036513] Initializing HighMem for node 0 (00036ffe:0007ffe0) [ 0.038459] page:f6780000 is uninitialized and poisoned [ 0.038460] raw: ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff [ 0.039509] page dumped because: VM_BUG_ON_PAGE(1 && PageCompound(page)) [ 0.040038] ------------[ cut here ]------------ [ 0.040399] kernel BUG at include/linux/page-flags.h:293! [ 0.040823] invalid opcode: 0000 [#1] SMP PTI [ 0.041166] CPU: 0 PID: 0 Comm: swapper Not tainted 4.19.0-rc1_pt_jiri #9 [ 0.041694] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014 [ 0.042496] EIP: free_highmem_page+0x64/0x80 [ 0.042839] Code: 13 46 d8 c1 e8 18 5d 83 e0 03 8d 04 c0 c1 e0 06 ff 80 ec 5f 44 d8 c3 8d b4 26 00 00 00 00 ba 08 65 28 d8 89 d8 e8 fc 71 02 00 <0f> 0b 8d 76 00 8d bc 27 00 00 00 00 ba d0 b1 26 d8 89 d8 e8 e4 71 [ 0.044338] EAX: 0000003c EBX: f6780000 ECX: 00000000 EDX: d856cbe8 [ 0.044868] ESI: 0007ffe0 EDI: d838df20 EBP: d838df00 ESP: d838defc [ 0.045372] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00210086 [ 0.045913] CR0: 80050033 CR2: 00000000 CR3: 18556000 CR4: 00040690 [ 0.046413] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 0.046913] DR6: fffe0ff0 DR7: 00000400 [ 0.047220] Call Trace: [ 0.047419] add_highpages_with_active_regions+0xbd/0x10d [ 0.047854] set_highmem_pages_init+0x5b/0x71 [ 0.048202] mem_init+0x2b/0x1e8 [ 0.048460] start_kernel+0x1d2/0x425 [ 0.048757] i386_start_kernel+0x93/0x97 [ 0.049073] startup_32_smp+0x164/0x168 [ 0.049379] Modules linked in: [ 0.049626] ---[ end trace 337949378db0abbb ]--- We free highmem pages before their struct pages are initialized: mem_init() set_highmem_pages_init() add_highpages_with_active_regions() free_highmem_page() .. Access uninitialized struct page here.. Because there is no reason to have this feature on 32-bit systems, just disable it. Link: http://lkml.kernel.org/r/20180831150506.31246-1-pavel.tatashin@microsoft.com Fixes: 2e3ca40f03bb ("mm: relax deferred struct page requirements") Signed-off-by: Pavel Tatashin <pavel.tatashin(a)microsoft.com> Reported-by: Jiri Slaby <jslaby(a)suse.cz> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN mm/Kconfig~mm-disable-deferred-struct-page-for-32-bit-arches mm/Kconfig --- a/mm/Kconfig~mm-disable-deferred-struct-page-for-32-bit-arches +++ a/mm/Kconfig @@ -637,6 +637,7 @@ config DEFERRED_STRUCT_PAGE_INIT depends on NO_BOOTMEM depends on SPARSEMEM depends on !NEED_PER_CPU_KM + depends on 64BIT help Ordinarily all struct pages are initialised during early boot in a single thread. On very large machines this can take a considerable _

6 years, 9 months

1
0
0 0

[patch 1/7] fork: report pid exhaustion correctly

by akpm＠linux-foundation.org

From: KJ Tsanaktsidis <ktsanaktsidis(a)zendesk.com> Subject: fork: report pid exhaustion correctly Make the clone and fork syscalls return EAGAIN when the limit on the number of pids /proc/sys/kernel/pid_max is exceeded. Currently, when the pid_max limit is exceeded, the kernel will return ENOSPC from the fork and clone syscalls. This is contrary to the documented behaviour, which explicitly calls out the pid_max case as one where EAGAIN should be returned. It also leads to really confusing error messages in userspace programs which will complain about a lack of disk space when they fail to create processes/threads for this reason. This error is being returned because alloc_pid() uses the idr api to find a new pid; when there are none available, idr_alloc_cyclic() returns -ENOSPC, and this is being propagated back to userspace. This behaviour has been broken before, and was explicitly fixed in commit 35f71bc0a09a ("fork: report pid reservation failure properly"), so I think -EAGAIN is definitely the right thing to return in this case. The current behaviour change dates from commit 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP") and was I believe unintentional. This patch has no impact on the case where allocating a pid fails because the child reaper for the namespace is dead; that case will still return -ENOMEM. Link: http://lkml.kernel.org/r/20180903111016.46461-1-ktsanaktsidis@zendesk.com Fixes: 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP") Signed-off-by: KJ Tsanaktsidis <ktsanaktsidis(a)zendesk.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Gargi Sharma <gs051095(a)gmail.com> Cc: Rik van Riel <riel(a)redhat.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN kernel/pid.c~fork-report-pid-exhaustion-correctly kernel/pid.c --- a/kernel/pid.c~fork-report-pid-exhaustion-correctly +++ a/kernel/pid.c @@ -195,7 +195,7 @@ struct pid *alloc_pid(struct pid_namespa idr_preload_end(); if (nr < 0) { - retval = nr; + retval = (nr == -ENOSPC) ? -EAGAIN : nr; goto out_free; } _

6 years, 9 months

1
0
0 0

[patch 1/7] fork: report pid exhaustion correctly

by akpm＠linux-foundation.org

From: KJ Tsanaktsidis <ktsanaktsidis(a)zendesk.com> Subject: fork: report pid exhaustion correctly Make the clone and fork syscalls return EAGAIN when the limit on the number of pids /proc/sys/kernel/pid_max is exceeded. Currently, when the pid_max limit is exceeded, the kernel will return ENOSPC from the fork and clone syscalls. This is contrary to the documented behaviour, which explicitly calls out the pid_max case as one where EAGAIN should be returned. It also leads to really confusing error messages in userspace programs which will complain about a lack of disk space when they fail to create processes/threads for this reason. This error is being returned because alloc_pid() uses the idr api to find a new pid; when there are none available, idr_alloc_cyclic() returns -ENOSPC, and this is being propagated back to userspace. This behaviour has been broken before, and was explicitly fixed in commit 35f71bc0a09a ("fork: report pid reservation failure properly"), so I think -EAGAIN is definitely the right thing to return in this case. The current behaviour change dates from commit 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP") and was I believe unintentional. This patch has no impact on the case where allocating a pid fails because the child reaper for the namespace is dead; that case will still return -ENOMEM. Link: http://lkml.kernel.org/r/20180903111016.46461-1-ktsanaktsidis@zendesk.com Fixes: 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP") Signed-off-by: KJ Tsanaktsidis <ktsanaktsidis(a)zendesk.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Gargi Sharma <gs051095(a)gmail.com> Cc: Rik van Riel <riel(a)redhat.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN kernel/pid.c~fork-report-pid-exhaustion-correctly kernel/pid.c --- a/kernel/pid.c~fork-report-pid-exhaustion-correctly +++ a/kernel/pid.c @@ -195,7 +195,7 @@ struct pid *alloc_pid(struct pid_namespa idr_preload_end(); if (nr < 0) { - retval = nr; + retval = (nr == -ENOSPC) ? -EAGAIN : nr; goto out_free; } _

6 years, 9 months

1
0
0 0

[patch 7/7] ocfs2: fix ocfs2 read block panic

by akpm＠linux-foundation.org

From: Junxiao Bi <junxiao.bi(a)oracle.com> Subject: ocfs2: fix ocfs2 read block panic While reading block, it is possible that io error return due to underlying storage issue, in this case, BH_NeedsValidate was left in the buffer head. Then when reading the very block next time, if it was already linked into journal, that will trigger the following panic. [203748.702517] kernel BUG at fs/ocfs2/buffer_head_io.c:342! [203748.702533] invalid opcode: 0000 [#1] SMP [203748.702561] Modules linked in: ocfs2 ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs sunrpc dm_switch dm_queue_length dm_multipath bonding be2iscsi iscsi_boot_sysfs bnx2i cnic uio cxgb4i iw_cxgb4 cxgb4 cxgb3i libcxgbi iw_cxgb3 cxgb3 mdio ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr ipv6 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipmi_devintf iTCO_wdt iTCO_vendor_support dcdbas ipmi_ssif i2c_core ipmi_si ipmi_msghandler acpi_pad pcspkr sb_edac edac_core lpc_ich mfd_core shpchp sg tg3 ptp pps_core ext4 jbd2 mbcache2 sr_mod cdrom sd_mod ahci libahci megaraid_sas wmi dm_mirror dm_region_hash dm_log dm_mod [203748.703024] CPU: 7 PID: 38369 Comm: touch Not tainted 4.1.12-124.18.6.el6uek.x86_64 #2 [203748.703045] Hardware name: Dell Inc. PowerEdge R620/0PXXHP, BIOS 2.5.2 01/28/2015 [203748.703067] task: ffff880768139c00 ti: ffff88006ff48000 task.ti: ffff88006ff48000 [203748.703088] RIP: 0010:[<ffffffffa05e9f09>] [<ffffffffa05e9f09>] ocfs2_read_blocks+0x669/0x7f0 [ocfs2] [203748.703130] RSP: 0018:ffff88006ff4b818 EFLAGS: 00010206 [203748.703389] RAX: 0000000008620029 RBX: ffff88006ff4b910 RCX: 0000000000000000 [203748.703885] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 00000000023079fe [203748.704382] RBP: ffff88006ff4b8d8 R08: 0000000000000000 R09: ffff8807578c25b0 [203748.704877] R10: 000000000f637376 R11: 000000003030322e R12: 0000000000000000 [203748.705373] R13: ffff88006ff4b910 R14: ffff880732fe38f0 R15: 0000000000000000 [203748.705871] FS: 00007f401992c700(0000) GS:ffff880bfebc0000(0000) knlGS:0000000000000000 [203748.706370] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [203748.706627] CR2: 00007f4019252440 CR3: 00000000a621e000 CR4: 0000000000060670 [203748.707124] Stack: [203748.707371] ffff88006ff4b828 ffffffffa0609f52 ffff88006ff4b838 0000000000000001 [203748.707885] 0000000000000000 0000000000000000 ffff880bf67c3800 ffffffffa05eca00 [203748.708399] 00000000023079ff ffffffff81c58b80 0000000000000000 0000000000000000 [203748.708915] Call Trace: [203748.709175] [<ffffffffa0609f52>] ? ocfs2_inode_cache_io_unlock+0x12/0x20 [ocfs2] [203748.709680] [<ffffffffa05eca00>] ? ocfs2_empty_dir_filldir+0x80/0x80 [ocfs2] [203748.710185] [<ffffffffa05ec0cb>] ocfs2_read_dir_block_direct+0x3b/0x200 [ocfs2] [203748.710691] [<ffffffffa05f0fbf>] ocfs2_prepare_dx_dir_for_insert.isra.57+0x19f/0xf60 [ocfs2] [203748.711204] [<ffffffffa065660f>] ? ocfs2_metadata_cache_io_unlock+0x1f/0x30 [ocfs2] [203748.711716] [<ffffffffa05f4f3a>] ocfs2_prepare_dir_for_insert+0x13a/0x890 [ocfs2] [203748.712227] [<ffffffffa05f442e>] ? ocfs2_check_dir_for_entry+0x8e/0x140 [ocfs2] [203748.712737] [<ffffffffa061b2f2>] ocfs2_mknod+0x4b2/0x1370 [ocfs2] [203748.713003] [<ffffffffa061c385>] ocfs2_create+0x65/0x170 [ocfs2] [203748.713263] [<ffffffff8121714b>] vfs_create+0xdb/0x150 [203748.713518] [<ffffffff8121b225>] do_last+0x815/0x1210 [203748.713772] [<ffffffff812192e9>] ? path_init+0xb9/0x450 [203748.714123] [<ffffffff8121bca0>] path_openat+0x80/0x600 [203748.714378] [<ffffffff811bcd45>] ? handle_pte_fault+0xd15/0x1620 [203748.714634] [<ffffffff8121d7ba>] do_filp_open+0x3a/0xb0 [203748.714888] [<ffffffff8122a767>] ? __alloc_fd+0xa7/0x130 [203748.715143] [<ffffffff81209ffc>] do_sys_open+0x12c/0x220 [203748.715403] [<ffffffff81026ddb>] ? syscall_trace_enter_phase1+0x11b/0x180 [203748.715668] [<ffffffff816f0c9f>] ? system_call_after_swapgs+0xe9/0x190 [203748.715928] [<ffffffff8120a10e>] SyS_open+0x1e/0x20 [203748.716184] [<ffffffff816f0d5e>] system_call_fastpath+0x18/0xd7 [203748.716440] Code: 00 00 48 8b 7b 08 48 83 c3 10 45 89 f8 44 89 e1 44 89 f2 4c 89 ee e8 07 06 11 e1 48 8b 03 48 85 c0 75 df 8b 5d c8 e9 4d fa ff ff <0f> 0b 48 8b 7d a0 e8 dc c6 06 00 48 b8 00 00 00 00 00 00 00 10 [203748.717505] RIP [<ffffffffa05e9f09>] ocfs2_read_blocks+0x669/0x7f0 [ocfs2] [203748.717775] RSP <ffff88006ff4b818> Joesph ever reported a similar panic. Link: https://oss.oracle.com/pipermail/ocfs2-devel/2013-May/008931.html Link: http://lkml.kernel.org/r/20180912063207.29484-1-junxiao.bi@oracle.com Signed-off-by: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Joseph Qi <jiangqi903(a)gmail.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Changwei Ge <ge.changwei(a)h3c.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN fs/ocfs2/buffer_head_io.c~ocfs2-fix-ocfs2-read-block-panic fs/ocfs2/buffer_head_io.c --- a/fs/ocfs2/buffer_head_io.c~ocfs2-fix-ocfs2-read-block-panic +++ a/fs/ocfs2/buffer_head_io.c @@ -342,6 +342,7 @@ int ocfs2_read_blocks(struct ocfs2_cachi * for this bh as it's not marked locally * uptodate. */ status = -EIO; + clear_buffer_needs_validate(bh); put_bh(bh); bhs[i] = NULL; continue; _

6 years, 9 months

1
0
0 0

[patch 4/7] mm: shmem.c: Correctly annotate new inodes for lockdep

by akpm＠linux-foundation.org

From: "Joel Fernandes (Google)" <joel(a)joelfernandes.org> Subject: mm: shmem.c: Correctly annotate new inodes for lockdep Directories and inodes don't necessarily need to be in the same lockdep class. For ex, hugetlbfs splits them out too to prevent false positives in lockdep. Annotate correctly after new inode creation. If its a directory inode, it will be put into a different class. This should fix a lockdep splat reported by syzbot: > ====================================================== > WARNING: possible circular locking dependency detected > 4.18.0-rc8-next-20180810+ #36 Not tainted > ------------------------------------------------------ > syz-executor900/4483 is trying to acquire lock: > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: inode_lock > include/linux/fs.h:765 [inline] > 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > > but task is already holding lock: > 0000000025208078 (ashmem_mutex){+.+.}, at: ashmem_shrink_scan+0xb4/0x630 > drivers/staging/android/ashmem.c:448 > > which lock already depends on the new lock. > > -> #2 (ashmem_mutex){+.+.}: > __mutex_lock_common kernel/locking/mutex.c:925 [inline] > __mutex_lock+0x171/0x1700 kernel/locking/mutex.c:1073 > mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1088 > ashmem_mmap+0x55/0x520 drivers/staging/android/ashmem.c:361 > call_mmap include/linux/fs.h:1844 [inline] > mmap_region+0xf27/0x1c50 mm/mmap.c:1762 > do_mmap+0xa10/0x1220 mm/mmap.c:1535 > do_mmap_pgoff include/linux/mm.h:2298 [inline] > vm_mmap_pgoff+0x213/0x2c0 mm/util.c:357 > ksys_mmap_pgoff+0x4da/0x660 mm/mmap.c:1585 > __do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] > __se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline] > __x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #1 (&mm->mmap_sem){++++}: > __might_fault+0x155/0x1e0 mm/memory.c:4568 > _copy_to_user+0x30/0x110 lib/usercopy.c:25 > copy_to_user include/linux/uaccess.h:155 [inline] > filldir+0x1ea/0x3a0 fs/readdir.c:196 > dir_emit_dot include/linux/fs.h:3464 [inline] > dir_emit_dots include/linux/fs.h:3475 [inline] > dcache_readdir+0x13a/0x620 fs/libfs.c:193 > iterate_dir+0x48b/0x5d0 fs/readdir.c:51 > __do_sys_getdents fs/readdir.c:231 [inline] > __se_sys_getdents fs/readdir.c:212 [inline] > __x64_sys_getdents+0x29f/0x510 fs/readdir.c:212 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > -> #0 (&sb->s_type->i_mutex_key#9){++++}: > lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924 > down_write+0x8f/0x130 kernel/locking/rwsem.c:70 > inode_lock include/linux/fs.h:765 [inline] > shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602 > ashmem_shrink_scan+0x236/0x630 drivers/staging/android/ashmem.c:455 > ashmem_ioctl+0x3ae/0x13a0 drivers/staging/android/ashmem.c:797 > vfs_ioctl fs/ioctl.c:46 [inline] > file_ioctl fs/ioctl.c:501 [inline] > do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:685 > ksys_ioctl+0xa9/0xd0 fs/ioctl.c:702 > __do_sys_ioctl fs/ioctl.c:709 [inline] > __se_sys_ioctl fs/ioctl.c:707 [inline] > __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:707 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > other info that might help us debug this: > > Chain exists of: > &sb->s_type->i_mutex_key#9 --> &mm->mmap_sem --> ashmem_mutex > > Possible unsafe locking scenario: > > CPU0 CPU1 > ---- ---- > lock(ashmem_mutex); > lock(&mm->mmap_sem); > lock(ashmem_mutex); > lock(&sb->s_type->i_mutex_key#9); > > *** DEADLOCK *** > > 1 lock held by syz-executor900/4483: > #0: 0000000025208078 (ashmem_mutex){+.+.}, at: > ashmem_shrink_scan+0xb4/0x630 drivers/staging/android/ashmem.c:448 Link: http://lkml.kernel.org/r/20180821231835.166639-1-joel@joelfernandes.org Signed-off-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> Reported-by: syzbot <syzkaller(a)googlegroups.com> Reviewed-by: NeilBrown <neilb(a)suse.com> Suggested-by: NeilBrown <neilb(a)suse.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN mm/shmem.c~mm-shmem-correctly-annotate-new-inodes-for-lockdep mm/shmem.c --- a/mm/shmem.c~mm-shmem-correctly-annotate-new-inodes-for-lockdep +++ a/mm/shmem.c @@ -2227,6 +2227,8 @@ static struct inode *shmem_get_inode(str mpol_shared_policy_init(&info->policy, NULL); break; } + + lockdep_annotate_inode_mutex_key(inode); } else shmem_free_inode(sb); return inode; _

6 years, 9 months

1
0
0 0

[patch 2/7] mm: disable deferred struct page for 32-bit arches

by akpm＠linux-foundation.org

From: Pasha Tatashin <Pavel.Tatashin(a)microsoft.com> Subject: mm: disable deferred struct page for 32-bit arches Deferred struct page init is needed only on systems with large amount of physical memory to improve boot performance. 32-bit systems do not benefit from this feature. Jiri reported a problem where deferred struct pages do not work well with x86-32: [ 0.035162] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes) [ 0.035725] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes) [ 0.036269] Initializing CPU#0 [ 0.036513] Initializing HighMem for node 0 (00036ffe:0007ffe0) [ 0.038459] page:f6780000 is uninitialized and poisoned [ 0.038460] raw: ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff [ 0.039509] page dumped because: VM_BUG_ON_PAGE(1 && PageCompound(page)) [ 0.040038] ------------[ cut here ]------------ [ 0.040399] kernel BUG at include/linux/page-flags.h:293! [ 0.040823] invalid opcode: 0000 [#1] SMP PTI [ 0.041166] CPU: 0 PID: 0 Comm: swapper Not tainted 4.19.0-rc1_pt_jiri #9 [ 0.041694] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014 [ 0.042496] EIP: free_highmem_page+0x64/0x80 [ 0.042839] Code: 13 46 d8 c1 e8 18 5d 83 e0 03 8d 04 c0 c1 e0 06 ff 80 ec 5f 44 d8 c3 8d b4 26 00 00 00 00 ba 08 65 28 d8 89 d8 e8 fc 71 02 00 <0f> 0b 8d 76 00 8d bc 27 00 00 00 00 ba d0 b1 26 d8 89 d8 e8 e4 71 [ 0.044338] EAX: 0000003c EBX: f6780000 ECX: 00000000 EDX: d856cbe8 [ 0.044868] ESI: 0007ffe0 EDI: d838df20 EBP: d838df00 ESP: d838defc [ 0.045372] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00210086 [ 0.045913] CR0: 80050033 CR2: 00000000 CR3: 18556000 CR4: 00040690 [ 0.046413] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 0.046913] DR6: fffe0ff0 DR7: 00000400 [ 0.047220] Call Trace: [ 0.047419] add_highpages_with_active_regions+0xbd/0x10d [ 0.047854] set_highmem_pages_init+0x5b/0x71 [ 0.048202] mem_init+0x2b/0x1e8 [ 0.048460] start_kernel+0x1d2/0x425 [ 0.048757] i386_start_kernel+0x93/0x97 [ 0.049073] startup_32_smp+0x164/0x168 [ 0.049379] Modules linked in: [ 0.049626] ---[ end trace 337949378db0abbb ]--- We free highmem pages before their struct pages are initialized: mem_init() set_highmem_pages_init() add_highpages_with_active_regions() free_highmem_page() .. Access uninitialized struct page here.. Because there is no reason to have this feature on 32-bit systems, just disable it. Link: http://lkml.kernel.org/r/20180831150506.31246-1-pavel.tatashin@microsoft.com Fixes: 2e3ca40f03bb ("mm: relax deferred struct page requirements") Signed-off-by: Pavel Tatashin <pavel.tatashin(a)microsoft.com> Reported-by: Jiri Slaby <jslaby(a)suse.cz> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN mm/Kconfig~mm-disable-deferred-struct-page-for-32-bit-arches mm/Kconfig --- a/mm/Kconfig~mm-disable-deferred-struct-page-for-32-bit-arches +++ a/mm/Kconfig @@ -637,6 +637,7 @@ config DEFERRED_STRUCT_PAGE_INIT depends on NO_BOOTMEM depends on SPARSEMEM depends on !NEED_PER_CPU_KM + depends on 64BIT help Ordinarily all struct pages are initialised during early boot in a single thread. On very large machines this can take a considerable _

6 years, 9 months

1
0
0 0

[patch 1/7] fork: report pid exhaustion correctly

by akpm＠linux-foundation.org

From: KJ Tsanaktsidis <ktsanaktsidis(a)zendesk.com> Subject: fork: report pid exhaustion correctly Make the clone and fork syscalls return EAGAIN when the limit on the number of pids /proc/sys/kernel/pid_max is exceeded. Currently, when the pid_max limit is exceeded, the kernel will return ENOSPC from the fork and clone syscalls. This is contrary to the documented behaviour, which explicitly calls out the pid_max case as one where EAGAIN should be returned. It also leads to really confusing error messages in userspace programs which will complain about a lack of disk space when they fail to create processes/threads for this reason. This error is being returned because alloc_pid() uses the idr api to find a new pid; when there are none available, idr_alloc_cyclic() returns -ENOSPC, and this is being propagated back to userspace. This behaviour has been broken before, and was explicitly fixed in commit 35f71bc0a09a ("fork: report pid reservation failure properly"), so I think -EAGAIN is definitely the right thing to return in this case. The current behaviour change dates from commit 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP") and was I believe unintentional. This patch has no impact on the case where allocating a pid fails because the child reaper for the namespace is dead; that case will still return -ENOMEM. Link: http://lkml.kernel.org/r/20180903111016.46461-1-ktsanaktsidis@zendesk.com Fixes: 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP") Signed-off-by: KJ Tsanaktsidis <ktsanaktsidis(a)zendesk.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Gargi Sharma <gs051095(a)gmail.com> Cc: Rik van Riel <riel(a)redhat.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN kernel/pid.c~fork-report-pid-exhaustion-correctly kernel/pid.c --- a/kernel/pid.c~fork-report-pid-exhaustion-correctly +++ a/kernel/pid.c @@ -195,7 +195,7 @@ struct pid *alloc_pid(struct pid_namespa idr_preload_end(); if (nr < 0) { - retval = nr; + retval = (nr == -ENOSPC) ? -EAGAIN : nr; goto out_free; } _

6 years, 9 months

1
0
0 0

Applied "regulator: fix crash caused by null driver data" to the regulator tree

by Mark Brown

The patch regulator: fix crash caused by null driver data has been applied to the regulator tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From fb6de923ca3358a91525552b4907d4cb38730bdd Mon Sep 17 00:00:00 2001 From: Yu Zhao <yuzhao(a)google.com> Date: Wed, 19 Sep 2018 15:30:51 -0600 Subject: [PATCH] regulator: fix crash caused by null driver data dev_set_drvdata() needs to be called before device_register() exposes device to userspace. Otherwise kernel crashes after it gets null pointer from dev_get_drvdata() when userspace tries to access sysfs entries. [Removed backtrace for length -- broonie] Signed-off-by: Yu Zhao <yuzhao(a)google.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/regulator/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c index 90215f57270f..9577d8941846 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c @@ -4395,13 +4395,13 @@ regulator_register(const struct regulator_desc *regulator_desc, !rdev->desc->fixed_uV) rdev->is_switch = true; + dev_set_drvdata(&rdev->dev, rdev); ret = device_register(&rdev->dev); if (ret != 0) { put_device(&rdev->dev); goto unset_supplies; } - dev_set_drvdata(&rdev->dev, rdev); rdev_init_debugfs(rdev); /* try to resolve regulators supply since a new one was registered */ -- 2.19.0

6 years, 9 months

1
0
0 0

[PATCH] xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code

by Boris Ostrovsky

Otherwise we may leak kernel stack for events that sample user registers. Reported-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: stable(a)vger.kernel.org --- arch/x86/xen/pmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/xen/pmu.c b/arch/x86/xen/pmu.c index 7d00d4a..95997e6 100644 --- a/arch/x86/xen/pmu.c +++ b/arch/x86/xen/pmu.c @@ -478,7 +478,7 @@ static void xen_convert_regs(const struct xen_pmu_regs *xen_regs, irqreturn_t xen_pmu_irq_handler(int irq, void *dev_id) { int err, ret = IRQ_NONE; - struct pt_regs regs; + struct pt_regs regs = {0}; const struct xen_pmu_data *xenpmu_data = get_xenpmu_data(); uint8_t xenpmu_flags = get_xenpmu_flags(); -- 1.8.3.1

6 years, 9 months

2
2
0 0

[PATCH v2 3/3] usb: typec: pci: Enable Intel USB role mux on Apollo Lake platforms

by Mathias Nyman

From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Intel Apollo Lake has the same internal USB role mux as Intel Cherry Trail. Cc: <stable(a)vger.kernel.org> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-pci.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 722860e..51dd8e0 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -179,10 +179,12 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) xhci->quirks |= XHCI_PME_STUCK_QUIRK; } if (pdev->vendor == PCI_VENDOR_ID_INTEL && - pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) { + pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) xhci->quirks |= XHCI_SSIC_PORT_UNUSED; + if (pdev->vendor == PCI_VENDOR_ID_INTEL && + (pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || + pdev->device == PCI_DEVICE_ID_INTEL_APL_XHCI)) xhci->quirks |= XHCI_INTEL_USB_ROLE_SW; - } if (pdev->vendor == PCI_VENDOR_ID_INTEL && (pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI || -- 2.7.4

6 years, 9 months

1
0
0 0

[PATCH v2 2/3] usb: xhci-mtk: resume USB3 roothub first

by Mathias Nyman

From: Chunfeng Yun <chunfeng.yun(a)mediatek.com> Give USB3 devices a better chance to enumerate at USB3 speeds if they are connected to a suspended host. Porting from "671ffdff5b13 xhci: resume USB 3 roothub first" Cc: <stable(a)vger.kernel.org> Signed-off-by: Chunfeng Yun <chunfeng.yun(a)mediatek.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-mtk.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/host/xhci-mtk.c b/drivers/usb/host/xhci-mtk.c index 7334da9..71d0d33 100644 --- a/drivers/usb/host/xhci-mtk.c +++ b/drivers/usb/host/xhci-mtk.c @@ -642,10 +642,10 @@ static int __maybe_unused xhci_mtk_resume(struct device *dev) xhci_mtk_host_enable(mtk); xhci_dbg(xhci, "%s: restart port polling\n", __func__); - set_bit(HCD_FLAG_POLL_RH, &hcd->flags); - usb_hcd_poll_rh_status(hcd); set_bit(HCD_FLAG_POLL_RH, &xhci->shared_hcd->flags); usb_hcd_poll_rh_status(xhci->shared_hcd); + set_bit(HCD_FLAG_POLL_RH, &hcd->flags); + usb_hcd_poll_rh_status(hcd); return 0; } -- 2.7.4

6 years, 9 months

1
0
0 0

[PATCH v2 1/3] xhci: Add missing CAS workaround for Intel Sunrise Point xHCI

by Mathias Nyman

The workaround for missing CAS bit is also needed for xHC on Intel sunrisepoint PCH. For more details see: Intel 100/c230 series PCH specification update Doc #332692-006 Errata #8 Cc: <stable(a)vger.kernel.org> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-pci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 6372edf..722860e 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -185,6 +185,8 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) } if (pdev->vendor == PCI_VENDOR_ID_INTEL && (pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || + pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI || + pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_H_XHCI || pdev->device == PCI_DEVICE_ID_INTEL_APL_XHCI || pdev->device == PCI_DEVICE_ID_INTEL_DNV_XHCI)) xhci->quirks |= XHCI_MISSING_CAS; -- 2.7.4

6 years, 9 months

1
0
0 0

v4.4.157 build: 0 failures 31 warnings (v4.4.157)

by Build bot for Mark Brown

Tree/Branch: v4.4.157 Git describe: v4.4.157 Commit: d956091968 Linux 4.4.157 Build Time: 68 min 54 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 31 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 19 warnings 0 mismatches : arm64-allmodconfig 17 warnings 0 mismatches : x86_64-allmodconfig ------------------------------------------------------------------------------- Warnings Summary: 31 3 warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) 2 ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=] 2 ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 2 ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2752 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2720 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:4759:1: warning: the frame size of 2056 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2096 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 6784 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5864 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5840 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2304 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2288 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2104 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2552 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2544 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3264 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3248 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 3008 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 2992 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5296 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv0367.c:3147:1: warning: the frame size of 4144 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv0367.c:2490:1: warning: the frame size of 3424 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2984 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2976 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4336 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4328 bytes is larger than 2048 bytes [-Wframe-larger-than=] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 19 warnings, 0 section mismatches Warnings: warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 2992 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2288 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3248 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2544 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5840 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 6784 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv0367.c:2490:1: warning: the frame size of 3424 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2976 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4336 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2720 bytes is larger than 2048 bytes [-Wframe-larger-than=] ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 17 warnings, 0 section mismatches Warnings: ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 3008 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2104 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2304 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2096 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3264 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5296 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4759:1: warning: the frame size of 2056 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2552 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5864 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv0367.c:3147:1: warning: the frame size of 4144 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2984 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4328 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2752 bytes is larger than 2048 bytes [-Wframe-larger-than=] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm64-defconfig

6 years, 9 months

1
0
0 0

patch "serial: imx: restore handshaking irq for imx1" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: imx: restore handshaking irq for imx1 to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 7e620984b62532783912312e334f3c48cdacbd5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <u.kleine-koenig(a)pengutronix.de> Date: Thu, 20 Sep 2018 14:11:17 +0200 Subject: serial: imx: restore handshaking irq for imx1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Back in 2015 when irda was dropped from the driver imx1 was broken. This change reintroduces the support for the third interrupt of the UART. Fixes: afe9cbb1a6ad ("serial: imx: drop support for IRDA") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Reviewed-by: Leonard Crestez <leonard.crestez(a)nxp.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/imx.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c index 239c0fa2e981..0f67197a3783 100644 --- a/drivers/tty/serial/imx.c +++ b/drivers/tty/serial/imx.c @@ -2351,6 +2351,14 @@ static int imx_uart_probe(struct platform_device *pdev) ret); return ret; } + + ret = devm_request_irq(&pdev->dev, rtsirq, imx_uart_rtsint, 0, + dev_name(&pdev->dev), sport); + if (ret) { + dev_err(&pdev->dev, "failed to request rts irq: %d\n", + ret); + return ret; + } } else { ret = devm_request_irq(&pdev->dev, rxirq, imx_uart_int, 0, dev_name(&pdev->dev), sport); -- 2.19.0

6 years, 9 months

1
0
0 0

[PATCH] b43: Fix regression in kernel 4.18

by Larry Finger

In commit 66cffd6daab7 ("b43: fix transmit failure when VT is switched"), a condition is noted where the network controller needs to be reset. Note that this situation happens when running the open-source firmware (http://netweb.ing.unibs.it/~openfwwf/), plus a number of other special conditions. for a different card model, it is reported that this change breaks operation running the proprietary firmware (https://marc.info/?l=linux-wireless&m=153504546924558&w=2). Rather than reverting the previous patch, the code is tweaked to avoid the reset unless the open-source firmware is being used. Fixes: 66cffd6daab7 ("b43: fix transmit failure when VT is switched") Cc: Stable <stable(a)vger.kernel.org> # 4.18+ Cc: Taketo Kabe <kabe(a)sra-tohoku.co.jp> Reported-and-tested-by: D. Prabhu <d.praabhu(a)gmail.com> Signed-off-by: Larry Finger <Larry.Finger(a)lwfinger.net> --- drivers/net/wireless/broadcom/b43/dma.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/broadcom/b43/dma.c b/drivers/net/wireless/broadcom/b43/dma.c index 6b0e1ec346cb..d46d57b989ae 100644 --- a/drivers/net/wireless/broadcom/b43/dma.c +++ b/drivers/net/wireless/broadcom/b43/dma.c @@ -1518,13 +1518,15 @@ void b43_dma_handle_txstatus(struct b43_wldev *dev, } } else { /* More than a single header/data pair were missed. - * Report this error, and reset the controller to + * Report this error. If running with open-source + * firmware, then reset the controller to * revive operation. */ b43dbg(dev->wl, "Out of order TX status report on DMA ring %d. Expected %d, but got %d\n", ring->index, firstused, slot); - b43_controller_restart(dev, "Out of order TX"); + if (dev->fw.opensource) + b43_controller_restart(dev, "Out of order TX"); return; } } -- 2.18.0

6 years, 9 months

2
2
0 0

[PATCH 1/2] usb: typec: mux: Take care of driver module reference counting

by Heikki Krogerus

Functions typec_mux_get() and typec_switch_get() already make sure that the mux device reference count is incremented, but the same must be done to the driver module as well to prevent the drivers from being unloaded in the middle of operation. This fixes a potential "BUG: unable to handle kernel paging request at ..." from happening. Fixes: 93dd2112c7b2 ("usb: typec: mux: Get the mux identifier from function parameter") Cc: <stable(a)vger.kernel.org> Acked-by: Hans de Goede <hdegoede(a)redhat.com> Tested-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- drivers/usb/typec/mux.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/drivers/usb/typec/mux.c b/drivers/usb/typec/mux.c index ddaac63ecf12..d990aa510fab 100644 --- a/drivers/usb/typec/mux.c +++ b/drivers/usb/typec/mux.c @@ -9,6 +9,7 @@ #include <linux/device.h> #include <linux/list.h> +#include <linux/module.h> #include <linux/mutex.h> #include <linux/usb/typec_mux.h> @@ -49,8 +50,10 @@ struct typec_switch *typec_switch_get(struct device *dev) mutex_lock(&switch_lock); sw = device_connection_find_match(dev, "typec-switch", NULL, typec_switch_match); - if (!IS_ERR_OR_NULL(sw)) + if (!IS_ERR_OR_NULL(sw)) { + WARN_ON(!try_module_get(sw->dev->driver->owner)); get_device(sw->dev); + } mutex_unlock(&switch_lock); return sw; @@ -65,8 +68,10 @@ EXPORT_SYMBOL_GPL(typec_switch_get); */ void typec_switch_put(struct typec_switch *sw) { - if (!IS_ERR_OR_NULL(sw)) + if (!IS_ERR_OR_NULL(sw)) { + module_put(sw->dev->driver->owner); put_device(sw->dev); + } } EXPORT_SYMBOL_GPL(typec_switch_put); @@ -136,8 +141,10 @@ struct typec_mux *typec_mux_get(struct device *dev, const char *name) mutex_lock(&mux_lock); mux = device_connection_find_match(dev, name, NULL, typec_mux_match); - if (!IS_ERR_OR_NULL(mux)) + if (!IS_ERR_OR_NULL(mux)) { + WARN_ON(!try_module_get(mux->dev->driver->owner)); get_device(mux->dev); + } mutex_unlock(&mux_lock); return mux; @@ -152,8 +159,10 @@ EXPORT_SYMBOL_GPL(typec_mux_get); */ void typec_mux_put(struct typec_mux *mux) { - if (!IS_ERR_OR_NULL(mux)) + if (!IS_ERR_OR_NULL(mux)) { + module_put(mux->dev->driver->owner); put_device(mux->dev); + } } EXPORT_SYMBOL_GPL(typec_mux_put); -- 2.18.0

6 years, 9 months

3
4
0 0

patch "usb: core: safely deal with the dynamic quirk lists" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: core: safely deal with the dynamic quirk lists to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 16c4cb19fa85c648a803752eb63cac0ef69231c2 Mon Sep 17 00:00:00 2001 From: Harry Pan <harry.pan(a)intel.com> Date: Fri, 14 Sep 2018 16:58:16 +0800 Subject: usb: core: safely deal with the dynamic quirk lists Applying dynamic usbcore quirks in early booting when the slab is not yet ready would cause kernel panic of null pointer dereference because the quirk_count has been counted as 1 while the quirk_list was failed to allocate. i.e., [ 1.044970] BUG: unable to handle kernel NULL pointer dereference at (null) [ 1.044995] IP: [<ffffffffb0953ec7>] usb_detect_quirks+0x88/0xd1 [ 1.045016] PGD 0 [ 1.045026] Oops: 0000 [#1] PREEMPT SMP [ 1.046986] gsmi: Log Shutdown Reason 0x03 [ 1.046995] Modules linked in: [ 1.047008] CPU: 0 PID: 81 Comm: kworker/0:3 Not tainted 4.4.154 #28 [ 1.047016] Hardware name: Google Coral/Coral, BIOS Google_Coral.10068.27.0 12/04/2017 [ 1.047028] Workqueue: usb_hub_wq hub_event [ 1.047037] task: ffff88017a321c80 task.stack: ffff88017a384000 [ 1.047044] RIP: 0010:[<ffffffffb0953ec7>] [<ffffffffb0953ec7>] usb_detect_quirks+0x88/0xd1 To tackle this odd, let's balance the quirk_count to 0 when the kcalloc call fails, and defer the quirk setting into a lower level callback which ensures that the kernel memory management has been initialized. Fixes: 027bd6cafd9a ("usb: core: Add "quirks" parameter for usbcore") Signed-off-by: Harry Pan <harry.pan(a)intel.com> Acked-by: Kai-Heng Feng <kai.heng.feng(a)canonical.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/quirks.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c index e77dfe5ed5ec..178d6c6063c0 100644 --- a/drivers/usb/core/quirks.c +++ b/drivers/usb/core/quirks.c @@ -58,6 +58,7 @@ static int quirks_param_set(const char *val, const struct kernel_param *kp) quirk_list = kcalloc(quirk_count, sizeof(struct quirk_entry), GFP_KERNEL); if (!quirk_list) { + quirk_count = 0; mutex_unlock(&quirk_mutex); return -ENOMEM; } @@ -154,7 +155,7 @@ static struct kparam_string quirks_param_string = { .string = quirks_param, }; -module_param_cb(quirks, &quirks_param_ops, &quirks_param_string, 0644); +device_param_cb(quirks, &quirks_param_ops, &quirks_param_string, 0644); MODULE_PARM_DESC(quirks, "Add/modify USB quirks by specifying quirks=vendorID:productID:quirks"); /* Lists of quirky USB devices, split in device quirks and interface quirks. -- 2.19.0

6 years, 9 months

1
0
0 0

patch "usb: roles: Take care of driver module reference counting" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: roles: Take care of driver module reference counting to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b Mon Sep 17 00:00:00 2001 From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Date: Wed, 19 Sep 2018 10:58:05 +0300 Subject: usb: roles: Take care of driver module reference counting This fixes potential "BUG: unable to handle kernel paging request at ..." from happening. Fixes: fde0aa6c175a ("usb: common: Small class for USB role switches") Cc: <stable(a)vger.kernel.org> Acked-by: Hans de Goede <hdegoede(a)redhat.com> Tested-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/common/roles.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/usb/common/roles.c b/drivers/usb/common/roles.c index 15cc76e22123..99116af07f1d 100644 --- a/drivers/usb/common/roles.c +++ b/drivers/usb/common/roles.c @@ -109,8 +109,15 @@ static void *usb_role_switch_match(struct device_connection *con, int ep, */ struct usb_role_switch *usb_role_switch_get(struct device *dev) { - return device_connection_find_match(dev, "usb-role-switch", NULL, - usb_role_switch_match); + struct usb_role_switch *sw; + + sw = device_connection_find_match(dev, "usb-role-switch", NULL, + usb_role_switch_match); + + if (!IS_ERR_OR_NULL(sw)) + WARN_ON(!try_module_get(sw->dev.parent->driver->owner)); + + return sw; } EXPORT_SYMBOL_GPL(usb_role_switch_get); @@ -122,8 +129,10 @@ EXPORT_SYMBOL_GPL(usb_role_switch_get); */ void usb_role_switch_put(struct usb_role_switch *sw) { - if (!IS_ERR_OR_NULL(sw)) + if (!IS_ERR_OR_NULL(sw)) { put_device(&sw->dev); + module_put(sw->dev.parent->driver->owner); + } } EXPORT_SYMBOL_GPL(usb_role_switch_put); -- 2.19.0

6 years, 9 months

1
0
0 0

patch "USB: handle NULL config in usb_find_alt_setting()" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: handle NULL config in usb_find_alt_setting() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From c9a4cb204e9eb7fa7dfbe3f7d3a674fa530aa193 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Mon, 10 Sep 2018 14:00:53 -0400 Subject: USB: handle NULL config in usb_find_alt_setting() usb_find_alt_setting() takes a pointer to a struct usb_host_config as an argument; it searches for an interface with specified interface and alternate setting numbers in that config. However, it crashes if the usb_host_config pointer argument is NULL. Since this is a general-purpose routine, available for use in many places, we want to to be more robust. This patch makes it return NULL whenever the config argument is NULL. Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Reported-by: syzbot+19c3aaef85a89d451eac(a)syzkaller.appspotmail.com CC: <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/usb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c index 623be3174fb3..79d8bd7a612e 100644 --- a/drivers/usb/core/usb.c +++ b/drivers/usb/core/usb.c @@ -228,6 +228,8 @@ struct usb_host_interface *usb_find_alt_setting( struct usb_interface_cache *intf_cache = NULL; int i; + if (!config) + return NULL; for (i = 0; i < config->desc.bNumInterfaces; i++) { if (config->intf_cache[i]->altsetting[0].desc.bInterfaceNumber == iface_num) { -- 2.19.0

6 years, 9 months

1
0
0 0

patch "USB: fix error handling in usb_driver_claim_interface()" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: fix error handling in usb_driver_claim_interface() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From bd729f9d67aa9a303d8925bb8c4f06af25f407d1 Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Mon, 10 Sep 2018 13:59:59 -0400 Subject: USB: fix error handling in usb_driver_claim_interface() The syzbot fuzzing project found a use-after-free bug in the USB core. The bug was caused by usbfs not unbinding from an interface when the USB device file was closed, which led another process to attempt the unbind later on, after the private data structure had been deallocated. The reason usbfs did not unbind the interface at the appropriate time was because it thought the interface had never been claimed in the first place. This was caused by the fact that usb_driver_claim_interface() does not clean up properly when device_bind_driver() returns an error. Although the error code gets passed back to the caller, the iface->dev.driver pointer remains set and iface->condition remains equal to USB_INTERFACE_BOUND. This patch adds proper error handling to usb_driver_claim_interface(). Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Reported-by: syzbot+f84aa7209ccec829536f(a)syzkaller.appspotmail.com CC: <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/driver.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c index 7652dcb57998..a1f225f077cd 100644 --- a/drivers/usb/core/driver.c +++ b/drivers/usb/core/driver.c @@ -550,6 +550,21 @@ int usb_driver_claim_interface(struct usb_driver *driver, if (device_is_registered(dev)) retval = device_bind_driver(dev); + if (retval) { + dev->driver = NULL; + usb_set_intfdata(iface, NULL); + iface->needs_remote_wakeup = 0; + iface->condition = USB_INTERFACE_UNBOUND; + + /* + * Unbound interfaces are always runtime-PM-disabled + * and runtime-PM-suspended + */ + if (driver->supports_autosuspend) + pm_runtime_disable(dev); + pm_runtime_set_suspended(dev); + } + return retval; } EXPORT_SYMBOL_GPL(usb_driver_claim_interface); -- 2.19.0

6 years, 9 months

1
0
0 0

patch "USB: remove LPM management from usb_driver_claim_interface()" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: remove LPM management from usb_driver_claim_interface() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From c183813fcee44a249339b7c46e1ad271ca1870aa Mon Sep 17 00:00:00 2001 From: Alan Stern <stern(a)rowland.harvard.edu> Date: Mon, 10 Sep 2018 13:58:51 -0400 Subject: USB: remove LPM management from usb_driver_claim_interface() usb_driver_claim_interface() disables and re-enables Link Power Management, but it shouldn't do either one, for the reasons listed below. This patch removes the two LPM-related function calls from the routine. The reason for disabling LPM in the analogous function usb_probe_interface() is so that drivers won't have to deal with unwanted LPM transitions in their probe routine. But usb_driver_claim_interface() doesn't call the driver's probe routine (or any other callbacks), so that reason doesn't apply here. Furthermore, no driver other than usbfs will ever call usb_driver_claim_interface() unless it is already bound to another interface in the same device, which means disabling LPM here would be redundant. usbfs doesn't interact with LPM at all. Lastly, the error return from usb_unlocked_disable_lpm() isn't handled properly; the code doesn't clean up its earlier actions before returning. Signed-off-by: Alan Stern <stern(a)rowland.harvard.edu> Fixes: 8306095fd2c1 ("USB: Disable USB 3.0 LPM in critical sections.") CC: <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/driver.c | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c index e76e95f62f76..7652dcb57998 100644 --- a/drivers/usb/core/driver.c +++ b/drivers/usb/core/driver.c @@ -512,7 +512,6 @@ int usb_driver_claim_interface(struct usb_driver *driver, struct device *dev; struct usb_device *udev; int retval = 0; - int lpm_disable_error = -ENODEV; if (!iface) return -ENODEV; @@ -533,16 +532,6 @@ int usb_driver_claim_interface(struct usb_driver *driver, iface->condition = USB_INTERFACE_BOUND; - /* See the comment about disabling LPM in usb_probe_interface(). */ - if (driver->disable_hub_initiated_lpm) { - lpm_disable_error = usb_unlocked_disable_lpm(udev); - if (lpm_disable_error) { - dev_err(&iface->dev, "%s Failed to disable LPM for driver %s\n", - __func__, driver->name); - return -ENOMEM; - } - } - /* Claimed interfaces are initially inactive (suspended) and * runtime-PM-enabled, but only if the driver has autosuspend * support. Otherwise they are marked active, to prevent the @@ -561,10 +550,6 @@ int usb_driver_claim_interface(struct usb_driver *driver, if (device_is_registered(dev)) retval = device_bind_driver(dev); - /* Attempt to re-enable USB3 LPM, if the disable was successful. */ - if (!lpm_disable_error) - usb_unlocked_enable_lpm(udev); - return retval; } EXPORT_SYMBOL_GPL(usb_driver_claim_interface); -- 2.19.0

6 years, 9 months

1
0
0 0

patch "USB: usbdevfs: sanitize flags more" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: usbdevfs: sanitize flags more to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 7a68d9fb851012829c29e770621905529bd9490b Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum(a)suse.com> Date: Wed, 5 Sep 2018 12:07:02 +0200 Subject: USB: usbdevfs: sanitize flags more Requesting a ZERO_PACKET or not is sensible only for output. In the input direction the device decides. Likewise accepting short packets makes sense only for input. This allows operation with panic_on_warn without opening up a local DOS. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Reported-by: syzbot+843efa30c8821bd69f53(a)syzkaller.appspotmail.com Fixes: 0cb54a3e47cb ("USB: debugging code shouldn't alter control flow") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/devio.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index 6ce77b33da61..263dd2f309fb 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -1434,10 +1434,13 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb struct async *as = NULL; struct usb_ctrlrequest *dr = NULL; unsigned int u, totlen, isofrmlen; - int i, ret, is_in, num_sgs = 0, ifnum = -1; + int i, ret, num_sgs = 0, ifnum = -1; int number_of_packets = 0; unsigned int stream_id = 0; void *buf; + bool is_in; + bool allow_short = false; + bool allow_zero = false; unsigned long mask = USBDEVFS_URB_SHORT_NOT_OK | USBDEVFS_URB_BULK_CONTINUATION | USBDEVFS_URB_NO_FSBR | @@ -1471,6 +1474,8 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb u = 0; switch (uurb->type) { case USBDEVFS_URB_TYPE_CONTROL: + if (is_in) + allow_short = true; if (!usb_endpoint_xfer_control(&ep->desc)) return -EINVAL; /* min 8 byte setup packet */ @@ -1511,6 +1516,10 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb break; case USBDEVFS_URB_TYPE_BULK: + if (!is_in) + allow_zero = true; + else + allow_short = true; switch (usb_endpoint_type(&ep->desc)) { case USB_ENDPOINT_XFER_CONTROL: case USB_ENDPOINT_XFER_ISOC: @@ -1531,6 +1540,10 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb if (!usb_endpoint_xfer_int(&ep->desc)) return -EINVAL; interrupt_urb: + if (!is_in) + allow_zero = true; + else + allow_short = true; break; case USBDEVFS_URB_TYPE_ISO: @@ -1676,9 +1689,9 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb u = (is_in ? URB_DIR_IN : URB_DIR_OUT); if (uurb->flags & USBDEVFS_URB_ISO_ASAP) u |= URB_ISO_ASAP; - if (uurb->flags & USBDEVFS_URB_SHORT_NOT_OK && is_in) + if (allow_short && uurb->flags & USBDEVFS_URB_SHORT_NOT_OK) u |= URB_SHORT_NOT_OK; - if (uurb->flags & USBDEVFS_URB_ZERO_PACKET) + if (allow_zero && uurb->flags & USBDEVFS_URB_ZERO_PACKET) u |= URB_ZERO_PACKET; if (uurb->flags & USBDEVFS_URB_NO_INTERRUPT) u |= URB_NO_INTERRUPT; -- 2.19.0

6 years, 9 months

1
0
0 0

patch "USB: usbdevfs: restore warning for nonsensical flags" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: usbdevfs: restore warning for nonsensical flags to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 81e0403b26d94360abd1f6a57311337973bc82cd Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum(a)suse.com> Date: Wed, 5 Sep 2018 12:07:03 +0200 Subject: USB: usbdevfs: restore warning for nonsensical flags If we filter flags before they reach the core we need to generate our own warnings. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Fixes: 0cb54a3e47cb ("USB: debugging code shouldn't alter control flow") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/devio.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index 263dd2f309fb..244417d0dfd1 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -1697,6 +1697,11 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb u |= URB_NO_INTERRUPT; as->urb->transfer_flags = u; + if (!allow_short && uurb->flags & USBDEVFS_URB_SHORT_NOT_OK) + dev_warn(&ps->dev->dev, "Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.\n"); + if (!allow_zero && uurb->flags & USBDEVFS_URB_ZERO_PACKET) + dev_warn(&ps->dev->dev, "Requested nonsensical USBDEVFS_URB_ZERO_PACKET.\n"); + as->urb->transfer_buffer_length = uurb->buffer_length; as->urb->setup_packet = (unsigned char *)dr; dr = NULL; -- 2.19.0

6 years, 9 months

1
0
0 0

patch "Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From e871db8d78df1c411032cbb3acfdf8930509360e Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Date: Tue, 11 Sep 2018 10:00:44 +0200 Subject: Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" This reverts commit 6e22e3af7bb3a7b9dc53cb4687659f6e63fca427. The bug the patch describes to, has been already fixed in commit 2df6948428542 ("USB: cdc-wdm: don't enable interrupts in USB-giveback") so need to this, revert it. Fixes: 6e22e3af7bb3 ("usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/class/cdc-wdm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/class/cdc-wdm.c b/drivers/usb/class/cdc-wdm.c index 656d247819c9..bec581fb7c63 100644 --- a/drivers/usb/class/cdc-wdm.c +++ b/drivers/usb/class/cdc-wdm.c @@ -460,7 +460,7 @@ static int service_outstanding_interrupt(struct wdm_device *desc) set_bit(WDM_RESPONDING, &desc->flags); spin_unlock_irq(&desc->iuspin); - rv = usb_submit_urb(desc->response, GFP_ATOMIC); + rv = usb_submit_urb(desc->response, GFP_KERNEL); spin_lock_irq(&desc->iuspin); if (rv) { dev_err(&desc->intf->dev, -- 2.19.0

6 years, 9 months

1
0
0 0

v4.18.9 build: 0 failures 3 warnings (v4.18.9)

by Build bot for Mark Brown

Tree/Branch: v4.18.9 Git describe: v4.18.9 Commit: 86e014f514 Linux 4.18.9 Build Time: 123 min 24 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 3 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : arm64-allnoconfig 3 warnings 0 mismatches : arm64-allmodconfig 2 warnings 0 mismatches : arm-multi_v5_defconfig 2 warnings 0 mismatches : arm-multi_v7_defconfig 2 warnings 0 mismatches : arm-allmodconfig 1 warnings 0 mismatches : arm-allnoconfig 1 warnings 0 mismatches : arm-multi_v4t_defconfig 2 warnings 0 mismatches : arm64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 3 8 <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] 5 <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] 1 ../drivers/isdn/hardware/eicon/message.c:5985:1: warning: the frame size of 2064 bytes is larger than 2048 bytes [-Wframe-larger-than=] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ../drivers/isdn/hardware/eicon/message.c:5985:1: warning: the frame size of 2064 bytes is larger than 2048 bytes [-Wframe-larger-than=] <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-multi_v5_defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-multi_v7_defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-allmodconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-multi_v4t_defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm64-defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig x86_64-allmodconfig x86_64-defconfig

6 years, 9 months

1
0
0 0

[PATCHES] Networking

by David Miller

Please queue up the following networking bug fixes for v4.14.x and v4.18.x -stable, respectively. Thank you!

6 years, 9 months

2
1
0 0

Request for inclusion on linux-4.14.y

by Alakesh Haloi

Hello Greg, Can you please consider including the following patch in the stable linux-4.14.y branch? This is to fix a defect in the Hyper-V network driver (hv_netsvc) that triggers kernel null pointer dereference bug, while loading the driver. b19b46346f48("hv/netvsc: Fix NULL dereference at single queue mode fallback") Thanks Alakesh Haloi

6 years, 9 months

2
1
0 0

[PATCH] drm/amdgpu: add new polaris pci id

by Alex Deucher

Add new pci id. Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 14 ++++++++------ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 1 + 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c index 693ec5ea4950..8816c697b205 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c @@ -367,12 +367,14 @@ static int amdgpu_cgs_get_firmware_info(struct cgs_device *cgs_device, break; case CHIP_POLARIS10: if (type == CGS_UCODE_ID_SMU) { - if ((adev->pdev->device == 0x67df) && - ((adev->pdev->revision == 0xe0) || - (adev->pdev->revision == 0xe3) || - (adev->pdev->revision == 0xe4) || - (adev->pdev->revision == 0xe5) || - (adev->pdev->revision == 0xe7) || + if (((adev->pdev->device == 0x67df) && + ((adev->pdev->revision == 0xe0) || + (adev->pdev->revision == 0xe3) || + (adev->pdev->revision == 0xe4) || + (adev->pdev->revision == 0xe5) || + (adev->pdev->revision == 0xe7) || + (adev->pdev->revision == 0xef))) || + ((adev->pdev->device == 0x6fdf) && (adev->pdev->revision == 0xef))) { info->is_kicker = true; strcpy(fw_name, "amdgpu/polaris10_k_smc.bin"); diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c index ff10df4f50d3..b536808f62ec 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c @@ -837,6 +837,7 @@ static const struct pci_device_id pciidlist[] = { {0x1002, 0x67CA, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_POLARIS10}, {0x1002, 0x67CC, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_POLARIS10}, {0x1002, 0x67CF, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_POLARIS10}, + {0x1002, 0x6FDF, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_POLARIS10}, /* Polaris12 */ {0x1002, 0x6980, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_POLARIS12}, {0x1002, 0x6981, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_POLARIS12}, -- 2.13.6

6 years, 9 months

1
0
0 0

[PATCH AUTOSEL 3.18 1/4] thermal: of-thermal: disable passive polling when thermal zone is disabled

by Sasha Levin

From: Anson Huang <Anson.Huang(a)nxp.com> [ Upstream commit 152395fd03d4ce1e535a75cdbf58105e50587611 ] When thermal zone is in passive mode, disabling its mode from sysfs is NOT taking effect at all, it is still polling the temperature of the disabled thermal zone and handling all thermal trips, it makes user confused. The disabling operation should disable the thermal zone behavior completely, for both active and passive mode, this patch clears the passive_delay when thermal zone is disabled and restores it when it is enabled. Signed-off-by: Anson Huang <Anson.Huang(a)nxp.com> Signed-off-by: Eduardo Valentin <edubezval(a)gmail.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/thermal/of-thermal.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/thermal/of-thermal.c b/drivers/thermal/of-thermal.c index 62143ba31001..3aeb476c2894 100644 --- a/drivers/thermal/of-thermal.c +++ b/drivers/thermal/of-thermal.c @@ -209,10 +209,13 @@ static int of_thermal_set_mode(struct thermal_zone_device *tz, mutex_lock(&tz->lock); - if (mode == THERMAL_DEVICE_ENABLED) + if (mode == THERMAL_DEVICE_ENABLED) { tz->polling_delay = data->polling_delay; - else + tz->passive_delay = data->passive_delay; + } else { tz->polling_delay = 0; + tz->passive_delay = 0; + } mutex_unlock(&tz->lock); -- 2.17.1

6 years, 9 months

1
3
0 0

[PATCH AUTOSEL 4.4 1/7] thermal: of-thermal: disable passive polling when thermal zone is disabled

by Sasha Levin

From: Anson Huang <Anson.Huang(a)nxp.com> [ Upstream commit 152395fd03d4ce1e535a75cdbf58105e50587611 ] When thermal zone is in passive mode, disabling its mode from sysfs is NOT taking effect at all, it is still polling the temperature of the disabled thermal zone and handling all thermal trips, it makes user confused. The disabling operation should disable the thermal zone behavior completely, for both active and passive mode, this patch clears the passive_delay when thermal zone is disabled and restores it when it is enabled. Signed-off-by: Anson Huang <Anson.Huang(a)nxp.com> Signed-off-by: Eduardo Valentin <edubezval(a)gmail.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/thermal/of-thermal.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/thermal/of-thermal.c b/drivers/thermal/of-thermal.c index be4eedcb839a..236c4eb5cf78 100644 --- a/drivers/thermal/of-thermal.c +++ b/drivers/thermal/of-thermal.c @@ -284,10 +284,13 @@ static int of_thermal_set_mode(struct thermal_zone_device *tz, mutex_lock(&tz->lock); - if (mode == THERMAL_DEVICE_ENABLED) + if (mode == THERMAL_DEVICE_ENABLED) { tz->polling_delay = data->polling_delay; - else + tz->passive_delay = data->passive_delay; + } else { tz->polling_delay = 0; + tz->passive_delay = 0; + } mutex_unlock(&tz->lock); -- 2.17.1

6 years, 9 months

1
6
0 0

[PATCH AUTOSEL 4.9 01/14] qed: Wait for ready indication before rereading the shmem

by Sasha Levin

From: Tomer Tayar <Tomer.Tayar(a)cavium.com> [ Upstream commit f00d25f3154b676fcea4502a25b94bd7f142ca74 ] The MFW might be reset and re-update its shared memory. Upon the detection of such a reset the driver rereads this memory, but it has to wait till the data is valid. This patch adds the missing wait for a data ready indication. Signed-off-by: Tomer Tayar <Tomer.Tayar(a)cavium.com> Signed-off-by: Ariel Elior <Ariel.Elior(a)cavium.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 50 +++++++++++++++++++---- 1 file changed, 41 insertions(+), 9 deletions(-) diff --git a/drivers/net/ethernet/qlogic/qed/qed_mcp.c b/drivers/net/ethernet/qlogic/qed/qed_mcp.c index eaa242df4131..a89385ba6b63 100644 --- a/drivers/net/ethernet/qlogic/qed/qed_mcp.c +++ b/drivers/net/ethernet/qlogic/qed/qed_mcp.c @@ -97,18 +97,57 @@ int qed_mcp_free(struct qed_hwfn *p_hwfn) return 0; } +/* Maximum of 1 sec to wait for the SHMEM ready indication */ +#define QED_MCP_SHMEM_RDY_MAX_RETRIES 20 +#define QED_MCP_SHMEM_RDY_ITER_MS 50 + static int qed_load_mcp_offsets(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt) { struct qed_mcp_info *p_info = p_hwfn->mcp_info; + u8 cnt = QED_MCP_SHMEM_RDY_MAX_RETRIES; + u8 msec = QED_MCP_SHMEM_RDY_ITER_MS; u32 drv_mb_offsize, mfw_mb_offsize; u32 mcp_pf_id = MCP_PF_ID(p_hwfn); p_info->public_base = qed_rd(p_hwfn, p_ptt, MISC_REG_SHARED_MEM_ADDR); - if (!p_info->public_base) - return 0; + if (!p_info->public_base) { + DP_NOTICE(p_hwfn, + "The address of the MCP scratch-pad is not configured\n"); + return -EINVAL; + } p_info->public_base |= GRCBASE_MCP; + /* Get the MFW MB address and number of supported messages */ + mfw_mb_offsize = qed_rd(p_hwfn, p_ptt, + SECTION_OFFSIZE_ADDR(p_info->public_base, + PUBLIC_MFW_MB)); + p_info->mfw_mb_addr = SECTION_ADDR(mfw_mb_offsize, mcp_pf_id); + p_info->mfw_mb_length = (u16)qed_rd(p_hwfn, p_ptt, + p_info->mfw_mb_addr + + offsetof(struct public_mfw_mb, + sup_msgs)); + + /* The driver can notify that there was an MCP reset, and might read the + * SHMEM values before the MFW has completed initializing them. + * To avoid this, the "sup_msgs" field in the MFW mailbox is used as a + * data ready indication. + */ + while (!p_info->mfw_mb_length && --cnt) { + msleep(msec); + p_info->mfw_mb_length = + (u16)qed_rd(p_hwfn, p_ptt, + p_info->mfw_mb_addr + + offsetof(struct public_mfw_mb, sup_msgs)); + } + + if (!cnt) { + DP_NOTICE(p_hwfn, + "Failed to get the SHMEM ready notification after %d msec\n", + QED_MCP_SHMEM_RDY_MAX_RETRIES * msec); + return -EBUSY; + } + /* Calculate the driver and MFW mailbox address */ drv_mb_offsize = qed_rd(p_hwfn, p_ptt, SECTION_OFFSIZE_ADDR(p_info->public_base, @@ -118,13 +157,6 @@ static int qed_load_mcp_offsets(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt) "drv_mb_offsiz = 0x%x, drv_mb_addr = 0x%x mcp_pf_id = 0x%x\n", drv_mb_offsize, p_info->drv_mb_addr, mcp_pf_id); - /* Set the MFW MB address */ - mfw_mb_offsize = qed_rd(p_hwfn, p_ptt, - SECTION_OFFSIZE_ADDR(p_info->public_base, - PUBLIC_MFW_MB)); - p_info->mfw_mb_addr = SECTION_ADDR(mfw_mb_offsize, mcp_pf_id); - p_info->mfw_mb_length = (u16)qed_rd(p_hwfn, p_ptt, p_info->mfw_mb_addr); - /* Get the current driver mailbox sequence before sending * the first command */ -- 2.17.1

6 years, 9 months

1
13
0 0

[PATCH AUTOSEL 4.14 01/25] qed: Wait for ready indication before rereading the shmem

by Sasha Levin

From: Tomer Tayar <Tomer.Tayar(a)cavium.com> [ Upstream commit f00d25f3154b676fcea4502a25b94bd7f142ca74 ] The MFW might be reset and re-update its shared memory. Upon the detection of such a reset the driver rereads this memory, but it has to wait till the data is valid. This patch adds the missing wait for a data ready indication. Signed-off-by: Tomer Tayar <Tomer.Tayar(a)cavium.com> Signed-off-by: Ariel Elior <Ariel.Elior(a)cavium.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 50 +++++++++++++++++++---- 1 file changed, 41 insertions(+), 9 deletions(-) diff --git a/drivers/net/ethernet/qlogic/qed/qed_mcp.c b/drivers/net/ethernet/qlogic/qed/qed_mcp.c index 3c469355f5a4..9348d367cfdf 100644 --- a/drivers/net/ethernet/qlogic/qed/qed_mcp.c +++ b/drivers/net/ethernet/qlogic/qed/qed_mcp.c @@ -182,18 +182,57 @@ int qed_mcp_free(struct qed_hwfn *p_hwfn) return 0; } +/* Maximum of 1 sec to wait for the SHMEM ready indication */ +#define QED_MCP_SHMEM_RDY_MAX_RETRIES 20 +#define QED_MCP_SHMEM_RDY_ITER_MS 50 + static int qed_load_mcp_offsets(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt) { struct qed_mcp_info *p_info = p_hwfn->mcp_info; + u8 cnt = QED_MCP_SHMEM_RDY_MAX_RETRIES; + u8 msec = QED_MCP_SHMEM_RDY_ITER_MS; u32 drv_mb_offsize, mfw_mb_offsize; u32 mcp_pf_id = MCP_PF_ID(p_hwfn); p_info->public_base = qed_rd(p_hwfn, p_ptt, MISC_REG_SHARED_MEM_ADDR); - if (!p_info->public_base) - return 0; + if (!p_info->public_base) { + DP_NOTICE(p_hwfn, + "The address of the MCP scratch-pad is not configured\n"); + return -EINVAL; + } p_info->public_base |= GRCBASE_MCP; + /* Get the MFW MB address and number of supported messages */ + mfw_mb_offsize = qed_rd(p_hwfn, p_ptt, + SECTION_OFFSIZE_ADDR(p_info->public_base, + PUBLIC_MFW_MB)); + p_info->mfw_mb_addr = SECTION_ADDR(mfw_mb_offsize, mcp_pf_id); + p_info->mfw_mb_length = (u16)qed_rd(p_hwfn, p_ptt, + p_info->mfw_mb_addr + + offsetof(struct public_mfw_mb, + sup_msgs)); + + /* The driver can notify that there was an MCP reset, and might read the + * SHMEM values before the MFW has completed initializing them. + * To avoid this, the "sup_msgs" field in the MFW mailbox is used as a + * data ready indication. + */ + while (!p_info->mfw_mb_length && --cnt) { + msleep(msec); + p_info->mfw_mb_length = + (u16)qed_rd(p_hwfn, p_ptt, + p_info->mfw_mb_addr + + offsetof(struct public_mfw_mb, sup_msgs)); + } + + if (!cnt) { + DP_NOTICE(p_hwfn, + "Failed to get the SHMEM ready notification after %d msec\n", + QED_MCP_SHMEM_RDY_MAX_RETRIES * msec); + return -EBUSY; + } + /* Calculate the driver and MFW mailbox address */ drv_mb_offsize = qed_rd(p_hwfn, p_ptt, SECTION_OFFSIZE_ADDR(p_info->public_base, @@ -203,13 +242,6 @@ static int qed_load_mcp_offsets(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt) "drv_mb_offsiz = 0x%x, drv_mb_addr = 0x%x mcp_pf_id = 0x%x\n", drv_mb_offsize, p_info->drv_mb_addr, mcp_pf_id); - /* Set the MFW MB address */ - mfw_mb_offsize = qed_rd(p_hwfn, p_ptt, - SECTION_OFFSIZE_ADDR(p_info->public_base, - PUBLIC_MFW_MB)); - p_info->mfw_mb_addr = SECTION_ADDR(mfw_mb_offsize, mcp_pf_id); - p_info->mfw_mb_length = (u16)qed_rd(p_hwfn, p_ptt, p_info->mfw_mb_addr); - /* Get the current driver mailbox sequence before sending * the first command */ -- 2.17.1

6 years, 9 months

1
24
0 0

[PATCH AUTOSEL 4.18 01/56] ARM: OMAP2+: Fix null hwmod for ti-sysc debug

by Sasha Levin

From: Tony Lindgren <tony(a)atomide.com> [ Upstream commit 4769c003e0fcff0ee001a9102e2605bdaa5880f0 ] We may call omap_hwmod_parse_module_range() with no hwmod allocated yet and may have debug enabled. Let's fix this by checking for hwmod before trying to use it's name. Fixes: 6c72b3550672 ("ARM: OMAP2+: Parse module IO range from dts for legacy Signed-off-by: Tony Lindgren <tony(a)atomide.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- arch/arm/mach-omap2/omap_hwmod.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c index 2ceffd85dd3d..7f759abcf49c 100644 --- a/arch/arm/mach-omap2/omap_hwmod.c +++ b/arch/arm/mach-omap2/omap_hwmod.c @@ -2220,7 +2220,7 @@ int omap_hwmod_parse_module_range(struct omap_hwmod *oh, size = be32_to_cpup(ranges); pr_debug("omap_hwmod: %s %s at 0x%llx size 0x%llx\n", - oh->name, np->name, base, size); + oh ? oh->name : "", np->name, base, size); res->start = base; res->end = base + size - 1; -- 2.17.1

6 years, 9 months

1
55
0 0

[PATCH AUTOSEL 4.18 01/92] binfmt_elf: Respect error return from `regset->active'

by Sasha Levin

From: "Maciej W. Rozycki" <macro(a)mips.com> [ Upstream commit 2f819db565e82e5f73cd42b39925098986693378 ] The regset API documented in <linux/regset.h> defines -ENODEV as the result of the `->active' handler to be used where the feature requested is not available on the hardware found. However code handling core file note generation in `fill_thread_core_info' interpretes any non-zero result from the `->active' handler as the regset requested being active. Consequently processing continues (and hopefully gracefully fails later on) rather than being abandoned right away for the regset requested. Fix the problem then by making the code proceed only if a positive result is returned from the `->active' handler. Signed-off-by: Maciej W. Rozycki <macro(a)mips.com> Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 4206d3aa1978 ("elf core dump: notes user_regset") Patchwork: https://patchwork.linux-mips.org/patch/19332/ Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-fsdevel(a)vger.kernel.org Cc: linux-mips(a)linux-mips.org Cc: linux-kernel(a)vger.kernel.org Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/binfmt_elf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 816cc921cf36..efae2fb0930a 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1751,7 +1751,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t, const struct user_regset *regset = &view->regsets[i]; do_thread_regset_writeback(t->task, regset); if (regset->core_note_type && regset->get && - (!regset->active || regset->active(t->task, regset))) { + (!regset->active || regset->active(t->task, regset) > 0)) { int ret; size_t size = regset_size(t->task, regset); void *data = kmalloc(size, GFP_KERNEL); -- 2.17.1

6 years, 9 months

3
95
0 0

[PATCH v2 5/6] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Additionally, make intel_dp_mst_atomic_check() simply rely on drm_dp_mst_connector_atomic_check() to prevent new modesets on no-longer-present MSTB ports. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index a366f32b048a..2b798d4592f0 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -106,14 +106,21 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, } static int intel_dp_mst_atomic_check(struct drm_connector *connector, - struct drm_connector_state *new_conn_state) + struct drm_connector_state *new_conn_state) { struct drm_atomic_state *state = new_conn_state->state; struct drm_connector_state *old_conn_state; struct drm_crtc *old_crtc; struct drm_crtc_state *crtc_state; + struct drm_dp_mst_topology_mgr *mgr = + &to_intel_connector(connector)->mst_port->mst_mgr; int slots, ret = 0; + ret = drm_dp_mst_connector_atomic_check(connector, new_conn_state, + mgr); + if (ret) + return ret; + old_conn_state = drm_atomic_get_old_connector_state(state, connector); old_crtc = old_conn_state->crtc; if (!old_crtc) @@ -122,12 +129,6 @@ static int intel_dp_mst_atomic_check(struct drm_connector *connector, crtc_state = drm_atomic_get_new_crtc_state(state, old_crtc); slots = to_intel_crtc_state(crtc_state)->dp_m_n.tu; if (drm_atomic_crtc_needs_modeset(crtc_state) && slots > 0) { - struct drm_dp_mst_topology_mgr *mgr; - struct drm_encoder *old_encoder; - - old_encoder = old_conn_state->best_encoder; - mgr = &enc_to_mst(old_encoder)->primary->dp.mst_mgr; - ret = drm_dp_atomic_release_vcpi_slots(state, mgr, slots); if (ret) DRM_DEBUG_KMS("failed releasing %d vcpi slots:%d\n", slots, ret); @@ -407,8 +408,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (intel_connector->mst_port_gone) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

6 years, 9 months

1
0
0 0

[PATCH v2 4/6] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index fcb9b87b9339..a366f32b048a 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -42,7 +42,7 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, to_intel_connector(conn_state->connector); struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool reduce_m_n = drm_dp_has_quirk(&intel_dp->desc, @@ -76,11 +76,16 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + if (!connector->mst_port_gone) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + connector->port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

6 years, 9 months

1
0
0 0

[PATCH v2 2/6] drm/nouveau: Unbreak nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead using the new drm_dp_mst_connector_atomic_check() helper instead while always returning a valid encoder from ->best_encoder(). Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9da0bdfe1e1c..8d6f6ee9bc75 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -881,22 +881,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status @@ -926,10 +920,21 @@ nv50_mstc_get_modes(struct drm_connector *connector) return ret; } +static int +nv50_mstc_atomic_check(struct drm_connector *connector, + struct drm_connector_state *state) +{ + struct nv50_mstc *mstc = nv50_mstc(connector); + + return drm_dp_mst_connector_atomic_check(connector, state, + &mstc->mstm->mgr); +} + static const struct drm_connector_helper_funcs nv50_mstc_help = { .get_modes = nv50_mstc_get_modes, .mode_valid = nv50_mstc_mode_valid, + .atomic_check = nv50_mstc_atomic_check, .best_encoder = nv50_mstc_best_encoder, .atomic_best_encoder = nv50_mstc_atomic_best_encoder, }; -- 2.17.1

6 years, 9 months

1
0
0 0

[PATCH V2 00/12] OPP: Don't create multiple OPP tables for devices sharing OPP table

by Viresh Kumar

Hello, Niklas Cassle recently reported some regressions with his Qcom cpufreq driver where he was getting some errors while creating the OPPs tables. After looking into it I realized that the OPP core incorrectly creates multiple OPP tables for the devices even if they are sharing the OPP table in DT. This happens when the request comes using different CPU devices. For example, dev_pm_opp_set_supported_hw() getting called using CPU0 and dev_pm_opp_of_add_table() getting called using CPU1. This series redesigns the internals of the OPP core to fix that. The redesign has simplified the core itself though. The first three patches are fixes really for the current code and the rest of them are making necessary changes to fix the issue defined in $subject here. Nikklas already tested this series and his Tested-by is already applied to series here. I would like to get this merged during the 4.20 merge window and will push the series to linux-next soon to get more test coverage. Please provide comments as soon as possible, else will send it as part of the pull request to Rafael for 4.20. -- viresh V1->V2: - Nikklas reported another regressions which is fixed by the 2nd commit in this series. Viresh Kumar (12): OPP: Free OPP table properly on performance state irregularities OPP: Don't try to remove all OPP tables on failure OPP: Protect dev_list with opp_table lock OPP: Pass index to _of_init_opp_table() OPP: Parse OPP table's DT properties from _of_init_opp_table() OPP: Don't take OPP table's kref for static OPPs OPP: Create separate kref for static OPPs list cpufreq: mvebu: Remove OPPs using dev_pm_opp_remove() OPP: Don't remove dynamic OPPs from _dev_pm_opp_remove_table() OPP: Use a single mechanism to free the OPP table OPP: Prevent creating multiple OPP tables for devices sharing OPP nodes OPP: Pass OPP table to _of_add_opp_table_v{1|2}() drivers/cpufreq/mvebu-cpufreq.c | 9 +- drivers/opp/core.c | 147 ++++++++++++++++++++----------- drivers/opp/cpu.c | 15 ++-- drivers/opp/of.c | 188 +++++++++++++++++++++------------------- drivers/opp/opp.h | 19 ++-- include/linux/pm_opp.h | 6 ++ 6 files changed, 226 insertions(+), 158 deletions(-) -- 2.14.1

6 years, 9 months

1
1
0 0

Re: [PATCH 1/6] drm/dp_mst: Introduce drm_dp_mst_connector_atomic_check() (fwd)

by Julia Lawall

Hello, I don't think you can update the loop index variable in list_for_each_entry, because the mcro uses th index variable to get to the next element. Perhaps list_for_each_entry_safe would be more suitable? julia ---------- Forwarded message ---------- Date: Thu, 20 Sep 2018 04:30:13 +0800 From: kbuild test robot <lkp(a)intel.com> To: kbuild(a)01.org Cc: Julia Lawall <julia.lawall(a)lip6.fr> Subject: Re: [PATCH 1/6] drm/dp_mst: Introduce drm_dp_mst_connector_atomic_check() CC: kbuild-all(a)01.org In-Reply-To: <20180918230637.20700-2-lyude(a)redhat.com> References: <20180918230637.20700-2-lyude(a)redhat.com> TO: Lyude Paul <lyude(a)redhat.com> CC: dri-devel(a)lists.freedesktop.org, nouveau(a)lists.freedesktop.org, intel-gfx(a)lists.freedesktop.org, amd-gfx(a)lists.freedesktop.org CC: David Airlie <airlied(a)linux.ie>, linux-kernel(a)vger.kernel.org, stable(a)vger.kernel.org, Sean Paul <sean(a)poorly.run> Hi Lyude, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on drm-intel/for-linux-next] [also build test WARNING on v4.19-rc4 next-20180919] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Lyude-Paul/Fix-legacy-DPMS-changes… base: git://anongit.freedesktop.org/drm-intel for-linux-next :::::: branch date: 8 hours ago :::::: commit date: 8 hours ago >> drivers/gpu/drm/drm_dp_mst_topology.c:3144:1-20: iterator with update on line 3145 # https://github.com/0day-ci/linux/commit/f8df31d5221b9a6da6698d4a37e622253bb… git remote add linux-review https://github.com/0day-ci/linux git remote update linux-review git checkout f8df31d5221b9a6da6698d4a37e622253bb17cdc vim +3144 drivers/gpu/drm/drm_dp_mst_topology.c 3f3353b7 Pandiyan, Dhinakaran 2017-04-20 3131 f8df31d5 Lyude Paul 2018-09-18 3132 static bool f8df31d5 Lyude Paul 2018-09-18 3133 drm_dp_mst_connector_still_exists(struct drm_connector *connector, f8df31d5 Lyude Paul 2018-09-18 3134 struct drm_dp_mst_topology_mgr *mgr, f8df31d5 Lyude Paul 2018-09-18 3135 struct drm_dp_mst_branch *mstb) f8df31d5 Lyude Paul 2018-09-18 3136 { f8df31d5 Lyude Paul 2018-09-18 3137 struct drm_dp_mst_port *port; f8df31d5 Lyude Paul 2018-09-18 3138 bool exists = false; f8df31d5 Lyude Paul 2018-09-18 3139 f8df31d5 Lyude Paul 2018-09-18 3140 mstb = drm_dp_get_validated_mstb_ref(mgr, mstb); f8df31d5 Lyude Paul 2018-09-18 3141 if (!mstb) f8df31d5 Lyude Paul 2018-09-18 3142 return false; f8df31d5 Lyude Paul 2018-09-18 3143 f8df31d5 Lyude Paul 2018-09-18 @3144 list_for_each_entry(port, &mstb->ports, next) { f8df31d5 Lyude Paul 2018-09-18 @3145 port = drm_dp_get_validated_port_ref(mgr, port); f8df31d5 Lyude Paul 2018-09-18 3146 if (!port) f8df31d5 Lyude Paul 2018-09-18 3147 continue; f8df31d5 Lyude Paul 2018-09-18 3148 f8df31d5 Lyude Paul 2018-09-18 3149 exists = (port->connector == connector || f8df31d5 Lyude Paul 2018-09-18 3150 (port->mstb && f8df31d5 Lyude Paul 2018-09-18 3151 drm_dp_mst_connector_still_exists(connector, mgr, f8df31d5 Lyude Paul 2018-09-18 3152 port->mstb))); f8df31d5 Lyude Paul 2018-09-18 3153 f8df31d5 Lyude Paul 2018-09-18 3154 drm_dp_put_port(port); f8df31d5 Lyude Paul 2018-09-18 3155 if (exists) f8df31d5 Lyude Paul 2018-09-18 3156 break; f8df31d5 Lyude Paul 2018-09-18 3157 } f8df31d5 Lyude Paul 2018-09-18 3158 f8df31d5 Lyude Paul 2018-09-18 3159 drm_dp_put_mst_branch_device(mstb); f8df31d5 Lyude Paul 2018-09-18 3160 return exists; f8df31d5 Lyude Paul 2018-09-18 3161 } f8df31d5 Lyude Paul 2018-09-18 3162 --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation

6 years, 9 months

2
1
0 0

[PATCH 00/11] OPP: Don't create multiple OPP tables for devices sharing OPP table

by Viresh Kumar

Hello, Niklas Cassle recently reported some regressions with his Qcom cpufreq driver where he was getting some errors while creating the OPPs tables. After looking into it I realized that the OPP core incorrectly creates multiple OPP tables for the devices even if they are sharing the OPP table in DT. This happens when the request comes using different CPU devices. For example, dev_pm_opp_set_supported_hw() getting called using CPU0 and dev_pm_opp_of_add_table() getting called using CPU1. This series redesigns the internals of the OPP core to fix that. The redesign has simplified the core itself though. @Niklas: Can you please confirm that this series fixes the issues you have reported ? I have already tested it on Hikey960. -- viresh Viresh Kumar (11): OPP: Free OPP table properly on performance state irregularities OPP: Protect dev_list with opp_table lock OPP: Pass index to _of_init_opp_table() OPP: Parse OPP table's DT properties from _of_init_opp_table() OPP: Don't take OPP table's kref for static OPPs OPP: Create separate kref for static OPPs list cpufreq: mvebu: Remove OPPs using dev_pm_opp_remove() OPP: Don't remove dynamic OPPs from _dev_pm_opp_remove_table() OPP: Use a single mechanism to free the OPP table OPP: Prevent creating multiple OPP tables for devices sharing OPP nodes OPP: Pass OPP table to _of_add_opp_table_v{1|2}() drivers/cpufreq/mvebu-cpufreq.c | 9 +- drivers/opp/core.c | 147 ++++++++++++++++--------- drivers/opp/cpu.c | 11 +- drivers/opp/of.c | 186 +++++++++++++++++--------------- drivers/opp/opp.h | 19 ++-- include/linux/pm_opp.h | 6 ++ 6 files changed, 221 insertions(+), 157 deletions(-) -- 2.18.0.rc1.242.g61856ae69a2c

6 years, 9 months

2
5
0 0

[PATCH] IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop

by Bart Van Assche

Use different loop variables for the inner and outer loop. This avoids that an infinite loop occurs if there are more RDMA channels than target->req_ring_size. Fixes: d92c0da71a35 ("IB/srp: Add multichannel support") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> Cc: Max Gurtovoy <maxg(a)mellanox.com> Cc: Laurence Oberman <loberman(a)redhat.com> Cc: <stable(a)vger.kernel.org> --- drivers/infiniband/ulp/srp/ib_srp.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c index 444d16520506..0b34e909505f 100644 --- a/drivers/infiniband/ulp/srp/ib_srp.c +++ b/drivers/infiniband/ulp/srp/ib_srp.c @@ -2951,7 +2951,7 @@ static int srp_reset_device(struct scsi_cmnd *scmnd) { struct srp_target_port *target = host_to_target(scmnd->device->host); struct srp_rdma_ch *ch; - int i; + int i, j; u8 status; shost_printk(KERN_ERR, target->scsi_host, "SRP reset_device called\n"); @@ -2965,8 +2965,8 @@ static int srp_reset_device(struct scsi_cmnd *scmnd) for (i = 0; i < target->ch_count; i++) { ch = &target->ch[i]; - for (i = 0; i < target->req_ring_size; ++i) { - struct srp_request *req = &ch->req_ring[i]; + for (j = 0; j < target->req_ring_size; ++j) { + struct srp_request *req = &ch->req_ring[j]; srp_finish_req(ch, req, scmnd->device, DID_RESET << 16); } -- 2.18.0

6 years, 9 months

2
1
0 0

Linux 4.4.157

by Greg KH

I'm announcing the release of the 4.4.157 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - arch/arc/configs/axs101_defconfig | 1 arch/arc/configs/axs103_defconfig | 1 arch/arc/configs/axs103_smp_defconfig | 1 arch/mips/cavium-octeon/octeon-platform.c | 2 + arch/mips/include/asm/io.h | 8 ++--- arch/mips/kernel/process.c | 1 arch/mips/mm/c-r4k.c | 6 ++- arch/openrisc/kernel/process.c | 2 - arch/x86/include/asm/processor.h | 4 +- arch/x86/kernel/cpu/bugs.c | 47 ++++++++++++++++++++++++++---- arch/x86/kernel/cpu/common.c | 2 + arch/x86/mm/fault.c | 2 - block/blk-cgroup.c | 9 +++-- block/cfq-iosched.c | 6 ++- block/partitions/aix.c | 13 +++++--- drivers/ata/libahci.c | 2 + drivers/bluetooth/Kconfig | 1 drivers/crypto/vmx/aes_cbc.c | 30 ++++++++----------- drivers/gpio/gpio-ml-ioh.c | 3 + drivers/gpio/gpio-tegra.c | 2 - drivers/i2c/busses/i2c-i801.c | 7 +++- drivers/i2c/busses/i2c-xiic.c | 4 ++ drivers/infiniband/core/cma.c | 13 ++++++-- drivers/input/touchscreen/atmel_mxt_ts.c | 7 ++-- drivers/iommu/ipmmu-vmsa.c | 9 ++--- drivers/macintosh/via-pmu.c | 9 +++-- drivers/md/raid5.c | 6 +++ drivers/mfd/ti_am335x_tscadc.c | 3 - drivers/misc/mic/scif/scif_api.c | 20 +++++------- drivers/misc/ti-st/st_kim.c | 4 +- drivers/misc/vmw_balloon.c | 1 drivers/mtd/ubi/wl.c | 8 +++-- drivers/net/ethernet/marvell/mvneta.c | 1 drivers/net/ethernet/ti/cpsw.c | 14 ++++---- drivers/net/ethernet/ti/cpsw.h | 1 drivers/net/ethernet/ti/davinci_emac.c | 1 drivers/net/wireless/ath/ath10k/mac.c | 7 ++++ drivers/net/wireless/ath/ath10k/wmi-tlv.c | 5 +++ drivers/net/wireless/ath/ath10k/wmi-tlv.h | 5 +++ drivers/scsi/3w-9xxx.c | 6 +++ drivers/scsi/3w-sas.c | 3 + drivers/scsi/3w-xxxx.c | 2 + drivers/staging/rts5208/rtsx_scsi.c | 2 - drivers/staging/rts5208/xd.c | 2 - drivers/target/target_core_transport.c | 5 +-- drivers/tty/rocket.c | 2 - drivers/uio/uio.c | 3 - drivers/usb/host/xhci.c | 3 + fs/autofs4/autofs_i.h | 4 +- fs/autofs4/inode.c | 1 fs/f2fs/segment.h | 3 + fs/f2fs/super.c | 21 ++++++++++++- fs/nfs/callback_xdr.c | 11 +++++-- include/linux/mm_types.h | 2 - include/linux/sched.h | 2 - include/linux/vm_event_item.h | 1 include/linux/vmacache.h | 5 --- include/uapi/linux/ethtool.h | 4 +- kernel/fork.c | 17 +++++++--- kernel/locking/osq_lock.c | 13 ++++++++ kernel/locking/rwsem-xadd.c | 27 +++++++++++++++++ mm/debug.c | 4 +- mm/vmacache.c | 38 ------------------------ net/bluetooth/hidp/core.c | 2 - net/dcb/dcbnl.c | 11 ++++--- net/netfilter/x_tables.c | 4 +- security/selinux/avc.c | 14 +++----- sound/pci/hda/hda_codec.c | 3 + tools/perf/perf.h | 2 + 70 files changed, 311 insertions(+), 176 deletions(-) Alexey Brodkin (1): ARC: [plat-axs*]: Enable SWAP Andi Kleen (1): x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ Anton Vasilyev (4): misc: ti-st: Fix memory leak in the error path of probe() tty: rocket: Fix possible buffer overwrite on register_PCI scsi: 3ware: fix return 0 on the error path of probe gpio: ml-ioh: Fix buffer underwrite on probe error path BingJing Chang (1): md/raid5: fix data corruption of replacements after originals dropped Chao Yu (1): f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize Christophe Leroy (1): perf tools: Allow overriding MAX_NR_CPUS at compile time Dan Carpenter (2): misc: mic: SCIF Fix scif_get_new_port() error handling uio: potential double frees if __uio_register_device() fails Daniel Micay (1): staging/rts5208: Fix read overflow in memcpy David Rivshin (1): drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac config Dmitry Osipenko (1): gpio: tegra: Move driver registration to subsys_init level Eric Dumazet (1): netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user Felipe Balbi (1): i2c: i801: fix DNV's SMBCTRL register offset Finn Thain (1): macintosh/via-pmu: Add missing mmio accessors Florian Fainelli (1): ethtool: Remove trailing semicolon for static inline Geert Uytterhoeven (1): iommu/ipmmu-vmsa: Fix allocation in atomic context Greg Kroah-Hartman (1): Linux 4.4.157 Ian Kent (1): autofs: fix autofs_sbi() does not check super block type Jia-Ju Bai (1): staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page Joerg Roedel (1): x86/mm: Remove in_nmi() warning from vmalloc_fault() Johan Hedberg (1): Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV Johan Hovold (1): net: ethernet: ti: cpsw: fix mdio device reference leak Linus Torvalds (1): mm: get rid of vmacache_flush_all() entirely Marcel Holtmann (1): Bluetooth: hidp: Fix handling of strncpy for hid->name information Mathias Nyman (1): xhci: Fix use-after-free in xhci_free_virt_device Mauricio Faria de Oliveira (2): partitions/aix: append null character to print data from disk partitions/aix: fix usage of uninitialized lv_info and lvname structures Michal Hocko (1): selinux: use GFP_NOWAIT in the AVC kmem_caches Mike Christie (1): scsi: target: fix __transport_register_session locking Nadav Amit (1): vmw_balloon: include asm/io.h Nicholas Mc Guire (1): MIPS: Octeon: add missing of_node_put() Nick Dyer (1): Input: atmel_mxt_ts - only use first T9 instance Olga Kornievskaia (1): NFSv4.0 fix client reference leak in callback Ondrej Mosnacek (1): crypto: vmx - Fix sleep-in-atomic bugs Parav Pandit (1): RDMA/cma: Do not ignore net namespace for unbound cm_id Paul Burton (2): MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Peter Chen (1): ethernet: ti: davinci_emac: add missing of_node_put after calling of_parse_phandle Petr Machata (1): net: dcb: For wild-card lookups, use priority -1, not 0 Prateek Sood (2): locking/rwsem-xadd: Fix missed wakeup due to reordering of load locking/osq_lock: Fix osq_lock queue corruption Ritesh Harjani (1): cfq: Give a chance for arming slice idle timer in case of group_idle Shubhrajyoti Datta (1): i2c: xiic: Make the start and the byte count write atomic Srinivas Pandruvada (1): ata: libahci: Correct setting of DEVSLP register Surabhi Vishnoi (1): ath10k: disable bundle mgmt tx completion event support Sven Eckelmann (1): ath10k: prevent active scans on potential unusable channels Takashi Iwai (1): ALSA: hda - Fix cancel_work_sync() stall from jackpoll work Tejun Heo (1): block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg Vegard Nossum (2): kthread: Fix use-after-free if kthread fork fails kthread: fix boot hang (regression) on MIPS/OpenRISC Wei Yongjun (1): mtd: ubi: wl: Fix error return code in ubi_wl_init() Yelena Krivosheev (1): net: mvneta: fix mtu change on port without link Yunlong Song (1): f2fs: do not set free of current section Zumeng Chen (1): mfd: ti_am335x_tscadc: Fix struct clk memory leak

6 years, 9 months

1
1
0 0

Linux 4.9.128

by Greg KH

I'm announcing the release of the 4.9.128 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - arch/arc/configs/axs101_defconfig | 1 arch/arc/configs/axs103_defconfig | 1 arch/arc/configs/axs103_smp_defconfig | 1 arch/mips/cavium-octeon/octeon-platform.c | 2 + arch/mips/generic/init.c | 1 arch/mips/include/asm/io.h | 8 +++--- arch/mips/kernel/process.c | 1 arch/mips/mm/c-r4k.c | 6 +++- arch/openrisc/kernel/process.c | 2 - arch/s390/kvm/vsie.c | 3 +- arch/x86/mm/fault.c | 2 - block/blk-cgroup.c | 9 +++---- block/cfq-iosched.c | 6 +++- block/partitions/aix.c | 13 +++++++--- drivers/ata/libahci.c | 2 + drivers/bluetooth/Kconfig | 1 drivers/char/tpm/tpm_i2c_infineon.c | 8 +++--- drivers/char/tpm/tpm_tis_spi.c | 9 ++++++- drivers/gpio/gpio-ml-ioh.c | 3 +- drivers/gpio/gpio-tegra.c | 2 - drivers/i2c/busses/i2c-i801.c | 7 ++++- drivers/i2c/busses/i2c-xiic.c | 4 +++ drivers/infiniband/core/cma.c | 13 +++++++--- drivers/infiniband/sw/rxe/rxe_resp.c | 4 ++- drivers/input/touchscreen/atmel_mxt_ts.c | 7 +++-- drivers/iommu/ipmmu-vmsa.c | 9 +++---- drivers/macintosh/via-pmu.c | 9 +++---- drivers/md/raid5.c | 6 ++++ drivers/media/dvb-frontends/helene.c | 5 +++ drivers/media/platform/s5p-mfc/s5p_mfc.c | 23 +++++++++--------- drivers/mfd/ti_am335x_tscadc.c | 3 -- drivers/misc/mic/scif/scif_api.c | 20 +++++++-------- drivers/misc/ti-st/st_kim.c | 4 +-- drivers/mtd/ubi/wl.c | 8 ++++-- drivers/net/ethernet/marvell/mvneta.c | 1 drivers/net/phy/mdio-mux-bcm-iproc.c | 20 +++++++++++---- drivers/net/wireless/ath/ath10k/mac.c | 7 +++++ drivers/net/wireless/ath/ath10k/wmi-tlv.c | 5 +++ drivers/net/wireless/ath/ath10k/wmi-tlv.h | 5 +++ drivers/net/wireless/ath/ath9k/hw.c | 7 +++-- drivers/net/wireless/ath/ath9k/xmit.c | 3 +- drivers/net/wireless/ti/wlcore/rx.c | 8 ++++-- drivers/scsi/3w-9xxx.c | 6 +++- drivers/scsi/3w-sas.c | 3 ++ drivers/scsi/3w-xxxx.c | 2 + drivers/staging/rts5208/rtsx_scsi.c | 2 - drivers/staging/rts5208/xd.c | 2 - drivers/target/target_core_transport.c | 5 ++- drivers/tty/rocket.c | 2 - drivers/uio/uio.c | 3 -- drivers/usb/host/xhci.c | 3 ++ fs/autofs4/autofs_i.h | 4 ++- fs/autofs4/inode.c | 1 fs/f2fs/file.c | 2 - fs/f2fs/gc.c | 8 +++++- fs/f2fs/inline.c | 21 ++++++++++++++++ fs/f2fs/node.c | 4 ++- fs/f2fs/segment.h | 3 ++ fs/f2fs/super.c | 21 +++++++++++++++- fs/nfs/callback_proc.c | 4 +-- fs/nfs/callback_xdr.c | 11 ++++++-- include/linux/mm_types.h | 2 - include/linux/sched.h | 2 - include/linux/vm_event_item.h | 1 include/linux/vmacache.h | 5 --- include/uapi/linux/ethtool.h | 4 +-- kernel/fork.c | 17 +++++++++---- kernel/locking/osq_lock.c | 13 ++++++++++ kernel/locking/rwsem-xadd.c | 27 +++++++++++++++++++++ kernel/time/timer.c | 29 ++++++++++++---------- mm/debug.c | 4 +-- mm/vmacache.c | 38 ------------------------------ mm/vmscan.c | 3 +- net/bluetooth/hidp/core.c | 2 - net/dcb/dcbnl.c | 11 +++++--- net/netfilter/x_tables.c | 4 +-- net/wireless/nl80211.c | 3 ++ security/selinux/avc.c | 14 ++++------- sound/pci/hda/hda_codec.c | 3 +- tools/perf/perf.h | 2 + 81 files changed, 357 insertions(+), 195 deletions(-) Alexey Brodkin (1): ARC: [plat-axs*]: Enable SWAP Anton Vasilyev (4): misc: ti-st: Fix memory leak in the error path of probe() tty: rocket: Fix possible buffer overwrite on register_PCI scsi: 3ware: fix return 0 on the error path of probe gpio: ml-ioh: Fix buffer underwrite on probe error path Arun Parameswaran (1): net: phy: Fix the register offsets in Broadcom iProc mdio mux driver BingJing Chang (1): md/raid5: fix data corruption of replacements after originals dropped Chao Yu (4): f2fs: try grabbing node page lock aggressively in sync scenario f2fs: fix to skip GC if type in SSA and SIT is inconsistent f2fs: fix to do sanity check with reserved blkaddr of inline inode f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize Christophe Leroy (1): perf tools: Allow overriding MAX_NR_CPUS at compile time Dan Carpenter (3): misc: mic: SCIF Fix scif_get_new_port() error handling uio: potential double frees if __uio_register_device() fails f2fs: Fix uninitialized return in f2fs_ioc_shutdown() Daniel Micay (1): staging/rts5208: Fix read overflow in memcpy Dmitry Osipenko (1): gpio: tegra: Move driver registration to subsys_init level Eric Dumazet (1): netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user Felipe Balbi (1): i2c: i801: fix DNV's SMBCTRL register offset Felix Fietkau (2): ath9k: report tx status on EOSP ath9k_hw: fix channel maximum power level test Finn Thain (1): macintosh/via-pmu: Add missing mmio accessors Florian Fainelli (1): ethtool: Remove trailing semicolon for static inline Gaurav Kohli (1): timers: Clear timer_base::must_forward_clk with timer_base::lock held Geert Uytterhoeven (1): iommu/ipmmu-vmsa: Fix allocation in atomic context Greg Kroah-Hartman (1): Linux 4.9.128 Ian Kent (1): autofs: fix autofs_sbi() does not check super block type Jia-Ju Bai (1): staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page Joerg Roedel (1): x86/mm: Remove in_nmi() warning from vmalloc_fault() Johan Hedberg (1): Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV Johannes Berg (1): nl80211: fix null-ptr dereference on invalid mesh configuration Johannes Weiner (1): mm: remove seemingly spurious reclaimability check from laptop_mode gating Katsuhiro Suzuki (1): media: helene: fix xtal frequency setting at power on Kees Cook (1): IB/rxe: do not copy extra stack memory to skb Linus Torvalds (1): mm: get rid of vmacache_flush_all() entirely Linus Walleij (1): tpm_tis_spi: Pass the SPI IRQ down to the driver Loic Poulain (1): wlcore: Set rx_status boottime_ns field on rx Marcel Holtmann (1): Bluetooth: hidp: Fix handling of strncpy for hid->name information Mathias Nyman (1): xhci: Fix use-after-free in xhci_free_virt_device Mauricio Faria de Oliveira (2): partitions/aix: append null character to print data from disk partitions/aix: fix usage of uninitialized lv_info and lvname structures Mel Gorman (1): mm, vmscan: clear PGDAT_WRITEBACK when zone is balanced Michal Hocko (1): selinux: use GFP_NOWAIT in the AVC kmem_caches Mike Christie (1): scsi: target: fix __transport_register_session locking Nicholas Mc Guire (2): MIPS: Octeon: add missing of_node_put() MIPS: generic: fix missing of_node_put() Nick Dyer (1): Input: atmel_mxt_ts - only use first T9 instance Olga Kornievskaia (1): NFSv4.0 fix client reference leak in callback Parav Pandit (1): RDMA/cma: Do not ignore net namespace for unbound cm_id Paul Burton (2): MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Peter Rosin (1): tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Petr Machata (1): net: dcb: For wild-card lookups, use priority -1, not 0 Pierre Morel (1): KVM: s390: vsie: copy wrapping keys to right place Prateek Sood (2): locking/rwsem-xadd: Fix missed wakeup due to reordering of load locking/osq_lock: Fix osq_lock queue corruption Ritesh Harjani (1): cfq: Give a chance for arming slice idle timer in case of group_idle Shubhrajyoti Datta (1): i2c: xiic: Make the start and the byte count write atomic Srinivas Pandruvada (1): ata: libahci: Correct setting of DEVSLP register Surabhi Vishnoi (1): ath10k: disable bundle mgmt tx completion event support Sven Eckelmann (1): ath10k: prevent active scans on potential unusable channels Sylwester Nawrocki (1): media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions Takashi Iwai (1): ALSA: hda - Fix cancel_work_sync() stall from jackpoll work Tejun Heo (1): block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg Trond Myklebust (1): NFSv4.1: Fix a potential layoutget/layoutrecall deadlock Vegard Nossum (2): kthread: Fix use-after-free if kthread fork fails kthread: fix boot hang (regression) on MIPS/OpenRISC Wei Yongjun (1): mtd: ubi: wl: Fix error return code in ubi_wl_init() Yelena Krivosheev (1): net: mvneta: fix mtu change on port without link Yunlong Song (1): f2fs: do not set free of current section Zumeng Chen (1): mfd: ti_am335x_tscadc: Fix struct clk memory leak

6 years, 9 months

1
1
0 0

Linux 4.14.71

by Greg KH

I'm announcing the release of the 4.14.71 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/networking/ip-sysctl.txt | 13 Makefile | 2 arch/arc/configs/axs101_defconfig | 1 arch/arc/configs/axs103_defconfig | 1 arch/arc/configs/axs103_smp_defconfig | 1 arch/mips/cavium-octeon/octeon-platform.c | 2 arch/mips/generic/init.c | 1 arch/mips/include/asm/io.h | 8 arch/mips/kernel/vdso.c | 20 arch/mips/mm/c-r4k.c | 6 arch/powerpc/platforms/powernv/npu-dma.c | 5 arch/s390/kvm/vsie.c | 3 arch/x86/kernel/cpu/microcode/amd.c | 24 arch/x86/kernel/cpu/microcode/intel.c | 17 arch/x86/kvm/vmx.c | 4 arch/x86/mm/fault.c | 2 block/bfq-cgroup.c | 4 block/blk-mq-tag.c | 8 block/partitions/aix.c | 13 crypto/Makefile | 2 drivers/android/binder_alloc.c | 42 + drivers/ata/libahci.c | 20 drivers/block/nbd.c | 3 drivers/block/pktcdvd.c | 4 drivers/bluetooth/Kconfig | 1 drivers/char/tpm/tpm-interface.c | 50 + drivers/char/tpm/tpm.h | 12 drivers/char/tpm/tpm2-space.c | 16 drivers/char/tpm/tpm_crb.c | 101 --- drivers/char/tpm/tpm_i2c_infineon.c | 8 drivers/char/tpm/tpm_tis_spi.c | 9 drivers/firmware/google/vpd.c | 5 drivers/gpio/gpio-ml-ioh.c | 3 drivers/gpio/gpio-tegra.c | 2 drivers/gpu/drm/i915/i915_reg.h | 1 drivers/gpu/drm/i915/intel_ddi.c | 4 drivers/gpu/ipu-v3/ipu-common.c | 2 drivers/hv/hv.c | 14 drivers/i2c/busses/i2c-aspeed.c | 2 drivers/i2c/busses/i2c-i801.c | 7 drivers/i2c/busses/i2c-xiic.c | 4 drivers/infiniband/core/cma.c | 13 drivers/input/touchscreen/atmel_mxt_ts.c | 7 drivers/iommu/ipmmu-vmsa.c | 9 drivers/macintosh/via-pmu.c | 9 drivers/md/dm-cache-target.c | 19 drivers/md/raid5.c | 6 drivers/media/dvb-frontends/helene.c | 5 drivers/media/platform/davinci/vpif_display.c | 24 drivers/media/platform/qcom/camss-8x16/camss-csid.c | 16 drivers/media/platform/s5p-mfc/s5p_mfc.c | 23 drivers/media/usb/dvb-usb/dw2102.c | 19 drivers/mfd/ti_am335x_tscadc.c | 3 drivers/misc/mic/scif/scif_api.c | 20 drivers/misc/ti-st/st_kim.c | 4 drivers/mtd/ubi/wl.c | 8 drivers/net/ethernet/marvell/mvneta.c | 1 drivers/net/phy/mdio-mux-bcm-iproc.c | 20 drivers/net/tun.c | 21 drivers/net/wireless/ath/ath10k/mac.c | 7 drivers/net/wireless/ath/ath10k/wmi-tlv.c | 5 drivers/net/wireless/ath/ath10k/wmi-tlv.h | 5 drivers/net/wireless/ath/ath9k/hw.c | 7 drivers/net/wireless/ath/ath9k/xmit.c | 3 drivers/net/wireless/ti/wlcore/rx.c | 8 drivers/pci/switch/switchtec.c | 4 drivers/pinctrl/freescale/pinctrl-imx.c | 2 drivers/pinctrl/pinctrl-amd.c | 3 drivers/rpmsg/rpmsg_core.c | 7 drivers/scsi/3w-9xxx.c | 6 drivers/scsi/3w-sas.c | 3 drivers/scsi/3w-xxxx.c | 2 drivers/scsi/lpfc/lpfc.h | 2 drivers/target/target_core_transport.c | 5 drivers/tty/rocket.c | 2 drivers/uio/uio.c | 3 fs/autofs4/autofs_i.h | 4 fs/autofs4/inode.c | 1 fs/btrfs/ioctl.c | 19 fs/cifs/inode.c | 2 fs/cifs/smb2ops.c | 35 - fs/cifs/smb2pdu.c | 3 fs/f2fs/f2fs.h | 7 fs/f2fs/file.c | 2 fs/f2fs/gc.c | 8 fs/f2fs/inline.c | 22 fs/f2fs/node.c | 4 fs/f2fs/segment.h | 3 fs/f2fs/super.c | 21 fs/f2fs/sysfs.c | 10 fs/nfs/callback_proc.c | 4 fs/nfs/callback_xdr.c | 11 include/linux/mm_types.h | 2 include/linux/mm_types_task.h | 2 include/linux/rhashtable.h | 8 include/linux/skbuff.h | 50 + include/linux/tpm.h | 2 include/linux/vm_event_item.h | 1 include/linux/vmacache.h | 5 include/net/inet_frag.h | 135 ++-- include/net/ip.h | 1 include/net/ipv6.h | 26 include/uapi/linux/ethtool.h | 4 include/uapi/linux/snmp.h | 1 kernel/cpu.c | 11 kernel/time/timer.c | 29 - lib/rhashtable.c | 2 mm/debug.c | 4 mm/vmacache.c | 38 - net/bluetooth/hidp/core.c | 2 net/core/skbuff.c | 31 - net/dcb/dcbnl.c | 11 net/ieee802154/6lowpan/6lowpan_i.h | 26 net/ieee802154/6lowpan/reassembly.c | 153 ++--- net/ipv4/inet_fragment.c | 378 ++----------- net/ipv4/ip_fragment.c | 578 +++++++++++--------- net/ipv4/proc.c | 7 net/ipv4/tcp_fastopen.c | 8 net/ipv4/tcp_input.c | 33 - net/ipv6/netfilter/nf_conntrack_reasm.c | 105 +-- net/ipv6/proc.c | 5 net/ipv6/reassembly.c | 217 +++---- net/sched/sch_netem.c | 14 sound/pci/hda/hda_codec.c | 3 tools/perf/builtin-c2c.c | 3 tools/perf/perf.h | 2 tools/perf/util/evsel.c | 14 tools/testing/nvdimm/pmem-dax.c | 12 tools/testing/selftests/bpf/test_verifier.c | 6 129 files changed, 1472 insertions(+), 1361 deletions(-) Alexey Brodkin (1): ARC: [plat-axs*]: Enable SWAP Anton Vasilyev (7): media: davinci: vpif_display: Mix memory leak on probe error path media: dw2102: Fix memleak on sequence of probes misc: ti-st: Fix memory leak in the error path of probe() firmware: vpd: Fix section enabled flag on vpd_section_destroy tty: rocket: Fix possible buffer overwrite on register_PCI scsi: 3ware: fix return 0 on the error path of probe gpio: ml-ioh: Fix buffer underwrite on probe error path Arnd Bergmann (1): crypto: aes-generic - fix aes-generic regression on powerpc Arun Parameswaran (1): net: phy: Fix the register offsets in Broadcom iProc mdio mux driver BingJing Chang (1): md/raid5: fix data corruption of replacements after originals dropped Chao Yu (6): f2fs: fix to active page in lru list for read path f2fs: try grabbing node page lock aggressively in sync scenario f2fs: fix to skip GC if type in SSA and SIT is inconsistent f2fs: fix to do sanity check with reserved blkaddr of inline inode f2fs: fix to wait on page writeback before updating page f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize Christophe Leroy (1): perf tools: Allow overriding MAX_NR_CPUS at compile time Dan Carpenter (5): misc: mic: SCIF Fix scif_get_new_port() error handling uio: potential double frees if __uio_register_device() fails pinctrl: imx: off by one in imx_pinconf_group_dbg_show() f2fs: Fix uninitialized return in f2fs_ioc_shutdown() ipv4: frags: precedence bug in ip_expire() Daniel Kurtz (1): pinctrl/amd: only handle irq if it is pending and unmasked Dmitry Osipenko (1): gpio: tegra: Move driver registration to subsys_init level Eric Dumazet (22): inet: frags: change inet_frags_init_net() return value inet: frags: add a pointer to struct netns_frags inet: frags: refactor ipfrag_init() inet: frags: refactor ipv6_frag_init() inet: frags: refactor lowpan_net_frag_init() ipv6: export ip6 fragments sysctl to unprivileged users rhashtable: add schedule points inet: frags: use rhashtables for reassembly units inet: frags: remove some helpers inet: frags: get rif of inet_frag_evicting() inet: frags: remove inet_frag_maybe_warn_overflow() inet: frags: break the 2GB limit for frags storage inet: frags: do not clone skb in ip_expire() ipv6: frags: rewrite ip6_expire_frag_queue() rhashtable: reorganize struct rhashtable layout inet: frags: reorganize struct netns_frags inet: frags: get rid of ipfrag_skb_cb/FRAG_CB inet: frags: fix ip6frag_low_thresh boundary net: speed up skb_rbtree_purge() net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends net: add rb_to_skb() and other rb tree helpers net: sk_buff rbnode reorg Felipe Balbi (1): i2c: i801: fix DNV's SMBCTRL register offset Felix Fietkau (2): ath9k: report tx status on EOSP ath9k_hw: fix channel maximum power level test Filipe Manana (1): Btrfs: fix data corruption when deduplicating between different files Filippo Sironi (1): x86/microcode: Update the new microcode revision unconditionally Finn Thain (1): macintosh/via-pmu: Add missing mmio accessors Florian Fainelli (1): ethtool: Remove trailing semicolon for static inline Florian Westphal (1): ipv6: defrag: drop non-last frags smaller than min mtu Gaurav Kohli (1): timers: Clear timer_base::must_forward_clk with timer_base::lock held Geert Uytterhoeven (1): iommu/ipmmu-vmsa: Fix allocation in atomic context Greg Kroah-Hartman (1): Linux 4.14.71 Gustavo A. R. Silva (1): switchtec: Fix Spectre v1 vulnerability Huaisheng Ye (1): tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() Ian Kent (1): autofs: fix autofs_sbi() does not check super block type Jae Hyun Yoo (1): i2c: aspeed: Add an explicit type casting for *get_clk_reg_val James Smart (1): scsi: lpfc: Correct MDS diag and nvmet configuration Jani Nikula (1): drm/i915: set DP Main Stream Attribute for color range on DDI platforms Jason Wang (2): tun: fix use after free for ptr_ring tuntap: fix use after free during release Jens Axboe (1): nbd: don't allow invalid blocksize settings Jinbum Park (1): pktcdvd: Fix possible Spectre-v1 for pkt_devs Jiri Olsa (1): perf c2c report: Fix crash for empty browser Joerg Roedel (1): x86/mm: Remove in_nmi() warning from vmalloc_fault() Johan Hedberg (1): Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV John Pittman (1): dm cache: only allow a single io_mode cache feature to be requested Kan Liang (1): perf evlist: Fix error out while applying initial delay and LBR Katsuhiro Suzuki (1): media: helene: fix xtal frequency setting at power on Kees Cook (1): inet: frags: Convert timers to use timer_setup() Konstantin Khlebnikov (1): block: bfq: swap puts in bfqg_and_blkg_put Linus Torvalds (1): mm: get rid of vmacache_flush_all() entirely Linus Walleij (1): tpm_tis_spi: Pass the SPI IRQ down to the driver Loic Poulain (1): wlcore: Set rx_status boottime_ns field on rx Marcel Holtmann (1): Bluetooth: hidp: Fix handling of strncpy for hid->name information Mauricio Faria de Oliveira (2): partitions/aix: append null character to print data from disk partitions/aix: fix usage of uninitialized lv_info and lvname structures Michael Kelley (1): Drivers: hv: vmbus: Cleanup synic memory free path Mike Christie (1): scsi: target: fix __transport_register_session locking Minchan Kim (1): android: binder: fix the race mmap and alloc_new_buf_locked Ming Lei (1): blk-mq: fix updating tags depth Neeraj Upadhyay (1): cpu/hotplug: Adjust misplaced smb() in cpuhp_thread_fun() Nicholas Mc Guire (2): MIPS: Octeon: add missing of_node_put() MIPS: generic: fix missing of_node_put() Nick Dyer (1): Input: atmel_mxt_ts - only use first T9 instance Olga Kornievskaia (1): NFSv4.0 fix client reference leak in callback Parav Pandit (1): RDMA/cma: Do not ignore net namespace for unbound cm_id Paul Burton (3): MIPS: VDSO: Match data page cache colouring when D$ aliases MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Peter Oskolkov (4): ip: discard IPv4 datagrams with overlapping segments. net: modify skb_rbtree_purge to return the truesize of all purged skbs. ip: add helpers to process in-order fragments faster. ip: process in-order fragments efficiently Peter Rosin (1): tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Petr Machata (1): net: dcb: For wild-card lookups, use priority -1, not 0 Philipp Zabel (1): gpu: ipu-v3: default to id 0 on missing OF alias Pierre Morel (1): KVM: s390: vsie: copy wrapping keys to right place Prarit Bhargava (1): x86/microcode: Make sure boot_cpu_data.microcode is up-to-date Randy Dunlap (1): f2fs: fix defined but not used build warnings Reza Arbab (1): powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage Roman Gushchin (1): selftests/bpf: fix a typo in map in map test Sean Christopherson (1): KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr Shubhrajyoti Datta (1): i2c: xiic: Make the start and the byte count write atomic Srinivas Kandagatla (1): rpmsg: core: add support to power domains for devices Srinivas Pandruvada (2): ata: libahci: Allow reconfigure of DEVSLP register ata: libahci: Correct setting of DEVSLP register Steve French (2): SMB3: Backup intent flag missing for directory opens with backupuid mounts smb3: check for and properly advertise directory lease support Surabhi Vishnoi (1): ath10k: disable bundle mgmt tx completion event support Sven Eckelmann (1): ath10k: prevent active scans on potential unusable channels Sylwester Nawrocki (1): media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions Taehee Yoo (1): ip: frags: fix crash in ip_do_fragment() Takashi Iwai (1): ALSA: hda - Fix cancel_work_sync() stall from jackpoll work Thomas Gleixner (1): cpu/hotplug: Prevent state corruption on error rollback Todor Tomov (1): media: camss: csid: Configure data type and decode format properly Tomas Winkler (1): tpm: separate cmd_ready/go_idle from runtime_pm Trond Myklebust (1): NFSv4.1: Fix a potential layoutget/layoutrecall deadlock Wei Yongjun (1): mtd: ubi: wl: Fix error return code in ubi_wl_init() Yelena Krivosheev (1): net: mvneta: fix mtu change on port without link Yunlong Song (1): f2fs: do not set free of current section Zumeng Chen (1): mfd: ti_am335x_tscadc: Fix struct clk memory leak

6 years, 9 months

1
1
0 0

[PATCH 4.9] MIPS: VDSO: Match data page cache colouring when D$ aliases

by Paul Burton

[ Upstream commit 0f02cfbc3d9e413d450d8d0fd660077c23f67eff ] When a system suffers from dcache aliasing a user program may observe stale VDSO data from an aliased cache line. Notably this can break the expectation that clock_gettime(CLOCK_MONOTONIC, ...) is, as its name suggests, monotonic. In order to ensure that users observe updates to the VDSO data page as intended, align the user mappings of the VDSO data page such that their cache colouring matches that of the virtual address range which the kernel will use to update the data page - typically its unmapped address within kseg0. This ensures that we don't introduce aliasing cache lines for the VDSO data page, and therefore that userland will observe updates without requiring cache invalidation. Signed-off-by: Paul Burton <paul.burton(a)mips.com> Reported-by: Hauke Mehrtens <hauke(a)hauke-m.de> Reported-by: Rene Nielsen <rene.nielsen(a)microsemi.com> Reported-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> Fixes: ebb5e78cc634 ("MIPS: Initial implementation of a VDSO") Patchwork: https://patchwork.linux-mips.org/patch/20344/ Tested-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> Tested-by: Hauke Mehrtens <hauke(a)hauke-m.de> Cc: James Hogan <jhogan(a)kernel.org> Cc: linux-mips(a)linux-mips.org Cc: stable(a)vger.kernel.org # v4.4+ --- arch/mips/kernel/vdso.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/mips/kernel/vdso.c b/arch/mips/kernel/vdso.c index f9dbfb14af33..e88344e3d508 100644 --- a/arch/mips/kernel/vdso.c +++ b/arch/mips/kernel/vdso.c @@ -14,12 +14,14 @@ #include <linux/init.h> #include <linux/ioport.h> #include <linux/irqchip/mips-gic.h> +#include <linux/kernel.h> #include <linux/mm.h> #include <linux/sched.h> #include <linux/slab.h> #include <linux/timekeeper_internal.h> #include <asm/abi.h> +#include <asm/page.h> #include <asm/vdso.h> /* Kernel-provided data used by the VDSO. */ @@ -129,12 +131,30 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) vvar_size = gic_size + PAGE_SIZE; size = vvar_size + image->size; + /* + * Find a region that's large enough for us to perform the + * colour-matching alignment below. + */ + if (cpu_has_dc_aliases) + size += shm_align_mask + 1; + base = get_unmapped_area(NULL, 0, size, 0, 0); if (IS_ERR_VALUE(base)) { ret = base; goto out; } + /* + * If we suffer from dcache aliasing, ensure that the VDSO data page + * mapping is coloured the same as the kernel's mapping of that memory. + * This ensures that when the kernel updates the VDSO data userland + * will observe it without requiring cache invalidations. + */ + if (cpu_has_dc_aliases) { + base = __ALIGN_MASK(base, shm_align_mask); + base += ((unsigned long)&vdso_data - gic_size) & shm_align_mask; + } + data_addr = base + gic_size; vdso_addr = data_addr + PAGE_SIZE; -- 2.18.0

6 years, 9 months

1
0
0 0

Linux 4.18.9

by Greg KH

I'm announcing the release of the 4.18.9 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/boot/dts/axs10x_mb.dtsi | 7 arch/arc/boot/dts/hsdk.dts | 7 arch/arc/configs/axs101_defconfig | 1 arch/arc/configs/axs103_defconfig | 1 arch/arc/configs/axs103_smp_defconfig | 1 arch/arm64/kvm/hyp/switch.c | 9 - arch/mips/boot/dts/mscc/ocelot.dtsi | 2 arch/mips/cavium-octeon/octeon-platform.c | 2 arch/mips/generic/init.c | 1 arch/mips/include/asm/io.h | 8 - arch/mips/kernel/vdso.c | 20 ++ arch/mips/mm/c-r4k.c | 6 arch/powerpc/include/asm/book3s/64/pgalloc.h | 23 ++- arch/powerpc/kvm/book3s_64_mmu_radix.c | 6 arch/powerpc/platforms/4xx/msi.c | 51 ++++-- arch/powerpc/platforms/powernv/npu-dma.c | 5 arch/powerpc/platforms/pseries/setup.c | 25 ++- arch/s390/kvm/vsie.c | 3 arch/x86/include/asm/kdebug.h | 12 + arch/x86/include/asm/kvm_host.h | 16 +- arch/x86/kernel/apic/vector.c | 2 arch/x86/kernel/cpu/microcode/amd.c | 24 ++- arch/x86/kernel/cpu/microcode/intel.c | 17 +- arch/x86/kernel/dumpstack.c | 11 - arch/x86/kernel/process_32.c | 4 arch/x86/kernel/process_64.c | 12 + arch/x86/kvm/mmu.c | 21 ++ arch/x86/kvm/svm.c | 4 arch/x86/kvm/vmx.c | 4 arch/x86/kvm/x86.c | 10 + arch/x86/mm/fault.c | 2 block/bfq-cgroup.c | 4 block/blk-core.c | 5 block/blk-mq-tag.c | 8 - block/partitions/aix.c | 13 + drivers/acpi/acpi_lpss.c | 2 drivers/android/binder_alloc.c | 43 ++++- drivers/ata/libahci.c | 20 +- drivers/base/memory.c | 20 +- drivers/block/nbd.c | 3 drivers/block/pktcdvd.c | 4 drivers/bluetooth/Kconfig | 1 drivers/char/tpm/tpm_i2c_infineon.c | 8 - drivers/char/tpm/tpm_tis_spi.c | 9 + drivers/clk/clk-scmi.c | 5 drivers/dax/pmem.c | 12 + drivers/firmware/google/vpd.c | 5 drivers/gpio/gpio-ml-ioh.c | 3 drivers/gpio/gpio-pxa.c | 35 +++- drivers/gpio/gpio-tegra.c | 2 drivers/gpu/drm/amd/display/dc/dce/dce_dmcu.c | 38 +++-- drivers/gpu/drm/amd/display/dc/inc/hw/dmcu.h | 2 drivers/gpu/ipu-v3/ipu-common.c | 2 drivers/hid/hid-ids.h | 1 drivers/hid/hid-input.c | 5 drivers/hid/hid-multitouch.c | 19 ++ drivers/hid/i2c-hid/i2c-hid.c | 2 drivers/hv/hv.c | 14 + drivers/i2c/busses/i2c-aspeed.c | 2 drivers/i2c/busses/i2c-i801.c | 7 drivers/i2c/busses/i2c-xiic.c | 4 drivers/infiniband/core/cma.c | 13 + drivers/infiniband/hw/hns/hns_roce_hem.c | 3 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 12 + drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 6 drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 1 drivers/input/touchscreen/atmel_mxt_ts.c | 7 drivers/iommu/arm-smmu-v3.c | 22 ++- drivers/iommu/ipmmu-vmsa.c | 9 - drivers/macintosh/via-pmu.c | 9 - drivers/md/dm-cache-target.c | 19 ++ drivers/md/raid5.c | 6 drivers/media/dvb-frontends/helene.c | 5 drivers/media/platform/davinci/vpif_display.c | 24 ++- drivers/media/platform/qcom/camss-8x16/camss-csid.c | 16 +- drivers/media/platform/rcar-vin/rcar-csi2.c | 20 +- drivers/media/platform/s5p-mfc/s5p_mfc.c | 23 +-- drivers/media/usb/dvb-usb/dw2102.c | 19 +- drivers/media/usb/em28xx/em28xx-cards.c | 4 drivers/media/usb/em28xx/em28xx-core.c | 4 drivers/media/usb/em28xx/em28xx-dvb.c | 4 drivers/memory/ti-aemif.c | 2 drivers/mfd/rave-sp.c | 7 drivers/mfd/ti_am335x_tscadc.c | 3 drivers/misc/mic/scif/scif_api.c | 20 +- drivers/misc/ti-st/st_kim.c | 4 drivers/mtd/nand/raw/nand_base.c | 44 +++--- drivers/net/ethernet/marvell/mvneta.c | 1 drivers/net/phy/mdio-mux-bcm-iproc.c | 20 ++ drivers/net/wireless/ath/ath10k/mac.c | 7 drivers/net/wireless/ath/ath10k/wmi-tlv.c | 5 drivers/net/wireless/ath/ath10k/wmi-tlv.h | 5 drivers/net/wireless/ath/ath9k/hw.c | 7 drivers/net/wireless/ath/ath9k/xmit.c | 3 drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 4 drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 24 +-- drivers/net/wireless/ti/wlcore/rx.c | 8 - drivers/pci/controller/pcie-mobiveil.c | 4 drivers/pci/switch/switchtec.c | 4 drivers/pinctrl/berlin/berlin.c | 14 + drivers/pinctrl/freescale/pinctrl-imx.c | 2 drivers/pinctrl/pinctrl-amd.c | 3 drivers/regulator/tps65217-regulator.c | 2 drivers/rpmsg/rpmsg_core.c | 7 drivers/scsi/3w-9xxx.c | 6 drivers/scsi/3w-sas.c | 3 drivers/scsi/3w-xxxx.c | 2 drivers/scsi/lpfc/lpfc.h | 2 drivers/scsi/lpfc/lpfc_nvme.c | 22 +-- drivers/scsi/qla2xxx/qla_init.c | 9 - drivers/scsi/qla2xxx/qla_target.c | 3 drivers/scsi/qla2xxx/qla_tmpl.c | 9 + drivers/target/target_core_transport.c | 5 drivers/target/target_core_user.c | 73 +++++----- drivers/thermal/rcar_thermal.c | 2 drivers/thermal/thermal_hwmon.c | 1 drivers/tty/rocket.c | 2 drivers/uio/uio.c | 19 -- fs/autofs/autofs_i.h | 4 fs/autofs/inode.c | 1 fs/btrfs/extent-tree.c | 17 +- fs/btrfs/ioctl.c | 19 ++ fs/cifs/connect.c | 2 fs/cifs/inode.c | 2 fs/cifs/smb2ops.c | 35 +++- fs/cifs/smb2pdu.c | 3 fs/f2fs/f2fs.h | 15 +- fs/f2fs/file.c | 2 fs/f2fs/gc.c | 8 - fs/f2fs/inline.c | 22 +++ fs/f2fs/inode.c | 19 ++ fs/f2fs/node.c | 46 ++++-- fs/f2fs/recovery.c | 4 fs/f2fs/segment.c | 20 ++ fs/f2fs/segment.h | 3 fs/f2fs/super.c | 25 ++- fs/f2fs/sysfs.c | 16 +- fs/nfs/callback_proc.c | 4 fs/nfs/callback_xdr.c | 11 + fs/nfs/nfs4client.c | 6 include/linux/hid.h | 1 include/linux/mm_types.h | 2 include/linux/mm_types_task.h | 2 include/linux/mtd/rawnand.h | 16 +- include/linux/vm_event_item.h | 1 include/linux/vmacache.h | 5 include/uapi/linux/ethtool.h | 4 kernel/cpu.c | 11 - kernel/time/clocksource.c | 40 ++++- kernel/time/timer.c | 29 ++- mm/debug.c | 4 mm/memory_hotplug.c | 3 mm/page_alloc.c | 4 mm/vmacache.c | 38 ----- net/bluetooth/hidp/core.c | 2 net/dcb/dcbnl.c | 11 - net/mac80211/rx.c | 1 sound/pci/hda/hda_codec.c | 3 sound/pci/hda/patch_realtek.c | 1 sound/soc/soc-pcm.c | 5 tools/perf/Makefile.config | 4 tools/perf/builtin-c2c.c | 3 tools/perf/perf.h | 2 tools/perf/util/evsel.c | 14 + tools/testing/nvdimm/pmem-dax.c | 12 + tools/testing/selftests/bpf/test_verifier.c | 6 tools/testing/selftests/tc-testing/tc-tests/actions/connmark.json | 24 +-- tools/testing/selftests/tc-testing/tc-tests/actions/mirred.json | 3 virt/kvm/arm/mmu.c | 9 + 170 files changed, 1166 insertions(+), 579 deletions(-) AceLan Kao (1): HID: i2c-hid: Fix flooded incomplete report after S3 on Rayd touchscreen Akshu Agrawal (1): ASoC: soc-pcm: Use delay set in component pointer function Alexandru Gagniuc (1): ALSA: hda/realtek - Add mute LED quirk for HP Spectre x360 Alexey Brodkin (2): ARC: [plat-axs*/plat-hsdk]: Allow U-Boot to pass MAC-address to the kernel ARC: [plat-axs*]: Enable SWAP Amit Daniel Kachhap (1): clk: scmi: Fix the rounding of clock rate Andrey Smirnov (1): mfd: rave-sp: Initialize flow control and parity of the port Aneesh Kumar K.V (1): mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported. Anthony Koo (1): drm/amd/display: Prevent PSR from being enabled if initialization fails Anton Vasilyev (8): media: davinci: vpif_display: Mix memory leak on probe error path media: dw2102: Fix memleak on sequence of probes misc: ti-st: Fix memory leak in the error path of probe() firmware: vpd: Fix section enabled flag on vpd_section_destroy tty: rocket: Fix possible buffer overwrite on register_PCI scsi: 3ware: fix return 0 on the error path of probe regulator: tps65217: Fix NULL pointer dereference on probe gpio: ml-ioh: Fix buffer underwrite on probe error path Arun Parameswaran (1): net: phy: Fix the register offsets in Broadcom iProc mdio mux driver Bartosz Golaszewski (1): memory: ti-aemif: fix a potential NULL-pointer dereference Benjamin Tissoires (2): HID: multitouch: fix Elan panels with 2 input modes declaration HID: core: fix grouping by application BingJing Chang (1): md/raid5: fix data corruption of replacements after originals dropped Brad Love (2): media: em28xx: Fix dual transport stream operation media: em28xx: Fix DualHD disconnect oops Calum Mackay (1): nfs: Referrals not inheriting proto setting from parent Chao Yu (10): f2fs: fix to active page in lru list for read path f2fs: fix to detect looped node chain correctly f2fs: try grabbing node page lock aggressively in sync scenario f2fs: fix to skip GC if type in SSA and SIT is inconsistent f2fs: fix to do sanity check with reserved blkaddr of inline inode f2fs: fix to wait on page writeback before updating page f2fs: fix to do sanity check with secs_per_zone f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize f2fs: fix to propagate return value of scan_nat_page() f2fs: fix to do sanity check with extra_attr feature Christophe Leroy (1): perf tools: Allow overriding MAX_NR_CPUS at compile time Dan Carpenter (4): misc: mic: SCIF Fix scif_get_new_port() error handling uio: potential double frees if __uio_register_device() fails pinctrl: imx: off by one in imx_pinconf_group_dbg_show() f2fs: Fix uninitialized return in f2fs_ioc_shutdown() Daniel Kurtz (1): pinctrl/amd: only handle irq if it is pending and unmasked Daniel Mack (1): gpio: pxa: disable pinctrl calls for PXA3xx Daniel Rosenberg (1): f2fs: Keep alloc_valid_block_count in sync Denis Drozdov (1): IB/IPoIB: Set ah valid flag in multicast send flow Dmitry Osipenko (1): gpio: tegra: Move driver registration to subsys_init level Emmanuel Grumbach (2): mac80211: don't update the PM state of a peer upon a multicast frame iwlwifi: pcie: don't access periphery registers when not available Felipe Balbi (1): i2c: i801: fix DNV's SMBCTRL register offset Felix Fietkau (2): ath9k: report tx status on EOSP ath9k_hw: fix channel maximum power level test Filipe Manana (1): Btrfs: fix data corruption when deduplicating between different files Filippo Sironi (1): x86/microcode: Update the new microcode revision unconditionally Finn Thain (1): macintosh/via-pmu: Add missing mmio accessors Florian Fainelli (1): ethtool: Remove trailing semicolon for static inline Gaurav Kohli (1): timers: Clear timer_base::must_forward_clk with timer_base::lock held Geert Uytterhoeven (1): iommu/ipmmu-vmsa: Fix allocation in atomic context Greg Kroah-Hartman (1): Linux 4.18.9 Guenter Roeck (1): powerpc/4xx: Fix error return path in ppc4xx_msi_probe() Gustavo A. R. Silva (1): switchtec: Fix Spectre v1 vulnerability Huaisheng Ye (1): tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() Ian Kent (1): autofs: fix autofs_sbi() does not check super block type Jae Hyun Yoo (1): i2c: aspeed: Add an explicit type casting for *get_clk_reg_val Jaegeuk Kim (1): f2fs: avoid potential deadlock in f2fs_sbi_store James Smart (2): scsi: lpfc: Correct MDS diag and nvmet configuration scsi: lpfc: Fix driver crash when re-registering NVME rports. Jann Horn (1): x86/process: Don't mix user/kernel regs in 64bit __show_regs() Jens Axboe (1): nbd: don't allow invalid blocksize settings Jinbum Park (1): pktcdvd: Fix possible Spectre-v1 for pkt_devs Jiri Olsa (1): perf c2c report: Fix crash for empty browser Joerg Roedel (1): x86/mm: Remove in_nmi() warning from vmalloc_fault() Johan Hedberg (1): Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV John Pittman (1): dm cache: only allow a single io_mode cache feature to be requested Kan Liang (1): perf evlist: Fix error out while applying initial delay and LBR Katsuhiro Suzuki (1): media: helene: fix xtal frequency setting at power on Konstantin Khlebnikov (1): block: bfq: swap puts in bfqg_and_blkg_put Lijun Ou (2): RDMA/hns: Add illegal hop_num judgement RDMA/hns: Update the data type of immediate data Linus Torvalds (1): mm: get rid of vmacache_flush_all() entirely Linus Walleij (1): tpm_tis_spi: Pass the SPI IRQ down to the driver Loic Poulain (1): wlcore: Set rx_status boottime_ns field on rx Lorenzo Pieralisi (2): PCI: mobiveil: Add missing ../pci.h include PCI: mobiveil: Fix struct mobiveil_pcie.pcie_reg_base address type Lu Fengqi (1): btrfs: fix qgroup_free wrong num_bytes in btrfs_subvolume_reserve_metadata Marc Zyngier (3): arm64: KVM: Only force FPEXC32_EL2.EN if trapping FPSIMD KVM: arm/arm64: Clean dcache to PoC when changing PTE due to CoW thermal_hwmon: Sanitize attribute name passed to hwmon Marcel Holtmann (1): Bluetooth: hidp: Fix handling of strncpy for hid->name information Mauricio Faria de Oliveira (2): partitions/aix: append null character to print data from disk partitions/aix: fix usage of uninitialized lv_info and lvname structures Michael Ellerman (1): powerpc/mm: Don't report PUDs as memory leaks when using kmemleak Michael Kelley (1): Drivers: hv: vmbus: Cleanup synic memory free path Mike Christie (2): scsi: target: fix __transport_register_session locking scsi: tcmu: do not set max_blocks if data_bitmap has been setup Mikhail Zaslonko (1): memory_hotplug: fix kernel_panic on offline page processing Mikulas Patocka (1): block: don't warn when doing fsync on read-only devices Minchan Kim (1): android: binder: fix the race mmap and alloc_new_buf_locked Ming Lei (1): blk-mq: fix updating tags depth Miquel Raynal (1): mtd: rawnand: make subop helpers return unsigned values Neeraj Upadhyay (1): cpu/hotplug: Adjust misplaced smb() in cpuhp_thread_fun() Nicholas Mc Guire (2): MIPS: Octeon: add missing of_node_put() MIPS: generic: fix missing of_node_put() Nick Dyer (1): Input: atmel_mxt_ts - only use first T9 instance Niklas Söderlund (1): media: rcar-csi2: update stream start for V3M Olga Kornievskaia (1): NFSv4.0 fix client reference leak in callback Parav Pandit (1): RDMA/cma: Do not ignore net namespace for unbound cm_id Paul Burton (3): MIPS: VDSO: Match data page cache colouring when D$ aliases MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Paul Mackerras (1): KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix() Peter Rosin (1): tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Peter Zijlstra (1): clocksource: Revert "Remove kthread" Petr Machata (1): net: dcb: For wild-card lookups, use priority -1, not 0 Philipp Zabel (1): gpu: ipu-v3: default to id 0 on missing OF alias Pierre Morel (1): KVM: s390: vsie: copy wrapping keys to right place Prarit Bhargava (1): x86/microcode: Make sure boot_cpu_data.microcode is up-to-date Quentin Schulz (1): MIPS: mscc: ocelot: fix length of memory address space for MIIM Quinn Tran (3): scsi: qla2xxx: Fix unintended Logout scsi: qla2xxx: Fix session state stuck in Get Port DB scsi: qla2xxx: Silent erroneous message Randy Dunlap (1): f2fs: fix defined but not used build warnings Reza Arbab (1): powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage Robert Schlabbach (1): media: em28xx: explicitly disable TS packet filter Roman Gushchin (1): selftests/bpf: fix a typo in map in map test Sam Bobroff (1): powerpc/pseries: fix EEH recovery of some IOV devices Sean Christopherson (6): KVM: x86: SVM: Set EMULTYPE_NO_REEXECUTE for RSM emulation KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr KVM: x86: Invert emulation re-execute behavior to make it opt-in KVM: x86: Merge EMULTYPE_RETRY and EMULTYPE_ALLOW_REEXECUTE KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault KVM: x86: Do not re-{try,execute} after failed emulation in L2 Shubhrajyoti Datta (1): i2c: xiic: Make the start and the byte count write atomic Simon Horman (1): thermal: rcar_thermal: avoid NULL dereference in absence of IRQ resources Srinivas Kandagatla (1): rpmsg: core: add support to power domains for devices Srinivas Pandruvada (2): ata: libahci: Allow reconfigure of DEVSLP register ata: libahci: Correct setting of DEVSLP register Stefan Agner (1): HID: input: fix leaking custom input node name Stefan Hajnoczi (1): device-dax: avoid hang on error before devm_memremap_pages() Steve French (2): SMB3: Backup intent flag missing for directory opens with backupuid mounts smb3: check for and properly advertise directory lease support Surabhi Vishnoi (1): ath10k: disable bundle mgmt tx completion event support Sven Eckelmann (1): ath10k: prevent active scans on potential unusable channels Sylwester Nawrocki (1): media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions Takashi Iwai (1): ALSA: hda - Fix cancel_work_sync() stall from jackpoll work Thomas Gleixner (2): cpu/hotplug: Prevent state corruption on error rollback x86/apic/vector: Make error return value negative Thomas Richter (1): perf build: Fix installation directory for eBPF Thomas Werschlein (1): cifs: connect to servername instead of IP for IPC$ share Todor Tomov (1): media: camss: csid: Configure data type and decode format properly Trond Myklebust (1): NFSv4.1: Fix a potential layoutget/layoutrecall deadlock Vlad Buslov (2): tc-testing: flush gact actions on test teardown tc-testing: remove duplicate spaces in connmark match patterns Will Deacon (1): iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel Xiubo Li (1): uio: fix possible circular locking dependency Yelena Krivosheev (1): net: mvneta: fix mtu change on port without link YueHaibing (1): pinctrl: berlin: fix 'pctrl->functions' allocation in berlin_pinctrl_build_state Yunlong Song (2): f2fs: do not set free of current section f2fs: issue discard align to section in LFS mode Zhang Rui (1): ACPI / LPSS: Force LPSS quirks on boot Zumeng Chen (1): mfd: ti_am335x_tscadc: Fix struct clk memory leak

6 years, 9 months

1
1
0 0

[PATCH 05/40] drm/i915: Handle incomplete Z_FINISH for compressed error states

by Chris Wilson

The final call to zlib_deflate(Z_FINISH) may require more output space to be allocated and so needs to re-invoked. Failure to do so in the current code leads to incomplete zlib streams (albeit intact due to the use of Z_SYNC_FLUSH) resulting in the occasional short object capture. Testcase: igt/i915-error-capture.js Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.10+ --- drivers/gpu/drm/i915/i915_gpu_error.c | 60 +++++++++++++++++++++------ 1 file changed, 47 insertions(+), 13 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index 2835cacd0d08..9789f4ff8c32 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -237,6 +237,7 @@ static int compress_page(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; + int flush = Z_NO_FLUSH; zstream->next_in = src; if (c->tmp && i915_memcpy_from_wc(c->tmp, src, PAGE_SIZE)) @@ -257,8 +258,11 @@ static int compress_page(struct compress *c, zstream->avail_out = PAGE_SIZE; } - if (zlib_deflate(zstream, Z_SYNC_FLUSH) != Z_OK) + if (zlib_deflate(zstream, flush) != Z_OK) return -EIO; + + if (zstream->avail_out) + flush = Z_SYNC_FLUSH; } while (zstream->avail_in); /* Fallback to uncompressed if we increase size? */ @@ -268,19 +272,43 @@ static int compress_page(struct compress *c, return 0; } -static void compress_fini(struct compress *c, +static int compress_flush(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; + unsigned long page; - if (dst) { - zlib_deflate(zstream, Z_FINISH); - dst->unused = zstream->avail_out; - } + do { + switch (zlib_deflate(zstream, Z_FINISH)) { + case Z_OK: /* more space requested */ + page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); + if (!page) + return -ENOMEM; + + dst->pages[dst->page_count++] = (void *)page; + zstream->next_out = (void *)page; + zstream->avail_out = PAGE_SIZE; + break; + case Z_STREAM_END: + goto end; + default: /* any error */ + return -EIO; + } + } while (1); + +end: + memset(zstream->next_out, 0, zstream->avail_out); + dst->unused = zstream->avail_out; + return 0; +} + +static void compress_fini(struct compress *c, + struct drm_i915_error_object *dst) +{ + struct z_stream_s *zstream = &c->zstream; zlib_deflateEnd(zstream); kfree(zstream->workspace); - if (c->tmp) free_page((unsigned long)c->tmp); } @@ -319,6 +347,12 @@ static int compress_page(struct compress *c, return 0; } +static int compress_flush(struct compress *c, + struct drm_i915_error_object *dst) +{ + return 0; +} + static void compress_fini(struct compress *c, struct drm_i915_error_object *dst) { @@ -951,15 +985,15 @@ i915_error_object_create(struct drm_i915_private *i915, if (ret) goto unwind; } - goto out; + if (compress_flush(&compress, dst)) { unwind: - while (dst->page_count--) - free_page((unsigned long)dst->pages[dst->page_count]); - kfree(dst); - dst = NULL; + while (dst->page_count--) + free_page((unsigned long)dst->pages[dst->page_count]); + kfree(dst); + dst = NULL; + } -out: compress_fini(&compress, dst); ggtt->vm.clear_range(&ggtt->vm, slot, PAGE_SIZE); return dst; -- 2.19.0

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] mei: bus: type promotion bug in mei_nfc_if_version()" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b40b3e9358fbafff6a4ba0f4b9658f6617146f9c Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Wed, 11 Jul 2018 15:29:31 +0300 Subject: [PATCH] mei: bus: type promotion bug in mei_nfc_if_version() We accidentally removed the check for negative returns without considering the issue of type promotion. The "if_version_length" variable is type size_t so if __mei_cl_recv() returns a negative then "bytes_recv" is type promoted to a high positive value and treated as success. Cc: <stable(a)vger.kernel.org> Fixes: 582ab27a063a ("mei: bus: fix received data size check in NFC fixup") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/misc/mei/bus-fixup.c b/drivers/misc/mei/bus-fixup.c index e45fe826d87d..65e28be3c8cc 100644 --- a/drivers/misc/mei/bus-fixup.c +++ b/drivers/misc/mei/bus-fixup.c @@ -341,7 +341,7 @@ static int mei_nfc_if_version(struct mei_cl *cl, ret = 0; bytes_recv = __mei_cl_recv(cl, (u8 *)reply, if_version_length, 0, 0); - if (bytes_recv < if_version_length) { + if (bytes_recv < 0 || bytes_recv < if_version_length) { dev_err(bus->dev, "Could not read IF version\n"); ret = -EIO; goto err;

6 years, 9 months

2
1
0 0

[PATCH 2/2] usb: roles: Take care of driver module reference counting

by Heikki Krogerus

This fixes potential "BUG: unable to handle kernel paging request at ..." from happening. Fixes: fde0aa6c175a ("usb: common: Small class for USB role switches") Cc: <stable(a)vger.kernel.org> Acked-by: Hans de Goede <hdegoede(a)redhat.com> Tested-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- drivers/usb/common/roles.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/usb/common/roles.c b/drivers/usb/common/roles.c index 15cc76e22123..99116af07f1d 100644 --- a/drivers/usb/common/roles.c +++ b/drivers/usb/common/roles.c @@ -109,8 +109,15 @@ static void *usb_role_switch_match(struct device_connection *con, int ep, */ struct usb_role_switch *usb_role_switch_get(struct device *dev) { - return device_connection_find_match(dev, "usb-role-switch", NULL, - usb_role_switch_match); + struct usb_role_switch *sw; + + sw = device_connection_find_match(dev, "usb-role-switch", NULL, + usb_role_switch_match); + + if (!IS_ERR_OR_NULL(sw)) + WARN_ON(!try_module_get(sw->dev.parent->driver->owner)); + + return sw; } EXPORT_SYMBOL_GPL(usb_role_switch_get); @@ -122,8 +129,10 @@ EXPORT_SYMBOL_GPL(usb_role_switch_get); */ void usb_role_switch_put(struct usb_role_switch *sw) { - if (!IS_ERR_OR_NULL(sw)) + if (!IS_ERR_OR_NULL(sw)) { put_device(&sw->dev); + module_put(sw->dev.parent->driver->owner); + } } EXPORT_SYMBOL_GPL(usb_role_switch_put); -- 2.18.0

6 years, 9 months

2
1
0 0

Re: [PATCH] printk: Fix panic caused by passing log_buf_len to command line

by Sasha Levin

Hi, [This is an automated email] This commit has been processed because it contains a -stable tag. The stable tag indicates that it's relevant for the following trees: all The bot has tested the following trees: v4.18.8, v4.14.70, v4.9.127, v4.4.156, v3.18.122, v4.18.8: Build OK! v4.14.70: Build OK! v4.9.127: Build OK! v4.4.156: Build OK! v3.18.122: Build failed! Errors: Please let us know how to resolve this. -- Thanks, Sasha

6 years, 9 months

1
0
0 0

[GIT PULL] ring-buffer: Allow for rescheduling when removing pages

by Steven Rostedt

Linus (aka Greg), Vaibhav Nagarnaik found that modifying the ring buffer size could cause a huge latency in the system because it does a while loop to free pages without releasing the CPU (on non preempt kernels). In a case where there are hundreds of thousands of pages to free it could actually cause a system stall. A properly place cond_resched() solves this issue. Please pull the latest trace-v4.19-rc4 tree, which can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git trace-v4.19-rc4 Tag SHA1: 977e4fb3741e24151a255ee13bd4a1224545ae4e Head SHA1: 83f365554e47997ec68dc4eca3f5dce525cd15c3 Vaibhav Nagarnaik (1): ring-buffer: Allow for rescheduling when removing pages ---- kernel/trace/ring_buffer.c | 2 ++ 1 file changed, 2 insertions(+) --------------------------- commit 83f365554e47997ec68dc4eca3f5dce525cd15c3 Author: Vaibhav Nagarnaik <vnagarnaik(a)google.com> Date: Fri Sep 7 15:31:29 2018 -0700 ring-buffer: Allow for rescheduling when removing pages When reducing ring buffer size, pages are removed by scheduling a work item on each CPU for the corresponding CPU ring buffer. After the pages are removed from ring buffer linked list, the pages are free()d in a tight loop. The loop does not give up CPU until all pages are removed. In a worst case behavior, when lot of pages are to be freed, it can cause system stall. After the pages are removed from the list, the free() can happen while the work is rescheduled. Call cond_resched() in the loop to prevent the system hangup. Link: http://lkml.kernel.org/r/20180907223129.71994-1-vnagarnaik@google.com Cc: stable(a)vger.kernel.org Fixes: 83f40318dab00 ("ring-buffer: Make removal of ring buffer pages atomic") Reported-by: Jason Behmer <jbehmer(a)google.com> Signed-off-by: Vaibhav Nagarnaik <vnagarnaik(a)google.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 1d92d4a982fd..65bd4616220d 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -1546,6 +1546,8 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned long nr_pages) tmp_iter_page = first_page; do { + cond_resched(); + to_remove_page = tmp_iter_page; rb_inc_page(cpu_buffer, &tmp_iter_page);

6 years, 9 months

2
3
0 0

Interested in purchasing posts on your site

by Andy Macia

Hi There, Im reaching out to you because Im interested in purchasing a backlink from your site. The link will go to a high quality drug and alcohol rehabilitation information page. Ive made a short video explaining exactly what Im looking for: http://mtrack.me/tracking/raWzMz50paMkCGD1BQRlZGV5AwLzMKWjqzA2pzSaqaR9AGV4A… Ideally, the link will be placed in a relevant, existing post/page on your website. Please let me know your rates as soon as possible. Thank you for your time and consideration, Andy Macia (949) 467-1404 [Unsubscribe ] <http://mtrack.me/unsub/eng/raWzMz50paMkCGD1BQRlZGV5AwLzMKWjqzA2pzSaqaR9AGV4…>

6 years, 9 months

1
0
0 0

[PATCH 13/19] mtd: nand: pxa3xx: Fix READOOB implementation

by kostap＠marvell.com

From: Boris Brezillon <boris.brezillon(a)free-electrons.com> In the current driver, OOB bytes are accessed in raw mode, and when a page access is done with NDCR_SPARE_EN set and NDCR_ECC_EN cleared, the driver must read the whole spare area (64 bytes in case of a 2k page, 16 bytes for a 512 page). The driver was only reading the free OOB bytes, which was leaving some unread data in the FIFO and was somehow leading to a timeout. We could patch the driver to read ->spare_size + ->ecc_size instead of just ->spare_size when READOOB is requested, but we'd better make in-band and OOB accesses consistent. Since the driver is always accessing in-band data in non-raw mode (with the ECC engine enabled), we should also access OOB data in this mode. That's particularly useful when using the BCH engine because in this mode the free OOB bytes are also ECC protected. Fixes: 43bcfd2bb24a ("mtd: nand: pxa3xx: Add driver-specific ECC BCH support") Cc: stable(a)vger.kernel.org Reported-by: Sean Nyekjær <sean.nyekjaer(a)prevas.dk> Tested-by: Willy Tarreau <w(a)1wt.eu> Signed-off-by: Boris Brezillon <boris.brezillon(a)free-electrons.com> Acked-by: Ezequiel Garcia <ezequiel(a)vanguardiasur.com.ar> Tested-by: Sean Nyekjaer <sean.nyekjaer(a)prevas.dk> Acked-by: Robert Jarzmik <robert.jarzmik(a)free.fr> Signed-off-by: Richard Weinberger <richard(a)nod.at> Signed-off-by: Ofer Heifetz <oferh(a)marvell.com> Reviewed-by: Igal Liberman <igall(a)marvell.com> Cc: Stefan Roese <sr(a)denx.de> Cc: Simon Glass <sjg(a)chromium.org> --- drivers/mtd/nand/pxa3xx_nand.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mtd/nand/pxa3xx_nand.c b/drivers/mtd/nand/pxa3xx_nand.c index b64dd0d..c1f7d61 100644 --- a/drivers/mtd/nand/pxa3xx_nand.c +++ b/drivers/mtd/nand/pxa3xx_nand.c @@ -750,6 +750,7 @@ static void prepare_start_command(struct pxa3xx_nand_info *info, int command) switch (command) { case NAND_CMD_READ0: + case NAND_CMD_READOOB: case NAND_CMD_PAGEPROG: info->use_ecc = 1; break; -- 2.7.4

6 years, 9 months

2
1
0 0

[PATCH 5/6] drm/i915: Fix intel_dp_mst_best_encoder()

by Lyude Paul

Currently, i915 appears to rely on blocking modesets on no-longer-present MSTB ports by simply returning NULL for ->best_encoder(), which in turn causes any new atomic commits that don't disable the CRTC to fail. This is wrong however, since we still want to allow userspace to disable CRTCs on no-longer-present MSTB ports by changing the DPMS state to off and this still requires that we retrieve an encoder. So, fix this by always returning a valid encoder regardless of the state of the MST port. Additionally, make intel_dp_mst_atomic_check() simply rely on drm_dp_mst_connector_atomic_check() to prevent new modesets on no-longer-present MSTB ports. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index a366f32b048a..2b798d4592f0 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -106,14 +106,21 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, } static int intel_dp_mst_atomic_check(struct drm_connector *connector, - struct drm_connector_state *new_conn_state) + struct drm_connector_state *new_conn_state) { struct drm_atomic_state *state = new_conn_state->state; struct drm_connector_state *old_conn_state; struct drm_crtc *old_crtc; struct drm_crtc_state *crtc_state; + struct drm_dp_mst_topology_mgr *mgr = + &to_intel_connector(connector)->mst_port->mst_mgr; int slots, ret = 0; + ret = drm_dp_mst_connector_atomic_check(connector, new_conn_state, + mgr); + if (ret) + return ret; + old_conn_state = drm_atomic_get_old_connector_state(state, connector); old_crtc = old_conn_state->crtc; if (!old_crtc) @@ -122,12 +129,6 @@ static int intel_dp_mst_atomic_check(struct drm_connector *connector, crtc_state = drm_atomic_get_new_crtc_state(state, old_crtc); slots = to_intel_crtc_state(crtc_state)->dp_m_n.tu; if (drm_atomic_crtc_needs_modeset(crtc_state) && slots > 0) { - struct drm_dp_mst_topology_mgr *mgr; - struct drm_encoder *old_encoder; - - old_encoder = old_conn_state->best_encoder; - mgr = &enc_to_mst(old_encoder)->primary->dp.mst_mgr; - ret = drm_dp_atomic_release_vcpi_slots(state, mgr, slots); if (ret) DRM_DEBUG_KMS("failed releasing %d vcpi slots:%d\n", slots, ret); @@ -407,8 +408,6 @@ static struct drm_encoder *intel_mst_atomic_best_encoder(struct drm_connector *c struct intel_dp *intel_dp = intel_connector->mst_port; struct intel_crtc *crtc = to_intel_crtc(state->crtc); - if (intel_connector->mst_port_gone) - return NULL; return &intel_dp->mst_encoders[crtc->pipe]->base.base; } -- 2.17.1

6 years, 9 months

1
0
0 0

[PATCH 4/6] drm/i915: Skip vcpi allocation for MSTB ports that are gone

by Lyude Paul

Since we need to be able to allow DPMS on->off prop changes after an MST port has disappeared from the system, we need to be able to make sure we can compute a config for the resulting atomic commit. Currently this is impossible when the port has disappeared, since the VCPI slot searching we try to do in intel_dp_mst_compute_config() will fail with -EINVAL. Since the only commits we want to allow on no-longer-present MST ports are ones that shut off display hardware, we already know that no VCPI allocations are needed. So, hardcode the VCPI slot count to 0 when intel_dp_mst_compute_config() is called on an MST port that's gone. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/i915/intel_dp_mst.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp_mst.c b/drivers/gpu/drm/i915/intel_dp_mst.c index fcb9b87b9339..a366f32b048a 100644 --- a/drivers/gpu/drm/i915/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/intel_dp_mst.c @@ -42,7 +42,7 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, to_intel_connector(conn_state->connector); struct drm_atomic_state *state = pipe_config->base.state; int bpp; - int lane_count, slots; + int lane_count, slots = 0; const struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; int mst_pbn; bool reduce_m_n = drm_dp_has_quirk(&intel_dp->desc, @@ -76,11 +76,16 @@ static bool intel_dp_mst_compute_config(struct intel_encoder *encoder, mst_pbn = drm_dp_calc_pbn_mode(adjusted_mode->crtc_clock, bpp); pipe_config->pbn = mst_pbn; - slots = drm_dp_atomic_find_vcpi_slots(state, &intel_dp->mst_mgr, - connector->port, mst_pbn); - if (slots < 0) { - DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", slots); - return false; + if (!connector->mst_port_gone) { + slots = drm_dp_atomic_find_vcpi_slots(state, + &intel_dp->mst_mgr, + connector->port, + mst_pbn); + if (slots < 0) { + DRM_DEBUG_KMS("failed finding vcpi slots:%d\n", + slots); + return false; + } } intel_link_compute_m_n(bpp, lane_count, -- 2.17.1

6 years, 9 months

1
0
0 0

[PATCH 2/6] drm/nouveau: Unbreak nv50_mstc->best_encoder()

by Lyude Paul

As mentioned in the previous commit, we currently prevent new modesets on recently-removed MST connectors by returning no encoder from our ->best_encoder() callback once the MST port has disappeared. This is wrong however, because it prevents legacy modesetting users from being able to disable CRTCs on MST connectors after the connector's respective topology has disappeared. So, fix this by instead using the new drm_dp_mst_connector_atomic_check() helper instead while always returning a valid encoder from ->best_encoder(). Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9da0bdfe1e1c..8d6f6ee9bc75 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -881,22 +881,16 @@ nv50_mstc_atomic_best_encoder(struct drm_connector *connector, { struct nv50_head *head = nv50_head(connector_state->crtc); struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[head->base.index]->encoder; - } - return NULL; + + return &mstc->mstm->msto[head->base.index]->encoder; } static struct drm_encoder * nv50_mstc_best_encoder(struct drm_connector *connector) { struct nv50_mstc *mstc = nv50_mstc(connector); - if (mstc->port) { - struct nv50_mstm *mstm = mstc->mstm; - return &mstm->msto[0]->encoder; - } - return NULL; + + return &mstc->mstm->msto[0]->encoder; } static enum drm_mode_status @@ -926,10 +920,21 @@ nv50_mstc_get_modes(struct drm_connector *connector) return ret; } +static int +nv50_mstc_atomic_check(struct drm_connector *connector, + struct drm_connector_state *state) +{ + struct nv50_mstc *mstc = nv50_mstc(connector); + + return drm_dp_mst_connector_atomic_check(connector, state, + &mstc->mstm->mgr); +} + static const struct drm_connector_helper_funcs nv50_mstc_help = { .get_modes = nv50_mstc_get_modes, .mode_valid = nv50_mstc_mode_valid, + .atomic_check = nv50_mstc_atomic_check, .best_encoder = nv50_mstc_best_encoder, .atomic_best_encoder = nv50_mstc_atomic_best_encoder, }; -- 2.17.1

6 years, 9 months

1
0
0 0

[PATCH v5 0/7] mm: Merge hmm into devm_memremap_pages, mark GPL-only

by Dan Williams

Changes since v4 [1]: * Rebase on v4.19-rc3 * Update changelogs and cover letter [1]: https://lkml.org/lkml/2018/7/11/14 --- Hi Andrew, Back from vacation and this series is still top of mind. devm_memremap_pages() is a facility that can create struct page entries for any arbitrary range and give drivers the ability to subvert core aspects of page management. It, and anything derived from it (e.g. hmm, pcip2p, etc...), is an EXPORT_SYMBOL_GPL() interface. I see that commit 31c5bda3a656 "mm: fix exports that inadvertently make put_page() EXPORT_SYMBOL_GPL" was merged ahead of this series to relieve some of the pressure from innocent consumers of put_page(), but now we need this series to address *producers* of device pages. More details and justification in the changelogs. The 0day infrastructure has reported success across 182 configs and this survives the libnvdimm unit test suite. Aside from the controversial bits the diffstat is compelling at: 7 files changed, 138 insertions(+), 328 deletions(-). Note that the series has some minor collisions with Alex's recent series to improve devm_memremap_pages() scalability [2]. So, whichever you take first the other will need a minor rebase. [2]: https://www.lkml.org/lkml/2018/9/11/10 --- Dan Williams (7): mm, devm_memremap_pages: Mark devm_memremap_pages() EXPORT_SYMBOL_GPL mm, devm_memremap_pages: Kill mapping "System RAM" support mm, devm_memremap_pages: Fix shutdown handling mm, devm_memremap_pages: Add MEMORY_DEVICE_PRIVATE support mm, hmm: Use devm semantics for hmm_devmem_{add,remove} mm, hmm: Replace hmm_devmem_pages_create() with devm_memremap_pages() mm, hmm: Mark hmm_devmem_{add,add_resource} EXPORT_SYMBOL_GPL drivers/dax/pmem.c | 15 -- drivers/nvdimm/pmem.c | 18 +- include/linux/hmm.h | 4 include/linux/memremap.h | 7 + kernel/memremap.c | 98 ++++++++---- mm/hmm.c | 303 +++++-------------------------------- tools/testing/nvdimm/test/iomap.c | 21 ++- 7 files changed, 138 insertions(+), 328 deletions(-)

6 years, 9 months

3
4
0 0

[PATCH v3] tpm: Restore functionality to xen vtpm driver.

by Boris Ostrovsky

From: "Dr. Greg Wettstein" <greg(a)wind.enjellic.com> Functionality of the xen-tpmfront driver was lost secondary to the introduction of xenbus multi-page support in commit ccc9d90a9a8b ("xenbus_client: Extend interface to support multi-page ring"). In this commit pointer to location of where the shared page address is stored was being passed to the xenbus_grant_ring() function rather then the address of the shared page itself. This resulted in a situation where the driver would attach to the vtpm-stubdom but any attempt to send a command to the stub domain would timeout. A diagnostic finding for this regression is the following error message being generated when the xen-tpmfront driver probes for a device: <3>vtpm vtpm-0: tpm_transmit: tpm_send: error -62 <3>vtpm vtpm-0: A TPM error (-62) occurred attempting to determine the timeouts This fix is relevant to all kernels from 4.1 forward which is the release in which multi-page xenbus support was introduced. Daniel De Graaf formulated the fix by code inspection after the regression point was located. Fixes: ccc9d90a9a8b ("xenbus_client: Extend interface to support multi-page ring") Signed-off-by: Dr. Greg Wettstein <greg(a)enjellic.com> [boris: Updated commit message, added Fixes tag] Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: stable(a)vger.kernel.org # v4.1+ --- drivers/char/tpm/xen-tpmfront.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/char/tpm/xen-tpmfront.c b/drivers/char/tpm/xen-tpmfront.c index 911475d36800..b150f87f38f5 100644 --- a/drivers/char/tpm/xen-tpmfront.c +++ b/drivers/char/tpm/xen-tpmfront.c @@ -264,7 +264,7 @@ static int setup_ring(struct xenbus_device *dev, struct tpm_private *priv) return -ENOMEM; } - rv = xenbus_grant_ring(dev, &priv->shr, 1, &gref); + rv = xenbus_grant_ring(dev, priv->shr, 1, &gref); if (rv < 0) return rv; -- 2.17.1

6 years, 9 months

2
1
0 0

[PATCH 4.18 000/158] 4.18.9-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.9 release. There are 158 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Sep 19 21:16:14 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.9-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.9-rc1 Linus Torvalds <torvalds(a)linux-foundation.org> mm: get rid of vmacache_flush_all() entirely Ian Kent <raven(a)themaw.net> autofs: fix autofs_sbi() does not check super block type Peter Zijlstra <peterz(a)infradead.org> clocksource: Revert "Remove kthread" Parav Pandit <parav(a)mellanox.com> RDMA/cma: Do not ignore net namespace for unbound cm_id Quentin Schulz <quentin.schulz(a)bootlin.com> MIPS: mscc: ocelot: fix length of memory address space for MIIM Paul Burton <paul.burton(a)mips.com> MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Lijun Ou <oulijun(a)huawei.com> RDMA/hns: Update the data type of immediate data Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.1: Fix a potential layoutget/layoutrecall deadlock Lijun Ou <oulijun(a)huawei.com> RDMA/hns: Add illegal hop_num judgement Chao Yu <yuchao0(a)huawei.com> f2fs: fix to do sanity check with extra_attr feature Chao Yu <yuchao0(a)huawei.com> f2fs: fix to propagate return value of scan_nat_page() Chao Yu <yuchao0(a)huawei.com> f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize Zumeng Chen <zumeng.chen(a)gmail.com> mfd: ti_am335x_tscadc: Fix struct clk memory leak Geert Uytterhoeven <geert+renesas(a)glider.be> iommu/ipmmu-vmsa: Fix allocation in atomic context Andrey Smirnov <andrew.smirnov(a)gmail.com> mfd: rave-sp: Initialize flow control and parity of the port Chao Yu <yuchao0(a)huawei.com> f2fs: fix to do sanity check with secs_per_zone Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: avoid potential deadlock in f2fs_sbi_store Brad Love <brad(a)nextdimension.cc> media: em28xx: Fix DualHD disconnect oops Dan Carpenter <dan.carpenter(a)oracle.com> f2fs: Fix uninitialized return in f2fs_ioc_shutdown() Chao Yu <yuchao0(a)huawei.com> f2fs: fix to wait on page writeback before updating page Will Deacon <will.deacon(a)arm.com> iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel Brad Love <brad(a)nextdimension.cc> media: em28xx: Fix dual transport stream operation Anthony Koo <Anthony.Koo(a)amd.com> drm/amd/display: Prevent PSR from being enabled if initialization fails Katsuhiro Suzuki <suzuki.katsuhiro(a)socionext.com> media: helene: fix xtal frequency setting at power on Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: rcar-csi2: update stream start for V3M Mauricio Faria de Oliveira <mfo(a)canonical.com> partitions/aix: fix usage of uninitialized lv_info and lvname structures Mauricio Faria de Oliveira <mfo(a)canonical.com> partitions/aix: append null character to print data from disk Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions Nick Dyer <nick.dyer(a)itdev.co.uk> Input: atmel_mxt_ts - only use first T9 instance John Pittman <jpittman(a)redhat.com> dm cache: only allow a single io_mode cache feature to be requested Petr Machata <petrm(a)mellanox.com> net: dcb: For wild-card lookups, use priority -1, not 0 Marc Zyngier <marc.zyngier(a)arm.com> thermal_hwmon: Sanitize attribute name passed to hwmon Simon Horman <horms+renesas(a)verge.net.au> thermal: rcar_thermal: avoid NULL dereference in absence of IRQ resources Nicholas Mc Guire <hofrat(a)osadl.org> MIPS: generic: fix missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> MIPS: Octeon: add missing of_node_put() Chao Yu <yuchao0(a)huawei.com> f2fs: fix to do sanity check with reserved blkaddr of inline inode Peter Rosin <peda(a)axentia.se> tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Linus Walleij <linus.walleij(a)linaro.org> tpm_tis_spi: Pass the SPI IRQ down to the driver Chao Yu <yuchao0(a)huawei.com> f2fs: fix to skip GC if type in SSA and SIT is inconsistent Jinbum Park <jinb.park7(a)gmail.com> pktcdvd: Fix possible Spectre-v1 for pkt_devs Chao Yu <yuchao0(a)huawei.com> f2fs: try grabbing node page lock aggressively in sync scenario Yelena Krivosheev <yelena(a)marvell.com> net: mvneta: fix mtu change on port without link Daniel Kurtz <djkurtz(a)chromium.org> pinctrl/amd: only handle irq if it is pending and unmasked Anton Vasilyev <vasilyev(a)ispras.ru> gpio: ml-ioh: Fix buffer underwrite on probe error path Daniel Mack <daniel(a)zonque.org> gpio: pxa: disable pinctrl calls for PXA3xx Dan Carpenter <dan.carpenter(a)oracle.com> pinctrl: imx: off by one in imx_pinconf_group_dbg_show() Anton Vasilyev <vasilyev(a)ispras.ru> regulator: tps65217: Fix NULL pointer dereference on probe Joerg Roedel <jroedel(a)suse.de> x86/mm: Remove in_nmi() warning from vmalloc_fault() Marcel Holtmann <marcel(a)holtmann.org> Bluetooth: hidp: Fix handling of strncpy for hid->name information Michael Ellerman <mpe(a)ellerman.id.au> powerpc/mm: Don't report PUDs as memory leaks when using kmemleak Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> PCI: mobiveil: Fix struct mobiveil_pcie.pcie_reg_base address type Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> PCI: mobiveil: Add missing ../pci.h include Robert Schlabbach <Robert.Schlabbach(a)gmx.net> media: em28xx: explicitly disable TS packet filter Surabhi Vishnoi <svishnoi(a)codeaurora.org> ath10k: disable bundle mgmt tx completion event support Huaisheng Ye <yehs1(a)lenovo.com> tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() Anton Vasilyev <vasilyev(a)ispras.ru> scsi: 3ware: fix return 0 on the error path of probe Calum Mackay <calum.mackay(a)oracle.com> nfs: Referrals not inheriting proto setting from parent Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> ata: libahci: Correct setting of DEVSLP register Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> ata: libahci: Allow reconfigure of DEVSLP register Paul Burton <paul.burton(a)mips.com> MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET Mike Christie <mchristi(a)redhat.com> scsi: tcmu: do not set max_blocks if data_bitmap has been setup Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: make subop helpers return unsigned values Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> rpmsg: core: add support to power domains for devices Loic Poulain <loic.poulain(a)linaro.org> wlcore: Set rx_status boottime_ns field on rx Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath10k: prevent active scans on potential unusable channels Felix Fietkau <nbd(a)nbd.name> ath9k_hw: fix channel maximum power level test Felix Fietkau <nbd(a)nbd.name> ath9k: report tx status on EOSP Thomas Richter <tmricht(a)linux.ibm.com> perf build: Fix installation directory for eBPF Finn Thain <fthain(a)telegraphics.com.au> macintosh/via-pmu: Add missing mmio accessors Sam Bobroff <sbobroff(a)linux.ibm.com> powerpc/pseries: fix EEH recovery of some IOV devices Kan Liang <kan.liang(a)linux.intel.com> perf evlist: Fix error out while applying initial delay and LBR Jiri Olsa <jolsa(a)kernel.org> perf c2c report: Fix crash for empty browser Olga Kornievskaia <kolga(a)netapp.com> NFSv4.0 fix client reference leak in callback Stefan Hajnoczi <stefanha(a)redhat.com> device-dax: avoid hang on error before devm_memremap_pages() Christophe Leroy <christophe.leroy(a)c-s.fr> perf tools: Allow overriding MAX_NR_CPUS at compile time Akshu Agrawal <akshu.agrawal(a)amd.com> ASoC: soc-pcm: Use delay set in component pointer function Chao Yu <yuchao0(a)huawei.com> f2fs: fix to detect looped node chain correctly Randy Dunlap <rdunlap(a)infradead.org> f2fs: fix defined but not used build warnings Yunlong Song <yunlong.song(a)huawei.com> f2fs: issue discard align to section in LFS mode Daniel Rosenberg <drosen(a)google.com> f2fs: Keep alloc_valid_block_count in sync Yunlong Song <yunlong.song(a)huawei.com> f2fs: do not set free of current section Chao Yu <yuchao0(a)huawei.com> f2fs: fix to active page in lru list for read path Denis Drozdov <denisd(a)mellanox.com> IB/IPoIB: Set ah valid flag in multicast send flow Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> iwlwifi: pcie: don't access periphery registers when not available Xiubo Li <xiubli(a)redhat.com> uio: fix possible circular locking dependency Anton Vasilyev <vasilyev(a)ispras.ru> tty: rocket: Fix possible buffer overwrite on register_PCI Michael Kelley <mikelley(a)microsoft.com> Drivers: hv: vmbus: Cleanup synic memory free path Anton Vasilyev <vasilyev(a)ispras.ru> firmware: vpd: Fix section enabled flag on vpd_section_destroy Dan Carpenter <dan.carpenter(a)oracle.com> uio: potential double frees if __uio_register_device() fails Anton Vasilyev <vasilyev(a)ispras.ru> misc: ti-st: Fix memory leak in the error path of probe() Philipp Zabel <p.zabel(a)pengutronix.de> gpu: ipu-v3: default to id 0 on missing OF alias Todor Tomov <todor.tomov(a)linaro.org> media: camss: csid: Configure data type and decode format properly Gaurav Kohli <gkohli(a)codeaurora.org> timers: Clear timer_base::must_forward_clk with timer_base::lock held BingJing Chang <bingjingc(a)synology.com> md/raid5: fix data corruption of replacements after originals dropped Mike Christie <mchristi(a)redhat.com> scsi: target: fix __transport_register_session locking James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix driver crash when re-registering NVME rports. Ming Lei <ming.lei(a)redhat.com> blk-mq: fix updating tags depth Amit Daniel Kachhap <amit.kachhap(a)arm.com> clk: scmi: Fix the rounding of clock rate Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Silent erroneous message Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix session state stuck in Get Port DB Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Fix unintended Logout Arun Parameswaran <arun.parameswaran(a)broadcom.com> net: phy: Fix the register offsets in Broadcom iProc mdio mux driver Anton Vasilyev <vasilyev(a)ispras.ru> media: dw2102: Fix memleak on sequence of probes Anton Vasilyev <vasilyev(a)ispras.ru> media: davinci: vpif_display: Mix memory leak on probe error path Roman Gushchin <guro(a)fb.com> selftests/bpf: fix a typo in map in map test Guenter Roeck <linux(a)roeck-us.net> powerpc/4xx: Fix error return path in ppc4xx_msi_probe() Reza Arbab <arbab(a)linux.ibm.com> powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage Dmitry Osipenko <digetx(a)gmail.com> gpio: tegra: Move driver registration to subsys_init level YueHaibing <yuehaibing(a)huawei.com> pinctrl: berlin: fix 'pctrl->functions' allocation in berlin_pinctrl_build_state Johan Hedberg <johan.hedberg(a)intel.com> Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV Jae Hyun Yoo <jae.hyun.yoo(a)linux.intel.com> i2c: aspeed: Add an explicit type casting for *get_clk_reg_val Florian Fainelli <f.fainelli(a)gmail.com> ethtool: Remove trailing semicolon for static inline Alexandru Gagniuc <mr.nuke.me(a)gmail.com> ALSA: hda/realtek - Add mute LED quirk for HP Spectre x360 Dan Carpenter <dan.carpenter(a)oracle.com> misc: mic: SCIF Fix scif_get_new_port() error handling Vlad Buslov <vladbu(a)mellanox.com> tc-testing: remove duplicate spaces in connmark match patterns Vlad Buslov <vladbu(a)mellanox.com> tc-testing: flush gact actions on test teardown Alexey Brodkin <abrodkin(a)synopsys.com> ARC: [plat-axs*]: Enable SWAP Gustavo A. R. Silva <gustavo(a)embeddedor.com> switchtec: Fix Spectre v1 vulnerability Thomas Gleixner <tglx(a)linutronix.de> x86/apic/vector: Make error return value negative Jann Horn <jannh(a)google.com> x86/process: Don't mix user/kernel regs in 64bit __show_regs() Filippo Sironi <sironi(a)amazon.de> x86/microcode: Update the new microcode revision unconditionally Prarit Bhargava <prarit(a)redhat.com> x86/microcode: Make sure boot_cpu_data.microcode is up-to-date Thomas Gleixner <tglx(a)linutronix.de> cpu/hotplug: Prevent state corruption on error rollback Neeraj Upadhyay <neeraju(a)codeaurora.org> cpu/hotplug: Adjust misplaced smb() in cpuhp_thread_fun() Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Fix cancel_work_sync() stall from jackpoll work Bartosz Golaszewski <bgolaszewski(a)baylibre.com> memory: ti-aemif: fix a potential NULL-pointer dereference Zhang Rui <rui.zhang(a)intel.com> ACPI / LPSS: Force LPSS quirks on boot Alexey Brodkin <abrodkin(a)synopsys.com> ARC: [plat-axs*/plat-hsdk]: Allow U-Boot to pass MAC-address to the kernel Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: Do not re-{try,execute} after failed emulation in L2 Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: Merge EMULTYPE_RETRY and EMULTYPE_ALLOW_REEXECUTE Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: Invert emulation re-execute behavior to make it opt-in Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86: SVM: Set EMULTYPE_NO_REEXECUTE for RSM emulation Pierre Morel <pmorel(a)linux.ibm.com> KVM: s390: vsie: copy wrapping keys to right place Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix() Marc Zyngier <marc.zyngier(a)arm.com> KVM: arm/arm64: Clean dcache to PoC when changing PTE due to CoW Marc Zyngier <marc.zyngier(a)arm.com> arm64: KVM: Only force FPEXC32_EL2.EN if trapping FPSIMD Filipe Manana <fdmanana(a)suse.com> Btrfs: fix data corruption when deduplicating between different files Lu Fengqi <lufq.fnst(a)cn.fujitsu.com> btrfs: fix qgroup_free wrong num_bytes in btrfs_subvolume_reserve_metadata Thomas Werschlein <thomas.werschlein(a)geo.uzh.ch> cifs: connect to servername instead of IP for IPC$ share Steve French <stfrench(a)microsoft.com> smb3: check for and properly advertise directory lease support Steve French <stfrench(a)microsoft.com> SMB3: Backup intent flag missing for directory opens with backupuid mounts Paul Burton <paul.burton(a)mips.com> MIPS: VDSO: Match data page cache colouring when D$ aliases Minchan Kim <minchan(a)kernel.org> android: binder: fix the race mmap and alloc_new_buf_locked Konstantin Khlebnikov <khlebnikov(a)yandex-team.ru> block: bfq: swap puts in bfqg_and_blkg_put Mikulas Patocka <mpatocka(a)redhat.com> block: don't warn when doing fsync on read-only devices Jens Axboe <axboe(a)kernel.dk> nbd: don't allow invalid blocksize settings James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Correct MDS diag and nvmet configuration Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> mac80211: don't update the PM state of a peer upon a multicast frame Mikhail Zaslonko <zaslonko(a)linux.ibm.com> memory_hotplug: fix kernel_panic on offline page processing Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported. Stefan Agner <stefan(a)agner.ch> HID: input: fix leaking custom input node name AceLan Kao <acelan.kao(a)canonical.com> HID: i2c-hid: Fix flooded incomplete report after S3 on Rayd touchscreen Benjamin Tissoires <benjamin.tissoires(a)redhat.com> HID: core: fix grouping by application Benjamin Tissoires <benjamin.tissoires(a)redhat.com> HID: multitouch: fix Elan panels with 2 input modes declaration Felipe Balbi <felipe.balbi(a)linux.intel.com> i2c: i801: fix DNV's SMBCTRL register offset Shubhrajyoti Datta <shubhrajyoti.datta(a)xilinx.com> i2c: xiic: Make the start and the byte count write atomic ------------- Diffstat: Makefile | 4 +- arch/arc/boot/dts/axs10x_mb.dtsi | 7 ++- arch/arc/boot/dts/hsdk.dts | 7 ++- arch/arc/configs/axs101_defconfig | 1 - arch/arc/configs/axs103_defconfig | 1 - arch/arc/configs/axs103_smp_defconfig | 1 - arch/arm64/kvm/hyp/switch.c | 9 ++- arch/mips/boot/dts/mscc/ocelot.dtsi | 2 +- arch/mips/cavium-octeon/octeon-platform.c | 2 + arch/mips/generic/init.c | 1 + arch/mips/include/asm/io.h | 8 +-- arch/mips/kernel/vdso.c | 20 ++++++ arch/mips/mm/c-r4k.c | 6 +- arch/powerpc/include/asm/book3s/64/pgalloc.h | 23 ++++++- arch/powerpc/kvm/book3s_64_mmu_radix.c | 6 +- arch/powerpc/platforms/4xx/msi.c | 51 ++++++++------- arch/powerpc/platforms/powernv/npu-dma.c | 5 +- arch/powerpc/platforms/pseries/setup.c | 25 +++++--- arch/s390/kvm/vsie.c | 3 +- arch/x86/include/asm/kdebug.h | 12 +++- arch/x86/include/asm/kvm_host.h | 16 +++-- arch/x86/kernel/apic/vector.c | 2 +- arch/x86/kernel/cpu/microcode/amd.c | 24 ++++--- arch/x86/kernel/cpu/microcode/intel.c | 17 +++-- arch/x86/kernel/dumpstack.c | 11 +--- arch/x86/kernel/process_32.c | 4 +- arch/x86/kernel/process_64.c | 12 +++- arch/x86/kvm/mmu.c | 21 +++++-- arch/x86/kvm/svm.c | 4 +- arch/x86/kvm/vmx.c | 4 +- arch/x86/kvm/x86.c | 10 ++- arch/x86/mm/fault.c | 2 - block/bfq-cgroup.c | 4 +- block/blk-core.c | 5 +- block/blk-mq-tag.c | 8 +-- block/partitions/aix.c | 13 ++-- drivers/acpi/acpi_lpss.c | 2 +- drivers/android/binder_alloc.c | 43 ++++++++++--- drivers/ata/libahci.c | 20 +++--- drivers/base/memory.c | 20 +++--- drivers/block/nbd.c | 3 + drivers/block/pktcdvd.c | 4 +- drivers/bluetooth/Kconfig | 1 + drivers/char/tpm/tpm_i2c_infineon.c | 8 +-- drivers/char/tpm/tpm_tis_spi.c | 9 ++- drivers/clk/clk-scmi.c | 5 +- drivers/dax/pmem.c | 12 ++-- drivers/firmware/google/vpd.c | 5 +- drivers/gpio/gpio-ml-ioh.c | 3 +- drivers/gpio/gpio-pxa.c | 35 ++++++++--- drivers/gpio/gpio-tegra.c | 2 +- drivers/gpu/drm/amd/display/dc/dce/dce_dmcu.c | 38 ++++++----- drivers/gpu/drm/amd/display/dc/inc/hw/dmcu.h | 2 +- drivers/gpu/ipu-v3/ipu-common.c | 2 + drivers/hid/hid-ids.h | 1 + drivers/hid/hid-input.c | 5 +- drivers/hid/hid-multitouch.c | 19 +++++- drivers/hid/i2c-hid/i2c-hid.c | 2 + drivers/hv/hv.c | 14 +++-- drivers/i2c/busses/i2c-aspeed.c | 2 +- drivers/i2c/busses/i2c-i801.c | 7 ++- drivers/i2c/busses/i2c-xiic.c | 4 ++ drivers/infiniband/core/cma.c | 13 +++- drivers/infiniband/hw/hns/hns_roce_hem.c | 3 + drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 12 ++-- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 6 +- drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 1 + drivers/input/touchscreen/atmel_mxt_ts.c | 7 ++- drivers/iommu/arm-smmu-v3.c | 22 +++++-- drivers/iommu/ipmmu-vmsa.c | 9 ++- drivers/macintosh/via-pmu.c | 9 +-- drivers/md/dm-cache-target.c | 19 ++++-- drivers/md/raid5.c | 6 ++ drivers/media/dvb-frontends/helene.c | 5 +- drivers/media/platform/davinci/vpif_display.c | 24 ++++--- .../media/platform/qcom/camss-8x16/camss-csid.c | 16 +++-- drivers/media/platform/rcar-vin/rcar-csi2.c | 20 ++++-- drivers/media/platform/s5p-mfc/s5p_mfc.c | 23 +++---- drivers/media/usb/dvb-usb/dw2102.c | 19 ++++-- drivers/media/usb/em28xx/em28xx-cards.c | 4 +- drivers/media/usb/em28xx/em28xx-core.c | 4 +- drivers/media/usb/em28xx/em28xx-dvb.c | 4 +- drivers/memory/ti-aemif.c | 2 +- drivers/mfd/rave-sp.c | 7 +++ drivers/mfd/ti_am335x_tscadc.c | 3 +- drivers/misc/mic/scif/scif_api.c | 20 +++--- drivers/misc/ti-st/st_kim.c | 4 +- drivers/mtd/nand/raw/nand_base.c | 44 ++++++------- drivers/net/ethernet/marvell/mvneta.c | 1 - drivers/net/phy/mdio-mux-bcm-iproc.c | 20 ++++-- drivers/net/wireless/ath/ath10k/mac.c | 7 +++ drivers/net/wireless/ath/ath10k/wmi-tlv.c | 5 ++ drivers/net/wireless/ath/ath10k/wmi-tlv.h | 5 ++ drivers/net/wireless/ath/ath9k/hw.c | 7 ++- drivers/net/wireless/ath/ath9k/xmit.c | 3 +- drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 4 ++ drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 24 +++---- drivers/net/wireless/ti/wlcore/rx.c | 8 ++- drivers/pci/controller/pcie-mobiveil.c | 4 +- drivers/pci/switch/switchtec.c | 4 ++ drivers/pinctrl/berlin/berlin.c | 14 +++-- drivers/pinctrl/freescale/pinctrl-imx.c | 2 +- drivers/pinctrl/pinctrl-amd.c | 3 +- drivers/regulator/tps65217-regulator.c | 2 + drivers/rpmsg/rpmsg_core.c | 7 +++ drivers/scsi/3w-9xxx.c | 6 +- drivers/scsi/3w-sas.c | 3 + drivers/scsi/3w-xxxx.c | 2 + drivers/scsi/lpfc/lpfc.h | 2 +- drivers/scsi/lpfc/lpfc_nvme.c | 22 ++++--- drivers/scsi/qla2xxx/qla_init.c | 9 ++- drivers/scsi/qla2xxx/qla_target.c | 3 +- drivers/scsi/qla2xxx/qla_tmpl.c | 9 +++ drivers/target/target_core_transport.c | 5 +- drivers/target/target_core_user.c | 73 ++++++++++++---------- drivers/thermal/rcar_thermal.c | 2 +- drivers/thermal/thermal_hwmon.c | 1 + drivers/tty/rocket.c | 2 +- drivers/uio/uio.c | 19 +++--- fs/autofs/autofs_i.h | 4 +- fs/autofs/inode.c | 1 - fs/btrfs/extent-tree.c | 17 +++-- fs/btrfs/ioctl.c | 19 ++++++ fs/cifs/connect.c | 2 +- fs/cifs/inode.c | 2 + fs/cifs/smb2ops.c | 35 ++++++++--- fs/cifs/smb2pdu.c | 3 + fs/f2fs/f2fs.h | 15 +++-- fs/f2fs/file.c | 2 +- fs/f2fs/gc.c | 8 ++- fs/f2fs/inline.c | 22 +++++++ fs/f2fs/inode.c | 19 ++++-- fs/f2fs/node.c | 46 ++++++++++---- fs/f2fs/recovery.c | 4 +- fs/f2fs/segment.c | 20 +++++- fs/f2fs/segment.h | 3 + fs/f2fs/super.c | 25 ++++++-- fs/f2fs/sysfs.c | 16 +++-- fs/nfs/callback_proc.c | 4 +- fs/nfs/callback_xdr.c | 11 +++- fs/nfs/nfs4client.c | 6 +- include/linux/hid.h | 1 + include/linux/mm_types.h | 2 +- include/linux/mm_types_task.h | 2 +- include/linux/mtd/rawnand.h | 16 ++--- include/linux/vm_event_item.h | 1 - include/linux/vmacache.h | 5 -- include/uapi/linux/ethtool.h | 4 +- kernel/cpu.c | 11 ++-- kernel/time/clocksource.c | 40 +++++++++--- kernel/time/timer.c | 29 +++++---- mm/debug.c | 4 +- mm/memory_hotplug.c | 3 +- mm/page_alloc.c | 4 ++ mm/vmacache.c | 38 ----------- net/bluetooth/hidp/core.c | 2 +- net/dcb/dcbnl.c | 11 ++-- net/mac80211/rx.c | 1 + sound/pci/hda/hda_codec.c | 3 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/soc-pcm.c | 5 ++ tools/perf/Makefile.config | 4 +- tools/perf/builtin-c2c.c | 3 + tools/perf/perf.h | 2 + tools/perf/util/evsel.c | 14 +++++ tools/testing/nvdimm/pmem-dax.c | 12 ++-- tools/testing/selftests/bpf/test_verifier.c | 6 +- .../tc-testing/tc-tests/actions/connmark.json | 24 +++---- .../tc-testing/tc-tests/actions/mirred.json | 3 +- virt/kvm/arm/mmu.c | 9 ++- 170 files changed, 1167 insertions(+), 580 deletions(-)

6 years, 9 months

3
162
0 0

patch "serial: 8250: Fix clearing FIFOs in RS485 mode again" added to tty-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: 8250: Fix clearing FIFOs in RS485 mode again to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From f6aa5beb45be27968a4df90176ca36dfc4363d37 Mon Sep 17 00:00:00 2001 From: Marek Vasut <marex(a)denx.de> Date: Mon, 3 Sep 2018 02:44:52 +0200 Subject: serial: 8250: Fix clearing FIFOs in RS485 mode again The 8250 FIFOs indeed need to be cleared after stopping transmission in RS485 mode without SER_RS485_RX_DURING_TX flag set. But there are two problems with the approach taken by the previous patch from Fixes tag. First, serial8250_clear_fifos() should clear fifos, but what it really does is it enables the FIFOs unconditionally if present, clears them and then sets the FCR register to zero, which effectively disables the FIFOs. In case the FIFO is disabled, enabling it and clearing it makes no sense and in fact can trigger misbehavior of the 8250 core. Moreover, the FCR register may contain other FIFO configuration bits which may not be writable unconditionally and writing them incorrectly can trigger misbehavior of the 8250 core too. (ie. AM335x UART swallows the first byte and retransmits the last byte twice because of this FCR write). Second, serial8250_clear_and_reinit_fifos() completely reloads the FCR, but what really has to happen at the end of the RS485 transmission is clearing of the FIFOs and nothing else. This patch repairs serial8250_clear_fifos() so that it really only clears the FIFOs by operating on FCR[2:1] bits and leaves all the other bits alone. It also undoes serial8250_clear_and_reinit_fifos() from __do_stop_tx_rs485() as serial8250_clear_fifos() is sufficient. Signed-off-by: Marek Vasut <marex(a)denx.de> Fixes: 2bed8a8e7072 ("Clearing FIFOs in RS485 emulation mode causes subsequent transmits to break") Cc: Daniel Jedrychowski <avistel(a)gmail.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: stable <stable(a)vger.kernel.org> # let it bake a bit before merging Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/8250/8250_port.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c index 3f779d25ec0c..f776b3eafb96 100644 --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -552,11 +552,30 @@ static unsigned int serial_icr_read(struct uart_8250_port *up, int offset) */ static void serial8250_clear_fifos(struct uart_8250_port *p) { + unsigned char fcr; + unsigned char clr_mask = UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT; + if (p->capabilities & UART_CAP_FIFO) { - serial_out(p, UART_FCR, UART_FCR_ENABLE_FIFO); - serial_out(p, UART_FCR, UART_FCR_ENABLE_FIFO | - UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT); - serial_out(p, UART_FCR, 0); + /* + * Make sure to avoid changing FCR[7:3] and ENABLE_FIFO bits. + * In case ENABLE_FIFO is not set, there is nothing to flush + * so just return. Furthermore, on certain implementations of + * the 8250 core, the FCR[7:3] bits may only be changed under + * specific conditions and changing them if those conditions + * are not met can have nasty side effects. One such core is + * the 8250-omap present in TI AM335x. + */ + fcr = serial_in(p, UART_FCR); + + /* FIFO is not enabled, there's nothing to clear. */ + if (!(fcr & UART_FCR_ENABLE_FIFO)) + return; + + fcr |= clr_mask; + serial_out(p, UART_FCR, fcr); + + fcr &= ~clr_mask; + serial_out(p, UART_FCR, fcr); } } @@ -1448,7 +1467,7 @@ static void __do_stop_tx_rs485(struct uart_8250_port *p) * Enable previously disabled RX interrupts. */ if (!(p->port.rs485.flags & SER_RS485_RX_DURING_TX)) { - serial8250_clear_and_reinit_fifos(p); + serial8250_clear_fifos(p); p->ier |= UART_IER_RLSI | UART_IER_RDI; serial_port_out(&p->port, UART_IER, p->ier); -- 2.19.0

6 years, 9 months

1
0
0 0

[PATCH 4.4 00/56] 4.4.157-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.157 release. There are 56 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Sep 19 21:38:11 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.157-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.157-rc1 Linus Torvalds <torvalds(a)linux-foundation.org> mm: get rid of vmacache_flush_all() entirely Andi Kleen <ak(a)linux.intel.com> x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ Ian Kent <raven(a)themaw.net> autofs: fix autofs_sbi() does not check super block type Wei Yongjun <weiyongjun1(a)huawei.com> mtd: ubi: wl: Fix error return code in ubi_wl_init() Ondrej Mosnacek <omosnace(a)redhat.com> crypto: vmx - Fix sleep-in-atomic bugs Peter Chen <peter.chen(a)nxp.com> ethernet: ti: davinci_emac: add missing of_node_put after calling of_parse_phandle Johan Hovold <johan(a)kernel.org> net: ethernet: ti: cpsw: fix mdio device reference leak David Rivshin <drivshin(a)allworx.com> drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac config Eric Dumazet <edumazet(a)google.com> netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user Nadav Amit <namit(a)vmware.com> vmw_balloon: include asm/io.h Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix use-after-free in xhci_free_virt_device Parav Pandit <parav(a)mellanox.com> RDMA/cma: Do not ignore net namespace for unbound cm_id Paul Burton <paul.burton(a)imgtec.com> MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Chao Yu <yuchao0(a)huawei.com> f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize Zumeng Chen <zumeng.chen(a)gmail.com> mfd: ti_am335x_tscadc: Fix struct clk memory leak Geert Uytterhoeven <geert+renesas(a)glider.be> iommu/ipmmu-vmsa: Fix allocation in atomic context Mauricio Faria de Oliveira <mfo(a)canonical.com> partitions/aix: fix usage of uninitialized lv_info and lvname structures Mauricio Faria de Oliveira <mfo(a)canonical.com> partitions/aix: append null character to print data from disk Nick Dyer <nick.dyer(a)itdev.co.uk> Input: atmel_mxt_ts - only use first T9 instance Petr Machata <petrm(a)mellanox.com> net: dcb: For wild-card lookups, use priority -1, not 0 Nicholas Mc Guire <hofrat(a)osadl.org> MIPS: Octeon: add missing of_node_put() Yelena Krivosheev <yelena(a)marvell.com> net: mvneta: fix mtu change on port without link Anton Vasilyev <vasilyev(a)ispras.ru> gpio: ml-ioh: Fix buffer underwrite on probe error path Joerg Roedel <jroedel(a)suse.de> x86/mm: Remove in_nmi() warning from vmalloc_fault() Marcel Holtmann <marcel(a)holtmann.org> Bluetooth: hidp: Fix handling of strncpy for hid->name information Surabhi Vishnoi <svishnoi(a)codeaurora.org> ath10k: disable bundle mgmt tx completion event support Anton Vasilyev <vasilyev(a)ispras.ru> scsi: 3ware: fix return 0 on the error path of probe Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> ata: libahci: Correct setting of DEVSLP register Paul Burton <paul.burton(a)mips.com> MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath10k: prevent active scans on potential unusable channels Finn Thain <fthain(a)telegraphics.com.au> macintosh/via-pmu: Add missing mmio accessors Olga Kornievskaia <kolga(a)netapp.com> NFSv4.0 fix client reference leak in callback Christophe Leroy <christophe.leroy(a)c-s.fr> perf tools: Allow overriding MAX_NR_CPUS at compile time Yunlong Song <yunlong.song(a)huawei.com> f2fs: do not set free of current section Anton Vasilyev <vasilyev(a)ispras.ru> tty: rocket: Fix possible buffer overwrite on register_PCI Dan Carpenter <dan.carpenter(a)oracle.com> uio: potential double frees if __uio_register_device() fails Anton Vasilyev <vasilyev(a)ispras.ru> misc: ti-st: Fix memory leak in the error path of probe() BingJing Chang <bingjingc(a)synology.com> md/raid5: fix data corruption of replacements after originals dropped Mike Christie <mchristi(a)redhat.com> scsi: target: fix __transport_register_session locking Dmitry Osipenko <digetx(a)gmail.com> gpio: tegra: Move driver registration to subsys_init level Johan Hedberg <johan.hedberg(a)intel.com> Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV Florian Fainelli <f.fainelli(a)gmail.com> ethtool: Remove trailing semicolon for static inline Dan Carpenter <dan.carpenter(a)oracle.com> misc: mic: SCIF Fix scif_get_new_port() error handling Alexey Brodkin <abrodkin(a)synopsys.com> ARC: [plat-axs*]: Enable SWAP Prateek Sood <prsood(a)codeaurora.org> locking/osq_lock: Fix osq_lock queue corruption Michal Hocko <mhocko(a)kernel.org> selinux: use GFP_NOWAIT in the AVC kmem_caches Prateek Sood <prsood(a)codeaurora.org> locking/rwsem-xadd: Fix missed wakeup due to reordering of load Tejun Heo <tj(a)kernel.org> block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg Daniel Micay <danielmicay(a)gmail.com> staging/rts5208: Fix read overflow in memcpy Jia-Ju Bai <baijiaju1990(a)163.com> staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page Vegard Nossum <vegard.nossum(a)oracle.com> kthread: fix boot hang (regression) on MIPS/OpenRISC Vegard Nossum <vegard.nossum(a)oracle.com> kthread: Fix use-after-free if kthread fork fails Ritesh Harjani <riteshh(a)codeaurora.org> cfq: Give a chance for arming slice idle timer in case of group_idle Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Fix cancel_work_sync() stall from jackpoll work Felipe Balbi <felipe.balbi(a)linux.intel.com> i2c: i801: fix DNV's SMBCTRL register offset Shubhrajyoti Datta <shubhrajyoti.datta(a)xilinx.com> i2c: xiic: Make the start and the byte count write atomic ------------- Diffstat: Makefile | 4 +-- arch/arc/configs/axs101_defconfig | 1 - arch/arc/configs/axs103_defconfig | 1 - arch/arc/configs/axs103_smp_defconfig | 1 - arch/mips/cavium-octeon/octeon-platform.c | 2 ++ arch/mips/include/asm/io.h | 8 +++--- arch/mips/kernel/process.c | 1 - arch/mips/mm/c-r4k.c | 6 ++-- arch/openrisc/kernel/process.c | 2 -- arch/x86/include/asm/processor.h | 4 ++- arch/x86/kernel/cpu/bugs.c | 47 +++++++++++++++++++++++++++---- arch/x86/kernel/cpu/common.c | 2 ++ arch/x86/mm/fault.c | 2 -- block/blk-cgroup.c | 9 +++--- block/cfq-iosched.c | 6 ++-- block/partitions/aix.c | 13 ++++++--- drivers/ata/libahci.c | 2 ++ drivers/bluetooth/Kconfig | 1 + drivers/crypto/vmx/aes_cbc.c | 30 +++++++++----------- drivers/gpio/gpio-ml-ioh.c | 3 +- drivers/gpio/gpio-tegra.c | 2 +- drivers/i2c/busses/i2c-i801.c | 7 ++++- drivers/i2c/busses/i2c-xiic.c | 4 +++ drivers/infiniband/core/cma.c | 13 +++++++-- drivers/input/touchscreen/atmel_mxt_ts.c | 7 +++-- drivers/iommu/ipmmu-vmsa.c | 9 +++--- drivers/macintosh/via-pmu.c | 9 +++--- drivers/md/raid5.c | 6 ++++ drivers/mfd/ti_am335x_tscadc.c | 3 +- drivers/misc/mic/scif/scif_api.c | 20 ++++++------- drivers/misc/ti-st/st_kim.c | 4 +-- drivers/misc/vmw_balloon.c | 1 + drivers/mtd/ubi/wl.c | 8 ++++-- drivers/net/ethernet/marvell/mvneta.c | 1 - drivers/net/ethernet/ti/cpsw.c | 14 ++++----- drivers/net/ethernet/ti/cpsw.h | 1 + drivers/net/ethernet/ti/davinci_emac.c | 1 + drivers/net/wireless/ath/ath10k/mac.c | 7 +++++ drivers/net/wireless/ath/ath10k/wmi-tlv.c | 5 ++++ drivers/net/wireless/ath/ath10k/wmi-tlv.h | 5 ++++ drivers/scsi/3w-9xxx.c | 6 +++- drivers/scsi/3w-sas.c | 3 ++ drivers/scsi/3w-xxxx.c | 2 ++ drivers/staging/rts5208/rtsx_scsi.c | 2 +- drivers/staging/rts5208/xd.c | 2 +- drivers/target/target_core_transport.c | 5 ++-- drivers/tty/rocket.c | 2 +- drivers/uio/uio.c | 3 +- drivers/usb/host/xhci.c | 3 ++ fs/autofs4/autofs_i.h | 4 ++- fs/autofs4/inode.c | 1 - fs/f2fs/segment.h | 3 ++ fs/f2fs/super.c | 21 ++++++++++++-- fs/nfs/callback_xdr.c | 11 ++++++-- include/linux/mm_types.h | 2 +- include/linux/sched.h | 2 +- include/linux/vm_event_item.h | 1 - include/linux/vmacache.h | 5 ---- include/uapi/linux/ethtool.h | 4 +-- kernel/fork.c | 17 +++++++---- kernel/locking/osq_lock.c | 13 +++++++++ kernel/locking/rwsem-xadd.c | 27 ++++++++++++++++++ mm/debug.c | 4 +-- mm/vmacache.c | 38 ------------------------- net/bluetooth/hidp/core.c | 2 +- net/dcb/dcbnl.c | 11 +++++--- net/netfilter/x_tables.c | 4 +-- security/selinux/avc.c | 14 ++++----- sound/pci/hda/hda_codec.c | 3 +- tools/perf/perf.h | 2 ++ 70 files changed, 312 insertions(+), 177 deletions(-)

6 years, 9 months

4
59
0 0

[PATCH 4.9 00/70] 4.9.128-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.128 release. There are 70 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Sep 19 21:16:09 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.128-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.128-rc1 Linus Torvalds <torvalds(a)linux-foundation.org> mm: get rid of vmacache_flush_all() entirely Ian Kent <raven(a)themaw.net> autofs: fix autofs_sbi() does not check super block type Wei Yongjun <weiyongjun1(a)huawei.com> mtd: ubi: wl: Fix error return code in ubi_wl_init() Eric Dumazet <edumazet(a)google.com> netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix use-after-free in xhci_free_virt_device Parav Pandit <parav(a)mellanox.com> RDMA/cma: Do not ignore net namespace for unbound cm_id Paul Burton <paul.burton(a)imgtec.com> MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.1: Fix a potential layoutget/layoutrecall deadlock Chao Yu <yuchao0(a)huawei.com> f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize Zumeng Chen <zumeng.chen(a)gmail.com> mfd: ti_am335x_tscadc: Fix struct clk memory leak Geert Uytterhoeven <geert+renesas(a)glider.be> iommu/ipmmu-vmsa: Fix allocation in atomic context Dan Carpenter <dan.carpenter(a)oracle.com> f2fs: Fix uninitialized return in f2fs_ioc_shutdown() Katsuhiro Suzuki <suzuki.katsuhiro(a)socionext.com> media: helene: fix xtal frequency setting at power on Mauricio Faria de Oliveira <mfo(a)canonical.com> partitions/aix: fix usage of uninitialized lv_info and lvname structures Mauricio Faria de Oliveira <mfo(a)canonical.com> partitions/aix: append null character to print data from disk Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions Nick Dyer <nick.dyer(a)itdev.co.uk> Input: atmel_mxt_ts - only use first T9 instance Petr Machata <petrm(a)mellanox.com> net: dcb: For wild-card lookups, use priority -1, not 0 Nicholas Mc Guire <hofrat(a)osadl.org> MIPS: generic: fix missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> MIPS: Octeon: add missing of_node_put() Chao Yu <yuchao0(a)huawei.com> f2fs: fix to do sanity check with reserved blkaddr of inline inode Peter Rosin <peda(a)axentia.se> tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Linus Walleij <linus.walleij(a)linaro.org> tpm_tis_spi: Pass the SPI IRQ down to the driver Chao Yu <yuchao0(a)huawei.com> f2fs: fix to skip GC if type in SSA and SIT is inconsistent Chao Yu <yuchao0(a)huawei.com> f2fs: try grabbing node page lock aggressively in sync scenario Yelena Krivosheev <yelena(a)marvell.com> net: mvneta: fix mtu change on port without link Anton Vasilyev <vasilyev(a)ispras.ru> gpio: ml-ioh: Fix buffer underwrite on probe error path Joerg Roedel <jroedel(a)suse.de> x86/mm: Remove in_nmi() warning from vmalloc_fault() Marcel Holtmann <marcel(a)holtmann.org> Bluetooth: hidp: Fix handling of strncpy for hid->name information Surabhi Vishnoi <svishnoi(a)codeaurora.org> ath10k: disable bundle mgmt tx completion event support Anton Vasilyev <vasilyev(a)ispras.ru> scsi: 3ware: fix return 0 on the error path of probe Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> ata: libahci: Correct setting of DEVSLP register Paul Burton <paul.burton(a)mips.com> MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET Loic Poulain <loic.poulain(a)linaro.org> wlcore: Set rx_status boottime_ns field on rx Sven Eckelmann <sven.eckelmann(a)openmesh.com> ath10k: prevent active scans on potential unusable channels Felix Fietkau <nbd(a)nbd.name> ath9k_hw: fix channel maximum power level test Felix Fietkau <nbd(a)nbd.name> ath9k: report tx status on EOSP Finn Thain <fthain(a)telegraphics.com.au> macintosh/via-pmu: Add missing mmio accessors Olga Kornievskaia <kolga(a)netapp.com> NFSv4.0 fix client reference leak in callback Christophe Leroy <christophe.leroy(a)c-s.fr> perf tools: Allow overriding MAX_NR_CPUS at compile time Yunlong Song <yunlong.song(a)huawei.com> f2fs: do not set free of current section Anton Vasilyev <vasilyev(a)ispras.ru> tty: rocket: Fix possible buffer overwrite on register_PCI Dan Carpenter <dan.carpenter(a)oracle.com> uio: potential double frees if __uio_register_device() fails Anton Vasilyev <vasilyev(a)ispras.ru> misc: ti-st: Fix memory leak in the error path of probe() Gaurav Kohli <gkohli(a)codeaurora.org> timers: Clear timer_base::must_forward_clk with timer_base::lock held BingJing Chang <bingjingc(a)synology.com> md/raid5: fix data corruption of replacements after originals dropped Mike Christie <mchristi(a)redhat.com> scsi: target: fix __transport_register_session locking Arun Parameswaran <arun.parameswaran(a)broadcom.com> net: phy: Fix the register offsets in Broadcom iProc mdio mux driver Dmitry Osipenko <digetx(a)gmail.com> gpio: tegra: Move driver registration to subsys_init level Johan Hedberg <johan.hedberg(a)intel.com> Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV Florian Fainelli <f.fainelli(a)gmail.com> ethtool: Remove trailing semicolon for static inline Dan Carpenter <dan.carpenter(a)oracle.com> misc: mic: SCIF Fix scif_get_new_port() error handling Alexey Brodkin <abrodkin(a)synopsys.com> ARC: [plat-axs*]: Enable SWAP Johannes Weiner <hannes(a)cmpxchg.org> mm: remove seemingly spurious reclaimability check from laptop_mode gating Mel Gorman <mgorman(a)suse.de> mm, vmscan: clear PGDAT_WRITEBACK when zone is balanced Prateek Sood <prsood(a)codeaurora.org> locking/osq_lock: Fix osq_lock queue corruption Michal Hocko <mhocko(a)kernel.org> selinux: use GFP_NOWAIT in the AVC kmem_caches Prateek Sood <prsood(a)codeaurora.org> locking/rwsem-xadd: Fix missed wakeup due to reordering of load Johannes Berg <johannes.berg(a)intel.com> nl80211: fix null-ptr dereference on invalid mesh configuration Tejun Heo <tj(a)kernel.org> block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg Kees Cook <keescook(a)chromium.org> IB/rxe: do not copy extra stack memory to skb Daniel Micay <danielmicay(a)gmail.com> staging/rts5208: Fix read overflow in memcpy Jia-Ju Bai <baijiaju1990(a)163.com> staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page Vegard Nossum <vegard.nossum(a)oracle.com> kthread: fix boot hang (regression) on MIPS/OpenRISC Vegard Nossum <vegard.nossum(a)oracle.com> kthread: Fix use-after-free if kthread fork fails Ritesh Harjani <riteshh(a)codeaurora.org> cfq: Give a chance for arming slice idle timer in case of group_idle Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Fix cancel_work_sync() stall from jackpoll work Pierre Morel <pmorel(a)linux.ibm.com> KVM: s390: vsie: copy wrapping keys to right place Felipe Balbi <felipe.balbi(a)linux.intel.com> i2c: i801: fix DNV's SMBCTRL register offset Shubhrajyoti Datta <shubhrajyoti.datta(a)xilinx.com> i2c: xiic: Make the start and the byte count write atomic ------------- Diffstat: Makefile | 4 ++-- arch/arc/configs/axs101_defconfig | 1 - arch/arc/configs/axs103_defconfig | 1 - arch/arc/configs/axs103_smp_defconfig | 1 - arch/mips/cavium-octeon/octeon-platform.c | 2 ++ arch/mips/generic/init.c | 1 + arch/mips/include/asm/io.h | 8 +++---- arch/mips/kernel/process.c | 1 - arch/mips/mm/c-r4k.c | 6 +++-- arch/openrisc/kernel/process.c | 2 -- arch/s390/kvm/vsie.c | 3 ++- arch/x86/mm/fault.c | 2 -- block/blk-cgroup.c | 9 ++++---- block/cfq-iosched.c | 6 +++-- block/partitions/aix.c | 13 +++++++---- drivers/ata/libahci.c | 2 ++ drivers/bluetooth/Kconfig | 1 + drivers/char/tpm/tpm_i2c_infineon.c | 8 +++---- drivers/char/tpm/tpm_tis_spi.c | 9 +++++++- drivers/gpio/gpio-ml-ioh.c | 3 ++- drivers/gpio/gpio-tegra.c | 2 +- drivers/i2c/busses/i2c-i801.c | 7 +++++- drivers/i2c/busses/i2c-xiic.c | 4 ++++ drivers/infiniband/core/cma.c | 13 ++++++++--- drivers/infiniband/sw/rxe/rxe_resp.c | 4 +++- drivers/input/touchscreen/atmel_mxt_ts.c | 7 +++--- drivers/iommu/ipmmu-vmsa.c | 9 ++++---- drivers/macintosh/via-pmu.c | 9 ++++---- drivers/md/raid5.c | 6 +++++ drivers/media/dvb-frontends/helene.c | 5 +++- drivers/media/platform/s5p-mfc/s5p_mfc.c | 23 ++++++++++--------- drivers/mfd/ti_am335x_tscadc.c | 3 +-- drivers/misc/mic/scif/scif_api.c | 20 ++++++++-------- drivers/misc/ti-st/st_kim.c | 4 ++-- drivers/mtd/ubi/wl.c | 8 +++++-- drivers/net/ethernet/marvell/mvneta.c | 1 - drivers/net/phy/mdio-mux-bcm-iproc.c | 20 ++++++++++++---- drivers/net/wireless/ath/ath10k/mac.c | 7 ++++++ drivers/net/wireless/ath/ath10k/wmi-tlv.c | 5 ++++ drivers/net/wireless/ath/ath10k/wmi-tlv.h | 5 ++++ drivers/net/wireless/ath/ath9k/hw.c | 7 ++++-- drivers/net/wireless/ath/ath9k/xmit.c | 3 ++- drivers/net/wireless/ti/wlcore/rx.c | 8 +++++-- drivers/scsi/3w-9xxx.c | 6 ++++- drivers/scsi/3w-sas.c | 3 +++ drivers/scsi/3w-xxxx.c | 2 ++ drivers/staging/rts5208/rtsx_scsi.c | 2 +- drivers/staging/rts5208/xd.c | 2 +- drivers/target/target_core_transport.c | 5 ++-- drivers/tty/rocket.c | 2 +- drivers/uio/uio.c | 3 +-- drivers/usb/host/xhci.c | 3 +++ fs/autofs4/autofs_i.h | 4 +++- fs/autofs4/inode.c | 1 - fs/f2fs/file.c | 2 +- fs/f2fs/gc.c | 8 ++++++- fs/f2fs/inline.c | 21 +++++++++++++++++ fs/f2fs/node.c | 4 +++- fs/f2fs/segment.h | 3 +++ fs/f2fs/super.c | 21 +++++++++++++++-- fs/nfs/callback_proc.c | 4 ++-- fs/nfs/callback_xdr.c | 11 ++++++--- include/linux/mm_types.h | 2 +- include/linux/sched.h | 2 +- include/linux/vm_event_item.h | 1 - include/linux/vmacache.h | 5 ---- include/uapi/linux/ethtool.h | 4 ++-- kernel/fork.c | 17 ++++++++++---- kernel/locking/osq_lock.c | 13 +++++++++++ kernel/locking/rwsem-xadd.c | 27 ++++++++++++++++++++++ kernel/time/timer.c | 29 ++++++++++++----------- mm/debug.c | 4 ++-- mm/vmacache.c | 38 ------------------------------- mm/vmscan.c | 3 ++- net/bluetooth/hidp/core.c | 2 +- net/dcb/dcbnl.c | 11 +++++---- net/netfilter/x_tables.c | 4 ++-- net/wireless/nl80211.c | 3 +++ security/selinux/avc.c | 14 +++++------- sound/pci/hda/hda_codec.c | 3 ++- tools/perf/perf.h | 2 ++ 81 files changed, 358 insertions(+), 196 deletions(-)

6 years, 9 months

4
73
0 0

[PATCH 1/4] ovl: fix memory leak on unlink of indexed file

by Amir Goldstein

Fixes: caf70cb2ba5d ("ovl: cleanup orphan index entries") Cc: <stable(a)vger.kernel.org> # v4.13 Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> --- fs/overlayfs/util.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 8cfb62cc8672..ace4fe4c39a9 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -683,7 +683,7 @@ static void ovl_cleanup_index(struct dentry *dentry) struct dentry *upperdentry = ovl_dentry_upper(dentry); struct dentry *index = NULL; struct inode *inode; - struct qstr name; + struct qstr name = { }; int err; err = ovl_get_index_name(lowerdentry, &name); @@ -726,6 +726,7 @@ static void ovl_cleanup_index(struct dentry *dentry) goto fail; out: + kfree(name.name); dput(index); return; -- 2.17.1

6 years, 9 months

2
2
0 0

patch "serial: cpm_uart: return immediately from console poll" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: cpm_uart: return immediately from console poll to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From be28c1e3ca29887e207f0cbcd294cefe5074bab6 Mon Sep 17 00:00:00 2001 From: Christophe Leroy <christophe.leroy(a)c-s.fr> Date: Fri, 14 Sep 2018 10:32:50 +0000 Subject: serial: cpm_uart: return immediately from console poll kgdb expects poll function to return immediately and returning NO_POLL_CHAR when no character is available. Fixes: f5316b4aea024 ("kgdb,8250,pl011: Return immediately from console poll") Cc: Jason Wessel <jason.wessel(a)windriver.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/tty/serial/cpm_uart/cpm_uart_core.c b/drivers/tty/serial/cpm_uart/cpm_uart_core.c index 24a5f05e769b..e5389591bb4f 100644 --- a/drivers/tty/serial/cpm_uart/cpm_uart_core.c +++ b/drivers/tty/serial/cpm_uart/cpm_uart_core.c @@ -1054,8 +1054,8 @@ static int poll_wait_key(char *obuf, struct uart_cpm_port *pinfo) /* Get the address of the host memory buffer. */ bdp = pinfo->rx_cur; - while (bdp->cbd_sc & BD_SC_EMPTY) - ; + if (bdp->cbd_sc & BD_SC_EMPTY) + return NO_POLL_CHAR; /* If the buffer address is in the CPM DPRAM, don't * convert it. @@ -1090,7 +1090,11 @@ static int cpm_get_poll_char(struct uart_port *port) poll_chars = 0; } if (poll_chars <= 0) { - poll_chars = poll_wait_key(poll_buf, pinfo); + int ret = poll_wait_key(poll_buf, pinfo); + + if (ret == NO_POLL_CHAR) + return ret; + poll_chars = ret; pollp = poll_buf; } poll_chars--; -- 2.19.0

6 years, 9 months

1
0
0 0

patch "serial: mvebu-uart: Fix reporting of effective CSIZE to userspace" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: mvebu-uart: Fix reporting of effective CSIZE to userspace to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From e0bf2d4982fe7d9ddaf550dd023803ea286f47fc Mon Sep 17 00:00:00 2001 From: Jan Kiszka <jan.kiszka(a)siemens.com> Date: Sun, 26 Aug 2018 19:49:32 +0200 Subject: serial: mvebu-uart: Fix reporting of effective CSIZE to userspace Apparently, this driver (or the hardware) does not support character length settings. It's apparently running in 8-bit mode, but it makes userspace believe it's in 5-bit mode. That makes tcsetattr with CS8 incorrectly fail, breaking e.g. getty from busybox, thus the login shell on ttyMVx. Fix by hard-wiring CS8 into c_cflag. Signed-off-by: Jan Kiszka <jan.kiszka(a)siemens.com> Fixes: 30530791a7a0 ("serial: mvebu-uart: initial support for Armada-3700 serial port") Cc: stable <stable(a)vger.kernel.org> # 4.6+ Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/mvebu-uart.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/tty/serial/mvebu-uart.c b/drivers/tty/serial/mvebu-uart.c index d04b5eeea3c6..170e446a2f62 100644 --- a/drivers/tty/serial/mvebu-uart.c +++ b/drivers/tty/serial/mvebu-uart.c @@ -511,6 +511,7 @@ static void mvebu_uart_set_termios(struct uart_port *port, termios->c_iflag |= old->c_iflag & ~(INPCK | IGNPAR); termios->c_cflag &= CREAD | CBAUD; termios->c_cflag |= old->c_cflag & ~(CREAD | CBAUD); + termios->c_cflag |= CS8; } spin_unlock_irqrestore(&port->lock, flags); -- 2.19.0

6 years, 9 months

1
0
0 0

patch "serial: 8250: Fix clearing FIFOs in RS485 mode again" added to tty-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: 8250: Fix clearing FIFOs in RS485 mode again to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the tty-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From b268203fc327a8f480ef70b70acace7f4a80f525 Mon Sep 17 00:00:00 2001 From: Marek Vasut <marex(a)denx.de> Date: Mon, 3 Sep 2018 02:44:52 +0200 Subject: serial: 8250: Fix clearing FIFOs in RS485 mode again The 8250 FIFOs indeed need to be cleared after stopping transmission in RS485 mode without SER_RS485_RX_DURING_TX flag set. But there are two problems with the approach taken by the previous patch from Fixes tag. First, serial8250_clear_fifos() should clear fifos, but what it really does is it enables the FIFOs unconditionally if present, clears them and then sets the FCR register to zero, which effectively disables the FIFOs. In case the FIFO is disabled, enabling it and clearing it makes no sense and in fact can trigger misbehavior of the 8250 core. Moreover, the FCR register may contain other FIFO configuration bits which may not be writable unconditionally and writing them incorrectly can trigger misbehavior of the 8250 core too. (ie. AM335x UART swallows the first byte and retransmits the last byte twice because of this FCR write). Second, serial8250_clear_and_reinit_fifos() completely reloads the FCR, but what really has to happen at the end of the RS485 transmission is clearing of the FIFOs and nothing else. This patch repairs serial8250_clear_fifos() so that it really only clears the FIFOs by operating on FCR[2:1] bits and leaves all the other bits alone. It also undoes serial8250_clear_and_reinit_fifos() from __do_stop_tx_rs485() as serial8250_clear_fifos() is sufficient. Signed-off-by: Marek Vasut <marex(a)denx.de> Fixes: 2bed8a8e7072 ("Clearing FIFOs in RS485 emulation mode causes subsequent transmits to break") Cc: Daniel Jedrychowski <avistel(a)gmail.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: stable <stable(a)vger.kernel.org> # let it bake a bit before merging Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/8250/8250_port.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c index 3f779d25ec0c..f776b3eafb96 100644 --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -552,11 +552,30 @@ static unsigned int serial_icr_read(struct uart_8250_port *up, int offset) */ static void serial8250_clear_fifos(struct uart_8250_port *p) { + unsigned char fcr; + unsigned char clr_mask = UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT; + if (p->capabilities & UART_CAP_FIFO) { - serial_out(p, UART_FCR, UART_FCR_ENABLE_FIFO); - serial_out(p, UART_FCR, UART_FCR_ENABLE_FIFO | - UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT); - serial_out(p, UART_FCR, 0); + /* + * Make sure to avoid changing FCR[7:3] and ENABLE_FIFO bits. + * In case ENABLE_FIFO is not set, there is nothing to flush + * so just return. Furthermore, on certain implementations of + * the 8250 core, the FCR[7:3] bits may only be changed under + * specific conditions and changing them if those conditions + * are not met can have nasty side effects. One such core is + * the 8250-omap present in TI AM335x. + */ + fcr = serial_in(p, UART_FCR); + + /* FIFO is not enabled, there's nothing to clear. */ + if (!(fcr & UART_FCR_ENABLE_FIFO)) + return; + + fcr |= clr_mask; + serial_out(p, UART_FCR, fcr); + + fcr &= ~clr_mask; + serial_out(p, UART_FCR, fcr); } } @@ -1448,7 +1467,7 @@ static void __do_stop_tx_rs485(struct uart_8250_port *p) * Enable previously disabled RX interrupts. */ if (!(p->port.rs485.flags & SER_RS485_RX_DURING_TX)) { - serial8250_clear_and_reinit_fifos(p); + serial8250_clear_fifos(p); p->ier |= UART_IER_RLSI | UART_IER_RDI; serial_port_out(&p->port, UART_IER, p->ier); -- 2.19.0

6 years, 9 months

1
0
0 0

[GIT PULL 2/3] intel_th: Fix resource handling for ACPI glue layer

by Alexander Shishkin

The core of the driver expects the resource array from the glue layer to be indexed by even numbers, as is the case for 64-bit PCI resources. This doesn't hold true for others, ACPI in this instance, which leads to an out-of-bounds access and an ioremap() on whatever address that access fetches. This patch fixes the problem by reading resource array differently based on whether the 64-bit flag is set, which would indicate PCI glue layer. Signed-off-by: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> Fixes: ebc57e399b8e ("intel_th: Add ACPI glue layer") CC: stable(a)vger.kernel.org # v4.17+ --- drivers/hwtracing/intel_th/core.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/drivers/hwtracing/intel_th/core.c b/drivers/hwtracing/intel_th/core.c index 4e70ecee2103..fc6b7f8b62fb 100644 --- a/drivers/hwtracing/intel_th/core.c +++ b/drivers/hwtracing/intel_th/core.c @@ -488,7 +488,7 @@ static const struct intel_th_subdevice { .flags = IORESOURCE_MEM, }, { - .start = TH_MMIO_SW, + .start = 1, /* use resource[1] */ .end = 0, .flags = IORESOURCE_MEM, }, @@ -581,6 +581,7 @@ intel_th_subdevice_alloc(struct intel_th *th, struct intel_th_device *thdev; struct resource res[3]; unsigned int req = 0; + bool is64bit = false; int r, err; thdev = intel_th_device_alloc(th, subdev->type, subdev->name, @@ -590,12 +591,18 @@ intel_th_subdevice_alloc(struct intel_th *th, thdev->drvdata = th->drvdata; + for (r = 0; r < th->num_resources; r++) + if (th->resource[r].flags & IORESOURCE_MEM_64) { + is64bit = true; + break; + } + memcpy(res, subdev->res, sizeof(struct resource) * subdev->nres); for (r = 0; r < subdev->nres; r++) { struct resource *devres = th->resource; - int bar = TH_MMIO_CONFIG; + int bar = 0; /* cut subdevices' MMIO from resource[0] */ /* * Take .end == 0 to mean 'take the whole bar', @@ -604,6 +611,8 @@ intel_th_subdevice_alloc(struct intel_th *th, */ if (!res[r].end && res[r].flags == IORESOURCE_MEM) { bar = res[r].start; + if (is64bit) + bar *= 2; res[r].start = 0; res[r].end = resource_size(&devres[bar]) - 1; } -- 2.18.0

6 years, 9 months

1
0
0 0

[GIT PULL 1/3] intel_th: Fix device removal logic

by Alexander Shishkin

Commit a753bfcfdb1f ("intel_th: Make the switch allocate its subdevices") brings in new subdevice addition/removal logic that's broken for "host mode": the SWITCH device has no children to begin with, which is not handled in the code. This results in a null dereference bug later down the path. This patch fixes the subdevice removal code to handle host mode correctly. Signed-off-by: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> Fixes: a753bfcfdb1f ("intel_th: Make the switch allocate its subdevices") CC: stable(a)vger.kernel.org # v4.14+ --- drivers/hwtracing/intel_th/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/hwtracing/intel_th/core.c b/drivers/hwtracing/intel_th/core.c index da962aa2cef5..4e70ecee2103 100644 --- a/drivers/hwtracing/intel_th/core.c +++ b/drivers/hwtracing/intel_th/core.c @@ -139,7 +139,8 @@ static int intel_th_remove(struct device *dev) th->thdev[i] = NULL; } - th->num_thdevs = lowest; + if (lowest >= 0) + th->num_thdevs = lowest; } if (thdrv->attr_group) -- 2.18.0

6 years, 9 months

1
0
0 0

[PATCH v2] mtd: devices: m25p80: Make sure the buffer passed in op is DMA-able

by Boris Brezillon

As documented in spi-mem.h, spi_mem_op->data.buf.{in,out} must be DMA-able, and commit 4120f8d158ef ("mtd: spi-nor: Use the spi_mem_xx() API") failed to follow this rule as buffers passed to ->{read,write}_reg() are usually placed on the stack. Fix that by allocating a scratch buffer and copying the data around. Fixes: 4120f8d158ef ("mtd: spi-nor: Use the spi_mem_xx() API") Reported-by: Jarkko Nikula <jarkko.nikula(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- Note that the ->{read,write}() path is still buggy since nothing guarantees that buffers passed by the MTD layer to the SPI NOR layer are DMA-able, but this is a long-standing issue which we'll have to address at the spi-nor level (this layer can choose the bounce buffer size based on nor->page_size). Changes in v2: - Copy the data from scratchbuf in the ->read_reg() path --- drivers/mtd/devices/m25p80.c | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/drivers/mtd/devices/m25p80.c b/drivers/mtd/devices/m25p80.c index cbfafc453274..270d3c9580c5 100644 --- a/drivers/mtd/devices/m25p80.c +++ b/drivers/mtd/devices/m25p80.c @@ -39,13 +39,23 @@ static int m25p80_read_reg(struct spi_nor *nor, u8 code, u8 *val, int len) struct spi_mem_op op = SPI_MEM_OP(SPI_MEM_OP_CMD(code, 1), SPI_MEM_OP_NO_ADDR, SPI_MEM_OP_NO_DUMMY, - SPI_MEM_OP_DATA_IN(len, val, 1)); + SPI_MEM_OP_DATA_IN(len, NULL, 1)); + void *scratchbuf; int ret; + scratchbuf = kmalloc(len, GFP_KERNEL); + if (!scratchbuf) + return -ENOMEM; + + op.data.buf.in = scratchbuf; ret = spi_mem_exec_op(flash->spimem, &op); if (ret < 0) dev_err(&flash->spimem->spi->dev, "error %d reading %x\n", ret, code); + else + memcpy(val, scratchbuf, len); + + kfree(scratchbuf); return ret; } @@ -56,9 +66,19 @@ static int m25p80_write_reg(struct spi_nor *nor, u8 opcode, u8 *buf, int len) struct spi_mem_op op = SPI_MEM_OP(SPI_MEM_OP_CMD(opcode, 1), SPI_MEM_OP_NO_ADDR, SPI_MEM_OP_NO_DUMMY, - SPI_MEM_OP_DATA_OUT(len, buf, 1)); + SPI_MEM_OP_DATA_OUT(len, NULL, 1)); + void *scratchbuf; + int ret; - return spi_mem_exec_op(flash->spimem, &op); + scratchbuf = kmemdup(buf, len, GFP_KERNEL); + if (!scratchbuf) + return -ENOMEM; + + op.data.buf.out = scratchbuf; + ret = spi_mem_exec_op(flash->spimem, &op); + kfree(scratchbuf); + + return ret; } static ssize_t m25p80_write(struct spi_nor *nor, loff_t to, size_t len, -- 2.14.1

6 years, 9 months

2
2
0 0

[PATCH v2] tpm: Restore functionality to xen vtpm driver.

by Boris Ostrovsky

From: "Dr. Greg Wettstein" <greg(a)wind.enjellic.com> Functionality of the xen-tpmfront driver was lost secondary to the introduction of xenbus multi-page support in commit ccc9d90a9a8b ("xenbus_client: Extend interface to support multi-page ring"). In this commit a pointer to the shared page address was being passed to the xenbus_grant_ring() function rather then the address of the shared page itself. This resulted in a situation where the driver would attach to the vtpm-stubdom but any attempt to send a command to the stub domain would timeout. A diagnostic finding for this regression is the following error message being generated when the xen-tpmfront driver probes for a device: <3>vtpm vtpm-0: tpm_transmit: tpm_send: error -62 <3>vtpm vtpm-0: A TPM error (-62) occurred attempting to determine the timeouts This fix is relevant to all kernels from 4.1 forward which is the release in which multi-page xenbus support was introduced. Daniel De Graaf formulated the fix by code inspection after the regression point was located. Fixes: ccc9d90a9a8b ("xenbus_client: Extend interface to support multi-page ring") Signed-off-by: Dr. Greg Wettstein <greg(a)enjellic.com> [boris: fixed commit message formatting, added Fixes tag] Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: stable(a)vger.kernel.org # v4.1+ --- drivers/char/tpm/xen-tpmfront.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/char/tpm/xen-tpmfront.c b/drivers/char/tpm/xen-tpmfront.c index 911475d36800..b150f87f38f5 100644 --- a/drivers/char/tpm/xen-tpmfront.c +++ b/drivers/char/tpm/xen-tpmfront.c @@ -264,7 +264,7 @@ static int setup_ring(struct xenbus_device *dev, struct tpm_private *priv) return -ENOMEM; } - rv = xenbus_grant_ring(dev, &priv->shr, 1, &gref); + rv = xenbus_grant_ring(dev, priv->shr, 1, &gref); if (rv < 0) return rv; -- 2.17.1

6 years, 9 months

3
5
0 0

[PATCH] drm/atomic: Use drm_drv_uses_atomic_modeset() for debugfs creation

by Lyude Paul

As pointed out by Daniel Vetter, we should be usinng drm_drv_uses_atomic_modeset() for determining whether or not we want to make the debugfs nodes for atomic instead of checking DRIVER_ATOMIC, as the former isn't an accurate representation of whether or not the driver is actually using atomic modesetting internally (even though it might not be exposing atomic capabilities). Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/drm_atomic.c | 2 +- drivers/gpu/drm/drm_debugfs.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_atomic.c b/drivers/gpu/drm/drm_atomic.c index 3eb061e11e2e..018fcdb353d2 100644 --- a/drivers/gpu/drm/drm_atomic.c +++ b/drivers/gpu/drm/drm_atomic.c @@ -2067,7 +2067,7 @@ static void __drm_state_dump(struct drm_device *dev, struct drm_printer *p, struct drm_connector *connector; struct drm_connector_list_iter conn_iter; - if (!drm_core_check_feature(dev, DRIVER_ATOMIC)) + if (!drm_drv_uses_atomic_modeset(dev)) return; list_for_each_entry(plane, &config->plane_list, head) { diff --git a/drivers/gpu/drm/drm_debugfs.c b/drivers/gpu/drm/drm_debugfs.c index 6f28fe58f169..373bd4c2b698 100644 --- a/drivers/gpu/drm/drm_debugfs.c +++ b/drivers/gpu/drm/drm_debugfs.c @@ -151,7 +151,7 @@ int drm_debugfs_init(struct drm_minor *minor, int minor_id, return ret; } - if (drm_core_check_feature(dev, DRIVER_ATOMIC)) { + if (drm_drv_uses_atomic_modeset(dev)) { ret = drm_atomic_debugfs_init(minor); if (ret) { DRM_ERROR("Failed to create atomic debugfs files\n"); -- 2.17.1

6 years, 9 months

3
2
0 0

[PATCH net] net/ipv4: defensive cipso option parsing

by Stefan Nuernberger

commit 40413955ee26 ("Cipso: cipso_v4_optptr enter infinite loop") fixed a possible infinite loop in the IP option parsing of CIPSO. The fix assumes that ip_options_compile filtered out all zero length options and that no other one-byte options beside IPOPT_END and IPOPT_NOOP exist. While this assumption currently holds true, add explicit checks for zero length and invalid length options to be safe for the future. Even though ip_options_compile should have validated the options, the introduction of new one-byte options can still confuse this code without the additional checks. Signed-off-by: Stefan Nuernberger <snu(a)amazon.com> Reviewed-by: David Woodhouse <dwmw(a)amazon.co.uk> Reviewed-by: Simon Veith <sveith(a)amazon.de> Cc: stable(a)vger.kernel.org --- net/ipv4/cipso_ipv4.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c index 82178cc69c96..f291b57b8474 100644 --- a/net/ipv4/cipso_ipv4.c +++ b/net/ipv4/cipso_ipv4.c @@ -1512,7 +1512,7 @@ static int cipso_v4_parsetag_loc(const struct cipso_v4_doi *doi_def, * * Description: * Parse the packet's IP header looking for a CIPSO option. Returns a pointer - * to the start of the CIPSO option on success, NULL if one if not found. + * to the start of the CIPSO option on success, NULL if one is not found. * */ unsigned char *cipso_v4_optptr(const struct sk_buff *skb) @@ -1522,9 +1522,11 @@ unsigned char *cipso_v4_optptr(const struct sk_buff *skb) int optlen; int taglen; - for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 0; ) { + for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 1; ) { switch (optptr[0]) { case IPOPT_CIPSO: + if (!optptr[1] || optptr[1] > optlen) + return NULL; return optptr; case IPOPT_END: return NULL; @@ -1534,6 +1536,10 @@ unsigned char *cipso_v4_optptr(const struct sk_buff *skb) default: taglen = optptr[1]; } + + if (!taglen || taglen > optlen) + break; + optlen -= taglen; optptr += taglen; } -- 2.19.0

6 years, 9 months

4
5
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit a5f9be3576c3f9dd871f68eaf482278c0b3a6df2: Linux 3.18.120 (2018-08-28 07:21:37 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-17092018 for you to fetch changes up to 7058136ea11e4f5b2d0d65f6f6dbb714d2beec42: platform/x86: toshiba_acpi: Fix defined but not used build warnings (2018-09-04 13:44:36 -0400) - ---------------------------------------------------------------- for-greg-3.18-17092018 - ---------------------------------------------------------------- Andreas Gruenbacher (1): gfs2: Special-case rindex for gfs2_grow Anton Vasilyev (1): video: goldfishfb: fix memory leak on driver remove Bob Peterson (1): gfs2: Don't reject a supposedly full bitmap if we have blocks reserved Dan Carpenter (1): fbdev: omapfb: off by one in omapfb_register_client() Felix Fietkau (1): MIPS: ath79: fix system restart Fredrik Noring (1): fbdev: Distinguish between interlaced and progressive modes Julian Wiedmann (2): s390/qeth: fix race in used-buffer accounting s390/qeth: reset layer2 attribute on layer switch Lars-Peter Clausen (1): iio: ad9523: Fix displayed phase Manikanta Pubbisetty (1): mac80211: restrict delayed tailroom needed decrement Nicholas Piggin (1): powerpc/powernv: opal_put_chars partial write fix Randy Dunlap (3): mtd/maps: fix solutionengine.c printk format warnings fbdev/via: fix defined but not used warning platform/x86: toshiba_acpi: Fix defined but not used build warnings Sandipan Das (2): perf powerpc: Fix callchain ip filtering when return address is in a register perf powerpc: Fix callchain ip filtering Takashi Iwai (2): ALSA: msnd: Fix the default sample sizes ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro YueHaibing (1): xfrm: fix 'passing zero to ERR_PTR()' warning arch/mips/ath79/setup.c | 1 + arch/mips/include/asm/mach-ath79/ath79.h | 1 + arch/powerpc/platforms/powernv/opal.c | 2 +- drivers/iio/frequency/ad9523.c | 2 +- drivers/mtd/maps/solutionengine.c | 6 ++-- drivers/platform/x86/toshiba_acpi.c | 3 +- drivers/s390/net/qeth_core_main.c | 3 +- drivers/s390/net/qeth_core_sys.c | 1 + drivers/video/fbdev/core/modedb.c | 41 +++++++++++++++++------ drivers/video/fbdev/goldfishfb.c | 1 + drivers/video/fbdev/omap/omapfb_main.c | 2 +- drivers/video/fbdev/via/viafbdev.c | 3 +- fs/gfs2/bmap.c | 2 +- fs/gfs2/rgrp.c | 3 +- net/mac80211/cfg.c | 2 +- net/mac80211/key.c | 24 ++++++++----- net/xfrm/xfrm_policy.c | 5 ++- sound/isa/msnd/msnd_pinnacle.c | 4 +-- sound/usb/quirks-table.h | 3 +- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 10 ++++-- 20 files changed, 80 insertions(+), 39 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlugPO8ACgkQ3qZv95d3 LNygexAAvz2wzEaH/mDTnQ0085ODaIA6wmr/U7dlzXjoE1vPko4EOg0y8GJPmRD0 DsFkX7fqCLoLT/LQcCMK+KKq5IsPNPDs35tOvCc1T0WofnIE1KVifz4zalmW3upc gT1HjZaza+agnw5QDs9RI0Y/y5vfR9Pwpmfi1e9V8vsNX8iR7i3YMI3HwS8g2Ggq gjVOlH2UyiyJpqruV1B6tRwZA+KE3RNmj7xIXwvRVd29MLI0CMs/mSOo57TvGvxp Wcn0IA0TK6T0LvNqgXNv+vjJhohfIN1TzhGiH0oEMiZVkRoHs1wqmkVQdkRPBApV GXMGvb1suh1NE8IRl4OP/z27zZoUBr+ksoLgFD+o6tzgiBp0zR+gPV87PVzPLN32 PKyru9V0LOrF3nnCS9k6iMboFUS/vWrctrxRIdd2oUPkljPwkzxx8jz6HUNJ606B 6vPeNMBdxH1Vqiptt29Qn6c9Lg35OkOi+6JMS0WWkTPCArvHBPKOodf/4DIslm4O 2ewBiq8ewmhfUTAxxQfk+xR0+YR6d4g82Q3PvZ4jyDsSosQWnThAwLjketoTRBmc BRcZKrqFvIMpVky0I2sl9U3ZFzlWWr2Z4PEKxu98o0AhUDCctzBHvXwL45c+7K0k CQEs5a76ecC99mAf5AjtrbAcnTjKx9R6Y1RJ8XS9gCjT5/CMA7M= =gANE -----END PGP SIGNATURE-----

6 years, 9 months

1
0
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit c40a7b3592b3b7519eadc130c5583db2aaf70f68: Linux 4.4.156 (2018-09-15 09:40:42 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-17092018 for you to fetch changes up to 86d8d800d31c13b8c14a5a18da2ec8715da5fe0a: xen-netfront: fix warn message as irq device name has '/' (2018-09-15 10:24:32 -0400) - ---------------------------------------------------------------- for-greg-4.4-17092018 - ---------------------------------------------------------------- Andreas Gruenbacher (1): gfs2: Special-case rindex for gfs2_grow Anton Vasilyev (1): video: goldfishfb: fix memory leak on driver remove Bob Peterson (1): gfs2: Don't reject a supposedly full bitmap if we have blocks reserved Dan Carpenter (1): fbdev: omapfb: off by one in omapfb_register_client() Felix Fietkau (1): MIPS: ath79: fix system restart Fredrik Noring (1): fbdev: Distinguish between interlaced and progressive modes Hans Verkuil (1): media: videobuf2-core: check for q->error in vb2_core_qbuf() John Keeping (1): dmaengine: pl330: fix irq race with terminate_all Julian Wiedmann (2): s390/qeth: fix race in used-buffer accounting s390/qeth: reset layer2 attribute on layer switch Krzysztof Kozlowski (1): ARM: exynos: Clear global variable on init error path Loic Poulain (1): arm64: dts: qcom: db410c: Fix Bluetooth LED trigger Manikanta Pubbisetty (1): mac80211: restrict delayed tailroom needed decrement Masahiro Yamada (1): kbuild: add .DELETE_ON_ERROR special target Miao Zhong (1): iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register Michael MÃ¼ller (1): crypto: sharah - Unregister correct algorithms for SAHARA 3 Nicholas Mc Guire (1): clk: imx6ul: fix missing of_node_put() Nicholas Piggin (1): powerpc/powernv: opal_put_chars partial write fix Paul Cercueil (1): MIPS: jz4740: Bump zload address Randy Dunlap (3): mtd/maps: fix solutionengine.c printk format warnings fbdev/via: fix defined but not used warning platform/x86: toshiba_acpi: Fix defined but not used build warnings Sandipan Das (2): perf powerpc: Fix callchain ip filtering when return address is in a register perf powerpc: Fix callchain ip filtering Takashi Iwai (2): ALSA: msnd: Fix the default sample sizes ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro Vitaly Kuznetsov (1): xen-netfront: fix queue name setting Xiao Liang (1): xen-netfront: fix warn message as irq device name has '/' YueHaibing (1): xfrm: fix 'passing zero to ERR_PTR()' warning arch/arm/mach-exynos/suspend.c | 1 + arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi | 2 +- arch/mips/ath79/setup.c | 1 + arch/mips/include/asm/mach-ath79/ath79.h | 1 + arch/mips/jz4740/Platform | 2 +- arch/powerpc/platforms/powernv/opal.c | 2 +- drivers/clk/imx/clk-imx6ul.c | 1 + drivers/crypto/sahara.c | 4 +-- drivers/dma/pl330.c | 5 +-- drivers/iommu/arm-smmu-v3.c | 1 + drivers/media/v4l2-core/videobuf2-core.c | 5 +++ drivers/mtd/maps/solutionengine.c | 6 ++-- drivers/net/xen-netfront.c | 6 ++-- drivers/platform/x86/toshiba_acpi.c | 3 +- drivers/s390/net/qeth_core_main.c | 3 +- drivers/s390/net/qeth_core_sys.c | 1 + drivers/video/fbdev/core/modedb.c | 41 +++++++++++++++++------ drivers/video/fbdev/goldfishfb.c | 1 + drivers/video/fbdev/omap/omapfb_main.c | 2 +- drivers/video/fbdev/via/viafbdev.c | 3 +- fs/gfs2/bmap.c | 2 +- fs/gfs2/rgrp.c | 3 +- net/mac80211/cfg.c | 2 +- net/mac80211/key.c | 24 ++++++++----- net/xfrm/xfrm_policy.c | 5 ++- scripts/Kbuild.include | 3 ++ sound/isa/msnd/msnd_pinnacle.c | 4 +-- sound/usb/quirks-table.h | 3 +- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 10 ++++-- 29 files changed, 101 insertions(+), 46 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlugPOcACgkQ3qZv95d3 LNxQzhAAl454mfpZ6ZQIy0kRvfw9BZrlBF0yIZYS/QQ1cBJ7+j8sOdS1s/dtJkRK zpEvSImx6aUgKiuXrJUt6EJbWTUkLeZnfqoRkWe543T6oMgPJGXObmafkF3GlT1A d0AY17gdH2CB5IlovnrgyuUkMCNaB3Kv2yimo9fWVaIU4wuAfFt7HKHHWE/SQX2L SUiajdhGvWwBLcry7FefV/fU8Ug2sBSHoucxEkkb64SYl2jwC3lNB5U0upJkiCOe jtT7o0JQ3v3SzJLN2fRsYb64aVqLjp3OpQg4RODOO7f5NAzbyOATqtjQTxDUJ6wa wGiD+BjIWrd99oiWC/nIAgZS8adAtiRJ/NOgH/kR8OR3BgP7Wk4M6Zqej6YxXEw3 pid6/ZMiYIymj+YVqwQt0W0p8L2RwMK4R0eoDeZD1aeJTvkEJPmWov80B2nBdu2I XyB2A/Jay7+M3jnDZPVMjGVAh1ukGNglpsYgi7tkzxmSCS9oz10lgt1i5N9DXPBG WLlbCyPwof9JJLpiT1mlqx6PZYPy3XfUyq+bAFOpAEzdqv69lT3gtY5krz1iydIJ C+y1n8vFwmsVbrBACMIYFAbwxsH2kdwComA/nQKf9g1urMZGNrMgKO4qoZR5o9zX dZG26OrKCwbHAfV1aAvcQrH27Jc9VFEXYG31iShh+tdbymIWzgU= =/dVc -----END PGP SIGNATURE-----

6 years, 9 months

1
0
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 927556eb3a72306db1ba5ab8b9bb9914433302ba: Linux 4.9.127 (2018-09-15 09:43:07 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-17092018 for you to fetch changes up to bb180cbca65d450c5bd1b0e10995ef5eb56ff1e1: xen-netfront: fix warn message as irq device name has '/' (2018-09-15 10:24:21 -0400) - ---------------------------------------------------------------- for-greg-4.9-17092018 - ---------------------------------------------------------------- Andreas Gruenbacher (1): gfs2: Special-case rindex for gfs2_grow Anton Vasilyev (1): video: goldfishfb: fix memory leak on driver remove Ard Biesheuvel (1): efi/arm: preserve early mapping of UEFI memory map longer for BGRT Bhushan Shah (1): ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci Bob Peterson (1): gfs2: Don't reject a supposedly full bitmap if we have blocks reserved Christoffer Dall (1): KVM: arm/arm64: Fix vgic init race Dan Carpenter (1): fbdev: omapfb: off by one in omapfb_register_client() Daniel Mack (1): video: fbdev: pxafb: clear allocated memory for video modes Felix Fietkau (1): MIPS: ath79: fix system restart Fredrik Noring (1): fbdev: Distinguish between interlaced and progressive modes Hanna Hawa (1): dmaengine: mv_xor_v2: kill the tasklets upon exit Hans Verkuil (1): media: videobuf2-core: check for q->error in vb2_core_qbuf() Jakub Kicinski (1): nfp: avoid buffer leak when FW communication fails John Keeping (1): dmaengine: pl330: fix irq race with terminate_all Julian Wiedmann (2): s390/qeth: fix race in used-buffer accounting s390/qeth: reset layer2 attribute on layer switch Krzysztof Ha?asa (1): media: tw686x: Fix oops on buffer alloc failure Krzysztof Kozlowski (1): ARM: exynos: Clear global variable on init error path Loic Poulain (1): arm64: dts: qcom: db410c: Fix Bluetooth LED trigger Manikanta Pubbisetty (1): mac80211: restrict delayed tailroom needed decrement Masahiro Yamada (1): kbuild: add .DELETE_ON_ERROR special target Miao Zhong (1): iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register Michael MÃ¼ller (1): crypto: sharah - Unregister correct algorithms for SAHARA 3 Nicholas Mc Guire (1): clk: imx6ul: fix missing of_node_put() Nicholas Piggin (1): powerpc/powernv: opal_put_chars partial write fix Paul Cercueil (1): MIPS: jz4740: Bump zload address Pingfan Liu (1): drivers/base: stop new probing during shutdown Piotr Sawicki (1): Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets Rajan Vaja (1): clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure Randy Dunlap (3): mtd/maps: fix solutionengine.c printk format warnings fbdev/via: fix defined but not used warning platform/x86: toshiba_acpi: Fix defined but not used build warnings Sandipan Das (2): perf powerpc: Fix callchain ip filtering when return address is in a register perf powerpc: Fix callchain ip filtering Takashi Iwai (2): ALSA: msnd: Fix the default sample sizes ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro Thomas Richter (1): perf test: Fix subtest number when showing results Vitaly Kuznetsov (1): xen-netfront: fix queue name setting Xiao Liang (1): xen-netfront: fix warn message as irq device name has '/' YueHaibing (2): xfrm: fix 'passing zero to ERR_PTR()' warning wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc Zhu Yanjun (1): IB/rxe: Drop QP0 silently .../dts/qcom-msm8974-lge-nexus5-hammerhead.dts | 2 ++ arch/arm/mach-exynos/suspend.c | 1 + arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi | 2 +- arch/mips/ath79/setup.c | 1 + arch/mips/include/asm/mach-ath79/ath79.h | 1 + arch/mips/jz4740/Platform | 2 +- arch/powerpc/platforms/powernv/opal.c | 2 +- drivers/base/core.c | 3 ++ drivers/clk/clk-fixed-factor.c | 9 ++++- drivers/clk/imx/clk-imx6ul.c | 1 + drivers/crypto/sahara.c | 4 +-- drivers/dma/mv_xor_v2.c | 2 ++ drivers/dma/pl330.c | 5 +-- drivers/firmware/efi/arm-init.c | 1 - drivers/firmware/efi/arm-runtime.c | 4 ++- drivers/infiniband/sw/rxe/rxe_recv.c | 9 +++-- drivers/iommu/arm-smmu-v3.c | 1 + drivers/media/pci/tw686x/tw686x-video.c | 11 ++++-- drivers/media/v4l2-core/videobuf2-core.c | 5 +++ drivers/mtd/maps/solutionengine.c | 6 ++-- .../net/ethernet/netronome/nfp/nfp_net_common.c | 13 +++++-- drivers/net/wan/fsl_ucc_hdlc.c | 6 ++-- drivers/net/xen-netfront.c | 6 ++-- drivers/platform/x86/toshiba_acpi.c | 3 +- drivers/s390/net/qeth_core_main.c | 3 +- drivers/s390/net/qeth_core_sys.c | 1 + drivers/video/fbdev/core/modedb.c | 41 ++++++++++++++++------ drivers/video/fbdev/goldfishfb.c | 1 + drivers/video/fbdev/omap/omapfb_main.c | 2 +- drivers/video/fbdev/pxafb.c | 4 +-- drivers/video/fbdev/via/viafbdev.c | 3 +- fs/gfs2/bmap.c | 2 +- fs/gfs2/rgrp.c | 3 +- net/mac80211/cfg.c | 2 +- net/mac80211/key.c | 24 ++++++++----- net/xfrm/xfrm_policy.c | 5 ++- scripts/Kbuild.include | 3 ++ security/smack/smack_lsm.c | 14 +++++--- sound/isa/msnd/msnd_pinnacle.c | 4 +-- sound/usb/quirks-table.h | 3 +- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 10 ++++-- tools/perf/tests/builtin-test.c | 2 +- virt/kvm/arm/vgic/vgic-init.c | 4 +++ 43 files changed, 163 insertions(+), 68 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlugPOAACgkQ3qZv95d3 LNyTIxAAicYE/fiFKVcZc37qZPFV4MPSVH5J4aXbObvIy85IzJUSJ/hnwoymvYX+ 8fS+a3ctAC/lpMlSjxz+TtcIyMscEWEQcOZSFQPST+RycohywsADCZhweYFlw04m D88nGiffYRBU151TyORd0mXaklN1rMqx/5wWgRBAi9c5p9h9gx+DpJaXQGTD2/6C qL4q8UM92rNs8UnIEG3A2z6M5PlVgEaPkQzHrjfUUNLlHIwXYAtSJ7AT5WQdzO7+ l2V+9/EyGlLWQY9Rm3/QIVxWJv2b106K8uA/q8olt1pqlwsGZX8yMWwHWzwQMK9v lU9ri5ZbgEYjNvUbE8y7nhRtajSa/AJuY8P+Ytk/iFtryo809Y/JUss03eu6KU75 hgTB7cBeB7Fb4ircFQ9MVmeccmLmXemvuH87YFUNNlaZBwOJWf/0MqGLFtJ5s4c3 ie9aW9jw96xbWB9SJDKT6dpnCBibus43TYF4bniRsMWpSnNbRYCDruRzQCzj5qnW 2ew1noQpr2st0fJtJEcQgjd/gMbVmQEkUOxdnTGL3y3dSDppHWBGDVzbkudTkwCg Y1hfFJTpf9dYeTN4vrNPm2GYAIBINjW0m38b5PpM/NH9cOnC8jq9ogG+8OGTvqAz V01J8xPOPXWX/kunc5rFYxRN+MhF1k64iT7W4DhUW3999BHJ410= =csQ/ -----END PGP SIGNATURE-----

6 years, 9 months

1
0
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 5dfe87ac34e2326ae2957fc68b63212d84f78701: Linux 4.14.70 (2018-09-15 09:45:37 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-17092018 for you to fetch changes up to 64190d73856692f63af6becf8787c94a2df34432: xen-netfront: fix warn message as irq device name has '/' (2018-09-15 10:22:53 -0400) - ---------------------------------------------------------------- for-greg-4.14-17092018 - ---------------------------------------------------------------- Andreas Gruenbacher (1): gfs2: Special-case rindex for gfs2_grow Anton Vasilyev (1): video: goldfishfb: fix memory leak on driver remove Ard Biesheuvel (1): efi/arm: preserve early mapping of UEFI memory map longer for BGRT Bhushan Shah (1): ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci Bob Peterson (1): gfs2: Don't reject a supposedly full bitmap if we have blocks reserved Christoffer Dall (1): KVM: arm/arm64: Fix vgic init race Dan Carpenter (1): fbdev: omapfb: off by one in omapfb_register_client() Daniel Mack (1): video: fbdev: pxafb: clear allocated memory for video modes Erich E. Hoover (1): usb: dwc3: change stream event enable bit back to 13 Felix Fietkau (1): MIPS: ath79: fix system restart Fredrik Noring (1): fbdev: Distinguish between interlaced and progressive modes Hanna Hawa (1): dmaengine: mv_xor_v2: kill the tasklets upon exit Hans Verkuil (1): media: videobuf2-core: check for q->error in vb2_core_qbuf() Jae Hyun Yoo (1): i2c: aspeed: Fix initial values of master and slave state Jakub Kicinski (1): nfp: avoid buffer leak when FW communication fails Jean-Philippe Brucker (1): iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE Jiang Biao (2): x86/pti: Check the return value of pti_user_pagetable_walk_p4d() x86/pti: Check the return value of pti_user_pagetable_walk_pmd() Jiri Olsa (2): perf tools: Synthesize GROUP_DESC feature in pipe mode perf tools: Fix struct comm_str removal crash Joerg Roedel (1): x86/mm/pti: Add an overflow check to pti_clone_pmds() John Keeping (1): dmaengine: pl330: fix irq race with terminate_all Julian Wiedmann (2): s390/qeth: fix race in used-buffer accounting s390/qeth: reset layer2 attribute on layer switch Krzysztof Ha?asa (1): media: tw686x: Fix oops on buffer alloc failure Krzysztof Kozlowski (1): ARM: exynos: Clear global variable on init error path Leonard Crestez (1): reset: imx7: Fix always writing bits as 0 Loic Poulain (1): arm64: dts: qcom: db410c: Fix Bluetooth LED trigger Manikanta Pubbisetty (1): mac80211: restrict delayed tailroom needed decrement Mark Rutland (2): KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr() arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() Masahiro Yamada (1): kbuild: add .DELETE_ON_ERROR special target Miao Zhong (1): iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register Michael MÃ¼ller (1): crypto: sharah - Unregister correct algorithms for SAHARA 3 Mike Snitzer (1): block: allow max_discard_segments to be stacked Mikko Perttunen (1): clk: core: Potentially free connection id Nicholas Mc Guire (3): clk: imx6ul: fix missing of_node_put() staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout staging: bcm2835-camera: handle wait_for_completion_timeout return properly Nicholas Piggin (1): powerpc/powernv: opal_put_chars partial write fix Oder Chiou (1): ASoC: rt5514: Fix the issue of the delay volume applied Paul Cercueil (1): MIPS: jz4740: Bump zload address Pingfan Liu (1): drivers/base: stop new probing during shutdown Piotr Sawicki (1): Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets Rajan Vaja (1): clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure Randy Dunlap (3): mtd/maps: fix solutionengine.c printk format warnings fbdev/via: fix defined but not used warning platform/x86: toshiba_acpi: Fix defined but not used build warnings Sagi Grimberg (1): nvme-rdma: unquiesce queues when deleting the controller Sandipan Das (2): perf powerpc: Fix callchain ip filtering when return address is in a register perf powerpc: Fix callchain ip filtering Takashi Iwai (3): ALSA: pcm: Add __force to cast in snd_pcm_lib_read/write() ALSA: msnd: Fix the default sample sizes ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro Thomas Richter (1): perf test: Fix subtest number when showing results Todor Tomov (1): media: ov5645: Supported external clock is 24MHz Vitaly Kuznetsov (1): xen-netfront: fix queue name setting Wei Yongjun (1): IB/ipoib: Fix error return code in ipoib_dev_init() Xiao Liang (1): xen-netfront: fix warn message as irq device name has '/' YueHaibing (3): xfrm: fix 'passing zero to ERR_PTR()' warning amd-xgbe: use dma_mapping_error to check map errors wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc Zhu Yanjun (1): IB/rxe: Drop QP0 silently .../dts/qcom-msm8974-lge-nexus5-hammerhead.dts | 2 ++ arch/arm/mach-exynos/suspend.c | 1 + arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi | 2 +- arch/arm64/kernel/ptrace.c | 19 +++++----- arch/mips/ath79/setup.c | 1 + arch/mips/include/asm/mach-ath79/ath79.h | 1 + arch/mips/jz4740/Platform | 2 +- arch/powerpc/platforms/powernv/opal.c | 2 +- arch/x86/mm/pti.c | 25 ++++++++++--- block/blk-settings.c | 2 +- drivers/base/core.c | 3 ++ drivers/clk/clk-fixed-factor.c | 9 ++++- drivers/clk/clk.c | 3 ++ drivers/clk/imx/clk-imx6ul.c | 1 + drivers/crypto/sahara.c | 4 +-- drivers/dma/mv_xor_v2.c | 2 ++ drivers/dma/pl330.c | 5 +-- drivers/firmware/efi/arm-init.c | 1 - drivers/firmware/efi/arm-runtime.c | 4 ++- drivers/i2c/busses/i2c-aspeed.c | 4 +-- drivers/infiniband/sw/rxe/rxe_recv.c | 9 +++-- drivers/infiniband/ulp/ipoib/ipoib_main.c | 3 +- drivers/iommu/arm-smmu-v3.c | 1 + drivers/iommu/io-pgtable-arm-v7s.c | 7 +++- drivers/media/i2c/ov5645.c | 13 +++---- drivers/media/pci/tw686x/tw686x-video.c | 11 ++++-- drivers/media/v4l2-core/videobuf2-core.c | 5 +++ drivers/mtd/maps/solutionengine.c | 6 ++-- drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 7 ++-- .../net/ethernet/netronome/nfp/nfp_net_common.c | 13 +++++-- drivers/net/wan/fsl_ucc_hdlc.c | 6 ++-- drivers/net/xen-netfront.c | 6 ++-- drivers/nvme/host/rdma.c | 2 ++ drivers/platform/x86/toshiba_acpi.c | 3 +- drivers/reset/reset-imx7.c | 2 +- drivers/s390/net/qeth_core_main.c | 3 +- drivers/s390/net/qeth_core_sys.c | 1 + .../vc04_services/bcm2835-camera/bcm2835-camera.c | 7 ++-- .../vc04_services/bcm2835-camera/mmal-vchiq.c | 11 +++--- drivers/usb/dwc3/gadget.h | 2 +- drivers/video/fbdev/core/modedb.c | 41 ++++++++++++++++------ drivers/video/fbdev/goldfishfb.c | 1 + drivers/video/fbdev/omap/omapfb_main.c | 2 +- drivers/video/fbdev/pxafb.c | 4 +-- drivers/video/fbdev/via/viafbdev.c | 3 +- fs/gfs2/bmap.c | 2 +- fs/gfs2/rgrp.c | 3 +- include/sound/pcm.h | 4 +-- net/mac80211/cfg.c | 2 +- net/mac80211/key.c | 24 ++++++++----- net/xfrm/xfrm_policy.c | 5 ++- scripts/Kbuild.include | 3 ++ security/smack/smack_lsm.c | 14 +++++--- sound/isa/msnd/msnd_pinnacle.c | 4 +-- sound/soc/codecs/rt5514.c | 8 ++--- sound/usb/quirks-table.h | 3 +- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 10 ++++-- tools/perf/tests/builtin-test.c | 2 +- tools/perf/util/comm.c | 16 ++++++--- tools/perf/util/header.c | 2 +- virt/kvm/arm/vgic/vgic-init.c | 4 +++ virt/kvm/arm/vgic/vgic-mmio-v2.c | 3 ++ 62 files changed, 253 insertions(+), 118 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlugPNMACgkQ3qZv95d3 LNzARxAAvjj18hSYWqS/PbHjOFUtAuZmEwNQPvj0oVaLLfLAFKs362ZYILvN5oV+ 4MfDuDoWhGQ8qF4yXlLg2yqTtUX9geKf92m6rr11tily7VA1BbYBtk+j4gk7IKP6 1EMZ/hOm7jAn2AyCgWsQPgSmUR544peOCdHaUg/Qmi2JjAzMGEG9iclaWcgq79Y9 qjZjNdJGQh7OtSqQfsA3nfnG2zNLjU6u2q5BXxtVDB4bPkk8exU+oUNBw5Izb7ww hWsNSQFjas/ulzh8prM0gNyqPn5iGWqzmdyW5VAoxsDy0KSfw8CT9KUzk81Gz/DO OZBIGjodzkfqsQ8UgBZPd9DDJfnyGIPuNUHsk5kNaEZiSBdt+iZKVbY6BkuVU5Qa E0Af4x6vBkOEO9ofpIwQSbpjm3IwpHuM0sBnzU8TDa7vpYoaxqUSXx0C8nm/0nZ4 EzFw+BTUn3T1Zo8zsnBBXDlnHa+fx/RpUeMCuPrHrAL/ZrJltkrVRzmPbpfnBWqT elX23+RZTG3BDTcbgXuB5na2BnppXZyG6L3aoY+68kk9fyACe5CD+6a320N9dueM kxWgQ9n2byKiiofS7quip7hMcRKVnqvFdiBXTd+zZEcpE2uPue8NQ04BAzrp+DKH p3/R5SDjCFTiqJCtB/W6RdkYFZGZK9yTsDKNdjEHq1DlyzyV+t4= =KTqg -----END PGP SIGNATURE-----

6 years, 9 months

1
0
0 0

+ mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, thp: fix mlocking THP page with migration enabled has been added to the -mm tree. Its filename is mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-thp-fix-mlocking-thp-page-with-… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-thp-fix-mlocking-thp-page-with-… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm, thp: fix mlocking THP page with migration enabled A transparent huge page is represented by a single entry on an LRU list. Therefore, we can only make unevictable an entire compound page, not individual subpages. If a user tries to mlock() part of a huge page, we want the rest of the page to be reclaimable. We handle this by keeping PTE-mapped huge pages on normal LRU lists: the PMD on border of VM_LOCKED VMA will be split into PTE table. Introduction of THP migration breaks[1] the rules around mlocking THP pages. If we had a single PMD mapping of the page in mlocked VMA, the page will get mlocked, regardless of PTE mappings of the page. For tmpfs/shmem it's easy to fix by checking PageDoubleMap() in remove_migration_pmd(). Anon THP pages can only be shared between processes via fork(). Mlocked page can only be shared if parent mlocked it before forking, otherwise CoW will be triggered on mlock(). For Anon-THP, we can fix the issue by munlocking the page on removing PTE migration entry for the page. PTEs for the page will always come after mlocked PMD: rmap walks VMAs from oldest to newest. Test-case: #include <unistd.h> #include <sys/mman.h> #include <sys/wait.h> #include <linux/mempolicy.h> #include <numaif.h> int main(void) { unsigned long nodemask = 4; void *addr; addr = mmap((void *)0x20000000UL, 2UL << 20, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_LOCKED, -1, 0); if (fork()) { wait(NULL); return 0; } mlock(addr, 4UL << 10); mbind(addr, 2UL << 20, MPOL_PREFERRED | MPOL_F_RELATIVE_NODES, &nodemask, 4, MPOL_MF_MOVE); return 0; } [1] https://lkml.kernel.org/r/CAOMGZ=G52R-30rZvhGxEbkTw7rLLwBGadVYeo--iizcD3upL… Link: http://lkml.kernel.org/r/20180917133816.43995-1-kirill.shutemov@linux.intel… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: Vegard Nossum <vegard.nossum(a)oracle.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 +- mm/migrate.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) --- a/mm/huge_memory.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/huge_memory.c @@ -2931,7 +2931,7 @@ void remove_migration_pmd(struct page_vm else page_add_file_rmap(new, true); set_pmd_at(mm, mmun_start, pvmw->pmd, pmde); - if (vma->vm_flags & VM_LOCKED) + if ((vma->vm_flags & VM_LOCKED) && !PageDoubleMap(new)) mlock_vma_page(new); update_mmu_cache_pmd(vma, address, pvmw->pmd); } --- a/mm/migrate.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/migrate.c @@ -275,6 +275,9 @@ static bool remove_migration_pte(struct if (vma->vm_flags & VM_LOCKED && !PageTransCompound(new)) mlock_vma_page(new); + if (PageTransHuge(page) && PageMlocked(page)) + clear_page_mlock(page); + /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, pvmw.address, pvmw.pte); } _ Patches currently in -mm which might be from kirill.shutemov(a)linux.intel.com are mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch

6 years, 9 months

1
0
0 0

+ mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, thp: fix mlocking THP page with migration enabled has been added to the -mm tree. Its filename is mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-thp-fix-mlocking-thp-page-with-… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-thp-fix-mlocking-thp-page-with-… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Subject: mm, thp: fix mlocking THP page with migration enabled A transparent huge page is represented by a single entry on an LRU list. Therefore, we can only make unevictable an entire compound page, not individual subpages. If a user tries to mlock() part of a huge page, we want the rest of the page to be reclaimable. We handle this by keeping PTE-mapped huge pages on normal LRU lists: the PMD on border of VM_LOCKED VMA will be split into PTE table. Introduction of THP migration breaks[1] the rules around mlocking THP pages. If we had a single PMD mapping of the page in mlocked VMA, the page will get mlocked, regardless of PTE mappings of the page. For tmpfs/shmem it's easy to fix by checking PageDoubleMap() in remove_migration_pmd(). Anon THP pages can only be shared between processes via fork(). Mlocked page can only be shared if parent mlocked it before forking, otherwise CoW will be triggered on mlock(). For Anon-THP, we can fix the issue by munlocking the page on removing PTE migration entry for the page. PTEs for the page will always come after mlocked PMD: rmap walks VMAs from oldest to newest. Test-case: #include <unistd.h> #include <sys/mman.h> #include <sys/wait.h> #include <linux/mempolicy.h> #include <numaif.h> int main(void) { unsigned long nodemask = 4; void *addr; addr = mmap((void *)0x20000000UL, 2UL << 20, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_LOCKED, -1, 0); if (fork()) { wait(NULL); return 0; } mlock(addr, 4UL << 10); mbind(addr, 2UL << 20, MPOL_PREFERRED | MPOL_F_RELATIVE_NODES, &nodemask, 4, MPOL_MF_MOVE); return 0; } [1] https://lkml.kernel.org/r/CAOMGZ=G52R-30rZvhGxEbkTw7rLLwBGadVYeo--iizcD3upL… Link: http://lkml.kernel.org/r/20180917133816.43995-1-kirill.shutemov@linux.intel… Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: Vegard Nossum <vegard.nossum(a)oracle.com> Reviewed-by: Zi Yan <zi.yan(a)cs.rutgers.edu> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> [4.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 +- mm/migrate.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) --- a/mm/huge_memory.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/huge_memory.c @@ -2931,7 +2931,7 @@ void remove_migration_pmd(struct page_vm else page_add_file_rmap(new, true); set_pmd_at(mm, mmun_start, pvmw->pmd, pmde); - if (vma->vm_flags & VM_LOCKED) + if ((vma->vm_flags & VM_LOCKED) && !PageDoubleMap(new)) mlock_vma_page(new); update_mmu_cache_pmd(vma, address, pvmw->pmd); } --- a/mm/migrate.c~mm-thp-fix-mlocking-thp-page-with-migration-enabled +++ a/mm/migrate.c @@ -275,6 +275,9 @@ static bool remove_migration_pte(struct if (vma->vm_flags & VM_LOCKED && !PageTransCompound(new)) mlock_vma_page(new); + if (PageTransHuge(page) && PageMlocked(page)) + clear_page_mlock(page); + /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, pvmw.address, pvmw.pte); } _ Patches currently in -mm which might be from kirill.shutemov(a)linux.intel.com are mm-thp-fix-mlocking-thp-page-with-migration-enabled.patch

6 years, 9 months

1
0
0 0

[PATCH 13/17] target/core: Avoid that LUN reset sporadically triggers data corruption

by Bart Van Assche

If on an initiator system a LUN reset is issued while I/O is in progress with queue depth > 1, avoid that data corruption occurs as follows: - The initiator submits a READ (a). - The initiator submits a LUN reset before READ (a) completes. - The target responds that the LUN reset succeeded after READ (a) has been marked as CMD_T_COMPLETE and before .queue_status() has been called. - The initiator receives the LUN reset response and frees the tag used by READ (a). - The initiator submits READ (b) and reuses the tag of READ (a). - The initiator receives the response for READ (a) and interprets this as a completion for READ (b). - The initiator receives the completion for READ (b) and discards it. With the SRP initiator and target drivers and when running fio concurrently with sg_reset -d it only takes a few minutes to reproduce this. Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> Fixes: commit febe562c20df ("target: Fix LUN_RESET active I/O handling for ACK_KREF") Cc: Nicholas Bellinger <nab(a)linux-iscsi.org> Cc: Mike Christie <mchristi(a)redhat.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Hannes Reinecke <hare(a)suse.de> Cc: <stable(a)vger.kernel.org> --- drivers/target/target_core_tmr.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/target/target_core_tmr.c b/drivers/target/target_core_tmr.c index 2750a2c7b563..6e419396c1e4 100644 --- a/drivers/target/target_core_tmr.c +++ b/drivers/target/target_core_tmr.c @@ -90,7 +90,7 @@ static int target_check_cdb_and_preempt(struct list_head *list, return 1; } -static bool __target_check_io_state(struct se_cmd *se_cmd, +static bool __target_check_io_state(struct se_cmd *se_cmd, u32 skip_flags, struct se_session *tmr_sess, int tas) { struct se_session *sess = se_cmd->se_sess; @@ -108,7 +108,7 @@ static bool __target_check_io_state(struct se_cmd *se_cmd, * long as se_cmd->cmd_kref is still active unless zero. */ spin_lock(&se_cmd->t_state_lock); - if (se_cmd->transport_state & (CMD_T_COMPLETE | CMD_T_FABRIC_STOP)) { + if (se_cmd->transport_state & (skip_flags | CMD_T_FABRIC_STOP)) { pr_debug("Attempted to abort io tag: %llu already complete or" " fabric stop, skipping\n", se_cmd->tag); spin_unlock(&se_cmd->t_state_lock); @@ -165,7 +165,8 @@ void core_tmr_abort_task( printk("ABORT_TASK: Found referenced %s task_tag: %llu\n", se_cmd->se_tfo->get_fabric_name(), ref_tag); - if (!__target_check_io_state(se_cmd, se_sess, 0)) + if (!__target_check_io_state(se_cmd, CMD_T_COMPLETE, se_sess, + 0)) continue; spin_unlock_irqrestore(&se_sess->sess_cmd_lock, flags); @@ -349,7 +350,7 @@ static void core_tmr_drain_state_list( continue; spin_lock(&sess->sess_cmd_lock); - rc = __target_check_io_state(cmd, tmr_sess, tas); + rc = __target_check_io_state(cmd, 0, tmr_sess, tas); spin_unlock(&sess->sess_cmd_lock); if (!rc) continue; -- 2.18.0

6 years, 9 months

1
0
0 0

[PATCH] tpm: separate cmd_ready/go_idle from runtime_pm

by Jarkko Sakkinen

From: Tomas Winkler <tomas.winkler(a)intel.com> commit 627448e85c766587f6fdde1ea3886d6615081c77 upstream Fix tpm ptt initialization error: tpm tpm0: A TPM error (378) occurred get tpm pcr allocation. We cannot use go_idle cmd_ready commands via runtime_pm handles as with the introduction of localities this is no longer an optional feature, while runtime pm can be not enabled. Though cmd_ready/go_idle provides a power saving, it's also a part of TPM2 protocol and should be called explicitly. This patch exposes cmd_read/go_idle via tpm class ops and removes runtime pm support as it is not used by any driver. When calling from nested context always use both flags: TPM_TRANSMIT_UNLOCKED and TPM_TRANSMIT_RAW. Both are needed to resolve tpm spaces and locality request recursive calls to tpm_transmit(). TPM_TRANSMIT_RAW should never be used standalone as it will fail on double locking. While TPM_TRANSMIT_UNLOCKED standalone should be called from non-recursive locked contexts. New wrappers are added tpm_cmd_ready() and tpm_go_idle() to streamline tpm_try_transmit code. tpm_crb no longer needs own power saving functions and can drop using tpm_pm_suspend/resume. This patch cannot be really separated from the locality fix. Fixes: 888d867df441 (tpm: cmd_ready command can be issued only after granting locality) Cc: stable(a)vger.kernel.org Fixes: 888d867df441 (tpm: cmd_ready command can be issued only after granting locality) Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> --- drivers/char/tpm/tpm-interface.c | 50 ++++++++++++--- drivers/char/tpm/tpm.h | 12 +++- drivers/char/tpm/tpm2-space.c | 16 +++-- drivers/char/tpm/tpm_crb.c | 101 +++++++++---------------------- include/linux/tpm.h | 2 + 5 files changed, 90 insertions(+), 91 deletions(-) diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 86b526b7d990..a2070ab86c82 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -369,10 +369,13 @@ static int tpm_validate_command(struct tpm_chip *chip, return -EINVAL; } -static int tpm_request_locality(struct tpm_chip *chip) +static int tpm_request_locality(struct tpm_chip *chip, unsigned int flags) { int rc; + if (flags & TPM_TRANSMIT_RAW) + return 0; + if (!chip->ops->request_locality) return 0; @@ -385,10 +388,13 @@ static int tpm_request_locality(struct tpm_chip *chip) return 0; } -static void tpm_relinquish_locality(struct tpm_chip *chip) +static void tpm_relinquish_locality(struct tpm_chip *chip, unsigned int flags) { int rc; + if (flags & TPM_TRANSMIT_RAW) + return; + if (!chip->ops->relinquish_locality) return; @@ -399,6 +405,28 @@ static void tpm_relinquish_locality(struct tpm_chip *chip) chip->locality = -1; } +static int tpm_cmd_ready(struct tpm_chip *chip, unsigned int flags) +{ + if (flags & TPM_TRANSMIT_RAW) + return 0; + + if (!chip->ops->cmd_ready) + return 0; + + return chip->ops->cmd_ready(chip); +} + +static int tpm_go_idle(struct tpm_chip *chip, unsigned int flags) +{ + if (flags & TPM_TRANSMIT_RAW) + return 0; + + if (!chip->ops->go_idle) + return 0; + + return chip->ops->go_idle(chip); +} + static ssize_t tpm_try_transmit(struct tpm_chip *chip, struct tpm_space *space, u8 *buf, size_t bufsiz, @@ -449,14 +477,15 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip, /* Store the decision as chip->locality will be changed. */ need_locality = chip->locality == -1; - if (!(flags & TPM_TRANSMIT_RAW) && need_locality) { - rc = tpm_request_locality(chip); + if (need_locality) { + rc = tpm_request_locality(chip, flags); if (rc < 0) goto out_no_locality; } - if (chip->dev.parent) - pm_runtime_get_sync(chip->dev.parent); + rc = tpm_cmd_ready(chip, flags); + if (rc) + goto out; rc = tpm2_prepare_space(chip, space, ordinal, buf); if (rc) @@ -516,13 +545,16 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip, } rc = tpm2_commit_space(chip, space, ordinal, buf, &len); + if (rc) + dev_err(&chip->dev, "tpm2_commit_space: error %d\n", rc); out: - if (chip->dev.parent) - pm_runtime_put_sync(chip->dev.parent); + rc = tpm_go_idle(chip, flags); + if (rc) + goto out; if (need_locality) - tpm_relinquish_locality(chip); + tpm_relinquish_locality(chip, flags); out_no_locality: if (chip->ops->clk_enable != NULL) diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index b83b30a3eea5..4bb9b4aa9b49 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -511,9 +511,17 @@ extern const struct file_operations tpm_fops; extern const struct file_operations tpmrm_fops; extern struct idr dev_nums_idr; +/** + * enum tpm_transmit_flags + * + * @TPM_TRANSMIT_UNLOCKED: used to lock sequence of tpm_transmit calls. + * @TPM_TRANSMIT_RAW: prevent recursive calls into setup steps + * (go idle, locality,..). Always use with UNLOCKED + * as it will fail on double locking. + */ enum tpm_transmit_flags { - TPM_TRANSMIT_UNLOCKED = BIT(0), - TPM_TRANSMIT_RAW = BIT(1), + TPM_TRANSMIT_UNLOCKED = BIT(0), + TPM_TRANSMIT_RAW = BIT(1), }; ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space, diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c index d26ea7513226..dabb2ae4e779 100644 --- a/drivers/char/tpm/tpm2-space.c +++ b/drivers/char/tpm/tpm2-space.c @@ -39,7 +39,8 @@ static void tpm2_flush_sessions(struct tpm_chip *chip, struct tpm_space *space) for (i = 0; i < ARRAY_SIZE(space->session_tbl); i++) { if (space->session_tbl[i]) tpm2_flush_context_cmd(chip, space->session_tbl[i], - TPM_TRANSMIT_UNLOCKED); + TPM_TRANSMIT_UNLOCKED | + TPM_TRANSMIT_RAW); } } @@ -84,7 +85,7 @@ static int tpm2_load_context(struct tpm_chip *chip, u8 *buf, tpm_buf_append(&tbuf, &buf[*offset], body_size); rc = tpm_transmit_cmd(chip, NULL, tbuf.data, PAGE_SIZE, 4, - TPM_TRANSMIT_UNLOCKED, NULL); + TPM_TRANSMIT_UNLOCKED | TPM_TRANSMIT_RAW, NULL); if (rc < 0) { dev_warn(&chip->dev, "%s: failed with a system error %d\n", __func__, rc); @@ -133,7 +134,7 @@ static int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf, tpm_buf_append_u32(&tbuf, handle); rc = tpm_transmit_cmd(chip, NULL, tbuf.data, PAGE_SIZE, 0, - TPM_TRANSMIT_UNLOCKED, NULL); + TPM_TRANSMIT_UNLOCKED | TPM_TRANSMIT_RAW, NULL); if (rc < 0) { dev_warn(&chip->dev, "%s: failed with a system error %d\n", __func__, rc); @@ -170,7 +171,8 @@ static void tpm2_flush_space(struct tpm_chip *chip) for (i = 0; i < ARRAY_SIZE(space->context_tbl); i++) if (space->context_tbl[i] && ~space->context_tbl[i]) tpm2_flush_context_cmd(chip, space->context_tbl[i], - TPM_TRANSMIT_UNLOCKED); + TPM_TRANSMIT_UNLOCKED | + TPM_TRANSMIT_RAW); tpm2_flush_sessions(chip, space); } @@ -377,7 +379,8 @@ static int tpm2_map_response_header(struct tpm_chip *chip, u32 cc, u8 *rsp, return 0; out_no_slots: - tpm2_flush_context_cmd(chip, phandle, TPM_TRANSMIT_UNLOCKED); + tpm2_flush_context_cmd(chip, phandle, + TPM_TRANSMIT_UNLOCKED | TPM_TRANSMIT_RAW); dev_warn(&chip->dev, "%s: out of slots for 0x%08X\n", __func__, phandle); return -ENOMEM; @@ -465,7 +468,8 @@ static int tpm2_save_space(struct tpm_chip *chip) return rc; tpm2_flush_context_cmd(chip, space->context_tbl[i], - TPM_TRANSMIT_UNLOCKED); + TPM_TRANSMIT_UNLOCKED | + TPM_TRANSMIT_RAW); space->context_tbl[i] = ~0; } diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c index bb756ad7897e..5c7ce5aaaf6f 100644 --- a/drivers/char/tpm/tpm_crb.c +++ b/drivers/char/tpm/tpm_crb.c @@ -137,7 +137,7 @@ static bool crb_wait_for_reg_32(u32 __iomem *reg, u32 mask, u32 value, } /** - * crb_go_idle - request tpm crb device to go the idle state + * __crb_go_idle - request tpm crb device to go the idle state * * @dev: crb device * @priv: crb private data @@ -151,7 +151,7 @@ static bool crb_wait_for_reg_32(u32 __iomem *reg, u32 mask, u32 value, * * Return: 0 always */ -static int crb_go_idle(struct device *dev, struct crb_priv *priv) +static int __crb_go_idle(struct device *dev, struct crb_priv *priv) { if ((priv->flags & CRB_FL_ACPI_START) || (priv->flags & CRB_FL_CRB_SMC_START)) @@ -166,11 +166,20 @@ static int crb_go_idle(struct device *dev, struct crb_priv *priv) dev_warn(dev, "goIdle timed out\n"); return -ETIME; } + return 0; } +static int crb_go_idle(struct tpm_chip *chip) +{ + struct device *dev = &chip->dev; + struct crb_priv *priv = dev_get_drvdata(dev); + + return __crb_go_idle(dev, priv); +} + /** - * crb_cmd_ready - request tpm crb device to enter ready state + * __crb_cmd_ready - request tpm crb device to enter ready state * * @dev: crb device * @priv: crb private data @@ -183,7 +192,7 @@ static int crb_go_idle(struct device *dev, struct crb_priv *priv) * * Return: 0 on success -ETIME on timeout; */ -static int crb_cmd_ready(struct device *dev, struct crb_priv *priv) +static int __crb_cmd_ready(struct device *dev, struct crb_priv *priv) { if ((priv->flags & CRB_FL_ACPI_START) || (priv->flags & CRB_FL_CRB_SMC_START)) @@ -201,6 +210,14 @@ static int crb_cmd_ready(struct device *dev, struct crb_priv *priv) return 0; } +static int crb_cmd_ready(struct tpm_chip *chip) +{ + struct device *dev = &chip->dev; + struct crb_priv *priv = dev_get_drvdata(dev); + + return __crb_cmd_ready(dev, priv); +} + static int __crb_request_locality(struct device *dev, struct crb_priv *priv, int loc) { @@ -393,6 +410,8 @@ static const struct tpm_class_ops tpm_crb = { .send = crb_send, .cancel = crb_cancel, .req_canceled = crb_req_canceled, + .go_idle = crb_go_idle, + .cmd_ready = crb_cmd_ready, .request_locality = crb_request_locality, .relinquish_locality = crb_relinquish_locality, .req_complete_mask = CRB_DRV_STS_COMPLETE, @@ -508,7 +527,7 @@ static int crb_map_io(struct acpi_device *device, struct crb_priv *priv, * PTT HW bug w/a: wake up the device to access * possibly not retained registers. */ - ret = crb_cmd_ready(dev, priv); + ret = __crb_cmd_ready(dev, priv); if (ret) return ret; @@ -553,7 +572,7 @@ static int crb_map_io(struct acpi_device *device, struct crb_priv *priv, if (!ret) priv->cmd_size = cmd_size; - crb_go_idle(dev, priv); + __crb_go_idle(dev, priv); __crb_relinquish_locality(dev, priv, 0); @@ -624,32 +643,7 @@ static int crb_acpi_add(struct acpi_device *device) chip->acpi_dev_handle = device->handle; chip->flags = TPM_CHIP_FLAG_TPM2; - rc = __crb_request_locality(dev, priv, 0); - if (rc) - return rc; - - rc = crb_cmd_ready(dev, priv); - if (rc) - goto out; - - pm_runtime_get_noresume(dev); - pm_runtime_set_active(dev); - pm_runtime_enable(dev); - - rc = tpm_chip_register(chip); - if (rc) { - crb_go_idle(dev, priv); - pm_runtime_put_noidle(dev); - pm_runtime_disable(dev); - goto out; - } - - pm_runtime_put_sync(dev); - -out: - __crb_relinquish_locality(dev, priv, 0); - - return rc; + return tpm_chip_register(chip); } static int crb_acpi_remove(struct acpi_device *device) @@ -659,52 +653,11 @@ static int crb_acpi_remove(struct acpi_device *device) tpm_chip_unregister(chip); - pm_runtime_disable(dev); - return 0; } -static int __maybe_unused crb_pm_runtime_suspend(struct device *dev) -{ - struct tpm_chip *chip = dev_get_drvdata(dev); - struct crb_priv *priv = dev_get_drvdata(&chip->dev); - - return crb_go_idle(dev, priv); -} - -static int __maybe_unused crb_pm_runtime_resume(struct device *dev) -{ - struct tpm_chip *chip = dev_get_drvdata(dev); - struct crb_priv *priv = dev_get_drvdata(&chip->dev); - - return crb_cmd_ready(dev, priv); -} - -static int __maybe_unused crb_pm_suspend(struct device *dev) -{ - int ret; - - ret = tpm_pm_suspend(dev); - if (ret) - return ret; - - return crb_pm_runtime_suspend(dev); -} - -static int __maybe_unused crb_pm_resume(struct device *dev) -{ - int ret; - - ret = crb_pm_runtime_resume(dev); - if (ret) - return ret; - - return tpm_pm_resume(dev); -} - static const struct dev_pm_ops crb_pm = { - SET_SYSTEM_SLEEP_PM_OPS(crb_pm_suspend, crb_pm_resume) - SET_RUNTIME_PM_OPS(crb_pm_runtime_suspend, crb_pm_runtime_resume, NULL) + SET_SYSTEM_SLEEP_PM_OPS(tpm_pm_suspend, tpm_pm_resume) }; static const struct acpi_device_id crb_device_ids[] = { diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 2a6c3d96b31f..7f7b29f86c59 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -48,6 +48,8 @@ struct tpm_class_ops { u8 (*status) (struct tpm_chip *chip); bool (*update_timeouts)(struct tpm_chip *chip, unsigned long *timeout_cap); + int (*go_idle)(struct tpm_chip *chip); + int (*cmd_ready)(struct tpm_chip *chip); int (*request_locality)(struct tpm_chip *chip, int loc); int (*relinquish_locality)(struct tpm_chip *chip, int loc); void (*clk_enable)(struct tpm_chip *chip, bool value); -- 2.17.1

6 years, 9 months

5
6
0 0

Re: Patch "x86/kexec: Allocate 8k PGDs for PTI" has been added to the 3.18-stable tree

by Hugh Dickins

On Mon, 17 Sep 2018, gregkh(a)linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > x86/kexec: Allocate 8k PGDs for PTI > > to the 3.18-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > x86-kexec-allocate-8k-pgds-for-pti.patch > and it can be found in the queue-3.18 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. I believe this commit is an example of the auto-selector being too eager, and this should not be in *any* of the stable trees. As the commit message indicates, it's a fix by Joerg for his PTI-x86-32 implementation - which has not been backported to any of the stable trees (yet), has it? In several of the recent stable trees, I think this will not do any actual harm; but it looks as if it will prevent relevant x86-32 configs from building on 3.18 (I see no definition of PGD_ALLOCATION_ORDER in linux-3.18.y - you preferred not to have any PTI in that tree), and I haven't checked whether its definition in older backports will build correctly here or not. Hugh > > > From foo@baz Mon Sep 17 11:45:57 CEST 2018 > From: Joerg Roedel <jroedel(a)suse.de> > Date: Wed, 25 Jul 2018 17:48:03 +0200 > Subject: x86/kexec: Allocate 8k PGDs for PTI > > From: Joerg Roedel <jroedel(a)suse.de> > > [ Upstream commit ca38dc8f2724d101038b1205122c93a1c7f38f11 ] > > Fuzzing the PTI-x86-32 code with trinity showed unhandled > kernel paging request oops-messages that looked a lot like > silent data corruption. > > Lot's of debugging and testing lead to the kexec-32bit code, > which is still allocating 4k PGDs when PTI is enabled. But > since it uses native_set_pud() to build the page-table, it > will unevitably call into __pti_set_user_pgtbl(), which > writes beyond the allocated 4k page. > > Use PGD_ALLOCATION_ORDER to allocate PGDs in the kexec code > to fix the issue. > > Signed-off-by: Joerg Roedel <jroedel(a)suse.de> > Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> > Tested-by: David H. Gutteridge <dhgutteridge(a)sympatico.ca> > Cc: "H . Peter Anvin" <hpa(a)zytor.com> > Cc: linux-mm(a)kvack.org > Cc: Linus Torvalds <torvalds(a)linux-foundation.org> > Cc: Andy Lutomirski <luto(a)kernel.org> > Cc: Dave Hansen <dave.hansen(a)intel.com> > Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> > Cc: Juergen Gross <jgross(a)suse.com> > Cc: Peter Zijlstra <peterz(a)infradead.org> > Cc: Borislav Petkov <bp(a)alien8.de> > Cc: Jiri Kosina <jkosina(a)suse.cz> > Cc: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> > Cc: Brian Gerst <brgerst(a)gmail.com> > Cc: David Laight <David.Laight(a)aculab.com> > Cc: Denys Vlasenko <dvlasenk(a)redhat.com> > Cc: Eduardo Valentin <eduval(a)amazon.com> > Cc: Greg KH <gregkh(a)linuxfoundation.org> > Cc: Will Deacon <will.deacon(a)arm.com> > Cc: aliguori(a)amazon.com > Cc: daniel.gruss(a)iaik.tugraz.at > Cc: hughd(a)google.com > Cc: keescook(a)google.com > Cc: Andrea Arcangeli <aarcange(a)redhat.com> > Cc: Waiman Long <llong(a)redhat.com> > Cc: Pavel Machek <pavel(a)ucw.cz> > Cc: Arnaldo Carvalho de Melo <acme(a)kernel.org> > Cc: Alexander Shishkin <alexander.shishkin(a)linux.intel.com> > Cc: Jiri Olsa <jolsa(a)redhat.com> > Cc: Namhyung Kim <namhyung(a)kernel.org> > Cc: joro(a)8bytes.org > Link: https://lkml.kernel.org/r/1532533683-5988-4-git-send-email-joro@8bytes.org > Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > arch/x86/kernel/machine_kexec_32.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > --- a/arch/x86/kernel/machine_kexec_32.c > +++ b/arch/x86/kernel/machine_kexec_32.c > @@ -69,7 +69,7 @@ static void load_segments(void) > > static void machine_kexec_free_page_tables(struct kimage *image) > { > - free_page((unsigned long)image->arch.pgd); > + free_pages((unsigned long)image->arch.pgd, PGD_ALLOCATION_ORDER); > image->arch.pgd = NULL; > #ifdef CONFIG_X86_PAE > free_page((unsigned long)image->arch.pmd0); > @@ -85,7 +85,8 @@ static void machine_kexec_free_page_tabl > > static int machine_kexec_alloc_page_tables(struct kimage *image) > { > - image->arch.pgd = (pgd_t *)get_zeroed_page(GFP_KERNEL); > + image->arch.pgd = (pgd_t *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, > + PGD_ALLOCATION_ORDER); > #ifdef CONFIG_X86_PAE > image->arch.pmd0 = (pmd_t *)get_zeroed_page(GFP_KERNEL); > image->arch.pmd1 = (pmd_t *)get_zeroed_page(GFP_KERNEL); > > > Patches currently in stable-queue which might be from jroedel(a)suse.de are > > queue-3.18/x86-kexec-allocate-8k-pgds-for-pti.patch > queue-3.18/x86-mm-remove-in_nmi-warning-from-vmalloc_fault.patch >

6 years, 9 months

3
2
0 0

4.4.y build failure

by Dan Rue

I'm seeing the following i386 build failure with defconfig on 4.4-rc branch: $ make ARCH=i386 CHK include/config/kernel.release CHK include/generated/uapi/linux/version.h CHK include/generated/utsrelease.h CHK include/generated/bounds.h CHK include/generated/timeconst.h CHK include/generated/asm-offsets.h CALL scripts/checksyscalls.sh CHK include/generated/compile.h CC arch/x86/kernel/machine_kexec_32.o arch/x86/kernel/machine_kexec_32.c: In function ‘machine_kexec_free_page_tables’: arch/x86/kernel/machine_kexec_32.c:73:45: error: ‘PGD_ALLOCATION_ORDER’ undeclared (first use in this function); did you mean ‘PAGE_ALLOC_COSTLY_ORDER’? free_pages((unsigned long)image->arch.pgd, PGD_ALLOCATION_ORDER); ^~~~~~~~~~~~~~~~~~~~ PAGE_ALLOC_COSTLY_ORDER arch/x86/kernel/machine_kexec_32.c:73:45: note: each undeclared identifier is reported only once for each function it appears in arch/x86/kernel/machine_kexec_32.c: In function ‘machine_kexec_alloc_page_tables’: arch/x86/kernel/machine_kexec_32.c:90:11: error: ‘PGD_ALLOCATION_ORDER’ undeclared (first use in this function); did you mean ‘PAGE_ALLOC_COSTLY_ORDER’? PGD_ALLOCATION_ORDER); ^~~~~~~~~~~~~~~~~~~~ PAGE_ALLOC_COSTLY_ORDER scripts/Makefile.build:269: recipe for target 'arch/x86/kernel/machine_kexec_32.o' failed make[2]: *** [arch/x86/kernel/machine_kexec_32.o] Error 1 scripts/Makefile.build:476: recipe for target 'arch/x86/kernel' failed make[1]: *** [arch/x86/kernel] Error 2 Makefile:980: recipe for target 'arch/x86' failed make: *** [arch/x86] Error 2 Dan

6 years, 9 months

2
1
0 0

[PATCH] ALSA: fireworks: fix memory leak of response buffer at error path

by Takashi Sakamoto

After allocating memory object for response buffer, ALSA fireworks driver has leak of the memory object at error path. This commit releases the object at the error path. Fixes: 7d3c1d5901aa('ALSA: fireworks: delayed registration of sound card') Cc: <stable(a)vger.kernel.org> # v4.7+ Signed-off-by: Takashi Sakamoto <o-takashi(a)sakamocchi.jp> --- sound/firewire/fireworks/fireworks.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sound/firewire/fireworks/fireworks.c b/sound/firewire/fireworks/fireworks.c index 71a0613d3da0..f2d073365cf6 100644 --- a/sound/firewire/fireworks/fireworks.c +++ b/sound/firewire/fireworks/fireworks.c @@ -301,6 +301,8 @@ do_registration(struct work_struct *work) snd_efw_transaction_remove_instance(efw); snd_efw_stream_destroy_duplex(efw); snd_card_free(efw->card); + kfree(efw->resp_buf); + efw->resp_buf = NULL; dev_info(&efw->unit->device, "Sound card registration failed: %d\n", err); } -- 2.17.1

6 years, 9 months

2
1
0 0

[PATCH] ALSA: oxfw: fix memory leak of discovered stream formats at error path

by Takashi Sakamoto

After finishing discover of stream formats, ALSA OXFW driver has memory leak of allocated memory object at error path. This commit releases the memory object at the error path. Fixes: 6c29230e2a5f ('ALSA: oxfw: delayed registration of sound card') Cc: <stable(a)vger.kernel.org> # v4.7+ Signed-off-by: Takashi Sakamoto <o-takashi(a)sakamocchi.jp> --- sound/firewire/oxfw/oxfw.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sound/firewire/oxfw/oxfw.c b/sound/firewire/oxfw/oxfw.c index 1e5b2c802635..63b3e1ce986e 100644 --- a/sound/firewire/oxfw/oxfw.c +++ b/sound/firewire/oxfw/oxfw.c @@ -207,6 +207,7 @@ static int detect_quirks(struct snd_oxfw *oxfw) static void do_registration(struct work_struct *work) { struct snd_oxfw *oxfw = container_of(work, struct snd_oxfw, dwork.work); + int i; int err; if (oxfw->registered) @@ -269,6 +270,12 @@ static void do_registration(struct work_struct *work) snd_oxfw_stream_destroy_simplex(oxfw, &oxfw->rx_stream); if (oxfw->has_output) snd_oxfw_stream_destroy_simplex(oxfw, &oxfw->tx_stream); + for (i = 0; i < SND_OXFW_STREAM_FORMAT_ENTRIES; ++i) { + kfree(oxfw->tx_stream_formats[i]); + oxfw->tx_stream_formats[i] = NULL; + kfree(oxfw->rx_stream_formats[i]); + oxfw->rx_stream_formats[i] = NULL; + } snd_card_free(oxfw->card); dev_info(&oxfw->unit->device, "Sound card registration failed: %d\n", err); -- 2.17.1

6 years, 9 months

2
1
0 0

[PATCH] ALSA: oxfw: fix memory leak for model-dependent data at error path

by Takashi Sakamoto

After allocating model-dependent data, ALSA OXFW driver has memory leak of the data at error path. This commit releases the data at the error path. Fixes: 6c29230e2a5f ('ALSA: oxfw: delayed registration of sound card') Cc: <stable(a)vger.kernel.org> # v4.7+ Signed-off-by: Takashi Sakamoto <o-takashi(a)sakamocchi.jp> --- sound/firewire/oxfw/oxfw.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sound/firewire/oxfw/oxfw.c b/sound/firewire/oxfw/oxfw.c index 63b3e1ce986e..9c8c527ebff9 100644 --- a/sound/firewire/oxfw/oxfw.c +++ b/sound/firewire/oxfw/oxfw.c @@ -277,6 +277,8 @@ static void do_registration(struct work_struct *work) oxfw->rx_stream_formats[i] = NULL; } snd_card_free(oxfw->card); + kfree(oxfw->spec); + oxfw->spec = NULL; dev_info(&oxfw->unit->device, "Sound card registration failed: %d\n", err); } -- 2.17.1

6 years, 9 months

2
1
0 0

[PATCH] ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path

by Takashi Sakamoto

After allocating model-dependent data for M-Audio FW1814 and ProjectMix I/O, ALSA bebob driver has memory leak at error path. This commit releases the allocated data at the error path. Fixes: 04a2c73c97eb('ALSA: bebob: delayed registration of sound card') Cc: <stable(a)vger.kernel.org> # v4.7+ Signed-off-by: Takashi Sakamoto <o-takashi(a)sakamocchi.jp> --- sound/firewire/bebob/bebob.c | 2 ++ sound/firewire/bebob/bebob_maudio.c | 4 ---- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/sound/firewire/bebob/bebob.c b/sound/firewire/bebob/bebob.c index 730ea91d9be8..93676354f87f 100644 --- a/sound/firewire/bebob/bebob.c +++ b/sound/firewire/bebob/bebob.c @@ -263,6 +263,8 @@ do_registration(struct work_struct *work) error: mutex_unlock(&devices_mutex); snd_bebob_stream_destroy_duplex(bebob); + kfree(bebob->maudio_special_quirk); + bebob->maudio_special_quirk = NULL; snd_card_free(bebob->card); dev_info(&bebob->unit->device, "Sound card registration failed: %d\n", err); diff --git a/sound/firewire/bebob/bebob_maudio.c b/sound/firewire/bebob/bebob_maudio.c index bd55620c6a47..164f2126a676 100644 --- a/sound/firewire/bebob/bebob_maudio.c +++ b/sound/firewire/bebob/bebob_maudio.c @@ -290,10 +290,6 @@ snd_bebob_maudio_special_discover(struct snd_bebob *bebob, bool is1814) bebob->midi_output_ports = 2; } end: - if (err < 0) { - kfree(params); - bebob->maudio_special_quirk = NULL; - } mutex_unlock(&bebob->mutex); return err; } -- 2.17.1

6 years, 9 months

2
1
0 0

FAILED: patch "[PATCH] x86/mm: Use WRITE_ONCE() when setting PTEs" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9bc4f28af75a91aea0ae383f50b0a430c4509303 Mon Sep 17 00:00:00 2001 From: Nadav Amit <namit(a)vmware.com> Date: Sun, 2 Sep 2018 11:14:50 -0700 Subject: [PATCH] x86/mm: Use WRITE_ONCE() when setting PTEs When page-table entries are set, the compiler might optimize their assignment by using multiple instructions to set the PTE. This might turn into a security hazard if the user somehow manages to use the interim PTE. L1TF does not make our lives easier, making even an interim non-present PTE a security hazard. Using WRITE_ONCE() to set PTEs and friends should prevent this potential security hazard. I skimmed the differences in the binary with and without this patch. The differences are (obviously) greater when CONFIG_PARAVIRT=n as more code optimizations are possible. For better and worse, the impact on the binary with this patch is pretty small. Skimming the code did not cause anything to jump out as a security hazard, but it seems that at least move_soft_dirty_pte() caused set_pte_at() to use multiple writes. Signed-off-by: Nadav Amit <namit(a)vmware.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20180902181451.80520-1-namit@vmware.com diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h index e4ffa565a69f..690c0307afed 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -1195,7 +1195,7 @@ static inline pmd_t pmdp_establish(struct vm_area_struct *vma, return xchg(pmdp, pmd); } else { pmd_t old = *pmdp; - *pmdp = pmd; + WRITE_ONCE(*pmdp, pmd); return old; } } diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h index f773d5e6c8cc..ce2b59047cb8 100644 --- a/arch/x86/include/asm/pgtable_64.h +++ b/arch/x86/include/asm/pgtable_64.h @@ -55,15 +55,15 @@ struct mm_struct; void set_pte_vaddr_p4d(p4d_t *p4d_page, unsigned long vaddr, pte_t new_pte); void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte); -static inline void native_pte_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) +static inline void native_set_pte(pte_t *ptep, pte_t pte) { - *ptep = native_make_pte(0); + WRITE_ONCE(*ptep, pte); } -static inline void native_set_pte(pte_t *ptep, pte_t pte) +static inline void native_pte_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep) { - *ptep = pte; + native_set_pte(ptep, native_make_pte(0)); } static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) @@ -73,7 +73,7 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd) { - *pmdp = pmd; + WRITE_ONCE(*pmdp, pmd); } static inline void native_pmd_clear(pmd_t *pmd) @@ -109,7 +109,7 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp) static inline void native_set_pud(pud_t *pudp, pud_t pud) { - *pudp = pud; + WRITE_ONCE(*pudp, pud); } static inline void native_pud_clear(pud_t *pud) @@ -137,13 +137,13 @@ static inline void native_set_p4d(p4d_t *p4dp, p4d_t p4d) pgd_t pgd; if (pgtable_l5_enabled() || !IS_ENABLED(CONFIG_PAGE_TABLE_ISOLATION)) { - *p4dp = p4d; + WRITE_ONCE(*p4dp, p4d); return; } pgd = native_make_pgd(native_p4d_val(p4d)); pgd = pti_set_user_pgtbl((pgd_t *)p4dp, pgd); - *p4dp = native_make_p4d(native_pgd_val(pgd)); + WRITE_ONCE(*p4dp, native_make_p4d(native_pgd_val(pgd))); } static inline void native_p4d_clear(p4d_t *p4d) @@ -153,7 +153,7 @@ static inline void native_p4d_clear(p4d_t *p4d) static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd) { - *pgdp = pti_set_user_pgtbl(pgdp, pgd); + WRITE_ONCE(*pgdp, pti_set_user_pgtbl(pgdp, pgd)); } static inline void native_pgd_clear(pgd_t *pgd) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index e848a4811785..ae394552fb94 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -269,7 +269,7 @@ static void mop_up_one_pmd(struct mm_struct *mm, pgd_t *pgdp) if (pgd_val(pgd) != 0) { pmd_t *pmd = (pmd_t *)pgd_page_vaddr(pgd); - *pgdp = native_make_pgd(0); + pgd_clear(pgdp); paravirt_release_pmd(pgd_val(pgd) >> PAGE_SHIFT); pmd_free(mm, pmd); @@ -494,7 +494,7 @@ int ptep_set_access_flags(struct vm_area_struct *vma, int changed = !pte_same(*ptep, entry); if (changed && dirty) - *ptep = entry; + set_pte(ptep, entry); return changed; } @@ -509,7 +509,7 @@ int pmdp_set_access_flags(struct vm_area_struct *vma, VM_BUG_ON(address & ~HPAGE_PMD_MASK); if (changed && dirty) { - *pmdp = entry; + set_pmd(pmdp, entry); /* * We had a write-protection fault here and changed the pmd * to to more permissive. No need to flush the TLB for that, @@ -529,7 +529,7 @@ int pudp_set_access_flags(struct vm_area_struct *vma, unsigned long address, VM_BUG_ON(address & ~HPAGE_PUD_MASK); if (changed && dirty) { - *pudp = entry; + set_pud(pudp, entry); /* * We had a write-protection fault here and changed the pud * to to more permissive. No need to flush the TLB for that,

6 years, 9 months

3
3
0 0

[git:media_tree/master] media: em28xx: make v4l2-compliance happier by starting sequence on zero

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: em28xx: make v4l2-compliance happier by starting sequence on zero Author: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Date: Thu Sep 13 22:46:29 2018 -0400 The v4l2-compliance tool complains if a video doesn't start with a zero sequence number. While this shouldn't cause any real problem for apps, let's make it happier, in order to better check the v4l2-compliance differences before and after patchsets. This is actually an old issue. It is there since at least its videobuf2 conversion, e. g. changeset 3829fadc461 ("[media] em28xx: convert to videobuf2"), if VB1 wouldn't suffer from the same issue. Cc: stable(a)vger.kernel.org Fixes: d3829fadc461 ("[media] em28xx: convert to videobuf2") Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/usb/em28xx/em28xx-video.c | 2 ++ 1 file changed, 2 insertions(+) --- diff --git a/drivers/media/usb/em28xx/em28xx-video.c b/drivers/media/usb/em28xx/em28xx-video.c index 4b08da45032d..f43717ea831d 100644 --- a/drivers/media/usb/em28xx/em28xx-video.c +++ b/drivers/media/usb/em28xx/em28xx-video.c @@ -1093,6 +1093,8 @@ int em28xx_start_analog_streaming(struct vb2_queue *vq, unsigned int count) em28xx_videodbg("%s\n", __func__); + dev->v4l2->field_count = 0; + /* * Make sure streaming is not already in progress for this type * of filehandle (e.g. video, vbi)

6 years, 9 months

1
0
0 0

[git:media_tree/master] media: em28xx: fix input name for Terratec AV 350

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: em28xx: fix input name for Terratec AV 350 Author: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Date: Fri Sep 14 00:20:21 2018 -0400 Instead of using a register value, use an AMUX name, as otherwise VIDIOC_G_AUDIO would fail. Cc: stable(a)vger.kernel.org Fixes: 766ed64de554 ("V4L/DVB (11827): Add support for Terratec Grabster AV350") Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/usb/em28xx/em28xx-cards.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- diff --git a/drivers/media/usb/em28xx/em28xx-cards.c b/drivers/media/usb/em28xx/em28xx-cards.c index 06a7e09ded6e..87b887b7604e 100644 --- a/drivers/media/usb/em28xx/em28xx-cards.c +++ b/drivers/media/usb/em28xx/em28xx-cards.c @@ -2141,13 +2141,13 @@ const struct em28xx_board em28xx_boards[] = { .input = { { .type = EM28XX_VMUX_COMPOSITE, .vmux = TVP5150_COMPOSITE1, - .amux = EM28XX_AUDIO_SRC_LINE, + .amux = EM28XX_AMUX_LINE_IN, .gpio = terratec_av350_unmute_gpio, }, { .type = EM28XX_VMUX_SVIDEO, .vmux = TVP5150_SVIDEO, - .amux = EM28XX_AUDIO_SRC_LINE, + .amux = EM28XX_AMUX_LINE_IN, .gpio = terratec_av350_unmute_gpio, } }, },

6 years, 9 months

1
0
0 0

[git:media_tree/master] media: em28xx: use a default format if TRY_FMT fails

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: em28xx: use a default format if TRY_FMT fails Author: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Date: Thu Sep 13 23:22:40 2018 -0400 Follow the V4L2 spec, as warned by v4l2-compliance: warn: v4l2-test-formats.cpp(732): TRY_FMT cannot handle an invalid pixelformat. warn: v4l2-test-formats.cpp(733): This may or may not be a problem. For more information see: warn: v4l2-test-formats.cpp(734): http://www.mail-archive.com/linux-media@vger.kernel.org/msg56550.html Cc: stable(a)vger.kernel.org Fixes: bddcf63313c6 ("V4L/DVB (9927): em28xx: use a more standard way to specify video formats") Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/usb/em28xx/em28xx-video.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- diff --git a/drivers/media/usb/em28xx/em28xx-video.c b/drivers/media/usb/em28xx/em28xx-video.c index fbdfe6762cb2..4b08da45032d 100644 --- a/drivers/media/usb/em28xx/em28xx-video.c +++ b/drivers/media/usb/em28xx/em28xx-video.c @@ -1471,9 +1471,9 @@ static int vidioc_try_fmt_vid_cap(struct file *file, void *priv, fmt = format_by_fourcc(f->fmt.pix.pixelformat); if (!fmt) { - em28xx_videodbg("Fourcc format (%08x) invalid.\n", - f->fmt.pix.pixelformat); - return -EINVAL; + fmt = &format[0]; + em28xx_videodbg("Fourcc format (%08x) invalid. Using default (%08x).\n", + f->fmt.pix.pixelformat, fmt->fourcc); } if (dev->board.is_em2800) {

6 years, 9 months

1
0
0 0

[git:media_tree/master] media: em28xx: fix handler for vidioc_s_input()

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: em28xx: fix handler for vidioc_s_input() Author: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Date: Fri Sep 14 13:13:15 2018 -0400 The a->index is not the name of the internal amux entry, but, instead a value from zero to the maximum number of audio inputs. As the actual available inputs depend on each board, build it dynamically. This is broken for a really long time. On a quick check, since at least commit 195a4ef627e1 ("V4L/DVB (6585): Convert em28xx to video_ioctl2") this was not implemented right. Fixes: 195a4ef627e1 ("V4L/DVB (6585): Convert em28xx to video_ioctl2") Cc: stable(a)vger.kernel.org Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/usb/em28xx/em28xx-cards.c | 29 ++++++++++++ drivers/media/usb/em28xx/em28xx-video.c | 84 +++++++++++++++++++++++++++++---- drivers/media/usb/em28xx/em28xx.h | 8 +++- 3 files changed, 112 insertions(+), 9 deletions(-) --- diff --git a/drivers/media/usb/em28xx/em28xx-cards.c b/drivers/media/usb/em28xx/em28xx-cards.c index 71c829f31d3b..06a7e09ded6e 100644 --- a/drivers/media/usb/em28xx/em28xx-cards.c +++ b/drivers/media/usb/em28xx/em28xx-cards.c @@ -3039,6 +3039,9 @@ static int em28xx_hint_board(struct em28xx *dev) static void em28xx_card_setup(struct em28xx *dev) { + int i, j, idx; + bool duplicate_entry; + /* * If the device can be a webcam, seek for a sensor. * If sensor is not found, then it isn't a webcam. @@ -3195,6 +3198,32 @@ static void em28xx_card_setup(struct em28xx *dev) /* Allow override tuner type by a module parameter */ if (tuner >= 0) dev->tuner_type = tuner; + + /* + * Dynamically generate a list of valid audio inputs for this + * specific board, mapping them via enum em28xx_amux. + */ + + idx = 0; + for (i = 0; i < MAX_EM28XX_INPUT; i++) { + if (!INPUT(i)->type) + continue; + + /* Skip already mapped audio inputs */ + duplicate_entry = false; + for (j = 0; j < idx; j++) { + if (INPUT(i)->amux == dev->amux_map[j]) { + duplicate_entry = true; + break; + } + } + if (duplicate_entry) + continue; + + dev->amux_map[idx++] = INPUT(i)->amux; + } + for (; idx < MAX_EM28XX_INPUT; idx++) + dev->amux_map[idx] = EM28XX_AMUX_UNUSED; } void em28xx_setup_xc3028(struct em28xx *dev, struct xc2028_ctrl *ctl) diff --git a/drivers/media/usb/em28xx/em28xx-video.c b/drivers/media/usb/em28xx/em28xx-video.c index 917602954bfb..fbdfe6762cb2 100644 --- a/drivers/media/usb/em28xx/em28xx-video.c +++ b/drivers/media/usb/em28xx/em28xx-video.c @@ -1666,6 +1666,7 @@ static int vidioc_enum_input(struct file *file, void *priv, { struct em28xx *dev = video_drvdata(file); unsigned int n; + int j; n = i->index; if (n >= MAX_EM28XX_INPUT) @@ -1685,6 +1686,12 @@ static int vidioc_enum_input(struct file *file, void *priv, if (dev->is_webcam) i->capabilities = 0; + /* Dynamically generates an audioset bitmask */ + i->audioset = 0; + for (j = 0; j < MAX_EM28XX_INPUT; j++) + if (dev->amux_map[j] != EM28XX_AMUX_UNUSED) + i->audioset |= 1 << j; + return 0; } @@ -1710,11 +1717,24 @@ static int vidioc_s_input(struct file *file, void *priv, unsigned int i) return 0; } -static int vidioc_g_audio(struct file *file, void *priv, struct v4l2_audio *a) +static int em28xx_fill_audio_input(struct em28xx *dev, + const char *s, + struct v4l2_audio *a, + unsigned int index) { - struct em28xx *dev = video_drvdata(file); + unsigned int idx = dev->amux_map[index]; - switch (a->index) { + /* + * With msp3400, almost all mappings use the default (amux = 0). + * The only one may use a different value is WinTV USB2, where it + * can also be SCART1 input. + * As it is very doubtful that we would see new boards with msp3400, + * let's just reuse the existing switch. + */ + if (dev->has_msp34xx && idx != EM28XX_AMUX_UNUSED) + idx = EM28XX_AMUX_LINE_IN; + + switch (idx) { case EM28XX_AMUX_VIDEO: strscpy(a->name, "Television", sizeof(a->name)); break; @@ -1739,32 +1759,79 @@ static int vidioc_g_audio(struct file *file, void *priv, struct v4l2_audio *a) case EM28XX_AMUX_PCM_OUT: strscpy(a->name, "PCM", sizeof(a->name)); break; + case EM28XX_AMUX_UNUSED: default: return -EINVAL; } - - a->index = dev->ctl_ainput; + a->index = index; a->capability = V4L2_AUDCAP_STEREO; + em28xx_videodbg("%s: audio input index %d is '%s'\n", + s, a->index, a->name); + return 0; } +static int vidioc_enumaudio(struct file *file, void *fh, struct v4l2_audio *a) +{ + struct em28xx *dev = video_drvdata(file); + + if (a->index >= MAX_EM28XX_INPUT) + return -EINVAL; + + return em28xx_fill_audio_input(dev, __func__, a, a->index); +} + +static int vidioc_g_audio(struct file *file, void *priv, struct v4l2_audio *a) +{ + struct em28xx *dev = video_drvdata(file); + int i; + + for (i = 0; i < MAX_EM28XX_INPUT; i++) + if (dev->ctl_ainput == dev->amux_map[i]) + return em28xx_fill_audio_input(dev, __func__, a, i); + + /* Should never happen! */ + return -EINVAL; +} + static int vidioc_s_audio(struct file *file, void *priv, const struct v4l2_audio *a) { struct em28xx *dev = video_drvdata(file); + int idx, i; if (a->index >= MAX_EM28XX_INPUT) return -EINVAL; - if (!INPUT(a->index)->type) + + idx = dev->amux_map[a->index]; + + if (idx == EM28XX_AMUX_UNUSED) + return -EINVAL; + + dev->ctl_ainput = idx; + + /* + * FIXME: This is wrong, as different inputs at em28xx_cards + * may have different audio outputs. So, the right thing + * to do is to implement VIDIOC_G_AUDOUT/VIDIOC_S_AUDOUT. + * With the current board definitions, this would work fine, + * as, currently, all boards fit. + */ + for (i = 0; i < MAX_EM28XX_INPUT; i++) + if (idx == dev->amux_map[i]) + break; + if (i == MAX_EM28XX_INPUT) return -EINVAL; - dev->ctl_ainput = INPUT(a->index)->amux; - dev->ctl_aoutput = INPUT(a->index)->aout; + dev->ctl_aoutput = INPUT(i)->aout; if (!dev->ctl_aoutput) dev->ctl_aoutput = EM28XX_AOUT_MASTER; + em28xx_videodbg("%s: set audio input to %d\n", __func__, + dev->ctl_ainput); + return 0; } @@ -2302,6 +2369,7 @@ static const struct v4l2_ioctl_ops video_ioctl_ops = { .vidioc_try_fmt_vbi_cap = vidioc_g_fmt_vbi_cap, .vidioc_s_fmt_vbi_cap = vidioc_g_fmt_vbi_cap, .vidioc_enum_framesizes = vidioc_enum_framesizes, + .vidioc_enumaudio = vidioc_enumaudio, .vidioc_g_audio = vidioc_g_audio, .vidioc_s_audio = vidioc_s_audio, diff --git a/drivers/media/usb/em28xx/em28xx.h b/drivers/media/usb/em28xx/em28xx.h index 953caac025f2..a551072e62ed 100644 --- a/drivers/media/usb/em28xx/em28xx.h +++ b/drivers/media/usb/em28xx/em28xx.h @@ -335,6 +335,9 @@ enum em28xx_usb_audio_type { /** * em28xx_amux - describes the type of audio input used by em28xx * + * @EM28XX_AMUX_UNUSED: + * Used only on em28xx dev->map field, in order to mark an entry + * as unused. * @EM28XX_AMUX_VIDEO: * On devices without AC97, this is the only value that it is currently * allowed. @@ -369,7 +372,8 @@ enum em28xx_usb_audio_type { * same time, via the alsa mux. */ enum em28xx_amux { - EM28XX_AMUX_VIDEO, + EM28XX_AMUX_UNUSED = -1, + EM28XX_AMUX_VIDEO = 0, EM28XX_AMUX_LINE_IN, /* Some less-common mixer setups */ @@ -692,6 +696,8 @@ struct em28xx { unsigned int ctl_input; // selected input unsigned int ctl_ainput;// selected audio input unsigned int ctl_aoutput;// selected audio output + enum em28xx_amux amux_map[MAX_EM28XX_INPUT]; + int mute; int volume;

6 years, 9 months

1
0
0 0

[PATCH 1/1] usb: musb: dsps: do not disable CPPI41 irq in driver teardown

by Bin Liu

TI AM335x CPPI 4.1 module uses a single register bit for CPPI interrupts in both musb controllers. So disabling the CPPI irq in one musb driver breaks the other musb module. Since musb is already disabled before tearing down dma controller in musb_remove(), it is safe to not disable CPPI irq in musb_dma_controller_destroy(). Fixes: 255348289f71 ("usb: musb: dsps: Manage CPPI 4.1 DMA interrupt in DSPS") Cc: stable(a)vger.kernel.org Signed-off-by: Bin Liu <b-liu(a)ti.com> --- drivers/usb/musb/musb_dsps.c | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/drivers/usb/musb/musb_dsps.c b/drivers/usb/musb/musb_dsps.c index df827ff57b0d..23a0df79ef21 100644 --- a/drivers/usb/musb/musb_dsps.c +++ b/drivers/usb/musb/musb_dsps.c @@ -658,16 +658,6 @@ dsps_dma_controller_create(struct musb *musb, void __iomem *base) return controller; } -static void dsps_dma_controller_destroy(struct dma_controller *c) -{ - struct musb *musb = c->musb; - struct dsps_glue *glue = dev_get_drvdata(musb->controller->parent); - void __iomem *usbss_base = glue->usbss_base; - - musb_writel(usbss_base, USBSS_IRQ_CLEARR, USBSS_IRQ_PD_COMP); - cppi41_dma_controller_destroy(c); -} - #ifdef CONFIG_PM_SLEEP static void dsps_dma_controller_suspend(struct dsps_glue *glue) { @@ -697,7 +687,7 @@ static struct musb_platform_ops dsps_ops = { #ifdef CONFIG_USB_TI_CPPI41_DMA .dma_init = dsps_dma_controller_create, - .dma_exit = dsps_dma_controller_destroy, + .dma_exit = cppi41_dma_controller_destroy, #endif .enable = dsps_musb_enable, .disable = dsps_musb_disable, -- 2.17.1

6 years, 9 months

1
0
0 0

[PATCH v2 3/3] ext2, dax: set ext2_dax_aops for dax files

by Toshi Kani

Sync syscall to DAX file needs to flush processor cache, but it currently does not flush to existing DAX files. This is because 'ext2_da_aops' is set to address_space_operations of existing DAX files, instead of 'ext2_dax_aops', since S_DAX flag is set after ext2_set_aops() in the open path. Similar to ext4, change ext2_iget() to initialize i_flags before ext2_set_aops(). Fixes: fb094c90748f ("ext2, dax: introduce ext2_dax_aops") Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Suggested-by: Jan Kara <jack(a)suse.cz> Cc: Jan Kara <jack(a)suse.cz> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: "Theodore Ts'o" <tytso(a)mit.edu> Cc: Andreas Dilger <adilger.kernel(a)dilger.ca> Cc: <stable(a)vger.kernel.org> --- fs/ext2/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext2/inode.c b/fs/ext2/inode.c index 7f7ee18fe179..e4bb9386c045 100644 --- a/fs/ext2/inode.c +++ b/fs/ext2/inode.c @@ -1448,6 +1448,7 @@ struct inode *ext2_iget (struct super_block *sb, unsigned long ino) } inode->i_blocks = le32_to_cpu(raw_inode->i_blocks); ei->i_flags = le32_to_cpu(raw_inode->i_flags); + ext2_set_inode_flags(inode); ei->i_faddr = le32_to_cpu(raw_inode->i_faddr); ei->i_frag_no = raw_inode->i_frag; ei->i_frag_size = raw_inode->i_fsize; @@ -1517,7 +1518,6 @@ struct inode *ext2_iget (struct super_block *sb, unsigned long ino) new_decode_dev(le32_to_cpu(raw_inode->i_block[1]))); } brelse (bh); - ext2_set_inode_flags(inode); unlock_new_inode(inode); return inode;

6 years, 9 months

2
1
0 0

[PATCH] gpiolib: Free the last requested descriptor

by Ricardo Ribalda Delgado

The current code only frees N-1 gpios if an error occurs during gpiod_set_transitory, gpiod_direction_output or gpiod_direction_input. Leading to gpios that cannot be used by userspace nor other drivers. Cc: Timur Tabi <timur(a)codeaurora.org> Cc: stable(a)vger.kernel.org Fixes: ab3dbcf78f60f46d ("gpioib: do not free unrequested descriptors) Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com> --- drivers/gpio/gpiolib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index e8f8a1999393..a57300c1d649 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -571,7 +571,7 @@ static int linehandle_create(struct gpio_device *gdev, void __user *ip) if (ret) goto out_free_descs; lh->descs[i] = desc; - count = i; + count = i + 1; if (lflags & GPIOHANDLE_REQUEST_ACTIVE_LOW) set_bit(FLAG_ACTIVE_LOW, &desc->flags); -- 2.18.0

6 years, 9 months

2
4
0 0

[PATCH] sysfs: Do not return POSIX ACL xattrs via listxattr

by Andreas Gruenbacher

Commit 786534b92f3c introduced a regression that caused listxattr to return the POSIX ACL attribute names even though sysfs doesn't support POSIX ACLs. This happens because simple_xattr_list checks for NULL i_acl / i_default_acl, but inode_init_always initializes those fields to ACL_NOT_CACHED ((void *)-1). For example: $ getfattr -m- -d /sys /sys: system.posix_acl_access: Operation not supported /sys: system.posix_acl_default: Operation not supported Fix this in simple_xattr_list by checking if the filesystem supports POSIX ACLs. Fixes: 786534b92f3c ("tmpfs: listxattr should include POSIX ACL xattrs") Reported-by: Marc Aurele La France <tsi(a)tuyoix.net> Tested-by: Marc Aurèle La France <tsi(a)tuyoix.net> Signed-off-by: Andreas Gruenbacher <agruenba(a)redhat.com> CC: Stable <stable(a)vger.kernel.org> # v4.5+ --- fs/xattr.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/fs/xattr.c b/fs/xattr.c index daa732550088..0d6a6a4af861 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -948,17 +948,19 @@ ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs, int err = 0; #ifdef CONFIG_FS_POSIX_ACL - if (inode->i_acl) { - err = xattr_list_one(&buffer, &remaining_size, - XATTR_NAME_POSIX_ACL_ACCESS); - if (err) - return err; - } - if (inode->i_default_acl) { - err = xattr_list_one(&buffer, &remaining_size, - XATTR_NAME_POSIX_ACL_DEFAULT); - if (err) - return err; + if (IS_POSIXACL(inode)) { + if (inode->i_acl) { + err = xattr_list_one(&buffer, &remaining_size, + XATTR_NAME_POSIX_ACL_ACCESS); + if (err) + return err; + } + if (inode->i_default_acl) { + err = xattr_list_one(&buffer, &remaining_size, + XATTR_NAME_POSIX_ACL_DEFAULT); + if (err) + return err; + } } #endif -- 2.17.1

6 years, 9 months

1
0
0 0

[PATCH] mtd: partitions: fix of_node_get/put balance in parser

by Miquel Raynal

While at first mtd_part_of_parse() would just call of_get_chil_by_name(), it has been edited to first try to get the OF node thanks to mtd_get_of_node() and fallback on of_get_child_by_name(). A of_node_put() was a bit below in the code, to balance the of_get_child_by_name(). However, despite its name, mtd_get_of_node() does not take a reference on the OF node. It is a simple helper hiding some pointer logic to retrieve the OF node related to an MTD device. People often used it this way: of_node_put(mtd_get_of_node(<mtd>)). The direct effect of such unbalanced reference counting is visible by rmmod'ing any module that would have added MTD partitions: OF: ERROR: Bad of_node_put() on <of_path_to_partition> As it seems normal to get a reference on the OF node during the of_property_for_each_string() that follows, add a call to of_node_get() when relevant. Fixes: 76a832254ab0 ("mtd: partitions: use DT info for parsing partitions with "compatible" prop") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/mtd/mtdpart.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/mtdpart.c b/drivers/mtd/mtdpart.c index 52e2cb35fc79..99c460facd5e 100644 --- a/drivers/mtd/mtdpart.c +++ b/drivers/mtd/mtdpart.c @@ -873,8 +873,11 @@ static int mtd_part_of_parse(struct mtd_info *master, int ret, err = 0; np = mtd_get_of_node(master); - if (!mtd_is_partition(master)) + if (mtd_is_partition(master)) + of_node_get(np); + else np = of_get_child_by_name(np, "partitions"); + of_property_for_each_string(np, "compatible", prop, compat) { parser = mtd_part_get_compatible_parser(compat); if (!parser) -- 2.17.1

6 years, 9 months

2
11
0 0

[PATCH] mtd: devices: m25p80: Make the buffer passed in op is DMA-able

by Boris Brezillon

As documented in spi-mem.h, spi_mem_op->data.buf.{in,out} must be DMA-able, and commit 4120f8d158ef ("mtd: spi-nor: Use the spi_mem_xx() API") failed to follow this rule as buffers passed to ->{read,write}_reg() are usually placed on the stack. Fix that by allocating a scratch buffer and copying the data in there before passing it to the spi-mem layer. Fixes: 4120f8d158ef ("mtd: spi-nor: Use the spi_mem_xx() API") Reported-by: Jarkko Nikula <jarkko.nikula(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- Note that the ->{read,write}() path is still buggy since nothing guarantees that buffers passed by the MTD layer to the SPI NOR layer are DMA-able, but this is a long-standing issue which we'll have to address at the spi-nor level (this layer can choose the bounce buffer size based on nor->page_size). --- drivers/mtd/devices/m25p80.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/drivers/mtd/devices/m25p80.c b/drivers/mtd/devices/m25p80.c index cbfafc453274..3b7fafa4bbd6 100644 --- a/drivers/mtd/devices/m25p80.c +++ b/drivers/mtd/devices/m25p80.c @@ -39,14 +39,22 @@ static int m25p80_read_reg(struct spi_nor *nor, u8 code, u8 *val, int len) struct spi_mem_op op = SPI_MEM_OP(SPI_MEM_OP_CMD(code, 1), SPI_MEM_OP_NO_ADDR, SPI_MEM_OP_NO_DUMMY, - SPI_MEM_OP_DATA_IN(len, val, 1)); + SPI_MEM_OP_DATA_IN(len, NULL, 1)); + void *scratchbuf; int ret; + scratchbuf = kmemdup(val, len, GFP_KERNEL); + if (!scratchbuf) + return -ENOMEM; + + op.data.buf.in = scratchbuf; ret = spi_mem_exec_op(flash->spimem, &op); if (ret < 0) dev_err(&flash->spimem->spi->dev, "error %d reading %x\n", ret, code); + kfree(scratchbuf); + return ret; } @@ -56,9 +64,19 @@ static int m25p80_write_reg(struct spi_nor *nor, u8 opcode, u8 *buf, int len) struct spi_mem_op op = SPI_MEM_OP(SPI_MEM_OP_CMD(opcode, 1), SPI_MEM_OP_NO_ADDR, SPI_MEM_OP_NO_DUMMY, - SPI_MEM_OP_DATA_OUT(len, buf, 1)); + SPI_MEM_OP_DATA_OUT(len, NULL, 1)); + void *scratchbuf; + int ret; - return spi_mem_exec_op(flash->spimem, &op); + scratchbuf = kmemdup(buf, len, GFP_KERNEL); + if (!scratchbuf) + return -ENOMEM; + + op.data.buf.out = scratchbuf; + ret = spi_mem_exec_op(flash->spimem, &op); + kfree(scratchbuf); + + return ret; } static ssize_t m25p80_write(struct spi_nor *nor, loff_t to, size_t len, -- 2.14.1

6 years, 9 months

2
3
0 0

[PATCHv2] mm, thp: Fix mlocking THP page with migration enabled

by Kirill A. Shutemov

A transparent huge page is represented by a single entry on an LRU list. Therefore, we can only make unevictable an entire compound page, not individual subpages. If a user tries to mlock() part of a huge page, we want the rest of the page to be reclaimable. We handle this by keeping PTE-mapped huge pages on normal LRU lists: the PMD on border of VM_LOCKED VMA will be split into PTE table. Introduction of THP migration breaks[1] the rules around mlocking THP pages. If we had a single PMD mapping of the page in mlocked VMA, the page will get mlocked, regardless of PTE mappings of the page. For tmpfs/shmem it's easy to fix by checking PageDoubleMap() in remove_migration_pmd(). Anon THP pages can only be shared between processes via fork(). Mlocked page can only be shared if parent mlocked it before forking, otherwise CoW will be triggered on mlock(). For Anon-THP, we can fix the issue by munlocking the page on removing PTE migration entry for the page. PTEs for the page will always come after mlocked PMD: rmap walks VMAs from oldest to newest. Test-case: #include <unistd.h> #include <sys/mman.h> #include <sys/wait.h> #include <linux/mempolicy.h> #include <numaif.h> int main(void) { unsigned long nodemask = 4; void *addr; addr = mmap((void *)0x20000000UL, 2UL << 20, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_LOCKED, -1, 0); if (fork()) { wait(NULL); return 0; } mlock(addr, 4UL << 10); mbind(addr, 2UL << 20, MPOL_PREFERRED | MPOL_F_RELATIVE_NODES, &nodemask, 4, MPOL_MF_MOVE); return 0; } [1] https://lkml.kernel.org/r/CAOMGZ=G52R-30rZvhGxEbkTw7rLLwBGadVYeo--iizcD3upL… Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: Vegard Nossum <vegard.nossum(a)oracle.com> Fixes: 616b8371539a ("mm: thp: enable thp migration in generic path") Cc: <stable(a)vger.kernel.org> [v4.14+] Cc: Zi Yan <zi.yan(a)cs.rutgers.edu> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Andrea Arcangeli <aarcange(a)redhat.com> --- mm/huge_memory.c | 2 +- mm/migrate.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 533f9b00147d..00704060b7f7 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -2931,7 +2931,7 @@ void remove_migration_pmd(struct page_vma_mapped_walk *pvmw, struct page *new) else page_add_file_rmap(new, true); set_pmd_at(mm, mmun_start, pvmw->pmd, pmde); - if (vma->vm_flags & VM_LOCKED) + if ((vma->vm_flags & VM_LOCKED) && !PageDoubleMap(new)) mlock_vma_page(new); update_mmu_cache_pmd(vma, address, pvmw->pmd); } diff --git a/mm/migrate.c b/mm/migrate.c index d6a2e89b086a..9d374011c244 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -275,6 +275,9 @@ static bool remove_migration_pte(struct page *page, struct vm_area_struct *vma, if (vma->vm_flags & VM_LOCKED && !PageTransCompound(new)) mlock_vma_page(new); + if (PageTransHuge(page) && PageMlocked(page)) + clear_page_mlock(page); + /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, pvmw.address, pvmw.pte); } -- 2.18.0

6 years, 9 months

2
1
0 0

[PATCH 2/2] NFC: Fix the number of pipes

by Greg Kroah-Hartman

From: Suren Baghdasaryan <surenb(a)google.com> According to ETSI TS 102 622 specification chapter 4.4 pipe identifier is 7 bits long which allows for 128 unique pipe IDs. Because NFC_HCI_MAX_PIPES is used as the number of pipes supported and not as the max pipe ID, its value should be 128 instead of 127. nfc_hci_recv_from_llc extracts pipe ID from packet header using NFC_HCI_FRAGMENT(0x7F) mask which allows for pipe ID value of 127. Same happens when NCI_HCP_MSG_GET_PIPE() is being used. With pipes array having only 127 elements and pipe ID of 127 the OOB memory access will result. Cc: Samuel Ortiz <sameo(a)linux.intel.com> Cc: Allen Pais <allen.pais(a)oracle.com> Cc: "David S. Miller" <davem(a)davemloft.net> Suggested-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/net/nfc/hci.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/net/nfc/hci.h b/include/net/nfc/hci.h index 316694dafa5b..008f466d1da7 100644 --- a/include/net/nfc/hci.h +++ b/include/net/nfc/hci.h @@ -87,7 +87,7 @@ struct nfc_hci_pipe { * According to specification 102 622 chapter 4.4 Pipes, * the pipe identifier is 7 bits long. */ -#define NFC_HCI_MAX_PIPES 127 +#define NFC_HCI_MAX_PIPES 128 struct nfc_hci_init_data { u8 gate_count; struct nfc_hci_gate gates[NFC_HCI_MAX_CUSTOM_GATES]; -- 2.19.0

6 years, 9 months

1
0
0 0

[PATCH 1/2] NFC: Fix possible memory corruption when handling SHDLC I-Frame commands

by Greg Kroah-Hartman

From: Suren Baghdasaryan <surenb(a)google.com> When handling SHDLC I-Frame commands "pipe" field used for indexing into an array should be checked before usage. If left unchecked it might access memory outside of the array of size NFC_HCI_MAX_PIPES(127). Malformed NFC HCI frames could be injected by a malicious NFC device communicating with the device being attacked (remote attack vector), or even by an attacker with physical access to the I2C bus such that they could influence the data transfers on that bus (local attack vector). skb->data is controlled by the attacker and has only been sanitized in the most trivial ways (CRC check), therefore we can consider the create_info struct and all of its members to tainted. 'create_info->pipe' with max value of 255 (uint8) is used to take an offset of the hdev->pipes array of 127 elements which can lead to OOB write. Cc: Samuel Ortiz <sameo(a)linux.intel.com> Cc: Allen Pais <allen.pais(a)oracle.com> Cc: "David S. Miller" <davem(a)davemloft.net> Suggested-by: Kevin Deus <kdeus(a)google.com> Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Acked-by: Kees Cook <keescook(a)chromium.org> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/nfc/hci/core.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/net/nfc/hci/core.c b/net/nfc/hci/core.c index ac8030c4bcf8..19cb2e473ea6 100644 --- a/net/nfc/hci/core.c +++ b/net/nfc/hci/core.c @@ -209,6 +209,11 @@ void nfc_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd, } create_info = (struct hci_create_pipe_resp *)skb->data; + if (create_info->pipe >= NFC_HCI_MAX_PIPES) { + status = NFC_HCI_ANY_E_NOK; + goto exit; + } + /* Save the new created pipe and bind with local gate, * the description for skb->data[3] is destination gate id * but since we received this cmd from host controller, we @@ -232,6 +237,11 @@ void nfc_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd, } delete_info = (struct hci_delete_pipe_noti *)skb->data; + if (delete_info->pipe >= NFC_HCI_MAX_PIPES) { + status = NFC_HCI_ANY_E_NOK; + goto exit; + } + hdev->pipes[delete_info->pipe].gate = NFC_HCI_INVALID_GATE; hdev->pipes[delete_info->pipe].dest_host = NFC_HCI_INVALID_HOST; break; -- 2.19.0

6 years, 9 months

1
0
0 0

[git:media_tree/master] media: tvp5150: avoid going past array on v4l2_querymenu()

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: tvp5150: avoid going past array on v4l2_querymenu() Author: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> Date: Thu Sep 13 16:49:51 2018 -0400 The parameters of v4l2_ctrl_new_std_menu_items() are tricky: instead of the number of possible values, it requires the number of the maximum value. In other words, the ARRAY_SIZE() value should be decremented, otherwise it will go past the array bounds, as warned by KASAN: [ 279.839688] BUG: KASAN: global-out-of-bounds in v4l2_querymenu+0x10d/0x180 [videodev] [ 279.839709] Read of size 8 at addr ffffffffc10a4cb0 by task v4l2-compliance/16676 [ 279.839736] CPU: 1 PID: 16676 Comm: v4l2-compliance Not tainted 4.18.0-rc2+ #120 [ 279.839741] Hardware name: /NUC5i7RYB, BIOS RYBDWi35.86A.0364.2017.0511.0949 05/11/2017 [ 279.839743] Call Trace: [ 279.839758] dump_stack+0x71/0xab [ 279.839807] ? v4l2_querymenu+0x10d/0x180 [videodev] [ 279.839817] print_address_description+0x1c9/0x270 [ 279.839863] ? v4l2_querymenu+0x10d/0x180 [videodev] [ 279.839871] kasan_report+0x237/0x360 [ 279.839918] v4l2_querymenu+0x10d/0x180 [videodev] [ 279.839964] __video_do_ioctl+0x2c8/0x590 [videodev] [ 279.840011] ? copy_overflow+0x20/0x20 [videodev] [ 279.840020] ? avc_ss_reset+0xa0/0xa0 [ 279.840028] ? check_stack_object+0x21/0x60 [ 279.840036] ? __check_object_size+0xe7/0x240 [ 279.840080] video_usercopy+0xed/0x730 [videodev] [ 279.840123] ? copy_overflow+0x20/0x20 [videodev] [ 279.840167] ? v4l_enumstd+0x40/0x40 [videodev] [ 279.840177] ? __handle_mm_fault+0x9f9/0x1ba0 [ 279.840186] ? __pmd_alloc+0x2c0/0x2c0 [ 279.840193] ? __vfs_write+0xb6/0x350 [ 279.840200] ? kernel_read+0xa0/0xa0 [ 279.840244] ? video_usercopy+0x730/0x730 [videodev] [ 279.840284] v4l2_ioctl+0xa1/0xb0 [videodev] [ 279.840295] do_vfs_ioctl+0x117/0x8a0 [ 279.840303] ? selinux_file_ioctl+0x211/0x2f0 [ 279.840313] ? ioctl_preallocate+0x120/0x120 [ 279.840319] ? selinux_capable+0x20/0x20 [ 279.840332] ksys_ioctl+0x70/0x80 [ 279.840342] __x64_sys_ioctl+0x3d/0x50 [ 279.840351] do_syscall_64+0x6d/0x1c0 [ 279.840361] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 279.840367] RIP: 0033:0x7fdfb46275d7 [ 279.840369] Code: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 f7 d8 64 89 01 48 [ 279.840474] RSP: 002b:00007ffee1179038 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 279.840483] RAX: ffffffffffffffda RBX: 00007ffee1179180 RCX: 00007fdfb46275d7 [ 279.840488] RDX: 00007ffee11790c0 RSI: 00000000c02c5625 RDI: 0000000000000003 [ 279.840493] RBP: 0000000000000002 R08: 0000000000000020 R09: 00000000009f0902 [ 279.840497] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffee117a5a0 [ 279.840501] R13: 00007ffee11790c0 R14: 0000000000000002 R15: 0000000000000000 [ 279.840515] The buggy address belongs to the variable: [ 279.840535] tvp5150_test_patterns+0x10/0xffffffffffffe360 [tvp5150] Fixes: c43875f66140 ("[media] tvp5150: replace MEDIA_ENT_F_CONN_TEST by a control") Cc: stable(a)vger.kernel.org Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org> drivers/media/i2c/tvp5150.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- diff --git a/drivers/media/i2c/tvp5150.c b/drivers/media/i2c/tvp5150.c index f337e523821b..57b2102586bc 100644 --- a/drivers/media/i2c/tvp5150.c +++ b/drivers/media/i2c/tvp5150.c @@ -1534,7 +1534,7 @@ static int tvp5150_probe(struct i2c_client *c, 27000000, 1, 27000000); v4l2_ctrl_new_std_menu_items(&core->hdl, &tvp5150_ctrl_ops, V4L2_CID_TEST_PATTERN, - ARRAY_SIZE(tvp5150_test_patterns), + ARRAY_SIZE(tvp5150_test_patterns) - 1, 0, 0, tvp5150_test_patterns); sd->ctrl_handler = &core->hdl; if (core->hdl.error) {

6 years, 9 months

1
0
0 0

[PATCH] mtd: rawnand: marvell: prevent harmless warnings

by Miquel Raynal

Since the addition of WARN_ON() in nand_subop_get_data/addr_len() helpers, this driver will produce harmless warnings (mostly at probe) just because it always called the *_data_len() helper in the parsing function (even on non-data instructions, where this value is meaningless and unneeded. Fix these warnings by deriving the length only when it is relevant. Fixes: 760c435e0f85 ("mtd: rawnand: make subop helpers return unsigned values") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/mtd/nand/raw/marvell_nand.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/nand/raw/marvell_nand.c b/drivers/mtd/nand/raw/marvell_nand.c index 7af4d6213ee5..bc2ef5209783 100644 --- a/drivers/mtd/nand/raw/marvell_nand.c +++ b/drivers/mtd/nand/raw/marvell_nand.c @@ -1547,7 +1547,7 @@ static void marvell_nfc_parse_instructions(struct nand_chip *chip, for (op_id = 0; op_id < subop->ninstrs; op_id++) { unsigned int offset, naddrs; const u8 *addrs; - int len = nand_subop_get_data_len(subop, op_id); + int len; instr = &subop->instrs[op_id]; @@ -1593,6 +1593,7 @@ static void marvell_nfc_parse_instructions(struct nand_chip *chip, nfc_op->ndcb[0] |= NDCB0_CMD_XTYPE(XTYPE_MONOLITHIC_RW) | NDCB0_LEN_OVRD; + len = nand_subop_get_data_len(subop, op_id); nfc_op->ndcb[3] |= round_up(len, FIFO_DEPTH); } nfc_op->data_delay_ns = instr->delay_ns; @@ -1606,6 +1607,7 @@ static void marvell_nfc_parse_instructions(struct nand_chip *chip, nfc_op->ndcb[0] |= NDCB0_CMD_XTYPE(XTYPE_MONOLITHIC_RW) | NDCB0_LEN_OVRD; + len = nand_subop_get_data_len(subop, op_id); nfc_op->ndcb[3] |= round_up(len, FIFO_DEPTH); } nfc_op->data_delay_ns = instr->delay_ns; -- 2.17.1

6 years, 9 months

2
3
0 0

[PATCH] x86/mm/pat: Fix L1TF stable backport for CPA

by Andi Kleen

From: Andi Kleen <ak(a)linux.intel.com> Patch for stable only to fix boot resets caused by the L1TF patches. Stable trees reverted the following patch Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers" This reverts commit 87e2bd898d3a79a8c609f183180adac47879a2a4 which is commit edc3b9129cecd0f0857112136f5b8b1bc1d45918 upstream. but the L1TF patch backported here x86/mm/pat: Make set_memory_np() L1TF safe commit 958f79b9ee55dfaf00c8106ed1c22a2919e0028b upstream set_memory_np() is used to mark kernel mappings not present, but it has it's own open coded mechanism which does not have the L1TF protection of inverting the address bits. assumed that cpa->pfn contains a PFN. With the above patch reverted it does not, which causes the PMD to be set to an incorrect address shifted by 12 bits, which can cause early boot reset on some systems, like an Apollo Lake embedded system. Convert the address to a PFN before passing it to pmd_pfn() Thanks to Bernhard for bisecting and testing. Cc: stable(a)vger.kernel.org # 4.4 and 4.9 Reported-by: Bernhard Kaindl <bernhard.kaindl(a)thalesgroup.com> Tested-by: Bernhard Kaindl <bernhard.kaindl(a)thalesgroup.com> Signed-off-by: Andi Kleen <ak(a)linux.intel.com> --- arch/x86/mm/pageattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c index 27610c2d1821..1007fa80f5a6 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -1006,7 +1006,7 @@ static int populate_pmd(struct cpa_data *cpa, pmd = pmd_offset(pud, start); - set_pmd(pmd, pmd_mkhuge(pfn_pmd(cpa->pfn, + set_pmd(pmd, pmd_mkhuge(pfn_pmd(cpa->pfn >> PAGE_SHIFT, canon_pgprot(pmd_pgprot)))); start += PMD_SIZE; -- 2.17.1

6 years, 9 months

6
11
0 0

[STABLE 4.4] x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+

by Andi Kleen

From: Andi Kleen <ak(a)linux.intel.com> [upstream cc51e5428ea54f575d49cfcede1d4cb3a72b4ec4 for 4.4. Note there might be still a trivial conflict with the backport for b0a182f875689647b014bc01d36b340217792852, but should be easy to resolve] On Nehalem and newer core CPUs the CPU cache internally uses 44 bits physical address space. The L1TF workaround is limited by this internal cache address width, and needs to have one bit free there for the mitigation to work. Older client systems report only 36bit physical address space so the range check decides that L1TF is not mitigated for a 36bit phys/32GB system with some memory holes. But since these actually have the larger internal cache width this warning is bogus because it would only really be needed if the system had more than 43bits of memory. Add a new internal x86_cache_bits field. Normally it is the same as the physical bits field reported by CPUID, but for Nehalem and newerforce it to be at least 44bits. Change the L1TF memory size warning to use the new cache_bits field to avoid bogus warnings and remove the bogus comment about memory size. Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf") Reported-by: George Anchev <studio(a)anchev.net> Reported-by: Christopher Snowhill <kode54(a)gmail.com> Signed-off-by: Andi Kleen <ak(a)linux.intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: x86(a)kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: Michael Hocko <mhocko(a)suse.com> Cc: vbabka(a)suse.cz Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20180824170351.34874-1-andi@firstfloor.org --- arch/x86/include/asm/processor.h | 4 ++- arch/x86/kernel/cpu/bugs.c | 47 ++++++++++++++++++++++++++++---- arch/x86/kernel/cpu/common.c | 2 ++ 3 files changed, 47 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index a3a53955f01c..cb07d3f618ca 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -104,6 +104,8 @@ struct cpuinfo_x86 { __u8 x86_phys_bits; /* CPUID returned core id bits: */ __u8 x86_coreid_bits; + + __u8 x86_cache_bits; /* Max extended CPUID function supported: */ __u32 extended_cpuid_level; /* Maximum supported CPUID level, -1=no CPUID: */ @@ -174,7 +176,7 @@ extern void cpu_detect(struct cpuinfo_x86 *c); static inline unsigned long l1tf_pfn_limit(void) { - return BIT(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1; + return BIT_ULL(boot_cpu_data.x86_cache_bits - 1 - PAGE_SHIFT); } extern void early_cpu_init(void); diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 34e4aaaf03d2..2a41a86aa5c2 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -634,6 +634,46 @@ void x86_spec_ctrl_setup_ap(void) #undef pr_fmt #define pr_fmt(fmt) "L1TF: " fmt + +/* + * These CPUs all support 44bits physical address space internally in the + * cache but CPUID can report a smaller number of physical address bits. + * + * The L1TF mitigation uses the top most address bit for the inversion of + * non present PTEs. When the installed memory reaches into the top most + * address bit due to memory holes, which has been observed on machines + * which report 36bits physical address bits and have 32G RAM installed, + * then the mitigation range check in l1tf_select_mitigation() triggers. + * This is a false positive because the mitigation is still possible due to + * the fact that the cache uses 44bit internally. Use the cache bits + * instead of the reported physical bits and adjust them on the affected + * machines to 44bit if the reported bits are less than 44. + */ +static void override_cache_bits(struct cpuinfo_x86 *c) +{ + if (c->x86 != 6) + return; + + switch (c->x86_model) { + case INTEL_FAM6_NEHALEM: + case INTEL_FAM6_WESTMERE: + case INTEL_FAM6_SANDYBRIDGE: + case INTEL_FAM6_IVYBRIDGE: + case INTEL_FAM6_HASWELL_CORE: + case INTEL_FAM6_HASWELL_ULT: + case INTEL_FAM6_HASWELL_GT3E: + case INTEL_FAM6_BROADWELL_CORE: + case INTEL_FAM6_BROADWELL_GT3E: + case INTEL_FAM6_SKYLAKE_MOBILE: + case INTEL_FAM6_SKYLAKE_DESKTOP: + case INTEL_FAM6_KABYLAKE_MOBILE: + case INTEL_FAM6_KABYLAKE_DESKTOP: + if (c->x86_cache_bits < 44) + c->x86_cache_bits = 44; + break; + } +} + static void __init l1tf_select_mitigation(void) { u64 half_pa; @@ -641,16 +681,13 @@ static void __init l1tf_select_mitigation(void) if (!boot_cpu_has_bug(X86_BUG_L1TF)) return; + override_cache_bits(&boot_cpu_data); + #if CONFIG_PGTABLE_LEVELS == 2 pr_warn("Kernel not compiled for PAE. No mitigation for L1TF\n"); return; #endif - /* - * This is extremely unlikely to happen because almost all - * systems have far more MAX_PA/2 than RAM can be fit into - * DIMM slots. - */ half_pa = (u64)l1tf_pfn_limit() << PAGE_SHIFT; if (e820_any_mapped(half_pa, ULLONG_MAX - half_pa, E820_RAM)) { pr_warn("System has more than MAX_PA/2 memory. L1TF mitigation not effective.\n"); diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 4d3fa79c0f09..b12c0287d6cf 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -798,6 +798,8 @@ void get_cpu_cap(struct cpuinfo_x86 *c) c->x86_phys_bits = 36; #endif + c->x86_cache_bits = c->x86_phys_bits; + if (c->extended_cpuid_level >= 0x8000000a) c->x86_capability[CPUID_8000_000A_EDX] = cpuid_edx(0x8000000a); -- 2.17.1

6 years, 9 months

2
1
0 0

[PATCH v4.14.y] autofs: fix autofs_sbi() does not check super block type

by Zubin Mithra

From: Ian Kent <raven(a)themaw.net> commit 0633da48f0793aeba27f82d30605624416723a91 upstream. autofs_sbi() does not check the superblock magic number to verify it has been given an autofs super block. Backport Note: autofs4 has been renamed to autofs upstream. As a result the upstream patch does not apply cleanly onto 4.14.y. Link: http://lkml.kernel.org/r/153475422934.17131.7563724552005298277.stgit@pluto… Reported-by: <syzbot+87c3c541582e56943277(a)syzkaller.appspotmail.com> Signed-off-by: Ian Kent <raven(a)themaw.net> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Zubin Mithra <zsm(a)chromium.org> --- fs/autofs4/autofs_i.h | 4 +++- fs/autofs4/inode.c | 1 - 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/autofs4/autofs_i.h b/fs/autofs4/autofs_i.h index 4737615f0eaa..ce696d6c4641 100644 --- a/fs/autofs4/autofs_i.h +++ b/fs/autofs4/autofs_i.h @@ -26,6 +26,7 @@ #include <linux/list.h> #include <linux/completion.h> #include <asm/current.h> +#include <linux/magic.h> /* This is the range of ioctl() numbers we claim as ours */ #define AUTOFS_IOC_FIRST AUTOFS_IOC_READY @@ -124,7 +125,8 @@ struct autofs_sb_info { static inline struct autofs_sb_info *autofs4_sbi(struct super_block *sb) { - return (struct autofs_sb_info *)(sb->s_fs_info); + return sb->s_magic != AUTOFS_SUPER_MAGIC ? + NULL : (struct autofs_sb_info *)(sb->s_fs_info); } static inline struct autofs_info *autofs4_dentry_ino(struct dentry *dentry) diff --git a/fs/autofs4/inode.c b/fs/autofs4/inode.c index 09e7d68dff02..3c7e727612fa 100644 --- a/fs/autofs4/inode.c +++ b/fs/autofs4/inode.c @@ -14,7 +14,6 @@ #include <linux/pagemap.h> #include <linux/parser.h> #include <linux/bitops.h> -#include <linux/magic.h> #include "autofs_i.h" #include <linux/module.h> -- 2.19.0.rc0.228.g281dcd1b4d0-goog

6 years, 9 months

4
3
0 0

[PATCH v4.14.y 1/2] tun: fix use after free for ptr_ring

by Zubin Mithra

From: Jason Wang <jasowang(a)redhat.com> commit b196d88aba8ac72b775137854121097f4c4c6862 upstream. We used to initialize ptr_ring during TUNSETIFF, this is because its size depends on the tx_queue_len of netdevice. And we try to clean it up when socket were detached from netdevice. A race were spotted when trying to do uninit during a read which will lead a use after free for pointer ring. Solving this by always initialize a zero size ptr_ring in open() and do resizing during TUNSETIFF, and then we can safely do cleanup during close(). With this, there's no need for the workaround that was introduced by commit 4df0bfc79904 ("tun: fix a memory leak for tfile->tx_array"). Backport Note :- Comparison with the upstream patch: [1] A "semantic revert" of the changes made in 4df0bfc799("tun: fix a memory leak for tfile->tx_array"). 4df0bfc799 was applied upstream, and then skb array was changed to use ptr_ring. The upstream patch then removes the changes introduced by 4df0bfc799. This backport does the same; "revert" the changes made by 4df0bfc799. [2] xdp_rxq_info_unreg() being called in relevant locations As xdp_rxq_info related patches are not present in 4.14, these changes are not needed in the backport. [3] An instance of ptr_ring_init needs to be replaced by skb_array_init Inside tun_attach() [4] ptr_ring_cleanup needs to be replaced by skb_array_cleanup Inside tun_chr_close() Note that the backport for 7063efd33b ("tuntap: fix use after free during release") needs to be applied on top of this patch. Reported-by: syzbot+e8b902c3c3fadf0a9dba(a)syzkaller.appspotmail.com Cc: Eric Dumazet <eric.dumazet(a)gmail.com> Cc: Cong Wang <xiyou.wangcong(a)gmail.com> Cc: Michael S. Tsirkin <mst(a)redhat.com> Fixes: 1576d9860599 ("tun: switch to use skb array for tx") Signed-off-by: Jason Wang <jasowang(a)redhat.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Zubin Mithra <zsm(a)chromium.org> --- drivers/net/tun.c | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/drivers/net/tun.c b/drivers/net/tun.c index cb17ffadfc30..87a989be1cef 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c @@ -534,14 +534,6 @@ static void tun_queue_purge(struct tun_file *tfile) skb_queue_purge(&tfile->sk.sk_error_queue); } -static void tun_cleanup_tx_array(struct tun_file *tfile) -{ - if (tfile->tx_array.ring.queue) { - skb_array_cleanup(&tfile->tx_array); - memset(&tfile->tx_array, 0, sizeof(tfile->tx_array)); - } -} - static void __tun_detach(struct tun_file *tfile, bool clean) { struct tun_file *ntfile; @@ -583,7 +575,6 @@ static void __tun_detach(struct tun_file *tfile, bool clean) tun->dev->reg_state == NETREG_REGISTERED) unregister_netdevice(tun->dev); } - tun_cleanup_tx_array(tfile); sock_put(&tfile->sk); } } @@ -623,13 +614,11 @@ static void tun_detach_all(struct net_device *dev) /* Drop read queue */ tun_queue_purge(tfile); sock_put(&tfile->sk); - tun_cleanup_tx_array(tfile); } list_for_each_entry_safe(tfile, tmp, &tun->disabled, next) { tun_enable_queue(tfile); tun_queue_purge(tfile); sock_put(&tfile->sk); - tun_cleanup_tx_array(tfile); } BUG_ON(tun->numdisabled != 0); @@ -675,7 +664,7 @@ static int tun_attach(struct tun_struct *tun, struct file *file, bool skip_filte } if (!tfile->detached && - skb_array_init(&tfile->tx_array, dev->tx_queue_len, GFP_KERNEL)) { + skb_array_resize(&tfile->tx_array, dev->tx_queue_len, GFP_KERNEL)) { err = -ENOMEM; goto out; } @@ -2624,6 +2613,11 @@ static int tun_chr_open(struct inode *inode, struct file * file) &tun_proto, 0); if (!tfile) return -ENOMEM; + if (skb_array_init(&tfile->tx_array, 0, GFP_KERNEL)) { + sk_free(&tfile->sk); + return -ENOMEM; + } + RCU_INIT_POINTER(tfile->tun, NULL); tfile->flags = 0; tfile->ifindex = 0; @@ -2644,8 +2638,6 @@ static int tun_chr_open(struct inode *inode, struct file * file) sock_set_flag(&tfile->sk, SOCK_ZEROCOPY); - memset(&tfile->tx_array, 0, sizeof(tfile->tx_array)); - return 0; } @@ -2654,6 +2646,7 @@ static int tun_chr_close(struct inode *inode, struct file *file) struct tun_file *tfile = file->private_data; tun_detach(tfile, true); + skb_array_cleanup(&tfile->tx_array); return 0; } -- 2.19.0.rc1.350.ge57e33dbd1-goog

6 years, 9 months

2
2
0 0

[PATCH 4.4 000/107] 4.4.144-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.144 release. There are 107 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Jul 25 12:23:53 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.144-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.144-rc1 Sascha Hauer <s.hauer(a)pengutronix.de> ubi: fastmap: Erase outdated anchor PEBs during attach Richard Weinberger <richard(a)nod.at> ubi: Fix Fastmap's update_vol() Richard Weinberger <richard(a)nod.at> ubi: Fix races around ubi_refill_pools() Richard Weinberger <richard(a)nod.at> ubi: Be more paranoid while seaching for the most recent Fastmap Richard Weinberger <richard(a)nod.at> ubi: Rework Fastmap attach base code Richard Weinberger <richard(a)nod.at> ubi: Introduce vol_ignored() Lucas Stach <dev(a)lynxeye.de> clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 Alan Jenkins <alan.christopher.jenkins(a)gmail.com> block: do not use interruptible wait anywhere Andy Lutomirski <luto(a)kernel.org> x86/cpu: Re-apply forced caps every time CPU caps are re-read Juergen Gross <jgross(a)suse.com> x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Rename SSBD_NO to SSB_NO Thomas Gleixner <tglx(a)linutronix.de> x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG Thomas Gleixner <tglx(a)linutronix.de> x86/bugs: Rework spec_ctrl base and mask logic Thomas Gleixner <tglx(a)linutronix.de> x86/bugs: Remove x86_spec_ctrl_set() Thomas Gleixner <tglx(a)linutronix.de> x86/bugs: Expose x86_spec_ctrl_base directly Borislav Petkov <bp(a)suse.de> x86/bugs: Unify x86_spec_ctrl_{set_guest, restore_host} Thomas Gleixner <tglx(a)linutronix.de> x86/speculation: Rework speculative_store_bypass_update() Tom Lendacky <thomas.lendacky(a)amd.com> x86/speculation: Add virtualized speculative store bypass disable support Thomas Gleixner <tglx(a)linutronix.de> x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL Thomas Gleixner <tglx(a)linutronix.de> x86/speculation: Handle HT correctly on AMD Thomas Gleixner <tglx(a)linutronix.de> x86/cpufeatures: Add FEATURE_ZEN Borislav Petkov <bp(a)suse.de> x86/cpu/AMD: Fix erratum 1076 (CPB bit) Thomas Gleixner <tglx(a)linutronix.de> x86/cpufeatures: Disentangle SSBD enumeration Thomas Gleixner <tglx(a)linutronix.de> x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS Borislav Petkov <bp(a)suse.de> x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP Jim Mattson <jmattson(a)google.com> x86/cpu: Make alternative_msr_write work for 32-bit code Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Fix the parameters alignment and missing void Jiri Kosina <jkosina(a)suse.cz> x86/bugs: Make cpu_show_common() static Jiri Kosina <jkosina(a)suse.cz> x86/bugs: Fix __ssb_select_mitigation() return type Borislav Petkov <bp(a)suse.de> Documentation/spec_ctrl: Do some minor cleanups Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> proc: Use underscores for SSBD in 'status' Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Rename _RDS to _SSBD Kees Cook <keescook(a)chromium.org> x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass Thomas Gleixner <tglx(a)linutronix.de> seccomp: Move speculation migitation control to arch code Kees Cook <keescook(a)chromium.org> seccomp: Add filter flag to opt-out of SSB mitigation Thomas Gleixner <tglx(a)linutronix.de> seccomp: Use PR_SPEC_FORCE_DISABLE Thomas Gleixner <tglx(a)linutronix.de> prctl: Add force disable speculation Kees Cook <keescook(a)chromium.org> seccomp: Enable speculation flaw mitigations Kees Cook <keescook(a)chromium.org> proc: Provide details on speculation flaw mitigations Kees Cook <keescook(a)chromium.org> nospec: Allow getting/setting on non-current task Thomas Gleixner <tglx(a)linutronix.de> x86/speculation: Add prctl for Speculative Store Bypass mitigation Thomas Gleixner <tglx(a)linutronix.de> x86/process: Allow runtime control of Speculative Store Bypass Thomas Gleixner <tglx(a)linutronix.de> x86/process: Optimize TIF_NOTSC switch Kyle Huey <me(a)kylehuey.com> x86/process: Correct and optimize TIF_BLOCKSTEP switch Kyle Huey <me(a)kylehuey.com> x86/process: Optimize TIF checks in __switch_to_xtra() Thomas Gleixner <tglx(a)linutronix.de> prctl: Add speculation control prctls Thomas Gleixner <tglx(a)linutronix.de> x86/speculation: Create spec-ctrl.h to avoid include hell David Woodhouse <dwmw(a)amazon.co.uk> x86/bugs/AMD: Add support to disable RDS on Fam[15, 16, 17]h if requested Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Whitelist allowed SPEC_CTRL MSR values Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs/intel: Set proper CPU features and setup RDS Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/cpufeatures: Add X86_FEATURE_RDS Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Expose /sys/../spec_store_bypass Piotr Luc <piotr.luc(a)intel.com> x86/cpu/intel: Add Knights Mill to Intel family Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> x86/cpu: Rename Merrifield2 to Moorefield Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs, KVM: Support the combination of guest and host IBRS Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Concentrate bug reporting into a separate function Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/bugs: Concentrate bug detection into a separate function Linus Torvalds <torvalds(a)linux-foundation.org> x86/nospec: Simplify alternative_msr_write() David Woodhouse <dwmw(a)amazon.co.uk> x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen Juergen Gross <jgross(a)suse.com> xen: set cpu capabilities from xen_start_kernel() Mickaël Salaün <mic(a)digikod.net> selftest/seccomp: Fix the seccomp(2) signature Mickaël Salaün <mic(a)digikod.net> selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC Alexander Sergeyev <sergeev917(a)gmail.com> x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist Ingo Molnar <mingo(a)kernel.org> x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP David Woodhouse <dwmw(a)amazon.co.uk> x86/speculation: Use IBRS if available before calling into firmware Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> x86/spectre_v2: Don't check microcode versions when running under hypervisors Tim Chen <tim.c.chen(a)linux.intel.com> x86/speculation: Use Indirect Branch Prediction Barrier in context switch Andy Lutomirski <luto(a)kernel.org> x86/mm: Give each mm TLB flush generation a unique ID Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm: Factor out LDT init from context init Juergen Gross <jgross(a)suse.com> x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend Peter Zijlstra <peterz(a)infradead.org> x86/speculation: Add <asm/msr-index.h> dependency Dan Williams <dan.j.williams(a)intel.com> x86/speculation: Fix up array_index_nospec_mask() asm constraint Ingo Molnar <mingo(a)kernel.org> x86/speculation: Clean up various Spectre related details David Woodhouse <dwmw(a)amazon.co.uk> x86/speculation: Correct Speculation Control microcode blacklist again David Woodhouse <dwmw(a)amazon.co.uk> x86/speculation: Update Speculation Control microcode blacklist Dan Williams <dan.j.williams(a)intel.com> x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface Denys Vlasenko <dvlasenk(a)redhat.com> x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs Arnd Bergmann <arnd(a)arndb.de> x86/pti: Mark constant arrays as __initconst David Woodhouse <dwmw(a)amazon.co.uk> x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel David Woodhouse <dwmw(a)amazon.co.uk> x86/cpufeatures: Clean up Spectre v2 related CPUID flags David Woodhouse <dwmw(a)amazon.co.uk> x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support David Woodhouse <dwmw(a)amazon.co.uk> x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes David Woodhouse <dwmw(a)amazon.co.uk> x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown David Woodhouse <dwmw(a)amazon.co.uk> x86/msr: Add definitions for new speculation control MSRs David Woodhouse <dwmw(a)amazon.co.uk> x86/cpufeatures: Add AMD feature bits for Speculation Control David Woodhouse <dwmw(a)amazon.co.uk> x86/cpufeatures: Add Intel feature bits for Speculation Control David Woodhouse <dwmw(a)amazon.co.uk> x86/cpufeatures: Add CPUID_7_EDX CPUID leaf Nick Desaulniers <ndesaulniers(a)google.com> x86/paravirt: Make native_save_fl() extern inline Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix perceived dead host due to runtime suspend race with event handler Stefano Brivio <sbrivio(a)redhat.com> skbuff: Unconditionally copy pfmemalloc in __skb_clone() Stefano Brivio <sbrivio(a)redhat.com> net: Don't copy pfmemalloc flag in __copy_skb_header() Sanjeev Bansal <sanjeevb.bansal(a)broadcom.com> tg3: Add higher cpu clock for 5762. Gustavo A. R. Silva <gustavo(a)embeddedor.com> ptp: fix missing break in switch Heiner Kallweit <hkallweit1(a)gmail.com> net: phy: fix flag masking in __set_phy_supported David Ahern <dsahern(a)gmail.com> net/ipv4: Set oif in fib_compute_spec_dst Davidlohr Bueso <dave(a)stgolabs.net> lib/rhashtable: consider param->min_size when setting initial table size Colin Ian King <colin.king(a)canonical.com> ipv6: fix useless rol32 call on hash Tyler Hicks <tyhicks(a)canonical.com> ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns Jing Xia <jing.xia.mail(a)gmail.com> mm: memcg: fix use after free in mem_cgroup_iter() Vineet Gupta <vgupta(a)synopsys.com> ARC: mm: allow mprotect to make stack mappings executable Alexey Brodkin <abrodkin(a)synopsys.com> ARC: Fix CONFIG_SWAP Takashi Iwai <tiwai(a)suse.de> ALSA: rawmidi: Change resized buffers atomically OGAWA Hirofumi <hirofumi(a)mail.parknet.co.jp> fat: fix memory allocation failure handling of match_strdup() Dewet Thibaut <thibaut.dewet(a)nokia.com> x86/MCE: Remove min interval polling limitation Lan Tianyu <tianyu.lan(a)intel.com> KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel. ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/kernel-parameters.txt | 45 +++ Documentation/spec_ctrl.txt | 94 +++++ Makefile | 4 +- arch/arc/include/asm/page.h | 2 +- arch/arc/include/asm/pgtable.h | 2 +- arch/x86/entry/entry_64_compat.S | 75 ++-- arch/x86/include/asm/apm.h | 6 + arch/x86/include/asm/barrier.h | 2 +- arch/x86/include/asm/cpufeature.h | 7 +- arch/x86/include/asm/cpufeatures.h | 37 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/efi.h | 7 + arch/x86/include/asm/intel-family.h | 10 +- arch/x86/include/asm/irqflags.h | 2 +- arch/x86/include/asm/mmu.h | 15 +- arch/x86/include/asm/mmu_context.h | 25 +- arch/x86/include/asm/msr-index.h | 22 ++ arch/x86/include/asm/nospec-branch.h | 54 +++ arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/spec-ctrl.h | 80 ++++ arch/x86/include/asm/thread_info.h | 6 +- arch/x86/include/asm/tlbflush.h | 12 + arch/x86/kernel/Makefile | 1 + arch/x86/kernel/cpu/amd.c | 38 +- arch/x86/kernel/cpu/bugs.c | 427 +++++++++++++++++++-- arch/x86/kernel/cpu/common.c | 121 +++++- arch/x86/kernel/cpu/cpu.h | 3 + arch/x86/kernel/cpu/intel.c | 73 ++++ arch/x86/kernel/cpu/mcheck/mce.c | 3 - arch/x86/kernel/irqflags.S | 26 ++ arch/x86/kernel/ldt.c | 4 +- arch/x86/kernel/process.c | 224 +++++++++-- arch/x86/kernel/smpboot.c | 5 + arch/x86/kvm/svm.c | 2 +- arch/x86/kvm/vmx.c | 2 +- arch/x86/mm/tlb.c | 33 ++ arch/x86/platform/efi/efi_64.c | 3 + arch/x86/xen/enlighten.c | 16 +- arch/x86/xen/smp.c | 5 + arch/x86/xen/suspend.c | 16 + block/blk-core.c | 10 +- drivers/base/cpu.c | 8 + drivers/clk/tegra/clk-tegra30.c | 11 +- drivers/mtd/ubi/attach.c | 139 +++++-- drivers/mtd/ubi/eba.c | 4 +- drivers/mtd/ubi/fastmap-wl.c | 6 +- drivers/mtd/ubi/fastmap.c | 51 ++- drivers/mtd/ubi/ubi.h | 46 ++- drivers/mtd/ubi/wl.c | 114 ++++-- drivers/net/ethernet/broadcom/tg3.c | 9 + drivers/net/phy/phy_device.c | 7 +- drivers/ptp/ptp_chardev.c | 1 + drivers/usb/host/xhci.c | 40 +- drivers/usb/host/xhci.h | 4 + fs/fat/inode.c | 20 +- fs/proc/array.c | 26 ++ include/linux/cpu.h | 2 + include/linux/nospec.h | 10 + include/linux/sched.h | 9 + include/linux/seccomp.h | 3 +- include/linux/skbuff.h | 12 +- include/net/ipv6.h | 2 +- include/uapi/linux/prctl.h | 12 + include/uapi/linux/seccomp.h | 4 +- kernel/seccomp.c | 21 +- kernel/sys.c | 21 + lib/rhashtable.c | 17 +- mm/memcontrol.c | 2 +- net/core/skbuff.c | 1 + net/ipv4/fib_frontend.c | 1 + net/ipv4/sysctl_net_ipv4.c | 5 +- sound/core/rawmidi.c | 20 +- tools/testing/selftests/seccomp/seccomp_bpf.c | 98 ++++- virt/kvm/eventfd.c | 6 +- 75 files changed, 1982 insertions(+), 276 deletions(-)

6 years, 9 months

6
110
0 0

Requests for inclusion on linux-4.14.y

by Eduardo Valentin

Hello Greg, Can you please consider including the following two patches in the stable linux-4.14.y branch? This is to avoid page faults in do_swap_page() on PV guests, usually seen on __radix_tree_lookup() [1]. f7c90c2aa400 ("x86/xen: don't write ptes directly in 32-bit PV guests") b2d7a075a1cc ("x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear") Thanks, [1] - more details on https://bugzilla.kernel.org/show_bug.cgi?id=198497 -- All the best, Eduardo Valentin

6 years, 9 months

2
1
0 0

[PATCH 4.4.y] crypto: vmx - Fix sleep-in-atomic bugs

by Ondrej Mosnacek

commit 0522236d4f9c5ab2e79889cb020d1acbe5da416e upstream. Conflicts: drivers/crypto/vmx/ aes_cbc.c - adapted enable/disable calls to v4.4 state aes_xts.c - did not exist yet in v4.4 This patch fixes sleep-in-atomic bugs in AES-CBC and AES-XTS VMX implementations. The problem is that the blkcipher_* functions should not be called in atomic context. The bugs can be reproduced via the AF_ALG interface by trying to encrypt/decrypt sufficiently large buffers (at least 64 KiB) using the VMX implementations of 'cbc(aes)' or 'xts(aes)'. Such operations then trigger BUG in crypto_yield(): [ 891.863680] BUG: sleeping function called from invalid context at include/crypto/algapi.h:424 [ 891.864622] in_atomic(): 1, irqs_disabled(): 0, pid: 12347, name: kcapi-enc [ 891.864739] 1 lock held by kcapi-enc/12347: [ 891.864811] #0: 00000000f5d42c46 (sk_lock-AF_ALG){+.+.}, at: skcipher_recvmsg+0x50/0x530 [ 891.865076] CPU: 5 PID: 12347 Comm: kcapi-enc Not tainted 4.19.0-0.rc0.git3.1.fc30.ppc64le #1 [ 891.865251] Call Trace: [ 891.865340] [c0000003387578c0] [c000000000d67ea4] dump_stack+0xe8/0x164 (unreliable) [ 891.865511] [c000000338757910] [c000000000172a58] ___might_sleep+0x2f8/0x310 [ 891.865679] [c000000338757990] [c0000000006bff74] blkcipher_walk_done+0x374/0x4a0 [ 891.865825] [c0000003387579e0] [d000000007e73e70] p8_aes_cbc_encrypt+0x1c8/0x260 [vmx_crypto] [ 891.865993] [c000000338757ad0] [c0000000006c0ee0] skcipher_encrypt_blkcipher+0x60/0x80 [ 891.866128] [c000000338757b10] [c0000000006ec504] skcipher_recvmsg+0x424/0x530 [ 891.866283] [c000000338757bd0] [c000000000b00654] sock_recvmsg+0x74/0xa0 [ 891.866403] [c000000338757c10] [c000000000b00f64] ___sys_recvmsg+0xf4/0x2f0 [ 891.866515] [c000000338757d90] [c000000000b02bb8] __sys_recvmsg+0x68/0xe0 [ 891.866631] [c000000338757e30] [c00000000000bbe4] system_call+0x5c/0x70 Fixes: 8c755ace357c ("crypto: vmx - Adding CBC routines for VMX module") Fixes: c07f5d3da643 ("crypto: vmx - Adding support for XTS") Cc: stable(a)vger.kernel.org Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/crypto/vmx/aes_cbc.c | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/drivers/crypto/vmx/aes_cbc.c b/drivers/crypto/vmx/aes_cbc.c index 9506e8693c81..d8ef1147b344 100644 --- a/drivers/crypto/vmx/aes_cbc.c +++ b/drivers/crypto/vmx/aes_cbc.c @@ -111,24 +111,23 @@ static int p8_aes_cbc_encrypt(struct blkcipher_desc *desc, ret = crypto_blkcipher_encrypt(&fallback_desc, dst, src, nbytes); } else { - preempt_disable(); - pagefault_disable(); - enable_kernel_altivec(); - enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); ret = blkcipher_walk_virt(desc, &walk); while ((nbytes = walk.nbytes)) { + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); + enable_kernel_altivec(); aes_p8_cbc_encrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->enc_key, walk.iv, 1); + pagefault_enable(); + preempt_enable(); + nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); } - - pagefault_enable(); - preempt_enable(); } return ret; @@ -152,24 +151,23 @@ static int p8_aes_cbc_decrypt(struct blkcipher_desc *desc, ret = crypto_blkcipher_decrypt(&fallback_desc, dst, src, nbytes); } else { - preempt_disable(); - pagefault_disable(); - enable_kernel_altivec(); - enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); ret = blkcipher_walk_virt(desc, &walk); while ((nbytes = walk.nbytes)) { + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); + enable_kernel_altivec(); aes_p8_cbc_encrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->dec_key, walk.iv, 0); + pagefault_enable(); + preempt_enable(); + nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); } - - pagefault_enable(); - preempt_enable(); } return ret; -- 2.17.1

6 years, 9 months

2
3
0 0

request for 4.4-stable: 5817f977527e ("ethernet: ti: davinci_emac: add missing of_node_put after calling of_parse_phandle")

by SZ Lin (林上智)

Hi Greg, This patch is not marked for 4.4-stable, but it's already in 4.9 and 4.14 stable. Please apply to 4.4-stable. This patch adds necessary function when removing driver. -- SZ Lin (林上智)

6 years, 9 months

2
1
0 0

request for 4.4-stable: 86e1d5adcef96 ("net: ethernet: ti: cpsw: fix mdio device reference leak")

by SZ Lin (林上智)

Hi Greg, This patch is not marked for 4.4-stable, but it's already in 4.9 and 4.14 stable. Please apply to 4.4-stable. This patch fixed leak of mdio device reference. -- SZ Lin (林上智)

6 years, 9 months

2
1
0 0

request for 4.4-stable: 552165bcf7060 ("drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac config")

by SZ Lin (林上智)

Hi, This patch is not marked for 4.4-stable, but it's already in 4.9 and 4.14 stable. Please apply to 4.4-stable. This patch fixed parsing of phy-handle DT property in dual_emac config. -- SZ Lin (林上智)

6 years, 9 months

2
1
0 0

Please apply "netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user" to 3.18.y, 4.4.y, 4.9.y

by Greg Hackmann

e466af75c074 ("netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user") fixes an out-of-bounds read that happens when a userspace-controlled value is not NULL terminated. It looks like the fix was taken into 3.16.y but not kernels after it.

6 years, 9 months

2
1
0 0

[PATCH -stable] xhci: Fix use-after-free in xhci_free_virt_device

by Matthias Kaehlcke

From: Mathias Nyman <mathias.nyman(a)linux.intel.com> commit 44a182b9d17765514fa2b1cc911e4e65134eef93 upstream. KASAN found a use-after-free in xhci_free_virt_device+0x33b/0x38e where xhci_free_virt_device() sets slot id to 0 if udev exists: if (dev->udev && dev->udev->slot_id) dev->udev->slot_id = 0; dev->udev will be true even if udev is freed because dev->udev is not set to NULL. set dev->udev pointer to NULL in xhci_free_dev() The original patch went to stable so this fix needs to be applied there as well. Fixes: a400efe455f7 ("xhci: zero usb device slot_id member when disabling and freeing a xhci slot") Cc: <stable(a)vger.kernel.org> Reported-by: Guenter Roeck <linux(a)roeck-us.net> Reviewed-by: Guenter Roeck <linux(a)roeck-us.net> Tested-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Matthias Kaehlcke <mka(a)chromium.org> --- The original fix has been integrated into some recent -stable versions, but wasn't backported to older LTS kernel like v4.9 or v4.4. The context in xhci_free_dev() changed a bit because upstream added xhci_disable_slot(). drivers/usb/host/xhci.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index c190fabd1875..e9f5f9c32b49 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -3656,6 +3656,9 @@ void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev) } spin_lock_irqsave(&xhci->lock, flags); + + virt_dev->udev = NULL; + /* Don't disable the slot if the host controller is dead. */ state = readl(&xhci->op_regs->status); if (state == 0xffffffff || (xhci->xhc_state & XHCI_STATE_DYING) || -- 2.19.0.397.gdd90340f6a-goog

6 years, 9 months

2
1
0 0

Please apply e2c631ba75a7e727e8db0a9d30a06bfd434adb3a ("clocksource: Revert "Remove kthread") to 4.18.y

by Siegfried Metz

Hi stable-maintainers, Hi Greg, it seems that the patch to fix early boot stalling with Intel Core 2 processors, which Linus' already applied to his tree and could be found in >=4.19-rc3, somehow missed the CC: line for linux-stable to pick it up. As of now 4.18.8-rc1 does not include it. The latest kernel version unaffected by this issues is 4.17.19, so a backport to 4.18.y should be enough. Thank you for all your hard work, Siegfried

6 years, 9 months

2
1
0 0

[STABLE v4.14 PATCH] drm/i915: set DP Main Stream Attribute for color range on DDI platforms

by Jani Nikula

commit 6209c285e7a5e68dbcdf8fd2456c6dd68433806b upstream. Since Haswell we have no color range indication either in the pipe or port registers for DP. Instead, there's a separate register for setting the DP Main Stream Attributes (MSA) directly. The MSA register definition makes no references to colorimetry, just a vague reference to the DP spec. The connection to the color range was lost. Apparently we've failed to set the proper MSA bit for limited, or CEA, range ever since the first DDI platforms. We've started setting other MSA parameters since commit dae847991a43 ("drm/i915: add intel_ddi_set_pipe_settings"). Without the crucial bit of information, the DP sink has no way of knowing the source is actually transmitting limited range RGB, leading to "washed out" colors. With the colorimetry information, compliant sinks should be able to handle the limited range properly. Native (i.e. non-LSPCON) HDMI was not affected because we do pass the color range via AVI infoframes. Though not the root cause, the problem was made worse for DDI platforms with commit 55bc60db5988 ("drm/i915: Add "Automatic" mode for the "Broadcast RGB" property"), which selects limited range RGB automatically based on the mode, as per the DP, HDMI and CEA specs. After all these years, the fix boils down to flipping one bit. [Per testing reports, this fixes DP sinks, but not the LSPCON. My educated guess is that the LSPCON fails to turn the CEA range MSA into AVI infoframes for HDMI.] Reported-by: Michał Kopeć <mkopec12(a)gmail.com> Reported-by: N. W. <nw9165-3201(a)yahoo.com> Reported-by: Nicholas Stommel <nicholas.stommel(a)gmail.com> Reported-by: Tom Yan <tom.ty89(a)gmail.com> Tested-by: Nicholas Stommel <nicholas.stommel(a)gmail.com> References: https://bugs.freedesktop.org/show_bug.cgi?id=100023 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107476 Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=94921 Cc: Paulo Zanoni <paulo.r.zanoni(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v3.9+ Reviewed-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180814060001.18224-1-jani.n… (cherry picked from commit dc5977da99ea28094b8fa4e9bacbd29bedc41de5) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> --- drivers/gpu/drm/i915/i915_reg.h | 1 + drivers/gpu/drm/i915/intel_ddi.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h index c9bcc6c45012..b3f7ba3b11c5 100644 --- a/drivers/gpu/drm/i915/i915_reg.h +++ b/drivers/gpu/drm/i915/i915_reg.h @@ -8441,6 +8441,7 @@ enum skl_power_gate { #define TRANS_MSA_10_BPC (2<<5) #define TRANS_MSA_12_BPC (3<<5) #define TRANS_MSA_16_BPC (4<<5) +#define TRANS_MSA_CEA_RANGE (1<<3) /* LCPLL Control */ #define LCPLL_CTL _MMIO(0x130040) diff --git a/drivers/gpu/drm/i915/intel_ddi.c b/drivers/gpu/drm/i915/intel_ddi.c index 5e5fe03b638c..3a4a581345c4 100644 --- a/drivers/gpu/drm/i915/intel_ddi.c +++ b/drivers/gpu/drm/i915/intel_ddi.c @@ -1396,6 +1396,10 @@ void intel_ddi_set_pipe_settings(const struct intel_crtc_state *crtc_state) WARN_ON(transcoder_is_dsi(cpu_transcoder)); temp = TRANS_MSA_SYNC_CLK; + + if (crtc_state->limited_color_range) + temp |= TRANS_MSA_CEA_RANGE; + switch (crtc_state->pipe_bpp) { case 18: temp |= TRANS_MSA_6_BPC; -- 2.11.0

6 years, 9 months

2
1
0 0

[GIT PULL] commits for Linux 4.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 8ea7eadbef2f7103d5871016f03fc38b3adeaddb: Linux 4.18.7 (2018-09-09 10:32:43 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.18-14092018 for you to fetch changes up to d9c017f1381bc2369d5e82c95fd3641c60d3b24c: RDMA/cma: Do not ignore net namespace for unbound cm_id (2018-09-14 00:37:08 -0400) - ---------------------------------------------------------------- for-greg-4.18-14092018 - ---------------------------------------------------------------- Akshu Agrawal (1): ASoC: soc-pcm: Use delay set in component pointer function Alexandru Gagniuc (1): ALSA: hda/realtek - Add mute LED quirk for HP Spectre x360 Amit Daniel Kachhap (1): clk: scmi: Fix the rounding of clock rate Andrey Smirnov (1): mfd: rave-sp: Initialize flow control and parity of the port Anthony Koo (1): drm/amd/display: Prevent PSR from being enabled if initialization fails Anton Vasilyev (8): media: davinci: vpif_display: Mix memory leak on probe error path media: dw2102: Fix memleak on sequence of probes misc: ti-st: Fix memory leak in the error path of probe() firmware: vpd: Fix section enabled flag on vpd_section_destroy tty: rocket: Fix possible buffer overwrite on register_PCI scsi: 3ware: fix return 0 on the error path of probe regulator: tps65217: Fix NULL pointer dereference on probe gpio: ml-ioh: Fix buffer underwrite on probe error path Arun Parameswaran (1): net: phy: Fix the register offsets in Broadcom iProc mdio mux driver BingJing Chang (1): md/raid5: fix data corruption of replacements after originals dropped Brad Love (2): media: em28xx: Fix dual transport stream operation media: em28xx: Fix DualHD disconnect oops Calum Mackay (1): nfs: Referrals not inheriting proto setting from parent Chao Yu (10): f2fs: fix to active page in lru list for read path f2fs: fix to detect looped node chain correctly f2fs: try grabbing node page lock aggressively in sync scenario f2fs: fix to skip GC if type in SSA and SIT is inconsistent f2fs: fix to do sanity check with reserved blkaddr of inline inode f2fs: fix to wait on page writeback before updating page f2fs: fix to do sanity check with secs_per_zone f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize f2fs: fix to propagate return value of scan_nat_page() f2fs: fix to do sanity check with extra_attr feature Christophe Leroy (1): perf tools: Allow overriding MAX_NR_CPUS at compile time Dan Carpenter (4): misc: mic: SCIF Fix scif_get_new_port() error handling uio: potential double frees if __uio_register_device() fails pinctrl: imx: off by one in imx_pinconf_group_dbg_show() f2fs: Fix uninitialized return in f2fs_ioc_shutdown() Daniel Kurtz (1): pinctrl/amd: only handle irq if it is pending and unmasked Daniel Mack (1): gpio: pxa: disable pinctrl calls for PXA3xx Daniel Rosenberg (1): f2fs: Keep alloc_valid_block_count in sync Denis Drozdov (1): IB/IPoIB: Set ah valid flag in multicast send flow Dmitry Osipenko (1): gpio: tegra: Move driver registration to subsys_init level Emmanuel Grumbach (1): iwlwifi: pcie: don't access periphery registers when not available Felix Fietkau (2): ath9k: report tx status on EOSP ath9k_hw: fix channel maximum power level test Finn Thain (1): macintosh/via-pmu: Add missing mmio accessors Florian Fainelli (1): ethtool: Remove trailing semicolon for static inline Gaurav Kohli (1): timers: Clear timer_base::must_forward_clk with timer_base::lock held Geert Uytterhoeven (1): iommu/ipmmu-vmsa: Fix allocation in atomic context Guenter Roeck (1): powerpc/4xx: Fix error return path in ppc4xx_msi_probe() Huaisheng Ye (1): tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() Jae Hyun Yoo (1): i2c: aspeed: Add an explicit type casting for *get_clk_reg_val Jaegeuk Kim (1): f2fs: avoid potential deadlock in f2fs_sbi_store James Smart (1): scsi: lpfc: Fix driver crash when re-registering NVME rports. Jinbum Park (1): pktcdvd: Fix possible Spectre-v1 for pkt_devs Jiri Olsa (1): perf c2c report: Fix crash for empty browser Joerg Roedel (2): x86/mm: Remove in_nmi() warning from vmalloc_fault() x86/kexec: Allocate 8k PGDs for PTI Johan Hedberg (1): Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV John Pittman (1): dm cache: only allow a single io_mode cache feature to be requested Kan Liang (1): perf evlist: Fix error out while applying initial delay and LBR Katsuhiro Suzuki (1): media: helene: fix xtal frequency setting at power on Lijun Ou (2): RDMA/hns: Add illegal hop_num judgement RDMA/hns: Update the data type of immediate data Linus Walleij (1): tpm_tis_spi: Pass the SPI IRQ down to the driver Loic Poulain (1): wlcore: Set rx_status boottime_ns field on rx Lorenzo Pieralisi (2): PCI: mobiveil: Add missing ../pci.h include PCI: mobiveil: Fix struct mobiveil_pcie.pcie_reg_base address type Marc Zyngier (1): thermal_hwmon: Sanitize attribute name passed to hwmon Marcel Holtmann (1): Bluetooth: hidp: Fix handling of strncpy for hid->name information Mauricio Faria de Oliveira (2): partitions/aix: append null character to print data from disk partitions/aix: fix usage of uninitialized lv_info and lvname structures Michael Ellerman (1): powerpc/mm: Don't report PUDs as memory leaks when using kmemleak Michael Kelley (1): Drivers: hv: vmbus: Cleanup synic memory free path Mike Christie (2): scsi: target: fix __transport_register_session locking scsi: tcmu: do not set max_blocks if data_bitmap has been setup Ming Lei (1): blk-mq: fix updating tags depth Miquel Raynal (1): mtd: rawnand: make subop helpers return unsigned values Nicholas Mc Guire (2): MIPS: Octeon: add missing of_node_put() MIPS: generic: fix missing of_node_put() Nick Dyer (1): Input: atmel_mxt_ts - only use first T9 instance Niklas SÃ¶derlund (1): media: rcar-csi2: update stream start for V3M Olga Kornievskaia (1): NFSv4.0 fix client reference leak in callback Parav Pandit (1): RDMA/cma: Do not ignore net namespace for unbound cm_id Paul Burton (2): MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Peter Rosin (1): tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Petr Machata (1): net: dcb: For wild-card lookups, use priority -1, not 0 Philipp Zabel (1): gpu: ipu-v3: default to id 0 on missing OF alias Quentin Schulz (1): MIPS: mscc: ocelot: fix length of memory address space for MIIM Quinn Tran (3): scsi: qla2xxx: Fix unintended Logout scsi: qla2xxx: Fix session state stuck in Get Port DB scsi: qla2xxx: Silent erroneous message Randy Dunlap (1): f2fs: fix defined but not used build warnings Reza Arbab (1): powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage Robert Schlabbach (1): media: em28xx: explicitly disable TS packet filter Roman Gushchin (1): selftests/bpf: fix a typo in map in map test Sam Bobroff (1): powerpc/pseries: fix EEH recovery of some IOV devices Simon Horman (1): thermal: rcar_thermal: avoid NULL dereference in absence of IRQ resources Srinivas Kandagatla (1): rpmsg: core: add support to power domains for devices Srinivas Pandruvada (2): ata: libahci: Allow reconfigure of DEVSLP register ata: libahci: Correct setting of DEVSLP register Stefan Hajnoczi (1): device-dax: avoid hang on error before devm_memremap_pages() Surabhi Vishnoi (1): ath10k: disable bundle mgmt tx completion event support Sven Eckelmann (1): ath10k: prevent active scans on potential unusable channels Sylwester Nawrocki (1): media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions Takashi Iwai (10): ALSA: riptide: Properly endian notations ALSA: pcm: Fix sparse warning wrt PCM format type ALSA: wss: Fix sparse warning wrt PCM format type ALSA: xen: Use standard pcm_format_to_bits() for ALSA format bits ALSA: sb: Fix PCM format bit calculation ALSA: asihpi: Fix PCM format notations ALSA: ad1816a: Fix sparse warning wrt PCM format type ALSA: hda: Fix implicit PCM format type conversion ALSA: au88x0: Fix sparse warning wrt PCM format type ALSA: sb: Fix sparse warning wrt PCM format type Thomas Richter (1): perf build: Fix installation directory for eBPF Todor Tomov (1): media: camss: csid: Configure data type and decode format properly Trond Myklebust (1): NFSv4.1: Fix a potential layoutget/layoutrecall deadlock Vlad Buslov (2): tc-testing: flush gact actions on test teardown tc-testing: remove duplicate spaces in connmark match patterns Will Deacon (1): iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel Xiubo Li (1): uio: fix possible circular locking dependency Yelena Krivosheev (1): net: mvneta: fix mtu change on port without link YueHaibing (1): pinctrl: berlin: fix 'pctrl->functions' allocation in berlin_pinctrl_build_state Yunlong Song (2): f2fs: do not set free of current section f2fs: issue discard align to section in LFS mode Zumeng Chen (1): mfd: ti_am335x_tscadc: Fix struct clk memory leak arch/mips/boot/dts/mscc/ocelot.dtsi | 2 +- arch/mips/cavium-octeon/octeon-platform.c | 2 + arch/mips/generic/init.c | 1 + arch/mips/include/asm/io.h | 8 +-- arch/mips/mm/c-r4k.c | 6 +- arch/powerpc/include/asm/book3s/64/pgalloc.h | 23 ++++++- arch/powerpc/platforms/4xx/msi.c | 51 ++++++++------- arch/powerpc/platforms/powernv/npu-dma.c | 5 +- arch/powerpc/platforms/pseries/setup.c | 25 +++++--- arch/x86/kernel/machine_kexec_32.c | 5 +- arch/x86/mm/fault.c | 2 - block/blk-mq-tag.c | 8 +-- block/partitions/aix.c | 13 ++-- drivers/ata/libahci.c | 20 +++--- drivers/block/pktcdvd.c | 4 +- drivers/bluetooth/Kconfig | 1 + drivers/char/tpm/tpm_i2c_infineon.c | 8 +-- drivers/char/tpm/tpm_tis_spi.c | 9 ++- drivers/clk/clk-scmi.c | 5 +- drivers/dax/pmem.c | 12 ++-- drivers/firmware/google/vpd.c | 5 +- drivers/gpio/gpio-ml-ioh.c | 3 +- drivers/gpio/gpio-pxa.c | 35 ++++++++--- drivers/gpio/gpio-tegra.c | 2 +- drivers/gpu/drm/amd/display/dc/dce/dce_dmcu.c | 38 ++++++----- drivers/gpu/drm/amd/display/dc/inc/hw/dmcu.h | 2 +- drivers/gpu/ipu-v3/ipu-common.c | 2 + drivers/hv/hv.c | 14 +++-- drivers/i2c/busses/i2c-aspeed.c | 2 +- drivers/infiniband/core/cma.c | 13 +++- drivers/infiniband/hw/hns/hns_roce_hem.c | 3 + drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 12 ++-- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 6 +- drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 1 + drivers/input/touchscreen/atmel_mxt_ts.c | 7 ++- drivers/iommu/arm-smmu-v3.c | 22 +++++-- drivers/iommu/ipmmu-vmsa.c | 9 ++- drivers/macintosh/via-pmu.c | 9 +-- drivers/md/dm-cache-target.c | 19 ++++-- drivers/md/raid5.c | 6 ++ drivers/media/dvb-frontends/helene.c | 5 +- drivers/media/platform/davinci/vpif_display.c | 24 ++++--- .../media/platform/qcom/camss-8x16/camss-csid.c | 16 +++-- drivers/media/platform/rcar-vin/rcar-csi2.c | 20 ++++-- drivers/media/platform/s5p-mfc/s5p_mfc.c | 23 +++---- drivers/media/usb/dvb-usb/dw2102.c | 19 ++++-- drivers/media/usb/em28xx/em28xx-cards.c | 4 +- drivers/media/usb/em28xx/em28xx-core.c | 4 +- drivers/media/usb/em28xx/em28xx-dvb.c | 4 +- drivers/mfd/rave-sp.c | 7 +++ drivers/mfd/ti_am335x_tscadc.c | 3 +- drivers/misc/mic/scif/scif_api.c | 20 +++--- drivers/misc/ti-st/st_kim.c | 4 +- drivers/mtd/nand/raw/nand_base.c | 44 ++++++------- drivers/net/ethernet/marvell/mvneta.c | 1 - drivers/net/phy/mdio-mux-bcm-iproc.c | 20 ++++-- drivers/net/wireless/ath/ath10k/mac.c | 7 +++ drivers/net/wireless/ath/ath10k/wmi-tlv.c | 5 ++ drivers/net/wireless/ath/ath10k/wmi-tlv.h | 5 ++ drivers/net/wireless/ath/ath9k/hw.c | 7 ++- drivers/net/wireless/ath/ath9k/xmit.c | 3 +- drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 4 ++ drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 24 +++---- drivers/net/wireless/ti/wlcore/rx.c | 8 ++- drivers/pci/controller/pcie-mobiveil.c | 4 +- drivers/pinctrl/berlin/berlin.c | 14 +++-- drivers/pinctrl/freescale/pinctrl-imx.c | 2 +- drivers/pinctrl/pinctrl-amd.c | 3 +- drivers/regulator/tps65217-regulator.c | 2 + drivers/rpmsg/rpmsg_core.c | 7 +++ drivers/scsi/3w-9xxx.c | 6 +- drivers/scsi/3w-sas.c | 3 + drivers/scsi/3w-xxxx.c | 2 + drivers/scsi/lpfc/lpfc_nvme.c | 22 ++++--- drivers/scsi/qla2xxx/qla_init.c | 9 ++- drivers/scsi/qla2xxx/qla_target.c | 3 +- drivers/scsi/qla2xxx/qla_tmpl.c | 9 +++ drivers/target/target_core_transport.c | 5 +- drivers/target/target_core_user.c | 73 ++++++++++++---------- drivers/thermal/rcar_thermal.c | 2 +- drivers/thermal/thermal_hwmon.c | 1 + drivers/tty/rocket.c | 2 +- drivers/uio/uio.c | 19 +++--- fs/f2fs/f2fs.h | 15 +++-- fs/f2fs/file.c | 2 +- fs/f2fs/gc.c | 8 ++- fs/f2fs/inline.c | 22 +++++++ fs/f2fs/inode.c | 19 ++++-- fs/f2fs/node.c | 46 ++++++++++---- fs/f2fs/recovery.c | 4 +- fs/f2fs/segment.c | 20 +++++- fs/f2fs/segment.h | 3 + fs/f2fs/super.c | 25 ++++++-- fs/f2fs/sysfs.c | 16 +++-- fs/nfs/callback_proc.c | 4 +- fs/nfs/callback_xdr.c | 11 +++- fs/nfs/nfs4client.c | 6 +- include/linux/mtd/rawnand.h | 16 ++--- include/sound/hdaudio.h | 3 +- include/sound/sb16_csp.h | 2 +- include/uapi/linux/ethtool.h | 4 +- kernel/time/timer.c | 29 +++++---- net/bluetooth/hidp/core.c | 2 +- net/dcb/dcbnl.c | 11 ++-- sound/core/oss/pcm_oss.c | 2 +- sound/hda/hdac_device.c | 2 +- sound/isa/ad1816a/ad1816a_lib.c | 3 +- sound/isa/sb/sb16_csp.c | 6 +- sound/isa/sb/sb16_main.c | 9 ++- sound/isa/wss/wss_lib.c | 2 +- sound/pci/asihpi/asihpi.c | 24 +++---- sound/pci/au88x0/au88x0.h | 2 +- sound/pci/au88x0/au88x0_core.c | 2 +- sound/pci/hda/patch_realtek.c | 1 + sound/pci/riptide/riptide.c | 8 +-- sound/soc/soc-pcm.c | 5 ++ sound/xen/xen_snd_front_alsa.c | 4 +- tools/perf/Makefile.config | 4 +- tools/perf/builtin-c2c.c | 3 + tools/perf/perf.h | 2 + tools/perf/util/evsel.c | 14 +++++ tools/testing/nvdimm/pmem-dax.c | 12 ++-- tools/testing/selftests/bpf/test_verifier.c | 6 +- .../tc-testing/tc-tests/actions/connmark.json | 24 +++---- .../tc-testing/tc-tests/actions/mirred.json | 3 +- 125 files changed, 859 insertions(+), 436 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlucAK0ACgkQ3qZv95d3 LNx06BAAiTXS8g1gldKSOwbiSHiu5UJ3yWYf5YD3hFBmf6CZEOrJiIITNiQY3wiE jKsIC1+6FOkLaf+volT+NkpWHedK4OBuzeA6uqck3Z/VK8py99ms0emFXH/gId8V OJ3AAhql0vhP1Hrjf4a/2f2WgFf3dHhrnj+eZdIYIqRtTHXcz5MN9fZOmyseelf6 pf3zg/pR9SpHwFxp9JtS2JwvWqXv9hS40+wtyYq1UUNVrhtxLMtCb1iA1bWwWsqe kceNUDSTGw+zHurd7MGcARaEFFjp1s2uJyzBVqO34mxXhA+xUzXs0VoIuVvtYuNn iO/V41H5Hwuq5GX5eX617ep2pWiWxxKJQbOTqO883E9gdrFWBwDbDDXbdI/pzihA YFFsxwTJ82cgs0yllp7OvvCYquGNKJWP+fXuVvYi9mSvjAL4EAga0nG/bq58wa9z LjaZHdAUKAo1UuwDW6zYeXlI+0SFKB2jSh0sbI5JCZ/BOzEvEApMcwLv23VmpzDk EMoMMyu7osygweuoj9COFScDPrbkDJDOsaRHLmJrjK5JAvJTyFUtHiZKPtO1vU4e SZrXpOQC3dLDDplcl/4iRIxV9QlBh4ycb/z5Tdgx0icz8pD+ICPsERl47ZvsO198 RiYjjGEBXaZ8ZQFgMoj5U+aJ5WEyAeK8K+76+5VWCgO7It6HcHs= =yeXI -----END PGP SIGNATURE-----

6 years, 9 months

2
1
0 0

Re: ubifs: regression since "ubifs: xattr: Don't operate on deleted inodes"

by gregkh＠linuxfoundation.org

adding stable@ for stable kernel issues... On Thu, Sep 13, 2018 at 09:58:35AM +0200, Koen Vandeputte wrote: > Hi all, > > I'm currently in the process of updating the kernel version within OpenWrt. > (4.14.68 to 4.14.69) > > Testing shows some issues on devices using specifically UBIFS. > Altering a perfect valid writable file shows weird errors: > > > [ Node 2 | node-2 ] ls -l /root/custom/scripts/banner.sh > -rwxr-xr-x 1 root root 283 Sep 11 09:52 > /root/custom/scripts/banner.sh > > [ Node 2 | node-2 ] cat /root/custom/scripts/banner.sh > #!/bin/sh > > if [ ! -f /root/.banner_ok ] > then > RELEASE=$(cat /root/build_date) > VERSION=$(cat /root/version) > > echo "Generating banner: $VERSION $RELEASE" > sed s/VERSION/$VERSION/g /root/custom/banner > /etc/banner > sed -i s/RELEASE/$RELEASE/g /etc/banner > > touch /root/.banner_ok > fi > > [ Node 2 | node-2 ] echo "test" > /root/custom/scripts/banner.sh > -ash: can't create /root/custom/scripts/banner.sh: nonexistent directory > > > > I'm also noticing other apps fail because /etc doesn't exists yet after > UBIFS boot loading. > these 2 issues were not seen on 4.14.68. > > The bootlog doesn't show any error: > https://pastebin.com/raw/dJx47uBp > > > I'm only seeing these issues on UBIFS enabled volumes. > Reverting ("ubifs: xattr: Don't operate on deleted inodes") fixes these > weird issues. Do you also have the same problem on Linus's latest tree, or 4.18, with this change in the tree? thanks, greg k-h

6 years, 9 months

5
4
0 0

FAILED: patch "[PATCH] ARC: [plat-axs*]: Enable SWAP" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c83532fb0fe053d2e43e9387354cb1b52ba26427 Mon Sep 17 00:00:00 2001 From: Alexey Brodkin <abrodkin(a)synopsys.com> Date: Thu, 2 Aug 2018 11:50:16 +0300 Subject: [PATCH] ARC: [plat-axs*]: Enable SWAP SWAP support on ARC was fixed earlier by commit 6e3761145a9b ("ARC: Fix CONFIG_SWAP") so now we may safely enable it on platforms that have external media like USB and SD-card. Note: it was already allowed for HSDK Signed-off-by: Alexey Brodkin <abrodkin(a)synopsys.com> Cc: stable(a)vger.kernel.org # 6e3761145a9b: ARC: Fix CONFIG_SWAP Signed-off-by: Vineet Gupta <vgupta(a)synopsys.com> diff --git a/arch/arc/configs/axs101_defconfig b/arch/arc/configs/axs101_defconfig index 41a97eb7598d..41bc08be6a3b 100644 --- a/arch/arc/configs/axs101_defconfig +++ b/arch/arc/configs/axs101_defconfig @@ -1,4 +1,3 @@ -# CONFIG_SWAP is not set CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y # CONFIG_CROSS_MEMORY_ATTACH is not set diff --git a/arch/arc/configs/axs103_defconfig b/arch/arc/configs/axs103_defconfig index d8e2ca2385cc..1e1c4a8011b5 100644 --- a/arch/arc/configs/axs103_defconfig +++ b/arch/arc/configs/axs103_defconfig @@ -1,4 +1,3 @@ -# CONFIG_SWAP is not set CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y # CONFIG_CROSS_MEMORY_ATTACH is not set diff --git a/arch/arc/configs/axs103_smp_defconfig b/arch/arc/configs/axs103_smp_defconfig index 1e729b9726cd..6b0c0cfd5c30 100644 --- a/arch/arc/configs/axs103_smp_defconfig +++ b/arch/arc/configs/axs103_smp_defconfig @@ -1,4 +1,3 @@ -# CONFIG_SWAP is not set CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y # CONFIG_CROSS_MEMORY_ATTACH is not set

6 years, 9 months

2
2
0 0

Re: [PATCH v2] [v2] crypto: aes-generic - fix aes-generic regression on powerpc

by Horia Geanta

On 1/20/2018 2:44 AM, Herbert Xu wrote: > On Mon, Jan 15, 2018 at 05:07:22PM +0100, Arnd Bergmann wrote: >> My last bugfix added -Os on the command line, which unfortunately caused >> a build regression on powerpc in some configurations. >> >> I've done some more analysis of the original problem and found slightly >> different workaround that avoids this regression and also results in >> better performance on gcc-7.0: -fcode-hoisting is an optimization step >> that got added in gcc-7 and that for all gcc-7 versions causes worse >> performance. >> >> This disables -fcode-hoisting on all compilers that understand the option. >> For gcc-7.1 and 7.2 I found the same performance as my previous patch >> (using -Os), in gcc-7.0 it was even better. On gcc-8 I could see no >> change in performance from this patch. In theory, code hoisting should >> not be able make things better for the AES cipher, so leaving it >> disabled for gcc-8 only serves to simplify the Makefile change. >> >> Reported-by: kbuild test robot <fengguang.wu(a)intel.com> >> Link: https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg30418.html >> Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83356 >> Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83651 >> Fixes: 148b974deea9 ("crypto: aes-generic - build with -Os on gcc-7+") >> Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> > > Patch applied. Thanks. > This fix ("commit 6e36719fbe90213fbba9f50093fa2d4d69b0e93c upstream") is needed also in 4.14.y stable tree, since it contains commit 7cae67e31292 ("crypto: aes-generic - build with -Os on gcc-7+") Compilation fails without it: crypto/aes_generic.o: In function `crypto_aes_set_key': crypto/aes_generic.c:1300: undefined reference to `_restgpr_31_x' Thanks, Horia

6 years, 9 months

2
1
0 0

[PATCH 4.18 000/197] 4.18.8-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.8 release. There are 197 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Sep 15 13:17:57 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.8-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.8-rc1 Gustavo A. R. Silva <gustavo(a)embeddedor.com> ASoC: wm8994: Fix missing break in switch Robert Munteanu <rombert(a)apache.org> HID: redragon: fix num lock and caps lock LEDs Arnd Bergmann <arnd(a)arndb.de> x86: kvm: avoid unused variable warning Junaid Shahid <junaids(a)google.com> kvm: x86: Set highest physical address bits in non-present/reserved SPTEs Randy Dunlap <rdunlap(a)infradead.org> kbuild: make missing $DEPMOD a Warning instead of an Error Juergen Gross <jgross(a)suse.com> x86/xen: don't write ptes directly in 32-bit PV guests Juergen Gross <jgross(a)suse.com> x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear Joel Fernandes (Google) <joel(a)joelfernandes.org> debugobjects: Make stack check warning more informative Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: Don't warn on destroying a pinned BO Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: Warn and update pin_size values when destroying a pinned BO Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: Make pin_size values atomic Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: Keep track of amount of pinned CPU visible VRAM Chuanhua Lei <chuanhua.lei(a)linux.intel.com> x86/tsc: Prevent result truncation on 32bit Jani Nikula <jani.nikula(a)intel.com> drm/i915: set DP Main Stream Attribute for color range on DDI platforms Nadav Amit <namit(a)vmware.com> mm: respect arch_dup_mmap() return value Randy Dunlap <rdunlap(a)infradead.org> uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name Jan-Marek Glogowski <glogow(a)fbihome.de> drm/i915: Re-apply "Perform link quality check, unconditionally during long pulse" Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix incorrect use of drm_file->pid Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix incorrect use of fcheck Likun Gao <Likun.Gao(a)amd.com> drm/amdgpu:add VCN booting with firmware loaded by PSP Likun Gao <Likun.Gao(a)amd.com> drm/amdgpu:add VCN support in PSP driver Likun Gao <Likun.Gao(a)amd.com> drm/amdgpu:add new firmware id for VCN James Zhu <jzhums(a)gmail.com> drm/amdgpu:add tmr mc address into amdgpu_firmware_info James Zhu <jzhums(a)gmail.com> drm/amdgpu: update tmr mc address Mikita Lipski <mikita.lipski(a)amd.com> drm/amd/display: Check if clock source in use before disabling Mikita Lipski <mikita.lipski(a)amd.com> drm/amd/display: Pass connector id when executing VBIOS CT Sandy Huang <hjc(a)rock-chips.com> drm/rockchip: vop: fix irq disabled after vop driver probed Heiko Stuebner <heiko(a)sntech.de> drm/rockchip: vop: split out core clock enablement into separate functions Julia Lawall <Julia.Lawall(a)lip6.fr> drm/rockchip: lvds: add missing of_node_put Harry Wentland <harry.wentland(a)amd.com> drm/amd/display: Report non-DP display as disconnected without EDID Leo (Sunpeng) Li <sunpeng.li(a)amd.com> drm/amd/display: Use requested HDMI aspect ratio Mikita Lipski <mikita.lipski(a)amd.com> drm/amd/display: update clk for various HDMI color depths Mikita Lipski <mikita.lipski(a)amd.com> drm/amd/display: Don't share clk source between DP and HDMI Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/amd/display: fix type of variable Kai-Heng Feng <kai.heng.feng(a)canonical.com> drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 Lubosz Sarnecki <lubosz.sarnecki(a)collabora.com> drm/edid: Quirk Vive Pro VR headset non-desktop. Rex Zhu <rex.zhu(a)amd.com> drm/amd/pp/Polaris12: Fix a chunk of registers missed to program Evan Quan <evan.quan(a)amd.com> drm/amd/powerplay: fixed uninitialized value Rex Zhu <rex.zhu(a)amd.com> drm/amd/pp: Convert voltage unit in mV*4 to mV on CZ/ST Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode Rex Zhu <rex.zhu(a)amd.com> drm/amdgpu: fix a reversed condition Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: update uvd_v6_0_ring_vm_funcs to use new nop packet Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/i915: Free write_buf that we allocated with kzalloc. Fredrik Schön <fredrikschon(a)gmail.com> drm/i915: Increase LSPCON timeout Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Nuke the LVDS lid notifier Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks" David Sterba <dsterba(a)suse.com> btrfs: fix mount and ioctl device scan ioctl race David Sterba <dsterba(a)suse.com> btrfs: reorder initialization before the mount locks uuid_mutex David Sterba <dsterba(a)suse.com> btrfs: lift uuid_mutex to callers of btrfs_parse_early_options David Sterba <dsterba(a)suse.com> btrfs: lift uuid_mutex to callers of btrfs_scan_one_device Anand Jain <anand.jain(a)oracle.com> btrfs: use device_list_mutex when removing stale devices Anand Jain <anand.jain(a)oracle.com> btrfs: rename local devices for fs_devices in btrfs_free_stale_devices( Anand Jain <anand.jain(a)oracle.com> btrfs: extend locked section when adding a new device in device_list_add Anand Jain <anand.jain(a)oracle.com> btrfs: do btrfs_free_stale_devices outside of device_list_add Marc Zyngier <marc.zyngier(a)arm.com> ARM: rockchip: Force CONFIG_PM on Rockchip systems Marc Zyngier <marc.zyngier(a)arm.com> arm64: rockchip: Force CONFIG_PM on Rockchip systems Bart Van Assche <bart.vanassche(a)wdc.com> btrfs: Fix a C compliance issue Qu Wenruo <wqu(a)suse.com> btrfs: Don't remove block group that still has pinned down bytes David Sterba <dsterba(a)suse.com> btrfs: lift uuid_mutex to callers of btrfs_open_devices Qu Wenruo <wqu(a)suse.com> btrfs: check-integrity: Fix NULL pointer dereference for degraded mount Qu Wenruo <wqu(a)suse.com> btrfs: tree-checker: Detect invalid and empty essential trees Qu Wenruo <wqu(a)suse.com> btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized Anand Jain <anand.jain(a)oracle.com> btrfs: fix in-memory value of total_devices after seed device deletion Misono Tomohiro <misono.tomohiro(a)jp.fujitsu.com> btrfs: replace: Reset on-disk dev stats value after replace Qu Wenruo <wqu(a)suse.com> btrfs: Exit gracefully when chunk map cannot be inserted to the tree Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: fix crash in GPU suspend when init failed due to buffer placement Jim Mattson <jmattson(a)google.com> kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: vmx: track host_state.loaded using a loaded_vmcs pointer David Francis <David.Francis(a)amd.com> drm/amd/display: Read back max backlight value at boot Levin Du <djw(a)t-chip.com.cn> clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 Mahesh Salgaonkar <mahesh(a)linux.vnet.ibm.com> powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX. Masahiro Yamada <yamada.masahiro(a)socionext.com> um: fix parallel building with O= option Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Make rfi_flush_fallback a little more robust Randy Dunlap <rdunlap(a)infradead.org> powerpc/platforms/85xx: fix t1042rdb_diu.c build errors & warning Steve French <stfrench(a)microsoft.com> smb3: if server does not support posix do not allow posix mount option Steve French <stfrench(a)microsoft.com> SMB3: Number of requests sent should be displayed for SMB3 not just CIFS Aurelien Aptel <aaptel(a)suse.com> CIFS: fix memory leak and remove dead code Steve French <stfrench(a)microsoft.com> smb3: fix reset of bytes read and written stats Bart Van Assche <bart.vanassche(a)wdc.com> cfq: Suppress compiler warnings about comparisons YueHaibing <yuehaibing(a)huawei.com> RDS: IB: fix 'passing zero to ERR_PTR()' warning nixiaoming <nixiaoming(a)huawei.com> selinux: cleanup dentry and inodes on error in selinuxfs Breno Leitao <leitao(a)debian.org> selftests/powerpc: Kill child processes on SIGINT Ralf Goebel <ralf.goebel(a)imago-technologies.com> iommu/omap: Fix cache flushes on L2 table entries Matthias Kaehlcke <mka(a)chromium.org> ASoC: rt5677: Fix initialization of rt5677_of_match.data Ian Abbott <abbotti(a)mev.co.uk> staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice John Pittman <jpittman(a)redhat.com> dm kcopyd: avoid softlockup in run_complete_job Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> PCI: mvebu: Fix I/O space end address calculation Roger Pau Monne <roger.pau(a)citrix.com> xen/balloon: fix balloon initialization for PVH Dom0 Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: do not use WARN() in input_alloc_absinfo() Wei Yongjun <weiyongjun1(a)huawei.com> NFSv4: Fix error handling in nfs4_sp4_select_mode() Dan Carpenter <dan.carpenter(a)oracle.com> scsi: aic94xx: fix an error code in aic94xx_init() Jianchao Wang <jianchao.w.wang(a)oracle.com> blk-mq: count the hctx as active before allocating tag Hans de Goede <hdegoede(a)redhat.com> ACPI / scan: Initialize status to ACPI_STA_DEFAULT Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix panic for failed online processing Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix hanging offline processing due to canceled worker Winnie Chang <winnie.chang(a)cypress.com> brcmfmac: fix brcmf_wiphy_wowl_params() NULL pointer dereference Greg Edwards <gedwards(a)ddn.com> block: bvec_nr_vecs() returns value for wrong slab Sandipan Das <sandipan(a)linux.ibm.com> perf probe powerpc: Fix trace event post-processing Dan Carpenter <dan.carpenter(a)oracle.com> powerpc: Fix size calculation using resource_size() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/uaccess: Enable get_user(u64, *p) on 32-bit Yonghong Song <yhs(a)fb.com> bpf: fix bpffs non-array map seq_show issue Anton Vasilyev <vasilyev(a)ispras.ru> pinctrl: axp209: Fix NULL pointer dereference after allocation Chao Yu <yuchao0(a)huawei.com> f2fs: fix to clear PG_checked flag in set_page_dirty() Jean-Philippe Brucker <jean-philippe.brucker(a)arm.com> net/9p: fix error path of p9_virtio_probe Tomas Bortoli <tomasbortoli(a)gmail.com> net/9p/trans_fd.c: fix race by holding the lock Jonas Gorski <jonas.gorski(a)gmail.com> irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP Dan Carpenter <dan.carpenter(a)oracle.com> irqchip/stm32: Fix init error handling Palmer Dabbelt <palmer(a)sifive.com> RISC-V: Use KBUILD_CFLAGS instead of KCFLAGS when building the vDSO Chao Yu <yuchao0(a)huawei.com> f2fs: fix avoid race between truncate and background GC Chao Yu <yuchao0(a)huawei.com> f2fs: avoid race between zero_range and background GC Benno Evers <bevers(a)mesosphere.com> perf tools: Check for null when copying nsinfo. Denis Efremov <efremov(a)linux.com> coccicheck: return proper error code on fail Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Guard against null crtc in CRC IRQ Myron Stowe <myron.stowe(a)redhat.com> PCI: Match Root Port's MPS to endpoint's MPSS as necessary Jian Shen <shenjian15(a)huawei.com> net: hns3: Fix for phy link issue when using marvell phy driver Jens Axboe <axboe(a)kernel.dk> block: don't warn for flush on read-only device Xi Wang <wangxi11(a)huawei.com> net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero Kim Phillips <kim.phillips(a)arm.com> perf arm spe: Fix uninitialized record error variable Erik Schmauss <erik.schmauss(a)intel.com> ACPICA: ACPICA: add status check for acpi_hw_read before assigning return value Gal Pressman <pressmangal(a)gmail.com> RDMA/hns: Fix usage of bitmap allocation functions return values Richard Weinberger <richard(a)nod.at> ubi: Initialize Fastmap checkmapping correctly Daniel Borkmann <daniel(a)iogearbox.net> tcp, ulp: add alias for all ulp modules Florian Westphal <fw(a)strlen.de> netfilter: fix memory leaks on netlink_dump_start error Aleh Filipovich <aleh(a)vaolix.com> platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 Michal Hocko <mhocko(a)suse.com> netfilter: x_tables: do not fail xt_alloc_table_info too easilly Guenter Roeck <linux(a)roeck-us.net> mfd: sm501: Set coherent_dma_mask when creating subdevices Tan Hu <tan.hu(a)zte.com.cn> ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() Philipp Rudo <prudo(a)linux.ibm.com> s390/kdump: Fix memleak in nt_vmcoreinfo Florian Westphal <fw(a)strlen.de> netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses Jesper Dangaard Brouer <brouer(a)redhat.com> samples/bpf: all XDP samples should unload xdp/bpf prog on SIGTERM Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix leakage of smap_psock_map_entry Tariq Toukan <tariqt(a)mellanox.com> net/xdp: Fix suspicious RCU usage warning Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix sock_map_ctx_update_elem race with exist/noexist Daniel Borkmann <daniel(a)iogearbox.net> tcp, ulp: fix leftover icsk_ulp_ops preventing sock from reattach Daniel Borkmann <daniel(a)iogearbox.net> bpf, sockmap: fix map elem deletion race with smap_stop_sock Randy Dunlap <rdunlap(a)infradead.org> platform/x86: intel_punit_ipc: fix build errors Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() Mike Rapoport <rppt(a)linux.vnet.ibm.com> mm: make DEFERRED_STRUCT_PAGE_INIT explicitly depend on SPARSEMEM Andrey Ryabinin <aryabinin(a)virtuozzo.com> mm/fadvise.c: fix signed overflow UBSAN complaint Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> powerpc/topology: Get topology for shared processors at boot Jerome Brunet <jbrunet(a)baylibre.com> pwm: meson: Fix mux clock names Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Invalid NUMA node information can cause a divide by zero Hans de Goede <hdegoede(a)redhat.com> i2c: core: ACPI: Make acpi_gsb_i2c_read_bytes() check i2c_transfer return value Arnd Bergmann <arnd(a)arndb.de> x86/mce: Add notifier_block forward declaration Suzuki K Poulose <suzuki.poulose(a)arm.com> virtio: pci-legacy: Validate queue pfn Dan Carpenter <dan.carpenter(a)oracle.com> apparmor: fix an error code in __aa_create_ns() Randy Dunlap <rdunlap(a)infradead.org> scripts: modpost: check memory allocation results Johannes Berg <johannes.berg(a)intel.com> workqueue: re-add lockdep dependencies for flushing Johannes Berg <johannes.berg(a)intel.com> workqueue: skip lockdep wq dependency in cancel_work_sync() OGAWA Hirofumi <hirofumi(a)mail.parknet.co.jp> fat: validate ->i_start before using James Morse <james.morse(a)arm.com> fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries Marc Zyngier <marc.zyngier(a)arm.com> iommu/rockchip: Move irq request past pm_runtime_enable Ernesto A. Fernández <ernesto.mnd.fernandez(a)gmail.com> hfsplus: fix NULL dereference in hfsplus_lookup() Marc Zyngier <marc.zyngier(a)arm.com> iommu/rockchip: Handle errors returned from PM framework Arnd Bergmann <arnd(a)arndb.de> reiserfs: change j_timestamp type to time64_t Arnd Bergmann <arnd(a)arndb.de> fs/proc/vmcore.c: hide vmcoredd_mmap_dumps() for nommu builds Jann Horn <jannh(a)google.com> fork: don't copy inconsistent signal handler state to child Laura Abbott <labbott(a)redhat.com> sunrpc: Don't use stack buffer with scatterlist Ernesto A. Fernández <ernesto.mnd.fernandez(a)gmail.com> hfs: prevent crash on exit from failed search Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: don't return 0 when fill_super() failed Ronnie Sahlberg <lsahlber(a)redhat.com> cifs: check if SMB2 PDU size has been padded and suppress the warning Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: ignore devices that are not PCI Jason Wang <jasowang(a)redhat.com> vhost: correctly check the iova range when waking virtqueue Ido Schimmel <idosch(a)mellanox.com> mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge Xin Long <lucien.xin(a)gmail.com> sctp: hold transport before accessing its asoc in sctp_transport_get_next Jakub Kicinski <jakub.kicinski(a)netronome.com> nfp: wait for posted reconfigs when disabling the device Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> ip6_vti: fix a null pointer deference when destroy vti6 tunnel Haishuang Yan <yanhaishuang(a)cmss.chinamobile.com> ip6_vti: fix creating fallback tunnel device for vti6 Jerome Brunet <jbrunet(a)baylibre.com> Revert "net: stmmac: Do not keep rearming the coalesce timer in stmmac_xmit" Azat Khuzhin <a3at.mail(a)gmail.com> r8169: set RxConfig after tx/rx is enabled for RTL8169sb/8110sb devices Tariq Toukan <tariqt(a)mellanox.com> net/mlx5: Fix SQ offset in QPs with small RQ David Ahern <dsahern(a)gmail.com> net/ipv6: Put lwtstate when destroying fib6_info David Ahern <dsahern(a)gmail.com> net/ipv6: Only update MTU metric if it set Hangbin Liu <liuhangbin(a)gmail.com> net/ipv6: init ip6 anycast rt->dst.input as ip6_input Alexey Kodanev <alexey.kodanev(a)oracle.com> ipv6: don't get lwtstate twice in ip6_rt_copy_init() Ahmad Fatoum <a.fatoum(a)pengutronix.de> net: macb: Fix regression breaking non-MDIO fixed-link PHYs Xin Long <lucien.xin(a)gmail.com> erspan: set erspan_ver to 1 by default when adding an erspan dev Xin Long <lucien.xin(a)gmail.com> sctp: remove useless start_fail from sctp_ht_iter in proc Haiqing Bai <Haiqing.Bai(a)windriver.com> tipc: fix the big/little endian issue in tipc_dest Dexuan Cui <decui(a)microsoft.com> hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() Cong Wang <xiyou.wangcong(a)gmail.com> tipc: fix a missing rhashtable_walk_exit() Davide Caratti <dcaratti(a)redhat.com> net/sched: act_pedit: fix dump of extended layered op Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA. Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Clean up unused functions. Vlad Buslov <vladbu(a)mellanox.com> net: sched: action_ife: take reference to meta module Cong Wang <xiyou.wangcong(a)gmail.com> act_ife: fix a potential deadlock Cong Wang <xiyou.wangcong(a)gmail.com> act_ife: move tcfa_lock down to where necessary Alexey Kodanev <alexey.kodanev(a)oracle.com> vti6: remove !skb->ignore_df check from vti6_xmit() Florian Westphal <fw(a)strlen.de> tcp: do not restart timewait timer on rst reception Anthony Wong <anthony.wong(a)ubuntu.com> r8169: add support for NCube 8168 network card Kai-Heng Feng <kai.heng.feng(a)canonical.com> r8152: disable RX aggregation on new Dell TB16 dock Manish Chopra <manish.chopra(a)cavium.com> qlge: Fix netdev features configuration. Kees Cook <keescook(a)chromium.org> net: sched: Fix memory exposure from short TCA_U32_SEL Anssi Hannula <anssi.hannula(a)bitwise.fi> net: macb: do not disable MDIO bus at open/close time Doug Berger <opendmb(a)gmail.com> net: bcmgenet: use MAC link status for fixed phy Eric Dumazet <edumazet(a)google.com> ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state Cong Wang <xiyou.wangcong(a)gmail.com> act_ife: fix a potential use-after-free ------------- Diffstat: Makefile | 4 +- arch/arm/mach-rockchip/Kconfig | 1 + arch/arm64/Kconfig.platforms | 1 + arch/powerpc/include/asm/topology.h | 5 + arch/powerpc/include/asm/uaccess.h | 13 +- arch/powerpc/kernel/exceptions-64s.S | 6 + arch/powerpc/kernel/smp.c | 5 + arch/powerpc/mm/numa.c | 20 +-- arch/powerpc/platforms/85xx/t1042rdb_diu.c | 4 + arch/powerpc/platforms/pseries/ras.c | 2 +- arch/powerpc/sysdev/mpic_msgr.c | 2 +- arch/riscv/kernel/vdso/Makefile | 4 +- arch/s390/kernel/crash_dump.c | 17 ++- arch/um/Makefile | 3 +- arch/x86/include/asm/mce.h | 1 + arch/x86/include/asm/pgtable-3level.h | 7 +- arch/x86/kernel/tsc.c | 4 +- arch/x86/kvm/mmu.c | 43 ++++++- arch/x86/kvm/vmx.c | 26 ++-- arch/x86/kvm/x86.c | 12 +- arch/x86/xen/mmu_pv.c | 7 +- block/bio.c | 2 +- block/blk-core.c | 4 +- block/blk-mq-tag.c | 3 + block/blk-mq.c | 8 +- block/cfq-iosched.c | 22 ++-- drivers/acpi/acpica/hwregs.c | 9 +- drivers/acpi/scan.c | 5 +- drivers/clk/rockchip/clk-rk3399.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu.h | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 23 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 38 ++++-- drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 + drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c | 21 +--- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 17 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 20 ++- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/psp_v10_0.c | 3 + drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c | 3 +- drivers/gpu/drm/amd/amdgpu/vcn_v1_0.c | 40 ++++-- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crc.c | 10 +- .../gpu/drm/amd/display/dc/bios/command_table.c | 18 +++ drivers/gpu/drm/amd/display/dc/core/dc_link.c | 11 ++ drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 68 ++++++++--- drivers/gpu/drm/amd/display/dc/dc.h | 1 + .../gpu/drm/amd/display/dc/dce/dce_link_encoder.c | 4 +- .../drm/amd/display/dc/dce100/dce100_resource.c | 2 +- .../drm/amd/display/dc/dce110/dce110_compressor.c | 2 +- .../amd/display/dc/dce110/dce110_hw_sequencer.c | 4 +- .../gpu/drm/amd/display/dc/dce80/dce80_resource.c | 3 + drivers/gpu/drm/amd/display/dc/inc/resource.h | 5 + .../gpu/drm/amd/powerplay/hwmgr/smu7_powertune.c | 43 +++++++ drivers/gpu/drm/amd/powerplay/hwmgr/smu8_hwmgr.c | 5 +- drivers/gpu/drm/amd/powerplay/hwmgr/vega12_hwmgr.c | 2 +- drivers/gpu/drm/drm_edid.c | 6 +- drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 1 + drivers/gpu/drm/i915/i915_drv.c | 10 -- drivers/gpu/drm/i915/i915_drv.h | 8 -- drivers/gpu/drm/i915/i915_reg.h | 1 + drivers/gpu/drm/i915/intel_ddi.c | 4 + drivers/gpu/drm/i915/intel_dp.c | 33 ++--- drivers/gpu/drm/i915/intel_hdmi.c | 8 +- drivers/gpu/drm/i915/intel_lpe_audio.c | 4 +- drivers/gpu/drm/i915/intel_lspcon.c | 2 +- drivers/gpu/drm/i915/intel_lvds.c | 136 +-------------------- drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 69 +++++++---- drivers/gpu/drm/rockchip/rockchip_lvds.c | 4 +- drivers/hid/hid-redragon.c | 26 +--- drivers/i2c/i2c-core-acpi.c | 8 +- drivers/infiniband/hw/hfi1/affinity.c | 24 +++- drivers/infiniband/hw/hns/hns_roce_pd.c | 2 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 5 +- drivers/input/input.c | 16 ++- drivers/iommu/omap-iommu.c | 4 +- drivers/iommu/rockchip-iommu.c | 45 ++++--- drivers/irqchip/irq-bcm7038-l1.c | 4 + drivers/irqchip/irq-stm32-exti.c | 25 ++-- drivers/md/dm-kcopyd.c | 2 + drivers/mfd/sm501.c | 1 + drivers/mtd/ubi/vtbl.c | 20 +-- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 9 +- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 3 +- drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c | 7 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 20 --- drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.h | 1 - drivers/net/ethernet/broadcom/genet/bcmgenet.h | 3 + drivers/net/ethernet/broadcom/genet/bcmmii.c | 10 +- drivers/net/ethernet/cadence/macb_main.c | 36 ++++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/wq.c | 5 +- drivers/net/ethernet/mellanox/mlxsw/spectrum.h | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 11 ++ .../ethernet/mellanox/mlxsw/spectrum_switchdev.c | 20 +++ .../net/ethernet/netronome/nfp/nfp_net_common.c | 48 +++++--- drivers/net/ethernet/qlogic/qlge/qlge_main.c | 23 ++-- drivers/net/ethernet/realtek/r8169.c | 7 +- drivers/net/ethernet/stmicro/stmmac/stmmac.h | 1 - drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 +- drivers/net/hyperv/netvsc_drv.c | 16 ++- drivers/net/usb/r8152.c | 4 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 8 +- drivers/pci/controller/pci-mvebu.c | 2 +- drivers/pci/probe.c | 12 +- drivers/pinctrl/pinctrl-axp209.c | 26 +++- drivers/platform/x86/asus-nb-wmi.c | 1 + drivers/platform/x86/intel_punit_ipc.c | 1 + drivers/pwm/pwm-meson.c | 3 +- drivers/s390/block/dasd_eckd.c | 10 +- drivers/scsi/aic94xx/aic94xx_init.c | 4 +- drivers/staging/comedi/drivers/ni_mio_common.c | 3 +- drivers/vhost/vhost.c | 2 +- drivers/virtio/virtio_pci_legacy.c | 14 ++- drivers/xen/xen-balloon.c | 2 +- fs/btrfs/check-integrity.c | 7 +- fs/btrfs/dev-replace.c | 6 + fs/btrfs/extent-tree.c | 2 +- fs/btrfs/relocation.c | 23 ++-- fs/btrfs/super.c | 44 ++++--- fs/btrfs/tree-checker.c | 15 ++- fs/btrfs/volumes.c | 94 ++++++++------ fs/cifs/cifs_debug.c | 8 ++ fs/cifs/connect.c | 8 +- fs/cifs/smb2misc.c | 7 ++ fs/cifs/smb2pdu.c | 103 ++++++++-------- fs/dcache.c | 3 +- fs/f2fs/data.c | 8 ++ fs/f2fs/file.c | 48 +++++--- fs/fat/cache.c | 19 +-- fs/fat/fat.h | 5 + fs/fat/fatent.c | 6 +- fs/hfs/brec.c | 7 +- fs/hfsplus/dir.c | 4 +- fs/hfsplus/super.c | 4 +- fs/nfs/nfs4proc.c | 2 +- fs/proc/kcore.c | 4 +- fs/proc/vmcore.c | 2 + fs/reiserfs/reiserfs.h | 2 +- include/linux/pci_ids.h | 2 + include/net/tcp.h | 4 + include/uapi/linux/keyctl.h | 2 +- kernel/bpf/inode.c | 8 +- kernel/bpf/sockmap.c | 120 ++++++++++-------- kernel/fork.c | 5 +- kernel/workqueue.c | 45 ++++--- lib/debugobjects.c | 7 +- mm/Kconfig | 2 +- mm/fadvise.c | 8 +- net/9p/trans_fd.c | 10 +- net/9p/trans_virtio.c | 3 +- net/core/xdp.c | 14 +-- net/ipv4/ip_gre.c | 3 + net/ipv4/tcp_ipv4.c | 6 + net/ipv4/tcp_minisocks.c | 3 +- net/ipv4/tcp_ulp.c | 4 +- net/ipv6/ip6_fib.c | 7 +- net/ipv6/ip6_gre.c | 1 + net/ipv6/ip6_vti.c | 7 +- net/ipv6/netfilter/ip6t_rpfilter.c | 12 +- net/ipv6/route.c | 3 +- net/netfilter/ipvs/ip_vs_core.c | 15 ++- net/netfilter/nf_conntrack_netlink.c | 26 ++-- net/netfilter/nfnetlink_acct.c | 29 ++--- net/netfilter/x_tables.c | 7 +- net/rds/ib_frmr.c | 1 + net/sched/act_ife.c | 78 +++++++----- net/sched/act_pedit.c | 18 ++- net/sched/cls_u32.c | 10 +- net/sctp/proc.c | 8 -- net/sctp/socket.c | 22 ++-- net/sunrpc/auth_gss/gss_krb5_crypto.c | 12 +- net/tipc/name_table.c | 10 +- net/tipc/name_table.h | 9 +- net/tipc/socket.c | 2 + net/tls/tls_main.c | 1 + samples/bpf/xdp_redirect_cpu_user.c | 3 +- samples/bpf/xdp_rxq_info_user.c | 3 +- scripts/coccicheck | 5 +- scripts/depmod.sh | 4 +- scripts/mod/modpost.c | 8 +- security/apparmor/policy_ns.c | 2 +- security/keys/dh.c | 2 +- security/selinux/selinuxfs.c | 33 +++-- sound/soc/codecs/rt5677.c | 2 +- sound/soc/codecs/wm8994.c | 1 + tools/perf/arch/arm64/util/arm-spe.c | 1 + tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/namespaces.c | 3 + tools/testing/selftests/powerpc/harness.c | 18 ++- 194 files changed, 1498 insertions(+), 954 deletions(-)

6 years, 9 months

4
204
0 0

[PATCH 1/2] Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect()

by kys＠linuxonhyperv.com

From: Dexuan Cui <decui(a)microsoft.com> With CONFIG_DEBUG_PREEMPT=y, I always see this warning: BUG: using smp_processor_id() in preemptible [00000000] Fix the false warning by using get/put_cpu(). Here vmbus_connect() sends a message to the host and waits for the host's response. The host will deliver the response message and an interrupt on CPU msg->target_vcpu, and later the interrupt handler will wake up vmbus_connect(). vmbus_connect() doesn't really have to run on the same cpu as CPU msg->target_vcpu, so it's safe to call put_cpu() just here. Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: stable(a)vger.kernel.org Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Haiyang Zhang <haiyangz(a)microsoft.com> Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> --- drivers/hv/connection.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c index ced041899456..f4d08c8ac7f8 100644 --- a/drivers/hv/connection.c +++ b/drivers/hv/connection.c @@ -76,6 +76,7 @@ static int vmbus_negotiate_version(struct vmbus_channel_msginfo *msginfo, __u32 version) { int ret = 0; + unsigned int cur_cpu; struct vmbus_channel_initiate_contact *msg; unsigned long flags; @@ -118,9 +119,10 @@ static int vmbus_negotiate_version(struct vmbus_channel_msginfo *msginfo, * the CPU attempting to connect may not be CPU 0. */ if (version >= VERSION_WIN8_1) { - msg->target_vcpu = - hv_cpu_number_to_vp_number(smp_processor_id()); - vmbus_connection.connect_cpu = smp_processor_id(); + cur_cpu = get_cpu(); + msg->target_vcpu = hv_cpu_number_to_vp_number(cur_cpu); + vmbus_connection.connect_cpu = cur_cpu; + put_cpu(); } else { msg->target_vcpu = 0; vmbus_connection.connect_cpu = 0; -- 2.18.0

6 years, 9 months

1
0
0 0

[PATCH] dm-mpath: Fix setup_scsi_dh()

by Bart Van Assche

This patch fixes two bugs that got introduced recently in setup_scsi_dh(): - Avoid that a memory leak occurs if attached_handler_name is not assigned to m->hw_handler_name. - Avoid that m->hw_handler_name becomes a dangling pointer if the RETAIN_ATTACHED_HW_HANDLER flag is set and scsi_dh_attach() returns -EBUSY. Fixes: e8f74a0f0011 ("dm mpath: eliminate need to use scsi_device_from_queue") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> Cc: Martin K. Petersen <martin.petersen(a)oracle.com> Cc: <stable(a)vger.kernel.org> --- drivers/md/dm-mpath.c | 14 +++++++++----- include/scsi/scsi_device.h | 9 +++++++++ 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/drivers/md/dm-mpath.c b/drivers/md/dm-mpath.c index d94ba6f72ff5..0ba58a537182 100644 --- a/drivers/md/dm-mpath.c +++ b/drivers/md/dm-mpath.c @@ -22,6 +22,7 @@ #include <linux/time.h> #include <linux/workqueue.h> #include <linux/delay.h> +#include <scsi/scsi_device.h> #include <scsi/scsi_dh.h> #include <linux/atomic.h> #include <linux/blk-mq.h> @@ -806,13 +807,15 @@ static int parse_path_selector(struct dm_arg_set *as, struct priority_group *pg, } static int setup_scsi_dh(struct block_device *bdev, struct multipath *m, - const char *attached_handler_name, char **error) + char **error) { struct request_queue *q = bdev_get_queue(bdev); + const char *attached_handler_name; int r; if (test_bit(MPATHF_RETAIN_ATTACHED_HW_HANDLER, &m->flags)) { retain: + attached_handler_name = scsi_dh_attached_handler_name(q, GFP_KERNEL); if (attached_handler_name) { /* * Clear any hw_handler_params associated with a @@ -867,7 +870,7 @@ static struct pgpath *parse_path(struct dm_arg_set *as, struct path_selector *ps struct pgpath *p; struct multipath *m = ti->private; struct request_queue *q; - const char *attached_handler_name; + struct scsi_device *sdev; /* we need at least a path arg */ if (as->argc < 1) { @@ -887,10 +890,11 @@ static struct pgpath *parse_path(struct dm_arg_set *as, struct path_selector *ps } q = bdev_get_queue(p->path.dev->bdev); - attached_handler_name = scsi_dh_attached_handler_name(q, GFP_KERNEL); - if (attached_handler_name || m->hw_handler_name) { + sdev = scsi_device_from_queue(q); + if (sdev) { + put_device(&sdev->sdev_gendev); INIT_DELAYED_WORK(&p->activate_path, activate_path_work); - r = setup_scsi_dh(p->path.dev->bdev, m, attached_handler_name, &ti->error); + r = setup_scsi_dh(p->path.dev->bdev, m, &ti->error); if (r) { dm_put_device(ti, p->path.dev); goto bad; diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h index 202f4d6a4342..1c839089c711 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h @@ -2,6 +2,7 @@ #ifndef _SCSI_SCSI_DEVICE_H #define _SCSI_SCSI_DEVICE_H +#include <linux/kconfig.h> #include <linux/list.h> #include <linux/spinlock.h> #include <linux/workqueue.h> @@ -335,7 +336,15 @@ extern void scsi_remove_device(struct scsi_device *); extern int scsi_unregister_device_handler(struct scsi_device_handler *scsi_dh); void scsi_attach_vpd(struct scsi_device *sdev); +#if IS_ENABLED(CONFIG_SCSI) extern struct scsi_device *scsi_device_from_queue(struct request_queue *q); +#else +static inline struct scsi_device * +scsi_device_from_queue(struct request_queue *q) +{ + return NULL; +} +#endif extern int __must_check scsi_device_get(struct scsi_device *); extern void scsi_device_put(struct scsi_device *); extern struct scsi_device *scsi_device_lookup(struct Scsi_Host *, -- 2.18.0

6 years, 9 months

1
0
0 0

[PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings

by Sasha Levin

From: Stafford Horne <shorne(a)gmail.com> [ Upstream commit cefd769fd0192c84d638f66da202459ed8ad63ba ] As of GCC 9.0.0 the build is reporting warnings like: crypto/ablkcipher.c: In function ‘crypto_ablkcipher_report’: crypto/ablkcipher.c:374:2: warning: ‘strncpy’ specified bound 64 equals destination size [-Wstringop-truncation] strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>", ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sizeof(rblkcipher.geniv)); ~~~~~~~~~~~~~~~~~~~~~~~~~ This means the strnycpy might create a non null terminated string. Fix this by explicitly performing '\0' termination. Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Max Filippov <jcmvbkbc(a)gmail.com> Cc: Eric Biggers <ebiggers3(a)gmail.com> Cc: Nick Desaulniers <nick.desaulniers(a)gmail.com> Signed-off-by: Stafford Horne <shorne(a)gmail.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- crypto/ablkcipher.c | 2 ++ crypto/blkcipher.c | 1 + 2 files changed, 3 insertions(+) diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c index 5061d7ad33e4..cad66af5a1ae 100644 --- a/crypto/ablkcipher.c +++ b/crypto/ablkcipher.c @@ -382,6 +382,7 @@ static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) strncpy(rblkcipher.type, "ablkcipher", sizeof(rblkcipher.type)); strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>", sizeof(rblkcipher.geniv)); + rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0'; rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; @@ -463,6 +464,7 @@ static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg) strncpy(rblkcipher.type, "givcipher", sizeof(rblkcipher.type)); strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<built-in>", sizeof(rblkcipher.geniv)); + rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0'; rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c index 5ebfdd0d4543..5ba9916a33c8 100644 --- a/crypto/blkcipher.c +++ b/crypto/blkcipher.c @@ -514,6 +514,7 @@ static int crypto_blkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) strncpy(rblkcipher.type, "blkcipher", sizeof(rblkcipher.type)); strncpy(rblkcipher.geniv, alg->cra_blkcipher.geniv ?: "<default>", sizeof(rblkcipher.geniv)); + rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0'; rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_blkcipher.min_keysize; -- 2.17.1

6 years, 9 months

1
28
0 0

[PATCH AUTOSEL 4.4 01/43] crypto: skcipher - Fix -Wstringop-truncation warnings

by Sasha Levin

From: Stafford Horne <shorne(a)gmail.com> [ Upstream commit cefd769fd0192c84d638f66da202459ed8ad63ba ] As of GCC 9.0.0 the build is reporting warnings like: crypto/ablkcipher.c: In function ‘crypto_ablkcipher_report’: crypto/ablkcipher.c:374:2: warning: ‘strncpy’ specified bound 64 equals destination size [-Wstringop-truncation] strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>", ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sizeof(rblkcipher.geniv)); ~~~~~~~~~~~~~~~~~~~~~~~~~ This means the strnycpy might create a non null terminated string. Fix this by explicitly performing '\0' termination. Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Max Filippov <jcmvbkbc(a)gmail.com> Cc: Eric Biggers <ebiggers3(a)gmail.com> Cc: Nick Desaulniers <nick.desaulniers(a)gmail.com> Signed-off-by: Stafford Horne <shorne(a)gmail.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- crypto/ablkcipher.c | 2 ++ crypto/blkcipher.c | 1 + 2 files changed, 3 insertions(+) diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c index 149e7a7f04fe..b524f702e658 100644 --- a/crypto/ablkcipher.c +++ b/crypto/ablkcipher.c @@ -384,6 +384,7 @@ static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) strncpy(rblkcipher.type, "ablkcipher", sizeof(rblkcipher.type)); strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>", sizeof(rblkcipher.geniv)); + rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0'; rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; @@ -465,6 +466,7 @@ static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg) strncpy(rblkcipher.type, "givcipher", sizeof(rblkcipher.type)); strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<built-in>", sizeof(rblkcipher.geniv)); + rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0'; rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c index 2d08e59b3212..d524f838eb10 100644 --- a/crypto/blkcipher.c +++ b/crypto/blkcipher.c @@ -515,6 +515,7 @@ static int crypto_blkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) strncpy(rblkcipher.type, "blkcipher", sizeof(rblkcipher.type)); strncpy(rblkcipher.geniv, alg->cra_blkcipher.geniv ?: "<default>", sizeof(rblkcipher.geniv)); + rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0'; rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_blkcipher.min_keysize; -- 2.17.1

6 years, 9 months

1
42
0 0

[PATCH] Revert "ubifs: xattr: Don't operate on deleted inodes"

by Richard Weinberger

This reverts commit 11a6fc3dc743e22fb50f2196ec55bee5140d3c52. UBIFS wants to assert that xattr operations are only issued on files with positive link count. The said patch made this operations return -ENOENT for unlinked files such that the asserts will no longer trigger. This was wrong since xattr operations are perfectly fine on unlinked files. Instead the assertions need to be fixed/removed. Cc: <stable(a)vger.kernel.org> Fixes: 11a6fc3dc743 ("ubifs: xattr: Don't operate on deleted inodes") Reported-by: Koen Vandeputte <koen.vandeputte(a)ncentric.com> Signed-off-by: Richard Weinberger <richard(a)nod.at> --- fs/ubifs/xattr.c | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c index 61afdfee4b28..f5ad1ede7990 100644 --- a/fs/ubifs/xattr.c +++ b/fs/ubifs/xattr.c @@ -152,12 +152,6 @@ static int create_xattr(struct ubifs_info *c, struct inode *host, ui->data_len = size; mutex_lock(&host_ui->ui_mutex); - - if (!host->i_nlink) { - err = -ENOENT; - goto out_noent; - } - host->i_ctime = current_time(host); host_ui->xattr_cnt += 1; host_ui->xattr_size += CALC_DENT_SIZE(fname_len(nm)); @@ -190,7 +184,6 @@ static int create_xattr(struct ubifs_info *c, struct inode *host, host_ui->xattr_size -= CALC_XATTR_BYTES(size); host_ui->xattr_names -= fname_len(nm); host_ui->flags &= ~UBIFS_CRYPT_FL; -out_noent: mutex_unlock(&host_ui->ui_mutex); out_free: make_bad_inode(inode); @@ -242,12 +235,6 @@ static int change_xattr(struct ubifs_info *c, struct inode *host, mutex_unlock(&ui->ui_mutex); mutex_lock(&host_ui->ui_mutex); - - if (!host->i_nlink) { - err = -ENOENT; - goto out_noent; - } - host->i_ctime = current_time(host); host_ui->xattr_size -= CALC_XATTR_BYTES(old_size); host_ui->xattr_size += CALC_XATTR_BYTES(size); @@ -269,7 +256,6 @@ static int change_xattr(struct ubifs_info *c, struct inode *host, out_cancel: host_ui->xattr_size -= CALC_XATTR_BYTES(size); host_ui->xattr_size += CALC_XATTR_BYTES(old_size); -out_noent: mutex_unlock(&host_ui->ui_mutex); make_bad_inode(inode); out_free: @@ -496,12 +482,6 @@ static int remove_xattr(struct ubifs_info *c, struct inode *host, return err; mutex_lock(&host_ui->ui_mutex); - - if (!host->i_nlink) { - err = -ENOENT; - goto out_noent; - } - host->i_ctime = current_time(host); host_ui->xattr_cnt -= 1; host_ui->xattr_size -= CALC_DENT_SIZE(fname_len(nm)); @@ -521,7 +501,6 @@ static int remove_xattr(struct ubifs_info *c, struct inode *host, host_ui->xattr_size += CALC_DENT_SIZE(fname_len(nm)); host_ui->xattr_size += CALC_XATTR_BYTES(ui->data_len); host_ui->xattr_names += fname_len(nm); -out_noent: mutex_unlock(&host_ui->ui_mutex); ubifs_release_budget(c, &req); make_bad_inode(inode); @@ -561,9 +540,6 @@ static int ubifs_xattr_remove(struct inode *host, const char *name) ubifs_assert(c, inode_is_locked(host)); - if (!host->i_nlink) - return -ENOENT; - if (fname_len(&nm) > UBIFS_MAX_NLEN) return -ENAMETOOLONG; -- 2.19.0

6 years, 9 months

1
0
0 0

[PATCH RESEND] tpm: Restore functionality to xen vtpm driver.

by Boris Ostrovsky

From: "Dr. Greg Wettstein" <greg(a)wind.enjellic.com> Functionality of the xen-tpmfront driver was lost secondary to the introduction of xenbus multi-page support in commit ccc9d90a9a8b ("xenbus_client: Extend interface to support multi-page ring"). In this commit a pointer to the shared page address was being passed to the xenbus_grant_ring() function rather then the address of the shared page itself. This resulted in a situation where the driver would attach to the vtpm-stubdom but any attempt to send a command to the stub domain would timeout. A diagnostic finding for this regression is the following error message being generated when the xen-tpmfront driver probes for a device: <3>vtpm vtpm-0: tpm_transmit: tpm_send: error -62 <3>vtpm vtpm-0: A TPM error (-62) occurred attempting to determine the timeouts This fix is relevant to all kernels from 4.1 forward which is the release in which multi-page xenbus support was introduced. Daniel De Graaf formulated the fix by code inspection after the regression point was located. Signed-off-by: Dr. Greg Wettstein <greg(a)enjellic.com> [boris: fixed commit message formatting] Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: stable(a)vger.kernel.org # v4.1+ --- We've lost this patch a couple of years ago, re-submitting. drivers/char/tpm/xen-tpmfront.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/char/tpm/xen-tpmfront.c b/drivers/char/tpm/xen-tpmfront.c index 911475d36800..b150f87f38f5 100644 --- a/drivers/char/tpm/xen-tpmfront.c +++ b/drivers/char/tpm/xen-tpmfront.c @@ -264,7 +264,7 @@ static int setup_ring(struct xenbus_device *dev, struct tpm_private *priv) return -ENOMEM; } - rv = xenbus_grant_ring(dev, &priv->shr, 1, &gref); + rv = xenbus_grant_ring(dev, priv->shr, 1, &gref); if (rv < 0) return rv; -- 2.17.1

6 years, 9 months

3
2
0 0

[PATCH for-4.9.y 00/14] Few upstream fixes from OnePlus6's kernel tree

by Amit Pundir

Hi Greg, For your consideration, few upstream fixes picked up from Qcom's android-4.9 BSP tree for OnePlus 6 device. Cherry-picked and build tested for ARCH=x86_64/mips on v4.9.124. Few patches are applicable for 4.4.y and 3.18.y as well and explicitly marked so respectively. Regards, Amit Pundir Daniel Micay (1): staging/rts5208: Fix read overflow in memcpy Jason A. Donenfeld (1): random: convert get_random_int/long into get_random_u32/u64 Jia-Ju Bai (1): staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page Johannes Berg (1): nl80211: fix null-ptr dereference on invalid mesh configuration Johannes Weiner (1): mm: remove seemingly spurious reclaimability check from laptop_mode gating Kees Cook (1): IB/rxe: do not copy extra stack memory to skb Mel Gorman (1): mm, vmscan: clear PGDAT_WRITEBACK when zone is balanced Michal Hocko (1): selinux: use GFP_NOWAIT in the AVC kmem_caches Prateek Sood (2): locking/rwsem-xadd: Fix missed wakeup due to reordering of load locking/osq_lock: Fix osq_lock queue corruption Ritesh Harjani (1): cfq: Give a chance for arming slice idle timer in case of group_idle Tejun Heo (1): block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg Vegard Nossum (2): kthread: Fix use-after-free if kthread fork fails kthread: fix boot hang (regression) on MIPS/OpenRISC arch/mips/kernel/process.c | 1 - arch/openrisc/kernel/process.c | 2 -- block/blk-cgroup.c | 9 +++--- block/cfq-iosched.c | 6 ++-- drivers/char/random.c | 55 ++++++++++++++++++------------------ drivers/infiniband/sw/rxe/rxe_resp.c | 4 ++- drivers/staging/rts5208/rtsx_scsi.c | 2 +- drivers/staging/rts5208/xd.c | 2 +- include/linux/random.h | 17 +++++++++-- kernel/fork.c | 17 +++++++---- kernel/locking/osq_lock.c | 13 +++++++++ kernel/locking/rwsem-xadd.c | 27 ++++++++++++++++++ mm/vmscan.c | 3 +- net/wireless/nl80211.c | 3 ++ security/selinux/avc.c | 14 ++++----- 15 files changed, 119 insertions(+), 56 deletions(-) -- 2.7.4

6 years, 9 months

2
16
0 0

FAILED: patch "[PATCH] x86/mm: Use WRITE_ONCE() when setting PTEs" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9bc4f28af75a91aea0ae383f50b0a430c4509303 Mon Sep 17 00:00:00 2001 From: Nadav Amit <namit(a)vmware.com> Date: Sun, 2 Sep 2018 11:14:50 -0700 Subject: [PATCH] x86/mm: Use WRITE_ONCE() when setting PTEs When page-table entries are set, the compiler might optimize their assignment by using multiple instructions to set the PTE. This might turn into a security hazard if the user somehow manages to use the interim PTE. L1TF does not make our lives easier, making even an interim non-present PTE a security hazard. Using WRITE_ONCE() to set PTEs and friends should prevent this potential security hazard. I skimmed the differences in the binary with and without this patch. The differences are (obviously) greater when CONFIG_PARAVIRT=n as more code optimizations are possible. For better and worse, the impact on the binary with this patch is pretty small. Skimming the code did not cause anything to jump out as a security hazard, but it seems that at least move_soft_dirty_pte() caused set_pte_at() to use multiple writes. Signed-off-by: Nadav Amit <namit(a)vmware.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20180902181451.80520-1-namit@vmware.com diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h index e4ffa565a69f..690c0307afed 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -1195,7 +1195,7 @@ static inline pmd_t pmdp_establish(struct vm_area_struct *vma, return xchg(pmdp, pmd); } else { pmd_t old = *pmdp; - *pmdp = pmd; + WRITE_ONCE(*pmdp, pmd); return old; } } diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h index f773d5e6c8cc..ce2b59047cb8 100644 --- a/arch/x86/include/asm/pgtable_64.h +++ b/arch/x86/include/asm/pgtable_64.h @@ -55,15 +55,15 @@ struct mm_struct; void set_pte_vaddr_p4d(p4d_t *p4d_page, unsigned long vaddr, pte_t new_pte); void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte); -static inline void native_pte_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) +static inline void native_set_pte(pte_t *ptep, pte_t pte) { - *ptep = native_make_pte(0); + WRITE_ONCE(*ptep, pte); } -static inline void native_set_pte(pte_t *ptep, pte_t pte) +static inline void native_pte_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep) { - *ptep = pte; + native_set_pte(ptep, native_make_pte(0)); } static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) @@ -73,7 +73,7 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd) { - *pmdp = pmd; + WRITE_ONCE(*pmdp, pmd); } static inline void native_pmd_clear(pmd_t *pmd) @@ -109,7 +109,7 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp) static inline void native_set_pud(pud_t *pudp, pud_t pud) { - *pudp = pud; + WRITE_ONCE(*pudp, pud); } static inline void native_pud_clear(pud_t *pud) @@ -137,13 +137,13 @@ static inline void native_set_p4d(p4d_t *p4dp, p4d_t p4d) pgd_t pgd; if (pgtable_l5_enabled() || !IS_ENABLED(CONFIG_PAGE_TABLE_ISOLATION)) { - *p4dp = p4d; + WRITE_ONCE(*p4dp, p4d); return; } pgd = native_make_pgd(native_p4d_val(p4d)); pgd = pti_set_user_pgtbl((pgd_t *)p4dp, pgd); - *p4dp = native_make_p4d(native_pgd_val(pgd)); + WRITE_ONCE(*p4dp, native_make_p4d(native_pgd_val(pgd))); } static inline void native_p4d_clear(p4d_t *p4d) @@ -153,7 +153,7 @@ static inline void native_p4d_clear(p4d_t *p4d) static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd) { - *pgdp = pti_set_user_pgtbl(pgdp, pgd); + WRITE_ONCE(*pgdp, pti_set_user_pgtbl(pgdp, pgd)); } static inline void native_pgd_clear(pgd_t *pgd) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index e848a4811785..ae394552fb94 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -269,7 +269,7 @@ static void mop_up_one_pmd(struct mm_struct *mm, pgd_t *pgdp) if (pgd_val(pgd) != 0) { pmd_t *pmd = (pmd_t *)pgd_page_vaddr(pgd); - *pgdp = native_make_pgd(0); + pgd_clear(pgdp); paravirt_release_pmd(pgd_val(pgd) >> PAGE_SHIFT); pmd_free(mm, pmd); @@ -494,7 +494,7 @@ int ptep_set_access_flags(struct vm_area_struct *vma, int changed = !pte_same(*ptep, entry); if (changed && dirty) - *ptep = entry; + set_pte(ptep, entry); return changed; } @@ -509,7 +509,7 @@ int pmdp_set_access_flags(struct vm_area_struct *vma, VM_BUG_ON(address & ~HPAGE_PMD_MASK); if (changed && dirty) { - *pmdp = entry; + set_pmd(pmdp, entry); /* * We had a write-protection fault here and changed the pmd * to to more permissive. No need to flush the TLB for that, @@ -529,7 +529,7 @@ int pudp_set_access_flags(struct vm_area_struct *vma, unsigned long address, VM_BUG_ON(address & ~HPAGE_PUD_MASK); if (changed && dirty) { - *pudp = entry; + set_pud(pudp, entry); /* * We had a write-protection fault here and changed the pud * to to more permissive. No need to flush the TLB for that,

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] x86/mm: Use WRITE_ONCE() when setting PTEs" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9bc4f28af75a91aea0ae383f50b0a430c4509303 Mon Sep 17 00:00:00 2001 From: Nadav Amit <namit(a)vmware.com> Date: Sun, 2 Sep 2018 11:14:50 -0700 Subject: [PATCH] x86/mm: Use WRITE_ONCE() when setting PTEs When page-table entries are set, the compiler might optimize their assignment by using multiple instructions to set the PTE. This might turn into a security hazard if the user somehow manages to use the interim PTE. L1TF does not make our lives easier, making even an interim non-present PTE a security hazard. Using WRITE_ONCE() to set PTEs and friends should prevent this potential security hazard. I skimmed the differences in the binary with and without this patch. The differences are (obviously) greater when CONFIG_PARAVIRT=n as more code optimizations are possible. For better and worse, the impact on the binary with this patch is pretty small. Skimming the code did not cause anything to jump out as a security hazard, but it seems that at least move_soft_dirty_pte() caused set_pte_at() to use multiple writes. Signed-off-by: Nadav Amit <namit(a)vmware.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20180902181451.80520-1-namit@vmware.com diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h index e4ffa565a69f..690c0307afed 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -1195,7 +1195,7 @@ static inline pmd_t pmdp_establish(struct vm_area_struct *vma, return xchg(pmdp, pmd); } else { pmd_t old = *pmdp; - *pmdp = pmd; + WRITE_ONCE(*pmdp, pmd); return old; } } diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h index f773d5e6c8cc..ce2b59047cb8 100644 --- a/arch/x86/include/asm/pgtable_64.h +++ b/arch/x86/include/asm/pgtable_64.h @@ -55,15 +55,15 @@ struct mm_struct; void set_pte_vaddr_p4d(p4d_t *p4d_page, unsigned long vaddr, pte_t new_pte); void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte); -static inline void native_pte_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) +static inline void native_set_pte(pte_t *ptep, pte_t pte) { - *ptep = native_make_pte(0); + WRITE_ONCE(*ptep, pte); } -static inline void native_set_pte(pte_t *ptep, pte_t pte) +static inline void native_pte_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep) { - *ptep = pte; + native_set_pte(ptep, native_make_pte(0)); } static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) @@ -73,7 +73,7 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd) { - *pmdp = pmd; + WRITE_ONCE(*pmdp, pmd); } static inline void native_pmd_clear(pmd_t *pmd) @@ -109,7 +109,7 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp) static inline void native_set_pud(pud_t *pudp, pud_t pud) { - *pudp = pud; + WRITE_ONCE(*pudp, pud); } static inline void native_pud_clear(pud_t *pud) @@ -137,13 +137,13 @@ static inline void native_set_p4d(p4d_t *p4dp, p4d_t p4d) pgd_t pgd; if (pgtable_l5_enabled() || !IS_ENABLED(CONFIG_PAGE_TABLE_ISOLATION)) { - *p4dp = p4d; + WRITE_ONCE(*p4dp, p4d); return; } pgd = native_make_pgd(native_p4d_val(p4d)); pgd = pti_set_user_pgtbl((pgd_t *)p4dp, pgd); - *p4dp = native_make_p4d(native_pgd_val(pgd)); + WRITE_ONCE(*p4dp, native_make_p4d(native_pgd_val(pgd))); } static inline void native_p4d_clear(p4d_t *p4d) @@ -153,7 +153,7 @@ static inline void native_p4d_clear(p4d_t *p4d) static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd) { - *pgdp = pti_set_user_pgtbl(pgdp, pgd); + WRITE_ONCE(*pgdp, pti_set_user_pgtbl(pgdp, pgd)); } static inline void native_pgd_clear(pgd_t *pgd) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index e848a4811785..ae394552fb94 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -269,7 +269,7 @@ static void mop_up_one_pmd(struct mm_struct *mm, pgd_t *pgdp) if (pgd_val(pgd) != 0) { pmd_t *pmd = (pmd_t *)pgd_page_vaddr(pgd); - *pgdp = native_make_pgd(0); + pgd_clear(pgdp); paravirt_release_pmd(pgd_val(pgd) >> PAGE_SHIFT); pmd_free(mm, pmd); @@ -494,7 +494,7 @@ int ptep_set_access_flags(struct vm_area_struct *vma, int changed = !pte_same(*ptep, entry); if (changed && dirty) - *ptep = entry; + set_pte(ptep, entry); return changed; } @@ -509,7 +509,7 @@ int pmdp_set_access_flags(struct vm_area_struct *vma, VM_BUG_ON(address & ~HPAGE_PMD_MASK); if (changed && dirty) { - *pmdp = entry; + set_pmd(pmdp, entry); /* * We had a write-protection fault here and changed the pmd * to to more permissive. No need to flush the TLB for that, @@ -529,7 +529,7 @@ int pudp_set_access_flags(struct vm_area_struct *vma, unsigned long address, VM_BUG_ON(address & ~HPAGE_PUD_MASK); if (changed && dirty) { - *pudp = entry; + set_pud(pudp, entry); /* * We had a write-protection fault here and changed the pud * to to more permissive. No need to flush the TLB for that,

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] x86/process: Don't mix user/kernel regs in 64bit" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9fe6299dde587788f245e9f7a5a1b296fad4e8c7 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Fri, 31 Aug 2018 21:41:51 +0200 Subject: [PATCH] x86/process: Don't mix user/kernel regs in 64bit __show_regs() When the kernel.print-fatal-signals sysctl has been enabled, a simple userspace crash will cause the kernel to write a crash dump that contains, among other things, the kernel gsbase into dmesg. As suggested by Andy, limit output to pt_regs, FS_BASE and KERNEL_GS_BASE in this case. This also moves the bitness-specific logic from show_regs() into process_{32,64}.c. Fixes: 45807a1df9f5 ("vdso: print fatal signals") Signed-off-by: Jann Horn <jannh(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Borislav Petkov <bpetkov(a)suse.de> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20180831194151.123586-1-jannh@google.com diff --git a/arch/x86/include/asm/kdebug.h b/arch/x86/include/asm/kdebug.h index 395c9631e000..75f1e35e7c15 100644 --- a/arch/x86/include/asm/kdebug.h +++ b/arch/x86/include/asm/kdebug.h @@ -22,10 +22,20 @@ enum die_val { DIE_NMIUNKNOWN, }; +enum show_regs_mode { + SHOW_REGS_SHORT, + /* + * For when userspace crashed, but we don't think it's our fault, and + * therefore don't print kernel registers. + */ + SHOW_REGS_USER, + SHOW_REGS_ALL +}; + extern void die(const char *, struct pt_regs *,long); extern int __must_check __die(const char *, struct pt_regs *, long); extern void show_stack_regs(struct pt_regs *regs); -extern void __show_regs(struct pt_regs *regs, int all); +extern void __show_regs(struct pt_regs *regs, enum show_regs_mode); extern void show_iret_regs(struct pt_regs *regs); extern unsigned long oops_begin(void); extern void oops_end(unsigned long, struct pt_regs *, int signr); diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c index f56895106ccf..2b5886401e5f 100644 --- a/arch/x86/kernel/dumpstack.c +++ b/arch/x86/kernel/dumpstack.c @@ -146,7 +146,7 @@ static void show_regs_if_on_stack(struct stack_info *info, struct pt_regs *regs, * they can be printed in the right context. */ if (!partial && on_stack(info, regs, sizeof(*regs))) { - __show_regs(regs, 0); + __show_regs(regs, SHOW_REGS_SHORT); } else if (partial && on_stack(info, (void *)regs + IRET_FRAME_OFFSET, IRET_FRAME_SIZE)) { @@ -344,7 +344,7 @@ void oops_end(unsigned long flags, struct pt_regs *regs, int signr) oops_exit(); /* Executive summary in case the oops scrolled away */ - __show_regs(&exec_summary_regs, true); + __show_regs(&exec_summary_regs, SHOW_REGS_ALL); if (!signr) return; @@ -407,14 +407,9 @@ void die(const char *str, struct pt_regs *regs, long err) void show_regs(struct pt_regs *regs) { - bool all = true; - show_regs_print_info(KERN_DEFAULT); - if (IS_ENABLED(CONFIG_X86_32)) - all = !user_mode(regs); - - __show_regs(regs, all); + __show_regs(regs, user_mode(regs) ? SHOW_REGS_USER : SHOW_REGS_ALL); /* * When in-kernel, we also print out the stack at the time of the fault.. diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c index 2924fd447e61..5046a3c9dec2 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -59,7 +59,7 @@ #include <asm/intel_rdt_sched.h> #include <asm/proto.h> -void __show_regs(struct pt_regs *regs, int all) +void __show_regs(struct pt_regs *regs, enum show_regs_mode mode) { unsigned long cr0 = 0L, cr2 = 0L, cr3 = 0L, cr4 = 0L; unsigned long d0, d1, d2, d3, d6, d7; @@ -85,7 +85,7 @@ void __show_regs(struct pt_regs *regs, int all) printk(KERN_DEFAULT "DS: %04x ES: %04x FS: %04x GS: %04x SS: %04x EFLAGS: %08lx\n", (u16)regs->ds, (u16)regs->es, (u16)regs->fs, gs, ss, regs->flags); - if (!all) + if (mode != SHOW_REGS_ALL) return; cr0 = read_cr0(); diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c index a451bc374b9b..ea5ea850348d 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -62,7 +62,7 @@ __visible DEFINE_PER_CPU(unsigned long, rsp_scratch); /* Prints also some state that isn't saved in the pt_regs */ -void __show_regs(struct pt_regs *regs, int all) +void __show_regs(struct pt_regs *regs, enum show_regs_mode mode) { unsigned long cr0 = 0L, cr2 = 0L, cr3 = 0L, cr4 = 0L, fs, gs, shadowgs; unsigned long d0, d1, d2, d3, d6, d7; @@ -87,9 +87,17 @@ void __show_regs(struct pt_regs *regs, int all) printk(KERN_DEFAULT "R13: %016lx R14: %016lx R15: %016lx\n", regs->r13, regs->r14, regs->r15); - if (!all) + if (mode == SHOW_REGS_SHORT) return; + if (mode == SHOW_REGS_USER) { + rdmsrl(MSR_FS_BASE, fs); + rdmsrl(MSR_KERNEL_GS_BASE, shadowgs); + printk(KERN_DEFAULT "FS: %016lx GS: %016lx\n", + fs, shadowgs); + return; + } + asm("movl %%ds,%0" : "=r" (ds)); asm("movl %%cs,%0" : "=r" (cs)); asm("movl %%es,%0" : "=r" (es));

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] x86/process: Don't mix user/kernel regs in 64bit" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9fe6299dde587788f245e9f7a5a1b296fad4e8c7 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Fri, 31 Aug 2018 21:41:51 +0200 Subject: [PATCH] x86/process: Don't mix user/kernel regs in 64bit __show_regs() When the kernel.print-fatal-signals sysctl has been enabled, a simple userspace crash will cause the kernel to write a crash dump that contains, among other things, the kernel gsbase into dmesg. As suggested by Andy, limit output to pt_regs, FS_BASE and KERNEL_GS_BASE in this case. This also moves the bitness-specific logic from show_regs() into process_{32,64}.c. Fixes: 45807a1df9f5 ("vdso: print fatal signals") Signed-off-by: Jann Horn <jannh(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Borislav Petkov <bpetkov(a)suse.de> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20180831194151.123586-1-jannh@google.com diff --git a/arch/x86/include/asm/kdebug.h b/arch/x86/include/asm/kdebug.h index 395c9631e000..75f1e35e7c15 100644 --- a/arch/x86/include/asm/kdebug.h +++ b/arch/x86/include/asm/kdebug.h @@ -22,10 +22,20 @@ enum die_val { DIE_NMIUNKNOWN, }; +enum show_regs_mode { + SHOW_REGS_SHORT, + /* + * For when userspace crashed, but we don't think it's our fault, and + * therefore don't print kernel registers. + */ + SHOW_REGS_USER, + SHOW_REGS_ALL +}; + extern void die(const char *, struct pt_regs *,long); extern int __must_check __die(const char *, struct pt_regs *, long); extern void show_stack_regs(struct pt_regs *regs); -extern void __show_regs(struct pt_regs *regs, int all); +extern void __show_regs(struct pt_regs *regs, enum show_regs_mode); extern void show_iret_regs(struct pt_regs *regs); extern unsigned long oops_begin(void); extern void oops_end(unsigned long, struct pt_regs *, int signr); diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c index f56895106ccf..2b5886401e5f 100644 --- a/arch/x86/kernel/dumpstack.c +++ b/arch/x86/kernel/dumpstack.c @@ -146,7 +146,7 @@ static void show_regs_if_on_stack(struct stack_info *info, struct pt_regs *regs, * they can be printed in the right context. */ if (!partial && on_stack(info, regs, sizeof(*regs))) { - __show_regs(regs, 0); + __show_regs(regs, SHOW_REGS_SHORT); } else if (partial && on_stack(info, (void *)regs + IRET_FRAME_OFFSET, IRET_FRAME_SIZE)) { @@ -344,7 +344,7 @@ void oops_end(unsigned long flags, struct pt_regs *regs, int signr) oops_exit(); /* Executive summary in case the oops scrolled away */ - __show_regs(&exec_summary_regs, true); + __show_regs(&exec_summary_regs, SHOW_REGS_ALL); if (!signr) return; @@ -407,14 +407,9 @@ void die(const char *str, struct pt_regs *regs, long err) void show_regs(struct pt_regs *regs) { - bool all = true; - show_regs_print_info(KERN_DEFAULT); - if (IS_ENABLED(CONFIG_X86_32)) - all = !user_mode(regs); - - __show_regs(regs, all); + __show_regs(regs, user_mode(regs) ? SHOW_REGS_USER : SHOW_REGS_ALL); /* * When in-kernel, we also print out the stack at the time of the fault.. diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c index 2924fd447e61..5046a3c9dec2 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -59,7 +59,7 @@ #include <asm/intel_rdt_sched.h> #include <asm/proto.h> -void __show_regs(struct pt_regs *regs, int all) +void __show_regs(struct pt_regs *regs, enum show_regs_mode mode) { unsigned long cr0 = 0L, cr2 = 0L, cr3 = 0L, cr4 = 0L; unsigned long d0, d1, d2, d3, d6, d7; @@ -85,7 +85,7 @@ void __show_regs(struct pt_regs *regs, int all) printk(KERN_DEFAULT "DS: %04x ES: %04x FS: %04x GS: %04x SS: %04x EFLAGS: %08lx\n", (u16)regs->ds, (u16)regs->es, (u16)regs->fs, gs, ss, regs->flags); - if (!all) + if (mode != SHOW_REGS_ALL) return; cr0 = read_cr0(); diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c index a451bc374b9b..ea5ea850348d 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -62,7 +62,7 @@ __visible DEFINE_PER_CPU(unsigned long, rsp_scratch); /* Prints also some state that isn't saved in the pt_regs */ -void __show_regs(struct pt_regs *regs, int all) +void __show_regs(struct pt_regs *regs, enum show_regs_mode mode) { unsigned long cr0 = 0L, cr2 = 0L, cr3 = 0L, cr4 = 0L, fs, gs, shadowgs; unsigned long d0, d1, d2, d3, d6, d7; @@ -87,9 +87,17 @@ void __show_regs(struct pt_regs *regs, int all) printk(KERN_DEFAULT "R13: %016lx R14: %016lx R15: %016lx\n", regs->r13, regs->r14, regs->r15); - if (!all) + if (mode == SHOW_REGS_SHORT) return; + if (mode == SHOW_REGS_USER) { + rdmsrl(MSR_FS_BASE, fs); + rdmsrl(MSR_KERNEL_GS_BASE, shadowgs); + printk(KERN_DEFAULT "FS: %016lx GS: %016lx\n", + fs, shadowgs); + return; + } + asm("movl %%ds,%0" : "=r" (ds)); asm("movl %%cs,%0" : "=r" (cs)); asm("movl %%es,%0" : "=r" (es));

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] x86/process: Don't mix user/kernel regs in 64bit" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9fe6299dde587788f245e9f7a5a1b296fad4e8c7 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Fri, 31 Aug 2018 21:41:51 +0200 Subject: [PATCH] x86/process: Don't mix user/kernel regs in 64bit __show_regs() When the kernel.print-fatal-signals sysctl has been enabled, a simple userspace crash will cause the kernel to write a crash dump that contains, among other things, the kernel gsbase into dmesg. As suggested by Andy, limit output to pt_regs, FS_BASE and KERNEL_GS_BASE in this case. This also moves the bitness-specific logic from show_regs() into process_{32,64}.c. Fixes: 45807a1df9f5 ("vdso: print fatal signals") Signed-off-by: Jann Horn <jannh(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Borislav Petkov <bpetkov(a)suse.de> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20180831194151.123586-1-jannh@google.com diff --git a/arch/x86/include/asm/kdebug.h b/arch/x86/include/asm/kdebug.h index 395c9631e000..75f1e35e7c15 100644 --- a/arch/x86/include/asm/kdebug.h +++ b/arch/x86/include/asm/kdebug.h @@ -22,10 +22,20 @@ enum die_val { DIE_NMIUNKNOWN, }; +enum show_regs_mode { + SHOW_REGS_SHORT, + /* + * For when userspace crashed, but we don't think it's our fault, and + * therefore don't print kernel registers. + */ + SHOW_REGS_USER, + SHOW_REGS_ALL +}; + extern void die(const char *, struct pt_regs *,long); extern int __must_check __die(const char *, struct pt_regs *, long); extern void show_stack_regs(struct pt_regs *regs); -extern void __show_regs(struct pt_regs *regs, int all); +extern void __show_regs(struct pt_regs *regs, enum show_regs_mode); extern void show_iret_regs(struct pt_regs *regs); extern unsigned long oops_begin(void); extern void oops_end(unsigned long, struct pt_regs *, int signr); diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c index f56895106ccf..2b5886401e5f 100644 --- a/arch/x86/kernel/dumpstack.c +++ b/arch/x86/kernel/dumpstack.c @@ -146,7 +146,7 @@ static void show_regs_if_on_stack(struct stack_info *info, struct pt_regs *regs, * they can be printed in the right context. */ if (!partial && on_stack(info, regs, sizeof(*regs))) { - __show_regs(regs, 0); + __show_regs(regs, SHOW_REGS_SHORT); } else if (partial && on_stack(info, (void *)regs + IRET_FRAME_OFFSET, IRET_FRAME_SIZE)) { @@ -344,7 +344,7 @@ void oops_end(unsigned long flags, struct pt_regs *regs, int signr) oops_exit(); /* Executive summary in case the oops scrolled away */ - __show_regs(&exec_summary_regs, true); + __show_regs(&exec_summary_regs, SHOW_REGS_ALL); if (!signr) return; @@ -407,14 +407,9 @@ void die(const char *str, struct pt_regs *regs, long err) void show_regs(struct pt_regs *regs) { - bool all = true; - show_regs_print_info(KERN_DEFAULT); - if (IS_ENABLED(CONFIG_X86_32)) - all = !user_mode(regs); - - __show_regs(regs, all); + __show_regs(regs, user_mode(regs) ? SHOW_REGS_USER : SHOW_REGS_ALL); /* * When in-kernel, we also print out the stack at the time of the fault.. diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c index 2924fd447e61..5046a3c9dec2 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -59,7 +59,7 @@ #include <asm/intel_rdt_sched.h> #include <asm/proto.h> -void __show_regs(struct pt_regs *regs, int all) +void __show_regs(struct pt_regs *regs, enum show_regs_mode mode) { unsigned long cr0 = 0L, cr2 = 0L, cr3 = 0L, cr4 = 0L; unsigned long d0, d1, d2, d3, d6, d7; @@ -85,7 +85,7 @@ void __show_regs(struct pt_regs *regs, int all) printk(KERN_DEFAULT "DS: %04x ES: %04x FS: %04x GS: %04x SS: %04x EFLAGS: %08lx\n", (u16)regs->ds, (u16)regs->es, (u16)regs->fs, gs, ss, regs->flags); - if (!all) + if (mode != SHOW_REGS_ALL) return; cr0 = read_cr0(); diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c index a451bc374b9b..ea5ea850348d 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -62,7 +62,7 @@ __visible DEFINE_PER_CPU(unsigned long, rsp_scratch); /* Prints also some state that isn't saved in the pt_regs */ -void __show_regs(struct pt_regs *regs, int all) +void __show_regs(struct pt_regs *regs, enum show_regs_mode mode) { unsigned long cr0 = 0L, cr2 = 0L, cr3 = 0L, cr4 = 0L, fs, gs, shadowgs; unsigned long d0, d1, d2, d3, d6, d7; @@ -87,9 +87,17 @@ void __show_regs(struct pt_regs *regs, int all) printk(KERN_DEFAULT "R13: %016lx R14: %016lx R15: %016lx\n", regs->r13, regs->r14, regs->r15); - if (!all) + if (mode == SHOW_REGS_SHORT) return; + if (mode == SHOW_REGS_USER) { + rdmsrl(MSR_FS_BASE, fs); + rdmsrl(MSR_KERNEL_GS_BASE, shadowgs); + printk(KERN_DEFAULT "FS: %016lx GS: %016lx\n", + fs, shadowgs); + return; + } + asm("movl %%ds,%0" : "=r" (ds)); asm("movl %%cs,%0" : "=r" (cs)); asm("movl %%es,%0" : "=r" (es));

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] ARC: [plat-axs*]: Enable SWAP" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c83532fb0fe053d2e43e9387354cb1b52ba26427 Mon Sep 17 00:00:00 2001 From: Alexey Brodkin <abrodkin(a)synopsys.com> Date: Thu, 2 Aug 2018 11:50:16 +0300 Subject: [PATCH] ARC: [plat-axs*]: Enable SWAP SWAP support on ARC was fixed earlier by commit 6e3761145a9b ("ARC: Fix CONFIG_SWAP") so now we may safely enable it on platforms that have external media like USB and SD-card. Note: it was already allowed for HSDK Signed-off-by: Alexey Brodkin <abrodkin(a)synopsys.com> Cc: stable(a)vger.kernel.org # 6e3761145a9b: ARC: Fix CONFIG_SWAP Signed-off-by: Vineet Gupta <vgupta(a)synopsys.com> diff --git a/arch/arc/configs/axs101_defconfig b/arch/arc/configs/axs101_defconfig index 41a97eb7598d..41bc08be6a3b 100644 --- a/arch/arc/configs/axs101_defconfig +++ b/arch/arc/configs/axs101_defconfig @@ -1,4 +1,3 @@ -# CONFIG_SWAP is not set CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y # CONFIG_CROSS_MEMORY_ATTACH is not set diff --git a/arch/arc/configs/axs103_defconfig b/arch/arc/configs/axs103_defconfig index d8e2ca2385cc..1e1c4a8011b5 100644 --- a/arch/arc/configs/axs103_defconfig +++ b/arch/arc/configs/axs103_defconfig @@ -1,4 +1,3 @@ -# CONFIG_SWAP is not set CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y # CONFIG_CROSS_MEMORY_ATTACH is not set diff --git a/arch/arc/configs/axs103_smp_defconfig b/arch/arc/configs/axs103_smp_defconfig index 1e729b9726cd..6b0c0cfd5c30 100644 --- a/arch/arc/configs/axs103_smp_defconfig +++ b/arch/arc/configs/axs103_smp_defconfig @@ -1,4 +1,3 @@ -# CONFIG_SWAP is not set CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y # CONFIG_CROSS_MEMORY_ATTACH is not set

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] ARC: [plat-axs*]: Enable SWAP" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c83532fb0fe053d2e43e9387354cb1b52ba26427 Mon Sep 17 00:00:00 2001 From: Alexey Brodkin <abrodkin(a)synopsys.com> Date: Thu, 2 Aug 2018 11:50:16 +0300 Subject: [PATCH] ARC: [plat-axs*]: Enable SWAP SWAP support on ARC was fixed earlier by commit 6e3761145a9b ("ARC: Fix CONFIG_SWAP") so now we may safely enable it on platforms that have external media like USB and SD-card. Note: it was already allowed for HSDK Signed-off-by: Alexey Brodkin <abrodkin(a)synopsys.com> Cc: stable(a)vger.kernel.org # 6e3761145a9b: ARC: Fix CONFIG_SWAP Signed-off-by: Vineet Gupta <vgupta(a)synopsys.com> diff --git a/arch/arc/configs/axs101_defconfig b/arch/arc/configs/axs101_defconfig index 41a97eb7598d..41bc08be6a3b 100644 --- a/arch/arc/configs/axs101_defconfig +++ b/arch/arc/configs/axs101_defconfig @@ -1,4 +1,3 @@ -# CONFIG_SWAP is not set CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y # CONFIG_CROSS_MEMORY_ATTACH is not set diff --git a/arch/arc/configs/axs103_defconfig b/arch/arc/configs/axs103_defconfig index d8e2ca2385cc..1e1c4a8011b5 100644 --- a/arch/arc/configs/axs103_defconfig +++ b/arch/arc/configs/axs103_defconfig @@ -1,4 +1,3 @@ -# CONFIG_SWAP is not set CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y # CONFIG_CROSS_MEMORY_ATTACH is not set diff --git a/arch/arc/configs/axs103_smp_defconfig b/arch/arc/configs/axs103_smp_defconfig index 1e729b9726cd..6b0c0cfd5c30 100644 --- a/arch/arc/configs/axs103_smp_defconfig +++ b/arch/arc/configs/axs103_smp_defconfig @@ -1,4 +1,3 @@ -# CONFIG_SWAP is not set CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y # CONFIG_CROSS_MEMORY_ATTACH is not set

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Do not re-{try, execute} after failed emulation in" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6c3dfeb6a48b1562bd5b8ec5f3317ef34d0134ef Mon Sep 17 00:00:00 2001 From: Sean Christopherson <sean.j.christopherson(a)intel.com> Date: Thu, 23 Aug 2018 13:56:51 -0700 Subject: [PATCH] KVM: x86: Do not re-{try,execute} after failed emulation in L2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit a6f177efaa58 ("KVM: Reenter guest after emulation failure if due to access to non-mmio address") added reexecute_instruction() to handle the scenario where two (or more) vCPUS race to write a shadowed page, i.e. reexecute_instruction() is intended to return true if and only if the instruction being emulated was accessing a shadowed page. As L0 is only explicitly shadowing L1 tables, an emulation failure of a nested VM instruction cannot be due to a race to write a shadowed page and so should never be re-executed. This fixes an issue where an "MMIO" emulation failure[1] in L2 is all but guaranteed to result in an infinite loop when TDP is enabled. Because "cr2" is actually an L2 GPA when TDP is enabled, calling kvm_mmu_gva_to_gpa_write() to translate cr2 in the non-direct mapped case (L2 is never direct mapped) will almost always yield UNMAPPED_GVA and cause reexecute_instruction() to immediately return true. The !mmio_info_in_cache() check in kvm_mmu_page_fault() doesn't catch this case because mmio_info_in_cache() returns false for a nested MMU (the MMIO caching currently handles L1 only, e.g. to cache nested guests' GPAs we'd have to manually flush the cache when switching between VMs and when L1 updated its page tables controlling the nested guest). Way back when, commit 68be0803456b ("KVM: x86: never re-execute instruction with enabled tdp") changed reexecute_instruction() to always return false when using TDP under the assumption that KVM would only get into the emulator for MMIO. Commit 95b3cf69bdf8 ("KVM: x86: let reexecute_instruction work for tdp") effectively reverted that behavior in order to handle the scenario where emulation failed due to an access from L1 to the shadow page tables for L2, but it didn't account for the case where emulation failed in L2 with TDP enabled. All of the above logic also applies to retry_instruction(), added by commit 1cb3f3ae5a38 ("KVM: x86: retry non-page-table writing instructions"). An indefinite loop in retry_instruction() should be impossible as it protects against retrying the same instruction over and over, but it's still correct to not retry an L2 instruction in the first place. Fix the immediate issue by adding a check for a nested guest when determining whether or not to allow retry in kvm_mmu_page_fault(). In addition to fixing the immediate bug, add WARN_ON_ONCE in the retry functions since they are not designed to handle nested cases, i.e. they need to be modified even if there is some scenario in the future where we want to allow retrying a nested guest. [1] This issue was encountered after commit 3a2936dedd20 ("kvm: mmu: Don't expose private memslots to L2") changed the page fault path to return KVM_PFN_NOSLOT when translating an L2 access to a prive memslot. Returning KVM_PFN_NOSLOT is semantically correct when we want to hide a memslot from L2, i.e. there effectively is no defined memory region for L2, but it has the unfortunate side effect of making KVM think the GFN is a MMIO page, thus triggering emulation. The failure occurred with in-development code that deliberately exposed a private memslot to L2, which L2 accessed with an instruction that is not emulated by KVM. Fixes: 95b3cf69bdf8 ("KVM: x86: let reexecute_instruction work for tdp") Fixes: 1cb3f3ae5a38 ("KVM: x86: retry non-page-table writing instructions") Signed-off-by: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: Jim Mattson <jmattson(a)google.com> Cc: Krish Sadhukhan <krish.sadhukhan(a)oracle.com> Cc: Xiao Guangrong <xiaoguangrong(a)tencent.com> Cc: stable(a)vger.kernel.org Signed-off-by: Radim Krčmář <rkrcmar(a)redhat.com> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index 01fb8701ccd0..f7e83b1e0eb2 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -5264,9 +5264,12 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code, * re-execute the instruction that caused the page fault. Do not allow * retrying MMIO emulation, as it's not only pointless but could also * cause us to enter an infinite loop because the processor will keep - * faulting on the non-existent MMIO address. + * faulting on the non-existent MMIO address. Retrying an instruction + * from a nested guest is also pointless and dangerous as we are only + * explicitly shadowing L1's page tables, i.e. unprotecting something + * for L1 isn't going to magically fix whatever issue cause L2 to fail. */ - if (!mmio_info_in_cache(vcpu, cr2, direct)) + if (!mmio_info_in_cache(vcpu, cr2, direct) && !is_guest_mode(vcpu)) emulation_type = EMULTYPE_ALLOW_RETRY; emulate: /* diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 924ce28723c4..cbe2921e972b 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5873,6 +5873,9 @@ static bool reexecute_instruction(struct kvm_vcpu *vcpu, gva_t cr2, if (!(emulation_type & EMULTYPE_ALLOW_RETRY)) return false; + if (WARN_ON_ONCE(is_guest_mode(vcpu))) + return false; + if (!vcpu->arch.mmu.direct_map) { /* * Write permission should be allowed since only @@ -5961,6 +5964,9 @@ static bool retry_instruction(struct x86_emulate_ctxt *ctxt, if (!(emulation_type & EMULTYPE_ALLOW_RETRY)) return false; + if (WARN_ON_ONCE(is_guest_mode(vcpu))) + return false; + if (x86_page_table_writing_insn(ctxt)) return false;

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Do not re-{try, execute} after failed emulation in" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6c3dfeb6a48b1562bd5b8ec5f3317ef34d0134ef Mon Sep 17 00:00:00 2001 From: Sean Christopherson <sean.j.christopherson(a)intel.com> Date: Thu, 23 Aug 2018 13:56:51 -0700 Subject: [PATCH] KVM: x86: Do not re-{try,execute} after failed emulation in L2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit a6f177efaa58 ("KVM: Reenter guest after emulation failure if due to access to non-mmio address") added reexecute_instruction() to handle the scenario where two (or more) vCPUS race to write a shadowed page, i.e. reexecute_instruction() is intended to return true if and only if the instruction being emulated was accessing a shadowed page. As L0 is only explicitly shadowing L1 tables, an emulation failure of a nested VM instruction cannot be due to a race to write a shadowed page and so should never be re-executed. This fixes an issue where an "MMIO" emulation failure[1] in L2 is all but guaranteed to result in an infinite loop when TDP is enabled. Because "cr2" is actually an L2 GPA when TDP is enabled, calling kvm_mmu_gva_to_gpa_write() to translate cr2 in the non-direct mapped case (L2 is never direct mapped) will almost always yield UNMAPPED_GVA and cause reexecute_instruction() to immediately return true. The !mmio_info_in_cache() check in kvm_mmu_page_fault() doesn't catch this case because mmio_info_in_cache() returns false for a nested MMU (the MMIO caching currently handles L1 only, e.g. to cache nested guests' GPAs we'd have to manually flush the cache when switching between VMs and when L1 updated its page tables controlling the nested guest). Way back when, commit 68be0803456b ("KVM: x86: never re-execute instruction with enabled tdp") changed reexecute_instruction() to always return false when using TDP under the assumption that KVM would only get into the emulator for MMIO. Commit 95b3cf69bdf8 ("KVM: x86: let reexecute_instruction work for tdp") effectively reverted that behavior in order to handle the scenario where emulation failed due to an access from L1 to the shadow page tables for L2, but it didn't account for the case where emulation failed in L2 with TDP enabled. All of the above logic also applies to retry_instruction(), added by commit 1cb3f3ae5a38 ("KVM: x86: retry non-page-table writing instructions"). An indefinite loop in retry_instruction() should be impossible as it protects against retrying the same instruction over and over, but it's still correct to not retry an L2 instruction in the first place. Fix the immediate issue by adding a check for a nested guest when determining whether or not to allow retry in kvm_mmu_page_fault(). In addition to fixing the immediate bug, add WARN_ON_ONCE in the retry functions since they are not designed to handle nested cases, i.e. they need to be modified even if there is some scenario in the future where we want to allow retrying a nested guest. [1] This issue was encountered after commit 3a2936dedd20 ("kvm: mmu: Don't expose private memslots to L2") changed the page fault path to return KVM_PFN_NOSLOT when translating an L2 access to a prive memslot. Returning KVM_PFN_NOSLOT is semantically correct when we want to hide a memslot from L2, i.e. there effectively is no defined memory region for L2, but it has the unfortunate side effect of making KVM think the GFN is a MMIO page, thus triggering emulation. The failure occurred with in-development code that deliberately exposed a private memslot to L2, which L2 accessed with an instruction that is not emulated by KVM. Fixes: 95b3cf69bdf8 ("KVM: x86: let reexecute_instruction work for tdp") Fixes: 1cb3f3ae5a38 ("KVM: x86: retry non-page-table writing instructions") Signed-off-by: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: Jim Mattson <jmattson(a)google.com> Cc: Krish Sadhukhan <krish.sadhukhan(a)oracle.com> Cc: Xiao Guangrong <xiaoguangrong(a)tencent.com> Cc: stable(a)vger.kernel.org Signed-off-by: Radim Krčmář <rkrcmar(a)redhat.com> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index 01fb8701ccd0..f7e83b1e0eb2 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -5264,9 +5264,12 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code, * re-execute the instruction that caused the page fault. Do not allow * retrying MMIO emulation, as it's not only pointless but could also * cause us to enter an infinite loop because the processor will keep - * faulting on the non-existent MMIO address. + * faulting on the non-existent MMIO address. Retrying an instruction + * from a nested guest is also pointless and dangerous as we are only + * explicitly shadowing L1's page tables, i.e. unprotecting something + * for L1 isn't going to magically fix whatever issue cause L2 to fail. */ - if (!mmio_info_in_cache(vcpu, cr2, direct)) + if (!mmio_info_in_cache(vcpu, cr2, direct) && !is_guest_mode(vcpu)) emulation_type = EMULTYPE_ALLOW_RETRY; emulate: /* diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 924ce28723c4..cbe2921e972b 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5873,6 +5873,9 @@ static bool reexecute_instruction(struct kvm_vcpu *vcpu, gva_t cr2, if (!(emulation_type & EMULTYPE_ALLOW_RETRY)) return false; + if (WARN_ON_ONCE(is_guest_mode(vcpu))) + return false; + if (!vcpu->arch.mmu.direct_map) { /* * Write permission should be allowed since only @@ -5961,6 +5964,9 @@ static bool retry_instruction(struct x86_emulate_ctxt *ctxt, if (!(emulation_type & EMULTYPE_ALLOW_RETRY)) return false; + if (WARN_ON_ONCE(is_guest_mode(vcpu))) + return false; + if (x86_page_table_writing_insn(ctxt)) return false;

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Do not re-{try, execute} after failed emulation in" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6c3dfeb6a48b1562bd5b8ec5f3317ef34d0134ef Mon Sep 17 00:00:00 2001 From: Sean Christopherson <sean.j.christopherson(a)intel.com> Date: Thu, 23 Aug 2018 13:56:51 -0700 Subject: [PATCH] KVM: x86: Do not re-{try,execute} after failed emulation in L2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit a6f177efaa58 ("KVM: Reenter guest after emulation failure if due to access to non-mmio address") added reexecute_instruction() to handle the scenario where two (or more) vCPUS race to write a shadowed page, i.e. reexecute_instruction() is intended to return true if and only if the instruction being emulated was accessing a shadowed page. As L0 is only explicitly shadowing L1 tables, an emulation failure of a nested VM instruction cannot be due to a race to write a shadowed page and so should never be re-executed. This fixes an issue where an "MMIO" emulation failure[1] in L2 is all but guaranteed to result in an infinite loop when TDP is enabled. Because "cr2" is actually an L2 GPA when TDP is enabled, calling kvm_mmu_gva_to_gpa_write() to translate cr2 in the non-direct mapped case (L2 is never direct mapped) will almost always yield UNMAPPED_GVA and cause reexecute_instruction() to immediately return true. The !mmio_info_in_cache() check in kvm_mmu_page_fault() doesn't catch this case because mmio_info_in_cache() returns false for a nested MMU (the MMIO caching currently handles L1 only, e.g. to cache nested guests' GPAs we'd have to manually flush the cache when switching between VMs and when L1 updated its page tables controlling the nested guest). Way back when, commit 68be0803456b ("KVM: x86: never re-execute instruction with enabled tdp") changed reexecute_instruction() to always return false when using TDP under the assumption that KVM would only get into the emulator for MMIO. Commit 95b3cf69bdf8 ("KVM: x86: let reexecute_instruction work for tdp") effectively reverted that behavior in order to handle the scenario where emulation failed due to an access from L1 to the shadow page tables for L2, but it didn't account for the case where emulation failed in L2 with TDP enabled. All of the above logic also applies to retry_instruction(), added by commit 1cb3f3ae5a38 ("KVM: x86: retry non-page-table writing instructions"). An indefinite loop in retry_instruction() should be impossible as it protects against retrying the same instruction over and over, but it's still correct to not retry an L2 instruction in the first place. Fix the immediate issue by adding a check for a nested guest when determining whether or not to allow retry in kvm_mmu_page_fault(). In addition to fixing the immediate bug, add WARN_ON_ONCE in the retry functions since they are not designed to handle nested cases, i.e. they need to be modified even if there is some scenario in the future where we want to allow retrying a nested guest. [1] This issue was encountered after commit 3a2936dedd20 ("kvm: mmu: Don't expose private memslots to L2") changed the page fault path to return KVM_PFN_NOSLOT when translating an L2 access to a prive memslot. Returning KVM_PFN_NOSLOT is semantically correct when we want to hide a memslot from L2, i.e. there effectively is no defined memory region for L2, but it has the unfortunate side effect of making KVM think the GFN is a MMIO page, thus triggering emulation. The failure occurred with in-development code that deliberately exposed a private memslot to L2, which L2 accessed with an instruction that is not emulated by KVM. Fixes: 95b3cf69bdf8 ("KVM: x86: let reexecute_instruction work for tdp") Fixes: 1cb3f3ae5a38 ("KVM: x86: retry non-page-table writing instructions") Signed-off-by: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: Jim Mattson <jmattson(a)google.com> Cc: Krish Sadhukhan <krish.sadhukhan(a)oracle.com> Cc: Xiao Guangrong <xiaoguangrong(a)tencent.com> Cc: stable(a)vger.kernel.org Signed-off-by: Radim Krčmář <rkrcmar(a)redhat.com> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index 01fb8701ccd0..f7e83b1e0eb2 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -5264,9 +5264,12 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code, * re-execute the instruction that caused the page fault. Do not allow * retrying MMIO emulation, as it's not only pointless but could also * cause us to enter an infinite loop because the processor will keep - * faulting on the non-existent MMIO address. + * faulting on the non-existent MMIO address. Retrying an instruction + * from a nested guest is also pointless and dangerous as we are only + * explicitly shadowing L1's page tables, i.e. unprotecting something + * for L1 isn't going to magically fix whatever issue cause L2 to fail. */ - if (!mmio_info_in_cache(vcpu, cr2, direct)) + if (!mmio_info_in_cache(vcpu, cr2, direct) && !is_guest_mode(vcpu)) emulation_type = EMULTYPE_ALLOW_RETRY; emulate: /* diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 924ce28723c4..cbe2921e972b 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -5873,6 +5873,9 @@ static bool reexecute_instruction(struct kvm_vcpu *vcpu, gva_t cr2, if (!(emulation_type & EMULTYPE_ALLOW_RETRY)) return false; + if (WARN_ON_ONCE(is_guest_mode(vcpu))) + return false; + if (!vcpu->arch.mmu.direct_map) { /* * Write permission should be allowed since only @@ -5961,6 +5964,9 @@ static bool retry_instruction(struct x86_emulate_ctxt *ctxt, if (!(emulation_type & EMULTYPE_ALLOW_RETRY)) return false; + if (WARN_ON_ONCE(is_guest_mode(vcpu))) + return false; + if (x86_page_table_writing_insn(ctxt)) return false;

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix data corruption when deduplicating between" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From de02b9f6bb65a6a1848f346f7a3617b7a9b930c0 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 17 Aug 2018 09:38:59 +0100 Subject: [PATCH] Btrfs: fix data corruption when deduplicating between different files If we deduplicate extents between two different files we can end up corrupting data if the source range ends at the size of the source file, the source file's size is not aligned to the filesystem's block size and the destination range does not go past the size of the destination file size. Example: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ xfs_io -f -c "pwrite -S 0x6b 0 2518890" /mnt/foo # The first byte with a value of 0xae starts at an offset (2518890) # which is not a multiple of the sector size. $ xfs_io -c "pwrite -S 0xae 2518890 102398" /mnt/foo # Confirm the file content is full of bytes with values 0x6b and 0xae. $ od -t x1 /mnt/foo 0000000 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b * 11467540 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b ae ae ae ae ae ae 11467560 ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae * 11777540 ae ae ae ae ae ae ae ae 11777550 # Create a second file with a length not aligned to the sector size, # whose bytes all have the value 0x6b, so that its extent(s) can be # deduplicated with the first file. $ xfs_io -f -c "pwrite -S 0x6b 0 557771" /mnt/bar # Now deduplicate the entire second file into a range of the first file # that also has all bytes with the value 0x6b. The destination range's # end offset must not be aligned to the sector size and must be less # then the offset of the first byte with the value 0xae (byte at offset # 2518890). $ xfs_io -c "dedupe /mnt/bar 0 1957888 557771" /mnt/foo # The bytes in the range starting at offset 2515659 (end of the # deduplication range) and ending at offset 2519040 (start offset # rounded up to the block size) must all have the value 0xae (and not # replaced with 0x00 values). In other words, we should have exactly # the same data we had before we asked for deduplication. $ od -t x1 /mnt/foo 0000000 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b * 11467540 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b ae ae ae ae ae ae 11467560 ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae * 11777540 ae ae ae ae ae ae ae ae 11777550 # Unmount the filesystem and mount it again. This guarantees any file # data in the page cache is dropped. $ umount /dev/sdb $ mount /dev/sdb /mnt $ od -t x1 /mnt/foo 0000000 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b * 11461300 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 00 11461320 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 * 11470000 ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae * 11777540 ae ae ae ae ae ae ae ae 11777550 # The bytes in range 2515659 to 2519040 have a value of 0x00 and not a # value of 0xae, data corruption happened due to the deduplication # operation. So fix this by rounding down, to the sector size, the length used for the deduplication when the following conditions are met: 1) Source file's range ends at its i_size; 2) Source file's i_size is not aligned to the sector size; 3) Destination range does not cross the i_size of the destination file. Fixes: e1d227a42ea2 ("btrfs: Handle unaligned length in extent_same") CC: stable(a)vger.kernel.org # 4.2+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 85c4284bb2cf..011ddfcc96e2 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -3469,6 +3469,25 @@ static int btrfs_extent_same_range(struct inode *src, u64 loff, u64 olen, same_lock_start = min_t(u64, loff, dst_loff); same_lock_len = max_t(u64, loff, dst_loff) + len - same_lock_start; + } else { + /* + * If the source and destination inodes are different, the + * source's range end offset matches the source's i_size, that + * i_size is not a multiple of the sector size, and the + * destination range does not go past the destination's i_size, + * we must round down the length to the nearest sector size + * multiple. If we don't do this adjustment we end replacing + * with zeroes the bytes in the range that starts at the + * deduplication range's end offset and ends at the next sector + * size multiple. + */ + if (loff + olen == i_size_read(src) && + dst_loff + len < i_size_read(dst)) { + const u64 sz = BTRFS_I(src)->root->fs_info->sectorsize; + + len = round_down(i_size_read(src), sz) - loff; + olen = len; + } } again:

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix data corruption when deduplicating between" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From de02b9f6bb65a6a1848f346f7a3617b7a9b930c0 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 17 Aug 2018 09:38:59 +0100 Subject: [PATCH] Btrfs: fix data corruption when deduplicating between different files If we deduplicate extents between two different files we can end up corrupting data if the source range ends at the size of the source file, the source file's size is not aligned to the filesystem's block size and the destination range does not go past the size of the destination file size. Example: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ xfs_io -f -c "pwrite -S 0x6b 0 2518890" /mnt/foo # The first byte with a value of 0xae starts at an offset (2518890) # which is not a multiple of the sector size. $ xfs_io -c "pwrite -S 0xae 2518890 102398" /mnt/foo # Confirm the file content is full of bytes with values 0x6b and 0xae. $ od -t x1 /mnt/foo 0000000 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b * 11467540 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b ae ae ae ae ae ae 11467560 ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae * 11777540 ae ae ae ae ae ae ae ae 11777550 # Create a second file with a length not aligned to the sector size, # whose bytes all have the value 0x6b, so that its extent(s) can be # deduplicated with the first file. $ xfs_io -f -c "pwrite -S 0x6b 0 557771" /mnt/bar # Now deduplicate the entire second file into a range of the first file # that also has all bytes with the value 0x6b. The destination range's # end offset must not be aligned to the sector size and must be less # then the offset of the first byte with the value 0xae (byte at offset # 2518890). $ xfs_io -c "dedupe /mnt/bar 0 1957888 557771" /mnt/foo # The bytes in the range starting at offset 2515659 (end of the # deduplication range) and ending at offset 2519040 (start offset # rounded up to the block size) must all have the value 0xae (and not # replaced with 0x00 values). In other words, we should have exactly # the same data we had before we asked for deduplication. $ od -t x1 /mnt/foo 0000000 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b * 11467540 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b ae ae ae ae ae ae 11467560 ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae * 11777540 ae ae ae ae ae ae ae ae 11777550 # Unmount the filesystem and mount it again. This guarantees any file # data in the page cache is dropped. $ umount /dev/sdb $ mount /dev/sdb /mnt $ od -t x1 /mnt/foo 0000000 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b * 11461300 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 00 11461320 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 * 11470000 ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae ae * 11777540 ae ae ae ae ae ae ae ae 11777550 # The bytes in range 2515659 to 2519040 have a value of 0x00 and not a # value of 0xae, data corruption happened due to the deduplication # operation. So fix this by rounding down, to the sector size, the length used for the deduplication when the following conditions are met: 1) Source file's range ends at its i_size; 2) Source file's i_size is not aligned to the sector size; 3) Destination range does not cross the i_size of the destination file. Fixes: e1d227a42ea2 ("btrfs: Handle unaligned length in extent_same") CC: stable(a)vger.kernel.org # 4.2+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 85c4284bb2cf..011ddfcc96e2 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -3469,6 +3469,25 @@ static int btrfs_extent_same_range(struct inode *src, u64 loff, u64 olen, same_lock_start = min_t(u64, loff, dst_loff); same_lock_len = max_t(u64, loff, dst_loff) + len - same_lock_start; + } else { + /* + * If the source and destination inodes are different, the + * source's range end offset matches the source's i_size, that + * i_size is not a multiple of the sector size, and the + * destination range does not go past the destination's i_size, + * we must round down the length to the nearest sector size + * multiple. If we don't do this adjustment we end replacing + * with zeroes the bytes in the range that starts at the + * deduplication range's end offset and ends at the next sector + * size multiple. + */ + if (loff + olen == i_size_read(src) && + dst_loff + len < i_size_read(dst)) { + const u64 sz = BTRFS_I(src)->root->fs_info->sectorsize; + + len = round_down(i_size_read(src), sz) - loff; + olen = len; + } } again:

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: VDSO: Match data page cache colouring when D$ aliases" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0f02cfbc3d9e413d450d8d0fd660077c23f67eff Mon Sep 17 00:00:00 2001 From: Paul Burton <paul.burton(a)mips.com> Date: Thu, 30 Aug 2018 11:01:21 -0700 Subject: [PATCH] MIPS: VDSO: Match data page cache colouring when D$ aliases When a system suffers from dcache aliasing a user program may observe stale VDSO data from an aliased cache line. Notably this can break the expectation that clock_gettime(CLOCK_MONOTONIC, ...) is, as its name suggests, monotonic. In order to ensure that users observe updates to the VDSO data page as intended, align the user mappings of the VDSO data page such that their cache colouring matches that of the virtual address range which the kernel will use to update the data page - typically its unmapped address within kseg0. This ensures that we don't introduce aliasing cache lines for the VDSO data page, and therefore that userland will observe updates without requiring cache invalidation. Signed-off-by: Paul Burton <paul.burton(a)mips.com> Reported-by: Hauke Mehrtens <hauke(a)hauke-m.de> Reported-by: Rene Nielsen <rene.nielsen(a)microsemi.com> Reported-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> Fixes: ebb5e78cc634 ("MIPS: Initial implementation of a VDSO") Patchwork: https://patchwork.linux-mips.org/patch/20344/ Tested-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> Tested-by: Hauke Mehrtens <hauke(a)hauke-m.de> Cc: James Hogan <jhogan(a)kernel.org> Cc: linux-mips(a)linux-mips.org Cc: stable(a)vger.kernel.org # v4.4+ diff --git a/arch/mips/kernel/vdso.c b/arch/mips/kernel/vdso.c index 019035d7225c..8f845f6e5f42 100644 --- a/arch/mips/kernel/vdso.c +++ b/arch/mips/kernel/vdso.c @@ -13,6 +13,7 @@ #include <linux/err.h> #include <linux/init.h> #include <linux/ioport.h> +#include <linux/kernel.h> #include <linux/mm.h> #include <linux/sched.h> #include <linux/slab.h> @@ -20,6 +21,7 @@ #include <asm/abi.h> #include <asm/mips-cps.h> +#include <asm/page.h> #include <asm/vdso.h> /* Kernel-provided data used by the VDSO. */ @@ -128,12 +130,30 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) vvar_size = gic_size + PAGE_SIZE; size = vvar_size + image->size; + /* + * Find a region that's large enough for us to perform the + * colour-matching alignment below. + */ + if (cpu_has_dc_aliases) + size += shm_align_mask + 1; + base = get_unmapped_area(NULL, 0, size, 0, 0); if (IS_ERR_VALUE(base)) { ret = base; goto out; } + /* + * If we suffer from dcache aliasing, ensure that the VDSO data page + * mapping is coloured the same as the kernel's mapping of that memory. + * This ensures that when the kernel updates the VDSO data userland + * will observe it without requiring cache invalidations. + */ + if (cpu_has_dc_aliases) { + base = __ALIGN_MASK(base, shm_align_mask); + base += ((unsigned long)&vdso_data - gic_size) & shm_align_mask; + } + data_addr = base + gic_size; vdso_addr = data_addr + PAGE_SIZE;

6 years, 9 months

1
0
0 0

v4.4.156 build: 0 failures 31 warnings (v4.4.156)

by Build bot for Mark Brown

Tree/Branch: v4.4.156 Git describe: v4.4.156 Commit: c40a7b3592 Linux 4.4.156 Build Time: 68 min 54 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 31 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 19 warnings 0 mismatches : arm64-allmodconfig 17 warnings 0 mismatches : x86_64-allmodconfig ------------------------------------------------------------------------------- Warnings Summary: 31 3 warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) 2 ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=] 2 ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 2 ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2752 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2720 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:4759:1: warning: the frame size of 2056 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2096 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 6784 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5864 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5840 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2304 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2288 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2104 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2552 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2544 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3264 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3248 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 3008 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 2992 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5296 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv0367.c:3147:1: warning: the frame size of 4144 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv0367.c:2490:1: warning: the frame size of 3424 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2984 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2976 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4336 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4328 bytes is larger than 2048 bytes [-Wframe-larger-than=] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 19 warnings, 0 section mismatches Warnings: warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 2992 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2288 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3248 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2544 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5840 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 6784 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv0367.c:2490:1: warning: the frame size of 3424 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2976 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4336 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2720 bytes is larger than 2048 bytes [-Wframe-larger-than=] ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 17 warnings, 0 section mismatches Warnings: ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 3008 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2104 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2304 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2096 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3264 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5296 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4759:1: warning: the frame size of 2056 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2552 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5864 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv0367.c:3147:1: warning: the frame size of 4144 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2984 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4328 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2752 bytes is larger than 2048 bytes [-Wframe-larger-than=] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm64-defconfig

6 years, 9 months

1
0
0 0

[PATCH v2 2/3] ext4, dax: set ext4_dax_aops for dax files

by Toshi Kani

Sync syscall to DAX file needs to flush processor cache, but it currently does not flush to existing DAX files. This is because 'ext4_da_aops' is set to address_space_operations of existing DAX files, instead of 'ext4_dax_aops', since S_DAX flag is set after ext4_set_aops() in the open path. New file -------- lookup_open ext4_create __ext4_new_inode ext4_set_inode_flags // Set S_DAX flag ext4_set_aops // Set aops to ext4_dax_aops Existing file ------------- lookup_open ext4_lookup ext4_iget ext4_set_aops // Set aops to ext4_da_aops ext4_set_inode_flags // Set S_DAX flag Change ext4_iget() to initialize i_flags before ext4_set_aops(). Fixes: 5f0663bb4a64 ("ext4, dax: introduce ext4_dax_aops") Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Suggested-by: Jan Kara <jack(a)suse.cz> Cc: Jan Kara <jack(a)suse.cz> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: "Theodore Ts'o" <tytso(a)mit.edu> Cc: Andreas Dilger <adilger.kernel(a)dilger.ca> Cc: <stable(a)vger.kernel.org> --- fs/ext4/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index e4acaa980467..b19387b75f2b 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4896,6 +4896,7 @@ struct inode *ext4_iget(struct super_block *sb, unsigned long ino) * not initialized on a new filesystem. */ } ei->i_flags = le32_to_cpu(raw_inode->i_flags); + ext4_set_inode_flags(inode); inode->i_blocks = ext4_inode_blocks(raw_inode, ei); ei->i_file_acl = le32_to_cpu(raw_inode->i_file_acl_lo); if (ext4_has_feature_64bit(sb)) @@ -5042,7 +5043,6 @@ struct inode *ext4_iget(struct super_block *sb, unsigned long ino) goto bad_inode; } brelse(iloc.bh); - ext4_set_inode_flags(inode); unlock_new_inode(inode); return inode;

6 years, 9 months

2
1
0 0

[PATCH v2 1/3] ext4, dax: add ext4_bmap to ext4_dax_aops

by Toshi Kani

Ext4 mount path calls .bmap to the journal inode. This currently works for the DAX mount case because ext4_iget() always set 'ext4_da_aops' to any regular files. In preparation to fix ext4_iget() to set 'ext4_dax_aops' for ext4 DAX files, add ext4_bmap() to 'ext4_dax_aops'. .bmap works for DAX inodes. [1] [1]: https://lkml.org/lkml/2018/9/12/803 Fixes: 5f0663bb4a64 ("ext4, dax: introduce ext4_dax_aops") Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Suggested-by: Jan Kara <jack(a)suse.cz> Cc: Jan Kara <jack(a)suse.cz> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: "Theodore Ts'o" <tytso(a)mit.edu> Cc: Andreas Dilger <adilger.kernel(a)dilger.ca> Cc: <stable(a)vger.kernel.org> --- fs/ext4/inode.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index d0dd585add6a..e4acaa980467 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3948,6 +3948,7 @@ static const struct address_space_operations ext4_dax_aops = { .writepages = ext4_dax_writepages, .direct_IO = noop_direct_IO, .set_page_dirty = noop_set_page_dirty, + .bmap = ext4_bmap, .invalidatepage = noop_invalidatepage, };

6 years, 9 months

2
1
0 0

v4.18.8 build: 0 failures 3 warnings (v4.18.8)

by Build bot for Mark Brown

Tree/Branch: v4.18.8 Git describe: v4.18.8 Commit: dfba61ec76 Linux 4.18.8 Build Time: 123 min 29 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 3 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : arm64-allnoconfig 3 warnings 0 mismatches : arm64-allmodconfig 2 warnings 0 mismatches : arm-multi_v5_defconfig 2 warnings 0 mismatches : arm-multi_v7_defconfig 2 warnings 0 mismatches : arm-allmodconfig 1 warnings 0 mismatches : arm-allnoconfig 1 warnings 0 mismatches : arm-multi_v4t_defconfig 2 warnings 0 mismatches : arm64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 3 8 <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] 5 <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] 1 ../drivers/isdn/hardware/eicon/message.c:5985:1: warning: the frame size of 2064 bytes is larger than 2048 bytes [-Wframe-larger-than=] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 3 warnings, 0 section mismatches Warnings: <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ../drivers/isdn/hardware/eicon/message.c:5985:1: warning: the frame size of 2064 bytes is larger than 2048 bytes [-Wframe-larger-than=] <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-multi_v5_defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-multi_v7_defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-allmodconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-allnoconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm-multi_v4t_defconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: <stdin>:1332:2: warning: #warning syscall io_pgetevents not implemented [-Wcpp] ------------------------------------------------------------------------------- arm64-defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig x86_64-allmodconfig x86_64-defconfig

6 years, 9 months

1
0
0 0

Linux 4.18.8

by Greg KH

I'm announcing the release of the 4.18.8 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-rockchip/Kconfig | 1 arch/arm64/Kconfig.platforms | 1 arch/powerpc/include/asm/topology.h | 5 arch/powerpc/include/asm/uaccess.h | 13 - arch/powerpc/kernel/exceptions-64s.S | 6 arch/powerpc/kernel/smp.c | 5 arch/powerpc/mm/numa.c | 20 - arch/powerpc/platforms/85xx/t1042rdb_diu.c | 4 arch/powerpc/platforms/pseries/ras.c | 2 arch/powerpc/sysdev/mpic_msgr.c | 2 arch/riscv/kernel/vdso/Makefile | 4 arch/s390/kernel/crash_dump.c | 17 + arch/um/Makefile | 3 arch/x86/include/asm/mce.h | 1 arch/x86/include/asm/pgtable-3level.h | 7 arch/x86/kernel/tsc.c | 4 arch/x86/kvm/mmu.c | 43 +++ arch/x86/kvm/vmx.c | 26 +- arch/x86/kvm/x86.c | 12 - arch/x86/xen/mmu_pv.c | 7 block/bio.c | 2 block/blk-core.c | 4 block/blk-mq-tag.c | 3 block/blk-mq.c | 8 block/cfq-iosched.c | 22 + drivers/acpi/acpica/hwregs.c | 9 drivers/acpi/scan.c | 5 drivers/clk/rockchip/clk-rk3399.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 23 -- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 38 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c | 21 - drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 17 - drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 20 - drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 2 drivers/gpu/drm/amd/amdgpu/psp_v10_0.c | 3 drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c | 3 drivers/gpu/drm/amd/amdgpu/vcn_v1_0.c | 40 ++- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crc.c | 10 drivers/gpu/drm/amd/display/dc/bios/command_table.c | 18 + drivers/gpu/drm/amd/display/dc/core/dc_link.c | 11 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 68 ++++-- drivers/gpu/drm/amd/display/dc/dc.h | 1 drivers/gpu/drm/amd/display/dc/dce/dce_link_encoder.c | 4 drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c | 2 drivers/gpu/drm/amd/display/dc/dce110/dce110_compressor.c | 2 drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c | 4 drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c | 3 drivers/gpu/drm/amd/display/dc/inc/resource.h | 5 drivers/gpu/drm/amd/powerplay/hwmgr/smu7_powertune.c | 43 +++ drivers/gpu/drm/amd/powerplay/hwmgr/smu8_hwmgr.c | 5 drivers/gpu/drm/amd/powerplay/hwmgr/vega12_hwmgr.c | 2 drivers/gpu/drm/drm_edid.c | 6 drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 1 drivers/gpu/drm/i915/i915_drv.c | 10 drivers/gpu/drm/i915/i915_drv.h | 8 drivers/gpu/drm/i915/i915_reg.h | 1 drivers/gpu/drm/i915/intel_ddi.c | 4 drivers/gpu/drm/i915/intel_dp.c | 33 +- drivers/gpu/drm/i915/intel_hdmi.c | 8 drivers/gpu/drm/i915/intel_lpe_audio.c | 4 drivers/gpu/drm/i915/intel_lspcon.c | 2 drivers/gpu/drm/i915/intel_lvds.c | 136 ------------ drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 69 ++++-- drivers/gpu/drm/rockchip/rockchip_lvds.c | 4 drivers/hid/hid-redragon.c | 26 -- drivers/i2c/i2c-core-acpi.c | 8 drivers/infiniband/hw/hfi1/affinity.c | 24 +- drivers/infiniband/hw/hns/hns_roce_pd.c | 2 drivers/infiniband/hw/hns/hns_roce_qp.c | 5 drivers/input/input.c | 16 + drivers/iommu/omap-iommu.c | 4 drivers/iommu/rockchip-iommu.c | 45 ++- drivers/irqchip/irq-bcm7038-l1.c | 4 drivers/irqchip/irq-stm32-exti.c | 25 +- drivers/md/dm-kcopyd.c | 2 drivers/mfd/sm501.c | 1 drivers/mtd/ubi/vtbl.c | 20 - drivers/net/ethernet/broadcom/bnxt/bnxt.c | 9 drivers/net/ethernet/broadcom/bnxt/bnxt.h | 3 drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c | 7 drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 20 - drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.h | 1 drivers/net/ethernet/broadcom/genet/bcmgenet.h | 3 drivers/net/ethernet/broadcom/genet/bcmmii.c | 10 drivers/net/ethernet/cadence/macb_main.c | 36 ++- drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 2 drivers/net/ethernet/mellanox/mlx5/core/wq.c | 5 drivers/net/ethernet/mellanox/mlxsw/spectrum.h | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 11 drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c | 20 + drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 48 ++-- drivers/net/ethernet/qlogic/qlge/qlge_main.c | 23 -- drivers/net/ethernet/realtek/r8169.c | 7 drivers/net/ethernet/stmicro/stmmac/stmmac.h | 1 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 drivers/net/hyperv/netvsc_drv.c | 16 + drivers/net/usb/r8152.c | 4 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 8 drivers/pci/controller/pci-mvebu.c | 2 drivers/pci/probe.c | 12 - drivers/pinctrl/pinctrl-axp209.c | 26 +- drivers/platform/x86/asus-nb-wmi.c | 1 drivers/platform/x86/intel_punit_ipc.c | 1 drivers/pwm/pwm-meson.c | 3 drivers/s390/block/dasd_eckd.c | 10 drivers/scsi/aic94xx/aic94xx_init.c | 4 drivers/staging/comedi/drivers/ni_mio_common.c | 3 drivers/vhost/vhost.c | 2 drivers/virtio/virtio_pci_legacy.c | 14 + drivers/xen/xen-balloon.c | 2 fs/btrfs/check-integrity.c | 7 fs/btrfs/dev-replace.c | 6 fs/btrfs/extent-tree.c | 2 fs/btrfs/relocation.c | 23 +- fs/btrfs/super.c | 44 ++- fs/btrfs/tree-checker.c | 15 + fs/btrfs/volumes.c | 94 +++++--- fs/cifs/cifs_debug.c | 8 fs/cifs/connect.c | 8 fs/cifs/smb2misc.c | 7 fs/cifs/smb2pdu.c | 103 ++++----- fs/dcache.c | 3 fs/f2fs/data.c | 8 fs/f2fs/file.c | 48 ++-- fs/fat/cache.c | 19 + fs/fat/fat.h | 5 fs/fat/fatent.c | 6 fs/hfs/brec.c | 7 fs/hfsplus/dir.c | 4 fs/hfsplus/super.c | 4 fs/nfs/nfs4proc.c | 2 fs/proc/kcore.c | 4 fs/proc/vmcore.c | 2 fs/reiserfs/reiserfs.h | 2 include/linux/pci_ids.h | 2 include/net/tcp.h | 4 include/uapi/linux/keyctl.h | 2 kernel/bpf/inode.c | 8 kernel/bpf/sockmap.c | 120 ++++++---- kernel/fork.c | 5 kernel/workqueue.c | 45 ++- lib/debugobjects.c | 7 mm/Kconfig | 2 mm/fadvise.c | 8 net/9p/trans_fd.c | 10 net/9p/trans_virtio.c | 3 net/core/xdp.c | 14 - net/ipv4/ip_gre.c | 3 net/ipv4/tcp_ipv4.c | 6 net/ipv4/tcp_minisocks.c | 3 net/ipv4/tcp_ulp.c | 4 net/ipv6/ip6_fib.c | 7 net/ipv6/ip6_gre.c | 1 net/ipv6/ip6_vti.c | 7 net/ipv6/netfilter/ip6t_rpfilter.c | 12 - net/ipv6/route.c | 3 net/netfilter/ipvs/ip_vs_core.c | 15 - net/netfilter/nf_conntrack_netlink.c | 26 +- net/netfilter/nfnetlink_acct.c | 29 +- net/netfilter/x_tables.c | 7 net/rds/ib_frmr.c | 1 net/sched/act_ife.c | 78 +++--- net/sched/act_pedit.c | 18 + net/sched/cls_u32.c | 10 net/sctp/proc.c | 8 net/sctp/socket.c | 22 + net/sunrpc/auth_gss/gss_krb5_crypto.c | 12 - net/tipc/name_table.c | 10 net/tipc/name_table.h | 9 net/tipc/socket.c | 2 net/tls/tls_main.c | 1 samples/bpf/xdp_redirect_cpu_user.c | 3 samples/bpf/xdp_rxq_info_user.c | 3 scripts/coccicheck | 5 scripts/depmod.sh | 4 scripts/mod/modpost.c | 8 security/apparmor/policy_ns.c | 2 security/keys/dh.c | 2 security/selinux/selinuxfs.c | 33 ++ sound/soc/codecs/rt5677.c | 2 sound/soc/codecs/wm8994.c | 1 tools/perf/arch/arm64/util/arm-spe.c | 1 tools/perf/arch/powerpc/util/sym-handling.c | 4 tools/perf/util/namespaces.c | 3 tools/testing/selftests/powerpc/harness.c | 18 + 194 files changed, 1497 insertions(+), 953 deletions(-) Ahmad Fatoum (1): net: macb: Fix regression breaking non-MDIO fixed-link PHYs Aleh Filipovich (1): platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 Alex Deucher (1): drm/amdgpu: update uvd_v6_0_ring_vm_funcs to use new nop packet Alexey Kodanev (2): vti6: remove !skb->ignore_df check from vti6_xmit() ipv6: don't get lwtstate twice in ip6_rt_copy_init() Anand Jain (5): btrfs: fix in-memory value of total_devices after seed device deletion btrfs: do btrfs_free_stale_devices outside of device_list_add btrfs: extend locked section when adding a new device in device_list_add btrfs: rename local devices for fs_devices in btrfs_free_stale_devices( btrfs: use device_list_mutex when removing stale devices Andrey Ryabinin (1): mm/fadvise.c: fix signed overflow UBSAN complaint Anssi Hannula (1): net: macb: do not disable MDIO bus at open/close time Anthony Wong (1): r8169: add support for NCube 8168 network card Anton Vasilyev (1): pinctrl: axp209: Fix NULL pointer dereference after allocation Arnd Bergmann (4): fs/proc/vmcore.c: hide vmcoredd_mmap_dumps() for nommu builds reiserfs: change j_timestamp type to time64_t x86/mce: Add notifier_block forward declaration x86: kvm: avoid unused variable warning Aurelien Aptel (1): CIFS: fix memory leak and remove dead code Azat Khuzhin (1): r8169: set RxConfig after tx/rx is enabled for RTL8169sb/8110sb devices Bart Van Assche (2): cfq: Suppress compiler warnings about comparisons btrfs: Fix a C compliance issue Benno Evers (1): perf tools: Check for null when copying nsinfo. Breno Leitao (1): selftests/powerpc: Kill child processes on SIGINT Chao Yu (3): f2fs: avoid race between zero_range and background GC f2fs: fix avoid race between truncate and background GC f2fs: fix to clear PG_checked flag in set_page_dirty() Chris Wilson (1): drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks" Christian König (2): drm/amdgpu: fix incorrect use of fcheck drm/amdgpu: fix incorrect use of drm_file->pid Chuanhua Lei (1): x86/tsc: Prevent result truncation on 32bit Cong Wang (4): act_ife: fix a potential use-after-free act_ife: move tcfa_lock down to where necessary act_ife: fix a potential deadlock tipc: fix a missing rhashtable_walk_exit() Dan Carpenter (4): apparmor: fix an error code in __aa_create_ns() irqchip/stm32: Fix init error handling powerpc: Fix size calculation using resource_size() scsi: aic94xx: fix an error code in aic94xx_init() Daniel Borkmann (5): bpf, sockmap: fix map elem deletion race with smap_stop_sock tcp, ulp: fix leftover icsk_ulp_ops preventing sock from reattach bpf, sockmap: fix sock_map_ctx_update_elem race with exist/noexist bpf, sockmap: fix leakage of smap_psock_map_entry tcp, ulp: add alias for all ulp modules David Ahern (2): net/ipv6: Only update MTU metric if it set net/ipv6: Put lwtstate when destroying fib6_info David Francis (1): drm/amd/display: Read back max backlight value at boot David Sterba (5): btrfs: lift uuid_mutex to callers of btrfs_open_devices btrfs: lift uuid_mutex to callers of btrfs_scan_one_device btrfs: lift uuid_mutex to callers of btrfs_parse_early_options btrfs: reorder initialization before the mount locks uuid_mutex btrfs: fix mount and ioctl device scan ioctl race Davide Caratti (1): net/sched: act_pedit: fix dump of extended layered op Denis Efremov (1): coccicheck: return proper error code on fail Dexuan Cui (1): hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() Dmitry Torokhov (1): Input: do not use WARN() in input_alloc_absinfo() Doug Berger (1): net: bcmgenet: use MAC link status for fixed phy Eric Dumazet (1): ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state Erik Schmauss (1): ACPICA: ACPICA: add status check for acpi_hw_read before assigning return value Ernesto A. Fernández (2): hfs: prevent crash on exit from failed search hfsplus: fix NULL dereference in hfsplus_lookup() Evan Quan (1): drm/amd/powerplay: fixed uninitialized value Florian Westphal (3): tcp: do not restart timewait timer on rst reception netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses netfilter: fix memory leaks on netlink_dump_start error Fredrik Schön (1): drm/i915: Increase LSPCON timeout Gal Pressman (1): RDMA/hns: Fix usage of bitmap allocation functions return values Greg Edwards (1): block: bvec_nr_vecs() returns value for wrong slab Greg Kroah-Hartman (1): Linux 4.18.8 Guenter Roeck (1): mfd: sm501: Set coherent_dma_mask when creating subdevices Gustavo A. R. Silva (2): drm/amd/display: fix type of variable ASoC: wm8994: Fix missing break in switch Haiqing Bai (1): tipc: fix the big/little endian issue in tipc_dest Haishuang Yan (2): ip6_vti: fix creating fallback tunnel device for vti6 ip6_vti: fix a null pointer deference when destroy vti6 tunnel Hangbin Liu (1): net/ipv6: init ip6 anycast rt->dst.input as ip6_input Hans de Goede (2): i2c: core: ACPI: Make acpi_gsb_i2c_read_bytes() check i2c_transfer return value ACPI / scan: Initialize status to ACPI_STA_DEFAULT Harry Wentland (1): drm/amd/display: Report non-DP display as disconnected without EDID Heiko Stuebner (1): drm/rockchip: vop: split out core clock enablement into separate functions Ian Abbott (1): staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice Ido Schimmel (1): mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge Jakub Kicinski (1): nfp: wait for posted reconfigs when disabling the device James Morse (1): fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries James Zhu (2): drm/amdgpu: update tmr mc address drm/amdgpu:add tmr mc address into amdgpu_firmware_info Jan-Marek Glogowski (1): drm/i915: Re-apply "Perform link quality check, unconditionally during long pulse" Jani Nikula (1): drm/i915: set DP Main Stream Attribute for color range on DDI platforms Jann Horn (1): fork: don't copy inconsistent signal handler state to child Jason Wang (1): vhost: correctly check the iova range when waking virtqueue Jean-Philippe Brucker (1): net/9p: fix error path of p9_virtio_probe Jens Axboe (1): block: don't warn for flush on read-only device Jerome Brunet (2): Revert "net: stmmac: Do not keep rearming the coalesce timer in stmmac_xmit" pwm: meson: Fix mux clock names Jesper Dangaard Brouer (1): samples/bpf: all XDP samples should unload xdp/bpf prog on SIGTERM Jian Shen (1): net: hns3: Fix for phy link issue when using marvell phy driver Jianchao Wang (1): blk-mq: count the hctx as active before allocating tag Jim Mattson (1): kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 Joel Fernandes (Google) (1): debugobjects: Make stack check warning more informative Johannes Berg (2): workqueue: skip lockdep wq dependency in cancel_work_sync() workqueue: re-add lockdep dependencies for flushing John Pittman (1): dm kcopyd: avoid softlockup in run_complete_job Jonas Gorski (1): irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP Juergen Gross (2): x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear x86/xen: don't write ptes directly in 32-bit PV guests Julia Lawall (1): drm/rockchip: lvds: add missing of_node_put Junaid Shahid (1): kvm: x86: Set highest physical address bits in non-present/reserved SPTEs Kai-Heng Feng (2): r8152: disable RX aggregation on new Dell TB16 dock drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 Kees Cook (1): net: sched: Fix memory exposure from short TCA_U32_SEL Kim Phillips (1): perf arm spe: Fix uninitialized record error variable Laura Abbott (1): sunrpc: Don't use stack buffer with scatterlist Leo (Sunpeng) Li (1): drm/amd/display: Use requested HDMI aspect ratio Levin Du (1): clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 Likun Gao (3): drm/amdgpu:add new firmware id for VCN drm/amdgpu:add VCN support in PSP driver drm/amdgpu:add VCN booting with firmware loaded by PSP Lubosz Sarnecki (1): drm/edid: Quirk Vive Pro VR headset non-desktop. Lucas Stach (1): drm/etnaviv: fix crash in GPU suspend when init failed due to buffer placement Mahesh Salgaonkar (1): powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX. Manish Chopra (1): qlge: Fix netdev features configuration. Marc Zyngier (4): iommu/rockchip: Handle errors returned from PM framework iommu/rockchip: Move irq request past pm_runtime_enable arm64: rockchip: Force CONFIG_PM on Rockchip systems ARM: rockchip: Force CONFIG_PM on Rockchip systems Masahiro Yamada (1): um: fix parallel building with O= option Matthias Kaehlcke (1): ASoC: rt5677: Fix initialization of rt5677_of_match.data Michael Chan (2): bnxt_en: Clean up unused functions. bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA. Michael Ellerman (2): powerpc/uaccess: Enable get_user(u64, *p) on 32-bit powerpc/64s: Make rfi_flush_fallback a little more robust Michael J. Ruhl (1): IB/hfi1: Invalid NUMA node information can cause a divide by zero Michal Hocko (1): netfilter: x_tables: do not fail xt_alloc_table_info too easilly Michel Dänzer (5): drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode drm/amdgpu: Keep track of amount of pinned CPU visible VRAM drm/amdgpu: Make pin_size values atomic drm/amdgpu: Warn and update pin_size values when destroying a pinned BO drm/amdgpu: Don't warn on destroying a pinned BO Mike Rapoport (1): mm: make DEFERRED_STRUCT_PAGE_INIT explicitly depend on SPARSEMEM Mikita Lipski (4): drm/amd/display: Don't share clk source between DP and HDMI drm/amd/display: update clk for various HDMI color depths drm/amd/display: Pass connector id when executing VBIOS CT drm/amd/display: Check if clock source in use before disabling Misono Tomohiro (1): btrfs: replace: Reset on-disk dev stats value after replace Myron Stowe (1): PCI: Match Root Port's MPS to endpoint's MPSS as necessary Nadav Amit (1): mm: respect arch_dup_mmap() return value Nicholas Kazlauskas (1): drm/amd/display: Guard against null crtc in CRC IRQ OGAWA Hirofumi (1): fat: validate ->i_start before using Palmer Dabbelt (1): RISC-V: Use KBUILD_CFLAGS instead of KCFLAGS when building the vDSO Philipp Rudo (1): s390/kdump: Fix memleak in nt_vmcoreinfo Qu Wenruo (5): btrfs: Exit gracefully when chunk map cannot be inserted to the tree btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized btrfs: tree-checker: Detect invalid and empty essential trees btrfs: check-integrity: Fix NULL pointer dereference for degraded mount btrfs: Don't remove block group that still has pinned down bytes Ralf Goebel (1): iommu/omap: Fix cache flushes on L2 table entries Randy Dunlap (5): scripts: modpost: check memory allocation results platform/x86: intel_punit_ipc: fix build errors powerpc/platforms/85xx: fix t1042rdb_diu.c build errors & warning uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name kbuild: make missing $DEPMOD a Warning instead of an Error Rex Zhu (3): drm/amdgpu: fix a reversed condition drm/amd/pp: Convert voltage unit in mV*4 to mV on CZ/ST drm/amd/pp/Polaris12: Fix a chunk of registers missed to program Richard Weinberger (1): ubi: Initialize Fastmap checkmapping correctly Robert Munteanu (1): HID: redragon: fix num lock and caps lock LEDs Rodrigo Vivi (1): drm/i915: Free write_buf that we allocated with kzalloc. Roger Pau Monne (1): xen/balloon: fix balloon initialization for PVH Dom0 Ronnie Sahlberg (1): cifs: check if SMB2 PDU size has been padded and suppress the warning Sandipan Das (1): perf probe powerpc: Fix trace event post-processing Sandy Huang (1): drm/rockchip: vop: fix irq disabled after vop driver probed Sean Christopherson (1): KVM: vmx: track host_state.loaded using a loaded_vmcs pointer Srikar Dronamraju (1): powerpc/topology: Get topology for shared processors at boot Stefan Haberland (2): s390/dasd: fix hanging offline processing due to canceled worker s390/dasd: fix panic for failed online processing Stephen Hemminger (1): hv_netvsc: ignore devices that are not PCI Steve French (3): smb3: fix reset of bytes read and written stats SMB3: Number of requests sent should be displayed for SMB3 not just CIFS smb3: if server does not support posix do not allow posix mount option Suzuki K Poulose (1): virtio: pci-legacy: Validate queue pfn Tan Hu (1): ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() Tariq Toukan (2): net/mlx5: Fix SQ offset in QPs with small RQ net/xdp: Fix suspicious RCU usage warning Tetsuo Handa (2): hfsplus: don't return 0 when fill_super() failed fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() Thomas Petazzoni (1): PCI: mvebu: Fix I/O space end address calculation Tomas Bortoli (1): net/9p/trans_fd.c: fix race by holding the lock Ville Syrjälä (1): drm/i915: Nuke the LVDS lid notifier Vlad Buslov (1): net: sched: action_ife: take reference to meta module Wei Yongjun (1): NFSv4: Fix error handling in nfs4_sp4_select_mode() Winnie Chang (1): brcmfmac: fix brcmf_wiphy_wowl_params() NULL pointer dereference Xi Wang (1): net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero Xin Long (3): sctp: remove useless start_fail from sctp_ht_iter in proc erspan: set erspan_ver to 1 by default when adding an erspan dev sctp: hold transport before accessing its asoc in sctp_transport_get_next Yonghong Song (1): bpf: fix bpffs non-array map seq_show issue YueHaibing (1): RDS: IB: fix 'passing zero to ERR_PTR()' warning nixiaoming (1): selinux: cleanup dentry and inodes on error in selinuxfs

6 years, 9 months

1
1
0 0

Linux 4.14.70

by Greg KH

I'm announcing the release of the 4.14.70 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/configs/imx_v6_v7_defconfig | 2 arch/arm/mach-rockchip/Kconfig | 1 arch/arm64/Kconfig.platforms | 1 arch/arm64/include/asm/cache.h | 5 arch/arm64/include/asm/cpucaps.h | 3 arch/arm64/kernel/cpu_errata.c | 25 +++- arch/arm64/kernel/cpufeature.c | 4 arch/powerpc/include/asm/uaccess.h | 13 +- arch/powerpc/kernel/exceptions-64s.S | 6 + arch/powerpc/platforms/85xx/t1042rdb_diu.c | 4 arch/powerpc/platforms/pseries/ras.c | 2 arch/powerpc/sysdev/mpic_msgr.c | 2 arch/s390/kernel/crash_dump.c | 17 ++- arch/s390/lib/mem.S | 12 +- arch/x86/include/asm/mce.h | 1 arch/x86/include/asm/pgtable-3level.h | 7 - arch/x86/kvm/mmu.c | 43 +++++++- arch/x86/kvm/vmx.c | 26 +++- arch/x86/kvm/x86.c | 12 +- arch/x86/xen/mmu_pv.c | 7 - block/bio.c | 2 block/cfq-iosched.c | 22 ++-- drivers/acpi/scan.c | 5 drivers/clk/rockchip/clk-rk3399.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 17 +-- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 2 drivers/gpu/drm/amd/amdgpu/psp_v10_0.c | 3 drivers/gpu/drm/amd/amdgpu/vcn_v1_0.c | 40 +++++-- drivers/gpu/drm/amd/powerplay/hwmgr/smu7_powertune.c | 43 ++++++++ drivers/gpu/drm/drm_edid.c | 3 drivers/gpu/drm/i915/intel_lpe_audio.c | 4 drivers/gpu/drm/i915/intel_lspcon.c | 2 drivers/hid/hid-ids.h | 1 drivers/hid/usbhid/hid-quirks.c | 1 drivers/infiniband/hw/hfi1/affinity.c | 24 +++- drivers/infiniband/hw/hns/hns_roce_pd.c | 2 drivers/infiniband/hw/hns/hns_roce_qp.c | 5 drivers/input/input.c | 16 ++- drivers/iommu/omap-iommu.c | 4 drivers/irqchip/irq-bcm7038-l1.c | 4 drivers/lightnvm/pblk-core.c | 1 drivers/lightnvm/pblk-write.c | 7 + drivers/md/dm-kcopyd.c | 2 drivers/mfd/sm501.c | 1 drivers/net/ethernet/broadcom/genet/bcmgenet.h | 3 drivers/net/ethernet/broadcom/genet/bcmmii.c | 10 + drivers/net/ethernet/cadence/macb_main.c | 9 + drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum.h | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 11 ++ drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c | 20 +++ drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 48 ++++++--- drivers/net/ethernet/qlogic/qlge/qlge_main.c | 23 +--- drivers/net/ethernet/realtek/r8169.c | 1 drivers/net/hyperv/netvsc_drv.c | 16 ++- drivers/pci/host/pci-mvebu.c | 2 drivers/platform/x86/asus-nb-wmi.c | 1 drivers/platform/x86/intel_punit_ipc.c | 1 drivers/pwm/pwm-meson.c | 3 drivers/s390/block/dasd_eckd.c | 10 + drivers/scsi/aic94xx/aic94xx_init.c | 4 drivers/staging/comedi/drivers/ni_mio_common.c | 3 drivers/staging/irda/net/af_irda.c | 13 ++ drivers/usb/dwc3/core.c | 47 ++++++-- drivers/usb/dwc3/core.h | 5 drivers/vhost/vhost.c | 2 drivers/virtio/virtio_pci_legacy.c | 14 ++ drivers/xen/xen-balloon.c | 2 fs/btrfs/dev-replace.c | 6 + fs/btrfs/extent-tree.c | 2 fs/btrfs/relocation.c | 23 ++-- fs/btrfs/volumes.c | 8 + fs/cifs/cifs_debug.c | 8 + fs/cifs/smb2misc.c | 7 + fs/cifs/smb2pdu.c | 2 fs/dcache.c | 3 fs/f2fs/data.c | 4 fs/fat/cache.c | 19 ++- fs/fat/fat.h | 5 fs/fat/fatent.c | 6 - fs/hfs/brec.c | 7 - fs/hfsplus/dir.c | 4 fs/hfsplus/super.c | 4 fs/nfs/nfs4proc.c | 2 fs/proc/kcore.c | 4 fs/reiserfs/reiserfs.h | 2 include/linux/pci_ids.h | 2 include/net/tcp.h | 4 include/uapi/linux/keyctl.h | 2 kernel/fork.c | 2 kernel/memremap.c | 11 +- kernel/sched/deadline.c | 11 -- lib/debugobjects.c | 7 - mm/fadvise.c | 8 + net/9p/trans_fd.c | 10 - net/9p/trans_virtio.c | 3 net/ipv4/tcp_ipv4.c | 6 + net/ipv4/tcp_minisocks.c | 3 net/ipv4/tcp_ulp.c | 2 net/ipv6/ip6_vti.c | 2 net/ipv6/netfilter/ip6t_rpfilter.c | 12 ++ net/netfilter/ipvs/ip_vs_core.c | 15 ++ net/netfilter/nf_conntrack_netlink.c | 26 +++- net/netfilter/nfnetlink_acct.c | 29 ++--- net/rds/ib_frmr.c | 1 net/sched/act_ife.c | 79 ++++++++------- net/sched/act_pedit.c | 18 ++- net/sched/cls_u32.c | 8 + net/sctp/proc.c | 4 net/sctp/socket.c | 22 ++-- net/sunrpc/auth_gss/gss_krb5_crypto.c | 12 +- net/tipc/socket.c | 2 net/tls/tls_main.c | 1 scripts/depmod.sh | 4 scripts/mod/modpost.c | 8 - security/keys/dh.c | 2 sound/soc/codecs/rt5677.c | 2 sound/soc/codecs/wm8994.c | 1 tools/perf/arch/powerpc/util/sym-handling.c | 4 tools/perf/util/namespaces.c | 3 tools/testing/selftests/powerpc/harness.c | 18 ++- 125 files changed, 811 insertions(+), 319 deletions(-) Aleh Filipovich (1): platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 Alexey Kodanev (1): vti6: remove !skb->ignore_df check from vti6_xmit() Andrey Ryabinin (1): mm/fadvise.c: fix signed overflow UBSAN complaint Anssi Hannula (1): net: macb: do not disable MDIO bus at open/close time Anthony Wong (1): r8169: add support for NCube 8168 network card Arnd Bergmann (4): reiserfs: change j_timestamp type to time64_t x86/mce: Add notifier_block forward declaration x86: kvm: avoid unused variable warning arm64: cpu_errata: include required headers Bart Van Assche (1): cfq: Suppress compiler warnings about comparisons Benno Evers (1): perf tools: Check for null when copying nsinfo. Breno Leitao (1): selftests/powerpc: Kill child processes on SIGINT Chao Yu (1): f2fs: fix to clear PG_checked flag in set_page_dirty() Chris Wilson (1): drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks" Cong Wang (4): act_ife: fix a potential use-after-free tipc: fix a missing rhashtable_walk_exit() act_ife: move tcfa_lock down to where necessary act_ife: fix a potential deadlock Dan Carpenter (2): powerpc: Fix size calculation using resource_size() scsi: aic94xx: fix an error code in aic94xx_init() Daniel Borkmann (1): tcp, ulp: add alias for all ulp modules Dave Young (1): HID: add quirk for another PIXART OEM mouse used by HP Davide Caratti (1): net/sched: act_pedit: fix dump of extended layered op Dexuan Cui (1): hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() Dmitry Torokhov (1): Input: do not use WARN() in input_alloc_absinfo() Doug Berger (1): net: bcmgenet: use MAC link status for fixed phy Eric Dumazet (1): ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state Ernesto A. Fernández (2): hfs: prevent crash on exit from failed search hfsplus: fix NULL dereference in hfsplus_lookup() Fabio Estevam (1): Revert "ARM: imx_v6_v7_defconfig: Select ULPI support" Florian Westphal (3): tcp: do not restart timewait timer on rst reception netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses netfilter: fix memory leaks on netlink_dump_start error Fredrik Schön (1): drm/i915: Increase LSPCON timeout Gal Pressman (1): RDMA/hns: Fix usage of bitmap allocation functions return values Greg Edwards (1): block: bvec_nr_vecs() returns value for wrong slab Greg Kroah-Hartman (1): Linux 4.14.70 Guenter Roeck (1): mfd: sm501: Set coherent_dma_mask when creating subdevices Gustavo A. R. Silva (1): ASoC: wm8994: Fix missing break in switch Hans de Goede (1): ACPI / scan: Initialize status to ACPI_STA_DEFAULT Ian Abbott (1): staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice Ido Schimmel (1): mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge Jakub Kicinski (1): nfp: wait for posted reconfigs when disabling the device James Morse (1): fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries James Zhu (2): drm/amdgpu: update tmr mc address drm/amdgpu:add tmr mc address into amdgpu_firmware_info Jan H. Schönherr (1): mm: Fix devm_memremap_pages() collision handling Jann Horn (1): fork: don't copy inconsistent signal handler state to child Jason Wang (1): vhost: correctly check the iova range when waking virtqueue Javier González (1): lightnvm: pblk: free padded entries in write buffer Jean-Philippe Brucker (1): net/9p: fix error path of p9_virtio_probe Jerome Brunet (1): pwm: meson: Fix mux clock names Jian Shen (1): net: hns3: Fix for phy link issue when using marvell phy driver Jim Mattson (1): kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 Joel Fernandes (Google) (1): debugobjects: Make stack check warning more informative John Pittman (1): dm kcopyd: avoid softlockup in run_complete_job Jonas Gorski (1): irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP Juergen Gross (2): x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear x86/xen: don't write ptes directly in 32-bit PV guests Junaid Shahid (1): kvm: x86: Set highest physical address bits in non-present/reserved SPTEs Kai-Heng Feng (1): drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 Kees Cook (1): net: sched: Fix memory exposure from short TCA_U32_SEL Laura Abbott (1): sunrpc: Don't use stack buffer with scatterlist Levin Du (1): clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 Likun Gao (3): drm/amdgpu:add new firmware id for VCN drm/amdgpu:add VCN support in PSP driver drm/amdgpu:add VCN booting with firmware loaded by PSP Luca Abeni (1): sched/deadline: Fix switching to -deadline Mahesh Salgaonkar (1): powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX. Manish Chopra (1): qlge: Fix netdev features configuration. Marc Zyngier (2): arm64: rockchip: Force CONFIG_PM on Rockchip systems ARM: rockchip: Force CONFIG_PM on Rockchip systems Martin Schwidefsky (1): s390/lib: use expoline for all bcr instructions Matthias Kaehlcke (1): ASoC: rt5677: Fix initialization of rt5677_of_match.data Michael Ellerman (2): powerpc/uaccess: Enable get_user(u64, *p) on 32-bit powerpc/64s: Make rfi_flush_fallback a little more robust Michael J. Ruhl (1): IB/hfi1: Invalid NUMA node information can cause a divide by zero Michel Dänzer (1): drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode Misono Tomohiro (1): btrfs: replace: Reset on-disk dev stats value after replace OGAWA Hirofumi (1): fat: validate ->i_start before using Philipp Rudo (1): s390/kdump: Fix memleak in nt_vmcoreinfo Qu Wenruo (3): btrfs: Exit gracefully when chunk map cannot be inserted to the tree btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized btrfs: Don't remove block group that still has pinned down bytes Ralf Goebel (1): iommu/omap: Fix cache flushes on L2 table entries Randy Dunlap (5): scripts: modpost: check memory allocation results platform/x86: intel_punit_ipc: fix build errors powerpc/platforms/85xx: fix t1042rdb_diu.c build errors & warning uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name kbuild: make missing $DEPMOD a Warning instead of an Error Rex Zhu (1): drm/amd/pp/Polaris12: Fix a chunk of registers missed to program Roger Pau Monne (1): xen/balloon: fix balloon initialization for PVH Dom0 Roger Quadros (1): usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during suspend/resume Ronnie Sahlberg (1): cifs: check if SMB2 PDU size has been padded and suppress the warning Sandipan Das (1): perf probe powerpc: Fix trace event post-processing Sean Christopherson (1): KVM: vmx: track host_state.loaded using a loaded_vmcs pointer Stefan Haberland (2): s390/dasd: fix hanging offline processing due to canceled worker s390/dasd: fix panic for failed online processing Stephen Hemminger (1): hv_netvsc: ignore devices that are not PCI Steve French (2): smb3: fix reset of bytes read and written stats SMB3: Number of requests sent should be displayed for SMB3 not just CIFS Suzuki K Poulose (3): virtio: pci-legacy: Validate queue pfn arm64: Fix mismatched cache line size detection arm64: Handle mismatched cache type Tan Hu (1): ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() Tetsuo Handa (2): hfsplus: don't return 0 when fill_super() failed fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() Thomas Petazzoni (1): PCI: mvebu: Fix I/O space end address calculation Tomas Bortoli (1): net/9p/trans_fd.c: fix race by holding the lock Tyler Hicks (2): irda: Fix memory leak caused by repeated binds of irda socket irda: Only insert new objects into the global database via setsockopt Vlad Buslov (1): net: sched: action_ife: take reference to meta module Wei Yongjun (1): NFSv4: Fix error handling in nfs4_sp4_select_mode() Xi Wang (1): net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero Xin Long (1): sctp: hold transport before accessing its asoc in sctp_transport_get_next YueHaibing (1): RDS: IB: fix 'passing zero to ERR_PTR()' warning

6 years, 9 months

1
1
0 0

Linux 4.9.127

by Greg KH

I'm announcing the release of the 4.9.127 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/configs/imx_v6_v7_defconfig | 2 arch/arm/mach-rockchip/Kconfig | 1 arch/arm64/Kconfig.platforms | 1 arch/arm64/include/asm/cachetype.h | 5 + arch/arm64/include/asm/cpucaps.h | 3 arch/arm64/kernel/cpu_errata.c | 24 ++++++- arch/arm64/kernel/cpufeature.c | 4 - arch/powerpc/platforms/pseries/ras.c | 2 arch/powerpc/sysdev/mpic_msgr.c | 2 arch/s390/kernel/crash_dump.c | 17 +++-- arch/s390/lib/mem.S | 9 +- arch/x86/include/asm/pgtable-3level.h | 7 -- arch/x86/include/asm/pgtable.h | 2 block/bio.c | 2 drivers/acpi/scan.c | 5 - drivers/clk/rockchip/clk-rk3399.c | 1 drivers/gpu/drm/drm_edid.c | 3 drivers/infiniband/hw/hns/hns_roce_pd.c | 2 drivers/infiniband/hw/hns/hns_roce_qp.c | 5 + drivers/irqchip/irq-bcm7038-l1.c | 4 + drivers/md/dm-kcopyd.c | 2 drivers/mfd/sm501.c | 1 drivers/misc/mei/pci-me.c | 5 + drivers/net/ethernet/broadcom/genet/bcmgenet.h | 3 drivers/net/ethernet/broadcom/genet/bcmmii.c | 10 ++- drivers/net/ethernet/cisco/enic/enic_main.c | 2 drivers/net/ethernet/qlogic/qlge/qlge_main.c | 23 ++----- drivers/net/ethernet/realtek/r8169.c | 1 drivers/net/hyperv/netvsc_drv.c | 5 + drivers/pci/host/pci-mvebu.c | 2 drivers/platform/x86/asus-nb-wmi.c | 1 drivers/platform/x86/intel_punit_ipc.c | 1 drivers/s390/block/dasd_eckd.c | 10 ++- drivers/scsi/aic94xx/aic94xx_init.c | 4 - drivers/staging/comedi/drivers/ni_mio_common.c | 3 drivers/vhost/vhost.c | 2 drivers/virtio/virtio_pci_legacy.c | 14 +++- fs/btrfs/dev-replace.c | 6 + fs/btrfs/disk-io.c | 10 +-- fs/btrfs/extent-tree.c | 2 fs/btrfs/relocation.c | 23 +++---- fs/cifs/cifs_debug.c | 8 ++ fs/cifs/smb2misc.c | 7 ++ fs/cifs/smb2pdu.c | 2 fs/dcache.c | 3 fs/fat/cache.c | 19 +++--- fs/fat/fat.h | 5 + fs/fat/fatent.c | 6 - fs/hfs/brec.c | 7 +- fs/hfsplus/dir.c | 4 - fs/hfsplus/super.c | 4 - fs/reiserfs/reiserfs.h | 2 include/linux/pci_ids.h | 2 kernel/fork.c | 2 lib/debugobjects.c | 7 +- mm/fadvise.c | 8 +- mm/huge_memory.c | 2 net/9p/trans_fd.c | 10 +-- net/9p/trans_virtio.c | 3 net/ipv4/tcp_ipv4.c | 6 + net/ipv4/tcp_minisocks.c | 3 net/ipv4/tcp_probe.c | 4 - net/ipv6/ip6_vti.c | 2 net/irda/af_irda.c | 13 +++- net/netfilter/ipvs/ip_vs_core.c | 15 +++- net/rds/ib_frmr.c | 1 net/sched/act_ife.c | 79 ++++++++++++++----------- net/sched/cls_u32.c | 8 +- net/sched/sch_hhf.c | 3 net/sched/sch_htb.c | 5 - net/sched/sch_multiq.c | 9 -- net/sched/sch_netem.c | 4 - net/sched/sch_tbf.c | 5 - net/sctp/proc.c | 4 - net/sctp/socket.c | 22 ++++-- net/sunrpc/auth_gss/gss_krb5_crypto.c | 12 ++- scripts/depmod.sh | 4 - scripts/mod/modpost.c | 8 +- sound/soc/codecs/wm8994.c | 1 tools/perf/arch/powerpc/util/sym-handling.c | 4 - tools/testing/selftests/powerpc/harness.c | 18 +++-- 82 files changed, 375 insertions(+), 189 deletions(-) Aleh Filipovich (1): platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 Alexey Kodanev (1): vti6: remove !skb->ignore_df check from vti6_xmit() Andrey Ryabinin (1): mm/fadvise.c: fix signed overflow UBSAN complaint Anthony Wong (1): r8169: add support for NCube 8168 network card Arnd Bergmann (1): reiserfs: change j_timestamp type to time64_t Breno Leitao (1): selftests/powerpc: Kill child processes on SIGINT Chas Williams (1): Fixes: Commit 2aa6d036b716 ("mm: numa: avoid waiting on freed migrated pages") Cong Wang (3): act_ife: fix a potential use-after-free act_ife: move tcfa_lock down to where necessary act_ife: fix a potential deadlock Dan Carpenter (2): powerpc: Fix size calculation using resource_size() scsi: aic94xx: fix an error code in aic94xx_init() Doug Berger (1): net: bcmgenet: use MAC link status for fixed phy Eric Dumazet (2): ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state tcp: Revert "tcp: tcp_probe: use spin_lock_bh()" Ernesto A. Fernández (2): hfs: prevent crash on exit from failed search hfsplus: fix NULL dereference in hfsplus_lookup() Ethan Lien (1): btrfs: use correct compare function of dirty_metadata_bytes Fabio Estevam (1): Revert "ARM: imx_v6_v7_defconfig: Select ULPI support" Florian Westphal (1): tcp: do not restart timewait timer on rst reception Gal Pressman (1): RDMA/hns: Fix usage of bitmap allocation functions return values Govindarajulu Varadarajan (1): enic: do not call enic_change_mtu in enic_probe Greg Edwards (1): block: bvec_nr_vecs() returns value for wrong slab Greg Kroah-Hartman (1): Linux 4.9.127 Guenter Roeck (1): mfd: sm501: Set coherent_dma_mask when creating subdevices Gustavo A. R. Silva (1): ASoC: wm8994: Fix missing break in switch Hans de Goede (1): ACPI / scan: Initialize status to ACPI_STA_DEFAULT Ian Abbott (1): staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice Jann Horn (1): fork: don't copy inconsistent signal handler state to child Jason Wang (1): vhost: correctly check the iova range when waking virtqueue Jean-Philippe Brucker (1): net/9p: fix error path of p9_virtio_probe Joel Fernandes (Google) (1): debugobjects: Make stack check warning more informative John Pittman (1): dm kcopyd: avoid softlockup in run_complete_job Jonas Gorski (1): irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP Juergen Gross (1): x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear Kai-Heng Feng (1): drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 Kees Cook (1): net: sched: Fix memory exposure from short TCA_U32_SEL Laura Abbott (1): sunrpc: Don't use stack buffer with scatterlist Levin Du (1): clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 Mahesh Salgaonkar (1): powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX. Manish Chopra (1): qlge: Fix netdev features configuration. Marc Zyngier (2): arm64: rockchip: Force CONFIG_PM on Rockchip systems ARM: rockchip: Force CONFIG_PM on Rockchip systems Martin Schwidefsky (1): s390/lib: use expoline for all bcr instructions Michal Hocko (1): x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Misono Tomohiro (1): btrfs: replace: Reset on-disk dev stats value after replace Nikolay Aleksandrov (5): sch_htb: fix crash on init failure sch_multiq: fix double free on init failure sch_hhf: fix null pointer dereference on init failure sch_netem: avoid null pointer deref on init failure sch_tbf: fix two null pointer dereferences on init failure OGAWA Hirofumi (1): fat: validate ->i_start before using Philipp Rudo (1): s390/kdump: Fix memleak in nt_vmcoreinfo Qu Wenruo (2): btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized btrfs: Don't remove block group that still has pinned down bytes Randy Dunlap (3): scripts: modpost: check memory allocation results platform/x86: intel_punit_ipc: fix build errors kbuild: make missing $DEPMOD a Warning instead of an Error Ronnie Sahlberg (1): cifs: check if SMB2 PDU size has been padded and suppress the warning Sandipan Das (1): perf probe powerpc: Fix trace event post-processing Stefan Haberland (2): s390/dasd: fix hanging offline processing due to canceled worker s390/dasd: fix panic for failed online processing Stephen Hemminger (1): hv_netvsc: ignore devices that are not PCI Steve French (2): smb3: fix reset of bytes read and written stats SMB3: Number of requests sent should be displayed for SMB3 not just CIFS Suzuki K Poulose (3): virtio: pci-legacy: Validate queue pfn arm64: Fix mismatched cache line size detection arm64: Handle mismatched cache type Tan Hu (1): ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() Tetsuo Handa (2): hfsplus: don't return 0 when fill_super() failed fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() Thomas Petazzoni (1): PCI: mvebu: Fix I/O space end address calculation Tomas Bortoli (1): net/9p/trans_fd.c: fix race by holding the lock Tomas Winkler (1): mei: me: allow runtime pm for platform with D0i3 Tyler Hicks (2): irda: Fix memory leak caused by repeated binds of irda socket irda: Only insert new objects into the global database via setsockopt Vlad Buslov (1): net: sched: action_ife: take reference to meta module Xin Long (1): sctp: hold transport before accessing its asoc in sctp_transport_get_next YueHaibing (1): RDS: IB: fix 'passing zero to ERR_PTR()' warning

6 years, 9 months

1
1
0 0

Linux 4.4.156

by Greg KH

I'm announcing the release of the 4.4.156 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/configs/imx_v6_v7_defconfig | 2 arch/arm/include/asm/arch_gicv3.h | 1 arch/powerpc/platforms/pseries/ras.c | 2 arch/powerpc/sysdev/mpic_msgr.c | 2 arch/s390/lib/mem.S | 9 +- arch/x86/include/asm/pgtable-3level.h | 7 - arch/x86/include/asm/pgtable.h | 2 drivers/irqchip/irq-bcm7038-l1.c | 4 + drivers/irqchip/irq-gic-v3-its.c | 34 +++++---- drivers/irqchip/irq-gic.c | 2 drivers/md/dm-kcopyd.c | 2 drivers/mfd/sm501.c | 1 drivers/misc/mei/pci-me.c | 5 + drivers/net/ethernet/broadcom/genet/bcmgenet.h | 3 drivers/net/ethernet/broadcom/genet/bcmmii.c | 10 ++ drivers/net/ethernet/cisco/enic/enic_main.c | 2 drivers/net/ethernet/qlogic/qlge/qlge_main.c | 23 ++---- drivers/pci/host/pci-mvebu.c | 2 drivers/platform/x86/asus-nb-wmi.c | 1 drivers/s390/block/dasd_eckd.c | 7 + drivers/scsi/aic94xx/aic94xx_init.c | 4 - drivers/staging/android/ion/ion.c | 60 +++++++++------- drivers/staging/comedi/drivers/ni_mio_common.c | 3 fs/btrfs/dev-replace.c | 6 + fs/btrfs/disk-io.c | 10 +- fs/btrfs/extent-tree.c | 2 fs/btrfs/relocation.c | 23 +++--- fs/cifs/cifs_debug.c | 8 ++ fs/cifs/smb2misc.c | 7 + fs/cifs/smb2pdu.c | 2 fs/dcache.c | 3 fs/fat/cache.c | 19 +++-- fs/fat/fat.h | 5 + fs/fat/fatent.c | 6 - fs/hfs/brec.c | 7 + fs/hfsplus/dir.c | 4 - fs/hfsplus/super.c | 4 - fs/overlayfs/copy_up.c | 26 ------ fs/overlayfs/dir.c | 67 +----------------- fs/overlayfs/overlayfs.h | 3 fs/overlayfs/readdir.c | 93 +++++++++++++++++++------ fs/overlayfs/super.c | 20 ++++- fs/reiserfs/reiserfs.h | 2 kernel/fork.c | 2 kernel/irq/chip.c | 8 +- lib/debugobjects.c | 7 + mm/fadvise.c | 8 +- mm/huge_memory.c | 2 net/9p/trans_virtio.c | 3 net/ipv4/tcp_minisocks.c | 3 net/ipv6/ip6_vti.c | 2 net/irda/af_irda.c | 13 +++ net/netfilter/ipvs/ip_vs_core.c | 15 ++-- net/sched/sch_hhf.c | 3 net/sched/sch_htb.c | 5 - net/sched/sch_multiq.c | 9 -- net/sched/sch_netem.c | 4 - net/sched/sch_tbf.c | 5 - scripts/depmod.sh | 4 - scripts/mod/modpost.c | 8 +- sound/soc/codecs/wm8994.c | 1 tools/testing/selftests/powerpc/harness.c | 18 +++- 63 files changed, 368 insertions(+), 259 deletions(-) Aleh Filipovich (1): platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 Alexey Kodanev (1): vti6: remove !skb->ignore_df check from vti6_xmit() Andrey Ryabinin (1): mm/fadvise.c: fix signed overflow UBSAN complaint Antonio Murdaca (1): ovl: override creds with the ones from the superblock mounter Arnd Bergmann (1): reiserfs: change j_timestamp type to time64_t Breno Leitao (1): selftests/powerpc: Kill child processes on SIGINT Chas Williams (1): Fixes: Commit cdbf92675fad ("mm: numa: avoid waiting on freed migrated pages") Dan Carpenter (2): powerpc: Fix size calculation using resource_size() scsi: aic94xx: fix an error code in aic94xx_init() Doug Berger (1): net: bcmgenet: use MAC link status for fixed phy Ernesto A. Fernández (2): hfs: prevent crash on exit from failed search hfsplus: fix NULL dereference in hfsplus_lookup() Ethan Lien (1): btrfs: use correct compare function of dirty_metadata_bytes Fabio Estevam (1): Revert "ARM: imx_v6_v7_defconfig: Select ULPI support" Florian Westphal (1): tcp: do not restart timewait timer on rst reception Govindarajulu Varadarajan (1): enic: do not call enic_change_mtu in enic_probe Greg Hackmann (1): staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free Greg Kroah-Hartman (1): Linux 4.4.156 Guenter Roeck (1): mfd: sm501: Set coherent_dma_mask when creating subdevices Gustavo A. R. Silva (1): ASoC: wm8994: Fix missing break in switch Ian Abbott (1): staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice Jann Horn (1): fork: don't copy inconsistent signal handler state to child Jean-Philippe Brucker (1): net/9p: fix error path of p9_virtio_probe Joel Fernandes (Google) (1): debugobjects: Make stack check warning more informative John Pittman (1): dm kcopyd: avoid softlockup in run_complete_job Jonas Gorski (1): irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP Juergen Gross (1): x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear Mahesh Salgaonkar (1): powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX. Manish Chopra (1): qlge: Fix netdev features configuration. Marc Zyngier (3): irqchip/gic-v3-its: Recompute the number of pages on page size change irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar() irqchip/gic: Make interrupt ID 1020 invalid Martin Schwidefsky (1): s390/lib: use expoline for all bcr instructions Michal Hocko (1): x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Miklos Szeredi (2): ovl: rename is_merge to is_lowest ovl: proper cleanup of workdir Misono Tomohiro (1): btrfs: replace: Reset on-disk dev stats value after replace Nikolay Aleksandrov (5): sch_htb: fix crash on init failure sch_multiq: fix double free on init failure sch_hhf: fix null pointer dereference on init failure sch_netem: avoid null pointer deref on init failure sch_tbf: fix two null pointer dereferences on init failure OGAWA Hirofumi (1): fat: validate ->i_start before using Qu Wenruo (2): btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized btrfs: Don't remove block group that still has pinned down bytes Randy Dunlap (2): scripts: modpost: check memory allocation results kbuild: make missing $DEPMOD a Warning instead of an Error Ronnie Sahlberg (1): cifs: check if SMB2 PDU size has been padded and suppress the warning Shanker Donthineni (2): irqchip/gicv3-its: Fix memory leak in its_free_tables() irqchip/gicv3-its: Avoid cache flush beyond ITS_BASERn memory size Stefan Haberland (1): s390/dasd: fix hanging offline processing due to canceled worker Steve French (2): smb3: fix reset of bytes read and written stats SMB3: Number of requests sent should be displayed for SMB3 not just CIFS Sudeep Holla (1): genirq: Delay incrementing interrupt count if it's disabled/pending Tan Hu (1): ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() Tetsuo Handa (2): hfsplus: don't return 0 when fill_super() failed fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() Thomas Petazzoni (1): PCI: mvebu: Fix I/O space end address calculation Tomas Winkler (1): mei: me: allow runtime pm for platform with D0i3 Tyler Hicks (2): irda: Fix memory leak caused by repeated binds of irda socket irda: Only insert new objects into the global database via setsockopt

6 years, 9 months

1
1
0 0

[PATCH 4.14 000/115] 4.14.70-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.70 release. There are 115 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Sep 15 13:17:48 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.70-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.70-rc1 Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: Handle mismatched cache type Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: Fix mismatched cache line size detection Gustavo A. R. Silva <gustavo(a)embeddedor.com> ASoC: wm8994: Fix missing break in switch Arnd Bergmann <arnd(a)arndb.de> arm64: cpu_errata: include required headers Arnd Bergmann <arnd(a)arndb.de> x86: kvm: avoid unused variable warning Junaid Shahid <junaids(a)google.com> kvm: x86: Set highest physical address bits in non-present/reserved SPTEs Fabio Estevam <fabio.estevam(a)nxp.com> Revert "ARM: imx_v6_v7_defconfig: Select ULPI support" Tyler Hicks <tyhicks(a)canonical.com> irda: Only insert new objects into the global database via setsockopt Tyler Hicks <tyhicks(a)canonical.com> irda: Fix memory leak caused by repeated binds of irda socket Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/lib: use expoline for all bcr instructions Randy Dunlap <rdunlap(a)infradead.org> kbuild: make missing $DEPMOD a Warning instead of an Error Fredrik Schön <fredrikschon(a)gmail.com> drm/i915: Increase LSPCON timeout Juergen Gross <jgross(a)suse.com> x86/xen: don't write ptes directly in 32-bit PV guests Juergen Gross <jgross(a)suse.com> x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear Roger Quadros <rogerq(a)ti.com> usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during suspend/resume Dave Young <dyoung(a)redhat.com> HID: add quirk for another PIXART OEM mouse used by HP Jan H. Schönherr <jschoenh(a)amazon.de> mm: Fix devm_memremap_pages() collision handling Javier González <javier(a)cnexlabs.com> lightnvm: pblk: free padded entries in write buffer Luca Abeni <luca.abeni(a)santannapisa.it> sched/deadline: Fix switching to -deadline Joel Fernandes (Google) <joel(a)joelfernandes.org> debugobjects: Make stack check warning more informative Randy Dunlap <rdunlap(a)infradead.org> uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name Likun Gao <Likun.Gao(a)amd.com> drm/amdgpu:add VCN booting with firmware loaded by PSP Likun Gao <Likun.Gao(a)amd.com> drm/amdgpu:add VCN support in PSP driver Likun Gao <Likun.Gao(a)amd.com> drm/amdgpu:add new firmware id for VCN James Zhu <jzhums(a)gmail.com> drm/amdgpu:add tmr mc address into amdgpu_firmware_info James Zhu <jzhums(a)gmail.com> drm/amdgpu: update tmr mc address Kai-Heng Feng <kai.heng.feng(a)canonical.com> drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 Rex Zhu <rex.zhu(a)amd.com> drm/amd/pp/Polaris12: Fix a chunk of registers missed to program Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks" Marc Zyngier <marc.zyngier(a)arm.com> ARM: rockchip: Force CONFIG_PM on Rockchip systems Marc Zyngier <marc.zyngier(a)arm.com> arm64: rockchip: Force CONFIG_PM on Rockchip systems Qu Wenruo <wqu(a)suse.com> btrfs: Don't remove block group that still has pinned down bytes Qu Wenruo <wqu(a)suse.com> btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized Misono Tomohiro <misono.tomohiro(a)jp.fujitsu.com> btrfs: replace: Reset on-disk dev stats value after replace Qu Wenruo <wqu(a)suse.com> btrfs: Exit gracefully when chunk map cannot be inserted to the tree Jim Mattson <jmattson(a)google.com> kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: vmx: track host_state.loaded using a loaded_vmcs pointer Levin Du <djw(a)t-chip.com.cn> clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 Mahesh Salgaonkar <mahesh(a)linux.vnet.ibm.com> powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX. Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Make rfi_flush_fallback a little more robust Randy Dunlap <rdunlap(a)infradead.org> powerpc/platforms/85xx: fix t1042rdb_diu.c build errors & warning Steve French <stfrench(a)microsoft.com> SMB3: Number of requests sent should be displayed for SMB3 not just CIFS Steve French <stfrench(a)microsoft.com> smb3: fix reset of bytes read and written stats Bart Van Assche <bart.vanassche(a)wdc.com> cfq: Suppress compiler warnings about comparisons YueHaibing <yuehaibing(a)huawei.com> RDS: IB: fix 'passing zero to ERR_PTR()' warning Breno Leitao <leitao(a)debian.org> selftests/powerpc: Kill child processes on SIGINT Ralf Goebel <ralf.goebel(a)imago-technologies.com> iommu/omap: Fix cache flushes on L2 table entries Matthias Kaehlcke <mka(a)chromium.org> ASoC: rt5677: Fix initialization of rt5677_of_match.data Ian Abbott <abbotti(a)mev.co.uk> staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice John Pittman <jpittman(a)redhat.com> dm kcopyd: avoid softlockup in run_complete_job Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> PCI: mvebu: Fix I/O space end address calculation Roger Pau Monne <roger.pau(a)citrix.com> xen/balloon: fix balloon initialization for PVH Dom0 Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: do not use WARN() in input_alloc_absinfo() Wei Yongjun <weiyongjun1(a)huawei.com> NFSv4: Fix error handling in nfs4_sp4_select_mode() Dan Carpenter <dan.carpenter(a)oracle.com> scsi: aic94xx: fix an error code in aic94xx_init() Hans de Goede <hdegoede(a)redhat.com> ACPI / scan: Initialize status to ACPI_STA_DEFAULT Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix panic for failed online processing Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix hanging offline processing due to canceled worker Greg Edwards <gedwards(a)ddn.com> block: bvec_nr_vecs() returns value for wrong slab Sandipan Das <sandipan(a)linux.ibm.com> perf probe powerpc: Fix trace event post-processing Dan Carpenter <dan.carpenter(a)oracle.com> powerpc: Fix size calculation using resource_size() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/uaccess: Enable get_user(u64, *p) on 32-bit Chao Yu <yuchao0(a)huawei.com> f2fs: fix to clear PG_checked flag in set_page_dirty() Jean-Philippe Brucker <jean-philippe.brucker(a)arm.com> net/9p: fix error path of p9_virtio_probe Tomas Bortoli <tomasbortoli(a)gmail.com> net/9p/trans_fd.c: fix race by holding the lock Jonas Gorski <jonas.gorski(a)gmail.com> irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP Benno Evers <bevers(a)mesosphere.com> perf tools: Check for null when copying nsinfo. Jian Shen <shenjian15(a)huawei.com> net: hns3: Fix for phy link issue when using marvell phy driver Xi Wang <wangxi11(a)huawei.com> net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero Gal Pressman <pressmangal(a)gmail.com> RDMA/hns: Fix usage of bitmap allocation functions return values Daniel Borkmann <daniel(a)iogearbox.net> tcp, ulp: add alias for all ulp modules Florian Westphal <fw(a)strlen.de> netfilter: fix memory leaks on netlink_dump_start error Aleh Filipovich <aleh(a)vaolix.com> platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 Guenter Roeck <linux(a)roeck-us.net> mfd: sm501: Set coherent_dma_mask when creating subdevices Tan Hu <tan.hu(a)zte.com.cn> ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() Philipp Rudo <prudo(a)linux.ibm.com> s390/kdump: Fix memleak in nt_vmcoreinfo Florian Westphal <fw(a)strlen.de> netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses Randy Dunlap <rdunlap(a)infradead.org> platform/x86: intel_punit_ipc: fix build errors Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() Andrey Ryabinin <aryabinin(a)virtuozzo.com> mm/fadvise.c: fix signed overflow UBSAN complaint Jerome Brunet <jbrunet(a)baylibre.com> pwm: meson: Fix mux clock names Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Invalid NUMA node information can cause a divide by zero Arnd Bergmann <arnd(a)arndb.de> x86/mce: Add notifier_block forward declaration Suzuki K Poulose <suzuki.poulose(a)arm.com> virtio: pci-legacy: Validate queue pfn Randy Dunlap <rdunlap(a)infradead.org> scripts: modpost: check memory allocation results OGAWA Hirofumi <hirofumi(a)mail.parknet.co.jp> fat: validate ->i_start before using James Morse <james.morse(a)arm.com> fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries Ernesto A. Fernández <ernesto.mnd.fernandez(a)gmail.com> hfsplus: fix NULL dereference in hfsplus_lookup() Arnd Bergmann <arnd(a)arndb.de> reiserfs: change j_timestamp type to time64_t Jann Horn <jannh(a)google.com> fork: don't copy inconsistent signal handler state to child Laura Abbott <labbott(a)redhat.com> sunrpc: Don't use stack buffer with scatterlist Ernesto A. Fernández <ernesto.mnd.fernandez(a)gmail.com> hfs: prevent crash on exit from failed search Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: don't return 0 when fill_super() failed Ronnie Sahlberg <lsahlber(a)redhat.com> cifs: check if SMB2 PDU size has been padded and suppress the warning Vlad Buslov <vladbu(a)mellanox.com> net: sched: action_ife: take reference to meta module Cong Wang <xiyou.wangcong(a)gmail.com> act_ife: fix a potential deadlock Cong Wang <xiyou.wangcong(a)gmail.com> act_ife: move tcfa_lock down to where necessary Dexuan Cui <decui(a)microsoft.com> hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: ignore devices that are not PCI Jason Wang <jasowang(a)redhat.com> vhost: correctly check the iova range when waking virtqueue Ido Schimmel <idosch(a)mellanox.com> mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge Xin Long <lucien.xin(a)gmail.com> sctp: hold transport before accessing its asoc in sctp_transport_get_next Jakub Kicinski <jakub.kicinski(a)netronome.com> nfp: wait for posted reconfigs when disabling the device Cong Wang <xiyou.wangcong(a)gmail.com> tipc: fix a missing rhashtable_walk_exit() Davide Caratti <dcaratti(a)redhat.com> net/sched: act_pedit: fix dump of extended layered op Alexey Kodanev <alexey.kodanev(a)oracle.com> vti6: remove !skb->ignore_df check from vti6_xmit() Florian Westphal <fw(a)strlen.de> tcp: do not restart timewait timer on rst reception Anthony Wong <anthony.wong(a)ubuntu.com> r8169: add support for NCube 8168 network card Manish Chopra <manish.chopra(a)cavium.com> qlge: Fix netdev features configuration. Kees Cook <keescook(a)chromium.org> net: sched: Fix memory exposure from short TCA_U32_SEL Anssi Hannula <anssi.hannula(a)bitwise.fi> net: macb: do not disable MDIO bus at open/close time Doug Berger <opendmb(a)gmail.com> net: bcmgenet: use MAC link status for fixed phy Eric Dumazet <edumazet(a)google.com> ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state Cong Wang <xiyou.wangcong(a)gmail.com> act_ife: fix a potential use-after-free ------------- Diffstat: Makefile | 4 +- arch/arm/configs/imx_v6_v7_defconfig | 2 - arch/arm/mach-rockchip/Kconfig | 1 + arch/arm64/Kconfig.platforms | 1 + arch/arm64/include/asm/cache.h | 5 ++ arch/arm64/include/asm/cpucaps.h | 3 +- arch/arm64/kernel/cpu_errata.c | 25 +++++-- arch/arm64/kernel/cpufeature.c | 4 +- arch/powerpc/include/asm/uaccess.h | 13 +++- arch/powerpc/kernel/exceptions-64s.S | 6 ++ arch/powerpc/platforms/85xx/t1042rdb_diu.c | 4 ++ arch/powerpc/platforms/pseries/ras.c | 2 +- arch/powerpc/sysdev/mpic_msgr.c | 2 +- arch/s390/kernel/crash_dump.c | 17 +++-- arch/s390/lib/mem.S | 12 ++-- arch/x86/include/asm/mce.h | 1 + arch/x86/include/asm/pgtable-3level.h | 7 +- arch/x86/kvm/mmu.c | 43 ++++++++++-- arch/x86/kvm/vmx.c | 26 ++++--- arch/x86/kvm/x86.c | 12 ++-- arch/x86/xen/mmu_pv.c | 7 +- block/bio.c | 2 +- block/cfq-iosched.c | 22 +++--- drivers/acpi/scan.c | 5 +- drivers/clk/rockchip/clk-rk3399.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h | 4 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 17 +++-- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/psp_v10_0.c | 3 + drivers/gpu/drm/amd/amdgpu/vcn_v1_0.c | 40 ++++++++--- .../gpu/drm/amd/powerplay/hwmgr/smu7_powertune.c | 43 ++++++++++++ drivers/gpu/drm/drm_edid.c | 3 + drivers/gpu/drm/i915/intel_lpe_audio.c | 4 +- drivers/gpu/drm/i915/intel_lspcon.c | 2 +- drivers/hid/hid-ids.h | 1 + drivers/hid/usbhid/hid-quirks.c | 1 + drivers/infiniband/hw/hfi1/affinity.c | 24 ++++++- drivers/infiniband/hw/hns/hns_roce_pd.c | 2 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 5 +- drivers/input/input.c | 16 +++-- drivers/iommu/omap-iommu.c | 4 +- drivers/irqchip/irq-bcm7038-l1.c | 4 ++ drivers/lightnvm/pblk-core.c | 1 - drivers/lightnvm/pblk-write.c | 7 +- drivers/md/dm-kcopyd.c | 2 + drivers/mfd/sm501.c | 1 + drivers/net/ethernet/broadcom/genet/bcmgenet.h | 3 + drivers/net/ethernet/broadcom/genet/bcmmii.c | 10 ++- drivers/net/ethernet/cadence/macb_main.c | 9 ++- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 2 + drivers/net/ethernet/mellanox/mlxsw/spectrum.h | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 11 +++ .../ethernet/mellanox/mlxsw/spectrum_switchdev.c | 20 ++++++ .../net/ethernet/netronome/nfp/nfp_net_common.c | 48 +++++++++---- drivers/net/ethernet/qlogic/qlge/qlge_main.c | 23 +++---- drivers/net/ethernet/realtek/r8169.c | 1 + drivers/net/hyperv/netvsc_drv.c | 16 ++++- drivers/pci/host/pci-mvebu.c | 2 +- drivers/platform/x86/asus-nb-wmi.c | 1 + drivers/platform/x86/intel_punit_ipc.c | 1 + drivers/pwm/pwm-meson.c | 3 +- drivers/s390/block/dasd_eckd.c | 10 ++- drivers/scsi/aic94xx/aic94xx_init.c | 4 +- drivers/staging/comedi/drivers/ni_mio_common.c | 3 +- drivers/staging/irda/net/af_irda.c | 13 +++- drivers/usb/dwc3/core.c | 47 ++++++++++--- drivers/usb/dwc3/core.h | 5 ++ drivers/vhost/vhost.c | 2 +- drivers/virtio/virtio_pci_legacy.c | 14 +++- drivers/xen/xen-balloon.c | 2 +- fs/btrfs/dev-replace.c | 6 ++ fs/btrfs/extent-tree.c | 2 +- fs/btrfs/relocation.c | 23 ++++--- fs/btrfs/volumes.c | 8 ++- fs/cifs/cifs_debug.c | 8 +++ fs/cifs/smb2misc.c | 7 ++ fs/cifs/smb2pdu.c | 2 +- fs/dcache.c | 3 +- fs/f2fs/data.c | 4 ++ fs/fat/cache.c | 19 ++++-- fs/fat/fat.h | 5 ++ fs/fat/fatent.c | 6 +- fs/hfs/brec.c | 7 +- fs/hfsplus/dir.c | 4 +- fs/hfsplus/super.c | 4 +- fs/nfs/nfs4proc.c | 2 +- fs/proc/kcore.c | 4 +- fs/reiserfs/reiserfs.h | 2 +- include/linux/pci_ids.h | 2 + include/net/tcp.h | 4 ++ include/uapi/linux/keyctl.h | 2 +- kernel/fork.c | 2 + kernel/memremap.c | 11 +-- kernel/sched/deadline.c | 11 ++- lib/debugobjects.c | 7 +- mm/fadvise.c | 8 ++- net/9p/trans_fd.c | 10 +-- net/9p/trans_virtio.c | 3 +- net/ipv4/tcp_ipv4.c | 6 ++ net/ipv4/tcp_minisocks.c | 3 +- net/ipv4/tcp_ulp.c | 2 +- net/ipv6/ip6_vti.c | 2 +- net/ipv6/netfilter/ip6t_rpfilter.c | 12 +++- net/netfilter/ipvs/ip_vs_core.c | 15 ++-- net/netfilter/nf_conntrack_netlink.c | 26 ++++--- net/netfilter/nfnetlink_acct.c | 29 ++++---- net/rds/ib_frmr.c | 1 + net/sched/act_ife.c | 79 ++++++++++++---------- net/sched/act_pedit.c | 18 +++-- net/sched/cls_u32.c | 8 ++- net/sctp/proc.c | 4 -- net/sctp/socket.c | 22 ++++-- net/sunrpc/auth_gss/gss_krb5_crypto.c | 12 +++- net/tipc/socket.c | 2 + net/tls/tls_main.c | 1 + scripts/depmod.sh | 4 +- scripts/mod/modpost.c | 8 +-- security/keys/dh.c | 2 +- sound/soc/codecs/rt5677.c | 2 +- sound/soc/codecs/wm8994.c | 1 + tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/perf/util/namespaces.c | 3 + tools/testing/selftests/powerpc/harness.c | 18 +++-- 125 files changed, 812 insertions(+), 320 deletions(-)

6 years, 9 months

7
127
0 0

[PATCH AUTOSEL 3.18 01/11] binfmt_elf: Respect error return from `regset->active'

by Sasha Levin

From: "Maciej W. Rozycki" <macro(a)mips.com> [ Upstream commit 2f819db565e82e5f73cd42b39925098986693378 ] The regset API documented in <linux/regset.h> defines -ENODEV as the result of the `->active' handler to be used where the feature requested is not available on the hardware found. However code handling core file note generation in `fill_thread_core_info' interpretes any non-zero result from the `->active' handler as the regset requested being active. Consequently processing continues (and hopefully gracefully fails later on) rather than being abandoned right away for the regset requested. Fix the problem then by making the code proceed only if a positive result is returned from the `->active' handler. Signed-off-by: Maciej W. Rozycki <macro(a)mips.com> Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 4206d3aa1978 ("elf core dump: notes user_regset") Patchwork: https://patchwork.linux-mips.org/patch/19332/ Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-fsdevel(a)vger.kernel.org Cc: linux-mips(a)linux-mips.org Cc: linux-kernel(a)vger.kernel.org Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/binfmt_elf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index e39fe28f1ea0..c3b57886b5bc 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1552,7 +1552,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t, const struct user_regset *regset = &view->regsets[i]; do_thread_regset_writeback(t->task, regset); if (regset->core_note_type && regset->get && - (!regset->active || regset->active(t->task, regset))) { + (!regset->active || regset->active(t->task, regset) > 0)) { int ret; size_t size = regset->n * regset->size; void *data = kmalloc(size, GFP_KERNEL); -- 2.17.1

6 years, 9 months

1
10
0 0

[PATCH AUTOSEL 4.4 01/20] binfmt_elf: Respect error return from `regset->active'

by Sasha Levin

From: "Maciej W. Rozycki" <macro(a)mips.com> [ Upstream commit 2f819db565e82e5f73cd42b39925098986693378 ] The regset API documented in <linux/regset.h> defines -ENODEV as the result of the `->active' handler to be used where the feature requested is not available on the hardware found. However code handling core file note generation in `fill_thread_core_info' interpretes any non-zero result from the `->active' handler as the regset requested being active. Consequently processing continues (and hopefully gracefully fails later on) rather than being abandoned right away for the regset requested. Fix the problem then by making the code proceed only if a positive result is returned from the `->active' handler. Signed-off-by: Maciej W. Rozycki <macro(a)mips.com> Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 4206d3aa1978 ("elf core dump: notes user_regset") Patchwork: https://patchwork.linux-mips.org/patch/19332/ Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-fsdevel(a)vger.kernel.org Cc: linux-mips(a)linux-mips.org Cc: linux-kernel(a)vger.kernel.org Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/binfmt_elf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index f44e93d2650d..62bc72001fce 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1707,7 +1707,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t, const struct user_regset *regset = &view->regsets[i]; do_thread_regset_writeback(t->task, regset); if (regset->core_note_type && regset->get && - (!regset->active || regset->active(t->task, regset))) { + (!regset->active || regset->active(t->task, regset) > 0)) { int ret; size_t size = regset->n * regset->size; void *data = kmalloc(size, GFP_KERNEL); -- 2.17.1

6 years, 9 months

1
19
0 0

[PATCH AUTOSEL 4.14 01/57] binfmt_elf: Respect error return from `regset->active'

by Sasha Levin

From: "Maciej W. Rozycki" <macro(a)mips.com> [ Upstream commit 2f819db565e82e5f73cd42b39925098986693378 ] The regset API documented in <linux/regset.h> defines -ENODEV as the result of the `->active' handler to be used where the feature requested is not available on the hardware found. However code handling core file note generation in `fill_thread_core_info' interpretes any non-zero result from the `->active' handler as the regset requested being active. Consequently processing continues (and hopefully gracefully fails later on) rather than being abandoned right away for the regset requested. Fix the problem then by making the code proceed only if a positive result is returned from the `->active' handler. Signed-off-by: Maciej W. Rozycki <macro(a)mips.com> Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 4206d3aa1978 ("elf core dump: notes user_regset") Patchwork: https://patchwork.linux-mips.org/patch/19332/ Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-fsdevel(a)vger.kernel.org Cc: linux-mips(a)linux-mips.org Cc: linux-kernel(a)vger.kernel.org Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/binfmt_elf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index c0e3f91e28e9..469666df91da 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1725,7 +1725,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t, const struct user_regset *regset = &view->regsets[i]; do_thread_regset_writeback(t->task, regset); if (regset->core_note_type && regset->get && - (!regset->active || regset->active(t->task, regset))) { + (!regset->active || regset->active(t->task, regset) > 0)) { int ret; size_t size = regset->n * regset->size; void *data = kmalloc(size, GFP_KERNEL); -- 2.17.1

6 years, 9 months

1
56
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit c0305995d3676c8f7764eb79a7f99de8d18c591a: Linux 3.18.122 (2018-09-09 20:07:57 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-14092018 for you to fetch changes up to e4c98cce78e482450a6e2e1c8deaca6298c357e7: MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON (2018-09-14 13:55:22 -0400) - ---------------------------------------------------------------- for-greg-3.18-14092018 - ---------------------------------------------------------------- Anton Vasilyev (3): tty: rocket: Fix possible buffer overwrite on register_PCI scsi: 3ware: fix return 0 on the error path of probe gpio: ml-ioh: Fix buffer underwrite on probe error path BingJing Chang (1): md/raid5: fix data corruption of replacements after originals dropped Chao Yu (1): f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize Dan Carpenter (1): uio: potential double frees if __uio_register_device() fails Finn Thain (1): macintosh/via-pmu: Add missing mmio accessors Joerg Roedel (2): x86/mm: Remove in_nmi() warning from vmalloc_fault() x86/kexec: Allocate 8k PGDs for PTI Johan Hedberg (1): Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV Marcel Holtmann (1): Bluetooth: hidp: Fix handling of strncpy for hid->name information Mauricio Faria de Oliveira (2): partitions/aix: append null character to print data from disk partitions/aix: fix usage of uninitialized lv_info and lvname structures Mike Christie (1): scsi: target: fix __transport_register_session locking Paul Burton (2): MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Petr Machata (1): net: dcb: For wild-card lookups, use priority -1, not 0 Srinivas Pandruvada (1): ata: libahci: Correct setting of DEVSLP register Sven Eckelmann (1): ath10k: prevent active scans on potential unusable channels Takashi Iwai (6): ALSA: riptide: Properly endian notations ALSA: wss: Fix sparse warning wrt PCM format type ALSA: sb: Fix PCM format bit calculation ALSA: asihpi: Fix PCM format notations ALSA: ad1816a: Fix sparse warning wrt PCM format type ALSA: sb: Fix sparse warning wrt PCM format type Yelena Krivosheev (1): net: mvneta: fix mtu change on port without link Zumeng Chen (1): mfd: ti_am335x_tscadc: Fix struct clk memory leak arch/mips/include/asm/io.h | 8 ++++---- arch/mips/mm/c-r4k.c | 6 ++++-- arch/x86/kernel/machine_kexec_32.c | 5 +++-- arch/x86/mm/fault.c | 2 -- block/partitions/aix.c | 13 +++++++++---- drivers/ata/libahci.c | 2 ++ drivers/bluetooth/Kconfig | 1 + drivers/gpio/gpio-ml-ioh.c | 3 ++- drivers/macintosh/via-pmu.c | 9 +++++---- drivers/md/raid5.c | 6 ++++++ drivers/mfd/ti_am335x_tscadc.c | 3 +-- drivers/net/ethernet/marvell/mvneta.c | 1 - drivers/net/wireless/ath/ath10k/mac.c | 7 +++++++ drivers/scsi/3w-9xxx.c | 6 +++++- drivers/scsi/3w-sas.c | 3 +++ drivers/scsi/3w-xxxx.c | 2 ++ drivers/target/target_core_transport.c | 5 +++-- drivers/tty/rocket.c | 2 +- drivers/uio/uio.c | 3 +-- fs/f2fs/super.c | 21 +++++++++++++++++++-- include/sound/sb16_csp.h | 2 +- net/bluetooth/hidp/core.c | 2 +- net/dcb/dcbnl.c | 11 +++++++---- sound/isa/ad1816a/ad1816a_lib.c | 3 ++- sound/isa/sb/sb16_csp.c | 6 +++--- sound/isa/sb/sb16_main.c | 9 ++++++--- sound/isa/wss/wss_lib.c | 2 +- sound/pci/asihpi/asihpi.c | 24 +++++++++++++----------- sound/pci/riptide/riptide.c | 8 ++++---- 29 files changed, 116 insertions(+), 59 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlucANUACgkQ3qZv95d3 LNxaDw//WkPpTwRqcEN9E8xNACn01MdW2LnsNxFhvj2jr47AIREd5UlJVqgnFRkf y0/dDBlROHWBeTY3nXvovH79+/J2wuK3oz6L/lu+Uzvy3V4i4X7/WMB2w1Tbf5Z+ NyDGjFLBOVxWiCJHjnEwoM2cvINzHYMBCbB11XXwWNQEnPmJR9O/BDqjL+PzEXSz vikV7z/T/JvpJblQUG770qnYSAjZYNIGP80avd40hvgY7XBZiCNaFXh67iV8Lshm I+uNAPZPNcesHeD4181ELx+dD43Qb+SYauXOju5/ZaE273HgTFNpmfQPhvoUgJXt 2FRS49gqQ6ioBrNxqV7Jm3gbrOOfLC00MsOWuVpclmAdRxtEr5fpf0mY9wiMZQ5e f4zfbihbkg6ucY0WHwAR31nFl5TTQbVgBmXHl5D/tXcJ5o+WGYLgNJeqso1zAFpR 8+GT2mkp6yKnBAa3+mOFwB24lJOTcX5xGpo6BaDIli3Sc+B7MC6cJyg9TGJ1Lk8M piaB2rV1sEkLIrpXDcTyKT3P9oe3oOAULgQRc3NC2yHx/M8IlQ+98KIdK0HMzWuw 8Ph1xDRv+MPqm8DYkN5KniR1bqLTYw0GpWsT5NJwRgwhzZN6n7WelzDBoAq1hpFa Eqae22hDXGc/oxtnFtGZCY0KazilZfCVJGrU3WVN+qP9jrLq0gk= =RJup -----END PGP SIGNATURE-----

6 years, 9 months

1
0
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit fdf53713aebb1e8ccbfcadade2b8449e62394547: Linux 4.4.155 (2018-09-09 20:04:37 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-14092018 for you to fetch changes up to a83251f1538b537c5fb4a07825e6dbd52be7d8f9: RDMA/cma: Do not ignore net namespace for unbound cm_id (2018-09-14 13:54:45 -0400) - ---------------------------------------------------------------- for-greg-4.4-14092018 - ---------------------------------------------------------------- Anton Vasilyev (4): misc: ti-st: Fix memory leak in the error path of probe() tty: rocket: Fix possible buffer overwrite on register_PCI scsi: 3ware: fix return 0 on the error path of probe gpio: ml-ioh: Fix buffer underwrite on probe error path BingJing Chang (1): md/raid5: fix data corruption of replacements after originals dropped Chao Yu (1): f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize Christophe Leroy (1): perf tools: Allow overriding MAX_NR_CPUS at compile time Dan Carpenter (2): misc: mic: SCIF Fix scif_get_new_port() error handling uio: potential double frees if __uio_register_device() fails Dmitry Osipenko (1): gpio: tegra: Move driver registration to subsys_init level Finn Thain (1): macintosh/via-pmu: Add missing mmio accessors Florian Fainelli (1): ethtool: Remove trailing semicolon for static inline Geert Uytterhoeven (1): iommu/ipmmu-vmsa: Fix allocation in atomic context Joerg Roedel (2): x86/mm: Remove in_nmi() warning from vmalloc_fault() x86/kexec: Allocate 8k PGDs for PTI Johan Hedberg (1): Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV Marcel Holtmann (1): Bluetooth: hidp: Fix handling of strncpy for hid->name information Mauricio Faria de Oliveira (2): partitions/aix: append null character to print data from disk partitions/aix: fix usage of uninitialized lv_info and lvname structures Mike Christie (1): scsi: target: fix __transport_register_session locking Nicholas Mc Guire (1): MIPS: Octeon: add missing of_node_put() Nick Dyer (1): Input: atmel_mxt_ts - only use first T9 instance Olga Kornievskaia (1): NFSv4.0 fix client reference leak in callback Parav Pandit (1): RDMA/cma: Do not ignore net namespace for unbound cm_id Paul Burton (2): MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Petr Machata (1): net: dcb: For wild-card lookups, use priority -1, not 0 Srinivas Pandruvada (1): ata: libahci: Correct setting of DEVSLP register Surabhi Vishnoi (1): ath10k: disable bundle mgmt tx completion event support Sven Eckelmann (1): ath10k: prevent active scans on potential unusable channels Takashi Iwai (8): ALSA: riptide: Properly endian notations ALSA: wss: Fix sparse warning wrt PCM format type ALSA: sb: Fix PCM format bit calculation ALSA: asihpi: Fix PCM format notations ALSA: ad1816a: Fix sparse warning wrt PCM format type ALSA: hda: Fix implicit PCM format type conversion ALSA: au88x0: Fix sparse warning wrt PCM format type ALSA: sb: Fix sparse warning wrt PCM format type Yelena Krivosheev (1): net: mvneta: fix mtu change on port without link Yunlong Song (1): f2fs: do not set free of current section Zumeng Chen (1): mfd: ti_am335x_tscadc: Fix struct clk memory leak arch/mips/cavium-octeon/octeon-platform.c | 2 ++ arch/mips/include/asm/io.h | 8 ++++---- arch/mips/mm/c-r4k.c | 6 ++++-- arch/x86/kernel/machine_kexec_32.c | 5 +++-- arch/x86/mm/fault.c | 2 -- block/partitions/aix.c | 13 +++++++++---- drivers/ata/libahci.c | 2 ++ drivers/bluetooth/Kconfig | 1 + drivers/gpio/gpio-ml-ioh.c | 3 ++- drivers/gpio/gpio-tegra.c | 2 +- drivers/infiniband/core/cma.c | 13 ++++++++++--- drivers/input/touchscreen/atmel_mxt_ts.c | 7 ++++--- drivers/iommu/ipmmu-vmsa.c | 9 ++++----- drivers/macintosh/via-pmu.c | 9 +++++---- drivers/md/raid5.c | 6 ++++++ drivers/mfd/ti_am335x_tscadc.c | 3 +-- drivers/misc/mic/scif/scif_api.c | 20 +++++++++----------- drivers/misc/ti-st/st_kim.c | 4 ++-- drivers/net/ethernet/marvell/mvneta.c | 1 - drivers/net/wireless/ath/ath10k/mac.c | 7 +++++++ drivers/net/wireless/ath/ath10k/wmi-tlv.c | 5 +++++ drivers/net/wireless/ath/ath10k/wmi-tlv.h | 5 +++++ drivers/scsi/3w-9xxx.c | 6 +++++- drivers/scsi/3w-sas.c | 3 +++ drivers/scsi/3w-xxxx.c | 2 ++ drivers/target/target_core_transport.c | 5 +++-- drivers/tty/rocket.c | 2 +- drivers/uio/uio.c | 3 +-- fs/f2fs/segment.h | 3 +++ fs/f2fs/super.c | 21 +++++++++++++++++++-- fs/nfs/callback_xdr.c | 11 ++++++++--- include/sound/hdaudio.h | 3 ++- include/sound/sb16_csp.h | 2 +- include/uapi/linux/ethtool.h | 4 ++-- net/bluetooth/hidp/core.c | 2 +- net/dcb/dcbnl.c | 11 +++++++---- sound/hda/hdac_device.c | 2 +- sound/isa/ad1816a/ad1816a_lib.c | 3 ++- sound/isa/sb/sb16_csp.c | 6 +++--- sound/isa/sb/sb16_main.c | 9 ++++++--- sound/isa/wss/wss_lib.c | 2 +- sound/pci/asihpi/asihpi.c | 24 +++++++++++++----------- sound/pci/au88x0/au88x0.h | 2 +- sound/pci/au88x0/au88x0_core.c | 2 +- sound/pci/riptide/riptide.c | 8 ++++---- tools/perf/perf.h | 2 ++ 46 files changed, 178 insertions(+), 93 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlucAM0ACgkQ3qZv95d3 LNwPCQ/+Jp22S8x7mUnB4lWAOg5KY5u8p/z12JcdHQXpE0vmP/Ktyuth7Yd4jUKG RmTpCIzxoafI9vLMK9I7YyDTQ8ryP22E9oVk0MQ4IcdetKJmeDuKQVYkDjIOwG+1 lqVxMHNWalzhPFJ7gglKEhlNbrZlb/w5hRAEJMxsQOAe3uX3fEJyhD/RPv1Rygvj hNXzZ/Pn8Y72QevxiymXGqfNVgGgpJGetvqVpcdDXOtZw36xYcVQFqkDlIDFfQEe 3aDto8ZNoC9GTV8rSxQU+fOYFakmnkCqchcSICB/4HNImPFVoLT8NkW3ndfXryPL n7ILkgdKcIwMz5xTHcEL3boJD6mZwry7zX1MVM9RomEnx6jptzCAxScITXoMiXW8 q44ey4kiuLN0I6ekBFUt9PR8I/d2bO5G3HSkKnd8vo9UEYEcZb0r4cNlI1XKqHo5 lN6OHkc9Otuji26aasLO1VriF1kGoFcJuoIKE+xdVJGC3LloQ/eiS6pKL+SgjEXa YDyQWrah6b3dlifYuiKf6Yl1R8GctLBL/yS2zDiFlu72pIY02c7Dac3ux+Xa376L R4TL4WKyZmpJzDOlAks7vCHgn9eVUcyXOp7WGK7OWLKd3GYzMmeg36qAMt5e3Q0R HY+eJulDot8sdWYwvuaAn1Ef+VCyHMueR5gufkbTuQ/GPk5kH4M= =jTFn -----END PGP SIGNATURE-----

6 years, 9 months

1
0
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 66f5a871e5987c8f4bff333b66c361a53cdcd350: Linux 4.9.126 (2018-09-09 20:01:26 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-14092018 for you to fetch changes up to 5b34947d3bfebf469858630b9c882a6d1e1ed353: RDMA/cma: Do not ignore net namespace for unbound cm_id (2018-09-14 00:38:45 -0400) - ---------------------------------------------------------------- for-greg-4.9-14092018 - ---------------------------------------------------------------- Anton Vasilyev (4): misc: ti-st: Fix memory leak in the error path of probe() tty: rocket: Fix possible buffer overwrite on register_PCI scsi: 3ware: fix return 0 on the error path of probe gpio: ml-ioh: Fix buffer underwrite on probe error path Arun Parameswaran (1): net: phy: Fix the register offsets in Broadcom iProc mdio mux driver BingJing Chang (1): md/raid5: fix data corruption of replacements after originals dropped Chao Yu (4): f2fs: try grabbing node page lock aggressively in sync scenario f2fs: fix to skip GC if type in SSA and SIT is inconsistent f2fs: fix to do sanity check with reserved blkaddr of inline inode f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize Christophe Leroy (1): perf tools: Allow overriding MAX_NR_CPUS at compile time Dan Carpenter (3): misc: mic: SCIF Fix scif_get_new_port() error handling uio: potential double frees if __uio_register_device() fails f2fs: Fix uninitialized return in f2fs_ioc_shutdown() Dmitry Osipenko (1): gpio: tegra: Move driver registration to subsys_init level Felix Fietkau (2): ath9k: report tx status on EOSP ath9k_hw: fix channel maximum power level test Finn Thain (1): macintosh/via-pmu: Add missing mmio accessors Florian Fainelli (1): ethtool: Remove trailing semicolon for static inline Gaurav Kohli (1): timers: Clear timer_base::must_forward_clk with timer_base::lock held Geert Uytterhoeven (1): iommu/ipmmu-vmsa: Fix allocation in atomic context Joerg Roedel (2): x86/mm: Remove in_nmi() warning from vmalloc_fault() x86/kexec: Allocate 8k PGDs for PTI Johan Hedberg (1): Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV Katsuhiro Suzuki (1): media: helene: fix xtal frequency setting at power on Linus Walleij (1): tpm_tis_spi: Pass the SPI IRQ down to the driver Loic Poulain (1): wlcore: Set rx_status boottime_ns field on rx Marcel Holtmann (1): Bluetooth: hidp: Fix handling of strncpy for hid->name information Mauricio Faria de Oliveira (2): partitions/aix: append null character to print data from disk partitions/aix: fix usage of uninitialized lv_info and lvname structures Mike Christie (1): scsi: target: fix __transport_register_session locking Nicholas Mc Guire (2): MIPS: Octeon: add missing of_node_put() MIPS: generic: fix missing of_node_put() Nick Dyer (1): Input: atmel_mxt_ts - only use first T9 instance Olga Kornievskaia (1): NFSv4.0 fix client reference leak in callback Parav Pandit (1): RDMA/cma: Do not ignore net namespace for unbound cm_id Paul Burton (2): MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Peter Rosin (1): tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Petr Machata (1): net: dcb: For wild-card lookups, use priority -1, not 0 Srinivas Pandruvada (1): ata: libahci: Correct setting of DEVSLP register Surabhi Vishnoi (1): ath10k: disable bundle mgmt tx completion event support Sven Eckelmann (1): ath10k: prevent active scans on potential unusable channels Sylwester Nawrocki (1): media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions Takashi Iwai (8): ALSA: riptide: Properly endian notations ALSA: wss: Fix sparse warning wrt PCM format type ALSA: sb: Fix PCM format bit calculation ALSA: asihpi: Fix PCM format notations ALSA: ad1816a: Fix sparse warning wrt PCM format type ALSA: hda: Fix implicit PCM format type conversion ALSA: au88x0: Fix sparse warning wrt PCM format type ALSA: sb: Fix sparse warning wrt PCM format type Trond Myklebust (1): NFSv4.1: Fix a potential layoutget/layoutrecall deadlock Yelena Krivosheev (1): net: mvneta: fix mtu change on port without link Yunlong Song (1): f2fs: do not set free of current section Zumeng Chen (1): mfd: ti_am335x_tscadc: Fix struct clk memory leak arch/mips/cavium-octeon/octeon-platform.c | 2 ++ arch/mips/generic/init.c | 1 + arch/mips/include/asm/io.h | 8 ++++---- arch/mips/mm/c-r4k.c | 6 ++++-- arch/x86/kernel/machine_kexec_32.c | 5 +++-- arch/x86/mm/fault.c | 2 -- block/partitions/aix.c | 13 +++++++++---- drivers/ata/libahci.c | 2 ++ drivers/bluetooth/Kconfig | 1 + drivers/char/tpm/tpm_i2c_infineon.c | 8 ++++---- drivers/char/tpm/tpm_tis_spi.c | 9 ++++++++- drivers/gpio/gpio-ml-ioh.c | 3 ++- drivers/gpio/gpio-tegra.c | 2 +- drivers/infiniband/core/cma.c | 13 ++++++++++--- drivers/input/touchscreen/atmel_mxt_ts.c | 7 ++++--- drivers/iommu/ipmmu-vmsa.c | 9 ++++----- drivers/macintosh/via-pmu.c | 9 +++++---- drivers/md/raid5.c | 6 ++++++ drivers/media/dvb-frontends/helene.c | 5 ++++- drivers/media/platform/s5p-mfc/s5p_mfc.c | 23 ++++++++++++----------- drivers/mfd/ti_am335x_tscadc.c | 3 +-- drivers/misc/mic/scif/scif_api.c | 20 +++++++++----------- drivers/misc/ti-st/st_kim.c | 4 ++-- drivers/net/ethernet/marvell/mvneta.c | 1 - drivers/net/phy/mdio-mux-bcm-iproc.c | 20 +++++++++++++++----- drivers/net/wireless/ath/ath10k/mac.c | 7 +++++++ drivers/net/wireless/ath/ath10k/wmi-tlv.c | 5 +++++ drivers/net/wireless/ath/ath10k/wmi-tlv.h | 5 +++++ drivers/net/wireless/ath/ath9k/hw.c | 7 +++++-- drivers/net/wireless/ath/ath9k/xmit.c | 3 ++- drivers/net/wireless/ti/wlcore/rx.c | 8 ++++++-- drivers/scsi/3w-9xxx.c | 6 +++++- drivers/scsi/3w-sas.c | 3 +++ drivers/scsi/3w-xxxx.c | 2 ++ drivers/target/target_core_transport.c | 5 +++-- drivers/tty/rocket.c | 2 +- drivers/uio/uio.c | 3 +-- fs/f2fs/file.c | 2 +- fs/f2fs/gc.c | 8 +++++++- fs/f2fs/inline.c | 21 +++++++++++++++++++++ fs/f2fs/node.c | 4 +++- fs/f2fs/segment.h | 3 +++ fs/f2fs/super.c | 21 +++++++++++++++++++-- fs/nfs/callback_proc.c | 4 ++-- fs/nfs/callback_xdr.c | 11 ++++++++--- include/sound/hdaudio.h | 3 ++- include/sound/sb16_csp.h | 2 +- include/uapi/linux/ethtool.h | 4 ++-- kernel/time/timer.c | 29 ++++++++++++++++------------- net/bluetooth/hidp/core.c | 2 +- net/dcb/dcbnl.c | 11 +++++++---- sound/hda/hdac_device.c | 2 +- sound/isa/ad1816a/ad1816a_lib.c | 3 ++- sound/isa/sb/sb16_csp.c | 6 +++--- sound/isa/sb/sb16_main.c | 9 ++++++--- sound/isa/wss/wss_lib.c | 2 +- sound/pci/asihpi/asihpi.c | 24 +++++++++++++----------- sound/pci/au88x0/au88x0.h | 2 +- sound/pci/au88x0/au88x0_core.c | 2 +- sound/pci/riptide/riptide.c | 8 ++++---- tools/perf/perf.h | 2 ++ 61 files changed, 285 insertions(+), 138 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlucAMYACgkQ3qZv95d3 LNzY+Q//RPPJzj9m2Ig9GxCgCQP9NvaTuUOwqngLIU80+jRF+7s918cYHM5p7zGQ 48KVqHm0LENam6MyvnP2u+sj9OfTvgtSHS6e8JjPUySudjmUI8MUfhdGSLfaVFdk JF5T+R0tIjmsOQIY8fZifDVVeAYiWTt2QF9R2twMnxiZOj3mYJPoMtLbjmPRQPDf U/Xdr6f7DvuGqj2JliOcMj+KPA5Aql78H3wis9msLuMTto4n0ih4SalF+XjMM+YY K3IM6kHnItDRGg6T0n9e5KKgxg5tsPY0LtOeGp8h435KmJEnYteG/HFud5P95bsD 8bGCxyrYJIYVJ2YUIS/HNKvUfGwxAr65qfDdtaVe/SK34bd2hZqMnVV9OCXkZoJ9 fEd0SOMfBdBMk4aTkVdkZ41jvwFokI5W8QBkjVzFYChXD/Fi1JvOJxVOM0VOI1Sm lp6qhhXZL+n0NG+bZ55NS9MmbIxhXFx4m2zQsvI1RRa6AEW0pWWRHRvw4Xi8WXNP c43Nq8BdVi4s+fpwaPDp9QSq1mnXAPgAtbo08dD8iFHrVHr6kTMDISEcW0Fz7Nlb rZ8waTRisKMnFY8CV5MlKcukaiHoGfjKfhUHP9hjC6sIVMVcHSLIEVy6Efuf1kgp fDJY0e08524WvXdMSNRTgGLKNPuq03qbyI6m7YPsQ7qKs5JWgFY= =7XBU -----END PGP SIGNATURE-----

6 years, 9 months

1
0
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 7fe7a0f4c5cf9e7f5b7cb67c1341cdbf62ed4c30: Linux 4.14.69 (2018-09-09 19:56:02 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-14092018 for you to fetch changes up to b3db45c5ba72779f6c94653444e2aba53a887bc2: RDMA/cma: Do not ignore net namespace for unbound cm_id (2018-09-14 00:37:54 -0400) - ---------------------------------------------------------------- for-greg-4.14-14092018 - ---------------------------------------------------------------- Anton Vasilyev (7): media: davinci: vpif_display: Mix memory leak on probe error path media: dw2102: Fix memleak on sequence of probes misc: ti-st: Fix memory leak in the error path of probe() firmware: vpd: Fix section enabled flag on vpd_section_destroy tty: rocket: Fix possible buffer overwrite on register_PCI scsi: 3ware: fix return 0 on the error path of probe gpio: ml-ioh: Fix buffer underwrite on probe error path Arun Parameswaran (1): net: phy: Fix the register offsets in Broadcom iProc mdio mux driver BingJing Chang (1): md/raid5: fix data corruption of replacements after originals dropped Chao Yu (6): f2fs: fix to active page in lru list for read path f2fs: try grabbing node page lock aggressively in sync scenario f2fs: fix to skip GC if type in SSA and SIT is inconsistent f2fs: fix to do sanity check with reserved blkaddr of inline inode f2fs: fix to wait on page writeback before updating page f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize Christophe Leroy (1): perf tools: Allow overriding MAX_NR_CPUS at compile time Dan Carpenter (4): misc: mic: SCIF Fix scif_get_new_port() error handling uio: potential double frees if __uio_register_device() fails pinctrl: imx: off by one in imx_pinconf_group_dbg_show() f2fs: Fix uninitialized return in f2fs_ioc_shutdown() Daniel Kurtz (1): pinctrl/amd: only handle irq if it is pending and unmasked Dmitry Osipenko (1): gpio: tegra: Move driver registration to subsys_init level Felix Fietkau (2): ath9k: report tx status on EOSP ath9k_hw: fix channel maximum power level test Finn Thain (1): macintosh/via-pmu: Add missing mmio accessors Florian Fainelli (1): ethtool: Remove trailing semicolon for static inline Gaurav Kohli (1): timers: Clear timer_base::must_forward_clk with timer_base::lock held Geert Uytterhoeven (1): iommu/ipmmu-vmsa: Fix allocation in atomic context Huaisheng Ye (1): tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access() Jae Hyun Yoo (1): i2c: aspeed: Add an explicit type casting for *get_clk_reg_val Jinbum Park (1): pktcdvd: Fix possible Spectre-v1 for pkt_devs Jiri Olsa (1): perf c2c report: Fix crash for empty browser Joerg Roedel (2): x86/mm: Remove in_nmi() warning from vmalloc_fault() x86/kexec: Allocate 8k PGDs for PTI Johan Hedberg (1): Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV John Pittman (1): dm cache: only allow a single io_mode cache feature to be requested Kan Liang (1): perf evlist: Fix error out while applying initial delay and LBR Katsuhiro Suzuki (1): media: helene: fix xtal frequency setting at power on Linus Walleij (1): tpm_tis_spi: Pass the SPI IRQ down to the driver Loic Poulain (1): wlcore: Set rx_status boottime_ns field on rx Marcel Holtmann (1): Bluetooth: hidp: Fix handling of strncpy for hid->name information Mauricio Faria de Oliveira (2): partitions/aix: append null character to print data from disk partitions/aix: fix usage of uninitialized lv_info and lvname structures Michael Kelley (1): Drivers: hv: vmbus: Cleanup synic memory free path Mike Christie (1): scsi: target: fix __transport_register_session locking Ming Lei (1): blk-mq: fix updating tags depth Nicholas Mc Guire (2): MIPS: Octeon: add missing of_node_put() MIPS: generic: fix missing of_node_put() Nick Dyer (1): Input: atmel_mxt_ts - only use first T9 instance Olga Kornievskaia (1): NFSv4.0 fix client reference leak in callback Parav Pandit (1): RDMA/cma: Do not ignore net namespace for unbound cm_id Paul Burton (2): MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON Peter Rosin (1): tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) Petr Machata (1): net: dcb: For wild-card lookups, use priority -1, not 0 Philipp Zabel (1): gpu: ipu-v3: default to id 0 on missing OF alias Randy Dunlap (1): f2fs: fix defined but not used build warnings Reza Arbab (1): powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage Roman Gushchin (1): selftests/bpf: fix a typo in map in map test Srinivas Kandagatla (1): rpmsg: core: add support to power domains for devices Srinivas Pandruvada (2): ata: libahci: Allow reconfigure of DEVSLP register ata: libahci: Correct setting of DEVSLP register Surabhi Vishnoi (1): ath10k: disable bundle mgmt tx completion event support Sven Eckelmann (1): ath10k: prevent active scans on potential unusable channels Sylwester Nawrocki (1): media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions Takashi Iwai (9): ALSA: riptide: Properly endian notations ALSA: pcm: Fix sparse warning wrt PCM format type ALSA: wss: Fix sparse warning wrt PCM format type ALSA: sb: Fix PCM format bit calculation ALSA: asihpi: Fix PCM format notations ALSA: ad1816a: Fix sparse warning wrt PCM format type ALSA: hda: Fix implicit PCM format type conversion ALSA: au88x0: Fix sparse warning wrt PCM format type ALSA: sb: Fix sparse warning wrt PCM format type Todor Tomov (1): media: camss: csid: Configure data type and decode format properly Trond Myklebust (1): NFSv4.1: Fix a potential layoutget/layoutrecall deadlock Yelena Krivosheev (1): net: mvneta: fix mtu change on port without link Yunlong Song (1): f2fs: do not set free of current section Zumeng Chen (1): mfd: ti_am335x_tscadc: Fix struct clk memory leak arch/mips/cavium-octeon/octeon-platform.c | 2 ++ arch/mips/generic/init.c | 1 + arch/mips/include/asm/io.h | 8 +++--- arch/mips/mm/c-r4k.c | 6 +++-- arch/powerpc/platforms/powernv/npu-dma.c | 5 ++-- arch/x86/kernel/machine_kexec_32.c | 5 ++-- arch/x86/mm/fault.c | 2 -- block/blk-mq-tag.c | 8 +++--- block/partitions/aix.c | 13 +++++++--- drivers/ata/libahci.c | 20 +++++++++------ drivers/block/pktcdvd.c | 4 ++- drivers/bluetooth/Kconfig | 1 + drivers/char/tpm/tpm_i2c_infineon.c | 8 +++--- drivers/char/tpm/tpm_tis_spi.c | 9 ++++++- drivers/firmware/google/vpd.c | 5 +++- drivers/gpio/gpio-ml-ioh.c | 3 ++- drivers/gpio/gpio-tegra.c | 2 +- drivers/gpu/ipu-v3/ipu-common.c | 2 ++ drivers/hv/hv.c | 14 ++++++----- drivers/i2c/busses/i2c-aspeed.c | 2 +- drivers/infiniband/core/cma.c | 13 +++++++--- drivers/input/touchscreen/atmel_mxt_ts.c | 7 +++--- drivers/iommu/ipmmu-vmsa.c | 9 +++---- drivers/macintosh/via-pmu.c | 9 ++++--- drivers/md/dm-cache-target.c | 19 +++++++++++--- drivers/md/raid5.c | 6 +++++ drivers/media/dvb-frontends/helene.c | 5 +++- drivers/media/platform/davinci/vpif_display.c | 24 ++++++++++++------ .../media/platform/qcom/camss-8x16/camss-csid.c | 16 ++++++++---- drivers/media/platform/s5p-mfc/s5p_mfc.c | 23 +++++++++-------- drivers/media/usb/dvb-usb/dw2102.c | 19 ++++++++++---- drivers/mfd/ti_am335x_tscadc.c | 3 +-- drivers/misc/mic/scif/scif_api.c | 20 +++++++-------- drivers/misc/ti-st/st_kim.c | 4 +-- drivers/net/ethernet/marvell/mvneta.c | 1 - drivers/net/phy/mdio-mux-bcm-iproc.c | 20 +++++++++++---- drivers/net/wireless/ath/ath10k/mac.c | 7 ++++++ drivers/net/wireless/ath/ath10k/wmi-tlv.c | 5 ++++ drivers/net/wireless/ath/ath10k/wmi-tlv.h | 5 ++++ drivers/net/wireless/ath/ath9k/hw.c | 7 ++++-- drivers/net/wireless/ath/ath9k/xmit.c | 3 ++- drivers/net/wireless/ti/wlcore/rx.c | 8 ++++-- drivers/pinctrl/freescale/pinctrl-imx.c | 2 +- drivers/pinctrl/pinctrl-amd.c | 3 ++- drivers/rpmsg/rpmsg_core.c | 7 ++++++ drivers/scsi/3w-9xxx.c | 6 ++++- drivers/scsi/3w-sas.c | 3 +++ drivers/scsi/3w-xxxx.c | 2 ++ drivers/target/target_core_transport.c | 5 ++-- drivers/tty/rocket.c | 2 +- drivers/uio/uio.c | 3 +-- fs/f2fs/f2fs.h | 7 +++++- fs/f2fs/file.c | 2 +- fs/f2fs/gc.c | 8 +++++- fs/f2fs/inline.c | 22 ++++++++++++++++ fs/f2fs/node.c | 4 ++- fs/f2fs/segment.h | 3 +++ fs/f2fs/super.c | 21 ++++++++++++++-- fs/f2fs/sysfs.c | 10 +++++--- fs/nfs/callback_proc.c | 4 +-- fs/nfs/callback_xdr.c | 11 +++++--- include/sound/hdaudio.h | 3 ++- include/sound/sb16_csp.h | 2 +- include/uapi/linux/ethtool.h | 4 +-- kernel/time/timer.c | 29 ++++++++++++---------- net/bluetooth/hidp/core.c | 2 +- net/dcb/dcbnl.c | 11 +++++--- sound/core/oss/pcm_oss.c | 2 +- sound/hda/hdac_device.c | 2 +- sound/isa/ad1816a/ad1816a_lib.c | 3 ++- sound/isa/sb/sb16_csp.c | 6 ++--- sound/isa/sb/sb16_main.c | 9 ++++--- sound/isa/wss/wss_lib.c | 2 +- sound/pci/asihpi/asihpi.c | 24 ++++++++++-------- sound/pci/au88x0/au88x0.h | 2 +- sound/pci/au88x0/au88x0_core.c | 2 +- sound/pci/riptide/riptide.c | 8 +++--- tools/perf/builtin-c2c.c | 3 +++ tools/perf/perf.h | 2 ++ tools/perf/util/evsel.c | 14 +++++++++++ tools/testing/nvdimm/pmem-dax.c | 12 ++++++--- tools/testing/selftests/bpf/test_verifier.c | 6 ++--- 82 files changed, 429 insertions(+), 197 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlucAMAACgkQ3qZv95d3 LNweWxAAr245ZB5Sncig3/LPMKemr9z0rXkq6dp1Ie5ezR4vzi0m6ns4q9yAudTl qwajoVktYDuf5HYCsaFmWsbhSXM3Jb2Atn9np8KLAH780eN3UvAPF7n5vBBouFAK SMGPWEtoRrIv4VAoA+zj9VkZrkTbzs8gqubJsbNXaBPBZq79Rrl4QFE3J44I7sqx jItmiTu2ptsbYteJtPIDQnt5XPQ/id+RdDE/kBL8goxpE0O3WhjMVOFdE39Fs5Cg 6IHpFCNpFC76BHxOHWhMSI6T6d+VSQxwCKPeNL31zXSfKAge3xeI23mnDY12KcE8 geF0Ufyy2wTxt5Zah6VCPOc4WB7kiGTYG7toAMBfEITeI4bsvvpqCDpwGkcWIxZk XKbtpaxa50Tji4qdBwxmP99aykDE3RO0/ajxR5rt/MilT0nADHJUUic/EzV9oDcF q9tZ4mRnMXbBuGJDZVx511vtA+6LqejGhTIuybC9RkKsbxoICb3+cU3qfikKJThF uG3jUiAMiy3mpyfQJX4HelRO0jzNSM34etV4E1Xia3EgiX4zi/EkwrTTNYEFMTO0 Ne7I486x7c6JitpfAvx7N3PimuGbljILBonZy5Uw9ErRmqsQlMUM8+A5zvg7J0Fd OrJ7DBpuWrRU2tWnx8kEKuVOAc+FKAgQ9QcbzuEXPjMpRJ/1GN8= =5M/x -----END PGP SIGNATURE-----

6 years, 9 months

1
0
0 0

[PATCH] scripts: unifdef: fix stringop-truncation warning

by Harshit Jain

From: Harshit Jain <dev-harsh1998(a)hotmail.com> * This commit resolves the following warning when the mainline kernel is build with the android environment. -> warning :-> https://gist.github.com/dev-harsh1998/757427b16a58f5498db3d87212a9651b * This warning is persistant in all the currently maintained android kernel i.e 3.18, 4.4, 4.9, 4.14. Signed-off-by: Harshit Jain <dev-harsh1998(a)hotmail.com> --- scripts/unifdef.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/unifdef.c b/scripts/unifdef.c index 7493c0ee51cc..4ce008eda362 100644 --- a/scripts/unifdef.c +++ b/scripts/unifdef.c @@ -395,8 +395,8 @@ usage(void) * When we have processed a group that starts off with a known-false * #if/#elif sequence (which has therefore been deleted) followed by a * #elif that we don't understand and therefore must keep, we edit the - * latter into a #if to keep the nesting correct. We use strncpy() to - * overwrite the 4 byte token "elif" with "if " without a '\0' byte. + * latter into a #if to keep the nesting correct. We use the memcpy() + * from the string header overwrite the 4 byte token "elif" with "if ". * * When we find a true #elif in a group, the following block will * always be kept and the rest of the sequence after the next #elif or @@ -450,7 +450,7 @@ static void Idrop (void) { Fdrop(); ignoreon(); } static void Itrue (void) { Ftrue(); ignoreon(); } static void Ifalse(void) { Ffalse(); ignoreon(); } /* modify this line */ -static void Mpass (void) { strncpy(keyword, "if ", 4); Pelif(); } +static void Mpass (void) { memcpy(keyword, "if ", 4); Pelif(); } static void Mtrue (void) { keywordedit("else"); state(IS_TRUE_MIDDLE); } static void Melif (void) { keywordedit("endif"); state(IS_FALSE_TRAILER); } static void Melse (void) { keywordedit("endif"); state(IS_FALSE_ELSE); } -- 2.18.0

6 years, 9 months

2
2
0 0

[PATCH] xen-blkback: Switch to closed state after releasing the backing device

by Valentin Vidic

Switching to closed state earlier can cause the block-drbd script to fail with 'Device is held open by someone': root: /etc/xen/scripts/block-drbd: remove XENBUS_PATH=backend/vbd/6/51712 kernel: [ 2222.278235] block drbd6: State change failed: Device is held open by someone kernel: [ 2222.278304] block drbd6: state = { cs:Connected ro:Primary/Secondary ds:UpToDate/UpToDate r----- } kernel: [ 2222.278340] block drbd6: wanted = { cs:Connected ro:Secondary/Secondary ds:UpToDate/UpToDate r----- } root: /etc/xen/scripts/block-drbd: Writing backend/vbd/6/51712/hotplug-error /etc/xen/scripts/block-drbd failed; error detected. backend/vbd/6/51712/hotplug-status error to xenstore. root: /etc/xen/scripts/block-drbd: /etc/xen/scripts/block-drbd failed; error detected. Signed-off-by: Valentin Vidic <Valentin.Vidic(a)CARNet.hr> Cc: stable(a)vger.kernel.org --- drivers/block/xen-blkback/xenbus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c index a4bc74e72c39..43bddc996709 100644 --- a/drivers/block/xen-blkback/xenbus.c +++ b/drivers/block/xen-blkback/xenbus.c @@ -323,6 +323,7 @@ static void xen_blkif_free(struct xen_blkif *blkif) { WARN_ON(xen_blkif_disconnect(blkif)); xen_vbd_free(&blkif->vbd); + xenbus_switch_state(blkif->be->dev, XenbusStateClosed); kfree(blkif->be->mode); kfree(blkif->be); @@ -814,7 +815,6 @@ static void frontend_changed(struct xenbus_device *dev, case XenbusStateClosed: xen_blkif_disconnect(be->blkif); - xenbus_switch_state(dev, XenbusStateClosed); if (xenbus_dev_is_online(dev)) break; /* fall through */ -- 2.18.0

6 years, 9 months

4
22
0 0

[PATCH v3.1 2/2] btrfs: Ensure btrfs_trim_fs can trim the whole fs

by Qu Wenruo

[BUG] fstrim on some btrfs only trims the unallocated space, not trimming any space in existing block groups. [CAUSE] Before fstrim_range passed to btrfs_trim_fs(), it get truncated to range [0, super->total_bytes). So later btrfs_trim_fs() will only be able to trim block groups in range [0, super->total_bytes). While for btrfs, any bytenr aligned to sector size is valid, since btrfs use its logical address space, there is nothing limiting the location where we put block groups. For btrfs with routine balance, it's quite easy to relocate all block groups and bytenr of block groups will start beyond super->total_bytes. In that case, btrfs will not trim existing block groups. [FIX] Just remove the truncation in btrfs_ioctl_fitrim(), so btrfs_trim_fs() can get the unmodified range, which is normally set to [0, U64_MAX]. Reported-by: Chris Murphy <lists(a)colorremedies.com> Fixes: f4c697e6406d ("btrfs: return EINVAL if start > total_bytes in fitrim ioctl") Cc: <stable(a)vger.kernel.org> # v4.0+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/extent-tree.c | 10 +--------- fs/btrfs/ioctl.c | 11 +++++++---- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index 2cc449190578..c6a9cca8ddca 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -10851,21 +10851,13 @@ int btrfs_trim_fs(struct btrfs_fs_info *fs_info, struct fstrim_range *range) u64 start; u64 end; u64 trimmed = 0; - u64 total_bytes = btrfs_super_total_bytes(fs_info->super_copy); u64 bg_failed = 0; u64 dev_failed = 0; int bg_ret = 0; int dev_ret = 0; int ret = 0; - /* - * try to trim all FS space, our block group may start from non-zero. - */ - if (range->len == total_bytes) - cache = btrfs_lookup_first_block_group(fs_info, range->start); - else - cache = btrfs_lookup_block_group(fs_info, range->start); - + cache = btrfs_lookup_first_block_group(fs_info, range->start); for (; cache; cache = next_block_group(fs_info, cache)) { if (cache->key.objectid >= (range->start + range->len)) { btrfs_put_block_group(cache); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 63600dc2ac4c..8165a4bfa579 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -491,7 +491,6 @@ static noinline int btrfs_ioctl_fitrim(struct file *file, void __user *arg) struct fstrim_range range; u64 minlen = ULLONG_MAX; u64 num_devices = 0; - u64 total_bytes = btrfs_super_total_bytes(fs_info->super_copy); int ret; if (!capable(CAP_SYS_ADMIN)) @@ -515,11 +514,15 @@ static noinline int btrfs_ioctl_fitrim(struct file *file, void __user *arg) return -EOPNOTSUPP; if (copy_from_user(&range, arg, sizeof(range))) return -EFAULT; - if (range.start > total_bytes || - range.len < fs_info->sb->s_blocksize) + + /* + * NOTE: Don't truncate the range using super->total_bytes. + * Bytenr of btrfs block group is in btrfs logical address space, + * which can be any sector size aligned bytenr in [0, U64_MAX]. + */ + if (range.len < fs_info->sb->s_blocksize) return -EINVAL; - range.len = min(range.len, total_bytes - range.start); range.minlen = max(range.minlen, minlen); ret = btrfs_trim_fs(fs_info, &range); if (ret < 0) -- 2.18.0

6 years, 9 months

2
1
0 0

[PATCHv4 0/7] tty: Hold write ldisc sem in tty_reopen()

by Dmitry Safonov

Hi all, Three fixes that worth to have in the @stable, as they were hit by different people, including Arista on v4.9 stable. And for linux-next - adding lockdep asserts for line discipline changing code, verifying that write ldisc sem will be held forthwith. The last patch is an optional and probably, timeout can be dropped for read_lock(). I'll do it if everyone agrees. (Or as per discussion with Peter in v3, just convert ldisc to a regular rwsem). Thanks, Dima Changes since v3: - Added tested-by Mark Rutland (thanks!) - Dropped patch with smp_wmb() - wrong idea - lockdep_assert_held() should be actually lockdep_assert_held_exclusive() - Described why tty_ldisc_open() can be called without ldisc_sem held for pty slave end (o_tty). - Added Peter's patch for dropping self-made lockdep annotations - Fix for a reader(s) of ldisc semaphore waiting for an active reader(s) Changes since v2: - Added reviewed-by tags - Hopefully, fixed reported by 0-day issue. - Added optional fix for wait_readers decrement Changes since v1: - Added tested-by/reported-by tags - Dropped 3/4 (locking tty pair for lockdep sake), Because of that - not adding lockdep_assert_held() in tty_ldisc_open() - Added 4/4 cleanup to inc tty->count only on success of tty_ldisc_reinit() - lock ldisc without (5*HZ) timeout in tty_reopen() v1 link: lkml.kernel.org/r/<20180829022353.23568-1-dima(a)arista.com> v2 link: lkml.kernel.org/r/<20180903165257.29227-1-dima(a)arista.com> v3 link: lkml.kernel.org/r/<20180911014821.26286-1-dima(a)arista.com> Cc: Daniel Axtens <dja(a)axtens.net> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Michael Neuling <mikey(a)neuling.org> Cc: Mikulas Patocka <mpatocka(a)redhat.com> Cc: Nathan March <nathan(a)gt.net> Cc: Pasi Kärkkäinen <pasik(a)iki.fi> Cc: Peter Hurley <peter(a)hurleysoftware.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: "Rong, Chen" <rong.a.chen(a)intel.com> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Tan Xiaojun <tanxiaojun(a)huawei.com> Cc: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> (please, ignore if I Cc'ed you mistakenly) Dmitry Safonov (6): tty: Drop tty->count on tty_reopen() failure tty: Hold tty_ldisc_lock() during tty_reopen() tty/ldsem: Wake up readers after timed out down_write() tty: Simplify tty->count math in tty_reopen() tty/ldsem: Add lockdep asserts for ldisc_sem tty/ldsem: Decrement wait_readers on timeouted down_read() Peter Zijlstra (1): tty/ldsem: Convert to regular lockdep annotations drivers/tty/tty_io.c | 12 ++++++---- drivers/tty/tty_ldisc.c | 9 +++++++ drivers/tty/tty_ldsem.c | 62 ++++++++++++++++++++----------------------------- 3 files changed, 42 insertions(+), 41 deletions(-) -- 2.13.6

6 years, 9 months

2
4
0 0

[PATCH 4.9 00/78] 4.9.127-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.127 release. There are 78 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Sep 15 13:17:41 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.127-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.127-rc1 Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: Handle mismatched cache type Suzuki K Poulose <suzuki.poulose(a)arm.com> arm64: Fix mismatched cache line size detection Ethan Lien <ethanlien(a)synology.com> btrfs: use correct compare function of dirty_metadata_bytes Gustavo A. R. Silva <gustavo(a)embeddedor.com> ASoC: wm8994: Fix missing break in switch Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/lib: use expoline for all bcr instructions Tomas Winkler <tomas.winkler(a)intel.com> mei: me: allow runtime pm for platform with D0i3 Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> sch_tbf: fix two null pointer dereferences on init failure Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> sch_netem: avoid null pointer deref on init failure Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> sch_hhf: fix null pointer dereference on init failure Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> sch_multiq: fix double free on init failure Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> sch_htb: fix crash on init failure Chas Williams <chas3(a)att.com> Fixes: Commit 2aa6d036b716 ("mm: numa: avoid waiting on freed migrated pages") Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: do not call enic_change_mtu in enic_probe Fabio Estevam <fabio.estevam(a)nxp.com> Revert "ARM: imx_v6_v7_defconfig: Select ULPI support" Tyler Hicks <tyhicks(a)canonical.com> irda: Only insert new objects into the global database via setsockopt Tyler Hicks <tyhicks(a)canonical.com> irda: Fix memory leak caused by repeated binds of irda socket Randy Dunlap <rdunlap(a)infradead.org> kbuild: make missing $DEPMOD a Warning instead of an Error Juergen Gross <jgross(a)suse.com> x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear Joel Fernandes (Google) <joel(a)joelfernandes.org> debugobjects: Make stack check warning more informative Eric Dumazet <edumazet(a)google.com> tcp: Revert "tcp: tcp_probe: use spin_lock_bh()" Kai-Heng Feng <kai.heng.feng(a)canonical.com> drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 Marc Zyngier <marc.zyngier(a)arm.com> ARM: rockchip: Force CONFIG_PM on Rockchip systems Marc Zyngier <marc.zyngier(a)arm.com> arm64: rockchip: Force CONFIG_PM on Rockchip systems Qu Wenruo <wqu(a)suse.com> btrfs: Don't remove block group that still has pinned down bytes Qu Wenruo <wqu(a)suse.com> btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized Misono Tomohiro <misono.tomohiro(a)jp.fujitsu.com> btrfs: replace: Reset on-disk dev stats value after replace Levin Du <djw(a)t-chip.com.cn> clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 Mahesh Salgaonkar <mahesh(a)linux.vnet.ibm.com> powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX. Steve French <stfrench(a)microsoft.com> SMB3: Number of requests sent should be displayed for SMB3 not just CIFS Steve French <stfrench(a)microsoft.com> smb3: fix reset of bytes read and written stats YueHaibing <yuehaibing(a)huawei.com> RDS: IB: fix 'passing zero to ERR_PTR()' warning Breno Leitao <leitao(a)debian.org> selftests/powerpc: Kill child processes on SIGINT Ian Abbott <abbotti(a)mev.co.uk> staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice John Pittman <jpittman(a)redhat.com> dm kcopyd: avoid softlockup in run_complete_job Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> PCI: mvebu: Fix I/O space end address calculation Dan Carpenter <dan.carpenter(a)oracle.com> scsi: aic94xx: fix an error code in aic94xx_init() Hans de Goede <hdegoede(a)redhat.com> ACPI / scan: Initialize status to ACPI_STA_DEFAULT Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix panic for failed online processing Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix hanging offline processing due to canceled worker Greg Edwards <gedwards(a)ddn.com> block: bvec_nr_vecs() returns value for wrong slab Sandipan Das <sandipan(a)linux.ibm.com> perf probe powerpc: Fix trace event post-processing Dan Carpenter <dan.carpenter(a)oracle.com> powerpc: Fix size calculation using resource_size() Jean-Philippe Brucker <jean-philippe.brucker(a)arm.com> net/9p: fix error path of p9_virtio_probe Tomas Bortoli <tomasbortoli(a)gmail.com> net/9p/trans_fd.c: fix race by holding the lock Jonas Gorski <jonas.gorski(a)gmail.com> irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP Gal Pressman <pressmangal(a)gmail.com> RDMA/hns: Fix usage of bitmap allocation functions return values Aleh Filipovich <aleh(a)vaolix.com> platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 Guenter Roeck <linux(a)roeck-us.net> mfd: sm501: Set coherent_dma_mask when creating subdevices Tan Hu <tan.hu(a)zte.com.cn> ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() Philipp Rudo <prudo(a)linux.ibm.com> s390/kdump: Fix memleak in nt_vmcoreinfo Randy Dunlap <rdunlap(a)infradead.org> platform/x86: intel_punit_ipc: fix build errors Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() Andrey Ryabinin <aryabinin(a)virtuozzo.com> mm/fadvise.c: fix signed overflow UBSAN complaint Suzuki K Poulose <suzuki.poulose(a)arm.com> virtio: pci-legacy: Validate queue pfn Randy Dunlap <rdunlap(a)infradead.org> scripts: modpost: check memory allocation results OGAWA Hirofumi <hirofumi(a)mail.parknet.co.jp> fat: validate ->i_start before using Ernesto A. Fernández <ernesto.mnd.fernandez(a)gmail.com> hfsplus: fix NULL dereference in hfsplus_lookup() Arnd Bergmann <arnd(a)arndb.de> reiserfs: change j_timestamp type to time64_t Jann Horn <jannh(a)google.com> fork: don't copy inconsistent signal handler state to child Laura Abbott <labbott(a)redhat.com> sunrpc: Don't use stack buffer with scatterlist Ernesto A. Fernández <ernesto.mnd.fernandez(a)gmail.com> hfs: prevent crash on exit from failed search Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: don't return 0 when fill_super() failed Ronnie Sahlberg <lsahlber(a)redhat.com> cifs: check if SMB2 PDU size has been padded and suppress the warning Vlad Buslov <vladbu(a)mellanox.com> net: sched: action_ife: take reference to meta module Cong Wang <xiyou.wangcong(a)gmail.com> act_ife: fix a potential deadlock Cong Wang <xiyou.wangcong(a)gmail.com> act_ife: move tcfa_lock down to where necessary Stephen Hemminger <stephen(a)networkplumber.org> hv_netvsc: ignore devices that are not PCI Jason Wang <jasowang(a)redhat.com> vhost: correctly check the iova range when waking virtqueue Xin Long <lucien.xin(a)gmail.com> sctp: hold transport before accessing its asoc in sctp_transport_get_next Alexey Kodanev <alexey.kodanev(a)oracle.com> vti6: remove !skb->ignore_df check from vti6_xmit() Florian Westphal <fw(a)strlen.de> tcp: do not restart timewait timer on rst reception Anthony Wong <anthony.wong(a)ubuntu.com> r8169: add support for NCube 8168 network card Manish Chopra <manish.chopra(a)cavium.com> qlge: Fix netdev features configuration. Kees Cook <keescook(a)chromium.org> net: sched: Fix memory exposure from short TCA_U32_SEL Doug Berger <opendmb(a)gmail.com> net: bcmgenet: use MAC link status for fixed phy Eric Dumazet <edumazet(a)google.com> ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state Cong Wang <xiyou.wangcong(a)gmail.com> act_ife: fix a potential use-after-free Michal Hocko <mhocko(a)suse.cz> x86/speculation/l1tf: Fix up pte->pfn conversion for PAE ------------- Diffstat: Makefile | 4 +- arch/arm/configs/imx_v6_v7_defconfig | 2 - arch/arm/mach-rockchip/Kconfig | 1 + arch/arm64/Kconfig.platforms | 1 + arch/arm64/include/asm/cachetype.h | 5 ++ arch/arm64/include/asm/cpucaps.h | 3 +- arch/arm64/kernel/cpu_errata.c | 24 ++++++-- arch/arm64/kernel/cpufeature.c | 4 +- arch/powerpc/platforms/pseries/ras.c | 2 +- arch/powerpc/sysdev/mpic_msgr.c | 2 +- arch/s390/kernel/crash_dump.c | 17 ++++-- arch/s390/lib/mem.S | 9 ++- arch/x86/include/asm/pgtable-3level.h | 7 +-- arch/x86/include/asm/pgtable.h | 2 +- block/bio.c | 2 +- drivers/acpi/scan.c | 5 +- drivers/clk/rockchip/clk-rk3399.c | 1 + drivers/gpu/drm/drm_edid.c | 3 + drivers/infiniband/hw/hns/hns_roce_pd.c | 2 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 5 +- drivers/irqchip/irq-bcm7038-l1.c | 4 ++ drivers/md/dm-kcopyd.c | 2 + drivers/mfd/sm501.c | 1 + drivers/misc/mei/pci-me.c | 5 +- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 3 + drivers/net/ethernet/broadcom/genet/bcmmii.c | 10 +++- drivers/net/ethernet/cisco/enic/enic_main.c | 2 +- drivers/net/ethernet/qlogic/qlge/qlge_main.c | 23 +++----- drivers/net/ethernet/realtek/r8169.c | 1 + drivers/net/hyperv/netvsc_drv.c | 5 ++ drivers/pci/host/pci-mvebu.c | 2 +- drivers/platform/x86/asus-nb-wmi.c | 1 + drivers/platform/x86/intel_punit_ipc.c | 1 + drivers/s390/block/dasd_eckd.c | 10 +++- drivers/scsi/aic94xx/aic94xx_init.c | 4 +- drivers/staging/comedi/drivers/ni_mio_common.c | 3 +- drivers/vhost/vhost.c | 2 +- drivers/virtio/virtio_pci_legacy.c | 14 ++++- fs/btrfs/dev-replace.c | 6 ++ fs/btrfs/disk-io.c | 10 ++-- fs/btrfs/extent-tree.c | 2 +- fs/btrfs/relocation.c | 23 ++++---- fs/cifs/cifs_debug.c | 8 +++ fs/cifs/smb2misc.c | 7 +++ fs/cifs/smb2pdu.c | 2 +- fs/dcache.c | 3 +- fs/fat/cache.c | 19 ++++--- fs/fat/fat.h | 5 ++ fs/fat/fatent.c | 6 +- fs/hfs/brec.c | 7 ++- fs/hfsplus/dir.c | 4 +- fs/hfsplus/super.c | 4 +- fs/reiserfs/reiserfs.h | 2 +- include/linux/pci_ids.h | 2 + kernel/fork.c | 2 + lib/debugobjects.c | 7 ++- mm/fadvise.c | 8 ++- mm/huge_memory.c | 2 +- net/9p/trans_fd.c | 10 ++-- net/9p/trans_virtio.c | 3 +- net/ipv4/tcp_ipv4.c | 6 ++ net/ipv4/tcp_minisocks.c | 3 +- net/ipv4/tcp_probe.c | 4 +- net/ipv6/ip6_vti.c | 2 +- net/irda/af_irda.c | 13 ++++- net/netfilter/ipvs/ip_vs_core.c | 15 +++-- net/rds/ib_frmr.c | 1 + net/sched/act_ife.c | 79 +++++++++++++++----------- net/sched/cls_u32.c | 8 ++- net/sched/sch_hhf.c | 3 + net/sched/sch_htb.c | 5 +- net/sched/sch_multiq.c | 9 +-- net/sched/sch_netem.c | 4 +- net/sched/sch_tbf.c | 5 +- net/sctp/proc.c | 4 -- net/sctp/socket.c | 22 ++++--- net/sunrpc/auth_gss/gss_krb5_crypto.c | 12 +++- scripts/depmod.sh | 4 +- scripts/mod/modpost.c | 8 +-- sound/soc/codecs/wm8994.c | 1 + tools/perf/arch/powerpc/util/sym-handling.c | 4 +- tools/testing/selftests/powerpc/harness.c | 18 ++++-- 82 files changed, 376 insertions(+), 190 deletions(-)

6 years, 9 months

4
81
0 0

[PATCH 4.4 00/60] 4.4.156-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.156 release. There are 60 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Sep 15 13:17:29 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.156-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.156-rc1 Ethan Lien <ethanlien(a)synology.com> btrfs: use correct compare function of dirty_metadata_bytes Gustavo A. R. Silva <gustavo(a)embeddedor.com> ASoC: wm8994: Fix missing break in switch Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/lib: use expoline for all bcr instructions Tomas Winkler <tomas.winkler(a)intel.com> mei: me: allow runtime pm for platform with D0i3 Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> sch_tbf: fix two null pointer dereferences on init failure Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> sch_netem: avoid null pointer deref on init failure Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> sch_hhf: fix null pointer dereference on init failure Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> sch_multiq: fix double free on init failure Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> sch_htb: fix crash on init failure Miklos Szeredi <mszeredi(a)redhat.com> ovl: proper cleanup of workdir Antonio Murdaca <amurdaca(a)redhat.com> ovl: override creds with the ones from the superblock mounter Miklos Szeredi <mszeredi(a)redhat.com> ovl: rename is_merge to is_lowest Marc Zyngier <marc.zyngier(a)arm.com> irqchip/gic: Make interrupt ID 1020 invalid Marc Zyngier <marc.zyngier(a)arm.com> irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar() Shanker Donthineni <shankerd(a)codeaurora.org> irqchip/gicv3-its: Avoid cache flush beyond ITS_BASERn memory size Shanker Donthineni <shankerd(a)codeaurora.org> irqchip/gicv3-its: Fix memory leak in its_free_tables() Marc Zyngier <marc.zyngier(a)arm.com> irqchip/gic-v3-its: Recompute the number of pages on page size change Sudeep Holla <sudeep.holla(a)arm.com> genirq: Delay incrementing interrupt count if it's disabled/pending Chas Williams <chas3(a)att.com> Fixes: Commit cdbf92675fad ("mm: numa: avoid waiting on freed migrated pages") Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: do not call enic_change_mtu in enic_probe Fabio Estevam <fabio.estevam(a)nxp.com> Revert "ARM: imx_v6_v7_defconfig: Select ULPI support" Tyler Hicks <tyhicks(a)canonical.com> irda: Only insert new objects into the global database via setsockopt Tyler Hicks <tyhicks(a)canonical.com> irda: Fix memory leak caused by repeated binds of irda socket Randy Dunlap <rdunlap(a)infradead.org> kbuild: make missing $DEPMOD a Warning instead of an Error Juergen Gross <jgross(a)suse.com> x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear Joel Fernandes (Google) <joel(a)joelfernandes.org> debugobjects: Make stack check warning more informative Qu Wenruo <wqu(a)suse.com> btrfs: Don't remove block group that still has pinned down bytes Qu Wenruo <wqu(a)suse.com> btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized Misono Tomohiro <misono.tomohiro(a)jp.fujitsu.com> btrfs: replace: Reset on-disk dev stats value after replace Mahesh Salgaonkar <mahesh(a)linux.vnet.ibm.com> powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX. Steve French <stfrench(a)microsoft.com> SMB3: Number of requests sent should be displayed for SMB3 not just CIFS Steve French <stfrench(a)microsoft.com> smb3: fix reset of bytes read and written stats Breno Leitao <leitao(a)debian.org> selftests/powerpc: Kill child processes on SIGINT Ian Abbott <abbotti(a)mev.co.uk> staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice John Pittman <jpittman(a)redhat.com> dm kcopyd: avoid softlockup in run_complete_job Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> PCI: mvebu: Fix I/O space end address calculation Dan Carpenter <dan.carpenter(a)oracle.com> scsi: aic94xx: fix an error code in aic94xx_init() Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix hanging offline processing due to canceled worker Dan Carpenter <dan.carpenter(a)oracle.com> powerpc: Fix size calculation using resource_size() Jean-Philippe Brucker <jean-philippe.brucker(a)arm.com> net/9p: fix error path of p9_virtio_probe Jonas Gorski <jonas.gorski(a)gmail.com> irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP Aleh Filipovich <aleh(a)vaolix.com> platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 Guenter Roeck <linux(a)roeck-us.net> mfd: sm501: Set coherent_dma_mask when creating subdevices Tan Hu <tan.hu(a)zte.com.cn> ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() Andrey Ryabinin <aryabinin(a)virtuozzo.com> mm/fadvise.c: fix signed overflow UBSAN complaint Randy Dunlap <rdunlap(a)infradead.org> scripts: modpost: check memory allocation results OGAWA Hirofumi <hirofumi(a)mail.parknet.co.jp> fat: validate ->i_start before using Ernesto A. Fernández <ernesto.mnd.fernandez(a)gmail.com> hfsplus: fix NULL dereference in hfsplus_lookup() Arnd Bergmann <arnd(a)arndb.de> reiserfs: change j_timestamp type to time64_t Jann Horn <jannh(a)google.com> fork: don't copy inconsistent signal handler state to child Ernesto A. Fernández <ernesto.mnd.fernandez(a)gmail.com> hfs: prevent crash on exit from failed search Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: don't return 0 when fill_super() failed Ronnie Sahlberg <lsahlber(a)redhat.com> cifs: check if SMB2 PDU size has been padded and suppress the warning Alexey Kodanev <alexey.kodanev(a)oracle.com> vti6: remove !skb->ignore_df check from vti6_xmit() Florian Westphal <fw(a)strlen.de> tcp: do not restart timewait timer on rst reception Manish Chopra <manish.chopra(a)cavium.com> qlge: Fix netdev features configuration. Doug Berger <opendmb(a)gmail.com> net: bcmgenet: use MAC link status for fixed phy Greg Hackmann <ghackmann(a)android.com> staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free Michal Hocko <mhocko(a)suse.cz> x86/speculation/l1tf: Fix up pte->pfn conversion for PAE ------------- Diffstat: Makefile | 4 +- arch/arm/configs/imx_v6_v7_defconfig | 2 - arch/arm/include/asm/arch_gicv3.h | 1 + arch/powerpc/platforms/pseries/ras.c | 2 +- arch/powerpc/sysdev/mpic_msgr.c | 2 +- arch/s390/lib/mem.S | 9 ++- arch/x86/include/asm/pgtable-3level.h | 7 +- arch/x86/include/asm/pgtable.h | 2 +- drivers/irqchip/irq-bcm7038-l1.c | 4 ++ drivers/irqchip/irq-gic-v3-its.c | 34 ++++++---- drivers/irqchip/irq-gic.c | 2 +- drivers/md/dm-kcopyd.c | 2 + drivers/mfd/sm501.c | 1 + drivers/misc/mei/pci-me.c | 5 +- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 3 + drivers/net/ethernet/broadcom/genet/bcmmii.c | 10 ++- drivers/net/ethernet/cisco/enic/enic_main.c | 2 +- drivers/net/ethernet/qlogic/qlge/qlge_main.c | 23 +++---- drivers/pci/host/pci-mvebu.c | 2 +- drivers/platform/x86/asus-nb-wmi.c | 1 + drivers/s390/block/dasd_eckd.c | 7 +- drivers/scsi/aic94xx/aic94xx_init.c | 4 +- drivers/staging/android/ion/ion.c | 60 ++++++++++------- drivers/staging/comedi/drivers/ni_mio_common.c | 3 +- fs/btrfs/dev-replace.c | 6 ++ fs/btrfs/disk-io.c | 10 +-- fs/btrfs/extent-tree.c | 2 +- fs/btrfs/relocation.c | 23 ++++--- fs/cifs/cifs_debug.c | 8 +++ fs/cifs/smb2misc.c | 7 ++ fs/cifs/smb2pdu.c | 2 +- fs/dcache.c | 3 +- fs/fat/cache.c | 19 ++++-- fs/fat/fat.h | 5 ++ fs/fat/fatent.c | 6 +- fs/hfs/brec.c | 7 +- fs/hfsplus/dir.c | 4 +- fs/hfsplus/super.c | 4 +- fs/overlayfs/copy_up.c | 26 +------ fs/overlayfs/dir.c | 67 ++----------------- fs/overlayfs/overlayfs.h | 3 + fs/overlayfs/readdir.c | 93 ++++++++++++++++++++------ fs/overlayfs/super.c | 20 +++++- fs/reiserfs/reiserfs.h | 2 +- kernel/fork.c | 2 + kernel/irq/chip.c | 8 +-- lib/debugobjects.c | 7 +- mm/fadvise.c | 8 ++- mm/huge_memory.c | 2 +- net/9p/trans_virtio.c | 3 +- net/ipv4/tcp_minisocks.c | 3 +- net/ipv6/ip6_vti.c | 2 +- net/irda/af_irda.c | 13 +++- net/netfilter/ipvs/ip_vs_core.c | 15 +++-- net/sched/sch_hhf.c | 3 + net/sched/sch_htb.c | 5 +- net/sched/sch_multiq.c | 9 +-- net/sched/sch_netem.c | 4 +- net/sched/sch_tbf.c | 5 +- scripts/depmod.sh | 4 +- scripts/mod/modpost.c | 8 +-- sound/soc/codecs/wm8994.c | 1 + tools/testing/selftests/powerpc/harness.c | 18 +++-- 63 files changed, 369 insertions(+), 260 deletions(-)

6 years, 9 months

4
63
0 0

FAILED: patch "[PATCH] drm/i915: Increase LSPCON timeout" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 299c2a904b1e8d5096d4813df6371357d97a6cd1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fredrik=20Sch=C3=B6n?= <fredrikschon(a)gmail.com> Date: Fri, 17 Aug 2018 22:07:28 +0200 Subject: [PATCH] drm/i915: Increase LSPCON timeout MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 100 ms is not enough time for the LSPCON adapter on Intel NUC devices to settle. This causes dropped display modes at boot or screen reconfiguration. Empirical testing can reproduce the error up to a timeout of 190 ms. Basic boot and stress testing at 200 ms has not (yet) failed. Increase timeout to 400 ms to get some margin of error. Changes from v1: The initial suggestion of 1000 ms was lowered due to concerns about delaying valid timeout cases. Update patch metadata. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107503 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1570392 Fixes: 357c0ae9198a ("drm/i915/lspcon: Wait for expected LSPCON mode to settle") Cc: Shashank Sharma <shashank.sharma(a)intel.com> Cc: Imre Deak <imre.deak(a)intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: <stable(a)vger.kernel.org> # v4.11+ Reviewed-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Reviewed-by: Shashank Sharma <shashank.sharma(a)intel.com> Signed-off-by: Fredrik Schön <fredrik.schon(a)gmail.com> Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180817200728.8154-1-fredrik… (cherry picked from commit 59f1c8ab30d6f9042562949f42cbd3f3cf69de94) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/intel_lspcon.c b/drivers/gpu/drm/i915/intel_lspcon.c index 5dae16ccd9f1..3e085c5f2b81 100644 --- a/drivers/gpu/drm/i915/intel_lspcon.c +++ b/drivers/gpu/drm/i915/intel_lspcon.c @@ -74,7 +74,7 @@ static enum drm_lspcon_mode lspcon_wait_mode(struct intel_lspcon *lspcon, DRM_DEBUG_KMS("Waiting for LSPCON mode %s to settle\n", lspcon_mode_name(mode)); - wait_for((current_mode = lspcon_get_current_mode(lspcon)) == mode, 100); + wait_for((current_mode = lspcon_get_current_mode(lspcon)) == mode, 400); if (current_mode != mode) DRM_ERROR("LSPCON mode hasn't settled\n");

6 years, 9 months

4
3
0 0

[PATCH] serial: cpm_uart: return immediately from console poll

by Christophe Leroy

kgdb expects poll function to return immediately and returning NO_POLL_CHAR when no character is available. Fixes: f5316b4aea024 ("kgdb,8250,pl011: Return immediately from console poll") Cc: Jason Wessel <jason.wessel(a)windriver.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> --- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/tty/serial/cpm_uart/cpm_uart_core.c b/drivers/tty/serial/cpm_uart/cpm_uart_core.c index cd3f3fc4e0a5..280acc4dfa90 100644 --- a/drivers/tty/serial/cpm_uart/cpm_uart_core.c +++ b/drivers/tty/serial/cpm_uart/cpm_uart_core.c @@ -1093,8 +1093,8 @@ static int poll_wait_key(char *obuf, struct uart_cpm_port *pinfo) /* Get the address of the host memory buffer. */ bdp = pinfo->rx_cur; - while (bdp->cbd_sc & BD_SC_EMPTY) - ; + if (bdp->cbd_sc & BD_SC_EMPTY) + return NO_POLL_CHAR; /* If the buffer address is in the CPM DPRAM, don't * convert it. @@ -1129,7 +1129,11 @@ static int cpm_get_poll_char(struct uart_port *port) poll_chars = 0; } if (poll_chars <= 0) { - poll_chars = poll_wait_key(poll_buf, pinfo); + int ret = poll_wait_key(poll_buf, pinfo); + + if (ret == NO_POLL_CHAR) + return ret; + poll_chars = ret; pollp = poll_buf; } poll_chars--; -- 2.13.3

6 years, 9 months

1
0
0 0

[PATCH] gpiolib: fix freeing of descriptors on error

by Jim Paris

When the main loop in linehandle_create() encounters an error, it fails to free one of the previously-requested GPIO descriptors. This renders the unfreed GPIO unusable until reboot, and leaves its label pointing to free'd kernel memory. Cc: stable(a)vger.kernel.org Fixes: ab3dbcf78f60 ("gpioib: do not free unrequested descriptors") Signed-off-by: Jim Paris <jim(a)jtan.com> --- drivers/gpio/gpiolib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index e8f8a1999393..a57300c1d649 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -571,7 +571,7 @@ static int linehandle_create(struct gpio_device *gdev, void __user *ip) if (ret) goto out_free_descs; lh->descs[i] = desc; - count = i; + count = i + 1; if (lflags & GPIOHANDLE_REQUEST_ACTIVE_LOW) set_bit(FLAG_ACTIVE_LOW, &desc->flags); -- 2.18.0

6 years, 9 months

3
2
0 0

[PATCH] crypto: x86/aegis,morus - Do not require OSXSAVE for SSE2

by Ondrej Mosnacek

It turns out OSXSAVE needs to be checked only for AVX, not for SSE. Without this patch the affected modules refuse to load on CPUs with SSE2 but without AVX support. Fixes: 877ccce7cbe8 ("crypto: x86/aegis,morus - Fix and simplify CPUID checks") Cc: <stable(a)vger.kernel.org> # 4.18 Reported-by: Zdenek Kaspar <zkaspar82(a)gmail.com> Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- arch/x86/crypto/aegis128-aesni-glue.c | 1 - arch/x86/crypto/aegis128l-aesni-glue.c | 1 - arch/x86/crypto/aegis256-aesni-glue.c | 1 - arch/x86/crypto/morus1280-sse2-glue.c | 1 - arch/x86/crypto/morus640-sse2-glue.c | 1 - 5 files changed, 5 deletions(-) NOTE: This patch doesn't apply to the current crypto-2.6 tree [1], since it is based on v4.18-rc7, which doesn't contain the commit this patch is fixing. It needs to merge in the v4.18 tag before this patch can be applied. Thanks, Ondrej [1] https://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git/ diff --git a/arch/x86/crypto/aegis128-aesni-glue.c b/arch/x86/crypto/aegis128-aesni-glue.c index acd11b3bf639..2a356b948720 100644 --- a/arch/x86/crypto/aegis128-aesni-glue.c +++ b/arch/x86/crypto/aegis128-aesni-glue.c @@ -379,7 +379,6 @@ static int __init crypto_aegis128_aesni_module_init(void) { if (!boot_cpu_has(X86_FEATURE_XMM2) || !boot_cpu_has(X86_FEATURE_AES) || - !boot_cpu_has(X86_FEATURE_OSXSAVE) || !cpu_has_xfeatures(XFEATURE_MASK_SSE, NULL)) return -ENODEV; diff --git a/arch/x86/crypto/aegis128l-aesni-glue.c b/arch/x86/crypto/aegis128l-aesni-glue.c index 2071c3d1ae07..dbe8bb980da1 100644 --- a/arch/x86/crypto/aegis128l-aesni-glue.c +++ b/arch/x86/crypto/aegis128l-aesni-glue.c @@ -379,7 +379,6 @@ static int __init crypto_aegis128l_aesni_module_init(void) { if (!boot_cpu_has(X86_FEATURE_XMM2) || !boot_cpu_has(X86_FEATURE_AES) || - !boot_cpu_has(X86_FEATURE_OSXSAVE) || !cpu_has_xfeatures(XFEATURE_MASK_SSE, NULL)) return -ENODEV; diff --git a/arch/x86/crypto/aegis256-aesni-glue.c b/arch/x86/crypto/aegis256-aesni-glue.c index b5f2a8fd5a71..8bebda2de92f 100644 --- a/arch/x86/crypto/aegis256-aesni-glue.c +++ b/arch/x86/crypto/aegis256-aesni-glue.c @@ -379,7 +379,6 @@ static int __init crypto_aegis256_aesni_module_init(void) { if (!boot_cpu_has(X86_FEATURE_XMM2) || !boot_cpu_has(X86_FEATURE_AES) || - !boot_cpu_has(X86_FEATURE_OSXSAVE) || !cpu_has_xfeatures(XFEATURE_MASK_SSE, NULL)) return -ENODEV; diff --git a/arch/x86/crypto/morus1280-sse2-glue.c b/arch/x86/crypto/morus1280-sse2-glue.c index 95cf857d2cbb..f40244eaf14d 100644 --- a/arch/x86/crypto/morus1280-sse2-glue.c +++ b/arch/x86/crypto/morus1280-sse2-glue.c @@ -40,7 +40,6 @@ MORUS1280_DECLARE_ALGS(sse2, "morus1280-sse2", 350); static int __init crypto_morus1280_sse2_module_init(void) { if (!boot_cpu_has(X86_FEATURE_XMM2) || - !boot_cpu_has(X86_FEATURE_OSXSAVE) || !cpu_has_xfeatures(XFEATURE_MASK_SSE, NULL)) return -ENODEV; diff --git a/arch/x86/crypto/morus640-sse2-glue.c b/arch/x86/crypto/morus640-sse2-glue.c index 615fb7bc9a32..9afaf8f8565a 100644 --- a/arch/x86/crypto/morus640-sse2-glue.c +++ b/arch/x86/crypto/morus640-sse2-glue.c @@ -40,7 +40,6 @@ MORUS640_DECLARE_ALGS(sse2, "morus640-sse2", 400); static int __init crypto_morus640_sse2_module_init(void) { if (!boot_cpu_has(X86_FEATURE_XMM2) || - !boot_cpu_has(X86_FEATURE_OSXSAVE) || !cpu_has_xfeatures(XFEATURE_MASK_SSE, NULL)) return -ENODEV; -- 2.17.1

6 years, 9 months

2
1
0 0

[PATCH stable 4.4 0/9] fix SegmentSmack in stable branch (CVE-2018-5390)

by Mao Wenan

There are five patches to fix CVE-2018-5390 in latest mainline branch, but only two patches exist in stable 4.4 and 3.18: dc6ae4d tcp: detect malicious patterns in tcp_collapse_ofo_queue() 5fbec48 tcp: avoid collapses in tcp_prune_queue() if possible I have tested with stable 4.4 kernel, and found the cpu usage was very high. So I think only two patches can't fix the CVE-2018-5390. test results: with fix patch： 78.2% ksoftirqd withoutfix patch： 90% ksoftirqd Then I try to imitate 72cd43ba(tcp: free batches of packets in tcp_prune_ofo_queue()) to drop at least 12.5 % of sk_rcvbuf to avoid malicious attacks with simple queue instead of RB tree. The result is not very well. After analysing the codes of stable 4.4, and debuging the system, shows that search of ofo_queue(tcp ofo using a simple queue) cost more cycles. So I try to backport "tcp: use an RB tree for ooo receive queue" using RB tree instead of simple queue, then backport Eric Dumazet 5 fixed patches in mainline, good news is that ksoftirqd is turn to about 20%, which is the same with mainline now. Stable 4.4 have already back port two patches, f4a3313d(tcp: avoid collapses in tcp_prune_queue() if possible) 3d4bf93a(tcp: detect malicious patterns in tcp_collapse_ofo_queue()) If we want to change simple queue to RB tree to finally resolve, we should apply previous patch 9f5afeae(tcp: use an RB tree for ooo receive queue.) firstly, but 9f5afeae have many conflicts with 3d4bf93a and f4a3313d, which are part of patch series from Eric in mainline to fix CVE-2018-5390, so I need revert part of patches in stable 4.4 firstly, then apply 9f5afeae, and reapply five patches from Eric. Eric Dumazet (6): tcp: increment sk_drops for dropped rx packets tcp: free batches of packets in tcp_prune_ofo_queue() tcp: avoid collapses in tcp_prune_queue() if possible tcp: detect malicious patterns in tcp_collapse_ofo_queue() tcp: call tcp_drop() from tcp_data_queue_ofo() tcp: add tcp_ooo_try_coalesce() helper Mao Wenan (2): Revert "tcp: detect malicious patterns in tcp_collapse_ofo_queue()" Revert "tcp: avoid collapses in tcp_prune_queue() if possible" Yaogong Wang (1): tcp: use an RB tree for ooo receive queue include/linux/skbuff.h | 8 + include/linux/tcp.h | 7 +- include/net/sock.h | 7 + include/net/tcp.h | 2 +- net/core/skbuff.c | 19 +++ net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 412 +++++++++++++++++++++++++++++------------------ net/ipv4/tcp_ipv4.c | 3 +- net/ipv4/tcp_minisocks.c | 1 - net/ipv6/tcp_ipv6.c | 1 + 10 files changed, 294 insertions(+), 170 deletions(-) -- 1.8.3.1

6 years, 9 months

5
27
0 0

[linux-stable-rc:linux-4.4.y] vmw_balloon: include asm/io.h

by Nadav Amit

Fix a build error due to missing virt_to_phys() Fixes: f0a1bf29d821b ("vmw_balloon: fix inflation with batching") Cc: stable(a)vger.kernel.org Cc: Xavier Deguillard <xdeguillard(a)vmware.com> Signed-off-by: Nadav Amit <namit(a)vmware.com> --- drivers/misc/vmw_balloon.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c index 518e2dec2aa2..5e9122cd3898 100644 --- a/drivers/misc/vmw_balloon.c +++ b/drivers/misc/vmw_balloon.c @@ -45,6 +45,7 @@ #include <linux/seq_file.h> #include <linux/vmw_vmci_defs.h> #include <linux/vmw_vmci_api.h> +#include <linux/io.h> #include <asm/hypervisor.h> MODULE_AUTHOR("VMware, Inc."); -- 2.17.1

6 years, 9 months

2
2
0 0

[linux-stable-rc:linux-4.4.y v2] vmw_balloon: include asm/io.h

by Nadav Amit

Fix a build error due to missing virt_to_phys() Reported-by: kbuild test robot <lkp(a)intel.com> Fixes: f0a1bf29d821b ("vmw_balloon: fix inflation with batching") Cc: stable(a)vger.kernel.org Cc: Xavier Deguillard <xdeguillard(a)vmware.com> Signed-off-by: Nadav Amit <namit(a)vmware.com> --- drivers/misc/vmw_balloon.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c index 518e2dec2aa2..5e9122cd3898 100644 --- a/drivers/misc/vmw_balloon.c +++ b/drivers/misc/vmw_balloon.c @@ -45,6 +45,7 @@ #include <linux/seq_file.h> #include <linux/vmw_vmci_defs.h> #include <linux/vmw_vmci_api.h> +#include <linux/io.h> #include <asm/hypervisor.h> MODULE_AUTHOR("VMware, Inc."); -- 2.17.1

6 years, 9 months

1
0
0 0

[PATCH] xen/netfront: don't bug in case of too many frags

by Juergen Gross

Commit 57f230ab04d291 ("xen/netfront: raise max number of slots in xennet_get_responses()") raised the max number of allowed slots by one. This seems to be problematic in some configurations with netback using a larger MAX_SKB_FRAGS value (e.g. old Linux kernel with MAX_SKB_FRAGS defined as 18 instead of nowadays 17). Instead of BUG_ON() in this case just fall back to retransmission. Fixes: 57f230ab04d291 ("xen/netfront: raise max number of slots in xennet_get_responses()") Cc: stable(a)vger.kernel.org Signed-off-by: Juergen Gross <jgross(a)suse.com> --- drivers/net/xen-netfront.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c index 9407acbd19a9..f17f602e6171 100644 --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -908,7 +908,11 @@ static RING_IDX xennet_fill_frags(struct netfront_queue *queue, BUG_ON(pull_to <= skb_headlen(skb)); __pskb_pull_tail(skb, pull_to - skb_headlen(skb)); } - BUG_ON(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS); + if (unlikely(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS)) { + queue->rx.rsp_cons = ++cons; + kfree_skb(nskb); + return ~0U; + } skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, skb_frag_page(nfrag), @@ -1045,6 +1049,8 @@ static int xennet_poll(struct napi_struct *napi, int budget) skb->len += rx->status; i = xennet_fill_frags(queue, skb, &tmpq); + if (unlikely(i == ~0U)) + goto err; if (rx->flags & XEN_NETRXF_csum_blank) skb->ip_summed = CHECKSUM_PARTIAL; -- 2.16.4

6 years, 9 months

2
1
0 0

[PATCH] ALSA: oxfw: fix memory leak of private data

by Takashi Sakamoto

Although private data of sound card instance is usually allocated in the tail of the instance, drivers in ALSA firewire stack allocate the private data before allocating the instance. In this case, the private data should be released explicitly at .private_free callback of the instance. This commit fixes memory leak following to the above design. Fixes: 6c29230e2a5f ('ALSA: oxfw: delayed registration of sound card') Cc: <stable(a)vger.kernel.org> # v4.7+ Signed-off-by: Takashi Sakamoto <o-takashi(a)sakamocchi.jp> --- sound/firewire/oxfw/oxfw.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/firewire/oxfw/oxfw.c b/sound/firewire/oxfw/oxfw.c index 1e5b2c802635..fd34ef2ac679 100644 --- a/sound/firewire/oxfw/oxfw.c +++ b/sound/firewire/oxfw/oxfw.c @@ -130,6 +130,7 @@ static void oxfw_free(struct snd_oxfw *oxfw) kfree(oxfw->spec); mutex_destroy(&oxfw->mutex); + kfree(oxfw); } /* -- 2.17.1

6 years, 9 months

2
1
0 0

[PATCH] ALSA: firewire-tascam: fix memory leak of private data

by Takashi Sakamoto

Although private data of sound card instance is usually allocated in the tail of the instance, drivers in ALSA firewire stack allocate the private data before allocating the instance. In this case, the private data should be released explicitly at .private_free callback of the instance. This commit fixes memory leak following to the above design. Fixes: b610386c8afb ('ALSA: firewire-tascam: deleyed registration of sound card') Cc: <stable(a)vger.kernel.org> # v4.7+ Signed-off-by: Takashi Sakamoto <o-takashi(a)sakamocchi.jp> --- sound/firewire/tascam/tascam.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/firewire/tascam/tascam.c b/sound/firewire/tascam/tascam.c index 44ad41fb7374..d3fdc463a884 100644 --- a/sound/firewire/tascam/tascam.c +++ b/sound/firewire/tascam/tascam.c @@ -93,6 +93,7 @@ static void tscm_free(struct snd_tscm *tscm) fw_unit_put(tscm->unit); mutex_destroy(&tscm->mutex); + kfree(tscm); } static void tscm_card_free(struct snd_card *card) -- 2.17.1

6 years, 9 months

2
1
0 0

[PATCH] ALSA: firewire-digi00x: fix memory leak of private data

by Takashi Sakamoto

Although private data of sound card instance is usually allocated in the tail of the instance, drivers in ALSA firewire stack allocate the private data before allocating the instance. In this case, the private data should be released explicitly at .private_free callback of the instance. This commit fixes memory leak following to the above design. Fixes: 86c8dd7f4da3 ('ALSA: firewire-digi00x: delayed registration of sound card') Cc: <stable(a)vger.kernel.org> # v4.7+ Signed-off-by: Takashi Sakamoto <o-takashi(a)sakamocchi.jp> --- sound/firewire/digi00x/digi00x.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/firewire/digi00x/digi00x.c b/sound/firewire/digi00x/digi00x.c index 1f5e1d23f31a..ef689997d6a5 100644 --- a/sound/firewire/digi00x/digi00x.c +++ b/sound/firewire/digi00x/digi00x.c @@ -49,6 +49,7 @@ static void dg00x_free(struct snd_dg00x *dg00x) fw_unit_put(dg00x->unit); mutex_destroy(&dg00x->mutex); + kfree(dg00x); } static void dg00x_card_free(struct snd_card *card) -- 2.17.1

6 years, 9 months

2
1
0 0

[stable PATCH 1/2] arm64: Fix mismatched cache line size detection

by Suzuki K Poulose

commit 4c4a39dd5fe2d13e2d2fa5fceb8ef95d19fc389a upstream If there is a mismatch in the I/D min line size, we must always use the system wide safe value both in applications and in the kernel, while performing cache operations. However, we have been checking more bits than just the min line sizes, which triggers false negatives. We may need to trap the user accesses in such cases, but not necessarily patch the kernel. This patch fixes the check to do the right thing as advertised. A new capability will be added to check mismatches in other fields and ensure we trap the CTR accesses. Fixes: be68a8aaf925 ("arm64: cpufeature: Fix CTR_EL0 field definitions") Cc: <stable(a)vger.kernel.org> # v4.9 Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Reported-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> --- arch/arm64/include/asm/cachetype.h | 5 +++++ arch/arm64/kernel/cpu_errata.c | 7 +++++-- arch/arm64/kernel/cpufeature.c | 4 ++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/arch/arm64/include/asm/cachetype.h b/arch/arm64/include/asm/cachetype.h index f558869..877d478 100644 --- a/arch/arm64/include/asm/cachetype.h +++ b/arch/arm64/include/asm/cachetype.h @@ -22,6 +22,11 @@ #define CTR_L1IP_MASK 3 #define CTR_CWG_SHIFT 24 #define CTR_CWG_MASK 15 +#define CTR_DMINLINE_SHIFT 16 +#define CTR_IMINLINE_SHIFT 0 + +#define CTR_CACHE_MINLINE_MASK \ + ((0xf << CTR_DMINLINE_SHIFT) | (0xf << CTR_IMINLINE_SHIFT)) #define ICACHE_POLICY_RESERVED 0 #define ICACHE_POLICY_AIVIVT 1 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 1db97ad..fe604bb 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -17,6 +17,7 @@ */ #include <linux/types.h> +#include <asm/cachetype.h> #include <asm/cpu.h> #include <asm/cputype.h> #include <asm/cpufeature.h> @@ -34,9 +35,11 @@ static bool has_mismatched_cache_line_size(const struct arm64_cpu_capabilities *entry, int scope) { + u64 mask = CTR_CACHE_MINLINE_MASK; + WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); - return (read_cpuid_cachetype() & arm64_ftr_reg_ctrel0.strict_mask) != - (arm64_ftr_reg_ctrel0.sys_val & arm64_ftr_reg_ctrel0.strict_mask); + return (read_cpuid_cachetype() & mask) != + (arm64_ftr_reg_ctrel0.sys_val & mask); } static int cpu_enable_trap_ctr_access(void *__unused) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index ab15747..a3ab7df 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -152,7 +152,7 @@ static const struct arm64_ftr_bits ftr_ctr[] = { ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 28, 3, 0), ARM64_FTR_BITS(FTR_STRICT, FTR_HIGHER_SAFE, 24, 4, 0), /* CWG */ ARM64_FTR_BITS(FTR_STRICT, FTR_LOWER_SAFE, 20, 4, 0), /* ERG */ - ARM64_FTR_BITS(FTR_STRICT, FTR_LOWER_SAFE, 16, 4, 1), /* DminLine */ + ARM64_FTR_BITS(FTR_STRICT, FTR_LOWER_SAFE, CTR_DMINLINE_SHIFT, 4, 1), /* * Linux can handle differing I-cache policies. Userspace JITs will * make use of *minLine. @@ -160,7 +160,7 @@ static const struct arm64_ftr_bits ftr_ctr[] = { */ ARM64_FTR_BITS(FTR_NONSTRICT, FTR_EXACT, 14, 2, ICACHE_POLICY_AIVIVT), /* L1Ip */ ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 4, 10, 0), /* RAZ */ - ARM64_FTR_BITS(FTR_STRICT, FTR_LOWER_SAFE, 0, 4, 0), /* IminLine */ + ARM64_FTR_BITS(FTR_STRICT, FTR_LOWER_SAFE, CTR_IMINLINE_SHIFT, 4, 0), ARM64_FTR_END, }; -- 2.7.4

6 years, 9 months

4
6
0 0

[PATCH v2 for-4.9.y 0/5] net/sched: init failure fixes

by Amit Pundir

Hi Greg, Kindly consider/review following net/sched fixes for stable 4.9.y. This patchset is a follow-up of upstream fix 87b60cfacf9f ("net_sched: fix error recovery at qdisc creation") cherry-picked on stable 4.9.y. It fix null pointer dereferences due to uninitialized timer (qdisc watchdog) or double frees due to ->destroy cleaning up a second time. Here is the original submission https://www.mail-archive.com/netdev@vger.kernel.org/msg186003.html Cherry-picked and build tested on Linux 4.9.123 for ARCH=x86_64. These fixes are applicable for stable 4.4.y kernel as well, but one of the patches needed a minor rebasing, so I'm resending this series for 4.4.y in a separate thread to avoid any confusion. Regards, Amit Pundir Change since v1: Rebased "sch_multiq: fix double free on init failure" patch and fixed "unused variable" build warning. Nikolay Aleksandrov (5): sch_htb: fix crash on init failure sch_multiq: fix double free on init failure sch_hhf: fix null pointer dereference on init failure sch_netem: avoid null pointer deref on init failure sch_tbf: fix two null pointer dereferences on init failure net/sched/sch_hhf.c | 3 +++ net/sched/sch_htb.c | 5 +++-- net/sched/sch_multiq.c | 9 ++------- net/sched/sch_netem.c | 4 ++-- net/sched/sch_tbf.c | 5 +++-- 5 files changed, 13 insertions(+), 13 deletions(-) -- 2.7.4

6 years, 9 months

2
6
0 0

[PATCH 4.4 0/3] Fix read-only issue with non-empty workdir

by SZ Lin (林上智)

Hi, This patch series fixes read-only issue when non-empty workdir occurred in overlayfs, the non-empty workdir could be easily reproduced in power-failure test during write operations. These patches have passed basic test in unionmount-testsuite. Antonio Murdaca (1): ovl: override creds with the ones from the superblock mounter Miklos Szeredi (2): ovl: rename is_merge to is_lowest ovl: proper cleanup of workdir fs/overlayfs/copy_up.c | 26 +---------- fs/overlayfs/dir.c | 67 +++-------------------------- fs/overlayfs/overlayfs.h | 3 ++ fs/overlayfs/readdir.c | 93 +++++++++++++++++++++++++++++++--------- fs/overlayfs/super.c | 20 ++++++++- 5 files changed, 100 insertions(+), 109 deletions(-) -- 2.18.0

6 years, 9 months

2
4
0 0

[PATCH 4.4 0/6] irqchip fixes for stable 4.4

by Hanjun Guo

From: Hanjun Guo <hanjun.guo(a)linaro.org> Hi Greg, When I was migrating the kernel from 4.1 to 4.4, I found some irqchip (and one genirq) bugfix patches are missing in 4.4, please take a look and consider apply them. Thanks Hanjun Marc Zyngier (3): irqchip/gic-v3-its: Recompute the number of pages on page size change irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar() irqchip/gic: Make interrupt ID 1020 invalid Shanker Donthineni (2): irqchip/gicv3-its: Fix memory leak in its_free_tables() irqchip/gicv3-its: Avoid cache flush beyond ITS_BASERn memory size Sudeep Holla (1): genirq: Delay incrementing interrupt count if it's disabled/pending arch/arm/include/asm/arch_gicv3.h | 1 + drivers/irqchip/irq-gic-v3-its.c | 34 ++++++++++++++++++++++------------ drivers/irqchip/irq-gic.c | 2 +- kernel/irq/chip.c | 8 ++++---- 4 files changed, 28 insertions(+), 17 deletions(-) -- 1.7.12.4

6 years, 9 months

2
10
0 0

[PATCH 1/2] USB: serial: option: improve Quectel EP06 detection

by Johan Hovold

From: Kristian Evensen <kristian.evensen(a)gmail.com> The Quectel EP06 (and EM06/EG06) LTE modem supports updating the USB configuration, without the VID/PID or configuration number changing. When the configuration is updated and interfaces are added/removed, the interface numbers are updated. This causes our current code for matching EP06 not to work as intended, as the assumption about reserved interfaces no longer holds. If for example the diagnostic (first) interface is removed, option will (try to) bind to the QMI interface. This patch improves EP06 detection by replacing the current match with two matches, and those matches check class, subclass and protocol as well as VID and PID. The diag interface exports class, subclass and protocol as 0xff. For the other serial interfaces, class is 0xff and subclass and protocol are both 0x0. The modem can export the following devices and always in this order: diag, nmea, at, ppp. qmi and adb. This means that diag can only ever be interface 0, and interface numbers 1-5 should be marked as reserved. The three other serial devices can have interface numbers 0-3, but I have not marked any interfaces as reserved. The reason is that the serial devices are the only interfaces exported by the device where subclass and protocol is 0x0. QMI exports the same class, subclass and protocol values as the diag interface. However, the two interfaces have different number of endpoints, QMI has three and diag two. I have added a check for number of interfaces if VID/PID matches the EP06, and we ignore the device if number of interfaces equals three (and subclass is set). Signed-off-by: Kristian Evensen <kristian.evensen(a)gmail.com> Acked-by: Dan Williams <dcbw(a)redhat.com> [ johan: drop uneeded RSVD(5) for ADB ] Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/option.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 0215b70c4efc..382feafbd127 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1081,8 +1081,9 @@ static const struct usb_device_id option_ids[] = { .driver_info = RSVD(4) }, { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_BG96), .driver_info = RSVD(4) }, - { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06), - .driver_info = RSVD(4) | RSVD(5) }, + { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0xff, 0xff), + .driver_info = RSVD(1) | RSVD(2) | RSVD(3) | RSVD(4) }, + { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EP06, 0xff, 0, 0) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6001) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_CMU_300) }, { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6003), @@ -1985,6 +1986,7 @@ static int option_probe(struct usb_serial *serial, { struct usb_interface_descriptor *iface_desc = &serial->interface->cur_altsetting->desc; + struct usb_device_descriptor *dev_desc = &serial->dev->descriptor; unsigned long device_flags = id->driver_info; /* Never bind to the CD-Rom emulation interface */ @@ -1999,6 +2001,18 @@ static int option_probe(struct usb_serial *serial, if (device_flags & RSVD(iface_desc->bInterfaceNumber)) return -ENODEV; + /* + * Don't bind to the QMI device of the Quectel EP06/EG06/EM06. Class, + * subclass and protocol is 0xff for both the diagnostic port and the + * QMI interface, but the diagnostic port only has two endpoints (QMI + * has three). + */ + if (dev_desc->idVendor == cpu_to_le16(QUECTEL_VENDOR_ID) && + dev_desc->idProduct == cpu_to_le16(QUECTEL_PRODUCT_EP06) && + iface_desc->bInterfaceSubClass && iface_desc->bNumEndpoints == 3) { + return -ENODEV; + } + /* Store the device flags so we can use them during attach. */ usb_set_serial_data(serial, (void *)device_flags); -- 2.19.0

6 years, 9 months

1
1
0 0

[PATCH v4 1/4] crypto: lrw - Fix out-of bounds access on counter overflow

by Ondrej Mosnacek

When the LRW block counter overflows, the current implementation returns 128 as the index to the precomputed multiplication table, which has 128 entries. This patch fixes it to return the correct value (127). Fixes: 64470f1b8510 ("[CRYPTO] lrw: Liskov Rivest Wagner, a tweakable narrow block cipher mode") Cc: <stable(a)vger.kernel.org> # 2.6.20+ Reported-by: Eric Biggers <ebiggers(a)kernel.org> Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- crypto/lrw.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/lrw.c b/crypto/lrw.c index 393a782679c7..5504d1325a56 100644 --- a/crypto/lrw.c +++ b/crypto/lrw.c @@ -143,7 +143,12 @@ static inline int get_index128(be128 *block) return x + ffz(val); } - return x; + /* + * If we get here, then x == 128 and we are incrementing the counter + * from all ones to all zeros. This means we must return index 127, i.e. + * the one corresponding to key2*{ 1,...,1 }. + */ + return 127; } static int post_crypt(struct skcipher_request *req) -- 2.17.1

6 years, 9 months

1
0
0 0

[4.14.y] request commit 94a5d8790e79 ("arm64: cpu_errata: include required headers")

by Jisheng Zhang

Hi Greg, I think we missed the commit 94a5d8790e79 ("arm64: cpu_errata: include required headers"), could you please include it in next stable release? Thanks, Jisheng

6 years, 9 months

3
5
0 0

WTF: patch "[PATCH] x86: kvm: avoid unused variable warning" was seriously submitted to be applied to the 4.18-stable tree?

by gregkh＠linuxfoundation.org

The patch below was submitted to be applied to the 4.18-stable tree. I fail to see how this patch meets the stable kernel rules as found at Documentation/process/stable-kernel-rules.rst. I could be totally wrong, and if so, please respond to <stable(a)vger.kernel.org> and let me know why this patch should be applied. Otherwise, it is now dropped from my patch queues, never to be seen again. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 7288bde1f9df6c1475675419bdd7725ce84dec56 Mon Sep 17 00:00:00 2001 From: Arnd Bergmann <arnd(a)arndb.de> Date: Mon, 20 Aug 2018 23:37:50 +0200 Subject: [PATCH] x86: kvm: avoid unused variable warning Removing one of the two accesses of the maxphyaddr variable led to a harmless warning: arch/x86/kvm/x86.c: In function 'kvm_set_mmio_spte_mask': arch/x86/kvm/x86.c:6563:6: error: unused variable 'maxphyaddr' [-Werror=unused-variable] Removing the #ifdef seems to be the nicest workaround, as it makes the code look cleaner than adding another #ifdef. Fixes: 28a1f3ac1d0c ("kvm: x86: Set highest physical address bits in non-present/reserved SPTEs") Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Cc: stable(a)vger.kernel.org # L1TF Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index f7dff0457846..14ee9a814888 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -6576,14 +6576,12 @@ static void kvm_set_mmio_spte_mask(void) /* Set the present bit. */ mask |= 1ull; -#ifdef CONFIG_X86_64 /* * If reserved bit is not supported, clear the present bit to disable * mmio page fault. */ - if (maxphyaddr == 52) + if (IS_ENABLED(CONFIG_X86_64) && maxphyaddr == 52) mask &= ~1ull; -#endif kvm_mmu_set_mmio_spte_mask(mask, mask); }

6 years, 9 months

5
4
0 0

[PATCH 4.4 00/80] 4.4.154-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.154 release. There are 80 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed Sep 5 16:49:18 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.154-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.154-rc1 Scott Bauer <scott.bauer(a)intel.com> cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status Mike Christie <mchristi(a)redhat.com> iscsi target: fix session creation failure handling Bart Van Assche <bart.vanassche(a)wdc.com> scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock Bart Van Assche <bart.vanassche(a)wdc.com> scsi: sysfs: Introduce sysfs_{un,}break_active_protection() Paul Burton <paul.burton(a)mips.com> MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7 Maciej W. Rozycki <macro(a)mips.com> MIPS: Correct the 64-bit DSP accumulator register size Masami Hiramatsu <mhiramat(a)kernel.org> kprobes: Make list and blacklist root user read only Sebastian Ott <sebott(a)linux.ibm.com> s390/pci: fix out of bounds access during irq setup Julian Wiedmann <jwi(a)linux.ibm.com> s390/qdio: reset old sbal_state flags Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390: fix br_r1_trampoline for machines without exrl Andi Kleen <ak(a)linux.intel.com> x86/spectre: Add missing family 6 check to microcode check Nick Desaulniers <ndesaulniers(a)google.com> x86/irqflags: Mark native_restore_fl extern inline Dan Carpenter <dan.carpenter(a)oracle.com> pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() Gustavo A. R. Silva <gustavo(a)embeddedor.com> ASoC: sirf: Fix potential NULL pointer dereference Jerome Brunet <jbrunet(a)baylibre.com> ASoC: dpcm: don't merge format from invalid codec dai Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: fix crash due to uninitialized memory Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: handle allocation failure Mikulas Patocka <mpatocka(a)redhat.com> udl-kms: change down_interruptible to down Kirill Tkhai <ktkhai(a)virtuozzo.com> fuse: Add missed unlock_page() to fuse_readpages_fill() Miklos Szeredi <mszeredi(a)redhat.com> fuse: Fix oops at process_init_reply() Miklos Szeredi <mszeredi(a)redhat.com> fuse: umount should wait for all requests Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix unlocked access to processing queue Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix double request_end() Andrey Ryabinin <aryabinin(a)virtuozzo.com> fuse: Don't access pipe->buffers without pipe_lock() Rian Hunter <rian(a)alum.mit.edu> x86/process: Re-export start_thread() Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Suggest what to do on systems with too much RAM Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM Vlastimil Babka <vbabka(a)suse.cz> x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit Punit Agrawal <punit.agrawal(a)arm.com> KVM: arm/arm64: Skip updating PMD entry if no change Punit Agrawal <punit.agrawal(a)arm.com> KVM: arm/arm64: Skip updating PTE entry if no change Greg Hackmann <ghackmann(a)android.com> arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() Eric Sandeen <sandeen(a)redhat.com> ext4: reset error code in ext4_find_entry in fallback Arnd Bergmann <arnd(a)arndb.de> ext4: sysfs: print ext4_super_block fields as little-endian Theodore Ts'o <tytso(a)mit.edu> ext4: check for NUL characters in extended attribute's name Claudio Imbrenda <imbrenda(a)linux.vnet.ibm.com> s390/kvm: fix deadlock when killed by oom Josef Bacik <josef(a)toxicpanda.com> btrfs: don't leak ret from do_chunk_alloc Steve French <stfrench(a)microsoft.com> smb3: don't request leases in symlink creation and query Steve French <stfrench(a)microsoft.com> smb3: Do not send SMB3 SET_INFO if nothing changed Nicholas Mc Guire <hofrat(a)osadl.org> cifs: check kmalloc before use Steve French <stfrench(a)microsoft.com> cifs: add missing debug entries for kconfig options jie@chenjie6@huwei.com <jie@chenjie6@huwei.com> mm/memory.c: check return value of ioremap_prot Jim Gill <jgill(a)vmware.com> scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED Johannes Thumshirn <jthumshirn(a)suse.de> scsi: fcoe: drop frames in ELS LOGO error path Colin Ian King <colin.king(a)canonical.com> drivers: net: lmc: fix case value for target abort error Randy Dunlap <rdunlap(a)infradead.org> arc: fix type warnings in arc/mm/cache.c Randy Dunlap <rdunlap(a)infradead.org> arc: fix build errors in arc/include/asm/delay.h Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: handle mtu change for vf properly Rafał Miłecki <rafal(a)milecki.pl> Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" Calvin Walton <calvin.walton(a)kepstin.ca> tools/power turbostat: Read extended processor family from CPUID Li Wang <liwang(a)redhat.com> zswap: re-check zswap_is_full() after do zswap_shrink() Masami Hiramatsu <mhiramat(a)kernel.org> selftests/ftrace: Add snapshot and tracing_on test case Kiran Kumar Modukuri <kiran.modukuri(a)gmail.com> cachefiles: Wait rather than BUG'ing on "Unexpected object collision" Kiran Kumar Modukuri <kiran.modukuri(a)gmail.com> cachefiles: Fix refcounting bug in backing-file read monitoring Kiran Kumar Modukuri <kiran.modukuri(a)gmail.com> fscache: Allow cancelled operations to be enqueued Shubhrajyoti Datta <shubhrajyoti.datta(a)xilinx.com> net: axienet: Fix double deregister of mdio Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> bnx2x: Fix invalid memory access in rss hash config path. Guenter Roeck <linux(a)roeck-us.net> media: staging: omap4iss: Include asm/cacheflush.h after generic includes Alexander Sverdlin <alexander.sverdlin(a)nokia.com> i2c: davinci: Avoid zero value of CLKH Nicholas Mc Guire <hofrat(a)osadl.org> can: mpc5xxx_can: check of_iomap return before use Randy Dunlap <rdunlap(a)infradead.org> net: prevent ISA drivers from building on PPC32 Florian Westphal <fw(a)strlen.de> atl1c: reserve min skb headroom Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Fix possible race for the link state value. YueHaibing <yuehaibing(a)huawei.com> net: caif: Add a missing rcu_read_unlock() in caif_flow_cb Len Brown <len.brown(a)intel.com> tools/power turbostat: fix -S on UP systems Eugeniu Rosca <roscaeugeniu(a)gmail.com> usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' Peter Senna Tschudin <peter.senna(a)gmail.com> tools: usb: ffs-test: Fix build on big endian systems Randy Dunlap <rdunlap(a)infradead.org> usb/phy: fix PPC64 build errors in phy-fsl-usb.c Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() Jia-Ju Bai <baijiaju1990(a)gmail.com> usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() Lucas Stach <l.stach(a)pengutronix.de> drm/imx: imx-ldb: check if channel is enabled before printing warning Lucas Stach <l.stach(a)pengutronix.de> drm/imx: imx-ldb: disable LDB on driver bind Varun Prakash <varun(a)chelsio.com> scsi: libiscsi: fix possible NULL pointer dereference in case of TMF Sean Paul <seanpaul(a)chromium.org> drm/bridge: adv7511: Reset registers on hotplug Bernd Edlinger <bernd.edlinger(a)hotmail.de> nl80211: Add a missing break in parse_station_flags mpubbise(a)codeaurora.org <mpubbise(a)codeaurora.org> mac80211: add stations tied to AP_VLANs during hw reconfig Florian Westphal <fw(a)strlen.de> xfrm: free skb if nlsk pointer is NULL Tommi Rantala <tommi.t.rantala(a)nokia.com> xfrm: fix missing dst_release() after policy blocking lbcast and multicast Eyal Birger <eyal.birger(a)gmail.com> vti6: fix PMTU caching and reporting on xmit yujuan.qi <yujuan.qi(a)mediatek.com> Cipso: cipso_v4_optptr enter infinite loop Ethan Zhao <ethan.zhao(a)oracle.com> sched/sysctl: Check user input value of sysctl_sched_time_avg ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/delay.h | 3 + arch/arc/mm/cache.c | 7 +- arch/arm/kvm/mmu.c | 42 +++++++++--- arch/arm64/mm/init.c | 6 +- arch/mips/bcm47xx/setup.c | 6 -- arch/mips/include/asm/mipsregs.h | 3 - arch/mips/include/asm/processor.h | 2 +- arch/mips/kernel/ptrace.c | 2 +- arch/mips/kernel/ptrace32.c | 2 +- arch/mips/lib/multi3.c | 6 +- arch/s390/include/asm/qdio.h | 1 - arch/s390/mm/fault.c | 2 + arch/s390/net/bpf_jit_comp.c | 2 - arch/s390/pci/pci.c | 2 + arch/x86/include/asm/irqflags.h | 3 +- arch/x86/include/asm/processor.h | 4 +- arch/x86/kernel/cpu/bugs.c | 4 ++ arch/x86/kernel/cpu/intel.c | 3 + arch/x86/kernel/process_64.c | 1 + arch/x86/mm/init.c | 4 +- arch/x86/mm/mmap.c | 2 +- drivers/cdrom/cdrom.c | 2 +- drivers/gpu/drm/i2c/adv7511.c | 12 ++++ drivers/gpu/drm/imx/imx-ldb.c | 9 ++- drivers/gpu/drm/udl/udl_fb.c | 2 +- drivers/gpu/drm/udl/udl_main.c | 35 +++++----- drivers/i2c/busses/i2c-davinci.c | 8 ++- drivers/net/can/mscan/mpc5xxx_can.c | 5 ++ drivers/net/ethernet/3com/Kconfig | 2 +- drivers/net/ethernet/amd/Kconfig | 4 +- drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 1 + .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 13 +++- drivers/net/ethernet/cirrus/Kconfig | 1 + drivers/net/ethernet/cisco/enic/enic_main.c | 78 ++++++++-------------- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 1 + drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 1 + drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/pinctrl/freescale/pinctrl-imx1-core.c | 2 +- drivers/s390/cio/qdio_main.c | 5 +- drivers/scsi/fcoe/fcoe_ctlr.c | 4 +- drivers/scsi/libiscsi.c | 12 ++-- drivers/scsi/scsi_sysfs.c | 20 +++++- drivers/scsi/vmw_pvscsi.c | 11 ++- drivers/staging/media/omap4iss/iss_video.c | 3 +- drivers/target/iscsi/iscsi_target_login.c | 35 ++++++---- drivers/usb/gadget/function/f_uac2.c | 20 +++--- drivers/usb/gadget/udc/r8a66597-udc.c | 6 +- drivers/usb/phy/phy-fsl-usb.c | 4 +- fs/btrfs/extent-tree.c | 2 +- fs/cachefiles/namei.c | 1 - fs/cachefiles/rdwr.c | 17 +++-- fs/cifs/cifs_debug.c | 30 +++++++-- fs/cifs/inode.c | 2 + fs/cifs/link.c | 4 +- fs/cifs/sess.c | 6 ++ fs/cifs/smb2inode.c | 2 +- fs/ext4/namei.c | 1 + fs/ext4/sysfs.c | 13 +++- fs/ext4/xattr.c | 2 + fs/fscache/operation.c | 6 +- fs/fuse/dev.c | 39 +++++++++-- fs/fuse/file.c | 1 + fs/fuse/fuse_i.h | 1 + fs/fuse/inode.c | 23 +++---- fs/sysfs/file.c | 44 ++++++++++++ include/linux/sysfs.h | 14 ++++ kernel/kprobes.c | 4 +- kernel/sysctl.c | 3 +- mm/memory.c | 3 + mm/zswap.c | 9 +++ net/caif/caif_dev.c | 4 +- net/ipv4/cipso_ipv4.c | 12 +++- net/ipv6/ip6_vti.c | 11 +-- net/mac80211/util.c | 3 +- net/wireless/nl80211.c | 1 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_user.c | 10 +-- sound/soc/sirf/sirf-usp.c | 7 +- sound/soc/soc-pcm.c | 8 +++ tools/power/x86/turbostat/turbostat.c | 8 +-- .../selftests/ftrace/test.d/00basic/snapshot.tc | 28 ++++++++ tools/usb/ffs-test.c | 19 +++++- 83 files changed, 514 insertions(+), 236 deletions(-)

6 years, 9 months

6
86
0 0

[PATCH 4.4 00/79] 4.4.152-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.152 release. There are 79 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 25 07:48:51 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.152-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.152-rc1 Jann Horn <jannh(a)google.com> reiserfs: fix broken xattr handling (heap corruption, bad retval) Esben Haabendal <eha(a)deif.com> i2c: imx: Fix race condition in dma read Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix use-after-free on unplug Myron Stowe <myron.stowe(a)redhat.com> PCI: Skip MPS logic for Virtual Functions (VFs) Lukas Wunner <lukas(a)wunner.de> PCI: hotplug: Don't leak pci_slot on registration failure John David Anglin <dave.anglin(a)bell.net> parisc: Remove unnecessary barriers from spinlock.h Elad Raz <eladr(a)mellanox.com> bridge: Propagate vlan add failure to user Willem de Bruijn <willemb(a)google.com> packet: refine ring v3 block size test to hold one frame Florian Westphal <fw(a)strlen.de> netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Eric Dumazet <edumazet(a)google.com> xfrm_user: prevent leaking 2 bytes of kernel memory John David Anglin <dave.anglin(a)bell.net> parisc: Remove ordered stores from syscall.S Jeremy Cline <jcline(a)redhat.com> ext4: fix spectre gadget in ext4_mb_regular_allocator() Paolo Bonzini <pbonzini(a)redhat.com> KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer Daniel Rosenberg <drosen(a)google.com> staging: android: ion: check for kref overflow Randy Dunlap <rdunlap(a)infradead.org> tcp: identify cryptic messages as TCP seq # bugs Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Fix log level if probe fails Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Make sure the QCA7000 reset is triggered Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Avoid packet drop during initial sync David Lechner <david(a)lechnology.com> net: usb: rtl8150: demote allmulti message to dev_dbg() Randy Dunlap <rdunlap(a)infradead.org> net/ethernet/freescale/fman: fix cross-build error Dan Carpenter <dan.carpenter(a)oracle.com> drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Yuchung Cheng <ycheng(a)google.com> tcp: remove DELAYED ACK events in DCTCP Dan Carpenter <dan.carpenter(a)oracle.com> qlogic: check kstrtoul() for errors Willem de Bruijn <willemb(a)google.com> packet: reset network header if packet shorter than ll reserved space Alexander Duyck <alexander.h.duyck(a)intel.com> ixgbe: Be more careful when modifying MAC filters Adam Ford <aford173(a)gmail.com> ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Steven Rostedt (VMware) <rostedt(a)goodmis.org> ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Kim Phillips <kim.phillips(a)arm.com> perf llvm-utils: Remove bashism from kernel include fetch script Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix for system hang if request_irq fails Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix colorkey mode property Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: use __func__ macro for debug messages Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem Daniel Mack <daniel(a)zonque.org> ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Florian Westphal <fw(a)strlen.de> netfilter: x_tables: set module owner for icmp(6) matches Yuiko Oshino <yuiko.oshino(a)microchip.com> smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei <thunder.leizhen(a)huawei.com> kasan: fix shadow_size calculation error in kasan_module_alloc Mathieu Malaterre <malat(a)debian.org> tracing: Use __printf markup to silence compiler Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v4_v5_defconfig: Select ULPI support Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v6_v7_defconfig: Select ULPI support Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Greg Ungerer <gerg(a)linux-m68k.org> m68k: fix "bad page state" oops on ColdFire boot Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> bnx2x: Fix receiving tx-timeout in error or recovery state. Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix WINCONx reset value Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes BingJing Chang <bingjingc(a)synology.com> md/raid10: fix that replacement cannot complete recovery after reassemble Dan Carpenter <dan.carpenter(a)oracle.com> dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() Keerthy <j-keerthy(a)ti.com> ARM: dts: da850: Fix interrups property for gpio Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs Jiri Olsa <jolsa(a)kernel.org> perf tests: Add event parsing error handling to parse events test Sandipan Das <sandipan(a)linux.ibm.com> perf report powerpc: Fix crash if callchain is empty Thomas Richter <tmricht(a)linux.ibm.com> perf test session topology: Fix test on s390 Ajay Gupta <ajaykuee(a)gmail.com> usb: xhci: increase CRS timeout value Daniel Mack <daniel(a)zonque.org> ARM: dts: am437x: make edt-ft5x06 a wakeup source Michael Trimarchi <michael(a)amarulasolutions.com> brcmfmac: stop watchdog before detach and free everything Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: when disabling dcb set txq dcb priority to 0 Casey Schaufler <casey(a)schaufler-ca.com> Smack: Mark inode instant in smack_task_to_inode Hangbin Liu <liuhangbin(a)gmail.com> ipv6: mcast: fix unsolicited report interval after receiving querys Steven Rostedt (VMware) <rostedt(a)goodmis.org> locking/lockdep: Do not record IRQ state within lockdep code Bartosz Golaszewski <bgolaszewski(a)baylibre.com> net: davinci_emac: match the mdio device against its compatible if possible Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Li RongQing <lirongqing(a)baidu.com> net: propagate dev_get_valid_name return code Stefan Agner <stefan(a)agner.ch> net: hamradio: use eth_broadcast_addr Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: initialize enic->rfs_h.lock in enic_probe Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Add sanity check for SIMD fastpath handler. Zhizhou Zhang <zhizhouzhang(a)asrmicro.com> arm64: make secondary_start_kernel() notrace Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: xen-scsifront: add error handling for xenbus_printf Grigor Tovmasyan <Grigor.Tovmasyan(a)synopsys.com> usb: gadget: dwc2: fix memory leak in gadget_init() Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: gadget: composite: fix delayed_status race condition when set_interface William Wu <william.wu(a)rock-chips.com> usb: dwc2: fix isoc split in transfer with no data Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix I2C controller interrupt type Fathi Boudra <fathi.boudra(a)linaro.org> selftests: sync: add config fragment for testing sync framework Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: zram: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: user: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: static_keys: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: pstore: return Kselftest Skip code for skipped tests Eric Dumazet <edumazet(a)google.com> netfilter: ipv6: nf_defrag: reduce struct net memory waste Alexey Brodkin <abrodkin(a)synopsys.com> ARC: Explicitly add -mmedium-calls to CFLAGS ------------- Diffstat: Makefile | 4 +- arch/arc/Makefile | 15 +----- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arm/boot/dts/am3517.dtsi | 5 ++ arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/bcm-cygnus.dtsi | 4 +- arch/arm/boot/dts/da850.dtsi | 6 +-- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++++ arch/arm64/kernel/smp.c | 2 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- arch/parisc/include/asm/spinlock.h | 8 +-- arch/parisc/kernel/syscall.S | 24 ++++----- drivers/dma/k3dma.c | 2 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 ++++++++--- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +-- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++++---- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/hid/wacom_wac.c | 10 +++- drivers/i2c/busses/i2c-imx.c | 8 +-- drivers/md/raid10.c | 7 +++ drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 +++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 +++ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++++- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 ++++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++++---- drivers/net/ethernet/ti/davinci_emac.c | 4 ++ drivers/net/hamradio/bpqether.c | 8 +-- drivers/net/ieee802154/at86rf230.c | 15 ++---- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 ++++++++++++++++++++++ drivers/net/wireless/brcm80211/brcmfmac/sdio.c | 7 +++ drivers/pci/hotplug/pci_hotplug_core.c | 9 ++++ drivers/pci/hotplug/pciehp.h | 1 + drivers/pci/hotplug/pciehp_core.c | 7 +++ drivers/pci/hotplug/pciehp_hpc.c | 5 +- drivers/pci/probe.c | 4 ++ drivers/scsi/xen-scsifront.c | 33 +++++++++--- drivers/staging/android/ion/ion.c | 17 ++++-- drivers/usb/dwc2/gadget.c | 7 ++- drivers/usb/dwc2/hcd_intr.c | 3 +- drivers/usb/gadget/composite.c | 3 ++ drivers/usb/host/xhci.c | 7 ++- fs/ext4/mballoc.c | 4 +- fs/reiserfs/xattr.c | 4 +- include/linux/fsl/guts.h | 1 + include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tcp.h | 2 - kernel/locking/lockdep.c | 12 ++--- kernel/trace/trace.c | 5 ++ mm/kasan/kasan.c | 5 +- net/bridge/br_if.c | 11 +++- net/core/dev.c | 4 +- net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 --------- net/ipv4/tcp_output.c | 4 -- net/ipv6/mcast.c | 9 ++-- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +-- net/netfilter/nf_conntrack_proto_dccp.c | 8 +-- net/packet/af_packet.c | 12 +++-- net/xfrm/xfrm_user.c | 8 +-- security/smack/smack_lsm.c | 1 + tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/tests/parse-events.c | 8 +-- tools/perf/tests/topology.c | 1 + tools/perf/util/llvm-utils.c | 6 +-- .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++++ tools/testing/selftests/sync/config | 4 ++ tools/testing/selftests/user/test_user_copy.sh | 7 +++ tools/testing/selftests/x86/sigreturn.c | 46 ++++++++++------ tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- virt/kvm/eventfd.c | 11 ++-- 89 files changed, 477 insertions(+), 226 deletions(-)

6 years, 9 months

7
88
0 0

[STABLE 4.14+][PATCH 0/2] IRDA fixes

by Tyler Hicks

Hello - Two issues were reported to Ubuntu in the IRDA subsystem. IRDA is no longer present in the upstream kernel as of 4.17 but the stable tree is affected. This patch set addresses the issues in 4.14 to 4.17. Tyler

6 years, 9 months

3
7
0 0

FAILED: patch "[PATCH] s390/lib: use expoline for all bcr instructions" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5eda25b10297684c1f46a14199ec00210f3c346e Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Mon, 6 Aug 2018 13:49:47 +0200 Subject: [PATCH] s390/lib: use expoline for all bcr instructions The memove, memset, memcpy, __memset16, __memset32 and __memset64 function have an additional indirect return branch in form of a "bzr" instruction. These need to use expolines as well. Cc: <stable(a)vger.kernel.org> # v4.17+ Fixes: 97489e0663 ("s390/lib: use expoline for indirect branches") Reviewed-by: Heiko Carstens <heiko.carstens(a)de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/lib/mem.S b/arch/s390/lib/mem.S index 2311f15be9cf..40c4d59c926e 100644 --- a/arch/s390/lib/mem.S +++ b/arch/s390/lib/mem.S @@ -17,7 +17,7 @@ ENTRY(memmove) ltgr %r4,%r4 lgr %r1,%r2 - bzr %r14 + jz .Lmemmove_exit aghi %r4,-1 clgr %r2,%r3 jnh .Lmemmove_forward @@ -36,6 +36,7 @@ ENTRY(memmove) .Lmemmove_forward_remainder: larl %r5,.Lmemmove_mvc ex %r4,0(%r5) +.Lmemmove_exit: BR_EX %r14 .Lmemmove_reverse: ic %r0,0(%r4,%r3) @@ -65,7 +66,7 @@ EXPORT_SYMBOL(memmove) */ ENTRY(memset) ltgr %r4,%r4 - bzr %r14 + jz .Lmemset_exit ltgr %r3,%r3 jnz .Lmemset_fill aghi %r4,-1 @@ -80,6 +81,7 @@ ENTRY(memset) .Lmemset_clear_remainder: larl %r3,.Lmemset_xc ex %r4,0(%r3) +.Lmemset_exit: BR_EX %r14 .Lmemset_fill: cghi %r4,1 @@ -115,7 +117,7 @@ EXPORT_SYMBOL(memset) */ ENTRY(memcpy) ltgr %r4,%r4 - bzr %r14 + jz .Lmemcpy_exit aghi %r4,-1 srlg %r5,%r4,8 ltgr %r5,%r5 @@ -124,6 +126,7 @@ ENTRY(memcpy) .Lmemcpy_remainder: larl %r5,.Lmemcpy_mvc ex %r4,0(%r5) +.Lmemcpy_exit: BR_EX %r14 .Lmemcpy_loop: mvc 0(256,%r1),0(%r3) @@ -145,9 +148,9 @@ EXPORT_SYMBOL(memcpy) .macro __MEMSET bits,bytes,insn ENTRY(__memset\bits) ltgr %r4,%r4 - bzr %r14 + jz .L__memset_exit\bits cghi %r4,\bytes - je .L__memset_exit\bits + je .L__memset_store\bits aghi %r4,-(\bytes+1) srlg %r5,%r4,8 ltgr %r5,%r5 @@ -163,8 +166,9 @@ ENTRY(__memset\bits) larl %r5,.L__memset_mvc\bits ex %r4,0(%r5) BR_EX %r14 -.L__memset_exit\bits: +.L__memset_store\bits: \insn %r3,0(%r2) +.L__memset_exit\bits: BR_EX %r14 .L__memset_mvc\bits: mvc \bytes(1,%r1),0(%r1)

6 years, 9 months

3
4
0 0

[PATCH v3.18] kbuild: make missing $DEPMOD a Warning instead of an Error

by Maxim Zhukov

From: Randy Dunlap <rdunlap(a)infradead.org> [ Upstream commit 914b087ff9e0e9a399a4927fa30793064afc0178 ] When $DEPMOD is not found, only print a warning instead of exiting with an error message and error status: Warning: 'make modules_install' requires /sbin/depmod. Please install it. This is probably in the kmod package. Change the Error to a Warning because "not all build hosts for cross compiling Linux are Linux systems and are able to provide a working port of depmod, especially at the file patch /sbin/depmod." I.e., "make modules_install" may be used to copy/install the loadable modules files to a target directory on a build system and then transferred to an embedded device where /sbin/depmod is run instead of it being run on the build system. Fixes: 934193a654c1 ("kbuild: verify that $DEPMOD is installed") Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Reported-by: H. Nikolaus Schaller <hns(a)goldelico.com> Cc: stable(a)vger.kernel.org Cc: Lucas De Marchi <lucas.demarchi(a)profusion.mobi> Cc: Lucas De Marchi <lucas.de.marchi(a)gmail.com> Cc: Michal Marek <michal.lkml(a)markovi.net> Cc: Jessica Yu <jeyu(a)kernel.org> Cc: Chih-Wei Huang <cwhuang(a)linux.org.tw> Signed-off-by: Masahiro Yamada <yamada.masahiro(a)socionext.com> Signed-off-by: Maxim Zhukov <mussitantesmortem(a)gmail.com> --- scripts/depmod.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/depmod.sh b/scripts/depmod.sh index ea1e96921e3b..baedaef53ca0 100755 --- a/scripts/depmod.sh +++ b/scripts/depmod.sh @@ -15,9 +15,9 @@ if ! test -r System.map ; then fi if [ -z $(command -v $DEPMOD) ]; then - echo "'make modules_install' requires $DEPMOD. Please install it." >&2 + echo "Warning: 'make modules_install' requires $DEPMOD. Please install it." >&2 echo "This is probably in the kmod package." >&2 - exit 1 + exit 0 fi # older versions of depmod don't support -P <symbol-prefix> -- 2.19.0

6 years, 9 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror