- Linux-stable-mirror - lists.linaro.org

[PATCHv2 0/4] tty: Hold write ldisc sem in tty_reopen()

by Dmitry Safonov

The first two fixes are worth to have in stables as we've hit it on v4.9 stable. And for linux-next - adding lockdep asserts for line discipline changing code, verifying that write ldisc sem will be held forthwith. Changes since v1: - Added tested-by/reported-by tags - Dropped 3/4 (locking tty pair for lockdep sake), Because of that - not adding lockdep_assert_held() in tty_ldisc_open() - Added 4/4 cleanup to inc tty->count only on success of tty_ldisc_reinit() - lock ldisc without (5*HZ) timeout in tty_reopen() v1 link: lkml.kernel.org/r/<20180829022353.23568-1-dima(a)arista.com> Huuge cc list: Cc: Daniel Axtens <dja(a)axtens.net> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Michael Neuling <mikey(a)neuling.org> Cc: Mikulas Patocka <mpatocka(a)redhat.com> Cc: Nathan March <nathan(a)gt.net> Cc: Pasi Kärkkäinen <pasik(a)iki.fi> Cc: Peter Hurley <peter(a)hurleysoftware.com> Cc: Sergey Senozhatsky <sergey.senozhatsky.work(a)gmail.com> Cc: Tan Xiaojun <tanxiaojun(a)huawei.com> Cc: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> (please, ignore if I Cc'ed you mistakenly) Dmitry Safonov (4): tty: Drop tty->count on tty_reopen() failure tty: Hold tty_ldisc_lock() during tty_reopen() tty/lockdep: Add ldisc_sem asserts tty: Simplify tty->count math in tty_reopen() drivers/tty/tty_io.c | 12 ++++++++---- drivers/tty/tty_ldisc.c | 5 +++++ 2 files changed, 13 insertions(+), 4 deletions(-) -- 2.13.6

6 years, 9 months

4
7
0 0

+ fork-report-pid-exhaustion-correctly.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: fork: report pid exhaustion correctly has been added to the -mm tree. Its filename is fork-report-pid-exhaustion-correctly.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/fork-report-pid-exhaustion-correct… and later at http://ozlabs.org/~akpm/mmotm/broken-out/fork-report-pid-exhaustion-correct… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: KJ Tsanaktsidis <ktsanaktsidis(a)zendesk.com> Subject: fork: report pid exhaustion correctly Make the clone and fork syscalls return EAGAIN when the limit on the number of pids /proc/sys/kernel/pid_max is exceeded. Currently, when the pid_max limit is exceeded, the kernel will return ENOSPC from the fork and clone syscalls. This is contrary to the documented behaviour, which explicitly calls out the pid_max case as one where EAGAIN should be returned. It also leads to really confusing error messages in userspace programs which will complain about a lack of disk space when they fail to create processes/threads for this reason. This error is being returned because alloc_pid() uses the idr api to find a new pid; when there are none available, idr_alloc_cyclic() returns -ENOSPC, and this is being propagated back to userspace. This behaviour has been broken before, and was explicitly fixed in commit 35f71bc0a09a ("fork: report pid reservation failure properly"), so I think -EAGAIN is definitely the right thing to return in this case. The current behaviour change dates from commit 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP") and was I believe unintentional. This patch has no impact on the case where allocating a pid fails because the child reaper for the namespace is dead; that case will still return -ENOMEM. Link: http://lkml.kernel.org/r/20180903111016.46461-1-ktsanaktsidis@zendesk.com Fixes: 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP") Signed-off-by: KJ Tsanaktsidis <ktsanaktsidis(a)zendesk.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.cz> Cc: Gargi Sharma <gs051095(a)gmail.com> Cc: Rik van Riel <riel(a)redhat.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN kernel/pid.c~fork-report-pid-exhaustion-correctly kernel/pid.c --- a/kernel/pid.c~fork-report-pid-exhaustion-correctly +++ a/kernel/pid.c @@ -195,7 +195,7 @@ struct pid *alloc_pid(struct pid_namespa idr_preload_end(); if (nr < 0) { - retval = nr; + retval = (nr == -ENOSPC) ? -EAGAIN : nr; goto out_free; } _ Patches currently in -mm which might be from ktsanaktsidis(a)zendesk.com are fork-report-pid-exhaustion-correctly.patch

6 years, 9 months

2
1
0 0

[PATCH] crypto: remove speck

by Jason A. Donenfeld

These are unused, undesired, and have never actually been used by anybody. The original authors of this code have changed their mind about its inclusion. Therefore, this patch removes it. Signed-off-by: Jason A. Donenfeld <Jason(a)zx2c4.com> Cc: stable(a)vger.kernel.org --- Documentation/filesystems/fscrypt.rst | 10 - arch/arm/crypto/Kconfig | 6 - arch/arm/crypto/Makefile | 2 - arch/arm/crypto/speck-neon-core.S | 434 --------------- arch/arm/crypto/speck-neon-glue.c | 288 ---------- arch/arm64/crypto/Kconfig | 6 - arch/arm64/crypto/Makefile | 3 - arch/arm64/crypto/speck-neon-core.S | 352 ------------ arch/arm64/crypto/speck-neon-glue.c | 282 ---------- arch/m68k/configs/amiga_defconfig | 1 - arch/m68k/configs/apollo_defconfig | 1 - arch/m68k/configs/atari_defconfig | 1 - arch/m68k/configs/bvme6000_defconfig | 1 - arch/m68k/configs/hp300_defconfig | 1 - arch/m68k/configs/mac_defconfig | 1 - arch/m68k/configs/multi_defconfig | 1 - arch/m68k/configs/mvme147_defconfig | 1 - arch/m68k/configs/mvme16x_defconfig | 1 - arch/m68k/configs/q40_defconfig | 1 - arch/m68k/configs/sun3_defconfig | 1 - arch/m68k/configs/sun3x_defconfig | 1 - arch/s390/defconfig | 1 - crypto/Kconfig | 14 - crypto/Makefile | 1 - crypto/speck.c | 307 ----------- crypto/testmgr.c | 24 - crypto/testmgr.h | 738 -------------------------- fs/crypto/fscrypt_private.h | 4 - fs/crypto/keyinfo.c | 10 - include/crypto/speck.h | 62 --- include/uapi/linux/fs.h | 2 - 31 files changed, 2558 deletions(-) delete mode 100644 arch/arm/crypto/speck-neon-core.S delete mode 100644 arch/arm/crypto/speck-neon-glue.c delete mode 100644 arch/arm64/crypto/speck-neon-core.S delete mode 100644 arch/arm64/crypto/speck-neon-glue.c delete mode 100644 crypto/speck.c delete mode 100644 include/crypto/speck.h diff --git a/Documentation/filesystems/fscrypt.rst b/Documentation/filesystems/fscrypt.rst index 48b424de85bb..cfbc18f0d9c9 100644 --- a/Documentation/filesystems/fscrypt.rst +++ b/Documentation/filesystems/fscrypt.rst @@ -191,21 +191,11 @@ Currently, the following pairs of encryption modes are supported: - AES-256-XTS for contents and AES-256-CTS-CBC for filenames - AES-128-CBC for contents and AES-128-CTS-CBC for filenames -- Speck128/256-XTS for contents and Speck128/256-CTS-CBC for filenames It is strongly recommended to use AES-256-XTS for contents encryption. AES-128-CBC was added only for low-powered embedded devices with crypto accelerators such as CAAM or CESA that do not support XTS. -Similarly, Speck128/256 support was only added for older or low-end -CPUs which cannot do AES fast enough -- especially ARM CPUs which have -NEON instructions but not the Cryptography Extensions -- and for which -it would not otherwise be feasible to use encryption at all. It is -not recommended to use Speck on CPUs that have AES instructions. -Speck support is only available if it has been enabled in the crypto -API via CONFIG_CRYPTO_SPECK. Also, on ARM platforms, to get -acceptable performance CONFIG_CRYPTO_SPECK_NEON must be enabled. - New encryption modes can be added relatively easily, without changes to individual filesystems. However, authenticated encryption (AE) modes are not currently supported because of the difficulty of dealing diff --git a/arch/arm/crypto/Kconfig b/arch/arm/crypto/Kconfig index 925d1364727a..b8e69fe282b8 100644 --- a/arch/arm/crypto/Kconfig +++ b/arch/arm/crypto/Kconfig @@ -121,10 +121,4 @@ config CRYPTO_CHACHA20_NEON select CRYPTO_BLKCIPHER select CRYPTO_CHACHA20 -config CRYPTO_SPECK_NEON - tristate "NEON accelerated Speck cipher algorithms" - depends on KERNEL_MODE_NEON - select CRYPTO_BLKCIPHER - select CRYPTO_SPECK - endif diff --git a/arch/arm/crypto/Makefile b/arch/arm/crypto/Makefile index 8de542c48ade..bd5bceef0605 100644 --- a/arch/arm/crypto/Makefile +++ b/arch/arm/crypto/Makefile @@ -10,7 +10,6 @@ obj-$(CONFIG_CRYPTO_SHA1_ARM_NEON) += sha1-arm-neon.o obj-$(CONFIG_CRYPTO_SHA256_ARM) += sha256-arm.o obj-$(CONFIG_CRYPTO_SHA512_ARM) += sha512-arm.o obj-$(CONFIG_CRYPTO_CHACHA20_NEON) += chacha20-neon.o -obj-$(CONFIG_CRYPTO_SPECK_NEON) += speck-neon.o ce-obj-$(CONFIG_CRYPTO_AES_ARM_CE) += aes-arm-ce.o ce-obj-$(CONFIG_CRYPTO_SHA1_ARM_CE) += sha1-arm-ce.o @@ -54,7 +53,6 @@ ghash-arm-ce-y := ghash-ce-core.o ghash-ce-glue.o crct10dif-arm-ce-y := crct10dif-ce-core.o crct10dif-ce-glue.o crc32-arm-ce-y:= crc32-ce-core.o crc32-ce-glue.o chacha20-neon-y := chacha20-neon-core.o chacha20-neon-glue.o -speck-neon-y := speck-neon-core.o speck-neon-glue.o ifdef REGENERATE_ARM_CRYPTO quiet_cmd_perl = PERL $@ diff --git a/arch/arm/crypto/speck-neon-core.S b/arch/arm/crypto/speck-neon-core.S deleted file mode 100644 index 57caa742016e..000000000000 --- a/arch/arm/crypto/speck-neon-core.S +++ /dev/null @@ -1,434 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -/* - * NEON-accelerated implementation of Speck128-XTS and Speck64-XTS - * - * Copyright (c) 2018 Google, Inc - * - * Author: Eric Biggers <ebiggers(a)google.com> - */ - -#include <linux/linkage.h> - - .text - .fpu neon - - // arguments - ROUND_KEYS .req r0 // const {u64,u32} *round_keys - NROUNDS .req r1 // int nrounds - DST .req r2 // void *dst - SRC .req r3 // const void *src - NBYTES .req r4 // unsigned int nbytes - TWEAK .req r5 // void *tweak - - // registers which hold the data being encrypted/decrypted - X0 .req q0 - X0_L .req d0 - X0_H .req d1 - Y0 .req q1 - Y0_H .req d3 - X1 .req q2 - X1_L .req d4 - X1_H .req d5 - Y1 .req q3 - Y1_H .req d7 - X2 .req q4 - X2_L .req d8 - X2_H .req d9 - Y2 .req q5 - Y2_H .req d11 - X3 .req q6 - X3_L .req d12 - X3_H .req d13 - Y3 .req q7 - Y3_H .req d15 - - // the round key, duplicated in all lanes - ROUND_KEY .req q8 - ROUND_KEY_L .req d16 - ROUND_KEY_H .req d17 - - // index vector for vtbl-based 8-bit rotates - ROTATE_TABLE .req d18 - - // multiplication table for updating XTS tweaks - GF128MUL_TABLE .req d19 - GF64MUL_TABLE .req d19 - - // current XTS tweak value(s) - TWEAKV .req q10 - TWEAKV_L .req d20 - TWEAKV_H .req d21 - - TMP0 .req q12 - TMP0_L .req d24 - TMP0_H .req d25 - TMP1 .req q13 - TMP2 .req q14 - TMP3 .req q15 - - .align 4 -.Lror64_8_table: - .byte 1, 2, 3, 4, 5, 6, 7, 0 -.Lror32_8_table: - .byte 1, 2, 3, 0, 5, 6, 7, 4 -.Lrol64_8_table: - .byte 7, 0, 1, 2, 3, 4, 5, 6 -.Lrol32_8_table: - .byte 3, 0, 1, 2, 7, 4, 5, 6 -.Lgf128mul_table: - .byte 0, 0x87 - .fill 14 -.Lgf64mul_table: - .byte 0, 0x1b, (0x1b << 1), (0x1b << 1) ^ 0x1b - .fill 12 - -/* - * _speck_round_128bytes() - Speck encryption round on 128 bytes at a time - * - * Do one Speck encryption round on the 128 bytes (8 blocks for Speck128, 16 for - * Speck64) stored in X0-X3 and Y0-Y3, using the round key stored in all lanes - * of ROUND_KEY. 'n' is the lane size: 64 for Speck128, or 32 for Speck64. - * - * The 8-bit rotates are implemented using vtbl instead of vshr + vsli because - * the vtbl approach is faster on some processors and the same speed on others. - */ -.macro _speck_round_128bytes n - - // x = ror(x, 8) - vtbl.8 X0_L, {X0_L}, ROTATE_TABLE - vtbl.8 X0_H, {X0_H}, ROTATE_TABLE - vtbl.8 X1_L, {X1_L}, ROTATE_TABLE - vtbl.8 X1_H, {X1_H}, ROTATE_TABLE - vtbl.8 X2_L, {X2_L}, ROTATE_TABLE - vtbl.8 X2_H, {X2_H}, ROTATE_TABLE - vtbl.8 X3_L, {X3_L}, ROTATE_TABLE - vtbl.8 X3_H, {X3_H}, ROTATE_TABLE - - // x += y - vadd.u\n X0, Y0 - vadd.u\n X1, Y1 - vadd.u\n X2, Y2 - vadd.u\n X3, Y3 - - // x ^= k - veor X0, ROUND_KEY - veor X1, ROUND_KEY - veor X2, ROUND_KEY - veor X3, ROUND_KEY - - // y = rol(y, 3) - vshl.u\n TMP0, Y0, #3 - vshl.u\n TMP1, Y1, #3 - vshl.u\n TMP2, Y2, #3 - vshl.u\n TMP3, Y3, #3 - vsri.u\n TMP0, Y0, #(\n - 3) - vsri.u\n TMP1, Y1, #(\n - 3) - vsri.u\n TMP2, Y2, #(\n - 3) - vsri.u\n TMP3, Y3, #(\n - 3) - - // y ^= x - veor Y0, TMP0, X0 - veor Y1, TMP1, X1 - veor Y2, TMP2, X2 - veor Y3, TMP3, X3 -.endm - -/* - * _speck_unround_128bytes() - Speck decryption round on 128 bytes at a time - * - * This is the inverse of _speck_round_128bytes(). - */ -.macro _speck_unround_128bytes n - - // y ^= x - veor TMP0, Y0, X0 - veor TMP1, Y1, X1 - veor TMP2, Y2, X2 - veor TMP3, Y3, X3 - - // y = ror(y, 3) - vshr.u\n Y0, TMP0, #3 - vshr.u\n Y1, TMP1, #3 - vshr.u\n Y2, TMP2, #3 - vshr.u\n Y3, TMP3, #3 - vsli.u\n Y0, TMP0, #(\n - 3) - vsli.u\n Y1, TMP1, #(\n - 3) - vsli.u\n Y2, TMP2, #(\n - 3) - vsli.u\n Y3, TMP3, #(\n - 3) - - // x ^= k - veor X0, ROUND_KEY - veor X1, ROUND_KEY - veor X2, ROUND_KEY - veor X3, ROUND_KEY - - // x -= y - vsub.u\n X0, Y0 - vsub.u\n X1, Y1 - vsub.u\n X2, Y2 - vsub.u\n X3, Y3 - - // x = rol(x, 8); - vtbl.8 X0_L, {X0_L}, ROTATE_TABLE - vtbl.8 X0_H, {X0_H}, ROTATE_TABLE - vtbl.8 X1_L, {X1_L}, ROTATE_TABLE - vtbl.8 X1_H, {X1_H}, ROTATE_TABLE - vtbl.8 X2_L, {X2_L}, ROTATE_TABLE - vtbl.8 X2_H, {X2_H}, ROTATE_TABLE - vtbl.8 X3_L, {X3_L}, ROTATE_TABLE - vtbl.8 X3_H, {X3_H}, ROTATE_TABLE -.endm - -.macro _xts128_precrypt_one dst_reg, tweak_buf, tmp - - // Load the next source block - vld1.8 {\dst_reg}, [SRC]! - - // Save the current tweak in the tweak buffer - vst1.8 {TWEAKV}, [\tweak_buf:128]! - - // XOR the next source block with the current tweak - veor \dst_reg, TWEAKV - - /* - * Calculate the next tweak by multiplying the current one by x, - * modulo p(x) = x^128 + x^7 + x^2 + x + 1. - */ - vshr.u64 \tmp, TWEAKV, #63 - vshl.u64 TWEAKV, #1 - veor TWEAKV_H, \tmp\()_L - vtbl.8 \tmp\()_H, {GF128MUL_TABLE}, \tmp\()_H - veor TWEAKV_L, \tmp\()_H -.endm - -.macro _xts64_precrypt_two dst_reg, tweak_buf, tmp - - // Load the next two source blocks - vld1.8 {\dst_reg}, [SRC]! - - // Save the current two tweaks in the tweak buffer - vst1.8 {TWEAKV}, [\tweak_buf:128]! - - // XOR the next two source blocks with the current two tweaks - veor \dst_reg, TWEAKV - - /* - * Calculate the next two tweaks by multiplying the current ones by x^2, - * modulo p(x) = x^64 + x^4 + x^3 + x + 1. - */ - vshr.u64 \tmp, TWEAKV, #62 - vshl.u64 TWEAKV, #2 - vtbl.8 \tmp\()_L, {GF64MUL_TABLE}, \tmp\()_L - vtbl.8 \tmp\()_H, {GF64MUL_TABLE}, \tmp\()_H - veor TWEAKV, \tmp -.endm - -/* - * _speck_xts_crypt() - Speck-XTS encryption/decryption - * - * Encrypt or decrypt NBYTES bytes of data from the SRC buffer to the DST buffer - * using Speck-XTS, specifically the variant with a block size of '2n' and round - * count given by NROUNDS. The expanded round keys are given in ROUND_KEYS, and - * the current XTS tweak value is given in TWEAK. It's assumed that NBYTES is a - * nonzero multiple of 128. - */ -.macro _speck_xts_crypt n, decrypting - push {r4-r7} - mov r7, sp - - /* - * The first four parameters were passed in registers r0-r3. Load the - * additional parameters, which were passed on the stack. - */ - ldr NBYTES, [sp, #16] - ldr TWEAK, [sp, #20] - - /* - * If decrypting, modify the ROUND_KEYS parameter to point to the last - * round key rather than the first, since for decryption the round keys - * are used in reverse order. - */ -.if \decrypting -.if \n == 64 - add ROUND_KEYS, ROUND_KEYS, NROUNDS, lsl #3 - sub ROUND_KEYS, #8 -.else - add ROUND_KEYS, ROUND_KEYS, NROUNDS, lsl #2 - sub ROUND_KEYS, #4 -.endif -.endif - - // Load the index vector for vtbl-based 8-bit rotates -.if \decrypting - ldr r12, =.Lrol\n\()_8_table -.else - ldr r12, =.Lror\n\()_8_table -.endif - vld1.8 {ROTATE_TABLE}, [r12:64] - - // One-time XTS preparation - - /* - * Allocate stack space to store 128 bytes worth of tweaks. For - * performance, this space is aligned to a 16-byte boundary so that we - * can use the load/store instructions that declare 16-byte alignment. - * For Thumb2 compatibility, don't do the 'bic' directly on 'sp'. - */ - sub r12, sp, #128 - bic r12, #0xf - mov sp, r12 - -.if \n == 64 - // Load first tweak - vld1.8 {TWEAKV}, [TWEAK] - - // Load GF(2^128) multiplication table - ldr r12, =.Lgf128mul_table - vld1.8 {GF128MUL_TABLE}, [r12:64] -.else - // Load first tweak - vld1.8 {TWEAKV_L}, [TWEAK] - - // Load GF(2^64) multiplication table - ldr r12, =.Lgf64mul_table - vld1.8 {GF64MUL_TABLE}, [r12:64] - - // Calculate second tweak, packing it together with the first - vshr.u64 TMP0_L, TWEAKV_L, #63 - vtbl.u8 TMP0_L, {GF64MUL_TABLE}, TMP0_L - vshl.u64 TWEAKV_H, TWEAKV_L, #1 - veor TWEAKV_H, TMP0_L -.endif - -.Lnext_128bytes_\@: - - /* - * Load the source blocks into {X,Y}[0-3], XOR them with their XTS tweak - * values, and save the tweaks on the stack for later. Then - * de-interleave the 'x' and 'y' elements of each block, i.e. make it so - * that the X[0-3] registers contain only the second halves of blocks, - * and the Y[0-3] registers contain only the first halves of blocks. - * (Speck uses the order (y, x) rather than the more intuitive (x, y).) - */ - mov r12, sp -.if \n == 64 - _xts128_precrypt_one X0, r12, TMP0 - _xts128_precrypt_one Y0, r12, TMP0 - _xts128_precrypt_one X1, r12, TMP0 - _xts128_precrypt_one Y1, r12, TMP0 - _xts128_precrypt_one X2, r12, TMP0 - _xts128_precrypt_one Y2, r12, TMP0 - _xts128_precrypt_one X3, r12, TMP0 - _xts128_precrypt_one Y3, r12, TMP0 - vswp X0_L, Y0_H - vswp X1_L, Y1_H - vswp X2_L, Y2_H - vswp X3_L, Y3_H -.else - _xts64_precrypt_two X0, r12, TMP0 - _xts64_precrypt_two Y0, r12, TMP0 - _xts64_precrypt_two X1, r12, TMP0 - _xts64_precrypt_two Y1, r12, TMP0 - _xts64_precrypt_two X2, r12, TMP0 - _xts64_precrypt_two Y2, r12, TMP0 - _xts64_precrypt_two X3, r12, TMP0 - _xts64_precrypt_two Y3, r12, TMP0 - vuzp.32 Y0, X0 - vuzp.32 Y1, X1 - vuzp.32 Y2, X2 - vuzp.32 Y3, X3 -.endif - - // Do the cipher rounds - - mov r12, ROUND_KEYS - mov r6, NROUNDS - -.Lnext_round_\@: -.if \decrypting -.if \n == 64 - vld1.64 ROUND_KEY_L, [r12] - sub r12, #8 - vmov ROUND_KEY_H, ROUND_KEY_L -.else - vld1.32 {ROUND_KEY_L[],ROUND_KEY_H[]}, [r12] - sub r12, #4 -.endif - _speck_unround_128bytes \n -.else -.if \n == 64 - vld1.64 ROUND_KEY_L, [r12]! - vmov ROUND_KEY_H, ROUND_KEY_L -.else - vld1.32 {ROUND_KEY_L[],ROUND_KEY_H[]}, [r12]! -.endif - _speck_round_128bytes \n -.endif - subs r6, r6, #1 - bne .Lnext_round_\@ - - // Re-interleave the 'x' and 'y' elements of each block -.if \n == 64 - vswp X0_L, Y0_H - vswp X1_L, Y1_H - vswp X2_L, Y2_H - vswp X3_L, Y3_H -.else - vzip.32 Y0, X0 - vzip.32 Y1, X1 - vzip.32 Y2, X2 - vzip.32 Y3, X3 -.endif - - // XOR the encrypted/decrypted blocks with the tweaks we saved earlier - mov r12, sp - vld1.8 {TMP0, TMP1}, [r12:128]! - vld1.8 {TMP2, TMP3}, [r12:128]! - veor X0, TMP0 - veor Y0, TMP1 - veor X1, TMP2 - veor Y1, TMP3 - vld1.8 {TMP0, TMP1}, [r12:128]! - vld1.8 {TMP2, TMP3}, [r12:128]! - veor X2, TMP0 - veor Y2, TMP1 - veor X3, TMP2 - veor Y3, TMP3 - - // Store the ciphertext in the destination buffer - vst1.8 {X0, Y0}, [DST]! - vst1.8 {X1, Y1}, [DST]! - vst1.8 {X2, Y2}, [DST]! - vst1.8 {X3, Y3}, [DST]! - - // Continue if there are more 128-byte chunks remaining, else return - subs NBYTES, #128 - bne .Lnext_128bytes_\@ - - // Store the next tweak -.if \n == 64 - vst1.8 {TWEAKV}, [TWEAK] -.else - vst1.8 {TWEAKV_L}, [TWEAK] -.endif - - mov sp, r7 - pop {r4-r7} - bx lr -.endm - -ENTRY(speck128_xts_encrypt_neon) - _speck_xts_crypt n=64, decrypting=0 -ENDPROC(speck128_xts_encrypt_neon) - -ENTRY(speck128_xts_decrypt_neon) - _speck_xts_crypt n=64, decrypting=1 -ENDPROC(speck128_xts_decrypt_neon) - -ENTRY(speck64_xts_encrypt_neon) - _speck_xts_crypt n=32, decrypting=0 -ENDPROC(speck64_xts_encrypt_neon) - -ENTRY(speck64_xts_decrypt_neon) - _speck_xts_crypt n=32, decrypting=1 -ENDPROC(speck64_xts_decrypt_neon) diff --git a/arch/arm/crypto/speck-neon-glue.c b/arch/arm/crypto/speck-neon-glue.c deleted file mode 100644 index f012c3ea998f..000000000000 --- a/arch/arm/crypto/speck-neon-glue.c +++ /dev/null @@ -1,288 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -/* - * NEON-accelerated implementation of Speck128-XTS and Speck64-XTS - * - * Copyright (c) 2018 Google, Inc - * - * Note: the NIST recommendation for XTS only specifies a 128-bit block size, - * but a 64-bit version (needed for Speck64) is fairly straightforward; the math - * is just done in GF(2^64) instead of GF(2^128), with the reducing polynomial - * x^64 + x^4 + x^3 + x + 1 from the original XEX paper (Rogaway, 2004: - * "Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes - * OCB and PMAC"), represented as 0x1B. - */ - -#include <asm/hwcap.h> -#include <asm/neon.h> -#include <asm/simd.h> -#include <crypto/algapi.h> -#include <crypto/gf128mul.h> -#include <crypto/internal/skcipher.h> -#include <crypto/speck.h> -#include <crypto/xts.h> -#include <linux/kernel.h> -#include <linux/module.h> - -/* The assembly functions only handle multiples of 128 bytes */ -#define SPECK_NEON_CHUNK_SIZE 128 - -/* Speck128 */ - -struct speck128_xts_tfm_ctx { - struct speck128_tfm_ctx main_key; - struct speck128_tfm_ctx tweak_key; -}; - -asmlinkage void speck128_xts_encrypt_neon(const u64 *round_keys, int nrounds, - void *dst, const void *src, - unsigned int nbytes, void *tweak); - -asmlinkage void speck128_xts_decrypt_neon(const u64 *round_keys, int nrounds, - void *dst, const void *src, - unsigned int nbytes, void *tweak); - -typedef void (*speck128_crypt_one_t)(const struct speck128_tfm_ctx *, - u8 *, const u8 *); -typedef void (*speck128_xts_crypt_many_t)(const u64 *, int, void *, - const void *, unsigned int, void *); - -static __always_inline int -__speck128_xts_crypt(struct skcipher_request *req, - speck128_crypt_one_t crypt_one, - speck128_xts_crypt_many_t crypt_many) -{ - struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); - const struct speck128_xts_tfm_ctx *ctx = crypto_skcipher_ctx(tfm); - struct skcipher_walk walk; - le128 tweak; - int err; - - err = skcipher_walk_virt(&walk, req, true); - - crypto_speck128_encrypt(&ctx->tweak_key, (u8 *)&tweak, walk.iv); - - while (walk.nbytes > 0) { - unsigned int nbytes = walk.nbytes; - u8 *dst = walk.dst.virt.addr; - const u8 *src = walk.src.virt.addr; - - if (nbytes >= SPECK_NEON_CHUNK_SIZE && may_use_simd()) { - unsigned int count; - - count = round_down(nbytes, SPECK_NEON_CHUNK_SIZE); - kernel_neon_begin(); - (*crypt_many)(ctx->main_key.round_keys, - ctx->main_key.nrounds, - dst, src, count, &tweak); - kernel_neon_end(); - dst += count; - src += count; - nbytes -= count; - } - - /* Handle any remainder with generic code */ - while (nbytes >= sizeof(tweak)) { - le128_xor((le128 *)dst, (const le128 *)src, &tweak); - (*crypt_one)(&ctx->main_key, dst, dst); - le128_xor((le128 *)dst, (const le128 *)dst, &tweak); - gf128mul_x_ble(&tweak, &tweak); - - dst += sizeof(tweak); - src += sizeof(tweak); - nbytes -= sizeof(tweak); - } - err = skcipher_walk_done(&walk, nbytes); - } - - return err; -} - -static int speck128_xts_encrypt(struct skcipher_request *req) -{ - return __speck128_xts_crypt(req, crypto_speck128_encrypt, - speck128_xts_encrypt_neon); -} - -static int speck128_xts_decrypt(struct skcipher_request *req) -{ - return __speck128_xts_crypt(req, crypto_speck128_decrypt, - speck128_xts_decrypt_neon); -} - -static int speck128_xts_setkey(struct crypto_skcipher *tfm, const u8 *key, - unsigned int keylen) -{ - struct speck128_xts_tfm_ctx *ctx = crypto_skcipher_ctx(tfm); - int err; - - err = xts_verify_key(tfm, key, keylen); - if (err) - return err; - - keylen /= 2; - - err = crypto_speck128_setkey(&ctx->main_key, key, keylen); - if (err) - return err; - - return crypto_speck128_setkey(&ctx->tweak_key, key + keylen, keylen); -} - -/* Speck64 */ - -struct speck64_xts_tfm_ctx { - struct speck64_tfm_ctx main_key; - struct speck64_tfm_ctx tweak_key; -}; - -asmlinkage void speck64_xts_encrypt_neon(const u32 *round_keys, int nrounds, - void *dst, const void *src, - unsigned int nbytes, void *tweak); - -asmlinkage void speck64_xts_decrypt_neon(const u32 *round_keys, int nrounds, - void *dst, const void *src, - unsigned int nbytes, void *tweak); - -typedef void (*speck64_crypt_one_t)(const struct speck64_tfm_ctx *, - u8 *, const u8 *); -typedef void (*speck64_xts_crypt_many_t)(const u32 *, int, void *, - const void *, unsigned int, void *); - -static __always_inline int -__speck64_xts_crypt(struct skcipher_request *req, speck64_crypt_one_t crypt_one, - speck64_xts_crypt_many_t crypt_many) -{ - struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); - const struct speck64_xts_tfm_ctx *ctx = crypto_skcipher_ctx(tfm); - struct skcipher_walk walk; - __le64 tweak; - int err; - - err = skcipher_walk_virt(&walk, req, true); - - crypto_speck64_encrypt(&ctx->tweak_key, (u8 *)&tweak, walk.iv); - - while (walk.nbytes > 0) { - unsigned int nbytes = walk.nbytes; - u8 *dst = walk.dst.virt.addr; - const u8 *src = walk.src.virt.addr; - - if (nbytes >= SPECK_NEON_CHUNK_SIZE && may_use_simd()) { - unsigned int count; - - count = round_down(nbytes, SPECK_NEON_CHUNK_SIZE); - kernel_neon_begin(); - (*crypt_many)(ctx->main_key.round_keys, - ctx->main_key.nrounds, - dst, src, count, &tweak); - kernel_neon_end(); - dst += count; - src += count; - nbytes -= count; - } - - /* Handle any remainder with generic code */ - while (nbytes >= sizeof(tweak)) { - *(__le64 *)dst = *(__le64 *)src ^ tweak; - (*crypt_one)(&ctx->main_key, dst, dst); - *(__le64 *)dst ^= tweak; - tweak = cpu_to_le64((le64_to_cpu(tweak) << 1) ^ - ((tweak & cpu_to_le64(1ULL << 63)) ? - 0x1B : 0)); - dst += sizeof(tweak); - src += sizeof(tweak); - nbytes -= sizeof(tweak); - } - err = skcipher_walk_done(&walk, nbytes); - } - - return err; -} - -static int speck64_xts_encrypt(struct skcipher_request *req) -{ - return __speck64_xts_crypt(req, crypto_speck64_encrypt, - speck64_xts_encrypt_neon); -} - -static int speck64_xts_decrypt(struct skcipher_request *req) -{ - return __speck64_xts_crypt(req, crypto_speck64_decrypt, - speck64_xts_decrypt_neon); -} - -static int speck64_xts_setkey(struct crypto_skcipher *tfm, const u8 *key, - unsigned int keylen) -{ - struct speck64_xts_tfm_ctx *ctx = crypto_skcipher_ctx(tfm); - int err; - - err = xts_verify_key(tfm, key, keylen); - if (err) - return err; - - keylen /= 2; - - err = crypto_speck64_setkey(&ctx->main_key, key, keylen); - if (err) - return err; - - return crypto_speck64_setkey(&ctx->tweak_key, key + keylen, keylen); -} - -static struct skcipher_alg speck_algs[] = { - { - .base.cra_name = "xts(speck128)", - .base.cra_driver_name = "xts-speck128-neon", - .base.cra_priority = 300, - .base.cra_blocksize = SPECK128_BLOCK_SIZE, - .base.cra_ctxsize = sizeof(struct speck128_xts_tfm_ctx), - .base.cra_alignmask = 7, - .base.cra_module = THIS_MODULE, - .min_keysize = 2 * SPECK128_128_KEY_SIZE, - .max_keysize = 2 * SPECK128_256_KEY_SIZE, - .ivsize = SPECK128_BLOCK_SIZE, - .walksize = SPECK_NEON_CHUNK_SIZE, - .setkey = speck128_xts_setkey, - .encrypt = speck128_xts_encrypt, - .decrypt = speck128_xts_decrypt, - }, { - .base.cra_name = "xts(speck64)", - .base.cra_driver_name = "xts-speck64-neon", - .base.cra_priority = 300, - .base.cra_blocksize = SPECK64_BLOCK_SIZE, - .base.cra_ctxsize = sizeof(struct speck64_xts_tfm_ctx), - .base.cra_alignmask = 7, - .base.cra_module = THIS_MODULE, - .min_keysize = 2 * SPECK64_96_KEY_SIZE, - .max_keysize = 2 * SPECK64_128_KEY_SIZE, - .ivsize = SPECK64_BLOCK_SIZE, - .walksize = SPECK_NEON_CHUNK_SIZE, - .setkey = speck64_xts_setkey, - .encrypt = speck64_xts_encrypt, - .decrypt = speck64_xts_decrypt, - } -}; - -static int __init speck_neon_module_init(void) -{ - if (!(elf_hwcap & HWCAP_NEON)) - return -ENODEV; - return crypto_register_skciphers(speck_algs, ARRAY_SIZE(speck_algs)); -} - -static void __exit speck_neon_module_exit(void) -{ - crypto_unregister_skciphers(speck_algs, ARRAY_SIZE(speck_algs)); -} - -module_init(speck_neon_module_init); -module_exit(speck_neon_module_exit); - -MODULE_DESCRIPTION("Speck block cipher (NEON-accelerated)"); -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Eric Biggers <ebiggers(a)google.com>"); -MODULE_ALIAS_CRYPTO("xts(speck128)"); -MODULE_ALIAS_CRYPTO("xts-speck128-neon"); -MODULE_ALIAS_CRYPTO("xts(speck64)"); -MODULE_ALIAS_CRYPTO("xts-speck64-neon"); diff --git a/arch/arm64/crypto/Kconfig b/arch/arm64/crypto/Kconfig index e3fdb0fd6f70..d51944ff9f91 100644 --- a/arch/arm64/crypto/Kconfig +++ b/arch/arm64/crypto/Kconfig @@ -119,10 +119,4 @@ config CRYPTO_AES_ARM64_BS select CRYPTO_AES_ARM64 select CRYPTO_SIMD -config CRYPTO_SPECK_NEON - tristate "NEON accelerated Speck cipher algorithms" - depends on KERNEL_MODE_NEON - select CRYPTO_BLKCIPHER - select CRYPTO_SPECK - endif diff --git a/arch/arm64/crypto/Makefile b/arch/arm64/crypto/Makefile index bcafd016618e..7bc4bda6d9c6 100644 --- a/arch/arm64/crypto/Makefile +++ b/arch/arm64/crypto/Makefile @@ -56,9 +56,6 @@ sha512-arm64-y := sha512-glue.o sha512-core.o obj-$(CONFIG_CRYPTO_CHACHA20_NEON) += chacha20-neon.o chacha20-neon-y := chacha20-neon-core.o chacha20-neon-glue.o -obj-$(CONFIG_CRYPTO_SPECK_NEON) += speck-neon.o -speck-neon-y := speck-neon-core.o speck-neon-glue.o - obj-$(CONFIG_CRYPTO_AES_ARM64) += aes-arm64.o aes-arm64-y := aes-cipher-core.o aes-cipher-glue.o diff --git a/arch/arm64/crypto/speck-neon-core.S b/arch/arm64/crypto/speck-neon-core.S deleted file mode 100644 index b14463438b09..000000000000 --- a/arch/arm64/crypto/speck-neon-core.S +++ /dev/null @@ -1,352 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -/* - * ARM64 NEON-accelerated implementation of Speck128-XTS and Speck64-XTS - * - * Copyright (c) 2018 Google, Inc - * - * Author: Eric Biggers <ebiggers(a)google.com> - */ - -#include <linux/linkage.h> - - .text - - // arguments - ROUND_KEYS .req x0 // const {u64,u32} *round_keys - NROUNDS .req w1 // int nrounds - NROUNDS_X .req x1 - DST .req x2 // void *dst - SRC .req x3 // const void *src - NBYTES .req w4 // unsigned int nbytes - TWEAK .req x5 // void *tweak - - // registers which hold the data being encrypted/decrypted - // (underscores avoid a naming collision with ARM64 registers x0-x3) - X_0 .req v0 - Y_0 .req v1 - X_1 .req v2 - Y_1 .req v3 - X_2 .req v4 - Y_2 .req v5 - X_3 .req v6 - Y_3 .req v7 - - // the round key, duplicated in all lanes - ROUND_KEY .req v8 - - // index vector for tbl-based 8-bit rotates - ROTATE_TABLE .req v9 - ROTATE_TABLE_Q .req q9 - - // temporary registers - TMP0 .req v10 - TMP1 .req v11 - TMP2 .req v12 - TMP3 .req v13 - - // multiplication table for updating XTS tweaks - GFMUL_TABLE .req v14 - GFMUL_TABLE_Q .req q14 - - // next XTS tweak value(s) - TWEAKV_NEXT .req v15 - - // XTS tweaks for the blocks currently being encrypted/decrypted - TWEAKV0 .req v16 - TWEAKV1 .req v17 - TWEAKV2 .req v18 - TWEAKV3 .req v19 - TWEAKV4 .req v20 - TWEAKV5 .req v21 - TWEAKV6 .req v22 - TWEAKV7 .req v23 - - .align 4 -.Lror64_8_table: - .octa 0x080f0e0d0c0b0a090007060504030201 -.Lror32_8_table: - .octa 0x0c0f0e0d080b0a090407060500030201 -.Lrol64_8_table: - .octa 0x0e0d0c0b0a09080f0605040302010007 -.Lrol32_8_table: - .octa 0x0e0d0c0f0a09080b0605040702010003 -.Lgf128mul_table: - .octa 0x00000000000000870000000000000001 -.Lgf64mul_table: - .octa 0x0000000000000000000000002d361b00 - -/* - * _speck_round_128bytes() - Speck encryption round on 128 bytes at a time - * - * Do one Speck encryption round on the 128 bytes (8 blocks for Speck128, 16 for - * Speck64) stored in X0-X3 and Y0-Y3, using the round key stored in all lanes - * of ROUND_KEY. 'n' is the lane size: 64 for Speck128, or 32 for Speck64. - * 'lanes' is the lane specifier: "2d" for Speck128 or "4s" for Speck64. - */ -.macro _speck_round_128bytes n, lanes - - // x = ror(x, 8) - tbl X_0.16b, {X_0.16b}, ROTATE_TABLE.16b - tbl X_1.16b, {X_1.16b}, ROTATE_TABLE.16b - tbl X_2.16b, {X_2.16b}, ROTATE_TABLE.16b - tbl X_3.16b, {X_3.16b}, ROTATE_TABLE.16b - - // x += y - add X_0.\lanes, X_0.\lanes, Y_0.\lanes - add X_1.\lanes, X_1.\lanes, Y_1.\lanes - add X_2.\lanes, X_2.\lanes, Y_2.\lanes - add X_3.\lanes, X_3.\lanes, Y_3.\lanes - - // x ^= k - eor X_0.16b, X_0.16b, ROUND_KEY.16b - eor X_1.16b, X_1.16b, ROUND_KEY.16b - eor X_2.16b, X_2.16b, ROUND_KEY.16b - eor X_3.16b, X_3.16b, ROUND_KEY.16b - - // y = rol(y, 3) - shl TMP0.\lanes, Y_0.\lanes, #3 - shl TMP1.\lanes, Y_1.\lanes, #3 - shl TMP2.\lanes, Y_2.\lanes, #3 - shl TMP3.\lanes, Y_3.\lanes, #3 - sri TMP0.\lanes, Y_0.\lanes, #(\n - 3) - sri TMP1.\lanes, Y_1.\lanes, #(\n - 3) - sri TMP2.\lanes, Y_2.\lanes, #(\n - 3) - sri TMP3.\lanes, Y_3.\lanes, #(\n - 3) - - // y ^= x - eor Y_0.16b, TMP0.16b, X_0.16b - eor Y_1.16b, TMP1.16b, X_1.16b - eor Y_2.16b, TMP2.16b, X_2.16b - eor Y_3.16b, TMP3.16b, X_3.16b -.endm - -/* - * _speck_unround_128bytes() - Speck decryption round on 128 bytes at a time - * - * This is the inverse of _speck_round_128bytes(). - */ -.macro _speck_unround_128bytes n, lanes - - // y ^= x - eor TMP0.16b, Y_0.16b, X_0.16b - eor TMP1.16b, Y_1.16b, X_1.16b - eor TMP2.16b, Y_2.16b, X_2.16b - eor TMP3.16b, Y_3.16b, X_3.16b - - // y = ror(y, 3) - ushr Y_0.\lanes, TMP0.\lanes, #3 - ushr Y_1.\lanes, TMP1.\lanes, #3 - ushr Y_2.\lanes, TMP2.\lanes, #3 - ushr Y_3.\lanes, TMP3.\lanes, #3 - sli Y_0.\lanes, TMP0.\lanes, #(\n - 3) - sli Y_1.\lanes, TMP1.\lanes, #(\n - 3) - sli Y_2.\lanes, TMP2.\lanes, #(\n - 3) - sli Y_3.\lanes, TMP3.\lanes, #(\n - 3) - - // x ^= k - eor X_0.16b, X_0.16b, ROUND_KEY.16b - eor X_1.16b, X_1.16b, ROUND_KEY.16b - eor X_2.16b, X_2.16b, ROUND_KEY.16b - eor X_3.16b, X_3.16b, ROUND_KEY.16b - - // x -= y - sub X_0.\lanes, X_0.\lanes, Y_0.\lanes - sub X_1.\lanes, X_1.\lanes, Y_1.\lanes - sub X_2.\lanes, X_2.\lanes, Y_2.\lanes - sub X_3.\lanes, X_3.\lanes, Y_3.\lanes - - // x = rol(x, 8) - tbl X_0.16b, {X_0.16b}, ROTATE_TABLE.16b - tbl X_1.16b, {X_1.16b}, ROTATE_TABLE.16b - tbl X_2.16b, {X_2.16b}, ROTATE_TABLE.16b - tbl X_3.16b, {X_3.16b}, ROTATE_TABLE.16b -.endm - -.macro _next_xts_tweak next, cur, tmp, n -.if \n == 64 - /* - * Calculate the next tweak by multiplying the current one by x, - * modulo p(x) = x^128 + x^7 + x^2 + x + 1. - */ - sshr \tmp\().2d, \cur\().2d, #63 - and \tmp\().16b, \tmp\().16b, GFMUL_TABLE.16b - shl \next\().2d, \cur\().2d, #1 - ext \tmp\().16b, \tmp\().16b, \tmp\().16b, #8 - eor \next\().16b, \next\().16b, \tmp\().16b -.else - /* - * Calculate the next two tweaks by multiplying the current ones by x^2, - * modulo p(x) = x^64 + x^4 + x^3 + x + 1. - */ - ushr \tmp\().2d, \cur\().2d, #62 - shl \next\().2d, \cur\().2d, #2 - tbl \tmp\().16b, {GFMUL_TABLE.16b}, \tmp\().16b - eor \next\().16b, \next\().16b, \tmp\().16b -.endif -.endm - -/* - * _speck_xts_crypt() - Speck-XTS encryption/decryption - * - * Encrypt or decrypt NBYTES bytes of data from the SRC buffer to the DST buffer - * using Speck-XTS, specifically the variant with a block size of '2n' and round - * count given by NROUNDS. The expanded round keys are given in ROUND_KEYS, and - * the current XTS tweak value is given in TWEAK. It's assumed that NBYTES is a - * nonzero multiple of 128. - */ -.macro _speck_xts_crypt n, lanes, decrypting - - /* - * If decrypting, modify the ROUND_KEYS parameter to point to the last - * round key rather than the first, since for decryption the round keys - * are used in reverse order. - */ -.if \decrypting - mov NROUNDS, NROUNDS /* zero the high 32 bits */ -.if \n == 64 - add ROUND_KEYS, ROUND_KEYS, NROUNDS_X, lsl #3 - sub ROUND_KEYS, ROUND_KEYS, #8 -.else - add ROUND_KEYS, ROUND_KEYS, NROUNDS_X, lsl #2 - sub ROUND_KEYS, ROUND_KEYS, #4 -.endif -.endif - - // Load the index vector for tbl-based 8-bit rotates -.if \decrypting - ldr ROTATE_TABLE_Q, .Lrol\n\()_8_table -.else - ldr ROTATE_TABLE_Q, .Lror\n\()_8_table -.endif - - // One-time XTS preparation -.if \n == 64 - // Load first tweak - ld1 {TWEAKV0.16b}, [TWEAK] - - // Load GF(2^128) multiplication table - ldr GFMUL_TABLE_Q, .Lgf128mul_table -.else - // Load first tweak - ld1 {TWEAKV0.8b}, [TWEAK] - - // Load GF(2^64) multiplication table - ldr GFMUL_TABLE_Q, .Lgf64mul_table - - // Calculate second tweak, packing it together with the first - ushr TMP0.2d, TWEAKV0.2d, #63 - shl TMP1.2d, TWEAKV0.2d, #1 - tbl TMP0.8b, {GFMUL_TABLE.16b}, TMP0.8b - eor TMP0.8b, TMP0.8b, TMP1.8b - mov TWEAKV0.d[1], TMP0.d[0] -.endif - -.Lnext_128bytes_\@: - - // Calculate XTS tweaks for next 128 bytes - _next_xts_tweak TWEAKV1, TWEAKV0, TMP0, \n - _next_xts_tweak TWEAKV2, TWEAKV1, TMP0, \n - _next_xts_tweak TWEAKV3, TWEAKV2, TMP0, \n - _next_xts_tweak TWEAKV4, TWEAKV3, TMP0, \n - _next_xts_tweak TWEAKV5, TWEAKV4, TMP0, \n - _next_xts_tweak TWEAKV6, TWEAKV5, TMP0, \n - _next_xts_tweak TWEAKV7, TWEAKV6, TMP0, \n - _next_xts_tweak TWEAKV_NEXT, TWEAKV7, TMP0, \n - - // Load the next source blocks into {X,Y}[0-3] - ld1 {X_0.16b-Y_1.16b}, [SRC], #64 - ld1 {X_2.16b-Y_3.16b}, [SRC], #64 - - // XOR the source blocks with their XTS tweaks - eor TMP0.16b, X_0.16b, TWEAKV0.16b - eor Y_0.16b, Y_0.16b, TWEAKV1.16b - eor TMP1.16b, X_1.16b, TWEAKV2.16b - eor Y_1.16b, Y_1.16b, TWEAKV3.16b - eor TMP2.16b, X_2.16b, TWEAKV4.16b - eor Y_2.16b, Y_2.16b, TWEAKV5.16b - eor TMP3.16b, X_3.16b, TWEAKV6.16b - eor Y_3.16b, Y_3.16b, TWEAKV7.16b - - /* - * De-interleave the 'x' and 'y' elements of each block, i.e. make it so - * that the X[0-3] registers contain only the second halves of blocks, - * and the Y[0-3] registers contain only the first halves of blocks. - * (Speck uses the order (y, x) rather than the more intuitive (x, y).) - */ - uzp2 X_0.\lanes, TMP0.\lanes, Y_0.\lanes - uzp1 Y_0.\lanes, TMP0.\lanes, Y_0.\lanes - uzp2 X_1.\lanes, TMP1.\lanes, Y_1.\lanes - uzp1 Y_1.\lanes, TMP1.\lanes, Y_1.\lanes - uzp2 X_2.\lanes, TMP2.\lanes, Y_2.\lanes - uzp1 Y_2.\lanes, TMP2.\lanes, Y_2.\lanes - uzp2 X_3.\lanes, TMP3.\lanes, Y_3.\lanes - uzp1 Y_3.\lanes, TMP3.\lanes, Y_3.\lanes - - // Do the cipher rounds - mov x6, ROUND_KEYS - mov w7, NROUNDS -.Lnext_round_\@: -.if \decrypting - ld1r {ROUND_KEY.\lanes}, [x6] - sub x6, x6, #( \n / 8 ) - _speck_unround_128bytes \n, \lanes -.else - ld1r {ROUND_KEY.\lanes}, [x6], #( \n / 8 ) - _speck_round_128bytes \n, \lanes -.endif - subs w7, w7, #1 - bne .Lnext_round_\@ - - // Re-interleave the 'x' and 'y' elements of each block - zip1 TMP0.\lanes, Y_0.\lanes, X_0.\lanes - zip2 Y_0.\lanes, Y_0.\lanes, X_0.\lanes - zip1 TMP1.\lanes, Y_1.\lanes, X_1.\lanes - zip2 Y_1.\lanes, Y_1.\lanes, X_1.\lanes - zip1 TMP2.\lanes, Y_2.\lanes, X_2.\lanes - zip2 Y_2.\lanes, Y_2.\lanes, X_2.\lanes - zip1 TMP3.\lanes, Y_3.\lanes, X_3.\lanes - zip2 Y_3.\lanes, Y_3.\lanes, X_3.\lanes - - // XOR the encrypted/decrypted blocks with the tweaks calculated earlier - eor X_0.16b, TMP0.16b, TWEAKV0.16b - eor Y_0.16b, Y_0.16b, TWEAKV1.16b - eor X_1.16b, TMP1.16b, TWEAKV2.16b - eor Y_1.16b, Y_1.16b, TWEAKV3.16b - eor X_2.16b, TMP2.16b, TWEAKV4.16b - eor Y_2.16b, Y_2.16b, TWEAKV5.16b - eor X_3.16b, TMP3.16b, TWEAKV6.16b - eor Y_3.16b, Y_3.16b, TWEAKV7.16b - mov TWEAKV0.16b, TWEAKV_NEXT.16b - - // Store the ciphertext in the destination buffer - st1 {X_0.16b-Y_1.16b}, [DST], #64 - st1 {X_2.16b-Y_3.16b}, [DST], #64 - - // Continue if there are more 128-byte chunks remaining - subs NBYTES, NBYTES, #128 - bne .Lnext_128bytes_\@ - - // Store the next tweak and return -.if \n == 64 - st1 {TWEAKV_NEXT.16b}, [TWEAK] -.else - st1 {TWEAKV_NEXT.8b}, [TWEAK] -.endif - ret -.endm - -ENTRY(speck128_xts_encrypt_neon) - _speck_xts_crypt n=64, lanes=2d, decrypting=0 -ENDPROC(speck128_xts_encrypt_neon) - -ENTRY(speck128_xts_decrypt_neon) - _speck_xts_crypt n=64, lanes=2d, decrypting=1 -ENDPROC(speck128_xts_decrypt_neon) - -ENTRY(speck64_xts_encrypt_neon) - _speck_xts_crypt n=32, lanes=4s, decrypting=0 -ENDPROC(speck64_xts_encrypt_neon) - -ENTRY(speck64_xts_decrypt_neon) - _speck_xts_crypt n=32, lanes=4s, decrypting=1 -ENDPROC(speck64_xts_decrypt_neon) diff --git a/arch/arm64/crypto/speck-neon-glue.c b/arch/arm64/crypto/speck-neon-glue.c deleted file mode 100644 index 6e233aeb4ff4..000000000000 --- a/arch/arm64/crypto/speck-neon-glue.c +++ /dev/null @@ -1,282 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -/* - * NEON-accelerated implementation of Speck128-XTS and Speck64-XTS - * (64-bit version; based on the 32-bit version) - * - * Copyright (c) 2018 Google, Inc - */ - -#include <asm/hwcap.h> -#include <asm/neon.h> -#include <asm/simd.h> -#include <crypto/algapi.h> -#include <crypto/gf128mul.h> -#include <crypto/internal/skcipher.h> -#include <crypto/speck.h> -#include <crypto/xts.h> -#include <linux/kernel.h> -#include <linux/module.h> - -/* The assembly functions only handle multiples of 128 bytes */ -#define SPECK_NEON_CHUNK_SIZE 128 - -/* Speck128 */ - -struct speck128_xts_tfm_ctx { - struct speck128_tfm_ctx main_key; - struct speck128_tfm_ctx tweak_key; -}; - -asmlinkage void speck128_xts_encrypt_neon(const u64 *round_keys, int nrounds, - void *dst, const void *src, - unsigned int nbytes, void *tweak); - -asmlinkage void speck128_xts_decrypt_neon(const u64 *round_keys, int nrounds, - void *dst, const void *src, - unsigned int nbytes, void *tweak); - -typedef void (*speck128_crypt_one_t)(const struct speck128_tfm_ctx *, - u8 *, const u8 *); -typedef void (*speck128_xts_crypt_many_t)(const u64 *, int, void *, - const void *, unsigned int, void *); - -static __always_inline int -__speck128_xts_crypt(struct skcipher_request *req, - speck128_crypt_one_t crypt_one, - speck128_xts_crypt_many_t crypt_many) -{ - struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); - const struct speck128_xts_tfm_ctx *ctx = crypto_skcipher_ctx(tfm); - struct skcipher_walk walk; - le128 tweak; - int err; - - err = skcipher_walk_virt(&walk, req, true); - - crypto_speck128_encrypt(&ctx->tweak_key, (u8 *)&tweak, walk.iv); - - while (walk.nbytes > 0) { - unsigned int nbytes = walk.nbytes; - u8 *dst = walk.dst.virt.addr; - const u8 *src = walk.src.virt.addr; - - if (nbytes >= SPECK_NEON_CHUNK_SIZE && may_use_simd()) { - unsigned int count; - - count = round_down(nbytes, SPECK_NEON_CHUNK_SIZE); - kernel_neon_begin(); - (*crypt_many)(ctx->main_key.round_keys, - ctx->main_key.nrounds, - dst, src, count, &tweak); - kernel_neon_end(); - dst += count; - src += count; - nbytes -= count; - } - - /* Handle any remainder with generic code */ - while (nbytes >= sizeof(tweak)) { - le128_xor((le128 *)dst, (const le128 *)src, &tweak); - (*crypt_one)(&ctx->main_key, dst, dst); - le128_xor((le128 *)dst, (const le128 *)dst, &tweak); - gf128mul_x_ble(&tweak, &tweak); - - dst += sizeof(tweak); - src += sizeof(tweak); - nbytes -= sizeof(tweak); - } - err = skcipher_walk_done(&walk, nbytes); - } - - return err; -} - -static int speck128_xts_encrypt(struct skcipher_request *req) -{ - return __speck128_xts_crypt(req, crypto_speck128_encrypt, - speck128_xts_encrypt_neon); -} - -static int speck128_xts_decrypt(struct skcipher_request *req) -{ - return __speck128_xts_crypt(req, crypto_speck128_decrypt, - speck128_xts_decrypt_neon); -} - -static int speck128_xts_setkey(struct crypto_skcipher *tfm, const u8 *key, - unsigned int keylen) -{ - struct speck128_xts_tfm_ctx *ctx = crypto_skcipher_ctx(tfm); - int err; - - err = xts_verify_key(tfm, key, keylen); - if (err) - return err; - - keylen /= 2; - - err = crypto_speck128_setkey(&ctx->main_key, key, keylen); - if (err) - return err; - - return crypto_speck128_setkey(&ctx->tweak_key, key + keylen, keylen); -} - -/* Speck64 */ - -struct speck64_xts_tfm_ctx { - struct speck64_tfm_ctx main_key; - struct speck64_tfm_ctx tweak_key; -}; - -asmlinkage void speck64_xts_encrypt_neon(const u32 *round_keys, int nrounds, - void *dst, const void *src, - unsigned int nbytes, void *tweak); - -asmlinkage void speck64_xts_decrypt_neon(const u32 *round_keys, int nrounds, - void *dst, const void *src, - unsigned int nbytes, void *tweak); - -typedef void (*speck64_crypt_one_t)(const struct speck64_tfm_ctx *, - u8 *, const u8 *); -typedef void (*speck64_xts_crypt_many_t)(const u32 *, int, void *, - const void *, unsigned int, void *); - -static __always_inline int -__speck64_xts_crypt(struct skcipher_request *req, speck64_crypt_one_t crypt_one, - speck64_xts_crypt_many_t crypt_many) -{ - struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); - const struct speck64_xts_tfm_ctx *ctx = crypto_skcipher_ctx(tfm); - struct skcipher_walk walk; - __le64 tweak; - int err; - - err = skcipher_walk_virt(&walk, req, true); - - crypto_speck64_encrypt(&ctx->tweak_key, (u8 *)&tweak, walk.iv); - - while (walk.nbytes > 0) { - unsigned int nbytes = walk.nbytes; - u8 *dst = walk.dst.virt.addr; - const u8 *src = walk.src.virt.addr; - - if (nbytes >= SPECK_NEON_CHUNK_SIZE && may_use_simd()) { - unsigned int count; - - count = round_down(nbytes, SPECK_NEON_CHUNK_SIZE); - kernel_neon_begin(); - (*crypt_many)(ctx->main_key.round_keys, - ctx->main_key.nrounds, - dst, src, count, &tweak); - kernel_neon_end(); - dst += count; - src += count; - nbytes -= count; - } - - /* Handle any remainder with generic code */ - while (nbytes >= sizeof(tweak)) { - *(__le64 *)dst = *(__le64 *)src ^ tweak; - (*crypt_one)(&ctx->main_key, dst, dst); - *(__le64 *)dst ^= tweak; - tweak = cpu_to_le64((le64_to_cpu(tweak) << 1) ^ - ((tweak & cpu_to_le64(1ULL << 63)) ? - 0x1B : 0)); - dst += sizeof(tweak); - src += sizeof(tweak); - nbytes -= sizeof(tweak); - } - err = skcipher_walk_done(&walk, nbytes); - } - - return err; -} - -static int speck64_xts_encrypt(struct skcipher_request *req) -{ - return __speck64_xts_crypt(req, crypto_speck64_encrypt, - speck64_xts_encrypt_neon); -} - -static int speck64_xts_decrypt(struct skcipher_request *req) -{ - return __speck64_xts_crypt(req, crypto_speck64_decrypt, - speck64_xts_decrypt_neon); -} - -static int speck64_xts_setkey(struct crypto_skcipher *tfm, const u8 *key, - unsigned int keylen) -{ - struct speck64_xts_tfm_ctx *ctx = crypto_skcipher_ctx(tfm); - int err; - - err = xts_verify_key(tfm, key, keylen); - if (err) - return err; - - keylen /= 2; - - err = crypto_speck64_setkey(&ctx->main_key, key, keylen); - if (err) - return err; - - return crypto_speck64_setkey(&ctx->tweak_key, key + keylen, keylen); -} - -static struct skcipher_alg speck_algs[] = { - { - .base.cra_name = "xts(speck128)", - .base.cra_driver_name = "xts-speck128-neon", - .base.cra_priority = 300, - .base.cra_blocksize = SPECK128_BLOCK_SIZE, - .base.cra_ctxsize = sizeof(struct speck128_xts_tfm_ctx), - .base.cra_alignmask = 7, - .base.cra_module = THIS_MODULE, - .min_keysize = 2 * SPECK128_128_KEY_SIZE, - .max_keysize = 2 * SPECK128_256_KEY_SIZE, - .ivsize = SPECK128_BLOCK_SIZE, - .walksize = SPECK_NEON_CHUNK_SIZE, - .setkey = speck128_xts_setkey, - .encrypt = speck128_xts_encrypt, - .decrypt = speck128_xts_decrypt, - }, { - .base.cra_name = "xts(speck64)", - .base.cra_driver_name = "xts-speck64-neon", - .base.cra_priority = 300, - .base.cra_blocksize = SPECK64_BLOCK_SIZE, - .base.cra_ctxsize = sizeof(struct speck64_xts_tfm_ctx), - .base.cra_alignmask = 7, - .base.cra_module = THIS_MODULE, - .min_keysize = 2 * SPECK64_96_KEY_SIZE, - .max_keysize = 2 * SPECK64_128_KEY_SIZE, - .ivsize = SPECK64_BLOCK_SIZE, - .walksize = SPECK_NEON_CHUNK_SIZE, - .setkey = speck64_xts_setkey, - .encrypt = speck64_xts_encrypt, - .decrypt = speck64_xts_decrypt, - } -}; - -static int __init speck_neon_module_init(void) -{ - if (!(elf_hwcap & HWCAP_ASIMD)) - return -ENODEV; - return crypto_register_skciphers(speck_algs, ARRAY_SIZE(speck_algs)); -} - -static void __exit speck_neon_module_exit(void) -{ - crypto_unregister_skciphers(speck_algs, ARRAY_SIZE(speck_algs)); -} - -module_init(speck_neon_module_init); -module_exit(speck_neon_module_exit); - -MODULE_DESCRIPTION("Speck block cipher (NEON-accelerated)"); -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Eric Biggers <ebiggers(a)google.com>"); -MODULE_ALIAS_CRYPTO("xts(speck128)"); -MODULE_ALIAS_CRYPTO("xts-speck128-neon"); -MODULE_ALIAS_CRYPTO("xts(speck64)"); -MODULE_ALIAS_CRYPTO("xts-speck64-neon"); diff --git a/arch/m68k/configs/amiga_defconfig b/arch/m68k/configs/amiga_defconfig index a874e54404d1..4d4c76ab0bac 100644 --- a/arch/m68k/configs/amiga_defconfig +++ b/arch/m68k/configs/amiga_defconfig @@ -650,7 +650,6 @@ CONFIG_CRYPTO_SALSA20=m CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_SM4=m -CONFIG_CRYPTO_SPECK=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_LZO=m diff --git a/arch/m68k/configs/apollo_defconfig b/arch/m68k/configs/apollo_defconfig index 8ce39e23aa42..0fd006c19fa3 100644 --- a/arch/m68k/configs/apollo_defconfig +++ b/arch/m68k/configs/apollo_defconfig @@ -609,7 +609,6 @@ CONFIG_CRYPTO_SALSA20=m CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_SM4=m -CONFIG_CRYPTO_SPECK=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_LZO=m diff --git a/arch/m68k/configs/atari_defconfig b/arch/m68k/configs/atari_defconfig index 346c4e75edf8..9343e8d5cf60 100644 --- a/arch/m68k/configs/atari_defconfig +++ b/arch/m68k/configs/atari_defconfig @@ -631,7 +631,6 @@ CONFIG_CRYPTO_SALSA20=m CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_SM4=m -CONFIG_CRYPTO_SPECK=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_LZO=m diff --git a/arch/m68k/configs/bvme6000_defconfig b/arch/m68k/configs/bvme6000_defconfig index fca9c7aa71a3..a10fff6e7b50 100644 --- a/arch/m68k/configs/bvme6000_defconfig +++ b/arch/m68k/configs/bvme6000_defconfig @@ -601,7 +601,6 @@ CONFIG_CRYPTO_SALSA20=m CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_SM4=m -CONFIG_CRYPTO_SPECK=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_LZO=m diff --git a/arch/m68k/configs/hp300_defconfig b/arch/m68k/configs/hp300_defconfig index f9eab174915c..db81d8ea9d03 100644 --- a/arch/m68k/configs/hp300_defconfig +++ b/arch/m68k/configs/hp300_defconfig @@ -611,7 +611,6 @@ CONFIG_CRYPTO_SALSA20=m CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_SM4=m -CONFIG_CRYPTO_SPECK=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_LZO=m diff --git a/arch/m68k/configs/mac_defconfig b/arch/m68k/configs/mac_defconfig index b52e597899eb..2546617a1147 100644 --- a/arch/m68k/configs/mac_defconfig +++ b/arch/m68k/configs/mac_defconfig @@ -633,7 +633,6 @@ CONFIG_CRYPTO_SALSA20=m CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_SM4=m -CONFIG_CRYPTO_SPECK=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_LZO=m diff --git a/arch/m68k/configs/multi_defconfig b/arch/m68k/configs/multi_defconfig index 2a84eeec5b02..dc9b0d885e8b 100644 --- a/arch/m68k/configs/multi_defconfig +++ b/arch/m68k/configs/multi_defconfig @@ -713,7 +713,6 @@ CONFIG_CRYPTO_SALSA20=m CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_SM4=m -CONFIG_CRYPTO_SPECK=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_LZO=m diff --git a/arch/m68k/configs/mvme147_defconfig b/arch/m68k/configs/mvme147_defconfig index 476e69994340..0d815a375ba0 100644 --- a/arch/m68k/configs/mvme147_defconfig +++ b/arch/m68k/configs/mvme147_defconfig @@ -601,7 +601,6 @@ CONFIG_CRYPTO_SALSA20=m CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_SM4=m -CONFIG_CRYPTO_SPECK=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_LZO=m diff --git a/arch/m68k/configs/mvme16x_defconfig b/arch/m68k/configs/mvme16x_defconfig index 1477cda9146e..0cb8109b4c9e 100644 --- a/arch/m68k/configs/mvme16x_defconfig +++ b/arch/m68k/configs/mvme16x_defconfig @@ -601,7 +601,6 @@ CONFIG_CRYPTO_SALSA20=m CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_SM4=m -CONFIG_CRYPTO_SPECK=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_LZO=m diff --git a/arch/m68k/configs/q40_defconfig b/arch/m68k/configs/q40_defconfig index b3a543dc48a0..e91a1c28bba7 100644 --- a/arch/m68k/configs/q40_defconfig +++ b/arch/m68k/configs/q40_defconfig @@ -624,7 +624,6 @@ CONFIG_CRYPTO_SALSA20=m CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_SM4=m -CONFIG_CRYPTO_SPECK=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_LZO=m diff --git a/arch/m68k/configs/sun3_defconfig b/arch/m68k/configs/sun3_defconfig index d543ed5dfa96..3b2f0914c34f 100644 --- a/arch/m68k/configs/sun3_defconfig +++ b/arch/m68k/configs/sun3_defconfig @@ -602,7 +602,6 @@ CONFIG_CRYPTO_SALSA20=m CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_SM4=m -CONFIG_CRYPTO_SPECK=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_LZO=m diff --git a/arch/m68k/configs/sun3x_defconfig b/arch/m68k/configs/sun3x_defconfig index a67e54246023..e4365ef4f5ed 100644 --- a/arch/m68k/configs/sun3x_defconfig +++ b/arch/m68k/configs/sun3x_defconfig @@ -603,7 +603,6 @@ CONFIG_CRYPTO_SALSA20=m CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_SM4=m -CONFIG_CRYPTO_SPECK=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_LZO=m diff --git a/arch/s390/defconfig b/arch/s390/defconfig index f40600eb1762..5134c71a4937 100644 --- a/arch/s390/defconfig +++ b/arch/s390/defconfig @@ -221,7 +221,6 @@ CONFIG_CRYPTO_SALSA20=m CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m CONFIG_CRYPTO_SM4=m -CONFIG_CRYPTO_SPECK=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_DEFLATE=m diff --git a/crypto/Kconfig b/crypto/Kconfig index f3e40ac56d93..59e32623a7ce 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1590,20 +1590,6 @@ config CRYPTO_SM4 If unsure, say N. -config CRYPTO_SPECK - tristate "Speck cipher algorithm" - select CRYPTO_ALGAPI - help - Speck is a lightweight block cipher that is tuned for optimal - performance in software (rather than hardware). - - Speck may not be as secure as AES, and should only be used on systems - where AES is not fast enough. - - See also: <https://eprint.iacr.org/2013/404.pdf> - - If unsure, say N. - config CRYPTO_TEA tristate "TEA, XTEA and XETA cipher algorithms" select CRYPTO_ALGAPI diff --git a/crypto/Makefile b/crypto/Makefile index 6d1d40eeb964..f6a234d08882 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -115,7 +115,6 @@ obj-$(CONFIG_CRYPTO_TEA) += tea.o obj-$(CONFIG_CRYPTO_KHAZAD) += khazad.o obj-$(CONFIG_CRYPTO_ANUBIS) += anubis.o obj-$(CONFIG_CRYPTO_SEED) += seed.o -obj-$(CONFIG_CRYPTO_SPECK) += speck.o obj-$(CONFIG_CRYPTO_SALSA20) += salsa20_generic.o obj-$(CONFIG_CRYPTO_CHACHA20) += chacha20_generic.o obj-$(CONFIG_CRYPTO_POLY1305) += poly1305_generic.o diff --git a/crypto/speck.c b/crypto/speck.c deleted file mode 100644 index 58aa9f7f91f7..000000000000 --- a/crypto/speck.c +++ /dev/null @@ -1,307 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -/* - * Speck: a lightweight block cipher - * - * Copyright (c) 2018 Google, Inc - * - * Speck has 10 variants, including 5 block sizes. For now we only implement - * the variants Speck128/128, Speck128/192, Speck128/256, Speck64/96, and - * Speck64/128. Speck${B}/${K} denotes the variant with a block size of B bits - * and a key size of K bits. The Speck128 variants are believed to be the most - * secure variants, and they use the same block size and key sizes as AES. The - * Speck64 variants are less secure, but on 32-bit processors are usually - * faster. The remaining variants (Speck32, Speck48, and Speck96) are even less - * secure and/or not as well suited for implementation on either 32-bit or - * 64-bit processors, so are omitted. - * - * Reference: "The Simon and Speck Families of Lightweight Block Ciphers" - * https://eprint.iacr.org/2013/404.pdf - * - * In a correspondence, the Speck designers have also clarified that the words - * should be interpreted in little-endian format, and the words should be - * ordered such that the first word of each block is 'y' rather than 'x', and - * the first key word (rather than the last) becomes the first round key. - */ - -#include <asm/unaligned.h> -#include <crypto/speck.h> -#include <linux/bitops.h> -#include <linux/crypto.h> -#include <linux/init.h> -#include <linux/module.h> - -/* Speck128 */ - -static __always_inline void speck128_round(u64 *x, u64 *y, u64 k) -{ - *x = ror64(*x, 8); - *x += *y; - *x ^= k; - *y = rol64(*y, 3); - *y ^= *x; -} - -static __always_inline void speck128_unround(u64 *x, u64 *y, u64 k) -{ - *y ^= *x; - *y = ror64(*y, 3); - *x ^= k; - *x -= *y; - *x = rol64(*x, 8); -} - -void crypto_speck128_encrypt(const struct speck128_tfm_ctx *ctx, - u8 *out, const u8 *in) -{ - u64 y = get_unaligned_le64(in); - u64 x = get_unaligned_le64(in + 8); - int i; - - for (i = 0; i < ctx->nrounds; i++) - speck128_round(&x, &y, ctx->round_keys[i]); - - put_unaligned_le64(y, out); - put_unaligned_le64(x, out + 8); -} -EXPORT_SYMBOL_GPL(crypto_speck128_encrypt); - -static void speck128_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) -{ - crypto_speck128_encrypt(crypto_tfm_ctx(tfm), out, in); -} - -void crypto_speck128_decrypt(const struct speck128_tfm_ctx *ctx, - u8 *out, const u8 *in) -{ - u64 y = get_unaligned_le64(in); - u64 x = get_unaligned_le64(in + 8); - int i; - - for (i = ctx->nrounds - 1; i >= 0; i--) - speck128_unround(&x, &y, ctx->round_keys[i]); - - put_unaligned_le64(y, out); - put_unaligned_le64(x, out + 8); -} -EXPORT_SYMBOL_GPL(crypto_speck128_decrypt); - -static void speck128_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) -{ - crypto_speck128_decrypt(crypto_tfm_ctx(tfm), out, in); -} - -int crypto_speck128_setkey(struct speck128_tfm_ctx *ctx, const u8 *key, - unsigned int keylen) -{ - u64 l[3]; - u64 k; - int i; - - switch (keylen) { - case SPECK128_128_KEY_SIZE: - k = get_unaligned_le64(key); - l[0] = get_unaligned_le64(key + 8); - ctx->nrounds = SPECK128_128_NROUNDS; - for (i = 0; i < ctx->nrounds; i++) { - ctx->round_keys[i] = k; - speck128_round(&l[0], &k, i); - } - break; - case SPECK128_192_KEY_SIZE: - k = get_unaligned_le64(key); - l[0] = get_unaligned_le64(key + 8); - l[1] = get_unaligned_le64(key + 16); - ctx->nrounds = SPECK128_192_NROUNDS; - for (i = 0; i < ctx->nrounds; i++) { - ctx->round_keys[i] = k; - speck128_round(&l[i % 2], &k, i); - } - break; - case SPECK128_256_KEY_SIZE: - k = get_unaligned_le64(key); - l[0] = get_unaligned_le64(key + 8); - l[1] = get_unaligned_le64(key + 16); - l[2] = get_unaligned_le64(key + 24); - ctx->nrounds = SPECK128_256_NROUNDS; - for (i = 0; i < ctx->nrounds; i++) { - ctx->round_keys[i] = k; - speck128_round(&l[i % 3], &k, i); - } - break; - default: - return -EINVAL; - } - - return 0; -} -EXPORT_SYMBOL_GPL(crypto_speck128_setkey); - -static int speck128_setkey(struct crypto_tfm *tfm, const u8 *key, - unsigned int keylen) -{ - return crypto_speck128_setkey(crypto_tfm_ctx(tfm), key, keylen); -} - -/* Speck64 */ - -static __always_inline void speck64_round(u32 *x, u32 *y, u32 k) -{ - *x = ror32(*x, 8); - *x += *y; - *x ^= k; - *y = rol32(*y, 3); - *y ^= *x; -} - -static __always_inline void speck64_unround(u32 *x, u32 *y, u32 k) -{ - *y ^= *x; - *y = ror32(*y, 3); - *x ^= k; - *x -= *y; - *x = rol32(*x, 8); -} - -void crypto_speck64_encrypt(const struct speck64_tfm_ctx *ctx, - u8 *out, const u8 *in) -{ - u32 y = get_unaligned_le32(in); - u32 x = get_unaligned_le32(in + 4); - int i; - - for (i = 0; i < ctx->nrounds; i++) - speck64_round(&x, &y, ctx->round_keys[i]); - - put_unaligned_le32(y, out); - put_unaligned_le32(x, out + 4); -} -EXPORT_SYMBOL_GPL(crypto_speck64_encrypt); - -static void speck64_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) -{ - crypto_speck64_encrypt(crypto_tfm_ctx(tfm), out, in); -} - -void crypto_speck64_decrypt(const struct speck64_tfm_ctx *ctx, - u8 *out, const u8 *in) -{ - u32 y = get_unaligned_le32(in); - u32 x = get_unaligned_le32(in + 4); - int i; - - for (i = ctx->nrounds - 1; i >= 0; i--) - speck64_unround(&x, &y, ctx->round_keys[i]); - - put_unaligned_le32(y, out); - put_unaligned_le32(x, out + 4); -} -EXPORT_SYMBOL_GPL(crypto_speck64_decrypt); - -static void speck64_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) -{ - crypto_speck64_decrypt(crypto_tfm_ctx(tfm), out, in); -} - -int crypto_speck64_setkey(struct speck64_tfm_ctx *ctx, const u8 *key, - unsigned int keylen) -{ - u32 l[3]; - u32 k; - int i; - - switch (keylen) { - case SPECK64_96_KEY_SIZE: - k = get_unaligned_le32(key); - l[0] = get_unaligned_le32(key + 4); - l[1] = get_unaligned_le32(key + 8); - ctx->nrounds = SPECK64_96_NROUNDS; - for (i = 0; i < ctx->nrounds; i++) { - ctx->round_keys[i] = k; - speck64_round(&l[i % 2], &k, i); - } - break; - case SPECK64_128_KEY_SIZE: - k = get_unaligned_le32(key); - l[0] = get_unaligned_le32(key + 4); - l[1] = get_unaligned_le32(key + 8); - l[2] = get_unaligned_le32(key + 12); - ctx->nrounds = SPECK64_128_NROUNDS; - for (i = 0; i < ctx->nrounds; i++) { - ctx->round_keys[i] = k; - speck64_round(&l[i % 3], &k, i); - } - break; - default: - return -EINVAL; - } - - return 0; -} -EXPORT_SYMBOL_GPL(crypto_speck64_setkey); - -static int speck64_setkey(struct crypto_tfm *tfm, const u8 *key, - unsigned int keylen) -{ - return crypto_speck64_setkey(crypto_tfm_ctx(tfm), key, keylen); -} - -/* Algorithm definitions */ - -static struct crypto_alg speck_algs[] = { - { - .cra_name = "speck128", - .cra_driver_name = "speck128-generic", - .cra_priority = 100, - .cra_flags = CRYPTO_ALG_TYPE_CIPHER, - .cra_blocksize = SPECK128_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct speck128_tfm_ctx), - .cra_module = THIS_MODULE, - .cra_u = { - .cipher = { - .cia_min_keysize = SPECK128_128_KEY_SIZE, - .cia_max_keysize = SPECK128_256_KEY_SIZE, - .cia_setkey = speck128_setkey, - .cia_encrypt = speck128_encrypt, - .cia_decrypt = speck128_decrypt - } - } - }, { - .cra_name = "speck64", - .cra_driver_name = "speck64-generic", - .cra_priority = 100, - .cra_flags = CRYPTO_ALG_TYPE_CIPHER, - .cra_blocksize = SPECK64_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct speck64_tfm_ctx), - .cra_module = THIS_MODULE, - .cra_u = { - .cipher = { - .cia_min_keysize = SPECK64_96_KEY_SIZE, - .cia_max_keysize = SPECK64_128_KEY_SIZE, - .cia_setkey = speck64_setkey, - .cia_encrypt = speck64_encrypt, - .cia_decrypt = speck64_decrypt - } - } - } -}; - -static int __init speck_module_init(void) -{ - return crypto_register_algs(speck_algs, ARRAY_SIZE(speck_algs)); -} - -static void __exit speck_module_exit(void) -{ - crypto_unregister_algs(speck_algs, ARRAY_SIZE(speck_algs)); -} - -module_init(speck_module_init); -module_exit(speck_module_exit); - -MODULE_DESCRIPTION("Speck block cipher (generic)"); -MODULE_LICENSE("GPL"); -MODULE_AUTHOR("Eric Biggers <ebiggers(a)google.com>"); -MODULE_ALIAS_CRYPTO("speck128"); -MODULE_ALIAS_CRYPTO("speck128-generic"); -MODULE_ALIAS_CRYPTO("speck64"); -MODULE_ALIAS_CRYPTO("speck64-generic"); diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 11e45352fd0b..1ed03bf6a977 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -3000,18 +3000,6 @@ static const struct alg_test_desc alg_test_descs[] = { .suite = { .cipher = __VECS(sm4_tv_template) } - }, { - .alg = "ecb(speck128)", - .test = alg_test_skcipher, - .suite = { - .cipher = __VECS(speck128_tv_template) - } - }, { - .alg = "ecb(speck64)", - .test = alg_test_skcipher, - .suite = { - .cipher = __VECS(speck64_tv_template) - } }, { .alg = "ecb(tea)", .test = alg_test_skcipher, @@ -3539,18 +3527,6 @@ static const struct alg_test_desc alg_test_descs[] = { .suite = { .cipher = __VECS(serpent_xts_tv_template) } - }, { - .alg = "xts(speck128)", - .test = alg_test_skcipher, - .suite = { - .cipher = __VECS(speck128_xts_tv_template) - } - }, { - .alg = "xts(speck64)", - .test = alg_test_skcipher, - .suite = { - .cipher = __VECS(speck64_xts_tv_template) - } }, { .alg = "xts(twofish)", .test = alg_test_skcipher, diff --git a/crypto/testmgr.h b/crypto/testmgr.h index b950aa234e43..36572c665026 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -10141,744 +10141,6 @@ static const struct cipher_testvec sm4_tv_template[] = { } }; -/* - * Speck test vectors taken from the original paper: - * "The Simon and Speck Families of Lightweight Block Ciphers" - * https://eprint.iacr.org/2013/404.pdf - * - * Note that the paper does not make byte and word order clear. But it was - * confirmed with the authors that the intended orders are little endian byte - * order and (y, x) word order. Equivalently, the printed test vectors, when - * looking at only the bytes (ignoring the whitespace that divides them into - * words), are backwards: the left-most byte is actually the one with the - * highest memory address, while the right-most byte is actually the one with - * the lowest memory address. - */ - -static const struct cipher_testvec speck128_tv_template[] = { - { /* Speck128/128 */ - .key = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - .klen = 16, - .ptext = "\x20\x6d\x61\x64\x65\x20\x69\x74" - "\x20\x65\x71\x75\x69\x76\x61\x6c", - .ctext = "\x18\x0d\x57\x5c\xdf\xfe\x60\x78" - "\x65\x32\x78\x79\x51\x98\x5d\xa6", - .len = 16, - }, { /* Speck128/192 */ - .key = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17", - .klen = 24, - .ptext = "\x65\x6e\x74\x20\x74\x6f\x20\x43" - "\x68\x69\x65\x66\x20\x48\x61\x72", - .ctext = "\x86\x18\x3c\xe0\x5d\x18\xbc\xf9" - "\x66\x55\x13\x13\x3a\xcf\xe4\x1b", - .len = 16, - }, { /* Speck128/256 */ - .key = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .klen = 32, - .ptext = "\x70\x6f\x6f\x6e\x65\x72\x2e\x20" - "\x49\x6e\x20\x74\x68\x6f\x73\x65", - .ctext = "\x43\x8f\x18\x9c\x8d\xb4\xee\x4e" - "\x3e\xf5\xc0\x05\x04\x01\x09\x41", - .len = 16, - }, -}; - -/* - * Speck128-XTS test vectors, taken from the AES-XTS test vectors with the - * ciphertext recomputed with Speck128 as the cipher - */ -static const struct cipher_testvec speck128_xts_tv_template[] = { - { - .key = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .ctext = "\xbe\xa0\xe7\x03\xd7\xfe\xab\x62" - "\x3b\x99\x4a\x64\x74\x77\xac\xed" - "\xd8\xf4\xa6\xcf\xae\xb9\x07\x42" - "\x51\xd9\xb6\x1d\xe0\x5e\xbc\x54", - .len = 32, - }, { - .key = "\x11\x11\x11\x11\x11\x11\x11\x11" - "\x11\x11\x11\x11\x11\x11\x11\x11" - "\x22\x22\x22\x22\x22\x22\x22\x22" - "\x22\x22\x22\x22\x22\x22\x22\x22", - .klen = 32, - .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44", - .ctext = "\xfb\x53\x81\x75\x6f\x9f\x34\xad" - "\x7e\x01\xed\x7b\xcc\xda\x4e\x4a" - "\xd4\x84\xa4\x53\xd5\x88\x73\x1b" - "\xfd\xcb\xae\x0d\xf3\x04\xee\xe6", - .len = 32, - }, { - .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8" - "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0" - "\x22\x22\x22\x22\x22\x22\x22\x22" - "\x22\x22\x22\x22\x22\x22\x22\x22", - .klen = 32, - .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44", - .ctext = "\x21\x52\x84\x15\xd1\xf7\x21\x55" - "\xd9\x75\x4a\xd3\xc5\xdb\x9f\x7d" - "\xda\x63\xb2\xf1\x82\xb0\x89\x59" - "\x86\xd4\xaa\xaa\xdd\xff\x4f\x92", - .len = 32, - }, { - .key = "\x27\x18\x28\x18\x28\x45\x90\x45" - "\x23\x53\x60\x28\x74\x71\x35\x26" - "\x31\x41\x59\x26\x53\x58\x97\x93" - "\x23\x84\x62\x64\x33\x83\x27\x95", - .klen = 32, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" - "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .ctext = "\x57\xb5\xf8\x71\x6e\x6d\xdd\x82" - "\x53\xd0\xed\x2d\x30\xc1\x20\xef" - "\x70\x67\x5e\xff\x09\x70\xbb\xc1" - "\x3a\x7b\x48\x26\xd9\x0b\xf4\x48" - "\xbe\xce\xb1\xc7\xb2\x67\xc4\xa7" - "\x76\xf8\x36\x30\xb7\xb4\x9a\xd9" - "\xf5\x9d\xd0\x7b\xc1\x06\x96\x44" - "\x19\xc5\x58\x84\x63\xb9\x12\x68" - "\x68\xc7\xaa\x18\x98\xf2\x1f\x5c" - "\x39\xa6\xd8\x32\x2b\xc3\x51\xfd" - "\x74\x79\x2e\xb4\x44\xd7\x69\xc4" - "\xfc\x29\xe6\xed\x26\x1e\xa6\x9d" - "\x1c\xbe\x00\x0e\x7f\x3a\xca\xfb" - "\x6d\x13\x65\xa0\xf9\x31\x12\xe2" - "\x26\xd1\xec\x2b\x0a\x8b\x59\x99" - "\xa7\x49\xa0\x0e\x09\x33\x85\x50" - "\xc3\x23\xca\x7a\xdd\x13\x45\x5f" - "\xde\x4c\xa7\xcb\x00\x8a\x66\x6f" - "\xa2\xb6\xb1\x2e\xe1\xa0\x18\xf6" - "\xad\xf3\xbd\xeb\xc7\xef\x55\x4f" - "\x79\x91\x8d\x36\x13\x7b\xd0\x4a" - "\x6c\x39\xfb\x53\xb8\x6f\x02\x51" - "\xa5\x20\xac\x24\x1c\x73\x59\x73" - "\x58\x61\x3a\x87\x58\xb3\x20\x56" - "\x39\x06\x2b\x4d\xd3\x20\x2b\x89" - "\x3f\xa2\xf0\x96\xeb\x7f\xa4\xcd" - "\x11\xae\xbd\xcb\x3a\xb4\xd9\x91" - "\x09\x35\x71\x50\x65\xac\x92\xe3" - "\x7b\x32\xc0\x7a\xdd\xd4\xc3\x92" - "\x6f\xeb\x79\xde\x6f\xd3\x25\xc9" - "\xcd\x63\xf5\x1e\x7a\x3b\x26\x9d" - "\x77\x04\x80\xa9\xbf\x38\xb5\xbd" - "\xb8\x05\x07\xbd\xfd\xab\x7b\xf8" - "\x2a\x26\xcc\x49\x14\x6d\x55\x01" - "\x06\x94\xd8\xb2\x2d\x53\x83\x1b" - "\x8f\xd4\xdd\x57\x12\x7e\x18\xba" - "\x8e\xe2\x4d\x80\xef\x7e\x6b\x9d" - "\x24\xa9\x60\xa4\x97\x85\x86\x2a" - "\x01\x00\x09\xf1\xcb\x4a\x24\x1c" - "\xd8\xf6\xe6\x5b\xe7\x5d\xf2\xc4" - "\x97\x1c\x10\xc6\x4d\x66\x4f\x98" - "\x87\x30\xac\xd5\xea\x73\x49\x10" - "\x80\xea\xe5\x5f\x4d\x5f\x03\x33" - "\x66\x02\x35\x3d\x60\x06\x36\x4f" - "\x14\x1c\xd8\x07\x1f\x78\xd0\xf8" - "\x4f\x6c\x62\x7c\x15\xa5\x7c\x28" - "\x7c\xcc\xeb\x1f\xd1\x07\x90\x93" - "\x7e\xc2\xa8\x3a\x80\xc0\xf5\x30" - "\xcc\x75\xcf\x16\x26\xa9\x26\x3b" - "\xe7\x68\x2f\x15\x21\x5b\xe4\x00" - "\xbd\x48\x50\xcd\x75\x70\xc4\x62" - "\xbb\x41\xfb\x89\x4a\x88\x3b\x3b" - "\x51\x66\x02\x69\x04\x97\x36\xd4" - "\x75\xae\x0b\xa3\x42\xf8\xca\x79" - "\x8f\x93\xe9\xcc\x38\xbd\xd6\xd2" - "\xf9\x70\x4e\xc3\x6a\x8e\x25\xbd" - "\xea\x15\x5a\xa0\x85\x7e\x81\x0d" - "\x03\xe7\x05\x39\xf5\x05\x26\xee" - "\xec\xaa\x1f\x3d\xc9\x98\x76\x01" - "\x2c\xf4\xfc\xa3\x88\x77\x38\xc4" - "\x50\x65\x50\x6d\x04\x1f\xdf\x5a" - "\xaa\xf2\x01\xa9\xc1\x8d\xee\xca" - "\x47\x26\xef\x39\xb8\xb4\xf2\xd1" - "\xd6\xbb\x1b\x2a\xc1\x34\x14\xcf", - .len = 512, - }, { - .key = "\x27\x18\x28\x18\x28\x45\x90\x45" - "\x23\x53\x60\x28\x74\x71\x35\x26" - "\x62\x49\x77\x57\x24\x70\x93\x69" - "\x99\x59\x57\x49\x66\x96\x76\x27" - "\x31\x41\x59\x26\x53\x58\x97\x93" - "\x23\x84\x62\x64\x33\x83\x27\x95" - "\x02\x88\x41\x97\x16\x93\x99\x37" - "\x51\x05\x82\x09\x74\x94\x45\x92", - .klen = 64, - .iv = "\xff\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" - "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .ctext = "\xc5\x85\x2a\x4b\x73\xe4\xf6\xf1" - "\x7e\xf9\xf6\xe9\xa3\x73\x36\xcb" - "\xaa\xb6\x22\xb0\x24\x6e\x3d\x73" - "\x92\x99\xde\xd3\x76\xed\xcd\x63" - "\x64\x3a\x22\x57\xc1\x43\x49\xd4" - "\x79\x36\x31\x19\x62\xae\x10\x7e" - "\x7d\xcf\x7a\xe2\x6b\xce\x27\xfa" - "\xdc\x3d\xd9\x83\xd3\x42\x4c\xe0" - "\x1b\xd6\x1d\x1a\x6f\xd2\x03\x00" - "\xfc\x81\x99\x8a\x14\x62\xf5\x7e" - "\x0d\xe7\x12\xe8\x17\x9d\x0b\xec" - "\xe2\xf7\xc9\xa7\x63\xd1\x79\xb6" - "\x62\x62\x37\xfe\x0a\x4c\x4a\x37" - "\x70\xc7\x5e\x96\x5f\xbc\x8e\x9e" - "\x85\x3c\x4f\x26\x64\x85\xbc\x68" - "\xb0\xe0\x86\x5e\x26\x41\xce\x11" - "\x50\xda\x97\x14\xe9\x9e\xc7\x6d" - "\x3b\xdc\x43\xde\x2b\x27\x69\x7d" - "\xfc\xb0\x28\xbd\x8f\xb1\xc6\x31" - "\x14\x4d\xf0\x74\x37\xfd\x07\x25" - "\x96\x55\xe5\xfc\x9e\x27\x2a\x74" - "\x1b\x83\x4d\x15\x83\xac\x57\xa0" - "\xac\xa5\xd0\x38\xef\x19\x56\x53" - "\x25\x4b\xfc\xce\x04\x23\xe5\x6b" - "\xf6\xc6\x6c\x32\x0b\xb3\x12\xc5" - "\xed\x22\x34\x1c\x5d\xed\x17\x06" - "\x36\xa3\xe6\x77\xb9\x97\x46\xb8" - "\xe9\x3f\x7e\xc7\xbc\x13\x5c\xdc" - "\x6e\x3f\x04\x5e\xd1\x59\xa5\x82" - "\x35\x91\x3d\x1b\xe4\x97\x9f\x92" - "\x1c\x5e\x5f\x6f\x41\xd4\x62\xa1" - "\x8d\x39\xfc\x42\xfb\x38\x80\xb9" - "\x0a\xe3\xcc\x6a\x93\xd9\x7a\xb1" - "\xe9\x69\xaf\x0a\x6b\x75\x38\xa7" - "\xa1\xbf\xf7\xda\x95\x93\x4b\x78" - "\x19\xf5\x94\xf9\xd2\x00\x33\x37" - "\xcf\xf5\x9e\x9c\xf3\xcc\xa6\xee" - "\x42\xb2\x9e\x2c\x5f\x48\x23\x26" - "\x15\x25\x17\x03\x3d\xfe\x2c\xfc" - "\xeb\xba\xda\xe0\x00\x05\xb6\xa6" - "\x07\xb3\xe8\x36\x5b\xec\x5b\xbf" - "\xd6\x5b\x00\x74\xc6\x97\xf1\x6a" - "\x49\xa1\xc3\xfa\x10\x52\xb9\x14" - "\xad\xb7\x73\xf8\x78\x12\xc8\x59" - "\x17\x80\x4c\x57\x39\xf1\x6d\x80" - "\x25\x77\x0f\x5e\x7d\xf0\xaf\x21" - "\xec\xce\xb7\xc8\x02\x8a\xed\x53" - "\x2c\x25\x68\x2e\x1f\x85\x5e\x67" - "\xd1\x07\x7a\x3a\x89\x08\xe0\x34" - "\xdc\xdb\x26\xb4\x6b\x77\xfc\x40" - "\x31\x15\x72\xa0\xf0\x73\xd9\x3b" - "\xd5\xdb\xfe\xfc\x8f\xa9\x44\xa2" - "\x09\x9f\xc6\x33\xe5\xe2\x88\xe8" - "\xf3\xf0\x1a\xf4\xce\x12\x0f\xd6" - "\xf7\x36\xe6\xa4\xf4\x7a\x10\x58" - "\xcc\x1f\x48\x49\x65\x47\x75\xe9" - "\x28\xe1\x65\x7b\xf2\xc4\xb5\x07" - "\xf2\xec\x76\xd8\x8f\x09\xf3\x16" - "\xa1\x51\x89\x3b\xeb\x96\x42\xac" - "\x65\xe0\x67\x63\x29\xdc\xb4\x7d" - "\xf2\x41\x51\x6a\xcb\xde\x3c\xfb" - "\x66\x8d\x13\xca\xe0\x59\x2a\x00" - "\xc9\x53\x4c\xe6\x9e\xe2\x73\xd5" - "\x67\x19\xb2\xbd\x9a\x63\xd7\x5c", - .len = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, - } -}; - -static const struct cipher_testvec speck64_tv_template[] = { - { /* Speck64/96 */ - .key = "\x00\x01\x02\x03\x08\x09\x0a\x0b" - "\x10\x11\x12\x13", - .klen = 12, - .ptext = "\x65\x61\x6e\x73\x20\x46\x61\x74", - .ctext = "\x6c\x94\x75\x41\xec\x52\x79\x9f", - .len = 8, - }, { /* Speck64/128 */ - .key = "\x00\x01\x02\x03\x08\x09\x0a\x0b" - "\x10\x11\x12\x13\x18\x19\x1a\x1b", - .klen = 16, - .ptext = "\x2d\x43\x75\x74\x74\x65\x72\x3b", - .ctext = "\x8b\x02\x4e\x45\x48\xa5\x6f\x8c", - .len = 8, - }, -}; - -/* - * Speck64-XTS test vectors, taken from the AES-XTS test vectors with the - * ciphertext recomputed with Speck64 as the cipher, and key lengths adjusted - */ -static const struct cipher_testvec speck64_xts_tv_template[] = { - { - .key = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .klen = 24, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .ctext = "\x84\xaf\x54\x07\x19\xd4\x7c\xa6" - "\xe4\xfe\xdf\xc4\x1f\x34\xc3\xc2" - "\x80\xf5\x72\xe7\xcd\xf0\x99\x22" - "\x35\xa7\x2f\x06\xef\xdc\x51\xaa", - .len = 32, - }, { - .key = "\x11\x11\x11\x11\x11\x11\x11\x11" - "\x11\x11\x11\x11\x11\x11\x11\x11" - "\x22\x22\x22\x22\x22\x22\x22\x22", - .klen = 24, - .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44", - .ctext = "\x12\x56\x73\xcd\x15\x87\xa8\x59" - "\xcf\x84\xae\xd9\x1c\x66\xd6\x9f" - "\xb3\x12\x69\x7e\x36\xeb\x52\xff" - "\x62\xdd\xba\x90\xb3\xe1\xee\x99", - .len = 32, - }, { - .key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8" - "\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0" - "\x22\x22\x22\x22\x22\x22\x22\x22", - .klen = 24, - .iv = "\x33\x33\x33\x33\x33\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .ptext = "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44" - "\x44\x44\x44\x44\x44\x44\x44\x44", - .ctext = "\x15\x1b\xe4\x2c\xa2\x5a\x2d\x2c" - "\x27\x36\xc0\xbf\x5d\xea\x36\x37" - "\x2d\x1a\x88\xbc\x66\xb5\xd0\x0b" - "\xa1\xbc\x19\xb2\x0f\x3b\x75\x34", - .len = 32, - }, { - .key = "\x27\x18\x28\x18\x28\x45\x90\x45" - "\x23\x53\x60\x28\x74\x71\x35\x26" - "\x31\x41\x59\x26\x53\x58\x97\x93", - .klen = 24, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" - "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .ctext = "\xaf\xa1\x81\xa6\x32\xbb\x15\x8e" - "\xf8\x95\x2e\xd3\xe6\xee\x7e\x09" - "\x0c\x1a\xf5\x02\x97\x8b\xe3\xb3" - "\x11\xc7\x39\x96\xd0\x95\xf4\x56" - "\xf4\xdd\x03\x38\x01\x44\x2c\xcf" - "\x88\xae\x8e\x3c\xcd\xe7\xaa\x66" - "\xfe\x3d\xc6\xfb\x01\x23\x51\x43" - "\xd5\xd2\x13\x86\x94\x34\xe9\x62" - "\xf9\x89\xe3\xd1\x7b\xbe\xf8\xef" - "\x76\x35\x04\x3f\xdb\x23\x9d\x0b" - "\x85\x42\xb9\x02\xd6\xcc\xdb\x96" - "\xa7\x6b\x27\xb6\xd4\x45\x8f\x7d" - "\xae\xd2\x04\xd5\xda\xc1\x7e\x24" - "\x8c\x73\xbe\x48\x7e\xcf\x65\x28" - "\x29\xe5\xbe\x54\x30\xcb\x46\x95" - "\x4f\x2e\x8a\x36\xc8\x27\xc5\xbe" - "\xd0\x1a\xaf\xab\x26\xcd\x9e\x69" - "\xa1\x09\x95\x71\x26\xe9\xc4\xdf" - "\xe6\x31\xc3\x46\xda\xaf\x0b\x41" - "\x1f\xab\xb1\x8e\xd6\xfc\x0b\xb3" - "\x82\xc0\x37\x27\xfc\x91\xa7\x05" - "\xfb\xc5\xdc\x2b\x74\x96\x48\x43" - "\x5d\x9c\x19\x0f\x60\x63\x3a\x1f" - "\x6f\xf0\x03\xbe\x4d\xfd\xc8\x4a" - "\xc6\xa4\x81\x6d\xc3\x12\x2a\x5c" - "\x07\xff\xf3\x72\x74\x48\xb5\x40" - "\x50\xb5\xdd\x90\x43\x31\x18\x15" - "\x7b\xf2\xa6\xdb\x83\xc8\x4b\x4a" - "\x29\x93\x90\x8b\xda\x07\xf0\x35" - "\x6d\x90\x88\x09\x4e\x83\xf5\x5b" - "\x94\x12\xbb\x33\x27\x1d\x3f\x23" - "\x51\xa8\x7c\x07\xa2\xae\x77\xa6" - "\x50\xfd\xcc\xc0\x4f\x80\x7a\x9f" - "\x66\xdd\xcd\x75\x24\x8b\x33\xf7" - "\x20\xdb\x83\x9b\x4f\x11\x63\x6e" - "\xcf\x37\xef\xc9\x11\x01\x5c\x45" - "\x32\x99\x7c\x3c\x9e\x42\x89\xe3" - "\x70\x6d\x15\x9f\xb1\xe6\xb6\x05" - "\xfe\x0c\xb9\x49\x2d\x90\x6d\xcc" - "\x5d\x3f\xc1\xfe\x89\x0a\x2e\x2d" - "\xa0\xa8\x89\x3b\x73\x39\xa5\x94" - "\x4c\xa4\xa6\xbb\xa7\x14\x46\x89" - "\x10\xff\xaf\xef\xca\xdd\x4f\x80" - "\xb3\xdf\x3b\xab\xd4\xe5\x5a\xc7" - "\x33\xca\x00\x8b\x8b\x3f\xea\xec" - "\x68\x8a\xc2\x6d\xfd\xd4\x67\x0f" - "\x22\x31\xe1\x0e\xfe\x5a\x04\xd5" - "\x64\xa3\xf1\x1a\x76\x28\xcc\x35" - "\x36\xa7\x0a\x74\xf7\x1c\x44\x9b" - "\xc7\x1b\x53\x17\x02\xea\xd1\xad" - "\x13\x51\x73\xc0\xa0\xb2\x05\x32" - "\xa8\xa2\x37\x2e\xe1\x7a\x3a\x19" - "\x26\xb4\x6c\x62\x5d\xb3\x1a\x1d" - "\x59\xda\xee\x1a\x22\x18\xda\x0d" - "\x88\x0f\x55\x8b\x72\x62\xfd\xc1" - "\x69\x13\xcd\x0d\x5f\xc1\x09\x52" - "\xee\xd6\xe3\x84\x4d\xee\xf6\x88" - "\xaf\x83\xdc\x76\xf4\xc0\x93\x3f" - "\x4a\x75\x2f\xb0\x0b\x3e\xc4\x54" - "\x7d\x69\x8d\x00\x62\x77\x0d\x14" - "\xbe\x7c\xa6\x7d\xc5\x24\x4f\xf3" - "\x50\xf7\x5f\xf4\xc2\xca\x41\x97" - "\x37\xbe\x75\x74\xcd\xf0\x75\x6e" - "\x25\x23\x94\xbd\xda\x8d\xb0\xd4", - .len = 512, - }, { - .key = "\x27\x18\x28\x18\x28\x45\x90\x45" - "\x23\x53\x60\x28\x74\x71\x35\x26" - "\x62\x49\x77\x57\x24\x70\x93\x69" - "\x99\x59\x57\x49\x66\x96\x76\x27", - .klen = 32, - .iv = "\xff\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" - "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20\x21\x22\x23\x24\x25\x26\x27" - "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" - "\x30\x31\x32\x33\x34\x35\x36\x37" - "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" - "\x40\x41\x42\x43\x44\x45\x46\x47" - "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f" - "\x50\x51\x52\x53\x54\x55\x56\x57" - "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f" - "\x60\x61\x62\x63\x64\x65\x66\x67" - "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" - "\x70\x71\x72\x73\x74\x75\x76\x77" - "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" - "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" - "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" - "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" - "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" - "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" - "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" - "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" - "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" - "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7" - "\xe8\xe9\xea\xeb\xec\xed\xee\xef" - "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" - "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", - .ctext = "\x55\xed\x71\xd3\x02\x8e\x15\x3b" - "\xc6\x71\x29\x2d\x3e\x89\x9f\x59" - "\x68\x6a\xcc\x8a\x56\x97\xf3\x95" - "\x4e\x51\x08\xda\x2a\xf8\x6f\x3c" - "\x78\x16\xea\x80\xdb\x33\x75\x94" - "\xf9\x29\xc4\x2b\x76\x75\x97\xc7" - "\xf2\x98\x2c\xf9\xff\xc8\xd5\x2b" - "\x18\xf1\xaf\xcf\x7c\xc5\x0b\xee" - "\xad\x3c\x76\x7c\xe6\x27\xa2\x2a" - "\xe4\x66\xe1\xab\xa2\x39\xfc\x7c" - "\xf5\xec\x32\x74\xa3\xb8\x03\x88" - "\x52\xfc\x2e\x56\x3f\xa1\xf0\x9f" - "\x84\x5e\x46\xed\x20\x89\xb6\x44" - "\x8d\xd0\xed\x54\x47\x16\xbe\x95" - "\x8a\xb3\x6b\x72\xc4\x32\x52\x13" - "\x1b\xb0\x82\xbe\xac\xf9\x70\xa6" - "\x44\x18\xdd\x8c\x6e\xca\x6e\x45" - "\x8f\x1e\x10\x07\x57\x25\x98\x7b" - "\x17\x8c\x78\xdd\x80\xa7\xd9\xd8" - "\x63\xaf\xb9\x67\x57\xfd\xbc\xdb" - "\x44\xe9\xc5\x65\xd1\xc7\x3b\xff" - "\x20\xa0\x80\x1a\xc3\x9a\xad\x5e" - "\x5d\x3b\xd3\x07\xd9\xf5\xfd\x3d" - "\x4a\x8b\xa8\xd2\x6e\x7a\x51\x65" - "\x6c\x8e\x95\xe0\x45\xc9\x5f\x4a" - "\x09\x3c\x3d\x71\x7f\x0c\x84\x2a" - "\xc8\x48\x52\x1a\xc2\xd5\xd6\x78" - "\x92\x1e\xa0\x90\x2e\xea\xf0\xf3" - "\xdc\x0f\xb1\xaf\x0d\x9b\x06\x2e" - "\x35\x10\x30\x82\x0d\xe7\xc5\x9b" - "\xde\x44\x18\xbd\x9f\xd1\x45\xa9" - "\x7b\x7a\x4a\xad\x35\x65\x27\xca" - "\xb2\xc3\xd4\x9b\x71\x86\x70\xee" - "\xf1\x89\x3b\x85\x4b\x5b\xaa\xaf" - "\xfc\x42\xc8\x31\x59\xbe\x16\x60" - "\x4f\xf9\xfa\x12\xea\xd0\xa7\x14" - "\xf0\x7a\xf3\xd5\x8d\xbd\x81\xef" - "\x52\x7f\x29\x51\x94\x20\x67\x3c" - "\xd1\xaf\x77\x9f\x22\x5a\x4e\x63" - "\xe7\xff\x73\x25\xd1\xdd\x96\x8a" - "\x98\x52\x6d\xf3\xac\x3e\xf2\x18" - "\x6d\xf6\x0a\x29\xa6\x34\x3d\xed" - "\xe3\x27\x0d\x9d\x0a\x02\x44\x7e" - "\x5a\x7e\x67\x0f\x0a\x9e\xd6\xad" - "\x91\xe6\x4d\x81\x8c\x5c\x59\xaa" - "\xfb\xeb\x56\x53\xd2\x7d\x4c\x81" - "\x65\x53\x0f\x41\x11\xbd\x98\x99" - "\xf9\xc6\xfa\x51\x2e\xa3\xdd\x8d" - "\x84\x98\xf9\x34\xed\x33\x2a\x1f" - "\x82\xed\xc1\x73\x98\xd3\x02\xdc" - "\xe6\xc2\x33\x1d\xa2\xb4\xca\x76" - "\x63\x51\x34\x9d\x96\x12\xae\xce" - "\x83\xc9\x76\x5e\xa4\x1b\x53\x37" - "\x17\xd5\xc0\x80\x1d\x62\xf8\x3d" - "\x54\x27\x74\xbb\x10\x86\x57\x46" - "\x68\xe1\xed\x14\xe7\x9d\xfc\x84" - "\x47\xbc\xc2\xf8\x19\x4b\x99\xcf" - "\x7a\xe9\xc4\xb8\x8c\x82\x72\x4d" - "\x7b\x4f\x38\x55\x36\x71\x64\xc1" - "\xfc\x5c\x75\x52\x33\x02\x18\xf8" - "\x17\xe1\x2b\xc2\x43\x39\xbd\x76" - "\x9b\x63\x76\x32\x2f\x19\x72\x10" - "\x9f\x21\x0c\xf1\x66\x50\x7f\xa5" - "\x0d\x1f\x46\xe0\xba\xd3\x2f\x3c", - .len = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, - } -}; - /* Cast6 test vectors from RFC 2612 */ static const struct cipher_testvec cast6_tv_template[] = { { diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h index 39c20ef26db4..79debfc9cef9 100644 --- a/fs/crypto/fscrypt_private.h +++ b/fs/crypto/fscrypt_private.h @@ -83,10 +83,6 @@ static inline bool fscrypt_valid_enc_modes(u32 contents_mode, filenames_mode == FS_ENCRYPTION_MODE_AES_256_CTS) return true; - if (contents_mode == FS_ENCRYPTION_MODE_SPECK128_256_XTS && - filenames_mode == FS_ENCRYPTION_MODE_SPECK128_256_CTS) - return true; - return false; } diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c index e997ca51192f..7874c9bb2fc5 100644 --- a/fs/crypto/keyinfo.c +++ b/fs/crypto/keyinfo.c @@ -174,16 +174,6 @@ static struct fscrypt_mode { .cipher_str = "cts(cbc(aes))", .keysize = 16, }, - [FS_ENCRYPTION_MODE_SPECK128_256_XTS] = { - .friendly_name = "Speck128/256-XTS", - .cipher_str = "xts(speck128)", - .keysize = 64, - }, - [FS_ENCRYPTION_MODE_SPECK128_256_CTS] = { - .friendly_name = "Speck128/256-CTS-CBC", - .cipher_str = "cts(cbc(speck128))", - .keysize = 32, - }, }; static struct fscrypt_mode * diff --git a/include/crypto/speck.h b/include/crypto/speck.h deleted file mode 100644 index 73cfc952d405..000000000000 --- a/include/crypto/speck.h +++ /dev/null @@ -1,62 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -/* - * Common values for the Speck algorithm - */ - -#ifndef _CRYPTO_SPECK_H -#define _CRYPTO_SPECK_H - -#include <linux/types.h> - -/* Speck128 */ - -#define SPECK128_BLOCK_SIZE 16 - -#define SPECK128_128_KEY_SIZE 16 -#define SPECK128_128_NROUNDS 32 - -#define SPECK128_192_KEY_SIZE 24 -#define SPECK128_192_NROUNDS 33 - -#define SPECK128_256_KEY_SIZE 32 -#define SPECK128_256_NROUNDS 34 - -struct speck128_tfm_ctx { - u64 round_keys[SPECK128_256_NROUNDS]; - int nrounds; -}; - -void crypto_speck128_encrypt(const struct speck128_tfm_ctx *ctx, - u8 *out, const u8 *in); - -void crypto_speck128_decrypt(const struct speck128_tfm_ctx *ctx, - u8 *out, const u8 *in); - -int crypto_speck128_setkey(struct speck128_tfm_ctx *ctx, const u8 *key, - unsigned int keysize); - -/* Speck64 */ - -#define SPECK64_BLOCK_SIZE 8 - -#define SPECK64_96_KEY_SIZE 12 -#define SPECK64_96_NROUNDS 26 - -#define SPECK64_128_KEY_SIZE 16 -#define SPECK64_128_NROUNDS 27 - -struct speck64_tfm_ctx { - u32 round_keys[SPECK64_128_NROUNDS]; - int nrounds; -}; - -void crypto_speck64_encrypt(const struct speck64_tfm_ctx *ctx, - u8 *out, const u8 *in); - -void crypto_speck64_decrypt(const struct speck64_tfm_ctx *ctx, - u8 *out, const u8 *in); - -int crypto_speck64_setkey(struct speck64_tfm_ctx *ctx, const u8 *key, - unsigned int keysize); - -#endif /* _CRYPTO_SPECK_H */ diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h index 73e01918f996..9d132f8f2df8 100644 --- a/include/uapi/linux/fs.h +++ b/include/uapi/linux/fs.h @@ -279,8 +279,6 @@ struct fsxattr { #define FS_ENCRYPTION_MODE_AES_256_CTS 4 #define FS_ENCRYPTION_MODE_AES_128_CBC 5 #define FS_ENCRYPTION_MODE_AES_128_CTS 6 -#define FS_ENCRYPTION_MODE_SPECK128_256_XTS 7 -#define FS_ENCRYPTION_MODE_SPECK128_256_CTS 8 struct fscrypt_policy { __u8 version; -- 2.18.0

6 years, 9 months

6
10
0 0

[PATCH 1/2] ext4: fix online resize's handling of a too-small final block group

by Theodore Ts'o

Avoid growing the file system to an extent so that the last block group is too small to hold all of the metadata that must be stored in the block group. This problem can be triggered with the following reproducer: umount /mnt mke2fs -F -m0 -b 4096 -t ext4 -O resize_inode,^has_journal \ -E resize=1073741824 /tmp/foo.img 128M mount /tmp/foo.img /mnt truncate --size 1708M /tmp/foo.img resize2fs /dev/loop0 295400 umount /mnt e2fsck -fy /tmp/foo.img Reported-by: Torsten Hilbrich <torsten.hilbrich(a)secunet.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org --- fs/ext4/resize.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c index e5fb38451a73..33655a6eff4d 100644 --- a/fs/ext4/resize.c +++ b/fs/ext4/resize.c @@ -1986,6 +1986,26 @@ int ext4_resize_fs(struct super_block *sb, ext4_fsblk_t n_blocks_count) } } + /* + * Make sure the last group has enough space so that it's + * guaranteed to have enough space for all metadata blocks + * that it might need to hold. (We might not need to store + * the inode table blocks in the last block group, but there + * will be cases where this might be needed.) + */ + if ((ext4_group_first_block_no(sb, n_group) + + ext4_group_overhead_blocks(sb, n_group) + 2 + + sbi->s_itb_per_group + sbi->s_cluster_ratio) >= n_blocks_count) { + n_blocks_count = ext4_group_first_block_no(sb, n_group); + n_group--; + n_blocks_count_retry = 0; + if (resize_inode) { + iput(resize_inode); + resize_inode = NULL; + } + goto retry; + } + /* extend the last group */ if (n_group == o_group) add = n_blocks_count - o_blocks_count; -- 2.18.0.rc0

6 years, 9 months

1
1
0 0

+ mm-disable-deferred-struct-page-for-32-bit-arches.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: disable deferred struct page for 32-bit arches has been added to the -mm tree. Its filename is mm-disable-deferred-struct-page-for-32-bit-arches.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-disable-deferred-struct-page-fo… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-disable-deferred-struct-page-fo… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Pasha Tatashin <Pavel.Tatashin(a)microsoft.com> Subject: mm: disable deferred struct page for 32-bit arches Deferred struct page init is needed only on systems with large amount of physical memory to improve boot performance. 32-bit systems do not benefit from this feature. Jiri reported a problem where deferred struct pages do not work well with x86-32: [ 0.035162] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes) [ 0.035725] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes) [ 0.036269] Initializing CPU#0 [ 0.036513] Initializing HighMem for node 0 (00036ffe:0007ffe0) [ 0.038459] page:f6780000 is uninitialized and poisoned [ 0.038460] raw: ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff [ 0.039509] page dumped because: VM_BUG_ON_PAGE(1 && PageCompound(page)) [ 0.040038] ------------[ cut here ]------------ [ 0.040399] kernel BUG at include/linux/page-flags.h:293! [ 0.040823] invalid opcode: 0000 [#1] SMP PTI [ 0.041166] CPU: 0 PID: 0 Comm: swapper Not tainted 4.19.0-rc1_pt_jiri #9 [ 0.041694] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014 [ 0.042496] EIP: free_highmem_page+0x64/0x80 [ 0.042839] Code: 13 46 d8 c1 e8 18 5d 83 e0 03 8d 04 c0 c1 e0 06 ff 80 ec 5f 44 d8 c3 8d b4 26 00 00 00 00 ba 08 65 28 d8 89 d8 e8 fc 71 02 00 <0f> 0b 8d 76 00 8d bc 27 00 00 00 00 ba d0 b1 26 d8 89 d8 e8 e4 71 [ 0.044338] EAX: 0000003c EBX: f6780000 ECX: 00000000 EDX: d856cbe8 [ 0.044868] ESI: 0007ffe0 EDI: d838df20 EBP: d838df00 ESP: d838defc [ 0.045372] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00210086 [ 0.045913] CR0: 80050033 CR2: 00000000 CR3: 18556000 CR4: 00040690 [ 0.046413] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 0.046913] DR6: fffe0ff0 DR7: 00000400 [ 0.047220] Call Trace: [ 0.047419] add_highpages_with_active_regions+0xbd/0x10d [ 0.047854] set_highmem_pages_init+0x5b/0x71 [ 0.048202] mem_init+0x2b/0x1e8 [ 0.048460] start_kernel+0x1d2/0x425 [ 0.048757] i386_start_kernel+0x93/0x97 [ 0.049073] startup_32_smp+0x164/0x168 [ 0.049379] Modules linked in: [ 0.049626] ---[ end trace 337949378db0abbb ]--- We free highmem pages before their struct pages are initialized: mem_init() set_highmem_pages_init() add_highpages_with_active_regions() free_highmem_page() .. Access uninitialized struct page here.. Because there is no reason to have this feature on 32-bit systems, just disable it. Link: http://lkml.kernel.org/r/20180831150506.31246-1-pavel.tatashin@microsoft.com Fixes: 2e3ca40f03bb ("mm: relax deferred struct page requirements") Signed-off-by: Pavel Tatashin <pavel.tatashin(a)microsoft.com> Reported-by: Jiri Slaby <jslaby(a)suse.cz> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- diff -puN mm/Kconfig~mm-disable-deferred-struct-page-for-32-bit-arches mm/Kconfig --- a/mm/Kconfig~mm-disable-deferred-struct-page-for-32-bit-arches +++ a/mm/Kconfig @@ -637,6 +637,7 @@ config DEFERRED_STRUCT_PAGE_INIT depends on NO_BOOTMEM depends on SPARSEMEM depends on !NEED_PER_CPU_KM + depends on 64BIT help Ordinarily all struct pages are initialised during early boot in a single thread. On very large machines this can take a considerable _ Patches currently in -mm which might be from Pavel.Tatashin(a)microsoft.com are mm-disable-deferred-struct-page-for-32-bit-arches.patch

6 years, 9 months

1
0
0 0

request for 4.14-stable: c82b7623edd7 ("gcc-plugins: Add include required by GCC release 8")

by Lance Albertson

Hi Greg, I was trying to compile 4.14.67 using GCC 8.2.0 with gcc-plugins enabled and ran into this issue [1]. If I applied both of the commits mentioned, it resolved the problem so I think it should be included in 4.14. Thanks! [1] https://groups.google.com/forum/#!msg/qubes-devel/Q3cdQKQS4Tk/gKr4F52HAAAJ -- Lance Albertson Director Oregon State University | Open Source Lab --- From c82b7623edd74a57fffd69dbab25d180c3b16c6f Mon Sep 17 00:00:00 2001 From: "valdis.kletnieks(a)vt.edu" <valdis.kletnieks(a)vt.edu> Date: Sun, 4 Feb 2018 12:01:43 -0500 Subject: [PATCH 2/2] gcc-plugins: Add include required by GCC release 8 GCC requires another #include to get the gcc-plugins to build cleanly. Signed-off-by: Valdis Kletnieks <valdis.kletnieks(a)vt.edu> Signed-off-by: Kees Cook <keescook(a)chromium.org> --- scripts/gcc-plugins/gcc-common.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h index ffd1dfaa1cc1..f46750053377 100644 --- a/scripts/gcc-plugins/gcc-common.h +++ b/scripts/gcc-plugins/gcc-common.h @@ -97,6 +97,10 @@ #include "predict.h" #include "ipa-utils.h" +#if BUILDING_GCC_VERSION >= 8000 +#include "stringpool.h" +#endif + #if BUILDING_GCC_VERSION >= 4009 #include "attribs.h" #include "varasm.h" -- Lance Albertson Director Oregon State University | Open Source Lab

6 years, 9 months

2
2
0 0

request for 4.14-stable: 93b3623ada15 ("gcc-plugins: Use dynamic initializers")

by Lance Albertson

Hi Greg, I was trying to compile 4.14.67 using GCC 8.2.0 with gcc-plugins enabled and ran into this issue [1]. If I applied both of the commits mentioned, it resolved the problem so I think it should be included in 4.14. Thanks! [1] https://groups.google.com/forum/#!msg/qubes-devel/Q3cdQKQS4Tk/gKr4F52HAAAJ -- Lance Albertson Director Oregon State University | Open Source Lab --- From 93b3623ada1582379833ea442fbc7b15e6417fbc Mon Sep 17 00:00:00 2001 From: Kees Cook <keescook(a)chromium.org> Date: Mon, 5 Feb 2018 17:27:46 -0800 Subject: [PATCH 1/2] gcc-plugins: Use dynamic initializers GCC 8 changed the order of some fields and is very picky about ordering in static initializers, so instead just move to dynamic initializers, and drop the redundant already-zero field assignments. Suggested-by: Valdis Kletnieks <valdis.kletnieks(a)vt.edu> Signed-off-by: Kees Cook <keescook(a)chromium.org> --- scripts/gcc-plugins/latent_entropy_plugin.c | 17 ++---- scripts/gcc-plugins/randomize_layout_plugin.c | 75 ++++++++------------------- scripts/gcc-plugins/structleak_plugin.c | 19 +++---- 3 files changed, 33 insertions(+), 78 deletions(-) diff --git a/scripts/gcc-plugins/latent_entropy_plugin.c b/scripts/gcc-plugins/latent_entropy_plugin.c index 65264960910d..cbe1d6c4b1a5 100644 --- a/scripts/gcc-plugins/latent_entropy_plugin.c +++ b/scripts/gcc-plugins/latent_entropy_plugin.c @@ -255,21 +255,14 @@ static tree handle_latent_entropy_attribute(tree *node, tree name, return NULL_TREE; } -static struct attribute_spec latent_entropy_attr = { - .name = "latent_entropy", - .min_length = 0, - .max_length = 0, - .decl_required = true, - .type_required = false, - .function_type_required = false, - .handler = handle_latent_entropy_attribute, -#if BUILDING_GCC_VERSION >= 4007 - .affects_type_identity = false -#endif -}; +static struct attribute_spec latent_entropy_attr = { }; static void register_attributes(void *event_data __unused, void *data __unused) { + latent_entropy_attr.name = "latent_entropy"; + latent_entropy_attr.decl_required = true; + latent_entropy_attr.handler = handle_latent_entropy_attribute; + register_attribute(&latent_entropy_attr); } diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c index 0073af326449..c4a345c3715b 100644 --- a/scripts/gcc-plugins/randomize_layout_plugin.c +++ b/scripts/gcc-plugins/randomize_layout_plugin.c @@ -580,68 +580,35 @@ static void finish_type(void *event_data, void *data) return; } -static struct attribute_spec randomize_layout_attr = { - .name = "randomize_layout", - // related to args - .min_length = 0, - .max_length = 0, - .decl_required = false, - // need type declaration - .type_required = true, - .function_type_required = false, - .handler = handle_randomize_layout_attr, -#if BUILDING_GCC_VERSION >= 4007 - .affects_type_identity = true -#endif -}; +static struct attribute_spec randomize_layout_attr = { }; +static struct attribute_spec no_randomize_layout_attr = { }; +static struct attribute_spec randomize_considered_attr = { }; +static struct attribute_spec randomize_performed_attr = { }; -static struct attribute_spec no_randomize_layout_attr = { - .name = "no_randomize_layout", - // related to args - .min_length = 0, - .max_length = 0, - .decl_required = false, - // need type declaration - .type_required = true, - .function_type_required = false, - .handler = handle_randomize_layout_attr, +static void register_attributes(void *event_data, void *data) +{ + randomize_layout_attr.name = "randomize_layout"; + randomize_layout_attr.type_required = true; + randomize_layout_attr.handler = handle_randomize_layout_attr; #if BUILDING_GCC_VERSION >= 4007 - .affects_type_identity = true + randomize_layout_attr.affects_type_identity = true; #endif -}; -static struct attribute_spec randomize_considered_attr = { - .name = "randomize_considered", - // related to args - .min_length = 0, - .max_length = 0, - .decl_required = false, - // need type declaration - .type_required = true, - .function_type_required = false, - .handler = handle_randomize_considered_attr, + no_randomize_layout_attr.name = "no_randomize_layout"; + no_randomize_layout_attr.type_required = true; + no_randomize_layout_attr.handler = handle_randomize_layout_attr; #if BUILDING_GCC_VERSION >= 4007 - .affects_type_identity = false + no_randomize_layout_attr.affects_type_identity = true; #endif -}; -static struct attribute_spec randomize_performed_attr = { - .name = "randomize_performed", - // related to args - .min_length = 0, - .max_length = 0, - .decl_required = false, - // need type declaration - .type_required = true, - .function_type_required = false, - .handler = handle_randomize_performed_attr, -#if BUILDING_GCC_VERSION >= 4007 - .affects_type_identity = false -#endif -}; + randomize_considered_attr.name = "randomize_considered"; + randomize_considered_attr.type_required = true; + randomize_considered_attr.handler = handle_randomize_considered_attr; + + randomize_performed_attr.name = "randomize_performed"; + randomize_performed_attr.type_required = true; + randomize_performed_attr.handler = handle_randomize_performed_attr; -static void register_attributes(void *event_data, void *data) -{ register_attribute(&randomize_layout_attr); register_attribute(&no_randomize_layout_attr); register_attribute(&randomize_considered_attr); diff --git a/scripts/gcc-plugins/structleak_plugin.c b/scripts/gcc-plugins/structleak_plugin.c index 3f8dd4868178..10292f791e99 100644 --- a/scripts/gcc-plugins/structleak_plugin.c +++ b/scripts/gcc-plugins/structleak_plugin.c @@ -57,21 +57,16 @@ static tree handle_user_attribute(tree *node, tree name, tree args, int flags, b return NULL_TREE; } -static struct attribute_spec user_attr = { - .name = "user", - .min_length = 0, - .max_length = 0, - .decl_required = false, - .type_required = false, - .function_type_required = false, - .handler = handle_user_attribute, -#if BUILDING_GCC_VERSION >= 4007 - .affects_type_identity = true -#endif -}; +static struct attribute_spec user_attr = { }; static void register_attributes(void *event_data, void *data) { + user_attr.name = "user"; + user_attr.handler = handle_user_attribute; +#if BUILDING_GCC_VERSION >= 4007 + user_attr.affects_type_identity = true; +#endif + register_attribute(&user_attr); } -- Lance Albertson Director Oregon State University | Open Source Lab

6 years, 9 months

2
2
0 0

[PATCH] staging: android: ion: check for kref overflow

by Daniel Rosenberg

This patch is against 4.9. It does not apply to master due to a large rework of ion in 4.12 which removed the affected functions altogther. 4c23cbff073f3b9b ("staging: android: ion: Remove import interface") Userspace can cause the kref to handles to increment arbitrarily high. Ensure it does not overflow. Signed-off-by: Daniel Rosenberg <drosen(a)google.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/android/ion/ion.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c index 6f9974cb0e152..48821948fa487 100644 --- a/drivers/staging/android/ion/ion.c +++ b/drivers/staging/android/ion/ion.c @@ -15,6 +15,7 @@ * */ +#include <linux/atomic.h> #include <linux/device.h> #include <linux/err.h> #include <linux/file.h> @@ -305,6 +306,16 @@ static void ion_handle_get(struct ion_handle *handle) kref_get(&handle->ref); } +/* Must hold the client lock */ +static struct ion_handle *ion_handle_get_check_overflow( + struct ion_handle *handle) +{ + if (atomic_read(&handle->ref.refcount) + 1 == 0) + return ERR_PTR(-EOVERFLOW); + ion_handle_get(handle); + return handle; +} + int ion_handle_put_nolock(struct ion_handle *handle) { return kref_put(&handle->ref, ion_handle_destroy); @@ -347,9 +358,9 @@ struct ion_handle *ion_handle_get_by_id_nolock(struct ion_client *client, handle = idr_find(&client->idr, id); if (handle) - ion_handle_get(handle); + return ion_handle_get_check_overflow(handle); - return handle ? handle : ERR_PTR(-EINVAL); + return ERR_PTR(-EINVAL); } struct ion_handle *ion_handle_get_by_id(struct ion_client *client, @@ -1100,7 +1111,7 @@ struct ion_handle *ion_import_dma_buf(struct ion_client *client, /* if a handle exists for this buffer just take a reference to it */ handle = ion_handle_lookup(client, buffer); if (!IS_ERR(handle)) { - ion_handle_get(handle); + handle = ion_handle_get_check_overflow(handle); mutex_unlock(&client->lock); goto end; } -- 2.19.0.rc0.228.g281dcd1b4d0-goog

6 years, 9 months

2
5
0 0

Applied "regulator: Fix 'do-nothing' value for regulators without suspend state" to the regulator tree

by Mark Brown

The patch regulator: Fix 'do-nothing' value for regulators without suspend state has been applied to the regulator tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 3edd79cf5a44b12dbb13bc320f5788aed6562b36 Mon Sep 17 00:00:00 2001 From: Marek Szyprowski <m.szyprowski(a)samsung.com> Date: Mon, 3 Sep 2018 16:49:37 +0200 Subject: [PATCH] regulator: Fix 'do-nothing' value for regulators without suspend state Some regulators don't have all states defined and in such cases regulator core should not assume anything. However in current implementation of of_get_regulation_constraints() DO_NOTHING_IN_SUSPEND enable value was set only for regulators which had suspend node defined, otherwise the default 0 value was used, what means DISABLE_IN_SUSPEND. This lead to broken system suspend/resume on boards, which had simple regulator constraints definition (without suspend state nodes). To avoid further mismatches between the default and uninitialized values of the suspend enabled/disabled states, change the values of the them, so default '0' means DO_NOTHING_IN_SUSPEND. Fixes: 72069f9957a1: regulator: leave one item to record whether regulator is enabled Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/regulator/core.c | 2 +- drivers/regulator/of_regulator.c | 2 -- include/linux/regulator/machine.h | 6 +++--- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c index bb1324f93143..90215f57270f 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c @@ -3161,7 +3161,7 @@ static inline int regulator_suspend_toggle(struct regulator_dev *rdev, if (!rstate->changeable) return -EPERM; - rstate->enabled = en; + rstate->enabled = (en) ? ENABLE_IN_SUSPEND : DISABLE_IN_SUSPEND; return 0; } diff --git a/drivers/regulator/of_regulator.c b/drivers/regulator/of_regulator.c index 638f17d4c848..210fc20f7de7 100644 --- a/drivers/regulator/of_regulator.c +++ b/drivers/regulator/of_regulator.c @@ -213,8 +213,6 @@ static void of_get_regulation_constraints(struct device_node *np, else if (of_property_read_bool(suspend_np, "regulator-off-in-suspend")) suspend_state->enabled = DISABLE_IN_SUSPEND; - else - suspend_state->enabled = DO_NOTHING_IN_SUSPEND; if (!of_property_read_u32(np, "regulator-suspend-min-microvolt", &pval)) diff --git a/include/linux/regulator/machine.h b/include/linux/regulator/machine.h index 3468703d663a..a459a5e973a7 100644 --- a/include/linux/regulator/machine.h +++ b/include/linux/regulator/machine.h @@ -48,9 +48,9 @@ struct regulator; * DISABLE_IN_SUSPEND - turn off regulator in suspend states * ENABLE_IN_SUSPEND - keep regulator on in suspend states */ -#define DO_NOTHING_IN_SUSPEND (-1) -#define DISABLE_IN_SUSPEND 0 -#define ENABLE_IN_SUSPEND 1 +#define DO_NOTHING_IN_SUSPEND 0 +#define DISABLE_IN_SUSPEND 1 +#define ENABLE_IN_SUSPEND 2 /* Regulator active discharge flags */ enum regulator_active_discharge { -- 2.19.0.rc1

6 years, 9 months

1
0
0 0

[PATCH for 4.18.y] x86/dumpstack: Don't dump kernel memory based on usermode RIP

by Jann Horn

commit 342db04ae71273322f0011384a9ed414df8bdae4 upstream. show_opcodes() is used both for dumping kernel instructions and for dumping user instructions. If userspace causes #PF by jumping to a kernel address, show_opcodes() can be reached with regs->ip controlled by the user, pointing to kernel code. Make sure that userspace can't trick us into dumping kernel memory into dmesg. Manually backported: show_opcodes() has changed a bit in the meantime. I have manually tested the backport. Fixes: 7cccf0725cf7 ("x86/dumpstack: Add a show_ip() function") Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20180828154901.112726-1-jannh@google.com Signed-off-by: Jann Horn <jannh(a)google.com> --- Since I manually backported this, I have removed all other sign-off/reviewed-by lines. I hope that's correct? arch/x86/include/asm/stacktrace.h | 2 +- arch/x86/kernel/dumpstack.c | 21 +++++++++++++++------ arch/x86/mm/fault.c | 2 +- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/arch/x86/include/asm/stacktrace.h b/arch/x86/include/asm/stacktrace.h index b6dc698f992a..f335aad404a4 100644 --- a/arch/x86/include/asm/stacktrace.h +++ b/arch/x86/include/asm/stacktrace.h @@ -111,6 +111,6 @@ static inline unsigned long caller_frame_pointer(void) return (unsigned long)frame; } -void show_opcodes(u8 *rip, const char *loglvl); +void show_opcodes(struct pt_regs *regs, const char *loglvl); void show_ip(struct pt_regs *regs, const char *loglvl); #endif /* _ASM_X86_STACKTRACE_H */ diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c index 666a284116ac..1c65c648cacc 100644 --- a/arch/x86/kernel/dumpstack.c +++ b/arch/x86/kernel/dumpstack.c @@ -91,23 +91,32 @@ static void printk_stack_address(unsigned long address, int reliable, * Thus, the 2/3rds prologue and 64 byte OPCODE_BUFSIZE is just a random * guesstimate in attempt to achieve all of the above. */ -void show_opcodes(u8 *rip, const char *loglvl) +void show_opcodes(struct pt_regs *regs, const char *loglvl) { unsigned int code_prologue = OPCODE_BUFSIZE * 2 / 3; u8 opcodes[OPCODE_BUFSIZE]; - u8 *ip; + unsigned long ip; int i; + bool bad_ip; printk("%sCode: ", loglvl); - ip = (u8 *)rip - code_prologue; - if (probe_kernel_read(opcodes, ip, OPCODE_BUFSIZE)) { + ip = regs->ip - code_prologue; + + /* + * Make sure userspace isn't trying to trick us into dumping kernel + * memory by pointing the userspace instruction pointer at it. + */ + bad_ip = user_mode(regs) && + __chk_range_not_ok(ip, OPCODE_BUFSIZE, TASK_SIZE_MAX); + + if (bad_ip || probe_kernel_read(opcodes, (u8 *)ip, OPCODE_BUFSIZE)) { pr_cont("Bad RIP value.\n"); return; } for (i = 0; i < OPCODE_BUFSIZE; i++, ip++) { - if (ip == rip) + if (ip == regs->ip) pr_cont("<%02x> ", opcodes[i]); else pr_cont("%02x ", opcodes[i]); @@ -122,7 +131,7 @@ void show_ip(struct pt_regs *regs, const char *loglvl) #else printk("%sRIP: %04x:%pS\n", loglvl, (int)regs->cs, (void *)regs->ip); #endif - show_opcodes((u8 *)regs->ip, loglvl); + show_opcodes(regs, loglvl); } void show_iret_regs(struct pt_regs *regs) diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index 2aafa6ab6103..d1f1612672c7 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -838,7 +838,7 @@ show_signal_msg(struct pt_regs *regs, unsigned long error_code, printk(KERN_CONT "\n"); - show_opcodes((u8 *)regs->ip, loglvl); + show_opcodes(regs, loglvl); } static void -- 2.19.0.rc1.350.ge57e33dbd1-goog

6 years, 9 months

2
1
0 0

FAILED: patch "[PATCH] s390/lib: use expoline for all bcr instructions" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5eda25b10297684c1f46a14199ec00210f3c346e Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Mon, 6 Aug 2018 13:49:47 +0200 Subject: [PATCH] s390/lib: use expoline for all bcr instructions The memove, memset, memcpy, __memset16, __memset32 and __memset64 function have an additional indirect return branch in form of a "bzr" instruction. These need to use expolines as well. Cc: <stable(a)vger.kernel.org> # v4.17+ Fixes: 97489e0663 ("s390/lib: use expoline for indirect branches") Reviewed-by: Heiko Carstens <heiko.carstens(a)de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/lib/mem.S b/arch/s390/lib/mem.S index 2311f15be9cf..40c4d59c926e 100644 --- a/arch/s390/lib/mem.S +++ b/arch/s390/lib/mem.S @@ -17,7 +17,7 @@ ENTRY(memmove) ltgr %r4,%r4 lgr %r1,%r2 - bzr %r14 + jz .Lmemmove_exit aghi %r4,-1 clgr %r2,%r3 jnh .Lmemmove_forward @@ -36,6 +36,7 @@ ENTRY(memmove) .Lmemmove_forward_remainder: larl %r5,.Lmemmove_mvc ex %r4,0(%r5) +.Lmemmove_exit: BR_EX %r14 .Lmemmove_reverse: ic %r0,0(%r4,%r3) @@ -65,7 +66,7 @@ EXPORT_SYMBOL(memmove) */ ENTRY(memset) ltgr %r4,%r4 - bzr %r14 + jz .Lmemset_exit ltgr %r3,%r3 jnz .Lmemset_fill aghi %r4,-1 @@ -80,6 +81,7 @@ ENTRY(memset) .Lmemset_clear_remainder: larl %r3,.Lmemset_xc ex %r4,0(%r3) +.Lmemset_exit: BR_EX %r14 .Lmemset_fill: cghi %r4,1 @@ -115,7 +117,7 @@ EXPORT_SYMBOL(memset) */ ENTRY(memcpy) ltgr %r4,%r4 - bzr %r14 + jz .Lmemcpy_exit aghi %r4,-1 srlg %r5,%r4,8 ltgr %r5,%r5 @@ -124,6 +126,7 @@ ENTRY(memcpy) .Lmemcpy_remainder: larl %r5,.Lmemcpy_mvc ex %r4,0(%r5) +.Lmemcpy_exit: BR_EX %r14 .Lmemcpy_loop: mvc 0(256,%r1),0(%r3) @@ -145,9 +148,9 @@ EXPORT_SYMBOL(memcpy) .macro __MEMSET bits,bytes,insn ENTRY(__memset\bits) ltgr %r4,%r4 - bzr %r14 + jz .L__memset_exit\bits cghi %r4,\bytes - je .L__memset_exit\bits + je .L__memset_store\bits aghi %r4,-(\bytes+1) srlg %r5,%r4,8 ltgr %r5,%r5 @@ -163,8 +166,9 @@ ENTRY(__memset\bits) larl %r5,.L__memset_mvc\bits ex %r4,0(%r5) BR_EX %r14 -.L__memset_exit\bits: +.L__memset_store\bits: \insn %r3,0(%r2) +.L__memset_exit\bits: BR_EX %r14 .L__memset_mvc\bits: mvc \bytes(1,%r1),0(%r1)

6 years, 9 months

2
1
0 0

FAILED: patch "[PATCH] s390/lib: use expoline for all bcr instructions" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5eda25b10297684c1f46a14199ec00210f3c346e Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Date: Mon, 6 Aug 2018 13:49:47 +0200 Subject: [PATCH] s390/lib: use expoline for all bcr instructions The memove, memset, memcpy, __memset16, __memset32 and __memset64 function have an additional indirect return branch in form of a "bzr" instruction. These need to use expolines as well. Cc: <stable(a)vger.kernel.org> # v4.17+ Fixes: 97489e0663 ("s390/lib: use expoline for indirect branches") Reviewed-by: Heiko Carstens <heiko.carstens(a)de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky(a)de.ibm.com> diff --git a/arch/s390/lib/mem.S b/arch/s390/lib/mem.S index 2311f15be9cf..40c4d59c926e 100644 --- a/arch/s390/lib/mem.S +++ b/arch/s390/lib/mem.S @@ -17,7 +17,7 @@ ENTRY(memmove) ltgr %r4,%r4 lgr %r1,%r2 - bzr %r14 + jz .Lmemmove_exit aghi %r4,-1 clgr %r2,%r3 jnh .Lmemmove_forward @@ -36,6 +36,7 @@ ENTRY(memmove) .Lmemmove_forward_remainder: larl %r5,.Lmemmove_mvc ex %r4,0(%r5) +.Lmemmove_exit: BR_EX %r14 .Lmemmove_reverse: ic %r0,0(%r4,%r3) @@ -65,7 +66,7 @@ EXPORT_SYMBOL(memmove) */ ENTRY(memset) ltgr %r4,%r4 - bzr %r14 + jz .Lmemset_exit ltgr %r3,%r3 jnz .Lmemset_fill aghi %r4,-1 @@ -80,6 +81,7 @@ ENTRY(memset) .Lmemset_clear_remainder: larl %r3,.Lmemset_xc ex %r4,0(%r3) +.Lmemset_exit: BR_EX %r14 .Lmemset_fill: cghi %r4,1 @@ -115,7 +117,7 @@ EXPORT_SYMBOL(memset) */ ENTRY(memcpy) ltgr %r4,%r4 - bzr %r14 + jz .Lmemcpy_exit aghi %r4,-1 srlg %r5,%r4,8 ltgr %r5,%r5 @@ -124,6 +126,7 @@ ENTRY(memcpy) .Lmemcpy_remainder: larl %r5,.Lmemcpy_mvc ex %r4,0(%r5) +.Lmemcpy_exit: BR_EX %r14 .Lmemcpy_loop: mvc 0(256,%r1),0(%r3) @@ -145,9 +148,9 @@ EXPORT_SYMBOL(memcpy) .macro __MEMSET bits,bytes,insn ENTRY(__memset\bits) ltgr %r4,%r4 - bzr %r14 + jz .L__memset_exit\bits cghi %r4,\bytes - je .L__memset_exit\bits + je .L__memset_store\bits aghi %r4,-(\bytes+1) srlg %r5,%r4,8 ltgr %r5,%r5 @@ -163,8 +166,9 @@ ENTRY(__memset\bits) larl %r5,.L__memset_mvc\bits ex %r4,0(%r5) BR_EX %r14 -.L__memset_exit\bits: +.L__memset_store\bits: \insn %r3,0(%r2) +.L__memset_exit\bits: BR_EX %r14 .L__memset_mvc\bits: mvc \bytes(1,%r1),0(%r1)

6 years, 9 months

2
1
0 0

Applied "spi: tegra20-slink: explicitly enable/disable clock" to the spi tree

by Mark Brown

The patch spi: tegra20-slink: explicitly enable/disable clock has been applied to the spi tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 7001cab1dabc0b72b2b672ef58a90ab64f5e2343 Mon Sep 17 00:00:00 2001 From: Marcel Ziswiler <marcel.ziswiler(a)toradex.com> Date: Wed, 29 Aug 2018 08:47:57 +0200 Subject: [PATCH] spi: tegra20-slink: explicitly enable/disable clock Depending on the SPI instance one may get an interrupt storm upon requesting resp. interrupt unless the clock is explicitly enabled beforehand. This has been observed trying to bring up instance 4 on T20. Signed-off-by: Marcel Ziswiler <marcel.ziswiler(a)toradex.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/spi/spi-tegra20-slink.c | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/drivers/spi/spi-tegra20-slink.c b/drivers/spi/spi-tegra20-slink.c index 6f7b946b5ced..1427f343b39a 100644 --- a/drivers/spi/spi-tegra20-slink.c +++ b/drivers/spi/spi-tegra20-slink.c @@ -1063,6 +1063,24 @@ static int tegra_slink_probe(struct platform_device *pdev) goto exit_free_master; } + /* disabled clock may cause interrupt storm upon request */ + tspi->clk = devm_clk_get(&pdev->dev, NULL); + if (IS_ERR(tspi->clk)) { + ret = PTR_ERR(tspi->clk); + dev_err(&pdev->dev, "Can not get clock %d\n", ret); + goto exit_free_master; + } + ret = clk_prepare(tspi->clk); + if (ret < 0) { + dev_err(&pdev->dev, "Clock prepare failed %d\n", ret); + goto exit_free_master; + } + ret = clk_enable(tspi->clk); + if (ret < 0) { + dev_err(&pdev->dev, "Clock enable failed %d\n", ret); + goto exit_free_master; + } + spi_irq = platform_get_irq(pdev, 0); tspi->irq = spi_irq; ret = request_threaded_irq(tspi->irq, tegra_slink_isr, @@ -1071,14 +1089,7 @@ static int tegra_slink_probe(struct platform_device *pdev) if (ret < 0) { dev_err(&pdev->dev, "Failed to register ISR for IRQ %d\n", tspi->irq); - goto exit_free_master; - } - - tspi->clk = devm_clk_get(&pdev->dev, NULL); - if (IS_ERR(tspi->clk)) { - dev_err(&pdev->dev, "can not get clock\n"); - ret = PTR_ERR(tspi->clk); - goto exit_free_irq; + goto exit_clk_disable; } tspi->rst = devm_reset_control_get_exclusive(&pdev->dev, "spi"); @@ -1138,6 +1149,8 @@ static int tegra_slink_probe(struct platform_device *pdev) tegra_slink_deinit_dma_param(tspi, true); exit_free_irq: free_irq(spi_irq, tspi); +exit_clk_disable: + clk_disable(tspi->clk); exit_free_master: spi_master_put(master); return ret; @@ -1150,6 +1163,8 @@ static int tegra_slink_remove(struct platform_device *pdev) free_irq(tspi->irq, tspi); + clk_disable(tspi->clk); + if (tspi->tx_dma_chan) tegra_slink_deinit_dma_param(tspi, false); -- 2.19.0.rc1

6 years, 9 months

1
0
0 0

Applied "ASoC: rsnd: fixup not to call clk_get/set under non-atomic" to the asoc tree

by Mark Brown

The patch ASoC: rsnd: fixup not to call clk_get/set under non-atomic has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 4d230d12710646788af581ba0155d83ab48b955c Mon Sep 17 00:00:00 2001 From: Jiada Wang <jiada_wang(a)mentor.com> Date: Mon, 3 Sep 2018 07:08:58 +0000 Subject: [PATCH] ASoC: rsnd: fixup not to call clk_get/set under non-atomic Clocking operations clk_get/set_rate, are non-atomic, they shouldn't be called in soc_pcm_trigger() which is atomic. Following issue was found due to execution of clk_get_rate() causes sleep in soc_pcm_trigger(), which shouldn't be blocked. We can reproduce this issue by following > enable CONFIG_DEBUG_ATOMIC_SLEEP=y > compile, and boot > mount -t debugfs none /sys/kernel/debug > while true; do cat /sys/kernel/debug/clk/clk_summary > /dev/null; done & > while true; do aplay xxx; done This patch adds support to .prepare callback, and moves non-atomic clocking operations to it. As .prepare is non-atomic, it is always called before trigger_start/trigger_stop. BUG: sleeping function called from invalid context at kernel/locking/mutex.c:620 in_atomic(): 1, irqs_disabled(): 128, pid: 2242, name: aplay INFO: lockdep is turned off. irq event stamp: 5964 hardirqs last enabled at (5963): [<ffff200008e59e40>] mutex_lock_nested+0x6e8/0x6f0 hardirqs last disabled at (5964): [<ffff200008e623f0>] _raw_spin_lock_irqsave+0x24/0x68 softirqs last enabled at (5502): [<ffff200008081838>] __do_softirq+0x560/0x10c0 softirqs last disabled at (5495): [<ffff2000080c2e78>] irq_exit+0x160/0x25c Preemption disabled at:[ 62.904063] [<ffff200008be4d48>] snd_pcm_stream_lock+0xb4/0xc0 CPU: 2 PID: 2242 Comm: aplay Tainted: G B C 4.9.54+ #186 Hardware name: Renesas Salvator-X board based on r8a7795 (DT) Call trace: [<ffff20000808fe48>] dump_backtrace+0x0/0x37c [<ffff2000080901d8>] show_stack+0x14/0x1c [<ffff2000086f4458>] dump_stack+0xfc/0x154 [<ffff2000081134a0>] ___might_sleep+0x57c/0x58c [<ffff2000081136b8>] __might_sleep+0x208/0x21c [<ffff200008e5980c>] mutex_lock_nested+0xb4/0x6f0 [<ffff2000087cac74>] clk_prepare_lock+0xb0/0x184 [<ffff2000087cb094>] clk_core_get_rate+0x14/0x54 [<ffff2000087cb0f4>] clk_get_rate+0x20/0x34 [<ffff20000113aa00>] rsnd_adg_ssi_clk_try_start+0x158/0x4f8 [snd_soc_rcar] [<ffff20000113da00>] rsnd_ssi_init+0x668/0x7a0 [snd_soc_rcar] [<ffff200001133ff4>] rsnd_soc_dai_trigger+0x4bc/0xcf8 [snd_soc_rcar] [<ffff200008c1af24>] soc_pcm_trigger+0x2a4/0x2d4 Fixes: e7d850dd10f4 ("ASoC: rsnd: use mod base common method on SSI-parent") Signed-off-by: Jiada Wang <jiada_wang(a)mentor.com> Signed-off-by: Timo Wischer <twischer(a)de.adit-jv.com> [Kuninori: tidyup for upstream] Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> Tested-by: Hiroyuki Yokoyama <hiroyuki.yokoyama.vx(a)renesas.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- sound/soc/sh/rcar/core.c | 11 +++++++++++ sound/soc/sh/rcar/rsnd.h | 7 +++++++ sound/soc/sh/rcar/ssi.c | 16 ++++++++++------ 3 files changed, 28 insertions(+), 6 deletions(-) diff --git a/sound/soc/sh/rcar/core.c b/sound/soc/sh/rcar/core.c index f8425d8b44d2..b35f5509cfe2 100644 --- a/sound/soc/sh/rcar/core.c +++ b/sound/soc/sh/rcar/core.c @@ -958,12 +958,23 @@ static void rsnd_soc_dai_shutdown(struct snd_pcm_substream *substream, rsnd_dai_stream_quit(io); } +static int rsnd_soc_dai_prepare(struct snd_pcm_substream *substream, + struct snd_soc_dai *dai) +{ + struct rsnd_priv *priv = rsnd_dai_to_priv(dai); + struct rsnd_dai *rdai = rsnd_dai_to_rdai(dai); + struct rsnd_dai_stream *io = rsnd_rdai_to_io(rdai, substream); + + return rsnd_dai_call(prepare, io, priv); +} + static const struct snd_soc_dai_ops rsnd_soc_dai_ops = { .startup = rsnd_soc_dai_startup, .shutdown = rsnd_soc_dai_shutdown, .trigger = rsnd_soc_dai_trigger, .set_fmt = rsnd_soc_dai_set_fmt, .set_tdm_slot = rsnd_soc_set_dai_tdm_slot, + .prepare = rsnd_soc_dai_prepare, }; void rsnd_parse_connect_common(struct rsnd_dai *rdai, diff --git a/sound/soc/sh/rcar/rsnd.h b/sound/soc/sh/rcar/rsnd.h index 96d93330b1e1..8f7a0abfa751 100644 --- a/sound/soc/sh/rcar/rsnd.h +++ b/sound/soc/sh/rcar/rsnd.h @@ -280,6 +280,9 @@ struct rsnd_mod_ops { int (*nolock_stop)(struct rsnd_mod *mod, struct rsnd_dai_stream *io, struct rsnd_priv *priv); + int (*prepare)(struct rsnd_mod *mod, + struct rsnd_dai_stream *io, + struct rsnd_priv *priv); }; struct rsnd_dai_stream; @@ -309,6 +312,7 @@ struct rsnd_mod { * H 0: fallback * H 0: hw_params * H 0: pointer + * H 0: prepare */ #define __rsnd_mod_shift_nolock_start 0 #define __rsnd_mod_shift_nolock_stop 0 @@ -323,6 +327,7 @@ struct rsnd_mod { #define __rsnd_mod_shift_fallback 28 /* always called */ #define __rsnd_mod_shift_hw_params 28 /* always called */ #define __rsnd_mod_shift_pointer 28 /* always called */ +#define __rsnd_mod_shift_prepare 28 /* always called */ #define __rsnd_mod_add_probe 0 #define __rsnd_mod_add_remove 0 @@ -337,6 +342,7 @@ struct rsnd_mod { #define __rsnd_mod_add_fallback 0 #define __rsnd_mod_add_hw_params 0 #define __rsnd_mod_add_pointer 0 +#define __rsnd_mod_add_prepare 0 #define __rsnd_mod_call_probe 0 #define __rsnd_mod_call_remove 0 @@ -351,6 +357,7 @@ struct rsnd_mod { #define __rsnd_mod_call_pointer 0 #define __rsnd_mod_call_nolock_start 0 #define __rsnd_mod_call_nolock_stop 1 +#define __rsnd_mod_call_prepare 0 #define rsnd_mod_to_priv(mod) ((mod)->priv) #define rsnd_mod_name(mod) ((mod)->ops->name) diff --git a/sound/soc/sh/rcar/ssi.c b/sound/soc/sh/rcar/ssi.c index 8304e4ec9242..3f880ec66459 100644 --- a/sound/soc/sh/rcar/ssi.c +++ b/sound/soc/sh/rcar/ssi.c @@ -283,7 +283,7 @@ static int rsnd_ssi_master_clk_start(struct rsnd_mod *mod, if (rsnd_ssi_is_multi_slave(mod, io)) return 0; - if (ssi->usrcnt > 1) { + if (ssi->rate) { if (ssi->rate != rate) { dev_err(dev, "SSI parent/child should use same rate\n"); return -EINVAL; @@ -434,7 +434,6 @@ static int rsnd_ssi_init(struct rsnd_mod *mod, struct rsnd_priv *priv) { struct rsnd_ssi *ssi = rsnd_mod_to_ssi(mod); - int ret; if (!rsnd_ssi_is_run_mods(mod, io)) return 0; @@ -443,10 +442,6 @@ static int rsnd_ssi_init(struct rsnd_mod *mod, rsnd_mod_power_on(mod); - ret = rsnd_ssi_master_clk_start(mod, io); - if (ret < 0) - return ret; - rsnd_ssi_config_init(mod, io); rsnd_ssi_register_setup(mod); @@ -852,6 +847,13 @@ static int rsnd_ssi_pio_pointer(struct rsnd_mod *mod, return 0; } +static int rsnd_ssi_prepare(struct rsnd_mod *mod, + struct rsnd_dai_stream *io, + struct rsnd_priv *priv) +{ + return rsnd_ssi_master_clk_start(mod, io); +} + static struct rsnd_mod_ops rsnd_ssi_pio_ops = { .name = SSI_NAME, .probe = rsnd_ssi_common_probe, @@ -864,6 +866,7 @@ static struct rsnd_mod_ops rsnd_ssi_pio_ops = { .pointer = rsnd_ssi_pio_pointer, .pcm_new = rsnd_ssi_pcm_new, .hw_params = rsnd_ssi_hw_params, + .prepare = rsnd_ssi_prepare, }; static int rsnd_ssi_dma_probe(struct rsnd_mod *mod, @@ -940,6 +943,7 @@ static struct rsnd_mod_ops rsnd_ssi_dma_ops = { .pcm_new = rsnd_ssi_pcm_new, .fallback = rsnd_ssi_fallback, .hw_params = rsnd_ssi_hw_params, + .prepare = rsnd_ssi_prepare, }; int rsnd_ssi_is_dma_mode(struct rsnd_mod *mod) -- 2.19.0.rc1

6 years, 9 months

1
0
0 0

[PATCH AUTOSEL 4.4 01/47] misc: mic: SCIF Fix scif_get_new_port() error handling

by Sasha Levin

From: Dan Carpenter <dan.carpenter(a)oracle.com> [ Upstream commit a39284ae9d2ad09975c8ae33f1bd0f05fbfbf6ee ] There are only 2 callers of scif_get_new_port() and both appear to get the error handling wrong. Both treat zero returns as error, but it actually returns negative error codes and >= 0 on success. Fixes: e9089f43c9a7 ("misc: mic: SCIF open close bind and listen APIs") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/misc/mic/scif/scif_api.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/drivers/misc/mic/scif/scif_api.c b/drivers/misc/mic/scif/scif_api.c index ddc9e4b08b5c..56efa9d18a9a 100644 --- a/drivers/misc/mic/scif/scif_api.c +++ b/drivers/misc/mic/scif/scif_api.c @@ -370,11 +370,10 @@ int scif_bind(scif_epd_t epd, u16 pn) goto scif_bind_exit; } } else { - pn = scif_get_new_port(); - if (!pn) { - ret = -ENOSPC; + ret = scif_get_new_port(); + if (ret < 0) goto scif_bind_exit; - } + pn = ret; } ep->state = SCIFEP_BOUND; @@ -648,13 +647,12 @@ int __scif_connect(scif_epd_t epd, struct scif_port_id *dst, bool non_block) err = -EISCONN; break; case SCIFEP_UNBOUND: - ep->port.port = scif_get_new_port(); - if (!ep->port.port) { - err = -ENOSPC; - } else { - ep->port.node = scif_info.nodeid; - ep->conn_async_state = ASYNC_CONN_IDLE; - } + err = scif_get_new_port(); + if (err < 0) + break; + ep->port.port = err; + ep->port.node = scif_info.nodeid; + ep->conn_async_state = ASYNC_CONN_IDLE; /* Fall through */ case SCIFEP_BOUND: /* -- 2.17.1

6 years, 9 months

2
47
0 0

[PATCH] Revert "ARM: imx_v6_v7_defconfig: Select ULPI support"

by Fabio Estevam

From: Fabio Estevam <fabio.estevam(a)nxp.com> This reverts commit 0d0af17ae83d6feb29d676c72423461419df5110. This commit causes reboot to fail on imx6 wandboard, so let's revert it. Cc: <stable(a)vger.kernel.org> #4.4 Reported-by: Rasmus Villemoes <rasmus.villemoes(a)prevas.dk> Signed-off-by: Fabio Estevam <fabio.estevam(a)nxp.com> --- arch/arm/configs/imx_v6_v7_defconfig | 2 -- 1 file changed, 2 deletions(-) diff --git a/arch/arm/configs/imx_v6_v7_defconfig b/arch/arm/configs/imx_v6_v7_defconfig index b3490c1..4187f69 100644 --- a/arch/arm/configs/imx_v6_v7_defconfig +++ b/arch/arm/configs/imx_v6_v7_defconfig @@ -261,7 +261,6 @@ CONFIG_USB_STORAGE=y CONFIG_USB_CHIPIDEA=y CONFIG_USB_CHIPIDEA_UDC=y CONFIG_USB_CHIPIDEA_HOST=y -CONFIG_USB_CHIPIDEA_ULPI=y CONFIG_USB_SERIAL=m CONFIG_USB_SERIAL_GENERIC=y CONFIG_USB_SERIAL_FTDI_SIO=m @@ -288,7 +287,6 @@ CONFIG_USB_G_NCM=m CONFIG_USB_GADGETFS=m CONFIG_USB_MASS_STORAGE=m CONFIG_USB_G_SERIAL=m -CONFIG_USB_ULPI_BUS=y CONFIG_MMC=y CONFIG_MMC_SDHCI=y CONFIG_MMC_SDHCI_PLTFM=y -- 2.7.4

6 years, 9 months

1
0
0 0

[PATCH] Revert "ARM: imx_v6_v7_defconfig: Select ULPI support"

by Fabio Estevam

From: Fabio Estevam <fabio.estevam(a)nxp.com> This reverts commit 721476147fd2571309b6aa6daa695b39170602ef. This commit causes reboot to fail on imx6 wandboard, so let's revert it. Cc: <stable(a)vger.kernel.org> #4.9 Reported-by: Rasmus Villemoes <rasmus.villemoes(a)prevas.dk> Signed-off-by: Fabio Estevam <fabio.estevam(a)nxp.com> --- arch/arm/configs/imx_v6_v7_defconfig | 2 -- 1 file changed, 2 deletions(-) diff --git a/arch/arm/configs/imx_v6_v7_defconfig b/arch/arm/configs/imx_v6_v7_defconfig index 6b7d4f5..8ec4dbb 100644 --- a/arch/arm/configs/imx_v6_v7_defconfig +++ b/arch/arm/configs/imx_v6_v7_defconfig @@ -271,7 +271,6 @@ CONFIG_USB_STORAGE=y CONFIG_USB_CHIPIDEA=y CONFIG_USB_CHIPIDEA_UDC=y CONFIG_USB_CHIPIDEA_HOST=y -CONFIG_USB_CHIPIDEA_ULPI=y CONFIG_USB_SERIAL=m CONFIG_USB_SERIAL_GENERIC=y CONFIG_USB_SERIAL_FTDI_SIO=m @@ -308,7 +307,6 @@ CONFIG_USB_GADGETFS=m CONFIG_USB_FUNCTIONFS=m CONFIG_USB_MASS_STORAGE=m CONFIG_USB_G_SERIAL=m -CONFIG_USB_ULPI_BUS=y CONFIG_MMC=y CONFIG_MMC_SDHCI=y CONFIG_MMC_SDHCI_PLTFM=y -- 2.7.4

6 years, 9 months

1
0
0 0

[PATCH] Revert "ARM: imx_v6_v7_defconfig: Select ULPI support"

by Fabio Estevam

From: Fabio Estevam <fabio.estevam(a)nxp.com> This reverts commit 2059e527a659cf16d6bb709f1c8509f7a7623fc4. This commit causes reboot to fail on imx6 wandboard, so let's revert it. Cc: <stable(a)vger.kernel.org> #4.14 Reported-by: Rasmus Villemoes <rasmus.villemoes(a)prevas.dk> Signed-off-by: Fabio Estevam <fabio.estevam(a)nxp.com> --- arch/arm/configs/imx_v6_v7_defconfig | 2 -- 1 file changed, 2 deletions(-) diff --git a/arch/arm/configs/imx_v6_v7_defconfig b/arch/arm/configs/imx_v6_v7_defconfig index 21ac9f0..32acac9 100644 --- a/arch/arm/configs/imx_v6_v7_defconfig +++ b/arch/arm/configs/imx_v6_v7_defconfig @@ -289,7 +289,6 @@ CONFIG_USB_STORAGE=y CONFIG_USB_CHIPIDEA=y CONFIG_USB_CHIPIDEA_UDC=y CONFIG_USB_CHIPIDEA_HOST=y -CONFIG_USB_CHIPIDEA_ULPI=y CONFIG_USB_SERIAL=m CONFIG_USB_SERIAL_GENERIC=y CONFIG_USB_SERIAL_FTDI_SIO=m @@ -326,7 +325,6 @@ CONFIG_USB_GADGETFS=m CONFIG_USB_FUNCTIONFS=m CONFIG_USB_MASS_STORAGE=m CONFIG_USB_G_SERIAL=m -CONFIG_USB_ULPI_BUS=y CONFIG_MMC=y CONFIG_MMC_SDHCI=y CONFIG_MMC_SDHCI_PLTFM=y -- 2.7.4

6 years, 9 months

1
0
0 0

[PATCH v2 02/10] usb: roles: Handle driver reference counting

by Heikki Krogerus

This fixes potential "BUG: unable to handle kernel paging request at ..." from happening. Fixes: fde0aa6c175a ("usb: common: Small class for USB role switches") Cc: <stable(a)vger.kernel.org> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- drivers/usb/common/roles.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/usb/common/roles.c b/drivers/usb/common/roles.c index 15cc76e22123..3d8a776e55ee 100644 --- a/drivers/usb/common/roles.c +++ b/drivers/usb/common/roles.c @@ -109,8 +109,15 @@ static void *usb_role_switch_match(struct device_connection *con, int ep, */ struct usb_role_switch *usb_role_switch_get(struct device *dev) { - return device_connection_find_match(dev, "usb-role-switch", NULL, - usb_role_switch_match); + struct usb_role_switch *sw; + + sw = device_connection_find_match(dev, "usb-role-switch", NULL, + usb_role_switch_match); + + if (!IS_ERR(sw)) + WARN_ON(!try_module_get(sw->dev.parent->driver->owner)); + + return sw; } EXPORT_SYMBOL_GPL(usb_role_switch_get); @@ -122,8 +129,10 @@ EXPORT_SYMBOL_GPL(usb_role_switch_get); */ void usb_role_switch_put(struct usb_role_switch *sw) { - if (!IS_ERR_OR_NULL(sw)) + if (!IS_ERR_OR_NULL(sw)) { put_device(&sw->dev); + module_put(sw->dev.parent->driver->owner); + } } EXPORT_SYMBOL_GPL(usb_role_switch_put); -- 2.18.0

6 years, 9 months

1
0
0 0

[PATCH v2 01/10] usb: typec: Take care of driver module reference counting

by Heikki Krogerus

Functions typec_mux_get() and typec_switch_get() already make sure that the mux device reference count is incremented, but the same must be done to the driver module as well to prevent the drivers from being unloaded in the middle of operation. This fixes a potential "BUG: unable to handle kernel paging request at ..." from happening. Fixes: 93dd2112c7b2 ("usb: typec: mux: Get the mux identifier from function parameter") Cc: <stable(a)vger.kernel.org> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- drivers/usb/typec/mux.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/drivers/usb/typec/mux.c b/drivers/usb/typec/mux.c index ddaac63ecf12..d990aa510fab 100644 --- a/drivers/usb/typec/mux.c +++ b/drivers/usb/typec/mux.c @@ -9,6 +9,7 @@ #include <linux/device.h> #include <linux/list.h> +#include <linux/module.h> #include <linux/mutex.h> #include <linux/usb/typec_mux.h> @@ -49,8 +50,10 @@ struct typec_switch *typec_switch_get(struct device *dev) mutex_lock(&switch_lock); sw = device_connection_find_match(dev, "typec-switch", NULL, typec_switch_match); - if (!IS_ERR_OR_NULL(sw)) + if (!IS_ERR_OR_NULL(sw)) { + WARN_ON(!try_module_get(sw->dev->driver->owner)); get_device(sw->dev); + } mutex_unlock(&switch_lock); return sw; @@ -65,8 +68,10 @@ EXPORT_SYMBOL_GPL(typec_switch_get); */ void typec_switch_put(struct typec_switch *sw) { - if (!IS_ERR_OR_NULL(sw)) + if (!IS_ERR_OR_NULL(sw)) { + module_put(sw->dev->driver->owner); put_device(sw->dev); + } } EXPORT_SYMBOL_GPL(typec_switch_put); @@ -136,8 +141,10 @@ struct typec_mux *typec_mux_get(struct device *dev, const char *name) mutex_lock(&mux_lock); mux = device_connection_find_match(dev, name, NULL, typec_mux_match); - if (!IS_ERR_OR_NULL(mux)) + if (!IS_ERR_OR_NULL(mux)) { + WARN_ON(!try_module_get(mux->dev->driver->owner)); get_device(mux->dev); + } mutex_unlock(&mux_lock); return mux; @@ -152,8 +159,10 @@ EXPORT_SYMBOL_GPL(typec_mux_get); */ void typec_mux_put(struct typec_mux *mux) { - if (!IS_ERR_OR_NULL(mux)) + if (!IS_ERR_OR_NULL(mux)) { + module_put(mux->dev->driver->owner); put_device(mux->dev); + } } EXPORT_SYMBOL_GPL(typec_mux_put); -- 2.18.0

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] watchdog: Mark watchdog touch functions as notrace" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From cb9d7fd51d9fbb329d182423bd7b92d0f8cb0e01 Mon Sep 17 00:00:00 2001 From: Vincent Whitchurch <vincent.whitchurch(a)axis.com> Date: Tue, 21 Aug 2018 17:25:07 +0200 Subject: [PATCH] watchdog: Mark watchdog touch functions as notrace Some architectures need to use stop_machine() to patch functions for ftrace, and the assumption is that the stopped CPUs do not make function calls to traceable functions when they are in the stopped state. Commit ce4f06dcbb5d ("stop_machine: Touch_nmi_watchdog() after MULTI_STOP_PREPARE") added calls to the watchdog touch functions from the stopped CPUs and those functions lack notrace annotations. This leads to crashes when enabling/disabling ftrace on ARM kernels built with the Thumb-2 instruction set. Fix it by adding the necessary notrace annotations. Fixes: ce4f06dcbb5d ("stop_machine: Touch_nmi_watchdog() after MULTI_STOP_PREPARE") Signed-off-by: Vincent Whitchurch <vincent.whitchurch(a)axis.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: oleg(a)redhat.com Cc: tj(a)kernel.org Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20180821152507.18313-1-vincent.whitchurch@axis.com diff --git a/kernel/watchdog.c b/kernel/watchdog.c index 5470dce212c0..977918d5d350 100644 --- a/kernel/watchdog.c +++ b/kernel/watchdog.c @@ -261,7 +261,7 @@ static void __touch_watchdog(void) * entering idle state. This should only be used for scheduler events. * Use touch_softlockup_watchdog() for everything else. */ -void touch_softlockup_watchdog_sched(void) +notrace void touch_softlockup_watchdog_sched(void) { /* * Preemption can be enabled. It doesn't matter which CPU's timestamp @@ -270,7 +270,7 @@ void touch_softlockup_watchdog_sched(void) raw_cpu_write(watchdog_touch_ts, 0); } -void touch_softlockup_watchdog(void) +notrace void touch_softlockup_watchdog(void) { touch_softlockup_watchdog_sched(); wq_watchdog_touch(raw_smp_processor_id()); diff --git a/kernel/watchdog_hld.c b/kernel/watchdog_hld.c index 1f7020d65d0a..71381168dede 100644 --- a/kernel/watchdog_hld.c +++ b/kernel/watchdog_hld.c @@ -29,7 +29,7 @@ static struct cpumask dead_events_mask; static unsigned long hardlockup_allcpu_dumped; static atomic_t watchdog_cpus = ATOMIC_INIT(0); -void arch_touch_nmi_watchdog(void) +notrace void arch_touch_nmi_watchdog(void) { /* * Using __raw here because some code paths have diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 60e80198c3df..0280deac392e 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -5574,7 +5574,7 @@ static void wq_watchdog_timer_fn(struct timer_list *unused) mod_timer(&wq_watchdog_timer, jiffies + thresh); } -void wq_watchdog_touch(int cpu) +notrace void wq_watchdog_touch(int cpu) { if (cpu >= 0) per_cpu(wq_watchdog_touched_cpu, cpu) = jiffies;

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] power: generic-adc-battery: fix out-of-bounds write when" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 932d47448c3caa0fa99e84d7f5bc302aa286efd8 Mon Sep 17 00:00:00 2001 From: "H. Nikolaus Schaller" <hns(a)goldelico.com> Date: Tue, 26 Jun 2018 15:28:29 +0200 Subject: [PATCH] power: generic-adc-battery: fix out-of-bounds write when copying channel properties We did have sporadic problems in the pinctrl framework during boot where a pin group name unexpectedly became NULL leading to a NULL dereference in strcmp. Detailled analysis of the failing cases did reveal that there were two devm allocated objects close to each other. The second one was the affected group_desc in pinmux and the first one was the psy_desc->properties buffer of the gab driver. Review of the gab code showed that the address calculation for one memcpy() is wrong. It does properties + sizeof(type) * index but C is defined to do the index multiplication already for pointer + integer additions. Hence the factor was applied twice and the memcpy() does write outside of the properties buffer. Sometimes it happened to be the pinctrl and triggered the strcmp(NULL). Anyways, it is overkill to use a memcpy() here instead of a simple assignment, which is easier to read and has less risk for wrong address calculations. So we change code to a simple assignment. If we initialize the index to the first free location, we can even remove the local variable 'properties'. This bug seems to exist right from the beginning in 3.7-rc1 in commit e60fea794e6e ("power: battery: Generic battery driver using IIO") Signed-off-by: H. Nikolaus Schaller <hns(a)goldelico.com> Cc: stable(a)vger.kernel.org Fixes: e60fea794e6e ("power: battery: Generic battery driver using IIO") Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.co.uk> diff --git a/drivers/power/supply/generic-adc-battery.c b/drivers/power/supply/generic-adc-battery.c index 28dc056eaafa..11f59275bff4 100644 --- a/drivers/power/supply/generic-adc-battery.c +++ b/drivers/power/supply/generic-adc-battery.c @@ -241,10 +241,9 @@ static int gab_probe(struct platform_device *pdev) struct power_supply_desc *psy_desc; struct power_supply_config psy_cfg = {}; struct gab_platform_data *pdata = pdev->dev.platform_data; - enum power_supply_property *properties; int ret = 0; int chan; - int index = 0; + int index = ARRAY_SIZE(gab_props); adc_bat = devm_kzalloc(&pdev->dev, sizeof(*adc_bat), GFP_KERNEL); if (!adc_bat) { @@ -278,8 +277,6 @@ static int gab_probe(struct platform_device *pdev) } memcpy(psy_desc->properties, gab_props, sizeof(gab_props)); - properties = (enum power_supply_property *) - ((char *)psy_desc->properties + sizeof(gab_props)); /* * getting channel from iio and copying the battery properties @@ -293,15 +290,12 @@ static int gab_probe(struct platform_device *pdev) adc_bat->channel[chan] = NULL; } else { /* copying properties for supported channels only */ - memcpy(properties + sizeof(*(psy_desc->properties)) * index, - &gab_dyn_props[chan], - sizeof(gab_dyn_props[chan])); - index++; + psy_desc->properties[index++] = gab_dyn_props[chan]; } } /* none of the channels are supported so let's bail out */ - if (index == 0) { + if (index == ARRAY_SIZE(gab_props)) { ret = -ENODEV; goto second_mem_fail; } @@ -312,7 +306,7 @@ static int gab_probe(struct platform_device *pdev) * as come channels may be not be supported by the device.So * we need to take care of that. */ - psy_desc->num_properties = ARRAY_SIZE(gab_props) + index; + psy_desc->num_properties = index; adc_bat->psy = power_supply_register(&pdev->dev, psy_desc, &psy_cfg); if (IS_ERR(adc_bat->psy)) {

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] power: generic-adc-battery: check for duplicate properties" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From a427503edaaed9b75ed9746a654cece7e93e60a8 Mon Sep 17 00:00:00 2001 From: "H. Nikolaus Schaller" <hns(a)goldelico.com> Date: Tue, 26 Jun 2018 15:28:30 +0200 Subject: [PATCH] power: generic-adc-battery: check for duplicate properties copied from iio channels If an iio channel defines a basic property, there are duplicate entries in /sys/class/power/*/uevent. So add a check to avoid duplicates. Since all channels may be duplicates, we have to modify the related error check. Signed-off-by: H. Nikolaus Schaller <hns(a)goldelico.com> Cc: stable(a)vger.kernel.org Fixes: e60fea794e6e ("power: battery: Generic battery driver using IIO") Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.co.uk> diff --git a/drivers/power/supply/generic-adc-battery.c b/drivers/power/supply/generic-adc-battery.c index 11f59275bff4..bc462d1ec963 100644 --- a/drivers/power/supply/generic-adc-battery.c +++ b/drivers/power/supply/generic-adc-battery.c @@ -244,6 +244,7 @@ static int gab_probe(struct platform_device *pdev) int ret = 0; int chan; int index = ARRAY_SIZE(gab_props); + bool any = false; adc_bat = devm_kzalloc(&pdev->dev, sizeof(*adc_bat), GFP_KERNEL); if (!adc_bat) { @@ -290,12 +291,22 @@ static int gab_probe(struct platform_device *pdev) adc_bat->channel[chan] = NULL; } else { /* copying properties for supported channels only */ - psy_desc->properties[index++] = gab_dyn_props[chan]; + int index2; + + for (index2 = 0; index2 < index; index2++) { + if (psy_desc->properties[index2] == + gab_dyn_props[chan]) + break; /* already known */ + } + if (index2 == index) /* really new */ + psy_desc->properties[index++] = + gab_dyn_props[chan]; + any = true; } } /* none of the channels are supported so let's bail out */ - if (index == ARRAY_SIZE(gab_props)) { + if (!any) { ret = -ENODEV; goto second_mem_fail; }

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] mei: bus: type promotion bug in mei_nfc_if_version()" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b40b3e9358fbafff6a4ba0f4b9658f6617146f9c Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Wed, 11 Jul 2018 15:29:31 +0300 Subject: [PATCH] mei: bus: type promotion bug in mei_nfc_if_version() We accidentally removed the check for negative returns without considering the issue of type promotion. The "if_version_length" variable is type size_t so if __mei_cl_recv() returns a negative then "bytes_recv" is type promoted to a high positive value and treated as success. Cc: <stable(a)vger.kernel.org> Fixes: 582ab27a063a ("mei: bus: fix received data size check in NFC fixup") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/misc/mei/bus-fixup.c b/drivers/misc/mei/bus-fixup.c index e45fe826d87d..65e28be3c8cc 100644 --- a/drivers/misc/mei/bus-fixup.c +++ b/drivers/misc/mei/bus-fixup.c @@ -341,7 +341,7 @@ static int mei_nfc_if_version(struct mei_cl *cl, ret = 0; bytes_recv = __mei_cl_recv(cl, (u8 *)reply, if_version_length, 0, 0); - if (bytes_recv < if_version_length) { + if (bytes_recv < 0 || bytes_recv < if_version_length) { dev_err(bus->dev, "Could not read IF version\n"); ret = -EIO; goto err;

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] mei: bus: type promotion bug in mei_nfc_if_version()" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b40b3e9358fbafff6a4ba0f4b9658f6617146f9c Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Wed, 11 Jul 2018 15:29:31 +0300 Subject: [PATCH] mei: bus: type promotion bug in mei_nfc_if_version() We accidentally removed the check for negative returns without considering the issue of type promotion. The "if_version_length" variable is type size_t so if __mei_cl_recv() returns a negative then "bytes_recv" is type promoted to a high positive value and treated as success. Cc: <stable(a)vger.kernel.org> Fixes: 582ab27a063a ("mei: bus: fix received data size check in NFC fixup") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/misc/mei/bus-fixup.c b/drivers/misc/mei/bus-fixup.c index e45fe826d87d..65e28be3c8cc 100644 --- a/drivers/misc/mei/bus-fixup.c +++ b/drivers/misc/mei/bus-fixup.c @@ -341,7 +341,7 @@ static int mei_nfc_if_version(struct mei_cl *cl, ret = 0; bytes_recv = __mei_cl_recv(cl, (u8 *)reply, if_version_length, 0, 0); - if (bytes_recv < if_version_length) { + if (bytes_recv < 0 || bytes_recv < if_version_length) { dev_err(bus->dev, "Could not read IF version\n"); ret = -EIO; goto err;

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] mei: bus: type promotion bug in mei_nfc_if_version()" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b40b3e9358fbafff6a4ba0f4b9658f6617146f9c Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Wed, 11 Jul 2018 15:29:31 +0300 Subject: [PATCH] mei: bus: type promotion bug in mei_nfc_if_version() We accidentally removed the check for negative returns without considering the issue of type promotion. The "if_version_length" variable is type size_t so if __mei_cl_recv() returns a negative then "bytes_recv" is type promoted to a high positive value and treated as success. Cc: <stable(a)vger.kernel.org> Fixes: 582ab27a063a ("mei: bus: fix received data size check in NFC fixup") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/misc/mei/bus-fixup.c b/drivers/misc/mei/bus-fixup.c index e45fe826d87d..65e28be3c8cc 100644 --- a/drivers/misc/mei/bus-fixup.c +++ b/drivers/misc/mei/bus-fixup.c @@ -341,7 +341,7 @@ static int mei_nfc_if_version(struct mei_cl *cl, ret = 0; bytes_recv = __mei_cl_recv(cl, (u8 *)reply, if_version_length, 0, 0); - if (bytes_recv < if_version_length) { + if (bytes_recv < 0 || bytes_recv < if_version_length) { dev_err(bus->dev, "Could not read IF version\n"); ret = -EIO; goto err;

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] scsi: mpt3sas: Fix calltrace observed while running IO &" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e70183143cc472960bc60dfee1b7bbe1949feffb Mon Sep 17 00:00:00 2001 From: Sreekanth Reddy <sreekanth.reddy(a)broadcom.com> Date: Thu, 12 Jul 2018 12:53:29 -0400 Subject: [PATCH] scsi: mpt3sas: Fix calltrace observed while running IO & reset Below kernel BUG was observed while running IOs with host reset (issued from application), mpt3sas_cm0: diag reset: SUCCESS ------------[ cut here ]------------ WARNING: CPU: 12 PID: 4336 at drivers/scsi/mpt3sas/mpt3sas_base.c:3282 mpt3sas_base_clear_st+0x3d/0x40 [mpt3sas] Modules linked in: macsec tcp_diag udp_diag inet_diag unix_diag af_packet_diag netlink_diag binfmt_misc fuse xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun devlink ip6t_rpfilter ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter sunrpc vfat fat sb_edac intel_powerclamp coretemp intel_rapl iosf_mbi kvm_intel kvm irqbypass crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ablk_helper cryptd iTCO_wdt iTCO_vendor_support dcdbas pcspkr joydev ipmi_ssif ses enclosure sg ipmi_devintf acpi_pad ipmi_msghandler acpi_power_meter mei_me lpc_ich wmi mei shpchp ip_tables xfs libcrc32c sd_mod crc_t10dif crct10dif_generic ata_generic pata_acpi uas usb_storage mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm ata_piix mpt3sas libata crct10dif_pclmul crct10dif_common tg3 crc32c_intel i2c_core raid_class ptp scsi_transport_sas pps_core dm_mirror dm_region_hash dm_log dm_mod CPU: 12 PID: 4336 Comm: python Kdump: loaded Tainted: G W ------------ 3.10.0-875.el7.brdc.x86_64 #1 Hardware name: Dell Inc. PowerEdge R820/0YWR73, BIOS 1.5.0 03/08/2013 Call Trace: [<ffffffff9cf16583>] dump_stack+0x19/0x1b [<ffffffff9c891698>] __warn+0xd8/0x100 [<ffffffff9c8917dd>] warn_slowpath_null+0x1d/0x20 [<ffffffffc04f3f4d>] mpt3sas_base_clear_st+0x3d/0x40 [mpt3sas] [<ffffffffc05047d2>] _scsih_flush_running_cmds+0x92/0xe0 [mpt3sas] [<ffffffffc05095db>] mpt3sas_scsih_reset_handler+0x43b/0xaf0 [mpt3sas] [<ffffffff9c894829>] ? vprintk_default+0x29/0x40 [<ffffffff9cf10531>] ? printk+0x60/0x77 [<ffffffffc04f06c8>] ? _base_diag_reset+0x238/0x340 [mpt3sas] [<ffffffffc04f794d>] mpt3sas_base_hard_reset_handler+0x1ad/0x420 [mpt3sas] [<ffffffffc05132b9>] _ctl_ioctl_main.isra.12+0x11b9/0x1200 [mpt3sas] [<ffffffffc068d585>] ? xfs_file_aio_write+0x155/0x1b0 [xfs] [<ffffffff9ca1a4e3>] ? do_sync_write+0x93/0xe0 [<ffffffffc051337a>] _ctl_ioctl+0x1a/0x20 [mpt3sas] [<ffffffff9ca2fe90>] do_vfs_ioctl+0x350/0x560 [<ffffffff9ca1dec1>] ? __sb_end_write+0x31/0x60 [<ffffffff9ca30141>] SyS_ioctl+0xa1/0xc0 [<ffffffff9cf28715>] ? system_call_after_swapgs+0xa2/0x146 [<ffffffff9cf287d5>] system_call_fastpath+0x1c/0x21 [<ffffffff9cf28721>] ? system_call_after_swapgs+0xae/0x146 ---[ end trace 5dac5b98d89aaa3c ]--- ------------[ cut here ]------------ kernel BUG at block/blk-core.c:1476! invalid opcode: 0000 [#1] SMP Modules linked in: macsec tcp_diag udp_diag inet_diag unix_diag af_packet_diag netlink_diag binfmt_misc fuse xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun devlink ip6t_rpfilter ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter sunrpc vfat fat sb_edac intel_powerclamp coretemp intel_rapl iosf_mbi kvm_intel kvm irqbypass crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ablk_helper cryptd iTCO_wdt iTCO_vendor_support dcdbas pcspkr joydev ipmi_ssif ses enclosure sg ipmi_devintf acpi_pad ipmi_msghandler acpi_power_meter mei_me lpc_ich wmi mei shpchp ip_tables xfs libcrc32c sd_mod crc_t10dif crct10dif_generic ata_generic pata_acpi uas usb_storage mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm ata_piix mpt3sas libata crct10dif_pclmul crct10dif_common tg3 crc32c_intel i2c_core raid_class ptp scsi_transport_sas pps_core dm_mirror dm_region_hash dm_log dm_mod CPU: 12 PID: 4336 Comm: python Kdump: loaded Tainted: G W ------------ 3.10.0-875.el7.brdc.x86_64 #1 Hardware name: Dell Inc. PowerEdge R820/0YWR73, BIOS 1.5.0 03/08/2013 task: ffff903fc96e0fd0 ti: ffff903fb1eec000 task.ti: ffff903fb1eec000 RIP: 0010:[<ffffffff9cb19ec0>] [<ffffffff9cb19ec0>] blk_requeue_request+0x90/0xa0 RSP: 0018:ffff903c6b783dc0 EFLAGS: 00010087 RAX: ffff903bb67026d0 RBX: ffff903b7d6a6140 RCX: dead000000000200 RDX: ffff903bb67026d0 RSI: ffff903bb6702580 RDI: ffff903bb67026d0 RBP: ffff903c6b783dd8 R08: ffff903bb67026d0 R09: ffffd97e80000000 R10: ffff903c658bac00 R11: 0000000000000000 R12: ffff903bb6702580 R13: ffff903fa9a292f0 R14: 0000000000000246 R15: 0000000000001057 FS: 00007f7026f5b740(0000) GS:ffff903c6b780000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f298877c004 CR3: 00000000caf36000 CR4: 00000000000607e0 Call Trace: <IRQ> [<ffffffff9cca68ff>] __scsi_queue_insert+0xbf/0x110 [<ffffffff9cca79ca>] scsi_io_completion+0x5da/0x6a0 [<ffffffff9cc9ca3c>] scsi_finish_command+0xdc/0x140 [<ffffffff9cca6aa2>] scsi_softirq_done+0x132/0x160 [<ffffffff9cb240c6>] blk_done_softirq+0x96/0xc0 [<ffffffff9c89a905>] __do_softirq+0xf5/0x280 [<ffffffff9cf2bd2c>] call_softirq+0x1c/0x30 [<ffffffff9c82d625>] do_softirq+0x65/0xa0 [<ffffffff9c89ac85>] irq_exit+0x105/0x110 [<ffffffff9cf2d0a8>] smp_apic_timer_interrupt+0x48/0x60 [<ffffffff9cf297f2>] apic_timer_interrupt+0x162/0x170 <EOI> [<ffffffff9cca5f41>] ? scsi_done+0x21/0x60 [<ffffffff9cb5ac18>] ? delay_tsc+0x38/0x60 [<ffffffff9cb5ab5d>] __const_udelay+0x2d/0x30 [<ffffffffc04effde>] _base_handshake_req_reply_wait+0x8e/0x4a0 [mpt3sas] [<ffffffffc04f0b13>] _base_get_ioc_facts+0x123/0x590 [mpt3sas] [<ffffffffc04f06c8>] ? _base_diag_reset+0x238/0x340 [mpt3sas] [<ffffffffc04f7993>] mpt3sas_base_hard_reset_handler+0x1f3/0x420 [mpt3sas] [<ffffffffc05132b9>] _ctl_ioctl_main.isra.12+0x11b9/0x1200 [mpt3sas] [<ffffffffc068d585>] ? xfs_file_aio_write+0x155/0x1b0 [xfs] [<ffffffff9ca1a4e3>] ? do_sync_write+0x93/0xe0 [<ffffffffc051337a>] _ctl_ioctl+0x1a/0x20 [mpt3sas] [<ffffffff9ca2fe90>] do_vfs_ioctl+0x350/0x560 [<ffffffff9ca1dec1>] ? __sb_end_write+0x31/0x60 [<ffffffff9ca30141>] SyS_ioctl+0xa1/0xc0 [<ffffffff9cf28715>] ? system_call_after_swapgs+0xa2/0x146 [<ffffffff9cf287d5>] system_call_fastpath+0x1c/0x21 [<ffffffff9cf28721>] ? system_call_after_swapgs+0xae/0x146 Code: 83 c3 10 4c 89 e2 4c 89 ee e8 8d 21 04 00 48 8b 03 48 85 c0 75 e5 41 f6 44 24 4a 10 74 ad 4c 89 e6 4c 89 ef e8 b2 42 00 00 eb a0 <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 RIP [<ffffffff9cb19ec0>] blk_requeue_request+0x90/0xa0 RSP <ffff903c6b783dc0> As a part of host reset operation, driver will flushout all IOs outstanding at driver level with "DID_RESET" result. To find which are all commands outstanding at the driver level, driver loops with smid starting from one to HBA queue depth and calls mpt3sas_scsih_scsi_lookup_get() to get scmd as shown below for (smid = 1; smid <= ioc->scsiio_depth; smid++) { scmd = mpt3sas_scsih_scsi_lookup_get(ioc, smid); if (!scmd) continue; But in mpt3sas_scsih_scsi_lookup_get() function, driver returns some scsi cmnds which are not outstanding at the driver level (possibly request is constructed at block layer since QUEUE_FLAG_QUIESCED is not set. Even if driver uses scsi_block_requests and scsi_unblock_requests, issue still persists as they will be just blocking further IO from scsi layer and not from block layer) and these commands are flushed with DID_RESET host bytes thus resulting into above kernel BUG. This issue got introduced by commit dbec4c9040ed ("scsi: mpt3sas: lockless command submission"). To fix this issue, we have modified the mpt3sas_scsih_scsi_lookup_get() to check for smid equals to zero (note: whenever any scsi cmnd is processing at the driver level then smid for that scsi cmnd will be non-zero, always it starts from one) before it returns the scmd pointer to the caller. If smid is zero then this function returns scmd pointer as NULL and driver won't flushout those scsi cmnds at driver level with DID_RESET host byte thus this issue will not be observed. [mkp: amended with updated fix from Sreekanth] Signed-off-by: Sreekanth Reddy <sreekanth.reddy(a)broadcom.com> Fixes: dbec4c9040ed ("scsi: mpt3sas: lockless command submission") Cc: stable(a)vger.kernel.org # v4.16+ Reviewed-by: Tomas Henzl <thenzl(a)redhat.com> Reviewed-by: Bart Van Assche <bart.vanassche(a)wdc.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c index 17b6b0a3455f..836b2e14e3b7 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_base.c +++ b/drivers/scsi/mpt3sas/mpt3sas_base.c @@ -3264,6 +3264,7 @@ void mpt3sas_base_clear_st(struct MPT3SAS_ADAPTER *ioc, st->cb_idx = 0xFF; st->direct_io = 0; atomic_set(&ioc->chain_lookup[st->smid - 1].chain_offset, 0); + st->smid = 0; } /** diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c index 061736f8025b..8dd3d6720217 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c +++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c @@ -1482,7 +1482,7 @@ mpt3sas_scsih_scsi_lookup_get(struct MPT3SAS_ADAPTER *ioc, u16 smid) scmd = scsi_host_find_tag(ioc->shost, unique_tag); if (scmd) { st = scsi_cmd_priv(scmd); - if (st->cb_idx == 0xFF) + if (st->cb_idx == 0xFF || st->smid == 0) scmd = NULL; } }

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] tpm: separate cmd_ready/go_idle from runtime_pm" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 627448e85c766587f6fdde1ea3886d6615081c77 Mon Sep 17 00:00:00 2001 From: Tomas Winkler <tomas.winkler(a)intel.com> Date: Thu, 28 Jun 2018 18:13:33 +0300 Subject: [PATCH] tpm: separate cmd_ready/go_idle from runtime_pm Fix tpm ptt initialization error: tpm tpm0: A TPM error (378) occurred get tpm pcr allocation. We cannot use go_idle cmd_ready commands via runtime_pm handles as with the introduction of localities this is no longer an optional feature, while runtime pm can be not enabled. Though cmd_ready/go_idle provides a power saving, it's also a part of TPM2 protocol and should be called explicitly. This patch exposes cmd_read/go_idle via tpm class ops and removes runtime pm support as it is not used by any driver. When calling from nested context always use both flags: TPM_TRANSMIT_UNLOCKED and TPM_TRANSMIT_RAW. Both are needed to resolve tpm spaces and locality request recursive calls to tpm_transmit(). TPM_TRANSMIT_RAW should never be used standalone as it will fail on double locking. While TPM_TRANSMIT_UNLOCKED standalone should be called from non-recursive locked contexts. New wrappers are added tpm_cmd_ready() and tpm_go_idle() to streamline tpm_try_transmit code. tpm_crb no longer needs own power saving functions and can drop using tpm_pm_suspend/resume. This patch cannot be really separated from the locality fix. Fixes: 888d867df441 (tpm: cmd_ready command can be issued only after granting locality) Cc: stable(a)vger.kernel.org Fixes: 888d867df441 (tpm: cmd_ready command can be issued only after granting locality) Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index e32f6e85dc6d..31b86e027f9d 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -29,7 +29,6 @@ #include <linux/mutex.h> #include <linux/spinlock.h> #include <linux/freezer.h> -#include <linux/pm_runtime.h> #include <linux/tpm_eventlog.h> #include "tpm.h" @@ -369,10 +368,13 @@ err_len: return -EINVAL; } -static int tpm_request_locality(struct tpm_chip *chip) +static int tpm_request_locality(struct tpm_chip *chip, unsigned int flags) { int rc; + if (flags & TPM_TRANSMIT_RAW) + return 0; + if (!chip->ops->request_locality) return 0; @@ -385,10 +387,13 @@ static int tpm_request_locality(struct tpm_chip *chip) return 0; } -static void tpm_relinquish_locality(struct tpm_chip *chip) +static void tpm_relinquish_locality(struct tpm_chip *chip, unsigned int flags) { int rc; + if (flags & TPM_TRANSMIT_RAW) + return; + if (!chip->ops->relinquish_locality) return; @@ -399,6 +404,28 @@ static void tpm_relinquish_locality(struct tpm_chip *chip) chip->locality = -1; } +static int tpm_cmd_ready(struct tpm_chip *chip, unsigned int flags) +{ + if (flags & TPM_TRANSMIT_RAW) + return 0; + + if (!chip->ops->cmd_ready) + return 0; + + return chip->ops->cmd_ready(chip); +} + +static int tpm_go_idle(struct tpm_chip *chip, unsigned int flags) +{ + if (flags & TPM_TRANSMIT_RAW) + return 0; + + if (!chip->ops->go_idle) + return 0; + + return chip->ops->go_idle(chip); +} + static ssize_t tpm_try_transmit(struct tpm_chip *chip, struct tpm_space *space, u8 *buf, size_t bufsiz, @@ -449,14 +476,15 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip, /* Store the decision as chip->locality will be changed. */ need_locality = chip->locality == -1; - if (!(flags & TPM_TRANSMIT_RAW) && need_locality) { - rc = tpm_request_locality(chip); + if (need_locality) { + rc = tpm_request_locality(chip, flags); if (rc < 0) goto out_no_locality; } - if (chip->dev.parent) - pm_runtime_get_sync(chip->dev.parent); + rc = tpm_cmd_ready(chip, flags); + if (rc) + goto out; rc = tpm2_prepare_space(chip, space, ordinal, buf); if (rc) @@ -516,13 +544,16 @@ out_recv: } rc = tpm2_commit_space(chip, space, ordinal, buf, &len); + if (rc) + dev_err(&chip->dev, "tpm2_commit_space: error %d\n", rc); out: - if (chip->dev.parent) - pm_runtime_put_sync(chip->dev.parent); + rc = tpm_go_idle(chip, flags); + if (rc) + goto out; if (need_locality) - tpm_relinquish_locality(chip); + tpm_relinquish_locality(chip, flags); out_no_locality: if (chip->ops->clk_enable != NULL) diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index 9824cccb2c76..17833ef63f6c 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -512,9 +512,17 @@ extern const struct file_operations tpm_fops; extern const struct file_operations tpmrm_fops; extern struct idr dev_nums_idr; +/** + * enum tpm_transmit_flags + * + * @TPM_TRANSMIT_UNLOCKED: used to lock sequence of tpm_transmit calls. + * @TPM_TRANSMIT_RAW: prevent recursive calls into setup steps + * (go idle, locality,..). Always use with UNLOCKED + * as it will fail on double locking. + */ enum tpm_transmit_flags { - TPM_TRANSMIT_UNLOCKED = BIT(0), - TPM_TRANSMIT_RAW = BIT(1), + TPM_TRANSMIT_UNLOCKED = BIT(0), + TPM_TRANSMIT_RAW = BIT(1), }; ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space, diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c index 6122d3276f72..11c85ed8c113 100644 --- a/drivers/char/tpm/tpm2-space.c +++ b/drivers/char/tpm/tpm2-space.c @@ -39,7 +39,8 @@ static void tpm2_flush_sessions(struct tpm_chip *chip, struct tpm_space *space) for (i = 0; i < ARRAY_SIZE(space->session_tbl); i++) { if (space->session_tbl[i]) tpm2_flush_context_cmd(chip, space->session_tbl[i], - TPM_TRANSMIT_UNLOCKED); + TPM_TRANSMIT_UNLOCKED | + TPM_TRANSMIT_RAW); } } @@ -84,7 +85,7 @@ static int tpm2_load_context(struct tpm_chip *chip, u8 *buf, tpm_buf_append(&tbuf, &buf[*offset], body_size); rc = tpm_transmit_cmd(chip, NULL, tbuf.data, PAGE_SIZE, 4, - TPM_TRANSMIT_UNLOCKED, NULL); + TPM_TRANSMIT_UNLOCKED | TPM_TRANSMIT_RAW, NULL); if (rc < 0) { dev_warn(&chip->dev, "%s: failed with a system error %d\n", __func__, rc); @@ -133,7 +134,7 @@ static int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf, tpm_buf_append_u32(&tbuf, handle); rc = tpm_transmit_cmd(chip, NULL, tbuf.data, PAGE_SIZE, 0, - TPM_TRANSMIT_UNLOCKED, NULL); + TPM_TRANSMIT_UNLOCKED | TPM_TRANSMIT_RAW, NULL); if (rc < 0) { dev_warn(&chip->dev, "%s: failed with a system error %d\n", __func__, rc); @@ -170,7 +171,8 @@ static void tpm2_flush_space(struct tpm_chip *chip) for (i = 0; i < ARRAY_SIZE(space->context_tbl); i++) if (space->context_tbl[i] && ~space->context_tbl[i]) tpm2_flush_context_cmd(chip, space->context_tbl[i], - TPM_TRANSMIT_UNLOCKED); + TPM_TRANSMIT_UNLOCKED | + TPM_TRANSMIT_RAW); tpm2_flush_sessions(chip, space); } @@ -377,7 +379,8 @@ static int tpm2_map_response_header(struct tpm_chip *chip, u32 cc, u8 *rsp, return 0; out_no_slots: - tpm2_flush_context_cmd(chip, phandle, TPM_TRANSMIT_UNLOCKED); + tpm2_flush_context_cmd(chip, phandle, + TPM_TRANSMIT_UNLOCKED | TPM_TRANSMIT_RAW); dev_warn(&chip->dev, "%s: out of slots for 0x%08X\n", __func__, phandle); return -ENOMEM; @@ -465,7 +468,8 @@ static int tpm2_save_space(struct tpm_chip *chip) return rc; tpm2_flush_context_cmd(chip, space->context_tbl[i], - TPM_TRANSMIT_UNLOCKED); + TPM_TRANSMIT_UNLOCKED | + TPM_TRANSMIT_RAW); space->context_tbl[i] = ~0; } diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c index 34fbc6cb097b..36952ef98f90 100644 --- a/drivers/char/tpm/tpm_crb.c +++ b/drivers/char/tpm/tpm_crb.c @@ -132,7 +132,7 @@ static bool crb_wait_for_reg_32(u32 __iomem *reg, u32 mask, u32 value, } /** - * crb_go_idle - request tpm crb device to go the idle state + * __crb_go_idle - request tpm crb device to go the idle state * * @dev: crb device * @priv: crb private data @@ -147,7 +147,7 @@ static bool crb_wait_for_reg_32(u32 __iomem *reg, u32 mask, u32 value, * * Return: 0 always */ -static int crb_go_idle(struct device *dev, struct crb_priv *priv) +static int __crb_go_idle(struct device *dev, struct crb_priv *priv) { if ((priv->sm == ACPI_TPM2_START_METHOD) || (priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD) || @@ -163,11 +163,20 @@ static int crb_go_idle(struct device *dev, struct crb_priv *priv) dev_warn(dev, "goIdle timed out\n"); return -ETIME; } + return 0; } +static int crb_go_idle(struct tpm_chip *chip) +{ + struct device *dev = &chip->dev; + struct crb_priv *priv = dev_get_drvdata(dev); + + return __crb_go_idle(dev, priv); +} + /** - * crb_cmd_ready - request tpm crb device to enter ready state + * __crb_cmd_ready - request tpm crb device to enter ready state * * @dev: crb device * @priv: crb private data @@ -181,7 +190,7 @@ static int crb_go_idle(struct device *dev, struct crb_priv *priv) * * Return: 0 on success -ETIME on timeout; */ -static int crb_cmd_ready(struct device *dev, struct crb_priv *priv) +static int __crb_cmd_ready(struct device *dev, struct crb_priv *priv) { if ((priv->sm == ACPI_TPM2_START_METHOD) || (priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD) || @@ -200,6 +209,14 @@ static int crb_cmd_ready(struct device *dev, struct crb_priv *priv) return 0; } +static int crb_cmd_ready(struct tpm_chip *chip) +{ + struct device *dev = &chip->dev; + struct crb_priv *priv = dev_get_drvdata(dev); + + return __crb_cmd_ready(dev, priv); +} + static int __crb_request_locality(struct device *dev, struct crb_priv *priv, int loc) { @@ -401,6 +418,8 @@ static const struct tpm_class_ops tpm_crb = { .send = crb_send, .cancel = crb_cancel, .req_canceled = crb_req_canceled, + .go_idle = crb_go_idle, + .cmd_ready = crb_cmd_ready, .request_locality = crb_request_locality, .relinquish_locality = crb_relinquish_locality, .req_complete_mask = CRB_DRV_STS_COMPLETE, @@ -520,7 +539,7 @@ static int crb_map_io(struct acpi_device *device, struct crb_priv *priv, * PTT HW bug w/a: wake up the device to access * possibly not retained registers. */ - ret = crb_cmd_ready(dev, priv); + ret = __crb_cmd_ready(dev, priv); if (ret) goto out_relinquish_locality; @@ -565,7 +584,7 @@ out: if (!ret) priv->cmd_size = cmd_size; - crb_go_idle(dev, priv); + __crb_go_idle(dev, priv); out_relinquish_locality: @@ -628,32 +647,7 @@ static int crb_acpi_add(struct acpi_device *device) chip->acpi_dev_handle = device->handle; chip->flags = TPM_CHIP_FLAG_TPM2; - rc = __crb_request_locality(dev, priv, 0); - if (rc) - return rc; - - rc = crb_cmd_ready(dev, priv); - if (rc) - goto out; - - pm_runtime_get_noresume(dev); - pm_runtime_set_active(dev); - pm_runtime_enable(dev); - - rc = tpm_chip_register(chip); - if (rc) { - crb_go_idle(dev, priv); - pm_runtime_put_noidle(dev); - pm_runtime_disable(dev); - goto out; - } - - pm_runtime_put_sync(dev); - -out: - __crb_relinquish_locality(dev, priv, 0); - - return rc; + return tpm_chip_register(chip); } static int crb_acpi_remove(struct acpi_device *device) @@ -663,52 +657,11 @@ static int crb_acpi_remove(struct acpi_device *device) tpm_chip_unregister(chip); - pm_runtime_disable(dev); - return 0; } -static int __maybe_unused crb_pm_runtime_suspend(struct device *dev) -{ - struct tpm_chip *chip = dev_get_drvdata(dev); - struct crb_priv *priv = dev_get_drvdata(&chip->dev); - - return crb_go_idle(dev, priv); -} - -static int __maybe_unused crb_pm_runtime_resume(struct device *dev) -{ - struct tpm_chip *chip = dev_get_drvdata(dev); - struct crb_priv *priv = dev_get_drvdata(&chip->dev); - - return crb_cmd_ready(dev, priv); -} - -static int __maybe_unused crb_pm_suspend(struct device *dev) -{ - int ret; - - ret = tpm_pm_suspend(dev); - if (ret) - return ret; - - return crb_pm_runtime_suspend(dev); -} - -static int __maybe_unused crb_pm_resume(struct device *dev) -{ - int ret; - - ret = crb_pm_runtime_resume(dev); - if (ret) - return ret; - - return tpm_pm_resume(dev); -} - static const struct dev_pm_ops crb_pm = { - SET_SYSTEM_SLEEP_PM_OPS(crb_pm_suspend, crb_pm_resume) - SET_RUNTIME_PM_OPS(crb_pm_runtime_suspend, crb_pm_runtime_resume, NULL) + SET_SYSTEM_SLEEP_PM_OPS(tpm_pm_suspend, tpm_pm_resume) }; static const struct acpi_device_id crb_device_ids[] = { diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 06639fb6ab85..8eb5e5ebe136 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -43,6 +43,8 @@ struct tpm_class_ops { u8 (*status) (struct tpm_chip *chip); bool (*update_timeouts)(struct tpm_chip *chip, unsigned long *timeout_cap); + int (*go_idle)(struct tpm_chip *chip); + int (*cmd_ready)(struct tpm_chip *chip); int (*request_locality)(struct tpm_chip *chip, int loc); int (*relinquish_locality)(struct tpm_chip *chip, int loc); void (*clk_enable)(struct tpm_chip *chip, bool value);

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: Schedule on CPUs we need to lose FPU for a mode switch" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8c8d953c28000045e5e823f3398319f04d49a7f1 Mon Sep 17 00:00:00 2001 From: Paul Burton <paul.burton(a)mips.com> Date: Tue, 19 Dec 2017 15:11:08 -0800 Subject: [PATCH] MIPS: Schedule on CPUs we need to lose FPU for a mode switch Commit 6b8322576e9d ("MIPS: Force CPUs to lose FP context during mode switches") ensures that we react to PR_SET_FP_MODE prctl syscalls quickly by broadcasting an IPI in order to cause CPUs to lose FPU access when necessary. Whilst it achieves that, unfortunately it causes all sorts of strange race conditions because: 1) The IPI may arrive at a point where the FPU is in the process of being enabled, but that process is not yet complete leading to a state we aren't prepared to handle. For example: [ 370.215903] do_cpu invoked from kernel context![#1]: [ 370.221064] CPU: 0 PID: 963 Comm: fp-prctl Not tainted 4.9.0-rc5-00323-g210db32-dirty #226 [ 370.229420] task: a8000000fd672e00 task.stack: a8000000fd630000 [ 370.235399] $ 0 : 0000000000000000 0000000000000001 0000000000000001 a8000000fd630000 [ 370.243882] $ 4 : a8000000fd672e00 0000000000000000 0000000000000453 0000000000000000 [ 370.252317] $ 8 : 0000000000000000 a8000000fd637c28 1000000000000000 0000000000000010 [ 370.260753] $12 : 00000000140084e0 ffffffff80109c00 0000000000000000 0000000000000002 [ 370.269179] $16 : ffffffff8092f080 a8000000fd672e00 ffffffff80107fe8 a8000000fd485000 [ 370.277612] $20 : ffffffff8084d328 ffffffff80940000 0000000000000009 ffffffff80930000 [ 370.286038] $24 : 0000000000000000 900000001612048c [ 370.294476] $28 : a8000000fd630000 a8000000fd637ac0 ffffffff80937300 ffffffff8010807c [ 370.302909] Hi : 0000000000000000 [ 370.306595] Lo : 0000000000000200 [ 370.310376] epc : ffffffff80115d38 _save_fp+0x10/0xa0 [ 370.315784] ra : ffffffff8010807c prepare_for_fp_mode_switch+0x94/0x1b0 [ 370.322707] Status: 140084e2 KX SX UX KERNEL EXL [ 370.327980] Cause : 1080002c (ExcCode 0b) [ 370.332091] PrId : 0001a428 (MIPS P6600) [ 370.336179] Modules linked in: [ 370.339486] Process fp-prctl (pid: 963, threadinfo=a8000000fd630000, task=a8000000fd672e00, tls=00000000756e67d0) [ 370.349724] Stack : 0000000000000000 a8000000fd557dc0 0000000000000000 ffffffff801ca8e0 [ 370.358161] 0000000000000000 a8000000fd637b9c 0000000000000009 ffffffff80923780 [ 370.366575] ffffffff80850000 ffffffff8011610c 00000000000000b8 ffffffff801a5084 [ 370.374989] ffffffff8084a370 ffffffff8084a388 ffffffff80923780 ffffffff80923828 [ 370.383395] 0000000000010000 ffffffff809237a8 0000000000020000 ffffffff80a40000 [ 370.391817] 000000000000007c 00000000004a0000 00000000756dedd0 ffffffff801a5188 [ 370.400230] a800000002014900 0000000000000001 ffffffff80923780 0000000080923828 [ 370.408644] ffffffff80923780 ffffffff80923780 ffffffff80923828 ffffffff801a521c [ 370.417066] ffffffff80923780 ffffffff80923828 0000000000010000 ffffffff801a8f84 [ 370.425472] ffffffff80a40000 a8000000fd637c20 ffffffff80a39240 0000000000000001 [ 370.433885] ... [ 370.436562] Call Trace: [ 370.439222] [<ffffffff80115d38>] _save_fp+0x10/0xa0 [ 370.444305] [<ffffffff8010807c>] prepare_for_fp_mode_switch+0x94/0x1b0 [ 370.451035] [<ffffffff801ca8e0>] flush_smp_call_function_queue+0xf8/0x230 [ 370.457991] [<ffffffff8011610c>] ipi_call_interrupt+0xc/0x20 [ 370.463814] [<ffffffff801a5084>] __handle_irq_event_percpu+0xc4/0x1a8 [ 370.470404] [<ffffffff801a5188>] handle_irq_event_percpu+0x20/0x68 [ 370.476734] [<ffffffff801a521c>] handle_irq_event+0x4c/0x88 [ 370.482486] [<ffffffff801a8f84>] handle_edge_irq+0x12c/0x210 [ 370.488316] [<ffffffff801a47a0>] generic_handle_irq+0x38/0x48 [ 370.494280] [<ffffffff804a2dbc>] gic_handle_shared_int+0x194/0x268 [ 370.500616] [<ffffffff801a47a0>] generic_handle_irq+0x38/0x48 [ 370.506529] [<ffffffff80107e60>] do_IRQ+0x18/0x28 [ 370.511445] [<ffffffff804a1524>] plat_irq_dispatch+0xc4/0x140 [ 370.517339] [<ffffffff80106230>] ret_from_irq+0x0/0x4 [ 370.522583] [<ffffffff8010fad4>] do_ri+0x4fc/0x7e8 [ 370.527546] [<ffffffff80106220>] ret_from_exception+0x0/0x10 2) The IPI may arrive during kernel use of the FPU, since we generally only disable preemption around use of the FPU & leave interrupts enabled. This can lead to us unexpectedly losing access to the FPU in places where it previously had not been possible. For example: do_cpu invoked from kernel context![#2]: CPU: 2 PID: 7338 Comm: fp-prctl Tainted: G D 4.7.0-00424-g49b0c82 #2 task: 838e4000 ti: 88d38000 task.ti: 88d38000 $ 0 : 00000000 00000001 ffffffff 88d3fef8 $ 4 : 838e4000 88d38004 00000000 00000001 $ 8 : 3400fc01 801f8020 808e9100 24000000 $12 : dbffffff 807b69d8 807b0000 00000000 $16 : 00000000 80786150 00400fc4 809c0398 $20 : 809c0338 0040273c 88d3ff28 808e9d30 $24 : 808e9d30 00400fb4 $28 : 88d38000 88d3fe88 00000000 8011a2ac Hi : 0040273c Lo : 88d3ff28 epc : 80114178 _restore_fp+0x10/0xa0 ra : 8011a2ac mipsr2_decoder+0xd5c/0x1660 Status: 1400fc03 KERNEL EXL IE Cause : 1080002c (ExcCode 0b) PrId : 0001a920 (MIPS I6400) Modules linked in: Process fp-prctl (pid: 7338, threadinfo=88d38000, task=838e4000, tls=766527d0) Stack : 00000000 00000000 00000000 88d3fe98 00000000 00000000 809c0398 809c0338 808e9100 00000000 88d3ff28 00400fc4 00400fc4 0040273c 7fb69e18 004a0000 004a0000 004a0000 7664add0 8010de18 00000000 00000000 88d3fef8 88d3ff28 808e9100 00000000 766527d0 8010e534 000c0000 85755000 8181d580 00000000 00000000 00000000 004a0000 00000000 766527d0 7fb69e18 004a0000 80105c20 ... Call Trace: [<80114178>] _restore_fp+0x10/0xa0 [<8011a2ac>] mipsr2_decoder+0xd5c/0x1660 [<8010de18>] do_ri+0x90/0x6b8 [<80105c20>] ret_from_exception+0x0/0x10 At first glance a simple fix may seem to be to disable interrupts around kernel use of the FPU rather than merely preemption, however this would introduce further overhead outside of the mode switch path & doesn't solve the third problem: 3) The IPI may arrive whilst the kernel is running code that will lead to a preempt_disable() call & FPU usage soon. If this happens then the IPI will be serviced & we'll proceed to enable an FPU whilst the mode switch is in progress, leading to strange & inconsistent behaviour. Further to all of this is a separate but related problem: 4) There are various paths through which we may enable the FPU without the user having triggered a coprocessor 1 disabled exception. These paths are those in which we emulate instructions & then enable the FPU with the expectation that the user might execute an FP instruction shortly afterwards. However these paths have not previously checked whether an FP mode switch is underway for the task, and therefore could enable the FPU whilst such a mode switch is in progress leading to strange & inconsistent behaviour for user code. This patch fixes all of the above by taking a step back & re-examining our approach to FP mode switches. Up until now we have taken these basic steps: a) Prevent any threads that are part of the affected process from being able to obtain ownership of the FPU. b) Cause any threads that are part of the affected process and already have ownership of an FPU to lose it. c) Set the thread flags for each thread that is part of the affected process to reflect the new FP mode. d) Allow threads to obtain ownership of the FPU again. This approach is however more complex than necessary. All that we really require is that the mode switch has occurred for all threads that are part of the affected process before mips_set_process_fp_mode(), and thus the PR_SET_FP_MODE prctl() syscall, returns. This doesn't require that we stop threads from owning or using an FPU whilst a mode switch occurs, only that we force them to relinquish it after the mode switch has occurred such that they next own an FPU with the correct mode configured. Our basic steps therefore simplify to: A) Set the thread flags for each thread that is part of the affected process to reflect the new FP mode. B) Cause any threads that are part of the affected process and already have ownership of an FPU to lose it. We implement B) by forcing each CPU which might be running a thread which is part of the affected process to schedule a no-op function, which causes the affected thread to lose its FPU ownership when it is descheduled. The end result is simpler FP mode switching with less overhead in the FPU enable path (ie. enable_restore_fp_context()) and fewer moving parts. Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 9791554b45a2 ("MIPS,prctl: add PR_[GS]ET_FP_MODE prctl options for MIPS") Fixes: 6b8322576e9d ("MIPS: Force CPUs to lose FP context during mode switches") Cc: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-mips(a)linux-mips.org Cc: stable <stable(a)vger.kernel.org> # v4.0+ diff --git a/arch/mips/include/asm/mmu_context.h b/arch/mips/include/asm/mmu_context.h index da2004cef2d5..b509371a6b0c 100644 --- a/arch/mips/include/asm/mmu_context.h +++ b/arch/mips/include/asm/mmu_context.h @@ -126,8 +126,6 @@ init_new_context(struct task_struct *tsk, struct mm_struct *mm) for_each_possible_cpu(i) cpu_context(i, mm) = 0; - atomic_set(&mm->context.fp_mode_switching, 0); - mm->context.bd_emupage_allocmap = NULL; spin_lock_init(&mm->context.bd_emupage_lock); init_waitqueue_head(&mm->context.bd_emupage_queue); diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c index 8d85046adcc8..fe6001d748cf 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c @@ -29,6 +29,7 @@ #include <linux/kallsyms.h> #include <linux/random.h> #include <linux/prctl.h> +#include <linux/cpu.h> #include <asm/asm.h> #include <asm/bootinfo.h> @@ -691,19 +692,25 @@ int mips_get_process_fp_mode(struct task_struct *task) return value; } -static void prepare_for_fp_mode_switch(void *info) +static long prepare_for_fp_mode_switch(void *unused) { - struct mm_struct *mm = info; - - if (current->mm == mm) - lose_fpu(1); + /* + * This is icky, but we use this to simply ensure that all CPUs have + * context switched, regardless of whether they were previously running + * kernel or user code. This ensures that no CPU currently has its FPU + * enabled, or is about to attempt to enable it through any path other + * than enable_restore_fp_context() which will wait appropriately for + * fp_mode_switching to be zero. + */ + return 0; } int mips_set_process_fp_mode(struct task_struct *task, unsigned int value) { const unsigned int known_bits = PR_FP_MODE_FR | PR_FP_MODE_FRE; struct task_struct *t; - int max_users; + struct cpumask process_cpus; + int cpu; /* If nothing to change, return right away, successfully. */ if (value == mips_get_process_fp_mode(task)) @@ -736,35 +743,7 @@ int mips_set_process_fp_mode(struct task_struct *task, unsigned int value) if (!(value & PR_FP_MODE_FR) && raw_cpu_has_fpu && cpu_has_mips_r6) return -EOPNOTSUPP; - /* Proceed with the mode switch */ - preempt_disable(); - - /* Save FP & vector context, then disable FPU & MSA */ - if (task->signal == current->signal) - lose_fpu(1); - - /* Prevent any threads from obtaining live FP context */ - atomic_set(&task->mm->context.fp_mode_switching, 1); - smp_mb__after_atomic(); - - /* - * If there are multiple online CPUs then force any which are running - * threads in this process to lose their FPU context, which they can't - * regain until fp_mode_switching is cleared later. - */ - if (num_online_cpus() > 1) { - /* No need to send an IPI for the local CPU */ - max_users = (task->mm == current->mm) ? 1 : 0; - - if (atomic_read(&current->mm->mm_users) > max_users) - smp_call_function(prepare_for_fp_mode_switch, - (void *)current->mm, 1); - } - - /* - * There are now no threads of the process with live FP context, so it - * is safe to proceed with the FP mode switch. - */ + /* Indicate the new FP mode in each thread */ for_each_thread(task, t) { /* Update desired FP register width */ if (value & PR_FP_MODE_FR) { @@ -781,9 +760,34 @@ int mips_set_process_fp_mode(struct task_struct *task, unsigned int value) clear_tsk_thread_flag(t, TIF_HYBRID_FPREGS); } - /* Allow threads to use FP again */ - atomic_set(&task->mm->context.fp_mode_switching, 0); - preempt_enable(); + /* + * We need to ensure that all threads in the process have switched mode + * before returning, in order to allow userland to not worry about + * races. We can do this by forcing all CPUs that any thread in the + * process may be running on to schedule something else - in this case + * prepare_for_fp_mode_switch(). + * + * We begin by generating a mask of all CPUs that any thread in the + * process may be running on. + */ + cpumask_clear(&process_cpus); + for_each_thread(task, t) + cpumask_set_cpu(task_cpu(t), &process_cpus); + + /* + * Now we schedule prepare_for_fp_mode_switch() on each of those CPUs. + * + * The CPUs may have rescheduled already since we switched mode or + * generated the cpumask, but that doesn't matter. If the task in this + * process is scheduled out then our scheduling + * prepare_for_fp_mode_switch() will simply be redundant. If it's + * scheduled in then it will already have picked up the new FP mode + * whilst doing so. + */ + get_online_cpus(); + for_each_cpu_and(cpu, &process_cpus, cpu_online_mask) + work_on_cpu(cpu, prepare_for_fp_mode_switch, NULL); + put_online_cpus(); wake_up_var(&task->mm->context.fp_mode_switching); diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c index d67fa74622ee..4d9ca9b465ae 100644 --- a/arch/mips/kernel/traps.c +++ b/arch/mips/kernel/traps.c @@ -1220,13 +1220,6 @@ static int enable_restore_fp_context(int msa) { int err, was_fpu_owner, prior_msa; - /* - * If an FP mode switch is currently underway, wait for it to - * complete before proceeding. - */ - wait_var_event(&current->mm->context.fp_mode_switching, - !atomic_read(&current->mm->context.fp_mode_switching)); - if (!used_math()) { /* First time FP context user. */ preempt_disable();

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: Schedule on CPUs we need to lose FPU for a mode switch" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8c8d953c28000045e5e823f3398319f04d49a7f1 Mon Sep 17 00:00:00 2001 From: Paul Burton <paul.burton(a)mips.com> Date: Tue, 19 Dec 2017 15:11:08 -0800 Subject: [PATCH] MIPS: Schedule on CPUs we need to lose FPU for a mode switch Commit 6b8322576e9d ("MIPS: Force CPUs to lose FP context during mode switches") ensures that we react to PR_SET_FP_MODE prctl syscalls quickly by broadcasting an IPI in order to cause CPUs to lose FPU access when necessary. Whilst it achieves that, unfortunately it causes all sorts of strange race conditions because: 1) The IPI may arrive at a point where the FPU is in the process of being enabled, but that process is not yet complete leading to a state we aren't prepared to handle. For example: [ 370.215903] do_cpu invoked from kernel context![#1]: [ 370.221064] CPU: 0 PID: 963 Comm: fp-prctl Not tainted 4.9.0-rc5-00323-g210db32-dirty #226 [ 370.229420] task: a8000000fd672e00 task.stack: a8000000fd630000 [ 370.235399] $ 0 : 0000000000000000 0000000000000001 0000000000000001 a8000000fd630000 [ 370.243882] $ 4 : a8000000fd672e00 0000000000000000 0000000000000453 0000000000000000 [ 370.252317] $ 8 : 0000000000000000 a8000000fd637c28 1000000000000000 0000000000000010 [ 370.260753] $12 : 00000000140084e0 ffffffff80109c00 0000000000000000 0000000000000002 [ 370.269179] $16 : ffffffff8092f080 a8000000fd672e00 ffffffff80107fe8 a8000000fd485000 [ 370.277612] $20 : ffffffff8084d328 ffffffff80940000 0000000000000009 ffffffff80930000 [ 370.286038] $24 : 0000000000000000 900000001612048c [ 370.294476] $28 : a8000000fd630000 a8000000fd637ac0 ffffffff80937300 ffffffff8010807c [ 370.302909] Hi : 0000000000000000 [ 370.306595] Lo : 0000000000000200 [ 370.310376] epc : ffffffff80115d38 _save_fp+0x10/0xa0 [ 370.315784] ra : ffffffff8010807c prepare_for_fp_mode_switch+0x94/0x1b0 [ 370.322707] Status: 140084e2 KX SX UX KERNEL EXL [ 370.327980] Cause : 1080002c (ExcCode 0b) [ 370.332091] PrId : 0001a428 (MIPS P6600) [ 370.336179] Modules linked in: [ 370.339486] Process fp-prctl (pid: 963, threadinfo=a8000000fd630000, task=a8000000fd672e00, tls=00000000756e67d0) [ 370.349724] Stack : 0000000000000000 a8000000fd557dc0 0000000000000000 ffffffff801ca8e0 [ 370.358161] 0000000000000000 a8000000fd637b9c 0000000000000009 ffffffff80923780 [ 370.366575] ffffffff80850000 ffffffff8011610c 00000000000000b8 ffffffff801a5084 [ 370.374989] ffffffff8084a370 ffffffff8084a388 ffffffff80923780 ffffffff80923828 [ 370.383395] 0000000000010000 ffffffff809237a8 0000000000020000 ffffffff80a40000 [ 370.391817] 000000000000007c 00000000004a0000 00000000756dedd0 ffffffff801a5188 [ 370.400230] a800000002014900 0000000000000001 ffffffff80923780 0000000080923828 [ 370.408644] ffffffff80923780 ffffffff80923780 ffffffff80923828 ffffffff801a521c [ 370.417066] ffffffff80923780 ffffffff80923828 0000000000010000 ffffffff801a8f84 [ 370.425472] ffffffff80a40000 a8000000fd637c20 ffffffff80a39240 0000000000000001 [ 370.433885] ... [ 370.436562] Call Trace: [ 370.439222] [<ffffffff80115d38>] _save_fp+0x10/0xa0 [ 370.444305] [<ffffffff8010807c>] prepare_for_fp_mode_switch+0x94/0x1b0 [ 370.451035] [<ffffffff801ca8e0>] flush_smp_call_function_queue+0xf8/0x230 [ 370.457991] [<ffffffff8011610c>] ipi_call_interrupt+0xc/0x20 [ 370.463814] [<ffffffff801a5084>] __handle_irq_event_percpu+0xc4/0x1a8 [ 370.470404] [<ffffffff801a5188>] handle_irq_event_percpu+0x20/0x68 [ 370.476734] [<ffffffff801a521c>] handle_irq_event+0x4c/0x88 [ 370.482486] [<ffffffff801a8f84>] handle_edge_irq+0x12c/0x210 [ 370.488316] [<ffffffff801a47a0>] generic_handle_irq+0x38/0x48 [ 370.494280] [<ffffffff804a2dbc>] gic_handle_shared_int+0x194/0x268 [ 370.500616] [<ffffffff801a47a0>] generic_handle_irq+0x38/0x48 [ 370.506529] [<ffffffff80107e60>] do_IRQ+0x18/0x28 [ 370.511445] [<ffffffff804a1524>] plat_irq_dispatch+0xc4/0x140 [ 370.517339] [<ffffffff80106230>] ret_from_irq+0x0/0x4 [ 370.522583] [<ffffffff8010fad4>] do_ri+0x4fc/0x7e8 [ 370.527546] [<ffffffff80106220>] ret_from_exception+0x0/0x10 2) The IPI may arrive during kernel use of the FPU, since we generally only disable preemption around use of the FPU & leave interrupts enabled. This can lead to us unexpectedly losing access to the FPU in places where it previously had not been possible. For example: do_cpu invoked from kernel context![#2]: CPU: 2 PID: 7338 Comm: fp-prctl Tainted: G D 4.7.0-00424-g49b0c82 #2 task: 838e4000 ti: 88d38000 task.ti: 88d38000 $ 0 : 00000000 00000001 ffffffff 88d3fef8 $ 4 : 838e4000 88d38004 00000000 00000001 $ 8 : 3400fc01 801f8020 808e9100 24000000 $12 : dbffffff 807b69d8 807b0000 00000000 $16 : 00000000 80786150 00400fc4 809c0398 $20 : 809c0338 0040273c 88d3ff28 808e9d30 $24 : 808e9d30 00400fb4 $28 : 88d38000 88d3fe88 00000000 8011a2ac Hi : 0040273c Lo : 88d3ff28 epc : 80114178 _restore_fp+0x10/0xa0 ra : 8011a2ac mipsr2_decoder+0xd5c/0x1660 Status: 1400fc03 KERNEL EXL IE Cause : 1080002c (ExcCode 0b) PrId : 0001a920 (MIPS I6400) Modules linked in: Process fp-prctl (pid: 7338, threadinfo=88d38000, task=838e4000, tls=766527d0) Stack : 00000000 00000000 00000000 88d3fe98 00000000 00000000 809c0398 809c0338 808e9100 00000000 88d3ff28 00400fc4 00400fc4 0040273c 7fb69e18 004a0000 004a0000 004a0000 7664add0 8010de18 00000000 00000000 88d3fef8 88d3ff28 808e9100 00000000 766527d0 8010e534 000c0000 85755000 8181d580 00000000 00000000 00000000 004a0000 00000000 766527d0 7fb69e18 004a0000 80105c20 ... Call Trace: [<80114178>] _restore_fp+0x10/0xa0 [<8011a2ac>] mipsr2_decoder+0xd5c/0x1660 [<8010de18>] do_ri+0x90/0x6b8 [<80105c20>] ret_from_exception+0x0/0x10 At first glance a simple fix may seem to be to disable interrupts around kernel use of the FPU rather than merely preemption, however this would introduce further overhead outside of the mode switch path & doesn't solve the third problem: 3) The IPI may arrive whilst the kernel is running code that will lead to a preempt_disable() call & FPU usage soon. If this happens then the IPI will be serviced & we'll proceed to enable an FPU whilst the mode switch is in progress, leading to strange & inconsistent behaviour. Further to all of this is a separate but related problem: 4) There are various paths through which we may enable the FPU without the user having triggered a coprocessor 1 disabled exception. These paths are those in which we emulate instructions & then enable the FPU with the expectation that the user might execute an FP instruction shortly afterwards. However these paths have not previously checked whether an FP mode switch is underway for the task, and therefore could enable the FPU whilst such a mode switch is in progress leading to strange & inconsistent behaviour for user code. This patch fixes all of the above by taking a step back & re-examining our approach to FP mode switches. Up until now we have taken these basic steps: a) Prevent any threads that are part of the affected process from being able to obtain ownership of the FPU. b) Cause any threads that are part of the affected process and already have ownership of an FPU to lose it. c) Set the thread flags for each thread that is part of the affected process to reflect the new FP mode. d) Allow threads to obtain ownership of the FPU again. This approach is however more complex than necessary. All that we really require is that the mode switch has occurred for all threads that are part of the affected process before mips_set_process_fp_mode(), and thus the PR_SET_FP_MODE prctl() syscall, returns. This doesn't require that we stop threads from owning or using an FPU whilst a mode switch occurs, only that we force them to relinquish it after the mode switch has occurred such that they next own an FPU with the correct mode configured. Our basic steps therefore simplify to: A) Set the thread flags for each thread that is part of the affected process to reflect the new FP mode. B) Cause any threads that are part of the affected process and already have ownership of an FPU to lose it. We implement B) by forcing each CPU which might be running a thread which is part of the affected process to schedule a no-op function, which causes the affected thread to lose its FPU ownership when it is descheduled. The end result is simpler FP mode switching with less overhead in the FPU enable path (ie. enable_restore_fp_context()) and fewer moving parts. Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 9791554b45a2 ("MIPS,prctl: add PR_[GS]ET_FP_MODE prctl options for MIPS") Fixes: 6b8322576e9d ("MIPS: Force CPUs to lose FP context during mode switches") Cc: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-mips(a)linux-mips.org Cc: stable <stable(a)vger.kernel.org> # v4.0+ diff --git a/arch/mips/include/asm/mmu_context.h b/arch/mips/include/asm/mmu_context.h index da2004cef2d5..b509371a6b0c 100644 --- a/arch/mips/include/asm/mmu_context.h +++ b/arch/mips/include/asm/mmu_context.h @@ -126,8 +126,6 @@ init_new_context(struct task_struct *tsk, struct mm_struct *mm) for_each_possible_cpu(i) cpu_context(i, mm) = 0; - atomic_set(&mm->context.fp_mode_switching, 0); - mm->context.bd_emupage_allocmap = NULL; spin_lock_init(&mm->context.bd_emupage_lock); init_waitqueue_head(&mm->context.bd_emupage_queue); diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c index 8d85046adcc8..fe6001d748cf 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c @@ -29,6 +29,7 @@ #include <linux/kallsyms.h> #include <linux/random.h> #include <linux/prctl.h> +#include <linux/cpu.h> #include <asm/asm.h> #include <asm/bootinfo.h> @@ -691,19 +692,25 @@ int mips_get_process_fp_mode(struct task_struct *task) return value; } -static void prepare_for_fp_mode_switch(void *info) +static long prepare_for_fp_mode_switch(void *unused) { - struct mm_struct *mm = info; - - if (current->mm == mm) - lose_fpu(1); + /* + * This is icky, but we use this to simply ensure that all CPUs have + * context switched, regardless of whether they were previously running + * kernel or user code. This ensures that no CPU currently has its FPU + * enabled, or is about to attempt to enable it through any path other + * than enable_restore_fp_context() which will wait appropriately for + * fp_mode_switching to be zero. + */ + return 0; } int mips_set_process_fp_mode(struct task_struct *task, unsigned int value) { const unsigned int known_bits = PR_FP_MODE_FR | PR_FP_MODE_FRE; struct task_struct *t; - int max_users; + struct cpumask process_cpus; + int cpu; /* If nothing to change, return right away, successfully. */ if (value == mips_get_process_fp_mode(task)) @@ -736,35 +743,7 @@ int mips_set_process_fp_mode(struct task_struct *task, unsigned int value) if (!(value & PR_FP_MODE_FR) && raw_cpu_has_fpu && cpu_has_mips_r6) return -EOPNOTSUPP; - /* Proceed with the mode switch */ - preempt_disable(); - - /* Save FP & vector context, then disable FPU & MSA */ - if (task->signal == current->signal) - lose_fpu(1); - - /* Prevent any threads from obtaining live FP context */ - atomic_set(&task->mm->context.fp_mode_switching, 1); - smp_mb__after_atomic(); - - /* - * If there are multiple online CPUs then force any which are running - * threads in this process to lose their FPU context, which they can't - * regain until fp_mode_switching is cleared later. - */ - if (num_online_cpus() > 1) { - /* No need to send an IPI for the local CPU */ - max_users = (task->mm == current->mm) ? 1 : 0; - - if (atomic_read(&current->mm->mm_users) > max_users) - smp_call_function(prepare_for_fp_mode_switch, - (void *)current->mm, 1); - } - - /* - * There are now no threads of the process with live FP context, so it - * is safe to proceed with the FP mode switch. - */ + /* Indicate the new FP mode in each thread */ for_each_thread(task, t) { /* Update desired FP register width */ if (value & PR_FP_MODE_FR) { @@ -781,9 +760,34 @@ int mips_set_process_fp_mode(struct task_struct *task, unsigned int value) clear_tsk_thread_flag(t, TIF_HYBRID_FPREGS); } - /* Allow threads to use FP again */ - atomic_set(&task->mm->context.fp_mode_switching, 0); - preempt_enable(); + /* + * We need to ensure that all threads in the process have switched mode + * before returning, in order to allow userland to not worry about + * races. We can do this by forcing all CPUs that any thread in the + * process may be running on to schedule something else - in this case + * prepare_for_fp_mode_switch(). + * + * We begin by generating a mask of all CPUs that any thread in the + * process may be running on. + */ + cpumask_clear(&process_cpus); + for_each_thread(task, t) + cpumask_set_cpu(task_cpu(t), &process_cpus); + + /* + * Now we schedule prepare_for_fp_mode_switch() on each of those CPUs. + * + * The CPUs may have rescheduled already since we switched mode or + * generated the cpumask, but that doesn't matter. If the task in this + * process is scheduled out then our scheduling + * prepare_for_fp_mode_switch() will simply be redundant. If it's + * scheduled in then it will already have picked up the new FP mode + * whilst doing so. + */ + get_online_cpus(); + for_each_cpu_and(cpu, &process_cpus, cpu_online_mask) + work_on_cpu(cpu, prepare_for_fp_mode_switch, NULL); + put_online_cpus(); wake_up_var(&task->mm->context.fp_mode_switching); diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c index d67fa74622ee..4d9ca9b465ae 100644 --- a/arch/mips/kernel/traps.c +++ b/arch/mips/kernel/traps.c @@ -1220,13 +1220,6 @@ static int enable_restore_fp_context(int msa) { int err, was_fpu_owner, prior_msa; - /* - * If an FP mode switch is currently underway, wait for it to - * complete before proceeding. - */ - wait_var_event(&current->mm->context.fp_mode_switching, - !atomic_read(&current->mm->context.fp_mode_switching)); - if (!used_math()) { /* First time FP context user. */ preempt_disable();

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: Schedule on CPUs we need to lose FPU for a mode switch" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8c8d953c28000045e5e823f3398319f04d49a7f1 Mon Sep 17 00:00:00 2001 From: Paul Burton <paul.burton(a)mips.com> Date: Tue, 19 Dec 2017 15:11:08 -0800 Subject: [PATCH] MIPS: Schedule on CPUs we need to lose FPU for a mode switch Commit 6b8322576e9d ("MIPS: Force CPUs to lose FP context during mode switches") ensures that we react to PR_SET_FP_MODE prctl syscalls quickly by broadcasting an IPI in order to cause CPUs to lose FPU access when necessary. Whilst it achieves that, unfortunately it causes all sorts of strange race conditions because: 1) The IPI may arrive at a point where the FPU is in the process of being enabled, but that process is not yet complete leading to a state we aren't prepared to handle. For example: [ 370.215903] do_cpu invoked from kernel context![#1]: [ 370.221064] CPU: 0 PID: 963 Comm: fp-prctl Not tainted 4.9.0-rc5-00323-g210db32-dirty #226 [ 370.229420] task: a8000000fd672e00 task.stack: a8000000fd630000 [ 370.235399] $ 0 : 0000000000000000 0000000000000001 0000000000000001 a8000000fd630000 [ 370.243882] $ 4 : a8000000fd672e00 0000000000000000 0000000000000453 0000000000000000 [ 370.252317] $ 8 : 0000000000000000 a8000000fd637c28 1000000000000000 0000000000000010 [ 370.260753] $12 : 00000000140084e0 ffffffff80109c00 0000000000000000 0000000000000002 [ 370.269179] $16 : ffffffff8092f080 a8000000fd672e00 ffffffff80107fe8 a8000000fd485000 [ 370.277612] $20 : ffffffff8084d328 ffffffff80940000 0000000000000009 ffffffff80930000 [ 370.286038] $24 : 0000000000000000 900000001612048c [ 370.294476] $28 : a8000000fd630000 a8000000fd637ac0 ffffffff80937300 ffffffff8010807c [ 370.302909] Hi : 0000000000000000 [ 370.306595] Lo : 0000000000000200 [ 370.310376] epc : ffffffff80115d38 _save_fp+0x10/0xa0 [ 370.315784] ra : ffffffff8010807c prepare_for_fp_mode_switch+0x94/0x1b0 [ 370.322707] Status: 140084e2 KX SX UX KERNEL EXL [ 370.327980] Cause : 1080002c (ExcCode 0b) [ 370.332091] PrId : 0001a428 (MIPS P6600) [ 370.336179] Modules linked in: [ 370.339486] Process fp-prctl (pid: 963, threadinfo=a8000000fd630000, task=a8000000fd672e00, tls=00000000756e67d0) [ 370.349724] Stack : 0000000000000000 a8000000fd557dc0 0000000000000000 ffffffff801ca8e0 [ 370.358161] 0000000000000000 a8000000fd637b9c 0000000000000009 ffffffff80923780 [ 370.366575] ffffffff80850000 ffffffff8011610c 00000000000000b8 ffffffff801a5084 [ 370.374989] ffffffff8084a370 ffffffff8084a388 ffffffff80923780 ffffffff80923828 [ 370.383395] 0000000000010000 ffffffff809237a8 0000000000020000 ffffffff80a40000 [ 370.391817] 000000000000007c 00000000004a0000 00000000756dedd0 ffffffff801a5188 [ 370.400230] a800000002014900 0000000000000001 ffffffff80923780 0000000080923828 [ 370.408644] ffffffff80923780 ffffffff80923780 ffffffff80923828 ffffffff801a521c [ 370.417066] ffffffff80923780 ffffffff80923828 0000000000010000 ffffffff801a8f84 [ 370.425472] ffffffff80a40000 a8000000fd637c20 ffffffff80a39240 0000000000000001 [ 370.433885] ... [ 370.436562] Call Trace: [ 370.439222] [<ffffffff80115d38>] _save_fp+0x10/0xa0 [ 370.444305] [<ffffffff8010807c>] prepare_for_fp_mode_switch+0x94/0x1b0 [ 370.451035] [<ffffffff801ca8e0>] flush_smp_call_function_queue+0xf8/0x230 [ 370.457991] [<ffffffff8011610c>] ipi_call_interrupt+0xc/0x20 [ 370.463814] [<ffffffff801a5084>] __handle_irq_event_percpu+0xc4/0x1a8 [ 370.470404] [<ffffffff801a5188>] handle_irq_event_percpu+0x20/0x68 [ 370.476734] [<ffffffff801a521c>] handle_irq_event+0x4c/0x88 [ 370.482486] [<ffffffff801a8f84>] handle_edge_irq+0x12c/0x210 [ 370.488316] [<ffffffff801a47a0>] generic_handle_irq+0x38/0x48 [ 370.494280] [<ffffffff804a2dbc>] gic_handle_shared_int+0x194/0x268 [ 370.500616] [<ffffffff801a47a0>] generic_handle_irq+0x38/0x48 [ 370.506529] [<ffffffff80107e60>] do_IRQ+0x18/0x28 [ 370.511445] [<ffffffff804a1524>] plat_irq_dispatch+0xc4/0x140 [ 370.517339] [<ffffffff80106230>] ret_from_irq+0x0/0x4 [ 370.522583] [<ffffffff8010fad4>] do_ri+0x4fc/0x7e8 [ 370.527546] [<ffffffff80106220>] ret_from_exception+0x0/0x10 2) The IPI may arrive during kernel use of the FPU, since we generally only disable preemption around use of the FPU & leave interrupts enabled. This can lead to us unexpectedly losing access to the FPU in places where it previously had not been possible. For example: do_cpu invoked from kernel context![#2]: CPU: 2 PID: 7338 Comm: fp-prctl Tainted: G D 4.7.0-00424-g49b0c82 #2 task: 838e4000 ti: 88d38000 task.ti: 88d38000 $ 0 : 00000000 00000001 ffffffff 88d3fef8 $ 4 : 838e4000 88d38004 00000000 00000001 $ 8 : 3400fc01 801f8020 808e9100 24000000 $12 : dbffffff 807b69d8 807b0000 00000000 $16 : 00000000 80786150 00400fc4 809c0398 $20 : 809c0338 0040273c 88d3ff28 808e9d30 $24 : 808e9d30 00400fb4 $28 : 88d38000 88d3fe88 00000000 8011a2ac Hi : 0040273c Lo : 88d3ff28 epc : 80114178 _restore_fp+0x10/0xa0 ra : 8011a2ac mipsr2_decoder+0xd5c/0x1660 Status: 1400fc03 KERNEL EXL IE Cause : 1080002c (ExcCode 0b) PrId : 0001a920 (MIPS I6400) Modules linked in: Process fp-prctl (pid: 7338, threadinfo=88d38000, task=838e4000, tls=766527d0) Stack : 00000000 00000000 00000000 88d3fe98 00000000 00000000 809c0398 809c0338 808e9100 00000000 88d3ff28 00400fc4 00400fc4 0040273c 7fb69e18 004a0000 004a0000 004a0000 7664add0 8010de18 00000000 00000000 88d3fef8 88d3ff28 808e9100 00000000 766527d0 8010e534 000c0000 85755000 8181d580 00000000 00000000 00000000 004a0000 00000000 766527d0 7fb69e18 004a0000 80105c20 ... Call Trace: [<80114178>] _restore_fp+0x10/0xa0 [<8011a2ac>] mipsr2_decoder+0xd5c/0x1660 [<8010de18>] do_ri+0x90/0x6b8 [<80105c20>] ret_from_exception+0x0/0x10 At first glance a simple fix may seem to be to disable interrupts around kernel use of the FPU rather than merely preemption, however this would introduce further overhead outside of the mode switch path & doesn't solve the third problem: 3) The IPI may arrive whilst the kernel is running code that will lead to a preempt_disable() call & FPU usage soon. If this happens then the IPI will be serviced & we'll proceed to enable an FPU whilst the mode switch is in progress, leading to strange & inconsistent behaviour. Further to all of this is a separate but related problem: 4) There are various paths through which we may enable the FPU without the user having triggered a coprocessor 1 disabled exception. These paths are those in which we emulate instructions & then enable the FPU with the expectation that the user might execute an FP instruction shortly afterwards. However these paths have not previously checked whether an FP mode switch is underway for the task, and therefore could enable the FPU whilst such a mode switch is in progress leading to strange & inconsistent behaviour for user code. This patch fixes all of the above by taking a step back & re-examining our approach to FP mode switches. Up until now we have taken these basic steps: a) Prevent any threads that are part of the affected process from being able to obtain ownership of the FPU. b) Cause any threads that are part of the affected process and already have ownership of an FPU to lose it. c) Set the thread flags for each thread that is part of the affected process to reflect the new FP mode. d) Allow threads to obtain ownership of the FPU again. This approach is however more complex than necessary. All that we really require is that the mode switch has occurred for all threads that are part of the affected process before mips_set_process_fp_mode(), and thus the PR_SET_FP_MODE prctl() syscall, returns. This doesn't require that we stop threads from owning or using an FPU whilst a mode switch occurs, only that we force them to relinquish it after the mode switch has occurred such that they next own an FPU with the correct mode configured. Our basic steps therefore simplify to: A) Set the thread flags for each thread that is part of the affected process to reflect the new FP mode. B) Cause any threads that are part of the affected process and already have ownership of an FPU to lose it. We implement B) by forcing each CPU which might be running a thread which is part of the affected process to schedule a no-op function, which causes the affected thread to lose its FPU ownership when it is descheduled. The end result is simpler FP mode switching with less overhead in the FPU enable path (ie. enable_restore_fp_context()) and fewer moving parts. Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 9791554b45a2 ("MIPS,prctl: add PR_[GS]ET_FP_MODE prctl options for MIPS") Fixes: 6b8322576e9d ("MIPS: Force CPUs to lose FP context during mode switches") Cc: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-mips(a)linux-mips.org Cc: stable <stable(a)vger.kernel.org> # v4.0+ diff --git a/arch/mips/include/asm/mmu_context.h b/arch/mips/include/asm/mmu_context.h index da2004cef2d5..b509371a6b0c 100644 --- a/arch/mips/include/asm/mmu_context.h +++ b/arch/mips/include/asm/mmu_context.h @@ -126,8 +126,6 @@ init_new_context(struct task_struct *tsk, struct mm_struct *mm) for_each_possible_cpu(i) cpu_context(i, mm) = 0; - atomic_set(&mm->context.fp_mode_switching, 0); - mm->context.bd_emupage_allocmap = NULL; spin_lock_init(&mm->context.bd_emupage_lock); init_waitqueue_head(&mm->context.bd_emupage_queue); diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c index 8d85046adcc8..fe6001d748cf 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c @@ -29,6 +29,7 @@ #include <linux/kallsyms.h> #include <linux/random.h> #include <linux/prctl.h> +#include <linux/cpu.h> #include <asm/asm.h> #include <asm/bootinfo.h> @@ -691,19 +692,25 @@ int mips_get_process_fp_mode(struct task_struct *task) return value; } -static void prepare_for_fp_mode_switch(void *info) +static long prepare_for_fp_mode_switch(void *unused) { - struct mm_struct *mm = info; - - if (current->mm == mm) - lose_fpu(1); + /* + * This is icky, but we use this to simply ensure that all CPUs have + * context switched, regardless of whether they were previously running + * kernel or user code. This ensures that no CPU currently has its FPU + * enabled, or is about to attempt to enable it through any path other + * than enable_restore_fp_context() which will wait appropriately for + * fp_mode_switching to be zero. + */ + return 0; } int mips_set_process_fp_mode(struct task_struct *task, unsigned int value) { const unsigned int known_bits = PR_FP_MODE_FR | PR_FP_MODE_FRE; struct task_struct *t; - int max_users; + struct cpumask process_cpus; + int cpu; /* If nothing to change, return right away, successfully. */ if (value == mips_get_process_fp_mode(task)) @@ -736,35 +743,7 @@ int mips_set_process_fp_mode(struct task_struct *task, unsigned int value) if (!(value & PR_FP_MODE_FR) && raw_cpu_has_fpu && cpu_has_mips_r6) return -EOPNOTSUPP; - /* Proceed with the mode switch */ - preempt_disable(); - - /* Save FP & vector context, then disable FPU & MSA */ - if (task->signal == current->signal) - lose_fpu(1); - - /* Prevent any threads from obtaining live FP context */ - atomic_set(&task->mm->context.fp_mode_switching, 1); - smp_mb__after_atomic(); - - /* - * If there are multiple online CPUs then force any which are running - * threads in this process to lose their FPU context, which they can't - * regain until fp_mode_switching is cleared later. - */ - if (num_online_cpus() > 1) { - /* No need to send an IPI for the local CPU */ - max_users = (task->mm == current->mm) ? 1 : 0; - - if (atomic_read(&current->mm->mm_users) > max_users) - smp_call_function(prepare_for_fp_mode_switch, - (void *)current->mm, 1); - } - - /* - * There are now no threads of the process with live FP context, so it - * is safe to proceed with the FP mode switch. - */ + /* Indicate the new FP mode in each thread */ for_each_thread(task, t) { /* Update desired FP register width */ if (value & PR_FP_MODE_FR) { @@ -781,9 +760,34 @@ int mips_set_process_fp_mode(struct task_struct *task, unsigned int value) clear_tsk_thread_flag(t, TIF_HYBRID_FPREGS); } - /* Allow threads to use FP again */ - atomic_set(&task->mm->context.fp_mode_switching, 0); - preempt_enable(); + /* + * We need to ensure that all threads in the process have switched mode + * before returning, in order to allow userland to not worry about + * races. We can do this by forcing all CPUs that any thread in the + * process may be running on to schedule something else - in this case + * prepare_for_fp_mode_switch(). + * + * We begin by generating a mask of all CPUs that any thread in the + * process may be running on. + */ + cpumask_clear(&process_cpus); + for_each_thread(task, t) + cpumask_set_cpu(task_cpu(t), &process_cpus); + + /* + * Now we schedule prepare_for_fp_mode_switch() on each of those CPUs. + * + * The CPUs may have rescheduled already since we switched mode or + * generated the cpumask, but that doesn't matter. If the task in this + * process is scheduled out then our scheduling + * prepare_for_fp_mode_switch() will simply be redundant. If it's + * scheduled in then it will already have picked up the new FP mode + * whilst doing so. + */ + get_online_cpus(); + for_each_cpu_and(cpu, &process_cpus, cpu_online_mask) + work_on_cpu(cpu, prepare_for_fp_mode_switch, NULL); + put_online_cpus(); wake_up_var(&task->mm->context.fp_mode_switching); diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c index d67fa74622ee..4d9ca9b465ae 100644 --- a/arch/mips/kernel/traps.c +++ b/arch/mips/kernel/traps.c @@ -1220,13 +1220,6 @@ static int enable_restore_fp_context(int msa) { int err, was_fpu_owner, prior_msa; - /* - * If an FP mode switch is currently underway, wait for it to - * complete before proceeding. - */ - wait_var_event(&current->mm->context.fp_mode_switching, - !atomic_read(&current->mm->context.fp_mode_switching)); - if (!used_math()) { /* First time FP context user. */ preempt_disable();

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: Schedule on CPUs we need to lose FPU for a mode switch" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 8c8d953c28000045e5e823f3398319f04d49a7f1 Mon Sep 17 00:00:00 2001 From: Paul Burton <paul.burton(a)mips.com> Date: Tue, 19 Dec 2017 15:11:08 -0800 Subject: [PATCH] MIPS: Schedule on CPUs we need to lose FPU for a mode switch Commit 6b8322576e9d ("MIPS: Force CPUs to lose FP context during mode switches") ensures that we react to PR_SET_FP_MODE prctl syscalls quickly by broadcasting an IPI in order to cause CPUs to lose FPU access when necessary. Whilst it achieves that, unfortunately it causes all sorts of strange race conditions because: 1) The IPI may arrive at a point where the FPU is in the process of being enabled, but that process is not yet complete leading to a state we aren't prepared to handle. For example: [ 370.215903] do_cpu invoked from kernel context![#1]: [ 370.221064] CPU: 0 PID: 963 Comm: fp-prctl Not tainted 4.9.0-rc5-00323-g210db32-dirty #226 [ 370.229420] task: a8000000fd672e00 task.stack: a8000000fd630000 [ 370.235399] $ 0 : 0000000000000000 0000000000000001 0000000000000001 a8000000fd630000 [ 370.243882] $ 4 : a8000000fd672e00 0000000000000000 0000000000000453 0000000000000000 [ 370.252317] $ 8 : 0000000000000000 a8000000fd637c28 1000000000000000 0000000000000010 [ 370.260753] $12 : 00000000140084e0 ffffffff80109c00 0000000000000000 0000000000000002 [ 370.269179] $16 : ffffffff8092f080 a8000000fd672e00 ffffffff80107fe8 a8000000fd485000 [ 370.277612] $20 : ffffffff8084d328 ffffffff80940000 0000000000000009 ffffffff80930000 [ 370.286038] $24 : 0000000000000000 900000001612048c [ 370.294476] $28 : a8000000fd630000 a8000000fd637ac0 ffffffff80937300 ffffffff8010807c [ 370.302909] Hi : 0000000000000000 [ 370.306595] Lo : 0000000000000200 [ 370.310376] epc : ffffffff80115d38 _save_fp+0x10/0xa0 [ 370.315784] ra : ffffffff8010807c prepare_for_fp_mode_switch+0x94/0x1b0 [ 370.322707] Status: 140084e2 KX SX UX KERNEL EXL [ 370.327980] Cause : 1080002c (ExcCode 0b) [ 370.332091] PrId : 0001a428 (MIPS P6600) [ 370.336179] Modules linked in: [ 370.339486] Process fp-prctl (pid: 963, threadinfo=a8000000fd630000, task=a8000000fd672e00, tls=00000000756e67d0) [ 370.349724] Stack : 0000000000000000 a8000000fd557dc0 0000000000000000 ffffffff801ca8e0 [ 370.358161] 0000000000000000 a8000000fd637b9c 0000000000000009 ffffffff80923780 [ 370.366575] ffffffff80850000 ffffffff8011610c 00000000000000b8 ffffffff801a5084 [ 370.374989] ffffffff8084a370 ffffffff8084a388 ffffffff80923780 ffffffff80923828 [ 370.383395] 0000000000010000 ffffffff809237a8 0000000000020000 ffffffff80a40000 [ 370.391817] 000000000000007c 00000000004a0000 00000000756dedd0 ffffffff801a5188 [ 370.400230] a800000002014900 0000000000000001 ffffffff80923780 0000000080923828 [ 370.408644] ffffffff80923780 ffffffff80923780 ffffffff80923828 ffffffff801a521c [ 370.417066] ffffffff80923780 ffffffff80923828 0000000000010000 ffffffff801a8f84 [ 370.425472] ffffffff80a40000 a8000000fd637c20 ffffffff80a39240 0000000000000001 [ 370.433885] ... [ 370.436562] Call Trace: [ 370.439222] [<ffffffff80115d38>] _save_fp+0x10/0xa0 [ 370.444305] [<ffffffff8010807c>] prepare_for_fp_mode_switch+0x94/0x1b0 [ 370.451035] [<ffffffff801ca8e0>] flush_smp_call_function_queue+0xf8/0x230 [ 370.457991] [<ffffffff8011610c>] ipi_call_interrupt+0xc/0x20 [ 370.463814] [<ffffffff801a5084>] __handle_irq_event_percpu+0xc4/0x1a8 [ 370.470404] [<ffffffff801a5188>] handle_irq_event_percpu+0x20/0x68 [ 370.476734] [<ffffffff801a521c>] handle_irq_event+0x4c/0x88 [ 370.482486] [<ffffffff801a8f84>] handle_edge_irq+0x12c/0x210 [ 370.488316] [<ffffffff801a47a0>] generic_handle_irq+0x38/0x48 [ 370.494280] [<ffffffff804a2dbc>] gic_handle_shared_int+0x194/0x268 [ 370.500616] [<ffffffff801a47a0>] generic_handle_irq+0x38/0x48 [ 370.506529] [<ffffffff80107e60>] do_IRQ+0x18/0x28 [ 370.511445] [<ffffffff804a1524>] plat_irq_dispatch+0xc4/0x140 [ 370.517339] [<ffffffff80106230>] ret_from_irq+0x0/0x4 [ 370.522583] [<ffffffff8010fad4>] do_ri+0x4fc/0x7e8 [ 370.527546] [<ffffffff80106220>] ret_from_exception+0x0/0x10 2) The IPI may arrive during kernel use of the FPU, since we generally only disable preemption around use of the FPU & leave interrupts enabled. This can lead to us unexpectedly losing access to the FPU in places where it previously had not been possible. For example: do_cpu invoked from kernel context![#2]: CPU: 2 PID: 7338 Comm: fp-prctl Tainted: G D 4.7.0-00424-g49b0c82 #2 task: 838e4000 ti: 88d38000 task.ti: 88d38000 $ 0 : 00000000 00000001 ffffffff 88d3fef8 $ 4 : 838e4000 88d38004 00000000 00000001 $ 8 : 3400fc01 801f8020 808e9100 24000000 $12 : dbffffff 807b69d8 807b0000 00000000 $16 : 00000000 80786150 00400fc4 809c0398 $20 : 809c0338 0040273c 88d3ff28 808e9d30 $24 : 808e9d30 00400fb4 $28 : 88d38000 88d3fe88 00000000 8011a2ac Hi : 0040273c Lo : 88d3ff28 epc : 80114178 _restore_fp+0x10/0xa0 ra : 8011a2ac mipsr2_decoder+0xd5c/0x1660 Status: 1400fc03 KERNEL EXL IE Cause : 1080002c (ExcCode 0b) PrId : 0001a920 (MIPS I6400) Modules linked in: Process fp-prctl (pid: 7338, threadinfo=88d38000, task=838e4000, tls=766527d0) Stack : 00000000 00000000 00000000 88d3fe98 00000000 00000000 809c0398 809c0338 808e9100 00000000 88d3ff28 00400fc4 00400fc4 0040273c 7fb69e18 004a0000 004a0000 004a0000 7664add0 8010de18 00000000 00000000 88d3fef8 88d3ff28 808e9100 00000000 766527d0 8010e534 000c0000 85755000 8181d580 00000000 00000000 00000000 004a0000 00000000 766527d0 7fb69e18 004a0000 80105c20 ... Call Trace: [<80114178>] _restore_fp+0x10/0xa0 [<8011a2ac>] mipsr2_decoder+0xd5c/0x1660 [<8010de18>] do_ri+0x90/0x6b8 [<80105c20>] ret_from_exception+0x0/0x10 At first glance a simple fix may seem to be to disable interrupts around kernel use of the FPU rather than merely preemption, however this would introduce further overhead outside of the mode switch path & doesn't solve the third problem: 3) The IPI may arrive whilst the kernel is running code that will lead to a preempt_disable() call & FPU usage soon. If this happens then the IPI will be serviced & we'll proceed to enable an FPU whilst the mode switch is in progress, leading to strange & inconsistent behaviour. Further to all of this is a separate but related problem: 4) There are various paths through which we may enable the FPU without the user having triggered a coprocessor 1 disabled exception. These paths are those in which we emulate instructions & then enable the FPU with the expectation that the user might execute an FP instruction shortly afterwards. However these paths have not previously checked whether an FP mode switch is underway for the task, and therefore could enable the FPU whilst such a mode switch is in progress leading to strange & inconsistent behaviour for user code. This patch fixes all of the above by taking a step back & re-examining our approach to FP mode switches. Up until now we have taken these basic steps: a) Prevent any threads that are part of the affected process from being able to obtain ownership of the FPU. b) Cause any threads that are part of the affected process and already have ownership of an FPU to lose it. c) Set the thread flags for each thread that is part of the affected process to reflect the new FP mode. d) Allow threads to obtain ownership of the FPU again. This approach is however more complex than necessary. All that we really require is that the mode switch has occurred for all threads that are part of the affected process before mips_set_process_fp_mode(), and thus the PR_SET_FP_MODE prctl() syscall, returns. This doesn't require that we stop threads from owning or using an FPU whilst a mode switch occurs, only that we force them to relinquish it after the mode switch has occurred such that they next own an FPU with the correct mode configured. Our basic steps therefore simplify to: A) Set the thread flags for each thread that is part of the affected process to reflect the new FP mode. B) Cause any threads that are part of the affected process and already have ownership of an FPU to lose it. We implement B) by forcing each CPU which might be running a thread which is part of the affected process to schedule a no-op function, which causes the affected thread to lose its FPU ownership when it is descheduled. The end result is simpler FP mode switching with less overhead in the FPU enable path (ie. enable_restore_fp_context()) and fewer moving parts. Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 9791554b45a2 ("MIPS,prctl: add PR_[GS]ET_FP_MODE prctl options for MIPS") Fixes: 6b8322576e9d ("MIPS: Force CPUs to lose FP context during mode switches") Cc: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-mips(a)linux-mips.org Cc: stable <stable(a)vger.kernel.org> # v4.0+ diff --git a/arch/mips/include/asm/mmu_context.h b/arch/mips/include/asm/mmu_context.h index da2004cef2d5..b509371a6b0c 100644 --- a/arch/mips/include/asm/mmu_context.h +++ b/arch/mips/include/asm/mmu_context.h @@ -126,8 +126,6 @@ init_new_context(struct task_struct *tsk, struct mm_struct *mm) for_each_possible_cpu(i) cpu_context(i, mm) = 0; - atomic_set(&mm->context.fp_mode_switching, 0); - mm->context.bd_emupage_allocmap = NULL; spin_lock_init(&mm->context.bd_emupage_lock); init_waitqueue_head(&mm->context.bd_emupage_queue); diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c index 8d85046adcc8..fe6001d748cf 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c @@ -29,6 +29,7 @@ #include <linux/kallsyms.h> #include <linux/random.h> #include <linux/prctl.h> +#include <linux/cpu.h> #include <asm/asm.h> #include <asm/bootinfo.h> @@ -691,19 +692,25 @@ int mips_get_process_fp_mode(struct task_struct *task) return value; } -static void prepare_for_fp_mode_switch(void *info) +static long prepare_for_fp_mode_switch(void *unused) { - struct mm_struct *mm = info; - - if (current->mm == mm) - lose_fpu(1); + /* + * This is icky, but we use this to simply ensure that all CPUs have + * context switched, regardless of whether they were previously running + * kernel or user code. This ensures that no CPU currently has its FPU + * enabled, or is about to attempt to enable it through any path other + * than enable_restore_fp_context() which will wait appropriately for + * fp_mode_switching to be zero. + */ + return 0; } int mips_set_process_fp_mode(struct task_struct *task, unsigned int value) { const unsigned int known_bits = PR_FP_MODE_FR | PR_FP_MODE_FRE; struct task_struct *t; - int max_users; + struct cpumask process_cpus; + int cpu; /* If nothing to change, return right away, successfully. */ if (value == mips_get_process_fp_mode(task)) @@ -736,35 +743,7 @@ int mips_set_process_fp_mode(struct task_struct *task, unsigned int value) if (!(value & PR_FP_MODE_FR) && raw_cpu_has_fpu && cpu_has_mips_r6) return -EOPNOTSUPP; - /* Proceed with the mode switch */ - preempt_disable(); - - /* Save FP & vector context, then disable FPU & MSA */ - if (task->signal == current->signal) - lose_fpu(1); - - /* Prevent any threads from obtaining live FP context */ - atomic_set(&task->mm->context.fp_mode_switching, 1); - smp_mb__after_atomic(); - - /* - * If there are multiple online CPUs then force any which are running - * threads in this process to lose their FPU context, which they can't - * regain until fp_mode_switching is cleared later. - */ - if (num_online_cpus() > 1) { - /* No need to send an IPI for the local CPU */ - max_users = (task->mm == current->mm) ? 1 : 0; - - if (atomic_read(&current->mm->mm_users) > max_users) - smp_call_function(prepare_for_fp_mode_switch, - (void *)current->mm, 1); - } - - /* - * There are now no threads of the process with live FP context, so it - * is safe to proceed with the FP mode switch. - */ + /* Indicate the new FP mode in each thread */ for_each_thread(task, t) { /* Update desired FP register width */ if (value & PR_FP_MODE_FR) { @@ -781,9 +760,34 @@ int mips_set_process_fp_mode(struct task_struct *task, unsigned int value) clear_tsk_thread_flag(t, TIF_HYBRID_FPREGS); } - /* Allow threads to use FP again */ - atomic_set(&task->mm->context.fp_mode_switching, 0); - preempt_enable(); + /* + * We need to ensure that all threads in the process have switched mode + * before returning, in order to allow userland to not worry about + * races. We can do this by forcing all CPUs that any thread in the + * process may be running on to schedule something else - in this case + * prepare_for_fp_mode_switch(). + * + * We begin by generating a mask of all CPUs that any thread in the + * process may be running on. + */ + cpumask_clear(&process_cpus); + for_each_thread(task, t) + cpumask_set_cpu(task_cpu(t), &process_cpus); + + /* + * Now we schedule prepare_for_fp_mode_switch() on each of those CPUs. + * + * The CPUs may have rescheduled already since we switched mode or + * generated the cpumask, but that doesn't matter. If the task in this + * process is scheduled out then our scheduling + * prepare_for_fp_mode_switch() will simply be redundant. If it's + * scheduled in then it will already have picked up the new FP mode + * whilst doing so. + */ + get_online_cpus(); + for_each_cpu_and(cpu, &process_cpus, cpu_online_mask) + work_on_cpu(cpu, prepare_for_fp_mode_switch, NULL); + put_online_cpus(); wake_up_var(&task->mm->context.fp_mode_switching); diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c index d67fa74622ee..4d9ca9b465ae 100644 --- a/arch/mips/kernel/traps.c +++ b/arch/mips/kernel/traps.c @@ -1220,13 +1220,6 @@ static int enable_restore_fp_context(int msa) { int err, was_fpu_owner, prior_msa; - /* - * If an FP mode switch is currently underway, wait for it to - * complete before proceeding. - */ - wait_var_event(&current->mm->context.fp_mode_switching, - !atomic_read(&current->mm->context.fp_mode_switching)); - if (!used_math()) { /* First time FP context user. */ preempt_disable();

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: Always use -march=<arch>, not -<arch> shortcuts" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 344ebf09949c31bcb8818d8458b65add29f1d67b Mon Sep 17 00:00:00 2001 From: Paul Burton <paul.burton(a)mips.com> Date: Mon, 18 Jun 2018 17:37:59 -0700 Subject: [PATCH] MIPS: Always use -march=<arch>, not -<arch> shortcuts The VDSO Makefile filters CFLAGS to select a subset which it uses whilst building the VDSO ELF. One of the flags it allows through is the -march= flag that selects the architecture/ISA to target. Unfortunately in cases where CONFIG_CPU_MIPS32_R{1,2}=y and the toolchain defaults to building for MIPS64, the main MIPS Makefile ends up using the short-form -<arch> flags in cflags-y. This is because the calls to cc-option always fail to use the long-form -march=<arch> flag due to the lack of an -mabi=<abi> flag in KBUILD_CFLAGS at the point where the cc-option function is executed. The resulting GCC invocation is something like: $ mips64-linux-gcc -Werror -march=mips32r2 -c -x c /dev/null -o tmp cc1: error: '-march=mips32r2' is not compatible with the selected ABI These short-form -<arch> flags are dropped by the VDSO Makefile's filtering, and so we attempt to build the VDSO without specifying any architecture. This results in an attempt to build the VDSO using whatever the compiler's default architecture is, regardless of whether that is suitable for the kernel configuration. One encountered build failure resulting from this mismatch is a rejection of the sync instruction if the kernel is configured for a MIPS32 or MIPS64 r1 or r2 target but the toolchain defaults to an older architecture revision such as MIPS1 which did not include the sync instruction: CC arch/mips/vdso/gettimeofday.o /tmp/ccGQKoOj.s: Assembler messages: /tmp/ccGQKoOj.s:273: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:329: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:520: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:714: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:1009: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:1066: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:1114: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:1279: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:1334: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:1374: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:1459: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:1514: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:1814: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:2002: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:2066: Error: opcode not supported on this processor: mips1 (mips1) `sync' make[2]: *** [scripts/Makefile.build:318: arch/mips/vdso/gettimeofday.o] Error 1 make[1]: *** [scripts/Makefile.build:558: arch/mips/vdso] Error 2 make[1]: *** Waiting for unfinished jobs.... This can be reproduced for example by attempting to build pistachio_defconfig using Arnd's GCC 8.1.0 mips64 toolchain from kernel.org: https://mirrors.edge.kernel.org/pub/tools/crosstool/files/bin/x86_64/8.1.0/… Resolve this problem by using the long-form -march=<arch> in all cases, which makes it through the arch/mips/vdso/Makefile's filtering & is thus consistently used to build both the kernel proper & the VDSO. The use of cc-option to prefer the long-form & fall back to the short-form flags makes no sense since the short-form is just an abbreviation for the also-supported long-form in all GCC versions that we support building with. This means there is no case in which we have to use the short-form -<arch> flags, so we can simply remove them. The manual redefinition of _MIPS_ISA is removed naturally along with the use of the short-form flags that it accompanied, and whilst here we remove the separate assembler ISA selection. I suspect that both of these were only required due to the mips32 vs mips2 mismatch that was introduced by commit 59b3e8e9aac6 ("[MIPS] Makefile crapectomy.") and fixed but not cleaned up by commit 9200c0b2a07c ("[MIPS] Fix Makefile bugs for MIPS32/MIPS64 R1 and R2."). I've marked this for backport as far as v4.4 where the MIPS VDSO was introduced. In earlier kernels there should be no ill effect to using the short-form flags. Signed-off-by: Paul Burton <paul.burton(a)mips.com> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-mips(a)linux-mips.org Cc: stable(a)vger.kernel.org # v4.4+ Reviewed-by: James Hogan <jhogan(a)kernel.org> Patchwork: https://patchwork.linux-mips.org/patch/19579/ diff --git a/arch/mips/Makefile b/arch/mips/Makefile index e2122cca4ae2..1e98d22ec119 100644 --- a/arch/mips/Makefile +++ b/arch/mips/Makefile @@ -155,15 +155,11 @@ cflags-$(CONFIG_CPU_R4300) += -march=r4300 -Wa,--trap cflags-$(CONFIG_CPU_VR41XX) += -march=r4100 -Wa,--trap cflags-$(CONFIG_CPU_R4X00) += -march=r4600 -Wa,--trap cflags-$(CONFIG_CPU_TX49XX) += -march=r4600 -Wa,--trap -cflags-$(CONFIG_CPU_MIPS32_R1) += $(call cc-option,-march=mips32,-mips32 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS32) \ - -Wa,-mips32 -Wa,--trap -cflags-$(CONFIG_CPU_MIPS32_R2) += $(call cc-option,-march=mips32r2,-mips32r2 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS32) \ - -Wa,-mips32r2 -Wa,--trap +cflags-$(CONFIG_CPU_MIPS32_R1) += -march=mips32 -Wa,--trap +cflags-$(CONFIG_CPU_MIPS32_R2) += -march=mips32r2 -Wa,--trap cflags-$(CONFIG_CPU_MIPS32_R6) += -march=mips32r6 -Wa,--trap -modd-spreg -cflags-$(CONFIG_CPU_MIPS64_R1) += $(call cc-option,-march=mips64,-mips64 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS64) \ - -Wa,-mips64 -Wa,--trap -cflags-$(CONFIG_CPU_MIPS64_R2) += $(call cc-option,-march=mips64r2,-mips64r2 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS64) \ - -Wa,-mips64r2 -Wa,--trap +cflags-$(CONFIG_CPU_MIPS64_R1) += -march=mips64 -Wa,--trap +cflags-$(CONFIG_CPU_MIPS64_R2) += -march=mips64r2 -Wa,--trap cflags-$(CONFIG_CPU_MIPS64_R6) += -march=mips64r6 -Wa,--trap cflags-$(CONFIG_CPU_R5000) += -march=r5000 -Wa,--trap cflags-$(CONFIG_CPU_R5432) += $(call cc-option,-march=r5400,-march=r5000) \

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: Always use -march=<arch>, not -<arch> shortcuts" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 344ebf09949c31bcb8818d8458b65add29f1d67b Mon Sep 17 00:00:00 2001 From: Paul Burton <paul.burton(a)mips.com> Date: Mon, 18 Jun 2018 17:37:59 -0700 Subject: [PATCH] MIPS: Always use -march=<arch>, not -<arch> shortcuts The VDSO Makefile filters CFLAGS to select a subset which it uses whilst building the VDSO ELF. One of the flags it allows through is the -march= flag that selects the architecture/ISA to target. Unfortunately in cases where CONFIG_CPU_MIPS32_R{1,2}=y and the toolchain defaults to building for MIPS64, the main MIPS Makefile ends up using the short-form -<arch> flags in cflags-y. This is because the calls to cc-option always fail to use the long-form -march=<arch> flag due to the lack of an -mabi=<abi> flag in KBUILD_CFLAGS at the point where the cc-option function is executed. The resulting GCC invocation is something like: $ mips64-linux-gcc -Werror -march=mips32r2 -c -x c /dev/null -o tmp cc1: error: '-march=mips32r2' is not compatible with the selected ABI These short-form -<arch> flags are dropped by the VDSO Makefile's filtering, and so we attempt to build the VDSO without specifying any architecture. This results in an attempt to build the VDSO using whatever the compiler's default architecture is, regardless of whether that is suitable for the kernel configuration. One encountered build failure resulting from this mismatch is a rejection of the sync instruction if the kernel is configured for a MIPS32 or MIPS64 r1 or r2 target but the toolchain defaults to an older architecture revision such as MIPS1 which did not include the sync instruction: CC arch/mips/vdso/gettimeofday.o /tmp/ccGQKoOj.s: Assembler messages: /tmp/ccGQKoOj.s:273: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:329: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:520: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:714: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:1009: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:1066: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:1114: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:1279: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:1334: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:1374: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:1459: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:1514: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:1814: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:2002: Error: opcode not supported on this processor: mips1 (mips1) `sync' /tmp/ccGQKoOj.s:2066: Error: opcode not supported on this processor: mips1 (mips1) `sync' make[2]: *** [scripts/Makefile.build:318: arch/mips/vdso/gettimeofday.o] Error 1 make[1]: *** [scripts/Makefile.build:558: arch/mips/vdso] Error 2 make[1]: *** Waiting for unfinished jobs.... This can be reproduced for example by attempting to build pistachio_defconfig using Arnd's GCC 8.1.0 mips64 toolchain from kernel.org: https://mirrors.edge.kernel.org/pub/tools/crosstool/files/bin/x86_64/8.1.0/… Resolve this problem by using the long-form -march=<arch> in all cases, which makes it through the arch/mips/vdso/Makefile's filtering & is thus consistently used to build both the kernel proper & the VDSO. The use of cc-option to prefer the long-form & fall back to the short-form flags makes no sense since the short-form is just an abbreviation for the also-supported long-form in all GCC versions that we support building with. This means there is no case in which we have to use the short-form -<arch> flags, so we can simply remove them. The manual redefinition of _MIPS_ISA is removed naturally along with the use of the short-form flags that it accompanied, and whilst here we remove the separate assembler ISA selection. I suspect that both of these were only required due to the mips32 vs mips2 mismatch that was introduced by commit 59b3e8e9aac6 ("[MIPS] Makefile crapectomy.") and fixed but not cleaned up by commit 9200c0b2a07c ("[MIPS] Fix Makefile bugs for MIPS32/MIPS64 R1 and R2."). I've marked this for backport as far as v4.4 where the MIPS VDSO was introduced. In earlier kernels there should be no ill effect to using the short-form flags. Signed-off-by: Paul Burton <paul.burton(a)mips.com> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-mips(a)linux-mips.org Cc: stable(a)vger.kernel.org # v4.4+ Reviewed-by: James Hogan <jhogan(a)kernel.org> Patchwork: https://patchwork.linux-mips.org/patch/19579/ diff --git a/arch/mips/Makefile b/arch/mips/Makefile index e2122cca4ae2..1e98d22ec119 100644 --- a/arch/mips/Makefile +++ b/arch/mips/Makefile @@ -155,15 +155,11 @@ cflags-$(CONFIG_CPU_R4300) += -march=r4300 -Wa,--trap cflags-$(CONFIG_CPU_VR41XX) += -march=r4100 -Wa,--trap cflags-$(CONFIG_CPU_R4X00) += -march=r4600 -Wa,--trap cflags-$(CONFIG_CPU_TX49XX) += -march=r4600 -Wa,--trap -cflags-$(CONFIG_CPU_MIPS32_R1) += $(call cc-option,-march=mips32,-mips32 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS32) \ - -Wa,-mips32 -Wa,--trap -cflags-$(CONFIG_CPU_MIPS32_R2) += $(call cc-option,-march=mips32r2,-mips32r2 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS32) \ - -Wa,-mips32r2 -Wa,--trap +cflags-$(CONFIG_CPU_MIPS32_R1) += -march=mips32 -Wa,--trap +cflags-$(CONFIG_CPU_MIPS32_R2) += -march=mips32r2 -Wa,--trap cflags-$(CONFIG_CPU_MIPS32_R6) += -march=mips32r6 -Wa,--trap -modd-spreg -cflags-$(CONFIG_CPU_MIPS64_R1) += $(call cc-option,-march=mips64,-mips64 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS64) \ - -Wa,-mips64 -Wa,--trap -cflags-$(CONFIG_CPU_MIPS64_R2) += $(call cc-option,-march=mips64r2,-mips64r2 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS64) \ - -Wa,-mips64r2 -Wa,--trap +cflags-$(CONFIG_CPU_MIPS64_R1) += -march=mips64 -Wa,--trap +cflags-$(CONFIG_CPU_MIPS64_R2) += -march=mips64r2 -Wa,--trap cflags-$(CONFIG_CPU_MIPS64_R6) += -march=mips64r6 -Wa,--trap cflags-$(CONFIG_CPU_R5000) += -march=r5000 -Wa,--trap cflags-$(CONFIG_CPU_R5432) += $(call cc-option,-march=r5400,-march=r5000) \

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: memset.S: Fix byte_fixup for MIPSr6" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b1c03f1ef48d36ff28afb06e8f0c1233ef072f1d Mon Sep 17 00:00:00 2001 From: Matt Redfearn <matt.redfearn(a)mips.com> Date: Wed, 23 May 2018 14:39:58 +0100 Subject: [PATCH] MIPS: memset.S: Fix byte_fixup for MIPSr6 The __clear_user function is defined to return the number of bytes that could not be cleared. From the underlying memset / bzero implementation this means setting register a2 to that number on return. Currently if a page fault is triggered within the MIPSr6 version of setting of initial unaligned bytes, the value loaded into a2 on return is meaningless. During the MIPSr6 version of the initial unaligned bytes block, register a2 contains the number of bytes to be set beyond the initial unaligned bytes. The t0 register is initally set to the number of unaligned bytes - STORSIZE, effectively a negative version of the number of unaligned bytes. This is then incremented before each byte is saved. The label .Lbyte_fixup\@ is jumped to on page fault. Currently the value in a2 is incorrectly replaced by 0 - t0 + 1, effectively the number of unaligned bytes remaining. This leads to the failures being reported by the following test code: static int __init test_clear_user(void) { int j, k; pr_info("\n\n\nTesting clear_user\n"); for (j = 0; j < 512; j++) { if ((k = clear_user(NULL+3, j)) != j) { pr_err("clear_user (NULL %d) returned %d\n", j, k); } } return 0; } late_initcall(test_clear_user); Which reports: [ 3.965439] Testing clear_user [ 3.973169] clear_user (NULL 8) returned 6 [ 3.976782] clear_user (NULL 9) returned 6 [ 3.980390] clear_user (NULL 10) returned 6 [ 3.984052] clear_user (NULL 11) returned 6 [ 3.987524] clear_user (NULL 12) returned 6 Fix this by subtracting t0 from a2 (rather than $0), effectivey giving: unset_bytes = (#bytes - (#unaligned bytes)) - (-#unaligned bytes remaining + 1) + 1 a2 = a2 - t0 + 1 This fixes the value returned from __clear user when the number of bytes to set is > LONGSIZE and the address is invalid and unaligned. Unfortunately, this breaks the fixup handling for unaligned bytes after the final long, where register a2 still contains the number of bytes remaining to be set and the t0 register is to 0 - the number of unaligned bytes remaining. Because t0 is now is now subtracted from a2 rather than 0, the number of bytes unset is reported incorrectly: static int __init test_clear_user(void) { char *test; int j, k; pr_info("\n\n\nTesting clear_user\n"); test = vmalloc(PAGE_SIZE); for (j = 256; j < 512; j++) { if ((k = clear_user(test + PAGE_SIZE - 254, j)) != j - 254) { pr_err("clear_user (%px %d) returned %d\n", test + PAGE_SIZE - 254, j, k); } } return 0; } late_initcall(test_clear_user); [ 3.976775] clear_user (c00000000000df02 256) returned 4 [ 3.981957] clear_user (c00000000000df02 257) returned 6 [ 3.986425] clear_user (c00000000000df02 258) returned 8 [ 3.990850] clear_user (c00000000000df02 259) returned 10 [ 3.995332] clear_user (c00000000000df02 260) returned 12 [ 3.999815] clear_user (c00000000000df02 261) returned 14 Fix this by ensuring that a2 is set to 0 during the set of final unaligned bytes. Signed-off-by: Matt Redfearn <matt.redfearn(a)mips.com> Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 8c56208aff77 ("MIPS: lib: memset: Add MIPS R6 support") Patchwork: https://patchwork.linux-mips.org/patch/19338/ Cc: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-mips(a)linux-mips.org Cc: linux-kernel(a)vger.kernel.org Cc: stable(a)vger.kernel.org # v4.0+ diff --git a/arch/mips/lib/memset.S b/arch/mips/lib/memset.S index 1cc306520a55..fac26ce64b2f 100644 --- a/arch/mips/lib/memset.S +++ b/arch/mips/lib/memset.S @@ -195,6 +195,7 @@ #endif #else PTR_SUBU t0, $0, a2 + move a2, zero /* No remaining longs */ PTR_ADDIU t0, 1 STORE_BYTE(0) STORE_BYTE(1) @@ -231,7 +232,7 @@ #ifdef CONFIG_CPU_MIPSR6 .Lbyte_fixup\@: - PTR_SUBU a2, $0, t0 + PTR_SUBU a2, t0 jr ra PTR_ADDIU a2, 1 #endif /* CONFIG_CPU_MIPSR6 */

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: memset.S: Fix byte_fixup for MIPSr6" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b1c03f1ef48d36ff28afb06e8f0c1233ef072f1d Mon Sep 17 00:00:00 2001 From: Matt Redfearn <matt.redfearn(a)mips.com> Date: Wed, 23 May 2018 14:39:58 +0100 Subject: [PATCH] MIPS: memset.S: Fix byte_fixup for MIPSr6 The __clear_user function is defined to return the number of bytes that could not be cleared. From the underlying memset / bzero implementation this means setting register a2 to that number on return. Currently if a page fault is triggered within the MIPSr6 version of setting of initial unaligned bytes, the value loaded into a2 on return is meaningless. During the MIPSr6 version of the initial unaligned bytes block, register a2 contains the number of bytes to be set beyond the initial unaligned bytes. The t0 register is initally set to the number of unaligned bytes - STORSIZE, effectively a negative version of the number of unaligned bytes. This is then incremented before each byte is saved. The label .Lbyte_fixup\@ is jumped to on page fault. Currently the value in a2 is incorrectly replaced by 0 - t0 + 1, effectively the number of unaligned bytes remaining. This leads to the failures being reported by the following test code: static int __init test_clear_user(void) { int j, k; pr_info("\n\n\nTesting clear_user\n"); for (j = 0; j < 512; j++) { if ((k = clear_user(NULL+3, j)) != j) { pr_err("clear_user (NULL %d) returned %d\n", j, k); } } return 0; } late_initcall(test_clear_user); Which reports: [ 3.965439] Testing clear_user [ 3.973169] clear_user (NULL 8) returned 6 [ 3.976782] clear_user (NULL 9) returned 6 [ 3.980390] clear_user (NULL 10) returned 6 [ 3.984052] clear_user (NULL 11) returned 6 [ 3.987524] clear_user (NULL 12) returned 6 Fix this by subtracting t0 from a2 (rather than $0), effectivey giving: unset_bytes = (#bytes - (#unaligned bytes)) - (-#unaligned bytes remaining + 1) + 1 a2 = a2 - t0 + 1 This fixes the value returned from __clear user when the number of bytes to set is > LONGSIZE and the address is invalid and unaligned. Unfortunately, this breaks the fixup handling for unaligned bytes after the final long, where register a2 still contains the number of bytes remaining to be set and the t0 register is to 0 - the number of unaligned bytes remaining. Because t0 is now is now subtracted from a2 rather than 0, the number of bytes unset is reported incorrectly: static int __init test_clear_user(void) { char *test; int j, k; pr_info("\n\n\nTesting clear_user\n"); test = vmalloc(PAGE_SIZE); for (j = 256; j < 512; j++) { if ((k = clear_user(test + PAGE_SIZE - 254, j)) != j - 254) { pr_err("clear_user (%px %d) returned %d\n", test + PAGE_SIZE - 254, j, k); } } return 0; } late_initcall(test_clear_user); [ 3.976775] clear_user (c00000000000df02 256) returned 4 [ 3.981957] clear_user (c00000000000df02 257) returned 6 [ 3.986425] clear_user (c00000000000df02 258) returned 8 [ 3.990850] clear_user (c00000000000df02 259) returned 10 [ 3.995332] clear_user (c00000000000df02 260) returned 12 [ 3.999815] clear_user (c00000000000df02 261) returned 14 Fix this by ensuring that a2 is set to 0 during the set of final unaligned bytes. Signed-off-by: Matt Redfearn <matt.redfearn(a)mips.com> Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 8c56208aff77 ("MIPS: lib: memset: Add MIPS R6 support") Patchwork: https://patchwork.linux-mips.org/patch/19338/ Cc: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-mips(a)linux-mips.org Cc: linux-kernel(a)vger.kernel.org Cc: stable(a)vger.kernel.org # v4.0+ diff --git a/arch/mips/lib/memset.S b/arch/mips/lib/memset.S index 1cc306520a55..fac26ce64b2f 100644 --- a/arch/mips/lib/memset.S +++ b/arch/mips/lib/memset.S @@ -195,6 +195,7 @@ #endif #else PTR_SUBU t0, $0, a2 + move a2, zero /* No remaining longs */ PTR_ADDIU t0, 1 STORE_BYTE(0) STORE_BYTE(1) @@ -231,7 +232,7 @@ #ifdef CONFIG_CPU_MIPSR6 .Lbyte_fixup\@: - PTR_SUBU a2, $0, t0 + PTR_SUBU a2, t0 jr ra PTR_ADDIU a2, 1 #endif /* CONFIG_CPU_MIPSR6 */

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] MIPS: memset.S: Fix byte_fixup for MIPSr6" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b1c03f1ef48d36ff28afb06e8f0c1233ef072f1d Mon Sep 17 00:00:00 2001 From: Matt Redfearn <matt.redfearn(a)mips.com> Date: Wed, 23 May 2018 14:39:58 +0100 Subject: [PATCH] MIPS: memset.S: Fix byte_fixup for MIPSr6 The __clear_user function is defined to return the number of bytes that could not be cleared. From the underlying memset / bzero implementation this means setting register a2 to that number on return. Currently if a page fault is triggered within the MIPSr6 version of setting of initial unaligned bytes, the value loaded into a2 on return is meaningless. During the MIPSr6 version of the initial unaligned bytes block, register a2 contains the number of bytes to be set beyond the initial unaligned bytes. The t0 register is initally set to the number of unaligned bytes - STORSIZE, effectively a negative version of the number of unaligned bytes. This is then incremented before each byte is saved. The label .Lbyte_fixup\@ is jumped to on page fault. Currently the value in a2 is incorrectly replaced by 0 - t0 + 1, effectively the number of unaligned bytes remaining. This leads to the failures being reported by the following test code: static int __init test_clear_user(void) { int j, k; pr_info("\n\n\nTesting clear_user\n"); for (j = 0; j < 512; j++) { if ((k = clear_user(NULL+3, j)) != j) { pr_err("clear_user (NULL %d) returned %d\n", j, k); } } return 0; } late_initcall(test_clear_user); Which reports: [ 3.965439] Testing clear_user [ 3.973169] clear_user (NULL 8) returned 6 [ 3.976782] clear_user (NULL 9) returned 6 [ 3.980390] clear_user (NULL 10) returned 6 [ 3.984052] clear_user (NULL 11) returned 6 [ 3.987524] clear_user (NULL 12) returned 6 Fix this by subtracting t0 from a2 (rather than $0), effectivey giving: unset_bytes = (#bytes - (#unaligned bytes)) - (-#unaligned bytes remaining + 1) + 1 a2 = a2 - t0 + 1 This fixes the value returned from __clear user when the number of bytes to set is > LONGSIZE and the address is invalid and unaligned. Unfortunately, this breaks the fixup handling for unaligned bytes after the final long, where register a2 still contains the number of bytes remaining to be set and the t0 register is to 0 - the number of unaligned bytes remaining. Because t0 is now is now subtracted from a2 rather than 0, the number of bytes unset is reported incorrectly: static int __init test_clear_user(void) { char *test; int j, k; pr_info("\n\n\nTesting clear_user\n"); test = vmalloc(PAGE_SIZE); for (j = 256; j < 512; j++) { if ((k = clear_user(test + PAGE_SIZE - 254, j)) != j - 254) { pr_err("clear_user (%px %d) returned %d\n", test + PAGE_SIZE - 254, j, k); } } return 0; } late_initcall(test_clear_user); [ 3.976775] clear_user (c00000000000df02 256) returned 4 [ 3.981957] clear_user (c00000000000df02 257) returned 6 [ 3.986425] clear_user (c00000000000df02 258) returned 8 [ 3.990850] clear_user (c00000000000df02 259) returned 10 [ 3.995332] clear_user (c00000000000df02 260) returned 12 [ 3.999815] clear_user (c00000000000df02 261) returned 14 Fix this by ensuring that a2 is set to 0 during the set of final unaligned bytes. Signed-off-by: Matt Redfearn <matt.redfearn(a)mips.com> Signed-off-by: Paul Burton <paul.burton(a)mips.com> Fixes: 8c56208aff77 ("MIPS: lib: memset: Add MIPS R6 support") Patchwork: https://patchwork.linux-mips.org/patch/19338/ Cc: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-mips(a)linux-mips.org Cc: linux-kernel(a)vger.kernel.org Cc: stable(a)vger.kernel.org # v4.0+ diff --git a/arch/mips/lib/memset.S b/arch/mips/lib/memset.S index 1cc306520a55..fac26ce64b2f 100644 --- a/arch/mips/lib/memset.S +++ b/arch/mips/lib/memset.S @@ -195,6 +195,7 @@ #endif #else PTR_SUBU t0, $0, a2 + move a2, zero /* No remaining longs */ PTR_ADDIU t0, 1 STORE_BYTE(0) STORE_BYTE(1) @@ -231,7 +232,7 @@ #ifdef CONFIG_CPU_MIPSR6 .Lbyte_fixup\@: - PTR_SUBU a2, $0, t0 + PTR_SUBU a2, t0 jr ra PTR_ADDIU a2, 1 #endif /* CONFIG_CPU_MIPSR6 */

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] kprobes: Show address of kprobes if kallsyms does" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 81365a947de453bcaba2558f8de5dadcffe05bc1 Mon Sep 17 00:00:00 2001 From: Masami Hiramatsu <mhiramat(a)kernel.org> Date: Sat, 28 Apr 2018 21:36:02 +0900 Subject: [PATCH] kprobes: Show address of kprobes if kallsyms does Show probed address in debugfs kprobe list file as same as kallsyms does. This information is used for checking kprobes are placed in the expected address. So it should be able to compared with address in kallsyms. Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Ananth N Mavinakayanahalli <ananth(a)in.ibm.com> Cc: Anil S Keshavamurthy <anil.s.keshavamurthy(a)intel.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: David Howells <dhowells(a)redhat.com> Cc: David S . Miller <davem(a)davemloft.net> Cc: Heiko Carstens <heiko.carstens(a)de.ibm.com> Cc: Jon Medhurst <tixy(a)linaro.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Thomas Richter <tmricht(a)linux.ibm.com> Cc: Tobin C . Harding <me(a)tobin.cc> Cc: Will Deacon <will.deacon(a)arm.com> Cc: acme(a)kernel.org Cc: akpm(a)linux-foundation.org Cc: brueckner(a)linux.vnet.ibm.com Cc: linux-arch(a)vger.kernel.org Cc: rostedt(a)goodmis.org Cc: schwidefsky(a)de.ibm.com Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/lkml/152491896256.9916.1583733714492565296.stgit@de… Signed-off-by: Ingo Molnar <mingo(a)kernel.org> diff --git a/kernel/kprobes.c b/kernel/kprobes.c index ab1bfa3d1d9c..1d6130d2937a 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -2226,19 +2226,23 @@ static void report_probe(struct seq_file *pi, struct kprobe *p, const char *sym, int offset, char *modname, struct kprobe *pp) { char *kprobe_type; + void *addr = p->addr; if (p->pre_handler == pre_handler_kretprobe) kprobe_type = "r"; else kprobe_type = "k"; + if (!kallsyms_show_value()) + addr = NULL; + if (sym) - seq_printf(pi, "%p %s %s+0x%x %s ", - p->addr, kprobe_type, sym, offset, + seq_printf(pi, "%px %s %s+0x%x %s ", + addr, kprobe_type, sym, offset, (modname ? modname : " ")); - else - seq_printf(pi, "%p %s %p ", - p->addr, kprobe_type, p->addr); + else /* try to use %pS */ + seq_printf(pi, "%px %s %pS ", + addr, kprobe_type, p->addr); if (!pp) pp = p;

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] x86/dumpstack: Don't dump kernel memory based on usermode RIP" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 342db04ae71273322f0011384a9ed414df8bdae4 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Tue, 28 Aug 2018 17:49:01 +0200 Subject: [PATCH] x86/dumpstack: Don't dump kernel memory based on usermode RIP show_opcodes() is used both for dumping kernel instructions and for dumping user instructions. If userspace causes #PF by jumping to a kernel address, show_opcodes() can be reached with regs->ip controlled by the user, pointing to kernel code. Make sure that userspace can't trick us into dumping kernel memory into dmesg. Fixes: 7cccf0725cf7 ("x86/dumpstack: Add a show_ip() function") Signed-off-by: Jann Horn <jannh(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Borislav Petkov <bp(a)suse.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: security(a)kernel.org Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20180828154901.112726-1-jannh@google.com diff --git a/arch/x86/include/asm/stacktrace.h b/arch/x86/include/asm/stacktrace.h index b6dc698f992a..f335aad404a4 100644 --- a/arch/x86/include/asm/stacktrace.h +++ b/arch/x86/include/asm/stacktrace.h @@ -111,6 +111,6 @@ static inline unsigned long caller_frame_pointer(void) return (unsigned long)frame; } -void show_opcodes(u8 *rip, const char *loglvl); +void show_opcodes(struct pt_regs *regs, const char *loglvl); void show_ip(struct pt_regs *regs, const char *loglvl); #endif /* _ASM_X86_STACKTRACE_H */ diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c index 1596e6bfea6f..f56895106ccf 100644 --- a/arch/x86/kernel/dumpstack.c +++ b/arch/x86/kernel/dumpstack.c @@ -90,14 +90,24 @@ static void printk_stack_address(unsigned long address, int reliable, * Thus, the 2/3rds prologue and 64 byte OPCODE_BUFSIZE is just a random * guesstimate in attempt to achieve all of the above. */ -void show_opcodes(u8 *rip, const char *loglvl) +void show_opcodes(struct pt_regs *regs, const char *loglvl) { #define PROLOGUE_SIZE 42 #define EPILOGUE_SIZE 21 #define OPCODE_BUFSIZE (PROLOGUE_SIZE + 1 + EPILOGUE_SIZE) u8 opcodes[OPCODE_BUFSIZE]; + unsigned long prologue = regs->ip - PROLOGUE_SIZE; + bool bad_ip; - if (probe_kernel_read(opcodes, rip - PROLOGUE_SIZE, OPCODE_BUFSIZE)) { + /* + * Make sure userspace isn't trying to trick us into dumping kernel + * memory by pointing the userspace instruction pointer at it. + */ + bad_ip = user_mode(regs) && + __chk_range_not_ok(prologue, OPCODE_BUFSIZE, TASK_SIZE_MAX); + + if (bad_ip || probe_kernel_read(opcodes, (u8 *)prologue, + OPCODE_BUFSIZE)) { printk("%sCode: Bad RIP value.\n", loglvl); } else { printk("%sCode: %" __stringify(PROLOGUE_SIZE) "ph <%02x> %" @@ -113,7 +123,7 @@ void show_ip(struct pt_regs *regs, const char *loglvl) #else printk("%sRIP: %04x:%pS\n", loglvl, (int)regs->cs, (void *)regs->ip); #endif - show_opcodes((u8 *)regs->ip, loglvl); + show_opcodes(regs, loglvl); } void show_iret_regs(struct pt_regs *regs) diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index b9123c497e0a..47bebfe6efa7 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -837,7 +837,7 @@ show_signal_msg(struct pt_regs *regs, unsigned long error_code, printk(KERN_CONT "\n"); - show_opcodes((u8 *)regs->ip, loglvl); + show_opcodes(regs, loglvl); } static void

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From cc51e5428ea54f575d49cfcede1d4cb3a72b4ec4 Mon Sep 17 00:00:00 2001 From: Andi Kleen <ak(a)linux.intel.com> Date: Fri, 24 Aug 2018 10:03:50 -0700 Subject: [PATCH] x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ On Nehalem and newer core CPUs the CPU cache internally uses 44 bits physical address space. The L1TF workaround is limited by this internal cache address width, and needs to have one bit free there for the mitigation to work. Older client systems report only 36bit physical address space so the range check decides that L1TF is not mitigated for a 36bit phys/32GB system with some memory holes. But since these actually have the larger internal cache width this warning is bogus because it would only really be needed if the system had more than 43bits of memory. Add a new internal x86_cache_bits field. Normally it is the same as the physical bits field reported by CPUID, but for Nehalem and newerforce it to be at least 44bits. Change the L1TF memory size warning to use the new cache_bits field to avoid bogus warnings and remove the bogus comment about memory size. Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf") Reported-by: George Anchev <studio(a)anchev.net> Reported-by: Christopher Snowhill <kode54(a)gmail.com> Signed-off-by: Andi Kleen <ak(a)linux.intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: x86(a)kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: Michael Hocko <mhocko(a)suse.com> Cc: vbabka(a)suse.cz Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20180824170351.34874-1-andi@firstfloor.org diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index c24297268ebc..d53c54b842da 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -132,6 +132,8 @@ struct cpuinfo_x86 { /* Index into per_cpu list: */ u16 cpu_index; u32 microcode; + /* Address space bits used by the cache internally */ + u8 x86_cache_bits; unsigned initialized : 1; } __randomize_layout; @@ -183,7 +185,7 @@ extern void cpu_detect(struct cpuinfo_x86 *c); static inline unsigned long long l1tf_pfn_limit(void) { - return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT); + return BIT_ULL(boot_cpu_data.x86_cache_bits - 1 - PAGE_SHIFT); } extern void early_cpu_init(void); diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 4c2313d0b9ca..40bdaea97fe7 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -668,6 +668,45 @@ EXPORT_SYMBOL_GPL(l1tf_mitigation); enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO; EXPORT_SYMBOL_GPL(l1tf_vmx_mitigation); +/* + * These CPUs all support 44bits physical address space internally in the + * cache but CPUID can report a smaller number of physical address bits. + * + * The L1TF mitigation uses the top most address bit for the inversion of + * non present PTEs. When the installed memory reaches into the top most + * address bit due to memory holes, which has been observed on machines + * which report 36bits physical address bits and have 32G RAM installed, + * then the mitigation range check in l1tf_select_mitigation() triggers. + * This is a false positive because the mitigation is still possible due to + * the fact that the cache uses 44bit internally. Use the cache bits + * instead of the reported physical bits and adjust them on the affected + * machines to 44bit if the reported bits are less than 44. + */ +static void override_cache_bits(struct cpuinfo_x86 *c) +{ + if (c->x86 != 6) + return; + + switch (c->x86_model) { + case INTEL_FAM6_NEHALEM: + case INTEL_FAM6_WESTMERE: + case INTEL_FAM6_SANDYBRIDGE: + case INTEL_FAM6_IVYBRIDGE: + case INTEL_FAM6_HASWELL_CORE: + case INTEL_FAM6_HASWELL_ULT: + case INTEL_FAM6_HASWELL_GT3E: + case INTEL_FAM6_BROADWELL_CORE: + case INTEL_FAM6_BROADWELL_GT3E: + case INTEL_FAM6_SKYLAKE_MOBILE: + case INTEL_FAM6_SKYLAKE_DESKTOP: + case INTEL_FAM6_KABYLAKE_MOBILE: + case INTEL_FAM6_KABYLAKE_DESKTOP: + if (c->x86_cache_bits < 44) + c->x86_cache_bits = 44; + break; + } +} + static void __init l1tf_select_mitigation(void) { u64 half_pa; @@ -675,6 +714,8 @@ static void __init l1tf_select_mitigation(void) if (!boot_cpu_has_bug(X86_BUG_L1TF)) return; + override_cache_bits(&boot_cpu_data); + switch (l1tf_mitigation) { case L1TF_MITIGATION_OFF: case L1TF_MITIGATION_FLUSH_NOWARN: @@ -694,11 +735,6 @@ static void __init l1tf_select_mitigation(void) return; #endif - /* - * This is extremely unlikely to happen because almost all - * systems have far more MAX_PA/2 than RAM can be fit into - * DIMM slots. - */ half_pa = (u64)l1tf_pfn_limit() << PAGE_SHIFT; if (e820__mapped_any(half_pa, ULLONG_MAX - half_pa, E820_TYPE_RAM)) { pr_warn("System has more than MAX_PA/2 memory. L1TF mitigation not effective.\n"); diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 84dee5ab745a..44c4ef3d989b 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -919,6 +919,7 @@ void get_cpu_address_sizes(struct cpuinfo_x86 *c) else if (cpu_has(c, X86_FEATURE_PAE) || cpu_has(c, X86_FEATURE_PSE36)) c->x86_phys_bits = 36; #endif + c->x86_cache_bits = c->x86_phys_bits; } static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c)

6 years, 9 months

1
0
0 0

[PATCH imx_4.9.y 1/2] PM / Domains: Fix error path during attach in genpd

by Leonard Crestez

From: Ulf Hansson <ulf.hansson(a)linaro.org> In case the PM domain fails to be powered on in genpd_dev_pm_attach(), it returns -EPROBE_DEFER, but keeping the device attached to its PM domain. This leads to problems when the next attempt to attach is re-tried. More precisely, in that situation an -EEXIST error code is returned, because the device already has its PM domain pointer assigned, from the first attempt. Now, because of the sloppy error handling by the existing callers of dev_pm_domain_attach(), probing is allowed to continue when -EEXIST is returned. However, in such case there are no guarantees that the PM domain is powered on by genpd, which may lead to hangs when buses/drivers tried to access their devices. Let's fix this behaviour, simply by detaching the device when powering on fails in genpd_dev_pm_attach(). Cc: v4.11+ <stable(a)vger.kernel.org> # v4.11+ Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> (cherry picked from commit 72038df3c580c4c326b83c86149d7ac34007532a) Cherry-picked to imx_4.9.y with minimal conflicts so that we can properly handle errors from SCFW pm calls Signed-off-by: Leonard Crestez <leonard.crestez(a)nxp.com> --- drivers/base/power/domain.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c index 9c3e535795a0..d9681d372997 100644 --- a/drivers/base/power/domain.c +++ b/drivers/base/power/domain.c @@ -1936,10 +1936,13 @@ int genpd_dev_pm_attach(struct device *dev) dev->pm_domain->sync = genpd_dev_pm_sync; mutex_lock(&pd->lock); ret = genpd_poweron(pd, 0); mutex_unlock(&pd->lock); + + if (ret) + genpd_remove_device(pd, dev); out: return ret ? -EPROBE_DEFER : 0; } EXPORT_SYMBOL_GPL(genpd_dev_pm_attach); #endif /* CONFIG_PM_GENERIC_DOMAINS_OF */ -- 2.17.1

6 years, 9 months

2
2
0 0

[PATCH] usb: Avoid use-after-free by flushing endpoints early in usb_set_interface()

by Mathias Nyman

The steps taken by usb core to set a new interface is very different from what is done on the xHC host side. xHC hardware will do everything in one go. One command is used to set up new endpoints, free old endpoints, check bandwidth, and run the new endpoints. All this is done by xHC when usb core asks the hcd to check for available bandwidth. At this point usb core has not yet flushed the old endpoints, which will cause use-after-free issues in xhci driver as queued URBs are cancelled on a re-allocated endpoint. To resolve this add a call to usb_disable_interface() which will flush the endpoints before calling usb_hcd_alloc_bandwidth() Additional checks in xhci driver will also be implemented to gracefully handle stale URB cancel on freed and re-allocated endpoints Cc: <stable(a)vger.kernel.org> Reported-by: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/core/message.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c index 228672f..304bef2 100644 --- a/drivers/usb/core/message.c +++ b/drivers/usb/core/message.c @@ -1377,6 +1377,13 @@ int usb_set_interface(struct usb_device *dev, int interface, int alternate) return -EINVAL; } + /* + * usb3 hosts configure the interface in usb_hcd_alloc_bandwidth, + * including freeing dropped endpoint ring buffers. + * Make sure the interface endpoints are flushed before that + */ + usb_disable_interface(dev, iface, false); + /* Make sure we have enough bandwidth for this alternate interface. * Remove the current alt setting and add the new alt setting. */ -- 2.7.4

6 years, 9 months

2
2
0 0

Back to check your images

by Jason Jones

Hi, I would like to take the chance to speak with the person who handle your images in your company? Our ability of imaging editing. Cutting out for your images Clipping path for your images Masking for your images Retouching for your images Retouching for the Portraits images We have 17 photo editors in house and daily basis 700 images can be done. We can give testing for your photos if you send us one or two to start working. Thanks, Jason Jones

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: use correct compare function of dirty_metadata_bytes" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From d814a49198eafa6163698bdd93961302f3a877a4 Mon Sep 17 00:00:00 2001 From: Ethan Lien <ethanlien(a)synology.com> Date: Mon, 2 Jul 2018 15:44:58 +0800 Subject: [PATCH] btrfs: use correct compare function of dirty_metadata_bytes We use customized, nodesize batch value to update dirty_metadata_bytes. We should also use batch version of compare function or we will easily goto fast path and get false result from percpu_counter_compare(). Fixes: e2d845211eda ("Btrfs: use percpu counter for dirty metadata count") CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Ethan Lien <ethanlien(a)synology.com> Reviewed-by: Nikolay Borisov <nborisov(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index 6023eed3e805..e3858b2fe014 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -959,8 +959,9 @@ static int btree_writepages(struct address_space *mapping, fs_info = BTRFS_I(mapping->host)->root->fs_info; /* this is a bit racy, but that's ok */ - ret = percpu_counter_compare(&fs_info->dirty_metadata_bytes, - BTRFS_DIRTY_METADATA_THRESH); + ret = __percpu_counter_compare(&fs_info->dirty_metadata_bytes, + BTRFS_DIRTY_METADATA_THRESH, + fs_info->dirty_metadata_batch); if (ret < 0) return 0; } @@ -4134,8 +4135,9 @@ static void __btrfs_btree_balance_dirty(struct btrfs_fs_info *fs_info, if (flush_delayed) btrfs_balance_delayed_items(fs_info); - ret = percpu_counter_compare(&fs_info->dirty_metadata_bytes, - BTRFS_DIRTY_METADATA_THRESH); + ret = __percpu_counter_compare(&fs_info->dirty_metadata_bytes, + BTRFS_DIRTY_METADATA_THRESH, + fs_info->dirty_metadata_batch); if (ret > 0) { balance_dirty_pages_ratelimited(fs_info->btree_inode->i_mapping); }

6 years, 9 months

2
1
0 0

[PATCH stable 1/2] arm64: Fix mismatched cache line size detection

by Suzuki K Poulose

commit 4c4a39dd5fe2d13e2d2fa5fceb8ef95d19fc389a upstream If there is a mismatch in the I/D min line size, we must always use the system wide safe value both in applications and in the kernel, while performing cache operations. However, we have been checking more bits than just the min line sizes, which triggers false negatives. We may need to trap the user accesses in such cases, but not necessarily patch the kernel. This patch fixes the check to do the right thing as advertised. A new capability will be added to check mismatches in other fields and ensure we trap the CTR accesses. Fixes: be68a8aaf925 ("arm64: cpufeature: Fix CTR_EL0 field definitions") Cc: <stable(a)vger.kernel.org> # v4.14 Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Reported-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> --- arch/arm64/include/asm/cache.h | 5 +++++ arch/arm64/kernel/cpu_errata.c | 6 ++++-- arch/arm64/kernel/cpufeature.c | 4 ++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/arch/arm64/include/asm/cache.h b/arch/arm64/include/asm/cache.h index ea9bb4e..e40f8a2 100644 --- a/arch/arm64/include/asm/cache.h +++ b/arch/arm64/include/asm/cache.h @@ -20,9 +20,14 @@ #define CTR_L1IP_SHIFT 14 #define CTR_L1IP_MASK 3 +#define CTR_DMINLINE_SHIFT 16 +#define CTR_IMINLINE_SHIFT 0 #define CTR_CWG_SHIFT 24 #define CTR_CWG_MASK 15 +#define CTR_CACHE_MINLINE_MASK \ + (0xf << CTR_DMINLINE_SHIFT | 0xf << CTR_IMINLINE_SHIFT) + #define CTR_L1IP(ctr) (((ctr) >> CTR_L1IP_SHIFT) & CTR_L1IP_MASK) #define ICACHE_POLICY_VPIPT 0 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index eccdb28..3d1569c 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -48,9 +48,11 @@ static bool has_mismatched_cache_line_size(const struct arm64_cpu_capabilities *entry, int scope) { + u64 mask = CTR_CACHE_MINLINE_MASK; + WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); - return (read_cpuid_cachetype() & arm64_ftr_reg_ctrel0.strict_mask) != - (arm64_ftr_reg_ctrel0.sys_val & arm64_ftr_reg_ctrel0.strict_mask); + return (read_cpuid_cachetype() & mask) != + (arm64_ftr_reg_ctrel0.sys_val & mask); } static int cpu_enable_trap_ctr_access(void *__unused) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 376cf12..003dd39 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -180,14 +180,14 @@ static const struct arm64_ftr_bits ftr_ctr[] = { ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, 28, 1, 1), /* IDC */ ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_HIGHER_SAFE, 24, 4, 0), /* CWG */ ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_HIGHER_SAFE, 20, 4, 0), /* ERG */ - ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, 16, 4, 1), /* DminLine */ + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_DMINLINE_SHIFT, 4, 1), /* * Linux can handle differing I-cache policies. Userspace JITs will * make use of *minLine. * If we have differing I-cache policies, report it as the weakest - VIPT. */ ARM64_FTR_BITS(FTR_VISIBLE, FTR_NONSTRICT, FTR_EXACT, 14, 2, ICACHE_POLICY_VIPT), /* L1Ip */ - ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, 0, 4, 0), /* IminLine */ + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_IMINLINE_SHIFT, 4, 0), ARM64_FTR_END, }; -- 2.7.4

6 years, 9 months

1
1
0 0

[PATCH] MIPS: VDSO: Match data page cache colouring when D$ aliases

by Paul Burton

When a system suffers from dcache aliasing a user program may observe stale VDSO data from an aliased cache line. Notably this can break the expectation that clock_gettime(CLOCK_MONOTONIC, ...) is, as its name suggests, monotonic. In order to ensure that users observe updates to the VDSO data page as intended, align the user mappings of the VDSO data page such that their cache colouring matches that of the virtual address range which the kernel will use to update the data page - typically its unmapped address within kseg0. This ensures that we don't introduce aliasing cache lines for the VDSO data page, and therefore that userland will observe updates without requiring cache invalidation. Signed-off-by: Paul Burton <paul.burton(a)mips.com> Reported-by: Hauke Mehrtens <hauke(a)hauke-m.de> Reported-by: Rene Nielsen <rene.nielsen(a)microsemi.com> Reported-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> Fixes: ebb5e78cc634 ("MIPS: Initial implementation of a VDSO") Cc: James Hogan <jhogan(a)kernel.org> Cc: linux-mips(a)linux-mips.org Cc: stable(a)vger.kernel.org # v4.4+ --- Hi Alexandre, Could you try this out on your Ocelot system? Hopefully it'll solve the problem just as well as James' patch but doesn't need the questionable change to arch_get_unmapped_area_common(). Thanks, Paul --- arch/mips/kernel/vdso.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/mips/kernel/vdso.c b/arch/mips/kernel/vdso.c index 019035d7225c..5fb617a42335 100644 --- a/arch/mips/kernel/vdso.c +++ b/arch/mips/kernel/vdso.c @@ -13,6 +13,7 @@ #include <linux/err.h> #include <linux/init.h> #include <linux/ioport.h> +#include <linux/kernel.h> #include <linux/mm.h> #include <linux/sched.h> #include <linux/slab.h> @@ -20,6 +21,7 @@ #include <asm/abi.h> #include <asm/mips-cps.h> +#include <asm/page.h> #include <asm/vdso.h> /* Kernel-provided data used by the VDSO. */ @@ -128,12 +130,30 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) vvar_size = gic_size + PAGE_SIZE; size = vvar_size + image->size; + /* + * Find a region that's large enough for us to perform the + * colour-matching alignment below. + */ + if (cpu_has_dc_aliases) + size += shm_align_mask + 1; + base = get_unmapped_area(NULL, 0, size, 0, 0); if (IS_ERR_VALUE(base)) { ret = base; goto out; } + /* + * If we suffer from dcache aliasing, ensure that the VDSO data page is + * coloured the same as the kernel's mapping of that memory. This + * ensures that when the kernel updates the VDSO data userland will see + * it without requiring cache invalidations. + */ + if (cpu_has_dc_aliases) { + base = __ALIGN_MASK(base, shm_align_mask); + base += ((unsigned long)&vdso_data - gic_size) & shm_align_mask; + } + data_addr = base + gic_size; vdso_addr = data_addr + PAGE_SIZE; -- 2.18.0

6 years, 9 months

4
5
0 0

FAILED: patch "[PATCH] x86/vdso: Fix vDSO build if a retpoline is emitted" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2e549b2ee0e358bc758480e716b881f9cabedb6a Mon Sep 17 00:00:00 2001 From: Andy Lutomirski <luto(a)kernel.org> Date: Thu, 16 Aug 2018 12:41:15 -0700 Subject: [PATCH] x86/vdso: Fix vDSO build if a retpoline is emitted Currently, if the vDSO ends up containing an indirect branch or call, GCC will emit the "external thunk" style of retpoline, and it will fail to link. Fix it by building the vDSO with inline retpoline thunks. I haven't seen any reports of this triggering on an unpatched kernel. Fixes: commit 76b043848fd2 ("x86/retpoline: Add initial retpoline support") Signed-off-by: Andy Lutomirski <luto(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Matt Rickard <matt(a)softrans.com.au> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Jason Vas Dias <jason.vas.dias(a)gmail.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/c76538cd3afbe19c6246c2d1715bc6a60bd63985.15344483… diff --git a/Makefile b/Makefile index a0650bf79606..7bab2e90e4e1 100644 --- a/Makefile +++ b/Makefile @@ -507,9 +507,13 @@ KBUILD_AFLAGS += $(call cc-option, -no-integrated-as) endif RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register +RETPOLINE_VDSO_CFLAGS_GCC := -mindirect-branch=thunk-inline -mindirect-branch-register RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk +RETPOLINE_VDSO_CFLAGS_CLANG := -mretpoline RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG))) +RETPOLINE_VDSO_CFLAGS := $(call cc-option,$(RETPOLINE_VDSO_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_VDSO_CFLAGS_CLANG))) export RETPOLINE_CFLAGS +export RETPOLINE_VDSO_CFLAGS KBUILD_CFLAGS += $(call cc-option,-fno-PIE) KBUILD_AFLAGS += $(call cc-option,-fno-PIE) diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index 9f695f517747..fa3f439f0a92 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -68,9 +68,9 @@ $(obj)/vdso-image-%.c: $(obj)/vdso%.so.dbg $(obj)/vdso%.so $(obj)/vdso2c FORCE CFL := $(PROFILING) -mcmodel=small -fPIC -O2 -fasynchronous-unwind-tables -m64 \ $(filter -g%,$(KBUILD_CFLAGS)) $(call cc-option, -fno-stack-protector) \ -fno-omit-frame-pointer -foptimize-sibling-calls \ - -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO + -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO $(RETPOLINE_VDSO_CFLAGS) -$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) +$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) # # vDSO code runs in userspace and -pg doesn't help with profiling anyway. @@ -132,11 +132,13 @@ KBUILD_CFLAGS_32 := $(filter-out -mcmodel=kernel,$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out -fno-pic,$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out -mfentry,$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS_32)) +KBUILD_CFLAGS_32 := $(filter-out $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 += -m32 -msoft-float -mregparm=0 -fpic KBUILD_CFLAGS_32 += $(call cc-option, -fno-stack-protector) KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls) KBUILD_CFLAGS_32 += -fno-omit-frame-pointer KBUILD_CFLAGS_32 += -DDISABLE_BRANCH_PROFILING +KBUILD_CFLAGS_32 += $(RETPOLINE_VDSO_CFLAGS) $(obj)/vdso32.so.dbg: KBUILD_CFLAGS = $(KBUILD_CFLAGS_32) $(obj)/vdso32.so.dbg: FORCE \

6 years, 9 months

2
1
0 0

INQUIRY ORDER

by Mr Walter Benson

Dear Supplier, Please kindly confirm back in reply if am onto the right contact personin your company responsible for inquiries & orders. Please can you as well send your updated 2018 product catalog/price listing to our Import Department desk. Regards Walter Benson Purchase Manager Aharkco Trading Co., LTD.

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] ASoC: wm8994: Fix missing break in switch" failed to apply to 4.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ad0eaee6195db1db1749dd46b9e6f4466793d178 Mon Sep 17 00:00:00 2001 From: "Gustavo A. R. Silva" <gustavo(a)embeddedor.com> Date: Mon, 6 Aug 2018 07:14:51 -0500 Subject: [PATCH] ASoC: wm8994: Fix missing break in switch Add missing break statement in order to prevent the code from falling through to the default case. Addresses-Coverity-ID: 115050 ("Missing break in switch") Reported-by: Valdis Kletnieks <valdis.kletnieks(a)vt.edu> Signed-off-by: Gustavo A. R. Silva <gustavo(a)embeddedor.com> Acked-by: Charles Keepax <ckeepax(a)opensource.cirrus.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/sound/soc/codecs/wm8994.c b/sound/soc/codecs/wm8994.c index 62f8c5b9ba92..14f1b0c0d286 100644 --- a/sound/soc/codecs/wm8994.c +++ b/sound/soc/codecs/wm8994.c @@ -2432,7 +2432,7 @@ static int wm8994_set_dai_sysclk(struct snd_soc_dai *dai, snd_soc_component_update_bits(component, WM8994_POWER_MANAGEMENT_2, WM8994_OPCLK_ENA, 0); } - /* fall through */ + break; default: return -EINVAL;

6 years, 9 months

2
1
0 0

[PATCH AUTOSEL 4.9 11/62] uio: potential double frees if __uio_register_device() fails

by Sasha Levin

From: Dan Carpenter <dan.carpenter(a)oracle.com> [ Upstream commit f019f07ecf6a6b8bd6d7853bce70925d90af02d1 ] The uio_unregister_device() function assumes that if "info->uio_dev" is non-NULL that means "info" is fully allocated. Setting info->uio_de has to be the last thing in the function. In the current code, if request_threaded_irq() fails then we return with info->uio_dev set to non-NULL but info is not fully allocated and it can lead to double frees. Fixes: beafc54c4e2f ("UIO: Add the User IO core code") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/uio/uio.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c index 208bc52fc84d..f0a9ea2740df 100644 --- a/drivers/uio/uio.c +++ b/drivers/uio/uio.c @@ -841,8 +841,6 @@ int __uio_register_device(struct module *owner, if (ret) goto err_uio_dev_add_attributes; - info->uio_dev = idev; - if (info->irq && (info->irq != UIO_IRQ_CUSTOM)) { /* * Note that we deliberately don't use devm_request_irq @@ -858,6 +856,7 @@ int __uio_register_device(struct module *owner, goto err_request_irq; } + info->uio_dev = idev; return 0; err_request_irq: -- 2.17.1

6 years, 9 months

1
51
0 0

[PATCH AUTOSEL 4.9 01/62] misc: mic: SCIF Fix scif_get_new_port() error handling

by Sasha Levin

From: Dan Carpenter <dan.carpenter(a)oracle.com> [ Upstream commit a39284ae9d2ad09975c8ae33f1bd0f05fbfbf6ee ] There are only 2 callers of scif_get_new_port() and both appear to get the error handling wrong. Both treat zero returns as error, but it actually returns negative error codes and >= 0 on success. Fixes: e9089f43c9a7 ("misc: mic: SCIF open close bind and listen APIs") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- drivers/misc/mic/scif/scif_api.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/drivers/misc/mic/scif/scif_api.c b/drivers/misc/mic/scif/scif_api.c index ddc9e4b08b5c..56efa9d18a9a 100644 --- a/drivers/misc/mic/scif/scif_api.c +++ b/drivers/misc/mic/scif/scif_api.c @@ -370,11 +370,10 @@ int scif_bind(scif_epd_t epd, u16 pn) goto scif_bind_exit; } } else { - pn = scif_get_new_port(); - if (!pn) { - ret = -ENOSPC; + ret = scif_get_new_port(); + if (ret < 0) goto scif_bind_exit; - } + pn = ret; } ep->state = SCIFEP_BOUND; @@ -648,13 +647,12 @@ int __scif_connect(scif_epd_t epd, struct scif_port_id *dst, bool non_block) err = -EISCONN; break; case SCIFEP_UNBOUND: - ep->port.port = scif_get_new_port(); - if (!ep->port.port) { - err = -ENOSPC; - } else { - ep->port.node = scif_info.nodeid; - ep->conn_async_state = ASYNC_CONN_IDLE; - } + err = scif_get_new_port(); + if (err < 0) + break; + ep->port.port = err; + ep->port.node = scif_info.nodeid; + ep->conn_async_state = ASYNC_CONN_IDLE; /* Fall through */ case SCIFEP_BOUND: /* -- 2.17.1

6 years, 9 months

1
9
0 0

[PATCH AUTOSEL 4.18 001/113] cifs: check if SMB2 PDU size has been padded and suppress the warning

by Sasha Levin

From: Ronnie Sahlberg <lsahlber(a)redhat.com> [ Upstream commit e6c47dd0da1e3a484e778046fc10da0b20606a86 ] Some SMB2/3 servers, Win2016 but possibly others too, adds padding not only between PDUs in a compound but also to the final PDU. This padding extends the PDU to a multiple of 8 bytes. Check if the unexpected length looks like this might be the case and avoid triggering the log messages for : "SMB2 server sent bad RFC1001 len %d not %d\n" Signed-off-by: Ronnie Sahlberg <lsahlber(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/cifs/smb2misc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index 3ff7cec2da81..239215dcc00b 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -240,6 +240,13 @@ smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *srvr) if (clc_len == len + 1) return 0; + /* + * Some windows servers (win2016) will pad also the final + * PDU in a compound to 8 bytes. + */ + if (((clc_len + 7) & ~7) == len) + return 0; + /* * MacOS server pads after SMB2.1 write response with 3 bytes * of junk. Other servers match RFC1001 len to actual -- 2.17.1

6 years, 9 months

4
71
0 0

[PATCH 2/7] mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly

by jglisse＠redhat.com

From: Ralph Campbell <rcampbell(a)nvidia.com> Private ZONE_DEVICE pages use a special pte entry and thus are not present. Properly handle this case in map_pte(), it is already handled in check_pte(), the map_pte() part was lost in some rebase most probably. Without this patch the slow migration path can not migrate back private ZONE_DEVICE memory to regular memory. This was found after stress testing migration back to system memory. This ultimatly can lead the CPU to an infinite page fault loop on the special swap entry. Signed-off-by: Ralph Campbell <rcampbell(a)nvidia.com> Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- mm/page_vma_mapped.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/mm/page_vma_mapped.c b/mm/page_vma_mapped.c index ae3c2a35d61b..1cf5b9bfb559 100644 --- a/mm/page_vma_mapped.c +++ b/mm/page_vma_mapped.c @@ -21,6 +21,15 @@ static bool map_pte(struct page_vma_mapped_walk *pvmw) if (!is_swap_pte(*pvmw->pte)) return false; } else { + if (is_swap_pte(*pvmw->pte)) { + swp_entry_t entry; + + /* Handle un-addressable ZONE_DEVICE memory */ + entry = pte_to_swp_entry(*pvmw->pte); + if (is_device_private_entry(entry)) + return true; + } + if (!pte_present(*pvmw->pte)) return false; } -- 2.17.1

6 years, 9 months

3
6
0 0

[PATCH] staging: android: ion: fix ION_IOC_{MAP, SHARE} use-after-free

by Greg Hackmann

The ION_IOC_{MAP,SHARE} ioctls drop and reacquire client->lock several times while operating on one of the client's ion_handles. This creates windows where userspace can call ION_IOC_FREE on the same client with the same handle, and effectively make the kernel drop its own reference. For example: - thread A: ION_IOC_ALLOC creates an ion_handle with refcount 1 - thread A: starts ION_IOC_MAP and increments the refcount to 2 - thread B: ION_IOC_FREE decrements the refcount to 1 - thread B: ION_IOC_FREE decrements the refcount to 0 and frees the handle - thread A: continues ION_IOC_MAP with a dangling ion_handle * to freed memory Fix this by holding client->lock for the duration of ION_IOC_{MAP,SHARE}, preventing the concurrent ION_IOC_FREE. Also remove ion_handle_get_by_id(), since there's literally no way to use it safely. This patch is applied on top of 4.9.y. Kernels 4.12 and later are unaffected, since all the underlying ion_handle infrastructure has been ripped out. Cc: stable(a)vger.kernel.org # v4.11- Signed-off-by: Greg Hackmann <ghackmann(a)google.com> --- drivers/staging/android/ion/ion-ioctl.c | 12 ++++--- drivers/staging/android/ion/ion.c | 48 +++++++++++++++---------- drivers/staging/android/ion/ion_priv.h | 6 ++-- 3 files changed, 40 insertions(+), 26 deletions(-) diff --git a/drivers/staging/android/ion/ion-ioctl.c b/drivers/staging/android/ion/ion-ioctl.c index 2b700e8455c6..e3596855a703 100644 --- a/drivers/staging/android/ion/ion-ioctl.c +++ b/drivers/staging/android/ion/ion-ioctl.c @@ -128,11 +128,15 @@ long ion_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) { struct ion_handle *handle; - handle = ion_handle_get_by_id(client, data.handle.handle); - if (IS_ERR(handle)) + mutex_lock(&client->lock); + handle = ion_handle_get_by_id_nolock(client, data.handle.handle); + if (IS_ERR(handle)) { + mutex_unlock(&client->lock); return PTR_ERR(handle); - data.fd.fd = ion_share_dma_buf_fd(client, handle); - ion_handle_put(handle); + } + data.fd.fd = ion_share_dma_buf_fd_nolock(client, handle); + ion_handle_put_nolock(handle); + mutex_unlock(&client->lock); if (data.fd.fd < 0) ret = data.fd.fd; break; diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c index 6f9974cb0e15..403df8bf4b48 100644 --- a/drivers/staging/android/ion/ion.c +++ b/drivers/staging/android/ion/ion.c @@ -352,18 +352,6 @@ struct ion_handle *ion_handle_get_by_id_nolock(struct ion_client *client, return handle ? handle : ERR_PTR(-EINVAL); } -struct ion_handle *ion_handle_get_by_id(struct ion_client *client, - int id) -{ - struct ion_handle *handle; - - mutex_lock(&client->lock); - handle = ion_handle_get_by_id_nolock(client, id); - mutex_unlock(&client->lock); - - return handle; -} - static bool ion_handle_validate(struct ion_client *client, struct ion_handle *handle) { @@ -1029,24 +1017,28 @@ static struct dma_buf_ops dma_buf_ops = { .kunmap = ion_dma_buf_kunmap, }; -struct dma_buf *ion_share_dma_buf(struct ion_client *client, - struct ion_handle *handle) +static struct dma_buf *__ion_share_dma_buf(struct ion_client *client, + struct ion_handle *handle, + bool lock_client) { DEFINE_DMA_BUF_EXPORT_INFO(exp_info); struct ion_buffer *buffer; struct dma_buf *dmabuf; bool valid_handle; - mutex_lock(&client->lock); + if (lock_client) + mutex_lock(&client->lock); valid_handle = ion_handle_validate(client, handle); if (!valid_handle) { WARN(1, "%s: invalid handle passed to share.\n", __func__); - mutex_unlock(&client->lock); + if (lock_client) + mutex_unlock(&client->lock); return ERR_PTR(-EINVAL); } buffer = handle->buffer; ion_buffer_get(buffer); - mutex_unlock(&client->lock); + if (lock_client) + mutex_unlock(&client->lock); exp_info.ops = &dma_buf_ops; exp_info.size = buffer->size; @@ -1061,14 +1053,21 @@ struct dma_buf *ion_share_dma_buf(struct ion_client *client, return dmabuf; } + +struct dma_buf *ion_share_dma_buf(struct ion_client *client, + struct ion_handle *handle) +{ + return __ion_share_dma_buf(client, handle, true); +} EXPORT_SYMBOL(ion_share_dma_buf); -int ion_share_dma_buf_fd(struct ion_client *client, struct ion_handle *handle) +static int __ion_share_dma_buf_fd(struct ion_client *client, + struct ion_handle *handle, bool lock_client) { struct dma_buf *dmabuf; int fd; - dmabuf = ion_share_dma_buf(client, handle); + dmabuf = __ion_share_dma_buf(client, handle, lock_client); if (IS_ERR(dmabuf)) return PTR_ERR(dmabuf); @@ -1078,8 +1077,19 @@ int ion_share_dma_buf_fd(struct ion_client *client, struct ion_handle *handle) return fd; } + +int ion_share_dma_buf_fd(struct ion_client *client, struct ion_handle *handle) +{ + return __ion_share_dma_buf_fd(client, handle, true); +} EXPORT_SYMBOL(ion_share_dma_buf_fd); +int ion_share_dma_buf_fd_nolock(struct ion_client *client, + struct ion_handle *handle) +{ + return __ion_share_dma_buf_fd(client, handle, false); +} + struct ion_handle *ion_import_dma_buf(struct ion_client *client, struct dma_buf *dmabuf) { diff --git a/drivers/staging/android/ion/ion_priv.h b/drivers/staging/android/ion/ion_priv.h index 3c3b3245275d..760e41885448 100644 --- a/drivers/staging/android/ion/ion_priv.h +++ b/drivers/staging/android/ion/ion_priv.h @@ -463,11 +463,11 @@ void ion_free_nolock(struct ion_client *client, struct ion_handle *handle); int ion_handle_put_nolock(struct ion_handle *handle); -struct ion_handle *ion_handle_get_by_id(struct ion_client *client, - int id); - int ion_handle_put(struct ion_handle *handle); int ion_query_heaps(struct ion_client *client, struct ion_heap_query *query); +int ion_share_dma_buf_fd_nolock(struct ion_client *client, + struct ion_handle *handle); + #endif /* _ION_PRIV_H */ -- 2.19.0.rc1.350.ge57e33dbd1-goog

6 years, 9 months

3
6
0 0

FAILED: patch "[PATCH] KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 024d83cadc6b2af027e473720f3c3da97496c318 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner <tglx@xxxxxxxxxxxxx> Date: Sun, 12 Aug 2018 20:41:45 +0200 Subject: [PATCH] KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mikhail reported the following lockdep splat: WARNING: possible irq lock inversion dependency detected CPU 0/KVM/10284 just changed the state of lock: 000000000d538a88 (&st->lock){+...}, at: speculative_store_bypass_update+0x10b/0x170 but this lock was taken by another, HARDIRQ-safe lock in the past: (&(&sighand->siglock)->rlock){-.-.} and interrupts could create inverse lock ordering between them. Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&st->lock); local_irq_disable(); lock(&(&sighand->siglock)->rlock); lock(&st->lock); <Interrupt> lock(&(&sighand->siglock)->rlock); *** DEADLOCK *** The code path which connects those locks is: speculative_store_bypass_update() ssb_prctl_set() do_seccomp() do_syscall_64() In svm_vcpu_run() speculative_store_bypass_update() is called with interupts enabled via x86_virt_spec_ctrl_set_guest/host(). This is actually a false positive, because GIF=0 so interrupts are disabled even if IF=1; however, we can easily move the invocations of x86_virt_spec_ctrl_set_guest/host() into the interrupt disabled region to cure it, and it's a good idea to keep the GIF=0/IF=1 area as small and self-contained as possible. Fixes: 1f50ddb4f418 ("x86/speculation: Handle HT correctly on AMD") Reported-by: Mikhail Gavrilov <mikhail.v.gavrilov(a)gmail.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Mikhail Gavrilov <mikhail.v.gavrilov(a)gmail.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Radim Krčmář <rkrcmar(a)redhat.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Borislav Petkov <bp(a)suse.de> Cc: Konrad Rzeszutek Wilk <konrad.wilk(a)oracle.com> Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: kvm(a)vger.kernel.org Cc: x86(a)kernel.org Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 73e27a98456f..6276140044d0 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -5586,8 +5586,6 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) clgi(); - local_irq_enable(); - /* * If this vCPU has touched SPEC_CTRL, restore the guest's value if * it's non-zero. Since vmentry is serialising on affected CPUs, there @@ -5596,6 +5594,8 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) */ x86_spec_ctrl_set_guest(svm->spec_ctrl, svm->virt_spec_ctrl); + local_irq_enable(); + asm volatile ( "push %%" _ASM_BP "; \n\t" "mov %c[rbx](%[svm]), %%" _ASM_BX " \n\t" @@ -5718,12 +5718,12 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))) svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL); - x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl); - reload_tss(vcpu); local_irq_disable(); + x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl); + vcpu->arch.cr2 = svm->vmcb->save.cr2; vcpu->arch.regs[VCPU_REGS_RAX] = svm->vmcb->save.rax; vcpu->arch.regs[VCPU_REGS_RSP] = svm->vmcb->save.rsp;

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] x86/vdso: Fix vDSO build if a retpoline is emitted" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 2e549b2ee0e358bc758480e716b881f9cabedb6a Mon Sep 17 00:00:00 2001 From: Andy Lutomirski <luto(a)kernel.org> Date: Thu, 16 Aug 2018 12:41:15 -0700 Subject: [PATCH] x86/vdso: Fix vDSO build if a retpoline is emitted Currently, if the vDSO ends up containing an indirect branch or call, GCC will emit the "external thunk" style of retpoline, and it will fail to link. Fix it by building the vDSO with inline retpoline thunks. I haven't seen any reports of this triggering on an unpatched kernel. Fixes: commit 76b043848fd2 ("x86/retpoline: Add initial retpoline support") Signed-off-by: Andy Lutomirski <luto(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Matt Rickard <matt(a)softrans.com.au> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Jason Vas Dias <jason.vas.dias(a)gmail.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/c76538cd3afbe19c6246c2d1715bc6a60bd63985.15344483… diff --git a/Makefile b/Makefile index a0650bf79606..7bab2e90e4e1 100644 --- a/Makefile +++ b/Makefile @@ -507,9 +507,13 @@ KBUILD_AFLAGS += $(call cc-option, -no-integrated-as) endif RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register +RETPOLINE_VDSO_CFLAGS_GCC := -mindirect-branch=thunk-inline -mindirect-branch-register RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk +RETPOLINE_VDSO_CFLAGS_CLANG := -mretpoline RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG))) +RETPOLINE_VDSO_CFLAGS := $(call cc-option,$(RETPOLINE_VDSO_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_VDSO_CFLAGS_CLANG))) export RETPOLINE_CFLAGS +export RETPOLINE_VDSO_CFLAGS KBUILD_CFLAGS += $(call cc-option,-fno-PIE) KBUILD_AFLAGS += $(call cc-option,-fno-PIE) diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index 9f695f517747..fa3f439f0a92 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -68,9 +68,9 @@ $(obj)/vdso-image-%.c: $(obj)/vdso%.so.dbg $(obj)/vdso%.so $(obj)/vdso2c FORCE CFL := $(PROFILING) -mcmodel=small -fPIC -O2 -fasynchronous-unwind-tables -m64 \ $(filter -g%,$(KBUILD_CFLAGS)) $(call cc-option, -fno-stack-protector) \ -fno-omit-frame-pointer -foptimize-sibling-calls \ - -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO + -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO $(RETPOLINE_VDSO_CFLAGS) -$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) +$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) # # vDSO code runs in userspace and -pg doesn't help with profiling anyway. @@ -132,11 +132,13 @@ KBUILD_CFLAGS_32 := $(filter-out -mcmodel=kernel,$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out -fno-pic,$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out -mfentry,$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS_32)) +KBUILD_CFLAGS_32 := $(filter-out $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 += -m32 -msoft-float -mregparm=0 -fpic KBUILD_CFLAGS_32 += $(call cc-option, -fno-stack-protector) KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls) KBUILD_CFLAGS_32 += -fno-omit-frame-pointer KBUILD_CFLAGS_32 += -DDISABLE_BRANCH_PROFILING +KBUILD_CFLAGS_32 += $(RETPOLINE_VDSO_CFLAGS) $(obj)/vdso32.so.dbg: KBUILD_CFLAGS = $(KBUILD_CFLAGS_32) $(obj)/vdso32.so.dbg: FORCE \

6 years, 9 months

1
0
0 0

[PATCH] x86/vdso: fix lsl operand order

by Samuel Neves

In the __getcpu function, lsl was using the wrong target and destination registers. Luckily, the compiler tends to choose %eax for both variables, so it has been working so far. Cc: x86(a)kernel.org Cc: stable(a)vger.kernel.org Signed-off-by: Samuel Neves <sneves(a)dei.uc.pt> --- arch/x86/include/asm/vgtod.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/include/asm/vgtod.h b/arch/x86/include/asm/vgtod.h index fb856c9f0449..53748541c487 100644 --- a/arch/x86/include/asm/vgtod.h +++ b/arch/x86/include/asm/vgtod.h @@ -93,7 +93,7 @@ static inline unsigned int __getcpu(void) * * If RDPID is available, use it. */ - alternative_io ("lsl %[p],%[seg]", + alternative_io ("lsl %[seg],%[p]", ".byte 0xf3,0x0f,0xc7,0xf8", /* RDPID %eax/rax */ X86_FEATURE_RDPID, [p] "=a" (p), [seg] "r" (__PER_CPU_SEG)); -- 2.17.1

6 years, 9 months

2
1
0 0

[PATCH] ext4: avoid arithemetic overflow that can trigger a BUG

by Theodore Ts'o

A maliciously crafted file system can cause an overflow when the results of a 64-bit calculation is stored into a 32-bit length parameter. https://bugzilla.kernel.org/show_bug.cgi?id=200623 Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Reported-by: Wen Xu <wen.xu(a)gatech.edu> Cc: stable(a)vger.kernel.org --- fs/ext4/inode.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 8f6ad7667974..1134c3473673 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3414,6 +3414,7 @@ static int ext4_iomap_begin(struct inode *inode, loff_t offset, loff_t length, unsigned int blkbits = inode->i_blkbits; unsigned long first_block = offset >> blkbits; unsigned long last_block = (offset + length - 1) >> blkbits; + unsigned long len; struct ext4_map_blocks map; bool delalloc = false; int ret; @@ -3434,7 +3435,8 @@ static int ext4_iomap_begin(struct inode *inode, loff_t offset, loff_t length, } map.m_lblk = first_block; - map.m_len = last_block - first_block + 1; + len = last_block - first_block + 1; + map.m_len = (len < UINT_MAX) ? len : UINT_MAX; if (flags & IOMAP_REPORT) { ret = ext4_map_blocks(NULL, inode, &map, 0); -- 2.18.0.rc0

6 years, 9 months

4
5
0 0

[PATCH] x86/vdso: fix lsl operand order

by Samuel Neves

In the __getcpu function, lsl was using the wrong target and destination registers. Luckily, the compiler tends to choose %eax for both variables, so it has been working so far. Signed-off-by: Samuel Neves <sneves(a)dei.uc.pt> --- arch/x86/include/asm/vgtod.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/include/asm/vgtod.h b/arch/x86/include/asm/vgtod.h index fb856c9f0449..53748541c487 100644 --- a/arch/x86/include/asm/vgtod.h +++ b/arch/x86/include/asm/vgtod.h @@ -93,7 +93,7 @@ static inline unsigned int __getcpu(void) * * If RDPID is available, use it. */ - alternative_io ("lsl %[p],%[seg]", + alternative_io ("lsl %[seg],%[p]", ".byte 0xf3,0x0f,0xc7,0xf8", /* RDPID %eax/rax */ X86_FEATURE_RDPID, [p] "=a" (p), [seg] "r" (__PER_CPU_SEG)); -- 2.17.1

6 years, 9 months

2
1
0 0

[PATCH v4.14.y] tun: fix use after free for ptr_ring

by Zubin Mithra

From: Jason Wang <jasowang(a)redhat.com> commit b196d88aba8ac72b775137854121097f4c4c6862 upstream. We used to initialize ptr_ring during TUNSETIFF, this is because its size depends on the tx_queue_len of netdevice. And we try to clean it up when socket were detached from netdevice. A race were spotted when trying to do uninit during a read which will lead a use after free for pointer ring. Solving this by always initialize a zero size ptr_ring in open() and do resizing during TUNSETIFF, and then we can safely do cleanup during close(). With this, there's no need for the workaround that was introduced by commit 4df0bfc79904 ("tun: fix a memory leak for tfile->tx_array"). Backport Note :- This is a backport of following 2 upstream patches(the second fixes the first). b196d88aba ("tun: fix use after free for ptr_ring") 7063efd33b ("tuntap: fix use after free during release") Comparison with the upstream patch: [1] A "semantic revert" of the changes made in 4df0bfc799("tun: fix a memory leak for tfile->tx_array"). 4df0bfc799 was applied upstream, and then skb array was changed to use ptr_ring. The upstream fix then removes the changes introduced by 4df0bfc799. This backport does the same; "revert" the changes made by 4df0bfc799. [2] xdp_rxq_info_unreg() being called in relevant locations As xdp_rxq_info related patches are not present in 4.14, these changes are not needed in the backport. [3] An instance of ptr_ring_init needs to be replaced by skb_array_init. [4] ptr_ring_cleanup needs to be replaced by skb_array_cleanup. b196d88ab places the cleanup function in tun_chr_close() only to later move it into __tun_detach in upstream commit 7063efd33bb("tuntap: fix use after free during release"). So place skb_array_cleanup in __tun_detach. Reported-by: syzbot+e8b902c3c3fadf0a9dba(a)syzkaller.appspotmail.com Cc: Eric Dumazet <eric.dumazet(a)gmail.com> Cc: Cong Wang <xiyou.wangcong(a)gmail.com> Cc: Michael S. Tsirkin <mst(a)redhat.com> Fixes: 1576d9860599 ("tun: switch to use skb array for tx") Signed-off-by: Jason Wang <jasowang(a)redhat.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Zubin Mithra <zsm(a)chromium.org> --- drivers/net/tun.c | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/drivers/net/tun.c b/drivers/net/tun.c index cb17ffadfc30..e0baea2dfd3c 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c @@ -534,14 +534,6 @@ static void tun_queue_purge(struct tun_file *tfile) skb_queue_purge(&tfile->sk.sk_error_queue); } -static void tun_cleanup_tx_array(struct tun_file *tfile) -{ - if (tfile->tx_array.ring.queue) { - skb_array_cleanup(&tfile->tx_array); - memset(&tfile->tx_array, 0, sizeof(tfile->tx_array)); - } -} - static void __tun_detach(struct tun_file *tfile, bool clean) { struct tun_file *ntfile; @@ -583,7 +575,7 @@ static void __tun_detach(struct tun_file *tfile, bool clean) tun->dev->reg_state == NETREG_REGISTERED) unregister_netdevice(tun->dev); } - tun_cleanup_tx_array(tfile); + skb_array_cleanup(&tfile->tx_array); sock_put(&tfile->sk); } } @@ -623,13 +615,11 @@ static void tun_detach_all(struct net_device *dev) /* Drop read queue */ tun_queue_purge(tfile); sock_put(&tfile->sk); - tun_cleanup_tx_array(tfile); } list_for_each_entry_safe(tfile, tmp, &tun->disabled, next) { tun_enable_queue(tfile); tun_queue_purge(tfile); sock_put(&tfile->sk); - tun_cleanup_tx_array(tfile); } BUG_ON(tun->numdisabled != 0); @@ -675,7 +665,7 @@ static int tun_attach(struct tun_struct *tun, struct file *file, bool skip_filte } if (!tfile->detached && - skb_array_init(&tfile->tx_array, dev->tx_queue_len, GFP_KERNEL)) { + skb_array_resize(&tfile->tx_array, dev->tx_queue_len, GFP_KERNEL)) { err = -ENOMEM; goto out; } @@ -2624,6 +2614,11 @@ static int tun_chr_open(struct inode *inode, struct file * file) &tun_proto, 0); if (!tfile) return -ENOMEM; + if (skb_array_init(&tfile->tx_array, 0, GFP_KERNEL)) { + sk_free(&tfile->sk); + return -ENOMEM; + } + RCU_INIT_POINTER(tfile->tun, NULL); tfile->flags = 0; tfile->ifindex = 0; @@ -2644,8 +2639,6 @@ static int tun_chr_open(struct inode *inode, struct file * file) sock_set_flag(&tfile->sk, SOCK_ZEROCOPY); - memset(&tfile->tx_array, 0, sizeof(tfile->tx_array)); - return 0; } -- 2.19.0.rc0.228.g281dcd1b4d0-goog

6 years, 9 months

2
1
0 0

[PATCH v2 0/2] CLANG_VERSION and __diag macros

by Nick Desaulniers

clang-7 has a new warning (-Wreturn-stack-address) for warning when a function returns the address of a local variable. This is in general a good warning, but the kernel has a few places where GNU statement expressions return the address of a label in order to get the current instruction pointer (see _THIS_IP_ and current_text_addr). In order to disable a warning at a single call site, the kernel already has __diag macros for inserting compiler and compiler-version specific _Pragma's. This series adds CLANG_VERSION macros necessary for proper __diag support, and whitelists the case in _THIS_IP_. current_text_addr will be consolidated in a follow up series. Nick Desaulniers (2): compiler-clang.h: Add CLANG_VERSION and __diag macros kernel.h: Disable -Wreturn-stack-address for _THIS_IP_ include/linux/compiler-clang.h | 19 +++++++++++++++++++ include/linux/compiler_types.h | 4 ++++ include/linux/kernel.h | 10 +++++++++- 3 files changed, 32 insertions(+), 1 deletion(-) -- 2.18.0.345.g5c9ce644c3-goog

6 years, 9 months

5
15
0 0

Build failures in stable queues (4.4.y and later)

by Guenter Roeck

4.4.y, 4.9.y: fs/cifs/cifsfs.c: In function 'cifs_statfs': fs/cifs/cifsfs.c:198:27: error: 'struct cifs_tcon' has no member named 'vol_serial_number' fs/cifs/cifsfs.c:200:45: error: 'struct cifs_tcon' has no member named 'vol_create_time' 4.14.y, 4.18.y: kernel/printk/printk_safe.o: In function `vprintk_func': kernel/printk/printk_safe.c:386: undefined reference to `vprintk_store' kernel/printk/printk_safe.c:388: undefined reference to `defer_console_output'

6 years, 9 months

2
8
0 0

FAILED: patch "[PATCH] KVM: arm/arm64: Skip updating PMD entry if no change" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 86658b819cd0a9aa584cd84453ed268a6f013770 Mon Sep 17 00:00:00 2001 From: Punit Agrawal <punit.agrawal(a)arm.com> Date: Mon, 13 Aug 2018 11:43:50 +0100 Subject: [PATCH] KVM: arm/arm64: Skip updating PMD entry if no change Contention on updating a PMD entry by a large number of vcpus can lead to duplicate work when handling stage 2 page faults. As the page table update follows the break-before-make requirement of the architecture, it can lead to repeated refaults due to clearing the entry and flushing the tlbs. This problem is more likely when - * there are large number of vcpus * the mapping is large block mapping such as when using PMD hugepages (512MB) with 64k pages. Fix this by skipping the page table update if there is no change in the entry being updated. Cc: stable(a)vger.kernel.org Fixes: ad361f093c1e ("KVM: ARM: Support hugetlbfs backed huge pages") Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Acked-by: Christoffer Dall <christoffer.dall(a)arm.com> Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 97d27cd9c654..13dfe36501aa 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1044,19 +1044,35 @@ static int stage2_set_pmd_huge(struct kvm *kvm, struct kvm_mmu_memory_cache pmd = stage2_get_pmd(kvm, cache, addr); VM_BUG_ON(!pmd); - /* - * Mapping in huge pages should only happen through a fault. If a - * page is merged into a transparent huge page, the individual - * subpages of that huge page should be unmapped through MMU - * notifiers before we get here. - * - * Merging of CompoundPages is not supported; they should become - * splitting first, unmapped, merged, and mapped back in on-demand. - */ - VM_BUG_ON(pmd_present(*pmd) && pmd_pfn(*pmd) != pmd_pfn(*new_pmd)); - old_pmd = *pmd; if (pmd_present(old_pmd)) { + /* + * Multiple vcpus faulting on the same PMD entry, can + * lead to them sequentially updating the PMD with the + * same value. Following the break-before-make + * (pmd_clear() followed by tlb_flush()) process can + * hinder forward progress due to refaults generated + * on missing translations. + * + * Skip updating the page table if the entry is + * unchanged. + */ + if (pmd_val(old_pmd) == pmd_val(*new_pmd)) + return 0; + + /* + * Mapping in huge pages should only happen through a + * fault. If a page is merged into a transparent huge + * page, the individual subpages of that huge page + * should be unmapped through MMU notifiers before we + * get here. + * + * Merging of CompoundPages is not supported; they + * should become splitting first, unmapped, merged, + * and mapped back in on-demand. + */ + VM_BUG_ON(pmd_pfn(old_pmd) != pmd_pfn(*new_pmd)); + pmd_clear(pmd); kvm_tlb_flush_vmid_ipa(kvm, addr); } else {

6 years, 9 months

3
2
0 0

nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event

by Michal Wnukowski

commit ID: f1ed3df20d2d223e0852cc4ac1f19bba869a7e3c Please merge this patch into stable tree (already exist in Linus’ tree). The initial patch submission lacked "Cc: stable(a)vger.kernel.org" by mistake. The kernel versions that should get patch: 4.19 4.18 4.14 >From f1ed3df20d2d223e0852cc4ac1f19bba869a7e3c Mon Sep 17 00:00:00 2001 From: Michal Wnukowski <wnukowski(a)google.com> Date: Wed, 15 Aug 2018 15:51:57 -0700 Subject: nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event In many architectures loads may be reordered with older stores to different locations. In the nvme driver the following two operations could be reordered: - Write shadow doorbell (dbbuf_db) into memory. - Read EventIdx (dbbuf_ei) from memory. This can result in a potential race condition between driver and VM host processing requests (if given virtual NVMe controller has a support for shadow doorbell). If that occurs, then the NVMe controller may decide to wait for MMIO doorbell from guest operating system, and guest driver may decide not to issue MMIO doorbell on any of subsequent commands. This issue is purely timing-dependent one, so there is no easy way to reproduce it. Currently the easiest known approach is to run "Oracle IO Numbers" (orion) that is shipped with Oracle DB: orion -run advanced -num_large 0 -size_small 8 -type rand -simulate \ concat -write 40 -duration 120 -matrix row -testname nvme_test Where nvme_test is a .lun file that contains a list of NVMe block devices to run test against. Limiting number of vCPUs assigned to given VM instance seems to increase chances for this bug to occur. On test environment with VM that got 4 NVMe drives and 1 vCPU assigned the virtual NVMe controller hang could be observed within 10-20 minutes. That correspond to about 400-500k IO operations processed (or about 100GB of IO read/writes). Orion tool was used as a validation and set to run in a loop for 36 hours (equivalent of pushing 550M IO operations). No issues were observed. That suggest that the patch fixes the issue. Fixes: f9f38e33389c ("nvme: improve performance for virtual NVMe devices") Signed-off-by: Michal Wnukowski <wnukowski(a)google.com> Reviewed-by: Keith Busch <keith.busch(a)intel.com> Reviewed-by: Sagi Grimberg <sagi(a)grimberg.me> [hch: updated changelog and comment a bit] Signed-off-by: Christoph Hellwig <hch(a)lst.de> --- drivers/nvme/host/pci.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'drivers/nvme/host/pci.c') diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c index 1b9951d2067e..d668682f91df 100644 --- a/drivers/nvme/host/pci.c +++ b/drivers/nvme/host/pci.c @@ -316,6 +316,14 @@ static bool nvme_dbbuf_update_and_check_event(u16 value, u32 *dbbuf_db, old_value = *dbbuf_db; *dbbuf_db = value; + /* + * Ensure that the doorbell is updated before reading the event + * index from memory. The controller needs to provide similar + * ordering to ensure the envent index is updated before reading + * the doorbell. + */ + mb(); + if (!nvme_dbbuf_need_event(*dbbuf_ei, value, old_value)) return false; } -- cgit 1.2-0.3.lf.el7

6 years, 9 months

2
1
0 0

[PATCH v4] modules_install: make missing $DEPMOD a Warning instead of an Error

by Randy Dunlap

From: Randy Dunlap <rdunlap(a)infradead.org> When $DEPMOD is not found, only print a warning instead of exiting with an error message and error status: Warning: 'make modules_install' requires /sbin/depmod. Please install it. This is probably in the kmod package. Change the Error to a Warning because "not all build hosts for cross compiling Linux are Linux systems and are able to provide a working port of depmod, especially at the file patch /sbin/depmod." I.e., "make modules_install" may be used to copy/install the loadable modules files to a target directory on a build system and then transferred to an embedded device where /sbin/depmod is run instead of it being run on the build system. Fixes: 934193a654c1 ("kbuild: verify that $DEPMOD is installed") Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Reported-by: H. Nikolaus Schaller <hns(a)goldelico.com> Cc: stable(a)vger.kernel.org Cc: Lucas De Marchi <lucas.demarchi(a)profusion.mobi> Cc: Lucas De Marchi <lucas.de.marchi(a)gmail.com> Cc: Michal Marek <michal.lkml(a)markovi.net> Cc: Jessica Yu <jeyu(a)kernel.org> Cc: Chih-Wei Huang <cwhuang(a)linux.org.tw> Cc: H. Nikolaus Schaller <hns(a)goldelico.com> --- v2: add missing "exit 0" and update the commit message (no Error). v3: add Fixes: and Cc: stable v4: add Reported-by: and more explanation for the patch. scripts/depmod.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- lnx-418.orig/scripts/depmod.sh +++ lnx-418/scripts/depmod.sh @@ -15,9 +15,9 @@ if ! test -r System.map ; then fi if [ -z $(command -v $DEPMOD) ]; then - echo "'make modules_install' requires $DEPMOD. Please install it." >&2 + echo "Warning: 'make modules_install' requires $DEPMOD. Please install it." >&2 echo "This is probably in the kmod package." >&2 - exit 1 + exit 0 fi # older versions of depmod require the version string to start with three

6 years, 9 months

2
1
0 0

Re: [PATCH] b43: Fix regression in kernel 4.18

by Larry Finger

On 08/31/2018 10:38 AM, Kalle Valo wrote: > Larry Finger <Larry.Finger(a)lwfinger.net> wrote: > >> In commit 66cffd6daab7 ("b43: fix transmit failure when VT is switched"), >> a condition is noted where the network controller needs to be reset. Note >> that this situation happens when running the open-source firmware >> (http://netweb.ing.unibs.it/~openfwwf/), plus a number of other special >> conditions. >> >> for a different card model, it is reported that this change breaks >> operation running the proprietary firmware >> (https://marc.info/?l=linux-wireless&m=153504546924558&w=2). Rather >> than reverting the previous patch, the code is tweaked to avoid the >> reset unless the open-source firmware is being used. >> >> Fixes: 66cffd6daab7 ("b43: fix transmit failure when VT is switched") >> Cc: Stable <stable(a)vger.kernel.org> # 4.18+ >> Cc: Taketo Kabe <kabe(a)sra-tohoku.co.jp> >> Reported-and-tested-by: D. Prabhu <d.praabhu(a)gmail.com> >> Signed-off-by: Larry Finger <Larry.Finger(a)lwfinger.net> > > I'll change the title to something more descriptive: > > b43: fix DMA error related regression with proprietary firmware > > Does that make sense? Yes, that is fine. Larry

6 years, 9 months

1
0
0 0

[Linux-stable-mirror] [PATCH 4.4 000/105] 4.4.106-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.106 release. There are 105 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Dec 17 09:22:39 UTC 2017. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.106-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.106-rc1 Vincent Pelletier <plr.vincent(a)gmail.com> usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping Marc Zyngier <marc.zyngier(a)arm.com> arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/efi: Hoist page table switching code into efi_call_virt()" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/efi: Build our own page table structures" Eric Dumazet <edumazet(a)google.com> net/packet: fix a race in packet_bind() and packet_notifier() Mike Maloney <maloney(a)google.com> packet: fix crash in fanout_demux_rollover() Hangbin Liu <liuhangbin(a)gmail.com> sit: update frag_off info Håkon Bugge <Haakon.Bugge(a)oracle.com> rds: Fix NULL pointer dereference in __rds_rdma_map Jon Maloy <jon.maloy(a)ericsson.com> tipc: fix memory leak in tipc_accept_from_sock() Al Viro <viro(a)zeniv.linux.org.uk> more bio_map_user_iov() leak fixes Heiko Carstens <heiko.carstens(a)de.ibm.com> s390: always save and restore all registers on context switch Masamitsu Yamazaki <m-yamazaki(a)ah.jp.nec.com> ipmi: Stop timers before cleaning up the module Paul Moore <paul(a)paul-moore.com> audit: ensure that 'audit=1' actually enables audit for PID 1 Keefe Liu <liuqifa(a)huawei.com> ipvlan: fix ipv6 outbound device David Howells <dhowells(a)redhat.com> afs: Connect up the CB.ProbeUuid Majd Dibbiny <majd(a)mellanox.com> IB/mlx5: Assign send CQ and recv CQ of UMR QP Mark Bloch <markb(a)mellanox.com> IB/mlx4: Increase maximal message size under UD QP Herbert Xu <herbert(a)gondor.apana.org.au> xfrm: Copy policy family in clone_policy Jason Baron <jbaron(a)akamai.com> jump_label: Invoke jump_label_test() via early_initcall() Arvind Yadav <arvind.yadav.cs(a)gmail.com> atm: horizon: Fix irq release error Xin Long <lucien.xin(a)gmail.com> sctp: use the right sk after waking up from wait_buf sleep Xin Long <lucien.xin(a)gmail.com> sctp: do not free asoc when it is already dead in sctp_sendmsg Pavel Tatashin <pasha.tatashin(a)oracle.com> sparc64/mm: set fields in deferred pages Ming Lei <ming.lei(a)redhat.com> block: wake up all tasks blocked in get_request() Chuck Lever <chuck.lever(a)oracle.com> sunrpc: Fix rpc_task_begin trace point Trond Myklebust <trond.myklebust(a)primarydata.com> NFS: Fix a typo in nfs_rename() Randy Dunlap <rdunlap(a)infradead.org> dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 Stephen Bates <sbates(a)raithlin.com> lib/genalloc.c: make the avail variable an atomic_long_t Xin Long <lucien.xin(a)gmail.com> route: update fnhe_expires for redirect when the fnhe exists Xin Long <lucien.xin(a)gmail.com> route: also update fnhe_genid when updating a route cache Ben Hutchings <ben.hutchings(a)codethink.co.uk> mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: pkg: use --transform option to prefix paths in tar Jérémy Lefaure <jeremy.lefaure(a)lse.epita.fr> EDAC, i5000, i5400: Fix definition of NRECMEMB register Jérémy Lefaure <jeremy.lefaure(a)lse.epita.fr> EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested Jim Qu <Jim.Qu(a)amd.com> drm/amd/amdgpu: fix console deadlock if late init failed Jan Kara <jack(a)suse.cz> axonram: Fix gendisk handling Florian Westphal <fw(a)strlen.de> netfilter: don't track fragmented packets Johannes Thumshirn <jthumshirn(a)suse.de> zram: set physical queue limits to avoid array out of bounds accesses Chris Brandt <chris.brandt(a)renesas.com> i2c: riic: fix restart condition Krzysztof Kozlowski <krzk(a)kernel.org> crypto: s5p-sss - Fix completing crypto request in IRQ handler WANG Cong <xiyou.wangcong(a)gmail.com> ipv6: reorder icmpv6_init() and ip6_mr_init() Michal Schmidt <mschmidt(a)redhat.com> bnx2x: do not rollback VF MAC/VLAN filters we did not configure Michal Schmidt <mschmidt(a)redhat.com> bnx2x: fix possible overrun of VFPF multicast addresses array Michal Schmidt <mschmidt(a)redhat.com> bnx2x: prevent crash when accessing PTP with interface down Blomme, Maarten <Maarten.Blomme(a)flir.com> spi_ks8995: fix "BUG: key accdaa28 not in .data!" Mark Rutland <mark.rutland(a)arm.com> arm64: KVM: Survive unknown traps from guests Mark Rutland <mark.rutland(a)arm.com> arm: KVM: Survive unknown traps from guests Wanpeng Li <wanpeng.li(a)hotmail.com> KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset Franck Demathieu <fdemathieu(a)gmail.com> irqchip/crossbar: Fix incorrect type of register size James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters Tejun Heo <tj(a)kernel.org> workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq Tejun Heo <tj(a)kernel.org> libata: drop WARN from protocol error in ata_sff_qc_issue() Jim Mattson <jmattson(a)google.com> kvm: nVMX: VMCLEAR should not cause the vCPU to shut down Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> USB: gadgetfs: Fix a potential memory leak in 'dev_config()' John Keeping <john(a)metanate.com> usb: gadget: configs: plug memory leak Daniel Drake <drake(a)endlessm.com> HID: chicony: Add support for another ASUS Zen AiO keyboard Phil Reid <preid(a)electromag.com.au> gpio: altera: Use handle_level_irq when configured as a level_high Guenter Roeck <linux(a)roeck-us.net> ARM: OMAP2+: Release device node after it is no longer needed. Guenter Roeck <linux(a)roeck-us.net> ARM: OMAP2+: Fix device node reference counts David Daney <david.daney(a)cavium.com> module: set __jump_table alignment to 8 Sachin Sant <sachinp(a)linux.vnet.ibm.com> selftest/powerpc: Fix false failures for skipped tests Thomas Gleixner <tglx(a)linutronix.de> x86/hpet: Prevent might sleep splat on resume Ladislav Michl <ladis(a)linux-mips.org> ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure Steffen Klassert <steffen.klassert(a)secunet.com> vti6: Don't report path MTU below IPV6_MIN_MTU. Sasha Levin <alexander.levin(a)verizon.com> Revert "s390/kbuild: enable modversions for symbols exported from asm" Sasha Levin <alexander.levin(a)verizon.com> Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" Sasha Levin <alexander.levin(a)verizon.com> Revert "drm/armada: Fix compile fail" Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm: drop unused pmdp_huge_get_and_clear_notify() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> thp: fix MADV_DONTNEED vs. numa balancing race Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> thp: reduce indentation level in change_huge_pmd() Stephen Hemminger <stephen(a)networkplumber.org> scsi: storvsc: Workaround for virtual DVD SCSI version Russell King <rmk+kernel(a)armlinux.org.uk> ARM: avoid faulting on qemu Russell King <rmk+kernel(a)armlinux.org.uk> ARM: BUG if jumping to usermode address in kernel mode Dave Martin <Dave.Martin(a)arm.com> arm64: fpsimd: Prevent registers leaking from dead tasks Andrew Honig <ahonig(a)google.com> KVM: VMX: remove I/O port 0x80 bypass on Intel hosts Kristina Martsenko <kristina.martsenko(a)arm.com> arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one Laurent Caumont <lcaumont2(a)gmail.com> media: dvb: i2c transfers over usb cannot be done from stack Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU Dave Gordon <david.s.gordon(a)intel.com> drm: extra printk() wrapper macros Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Fix handling of kallsyms_symbol_next() return value Heiko Carstens <heiko.carstens(a)de.ibm.com> s390: fix compat system call table Robin Murphy <robin.murphy(a)arm.com> iommu/vt-d: Fix scatterlist offset handling Jaejoong Kim <climbbb.kim(a)gmail.com> ALSA: usb-audio: Add check return value for usb_string() Jaejoong Kim <climbbb.kim(a)gmail.com> ALSA: usb-audio: Fix out-of-bound error Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Remove spurious WARN_ON() at timer check Robb Glasser <rglasser(a)google.com> ALSA: pcm: prevent UAF in snd_pcm_info Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> x86/PCI: Make broadcom_postcore_init() check acpi_disabled Eric Biggers <ebiggers(a)google.com> X.509: reject invalid BIT STRING for subjectPublicKey Eric Biggers <ebiggers(a)google.com> ASN.1: check for error from ASN1_OP_END__ACT actions Eric Biggers <ebiggers(a)google.com> ASN.1: fix out-of-bounds read when parsing indefinite length item Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> efi: Move some sysfs files to be read-only by root Huacai Chen <chenhc(a)lemote.com> scsi: libsas: align sata_device's rps_resp on a cacheline William Breathitt Gray <vilhelm.gray(a)gmail.com> isa: Prevent NULL dereference in isa_bus driver callbacks Paul Meyer <Paul.Meyer(a)microsoft.com> hv: kvp: Avoid reading past allocated blocks from KVP file weiping zhang <zwp10758(a)gmail.com> virtio: release virtio index when fail to device_register Martin Kelly <mkelly(a)xevo.com> can: usb_8dev: cancel urb on -EPIPE and -EPROTO Martin Kelly <mkelly(a)xevo.com> can: esd_usb2: cancel urb on -EPIPE and -EPROTO Martin Kelly <mkelly(a)xevo.com> can: ems_usb: cancel urb on -EPIPE and -EPROTO Martin Kelly <mkelly(a)xevo.com> can: kvaser_usb: cancel urb on -EPIPE and -EPROTO Jimmy Assarsson <jimmyassarsson(a)gmail.com> can: kvaser_usb: ratelimit errors if incomplete messages are received Jimmy Assarsson <jimmyassarsson(a)gmail.com> can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() Jimmy Assarsson <jimmyassarsson(a)gmail.com> can: kvaser_usb: free buf in error paths Oliver Stäbler <oliver.staebler(a)bytesatwork.ch> can: ti_hecc: Fix napi poll return value for repoll ------------- Diffstat: Makefile | 4 +- arch/arm/include/asm/assembler.h | 18 +++ arch/arm/include/asm/kvm_arm.h | 4 +- arch/arm/kernel/entry-header.S | 6 + arch/arm/kvm/handle_exit.c | 19 +-- arch/arm/mach-omap2/gpmc-onenand.c | 10 +- arch/arm/mach-omap2/omap_hwmod_3xxx_data.c | 25 ++-- arch/arm64/include/asm/kvm_arm.h | 3 +- arch/arm64/kernel/process.c | 9 ++ arch/arm64/kvm/handle_exit.c | 19 +-- arch/powerpc/platforms/powernv/pci-ioda.c | 3 + arch/powerpc/sysdev/axonram.c | 5 +- arch/s390/include/asm/asm-prototypes.h | 8 -- arch/s390/include/asm/switch_to.h | 19 ++- arch/s390/kernel/syscalls.S | 6 +- arch/sparc/mm/init_64.c | 9 +- arch/x86/include/asm/efi.h | 26 ---- arch/x86/kernel/hpet.c | 2 +- arch/x86/kvm/vmx.c | 31 ++--- arch/x86/mm/pageattr.c | 17 ++- arch/x86/pci/broadcom_bus.c | 2 +- arch/x86/platform/efi/efi.c | 39 +++--- arch/x86/platform/efi/efi_32.c | 5 - arch/x86/platform/efi/efi_64.c | 137 ++++++---------------- arch/x86/platform/efi/efi_stub_64.S | 43 +++++++ block/bio.c | 14 ++- block/blk-core.c | 4 +- crypto/asymmetric_keys/x509_cert_parser.c | 2 + drivers/ata/libata-sff.c | 1 - drivers/atm/horizon.c | 2 +- drivers/base/isa.c | 10 +- drivers/block/zram/zram_drv.c | 2 + drivers/char/ipmi/ipmi_si_intf.c | 44 +++---- drivers/crypto/s5p-sss.c | 5 +- drivers/edac/i5000_edac.c | 8 +- drivers/edac/i5400_edac.c | 9 +- drivers/firmware/efi/efi.c | 3 +- drivers/firmware/efi/esrt.c | 15 +-- drivers/firmware/efi/runtime-map.c | 10 +- drivers/gpio/gpio-altera.c | 26 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5 +- drivers/gpu/drm/armada/Makefile | 2 - drivers/gpu/drm/exynos/exynos_drm_gem.c | 9 ++ drivers/hid/Kconfig | 4 +- drivers/hid/hid-chicony.c | 1 + drivers/hid/hid-core.c | 1 + drivers/hid/hid-ids.h | 1 + drivers/i2c/busses/i2c-riic.c | 6 +- drivers/infiniband/hw/mlx4/qp.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 2 + drivers/iommu/intel-iommu.c | 8 +- drivers/irqchip/irq-crossbar.c | 8 +- drivers/media/usb/dvb-usb/dibusb-common.c | 16 ++- drivers/memory/omap-gpmc.c | 4 +- drivers/net/can/ti_hecc.c | 3 + drivers/net/can/usb/ems_usb.c | 2 + drivers/net/can/usb/esd_usb2.c | 2 + drivers/net/can/usb/kvaser_usb.c | 13 +- drivers/net/can/usb/usb_8dev.c | 2 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 20 +++- drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c | 8 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c | 23 ++-- drivers/net/ipvlan/ipvlan_core.c | 2 +- drivers/net/phy/spi_ks8995.c | 1 + drivers/net/wireless/mac80211_hwsim.c | 5 +- drivers/scsi/lpfc/lpfc_els.c | 14 ++- drivers/scsi/storvsc_drv.c | 27 +++-- drivers/spi/Kconfig | 1 - drivers/usb/gadget/configfs.c | 1 + drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/gadget/legacy/inode.c | 4 +- drivers/virtio/virtio.c | 2 + fs/afs/cmservice.c | 3 + fs/nfs/dir.c | 2 +- include/drm/drmP.h | 26 +++- include/linux/genalloc.h | 3 +- include/linux/mmu_notifier.h | 13 -- include/linux/omap-gpmc.h | 5 +- include/linux/sysfs.h | 6 + include/scsi/libsas.h | 2 +- kernel/audit.c | 10 +- kernel/debug/kdb/kdb_io.c | 2 +- kernel/jump_label.c | 2 +- kernel/workqueue.c | 1 + lib/asn1_decoder.c | 49 ++++---- lib/dynamic_debug.c | 4 + lib/genalloc.c | 10 +- mm/huge_memory.c | 82 +++++++++---- net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 4 + net/ipv4/netfilter/nf_nat_l3proto_ipv4.c | 5 - net/ipv4/route.c | 14 ++- net/ipv6/af_inet6.c | 10 +- net/ipv6/ip6_vti.c | 8 +- net/ipv6/sit.c | 1 + net/packet/af_packet.c | 37 +++--- net/packet/internal.h | 1 - net/rds/rdma.c | 2 +- net/sctp/socket.c | 38 ++++-- net/sunrpc/sched.c | 3 +- net/tipc/server.c | 1 + net/xfrm/xfrm_policy.c | 1 + scripts/module-common.lds | 2 + scripts/package/Makefile | 5 +- sound/core/pcm.c | 2 + sound/core/seq/seq_timer.c | 2 +- sound/usb/mixer.c | 13 +- tools/hv/hv_kvp_daemon.c | 70 +++-------- tools/testing/selftests/powerpc/harness.c | 6 +- 109 files changed, 701 insertions(+), 570 deletions(-)

6 years, 9 months

9
123
0 0

4.18.y build failure

by Dan Rue

The following commit in 4.18.y causes the build to fail: 79764192e1c4 ("printk/nmi: Prevent deadlock when accessing the main log buffer in NMI") with: | kernel/printk/printk_safe.o: In function `vprintk_func': | printk_safe.c:(.text+0x51b): undefined reference to `vprintk_store' | printk_safe.c:(.text+0x52f): undefined reference to `defer_console_output' Picking up these from mainline seems to do the trick: a338f84dc196 ("printk: Create helper function to queue deferred console handling") ba552399954d ("printk: Split the code for storing a message into the log buffer") Thanks, Dan

6 years, 9 months

3
2
0 0

[PATCH] firmware: Fix security issue with request_firmware_into_buf()

by Luis R. Rodriguez

From: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> When calling request_firmware_into_buf() with the FW_OPT_NOCACHE flag it is expected that firmware is loaded into buffer from memory. But inside alloc_lookup_fw_priv every new firmware that is loaded is added to the firmware cache (fwc) list head. So if any driver requests a firmware that is already loaded the code iterates over the above mentioned list and it can end up giving a pointer to other device driver's firmware buffer. Also the existing copy may either be modified by drivers, remote processors or even freed. This causes a potential security issue with batched requests when using request_firmware_into_buf. Fix alloc_lookup_fw_priv to not add to the fwc head list if FW_OPT_NOCACHE is set, and also don't do the lookup in the list. Fixes: 0e742e9275 ("firmware: provide infrastructure to make fw caching optional") [mcgrof: broken since feature introduction on v4.8] Cc: stable(a)vger.kernel.org # v4.8+ Signed-off-by: Vikram Mulukutla <markivx(a)codeaurora.org> Signed-off-by: Rishabh Bhatnagar <rishabhb(a)codeaurora.org> Signed-off-by: Luis Chamberlain <mcgrof(a)kernel.org> --- This has been tested with the self test firmware scrip and found no regressions. drivers/base/firmware_loader/main.c | 30 +++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index 0943e7065e0e..b3c0498ee433 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -209,21 +209,24 @@ static struct fw_priv *__lookup_fw_priv(const char *fw_name) static int alloc_lookup_fw_priv(const char *fw_name, struct firmware_cache *fwc, struct fw_priv **fw_priv, void *dbuf, - size_t size) + size_t size, enum fw_opt opt_flags) { struct fw_priv *tmp; spin_lock(&fwc->lock); - tmp = __lookup_fw_priv(fw_name); - if (tmp) { - kref_get(&tmp->ref); - spin_unlock(&fwc->lock); - *fw_priv = tmp; - pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); - return 1; + if (!(opt_flags & FW_OPT_NOCACHE)) { + tmp = __lookup_fw_priv(fw_name); + if (tmp) { + kref_get(&tmp->ref); + spin_unlock(&fwc->lock); + *fw_priv = tmp; + pr_debug("batched request - sharing the same struct fw_priv and lookup for multiple requests\n"); + return 1; + } } + tmp = __allocate_fw_priv(fw_name, fwc, dbuf, size); - if (tmp) + if (tmp && !(opt_flags & FW_OPT_NOCACHE)) list_add(&tmp->list, &fwc->head); spin_unlock(&fwc->lock); @@ -493,7 +496,8 @@ int assign_fw(struct firmware *fw, struct device *device, */ static int _request_firmware_prepare(struct firmware **firmware_p, const char *name, - struct device *device, void *dbuf, size_t size) + struct device *device, void *dbuf, size_t size, + enum fw_opt opt_flags) { struct firmware *firmware; struct fw_priv *fw_priv; @@ -511,7 +515,8 @@ _request_firmware_prepare(struct firmware **firmware_p, const char *name, return 0; /* assigned */ } - ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size); + ret = alloc_lookup_fw_priv(name, &fw_cache, &fw_priv, dbuf, size, + opt_flags); /* * bind with 'priv' now to avoid warning in failure path @@ -571,7 +576,8 @@ _request_firmware(const struct firmware **firmware_p, const char *name, goto out; } - ret = _request_firmware_prepare(&fw, name, device, buf, size); + ret = _request_firmware_prepare(&fw, name, device, buf, size, + opt_flags); if (ret <= 0) /* error or already assigned */ goto out; -- 2.18.0

6 years, 9 months

1
0
0 0

[PATCH 2/2] xhci: Fix use after free for URB cancellation on a reallocated endpoint

by Mathias Nyman

Make sure the cancelled URB is on the current endpoint ring. If the endpoint ring has been reallocated since the URB was enqueued then the URB may contain TD and TRB pointers to a already freed ring. In this the case return the URB without touching any of the freed ring structure data. Don't try to stop the ring. It would be useless. This can occur if endpoint is not flushed before it is dropped and re-added, which is the case in usb_set_interface() as xhci does things in an odd order. Cc: <stable(a)vger.kernel.org> Tested-by: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 61f48b1..0420eef 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -37,6 +37,21 @@ static unsigned long long quirks; module_param(quirks, ullong, S_IRUGO); MODULE_PARM_DESC(quirks, "Bit flags for quirks to be enabled as default"); +static bool td_on_ring(struct xhci_td *td, struct xhci_ring *ring) +{ + struct xhci_segment *seg = ring->first_seg; + + if (!td || !td->start_seg) + return false; + do { + if (seg == td->start_seg) + return true; + seg = seg->next; + } while (seg && seg != ring->first_seg); + + return false; +} + /* TODO: copied from ehci-hcd.c - can this be refactored? */ /* * xhci_handshake - spin reading hc until handshake completes or fails @@ -1571,6 +1586,21 @@ static int xhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) goto done; } + /* + * check ring is not re-allocated since URB was enqueued. If it is, then + * make sure none of the ring related pointers in this URB private data + * are touched, such as td_list, otherwise we overwrite freed data + */ + if (!td_on_ring(&urb_priv->td[0], ep_ring)) { + xhci_err(xhci, "Canceled URB td not found on endpoint ring"); + for (i = urb_priv->num_tds_done; i < urb_priv->num_tds; i++) { + td = &urb_priv->td[i]; + if (!list_empty(&td->cancelled_td_list)) + list_del_init(&td->cancelled_td_list); + } + goto err_giveback; + } + if (xhci->xhc_state & XHCI_STATE_HALTED) { xhci_dbg_trace(xhci, trace_xhci_dbg_cancel_urb, "HC halted, freeing TD manually."); -- 2.7.4

6 years, 9 months

1
0
0 0

Again the photos things

by Jimmy Wilson

Hi, Have you received my email from last week? I would like to speak with the person who manage your photos for your company? We are here to provide you all kinds of imaging editing. What we can provide you: Cutting out for photos Clipping path for photos Masking for photos Retouching for your photos Retouching for the Beauty Model and Portraits. We have 20 staffs in house and daily basis 1000 images can be processed. We give testing for your photos. Thanks, Jimmy Wilson

6 years, 9 months

1
0
0 0

Photo processing

by Jimmy Wilson

Hi, Have you received my email from last week? I would like to speak with the person who manage your photos for your company? We are here to provide you all kinds of imaging editing. What we can provide you: Cutting out for photos Clipping path for photos Masking for photos Retouching for your photos Retouching for the Beauty Model and Portraits. We have 20 staffs in house and daily basis 1000 images can be processed. We give testing for your photos. Thanks, Jimmy Wilson

6 years, 9 months

1
0
0 0

Images processing

by Jimmy Wilson

Hi, Have you received my email from last week? I would like to speak with the person who manage your photos for your company? We are here to provide you all kinds of imaging editing. What we can provide you: Cutting out for photos Clipping path for photos Masking for photos Retouching for your photos Retouching for the Beauty Model and Portraits. We have 20 staffs in house and daily basis 1000 images can be processed. We give testing for your photos. Thanks, Jimmy Wilson

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] KVM: arm/arm64: Skip updating PTE entry if no change" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 976d34e2dab10ece5ea8fe7090b7692913f89084 Mon Sep 17 00:00:00 2001 From: Punit Agrawal <punit.agrawal(a)arm.com> Date: Mon, 13 Aug 2018 11:43:51 +0100 Subject: [PATCH] KVM: arm/arm64: Skip updating PTE entry if no change When there is contention on faulting in a particular page table entry at stage 2, the break-before-make requirement of the architecture can lead to additional refaulting due to TLB invalidation. Avoid this by skipping a page table update if the new value of the PTE matches the previous value. Cc: stable(a)vger.kernel.org Fixes: d5d8184d35c9 ("KVM: ARM: Memory virtualization setup") Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Acked-by: Christoffer Dall <christoffer.dall(a)arm.com> Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 13dfe36501aa..91aaf73b00df 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1147,6 +1147,10 @@ static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache, /* Create 2nd stage page table mapping - Level 3 */ old_pte = *pte; if (pte_present(old_pte)) { + /* Skip page table update if there is no change */ + if (pte_val(old_pte) == pte_val(*new_pte)) + return 0; + kvm_set_pte(pte, __pte(0)); kvm_tlb_flush_vmid_ipa(kvm, addr); } else {

6 years, 9 months

2
1
0 0

[PATCH 1/2] i2c: designware: Re-init controllers with pm_disabled set on resume

by Hans de Goede

On Bay Trail and Cherry Trail devices we set the pm_disabled flag for I2C busses which the OS shares with the PUNIT as these need special handling. Until now we called dev_pm_syscore_device(dev, true) for I2C controllers with this flag set to keep these I2C controllers always on. After commit 12864ff8545f ("ACPI / LPSS: Avoid PM quirks on suspend and resume from hibernation"), this no longer works. This commit modifies lpss_iosf_exit_d3_state() to only run if lpss_iosf_enter_d3_state() has ran before it, so that it does not run on a resume from hibernate (or from S3). On these systems the conditions for lpss_iosf_enter_d3_state() to run never become true, so lpss_iosf_exit_d3_state() never gets called and the 2 LPSS DMA controllers never get forced into D0 mode, instead they are left in their default automatic power-on when needed mode. The not forcing of D0 mode for the DMA controllers enables these systems to properly enter S0ix modes, which is a good thing. But after entering S0ix modes the I2C controller connected to the PMIC no longer works, leading to e.g. broken battery monitoring. The _PS3 method for this I2C controller looks like this: Method (_PS3, 0, NotSerialized) // _PS3: Power State 3 { If ((((PMID == 0x04) || (PMID == 0x05)) || (PMID == 0x06))) { Return (Zero) } PSAT |= 0x03 Local0 = PSAT /* \_SB_.I2C5.PSAT */ } Where PMID = 0x05, so we enter the Return (Zero) path on these systems. So even if we were to not call dev_pm_syscore_device(dev, true) the I2C controller will be left in D0 rather then be switched to D3. Yet on other Bay and Cherry Trail devices S0ix is not entered unless *all* I2C controllers are in D3 mode. This combined with the I2C controller no longer working now that we reach S0ix states on these systems leads to me believing that the PUNIT itself puts the I2C controller in D3 when all other conditions for entering S0ix states are true. Since now the I2C controller is put in D3 over a suspend/resume we must re-initialize it afterwards and that does indeed fix it no longer working. This commit implements this fix by: 1) Making the suspend_late callback a no-op if pm_disabled is set and making the resume_early callback skip the clock re-enable (since it now was not disabled) while still doing the necessary I2C controller re-init. 2) Removing the dev_pm_syscore_device(dev, true) call, so that the suspend and resume callbacks are actually called. Normally this would cause the ACPI pm code to call _PS3 putting the I2C controller in D3, wreaking havoc since it is shared with the PUNIT, but in this special case the _PS3 method is a no-op so we can safely allow a "fake" suspend / resume. Fixes: 12864ff8545f ("ACPI / LPSS: Avoid PM quirks on suspend and resume ...") Link: https://bugzilla.kernel.org/show_bug.cgi?id=200861 Cc: 4.15+ <stable(a)vger.kernel.org> # 4.15+ Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/i2c/busses/i2c-designware-master.c | 1 - drivers/i2c/busses/i2c-designware-platdrv.c | 7 ++++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/i2c/busses/i2c-designware-master.c b/drivers/i2c/busses/i2c-designware-master.c index 27436a937492..54b2a3a86677 100644 --- a/drivers/i2c/busses/i2c-designware-master.c +++ b/drivers/i2c/busses/i2c-designware-master.c @@ -693,7 +693,6 @@ int i2c_dw_probe(struct dw_i2c_dev *dev) i2c_set_adapdata(adap, dev); if (dev->pm_disabled) { - dev_pm_syscore_device(dev->dev, true); irq_flags = IRQF_NO_SUSPEND; } else { irq_flags = IRQF_SHARED | IRQF_COND_SUSPEND; diff --git a/drivers/i2c/busses/i2c-designware-platdrv.c b/drivers/i2c/busses/i2c-designware-platdrv.c index 5660daf6c92e..d281d21cdd8e 100644 --- a/drivers/i2c/busses/i2c-designware-platdrv.c +++ b/drivers/i2c/busses/i2c-designware-platdrv.c @@ -448,6 +448,9 @@ static int dw_i2c_plat_suspend(struct device *dev) { struct dw_i2c_dev *i_dev = dev_get_drvdata(dev); + if (i_dev->pm_disabled) + return 0; + i_dev->disable(i_dev); i2c_dw_prepare_clk(i_dev, false); @@ -458,7 +461,9 @@ static int dw_i2c_plat_resume(struct device *dev) { struct dw_i2c_dev *i_dev = dev_get_drvdata(dev); - i2c_dw_prepare_clk(i_dev, true); + if (!i_dev->pm_disabled) + i2c_dw_prepare_clk(i_dev, true); + i_dev->init(i_dev); return 0; -- 2.19.0.rc0

6 years, 9 months

4
3
0 0

FAILED: patch "[PATCH] arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5ad356eabc47d26a92140a0c4b20eba471c10de3 Mon Sep 17 00:00:00 2001 From: Greg Hackmann <ghackmann(a)android.com> Date: Wed, 15 Aug 2018 12:51:21 -0700 Subject: [PATCH] arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() ARM64's pfn_valid() shifts away the upper PAGE_SHIFT bits of the input before seeing if the PFN is valid. This leads to false positives when some of the upper bits are set, but the lower bits match a valid PFN. For example, the following userspace code looks up a bogus entry in /proc/kpageflags: int pagemap = open("/proc/self/pagemap", O_RDONLY); int pageflags = open("/proc/kpageflags", O_RDONLY); uint64_t pfn, val; lseek64(pagemap, [...], SEEK_SET); read(pagemap, &pfn, sizeof(pfn)); if (pfn & (1UL << 63)) { /* valid PFN */ pfn &= ((1UL << 55) - 1); /* clear flag bits */ pfn |= (1UL << 55); lseek64(pageflags, pfn * sizeof(uint64_t), SEEK_SET); read(pageflags, &val, sizeof(val)); } On ARM64 this causes the userspace process to crash with SIGSEGV rather than reading (1 << KPF_NOPAGE). kpageflags_read() treats the offset as valid, and stable_page_flags() will try to access an address between the user and kernel address ranges. Fixes: c1cc1552616d ("arm64: MMU initialisation") Cc: stable(a)vger.kernel.org Signed-off-by: Greg Hackmann <ghackmann(a)google.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c index 325cfb3b858a..811f9f8b3bb0 100644 --- a/arch/arm64/mm/init.c +++ b/arch/arm64/mm/init.c @@ -287,7 +287,11 @@ static void __init zone_sizes_init(unsigned long min, unsigned long max) #ifdef CONFIG_HAVE_ARCH_PFN_VALID int pfn_valid(unsigned long pfn) { - return memblock_is_map_memory(pfn << PAGE_SHIFT); + phys_addr_t addr = pfn << PAGE_SHIFT; + + if ((addr >> PAGE_SHIFT) != pfn) + return 0; + return memblock_is_map_memory(addr); } EXPORT_SYMBOL(pfn_valid); #endif

6 years, 9 months

2
1
0 0

[PATCH AUTOSEL 3.18 01/25] cifs: check if SMB2 PDU size has been padded and suppress the warning

by Sasha Levin

From: Ronnie Sahlberg <lsahlber(a)redhat.com> [ Upstream commit e6c47dd0da1e3a484e778046fc10da0b20606a86 ] Some SMB2/3 servers, Win2016 but possibly others too, adds padding not only between PDUs in a compound but also to the final PDU. This padding extends the PDU to a multiple of 8 bytes. Check if the unexpected length looks like this might be the case and avoid triggering the log messages for : "SMB2 server sent bad RFC1001 len %d not %d\n" Signed-off-by: Ronnie Sahlberg <lsahlber(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/cifs/smb2misc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index b35c1398d459..494438195a1d 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -182,6 +182,13 @@ smb2_check_message(char *buf, unsigned int length) if (clc_len == 4 + len + 1) return 0; + /* + * Some windows servers (win2016) will pad also the final + * PDU in a compound to 8 bytes. + */ + if (((clc_len + 7) & ~7) == len) + return 0; + /* * MacOS server pads after SMB2.1 write response with 3 bytes * of junk. Other servers match RFC1001 len to actual -- 2.17.1

6 years, 9 months

1
24
0 0

[PATCH AUTOSEL 4.4 01/30] cifs: check if SMB2 PDU size has been padded and suppress the warning

by Sasha Levin

From: Ronnie Sahlberg <lsahlber(a)redhat.com> [ Upstream commit e6c47dd0da1e3a484e778046fc10da0b20606a86 ] Some SMB2/3 servers, Win2016 but possibly others too, adds padding not only between PDUs in a compound but also to the final PDU. This padding extends the PDU to a multiple of 8 bytes. Check if the unexpected length looks like this might be the case and avoid triggering the log messages for : "SMB2 server sent bad RFC1001 len %d not %d\n" Signed-off-by: Ronnie Sahlberg <lsahlber(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/cifs/smb2misc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index 76ccf20fbfb7..0e62bf1ebbd7 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -184,6 +184,13 @@ smb2_check_message(char *buf, unsigned int length) if (clc_len == 4 + len + 1) return 0; + /* + * Some windows servers (win2016) will pad also the final + * PDU in a compound to 8 bytes. + */ + if (((clc_len + 7) & ~7) == len) + return 0; + /* * MacOS server pads after SMB2.1 write response with 3 bytes * of junk. Other servers match RFC1001 len to actual -- 2.17.1

6 years, 9 months

1
29
0 0

[PATCH AUTOSEL 4.9 01/42] cifs: check if SMB2 PDU size has been padded and suppress the warning

by Sasha Levin

From: Ronnie Sahlberg <lsahlber(a)redhat.com> [ Upstream commit e6c47dd0da1e3a484e778046fc10da0b20606a86 ] Some SMB2/3 servers, Win2016 but possibly others too, adds padding not only between PDUs in a compound but also to the final PDU. This padding extends the PDU to a multiple of 8 bytes. Check if the unexpected length looks like this might be the case and avoid triggering the log messages for : "SMB2 server sent bad RFC1001 len %d not %d\n" Signed-off-by: Ronnie Sahlberg <lsahlber(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/cifs/smb2misc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index 967dfe656ced..e96a74da756f 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -208,6 +208,13 @@ smb2_check_message(char *buf, unsigned int length, struct TCP_Server_Info *srvr) if (clc_len == 4 + len + 1) return 0; + /* + * Some windows servers (win2016) will pad also the final + * PDU in a compound to 8 bytes. + */ + if (((clc_len + 7) & ~7) == len) + return 0; + /* * MacOS server pads after SMB2.1 write response with 3 bytes * of junk. Other servers match RFC1001 len to actual -- 2.17.1

6 years, 9 months

1
41
0 0

[PATCH AUTOSEL 4.14 01/67] cifs: check if SMB2 PDU size has been padded and suppress the warning

by Sasha Levin

From: Ronnie Sahlberg <lsahlber(a)redhat.com> [ Upstream commit e6c47dd0da1e3a484e778046fc10da0b20606a86 ] Some SMB2/3 servers, Win2016 but possibly others too, adds padding not only between PDUs in a compound but also to the final PDU. This padding extends the PDU to a multiple of 8 bytes. Check if the unexpected length looks like this might be the case and avoid triggering the log messages for : "SMB2 server sent bad RFC1001 len %d not %d\n" Signed-off-by: Ronnie Sahlberg <lsahlber(a)redhat.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- fs/cifs/smb2misc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c index 7b08a1446a7f..efdfdb47a7dd 100644 --- a/fs/cifs/smb2misc.c +++ b/fs/cifs/smb2misc.c @@ -211,6 +211,13 @@ smb2_check_message(char *buf, unsigned int length, struct TCP_Server_Info *srvr) if (clc_len == 4 + len + 1) return 0; + /* + * Some windows servers (win2016) will pad also the final + * PDU in a compound to 8 bytes. + */ + if (((clc_len + 7) & ~7) == len) + return 0; + /* * MacOS server pads after SMB2.1 write response with 3 bytes * of junk. Other servers match RFC1001 len to actual -- 2.17.1

6 years, 9 months

1
66
0 0

[PATCH v4.14.y] autofs: fix autofs_sbi() does not check super block type

by Zubin Mithra

From: Ian Kent <raven(a)themaw.net> commit 0633da48f0793aeba27f82d30605624416723a91 upstream. autofs_sbi() does not check the superblock magic number to verify it has been given an autofs super block. Backport Note: autofs4 has been renamed to autofs upstream. As a result the upstream patch does not apply cleanly onto 4.14.y. Change-Id: I7194ca9b851fba81f0e20cc4873717ceccaa0b27 Link: http://lkml.kernel.org/r/153475422934.17131.7563724552005298277.stgit@pluto… Reported-by: <syzbot+87c3c541582e56943277(a)syzkaller.appspotmail.com> Signed-off-by: Ian Kent <raven(a)themaw.net> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Zubin Mithra <zsm(a)chromium.org> --- fs/autofs4/autofs_i.h | 4 +++- fs/autofs4/inode.c | 1 - 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/autofs4/autofs_i.h b/fs/autofs4/autofs_i.h index 4737615f0eaa..ce696d6c4641 100644 --- a/fs/autofs4/autofs_i.h +++ b/fs/autofs4/autofs_i.h @@ -26,6 +26,7 @@ #include <linux/list.h> #include <linux/completion.h> #include <asm/current.h> +#include <linux/magic.h> /* This is the range of ioctl() numbers we claim as ours */ #define AUTOFS_IOC_FIRST AUTOFS_IOC_READY @@ -124,7 +125,8 @@ struct autofs_sb_info { static inline struct autofs_sb_info *autofs4_sbi(struct super_block *sb) { - return (struct autofs_sb_info *)(sb->s_fs_info); + return sb->s_magic != AUTOFS_SUPER_MAGIC ? + NULL : (struct autofs_sb_info *)(sb->s_fs_info); } static inline struct autofs_info *autofs4_dentry_ino(struct dentry *dentry) diff --git a/fs/autofs4/inode.c b/fs/autofs4/inode.c index 09e7d68dff02..3c7e727612fa 100644 --- a/fs/autofs4/inode.c +++ b/fs/autofs4/inode.c @@ -14,7 +14,6 @@ #include <linux/pagemap.h> #include <linux/parser.h> #include <linux/bitops.h> -#include <linux/magic.h> #include "autofs_i.h" #include <linux/module.h> -- 2.19.0.rc0.228.g281dcd1b4d0-goog

6 years, 9 months

2
1
0 0

FAILED: patch "[PATCH] ext4: fix race when setting the bitmap corrupted flag" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9af0b3d1257756394ebbd06b14937b557e3a756b Mon Sep 17 00:00:00 2001 From: Wang Shilong <wshilong(a)ddn.com> Date: Sun, 29 Jul 2018 17:27:45 -0400 Subject: [PATCH] ext4: fix race when setting the bitmap corrupted flag Whenever we hit block or inode bitmap corruptions we set bit and then reduce this block group free inode/clusters counter to expose right available space. However some of ext4_mark_group_bitmap_corrupted() is called inside group spinlock, some are not, this could make it happen that we double reduce one block group free counters from system. Always hold group spinlock for it could fix it, but it looks a little heavy, we could use test_and_set_bit() to fix race problems here. Signed-off-by: Wang Shilong <wshilong(a)ddn.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org diff --git a/fs/ext4/super.c b/fs/ext4/super.c index d4a218ba626c..f7750bc5b85a 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -795,26 +795,26 @@ void ext4_mark_group_bitmap_corrupted(struct super_block *sb, struct ext4_sb_info *sbi = EXT4_SB(sb); struct ext4_group_info *grp = ext4_get_group_info(sb, group); struct ext4_group_desc *gdp = ext4_get_group_desc(sb, group, NULL); + int ret; - if ((flags & EXT4_GROUP_INFO_BBITMAP_CORRUPT) && - !EXT4_MB_GRP_BBITMAP_CORRUPT(grp)) { - percpu_counter_sub(&sbi->s_freeclusters_counter, - grp->bb_free); - set_bit(EXT4_GROUP_INFO_BBITMAP_CORRUPT_BIT, - &grp->bb_state); + if (flags & EXT4_GROUP_INFO_BBITMAP_CORRUPT) { + ret = ext4_test_and_set_bit(EXT4_GROUP_INFO_BBITMAP_CORRUPT_BIT, + &grp->bb_state); + if (!ret) + percpu_counter_sub(&sbi->s_freeclusters_counter, + grp->bb_free); } - if ((flags & EXT4_GROUP_INFO_IBITMAP_CORRUPT) && - !EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) { - if (gdp) { + if (flags & EXT4_GROUP_INFO_IBITMAP_CORRUPT) { + ret = ext4_test_and_set_bit(EXT4_GROUP_INFO_IBITMAP_CORRUPT_BIT, + &grp->bb_state); + if (!ret && gdp) { int count; count = ext4_free_inodes_count(sb, gdp); percpu_counter_sub(&sbi->s_freeinodes_counter, count); } - set_bit(EXT4_GROUP_INFO_IBITMAP_CORRUPT_BIT, - &grp->bb_state); } }

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] ext4: fix race when setting the bitmap corrupted flag" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9af0b3d1257756394ebbd06b14937b557e3a756b Mon Sep 17 00:00:00 2001 From: Wang Shilong <wshilong(a)ddn.com> Date: Sun, 29 Jul 2018 17:27:45 -0400 Subject: [PATCH] ext4: fix race when setting the bitmap corrupted flag Whenever we hit block or inode bitmap corruptions we set bit and then reduce this block group free inode/clusters counter to expose right available space. However some of ext4_mark_group_bitmap_corrupted() is called inside group spinlock, some are not, this could make it happen that we double reduce one block group free counters from system. Always hold group spinlock for it could fix it, but it looks a little heavy, we could use test_and_set_bit() to fix race problems here. Signed-off-by: Wang Shilong <wshilong(a)ddn.com> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org diff --git a/fs/ext4/super.c b/fs/ext4/super.c index d4a218ba626c..f7750bc5b85a 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -795,26 +795,26 @@ void ext4_mark_group_bitmap_corrupted(struct super_block *sb, struct ext4_sb_info *sbi = EXT4_SB(sb); struct ext4_group_info *grp = ext4_get_group_info(sb, group); struct ext4_group_desc *gdp = ext4_get_group_desc(sb, group, NULL); + int ret; - if ((flags & EXT4_GROUP_INFO_BBITMAP_CORRUPT) && - !EXT4_MB_GRP_BBITMAP_CORRUPT(grp)) { - percpu_counter_sub(&sbi->s_freeclusters_counter, - grp->bb_free); - set_bit(EXT4_GROUP_INFO_BBITMAP_CORRUPT_BIT, - &grp->bb_state); + if (flags & EXT4_GROUP_INFO_BBITMAP_CORRUPT) { + ret = ext4_test_and_set_bit(EXT4_GROUP_INFO_BBITMAP_CORRUPT_BIT, + &grp->bb_state); + if (!ret) + percpu_counter_sub(&sbi->s_freeclusters_counter, + grp->bb_free); } - if ((flags & EXT4_GROUP_INFO_IBITMAP_CORRUPT) && - !EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) { - if (gdp) { + if (flags & EXT4_GROUP_INFO_IBITMAP_CORRUPT) { + ret = ext4_test_and_set_bit(EXT4_GROUP_INFO_IBITMAP_CORRUPT_BIT, + &grp->bb_state); + if (!ret && gdp) { int count; count = ext4_free_inodes_count(sb, gdp); percpu_counter_sub(&sbi->s_freeinodes_counter, count); } - set_bit(EXT4_GROUP_INFO_IBITMAP_CORRUPT_BIT, - &grp->bb_state); } }

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] ext4: sysfs: print ext4_super_block fields as little-endian" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From a4d2aadca184ece182418950d45ba4ffc7b652d2 Mon Sep 17 00:00:00 2001 From: Arnd Bergmann <arnd(a)arndb.de> Date: Sun, 29 Jul 2018 15:48:00 -0400 Subject: [PATCH] ext4: sysfs: print ext4_super_block fields as little-endian While working on extended rand for last_error/first_error timestamps, I noticed that the endianess is wrong; we access the little-endian fields in struct ext4_super_block as native-endian when we print them. This adds a special case in ext4_attr_show() and ext4_attr_store() to byteswap the superblock fields if needed. In older kernels, this code was part of super.c, it got moved to sysfs.c in linux-4.4. Cc: stable(a)vger.kernel.org Fixes: 52c198c6820f ("ext4: add sysfs entry showing whether the fs contains errors") Reviewed-by: Andreas Dilger <adilger(a)dilger.ca> Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c index f34da0bb8f17..b970a200f20c 100644 --- a/fs/ext4/sysfs.c +++ b/fs/ext4/sysfs.c @@ -274,8 +274,12 @@ static ssize_t ext4_attr_show(struct kobject *kobj, case attr_pointer_ui: if (!ptr) return 0; - return snprintf(buf, PAGE_SIZE, "%u\n", - *((unsigned int *) ptr)); + if (a->attr_ptr == ptr_ext4_super_block_offset) + return snprintf(buf, PAGE_SIZE, "%u\n", + le32_to_cpup(ptr)); + else + return snprintf(buf, PAGE_SIZE, "%u\n", + *((unsigned int *) ptr)); case attr_pointer_atomic: if (!ptr) return 0; @@ -308,7 +312,10 @@ static ssize_t ext4_attr_store(struct kobject *kobj, ret = kstrtoul(skip_spaces(buf), 0, &t); if (ret) return ret; - *((unsigned int *) ptr) = t; + if (a->attr_ptr == ptr_ext4_super_block_offset) + *((__le32 *) ptr) = cpu_to_le32(t); + else + *((unsigned int *) ptr) = t; return len; case attr_inode_readahead: return inode_readahead_blks_store(sbi, buf, len);

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] KVM: arm/arm64: Skip updating PTE entry if no change" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 976d34e2dab10ece5ea8fe7090b7692913f89084 Mon Sep 17 00:00:00 2001 From: Punit Agrawal <punit.agrawal(a)arm.com> Date: Mon, 13 Aug 2018 11:43:51 +0100 Subject: [PATCH] KVM: arm/arm64: Skip updating PTE entry if no change When there is contention on faulting in a particular page table entry at stage 2, the break-before-make requirement of the architecture can lead to additional refaulting due to TLB invalidation. Avoid this by skipping a page table update if the new value of the PTE matches the previous value. Cc: stable(a)vger.kernel.org Fixes: d5d8184d35c9 ("KVM: ARM: Memory virtualization setup") Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Acked-by: Christoffer Dall <christoffer.dall(a)arm.com> Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 13dfe36501aa..91aaf73b00df 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1147,6 +1147,10 @@ static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache, /* Create 2nd stage page table mapping - Level 3 */ old_pte = *pte; if (pte_present(old_pte)) { + /* Skip page table update if there is no change */ + if (pte_val(old_pte) == pte_val(*new_pte)) + return 0; + kvm_set_pte(pte, __pte(0)); kvm_tlb_flush_vmid_ipa(kvm, addr); } else {

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] KVM: arm/arm64: Skip updating PTE entry if no change" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 976d34e2dab10ece5ea8fe7090b7692913f89084 Mon Sep 17 00:00:00 2001 From: Punit Agrawal <punit.agrawal(a)arm.com> Date: Mon, 13 Aug 2018 11:43:51 +0100 Subject: [PATCH] KVM: arm/arm64: Skip updating PTE entry if no change When there is contention on faulting in a particular page table entry at stage 2, the break-before-make requirement of the architecture can lead to additional refaulting due to TLB invalidation. Avoid this by skipping a page table update if the new value of the PTE matches the previous value. Cc: stable(a)vger.kernel.org Fixes: d5d8184d35c9 ("KVM: ARM: Memory virtualization setup") Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Acked-by: Christoffer Dall <christoffer.dall(a)arm.com> Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 13dfe36501aa..91aaf73b00df 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1147,6 +1147,10 @@ static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache, /* Create 2nd stage page table mapping - Level 3 */ old_pte = *pte; if (pte_present(old_pte)) { + /* Skip page table update if there is no change */ + if (pte_val(old_pte) == pte_val(*new_pte)) + return 0; + kvm_set_pte(pte, __pte(0)); kvm_tlb_flush_vmid_ipa(kvm, addr); } else {

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] KVM: arm/arm64: Skip updating PMD entry if no change" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 86658b819cd0a9aa584cd84453ed268a6f013770 Mon Sep 17 00:00:00 2001 From: Punit Agrawal <punit.agrawal(a)arm.com> Date: Mon, 13 Aug 2018 11:43:50 +0100 Subject: [PATCH] KVM: arm/arm64: Skip updating PMD entry if no change Contention on updating a PMD entry by a large number of vcpus can lead to duplicate work when handling stage 2 page faults. As the page table update follows the break-before-make requirement of the architecture, it can lead to repeated refaults due to clearing the entry and flushing the tlbs. This problem is more likely when - * there are large number of vcpus * the mapping is large block mapping such as when using PMD hugepages (512MB) with 64k pages. Fix this by skipping the page table update if there is no change in the entry being updated. Cc: stable(a)vger.kernel.org Fixes: ad361f093c1e ("KVM: ARM: Support hugetlbfs backed huge pages") Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Acked-by: Christoffer Dall <christoffer.dall(a)arm.com> Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 97d27cd9c654..13dfe36501aa 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1044,19 +1044,35 @@ static int stage2_set_pmd_huge(struct kvm *kvm, struct kvm_mmu_memory_cache pmd = stage2_get_pmd(kvm, cache, addr); VM_BUG_ON(!pmd); - /* - * Mapping in huge pages should only happen through a fault. If a - * page is merged into a transparent huge page, the individual - * subpages of that huge page should be unmapped through MMU - * notifiers before we get here. - * - * Merging of CompoundPages is not supported; they should become - * splitting first, unmapped, merged, and mapped back in on-demand. - */ - VM_BUG_ON(pmd_present(*pmd) && pmd_pfn(*pmd) != pmd_pfn(*new_pmd)); - old_pmd = *pmd; if (pmd_present(old_pmd)) { + /* + * Multiple vcpus faulting on the same PMD entry, can + * lead to them sequentially updating the PMD with the + * same value. Following the break-before-make + * (pmd_clear() followed by tlb_flush()) process can + * hinder forward progress due to refaults generated + * on missing translations. + * + * Skip updating the page table if the entry is + * unchanged. + */ + if (pmd_val(old_pmd) == pmd_val(*new_pmd)) + return 0; + + /* + * Mapping in huge pages should only happen through a + * fault. If a page is merged into a transparent huge + * page, the individual subpages of that huge page + * should be unmapped through MMU notifiers before we + * get here. + * + * Merging of CompoundPages is not supported; they + * should become splitting first, unmapped, merged, + * and mapped back in on-demand. + */ + VM_BUG_ON(pmd_pfn(old_pmd) != pmd_pfn(*new_pmd)); + pmd_clear(pmd); kvm_tlb_flush_vmid_ipa(kvm, addr); } else {

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] KVM: arm/arm64: Skip updating PMD entry if no change" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 86658b819cd0a9aa584cd84453ed268a6f013770 Mon Sep 17 00:00:00 2001 From: Punit Agrawal <punit.agrawal(a)arm.com> Date: Mon, 13 Aug 2018 11:43:50 +0100 Subject: [PATCH] KVM: arm/arm64: Skip updating PMD entry if no change Contention on updating a PMD entry by a large number of vcpus can lead to duplicate work when handling stage 2 page faults. As the page table update follows the break-before-make requirement of the architecture, it can lead to repeated refaults due to clearing the entry and flushing the tlbs. This problem is more likely when - * there are large number of vcpus * the mapping is large block mapping such as when using PMD hugepages (512MB) with 64k pages. Fix this by skipping the page table update if there is no change in the entry being updated. Cc: stable(a)vger.kernel.org Fixes: ad361f093c1e ("KVM: ARM: Support hugetlbfs backed huge pages") Reviewed-by: Suzuki Poulose <suzuki.poulose(a)arm.com> Acked-by: Christoffer Dall <christoffer.dall(a)arm.com> Signed-off-by: Punit Agrawal <punit.agrawal(a)arm.com> Signed-off-by: Marc Zyngier <marc.zyngier(a)arm.com> diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c index 97d27cd9c654..13dfe36501aa 100644 --- a/virt/kvm/arm/mmu.c +++ b/virt/kvm/arm/mmu.c @@ -1044,19 +1044,35 @@ static int stage2_set_pmd_huge(struct kvm *kvm, struct kvm_mmu_memory_cache pmd = stage2_get_pmd(kvm, cache, addr); VM_BUG_ON(!pmd); - /* - * Mapping in huge pages should only happen through a fault. If a - * page is merged into a transparent huge page, the individual - * subpages of that huge page should be unmapped through MMU - * notifiers before we get here. - * - * Merging of CompoundPages is not supported; they should become - * splitting first, unmapped, merged, and mapped back in on-demand. - */ - VM_BUG_ON(pmd_present(*pmd) && pmd_pfn(*pmd) != pmd_pfn(*new_pmd)); - old_pmd = *pmd; if (pmd_present(old_pmd)) { + /* + * Multiple vcpus faulting on the same PMD entry, can + * lead to them sequentially updating the PMD with the + * same value. Following the break-before-make + * (pmd_clear() followed by tlb_flush()) process can + * hinder forward progress due to refaults generated + * on missing translations. + * + * Skip updating the page table if the entry is + * unchanged. + */ + if (pmd_val(old_pmd) == pmd_val(*new_pmd)) + return 0; + + /* + * Mapping in huge pages should only happen through a + * fault. If a page is merged into a transparent huge + * page, the individual subpages of that huge page + * should be unmapped through MMU notifiers before we + * get here. + * + * Merging of CompoundPages is not supported; they + * should become splitting first, unmapped, merged, + * and mapped back in on-demand. + */ + VM_BUG_ON(pmd_pfn(old_pmd) != pmd_pfn(*new_pmd)); + pmd_clear(pmd); kvm_tlb_flush_vmid_ipa(kvm, addr); } else {

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5ad356eabc47d26a92140a0c4b20eba471c10de3 Mon Sep 17 00:00:00 2001 From: Greg Hackmann <ghackmann(a)android.com> Date: Wed, 15 Aug 2018 12:51:21 -0700 Subject: [PATCH] arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() ARM64's pfn_valid() shifts away the upper PAGE_SHIFT bits of the input before seeing if the PFN is valid. This leads to false positives when some of the upper bits are set, but the lower bits match a valid PFN. For example, the following userspace code looks up a bogus entry in /proc/kpageflags: int pagemap = open("/proc/self/pagemap", O_RDONLY); int pageflags = open("/proc/kpageflags", O_RDONLY); uint64_t pfn, val; lseek64(pagemap, [...], SEEK_SET); read(pagemap, &pfn, sizeof(pfn)); if (pfn & (1UL << 63)) { /* valid PFN */ pfn &= ((1UL << 55) - 1); /* clear flag bits */ pfn |= (1UL << 55); lseek64(pageflags, pfn * sizeof(uint64_t), SEEK_SET); read(pageflags, &val, sizeof(val)); } On ARM64 this causes the userspace process to crash with SIGSEGV rather than reading (1 << KPF_NOPAGE). kpageflags_read() treats the offset as valid, and stable_page_flags() will try to access an address between the user and kernel address ranges. Fixes: c1cc1552616d ("arm64: MMU initialisation") Cc: stable(a)vger.kernel.org Signed-off-by: Greg Hackmann <ghackmann(a)google.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c index 325cfb3b858a..811f9f8b3bb0 100644 --- a/arch/arm64/mm/init.c +++ b/arch/arm64/mm/init.c @@ -287,7 +287,11 @@ static void __init zone_sizes_init(unsigned long min, unsigned long max) #ifdef CONFIG_HAVE_ARCH_PFN_VALID int pfn_valid(unsigned long pfn) { - return memblock_is_map_memory(pfn << PAGE_SHIFT); + phys_addr_t addr = pfn << PAGE_SHIFT; + + if ((addr >> PAGE_SHIFT) != pfn) + return 0; + return memblock_is_map_memory(addr); } EXPORT_SYMBOL(pfn_valid); #endif

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] arm64: Fix mismatched cache line size detection" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 4c4a39dd5fe2d13e2d2fa5fceb8ef95d19fc389a Mon Sep 17 00:00:00 2001 From: Suzuki K Poulose <suzuki.poulose(a)arm.com> Date: Wed, 4 Jul 2018 23:07:45 +0100 Subject: [PATCH] arm64: Fix mismatched cache line size detection If there is a mismatch in the I/D min line size, we must always use the system wide safe value both in applications and in the kernel, while performing cache operations. However, we have been checking more bits than just the min line sizes, which triggers false negatives. We may need to trap the user accesses in such cases, but not necessarily patch the kernel. This patch fixes the check to do the right thing as advertised. A new capability will be added to check mismatches in other fields and ensure we trap the CTR accesses. Fixes: be68a8aaf925 ("arm64: cpufeature: Fix CTR_EL0 field definitions") Cc: <stable(a)vger.kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Reported-by: Will Deacon <will.deacon(a)arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/include/asm/cache.h b/arch/arm64/include/asm/cache.h index 5df5cfe1c143..5ee5bca8c24b 100644 --- a/arch/arm64/include/asm/cache.h +++ b/arch/arm64/include/asm/cache.h @@ -21,12 +21,16 @@ #define CTR_L1IP_SHIFT 14 #define CTR_L1IP_MASK 3 #define CTR_DMINLINE_SHIFT 16 +#define CTR_IMINLINE_SHIFT 0 #define CTR_ERG_SHIFT 20 #define CTR_CWG_SHIFT 24 #define CTR_CWG_MASK 15 #define CTR_IDC_SHIFT 28 #define CTR_DIC_SHIFT 29 +#define CTR_CACHE_MINLINE_MASK \ + (0xf << CTR_DMINLINE_SHIFT | 0xf << CTR_IMINLINE_SHIFT) + #define CTR_L1IP(ctr) (((ctr) >> CTR_L1IP_SHIFT) & CTR_L1IP_MASK) #define ICACHE_POLICY_VPIPT 0 diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 1d2b6d768efe..5d1fa928ea4b 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -68,9 +68,11 @@ static bool has_mismatched_cache_line_size(const struct arm64_cpu_capabilities *entry, int scope) { + u64 mask = CTR_CACHE_MINLINE_MASK; + WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); - return (read_cpuid_cachetype() & arm64_ftr_reg_ctrel0.strict_mask) != - (arm64_ftr_reg_ctrel0.sys_val & arm64_ftr_reg_ctrel0.strict_mask); + return (read_cpuid_cachetype() & mask) != + (arm64_ftr_reg_ctrel0.sys_val & mask); } static void diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index f24892a40d2c..25d5cef00333 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -214,7 +214,7 @@ static const struct arm64_ftr_bits ftr_ctr[] = { * If we have differing I-cache policies, report it as the weakest - VIPT. */ ARM64_FTR_BITS(FTR_VISIBLE, FTR_NONSTRICT, FTR_EXACT, 14, 2, ICACHE_POLICY_VIPT), /* L1Ip */ - ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, 0, 4, 0), /* IminLine */ + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_IMINLINE_SHIFT, 4, 0), ARM64_FTR_END, };

6 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] arm64: Handle mismatched cache type" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 314d53d297980676011e6fd83dac60db4a01dc70 Mon Sep 17 00:00:00 2001 From: Suzuki K Poulose <suzuki.poulose(a)arm.com> Date: Wed, 4 Jul 2018 23:07:46 +0100 Subject: [PATCH] arm64: Handle mismatched cache type Track mismatches in the cache type register (CTR_EL0), other than the D/I min line sizes and trap user accesses if there are any. Fixes: be68a8aaf925 ("arm64: cpufeature: Fix CTR_EL0 field definitions") Cc: <stable(a)vger.kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com> Signed-off-by: Will Deacon <will.deacon(a)arm.com> diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h index 8a699c708fc9..be3bf3d08916 100644 --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -49,7 +49,8 @@ #define ARM64_HAS_CACHE_DIC 28 #define ARM64_HW_DBM 29 #define ARM64_SSBD 30 +#define ARM64_MISMATCHED_CACHE_TYPE 31 -#define ARM64_NCAPS 31 +#define ARM64_NCAPS 32 #endif /* __ASM_CPUCAPS_H */ diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index 5d1fa928ea4b..5d59ff9a8da9 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -65,11 +65,15 @@ is_kryo_midr(const struct arm64_cpu_capabilities *entry, int scope) } static bool -has_mismatched_cache_line_size(const struct arm64_cpu_capabilities *entry, - int scope) +has_mismatched_cache_type(const struct arm64_cpu_capabilities *entry, + int scope) { u64 mask = CTR_CACHE_MINLINE_MASK; + /* Skip matching the min line sizes for cache type check */ + if (entry->capability == ARM64_MISMATCHED_CACHE_TYPE) + mask ^= arm64_ftr_reg_ctrel0.strict_mask; + WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); return (read_cpuid_cachetype() & mask) != (arm64_ftr_reg_ctrel0.sys_val & mask); @@ -615,7 +619,14 @@ const struct arm64_cpu_capabilities arm64_errata[] = { { .desc = "Mismatched cache line size", .capability = ARM64_MISMATCHED_CACHE_LINE_SIZE, - .matches = has_mismatched_cache_line_size, + .matches = has_mismatched_cache_type, + .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, + .cpu_enable = cpu_enable_trap_ctr_access, + }, + { + .desc = "Mismatched cache type", + .capability = ARM64_MISMATCHED_CACHE_TYPE, + .matches = has_mismatched_cache_type, .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, .cpu_enable = cpu_enable_trap_ctr_access, },

6 years, 9 months

1
0
0 0

Resending: Please apply commit d1e20222d537 to 4.14.y and 4.18.y

by Jitendra Bhivare

Subject of the patch: iommu/arm-smmu: Error out only if not enough context interrupts Commit ID: 42b88ec6530fd76f1ae06de7f09830bcbca5bbd6 Why: ARM SMMU does not initialize for Broadcom Stingray SoC if bootloader reserves few contexts. Kernel should not error out if there are enough context interrupts. What kernel versions: 4.14.y and 4.18.y (applies cleanly). Before patching: Kernel does not boot using eMMC on Broadcom Stingray SoC with latest bootloader emitting this error "arm-smmu 64000000.mmu: found only 64 context interrupt(s) but 63 required" After patching: Kernel cleanly boots on the SoC. Thanks, JB

6 years, 9 months

2
1
0 0

Re: [PATCH] nohz: Fix missing tick reprog while interrupting inline timer softirq

by Grygorii Strashko

Hi On 07/31/2018 05:52 PM, Frederic Weisbecker wrote: > Before updating the full nohz tick or the idle time on IRQ exit, we > check first if we are not in a nesting interrupt, whether the inner > interrupt is a hard or a soft IRQ. > > There is a historical reason for that: the dyntick idle mode used to > reprogram the tick on IRQ exit, after softirq processing, and there was > no point in doing that job in the outer nesting interrupt because the > tick update will be performed through the end of the inner interrupt > eventually, with even potential new timer updates. > > One corner case could show up though: if an idle tick interrupts a softirq > executing inline in the idle loop (through a call to local_bh_enable()) > after we entered in dynticks mode, the IRQ won't reprogram the tick > because it assumes the softirq executes on an inner IRQ-tail. As a > result we might put the CPU in sleep mode with the tick completely > stopped whereas a timer can still be enqueued. Indeed there is no tick > reprogramming in local_bh_enable(). We probably asssumed there was no bh > disabled section in idle, although there didn't seem to be debug code > ensuring that. > > Nowadays the nesting interrupt optimization still stands but only concern > full dynticks. The tick is stopped on IRQ exit in full dynticks mode > and we want to wait for the end of the inner IRQ to reprogramm the tick. > But in_interrupt() doesn't make a difference between softirqs executing > on IRQ tail and those executing inline. What was to be considered a > corner case in dynticks-idle mode now becomes a serious opportunity for > a bug in full dynticks mode: if a tick interrupts a task executing > softirq inline, the tick reprogramming will be ignored and we may exit > to userspace after local_bh_enable() with an enqueued timer that will > never fire. > > To fix this, simply keep reprogramming the tick if we are in a hardirq > interrupting softirq. We can still figure out a way later to restore > this optimization while excluding inline softirq processing. > > Reported-by: Anna-Maria Gleixner <anna-maria(a)linutronix.de> > Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> > Cc: Thomas Gleixner <tglx(a)linutronix.de> > Cc: Ingo Molnar <mingo(a)kernel.org> > Tested-by: Anna-Maria Gleixner <anna-maria(a)linutronix.de> > --- > kernel/softirq.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/softirq.c b/kernel/softirq.c > index 900dcfe..0980a81 100644 > --- a/kernel/softirq.c > +++ b/kernel/softirq.c > @@ -386,7 +386,7 @@ static inline void tick_irq_exit(void) > > /* Make sure that timer wheel updates are propagated */ > if ((idle_cpu(cpu) && !need_resched()) || tick_nohz_full_cpu(cpu)) { > - if (!in_interrupt()) > + if (!in_irq()) > tick_nohz_irq_exit(); > } > #endif > This patch was back ported to the Stable linux-4.14.y and It causes regression - flood of "NOHZ: local_softirq_pending" messages on all TI boards during boot (NFS boot): [ 4.179796] NOHZ: local_softirq_pending 2c2 in sirq 256 [ 4.185051] NOHZ: local_softirq_pending 2c2 in sirq 256 the same is not reproducible with LKML - seems due to changes in tick-sched.c __tick_nohz_idle_enter()/tick_nohz_irq_exit(). I've generated backtrace from can_stop_idle_tick() (see below) and seems this patch makes tick_nohz_irq_exit() call unconditional in case of nested interrupt: gic_handle_irq |- irq_exit |- preempt_count_sub(HARDIRQ_OFFSET); <-- [1] |-__do_softirq <irqs enabled> |- gic_handle_irq() |- irq_exit() |- tick_irq_exit() if (!in_irq()) <-- My understanding is that this condition will be always true due to [1] tick_nohz_irq_exit(); |-__tick_nohz_idle_enter() |- can_stop_idle_tick() Sry, not sure if my conclusion is right and how can it be fixed. [ 3.842320] NOHZ: local_softirq_pending 40 in sirq 256 [ 3.847485] ------------[ cut here ]------------ [ 3.852133] WARNING: CPU: 0 PID: 0 at kernel/time/tick-sched.c:915 __tick_nohz_idle_enter+0x4b8/0x568 [ 3.861393] Modules linked in: [ 3.864469] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.14.66-01768-gc26f664-dirty #311 [ 3.872506] Hardware name: Generic DRA74X (Flattened Device Tree) [ 3.878623] Backtrace: [ 3.881091] [<c010c050>] (dump_backtrace) from [<c010c320>] (show_stack+0x18/0x1c) [ 3.888696] r7:00000009 r6:600f0193 r5:00000000 r4:c0c5fca4 [ 3.894386] [<c010c308>] (show_stack) from [<c07ad028>] (dump_stack+0x8c/0xa0) [ 3.901645] [<c07acf9c>] (dump_stack) from [<c012e558>] (__warn+0xec/0x104) [ 3.908638] r7:00000009 r6:c0996d08 r5:00000000 r4:00000000 [ 3.914329] [<c012e46c>] (__warn) from [<c012e628>] (warn_slowpath_null+0x28/0x30) [ 3.921933] r9:00000000 r8:e4e1f7de r7:c0c8c1d8 r6:c0c65180 r5:00000000 r4:eed408e8 [ 3.929715] [<c012e600>] (warn_slowpath_null) from [<c01a9780>] (__tick_nohz_idle_enter+0x4b8/0x568) [ 3.938890] [<c01a92c8>] (__tick_nohz_idle_enter) from [<c01a9c74>] (tick_nohz_irq_exit+0x2c/0x30) [ 3.947890] r10:c0c01f50 r9:c0c00000 r8:ee008000 r7:00000000 r6:c0c01ee0 r5:00000048 [ 3.955752] r4:c0b62afc [ 3.958301] [<c01a9c48>] (tick_nohz_irq_exit) from [<c0133748>] (irq_exit+0xf4/0x144) [ 3.966173] [<c0133654>] (irq_exit) from [<c0181e6c>] (__handle_domain_irq+0x68/0xbc) [ 3.974043] [<c0181e04>] (__handle_domain_irq) from [<c0101508>] (gic_handle_irq+0x44/0x80) [ 3.982432] r9:c0c00000 r8:fa213000 r7:fa212000 r6:c0c01dd0 r5:fa21200c r4:c0c03ff0 [ 3.990211] [<c01014c4>] (gic_handle_irq) from [<c010cf4c>] (__irq_svc+0x6c/0xa8) [ 3.997726] Exception stack(0xc0c01dd0 to 0xc0c01e18) [ 4.002800] 1dc0: 00000000 c0c65180 00000000 00000000 [ 4.011017] 1de0: 00000280 00000013 c0c00000 00000000 ee008000 c0c00000 c0c01f50 c0c01e7c [ 4.019232] 1e00: c0c01e80 c0c01e20 c0133730 c01015dc 600f0113 ffffffff [ 4.025877] r9:c0c00000 r8:ee008000 r7:c0c01e04 r6:ffffffff r5:600f0113 r4:c01015dc [ 4.033659] [<c0101548>] (__do_softirq) from [<c0133730>] (irq_exit+0xdc/0x144) [ 4.041002] r10:c0c01f50 r9:c0c00000 r8:ee008000 r7:00000000 r6:00000000 r5:00000013 [ 4.048863] r4:c0b62afc [ 4.051414] [<c0133654>] (irq_exit) from [<c0181e6c>] (__handle_domain_irq+0x68/0xbc) [ 4.059280] [<c0181e04>] (__handle_domain_irq) from [<c0101508>] (gic_handle_irq+0x44/0x80) [ 4.067670] r9:c0c00000 r8:fa213000 r7:fa212000 r6:c0c01ee0 r5:fa21200c r4:c0c03ff0 [ 4.075448] [<c01014c4>] (gic_handle_irq) from [<c010cf4c>] (__irq_svc+0x6c/0xa8) [ 4.082963] Exception stack(0xc0c01ee0 to 0xc0c01f28) [ 4.088041] 1ee0: 00000001 00000000 fe600000 00000000 c0c00000 c0c03cc8 c0c03c68 c0b623b8 [ 4.096258] 1f00: 00000000 00000000 c0c01f50 c0c01f3c c0c01f1c c0c01f30 c0120f14 c0108ae4 [ 4.104469] 1f20: 600f0013 ffffffff [ 4.107975] r9:c0c00000 r8:00000000 r7:c0c01f14 r6:ffffffff r5:600f0013 r4:c0108ae4 [ 4.115760] [<c0108abc>] (arch_cpu_idle) from [<c07c6a14>] (default_idle_call+0x28/0x34) [ 4.123894] [<c07c69ec>] (default_idle_call) from [<c016e4a4>] (do_idle+0x180/0x214) [ 4.131676] [<c016e324>] (do_idle) from [<c016e7fc>] (cpu_startup_entry+0x20/0x24) [ 4.139283] r10:effff7c0 r9:c0b48a30 r8:c0c64000 r7:c0c03c40 r6:ffffffff r5:00000002 [ 4.147146] r4:000000be [ 4.149698] [<c016e7dc>] (cpu_startup_entry) from [<c07c12e4>] (rest_init+0xd8/0xdc) [ 4.157483] [<c07c120c>] (rest_init) from [<c0b00d8c>] (start_kernel+0x3cc/0x3d8) [ 4.164997] r5:c0c64000 r4:c0c6404c [ 4.168592] [<c0b009c0>] (start_kernel) from [<8000807c>] (0x8000807c) [ 4.175148] ---[ end trace 9c10a64bf81ad3fe ]--- -- regards, -grygorii

6 years, 9 months

5
9
0 0

[PATCH v2] x86/nmi: Fix some races in NMI uaccess

by Andy Lutomirski

In NMI context, we might be in the middle of context switching or in the middle of switch_mm_irqs_off(). In either case, CR3 might not match current->mm, which could cause copy_from_user_nmi() and friends to read the wrong memory. Fix it by adding a new nmi_uaccess_okay() helper and checking it in copy_from_user_nmi() and in __copy_from_user_nmi()'s callers. Cc: stable(a)vger.kernel.org Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Nadav Amit <nadav.amit(a)gmail.com> Signed-off-by: Andy Lutomirski <luto(a)kernel.org> --- Nadav, this is intended for your series. Want to add it right before the use_temporary_mm() stuff? Changes from v1: - Improved comments - Add debugging - Fix bugs arch/x86/events/core.c | 2 +- arch/x86/include/asm/tlbflush.h | 44 +++++++++++++++++++++++++++++++++ arch/x86/lib/usercopy.c | 5 ++++ arch/x86/mm/tlb.c | 7 ++++++ 4 files changed, 57 insertions(+), 1 deletion(-) diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c index 5f4829f10129..dfb2f7c0d019 100644 --- a/arch/x86/events/core.c +++ b/arch/x86/events/core.c @@ -2465,7 +2465,7 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs perf_callchain_store(entry, regs->ip); - if (!current->mm) + if (!nmi_uaccess_okay()) return; if (perf_callchain_user32(regs, entry)) diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h index 29c9da6c62fc..183d36a98b04 100644 --- a/arch/x86/include/asm/tlbflush.h +++ b/arch/x86/include/asm/tlbflush.h @@ -175,8 +175,16 @@ struct tlb_state { * are on. This means that it may not match current->active_mm, * which will contain the previous user mm when we're in lazy TLB * mode even if we've already switched back to swapper_pg_dir. + * + * During switch_mm_irqs_off(), loaded_mm will be set to + * LOADED_MM_SWITCHING during the brief interrupts-off window + * when CR3 and loaded_mm would otherwise be inconsistent. This + * is for nmi_uaccess_okay()'s benefit. */ struct mm_struct *loaded_mm; + +#define LOADED_MM_SWITCHING ((struct mm_struct *)1) + u16 loaded_mm_asid; u16 next_asid; /* last user mm's ctx id */ @@ -246,6 +254,42 @@ struct tlb_state { }; DECLARE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate); +/* + * Blindly accessing user memory from NMI context can be dangerous + * if we're in the middle of switching the current user task or + * switching the loaded mm. It can also be dangerous if we + * interrupted some kernel code that was temporarily using a + * different mm. + */ +static inline bool nmi_uaccess_okay(void) +{ + struct mm_struct *loaded_mm = this_cpu_read(cpu_tlbstate.loaded_mm); + struct mm_struct *current_mm = current->mm; + +#ifdef CONFIG_DEBUG_VM + WARN_ON_ONCE(!loaded_mm); +#endif + + /* + * The condition we want to check is + * current_mm->pgd == __va(read_cr3_pa()). This may be slow, though, + * if we're running in a VM with shadow paging, and nmi_uaccess_okay() + * is supposed to be reasonably fast. + * + * Instead, we check the almost equivalent but somewhat conservative + * condition below, and we rely on the fact that switch_mm_irqs_off() + * sets loaded_mm to LOADED_MM_SWITCHING before writing to CR3. + */ + if (loaded_mm != current_mm) + return false; + +#ifdef CONFIG_DEBUG_VM + WARN_ON_ONCE(current_mm->pgd != __va(read_cr3_pa())); +#endif + + return true; +} + /* Initialize cr4 shadow for this CPU. */ static inline void cr4_init_shadow(void) { diff --git a/arch/x86/lib/usercopy.c b/arch/x86/lib/usercopy.c index c8c6ad0d58b8..3f435d7fca5e 100644 --- a/arch/x86/lib/usercopy.c +++ b/arch/x86/lib/usercopy.c @@ -7,6 +7,8 @@ #include <linux/uaccess.h> #include <linux/export.h> +#include <asm/tlbflush.h> + /* * We rely on the nested NMI work to allow atomic faults from the NMI path; the * nested NMI paths are careful to preserve CR2. @@ -19,6 +21,9 @@ copy_from_user_nmi(void *to, const void __user *from, unsigned long n) if (__range_not_ok(from, n, TASK_SIZE)) return n; + if (!nmi_uaccess_okay()) + return n; + /* * Even though this function is typically called from NMI/IRQ context * disable pagefaults so that its behaviour is consistent even when diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c index e721cf2d4290..707d2b2a333f 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -304,6 +304,10 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, choose_new_asid(next, next_tlb_gen, &new_asid, &need_flush); + /* Let nmi_uaccess_okay() know that we're changing CR3. */ + this_cpu_write(cpu_tlbstate.loaded_mm, LOADED_MM_SWITCHING); + barrier(); + if (need_flush) { this_cpu_write(cpu_tlbstate.ctxs[new_asid].ctx_id, next->context.ctx_id); this_cpu_write(cpu_tlbstate.ctxs[new_asid].tlb_gen, next_tlb_gen); @@ -334,6 +338,9 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, if (next != &init_mm) this_cpu_write(cpu_tlbstate.last_ctx_id, next->context.ctx_id); + /* Make sure we write CR3 before loaded_mm. */ + barrier(); + this_cpu_write(cpu_tlbstate.loaded_mm, next); this_cpu_write(cpu_tlbstate.loaded_mm_asid, new_asid); } -- 2.17.1

6 years, 9 months

5
5
0 0

[PATCH 3/7] mm/hmm: fix race between hmm_mirror_unregister() and mmu_notifier callback

by jglisse＠redhat.com

From: Ralph Campbell <rcampbell(a)nvidia.com> In hmm_mirror_unregister(), mm->hmm is set to NULL and then mmu_notifier_unregister_no_release() is called. That creates a small window where mmu_notifier can call mmu_notifier_ops with mm->hmm equal to NULL. Fix this by first unregistering mmu notifier callbacks and then setting mm->hmm to NULL. Similarly in hmm_register(), set mm->hmm before registering mmu_notifier callbacks so callback functions always see mm->hmm set. Signed-off-by: Ralph Campbell <rcampbell(a)nvidia.com> Reviewed-by: John Hubbard <jhubbard(a)nvidia.com> Reviewed-by: Jérôme Glisse <jglisse(a)redhat.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: stable(a)vger.kernel.org --- mm/hmm.c | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/mm/hmm.c b/mm/hmm.c index 9a068a1da487..a16678d08127 100644 --- a/mm/hmm.c +++ b/mm/hmm.c @@ -91,16 +91,6 @@ static struct hmm *hmm_register(struct mm_struct *mm) spin_lock_init(&hmm->lock); hmm->mm = mm; - /* - * We should only get here if hold the mmap_sem in write mode ie on - * registration of first mirror through hmm_mirror_register() - */ - hmm->mmu_notifier.ops = &hmm_mmu_notifier_ops; - if (__mmu_notifier_register(&hmm->mmu_notifier, mm)) { - kfree(hmm); - return NULL; - } - spin_lock(&mm->page_table_lock); if (!mm->hmm) mm->hmm = hmm; @@ -108,12 +98,27 @@ static struct hmm *hmm_register(struct mm_struct *mm) cleanup = true; spin_unlock(&mm->page_table_lock); - if (cleanup) { - mmu_notifier_unregister(&hmm->mmu_notifier, mm); - kfree(hmm); - } + if (cleanup) + goto error; + + /* + * We should only get here if hold the mmap_sem in write mode ie on + * registration of first mirror through hmm_mirror_register() + */ + hmm->mmu_notifier.ops = &hmm_mmu_notifier_ops; + if (__mmu_notifier_register(&hmm->mmu_notifier, mm)) + goto error_mm; return mm->hmm; + +error_mm: + spin_lock(&mm->page_table_lock); + if (mm->hmm == hmm) + mm->hmm = NULL; + spin_unlock(&mm->page_table_lock); +error: + kfree(hmm); + return NULL; } void hmm_mm_destroy(struct mm_struct *mm) @@ -278,12 +283,13 @@ void hmm_mirror_unregister(struct hmm_mirror *mirror) if (!should_unregister || mm == NULL) return; + mmu_notifier_unregister_no_release(&hmm->mmu_notifier, mm); + spin_lock(&mm->page_table_lock); if (mm->hmm == hmm) mm->hmm = NULL; spin_unlock(&mm->page_table_lock); - mmu_notifier_unregister_no_release(&hmm->mmu_notifier, mm); kfree(hmm); } EXPORT_SYMBOL(hmm_mirror_unregister); -- 2.17.1

6 years, 9 months

2
1
0 0

[PATCH] vmbus: don't return values for uninitalized channels

by kys＠linuxonhyperv.com

From: Stephen Hemminger <stephen(a)networkplumber.org> For unsupported device types, the vmbus channel ringbuffer is never initialized, and therefore reading the sysfs files will return garbage or cause a kernel OOPS. Fixes: c2e5df616e1a ("vmbus: add per-channel sysfs info") Signed-off-by: Stephen Hemminger <sthemmin(a)microsoft.com> Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Cc: <stable(a)vger.kernel.org> # 4.15 --- drivers/hv/vmbus_drv.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index e6d8fdac6d8b..4bbc420d1213 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -1368,6 +1368,9 @@ static ssize_t vmbus_chan_attr_show(struct kobject *kobj, if (!attribute->show) return -EIO; + if (chan->state != CHANNEL_OPENED_STATE) + return -EINVAL; + return attribute->show(chan, buf); } -- 2.18.0

6 years, 9 months

2
1
0 0

[PATCH v2 2/3] x86/mm: add .data..decrypted section to hold shared variables

by Brijesh Singh

kvmclock defines few static variables which are shared with hypervisor during the kvmclock initialization. When SEV is active, memory is encrypted with a guest-specific key, and if guest OS wants to share the memory region with hypervisor then it must clear the C-bit before sharing it. Currently, we use kernel_physical_mapping_init() to split large pages before clearing the C-bit on shared pages. But the kernel_physical_mapping_init fails when called from the kvmclock initialization (mainly because memblock allocator was not ready). The '__decrypted' can be used to define a shared variable; the variables will be put in the .data.decryption section. This section is mapped with C=0 early in the boot, we also ensure that the initialized values are updated to match with C=0 (i.e perform an in-place decryption). The .data..decrypted section is PMD aligned and sized so that we avoid the need to split the large pages when mapping this section. The sme_encrypt_kernel() was used to perform the in-place encryption of the Linux kernel and initrd when SME is active. The routine has been enhanced to decrypt the .data..decryption section for both SME and SEV cases. While reusing the sme_populate_pgd() we found that the function does not update the flags if the pte/pmd entry already exists. The patch updates the function to take care of it. Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com> Cc: stable(a)vger.kernel.org Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: kvm(a)vger.kernel.org Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)suse.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: linux-kernel(a)vger.kernel.org Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: kvm(a)vger.kernel.org Cc: "Radim Krčmář" <rkrcmar(a)redhat.com> --- arch/x86/include/asm/mem_encrypt.h | 6 +++ arch/x86/kernel/head64.c | 9 ++++ arch/x86/kernel/vmlinux.lds.S | 17 +++++++ arch/x86/mm/mem_encrypt_identity.c | 100 +++++++++++++++++++++++++++++-------- 4 files changed, 112 insertions(+), 20 deletions(-) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index c064383..802b2eb 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -52,6 +52,8 @@ void __init mem_encrypt_init(void); bool sme_active(void); bool sev_active(void); +#define __decrypted __attribute__((__section__(".data..decrypted"))) + #else /* !CONFIG_AMD_MEM_ENCRYPT */ #define sme_me_mask 0ULL @@ -77,6 +79,8 @@ early_set_memory_decrypted(unsigned long vaddr, unsigned long size) { return 0; static inline int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size) { return 0; } +#define __decrypted + #endif /* CONFIG_AMD_MEM_ENCRYPT */ /* @@ -88,6 +92,8 @@ early_set_memory_encrypted(unsigned long vaddr, unsigned long size) { return 0; #define __sme_pa(x) (__pa(x) | sme_me_mask) #define __sme_pa_nodebug(x) (__pa_nodebug(x) | sme_me_mask) +extern char __start_data_decrypted[], __end_data_decrypted[]; + #endif /* __ASSEMBLY__ */ #endif /* __X86_MEM_ENCRYPT_H__ */ diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 8047379..3e03129 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -112,6 +112,7 @@ static bool __head check_la57_support(unsigned long physaddr) unsigned long __head __startup_64(unsigned long physaddr, struct boot_params *bp) { + unsigned long vaddr, vaddr_end; unsigned long load_delta, *p; unsigned long pgtable_flags; pgdval_t *pgd; @@ -234,6 +235,14 @@ unsigned long __head __startup_64(unsigned long physaddr, /* Encrypt the kernel and related (if SME is active) */ sme_encrypt_kernel(bp); + /* Clear the memory encryption mask from the decrypted section */ + vaddr = (unsigned long)__start_data_decrypted; + vaddr_end = (unsigned long)__end_data_decrypted; + for (; vaddr < vaddr_end; vaddr += PMD_SIZE) { + i = pmd_index(vaddr); + pmd[i] -= sme_get_me_mask(); + } + /* * Return the SME encryption mask (if SME is active) to be used as a * modifier for the initial pgdir entry programmed into CR3. diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 8bde0a4..0ef9320 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -89,6 +89,21 @@ PHDRS { note PT_NOTE FLAGS(0); /* ___ */ } +/* + * This section contains data which will be mapped as decrypted. Memory + * encryption operates on a page basis. But we make this section a pmd + * aligned to avoid spliting the pages while mapping the section early. + * + * Note: We use a separate section so that only this section gets + * decrypted to avoid exposing more than we wish. + */ +#define DATA_DECRYPTED_SECTION \ + . = ALIGN(PMD_SIZE); \ + __start_data_decrypted = .; \ + *(.data..decrypted); \ + . = ALIGN(PMD_SIZE); \ + __end_data_decrypted = .; \ + SECTIONS { #ifdef CONFIG_X86_32 @@ -171,6 +186,8 @@ SECTIONS /* rarely changed data like cpu maps */ READ_MOSTLY_DATA(INTERNODE_CACHE_BYTES) + DATA_DECRYPTED_SECTION + /* End of data section */ _edata = .; } :data diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c index bf6097e..88c1cce 100644 --- a/arch/x86/mm/mem_encrypt_identity.c +++ b/arch/x86/mm/mem_encrypt_identity.c @@ -51,6 +51,8 @@ (_PAGE_PAT | _PAGE_PWT)) #define PMD_FLAGS_ENC (PMD_FLAGS_LARGE | _PAGE_ENC) +#define PMD_FLAGS_ENC_WP ((PMD_FLAGS_ENC & ~_PAGE_CACHE_MASK) | \ + (_PAGE_PAT | _PAGE_PWT)) #define PTE_FLAGS (__PAGE_KERNEL_EXEC & ~_PAGE_GLOBAL) @@ -59,6 +61,8 @@ (_PAGE_PAT | _PAGE_PWT)) #define PTE_FLAGS_ENC (PTE_FLAGS | _PAGE_ENC) +#define PTE_FLAGS_ENC_WP ((PTE_FLAGS_ENC & ~_PAGE_CACHE_MASK) | \ + (_PAGE_PAT | _PAGE_PWT)) struct sme_populate_pgd_data { void *pgtable_area; @@ -154,9 +158,6 @@ static void __init sme_populate_pgd_large(struct sme_populate_pgd_data *ppd) return; pmd = pmd_offset(pud, ppd->vaddr); - if (pmd_large(*pmd)) - return; - set_pmd(pmd, __pmd(ppd->paddr | ppd->pmd_flags)); } @@ -182,8 +183,7 @@ static void __init sme_populate_pgd(struct sme_populate_pgd_data *ppd) return; pte = pte_offset_map(pmd, ppd->vaddr); - if (pte_none(*pte)) - set_pte(pte, __pte(ppd->paddr | ppd->pte_flags)); + set_pte(pte, __pte(ppd->paddr | ppd->pte_flags)); } static void __init __sme_map_range_pmd(struct sme_populate_pgd_data *ppd) @@ -235,6 +235,11 @@ static void __init sme_map_range_encrypted(struct sme_populate_pgd_data *ppd) __sme_map_range(ppd, PMD_FLAGS_ENC, PTE_FLAGS_ENC); } +static void __init sme_map_range_encrypted_wp(struct sme_populate_pgd_data *ppd) +{ + __sme_map_range(ppd, PMD_FLAGS_ENC_WP, PTE_FLAGS_ENC_WP); +} + static void __init sme_map_range_decrypted(struct sme_populate_pgd_data *ppd) { __sme_map_range(ppd, PMD_FLAGS_DEC, PTE_FLAGS_DEC); @@ -382,7 +387,10 @@ static void __init build_workarea_map(struct boot_params *bp, ppd->paddr = workarea_start; ppd->vaddr = workarea_start; ppd->vaddr_end = workarea_end; - sme_map_range_decrypted(ppd); + if (sev_active()) + sme_map_range_encrypted(ppd); + else + sme_map_range_decrypted(ppd); /* Flush the TLB - no globals so cr3 is enough */ native_write_cr3(__native_read_cr3()); @@ -439,16 +447,27 @@ static void __init build_workarea_map(struct boot_params *bp, sme_map_range_decrypted_wp(ppd); } - /* Add decrypted workarea mappings to both kernel mappings */ + /* + * When SEV is active, kernel is already encrypted hence mapping + * the initial workarea_start as encrypted. When SME is active, + * the kernel is not encrypted hence add a decrypted workarea + * mappings to both kernel mappings. + */ ppd->paddr = workarea_start; ppd->vaddr = workarea_start; ppd->vaddr_end = workarea_end; - sme_map_range_decrypted(ppd); + if (sev_active()) + sme_map_range_encrypted(ppd); + else + sme_map_range_decrypted(ppd); ppd->paddr = workarea_start; ppd->vaddr = workarea_start + decrypted_base; ppd->vaddr_end = workarea_end + decrypted_base; - sme_map_range_decrypted(ppd); + if (sev_active()) + sme_map_range_encrypted(ppd); + else + sme_map_range_decrypted(ppd); wa->kernel_start = kernel_start; wa->kernel_end = kernel_end; @@ -491,28 +510,69 @@ static void __init remove_workarea_map(struct sme_workarea_data *wa, native_write_cr3(__native_read_cr3()); } +static void __init decrypt_data_decrypted_section(struct sme_workarea_data *wa, + struct sme_populate_pgd_data *ppd) +{ + unsigned long decrypted_start, decrypted_end, decrypted_len; + + /* Physical addresses of decrypted data section */ + decrypted_start = __pa_symbol(__start_data_decrypted); + decrypted_end = ALIGN(__pa_symbol(__end_data_decrypted), PMD_PAGE_SIZE); + decrypted_len = decrypted_end - decrypted_start; + + if (!decrypted_len) + return; + + /* Add decrypted mapping for the section (identity) */ + ppd->paddr = decrypted_start; + ppd->vaddr = decrypted_start; + ppd->vaddr_end = decrypted_end; + sme_map_range_decrypted(ppd); + + /* Add encrypted-wp mapping for the section (non-identity) */ + ppd->paddr = decrypted_start; + ppd->vaddr = decrypted_start + wa->decrypted_base; + ppd->vaddr_end = decrypted_end + wa->decrypted_base; + sme_map_range_encrypted_wp(ppd); + + /* Perform in-place decryption */ + sme_encrypt_execute(decrypted_start, + decrypted_start + wa->decrypted_base, + decrypted_len, wa->workarea_start, + (unsigned long)ppd->pgd); + + ppd->vaddr = decrypted_start + wa->decrypted_base; + ppd->vaddr_end = decrypted_end + wa->decrypted_base; + sme_clear_pgd(ppd); +} + void __init sme_encrypt_kernel(struct boot_params *bp) { struct sme_populate_pgd_data ppd; struct sme_workarea_data wa; - if (!sme_active()) + if (!mem_encrypt_active()) return; build_workarea_map(bp, &wa, &ppd); - /* When SEV is active, encrypt kernel and initrd */ - sme_encrypt_execute(wa.kernel_start, - wa.kernel_start + wa.decrypted_base, - wa.kernel_len, wa.workarea_start, - (unsigned long)ppd.pgd); - - if (wa.initrd_len) - sme_encrypt_execute(wa.initrd_start, - wa.initrd_start + wa.decrypted_base, - wa.initrd_len, wa.workarea_start, + /* When SME is active, encrypt kernel and initrd */ + if (sme_active()) { + sme_encrypt_execute(wa.kernel_start, + wa.kernel_start + wa.decrypted_base, + wa.kernel_len, wa.workarea_start, (unsigned long)ppd.pgd); + if (wa.initrd_len) + sme_encrypt_execute(wa.initrd_start, + wa.initrd_start + wa.decrypted_base, + wa.initrd_len, wa.workarea_start, + (unsigned long)ppd.pgd); + } + + /* Decrypt the contents of .data..decrypted section */ + decrypt_data_decrypted_section(&wa, &ppd); + remove_workarea_map(&wa, &ppd); } -- 2.7.4

6 years, 9 months

3
7
0 0

[PATCH v4] drm/i915: Re-apply "Perform link quality check, unconditionally during long pulse"

by Lyude Paul

From: Jan-Marek Glogowski <glogow(a)fbihome.de> This re-applies the workaround for "some DP sinks, [which] are a little nuts" from commit 1a36147bb939 ("drm/i915: Perform link quality check unconditionally during long pulse"). It makes the secondary AOC E2460P monitor connected via DP to an acer Veriton N4640G usable again. This hunk was dropped in commit c85d200e8321 ("drm/i915: Move SST DP link retraining into the ->post_hotplug() hook") Fixes: c85d200e8321 ("drm/i915: Move SST DP link retraining into the ->post_hotplug() hook") [Cleaned up commit message, added stable cc] Signed-off-by: Lyude Paul <lyude(a)redhat.com> Signed-off-by: Jan-Marek Glogowski <glogow(a)fbihome.de> Cc: stable(a)vger.kernel.org --- Resending this to update patchwork; will push in a little bit drivers/gpu/drm/i915/intel_dp.c | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c index b3f6f04c3c7d..db8515171270 100644 --- a/drivers/gpu/drm/i915/intel_dp.c +++ b/drivers/gpu/drm/i915/intel_dp.c @@ -4333,18 +4333,6 @@ intel_dp_needs_link_retrain(struct intel_dp *intel_dp) return !drm_dp_channel_eq_ok(link_status, intel_dp->lane_count); } -/* - * If display is now connected check links status, - * there has been known issues of link loss triggering - * long pulse. - * - * Some sinks (eg. ASUS PB287Q) seem to perform some - * weird HPD ping pong during modesets. So we can apparently - * end up with HPD going low during a modeset, and then - * going back up soon after. And once that happens we must - * retrain the link to get a picture. That's in case no - * userspace component reacted to intermittent HPD dip. - */ int intel_dp_retrain_link(struct intel_encoder *encoder, struct drm_modeset_acquire_ctx *ctx) { @@ -5031,7 +5019,8 @@ intel_dp_unset_edid(struct intel_dp *intel_dp) } static int -intel_dp_long_pulse(struct intel_connector *connector) +intel_dp_long_pulse(struct intel_connector *connector, + struct drm_modeset_acquire_ctx *ctx) { struct drm_i915_private *dev_priv = to_i915(connector->base.dev); struct intel_dp *intel_dp = intel_attached_dp(&connector->base); @@ -5090,6 +5079,22 @@ intel_dp_long_pulse(struct intel_connector *connector) */ status = connector_status_disconnected; goto out; + } else { + /* + * If display is now connected check links status, + * there has been known issues of link loss triggering + * long pulse. + * + * Some sinks (eg. ASUS PB287Q) seem to perform some + * weird HPD ping pong during modesets. So we can apparently + * end up with HPD going low during a modeset, and then + * going back up soon after. And once that happens we must + * retrain the link to get a picture. That's in case no + * userspace component reacted to intermittent HPD dip. + */ + struct intel_encoder *encoder = &dp_to_dig_port(intel_dp)->base; + + intel_dp_retrain_link(encoder, ctx); } /* @@ -5151,7 +5156,7 @@ intel_dp_detect(struct drm_connector *connector, return ret; } - status = intel_dp_long_pulse(intel_dp->attached_connector); + status = intel_dp_long_pulse(intel_dp->attached_connector, ctx); } intel_dp->detect_done = false; -- 2.17.1

6 years, 10 months

5
9
0 0

[PATCH] PM / devfreq: Add new name attribute for sysfs

by Chanwoo Choi

commit 4585fbcb5331 ("PM / devfreq: Modify the device name as devfreq(X) for sysfs") changed the node name to devfreq(x). After this commit, it is not possible to get the device name through /sys/class/devfreq/devfreq(X)/*. Add new name attribute in order to get device name. Cc: stable(a)vger.kernel.org Fixes: 4585fbcb5331 ("PM / devfreq: Modify the device name as devfreq(X) for sysfs") Signed-off-by: Chanwoo Choi <cw00.choi(a)samsung.com> --- drivers/devfreq/devfreq.c | 11 +++++++++++ include/linux/devfreq.h | 3 +++ 2 files changed, 14 insertions(+) diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c index 4c49bb1330b5..2145563d5ee5 100644 --- a/drivers/devfreq/devfreq.c +++ b/drivers/devfreq/devfreq.c @@ -620,6 +620,9 @@ struct devfreq *devfreq_add_device(struct device *dev, } devfreq->max_freq = devfreq->scaling_max_freq; + devfreq->name = dev_name(devfreq->dev.parent); + if (IS_ERR_OR_NULL(devfreq->name)) + return -EINVAL; dev_set_name(&devfreq->dev, "devfreq%d", atomic_inc_return(&devfreq_no)); err = device_register(&devfreq->dev); @@ -1261,6 +1264,13 @@ static ssize_t trans_stat_show(struct device *dev, } static DEVICE_ATTR_RO(trans_stat); +static ssize_t name_show(struct device *dev, + struct device_attribute *attr, char *buf) +{ + return sprintf(buf, "%s\n", to_devfreq(dev)->name); +} +static DEVICE_ATTR_RO(name); + static struct attribute *devfreq_attrs[] = { &dev_attr_governor.attr, &dev_attr_available_governors.attr, @@ -1271,6 +1281,7 @@ static ssize_t trans_stat_show(struct device *dev, &dev_attr_min_freq.attr, &dev_attr_max_freq.attr, &dev_attr_trans_stat.attr, + &dev_attr_name.attr, NULL, }; ATTRIBUTE_GROUPS(devfreq); diff --git a/include/linux/devfreq.h b/include/linux/devfreq.h index 3aae5b3af87c..f79b5a666102 100644 --- a/include/linux/devfreq.h +++ b/include/linux/devfreq.h @@ -111,6 +111,7 @@ struct devfreq_dev_profile { /** * struct devfreq - Device devfreq structure + * @name: name of the device * @node: list node - contains the devices with devfreq that have been * registered. * @lock: a mutex to protect accessing devfreq. @@ -146,6 +147,8 @@ struct devfreq_dev_profile { * to protect its own private data in void *data as well. */ struct devfreq { + const char *name; + struct list_head node; struct mutex lock; -- 1.9.1

6 years, 10 months

3
4
0 0

[PATCH RESEND v3 1/6] drm/nouveau: Check backlight IDs are >= 0, not > 0

by Lyude Paul

Remember, ida IDs start at 0, not 1! Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Karol Herbst <kherbst(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/nouveau_backlight.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_backlight.c b/drivers/gpu/drm/nouveau/nouveau_backlight.c index 408b955e5c39..6dd72bc32897 100644 --- a/drivers/gpu/drm/nouveau/nouveau_backlight.c +++ b/drivers/gpu/drm/nouveau/nouveau_backlight.c @@ -116,7 +116,7 @@ nv40_backlight_init(struct drm_connector *connector) &nv40_bl_ops, &props); if (IS_ERR(bd)) { - if (bl_connector.id > 0) + if (bl_connector.id >= 0) ida_simple_remove(&bl_ida, bl_connector.id); return PTR_ERR(bd); } @@ -249,7 +249,7 @@ nv50_backlight_init(struct drm_connector *connector) nv_encoder, ops, &props); if (IS_ERR(bd)) { - if (bl_connector.id > 0) + if (bl_connector.id >= 0) ida_simple_remove(&bl_ida, bl_connector.id); return PTR_ERR(bd); } -- 2.17.1

6 years, 10 months

1
0
0 0

[PATCH v2 1/5] drm/nouveau: Check backlight IDs are >= 0, not > 0

by Lyude Paul

Remember, ida IDs start at 0, not 1! Signed-off-by: Lyude Paul <lyude(a)redhat.com> Reviewed-by: Karol Herbst <kherbst(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/nouveau_backlight.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_backlight.c b/drivers/gpu/drm/nouveau/nouveau_backlight.c index 408b955e5c39..6dd72bc32897 100644 --- a/drivers/gpu/drm/nouveau/nouveau_backlight.c +++ b/drivers/gpu/drm/nouveau/nouveau_backlight.c @@ -116,7 +116,7 @@ nv40_backlight_init(struct drm_connector *connector) &nv40_bl_ops, &props); if (IS_ERR(bd)) { - if (bl_connector.id > 0) + if (bl_connector.id >= 0) ida_simple_remove(&bl_ida, bl_connector.id); return PTR_ERR(bd); } @@ -249,7 +249,7 @@ nv50_backlight_init(struct drm_connector *connector) nv_encoder, ops, &props); if (IS_ERR(bd)) { - if (bl_connector.id > 0) + if (bl_connector.id >= 0) ida_simple_remove(&bl_ida, bl_connector.id); return PTR_ERR(bd); } -- 2.17.1

6 years, 10 months

1
0
0 0

[PATCH v2 2/2] ARM: dts: exynos: Mark 1GHz CPU OPP as suspend OPP

by Marek Szyprowski

1GHz CPU OPP is the default boot value for the Exynos5250 SOC, so mark it as suspend OPP. This fixes suspend/resume on Samsung Exynos5250 Snow Chomebook, which was broken since switching to generic cpufreq-dt driver in v4.3. CC: <stable(a)vger.kernel.org> # 4.3.x: cd6f55457eb4 ARM: dts: exynos: Remove "cooling-{min|max}-level" for CPU nodes CC: <stable(a)vger.kernel.org> # 4.3.x: 672f33198bee arm: dts: exynos: Add missing cooling device properties for CPUs CC: <stable(a)vger.kernel.org> # 4.3.x Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Reviewed-by: Chanwoo Choi <cw00.choi(a)samsung.com> Acked-by: Bartlomiej Zolnierkiewicz <b.zolnierkie(a)samsung.com> --- arch/arm/boot/dts/exynos5250.dtsi | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm/boot/dts/exynos5250.dtsi b/arch/arm/boot/dts/exynos5250.dtsi index 8746189990eb..b85527faa6ea 100644 --- a/arch/arm/boot/dts/exynos5250.dtsi +++ b/arch/arm/boot/dts/exynos5250.dtsi @@ -118,6 +118,7 @@ opp-hz = /bits/ 64 <1000000000>; opp-microvolt = <1075000>; clock-latency-ns = <140000>; + opp-suspend; }; opp-1100000000 { opp-hz = /bits/ 64 <1100000000>; -- 2.17.1

6 years, 10 months

2
1
0 0

[PATCH v2 1/2] ARM: dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings

by Marek Szyprowski

Convert Exynos5250 to OPP-v2 bindings. This is a preparation to add proper support for suspend operation point, which cannot be marked in opp-v1. CC: <stable(a)vger.kernel.org> # 4.3.x: cd6f55457eb4 ARM: dts: exynos: Remove "cooling-{min|max}-level" for CPU nodes CC: <stable(a)vger.kernel.org> # 4.3.x: 672f33198bee arm: dts: exynos: Add missing cooling device properties for CPUs CC: <stable(a)vger.kernel.org> # 4.3.x Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Reviewed-by: Chanwoo Choi <cw00.choi(a)samsung.com> Acked-by: Bartlomiej Zolnierkiewicz <b.zolnierkie(a)samsung.com> --- arch/arm/boot/dts/exynos5250.dtsi | 130 ++++++++++++++++++++---------- 1 file changed, 88 insertions(+), 42 deletions(-) diff --git a/arch/arm/boot/dts/exynos5250.dtsi b/arch/arm/boot/dts/exynos5250.dtsi index da163a40af15..8746189990eb 100644 --- a/arch/arm/boot/dts/exynos5250.dtsi +++ b/arch/arm/boot/dts/exynos5250.dtsi @@ -54,62 +54,108 @@ device_type = "cpu"; compatible = "arm,cortex-a15"; reg = <0>; - clock-frequency = <1700000000>; clocks = <&clock CLK_ARM_CLK>; clock-names = "cpu"; - clock-latency = <140000>; - - operating-points = < - 1700000 1300000 - 1600000 1250000 - 1500000 1225000 - 1400000 1200000 - 1300000 1150000 - 1200000 1125000 - 1100000 1100000 - 1000000 1075000 - 900000 1050000 - 800000 1025000 - 700000 1012500 - 600000 1000000 - 500000 975000 - 400000 950000 - 300000 937500 - 200000 925000 - >; + operating-points-v2 = <&cpu0_opp_table>; #cooling-cells = <2>; /* min followed by max */ }; cpu@1 { device_type = "cpu"; compatible = "arm,cortex-a15"; reg = <1>; - clock-frequency = <1700000000>; clocks = <&clock CLK_ARM_CLK>; clock-names = "cpu"; - clock-latency = <140000>; - - operating-points = < - 1700000 1300000 - 1600000 1250000 - 1500000 1225000 - 1400000 1200000 - 1300000 1150000 - 1200000 1125000 - 1100000 1100000 - 1000000 1075000 - 900000 1050000 - 800000 1025000 - 700000 1012500 - 600000 1000000 - 500000 975000 - 400000 950000 - 300000 937500 - 200000 925000 - >; + operating-points-v2 = <&cpu0_opp_table>; #cooling-cells = <2>; /* min followed by max */ }; }; + cpu0_opp_table: opp_table0 { + compatible = "operating-points-v2"; + opp-shared; + + opp-200000000 { + opp-hz = /bits/ 64 <200000000>; + opp-microvolt = <925000>; + clock-latency-ns = <140000>; + }; + opp-300000000 { + opp-hz = /bits/ 64 <300000000>; + opp-microvolt = <937500>; + clock-latency-ns = <140000>; + }; + opp-400000000 { + opp-hz = /bits/ 64 <400000000>; + opp-microvolt = <950000>; + clock-latency-ns = <140000>; + }; + opp-500000000 { + opp-hz = /bits/ 64 <500000000>; + opp-microvolt = <975000>; + clock-latency-ns = <140000>; + }; + opp-600000000 { + opp-hz = /bits/ 64 <600000000>; + opp-microvolt = <1000000>; + clock-latency-ns = <140000>; + }; + opp-700000000 { + opp-hz = /bits/ 64 <700000000>; + opp-microvolt = <1012500>; + clock-latency-ns = <140000>; + }; + opp-800000000 { + opp-hz = /bits/ 64 <800000000>; + opp-microvolt = <1025000>; + clock-latency-ns = <140000>; + }; + opp-900000000 { + opp-hz = /bits/ 64 <900000000>; + opp-microvolt = <1050000>; + clock-latency-ns = <140000>; + }; + opp-1000000000 { + opp-hz = /bits/ 64 <1000000000>; + opp-microvolt = <1075000>; + clock-latency-ns = <140000>; + }; + opp-1100000000 { + opp-hz = /bits/ 64 <1100000000>; + opp-microvolt = <1100000>; + clock-latency-ns = <140000>; + }; + opp-1200000000 { + opp-hz = /bits/ 64 <1200000000>; + opp-microvolt = <1125000>; + clock-latency-ns = <140000>; + }; + opp-1300000000 { + opp-hz = /bits/ 64 <1300000000>; + opp-microvolt = <1150000>; + clock-latency-ns = <140000>; + }; + opp-1400000000 { + opp-hz = /bits/ 64 <1400000000>; + opp-microvolt = <1200000>; + clock-latency-ns = <140000>; + }; + opp-1500000000 { + opp-hz = /bits/ 64 <1500000000>; + opp-microvolt = <1225000>; + clock-latency-ns = <140000>; + }; + opp-1600000000 { + opp-hz = /bits/ 64 <1600000000>; + opp-microvolt = <1250000>; + clock-latency-ns = <140000>; + }; + opp-1700000000 { + opp-hz = /bits/ 64 <1700000000>; + opp-microvolt = <1300000>; + clock-latency-ns = <140000>; + }; + }; + soc: soc { sysram@2020000 { compatible = "mmio-sram"; -- 2.17.1

6 years, 10 months

2
1
0 0

FAILED: patch "[PATCH] Btrfs: fix mount failure after fsync due to hard link" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0d836392cadd5535f4184d46d901a82eb276ed62 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 20 Jul 2018 10:59:06 +0100 Subject: [PATCH] Btrfs: fix mount failure after fsync due to hard link recreation If we end up with logging an inode reference item which has the same name but different index from the one we have persisted, we end up failing when replaying the log with an errno value of -EEXIST. The error comes from btrfs_add_link(), which is called from add_inode_ref(), when we are replaying an inode reference item. Example scenario where this happens: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ touch /mnt/foo $ ln /mnt/foo /mnt/bar $ sync # Rename the first hard link (foo) to a new name and rename the second # hard link (bar) to the old name of the first hard link (foo). $ mv /mnt/foo /mnt/qwerty $ mv /mnt/bar /mnt/foo # Create a new file, in the same parent directory, with the old name of # the second hard link (bar) and fsync this new file. # We do this instead of calling fsync on foo/qwerty because if we did # that the fsync resulted in a full transaction commit, not triggering # the problem. $ touch /mnt/bar $ xfs_io -c "fsync" /mnt/bar <power fail> $ mount /dev/sdb /mnt mount: mount /dev/sdb on /mnt failed: File exists So fix this by checking if a conflicting inode reference exists (same name, same parent but different index), removing it (and the associated dir index entries from the parent inode) if it exists, before attempting to add the new reference. A test case for fstests follows soon. CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 10f6a4223897..033aeebbe9de 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -1290,6 +1290,46 @@ static int unlink_old_inode_refs(struct btrfs_trans_handle *trans, return ret; } +static int btrfs_inode_ref_exists(struct inode *inode, struct inode *dir, + const u8 ref_type, const char *name, + const int namelen) +{ + struct btrfs_key key; + struct btrfs_path *path; + const u64 parent_id = btrfs_ino(BTRFS_I(dir)); + int ret; + + path = btrfs_alloc_path(); + if (!path) + return -ENOMEM; + + key.objectid = btrfs_ino(BTRFS_I(inode)); + key.type = ref_type; + if (key.type == BTRFS_INODE_REF_KEY) + key.offset = parent_id; + else + key.offset = btrfs_extref_hash(parent_id, name, namelen); + + ret = btrfs_search_slot(NULL, BTRFS_I(inode)->root, &key, path, 0, 0); + if (ret < 0) + goto out; + if (ret > 0) { + ret = 0; + goto out; + } + if (key.type == BTRFS_INODE_EXTREF_KEY) + ret = btrfs_find_name_in_ext_backref(path->nodes[0], + path->slots[0], parent_id, + name, namelen, NULL); + else + ret = btrfs_find_name_in_backref(path->nodes[0], path->slots[0], + name, namelen, NULL); + +out: + btrfs_free_path(path); + return ret; +} + /* * replay one inode back reference item found in the log tree. * eb, slot and key refer to the buffer and key found in the log tree. @@ -1399,6 +1439,32 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans, } } + /* + * If a reference item already exists for this inode + * with the same parent and name, but different index, + * drop it and the corresponding directory index entries + * from the parent before adding the new reference item + * and dir index entries, otherwise we would fail with + * -EEXIST returned from btrfs_add_link() below. + */ + ret = btrfs_inode_ref_exists(inode, dir, key->type, + name, namelen); + if (ret > 0) { + ret = btrfs_unlink_inode(trans, root, + BTRFS_I(dir), + BTRFS_I(inode), + name, namelen); + /* + * If we dropped the link count to 0, bump it so + * that later the iput() on the inode will not + * free it. We will fixup the link count later. + */ + if (!ret && inode->i_nlink == 0) + inc_nlink(inode); + } + if (ret < 0) + goto out; + /* insert our name */ ret = btrfs_add_link(trans, BTRFS_I(dir), BTRFS_I(inode),

6 years, 10 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix mount failure after fsync due to hard link" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0d836392cadd5535f4184d46d901a82eb276ed62 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 20 Jul 2018 10:59:06 +0100 Subject: [PATCH] Btrfs: fix mount failure after fsync due to hard link recreation If we end up with logging an inode reference item which has the same name but different index from the one we have persisted, we end up failing when replaying the log with an errno value of -EEXIST. The error comes from btrfs_add_link(), which is called from add_inode_ref(), when we are replaying an inode reference item. Example scenario where this happens: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ touch /mnt/foo $ ln /mnt/foo /mnt/bar $ sync # Rename the first hard link (foo) to a new name and rename the second # hard link (bar) to the old name of the first hard link (foo). $ mv /mnt/foo /mnt/qwerty $ mv /mnt/bar /mnt/foo # Create a new file, in the same parent directory, with the old name of # the second hard link (bar) and fsync this new file. # We do this instead of calling fsync on foo/qwerty because if we did # that the fsync resulted in a full transaction commit, not triggering # the problem. $ touch /mnt/bar $ xfs_io -c "fsync" /mnt/bar <power fail> $ mount /dev/sdb /mnt mount: mount /dev/sdb on /mnt failed: File exists So fix this by checking if a conflicting inode reference exists (same name, same parent but different index), removing it (and the associated dir index entries from the parent inode) if it exists, before attempting to add the new reference. A test case for fstests follows soon. CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 10f6a4223897..033aeebbe9de 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -1290,6 +1290,46 @@ static int unlink_old_inode_refs(struct btrfs_trans_handle *trans, return ret; } +static int btrfs_inode_ref_exists(struct inode *inode, struct inode *dir, + const u8 ref_type, const char *name, + const int namelen) +{ + struct btrfs_key key; + struct btrfs_path *path; + const u64 parent_id = btrfs_ino(BTRFS_I(dir)); + int ret; + + path = btrfs_alloc_path(); + if (!path) + return -ENOMEM; + + key.objectid = btrfs_ino(BTRFS_I(inode)); + key.type = ref_type; + if (key.type == BTRFS_INODE_REF_KEY) + key.offset = parent_id; + else + key.offset = btrfs_extref_hash(parent_id, name, namelen); + + ret = btrfs_search_slot(NULL, BTRFS_I(inode)->root, &key, path, 0, 0); + if (ret < 0) + goto out; + if (ret > 0) { + ret = 0; + goto out; + } + if (key.type == BTRFS_INODE_EXTREF_KEY) + ret = btrfs_find_name_in_ext_backref(path->nodes[0], + path->slots[0], parent_id, + name, namelen, NULL); + else + ret = btrfs_find_name_in_backref(path->nodes[0], path->slots[0], + name, namelen, NULL); + +out: + btrfs_free_path(path); + return ret; +} + /* * replay one inode back reference item found in the log tree. * eb, slot and key refer to the buffer and key found in the log tree. @@ -1399,6 +1439,32 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans, } } + /* + * If a reference item already exists for this inode + * with the same parent and name, but different index, + * drop it and the corresponding directory index entries + * from the parent before adding the new reference item + * and dir index entries, otherwise we would fail with + * -EEXIST returned from btrfs_add_link() below. + */ + ret = btrfs_inode_ref_exists(inode, dir, key->type, + name, namelen); + if (ret > 0) { + ret = btrfs_unlink_inode(trans, root, + BTRFS_I(dir), + BTRFS_I(inode), + name, namelen); + /* + * If we dropped the link count to 0, bump it so + * that later the iput() on the inode will not + * free it. We will fixup the link count later. + */ + if (!ret && inode->i_nlink == 0) + inc_nlink(inode); + } + if (ret < 0) + goto out; + /* insert our name */ ret = btrfs_add_link(trans, BTRFS_I(dir), BTRFS_I(inode),

6 years, 10 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix mount failure after fsync due to hard link" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0d836392cadd5535f4184d46d901a82eb276ed62 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Fri, 20 Jul 2018 10:59:06 +0100 Subject: [PATCH] Btrfs: fix mount failure after fsync due to hard link recreation If we end up with logging an inode reference item which has the same name but different index from the one we have persisted, we end up failing when replaying the log with an errno value of -EEXIST. The error comes from btrfs_add_link(), which is called from add_inode_ref(), when we are replaying an inode reference item. Example scenario where this happens: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ touch /mnt/foo $ ln /mnt/foo /mnt/bar $ sync # Rename the first hard link (foo) to a new name and rename the second # hard link (bar) to the old name of the first hard link (foo). $ mv /mnt/foo /mnt/qwerty $ mv /mnt/bar /mnt/foo # Create a new file, in the same parent directory, with the old name of # the second hard link (bar) and fsync this new file. # We do this instead of calling fsync on foo/qwerty because if we did # that the fsync resulted in a full transaction commit, not triggering # the problem. $ touch /mnt/bar $ xfs_io -c "fsync" /mnt/bar <power fail> $ mount /dev/sdb /mnt mount: mount /dev/sdb on /mnt failed: File exists So fix this by checking if a conflicting inode reference exists (same name, same parent but different index), removing it (and the associated dir index entries from the parent inode) if it exists, before attempting to add the new reference. A test case for fstests follows soon. CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 10f6a4223897..033aeebbe9de 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -1290,6 +1290,46 @@ again: return ret; } +static int btrfs_inode_ref_exists(struct inode *inode, struct inode *dir, + const u8 ref_type, const char *name, + const int namelen) +{ + struct btrfs_key key; + struct btrfs_path *path; + const u64 parent_id = btrfs_ino(BTRFS_I(dir)); + int ret; + + path = btrfs_alloc_path(); + if (!path) + return -ENOMEM; + + key.objectid = btrfs_ino(BTRFS_I(inode)); + key.type = ref_type; + if (key.type == BTRFS_INODE_REF_KEY) + key.offset = parent_id; + else + key.offset = btrfs_extref_hash(parent_id, name, namelen); + + ret = btrfs_search_slot(NULL, BTRFS_I(inode)->root, &key, path, 0, 0); + if (ret < 0) + goto out; + if (ret > 0) { + ret = 0; + goto out; + } + if (key.type == BTRFS_INODE_EXTREF_KEY) + ret = btrfs_find_name_in_ext_backref(path->nodes[0], + path->slots[0], parent_id, + name, namelen, NULL); + else + ret = btrfs_find_name_in_backref(path->nodes[0], path->slots[0], + name, namelen, NULL); + +out: + btrfs_free_path(path); + return ret; +} + /* * replay one inode back reference item found in the log tree. * eb, slot and key refer to the buffer and key found in the log tree. @@ -1399,6 +1439,32 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans, } } + /* + * If a reference item already exists for this inode + * with the same parent and name, but different index, + * drop it and the corresponding directory index entries + * from the parent before adding the new reference item + * and dir index entries, otherwise we would fail with + * -EEXIST returned from btrfs_add_link() below. + */ + ret = btrfs_inode_ref_exists(inode, dir, key->type, + name, namelen); + if (ret > 0) { + ret = btrfs_unlink_inode(trans, root, + BTRFS_I(dir), + BTRFS_I(inode), + name, namelen); + /* + * If we dropped the link count to 0, bump it so + * that later the iput() on the inode will not + * free it. We will fixup the link count later. + */ + if (!ret && inode->i_nlink == 0) + inc_nlink(inode); + } + if (ret < 0) + goto out; + /* insert our name */ ret = btrfs_add_link(trans, BTRFS_I(dir), BTRFS_I(inode),

6 years, 10 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix send failure when root has deleted files still" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 46b2f4590aab71d31088a265c86026b1e96c9de4 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Tue, 24 Jul 2018 11:54:04 +0100 Subject: [PATCH] Btrfs: fix send failure when root has deleted files still open The more common use case of send involves creating a RO snapshot and then use it for a send operation. In this case it's not possible to have inodes in the snapshot that have a link count of zero (inode with an orphan item) since during snapshot creation we do the orphan cleanup. However, other less common use cases for send can end up seeing inodes with a link count of zero and in this case the send operation fails with a ENOENT error because any attempt to generate a path for the inode, with the purpose of creating it or updating it at the receiver, fails since there are no inode reference items. One use case it to use a regular subvolume for a send operation after turning it to RO mode or turning a RW snapshot into RO mode and then using it for a send operation. In both cases, if a file gets all its hard links deleted while there is an open file descriptor before turning the subvolume/snapshot into RO mode, the send operation will encounter an inode with a link count of zero and then fail with errno ENOENT. Example using a full send with a subvolume: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar # keep an open file descriptor on file bar $ exec 73</mnt/sv1/bar $ unlink /mnt/sv1/bar # Turn the subvolume to RO mode and use it for a full send, while # holding the open file descriptor. $ btrfs property set /mnt/sv1 ro true $ btrfs send -f /tmp/full.send /mnt/sv1 At subvol /mnt/sv1 ERROR: send ioctl failed with -2: No such file or directory Example using an incremental send with snapshots: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap1 $ echo "hello world" >> /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap2 # Turn the second snapshot to RW mode and delete file foo while # holding an open file descriptor on it. $ btrfs property set /mnt/snap2 ro false $ exec 73</mnt/snap2/foo $ unlink /mnt/snap2/foo # Set the second snapshot back to RO mode and do an incremental send. $ btrfs property set /mnt/snap2 ro true $ btrfs send -f /tmp/inc.send -p /mnt/snap1 /mnt/snap2 At subvol /mnt/snap2 ERROR: send ioctl failed with -2: No such file or directory So fix this by ignoring inodes with a link count of zero if we are either doing a full send or if they do not exist in the parent snapshot (they are new in the send snapshot), and unlink all paths found in the parent snapshot when doing an incremental send (and ignoring all other inode items, such as xattrs and extents). A test case for fstests follows soon. CC: stable(a)vger.kernel.org # 4.4+ Reported-by: Martin Wilck <martin.wilck(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index 42e04cd3cd95..551294a6c9e2 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -100,6 +100,7 @@ struct send_ctx { u64 cur_inode_rdev; u64 cur_inode_last_extent; u64 cur_inode_next_write_offset; + bool ignore_cur_inode; u64 send_progress; @@ -5796,6 +5797,9 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) int pending_move = 0; int refs_processed = 0; + if (sctx->ignore_cur_inode) + return 0; + ret = process_recorded_refs_if_needed(sctx, at_end, &pending_move, &refs_processed); if (ret < 0) @@ -5914,6 +5918,93 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) return ret; } +struct parent_paths_ctx { + struct list_head *refs; + struct send_ctx *sctx; +}; + +static int record_parent_ref(int num, u64 dir, int index, struct fs_path *name, + void *ctx) +{ + struct parent_paths_ctx *ppctx = ctx; + + return record_ref(ppctx->sctx->parent_root, dir, name, ppctx->sctx, + ppctx->refs); +} + +/* + * Issue unlink operations for all paths of the current inode found in the + * parent snapshot. + */ +static int btrfs_unlink_all_paths(struct send_ctx *sctx) +{ + LIST_HEAD(deleted_refs); + struct btrfs_path *path; + struct btrfs_key key; + struct parent_paths_ctx ctx; + int ret; + + path = alloc_path_for_send(); + if (!path) + return -ENOMEM; + + key.objectid = sctx->cur_ino; + key.type = BTRFS_INODE_REF_KEY; + key.offset = 0; + ret = btrfs_search_slot(NULL, sctx->parent_root, &key, path, 0, 0); + if (ret < 0) + goto out; + + ctx.refs = &deleted_refs; + ctx.sctx = sctx; + + while (true) { + struct extent_buffer *eb = path->nodes[0]; + int slot = path->slots[0]; + + if (slot >= btrfs_header_nritems(eb)) { + ret = btrfs_next_leaf(sctx->parent_root, path); + if (ret < 0) + goto out; + else if (ret > 0) + break; + continue; + } + + btrfs_item_key_to_cpu(eb, &key, slot); + if (key.objectid != sctx->cur_ino) + break; + if (key.type != BTRFS_INODE_REF_KEY && + key.type != BTRFS_INODE_EXTREF_KEY) + break; + + ret = iterate_inode_ref(sctx->parent_root, path, &key, 1, + record_parent_ref, &ctx); + if (ret < 0) + goto out; + + path->slots[0]++; + } + + while (!list_empty(&deleted_refs)) { + struct recorded_ref *ref; + + ref = list_first_entry(&deleted_refs, struct recorded_ref, list); + ret = send_unlink(sctx, ref->full_path); + if (ret < 0) + goto out; + fs_path_free(ref->full_path); + list_del(&ref->list); + kfree(ref); + } + ret = 0; +out: + btrfs_free_path(path); + if (ret) + __free_recorded_refs(&deleted_refs); + return ret; +} + static int changed_inode(struct send_ctx *sctx, enum btrfs_compare_tree_result result) { @@ -5928,6 +6019,7 @@ static int changed_inode(struct send_ctx *sctx, sctx->cur_inode_new_gen = 0; sctx->cur_inode_last_extent = (u64)-1; sctx->cur_inode_next_write_offset = 0; + sctx->ignore_cur_inode = false; /* * Set send_progress to current inode. This will tell all get_cur_xxx @@ -5968,6 +6060,33 @@ static int changed_inode(struct send_ctx *sctx, sctx->cur_inode_new_gen = 1; } + /* + * Normally we do not find inodes with a link count of zero (orphans) + * because the most common case is to create a snapshot and use it + * for a send operation. However other less common use cases involve + * using a subvolume and send it after turning it to RO mode just + * after deleting all hard links of a file while holding an open + * file descriptor against it or turning a RO snapshot into RW mode, + * keep an open file descriptor against a file, delete it and then + * turn the snapshot back to RO mode before using it for a send + * operation. So if we find such cases, ignore the inode and all its + * items completely if it's a new inode, or if it's a changed inode + * make sure all its previous paths (from the parent snapshot) are all + * unlinked and all other the inode items are ignored. + */ + if (result == BTRFS_COMPARE_TREE_NEW || + result == BTRFS_COMPARE_TREE_CHANGED) { + u32 nlinks; + + nlinks = btrfs_inode_nlink(sctx->left_path->nodes[0], left_ii); + if (nlinks == 0) { + sctx->ignore_cur_inode = true; + if (result == BTRFS_COMPARE_TREE_CHANGED) + ret = btrfs_unlink_all_paths(sctx); + goto out; + } + } + if (result == BTRFS_COMPARE_TREE_NEW) { sctx->cur_inode_gen = left_gen; sctx->cur_inode_new = 1; @@ -6306,15 +6425,17 @@ static int changed_cb(struct btrfs_path *left_path, key->objectid == BTRFS_FREE_SPACE_OBJECTID) goto out; - if (key->type == BTRFS_INODE_ITEM_KEY) + if (key->type == BTRFS_INODE_ITEM_KEY) { ret = changed_inode(sctx, result); - else if (key->type == BTRFS_INODE_REF_KEY || - key->type == BTRFS_INODE_EXTREF_KEY) - ret = changed_ref(sctx, result); - else if (key->type == BTRFS_XATTR_ITEM_KEY) - ret = changed_xattr(sctx, result); - else if (key->type == BTRFS_EXTENT_DATA_KEY) - ret = changed_extent(sctx, result); + } else if (!sctx->ignore_cur_inode) { + if (key->type == BTRFS_INODE_REF_KEY || + key->type == BTRFS_INODE_EXTREF_KEY) + ret = changed_ref(sctx, result); + else if (key->type == BTRFS_XATTR_ITEM_KEY) + ret = changed_xattr(sctx, result); + else if (key->type == BTRFS_EXTENT_DATA_KEY) + ret = changed_extent(sctx, result); + } out: return ret;

6 years, 10 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix send failure when root has deleted files still" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 46b2f4590aab71d31088a265c86026b1e96c9de4 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Tue, 24 Jul 2018 11:54:04 +0100 Subject: [PATCH] Btrfs: fix send failure when root has deleted files still open The more common use case of send involves creating a RO snapshot and then use it for a send operation. In this case it's not possible to have inodes in the snapshot that have a link count of zero (inode with an orphan item) since during snapshot creation we do the orphan cleanup. However, other less common use cases for send can end up seeing inodes with a link count of zero and in this case the send operation fails with a ENOENT error because any attempt to generate a path for the inode, with the purpose of creating it or updating it at the receiver, fails since there are no inode reference items. One use case it to use a regular subvolume for a send operation after turning it to RO mode or turning a RW snapshot into RO mode and then using it for a send operation. In both cases, if a file gets all its hard links deleted while there is an open file descriptor before turning the subvolume/snapshot into RO mode, the send operation will encounter an inode with a link count of zero and then fail with errno ENOENT. Example using a full send with a subvolume: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar # keep an open file descriptor on file bar $ exec 73</mnt/sv1/bar $ unlink /mnt/sv1/bar # Turn the subvolume to RO mode and use it for a full send, while # holding the open file descriptor. $ btrfs property set /mnt/sv1 ro true $ btrfs send -f /tmp/full.send /mnt/sv1 At subvol /mnt/sv1 ERROR: send ioctl failed with -2: No such file or directory Example using an incremental send with snapshots: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap1 $ echo "hello world" >> /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap2 # Turn the second snapshot to RW mode and delete file foo while # holding an open file descriptor on it. $ btrfs property set /mnt/snap2 ro false $ exec 73</mnt/snap2/foo $ unlink /mnt/snap2/foo # Set the second snapshot back to RO mode and do an incremental send. $ btrfs property set /mnt/snap2 ro true $ btrfs send -f /tmp/inc.send -p /mnt/snap1 /mnt/snap2 At subvol /mnt/snap2 ERROR: send ioctl failed with -2: No such file or directory So fix this by ignoring inodes with a link count of zero if we are either doing a full send or if they do not exist in the parent snapshot (they are new in the send snapshot), and unlink all paths found in the parent snapshot when doing an incremental send (and ignoring all other inode items, such as xattrs and extents). A test case for fstests follows soon. CC: stable(a)vger.kernel.org # 4.4+ Reported-by: Martin Wilck <martin.wilck(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index 42e04cd3cd95..551294a6c9e2 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -100,6 +100,7 @@ struct send_ctx { u64 cur_inode_rdev; u64 cur_inode_last_extent; u64 cur_inode_next_write_offset; + bool ignore_cur_inode; u64 send_progress; @@ -5796,6 +5797,9 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) int pending_move = 0; int refs_processed = 0; + if (sctx->ignore_cur_inode) + return 0; + ret = process_recorded_refs_if_needed(sctx, at_end, &pending_move, &refs_processed); if (ret < 0) @@ -5914,6 +5918,93 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) return ret; } +struct parent_paths_ctx { + struct list_head *refs; + struct send_ctx *sctx; +}; + +static int record_parent_ref(int num, u64 dir, int index, struct fs_path *name, + void *ctx) +{ + struct parent_paths_ctx *ppctx = ctx; + + return record_ref(ppctx->sctx->parent_root, dir, name, ppctx->sctx, + ppctx->refs); +} + +/* + * Issue unlink operations for all paths of the current inode found in the + * parent snapshot. + */ +static int btrfs_unlink_all_paths(struct send_ctx *sctx) +{ + LIST_HEAD(deleted_refs); + struct btrfs_path *path; + struct btrfs_key key; + struct parent_paths_ctx ctx; + int ret; + + path = alloc_path_for_send(); + if (!path) + return -ENOMEM; + + key.objectid = sctx->cur_ino; + key.type = BTRFS_INODE_REF_KEY; + key.offset = 0; + ret = btrfs_search_slot(NULL, sctx->parent_root, &key, path, 0, 0); + if (ret < 0) + goto out; + + ctx.refs = &deleted_refs; + ctx.sctx = sctx; + + while (true) { + struct extent_buffer *eb = path->nodes[0]; + int slot = path->slots[0]; + + if (slot >= btrfs_header_nritems(eb)) { + ret = btrfs_next_leaf(sctx->parent_root, path); + if (ret < 0) + goto out; + else if (ret > 0) + break; + continue; + } + + btrfs_item_key_to_cpu(eb, &key, slot); + if (key.objectid != sctx->cur_ino) + break; + if (key.type != BTRFS_INODE_REF_KEY && + key.type != BTRFS_INODE_EXTREF_KEY) + break; + + ret = iterate_inode_ref(sctx->parent_root, path, &key, 1, + record_parent_ref, &ctx); + if (ret < 0) + goto out; + + path->slots[0]++; + } + + while (!list_empty(&deleted_refs)) { + struct recorded_ref *ref; + + ref = list_first_entry(&deleted_refs, struct recorded_ref, list); + ret = send_unlink(sctx, ref->full_path); + if (ret < 0) + goto out; + fs_path_free(ref->full_path); + list_del(&ref->list); + kfree(ref); + } + ret = 0; +out: + btrfs_free_path(path); + if (ret) + __free_recorded_refs(&deleted_refs); + return ret; +} + static int changed_inode(struct send_ctx *sctx, enum btrfs_compare_tree_result result) { @@ -5928,6 +6019,7 @@ static int changed_inode(struct send_ctx *sctx, sctx->cur_inode_new_gen = 0; sctx->cur_inode_last_extent = (u64)-1; sctx->cur_inode_next_write_offset = 0; + sctx->ignore_cur_inode = false; /* * Set send_progress to current inode. This will tell all get_cur_xxx @@ -5968,6 +6060,33 @@ static int changed_inode(struct send_ctx *sctx, sctx->cur_inode_new_gen = 1; } + /* + * Normally we do not find inodes with a link count of zero (orphans) + * because the most common case is to create a snapshot and use it + * for a send operation. However other less common use cases involve + * using a subvolume and send it after turning it to RO mode just + * after deleting all hard links of a file while holding an open + * file descriptor against it or turning a RO snapshot into RW mode, + * keep an open file descriptor against a file, delete it and then + * turn the snapshot back to RO mode before using it for a send + * operation. So if we find such cases, ignore the inode and all its + * items completely if it's a new inode, or if it's a changed inode + * make sure all its previous paths (from the parent snapshot) are all + * unlinked and all other the inode items are ignored. + */ + if (result == BTRFS_COMPARE_TREE_NEW || + result == BTRFS_COMPARE_TREE_CHANGED) { + u32 nlinks; + + nlinks = btrfs_inode_nlink(sctx->left_path->nodes[0], left_ii); + if (nlinks == 0) { + sctx->ignore_cur_inode = true; + if (result == BTRFS_COMPARE_TREE_CHANGED) + ret = btrfs_unlink_all_paths(sctx); + goto out; + } + } + if (result == BTRFS_COMPARE_TREE_NEW) { sctx->cur_inode_gen = left_gen; sctx->cur_inode_new = 1; @@ -6306,15 +6425,17 @@ static int changed_cb(struct btrfs_path *left_path, key->objectid == BTRFS_FREE_SPACE_OBJECTID) goto out; - if (key->type == BTRFS_INODE_ITEM_KEY) + if (key->type == BTRFS_INODE_ITEM_KEY) { ret = changed_inode(sctx, result); - else if (key->type == BTRFS_INODE_REF_KEY || - key->type == BTRFS_INODE_EXTREF_KEY) - ret = changed_ref(sctx, result); - else if (key->type == BTRFS_XATTR_ITEM_KEY) - ret = changed_xattr(sctx, result); - else if (key->type == BTRFS_EXTENT_DATA_KEY) - ret = changed_extent(sctx, result); + } else if (!sctx->ignore_cur_inode) { + if (key->type == BTRFS_INODE_REF_KEY || + key->type == BTRFS_INODE_EXTREF_KEY) + ret = changed_ref(sctx, result); + else if (key->type == BTRFS_XATTR_ITEM_KEY) + ret = changed_xattr(sctx, result); + else if (key->type == BTRFS_EXTENT_DATA_KEY) + ret = changed_extent(sctx, result); + } out: return ret;

6 years, 10 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix send failure when root has deleted files still" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 46b2f4590aab71d31088a265c86026b1e96c9de4 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Tue, 24 Jul 2018 11:54:04 +0100 Subject: [PATCH] Btrfs: fix send failure when root has deleted files still open The more common use case of send involves creating a RO snapshot and then use it for a send operation. In this case it's not possible to have inodes in the snapshot that have a link count of zero (inode with an orphan item) since during snapshot creation we do the orphan cleanup. However, other less common use cases for send can end up seeing inodes with a link count of zero and in this case the send operation fails with a ENOENT error because any attempt to generate a path for the inode, with the purpose of creating it or updating it at the receiver, fails since there are no inode reference items. One use case it to use a regular subvolume for a send operation after turning it to RO mode or turning a RW snapshot into RO mode and then using it for a send operation. In both cases, if a file gets all its hard links deleted while there is an open file descriptor before turning the subvolume/snapshot into RO mode, the send operation will encounter an inode with a link count of zero and then fail with errno ENOENT. Example using a full send with a subvolume: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar # keep an open file descriptor on file bar $ exec 73</mnt/sv1/bar $ unlink /mnt/sv1/bar # Turn the subvolume to RO mode and use it for a full send, while # holding the open file descriptor. $ btrfs property set /mnt/sv1 ro true $ btrfs send -f /tmp/full.send /mnt/sv1 At subvol /mnt/sv1 ERROR: send ioctl failed with -2: No such file or directory Example using an incremental send with snapshots: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ btrfs subvolume create /mnt/sv1 $ touch /mnt/sv1/foo $ touch /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap1 $ echo "hello world" >> /mnt/sv1/bar $ btrfs subvolume snapshot -r /mnt/sv1 /mnt/snap2 # Turn the second snapshot to RW mode and delete file foo while # holding an open file descriptor on it. $ btrfs property set /mnt/snap2 ro false $ exec 73</mnt/snap2/foo $ unlink /mnt/snap2/foo # Set the second snapshot back to RO mode and do an incremental send. $ btrfs property set /mnt/snap2 ro true $ btrfs send -f /tmp/inc.send -p /mnt/snap1 /mnt/snap2 At subvol /mnt/snap2 ERROR: send ioctl failed with -2: No such file or directory So fix this by ignoring inodes with a link count of zero if we are either doing a full send or if they do not exist in the parent snapshot (they are new in the send snapshot), and unlink all paths found in the parent snapshot when doing an incremental send (and ignoring all other inode items, such as xattrs and extents). A test case for fstests follows soon. CC: stable(a)vger.kernel.org # 4.4+ Reported-by: Martin Wilck <martin.wilck(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c index 42e04cd3cd95..551294a6c9e2 100644 --- a/fs/btrfs/send.c +++ b/fs/btrfs/send.c @@ -100,6 +100,7 @@ struct send_ctx { u64 cur_inode_rdev; u64 cur_inode_last_extent; u64 cur_inode_next_write_offset; + bool ignore_cur_inode; u64 send_progress; @@ -5796,6 +5797,9 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) int pending_move = 0; int refs_processed = 0; + if (sctx->ignore_cur_inode) + return 0; + ret = process_recorded_refs_if_needed(sctx, at_end, &pending_move, &refs_processed); if (ret < 0) @@ -5914,6 +5918,93 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) return ret; } +struct parent_paths_ctx { + struct list_head *refs; + struct send_ctx *sctx; +}; + +static int record_parent_ref(int num, u64 dir, int index, struct fs_path *name, + void *ctx) +{ + struct parent_paths_ctx *ppctx = ctx; + + return record_ref(ppctx->sctx->parent_root, dir, name, ppctx->sctx, + ppctx->refs); +} + +/* + * Issue unlink operations for all paths of the current inode found in the + * parent snapshot. + */ +static int btrfs_unlink_all_paths(struct send_ctx *sctx) +{ + LIST_HEAD(deleted_refs); + struct btrfs_path *path; + struct btrfs_key key; + struct parent_paths_ctx ctx; + int ret; + + path = alloc_path_for_send(); + if (!path) + return -ENOMEM; + + key.objectid = sctx->cur_ino; + key.type = BTRFS_INODE_REF_KEY; + key.offset = 0; + ret = btrfs_search_slot(NULL, sctx->parent_root, &key, path, 0, 0); + if (ret < 0) + goto out; + + ctx.refs = &deleted_refs; + ctx.sctx = sctx; + + while (true) { + struct extent_buffer *eb = path->nodes[0]; + int slot = path->slots[0]; + + if (slot >= btrfs_header_nritems(eb)) { + ret = btrfs_next_leaf(sctx->parent_root, path); + if (ret < 0) + goto out; + else if (ret > 0) + break; + continue; + } + + btrfs_item_key_to_cpu(eb, &key, slot); + if (key.objectid != sctx->cur_ino) + break; + if (key.type != BTRFS_INODE_REF_KEY && + key.type != BTRFS_INODE_EXTREF_KEY) + break; + + ret = iterate_inode_ref(sctx->parent_root, path, &key, 1, + record_parent_ref, &ctx); + if (ret < 0) + goto out; + + path->slots[0]++; + } + + while (!list_empty(&deleted_refs)) { + struct recorded_ref *ref; + + ref = list_first_entry(&deleted_refs, struct recorded_ref, list); + ret = send_unlink(sctx, ref->full_path); + if (ret < 0) + goto out; + fs_path_free(ref->full_path); + list_del(&ref->list); + kfree(ref); + } + ret = 0; +out: + btrfs_free_path(path); + if (ret) + __free_recorded_refs(&deleted_refs); + return ret; +} + static int changed_inode(struct send_ctx *sctx, enum btrfs_compare_tree_result result) { @@ -5928,6 +6019,7 @@ static int changed_inode(struct send_ctx *sctx, sctx->cur_inode_new_gen = 0; sctx->cur_inode_last_extent = (u64)-1; sctx->cur_inode_next_write_offset = 0; + sctx->ignore_cur_inode = false; /* * Set send_progress to current inode. This will tell all get_cur_xxx @@ -5968,6 +6060,33 @@ static int changed_inode(struct send_ctx *sctx, sctx->cur_inode_new_gen = 1; } + /* + * Normally we do not find inodes with a link count of zero (orphans) + * because the most common case is to create a snapshot and use it + * for a send operation. However other less common use cases involve + * using a subvolume and send it after turning it to RO mode just + * after deleting all hard links of a file while holding an open + * file descriptor against it or turning a RO snapshot into RW mode, + * keep an open file descriptor against a file, delete it and then + * turn the snapshot back to RO mode before using it for a send + * operation. So if we find such cases, ignore the inode and all its + * items completely if it's a new inode, or if it's a changed inode + * make sure all its previous paths (from the parent snapshot) are all + * unlinked and all other the inode items are ignored. + */ + if (result == BTRFS_COMPARE_TREE_NEW || + result == BTRFS_COMPARE_TREE_CHANGED) { + u32 nlinks; + + nlinks = btrfs_inode_nlink(sctx->left_path->nodes[0], left_ii); + if (nlinks == 0) { + sctx->ignore_cur_inode = true; + if (result == BTRFS_COMPARE_TREE_CHANGED) + ret = btrfs_unlink_all_paths(sctx); + goto out; + } + } + if (result == BTRFS_COMPARE_TREE_NEW) { sctx->cur_inode_gen = left_gen; sctx->cur_inode_new = 1; @@ -6306,15 +6425,17 @@ static int changed_cb(struct btrfs_path *left_path, key->objectid == BTRFS_FREE_SPACE_OBJECTID) goto out; - if (key->type == BTRFS_INODE_ITEM_KEY) + if (key->type == BTRFS_INODE_ITEM_KEY) { ret = changed_inode(sctx, result); - else if (key->type == BTRFS_INODE_REF_KEY || - key->type == BTRFS_INODE_EXTREF_KEY) - ret = changed_ref(sctx, result); - else if (key->type == BTRFS_XATTR_ITEM_KEY) - ret = changed_xattr(sctx, result); - else if (key->type == BTRFS_EXTENT_DATA_KEY) - ret = changed_extent(sctx, result); + } else if (!sctx->ignore_cur_inode) { + if (key->type == BTRFS_INODE_REF_KEY || + key->type == BTRFS_INODE_EXTREF_KEY) + ret = changed_ref(sctx, result); + else if (key->type == BTRFS_XATTR_ITEM_KEY) + ret = changed_xattr(sctx, result); + else if (key->type == BTRFS_EXTENT_DATA_KEY) + ret = changed_extent(sctx, result); + } out: return ret;

6 years, 10 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix btrfs_write_inode vs delayed iput deadlock" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3c4276936f6fbe52884b4ea4e6cc120b890a0f9f Mon Sep 17 00:00:00 2001 From: Josef Bacik <jbacik(a)fb.com> Date: Fri, 20 Jul 2018 11:46:10 -0700 Subject: [PATCH] Btrfs: fix btrfs_write_inode vs delayed iput deadlock We recently ran into the following deadlock involving btrfs_write_inode(): [ +0.005066] __schedule+0x38e/0x8c0 [ +0.007144] schedule+0x36/0x80 [ +0.006447] bit_wait+0x11/0x60 [ +0.006446] __wait_on_bit+0xbe/0x110 [ +0.007487] ? bit_wait_io+0x60/0x60 [ +0.007319] __inode_wait_for_writeback+0x96/0xc0 [ +0.009568] ? autoremove_wake_function+0x40/0x40 [ +0.009565] inode_wait_for_writeback+0x21/0x30 [ +0.009224] evict+0xb0/0x190 [ +0.006099] iput+0x1a8/0x210 [ +0.006103] btrfs_run_delayed_iputs+0x73/0xc0 [ +0.009047] btrfs_commit_transaction+0x799/0x8c0 [ +0.009567] btrfs_write_inode+0x81/0xb0 [ +0.008008] __writeback_single_inode+0x267/0x320 [ +0.009569] writeback_sb_inodes+0x25b/0x4e0 [ +0.008702] wb_writeback+0x102/0x2d0 [ +0.007487] wb_workfn+0xa4/0x310 [ +0.006794] ? wb_workfn+0xa4/0x310 [ +0.007143] process_one_work+0x150/0x410 [ +0.008179] worker_thread+0x6d/0x520 [ +0.007490] kthread+0x12c/0x160 [ +0.006620] ? put_pwq_unlocked+0x80/0x80 [ +0.008185] ? kthread_park+0xa0/0xa0 [ +0.007484] ? do_syscall_64+0x53/0x150 [ +0.007837] ret_from_fork+0x29/0x40 Writeback calls: btrfs_write_inode btrfs_commit_transaction btrfs_run_delayed_iputs If iput() is called on that same inode, evict() will wait for writeback forever. btrfs_write_inode() was originally added way back in 4730a4bc5bf3 ("btrfs_dirty_inode") to support O_SYNC writes. However, ->write_inode() hasn't been used for O_SYNC since 148f948ba877 ("vfs: Introduce new helpers for syncing after writing to O_SYNC file or IS_SYNC inode"), so btrfs_write_inode() is actually unnecessary (and leads to a bunch of unnecessary commits). Get rid of it, which also gets rid of the deadlock. CC: stable(a)vger.kernel.org # 3.2+ Signed-off-by: Josef Bacik <jbacik(a)fb.com> [Omar: new commit message] Signed-off-by: Omar Sandoval <osandov(a)fb.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 4955e04da4c8..472457795486 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -6021,32 +6021,6 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) return ret; } -int btrfs_write_inode(struct inode *inode, struct writeback_control *wbc) -{ - struct btrfs_root *root = BTRFS_I(inode)->root; - struct btrfs_trans_handle *trans; - int ret = 0; - bool nolock = false; - - if (test_bit(BTRFS_INODE_DUMMY, &BTRFS_I(inode)->runtime_flags)) - return 0; - - if (btrfs_fs_closing(root->fs_info) && - btrfs_is_free_space_inode(BTRFS_I(inode))) - nolock = true; - - if (wbc->sync_mode == WB_SYNC_ALL) { - if (nolock) - trans = btrfs_join_transaction_nolock(root); - else - trans = btrfs_join_transaction(root); - if (IS_ERR(trans)) - return PTR_ERR(trans); - ret = btrfs_commit_transaction(trans); - } - return ret; -} - /* * This is somewhat expensive, updating the tree every time the * inode changes. But, it is most likely to find the inode in cache. diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index efe8b03ce380..67de3c0fc85b 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -2344,7 +2344,6 @@ static const struct super_operations btrfs_super_ops = { .sync_fs = btrfs_sync_fs, .show_options = btrfs_show_options, .show_devname = btrfs_show_devname, - .write_inode = btrfs_write_inode, .alloc_inode = btrfs_alloc_inode, .destroy_inode = btrfs_destroy_inode, .statfs = btrfs_statfs,

6 years, 10 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix btrfs_write_inode vs delayed iput deadlock" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3c4276936f6fbe52884b4ea4e6cc120b890a0f9f Mon Sep 17 00:00:00 2001 From: Josef Bacik <jbacik(a)fb.com> Date: Fri, 20 Jul 2018 11:46:10 -0700 Subject: [PATCH] Btrfs: fix btrfs_write_inode vs delayed iput deadlock We recently ran into the following deadlock involving btrfs_write_inode(): [ +0.005066] __schedule+0x38e/0x8c0 [ +0.007144] schedule+0x36/0x80 [ +0.006447] bit_wait+0x11/0x60 [ +0.006446] __wait_on_bit+0xbe/0x110 [ +0.007487] ? bit_wait_io+0x60/0x60 [ +0.007319] __inode_wait_for_writeback+0x96/0xc0 [ +0.009568] ? autoremove_wake_function+0x40/0x40 [ +0.009565] inode_wait_for_writeback+0x21/0x30 [ +0.009224] evict+0xb0/0x190 [ +0.006099] iput+0x1a8/0x210 [ +0.006103] btrfs_run_delayed_iputs+0x73/0xc0 [ +0.009047] btrfs_commit_transaction+0x799/0x8c0 [ +0.009567] btrfs_write_inode+0x81/0xb0 [ +0.008008] __writeback_single_inode+0x267/0x320 [ +0.009569] writeback_sb_inodes+0x25b/0x4e0 [ +0.008702] wb_writeback+0x102/0x2d0 [ +0.007487] wb_workfn+0xa4/0x310 [ +0.006794] ? wb_workfn+0xa4/0x310 [ +0.007143] process_one_work+0x150/0x410 [ +0.008179] worker_thread+0x6d/0x520 [ +0.007490] kthread+0x12c/0x160 [ +0.006620] ? put_pwq_unlocked+0x80/0x80 [ +0.008185] ? kthread_park+0xa0/0xa0 [ +0.007484] ? do_syscall_64+0x53/0x150 [ +0.007837] ret_from_fork+0x29/0x40 Writeback calls: btrfs_write_inode btrfs_commit_transaction btrfs_run_delayed_iputs If iput() is called on that same inode, evict() will wait for writeback forever. btrfs_write_inode() was originally added way back in 4730a4bc5bf3 ("btrfs_dirty_inode") to support O_SYNC writes. However, ->write_inode() hasn't been used for O_SYNC since 148f948ba877 ("vfs: Introduce new helpers for syncing after writing to O_SYNC file or IS_SYNC inode"), so btrfs_write_inode() is actually unnecessary (and leads to a bunch of unnecessary commits). Get rid of it, which also gets rid of the deadlock. CC: stable(a)vger.kernel.org # 3.2+ Signed-off-by: Josef Bacik <jbacik(a)fb.com> [Omar: new commit message] Signed-off-by: Omar Sandoval <osandov(a)fb.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 4955e04da4c8..472457795486 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -6021,32 +6021,6 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) return ret; } -int btrfs_write_inode(struct inode *inode, struct writeback_control *wbc) -{ - struct btrfs_root *root = BTRFS_I(inode)->root; - struct btrfs_trans_handle *trans; - int ret = 0; - bool nolock = false; - - if (test_bit(BTRFS_INODE_DUMMY, &BTRFS_I(inode)->runtime_flags)) - return 0; - - if (btrfs_fs_closing(root->fs_info) && - btrfs_is_free_space_inode(BTRFS_I(inode))) - nolock = true; - - if (wbc->sync_mode == WB_SYNC_ALL) { - if (nolock) - trans = btrfs_join_transaction_nolock(root); - else - trans = btrfs_join_transaction(root); - if (IS_ERR(trans)) - return PTR_ERR(trans); - ret = btrfs_commit_transaction(trans); - } - return ret; -} - /* * This is somewhat expensive, updating the tree every time the * inode changes. But, it is most likely to find the inode in cache. diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index efe8b03ce380..67de3c0fc85b 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -2344,7 +2344,6 @@ static const struct super_operations btrfs_super_ops = { .sync_fs = btrfs_sync_fs, .show_options = btrfs_show_options, .show_devname = btrfs_show_devname, - .write_inode = btrfs_write_inode, .alloc_inode = btrfs_alloc_inode, .destroy_inode = btrfs_destroy_inode, .statfs = btrfs_statfs,

6 years, 10 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix btrfs_write_inode vs delayed iput deadlock" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3c4276936f6fbe52884b4ea4e6cc120b890a0f9f Mon Sep 17 00:00:00 2001 From: Josef Bacik <jbacik(a)fb.com> Date: Fri, 20 Jul 2018 11:46:10 -0700 Subject: [PATCH] Btrfs: fix btrfs_write_inode vs delayed iput deadlock We recently ran into the following deadlock involving btrfs_write_inode(): [ +0.005066] __schedule+0x38e/0x8c0 [ +0.007144] schedule+0x36/0x80 [ +0.006447] bit_wait+0x11/0x60 [ +0.006446] __wait_on_bit+0xbe/0x110 [ +0.007487] ? bit_wait_io+0x60/0x60 [ +0.007319] __inode_wait_for_writeback+0x96/0xc0 [ +0.009568] ? autoremove_wake_function+0x40/0x40 [ +0.009565] inode_wait_for_writeback+0x21/0x30 [ +0.009224] evict+0xb0/0x190 [ +0.006099] iput+0x1a8/0x210 [ +0.006103] btrfs_run_delayed_iputs+0x73/0xc0 [ +0.009047] btrfs_commit_transaction+0x799/0x8c0 [ +0.009567] btrfs_write_inode+0x81/0xb0 [ +0.008008] __writeback_single_inode+0x267/0x320 [ +0.009569] writeback_sb_inodes+0x25b/0x4e0 [ +0.008702] wb_writeback+0x102/0x2d0 [ +0.007487] wb_workfn+0xa4/0x310 [ +0.006794] ? wb_workfn+0xa4/0x310 [ +0.007143] process_one_work+0x150/0x410 [ +0.008179] worker_thread+0x6d/0x520 [ +0.007490] kthread+0x12c/0x160 [ +0.006620] ? put_pwq_unlocked+0x80/0x80 [ +0.008185] ? kthread_park+0xa0/0xa0 [ +0.007484] ? do_syscall_64+0x53/0x150 [ +0.007837] ret_from_fork+0x29/0x40 Writeback calls: btrfs_write_inode btrfs_commit_transaction btrfs_run_delayed_iputs If iput() is called on that same inode, evict() will wait for writeback forever. btrfs_write_inode() was originally added way back in 4730a4bc5bf3 ("btrfs_dirty_inode") to support O_SYNC writes. However, ->write_inode() hasn't been used for O_SYNC since 148f948ba877 ("vfs: Introduce new helpers for syncing after writing to O_SYNC file or IS_SYNC inode"), so btrfs_write_inode() is actually unnecessary (and leads to a bunch of unnecessary commits). Get rid of it, which also gets rid of the deadlock. CC: stable(a)vger.kernel.org # 3.2+ Signed-off-by: Josef Bacik <jbacik(a)fb.com> [Omar: new commit message] Signed-off-by: Omar Sandoval <osandov(a)fb.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 4955e04da4c8..472457795486 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -6021,32 +6021,6 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) return ret; } -int btrfs_write_inode(struct inode *inode, struct writeback_control *wbc) -{ - struct btrfs_root *root = BTRFS_I(inode)->root; - struct btrfs_trans_handle *trans; - int ret = 0; - bool nolock = false; - - if (test_bit(BTRFS_INODE_DUMMY, &BTRFS_I(inode)->runtime_flags)) - return 0; - - if (btrfs_fs_closing(root->fs_info) && - btrfs_is_free_space_inode(BTRFS_I(inode))) - nolock = true; - - if (wbc->sync_mode == WB_SYNC_ALL) { - if (nolock) - trans = btrfs_join_transaction_nolock(root); - else - trans = btrfs_join_transaction(root); - if (IS_ERR(trans)) - return PTR_ERR(trans); - ret = btrfs_commit_transaction(trans); - } - return ret; -} - /* * This is somewhat expensive, updating the tree every time the * inode changes. But, it is most likely to find the inode in cache. diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index efe8b03ce380..67de3c0fc85b 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -2344,7 +2344,6 @@ static const struct super_operations btrfs_super_ops = { .sync_fs = btrfs_sync_fs, .show_options = btrfs_show_options, .show_devname = btrfs_show_devname, - .write_inode = btrfs_write_inode, .alloc_inode = btrfs_alloc_inode, .destroy_inode = btrfs_destroy_inode, .statfs = btrfs_statfs,

6 years, 10 months

1
0
0 0

[gregkh@linuxfoundation.org: Patch "drm: re-enable error handling" has been added to the 3.18-stable tree]

by Nicholas Mc Guire

Hi ! this is also the wrong version of the patch - the proper version is below. This has been posted to lkml https://lkml.org/lkml/2018/7/18/191 "[PATCH V3] drm: handle error values properly" but there was no review yet The version you have here though is for sure broken. So maybe this should be simply dropped until the above, presumably correct fix, is confirmed. thx! hofrat ----- Forwarded message from gregkh(a)linuxfoundation.org ----- Date: Tue, 28 Aug 2018 16:09:59 +0200 From: gregkh(a)linuxfoundation.org To: 1531571532-22733-1-git-send-email-hofrat(a)osadl.org, alexander.levin(a)microsoft.com, gregkh(a)linuxfoundation.org, hofrat(a)osadl.org, seanpaul(a)chromium.org Cc: stable-commits(a)vger.kernel.org Subject: Patch "drm: re-enable error handling" has been added to the 3.18-stable tree This is a note to let you know that I've just added the patch titled drm: re-enable error handling to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-re-enable-error-handling.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Aug 28 16:08:28 CEST 2018 From: Nicholas Mc Guire <hofrat(a)osadl.org> Date: Sat, 14 Jul 2018 14:32:12 +0200 Subject: drm: re-enable error handling From: Nicholas Mc Guire <hofrat(a)osadl.org> [ Upstream commit d530b5f1ca0bb66958a2b714bebe40a1248b9c15 ] drm_legacy_ctxbitmap_next() returns idr_alloc() which can return -ENOMEM, -EINVAL or -ENOSPC none of which are -1 . but the call sites of drm_legacy_ctxbitmap_next() seem to be assuming that the error case would be -1 (original return of drm_ctxbitmap_next() prior to 2.6.23 was actually -1). Thus reenable error handling by checking for < 0. Signed-off-by: Nicholas Mc Guire <hofrat(a)osadl.org> Fixes: 62968144e673 ("drm: convert drm context code to use Linux idr") Signed-off-by: Sean Paul <seanpaul(a)chromium.org> Link: https://patchwork.freedesktop.org/patch/msgid/1531571532-22733-1-git-send-e… Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/drm_context.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/gpu/drm/drm_context.c +++ b/drivers/gpu/drm/drm_context.c @@ -341,7 +341,7 @@ int drm_legacy_addctx(struct drm_device ctx->handle = drm_legacy_ctxbitmap_next(dev); } DRM_DEBUG("%d\n", ctx->handle); - if (ctx->handle == -1) { + if (ctx->handle < 0) { DRM_DEBUG("Not enough free contexts.\n"); /* Should this return -EBUSY instead? */ return -ENOMEM; Patches currently in stable-queue which might be from hofrat(a)osadl.org are queue-3.18/drm-re-enable-error-handling.patch queue-3.18/can-mpc5xxx_can-check-of_iomap-return-before-use.patch ----- End forwarded message -----

6 years, 10 months

2
1
0 0

[PATCH] x86/nmi: Fix some races in NMI uaccess

by Andy Lutomirski

In NMI context, we might be in the middle of context switching or in the middle of switch_mm_irqs_off(). In either case, CR3 might not match current->mm, which could cause copy_from_user_nmi() and friends to read the wrong memory. Fix it by adding a new nmi_uaccess_okay() helper and checking it in copy_from_user_nmi() and in __copy_from_user_nmi()'s callers. Cc: stable(a)vger.kernel.org Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Nadav Amit <nadav.amit(a)gmail.com> Signed-off-by: Andy Lutomirski <luto(a)kernel.org> --- The 0day bot is still chewing on this, but I've tested it a bit locally and it seems to do the right thing. I've never observed the bug it fixes, but it does appear to fix a bug unless I've missed something. It's also a prerequisite for Nadav's fixmap bugfix. arch/x86/events/core.c | 2 +- arch/x86/include/asm/tlbflush.h | 16 ++++++++++++++++ arch/x86/lib/usercopy.c | 5 +++++ arch/x86/mm/tlb.c | 3 +++ 4 files changed, 25 insertions(+), 1 deletion(-) diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c index 5f4829f10129..dfb2f7c0d019 100644 --- a/arch/x86/events/core.c +++ b/arch/x86/events/core.c @@ -2465,7 +2465,7 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs perf_callchain_store(entry, regs->ip); - if (!current->mm) + if (!nmi_uaccess_okay()) return; if (perf_callchain_user32(regs, entry)) diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h index 89a73bc31622..b23b2625793b 100644 --- a/arch/x86/include/asm/tlbflush.h +++ b/arch/x86/include/asm/tlbflush.h @@ -230,6 +230,22 @@ struct tlb_state { }; DECLARE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate); +/* + * Blindly accessing user memory from NMI context can be dangerous + * if we're in the middle of switching the current user task or + * switching the loaded mm. It can also be dangerous if we + * interrupted some kernel code that was temporarily using a + * different mm. + */ +static inline bool nmi_uaccess_okay(void) +{ + struct mm_struct *loaded_mm = this_cpu_read(cpu_tlbstate.loaded_mm); + struct mm_struct *current_mm = current->mm; + + return current_mm && loaded_mm == current_mm && + loaded_mm->pgd == __va(read_cr3_pa()); +} + /* Initialize cr4 shadow for this CPU. */ static inline void cr4_init_shadow(void) { diff --git a/arch/x86/lib/usercopy.c b/arch/x86/lib/usercopy.c index c8c6ad0d58b8..3f435d7fca5e 100644 --- a/arch/x86/lib/usercopy.c +++ b/arch/x86/lib/usercopy.c @@ -7,6 +7,8 @@ #include <linux/uaccess.h> #include <linux/export.h> +#include <asm/tlbflush.h> + /* * We rely on the nested NMI work to allow atomic faults from the NMI path; the * nested NMI paths are careful to preserve CR2. @@ -19,6 +21,9 @@ copy_from_user_nmi(void *to, const void __user *from, unsigned long n) if (__range_not_ok(from, n, TASK_SIZE)) return n; + if (!nmi_uaccess_okay()) + return n; + /* * Even though this function is typically called from NMI/IRQ context * disable pagefaults so that its behaviour is consistent even when diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c index 457b281b9339..f4b41d5a93dd 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -345,6 +345,9 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, */ trace_tlb_flush_rcuidle(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL); } else { + /* Let NMI code know that CR3 may not match expectations. */ + this_cpu_write(cpu_tlbstate.loaded_mm, NULL); + /* The new ASID is already up to date. */ load_new_mm_cr3(next->pgd, new_asid, false); -- 2.17.1

6 years, 10 months

3
12
0 0

Applied "regulator: bd71837: Disable voltage monitoring for LDO3/4" to the regulator tree

by Mark Brown

The patch regulator: bd71837: Disable voltage monitoring for LDO3/4 has been applied to the regulator tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 823f18f8b860526fc099c222619a126d57d2ad8c Mon Sep 17 00:00:00 2001 From: Matti Vaittinen <matti.vaittinen(a)fi.rohmeurope.com> Date: Wed, 29 Aug 2018 15:36:10 +0300 Subject: [PATCH] regulator: bd71837: Disable voltage monitoring for LDO3/4 There is a HW quirk in BD71837. The shutdown sequence timings for bucks/LDOs which are enabled via register interface are changed. At PMIC poweroff the voltage for BUCK6/7 is cut immediately at the beginning of shut-down sequence. This causes LDO5/6 voltage monitoring to detect under voltage and force PMIC to emergency state instead of poweroff. Disable voltage monitoring for LDO5 and LDO6 at probe to avoid this. Signed-off-by: Matti Vaittinen <matti.vaittinen(a)fi.rohmeurope.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/regulator/bd71837-regulator.c | 19 +++++++++++++++ include/linux/mfd/rohm-bd718x7.h | 33 ++++++++++++++++++++++++--- 2 files changed, 49 insertions(+), 3 deletions(-) diff --git a/drivers/regulator/bd71837-regulator.c b/drivers/regulator/bd71837-regulator.c index 0f8ac8dec3e1..a1bd8aaf4d98 100644 --- a/drivers/regulator/bd71837-regulator.c +++ b/drivers/regulator/bd71837-regulator.c @@ -569,6 +569,25 @@ static int bd71837_probe(struct platform_device *pdev) BD71837_REG_REGLOCK); } + /* + * There is a HW quirk in BD71837. The shutdown sequence timings for + * bucks/LDOs which are controlled via register interface are changed. + * At PMIC poweroff the voltage for BUCK6/7 is cut immediately at the + * beginning of shut-down sequence. As bucks 6 and 7 are parent + * supplies for LDO5 and LDO6 - this causes LDO5/6 voltage + * monitoring to errorneously detect under voltage and force PMIC to + * emergency state instead of poweroff. In order to avoid this we + * disable voltage monitoring for LDO5 and LDO6 + */ + err = regmap_update_bits(pmic->mfd->regmap, BD718XX_REG_MVRFLTMASK2, + BD718XX_LDO5_VRMON80 | BD718XX_LDO6_VRMON80, + BD718XX_LDO5_VRMON80 | BD718XX_LDO6_VRMON80); + if (err) { + dev_err(&pmic->pdev->dev, + "Failed to disable voltage monitoring\n"); + goto err; + } + for (i = 0; i < ARRAY_SIZE(pmic_regulator_inits); i++) { struct regulator_desc *desc; diff --git a/include/linux/mfd/rohm-bd718x7.h b/include/linux/mfd/rohm-bd718x7.h index a528747f8aed..e8338e5dc10b 100644 --- a/include/linux/mfd/rohm-bd718x7.h +++ b/include/linux/mfd/rohm-bd718x7.h @@ -78,9 +78,9 @@ enum { BD71837_REG_TRANS_COND0 = 0x1F, BD71837_REG_TRANS_COND1 = 0x20, BD71837_REG_VRFAULTEN = 0x21, - BD71837_REG_MVRFLTMASK0 = 0x22, - BD71837_REG_MVRFLTMASK1 = 0x23, - BD71837_REG_MVRFLTMASK2 = 0x24, + BD718XX_REG_MVRFLTMASK0 = 0x22, + BD718XX_REG_MVRFLTMASK1 = 0x23, + BD718XX_REG_MVRFLTMASK2 = 0x24, BD71837_REG_RCVCFG = 0x25, BD71837_REG_RCVNUM = 0x26, BD71837_REG_PWRONCONFIG0 = 0x27, @@ -159,6 +159,33 @@ enum { #define BUCK8_MASK 0x3F #define BUCK8_DEFAULT 0x1E +/* BD718XX Voltage monitoring masks */ +#define BD718XX_BUCK1_VRMON80 0x1 +#define BD718XX_BUCK1_VRMON130 0x2 +#define BD718XX_BUCK2_VRMON80 0x4 +#define BD718XX_BUCK2_VRMON130 0x8 +#define BD718XX_1ST_NODVS_BUCK_VRMON80 0x1 +#define BD718XX_1ST_NODVS_BUCK_VRMON130 0x2 +#define BD718XX_2ND_NODVS_BUCK_VRMON80 0x4 +#define BD718XX_2ND_NODVS_BUCK_VRMON130 0x8 +#define BD718XX_3RD_NODVS_BUCK_VRMON80 0x10 +#define BD718XX_3RD_NODVS_BUCK_VRMON130 0x20 +#define BD718XX_4TH_NODVS_BUCK_VRMON80 0x40 +#define BD718XX_4TH_NODVS_BUCK_VRMON130 0x80 +#define BD718XX_LDO1_VRMON80 0x1 +#define BD718XX_LDO2_VRMON80 0x2 +#define BD718XX_LDO3_VRMON80 0x4 +#define BD718XX_LDO4_VRMON80 0x8 +#define BD718XX_LDO5_VRMON80 0x10 +#define BD718XX_LDO6_VRMON80 0x20 + +/* BD71837 specific voltage monitoring masks */ +#define BD71837_BUCK3_VRMON80 0x10 +#define BD71837_BUCK3_VRMON130 0x20 +#define BD71837_BUCK4_VRMON80 0x40 +#define BD71837_BUCK4_VRMON130 0x80 +#define BD71837_LDO7_VRMON80 0x40 + /* BD71837_REG_IRQ bits */ #define IRQ_SWRST 0x40 #define IRQ_PWRON_S 0x20 -- 2.18.0

6 years, 10 months

1
0
0 0

[PATCH v3 2/2] btrfs: Ensure btrfs_trim_fs can trim the whole fs

by Qu Wenruo

[BUG] fstrim on some btrfs only trims the unallocated space, not trimming any space in existing block groups. [CAUSE] Before fstrim_range passed to btrfs_trim_fs(), it get truncated to range [0, super->total_bytes). So later btrfs_trim_fs() will only be able to trim block groups in range [0, super->total_bytes). While for btrfs, any bytenr aligned to sector size is valid, since btrfs use its logical address space, there is nothing limiting the location where we put block groups. For btrfs with routine balance, it's quite easy to relocate all block groups and bytenr of block groups will start beyond super->total_bytes. In that case, btrfs will not trim existing block groups. [FIX] Just remove the truncation in btrfs_ioctl_fitrim(), so btrfs_trim_fs() can get the unmodified range, which is normally set to [0, U64_MAX]. Reported-by: Chris Murphy <lists(a)colorremedies.com> Fixes: f4c697e6406d ("btrfs: return EINVAL if start > total_bytes in fitrim ioctl") Cc: <stable(a)vger.kernel.org> # v4.0+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/extent-tree.c | 10 +--------- fs/btrfs/ioctl.c | 11 +++++++---- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index 7768f206196a..d1478d66c7a5 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -10851,21 +10851,13 @@ int btrfs_trim_fs(struct btrfs_fs_info *fs_info, struct fstrim_range *range) u64 start; u64 end; u64 trimmed = 0; - u64 total_bytes = btrfs_super_total_bytes(fs_info->super_copy); u64 bg_failed = 0; u64 dev_failed = 0; int bg_ret = 0; int dev_ret = 0; int ret = 0; - /* - * try to trim all FS space, our block group may start from non-zero. - */ - if (range->len == total_bytes) - cache = btrfs_lookup_first_block_group(fs_info, range->start); - else - cache = btrfs_lookup_block_group(fs_info, range->start); - + cache = btrfs_lookup_first_block_group(fs_info, range->start); for (; cache; cache = next_block_group(fs_info, cache)) { if (cache->key.objectid >= (range->start + range->len)) { btrfs_put_block_group(cache); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 63600dc2ac4c..8165a4bfa579 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -491,7 +491,6 @@ static noinline int btrfs_ioctl_fitrim(struct file *file, void __user *arg) struct fstrim_range range; u64 minlen = ULLONG_MAX; u64 num_devices = 0; - u64 total_bytes = btrfs_super_total_bytes(fs_info->super_copy); int ret; if (!capable(CAP_SYS_ADMIN)) @@ -515,11 +514,15 @@ static noinline int btrfs_ioctl_fitrim(struct file *file, void __user *arg) return -EOPNOTSUPP; if (copy_from_user(&range, arg, sizeof(range))) return -EFAULT; - if (range.start > total_bytes || - range.len < fs_info->sb->s_blocksize) + + /* + * NOTE: Don't truncate the range using super->total_bytes. + * Bytenr of btrfs block group is in btrfs logical address space, + * which can be any sector size aligned bytenr in [0, U64_MAX]. + */ + if (range.len < fs_info->sb->s_blocksize) return -EINVAL; - range.len = min(range.len, total_bytes - range.start); range.minlen = max(range.minlen, minlen); ret = btrfs_trim_fs(fs_info, &range); if (ret < 0) -- 2.18.0

6 years, 10 months

2
1
0 0

[PATCH] cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status

by Scott Bauer

Like d88b6d04: "cdrom: information leak in cdrom_ioctl_media_changed()" There is another cast from unsigned long to int which causes a bounds check to fail with specially crafted input. The value is then used as an index in the slot array in cdrom_slot_status(). Signed-off-by: Scott Bauer <scott.bauer(a)intel.com> Signed-off-by: Scott Bauer <sbauer(a)plzdonthack.me> Cc: stable(a)vger.kernel.org --- drivers/cdrom/cdrom.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c index bfc566d3f31a..8cfa10ab7abc 100644 --- a/drivers/cdrom/cdrom.c +++ b/drivers/cdrom/cdrom.c @@ -2542,7 +2542,7 @@ static int cdrom_ioctl_drive_status(struct cdrom_device_info *cdi, if (!CDROM_CAN(CDC_SELECT_DISC) || (arg == CDSL_CURRENT || arg == CDSL_NONE)) return cdi->ops->drive_status(cdi, CDSL_CURRENT); - if (((int)arg >= cdi->capacity)) + if (arg >= cdi->capacity) return -EINVAL; return cdrom_slot_status(cdi, arg); } -- 2.14.1

6 years, 10 months

3
3
0 0

reboot on wandboard fails with v4.14.67 (bisected to 2059e527a6)

by Rasmus Villemoes

We're using imx_v6_v7_defconfig on our Wandboards. After upgrading to v4.14.67, reboot no longer works (or, well, takes a very long time when the watchdog is configured). v4.14.66 works fine, the breakage bisects to 2059e527a659cf16d6bb709f1c8509f7a7623fc4 (ARM: imx_v6_v7_defconfig: Select ULPI support), and reverting that on top of v4.14.67 again works. Rasmus

6 years, 10 months

1
2
0 0

[PATCH v2 1/3] x86/mm: Restructure sme_encrypt_kernel()

by Brijesh Singh

Re-arrange the sme_encrypt_kernel() by moving the workarea map/unmap logic in a separate static function. There are no logical changes in this patch. The restructuring will allow us to expand the sme_encrypt_kernel in future. Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com> Cc: stable(a)vger.kernel.org Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: kvm(a)vger.kernel.org Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)suse.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: linux-kernel(a)vger.kernel.org Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: kvm(a)vger.kernel.org Cc: "Radim Krčmář" <rkrcmar(a)redhat.com> --- arch/x86/mm/mem_encrypt_identity.c | 160 ++++++++++++++++++++++++------------- 1 file changed, 104 insertions(+), 56 deletions(-) diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c index 7ae3686..bf6097e 100644 --- a/arch/x86/mm/mem_encrypt_identity.c +++ b/arch/x86/mm/mem_encrypt_identity.c @@ -72,6 +72,22 @@ struct sme_populate_pgd_data { unsigned long vaddr_end; }; +struct sme_workarea_data { + unsigned long kernel_start; + unsigned long kernel_end; + unsigned long kernel_len; + + unsigned long initrd_start; + unsigned long initrd_end; + unsigned long initrd_len; + + unsigned long workarea_start; + unsigned long workarea_end; + unsigned long workarea_len; + + unsigned long decrypted_base; +}; + static char sme_cmdline_arg[] __initdata = "mem_encrypt"; static char sme_cmdline_on[] __initdata = "on"; static char sme_cmdline_off[] __initdata = "off"; @@ -266,19 +282,17 @@ static unsigned long __init sme_pgtable_calc(unsigned long len) return entries + tables; } -void __init sme_encrypt_kernel(struct boot_params *bp) +static void __init build_workarea_map(struct boot_params *bp, + struct sme_workarea_data *wa, + struct sme_populate_pgd_data *ppd) { unsigned long workarea_start, workarea_end, workarea_len; unsigned long execute_start, execute_end, execute_len; unsigned long kernel_start, kernel_end, kernel_len; unsigned long initrd_start, initrd_end, initrd_len; - struct sme_populate_pgd_data ppd; unsigned long pgtable_area_len; unsigned long decrypted_base; - if (!sme_active()) - return; - /* * Prepare for encrypting the kernel and initrd by building new * pagetables with the necessary attributes needed to encrypt the @@ -358,17 +372,17 @@ void __init sme_encrypt_kernel(struct boot_params *bp) * pagetables and when the new encrypted and decrypted kernel * mappings are populated. */ - ppd.pgtable_area = (void *)execute_end; + ppd->pgtable_area = (void *)execute_end; /* * Make sure the current pagetable structure has entries for * addressing the workarea. */ - ppd.pgd = (pgd_t *)native_read_cr3_pa(); - ppd.paddr = workarea_start; - ppd.vaddr = workarea_start; - ppd.vaddr_end = workarea_end; - sme_map_range_decrypted(&ppd); + ppd->pgd = (pgd_t *)native_read_cr3_pa(); + ppd->paddr = workarea_start; + ppd->vaddr = workarea_start; + ppd->vaddr_end = workarea_end; + sme_map_range_decrypted(ppd); /* Flush the TLB - no globals so cr3 is enough */ native_write_cr3(__native_read_cr3()); @@ -379,9 +393,9 @@ void __init sme_encrypt_kernel(struct boot_params *bp) * then be populated with new PUDs and PMDs as the encrypted and * decrypted kernel mappings are created. */ - ppd.pgd = ppd.pgtable_area; - memset(ppd.pgd, 0, sizeof(pgd_t) * PTRS_PER_PGD); - ppd.pgtable_area += sizeof(pgd_t) * PTRS_PER_PGD; + ppd->pgd = ppd->pgtable_area; + memset(ppd->pgd, 0, sizeof(pgd_t) * PTRS_PER_PGD); + ppd->pgtable_area += sizeof(pgd_t) * PTRS_PER_PGD; /* * A different PGD index/entry must be used to get different @@ -399,75 +413,109 @@ void __init sme_encrypt_kernel(struct boot_params *bp) decrypted_base <<= PGDIR_SHIFT; /* Add encrypted kernel (identity) mappings */ - ppd.paddr = kernel_start; - ppd.vaddr = kernel_start; - ppd.vaddr_end = kernel_end; - sme_map_range_encrypted(&ppd); + ppd->paddr = kernel_start; + ppd->vaddr = kernel_start; + ppd->vaddr_end = kernel_end; + sme_map_range_encrypted(ppd); /* Add decrypted, write-protected kernel (non-identity) mappings */ - ppd.paddr = kernel_start; - ppd.vaddr = kernel_start + decrypted_base; - ppd.vaddr_end = kernel_end + decrypted_base; - sme_map_range_decrypted_wp(&ppd); + ppd->paddr = kernel_start; + ppd->vaddr = kernel_start + decrypted_base; + ppd->vaddr_end = kernel_end + decrypted_base; + sme_map_range_decrypted_wp(ppd); if (initrd_len) { /* Add encrypted initrd (identity) mappings */ - ppd.paddr = initrd_start; - ppd.vaddr = initrd_start; - ppd.vaddr_end = initrd_end; - sme_map_range_encrypted(&ppd); + ppd->paddr = initrd_start; + ppd->vaddr = initrd_start; + ppd->vaddr_end = initrd_end; + sme_map_range_encrypted(ppd); /* * Add decrypted, write-protected initrd (non-identity) mappings */ - ppd.paddr = initrd_start; - ppd.vaddr = initrd_start + decrypted_base; - ppd.vaddr_end = initrd_end + decrypted_base; - sme_map_range_decrypted_wp(&ppd); + ppd->paddr = initrd_start; + ppd->vaddr = initrd_start + decrypted_base; + ppd->vaddr_end = initrd_end + decrypted_base; + sme_map_range_decrypted_wp(ppd); } /* Add decrypted workarea mappings to both kernel mappings */ - ppd.paddr = workarea_start; - ppd.vaddr = workarea_start; - ppd.vaddr_end = workarea_end; - sme_map_range_decrypted(&ppd); + ppd->paddr = workarea_start; + ppd->vaddr = workarea_start; + ppd->vaddr_end = workarea_end; + sme_map_range_decrypted(ppd); - ppd.paddr = workarea_start; - ppd.vaddr = workarea_start + decrypted_base; - ppd.vaddr_end = workarea_end + decrypted_base; - sme_map_range_decrypted(&ppd); + ppd->paddr = workarea_start; + ppd->vaddr = workarea_start + decrypted_base; + ppd->vaddr_end = workarea_end + decrypted_base; + sme_map_range_decrypted(ppd); - /* Perform the encryption */ - sme_encrypt_execute(kernel_start, kernel_start + decrypted_base, - kernel_len, workarea_start, (unsigned long)ppd.pgd); + wa->kernel_start = kernel_start; + wa->kernel_end = kernel_end; + wa->kernel_len = kernel_len; - if (initrd_len) - sme_encrypt_execute(initrd_start, initrd_start + decrypted_base, - initrd_len, workarea_start, - (unsigned long)ppd.pgd); + wa->initrd_start = initrd_start; + wa->initrd_end = initrd_end; + wa->initrd_len = initrd_len; + + wa->workarea_start = workarea_start; + wa->workarea_end = workarea_end; + wa->workarea_len = workarea_len; + + wa->decrypted_base = decrypted_base; +} +static void __init remove_workarea_map(struct sme_workarea_data *wa, + struct sme_populate_pgd_data *ppd) +{ /* * At this point we are running encrypted. Remove the mappings for * the decrypted areas - all that is needed for this is to remove * the PGD entry/entries. */ - ppd.vaddr = kernel_start + decrypted_base; - ppd.vaddr_end = kernel_end + decrypted_base; - sme_clear_pgd(&ppd); - - if (initrd_len) { - ppd.vaddr = initrd_start + decrypted_base; - ppd.vaddr_end = initrd_end + decrypted_base; - sme_clear_pgd(&ppd); + ppd->vaddr = wa->kernel_start + wa->decrypted_base; + ppd->vaddr_end = wa->kernel_end + wa->decrypted_base; + sme_clear_pgd(ppd); + + if (wa->initrd_len) { + ppd->vaddr = wa->initrd_start + wa->decrypted_base; + ppd->vaddr_end = wa->initrd_end + wa->decrypted_base; + sme_clear_pgd(ppd); } - ppd.vaddr = workarea_start + decrypted_base; - ppd.vaddr_end = workarea_end + decrypted_base; - sme_clear_pgd(&ppd); + ppd->vaddr = wa->workarea_start + wa->decrypted_base; + ppd->vaddr_end = wa->workarea_end + wa->decrypted_base; + sme_clear_pgd(ppd); /* Flush the TLB - no globals so cr3 is enough */ native_write_cr3(__native_read_cr3()); } +void __init sme_encrypt_kernel(struct boot_params *bp) +{ + struct sme_populate_pgd_data ppd; + struct sme_workarea_data wa; + + if (!sme_active()) + return; + + build_workarea_map(bp, &wa, &ppd); + + /* When SEV is active, encrypt kernel and initrd */ + sme_encrypt_execute(wa.kernel_start, + wa.kernel_start + wa.decrypted_base, + wa.kernel_len, wa.workarea_start, + (unsigned long)ppd.pgd); + + if (wa.initrd_len) + sme_encrypt_execute(wa.initrd_start, + wa.initrd_start + wa.decrypted_base, + wa.initrd_len, wa.workarea_start, + (unsigned long)ppd.pgd); + + remove_workarea_map(&wa, &ppd); +} + void __init sme_enable(struct boot_params *bp) { const char *cmdline_ptr, *cmdline_arg, *cmdline_on, *cmdline_off; -- 2.7.4

6 years, 10 months

2
1
0 0

Applied "spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE" to the spi tree

by Mark Brown

The patch spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE has been applied to the spi tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 5223c9c1cbfc0cd4d0a1b50758e0949af3290fa1 Mon Sep 17 00:00:00 2001 From: Angelo Dureghello <angelo(a)sysam.it> Date: Sat, 18 Aug 2018 01:51:58 +0200 Subject: [PATCH] spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE This patch fixes the dspi_eoq_write function used by the ColdFire mcf5441x family. The 16 bit cmd part must be re-set at each data transfer. Also, now that fifo_size variables are used for eoq_read/write, a proper fifo size must be set (16 slots for the ColdFire dspi module version). Signed-off-by: Angelo Dureghello <angelo(a)sysam.it> Acked-by: Esben Haabendal <esben(a)haabendal.dk> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/spi/spi-fsl-dspi.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/spi/spi-fsl-dspi.c b/drivers/spi/spi-fsl-dspi.c index 7cb3ab0a35a0..3082e72e4f6c 100644 --- a/drivers/spi/spi-fsl-dspi.c +++ b/drivers/spi/spi-fsl-dspi.c @@ -30,7 +30,11 @@ #define DRIVER_NAME "fsl-dspi" +#ifdef CONFIG_M5441x +#define DSPI_FIFO_SIZE 16 +#else #define DSPI_FIFO_SIZE 4 +#endif #define DSPI_DMA_BUFSIZE (DSPI_FIFO_SIZE * 1024) #define SPI_MCR 0x00 @@ -623,9 +627,11 @@ static void dspi_tcfq_read(struct fsl_dspi *dspi) static void dspi_eoq_write(struct fsl_dspi *dspi) { int fifo_size = DSPI_FIFO_SIZE; + u16 xfer_cmd = dspi->tx_cmd; /* Fill TX FIFO with as many transfers as possible */ while (dspi->len && fifo_size--) { + dspi->tx_cmd = xfer_cmd; /* Request EOQF for last transfer in FIFO */ if (dspi->len == dspi->bytes_per_word || fifo_size == 0) dspi->tx_cmd |= SPI_PUSHR_CMD_EOQ; -- 2.18.0

6 years, 10 months

1
0
0 0

Please apply commit d1e20222d537 to 4.14.y and 4.18.y

by Jitendra Bhivare

Subject of the patch: iommu/arm-smmu: Error out only if not enough context interrupts Commit ID: 42b88ec6530fd76f1ae06de7f09830bcbca5bbd6 Why: ARM SMMU does not initialize for Broadcom Stingray SoC if bootloader reserves few contexts. Kernel should not error out if there are enough context interrupts. Patch

6 years, 10 months

1
0
0 0

Profil.

by Thomas Weber

Sehr geehrte Damen und Herren. Nachdem wir Ihre Webseite besucht und das Profil Ihrer Geschäftstätigkeit analysiert haben, wissen wir schon, wie Sie neue Kunden ab sofort gewinnen können. Wir verfügen über mehr als 100 000 Adressenangaben der potentiellen Kunden. Diese Daten wurden nach Branchen gegliedert. http://www.gbc-at.net/?page=catalog *** 1. Österreich 2018 ( 104 000 ) - 149 EUR ( bis zum 29.08.2018 ) *** Bitte informieren Sie sich über die weiteren Details einmal unverbindlich auf unseren Webseite: http://www.gbc-at.net/?page=catalog Die Adressensortierung je nach der Branche findet KOSTENLOS im beigelegten DataManager-Programm statt. Zusätzlich bieten wir KOSTENLOS das Tool zum automatischen Verschicken der Angebote an. MfG Thomas Weber GC-Team

6 years, 10 months

1
0
0 0

[PATCH] drm/i915/gvt: move intel_runtime_pm_get out of spin_lock in stop_schedule

by hang.yuan＠linux.intel.com

From: Hang Yuan <hang.yuan(a)linux.intel.com> pm_runtime_get_sync in intel_runtime_pm_get might sleep if i915 device is not active. When stop vgpu schedule, the device may be inactive. So need to move runtime_pm_get out of spin_lock/unlock. Fixes: b24881e0b0b6("drm/i915/gvt: Add runtime_pm_get/put into gvt_switch_mmio Cc: <stable(a)vger.kernel.org> Signed-off-by: Hang Yuan <hang.yuan(a)linux.intel.com> Signed-off-by: Xiong Zhang <xiong.y.zhang(a)intel.com> --- drivers/gpu/drm/i915/gvt/mmio_context.c | 2 -- drivers/gpu/drm/i915/gvt/sched_policy.c | 3 +++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/gvt/mmio_context.c b/drivers/gpu/drm/i915/gvt/mmio_context.c index 7e702c6..10e63ee 100644 --- a/drivers/gpu/drm/i915/gvt/mmio_context.c +++ b/drivers/gpu/drm/i915/gvt/mmio_context.c @@ -549,11 +549,9 @@ void intel_gvt_switch_mmio(struct intel_vgpu *pre, * performace for batch mmio read/write, so we need * handle forcewake mannually. */ - intel_runtime_pm_get(dev_priv); intel_uncore_forcewake_get(dev_priv, FORCEWAKE_ALL); switch_mmio(pre, next, ring_id); intel_uncore_forcewake_put(dev_priv, FORCEWAKE_ALL); - intel_runtime_pm_put(dev_priv); } /** diff --git a/drivers/gpu/drm/i915/gvt/sched_policy.c b/drivers/gpu/drm/i915/gvt/sched_policy.c index 09d7bb7..985fe81 100644 --- a/drivers/gpu/drm/i915/gvt/sched_policy.c +++ b/drivers/gpu/drm/i915/gvt/sched_policy.c @@ -426,6 +426,7 @@ void intel_vgpu_stop_schedule(struct intel_vgpu *vgpu) &vgpu->gvt->scheduler; int ring_id; struct vgpu_sched_data *vgpu_data = vgpu->sched_data; + struct drm_i915_private *dev_priv = vgpu->gvt->dev_priv; if (!vgpu_data->active) return; @@ -444,6 +445,7 @@ void intel_vgpu_stop_schedule(struct intel_vgpu *vgpu) scheduler->current_vgpu = NULL; } + intel_runtime_pm_get(dev_priv); spin_lock_bh(&scheduler->mmio_context_lock); for (ring_id = 0; ring_id < I915_NUM_ENGINES; ring_id++) { if (scheduler->engine_owner[ring_id] == vgpu) { @@ -452,5 +454,6 @@ void intel_vgpu_stop_schedule(struct intel_vgpu *vgpu) } } spin_unlock_bh(&scheduler->mmio_context_lock); + intel_runtime_pm_put(dev_priv); mutex_unlock(&vgpu->gvt->sched_lock); } -- 2.7.4

6 years, 10 months

1
0
0 0

[PATCH] option: Do not try to bind to ADB interfaces

by Romain Izard

Some modems now use the Android Debug Bridge to provide a debugging interface, and some phones can also export serial ports managed by the "option" driver. The ADB daemon running in userspace tries to use USB interfaces with bDeviceClass=0xFF, bDeviceSubClass=0x42, bDeviceProtocol=1 Prevent the option driver from binding to those interfaces, as they will not be serial ports. This can fix issues like: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781256 Signed-off-by: Romain Izard <romain.izard.pro(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> --- drivers/usb/serial/option.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 664e61f16b6a..f98943a57ff0 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1987,6 +1987,12 @@ static int option_probe(struct usb_serial *serial, if (iface_desc->bInterfaceClass == USB_CLASS_MASS_STORAGE) return -ENODEV; + /* Do not bind Android Debug Bridge interfaces */ + if (iface_desc->bInterfaceClass == USB_CLASS_VENDOR_SPEC && + iface_desc->bInterfaceSubClass == 0x42 && + iface_desc->bInterfaceProtocol == 1) + return -ENODEV; + /* * Don't bind reserved interfaces (like network ones) which often have * the same class/subclass/protocol as the serial interfaces. Look at -- 2.17.1

6 years, 10 months

5
7
0 0

[gregkh@linuxfoundation.org: Patch "drm: re-enable error handling" has been added to the 4.4-stable tree]

by Nicholas Mc Guire

Hi ! this is also the wrong version of the patch - the proper version is below. This has been posted to lkml https://lkml.org/lkml/2018/7/18/191 but there was no review yet - the version you have though is for sure broken. So maybe this should be simply dropped until the fix is confirmed thx! hofrat ----- Forwarded message from gregkh(a)linuxfoundation.org ----- Date: Tue, 28 Aug 2018 16:11:46 +0200 From: gregkh(a)linuxfoundation.org To: 1531571532-22733-1-git-send-email-hofrat(a)osadl.org, alexander.levin(a)microsoft.com, gregkh(a)linuxfoundation.org, hofrat(a)osadl.org, seanpaul(a)chromium.org Cc: stable-commits(a)vger.kernel.org Subject: Patch "drm: re-enable error handling" has been added to the 4.4-stable tree This is a note to let you know that I've just added the patch titled drm: re-enable error handling to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: drm-re-enable-error-handling.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Aug 28 16:10:37 CEST 2018 From: Nicholas Mc Guire <hofrat(a)osadl.org> Date: Sat, 14 Jul 2018 14:32:12 +0200 Subject: drm: re-enable error handling From: Nicholas Mc Guire <hofrat(a)osadl.org> [ Upstream commit d530b5f1ca0bb66958a2b714bebe40a1248b9c15 ] drm_legacy_ctxbitmap_next() returns idr_alloc() which can return -ENOMEM, -EINVAL or -ENOSPC none of which are -1 . but the call sites of drm_legacy_ctxbitmap_next() seem to be assuming that the error case would be -1 (original return of drm_ctxbitmap_next() prior to 2.6.23 was actually -1). Thus reenable error handling by checking for < 0. Signed-off-by: Nicholas Mc Guire <hofrat(a)osadl.org> Fixes: 62968144e673 ("drm: convert drm context code to use Linux idr") Signed-off-by: Sean Paul <seanpaul(a)chromium.org> Link: https://patchwork.freedesktop.org/patch/msgid/1531571532-22733-1-git-send-e… Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpu/drm/drm_context.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/gpu/drm/drm_context.c +++ b/drivers/gpu/drm/drm_context.c @@ -372,7 +372,7 @@ int drm_legacy_addctx(struct drm_device ctx->handle = drm_legacy_ctxbitmap_next(dev); } DRM_DEBUG("%d\n", ctx->handle); - if (ctx->handle == -1) { + if (ctx->handle < 0) { DRM_DEBUG("Not enough free contexts.\n"); /* Should this return -EBUSY instead? */ return -ENOMEM; Patches currently in stable-queue which might be from hofrat(a)osadl.org are queue-4.4/drm-re-enable-error-handling.patch queue-4.4/can-mpc5xxx_can-check-of_iomap-return-before-use.patch ----- End forwarded message -----

6 years, 10 months

1
0
0 0

[PATCH] x86/speculation/l1tf: fix off-by-one error when warning that system has too much RAM

by Vlastimil Babka

Two users have reported [1] that they have an "extremely unlikely" system with more than MAX_PA/2 memory and L1TF mitigation is not effective. In fact it's a CPU with 36bits phys limit (64GB) and 32GB memory, but due to holes in the e820 map, the main region is almost 500MB over the 32GB limit: [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000081effffff] usable Suggestions to use 'mem=32G' to prefer L1TF mitigation while losing the 500MB revealed, that there's an off-by-one error in the check in l1tf_select_mitigation(). l1tf_pfn_limit() returns the last usable pfn (inclusive), but it's more common and hopefully less error-prone to return the first pfn that's over limit, so this patch changes that and updates the other callers. [1] https://bugzilla.suse.com/show_bug.cgi?id=1105536 Reported-by: George Anchev <studio(a)anchev.net> Reported-by: Christopher Snowhill <kode54(a)gmail.com> Fixes: 17dbca119312 ("x86/speculation/l1tf: Add sysfs reporting for l1tf") Cc: stable(a)vger.kernel.org Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> --- arch/x86/include/asm/processor.h | 2 +- arch/x86/mm/init.c | 2 +- arch/x86/mm/mmap.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index a0a52274cb4a..c24297268ebc 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -183,7 +183,7 @@ extern void cpu_detect(struct cpuinfo_x86 *c); static inline unsigned long long l1tf_pfn_limit(void) { - return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1; + return BIT_ULL(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT); } extern void early_cpu_init(void); diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index 02de3d6065c4..63a6f9fcaf20 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -923,7 +923,7 @@ unsigned long max_swapfile_size(void) if (boot_cpu_has_bug(X86_BUG_L1TF)) { /* Limit the swap file size to MAX_PA/2 for L1TF workaround */ - unsigned long long l1tf_limit = l1tf_pfn_limit() + 1; + unsigned long long l1tf_limit = l1tf_pfn_limit(); /* * We encode swap offsets also with 3 bits below those for pfn * which makes the usable limit higher. diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c index f40ab8185d94..1e95d57760cf 100644 --- a/arch/x86/mm/mmap.c +++ b/arch/x86/mm/mmap.c @@ -257,7 +257,7 @@ bool pfn_modify_allowed(unsigned long pfn, pgprot_t prot) /* If it's real memory always allow */ if (pfn_valid(pfn)) return true; - if (pfn > l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN)) + if (pfn >= l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN)) return false; return true; } -- 2.18.0

6 years, 10 months

7
20
0 0

perf/x86/intel/uncore: propose to support IIO free-running counters in 4.14

by Jin, Yao

Hi, The upstream kernel has supported IIO free-running counters on Skylake server. As of Skylake Server, there are a number of free running counters in each IIO Box that collect counts of per-box IO clocks and per-port Input/Output x BW/Utilization. There are three types of IIO free-running counters on Skylake server: 1. IO CLOCKS counter: a clock of IIO box. 2. BANDWIDTH counters: count inbound(PCIe->CPU)/outbound(CPU->PCIe) bandwidth. 3. UTILIZATION counters: count input/output utilization. With these IIO free-running counters, we can get good observation for IIO traffic on Skylake server. For example, we can see the IIO inbound bandwidth (PCIe->CPU). root@skx /sys/devices# perf stat -a -e uncore_iio_free_running_2/bw_in_port0/ ^C Performance counter stats for 'system wide': 153.19 MiB uncore_iio_free_running_2/bw_in_port0/ 8.037701069 seconds time elapsed I propose to backport the patches which support IIO free-running counters to 4.14 stable kernel. perf/x86/intel/uncore: Introduce customized event_read() for client IMC uncore 2da331465f44f9618abe8837d1a68405d550b66e perf/x86/intel/uncore: Add new data structures for free running counters 927b2deb067b8b4753fc09c7a42092f43fc0c1f6 perf/x86/intel/uncore: Add infrastructure for free running counters 0e0162dfcd1fbe4c711ee86f24f966c318999603 perf/x86/intel/uncore: Support IIO free-running counters on SKX 0f519f0352e37e7d71bdce5559517c74a35f6e33 perf/x86/intel/uncore: Expose uncore_pmu_event*() functions 5a6c9d94e9ed7410142bc6fcb638a4db1895aa0c perf/x86/intel/uncore: Clean up client IMC uncore 9aae1780e7e81e54edfb70ba33ead5b0b48be009 Thanks Jin Yao

6 years, 10 months

2
4
0 0

[PATCH v3] modules_install: make missing $DEPMOD a warning instead of an error

by Randy Dunlap

From: Randy Dunlap <rdunlap(a)infradead.org> When $DEPMOD is not found, only print a warning instead of exiting with an error message and error status. Warning: 'make modules_install' requires /sbin/depmod. Please install it. This is probably in the kmod package. Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Fixes: 934193a654c1 ("kbuild: verify that $DEPMOD is installed") Cc: stable(a)vger.kernel.org Cc: Lucas De Marchi <lucas.demarchi(a)profusion.mobi> Cc: Lucas De Marchi <lucas.de.marchi(a)gmail.com> Cc: Michal Marek <michal.lkml(a)markovi.net> Cc: Jessica Yu <jeyu(a)kernel.org> Cc: Chih-Wei Huang <cwhuang(a)linux.org.tw> Cc: H. Nikolaus Schaller <hns(a)goldelico.com> --- v2: add missing "exit 0" and update the commit message (no Error). v3: add Fixes: and Cc: stable scripts/depmod.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- lnx-418.orig/scripts/depmod.sh +++ lnx-418/scripts/depmod.sh @@ -15,9 +15,9 @@ if ! test -r System.map ; then fi if [ -z $(command -v $DEPMOD) ]; then - echo "'make modules_install' requires $DEPMOD. Please install it." >&2 + echo "Warning: 'make modules_install' requires $DEPMOD. Please install it." >&2 echo "This is probably in the kmod package." >&2 - exit 1 + exit 0 fi # older versions of depmod require the version string to start with three

6 years, 10 months

3
4
0 0

+ uapi-linux-keyctlh-dont-use-c-reserved-keyword-as-a-struct-member-name.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name has been added to the -mm tree. Its filename is uapi-linux-keyctlh-dont-use-c-reserved-keyword-as-a-struct-member-name.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/uapi-linux-keyctlh-dont-use-c-rese… and later at http://ozlabs.org/~akpm/mmotm/broken-out/uapi-linux-keyctlh-dont-use-c-rese… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Randy Dunlap <rdunlap(a)infradead.org> Subject: uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name Since this header is in "include/uapi/linux/", apparently people want to use it in userspace programs -- even in C++ ones. However, the header uses a C++ reserved keyword ("private"), so change that to "dh_private" instead to allow the header file to be used in C++ userspace. Fixes https://bugzilla.kernel.org/show_bug.cgi?id=191051 Link: http://lkml.kernel.org/r/0db6c314-1ef4-9bfa-1baa-7214dd2ee061@infradead.org Fixes: ddbb41148724 ("KEYS: Add KEYCTL_DH_COMPUTE command") Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: David Howells <dhowells(a)redhat.com> Cc: James Morris <jmorris(a)namei.org> Cc: "Serge E. Hallyn" <serge(a)hallyn.com> Cc: Mat Martineau <mathew.j.martineau(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/uapi/linux/keyctl.h | 2 +- security/keys/dh.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/include/uapi/linux/keyctl.h~uapi-linux-keyctlh-dont-use-c-reserved-keyword-as-a-struct-member-name +++ a/include/uapi/linux/keyctl.h @@ -65,7 +65,7 @@ /* keyctl structures */ struct keyctl_dh_params { - __s32 private; + __s32 dh_private; __s32 prime; __s32 base; }; --- a/security/keys/dh.c~uapi-linux-keyctlh-dont-use-c-reserved-keyword-as-a-struct-member-name +++ a/security/keys/dh.c @@ -300,7 +300,7 @@ long __keyctl_dh_compute(struct keyctl_d } dh_inputs.g_size = dlen; - dlen = dh_data_from_key(pcopy.private, &dh_inputs.key); + dlen = dh_data_from_key(pcopy.dh_private, &dh_inputs.key); if (dlen < 0) { ret = dlen; goto out2; _ Patches currently in -mm which might be from rdunlap(a)infradead.org are uapi-linux-keyctlh-dont-use-c-reserved-keyword-as-a-struct-member-name.patch

6 years, 10 months

1
0
0 0

+ memory_hotplug-fix-kernel_panic-on-offline-page-processing.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: memory_hotplug: fix kernel_panic on offline page processing has been added to the -mm tree. Its filename is memory_hotplug-fix-kernel_panic-on-offline-page-processing.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/memory_hotplug-fix-kernel_panic-on… and later at http://ozlabs.org/~akpm/mmotm/broken-out/memory_hotplug-fix-kernel_panic-on… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Mikhail Zaslonko <zaslonko(a)linux.ibm.com> Subject: memory_hotplug: fix kernel_panic on offline page processing Within show_valid_zones() the function test_pages_in_a_zone() should be called for online memory blocks only. Otherwise it might lead to the VM_BUG_ON due to uninitialized struct pages (when CONFIG_DEBUG_VM_PGFLAGS kernel option is set): page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p)) ------------[ cut here ]------------ Call Trace: ([<000000000038f91e>] test_pages_in_a_zone+0xe6/0x168) [<0000000000923472>] show_valid_zones+0x5a/0x1a8 [<0000000000900284>] dev_attr_show+0x3c/0x78 [<000000000046f6f0>] sysfs_kf_seq_show+0xd0/0x150 [<00000000003ef662>] seq_read+0x212/0x4b8 [<00000000003bf202>] __vfs_read+0x3a/0x178 [<00000000003bf3ca>] vfs_read+0x8a/0x148 [<00000000003bfa3a>] ksys_read+0x62/0xb8 [<0000000000bc2220>] system_call+0xdc/0x2d8 That VM_BUG_ON was triggered by the page poisoning introduced in mm/sparse.c with the git commit d0dc12e86b31 ("mm/memory_hotplug: optimize memory hotplug") With the same commit the new 'nid' field has been added to the struct memory_block in order to store and later on derive the node id for offline pages (instead of accessing struct page which might be uninitialized). But one reference to nid in show_valid_zones() function has been overlooked. Fixed with current commit. Also, nr_pages will not be used any more after test_pages_in_a_zone() call, do not update it. Link: http://lkml.kernel.org/r/20180828090539.41491-1-zaslonko@linux.ibm.com Fixes: d0dc12e86b31 ("mm/memory_hotplug: optimize memory hotplug") Signed-off-by: Mikhail Zaslonko <zaslonko(a)linux.ibm.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Pavel Tatashin <pavel.tatashin(a)microsoft.com> Cc: <stable(a)vger.kernel.org> [4.17+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/base/memory.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) --- a/drivers/base/memory.c~memory_hotplug-fix-kernel_panic-on-offline-page-processing +++ a/drivers/base/memory.c @@ -417,25 +417,23 @@ static ssize_t show_valid_zones(struct d int nid; /* - * The block contains more than one zone can not be offlined. - * This can happen e.g. for ZONE_DMA and ZONE_DMA32 - */ - if (!test_pages_in_a_zone(start_pfn, start_pfn + nr_pages, &valid_start_pfn, &valid_end_pfn)) - return sprintf(buf, "none\n"); - - start_pfn = valid_start_pfn; - nr_pages = valid_end_pfn - start_pfn; - - /* * Check the existing zone. Make sure that we do that only on the * online nodes otherwise the page_zone is not reliable */ if (mem->state == MEM_ONLINE) { + /* + * The block contains more than one zone can not be offlined. + * This can happen e.g. for ZONE_DMA and ZONE_DMA32 + */ + if (!test_pages_in_a_zone(start_pfn, start_pfn + nr_pages, + &valid_start_pfn, &valid_end_pfn)) + return sprintf(buf, "none\n"); + start_pfn = valid_start_pfn; strcat(buf, page_zone(pfn_to_page(start_pfn))->name); goto out; } - nid = pfn_to_nid(start_pfn); + nid = mem->nid; default_zone = zone_for_pfn_range(MMOP_ONLINE_KEEP, nid, start_pfn, nr_pages); strcat(buf, default_zone->name); _ Patches currently in -mm which might be from zaslonko(a)linux.ibm.com are memory_hotplug-fix-kernel_panic-on-offline-page-processing.patch

6 years, 10 months

1
0
0 0

[PATCH] x86/irqflags: mark native_restore_fl extern inline

by Nick Desaulniers

Fixes commit 208cbb325589 ("x86/irqflags: Provide a declaration for native_save_fl") This should have been marked extern inline in order to pick up the out of line definition in arch/x86/kernel/irqflags.S. Cc: stable(a)vger.kernel.org # 4.18, 4.14, 4.9, 4.4 Reported-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk> Signed-off-by: Nick Desaulniers <ndesaulniers(a)google.com> --- arch/x86/include/asm/irqflags.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h index c14f2a74b2be..15450a675031 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -33,7 +33,8 @@ extern inline unsigned long native_save_fl(void) return flags; } -static inline void native_restore_fl(unsigned long flags) +extern inline void native_restore_fl(unsigned long flags); +extern inline void native_restore_fl(unsigned long flags) { asm volatile("push %0 ; popf" : /* no output */ -- 2.19.0.rc0.228.g281dcd1b4d0-goog

6 years, 10 months

3
5
0 0

[PATCH v2 3/3] x86/kvm: use __decrypted attribute when declaring shared variables

by Brijesh Singh

The following commit: 368a540e0232 (x86/kvmclock: Remove memblock dependency) caused SEV guest regression. When SEV is active, we map the shared variables (wall_clock and hv_clock_boot) with C=0 to ensure that both the guest and the hypervisor is able to access the data. To map the variables we use kernel_physical_mapping_init() to split the large pages, but this routine fails to allocate a new page. Before the above commit, kvmclock initialization was called after memory allocator was available but now its called very early in the boot process. Recently we added a special .data..decrypted section to hold the shared variables. This section is mapped with C=0 very early. Use __decrypted attribute to put the wall_clock and hv_clock_boot in .data..decrypted section so that they are mapped with C=0. Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com> Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency") Cc: stable(a)vger.kernel.org Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: kvm(a)vger.kernel.org Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)suse.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: linux-kernel(a)vger.kernel.org Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: kvm(a)vger.kernel.org Cc: "Radim Krčmář" <rkrcmar(a)redhat.com> --- arch/x86/kernel/kvmclock.c | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c index 1e67646..08f5f8a 100644 --- a/arch/x86/kernel/kvmclock.c +++ b/arch/x86/kernel/kvmclock.c @@ -28,6 +28,7 @@ #include <linux/sched/clock.h> #include <linux/mm.h> #include <linux/slab.h> +#include <linux/set_memory.h> #include <asm/hypervisor.h> #include <asm/mem_encrypt.h> @@ -61,8 +62,8 @@ early_param("no-kvmclock-vsyscall", parse_no_kvmclock_vsyscall); (PAGE_SIZE / sizeof(struct pvclock_vsyscall_time_info)) static struct pvclock_vsyscall_time_info - hv_clock_boot[HVC_BOOT_ARRAY_SIZE] __aligned(PAGE_SIZE); -static struct pvclock_wall_clock wall_clock; + hv_clock_boot[HVC_BOOT_ARRAY_SIZE] __decrypted __aligned(PAGE_SIZE); +static struct pvclock_wall_clock wall_clock __decrypted; static DEFINE_PER_CPU(struct pvclock_vsyscall_time_info *, hv_clock_per_cpu); static inline struct pvclock_vcpu_time_info *this_cpu_pvti(void) @@ -267,10 +268,29 @@ static int kvmclock_setup_percpu(unsigned int cpu) return 0; /* Use the static page for the first CPUs, allocate otherwise */ - if (cpu < HVC_BOOT_ARRAY_SIZE) + if (cpu < HVC_BOOT_ARRAY_SIZE) { p = &hv_clock_boot[cpu]; - else - p = kzalloc(sizeof(*p), GFP_KERNEL); + } else { + int rc; + unsigned int sz = sizeof(*p); + + if (sev_active()) + sz = PAGE_ALIGN(sz); + + p = kzalloc(sz, GFP_KERNEL); + + /* + * The physical address of per-cpu variable will be shared with + * the hypervisor. Let's clear the C-bit before we assign the + * memory to per_cpu variable. + */ + if (p && sev_active()) { + rc = set_memory_decrypted((unsigned long)p, sz >> PAGE_SHIFT); + if (rc) + return rc; + memset(p, 0, sz); + } + } per_cpu(hv_clock_per_cpu, cpu) = p; return p ? 0 : -ENOMEM; -- 2.7.4

6 years, 10 months

1
0
0 0

CAN I TRUST YOU?

by Ms CHIANG Lai Yuen JP

I have a business proposal for you

6 years, 10 months

1
0
0 0

[PATCH -next] spi: Fix double IDR allocation with DT aliases

by Geert Uytterhoeven

If the SPI bus number is provided by a DT alias, idr_alloc() is called twice, leading to: WARNING: CPU: 1 PID: 1 at drivers/spi/spi.c:2179 spi_register_controller+0x11c/0x5d8 couldn't get idr Fix this by moving the handling of fixed SPI bus numbers up, before the DT handling code fills in ctlr->bus_num. Fixes: 1a4327fbf4554d5b ("spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers") Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> --- Seen on e.g. r8a7791/koelsch, breaking both RSPI and MSIOF. --- drivers/spi/spi.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c index a00d006d4c3a1c5a..9da0bc5a036cfff6 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c @@ -2143,8 +2143,17 @@ int spi_register_controller(struct spi_controller *ctlr) */ if (ctlr->num_chipselect == 0) return -EINVAL; - /* allocate dynamic bus number using Linux idr */ - if ((ctlr->bus_num < 0) && ctlr->dev.of_node) { + if (ctlr->bus_num >= 0) { + /* devices with a fixed bus num must check-in with the num */ + mutex_lock(&board_lock); + id = idr_alloc(&spi_master_idr, ctlr, ctlr->bus_num, + ctlr->bus_num + 1, GFP_KERNEL); + mutex_unlock(&board_lock); + if (WARN(id < 0, "couldn't get idr")) + return id == -ENOSPC ? -EBUSY : id; + ctlr->bus_num = id; + } else if (ctlr->dev.of_node) { + /* allocate dynamic bus number using Linux idr */ id = of_alias_get_id(ctlr->dev.of_node, "spi"); if (id >= 0) { ctlr->bus_num = id; @@ -2170,15 +2179,6 @@ int spi_register_controller(struct spi_controller *ctlr) if (WARN(id < 0, "couldn't get idr")) return id; ctlr->bus_num = id; - } else { - /* devices with a fixed bus num must check-in with the num */ - mutex_lock(&board_lock); - id = idr_alloc(&spi_master_idr, ctlr, ctlr->bus_num, - ctlr->bus_num + 1, GFP_KERNEL); - mutex_unlock(&board_lock); - if (WARN(id < 0, "couldn't get idr")) - return id == -ENOSPC ? -EBUSY : id; - ctlr->bus_num = id; } INIT_LIST_HEAD(&ctlr->queue); spin_lock_init(&ctlr->queue_lock); -- 2.17.1

6 years, 10 months

6
6
0 0

Applied "spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE" to the spi tree

by Mark Brown

The patch spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE has been applied to the spi tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 5223c9c1cbfc0cd4d0a1b50758e0949af3290fa1 Mon Sep 17 00:00:00 2001 From: Angelo Dureghello <angelo(a)sysam.it> Date: Sat, 18 Aug 2018 01:51:58 +0200 Subject: [PATCH] spi: spi-fsl-dspi: fix broken DSPI_EOQ_MODE This patch fixes the dspi_eoq_write function used by the ColdFire mcf5441x family. The 16 bit cmd part must be re-set at each data transfer. Also, now that fifo_size variables are used for eoq_read/write, a proper fifo size must be set (16 slots for the ColdFire dspi module version). Signed-off-by: Angelo Dureghello <angelo(a)sysam.it> Acked-by: Esben Haabendal <esben(a)haabendal.dk> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/spi/spi-fsl-dspi.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/spi/spi-fsl-dspi.c b/drivers/spi/spi-fsl-dspi.c index 7cb3ab0a35a0..3082e72e4f6c 100644 --- a/drivers/spi/spi-fsl-dspi.c +++ b/drivers/spi/spi-fsl-dspi.c @@ -30,7 +30,11 @@ #define DRIVER_NAME "fsl-dspi" +#ifdef CONFIG_M5441x +#define DSPI_FIFO_SIZE 16 +#else #define DSPI_FIFO_SIZE 4 +#endif #define DSPI_DMA_BUFSIZE (DSPI_FIFO_SIZE * 1024) #define SPI_MCR 0x00 @@ -623,9 +627,11 @@ static void dspi_tcfq_read(struct fsl_dspi *dspi) static void dspi_eoq_write(struct fsl_dspi *dspi) { int fifo_size = DSPI_FIFO_SIZE; + u16 xfer_cmd = dspi->tx_cmd; /* Fill TX FIFO with as many transfers as possible */ while (dspi->len && fifo_size--) { + dspi->tx_cmd = xfer_cmd; /* Request EOQF for last transfer in FIFO */ if (dspi->len == dspi->bytes_per_word || fifo_size == 0) dspi->tx_cmd |= SPI_PUSHR_CMD_EOQ; -- 2.18.0

6 years, 10 months

1
0
0 0

Applied "ASoC: rt5682: Change DAC/ADC volume scale" to the asoc tree

by Mark Brown

The patch ASoC: rt5682: Change DAC/ADC volume scale has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From 7509487785d7a2bf3606cf26710f0ca29e9ca94d Mon Sep 17 00:00:00 2001 From: Shuming Fan <shumingf(a)realtek.com> Date: Fri, 24 Aug 2018 10:52:19 +0800 Subject: [PATCH] ASoC: rt5682: Change DAC/ADC volume scale The step of DAC/ADC volume scale changes from 0.375dB to 0.75dB Signed-off-by: Shuming Fan <shumingf(a)realtek.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- sound/soc/codecs/rt5682.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sound/soc/codecs/rt5682.c b/sound/soc/codecs/rt5682.c index 640d400ca013..afe7d5b19313 100644 --- a/sound/soc/codecs/rt5682.c +++ b/sound/soc/codecs/rt5682.c @@ -750,8 +750,8 @@ static bool rt5682_readable_register(struct device *dev, unsigned int reg) } static const DECLARE_TLV_DB_SCALE(hp_vol_tlv, -2250, 150, 0); -static const DECLARE_TLV_DB_SCALE(dac_vol_tlv, -65625, 375, 0); -static const DECLARE_TLV_DB_SCALE(adc_vol_tlv, -17625, 375, 0); +static const DECLARE_TLV_DB_SCALE(dac_vol_tlv, -6525, 75, 0); +static const DECLARE_TLV_DB_SCALE(adc_vol_tlv, -1725, 75, 0); static const DECLARE_TLV_DB_SCALE(adc_bst_tlv, 0, 1200, 0); /* {0, +20, +24, +30, +35, +40, +44, +50, +52} dB */ @@ -1114,7 +1114,7 @@ static const struct snd_kcontrol_new rt5682_snd_controls[] = { /* DAC Digital Volume */ SOC_DOUBLE_TLV("DAC1 Playback Volume", RT5682_DAC1_DIG_VOL, - RT5682_L_VOL_SFT, RT5682_R_VOL_SFT, 175, 0, dac_vol_tlv), + RT5682_L_VOL_SFT + 1, RT5682_R_VOL_SFT + 1, 86, 0, dac_vol_tlv), /* IN Boost Volume */ SOC_SINGLE_TLV("CBJ Boost Volume", RT5682_CBJ_BST_CTRL, @@ -1124,7 +1124,7 @@ static const struct snd_kcontrol_new rt5682_snd_controls[] = { SOC_DOUBLE("STO1 ADC Capture Switch", RT5682_STO1_ADC_DIG_VOL, RT5682_L_MUTE_SFT, RT5682_R_MUTE_SFT, 1, 1), SOC_DOUBLE_TLV("STO1 ADC Capture Volume", RT5682_STO1_ADC_DIG_VOL, - RT5682_L_VOL_SFT, RT5682_R_VOL_SFT, 127, 0, adc_vol_tlv), + RT5682_L_VOL_SFT + 1, RT5682_R_VOL_SFT + 1, 63, 0, adc_vol_tlv), /* ADC Boost Volume Control */ SOC_DOUBLE_TLV("STO1 ADC Boost Gain Volume", RT5682_STO1_ADC_BOOST, -- 2.18.0

6 years, 10 months

1
0
0 0

[PATCH] drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type

by Alex Deucher

This caused a confusing error message, but there is functionally no problem since the default method is DIRECT. Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c index b419d6e33b3a..a942fd28dae8 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c @@ -277,6 +277,7 @@ amdgpu_ucode_get_load_type(struct amdgpu_device *adev, int load_type) case CHIP_PITCAIRN: case CHIP_VERDE: case CHIP_OLAND: + case CHIP_HAINAN: return AMDGPU_FW_LOAD_DIRECT; #endif #ifdef CONFIG_DRM_AMDGPU_CIK -- 2.13.6

6 years, 10 months

1
0
0 0

Managed Service Providers (MSSPs)

by stella.colvin＠callflexnet.com

Hi, I just wanted to check if you would be interested in a list of Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs)? We also have the data intelligence of: • Managed Service Providers (MSP’s) • Managed Security Service Providers (MSSP’s) • IT Decision Makers – 6million across all industry • Business Decision Makers – 10 million across all industry • Value Added Resellers- VARs • Independent Software Vendors- ISVs • System Integrators- SIs • VoIP Service Providers. • Telecommunications Service Providers (TSPs) • Application Service Providers (ASPs) • IT Managed Services Providers (ITMSP) • Storage Service Providers (SSPs) Kindly review and let me know if I can share more information on this. I look forward to hearing from you. Regards, Stella Marketing Specialist If you don't want to include yourself in our mailing list, please reply back “Leave Out" in a subject line

6 years, 10 months

1
0
0 0

[PATCH 1/2] x86/mm: add .data..decrypted section to hold shared variables

by Brijesh Singh

kvmclock defines few static variables which are shared with hypervisor during the kvmclock initialization. When SEV is active, memory is encrypted with a guest-specific key, and if guest OS wants to share the memory region with hypervisor then it must clear the C-bit before sharing it. The '__decrypted' can be used to define a shared variables; the variables will be put in the .data.decryption section. This section is mapped with C=0 early in the boot, we also ensure that the initialized values are updated to match with C=0 (i.e peform an in-place decryption). The .data..decrypted section is PMD aligned and sized so that we avoid the need for spliting the pages when map with C=0. Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com> Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency") Cc: stable(a)vger.kernel.org Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: kvm(a)vger.kernel.org Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)suse.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: linux-kernel(a)vger.kernel.org Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: "Radim Krčmář" <rkrcmar(a)redhat.com> --- arch/x86/include/asm/mem_encrypt.h | 4 + arch/x86/kernel/head64.c | 12 ++ arch/x86/kernel/vmlinux.lds.S | 18 +++ arch/x86/mm/mem_encrypt_identity.c | 220 +++++++++++++++++++++++++++---------- 4 files changed, 197 insertions(+), 57 deletions(-) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index c064383..3f7d9d3 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -52,6 +52,8 @@ void __init mem_encrypt_init(void); bool sme_active(void); bool sev_active(void); +#define __decrypted __attribute__((__section__(".data..decrypted"))) + #else /* !CONFIG_AMD_MEM_ENCRYPT */ #define sme_me_mask 0ULL @@ -77,6 +79,8 @@ early_set_memory_decrypted(unsigned long vaddr, unsigned long size) { return 0; static inline int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size) { return 0; } +#define __decrypted + #endif /* CONFIG_AMD_MEM_ENCRYPT */ /* diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 8047379..6a18297 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -43,6 +43,9 @@ extern pmd_t early_dynamic_pgts[EARLY_DYNAMIC_PAGE_TABLES][PTRS_PER_PMD]; static unsigned int __initdata next_early_pgt; pmdval_t early_pmd_flags = __PAGE_KERNEL_LARGE & ~(_PAGE_GLOBAL | _PAGE_NX); +/* To clear memory encryption mask from the decrypted section */ +extern char __start_data_decrypted[], __end_data_decrypted[]; + #ifdef CONFIG_X86_5LEVEL unsigned int __pgtable_l5_enabled __ro_after_init; unsigned int pgdir_shift __ro_after_init = 39; @@ -112,6 +115,7 @@ static bool __head check_la57_support(unsigned long physaddr) unsigned long __head __startup_64(unsigned long physaddr, struct boot_params *bp) { + unsigned long vaddr, vaddr_end; unsigned long load_delta, *p; unsigned long pgtable_flags; pgdval_t *pgd; @@ -234,6 +238,14 @@ unsigned long __head __startup_64(unsigned long physaddr, /* Encrypt the kernel and related (if SME is active) */ sme_encrypt_kernel(bp); + /* Clear the memory encryption mask from the decrypted section */ + vaddr = (unsigned long)__start_data_decrypted; + vaddr_end = (unsigned long)__end_data_decrypted; + for (; vaddr < vaddr_end; vaddr += PMD_SIZE) { + i = pmd_index(vaddr); + pmd[i] -= sme_get_me_mask(); + } + /* * Return the SME encryption mask (if SME is active) to be used as a * modifier for the initial pgdir entry programmed into CR3. diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index 8bde0a4..511b875 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -89,6 +89,22 @@ PHDRS { note PT_NOTE FLAGS(0); /* ___ */ } +/* + * This section contains data which will be mapped as decrypted. Memory + * encryption operates on a page basis. But we make this section a pmd + * aligned to avoid spliting the pages while mapping the section early. + * + * Note: We use a separate section so that only this section gets + * decrypted to avoid exposing more than we wish. + */ +#define DATA_DECRYPTED_SECTION \ + . = ALIGN(PMD_SIZE); \ + __start_data_decrypted = .; \ + *(.data..decrypted); \ + __end_data_decrypted = .; \ + . = ALIGN(PMD_SIZE); \ + + SECTIONS { #ifdef CONFIG_X86_32 @@ -171,6 +187,8 @@ SECTIONS /* rarely changed data like cpu maps */ READ_MOSTLY_DATA(INTERNODE_CACHE_BYTES) + DATA_DECRYPTED_SECTION + /* End of data section */ _edata = .; } :data diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c index 7ae3686..ccf6e2b 100644 --- a/arch/x86/mm/mem_encrypt_identity.c +++ b/arch/x86/mm/mem_encrypt_identity.c @@ -59,6 +59,8 @@ (_PAGE_PAT | _PAGE_PWT)) #define PTE_FLAGS_ENC (PTE_FLAGS | _PAGE_ENC) +#define PTE_FLAGS_ENC_WP ((PTE_FLAGS_ENC & ~_PAGE_CACHE_MASK) | \ + (_PAGE_PAT | _PAGE_PWT)) struct sme_populate_pgd_data { void *pgtable_area; @@ -72,10 +74,28 @@ struct sme_populate_pgd_data { unsigned long vaddr_end; }; +struct sme_workarea_data { + unsigned long kernel_start; + unsigned long kernel_end; + unsigned long kernel_len; + + unsigned long initrd_start; + unsigned long initrd_end; + unsigned long initrd_len; + + unsigned long workarea_start; + unsigned long workarea_end; + unsigned long workarea_len; + + unsigned long decrypted_base; +}; + static char sme_cmdline_arg[] __initdata = "mem_encrypt"; static char sme_cmdline_on[] __initdata = "on"; static char sme_cmdline_off[] __initdata = "off"; +extern char __start_data_decrypted[], __end_data_decrypted[]; + static void __init sme_clear_pgd(struct sme_populate_pgd_data *ppd) { unsigned long pgd_start, pgd_end, pgd_size; @@ -219,6 +239,11 @@ static void __init sme_map_range_encrypted(struct sme_populate_pgd_data *ppd) __sme_map_range(ppd, PMD_FLAGS_ENC, PTE_FLAGS_ENC); } +static void __init sme_map_range_encrypted_wp(struct sme_populate_pgd_data *ppd) +{ + __sme_map_range(ppd, PMD_FLAGS_ENC, PTE_FLAGS_ENC_WP); +} + static void __init sme_map_range_decrypted(struct sme_populate_pgd_data *ppd) { __sme_map_range(ppd, PMD_FLAGS_DEC, PTE_FLAGS_DEC); @@ -266,19 +291,17 @@ static unsigned long __init sme_pgtable_calc(unsigned long len) return entries + tables; } -void __init sme_encrypt_kernel(struct boot_params *bp) +static void __init build_workarea_map(struct boot_params *bp, + struct sme_workarea_data *wa, + struct sme_populate_pgd_data *ppd) { unsigned long workarea_start, workarea_end, workarea_len; unsigned long execute_start, execute_end, execute_len; unsigned long kernel_start, kernel_end, kernel_len; unsigned long initrd_start, initrd_end, initrd_len; - struct sme_populate_pgd_data ppd; unsigned long pgtable_area_len; unsigned long decrypted_base; - if (!sme_active()) - return; - /* * Prepare for encrypting the kernel and initrd by building new * pagetables with the necessary attributes needed to encrypt the @@ -358,17 +381,17 @@ void __init sme_encrypt_kernel(struct boot_params *bp) * pagetables and when the new encrypted and decrypted kernel * mappings are populated. */ - ppd.pgtable_area = (void *)execute_end; + ppd->pgtable_area = (void *)execute_end; /* * Make sure the current pagetable structure has entries for * addressing the workarea. */ - ppd.pgd = (pgd_t *)native_read_cr3_pa(); - ppd.paddr = workarea_start; - ppd.vaddr = workarea_start; - ppd.vaddr_end = workarea_end; - sme_map_range_decrypted(&ppd); + ppd->pgd = (pgd_t *)native_read_cr3_pa(); + ppd->paddr = workarea_start; + ppd->vaddr = workarea_start; + ppd->vaddr_end = workarea_end; + sme_map_range_decrypted(ppd); /* Flush the TLB - no globals so cr3 is enough */ native_write_cr3(__native_read_cr3()); @@ -379,9 +402,9 @@ void __init sme_encrypt_kernel(struct boot_params *bp) * then be populated with new PUDs and PMDs as the encrypted and * decrypted kernel mappings are created. */ - ppd.pgd = ppd.pgtable_area; - memset(ppd.pgd, 0, sizeof(pgd_t) * PTRS_PER_PGD); - ppd.pgtable_area += sizeof(pgd_t) * PTRS_PER_PGD; + ppd->pgd = ppd->pgtable_area; + memset(ppd->pgd, 0, sizeof(pgd_t) * PTRS_PER_PGD); + ppd->pgtable_area += sizeof(pgd_t) * PTRS_PER_PGD; /* * A different PGD index/entry must be used to get different @@ -399,75 +422,158 @@ void __init sme_encrypt_kernel(struct boot_params *bp) decrypted_base <<= PGDIR_SHIFT; /* Add encrypted kernel (identity) mappings */ - ppd.paddr = kernel_start; - ppd.vaddr = kernel_start; - ppd.vaddr_end = kernel_end; - sme_map_range_encrypted(&ppd); + ppd->paddr = kernel_start; + ppd->vaddr = kernel_start; + ppd->vaddr_end = kernel_end; + sme_map_range_encrypted(ppd); /* Add decrypted, write-protected kernel (non-identity) mappings */ - ppd.paddr = kernel_start; - ppd.vaddr = kernel_start + decrypted_base; - ppd.vaddr_end = kernel_end + decrypted_base; - sme_map_range_decrypted_wp(&ppd); + ppd->paddr = kernel_start; + ppd->vaddr = kernel_start + decrypted_base; + ppd->vaddr_end = kernel_end + decrypted_base; + sme_map_range_decrypted_wp(ppd); if (initrd_len) { /* Add encrypted initrd (identity) mappings */ - ppd.paddr = initrd_start; - ppd.vaddr = initrd_start; - ppd.vaddr_end = initrd_end; - sme_map_range_encrypted(&ppd); + ppd->paddr = initrd_start; + ppd->vaddr = initrd_start; + ppd->vaddr_end = initrd_end; + sme_map_range_encrypted(ppd); /* * Add decrypted, write-protected initrd (non-identity) mappings */ - ppd.paddr = initrd_start; - ppd.vaddr = initrd_start + decrypted_base; - ppd.vaddr_end = initrd_end + decrypted_base; - sme_map_range_decrypted_wp(&ppd); + ppd->paddr = initrd_start; + ppd->vaddr = initrd_start + decrypted_base; + ppd->vaddr_end = initrd_end + decrypted_base; + sme_map_range_decrypted_wp(ppd); } - /* Add decrypted workarea mappings to both kernel mappings */ - ppd.paddr = workarea_start; - ppd.vaddr = workarea_start; - ppd.vaddr_end = workarea_end; - sme_map_range_decrypted(&ppd); + /* + * When SEV is active, kernel is already encrypted hence mapping + * the initial workarea_start as encrypted. When SME is active, + * the kernel is not encrypted hence add a decrypted workarea + * mappings to both kernel mappings + */ + ppd->paddr = workarea_start; + ppd->vaddr = workarea_start; + ppd->vaddr_end = workarea_end; + if (sev_active()) + sme_map_range_encrypted(ppd); + else + sme_map_range_decrypted(ppd); + + ppd->paddr = workarea_start; + ppd->vaddr = workarea_start + decrypted_base; + ppd->vaddr_end = workarea_end + decrypted_base; + sme_map_range_decrypted(ppd); - ppd.paddr = workarea_start; - ppd.vaddr = workarea_start + decrypted_base; - ppd.vaddr_end = workarea_end + decrypted_base; - sme_map_range_decrypted(&ppd); + wa->kernel_start = kernel_start; + wa->kernel_end = kernel_end; + wa->kernel_len = kernel_len; - /* Perform the encryption */ - sme_encrypt_execute(kernel_start, kernel_start + decrypted_base, - kernel_len, workarea_start, (unsigned long)ppd.pgd); + wa->initrd_start = initrd_start; + wa->initrd_end = initrd_end; + wa->initrd_len = initrd_len; - if (initrd_len) - sme_encrypt_execute(initrd_start, initrd_start + decrypted_base, - initrd_len, workarea_start, - (unsigned long)ppd.pgd); + wa->workarea_start = workarea_start; + wa->workarea_end = workarea_end; + wa->workarea_len = workarea_len; + wa->decrypted_base = decrypted_base; +} + +static void __init remove_workarea_map(struct sme_workarea_data *wa, + struct sme_populate_pgd_data *ppd) +{ /* * At this point we are running encrypted. Remove the mappings for * the decrypted areas - all that is needed for this is to remove * the PGD entry/entries. */ - ppd.vaddr = kernel_start + decrypted_base; - ppd.vaddr_end = kernel_end + decrypted_base; - sme_clear_pgd(&ppd); - - if (initrd_len) { - ppd.vaddr = initrd_start + decrypted_base; - ppd.vaddr_end = initrd_end + decrypted_base; - sme_clear_pgd(&ppd); + ppd->vaddr = wa->kernel_start + wa->decrypted_base; + ppd->vaddr_end = wa->kernel_end + wa->decrypted_base; + sme_clear_pgd(ppd); + + if (wa->initrd_len) { + ppd->vaddr = wa->initrd_start + wa->decrypted_base; + ppd->vaddr_end = wa->initrd_end + wa->decrypted_base; + sme_clear_pgd(ppd); } - ppd.vaddr = workarea_start + decrypted_base; - ppd.vaddr_end = workarea_end + decrypted_base; - sme_clear_pgd(&ppd); + ppd->vaddr = wa->workarea_start + wa->decrypted_base; + ppd->vaddr_end = wa->workarea_end + wa->decrypted_base; + sme_clear_pgd(ppd); /* Flush the TLB - no globals so cr3 is enough */ native_write_cr3(__native_read_cr3()); } +static void __init decrypt_data_decrypted_section(struct sme_workarea_data *wa, + struct sme_populate_pgd_data *ppd) +{ + unsigned long decrypted_start, decrypted_end, decrypted_len; + + /* Physical addresses of decrypted data section */ + decrypted_start = __pa_symbol(__start_data_decrypted); + decrypted_end = __pa_symbol(__end_data_decrypted); + decrypted_len = decrypted_end - decrypted_start; + + if (!decrypted_len) + return; + + /* Add decrypted mapping for the section (identity) */ + ppd->paddr = decrypted_start; + ppd->vaddr = decrypted_start; + ppd->vaddr_end = decrypted_end; + sme_map_range_decrypted(ppd); + + /* Add encrypted-wp mapping for the section (non-identity) */ + ppd->paddr = decrypted_start; + ppd->vaddr = decrypted_start + wa->decrypted_base; + ppd->vaddr_end = decrypted_end + wa->decrypted_base; + sme_map_range_encrypted_wp(ppd); + + /* Perform in-place decryption */ + sme_encrypt_execute(decrypted_start + wa->decrypted_base, + decrypted_start, + decrypted_len, wa->workarea_start, + (unsigned long)ppd->pgd); + + ppd->vaddr = decrypted_start + wa->decrypted_base; + ppd->vaddr_end = decrypted_end + wa->decrypted_base; + sme_clear_pgd(ppd); +} + +void __init sme_encrypt_kernel(struct boot_params *bp) +{ + struct sme_populate_pgd_data ppd; + struct sme_workarea_data wa; + + if (!mem_encrypt_active()) + return; + + build_workarea_map(bp, &wa, &ppd); + + /* When SEV is active, encrypt kernel and initrd */ + if (sme_active()) { + sme_encrypt_execute(wa.kernel_start, + wa.kernel_start + wa.decrypted_base, + wa.kernel_len, wa.workarea_start, + (unsigned long)ppd.pgd); + + if (wa.initrd_len) + sme_encrypt_execute(wa.initrd_start, + wa.initrd_start + wa.decrypted_base, + wa.initrd_len, wa.workarea_start, + (unsigned long)ppd.pgd); + } + + /* Decrypt the contents of .data..decrypted section */ + decrypt_data_decrypted_section(&wa, &ppd); + + remove_workarea_map(&wa, &ppd); +} + void __init sme_enable(struct boot_params *bp) { const char *cmdline_ptr, *cmdline_arg, *cmdline_on, *cmdline_off; -- 2.7.4

6 years, 10 months

2
2
0 0

[PATCH v2] mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB

by Liu Xiang

If the size of spi-nor flash is larger than 16MB, the read_opcode is set to SPINOR_OP_READ_1_1_4_4B, and fsl_qspi_get_seqid() will return -EINVAL when cmd is SPINOR_OP_READ_1_1_4_4B. This can cause read operation fail. --- v2: add Fixes tag and CC stable suggested by Boris. --- Fixes: e46ecda764dc ("mtd: spi-nor: Add Freescale QuadSPI driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Liu Xiang <liu.xiang6(a)zte.com.cn> --- drivers/mtd/spi-nor/fsl-quadspi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mtd/spi-nor/fsl-quadspi.c b/drivers/mtd/spi-nor/fsl-quadspi.c index 7d9620c..64304a3 100644 --- a/drivers/mtd/spi-nor/fsl-quadspi.c +++ b/drivers/mtd/spi-nor/fsl-quadspi.c @@ -478,6 +478,7 @@ static int fsl_qspi_get_seqid(struct fsl_qspi *q, u8 cmd) { switch (cmd) { case SPINOR_OP_READ_1_1_4: + case SPINOR_OP_READ_1_1_4_4B: return SEQID_READ; case SPINOR_OP_WREN: return SEQID_WREN; -- 1.9.1

6 years, 10 months

3
3
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 7dc18ebc3101229d5238a2dc740804cd4836b383: Linux 4.4.150 (2018-08-18 10:45:38 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-14082018 for you to fetch changes up to 99f86ec21034d82ebdcfff3ed4010945e082ca04: mm/memory.c: check return value of ioremap_prot (2018-08-18 10:17:21 -0400) - ---------------------------------------------------------------- for-greg-4.4-14082018 - ---------------------------------------------------------------- Alexander Sverdlin (1): i2c: davinci: Avoid zero value of CLKH Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Bernd Edlinger (1): nl80211: Add a missing break in parse_station_flags Calvin Walton (1): tools/power turbostat: Read extended processor family from CPUID Colin Ian King (1): drivers: net: lmc: fix case value for target abort error Eric Dumazet (1): xfrm_user: prevent leaking 2 bytes of kernel memory Eugeniu Rosca (1): usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' Eyal Birger (1): vti6: fix PMTU caching and reporting on xmit Florian Westphal (3): xfrm: free skb if nlsk pointer is NULL netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state atl1c: reserve min skb headroom Govindarajulu Varadarajan (1): enic: handle mtu change for vf properly Guenter Roeck (1): media: staging: omap4iss: Include asm/cacheflush.h after generic includes Jia-Ju Bai (2): usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() Jim Gill (1): scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED Johannes Thumshirn (1): scsi: fcoe: drop frames in ELS LOGO error path Kiran Kumar Modukuri (3): fscache: Allow cancelled operations to be enqueued cachefiles: Fix refcounting bug in backing-file read monitoring cachefiles: Wait rather than BUG'ing on "Unexpected object collision" Len Brown (1): tools/power turbostat: fix -S on UP systems Li Wang (1): zswap: re-check zswap_is_full() after do zswap_shrink() Lucas Stach (2): drm/imx: imx-ldb: disable LDB on driver bind drm/imx: imx-ldb: check if channel is enabled before printing warning Masami Hiramatsu (1): selftests/ftrace: Add snapshot and tracing_on test case Nicholas Mc Guire (2): drm: re-enable error handling can: mpc5xxx_can: check of_iomap return before use Peter Senna Tschudin (1): tools: usb: ffs-test: Fix build on big endian systems RafaÅ‚ MiÅ‚ecki (1): Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" Randy Dunlap (4): usb/phy: fix PPC64 build errors in phy-fsl-usb.c net: prevent ISA drivers from building on PPC32 arc: fix build errors in arc/include/asm/delay.h arc: fix type warnings in arc/mm/cache.c Sean Paul (1): drm/bridge: adv7511: Reset registers on hotplug Shubhrajyoti Datta (1): net: axienet: Fix double deregister of mdio Sudarsana Reddy Kalluru (2): qed: Fix possible race for the link state value. bnx2x: Fix invalid memory access in rss hash config path. Tommi Rantala (1): xfrm: fix missing dst_release() after policy blocking lbcast and multicast Varun Prakash (1): scsi: libiscsi: fix possible NULL pointer dereference in case of TMF Willem de Bruijn (1): packet: refine ring v3 block size test to hold one frame YueHaibing (1): net: caif: Add a missing rcu_read_unlock() in caif_flow_cb jie@chenjie6@huwei.com (1): mm/memory.c: check return value of ioremap_prot mpubbise(a)codeaurora.org (1): mac80211: add stations tied to AP_VLANs during hw reconfig arch/arc/include/asm/delay.h | 3 + arch/arc/mm/cache.c | 7 +- arch/mips/bcm47xx/setup.c | 6 -- arch/mips/include/asm/mipsregs.h | 3 - drivers/gpu/drm/drm_context.c | 2 +- drivers/gpu/drm/i2c/adv7511.c | 12 ++++ drivers/gpu/drm/imx/imx-ldb.c | 9 ++- drivers/i2c/busses/i2c-davinci.c | 8 ++- drivers/net/can/mscan/mpc5xxx_can.c | 5 ++ drivers/net/ethernet/3com/Kconfig | 2 +- drivers/net/ethernet/amd/Kconfig | 4 +- drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 1 + .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 13 +++- drivers/net/ethernet/cirrus/Kconfig | 1 + drivers/net/ethernet/cisco/enic/enic_main.c | 78 ++++++++-------------- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 1 + drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 1 + drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/scsi/fcoe/fcoe_ctlr.c | 4 +- drivers/scsi/libiscsi.c | 12 ++-- drivers/scsi/vmw_pvscsi.c | 11 ++- drivers/staging/media/omap4iss/iss_video.c | 3 +- drivers/usb/gadget/function/f_uac2.c | 20 +++--- drivers/usb/gadget/udc/r8a66597-udc.c | 6 +- drivers/usb/phy/phy-fsl-usb.c | 4 +- fs/cachefiles/namei.c | 1 - fs/cachefiles/rdwr.c | 17 +++-- fs/fscache/operation.c | 6 +- mm/memory.c | 3 + mm/zswap.c | 9 +++ net/caif/caif_dev.c | 4 +- net/dccp/ccids/ccid2.c | 6 +- net/ipv6/ip6_vti.c | 11 +-- net/mac80211/util.c | 3 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +-- net/packet/af_packet.c | 10 +-- net/wireless/nl80211.c | 1 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_user.c | 18 +++-- tools/power/x86/turbostat/turbostat.c | 8 +-- .../selftests/ftrace/test.d/00basic/snapshot.tc | 28 ++++++++ tools/usb/ffs-test.c | 19 +++++- 42 files changed, 232 insertions(+), 141 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/00basic/snapshot.tc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluBcWAACgkQ3qZv95d3 LNzUvw/+JXEap2/Xn5LA446o2ugIgmxLj3cHKHrKGBjqntMdAnarbllkHN8cPmhB itp92E8NC6tkWrtuG78pXPI/KqyyfQQ9bdx/pX6ASEqlJVIToDBUv/qDAv9NKB2C Tvs0HjeU058qNZxxArIPDFQu0l8QuWlbSQ19wk5j9nyZYKLNjoK83IxktNA5eEOM UowNygI6SkhcWexcO+QzBheqgsGdk2lbiACuZQP2UfzNoj3B+jmkrjluKJeZHsp9 RC9Tt5iAaHWze6bqetDapqNiiVKamOh4RwFFb2auZSbi0njzHKLvYU/zIhbpBmB/ TWkIyzM7X384wyzDsCCIHi/OVmHPoWCN1cTPL5624qloNIG6VEFUNlB79q1R4htu fH680orPjCiRmavyCml9CA1CR9Qja8TvD9+Hj6LjLP4xxCCV3EGDzE85lYpOYxze EH/JldbaRGjhnxRtok+yKKcy/MoWFTB4BpsRxVrqALDZlV325uh2Eui6ku5vyQug I6CG+SWrjQ8E+BQgLGLEHF8KP6Si38LJMJyavuCTQquxH2uXNR8Z8gHqpX47YXOC gkuXOELTLw6dBxzLUWbv6FmOT7DZxC+swuKmOoXrFa877mIrC8RgFbSDL7MMjq9/ wuC1m/n0QmIIMOoMmZ0RIMwusNkAGOxqNW+DhPB4z7M298r+eHU= =mPDt -----END PGP SIGNATURE-----

6 years, 10 months

2
1
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 18e6ee0440a7ab853e4ca0f1403eeef1803ed970: Linux 3.18.119 (2018-08-17 20:54:56 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-14082018 for you to fetch changes up to a4756ac848473e2142769e029251fa02abac9ef1: mm/memory.c: check return value of ioremap_prot (2018-08-18 10:18:24 -0400) - ---------------------------------------------------------------- for-greg-3.18-14082018 - ---------------------------------------------------------------- Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Bernd Edlinger (1): nl80211: Add a missing break in parse_station_flags Calvin Walton (1): tools/power turbostat: Read extended processor family from CPUID Colin Ian King (1): drivers: net: lmc: fix case value for target abort error Eric Dumazet (1): xfrm_user: prevent leaking 2 bytes of kernel memory Eugeniu Rosca (1): usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' Florian Westphal (3): xfrm: free skb if nlsk pointer is NULL netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state atl1c: reserve min skb headroom Govindarajulu Varadarajan (1): enic: handle mtu change for vf properly Guenter Roeck (1): media: staging: omap4iss: Include asm/cacheflush.h after generic includes Jia-Ju Bai (2): usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() Jim Gill (1): scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED Johannes Thumshirn (1): scsi: fcoe: drop frames in ELS LOGO error path Kiran Kumar Modukuri (3): fscache: Allow cancelled operations to be enqueued cachefiles: Fix refcounting bug in backing-file read monitoring cachefiles: Wait rather than BUG'ing on "Unexpected object collision" Len Brown (1): tools/power turbostat: fix -S on UP systems Li Wang (1): zswap: re-check zswap_is_full() after do zswap_shrink() Lucas Stach (2): drm/imx: imx-ldb: disable LDB on driver bind drm/imx: imx-ldb: check if channel is enabled before printing warning Masami Hiramatsu (1): selftests/ftrace: Add snapshot and tracing_on test case Nicholas Mc Guire (2): drm: re-enable error handling can: mpc5xxx_can: check of_iomap return before use Peter Senna Tschudin (1): tools: usb: ffs-test: Fix build on big endian systems RafaÅ‚ MiÅ‚ecki (1): Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" Randy Dunlap (3): usb/phy: fix PPC64 build errors in phy-fsl-usb.c arc: fix build errors in arc/include/asm/delay.h arc: fix type warnings in arc/mm/cache.c Shubhrajyoti Datta (1): net: axienet: Fix double deregister of mdio Sudarsana Reddy Kalluru (1): bnx2x: Fix invalid memory access in rss hash config path. Tommi Rantala (1): xfrm: fix missing dst_release() after policy blocking lbcast and multicast Varun Prakash (1): scsi: libiscsi: fix possible NULL pointer dereference in case of TMF Willem de Bruijn (1): packet: refine ring v3 block size test to hold one frame YueHaibing (1): net: caif: Add a missing rcu_read_unlock() in caif_flow_cb jie@chenjie6@huwei.com (1): mm/memory.c: check return value of ioremap_prot mpubbise(a)codeaurora.org (1): mac80211: add stations tied to AP_VLANs during hw reconfig arch/arc/include/asm/delay.h | 3 + arch/arc/mm/cache_arc700.c | 7 +- arch/mips/bcm47xx/setup.c | 6 -- arch/mips/include/asm/mipsregs.h | 3 - drivers/gpu/drm/drm_context.c | 2 +- drivers/net/can/mscan/mpc5xxx_can.c | 5 ++ drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 1 + .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 13 +++- drivers/net/ethernet/cisco/enic/enic_main.c | 78 ++++++++-------------- drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 1 + drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/scsi/fcoe/fcoe_ctlr.c | 4 +- drivers/scsi/libiscsi.c | 12 ++-- drivers/scsi/vmw_pvscsi.c | 11 ++- drivers/staging/imx-drm/imx-ldb.c | 9 ++- drivers/staging/media/omap4iss/iss_video.c | 3 +- drivers/usb/gadget/function/f_uac2.c | 20 +++--- drivers/usb/gadget/udc/r8a66597-udc.c | 6 +- drivers/usb/phy/phy-fsl-usb.c | 4 +- fs/cachefiles/namei.c | 1 - fs/cachefiles/rdwr.c | 17 +++-- fs/fscache/operation.c | 6 +- mm/memory.c | 3 + mm/zswap.c | 9 +++ net/caif/caif_dev.c | 4 +- net/dccp/ccids/ccid2.c | 6 +- net/mac80211/util.c | 3 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +-- net/packet/af_packet.c | 10 +-- net/wireless/nl80211.c | 1 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_user.c | 18 +++-- tools/power/x86/turbostat/turbostat.c | 8 +-- .../selftests/ftrace/test.d/00basic/snapshot.tc | 28 ++++++++ tools/usb/ffs-test.c | 19 +++++- 35 files changed, 203 insertions(+), 131 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/00basic/snapshot.tc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluBcWcACgkQ3qZv95d3 LNyyQBAAuR/0/kaIUMqYPIXnnUXjUxhxiJmI5oCxGepVsD0XwATTk+gyu1niajDW dP+V4MjSsdZMtM4h5L52GGWFVNOppZFBd/xCci2nUAS4wmE9jLsTmnKyKWnPoGxo XiEz4OMXfhRCoir69kY3x+CN/F5XOcQJq4+F9RwMMGHFgJJ6fXng6m+UTtkjyFKQ uJaBk4iwtJUCa8yEC+L/5Uuqx7tM9J64J5zG5YxsWvd3LslUuXkE17xiFhoompNM dn/mT8mxY7P+SYb9FcLRoUu0Lz6aL82HW4zd55hlFIREBNaBfXIJOA7wPVo5UwBI HsyqCDBEaJ04gnfqaRo041wbl0CrX599r0sMQri3UUvKVZYFeBQvFYKim7UKdvzB bO1aKR+lOCnwsNIQGqFcgmYZzF4aDNe8xoeROTCC+MW6V++in0W/HALeqyoSW0Ko 74eQWDIXGBuWjM83H94rMeyxuL7L9qnBSA2vGT4YbK10F9X/lxq/MbxtGtKp/APL aLRXfl/NzRJW8AI73ej+eH8Nq3d3W749RYPHihvvv3izfWFyLxjj/0TncaXlPOO3 qVXf9LdHXrF+L9jJk5qpfFQ92xk57ssQXYocCPG/455oizsD8zpWk0WqQ2LMxzlY WJhSRaJjRBucU3mtCUq8fLZRaln91HIGISEPaRAlK5dAN0Tx7FU= =O1lO -----END PGP SIGNATURE-----

6 years, 10 months

2
1
0 0

Your reply

by Ruby

We provide photoshop services to some of the companies from around the world. We have worked on tons of images ever since our team establishment in 2009. Many online retail companies use our services for retouching electronics, jewelry, apparels, furniture etc. by getting the images of their products enhanced. Here are the details of what we provide: Clipping path; Deep etch process Image masking Remove background Portrait retouching Jewelry retouching Fashion retouching Please reply back for further info. We can provide testing for your photos if needed. Thanks, Ruby

6 years, 10 months

1
0
0 0

Linux 4.4.153

by Greg KH

I'm announcing the release of the 4.4.153 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- arch/x86/include/asm/mmu_context.h | 3 +-- arch/x86/mm/pageattr.c | 2 +- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/readdir.c | 37 +++++++++++++++++++++++++++++++++++++ fs/overlayfs/super.c | 20 ++++++++++++++++++++ 6 files changed, 61 insertions(+), 4 deletions(-) Andi Kleen (1): x86/mm/pat: Fix L1TF stable backport for CPA Eric Biggers (1): x86/mm: Fix use-after-free of ldt_struct Greg Kroah-Hartman (1): Linux 4.4.153 Vivek Goyal (3): ovl: Ensure upper filesystem supports d_type ovl: Do d_type check only if work dir creation was successful ovl: warn instead of error if d_type is not supported

6 years, 10 months

1
1
0 0

Linux 3.18.120

by Greg KH

I'm announcing the release of the 3.18.120 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 arch/arm/boot/dts/da850.dtsi | 6 -- arch/arm/configs/imx_v4_v5_defconfig | 2 arch/arm/mach-pxa/irq.c | 4 - arch/arm64/kernel/smp.c | 2 arch/m68k/include/asm/mcf_pgalloc.h | 4 + drivers/dma/k3dma.c | 2 drivers/gpu/drm/armada/armada_hw.h | 1 drivers/gpu/drm/armada/armada_overlay.c | 30 +++++++--- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++++--- drivers/gpu/drm/exynos/regs-gsc.h | 1 drivers/isdn/i4l/isdn_common.c | 8 -- drivers/md/raid10.c | 7 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 ++ drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 - drivers/net/ethernet/cisco/enic/enic_main.c | 3 - drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 +++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 drivers/net/ethernet/qualcomm/qca_spi.c | 5 + drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 -- drivers/net/usb/rtl8150.c | 2 drivers/net/usb/smsc75xx.c | 62 +++++++++++++++++++++ drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c | 7 ++ drivers/pci/hotplug/pci_hotplug_core.c | 9 +++ drivers/staging/android/ion/ion.c | 17 ++++- drivers/tty/serial/8250/8250_dw.c | 2 drivers/usb/dwc2/hcd_intr.c | 3 - drivers/usb/gadget/composite.c | 3 + drivers/usb/serial/sierra.c | 4 - fs/reiserfs/xattr.c | 4 + include/net/af_vsock.h | 4 - include/net/llc.h | 5 + include/net/net_namespace.h | 1 include/net/netns/ipv6.h | 1 kernel/locking/lockdep.c | 12 ++-- kernel/trace/trace.c | 5 + net/bluetooth/sco.c | 3 - net/core/dev.c | 4 - net/dccp/ccids/ccid2.c | 6 +- net/ipv4/netfilter/ip_tables.c | 1 net/ipv4/tcp.c | 4 - net/ipv6/mcast.c | 9 ++- net/ipv6/netfilter/ip6_tables.c | 1 net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/l2tp/l2tp_core.c | 2 net/llc/llc_core.c | 4 - net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/packet/af_packet.c | 10 ++- net/sched/cls_tcindex.c | 8 +- net/vmw_vsock/af_vsock.c | 15 ++--- net/vmw_vsock/vmci_transport.c | 3 - net/xfrm/xfrm_user.c | 8 +- security/smack/smack_lsm.c | 1 sound/core/memalloc.c | 8 -- sound/core/seq/seq_virmidi.c | 10 +++ sound/pci/cs5535audio/cs5535audio.h | 6 +- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 - sound/pci/vx222/vx222_ops.c | 8 +- sound/pcmcia/vx/vxp_ops.c | 10 +-- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 tools/testing/selftests/sync/config | 4 + 67 files changed, 315 insertions(+), 128 deletions(-) Adam Ford (1): ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chen Hu (1): serial: 8250_dw: always set baud rate in dw8250_set_termios Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Cong Wang (2): llc: use refcount_inc_not_zero() for llc_sap_find() vsock: split dwork to avoid reinitializations Dan Carpenter (2): dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Daniel Rosenberg (1): staging: android: ion: check for kref overflow David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Eric Dumazet (2): netfilter: ipv6: nf_defrag: reduce struct net memory waste xfrm_user: prevent leaking 2 bytes of kernel memory Fabio Estevam (1): ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Westphal (2): netfilter: x_tables: set module owner for icmp(6) matches netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Kroah-Hartman (1): Linux 3.18.120 Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Hangbin Liu (3): net_sched: Fix missing res info when create new tc_index filter net_sched: fix NULL pointer dereference when delete tcindex filter ipv6: mcast: fix unsolicited report interval after receiving querys Jann Horn (1): reiserfs: fix broken xattr handling (heap corruption, bad retval) John Ogness (1): USB: serial: sierra: fix potential deadlock at close Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kees Cook (1): isdn: Disable IIOCDBGVAR Li RongQing (1): net: propagate dev_get_valid_name return code Lukas Wunner (1): PCI: hotplug: Don't leak pci_slot on registration failure Marek Szyprowski (1): drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Randy Dunlap (1): tcp: identify cryptic messages as TCP seq # bugs Russell King (1): drm/armada: fix colorkey mode property Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Wahren (2): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered Steven Rostedt (VMware) (1): locking/lockdep: Do not record IRQ state within lockdep code Sudarsana Reddy Kalluru (1): bnx2x: Fix receiving tx-timeout in error or recovery state. Sudip Mukherjee (1): Bluetooth: avoid killing an already killed socket Takashi Iwai (5): ALSA: vx222: Fix invalid endian conversions ALSA: virmidi: Fix too long output trigger loop ALSA: cs5535audio: Fix invalid endian conversion ALSA: memalloc: Don't exceed over the requested size ALSA: vxpocket: Fix invalid endian conversions Wei Wang (1): l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Willem de Bruijn (1): packet: refine ring v3 block size test to hold one frame William Wu (1): usb: dwc2: fix isoc split in transfer with no data Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace

6 years, 10 months

1
1
0 0

[PATCH] HID: input: fix leaking custom input node name

by Stefan Agner

Make sure to free the custom input node name on disconnect. Cc: stable(a)vger.kernel.org # v4.18+ Fixes: c554bb045511 ("HID: input: append a suffix matching the application") Signed-off-by: Stefan Agner <stefan(a)agner.ch> --- Found with kmemleak, after unplugging a Logitech Unifying receiver: unreferenced object 0xc2345b80 (size 64): comm "kworker/0:1", pid 20, jiffies 4294955181 (age 320.740s) hex dump (first 32 bytes): 4c 6f 67 69 74 65 63 68 20 55 53 42 20 52 65 63 Logitech USB Rec 65 69 76 65 72 20 53 79 73 74 65 6d 20 43 6f 6e eiver System Con backtrace: [<8fec5a71>] __kmalloc_track_caller+0x1dc/0x300 [<5b926275>] kvasprintf+0x60/0xcc [<21fc360f>] kasprintf+0x38/0x54 [<3b6ce9f0>] hidinput_connect+0x23a8/0x4c60 [<deaab707>] hid_connect+0x30c/0x38c [<5a28f7c9>] hid_hw_start+0x44/0x64 [<267d70e8>] hid_generic_probe+0x34/0x38 [<d68c31b1>] hid_device_probe+0xdc/0x13c [<09414e91>] really_probe+0x1d8/0x2c4 [<f9d7157f>] driver_probe_device+0x68/0x184 [<1def17c8>] __device_attach_driver+0xa0/0xd4 [<d3b2081b>] bus_for_each_drv+0x60/0xc0 [<379d02f8>] __device_attach+0xdc/0x144 [<7026ace5>] device_initial_probe+0x14/0x18 [<44527d01>] bus_probe_device+0x90/0x98 [<cf58bf2f>] device_add+0x424/0x62c drivers/hid/hid-input.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c index 4e94ea3e280a..ac201817a2dd 100644 --- a/drivers/hid/hid-input.c +++ b/drivers/hid/hid-input.c @@ -1815,6 +1815,7 @@ void hidinput_disconnect(struct hid_device *hid) input_unregister_device(hidinput->input); else input_free_device(hidinput->input); + kfree(hidinput->name); kfree(hidinput); } -- 2.18.0

6 years, 10 months

2
1
0 0

Editing is it

by Jason

Do you have photos for cutting out,or adding clipping path? We are here to help you for that also including retouching. Both for product photos and portrait photos. Yours, Jason

6 years, 10 months

1
0
0 0

v3.18.120 build: 0 failures 1 warnings (v3.18.120)

by Build bot for Mark Brown

Tree/Branch: v3.18.120 Git describe: v3.18.120 Commit: a5f9be3576 Linux 3.18.120 Build Time: 0 min 1 sec Passed: 7 / 7 (100.00 %) Failed: 0 / 7 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 7 warnings 0 mismatches : x86_64-allmodconfig 2 warnings 0 mismatches : x86_64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 1 9 ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 7 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- x86_64-defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig arm-multi_v7_defconfig arm-allmodconfig arm-allnoconfig arm-multi_v5_defconfig

6 years, 10 months

1
0
0 0

[PATCH] tty: serial: lpuart: avoid leaking struct tty_struct

by Stefan Agner

The function tty_port_tty_get() gets a reference to the tty. Since the code is not using tty_port_tty_set(), the reference is kept even after closing the tty. Avoid using tty_port_tty_get() by directly access the tty instance. Since lpuart_start_rx_dma() is called from the .startup() and .set_termios() callback, it is safe to assume the tty instance is valid. Cc: stable(a)vger.kernel.org # v4.9+ Fixes: 5887ad43ee02 ("tty: serial: fsl_lpuart: Use cyclic DMA for Rx") Signed-off-by: Stefan Agner <stefan(a)agner.ch> --- This fixes a memory leak observable when opening/closing the tty in a loop. This is also reported by kmemleak: unreferenced object 0xc9d17000 (size 1024): comm "(agetty)", pid 389, jiffies 4294943045 (age 100.670s) hex dump (first 32 bytes): 01 54 00 00 01 00 00 00 00 8c 9b c8 80 58 9b c8 .T...........X.. 48 58 c4 c0 00 00 00 00 00 00 00 00 00 00 00 00 HX.............. backtrace: [<(ptrval)>] kmem_cache_alloc_trace+0x160/0x2b8 [<(ptrval)>] alloc_tty_struct+0x44/0x254 [<(ptrval)>] tty_init_dev+0x44/0x1c8 [<(ptrval)>] tty_open+0x268/0x414 [<(ptrval)>] chrdev_open+0xb4/0x1bc [<(ptrval)>] do_dentry_open+0x1c0/0x388 [<(ptrval)>] vfs_open+0x34/0x38 [<(ptrval)>] path_openat+0x5b0/0x11bc [<(ptrval)>] do_filp_open+0x7c/0xe8 [<(ptrval)>] do_sys_open+0x188/0x20c [<(ptrval)>] sys_openat+0x14/0x18 [<(ptrval)>] ret_fast_syscall+0x0/0x28 [<(ptrval)>] 0xbee0a460 [<(ptrval)>] 0xffffffff I *think* the statement that accessing tty_struct without using tty_port_tty_get is safe in this case is true. It would be good if somebody with more TTY knowledge could review the change. -- Stefan drivers/tty/serial/fsl_lpuart.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c index 51e47a63d61a..3f8d1274fc85 100644 --- a/drivers/tty/serial/fsl_lpuart.c +++ b/drivers/tty/serial/fsl_lpuart.c @@ -979,7 +979,8 @@ static inline int lpuart_start_rx_dma(struct lpuart_port *sport) struct circ_buf *ring = &sport->rx_ring; int ret, nent; int bits, baud; - struct tty_struct *tty = tty_port_tty_get(&sport->port.state->port); + struct tty_port *port = &sport->port.state->port; + struct tty_struct *tty = port->tty; struct ktermios *termios = &tty->termios; baud = tty_get_baud_rate(tty); -- 2.18.0

6 years, 10 months

1
0
0 0

[PATCH] xprtrdma: Fix disconnect regression

by Chuck Lever

I found that injecting disconnects with v4.18-rc resulted in random failures of the multi-threaded git regression test. The root cause appears to be that, after a reconnect, the RPC/RDMA transport is waking pending RPCs before the transport has posted enough Receive buffers to receive the Replies. If a Reply arrives before enough Receive buffers are posted, the connection is dropped. A few connection drops happen in quick succession as the client and server struggle to regain credit synchronization. This regression was introduced with commit 7c8d9e7c8863 ("xprtrdma: Move Receive posting to Receive handler"). The client is supposed to post a single Receive when a connection is established because it's not supposed to send more than one RPC Call before it gets a fresh credit grant in the first RPC Reply [RFC 8166, Section 3.3.3]. Unfortunately there appears to be a longstanding bug in the Linux client's credit accounting mechanism. On connect, it simply dumps all pending RPC Calls onto the new connection. It's possible it has done this ever since the RPC/RDMA transport was added to the kernel ten years ago. Servers have so far been tolerant of this bad behavior. Currently no server implementation ever changes its credit grant over reconnects, and servers always repost enough Receives before connections are fully established. The Linux client implementation used to post a Receive before each of these Calls. This has covered up the flooding send behavior. I could try to correct this old bug so that the client sends exactly one RPC Call and waits for a Reply. Since we are so close to the next merge window, I'm going to instead provide a simple patch to post enough Receives before a reconnect completes (based on the number of credits granted to the previous connection). The spurious disconnects will be gone, but the client will still send multiple RPC Calls immediately after a reconnect. Addressing the latter problem will wait for a merge window because a) I expect it to be a large change requiring lots of testing, and b) obviously the Linux client has interoperated successfully since day zero while still being broken. Fixes: 7c8d9e7c8863 ("xprtrdma: Move Receive posting to ... ") Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- net/sunrpc/xprtrdma/verbs.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) Hi stable@ - This fix has been merged into v4.19 as upstream commit 8d4fb8ff427a ("xprtrdma: Fix disconnect regression"). It addresses a regression in v4.18. I expected it to go into late v4.18-rc, which is why there is no "cc: stable" on the original submission. Could you please apply it to 4.18.y ? Thank you! diff --git a/net/sunrpc/xprtrdma/verbs.c b/net/sunrpc/xprtrdma/verbs.c index 042bb24..1386c6e 100644 --- a/net/sunrpc/xprtrdma/verbs.c +++ b/net/sunrpc/xprtrdma/verbs.c @@ -279,7 +279,6 @@ ++xprt->rx_xprt.connect_cookie; connstate = -ECONNABORTED; connected: - xprt->rx_buf.rb_credits = 1; ep->rep_connected = connstate; rpcrdma_conn_func(ep); wake_up_all(&ep->rep_connect_wait); @@ -754,6 +753,7 @@ } ep->rep_connected = 0; + rpcrdma_post_recvs(r_xprt, true); rc = rdma_connect(ia->ri_id, &ep->rep_remote_cma); if (rc) { @@ -772,8 +772,6 @@ dprintk("RPC: %s: connected\n", __func__); - rpcrdma_post_recvs(r_xprt, true); - out: if (rc) ep->rep_connected = rc; @@ -1170,6 +1168,7 @@ struct rpcrdma_req * list_add(&req->rl_list, &buf->rb_send_bufs); } + buf->rb_credits = 1; buf->rb_posted_receives = 0; INIT_LIST_HEAD(&buf->rb_recv_bufs);

6 years, 10 months

2
1
0 0

[PATCH 4.4 0/5] 4.4.153-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.153 release. There are 5 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Aug 28 06:40:50 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.153-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.153-rc1 Vivek Goyal <vgoyal(a)redhat.com> ovl: warn instead of error if d_type is not supported Vivek Goyal <vgoyal(a)redhat.com> ovl: Do d_type check only if work dir creation was successful Vivek Goyal <vgoyal(a)redhat.com> ovl: Ensure upper filesystem supports d_type Eric Biggers <ebiggers(a)google.com> x86/mm: Fix use-after-free of ldt_struct Andi Kleen <ak(a)linux.intel.com> x86/mm/pat: Fix L1TF stable backport for CPA ------------- Diffstat: Makefile | 4 ++-- arch/x86/include/asm/mmu_context.h | 3 +-- arch/x86/mm/pageattr.c | 2 +- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/readdir.c | 37 +++++++++++++++++++++++++++++++++++++ fs/overlayfs/super.c | 20 ++++++++++++++++++++ 6 files changed, 62 insertions(+), 5 deletions(-)

6 years, 10 months

4
8
0 0

[PATCH] soc: qcom: rmtfs-mem: Validate that scm is available

by Bjorn Andersson

The scm device must be present in order for the rmtfs driver to configure memory permissions for the rmtfs memory region, so check that it is probed before continuing. Cc: stable(a)vger.kernel.org Fixes: fa65f8045137 ("soc: qcom: rmtfs-mem: Add support for assigning memory to remote") Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> --- drivers/soc/qcom/rmtfs_mem.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/soc/qcom/rmtfs_mem.c b/drivers/soc/qcom/rmtfs_mem.c index 8a3678c2e83c..97bb5989aa21 100644 --- a/drivers/soc/qcom/rmtfs_mem.c +++ b/drivers/soc/qcom/rmtfs_mem.c @@ -212,6 +212,11 @@ static int qcom_rmtfs_mem_probe(struct platform_device *pdev) dev_err(&pdev->dev, "failed to parse qcom,vmid\n"); goto remove_cdev; } else if (!ret) { + if (!qcom_scm_is_available()) { + ret = -EPROBE_DEFER; + goto remove_cdev; + } + perms[0].vmid = QCOM_SCM_VMID_HLOS; perms[0].perm = QCOM_SCM_PERM_RW; perms[1].vmid = vmid; -- 2.18.0

6 years, 10 months

1
0
0 0

[PATCH v2] selftests: membarrier: fix test by checking supported commands

by Rafael David Tinoco

Makes membarrier_test compatible with older kernels (LTS) by checking if the membarrier features exist before running the tests. Link: https://bugs.linaro.org/show_bug.cgi?id=3771 Signed-off-by: Rafael David Tinoco <rafael.tinoco(a)linaro.org> Cc: <stable(a)vger.kernel.org> #v4.17 --- .../selftests/membarrier/membarrier_test.c | 71 +++++++++++-------- 1 file changed, 40 insertions(+), 31 deletions(-) diff --git a/tools/testing/selftests/membarrier/membarrier_test.c b/tools/testing/selftests/membarrier/membarrier_test.c index 6793f8ecc8e7..4dc263824bda 100644 --- a/tools/testing/selftests/membarrier/membarrier_test.c +++ b/tools/testing/selftests/membarrier/membarrier_test.c @@ -223,7 +223,7 @@ static int test_membarrier_global_expedited_success(void) return 0; } -static int test_membarrier(void) +static int test_membarrier(int supported) { int status; @@ -236,21 +236,22 @@ static int test_membarrier(void) status = test_membarrier_global_success(); if (status) return status; - status = test_membarrier_private_expedited_fail(); - if (status) - return status; - status = test_membarrier_register_private_expedited_success(); - if (status) - return status; - status = test_membarrier_private_expedited_success(); - if (status) - return status; - status = sys_membarrier(MEMBARRIER_CMD_QUERY, 0); - if (status < 0) { - ksft_test_result_fail("sys_membarrier() failed\n"); - return status; + + /* commit 22e4ebb975822833b083533035233d128b30e98f added this feature */ + if (supported & MEMBARRIER_CMD_PRIVATE_EXPEDITED) { + status = test_membarrier_private_expedited_fail(); + if (status) + return status; + status = test_membarrier_register_private_expedited_success(); + if (status) + return status; + status = test_membarrier_private_expedited_success(); + if (status) + return status; } - if (status & MEMBARRIER_CMD_PRIVATE_EXPEDITED_SYNC_CORE) { + + /* commit 70216e18e519a54a2f13569e8caff99a092a92d6 added this feature */ + if (supported & MEMBARRIER_CMD_PRIVATE_EXPEDITED_SYNC_CORE) { status = test_membarrier_private_expedited_sync_core_fail(); if (status) return status; @@ -261,23 +262,28 @@ static int test_membarrier(void) if (status) return status; } - /* - * It is valid to send a global membarrier from a non-registered - * process. - */ - status = test_membarrier_global_expedited_success(); - if (status) - return status; - status = test_membarrier_register_global_expedited_success(); - if (status) - return status; - status = test_membarrier_global_expedited_success(); - if (status) - return status; + + /* commit c5f58bd58f432be5d92df33c5458e0bcbee3aadf added this feature */ + if (supported & MEMBARRIER_CMD_GLOBAL_EXPEDITED) { + /* + * It is valid to send a global membarrier from a non-registered + * process. + */ + status = test_membarrier_global_expedited_success(); + if (status) + return status; + status = test_membarrier_register_global_expedited_success(); + if (status) + return status; + status = test_membarrier_global_expedited_success(); + if (status) + return status; + } + return 0; } -static int test_membarrier_query(void) +static int test_membarrier_query(int *supported) { int flags = 0, ret; @@ -297,16 +303,19 @@ static int test_membarrier_query(void) ksft_exit_skip( "sys_membarrier unsupported: CMD_GLOBAL not found.\n"); + *supported = ret; ksft_test_result_pass("sys_membarrier available\n"); return 0; } int main(int argc, char **argv) { + int supported; + ksft_print_header(); - test_membarrier_query(); - test_membarrier(); + test_membarrier_query(&supported); + test_membarrier(supported); return ksft_exit_pass(); } -- 2.18.0

6 years, 10 months

2
1
0 0

[char-misc for 4.9 2/2] mei: bus: need to unlink client before freeing

by Tomas Winkler

In case a client fails to connect in mei_cldev_enable(), the caller won't call the mei_cldev_disable leaving the client in a linked stated. Upon driver unload the client structure will be freed in mei_cl_bus_dev_release(), leaving a stale pointer on a fail_list. This will eventually end up in crash during power down flow in mei_cl_set_disonnected(). RIP: mei_cl_set_disconnected+0x5/0x260[mei] Call trace: mei_cl_all_disconnect+0x22/0x30 mei_reset+0x194/0x250 __synchronize_hardirq+0x43/0x50 _cond_resched+0x15/0x30 mei_me_intr_clear+0x20/0x100 mei_stop+0x76/0xb0 mei_me_shutdown+0x3f/0x80 pci_device_shutdown+0x34/0x60 kernel_restart+0x0e/0x30 Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200455 Fixes: 'c110cdb17148 ("mei: bus: make a client pointer always available")' Cc: <stable(a)vger.kernel.org> 4.10+ Tested-by: Georg Müller <georgmueller(a)gmx.net> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> --- drivers/misc/mei/bus.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c index 13c6c9a2248a..fc3872fe7b25 100644 --- a/drivers/misc/mei/bus.c +++ b/drivers/misc/mei/bus.c @@ -521,17 +521,15 @@ int mei_cldev_enable(struct mei_cl_device *cldev) cl = cldev->cl; + mutex_lock(&bus->device_lock); if (cl->state == MEI_FILE_UNINITIALIZED) { - mutex_lock(&bus->device_lock); ret = mei_cl_link(cl); - mutex_unlock(&bus->device_lock); if (ret) - return ret; + goto out; /* update pointers */ cl->cldev = cldev; } - mutex_lock(&bus->device_lock); if (mei_cl_is_connected(cl)) { ret = 0; goto out; @@ -875,12 +873,13 @@ static void mei_cl_bus_dev_release(struct device *dev) mei_me_cl_put(cldev->me_cl); mei_dev_bus_put(cldev->bus); + mei_cl_unlink(cldev->cl); kfree(cldev->cl); kfree(cldev); } static const struct device_type mei_cl_device_type = { - .release = mei_cl_bus_dev_release, + .release = mei_cl_bus_dev_release, }; /** -- 2.14.4

6 years, 10 months

1
0
0 0

[char-misc for 4.9 1/2] mei: bus: fix hw module get/put balance

by Tomas Winkler

In case the device is not connected it doesn't 'get' hw module and hence should not 'put' it on disable. Cc: <stable(a)vger.kernel.org> 4.16+ Fixes:'commit 257355a44b99 ("mei: make module referencing local to the bus.c")' Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200455 Tested-by: Georg Müller <georgmueller(a)gmx.net> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> --- drivers/misc/mei/bus.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c index 7bba62a72921..13c6c9a2248a 100644 --- a/drivers/misc/mei/bus.c +++ b/drivers/misc/mei/bus.c @@ -616,9 +616,8 @@ int mei_cldev_disable(struct mei_cl_device *cldev) if (err < 0) dev_err(bus->dev, "Could not disconnect from the ME client\n"); -out: mei_cl_bus_module_put(cldev); - +out: /* Flush queues and remove any pending read */ mei_cl_flush_queues(cl, NULL); mei_cl_unlink(cl); -- 2.14.4

6 years, 10 months

1
0
0 0

[PATCH 3.18 00/56] 3.18.120-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.120 release. There are 56 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Aug 28 06:42:19 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.120-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.120-rc1 Jann Horn <jannh(a)google.com> reiserfs: fix broken xattr handling (heap corruption, bad retval) Lukas Wunner <lukas(a)wunner.de> PCI: hotplug: Don't leak pci_slot on registration failure Willem de Bruijn <willemb(a)google.com> packet: refine ring v3 block size test to hold one frame Florian Westphal <fw(a)strlen.de> netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Eric Dumazet <edumazet(a)google.com> xfrm_user: prevent leaking 2 bytes of kernel memory Daniel Rosenberg <drosen(a)google.com> staging: android: ion: check for kref overflow Randy Dunlap <rdunlap(a)infradead.org> tcp: identify cryptic messages as TCP seq # bugs Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Make sure the QCA7000 reset is triggered Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Avoid packet drop during initial sync David Lechner <david(a)lechnology.com> net: usb: rtl8150: demote allmulti message to dev_dbg() Dan Carpenter <dan.carpenter(a)oracle.com> qlogic: check kstrtoul() for errors Alexander Duyck <alexander.h.duyck(a)intel.com> ixgbe: Be more careful when modifying MAC filters Adam Ford <aford173(a)gmail.com> ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix colorkey mode property Daniel Mack <daniel(a)zonque.org> ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Florian Westphal <fw(a)strlen.de> netfilter: x_tables: set module owner for icmp(6) matches Yuiko Oshino <yuiko.oshino(a)microchip.com> smsc75xx: Add workaround for gigabit link up hardware errata. Mathieu Malaterre <malat(a)debian.org> tracing: Use __printf markup to silence compiler Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v4_v5_defconfig: Select ULPI support Greg Ungerer <gerg(a)linux-m68k.org> m68k: fix "bad page state" oops on ColdFire boot Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> bnx2x: Fix receiving tx-timeout in error or recovery state. Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes BingJing Chang <bingjingc(a)synology.com> md/raid10: fix that replacement cannot complete recovery after reassemble Dan Carpenter <dan.carpenter(a)oracle.com> dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() Keerthy <j-keerthy(a)ti.com> ARM: dts: da850: Fix interrups property for gpio Sandipan Das <sandipan(a)linux.ibm.com> perf report powerpc: Fix crash if callchain is empty Daniel Mack <daniel(a)zonque.org> ARM: dts: am437x: make edt-ft5x06 a wakeup source Michael Trimarchi <michael(a)amarulasolutions.com> brcmfmac: stop watchdog before detach and free everything Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: when disabling dcb set txq dcb priority to 0 Casey Schaufler <casey(a)schaufler-ca.com> Smack: Mark inode instant in smack_task_to_inode Hangbin Liu <liuhangbin(a)gmail.com> ipv6: mcast: fix unsolicited report interval after receiving querys Steven Rostedt (VMware) <rostedt(a)goodmis.org> locking/lockdep: Do not record IRQ state within lockdep code Bartosz Golaszewski <bgolaszewski(a)baylibre.com> net: davinci_emac: match the mdio device against its compatible if possible Li RongQing <lirongqing(a)baidu.com> net: propagate dev_get_valid_name return code Stefan Agner <stefan(a)agner.ch> net: hamradio: use eth_broadcast_addr Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: initialize enic->rfs_h.lock in enic_probe Zhizhou Zhang <zhizhouzhang(a)asrmicro.com> arm64: make secondary_start_kernel() notrace Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: gadget: composite: fix delayed_status race condition when set_interface William Wu <william.wu(a)rock-chips.com> usb: dwc2: fix isoc split in transfer with no data Fathi Boudra <fathi.boudra(a)linaro.org> selftests: sync: add config fragment for testing sync framework Eric Dumazet <edumazet(a)google.com> netfilter: ipv6: nf_defrag: reduce struct net memory waste Kees Cook <keescook(a)chromium.org> isdn: Disable IIOCDBGVAR Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> Bluetooth: avoid killing an already killed socket Chen Hu <hu1.chen(a)intel.com> serial: 8250_dw: always set baud rate in dw8250_set_termios John Ogness <john.ogness(a)linutronix.de> USB: serial: sierra: fix potential deadlock at close Takashi Iwai <tiwai(a)suse.de> ALSA: vxpocket: Fix invalid endian conversions Takashi Iwai <tiwai(a)suse.de> ALSA: memalloc: Don't exceed over the requested size Takashi Iwai <tiwai(a)suse.de> ALSA: cs5535audio: Fix invalid endian conversion Takashi Iwai <tiwai(a)suse.de> ALSA: virmidi: Fix too long output trigger loop Takashi Iwai <tiwai(a)suse.de> ALSA: vx222: Fix invalid endian conversions Cong Wang <xiyou.wangcong(a)gmail.com> vsock: split dwork to avoid reinitializations Hangbin Liu <liuhangbin(a)gmail.com> net_sched: fix NULL pointer dereference when delete tcindex filter Hangbin Liu <liuhangbin(a)gmail.com> net_sched: Fix missing res info when create new tc_index filter Cong Wang <xiyou.wangcong(a)gmail.com> llc: use refcount_inc_not_zero() for llc_sap_find() Wei Wang <weiwan(a)google.com> l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/am3517.dtsi | 5 ++ arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/da850.dtsi | 6 +-- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/mach-pxa/irq.c | 4 +- arch/arm64/kernel/smp.c | 2 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- drivers/dma/k3dma.c | 2 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 ++++++++--- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++++---- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/isdn/i4l/isdn_common.c | 8 +-- drivers/md/raid10.c | 7 +++ drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 +++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 +++ drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 5 +- drivers/net/ethernet/ti/davinci_emac.c | 4 ++ drivers/net/hamradio/bpqether.c | 8 +-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 ++++++++++++++++++++++ drivers/net/wireless/brcm80211/brcmfmac/dhd_sdio.c | 7 +++ drivers/pci/hotplug/pci_hotplug_core.c | 9 ++++ drivers/staging/android/ion/ion.c | 17 ++++-- drivers/tty/serial/8250/8250_dw.c | 2 +- drivers/usb/dwc2/hcd_intr.c | 3 +- drivers/usb/gadget/composite.c | 3 ++ drivers/usb/serial/sierra.c | 4 +- fs/reiserfs/xattr.c | 4 +- include/net/af_vsock.h | 4 +- include/net/llc.h | 5 ++ include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - kernel/locking/lockdep.c | 12 ++--- kernel/trace/trace.c | 5 ++ net/bluetooth/sco.c | 3 +- net/core/dev.c | 4 +- net/dccp/ccids/ccid2.c | 6 ++- net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv6/mcast.c | 9 ++-- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +-- net/l2tp/l2tp_core.c | 2 +- net/llc/llc_core.c | 4 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +-- net/packet/af_packet.c | 10 ++-- net/sched/cls_tcindex.c | 8 ++- net/vmw_vsock/af_vsock.c | 15 +++--- net/vmw_vsock/vmci_transport.c | 3 +- net/xfrm/xfrm_user.c | 8 +-- security/smack/smack_lsm.c | 1 + sound/core/memalloc.c | 8 +-- sound/core/seq/seq_virmidi.c | 10 ++++ sound/pci/cs5535audio/cs5535audio.h | 6 +-- sound/pci/cs5535audio/cs5535audio_pcm.c | 4 +- sound/pci/vx222/vx222_ops.c | 8 +-- sound/pcmcia/vx/vxp_ops.c | 10 ++-- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/testing/selftests/sync/config | 4 ++ 67 files changed, 316 insertions(+), 129 deletions(-)

6 years, 10 months

4
57
0 0

Re: [PATCH v2 0/2] x86/xen: avoid 32-bit writes to PTEs in PV PAE guests

by Boris Ostrovsky

On 08/21/2018 11:37 AM, Juergen Gross wrote: > While the hypervisor emulates plain writes to PTEs happily, this is > much slower than issuing a hypercall for PTE modifcations. And writing > a PTE via two 32-bit write instructions (especially when clearing the > PTE) will result in an intermediate L1TF vulnerable PTE. > > Writes to PAE PTEs should always be done with 64-bit writes or via > hypercalls. > > Juergen Gross (2): > x86/xen: don't write ptes directly in 32-bit PV guests > x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear > > arch/x86/include/asm/pgtable-3level.h | 7 +++---- > arch/x86/xen/mmu_pv.c | 7 +++---- > 2 files changed, 6 insertions(+), 8 deletions(-) > Applied to for-linus-19b. (+stable.) -boris

6 years, 10 months

1
0
0 0

request for 4.14-stable: 98112041bcca ("usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during suspend/resume")

by Sudip Mukherjee

Hi Greg, This was missing in 4.14-stable. Please apply to your queue. -- Regards Sudip

6 years, 10 months

1
0
0 0

request for 4.14-stable: 01cffe9ded15 ("HID: add quirk for another PIXART OEM mouse used by HP")

by Sudip Mukherjee

Hi Greg, This was missing in 4.14-stable. Please apply to your queue. -- Regards Sudip

6 years, 10 months

1
0
0 0

request for 4.14-stable: 77dd66a3c67c ("mm: Fix devm_memremap_pages() collision handling")

by Sudip Mukherjee

Hi Greg, This was missing in 4.14-stable. Please apply to your queue. -- Regards Sudip

6 years, 10 months

1
0
0 0

[PATCH] ext4: avoid buffer overrun when deleting inline directories

by Theodore Ts'o

A specially crafted file system can trick empty_inline_dir() into reading beyond the bounds of inline directory. Fix this by using the size of the inline directory instead of dir->i_size. Also clean up error reporting in __ext4_check_dir_entry so that the message is clearer and more understandable --- and avoids a potential division by zero trap if the size passed in is zero. (I'm not sure why we coded it that way in the first place; printing offset % size is actually more confusing and less useful.) https://bugzilla.kernel.org/show_bug.cgi?id=200933 Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Reported-by: Wen Xu <wen.xu(a)gatech.edu> Cc: stable(a)vger.kernel.org --- fs/ext4/dir.c | 20 +++++++++----------- fs/ext4/inline.c | 4 +++- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c index e2902d394f1b..f93f9881ec18 100644 --- a/fs/ext4/dir.c +++ b/fs/ext4/dir.c @@ -76,7 +76,7 @@ int __ext4_check_dir_entry(const char *function, unsigned int line, else if (unlikely(rlen < EXT4_DIR_REC_LEN(de->name_len))) error_msg = "rec_len is too small for name_len"; else if (unlikely(((char *) de - buf) + rlen > size)) - error_msg = "directory entry across range"; + error_msg = "directory entry overrun"; else if (unlikely(le32_to_cpu(de->inode) > le32_to_cpu(EXT4_SB(dir->i_sb)->s_es->s_inodes_count))) error_msg = "inode out of bounds"; @@ -85,18 +85,16 @@ int __ext4_check_dir_entry(const char *function, unsigned int line, if (filp) ext4_error_file(filp, function, line, bh->b_blocknr, - "bad entry in directory: %s - offset=%u(%u), " - "inode=%u, rec_len=%d, name_len=%d", - error_msg, (unsigned) (offset % size), - offset, le32_to_cpu(de->inode), - rlen, de->name_len); + "bad entry in directory: %s - offset=%u, " + "inode=%u, rec_len=%d, name_len=%d, size=%d", + error_msg, offset, le32_to_cpu(de->inode), + rlen, de->name_len, size); else ext4_error_inode(dir, function, line, bh->b_blocknr, - "bad entry in directory: %s - offset=%u(%u), " - "inode=%u, rec_len=%d, name_len=%d", - error_msg, (unsigned) (offset % size), - offset, le32_to_cpu(de->inode), - rlen, de->name_len); + "bad entry in directory: %s - offset=%u, " + "inode=%u, rec_len=%d, name_len=%d, size=%d", + error_msg, offset, le32_to_cpu(de->inode), + rlen, de->name_len, size); return 1; } diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c index 3543fe80a3c4..7b4736022761 100644 --- a/fs/ext4/inline.c +++ b/fs/ext4/inline.c @@ -1753,6 +1753,7 @@ bool empty_inline_dir(struct inode *dir, int *has_inline_data) { int err, inline_size; struct ext4_iloc iloc; + size_t inline_len; void *inline_pos; unsigned int offset; struct ext4_dir_entry_2 *de; @@ -1780,8 +1781,9 @@ bool empty_inline_dir(struct inode *dir, int *has_inline_data) goto out; } + inline_len = ext4_get_inline_size(dir); offset = EXT4_INLINE_DOTDOT_SIZE; - while (offset < dir->i_size) { + while (offset < inline_len) { de = ext4_get_inline_entry(dir, &iloc, offset, &inline_pos, &inline_size); if (ext4_check_dir_entry(dir, NULL, de, -- 2.18.0.rc0

6 years, 10 months

1
0
0 0

Managed Service Providers (MSPs)

by page.brooks＠sharedstrikes.com

Hi, I just wanted to check if you would be interested in a list of Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs)? We also have the data intelligence of: • Managed Service Providers (MSP’s) • Managed Security Service Providers (MSSP’s • IT Decision Makers – 6million across all industry • Business Decision Makers – 10 million across all industry • Value Added Resellers- VARs • Independent Software Vendors- ISVs • System Integrators- SIs • VoIP Service Providers. • Telecommunications Service Providers (TSPs) • Application Service Providers (ASPs) • IT Managed Services Providers (ITMSP) • Storage Service Providers (SSPs) Kindly review and let me know if I can share more information on this. I look forward to hearing from you. Regards, Page Brooks Marketing Specialist If you don't want to include yourself in our mailing list, please reply back “Leave Out" in a subject line

6 years, 10 months

1
0
0 0

[PATCH 2/2] x86/kvm: use __decrypted attribute when declaring shared variables

by Brijesh Singh

The following commit: 368a540e0232 (x86/kvmclock: Remove memblock dependency) caused SEV guest regression. When SEV is active, we map the shared variables (wall_clock and hv_clock_boot) with C=0 to ensure that both the guest and the hypervisor is able to access the data. To map the variables we use kernel_physical_mapping_init() to split the large pages, but this routine fails to allocate a new page. Before the above commit, kvmclock initialization was called after memory allocator was available but now its called very early in the boot process. Recently we added a special .data..decrypted section to hold the shared variables. This section is mapped with C=0 very early. Use __decrypted attribute to put the wall_clock and hv_clock_boot in .data..decrypted section so that they are mapped with C=0. Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com> Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency") Cc: stable(a)vger.kernel.org Cc: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: kvm(a)vger.kernel.org Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)suse.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: linux-kernel(a)vger.kernel.org Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sean Christopherson <sean.j.christopherson(a)intel.com> Cc: "Radim Krčmář" <rkrcmar(a)redhat.com> --- arch/x86/kernel/kvmclock.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c index 1e67646..ae9188a 100644 --- a/arch/x86/kernel/kvmclock.c +++ b/arch/x86/kernel/kvmclock.c @@ -28,6 +28,7 @@ #include <linux/sched/clock.h> #include <linux/mm.h> #include <linux/slab.h> +#include <linux/set_memory.h> #include <asm/hypervisor.h> #include <asm/mem_encrypt.h> @@ -61,8 +62,8 @@ early_param("no-kvmclock-vsyscall", parse_no_kvmclock_vsyscall); (PAGE_SIZE / sizeof(struct pvclock_vsyscall_time_info)) static struct pvclock_vsyscall_time_info - hv_clock_boot[HVC_BOOT_ARRAY_SIZE] __aligned(PAGE_SIZE); -static struct pvclock_wall_clock wall_clock; + hv_clock_boot[HVC_BOOT_ARRAY_SIZE] __decrypted __aligned(PAGE_SIZE); +static struct pvclock_wall_clock wall_clock __decrypted; static DEFINE_PER_CPU(struct pvclock_vsyscall_time_info *, hv_clock_per_cpu); static inline struct pvclock_vcpu_time_info *this_cpu_pvti(void) @@ -267,10 +268,25 @@ static int kvmclock_setup_percpu(unsigned int cpu) return 0; /* Use the static page for the first CPUs, allocate otherwise */ - if (cpu < HVC_BOOT_ARRAY_SIZE) + if (cpu < HVC_BOOT_ARRAY_SIZE) { p = &hv_clock_boot[cpu]; - else - p = kzalloc(sizeof(*p), GFP_KERNEL); + } else { + int rc; + unsigned int sz = sizeof(*p); + + if (sev_active()) + sz = PAGE_ALIGN(sz); + + p = kzalloc(sz, GFP_KERNEL); + + /* When SEV is active the hv_clock need to be mapped as decrypted. */ + if (p && sev_active()) { + rc = set_memory_decrypted((unsigned long)p, sz >> PAGE_SHIFT); + if (rc) + return rc; + memset(p, 0, sz); + } + } per_cpu(hv_clock_per_cpu, cpu) = p; return p ? 0 : -ENOMEM; -- 2.7.4

6 years, 10 months

1
0
0 0

[PATCH v2 9/9] power: supply: twl4030-charger: fix OF sibling-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the usb sibling node instead of using of_find_compatible_node(), which searches the entire tree from a given start node and thus can return an unrelated (non-sibling) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent device node). While at it, also fix the related phy-node reference leak. Fixes: f5e4edb8c888 ("power: twl4030_charger: find associated phy by more reliable means.") Cc: stable <stable(a)vger.kernel.org> # 4.2 Cc: NeilBrown <neilb(a)suse.de> Cc: Felipe Balbi <felipe.balbi(a)linux.intel.com> Cc: Sebastian Reichel <sre(a)kernel.org> Reviewed-by: Sebastian Reichel <sre(a)kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/power/supply/twl4030_charger.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/twl4030_charger.c b/drivers/power/supply/twl4030_charger.c index bbcaee56db9d..b6a7d9f74cf3 100644 --- a/drivers/power/supply/twl4030_charger.c +++ b/drivers/power/supply/twl4030_charger.c @@ -996,12 +996,13 @@ static int twl4030_bci_probe(struct platform_device *pdev) if (bci->dev->of_node) { struct device_node *phynode; - phynode = of_find_compatible_node(bci->dev->of_node->parent, - NULL, "ti,twl4030-usb"); + phynode = of_get_compatible_child(bci->dev->of_node->parent, + "ti,twl4030-usb"); if (phynode) { bci->usb_nb.notifier_call = twl4030_bci_usb_ncb; bci->transceiver = devm_usb_get_phy_by_node( bci->dev, phynode, &bci->usb_nb); + of_node_put(phynode); if (IS_ERR(bci->transceiver)) { ret = PTR_ERR(bci->transceiver); if (ret == -EPROBE_DEFER) -- 2.18.0

6 years, 10 months

1
0
0 0

[PATCH v2 8/9] NFC: nfcmrvl_uart: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the nfc child node instead of using of_find_compatible_node(), which searches the entire tree from a given start node and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent node). Fixes: e097dc624f78 ("NFC: nfcmrvl: add UART driver") Fixes: d8e018c0b321 ("NFC: nfcmrvl: update device tree bindings for Marvell NFC") Cc: stable <stable(a)vger.kernel.org> # 4.2 Cc: Vincent Cuissard <cuissard(a)marvell.com> Cc: Samuel Ortiz <sameo(a)linux.intel.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/nfc/nfcmrvl/uart.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/nfc/nfcmrvl/uart.c b/drivers/nfc/nfcmrvl/uart.c index 91162f8e0366..9a22056e8d9e 100644 --- a/drivers/nfc/nfcmrvl/uart.c +++ b/drivers/nfc/nfcmrvl/uart.c @@ -73,10 +73,9 @@ static int nfcmrvl_uart_parse_dt(struct device_node *node, struct device_node *matched_node; int ret; - matched_node = of_find_compatible_node(node, NULL, "marvell,nfc-uart"); + matched_node = of_get_compatible_child(node, "marvell,nfc-uart"); if (!matched_node) { - matched_node = of_find_compatible_node(node, NULL, - "mrvl,nfc-uart"); + matched_node = of_get_compatible_child(node, "mrvl,nfc-uart"); if (!matched_node) return -ENODEV; } -- 2.18.0

6 years, 10 months

1
0
0 0

[PATCH v2 3/9] drm/msm: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the legacy pwrlevels child node instead of using of_find_compatible_node(), which searches the entire tree from a given start node and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the probed device's node). While at it, also fix the related child-node reference leak. Fixes: e2af8b6b0ca1 ("drm/msm: gpu: Use OPP tables if we can") Cc: stable <stable(a)vger.kernel.org> # 4.12 Cc: Jordan Crouse <jcrouse(a)codeaurora.org> Cc: Rob Clark <robdclark(a)gmail.com> Cc: David Airlie <airlied(a)linux.ie> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/msm/adreno/adreno_gpu.c b/drivers/gpu/drm/msm/adreno/adreno_gpu.c index da1363a0c54d..93d70f4a2154 100644 --- a/drivers/gpu/drm/msm/adreno/adreno_gpu.c +++ b/drivers/gpu/drm/msm/adreno/adreno_gpu.c @@ -633,8 +633,7 @@ static int adreno_get_legacy_pwrlevels(struct device *dev) struct device_node *child, *node; int ret; - node = of_find_compatible_node(dev->of_node, NULL, - "qcom,gpu-pwrlevels"); + node = of_get_compatible_child(dev->of_node, "qcom,gpu-pwrlevels"); if (!node) { dev_err(dev, "Could not find the GPU powerlevels\n"); return -ENXIO; @@ -655,6 +654,8 @@ static int adreno_get_legacy_pwrlevels(struct device *dev) dev_pm_opp_add(dev, val, 0); } + of_node_put(node); + return 0; } -- 2.18.0

6 years, 10 months

1
0
0 0

[PATCH v2 2/9] drm/mediatek: fix OF sibling-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the sibling instead of using of_find_compatible_node(), which searches the entire tree from a given start node and thus can return an unrelated (i.e. non-sibling) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the parent device node). While at it, also fix the related cec-node reference leak. Fixes: 8f83f26891e1 ("drm/mediatek: Add HDMI support") Cc: stable <stable(a)vger.kernel.org> # 4.8 Cc: Junzhi Zhao <junzhi.zhao(a)mediatek.com> Cc: Philipp Zabel <p.zabel(a)pengutronix.de> Cc: CK Hu <ck.hu(a)mediatek.com> Cc: David Airlie <airlied(a)linux.ie> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/mediatek/mtk_hdmi.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/mediatek/mtk_hdmi.c b/drivers/gpu/drm/mediatek/mtk_hdmi.c index 2d45d1dd9554..643f5edd68fe 100644 --- a/drivers/gpu/drm/mediatek/mtk_hdmi.c +++ b/drivers/gpu/drm/mediatek/mtk_hdmi.c @@ -1446,8 +1446,7 @@ static int mtk_hdmi_dt_parse_pdata(struct mtk_hdmi *hdmi, } /* The CEC module handles HDMI hotplug detection */ - cec_np = of_find_compatible_node(np->parent, NULL, - "mediatek,mt8173-cec"); + cec_np = of_get_compatible_child(np->parent, "mediatek,mt8173-cec"); if (!cec_np) { dev_err(dev, "Failed to find CEC node\n"); return -EINVAL; @@ -1457,8 +1456,10 @@ static int mtk_hdmi_dt_parse_pdata(struct mtk_hdmi *hdmi, if (!cec_pdev) { dev_err(hdmi->dev, "Waiting for CEC device %pOF\n", cec_np); + of_node_put(cec_np); return -EPROBE_DEFER; } + of_node_put(cec_np); hdmi->cec_dev = &cec_pdev->dev; /* -- 2.18.0

6 years, 10 months

1
0
0 0

[PATCH v3] EDAC, amd64: Add Family 17h Model 10h support.

by Michael Jin

Add new device IDs for family 17h models 10h-2fh. This is required by amd64_edac_mod in order to properly detect PCI device functions 0 and 6. Link: https://lkml.kernel.org/r/20180815114107.29797-1-mikhail.jin@gmail.com Cc: <stable(a)vger.kernel.org> # 4.10.x Signed-off-by: Michael Jin <mikhail.jin(a)gmail.com> --- drivers/edac/amd64_edac.c | 14 ++++++++++++++ drivers/edac/amd64_edac.h | 3 +++ 2 files changed, 17 insertions(+) diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c index 18aeabb1d5ee..e2addb2bca29 100644 --- a/drivers/edac/amd64_edac.c +++ b/drivers/edac/amd64_edac.c @@ -2200,6 +2200,15 @@ static struct amd64_family_type family_types[] = { .dbam_to_cs = f17_base_addr_to_cs_size, } }, + [F17_M10H_CPUS] = { + .ctl_name = "F17h_M10h", + .f0_id = PCI_DEVICE_ID_AMD_17H_M10H_DF_F0, + .f6_id = PCI_DEVICE_ID_AMD_17H_M10H_DF_F6, + .ops = { + .early_channel_count = f17_early_channel_count, + .dbam_to_cs = f17_base_addr_to_cs_size, + } + }, }; /* @@ -3188,6 +3197,11 @@ static struct amd64_family_type *per_family_init(struct amd64_pvt *pvt) break; case 0x17: + if (pvt->model >= 0x10 && pvt->model <= 0x2f) { + fam_type = &family_types[F17_M10H_CPUS]; + pvt->ops = &family_types[F17_M10H_CPUS].ops; + break; + } fam_type = &family_types[F17_CPUS]; pvt->ops = &family_types[F17_CPUS].ops; break; diff --git a/drivers/edac/amd64_edac.h b/drivers/edac/amd64_edac.h index 1d4b74e9a037..4242f8e39c18 100644 --- a/drivers/edac/amd64_edac.h +++ b/drivers/edac/amd64_edac.h @@ -115,6 +115,8 @@ #define PCI_DEVICE_ID_AMD_16H_M30H_NB_F2 0x1582 #define PCI_DEVICE_ID_AMD_17H_DF_F0 0x1460 #define PCI_DEVICE_ID_AMD_17H_DF_F6 0x1466 +#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F0 0x15e8 +#define PCI_DEVICE_ID_AMD_17H_M10H_DF_F6 0x15ee /* * Function 1 - Address Map @@ -281,6 +283,7 @@ enum amd_families { F16_CPUS, F16_M30H_CPUS, F17_CPUS, + F17_M10H_CPUS, NUM_FAMILIES, }; -- 2.14.3 (Apple Git-98)

6 years, 10 months

3
4
0 0

Backport e666d4e9ceec crypto: vmx - Use skcipher for ctr fallback

by Petr Vorel

Hi, I wonder, it it makes sense to backport commit e666d4e9ceec crypto: vmx - Use skcipher for ctr fallback to v 4.14 stable kernel. I'm using it in 4.12+. These commits (somehow similar) has been backported to 4.10.2: 5839f555fa57 crypto: vmx - Use skcipher for xts fallback c96d0a1c47ab crypto: vmx - Use skcipher for cbc fallback Kind regards, Petr

6 years, 10 months

3
4
0 0

[PATCH 1/3] drm/i915: Handle incomplete Z_FINISH for compressed error states

by Chris Wilson

The final call to zlib_deflate(Z_FINISH) may require more output space to be allocated and so needs to re-invoked. Failure to do so in the current code leads to incomplete zlib streams (albeit intact due to the use of Z_SYNC_FLUSH) resulting in the occasional short object capture. Testcase: igt/i915-error-capture.js Fixes: 0a97015d45ee ("drm/i915: Compress GPU objects in error state") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v4.10+ --- drivers/gpu/drm/i915/i915_gpu_error.c | 60 +++++++++++++++++++++------ 1 file changed, 47 insertions(+), 13 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index f7f2aa71d8d9..2eb26ea38d7c 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -237,6 +237,7 @@ static int compress_page(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; + int flush = Z_NO_FLUSH; zstream->next_in = src; if (c->tmp && i915_memcpy_from_wc(c->tmp, src, PAGE_SIZE)) @@ -257,8 +258,11 @@ static int compress_page(struct compress *c, zstream->avail_out = PAGE_SIZE; } - if (zlib_deflate(zstream, Z_SYNC_FLUSH) != Z_OK) + if (zlib_deflate(zstream, flush) != Z_OK) return -EIO; + + if (zstream->avail_out) + flush = Z_SYNC_FLUSH; } while (zstream->avail_in); /* Fallback to uncompressed if we increase size? */ @@ -268,19 +272,43 @@ static int compress_page(struct compress *c, return 0; } -static void compress_fini(struct compress *c, +static int compress_flush(struct compress *c, struct drm_i915_error_object *dst) { struct z_stream_s *zstream = &c->zstream; + unsigned long page; - if (dst) { - zlib_deflate(zstream, Z_FINISH); - dst->unused = zstream->avail_out; - } + do { + switch (zlib_deflate(zstream, Z_FINISH)) { + case Z_OK: /* more space requested */ + page = __get_free_page(GFP_ATOMIC | __GFP_NOWARN); + if (!page) + return -ENOMEM; + + dst->pages[dst->page_count++] = (void *)page; + zstream->next_out = (void *)page; + zstream->avail_out = PAGE_SIZE; + break; + case Z_STREAM_END: + goto end; + default: /* any error */ + return -EIO; + } + } while (1); + +end: + memset(zstream->next_out, 0, zstream->avail_out); + dst->unused = zstream->avail_out; + return 0; +} + +static void compress_fini(struct compress *c, + struct drm_i915_error_object *dst) +{ + struct z_stream_s *zstream = &c->zstream; zlib_deflateEnd(zstream); kfree(zstream->workspace); - if (c->tmp) free_page((unsigned long)c->tmp); } @@ -319,6 +347,12 @@ static int compress_page(struct compress *c, return 0; } +static int compress_flush(struct compress *c, + struct drm_i915_error_object *dst) +{ + return 0; +} + static void compress_fini(struct compress *c, struct drm_i915_error_object *dst) { @@ -951,15 +985,15 @@ i915_error_object_create(struct drm_i915_private *i915, if (ret) goto unwind; } - goto out; + if (compress_flush(&compress, dst)) { unwind: - while (dst->page_count--) - free_page((unsigned long)dst->pages[dst->page_count]); - kfree(dst); - dst = NULL; + while (dst->page_count--) + free_page((unsigned long)dst->pages[dst->page_count]); + kfree(dst); + dst = NULL; + } -out: compress_fini(&compress, dst); ggtt->vm.clear_range(&ggtt->vm, slot, PAGE_SIZE); return dst; -- 2.18.0

6 years, 10 months

1
0
0 0

request for 4.14-stable: cd8ddbf7a5e2 ("lightnvm: pblk: free padded entries in write buffer")

by Sudip Mukherjee

Hi Greg, This was not marked for stable but seems it should be. Please apply to your queue. -- Regards Sudip

6 years, 10 months

1
0
0 0

request for 4.14-stable: 295d6d5e3736 ("sched/deadline: Fix switching to -deadline")

by Sudip Mukherjee

Hi Greg, This was not marked for stable but seems it should be. Please apply to your queue. -- Regards Sudip

6 years, 10 months

1
0
0 0

Re: Patch "usb: gadget: u_audio: protect stream runtime fields with stream spinlock" has been added to the 4.14-stable tree

by Vladimir Zapolskiy

Hi Greg, On 08/26/2018 10:14 AM, gregkh(a)linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > usb: gadget: u_audio: protect stream runtime fields with stream spinlock > > to the 4.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > usb-gadget-u_audio-protect-stream-runtime-fields-with-stream-spinlock.patch > and it can be found in the queue-4.14 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > From foo@baz Sun Aug 26 09:13:00 CEST 2018 > From: Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> > Date: Thu, 21 Jun 2018 17:22:52 +0200 > Subject: usb: gadget: u_audio: protect stream runtime fields with stream spinlock > > From: Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> > > [ Upstream commit 56bc61587daadef67712068f251c4ef2e3932d94 ] > > The change protects almost the whole body of u_audio_iso_complete() > function by PCM stream lock, this is mainly sufficient to avoid a race > between USB request completion and stream termination, the change > prevents a possibility of invalid memory access in interrupt context > by memcpy(): > > Unable to handle kernel paging request at virtual address 00004e80 > pgd = c0004000 > [00004e80] *pgd=00000000 > Internal error: Oops: 817 [#1] PREEMPT SMP ARM > CPU: 0 PID: 3 Comm: ksoftirqd/0 Tainted: G C 3.14.54+ #117 > task: da180b80 ti: da192000 task.ti: da192000 > PC is at memcpy+0x50/0x330 > LR is at 0xcdd92b0e > pc : [<c029ef30>] lr : [<cdd92b0e>] psr: 20000193 > sp : da193ce4 ip : dd86ae26 fp : 0000b180 > r10: daf81680 r9 : 00000000 r8 : d58a01ea > r7 : 2c0b43e4 r6 : acdfb08b r5 : 01a271cf r4 : 87389377 > r3 : 69469782 r2 : 00000020 r1 : daf82fe0 r0 : 00004e80 > Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment kernel > Control: 10c5387d Table: 2b70804a DAC: 00000015 > Process ksoftirqd/0 (pid: 3, stack limit = 0xda192238) > > Also added a check for potential !runtime condition, commonly it is > done by PCM_RUNTIME_CHECK(substream) in the beginning, however this > does not completely prevent from oopses in u_audio_iso_complete(), > because the proper protection scheme must be implemented in PCM > library functions. > > An example of *not fixed* oops due to substream->runtime->* > dereference by snd_pcm_running(substream) from > snd_pcm_period_elapsed(), where substream->runtime is gone while > waiting the substream lock: > > Unable to handle kernel paging request at virtual address 6b6b6b6b > pgd = db7e4000 > [6b6b6b6b] *pgd=00000000 > CPU: 0 PID: 193 Comm: klogd Tainted: G C 3.14.54+ #118 > task: db5ac500 ti: db60c000 task.ti: db60c000 > PC is at snd_pcm_period_elapsed+0x48/0xd8 [snd_pcm] > LR is at snd_pcm_period_elapsed+0x40/0xd8 [snd_pcm] > pc : [<>] lr : [<>] psr: 60000193 > Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user > Control: 10c5387d Table: 2b7e404a DAC: 00000015 > Process klogd (pid: 193, stack limit = 0xdb60c238) > [<>] (snd_pcm_period_elapsed [snd_pcm]) from [<>] (udc_irq+0x500/0xbbc) > [<>] (udc_irq) from [<>] (ci_irq+0x280/0x304) > [<>] (ci_irq) from [<>] (handle_irq_event_percpu+0xa4/0x40c) > [<>] (handle_irq_event_percpu) from [<>] (handle_irq_event+0x3c/0x5c) > [<>] (handle_irq_event) from [<>] (handle_fasteoi_irq+0xc4/0x110) > [<>] (handle_fasteoi_irq) from [<>] (generic_handle_irq+0x20/0x30) > [<>] (generic_handle_irq) from [<>] (handle_IRQ+0x80/0xc0) > [<>] (handle_IRQ) from [<>] (gic_handle_irq+0x3c/0x60) > [<>] (gic_handle_irq) from [<>] (__irq_svc+0x44/0x78) > > Signed-off-by: Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> > [erosca: W/o this patch, with minimal instrumentation [1], I can > consistently reproduce BUG: KASAN: use-after-free [2]] > > [1] Instrumentation to reproduce issue [2]: > diff --git a/drivers/usb/gadget/function/u_audio.c b/drivers/usb/gadget/function/u_audio.c > index a72295c953bb..bd0b308024fe 100644 > --- a/drivers/usb/gadget/function/u_audio.c > +++ b/drivers/usb/gadget/function/u_audio.c > @@ -16,6 +16,7 @@ > #include <sound/core.h> > #include <sound/pcm.h> > #include <sound/pcm_params.h> > +#include <linux/delay.h> > > #include "u_audio.h" > > @@ -147,6 +148,8 @@ static void u_audio_iso_complete(struct usb_ep *ep, struct usb_request *req) > > spin_unlock_irqrestore(&prm->lock, flags); > > + udelay(500); //delay here to increase probability of parallel activities > + > /* Pack USB load in ALSA ring buffer */ > pending = prm->dma_bytes - hw_ptr; > > [2] After applying [1], below BUG occurs on Rcar-H3-Salvator-X board: > ================================================================== > BUG: KASAN: use-after-free in u_audio_iso_complete+0x24c/0x520 [u_audio] > Read of size 8 at addr ffff8006cafcc248 by task swapper/0/0 > > CPU: 0 PID: 0 Comm: swapper/0 Tainted: G WC 4.14.47+ #160 > Hardware name: Renesas Salvator-X board based on r8a7795 ES2.0+ (DT) > Call trace: > [<ffff2000080925ac>] dump_backtrace+0x0/0x364 > [<ffff200008092924>] show_stack+0x14/0x1c > [<ffff200008f8dbcc>] dump_stack+0x108/0x174 > [<ffff2000083c71b8>] print_address_description+0x7c/0x32c > [<ffff2000083c78e8>] kasan_report+0x324/0x354 > [<ffff2000083c6114>] __asan_load8+0x24/0x94 > [<ffff2000021d1b34>] u_audio_iso_complete+0x24c/0x520 [u_audio] > [<ffff20000152fe50>] usb_gadget_giveback_request+0x480/0x4d0 [udc_core] > [<ffff200001860ab8>] usbhsg_queue_done+0x100/0x130 [renesas_usbhs] > [<ffff20000185f814>] usbhsf_pkt_handler+0x1a4/0x298 [renesas_usbhs] > [<ffff20000185fb38>] usbhsf_irq_ready+0x128/0x178 [renesas_usbhs] > [<ffff200001859cc8>] usbhs_interrupt+0x440/0x490 [renesas_usbhs] > [<ffff2000081a0288>] __handle_irq_event_percpu+0x594/0xa58 > [<ffff2000081a07d0>] handle_irq_event_percpu+0x84/0x12c > [<ffff2000081a0928>] handle_irq_event+0xb0/0x10c > [<ffff2000081a8384>] handle_fasteoi_irq+0x1e0/0x2ec > [<ffff20000819e5f8>] generic_handle_irq+0x2c/0x44 > [<ffff20000819f0d0>] __handle_domain_irq+0x190/0x194 > [<ffff20000808177c>] gic_handle_irq+0x80/0xac > Exception stack(0xffff200009e97c80 to 0xffff200009e97dc0) > 7c80: 0000000000000000 0000000000000000 0000000000000003 ffff200008179298 > 7ca0: ffff20000ae1c180 dfff200000000000 0000000000000000 ffff2000081f9a88 > 7cc0: ffff200009eb5960 ffff200009e97cf0 0000000000001600 ffff0400041b064b > 7ce0: 0000000000000000 0000000000000002 0000000200000001 0000000000000001 > 7d00: ffff20000842197c 0000ffff958c4970 0000000000000000 ffff8006da0d5b80 > 7d20: ffff8006d4678498 0000000000000000 000000126bde0a8b ffff8006d4678480 > 7d40: 0000000000000000 000000126bdbea64 ffff200008fd0000 ffff8006fffff980 > 7d60: 00000000495f0018 ffff200009e97dc0 ffff200008b6c4ec ffff200009e97dc0 > 7d80: ffff200008b6c4f0 0000000020000145 ffff8006da0d5b80 ffff8006d4678498 > 7da0: ffffffffffffffff ffff8006d4678498 ffff200009e97dc0 ffff200008b6c4f0 > [<ffff200008084034>] el1_irq+0xb4/0x12c > [<ffff200008b6c4f0>] cpuidle_enter_state+0x818/0x844 > [<ffff200008b6c59c>] cpuidle_enter+0x18/0x20 > [<ffff20000815f2e4>] call_cpuidle+0x98/0x9c > [<ffff20000815f674>] do_idle+0x214/0x264 > [<ffff20000815facc>] cpu_startup_entry+0x20/0x24 > [<ffff200008fb09d8>] rest_init+0x30c/0x320 > [<ffff2000095f1338>] start_kernel+0x570/0x5b0 > ---<-snip->--- > > Fixes: 132fcb460839 ("usb: gadget: Add Audio Class 2.0 Driver") > Signed-off-by: Eugeniu Rosca <erosca(a)de.adit-jv.com> > > Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com> > > Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > drivers/usb/gadget/function/u_audio.c | 13 ++++++++++++- > 1 file changed, 12 insertions(+), 1 deletion(-) > > --- a/drivers/usb/gadget/function/u_audio.c > +++ b/drivers/usb/gadget/function/u_audio.c > @@ -25,6 +25,7 @@ > #include <sound/core.h> > #include <sound/pcm.h> > #include <sound/pcm_params.h> > +#include <linux/delay.h> > See a comment below... > #include "u_audio.h" > > @@ -88,7 +89,7 @@ static const struct snd_pcm_hardware uac > static void u_audio_iso_complete(struct usb_ep *ep, struct usb_request *req) > { > unsigned pending; > - unsigned long flags; > + unsigned long flags, flags2; > unsigned int hw_ptr; > int status = req->status; > struct uac_req *ur = req->context; > @@ -115,7 +116,14 @@ static void u_audio_iso_complete(struct > if (!substream) > goto exit; > > + snd_pcm_stream_lock_irqsave(substream, flags2); > + > runtime = substream->runtime; > + if (!runtime || !snd_pcm_running(substream)) { > + snd_pcm_stream_unlock_irqrestore(substream, flags2); > + goto exit; > + } > + > spin_lock_irqsave(&prm->lock, flags); > > if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) { > @@ -146,6 +154,8 @@ static void u_audio_iso_complete(struct > > spin_unlock_irqrestore(&prm->lock, flags); > > + udelay(500); //delay here to increase probability of parallel activities > + ^^^^^ That part of the change came from the commit message, it just describes instrumentation, and adding it to the change itself is wrong. Note that the source commit 56bc61587daad does not have such issue. -- Best wishes, Vladimir

6 years, 10 months

2
1
0 0

request for 4.4-stable: 56656e960b555 ("ovl: rename is_merge to is_lowest")

by SZ Lin (林上智)

Hi Greg, This patch is not marked for 4.4-stable, but it's already in 4.9 and 4.14 stable. This is a trivial rename patch, but the naming would be more logical and makes backports easier. Please consider to apply this patch to 4.4-stable. -- SZ Lin (林上智)

6 years, 10 months

3
3
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit ea101a702611f987c937a5fafe00f714fd9c1fe8: Linux 4.9.122 (2018-08-18 10:47:20 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-14082018 for you to fetch changes up to 9e73bb5b6b5317c1a0b3d722e36d306a5f7b5d1e: mm/memory.c: check return value of ioremap_prot (2018-08-18 10:17:02 -0400) - ---------------------------------------------------------------- for-greg-4.9-14082018 - ---------------------------------------------------------------- Aleksander Morgado (1): qmi_wwan: fix interface number for DW5821e production firmware Alexander Sverdlin (1): i2c: davinci: Avoid zero value of CLKH Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Bernd Edlinger (1): nl80211: Add a missing break in parse_station_flags Calvin Walton (1): tools/power turbostat: Read extended processor family from CPUID Colin Ian King (1): drivers: net: lmc: fix case value for target abort error Cong Wang (1): vsock: split dwork to avoid reinitializations Daniel Borkmann (1): bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd Eric Dumazet (1): xfrm_user: prevent leaking 2 bytes of kernel memory Eugeniu Rosca (1): usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' Eyal Birger (1): vti6: fix PMTU caching and reporting on xmit Florian Westphal (3): xfrm: free skb if nlsk pointer is NULL netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state atl1c: reserve min skb headroom Govindarajulu Varadarajan (1): enic: handle mtu change for vf properly Guenter Roeck (1): media: staging: omap4iss: Include asm/cacheflush.h after generic includes Jia-Ju Bai (2): usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() Jim Gill (1): scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED Johannes Thumshirn (2): scsi: fcoe: drop frames in ELS LOGO error path scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO Kees Cook (1): x86/boot: Fix if_changed build flip/flop bug Kiran Kumar Modukuri (3): fscache: Allow cancelled operations to be enqueued cachefiles: Fix refcounting bug in backing-file read monitoring cachefiles: Wait rather than BUG'ing on "Unexpected object collision" Kirill Tkhai (1): memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure Len Brown (1): tools/power turbostat: fix -S on UP systems Li Wang (1): zswap: re-check zswap_is_full() after do zswap_shrink() Linus Torvalds (1): squashfs metadata 2: electric boogaloo Lucas Stach (2): drm/imx: imx-ldb: disable LDB on driver bind drm/imx: imx-ldb: check if channel is enabled before printing warning Masami Hiramatsu (1): selftests/ftrace: Add snapshot and tracing_on test case Nicholas Mc Guire (2): drm: re-enable error handling can: mpc5xxx_can: check of_iomap return before use Peter Senna Tschudin (1): tools: usb: ffs-test: Fix build on big endian systems Phillip Lougher (1): Squashfs: Compute expected length from inode size rather than block length RafaÅ‚ MiÅ‚ecki (1): Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" Randy Dunlap (5): usb/phy: fix PPC64 build errors in phy-fsl-usb.c net: prevent ISA drivers from building on PPC32 arc: [plat-eznps] fix data type errors in platform headers arc: fix build errors in arc/include/asm/delay.h arc: fix type warnings in arc/mm/cache.c Sean Paul (1): drm/bridge: adv7511: Reset registers on hotplug Shubhrajyoti Datta (1): net: axienet: Fix double deregister of mdio Sudarsana Reddy Kalluru (3): qed: Fix possible race for the link state value. qed: Correct Multicast API to reflect existence of 256 approximate buckets. bnx2x: Fix invalid memory access in rss hash config path. Thomas Gleixner (1): perf/x86/amd/ibs: Don't access non-started event Tommi Rantala (1): xfrm: fix missing dst_release() after policy blocking lbcast and multicast Varun Prakash (1): scsi: libiscsi: fix possible NULL pointer dereference in case of TMF Willem de Bruijn (1): packet: refine ring v3 block size test to hold one frame Xin Long (1): ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit YueHaibing (1): net: caif: Add a missing rcu_read_unlock() in caif_flow_cb jie@chenjie6@huwei.com (1): mm/memory.c: check return value of ioremap_prot mpubbise(a)codeaurora.org (1): mac80211: add stations tied to AP_VLANs during hw reconfig arch/arc/include/asm/delay.h | 3 + arch/arc/mm/cache.c | 7 +- arch/arc/plat-eznps/include/plat/ctop.h | 1 + arch/mips/bcm47xx/setup.c | 6 -- arch/mips/include/asm/mipsregs.h | 3 - arch/powerpc/net/bpf_jit_comp64.c | 29 ++------ arch/x86/boot/compressed/Makefile | 8 ++- arch/x86/events/amd/ibs.c | 6 +- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 12 ++++ drivers/gpu/drm/drm_context.c | 2 +- drivers/gpu/drm/imx/imx-ldb.c | 9 ++- drivers/i2c/busses/i2c-davinci.c | 8 ++- drivers/net/can/mscan/mpc5xxx_can.c | 5 ++ drivers/net/ethernet/3com/Kconfig | 2 +- drivers/net/ethernet/amd/Kconfig | 4 +- drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 1 + .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 13 +++- drivers/net/ethernet/cirrus/Kconfig | 1 + drivers/net/ethernet/cisco/enic/enic_main.c | 78 ++++++++-------------- drivers/net/ethernet/qlogic/qed/qed_l2.c | 15 ++--- drivers/net/ethernet/qlogic/qed/qed_l2.h | 2 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 1 + drivers/net/ethernet/qlogic/qed/qed_sriov.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_vf.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_vf.h | 7 +- drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 1 + drivers/net/usb/qmi_wwan.c | 2 +- drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/scsi/fcoe/fcoe_ctlr.c | 4 +- drivers/scsi/libfc/fc_rport.c | 1 + drivers/scsi/libiscsi.c | 12 ++-- drivers/scsi/vmw_pvscsi.c | 11 ++- drivers/staging/media/omap4iss/iss_video.c | 3 +- drivers/usb/gadget/function/f_uac2.c | 20 +++--- drivers/usb/gadget/udc/r8a66597-udc.c | 6 +- drivers/usb/phy/phy-fsl-usb.c | 4 +- fs/cachefiles/namei.c | 1 - fs/cachefiles/rdwr.c | 17 +++-- fs/fscache/operation.c | 6 +- fs/squashfs/file.c | 50 ++++++++------ fs/squashfs/file_cache.c | 4 +- fs/squashfs/file_direct.c | 24 +++---- fs/squashfs/squashfs.h | 3 +- include/net/af_vsock.h | 4 +- mm/memcontrol.c | 15 +++-- mm/memory.c | 3 + mm/zswap.c | 9 +++ net/caif/caif_dev.c | 4 +- net/dccp/ccids/ccid2.c | 6 +- net/ipv6/ip6_tunnel.c | 8 +-- net/ipv6/ip6_vti.c | 11 +-- net/mac80211/util.c | 3 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +-- net/packet/af_packet.c | 10 +-- net/vmw_vsock/af_vsock.c | 15 +++-- net/vmw_vsock/vmci_transport.c | 3 +- net/wireless/nl80211.c | 1 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_user.c | 18 +++-- tools/power/x86/turbostat/turbostat.c | 8 +-- .../selftests/ftrace/test.d/00basic/snapshot.tc | 28 ++++++++ tools/usb/ffs-test.c | 19 +++++- 62 files changed, 336 insertions(+), 240 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/00basic/snapshot.tc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluBcVkACgkQ3qZv95d3 LNw9LhAAhYO1gSH1TU/L3yOt3RFvsIGSWqlDjl746dUkHgxwF0pZeFufDCN4hI8C Oi8iFRum4yScnvrm9Gj6ZMR4fvHjT3i0uixvFB8tyE6MGIOYoHyFd7FDHFLsFK4D UrA43Ow+cIjp+BuWJ/6fp0c9WwdcxDQUjqZS81Tc+FgQMiGLb0JpGLVuI+ftShdz PAdJqp4yg9oNb8xByyC5QDHm6CGC26BR+MJXsY8cmJIBcGihBy4UMZXYb8dasp9w 3qL4zLLBlHWRvH+JJJE0t2i9KrRf1TgfRuuu8f9B5Ey9YyilokpBZ7c9jFRfzLn9 TS+WW6xQqwmgLVp3/F+/r9xw2rCdZStlEPjcuiIU6nrSXf3yg41q50CQd3+gkCEy 1Rb9fWVWkRX/hyUCzCp1TBK++zPjC5DmxAxobvHKWElvdsP57CEV+0hPqyb6F/ve FPiH4u0BfdkToEDvL6mIi12CGcQV5eqW0bJv6OLbetvsGR/ATBzZfIXkm6TpWYri ayOJzIsRVmt3neACIY3iZR8lSoW7Lj4kO1q+iXzUoD5NDJYh3HVDG13cmMu7NzSC 8SLAWGA1N8i8YDTTXePQPd9Y43qRaF9D3mxlN45cDrfIYdt0cFrQ8/tjXukuaGKq Pc+jr4qfByVetWSHc7s+mPEzfHzRhO4lbCa+tZWL2sF7tTYYksw= =eZ0Z -----END PGP SIGNATURE-----

6 years, 10 months

2
1
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 4cea13b66144903ae7310331b43e08f7b2d6aadb: Linux 4.14.65 (2018-08-18 10:48:00 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-14082018 for you to fetch changes up to a1145b9daa1f738d7aa941ebc14426db8ea4da5c: mm/memory.c: check return value of ioremap_prot (2018-08-18 10:16:43 -0400) - ---------------------------------------------------------------- for-greg-4.14-14082018 - ---------------------------------------------------------------- Aleksander Morgado (1): qmi_wwan: fix interface number for DW5821e production firmware Alexander Sverdlin (1): i2c: davinci: Avoid zero value of CLKH Alexey Kodanev (1): dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() Benjamin Tissoires (1): gpiolib-acpi: make sure we trigger edge events at least once on boot Bernd Edlinger (1): nl80211: Add a missing break in parse_station_flags Calvin Walton (1): tools/power turbostat: Read extended processor family from CPUID Colin Ian King (1): drivers: net: lmc: fix case value for target abort error Cong Wang (2): vsock: split dwork to avoid reinitializations llc: use refcount_inc_not_zero() for llc_sap_find() Daniel Borkmann (1): bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd Davidlohr Bueso (1): ipc/sem.c: prevent queue.status tearing in semop Eric Dumazet (1): xfrm_user: prevent leaking 2 bytes of kernel memory Eugeniu Rosca (3): usb: gadget: f_uac2: fix error handling in afunc_bind (again) usb: gadget: u_audio: fix pcm/card naming in g_audio_setup() usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' Eugeniy Paltsev (1): ARC: dma [non-IOC] setup SMP_CACHE_BYTES and cache_line_size Eyal Birger (1): vti6: fix PMTU caching and reporting on xmit Faiz Abbas (1): can: m_can: Move accessing of message ram to after clocks are enabled Florian Westphal (5): xfrm: free skb if nlsk pointer is NULL netfilter: nf_tables: fix memory leaks on chain rename netfilter: nf_tables: don't allow to rename to already-pending name netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state atl1c: reserve min skb headroom Govindarajulu Varadarajan (2): enic: handle mtu change for vf properly enic: do not call enic_change_mtu in enic_probe Guenter Roeck (1): media: staging: omap4iss: Include asm/cacheflush.h after generic includes Hailong Liu (1): sched/rt: Restore rt_runtime after disabling RT_RUNTIME_SHARE Hugh Dickins (1): mm: delete historical BUG from zap_pmd_range() Jason Wang (1): vhost: reset metadata cache when initializing new IOTLB Jia-Ju Bai (2): usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() Jim Gill (1): scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED Johannes Thumshirn (3): scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send scsi: fcoe: drop frames in ELS LOGO error path scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO John Hurley (1): nfp: flower: fix port metadata conversion bug Josef Bacik (2): nbd: don't requeue the same request twice. nbd: handle unexpected replies better Joshua Frkuska (1): usb: gadget: u_audio: update hw_ptr in iso_complete after data copied Kees Cook (1): x86/boot: Fix if_changed build flip/flop bug Kiran Kumar Modukuri (3): fscache: Allow cancelled operations to be enqueued cachefiles: Fix refcounting bug in backing-file read monitoring cachefiles: Wait rather than BUG'ing on "Unexpected object collision" Kirill Tkhai (1): memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure Len Brown (1): tools/power turbostat: fix -S on UP systems Li Wang (1): zswap: re-check zswap_is_full() after do zswap_shrink() Linus Torvalds (1): squashfs metadata 2: electric boogaloo Lucas Stach (2): drm/imx: imx-ldb: disable LDB on driver bind drm/imx: imx-ldb: check if channel is enabled before printing warning Masami Hiramatsu (1): selftests/ftrace: Add snapshot and tracing_on test case Nicholas Mc Guire (2): drm: re-enable error handling can: mpc5xxx_can: check of_iomap return before use Ofer Levi (1): ARC: [plat-eznps] Add missing struct nps_host_reg_aux_dpc Peter Rosin (2): locking/rtmutex: Allow specifying a subclass for nested locking i2c/mux, locking/core: Annotate the nested rt_mutex usage Peter Senna Tschudin (1): tools: usb: ffs-test: Fix build on big endian systems Phillip Lougher (1): Squashfs: Compute expected length from inode size rather than block length RafaÅ‚ MiÅ‚ecki (1): Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" Randy Dunlap (6): usb/phy: fix PPC64 build errors in phy-fsl-usb.c net: prevent ISA drivers from building on PPC32 arc: [plat-eznps] fix data type errors in platform headers arc: [plat-eznps] fix printk warning in arc/plat-eznps/mtm.c arc: fix build errors in arc/include/asm/delay.h arc: fix type warnings in arc/mm/cache.c Sean Christopherson (1): KVM: vmx: use local variable for current_vmptr when emulating VMPTRST Sean Paul (1): drm/bridge: adv7511: Reset registers on hotplug Shubhrajyoti Datta (1): net: axienet: Fix double deregister of mdio Steven Rostedt (VMware) (1): sparc/time: Add missing __init to init_tick_ops() Sudarsana Reddy Kalluru (4): qed: Fix link flap issue due to mismatching EEE capabilities. qed: Fix possible race for the link state value. qed: Correct Multicast API to reflect existence of 256 approximate buckets. bnx2x: Fix invalid memory access in rss hash config path. Taehee Yoo (2): netfilter: nft_set_hash: add rcu_barrier() in the nft_rhash_destroy() bpf: use GFP_ATOMIC instead of GFP_KERNEL in bpf_parse_prog() Theodore Ts'o (1): ext4: clear mmp sequence number when remounting read-only Thomas Gleixner (1): perf/x86/amd/ibs: Don't access non-started event Thomas Petazzoni (1): sparc: use asm-generic version of msi.h Tommi Rantala (1): xfrm: fix missing dst_release() after policy blocking lbcast and multicast Ursula Braun (1): net/smc: no shutdown in state SMC_LISTEN Varun Prakash (2): scsi: target: iscsi: cxgbit: fix max iso npdu calculation scsi: libiscsi: fix possible NULL pointer dereference in case of TMF Vladimir Zapolskiy (3): usb: gadget: u_audio: remove caching of stream buffer parameters usb: gadget: u_audio: remove cached period bytes value usb: gadget: u_audio: protect stream runtime fields with stream spinlock Willem de Bruijn (1): packet: refine ring v3 block size test to hold one frame Xin Long (1): ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit YueHaibing (1): net: caif: Add a missing rcu_read_unlock() in caif_flow_cb Zhen Lei (1): esp6: fix memleak on error path in esp6_input dann frazier (1): hinic: Link the logical network device to the pci device in sysfs jie@chenjie6@huwei.com (1): mm/memory.c: check return value of ioremap_prot mpubbise(a)codeaurora.org (1): mac80211: add stations tied to AP_VLANs during hw reconfig arch/arc/Kconfig | 3 + arch/arc/include/asm/cache.h | 4 +- arch/arc/include/asm/delay.h | 3 + arch/arc/mm/cache.c | 7 +- arch/arc/plat-eznps/include/plat/ctop.h | 10 +++ arch/arc/plat-eznps/mtm.c | 6 +- arch/mips/bcm47xx/setup.c | 6 -- arch/mips/include/asm/mipsregs.h | 3 - arch/powerpc/net/bpf_jit_comp64.c | 29 ++----- arch/sparc/include/asm/Kbuild | 1 + arch/sparc/kernel/time_64.c | 2 +- arch/x86/boot/compressed/Makefile | 8 +- arch/x86/events/amd/ibs.c | 6 +- arch/x86/kvm/vmx.c | 15 ++-- drivers/block/nbd.c | 96 ++++++++++++++++++---- drivers/gpio/gpiolib-acpi.c | 56 ++++++++++++- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 12 +++ drivers/gpu/drm/drm_context.c | 2 +- drivers/gpu/drm/imx/imx-ldb.c | 9 +- drivers/i2c/busses/i2c-davinci.c | 8 +- drivers/i2c/i2c-core-base.c | 2 +- drivers/i2c/i2c-mux.c | 4 +- drivers/net/can/m_can/m_can.c | 7 +- drivers/net/can/mscan/mpc5xxx_can.c | 5 ++ drivers/net/ethernet/3com/Kconfig | 2 +- drivers/net/ethernet/amd/Kconfig | 4 +- drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 1 + .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 13 ++- drivers/net/ethernet/cirrus/Kconfig | 1 + drivers/net/ethernet/cisco/enic/enic_main.c | 80 +++++++----------- drivers/net/ethernet/huawei/hinic/hinic_main.c | 1 + drivers/net/ethernet/netronome/nfp/flower/main.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_l2.c | 15 ++-- drivers/net/ethernet/qlogic/qed/qed_l2.h | 2 +- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 13 ++- drivers/net/ethernet/qlogic/qed/qed_sriov.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_vf.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_vf.h | 7 +- drivers/net/ethernet/xilinx/xilinx_axienet_mdio.c | 1 + drivers/net/usb/qmi_wwan.c | 2 +- drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/scsi/fcoe/fcoe_ctlr.c | 6 +- drivers/scsi/libfc/fc_rport.c | 1 + drivers/scsi/libiscsi.c | 12 +-- drivers/scsi/vmw_pvscsi.c | 11 ++- drivers/staging/media/omap4iss/iss_video.c | 3 +- drivers/target/iscsi/cxgbit/cxgbit_target.c | 16 ++-- drivers/usb/gadget/function/f_uac2.c | 24 +++--- drivers/usb/gadget/function/u_audio.c | 88 ++++++++------------ drivers/usb/gadget/udc/r8a66597-udc.c | 6 +- drivers/usb/phy/phy-fsl-usb.c | 4 +- drivers/vhost/vhost.c | 9 +- fs/cachefiles/namei.c | 1 - fs/cachefiles/rdwr.c | 17 ++-- fs/ext4/mmp.c | 7 +- fs/ext4/super.c | 2 + fs/fscache/operation.c | 6 +- fs/squashfs/file.c | 50 ++++++----- fs/squashfs/file_cache.c | 4 +- fs/squashfs/file_direct.c | 24 +++--- fs/squashfs/squashfs.h | 3 +- include/linux/rtmutex.h | 7 ++ include/net/af_vsock.h | 4 +- include/net/llc.h | 5 ++ ipc/sem.c | 2 +- kernel/locking/rtmutex.c | 29 ++++++- kernel/sched/rt.c | 2 + mm/memcontrol.c | 15 +++- mm/memory.c | 9 +- mm/zswap.c | 9 ++ net/caif/caif_dev.c | 4 +- net/core/lwt_bpf.c | 2 +- net/dccp/ccids/ccid2.c | 6 +- net/ipv6/esp6.c | 4 +- net/ipv6/ip6_tunnel.c | 8 +- net/ipv6/ip6_vti.c | 11 +-- net/llc/llc_core.c | 4 +- net/mac80211/util.c | 3 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/netfilter/nf_tables_api.c | 59 ++++++++----- net/netfilter/nft_set_hash.c | 1 + net/packet/af_packet.c | 10 ++- net/smc/af_smc.c | 3 +- net/vmw_vsock/af_vsock.c | 15 ++-- net/vmw_vsock/vmci_transport.c | 3 +- net/wireless/nl80211.c | 1 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_user.c | 18 ++-- tools/power/x86/turbostat/turbostat.c | 8 +- .../selftests/ftrace/test.d/00basic/snapshot.tc | 28 +++++++ tools/usb/ffs-test.c | 19 ++++- 91 files changed, 663 insertions(+), 389 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/00basic/snapshot.tc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAluBcUoACgkQ3qZv95d3 LNypkQ/+JcfYVO/MhrMr3Ipp3bPWoVw+jUJykP0m2EL6SB2eol2iG6Nvkn91Z4Z+ uYIwxkipZrkDiB6ojwThu6W1LXfvHyUwXPfUEerM6RhJnvWbNEL18hGX0TiPJJ2w vvhJj59hxD0hmRcIOZsUIEe0H/aNMNMrw/Ya3v1bpXdqGbtnmu4uDuqiLhY6UmjR 9gBnL047L4n0UVdq+GgbNSDKybTuRUeMiKO55gjfl2PHTsksIbrXsXY5LMpgZ5H9 YZ+t15l3wLgIBu+qGu05u9vbHMiwgFRZGfXHTRnj413DghZJix8mK8MQWpchV684 VE/aFiXnj2CmANAGPaTaakNyyqa0UT280+OQUPCSWrvzCTMFfrxUzT/h/HkrJqf9 PgJHXSOjb3GwVj7BGMcX+SREjk23pJYSwpsEPpq9OAOIlX9+I7ovM6axVxPR0goU Dhvfjb0VbIqsib8WUvZAylkZGhd+IzIjyGEYsiyjwf4tZiWhn+/8B+WKaHlBbXuC 98Fagd/ywH9BexhbmA4w6Q0EpC8WU4vMwZHQluxQmGp33JdiBket7flAl9trr2K8 slWozy4rzUBoa1K1t+wsMNInCqjEqqF93FQdMN9U0s3IXw0IVzicRARTa70fKoog 42Uw8k9Nt0GBuiE/k9ccuIv+NaE8WT9Vm0bI670isofrwP756ks= =pi0Q -----END PGP SIGNATURE-----

6 years, 10 months

2
1
0 0

request for 4.18-stable: 2fa4a32613c9 ("scsi: libsas: dynamically allocate and free ata host")

by Jason Yan

Hi Greg, This patch fixes a bug of libsas and is not in 4.18-stable yet. Please apply to your queue. Thanks -- Jason

6 years, 10 months

2
1
0 0

[PATCH v2] crypto: vmx - Fix sleep-in-atomic bugs

by Ondrej Mosnacek

This patch fixes sleep-in-atomic bugs in AES-CBC and AES-XTS VMX implementations. The problem is that the blkcipher_* functions should not be called in atomic context. The bugs can be reproduced via the AF_ALG interface by trying to encrypt/decrypt sufficiently large buffers (at least 64 KiB) using the VMX implementations of 'cbc(aes)' or 'xts(aes)'. Such operations then trigger BUG in crypto_yield(): [ 891.863680] BUG: sleeping function called from invalid context at include/crypto/algapi.h:424 [ 891.864622] in_atomic(): 1, irqs_disabled(): 0, pid: 12347, name: kcapi-enc [ 891.864739] 1 lock held by kcapi-enc/12347: [ 891.864811] #0: 00000000f5d42c46 (sk_lock-AF_ALG){+.+.}, at: skcipher_recvmsg+0x50/0x530 [ 891.865076] CPU: 5 PID: 12347 Comm: kcapi-enc Not tainted 4.19.0-0.rc0.git3.1.fc30.ppc64le #1 [ 891.865251] Call Trace: [ 891.865340] [c0000003387578c0] [c000000000d67ea4] dump_stack+0xe8/0x164 (unreliable) [ 891.865511] [c000000338757910] [c000000000172a58] ___might_sleep+0x2f8/0x310 [ 891.865679] [c000000338757990] [c0000000006bff74] blkcipher_walk_done+0x374/0x4a0 [ 891.865825] [c0000003387579e0] [d000000007e73e70] p8_aes_cbc_encrypt+0x1c8/0x260 [vmx_crypto] [ 891.865993] [c000000338757ad0] [c0000000006c0ee0] skcipher_encrypt_blkcipher+0x60/0x80 [ 891.866128] [c000000338757b10] [c0000000006ec504] skcipher_recvmsg+0x424/0x530 [ 891.866283] [c000000338757bd0] [c000000000b00654] sock_recvmsg+0x74/0xa0 [ 891.866403] [c000000338757c10] [c000000000b00f64] ___sys_recvmsg+0xf4/0x2f0 [ 891.866515] [c000000338757d90] [c000000000b02bb8] __sys_recvmsg+0x68/0xe0 [ 891.866631] [c000000338757e30] [c00000000000bbe4] system_call+0x5c/0x70 Fixes: 8c755ace357c ("crypto: vmx - Adding CBC routines for VMX module") Fixes: c07f5d3da643 ("crypto: vmx - Adding support for XTS") Cc: stable(a)vger.kernel.org Signed-off-by: Ondrej Mosnacek <omosnace(a)redhat.com> --- Still untested, please test and review if possible. Changes in v2: - fix leaving preemtption, etc. disabled when leaving the function (I switched to the more obvious and less efficient variant for the sake of clarity.) drivers/crypto/vmx/aes_cbc.c | 30 ++++++++++++++---------------- drivers/crypto/vmx/aes_xts.c | 21 ++++++++++++++------- 2 files changed, 28 insertions(+), 23 deletions(-) diff --git a/drivers/crypto/vmx/aes_cbc.c b/drivers/crypto/vmx/aes_cbc.c index 5285ece4f33a..b71895871be3 100644 --- a/drivers/crypto/vmx/aes_cbc.c +++ b/drivers/crypto/vmx/aes_cbc.c @@ -107,24 +107,23 @@ static int p8_aes_cbc_encrypt(struct blkcipher_desc *desc, ret = crypto_skcipher_encrypt(req); skcipher_request_zero(req); } else { - preempt_disable(); - pagefault_disable(); - enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); ret = blkcipher_walk_virt(desc, &walk); while ((nbytes = walk.nbytes)) { + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); aes_p8_cbc_encrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->enc_key, walk.iv, 1); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); + nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); } - - disable_kernel_vsx(); - pagefault_enable(); - preempt_enable(); } return ret; @@ -147,24 +146,23 @@ static int p8_aes_cbc_decrypt(struct blkcipher_desc *desc, ret = crypto_skcipher_decrypt(req); skcipher_request_zero(req); } else { - preempt_disable(); - pagefault_disable(); - enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); ret = blkcipher_walk_virt(desc, &walk); while ((nbytes = walk.nbytes)) { + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); aes_p8_cbc_encrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->dec_key, walk.iv, 0); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); + nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); } - - disable_kernel_vsx(); - pagefault_enable(); - preempt_enable(); } return ret; diff --git a/drivers/crypto/vmx/aes_xts.c b/drivers/crypto/vmx/aes_xts.c index 8bd9aff0f55f..e9954a7d4694 100644 --- a/drivers/crypto/vmx/aes_xts.c +++ b/drivers/crypto/vmx/aes_xts.c @@ -116,32 +116,39 @@ static int p8_aes_xts_crypt(struct blkcipher_desc *desc, ret = enc? crypto_skcipher_encrypt(req) : crypto_skcipher_decrypt(req); skcipher_request_zero(req); } else { + blkcipher_walk_init(&walk, dst, src, nbytes); + + ret = blkcipher_walk_virt(desc, &walk); + preempt_disable(); pagefault_disable(); enable_kernel_vsx(); - blkcipher_walk_init(&walk, dst, src, nbytes); - - ret = blkcipher_walk_virt(desc, &walk); iv = walk.iv; memset(tweak, 0, AES_BLOCK_SIZE); aes_p8_encrypt(iv, tweak, &ctx->tweak_key); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); + while ((nbytes = walk.nbytes)) { + preempt_disable(); + pagefault_disable(); + enable_kernel_vsx(); if (enc) aes_p8_xts_encrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->enc_key, NULL, tweak); else aes_p8_xts_decrypt(walk.src.virt.addr, walk.dst.virt.addr, nbytes & AES_BLOCK_MASK, &ctx->dec_key, NULL, tweak); + disable_kernel_vsx(); + pagefault_enable(); + preempt_enable(); nbytes &= AES_BLOCK_SIZE - 1; ret = blkcipher_walk_done(desc, &walk, nbytes); } - - disable_kernel_vsx(); - pagefault_enable(); - preempt_enable(); } return ret; } -- 2.17.1

6 years, 10 months

4
5
0 0

Re: stable/linux-4.4.y boot: 124 boots: 3 failed, 117 passed with 2 offline, 1 untried/unknown, 1 conflict (v4.4.151)

by Guillaume Tucker

On 22/08/18 14:51, kernelci.org bot wrote: > stable/linux-4.4.y boot: 124 boots: 3 failed, 117 passed with 2 offline, 1 untried/unknown, 1 conflict (v4.4.151) > > Full Boot Summary: https://kernelci.org/boot/all/job/stable/branch/linux-4.4.y/kernel/v4.4.151/ > Full Build Summary: https://kernelci.org/build/stable/branch/linux-4.4.y/kernel/v4.4.151/ > > Tree: stable > Branch: linux-4.4.y > Git Describe: v4.4.151 > Git Commit: 78f654f6cce3442937b8c7eb4b640357871363c1 > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git > Tested: 43 unique boards, 20 SoC families, 22 builds out of 191 > > Boot Regressions Detected: [...] > x86: > > defconfig+kvm_guest: > x86-x5-z8350: > lab-mhart: failing since 6 days (last pass: v4.4.147 - first fail: v4.4.148) > > x86_64_defconfig: > x86-x5-z8350: > lab-mhart: failing since 6 days (last pass: v4.4.147 - first fail: v4.4.148) We've had a couple of automated boot bisections pointing at the same commit on an x86 Atom x5-Z8350 platform (AAEON UP-CHT01), please see details below. The issue seems to have started with v4.4.148. Here's the boot details and log showing the issue on v4.4.151: https://kernelci.org/boot/id/5b7d39ea59b514c03796ba9c/ https://storage.kernelci.org/stable/linux-4.4.y/v4.4.151/x86/x86_64_defconf… [ 0.073668] swapper/0: Corrupted page table at address 5b95ef78 [ 0.080286] PGD 272a067 PUD 272d067 PMD 5b8000000e3 [ 0.085847] Bad pagetable: 0009 [#1] SMP Below is the result of the last kernelci.org automated bisection. I haven't done any further investigation, this is merely sharing the results so please take it with a pinch of salt! Hope this helps. Best wishes, Guillaume --------------------------------------8<-------------------------------------- Bisection result for stable/linux-4.4.y (v4.4.151) on x86-x5-z8350 Good: 8404ae6c8c9f Linux 4.4.147 Bad: 78f654f6cce3 Linux 4.4.151 Found: 02ff2769edbc x86/mm/pat: Make set_memory_np() L1TF safe Checks: revert: PASS verify: PASS Parameters: Tree: stable URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git Branch: linux-4.4.y Target: x86-x5-z8350 Lab: lab-mhart Config: x86_64_defconfig Plan: boot Breaking commit found: ------------------------------------------------------------------------------- commit 02ff2769edbce2261e981effbc3c4b98fae4faf0 Author: Andi Kleen <ak(a)linux.intel.com> Date: Tue Aug 7 15:09:39 2018 -0700 x86/mm/pat: Make set_memory_np() L1TF safe commit 958f79b9ee55dfaf00c8106ed1c22a2919e0028b upstream set_memory_np() is used to mark kernel mappings not present, but it has it's own open coded mechanism which does not have the L1TF protection of inverting the address bits. Replace the open coded PTE manipulation with the L1TF protecting low level PTE routines. Passes the CPA self test. Signed-off-by: Andi Kleen <ak(a)linux.intel.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> [ dwmw2: Pull in pud_mkhuge() from commit a00cc7d9dd, and pfn_pud() ] Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> [groeck: port to 4.4] Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h index b5e157c065ae..4de6c282c02a 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -378,12 +378,39 @@ static inline pmd_t pfn_pmd(unsigned long page_nr, pgprot_t pgprot) return __pmd(pfn | massage_pgprot(pgprot)); } +static inline pud_t pfn_pud(unsigned long page_nr, pgprot_t pgprot) +{ + phys_addr_t pfn = page_nr << PAGE_SHIFT; + pfn ^= protnone_mask(pgprot_val(pgprot)); + pfn &= PHYSICAL_PUD_PAGE_MASK; + return __pud(pfn | massage_pgprot(pgprot)); +} + static inline pmd_t pmd_mknotpresent(pmd_t pmd) { return pfn_pmd(pmd_pfn(pmd), __pgprot(pmd_flags(pmd) & ~(_PAGE_PRESENT|_PAGE_PROTNONE))); } +static inline pud_t pud_set_flags(pud_t pud, pudval_t set) +{ + pudval_t v = native_pud_val(pud); + + return __pud(v | set); +} + +static inline pud_t pud_clear_flags(pud_t pud, pudval_t clear) +{ + pudval_t v = native_pud_val(pud); + + return __pud(v & ~clear); +} + +static inline pud_t pud_mkhuge(pud_t pud) +{ + return pud_set_flags(pud, _PAGE_PSE); +} + static inline u64 flip_protnone_guard(u64 oldval, u64 val, u64 mask); static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c index 79377e2a7bcd..27610c2d1821 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -1006,8 +1006,8 @@ static int populate_pmd(struct cpa_data *cpa, pmd = pmd_offset(pud, start); - set_pmd(pmd, __pmd(cpa->pfn | _PAGE_PSE | - massage_pgprot(pmd_pgprot))); + set_pmd(pmd, pmd_mkhuge(pfn_pmd(cpa->pfn, + canon_pgprot(pmd_pgprot)))); start += PMD_SIZE; cpa->pfn += PMD_SIZE; @@ -1079,8 +1079,8 @@ static int populate_pud(struct cpa_data *cpa, unsigned long start, pgd_t *pgd, * Map everything starting from the Gb boundary, possibly with 1G pages */ while (end - start >= PUD_SIZE) { - set_pud(pud, __pud(cpa->pfn | _PAGE_PSE | - massage_pgprot(pud_pgprot))); + set_pud(pud, pud_mkhuge(pfn_pud(cpa->pfn, + canon_pgprot(pud_pgprot)))); start += PUD_SIZE; cpa->pfn += PUD_SIZE; ------------------------------------------------------------------------------- Git bisection log: ------------------------------------------------------------------------------- git bisect start # good: [8404ae6c8c9ff23a06cf38112e83002e1088bfe1] Linux 4.4.147 git bisect good 8404ae6c8c9ff23a06cf38112e83002e1088bfe1 # bad: [78f654f6cce3442937b8c7eb4b640357871363c1] Linux 4.4.151 git bisect bad 78f654f6cce3442937b8c7eb4b640357871363c1 # bad: [6b06f36f07e2c91ad0126f17d0fc8f933c827da8] x86/mm/kmmio: Make the tracer robust against L1TF git bisect bad 6b06f36f07e2c91ad0126f17d0fc8f933c827da8 # good: [90a231c63cc28d896ab353b027011a949e9884d3] x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT git bisect good 90a231c63cc28d896ab353b027011a949e9884d3 # good: [9ac0dc7d949db7afd4116d55fa4fcf6a66d820f0] mm: fix cache mode tracking in vm_insert_mixed() git bisect good 9ac0dc7d949db7afd4116d55fa4fcf6a66d820f0 # good: [dc48c1a2f45b628d3128ad4bb31d1bcd342c059d] x86/cpufeatures: Add detection of L1D cache flush support. git bisect good dc48c1a2f45b628d3128ad4bb31d1bcd342c059d # good: [0aae5fe8413dfcd949d0df1c7d6b835efecd5b3b] x86/speculation/l1tf: Invert all not present mappings git bisect good 0aae5fe8413dfcd949d0df1c7d6b835efecd5b3b # bad: [02ff2769edbce2261e981effbc3c4b98fae4faf0] x86/mm/pat: Make set_memory_np() L1TF safe git bisect bad 02ff2769edbce2261e981effbc3c4b98fae4faf0 # good: [9feecdb6cb73feaa55b0135aee8777eaac848c78] x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert git bisect good 9feecdb6cb73feaa55b0135aee8777eaac848c78 # first bad commit: [02ff2769edbce2261e981effbc3c4b98fae4faf0] x86/mm/pat: Make set_memory_np() L1TF safe ------------------------------------------------------------------------------- > For more info write to <info(a)kernelci.org> > > > > _______________________________________________ > Kernel-build-reports mailing list > Kernel-build-reports(a)lists.linaro.org > https://lists.linaro.org/mailman/listinfo/kernel-build-reports >

6 years, 10 months

3
7
0 0

+ mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported. has been added to the -mm tree. Its filename is mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-hugetlb-filter-out-hugetlb-page… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-hugetlb-filter-out-hugetlb-page… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: "Aneesh Kumar K.V" <aneesh.kumar(a)linux.ibm.com> Subject: mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported. When scanning for movable pages, filter out Hugetlb pages if hugepage migration is not supported. Without this we hit infinte loop in __offline_pages() where we do pfn = scan_movable_pages(start_pfn, end_pfn); if (pfn) { /* We have movable pages */ ret = do_migrate_range(pfn, end_pfn); goto repeat; } Fix this by checking hugepage_migration_supported both in has_unmovable_pages which is the primary backoff mechanism for page offlining and for consistency reasons also into scan_movable_pages because it doesn't make any sense to return a pfn to non-migrateable huge page. This issue was revealed by, but not caused by 72b39cfc4d75 ("mm, memory_hotplug: do not fail offlining too early"). Link: http://lkml.kernel.org/r/20180824063314.21981-1-aneesh.kumar@linux.ibm.com Fixes: 72b39cfc4d75 ("mm, memory_hotplug: do not fail offlining too early") Signed-off-by: Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> Reported-by: Haren Myneni <haren(a)linux.vnet.ibm.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory_hotplug.c | 3 ++- mm/page_alloc.c | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) --- a/mm/memory_hotplug.c~mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported +++ a/mm/memory_hotplug.c @@ -1333,7 +1333,8 @@ static unsigned long scan_movable_pages( if (__PageMovable(page)) return pfn; if (PageHuge(page)) { - if (page_huge_active(page)) + if (hugepage_migration_supported(page_hstate(page)) && + page_huge_active(page)) return pfn; else pfn = round_up(pfn + 1, --- a/mm/page_alloc.c~mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported +++ a/mm/page_alloc.c @@ -7709,6 +7709,10 @@ bool has_unmovable_pages(struct zone *zo * handle each tail page individually in migration. */ if (PageHuge(page)) { + + if (!hugepage_migration_supported(page_hstate(page))) + goto unmovable; + iter = round_up(iter + 1, 1<<compound_order(page)) - 1; continue; } _ Patches currently in -mm which might be from aneesh.kumar(a)linux.ibm.com are mm-hugetlb-filter-out-hugetlb-pages-if-hugepage-migration-is-not-supported.patch

6 years, 10 months

1
0
0 0

How to report kernel panic in 4.4.x

by Matthias B.

Hallo, 4.4.147 is the last kernel of the 4.4.x series that boots for me. All subsequent versions panic on boot. How do I report this bug? If I'm supposed to use https://bugzilla.kernel.org/ I don't know what to fill into the fields. I don't even know if the longterm kernel falls under "Mainline" or some other tree. MSB -- Fun chemistry experiments: Sodium chloride doubles its volume when combined with an equal amount of table salt.

6 years, 10 months

2
10
0 0

kernel-doc patches for 4.18

by Nathan Chancellor

Hi Greg, Arch Linux recently enabled building the kernel documentation in their PKGBUILD, which turned my normally peaceful build into a spamfest of unescaped braces warnings from Perl. These are fixed upstream with the following two patches: 701b3a3c0ac4 ("PATCH scripts/kernel-doc") 673bb2dfc364 ("scripts/kernel-doc: Escape all literal braces in regexes") Could they please be applied to 4.18? They should be clean cherry-picks. Thanks! Nathan

6 years, 10 months

3
2
0 0

Current LTS and their EOL

by Rodrigo Vivi

Hi Greg, Ben, and all Is https://www.kernel.org/category/releases.html updated in terms of EOL? Some news out of Linaro conference [2] generated a lot of doubts and questions around. Specially because on the way it was stated by the news 3.16 wouldn't be active anymore. So I'm not sure about the news, but I'd like confirmation from you about expected EOL. [2] https://itsfoss.com/linux-lts-kernel-six-years/ Thanks in advance, Rodrigo.

6 years, 10 months

4
4
0 0

[PATCH v2] avoid race condition between start_xmit and cm_rep_handler

by Aaron Knister

Inside of start_xmit() the call to check if the connection is up and the queueing of the packets for later transmission is not atomic which leaves a window where cm_rep_handler can run, set the connection up, dequeue pending packets and leave the subsequently queued packets by start_xmit() sitting on neigh->queue until they're dropped when the connection is torn down. This only applies to connected mode. These dropped packets can really upset TCP, for example, and cause multi-minute delays in transmission for open connections. Here's the code in start_xmit where we check to see if the connection is up: if (ipoib_cm_get(neigh)) { if (ipoib_cm_up(neigh)) { ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); goto unref; } } The race occurs if cm_rep_handler execution occurs after the above connection check (specifically if it gets to the point where it acquires priv->lock to dequeue pending skb's) but before the below code snippet in start_xmit where packets are queued. if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { push_pseudo_header(skb, phdr->hwaddr); spin_lock_irqsave(&priv->lock, flags); __skb_queue_tail(&neigh->queue, skb); spin_unlock_irqrestore(&priv->lock, flags); } else { ++dev->stats.tx_dropped; dev_kfree_skb_any(skb); } The patch re-checks ipoib_cm_up with priv->lock held to avoid this race condition. Since odds are the conn should be up most of the time (and thus the connection *not* down most of the time) we don't hold the lock for the first check attempt to avoid a slowdown from unecessary locking for the majority of the packets transmitted during the connection's life. Signed-off-by: Aaron Knister <aaron.s.knister(a)nasa.gov> --- drivers/infiniband/ulp/ipoib/ipoib_main.c | 46 ++++++++++++++++++++++++++----- 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/drivers/infiniband/ulp/ipoib/ipoib_main.c b/drivers/infiniband/ulp/ipoib/ipoib_main.c index 26cde95b..a950c916 100644 --- a/drivers/infiniband/ulp/ipoib/ipoib_main.c +++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c @@ -1093,6 +1093,21 @@ static void unicast_arp_send(struct sk_buff *skb, struct net_device *dev, spin_unlock_irqrestore(&priv->lock, flags); } +static bool defer_neigh_skb(struct sk_buff *skb, + struct net_device *dev, + struct ipoib_neigh *neigh, + struct ipoib_pseudo_header *phdr) +{ + if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { + push_pseudo_header(skb, phdr->hwaddr); + __skb_queue_tail(&neigh->queue, skb); + return true; + } + + return false; +} + + static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) { struct ipoib_dev_priv *priv = ipoib_priv(dev); @@ -1101,6 +1116,7 @@ static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) struct ipoib_pseudo_header *phdr; struct ipoib_header *header; unsigned long flags; + bool deferred_pkt = true; phdr = (struct ipoib_pseudo_header *) skb->data; skb_pull(skb, sizeof(*phdr)); @@ -1160,6 +1176,23 @@ static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); goto unref; } + /* + * Re-check ipoib_cm_up with priv->lock held to avoid + * race condition between start_xmit and skb_dequeue in + * cm_rep_handler. Since odds are the conn should be up + * most of the time, we don't hold the lock for the + * first check above + */ + spin_lock_irqsave(&priv->lock, flags); + if (ipoib_cm_up(neigh)) { + spin_unlock_irqrestore(&priv->lock, flags); + ipoib_cm_send(dev, skb, ipoib_cm_get(neigh)); + } else { + deferred_pkt = defer_neigh_skb(skb, dev, neigh, phdr); + spin_unlock_irqrestore(&priv->lock, flags); + } + + goto unref; } else if (neigh->ah && neigh->ah->valid) { neigh->ah->last_send = rn->send(dev, skb, neigh->ah->ah, IPOIB_QPN(phdr->hwaddr)); @@ -1168,17 +1201,16 @@ static netdev_tx_t ipoib_start_xmit(struct sk_buff *skb, struct net_device *dev) neigh_refresh_path(neigh, phdr->hwaddr, dev); } - if (skb_queue_len(&neigh->queue) < IPOIB_MAX_PATH_REC_QUEUE) { - push_pseudo_header(skb, phdr->hwaddr); - spin_lock_irqsave(&priv->lock, flags); - __skb_queue_tail(&neigh->queue, skb); - spin_unlock_irqrestore(&priv->lock, flags); - } else { + spin_lock_irqsave(&priv->lock, flags); + deferred_pkt = defer_neigh_skb(skb, dev, neigh, phdr); + spin_unlock_irqrestore(&priv->lock, flags); + +unref: + if (!deferred_pkt) { ++dev->stats.tx_dropped; dev_kfree_skb_any(skb); } -unref: ipoib_neigh_put(neigh); return NETDEV_TX_OK; -- 2.12.3

6 years, 10 months

6
10
0 0

Linux 4.4.152

by Greg KH

I'm announcing the release of the 4.4.152 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/Makefile | 15 --- arch/arc/include/asm/mach_desc.h | 2 arch/arc/kernel/irq.c | 2 arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 arch/arm/boot/dts/bcm-cygnus.dtsi | 4 - arch/arm/boot/dts/da850.dtsi | 6 - arch/arm/configs/imx_v4_v5_defconfig | 2 arch/arm/configs/imx_v6_v7_defconfig | 2 arch/arm/mach-pxa/irq.c | 4 - arch/arm/mm/init.c | 9 ++ arch/arm64/kernel/smp.c | 2 arch/m68k/include/asm/mcf_pgalloc.h | 4 - arch/parisc/include/asm/spinlock.h | 8 -- arch/parisc/kernel/syscall.S | 24 +++--- drivers/dma/k3dma.c | 2 drivers/gpu/drm/armada/armada_hw.h | 1 drivers/gpu/drm/armada/armada_overlay.c | 30 +++++-- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 - drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 +++++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 drivers/gpu/drm/nouveau/nouveau_gem.c | 4 - drivers/hid/wacom_wac.c | 10 ++ drivers/i2c/busses/i2c-imx.c | 8 +- drivers/md/raid10.c | 7 + drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 - drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 drivers/net/ethernet/cisco/enic/enic_main.c | 3 drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 ++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 drivers/net/ethernet/qualcomm/qca_spi.c | 21 +++-- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 -- drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 drivers/net/usb/rtl8150.c | 2 drivers/net/usb/smsc75xx.c | 62 ++++++++++++++++ drivers/net/wireless/brcm80211/brcmfmac/sdio.c | 7 + drivers/pci/hotplug/pci_hotplug_core.c | 9 ++ drivers/pci/hotplug/pciehp.h | 1 drivers/pci/hotplug/pciehp_core.c | 7 + drivers/pci/hotplug/pciehp_hpc.c | 5 - drivers/pci/probe.c | 4 + drivers/scsi/xen-scsifront.c | 33 ++++++-- drivers/staging/android/ion/ion.c | 17 +++- drivers/usb/dwc2/gadget.c | 7 + drivers/usb/dwc2/hcd_intr.c | 3 drivers/usb/gadget/composite.c | 3 drivers/usb/host/xhci.c | 7 + fs/ext4/mballoc.c | 4 - fs/reiserfs/xattr.c | 4 - include/linux/fsl/guts.h | 1 include/net/net_namespace.h | 1 include/net/netns/ipv6.h | 1 include/net/tcp.h | 2 kernel/locking/lockdep.c | 12 +-- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 - net/bridge/br_if.c | 11 ++ net/core/dev.c | 4 - net/ipv4/netfilter/ip_tables.c | 1 net/ipv4/tcp.c | 4 - net/ipv4/tcp_dctcp.c | 25 ------ net/ipv4/tcp_output.c | 4 - net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 net/ipv6/netfilter/nf_conntrack_reasm.c | 6 - net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/packet/af_packet.c | 12 ++- net/xfrm/xfrm_user.c | 8 +- security/smack/smack_lsm.c | 1 tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 tools/perf/tests/topology.c | 1 tools/perf/util/llvm-utils.c | 6 - tools/testing/selftests/pstore/pstore_post_reboot_tests | 5 + tools/testing/selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/user/test_user_copy.sh | 7 + tools/testing/selftests/x86/sigreturn.c | 46 +++++++---- tools/testing/selftests/zram/zram.sh | 5 + tools/testing/selftests/zram/zram_lib.sh | 5 + virt/kvm/eventfd.c | 11 +- 88 files changed, 471 insertions(+), 222 deletions(-) Adam Ford (1): ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Andy Lutomirski (1): selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Dan Carpenter (3): dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Daniel Rosenberg (1): staging: android: ion: check for kref overflow David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Elad Raz (1): bridge: Propagate vlan add failure to user Eric Dumazet (2): netfilter: ipv6: nf_defrag: reduce struct net memory waste xfrm_user: prevent leaking 2 bytes of kernel memory Esben Haabendal (1): i2c: imx: Fix race condition in dma read Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Westphal (2): netfilter: x_tables: set module owner for icmp(6) matches netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Kroah-Hartman (1): Linux 4.4.152 Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Hangbin Liu (1): ipv6: mcast: fix unsolicited report interval after receiving querys Jann Horn (1): reiserfs: fix broken xattr handling (heap corruption, bad retval) Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jeremy Cline (1): ext4: fix spectre gadget in ext4_mb_regular_allocator() John David Anglin (2): parisc: Remove ordered stores from syscall.S parisc: Remove unnecessary barriers from spinlock.h Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (1): perf llvm-utils: Remove bashism from kernel include fetch script Li RongQing (1): net: propagate dev_get_valid_name return code Lukas Wunner (2): PCI: hotplug: Don't leak pci_slot on registration failure PCI: pciehp: Fix use-after-free on unplug Marek Szyprowski (3): drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Myron Stowe (1): PCI: Skip MPS logic for Virtual Functions (VFs) Paolo Bonzini (1): KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ray Jui (1): ARM: dts: Cygnus: Fix I2C controller interrupt type Russell King (1): drm/armada: fix colorkey mode property Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Shuah Khan (Samsung OSG) (4): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (2): qed: Add sanity check for SIMD fastpath handler. bnx2x: Fix receiving tx-timeout in error or recovery state. Thomas Richter (1): perf test session topology: Fix test on s390 Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Willem de Bruijn (2): packet: reset network header if packet shorter than ll reserved space packet: refine ring v3 block size test to hold one frame William Wu (1): usb: dwc2: fix isoc split in transfer with no data Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (1): scsi: xen-scsifront: add error handling for xenbus_printf

6 years, 10 months

1
1
0 0

Linux 4.9.124

by Greg KH

I'm announcing the release of the 4.9.124 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arc/Makefile | 15 -- arch/arc/include/asm/mach_desc.h | 2 arch/arc/kernel/irq.c | 2 arch/arc/kernel/process.c | 47 +++++- arch/arm/boot/dts/am3517.dtsi | 5 arch/arm/boot/dts/am437x-sk-evm.dts | 2 arch/arm/boot/dts/bcm-cygnus.dtsi | 24 +-- arch/arm/boot/dts/bcm-nsp.dtsi | 32 ++-- arch/arm/boot/dts/da850.dtsi | 6 arch/arm/configs/imx_v4_v5_defconfig | 2 arch/arm/configs/imx_v6_v7_defconfig | 2 arch/arm/mach-omap2/omap-smp.c | 41 +++++ arch/arm/mach-pxa/irq.c | 4 arch/arm/mm/init.c | 9 + arch/arm64/boot/dts/broadcom/ns2.dtsi | 4 arch/arm64/kernel/smp.c | 2 arch/m68k/include/asm/mcf_pgalloc.h | 4 arch/parisc/include/asm/spinlock.h | 8 - arch/parisc/kernel/syscall.S | 24 +-- arch/s390/net/bpf_jit_comp.c | 1 arch/x86/entry/entry_64.S | 20 -- drivers/acpi/nfit/core.c | 4 drivers/ata/libahci.c | 7 - drivers/dma/k3dma.c | 2 drivers/dma/pl330.c | 2 drivers/gpu/drm/arm/malidp_hw.c | 3 drivers/gpu/drm/armada/armada_hw.h | 1 drivers/gpu/drm/armada/armada_overlay.c | 30 +++- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 drivers/gpu/drm/nouveau/nouveau_gem.c | 4 drivers/hid/wacom_wac.c | 10 + drivers/i2c/busses/i2c-imx.c | 8 - drivers/iio/pressure/bmp280-core.c | 5 drivers/infiniband/hw/mlx5/srq.c | 18 +- drivers/infiniband/sw/rxe/rxe_req.c | 3 drivers/md/raid10.c | 7 + drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 - drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 drivers/net/ethernet/cisco/enic/enic_main.c | 3 drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 + drivers/net/ethernet/qlogic/qed/qed_main.c | 12 + drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 drivers/net/ethernet/qualcomm/qca_spi.c | 21 +-- drivers/net/ethernet/renesas/ravb_main.c | 56 ++------ drivers/net/ethernet/renesas/sh_eth.c | 59 ++------ drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 ++ drivers/net/ethernet/ti/davinci_emac.c | 4 drivers/net/hamradio/bpqether.c | 8 - drivers/net/ieee802154/at86rf230.c | 15 -- drivers/net/ieee802154/fakelb.c | 2 drivers/net/ipvlan/ipvlan_main.c | 36 ++++- drivers/net/usb/rtl8150.c | 2 drivers/net/usb/smsc75xx.c | 62 ++++++++ drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 + drivers/nfc/pn533/usb.c | 4 drivers/nvme/target/core.c | 8 + drivers/pci/host/pci-host-common.c | 2 drivers/pci/host/pci-versatile.c | 2 drivers/pci/host/pcie-rcar.c | 2 drivers/pci/host/pcie-xilinx-nwl.c | 2 drivers/pci/host/pcie-xilinx.c | 1 drivers/pci/hotplug/pci_hotplug_core.c | 9 + drivers/pci/hotplug/pciehp.h | 1 drivers/pci/hotplug/pciehp_core.c | 7 + drivers/pci/hotplug/pciehp_hpc.c | 18 -- drivers/pci/pci.c | 38 +++++ drivers/pci/probe.c | 4 drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 drivers/scsi/xen-scsifront.c | 33 +++- drivers/usb/dwc2/gadget.c | 7 - drivers/usb/dwc2/hcd_intr.c | 3 drivers/usb/dwc3/dwc3-of-simple.c | 3 drivers/usb/gadget/composite.c | 3 drivers/usb/host/xhci-tegra.c | 2 drivers/usb/host/xhci.c | 7 - drivers/xen/manage.c | 18 ++ drivers/xen/xen-scsiback.c | 16 +- fs/ceph/inode.c | 1 fs/ext4/mballoc.c | 4 fs/reiserfs/xattr.c | 4 include/linux/fsl/guts.h | 1 include/linux/pci.h | 2 include/net/ipv6.h | 9 - include/net/net_namespace.h | 1 include/net/netns/ipv6.h | 1 include/net/tc_act/tc_tunnel_key.h | 1 include/net/tcp.h | 2 kernel/locking/lockdep.c | 12 - kernel/trace/trace.c | 5 mm/kasan/kasan.c | 5 net/batman-adv/bat_iv_ogm.c | 4 net/batman-adv/bat_v.c | 4 net/core/dev.c | 4 net/ieee802154/6lowpan/core.c | 6 net/ipv4/netfilter/ip_tables.c | 1 net/ipv4/tcp.c | 4 net/ipv4/tcp_dctcp.c | 25 --- net/ipv4/tcp_output.c | 4 net/ipv6/calipso.c | 9 - net/ipv6/exthdrs.c | 111 ++++------------ net/ipv6/ipv6_sockglue.c | 27 ++- net/ipv6/mcast.c | 9 - net/ipv6/netfilter/ip6_tables.c | 1 net/ipv6/netfilter/nf_conntrack_reasm.c | 6 net/netfilter/nf_conntrack_core.c | 2 net/netfilter/nf_conntrack_proto_dccp.c | 8 - net/netfilter/nf_log.c | 4 net/packet/af_packet.c | 12 + net/qrtr/qrtr.c | 4 net/sched/act_tunnel_key.c | 6 net/wireless/nl80211.c | 19 -- net/xfrm/xfrm_user.c | 8 - samples/bpf/parse_varlen.c | 6 samples/bpf/test_overhead_user.c | 19 ++ security/smack/smack_lsm.c | 1 sound/core/seq/seq_clientmgr.c | 3 tools/build/Makefile | 2 tools/objtool/elf.c | 41 ++++- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 tools/perf/bench/numa.c | 5 tools/perf/tests/topology.c | 1 tools/perf/util/llvm-utils.c | 6 tools/testing/selftests/pstore/pstore_post_reboot_tests | 5 tools/testing/selftests/static_keys/test_static_keys.sh | 13 + tools/testing/selftests/sync/config | 4 tools/testing/selftests/user/test_user_copy.sh | 7 + tools/testing/selftests/x86/sigreturn.c | 59 +++++--- tools/testing/selftests/zram/zram.sh | 5 tools/testing/selftests/zram/zram_lib.sh | 5 virt/kvm/arm/vgic/vgic-v3.c | 5 virt/kvm/eventfd.c | 11 - 139 files changed, 894 insertions(+), 573 deletions(-) Adam Ford (1): ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Alison Wang (1): drm: mali-dp: Enable Global SE interrupts mask for DP500 Andrey Ryabinin (1): netfilter: nf_conntrack: Fix possible possible crash on module loading. Andy Lutomirski (3): x86/entry/64: Remove %ebx handling from error_entry/exit selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs selftests/x86/sigreturn: Do minor cleanups Ard Biesheuvel (1): KVM: arm/arm64: Drop resource size check for GICV window Arun Kumar Neelakantam (1): net: qrtr: Broadcast messages only from control port Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Bob Copeland (1): nl80211: relax ht operation checks for mesh Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Dan Carpenter (4): dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors pinctrl: nsp: off by ones in nsp_pinmux_enable() drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Borkmann (1): bpf, s390: fix potential memleak when later bpf_jit_prog fails Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Dave Jiang (2): acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value nfit: fix unchecked dereference in acpi_nfit_ctl David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Davide Caratti (1): net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Dinh Nguyen (1): net: stmmac: socfpga: add additional ocp reset line for Stratix10 Dongjiu Geng (1): usb: xhci: remove the code build warning Eric Dumazet (2): netfilter: ipv6: nf_defrag: reduce struct net memory waste xfrm_user: prevent leaking 2 bytes of kernel memory Esben Haabendal (1): i2c: imx: Fix race condition in dma read Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Fainelli (2): ARM: dts: NSP: Fix i2c controller interrupt type ARM: dts: NSP: Fix PCIe controllers interrupt types Florian Westphal (2): netfilter: x_tables: set module owner for icmp(6) matches netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Kroah-Hartman (1): Linux 4.9.124 Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Hangbin Liu (2): ipv6: mcast: fix unsolicited report interval after receiving querys ipvlan: call dev_change_flags when ipvlan mode is reset Hans de Goede (1): NFC: pn533: Fix wrong GFP flag usage Jann Horn (2): netfilter: nf_log: fix uninit read in nf_log_proc_dostring reiserfs: fix broken xattr handling (heap corruption, bad retval) Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jeremy Cline (1): ext4: fix spectre gadget in ext4_mb_regular_allocator() Jiri Olsa (1): perf bench: Fix numa report output code Johan Hovold (1): usb: dwc3: of-simple: fix use-after-free on remove John David Anglin (2): parisc: Remove ordered stores from syscall.S parisc: Remove unnecessary barriers from spinlock.h John Garry (1): libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Josh Poimboeuf (1): objtool: Support GCC 8 '-fnoreorder-functions' Kamal Heib (1): RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (1): perf llvm-utils: Remove bashism from kernel include fetch script Laura Abbott (1): tools: build: Use HOSTLDFLAGS with fixdep Li RongQing (1): net: propagate dev_get_valid_name return code Lubomir Rintel (1): ieee802154: 6lowpan: set IFLA_LINK Lukas Wunner (3): PCI: hotplug: Don't leak pci_slot on registration failure PCI: pciehp: Fix use-after-free on unplug PCI: pciehp: Fix unprotected list iteration in IRQ handler Marek Szyprowski (4): dmaengine: pl330: report BURST residue granularity drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Max Gurtuvoy (1): nvmet: reset keep alive timer in controller enable Michael Chan (1): bnxt_en: Always set output parameters in bnxt_get_max_rings(). Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Myron Stowe (1): PCI: Skip MPS logic for Virtual Functions (VFs) Nicholas Mc Guire (2): PCI: xilinx: Add missing of_node_put() PCI: xilinx-nwl: Add missing of_node_put() Nishanth Menon (1): ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Paolo Bonzini (1): KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer Paul Moore (1): ipv6: make ipv6_renew_options() interrupt/kernel safe Peter Zijlstra (1): ARC: Improve cmpxchg syscall implementation Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ray Jui (3): ARM: dts: Cygnus: Fix I2C controller interrupt type ARM: dts: Cygnus: Fix PCIe controller interrupt type arm64: dts: ns2: Fix I2C controller interrupt type Russell King (1): drm/armada: fix colorkey mode property Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Sergei Shtylyov (2): PCI: OF: Fix I/O space page leak PCI: versatile: Fix I/O space page leak Shuah Khan (Samsung OSG) (4): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (2): qed: Add sanity check for SIMD fastpath handler. bnx2x: Fix receiving tx-timeout in error or recovery state. Sven Eckelmann (2): batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump batman-adv: Fix bat_v best gw refcnt after netlink dump Taeung Song (2): samples/bpf: add missing <linux/if_vlan.h> samples/bpf: Check the error of write() and read() Takashi Iwai (1): ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Thomas Richter (1): perf test session topology: Fix test on s390 Tomasz Duszynski (1): iio: pressure: bmp280: fix relative humidity unit Vijay Immanuel (1): IB/rxe: Fix missing completion for mem_reg work requests Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Vladimir Zapolskiy (4): sh_eth: fix invalid context bug while calling auto-negotiation by ethtool sh_eth: fix invalid context bug while changing link options by ethtool ravb: fix invalid context bug while calling auto-negotiation by ethtool ravb: fix invalid context bug while changing link options by ethtool Wei Yongjun (1): pinctrl: nsp: Fix potential NULL dereference Willem de Bruijn (2): packet: reset network header if packet shorter than ll reserved space packet: refine ring v3 block size test to hold one frame William Wu (1): usb: dwc2: fix isoc split in transfer with no data Yan, Zheng (1): ceph: fix dentry leak in splice_dentry() Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (3): xen: add error handling for xenbus_printf scsi: xen-scsifront: add error handling for xenbus_printf xen/scsiback: add error handling for xenbus_printf

6 years, 10 months

1
1
0 0

Linux 4.14.67

by Greg KH

I'm announcing the release of the 4.14.67 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 8 - arch/arc/Makefile | 15 -- arch/arc/include/asm/mach_desc.h | 2 arch/arc/kernel/irq.c | 2 arch/arc/kernel/process.c | 47 +++++- arch/arm/boot/dts/am3517.dtsi | 5 arch/arm/boot/dts/am437x-sk-evm.dts | 2 arch/arm/boot/dts/armada-385-synology-ds116.dts | 2 arch/arm/boot/dts/bcm-cygnus.dtsi | 24 +-- arch/arm/boot/dts/bcm-nsp.dtsi | 32 ++-- arch/arm/boot/dts/bcm5301x.dtsi | 2 arch/arm/boot/dts/da850.dtsi | 6 arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi | 2 arch/arm/configs/imx_v4_v5_defconfig | 2 arch/arm/configs/imx_v6_v7_defconfig | 2 arch/arm/mach-davinci/board-da850-evm.c | 2 arch/arm/mach-omap2/omap-smp.c | 41 +++++ arch/arm/mach-pxa/irq.c | 4 arch/arm/mm/init.c | 9 + arch/arm64/boot/dts/amlogic/meson-gxl-mali.dtsi | 2 arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 8 - arch/arm64/boot/dts/broadcom/stingray/bcm958742k.dts | 4 arch/arm64/boot/dts/broadcom/stingray/bcm958742t.dts | 4 arch/arm64/boot/dts/broadcom/stingray/stingray.dtsi | 4 arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 arch/arm64/kernel/smp.c | 2 arch/arm64/mm/dma-mapping.c | 9 - arch/m68k/include/asm/mcf_pgalloc.h | 4 arch/openrisc/kernel/entry.S | 8 - arch/openrisc/kernel/head.S | 9 - arch/openrisc/kernel/traps.c | 2 arch/parisc/include/asm/spinlock.h | 8 - arch/parisc/kernel/syscall.S | 24 +-- arch/s390/net/bpf_jit_comp.c | 1 arch/x86/kernel/cpu/microcode/intel.c | 5 arch/x86/kernel/kvmclock.c | 1 arch/x86/kernel/smpboot.c | 5 block/sed-opal.c | 4 drivers/acpi/ec.c | 20 ++ drivers/acpi/nfit/core.c | 4 drivers/ata/libahci.c | 7 - drivers/block/drbd/drbd_req.c | 4 drivers/block/nbd.c | 40 ++++- drivers/dax/device.c | 12 + drivers/dma/k3dma.c | 2 drivers/dma/pl330.c | 2 drivers/edac/edac_mc.c | 1 drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 drivers/gpu/drm/arm/malidp_hw.c | 3 drivers/gpu/drm/arm/malidp_planes.c | 5 drivers/gpu/drm/armada/armada_crtc.c | 12 + drivers/gpu/drm/armada/armada_hw.h | 1 drivers/gpu/drm/armada/armada_overlay.c | 30 +++- drivers/gpu/drm/bridge/sil-sii8620.c | 41 +++-- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 drivers/gpu/drm/i915/gvt/kvmgt.c | 9 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 drivers/gpu/drm/tegra/drm.c | 2 drivers/gpu/host1x/job.c | 3 drivers/hid/wacom_wac.c | 10 + drivers/hwmon/nct6775.c | 2 drivers/i2c/busses/i2c-imx.c | 8 - drivers/i2c/i2c-core-acpi.c | 11 + drivers/iio/pressure/bmp280-core.c | 5 drivers/infiniband/hw/mlx4/mr.c | 7 - drivers/infiniband/hw/mlx5/srq.c | 18 +- drivers/infiniband/sw/rxe/rxe_req.c | 3 drivers/input/rmi4/rmi_2d_sensor.c | 34 ++-- drivers/md/raid10.c | 7 + drivers/mtd/devices/mtd_dataflash.c | 4 drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 + drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 drivers/net/ethernet/cisco/enic/enic_main.c | 3 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 15 +- drivers/net/ethernet/freescale/fman/fman_port.c | 8 + drivers/net/ethernet/ibm/ibmvnic.c | 4 drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 + drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 12 - drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nffw.c | 2 drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 11 - drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 + drivers/net/ethernet/qlogic/qed/qed_main.c | 12 + drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 drivers/net/ethernet/qualcomm/qca_spi.c | 21 +-- drivers/net/ethernet/renesas/ravb_main.c | 56 ++------ drivers/net/ethernet/renesas/sh_eth.c | 59 ++------ drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 ++ drivers/net/ethernet/ti/davinci_emac.c | 4 drivers/net/hamradio/bpqether.c | 8 - drivers/net/hyperv/rndis_filter.c | 1 drivers/net/ieee802154/at86rf230.c | 15 -- drivers/net/ieee802154/fakelb.c | 2 drivers/net/ipvlan/ipvlan_main.c | 36 ++++- drivers/net/usb/rtl8150.c | 2 drivers/net/usb/smsc75xx.c | 62 ++++++++ drivers/net/wireless/ath/ath10k/mac.c | 16 ++ drivers/net/wireless/ath/ath10k/wmi.h | 1 drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 + drivers/nfc/pn533/usb.c | 4 drivers/nvme/host/core.c | 2 drivers/nvme/target/core.c | 8 + drivers/nvmem/core.c | 4 drivers/pci/host/pci-ftpci100.c | 2 drivers/pci/host/pci-host-common.c | 2 drivers/pci/host/pci-versatile.c | 2 drivers/pci/host/pcie-rcar.c | 2 drivers/pci/host/pcie-xilinx-nwl.c | 2 drivers/pci/host/pcie-xilinx.c | 1 drivers/pci/hotplug/pci_hotplug_core.c | 9 + drivers/pci/hotplug/pciehp.h | 1 drivers/pci/hotplug/pciehp_core.c | 7 + drivers/pci/hotplug/pciehp_hpc.c | 18 -- drivers/pci/pci.c | 38 +++++ drivers/pci/probe.c | 4 drivers/perf/xgene_pmu.c | 2 drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 drivers/pinctrl/pinctrl-ingenic.c | 2 drivers/s390/cio/vfio_ccw_drv.c | 5 drivers/scsi/qedf/qedf_main.c | 12 + drivers/scsi/qedi/qedi_main.c | 11 + drivers/scsi/xen-scsifront.c | 33 +++- drivers/soc/imx/gpc.c | 21 +++ drivers/soc/imx/gpcv2.c | 13 + drivers/staging/typec/tcpm.c | 3 drivers/tty/pty.c | 2 drivers/usb/dwc2/core.h | 3 drivers/usb/dwc2/gadget.c | 15 +- drivers/usb/dwc2/hcd.c | 89 ++++++++++++ drivers/usb/dwc2/hcd.h | 8 + drivers/usb/dwc2/hcd_intr.c | 11 + drivers/usb/dwc2/hcd_queue.c | 3 drivers/usb/dwc3/dwc3-of-simple.c | 3 drivers/usb/dwc3/dwc3-pci.c | 2 drivers/usb/gadget/composite.c | 3 drivers/usb/gadget/function/f_fs.c | 26 ++- drivers/usb/host/xhci-tegra.c | 2 drivers/usb/host/xhci.c | 7 - drivers/xen/manage.c | 18 ++ drivers/xen/xen-scsiback.c | 16 +- fs/btrfs/scrub.c | 17 +- fs/ceph/inode.c | 1 fs/ext4/mballoc.c | 4 fs/f2fs/segment.c | 32 ++++ fs/f2fs/segment.h | 22 ++- fs/nfs/nfs4proc.c | 17 +- fs/reiserfs/xattr.c | 4 include/linux/fsl/guts.h | 1 include/linux/pci.h | 2 include/net/ipv6.h | 9 - include/net/net_namespace.h | 1 include/net/netns/ipv6.h | 1 include/net/tc_act/tc_tunnel_key.h | 1 include/net/tcp.h | 2 include/uapi/linux/nbd.h | 3 kernel/bpf/hashtab.c | 16 +- kernel/locking/lockdep.c | 12 - kernel/trace/trace.c | 5 mm/kasan/kasan.c | 5 net/batman-adv/bat_iv_ogm.c | 4 net/batman-adv/bat_v.c | 4 net/batman-adv/translation-table.c | 7 - net/core/dev.c | 4 net/ieee802154/6lowpan/core.c | 6 net/ipv4/netfilter/ip_tables.c | 1 net/ipv4/tcp.c | 4 net/ipv4/tcp_dctcp.c | 25 --- net/ipv4/tcp_output.c | 4 net/ipv6/calipso.c | 9 - net/ipv6/exthdrs.c | 111 ++++------------ net/ipv6/ipv6_sockglue.c | 27 ++- net/ipv6/mcast.c | 9 - net/ipv6/netfilter/ip6_tables.c | 1 net/ipv6/netfilter/nf_conntrack_reasm.c | 6 net/netfilter/nf_conntrack_core.c | 2 net/netfilter/nf_conntrack_helper.c | 5 net/netfilter/nf_conntrack_proto_dccp.c | 8 - net/netfilter/nf_log.c | 4 net/netfilter/nft_compat.c | 13 + net/packet/af_packet.c | 12 + net/qrtr/qrtr.c | 4 net/sched/act_tunnel_key.c | 6 net/sctp/chunk.c | 4 net/smc/af_smc.c | 3 net/wireless/nl80211.c | 35 ++--- net/xfrm/xfrm_user.c | 8 - samples/bpf/parse_varlen.c | 6 samples/bpf/test_overhead_user.c | 19 ++ samples/bpf/trace_event_user.c | 27 +++ scripts/kconfig/zconf.y | 4 security/smack/smack_lsm.c | 1 sound/core/seq/seq_clientmgr.c | 3 tools/build/Makefile | 2 tools/objtool/elf.c | 41 ++++- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 tools/perf/arch/x86/util/perf_regs.c | 2 tools/perf/bench/numa.c | 5 tools/perf/jvmti/jvmti_agent.c | 3 tools/perf/tests/topology.c | 1 tools/perf/util/c++/clang.cpp | 11 + tools/perf/util/header.c | 10 + tools/perf/util/llvm-utils.c | 6 tools/perf/util/parse-events.y | 5 tools/perf/util/scripting-engines/trace-event-python.c | 8 - tools/testing/selftests/bpf/test_kmod.sh | 9 + tools/testing/selftests/pstore/pstore_post_reboot_tests | 5 tools/testing/selftests/static_keys/test_static_keys.sh | 13 + tools/testing/selftests/sync/config | 4 tools/testing/selftests/sysctl/sysctl.sh | 20 +- tools/testing/selftests/user/test_user_copy.sh | 7 + tools/testing/selftests/vm/compaction_test.c | 4 tools/testing/selftests/vm/mlock2-tests.c | 12 + tools/testing/selftests/vm/run_vmtests | 5 tools/testing/selftests/vm/userfaultfd.c | 4 tools/testing/selftests/x86/sigreturn.c | 59 +++++--- tools/testing/selftests/zram/zram.sh | 5 tools/testing/selftests/zram/zram_lib.sh | 5 virt/kvm/arm/vgic/vgic-v3.c | 5 virt/kvm/eventfd.c | 11 - 227 files changed, 1565 insertions(+), 779 deletions(-) Adam Ford (2): ARM: davinci: board-da850-evm: fix WP pin polarity for MMC/SD ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alex Deucher (1): drm/amdgpu: fix swapped emit_ib_size in vce3 Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexander Sverdlin (1): octeon_mgmt: Fix MIX registers configuration on MTU setup Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Alison Wang (1): drm: mali-dp: Enable Global SE interrupts mask for DP500 Andrey Ryabinin (1): netfilter: nf_conntrack: Fix possible possible crash on module loading. Andrzej Hajda (1): drm/bridge/sii8620: fix loops in EDID fetch logic Andy Lutomirski (2): selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs selftests/x86/sigreturn: Do minor cleanups Anson Huang (2): soc: imx: gpcv2: correct PGC offset soc: imx: gpc: restrict register range for regmap access Ard Biesheuvel (1): KVM: arm/arm64: Drop resource size check for GICV window Arun Kumar Neelakantam (1): net: qrtr: Broadcast messages only from control port Ayan Kumar Halder (1): drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format Bart Van Assche (1): drbd: Fix drbd_request_prepare() discard handling Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Bob Copeland (1): nl80211: relax ht operation checks for mesh Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chengguang Xu (1): nfp: cast sizeof() to int when comparing with error code Christophe Jaillet (1): IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Dan Carpenter (6): block: sed-opal: Fix a couple off by one bugs typec: tcpm: Fix a msecs vs jiffies bug dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qlogic: check kstrtoul() for errors pinctrl: nsp: off by ones in nsp_pinmux_enable() drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Borkmann (1): bpf, s390: fix potential memleak when later bpf_jit_prog fails Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Dave Jiang (2): acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value nfit: fix unchecked dereference in acpi_nfit_ctl David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Davide Caratti (1): net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Dinh Nguyen (1): net: stmmac: socfpga: add additional ocp reset line for Stratix10 Dirk Gouders (1): kconfig: fix line numbers for if-entries in menu tree Dmitry Osipenko (1): gpu: host1x: Check whether size of unpin isn't 0 Dong Jia Shi (1): vfio: ccw: fix error return in vfio_ccw_sch_event Dongjiu Geng (1): usb: xhci: remove the code build warning Doron Roberts-Kedes (1): nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag. Douglas Anderson (1): nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us Eli Cohen (1): net/mlx5: E-Switch, Disallow vlan/spoofcheck setup if not being esw manager Eric Dumazet (2): netfilter: ipv6: nf_defrag: reduce struct net memory waste xfrm_user: prevent leaking 2 bytes of kernel memory Esben Haabendal (1): i2c: imx: Fix race condition in dma read Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Fainelli (3): ARM: dts: NSP: Fix i2c controller interrupt type ARM: dts: NSP: Fix PCIe controllers interrupt types ARM: dts: BCM5301x: Fix i2c controller interrupt type Florian Westphal (3): netfilter: x_tables: set module owner for icmp(6) matches netfilter: nft_compat: explicitly reject ERROR and standard target netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Gao Feng (1): netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister Geert Uytterhoeven (1): mtd: dataflash: Use ULL suffix for 64-bit constants Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greg Kroah-Hartman (1): Linux 4.14.67 Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Guenter Roeck (1): hwmon: (nct6775) Fix loop limit Gustavo A. R. Silva (1): drm/i915/kvmgt: Fix potential Spectre v1 Hangbin Liu (2): ipv6: mcast: fix unsolicited report interval after receiving querys ipvlan: call dev_change_flags when ipvlan mode is reset Hans de Goede (2): NFC: pn533: Fix wrong GFP flag usage i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Heikki Krogerus (1): usb: dwc3: pci: add support for Intel IceLake Hoan Tran (1): drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error Jaegeuk Kim (2): f2fs: return error during fill_super f2fs: sanity check for total valid node blocks Jann Horn (2): netfilter: nf_log: fix uninit read in nf_log_proc_dostring reiserfs: fix broken xattr handling (heap corruption, bad retval) Janne Huttunen (1): perf script python: Fix dict reference counting Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jeff Moyer (1): dev-dax: check_vma: ratelimit dev_info-s Jeffrin Jose T (1): selftests: bpf: notification about privilege required to run test_kmod.sh testing script Jeremy Cline (1): ext4: fix spectre gadget in ext4_mb_regular_allocator() Jiri Olsa (3): perf tools: Fix error index for pmu event parser perf bench: Fix numa report output code perf tools: Fix compilation errors on gcc8 Johan Hovold (1): usb: dwc3: of-simple: fix use-after-free on remove Johannes Berg (1): nl80211: check nla_parse_nested() return values John Allen (1): ibmvnic: Fix error recovery on login failure John David Anglin (2): parisc: Remove ordered stores from syscall.S parisc: Remove unnecessary barriers from spinlock.h John Garry (1): libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Josh Poimboeuf (1): objtool: Support GCC 8 '-fnoreorder-functions' Kamal Heib (1): RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (1): perf llvm-utils: Remove bashism from kernel include fetch script Laura Abbott (1): tools: build: Use HOSTLDFLAGS with fixdep Li RongQing (1): net: propagate dev_get_valid_name return code Linus Lüssing (2): batman-adv: Avoid storing non-TT-sync flags on singular entries too batman-adv: Fix multicast TT issues with bogus ROAM flags Lubomir Rintel (1): ieee802154: 6lowpan: set IFLA_LINK Lucas Stach (1): Input: synaptics-rmi4 - fix axis-swap behavior Lukas Wunner (3): PCI: hotplug: Don't leak pci_slot on registration failure PCI: pciehp: Fix use-after-free on unplug PCI: pciehp: Fix unprotected list iteration in IRQ handler Maciej Purski (3): drm/bridge/sii8620: fix potential buffer overflow drm/bridge/sii8620: fix display of packed pixel modes in MHL2 drm/bridge/sii8620: Fix display of packed pixel modes Madalin Bucur (2): fsl/fman: fix parser reporting bad checksum on short frames dpaa_eth: DPAA SGT needs to be 256B Manish Rangankar (1): scsi: qedi: Send driver state to MFW Marcelo Ricardo Leitner (1): sctp: fix erroneous inc of snmp SctpFragUsrMsgs Marek Szyprowski (5): arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag dmaengine: pl330: report BURST residue granularity drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Martin Blumenstingl (1): ARM64: dts: meson-gxl: fix Mali GPU compatible string Masahiro Yamada (1): kbuild: suppress warnings from 'getconf LFS_*' Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Matthijs van Duin (1): pty: fix O_CLOEXEC for TIOCGPTPEER Mauricio Vasquez B (1): bpf: hash map: decrement counter on error Max Gurtuvoy (1): nvmet: reset keep alive timer in controller enable Michael Chan (2): bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic. bnxt_en: Always set output parameters in bnxt_get_max_rings(). Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Mika Westerberg (1): ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th Mikko Perttunen (1): drm/tegra: Fix comparison operator for buffer size Minas Harutyunyan (2): usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation Myron Stowe (1): PCI: Skip MPS logic for Virtual Functions (VFs) Nicholas Mc Guire (3): PCI: xilinx: Add missing of_node_put() PCI: xilinx-nwl: Add missing of_node_put() PCI: faraday: Add missing of_node_put() Nishanth Menon (1): ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Paolo Bonzini (1): KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer Paul Cercueil (1): pinctrl: ingenic: Fix inverted direction for < JZ4770 Paul Moore (1): ipv6: make ipv6_renew_options() interrupt/kernel safe Peng Hao (1): kvmclock: fix TSC calibration for nested guests Peter Zijlstra (1): ARC: Improve cmpxchg syscall implementation Qu Wenruo (1): btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ray Jui (5): ARM: dts: Cygnus: Fix I2C controller interrupt type ARM: dts: Cygnus: Fix PCIe controller interrupt type arm64: dts: ns2: Fix I2C controller interrupt type arm64: dts: ns2: Fix PCIe controller interrupt type arm64: dts: Stingray: Fix I2C controller interrupt type Rob Herring (1): arm64: dts: msm8916: fix Coresight ETF graph connections Robin H. Johnson (1): ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems Roland Dreier (1): nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD Russell King (2): drm/armada: fix colorkey mode property drm/armada: fix irq handling Ryan Hsu (1): ath10k: update the phymode along with bandwidth change request Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Saurav Kashyap (1): scsi: qedf: Send the driver state to MFW Scott Branden (2): arm64: dts: specify 1.8V EMMC capabilities for bcm958742k arm64: dts: specify 1.8V EMMC capabilities for bcm958742t Sergei Shtylyov (2): PCI: OF: Fix I/O space page leak PCI: versatile: Fix I/O space page leak Shuah Khan (Samsung OSG) (6): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: sysctl: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests selftests: vm: return Kselftest Skip code for skipped tests Stafford Horne (1): openrisc: entry: Fix delay slot exception detection Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Stephen Hemminger (1): hv/netvsc: fix handling of fallback to single queue mode Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (4): qed: Fix possible memory leak in Rx error path handling. qed: Add sanity check for SIMD fastpath handler. qed: Do not advertise DCBX_LLD_MANAGED capability. bnx2x: Fix receiving tx-timeout in error or recovery state. Sven Eckelmann (2): batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump batman-adv: Fix bat_v best gw refcnt after netlink dump Taeung Song (3): samples/bpf: add missing <linux/if_vlan.h> samples/bpf: Check the result of system() samples/bpf: Check the error of write() and read() Takashi Iwai (2): EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Thomas Richter (2): perf record: Support s390 random socket_id assignment perf test session topology: Fix test on s390 Tomasz Duszynski (1): iio: pressure: bmp280: fix relative humidity unit Trond Myklebust (1): pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception Ursula Braun (1): net/smc: no shutdown in state SMC_LISTEN Uwe Kleine-König (1): ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch Vijay Immanuel (1): IB/rxe: Fix missing completion for mem_reg work requests Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Vincent Pelletier (1): usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers Viresh Kumar (1): arm: dts: armada: Fix "#cooling-cells" property's name Vladimir Zapolskiy (4): sh_eth: fix invalid context bug while calling auto-negotiation by ethtool sh_eth: fix invalid context bug while changing link options by ethtool ravb: fix invalid context bug while calling auto-negotiation by ethtool ravb: fix invalid context bug while changing link options by ethtool Wei Yongjun (1): pinctrl: nsp: Fix potential NULL dereference Willem de Bruijn (2): packet: reset network header if packet shorter than ll reserved space packet: refine ring v3 block size test to hold one frame William Wu (2): usb: dwc2: alloc dma aligned buffer for isoc split in usb: dwc2: fix isoc split in transfer with no data Yan, Zheng (1): ceph: fix dentry leak in splice_dentry() Yonghong Song (1): perf tools: Fix a clang 7.0 compilation error Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhenzhong Duan (2): x86/microcode/intel: Fix memleak in save_microcode_patch() x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (3): xen: add error handling for xenbus_printf scsi: xen-scsifront: add error handling for xenbus_printf xen/scsiback: add error handling for xenbus_printf

6 years, 10 months

1
1
0 0

Linux 4.17.19

by Greg KH

I'm announcing the release of the 4.17.19 kernel. Note, this is the LAST 4.17.y kernel to be released, it is now end-of-life. Pleas move to 4.18.y at this time. All users of the 4.17 kernel series must upgrade. The updated 4.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.17.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 8 - arch/arc/Makefile | 15 - arch/arc/include/asm/mach_desc.h | 2 arch/arc/kernel/irq.c | 2 arch/arc/kernel/process.c | 47 ++++-- arch/arc/plat-hsdk/platform.c | 62 ++++++++ arch/arm/boot/dts/am3517.dtsi | 5 arch/arm/boot/dts/am437x-sk-evm.dts | 2 arch/arm/boot/dts/armada-385-synology-ds116.dts | 2 arch/arm/boot/dts/bcm-cygnus.dtsi | 24 +-- arch/arm/boot/dts/bcm-hr2.dtsi | 24 +-- arch/arm/boot/dts/bcm-nsp.dtsi | 32 ++-- arch/arm/boot/dts/bcm5301x.dtsi | 2 arch/arm/boot/dts/da850.dtsi | 6 arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi | 2 arch/arm/boot/dts/omap4-droid4-xt894.dts | 9 - arch/arm/configs/imx_v4_v5_defconfig | 2 arch/arm/configs/imx_v6_v7_defconfig | 2 arch/arm/crypto/speck-neon-core.S | 6 arch/arm/mach-davinci/board-da850-evm.c | 2 arch/arm/mach-omap2/omap-smp.c | 41 +++++ arch/arm/mach-pxa/irq.c | 4 arch/arm/mm/init.c | 9 + arch/arm64/boot/dts/amlogic/meson-axg-s400.dts | 15 + arch/arm64/boot/dts/amlogic/meson-gxl-mali.dtsi | 2 arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 8 - arch/arm64/boot/dts/broadcom/stingray/bcm958742k.dts | 4 arch/arm64/boot/dts/broadcom/stingray/bcm958742t.dts | 4 arch/arm64/boot/dts/broadcom/stingray/stingray.dtsi | 4 arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 arch/arm64/boot/dts/socionext/uniphier-ld11-global.dts | 2 arch/arm64/boot/dts/socionext/uniphier-ld20-global.dts | 2 arch/arm64/include/asm/alternative.h | 7 arch/arm64/kernel/alternative.c | 51 +++++- arch/arm64/kernel/module.c | 5 arch/arm64/kernel/smp.c | 2 arch/arm64/mm/dma-mapping.c | 9 - arch/ia64/kernel/perfmon.c | 6 arch/ia64/mm/init.c | 12 - arch/m68k/include/asm/mcf_pgalloc.h | 4 arch/nds32/kernel/setup.c | 3 arch/openrisc/kernel/entry.S | 8 - arch/openrisc/kernel/head.S | 9 - arch/openrisc/kernel/traps.c | 2 arch/parisc/include/asm/spinlock.h | 8 - arch/parisc/kernel/syscall.S | 24 +-- arch/powerpc/kernel/smp.c | 6 arch/riscv/kernel/irq.c | 4 arch/riscv/kernel/module.c | 4 arch/riscv/kernel/ptrace.c | 2 arch/s390/net/bpf_jit_comp.c | 1 arch/x86/include/asm/processor.h | 1 arch/x86/include/asm/set_memory.h | 1 arch/x86/kernel/cpu/microcode/intel.c | 5 arch/x86/kernel/kvmclock.c | 1 arch/x86/kernel/smpboot.c | 5 arch/x86/kvm/vmx.c | 9 - arch/x86/mm/init.c | 37 ++++ arch/x86/mm/init_64.c | 8 - arch/x86/mm/pageattr.c | 13 + block/blk-mq-debugfs.c | 2 block/blk-mq.c | 12 + block/sed-opal.c | 4 drivers/acpi/ec.c | 20 ++ drivers/acpi/nfit/core.c | 4 drivers/ata/libahci.c | 7 drivers/block/drbd/drbd_req.c | 4 drivers/block/nbd.c | 40 ++++- drivers/char/ipmi/kcs_bmc.c | 31 +--- drivers/clk/Makefile | 2 drivers/clk/davinci/da8xx-cfgchip.c | 2 drivers/clk/sunxi-ng/Makefile | 39 +---- drivers/clocksource/timer-stm32.c | 4 drivers/dax/device.c | 12 + drivers/dma/k3dma.c | 2 drivers/dma/omap-dma.c | 6 drivers/dma/pl330.c | 2 drivers/edac/edac_mc.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 3 drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c | 19 ++ drivers/gpu/drm/amd/powerplay/hwmgr/vega12_hwmgr.c | 1 drivers/gpu/drm/arm/malidp_drv.c | 3 drivers/gpu/drm/arm/malidp_hw.c | 3 drivers/gpu/drm/arm/malidp_planes.c | 9 - drivers/gpu/drm/armada/armada_crtc.c | 12 + drivers/gpu/drm/armada/armada_hw.h | 1 drivers/gpu/drm/armada/armada_overlay.c | 30 ++- drivers/gpu/drm/bridge/sil-sii8620.c | 121 ++++++++-------- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++- drivers/gpu/drm/exynos/regs-gsc.h | 1 drivers/gpu/drm/i915/gvt/kvmgt.c | 9 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 drivers/gpu/drm/sun4i/Makefile | 5 drivers/gpu/drm/tegra/drm.c | 2 drivers/gpu/host1x/dev.c | 3 drivers/gpu/host1x/job.c | 3 drivers/hid/hid-google-hammer.c | 2 drivers/hid/hid-ids.h | 1 drivers/hid/wacom_wac.c | 10 + drivers/hwmon/dell-smm-hwmon.c | 7 drivers/hwmon/nct6775.c | 2 drivers/i2c/busses/i2c-imx.c | 8 - drivers/i2c/i2c-core-acpi.c | 11 + drivers/iio/pressure/bmp280-core.c | 5 drivers/infiniband/hw/mlx4/mr.c | 7 drivers/infiniband/hw/mlx5/srq.c | 18 +- drivers/infiniband/hw/qedr/verbs.c | 3 drivers/infiniband/sw/rxe/rxe_req.c | 5 drivers/input/rmi4/rmi_2d_sensor.c | 34 ++-- drivers/irqchip/irq-gic-v2m.c | 2 drivers/irqchip/irq-gic-v3-its.c | 10 + drivers/md/raid10.c | 7 drivers/mtd/devices/mtd_dataflash.c | 4 drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 15 + drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 30 +++ drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 2 drivers/net/ethernet/cadence/macb_main.c | 11 - drivers/net/ethernet/cavium/Kconfig | 12 - drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 + drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 35 +--- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 drivers/net/ethernet/cisco/enic/enic_main.c | 3 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 15 + drivers/net/ethernet/freescale/fman/fman_port.c | 8 + drivers/net/ethernet/ibm/ibmvnic.c | 43 +++-- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 + drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 2 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 12 - drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 drivers/net/ethernet/netronome/nfp/bpf/main.c | 6 drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nffw.c | 2 drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 11 - drivers/net/ethernet/qlogic/qed/qed_debug.c | 2 drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 + drivers/net/ethernet/qlogic/qed/qed_main.c | 12 + drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 drivers/net/ethernet/qualcomm/qca_spi.c | 21 +- drivers/net/ethernet/realtek/r8169.c | 1 drivers/net/ethernet/renesas/ravb_main.c | 56 ++----- drivers/net/ethernet/renesas/sh_eth.c | 59 ++----- drivers/net/ethernet/sfc/ef10.c | 30 ++- drivers/net/ethernet/sfc/efx.c | 17 +- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 +- drivers/net/ethernet/ti/davinci_emac.c | 4 drivers/net/hamradio/bpqether.c | 8 - drivers/net/hyperv/rndis_filter.c | 1 drivers/net/ieee802154/adf7242.c | 34 ++++ drivers/net/ieee802154/at86rf230.c | 15 - drivers/net/ieee802154/fakelb.c | 2 drivers/net/ieee802154/mcr20a.c | 3 drivers/net/ipvlan/ipvlan_main.c | 36 +++- drivers/net/phy/marvell.c | 54 ++++--- drivers/net/phy/sfp-bus.c | 35 +++- drivers/net/usb/rtl8150.c | 2 drivers/net/usb/smsc75xx.c | 62 ++++++++ drivers/net/wireless/ath/ath10k/mac.c | 16 +- drivers/net/wireless/ath/ath10k/wmi.h | 1 drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 drivers/nfc/pn533/usb.c | 4 drivers/nvme/host/core.c | 52 +++--- drivers/nvme/host/pci.c | 2 drivers/nvme/host/rdma.c | 28 ++- drivers/nvme/target/core.c | 8 + drivers/nvmem/core.c | 4 drivers/of/base.c | 6 drivers/of/of_private.h | 2 drivers/of/overlay.c | 11 + drivers/pci/dwc/pcie-designware-host.c | 3 drivers/pci/host/pci-aardvark.c | 2 drivers/pci/host/pci-ftpci100.c | 4 drivers/pci/host/pci-v3-semi.c | 2 drivers/pci/host/pci-versatile.c | 2 drivers/pci/host/pci-xgene.c | 2 drivers/pci/host/pcie-mediatek.c | 2 drivers/pci/host/pcie-xilinx-nwl.c | 2 drivers/pci/host/pcie-xilinx.c | 1 drivers/pci/hotplug/pci_hotplug_core.c | 9 + drivers/pci/hotplug/pciehp.h | 1 drivers/pci/hotplug/pciehp_core.c | 7 drivers/pci/hotplug/pciehp_hpc.c | 18 -- drivers/pci/of.c | 2 drivers/pci/pci-acpi.c | 6 drivers/pci/pci.c | 66 ++++++++ drivers/pci/probe.c | 4 drivers/perf/xgene_pmu.c | 2 drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 drivers/pinctrl/pinctrl-ingenic.c | 2 drivers/platform/x86/dell-laptop.c | 2 drivers/rtc/interface.c | 8 - drivers/s390/cio/vfio_ccw_drv.c | 5 drivers/s390/net/qeth_core.h | 2 drivers/s390/net/qeth_core_main.c | 23 +-- drivers/s390/net/qeth_l2_main.c | 5 drivers/s390/net/qeth_l3_main.c | 3 drivers/scsi/hpsa.c | 25 ++- drivers/scsi/hpsa.h | 1 drivers/scsi/qedf/qedf_main.c | 12 + drivers/scsi/qedi/qedi_main.c | 11 + drivers/scsi/xen-scsifront.c | 33 +++- drivers/soc/imx/gpc.c | 21 ++ drivers/soc/imx/gpcv2.c | 13 + drivers/tty/pty.c | 2 drivers/usb/chipidea/host.c | 5 drivers/usb/dwc2/core.h | 3 drivers/usb/dwc2/gadget.c | 15 + drivers/usb/dwc2/hcd.c | 93 +++++++++++- drivers/usb/dwc2/hcd.h | 8 + drivers/usb/dwc2/hcd_intr.c | 11 + drivers/usb/dwc2/hcd_queue.c | 3 drivers/usb/dwc3/dwc3-of-simple.c | 3 drivers/usb/dwc3/dwc3-pci.c | 2 drivers/usb/gadget/composite.c | 3 drivers/usb/gadget/function/f_fs.c | 26 ++- drivers/usb/host/xhci-dbgcap.c | 12 + drivers/usb/host/xhci-tegra.c | 2 drivers/usb/host/xhci.c | 7 drivers/usb/typec/tcpm.c | 3 drivers/xen/manage.c | 18 +- drivers/xen/xen-scsiback.c | 16 +- fs/btrfs/scrub.c | 17 +- fs/ceph/inode.c | 1 fs/cifs/smb2pdu.c | 5 fs/exec.c | 6 fs/ext4/mballoc.c | 4 fs/nfs/nfs4proc.c | 17 +- fs/reiserfs/xattr.c | 4 include/linux/fsl/guts.h | 1 include/linux/kthread.h | 1 include/linux/marvell_phy.h | 2 include/linux/mm.h | 4 include/linux/pci.h | 2 include/linux/sched.h | 2 include/net/ipv6.h | 9 - include/net/net_namespace.h | 1 include/net/netns/ipv6.h | 1 include/net/tc_act/tc_csum.h | 1 include/net/tc_act/tc_tunnel_key.h | 1 include/net/tcp.h | 2 include/uapi/linux/nbd.h | 3 kernel/bpf/hashtab.c | 16 +- kernel/fork.c | 35 +++- kernel/kthread.c | 30 +++ kernel/locking/lockdep.c | 12 - kernel/sched/core.c | 67 ++++---- kernel/sched/deadline.c | 11 + kernel/sched/fair.c | 30 +-- kernel/sched/sched.h | 6 kernel/trace/trace.c | 5 mm/kasan/kasan.c | 5 mm/mmap.c | 35 +--- mm/nommu.c | 10 - mm/page_alloc.c | 16 +- net/9p/client.c | 3 net/batman-adv/bat_iv_ogm.c | 4 net/batman-adv/bat_v.c | 4 net/batman-adv/debugfs.c | 40 +++++ net/batman-adv/debugfs.h | 11 + net/batman-adv/hard-interface.c | 37 ++++ net/batman-adv/translation-table.c | 7 net/core/dev.c | 4 net/core/filter.c | 3 net/ieee802154/6lowpan/core.c | 6 net/ipv4/inet_fragment.c | 2 net/ipv4/netfilter/ip_tables.c | 1 net/ipv4/tcp.c | 4 net/ipv4/tcp_dctcp.c | 25 --- net/ipv4/tcp_output.c | 4 net/ipv6/calipso.c | 9 - net/ipv6/exthdrs.c | 111 +++----------- net/ipv6/ipv6_sockglue.c | 27 ++- net/ipv6/mcast.c | 9 - net/ipv6/netfilter/ip6_tables.c | 1 net/ipv6/netfilter/nf_conntrack_reasm.c | 6 net/mac80211/tx.c | 2 net/netfilter/nf_conntrack_core.c | 2 net/netfilter/nf_conntrack_helper.c | 5 net/netfilter/nf_conntrack_proto_dccp.c | 8 - net/netfilter/nf_log.c | 4 net/netfilter/nft_compat.c | 13 + net/packet/af_packet.c | 12 + net/qrtr/qrtr.c | 13 + net/rds/connection.c | 11 + net/rds/loop.c | 56 +++++++ net/rds/loop.h | 2 net/sched/act_csum.c | 6 net/sched/act_tunnel_key.c | 6 net/sctp/chunk.c | 4 net/smc/af_smc.c | 3 net/smc/smc_clc.c | 3 net/tipc/discover.c | 18 +- net/tipc/net.c | 17 +- net/tipc/node.c | 7 net/tls/tls_sw.c | 5 net/wireless/nl80211.c | 35 +--- net/xfrm/xfrm_user.c | 8 - samples/bpf/parse_varlen.c | 6 samples/bpf/test_overhead_user.c | 19 +- samples/bpf/trace_event_user.c | 27 +++ samples/bpf/xdp2skb_meta.sh | 6 scripts/kconfig/zconf.y | 4 security/smack/smack_lsm.c | 1 sound/core/seq/seq_clientmgr.c | 3 tools/build/Build.include | 2 tools/build/Makefile | 2 tools/objtool/elf.c | 41 +++-- tools/perf/Makefile.config | 3 tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 tools/perf/arch/x86/util/perf_regs.c | 2 tools/perf/bench/numa.c | 5 tools/perf/builtin-annotate.c | 11 + tools/perf/builtin-report.c | 3 tools/perf/builtin-script.c | 25 +++ tools/perf/jvmti/jvmti_agent.c | 3 tools/perf/pmu-events/Build | 2 tools/perf/tests/builtin-test.c | 2 tools/perf/tests/parse-events.c | 8 - tools/perf/tests/topology.c | 1 tools/perf/util/c++/clang.cpp | 11 + tools/perf/util/header.c | 12 + tools/perf/util/llvm-utils.c | 6 tools/perf/util/parse-events.y | 5 tools/perf/util/scripting-engines/trace-event-python.c | 8 - tools/testing/nvdimm/test/nfit.c | 3 tools/testing/selftests/bpf/test_kmod.sh | 9 + tools/testing/selftests/bpf/test_offload.py | 12 + tools/testing/selftests/net/config | 2 tools/testing/selftests/pstore/pstore_post_reboot_tests | 5 tools/testing/selftests/static_keys/test_static_keys.sh | 13 + tools/testing/selftests/sync/config | 4 tools/testing/selftests/sysctl/sysctl.sh | 20 +- tools/testing/selftests/user/test_user_copy.sh | 7 tools/testing/selftests/vm/compaction_test.c | 4 tools/testing/selftests/vm/mlock2-tests.c | 12 - tools/testing/selftests/vm/run_vmtests | 5 tools/testing/selftests/vm/userfaultfd.c | 4 tools/testing/selftests/x86/sigreturn.c | 59 ++++--- tools/testing/selftests/zram/zram.sh | 5 tools/testing/selftests/zram/zram_lib.sh | 5 virt/kvm/arm/vgic/vgic-v3.c | 5 347 files changed, 2651 insertions(+), 1284 deletions(-) Adam Ford (2): ARM: davinci: board-da850-evm: fix WP pin polarity for MMC/SD ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Ajay Gupta (1): usb: xhci: increase CRS timeout value Alex Deucher (1): drm/amdgpu: fix swapped emit_ib_size in vce3 Alexander Duyck (1): ixgbe: Be more careful when modifying MAC filters Alexander Sverdlin (2): octeon_mgmt: Fix MIX registers configuration on MTU setup net: cavium: Add fine-granular dependencies on PCI Alexandre Belloni (1): rtc: fix alarm read and set offset Alexey Brodkin (2): ARC: Explicitly add -mmedium-calls to CFLAGS ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Alison Wang (1): drm: mali-dp: Enable Global SE interrupts mask for DP500 Anders Roxell (1): selftests: net: add config fragments Andreas Schwab (1): RISC-V: fix R_RISCV_ADD32/R_RISCV_SUB32 relocations Andrey Ryabinin (1): netfilter: nf_conntrack: Fix possible possible crash on module loading. Andrzej Hajda (1): drm/bridge/sii8620: fix loops in EDID fetch logic Andy Lutomirski (2): selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs selftests/x86/sigreturn: Do minor cleanups Anson Huang (2): soc: imx: gpcv2: correct PGC offset soc: imx: gpc: restrict register range for regmap access Ard Biesheuvel (1): KVM: arm/arm64: Drop resource size check for GICV window Arnd Bergmann (2): ieee802154: mcr20a: add missing includes drm/sun4i: link in front-end code if needed Artur Petrosyan (1): usb: dwc2: Fix host exit from hibernation flow. Arun Kumar Neelakantam (2): net: qrtr: Broadcast messages only from control port net: qrtr: Reset the node and port ID of broadcast messages Ayan Kumar Halder (3): drm/arm/malidp: Ensure that the crtcs are shutdown before removing any encoder/connector drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format drm/mali-dp: Rectify the width and height passed to rotmem_required() Bart Van Assche (1): drbd: Fix drbd_request_prepare() discard handling Bartosz Golaszewski (1): net: davinci_emac: match the mdio device against its compatible if possible Bert Kenward (2): sfc: avoid hang from nested use of the filter_sem sfc: hold filter_sem consistently during reset BingJing Chang (1): md/raid10: fix that replacement cannot complete recovery after reassemble Bob Copeland (1): nl80211: relax ht operation checks for mesh Casey Leedom (1): cxgb4: assume flash part size to be 4MB, if it can't be determined Casey Schaufler (1): Smack: Mark inode instant in smack_task_to_inode Chengguang Xu (1): nfp: cast sizeof() to int when comparing with error code Christian König (1): PCI: Restore resized BAR state on resume Christophe Jaillet (1): IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' Chunfeng Yun (1): usb: gadget: composite: fix delayed_status race condition when set_interface Damien Thébault (1): platform/x86: dell-laptop: Fix backlight detection Dan Carpenter (10): blk-mq-debugfs: Off by one in blk_mq_rq_state_name() block: sed-opal: Fix a couple off by one bugs typec: tcpm: Fix a msecs vs jiffies bug clk: davinci: cfgchip: testing the wrong variable dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() qed: off by one in qed_parse_mcp_trace_buf() ixgbe: Off by one in ixgbe_ipsec_tx() qlogic: check kstrtoul() for errors pinctrl: nsp: off by ones in nsp_pinmux_enable() drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Daniel Borkmann (1): bpf, s390: fix potential memleak when later bpf_jit_prog fails Daniel Mack (2): ARM: dts: am437x: make edt-ft5x06 a wakeup source ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Dave Hansen (4): mm: Allow non-direct-map arguments to free_reserved_area() x86/mm/init: Pass unconverted symbol addresses to free_init_pages() x86/mm/init: Add helper for freeing kernel image pages x86/mm/init: Remove freed kernel image areas from alias mapping Dave Jiang (2): acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value nfit: fix unchecked dereference in acpi_nfit_ctl David Francis (1): amd/dc/dce100: On dce100, set clocks to 0 on suspend David Lechner (1): net: usb: rtl8150: demote allmulti message to dev_dbg() Davide Caratti (2): net/sched: act_csum: fix NULL dereference when 'goto chain' is used net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Denis Kenzior (1): mac80211: disable BHs/preemption in ieee80211_tx_control_port() Dinh Nguyen (1): net: stmmac: socfpga: add additional ocp reset line for Stratix10 Dirk Gouders (1): kconfig: fix line numbers for if-entries in menu tree Dmitry Osipenko (2): gpu: host1x: Skip IOMMU initialization if firewall is enabled gpu: host1x: Check whether size of unpin isn't 0 Don Brace (1): scsi: hpsa: correct enclosure sas address Dong Jia Shi (1): vfio: ccw: fix error return in vfio_ccw_sch_event Dongjiu Geng (1): usb: xhci: remove the code build warning Doron Roberts-Kedes (2): nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag. tls: fix skb_to_sgvec returning unhandled error. Douglas Anderson (1): nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us Eli Cohen (1): net/mlx5: E-Switch, Disallow vlan/spoofcheck setup if not being esw manager Eric Biggers (1): crypto: arm/speck - fix building in Thumb2 mode Eric Dumazet (2): netfilter: ipv6: nf_defrag: reduce struct net memory waste xfrm_user: prevent leaking 2 bytes of kernel memory Esben Haabendal (1): i2c: imx: Fix race condition in dma read Evan Quan (1): drm/amd/powerplay: correct vega12 thermal support as true Fabio Estevam (2): ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support Fathi Boudra (1): selftests: sync: add config fragment for testing sync framework Florian Fainelli (4): ARM: dts: NSP: Fix i2c controller interrupt type ARM: dts: NSP: Fix PCIe controllers interrupt types ARM: dts: HR2: Fix interrupt types for i2c and PCIe ARM: dts: BCM5301x: Fix i2c controller interrupt type Florian Westphal (3): netfilter: x_tables: set module owner for icmp(6) matches netfilter: nft_compat: explicitly reject ERROR and standard target netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Frank Rowand (1): of: overlay: update phandle cache on overlay apply and remove Frederic Weisbecker (1): sched/nohz: Skip remote tick on idle task entirely Ganesh Goudar (1): cxgb4: when disabling dcb set txq dcb priority to 0 Gao Feng (1): netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister Geert Uytterhoeven (1): mtd: dataflash: Use ULL suffix for 64-bit constants Govindarajulu Varadarajan (1): enic: initialize enic->rfs_h.lock in enic_probe Greentime Hu (1): nds32: Fix the dts pointer is not passed correctly issue. Greg Kroah-Hartman (1): Linux 4.17.19 Greg Ungerer (1): m68k: fix "bad page state" oops on ColdFire boot Grigor Tovmasyan (1): usb: gadget: dwc2: fix memory leak in gadget_init() Guenter Roeck (1): hwmon: (nct6775) Fix loop limit Gustavo A. R. Silva (2): drm/i915/kvmgt: Fix potential Spectre v1 drm/amdgpu/pm: Fix potential Spectre v1 Gustavo Pimentel (1): ARC: [plat-hsdk]: Configure APB GPIO controller on ARC HSDK platform Haiyue Wang (1): ipmi: kcs_bmc: fix IRQ exception if the channel is not open Hangbin Liu (2): ipv6: mcast: fix unsolicited report interval after receiving querys ipvlan: call dev_change_flags when ipvlan mode is reset Hans de Goede (2): NFC: pn533: Fix wrong GFP flag usage i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Harini Katakam (1): net: macb: Free RX ring for all queues Heikki Krogerus (1): usb: dwc3: pci: add support for Intel IceLake Heiner Kallweit (1): r8169: fix mac address change Helge Eichelberg (1): hwmon: (dell-smm) Disable fan support for Dell XPS13 9333 Hoan Tran (1): drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error Israel Rukshin (1): nvme-rdma: Fix command completion race at error recovery Jakub Kicinski (2): selftests/bpf: test offloads even with BPF programs present nfp: bpf: don't stop offload if replace failed Jann Horn (2): netfilter: nf_log: fix uninit read in nf_log_proc_dostring reiserfs: fix broken xattr handling (heap corruption, bad retval) Janne Huttunen (1): perf script python: Fix dict reference counting Janusz Krzysztofik (1): dmaengine: ti: omap-dma: Fix OMAP1510 incorrect residue_granularity Jason Gerecke (1): HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Jeff Moyer (1): dev-dax: check_vma: ratelimit dev_info-s Jeffrin Jose T (1): selftests: bpf: notification about privilege required to run test_kmod.sh testing script Jens Axboe (1): blk-mq: don't queue more if we get a busy return Jeremy Cline (2): perf tools: Use python-config --includes rather than --cflags ext4: fix spectre gadget in ext4_mb_regular_allocator() Jerome Brunet (1): ARM64: dts: meson-axg: fix ethernet stability issue Jianchao Wang (1): nvme-pci: move nvme_kill_queues to nvme_remove_dead_ctrl Jim Mattson (1): kvm: nVMX: Restore exit qual for VM-entry failure due to MSR loading Jim Wilson (1): RISC-V: Fix PTRACE_SETREGSET bug. Jiri Olsa (4): perf tools: Fix error index for pmu event parser perf tests: Add event parsing error handling to parse events test perf bench: Fix numa report output code perf tools: Fix compilation errors on gcc8 Johan Hovold (1): usb: dwc3: of-simple: fix use-after-free on remove Johannes Berg (1): nl80211: check nla_parse_nested() return values John Allen (1): ibmvnic: Fix error recovery on login failure John David Anglin (2): parisc: Remove unnecessary barriers from spinlock.h parisc: Remove ordered stores from syscall.S John Fastabend (1): bpf: fix sk_skb programs without skb->dev assigned John Garry (1): libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Jon Maloy (4): tipc: fix wrong return value from function tipc_node_try_addr() tipc: correct discovery message handling during address trial period tipc: fix correct setting of message type in second discoverer tipc: make function tipc_net_finalize() thread safe Josh Poimboeuf (1): objtool: Support GCC 8 '-fnoreorder-functions' Julia Lawall (1): clocksource/drivers/stm32: Fix error return code Julian Wiedmann (1): s390/qeth: consistently re-enable device features Juri Lelli (1): sched/deadline: Fix switched_from_dl() warning Kai-Heng Feng (1): usb: xhci: dbc: Don't decrement runtime PM counter if DBC is not started Kalderon, Michal (1): RDMA/qedr: Fix NULL pointer dereference when running over iWARP without RDMA-CM Kamal Heib (1): RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Karsten Graul (1): net/smc: reset recv timeout after clc handshake Katsuhiro Suzuki (1): arm64: dts: uniphier: fix widget name of headphone for LD11/LD20 boards Keerthy (1): ARM: dts: da850: Fix interrups property for gpio Kim Phillips (2): perf llvm-utils: Remove bashism from kernel include fetch script perf test shell: Prevent temporary editor files from being considered test scripts Laura Abbott (2): tools: build: Fixup host c flags tools: build: Use HOSTLDFLAGS with fixdep Li RongQing (1): net: propagate dev_get_valid_name return code Linus Lüssing (2): batman-adv: Avoid storing non-TT-sync flags on singular entries too batman-adv: Fix multicast TT issues with bogus ROAM flags Linus Torvalds (3): mm: use helper functions for allocating and freeing vm_area structs mm: make vm_area_dup() actually copy the old vma data mm: make vm_area_alloc() initialize core fields Lubomir Rintel (1): ieee802154: 6lowpan: set IFLA_LINK Lucas Stach (1): Input: synaptics-rmi4 - fix axis-swap behavior Lukas Wunner (3): PCI: hotplug: Don't leak pci_slot on registration failure PCI: pciehp: Fix use-after-free on unplug PCI: pciehp: Fix unprotected list iteration in IRQ handler Maciej Purski (4): drm/bridge/sii8620: fix display modes validation drm/bridge/sii8620: fix potential buffer overflow drm/bridge/sii8620: fix display of packed pixel modes in MHL2 drm/bridge/sii8620: Fix display of packed pixel modes Madalin Bucur (2): fsl/fman: fix parser reporting bad checksum on short frames dpaa_eth: DPAA SGT needs to be 256B Manish Rangankar (1): scsi: qedi: Send driver state to MFW Marc Zyngier (2): irqchip/gic-v2m: Fix SPI release on error path irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug Marcelo Ricardo Leitner (1): sctp: fix erroneous inc of snmp SctpFragUsrMsgs Marek Szyprowski (5): arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag dmaengine: pl330: report BURST residue granularity drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value Martin Blumenstingl (1): ARM64: dts: meson-gxl: fix Mali GPU compatible string Masahiro Yamada (2): clk: sunxi-ng: replace lib-y with obj-y kbuild: suppress warnings from 'getconf LFS_*' Mathieu Malaterre (1): tracing: Use __printf markup to silence compiler Matthijs van Duin (1): pty: fix O_CLOEXEC for TIOCGPTPEER Mauricio Vasquez B (1): bpf: hash map: decrement counter on error Max Gurtuvoy (1): nvmet: reset keep alive timer in controller enable Michael Chan (3): bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic. bnxt_en: Always set output parameters in bnxt_get_max_rings(). bnxt_en: Do not modify max IRQ count after RDMA driver requests/frees IRQs. Michael Hennerich (2): net: ieee802154: adf7242: Fix erroneous RX enable net: ieee802154: adf7242: Fix OCL calibration runs Michael Trimarchi (1): brcmfmac: stop watchdog before detach and free everything Mika Westerberg (1): ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th Mikko Perttunen (1): drm/tegra: Fix comparison operator for buffer size Minas Harutyunyan (2): usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation Myron Stowe (1): PCI: Skip MPS logic for Virtual Functions (VFs) Nicholas Mc Guire (3): PCI: xilinx: Add missing of_node_put() PCI: xilinx-nwl: Add missing of_node_put() PCI: faraday: Add missing of_node_put() Nicholas Piggin (1): powerpc: smp_send_stop do not offline stopped CPUs Nicolas Boichat (1): HID: google: Add support for whiskers Nishanth Menon (1): ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Palmer Dabbelt (1): RISC-V: Don't include irq-riscv-intc.h Paolo Abeni (1): ipfrag: really prevent allocation on netns exit Paul Cercueil (1): pinctrl: ingenic: Fix inverted direction for < JZ4770 Paul Moore (1): ipv6: make ipv6_renew_options() interrupt/kernel safe Pavel Machek (1): ARM: dts: omap4-droid4: fix dts w.r.t. pwm Peng Hao (1): kvmclock: fix TSC calibration for nested guests Peter Chen (1): usb: chipidea: host: fix disconnection detect issue Peter Zijlstra (2): kthread, sched/core: Fix kthread_parkme() (again...) ARC: Improve cmpxchg syscall implementation Qu Wenruo (1): btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() Rafael J. Wysocki (1): PCI / ACPI / PM: Resume all bridges on suspend-to-RAM Randy Dunlap (2): net/ethernet/freescale/fman: fix cross-build error tcp: identify cryptic messages as TCP seq # bugs Ravi Bangoria (2): perf script: Fix crash because of missing evsel->priv perf tools: Fix crash caused by accessing feat_ops[HEADER_LAST_FEATURE] Ray Jui (5): ARM: dts: Cygnus: Fix I2C controller interrupt type ARM: dts: Cygnus: Fix PCIe controller interrupt type arm64: dts: ns2: Fix I2C controller interrupt type arm64: dts: ns2: Fix PCIe controller interrupt type arm64: dts: Stingray: Fix I2C controller interrupt type Rob Herring (1): arm64: dts: msm8916: fix Coresight ETF graph connections Robin H. Johnson (1): ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems Roland Dreier (1): nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD Russell King (4): drm/armada: fix colorkey mode property drm/armada: fix irq handling sfp: ensure we clean up properly on bus registration failure sfp: fix module initialisation with netdev already up Ryan Hsu (1): ath10k: update the phymode along with bandwidth change request Sagi Grimberg (1): nvme-rdma: fix possible double free condition when failing to create a controller Sandipan Das (1): perf report powerpc: Fix crash if callchain is empty Saurav Kashyap (1): scsi: qedf: Send the driver state to MFW Scott Bauer (1): nvme: ensure forward progress during Admin passthru Scott Branden (2): arm64: dts: specify 1.8V EMMC capabilities for bcm958742k arm64: dts: specify 1.8V EMMC capabilities for bcm958742t Sergei Shtylyov (8): PCI: OF: Fix I/O space page leak PCI: xgene: Fix I/O space page leak PCI: versatile: Fix I/O space page leak PCI: designware: Fix I/O space page leak PCI: aardvark: Fix I/O space page leak PCI: faraday: Fix I/O space page leak PCI: mediatek: Fix I/O space page leak PCI: v3-semi: Fix I/O space page leak Shuah Khan (Samsung OSG) (6): selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: sysctl: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests selftests: vm: return Kselftest Skip code for skipped tests Sowmini Varadhan (1): rds: clean up loopback rds_connections on netns deletion Stafford Horne (1): openrisc: entry: Fix delay slot exception detection Stefan Agner (1): net: hamradio: use eth_broadcast_addr Stefan Schmidt (3): ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Wahren (3): net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails Stephen Hemminger (1): hv/netvsc: fix handling of fallback to single queue mode Steve French (1): smb3: increase initial number of credits requested to allow write Steven Rostedt (VMware) (2): locking/lockdep: Do not record IRQ state within lockdep code ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Sudarsana Reddy Kalluru (4): qed: Fix possible memory leak in Rx error path handling. qed: Add sanity check for SIMD fastpath handler. qed: Do not advertise DCBX_LLD_MANAGED capability. bnx2x: Fix receiving tx-timeout in error or recovery state. Sven Eckelmann (4): batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump batman-adv: Fix bat_v best gw refcnt after netlink dump batman-adv: Fix debugfs path for renamed hardif batman-adv: Fix debugfs path for renamed softif Taeung Song (4): samples/bpf: add missing <linux/if_vlan.h> samples/bpf: Check the result of system() samples/bpf: Check the error of write() and read() samples/bpf: Fix tc and ip paths in xdp2skb_meta.sh Takashi Iwai (2): ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] Thomas Falcon (1): ibmvnic: Revise RX/TX queue error messages Thomas Richter (2): perf record: Support s390 random socket_id assignment perf test session topology: Fix test on s390 Tomasz Duszynski (1): iio: pressure: bmp280: fix relative humidity unit Trond Myklebust (1): pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception Ursula Braun (1): net/smc: no shutdown in state SMC_LISTEN Uwe Kleine-König (1): ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch Venkat Duvvuru (1): bnxt_en: Fix the vlan_tci exact match check. Vijay Immanuel (1): IB/rxe: Fix missing completion for mem_reg work requests Vikas Gupta (1): bnxt_en: Fix for system hang if request_irq fails Vincent Guittot (1): sched/util_est: Fix util_est_dequeue() for throttled cfs_rq Vincent Pelletier (1): usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers Viresh Kumar (1): arm: dts: armada: Fix "#cooling-cells" property's name Vishal Verma (1): tools/testing/nvdimm: advertise a write cache for nfit_test Vladimir Zapolskiy (4): sh_eth: fix invalid context bug while calling auto-negotiation by ethtool sh_eth: fix invalid context bug while changing link options by ethtool ravb: fix invalid context bug while calling auto-negotiation by ethtool ravb: fix invalid context bug while changing link options by ethtool Wang Dongsheng (1): net: phy: marvell: change default m88e1510 LED configuration Wei Yongjun (1): pinctrl: nsp: Fix potential NULL dereference Will Deacon (1): arm64: Avoid flush_icache_range() in alternatives patching code Willem de Bruijn (2): packet: reset network header if packet shorter than ll reserved space packet: refine ring v3 block size test to hold one frame William Wu (2): usb: dwc2: alloc dma aligned buffer for isoc split in usb: dwc2: fix isoc split in transfer with no data Xunlei Pang (1): sched/fair: Fix bandwidth timer clock drift condition Yan, Zheng (1): ceph: fix dentry leak in splice_dentry() Yonghong Song (1): perf tools: Fix a clang 7.0 compilation error Yuchung Cheng (1): tcp: remove DELAYED ACK events in DCTCP Yuiko Oshino (1): smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei (1): kasan: fix shadow_size calculation error in kasan_module_alloc Zhenzhong Duan (2): x86/microcode/intel: Fix memleak in save_microcode_patch() x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() Zhizhou Zhang (1): arm64: make secondary_start_kernel() notrace Zhouyang Jia (3): xen: add error handling for xenbus_printf scsi: xen-scsifront: add error handling for xenbus_printf xen/scsiback: add error handling for xenbus_printf Zhu Yanjun (1): IB/rxe: avoid double kfree skb piaojun (1): net/9p/client.c: put refcount of trans_mod in error case in parse_opts()

6 years, 10 months

1
1
0 0

Linux 4.18.5

by Greg KH

I'm announcing the release of the 4.18.5 kernel. All users of the 4.18 kernel series must upgrade. The updated 4.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - arch/parisc/include/asm/spinlock.h | 8 +------ arch/parisc/kernel/syscall.S | 24 ++++++++++----------- arch/powerpc/kernel/security.c | 27 +++++++++++++++--------- arch/x86/include/asm/processor.h | 1 arch/x86/include/asm/set_memory.h | 1 arch/x86/mm/init.c | 37 ++++++++++++++++++++++++++++++--- arch/x86/mm/init_64.c | 8 +------ arch/x86/mm/pageattr.c | 13 +++++++++++ drivers/edac/edac_mc.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 3 +- drivers/gpu/drm/i915/gvt/kvmgt.c | 9 +++++++- drivers/i2c/busses/i2c-imx.c | 8 +++---- drivers/i2c/i2c-core-acpi.c | 11 +++++++-- drivers/pci/controller/pci-aardvark.c | 1 drivers/pci/hotplug/pci_hotplug_core.c | 9 ++++++++ drivers/pci/hotplug/pciehp.h | 1 drivers/pci/hotplug/pciehp_core.c | 7 ++++++ drivers/pci/hotplug/pciehp_hpc.c | 18 ++++------------ drivers/pci/pci-acpi.c | 6 +---- drivers/pci/pci.c | 28 ++++++++++++++++++++++++ drivers/pci/probe.c | 4 +++ drivers/tty/pty.c | 2 - fs/ext4/mballoc.c | 4 ++- fs/reiserfs/xattr.c | 4 ++- mm/page_alloc.c | 16 ++++++++++++-- 26 files changed, 184 insertions(+), 69 deletions(-) Christian König (1): PCI: Restore resized BAR state on resume Dave Hansen (4): mm: Allow non-direct-map arguments to free_reserved_area() x86/mm/init: Pass unconverted symbol addresses to free_init_pages() x86/mm/init: Add helper for freeing kernel image pages x86/mm/init: Remove freed kernel image areas from alias mapping Esben Haabendal (1): i2c: imx: Fix race condition in dma read Greg Kroah-Hartman (1): Linux 4.18.5 Gustavo A. R. Silva (2): drm/i915/kvmgt: Fix potential Spectre v1 drm/amdgpu/pm: Fix potential Spectre v1 Hans de Goede (1): i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Jann Horn (1): reiserfs: fix broken xattr handling (heap corruption, bad retval) Jeremy Cline (1): ext4: fix spectre gadget in ext4_mb_regular_allocator() John David Anglin (2): parisc: Remove unnecessary barriers from spinlock.h parisc: Remove ordered stores from syscall.S Lukas Wunner (3): PCI: hotplug: Don't leak pci_slot on registration failure PCI: pciehp: Fix use-after-free on unplug PCI: pciehp: Fix unprotected list iteration in IRQ handler Matthijs van Duin (1): pty: fix O_CLOEXEC for TIOCGPTPEER Michael Ellerman (1): powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 Myron Stowe (1): PCI: Skip MPS logic for Virtual Functions (VFs) Rafael J. Wysocki (1): PCI / ACPI / PM: Resume all bridges on suspend-to-RAM Takashi Iwai (1): EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] Zachary Zhang (1): PCI: aardvark: Size bridges before resources allocation

6 years, 10 months

1
1
0 0

[PATCH 4.14.y] PCI: OF: Fix I/O space page leak

by Sergei Shtylyov

Commit a5fb9fb023a1435f2b42bccd7f547560f3a21dc3 upstream. When testing the R-Car PCIe driver on the Condor board, if the PCIe PHY driver was left disabled, the kernel crashed with this BUG: kernel BUG at lib/ioremap.c:72! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 39 Comm: kworker/0:1 Not tainted 4.17.0-dirty #1092 Hardware name: Renesas Condor board based on r8a77980 (DT) Workqueue: events deferred_probe_work_func pstate: 80000005 (Nzcv daif -PAN -UAO) pc : ioremap_page_range+0x370/0x3c8 lr : ioremap_page_range+0x40/0x3c8 sp : ffff000008da39e0 x29: ffff000008da39e0 x28: 00e8000000000f07 x27: ffff7dfffee00000 x26: 0140000000000000 x25: ffff7dfffef00000 x24: 00000000000fe100 x23: ffff80007b906000 x22: ffff000008ab8000 x21: ffff000008bb1d58 x20: ffff7dfffef00000 x19: ffff800009c30fb8 x18: 0000000000000001 x17: 00000000000152d0 x16: 00000000014012d0 x15: 0000000000000000 x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720 x11: 0720072007300730 x10: 00000000000000ae x9 : 0000000000000000 x8 : ffff7dffff000000 x7 : 0000000000000000 x6 : 0000000000000100 x5 : 0000000000000000 x4 : 000000007b906000 x3 : ffff80007c61a880 x2 : ffff7dfffeefffff x1 : 0000000040000000 x0 : 00e80000fe100f07 Process kworker/0:1 (pid: 39, stack limit = 0x (ptrval)) Call trace: ioremap_page_range+0x370/0x3c8 pci_remap_iospace+0x7c/0xac pci_parse_request_of_pci_ranges+0x13c/0x190 rcar_pcie_probe+0x4c/0xb04 platform_drv_probe+0x50/0xbc driver_probe_device+0x21c/0x308 __device_attach_driver+0x98/0xc8 bus_for_each_drv+0x54/0x94 __device_attach+0xc4/0x12c device_initial_probe+0x10/0x18 bus_probe_device+0x90/0x98 deferred_probe_work_func+0xb0/0x150 process_one_work+0x12c/0x29c worker_thread+0x200/0x3fc kthread+0x108/0x134 ret_from_fork+0x10/0x18 Code: f9004ba2 54000080 aa0003fb 17ffff48 (d4210000) It turned out that pci_remap_iospace() wasn't undone when the driver's probe failed, and since devm_phy_optional_get() returned -EPROBE_DEFER, the probe was retried, finally causing the BUG due to trying to remap already remapped pages. Introduce the devm_pci_remap_iospace() managed API and replace the pci_remap_iospace() call with it to fix the bug. Fixes: dbf9826d5797 ("PCI: generic: Convert to DT resource parsing API") Signed-off-by: Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> [lorenzo.pieralisi(a)arm.com: split commit/updated the commit log] Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> --- drivers/pci/host/pci-host-common.c | 2 - drivers/pci/host/pcie-rcar.c | 2 - drivers/pci/pci.c | 38 +++++++++++++++++++++++++++++++++++++ include/linux/pci.h | 2 + 4 files changed, 42 insertions(+), 2 deletions(-) Index: linux-stable/drivers/pci/host/pci-host-common.c =================================================================== --- linux-stable.orig/drivers/pci/host/pci-host-common.c +++ linux-stable/drivers/pci/host/pci-host-common.c @@ -45,7 +45,7 @@ static int gen_pci_parse_request_of_pci_ switch (resource_type(res)) { case IORESOURCE_IO: - err = pci_remap_iospace(res, iobase); + err = devm_pci_remap_iospace(dev, res, iobase); if (err) { dev_warn(dev, "error %d: failed to map resource %pR\n", err, res); Index: linux-stable/drivers/pci/host/pcie-rcar.c =================================================================== --- linux-stable.orig/drivers/pci/host/pcie-rcar.c +++ linux-stable/drivers/pci/host/pcie-rcar.c @@ -1105,7 +1105,7 @@ static int rcar_pcie_parse_request_of_pc struct resource *res = win->res; if (resource_type(res) == IORESOURCE_IO) { - err = pci_remap_iospace(res, iobase); + err = devm_pci_remap_iospace(dev, res, iobase); if (err) { dev_warn(dev, "error %d: failed to map resource %pR\n", err, res); Index: linux-stable/drivers/pci/pci.c =================================================================== --- linux-stable.orig/drivers/pci/pci.c +++ linux-stable/drivers/pci/pci.c @@ -3446,6 +3446,44 @@ void pci_unmap_iospace(struct resource * } EXPORT_SYMBOL(pci_unmap_iospace); +static void devm_pci_unmap_iospace(struct device *dev, void *ptr) +{ + struct resource **res = ptr; + + pci_unmap_iospace(*res); +} + +/** + * devm_pci_remap_iospace - Managed pci_remap_iospace() + * @dev: Generic device to remap IO address for + * @res: Resource describing the I/O space + * @phys_addr: physical address of range to be mapped + * + * Managed pci_remap_iospace(). Map is automatically unmapped on driver + * detach. + */ +int devm_pci_remap_iospace(struct device *dev, const struct resource *res, + phys_addr_t phys_addr) +{ + const struct resource **ptr; + int error; + + ptr = devres_alloc(devm_pci_unmap_iospace, sizeof(*ptr), GFP_KERNEL); + if (!ptr) + return -ENOMEM; + + error = pci_remap_iospace(res, phys_addr); + if (error) { + devres_free(ptr); + } else { + *ptr = res; + devres_add(dev, ptr); + } + + return error; +} +EXPORT_SYMBOL(devm_pci_remap_iospace); + /** * devm_pci_remap_cfgspace - Managed pci_remap_cfgspace() * @dev: Generic device to remap IO address for Index: linux-stable/include/linux/pci.h =================================================================== --- linux-stable.orig/include/linux/pci.h +++ linux-stable/include/linux/pci.h @@ -1235,6 +1235,8 @@ int pci_register_io_range(phys_addr_t ad unsigned long pci_address_to_pio(phys_addr_t addr); phys_addr_t pci_pio_to_address(unsigned long pio); int pci_remap_iospace(const struct resource *res, phys_addr_t phys_addr); +int devm_pci_remap_iospace(struct device *dev, const struct resource *res, + phys_addr_t phys_addr); void pci_unmap_iospace(struct resource *res); void __iomem *devm_pci_remap_cfgspace(struct device *dev, resource_size_t offset,

6 years, 10 months

2
1
0 0

[PATCH v2 4.9.y] PCI: OF: Fix I/O space page leak

by Sergei Shtylyov

Commit a5fb9fb023a1435f2b42bccd7f547560f3a21dc3 upstream. When testing the R-Car PCIe driver on the Condor board, if the PCIe PHY driver was left disabled, the kernel crashed with this BUG: kernel BUG at lib/ioremap.c:72! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 39 Comm: kworker/0:1 Not tainted 4.17.0-dirty #1092 Hardware name: Renesas Condor board based on r8a77980 (DT) Workqueue: events deferred_probe_work_func pstate: 80000005 (Nzcv daif -PAN -UAO) pc : ioremap_page_range+0x370/0x3c8 lr : ioremap_page_range+0x40/0x3c8 sp : ffff000008da39e0 x29: ffff000008da39e0 x28: 00e8000000000f07 x27: ffff7dfffee00000 x26: 0140000000000000 x25: ffff7dfffef00000 x24: 00000000000fe100 x23: ffff80007b906000 x22: ffff000008ab8000 x21: ffff000008bb1d58 x20: ffff7dfffef00000 x19: ffff800009c30fb8 x18: 0000000000000001 x17: 00000000000152d0 x16: 00000000014012d0 x15: 0000000000000000 x14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720 x11: 0720072007300730 x10: 00000000000000ae x9 : 0000000000000000 x8 : ffff7dffff000000 x7 : 0000000000000000 x6 : 0000000000000100 x5 : 0000000000000000 x4 : 000000007b906000 x3 : ffff80007c61a880 x2 : ffff7dfffeefffff x1 : 0000000040000000 x0 : 00e80000fe100f07 Process kworker/0:1 (pid: 39, stack limit = 0x (ptrval)) Call trace: ioremap_page_range+0x370/0x3c8 pci_remap_iospace+0x7c/0xac pci_parse_request_of_pci_ranges+0x13c/0x190 rcar_pcie_probe+0x4c/0xb04 platform_drv_probe+0x50/0xbc driver_probe_device+0x21c/0x308 __device_attach_driver+0x98/0xc8 bus_for_each_drv+0x54/0x94 __device_attach+0xc4/0x12c device_initial_probe+0x10/0x18 bus_probe_device+0x90/0x98 deferred_probe_work_func+0xb0/0x150 process_one_work+0x12c/0x29c worker_thread+0x200/0x3fc kthread+0x108/0x134 ret_from_fork+0x10/0x18 Code: f9004ba2 54000080 aa0003fb 17ffff48 (d4210000) It turned out that pci_remap_iospace() wasn't undone when the driver's probe failed, and since devm_phy_optional_get() returned -EPROBE_DEFER, the probe was retried, finally causing the BUG due to trying to remap already remapped pages. Introduce the devm_pci_remap_iospace() managed API and replace the pci_remap_iospace() call with it to fix the bug. Fixes: dbf9826d5797 ("PCI: generic: Convert to DT resource parsing API") Signed-off-by: Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> [lorenzo.pieralisi(a)arm.com: split commit/updated the commit log] Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> --- drivers/pci/host/pci-host-common.c | 2 - drivers/pci/host/pcie-rcar.c | 2 - drivers/pci/pci.c | 38 +++++++++++++++++++++++++++++++++++++ include/linux/pci.h | 2 + 4 files changed, 42 insertions(+), 2 deletions(-) Index: linux-stable/drivers/pci/host/pci-host-common.c =================================================================== --- linux-stable.orig/drivers/pci/host/pci-host-common.c +++ linux-stable/drivers/pci/host/pci-host-common.c @@ -45,7 +45,7 @@ static int gen_pci_parse_request_of_pci_ switch (resource_type(res)) { case IORESOURCE_IO: - err = pci_remap_iospace(res, iobase); + err = devm_pci_remap_iospace(dev, res, iobase); if (err) { dev_warn(dev, "error %d: failed to map resource %pR\n", err, res); Index: linux-stable/drivers/pci/host/pcie-rcar.c =================================================================== --- linux-stable.orig/drivers/pci/host/pcie-rcar.c +++ linux-stable/drivers/pci/host/pcie-rcar.c @@ -1102,7 +1102,7 @@ static int rcar_pcie_parse_request_of_pc struct resource *res = win->res; if (resource_type(res) == IORESOURCE_IO) { - err = pci_remap_iospace(res, iobase); + err = devm_pci_remap_iospace(dev, res, iobase); if (err) { dev_warn(dev, "error %d: failed to map resource %pR\n", err, res); Index: linux-stable/drivers/pci/pci.c =================================================================== --- linux-stable.orig/drivers/pci/pci.c +++ linux-stable/drivers/pci/pci.c @@ -3407,6 +3407,44 @@ void pci_unmap_iospace(struct resource * #endif } +static void devm_pci_unmap_iospace(struct device *dev, void *ptr) +{ + struct resource **res = ptr; + + pci_unmap_iospace(*res); +} + +/** + * devm_pci_remap_iospace - Managed pci_remap_iospace() + * @dev: Generic device to remap IO address for + * @res: Resource describing the I/O space + * @phys_addr: physical address of range to be mapped + * + * Managed pci_remap_iospace(). Map is automatically unmapped on driver + * detach. + */ +int devm_pci_remap_iospace(struct device *dev, const struct resource *res, + phys_addr_t phys_addr) +{ + const struct resource **ptr; + int error; + + ptr = devres_alloc(devm_pci_unmap_iospace, sizeof(*ptr), GFP_KERNEL); + if (!ptr) + return -ENOMEM; + + error = pci_remap_iospace(res, phys_addr); + if (error) { + devres_free(ptr); + } else { + *ptr = res; + devres_add(dev, ptr); + } + + return error; +} +EXPORT_SYMBOL(devm_pci_remap_iospace); + static void __pci_set_master(struct pci_dev *dev, bool enable) { u16 old_cmd, cmd; Index: linux-stable/include/linux/pci.h =================================================================== --- linux-stable.orig/include/linux/pci.h +++ linux-stable/include/linux/pci.h @@ -1190,6 +1190,8 @@ int pci_register_io_range(phys_addr_t ad unsigned long pci_address_to_pio(phys_addr_t addr); phys_addr_t pci_pio_to_address(unsigned long pio); int pci_remap_iospace(const struct resource *res, phys_addr_t phys_addr); +int devm_pci_remap_iospace(struct device *dev, const struct resource *res, + phys_addr_t phys_addr); void pci_unmap_iospace(struct resource *res); static inline pci_bus_addr_t pci_bus_address(struct pci_dev *pdev, int bar)

6 years, 10 months

2
1
0 0

[PATCH 4/9] mmc: meson-mx-sdio: fix OF child-node lookup

by Johan Hovold

Use the new of_get_compatible_child() helper to lookup the slot child node instead of using of_find_compatible_node(), which searches the entire tree and thus can return an unrelated (i.e. non-child) node. This also addresses a potential use-after-free (e.g. after probe deferral) as the tree-wide helper drops a reference to its first argument (i.e. the node of the device being probed). While at it, also fix up the related slot-node reference leak. Fixes: ed80a13bb4c4 ("mmc: meson-mx-sdio: Add a driver for the Amlogic Meson8 and Meson8b SoCs") Cc: stable <stable(a)vger.kernel.org> # 4.15 Cc: Carlo Caione <carlo(a)endlessm.com> Cc: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Cc: Ulf Hansson <ulf.hansson(a)linaro.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/mmc/host/meson-mx-sdio.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/mmc/host/meson-mx-sdio.c b/drivers/mmc/host/meson-mx-sdio.c index 09cb89645d06..2cfec33178c1 100644 --- a/drivers/mmc/host/meson-mx-sdio.c +++ b/drivers/mmc/host/meson-mx-sdio.c @@ -517,19 +517,23 @@ static struct mmc_host_ops meson_mx_mmc_ops = { static struct platform_device *meson_mx_mmc_slot_pdev(struct device *parent) { struct device_node *slot_node; + struct platform_device *pdev; /* * TODO: the MMC core framework currently does not support * controllers with multiple slots properly. So we only register * the first slot for now */ - slot_node = of_find_compatible_node(parent->of_node, NULL, "mmc-slot"); + slot_node = of_get_compatible_child(parent->of_node, "mmc-slot"); if (!slot_node) { dev_warn(parent, "no 'mmc-slot' sub-node found\n"); return ERR_PTR(-ENOENT); } - return of_platform_device_create(slot_node, NULL, parent); + pdev = of_platform_device_create(slot_node, NULL, parent); + of_node_put(slot_node); + + return pdev; } static int meson_mx_mmc_add_host(struct meson_mx_mmc_host *host) -- 2.18.0

6 years, 10 months

2
2
0 0

[PATCH 4.18 00/22] 4.18.5-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.18.5 release. There are 22 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 25 07:47:43 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.18.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.18.5-rc1 Jann Horn <jannh(a)google.com> reiserfs: fix broken xattr handling (heap corruption, bad retval) Esben Haabendal <eha(a)deif.com> i2c: imx: Fix race condition in dma read Hans de Goede <hdegoede(a)redhat.com> i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix unprotected list iteration in IRQ handler Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix use-after-free on unplug Myron Stowe <myron.stowe(a)redhat.com> PCI: Skip MPS logic for Virtual Functions (VFs) Zachary Zhang <zhangzg(a)marvell.com> PCI: aardvark: Size bridges before resources allocation Lukas Wunner <lukas(a)wunner.de> PCI: hotplug: Don't leak pci_slot on registration failure Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI / ACPI / PM: Resume all bridges on suspend-to-RAM Christian König <ckoenig.leichtzumerken(a)gmail.com> PCI: Restore resized BAR state on resume John David Anglin <dave.anglin(a)bell.net> parisc: Remove ordered stores from syscall.S John David Anglin <dave.anglin(a)bell.net> parisc: Remove unnecessary barriers from spinlock.h Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/amdgpu/pm: Fix potential Spectre v1 Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/i915/kvmgt: Fix potential Spectre v1 Jeremy Cline <jcline(a)redhat.com> ext4: fix spectre gadget in ext4_mb_regular_allocator() Michael Ellerman <mpe(a)ellerman.id.au> powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/init: Remove freed kernel image areas from alias mapping Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/init: Add helper for freeing kernel image pages Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/init: Pass unconverted symbol addresses to free_init_pages() Dave Hansen <dave.hansen(a)linux.intel.com> mm: Allow non-direct-map arguments to free_reserved_area() Matthijs van Duin <matthijsvanduin(a)gmail.com> pty: fix O_CLOEXEC for TIOCGPTPEER Takashi Iwai <tiwai(a)suse.de> EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] ------------- Diffstat: Makefile | 4 ++-- arch/parisc/include/asm/spinlock.h | 8 ++------ arch/parisc/kernel/syscall.S | 24 +++++++++++----------- arch/powerpc/kernel/security.c | 27 ++++++++++++++++--------- arch/x86/include/asm/processor.h | 1 + arch/x86/include/asm/set_memory.h | 1 + arch/x86/mm/init.c | 37 +++++++++++++++++++++++++++++++--- arch/x86/mm/init_64.c | 8 ++------ arch/x86/mm/pageattr.c | 13 ++++++++++++ drivers/edac/edac_mc.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 3 ++- drivers/gpu/drm/i915/gvt/kvmgt.c | 9 ++++++++- drivers/i2c/busses/i2c-imx.c | 8 ++++---- drivers/i2c/i2c-core-acpi.c | 11 +++++++--- drivers/pci/controller/pci-aardvark.c | 1 + drivers/pci/hotplug/pci_hotplug_core.c | 9 +++++++++ drivers/pci/hotplug/pciehp.h | 1 + drivers/pci/hotplug/pciehp_core.c | 7 +++++++ drivers/pci/hotplug/pciehp_hpc.c | 18 +++++------------ drivers/pci/pci-acpi.c | 6 ++---- drivers/pci/pci.c | 28 +++++++++++++++++++++++++ drivers/pci/probe.c | 4 ++++ drivers/tty/pty.c | 2 +- fs/ext4/mballoc.c | 4 +++- fs/reiserfs/xattr.c | 4 +++- mm/page_alloc.c | 16 +++++++++++++-- 26 files changed, 185 insertions(+), 70 deletions(-)

6 years, 10 months

4
24
0 0

[PATCH 4.9 000/130] 4.9.124-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.124 release. There are 130 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 25 07:48:45 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.124-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.124-rc1 Jann Horn <jannh(a)google.com> reiserfs: fix broken xattr handling (heap corruption, bad retval) Esben Haabendal <eha(a)deif.com> i2c: imx: Fix race condition in dma read Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix unprotected list iteration in IRQ handler Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix use-after-free on unplug Myron Stowe <myron.stowe(a)redhat.com> PCI: Skip MPS logic for Virtual Functions (VFs) Lukas Wunner <lukas(a)wunner.de> PCI: hotplug: Don't leak pci_slot on registration failure Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: OF: Fix I/O space page leak John David Anglin <dave.anglin(a)bell.net> parisc: Remove unnecessary barriers from spinlock.h Willem de Bruijn <willemb(a)google.com> packet: refine ring v3 block size test to hold one frame Florian Westphal <fw(a)strlen.de> netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Eric Dumazet <edumazet(a)google.com> xfrm_user: prevent leaking 2 bytes of kernel memory John David Anglin <dave.anglin(a)bell.net> parisc: Remove ordered stores from syscall.S Jeremy Cline <jcline(a)redhat.com> ext4: fix spectre gadget in ext4_mb_regular_allocator() Paolo Bonzini <pbonzini(a)redhat.com> KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer Randy Dunlap <rdunlap(a)infradead.org> tcp: identify cryptic messages as TCP seq # bugs Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Fix log level if probe fails Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Make sure the QCA7000 reset is triggered Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Avoid packet drop during initial sync Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: versatile: Fix I/O space page leak David Lechner <david(a)lechnology.com> net: usb: rtl8150: demote allmulti message to dev_dbg() Randy Dunlap <rdunlap(a)infradead.org> net/ethernet/freescale/fman: fix cross-build error Dan Carpenter <dan.carpenter(a)oracle.com> drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Wei Yongjun <weiyongjun1(a)huawei.com> pinctrl: nsp: Fix potential NULL dereference Dan Carpenter <dan.carpenter(a)oracle.com> pinctrl: nsp: off by ones in nsp_pinmux_enable() Yuchung Cheng <ycheng(a)google.com> tcp: remove DELAYED ACK events in DCTCP Dan Carpenter <dan.carpenter(a)oracle.com> qlogic: check kstrtoul() for errors Willem de Bruijn <willemb(a)google.com> packet: reset network header if packet shorter than ll reserved space Laura Abbott <labbott(a)redhat.com> tools: build: Use HOSTLDFLAGS with fixdep Alexander Duyck <alexander.h.duyck(a)intel.com> ixgbe: Be more careful when modifying MAC filters Adam Ford <aford173(a)gmail.com> ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Nishanth Menon <nm(a)ti.com> ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Steven Rostedt (VMware) <rostedt(a)goodmis.org> ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Kamal Heib <kamalheib1(a)gmail.com> RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Dave Jiang <dave.jiang(a)intel.com> nfit: fix unchecked dereference in acpi_nfit_ctl Kim Phillips <kim.phillips(a)arm.com> perf llvm-utils: Remove bashism from kernel include fetch script Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix for system hang if request_irq fails Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Always set output parameters in bnxt_get_max_rings(). Peter Zijlstra <peterz(a)infradead.org> ARC: Improve cmpxchg syscall implementation Andrey Ryabinin <aryabinin(a)virtuozzo.com> netfilter: nf_conntrack: Fix possible possible crash on module loading. Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix colorkey mode property Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: use __func__ macro for debug messages Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem Davide Caratti <dcaratti(a)redhat.com> net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Daniel Mack <daniel(a)zonque.org> ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> ravb: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> ravb: fix invalid context bug while calling auto-negotiation by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> sh_eth: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> sh_eth: fix invalid context bug while calling auto-negotiation by ethtool Arun Kumar Neelakantam <aneela(a)codeaurora.org> net: qrtr: Broadcast messages only from control port Paul Moore <paul(a)paul-moore.com> ipv6: make ipv6_renew_options() interrupt/kernel safe Florian Westphal <fw(a)strlen.de> netfilter: x_tables: set module owner for icmp(6) matches Lubomir Rintel <lkundrak(a)v3.sk> ieee802154: 6lowpan: set IFLA_LINK Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: Check the error of write() and read() Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: add missing <linux/if_vlan.h> Yuiko Oshino <yuiko.oshino(a)microchip.com> smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei <thunder.leizhen(a)huawei.com> kasan: fix shadow_size calculation error in kasan_module_alloc Mathieu Malaterre <malat(a)debian.org> tracing: Use __printf markup to silence compiler Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v4_v5_defconfig: Select ULPI support Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v6_v7_defconfig: Select ULPI support Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Hangbin Liu <liuhangbin(a)gmail.com> ipvlan: call dev_change_flags when ipvlan mode is reset Josh Poimboeuf <jpoimboe(a)redhat.com> objtool: Support GCC 8 '-fnoreorder-functions' Greg Ungerer <gerg(a)linux-m68k.org> m68k: fix "bad page state" oops on ColdFire boot Dave Jiang <dave.jiang(a)intel.com> acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> bnx2x: Fix receiving tx-timeout in error or recovery state. Nicholas Mc Guire <hofrat(a)osadl.org> PCI: xilinx-nwl: Add missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> PCI: xilinx: Add missing of_node_put() Daniel Borkmann <daniel(a)iogearbox.net> bpf, s390: fix potential memleak when later bpf_jit_prog fails Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix WINCONx reset value Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes Bob Copeland <me(a)bobcopeland.com> nl80211: relax ht operation checks for mesh BingJing Chang <bingjingc(a)synology.com> md/raid10: fix that replacement cannot complete recovery after reassemble Dan Carpenter <dan.carpenter(a)oracle.com> dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() Marek Szyprowski <m.szyprowski(a)samsung.com> dmaengine: pl330: report BURST residue granularity Keerthy <j-keerthy(a)ti.com> ARM: dts: da850: Fix interrups property for gpio Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn: Do minor cleanups Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs Yan, Zheng <zyan(a)redhat.com> ceph: fix dentry leak in splice_dentry() Jann Horn <jannh(a)google.com> netfilter: nf_log: fix uninit read in nf_log_proc_dostring Jiri Olsa <jolsa(a)kernel.org> perf bench: Fix numa report output code Sandipan Das <sandipan(a)linux.ibm.com> perf report powerpc: Fix crash if callchain is empty Thomas Richter <tmricht(a)linux.ibm.com> perf test session topology: Fix test on s390 Hans de Goede <hdegoede(a)redhat.com> NFC: pn533: Fix wrong GFP flag usage Ajay Gupta <ajaykuee(a)gmail.com> usb: xhci: increase CRS timeout value Dongjiu Geng <gengdongjiu(a)huawei.com> usb: xhci: remove the code build warning Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Daniel Mack <daniel(a)zonque.org> ARM: dts: am437x: make edt-ft5x06 a wakeup source Michael Trimarchi <michael(a)amarulasolutions.com> brcmfmac: stop watchdog before detach and free everything Tomasz Duszynski <tduszyns(a)gmail.com> iio: pressure: bmp280: fix relative humidity unit Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: when disabling dcb set txq dcb priority to 0 Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix bat_v best gw refcnt after netlink dump Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump Casey Schaufler <casey(a)schaufler-ca.com> Smack: Mark inode instant in smack_task_to_inode Hangbin Liu <liuhangbin(a)gmail.com> ipv6: mcast: fix unsolicited report interval after receiving querys Steven Rostedt (VMware) <rostedt(a)goodmis.org> locking/lockdep: Do not record IRQ state within lockdep code Ard Biesheuvel <ard.biesheuvel(a)linaro.org> KVM: arm/arm64: Drop resource size check for GICV window Bartosz Golaszewski <bgolaszewski(a)baylibre.com> net: davinci_emac: match the mdio device against its compatible if possible Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Max Gurtuvoy <maxg(a)mellanox.com> nvmet: reset keep alive timer in controller enable Dinh Nguyen <dinguyen(a)kernel.org> net: stmmac: socfpga: add additional ocp reset line for Stratix10 Li RongQing <lirongqing(a)baidu.com> net: propagate dev_get_valid_name return code Stefan Agner <stefan(a)agner.ch> net: hamradio: use eth_broadcast_addr Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: initialize enic->rfs_h.lock in enic_probe Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Add sanity check for SIMD fastpath handler. Zhizhou Zhang <zhizhouzhang(a)asrmicro.com> arm64: make secondary_start_kernel() notrace Zhouyang Jia <jiazhouyang09(a)gmail.com> xen/scsiback: add error handling for xenbus_printf Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: xen-scsifront: add error handling for xenbus_printf Zhouyang Jia <jiazhouyang09(a)gmail.com> xen: add error handling for xenbus_printf Grigor Tovmasyan <Grigor.Tovmasyan(a)synopsys.com> usb: gadget: dwc2: fix memory leak in gadget_init() Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: gadget: composite: fix delayed_status race condition when set_interface William Wu <william.wu(a)rock-chips.com> usb: dwc2: fix isoc split in transfer with no data John Garry <john.garry(a)huawei.com> libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Vijay Immanuel <vijayi(a)attalasystems.com> IB/rxe: Fix missing completion for mem_reg work requests Alison Wang <alison.wang(a)nxp.com> drm: mali-dp: Enable Global SE interrupts mask for DP500 Ray Jui <ray.jui(a)broadcom.com> arm64: dts: ns2: Fix I2C controller interrupt type Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix PCIe controller interrupt type Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix I2C controller interrupt type Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: NSP: Fix PCIe controllers interrupt types Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: NSP: Fix i2c controller interrupt type Fathi Boudra <fathi.boudra(a)linaro.org> selftests: sync: add config fragment for testing sync framework Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: zram: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: user: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: static_keys: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: pstore: return Kselftest Skip code for skipped tests Eric Dumazet <edumazet(a)google.com> netfilter: ipv6: nf_defrag: reduce struct net memory waste Johan Hovold <johan(a)kernel.org> usb: dwc3: of-simple: fix use-after-free on remove Alexey Brodkin <abrodkin(a)synopsys.com> ARC: Explicitly add -mmedium-calls to CFLAGS Andy Lutomirski <luto(a)kernel.org> x86/entry/64: Remove %ebx handling from error_entry/exit ------------- Diffstat: Makefile | 4 +- arch/arc/Makefile | 15 +-- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arc/kernel/process.c | 47 +++++++-- arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/bcm-cygnus.dtsi | 24 ++--- arch/arm/boot/dts/bcm-nsp.dtsi | 32 +++--- arch/arm/boot/dts/da850.dtsi | 6 +- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/mach-omap2/omap-smp.c | 41 ++++++++ arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++ arch/arm64/boot/dts/broadcom/ns2.dtsi | 4 +- arch/arm64/kernel/smp.c | 2 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- arch/parisc/include/asm/spinlock.h | 8 +- arch/parisc/kernel/syscall.S | 24 ++--- arch/s390/net/bpf_jit_comp.c | 1 + arch/x86/entry/entry_64.S | 20 +--- drivers/acpi/nfit/core.c | 4 + drivers/ata/libahci.c | 7 +- drivers/dma/k3dma.c | 2 +- drivers/dma/pl330.c | 2 +- drivers/gpu/drm/arm/malidp_hw.c | 3 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 ++++-- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/hid/wacom_wac.c | 10 +- drivers/i2c/busses/i2c-imx.c | 8 +- drivers/iio/pressure/bmp280-core.c | 5 +- drivers/infiniband/hw/mlx5/srq.c | 18 ++-- drivers/infiniband/sw/rxe/rxe_req.c | 3 + drivers/md/raid10.c | 7 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 ++ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 ++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++-- drivers/net/ethernet/renesas/ravb_main.c | 56 +++-------- drivers/net/ethernet/renesas/sh_eth.c | 59 +++-------- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 +++- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 +- drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/ipvlan/ipvlan_main.c | 36 +++++-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 ++++++++++++ .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 ++ drivers/nfc/pn533/usb.c | 4 +- drivers/nvme/target/core.c | 8 ++ drivers/pci/host/pci-versatile.c | 2 +- drivers/pci/host/pcie-xilinx-nwl.c | 2 +- drivers/pci/host/pcie-xilinx.c | 1 + drivers/pci/hotplug/pci_hotplug_core.c | 9 ++ drivers/pci/hotplug/pciehp.h | 1 + drivers/pci/hotplug/pciehp_core.c | 7 ++ drivers/pci/hotplug/pciehp_hpc.c | 18 +--- drivers/pci/pci.c | 38 +++++++ drivers/pci/probe.c | 4 + drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 +- drivers/scsi/xen-scsifront.c | 33 ++++-- drivers/usb/dwc2/gadget.c | 7 +- drivers/usb/dwc2/hcd_intr.c | 3 +- drivers/usb/dwc3/dwc3-of-simple.c | 3 +- drivers/usb/gadget/composite.c | 3 + drivers/usb/host/xhci-tegra.c | 2 +- drivers/usb/host/xhci.c | 7 +- drivers/xen/manage.c | 18 +++- drivers/xen/xen-scsiback.c | 16 ++- fs/ceph/inode.c | 1 + fs/ext4/mballoc.c | 4 +- fs/reiserfs/xattr.c | 4 +- include/linux/fsl/guts.h | 1 + include/linux/pci.h | 2 + include/net/ipv6.h | 9 +- include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tc_act/tc_tunnel_key.h | 1 - include/net/tcp.h | 2 - kernel/locking/lockdep.c | 12 +-- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 +- net/batman-adv/bat_iv_ogm.c | 4 +- net/batman-adv/bat_v.c | 4 +- net/core/dev.c | 4 +- net/ieee802154/6lowpan/core.c | 6 ++ net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 ----- net/ipv4/tcp_output.c | 4 - net/ipv6/calipso.c | 9 +- net/ipv6/exthdrs.c | 111 ++++++--------------- net/ipv6/ipv6_sockglue.c | 27 +++-- net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/netfilter/nf_log.c | 4 + net/packet/af_packet.c | 12 ++- net/qrtr/qrtr.c | 4 + net/sched/act_tunnel_key.c | 6 +- net/wireless/nl80211.c | 19 +--- net/xfrm/xfrm_user.c | 8 +- samples/bpf/parse_varlen.c | 6 +- samples/bpf/test_overhead_user.c | 19 +++- security/smack/smack_lsm.c | 1 + sound/core/seq/seq_clientmgr.c | 3 +- tools/build/Makefile | 2 +- tools/objtool/elf.c | 41 +++++--- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/bench/numa.c | 5 +- tools/perf/tests/topology.c | 1 + tools/perf/util/llvm-utils.c | 6 +- .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/user/test_user_copy.sh | 7 ++ tools/testing/selftests/x86/sigreturn.c | 59 ++++++----- tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- virt/kvm/arm/vgic/vgic-v3.c | 5 - virt/kvm/eventfd.c | 11 +- 137 files changed, 893 insertions(+), 572 deletions(-)

6 years, 10 months

6
129
0 0

[PATCH 4.14 000/217] 4.14.67-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.67 release. There are 217 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 25 07:54:25 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.67-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.67-rc1 Jann Horn <jannh(a)google.com> reiserfs: fix broken xattr handling (heap corruption, bad retval) Esben Haabendal <eha(a)deif.com> i2c: imx: Fix race condition in dma read Hans de Goede <hdegoede(a)redhat.com> i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix unprotected list iteration in IRQ handler Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix use-after-free on unplug Myron Stowe <myron.stowe(a)redhat.com> PCI: Skip MPS logic for Virtual Functions (VFs) Lukas Wunner <lukas(a)wunner.de> PCI: hotplug: Don't leak pci_slot on registration failure Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: OF: Fix I/O space page leak John David Anglin <dave.anglin(a)bell.net> parisc: Remove unnecessary barriers from spinlock.h Ursula Braun <ubraun(a)linux.ibm.com> net/smc: no shutdown in state SMC_LISTEN Willem de Bruijn <willemb(a)google.com> packet: refine ring v3 block size test to hold one frame Florian Westphal <fw(a)strlen.de> netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Eric Dumazet <edumazet(a)google.com> xfrm_user: prevent leaking 2 bytes of kernel memory John David Anglin <dave.anglin(a)bell.net> parisc: Remove ordered stores from syscall.S Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: sanity check for total valid node blocks Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: return error during fill_super Paolo Bonzini <pbonzini(a)redhat.com> KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer Roland Dreier <roland(a)purestorage.com> nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch Robin H. Johnson <robbat2(a)gentoo.org> ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems Anson Huang <Anson.Huang(a)nxp.com> soc: imx: gpc: restrict register range for regmap access Randy Dunlap <rdunlap(a)infradead.org> tcp: identify cryptic messages as TCP seq # bugs Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Fix log level if probe fails Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Make sure the QCA7000 reset is triggered Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Avoid packet drop during initial sync Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: versatile: Fix I/O space page leak Peng Hao <peng.hao2(a)zte.com.cn> kvmclock: fix TSC calibration for nested guests David Lechner <david(a)lechnology.com> net: usb: rtl8150: demote allmulti message to dev_dbg() Alexander Sverdlin <alexander.sverdlin(a)nsn.com> octeon_mgmt: Fix MIX registers configuration on MTU setup Qu Wenruo <wqu(a)suse.com> btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() John Allen <jallen(a)linux.ibm.com> ibmvnic: Fix error recovery on login failure Randy Dunlap <rdunlap(a)infradead.org> net/ethernet/freescale/fman: fix cross-build error Stephen Hemminger <stephen(a)networkplumber.org> hv/netvsc: fix handling of fallback to single queue mode Dan Carpenter <dan.carpenter(a)oracle.com> drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Wei Yongjun <weiyongjun1(a)huawei.com> pinctrl: nsp: Fix potential NULL dereference Dan Carpenter <dan.carpenter(a)oracle.com> pinctrl: nsp: off by ones in nsp_pinmux_enable() Paul Cercueil <paul(a)crapouillou.net> pinctrl: ingenic: Fix inverted direction for < JZ4770 Yuchung Cheng <ycheng(a)google.com> tcp: remove DELAYED ACK events in DCTCP Dan Carpenter <dan.carpenter(a)oracle.com> qlogic: check kstrtoul() for errors Willem de Bruijn <willemb(a)google.com> packet: reset network header if packet shorter than ll reserved space Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: suppress warnings from 'getconf LFS_*' Laura Abbott <labbott(a)redhat.com> tools: build: Use HOSTLDFLAGS with fixdep Alexander Duyck <alexander.h.duyck(a)intel.com> ixgbe: Be more careful when modifying MAC filters Adam Ford <aford173(a)gmail.com> ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Nishanth Menon <nm(a)ti.com> ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Steven Rostedt (VMware) <rostedt(a)goodmis.org> ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Kamal Heib <kamalheib1(a)gmail.com> RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Dave Jiang <dave.jiang(a)intel.com> nfit: fix unchecked dereference in acpi_nfit_ctl Janne Huttunen <janne.huttunen(a)nokia.com> perf script python: Fix dict reference counting Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix compilation errors on gcc8 Kim Phillips <kim.phillips(a)arm.com> perf llvm-utils: Remove bashism from kernel include fetch script Manish Rangankar <manish.rangankar(a)cavium.com> scsi: qedi: Send driver state to MFW Saurav Kashyap <saurav.kashyap(a)cavium.com> scsi: qedf: Send the driver state to MFW Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix for system hang if request_irq fails Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Always set output parameters in bnxt_get_max_rings(). Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic. Peter Zijlstra <peterz(a)infradead.org> ARC: Improve cmpxchg syscall implementation Andrey Ryabinin <aryabinin(a)virtuozzo.com> netfilter: nf_conntrack: Fix possible possible crash on module loading. Florian Westphal <fw(a)strlen.de> netfilter: nft_compat: explicitly reject ERROR and standard target Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix irq handling Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix colorkey mode property Mikko Perttunen <mperttunen(a)nvidia.com> drm/tegra: Fix comparison operator for buffer size Dmitry Osipenko <digetx(a)gmail.com> gpu: host1x: Check whether size of unpin isn't 0 Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: use __func__ macro for debug messages Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem Douglas Anderson <dianders(a)chromium.org> nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us Davide Caratti <dcaratti(a)redhat.com> net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Daniel Mack <daniel(a)zonque.org> ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> ravb: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> ravb: fix invalid context bug while calling auto-negotiation by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> sh_eth: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> sh_eth: fix invalid context bug while calling auto-negotiation by ethtool Arun Kumar Neelakantam <aneela(a)codeaurora.org> net: qrtr: Broadcast messages only from control port Paul Moore <paul(a)paul-moore.com> ipv6: make ipv6_renew_options() interrupt/kernel safe Florian Westphal <fw(a)strlen.de> netfilter: x_tables: set module owner for icmp(6) matches Lubomir Rintel <lkundrak(a)v3.sk> ieee802154: 6lowpan: set IFLA_LINK Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: Check the error of write() and read() Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: Check the result of system() Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: add missing <linux/if_vlan.h> Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: Fix display of packed pixel modes Yuiko Oshino <yuiko.oshino(a)microchip.com> smsc75xx: Add workaround for gigabit link up hardware errata. Zhen Lei <thunder.leizhen(a)huawei.com> kasan: fix shadow_size calculation error in kasan_module_alloc Mathieu Malaterre <malat(a)debian.org> tracing: Use __printf markup to silence compiler Mauricio Vasquez B <mauricio.vasquez(a)polito.it> bpf: hash map: decrement counter on error Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v4_v5_defconfig: Select ULPI support Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v6_v7_defconfig: Select ULPI support Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Zhenzhong Duan <zhenzhong.duan(a)oracle.com> x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix swapped emit_ib_size in vce3 Hangbin Liu <liuhangbin(a)gmail.com> ipvlan: call dev_change_flags when ipvlan mode is reset Josh Poimboeuf <jpoimboe(a)redhat.com> objtool: Support GCC 8 '-fnoreorder-functions' Greg Ungerer <gerg(a)linux-m68k.org> m68k: fix "bad page state" oops on ColdFire boot Stafford Horne <shorne(a)gmail.com> openrisc: entry: Fix delay slot exception detection Dave Jiang <dave.jiang(a)intel.com> acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value Madalin Bucur <madalin.bucur(a)nxp.com> dpaa_eth: DPAA SGT needs to be 256B Madalin Bucur <madalin.bucur(a)nxp.com> fsl/fman: fix parser reporting bad checksum on short frames Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> bnx2x: Fix receiving tx-timeout in error or recovery state. Nicholas Mc Guire <hofrat(a)osadl.org> PCI: faraday: Add missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> PCI: xilinx-nwl: Add missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> PCI: xilinx: Add missing of_node_put() Daniel Borkmann <daniel(a)iogearbox.net> bpf, s390: fix potential memleak when later bpf_jit_prog fails Bart Van Assche <bart.vanassche(a)wdc.com> drbd: Fix drbd_request_prepare() discard handling Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix WINCONx reset value Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes Johannes Berg <johannes.berg(a)intel.com> nl80211: check nla_parse_nested() return values Bob Copeland <me(a)bobcopeland.com> nl80211: relax ht operation checks for mesh Jeff Moyer <jmoyer(a)redhat.com> dev-dax: check_vma: ratelimit dev_info-s BingJing Chang <bingjingc(a)synology.com> md/raid10: fix that replacement cannot complete recovery after reassemble Ryan Hsu <ryanhsu(a)codeaurora.org> ath10k: update the phymode along with bandwidth change request Dan Carpenter <dan.carpenter(a)oracle.com> dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() Marek Szyprowski <m.szyprowski(a)samsung.com> dmaengine: pl330: report BURST residue granularity Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> ARM64: dts: meson-gxl: fix Mali GPU compatible string Keerthy <j-keerthy(a)ti.com> ARM: dts: da850: Fix interrups property for gpio Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn: Do minor cleanups Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs Chengguang Xu <cgxu519(a)gmx.com> nfp: cast sizeof() to int when comparing with error code Eli Cohen <eli(a)mellanox.com> net/mlx5: E-Switch, Disallow vlan/spoofcheck setup if not being esw manager Yan, Zheng <zyan(a)redhat.com> ceph: fix dentry leak in splice_dentry() Jann Horn <jannh(a)google.com> netfilter: nf_log: fix uninit read in nf_log_proc_dostring Adam Ford <aford173(a)gmail.com> ARM: davinci: board-da850-evm: fix WP pin polarity for MMC/SD Jiri Olsa <jolsa(a)kernel.org> perf bench: Fix numa report output code Yonghong Song <yhs(a)fb.com> perf tools: Fix a clang 7.0 compilation error Sandipan Das <sandipan(a)linux.ibm.com> perf report powerpc: Fix crash if callchain is empty Thomas Richter <tmricht(a)linux.ibm.com> perf test session topology: Fix test on s390 Thomas Richter <tmricht(a)linux.ibm.com> perf record: Support s390 random socket_id assignment Dirk Gouders <dirk(a)gouders.net> kconfig: fix line numbers for if-entries in menu tree Dan Carpenter <dan.carpenter(a)oracle.com> typec: tcpm: Fix a msecs vs jiffies bug Hans de Goede <hdegoede(a)redhat.com> NFC: pn533: Fix wrong GFP flag usage Ajay Gupta <ajaykuee(a)gmail.com> usb: xhci: increase CRS timeout value Dongjiu Geng <gengdongjiu(a)huawei.com> usb: xhci: remove the code build warning Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Daniel Mack <daniel(a)zonque.org> ARM: dts: am437x: make edt-ft5x06 a wakeup source Michael Trimarchi <michael(a)amarulasolutions.com> brcmfmac: stop watchdog before detach and free everything Tomasz Duszynski <tduszyns(a)gmail.com> iio: pressure: bmp280: fix relative humidity unit Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: when disabling dcb set txq dcb priority to 0 Linus Lüssing <linus.luessing(a)c0d3.blue> batman-adv: Fix multicast TT issues with bogus ROAM flags Linus Lüssing <linus.luessing(a)c0d3.blue> batman-adv: Avoid storing non-TT-sync flags on singular entries too Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix bat_v best gw refcnt after netlink dump Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump Rob Herring <robh(a)kernel.org> arm64: dts: msm8916: fix Coresight ETF graph connections Casey Schaufler <casey(a)schaufler-ca.com> Smack: Mark inode instant in smack_task_to_inode Hangbin Liu <liuhangbin(a)gmail.com> ipv6: mcast: fix unsolicited report interval after receiving querys Zhenzhong Duan <zhenzhong.duan(a)oracle.com> x86/microcode/intel: Fix memleak in save_microcode_patch() Geert Uytterhoeven <geert(a)linux-m68k.org> mtd: dataflash: Use ULL suffix for 64-bit constants Jeffrin Jose T <ahiliation(a)gmail.com> selftests: bpf: notification about privilege required to run test_kmod.sh testing script Steven Rostedt (VMware) <rostedt(a)goodmis.org> locking/lockdep: Do not record IRQ state within lockdep code Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: fix display of packed pixel modes in MHL2 Ard Biesheuvel <ard.biesheuvel(a)linaro.org> KVM: arm/arm64: Drop resource size check for GICV window Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> sctp: fix erroneous inc of snmp SctpFragUsrMsgs Bartosz Golaszewski <bgolaszewski(a)baylibre.com> net: davinci_emac: match the mdio device against its compatible if possible Doron Roberts-Kedes <doronrk(a)fb.com> nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag. Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Dan Carpenter <dan.carpenter(a)oracle.com> block: sed-opal: Fix a couple off by one bugs Max Gurtuvoy <maxg(a)mellanox.com> nvmet: reset keep alive timer in controller enable Dinh Nguyen <dinguyen(a)kernel.org> net: stmmac: socfpga: add additional ocp reset line for Stratix10 Li RongQing <lirongqing(a)baidu.com> net: propagate dev_get_valid_name return code Stefan Agner <stefan(a)agner.ch> net: hamradio: use eth_broadcast_addr Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: initialize enic->rfs_h.lock in enic_probe Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Do not advertise DCBX_LLD_MANAGED capability. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Add sanity check for SIMD fastpath handler. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Fix possible memory leak in Rx error path handling. Zhizhou Zhang <zhizhouzhang(a)asrmicro.com> arm64: make secondary_start_kernel() notrace Marek Szyprowski <m.szyprowski(a)samsung.com> arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag Zhouyang Jia <jiazhouyang09(a)gmail.com> xen/scsiback: add error handling for xenbus_printf Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: xen-scsifront: add error handling for xenbus_printf Trond Myklebust <trond.myklebust(a)hammerspace.com> pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception Zhouyang Jia <jiazhouyang09(a)gmail.com> xen: add error handling for xenbus_printf Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation Grigor Tovmasyan <Grigor.Tovmasyan(a)synopsys.com> usb: gadget: dwc2: fix memory leak in gadget_init() Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: gadget: composite: fix delayed_status race condition when set_interface William Wu <william.wu(a)rock-chips.com> usb: dwc2: fix isoc split in transfer with no data William Wu <william.wu(a)rock-chips.com> usb: dwc2: alloc dma aligned buffer for isoc split in John Garry <john.garry(a)huawei.com> libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Vijay Immanuel <vijayi(a)attalasystems.com> IB/rxe: Fix missing completion for mem_reg work requests Ayan Kumar Halder <ayan.halder(a)arm.com> drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format Alison Wang <alison.wang(a)nxp.com> drm: mali-dp: Enable Global SE interrupts mask for DP500 Hoan Tran <hoan.tran(a)amperecomputing.com> drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error Ray Jui <ray.jui(a)broadcom.com> arm64: dts: Stingray: Fix I2C controller interrupt type Ray Jui <ray.jui(a)broadcom.com> arm64: dts: ns2: Fix PCIe controller interrupt type Ray Jui <ray.jui(a)broadcom.com> arm64: dts: ns2: Fix I2C controller interrupt type Scott Branden <scott.branden(a)broadcom.com> arm64: dts: specify 1.8V EMMC capabilities for bcm958742t Scott Branden <scott.branden(a)broadcom.com> arm64: dts: specify 1.8V EMMC capabilities for bcm958742k Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix PCIe controller interrupt type Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix I2C controller interrupt type Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: BCM5301x: Fix i2c controller interrupt type Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: NSP: Fix PCIe controllers interrupt types Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: NSP: Fix i2c controller interrupt type Fathi Boudra <fathi.boudra(a)linaro.org> selftests: sync: add config fragment for testing sync framework Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: vm: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: zram: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: user: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: sysctl: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: static_keys: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: pstore: return Kselftest Skip code for skipped tests Gao Feng <gfree.wind(a)vip.163.com> netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister Eric Dumazet <edumazet(a)google.com> netfilter: ipv6: nf_defrag: reduce struct net memory waste Mika Westerberg <mika.westerberg(a)linux.intel.com> ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th Johan Hovold <johan(a)kernel.org> usb: dwc3: of-simple: fix use-after-free on remove Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() Vincent Pelletier <plr.vincent(a)gmail.com> usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for Intel IceLake Anson Huang <Anson.Huang(a)nxp.com> soc: imx: gpcv2: correct PGC offset Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Fix loop limit Alexey Brodkin <abrodkin(a)synopsys.com> ARC: Explicitly add -mmedium-calls to CFLAGS Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: fix potential buffer overflow Andrzej Hajda <a.hajda(a)samsung.com> drm/bridge/sii8620: fix loops in EDID fetch logic Christophe Jaillet <christophe.jaillet(a)wanadoo.fr> IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' Lucas Stach <l.stach(a)pengutronix.de> Input: synaptics-rmi4 - fix axis-swap behavior Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix error index for pmu event parser Dong Jia Shi <bjsdjshi(a)linux.vnet.ibm.com> vfio: ccw: fix error return in vfio_ccw_sch_event Viresh Kumar <viresh.kumar(a)linaro.org> arm: dts: armada: Fix "#cooling-cells" property's name Matthijs van Duin <matthijsvanduin(a)gmail.com> pty: fix O_CLOEXEC for TIOCGPTPEER Takashi Iwai <tiwai(a)suse.de> EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/i915/kvmgt: Fix potential Spectre v1 Jeremy Cline <jcline(a)redhat.com> ext4: fix spectre gadget in ext4_mb_regular_allocator() ------------- Diffstat: Makefile | 10 +- arch/arc/Makefile | 15 +-- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arc/kernel/process.c | 47 +++++++-- arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/armada-385-synology-ds116.dts | 2 +- arch/arm/boot/dts/bcm-cygnus.dtsi | 24 ++--- arch/arm/boot/dts/bcm-nsp.dtsi | 32 +++--- arch/arm/boot/dts/bcm5301x.dtsi | 2 +- arch/arm/boot/dts/da850.dtsi | 6 +- arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi | 2 +- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/mach-davinci/board-da850-evm.c | 2 +- arch/arm/mach-omap2/omap-smp.c | 41 ++++++++ arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++ arch/arm64/boot/dts/amlogic/meson-gxl-mali.dtsi | 2 +- arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 8 +- .../boot/dts/broadcom/stingray/bcm958742k.dts | 4 + .../boot/dts/broadcom/stingray/bcm958742t.dts | 4 + .../arm64/boot/dts/broadcom/stingray/stingray.dtsi | 4 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 +- arch/arm64/kernel/smp.c | 2 +- arch/arm64/mm/dma-mapping.c | 9 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- arch/openrisc/kernel/entry.S | 8 +- arch/openrisc/kernel/head.S | 9 +- arch/openrisc/kernel/traps.c | 2 +- arch/parisc/include/asm/spinlock.h | 8 +- arch/parisc/kernel/syscall.S | 24 ++--- arch/s390/net/bpf_jit_comp.c | 1 + arch/x86/kernel/cpu/microcode/intel.c | 5 +- arch/x86/kernel/kvmclock.c | 1 + arch/x86/kernel/smpboot.c | 5 + block/sed-opal.c | 4 +- drivers/acpi/ec.c | 20 ++++ drivers/acpi/nfit/core.c | 4 + drivers/ata/libahci.c | 7 +- drivers/block/drbd/drbd_req.c | 4 +- drivers/block/nbd.c | 40 ++++++-- drivers/dax/device.c | 12 ++- drivers/dma/k3dma.c | 2 +- drivers/dma/pl330.c | 2 +- drivers/edac/edac_mc.c | 1 + drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 +- drivers/gpu/drm/arm/malidp_hw.c | 3 +- drivers/gpu/drm/arm/malidp_planes.c | 5 +- drivers/gpu/drm/armada/armada_crtc.c | 12 ++- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 ++++-- drivers/gpu/drm/bridge/sil-sii8620.c | 41 +++++--- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 ++++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/i915/gvt/kvmgt.c | 9 +- drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/gpu/drm/tegra/drm.c | 2 +- drivers/gpu/host1x/job.c | 3 +- drivers/hid/wacom_wac.c | 10 +- drivers/hwmon/nct6775.c | 2 +- drivers/i2c/busses/i2c-imx.c | 8 +- drivers/i2c/i2c-core-acpi.c | 11 +- drivers/iio/pressure/bmp280-core.c | 5 +- drivers/infiniband/hw/mlx4/mr.c | 7 +- drivers/infiniband/hw/mlx5/srq.c | 18 ++-- drivers/infiniband/sw/rxe/rxe_req.c | 3 + drivers/input/rmi4/rmi_2d_sensor.c | 34 +++---- drivers/md/raid10.c | 7 ++ drivers/mtd/devices/mtd_dataflash.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 ++ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 ++ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 ++- drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 ++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 15 +-- drivers/net/ethernet/freescale/fman/fman_port.c | 8 ++ drivers/net/ethernet/ibm/ibmvnic.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 ++- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 12 +-- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 - .../net/ethernet/netronome/nfp/nfpcore/nfp_nffw.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 ++- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++-- drivers/net/ethernet/renesas/ravb_main.c | 56 +++-------- drivers/net/ethernet/renesas/sh_eth.c | 59 +++-------- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 +++- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 +- drivers/net/hyperv/rndis_filter.c | 1 + drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/ipvlan/ipvlan_main.c | 36 +++++-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 ++++++++++++ drivers/net/wireless/ath/ath10k/mac.c | 16 ++- drivers/net/wireless/ath/ath10k/wmi.h | 1 + .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 ++ drivers/nfc/pn533/usb.c | 4 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/target/core.c | 8 ++ drivers/nvmem/core.c | 4 + drivers/pci/host/pci-ftpci100.c | 2 + drivers/pci/host/pci-versatile.c | 2 +- drivers/pci/host/pcie-xilinx-nwl.c | 2 +- drivers/pci/host/pcie-xilinx.c | 1 + drivers/pci/hotplug/pci_hotplug_core.c | 9 ++ drivers/pci/hotplug/pciehp.h | 1 + drivers/pci/hotplug/pciehp_core.c | 7 ++ drivers/pci/hotplug/pciehp_hpc.c | 18 +--- drivers/pci/pci.c | 38 +++++++ drivers/pci/probe.c | 4 + drivers/perf/xgene_pmu.c | 2 +- drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 +- drivers/pinctrl/pinctrl-ingenic.c | 2 +- drivers/s390/cio/vfio_ccw_drv.c | 5 +- drivers/scsi/qedf/qedf_main.c | 12 +++ drivers/scsi/qedi/qedi_main.c | 11 ++ drivers/scsi/xen-scsifront.c | 33 ++++-- drivers/soc/imx/gpc.c | 21 ++++ drivers/soc/imx/gpcv2.c | 13 ++- drivers/staging/typec/tcpm.c | 3 +- drivers/tty/pty.c | 2 +- drivers/usb/dwc2/core.h | 3 + drivers/usb/dwc2/gadget.c | 15 ++- drivers/usb/dwc2/hcd.c | 89 ++++++++++++++++- drivers/usb/dwc2/hcd.h | 8 ++ drivers/usb/dwc2/hcd_intr.c | 11 +- drivers/usb/dwc2/hcd_queue.c | 3 + drivers/usb/dwc3/dwc3-of-simple.c | 3 +- drivers/usb/dwc3/dwc3-pci.c | 2 + drivers/usb/gadget/composite.c | 3 + drivers/usb/gadget/function/f_fs.c | 26 +++-- drivers/usb/host/xhci-tegra.c | 2 +- drivers/usb/host/xhci.c | 7 +- drivers/xen/manage.c | 18 +++- drivers/xen/xen-scsiback.c | 16 ++- fs/btrfs/scrub.c | 17 ++-- fs/ceph/inode.c | 1 + fs/ext4/mballoc.c | 4 +- fs/f2fs/segment.c | 32 +++++- fs/f2fs/segment.h | 22 +++- fs/nfs/nfs4proc.c | 17 ++-- fs/reiserfs/xattr.c | 4 +- include/linux/fsl/guts.h | 1 + include/linux/pci.h | 2 + include/net/ipv6.h | 9 +- include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tc_act/tc_tunnel_key.h | 1 - include/net/tcp.h | 2 - include/uapi/linux/nbd.h | 3 + kernel/bpf/hashtab.c | 16 ++- kernel/locking/lockdep.c | 12 +-- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 +- net/batman-adv/bat_iv_ogm.c | 4 +- net/batman-adv/bat_v.c | 4 +- net/batman-adv/translation-table.c | 7 +- net/core/dev.c | 4 +- net/ieee802154/6lowpan/core.c | 6 ++ net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 ----- net/ipv4/tcp_output.c | 4 - net/ipv6/calipso.c | 9 +- net/ipv6/exthdrs.c | 111 ++++++--------------- net/ipv6/ipv6_sockglue.c | 27 +++-- net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_helper.c | 5 + net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/netfilter/nf_log.c | 4 + net/netfilter/nft_compat.c | 13 +++ net/packet/af_packet.c | 12 ++- net/qrtr/qrtr.c | 4 + net/sched/act_tunnel_key.c | 6 +- net/sctp/chunk.c | 4 +- net/smc/af_smc.c | 3 +- net/wireless/nl80211.c | 35 +++---- net/xfrm/xfrm_user.c | 8 +- samples/bpf/parse_varlen.c | 6 +- samples/bpf/test_overhead_user.c | 19 +++- samples/bpf/trace_event_user.c | 27 ++++- scripts/kconfig/zconf.y | 4 +- security/smack/smack_lsm.c | 1 + sound/core/seq/seq_clientmgr.c | 3 +- tools/build/Makefile | 2 +- tools/objtool/elf.c | 41 +++++--- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/arch/x86/util/perf_regs.c | 2 +- tools/perf/bench/numa.c | 5 +- tools/perf/jvmti/jvmti_agent.c | 3 +- tools/perf/tests/topology.c | 1 + tools/perf/util/c++/clang.cpp | 11 +- tools/perf/util/header.c | 10 +- tools/perf/util/llvm-utils.c | 6 +- tools/perf/util/parse-events.y | 5 + .../util/scripting-engines/trace-event-python.c | 8 +- tools/testing/selftests/bpf/test_kmod.sh | 9 ++ .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/sysctl/sysctl.sh | 20 ++-- tools/testing/selftests/user/test_user_copy.sh | 7 ++ tools/testing/selftests/vm/compaction_test.c | 4 +- tools/testing/selftests/vm/mlock2-tests.c | 12 ++- tools/testing/selftests/vm/run_vmtests | 5 +- tools/testing/selftests/vm/userfaultfd.c | 4 +- tools/testing/selftests/x86/sigreturn.c | 59 ++++++----- tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- virt/kvm/arm/vgic/vgic-v3.c | 5 - virt/kvm/eventfd.c | 11 +- 225 files changed, 1564 insertions(+), 778 deletions(-)

6 years, 10 months

5
212
0 0

[PATCH 4.17 000/324] 4.17.19-stable review

by Greg Kroah-Hartman

NOTE, this is going to be the LAST 4.17.y kernel release. Please move to the 4.18.y tree at this point in time if you have not already. After this release, 4.17.y will be end-of-life. This is the start of the stable review cycle for the 4.17.19 release. There are 324 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Aug 25 07:48:40 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.17.19-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.17.19-rc1 Jann Horn <jannh(a)google.com> reiserfs: fix broken xattr handling (heap corruption, bad retval) Esben Haabendal <eha(a)deif.com> i2c: imx: Fix race condition in dma read Hans de Goede <hdegoede(a)redhat.com> i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix unprotected list iteration in IRQ handler Lukas Wunner <lukas(a)wunner.de> PCI: pciehp: Fix use-after-free on unplug Myron Stowe <myron.stowe(a)redhat.com> PCI: Skip MPS logic for Virtual Functions (VFs) Lukas Wunner <lukas(a)wunner.de> PCI: hotplug: Don't leak pci_slot on registration failure Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI / ACPI / PM: Resume all bridges on suspend-to-RAM Christian König <ckoenig.leichtzumerken(a)gmail.com> PCI: Restore resized BAR state on resume Ursula Braun <ubraun(a)linux.ibm.com> net/smc: no shutdown in state SMC_LISTEN Willem de Bruijn <willemb(a)google.com> packet: refine ring v3 block size test to hold one frame Florian Westphal <fw(a)strlen.de> netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state Eric Dumazet <edumazet(a)google.com> xfrm_user: prevent leaking 2 bytes of kernel memory John David Anglin <dave.anglin(a)bell.net> parisc: Remove ordered stores from syscall.S John David Anglin <dave.anglin(a)bell.net> parisc: Remove unnecessary barriers from spinlock.h Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/amdgpu/pm: Fix potential Spectre v1 Gustavo A. R. Silva <gustavo(a)embeddedor.com> drm/i915/kvmgt: Fix potential Spectre v1 Jeremy Cline <jcline(a)redhat.com> ext4: fix spectre gadget in ext4_mb_regular_allocator() Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/init: Remove freed kernel image areas from alias mapping Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/init: Add helper for freeing kernel image pages Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm/init: Pass unconverted symbol addresses to free_init_pages() Dave Hansen <dave.hansen(a)linux.intel.com> mm: Allow non-direct-map arguments to free_reserved_area() Matthijs van Duin <matthijsvanduin(a)gmail.com> pty: fix O_CLOEXEC for TIOCGPTPEER Takashi Iwai <tiwai(a)suse.de> EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] Linus Torvalds <torvalds(a)linux-foundation.org> mm: make vm_area_alloc() initialize core fields Linus Torvalds <torvalds(a)linux-foundation.org> mm: make vm_area_dup() actually copy the old vma data Linus Torvalds <torvalds(a)linux-foundation.org> mm: use helper functions for allocating and freeing vm_area structs Roland Dreier <roland(a)purestorage.com> nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD Damien Thébault <damien(a)dtbo.net> platform/x86: dell-laptop: Fix backlight detection Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch Robin H. Johnson <robbat2(a)gentoo.org> ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems Anson Huang <Anson.Huang(a)nxp.com> soc: imx: gpc: restrict register range for regmap access Randy Dunlap <rdunlap(a)infradead.org> tcp: identify cryptic messages as TCP seq # bugs Alexander Sverdlin <alexander.sverdlin(a)nokia.com> net: cavium: Add fine-granular dependencies on PCI Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Fix log level if probe fails Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Make sure the QCA7000 reset is triggered Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Avoid packet drop during initial sync Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: v3-semi: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: mediatek: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: faraday: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: aardvark: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: designware: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: versatile: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: xgene: Fix I/O space page leak Sergei Shtylyov <sergei.shtylyov(a)cogentembedded.com> PCI: OF: Fix I/O space page leak Karsten Graul <kgraul(a)linux.ibm.com> net/smc: reset recv timeout after clc handshake Peng Hao <peng.hao2(a)zte.com.cn> kvmclock: fix TSC calibration for nested guests David Lechner <david(a)lechnology.com> net: usb: rtl8150: demote allmulti message to dev_dbg() Alexander Sverdlin <alexander.sverdlin(a)nsn.com> octeon_mgmt: Fix MIX registers configuration on MTU setup Scott Bauer <scott.bauer(a)intel.com> nvme: ensure forward progress during Admin passthru Qu Wenruo <wqu(a)suse.com> btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() Pavel Machek <pavel(a)ucw.cz> ARM: dts: omap4-droid4: fix dts w.r.t. pwm John Allen <jallen(a)linux.ibm.com> ibmvnic: Fix error recovery on login failure Randy Dunlap <rdunlap(a)infradead.org> net/ethernet/freescale/fman: fix cross-build error Stephen Hemminger <stephen(a)networkplumber.org> hv/netvsc: fix handling of fallback to single queue mode Thomas Falcon <tlfalcon(a)linux.vnet.ibm.com> ibmvnic: Revise RX/TX queue error messages Frank Rowand <frank.rowand(a)sony.com> of: overlay: update phandle cache on overlay apply and remove Dan Carpenter <dan.carpenter(a)oracle.com> drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Fix switched_from_dl() warning Jim Mattson <jmattson(a)google.com> kvm: nVMX: Restore exit qual for VM-entry failure due to MSR loading piaojun <piaojun(a)huawei.com> net/9p/client.c: put refcount of trans_mod in error case in parse_opts() Wei Yongjun <weiyongjun1(a)huawei.com> pinctrl: nsp: Fix potential NULL dereference Dan Carpenter <dan.carpenter(a)oracle.com> pinctrl: nsp: off by ones in nsp_pinmux_enable() Paul Cercueil <paul(a)crapouillou.net> pinctrl: ingenic: Fix inverted direction for < JZ4770 Yuchung Cheng <ycheng(a)google.com> tcp: remove DELAYED ACK events in DCTCP Dan Carpenter <dan.carpenter(a)oracle.com> qlogic: check kstrtoul() for errors Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: fix alarm read and set offset Willem de Bruijn <willemb(a)google.com> packet: reset network header if packet shorter than ll reserved space Bert Kenward <bkenward(a)solarflare.com> sfc: hold filter_sem consistently during reset Bert Kenward <bkenward(a)solarflare.com> sfc: avoid hang from nested use of the filter_sem Masahiro Yamada <yamada.masahiro(a)socionext.com> kbuild: suppress warnings from 'getconf LFS_*' Laura Abbott <labbott(a)redhat.com> tools: build: Use HOSTLDFLAGS with fixdep Laura Abbott <labbott(a)redhat.com> tools: build: Fixup host c flags Dan Carpenter <dan.carpenter(a)oracle.com> ixgbe: Off by one in ixgbe_ipsec_tx() David Francis <David.Francis(a)amd.com> amd/dc/dce100: On dce100, set clocks to 0 on suspend Alexander Duyck <alexander.h.duyck(a)intel.com> ixgbe: Be more careful when modifying MAC filters Adam Ford <aford173(a)gmail.com> ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller Nishanth Menon <nm(a)ti.com> ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores Russell King <rmk+kernel(a)armlinux.org.uk> sfp: fix module initialisation with netdev already up Russell King <rmk+kernel(a)armlinux.org.uk> sfp: ensure we clean up properly on bus registration failure Steven Rostedt (VMware) <rostedt(a)goodmis.org> ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot Kamal Heib <kamalheib1(a)gmail.com> RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path Dave Jiang <dave.jiang(a)intel.com> nfit: fix unchecked dereference in acpi_nfit_ctl Jeremy Cline <jcline(a)redhat.com> perf tools: Use python-config --includes rather than --cflags Janne Huttunen <janne.huttunen(a)nokia.com> perf script python: Fix dict reference counting Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix compilation errors on gcc8 Kim Phillips <kim.phillips(a)arm.com> perf test shell: Prevent temporary editor files from being considered test scripts Kim Phillips <kim.phillips(a)arm.com> perf llvm-utils: Remove bashism from kernel include fetch script Manish Rangankar <manish.rangankar(a)cavium.com> scsi: qedi: Send driver state to MFW Saurav Kashyap <saurav.kashyap(a)cavium.com> scsi: qedf: Send the driver state to MFW Don Brace <don.brace(a)microsemi.com> scsi: hpsa: correct enclosure sas address Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: Fix tc and ip paths in xdp2skb_meta.sh Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix for system hang if request_irq fails Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Do not modify max IRQ count after RDMA driver requests/frees IRQs. Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Always set output parameters in bnxt_get_max_rings(). Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic. Venkat Duvvuru <venkatkumar.duvvuru(a)broadcom.com> bnxt_en: Fix the vlan_tci exact match check. Peter Zijlstra <peterz(a)infradead.org> ARC: Improve cmpxchg syscall implementation Gustavo Pimentel <gustavo.pimentel(a)synopsys.com> ARC: [plat-hsdk]: Configure APB GPIO controller on ARC HSDK platform Andrey Ryabinin <aryabinin(a)virtuozzo.com> netfilter: nf_conntrack: Fix possible possible crash on module loading. Florian Westphal <fw(a)strlen.de> netfilter: nft_compat: explicitly reject ERROR and standard target Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix irq handling Russell King <rmk+kernel(a)armlinux.org.uk> drm/armada: fix colorkey mode property Michael Hennerich <michael.hennerich(a)analog.com> net: ieee802154: adf7242: Fix OCL calibration runs Michael Hennerich <michael.hennerich(a)analog.com> net: ieee802154: adf7242: Fix erroneous RX enable Mikko Perttunen <mperttunen(a)nvidia.com> drm/tegra: Fix comparison operator for buffer size Dmitry Osipenko <digetx(a)gmail.com> gpu: host1x: Check whether size of unpin isn't 0 Dmitry Osipenko <digetx(a)gmail.com> gpu: host1x: Skip IOMMU initialization if firewall is enabled Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: use __func__ macro for debug messages Stefan Schmidt <stefan(a)datenfreihafen.org> ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem Arnd Bergmann <arnd(a)arndb.de> drm/sun4i: link in front-end code if needed Paolo Abeni <pabeni(a)redhat.com> ipfrag: really prevent allocation on netns exit John Fastabend <john.fastabend(a)gmail.com> bpf: fix sk_skb programs without skb->dev assigned Douglas Anderson <dianders(a)chromium.org> nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us Davide Caratti <dcaratti(a)redhat.com> net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used Davide Caratti <dcaratti(a)redhat.com> net/sched: act_csum: fix NULL dereference when 'goto chain' is used Harini Katakam <harini.katakam(a)xilinx.com> net: macb: Free RX ring for all queues Daniel Mack <daniel(a)zonque.org> ARM: pxa: irq: fix handling of ICMR registers in suspend/resume Casey Leedom <leedom(a)chelsio.com> cxgb4: assume flash part size to be 4MB, if it can't be determined Jon Maloy <jon.maloy(a)ericsson.com> tipc: make function tipc_net_finalize() thread safe Jon Maloy <jon.maloy(a)ericsson.com> tipc: fix correct setting of message type in second discoverer Jon Maloy <jon.maloy(a)ericsson.com> tipc: correct discovery message handling during address trial period Jon Maloy <jon.maloy(a)ericsson.com> tipc: fix wrong return value from function tipc_node_try_addr() Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> ravb: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> ravb: fix invalid context bug while calling auto-negotiation by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> sh_eth: fix invalid context bug while changing link options by ethtool Vladimir Zapolskiy <vladimir_zapolskiy(a)mentor.com> sh_eth: fix invalid context bug while calling auto-negotiation by ethtool Arun Kumar Neelakantam <aneela(a)codeaurora.org> net: qrtr: Reset the node and port ID of broadcast messages Arun Kumar Neelakantam <aneela(a)codeaurora.org> net: qrtr: Broadcast messages only from control port Paul Moore <paul(a)paul-moore.com> ipv6: make ipv6_renew_options() interrupt/kernel safe Dan Carpenter <dan.carpenter(a)oracle.com> qed: off by one in qed_parse_mcp_trace_buf() Florian Westphal <fw(a)strlen.de> netfilter: x_tables: set module owner for icmp(6) matches Lubomir Rintel <lkundrak(a)v3.sk> ieee802154: 6lowpan: set IFLA_LINK Arnd Bergmann <arnd(a)arndb.de> ieee802154: mcr20a: add missing includes Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: Check the error of write() and read() Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: Check the result of system() Taeung Song <treeze.taeung(a)gmail.com> samples/bpf: add missing <linux/if_vlan.h> Jim Wilson <jimw(a)sifive.com> RISC-V: Fix PTRACE_SETREGSET bug. Palmer Dabbelt <palmer(a)sifive.com> RISC-V: Don't include irq-riscv-intc.h Andreas Schwab <schwab(a)suse.de> RISC-V: fix R_RISCV_ADD32/R_RISCV_SUB32 relocations Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: Fix display of packed pixel modes Yuiko Oshino <yuiko.oshino(a)microchip.com> smsc75xx: Add workaround for gigabit link up hardware errata. Wang Dongsheng <dongsheng.wang(a)hxt-semitech.com> net: phy: marvell: change default m88e1510 LED configuration Zhen Lei <thunder.leizhen(a)huawei.com> kasan: fix shadow_size calculation error in kasan_module_alloc Mathieu Malaterre <malat(a)debian.org> tracing: Use __printf markup to silence compiler Mauricio Vasquez B <mauricio.vasquez(a)polito.it> bpf: hash map: decrement counter on error Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix mac address change Doron Roberts-Kedes <doronrk(a)fb.com> tls: fix skb_to_sgvec returning unhandled error. Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v4_v5_defconfig: Select ULPI support Fabio Estevam <fabio.estevam(a)nxp.com> ARM: imx_v6_v7_defconfig: Select ULPI support Jason Gerecke <killertofu(a)gmail.com> HID: wacom: Correct touch maximum XY of 2nd-gen Intuos Zhenzhong Duan <zhenzhong.duan(a)oracle.com> x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() Peter Zijlstra <peterz(a)infradead.org> kthread, sched/core: Fix kthread_parkme() (again...) Vincent Guittot <vincent.guittot(a)linaro.org> sched/util_est: Fix util_est_dequeue() for throttled cfs_rq Xunlei Pang <xlpang(a)linux.alibaba.com> sched/fair: Fix bandwidth timer clock drift condition Frederic Weisbecker <frederic(a)kernel.org> sched/nohz: Skip remote tick on idle task entirely Greentime Hu <greentime(a)andestech.com> nds32: Fix the dts pointer is not passed correctly issue. Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix swapped emit_ib_size in vce3 Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: xhci: dbc: Don't decrement runtime PM counter if DBC is not started Hangbin Liu <liuhangbin(a)gmail.com> ipvlan: call dev_change_flags when ipvlan mode is reset Josh Poimboeuf <jpoimboe(a)redhat.com> objtool: Support GCC 8 '-fnoreorder-functions' Greg Ungerer <gerg(a)linux-m68k.org> m68k: fix "bad page state" oops on ColdFire boot Eric Biggers <ebiggers(a)google.com> crypto: arm/speck - fix building in Thumb2 mode Stafford Horne <shorne(a)gmail.com> openrisc: entry: Fix delay slot exception detection Vishal Verma <vishal.l.verma(a)intel.com> tools/testing/nvdimm: advertise a write cache for nfit_test Dave Jiang <dave.jiang(a)intel.com> acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: consistently re-enable device features Madalin Bucur <madalin.bucur(a)nxp.com> dpaa_eth: DPAA SGT needs to be 256B Madalin Bucur <madalin.bucur(a)nxp.com> fsl/fman: fix parser reporting bad checksum on short frames Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> bnx2x: Fix receiving tx-timeout in error or recovery state. Nicholas Mc Guire <hofrat(a)osadl.org> PCI: faraday: Add missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> PCI: xilinx-nwl: Add missing of_node_put() Nicholas Mc Guire <hofrat(a)osadl.org> PCI: xilinx: Add missing of_node_put() Daniel Borkmann <daniel(a)iogearbox.net> bpf, s390: fix potential memleak when later bpf_jit_prog fails Bart Van Assche <bart.vanassche(a)wdc.com> drbd: Fix drbd_request_prepare() discard handling Jens Axboe <axboe(a)kernel.dk> blk-mq: don't queue more if we get a busy return Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix WINCONx reset value Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes Johannes Berg <johannes.berg(a)intel.com> nl80211: check nla_parse_nested() return values Bob Copeland <me(a)bobcopeland.com> nl80211: relax ht operation checks for mesh Denis Kenzior <denkenz(a)gmail.com> mac80211: disable BHs/preemption in ieee80211_tx_control_port() Jeff Moyer <jmoyer(a)redhat.com> dev-dax: check_vma: ratelimit dev_info-s BingJing Chang <bingjingc(a)synology.com> md/raid10: fix that replacement cannot complete recovery after reassemble Evan Quan <evan.quan(a)amd.com> drm/amd/powerplay: correct vega12 thermal support as true Ryan Hsu <ryanhsu(a)codeaurora.org> ath10k: update the phymode along with bandwidth change request Dan Carpenter <dan.carpenter(a)oracle.com> dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() Marek Szyprowski <m.szyprowski(a)samsung.com> dmaengine: pl330: report BURST residue granularity Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> ARM64: dts: meson-gxl: fix Mali GPU compatible string Jerome Brunet <jbrunet(a)baylibre.com> ARM64: dts: meson-axg: fix ethernet stability issue Will Deacon <will.deacon(a)arm.com> arm64: Avoid flush_icache_range() in alternatives patching code Katsuhiro Suzuki <suzuki.katsuhiro(a)socionext.com> arm64: dts: uniphier: fix widget name of headphone for LD11/LD20 boards Keerthy <j-keerthy(a)ti.com> ARM: dts: da850: Fix interrups property for gpio Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn: Do minor cleanups Andy Lutomirski <luto(a)kernel.org> selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs Chengguang Xu <cgxu519(a)gmx.com> nfp: cast sizeof() to int when comparing with error code Sowmini Varadhan <sowmini.varadhan(a)oracle.com> rds: clean up loopback rds_connections on netns deletion Eli Cohen <eli(a)mellanox.com> net/mlx5: E-Switch, Disallow vlan/spoofcheck setup if not being esw manager Yan, Zheng <zyan(a)redhat.com> ceph: fix dentry leak in splice_dentry() Jann Horn <jannh(a)google.com> netfilter: nf_log: fix uninit read in nf_log_proc_dostring Adam Ford <aford173(a)gmail.com> ARM: davinci: board-da850-evm: fix WP pin polarity for MMC/SD Peter Chen <peter.chen(a)nxp.com> usb: chipidea: host: fix disconnection detect issue Dan Carpenter <dan.carpenter(a)oracle.com> clk: davinci: cfgchip: testing the wrong variable Ravi Bangoria <ravi.bangoria(a)linux.ibm.com> perf tools: Fix crash caused by accessing feat_ops[HEADER_LAST_FEATURE] Ravi Bangoria <ravi.bangoria(a)linux.ibm.com> perf script: Fix crash because of missing evsel->priv Jiri Olsa <jolsa(a)kernel.org> perf bench: Fix numa report output code Yonghong Song <yhs(a)fb.com> perf tools: Fix a clang 7.0 compilation error Jiri Olsa <jolsa(a)kernel.org> perf tests: Add event parsing error handling to parse events test Sandipan Das <sandipan(a)linux.ibm.com> perf report powerpc: Fix crash if callchain is empty Thomas Richter <tmricht(a)linux.ibm.com> perf test session topology: Fix test on s390 Thomas Richter <tmricht(a)linux.ibm.com> perf record: Support s390 random socket_id assignment Dirk Gouders <dirk(a)gouders.net> kconfig: fix line numbers for if-entries in menu tree Dan Carpenter <dan.carpenter(a)oracle.com> typec: tcpm: Fix a msecs vs jiffies bug Hans de Goede <hdegoede(a)redhat.com> NFC: pn533: Fix wrong GFP flag usage Ajay Gupta <ajaykuee(a)gmail.com> usb: xhci: increase CRS timeout value Dongjiu Geng <gengdongjiu(a)huawei.com> usb: xhci: remove the code build warning Jakub Kicinski <jakub.kicinski(a)netronome.com> nfp: bpf: don't stop offload if replace failed Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl Daniel Mack <daniel(a)zonque.org> ARM: dts: am437x: make edt-ft5x06 a wakeup source Haiyue Wang <haiyue.wang(a)linux.intel.com> ipmi: kcs_bmc: fix IRQ exception if the channel is not open Michael Trimarchi <michael(a)amarulasolutions.com> brcmfmac: stop watchdog before detach and free everything Tomasz Duszynski <tduszyns(a)gmail.com> iio: pressure: bmp280: fix relative humidity unit Ganesh Goudar <ganeshgr(a)chelsio.com> cxgb4: when disabling dcb set txq dcb priority to 0 Linus Lüssing <linus.luessing(a)c0d3.blue> batman-adv: Fix multicast TT issues with bogus ROAM flags Linus Lüssing <linus.luessing(a)c0d3.blue> batman-adv: Avoid storing non-TT-sync flags on singular entries too Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix debugfs path for renamed softif Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix debugfs path for renamed hardif Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix bat_v best gw refcnt after netlink dump Sven Eckelmann <sven(a)narfation.org> batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump Rob Herring <robh(a)kernel.org> arm64: dts: msm8916: fix Coresight ETF graph connections Casey Schaufler <casey(a)schaufler-ca.com> Smack: Mark inode instant in smack_task_to_inode Hangbin Liu <liuhangbin(a)gmail.com> ipv6: mcast: fix unsolicited report interval after receiving querys Zhenzhong Duan <zhenzhong.duan(a)oracle.com> x86/microcode/intel: Fix memleak in save_microcode_patch() Marc Zyngier <marc.zyngier(a)arm.com> irqchip/gic-v3-its: Fix reprogramming of redistributors on CPU hotplug Marc Zyngier <marc.zyngier(a)arm.com> irqchip/gic-v2m: Fix SPI release on error path Geert Uytterhoeven <geert(a)linux-m68k.org> mtd: dataflash: Use ULL suffix for 64-bit constants Jeffrin Jose T <ahiliation(a)gmail.com> selftests: bpf: notification about privilege required to run test_kmod.sh testing script Steven Rostedt (VMware) <rostedt(a)goodmis.org> locking/lockdep: Do not record IRQ state within lockdep code Masahiro Yamada <yamada.masahiro(a)socionext.com> clk: sunxi-ng: replace lib-y with obj-y Jianchao Wang <jianchao.w.wang(a)oracle.com> nvme-pci: move nvme_kill_queues to nvme_remove_dead_ctrl Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: fix display of packed pixel modes in MHL2 Ard Biesheuvel <ard.biesheuvel(a)linaro.org> KVM: arm/arm64: Drop resource size check for GICV window Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> sctp: fix erroneous inc of snmp SctpFragUsrMsgs Bartosz Golaszewski <bgolaszewski(a)baylibre.com> net: davinci_emac: match the mdio device against its compatible if possible Doron Roberts-Kedes <doronrk(a)fb.com> nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag. Anders Roxell <anders.roxell(a)linaro.org> selftests: net: add config fragments Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP Dan Carpenter <dan.carpenter(a)oracle.com> block: sed-opal: Fix a couple off by one bugs Dan Carpenter <dan.carpenter(a)oracle.com> blk-mq-debugfs: Off by one in blk_mq_rq_state_name() Max Gurtuvoy <maxg(a)mellanox.com> nvmet: reset keep alive timer in controller enable Israel Rukshin <israelr(a)mellanox.com> nvme-rdma: Fix command completion race at error recovery Sagi Grimberg <sagi(a)grimberg.me> nvme-rdma: fix possible double free condition when failing to create a controller Dinh Nguyen <dinguyen(a)kernel.org> net: stmmac: socfpga: add additional ocp reset line for Stratix10 Li RongQing <lirongqing(a)baidu.com> net: propagate dev_get_valid_name return code Stefan Agner <stefan(a)agner.ch> net: hamradio: use eth_broadcast_addr Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: initialize enic->rfs_h.lock in enic_probe Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Do not advertise DCBX_LLD_MANAGED capability. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Add sanity check for SIMD fastpath handler. Sudarsana Reddy Kalluru <sudarsana.kalluru(a)cavium.com> qed: Fix possible memory leak in Rx error path handling. Zhizhou Zhang <zhizhouzhang(a)asrmicro.com> arm64: make secondary_start_kernel() notrace Marek Szyprowski <m.szyprowski(a)samsung.com> arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag Zhouyang Jia <jiazhouyang09(a)gmail.com> xen/scsiback: add error handling for xenbus_printf Zhouyang Jia <jiazhouyang09(a)gmail.com> scsi: xen-scsifront: add error handling for xenbus_printf Trond Myklebust <trond.myklebust(a)hammerspace.com> pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception Zhouyang Jia <jiazhouyang09(a)gmail.com> xen: add error handling for xenbus_printf Nicholas Piggin <npiggin(a)gmail.com> powerpc: smp_send_stop do not offline stopped CPUs Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation Grigor Tovmasyan <Grigor.Tovmasyan(a)synopsys.com> usb: gadget: dwc2: fix memory leak in gadget_init() Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: gadget: composite: fix delayed_status race condition when set_interface William Wu <william.wu(a)rock-chips.com> usb: dwc2: fix isoc split in transfer with no data William Wu <william.wu(a)rock-chips.com> usb: dwc2: alloc dma aligned buffer for isoc split in Artur Petrosyan <Arthur.Petrosyan(a)synopsys.com> usb: dwc2: Fix host exit from hibernation flow. Janusz Krzysztofik <jmkrzyszt(a)gmail.com> dmaengine: ti: omap-dma: Fix OMAP1510 incorrect residue_granularity John Garry <john.garry(a)huawei.com> libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() Vijay Immanuel <vijayi(a)attalasystems.com> IB/rxe: Fix missing completion for mem_reg work requests Ayan Kumar Halder <ayan.halder(a)arm.com> drm/mali-dp: Rectify the width and height passed to rotmem_required() Ayan Kumar Halder <ayan.halder(a)arm.com> drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format Alison Wang <alison.wang(a)nxp.com> drm: mali-dp: Enable Global SE interrupts mask for DP500 Ayan Kumar Halder <ayan.halder(a)arm.com> drm/arm/malidp: Ensure that the crtcs are shutdown before removing any encoder/connector Hoan Tran <hoan.tran(a)amperecomputing.com> drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error Ray Jui <ray.jui(a)broadcom.com> arm64: dts: Stingray: Fix I2C controller interrupt type Ray Jui <ray.jui(a)broadcom.com> arm64: dts: ns2: Fix PCIe controller interrupt type Ray Jui <ray.jui(a)broadcom.com> arm64: dts: ns2: Fix I2C controller interrupt type Scott Branden <scott.branden(a)broadcom.com> arm64: dts: specify 1.8V EMMC capabilities for bcm958742t Scott Branden <scott.branden(a)broadcom.com> arm64: dts: specify 1.8V EMMC capabilities for bcm958742k Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix PCIe controller interrupt type Ray Jui <ray.jui(a)broadcom.com> ARM: dts: Cygnus: Fix I2C controller interrupt type Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: BCM5301x: Fix i2c controller interrupt type Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: HR2: Fix interrupt types for i2c and PCIe Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: NSP: Fix PCIe controllers interrupt types Florian Fainelli <f.fainelli(a)gmail.com> ARM: dts: NSP: Fix i2c controller interrupt type Fathi Boudra <fathi.boudra(a)linaro.org> selftests: sync: add config fragment for testing sync framework Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: vm: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: zram: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: user: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: sysctl: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: static_keys: return Kselftest Skip code for skipped tests Shuah Khan (Samsung OSG) <shuah(a)kernel.org> selftests: pstore: return Kselftest Skip code for skipped tests Gao Feng <gfree.wind(a)vip.163.com> netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister Eric Dumazet <edumazet(a)google.com> netfilter: ipv6: nf_defrag: reduce struct net memory waste Mika Westerberg <mika.westerberg(a)linux.intel.com> ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th Johan Hovold <johan(a)kernel.org> usb: dwc3: of-simple: fix use-after-free on remove Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() Vincent Pelletier <plr.vincent(a)gmail.com> usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for Intel IceLake Anson Huang <Anson.Huang(a)nxp.com> soc: imx: gpcv2: correct PGC offset Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775) Fix loop limit Helge Eichelberg <kernelorg(a)elchenberg.name> hwmon: (dell-smm) Disable fan support for Dell XPS13 9333 Steve French <stfrench(a)microsoft.com> smb3: increase initial number of credits requested to allow write Jakub Kicinski <jakub.kicinski(a)netronome.com> selftests/bpf: test offloads even with BPF programs present Alexey Brodkin <abrodkin(a)synopsys.com> ARC: Explicitly add -mmedium-calls to CFLAGS Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: fix potential buffer overflow Maciej Purski <m.purski(a)samsung.com> drm/bridge/sii8620: fix display modes validation Andrzej Hajda <a.hajda(a)samsung.com> drm/bridge/sii8620: fix loops in EDID fetch logic Julia Lawall <Julia.Lawall(a)lip6.fr> clocksource/drivers/stm32: Fix error return code Christophe Jaillet <christophe.jaillet(a)wanadoo.fr> IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' Lucas Stach <l.stach(a)pengutronix.de> Input: synaptics-rmi4 - fix axis-swap behavior Kalderon, Michal <Michal.Kalderon(a)cavium.com> RDMA/qedr: Fix NULL pointer dereference when running over iWARP without RDMA-CM Zhu Yanjun <yanjun.zhu(a)oracle.com> IB/rxe: avoid double kfree skb Nicolas Boichat <drinkcat(a)chromium.org> HID: google: Add support for whiskers Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix error index for pmu event parser Dong Jia Shi <bjsdjshi(a)linux.vnet.ibm.com> vfio: ccw: fix error return in vfio_ccw_sch_event Viresh Kumar <viresh.kumar(a)linaro.org> arm: dts: armada: Fix "#cooling-cells" property's name ------------- Diffstat: Makefile | 10 +- arch/arc/Makefile | 15 +-- arch/arc/include/asm/mach_desc.h | 2 - arch/arc/kernel/irq.c | 2 +- arch/arc/kernel/process.c | 47 ++++++-- arch/arc/plat-hsdk/platform.c | 62 +++++++++++ arch/arm/boot/dts/am3517.dtsi | 5 + arch/arm/boot/dts/am437x-sk-evm.dts | 2 + arch/arm/boot/dts/armada-385-synology-ds116.dts | 2 +- arch/arm/boot/dts/bcm-cygnus.dtsi | 24 ++-- arch/arm/boot/dts/bcm-hr2.dtsi | 24 ++-- arch/arm/boot/dts/bcm-nsp.dtsi | 32 +++--- arch/arm/boot/dts/bcm5301x.dtsi | 2 +- arch/arm/boot/dts/da850.dtsi | 6 +- arch/arm/boot/dts/imx6qdl-zii-rdu2.dtsi | 2 +- arch/arm/boot/dts/omap4-droid4-xt894.dts | 9 +- arch/arm/configs/imx_v4_v5_defconfig | 2 + arch/arm/configs/imx_v6_v7_defconfig | 2 + arch/arm/crypto/speck-neon-core.S | 6 +- arch/arm/mach-davinci/board-da850-evm.c | 2 +- arch/arm/mach-omap2/omap-smp.c | 41 +++++++ arch/arm/mach-pxa/irq.c | 4 +- arch/arm/mm/init.c | 9 ++ arch/arm64/boot/dts/amlogic/meson-axg-s400.dts | 15 ++- arch/arm64/boot/dts/amlogic/meson-gxl-mali.dtsi | 2 +- arch/arm64/boot/dts/broadcom/northstar2/ns2.dtsi | 8 +- .../boot/dts/broadcom/stingray/bcm958742k.dts | 4 + .../boot/dts/broadcom/stingray/bcm958742t.dts | 4 + .../arm64/boot/dts/broadcom/stingray/stingray.dtsi | 4 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 +- .../boot/dts/socionext/uniphier-ld11-global.dts | 2 +- .../boot/dts/socionext/uniphier-ld20-global.dts | 2 +- arch/arm64/include/asm/alternative.h | 7 +- arch/arm64/kernel/alternative.c | 51 +++++++-- arch/arm64/kernel/module.c | 5 +- arch/arm64/kernel/smp.c | 2 +- arch/arm64/mm/dma-mapping.c | 9 +- arch/ia64/kernel/perfmon.c | 6 +- arch/ia64/mm/init.c | 12 +- arch/m68k/include/asm/mcf_pgalloc.h | 4 +- arch/nds32/kernel/setup.c | 3 +- arch/openrisc/kernel/entry.S | 8 +- arch/openrisc/kernel/head.S | 9 +- arch/openrisc/kernel/traps.c | 2 +- arch/parisc/include/asm/spinlock.h | 8 +- arch/parisc/kernel/syscall.S | 24 ++-- arch/powerpc/kernel/smp.c | 6 - arch/riscv/kernel/irq.c | 4 - arch/riscv/kernel/module.c | 4 +- arch/riscv/kernel/ptrace.c | 2 +- arch/s390/net/bpf_jit_comp.c | 1 + arch/x86/include/asm/processor.h | 1 + arch/x86/include/asm/set_memory.h | 1 + arch/x86/kernel/cpu/microcode/intel.c | 5 +- arch/x86/kernel/kvmclock.c | 1 + arch/x86/kernel/smpboot.c | 5 + arch/x86/kvm/vmx.c | 9 +- arch/x86/mm/init.c | 37 ++++++- arch/x86/mm/init_64.c | 8 +- arch/x86/mm/pageattr.c | 13 +++ block/blk-mq-debugfs.c | 2 +- block/blk-mq.c | 12 ++ block/sed-opal.c | 4 +- drivers/acpi/ec.c | 20 ++++ drivers/acpi/nfit/core.c | 4 + drivers/ata/libahci.c | 7 +- drivers/block/drbd/drbd_req.c | 4 +- drivers/block/nbd.c | 40 +++++-- drivers/char/ipmi/kcs_bmc.c | 31 ++---- drivers/clk/Makefile | 2 +- drivers/clk/davinci/da8xx-cfgchip.c | 2 +- drivers/clk/sunxi-ng/Makefile | 39 +++---- drivers/clocksource/timer-stm32.c | 4 +- drivers/dax/device.c | 12 +- drivers/dma/k3dma.c | 2 +- drivers/dma/omap-dma.c | 6 +- drivers/dma/pl330.c | 2 +- drivers/edac/edac_mc.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 3 +- drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 +- .../drm/amd/display/dc/dce100/dce100_resource.c | 19 +++- drivers/gpu/drm/amd/powerplay/hwmgr/vega12_hwmgr.c | 1 + drivers/gpu/drm/arm/malidp_drv.c | 3 +- drivers/gpu/drm/arm/malidp_hw.c | 3 +- drivers/gpu/drm/arm/malidp_planes.c | 9 +- drivers/gpu/drm/armada/armada_crtc.c | 12 +- drivers/gpu/drm/armada/armada_hw.h | 1 + drivers/gpu/drm/armada/armada_overlay.c | 30 +++-- drivers/gpu/drm/bridge/sil-sii8620.c | 121 +++++++++++---------- drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 6 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 29 +++-- drivers/gpu/drm/exynos/regs-gsc.h | 1 + drivers/gpu/drm/i915/gvt/kvmgt.c | 9 +- drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +- drivers/gpu/drm/sun4i/Makefile | 5 +- drivers/gpu/drm/tegra/drm.c | 2 +- drivers/gpu/host1x/dev.c | 3 + drivers/gpu/host1x/job.c | 3 +- drivers/hid/hid-google-hammer.c | 2 + drivers/hid/hid-ids.h | 1 + drivers/hid/wacom_wac.c | 10 +- drivers/hwmon/dell-smm-hwmon.c | 7 ++ drivers/hwmon/nct6775.c | 2 +- drivers/i2c/busses/i2c-imx.c | 8 +- drivers/i2c/i2c-core-acpi.c | 11 +- drivers/iio/pressure/bmp280-core.c | 5 +- drivers/infiniband/hw/mlx4/mr.c | 7 +- drivers/infiniband/hw/mlx5/srq.c | 18 ++- drivers/infiniband/hw/qedr/verbs.c | 3 + drivers/infiniband/sw/rxe/rxe_req.c | 5 +- drivers/input/rmi4/rmi_2d_sensor.c | 34 +++--- drivers/irqchip/irq-gic-v2m.c | 2 +- drivers/irqchip/irq-gic-v3-its.c | 10 ++ drivers/md/raid10.c | 7 ++ drivers/mtd/devices/mtd_dataflash.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 1 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 6 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 6 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 15 ++- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 - drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 30 ++++- drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 2 - drivers/net/ethernet/cadence/macb_main.c | 11 +- drivers/net/ethernet/cavium/Kconfig | 12 +- drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 14 ++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 35 +++--- drivers/net/ethernet/cisco/enic/enic_clsf.c | 3 +- drivers/net/ethernet/cisco/enic/enic_main.c | 3 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 15 +-- drivers/net/ethernet/freescale/fman/fman_port.c | 8 ++ drivers/net/ethernet/ibm/ibmvnic.c | 43 +++++--- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 12 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 - drivers/net/ethernet/netronome/nfp/bpf/main.c | 6 +- .../net/ethernet/netronome/nfp/nfpcore/nfp_nffw.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_debug.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_ll2.c | 11 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 12 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 2 + drivers/net/ethernet/qualcomm/qca_spi.c | 21 ++-- drivers/net/ethernet/realtek/r8169.c | 1 + drivers/net/ethernet/renesas/ravb_main.c | 56 +++------- drivers/net/ethernet/renesas/sh_eth.c | 59 +++------- drivers/net/ethernet/sfc/ef10.c | 30 +++-- drivers/net/ethernet/sfc/efx.c | 17 ++- drivers/net/ethernet/stmicro/stmmac/Kconfig | 2 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 ++- drivers/net/ethernet/ti/davinci_emac.c | 4 + drivers/net/hamradio/bpqether.c | 8 +- drivers/net/hyperv/rndis_filter.c | 1 + drivers/net/ieee802154/adf7242.c | 34 +++++- drivers/net/ieee802154/at86rf230.c | 15 +-- drivers/net/ieee802154/fakelb.c | 2 +- drivers/net/ieee802154/mcr20a.c | 3 +- drivers/net/ipvlan/ipvlan_main.c | 36 ++++-- drivers/net/phy/marvell.c | 54 ++++++--- drivers/net/phy/sfp-bus.c | 35 ++++-- drivers/net/usb/rtl8150.c | 2 +- drivers/net/usb/smsc75xx.c | 62 +++++++++++ drivers/net/wireless/ath/ath10k/mac.c | 16 ++- drivers/net/wireless/ath/ath10k/wmi.h | 1 + .../wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 ++ drivers/nfc/pn533/usb.c | 4 +- drivers/nvme/host/core.c | 52 ++++----- drivers/nvme/host/pci.c | 2 +- drivers/nvme/host/rdma.c | 28 +++-- drivers/nvme/target/core.c | 8 ++ drivers/nvmem/core.c | 4 + drivers/of/base.c | 6 +- drivers/of/of_private.h | 2 + drivers/of/overlay.c | 11 ++ drivers/pci/dwc/pcie-designware-host.c | 3 +- drivers/pci/host/pci-aardvark.c | 2 +- drivers/pci/host/pci-ftpci100.c | 4 +- drivers/pci/host/pci-v3-semi.c | 2 +- drivers/pci/host/pci-versatile.c | 2 +- drivers/pci/host/pci-xgene.c | 2 +- drivers/pci/host/pcie-mediatek.c | 2 +- drivers/pci/host/pcie-xilinx-nwl.c | 2 +- drivers/pci/host/pcie-xilinx.c | 1 + drivers/pci/hotplug/pci_hotplug_core.c | 9 ++ drivers/pci/hotplug/pciehp.h | 1 + drivers/pci/hotplug/pciehp_core.c | 7 ++ drivers/pci/hotplug/pciehp_hpc.c | 18 +-- drivers/pci/of.c | 2 +- drivers/pci/pci-acpi.c | 6 +- drivers/pci/pci.c | 66 +++++++++++ drivers/pci/probe.c | 4 + drivers/perf/xgene_pmu.c | 2 +- drivers/pinctrl/bcm/pinctrl-nsp-mux.c | 6 +- drivers/pinctrl/pinctrl-ingenic.c | 2 +- drivers/platform/x86/dell-laptop.c | 2 +- drivers/rtc/interface.c | 8 +- drivers/s390/cio/vfio_ccw_drv.c | 5 +- drivers/s390/net/qeth_core.h | 2 +- drivers/s390/net/qeth_core_main.c | 23 ++-- drivers/s390/net/qeth_l2_main.c | 5 +- drivers/s390/net/qeth_l3_main.c | 3 +- drivers/scsi/hpsa.c | 25 ++++- drivers/scsi/hpsa.h | 1 + drivers/scsi/qedf/qedf_main.c | 12 ++ drivers/scsi/qedi/qedi_main.c | 11 ++ drivers/scsi/xen-scsifront.c | 33 ++++-- drivers/soc/imx/gpc.c | 21 ++++ drivers/soc/imx/gpcv2.c | 13 ++- drivers/tty/pty.c | 2 +- drivers/usb/chipidea/host.c | 5 +- drivers/usb/dwc2/core.h | 3 + drivers/usb/dwc2/gadget.c | 15 ++- drivers/usb/dwc2/hcd.c | 93 +++++++++++++++- drivers/usb/dwc2/hcd.h | 8 ++ drivers/usb/dwc2/hcd_intr.c | 11 +- drivers/usb/dwc2/hcd_queue.c | 3 + drivers/usb/dwc3/dwc3-of-simple.c | 3 +- drivers/usb/dwc3/dwc3-pci.c | 2 + drivers/usb/gadget/composite.c | 3 + drivers/usb/gadget/function/f_fs.c | 26 +++-- drivers/usb/host/xhci-dbgcap.c | 12 +- drivers/usb/host/xhci-tegra.c | 2 +- drivers/usb/host/xhci.c | 7 +- drivers/usb/typec/tcpm.c | 3 +- drivers/xen/manage.c | 18 ++- drivers/xen/xen-scsiback.c | 16 ++- fs/btrfs/scrub.c | 17 +-- fs/ceph/inode.c | 1 + fs/cifs/smb2pdu.c | 5 +- fs/exec.c | 6 +- fs/ext4/mballoc.c | 4 +- fs/nfs/nfs4proc.c | 17 +-- fs/reiserfs/xattr.c | 4 +- include/linux/fsl/guts.h | 1 + include/linux/kthread.h | 1 - include/linux/marvell_phy.h | 2 + include/linux/mm.h | 4 +- include/linux/pci.h | 2 + include/linux/sched.h | 2 +- include/net/ipv6.h | 9 +- include/net/net_namespace.h | 1 + include/net/netns/ipv6.h | 1 - include/net/tc_act/tc_csum.h | 1 - include/net/tc_act/tc_tunnel_key.h | 1 - include/net/tcp.h | 2 - include/uapi/linux/nbd.h | 3 + kernel/bpf/hashtab.c | 16 ++- kernel/fork.c | 35 +++++- kernel/kthread.c | 30 ++++- kernel/locking/lockdep.c | 12 +- kernel/sched/core.c | 67 ++++++------ kernel/sched/deadline.c | 11 +- kernel/sched/fair.c | 30 ++--- kernel/sched/sched.h | 6 +- kernel/trace/trace.c | 5 + mm/kasan/kasan.c | 5 +- mm/mmap.c | 35 ++---- mm/nommu.c | 10 +- mm/page_alloc.c | 16 ++- net/9p/client.c | 3 +- net/batman-adv/bat_iv_ogm.c | 4 +- net/batman-adv/bat_v.c | 4 +- net/batman-adv/debugfs.c | 40 +++++++ net/batman-adv/debugfs.h | 11 ++ net/batman-adv/hard-interface.c | 37 ++++++- net/batman-adv/translation-table.c | 7 +- net/core/dev.c | 4 +- net/core/filter.c | 3 +- net/ieee802154/6lowpan/core.c | 6 + net/ipv4/inet_fragment.c | 2 +- net/ipv4/netfilter/ip_tables.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_dctcp.c | 25 ----- net/ipv4/tcp_output.c | 4 - net/ipv6/calipso.c | 9 +- net/ipv6/exthdrs.c | 111 +++++-------------- net/ipv6/ipv6_sockglue.c | 27 +++-- net/ipv6/mcast.c | 9 +- net/ipv6/netfilter/ip6_tables.c | 1 + net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +- net/mac80211/tx.c | 2 + net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nf_conntrack_helper.c | 5 + net/netfilter/nf_conntrack_proto_dccp.c | 8 +- net/netfilter/nf_log.c | 4 + net/netfilter/nft_compat.c | 13 +++ net/packet/af_packet.c | 12 +- net/qrtr/qrtr.c | 13 ++- net/rds/connection.c | 11 +- net/rds/loop.c | 56 ++++++++++ net/rds/loop.h | 2 + net/sched/act_csum.c | 6 +- net/sched/act_tunnel_key.c | 6 +- net/sctp/chunk.c | 4 +- net/smc/af_smc.c | 3 +- net/smc/smc_clc.c | 3 +- net/tipc/discover.c | 18 +-- net/tipc/net.c | 17 ++- net/tipc/node.c | 7 +- net/tls/tls_sw.c | 5 + net/wireless/nl80211.c | 35 +++--- net/xfrm/xfrm_user.c | 8 +- samples/bpf/parse_varlen.c | 6 +- samples/bpf/test_overhead_user.c | 19 +++- samples/bpf/trace_event_user.c | 27 ++++- samples/bpf/xdp2skb_meta.sh | 6 +- scripts/kconfig/zconf.y | 4 +- security/smack/smack_lsm.c | 1 + sound/core/seq/seq_clientmgr.c | 3 +- tools/build/Build.include | 2 +- tools/build/Makefile | 2 +- tools/objtool/elf.c | 41 ++++--- tools/perf/Makefile.config | 3 +- tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- tools/perf/arch/x86/util/perf_regs.c | 2 +- tools/perf/bench/numa.c | 5 +- tools/perf/builtin-annotate.c | 11 +- tools/perf/builtin-report.c | 3 +- tools/perf/builtin-script.c | 25 ++++- tools/perf/jvmti/jvmti_agent.c | 3 +- tools/perf/pmu-events/Build | 2 +- tools/perf/tests/builtin-test.c | 2 +- tools/perf/tests/parse-events.c | 8 +- tools/perf/tests/topology.c | 1 + tools/perf/util/c++/clang.cpp | 11 +- tools/perf/util/header.c | 12 +- tools/perf/util/llvm-utils.c | 6 +- tools/perf/util/parse-events.y | 5 + .../util/scripting-engines/trace-event-python.c | 8 +- tools/testing/nvdimm/test/nfit.c | 3 +- tools/testing/selftests/bpf/test_kmod.sh | 9 ++ tools/testing/selftests/bpf/test_offload.py | 12 +- tools/testing/selftests/net/config | 2 + .../selftests/pstore/pstore_post_reboot_tests | 5 +- .../selftests/static_keys/test_static_keys.sh | 13 +++ tools/testing/selftests/sync/config | 4 + tools/testing/selftests/sysctl/sysctl.sh | 20 ++-- tools/testing/selftests/user/test_user_copy.sh | 7 ++ tools/testing/selftests/vm/compaction_test.c | 4 +- tools/testing/selftests/vm/mlock2-tests.c | 12 +- tools/testing/selftests/vm/run_vmtests | 5 +- tools/testing/selftests/vm/userfaultfd.c | 4 +- tools/testing/selftests/x86/sigreturn.c | 59 ++++++---- tools/testing/selftests/zram/zram.sh | 5 +- tools/testing/selftests/zram/zram_lib.sh | 5 +- virt/kvm/arm/vgic/vgic-v3.c | 5 - 347 files changed, 2652 insertions(+), 1285 deletions(-)

6 years, 10 months

4
307
0 0

[PATCH] scsi: hpsa: limit transfer length to 1MB, not 512kB

by Martin Wilck

e2c7b43 was supposed to limit transfer length to 1MB, but got the unit of max_sectors wrong. Fixes: e2c7b433f729 ("scsi: hpsa: limit transfer length to 1MB") Signed-off-by: Martin Wilck <mwilck(a)suse.com> --- drivers/scsi/hpsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c index 58bb70b..c120929 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -976,7 +976,7 @@ static struct scsi_host_template hpsa_driver_template = { #endif .sdev_attrs = hpsa_sdev_attrs, .shost_attrs = hpsa_shost_attrs, - .max_sectors = 1024, + .max_sectors = 2048, .no_write_same = 1, }; -- 2.18.0

6 years, 10 months

3
2
0 0

[PATCH] lpfc: Correct MDS diag and nvmet configuration

by James Smart

A recent change added some MDS processing in the lpfc_drain_txq routine that relies on the fcp_wq being allocated. For nvmet operation the fcp_wq is not allocated because it can only be an nvme-target. When the original MDS support was added LS_MDS_LOOPBACK was defined wrong, (0x16) it should have been 0x10 (decimal value used for hex setting). This incorrect value allowed MDS_LOOPBACK to be set simultaneously with LS_NPIV_FAB_SUPPORTED, causing the driver to crash when it accesses the non-existent fcp_wq. Correct the bad value setting for LS_MDS_LOOPBACK. Fixes: ae9e28f36a6c ("lpfc: Add MDS Diagnostic support.") Cc: <stable(a)vger.kernel.org> # 4.12 Signed-off-by: Dick Kennedy <dick.kennedy(a)broadcom.com> Signed-off-by: James Smart <james.smart(a)broadcom.com> --- drivers/scsi/lpfc/lpfc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h index e0d0da5f43d6..43732e8d1347 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h @@ -672,7 +672,7 @@ struct lpfc_hba { #define LS_NPIV_FAB_SUPPORTED 0x2 /* Fabric supports NPIV */ #define LS_IGNORE_ERATT 0x4 /* intr handler should ignore ERATT */ #define LS_MDS_LINK_DOWN 0x8 /* MDS Diagnostics Link Down */ -#define LS_MDS_LOOPBACK 0x16 /* MDS Diagnostics Link Up (Loopback) */ +#define LS_MDS_LOOPBACK 0x10 /* MDS Diagnostics Link Up (Loopback) */ uint32_t hba_flag; /* hba generic flags */ #define HBA_ERATT_HANDLED 0x1 /* This flag is set when eratt handled */ -- 2.13.1

6 years, 10 months

3
2
0 0

+ mm-respect-arch_dup_mmap-return-value.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: respect arch_dup_mmap() return value has been added to the -mm tree. Its filename is mm-respect-arch_dup_mmap-return-value.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-respect-arch_dup_mmap-return-va… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-respect-arch_dup_mmap-return-va… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Nadav Amit <namit(a)vmware.com> Subject: mm: respect arch_dup_mmap() return value d70f2a14b72a4 ("include/linux/sched/mm.h: uninline mmdrop_async(), etc") ignored the return value of arch_dup_mmap(). As a result, on x86, a failure to duplicate the LDT (e.g., due to memory allocation error), would leave the duplicated memory mapping in an inconsistent state. Fix by regarding the return value, as it was before the change. Link: http://lkml.kernel.org/r/20180823051229.211856-1-namit@vmware.com Fixes: d70f2a14b72a4 ("include/linux/sched/mm.h: uninline mmdrop_async(), etc") Signed-off-by: Nadav Amit <namit(a)vmware.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/fork.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/kernel/fork.c~mm-respect-arch_dup_mmap-return-value +++ a/kernel/fork.c @@ -550,8 +550,7 @@ static __latent_entropy int dup_mmap(str goto out; } /* a new mm has just been created */ - arch_dup_mmap(oldmm, mm); - retval = 0; + retval = arch_dup_mmap(oldmm, mm); out: up_write(&mm->mmap_sem); flush_tlb_mm(oldmm); _ Patches currently in -mm which might be from namit(a)vmware.com are mm-respect-arch_dup_mmap-return-value.patch

6 years, 10 months

1
0
0 0

+ mm-migration-fix-migration-of-huge-pmd-shared-pages.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: migration: fix migration of huge PMD shared pages has been added to the -mm tree. Its filename is mm-migration-fix-migration-of-huge-pmd-shared-pages.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-migration-fix-migration-of-huge… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-migration-fix-migration-of-huge… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Mike Kravetz <mike.kravetz(a)oracle.com> Subject: mm: migration: fix migration of huge PMD shared pages The page migration code employs try_to_unmap() to try and unmap the source page. This is accomplished by using rmap_walk to find all vmas where the page is mapped. This search stops when page mapcount is zero. For shared PMD huge pages, the page map count is always 1 no matter the number of mappings. Shared mappings are tracked via the reference count of the PMD page. Therefore, try_to_unmap stops prematurely and does not completely unmap all mappings of the source page. This problem can result is data corruption as writes to the original source page can happen after contents of the page are copied to the target page. Hence, data is lost. This problem was originally seen as DB corruption of shared global areas after a huge page was soft offlined due to ECC memory errors. DB developers noticed they could reproduce the issue by (hotplug) offlining memory used to back huge pages. A simple testcase can reproduce the problem by creating a shared PMD mapping (note that this must be at least PUD_SIZE in size and PUD_SIZE aligned (1GB on x86)), and using migrate_pages() to migrate process pages between nodes while continually writing to the huge pages being migrated. To fix, have the try_to_unmap_one routine check for huge PMD sharing by calling huge_pmd_unshare for hugetlbfs huge pages. If it is a shared mapping it will be 'unshared' which removes the page table entry and drops the reference on the PMD page. After this, flush caches and TLB. mmu notifiers are called before locking page tables, but we can not be sure of PMD sharing until page tables are locked. Therefore, check for the possibility of PMD sharing before locking so that notifiers can prepare for the worst possible case. Link: http://lkml.kernel.org/r/20180823205917.16297-2-mike.kravetz@oracle.com Fixes: 39dde65c9940 ("shared page table for hugetlb page") Signed-off-by: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: "Kirill A . Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 14 ++++++++++++ mm/hugetlb.c | 40 ++++++++++++++++++++++++++++++++++-- mm/rmap.c | 42 +++++++++++++++++++++++++++++++++++--- 3 files changed, 91 insertions(+), 5 deletions(-) --- a/include/linux/hugetlb.h~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/include/linux/hugetlb.h @@ -140,6 +140,8 @@ pte_t *huge_pte_alloc(struct mm_struct * pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, unsigned long sz); int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, pte_t *ptep); +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end); struct page *follow_huge_addr(struct mm_struct *mm, unsigned long address, int write); struct page *follow_huge_pd(struct vm_area_struct *vma, @@ -170,6 +172,18 @@ static inline unsigned long hugetlb_tota return 0; } +static inline int huge_pmd_unshare(struct mm_struct *mm, unsigned long *addr, + pte_t *ptep) +{ + return 0; +} + +static inline void adjust_range_if_pmd_sharing_possible( + struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} + #define follow_hugetlb_page(m,v,p,vs,a,b,i,w,n) ({ BUG(); 0; }) #define follow_huge_addr(mm, addr, write) ERR_PTR(-EINVAL) #define copy_hugetlb_page_range(src, dst, vma) ({ BUG(); 0; }) --- a/mm/hugetlb.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/hugetlb.c @@ -4541,6 +4541,9 @@ static unsigned long page_table_shareabl return saddr; } +#define _range_in_vma(vma, start, end) \ + ((vma)->vm_start <= (start) && (end) <= (vma)->vm_end) + static bool vma_shareable(struct vm_area_struct *vma, unsigned long addr) { unsigned long base = addr & PUD_MASK; @@ -4549,13 +4552,41 @@ static bool vma_shareable(struct vm_area /* * check on proper vm_flags and page table alignment */ - if (vma->vm_flags & VM_MAYSHARE && - vma->vm_start <= base && end <= vma->vm_end) + if (vma->vm_flags & VM_MAYSHARE && _range_in_vma(vma, base, end)) return true; return false; } /* + * Determine if start,end range within vma could be mapped by shared pmd. + * If yes, adjust start and end to cover range associated with possible + * shared pmd mappings. + */ +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ + unsigned long check_addr = *start; + + if (!(vma->vm_flags & VM_MAYSHARE)) + return; + + for (check_addr = *start; check_addr < *end; check_addr += PUD_SIZE) { + unsigned long a_start = check_addr & PUD_MASK; + unsigned long a_end = a_start + PUD_SIZE; + + /* + * If sharing is possible, adjust start/end if necessary. + */ + if (_range_in_vma(vma, a_start, a_end)) { + if (a_start < *start) + *start = a_start; + if (a_end > *end) + *end = a_end; + } + } +} + +/* * Search for a shareable pmd page for hugetlb. In any case calls pmd_alloc() * and returns the corresponding pte. While this is not necessary for the * !shared pmd case because we can allocate the pmd later as well, it makes the @@ -4652,6 +4683,11 @@ int huge_pmd_unshare(struct mm_struct *m { return 0; } + +void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, + unsigned long *start, unsigned long *end) +{ +} #define want_pmd_share() (0) #endif /* CONFIG_ARCH_WANT_HUGE_PMD_SHARE */ --- a/mm/rmap.c~mm-migration-fix-migration-of-huge-pmd-shared-pages +++ a/mm/rmap.c @@ -1362,11 +1362,21 @@ static bool try_to_unmap_one(struct page } /* - * We have to assume the worse case ie pmd for invalidation. Note that - * the page can not be free in this function as call of try_to_unmap() - * must hold a reference on the page. + * For THP, we have to assume the worse case ie pmd for invalidation. + * For hugetlb, it could be much worse if we need to do pud + * invalidation in the case of pmd sharing. + * + * Note that the page can not be free in this function as call of + * try_to_unmap() must hold a reference on the page. */ end = min(vma->vm_end, start + (PAGE_SIZE << compound_order(page))); + if (PageHuge(page)) { + /* + * If sharing is possible, start and end will be adjusted + * accordingly. + */ + adjust_range_if_pmd_sharing_possible(vma, &start, &end); + } mmu_notifier_invalidate_range_start(vma->vm_mm, start, end); while (page_vma_mapped_walk(&pvmw)) { @@ -1409,6 +1419,32 @@ static bool try_to_unmap_one(struct page subpage = page - page_to_pfn(page) + pte_pfn(*pvmw.pte); address = pvmw.address; + if (PageHuge(page)) { + if (huge_pmd_unshare(mm, &address, pvmw.pte)) { + /* + * huge_pmd_unshare unmapped an entire PMD + * page. There is no way of knowing exactly + * which PMDs may be cached for this mm, so + * we must flush them all. start/end were + * already adjusted above to cover this range. + */ + flush_cache_range(vma, start, end); + flush_tlb_range(vma, start, end); + mmu_notifier_invalidate_range(mm, start, end); + + /* + * The ref count of the PMD page was dropped + * which is part of the way map counting + * is done for shared PMDs. Return 'true' + * here. When there is no other sharing, + * huge_pmd_unshare returns false and we will + * unmap the actual page and drop map count + * to zero. + */ + page_vma_mapped_walk_done(&pvmw); + break; + } + } if (IS_ENABLED(CONFIG_MIGRATION) && (flags & TTU_MIGRATION) && _ Patches currently in -mm which might be from mike.kravetz(a)oracle.com are mm-migration-fix-migration-of-huge-pmd-shared-pages.patch hugetlb-take-pmd-sharing-into-account-when-flushing-tlb-caches.patch

6 years, 10 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror