- Linux-stable-mirror - lists.linaro.org

by Richard & Angela Maxwell

My wife and I won the Euro Millions Lottery of £53 Million British Pounds and we have voluntarily decided to donate 1,000,000EUR(One Million Euros) to 5 individuals randomly as part of our own charity project. To verify our lottery winnings,please see our interview by visiting the web page below: telegraph.co.uk/news/newstopics/howaboutthat/11511467/Lincolnshire-couple-win-53m-on-EuroMillions.html Your email address was among the emails which were submitted to us by the Google Inc. as a web user; if you have received our email,kindly send us the below details so that we can transfer your 1,000,000.00 EUR(One Million Euros) to you in your own country. Full Names: Mobile No: Age: Occupation: Country: Send your response to: rmaxwell81(a)yahoo.com Best Regards, Richard & Angela Maxwell

6 years, 11 months

1
0
0 0

[PATCH 1/2] clk: mvebu: armada-37xx-periph: Fix switching CPU rate from 300Mhz to 1.2GHz

by Gregory CLEMENT

Switching the CPU from the L2 or L3 frequencies (300 and 200 Mhz respectively) to L0 frequency (1.2 Ghz) requires a significant amount of time to let VDD stabilize to the appropriate voltage. This amount of time is large enough that it cannot be covered by the hardware countdown register. Due to this, the CPU might start operating at L0 before the voltage is stabilized, leading to CPU stalls. To work around this problem, we prevent switching directly from the L2/L3 frequencies to the L0 frequency, and instead switch to the L1 frequency in-between. The sequence therefore becomes: 1. First switch from L2/L3(200/300MHz) to L1(600MHZ) 2. Sleep 20ms for stabling VDD voltage 3. Then switch from L1(600MHZ) to L0(1200Mhz). It is based on the work done by Ken Ma <make(a)marvell.com> Cc: stable(a)vger.kernel.org Fixes: 2089dc33ea0e ("clk: mvebu: armada-37xx-periph: add DVFS support for cpu clocks") Signed-off-by: Gregory CLEMENT <gregory.clement(a)bootlin.com> --- drivers/clk/mvebu/armada-37xx-periph.c | 38 ++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/drivers/clk/mvebu/armada-37xx-periph.c b/drivers/clk/mvebu/armada-37xx-periph.c index 6860bd5a37c5..44e4e27eddad 100644 --- a/drivers/clk/mvebu/armada-37xx-periph.c +++ b/drivers/clk/mvebu/armada-37xx-periph.c @@ -35,6 +35,7 @@ #define CLK_SEL 0x10 #define CLK_DIS 0x14 +#define ARMADA_37XX_DVFS_LOAD_1 1 #define LOAD_LEVEL_NR 4 #define ARMADA_37XX_NB_L0L1 0x18 @@ -507,6 +508,40 @@ static long clk_pm_cpu_round_rate(struct clk_hw *hw, unsigned long rate, return -EINVAL; } +/* + * Switching the CPU from the L2 or L3 frequencies (300 and 200 Mhz + * respectively) to L0 frequency (1.2 Ghz) requires a significant + * amount of time to let VDD stabilize to the appropriate + * voltage. This amount of time is large enough that it cannot be + * covered by the hardware countdown register. Due to this, the CPU + * might start operating at L0 before the voltage is stabilized, + * leading to CPU stalls. + * + * To work around this problem, we prevent switching directly from the + * L2/L3 frequencies to the L0 frequency, and instead switch to the L1 + * frequency in-between. The sequence therefore becomes: + * 1. First switch from L2/L3(200/300MHz) to L1(600MHZ) + * 2. Sleep 20ms for stabling VDD voltage + * 3. Then switch from L1(600MHZ) to L0(1200Mhz). + */ +static void clk_pm_cpu_set_rate_wa(unsigned long rate, struct regmap *base) +{ + unsigned int cur_level; + + if (rate != 1200 * 1000 * 1000) + return; + + regmap_read(base, ARMADA_37XX_NB_CPU_LOAD, &cur_level); + cur_level &= ARMADA_37XX_NB_CPU_LOAD_MASK; + if (cur_level <= ARMADA_37XX_DVFS_LOAD_1) + return; + + regmap_update_bits(base, ARMADA_37XX_NB_CPU_LOAD, + ARMADA_37XX_NB_CPU_LOAD_MASK, + ARMADA_37XX_DVFS_LOAD_1); + msleep(20); +} + static int clk_pm_cpu_set_rate(struct clk_hw *hw, unsigned long rate, unsigned long parent_rate) { @@ -537,6 +572,9 @@ static int clk_pm_cpu_set_rate(struct clk_hw *hw, unsigned long rate, */ reg = ARMADA_37XX_NB_CPU_LOAD; mask = ARMADA_37XX_NB_CPU_LOAD_MASK; + + clk_pm_cpu_set_rate_wa(rate, base); + regmap_update_bits(base, reg, mask, load_level); return rate; -- 2.17.1

6 years, 11 months

2
4
0 0

[PATCH] ARM: tegra: Fix Tegra30 Cardhu PCA954x reset

by Jon Hunter

On all versions of Tegra30 Cardhu, the reset signal to the NXP PCA9546 I2C mux is connected to the Tegra GPIO BB0. Currently, this pin on the Tegra is not configured as a GPIO but as a special-function IO (SFIO) that is multiplexing the pin to an I2S controller. On exiting system suspend, I2C commands sent to the PCA9546 are failing because there is no ACK. Although it is not possible to see exactly what is happening to the reset during suspend, by ensuring it is configured as a GPIO and driven high, to de-assert the reset, the failures are no longer seen. Please note that this GPIO is also used to drive the reset signal going to the camera connector on the board. However, given that there is no camera support currently for Cardhu, this should not have any impact. Fixes: 40431d16ff11 ("ARM: tegra: enable PCA9546 on Cardhu") Cc: stable(a)vger.kernel.org Signed-off-by: Jon Hunter <jonathanh(a)nvidia.com> --- arch/arm/boot/dts/tegra30-cardhu.dtsi | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm/boot/dts/tegra30-cardhu.dtsi b/arch/arm/boot/dts/tegra30-cardhu.dtsi index 92a9740c533f..3b1db7b9ec50 100644 --- a/arch/arm/boot/dts/tegra30-cardhu.dtsi +++ b/arch/arm/boot/dts/tegra30-cardhu.dtsi @@ -206,6 +206,7 @@ #address-cells = <1>; #size-cells = <0>; reg = <0x70>; + reset-gpio = <&gpio TEGRA_GPIO(BB, 0) GPIO_ACTIVE_LOW>; }; }; -- 1.9.1

6 years, 11 months

2
1
0 0

[PATCH] x86/apm: Don't access __preempt_count with zeroed fs

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> APM_DO_POP_SEGS does not restore fs/gs which were zeroed by APM_DO_ZERO_SEGS. Trying to access __preempt_count with zeroed fs doesn't really work. Move the ibrs stuff outside the APM_DO_SAVE_SEGS/APM_DO_RESTORE_SEGS invocations so that fs is actually restored before we call preempt_enable(). Fixes the following sort of oopses: [ 0.313581] general protection fault: 0000 [#1] PREEMPT SMP [ 0.313803] Modules linked in: [ 0.314040] CPU: 0 PID: 268 Comm: kapmd Not tainted 4.16.0-rc1-triton-bisect-00090-gdd84441a7971 #19 [ 0.316161] EIP: __apm_bios_call_simple+0xc8/0x170 [ 0.316161] EFLAGS: 00210016 CPU: 0 [ 0.316161] EAX: 00000102 EBX: 00000000 ECX: 00000102 EDX: 00000000 [ 0.316161] ESI: 0000530e EDI: dea95f64 EBP: dea95f18 ESP: dea95ef0 [ 0.316161] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 [ 0.316161] CR0: 80050033 CR2: 00000000 CR3: 015d3000 CR4: 000006d0 [ 0.316161] Call Trace: [ 0.316161] ? cpumask_weight.constprop.15+0x20/0x20 [ 0.316161] on_cpu0+0x44/0x70 [ 0.316161] apm+0x54e/0x720 [ 0.316161] ? __switch_to_asm+0x26/0x40 [ 0.316161] ? __schedule+0x17d/0x590 [ 0.316161] kthread+0xc0/0xf0 [ 0.316161] ? proc_apm_show+0x150/0x150 [ 0.316161] ? kthread_create_worker_on_cpu+0x20/0x20 [ 0.316161] ret_from_fork+0x2e/0x38 [ 0.316161] Code: da 8e c2 8e e2 8e ea 57 55 2e ff 1d e0 bb 5d b1 0f 92 c3 5d 5f 07 1f 89 47 0c 90 8d b4 26 00 00 00 00 90 8d b4 26 00 00 00 00 90 <64> ff 0d 84 16 5c b1 74 7f 8b 45 dc 8e e0 8b 45 d8 8e e8 8b 45 [ 0.316161] EIP: __apm_bios_call_simple+0xc8/0x170 SS:ESP: 0068:dea95ef0 [ 0.316161] ---[ end trace 656253db2deaa12c ]--- Cc: stable(a)vger.kernel.org Cc: David Woodhouse <dwmw(a)amazon.co.uk> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: x86(a)kernel.org Fixes: dd84441a7971 ("x86/speculation: Use IBRS if available before calling into firmware") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- arch/x86/include/asm/apm.h | 6 ------ arch/x86/kernel/apm_32.c | 5 +++++ 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/apm.h b/arch/x86/include/asm/apm.h index c356098b6fb9..4d4015ddcf26 100644 --- a/arch/x86/include/asm/apm.h +++ b/arch/x86/include/asm/apm.h @@ -7,8 +7,6 @@ #ifndef _ASM_X86_MACH_DEFAULT_APM_H #define _ASM_X86_MACH_DEFAULT_APM_H -#include <asm/nospec-branch.h> - #ifdef APM_ZERO_SEGS # define APM_DO_ZERO_SEGS \ "pushl %%ds\n\t" \ @@ -34,7 +32,6 @@ static inline void apm_bios_call_asm(u32 func, u32 ebx_in, u32 ecx_in, * N.B. We do NOT need a cld after the BIOS call * because we always save and restore the flags. */ - firmware_restrict_branch_speculation_start(); __asm__ __volatile__(APM_DO_ZERO_SEGS "pushl %%edi\n\t" "pushl %%ebp\n\t" @@ -47,7 +44,6 @@ static inline void apm_bios_call_asm(u32 func, u32 ebx_in, u32 ecx_in, "=S" (*esi) : "a" (func), "b" (ebx_in), "c" (ecx_in) : "memory", "cc"); - firmware_restrict_branch_speculation_end(); } static inline bool apm_bios_call_simple_asm(u32 func, u32 ebx_in, @@ -60,7 +56,6 @@ static inline bool apm_bios_call_simple_asm(u32 func, u32 ebx_in, * N.B. We do NOT need a cld after the BIOS call * because we always save and restore the flags. */ - firmware_restrict_branch_speculation_start(); __asm__ __volatile__(APM_DO_ZERO_SEGS "pushl %%edi\n\t" "pushl %%ebp\n\t" @@ -73,7 +68,6 @@ static inline bool apm_bios_call_simple_asm(u32 func, u32 ebx_in, "=S" (si) : "a" (func), "b" (ebx_in), "c" (ecx_in) : "memory", "cc"); - firmware_restrict_branch_speculation_end(); return error; } diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c index 5d0de79fdab0..ec00d1ff5098 100644 --- a/arch/x86/kernel/apm_32.c +++ b/arch/x86/kernel/apm_32.c @@ -240,6 +240,7 @@ #include <asm/olpc.h> #include <asm/paravirt.h> #include <asm/reboot.h> +#include <asm/nospec-branch.h> #if defined(CONFIG_APM_DISPLAY_BLANK) && defined(CONFIG_VT) extern int (*console_blank_hook)(int); @@ -614,11 +615,13 @@ static long __apm_bios_call(void *_call) gdt[0x40 / 8] = bad_bios_desc; apm_irq_save(flags); + firmware_restrict_branch_speculation_start(); APM_DO_SAVE_SEGS; apm_bios_call_asm(call->func, call->ebx, call->ecx, &call->eax, &call->ebx, &call->ecx, &call->edx, &call->esi); APM_DO_RESTORE_SEGS; + firmware_restrict_branch_speculation_end(); apm_irq_restore(flags); gdt[0x40 / 8] = save_desc_40; put_cpu(); @@ -690,10 +693,12 @@ static long __apm_bios_call_simple(void *_call) gdt[0x40 / 8] = bad_bios_desc; apm_irq_save(flags); + firmware_restrict_branch_speculation_start(); APM_DO_SAVE_SEGS; error = apm_bios_call_simple_asm(call->func, call->ebx, call->ecx, &call->eax); APM_DO_RESTORE_SEGS; + firmware_restrict_branch_speculation_end(); apm_irq_restore(flags); gdt[0x40 / 8] = save_desc_40; put_cpu(); -- 2.16.4

6 years, 11 months

1
0
0 0

[PATCH 4.14 00/61] 4.14.54-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.54 release. There are 61 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Jul 8 05:46:58 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.54-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.54-rc1 Damien Thébault <damien.thebault(a)vitec.com> net: dsa: b53: Add BCM5389 support Finn Thain <fthain(a)telegraphics.com.au> net/sonic: Use dma_mapping_error() João Paulo Rechi Vita <jprvita(a)endlessm.com> platform/x86: asus-wmi: Fix NULL pointer dereference Paul Burton <paul.burton(a)mips.com> sched/core: Require cpu_active() in select_task_rq(), for user tasks Peter Zijlstra <peterz(a)infradead.org> sched/core: Fix rules for running on online && !active CPUs Darrick J. Wong <darrick.wong(a)oracle.com> fs: clear writeback errors in inode_init_always YueHaibing <yuehaibing(a)huawei.com> perf bpf: Fix NULL return handling in bpf__prepare_load() Thomas Richter <tmricht(a)linux.ibm.com> perf test: "Session topology" dumps core on s390 Josh Hill <josh(a)joshuajhill.com> net: qmi_wwan: Add Netgear Aircard 779S Ivan Bornyakov <brnkv.i1(a)gmail.com> atm: zatm: fix memcmp casting Hao Wei Tee <angelsl(a)in04.sg> iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs Julian Anastasov <ja(a)ssi.bg> ipvs: fix buffer overflow with sync daemon and service Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_limit: fix packet ratelimiting Sebastian Ott <sebott(a)linux.ibm.com> s390/dasd: use blk_mq_rq_from_pdu for per request data Paolo Abeni <pabeni(a)redhat.com> netfilter: ebtables: handle string from userspace with care David Howells <dhowells(a)redhat.com> afs: Fix directory permissions check Eric Dumazet <edumazet(a)google.com> xfrm6: avoid potential infinite loop in _decode_session6() Abhishek Sahu <absahu(a)codeaurora.org> mtd: rawnand: fix return value check for bad block status Sean Nyekjaer <sean.nyekjaer(a)prevas.dk> ARM: dts: imx6q: Use correct SDMA script for SPI5 core Taehee Yoo <ap420073(a)gmail.com> netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() Vincent Bernat <vincent(a)bernat.im> netfilter: ip6t_rpfilter: provide input interface for route lookup Florian Westphal <fw(a)strlen.de> netfilter: don't set F_IFACE on ipv6 fib lookups NeilBrown <neilb(a)suse.com> md: remove special meaning of ->quiesce(.., 2) NeilBrown <neilb(a)suse.com> md: allow metadata update while suspending. NeilBrown <neilb(a)suse.com> md: use mddev_suspend/resume instead of ->quiesce() NeilBrown <neilb(a)suse.com> md: move suspend_hi/lo handling into core md code NeilBrown <neilb(a)suse.com> md: don't call bitmap_create() while array is quiesced. NeilBrown <neilb(a)suse.com> md: always hold reconfig_mutex when calling mddev_suspend() Taehee Yoo <ap420073(a)gmail.com> netfilter: nf_tables: fix NULL-ptr in nf_tables_dump_obj() Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: add missing netlink attrs to policies Colin Ian King <colin.king(a)canonical.com> netfilter: nf_tables: fix memory leak on error exit return Taehee Yoo <ap420073(a)gmail.com> netfilter: nf_tables: increase nft_counters_enabled in nft_chain_stats_replace() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disable preemption in nft_update_chain_stats() Taehee Yoo <ap420073(a)gmail.com> netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: bogus EBUSY in chain deletions Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: don't assume chain stats are set when jumplabel is set Florian Westphal <fw(a)strlen.de> netfilter: nft_compat: fix handling of large matchinfo size Florian Westphal <fw(a)strlen.de> netfilter: nft_compat: prepare for indirect info storage Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: nft_compat: fix refcount leak on xt module Kenneth Graunke <kenneth(a)whitecape.org> drm/i915: Enable provoking vertex fix on Gen9 systems. Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: Refactor amdgpu_vram_mgr_bo_invisible_size helper Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: Use kvmalloc_array for allocating VRAM manager nodes array Stefan Agner <stefan(a)agner.ch> drm/atmel-hlcdc: check stride values in the first plane Jeremy Cline <jcline(a)redhat.com> drm/qxl: Call qxl_bo_unref outside atomic context Huang Rui <ray.huang(a)amd.com> drm/amdgpu: fix the missed vcn fw version report Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Add APU support in vi_set_vce_clocks Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Add APU support in vi_set_uvd_clocks Alexander Potapenko <glider(a)google.com> vt: prevent leaking uninitialized data to userspace via /dev/vcs* Johan Hovold <johan(a)kernel.org> serdev: fix memleak on module unload Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_pci: Remove stalled entries in blacklist Laura Abbott <labbott(a)redhat.com> staging: android: ion: Return an ERR_PTR in ion_map_kernel Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> n_tty: Access echo_* variables carefully. Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> n_tty: Fix stall at n_tty_receive_char_special(). Zhengjun Xing <zhengjun.xing(a)linux.intel.com> xhci: Fix kernel oops in trace_xhci_free_virt_device Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: Fix for incorrect status data issue Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: acpi: Workaround for cache mode issue Heikki Krogerus <heikki.krogerus(a)linux.intel.com> acpi: Add helper for deactivating memory region William Wu <william.wu(a)rock-chips.com> usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub Karoly Pados <pados(a)pados.hu> USB: serial: cp210x: add Silicon Labs IDs for Windows Update Johan Hovold <johan(a)kernel.org> USB: serial: cp210x: add CESINEL device ids Houston Yaroschoff <hstn(a)4ever3.net> usb: cdc_acm: Add quirk for Uniden UBC125 scanner ------------- Diffstat: Documentation/devicetree/bindings/net/dsa/b53.txt | 1 + Makefile | 4 +- arch/arm/boot/dts/imx6q.dtsi | 2 +- drivers/acpi/osl.c | 72 ++++++++ drivers/atm/zatm.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 23 ++- drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/vi.c | 77 +++++++-- drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c | 2 +- drivers/gpu/drm/i915/i915_reg.h | 5 + drivers/gpu/drm/i915/intel_lrc.c | 12 +- drivers/gpu/drm/qxl/qxl_display.c | 7 +- drivers/md/dm-raid.c | 10 +- drivers/md/md-cluster.c | 6 +- drivers/md/md.c | 90 ++++++---- drivers/md/md.h | 15 +- drivers/md/raid0.c | 2 +- drivers/md/raid1.c | 27 +-- drivers/md/raid10.c | 10 +- drivers/md/raid5-cache.c | 30 ++-- drivers/md/raid5-log.h | 2 +- drivers/md/raid5.c | 40 +---- drivers/mtd/nand/nand_base.c | 2 +- drivers/net/dsa/b53/b53_common.c | 13 ++ drivers/net/dsa/b53/b53_mdio.c | 5 +- drivers/net/dsa/b53/b53_priv.h | 1 + drivers/net/ethernet/natsemi/sonic.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 10 +- drivers/platform/x86/asus-wmi.c | 23 +-- drivers/s390/block/dasd.c | 7 +- drivers/staging/android/ion/ion_heap.c | 2 +- drivers/tty/n_tty.c | 55 +++--- drivers/tty/serdev/core.c | 1 + drivers/tty/serial/8250/8250_pci.c | 2 - drivers/tty/vt/vt.c | 4 +- drivers/usb/class/cdc-acm.c | 3 + drivers/usb/dwc2/hcd_queue.c | 2 +- drivers/usb/host/xhci-mem.c | 4 +- drivers/usb/host/xhci-trace.h | 36 +++- drivers/usb/serial/cp210x.c | 14 ++ drivers/usb/typec/ucsi/ucsi.c | 13 ++ drivers/usb/typec/ucsi/ucsi_acpi.c | 5 + fs/afs/security.c | 10 +- fs/inode.c | 1 + include/linux/acpi.h | 3 + include/net/netfilter/nf_tables.h | 5 + kernel/sched/core.c | 45 +++-- net/bridge/netfilter/ebtables.c | 3 +- net/ipv6/netfilter/ip6t_rpfilter.c | 4 +- net/ipv6/netfilter/nft_fib_ipv6.c | 12 +- net/ipv6/xfrm6_policy.c | 2 +- net/netfilter/ipvs/ip_vs_ctl.c | 21 ++- net/netfilter/nf_tables_api.c | 61 ++++++- net/netfilter/nf_tables_core.c | 20 ++- net/netfilter/nft_compat.c | 201 +++++++++++++++++----- net/netfilter/nft_immediate.c | 15 +- net/netfilter/nft_limit.c | 38 ++-- net/netfilter/nft_meta.c | 14 +- tools/perf/tests/topology.c | 30 +++- tools/perf/util/bpf-loader.c | 6 +- 64 files changed, 809 insertions(+), 340 deletions(-)

6 years, 11 months

4
57
0 0

[PATCH v2 0/3] printk: Deadlock in NMI regression

by Petr Mladek

The commit 719f6a7040f1bdaf96 ("printk: Use the main logbuf in NMI when logbuf_lock is available") brought back the possible deadlocks in printk() and NMI. This is rework of the proposed fix, see https://lkml.kernel.org/r/20180606111557.xzs6l3lkvg7lq3ts@pathway.suse.cz I realized that we could rather easily move the check to vprintk_func() and still avoid any race. I believe that this is a win-win solution. Changes against v1: + Move the check from vprintk_emit() to vprintk_func() + More straightforward commit message + Fix build with CONFIG_PRINTK_NMI disabled Petr Mladek (3): printk: Split the code for storing a message into the log buffer printk: Create helper function to queue deferred console handling printk/nmi: Prevent deadlock when accessing the main log buffer in NMI include/linux/printk.h | 4 ++++ kernel/printk/internal.h | 9 ++++++- kernel/printk/printk.c | 57 +++++++++++++++++++++++++++----------------- kernel/printk/printk_safe.c | 58 +++++++++++++++++++++++++++++---------------- kernel/trace/trace.c | 4 +++- lib/nmi_backtrace.c | 3 --- 6 files changed, 87 insertions(+), 48 deletions(-) -- 2.13.7

6 years, 11 months

3
19
0 0

[PATCH] i2c-hid: Fix "incomplete report" noise

by Jason Andryuk

Commit ac75a041048b ("HID: i2c-hid: fix size check and type usage") started writing messages when the ret_size is <= 2 from i2c_master_recv. However, my device i2c-DLL07D1 returns 2 for a short period of time (~0.5s) after I stop moving the pointing stick or touchpad. It varies, but you get ~50 messages each time which spams the log hard. [ 95.925055] i2c_hid i2c-DLL07D1:01: i2c_hid_get_input: incomplete report (83/2) This has also been observed with a i2c-ALP0017. [ 1781.266353] i2c_hid i2c-ALP0017:00: i2c_hid_get_input: incomplete report (30/2) Only print the message when ret_size is totally invalid and less than 2 to cut down on the log spam. Reported-by: John Smith <john-s-84(a)gmx.net> Cc: stable(a)vger.kernel.org Signed-off-by: Jason Andryuk <jandryuk(a)gmail.com> --- John Smith originally reported this, but his post did not include a git formatted patch nor a Signed-off-by. https://www.spinics.net/lists/linux-input/msg56171.html https://patchwork.kernel.org/patch/10374383/ When ret_size is 2, hid_input_report is passed 0 and returns early. ret_size == 2 seems to be a header size saying there is no content. Should i2c_hid_get_input just return early in that case? Also, should this condition be noted to stop an interrupt from firing to avoid the ~50 bogus messages? drivers/hid/i2c-hid/i2c-hid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hid/i2c-hid/i2c-hid.c b/drivers/hid/i2c-hid/i2c-hid.c index c1652bb7bd15..eae0cb3ddec6 100644 --- a/drivers/hid/i2c-hid/i2c-hid.c +++ b/drivers/hid/i2c-hid/i2c-hid.c @@ -484,7 +484,7 @@ static void i2c_hid_get_input(struct i2c_hid *ihid) return; } - if ((ret_size > size) || (ret_size <= 2)) { + if ((ret_size > size) || (ret_size < 2)) { dev_err(&ihid->client->dev, "%s: incomplete report (%d/%d)\n", __func__, size, ret_size); return; -- 2.17.1

6 years, 11 months

2
2
0 0

[char-misc-next] mei: don't update offset in write

by Tomas Winkler

From: Alexander Usyskin <alexander.usyskin(a)intel.com> MEI enables writes of complete messages only while read can be performed in parts, hence write should not update the file offset to not break interleaving partial reads with writes. Cc: <stable(a)vger.kernel.org> Signed-off-by: Alexander Usyskin <alexander.usyskin(a)intel.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> --- drivers/misc/mei/main.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/misc/mei/main.c b/drivers/misc/mei/main.c index f690918f7817..302ba7a63bd2 100644 --- a/drivers/misc/mei/main.c +++ b/drivers/misc/mei/main.c @@ -312,7 +312,6 @@ static ssize_t mei_write(struct file *file, const char __user *ubuf, } } - *offset = 0; cb = mei_cl_alloc_cb(cl, length, MEI_FOP_WRITE, file); if (!cb) { rets = -ENOMEM; -- 2.14.4

6 years, 11 months

1
0
0 0

[PATCH 1/4] rtc: omap: fix potential crash on power off

by Johan Hovold

Do not set the system power-off callback and omap power-off rtc pointer until we're done setting up our device to avoid leaving stale pointers around after a late probe error. Fixes: 97ea1906b3c2 ("rtc: omap: Support ext_wakeup configuration") Cc: stable <stable(a)vger.kernel.org> # 4.9 Cc: Marcin Niestroj <m.niestroj(a)grinn-global.com> Cc: Tony Lindgren <tony(a)atomide.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/rtc/rtc-omap.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/rtc/rtc-omap.c b/drivers/rtc/rtc-omap.c index 39086398833e..c214b69a8787 100644 --- a/drivers/rtc/rtc-omap.c +++ b/drivers/rtc/rtc-omap.c @@ -861,13 +861,6 @@ static int omap_rtc_probe(struct platform_device *pdev) goto err; } - if (rtc->is_pmic_controller) { - if (!pm_power_off) { - omap_rtc_power_off_rtc = rtc; - pm_power_off = omap_rtc_power_off; - } - } - /* Support ext_wakeup pinconf */ rtc_pinctrl_desc.name = dev_name(&pdev->dev); @@ -884,6 +877,13 @@ static int omap_rtc_probe(struct platform_device *pdev) rtc_nvmem_register(rtc->rtc, &omap_rtc_nvmem_config); + if (rtc->is_pmic_controller) { + if (!pm_power_off) { + omap_rtc_power_off_rtc = rtc; + pm_power_off = omap_rtc_power_off; + } + } + return 0; err: -- 2.18.0

6 years, 11 months

3
2
0 0

[PATCH v2 4.9.y] x86/fpu: Remove use_eager_fpu()

by Daniel Sangorrin

From: Andy Lutomirski <luto(a)kernel.org> commit c592b57347069abfc0dcad3b3a302cf882602597 upstream This removes all the obvious code paths that depend on lazy FPU mode. It shouldn't change the generated code at all. Signed-off-by: Andy Lutomirski <luto(a)kernel.org> Signed-off-by: Rik van Riel <riel(a)redhat.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Denys Vlasenko <dvlasenk(a)redhat.com> Cc: Fenghua Yu <fenghua.yu(a)intel.com> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Josh Poimboeuf <jpoimboe(a)redhat.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Quentin Casasnovas <quentin.casasnovas(a)oracle.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: pbonzini(a)redhat.com Link: http://lkml.kernel.org/r/1475627678-20788-5-git-send-email-riel@redhat.com Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Daniel Sangorrin <daniel.sangorrin(a)toshiba.co.jp> --- I backported this patch to remove the final fpu lazy mode deadcode from stable 4.9.y. I only had to solve a small conflict caused by the fact that commit b22cbe404a9c ("x86/fpu: Fix invalid FPU ptrace state after execve()") had been applied before in stable (it was supposed to come after) After applying this patch please do the following to remove more deadcode: - cherry-pick: 3913cc350757 ("x86/fpu: Remove struct fpu::counter") - revert: f09a7b0eead7 ("perf: sync up x86/.../cpufeatures.h") - cherry-pick: e63650840e8b ("x86/fpu: Finish excising 'eagerfpu'") arch/x86/crypto/crc32c-intel_glue.c | 17 ++++------------- arch/x86/include/asm/fpu/internal.h | 34 +--------------------------------- arch/x86/kernel/fpu/core.c | 36 ++++-------------------------------- arch/x86/kernel/fpu/signal.c | 8 +++----- arch/x86/kernel/fpu/xstate.c | 9 --------- arch/x86/kvm/cpuid.c | 4 +--- arch/x86/kvm/x86.c | 10 ---------- 7 files changed, 13 insertions(+), 105 deletions(-) diff --git a/arch/x86/crypto/crc32c-intel_glue.c b/arch/x86/crypto/crc32c-intel_glue.c index dd19584..5773e11 100644 --- a/arch/x86/crypto/crc32c-intel_glue.c +++ b/arch/x86/crypto/crc32c-intel_glue.c @@ -48,21 +48,13 @@ #ifdef CONFIG_X86_64 /* * use carryless multiply version of crc32c when buffer - * size is >= 512 (when eager fpu is enabled) or - * >= 1024 (when eager fpu is disabled) to account + * size is >= 512 to account * for fpu state save/restore overhead. */ -#define CRC32C_PCL_BREAKEVEN_EAGERFPU 512 -#define CRC32C_PCL_BREAKEVEN_NOEAGERFPU 1024 +#define CRC32C_PCL_BREAKEVEN 512 asmlinkage unsigned int crc_pcl(const u8 *buffer, int len, unsigned int crc_init); -static int crc32c_pcl_breakeven = CRC32C_PCL_BREAKEVEN_EAGERFPU; -#define set_pcl_breakeven_point() \ -do { \ - if (!use_eager_fpu()) \ - crc32c_pcl_breakeven = CRC32C_PCL_BREAKEVEN_NOEAGERFPU; \ -} while (0) #endif /* CONFIG_X86_64 */ static u32 crc32c_intel_le_hw_byte(u32 crc, unsigned char const *data, size_t length) @@ -185,7 +177,7 @@ static int crc32c_pcl_intel_update(struct shash_desc *desc, const u8 *data, * use faster PCL version if datasize is large enough to * overcome kernel fpu state save/restore overhead */ - if (len >= crc32c_pcl_breakeven && irq_fpu_usable()) { + if (len >= CRC32C_PCL_BREAKEVEN && irq_fpu_usable()) { kernel_fpu_begin(); *crcp = crc_pcl(data, len, *crcp); kernel_fpu_end(); @@ -197,7 +189,7 @@ static int crc32c_pcl_intel_update(struct shash_desc *desc, const u8 *data, static int __crc32c_pcl_intel_finup(u32 *crcp, const u8 *data, unsigned int len, u8 *out) { - if (len >= crc32c_pcl_breakeven && irq_fpu_usable()) { + if (len >= CRC32C_PCL_BREAKEVEN && irq_fpu_usable()) { kernel_fpu_begin(); *(__le32 *)out = ~cpu_to_le32(crc_pcl(data, len, *crcp)); kernel_fpu_end(); @@ -257,7 +249,6 @@ static int __init crc32c_intel_mod_init(void) alg.update = crc32c_pcl_intel_update; alg.finup = crc32c_pcl_intel_finup; alg.digest = crc32c_pcl_intel_digest; - set_pcl_breakeven_point(); } #endif return crypto_register_shash(&alg); diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h index 8852e3a..7801d32 100644 --- a/arch/x86/include/asm/fpu/internal.h +++ b/arch/x86/include/asm/fpu/internal.h @@ -60,11 +60,6 @@ extern u64 fpu__get_supported_xfeatures_mask(void); /* * FPU related CPU feature flag helper routines: */ -static __always_inline __pure bool use_eager_fpu(void) -{ - return true; -} - static __always_inline __pure bool use_xsaveopt(void) { return static_cpu_has(X86_FEATURE_XSAVEOPT); @@ -501,24 +496,6 @@ static inline int fpu_want_lazy_restore(struct fpu *fpu, unsigned int cpu) } -/* - * Wrap lazy FPU TS handling in a 'hw fpregs activation/deactivation' - * idiom, which is then paired with the sw-flag (fpregs_active) later on: - */ - -static inline void __fpregs_activate_hw(void) -{ - if (!use_eager_fpu()) - clts(); -} - -static inline void __fpregs_deactivate_hw(void) -{ - if (!use_eager_fpu()) - stts(); -} - -/* Must be paired with an 'stts' (fpregs_deactivate_hw()) after! */ static inline void __fpregs_deactivate(struct fpu *fpu) { WARN_ON_FPU(!fpu->fpregs_active); @@ -528,7 +505,6 @@ static inline void __fpregs_deactivate(struct fpu *fpu) trace_x86_fpu_regs_deactivated(fpu); } -/* Must be paired with a 'clts' (fpregs_activate_hw()) before! */ static inline void __fpregs_activate(struct fpu *fpu) { WARN_ON_FPU(fpu->fpregs_active); @@ -554,22 +530,17 @@ static inline int fpregs_active(void) } /* - * Encapsulate the CR0.TS handling together with the - * software flag. - * * These generally need preemption protection to work, * do try to avoid using these on their own. */ static inline void fpregs_activate(struct fpu *fpu) { - __fpregs_activate_hw(); __fpregs_activate(fpu); } static inline void fpregs_deactivate(struct fpu *fpu) { __fpregs_deactivate(fpu); - __fpregs_deactivate_hw(); } /* @@ -596,8 +567,7 @@ switch_fpu_prepare(struct fpu *old_fpu, struct fpu *new_fpu, int cpu) * or if the past 5 consecutive context-switches used math. */ fpu.preload = static_cpu_has(X86_FEATURE_FPU) && - new_fpu->fpstate_active && - (use_eager_fpu() || new_fpu->counter > 5); + new_fpu->fpstate_active; if (old_fpu->fpregs_active) { if (!copy_fpregs_to_fpstate(old_fpu)) @@ -615,8 +585,6 @@ switch_fpu_prepare(struct fpu *old_fpu, struct fpu *new_fpu, int cpu) __fpregs_activate(new_fpu); trace_x86_fpu_regs_activated(new_fpu); prefetch(&new_fpu->state); - } else { - __fpregs_deactivate_hw(); } } else { old_fpu->counter = 0; diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index 96d80df..2dc1927 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -58,27 +58,9 @@ static bool kernel_fpu_disabled(void) return this_cpu_read(in_kernel_fpu); } -/* - * Were we in an interrupt that interrupted kernel mode? - * - * On others, we can do a kernel_fpu_begin/end() pair *ONLY* if that - * pair does nothing at all: the thread must not have fpu (so - * that we don't try to save the FPU state), and TS must - * be set (so that the clts/stts pair does nothing that is - * visible in the interrupted kernel thread). - * - * Except for the eagerfpu case when we return true; in the likely case - * the thread has FPU but we are not going to set/clear TS. - */ static bool interrupted_kernel_fpu_idle(void) { - if (kernel_fpu_disabled()) - return false; - - if (use_eager_fpu()) - return true; - - return !current->thread.fpu.fpregs_active && (read_cr0() & X86_CR0_TS); + return !kernel_fpu_disabled(); } /* @@ -126,7 +108,6 @@ void __kernel_fpu_begin(void) copy_fpregs_to_fpstate(fpu); } else { this_cpu_write(fpu_fpregs_owner_ctx, NULL); - __fpregs_activate_hw(); } } EXPORT_SYMBOL(__kernel_fpu_begin); @@ -137,8 +118,6 @@ void __kernel_fpu_end(void) if (fpu->fpregs_active) copy_kernel_to_fpregs(&fpu->state); - else - __fpregs_deactivate_hw(); kernel_fpu_enable(); } @@ -200,10 +179,7 @@ void fpu__save(struct fpu *fpu) trace_x86_fpu_before_save(fpu); if (fpu->fpregs_active) { if (!copy_fpregs_to_fpstate(fpu)) { - if (use_eager_fpu()) - copy_kernel_to_fpregs(&fpu->state); - else - fpregs_deactivate(fpu); + copy_kernel_to_fpregs(&fpu->state); } } trace_x86_fpu_after_save(fpu); @@ -261,8 +237,7 @@ int fpu__copy(struct fpu *dst_fpu, struct fpu *src_fpu) * Don't let 'init optimized' areas of the XSAVE area * leak into the child task: */ - if (use_eager_fpu()) - memset(&dst_fpu->state.xsave, 0, fpu_kernel_xstate_size); + memset(&dst_fpu->state.xsave, 0, fpu_kernel_xstate_size); /* * Save current FPU registers directly into the child @@ -284,10 +259,7 @@ int fpu__copy(struct fpu *dst_fpu, struct fpu *src_fpu) memcpy(&src_fpu->state, &dst_fpu->state, fpu_kernel_xstate_size); - if (use_eager_fpu()) - copy_kernel_to_fpregs(&src_fpu->state); - else - fpregs_deactivate(src_fpu); + copy_kernel_to_fpregs(&src_fpu->state); } preempt_enable(); diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c index 3ec0d2d..3a93186 100644 --- a/arch/x86/kernel/fpu/signal.c +++ b/arch/x86/kernel/fpu/signal.c @@ -344,11 +344,9 @@ static int __fpu__restore_sig(void __user *buf, void __user *buf_fx, int size) } fpu->fpstate_active = 1; - if (use_eager_fpu()) { - preempt_disable(); - fpu__restore(fpu); - preempt_enable(); - } + preempt_disable(); + fpu__restore(fpu); + preempt_enable(); return err; } else { diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index abfbb61b..e9d7f46 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -890,15 +890,6 @@ int arch_set_user_pkey_access(struct task_struct *tsk, int pkey, */ if (!boot_cpu_has(X86_FEATURE_OSPKE)) return -EINVAL; - /* - * For most XSAVE components, this would be an arduous task: - * brining fpstate up to date with fpregs, updating fpstate, - * then re-populating fpregs. But, for components that are - * never lazily managed, we can just access the fpregs - * directly. PKRU is never managed lazily, so we can just - * manipulate it directly. Make sure it stays that way. - */ - WARN_ON_ONCE(!use_eager_fpu()); /* Set the bits we need in PKRU: */ if (init_val & PKEY_DISABLE_ACCESS) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 7e5119c..c17d389 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -16,7 +16,6 @@ #include <linux/export.h> #include <linux/vmalloc.h> #include <linux/uaccess.h> -#include <asm/fpu/internal.h> /* For use_eager_fpu. Ugh! */ #include <asm/user.h> #include <asm/fpu/xstate.h> #include "cpuid.h" @@ -114,8 +113,7 @@ int kvm_update_cpuid(struct kvm_vcpu *vcpu) if (best && (best->eax & (F(XSAVES) | F(XSAVEC)))) best->ebx = xstate_required_size(vcpu->arch.xcr0, true); - if (use_eager_fpu()) - kvm_x86_ops->fpu_activate(vcpu); + kvm_x86_ops->fpu_activate(vcpu); /* * The existing code assumes virtual address is 48-bit in the canonical diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 5ca23af..0754dae 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -7513,16 +7513,6 @@ void kvm_put_guest_fpu(struct kvm_vcpu *vcpu) copy_fpregs_to_fpstate(&vcpu->arch.guest_fpu); __kernel_fpu_end(); ++vcpu->stat.fpu_reload; - /* - * If using eager FPU mode, or if the guest is a frequent user - * of the FPU, just leave the FPU active for next time. - * Every 255 times fpu_counter rolls over to 0; a guest that uses - * the FPU in bursts will revert to loading it on demand. - */ - if (!use_eager_fpu()) { - if (++vcpu->fpu_counter < 5) - kvm_make_request(KVM_REQ_DEACTIVATE_FPU, vcpu); - } trace_kvm_fpu(0); } -- 2.1.4

6 years, 11 months

1
0
0 0

[PATCH] mtd: rawnand: hynix: Use ->exec_op() in hynix_nand_reg_write_op()

by Boris Brezillon

Modern NAND controller drivers implement ->exec_op() instead of ->cmdfunc(), make sure we don't end up with a NULL pointer dereference when hynix_nand_reg_write_op() is called. Fixes: 8878b126df76 ("mtd: nand: add ->exec_op() implementation") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- drivers/mtd/nand/raw/nand_hynix.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/mtd/nand/raw/nand_hynix.c b/drivers/mtd/nand/raw/nand_hynix.c index 8cbe77f447c7..4ffbb26e76d6 100644 --- a/drivers/mtd/nand/raw/nand_hynix.c +++ b/drivers/mtd/nand/raw/nand_hynix.c @@ -100,6 +100,16 @@ static int hynix_nand_reg_write_op(struct nand_chip *chip, u8 addr, u8 val) struct mtd_info *mtd = nand_to_mtd(chip); u16 column = ((u16)addr << 8) | addr; + if (chip->exec_op) { + struct nand_op_instr instrs[] = { + NAND_OP_ADDR(1, &addr, 0), + NAND_OP_8BIT_DATA_OUT(1, &val, 0), + }; + struct nand_operation op = NAND_OPERATION(instrs); + + return nand_exec_op(chip, &op); + } + chip->cmdfunc(mtd, NAND_CMD_NONE, column, -1); chip->write_byte(mtd, val); -- 2.14.1

6 years, 11 months

2
2
0 0

[PATCH v2] devres: Really align data field to unsigned long long

by Alexey Brodkin

Depending on ABI "long long" type of a particular 32-bit CPU might be aligned by either word (32-bits) or double word (64-bits). Make sure "data" is really 64-bit aligned for any 32-bit CPU. At least for 32-bit ARC cores ABI requires "long long" types to be aligned by normal 32-bit word. This makes "data" field aligned to 12 bytes. Which is still OK as long as we use 32-bit data only. But once we want to use native atomic64_t type (i.e. when we use special instructions LLOCKD/SCONDD for accessing 64-bit data) we easily hit misaligned access exception. That's because even on CPUs capable of non-aligned data access LL/SC instructions require strict alignment. Signed-off-by: Alexey Brodkin <abrodkin(a)synopsys.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org --- Changes v1 -> v2: * Reworded commit message * Inserted comment right in source [Thomas] drivers/base/devres.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/base/devres.c b/drivers/base/devres.c index f98a097e73f2..466fa59c866a 100644 --- a/drivers/base/devres.c +++ b/drivers/base/devres.c @@ -24,8 +24,12 @@ struct devres_node { struct devres { struct devres_node node; - /* -- 3 pointers */ - unsigned long long data[]; /* guarantee ull alignment */ + /* + * Depending on ABI "long long" type of a particular 32-bit CPU + * might be aligned by either word (32-bits) or double word (64-bits). + * Make sure "data" is really 64-bit aligned for any 32-bit CPU. + */ + unsigned long long data[] __aligned(sizeof(unsigned long long)); }; struct devres_group { -- 2.17.1

6 years, 11 months

3
3
0 0

Re: [PATCH 4.16 234/279] x86/pkeys/selftests: Adjust the self-test to fresh distros that export the pkeys ABI

by Vlastimil Babka

On 06/18/2018 10:13 AM, Greg Kroah-Hartman wrote: > 4.16-stable review patch. If anyone has any objections, please let me know. So I was wondering, why backport such a considerable number of *selftests* to stable, given the stable policy? Surely selftests don't affect the kernel itself breaking for users? Thanks, Vlastimil

6 years, 11 months

4
6
0 0

[Linux-stable-mirror] [PATCH] scsi: lpfc: Switch memcpy_fromio() to __read32_copy()

by Huacai Chen

In commit bc73905abf770192 ("[SCSI] lpfc 8.3.16: SLI Additions, updates, and code cleanup"), lpfc_memcpy_to_slim() have switched memcpy_toio() to __write32_copy() in order to prevent unaligned 64 bit copy. Recently, we found that lpfc_memcpy_from_slim() have similar issues, so let it switch memcpy_fromio() to __read32_copy(). Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhc(a)lemote.com> --- drivers/scsi/lpfc/lpfc_compat.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc_compat.h b/drivers/scsi/lpfc/lpfc_compat.h index 6b32b0a..47d4fad 100644 --- a/drivers/scsi/lpfc/lpfc_compat.h +++ b/drivers/scsi/lpfc/lpfc_compat.h @@ -91,8 +91,8 @@ lpfc_memcpy_to_slim( void __iomem *dest, void *src, unsigned int bytes) static inline void lpfc_memcpy_from_slim( void *dest, void __iomem *src, unsigned int bytes) { - /* actually returns 1 byte past dest */ - memcpy_fromio( dest, src, bytes); + /* convert bytes in argument list to word count for copy function */ + __ioread32_copy(dest, src, bytes / sizeof(uint32_t)); } #endif /* __BIG_ENDIAN */ -- 2.7.0

6 years, 11 months

3
5
0 0

[PATCH v3 1/3] mtd: rawnand: marvell: add suspend and resume hooks

by Daniel Mack

This patch restores the suspend and resume hooks that the old driver used to have. Apart from stopping and starting the clocks, the resume callback also nullifies the selected_chip pointer, so the next command that is issued will re-select the chip and thereby restore the timing registers. Without this patch, a PXA3xx based system would cough up an error similar to the one below after resume. [ 44.660162] marvell-nfc 43100000.nand-controller: Timeout waiting for RB signal [ 44.671492] ubi0 error: ubi_io_write: error -110 while writing 2048 bytes to PEB 102:38912, written 0 bytes [ 44.682887] CPU: 0 PID: 1417 Comm: remote-control Not tainted 4.18.0-rc2+ #344 [ 44.691197] Hardware name: Marvell PXA3xx (Device Tree Support) [ 44.697111] Backtrace: [ 44.699593] [<c0106458>] (dump_backtrace) from [<c0106718>] (show_stack+0x18/0x1c) [ 44.708931] r7:00000800 r6:00009800 r5:00000066 r4:c6139000 [ 44.715833] [<c0106700>] (show_stack) from [<c0678a60>] (dump_stack+0x20/0x28) [ 44.724206] [<c0678a40>] (dump_stack) from [<c0456cbc>] (ubi_io_write+0x3d4/0x630) [ 44.732925] [<c04568e8>] (ubi_io_write) from [<c0454428>] (ubi_eba_write_leb+0x690/0x6fc) ... Signed-off-by: Daniel Mack <daniel(a)zonque.org> Fixes: 02f26ecf8c77 ("mtd: nand: add reworked Marvell NAND controller driver") Cc: stable(a)vger.kernel.org --- drivers/mtd/nand/raw/marvell_nand.c | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/drivers/mtd/nand/raw/marvell_nand.c b/drivers/mtd/nand/raw/marvell_nand.c index 00d9f29bbdb6..4644f6e3b930 100644 --- a/drivers/mtd/nand/raw/marvell_nand.c +++ b/drivers/mtd/nand/raw/marvell_nand.c @@ -2825,6 +2825,54 @@ static int marvell_nfc_remove(struct platform_device *pdev) return 0; } +static int __maybe_unused marvell_nfc_suspend(struct device *dev) +{ + struct marvell_nfc *nfc = dev_get_drvdata(dev); + struct marvell_nand_chip *chip; + + list_for_each_entry(chip, &nfc->chips, node) + marvell_nfc_wait_ndrun(&chip->chip); + + clk_disable_unprepare(nfc->reg_clk); + clk_disable_unprepare(nfc->core_clk); + + return 0; +} + +static int __maybe_unused marvell_nfc_resume(struct device *dev) +{ + struct marvell_nfc *nfc = dev_get_drvdata(dev); + int ret; + + ret = clk_prepare_enable(nfc->core_clk); + if (ret < 0) + return ret; + + if (!IS_ERR(nfc->reg_clk)) { + ret = clk_prepare_enable(nfc->reg_clk); + if (ret < 0) + return ret; + } + + /* + * Reset nfc->selected_chip so the next command will cause the timing + * registers to be restored in marvell_nfc_select_chip(). + */ + nfc->selected_chip = NULL; + + /* Reset registers that have lots its contents */ + writel_relaxed(NDCR_ALL_INT | NDCR_ND_ARB_EN | NDCR_SPARE_EN | + NDCR_RD_ID_CNT(NFCV1_READID_LEN), nfc->regs + NDCR); + writel_relaxed(0xFFFFFFFF, nfc->regs + NDSR); + writel_relaxed(0, nfc->regs + NDECCCTRL); + + return 0; +} + +static const struct dev_pm_ops marvell_nfc_pm_ops = { + SET_SYSTEM_SLEEP_PM_OPS(marvell_nfc_suspend, marvell_nfc_resume) +}; + static const struct marvell_nfc_caps marvell_armada_8k_nfc_caps = { .max_cs_nb = 4, .max_rb_nb = 2, @@ -2909,6 +2957,7 @@ static struct platform_driver marvell_nfc_driver = { .driver = { .name = "marvell-nfc", .of_match_table = marvell_nfc_of_ids, + .pm = &marvell_nfc_pm_ops, }, .id_table = marvell_nfc_platform_ids, .probe = marvell_nfc_probe, -- 2.17.1

6 years, 11 months

2
5
0 0

[PATCH] ubifs: xattr: Don't operate on deleted inodes

by Richard Weinberger

xattr operations can race with unlink and the following assert triggers: UBIFS assert failed in ubifs_jnl_change_xattr at 1606 (pid 6256) Fix this by checking i_nlink before working on the host inode. Cc: <stable(a)vger.kernel.org> Fixes: 1e51764a3c2a ("UBIFS: add new flash file system") Signed-off-by: Richard Weinberger <richard(a)nod.at> --- fs/ubifs/xattr.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c index 6f720fdf5020..09e37e63bddd 100644 --- a/fs/ubifs/xattr.c +++ b/fs/ubifs/xattr.c @@ -152,6 +152,12 @@ static int create_xattr(struct ubifs_info *c, struct inode *host, ui->data_len = size; mutex_lock(&host_ui->ui_mutex); + + if (!host->i_nlink) { + err = -ENOENT; + goto out_noent; + } + host->i_ctime = current_time(host); host_ui->xattr_cnt += 1; host_ui->xattr_size += CALC_DENT_SIZE(fname_len(nm)); @@ -184,6 +190,7 @@ static int create_xattr(struct ubifs_info *c, struct inode *host, host_ui->xattr_size -= CALC_XATTR_BYTES(size); host_ui->xattr_names -= fname_len(nm); host_ui->flags &= ~UBIFS_CRYPT_FL; +out_noent: mutex_unlock(&host_ui->ui_mutex); out_free: make_bad_inode(inode); @@ -235,6 +242,12 @@ static int change_xattr(struct ubifs_info *c, struct inode *host, mutex_unlock(&ui->ui_mutex); mutex_lock(&host_ui->ui_mutex); + + if (!host->i_nlink) { + err = -ENOENT; + goto out_noent; + } + host->i_ctime = current_time(host); host_ui->xattr_size -= CALC_XATTR_BYTES(old_size); host_ui->xattr_size += CALC_XATTR_BYTES(size); @@ -256,6 +269,7 @@ static int change_xattr(struct ubifs_info *c, struct inode *host, out_cancel: host_ui->xattr_size -= CALC_XATTR_BYTES(size); host_ui->xattr_size += CALC_XATTR_BYTES(old_size); +out_noent: mutex_unlock(&host_ui->ui_mutex); make_bad_inode(inode); out_free: @@ -482,6 +496,12 @@ static int remove_xattr(struct ubifs_info *c, struct inode *host, return err; mutex_lock(&host_ui->ui_mutex); + + if (!host->i_nlink) { + err = -ENOENT; + goto out_noent; + } + host->i_ctime = current_time(host); host_ui->xattr_cnt -= 1; host_ui->xattr_size -= CALC_DENT_SIZE(fname_len(nm)); @@ -501,6 +521,7 @@ static int remove_xattr(struct ubifs_info *c, struct inode *host, host_ui->xattr_size += CALC_DENT_SIZE(fname_len(nm)); host_ui->xattr_size += CALC_XATTR_BYTES(ui->data_len); host_ui->xattr_names += fname_len(nm); +out_noent: mutex_unlock(&host_ui->ui_mutex); ubifs_release_budget(c, &req); make_bad_inode(inode); @@ -540,6 +561,9 @@ static int ubifs_xattr_remove(struct inode *host, const char *name) ubifs_assert(inode_is_locked(host)); + if (!host->i_nlink) + return -ENOENT; + if (fname_len(&nm) > UBIFS_MAX_NLEN) return -ENAMETOOLONG; -- 2.18.0

6 years, 11 months

1
0
0 0

v4.14.54 build: 0 failures 0 warnings (v4.14.54)

by Build bot for Mark Brown

Tree/Branch: v4.14.54 Git describe: v4.14.54 Commit: 5893f4c3fb Linux 4.14.54 Build Time: 98 min 57 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig x86_64-allmodconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

6 years, 11 months

1
0
0 0

[PATCH] ACPI: save NVS memory for ASUS 1025C laptop

by Willy Tarreau

Every time I tried to upgrade my laptop from 3.10.x to 4.x I faced an issue by which the fan would run at full speed upon resume. Bisecting it showed me the issue was introduced in 3.17 by commit 821d6f0359b0 (ACPI / sleep: Do not save NVS for new machines to accelerate S3). This code only affects machines built starting as of 2012, but this Asus 1025C laptop was made in 2012 and apparently needs the NVS data to be saved, otherwise the CPU's thermal state is not properly reported on resume and the fan runs at full speed upon resume. Here's a very simple way to check if such a machine is affected : # cat /sys/class/thermal/thermal_zone0/temp 55000 ( now suspend, wait one second and resume ) # cat /sys/class/thermal/thermal_zone0/temp 0 (and after ~15 seconds the fan starts to spin) Let's apply the same quirk as commit cbc00c13 (ACPI: save NVS memory for Lenovo G50-45) and reuse the function it provides. Note that this commit was already backported to 4.9.x but not 4.4.x. Cc: <stable(a)vger.kernel.org> # 3.17+: requires cbc00c13 Signed-off-by: Willy Tarreau <w(a)1wt.eu> --- drivers/acpi/sleep.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c index 974e584..af54d7b 100644 --- a/drivers/acpi/sleep.c +++ b/drivers/acpi/sleep.c @@ -338,6 +338,14 @@ static const struct dmi_system_id acpisleep_dmi_table[] __initconst = { DMI_MATCH(DMI_PRODUCT_NAME, "K54HR"), }, }, + { + .callback = init_nvs_save_s3, + .ident = "Asus 1025C", + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), + DMI_MATCH(DMI_PRODUCT_NAME, "1025C"), + }, + }, /* * https://bugzilla.kernel.org/show_bug.cgi?id=189431 * Lenovo G50-45 is a platform later than 2012, but needs nvs memory -- 2.8.0.rc2.1.gbe9624a

6 years, 11 months

1
0
0 0

Linux 4.17.5

by Greg KH

I'm announcing the release of the 4.17.5 kernel. All users of the 4.17 kernel series must upgrade. The updated 4.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.17.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/imx6q.dtsi | 2 arch/arm64/boot/dts/amlogic/meson-gxl-s905x-p212.dtsi | 7 + arch/x86/include/asm/pgalloc.h | 3 drivers/acpi/osl.c | 72 ++++++++++++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 24 ++--- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 14 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 39 ++++++++- drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 drivers/gpu/drm/amd/amdgpu/vi.c | 77 ++++++++++++++---- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 22 ++++- drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c | 2 drivers/gpu/drm/i915/i915_irq.c | 12 ++ drivers/gpu/drm/i915/i915_reg.h | 5 + drivers/gpu/drm/i915/intel_crt.c | 20 ++++ drivers/gpu/drm/i915/intel_ddi.c | 8 + drivers/gpu/drm/i915/intel_display.c | 16 +++ drivers/gpu/drm/i915/intel_dp.c | 34 +++---- drivers/gpu/drm/i915/intel_dp_mst.c | 14 +++ drivers/gpu/drm/i915/intel_dsi.c | 6 + drivers/gpu/drm/i915/intel_dvo.c | 6 + drivers/gpu/drm/i915/intel_hdmi.c | 6 + drivers/gpu/drm/i915/intel_lrc.c | 12 ++ drivers/gpu/drm/i915/intel_lvds.c | 5 + drivers/gpu/drm/i915/intel_sdvo.c | 6 + drivers/gpu/drm/i915/intel_tv.c | 12 ++ drivers/gpu/drm/qxl/qxl_display.c | 7 + drivers/gpu/drm/sti/Kconfig | 3 drivers/gpu/drm/sun4i/sun4i_tcon.c | 25 ----- drivers/iio/accel/mma8452.c | 2 drivers/staging/android/ion/ion_heap.c | 2 drivers/tty/n_tty.c | 55 +++++++----- drivers/tty/serdev/core.c | 1 drivers/tty/serial/8250/8250_pci.c | 2 drivers/tty/vt/vt.c | 4 drivers/usb/class/cdc-acm.c | 3 drivers/usb/dwc2/hcd_queue.c | 2 drivers/usb/host/xhci-mem.c | 4 drivers/usb/host/xhci-trace.h | 36 +++++++- drivers/usb/serial/cp210x.c | 14 +++ drivers/usb/typec/tcpm.c | 7 - drivers/usb/typec/ucsi/ucsi.c | 13 +++ drivers/usb/typec/ucsi/ucsi_acpi.c | 5 + include/linux/acpi.h | 3 net/ipv6/netfilter/ip6t_rpfilter.c | 2 net/netfilter/nf_tables_core.c | 3 net/netfilter/xt_connmark.c | 2 50 files changed, 488 insertions(+), 149 deletions(-) Alexander Potapenko (1): vt: prevent leaking uninitialized data to userspace via /dev/vcs* Andrey Ryabinin (1): x86/mm: Don't free P4D table when it is folded at runtime Andy Shevchenko (1): serial: 8250_pci: Remove stalled entries in blacklist Florian Westphal (1): netfilter: xt_connmark: fix list corruption on rmmod Greg Kroah-Hartman (1): Linux 4.17.5 Harry Wentland (1): drm/amdgpu: Don't default to DC support for Kaveri and older Heikki Krogerus (3): acpi: Add helper for deactivating memory region usb: typec: ucsi: acpi: Workaround for cache mode issue usb: typec: ucsi: Fix for incorrect status data issue Houston Yaroschoff (1): usb: cdc_acm: Add quirk for Uniden UBC125 scanner Huang Rui (1): drm/amdgpu: fix the missed vcn fw version report Jeremy Cline (1): drm/qxl: Call qxl_bo_unref outside atomic context Johan Hovold (2): USB: serial: cp210x: add CESINEL device ids serdev: fix memleak on module unload Junwei Zhang (1): drm/amdgpu: fix clear_all and replace handling in the VM (v2) Karoly Pados (1): USB: serial: cp210x: add Silicon Labs IDs for Windows Update Kenneth Graunke (1): drm/i915: Enable provoking vertex fix on Gen9 systems. Laura Abbott (1): staging: android: ion: Return an ERR_PTR in ion_map_kernel Leonard Crestez (1): iio: mma8452: Fix ignoring MMA8452_INT_DRDY Lyude Paul (3): drm/amdgpu: Grab/put runtime PM references in atomic_commit_tail() drm/i915/dp: Send DPCD ON for MST before phy_up drm/amdgpu: Count disabled CRTCs in commit tail earlier Michel Dänzer (5): drm/amdgpu: Use kvmalloc_array for allocating VRAM manager nodes array drm/amdgpu: Refactor amdgpu_vram_mgr_bo_invisible_size helper drm/amdgpu: Make amdgpu_vram_mgr_bo_invisible_size always accurate drm/amdgpu: Update pin_size values before unpinning BO drm/amdgpu: GPU vs CPU page size fixes in amdgpu_vm_bo_split_mapping Mikita Lipski (1): drm/amd/display: Clear connector's edid pointer Neil Armstrong (1): ARM64: dts: meson-gxl-s905x-p212: Add phy-supply for usb0 Oliver O'Halloran (1): drm/sti: Depend on OF rather than selecting it Paul Kocialkowski (1): Revert "drm/sun4i: Handle DRM_BUS_FLAG_PIXDATA_*EDGE" Peter Chen (1): usb: typec: tcpm: fix logbuffer index is wrong if _tcpm_log is re-entered Rex Zhu (2): drm/amdgpu: Add APU support in vi_set_uvd_clocks drm/amdgpu: Add APU support in vi_set_vce_clocks Sean Nyekjaer (1): ARM: dts: imx6q: Use correct SDMA script for SPI5 core Shirish S (1): drm/amd/display: release spinlock before committing updates to stream Stefan Agner (1): drm/atmel-hlcdc: check stride values in the first plane Taehee Yoo (1): netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() Tetsuo Handa (2): n_tty: Fix stall at n_tty_receive_char_special(). n_tty: Access echo_* variables carefully. Ville Syrjälä (4): drm/i915: Allow DBLSCAN user modes with eDP/LVDS/DSI drm/i915: Fix PIPESTAT irq ack on i965/g4x drm/i915: Disallow interlaced modes on g4x DP outputs drm/i915: Turn off g4x DP port in .post_disable() Vincent Bernat (1): netfilter: ip6t_rpfilter: provide input interface for route lookup William Wu (1): usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub Zhengjun Xing (1): xhci: Fix kernel oops in trace_xhci_free_virt_device

6 years, 11 months

1
1
0 0

Linux 4.14.54

by Greg KH

I'm announcing the release of the 4.14.54 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/net/dsa/b53.txt | 1 Makefile | 2 arch/arm/boot/dts/imx6q.dtsi | 2 drivers/acpi/osl.c | 72 +++++++ drivers/atm/zatm.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 23 ++ drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 drivers/gpu/drm/amd/amdgpu/vi.c | 77 ++++++-- drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c | 2 drivers/gpu/drm/i915/i915_reg.h | 5 drivers/gpu/drm/i915/intel_lrc.c | 12 + drivers/gpu/drm/qxl/qxl_display.c | 7 drivers/md/dm-raid.c | 10 - drivers/md/md-cluster.c | 6 drivers/md/md.c | 90 ++++++--- drivers/md/md.h | 15 + drivers/md/raid0.c | 2 drivers/md/raid1.c | 27 -- drivers/md/raid10.c | 10 - drivers/md/raid5-cache.c | 30 ++- drivers/md/raid5-log.h | 2 drivers/md/raid5.c | 40 ---- drivers/mtd/nand/nand_base.c | 2 drivers/net/dsa/b53/b53_common.c | 13 + drivers/net/dsa/b53/b53_mdio.c | 5 drivers/net/dsa/b53/b53_priv.h | 1 drivers/net/ethernet/natsemi/sonic.c | 2 drivers/net/usb/qmi_wwan.c | 1 drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 10 - drivers/platform/x86/asus-wmi.c | 23 +- drivers/s390/block/dasd.c | 7 drivers/staging/android/ion/ion_heap.c | 2 drivers/tty/n_tty.c | 55 +++--- drivers/tty/serdev/core.c | 1 drivers/tty/serial/8250/8250_pci.c | 2 drivers/tty/vt/vt.c | 4 drivers/usb/class/cdc-acm.c | 3 drivers/usb/dwc2/hcd_queue.c | 2 drivers/usb/host/xhci-mem.c | 4 drivers/usb/host/xhci-trace.h | 36 +++ drivers/usb/serial/cp210x.c | 14 + drivers/usb/typec/ucsi/ucsi.c | 13 + drivers/usb/typec/ucsi/ucsi_acpi.c | 5 fs/afs/security.c | 10 - fs/inode.c | 1 include/linux/acpi.h | 3 include/net/netfilter/nf_tables.h | 5 kernel/sched/core.c | 45 +++- net/bridge/netfilter/ebtables.c | 3 net/ipv6/netfilter/ip6t_rpfilter.c | 4 net/ipv6/netfilter/nft_fib_ipv6.c | 12 - net/ipv6/xfrm6_policy.c | 2 net/netfilter/ipvs/ip_vs_ctl.c | 21 +- net/netfilter/nf_tables_api.c | 61 +++++- net/netfilter/nf_tables_core.c | 20 +- net/netfilter/nft_compat.c | 201 +++++++++++++++++----- net/netfilter/nft_immediate.c | 15 + net/netfilter/nft_limit.c | 38 ++-- net/netfilter/nft_meta.c | 14 - tools/perf/tests/topology.c | 30 ++- tools/perf/util/bpf-loader.c | 6 64 files changed, 808 insertions(+), 339 deletions(-) Abhishek Sahu (1): mtd: rawnand: fix return value check for bad block status Alexander Potapenko (1): vt: prevent leaking uninitialized data to userspace via /dev/vcs* Andy Shevchenko (1): serial: 8250_pci: Remove stalled entries in blacklist Colin Ian King (1): netfilter: nf_tables: fix memory leak on error exit return Damien Thébault (1): net: dsa: b53: Add BCM5389 support Darrick J. Wong (1): fs: clear writeback errors in inode_init_always David Howells (1): afs: Fix directory permissions check Eric Dumazet (1): xfrm6: avoid potential infinite loop in _decode_session6() Finn Thain (1): net/sonic: Use dma_mapping_error() Florian Westphal (6): netfilter: nf_tables: nft_compat: fix refcount leak on xt module netfilter: nft_compat: prepare for indirect info storage netfilter: nft_compat: fix handling of large matchinfo size netfilter: nf_tables: don't assume chain stats are set when jumplabel is set netfilter: nf_tables: add missing netlink attrs to policies netfilter: don't set F_IFACE on ipv6 fib lookups Greg Kroah-Hartman (1): Linux 4.14.54 Hao Wei Tee (1): iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs Heikki Krogerus (3): acpi: Add helper for deactivating memory region usb: typec: ucsi: acpi: Workaround for cache mode issue usb: typec: ucsi: Fix for incorrect status data issue Houston Yaroschoff (1): usb: cdc_acm: Add quirk for Uniden UBC125 scanner Huang Rui (1): drm/amdgpu: fix the missed vcn fw version report Ivan Bornyakov (1): atm: zatm: fix memcmp casting Jeremy Cline (1): drm/qxl: Call qxl_bo_unref outside atomic context Johan Hovold (2): USB: serial: cp210x: add CESINEL device ids serdev: fix memleak on module unload Josh Hill (1): net: qmi_wwan: Add Netgear Aircard 779S João Paulo Rechi Vita (1): platform/x86: asus-wmi: Fix NULL pointer dereference Julian Anastasov (1): ipvs: fix buffer overflow with sync daemon and service Karoly Pados (1): USB: serial: cp210x: add Silicon Labs IDs for Windows Update Kenneth Graunke (1): drm/i915: Enable provoking vertex fix on Gen9 systems. Laura Abbott (1): staging: android: ion: Return an ERR_PTR in ion_map_kernel Michel Dänzer (2): drm/amdgpu: Use kvmalloc_array for allocating VRAM manager nodes array drm/amdgpu: Refactor amdgpu_vram_mgr_bo_invisible_size helper NeilBrown (6): md: always hold reconfig_mutex when calling mddev_suspend() md: don't call bitmap_create() while array is quiesced. md: move suspend_hi/lo handling into core md code md: use mddev_suspend/resume instead of ->quiesce() md: allow metadata update while suspending. md: remove special meaning of ->quiesce(.., 2) Pablo Neira Ayuso (3): netfilter: nf_tables: bogus EBUSY in chain deletions netfilter: nf_tables: disable preemption in nft_update_chain_stats() netfilter: nft_limit: fix packet ratelimiting Paolo Abeni (1): netfilter: ebtables: handle string from userspace with care Paul Burton (1): sched/core: Require cpu_active() in select_task_rq(), for user tasks Peter Zijlstra (1): sched/core: Fix rules for running on online && !active CPUs Rex Zhu (2): drm/amdgpu: Add APU support in vi_set_uvd_clocks drm/amdgpu: Add APU support in vi_set_vce_clocks Sean Nyekjaer (1): ARM: dts: imx6q: Use correct SDMA script for SPI5 core Sebastian Ott (1): s390/dasd: use blk_mq_rq_from_pdu for per request data Stefan Agner (1): drm/atmel-hlcdc: check stride values in the first plane Taehee Yoo (4): netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval netfilter: nf_tables: increase nft_counters_enabled in nft_chain_stats_replace() netfilter: nf_tables: fix NULL-ptr in nf_tables_dump_obj() netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() Tetsuo Handa (2): n_tty: Fix stall at n_tty_receive_char_special(). n_tty: Access echo_* variables carefully. Thomas Richter (1): perf test: "Session topology" dumps core on s390 Vincent Bernat (1): netfilter: ip6t_rpfilter: provide input interface for route lookup William Wu (1): usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub YueHaibing (1): perf bpf: Fix NULL return handling in bpf__prepare_load() Zhengjun Xing (1): xhci: Fix kernel oops in trace_xhci_free_virt_device

6 years, 11 months

1
1
0 0

[PATCH v4 1/3] mtd: rawnand: marvell: add suspend and resume hooks

by Daniel Mack

This patch restores the suspend and resume hooks that the old driver used to have. Apart from stopping and starting the clocks, the resume callback also nullifies the selected_chip pointer, so the next command that is issued will re-select the chip and thereby restore the timing registers. Factor out some code from marvell_nfc_init() into a new function marvell_nfc_reset() and also call it at resume time to reset some registers that don't retain their contents during low-power mode. Without this patch, a PXA3xx based system would cough up an error similar to the one below after resume. [ 44.660162] marvell-nfc 43100000.nand-controller: Timeout waiting for RB signal [ 44.671492] ubi0 error: ubi_io_write: error -110 while writing 2048 bytes to PEB 102:38912, written 0 bytes [ 44.682887] CPU: 0 PID: 1417 Comm: remote-control Not tainted 4.18.0-rc2+ #344 [ 44.691197] Hardware name: Marvell PXA3xx (Device Tree Support) [ 44.697111] Backtrace: [ 44.699593] [<c0106458>] (dump_backtrace) from [<c0106718>] (show_stack+0x18/0x1c) [ 44.708931] r7:00000800 r6:00009800 r5:00000066 r4:c6139000 [ 44.715833] [<c0106700>] (show_stack) from [<c0678a60>] (dump_stack+0x20/0x28) [ 44.724206] [<c0678a40>] (dump_stack) from [<c0456cbc>] (ubi_io_write+0x3d4/0x630) [ 44.732925] [<c04568e8>] (ubi_io_write) from [<c0454428>] (ubi_eba_write_leb+0x690/0x6fc) ... Signed-off-by: Daniel Mack <daniel(a)zonque.org> Fixes: 02f26ecf8c77 ("mtd: nand: add reworked Marvell NAND controller driver") Cc: stable(a)vger.kernel.org --- drivers/mtd/nand/raw/marvell_nand.c | 73 ++++++++++++++++++++++++----- 1 file changed, 62 insertions(+), 11 deletions(-) diff --git a/drivers/mtd/nand/raw/marvell_nand.c b/drivers/mtd/nand/raw/marvell_nand.c index 00d9f29bbdb6..03ee016d7516 100644 --- a/drivers/mtd/nand/raw/marvell_nand.c +++ b/drivers/mtd/nand/raw/marvell_nand.c @@ -2662,6 +2662,21 @@ static int marvell_nfc_init_dma(struct marvell_nfc *nfc) return 0; } +static void marvell_nfc_reset(struct marvell_nfc *nfc) +{ + /* + * ECC operations and interruptions are only enabled when specifically + * needed. ECC shall not be activated in the early stages (fails probe). + * Arbiter flag, even if marked as "reserved", must be set (empirical). + * SPARE_EN bit must always be set or ECC bytes will not be at the same + * offset in the read page and this will fail the protection. + */ + writel_relaxed(NDCR_ALL_INT | NDCR_ND_ARB_EN | NDCR_SPARE_EN | + NDCR_RD_ID_CNT(NFCV1_READID_LEN), nfc->regs + NDCR); + writel_relaxed(0xFFFFFFFF, nfc->regs + NDSR); + writel_relaxed(0, nfc->regs + NDECCCTRL); +} + static int marvell_nfc_init(struct marvell_nfc *nfc) { struct device_node *np = nfc->dev->of_node; @@ -2700,17 +2715,7 @@ static int marvell_nfc_init(struct marvell_nfc *nfc) if (!nfc->caps->is_nfcv2) marvell_nfc_init_dma(nfc); - /* - * ECC operations and interruptions are only enabled when specifically - * needed. ECC shall not be activated in the early stages (fails probe). - * Arbiter flag, even if marked as "reserved", must be set (empirical). - * SPARE_EN bit must always be set or ECC bytes will not be at the same - * offset in the read page and this will fail the protection. - */ - writel_relaxed(NDCR_ALL_INT | NDCR_ND_ARB_EN | NDCR_SPARE_EN | - NDCR_RD_ID_CNT(NFCV1_READID_LEN), nfc->regs + NDCR); - writel_relaxed(0xFFFFFFFF, nfc->regs + NDSR); - writel_relaxed(0, nfc->regs + NDECCCTRL); + marvell_nfc_reset(nfc); return 0; } @@ -2825,6 +2830,51 @@ static int marvell_nfc_remove(struct platform_device *pdev) return 0; } +static int __maybe_unused marvell_nfc_suspend(struct device *dev) +{ + struct marvell_nfc *nfc = dev_get_drvdata(dev); + struct marvell_nand_chip *chip; + + list_for_each_entry(chip, &nfc->chips, node) + marvell_nfc_wait_ndrun(&chip->chip); + + clk_disable_unprepare(nfc->reg_clk); + clk_disable_unprepare(nfc->core_clk); + + return 0; +} + +static int __maybe_unused marvell_nfc_resume(struct device *dev) +{ + struct marvell_nfc *nfc = dev_get_drvdata(dev); + int ret; + + ret = clk_prepare_enable(nfc->core_clk); + if (ret < 0) + return ret; + + if (!IS_ERR(nfc->reg_clk)) { + ret = clk_prepare_enable(nfc->reg_clk); + if (ret < 0) + return ret; + } + + /* + * Reset nfc->selected_chip so the next command will cause the timing + * registers to be restored in marvell_nfc_select_chip(). + */ + nfc->selected_chip = NULL; + + /* Reset registers that have lost their contents */ + marvell_nfc_reset(nfc); + + return 0; +} + +static const struct dev_pm_ops marvell_nfc_pm_ops = { + SET_SYSTEM_SLEEP_PM_OPS(marvell_nfc_suspend, marvell_nfc_resume) +}; + static const struct marvell_nfc_caps marvell_armada_8k_nfc_caps = { .max_cs_nb = 4, .max_rb_nb = 2, @@ -2909,6 +2959,7 @@ static struct platform_driver marvell_nfc_driver = { .driver = { .name = "marvell-nfc", .of_match_table = marvell_nfc_of_ids, + .pm = &marvell_nfc_pm_ops, }, .id_table = marvell_nfc_platform_ids, .probe = marvell_nfc_probe, -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH 4.17 00/46] 4.17.5-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.17.5 release. There are 46 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Jul 8 05:45:10 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.17.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.17.5-rc1 Sean Nyekjaer <sean.nyekjaer(a)prevas.dk> ARM: dts: imx6q: Use correct SDMA script for SPI5 core Andrey Ryabinin <aryabinin(a)virtuozzo.com> x86/mm: Don't free P4D table when it is folded at runtime Neil Armstrong <narmstrong(a)baylibre.com> ARM64: dts: meson-gxl-s905x-p212: Add phy-supply for usb0 Taehee Yoo <ap420073(a)gmail.com> netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() Florian Westphal <fw(a)strlen.de> netfilter: xt_connmark: fix list corruption on rmmod Vincent Bernat <vincent(a)bernat.im> netfilter: ip6t_rpfilter: provide input interface for route lookup Kenneth Graunke <kenneth(a)whitecape.org> drm/i915: Enable provoking vertex fix on Gen9 systems. Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Turn off g4x DP port in .post_disable() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Disallow interlaced modes on g4x DP outputs Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Fix PIPESTAT irq ack on i965/g4x Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Allow DBLSCAN user modes with eDP/LVDS/DSI Shirish S <shirish.s(a)amd.com> drm/amd/display: release spinlock before committing updates to stream Lyude Paul <lyude(a)redhat.com> drm/amdgpu: Count disabled CRTCs in commit tail earlier Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: GPU vs CPU page size fixes in amdgpu_vm_bo_split_mapping Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: Update pin_size values before unpinning BO Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: Make amdgpu_vram_mgr_bo_invisible_size always accurate Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: Refactor amdgpu_vram_mgr_bo_invisible_size helper Michel Dänzer <michel.daenzer(a)amd.com> drm/amdgpu: Use kvmalloc_array for allocating VRAM manager nodes array Harry Wentland <harry.wentland(a)amd.com> drm/amdgpu: Don't default to DC support for Kaveri and older Paul Kocialkowski <paul.kocialkowski(a)bootlin.com> Revert "drm/sun4i: Handle DRM_BUS_FLAG_PIXDATA_*EDGE" Stefan Agner <stefan(a)agner.ch> drm/atmel-hlcdc: check stride values in the first plane Jeremy Cline <jcline(a)redhat.com> drm/qxl: Call qxl_bo_unref outside atomic context Lyude Paul <lyude(a)redhat.com> drm/i915/dp: Send DPCD ON for MST before phy_up Mikita Lipski <mikita.lipski(a)amd.com> drm/amd/display: Clear connector's edid pointer Oliver O'Halloran <oohall(a)gmail.com> drm/sti: Depend on OF rather than selecting it Junwei Zhang <Jerry.Zhang(a)amd.com> drm/amdgpu: fix clear_all and replace handling in the VM (v2) Lyude Paul <lyude(a)redhat.com> drm/amdgpu: Grab/put runtime PM references in atomic_commit_tail() Huang Rui <ray.huang(a)amd.com> drm/amdgpu: fix the missed vcn fw version report Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Add APU support in vi_set_vce_clocks Rex Zhu <Rex.Zhu(a)amd.com> drm/amdgpu: Add APU support in vi_set_uvd_clocks Alexander Potapenko <glider(a)google.com> vt: prevent leaking uninitialized data to userspace via /dev/vcs* Johan Hovold <johan(a)kernel.org> serdev: fix memleak on module unload Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_pci: Remove stalled entries in blacklist Leonard Crestez <leonard.crestez(a)nxp.com> iio: mma8452: Fix ignoring MMA8452_INT_DRDY Laura Abbott <labbott(a)redhat.com> staging: android: ion: Return an ERR_PTR in ion_map_kernel Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> n_tty: Access echo_* variables carefully. Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> n_tty: Fix stall at n_tty_receive_char_special(). Zhengjun Xing <zhengjun.xing(a)linux.intel.com> xhci: Fix kernel oops in trace_xhci_free_virt_device Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: Fix for incorrect status data issue Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: acpi: Workaround for cache mode issue Heikki Krogerus <heikki.krogerus(a)linux.intel.com> acpi: Add helper for deactivating memory region Peter Chen <peter.chen(a)nxp.com> usb: typec: tcpm: fix logbuffer index is wrong if _tcpm_log is re-entered William Wu <william.wu(a)rock-chips.com> usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub Karoly Pados <pados(a)pados.hu> USB: serial: cp210x: add Silicon Labs IDs for Windows Update Johan Hovold <johan(a)kernel.org> USB: serial: cp210x: add CESINEL device ids Houston Yaroschoff <hstn(a)4ever3.net> usb: cdc_acm: Add quirk for Uniden UBC125 scanner ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/imx6q.dtsi | 2 +- .../boot/dts/amlogic/meson-gxl-s905x-p212.dtsi | 7 ++ arch/x86/include/asm/pgalloc.h | 3 + drivers/acpi/osl.c | 72 ++++++++++++++++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 24 +++---- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 14 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 39 ++++++++++- drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/vi.c | 77 +++++++++++++++++----- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 22 +++++-- drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c | 2 +- drivers/gpu/drm/i915/i915_irq.c | 12 +++- drivers/gpu/drm/i915/i915_reg.h | 5 ++ drivers/gpu/drm/i915/intel_crt.c | 20 ++++++ drivers/gpu/drm/i915/intel_ddi.c | 8 ++- drivers/gpu/drm/i915/intel_display.c | 16 ++++- drivers/gpu/drm/i915/intel_dp.c | 34 +++++----- drivers/gpu/drm/i915/intel_dp_mst.c | 14 +++- drivers/gpu/drm/i915/intel_dsi.c | 6 ++ drivers/gpu/drm/i915/intel_dvo.c | 6 ++ drivers/gpu/drm/i915/intel_hdmi.c | 6 ++ drivers/gpu/drm/i915/intel_lrc.c | 12 +++- drivers/gpu/drm/i915/intel_lvds.c | 5 ++ drivers/gpu/drm/i915/intel_sdvo.c | 6 ++ drivers/gpu/drm/i915/intel_tv.c | 12 +++- drivers/gpu/drm/qxl/qxl_display.c | 7 +- drivers/gpu/drm/sti/Kconfig | 3 +- drivers/gpu/drm/sun4i/sun4i_tcon.c | 25 ------- drivers/iio/accel/mma8452.c | 2 +- drivers/staging/android/ion/ion_heap.c | 2 +- drivers/tty/n_tty.c | 55 +++++++++------- drivers/tty/serdev/core.c | 1 + drivers/tty/serial/8250/8250_pci.c | 2 - drivers/tty/vt/vt.c | 4 +- drivers/usb/class/cdc-acm.c | 3 + drivers/usb/dwc2/hcd_queue.c | 2 +- drivers/usb/host/xhci-mem.c | 4 +- drivers/usb/host/xhci-trace.h | 36 ++++++++-- drivers/usb/serial/cp210x.c | 14 ++++ drivers/usb/typec/tcpm.c | 7 +- drivers/usb/typec/ucsi/ucsi.c | 13 ++++ drivers/usb/typec/ucsi/ucsi_acpi.c | 5 ++ include/linux/acpi.h | 3 + net/ipv6/netfilter/ip6t_rpfilter.c | 2 + net/netfilter/nf_tables_core.c | 3 +- net/netfilter/xt_connmark.c | 2 +- 50 files changed, 489 insertions(+), 150 deletions(-)

6 years, 11 months

4
34
0 0

Re: [PATCH 1/2] usb: dwc2: Fix DMA alignment to start at allocated boundary

by Doug Anderson

Hi, On Thu, Jul 5, 2018 at 7:31 AM, Antti Seppälä <a.seppala(a)gmail.com> wrote: > The commit 3bc04e28a030 ("usb: dwc2: host: Get aligned DMA in a more > supported way") introduced a common way to align DMA allocations. > The code in the commit aligns the struct dma_aligned_buffer but the > actual DMA address pointed by data[0] gets aligned to an offset from > the allocated boundary by the kmalloc_ptr and the old_xfer_buffer > pointers. > > This is against the recommendation in Documentation/DMA-API.txt which > states: > > Therefore, it is recommended that driver writers who don't take > special care to determine the cache line size at run time only map > virtual regions that begin and end on page boundaries (which are > guaranteed also to be cache line boundaries). > > The effect of this is that architectures with non-coherent DMA caches > may run into memory corruption or kernel crashes with Unhandled > kernel unaligned accesses exceptions. > > Fix the alignment by positioning the DMA area in front of the allocation > and use memory at the end of the area for storing the orginal > transfer_buffer pointer. This may have the added benefit of increased > performance as the DMA area is now fully aligned on all architectures. > > Tested with Lantiq xRX200 (MIPS) and RPi Model B Rev 2 (ARM). > > Fixes: 3bc04e28a030 ("usb: dwc2: host: Get aligned DMA in a more > supported way") > > Signed-off-by: Antti Seppälä <a.seppala(a)gmail.com> > --- > drivers/usb/dwc2/hcd.c | 44 +++++++++++++++++++++++--------------------- > 1 file changed, 23 insertions(+), 21 deletions(-) Thanks for tracking this down and sorry for the original regression. Seems like a good fix. With this fix, I'd be curious of your observations on how dwc2 performs (both performance and compatibility under stress) with the newest driver compared to whatever you were using before. Also: you're using the dwc2_set_ltq_params() parameters? Have you checked if removing the "max_transfer_size" limit boosts your performance? Cc: stable(a)vger.kernel.org Reviewed-by: Douglas Anderson <dianders(a)chromium.org>

6 years, 11 months

2
1
0 0

[PATCH] compiler.h, sparse, smatch: Do not define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW

by Bart Van Assche

Both sparse and smatch identify themselves as gcc. However, neither static analyzer supports any of the __builtin_*_overflow() functions. Hence do not define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW for these static checkers. Fixes: f0907827a8a9 ("compiler.h: enable builtin overflow checkers and add fallback code") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Rasmus Villemoes <linux(a)rasmusvillemoes.dk> Cc: Kees Cook <keescook(a)chromium.org> Cc: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: Luc Van Oostenryck <luc.vanoostenryck(a)gmail.com> Cc: <stable(a)vger.kernel.org> --- include/linux/compiler-gcc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index f1a7492a5cc8..15e55b89e952 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -344,6 +344,6 @@ */ #define uninitialized_var(x) x = x -#if GCC_VERSION >= 50100 +#if GCC_VERSION >= 50100 && !defined(__CHECKER__) #define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1 #endif -- 2.18.0

6 years, 11 months

3
5
0 0

+ mm-do-not-bug_on-on-incorrect-lenght-in-__mm_populate.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: do not bug_on on incorrect length in __mm_populate() has been added to the -mm tree. Its filename is mm-do-not-bug_on-on-incorrect-lenght-in-__mm_populate.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-do-not-bug_on-on-incorrect-leng… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-do-not-bug_on-on-incorrect-leng… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Michal Hocko <mhocko(a)suse.com> Subject: mm: do not bug_on on incorrect length in __mm_populate() syzbot has noticed that a specially crafted library can easily hit VM_BUG_ON in __mm_populate localhost login: [ 81.210241] emacs (9634) used greatest stack depth: 10416 bytes left [ 140.099935] ------------[ cut here ]------------ [ 140.101904] kernel BUG at mm/gup.c:1242! [ 140.103572] invalid opcode: 0000 [#1] SMP [ 140.105220] CPU: 2 PID: 9667 Comm: a.out Not tainted 4.18.0-rc3 #644 [ 140.107762] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/19/2017 [ 140.112000] RIP: 0010:__mm_populate+0x1e2/0x1f0 [ 140.113875] Code: 55 d0 65 48 33 14 25 28 00 00 00 89 d8 75 21 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 75 18 f1 ff 0f 0b e8 6e 18 f1 ff <0f> 0b 31 db eb c9 e8 93 06 e0 ff 0f 1f 00 55 48 89 e5 53 48 89 fb [ 140.121403] RSP: 0018:ffffc90000dffd78 EFLAGS: 00010293 [ 140.123516] RAX: ffff8801366c63c0 RBX: 000000007bf81000 RCX: ffffffff813e4ee2 [ 140.126352] RDX: 0000000000000000 RSI: 0000000000007676 RDI: 000000007bf81000 [ 140.129236] RBP: ffffc90000dffdc0 R08: 0000000000000000 R09: 0000000000000000 [ 140.132110] R10: ffff880135895c80 R11: 0000000000000000 R12: 0000000000007676 [ 140.134955] R13: 0000000000008000 R14: 0000000000000000 R15: 0000000000007676 [ 140.137785] FS: 0000000000000000(0000) GS:ffff88013a680000(0063) knlGS:00000000f7db9700 [ 140.140998] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 140.143303] CR2: 00000000f7ea56e0 CR3: 0000000134674004 CR4: 00000000000606e0 [ 140.145906] Call Trace: [ 140.146728] vm_brk_flags+0xc3/0x100 [ 140.147830] vm_brk+0x1f/0x30 [ 140.148714] load_elf_library+0x281/0x2e0 [ 140.149875] __ia32_sys_uselib+0x170/0x1e0 [ 140.151028] ? copy_overflow+0x30/0x30 [ 140.152105] ? __ia32_sys_uselib+0x170/0x1e0 [ 140.153301] do_fast_syscall_32+0xca/0x420 [ 140.154455] entry_SYSENTER_compat+0x70/0x7f The reason is that the length of the new brk is not page aligned when we try to populate the it. There is no reason to bug on that though. do_brk_flags already aligns the length properly so the mapping is expanded as it should. All we need is to tell mm_populate about it. Besides that there is absolutely no reason to to bug_on in the first place. The worst thing that could happen is that the last page wouldn't get populated and that is far from putting system into an inconsistent state. Fix the issue by moving the length sanitization code from do_brk_flags up to vm_brk_flags. The only other caller of do_brk_flags is brk syscall entry and it makes sure to provide the proper length so t here is no need for sanitation and so we can use do_brk_flags without it. Also remove the bogus BUG_ONs. [osalvador(a)techadventures.net: fix up vm_brk_flags s@request@len@] Link: http://lkml.kernel.org/r/20180706090217.GI32658@dhcp22.suse.cz Signed-off-by: Michal Hocko <mhocko(a)suse.com> Reported-by: syzbot <syzbot+5dcb560fe12aa5091c06(a)syzkaller.appspotmail.com> Tested-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Cc: Oscar Salvador <osalvador(a)techadventures.net> Cc: Zi Yan <zi.yan(a)cs.rutgers.edu> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)linux.vnet.ibm.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Cc: Michael S. Tsirkin <mst(a)redhat.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup.c | 2 -- mm/mmap.c | 29 ++++++++++++----------------- 2 files changed, 12 insertions(+), 19 deletions(-) diff -puN mm/gup.c~mm-do-not-bug_on-on-incorrect-lenght-in-__mm_populate mm/gup.c --- a/mm/gup.c~mm-do-not-bug_on-on-incorrect-lenght-in-__mm_populate +++ a/mm/gup.c @@ -1238,8 +1238,6 @@ int __mm_populate(unsigned long start, u int locked = 0; long ret = 0; - VM_BUG_ON(start & ~PAGE_MASK); - VM_BUG_ON(len != PAGE_ALIGN(len)); end = start + len; for (nstart = start; nstart < end; nstart = nend) { diff -puN mm/mmap.c~mm-do-not-bug_on-on-incorrect-lenght-in-__mm_populate mm/mmap.c --- a/mm/mmap.c~mm-do-not-bug_on-on-incorrect-lenght-in-__mm_populate +++ a/mm/mmap.c @@ -186,8 +186,8 @@ static struct vm_area_struct *remove_vma return next; } -static int do_brk(unsigned long addr, unsigned long len, struct list_head *uf); - +static int do_brk_flags(unsigned long addr, unsigned long request, unsigned long flags, + struct list_head *uf); SYSCALL_DEFINE1(brk, unsigned long, brk) { unsigned long retval; @@ -245,7 +245,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) goto out; /* Ok, looks good - let it rip. */ - if (do_brk(oldbrk, newbrk-oldbrk, &uf) < 0) + if (do_brk_flags(oldbrk, newbrk-oldbrk, 0, &uf) < 0) goto out; set_brk: @@ -2929,21 +2929,14 @@ static inline void verify_mm_writelocked * anonymous maps. eventually we may be able to do some * brk-specific accounting here. */ -static int do_brk_flags(unsigned long addr, unsigned long request, unsigned long flags, struct list_head *uf) +static int do_brk_flags(unsigned long addr, unsigned long len, unsigned long flags, struct list_head *uf) { struct mm_struct *mm = current->mm; struct vm_area_struct *vma, *prev; - unsigned long len; struct rb_node **rb_link, *rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; - len = PAGE_ALIGN(request); - if (len < request) - return -ENOMEM; - if (!len) - return 0; - /* Until we need other flags, refuse anything except VM_EXEC. */ if ((flags & (~VM_EXEC)) != 0) return -EINVAL; @@ -3015,18 +3008,20 @@ out: return 0; } -static int do_brk(unsigned long addr, unsigned long len, struct list_head *uf) -{ - return do_brk_flags(addr, len, 0, uf); -} - -int vm_brk_flags(unsigned long addr, unsigned long len, unsigned long flags) +int vm_brk_flags(unsigned long addr, unsigned long request, unsigned long flags) { struct mm_struct *mm = current->mm; + unsigned long len; int ret; bool populate; LIST_HEAD(uf); + len = PAGE_ALIGN(request); + if (len < request) + return -ENOMEM; + if (!len) + return 0; + if (down_write_killable(&mm->mmap_sem)) return -EINTR; _ Patches currently in -mm which might be from mhocko(a)suse.com are memblock-do-not-complain-about-top-down-allocations-for-memory_hotremove.patch mm-do-not-bug_on-on-incorrect-lenght-in-__mm_populate.patch mm-drop-vm_bug_on-from-__get_free_pages.patch memcg-oom-move-out_of_memory-back-to-the-charge-path.patch mm-oom-docs-describe-the-cgroup-aware-oom-killer-fix-2.patch

6 years, 11 months

1
0
0 0

+ x86-purgatory-add-missing-force-to-makefile-target.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: x86/purgatory: add missing FORCE to Makefile target has been added to the -mm tree. Its filename is x86-purgatory-add-missing-force-to-makefile-target.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/x86-purgatory-add-missing-force-to… and later at http://ozlabs.org/~akpm/mmotm/broken-out/x86-purgatory-add-missing-force-to… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Philipp Rudo <prudo(a)linux.ibm.com> Subject: x86/purgatory: add missing FORCE to Makefile target - Build the kernel without the fix - Add some flag to the purgatories KBUILD_CFLAGS,I used -fno-asynchronous-unwind-tables - Re-build the kernel When you look at makes output you see that sha256.o is not re-build in the last step. Also readelf -S still shows the .eh_frame section for sha256.o. With the fix sha256.o is rebuilt in the last step. Without FORCE make does not detect changes only made to the command line options. So object files might not be re-built even when they should be. Fix this by adding FORCE where it is missing. Link: http://lkml.kernel.org/r/20180704110044.29279-2-prudo@linux.ibm.com Fixes: df6f2801f511 ("kernel/kexec_file.c: move purgatories sha256 to common code") Signed-off-by: Philipp Rudo <prudo(a)linux.ibm.com> Acked-by: Dave Young <dyoung(a)redhat.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> [4.17+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/x86/purgatory/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN arch/x86/purgatory/Makefile~x86-purgatory-add-missing-force-to-makefile-target arch/x86/purgatory/Makefile --- a/arch/x86/purgatory/Makefile~x86-purgatory-add-missing-force-to-makefile-target +++ a/arch/x86/purgatory/Makefile @@ -6,7 +6,7 @@ purgatory-y := purgatory.o stack.o setup targets += $(purgatory-y) PURGATORY_OBJS = $(addprefix $(obj)/,$(purgatory-y)) -$(obj)/sha256.o: $(srctree)/lib/sha256.c +$(obj)/sha256.o: $(srctree)/lib/sha256.c FORCE $(call if_changed_rule,cc_o_c) LDFLAGS_purgatory.ro := -e purgatory_start -r --no-undefined -nostdlib -z nodefaultlib _ Patches currently in -mm which might be from prudo(a)linux.ibm.com are x86-purgatory-add-missing-force-to-makefile-target.patch

6 years, 11 months

1
0
0 0

[PATCH] clk: aspeed: Mark bclk (PCIe) and dclk (VGA) as critical

by Joel Stanley

This is used by the host to talk to the BMC's PCIe slave device. The BMC is not involved, but the clock needs to be enabled so the host can use the device. Fixes: 15ed8ce5f84e ("clk: aspeed: Register gated clocks") Cc: stable(a)vger.kernel.org # 4.15 Acked-by: Andrew Jeffery <andrew(a)aj.id.au> Tested-by: Lei YU <mine260309(a)gmail.com> Signed-off-by: Joel Stanley <joel(a)jms.id.au> --- drivers/clk/clk-aspeed.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/clk/clk-aspeed.c b/drivers/clk/clk-aspeed.c index 4d425594999d..c17032bc853a 100644 --- a/drivers/clk/clk-aspeed.c +++ b/drivers/clk/clk-aspeed.c @@ -91,8 +91,8 @@ static const struct aspeed_gate_data aspeed_gates[] = { [ASPEED_CLK_GATE_GCLK] = { 1, 7, "gclk-gate", NULL, 0 }, /* 2D engine */ [ASPEED_CLK_GATE_MCLK] = { 2, -1, "mclk-gate", "mpll", CLK_IS_CRITICAL }, /* SDRAM */ [ASPEED_CLK_GATE_VCLK] = { 3, 6, "vclk-gate", NULL, 0 }, /* Video Capture */ - [ASPEED_CLK_GATE_BCLK] = { 4, 8, "bclk-gate", "bclk", 0 }, /* PCIe/PCI */ - [ASPEED_CLK_GATE_DCLK] = { 5, -1, "dclk-gate", NULL, 0 }, /* DAC */ + [ASPEED_CLK_GATE_BCLK] = { 4, 8, "bclk-gate", "bclk", CLK_IS_CRITICAL }, /* PCIe/PCI */ + [ASPEED_CLK_GATE_DCLK] = { 5, -1, "dclk-gate", NULL, CLK_IS_CRITICAL }, /* DAC */ [ASPEED_CLK_GATE_REFCLK] = { 6, -1, "refclk-gate", "clkin", CLK_IS_CRITICAL }, [ASPEED_CLK_GATE_USBPORT2CLK] = { 7, 3, "usb-port2-gate", NULL, 0 }, /* USB2.0 Host port 2 */ [ASPEED_CLK_GATE_LCLK] = { 8, 5, "lclk-gate", NULL, 0 }, /* LPC */ -- 2.17.1

6 years, 11 months

2
1
0 0

[PATCH v2] acpi, nfit: Fix scrub idle detection

by Dan Williams

The notification of scrub completion happens within the scrub workqueue. That can clearly race someone running scrub_show() and work_busy() before the workqueue has a chance to flush the recently completed work. Add a flag to reliably indicate the idle vs busy state. Without this change applications using poll(2) to wait for scrub-completion may falsely wakeup and read ARS as being busy even though the thread is going idle and then hang indefinitely. Fixes: bc6ba8085842 ("nfit, address-range-scrub: rework and simplify ARS...") Cc: <stable(a)vger.kernel.org> Reported-by: Vishal Verma <vishal.l.verma(a)intel.com> Tested-by: Vishal Verma <vishal.l.verma(a)intel.com> Reported-by: Lukasz Dorau <lukasz.dorau(a)intel.com> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- Changes in v2: * Don't touch ->tmo outside of the workqueue itself, it is a private field for the workqueue to manage. (Vishal) drivers/acpi/nfit/core.c | 44 +++++++++++++++++++++++++++++++++----------- drivers/acpi/nfit/nfit.h | 1 + 2 files changed, 34 insertions(+), 11 deletions(-) diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c index 471402cee1f1..b8040fed2a69 100644 --- a/drivers/acpi/nfit/core.c +++ b/drivers/acpi/nfit/core.c @@ -1275,7 +1275,7 @@ static ssize_t scrub_show(struct device *dev, mutex_lock(&acpi_desc->init_mutex); rc = sprintf(buf, "%d%s", acpi_desc->scrub_count, - work_busy(&acpi_desc->dwork.work) + acpi_desc->scrub_busy && !acpi_desc->cancel ? "+\n" : "\n"); mutex_unlock(&acpi_desc->init_mutex); } @@ -2941,6 +2941,32 @@ static unsigned int __acpi_nfit_scrub(struct acpi_nfit_desc *acpi_desc, return 0; } +static void __sched_ars(struct acpi_nfit_desc *acpi_desc, unsigned int tmo) +{ + lockdep_assert_held(&acpi_desc->init_mutex); + + acpi_desc->scrub_busy = 1; + /* note this should only be set from within the workqueue */ + if (tmo) + acpi_desc->scrub_tmo = tmo; + queue_delayed_work(nfit_wq, &acpi_desc->dwork, tmo * HZ); +} + +static void sched_ars(struct acpi_nfit_desc *acpi_desc) +{ + __sched_ars(acpi_desc, 0); +} + +static void notify_ars_done(struct acpi_nfit_desc *acpi_desc) +{ + lockdep_assert_held(&acpi_desc->init_mutex); + + acpi_desc->scrub_busy = 0; + acpi_desc->scrub_count++; + if (acpi_desc->scrub_count_state) + sysfs_notify_dirent(acpi_desc->scrub_count_state); +} + static void acpi_nfit_scrub(struct work_struct *work) { struct acpi_nfit_desc *acpi_desc; @@ -2951,14 +2977,10 @@ static void acpi_nfit_scrub(struct work_struct *work) mutex_lock(&acpi_desc->init_mutex); query_rc = acpi_nfit_query_poison(acpi_desc); tmo = __acpi_nfit_scrub(acpi_desc, query_rc); - if (tmo) { - queue_delayed_work(nfit_wq, &acpi_desc->dwork, tmo * HZ); - acpi_desc->scrub_tmo = tmo; - } else { - acpi_desc->scrub_count++; - if (acpi_desc->scrub_count_state) - sysfs_notify_dirent(acpi_desc->scrub_count_state); - } + if (tmo) + __sched_ars(acpi_desc, tmo); + else + notify_ars_done(acpi_desc); memset(acpi_desc->ars_status, 0, acpi_desc->max_ars); mutex_unlock(&acpi_desc->init_mutex); } @@ -3039,7 +3061,7 @@ static int acpi_nfit_register_regions(struct acpi_nfit_desc *acpi_desc) break; } - queue_delayed_work(nfit_wq, &acpi_desc->dwork, 0); + sched_ars(acpi_desc); return 0; } @@ -3241,7 +3263,7 @@ int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, unsigned long flags) } } if (scheduled) { - queue_delayed_work(nfit_wq, &acpi_desc->dwork, 0); + sched_ars(acpi_desc); dev_dbg(dev, "ars_scan triggered\n"); } mutex_unlock(&acpi_desc->init_mutex); diff --git a/drivers/acpi/nfit/nfit.h b/drivers/acpi/nfit/nfit.h index 7d15856a739f..a97ff42fe311 100644 --- a/drivers/acpi/nfit/nfit.h +++ b/drivers/acpi/nfit/nfit.h @@ -203,6 +203,7 @@ struct acpi_nfit_desc { unsigned int max_ars; unsigned int scrub_count; unsigned int scrub_mode; + unsigned int scrub_busy:1; unsigned int cancel:1; unsigned long dimm_cmd_force_en; unsigned long bus_cmd_force_en;

6 years, 11 months

1
0
0 0

[PATCH] devres: Really align data field to unsigned long long

by Alexey Brodkin

It looks like on most of architectures "data" member of devres struture gets aligned to 8-byte "unsigned long long" boundary as one may expect: if we don't explicitly pack a structure then natural alignment (which matches each member data type) is used. But at least on 32-bit ARC architecture ABI requires "long long" types to be aligned by normal 32-bit word. This makes "data" field aligned to 12 bytes. This is still OK as long as we use 32-bit data only. But once we want to use native atomic64_t type (i.e. when we use special instructions LLOCKD/SCONDD for accessing 64-bit data) we easily hit misaligned access exception. That's because even on CPUs capable of non-aligned data access LL/SC instructions require strict alignment. Signed-off-by: Alexey Brodkin <abrodkin(a)synopsys.com> Cc: stable(a)vger.kernel.org --- drivers/base/devres.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/base/devres.c b/drivers/base/devres.c index f98a097e73f2..35ddc8b66bc9 100644 --- a/drivers/base/devres.c +++ b/drivers/base/devres.c @@ -25,7 +25,7 @@ struct devres_node { struct devres { struct devres_node node; /* -- 3 pointers */ - unsigned long long data[]; /* guarantee ull alignment */ + unsigned long long data[] __aligned(sizeof(unsigned long long)); }; struct devres_group { -- 2.17.1

6 years, 11 months

2
1
0 0

[PATCH] acpi, nfit: Fix scrub idle detection

by Dan Williams

The notification of scrub completion happens within the scrub workqueue. That can clearly race someone running scrub_show() and work_busy() before the workqueue has a chance to flush the recently completed work. Add a flag to reliably indicate the idle vs busy state. Without this change applications using poll(2) to wait for scrub-completion may falsely wakeup and read ARS as being busy even though the thread is going idle and then hang indefinitely. Fixes: bc6ba8085842 ("nfit, address-range-scrub: rework and simplify ARS...") Cc: <stable(a)vger.kernel.org> Reported-by: Vishal Verma <vishal.l.verma(a)intel.com> Reported-by: Lukasz Dorau <lukasz.dorau(a)intel.com> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- drivers/acpi/nfit/core.c | 37 ++++++++++++++++++++++++++----------- drivers/acpi/nfit/nfit.h | 1 + 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c index 471402cee1f1..cd26484d1cee 100644 --- a/drivers/acpi/nfit/core.c +++ b/drivers/acpi/nfit/core.c @@ -1275,7 +1275,7 @@ static ssize_t scrub_show(struct device *dev, mutex_lock(&acpi_desc->init_mutex); rc = sprintf(buf, "%d%s", acpi_desc->scrub_count, - work_busy(&acpi_desc->dwork.work) + acpi_desc->scrub_busy && !acpi_desc->cancel ? "+\n" : "\n"); mutex_unlock(&acpi_desc->init_mutex); } @@ -2941,6 +2941,25 @@ static unsigned int __acpi_nfit_scrub(struct acpi_nfit_desc *acpi_desc, return 0; } +static void sched_ars(struct acpi_nfit_desc *acpi_desc, unsigned int tmo) +{ + lockdep_assert_held(&acpi_desc->init_mutex); + + acpi_desc->scrub_busy = 1; + acpi_desc->scrub_tmo = tmo; + queue_delayed_work(nfit_wq, &acpi_desc->dwork, tmo * HZ); +} + +static void notify_ars_done(struct acpi_nfit_desc *acpi_desc) +{ + lockdep_assert_held(&acpi_desc->init_mutex); + + acpi_desc->scrub_busy = 0; + acpi_desc->scrub_count++; + if (acpi_desc->scrub_count_state) + sysfs_notify_dirent(acpi_desc->scrub_count_state); +} + static void acpi_nfit_scrub(struct work_struct *work) { struct acpi_nfit_desc *acpi_desc; @@ -2951,14 +2970,10 @@ static void acpi_nfit_scrub(struct work_struct *work) mutex_lock(&acpi_desc->init_mutex); query_rc = acpi_nfit_query_poison(acpi_desc); tmo = __acpi_nfit_scrub(acpi_desc, query_rc); - if (tmo) { - queue_delayed_work(nfit_wq, &acpi_desc->dwork, tmo * HZ); - acpi_desc->scrub_tmo = tmo; - } else { - acpi_desc->scrub_count++; - if (acpi_desc->scrub_count_state) - sysfs_notify_dirent(acpi_desc->scrub_count_state); - } + if (tmo) + sched_ars(acpi_desc, tmo); + else + notify_ars_done(acpi_desc); memset(acpi_desc->ars_status, 0, acpi_desc->max_ars); mutex_unlock(&acpi_desc->init_mutex); } @@ -3039,7 +3054,7 @@ static int acpi_nfit_register_regions(struct acpi_nfit_desc *acpi_desc) break; } - queue_delayed_work(nfit_wq, &acpi_desc->dwork, 0); + sched_ars(acpi_desc, 0); return 0; } @@ -3241,7 +3256,7 @@ int acpi_nfit_ars_rescan(struct acpi_nfit_desc *acpi_desc, unsigned long flags) } } if (scheduled) { - queue_delayed_work(nfit_wq, &acpi_desc->dwork, 0); + sched_ars(acpi_desc, 0); dev_dbg(dev, "ars_scan triggered\n"); } mutex_unlock(&acpi_desc->init_mutex); diff --git a/drivers/acpi/nfit/nfit.h b/drivers/acpi/nfit/nfit.h index 7d15856a739f..a97ff42fe311 100644 --- a/drivers/acpi/nfit/nfit.h +++ b/drivers/acpi/nfit/nfit.h @@ -203,6 +203,7 @@ struct acpi_nfit_desc { unsigned int max_ars; unsigned int scrub_count; unsigned int scrub_mode; + unsigned int scrub_busy:1; unsigned int cancel:1; unsigned long dimm_cmd_force_en; unsigned long bus_cmd_force_en;

6 years, 11 months

1
0
0 0

[PATCH] clk: aspeed: Support HPLL strapping on ast2400

by Joel Stanley

The HPLL can be configured through a register (SCU24), however some platforms chose to configure it through the strapping settings and do not use the register. This was not noticed as the logic for bit 18 in SCU24 was confused: set means programmed, but the driver read it as set means strapped. This gives us the correct HPLL value on Palmetto systems, from which most of the peripheral clocks are generated. Fixes: 5eda5d79e4be ("clk: Add clock driver for ASPEED BMC SoCs") Cc: stable(a)vger.kernel.org # v4.15 Reviewed-by: Cédric Le Goater <clg(a)kaod.org> Signed-off-by: Joel Stanley <joel(a)jms.id.au> --- drivers/clk/clk-aspeed.c | 42 +++++++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/drivers/clk/clk-aspeed.c b/drivers/clk/clk-aspeed.c index 38b366b00c57..2ef4ad7bdbdc 100644 --- a/drivers/clk/clk-aspeed.c +++ b/drivers/clk/clk-aspeed.c @@ -24,7 +24,7 @@ #define ASPEED_MPLL_PARAM 0x20 #define ASPEED_HPLL_PARAM 0x24 #define AST2500_HPLL_BYPASS_EN BIT(20) -#define AST2400_HPLL_STRAPPED BIT(18) +#define AST2400_HPLL_PROGRAMMED BIT(18) #define AST2400_HPLL_BYPASS_EN BIT(17) #define ASPEED_MISC_CTRL 0x2c #define UART_DIV13_EN BIT(12) @@ -565,29 +565,45 @@ builtin_platform_driver(aspeed_clk_driver); static void __init aspeed_ast2400_cc(struct regmap *map) { struct clk_hw *hw; - u32 val, freq, div; + u32 val, div, clkin, hpll; + const u16 hpll_rates[][4] = { + {384, 360, 336, 408}, + {400, 375, 350, 425}, + }; + int rate; /* * CLKIN is the crystal oscillator, 24, 48 or 25MHz selected by * strapping */ regmap_read(map, ASPEED_STRAP, &val); - if (val & CLKIN_25MHZ_EN) - freq = 25000000; - else if (val & AST2400_CLK_SOURCE_SEL) - freq = 48000000; - else - freq = 24000000; - hw = clk_hw_register_fixed_rate(NULL, "clkin", NULL, 0, freq); - pr_debug("clkin @%u MHz\n", freq / 1000000); + rate = (val >> 8) & 3; + if (val & CLKIN_25MHZ_EN) { + clkin = 25000000; + hpll = hpll_rates[1][rate]; + } else if (val & AST2400_CLK_SOURCE_SEL) { + clkin = 48000000; + hpll = hpll_rates[0][rate]; + } else { + clkin = 24000000; + hpll = hpll_rates[0][rate]; + } + hw = clk_hw_register_fixed_rate(NULL, "clkin", NULL, 0, clkin); + pr_debug("clkin @%u MHz\n", clkin / 1000000); /* * High-speed PLL clock derived from the crystal. This the CPU clock, - * and we assume that it is enabled + * and we assume that it is enabled. It can be configured through the + * HPLL_PARAM register, or set to a specified frequency by strapping. */ regmap_read(map, ASPEED_HPLL_PARAM, &val); - WARN(val & AST2400_HPLL_STRAPPED, "hpll is strapped not configured"); - aspeed_clk_data->hws[ASPEED_CLK_HPLL] = aspeed_ast2400_calc_pll("hpll", val); + if (val & AST2400_HPLL_PROGRAMMED) + hw = aspeed_ast2400_calc_pll("hpll", val); + else + hw = clk_hw_register_fixed_rate(NULL, "hpll", "clkin", 0, + hpll * 1000000); + + aspeed_clk_data->hws[ASPEED_CLK_HPLL] = hw; /* * Strap bits 11:10 define the CPU/AHB clock frequency ratio (aka HCLK) -- 2.17.1

6 years, 11 months

2
1
0 0

patch "misc: sram: fix resource leaks in probe error path" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled misc: sram: fix resource leaks in probe error path to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From f294d00961d1d869ecffa60e280eeeee1ccf9a49 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Tue, 3 Jul 2018 12:05:47 +0200 Subject: misc: sram: fix resource leaks in probe error path Make sure to disable clocks and deregister any exported partitions before returning on late probe errors. Note that since commit ee895ccdf776 ("misc: sram: fix enabled clock leak on error path"), partitions are deliberately exported before enabling the clock so we stick to that logic here. A follow up patch will address this. Fixes: 2ae2e28852f2 ("misc: sram: add Atmel securam support") Cc: stable <stable(a)vger.kernel.org> # 4.9 Cc: Alexandre Belloni <alexandre.belloni(a)free-electrons.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/sram.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/misc/sram.c b/drivers/misc/sram.c index c5dc6095686a..679647713e36 100644 --- a/drivers/misc/sram.c +++ b/drivers/misc/sram.c @@ -407,13 +407,20 @@ static int sram_probe(struct platform_device *pdev) if (init_func) { ret = init_func(); if (ret) - return ret; + goto err_disable_clk; } dev_dbg(sram->dev, "SRAM pool: %zu KiB @ 0x%p\n", gen_pool_size(sram->pool) / 1024, sram->virt_base); return 0; + +err_disable_clk: + if (sram->clk) + clk_disable_unprepare(sram->clk); + sram_free_partitions(sram); + + return ret; } static int sram_remove(struct platform_device *pdev) -- 2.18.0

6 years, 11 months

1
0
0 0

patch "staging: r8822be: Fix RTL8822be can't find any wireless AP" added to staging-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: r8822be: Fix RTL8822be can't find any wireless AP to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From d59d2f9995d28974877750f429e821324bd603c7 Mon Sep 17 00:00:00 2001 From: Ping-Ke Shih <pkshih(a)realtek.com> Date: Fri, 6 Jul 2018 13:44:35 +0800 Subject: staging: r8822be: Fix RTL8822be can't find any wireless AP RTL8822be can't bring up properly on ASUS X530UN, and dmesg says: [ 8.591333] r8822be: module is from the staging directory, the quality is unknown, you have been warned. [ 8.593122] r8822be 0000:02:00.0: enabling device (0000 -> 0003) [ 8.669163] r8822be: Using firmware rtlwifi/rtl8822befw.bin [ 9.289939] r8822be: rtlwifi: wireless switch is on [ 10.056426] r8822be 0000:02:00.0 wlp2s0: renamed from wlan0 ... [ 11.952534] r8822be: halmac_init_hal failed [ 11.955933] r8822be: halmac_init_hal failed [ 11.956227] r8822be: halmac_init_hal failed [ 22.007942] r8822be: halmac_init_hal failed Jian-Hong reported it works if turn off ASPM with module parameter aspm=0. In order to fix this problem kindly, this commit don't turn off aspm but enlarge ASPM L1 latency to 7. Reported-by: Jian-Hong Pan <jian-hong(a)endlessm.com> Tested-by: Jian-Hong Pan <jian-hong(a)endlessm.com> Signed-off-by: Ping-Ke Shih <pkshih(a)realtek.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/rtlwifi/rtl8822be/hw.c | 2 +- drivers/staging/rtlwifi/wifi.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/staging/rtlwifi/rtl8822be/hw.c b/drivers/staging/rtlwifi/rtl8822be/hw.c index 7947edb239a1..88ba5b2fea6a 100644 --- a/drivers/staging/rtlwifi/rtl8822be/hw.c +++ b/drivers/staging/rtlwifi/rtl8822be/hw.c @@ -803,7 +803,7 @@ static void _rtl8822be_enable_aspm_back_door(struct ieee80211_hw *hw) return; pci_read_config_byte(rtlpci->pdev, 0x70f, &tmp); - pci_write_config_byte(rtlpci->pdev, 0x70f, tmp | BIT(7)); + pci_write_config_byte(rtlpci->pdev, 0x70f, tmp | ASPM_L1_LATENCY << 3); pci_read_config_byte(rtlpci->pdev, 0x719, &tmp); pci_write_config_byte(rtlpci->pdev, 0x719, tmp | BIT(3) | BIT(4)); diff --git a/drivers/staging/rtlwifi/wifi.h b/drivers/staging/rtlwifi/wifi.h index 012fb618840b..a45f0eb69d3f 100644 --- a/drivers/staging/rtlwifi/wifi.h +++ b/drivers/staging/rtlwifi/wifi.h @@ -88,6 +88,7 @@ #define RTL_USB_MAX_RX_COUNT 100 #define QBSS_LOAD_SIZE 5 #define MAX_WMMELE_LENGTH 64 +#define ASPM_L1_LATENCY 7 #define TOTAL_CAM_ENTRY 32 -- 2.18.0

6 years, 11 months

1
0
0 0

patch "USB: yurex: fix out-of-bounds uaccess in read handler" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: yurex: fix out-of-bounds uaccess in read handler to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From f1e255d60ae66a9f672ff9a207ee6cd8e33d2679 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Fri, 6 Jul 2018 17:12:56 +0200 Subject: USB: yurex: fix out-of-bounds uaccess in read handler In general, accessing userspace memory beyond the length of the supplied buffer in VFS read/write handlers can lead to both kernel memory corruption (via kernel_read()/kernel_write(), which can e.g. be triggered via sys_splice()) and privilege escalation inside userspace. Fix it by using simple_read_from_buffer() instead of custom logic. Fixes: 6bc235a2e24a ("USB: add driver for Meywa-Denki & Kayac YUREX") Signed-off-by: Jann Horn <jannh(a)google.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/misc/yurex.c | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/drivers/usb/misc/yurex.c b/drivers/usb/misc/yurex.c index 8abb6cbbd98a..3be40eaa1ac9 100644 --- a/drivers/usb/misc/yurex.c +++ b/drivers/usb/misc/yurex.c @@ -396,8 +396,7 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, loff_t *ppos) { struct usb_yurex *dev; - int retval = 0; - int bytes_read = 0; + int len = 0; char in_buffer[20]; unsigned long flags; @@ -405,26 +404,16 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, mutex_lock(&dev->io_mutex); if (!dev->interface) { /* already disconnected */ - retval = -ENODEV; - goto exit; + mutex_unlock(&dev->io_mutex); + return -ENODEV; } spin_lock_irqsave(&dev->lock, flags); - bytes_read = snprintf(in_buffer, 20, "%lld\n", dev->bbu); + len = snprintf(in_buffer, 20, "%lld\n", dev->bbu); spin_unlock_irqrestore(&dev->lock, flags); - - if (*ppos < bytes_read) { - if (copy_to_user(buffer, in_buffer + *ppos, bytes_read - *ppos)) - retval = -EFAULT; - else { - retval = bytes_read - *ppos; - *ppos += bytes_read; - } - } - -exit: mutex_unlock(&dev->io_mutex); - return retval; + + return simple_read_from_buffer(buffer, count, ppos, in_buffer, len); } static ssize_t yurex_write(struct file *file, const char __user *user_buffer, -- 2.18.0

6 years, 11 months

1
0
0 0

patch "misc: sram: fix resource leaks in probe error path" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled misc: sram: fix resource leaks in probe error path to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From f294d00961d1d869ecffa60e280eeeee1ccf9a49 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Tue, 3 Jul 2018 12:05:47 +0200 Subject: misc: sram: fix resource leaks in probe error path Make sure to disable clocks and deregister any exported partitions before returning on late probe errors. Note that since commit ee895ccdf776 ("misc: sram: fix enabled clock leak on error path"), partitions are deliberately exported before enabling the clock so we stick to that logic here. A follow up patch will address this. Fixes: 2ae2e28852f2 ("misc: sram: add Atmel securam support") Cc: stable <stable(a)vger.kernel.org> # 4.9 Cc: Alexandre Belloni <alexandre.belloni(a)free-electrons.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/sram.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/misc/sram.c b/drivers/misc/sram.c index c5dc6095686a..679647713e36 100644 --- a/drivers/misc/sram.c +++ b/drivers/misc/sram.c @@ -407,13 +407,20 @@ static int sram_probe(struct platform_device *pdev) if (init_func) { ret = init_func(); if (ret) - return ret; + goto err_disable_clk; } dev_dbg(sram->dev, "SRAM pool: %zu KiB @ 0x%p\n", gen_pool_size(sram->pool) / 1024, sram->virt_base); return 0; + +err_disable_clk: + if (sram->clk) + clk_disable_unprepare(sram->clk); + sram_free_partitions(sram); + + return ret; } static int sram_remove(struct platform_device *pdev) -- 2.18.0

6 years, 11 months

1
0
0 0

patch "xhci: xhci-mem: off by one in xhci_stream_id_to_ring()" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xhci: xhci-mem: off by one in xhci_stream_id_to_ring() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 313db3d6488bb03b61b99de9dbca061f1fd838e1 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Wed, 4 Jul 2018 12:48:53 +0300 Subject: xhci: xhci-mem: off by one in xhci_stream_id_to_ring() The > should be >= here so that we don't read one element beyond the end of the ep->stream_info->stream_rings[] array. Fixes: e9df17eb1408 ("USB: xhci: Correct assumptions about number of rings per endpoint.") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/xhci-mem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 8a62eee9eee1..ef350c33dc4a 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -595,7 +595,7 @@ struct xhci_ring *xhci_stream_id_to_ring( if (!ep->stream_info) return NULL; - if (stream_id > ep->stream_info->num_streams) + if (stream_id >= ep->stream_info->num_streams) return NULL; return ep->stream_info->stream_rings[stream_id]; } -- 2.18.0

6 years, 11 months

1
0
0 0

patch "usb: quirks: add delay quirks for Corsair Strafe" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: quirks: add delay quirks for Corsair Strafe to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From bba57eddadda936c94b5dccf73787cb9e159d0a5 Mon Sep 17 00:00:00 2001 From: Nico Sneck <snecknico(a)gmail.com> Date: Mon, 2 Jul 2018 19:26:07 +0300 Subject: usb: quirks: add delay quirks for Corsair Strafe Corsair Strafe appears to suffer from the same issues as the Corsair Strafe RGB. Apply the same quirks (control message delay and init delay) that the RGB version has to 1b1c:1b15. With these quirks in place the keyboard works correctly upon booting the system, and no longer requires reattaching the device. Signed-off-by: Nico Sneck <snecknico(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/quirks.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c index c55def2f1320..097057d2eacf 100644 --- a/drivers/usb/core/quirks.c +++ b/drivers/usb/core/quirks.c @@ -378,6 +378,10 @@ static const struct usb_device_id usb_quirk_list[] = { /* Corsair K70 RGB */ { USB_DEVICE(0x1b1c, 0x1b13), .driver_info = USB_QUIRK_DELAY_INIT }, + /* Corsair Strafe */ + { USB_DEVICE(0x1b1c, 0x1b15), .driver_info = USB_QUIRK_DELAY_INIT | + USB_QUIRK_DELAY_CTRL_MSG }, + /* Corsair Strafe RGB */ { USB_DEVICE(0x1b1c, 0x1b20), .driver_info = USB_QUIRK_DELAY_INIT | USB_QUIRK_DELAY_CTRL_MSG }, -- 2.18.0

6 years, 11 months

1
0
0 0

patch "USB: serial: mos7840: fix status-register error handling" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: mos7840: fix status-register error handling to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 794744abfffef8b1f3c0c8a4896177d6d13d653d Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Wed, 4 Jul 2018 17:02:17 +0200 Subject: USB: serial: mos7840: fix status-register error handling Add missing transfer-length sanity check to the status-register completion handler to avoid leaking bits of uninitialised slab data to user space. Fixes: 3f5429746d91 ("USB: Moschip 7840 USB-Serial Driver") Cc: stable <stable(a)vger.kernel.org> # 2.6.19 Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/mos7840.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c index fdceb46d9fc6..b580b4c7fa48 100644 --- a/drivers/usb/serial/mos7840.c +++ b/drivers/usb/serial/mos7840.c @@ -468,6 +468,9 @@ static void mos7840_control_callback(struct urb *urb) } dev_dbg(dev, "%s urb buffer size is %d\n", __func__, urb->actual_length); + if (urb->actual_length < 1) + goto out; + dev_dbg(dev, "%s mos7840_port->MsrLsr is %d port %d\n", __func__, mos7840_port->MsrLsr, mos7840_port->port_num); data = urb->transfer_buffer; -- 2.18.0

6 years, 11 months

1
0
0 0

patch "USB: serial: ch341: fix type promotion bug in ch341_control_in()" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: ch341: fix type promotion bug in ch341_control_in() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From e33eab9ded328ccc14308afa51b5be7cbe78d30b Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Wed, 4 Jul 2018 12:29:38 +0300 Subject: USB: serial: ch341: fix type promotion bug in ch341_control_in() The "r" variable is an int and "bufsize" is an unsigned int so the comparison is type promoted to unsigned. If usb_control_msg() returns a negative that is treated as a high positive value and the error handling doesn't work. Fixes: 2d5a9c72d0c4 ("USB: serial: ch341: fix control-message error handling") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/ch341.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/serial/ch341.c b/drivers/usb/serial/ch341.c index bdd7a5ad3bf1..3bb1fff02bed 100644 --- a/drivers/usb/serial/ch341.c +++ b/drivers/usb/serial/ch341.c @@ -128,7 +128,7 @@ static int ch341_control_in(struct usb_device *dev, r = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), request, USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN, value, index, buf, bufsize, DEFAULT_TIMEOUT); - if (r < bufsize) { + if (r < (int)bufsize) { if (r >= 0) { dev_err(&dev->dev, "short control message received (%d < %u)\n", -- 2.18.0

6 years, 11 months

1
0
0 0

patch "USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 367b160fe4717c14a2a978b6f9ffb75a7762d3ed Mon Sep 17 00:00:00 2001 From: Olli Salonen <olli.salonen(a)iki.fi> Date: Wed, 4 Jul 2018 14:07:42 +0300 Subject: USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick There are two versions of the Qivicon Zigbee stick in circulation. This adds the second USB ID to the cp210x driver. Signed-off-by: Olli Salonen <olli.salonen(a)iki.fi> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/cp210x.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c index ee0cc1d90b51..626a29d9aa58 100644 --- a/drivers/usb/serial/cp210x.c +++ b/drivers/usb/serial/cp210x.c @@ -149,6 +149,7 @@ static const struct usb_device_id id_table[] = { { USB_DEVICE(0x10C4, 0x8977) }, /* CEL MeshWorks DevKit Device */ { USB_DEVICE(0x10C4, 0x8998) }, /* KCF Technologies PRN */ { USB_DEVICE(0x10C4, 0x89A4) }, /* CESINEL FTBC Flexible Thyristor Bridge Controller */ + { USB_DEVICE(0x10C4, 0x89FB) }, /* Qivicon ZigBee USB Radio Stick */ { USB_DEVICE(0x10C4, 0x8A2A) }, /* HubZ dual ZigBee and Z-Wave dongle */ { USB_DEVICE(0x10C4, 0x8A5E) }, /* CEL EM3588 ZigBee USB Stick Long Range */ { USB_DEVICE(0x10C4, 0x8B34) }, /* Qivicon ZigBee USB Radio Stick */ -- 2.18.0

6 years, 11 months

1
0
0 0

patch "USB: serial: keyspan_pda: fix modem-status error handling" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: keyspan_pda: fix modem-status error handling to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 01b3cdfca263a17554f7b249d20a247b2a751521 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Wed, 4 Jul 2018 17:02:16 +0200 Subject: USB: serial: keyspan_pda: fix modem-status error handling Fix broken modem-status error handling which could lead to bits of slab data leaking to user space. Fixes: 3b36a8fd6777 ("usb: fix uninitialized variable warning in keyspan_pda") Cc: stable <stable(a)vger.kernel.org> # 2.6.27 Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/keyspan_pda.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/serial/keyspan_pda.c b/drivers/usb/serial/keyspan_pda.c index 5169624d8b11..38d43c4b7ce5 100644 --- a/drivers/usb/serial/keyspan_pda.c +++ b/drivers/usb/serial/keyspan_pda.c @@ -369,8 +369,10 @@ static int keyspan_pda_get_modem_info(struct usb_serial *serial, 3, /* get pins */ USB_TYPE_VENDOR|USB_RECIP_INTERFACE|USB_DIR_IN, 0, 0, data, 1, 2000); - if (rc >= 0) + if (rc == 1) *value = *data; + else if (rc >= 0) + rc = -EIO; kfree(data); return rc; -- 2.18.0

6 years, 11 months

1
0
0 0

Re: Patch "drm/amd/display: release spinlock before committing updates to stream" has been added to the 4.17-stable tree

by Andrey Grodzovsky

This patch is wrong as noted by MIchel a while ago - quote from his review of the patch. "Actually, pflip_status should really only be set to AMDGPU_FLIP_SUBMITTED after the flip has been programmed to the hardware, at least as far as the lock holder is concerned. That's why the code was previously holding the lock until after the dc_commit_updates_for_stream call. Otherwise, it's at least theoretically possible that either: * dm_pflip_high_irq is called before dc_commit_updates_for_stream, but sees flip_status == AMDGPU_FLIP_SUBMITTED and sends the event to userspace prematurely * dm_pflip_high_irq is called after dc_commit_updates_for_stream, but sees flip_status != AMDGPU_FLIP_SUBMITTED, so it incorrectly doesn't send the event to userspace " It shouldn't go in. Andrey On 07/05/2018 11:59 AM, gregkh(a)linuxfoundation.org wrote: > This is a note to let you know that I've just added the patch titled > > drm/amd/display: release spinlock before committing updates to stream > > to the 4.17-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > drm-amd-display-release-spinlock-before-committing-updates-to-stream.patch > and it can be found in the queue-4.17 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > From 4de9f38bb2cce3a4821ffb8a83d6b08f6e37d905 Mon Sep 17 00:00:00 2001 > From: Shirish S <shirish.s(a)amd.com> > Date: Tue, 26 Jun 2018 09:32:39 +0530 > Subject: drm/amd/display: release spinlock before committing updates to stream > MIME-Version: 1.0 > Content-Type: text/plain; charset=UTF-8 > Content-Transfer-Encoding: 8bit > > From: Shirish S <shirish.s(a)amd.com> > > commit 4de9f38bb2cce3a4821ffb8a83d6b08f6e37d905 upstream. > > Currently, amdgpu_do_flip() spinlocks crtc->dev->event_lock and > releases it only after committing updates to the stream. > > dc_commit_updates_for_stream() should be moved out of > spinlock for the below reasons: > > 1. event_lock is supposed to protect access to acrct->pflip_status _only_ > 2. dc_commit_updates_for_stream() has potential sleep's > and also its not appropriate to be in an atomic state > for such long sequences of code. > > Signed-off-by: Shirish S <shirish.s(a)amd.com> > Suggested-by: Andrey Grodzovsky <andrey.grodzovsky(a)amd.com> > Reviewed-by: Michel Dänzer <michel.daenzer(a)amd.com> > Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> > Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> > Cc: stable(a)vger.kernel.org > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > > --- > drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c > +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c > @@ -3967,10 +3967,11 @@ static void amdgpu_dm_do_flip(struct drm > if (acrtc->base.state->event) > prepare_flip_isr(acrtc); > > + spin_unlock_irqrestore(&crtc->dev->event_lock, flags); > + > surface_updates->surface = dc_stream_get_status(acrtc_state->stream)->plane_states[0]; > surface_updates->flip_addr = &addr; > > - > dc_commit_updates_for_stream(adev->dm.dc, > surface_updates, > 1, > @@ -3983,9 +3984,6 @@ static void amdgpu_dm_do_flip(struct drm > __func__, > addr.address.grph.addr.high_part, > addr.address.grph.addr.low_part); > - > - > - spin_unlock_irqrestore(&crtc->dev->event_lock, flags); > } > > static void amdgpu_dm_commit_planes(struct drm_atomic_state *state, > > > Patches currently in stable-queue which might be from shirish.s(a)amd.com are > > queue-4.17/drm-amdgpu-add-apu-support-in-vi_set_vce_clocks.patch > queue-4.17/drm-amdgpu-add-apu-support-in-vi_set_uvd_clocks.patch > queue-4.17/drm-amd-display-release-spinlock-before-committing-updates-to-stream.patch

6 years, 11 months

4
5
0 0

[PATCH] soc: qcom: rmtfs-mem: fix memleak in probe error paths

by Johan Hovold

Make sure to set the mem device release callback before calling put_device() in a couple of probe error paths so that the containing object also gets freed. Fixes: d1de6d6c639b ("soc: qcom: Remote filesystem memory driver") Cc: stable <stable(a)vger.kernel.org> # 4.15 Cc: Bjorn Andersson <bjorn.andersson(a)linaro.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/soc/qcom/rmtfs_mem.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/soc/qcom/rmtfs_mem.c b/drivers/soc/qcom/rmtfs_mem.c index c8999e38b005..8a3678c2e83c 100644 --- a/drivers/soc/qcom/rmtfs_mem.c +++ b/drivers/soc/qcom/rmtfs_mem.c @@ -184,6 +184,7 @@ static int qcom_rmtfs_mem_probe(struct platform_device *pdev) device_initialize(&rmtfs_mem->dev); rmtfs_mem->dev.parent = &pdev->dev; rmtfs_mem->dev.groups = qcom_rmtfs_mem_groups; + rmtfs_mem->dev.release = qcom_rmtfs_mem_release_device; rmtfs_mem->base = devm_memremap(&rmtfs_mem->dev, rmtfs_mem->addr, rmtfs_mem->size, MEMREMAP_WC); @@ -206,8 +207,6 @@ static int qcom_rmtfs_mem_probe(struct platform_device *pdev) goto put_device; } - rmtfs_mem->dev.release = qcom_rmtfs_mem_release_device; - ret = of_property_read_u32(node, "qcom,vmid", &vmid); if (ret < 0 && ret != -EINVAL) { dev_err(&pdev->dev, "failed to parse qcom,vmid\n"); -- 2.17.1

6 years, 11 months

1
1
0 0

[PATCH] ALSA: hda/realtek - two more lenovo models need fixup of MIC_LOCATION

by Hui Wang

We have two new lenovo desktop models which need to apply the fixup of ALC294_FIXUP_LENOVO_MIC_LOCATION, and they have the same pin cfg as the machine with subsystem id:0x17aa3136, now use the pincfg table to apply the fixup for them. Cc: <stable(a)vger.kernel.org> Signed-off-by: Hui Wang <hui.wang(a)canonical.com> --- sound/pci/hda/patch_realtek.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index 63154b9..666713e 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -6556,7 +6556,6 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x17aa, 0x310c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), SND_PCI_QUIRK(0x17aa, 0x312a, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), SND_PCI_QUIRK(0x17aa, 0x312f, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), - SND_PCI_QUIRK(0x17aa, 0x3136, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), SND_PCI_QUIRK(0x17aa, 0x313c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), SND_PCI_QUIRK(0x17aa, 0x3902, "Lenovo E50-80", ALC269_FIXUP_DMIC_THINKPAD_ACPI), SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC), @@ -6822,6 +6821,11 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = { {0x1a, 0x02a11040}, {0x1b, 0x01014020}, {0x21, 0x0221101f}), + SND_HDA_PIN_QUIRK(0x10ec0235, 0x17aa, "Lenovo", ALC294_FIXUP_LENOVO_MIC_LOCATION, + {0x14, 0x90170110}, + {0x19, 0x02a11020}, + {0x1a, 0x02a11030}, + {0x21, 0x0221101f}), SND_HDA_PIN_QUIRK(0x10ec0236, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE, {0x12, 0x90a60140}, {0x14, 0x90170110}, -- 2.7.4

6 years, 11 months

2
1
0 0

Sitio web

by David Carreras

Estimados/as señores/as: Tras realizar un análisis previo de tu página web hemos descubierto errores en el código que influyen de manera significativa en la baja posición de tu página en buscadores, incluido Googl Les proponemos la optimización de su página web sin necesidad de contrato, de pagos mensuales, sin costes ocultos y sin penalizaciones por rescisión de contrato. Se trata de una de las mejores ofertas que existe actualmente en el mercado. La optimización de la página de su empresa consiste en hacer que resulte más fácil de encontrar para los buscadores, mejorando así su posición en el ranking de Google y otros buscadores. Les invitamos a visitar nuestra página web: http://www.webanalytics-google.com David Carreras. WebAnalytics

6 years, 11 months

1
0
0 0

[stable-4.14 0/6] md fixes for 4.14

by Jack Wang

Hi Greg, We hit a panic in 4.14.43 with md raid1. It's easy to reproduce with a test case, running Fio, and doing mdadm --grow bitmap=none /dev/mdx && mdadm --grow bitmap=internal /dev/mdx in a loop. With following patches applied, we can no longer reproduce the problem. Please consider to apply the patches to 4.14, they can be applied cleanly on 4.14.52. Cheers, Jack NeilBrown (6): md: always hold reconfig_mutex when calling mddev_suspend() md: don't call bitmap_create() while array is quiesced. md: move suspend_hi/lo handling into core md code md: use mddev_suspend/resume instead of ->quiesce() md: allow metadata update while suspending. md: remove special meaning of ->quiesce(.., 2) drivers/md/dm-raid.c | 10 ++++-- drivers/md/md-cluster.c | 6 ++-- drivers/md/md.c | 90 ++++++++++++++++++++++++++++++------------------ drivers/md/md.h | 15 +++++--- drivers/md/raid0.c | 2 +- drivers/md/raid1.c | 27 +++++---------- drivers/md/raid10.c | 10 ++---- drivers/md/raid5-cache.c | 30 ++++++++++------ drivers/md/raid5-log.h | 2 +- drivers/md/raid5.c | 40 ++++----------------- 10 files changed, 116 insertions(+), 116 deletions(-) -- 2.7.4

6 years, 11 months

3
8
0 0

[PATCH 6/6] tracing: Fix missing return symbol in function_graph output

by Steven Rostedt

From: Changbin Du <changbin.du(a)intel.com> The function_graph tracer does not show the interrupt return marker for the leaf entry. On leaf entries, we see an unbalanced interrupt marker (the interrupt was entered, but nevern left). Before: 1) | SyS_write() { 1) | __fdget_pos() { 1) 0.061 us | __fget_light(); 1) 0.289 us | } 1) | vfs_write() { 1) 0.049 us | rw_verify_area(); 1) + 15.424 us | __vfs_write(); 1) ==========> | 1) 6.003 us | smp_apic_timer_interrupt(); 1) 0.055 us | __fsnotify_parent(); 1) 0.073 us | fsnotify(); 1) + 23.665 us | } 1) + 24.501 us | } After: 0) | SyS_write() { 0) | __fdget_pos() { 0) 0.052 us | __fget_light(); 0) 0.328 us | } 0) | vfs_write() { 0) 0.057 us | rw_verify_area(); 0) | __vfs_write() { 0) ==========> | 0) 8.548 us | smp_apic_timer_interrupt(); 0) <========== | 0) + 36.507 us | } /* __vfs_write */ 0) 0.049 us | __fsnotify_parent(); 0) 0.066 us | fsnotify(); 0) + 50.064 us | } 0) + 50.952 us | } Link: http://lkml.kernel.org/r/1517413729-20411-1-git-send-email-changbin.du@inte… Cc: stable(a)vger.kernel.org Fixes: f8b755ac8e0cc ("tracing/function-graph-tracer: Output arrows signal on hardirq call/return") Signed-off-by: Changbin Du <changbin.du(a)intel.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_functions_graph.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c index 23c0b0cb5fb9..169b3c44ee97 100644 --- a/kernel/trace/trace_functions_graph.c +++ b/kernel/trace/trace_functions_graph.c @@ -831,6 +831,7 @@ print_graph_entry_leaf(struct trace_iterator *iter, struct ftrace_graph_ret *graph_ret; struct ftrace_graph_ent *call; unsigned long long duration; + int cpu = iter->cpu; int i; graph_ret = &ret_entry->ret; @@ -839,7 +840,6 @@ print_graph_entry_leaf(struct trace_iterator *iter, if (data) { struct fgraph_cpu_data *cpu_data; - int cpu = iter->cpu; cpu_data = per_cpu_ptr(data->cpu_data, cpu); @@ -869,6 +869,9 @@ print_graph_entry_leaf(struct trace_iterator *iter, trace_seq_printf(s, "%ps();\n", (void *)call->func); + print_graph_irq(iter, graph_ret->func, TRACE_GRAPH_RET, + cpu, iter->ent->pid, flags); + return trace_handle_return(s); } -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH 1/6] tracing: Avoid string overflow

by Steven Rostedt

From: Arnd Bergmann <arnd(a)arndb.de> 'err' is used as a NUL-terminated string, but using strncpy() with the length equal to the buffer size may result in lack of the termination: kernel/trace/trace_events_hist.c: In function 'hist_err_event': kernel/trace/trace_events_hist.c:396:3: error: 'strncpy' specified bound 256 equals destination size [-Werror=stringop-truncation] strncpy(err, var, MAX_FILTER_STR_VAL); This changes it to use the safer strscpy() instead. Link: http://lkml.kernel.org/r/20180328140920.2842153-1-arnd@arndb.de Cc: stable(a)vger.kernel.org Fixes: f404da6e1d46 ("tracing: Add 'last error' error facility for hist triggers") Acked-by: Tom Zanussi <tom.zanussi(a)linux.intel.com> Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_events_hist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 046c716a6536..aae18af94c94 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -393,7 +393,7 @@ static void hist_err_event(char *str, char *system, char *event, char *var) else if (system) snprintf(err, MAX_FILTER_STR_VAL, "%s.%s", system, event); else - strncpy(err, var, MAX_FILTER_STR_VAL); + strscpy(err, var, MAX_FILTER_STR_VAL); hist_err(str, err); } -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH] arm64: dts: stratix10: Fix SPI nodes for Stratix10

by thor.thayer＠linux.intel.com

From: Thor Thayer <thor.thayer(a)linux.intel.com> Patch did not apply cleanly to 4.9 and 4.14 stable branches because of additional node properties added after 4.14. So backport patch and cleanup commit 4595299c5eae ("arm64: dts: stratix10: Fix SPI nodes for Stratix10") Remove the unused bus-num node and change num-chipselect to num-cs to match SPI bindings. Cc: stable(a)vger.kernel.org # 4.14.x Cc: stable(a)vger.kernel.org # 4.9.x Fixes: 78cd6a9d8e154 ("arm64: dts: Add base stratix 10 dtsi") Signed-off-by: Thor Thayer <thor.thayer(a)linux.intel.com> Signed-off-by: Dinh Nguyen <dinguyen(a)kernel.org> Signed-off-by: Olof Johansson <olof(a)lixom.net> --- arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi index c2b9bcb0ef61..57f75453ee93 100644 --- a/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi +++ b/arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi @@ -231,8 +231,7 @@ #size-cells = <0>; reg = <0xffda4000 0x1000>; interrupts = <0 101 4>; - num-chipselect = <4>; - bus-num = <0>; + num-cs = <4>; status = "disabled"; }; @@ -242,8 +241,7 @@ #size-cells = <0>; reg = <0xffda5000 0x1000>; interrupts = <0 102 4>; - num-chipselect = <4>; - bus-num = <0>; + num-cs = <4>; status = "disabled"; }; -- 2.7.4

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] dm: prevent DAX mounts if not supported" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From dbc626597c39b24cefce09fbd8e9dea85869a801 Mon Sep 17 00:00:00 2001 From: Ross Zwisler <ross.zwisler(a)linux.intel.com> Date: Tue, 26 Jun 2018 16:30:41 -0600 Subject: [PATCH] dm: prevent DAX mounts if not supported Currently device_supports_dax() just checks to see if the QUEUE_FLAG_DAX flag is set on the device's request queue to decide whether or not the device supports filesystem DAX. Really we should be using bdev_dax_supported() like filesystems do at mount time. This performs other tests like checking to make sure the dax_direct_access() path works. We also explicitly clear QUEUE_FLAG_DAX on the DM device's request queue if any of the underlying devices do not support DAX. This makes the handling of QUEUE_FLAG_DAX consistent with the setting/clearing of most other flags in dm_table_set_restrictions(). Now that bdev_dax_supported() explicitly checks for QUEUE_FLAG_DAX, this will ensure that filesystems built upon DM devices will only be able to mount with DAX if all underlying devices also support DAX. Signed-off-by: Ross Zwisler <ross.zwisler(a)linux.intel.com> Fixes: commit 545ed20e6df6 ("dm: add infrastructure for DAX support") Cc: stable(a)vger.kernel.org Acked-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Toshi Kani <toshi.kani(a)hpe.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c index 938766794c2e..3d0e2c198f06 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -885,9 +885,7 @@ EXPORT_SYMBOL_GPL(dm_table_set_type); static int device_supports_dax(struct dm_target *ti, struct dm_dev *dev, sector_t start, sector_t len, void *data) { - struct request_queue *q = bdev_get_queue(dev->bdev); - - return q && blk_queue_dax(q); + return bdev_dax_supported(dev->bdev, PAGE_SIZE); } static bool dm_table_supports_dax(struct dm_table *t) @@ -1907,6 +1905,9 @@ void dm_table_set_restrictions(struct dm_table *t, struct request_queue *q, if (dm_table_supports_dax(t)) blk_queue_flag_set(QUEUE_FLAG_DAX, q); + else + blk_queue_flag_clear(QUEUE_FLAG_DAX, q); + if (dm_table_supports_dax_write_cache(t)) dax_write_cache(t->md->dax_dev, true); diff --git a/drivers/md/dm.c b/drivers/md/dm.c index a3b103e8e3ce..b0dd7027848b 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -1056,8 +1056,7 @@ static long dm_dax_direct_access(struct dax_device *dax_dev, pgoff_t pgoff, if (len < 1) goto out; nr_pages = min(len, nr_pages); - if (ti->type->direct_access) - ret = ti->type->direct_access(ti, pgoff, nr_pages, kaddr, pfn); + ret = ti->type->direct_access(ti, pgoff, nr_pages, kaddr, pfn); out: dm_put_live_table(md, srcu_idx);

6 years, 11 months

2
1
0 0

[PATCH] MIPS: Fix ioremap() RAM check

by Paul Burton

We currently attempt to check whether a physical address range provided to __ioremap() may be in use by the page allocator by examining the value of PageReserved for each page in the region - lowmem pages not marked reserved are presumed to be in use by the page allocator, and requests to ioremap them fail. The way we check this has been broken since commit 92923ca3aace ("mm: meminit: only set page reserved in the memblock region"), because memblock will typically not have any knowledge of non-RAM pages and therefore those pages will not have the PageReserved flag set. Thus when we attempt to ioremap a region outside of RAM we incorrectly fail believing that the region is RAM that may be in use. In most cases ioremap() on MIPS will take a fast-path to use the unmapped kseg1 or xkphys virtual address spaces and never hit this path, so the only way to hit it is for a MIPS32 system to attempt to ioremap() an address range in lowmem with flags other than _CACHE_UNCACHED. Perhaps the most straightforward way to do this is using ioremap_uncached_accelerated(), which is how the problem was discovered. Fix this by making use of walk_system_ram_range() to test the address range provided to __ioremap() against only RAM pages, rather than all lowmem pages. This means that if we have a lowmem I/O region, which is very common for MIPS systems, we're free to ioremap() address ranges within it. A nice bonus is that the test is no longer limited to lowmem. The approach here matches the way x86 performed the same test after commit c81c8a1eeede ("x86, ioremap: Speed up check for RAM pages") until x86 moved towards a slightly more complicated check using walk_mem_res() for unrelated reasons with commit 0e4c12b45aa8 ("x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages"). Signed-off-by: Paul Burton <paul.burton(a)mips.com> Reported-by: Serge Semin <fancer.lancer(a)gmail.com> Tested-by: Serge Semin <fancer.lancer(a)gmail.com> Fixes: 92923ca3aace ("mm: meminit: only set page reserved in the memblock region") Cc: James Hogan <jhogan(a)kernel.org> Cc: Ralf Baechle <ralf(a)linux-mips.org> Cc: linux-mips(a)linux-mips.org Cc: stable(a)vger.kernel.org # v4.2+ --- arch/mips/mm/ioremap.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/arch/mips/mm/ioremap.c b/arch/mips/mm/ioremap.c index 1986e09fb457..1601d90b087b 100644 --- a/arch/mips/mm/ioremap.c +++ b/arch/mips/mm/ioremap.c @@ -9,6 +9,7 @@ #include <linux/export.h> #include <asm/addrspace.h> #include <asm/byteorder.h> +#include <linux/ioport.h> #include <linux/sched.h> #include <linux/slab.h> #include <linux/vmalloc.h> @@ -98,6 +99,20 @@ static int remap_area_pages(unsigned long address, phys_addr_t phys_addr, return error; } +static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages, + void *arg) +{ + unsigned long i; + + for (i = 0; i < nr_pages; i++) { + if (pfn_valid(start_pfn + i) && + !PageReserved(pfn_to_page(start_pfn + i))) + return 1; + } + + return 0; +} + /* * Generic mapping function (not visible outside): */ @@ -116,8 +131,8 @@ static int remap_area_pages(unsigned long address, phys_addr_t phys_addr, void __iomem * __ioremap(phys_addr_t phys_addr, phys_addr_t size, unsigned long flags) { + unsigned long offset, pfn, last_pfn; struct vm_struct * area; - unsigned long offset; phys_addr_t last_addr; void * addr; @@ -137,18 +152,16 @@ void __iomem * __ioremap(phys_addr_t phys_addr, phys_addr_t size, unsigned long return (void __iomem *) CKSEG1ADDR(phys_addr); /* - * Don't allow anybody to remap normal RAM that we're using.. + * Don't allow anybody to remap RAM that may be allocated by the page + * allocator, since that could lead to races & data clobbering. */ - if (phys_addr < virt_to_phys(high_memory)) { - char *t_addr, *t_end; - struct page *page; - - t_addr = __va(phys_addr); - t_end = t_addr + (size - 1); - - for(page = virt_to_page(t_addr); page <= virt_to_page(t_end); page++) - if(!PageReserved(page)) - return NULL; + pfn = PFN_DOWN(phys_addr); + last_pfn = PFN_DOWN(last_addr); + if (walk_system_ram_range(pfn, last_pfn - pfn + 1, NULL, + __ioremap_check_ram) == 1) { + WARN_ONCE(1, "ioremap on RAM at %pa - %pa\n", + &phys_addr, &last_addr); + return NULL; } /* -- 2.18.0

6 years, 11 months

1
0
0 0

[PATCH v2] dm-zoned: Avoid triggering reclaim from inside dmz_map()

by Bart Van Assche

This patch avoids that lockdep reports the following: ====================================================== WARNING: possible circular locking dependency detected 4.18.0-rc1 #62 Not tainted ------------------------------------------------------ kswapd0/84 is trying to acquire lock: 00000000c313516d (&xfs_nondir_ilock_class){++++}, at: xfs_free_eofblocks+0xa2/0x1e0 but task is already holding lock: 00000000591c83ae (fs_reclaim){+.+.}, at: __fs_reclaim_acquire+0x5/0x30 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (fs_reclaim){+.+.}: kmem_cache_alloc+0x2c/0x2b0 radix_tree_node_alloc.constprop.19+0x3d/0xc0 __radix_tree_create+0x161/0x1c0 __radix_tree_insert+0x45/0x210 dmz_map+0x245/0x2d0 [dm_zoned] __map_bio+0x40/0x260 __split_and_process_non_flush+0x116/0x220 __split_and_process_bio+0x81/0x180 __dm_make_request.isra.32+0x5a/0x100 generic_make_request+0x36e/0x690 submit_bio+0x6c/0x140 mpage_readpages+0x19e/0x1f0 read_pages+0x6d/0x1b0 __do_page_cache_readahead+0x21b/0x2d0 force_page_cache_readahead+0xc4/0x100 generic_file_read_iter+0x7c6/0xd20 __vfs_read+0x102/0x180 vfs_read+0x9b/0x140 ksys_read+0x55/0xc0 do_syscall_64+0x5a/0x1f0 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #1 (&dmz->chunk_lock){+.+.}: dmz_map+0x133/0x2d0 [dm_zoned] __map_bio+0x40/0x260 __split_and_process_non_flush+0x116/0x220 __split_and_process_bio+0x81/0x180 __dm_make_request.isra.32+0x5a/0x100 generic_make_request+0x36e/0x690 submit_bio+0x6c/0x140 _xfs_buf_ioapply+0x31c/0x590 xfs_buf_submit_wait+0x73/0x520 xfs_buf_read_map+0x134/0x2f0 xfs_trans_read_buf_map+0xc3/0x580 xfs_read_agf+0xa5/0x1e0 xfs_alloc_read_agf+0x59/0x2b0 xfs_alloc_pagf_init+0x27/0x60 xfs_bmap_longest_free_extent+0x43/0xb0 xfs_bmap_btalloc_nullfb+0x7f/0xf0 xfs_bmap_btalloc+0x428/0x7c0 xfs_bmapi_write+0x598/0xcc0 xfs_iomap_write_allocate+0x15a/0x330 xfs_map_blocks+0x1cf/0x3f0 xfs_do_writepage+0x15f/0x7b0 write_cache_pages+0x1ca/0x540 xfs_vm_writepages+0x65/0xa0 do_writepages+0x48/0xf0 __writeback_single_inode+0x58/0x730 writeback_sb_inodes+0x249/0x5c0 wb_writeback+0x11e/0x550 wb_workfn+0xa3/0x670 process_one_work+0x228/0x670 worker_thread+0x3c/0x390 kthread+0x11c/0x140 ret_from_fork+0x3a/0x50 -> #0 (&xfs_nondir_ilock_class){++++}: down_read_nested+0x43/0x70 xfs_free_eofblocks+0xa2/0x1e0 xfs_fs_destroy_inode+0xac/0x270 dispose_list+0x51/0x80 prune_icache_sb+0x52/0x70 super_cache_scan+0x127/0x1a0 shrink_slab.part.47+0x1bd/0x590 shrink_node+0x3b5/0x470 balance_pgdat+0x158/0x3b0 kswapd+0x1ba/0x600 kthread+0x11c/0x140 ret_from_fork+0x3a/0x50 other info that might help us debug this: Chain exists of: &xfs_nondir_ilock_class --> &dmz->chunk_lock --> fs_reclaim Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(fs_reclaim); lock(&dmz->chunk_lock); lock(fs_reclaim); lock(&xfs_nondir_ilock_class); *** DEADLOCK *** 3 locks held by kswapd0/84: #0: 00000000591c83ae (fs_reclaim){+.+.}, at: __fs_reclaim_acquire+0x5/0x30 #1: 000000000f8208f5 (shrinker_rwsem){++++}, at: shrink_slab.part.47+0x3f/0x590 #2: 00000000cacefa54 (&type->s_umount_key#43){.+.+}, at: trylock_super+0x16/0x50 stack backtrace: CPU: 7 PID: 84 Comm: kswapd0 Not tainted 4.18.0-rc1 #62 Hardware name: Supermicro Super Server/X10SRL-F, BIOS 2.0 12/17/2015 Call Trace: dump_stack+0x85/0xcb print_circular_bug.isra.36+0x1ce/0x1db __lock_acquire+0x124e/0x1310 lock_acquire+0x9f/0x1f0 down_read_nested+0x43/0x70 xfs_free_eofblocks+0xa2/0x1e0 xfs_fs_destroy_inode+0xac/0x270 dispose_list+0x51/0x80 prune_icache_sb+0x52/0x70 super_cache_scan+0x127/0x1a0 shrink_slab.part.47+0x1bd/0x590 shrink_node+0x3b5/0x470 balance_pgdat+0x158/0x3b0 kswapd+0x1ba/0x600 kthread+0x11c/0x140 ret_from_fork+0x3a/0x50 Reported-by: Masato Suzuki <masato.suzuki(a)wdc.com> Fixes: 4218a9554653 ("dm zoned: use GFP_NOIO in I/O path") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Damien Le Moal <Damien.LeMoal(a)wdc.com> Cc: Mikulas Patocka <mpatocka(a)redhat.com> Cc: <stable(a)vger.kernel.org> --- Changes compared to v1: added "Cc: stable" drivers/md/dm-zoned-target.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/dm-zoned-target.c b/drivers/md/dm-zoned-target.c index 3c0e45f4dcf5..a44183ff4be0 100644 --- a/drivers/md/dm-zoned-target.c +++ b/drivers/md/dm-zoned-target.c @@ -787,7 +787,7 @@ static int dmz_ctr(struct dm_target *ti, unsigned int argc, char **argv) /* Chunk BIO work */ mutex_init(&dmz->chunk_lock); - INIT_RADIX_TREE(&dmz->chunk_rxtree, GFP_KERNEL); + INIT_RADIX_TREE(&dmz->chunk_rxtree, GFP_NOIO); dmz->chunk_wq = alloc_workqueue("dmz_cwq_%s", WQ_MEM_RECLAIM | WQ_UNBOUND, 0, dev->name); if (!dmz->chunk_wq) { -- 2.17.1

6 years, 11 months

3
2
0 0

[merged] mm-teach-dump_page-to-correctly-output-poisoned-struct-pages.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: teach dump_page() to correctly output poisoned struct pages has been removed from the -mm tree. Its filename was mm-teach-dump_page-to-correctly-output-poisoned-struct-pages.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Pavel Tatashin <pasha.tatashin(a)oracle.com> Subject: mm: teach dump_page() to correctly output poisoned struct pages If struct page is poisoned, and uninitialized access is detected via PF_POISONED_CHECK(page) dump_page() is called to output the page. But, the dump_page() itself accesses struct page to determine how to print it, and therefore gets into a recursive loop. For example: dump_page() __dump_page() PageSlab(page) PF_POISONED_CHECK(page) VM_BUG_ON_PGFLAGS(PagePoisoned(page), page) dump_page() recursion loop. Link: http://lkml.kernel.org/r/20180702180536.2552-1-pasha.tatashin@oracle.com Fixes: f165b378bbdf ("mm: uninitialized struct page poisoning sanity checking") Signed-off-by: Pavel Tatashin <pasha.tatashin(a)oracle.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/debug.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff -puN mm/debug.c~mm-teach-dump_page-to-correctly-output-poisoned-struct-pages mm/debug.c --- a/mm/debug.c~mm-teach-dump_page-to-correctly-output-poisoned-struct-pages +++ a/mm/debug.c @@ -43,12 +43,25 @@ const struct trace_print_flags vmaflag_n void __dump_page(struct page *page, const char *reason) { + bool page_poisoned = PagePoisoned(page); + int mapcount; + + /* + * If struct page is poisoned don't access Page*() functions as that + * leads to recursive loop. Page*() check for poisoned pages, and calls + * dump_page() when detected. + */ + if (page_poisoned) { + pr_emerg("page:%px is uninitialized and poisoned", page); + goto hex_only; + } + /* * Avoid VM_BUG_ON() in page_mapcount(). * page->_mapcount space in struct page is used by sl[aou]b pages to * encode own info. */ - int mapcount = PageSlab(page) ? 0 : page_mapcount(page); + mapcount = PageSlab(page) ? 0 : page_mapcount(page); pr_emerg("page:%px count:%d mapcount:%d mapping:%px index:%#lx", page, page_ref_count(page), mapcount, @@ -60,6 +73,7 @@ void __dump_page(struct page *page, cons pr_emerg("flags: %#lx(%pGp)\n", page->flags, &page->flags); +hex_only: print_hex_dump(KERN_ALERT, "raw: ", DUMP_PREFIX_NONE, 32, sizeof(unsigned long), page, sizeof(struct page), false); @@ -68,7 +82,7 @@ void __dump_page(struct page *page, cons pr_alert("page dumped because: %s\n", reason); #ifdef CONFIG_MEMCG - if (page->mem_cgroup) + if (!page_poisoned && page->mem_cgroup) pr_alert("page->mem_cgroup:%px\n", page->mem_cgroup); #endif } _ Patches currently in -mm which might be from pasha.tatashin(a)oracle.com are mm-skip-invalid-pages-block-at-a-time-in-zero_resv_unresv.patch sparc64-ng4-memset-32-bits-overflow.patch

6 years, 11 months

1
0
0 0

[merged] mm-hugetlb-yield-when-prepping-struct-pages.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: hugetlb: yield when prepping struct pages has been removed from the -mm tree. Its filename was mm-hugetlb-yield-when-prepping-struct-pages.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Cannon Matthews <cannonmatthews(a)google.com> Subject: mm: hugetlb: yield when prepping struct pages When booting with very large numbers of gigantic (i.e. 1G) pages, the operations in the loop of gather_bootmem_prealloc, and specifically prep_compound_gigantic_page, takes a very long time, and can cause a softlockup if enough pages are requested at boot. For example booting with 3844 1G pages requires prepping (set_compound_head, init the count) over 1 billion 4K tail pages, which takes considerable time. Add a cond_resched() to the outer loop in gather_bootmem_prealloc() to prevent this lockup. Tested: Booted with softlockup_panic=1 hugepagesz=1G hugepages=3844 and no softlockup is reported, and the hugepages are reported as successfully setup. Link: http://lkml.kernel.org/r/20180627214447.260804-1-cannonmatthews@google.com Signed-off-by: Cannon Matthews <cannonmatthews(a)google.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Reviewed-by: Mike Kravetz <mike.kravetz(a)oracle.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Andres Lagar-Cavilla <andreslc(a)google.com> Cc: Peter Feiner <pfeiner(a)google.com> Cc: Greg Thelen <gthelen(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 1 + 1 file changed, 1 insertion(+) diff -puN mm/hugetlb.c~mm-hugetlb-yield-when-prepping-struct-pages mm/hugetlb.c --- a/mm/hugetlb.c~mm-hugetlb-yield-when-prepping-struct-pages +++ a/mm/hugetlb.c @@ -2163,6 +2163,7 @@ static void __init gather_bootmem_preall */ if (hstate_is_gigantic(h)) adjust_managed_page_count(page, 1 << h->order); + cond_resched(); } } _ Patches currently in -mm which might be from cannonmatthews(a)google.com are

6 years, 11 months

1
0
0 0

[merged] userfaultfd-hugetlbfs-fix-userfaultfd_huge_must_wait-pte-access.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access has been removed from the -mm tree. Its filename was userfaultfd-hugetlbfs-fix-userfaultfd_huge_must_wait-pte-access.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Janosch Frank <frankja(a)linux.ibm.com> Subject: userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access Use huge_ptep_get() to translate huge ptes to normal ptes so we can check them with the huge_pte_* functions. Otherwise some architectures will check the wrong values and will not wait for userspace to bring in the memory. Link: http://lkml.kernel.org/r/20180626132421.78084-1-frankja@linux.ibm.com Fixes: 369cd2121be4 ("userfaultfd: hugetlbfs: userfaultfd_huge_must_wait for hugepmd ranges") Signed-off-by: Janosch Frank <frankja(a)linux.ibm.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/userfaultfd.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff -puN fs/userfaultfd.c~userfaultfd-hugetlbfs-fix-userfaultfd_huge_must_wait-pte-access fs/userfaultfd.c --- a/fs/userfaultfd.c~userfaultfd-hugetlbfs-fix-userfaultfd_huge_must_wait-pte-access +++ a/fs/userfaultfd.c @@ -222,24 +222,26 @@ static inline bool userfaultfd_huge_must unsigned long reason) { struct mm_struct *mm = ctx->mm; - pte_t *pte; + pte_t *ptep, pte; bool ret = true; VM_BUG_ON(!rwsem_is_locked(&mm->mmap_sem)); - pte = huge_pte_offset(mm, address, vma_mmu_pagesize(vma)); - if (!pte) + ptep = huge_pte_offset(mm, address, vma_mmu_pagesize(vma)); + + if (!ptep) goto out; ret = false; + pte = huge_ptep_get(ptep); /* * Lockless access: we're in a wait_event so it's ok if it * changes under us. */ - if (huge_pte_none(*pte)) + if (huge_pte_none(pte)) ret = true; - if (!huge_pte_write(*pte) && (reason & VM_UFFD_WP)) + if (!huge_pte_write(pte) && (reason & VM_UFFD_WP)) ret = true; out: return ret; _ Patches currently in -mm which might be from frankja(a)linux.ibm.com are

6 years, 11 months

1
0
0 0

[GIT PULL] commits for Linux 4.4

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit dc45cafe612ec6960fe728f3260a0b751c73f4aa: Linux 4.4.136 (2018-06-06 16:46:24 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.4-20062018 for you to fetch changes up to 340dc6e834545e08109b42402fe692c097446c90: net/sonic: Use dma_mapping_error() (2018-06-07 15:40:15 -0400) - ---------------------------------------------------------------- for-greg-4.4-20062018 - ---------------------------------------------------------------- Eric Dumazet (1): xfrm6: avoid potential infinite loop in _decode_session6() Finn Thain (1): net/sonic: Use dma_mapping_error() Ivan Bornyakov (1): atm: zatm: fix memcmp casting Josh Hill (1): net: qmi_wwan: Add Netgear Aircard 779S Julian Anastasov (1): ipvs: fix buffer overflow with sync daemon and service Paolo Abeni (1): netfilter: ebtables: handle string from userspace with care drivers/atm/zatm.c | 4 ++-- drivers/net/ethernet/natsemi/sonic.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + net/bridge/netfilter/ebtables.c | 3 ++- net/ipv6/xfrm6_policy.c | 2 +- net/netfilter/ipvs/ip_vs_ctl.c | 21 +++++++++++++++------ 6 files changed, 22 insertions(+), 11 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlsrD2AACgkQ3qZv95d3 LNxa4hAAsH8GdIusq8gBegjlwklVZiCo2zvrWbwohM7Sc1TpuAjLWSVh9iuFRPKn fAAuQYlY3oTDpq/bnje4c+JTnNsjcikDETycZ3diWCiG28c9DjKatsJt/fH9yP/V vAzCboTy38kbizNpXBam6KniZ48qEvFZt2zsYpFL5HzlgHTlBOcOup7iL3P04i1S +v/QCS+OApv0VZR84Nq4mx5ofYILO7ty2xzLCTHHqzLWCEyaX3SbJXBKF5lf3Cu2 WU35HQsnTxKaM3fa7+nSsZu2xkqwNit/xAeAdf0e3ymgBc1G+DezZTJFk/+BbD1N /zWs7AN757Ae6p5HB4eV5KGM5hO8bhqtNuGv6T0eAbqi4MwNclY+J0VCTVbtDrjT bPyJHdfjNc175M2wZDw0HJWWYIHUroQ1Qcao6V9DchVPKtsLd3ICj9sXNNhp1VMo zNLfj9hRcOY/cZtj8tNC6QyoOZX1QBiTGKxDvQbQvmWsrKWQCDOCPHOJh/AycH9a jQYl4+DPMYMFh0ahrrDNBkbmI10Jcg170vQ4CEppRP1zkwbSNtHzfMlp8t2kXXTV uc2rxh/MY2DwBoXqGs6HrxH1Z/A2gcwcu8xqNAGJhaleWQEae2qFQx6eEUKekjhm +EfJIG7v2blVcMLpp06kaAwlIUK4hV2F/Tn9BoQajbBA5Lq9whI= =0hTA -----END PGP SIGNATURE-----

6 years, 11 months

2
2
0 0

[PATCH 4.9] mlxsw: spectrum: Forbid linking of VLAN devices to devices that have uppers

by Ido Schimmel

commit 25cc72a33835ed8a6f53180a822cadab855852ac upstream. Jiri Slaby noticed that the backport of upstream commit 25cc72a33835 ("mlxsw: spectrum: Forbid linking to devices that have uppers") to kernel 4.9.y introduced the same check twice in the same function instead of in two different places. Fix this by relocating one of the checks to its intended place, thus preventing unsupported configurations as described in the original commit. Fixes: 73ee5a73e75f ("mlxsw: spectrum: Forbid linking to devices that have uppers") Signed-off-by: Ido Schimmel <idosch(a)mellanox.com> Reported-by: Jiri Slaby <jslaby(a)suse.cz> --- Greg, I read Documentation/stable_kernel_rules.txt, so I hope the patch is fine. Please let me know if v2 is required. Thanks --- drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c index d50350c7adc4..22a5916e477e 100644 --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c @@ -4187,10 +4187,6 @@ static int mlxsw_sp_netdevice_port_upper_event(struct net_device *dev, if (netif_is_lag_port(dev) && is_vlan_dev(upper_dev) && !netif_is_lag_master(vlan_dev_real_dev(upper_dev))) return -EINVAL; - if (!info->linking) - break; - if (netdev_has_any_upper_dev(upper_dev)) - return -EINVAL; break; case NETDEV_CHANGEUPPER: upper_dev = info->upper_dev; @@ -4566,6 +4562,8 @@ static int mlxsw_sp_netdevice_vport_event(struct net_device *dev, return -EINVAL; if (!info->linking) break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; /* We can't have multiple VLAN interfaces configured on * the same port and being members in the same bridge. */ -- 2.14.4

6 years, 11 months

2
4
0 0

FAILED: patch "[PATCH] x86/mce: Fix incorrect "Machine check from unknown source"" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 40c36e2741d7fe1e66d6ec55477ba5fd19c9c5d2 Mon Sep 17 00:00:00 2001 From: Tony Luck <tony.luck(a)intel.com> Date: Fri, 22 Jun 2018 11:54:23 +0200 Subject: [PATCH] x86/mce: Fix incorrect "Machine check from unknown source" message Some injection testing resulted in the following console log: mce: [Hardware Error]: CPU 22: Machine Check Exception: f Bank 1: bd80000000100134 mce: [Hardware Error]: RIP 10:<ffffffffc05292dd> {pmem_do_bvec+0x11d/0x330 [nd_pmem]} mce: [Hardware Error]: TSC c51a63035d52 ADDR 3234bc4000 MISC 88 mce: [Hardware Error]: PROCESSOR 0:50654 TIME 1526502199 SOCKET 0 APIC 38 microcode 2000043 mce: [Hardware Error]: Run the above through 'mcelog --ascii' Kernel panic - not syncing: Machine check from unknown source This confused everybody because the first line quite clearly shows that we found a logged error in "Bank 1", while the last line says "unknown source". The problem is that the Linux code doesn't do the right thing for a local machine check that results in a fatal error. It turns out that we know very early in the handler whether the machine check is fatal. The call to mce_no_way_out() has checked all the banks for the CPU that took the local machine check. If it says we must crash, we can do so right away with the right messages. We do scan all the banks again. This means that we might initially not see a problem, but during the second scan find something fatal. If this happens we print a slightly different message (so I can see if it actually every happens). [ bp: Remove unneeded severity assignment. ] Signed-off-by: Tony Luck <tony.luck(a)intel.com> Signed-off-by: Borislav Petkov <bp(a)suse.de> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ashok Raj <ashok.raj(a)intel.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> Cc: linux-edac <linux-edac(a)vger.kernel.org> Cc: stable(a)vger.kernel.org # 4.2 Link: http://lkml.kernel.org/r/52e049a497e86fd0b71c529651def8871c804df0.152728389… diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c index 7e6f51a9d917..e93670d736a6 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -1207,13 +1207,18 @@ void do_machine_check(struct pt_regs *regs, long error_code) lmce = m.mcgstatus & MCG_STATUS_LMCES; /* + * Local machine check may already know that we have to panic. + * Broadcast machine check begins rendezvous in mce_start() * Go through all banks in exclusion of the other CPUs. This way we * don't report duplicated events on shared banks because the first one - * to see it will clear it. If this is a Local MCE, then no need to - * perform rendezvous. + * to see it will clear it. */ - if (!lmce) + if (lmce) { + if (no_way_out) + mce_panic("Fatal local machine check", &m, msg); + } else { order = mce_start(&no_way_out); + } for (i = 0; i < cfg->banks; i++) { __clear_bit(i, toclear); @@ -1289,12 +1294,17 @@ void do_machine_check(struct pt_regs *regs, long error_code) no_way_out = worst >= MCE_PANIC_SEVERITY; } else { /* - * Local MCE skipped calling mce_reign() - * If we found a fatal error, we need to panic here. + * If there was a fatal machine check we should have + * already called mce_panic earlier in this function. + * Since we re-read the banks, we might have found + * something new. Check again to see if we found a + * fatal error. We call "mce_severity()" again to + * make sure we have the right "msg". */ - if (worst >= MCE_PANIC_SEVERITY && mca_cfg.tolerant < 3) - mce_panic("Machine check from unknown source", - NULL, NULL); + if (worst >= MCE_PANIC_SEVERITY && mca_cfg.tolerant < 3) { + mce_severity(&m, cfg->tolerant, &msg, true); + mce_panic("Local fatal machine check!", &m, msg); + } } /*

6 years, 11 months

3
4
0 0

[GIT PULL] commits for Linux 3.18

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 3.18 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit b0b357c20ca6171b8ac698351f5202402b7ad7d5: Linux 3.18.112 (2018-05-30 22:08:04 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-3.18-20062018 for you to fetch changes up to b73b55ee0dd09bb24fa6a4fee94b21d97dbc51ba: net/sonic: Use dma_mapping_error() (2018-06-07 15:40:45 -0400) - ---------------------------------------------------------------- for-greg-3.18-20062018 - ---------------------------------------------------------------- Finn Thain (1): net/sonic: Use dma_mapping_error() Ivan Bornyakov (1): atm: zatm: fix memcmp casting Josh Hill (1): net: qmi_wwan: Add Netgear Aircard 779S Paolo Abeni (1): netfilter: ebtables: handle string from userspace with care drivers/atm/zatm.c | 4 ++-- drivers/net/ethernet/natsemi/sonic.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + net/bridge/netfilter/ebtables.c | 3 ++- 4 files changed, 6 insertions(+), 4 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlsrD34ACgkQ3qZv95d3 LNxyQA//Td2TjwiNv4O7a5DTBTY11L1m/4aM/Sg9AR3yUtykiIfatVi5rAwdKzXl ZBhutqVj7eK7STEyNfvqT0p/qwzoXWQUMSq0BpaH+D6Vfcvo3WNfXSdwODVsYy7D d8N814Libu3zUHj4x+KXp2og8SCKqAYNgyBhd45bnrRUVbq/UQPcZsXqDSUIX6WK RHkGU96VogA/4VEdD8Tiv9wX86L4PTQwve+GpYdxRc6Cc5rAuu3tS1BQgl50nfSU MSgorHcL+RO9wWu/Ij6L1SDOgNfxrk9b9DPt9Jahm5NeF+et5t/vLuJ804osJRYE dbXk6NQ+8EMQmgCOdDKUZhiHjN6ztk2NMsqmQb1z9hsPB+5gmmPMP2vZVA0BUyjl UZVQcRwYC1+s/bOb/uqhvBD4DH5pj76hMMkz10rR8pAvVRCvoBGFU9uwtSlu3gZo 24xHREUUSrpecc61tUq3QyomzlUZUQgyvkU8GnqD+2vhiJfsuyZ33AfjVmwEl+Vn 37qgenBJLBKhXzDxOMqg+xg0mUGo63CQeIx2ERSp3DiTHOElOWJINu5MVZQYKC8w rxSBacxj+5w24IM/OxNpWZ3PAoUSlAAvmkPiQJ5Aavw0StpqvNHN+DElmLf6eVrl 2Q5ZnkFhUOB2xSRkCYpkRhq9GZWGLkWjn4ePToil4z1+X13T6Zs= =mpuV -----END PGP SIGNATURE-----

6 years, 11 months

2
1
0 0

[GIT PULL] commits for Linux 4.14

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.14 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 2c6025ebc7fd8e0a8ca785d778dc6ae25225744b: Linux 4.14.48 (2018-06-05 11:42:00 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.14-20062018 for you to fetch changes up to 5cca1f6fec1180fca1be5bc6f5068b96832646db: net: usb: cdc_mbim: add flag FLAG_SEND_ZLP (2018-06-06 23:16:01 -0400) - ---------------------------------------------------------------- for-greg-4.14-20062018 - ---------------------------------------------------------------- Alexander Duyck (1): net-sysfs: Fix memory leak in XPS configuration Damien ThÃ©bault (1): net: dsa: b53: Add BCM5389 support Daniele Palmas (1): net: usb: cdc_mbim: add flag FLAG_SEND_ZLP Darrick J. Wong (1): fs: clear writeback errors in inode_init_always David Howells (1): afs: Fix directory permissions check Eric Dumazet (1): xfrm6: avoid potential infinite loop in _decode_session6() Finn Thain (1): net/sonic: Use dma_mapping_error() Hao Wei Tee (1): iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs Ivan Bornyakov (1): atm: zatm: fix memcmp casting Josh Hill (1): net: qmi_wwan: Add Netgear Aircard 779S JoÃ£o Paulo Rechi Vita (1): platform/x86: asus-wmi: Fix NULL pointer dereference Julian Anastasov (1): ipvs: fix buffer overflow with sync daemon and service Kirill Tkhai (1): kcm: Fix use-after-free caused by clonned sockets Mathieu Xhonneux (1): ipv6: sr: fix memory OOB access in seg6_do_srh_encap/inline Pablo Neira Ayuso (1): netfilter: nft_limit: fix packet ratelimiting Paolo Abeni (1): netfilter: ebtables: handle string from userspace with care Paul Burton (1): sched/core: Require cpu_active() in select_task_rq(), for user tasks Peter Zijlstra (1): sched/core: Fix rules for running on online && !active CPUs Sebastian Ott (1): s390/dasd: use blk_mq_rq_from_pdu for per request data Suresh Reddy (1): be2net: Fix error detection logic for BE3 Taehee Yoo (3): netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval netfilter: nf_tables: increase nft_counters_enabled in nft_chain_stats_replace() Thomas Richter (1): perf test: "Session topology" dumps core on s390 YueHaibing (1): perf bpf: Fix NULL return handling in bpf__prepare_load() Documentation/devicetree/bindings/net/dsa/b53.txt | 1 + drivers/atm/zatm.c | 4 +- drivers/net/dsa/b53/b53_common.c | 13 +++++++ drivers/net/dsa/b53/b53_mdio.c | 5 ++- drivers/net/dsa/b53/b53_priv.h | 1 + drivers/net/ethernet/emulex/benet/be_main.c | 4 +- drivers/net/ethernet/natsemi/sonic.c | 2 +- drivers/net/usb/cdc_mbim.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 10 ++--- drivers/platform/x86/asus-wmi.c | 23 +++++++----- drivers/s390/block/dasd.c | 7 +++- fs/afs/security.c | 10 ++--- fs/inode.c | 1 + kernel/sched/core.c | 45 ++++++++++++++++------- net/bridge/netfilter/ebtables.c | 3 +- net/core/net-sysfs.c | 6 +-- net/ipv6/seg6_iptunnel.c | 4 +- net/ipv6/xfrm6_policy.c | 2 +- net/kcm/kcmsock.c | 2 +- net/netfilter/ipvs/ip_vs_ctl.c | 21 ++++++++--- net/netfilter/nf_tables_api.c | 4 +- net/netfilter/nft_ct.c | 20 ++++++---- net/netfilter/nft_limit.c | 38 ++++++++++++------- net/netfilter/nft_meta.c | 14 ++++--- tools/perf/tests/topology.c | 30 ++++++++++++--- tools/perf/util/bpf-loader.c | 6 +-- 27 files changed, 183 insertions(+), 96 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlsrD0EACgkQ3qZv95d3 LNykIRAAuOxrTFNkFNHbmF4ETHaQC1RA65ebzaxqTVO1HQUylrdU6XtGijfFfl2Q mLhFk1Om1AYOanQgOO3fPVohS+6lu4M/ld4/gfoVFOOE/Bjc2JsMO9I9OiZ5LCZQ AzToRfu7jjnvmdMhTgM+ek3/OJfDOtD4KskNZV1rjVTnYQbjblk/QonYibTgVsOm BFc5VQyKkUVrnDa+0Zcdbc2OfHSrGYoCsEIus7stBnbjGOR84qIDUTL9vMkDX0Vf 6o6QiwDkcY5sYGf5ob9BL7Bix3axAccA3Rp7Yq1GXglFFB4dwl6HBfAC6+liHTqF 2GvMDLktkZ1d4SGdabAdJahh04LFCQjgg1m7ZR61tzKzxBpu8D7eTiRQ/EPH0qrV Nob6oBoBIy4qk6KnAhPtY04TjDtK9/J6wUbG+rwYj9V5QAknrvT5zVdGsZTeVuEa R2pG6BJU7hAHv+Ndzey6c0ZxBH9fKdz7h/7ioeQGWPbmVGsebJoi+b4f5pOA31Wv 56Ne1IkhWGfCsBZMieBmWVrQrDVLoUk4DqjJW6TNXx5LvdxIDxP//oMy1plQUhS5 Mq7Ln3HKtNAnKSHgHd4RNWcE4kzvbviBxQHvVgdWTIpNTWEHrnz7L6Sh7HE6SWHJ qz2AtGJKCJL8KvmdQgbhtcYor5oOfZLDe1pZzetWLZ4yQnjJCdM= =Fakc -----END PGP SIGNATURE-----

6 years, 11 months

2
1
0 0

[GIT PULL] commits for Linux 4.9

by Sasha Levin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Greg, Pleae pull commits for Linux 4.9 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit 3c3d05fc6e6653bdf9f7fb3fb6922b199c7ba3ec: Linux 4.9.107 (2018-06-06 16:44:39 +0200) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git tags/for-greg-4.9-20062018 for you to fetch changes up to e957f7485f14affccc5f60f19dcce3a4f674cc0d: net: usb: cdc_mbim: add flag FLAG_SEND_ZLP (2018-06-07 15:39:36 -0400) - ---------------------------------------------------------------- for-greg-4.9-20062018 - ---------------------------------------------------------------- Damien ThÃ©bault (1): net: dsa: b53: Add BCM5389 support Daniele Palmas (1): net: usb: cdc_mbim: add flag FLAG_SEND_ZLP Eric Dumazet (1): xfrm6: avoid potential infinite loop in _decode_session6() Finn Thain (1): net/sonic: Use dma_mapping_error() Hao Wei Tee (1): iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs Ivan Bornyakov (1): atm: zatm: fix memcmp casting Josh Hill (1): net: qmi_wwan: Add Netgear Aircard 779S JoÃ£o Paulo Rechi Vita (1): platform/x86: asus-wmi: Fix NULL pointer dereference Julian Anastasov (1): ipvs: fix buffer overflow with sync daemon and service Kirill Tkhai (1): kcm: Fix use-after-free caused by clonned sockets Paolo Abeni (1): netfilter: ebtables: handle string from userspace with care Documentation/devicetree/bindings/net/dsa/b53.txt | 1 + drivers/atm/zatm.c | 4 ++-- drivers/net/dsa/b53/b53_common.c | 13 +++++++++++++ drivers/net/dsa/b53/b53_mdio.c | 5 ++++- drivers/net/dsa/b53/b53_priv.h | 1 + drivers/net/ethernet/natsemi/sonic.c | 2 +- drivers/net/usb/cdc_mbim.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 10 +++++----- drivers/platform/x86/asus-wmi.c | 23 +++++++++++++---------- net/bridge/netfilter/ebtables.c | 3 ++- net/ipv6/xfrm6_policy.c | 2 +- net/kcm/kcmsock.c | 2 +- net/netfilter/ipvs/ip_vs_ctl.c | 21 +++++++++++++++------ 14 files changed, 61 insertions(+), 29 deletions(-) -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAlsrD08ACgkQ3qZv95d3 LNz7JhAAlyrbs4NT1tU0ZjZYQ78hQbojWTDyMBQSz1+SIKwey/6Mp7HFizAXghY/ 3f4KECTu8a/5P35Jo7euTy7C3RDKOnHtP2yQENuu4AGe/pivIfqqVsIANmdy+sAi BY2iXJllGYeV8777nE0lm3cQrXnAMWhTsMmwKbJk6gHHx9ueaSRns7tajiD4lXm0 Z+F07jReymaOEvi3bNAKZTSU0swprprXTG9GfKPDyfPdB7fu4J7t+HkWI071mTj+ L1gJdcW5XOPuB1Tmu0ES5rRrFsDYdeUEwFoJBq0TplmOEKSNZO+xLWgTLfRZZ3T2 W6YIM+jOs44MfI4Sy5PDmM1jHwnvyUplOxApfx570F7CiSwU8xyuDwpQZIsNrBPn FrsDIy8X7uLLCN0MG0HMO/0P8RhL2tHKwG9gN/xRPo0fOLhVprABj8fTi3FCQhTU /BYAdmj4s58BuEEPND9swFYx96UTNuVVb47HB0+3FasPmCnGdhiVXb+HSSY6tW1a GNQqpcsUUtVoe4sFgb4s2pqZjnXfepvd4EhsI8cGU4KoTQ/vbwK4OVJS+MrSehoB yi169EwX0jL6ILtLNDBm2SVVcw7ukAEq4aDJRjko+X6xWFZxhnGTnFsZldkOEjld DVDGFhcTyUiGE7wVsnZGANMhHhT2LjtyeGDKpQiFn6lMagp0IM4= =gZsz -----END PGP SIGNATURE-----

6 years, 11 months

2
1
0 0

FAILED: patch "[PATCH] ubi: fastmap: Correctly handle interrupted erasures in EBA" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 781932375ffc6411713ee0926ccae8596ed0261c Mon Sep 17 00:00:00 2001 From: Richard Weinberger <richard(a)nod.at> Date: Mon, 28 May 2018 22:04:32 +0200 Subject: [PATCH] ubi: fastmap: Correctly handle interrupted erasures in EBA Fastmap cannot track the LEB unmap operation, therefore it can happen that after an interrupted erasure the mapping still looks good from Fastmap's point of view, while reading from the PEB will cause an ECC error and confuses the upper layer. Instead of teaching users of UBI how to deal with that, we read back the VID header and check for errors. If the PEB is empty or shows ECC errors we fixup the mapping and schedule the PEB for erasure. Fixes: dbb7d2a88d2a ("UBI: Add fastmap core") Cc: <stable(a)vger.kernel.org> Reported-by: martin bayern <Martinbayern(a)outlook.com> Signed-off-by: Richard Weinberger <richard(a)nod.at> diff --git a/drivers/mtd/ubi/eba.c b/drivers/mtd/ubi/eba.c index 250e30fac61b..593a4f9d97e3 100644 --- a/drivers/mtd/ubi/eba.c +++ b/drivers/mtd/ubi/eba.c @@ -490,6 +490,82 @@ int ubi_eba_unmap_leb(struct ubi_device *ubi, struct ubi_volume *vol, return err; } +#ifdef CONFIG_MTD_UBI_FASTMAP +/** + * check_mapping - check and fixup a mapping + * @ubi: UBI device description object + * @vol: volume description object + * @lnum: logical eraseblock number + * @pnum: physical eraseblock number + * + * Checks whether a given mapping is valid. Fastmap cannot track LEB unmap + * operations, if such an operation is interrupted the mapping still looks + * good, but upon first read an ECC is reported to the upper layer. + * Normaly during the full-scan at attach time this is fixed, for Fastmap + * we have to deal with it while reading. + * If the PEB behind a LEB shows this symthom we change the mapping to + * %UBI_LEB_UNMAPPED and schedule the PEB for erasure. + * + * Returns 0 on success, negative error code in case of failure. + */ +static int check_mapping(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, + int *pnum) +{ + int err; + struct ubi_vid_io_buf *vidb; + + if (!ubi->fast_attach) + return 0; + + vidb = ubi_alloc_vid_buf(ubi, GFP_NOFS); + if (!vidb) + return -ENOMEM; + + err = ubi_io_read_vid_hdr(ubi, *pnum, vidb, 0); + if (err > 0 && err != UBI_IO_BITFLIPS) { + int torture = 0; + + switch (err) { + case UBI_IO_FF: + case UBI_IO_FF_BITFLIPS: + case UBI_IO_BAD_HDR: + case UBI_IO_BAD_HDR_EBADMSG: + break; + default: + ubi_assert(0); + } + + if (err == UBI_IO_BAD_HDR_EBADMSG || err == UBI_IO_FF_BITFLIPS) + torture = 1; + + down_read(&ubi->fm_eba_sem); + vol->eba_tbl->entries[lnum].pnum = UBI_LEB_UNMAPPED; + up_read(&ubi->fm_eba_sem); + ubi_wl_put_peb(ubi, vol->vol_id, lnum, *pnum, torture); + + *pnum = UBI_LEB_UNMAPPED; + } else if (err < 0) { + ubi_err(ubi, "unable to read VID header back from PEB %i: %i", + *pnum, err); + + goto out_free; + } + + err = 0; + +out_free: + ubi_free_vid_buf(vidb); + + return err; +} +#else +static int check_mapping(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, + int *pnum) +{ + return 0; +} +#endif + /** * ubi_eba_read_leb - read data. * @ubi: UBI device description object @@ -522,7 +598,13 @@ int ubi_eba_read_leb(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, return err; pnum = vol->eba_tbl->entries[lnum].pnum; - if (pnum < 0) { + if (pnum >= 0) { + err = check_mapping(ubi, vol, lnum, &pnum); + if (err < 0) + goto out_unlock; + } + + if (pnum == UBI_LEB_UNMAPPED) { /* * The logical eraseblock is not mapped, fill the whole buffer * with 0xFF bytes. The exception is static volumes for which @@ -930,6 +1012,12 @@ int ubi_eba_write_leb(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, return err; pnum = vol->eba_tbl->entries[lnum].pnum; + if (pnum >= 0) { + err = check_mapping(ubi, vol, lnum, &pnum); + if (err < 0) + goto out; + } + if (pnum >= 0) { dbg_eba("write %d bytes at offset %d of LEB %d:%d, PEB %d", len, offset, vol_id, lnum, pnum);

6 years, 11 months

3
2
0 0

FAILED: patch "[PATCH] ubi: fastmap: Correctly handle interrupted erasures in EBA" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 781932375ffc6411713ee0926ccae8596ed0261c Mon Sep 17 00:00:00 2001 From: Richard Weinberger <richard(a)nod.at> Date: Mon, 28 May 2018 22:04:32 +0200 Subject: [PATCH] ubi: fastmap: Correctly handle interrupted erasures in EBA Fastmap cannot track the LEB unmap operation, therefore it can happen that after an interrupted erasure the mapping still looks good from Fastmap's point of view, while reading from the PEB will cause an ECC error and confuses the upper layer. Instead of teaching users of UBI how to deal with that, we read back the VID header and check for errors. If the PEB is empty or shows ECC errors we fixup the mapping and schedule the PEB for erasure. Fixes: dbb7d2a88d2a ("UBI: Add fastmap core") Cc: <stable(a)vger.kernel.org> Reported-by: martin bayern <Martinbayern(a)outlook.com> Signed-off-by: Richard Weinberger <richard(a)nod.at> diff --git a/drivers/mtd/ubi/eba.c b/drivers/mtd/ubi/eba.c index 250e30fac61b..593a4f9d97e3 100644 --- a/drivers/mtd/ubi/eba.c +++ b/drivers/mtd/ubi/eba.c @@ -490,6 +490,82 @@ int ubi_eba_unmap_leb(struct ubi_device *ubi, struct ubi_volume *vol, return err; } +#ifdef CONFIG_MTD_UBI_FASTMAP +/** + * check_mapping - check and fixup a mapping + * @ubi: UBI device description object + * @vol: volume description object + * @lnum: logical eraseblock number + * @pnum: physical eraseblock number + * + * Checks whether a given mapping is valid. Fastmap cannot track LEB unmap + * operations, if such an operation is interrupted the mapping still looks + * good, but upon first read an ECC is reported to the upper layer. + * Normaly during the full-scan at attach time this is fixed, for Fastmap + * we have to deal with it while reading. + * If the PEB behind a LEB shows this symthom we change the mapping to + * %UBI_LEB_UNMAPPED and schedule the PEB for erasure. + * + * Returns 0 on success, negative error code in case of failure. + */ +static int check_mapping(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, + int *pnum) +{ + int err; + struct ubi_vid_io_buf *vidb; + + if (!ubi->fast_attach) + return 0; + + vidb = ubi_alloc_vid_buf(ubi, GFP_NOFS); + if (!vidb) + return -ENOMEM; + + err = ubi_io_read_vid_hdr(ubi, *pnum, vidb, 0); + if (err > 0 && err != UBI_IO_BITFLIPS) { + int torture = 0; + + switch (err) { + case UBI_IO_FF: + case UBI_IO_FF_BITFLIPS: + case UBI_IO_BAD_HDR: + case UBI_IO_BAD_HDR_EBADMSG: + break; + default: + ubi_assert(0); + } + + if (err == UBI_IO_BAD_HDR_EBADMSG || err == UBI_IO_FF_BITFLIPS) + torture = 1; + + down_read(&ubi->fm_eba_sem); + vol->eba_tbl->entries[lnum].pnum = UBI_LEB_UNMAPPED; + up_read(&ubi->fm_eba_sem); + ubi_wl_put_peb(ubi, vol->vol_id, lnum, *pnum, torture); + + *pnum = UBI_LEB_UNMAPPED; + } else if (err < 0) { + ubi_err(ubi, "unable to read VID header back from PEB %i: %i", + *pnum, err); + + goto out_free; + } + + err = 0; + +out_free: + ubi_free_vid_buf(vidb); + + return err; +} +#else +static int check_mapping(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, + int *pnum) +{ + return 0; +} +#endif + /** * ubi_eba_read_leb - read data. * @ubi: UBI device description object @@ -522,7 +598,13 @@ int ubi_eba_read_leb(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, return err; pnum = vol->eba_tbl->entries[lnum].pnum; - if (pnum < 0) { + if (pnum >= 0) { + err = check_mapping(ubi, vol, lnum, &pnum); + if (err < 0) + goto out_unlock; + } + + if (pnum == UBI_LEB_UNMAPPED) { /* * The logical eraseblock is not mapped, fill the whole buffer * with 0xFF bytes. The exception is static volumes for which @@ -930,6 +1012,12 @@ int ubi_eba_write_leb(struct ubi_device *ubi, struct ubi_volume *vol, int lnum, return err; pnum = vol->eba_tbl->entries[lnum].pnum; + if (pnum >= 0) { + err = check_mapping(ubi, vol, lnum, &pnum); + if (err < 0) + goto out; + } + if (pnum >= 0) { dbg_eba("write %d bytes at offset %d of LEB %d:%d, PEB %d", len, offset, vol_id, lnum, pnum);

6 years, 11 months

3
2
0 0

Please apply to stable 4.9 kernel

by Juergen Gross

Hi Greg, please apply the attched backported patch to the 4.9 stable tree. Juergen

6 years, 11 months

2
2
0 0

[BACKPORT PATCH] mtd: nand: fix return value check for bad block status

by Abhishek Sahu

commit e9893e6fa932f42c90c4ac5849fa9aa0f0f00a34 upstream. Positive return value from read_oob() is making false BAD blocks. For some of the NAND controllers, OOB bytes will be protected with ECC and read_oob() will return number of bitflips. If there is any bitflip in ECC protected OOB bytes for BAD block status page, then that block is getting treated as BAD. Fixes: c120e75e0e7d ("mtd: nand: use read_oob() instead of cmdfunc() for bad block check") Cc: <stable(a)vger.kernel.org> Signed-off-by: Abhishek Sahu <absahu(a)codeaurora.org> Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> [backported to 4.14.y] Signed-off-by: Abhishek Sahu <absahu(a)codeaurora.org> --- This is backported patch for failed patch mentioned in https://www.spinics.net/lists/stable/msg245833.html The failure happened due to file rename. drivers/mtd/nand/nand_base.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c index 528e04f..d410de3 100644 --- a/drivers/mtd/nand/nand_base.c +++ b/drivers/mtd/nand/nand_base.c @@ -440,7 +440,7 @@ static int nand_block_bad(struct mtd_info *mtd, loff_t ofs) for (; page < page_end; page++) { res = chip->ecc.read_oob(mtd, chip, page); - if (res) + if (res < 0) return res; bad = chip->oob_poi[chip->badblockpos]; -- QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, hosted by The Linux Foundation

6 years, 11 months

2
2
0 0

Please apply to stable 4.9 kernel

by Juergen Gross

Hi Greg, please apply the attched backported patch to the 4.9 stable tree. It is needed to boot Xen PV guests (broken since commit c43b4ff972a986c85bdd8dc1aa05fe23b29ef99c which I didn't realize due to my kernel parameters when testing). Juergen

6 years, 11 months

2
1
0 0

stable request for v4.17.x, v4.14.x, v4.9.x, v4.4.x: ARM: dts: imx6q: Use correct SDMA script for SPI5 core

by Sean Nyekjær

Hi Greg, subject "ARM: dts: imx6q: Use correct SDMA script for SPI5 core" commit df07101e1c4a29e820df02f9989a066988b160e6 upstream. Please apply to v4.17.x, v4.14.x, v4.9.x, v4.4.x. I forgot to write CC: <stable(a)vger.kernel.org> in the commit msg. I hope this can go in the stable trees. Please let me know if the commit was in the queue already and I had done everything correctly. :-) BR /Sean

6 years, 11 months

2
1
0 0

Backport request: bfe72442578b to 4.9.y

by Dan Rue

Hi Greg - Please apply bfe72442578b ("net: phy: micrel: fix crash when statistic requested for KSZ9031 phy") to 4.9.y. Since at least 4.9.95 (this was discussed during 4.9.95 release cycle), 'ethtool --phy-statistics eth0' causes a system crash on micrel systems. This is still happening, and this patch fixes the issue. Thanks! Dan

6 years, 11 months

2
1
0 0

[PATCH] cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting

by Stefano Brivio

A "small" CIFS buffer is not big enough in general to hold a setacl request for SMB2, and we end up overflowing the buffer in send_set_info(). For instance: # mount.cifs //127.0.0.1/test /mnt/test -o username=test,password=test,nounix,cifsacl # touch /mnt/test/acltest # getcifsacl /mnt/test/acltest REVISION:0x1 CONTROL:0x9004 OWNER:S-1-5-21-2926364953-924364008-418108241-1000 GROUP:S-1-22-2-1001 ACL:S-1-5-21-2926364953-924364008-418108241-1000:ALLOWED/0x0/0x1e01ff ACL:S-1-22-2-1001:ALLOWED/0x0/R ACL:S-1-22-2-1001:ALLOWED/0x0/R ACL:S-1-5-21-2926364953-924364008-418108241-1000:ALLOWED/0x0/0x1e01ff ACL:S-1-1-0:ALLOWED/0x0/R # setcifsacl -a "ACL:S-1-22-2-1004:ALLOWED/0x0/R" /mnt/test/acltest this setacl will cause the following KASAN splat: [ 330.777927] BUG: KASAN: slab-out-of-bounds in send_set_info+0x4dd/0xc20 [cifs] [ 330.779696] Write of size 696 at addr ffff88010d5e2860 by task setcifsacl/1012 [ 330.781882] CPU: 1 PID: 1012 Comm: setcifsacl Not tainted 4.18.0-rc2+ #2 [ 330.783140] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 330.784395] Call Trace: [ 330.784789] dump_stack+0xc2/0x16b [ 330.786777] print_address_description+0x6a/0x270 [ 330.787520] kasan_report+0x258/0x380 [ 330.788845] memcpy+0x34/0x50 [ 330.789369] send_set_info+0x4dd/0xc20 [cifs] [ 330.799511] SMB2_set_acl+0x76/0xa0 [cifs] [ 330.801395] set_smb2_acl+0x7ac/0xf30 [cifs] [ 330.830888] cifs_xattr_set+0x963/0xe40 [cifs] [ 330.840367] __vfs_setxattr+0x84/0xb0 [ 330.842060] __vfs_setxattr_noperm+0xe6/0x370 [ 330.843848] vfs_setxattr+0xc2/0xd0 [ 330.845519] setxattr+0x258/0x320 [ 330.859211] path_setxattr+0x15b/0x1b0 [ 330.864392] __x64_sys_setxattr+0xc0/0x160 [ 330.866133] do_syscall_64+0x14e/0x4b0 [ 330.876631] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 330.878503] RIP: 0033:0x7ff2e507db0a [ 330.880151] Code: 48 8b 0d 89 93 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 bc 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 56 93 2c 00 f7 d8 64 89 01 48 [ 330.885358] RSP: 002b:00007ffdc4903c18 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 330.887733] RAX: ffffffffffffffda RBX: 000055d1170de140 RCX: 00007ff2e507db0a [ 330.890067] RDX: 000055d1170de7d0 RSI: 000055d115b39184 RDI: 00007ffdc4904818 [ 330.892410] RBP: 0000000000000001 R08: 0000000000000000 R09: 000055d1170de7e4 [ 330.894785] R10: 00000000000002b8 R11: 0000000000000246 R12: 0000000000000007 [ 330.897148] R13: 000055d1170de0c0 R14: 0000000000000008 R15: 000055d1170de550 [ 330.901057] Allocated by task 1012: [ 330.902888] kasan_kmalloc+0xa0/0xd0 [ 330.904714] kmem_cache_alloc+0xc8/0x1d0 [ 330.906615] mempool_alloc+0x11e/0x380 [ 330.908496] cifs_small_buf_get+0x35/0x60 [cifs] [ 330.910510] smb2_plain_req_init+0x4a/0xd60 [cifs] [ 330.912551] send_set_info+0x198/0xc20 [cifs] [ 330.914535] SMB2_set_acl+0x76/0xa0 [cifs] [ 330.916465] set_smb2_acl+0x7ac/0xf30 [cifs] [ 330.918453] cifs_xattr_set+0x963/0xe40 [cifs] [ 330.920426] __vfs_setxattr+0x84/0xb0 [ 330.922284] __vfs_setxattr_noperm+0xe6/0x370 [ 330.924213] vfs_setxattr+0xc2/0xd0 [ 330.926008] setxattr+0x258/0x320 [ 330.927762] path_setxattr+0x15b/0x1b0 [ 330.929592] __x64_sys_setxattr+0xc0/0x160 [ 330.931459] do_syscall_64+0x14e/0x4b0 [ 330.933314] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 330.936843] Freed by task 0: [ 330.938588] (stack is not available) [ 330.941886] The buggy address belongs to the object at ffff88010d5e2800 which belongs to the cache cifs_small_rq of size 448 [ 330.946362] The buggy address is located 96 bytes inside of 448-byte region [ffff88010d5e2800, ffff88010d5e29c0) [ 330.950722] The buggy address belongs to the page: [ 330.952789] page:ffffea0004357880 count:1 mapcount:0 mapping:ffff880108fdca80 index:0x0 compound_mapcount: 0 [ 330.955665] flags: 0x17ffffc0008100(slab|head) [ 330.957760] raw: 0017ffffc0008100 dead000000000100 dead000000000200 ffff880108fdca80 [ 330.960356] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 330.963005] page dumped because: kasan: bad access detected [ 330.967039] Memory state around the buggy address: [ 330.969255] ffff88010d5e2880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 330.971833] ffff88010d5e2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 330.974397] >ffff88010d5e2980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 330.976956] ^ [ 330.979226] ffff88010d5e2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 330.981755] ffff88010d5e2a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 330.984225] ================================================================== Fix this by allocating a regular CIFS buffer in smb2_plain_req_init() if the request command is SMB2_SET_INFO. Reported-by: Jianhong Yin <jiyin(a)redhat.com> Fixes: 366ed846df60 ("cifs: Use smb 2 - 3 and cifsacl mount options setacl function") Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- fs/cifs/smb2pdu.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 7608c241b1ef..b2fa834da210 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -340,7 +340,10 @@ smb2_plain_req_init(__le16 smb2_command, struct cifs_tcon *tcon, return rc; /* BB eventually switch this to SMB2 specific small buf size */ - *request_buf = cifs_small_buf_get(); + if (smb2_command == SMB2_SET_INFO) + *request_buf = cifs_buf_get(); + else + *request_buf = cifs_small_buf_get(); if (*request_buf == NULL) { /* BB should we add a retry in here if not a writepage? */ return -ENOMEM; @@ -3720,7 +3723,7 @@ send_set_info(const unsigned int xid, struct cifs_tcon *tcon, rc = cifs_send_recv(xid, ses, &rqst, &resp_buftype, flags, &rsp_iov); - cifs_small_buf_release(req); + cifs_buf_release(req); rsp = (struct smb2_set_info_rsp *)rsp_iov.iov_base; if (rc != 0) { -- 2.15.1

6 years, 11 months

3
7
0 0

[PATCH v4 2/3] ioremap: Update pgtable free interfaces with addr

by Toshi Kani

From: Chintan Pandya <cpandya(a)codeaurora.org> The following kernel panic was observed on ARM64 platform due to a stale TLB entry. 1. ioremap with 4K size, a valid pte page table is set. 2. iounmap it, its pte entry is set to 0. 3. ioremap the same address with 2M size, update its pmd entry with a new value. 4. CPU may hit an exception because the old pmd entry is still in TLB, which leads to a kernel panic. Commit b6bdb7517c3d ("mm/vmalloc: add interfaces to free unmapped page table") has addressed this panic by falling to pte mappings in the above case on ARM64. To support pmd mappings in all cases, TLB purge needs to be performed in this case on ARM64. Add a new arg, 'addr', to pud_free_pmd_page() and pmd_free_pte_page() so that TLB purge can be added later in seprate patches. [toshi.kani(a)hpe.com: merge changes, rewrite patch description] Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Signed-off-by: Chintan Pandya <cpandya(a)codeaurora.org> Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <stable(a)vger.kernel.org> --- arch/arm64/mm/mmu.c | 4 ++-- arch/x86/mm/pgtable.c | 12 +++++++----- include/asm-generic/pgtable.h | 8 ++++---- lib/ioremap.c | 4 ++-- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 493ff75670ff..8ae5d7ae4af3 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -977,12 +977,12 @@ int pmd_clear_huge(pmd_t *pmdp) return 1; } -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return pud_none(*pud); } -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return pmd_none(*pmd); } diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index 1aeb7a5dbce5..fbd14e506758 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -723,11 +723,12 @@ int pmd_clear_huge(pmd_t *pmd) /** * pud_free_pmd_page - Clear pud entry and free pmd page. * @pud: Pointer to a PUD. + * @addr: Virtual address associated with pud. * * Context: The pud range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { pmd_t *pmd; int i; @@ -738,7 +739,7 @@ int pud_free_pmd_page(pud_t *pud) pmd = (pmd_t *)pud_page_vaddr(*pud); for (i = 0; i < PTRS_PER_PMD; i++) - if (!pmd_free_pte_page(&pmd[i])) + if (!pmd_free_pte_page(&pmd[i], addr + (i * PMD_SIZE))) return 0; pud_clear(pud); @@ -750,11 +751,12 @@ int pud_free_pmd_page(pud_t *pud) /** * pmd_free_pte_page - Clear pmd entry and free pte page. * @pmd: Pointer to a PMD. + * @addr: Virtual address associated with pmd. * * Context: The pmd range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { pte_t *pte; @@ -770,7 +772,7 @@ int pmd_free_pte_page(pmd_t *pmd) #else /* !CONFIG_X86_64 */ -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return pud_none(*pud); } @@ -779,7 +781,7 @@ int pud_free_pmd_page(pud_t *pud) * Disable free page handling on x86-PAE. This assures that ioremap() * does not update sync'd pmd entries. See vmalloc_sync_one(). */ -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return pmd_none(*pmd); } diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h index f59639afaa39..b081794ba135 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h @@ -1019,8 +1019,8 @@ int pud_set_huge(pud_t *pud, phys_addr_t addr, pgprot_t prot); int pmd_set_huge(pmd_t *pmd, phys_addr_t addr, pgprot_t prot); int pud_clear_huge(pud_t *pud); int pmd_clear_huge(pmd_t *pmd); -int pud_free_pmd_page(pud_t *pud); -int pmd_free_pte_page(pmd_t *pmd); +int pud_free_pmd_page(pud_t *pud, unsigned long addr); +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr); #else /* !CONFIG_HAVE_ARCH_HUGE_VMAP */ static inline int p4d_set_huge(p4d_t *p4d, phys_addr_t addr, pgprot_t prot) { @@ -1046,11 +1046,11 @@ static inline int pmd_clear_huge(pmd_t *pmd) { return 0; } -static inline int pud_free_pmd_page(pud_t *pud) +static inline int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return 0; } -static inline int pmd_free_pte_page(pmd_t *pmd) +static inline int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return 0; } diff --git a/lib/ioremap.c b/lib/ioremap.c index 54e5bbaa3200..517f5853ffed 100644 --- a/lib/ioremap.c +++ b/lib/ioremap.c @@ -92,7 +92,7 @@ static inline int ioremap_pmd_range(pud_t *pud, unsigned long addr, if (ioremap_pmd_enabled() && ((next - addr) == PMD_SIZE) && IS_ALIGNED(phys_addr + addr, PMD_SIZE) && - pmd_free_pte_page(pmd)) { + pmd_free_pte_page(pmd, addr)) { if (pmd_set_huge(pmd, phys_addr + addr, prot)) continue; } @@ -119,7 +119,7 @@ static inline int ioremap_pud_range(p4d_t *p4d, unsigned long addr, if (ioremap_pud_enabled() && ((next - addr) == PUD_SIZE) && IS_ALIGNED(phys_addr + addr, PUD_SIZE) && - pud_free_pmd_page(pud)) { + pud_free_pmd_page(pud, addr)) { if (pud_set_huge(pud, phys_addr + addr, prot)) continue; }

6 years, 11 months

5
9
0 0

[PATCH] cifs: Fix infinite loop when using hard mount option

by Paulo Alcantara

For every request we send, whether it is SMB1 or SMB2+, we attempt to reconnect tcon (cifs_reconnect_tcon or smb2_reconnect) before carrying out the request. So, while server->tcpStatus != CifsNeedReconnect, we wait for the reconnection to succeed on wait_event_interruptible_timeout(). If it returns, that means that either the condition was evaluated to true, or timeout elapsed, or it was interrupted by a signal. Since we're not handling the case where the process woke up due to a received signal (-ERESTARTSYS), the next call to wait_event_interruptible_timeout() will _always_ fail and we end up looping forever inside either cifs_reconnect_tcon() or smb2_reconnect(). Here's an example of how to trigger that: $ mount.cifs //foo/share /mnt/test -o username=foo,password=foo,vers=1.0,hard (break connection to server before executing bellow cmd) $ stat -f /mnt/test & sleep 140 [1] 2511 $ ps -aux -q 2511 USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 2511 0.0 0.0 12892 1008 pts/0 S 12:24 0:00 stat -f /mnt/test $ kill -9 2511 (wait for a while; process is stuck in the kernel) $ ps -aux -q 2511 USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 2511 83.2 0.0 12892 1008 pts/0 R 12:24 30:01 stat -f /mnt/test By using 'hard' mount point means that cifs.ko will keep retrying indefinitely, however we must allow the process to be killed otherwise it would hang the system. Signed-off-by: Paulo Alcantara <palcantara(a)suse.de> Cc: stable(a)vger.kernel.org --- fs/cifs/cifssmb.c | 10 ++++++++-- fs/cifs/smb2pdu.c | 18 ++++++++++++------ 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index d352da325de3..93408eab92e7 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c @@ -157,8 +157,14 @@ cifs_reconnect_tcon(struct cifs_tcon *tcon, int smb_command) * greater than cifs socket timeout which is 7 seconds */ while (server->tcpStatus == CifsNeedReconnect) { - wait_event_interruptible_timeout(server->response_q, - (server->tcpStatus != CifsNeedReconnect), 10 * HZ); + rc = wait_event_interruptible_timeout(server->response_q, + (server->tcpStatus != CifsNeedReconnect), + 10 * HZ); + if (rc < 0) { + cifs_dbg(FYI, "%s: aborting reconnect due to a received" + " signal by the process\n", __func__); + return -ERESTARTSYS; + } /* are we still trying to reconnect? */ if (server->tcpStatus != CifsNeedReconnect) diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 810b85787c91..086629b0d59c 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -155,7 +155,7 @@ smb2_hdr_assemble(struct smb2_sync_hdr *shdr, __le16 smb2_cmd, static int smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) { - int rc = 0; + int rc; struct nls_table *nls_codepage; struct cifs_ses *ses; struct TCP_Server_Info *server; @@ -166,10 +166,10 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) * for those three - in the calling routine. */ if (tcon == NULL) - return rc; + return 0; if (smb2_command == SMB2_TREE_CONNECT) - return rc; + return 0; if (tcon->tidStatus == CifsExiting) { /* @@ -212,8 +212,14 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) return -EAGAIN; } - wait_event_interruptible_timeout(server->response_q, - (server->tcpStatus != CifsNeedReconnect), 10 * HZ); + rc = wait_event_interruptible_timeout(server->response_q, + (server->tcpStatus != CifsNeedReconnect), + 10 * HZ); + if (rc < 0) { + cifs_dbg(FYI, "%s: aborting reconnect due to a received" + " signal by the process\n", __func__); + return -ERESTARTSYS; + } /* are we still trying to reconnect? */ if (server->tcpStatus != CifsNeedReconnect) @@ -231,7 +237,7 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) } if (!tcon->ses->need_reconnect && !tcon->need_reconnect) - return rc; + return 0; nls_codepage = load_nls_default(); -- 2.18.0

6 years, 11 months

2
1
0 0

Re: [PATCH] ARM64: dts: meson-gxl-s905x-p212: Add phy-supply for usb0

by Neil Armstrong

Hi Stable Maintainers, On 05/06/2018 10:52, Neil Armstrong wrote: > Like LibreTech-CC, the USB0 needs the 5V regulator to be enabled to power the > devices on the P212 Reference Design based boards. > > Fixes: b9f07cb4f41f ("ARM64: dts: meson-gxl-s905x-p212: enable the USB controller") > Signed-off-by: Neil Armstrong <narmstrong(a)baylibre.com> > --- This commit hit Linus master with commit sha d511b3e4087eedbe11c7496c396432b8b7c2d7d9 Can this fix be applied to 4.17 stable kernel ? Thanks, Neil > arch/arm64/boot/dts/amlogic/meson-gxl-s905x-p212.dtsi | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/arch/arm64/boot/dts/amlogic/meson-gxl-s905x-p212.dtsi b/arch/arm64/boot/dts/amlogic/meson-gxl-s905x-p212.dtsi > index 0cfd701..a1b3101 100644 > --- a/arch/arm64/boot/dts/amlogic/meson-gxl-s905x-p212.dtsi > +++ b/arch/arm64/boot/dts/amlogic/meson-gxl-s905x-p212.dtsi > @@ -189,3 +189,10 @@ > &usb0 { > status = "okay"; > }; > + > +&usb2_phy0 { > + /* > + * HDMI_5V is also used as supply for the USB VBUS. > + */ > + phy-supply = <&hdmi_5v>; > +}; >

6 years, 11 months

2
1
0 0

stable request: Revert "sit: reload iphdr in ipip6_rcv"

by Luca Boccassi

Hello, Please consider backporting to 4.9.y the following commit from DaveM [CC'ed]: f4eb17e1efe538d4da7d574bedb00a8dafcc26b7 ("Revert "sit: reload iphdr in ipip6_rcv"") It cherry-picks cleanly and builds fine. The original commit was introduced and reverted in v4.12-rc5, but only the original made its way into the 4.9 stable release (v4.9.94). It causes a regression: pings to v6 hosts over a SIT tunnel do not work anymore, and the following error appears in dmesg: kernel: sit: non-ECT from 0.0.0.0 with TOS=0xd This was also reported and reverted downstream by Ubuntu: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1772775 Thanks! -- Kind regards, Luca Boccassi

6 years, 11 months

2
1
0 0

897366537f("genhd: Fix use after free in __blkdev_get()")

by Zubin Mithra

Hello, Syzkaller has reported a crash here[1] for a UAF in disk_unblock_events. Could the following patches be applied in order to 4.14? 517bf3c30("block: don't look at the struct device dev_t in disk_devt") 8ddcd653("block: introduce GENHD_FL_HIDDEN") f0fba398fe("block: avoid null pointer dereference on null disk") d52987b5("genhd: Fix leaked module reference for NVME devices") 9df6c2991("genhd: Add helper put_disk_and_module()") 89736653("genhd: Fix use after free in __blkdev_get()") [1] https://syzkaller.appspot.com/bug?id=d932bb61fb530dc6816b87b4649f3b6925f510… Thanks, Zubin

6 years, 11 months

2
1
0 0

stable request: don't set F_IFACE on ipv6 fib lookups and followup fix

by Florian Westphal

Hi. Please consider applying 47b7e7f82802 ("netfilter: don't set F_IFACE on ipv6 fib lookups") and its followup commit: cede24d1b21d ("netfilter: ip6t_rpfilter: provide input interface for route lookup") to 4.14.y. For 4.16.y and 4.17.y, please consider applying cede24d1b21d ("netfilter: ip6t_rpfilter: provide input interface for route lookup") For 4.17.y, consider fc6ddbecce44 ("netfilter: xt_connmark: fix list corruption on rmmod"). For all maintained trees, consider following candiate: adc972c5b88829d3 ("netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()") Thanks, Florian

6 years, 11 months

2
1
0 0

[PATCH 4.14.y] netfilter: nf_tables: fix NULL-ptr in nf_tables_dump_obj()

by Florian Westphal

From: Taehee Yoo <ap420073(a)gmail.com> commit 360cc79d9d299ce297b205508276285ceffc5fa8 upstream. The table field in nft_obj_filter is not an array. In order to check tablename, we should check if the pointer is set. Test commands: %nft add table ip filter %nft add counter ip filter ct1 %nft reset counters Splat looks like: [ 306.510504] kasan: CONFIG_KASAN_INLINE enabled [ 306.516184] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 306.524775] general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI [ 306.528284] Modules linked in: nft_objref nft_counter nf_tables nfnetlink ip_tables x_tables [ 306.528284] CPU: 0 PID: 1488 Comm: nft Not tainted 4.17.0-rc4+ #17 [ 306.528284] Hardware name: To be filled by O.E.M. To be filled by O.E.M./Aptio CRB, BIOS 5.6.5 07/08/2015 [ 306.528284] RIP: 0010:nf_tables_dump_obj+0x52c/0xa70 [nf_tables] [ 306.528284] RSP: 0018:ffff8800b6cb7520 EFLAGS: 00010246 [ 306.528284] RAX: 0000000000000000 RBX: ffff8800b6c49820 RCX: 0000000000000000 [ 306.528284] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: ffffed0016d96e9a [ 306.528284] RBP: ffff8800b6cb75c0 R08: ffffed00236fce7c R09: ffffed00236fce7b [ 306.528284] R10: ffffffff9f6241e8 R11: ffffed00236fce7c R12: ffff880111365108 [ 306.528284] R13: 0000000000000000 R14: ffff8800b6c49860 R15: ffff8800b6c49860 [ 306.528284] FS: 00007f838b007700(0000) GS:ffff88011b600000(0000) knlGS:0000000000000000 [ 306.528284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 306.528284] CR2: 00007ffeafabcf78 CR3: 00000000b6cbe000 CR4: 00000000001006f0 [ 306.528284] Call Trace: [ 306.528284] netlink_dump+0x470/0xa20 [ 306.528284] __netlink_dump_start+0x5ae/0x690 [ 306.528284] ? nf_tables_getobj+0x1b3/0x740 [nf_tables] [ 306.528284] nf_tables_getobj+0x2f5/0x740 [nf_tables] [ 306.528284] ? nft_obj_notify+0x100/0x100 [nf_tables] [ 306.528284] ? nf_tables_getobj+0x740/0x740 [nf_tables] [ 306.528284] ? nf_tables_dump_flowtable_done+0x70/0x70 [nf_tables] [ 306.528284] ? nft_obj_notify+0x100/0x100 [nf_tables] [ 306.528284] nfnetlink_rcv_msg+0x8ff/0x932 [nfnetlink] [ 306.528284] ? nfnetlink_rcv_msg+0x216/0x932 [nfnetlink] [ 306.528284] netlink_rcv_skb+0x1c9/0x2f0 [ 306.528284] ? nfnetlink_bind+0x1d0/0x1d0 [nfnetlink] [ 306.528284] ? debug_check_no_locks_freed+0x270/0x270 [ 306.528284] ? netlink_ack+0x7a0/0x7a0 [ 306.528284] ? ns_capable_common+0x6e/0x110 [ ... ] Fixes: e46abbcc05aa8 ("netfilter: nf_tables: Allow table names of up to 255 chars") Signed-off-by: Taehee Yoo <ap420073(a)gmail.com> Acked-by: Florian Westphal <fw(a)strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> Signed-off-by: Florian Westphal <fw(a)strlen.de> --- net/netfilter/nf_tables_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 60936bca3181..85b549e84104 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -4614,7 +4614,7 @@ static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) if (idx > s_idx) memset(&cb->args[1], 0, sizeof(cb->args) - sizeof(cb->args[0])); - if (filter && filter->table[0] && + if (filter && filter->table && strcmp(filter->table, table->name)) goto cont; if (filter && -- 2.16.4

6 years, 11 months

2
1
0 0

Re: [PATCHES] Networking

by Jiri Slaby

On 09/15/2017, 06:57 AM, David Miller wrote: > Please queue up the following networking bug fixes for v4.9, v4.12, and > v4.13 -stable, respectively. Hi, while walking through some fixes, I wonder, whether backports of 25cc72a33835 (mlxsw: spectrum: Forbid linking to devices that have uppers) to 4.9 and 4.12 are correct. Part of the original commit: --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c @@ -4139,6 +4139,8 @@ static int mlxsw_sp_netdevice_port_upper_event(struct net_device *lower_dev, return -EINVAL; if (!info->linking) break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; if (netif_is_lag_master(upper_dev) && !mlxsw_sp_master_lag_check(mlxsw_sp, upper_dev, info->upper_info)) @@ -4258,6 +4260,10 @@ static int mlxsw_sp_netdevice_port_vlan_event(struct net_device *vlan_dev, upper_dev = info->upper_dev; if (!netif_is_bridge_master(upper_dev)) return -EINVAL; + if (!info->linking) + break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; break; case NETDEV_CHANGEUPPER: upper_dev = info->upper_dev; It changes mlxsw_sp_netdevice_port_upper_event and mlxsw_sp_netdevice_port_vlan_event. 4.9 backport (73ee5a73e75): --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c @@ -4172,6 +4172,8 @@ static int mlxsw_sp_netdevice_port_upper_event(struct net_device *dev, return -EINVAL; if (!info->linking) break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; /* HW limitation forbids to put ports to multiple bridges. */ if (netif_is_bridge_master(upper_dev) && !mlxsw_sp_master_bridge_check(mlxsw_sp, upper_dev)) @@ -4185,6 +4187,10 @@ static int mlxsw_sp_netdevice_port_upper_event(struct net_device *dev, if (netif_is_lag_port(dev) && is_vlan_dev(upper_dev) && !netif_is_lag_master(vlan_dev_real_dev(upper_dev))) return -EINVAL; + if (!info->linking) + break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; break; case NETDEV_CHANGEUPPER: upper_dev = info->upper_dev; It changes mlxsw_sp_netdevice_port_upper_event *twice* instead of mlxsw_sp_netdevice_port_vlan_event, which was named mlxsw_sp_netdevice_vport_event in 4.9 yet. 4.12 backport (2f4232ba8001): --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c @@ -4110,6 +4110,8 @@ static int mlxsw_sp_netdevice_port_upper_event(struct net_device *dev, return -EINVAL; if (!info->linking) break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; /* HW limitation forbids to put ports to multiple bridges. */ if (netif_is_bridge_master(upper_dev) && !mlxsw_sp_master_bridge_check(mlxsw_sp, upper_dev)) @@ -4274,6 +4276,10 @@ static int mlxsw_sp_netdevice_bridge_event(struct net_device *br_dev, if (is_vlan_dev(upper_dev) && br_dev != mlxsw_sp->master_bridge.dev) return -EINVAL; + if (!info->linking) + break; + if (netdev_has_any_upper_dev(upper_dev)) + return -EINVAL; break; case NETDEV_CHANGEUPPER: upper_dev = info->upper_dev; It changes mlxsw_sp_netdevice_port_upper_event (OK) and mlxsw_sp_netdevice_bridge_event (not OK) instead of mlxsw_sp_netdevice_vport_event. Did I miss something or is this a mistake? thanks, -- js suse labs

6 years, 11 months

3
5
0 0

netfilter stable requests for 4.14, 4.16

by Florian Westphal

Hello, Here is a list of netfilter bug fixes that I'd like to see in 4.16 and 4.14. I've cherry-picked these and with one exception (noted below) all pick cleanly. Patches are listed in top-down order. For v4.16.y and v4.14.y: b8e9dc1c75714ceb53615743e1036f76e00f5a17 ("netfilter: nf_tables: nft_compat: fix refcount leak on xt module") 8bdf164744b2c7f63561846c01cff3db597f282d ("netfilter: nft_compat: prepare for indirect info storage") Necessary to make the fix (next patch below) apply. 732a8049f365f514d0607e03938491bf6cb0d620 ("netfilter: nft_compat: fix handling of large matchinfo size") Without it, some iptables -A will fail when using iptables via nfnetlink (notably the cgroup match). 009240940e84c1c089af88b454f7e804a4c5bd1b ("netfilter: nf_tables: don't assume chain stats are set when jumplabel is set") Fixes null-ptr deref. bb7b40aecbf778c0c83a5bd62b0f03ca9f49a618 ("netfilter: nf_tables: bogus EBUSY in chain deletions") Fixes erroneous reject of some valid rulesets. 97a0549b15a0b466c47f6a0143a490a082c64b4e ("netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval") This fixes a bug where 'nft ... meta nftrace set 0' may set a nonzero value instead. ad9d9e85072b668731f356be0a3750a3ba22a607 ("netfilter: nf_tables: disable preemption in nft_update_chain_stats()") 360cc79d9d299ce297b205508276285ceffc5fa8 ("netfilter: nf_tables: fix NULL-ptr in nf_tables_dump_obj()"), bug added in v4.14-rc1 Applies cleanly to 4.16 but in 4.14 tjis fails as the 2nd location that is patched (nf_tables_dump_flowtable) doesn't exist. So in 4.14 this is a one-line change: - if (filter && filter->table[0] && + if (filter && filter->table && bbb8c61f97e3a2dd91b30d3e57b7964a67569d11 ("netfilter: nf_tables: increase nft_counters_enabled in nft_chain_stats_replace()" This fixes underflow of the static_key used for the base chain counters. f0dfd7a2b35b02030949100247d851b793cb275f ("netfilter: nf_tables: fix memory leak on error exit return"), since 4.12 additional change for v4.14.y (its already in 4.16): 467697d289e7e6e1b15910d99096c0da08c56d5b ("netfilter: nf_tables: add missing netlink attrs to policies") If you'd like me to handle such larger requests differently please let me know your preferenced way to handle this. Thanks, Florian

6 years, 11 months

2
2
0 0

[PATCH 4.4 00/56] 4.4.132-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.132 release. There are 56 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed May 16 06:47:39 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.132-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.132-rc1 Peter Zijlstra <peterz(a)infradead.org> perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] Peter Zijlstra <peterz(a)infradead.org> perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver Peter Zijlstra <peterz(a)infradead.org> perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr Peter Zijlstra <peterz(a)infradead.org> perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* Masami Hiramatsu <mhiramat(a)kernel.org> tracing/uprobe_event: Fix strncpy corner case Hans de Goede <hdegoede(a)redhat.com> Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" Gustavo A. R. Silva <gustavo(a)embeddedor.com> atm: zatm: Fix potential Spectre v1 Gustavo A. R. Silva <gustavo(a)embeddedor.com> net: atm: Fix potential Spectre v1 Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Fix regex_match_front() to not over compare the test string Hans de Goede <hdegoede(a)redhat.com> libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs Johan Hovold <johan(a)kernel.org> rfkill: gpio: fix memory leak in probe error path Yi Zhao <yi.zhao(a)windriver.com> xfrm_user: fix return value from xfrm_user_rcv_msg Wei Fang <fangwei1(a)huawei.com> f2fs: fix a dead loop in f2fs_fiemap() Jan Kara <jack(a)suse.cz> bdi: Fix oops in wb_workfn() Eric Dumazet <edumazet(a)google.com> tcp: fix TCP_REPAIR_QUEUE bound checking Jiri Olsa <jolsa(a)kernel.org> perf: Remove superfluous allocation error check Eric Dumazet <edumazet(a)google.com> soreuseport: initialise timewait reuseport field Eric Dumazet <edumazet(a)google.com> dccp: initialize ireq->ir_mark Eric Dumazet <edumazet(a)google.com> net: fix uninit-value in __hw_addr_add_ex() Eric Dumazet <edumazet(a)google.com> net: initialize skb->peeked when cloning Eric Dumazet <edumazet(a)google.com> net: fix rtnh_ok() Eric Dumazet <edumazet(a)google.com> netlink: fix uninit-value in netlink_sendmsg Eric Dumazet <edumazet(a)google.com> crypto: af_alg - fix possible uninit-value in alg_bind() Julian Anastasov <ja(a)ssi.bg> ipvs: fix rtnl_lock lockups caused by start_sync_thread Bin Liu <b-liu(a)ti.com> usb: musb: host: fix potential NULL pointer dereference SZ Lin (林上智) <sz.lin(a)moxa.com> USB: serial: option: adding support for ublox R410M Johan Hovold <johan(a)kernel.org> USB: serial: option: reimplement interface masking Alan Stern <stern(a)rowland.harvard.edu> USB: Accept bulk endpoints with 1024-byte maxpacket Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> USB: serial: visor: handle potential invalid device configuration Ben Hutchings <ben.hutchings(a)codethink.co.uk> test_firmware: fix setting old custom fw path back on exit, second try Thomas Hellstrom <thellstrom(a)vmware.com> drm/vmwgfx: Fix a buffer object leak Danit Goldberg <danitg(a)mellanox.com> IB/mlx5: Use unlimited rate when static rate is not supported SZ Lin (林上智) <sz.lin(a)moxa.com> NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 Leon Romanovsky <leonro(a)mellanox.com> RDMA/mlx5: Protect from shift operand overflow Roland Dreier <roland(a)purestorage.com> RDMA/ucma: Allow resolving address w/o specifying source address Darrick J. Wong <darrick.wong(a)oracle.com> xfs: prevent creating negative-sized file via INSERT_RANGE Vittorio Gambaletta (VittGam) <linuxbugs(a)vittgam.net> Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: leds - fix out of bound access Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> tracepoint: Do not warn on ENOMEM Takashi Iwai <tiwai(a)suse.de> ALSA: aloop: Add missing cable lock to ctl API callbacks Robert Rosengren <robert.rosengren(a)axis.com> ALSA: aloop: Mark paused device as inactive Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Check PCM state at xfern compat ioctl Kristian Evensen <kristian.evensen(a)gmail.com> USB: serial: option: Add support for Quectel EP06 Markus Pargmann <mpa(a)pengutronix.de> gpmi-nand: Handle ECC Errors in erased pages Vasanthakumar Thiagarajan <vthiagar(a)qti.qualcomm.com> ath10k: rebuild crypto header in rx data frames Vasanthakumar Thiagarajan <vthiagar(a)qti.qualcomm.com> ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode David Spinadel <david.spinadel(a)intel.com> mac80211: Add RX flag to indicate ICV stripped Sara Sharon <sara.sharon(a)intel.com> mac80211: allow same PN for AMSDU sub-frames Sara Sharon <sara.sharon(a)intel.com> mac80211: allow not sending MIC up from driver for HW crypto Tejun Heo <tj(a)kernel.org> percpu: include linux/sched.h for cond_resched() Alexander Yarygin <yarygin(a)linux.vnet.ibm.com> KVM: s390: Enable all facility bits that are known good for passthrough Teng Qin <qinteng(a)fb.com> bpf: map_get_next_key to return first key on NULL Tan Xiaojun <tanxiaojun(a)huawei.com> perf/core: Fix the perf_cpu_time_max_percent check ------------- Diffstat: Makefile | 4 +- arch/s390/kvm/kvm-s390.c | 4 +- arch/x86/kernel/cpu/perf_event.c | 8 +- arch/x86/kernel/cpu/perf_event_intel_cstate.c | 2 + arch/x86/kernel/cpu/perf_event_msr.c | 9 +- crypto/af_alg.c | 8 +- drivers/ata/libata-core.c | 3 + drivers/atm/zatm.c | 3 + drivers/bluetooth/btusb.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 1 + drivers/infiniband/core/ucma.c | 2 +- drivers/infiniband/hw/mlx5/qp.c | 22 +- drivers/input/input-leds.c | 8 +- drivers/input/touchscreen/atmel_mxt_ts.c | 9 + drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 78 +++- drivers/net/can/usb/kvaser_usb.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/ath/ath10k/core.c | 8 + drivers/net/wireless/ath/ath10k/core.h | 4 + drivers/net/wireless/ath/ath10k/htt_rx.c | 100 ++++- drivers/net/wireless/ath/wcn36xx/txrx.c | 2 +- drivers/usb/core/config.c | 4 +- drivers/usb/musb/musb_host.c | 4 +- drivers/usb/serial/option.c | 448 ++++++++-------------- drivers/usb/serial/visor.c | 69 ++-- fs/f2fs/data.c | 2 +- fs/fs-writeback.c | 2 +- fs/xfs/xfs_file.c | 14 +- include/net/inet_timewait_sock.h | 1 + include/net/mac80211.h | 14 +- include/net/nexthop.h | 2 +- kernel/bpf/arraymap.c | 2 +- kernel/bpf/hashtab.c | 9 +- kernel/bpf/syscall.c | 20 +- kernel/events/callchain.c | 10 +- kernel/events/core.c | 2 +- kernel/events/ring_buffer.c | 7 +- kernel/trace/trace_events_filter.c | 3 + kernel/trace/trace_uprobe.c | 2 + kernel/tracepoint.c | 4 +- mm/percpu.c | 1 + net/atm/lec.c | 9 +- net/core/dev_addr_lists.c | 4 +- net/core/skbuff.c | 1 + net/dccp/ipv4.c | 1 + net/dccp/ipv6.c | 1 + net/ipv4/inet_timewait_sock.c | 1 + net/ipv4/tcp.c | 2 +- net/mac80211/util.c | 5 +- net/mac80211/wep.c | 3 +- net/mac80211/wpa.c | 45 ++- net/netfilter/ipvs/ip_vs_ctl.c | 8 - net/netfilter/ipvs/ip_vs_sync.c | 155 ++++---- net/netlink/af_netlink.c | 2 + net/rfkill/rfkill-gpio.c | 7 +- net/xfrm/xfrm_user.c | 2 +- sound/core/pcm_compat.c | 2 + sound/core/seq/seq_virmidi.c | 4 +- sound/drivers/aloop.c | 29 +- tools/testing/selftests/firmware/fw_filesystem.sh | 6 +- 60 files changed, 656 insertions(+), 531 deletions(-)

6 years, 11 months

7
62
0 0

[PATCH 4.4 00/24] 4.4.138-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.138 release. There are 24 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Jun 16 13:27:15 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.138-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.138-rc1 Michael Ellerman <mpe(a)ellerman.id.au> crypto: vmx - Remove overly verbose printk from AES init routines Johannes Wienke <languitar(a)semipol.de> Input: elan_i2c - add ELAN0612 (Lenovo v330 14IKB) ACPI ID Ethan Lee <flibitijibibo(a)gmail.com> Input: goodix - add new ACPI id for GPD Win 2 touch screen Paolo Bonzini <pbonzini(a)redhat.com> kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access Gil Kupfer <gilkup(a)gmail.com> vmw_balloon: fixing double free when batching mode is off Marek Szyprowski <m.szyprowski(a)samsung.com> serial: samsung: fix maxburst parameter for DMA transactions Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: introduce linear_{read,write}_system Linus Torvalds <torvalds(a)linux-foundation.org> Clarify (and fix) MAX_LFS_FILESIZE macros Linus Walleij <linus.walleij(a)linaro.org> gpio: No NULL owner Andy Lutomirski <luto(a)kernel.org> x86/crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the crc32c code Kevin Easton <kevin(a)guarana.org> af_key: Always verify length of provided sadb_key Andy Lutomirski <luto(a)kernel.org> x86/fpu: Fix math emulation in eager fpu mode Andy Lutomirski <luto(a)kernel.org> x86/fpu: Fix FNSAVE usage in eagerfpu mode Andy Lutomirski <luto(a)kernel.org> x86/fpu: Hard-disable lazy FPU mode Borislav Petkov <bp(a)alien8.de> x86/fpu: Fix eager-FPU handling on legacy FPU machines Yu-cheng Yu <yu-cheng.yu(a)intel.com> x86/fpu: Revert ("x86/fpu: Disable AVX when eagerfpu is off") Andy Lutomirski <luto(a)kernel.org> x86/fpu: Fix 'no387' regression Andy Lutomirski <luto(a)kernel.org> x86/fpu: Default eagerfpu=on on all CPUs yu-cheng yu <yu-cheng.yu(a)intel.com> x86/fpu: Disable AVX when eagerfpu is off yu-cheng yu <yu-cheng.yu(a)intel.com> x86/fpu: Disable MPX when eagerfpu is off Borislav Petkov <bp(a)suse.de> x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros Juergen Gross <jgross(a)suse.com> x86: Remove unused function cpu_has_ht_siblings() yu-cheng yu <yu-cheng.yu(a)intel.com> x86/fpu: Fix early FPU command-line parsing ------------- Diffstat: Makefile | 4 +- arch/x86/crypto/chacha20_glue.c | 2 +- arch/x86/crypto/crc32c-intel_glue.c | 7 +- arch/x86/include/asm/cmpxchg_32.h | 2 +- arch/x86/include/asm/cmpxchg_64.h | 2 +- arch/x86/include/asm/cpufeature.h | 39 +------ arch/x86/include/asm/fpu/internal.h | 6 +- arch/x86/include/asm/fpu/xstate.h | 2 +- arch/x86/include/asm/kvm_emulate.h | 6 +- arch/x86/include/asm/smp.h | 9 -- arch/x86/include/asm/xor_32.h | 2 +- arch/x86/kernel/cpu/amd.c | 4 +- arch/x86/kernel/cpu/common.c | 4 +- arch/x86/kernel/cpu/intel.c | 3 +- arch/x86/kernel/cpu/intel_cacheinfo.c | 6 +- arch/x86/kernel/cpu/mtrr/generic.c | 2 +- arch/x86/kernel/cpu/mtrr/main.c | 2 +- arch/x86/kernel/cpu/perf_event_amd.c | 4 +- arch/x86/kernel/cpu/perf_event_amd_uncore.c | 11 +- arch/x86/kernel/fpu/core.c | 24 +++- arch/x86/kernel/fpu/init.c | 169 +++++++--------------------- arch/x86/kernel/fpu/xstate.c | 3 +- arch/x86/kernel/hw_breakpoint.c | 6 +- arch/x86/kernel/smpboot.c | 2 +- arch/x86/kernel/traps.c | 1 - arch/x86/kernel/vm86_32.c | 4 +- arch/x86/kvm/emulate.c | 72 ++++++------ arch/x86/kvm/vmx.c | 23 ++-- arch/x86/kvm/x86.c | 51 ++++++--- arch/x86/kvm/x86.h | 4 +- arch/x86/mm/setup_nx.c | 4 +- drivers/char/hw_random/via-rng.c | 5 +- drivers/crypto/padlock-aes.c | 2 +- drivers/crypto/padlock-sha.c | 2 +- drivers/crypto/vmx/aes.c | 2 - drivers/crypto/vmx/aes_cbc.c | 2 - drivers/crypto/vmx/aes_ctr.c | 2 - drivers/crypto/vmx/ghash.c | 2 - drivers/gpio/gpiolib.c | 9 +- drivers/input/mouse/elan_i2c_core.c | 1 + drivers/input/touchscreen/goodix.c | 1 + drivers/iommu/intel_irq_remapping.c | 2 +- drivers/misc/vmw_balloon.c | 23 ++-- drivers/tty/serial/samsung.c | 7 +- fs/btrfs/disk-io.c | 2 +- include/linux/fs.h | 4 +- net/key/af_key.c | 45 ++++++-- 47 files changed, 259 insertions(+), 332 deletions(-)

6 years, 11 months

8
38
0 0

FAILED: patch "[PATCH] n_tty: Access echo_* variables carefully." failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ebec3f8f5271139df618ebdf8427e24ba102ba94 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Sat, 26 May 2018 09:53:14 +0900 Subject: [PATCH] n_tty: Access echo_* variables carefully. syzbot is reporting stalls at __process_echoes() [1]. This is because since ldata->echo_commit < ldata->echo_tail becomes true for some reason, the discard loop is serving as almost infinite loop. This patch tries to avoid falling into ldata->echo_commit < ldata->echo_tail situation by making access to echo_* variables more carefully. Since reset_buffer_flags() is called without output_lock held, it should not touch echo_* variables. And omit a call to reset_buffer_flags() from n_tty_open() by using vzalloc(). Since add_echo_byte() is called without output_lock held, it needs memory barrier between storing into echo_buf[] and incrementing echo_head counter. echo_buf() needs corresponding memory barrier before reading echo_buf[]. Lack of handling the possibility of not-yet-stored multi-byte operation might be the reason of falling into ldata->echo_commit < ldata->echo_tail situation, for if I do WARN_ON(ldata->echo_commit == tail + 1) prior to echo_buf(ldata, tail + 1), the WARN_ON() fires. Also, explicitly masking with buffer for the former "while" loop, and use ldata->echo_commit > tail for the latter "while" loop. [1] https://syzkaller.appspot.com/bug?id=17f23b094cd80df750e5b0f8982c521ee6bcbf… Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reported-by: syzbot <syzbot+108696293d7a21ab688f(a)syzkaller.appspotmail.com> Cc: Peter Hurley <peter(a)hurleysoftware.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c index b279f8730e04..431742201709 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c @@ -143,6 +143,7 @@ static inline unsigned char *read_buf_addr(struct n_tty_data *ldata, size_t i) static inline unsigned char echo_buf(struct n_tty_data *ldata, size_t i) { + smp_rmb(); /* Matches smp_wmb() in add_echo_byte(). */ return ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)]; } @@ -318,9 +319,7 @@ static inline void put_tty_queue(unsigned char c, struct n_tty_data *ldata) static void reset_buffer_flags(struct n_tty_data *ldata) { ldata->read_head = ldata->canon_head = ldata->read_tail = 0; - ldata->echo_head = ldata->echo_tail = ldata->echo_commit = 0; ldata->commit_head = 0; - ldata->echo_mark = 0; ldata->line_start = 0; ldata->erasing = 0; @@ -619,12 +618,19 @@ static size_t __process_echoes(struct tty_struct *tty) old_space = space = tty_write_room(tty); tail = ldata->echo_tail; - while (ldata->echo_commit != tail) { + while (MASK(ldata->echo_commit) != MASK(tail)) { c = echo_buf(ldata, tail); if (c == ECHO_OP_START) { unsigned char op; int no_space_left = 0; + /* + * Since add_echo_byte() is called without holding + * output_lock, we might see only portion of multi-byte + * operation. + */ + if (MASK(ldata->echo_commit) == MASK(tail + 1)) + goto not_yet_stored; /* * If the buffer byte is the start of a multi-byte * operation, get the next byte, which is either the @@ -636,6 +642,8 @@ static size_t __process_echoes(struct tty_struct *tty) unsigned int num_chars, num_bs; case ECHO_OP_ERASE_TAB: + if (MASK(ldata->echo_commit) == MASK(tail + 2)) + goto not_yet_stored; num_chars = echo_buf(ldata, tail + 2); /* @@ -730,7 +738,8 @@ static size_t __process_echoes(struct tty_struct *tty) /* If the echo buffer is nearly full (so that the possibility exists * of echo overrun before the next commit), then discard enough * data at the tail to prevent a subsequent overrun */ - while (ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) { + while (ldata->echo_commit > tail && + ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) { if (echo_buf(ldata, tail) == ECHO_OP_START) { if (echo_buf(ldata, tail + 1) == ECHO_OP_ERASE_TAB) tail += 3; @@ -740,6 +749,7 @@ static size_t __process_echoes(struct tty_struct *tty) tail++; } + not_yet_stored: ldata->echo_tail = tail; return old_space - space; } @@ -750,6 +760,7 @@ static void commit_echoes(struct tty_struct *tty) size_t nr, old, echoed; size_t head; + mutex_lock(&ldata->output_lock); head = ldata->echo_head; ldata->echo_mark = head; old = ldata->echo_commit - ldata->echo_tail; @@ -758,10 +769,12 @@ static void commit_echoes(struct tty_struct *tty) * is over the threshold (and try again each time another * block is accumulated) */ nr = head - ldata->echo_tail; - if (nr < ECHO_COMMIT_WATERMARK || (nr % ECHO_BLOCK > old % ECHO_BLOCK)) + if (nr < ECHO_COMMIT_WATERMARK || + (nr % ECHO_BLOCK > old % ECHO_BLOCK)) { + mutex_unlock(&ldata->output_lock); return; + } - mutex_lock(&ldata->output_lock); ldata->echo_commit = head; echoed = __process_echoes(tty); mutex_unlock(&ldata->output_lock); @@ -812,7 +825,9 @@ static void flush_echoes(struct tty_struct *tty) static inline void add_echo_byte(unsigned char c, struct n_tty_data *ldata) { - *echo_buf_addr(ldata, ldata->echo_head++) = c; + *echo_buf_addr(ldata, ldata->echo_head) = c; + smp_wmb(); /* Matches smp_rmb() in echo_buf(). */ + ldata->echo_head++; } /** @@ -1881,30 +1896,21 @@ static int n_tty_open(struct tty_struct *tty) struct n_tty_data *ldata; /* Currently a malloc failure here can panic */ - ldata = vmalloc(sizeof(*ldata)); + ldata = vzalloc(sizeof(*ldata)); if (!ldata) - goto err; + return -ENOMEM; ldata->overrun_time = jiffies; mutex_init(&ldata->atomic_read_lock); mutex_init(&ldata->output_lock); tty->disc_data = ldata; - reset_buffer_flags(tty->disc_data); - ldata->column = 0; - ldata->canon_column = 0; - ldata->num_overrun = 0; - ldata->no_room = 0; - ldata->lnext = 0; tty->closing = 0; /* indicate buffer work may resume */ clear_bit(TTY_LDISC_HALTED, &tty->flags); n_tty_set_termios(tty, NULL); tty_unthrottle(tty); - return 0; -err: - return -ENOMEM; } static inline int input_available_p(struct tty_struct *tty, int poll)

6 years, 11 months

3
2
0 0

FAILED: patch "[PATCH] drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0c79f9cb77eae28d48a4f9fc1b3341aacbbd260c Mon Sep 17 00:00:00 2001 From: Michel Thierry <michel.thierry(a)intel.com> Date: Thu, 10 May 2018 13:07:08 -0700 Subject: [PATCH] drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk Factor in clear values wherever required while updating destination min/max. References: HSDES#1604444184 Signed-off-by: Michel Thierry <michel.thierry(a)intel.com> Cc: mesa-dev(a)lists.freedesktop.org Cc: Mika Kuoppala <mika.kuoppala(a)linux.intel.com> Cc: Oscar Mateo <oscar.mateo(a)intel.com> Reviewed-by: Mika Kuoppala <mika.kuoppala(a)linux.intel.com> Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Link: https://patchwork.freedesktop.org/patch/msgid/20180510200708.18097-1-michel… Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h index 14491782aa9e..f11bb213ec07 100644 --- a/drivers/gpu/drm/i915/i915_reg.h +++ b/drivers/gpu/drm/i915/i915_reg.h @@ -7259,6 +7259,9 @@ enum { #define SLICE_ECO_CHICKEN0 _MMIO(0x7308) #define PIXEL_MASK_CAMMING_DISABLE (1 << 14) +#define GEN9_WM_CHICKEN3 _MMIO(0x5588) +#define GEN9_FACTOR_IN_CLR_VAL_HIZ (1 << 9) + /* WaCatErrorRejectionIssue */ #define GEN7_SQ_CHICKEN_MBCUNIT_CONFIG _MMIO(0x9030) #define GEN7_SQ_CHICKEN_MBCUNIT_SQINTMOB (1<<11) diff --git a/drivers/gpu/drm/i915/intel_workarounds.c b/drivers/gpu/drm/i915/intel_workarounds.c index 5eec4ce965a5..2df3538ceba5 100644 --- a/drivers/gpu/drm/i915/intel_workarounds.c +++ b/drivers/gpu/drm/i915/intel_workarounds.c @@ -270,6 +270,10 @@ static int gen9_ctx_workarounds_init(struct drm_i915_private *dev_priv) GEN9_PREEMPT_GPGPU_LEVEL_MASK, GEN9_PREEMPT_GPGPU_COMMAND_LEVEL); + /* WaClearHIZ_WM_CHICKEN3:bxt,glk */ + if (IS_GEN9_LP(dev_priv)) + WA_SET_BIT_MASKED(GEN9_WM_CHICKEN3, GEN9_FACTOR_IN_CLR_VAL_HIZ); + return 0; }

6 years, 11 months

3
2
0 0

FAILED: patch "[PATCH] drm/atmel-hlcdc: check stride values in the first plane" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9fcf2b3c1c0276650fea537c71b513d27d929b05 Mon Sep 17 00:00:00 2001 From: Stefan Agner <stefan(a)agner.ch> Date: Sun, 17 Jun 2018 10:48:22 +0200 Subject: [PATCH] drm/atmel-hlcdc: check stride values in the first plane The statement always evaluates to true since the struct fields are arrays. This has shown up as a warning when compiling with clang: warning: address of array 'desc->layout.xstride' will always evaluate to 'true' [-Wpointer-bool-conversion] Check for values in the first plane instead. Fixes: 1a396789f65a ("drm: add Atmel HLCDC Display Controller support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Stefan Agner <stefan(a)agner.ch> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180617084826.31885-1-stefan… diff --git a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c index e18800ed7cd1..7b8191eae68a 100644 --- a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c +++ b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c @@ -875,7 +875,7 @@ static int atmel_hlcdc_plane_init_properties(struct atmel_hlcdc_plane *plane, drm_object_attach_property(&plane->base.base, props->alpha, 255); - if (desc->layout.xstride && desc->layout.pstride) { + if (desc->layout.xstride[0] && desc->layout.pstride[0]) { int ret; ret = drm_plane_create_rotation_property(&plane->base,

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] drm/atmel-hlcdc: check stride values in the first plane" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 9fcf2b3c1c0276650fea537c71b513d27d929b05 Mon Sep 17 00:00:00 2001 From: Stefan Agner <stefan(a)agner.ch> Date: Sun, 17 Jun 2018 10:48:22 +0200 Subject: [PATCH] drm/atmel-hlcdc: check stride values in the first plane The statement always evaluates to true since the struct fields are arrays. This has shown up as a warning when compiling with clang: warning: address of array 'desc->layout.xstride' will always evaluate to 'true' [-Wpointer-bool-conversion] Check for values in the first plane instead. Fixes: 1a396789f65a ("drm: add Atmel HLCDC Display Controller support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Stefan Agner <stefan(a)agner.ch> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180617084826.31885-1-stefan… diff --git a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c index e18800ed7cd1..7b8191eae68a 100644 --- a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c +++ b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c @@ -875,7 +875,7 @@ static int atmel_hlcdc_plane_init_properties(struct atmel_hlcdc_plane *plane, drm_object_attach_property(&plane->base.base, props->alpha, 255); - if (desc->layout.xstride && desc->layout.pstride) { + if (desc->layout.xstride[0] && desc->layout.pstride[0]) { int ret; ret = drm_plane_create_rotation_property(&plane->base,

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/pp: initialize result to before or'ing in data" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c4ff91dd40e2253ab6dd028011469c2c694e1e19 Mon Sep 17 00:00:00 2001 From: Colin Ian King <colin.king(a)canonical.com> Date: Wed, 6 Jun 2018 13:18:31 +0100 Subject: [PATCH] drm/amd/pp: initialize result to before or'ing in data The current use of result is or'ing in values and checking for a non-zero result, however, result is not initialized to zero so it potentially contains garbage to start with. Fix this by initializing it to the first return from the call to vega10_program_didt_config_registers. Detected by cppcheck: "(error) Uninitialized variable: result" Fixes: 9b7b8154cdb8 ("drm/amd/powerplay: added didt support for vega10") Signed-off-by: Colin Ian King <colin.king(a)canonical.com> Acked-by: Huang Rui <ray.huang(a)amd.com> [Fix the subject as Colin's comment] Signed-off-by: Huang Rui <ray.huang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c b/drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c index a9efd8554fbc..dbe4b1f66784 100644 --- a/drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c +++ b/drivers/gpu/drm/amd/powerplay/hwmgr/vega10_powertune.c @@ -1104,7 +1104,7 @@ static int vega10_enable_psm_gc_edc_config(struct pp_hwmgr *hwmgr) for (count = 0; count < num_se; count++) { data = GRBM_GFX_INDEX__INSTANCE_BROADCAST_WRITES_MASK | GRBM_GFX_INDEX__SH_BROADCAST_WRITES_MASK | ( count << GRBM_GFX_INDEX__SE_INDEX__SHIFT); WREG32_SOC15(GC, 0, mmGRBM_GFX_INDEX, data); - result |= vega10_program_didt_config_registers(hwmgr, PSMSEEDCStallPatternConfig_Vega10, VEGA10_CONFIGREG_DIDT); + result = vega10_program_didt_config_registers(hwmgr, PSMSEEDCStallPatternConfig_Vega10, VEGA10_CONFIGREG_DIDT); result |= vega10_program_didt_config_registers(hwmgr, PSMSEEDCStallDelayConfig_Vega10, VEGA10_CONFIGREG_DIDT); result |= vega10_program_didt_config_registers(hwmgr, PSMSEEDCCtrlResetConfig_Vega10, VEGA10_CONFIGREG_DIDT); result |= vega10_program_didt_config_registers(hwmgr, PSMSEEDCCtrlConfig_Vega10, VEGA10_CONFIGREG_DIDT);

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/i915/edp: Allow alternate fixed mode for eDP if" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 368b554d63948133aca05e63ff8f5f4fbc2804d4 Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Wed, 16 May 2018 11:01:10 +0300 Subject: [PATCH] Revert "drm/i915/edp: Allow alternate fixed mode for eDP if available." This reverts commit dc911f5bd8aacfcf8aabd5c26c88e04c837a938e. Per the report, no matter what display mode you select with xrandr, the i915 driver will always select the alternate fixed mode. For the reporter this means that the display will always run at 40Hz which is quite annoying. This may be due to the mode comparison. But there are some other potential issues. The choice of alt_fixed_mode seems dubious. It's the first non-preferred mode, but there are no guarantees that the only difference would be refresh rate. Similarly, there may be more than one preferred mode in the probed modes list, and the commit changes the preferred mode selection to choose the last one on the list instead of the first. (Note that the probed modes list is the raw, unfiltered, unsorted list of modes from drm_add_edid_modes(), not the pretty result after a drm_helper_probe_single_connector_modes() call.) Finally, we already have eerily similar code in place to find the downclock mode for DRRS that seems like could be reused here. Back to the drawing board. Note: This is a hand-crafted revert due to conflicts. If it fails to backport, please just try reverting the original commit directly. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105469 Reported-by: Rune Petersen <rune(a)megahurts.dk> Reported-by: Mark Spencer <n7u4722r35(a)ynzlx.anonbox.net> Fixes: dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for eDP if available.") Cc: Clint Taylor <clinton.a.taylor(a)intel.com> Cc: David Weinehall <david.weinehall(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Paulo Zanoni <paulo.r.zanoni(a)intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Jim Bride <jim.bride(a)linux.intel.com> Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: intel-gfx(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.14+ Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> Reviewed-by: Dhinakaran Pandiyan <dhinakaran.pandiyan(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180516080110.22770-1-jani.n… (cherry picked from commit d93fa1b47b8fcd149b5091f18385304f402a8e15) Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c index dde92e4af5d3..8320f0e8e3be 100644 --- a/drivers/gpu/drm/i915/intel_dp.c +++ b/drivers/gpu/drm/i915/intel_dp.c @@ -1679,23 +1679,6 @@ static int intel_dp_compute_bpp(struct intel_dp *intel_dp, return bpp; } -static bool intel_edp_compare_alt_mode(struct drm_display_mode *m1, - struct drm_display_mode *m2) -{ - bool bres = false; - - if (m1 && m2) - bres = (m1->hdisplay == m2->hdisplay && - m1->hsync_start == m2->hsync_start && - m1->hsync_end == m2->hsync_end && - m1->htotal == m2->htotal && - m1->vdisplay == m2->vdisplay && - m1->vsync_start == m2->vsync_start && - m1->vsync_end == m2->vsync_end && - m1->vtotal == m2->vtotal); - return bres; -} - /* Adjust link config limits based on compliance test requests. */ static void intel_dp_adjust_compliance_config(struct intel_dp *intel_dp, @@ -1860,16 +1843,8 @@ intel_dp_compute_config(struct intel_encoder *encoder, pipe_config->has_audio = intel_conn_state->force_audio == HDMI_AUDIO_ON; if (intel_dp_is_edp(intel_dp) && intel_connector->panel.fixed_mode) { - struct drm_display_mode *panel_mode = - intel_connector->panel.alt_fixed_mode; - struct drm_display_mode *req_mode = &pipe_config->base.mode; - - if (!intel_edp_compare_alt_mode(req_mode, panel_mode)) - panel_mode = intel_connector->panel.fixed_mode; - - drm_mode_debug_printmodeline(panel_mode); - - intel_fixed_panel_mode(panel_mode, adjusted_mode); + intel_fixed_panel_mode(intel_connector->panel.fixed_mode, + adjusted_mode); if (INTEL_GEN(dev_priv) >= 9) { int ret; @@ -6159,7 +6134,6 @@ static bool intel_edp_init_connector(struct intel_dp *intel_dp, struct drm_i915_private *dev_priv = to_i915(dev); struct drm_connector *connector = &intel_connector->base; struct drm_display_mode *fixed_mode = NULL; - struct drm_display_mode *alt_fixed_mode = NULL; struct drm_display_mode *downclock_mode = NULL; bool has_dpcd; struct drm_display_mode *scan; @@ -6214,14 +6188,13 @@ static bool intel_edp_init_connector(struct intel_dp *intel_dp, } intel_connector->edid = edid; - /* prefer fixed mode from EDID if available, save an alt mode also */ + /* prefer fixed mode from EDID if available */ list_for_each_entry(scan, &connector->probed_modes, head) { if ((scan->type & DRM_MODE_TYPE_PREFERRED)) { fixed_mode = drm_mode_duplicate(dev, scan); downclock_mode = intel_dp_drrs_init( intel_connector, fixed_mode); - } else if (!alt_fixed_mode) { - alt_fixed_mode = drm_mode_duplicate(dev, scan); + break; } } @@ -6258,8 +6231,7 @@ static bool intel_edp_init_connector(struct intel_dp *intel_dp, pipe_name(pipe)); } - intel_panel_init(&intel_connector->panel, fixed_mode, alt_fixed_mode, - downclock_mode); + intel_panel_init(&intel_connector->panel, fixed_mode, downclock_mode); intel_connector->panel.backlight.power = intel_edp_backlight_power; intel_panel_setup_backlight(connector, pipe); diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h index d7dbca1aabff..0361130500a6 100644 --- a/drivers/gpu/drm/i915/intel_drv.h +++ b/drivers/gpu/drm/i915/intel_drv.h @@ -277,7 +277,6 @@ struct intel_encoder { struct intel_panel { struct drm_display_mode *fixed_mode; - struct drm_display_mode *alt_fixed_mode; struct drm_display_mode *downclock_mode; /* backlight */ @@ -1850,7 +1849,6 @@ void intel_overlay_reset(struct drm_i915_private *dev_priv); /* intel_panel.c */ int intel_panel_init(struct intel_panel *panel, struct drm_display_mode *fixed_mode, - struct drm_display_mode *alt_fixed_mode, struct drm_display_mode *downclock_mode); void intel_panel_fini(struct intel_panel *panel); void intel_fixed_panel_mode(const struct drm_display_mode *fixed_mode, diff --git a/drivers/gpu/drm/i915/intel_dsi.c b/drivers/gpu/drm/i915/intel_dsi.c index 51a1d6868b1e..cf39ca90d887 100644 --- a/drivers/gpu/drm/i915/intel_dsi.c +++ b/drivers/gpu/drm/i915/intel_dsi.c @@ -1846,7 +1846,7 @@ void intel_dsi_init(struct drm_i915_private *dev_priv) connector->display_info.width_mm = fixed_mode->width_mm; connector->display_info.height_mm = fixed_mode->height_mm; - intel_panel_init(&intel_connector->panel, fixed_mode, NULL, NULL); + intel_panel_init(&intel_connector->panel, fixed_mode, NULL); intel_panel_setup_backlight(connector, INVALID_PIPE); intel_dsi_add_properties(intel_connector); diff --git a/drivers/gpu/drm/i915/intel_dvo.c b/drivers/gpu/drm/i915/intel_dvo.c index eb0c559b2715..a70d767313aa 100644 --- a/drivers/gpu/drm/i915/intel_dvo.c +++ b/drivers/gpu/drm/i915/intel_dvo.c @@ -536,7 +536,7 @@ void intel_dvo_init(struct drm_i915_private *dev_priv) */ intel_panel_init(&intel_connector->panel, intel_dvo_get_current_mode(intel_encoder), - NULL, NULL); + NULL); intel_dvo->panel_wants_dither = true; } diff --git a/drivers/gpu/drm/i915/intel_lvds.c b/drivers/gpu/drm/i915/intel_lvds.c index 8691c86f579c..d8ece907ff54 100644 --- a/drivers/gpu/drm/i915/intel_lvds.c +++ b/drivers/gpu/drm/i915/intel_lvds.c @@ -1140,8 +1140,7 @@ void intel_lvds_init(struct drm_i915_private *dev_priv) out: mutex_unlock(&dev->mode_config.mutex); - intel_panel_init(&intel_connector->panel, fixed_mode, NULL, - downclock_mode); + intel_panel_init(&intel_connector->panel, fixed_mode, downclock_mode); intel_panel_setup_backlight(connector, INVALID_PIPE); lvds_encoder->is_dual_link = compute_is_dual_link_lvds(lvds_encoder); diff --git a/drivers/gpu/drm/i915/intel_panel.c b/drivers/gpu/drm/i915/intel_panel.c index 41d00b1603e3..b443278e569c 100644 --- a/drivers/gpu/drm/i915/intel_panel.c +++ b/drivers/gpu/drm/i915/intel_panel.c @@ -1928,13 +1928,11 @@ intel_panel_init_backlight_funcs(struct intel_panel *panel) int intel_panel_init(struct intel_panel *panel, struct drm_display_mode *fixed_mode, - struct drm_display_mode *alt_fixed_mode, struct drm_display_mode *downclock_mode) { intel_panel_init_backlight_funcs(panel); panel->fixed_mode = fixed_mode; - panel->alt_fixed_mode = alt_fixed_mode; panel->downclock_mode = downclock_mode; return 0; @@ -1948,10 +1946,6 @@ void intel_panel_fini(struct intel_panel *panel) if (panel->fixed_mode) drm_mode_destroy(intel_connector->base.dev, panel->fixed_mode); - if (panel->alt_fixed_mode) - drm_mode_destroy(intel_connector->base.dev, - panel->alt_fixed_mode); - if (panel->downclock_mode) drm_mode_destroy(intel_connector->base.dev, panel->downclock_mode);

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/i915/edp: Allow alternate fixed mode for eDP if" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 368b554d63948133aca05e63ff8f5f4fbc2804d4 Mon Sep 17 00:00:00 2001 From: Jani Nikula <jani.nikula(a)intel.com> Date: Wed, 16 May 2018 11:01:10 +0300 Subject: [PATCH] Revert "drm/i915/edp: Allow alternate fixed mode for eDP if available." This reverts commit dc911f5bd8aacfcf8aabd5c26c88e04c837a938e. Per the report, no matter what display mode you select with xrandr, the i915 driver will always select the alternate fixed mode. For the reporter this means that the display will always run at 40Hz which is quite annoying. This may be due to the mode comparison. But there are some other potential issues. The choice of alt_fixed_mode seems dubious. It's the first non-preferred mode, but there are no guarantees that the only difference would be refresh rate. Similarly, there may be more than one preferred mode in the probed modes list, and the commit changes the preferred mode selection to choose the last one on the list instead of the first. (Note that the probed modes list is the raw, unfiltered, unsorted list of modes from drm_add_edid_modes(), not the pretty result after a drm_helper_probe_single_connector_modes() call.) Finally, we already have eerily similar code in place to find the downclock mode for DRRS that seems like could be reused here. Back to the drawing board. Note: This is a hand-crafted revert due to conflicts. If it fails to backport, please just try reverting the original commit directly. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105469 Reported-by: Rune Petersen <rune(a)megahurts.dk> Reported-by: Mark Spencer <n7u4722r35(a)ynzlx.anonbox.net> Fixes: dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for eDP if available.") Cc: Clint Taylor <clinton.a.taylor(a)intel.com> Cc: David Weinehall <david.weinehall(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Paulo Zanoni <paulo.r.zanoni(a)intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Jim Bride <jim.bride(a)linux.intel.com> Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: intel-gfx(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.14+ Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> Reviewed-by: Dhinakaran Pandiyan <dhinakaran.pandiyan(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180516080110.22770-1-jani.n… (cherry picked from commit d93fa1b47b8fcd149b5091f18385304f402a8e15) Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c index dde92e4af5d3..8320f0e8e3be 100644 --- a/drivers/gpu/drm/i915/intel_dp.c +++ b/drivers/gpu/drm/i915/intel_dp.c @@ -1679,23 +1679,6 @@ static int intel_dp_compute_bpp(struct intel_dp *intel_dp, return bpp; } -static bool intel_edp_compare_alt_mode(struct drm_display_mode *m1, - struct drm_display_mode *m2) -{ - bool bres = false; - - if (m1 && m2) - bres = (m1->hdisplay == m2->hdisplay && - m1->hsync_start == m2->hsync_start && - m1->hsync_end == m2->hsync_end && - m1->htotal == m2->htotal && - m1->vdisplay == m2->vdisplay && - m1->vsync_start == m2->vsync_start && - m1->vsync_end == m2->vsync_end && - m1->vtotal == m2->vtotal); - return bres; -} - /* Adjust link config limits based on compliance test requests. */ static void intel_dp_adjust_compliance_config(struct intel_dp *intel_dp, @@ -1860,16 +1843,8 @@ intel_dp_compute_config(struct intel_encoder *encoder, pipe_config->has_audio = intel_conn_state->force_audio == HDMI_AUDIO_ON; if (intel_dp_is_edp(intel_dp) && intel_connector->panel.fixed_mode) { - struct drm_display_mode *panel_mode = - intel_connector->panel.alt_fixed_mode; - struct drm_display_mode *req_mode = &pipe_config->base.mode; - - if (!intel_edp_compare_alt_mode(req_mode, panel_mode)) - panel_mode = intel_connector->panel.fixed_mode; - - drm_mode_debug_printmodeline(panel_mode); - - intel_fixed_panel_mode(panel_mode, adjusted_mode); + intel_fixed_panel_mode(intel_connector->panel.fixed_mode, + adjusted_mode); if (INTEL_GEN(dev_priv) >= 9) { int ret; @@ -6159,7 +6134,6 @@ static bool intel_edp_init_connector(struct intel_dp *intel_dp, struct drm_i915_private *dev_priv = to_i915(dev); struct drm_connector *connector = &intel_connector->base; struct drm_display_mode *fixed_mode = NULL; - struct drm_display_mode *alt_fixed_mode = NULL; struct drm_display_mode *downclock_mode = NULL; bool has_dpcd; struct drm_display_mode *scan; @@ -6214,14 +6188,13 @@ static bool intel_edp_init_connector(struct intel_dp *intel_dp, } intel_connector->edid = edid; - /* prefer fixed mode from EDID if available, save an alt mode also */ + /* prefer fixed mode from EDID if available */ list_for_each_entry(scan, &connector->probed_modes, head) { if ((scan->type & DRM_MODE_TYPE_PREFERRED)) { fixed_mode = drm_mode_duplicate(dev, scan); downclock_mode = intel_dp_drrs_init( intel_connector, fixed_mode); - } else if (!alt_fixed_mode) { - alt_fixed_mode = drm_mode_duplicate(dev, scan); + break; } } @@ -6258,8 +6231,7 @@ static bool intel_edp_init_connector(struct intel_dp *intel_dp, pipe_name(pipe)); } - intel_panel_init(&intel_connector->panel, fixed_mode, alt_fixed_mode, - downclock_mode); + intel_panel_init(&intel_connector->panel, fixed_mode, downclock_mode); intel_connector->panel.backlight.power = intel_edp_backlight_power; intel_panel_setup_backlight(connector, pipe); diff --git a/drivers/gpu/drm/i915/intel_drv.h b/drivers/gpu/drm/i915/intel_drv.h index d7dbca1aabff..0361130500a6 100644 --- a/drivers/gpu/drm/i915/intel_drv.h +++ b/drivers/gpu/drm/i915/intel_drv.h @@ -277,7 +277,6 @@ struct intel_encoder { struct intel_panel { struct drm_display_mode *fixed_mode; - struct drm_display_mode *alt_fixed_mode; struct drm_display_mode *downclock_mode; /* backlight */ @@ -1850,7 +1849,6 @@ void intel_overlay_reset(struct drm_i915_private *dev_priv); /* intel_panel.c */ int intel_panel_init(struct intel_panel *panel, struct drm_display_mode *fixed_mode, - struct drm_display_mode *alt_fixed_mode, struct drm_display_mode *downclock_mode); void intel_panel_fini(struct intel_panel *panel); void intel_fixed_panel_mode(const struct drm_display_mode *fixed_mode, diff --git a/drivers/gpu/drm/i915/intel_dsi.c b/drivers/gpu/drm/i915/intel_dsi.c index 51a1d6868b1e..cf39ca90d887 100644 --- a/drivers/gpu/drm/i915/intel_dsi.c +++ b/drivers/gpu/drm/i915/intel_dsi.c @@ -1846,7 +1846,7 @@ void intel_dsi_init(struct drm_i915_private *dev_priv) connector->display_info.width_mm = fixed_mode->width_mm; connector->display_info.height_mm = fixed_mode->height_mm; - intel_panel_init(&intel_connector->panel, fixed_mode, NULL, NULL); + intel_panel_init(&intel_connector->panel, fixed_mode, NULL); intel_panel_setup_backlight(connector, INVALID_PIPE); intel_dsi_add_properties(intel_connector); diff --git a/drivers/gpu/drm/i915/intel_dvo.c b/drivers/gpu/drm/i915/intel_dvo.c index eb0c559b2715..a70d767313aa 100644 --- a/drivers/gpu/drm/i915/intel_dvo.c +++ b/drivers/gpu/drm/i915/intel_dvo.c @@ -536,7 +536,7 @@ void intel_dvo_init(struct drm_i915_private *dev_priv) */ intel_panel_init(&intel_connector->panel, intel_dvo_get_current_mode(intel_encoder), - NULL, NULL); + NULL); intel_dvo->panel_wants_dither = true; } diff --git a/drivers/gpu/drm/i915/intel_lvds.c b/drivers/gpu/drm/i915/intel_lvds.c index 8691c86f579c..d8ece907ff54 100644 --- a/drivers/gpu/drm/i915/intel_lvds.c +++ b/drivers/gpu/drm/i915/intel_lvds.c @@ -1140,8 +1140,7 @@ void intel_lvds_init(struct drm_i915_private *dev_priv) out: mutex_unlock(&dev->mode_config.mutex); - intel_panel_init(&intel_connector->panel, fixed_mode, NULL, - downclock_mode); + intel_panel_init(&intel_connector->panel, fixed_mode, downclock_mode); intel_panel_setup_backlight(connector, INVALID_PIPE); lvds_encoder->is_dual_link = compute_is_dual_link_lvds(lvds_encoder); diff --git a/drivers/gpu/drm/i915/intel_panel.c b/drivers/gpu/drm/i915/intel_panel.c index 41d00b1603e3..b443278e569c 100644 --- a/drivers/gpu/drm/i915/intel_panel.c +++ b/drivers/gpu/drm/i915/intel_panel.c @@ -1928,13 +1928,11 @@ intel_panel_init_backlight_funcs(struct intel_panel *panel) int intel_panel_init(struct intel_panel *panel, struct drm_display_mode *fixed_mode, - struct drm_display_mode *alt_fixed_mode, struct drm_display_mode *downclock_mode) { intel_panel_init_backlight_funcs(panel); panel->fixed_mode = fixed_mode; - panel->alt_fixed_mode = alt_fixed_mode; panel->downclock_mode = downclock_mode; return 0; @@ -1948,10 +1946,6 @@ void intel_panel_fini(struct intel_panel *panel) if (panel->fixed_mode) drm_mode_destroy(intel_connector->base.dev, panel->fixed_mode); - if (panel->alt_fixed_mode) - drm_mode_destroy(intel_connector->base.dev, - panel->alt_fixed_mode); - if (panel->downclock_mode) drm_mode_destroy(intel_connector->base.dev, panel->downclock_mode);

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/psr: Chase psr.enabled only under the psr.lock" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From daeb725e919c0d2d4b628aeaa1fa053125f888b2 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Thu, 5 Apr 2018 12:49:15 +0100 Subject: [PATCH] drm/i915/psr: Chase psr.enabled only under the psr.lock Inside the psr work function, we want to wait for PSR to idle first and wish to do so without blocking the normal modeset path, so we do so without holding the PSR lock. However, we first have to find which pipe PSR was enabled on, which requires chasing into the PSR struct and requires locking to prevent intel_psr_disable() from concurrently setting our pointer to NULL. Fixes: 995d30477496 ("drm/i915: VLV/CHV PSR Software timer mode") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Durgadoss R <durgadoss.r(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v4.0+ Reviewed-by: Jose Roberto de Souza <jose.souza(a)intel.com> Acked-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180405114915.29609-1-chris@… diff --git a/drivers/gpu/drm/i915/intel_psr.c b/drivers/gpu/drm/i915/intel_psr.c index 2d53f7398a6d..69a5b276f4d8 100644 --- a/drivers/gpu/drm/i915/intel_psr.c +++ b/drivers/gpu/drm/i915/intel_psr.c @@ -775,53 +775,59 @@ void intel_psr_disable(struct intel_dp *intel_dp, cancel_delayed_work_sync(&dev_priv->psr.work); } -static void intel_psr_work(struct work_struct *work) +static bool psr_wait_for_idle(struct drm_i915_private *dev_priv) { - struct drm_i915_private *dev_priv = - container_of(work, typeof(*dev_priv), psr.work.work); - struct intel_dp *intel_dp = dev_priv->psr.enabled; - struct drm_crtc *crtc = dp_to_dig_port(intel_dp)->base.base.crtc; - enum pipe pipe = to_intel_crtc(crtc)->pipe; + struct intel_dp *intel_dp; + i915_reg_t reg; + u32 mask; + int err; + + intel_dp = dev_priv->psr.enabled; + if (!intel_dp) + return false; - /* We have to make sure PSR is ready for re-enable - * otherwise it keeps disabled until next full enable/disable cycle. - * PSR might take some time to get fully disabled - * and be ready for re-enable. - */ if (HAS_DDI(dev_priv)) { if (dev_priv->psr.psr2_enabled) { - if (intel_wait_for_register(dev_priv, - EDP_PSR2_STATUS, - EDP_PSR2_STATUS_STATE_MASK, - 0, - 50)) { - DRM_ERROR("Timed out waiting for PSR2 Idle for re-enable\n"); - return; - } + reg = EDP_PSR2_STATUS; + mask = EDP_PSR2_STATUS_STATE_MASK; } else { - if (intel_wait_for_register(dev_priv, - EDP_PSR_STATUS, - EDP_PSR_STATUS_STATE_MASK, - 0, - 50)) { - DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); - return; - } + reg = EDP_PSR_STATUS; + mask = EDP_PSR_STATUS_STATE_MASK; } } else { - if (intel_wait_for_register(dev_priv, - VLV_PSRSTAT(pipe), - VLV_EDP_PSR_IN_TRANS, - 0, - 1)) { - DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); - return; - } + struct drm_crtc *crtc = + dp_to_dig_port(intel_dp)->base.base.crtc; + enum pipe pipe = to_intel_crtc(crtc)->pipe; + + reg = VLV_PSRSTAT(pipe); + mask = VLV_EDP_PSR_IN_TRANS; } + + mutex_unlock(&dev_priv->psr.lock); + + err = intel_wait_for_register(dev_priv, reg, mask, 0, 50); + if (err) + DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); + + /* After the unlocked wait, verify that PSR is still wanted! */ mutex_lock(&dev_priv->psr.lock); - intel_dp = dev_priv->psr.enabled; + return err == 0 && dev_priv->psr.enabled; +} - if (!intel_dp) +static void intel_psr_work(struct work_struct *work) +{ + struct drm_i915_private *dev_priv = + container_of(work, typeof(*dev_priv), psr.work.work); + + mutex_lock(&dev_priv->psr.lock); + + /* + * We have to make sure PSR is ready for re-enable + * otherwise it keeps disabled until next full enable/disable cycle. + * PSR might take some time to get fully disabled + * and be ready for re-enable. + */ + if (!psr_wait_for_idle(dev_priv)) goto unlock; /* @@ -832,7 +838,7 @@ static void intel_psr_work(struct work_struct *work) if (dev_priv->psr.busy_frontbuffer_bits) goto unlock; - intel_psr_activate(intel_dp); + intel_psr_activate(dev_priv->psr.enabled); unlock: mutex_unlock(&dev_priv->psr.lock); }

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/psr: Chase psr.enabled only under the psr.lock" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From daeb725e919c0d2d4b628aeaa1fa053125f888b2 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Thu, 5 Apr 2018 12:49:15 +0100 Subject: [PATCH] drm/i915/psr: Chase psr.enabled only under the psr.lock Inside the psr work function, we want to wait for PSR to idle first and wish to do so without blocking the normal modeset path, so we do so without holding the PSR lock. However, we first have to find which pipe PSR was enabled on, which requires chasing into the PSR struct and requires locking to prevent intel_psr_disable() from concurrently setting our pointer to NULL. Fixes: 995d30477496 ("drm/i915: VLV/CHV PSR Software timer mode") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Durgadoss R <durgadoss.r(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v4.0+ Reviewed-by: Jose Roberto de Souza <jose.souza(a)intel.com> Acked-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180405114915.29609-1-chris@… diff --git a/drivers/gpu/drm/i915/intel_psr.c b/drivers/gpu/drm/i915/intel_psr.c index 2d53f7398a6d..69a5b276f4d8 100644 --- a/drivers/gpu/drm/i915/intel_psr.c +++ b/drivers/gpu/drm/i915/intel_psr.c @@ -775,53 +775,59 @@ void intel_psr_disable(struct intel_dp *intel_dp, cancel_delayed_work_sync(&dev_priv->psr.work); } -static void intel_psr_work(struct work_struct *work) +static bool psr_wait_for_idle(struct drm_i915_private *dev_priv) { - struct drm_i915_private *dev_priv = - container_of(work, typeof(*dev_priv), psr.work.work); - struct intel_dp *intel_dp = dev_priv->psr.enabled; - struct drm_crtc *crtc = dp_to_dig_port(intel_dp)->base.base.crtc; - enum pipe pipe = to_intel_crtc(crtc)->pipe; + struct intel_dp *intel_dp; + i915_reg_t reg; + u32 mask; + int err; + + intel_dp = dev_priv->psr.enabled; + if (!intel_dp) + return false; - /* We have to make sure PSR is ready for re-enable - * otherwise it keeps disabled until next full enable/disable cycle. - * PSR might take some time to get fully disabled - * and be ready for re-enable. - */ if (HAS_DDI(dev_priv)) { if (dev_priv->psr.psr2_enabled) { - if (intel_wait_for_register(dev_priv, - EDP_PSR2_STATUS, - EDP_PSR2_STATUS_STATE_MASK, - 0, - 50)) { - DRM_ERROR("Timed out waiting for PSR2 Idle for re-enable\n"); - return; - } + reg = EDP_PSR2_STATUS; + mask = EDP_PSR2_STATUS_STATE_MASK; } else { - if (intel_wait_for_register(dev_priv, - EDP_PSR_STATUS, - EDP_PSR_STATUS_STATE_MASK, - 0, - 50)) { - DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); - return; - } + reg = EDP_PSR_STATUS; + mask = EDP_PSR_STATUS_STATE_MASK; } } else { - if (intel_wait_for_register(dev_priv, - VLV_PSRSTAT(pipe), - VLV_EDP_PSR_IN_TRANS, - 0, - 1)) { - DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); - return; - } + struct drm_crtc *crtc = + dp_to_dig_port(intel_dp)->base.base.crtc; + enum pipe pipe = to_intel_crtc(crtc)->pipe; + + reg = VLV_PSRSTAT(pipe); + mask = VLV_EDP_PSR_IN_TRANS; } + + mutex_unlock(&dev_priv->psr.lock); + + err = intel_wait_for_register(dev_priv, reg, mask, 0, 50); + if (err) + DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); + + /* After the unlocked wait, verify that PSR is still wanted! */ mutex_lock(&dev_priv->psr.lock); - intel_dp = dev_priv->psr.enabled; + return err == 0 && dev_priv->psr.enabled; +} - if (!intel_dp) +static void intel_psr_work(struct work_struct *work) +{ + struct drm_i915_private *dev_priv = + container_of(work, typeof(*dev_priv), psr.work.work); + + mutex_lock(&dev_priv->psr.lock); + + /* + * We have to make sure PSR is ready for re-enable + * otherwise it keeps disabled until next full enable/disable cycle. + * PSR might take some time to get fully disabled + * and be ready for re-enable. + */ + if (!psr_wait_for_idle(dev_priv)) goto unlock; /* @@ -832,7 +838,7 @@ static void intel_psr_work(struct work_struct *work) if (dev_priv->psr.busy_frontbuffer_bits) goto unlock; - intel_psr_activate(intel_dp); + intel_psr_activate(dev_priv->psr.enabled); unlock: mutex_unlock(&dev_priv->psr.lock); }

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/psr: Chase psr.enabled only under the psr.lock" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From daeb725e919c0d2d4b628aeaa1fa053125f888b2 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Thu, 5 Apr 2018 12:49:15 +0100 Subject: [PATCH] drm/i915/psr: Chase psr.enabled only under the psr.lock Inside the psr work function, we want to wait for PSR to idle first and wish to do so without blocking the normal modeset path, so we do so without holding the PSR lock. However, we first have to find which pipe PSR was enabled on, which requires chasing into the PSR struct and requires locking to prevent intel_psr_disable() from concurrently setting our pointer to NULL. Fixes: 995d30477496 ("drm/i915: VLV/CHV PSR Software timer mode") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Durgadoss R <durgadoss.r(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v4.0+ Reviewed-by: Jose Roberto de Souza <jose.souza(a)intel.com> Acked-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180405114915.29609-1-chris@… diff --git a/drivers/gpu/drm/i915/intel_psr.c b/drivers/gpu/drm/i915/intel_psr.c index 2d53f7398a6d..69a5b276f4d8 100644 --- a/drivers/gpu/drm/i915/intel_psr.c +++ b/drivers/gpu/drm/i915/intel_psr.c @@ -775,53 +775,59 @@ void intel_psr_disable(struct intel_dp *intel_dp, cancel_delayed_work_sync(&dev_priv->psr.work); } -static void intel_psr_work(struct work_struct *work) +static bool psr_wait_for_idle(struct drm_i915_private *dev_priv) { - struct drm_i915_private *dev_priv = - container_of(work, typeof(*dev_priv), psr.work.work); - struct intel_dp *intel_dp = dev_priv->psr.enabled; - struct drm_crtc *crtc = dp_to_dig_port(intel_dp)->base.base.crtc; - enum pipe pipe = to_intel_crtc(crtc)->pipe; + struct intel_dp *intel_dp; + i915_reg_t reg; + u32 mask; + int err; + + intel_dp = dev_priv->psr.enabled; + if (!intel_dp) + return false; - /* We have to make sure PSR is ready for re-enable - * otherwise it keeps disabled until next full enable/disable cycle. - * PSR might take some time to get fully disabled - * and be ready for re-enable. - */ if (HAS_DDI(dev_priv)) { if (dev_priv->psr.psr2_enabled) { - if (intel_wait_for_register(dev_priv, - EDP_PSR2_STATUS, - EDP_PSR2_STATUS_STATE_MASK, - 0, - 50)) { - DRM_ERROR("Timed out waiting for PSR2 Idle for re-enable\n"); - return; - } + reg = EDP_PSR2_STATUS; + mask = EDP_PSR2_STATUS_STATE_MASK; } else { - if (intel_wait_for_register(dev_priv, - EDP_PSR_STATUS, - EDP_PSR_STATUS_STATE_MASK, - 0, - 50)) { - DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); - return; - } + reg = EDP_PSR_STATUS; + mask = EDP_PSR_STATUS_STATE_MASK; } } else { - if (intel_wait_for_register(dev_priv, - VLV_PSRSTAT(pipe), - VLV_EDP_PSR_IN_TRANS, - 0, - 1)) { - DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); - return; - } + struct drm_crtc *crtc = + dp_to_dig_port(intel_dp)->base.base.crtc; + enum pipe pipe = to_intel_crtc(crtc)->pipe; + + reg = VLV_PSRSTAT(pipe); + mask = VLV_EDP_PSR_IN_TRANS; } + + mutex_unlock(&dev_priv->psr.lock); + + err = intel_wait_for_register(dev_priv, reg, mask, 0, 50); + if (err) + DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); + + /* After the unlocked wait, verify that PSR is still wanted! */ mutex_lock(&dev_priv->psr.lock); - intel_dp = dev_priv->psr.enabled; + return err == 0 && dev_priv->psr.enabled; +} - if (!intel_dp) +static void intel_psr_work(struct work_struct *work) +{ + struct drm_i915_private *dev_priv = + container_of(work, typeof(*dev_priv), psr.work.work); + + mutex_lock(&dev_priv->psr.lock); + + /* + * We have to make sure PSR is ready for re-enable + * otherwise it keeps disabled until next full enable/disable cycle. + * PSR might take some time to get fully disabled + * and be ready for re-enable. + */ + if (!psr_wait_for_idle(dev_priv)) goto unlock; /* @@ -832,7 +838,7 @@ static void intel_psr_work(struct work_struct *work) if (dev_priv->psr.busy_frontbuffer_bits) goto unlock; - intel_psr_activate(intel_dp); + intel_psr_activate(dev_priv->psr.enabled); unlock: mutex_unlock(&dev_priv->psr.lock); }

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/psr: Chase psr.enabled only under the psr.lock" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From daeb725e919c0d2d4b628aeaa1fa053125f888b2 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Thu, 5 Apr 2018 12:49:15 +0100 Subject: [PATCH] drm/i915/psr: Chase psr.enabled only under the psr.lock Inside the psr work function, we want to wait for PSR to idle first and wish to do so without blocking the normal modeset path, so we do so without holding the PSR lock. However, we first have to find which pipe PSR was enabled on, which requires chasing into the PSR struct and requires locking to prevent intel_psr_disable() from concurrently setting our pointer to NULL. Fixes: 995d30477496 ("drm/i915: VLV/CHV PSR Software timer mode") Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Durgadoss R <durgadoss.r(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v4.0+ Reviewed-by: Jose Roberto de Souza <jose.souza(a)intel.com> Acked-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180405114915.29609-1-chris@… diff --git a/drivers/gpu/drm/i915/intel_psr.c b/drivers/gpu/drm/i915/intel_psr.c index 2d53f7398a6d..69a5b276f4d8 100644 --- a/drivers/gpu/drm/i915/intel_psr.c +++ b/drivers/gpu/drm/i915/intel_psr.c @@ -775,53 +775,59 @@ void intel_psr_disable(struct intel_dp *intel_dp, cancel_delayed_work_sync(&dev_priv->psr.work); } -static void intel_psr_work(struct work_struct *work) +static bool psr_wait_for_idle(struct drm_i915_private *dev_priv) { - struct drm_i915_private *dev_priv = - container_of(work, typeof(*dev_priv), psr.work.work); - struct intel_dp *intel_dp = dev_priv->psr.enabled; - struct drm_crtc *crtc = dp_to_dig_port(intel_dp)->base.base.crtc; - enum pipe pipe = to_intel_crtc(crtc)->pipe; + struct intel_dp *intel_dp; + i915_reg_t reg; + u32 mask; + int err; + + intel_dp = dev_priv->psr.enabled; + if (!intel_dp) + return false; - /* We have to make sure PSR is ready for re-enable - * otherwise it keeps disabled until next full enable/disable cycle. - * PSR might take some time to get fully disabled - * and be ready for re-enable. - */ if (HAS_DDI(dev_priv)) { if (dev_priv->psr.psr2_enabled) { - if (intel_wait_for_register(dev_priv, - EDP_PSR2_STATUS, - EDP_PSR2_STATUS_STATE_MASK, - 0, - 50)) { - DRM_ERROR("Timed out waiting for PSR2 Idle for re-enable\n"); - return; - } + reg = EDP_PSR2_STATUS; + mask = EDP_PSR2_STATUS_STATE_MASK; } else { - if (intel_wait_for_register(dev_priv, - EDP_PSR_STATUS, - EDP_PSR_STATUS_STATE_MASK, - 0, - 50)) { - DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); - return; - } + reg = EDP_PSR_STATUS; + mask = EDP_PSR_STATUS_STATE_MASK; } } else { - if (intel_wait_for_register(dev_priv, - VLV_PSRSTAT(pipe), - VLV_EDP_PSR_IN_TRANS, - 0, - 1)) { - DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); - return; - } + struct drm_crtc *crtc = + dp_to_dig_port(intel_dp)->base.base.crtc; + enum pipe pipe = to_intel_crtc(crtc)->pipe; + + reg = VLV_PSRSTAT(pipe); + mask = VLV_EDP_PSR_IN_TRANS; } + + mutex_unlock(&dev_priv->psr.lock); + + err = intel_wait_for_register(dev_priv, reg, mask, 0, 50); + if (err) + DRM_ERROR("Timed out waiting for PSR Idle for re-enable\n"); + + /* After the unlocked wait, verify that PSR is still wanted! */ mutex_lock(&dev_priv->psr.lock); - intel_dp = dev_priv->psr.enabled; + return err == 0 && dev_priv->psr.enabled; +} - if (!intel_dp) +static void intel_psr_work(struct work_struct *work) +{ + struct drm_i915_private *dev_priv = + container_of(work, typeof(*dev_priv), psr.work.work); + + mutex_lock(&dev_priv->psr.lock); + + /* + * We have to make sure PSR is ready for re-enable + * otherwise it keeps disabled until next full enable/disable cycle. + * PSR might take some time to get fully disabled + * and be ready for re-enable. + */ + if (!psr_wait_for_idle(dev_priv)) goto unlock; /* @@ -832,7 +838,7 @@ static void intel_psr_work(struct work_struct *work) if (dev_priv->psr.busy_frontbuffer_bits) goto unlock; - intel_psr_activate(intel_dp); + intel_psr_activate(dev_priv->psr.enabled); unlock: mutex_unlock(&dev_priv->psr.lock); }

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/amd/display: fix dereferencing possible" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 642ad57058baaa2c105925a75c153bb486877513 Mon Sep 17 00:00:00 2001 From: Harry Wentland <harry.wentland(a)amd.com> Date: Thu, 12 Apr 2018 10:51:51 -0400 Subject: [PATCH] Revert "drm/amd/display: fix dereferencing possible ERR_PTR()" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit cd2d6c92a8e39d7e50a5af9fcc67d07e6a89e91d. Cc: Shirish S <shirish.s(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Michel Dänzer <michel.daenzer(a)amd.com> Signed-off-by: Harry Wentland <harry.wentland(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 265f0166f688..0c29f3b97398 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -4941,9 +4941,6 @@ static int dm_atomic_check_plane_state_fb(struct drm_atomic_state *state, return -EDEADLK; crtc_state = drm_atomic_get_crtc_state(plane_state->state, crtc); - if (IS_ERR(crtc_state)) - return PTR_ERR(crtc_state); - if (crtc->primary == plane && crtc_state->active) { if (!plane_state->fb) return -EINVAL;

6 years, 11 months

1
0
0 0

4.17.2 -> 4.17.3 iwlwifi regression

by Yan, Zheng

I started to get following warning and unstable connection after upgrading kernel to 4.17.3 (from 4.17.2). iwlwifi 0000:04:00.0: loaded firmware version 38.c0e03d94.0 op_mode iwlmvm iwlwifi 0000:04:00.0: Detected Intel(R) Dual Band Wireless AC 9260, REV=0x324 audit: type=1130 audit(1529640588.009:69): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' iwlwifi 0000:04:00.0: base HW address: 74:e5:f9:a6:bb:52 … WARNING: CPU: 1 PID: 0 at drivers/net/wireless/intel/iwlwifi/mvm/tx.c:710 iwl_mvm_tx_tso_segment+0x28a/0x2a0 [iwlmvm] Modules linked in: joydev(E) xt_nat(E) it87(OE) netconsole(E) rmd160(E) ip_vti(E) ip_tunnel(E) af_key(E) ah6(E) ah4(E) esp6(E) esp4(E) xfrm4_mode_beet(E) xfrm4_tunnel(E) tunnel4(E) xfrm4_mode_tunnel(E) xfrm4_mode_transport(E) xfrm6_mode_transport(E) xfrm6_mode_ro(E) xfrm6_mode_beet(E) xfrm6_mode_tunnel(E) ipcomp(E) ipcomp6(E) xfrm6_tunnel(E) xfrm_ipcomp(E) tunnel6(E) sha1_ssse3(E) salsa20_x86_64(E) salsa20_generic(E) poly1305_x86_64(E) poly1305_generic(E) des3_ede_x86_64(E) chacha20_x86_64(E) chacha20_generic(E) chacha20poly1305(E) camellia_generic(E) camellia_aesni_avx2(E) camellia_aesni_avx_x86_64(E) camellia_x86_64(E) cast6_avx_x86_64(E) cast6_generic(E) cast5_avx_x86_64(E) cast5_generic(E) cast_common(E) serpent_avx2(E) serpent_avx_x86_64(E) serpent_sse2_x86_64(E) serpent_generic(E) blowfish_generic(E) blowfish_x86_64(E) blowfish_common(E) twofish_generic(E) twofish_avx_x86_64(E) twofish_x86_64_3way(E) twofish_x86_64(E) twofish_common(E) xcbc(E) sha256_mb(E) sha256_ssse3(E) sha512_mb(E) mcryptd(E) sha512_ssse3(E) sha512_generic(E) des_generic(E) xt_CHECKSUM(E) ipt_MASQUERADE(E) nf_nat_masquerade_ipv4(E) tun(E) ccm(E) nf_conntrack_netbios_ns(E) nf_conntrack_broadcast(E) xt_CT(E) ip6t_rpfilter(E) ip6t_REJECT(E) nf_reject_ipv6(E) xt_conntrack(E) ip_set(E) nfnetlink(E) ebtable_nat(E) ebtable_broute(E) bridge(E) stp(E) llc(E) ip6table_nat(E) nf_conntrack_ipv6(E) nf_defrag_ipv6(E) nf_nat_ipv6(E) ip6table_mangle(E) ip6table_raw(E) ip6table_security(E) iptable_nat(E) nf_conntrack_ipv4(E) nf_defrag_ipv4(E) nf_nat_ipv4(E) nf_nat(E) nf_conntrack(E) iptable_mangle(E) iptable_raw(E) iptable_security(E) ebtable_filter(E) ebtables(E) ip6table_filter(E) ip6_tables(E) cmac(E) bnep(E) hwmon_vid(E) ib_isert(E) iscsi_target_mod(E) ib_srpt(E) target_core_mod(E) ib_srp(E) scsi_transport_srp(E) vfat(E) fat(E) xfs(E) libcrc32c(E) ib_ucm(E) arc4(E) rpcrdma(E) sunrpc(E) iwlmvm(E) mac80211(E) rdma_ucm(E) ib_uverbs(E) ib_iser(E) snd_hda_codec_realtek(E) rdma_cm(E) btusb(E) snd_hda_codec_generic(E) snd_hda_codec_hdmi(E) iw_cm(E) btrtl(E) snd_hda_intel(E) btbcm(E) btintel(E) snd_hda_codec(E) bluetooth(E) snd_hda_core(E) ib_umad(E) edac_mce_amd(E) snd_hwdep(E) ib_ipoib(E) libiscsi(E) scsi_transport_iscsi(E) iwlwifi(E) snd_seq(E) snd_seq_device(E) kvm_amd(E) ib_cm(E) mlx4_ib(E) ib_core(E) kvm(E) snd_pcm(E) snd_timer(E) sp5100_tco(E) snd(E) i2c_piix4(E) soundcore(E) gpio_amdpt(E) gpio_generic(E) ecdh_generic(E) cfg80211(E) irqbypass(E) mxm_wmi(E) rfkill(E) wmi_bmof(E) crct10dif_pclmul(E) crc32_pclmul(E) wmi(E) ghash_clmulni_intel(E) k10temp(E) ccp(E) pinctrl_amd(E) shpchp(E) pcspkr(E) acpi_cpufreq(E) mlx4_en(E) amdkfd(E) amd_iommu_v2(E) amdgpu(E) chash(E) gpu_sched(E) drm_kms_helper(E) ttm(E) crc32c_intel(E) mlx4_core(E) igb(E) devlink(E) drm(E) ptp(E) pps_core(E) dca(E) i2c_algo_bit(E) nvme(E) nvme_core(E) tcp_bbr(E) CPU: 1 PID: 0 Comm: swapper/1 Tainted: G OE 4.17.2 #4 Hardware name: System manufacturer System Product Name/PRIME X370-PRO, BIOS 3803 01/22/2018 RIP: 0010:iwl_mvm_tx_tso_segment+0x28a/0x2a0 [iwlmvm] RSP: 0018:ffff961e1ec437c0 EFLAGS: 00010202 RAX: 00000000000002c0 RBX: fffffffffffffff4 RCX: ffff961c38339c64 RDX: ffff961c38339c00 RSI: 0000000000000000 RDI: ffff961c38339c64 RBP: ffff961e1ec43850 R08: ffff9618f295b700 R09: fffffffffffffff4 R10: 0000000000000000 R11: 0000000000000000 R12: 000000000000dc6f R13: 0000000000000008 R14: 0000000000000000 R15: 00000000000005a8 FS: 0000000000000000(0000) GS:ffff961e1ec40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000559b4fc3e240 CR3: 000000063c20a000 CR4: 00000000003406e0 Call Trace: <IRQ> ? iwl_mvm_tx_mpdu+0x1a2/0x5b0 [iwlmvm] iwl_mvm_tx_skb+0x3f0/0x440 [iwlmvm] iwl_mvm_mac_tx+0xb5/0x1b0 [iwlmvm] ieee80211_tx_frags+0x14c/0x220 [mac80211] ieee80211_xmit_fast+0x7ea/0x8b0 [mac80211] ? sched_clock+0x5/0x10 ? sched_clock_cpu+0xc/0xb0 __ieee80211_subif_start_xmit+0xa9/0x1e0 [mac80211] ieee80211_subif_start_xmit+0x44/0x2d0 [mac80211] dev_hard_start_xmit+0xa5/0x210 sch_direct_xmit+0x158/0x340 __dev_queue_xmit+0x53b/0x7e0 ? xfrm_lookup+0x2f2/0x930 ip_finish_output2+0x29c/0x3b0 ip_output+0x6c/0xe0 ? ip_append_data.part.50+0xc0/0xc0 ip_forward+0x396/0x450 ? ip_defrag.cold.17+0x22/0x22 ip_rcv+0x26e/0x3a6 ? inet_add_protocol.cold.1+0x1e/0x1e __netif_receive_skb_core+0x4fb/0xb30 ? mlx4_en_process_rx_cq+0x9b5/0xc60 [mlx4_en] ? ktime_get_with_offset+0x4d/0xc0 netif_receive_skb_internal+0x42/0xf0 napi_gro_flush+0x50/0x70 napi_complete_done+0x39/0xf0 mlx4_en_poll_rx_cq+0xa4/0xf0 [mlx4_en] net_rx_action+0x149/0x3a0 __do_softirq+0xe3/0x2d4 irq_exit+0xe8/0xf0 do_IRQ+0x7d/0xc0 common_interrupt+0xf/0xf </IRQ> RIP: 0010:native_safe_halt+0x2/0x10 RSP: 0018:ffffaeb84323be40 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffda RAX: 0000000080000000 RBX: ffff961dfa98dc00 RCX: ffff961e1ec40000 RDX: 4ec4ec4ec4ec4ec5 RSI: 0000000000000034 RDI: ffff961dfa98dc64 RBP: ffff961dfa98dc64 R08: 00002b4f757437c4 R09: 0000000000000249 R10: 000000000000024b R11: ffff961e1ec5fae8 R12: 0000000000000001 R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000 acpi_safe_halt+0x1b/0x30 acpi_idle_enter+0xf3/0x2b0 cpuidle_enter_state+0x70/0x2a0 do_idle+0x21d/0x260 cpu_startup_entry+0x6f/0x80 start_secondary+0x1a4/0x1f0 secondary_startup_64+0xa5/0xb0 Code: 00 48 03 bb d0 00 00 00 44 89 44 24 14 48 89 74 24 08 48 89 0c 24 e8 76 ba 94 ea 44 8b 44 24 14 48 8b 74 24 08 48 8b 0c 24 eb aa <0f> 0b b8 ea ff ff ff e9 78 ff ff ff e8 45 19 22 ea 0f 1f 44 00

6 years, 11 months

3
3
0 0

[PATCH] arm64: dts: marvell: fix CP110 ICU node size

by Miquel Raynal

commit 2f872ddcdb1e8e2186162616cea4581b8403849d upstream. ICU size in CP110 is not 0x10 but at least 0x440 bytes long (from the specification). Fixes: 6ef84a827c37 ("arm64: dts: marvell: enable GICP and ICU on Armada 7K/8K") Cc: stable(a)vger.kernel.org # 4.14.x Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Reviewed-by: Thomas Petazzoni <thomas.petazzoni(a)bootlin.com> Signed-off-by: Gregory CLEMENT <gregory.clement(a)bootlin.com> --- Backport to 4.14 stable tree: the original patch did not applied because of the effort of DT de-duplication that merged two files in one. arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi | 2 +- arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi b/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi index 9a7b63cd63a3..7c19f32d0f44 100644 --- a/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi +++ b/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi @@ -169,7 +169,7 @@ cpm_icu: interrupt-controller@1e0000 { compatible = "marvell,cp110-icu"; - reg = <0x1e0000 0x10>; + reg = <0x1e0000 0x440>; #interrupt-cells = <3>; interrupt-controller; msi-parent = <&gicp>; diff --git a/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi b/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi index faf28633a309..150e97a1dfea 100644 --- a/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi +++ b/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi @@ -169,7 +169,7 @@ cps_icu: interrupt-controller@1e0000 { compatible = "marvell,cp110-icu"; - reg = <0x1e0000 0x10>; + reg = <0x1e0000 0x440>; #interrupt-cells = <3>; interrupt-controller; msi-parent = <&gicp>; -- 2.14.1

6 years, 11 months

2
2
0 0

[PATCH] HID: debug: check length before copy_to_user()

by Daniel Rosenberg

If our length is greater than the size of the buffer, we overflow the buffer Signed-off-by: Daniel Rosenberg <drosen(a)google.com> Cc: stable(a)vger.kernel.org --- drivers/hid/hid-debug.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/hid/hid-debug.c b/drivers/hid/hid-debug.c index 8469b6964ff64..b48100236df89 100644 --- a/drivers/hid/hid-debug.c +++ b/drivers/hid/hid-debug.c @@ -1154,6 +1154,8 @@ static ssize_t hid_debug_events_read(struct file *file, char __user *buffer, goto out; if (list->tail > list->head) { len = list->tail - list->head; + if (len > count) + len = count; if (copy_to_user(buffer + ret, &list->hid_debug_buf[list->head], len)) { ret = -EFAULT; @@ -1163,6 +1165,8 @@ static ssize_t hid_debug_events_read(struct file *file, char __user *buffer, list->head += len; } else { len = HID_DEBUG_BUFSIZE - list->head; + if (len > count) + len = count; if (copy_to_user(buffer, &list->hid_debug_buf[list->head], len)) { ret = -EFAULT; @@ -1170,7 +1174,9 @@ static ssize_t hid_debug_events_read(struct file *file, char __user *buffer, } list->head = 0; ret += len; - goto copy_rest; + count -= len; + if (count > 0) + goto copy_rest; } } -- 2.18.0.399.gad0ab374a1-goog

6 years, 11 months

4
3
0 0

[PATCH v4 3/3] x86/mm: add TLB purge to free pmd/pte page interfaces

by Toshi Kani

ioremap() calls pud_free_pmd_page() / pmd_free_pte_page() when it creates a pud / pmd map. The following preconditions are met at their entry. - All pte entries for a target pud/pmd address range have been cleared. - System-wide TLB purges have been peformed for a target pud/pmd address range. The preconditions assure that there is no stale TLB entry for the range. Speculation may not cache TLB entries since it requires all levels of page entries, including ptes, to have P & A-bits set for an associated address. However, speculation may cache pud/pmd entries (paging-structure caches) when they have P-bit set. Add a system-wide TLB purge (INVLPG) to a single page after clearing pud/pmd entry's P-bit. SDM 4.10.4.1, Operation that Invalidate TLBs and Paging-Structure Caches, states that: INVLPG invalidates all paging-structure caches associated with the current PCID regardless of the liner addresses to which they correspond. Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <stable(a)vger.kernel.org> --- arch/x86/mm/pgtable.c | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index fbd14e506758..e3deefb891da 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -725,24 +725,44 @@ int pmd_clear_huge(pmd_t *pmd) * @pud: Pointer to a PUD. * @addr: Virtual address associated with pud. * - * Context: The pud range has been unmaped and TLB purged. + * Context: The pud range has been unmapped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. + * + * NOTE: Callers must allow a single page allocation. */ int pud_free_pmd_page(pud_t *pud, unsigned long addr) { - pmd_t *pmd; + pmd_t *pmd, *pmd_sv; + pte_t *pte; int i; if (pud_none(*pud)) return 1; pmd = (pmd_t *)pud_page_vaddr(*pud); + pmd_sv = (pmd_t *)__get_free_page(GFP_KERNEL); + if (!pmd_sv) + return 0; - for (i = 0; i < PTRS_PER_PMD; i++) - if (!pmd_free_pte_page(&pmd[i], addr + (i * PMD_SIZE))) - return 0; + for (i = 0; i < PTRS_PER_PMD; i++) { + pmd_sv[i] = pmd[i]; + if (!pmd_none(pmd[i])) + pmd_clear(&pmd[i]); + } pud_clear(pud); + + /* INVLPG to clear all paging-structure caches */ + flush_tlb_kernel_range(addr, addr + PAGE_SIZE-1); + + for (i = 0; i < PTRS_PER_PMD; i++) { + if (!pmd_none(pmd_sv[i])) { + pte = (pte_t *)pmd_page_vaddr(pmd_sv[i]); + free_page((unsigned long)pte); + } + } + + free_page((unsigned long)pmd_sv); free_page((unsigned long)pmd); return 1; @@ -753,7 +773,7 @@ int pud_free_pmd_page(pud_t *pud, unsigned long addr) * @pmd: Pointer to a PMD. * @addr: Virtual address associated with pmd. * - * Context: The pmd range has been unmaped and TLB purged. + * Context: The pmd range has been unmapped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) @@ -765,6 +785,10 @@ int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) pte = (pte_t *)pmd_page_vaddr(*pmd); pmd_clear(pmd); + + /* INVLPG to clear all paging-structure caches */ + flush_tlb_kernel_range(addr, addr + PAGE_SIZE-1); + free_page((unsigned long)pte); return 1;

6 years, 11 months

2
1
0 0

[PATCH v4 1/3] x86/mm: disable ioremap free page handling on x86-PAE

by Toshi Kani

ioremap() supports pmd mappings on x86-PAE. However, kernel's pmd tables are not shared among processes on x86-PAE. Therefore, any update to sync'd pmd entries need re-syncing. Freeing a pte page also leads to a vmalloc fault and hits the BUG_ON in vmalloc_sync_one(). Disable free page handling on x86-PAE. pud_free_pmd_page() and pmd_free_pte_page() simply return 0 if a given pud/pmd entry is present. This assures that ioremap() does not update sync'd pmd entries at the cost of falling back to pte mappings. Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Reported-by: Joerg Roedel <joro(a)8bytes.org> Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <stable(a)vger.kernel.org> --- arch/x86/mm/pgtable.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index 47b5951e592b..1aeb7a5dbce5 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -719,6 +719,7 @@ int pmd_clear_huge(pmd_t *pmd) return 0; } +#ifdef CONFIG_X86_64 /** * pud_free_pmd_page - Clear pud entry and free pmd page. * @pud: Pointer to a PUD. @@ -766,4 +767,22 @@ int pmd_free_pte_page(pmd_t *pmd) return 1; } + +#else /* !CONFIG_X86_64 */ + +int pud_free_pmd_page(pud_t *pud) +{ + return pud_none(*pud); +} + +/* + * Disable free page handling on x86-PAE. This assures that ioremap() + * does not update sync'd pmd entries. See vmalloc_sync_one(). + */ +int pmd_free_pte_page(pmd_t *pmd) +{ + return pmd_none(*pmd); +} + +#endif /* CONFIG_X86_64 */ #endif /* CONFIG_HAVE_ARCH_HUGE_VMAP */

6 years, 11 months

2
1
0 0

[PATCH] cifs: Fix memory leak in smb2_set_ea()

by Paulo Alcantara

This patch fixes a memory leak when doing a setxattr(2) in SMB2+. Signed-off-by: Paulo Alcantara <palcantara(a)suse.de> Cc: stable(a)vger.kernel.org --- fs/cifs/smb2ops.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index 0356b5559c71..957ea2a5cf1d 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -855,6 +855,8 @@ smb2_set_ea(const unsigned int xid, struct cifs_tcon *tcon, rc = SMB2_set_ea(xid, tcon, fid.persistent_fid, fid.volatile_fid, ea, len); + kfree(ea); + SMB2_close(xid, tcon, fid.persistent_fid, fid.volatile_fid); return rc; -- 2.18.0

6 years, 11 months

1
0
0 0

[PATCH 1/4] USB: serial: keyspan_pda: fix modem-status error handling

by Johan Hovold

Fix broken modem-status error handling which could lead to bits of slab data leaking to user space. Fixes: 3b36a8fd6777 ("usb: fix uninitialized variable warning in keyspan_pda") Cc: stable <stable(a)vger.kernel.org> # 2.6.27 Cc: Benny Halevy <bhalevy(a)panasas.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/keyspan_pda.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/serial/keyspan_pda.c b/drivers/usb/serial/keyspan_pda.c index 5169624d8b11..38d43c4b7ce5 100644 --- a/drivers/usb/serial/keyspan_pda.c +++ b/drivers/usb/serial/keyspan_pda.c @@ -369,8 +369,10 @@ static int keyspan_pda_get_modem_info(struct usb_serial *serial, 3, /* get pins */ USB_TYPE_VENDOR|USB_RECIP_INTERFACE|USB_DIR_IN, 0, 0, data, 1, 2000); - if (rc >= 0) + if (rc == 1) *value = *data; + else if (rc >= 0) + rc = -EIO; kfree(data); return rc; -- 2.18.0

6 years, 11 months

1
1
0 0

[PATCH v3] block: don't use blocking queue entered for recursive bio submits

by Alexandru Moise

From: Jens Axboe <axboe(a)kernel.dk> commit cd4a4ae4683dc2e09380118e205e057896dcda2b upstream If we end up splitting a bio and the queue goes away between the initial submission and the later split submission, then we can block forever in blk_queue_enter() waiting for the reference to drop to zero. This will never happen, since we already hold a reference. Mark a split bio as already having entered the queue, so we can just use the live non-blocking queue enter variant. Thanks to Tetsuo Handa for the analysis. We're running fio tests and the tasks get stuck in a D state forever when systemd-udevd tries to read the partition table. This patch solves it. Please apply to 4.17 stable. Reported-by: syzbot+c4f9cebf9d651f6e54de(a)syzkaller.appspotmail.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Alexandru Moise <00moses.alexander00(a)gmail.com> --- v2: Fixed "From:" v3: Added "From: Jens Axboe" above commit sha block/blk-core.c | 4 +++- block/blk-merge.c | 10 ++++++++++ include/linux/blk_types.h | 2 ++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/block/blk-core.c b/block/blk-core.c index b559b9d4f1a2..47ab2d9d02d9 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -2392,7 +2392,9 @@ blk_qc_t generic_make_request(struct bio *bio) if (bio->bi_opf & REQ_NOWAIT) flags = BLK_MQ_REQ_NOWAIT; - if (blk_queue_enter(q, flags) < 0) { + if (bio_flagged(bio, BIO_QUEUE_ENTERED)) + blk_queue_enter_live(q); + else if (blk_queue_enter(q, flags) < 0) { if (!blk_queue_dying(q) && (bio->bi_opf & REQ_NOWAIT)) bio_wouldblock_error(bio); else diff --git a/block/blk-merge.c b/block/blk-merge.c index 782940c65d8a..481dc02668f9 100644 --- a/block/blk-merge.c +++ b/block/blk-merge.c @@ -210,6 +210,16 @@ void blk_queue_split(struct request_queue *q, struct bio **bio) /* there isn't chance to merge the splitted bio */ split->bi_opf |= REQ_NOMERGE; + /* + * Since we're recursing into make_request here, ensure + * that we mark this bio as already having entered the queue. + * If not, and the queue is going away, we can get stuck + * forever on waiting for the queue reference to drop. But + * that will never happen, as we're already holding a + * reference to it. + */ + bio_set_flag(*bio, BIO_QUEUE_ENTERED); + bio_chain(split, *bio); trace_block_split(q, split, (*bio)->bi_iter.bi_sector); generic_make_request(*bio); diff --git a/include/linux/blk_types.h b/include/linux/blk_types.h index 17b18b91ebac..1602bf4ab4cd 100644 --- a/include/linux/blk_types.h +++ b/include/linux/blk_types.h @@ -186,6 +186,8 @@ struct bio { * throttling rules. Don't do it again. */ #define BIO_TRACE_COMPLETION 10 /* bio_endio() should trace the final completion * of this bio. */ +#define BIO_QUEUE_ENTERED 11 /* can use blk_queue_enter_live() */ + /* See BVEC_POOL_OFFSET below before adding new flags */ /* -- 2.18.0

6 years, 11 months

2
1
0 0

[PATCH v2] ARM: dts: armada-38x: use the new thermal binding

by Baruch Siach

Commit 2f28e4c24b10e (thermal: armada: Clarify control registers accesses) introduced the new thermal binding. The new binding extends the second registers field size to 8. Switch to the new binding to fix thermal reading values. Without this change the fix for errata #132698 introduced in commit 8c0b888f661 (thermal: armada: Change sensors trim default value) has no effect. Cc: stable(a)vger.kernel.org # v4.16+ Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Baruch Siach <baruch(a)tkos.co.il> --- v2: * Typo fixes (Andreas Färber) * Add Miquel's review tag * Minor wording changes * Cc stable --- arch/arm/boot/dts/armada-38x.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/boot/dts/armada-38x.dtsi b/arch/arm/boot/dts/armada-38x.dtsi index 18edc9bc7927..929459c42760 100644 --- a/arch/arm/boot/dts/armada-38x.dtsi +++ b/arch/arm/boot/dts/armada-38x.dtsi @@ -547,7 +547,7 @@ thermal: thermal@e8078 { compatible = "marvell,armada380-thermal"; - reg = <0xe4078 0x4>, <0xe4074 0x4>; + reg = <0xe4078 0x4>, <0xe4070 0x8>; status = "okay"; }; -- 2.18.0

6 years, 11 months

2
1
0 0

[PATCH v2] block: don't use blocking queue entered for recursive bio submits

by Alexandru Moise

commit cd4a4ae4683dc2e09380118e205e057896dcda2b upstream. If we end up splitting a bio and the queue goes away between the initial submission and the later split submission, then we can block forever in blk_queue_enter() waiting for the reference to drop to zero. This will never happen, since we already hold a reference. Mark a split bio as already having entered the queue, so we can just use the live non-blocking queue enter variant. Thanks to Tetsuo Handa for the analysis. We're running fio tests and the tasks get stuck in a D state forever when systemd-udevd tries to read the partition table. This patch solves it. Please apply to 4.17 stable. Reported-by: syzbot+c4f9cebf9d651f6e54de(a)syzkaller.appspotmail.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Alexandru Moise <00moses.alexander00(a)gmail.com> --- v2: Changed "From:" The email sent as being from Jens instead of me, sorry again Jens. block/blk-core.c | 4 +++- block/blk-merge.c | 10 ++++++++++ include/linux/blk_types.h | 2 ++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/block/blk-core.c b/block/blk-core.c index b559b9d4f1a2..47ab2d9d02d9 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -2392,7 +2392,9 @@ blk_qc_t generic_make_request(struct bio *bio) if (bio->bi_opf & REQ_NOWAIT) flags = BLK_MQ_REQ_NOWAIT; - if (blk_queue_enter(q, flags) < 0) { + if (bio_flagged(bio, BIO_QUEUE_ENTERED)) + blk_queue_enter_live(q); + else if (blk_queue_enter(q, flags) < 0) { if (!blk_queue_dying(q) && (bio->bi_opf & REQ_NOWAIT)) bio_wouldblock_error(bio); else diff --git a/block/blk-merge.c b/block/blk-merge.c index 782940c65d8a..481dc02668f9 100644 --- a/block/blk-merge.c +++ b/block/blk-merge.c @@ -210,6 +210,16 @@ void blk_queue_split(struct request_queue *q, struct bio **bio) /* there isn't chance to merge the splitted bio */ split->bi_opf |= REQ_NOMERGE; + /* + * Since we're recursing into make_request here, ensure + * that we mark this bio as already having entered the queue. + * If not, and the queue is going away, we can get stuck + * forever on waiting for the queue reference to drop. But + * that will never happen, as we're already holding a + * reference to it. + */ + bio_set_flag(*bio, BIO_QUEUE_ENTERED); + bio_chain(split, *bio); trace_block_split(q, split, (*bio)->bi_iter.bi_sector); generic_make_request(*bio); diff --git a/include/linux/blk_types.h b/include/linux/blk_types.h index 17b18b91ebac..1602bf4ab4cd 100644 --- a/include/linux/blk_types.h +++ b/include/linux/blk_types.h @@ -186,6 +186,8 @@ struct bio { * throttling rules. Don't do it again. */ #define BIO_TRACE_COMPLETION 10 /* bio_endio() should trace the final completion * of this bio. */ +#define BIO_QUEUE_ENTERED 11 /* can use blk_queue_enter_live() */ + /* See BVEC_POOL_OFFSET below before adding new flags */ /* -- 2.18.0

6 years, 11 months

3
6
0 0

[PATCH] ubifs: log: Don't leak kernel memory to the MTD

by Richard Weinberger

ubifs_log_start_commit() allocates a buffer with kmalloc(), this buffer is used to build UBIFS CS and REF nodes, all structure attributes get set, except for the padding field in the ubifs_ref_node. That way we leak 28 bytes of kernel memory to the MTD. Fix it by using kzalloc(). Cc: stable(a)vger.kernel.org Fixes: 1e51764a3c2a ("UBIFS: add new flash file system") Signed-off-by: Richard Weinberger <richard(a)nod.at> --- fs/ubifs/log.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ubifs/log.c b/fs/ubifs/log.c index 7cffa120a750..60d49c6dd470 100644 --- a/fs/ubifs/log.c +++ b/fs/ubifs/log.c @@ -369,7 +369,7 @@ int ubifs_log_start_commit(struct ubifs_info *c, int *ltail_lnum) max_len = UBIFS_CS_NODE_SZ + c->jhead_cnt * UBIFS_REF_NODE_SZ; max_len = ALIGN(max_len, c->min_io_size); - buf = cs = kmalloc(max_len, GFP_NOFS); + buf = cs = kzalloc(max_len, GFP_NOFS); if (!buf) return -ENOMEM; -- 2.18.0

6 years, 11 months

1
0
0 0

[PATCH 2/4] rtc: omap: fix resource leak in registration error path

by Johan Hovold

Make sure to deregister the pin controller in case rtc registration fails. Fixes: 57072758623f ("rtc: omap: switch to rtc_register_device") Cc: stable <stable(a)vger.kernel.org> # 4.14 Cc: Alexandre Belloni <alexandre.belloni(a)free-electrons.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/rtc/rtc-omap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/rtc/rtc-omap.c b/drivers/rtc/rtc-omap.c index c214b69a8787..6a7b804c3074 100644 --- a/drivers/rtc/rtc-omap.c +++ b/drivers/rtc/rtc-omap.c @@ -873,7 +873,7 @@ static int omap_rtc_probe(struct platform_device *pdev) ret = rtc_register_device(rtc->rtc); if (ret) - goto err; + goto err_deregister_pinctrl; rtc_nvmem_register(rtc->rtc, &omap_rtc_nvmem_config); @@ -886,6 +886,8 @@ static int omap_rtc_probe(struct platform_device *pdev) return 0; +err_deregister_pinctrl: + pinctrl_unregister(rtc->pctldev); err: clk_disable_unprepare(rtc->clk); device_init_wakeup(&pdev->dev, false); -- 2.18.0

6 years, 11 months

1
0
0 0

Offerte

by Firma

Sehr geehrte Damen und Herren, ich habe bemerkt, dass Sie Ihr Angebot zum größten Teil an Firmen richten und deswegen möchte ich Ihnen ein Produkt anbieten, welches zur Erhöhung der Anzahl Ihrer Kunden erheblich beitragen wird. Die Datenbanken der Firmen sind in für Sie interessante und relevante Zielgruppen untergliedert. Der neue Katalog enthält 187.764 schweizerische Firmen und stellt solche Daten zur Verfügung wie: Namen der Firma, Firmenanschrift, Kontaktdaten des Firmeninhabers oder des Managers, E-Mail-Adresse, Telefonummer, Faxnummer, Branche usw. http://www.topadressen-ch.net/?page=catalog *** 1. Schweiz 2018 ( 187 764 ) - 149 EUR ( bis zum 04.07.2018 ) *** Die Verwendungsmöglichkeiten der Datenbanken sind praktisch unbegrenzt und Sie können durch Verwendung der von uns entwickelten Programme des personalisierten Versendens von Angeboten u.ä. mittels E-mailing bzw. Fax effektive und sichere Werbekampagnen damit durchführen. Bitte informieren Sie sich über die weiteren Details einmal unverbindlich auf unseren Webseite: http://www.topadressen-ch.net/?page=catalog MfG GL-Team

6 years, 11 months

1
0
0 0

[PATCH] drm/amdgpu: Reserve fence slots for command submission

by Junwei Zhang

From: Michel Dänzer <michel.daenzer(a)amd.com> Without this, there could not be enough slots, which could trigger the BUG_ON in reservation_object_add_shared_fence. v2: * Jump to the error label instead of returning directly (Jerry Zhang) v3: * Reserve slots for command submission after VM updates (Christian König) Cc: stable(a)vger.kernel.org Bugzilla: https://bugs.freedesktop.org/106418 Reported-by: mikhail.v.gavrilov(a)gmail.com Signed-off-by: Michel Dänzer <michel.daenzer(a)amd.com> Signed-off-by: Junwei Zhang <Jerry.Zhang(a)amd.com> --- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c index 7a625f3..1bc0281 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c @@ -928,6 +928,10 @@ static int amdgpu_cs_ib_vm_chunk(struct amdgpu_device *adev, r = amdgpu_bo_vm_update_pte(p); if (r) return r; + + r = reservation_object_reserve_shared(vm->root.base.bo->tbo.resv); + if (r) + return r; } return amdgpu_cs_sync_rings(p); -- 1.9.1

6 years, 11 months

3
2
0 0

v4.14.53 build: 0 failures 0 warnings (v4.14.53)

by Build bot for Mark Brown

Tree/Branch: v4.14.53 Git describe: v4.14.53 Commit: fa745a1bd9 Linux 4.14.53 Build Time: 98 min 43 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig x86_64-allmodconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

6 years, 11 months

1
0
0 0

v3.18.114 build: 0 failures 1 warnings (v3.18.114)

by Build bot for Mark Brown

Tree/Branch: v3.18.114 Git describe: v3.18.114 Commit: e903eb4a70 Linux 3.18.114 Build Time: 45 min 20 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 7 warnings 0 mismatches : x86_64-allmodconfig 2 warnings 0 mismatches : x86_64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 1 9 ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 7 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- x86_64-defconfig : PASS, 0 errors, 2 warnings, 0 section mismatches Warnings: ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ../include/linux/ftrace.h:632:36: warning: calling '__builtin_return_address' with a nonzero argument is unsafe [-Wframe-address] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm64-defconfig

6 years, 11 months

1
0
0 0

[patch 5/5] mm: teach dump_page() to correctly output poisoned struct pages

by akpm＠linux-foundation.org

From: Pavel Tatashin <pasha.tatashin(a)oracle.com> Subject: mm: teach dump_page() to correctly output poisoned struct pages If struct page is poisoned, and uninitialized access is detected via PF_POISONED_CHECK(page) dump_page() is called to output the page. But, the dump_page() itself accesses struct page to determine how to print it, and therefore gets into a recursive loop. For example: dump_page() __dump_page() PageSlab(page) PF_POISONED_CHECK(page) VM_BUG_ON_PGFLAGS(PagePoisoned(page), page) dump_page() recursion loop. Link: http://lkml.kernel.org/r/20180702180536.2552-1-pasha.tatashin@oracle.com Fixes: f165b378bbdf ("mm: uninitialized struct page poisoning sanity checking") Signed-off-by: Pavel Tatashin <pasha.tatashin(a)oracle.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/debug.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff -puN mm/debug.c~mm-teach-dump_page-to-correctly-output-poisoned-struct-pages mm/debug.c --- a/mm/debug.c~mm-teach-dump_page-to-correctly-output-poisoned-struct-pages +++ a/mm/debug.c @@ -43,12 +43,25 @@ const struct trace_print_flags vmaflag_n void __dump_page(struct page *page, const char *reason) { + bool page_poisoned = PagePoisoned(page); + int mapcount; + + /* + * If struct page is poisoned don't access Page*() functions as that + * leads to recursive loop. Page*() check for poisoned pages, and calls + * dump_page() when detected. + */ + if (page_poisoned) { + pr_emerg("page:%px is uninitialized and poisoned", page); + goto hex_only; + } + /* * Avoid VM_BUG_ON() in page_mapcount(). * page->_mapcount space in struct page is used by sl[aou]b pages to * encode own info. */ - int mapcount = PageSlab(page) ? 0 : page_mapcount(page); + mapcount = PageSlab(page) ? 0 : page_mapcount(page); pr_emerg("page:%px count:%d mapcount:%d mapping:%px index:%#lx", page, page_ref_count(page), mapcount, @@ -60,6 +73,7 @@ void __dump_page(struct page *page, cons pr_emerg("flags: %#lx(%pGp)\n", page->flags, &page->flags); +hex_only: print_hex_dump(KERN_ALERT, "raw: ", DUMP_PREFIX_NONE, 32, sizeof(unsigned long), page, sizeof(struct page), false); @@ -68,7 +82,7 @@ void __dump_page(struct page *page, cons pr_alert("page dumped because: %s\n", reason); #ifdef CONFIG_MEMCG - if (page->mem_cgroup) + if (!page_poisoned && page->mem_cgroup) pr_alert("page->mem_cgroup:%px\n", page->mem_cgroup); #endif } _

6 years, 11 months

1
0
0 0

[patch 2/5] mm: hugetlb: yield when prepping struct pages

by akpm＠linux-foundation.org

From: Cannon Matthews <cannonmatthews(a)google.com> Subject: mm: hugetlb: yield when prepping struct pages When booting with very large numbers of gigantic (i.e. 1G) pages, the operations in the loop of gather_bootmem_prealloc, and specifically prep_compound_gigantic_page, takes a very long time, and can cause a softlockup if enough pages are requested at boot. For example booting with 3844 1G pages requires prepping (set_compound_head, init the count) over 1 billion 4K tail pages, which takes considerable time. Add a cond_resched() to the outer loop in gather_bootmem_prealloc() to prevent this lockup. Tested: Booted with softlockup_panic=1 hugepagesz=1G hugepages=3844 and no softlockup is reported, and the hugepages are reported as successfully setup. Link: http://lkml.kernel.org/r/20180627214447.260804-1-cannonmatthews@google.com Signed-off-by: Cannon Matthews <cannonmatthews(a)google.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Reviewed-by: Mike Kravetz <mike.kravetz(a)oracle.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Andres Lagar-Cavilla <andreslc(a)google.com> Cc: Peter Feiner <pfeiner(a)google.com> Cc: Greg Thelen <gthelen(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 1 + 1 file changed, 1 insertion(+) diff -puN mm/hugetlb.c~mm-hugetlb-yield-when-prepping-struct-pages mm/hugetlb.c --- a/mm/hugetlb.c~mm-hugetlb-yield-when-prepping-struct-pages +++ a/mm/hugetlb.c @@ -2163,6 +2163,7 @@ static void __init gather_bootmem_preall */ if (hstate_is_gigantic(h)) adjust_managed_page_count(page, 1 << h->order); + cond_resched(); } } _

6 years, 11 months

1
0
0 0

[patch 1/5] userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access

by akpm＠linux-foundation.org

From: Janosch Frank <frankja(a)linux.ibm.com> Subject: userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access Use huge_ptep_get() to translate huge ptes to normal ptes so we can check them with the huge_pte_* functions. Otherwise some architectures will check the wrong values and will not wait for userspace to bring in the memory. Link: http://lkml.kernel.org/r/20180626132421.78084-1-frankja@linux.ibm.com Fixes: 369cd2121be4 ("userfaultfd: hugetlbfs: userfaultfd_huge_must_wait for hugepmd ranges") Signed-off-by: Janosch Frank <frankja(a)linux.ibm.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/userfaultfd.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff -puN fs/userfaultfd.c~userfaultfd-hugetlbfs-fix-userfaultfd_huge_must_wait-pte-access fs/userfaultfd.c --- a/fs/userfaultfd.c~userfaultfd-hugetlbfs-fix-userfaultfd_huge_must_wait-pte-access +++ a/fs/userfaultfd.c @@ -222,24 +222,26 @@ static inline bool userfaultfd_huge_must unsigned long reason) { struct mm_struct *mm = ctx->mm; - pte_t *pte; + pte_t *ptep, pte; bool ret = true; VM_BUG_ON(!rwsem_is_locked(&mm->mmap_sem)); - pte = huge_pte_offset(mm, address, vma_mmu_pagesize(vma)); - if (!pte) + ptep = huge_pte_offset(mm, address, vma_mmu_pagesize(vma)); + + if (!ptep) goto out; ret = false; + pte = huge_ptep_get(ptep); /* * Lockless access: we're in a wait_event so it's ok if it * changes under us. */ - if (huge_pte_none(*pte)) + if (huge_pte_none(pte)) ret = true; - if (!huge_pte_write(*pte) && (reason & VM_UFFD_WP)) + if (!huge_pte_write(pte) && (reason & VM_UFFD_WP)) ret = true; out: return ret; _

6 years, 11 months

1
0
0 0

+ mm-fix-locked-field-in-proc-pid-smaps.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: fs/proc/task_mmu.c: fix Locked field in /proc/pid/smaps* has been added to the -mm tree. Its filename is mm-fix-locked-field-in-proc-pid-smaps.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-fix-locked-field-in-proc-pid-sm… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-fix-locked-field-in-proc-pid-sm… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Vlastimil Babka <vbabka(a)suse.cz> Subject: fs/proc/task_mmu.c: fix Locked field in /proc/pid/smaps* Thomas reports: : While looking around in /proc on my v4.14.52 system I noticed that : all processes got a lot of "Locked" memory in /proc/*/smaps. A lot : more memory than a regular user can usually lock with mlock(). : : commit 493b0e9d945fa9dfe96be93ae41b4ca4b6fdb317 (v4.14-rc1) seems : to have changed the behavior of "Locked". : : Before that commit the code was like this. Notice the VM_LOCKED : check. : : (vma->vm_flags & VM_LOCKED) ? : (unsigned long)(mss.pss >> (10 + PSS_SHIFT)) : 0); : : After that commit Locked is now the same as Pss. This looks like a : mistake. : : (unsigned long)(mss->pss >> (10 + PSS_SHIFT))); Indeed, the commit has added mss->pss_locked with the correct value that depends on VM_LOCKED, but forgot to actually use it. Fix it. Link: http://lkml.kernel.org/r/ebf6c7fb-fec3-6a26-544f-710ed193c154@suse.cz Fixes: 493b0e9d945f ("mm: add /proc/pid/smaps_rollup") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Reported-by: Thomas Lindroth <thomas.lindroth(a)gmail.com> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff -puN fs/proc/task_mmu.c~mm-fix-locked-field-in-proc-pid-smaps fs/proc/task_mmu.c --- a/fs/proc/task_mmu.c~mm-fix-locked-field-in-proc-pid-smaps +++ a/fs/proc/task_mmu.c @@ -831,7 +831,8 @@ static int show_smap(struct seq_file *m, SEQ_PUT_DEC(" kB\nSwap: ", mss->swap); SEQ_PUT_DEC(" kB\nSwapPss: ", mss->swap_pss >> PSS_SHIFT); - SEQ_PUT_DEC(" kB\nLocked: ", mss->pss >> PSS_SHIFT); + SEQ_PUT_DEC(" kB\nLocked: ", + mss->pss_locked >> PSS_SHIFT); seq_puts(m, " kB\n"); } if (!rollup_mode) { _ Patches currently in -mm which might be from vbabka(a)suse.cz are mm-page_alloc-actually-ignore-mempolicies-for-high-priority-allocations.patch mm-fix-locked-field-in-proc-pid-smaps.patch

6 years, 11 months

1
0
0 0

v4.9.111 build: 0 failures 0 warnings (v4.9.111)

by Build bot for Mark Brown

Tree/Branch: v4.9.111 Git describe: v4.9.111 Commit: e692f66fab Linux 4.9.111 Build Time: 83 min 48 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig x86_64-allmodconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

6 years, 11 months

1
0
0 0

[PATCH 2/2] drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit()

by Lyude Paul

A CRTC being enabled doesn't mean it's on! It doesn't even necessarily mean it's being used. This fixes runtime PM leaks on the P50 I've got next to me. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv50/disp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index d9da69c83ae7..9bae4db84cfb 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -1878,7 +1878,7 @@ nv50_disp_atomic_commit(struct drm_device *dev, nv50_disp_atomic_commit_tail(state); drm_for_each_crtc(crtc, dev) { - if (crtc->state->enable) { + if (crtc->state->active) { if (!drm->have_disp_power_ref) { drm->have_disp_power_ref = true; return 0; -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH 1/2] drm/nouveau: Fix runtime PM leak in drm_open()

by Lyude Paul

Noticed this as I was skimming through, if we fail to allocate memory for cli we'll end up returning without dropping the runtime PM ref we got. Additionally, we'll even return the wrong return code! (ret most likely will == 0 here, we want -ENOMEM). Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/nouveau_drm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index 0452b18d36b9..0f668e275ee1 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -919,8 +919,10 @@ nouveau_drm_open(struct drm_device *dev, struct drm_file *fpriv) get_task_comm(tmpname, current); snprintf(name, sizeof(name), "%s[%d]", tmpname, pid_nr(fpriv->pid)); - if (!(cli = kzalloc(sizeof(*cli), GFP_KERNEL))) - return ret; + if (!(cli = kzalloc(sizeof(*cli), GFP_KERNEL))) { + ret = -ENOMEM; + goto done; + } ret = nouveau_cli_init(drm, name, cli); if (ret) -- 2.17.1

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] f2fs: truncate preallocated blocks in error case" failed to apply to 4.16-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.16-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From dc7a10ddee0c56c6d891dd18de5c4ee9869545e0 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim <jaegeuk(a)kernel.org> Date: Fri, 30 Mar 2018 17:58:13 -0700 Subject: [PATCH] f2fs: truncate preallocated blocks in error case If write is failed, we must deallocate the blocks that we couldn't write. Cc: stable(a)vger.kernel.org Reviewed-by: Chao Yu <yuchao0(a)huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 8068b015ece5..6b94f19b3fa8 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2911,6 +2911,8 @@ static ssize_t f2fs_file_write_iter(struct kiocb *iocb, struct iov_iter *from) ret = generic_write_checks(iocb, from); if (ret > 0) { + bool preallocated = false; + size_t target_size = 0; int err; if (iov_iter_fault_in_readable(from, iov_iter_count(from))) @@ -2927,6 +2929,9 @@ static ssize_t f2fs_file_write_iter(struct kiocb *iocb, struct iov_iter *from) } } else { + preallocated = true; + target_size = iocb->ki_pos + iov_iter_count(from); + err = f2fs_preallocate_blocks(iocb, from); if (err) { clear_inode_flag(inode, FI_NO_PREALLOC); @@ -2939,6 +2944,10 @@ static ssize_t f2fs_file_write_iter(struct kiocb *iocb, struct iov_iter *from) blk_finish_plug(&plug); clear_inode_flag(inode, FI_NO_PREALLOC); + /* if we couldn't write data, we should deallocate blocks. */ + if (preallocated && i_size_read(inode) < target_size) + f2fs_truncate(inode); + if (ret > 0) f2fs_update_iostat(F2FS_I_SB(inode), APP_WRITE_IO, ret); }

6 years, 11 months

2
1
0 0

[PATCH v3] stop_machine: Disable preemption when waking two stopper threads

by Isaac J. Manjarres

When cpu_stop_queue_two_works() begins to wake the stopper threads, it does so without preemption disabled, which leads to the following race condition: The source CPU calls cpu_stop_queue_two_works(), with cpu1 as the source CPU, and cpu2 as the destination CPU. When adding the stopper threads to the wake queue used in this function, the source CPU stopper thread is added first, and the destination CPU stopper thread is added last. When wake_up_q() is invoked to wake the stopper threads, the threads are woken up in the order that they are queued in, so the source CPU's stopper thread is woken up first, and it preempts the thread running on the source CPU. The stopper thread will then execute on the source CPU, disable preemption, and begin executing multi_cpu_stop(), and wait for an ack from the destination CPU's stopper thread, with preemption still disabled. Since the worker thread that woke up the stopper thread on the source CPU is affine to the source CPU, and preemption is disabled on the source CPU, that thread will never run to dequeue the destination CPU's stopper thread from the wake queue, and thus, the destination CPU's stopper thread will never run, causing the source CPU's stopper thread to wait forever, and stall. Disable preemption when waking the stopper threads in cpu_stop_queue_two_works(). Fixes: 0b26351b910f ("stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock") Co-Developed-by: Prasad Sodagudi <psodagud(a)codeaurora.org> Co-Developed-by: Pavankumar Kondeti <pkondeti(a)codeaurora.org> Signed-off-by: Isaac J. Manjarres <isaacm(a)codeaurora.org> Signed-off-by: Prasad Sodagudi <psodagud(a)codeaurora.org> Signed-off-by: Pavankumar Kondeti <pkondeti(a)codeaurora.org> Cc: stable(a)vger.kernel.org --- kernel/stop_machine.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/stop_machine.c b/kernel/stop_machine.c index f89014a..1ff523d 100644 --- a/kernel/stop_machine.c +++ b/kernel/stop_machine.c @@ -270,7 +270,11 @@ static int cpu_stop_queue_two_works(int cpu1, struct cpu_stop_work *work1, goto retry; } - wake_up_q(&wakeq); + if (!err) { + preempt_disable(); + wake_up_q(&wakeq); + preempt_enable(); + } return err; } -- The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project

6 years, 11 months

1
0
0 0

[v4.17-stable 0/5] Fix DM DAX handling

by Ross Zwisler

This is a v4.17-stable backport of my "Fix DM DAX handling" series which had backport collisions. Greg, please let me know if I need to adjust anything in my backport formatting. Darrick J. Wong (1): fs: allow per-device dax status checking for filesystems Dave Jiang (1): dax: change bdev_dax_supported() to support boolean returns Ross Zwisler (3): pmem: only set QUEUE_FLAG_DAX for fsdax mode dax: bdev_dax_supported() check for QUEUE_FLAG_DAX dm: prevent DAX mounts if not supported drivers/dax/super.c | 48 ++++++++++++++++++++++++++++-------------------- drivers/md/dm-table.c | 7 ++++--- drivers/md/dm.c | 3 +-- drivers/nvdimm/pmem.c | 3 ++- fs/ext2/super.c | 3 +-- fs/ext4/super.c | 3 +-- fs/xfs/xfs_ioctl.c | 3 ++- fs/xfs/xfs_iops.c | 30 +++++++++++++++++++++++++----- fs/xfs/xfs_super.c | 10 ++++++++-- include/linux/dax.h | 11 ++++++----- 10 files changed, 78 insertions(+), 43 deletions(-) -- 2.14.4

6 years, 11 months

1
6
0 0

[PATCH] block: don't use blocking queue entered for recursive bio submits

by Jens Axboe

commit cd4a4ae4683dc2e09380118e205e057896dcda2b upstream. If we end up splitting a bio and the queue goes away between the initial submission and the later split submission, then we can block forever in blk_queue_enter() waiting for the reference to drop to zero. This will never happen, since we already hold a reference. Mark a split bio as already having entered the queue, so we can just use the live non-blocking queue enter variant. Thanks to Tetsuo Handa for the analysis. We're running fio tests and the tasks get stuck in a D state forever when systemd-udevd tries to read the partition table. This patch solves it. Please apply to 4.17 stable. Reported-by: syzbot+c4f9cebf9d651f6e54de(a)syzkaller.appspotmail.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Alexandru Moise <00moses.alexander00(a)gmail.com> --- block/blk-core.c | 4 +++- block/blk-merge.c | 10 ++++++++++ include/linux/blk_types.h | 2 ++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/block/blk-core.c b/block/blk-core.c index b559b9d4f1a2..47ab2d9d02d9 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -2392,7 +2392,9 @@ blk_qc_t generic_make_request(struct bio *bio) if (bio->bi_opf & REQ_NOWAIT) flags = BLK_MQ_REQ_NOWAIT; - if (blk_queue_enter(q, flags) < 0) { + if (bio_flagged(bio, BIO_QUEUE_ENTERED)) + blk_queue_enter_live(q); + else if (blk_queue_enter(q, flags) < 0) { if (!blk_queue_dying(q) && (bio->bi_opf & REQ_NOWAIT)) bio_wouldblock_error(bio); else diff --git a/block/blk-merge.c b/block/blk-merge.c index 782940c65d8a..481dc02668f9 100644 --- a/block/blk-merge.c +++ b/block/blk-merge.c @@ -210,6 +210,16 @@ void blk_queue_split(struct request_queue *q, struct bio **bio) /* there isn't chance to merge the splitted bio */ split->bi_opf |= REQ_NOMERGE; + /* + * Since we're recursing into make_request here, ensure + * that we mark this bio as already having entered the queue. + * If not, and the queue is going away, we can get stuck + * forever on waiting for the queue reference to drop. But + * that will never happen, as we're already holding a + * reference to it. + */ + bio_set_flag(*bio, BIO_QUEUE_ENTERED); + bio_chain(split, *bio); trace_block_split(q, split, (*bio)->bi_iter.bi_sector); generic_make_request(*bio); diff --git a/include/linux/blk_types.h b/include/linux/blk_types.h index 17b18b91ebac..1602bf4ab4cd 100644 --- a/include/linux/blk_types.h +++ b/include/linux/blk_types.h @@ -186,6 +186,8 @@ struct bio { * throttling rules. Don't do it again. */ #define BIO_TRACE_COMPLETION 10 /* bio_endio() should trace the final completion * of this bio. */ +#define BIO_QUEUE_ENTERED 11 /* can use blk_queue_enter_live() */ + /* See BVEC_POOL_OFFSET below before adding new flags */ /* -- 2.18.0

6 years, 11 months

3
2
0 0

[PATCH] drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs

by Lyude Paul

Currently nouveau doesn't actually expose the state debugfs file that's usually provided for any modesetting driver that supports atomic, even if nouveau is loaded with atomic=1. This is due to the fact that the standard debugfs files that DRM creates for atomic drivers is called when drm_get_pci_dev() is called from nouveau_drm.c. This happens well before we've initialized the display core, which is currently responsible for setting the DRIVER_ATOMIC cap. So, move the atomic option into nouveau_drm.c and just add the DRIVER_ATOMIC cap whenever it's enabled on the kernel commandline. This shouldn't cause any actual issues, as the atomic ioctl will still fail as expected even if the display core doesn't disable it until later in the init sequence. This also provides the added benefit of being able to use the state debugfs file to check the current display state even if clients aren't allowed to modify it through anything other than the legacy ioctls. Additionally, disable the DRIVER_ATOMIC cap in nv04's display core, as this was already disabled there previously. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/dispnv04/disp.c | 3 +++ drivers/gpu/drm/nouveau/dispnv50/disp.c | 6 ------ drivers/gpu/drm/nouveau/nouveau_drm.c | 7 +++++++ 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/nouveau/dispnv04/disp.c b/drivers/gpu/drm/nouveau/dispnv04/disp.c index 501d2d290e9c..70dce544984e 100644 --- a/drivers/gpu/drm/nouveau/dispnv04/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv04/disp.c @@ -55,6 +55,9 @@ nv04_display_create(struct drm_device *dev) nouveau_display(dev)->init = nv04_display_init; nouveau_display(dev)->fini = nv04_display_fini; + /* Pre-nv50 doesn't support atomic, so don't expose the ioctls */ + dev->driver->driver_features &= ~DRIVER_ATOMIC; + nouveau_hw_save_vga_fonts(dev, 1); nv04_crtc_create(dev, 0); diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c index 9382e99a0bc7..d9da69c83ae7 100644 --- a/drivers/gpu/drm/nouveau/dispnv50/disp.c +++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c @@ -2126,10 +2126,6 @@ nv50_display_destroy(struct drm_device *dev) kfree(disp); } -MODULE_PARM_DESC(atomic, "Expose atomic ioctl (default: disabled)"); -static int nouveau_atomic = 0; -module_param_named(atomic, nouveau_atomic, int, 0400); - int nv50_display_create(struct drm_device *dev) { @@ -2154,8 +2150,6 @@ nv50_display_create(struct drm_device *dev) disp->disp = &nouveau_display(dev)->disp; dev->mode_config.funcs = &nv50_disp_func; dev->driver->driver_features |= DRIVER_PREFER_XBGR_30BPP; - if (nouveau_atomic) - dev->driver->driver_features |= DRIVER_ATOMIC; /* small shared memory area we use for notifiers and semaphores */ ret = nouveau_bo_new(&drm->client, 4096, 0x1000, TTM_PL_FLAG_VRAM, diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.c b/drivers/gpu/drm/nouveau/nouveau_drm.c index 775443c9af94..0452b18d36b9 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.c +++ b/drivers/gpu/drm/nouveau/nouveau_drm.c @@ -81,6 +81,10 @@ MODULE_PARM_DESC(modeset, "enable driver (default: auto, " int nouveau_modeset = -1; module_param_named(modeset, nouveau_modeset, int, 0400); +MODULE_PARM_DESC(atomic, "Expose atomic ioctl (default: disabled)"); +static int nouveau_atomic = 0; +module_param_named(atomic, nouveau_atomic, int, 0400); + MODULE_PARM_DESC(runpm, "disable (0), force enable (1), optimus only default (-1)"); static int nouveau_runtime_pm = -1; module_param_named(runpm, nouveau_runtime_pm, int, 0400); @@ -509,6 +513,9 @@ static int nouveau_drm_probe(struct pci_dev *pdev, pci_set_master(pdev); + if (nouveau_atomic) + driver_pci.driver_features |= DRIVER_ATOMIC; + ret = drm_get_pci_dev(pdev, pent, &driver_pci); if (ret) { nvkm_device_del(&device); -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH] ib_srpt: Fix a use-after-free in __srpt_close_all_ch()

by Bart Van Assche

BUG: KASAN: use-after-free in srpt_set_enabled+0x1a9/0x1e0 [ib_srpt] Read of size 4 at addr ffff8801269d23f8 by task check/29726 CPU: 4 PID: 29726 Comm: check Not tainted 4.18.0-rc2-dbg+ #4 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014 Call Trace: dump_stack+0xa4/0xf5 print_address_description+0x6f/0x270 kasan_report+0x241/0x360 __asan_load4+0x78/0x80 srpt_set_enabled+0x1a9/0x1e0 [ib_srpt] srpt_tpg_enable_store+0xb8/0x120 [ib_srpt] configfs_write_file+0x14e/0x1d0 [configfs] __vfs_write+0xd2/0x3b0 vfs_write+0x101/0x270 ksys_write+0xab/0x120 __x64_sys_write+0x43/0x50 do_syscall_64+0x77/0x230 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f235cfe6154 Fixes: aaf45bd83eba ("IB/srpt: Detect session shutdown reliably") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: <stable(a)vger.kernel.org> --- drivers/infiniband/ulp/srpt/ib_srpt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.c b/drivers/infiniband/ulp/srpt/ib_srpt.c index 36d9fab7c998..3acb0c16b7ac 100644 --- a/drivers/infiniband/ulp/srpt/ib_srpt.c +++ b/drivers/infiniband/ulp/srpt/ib_srpt.c @@ -1941,8 +1941,8 @@ static void __srpt_close_all_ch(struct srpt_port *sport) list_for_each_entry(nexus, &sport->nexus_list, entry) { list_for_each_entry(ch, &nexus->ch_list, list) { if (srpt_disconnect_ch(ch) >= 0) - pr_info("Closing channel %s-%d because target %s_%d has been disabled\n", - ch->sess_name, ch->qp->qp_num, + pr_info("Closing channel %s because target %s_%d has been disabled\n", + ch->sess_name, sport->sdev->device->name, sport->port); srpt_close_ch(ch); } -- 2.18.0

6 years, 11 months

2
1
0 0

[PATCH] ib_srpt: Fix a use-after-free in srpt_close_ch()

by Bart Van Assche

Avoid that KASAN reports the following: BUG: KASAN: use-after-free in srpt_close_ch+0x4f/0x1b0 [ib_srpt] Read of size 4 at addr ffff880151180cb8 by task check/4681 CPU: 15 PID: 4681 Comm: check Not tainted 4.18.0-rc2-dbg+ #4 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014 Call Trace: dump_stack+0xa4/0xf5 print_address_description+0x6f/0x270 kasan_report+0x241/0x360 __asan_load4+0x78/0x80 srpt_close_ch+0x4f/0x1b0 [ib_srpt] srpt_set_enabled+0xf7/0x1e0 [ib_srpt] srpt_tpg_enable_store+0xb8/0x120 [ib_srpt] configfs_write_file+0x14e/0x1d0 [configfs] __vfs_write+0xd2/0x3b0 vfs_write+0x101/0x270 ksys_write+0xab/0x120 __x64_sys_write+0x43/0x50 do_syscall_64+0x77/0x230 entry_SYSCALL_64_after_hwframe+0x49/0xbe Fixes: aaf45bd83eba ("IB/srpt: Detect session shutdown reliably") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: <stable(a)vger.kernel.org> --- drivers/infiniband/ulp/srpt/ib_srpt.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.c b/drivers/infiniband/ulp/srpt/ib_srpt.c index 3acb0c16b7ac..e42eec20c631 100644 --- a/drivers/infiniband/ulp/srpt/ib_srpt.c +++ b/drivers/infiniband/ulp/srpt/ib_srpt.c @@ -1834,8 +1834,7 @@ static bool srpt_close_ch(struct srpt_rdma_ch *ch) int ret; if (!srpt_set_ch_state(ch, CH_DRAINING)) { - pr_debug("%s-%d: already closed\n", ch->sess_name, - ch->qp->qp_num); + pr_debug("%s: already closed\n", ch->sess_name); return false; } -- 2.18.0

6 years, 11 months

2
1
0 0

patch "Drivers: hv: vmbus: Fix the offer_in_progress in" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Drivers: hv: vmbus: Fix the offer_in_progress in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 50229128727f7e11840ca1b2b501f880818d56b6 Mon Sep 17 00:00:00 2001 From: Dexuan Cui <decui(a)microsoft.com> Date: Tue, 5 Jun 2018 13:37:52 -0700 Subject: Drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer() I didn't really hit a real bug, but just happened to spot the bug: we have decreased the counter at the beginning of vmbus_process_offer(), so we mustn't decrease it again. Fixes: 6f3d791f3006 ("Drivers: hv: vmbus: Fix rescind handling issues") Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: stable(a)vger.kernel.org Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Stable <stable(a)vger.kernel.org> # 4.14 and above Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hv/channel_mgmt.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c index ecc2bd275a73..f3b551a50653 100644 --- a/drivers/hv/channel_mgmt.c +++ b/drivers/hv/channel_mgmt.c @@ -527,10 +527,8 @@ static void vmbus_process_offer(struct vmbus_channel *newchannel) struct hv_device *dev = newchannel->primary_channel->device_obj; - if (vmbus_add_channel_kobj(dev, newchannel)) { - atomic_dec(&vmbus_connection.offer_in_progress); + if (vmbus_add_channel_kobj(dev, newchannel)) goto err_free_chan; - } if (channel->sc_creation_callback != NULL) channel->sc_creation_callback(newchannel); -- 2.18.0

6 years, 11 months

1
0
0 0

Linux 3.18.114

by Philip Müller

Hi Greg, for this kernel there are now patches generated on kernel.org homepage. Best, Philip

6 years, 11 months

2
3
0 0

+ mm-do-not-drop-unused-pages-when-userfaultd-is-running.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: do not drop unused pages when userfaultd is running has been added to the -mm tree. Its filename is mm-do-not-drop-unused-pages-when-userfaultd-is-running.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-do-not-drop-unused-pages-when-u… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-do-not-drop-unused-pages-when-u… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Christian Borntraeger <borntraeger(a)de.ibm.com> Subject: mm: do not drop unused pages when userfaultd is running KVM guests on s390 can notify the host of unused pages. This can result in pte_unused callbacks to be true for KVM guest memory. If a page is unused (checked with pte_unused) we might drop this page instead of paging it. This can have side-effects on userfaultd, when the page in question was already migrated: The next access of that page will trigger a fault and a user fault instead of faulting in a new and empty zero page. As QEMU does not expect a userfault on an already migrated page this migration will fail. The most straightforward solution is to ignore the pte_unused hint if a userfault context is active for this VMA. Link: http://lkml.kernel.org/r/20180703171854.63981-1-borntraeger@de.ibm.com Signed-off-by: Christian Borntraeger <borntraeger(a)de.ibm.com> Cc: Martin Schwidefsky <schwidefsky(a)de.ibm.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Mike Rapoport <rppt(a)linux.vnet.ibm.com> Cc: Janosch Frank <frankja(a)linux.ibm.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Cornelia Huck <cohuck(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/rmap.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff -puN mm/rmap.c~mm-do-not-drop-unused-pages-when-userfaultd-is-running mm/rmap.c --- a/mm/rmap.c~mm-do-not-drop-unused-pages-when-userfaultd-is-running +++ a/mm/rmap.c @@ -64,6 +64,7 @@ #include <linux/backing-dev.h> #include <linux/page_idle.h> #include <linux/memremap.h> +#include <linux/userfaultfd_k.h> #include <asm/tlbflush.h> @@ -1481,11 +1482,16 @@ static bool try_to_unmap_one(struct page set_pte_at(mm, address, pvmw.pte, pteval); } - } else if (pte_unused(pteval)) { + } else if (pte_unused(pteval) && !userfaultfd_armed(vma)) { /* * The guest indicated that the page content is of no * interest anymore. Simply discard the pte, vmscan * will take care of the rest. + * A future reference will then fault in a new zero + * page. When userfaultfd is active, we must not drop + * this page though, as its main user (postcopy + * migration) will not expect userfaults on already + * copied pages. */ dec_mm_counter(mm, mm_counter(page)); /* We have to invalidate as we cleared the pte */ _ Patches currently in -mm which might be from borntraeger(a)de.ibm.com are mm-do-not-drop-unused-pages-when-userfaultd-is-running.patch

6 years, 11 months

1
0
0 0

v4.4.139 build: 0 failures 31 warnings (v4.4.139)

by Build bot for Mark Brown

Tree/Branch: v4.4.139 Git describe: v4.4.139 Commit: 16af098616 Linux 4.4.139 Build Time: 63 min 11 sec Passed: 10 / 10 (100.00 %) Failed: 0 / 10 ( 0.00 %) Errors: 0 Warnings: 31 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 19 warnings 0 mismatches : arm64-allmodconfig 17 warnings 0 mismatches : x86_64-allmodconfig ------------------------------------------------------------------------------- Warnings Summary: 31 3 warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) 2 ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=] 2 ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 2 ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2752 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2720 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:4759:1: warning: the frame size of 2056 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2096 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 6784 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5864 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5840 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2304 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2288 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2104 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2552 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2544 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3264 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3248 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 3008 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 2992 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5296 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv0367.c:3147:1: warning: the frame size of 4144 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/stv0367.c:2490:1: warning: the frame size of 3424 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2984 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2976 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4336 bytes is larger than 2048 bytes [-Wframe-larger-than=] 1 ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4328 bytes is larger than 2048 bytes [-Wframe-larger-than=] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 19 warnings, 0 section mismatches Warnings: warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) warning: (IMA) selects TCG_CRB which has unmet direct dependencies (TCG_TPM && X86 && ACPI) ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 2992 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2288 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3248 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2544 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5840 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 6784 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv0367.c:2490:1: warning: the frame size of 3424 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2976 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4336 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2720 bytes is larger than 2048 bytes [-Wframe-larger-than=] ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 17 warnings, 0 section mismatches Warnings: ../drivers/media/dvb-frontends/stv090x.c:1858:1: warning: the frame size of 3008 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2141:1: warning: the frame size of 2104 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2513:1: warning: the frame size of 2304 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4565:1: warning: the frame size of 2096 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1956:1: warning: the frame size of 3264 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1599:1: warning: the frame size of 5296 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1211:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4250:1: warning: the frame size of 4832 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:4759:1: warning: the frame size of 2056 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:1168:1: warning: the frame size of 2080 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:2073:1: warning: the frame size of 2552 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3095:1: warning: the frame size of 5864 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv090x.c:3436:1: warning: the frame size of 5280 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/stv0367.c:3147:1: warning: the frame size of 4144 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2401:1: warning: the frame size of 2984 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/media/dvb-frontends/cxd2841er.c:2282:1: warning: the frame size of 4328 bytes is larger than 2048 bytes [-Wframe-larger-than=] ../drivers/net/ethernet/rocker/rocker.c:2172:1: warning: the frame size of 2752 bytes is larger than 2048 bytes [-Wframe-larger-than=] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm64-defconfig

6 years, 11 months

1
0
0 0

[PATCH 1/9] dm-integrity: change the variable suspending from bool to int

by Mikulas Patocka

The early alpha processors can't write a byte or short atomically - they read 8 bytes, modify the byte or two bytes in registers and write back 8 bytes. The modification of the variable "suspending" may race with modification of the variable "failed". This patch changes suspending to an int. Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Cc: stable(a)vger.kernel.org --- drivers/md/dm-integrity.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Index: linux-2.6/drivers/md/dm-integrity.c =================================================================== --- linux-2.6.orig/drivers/md/dm-integrity.c 2018-06-29 23:13:54.990000000 +0200 +++ linux-2.6/drivers/md/dm-integrity.c 2018-06-29 23:13:54.980000000 +0200 @@ -178,7 +178,7 @@ struct dm_integrity_c { __u8 sectors_per_block; unsigned char mode; - bool suspending; + int suspending; int failed; @@ -2214,7 +2214,7 @@ static void dm_integrity_postsuspend(str del_timer_sync(&ic->autocommit_timer); - ic->suspending = true; + WRITE_ONCE(ic->suspending, 1); queue_work(ic->commit_wq, &ic->commit_work); drain_workqueue(ic->commit_wq); @@ -2224,7 +2224,7 @@ static void dm_integrity_postsuspend(str dm_integrity_flush_buffers(ic); } - ic->suspending = false; + WRITE_ONCE(ic->suspending, 0); BUG_ON(!RB_EMPTY_ROOT(&ic->in_progress));

6 years, 11 months

1
0
0 0

linux-4.14.y build: 0 failures 0 warnings (v4.14.52-158-gfa745a1bd983)

by Build bot for Mark Brown

Tree/Branch: linux-4.14.y Git describe: v4.14.52-158-gfa745a1bd983 Commit: fa745a1bd9 Linux 4.14.53 Build Time: 98 min 39 sec Passed: 11 / 11 (100.00 %) Failed: 0 / 11 ( 0.00 %) Errors: 0 Warnings: 0 Section Mismatches: 0 ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig x86_64-allmodconfig arm64-defconfig close failed in file object destructor: sys.excepthook is missing lost sys.stderr

6 years, 11 months

1
0
0 0

[PATCH 1/4] drm/i915: Fix PIPESTATE irq ack on i965/g4x

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> On i965/g4x IIR is edge triggered. So in order for IIR to notice that there is still a pending interrupt we have to force and edge in ISR. For the ISR/IIR pipe event bits we can do that by temporarily clearing all the PIPESTAT enable bits when we ack the status bits. This will force the ISR pipe event bit low, and it can then go back high when we restore the PIPESTAT enable bits. This avoids the following race: 1. stat = read(PIPESTAT) 2. an enabled PIPESTAT status bit goes high 3. write(PIPESTAT, enable|stat); 4. write(IIR, PIPE_EVENT) The end result is IIR==0 and ISR!=0. This can lead to nasty vblank wait/flip_done timeouts if another interrupt source doesn't trick us into looking at the PIPESTAT status bits despite the IIR PIPE_EVENT bit being low. Before i965 IIR was level triggered so this problem can't actually happen there. And curiously VLV/CHV went back to the level triggered scheme as well. But for simplicity we'll use the same i965/g4x compatible code for all platforms. Cc: stable(a)vger.kernel.org Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=106033 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105225 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=106030 Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/i915_irq.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c index 2fd92a886789..364e1c85315e 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c @@ -1893,9 +1893,17 @@ static void i9xx_pipestat_irq_ack(struct drm_i915_private *dev_priv, /* * Clear the PIPE*STAT regs before the IIR + * + * Toggle the enable bits to make sure we get an + * edge in the ISR pipe event bit if we don't clear + * all the enabled status bits. Otherwise the edge + * triggered IIR on i965/g4x wouldn't notice that + * an interrupt is still pending. */ - if (pipe_stats[pipe]) - I915_WRITE(reg, enable_mask | pipe_stats[pipe]); + if (pipe_stats[pipe]) { + I915_WRITE(reg, pipe_stats[pipe]); + I915_WRITE(reg, enable_mask); + } } spin_unlock(&dev_priv->irq_lock); } -- 2.16.4

6 years, 11 months

4
9
0 0

Linux 4.17.4

by Greg KH

I'm announcing the release of the 4.17.4 kernel. All users of the 4.17 kernel series must upgrade. The updated 4.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.17.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-class-cxl | 4 Documentation/core-api/printk-formats.rst | 3 Makefile | 2 arch/arm/boot/dts/mt7623.dtsi | 3 arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts | 1 arch/arm/boot/dts/mt7623n-rfb.dtsi | 1 arch/arm/boot/dts/socfpga.dtsi | 4 arch/arm/boot/dts/socfpga_arria10.dtsi | 5 arch/arm/boot/dts/sun8i-h3-libretech-all-h3-cc.dts | 8 arch/arm/include/asm/kgdb.h | 2 arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 6 arch/arm64/boot/dts/amlogic/meson-gx.dtsi | 6 arch/arm64/boot/dts/amlogic/meson-gxl-s905x-libretech-cc.dts | 3 arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 8 arch/arm64/boot/dts/marvell/armada-cp110.dtsi | 2 arch/arm64/crypto/aes-glue.c | 2 arch/arm64/kernel/cpufeature.c | 2 arch/arm64/kernel/signal.c | 5 arch/arm64/mm/proc.S | 5 arch/m68k/mac/config.c | 2 arch/m68k/mm/kmap.c | 3 arch/mips/ath79/mach-pb44.c | 2 arch/mips/bcm47xx/setup.c | 6 arch/mips/include/asm/io.h | 2 arch/mips/include/asm/mipsregs.h | 3 arch/mips/kernel/mcount.S | 27 +- arch/powerpc/Makefile | 1 arch/powerpc/kernel/dt_cpu_ftrs.c | 3 arch/powerpc/kernel/entry_64.S | 1 arch/powerpc/kernel/fadump.c | 3 arch/powerpc/kernel/hw_breakpoint.c | 4 arch/powerpc/kernel/ptrace.c | 1 arch/powerpc/mm/pkeys.c | 4 arch/powerpc/mm/tlb-radix.c | 2 arch/powerpc/perf/imc-pmu.c | 4 arch/powerpc/platforms/powernv/copy-paste.h | 3 arch/powerpc/platforms/powernv/idle.c | 4 arch/powerpc/platforms/powernv/pci-ioda.c | 1 arch/um/drivers/vector_kern.c | 20 + arch/x86/entry/entry_64_compat.S | 16 - arch/x86/include/asm/barrier.h | 2 arch/x86/kernel/apic/x2apic_uv_x.c | 60 +++++ arch/x86/kernel/cpu/mcheck/mce-severity.c | 5 arch/x86/kernel/cpu/mcheck/mce.c | 44 ++- arch/x86/kernel/e820.c | 15 + arch/x86/kernel/quirks.c | 11 arch/x86/kernel/traps.c | 14 - arch/x86/mm/init.c | 4 arch/x86/mm/init_64.c | 20 + arch/x86/platform/efi/efi_64.c | 4 arch/x86/xen/smp_pv.c | 5 arch/xtensa/kernel/traps.c | 2 block/blk-core.c | 4 crypto/asymmetric_keys/x509_cert_parser.c | 9 drivers/acpi/acpi_lpss.c | 20 + drivers/auxdisplay/Kconfig | 10 drivers/base/core.c | 15 - drivers/base/power/domain.c | 3 drivers/block/rbd.c | 2 drivers/bluetooth/hci_qca.c | 6 drivers/char/hw_random/core.c | 11 drivers/char/ipmi/ipmi_bt_sm.c | 3 drivers/char/tpm/tpm-dev-common.c | 40 +-- drivers/char/tpm/tpm-dev.h | 2 drivers/char/tpm/tpm2-space.c | 3 drivers/clk/at91/clk-pll.c | 13 - drivers/clk/clk-aspeed.c | 4 drivers/clk/meson/meson8b.c | 7 drivers/clk/renesas/renesas-cpg-mssr.c | 9 drivers/cpufreq/intel_pstate.c | 27 +- drivers/cpuidle/cpuidle-powernv.c | 32 ++ drivers/firmware/efi/libstub/tpm.c | 2 drivers/hwmon/k10temp.c | 5 drivers/i2c/algos/i2c-algo-bit.c | 5 drivers/i2c/busses/i2c-gpio.c | 4 drivers/iio/accel/sca3000.c | 9 drivers/iio/adc/ad7791.c | 49 ---- drivers/infiniband/core/umem.c | 11 drivers/infiniband/core/uverbs_main.c | 14 - drivers/infiniband/core/verbs.c | 14 - drivers/infiniband/hw/hfi1/chip.c | 8 drivers/infiniband/hw/hfi1/debugfs.c | 8 drivers/infiniband/hw/hfi1/file_ops.c | 4 drivers/infiniband/hw/hfi1/hfi.h | 1 drivers/infiniband/hw/hfi1/init.c | 22 + drivers/infiniband/hw/hfi1/pio.c | 44 +++ drivers/infiniband/hw/mlx4/mad.c | 1 drivers/infiniband/hw/mlx4/mr.c | 50 +++- drivers/infiniband/hw/mlx5/cq.c | 15 + drivers/infiniband/hw/qib/qib.h | 4 drivers/infiniband/hw/qib/qib_file_ops.c | 10 drivers/infiniband/hw/qib/qib_init.c | 13 + drivers/infiniband/hw/qib/qib_user_pages.c | 20 + drivers/infiniband/sw/rdmavt/cq.c | 31 +- drivers/infiniband/ulp/isert/ib_isert.c | 28 +- drivers/input/joystick/xpad.c | 2 drivers/input/mouse/elan_i2c.h | 2 drivers/input/mouse/elan_i2c_core.c | 3 drivers/input/mouse/elan_i2c_smbus.c | 10 drivers/input/mouse/elantech.c | 11 drivers/input/mouse/psmouse-base.c | 12 - drivers/input/touchscreen/silead.c | 1 drivers/iommu/Kconfig | 1 drivers/iommu/amd_iommu.c | 68 ++++-- drivers/irqchip/irq-gic-v3-its.c | 9 drivers/md/dm-thin.c | 11 drivers/md/dm-zoned-target.c | 2 drivers/md/dm.c | 5 drivers/md/md.c | 4 drivers/media/dvb-core/dvb_frontend.c | 23 +- drivers/media/platform/vsp1/vsp1_video.c | 21 + drivers/media/rc/ir-mce_kbd-decoder.c | 2 drivers/media/usb/cx231xx/cx231xx-cards.c | 3 drivers/media/usb/cx231xx/cx231xx-dvb.c | 2 drivers/media/usb/uvc/uvc_video.c | 24 +- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 drivers/mfd/intel-lpss-pci.c | 25 +- drivers/mfd/intel-lpss.c | 4 drivers/mfd/twl-core.c | 2 drivers/misc/cxl/pci.c | 4 drivers/misc/cxl/sysfs.c | 16 + drivers/mmc/host/renesas_sdhi_core.c | 5 drivers/mmc/host/renesas_sdhi_internal_dmac.c | 1 drivers/mmc/host/renesas_sdhi_sys_dmac.c | 3 drivers/mtd/chips/cfi_cmdset_0002.c | 21 + drivers/mtd/nand/raw/denali_dt.c | 6 drivers/mtd/nand/raw/mxc_nand.c | 5 drivers/mtd/nand/raw/nand_base.c | 29 -- drivers/mtd/nand/raw/nand_macronix.c | 48 +++- drivers/mtd/nand/raw/nand_micron.c | 2 drivers/mtd/spi-nor/intel-spi.c | 76 +++++- drivers/mtd/ubi/build.c | 3 drivers/mtd/ubi/eba.c | 90 +++++++- drivers/mtd/ubi/wl.c | 4 drivers/net/ethernet/ti/davinci_emac.c | 15 + drivers/nvdimm/bus.c | 14 - drivers/nvdimm/pmem.c | 10 drivers/nvdimm/region_devs.c | 3 drivers/of/platform.c | 5 drivers/of/resolver.c | 5 drivers/of/unittest.c | 8 drivers/opp/core.c | 2 drivers/pci/host/pci-hyperv.c | 11 drivers/pci/hotplug/pciehp.h | 2 drivers/pci/hotplug/pciehp_core.c | 2 drivers/pci/hotplug/pciehp_hpc.c | 13 + drivers/pci/pci-driver.c | 5 drivers/pci/probe.c | 15 + drivers/pci/quirks.c | 20 + drivers/pinctrl/devicetree.c | 7 drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 3 drivers/pinctrl/samsung/pinctrl-exynos-arm.c | 4 drivers/platform/chrome/cros_ec_lpc.c | 13 - drivers/pwm/pwm-lpss-platform.c | 5 drivers/pwm/pwm-lpss.c | 30 ++ drivers/pwm/pwm-lpss.h | 2 drivers/remoteproc/qcom_q6v5_pil.c | 10 drivers/rpmsg/qcom_smd.c | 18 - drivers/rtc/rtc-sun6i.c | 4 drivers/s390/scsi/zfcp_dbf.c | 40 +++ drivers/s390/scsi/zfcp_erp.c | 123 ++++++++--- drivers/s390/scsi/zfcp_ext.h | 5 drivers/s390/scsi/zfcp_scsi.c | 18 + drivers/scsi/hpsa.c | 10 drivers/scsi/qla2xxx/qla_gs.c | 4 drivers/scsi/qla2xxx/qla_init.c | 3 drivers/scsi/qla2xxx/qla_isr.c | 8 drivers/scsi/qla2xxx/qla_target.c | 7 drivers/scsi/scsi_debug.c | 2 drivers/soc/rockchip/pm_domains.c | 2 drivers/thermal/broadcom/bcm2835_thermal.c | 4 drivers/tty/serial/sh-sci.c | 8 drivers/usb/core/hub.c | 4 drivers/video/backlight/as3711_bl.c | 33 ++ drivers/video/backlight/max8925_bl.c | 4 drivers/video/backlight/tps65217_bl.c | 4 drivers/video/fbdev/uvesafb.c | 3 drivers/virt/vboxguest/vboxguest_linux.c | 4 drivers/w1/w1.c | 2 drivers/xen/events/events_base.c | 2 fs/btrfs/inode.c | 4 fs/f2fs/checkpoint.c | 4 fs/f2fs/inode.c | 4 fs/f2fs/segment.c | 3 fs/f2fs/segment.h | 1 fs/fuse/control.c | 13 - fs/fuse/dev.c | 3 fs/fuse/dir.c | 13 + fs/fuse/inode.c | 1 fs/nfs/callback_proc.c | 7 fs/nfs/nfs4idmap.c | 5 fs/nfs/nfs4proc.c | 2 fs/nfsd/nfs4xdr.c | 5 fs/ubifs/journal.c | 5 fs/udf/directory.c | 3 include/dt-bindings/clock/aspeed-clock.h | 2 include/linux/blkdev.h | 4 include/linux/compiler.h | 2 include/linux/memory.h | 1 include/linux/slub_def.h | 4 include/rdma/ib_verbs.h | 27 +- include/rdma/rdma_vt.h | 2 kernel/locking/rwsem.c | 1 kernel/printk/printk_safe.c | 5 kernel/softirq.c | 6 kernel/time/time.c | 6 kernel/trace/trace_events_filter.c | 10 lib/Kconfig.kasan | 1 lib/vsprintf.c | 3 mm/gup.c | 36 ++- mm/ksm.c | 14 - mm/slab_common.c | 4 mm/slub.c | 7 net/sunrpc/xprtrdma/rpc_rdma.c | 2 security/selinux/selinuxfs.c | 78 ++---- sound/core/timer.c | 2 sound/pci/hda/hda_codec.c | 5 sound/pci/hda/hda_codec.h | 1 sound/pci/hda/patch_hdmi.c | 5 sound/pci/hda/patch_realtek.c | 20 + sound/soc/cirrus/edb93xx.c | 2 sound/soc/cirrus/ep93xx-i2s.c | 26 +- sound/soc/cirrus/snappercl15.c | 2 sound/soc/codecs/cs35l35.c | 1 sound/soc/mediatek/common/mtk-afe-platform-driver.c | 4 sound/soc/soc-dapm.c | 2 tools/perf/util/dso.c | 2 tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 23 +- tools/perf/util/intel-pt-decoder/intel-pt-decoder.h | 9 tools/perf/util/intel-pt-decoder/intel-pt-pkt-decoder.c | 2 tools/perf/util/intel-pt.c | 5 tools/testing/selftests/ftrace/test.d/functions | 21 + 232 files changed, 1705 insertions(+), 755 deletions(-) ??? (1): Input: elantech - fix V4 report decoding for module with middle key Aaron Ma (1): Input: elantech - enable middle button of touchpads on ThinkPad P52 Abhishek Sahu (1): mtd: rawnand: fix return value check for bad block status Adrian Hunter (6): perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP perf intel-pt: Fix MTC timing after overflow perf intel-pt: Fix "Unexpected indirect branch" error perf intel-pt: Fix packet decoding of CYC packets Akshay Adiga (1): powerpc/powernv/cpuidle: Init all present cpus for deep states Alex Estrin (2): IB/{hfi1, qib}: Add handling of kernel restart IB/isert: Fix for lib/dma_debug check_sync warning Alex Williamson (1): PCI: Add ACS quirk for Intel 7th & 8th Gen mobile Alexander Sverdlin (2): ASoC: cirrus: i2s: Fix LRCLK configuration ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup Alexandr Savca (1): Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID Alexandru Ardelean (1): iio: adc: ad7791: remove sample freq sysfs attributes Alexey Kardashevskiy (1): powerpc/powernv/ioda2: Remove redundant free of TCE pages Amit Pundir (1): Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader Andy Lutomirski (1): x86/entry/64/compat: Fix "x86/entry/64/compat: Preserve r8-r11 in int $0x80" Andy Shevchenko (1): mfd: intel-lpss: Program REMAP register in PIO mode Aneesh Kumar K.V (1): powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch Anil Gurumurthy (1): scsi: qla2xxx: Mask off Scope bits in retry delay Anju T Sudhakar (1): powerpc/perf: Fix memory allocation for core-imc based on num_possible_cpus() Anton Ivanov (2): um: Fix initialization of vector queues um: Fix raw interface options Bart Van Assche (2): block: Fix cloning of requests with a special payload dm zoned: avoid triggering reclaim from inside dmz_map() Bartosz Golaszewski (1): net: ethernet: fix suspend/resume in davinci_emac Ben Hutchings (1): Input: elan_i2c_smbus - fix more potential stack buffer overflows Bharat Potnuri (1): RDMA/core: Save kernel caller name when creating CQ using ib_create_cq() Boris Brezillon (1): mtd: rawnand: Do not check FAIL bit when executing a SET_FEATURES op Boris Ostrovsky (1): xen: Remove unnecessary BUG_ON from __unbind_from_irq() Borislav Petkov (1): x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() Brad Love (1): media: cx231xx: Ignore an i2c mux adapter Chao Yu (1): f2fs: don't use GFP_ZERO for page caches Chen-Yu Tsai (1): ARM: dts: sun8i: h3: fix ALL-H3-CC H3 ver VCC-1V2 regulator voltage Chris Packham (1): mtd: rawnand: micron: add ONFI_FEATURE_ON_DIE_ECC to supported features Christophe JAILLET (1): iio: sca3000: Fix an error handling path in 'sca3000_probe()' Chuck Lever (1): xprtrdma: Return -ENOBUFS when no pages are available Corey Minyard (1): ipmi:bt: Set the timeout before doing a capabilities check Dan Williams (3): x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec() mm: fix __gup_device_huge vs unmap mm: fix devmem_is_allowed() for sub-page System RAM intersections Daniel Wagner (1): serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version Dave Martin (1): arm64: Fix syscall restarting around signal suppressed by tracer Dave Wysochanski (1): NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message David Rivshin (1): ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size Dinh Nguyen (1): ARM: dts: socfpga: Fix NAND controller node compatible for Arria10 Dmitry Torokhov (2): platform/chrome: cros_ec_lpc: do not try DMI match when ACPI device found Input: psmouse - fix button reporting for basic protocols Dongsheng Yang (1): rbd: flush rbd_dev->watch_dwork after watch is unregistered Enno Boland (1): Input: xpad - fix GPD Win 2 controller name Erez Shitrit (1): IB/mlx5: Fetch soft WQE's on fatal error state Eric W. Biederman (1): signal/xtensa: Consistenly use SIGBUS in do_unaligned_user Fabio Estevam (1): pinctrl: devicetree: Fix pctldev pointer overwrite Filipe Manana (1): Btrfs: fix return value on rename exchange failure Finley Xiao (1): soc: rockchip: power-domain: Fix wrong value when power up pd with writemask Finn Thain (1): m68k/mac: Fix SWIM memory resource end address Frank Rowand (1): of: overlay: validate offset from property fixups Gautham R. Shenoy (1): cpuidle: powernv: Fix promotion from snooze if next state disabled Geert Uytterhoeven (4): thermal: bcm2835: Stop using printk format %pCr clk: renesas: cpg-mssr: Stop using printk format %pCr lib/vsprintf: Remove atomic-unsafe support for %pCr time: Make sure jiffies_to_msecs() preserves non-zero time periods Greg Kroah-Hartman (1): Linux 4.17.4 Guenter Roeck (1): hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs Hans de Goede (4): efi/libstub/tpm: Initialize efi_physical_addr_t vars to zero for mixed mode ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices Input: silead - add MSSL0002 ACPI HID pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume Haren Myneni (1): powerpc/powernv: copy/paste - Mask SO bit in CR Himanshu Madhani (1): scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails Huacai Chen (1): MIPS: io: Add barrier after register read in inX() Hui Wang (1): ALSA: hda/realtek - Fix the problem of two front mics on more machines Icenowy Zheng (1): ARM: dts: sun8i: h3: fix ALL-H3-CC H3 ver VDD-CPUX voltage Ingo Flaschberger (1): 1wire: family module autoload fails because of upper/lower case mismatch. Jack Morgenstein (2): IB/mlx4: Mark user MR as writable if actual virtual memory is writable IB/core: Make testing MR flags for writability a static inline function Jae Hyun Yoo (1): clk:aspeed: Fix reset bits for PCI/VGA and PECI Jan Kara (1): udf: Detect incorrect directory size Jann Horn (1): selinux: move user accesses in selinuxfs out of locked regions Jarkko Nikula (1): mfd: intel-lpss: Fix Intel Cannon Lake LPSS I2C input clock Jason A. Donenfeld (1): kasan: depend on CONFIG_SLUB_DEBUG Jason Gunthorpe (1): IB/uverbs: Fix ordering of ucontext check in ib_uverbs_write Jerome Brunet (1): ARM64: dts: meson: disable sd-uhs modes on the libretech-cc Jia He (2): crypto: arm64/aes-blk - fix and move skcipher_walk_done out of kernel_neon_begin, _end mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() Joakim Tjernlund (4): mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. Joel Fernandes (Google) (1): softirq: Reorder trace_softirqs_on to prevent lockdep splat Johan Hovold (3): backlight: as3711_bl: Fix Device Tree node lookup backlight: max8925_bl: Fix Device Tree node lookup backlight: tps65217_bl: Fix Device Tree node lookup Juergen Gross (1): x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths Kai Chieh Chuang (1): ASoC: mediatek: preallocate pages use platform device Kai-Heng Feng (1): media: cx231xx: Add support for AverMedia DVD EZMaker 7 Kees Cook (1): video: uvesafb: Fix integer overflow in allocation Keith Busch (1): block: Fix transfer when chunk sectors exceeds max Kevin Hilman (1): ARM64: dts: meson-gx: fix ATF reserved memory region Kieran Bingham (1): media: vsp1: Release buffers for each video node Kirill A. Shutemov (1): x86/efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y Leon Romanovsky (1): RDMA/mlx4: Discard unknown SQP work requests Linus Torvalds (1): Revert "iommu/amd_iommu: Use CONFIG_DMA_DIRECT_OPS=y and dma_direct_{alloc,free}()" Linus Walleij (1): MIPS: pb44: Fix i2c-gpio GPIO descriptor table Luis Henriques (1): scsi: scsi_debug: Fix memory leak on module unload Maciej S. Szmigiero (1): X.509: unpack RSA signatureValue field from BIT STRING Mahesh Salgaonkar (1): powerpc/fadump: Unregister fadump on kexec down path. Marcin Ziemianowicz (1): clk: at91: PLL recalc_rate() now using cached MUL and DIV values Marek Vasut (2): ARM: dts: socfpga: Fix NAND controller node compatible ARM: dts: socfpga: Fix NAND controller clock supply Martin Blumenstingl (1): clk: meson: meson8b: mark fclk_div2 gate clocks as CLK_IS_CRITICAL Martin Kaiser (1): mtd: rawnand: mxc: set spare area size register explicitly Masahiro Yamada (1): mtd: rawnand: denali_dt: set clk_x_rate to 200 MHz unconditionally Mason Yang (1): mtd: rawnand: All AC chips have a broken GET_FEATURES(TIMINGS). Matthias Schiffer (1): mips: ftrace: fix static function graph tracing Mauro Carvalho Chehab (2): media: v4l2-compat-ioctl32: prevent go past max size media: dvb_frontend: fix locking issues at dvb_frontend_get_event() Max Gurtovoy (1): IB/isert: fix T10-pi check mask setting Maxim Moseychuk (1): usb: do not reset if a low-speed or full-speed device timed out Michael Buesch (1): hwrng: core - Always drop the RNG in hwrng_unregister() Michael Ellerman (1): powerpc/64s: Fix DT CPU features Power9 DD2.1 logic Michael J. Ruhl (1): IB/hfi1: Reorder incorrect send context disable Michael Jeanson (1): powerpc/e500mc: Set assembler machine type to e500mc Michael Neuling (2): powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG powerpc/ptrace: Fix enforcement of DAWR constraints Michael Schmitz (1): m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() Michael Trimarchi (1): rtc: sun6i: Fix bit_idx value for clk_register_gate Mika Westerberg (4): mtd: spi-nor: intel-spi: Fix atomic sequence handling PCI: Add ACS quirk for Intel 300 series PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume PCI: Account for all bridges on bus when distributing bus numbers Mike Marciniszyn (3): IB/qib: Fix DMA api warning with debug kernel IB/hfi1: Fix fault injection init/exit issues IB/hfi1: Fix user context tail allocation for DMA_RTAIL Mike Snitzer (2): dm: use bio_split() when splitting out the already processed bio dm thin: handle running out of data space vs concurrent discard Mikhail Malygin (1): scsi: qla2xxx: Spinlock recursion in qla_target Miklos Szeredi (2): fuse: atomic_o_trunc should truncate pagecache fuse: fix control dir setup and teardown Mikulas Patocka (2): branch-check: fix long->int truncation when profiling branches slub: fix failure when we delete and create a slab cache Miquel Raynal (1): arm64: dts: marvell: fix CP110 ICU node size Naoya Horiguchi (1): x86/e820: put !E820_TYPE_RAM regions into memblock.reserved NeilBrown (1): md: fix two problems with setting the "re-add" device state. Nicholas Piggin (1): powerpc/64s/radix: Fix radix_kvm_prefetch_workaround paca access of not possible CPU Paul Handrigan (1): ASoC: cs35l35: Add use_single_rw to regmap config Paweł Chmiel (1): pinctrl: samsung: Correct EINTG banks order Peter Ujfalusi (1): mfd: twl-core: Fix clock initialization Quinn Tran (1): scsi: qla2xxx: Delete session for nport id change Rafael J. Wysocki (3): PCI / PM: Do not clear state_saved for devices that remain suspended ACPI / LPSS: Avoid PM quirks on suspend and resume from S3 PM / core: Fix supplier device runtime PM usage counter imbalance Ram Pai (1): powerpc/pkeys: Detach execute_only key on !PROT_EXEC Randy Dunlap (1): auxdisplay: fix broken menu Richard Weinberger (2): ubi: fastmap: Cancel work upon detach ubi: fastmap: Correctly handle interrupted erasures in EBA Robert Elliott (1): linvdimm, pmem: Preserve read-only setting for pmem devices Ross Zwisler (3): libnvdimm, pmem: Do not flush power-fail protected CPU caches libnvdimm, pmem: Unconditionally deep flush on *sync pmem: only set QUEUE_FLAG_DAX for fsdax mode Scott Mayhew (1): nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir Sean Wang (1): arm: dts: mt7623: fix invalid memory node being generated Sean Young (1): media: rc: mce_kbd decoder: fix stuck keys Sebastian Sanchez (1): IB/hfi1: Optimize kthread pointer locking when queuing CQ entries Siarhei Liakh (1): x86: Call fixup_exception() before notify_die() in math_error() Sibi Sankar (1): remoteproc: Prevent incorrect rproc state on xfer mem ownership failure Silvio Cesare (1): UBIFS: Fix potential integer overflow in allocation Sinan Kaya (1): scsi: hpsa: disable device during shutdown Sridhar Pitchai (1): PCI: hv: Make sure the bus domain is really unique Srinivas Kandagatla (3): ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it of: platform: stop accessing invalid dev in of_platform_device_destroy rpmsg: smd: do not use mananged resources for endpoints and channels Srinivas Pandruvada (1): cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0 Stefan M Schaeckeler (1): of: unittest: for strings, account for trailing \0 in property length field Steffen Maier (7): scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread Steven Rostedt (VMware) (2): ftrace/selftest: Have the reset_trigger code be a bit more careful tracing: Check for no filter when processing event filters Tadeusz Struk (2): tpm: fix use after free in tpm2_load_context() tpm: fix race condition in tpm_common_write() Takashi Iwai (4): ALSA: timer: Fix UBSAN warning at SNDRV_TIMER_IOCTL_NEXT_DEVICE ioctl ALSA: hda - Force to link down at runtime suspend on ATI/AMD HDMI ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 Tejun Heo (1): fuse: fix congested state leak on aborted connections Terry Zhou (1): pinctrl: armada-37xx: Fix spurious irq management Tetsuo Handa (2): printk: fix possible reuse of va_list variable fuse: don't keep dead fuse_conn at fuse_fill_super(). Thor Thayer (2): ARM: dts: Fix SPI node for Arria10 arm64: dts: stratix10: Fix SPI nodes for Stratix10 Tokunori Ikegami (2): mtd: cfi_cmdset_0002: Change write buffer to check correct value MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum Tony Luck (3): x86/mce: Improve error message when kernel cannot recover x86/mce: Check for alternate indication of machine check recovery on Skylake x86/mce: Fix incorrect "Machine check from unknown source" message Trond Myklebust (2): NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..") NFSv4: Fix a typo in nfs41_sequence_process Ulf Hansson (1): PM / Domains: Fix error path during attach in genpd Vaibhav Jain (2): cxl: Configure PSL to not use APC virtual machines cxl: Disable prefault_mode in Radix mode Waiman Long (1): locking/rwsem: Fix up_read_non_owner() warning with DEBUG_RWSEMS Waldemar Rymarkiewicz (1): PM / OPP: Update voltage in case freq == old_freq Wenwen Wang (1): virt: vbox: Only copy_from_user the request-header once Will Deacon (2): arm64: kpti: Use early_param for kpti= command-line option arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance Wolfram Sang (3): mmc: renesas_sdhi: really fix WP logic regressions Revert "i2c: algo-bit: init the bus to a known state" i2c: gpio: initialize SCL to HIGH again Yang Yingliang (1): irqchip/gic-v3-its: Don't bind LPI to unavailable NUMA node mike.travis(a)hpe.com (3): x86/platform/UV: Add adjustable set memory block size function x86/platform/UV: Use new set memory block size function x86/platform/UV: Add kernel parameter to set memory block size ming_qian (1): media: uvcvideo: Support realtek's UVC 1.5 device

6 years, 11 months

1
1
0 0

Linux 4.14.53

by Greg KH

I'm announcing the release of the 4.14.53 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-class-cxl | 4 Documentation/printk-formats.txt | 3 Makefile | 2 arch/arm/boot/dts/mt7623.dtsi | 3 arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts | 1 arch/arm/boot/dts/mt7623n-rfb.dtsi | 1 arch/arm/boot/dts/socfpga.dtsi | 4 arch/arm/boot/dts/socfpga_arria10.dtsi | 5 arch/arm/include/asm/kgdb.h | 2 arch/arm64/boot/dts/amlogic/meson-gxl-s905x-libretech-cc.dts | 3 arch/arm64/kernel/cpufeature.c | 2 arch/arm64/kernel/signal.c | 5 arch/arm64/mm/proc.S | 5 arch/m68k/mac/config.c | 2 arch/m68k/mm/kmap.c | 3 arch/mips/bcm47xx/setup.c | 6 arch/mips/include/asm/io.h | 2 arch/mips/include/asm/mipsregs.h | 3 arch/mips/kernel/mcount.S | 27 arch/powerpc/kernel/entry_64.S | 1 arch/powerpc/kernel/fadump.c | 3 arch/powerpc/kernel/hw_breakpoint.c | 4 arch/powerpc/kernel/ptrace.c | 1 arch/powerpc/perf/imc-pmu.c | 4 arch/powerpc/platforms/powernv/copy-paste.h | 3 arch/powerpc/platforms/powernv/idle.c | 4 arch/powerpc/platforms/powernv/pci-ioda.c | 1 arch/x86/events/intel/uncore_snbep.c | 8 arch/x86/include/asm/barrier.h | 2 arch/x86/kernel/cpu/mcheck/mce-severity.c | 5 arch/x86/kernel/cpu/mcheck/mce.c | 44 arch/x86/kernel/quirks.c | 11 arch/x86/kernel/traps.c | 14 arch/x86/mm/init.c | 4 arch/x86/platform/efi/efi_64.c | 4 arch/x86/xen/smp_pv.c | 5 arch/xtensa/kernel/traps.c | 2 block/blk-core.c | 4 crypto/asymmetric_keys/x509_cert_parser.c | 9 drivers/acpi/acpi_lpss.c | 2 drivers/auxdisplay/Kconfig | 10 drivers/base/core.c | 15 drivers/base/power/domain.c | 3 drivers/base/power/opp/core.c | 2 drivers/block/rbd.c | 2 drivers/bluetooth/hci_qca.c | 6 drivers/char/ipmi/ipmi_bt_sm.c | 3 drivers/char/tpm/tpm-dev-common.c | 40 drivers/char/tpm/tpm-dev.h | 2 drivers/char/tpm/tpm2-space.c | 3 drivers/clk/at91/clk-pll.c | 13 drivers/clk/renesas/renesas-cpg-mssr.c | 9 drivers/cpufreq/intel_pstate.c | 27 drivers/cpuidle/cpuidle-powernv.c | 32 drivers/iio/accel/sca3000.c | 9 drivers/iio/adc/ad7791.c | 49 drivers/infiniband/core/umem.c | 11 drivers/infiniband/hw/hfi1/chip.c | 8 drivers/infiniband/hw/hfi1/debugfs.c | 8 drivers/infiniband/hw/hfi1/file_ops.c | 4 drivers/infiniband/hw/hfi1/hfi.h | 1 drivers/infiniband/hw/hfi1/init.c | 22 drivers/infiniband/hw/hfi1/pio.c | 44 drivers/infiniband/hw/mlx4/mad.c | 1 drivers/infiniband/hw/mlx4/mr.c | 50 drivers/infiniband/hw/mlx5/cq.c | 15 drivers/infiniband/hw/qib/qib.h | 4 drivers/infiniband/hw/qib/qib_file_ops.c | 10 drivers/infiniband/hw/qib/qib_init.c | 13 drivers/infiniband/hw/qib/qib_user_pages.c | 20 drivers/infiniband/sw/rdmavt/cq.c | 31 drivers/infiniband/ulp/isert/ib_isert.c | 28 drivers/input/joystick/xpad.c | 2 drivers/input/mouse/elan_i2c.h | 2 drivers/input/mouse/elan_i2c_core.c | 3 drivers/input/mouse/elan_i2c_smbus.c | 10 drivers/input/mouse/elantech.c | 11 drivers/irqchip/irq-gic-v3-its.c | 9 drivers/md/dm-thin.c | 11 drivers/md/dm-zoned-target.c | 2 drivers/md/md.c | 4 drivers/media/dvb-core/dvb_frontend.c | 23 drivers/media/platform/vsp1/vsp1_video.c | 21 drivers/media/usb/cx231xx/cx231xx-cards.c | 3 drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 drivers/mfd/intel-lpss-pci.c | 25 drivers/mfd/intel-lpss.c | 4 drivers/misc/cxl/sysfs.c | 16 drivers/mtd/chips/cfi_cmdset_0002.c | 21 drivers/mtd/ubi/build.c | 3 drivers/mtd/ubi/eba.c | 90 drivers/mtd/ubi/wl.c | 4 drivers/nvdimm/bus.c | 14 drivers/of/platform.c | 5 drivers/of/resolver.c | 5 drivers/of/unittest.c | 8 drivers/pci/host/pci-hyperv.c | 11 drivers/pci/hotplug/pciehp.h | 2 drivers/pci/hotplug/pciehp_core.c | 2 drivers/pci/hotplug/pciehp_hpc.c | 13 drivers/pci/quirks.c | 20 drivers/pinctrl/devicetree.c | 7 drivers/pinctrl/samsung/pinctrl-exynos-arm.c | 4 drivers/pwm/pwm-lpss-platform.c | 5 drivers/pwm/pwm-lpss.c | 30 drivers/pwm/pwm-lpss.h | 2 drivers/rpmsg/qcom_smd.c | 18 drivers/rtc/rtc-sun6i.c | 4 drivers/s390/scsi/zfcp_dbf.c | 40 drivers/s390/scsi/zfcp_erp.c | 123 drivers/s390/scsi/zfcp_ext.h | 5 drivers/s390/scsi/zfcp_scsi.c | 18 drivers/scsi/hpsa.c | 10 drivers/scsi/qla2xxx/qla_init.c | 3 drivers/scsi/qla2xxx/qla_isr.c | 8 drivers/soc/rockchip/pm_domains.c | 2 drivers/thermal/broadcom/bcm2835_thermal.c | 4 drivers/tty/serial/sh-sci.c | 8 drivers/usb/core/hub.c | 4 drivers/usb/host/xhci.c | 1 drivers/video/backlight/as3711_bl.c | 33 drivers/video/backlight/max8925_bl.c | 4 drivers/video/backlight/tps65217_bl.c | 4 drivers/video/fbdev/uvesafb.c | 3 drivers/w1/w1.c | 2 drivers/xen/events/events_base.c | 2 fs/btrfs/inode.c | 4 fs/fuse/control.c | 13 fs/fuse/dev.c | 3 fs/fuse/dir.c | 13 fs/fuse/inode.c | 1 fs/nfs/callback_proc.c | 7 fs/nfs/nfs4idmap.c | 5 fs/nfs/nfs4proc.c | 2 fs/nfsd/nfs4xdr.c | 5 fs/ubifs/journal.c | 5 fs/udf/directory.c | 3 include/linux/blkdev.h | 4 include/linux/compiler.h | 2 include/linux/slub_def.h | 4 include/rdma/ib_verbs.h | 14 include/rdma/rdma_vt.h | 2 kernel/printk/printk_safe.c | 5 kernel/time/time.c | 6 lib/vsprintf.c | 3 mm/gup.c | 36 mm/ksm.c | 14 mm/slab_common.c | 4 mm/slub.c | 7 net/sunrpc/xprtrdma/rpc_rdma.c | 2 sound/core/timer.c | 2 sound/pci/hda/patch_realtek.c | 20 sound/soc/cirrus/edb93xx.c | 2 sound/soc/cirrus/ep93xx-i2s.c | 26 sound/soc/cirrus/snappercl15.c | 2 sound/soc/codecs/cs35l35.c | 1 sound/soc/soc-dapm.c | 2 tools/perf/pmu-events/arch/x86/goldmontplus/cache.json | 1453 ++++++++++ tools/perf/pmu-events/arch/x86/goldmontplus/frontend.json | 62 tools/perf/pmu-events/arch/x86/goldmontplus/memory.json | 38 tools/perf/pmu-events/arch/x86/goldmontplus/other.json | 98 tools/perf/pmu-events/arch/x86/goldmontplus/pipeline.json | 544 +++ tools/perf/pmu-events/arch/x86/goldmontplus/virtual-memory.json | 218 + tools/perf/pmu-events/arch/x86/mapfile.csv | 1 tools/perf/util/dso.c | 2 tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 23 tools/perf/util/intel-pt-decoder/intel-pt-decoder.h | 9 tools/perf/util/intel-pt-decoder/intel-pt-pkt-decoder.c | 2 tools/perf/util/intel-pt.c | 5 tools/testing/selftests/ftrace/test.d/functions | 21 170 files changed, 3594 insertions(+), 504 deletions(-) ??? (1): Input: elantech - fix V4 report decoding for module with middle key Aaron Ma (1): Input: elantech - enable middle button of touchpads on ThinkPad P52 Adrian Hunter (6): perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP perf intel-pt: Fix MTC timing after overflow perf intel-pt: Fix "Unexpected indirect branch" error perf intel-pt: Fix packet decoding of CYC packets Akshay Adiga (1): powerpc/powernv/cpuidle: Init all present cpus for deep states Alex Estrin (2): IB/{hfi1, qib}: Add handling of kernel restart IB/isert: Fix for lib/dma_debug check_sync warning Alex Williamson (1): PCI: Add ACS quirk for Intel 7th & 8th Gen mobile Alexander Sverdlin (2): ASoC: cirrus: i2s: Fix LRCLK configuration ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup Alexandr Savca (1): Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID Alexandru Ardelean (1): iio: adc: ad7791: remove sample freq sysfs attributes Alexey Kardashevskiy (1): powerpc/powernv/ioda2: Remove redundant free of TCE pages Amit Pundir (1): Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader Andy Shevchenko (1): mfd: intel-lpss: Program REMAP register in PIO mode Aneesh Kumar K.V (1): powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch Anil Gurumurthy (1): scsi: qla2xxx: Mask off Scope bits in retry delay Anju T Sudhakar (1): powerpc/perf: Fix memory allocation for core-imc based on num_possible_cpus() Bart Van Assche (2): block: Fix cloning of requests with a special payload dm zoned: avoid triggering reclaim from inside dmz_map() Ben Hutchings (1): Input: elan_i2c_smbus - fix more potential stack buffer overflows Boris Ostrovsky (1): xen: Remove unnecessary BUG_ON from __unbind_from_irq() Borislav Petkov (1): x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() Christophe JAILLET (1): iio: sca3000: Fix an error handling path in 'sca3000_probe()' Chuck Lever (1): xprtrdma: Return -ENOBUFS when no pages are available Corey Minyard (1): ipmi:bt: Set the timeout before doing a capabilities check Dan Williams (3): x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec() mm: fix __gup_device_huge vs unmap mm: fix devmem_is_allowed() for sub-page System RAM intersections Daniel Wagner (1): serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version Dave Martin (1): arm64: Fix syscall restarting around signal suppressed by tracer Dave Wysochanski (1): NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message David Rivshin (1): ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size Dinh Nguyen (1): ARM: dts: socfpga: Fix NAND controller node compatible for Arria10 Dongsheng Yang (1): rbd: flush rbd_dev->watch_dwork after watch is unregistered Enno Boland (1): Input: xpad - fix GPD Win 2 controller name Erez Shitrit (1): IB/mlx5: Fetch soft WQE's on fatal error state Eric W. Biederman (1): signal/xtensa: Consistenly use SIGBUS in do_unaligned_user Fabio Estevam (1): pinctrl: devicetree: Fix pctldev pointer overwrite Filipe Manana (1): Btrfs: fix return value on rename exchange failure Finley Xiao (1): soc: rockchip: power-domain: Fix wrong value when power up pd with writemask Finn Thain (1): m68k/mac: Fix SWIM memory resource end address Frank Rowand (1): of: overlay: validate offset from property fixups Gautham R. Shenoy (1): cpuidle: powernv: Fix promotion from snooze if next state disabled Geert Uytterhoeven (4): thermal: bcm2835: Stop using printk format %pCr clk: renesas: cpg-mssr: Stop using printk format %pCr lib/vsprintf: Remove atomic-unsafe support for %pCr time: Make sure jiffies_to_msecs() preserves non-zero time periods Greg Kroah-Hartman (1): Linux 4.14.53 Hans de Goede (2): ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume Haren Myneni (1): powerpc/powernv: copy/paste - Mask SO bit in CR Himanshu Madhani (1): scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails Huacai Chen (1): MIPS: io: Add barrier after register read in inX() Hui Wang (1): ALSA: hda/realtek - Fix the problem of two front mics on more machines Ingo Flaschberger (1): 1wire: family module autoload fails because of upper/lower case mismatch. Jack Morgenstein (2): IB/mlx4: Mark user MR as writable if actual virtual memory is writable IB/core: Make testing MR flags for writability a static inline function Jan Kara (1): udf: Detect incorrect directory size Jarkko Nikula (1): mfd: intel-lpss: Fix Intel Cannon Lake LPSS I2C input clock Jerome Brunet (1): ARM64: dts: meson: disable sd-uhs modes on the libretech-cc Jia He (1): mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() Joakim Tjernlund (4): mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. Johan Hovold (3): backlight: as3711_bl: Fix Device Tree node lookup backlight: max8925_bl: Fix Device Tree node lookup backlight: tps65217_bl: Fix Device Tree node lookup Juergen Gross (1): x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths Kai-Heng Feng (1): media: cx231xx: Add support for AverMedia DVD EZMaker 7 Kan Liang (2): perf vendor events: Add Goldmont Plus V1 event file perf/x86/intel/uncore: Add event constraint for BDX PCU Kees Cook (1): video: uvesafb: Fix integer overflow in allocation Keith Busch (1): block: Fix transfer when chunk sectors exceeds max Kieran Bingham (1): media: vsp1: Release buffers for each video node Kirill A. Shutemov (1): x86/efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y Leon Romanovsky (1): RDMA/mlx4: Discard unknown SQP work requests Maciej S. Szmigiero (1): X.509: unpack RSA signatureValue field from BIT STRING Mahesh Salgaonkar (1): powerpc/fadump: Unregister fadump on kexec down path. Marcin Ziemianowicz (1): clk: at91: PLL recalc_rate() now using cached MUL and DIV values Marek Vasut (2): ARM: dts: socfpga: Fix NAND controller node compatible ARM: dts: socfpga: Fix NAND controller clock supply Mathias Nyman (1): xhci: Fix use-after-free in xhci_free_virt_device Matthias Schiffer (1): mips: ftrace: fix static function graph tracing Mauro Carvalho Chehab (2): media: v4l2-compat-ioctl32: prevent go past max size media: dvb_frontend: fix locking issues at dvb_frontend_get_event() Max Gurtovoy (1): IB/isert: fix T10-pi check mask setting Maxim Moseychuk (1): usb: do not reset if a low-speed or full-speed device timed out Michael J. Ruhl (1): IB/hfi1: Reorder incorrect send context disable Michael Neuling (2): powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG powerpc/ptrace: Fix enforcement of DAWR constraints Michael Schmitz (1): m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() Michael Trimarchi (1): rtc: sun6i: Fix bit_idx value for clk_register_gate Mika Westerberg (2): PCI: Add ACS quirk for Intel 300 series PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume Mike Marciniszyn (3): IB/qib: Fix DMA api warning with debug kernel IB/hfi1: Fix fault injection init/exit issues IB/hfi1: Fix user context tail allocation for DMA_RTAIL Mike Snitzer (1): dm thin: handle running out of data space vs concurrent discard Miklos Szeredi (2): fuse: atomic_o_trunc should truncate pagecache fuse: fix control dir setup and teardown Mikulas Patocka (2): branch-check: fix long->int truncation when profiling branches slub: fix failure when we delete and create a slab cache NeilBrown (1): md: fix two problems with setting the "re-add" device state. Paul Handrigan (1): ASoC: cs35l35: Add use_single_rw to regmap config Paweł Chmiel (1): pinctrl: samsung: Correct EINTG banks order Rafael J. Wysocki (1): PM / core: Fix supplier device runtime PM usage counter imbalance Randy Dunlap (1): auxdisplay: fix broken menu Richard Weinberger (2): ubi: fastmap: Cancel work upon detach ubi: fastmap: Correctly handle interrupted erasures in EBA Robert Elliott (1): linvdimm, pmem: Preserve read-only setting for pmem devices Scott Mayhew (1): nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir Sean Wang (1): arm: dts: mt7623: fix invalid memory node being generated Sebastian Sanchez (1): IB/hfi1: Optimize kthread pointer locking when queuing CQ entries Siarhei Liakh (1): x86: Call fixup_exception() before notify_die() in math_error() Silvio Cesare (1): UBIFS: Fix potential integer overflow in allocation Sinan Kaya (1): scsi: hpsa: disable device during shutdown Sridhar Pitchai (1): PCI: hv: Make sure the bus domain is really unique Srinivas Kandagatla (3): ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it of: platform: stop accessing invalid dev in of_platform_device_destroy rpmsg: smd: do not use mananged resources for endpoints and channels Srinivas Pandruvada (1): cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0 Stefan M Schaeckeler (1): of: unittest: for strings, account for trailing \0 in property length field Steffen Maier (7): scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread Steven Rostedt (VMware) (1): ftrace/selftest: Have the reset_trigger code be a bit more careful Tadeusz Struk (2): tpm: fix use after free in tpm2_load_context() tpm: fix race condition in tpm_common_write() Takashi Iwai (3): ALSA: timer: Fix UBSAN warning at SNDRV_TIMER_IOCTL_NEXT_DEVICE ioctl ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 Tejun Heo (1): fuse: fix congested state leak on aborted connections Tetsuo Handa (2): printk: fix possible reuse of va_list variable fuse: don't keep dead fuse_conn at fuse_fill_super(). Thor Thayer (1): ARM: dts: Fix SPI node for Arria10 Tokunori Ikegami (2): mtd: cfi_cmdset_0002: Change write buffer to check correct value MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum Tony Luck (3): x86/mce: Improve error message when kernel cannot recover x86/mce: Check for alternate indication of machine check recovery on Skylake x86/mce: Fix incorrect "Machine check from unknown source" message Trond Myklebust (2): NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..") NFSv4: Fix a typo in nfs41_sequence_process Ulf Hansson (1): PM / Domains: Fix error path during attach in genpd Vaibhav Jain (1): cxl: Disable prefault_mode in Radix mode Waldemar Rymarkiewicz (1): PM / OPP: Update voltage in case freq == old_freq Will Deacon (2): arm64: kpti: Use early_param for kpti= command-line option arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance Yang Yingliang (1): irqchip/gic-v3-its: Don't bind LPI to unavailable NUMA node

6 years, 11 months

1
1
0 0

Linux 4.9.111

by Greg KH

I'm announcing the release of the 4.9.111 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/printk-formats.txt | 3 Makefile | 2 arch/arm/include/asm/kgdb.h | 2 arch/arm64/kernel/cpufeature.c | 2 arch/arm64/mm/proc.S | 5 arch/m68k/mm/kmap.c | 3 arch/mips/bcm47xx/setup.c | 6 arch/mips/include/asm/io.h | 2 arch/mips/include/asm/mipsregs.h | 3 arch/mips/kernel/mcount.S | 27 +-- arch/powerpc/kernel/entry_64.S | 1 arch/powerpc/kernel/fadump.c | 3 arch/powerpc/kernel/hw_breakpoint.c | 4 arch/powerpc/kernel/ptrace.c | 1 arch/powerpc/platforms/powernv/pci-ioda.c | 1 arch/x86/include/asm/barrier.h | 2 arch/x86/kernel/cpu/mcheck/mce-severity.c | 5 arch/x86/kernel/cpu/mcheck/mce.c | 44 +++-- arch/x86/kernel/quirks.c | 11 + arch/x86/kernel/traps.c | 14 + arch/x86/mm/init.c | 4 arch/xtensa/kernel/traps.c | 2 crypto/asymmetric_keys/x509_cert_parser.c | 9 + drivers/block/rbd.c | 2 drivers/bluetooth/hci_qca.c | 6 drivers/char/ipmi/ipmi_bt_sm.c | 3 drivers/clk/at91/clk-pll.c | 13 - drivers/clk/renesas/renesas-cpg-mssr.c | 9 - drivers/cpuidle/cpuidle-powernv.c | 32 +++- drivers/iio/buffer/kfifo_buf.c | 4 drivers/infiniband/hw/hfi1/hfi.h | 1 drivers/infiniband/hw/hfi1/init.c | 13 + drivers/infiniband/hw/mlx4/mad.c | 1 drivers/infiniband/hw/mlx5/cq.c | 15 + drivers/infiniband/hw/qib/qib.h | 4 drivers/infiniband/hw/qib/qib_file_ops.c | 10 - drivers/infiniband/hw/qib/qib_init.c | 13 + drivers/infiniband/hw/qib/qib_user_pages.c | 20 +- drivers/infiniband/ulp/isert/ib_isert.c | 28 ++- drivers/input/mouse/elan_i2c.h | 2 drivers/input/mouse/elan_i2c_core.c | 3 drivers/input/mouse/elan_i2c_smbus.c | 10 + drivers/input/mouse/elantech.c | 11 + drivers/md/dm-thin.c | 11 + drivers/md/md.c | 4 drivers/media/dvb-core/dvb_frontend.c | 23 +- drivers/media/usb/cx231xx/cx231xx-cards.c | 3 drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 drivers/mfd/intel-lpss.c | 4 drivers/mtd/chips/cfi_cmdset_0002.c | 21 +- drivers/mtd/ubi/build.c | 3 drivers/mtd/ubi/eba.c | 90 +++++++++++ drivers/mtd/ubi/wl.c | 4 drivers/net/usb/cdc_ncm.c | 4 drivers/nvdimm/bus.c | 14 + drivers/of/unittest.c | 8 - drivers/pci/hotplug/pciehp.h | 2 drivers/pci/hotplug/pciehp_core.c | 2 drivers/pci/hotplug/pciehp_hpc.c | 13 + drivers/pci/quirks.c | 20 ++ drivers/pwm/pwm-lpss-platform.c | 5 drivers/pwm/pwm-lpss.c | 30 +++ drivers/pwm/pwm-lpss.h | 2 drivers/rpmsg/qcom_smd.c | 18 +- drivers/s390/scsi/zfcp_dbf.c | 40 +++++ drivers/s390/scsi/zfcp_erp.c | 123 ++++++++++++---- drivers/s390/scsi/zfcp_ext.h | 5 drivers/s390/scsi/zfcp_scsi.c | 18 +- drivers/scsi/qla2xxx/qla_init.c | 3 drivers/tty/serial/sh-sci.c | 8 - drivers/usb/core/hub.c | 4 drivers/video/backlight/as3711_bl.c | 33 ++-- drivers/video/backlight/max8925_bl.c | 4 drivers/video/backlight/tps65217_bl.c | 4 drivers/video/fbdev/uvesafb.c | 3 drivers/w1/w1.c | 2 drivers/xen/events/events_base.c | 2 fs/btrfs/inode.c | 37 ++++ fs/fuse/control.c | 13 + fs/fuse/dir.c | 13 + fs/fuse/inode.c | 1 fs/nfs/callback_proc.c | 7 fs/nfs/nfs4idmap.c | 5 fs/nfsd/nfs4xdr.c | 5 fs/ubifs/journal.c | 2 fs/udf/directory.c | 3 include/linux/blkdev.h | 4 include/linux/compiler.h | 2 include/linux/iio/buffer.h | 6 kernel/printk/nmi.c | 5 kernel/time/time.c | 6 lib/vsprintf.c | 3 sound/pci/hda/patch_realtek.c | 11 + sound/soc/cirrus/edb93xx.c | 2 sound/soc/cirrus/ep93xx-i2s.c | 26 +-- sound/soc/cirrus/snappercl15.c | 2 sound/soc/soc-dapm.c | 2 tools/perf/util/dso.c | 2 tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 23 ++ tools/perf/util/intel-pt-decoder/intel-pt-decoder.h | 9 + tools/perf/util/intel-pt-decoder/intel-pt-pkt-decoder.c | 2 tools/perf/util/intel-pt.c | 5 102 files changed, 816 insertions(+), 268 deletions(-) ??? (1): Input: elantech - fix V4 report decoding for module with middle key Aaron Ma (1): Input: elantech - enable middle button of touchpads on ThinkPad P52 Adrian Hunter (6): perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP perf intel-pt: Fix MTC timing after overflow perf intel-pt: Fix "Unexpected indirect branch" error perf intel-pt: Fix packet decoding of CYC packets Alex Estrin (2): IB/{hfi1, qib}: Add handling of kernel restart IB/isert: Fix for lib/dma_debug check_sync warning Alex Williamson (1): PCI: Add ACS quirk for Intel 7th & 8th Gen mobile Alexander Sverdlin (2): ASoC: cirrus: i2s: Fix LRCLK configuration ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup Alexandr Savca (1): Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID Alexey Kardashevskiy (1): powerpc/powernv/ioda2: Remove redundant free of TCE pages Amit Pundir (1): Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader Andy Shevchenko (1): mfd: intel-lpss: Program REMAP register in PIO mode Aneesh Kumar K.V (1): powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch Ben Hutchings (1): Input: elan_i2c_smbus - fix more potential stack buffer overflows Bjørn Mork (1): cdc_ncm: avoid padding beyond end of skb Boris Ostrovsky (1): xen: Remove unnecessary BUG_ON from __unbind_from_irq() Borislav Petkov (1): x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() Corey Minyard (1): ipmi:bt: Set the timeout before doing a capabilities check Dan Williams (2): x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec() mm: fix devmem_is_allowed() for sub-page System RAM intersections Daniel Wagner (1): serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version Dave Wysochanski (1): NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message David Rivshin (1): ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size Dongsheng Yang (1): rbd: flush rbd_dev->watch_dwork after watch is unregistered Erez Shitrit (1): IB/mlx5: Fetch soft WQE's on fatal error state Eric W. Biederman (1): signal/xtensa: Consistenly use SIGBUS in do_unaligned_user Filipe Manana (1): Btrfs: fix return value on rename exchange failure Gautham R. Shenoy (1): cpuidle: powernv: Fix promotion from snooze if next state disabled Geert Uytterhoeven (3): clk: renesas: cpg-mssr: Stop using printk format %pCr lib/vsprintf: Remove atomic-unsafe support for %pCr time: Make sure jiffies_to_msecs() preserves non-zero time periods Greg Kroah-Hartman (1): Linux 4.9.111 Hans de Goede (1): pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume Himanshu Madhani (1): scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails Huacai Chen (1): MIPS: io: Add barrier after register read in inX() Ingo Flaschberger (1): 1wire: family module autoload fails because of upper/lower case mismatch. Jan Kara (1): udf: Detect incorrect directory size Joakim Tjernlund (4): mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. Johan Hovold (3): backlight: as3711_bl: Fix Device Tree node lookup backlight: max8925_bl: Fix Device Tree node lookup backlight: tps65217_bl: Fix Device Tree node lookup Kai-Heng Feng (1): media: cx231xx: Add support for AverMedia DVD EZMaker 7 Kees Cook (1): video: uvesafb: Fix integer overflow in allocation Keith Busch (1): block: Fix transfer when chunk sectors exceeds max Leon Romanovsky (1): RDMA/mlx4: Discard unknown SQP work requests Liu Bo (1): Btrfs: fix unexpected cow in run_delalloc_nocow Maciej S. Szmigiero (1): X.509: unpack RSA signatureValue field from BIT STRING Mahesh Salgaonkar (1): powerpc/fadump: Unregister fadump on kexec down path. Marcin Ziemianowicz (1): clk: at91: PLL recalc_rate() now using cached MUL and DIV values Martin Kelly (1): iio:buffer: make length types match kfifo types Matthias Schiffer (1): mips: ftrace: fix static function graph tracing Mauro Carvalho Chehab (2): media: v4l2-compat-ioctl32: prevent go past max size media: dvb_frontend: fix locking issues at dvb_frontend_get_event() Max Gurtovoy (1): IB/isert: fix T10-pi check mask setting Maxim Moseychuk (1): usb: do not reset if a low-speed or full-speed device timed out Michael Neuling (2): powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG powerpc/ptrace: Fix enforcement of DAWR constraints Michael Schmitz (1): m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() Mika Westerberg (2): PCI: Add ACS quirk for Intel 300 series PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume Mike Marciniszyn (1): IB/qib: Fix DMA api warning with debug kernel Mike Snitzer (1): dm thin: handle running out of data space vs concurrent discard Miklos Szeredi (2): fuse: atomic_o_trunc should truncate pagecache fuse: fix control dir setup and teardown Mikulas Patocka (1): branch-check: fix long->int truncation when profiling branches NeilBrown (1): md: fix two problems with setting the "re-add" device state. Richard Weinberger (2): ubi: fastmap: Cancel work upon detach ubi: fastmap: Correctly handle interrupted erasures in EBA Robert Elliott (1): linvdimm, pmem: Preserve read-only setting for pmem devices Scott Mayhew (1): nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir Siarhei Liakh (1): x86: Call fixup_exception() before notify_die() in math_error() Silvio Cesare (1): UBIFS: Fix potential integer overflow in allocation Srinivas Kandagatla (2): ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it rpmsg: smd: do not use mananged resources for endpoints and channels Stefan M Schaeckeler (1): of: unittest: for strings, account for trailing \0 in property length field Steffen Maier (7): scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread Takashi Iwai (2): ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 Tetsuo Handa (2): fuse: don't keep dead fuse_conn at fuse_fill_super(). printk: fix possible reuse of va_list variable Tokunori Ikegami (2): mtd: cfi_cmdset_0002: Change write buffer to check correct value MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum Tony Luck (3): x86/mce: Improve error message when kernel cannot recover x86/mce: Check for alternate indication of machine check recovery on Skylake x86/mce: Fix incorrect "Machine check from unknown source" message Trond Myklebust (1): NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..") Will Deacon (2): arm64: kpti: Use early_param for kpti= command-line option arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance

6 years, 11 months

1
1
0 0

Linux 4.4.139

by Greg KH

I'm announcing the release of the 4.4.139 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/printk-formats.txt | 3 Makefile | 2 arch/arm/include/asm/kgdb.h | 2 arch/m68k/mm/kmap.c | 3 arch/mips/bcm47xx/setup.c | 6 arch/mips/include/asm/io.h | 2 arch/mips/include/asm/mipsregs.h | 3 arch/mips/kernel/mcount.S | 27 +-- arch/powerpc/kernel/entry_64.S | 1 arch/powerpc/kernel/fadump.c | 3 arch/powerpc/kernel/hw_breakpoint.c | 4 arch/powerpc/kernel/ptrace.c | 1 arch/x86/include/asm/barrier.h | 2 arch/xtensa/kernel/traps.c | 2 drivers/ata/libata-core.c | 3 drivers/ata/libata-zpodd.c | 4 drivers/atm/zatm.c | 4 drivers/base/core.c | 14 + drivers/bluetooth/hci_qca.c | 6 drivers/char/ipmi/ipmi_bt_sm.c | 3 drivers/cpufreq/cpufreq.c | 2 drivers/cpuidle/cpuidle-powernv.c | 32 +++- drivers/iio/buffer/kfifo_buf.c | 4 drivers/infiniband/hw/mlx4/mad.c | 1 drivers/infiniband/hw/qib/qib.h | 3 drivers/infiniband/hw/qib/qib_file_ops.c | 10 - drivers/infiniband/hw/qib/qib_user_pages.c | 20 +- drivers/input/mouse/elan_i2c.h | 2 drivers/input/mouse/elan_i2c_core.c | 3 drivers/input/mouse/elan_i2c_smbus.c | 10 + drivers/input/mouse/elantech.c | 11 + drivers/md/dm-thin.c | 11 + drivers/md/md.c | 4 drivers/media/dvb-core/dvb_frontend.c | 23 +- drivers/media/usb/cx231xx/cx231xx-cards.c | 3 drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 drivers/mfd/intel-lpss.c | 4 drivers/mtd/chips/cfi_cmdset_0002.c | 21 +- drivers/mtd/ubi/build.c | 3 drivers/mtd/ubi/wl.c | 4 drivers/net/bonding/bond_options.c | 1 drivers/net/ethernet/natsemi/sonic.c | 2 drivers/net/usb/cdc_ncm.c | 4 drivers/net/usb/qmi_wwan.c | 1 drivers/nvdimm/bus.c | 14 + drivers/of/unittest.c | 8 - drivers/pci/hotplug/pciehp.h | 2 drivers/pci/hotplug/pciehp_core.c | 2 drivers/pci/hotplug/pciehp_hpc.c | 13 + drivers/s390/scsi/zfcp_dbf.c | 40 +++++ drivers/s390/scsi/zfcp_erp.c | 123 ++++++++++++---- drivers/s390/scsi/zfcp_ext.h | 5 drivers/s390/scsi/zfcp_scsi.c | 18 +- drivers/scsi/qla2xxx/qla_init.c | 3 drivers/spi/spi.c | 10 + drivers/tty/serial/sh-sci.c | 8 - drivers/usb/core/hub.c | 4 drivers/usb/musb/musb_host.c | 5 drivers/usb/musb/musb_host.h | 7 drivers/usb/musb/musb_virthub.c | 25 +-- drivers/video/backlight/as3711_bl.c | 33 ++-- drivers/video/backlight/max8925_bl.c | 4 drivers/video/backlight/tps65217_bl.c | 4 drivers/video/fbdev/uvesafb.c | 3 drivers/w1/masters/mxc_w1.c | 20 +- drivers/w1/w1.c | 2 drivers/xen/events/events_base.c | 2 fs/binfmt_misc.c | 12 + fs/btrfs/inode.c | 33 +++- fs/btrfs/ioctl.c | 12 - fs/btrfs/scrub.c | 2 fs/ext4/inode.c | 36 ++-- fs/ext4/resize.c | 2 fs/fuse/control.c | 13 + fs/fuse/dir.c | 13 + fs/fuse/inode.c | 1 fs/nfs/nfs4idmap.c | 5 fs/nfsd/nfs4xdr.c | 5 fs/ubifs/journal.c | 2 fs/udf/directory.c | 3 include/linux/blkdev.h | 4 include/linux/compiler.h | 2 include/linux/iio/buffer.h | 6 include/net/bluetooth/hci_core.h | 2 kernel/time/time.c | 6 lib/vsprintf.c | 3 net/bluetooth/hci_conn.c | 27 ++- net/bluetooth/hci_event.c | 15 + net/bridge/netfilter/ebtables.c | 3 net/ipv4/tcp_input.c | 2 net/ipv4/tcp_ipv4.c | 4 net/ipv6/tcp_ipv6.c | 4 net/ipv6/xfrm6_policy.c | 2 net/netfilter/ipvs/ip_vs_ctl.c | 21 +- net/xfrm/xfrm_policy.c | 5 sound/pci/hda/hda_controller.c | 4 sound/pci/hda/patch_conexant.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/cirrus/edb93xx.c | 2 sound/soc/cirrus/ep93xx-i2s.c | 26 +-- sound/soc/cirrus/snappercl15.c | 2 sound/soc/soc-dapm.c | 2 tools/perf/util/dso.c | 2 tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 23 ++ tools/perf/util/intel-pt-decoder/intel-pt-decoder.h | 9 + tools/perf/util/intel-pt-decoder/intel-pt-pkt-decoder.c | 2 tools/perf/util/intel-pt.c | 5 107 files changed, 684 insertions(+), 272 deletions(-) ??? (1): Input: elantech - fix V4 report decoding for module with middle key Aaron Ma (1): Input: elantech - enable middle button of touchpads on ThinkPad P52 Adrian Hunter (6): perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP perf intel-pt: Fix MTC timing after overflow perf intel-pt: Fix "Unexpected indirect branch" error perf intel-pt: Fix packet decoding of CYC packets Alexander Sverdlin (2): ASoC: cirrus: i2s: Fix LRCLK configuration ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup Alexandr Savca (1): Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID Amit Pundir (1): Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader Andy Shevchenko (1): mfd: intel-lpss: Program REMAP register in PIO mode Aneesh Kumar K.V (1): powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch Ben Hutchings (1): Input: elan_i2c_smbus - fix more potential stack buffer overflows Bjørn Mork (1): cdc_ncm: avoid padding beyond end of skb Bo Chen (1): ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() Boris Ostrovsky (1): xen: Remove unnecessary BUG_ON from __unbind_from_irq() Colin Ian King (1): libata: zpodd: make arrays cdb static, reduces object code size Corey Minyard (1): ipmi:bt: Set the timeout before doing a capabilities check Dan Carpenter (1): libata: zpodd: small read overflow in eject_tray() Dan Williams (1): x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec() Daniel Glöckner (1): usb: musb: fix remote wakeup racing with suspend Daniel Wagner (1): serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version Dave Wysochanski (1): NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message David Rivshin (1): ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size Dennis Wassenberg (2): ALSA: hda: add dock and led support for HP EliteBook 830 G5 ALSA: hda: add dock and led support for HP ProBook 640 G4 Eric Dumazet (2): xfrm6: avoid potential infinite loop in _decode_session6() tcp: do not overshoot window_clamp in tcp_rcv_space_adjust() Eric W. Biederman (1): signal/xtensa: Consistenly use SIGBUS in do_unaligned_user Finn Thain (1): net/sonic: Use dma_mapping_error() Florian Westphal (1): xfrm: skip policies marked as dead while rehashing Frank van der Linden (1): tcp: verify the checksum of the first data segment in a new connection Gautham R. Shenoy (1): cpuidle: powernv: Fix promotion from snooze if next state disabled Geert Uytterhoeven (2): lib/vsprintf: Remove atomic-unsafe support for %pCr time: Make sure jiffies_to_msecs() preserves non-zero time periods Greg Kroah-Hartman (1): Linux 4.4.139 Hans de Goede (1): libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk Himanshu Madhani (1): scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails Huacai Chen (1): MIPS: io: Add barrier after register read in inX() Ingo Flaschberger (1): 1wire: family module autoload fails because of upper/lower case mismatch. Ivan Bornyakov (1): atm: zatm: fix memcmp casting Jan Kara (2): ext4: fix fencepost error in check for inode count overflow during resize udf: Detect incorrect directory size Joakim Tjernlund (4): mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. Johan Hovold (3): backlight: as3711_bl: Fix Device Tree node lookup backlight: max8925_bl: Fix Device Tree node lookup backlight: tps65217_bl: Fix Device Tree node lookup Josh Hill (1): net: qmi_wwan: Add Netgear Aircard 779S Julian Anastasov (1): ipvs: fix buffer overflow with sync daemon and service Kai-Heng Feng (1): media: cx231xx: Add support for AverMedia DVD EZMaker 7 Kees Cook (1): video: uvesafb: Fix integer overflow in allocation Keith Busch (1): block: Fix transfer when chunk sectors exceeds max Leon Romanovsky (1): RDMA/mlx4: Discard unknown SQP work requests Liu Bo (2): Btrfs: make raid6 rebuild retry more Btrfs: fix unexpected cow in run_delalloc_nocow Lukas Czerner (1): ext4: update mtime in ext4_punch_hole even if no blocks are released Mahesh Salgaonkar (1): powerpc/fadump: Unregister fadump on kexec down path. Martin Kelly (1): iio:buffer: make length types match kfifo types Matthias Schiffer (1): mips: ftrace: fix static function graph tracing Mauro Carvalho Chehab (2): media: v4l2-compat-ioctl32: prevent go past max size media: dvb_frontend: fix locking issues at dvb_frontend_get_event() Maxim Moseychuk (1): usb: do not reset if a low-speed or full-speed device timed out Maxime Chevallier (1): spi: Fix scatterlist elements size in spi_map_buf Michael Neuling (2): powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG powerpc/ptrace: Fix enforcement of DAWR constraints Michael Schmitz (1): m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() Mika Westerberg (1): PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume Mike Marciniszyn (1): IB/qib: Fix DMA api warning with debug kernel Mike Snitzer (1): dm thin: handle running out of data space vs concurrent discard Miklos Szeredi (2): fuse: atomic_o_trunc should truncate pagecache fuse: fix control dir setup and teardown Mikulas Patocka (1): branch-check: fix long->int truncation when profiling branches NeilBrown (1): md: fix two problems with setting the "re-add" device state. Omar Sandoval (1): Btrfs: fix clone vs chattr NODATASUM race Paolo Abeni (1): netfilter: ebtables: handle string from userspace with care Qu Wenruo (1): btrfs: scrub: Don't use inode pages for device replace Richard Weinberger (1): ubi: fastmap: Cancel work upon detach Robert Elliott (1): linvdimm, pmem: Preserve read-only setting for pmem devices Sasha Levin (1): Revert "Btrfs: fix scrub to repair raid6 corruption" Scott Mayhew (1): nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir Silvio Cesare (1): UBIFS: Fix potential integer overflow in allocation Srinivas Kandagatla (1): ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it Stefan M Schaeckeler (1): of: unittest: for strings, account for trailing \0 in property length field Stefan Potyra (1): w1: mxc_w1: Enable clock before calling clk_get_rate() on it Steffen Maier (7): scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread Szymon Janc (1): Bluetooth: Fix connection if directed advertising and privacy is used Takashi Iwai (1): ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 Tao Wang (1): cpufreq: Fix new policy initialization during limits updates via sysfs Tetsuo Handa (2): driver core: Don't ignore class_dir_create_and_add() failure. fuse: don't keep dead fuse_conn at fuse_fill_super(). Thadeu Lima de Souza Cascardo (1): fs/binfmt_misc.c: do not allow offset overflow Tobias Brunner (1): xfrm: Ignore socket policies when rebuilding hash tables Tokunori Ikegami (2): mtd: cfi_cmdset_0002: Change write buffer to check correct value MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum Xiangning Yu (1): bonding: re-evaluate force_primary when the primary slave name changes

6 years, 11 months

1
1
0 0

Linux 3.18.114

by Greg KH

I'm announcing the release of the 3.18.114 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 7 - arch/arm/boot/compressed/head.S | 16 +-- arch/arm/include/asm/kgdb.h | 2 arch/arm/mach-davinci/board-dm355-evm.c | 6 + arch/arm/mach-davinci/board-dm646x-evm.c | 3 arch/arm/mach-keystone/pm_domain.c | 1 arch/arm64/kernel/ptrace.c | 6 - arch/hexagon/include/asm/io.h | 6 + arch/hexagon/lib/checksum.c | 1 arch/m68k/mm/kmap.c | 3 arch/mips/bcm47xx/setup.c | 6 + arch/mips/include/asm/io.h | 4 arch/mips/include/asm/mipsregs.h | 3 arch/mips/kernel/mcount.S | 27 ++---- arch/parisc/kernel/time.c | 2 arch/powerpc/kernel/entry_64.S | 1 arch/powerpc/kernel/fadump.c | 3 arch/powerpc/kernel/hw_breakpoint.c | 4 arch/powerpc/kernel/ptrace.c | 1 arch/x86/kernel/cpu/intel.c | 3 arch/xtensa/kernel/traps.c | 2 drivers/ata/libata-core.c | 3 drivers/ata/libata-eh.c | 4 drivers/ata/libata-zpodd.c | 4 drivers/char/agp/uninorth-agp.c | 4 drivers/char/ipmi/ipmi_bt_sm.c | 3 drivers/gpu/drm/msm/msm_gem.c | 20 ++-- drivers/gpu/drm/omapdrm/omap_dmm_tiler.c | 6 + drivers/i2c/busses/i2c-pmcmsp.c | 4 drivers/i2c/busses/i2c-viperboard.c | 2 drivers/md/dm-thin.c | 11 ++ drivers/media/dvb-core/dvb_frontend.c | 23 +++-- drivers/media/usb/cx231xx/cx231xx-cards.c | 3 drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 drivers/mtd/chips/cfi_cmdset_0002.c | 21 ++-- drivers/net/can/dev.c | 2 drivers/net/phy/marvell.c | 9 ++ drivers/pci/hotplug/pciehp.h | 2 drivers/pci/hotplug/pciehp_core.c | 2 drivers/pci/hotplug/pciehp_hpc.c | 13 ++ drivers/s390/net/smsgiucv.c | 2 drivers/scsi/isci/port_config.c | 3 drivers/scsi/qla2xxx/qla_init.c | 3 drivers/scsi/scsi_transport_iscsi.c | 29 ++++-- drivers/scsi/vmw_pvscsi.c | 2 drivers/usb/core/hub.c | 4 drivers/usb/musb/musb_host.c | 5 - drivers/usb/musb/musb_host.h | 7 + drivers/usb/musb/musb_virthub.c | 25 +++-- drivers/video/backlight/as3711_bl.c | 33 +++++-- drivers/video/backlight/max8925_bl.c | 4 drivers/video/backlight/tps65217_bl.c | 4 drivers/video/fbdev/uvesafb.c | 3 drivers/w1/masters/mxc_w1.c | 20 ++-- drivers/xen/events/events_base.c | 2 fs/binfmt_misc.c | 12 ++ fs/btrfs/scrub.c | 2 fs/ext4/inode.c | 36 ++++---- fs/ext4/resize.c | 2 fs/fuse/dir.c | 13 ++ fs/fuse/inode.c | 1 fs/isofs/inode.c | 3 fs/nfsd/nfs4xdr.c | 5 - fs/notify/fsnotify.c | 25 ++--- fs/ubifs/journal.c | 2 fs/udf/directory.c | 3 include/linux/blkdev.h | 4 include/linux/compiler.h | 2 kernel/kthread.c | 7 - kernel/time/time.c | 6 - net/ipv4/tcp_input.c | 2 net/key/af_key.c | 45 +++++++--- net/mac80211/mlme.c | 25 ++++- net/rds/ib_cm.c | 3 sound/pci/hda/hda_controller.c | 4 sound/soc/cirrus/edb93xx.c | 2 sound/soc/cirrus/ep93xx-i2s.c | 26 +++-- sound/soc/cirrus/snappercl15.c | 2 sound/soc/soc-dapm.c | 2 tools/Makefile | 20 +++- tools/net/bpf_dbg.c | 7 + tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-multi-actions-accept.tc | 44 +++++++++ 82 files changed, 466 insertions(+), 230 deletions(-) Alexander Sverdlin (2): ASoC: cirrus: i2s: Fix LRCLK configuration ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup Amir Goldstein (1): fsnotify: fix ignore mask logic in send_to_group() Aneesh Kumar K.V (1): powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch Arnd Bergmann (2): hexagon: add memset_io() helper hexagon: export csum_partial_copy_nocheck Baolin Wang (1): parisc: time: Convert read_persistent_clock() to read_persistent_clock64() Ben Hutchings (1): drm/msm: Fix possible null dereference on failure of get_pages() Bo Chen (1): ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() Boris Ostrovsky (1): xen: Remove unnecessary BUG_ON from __unbind_from_irq() Chengguang Xu (1): isofs: fix potential memory leak in mount option parsing Chris Leech (1): scsi: iscsi: respond to netlink with unicast when appropriate Colin Ian King (2): scsi: isci: Fix infinite loop in while loop libata: zpodd: make arrays cdb static, reduces object code size Corey Minyard (1): ipmi:bt: Set the timeout before doing a capabilities check Dag Moxnes (1): rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp Dan Carpenter (1): libata: zpodd: small read overflow in eject_tray() Daniel Glöckner (1): usb: musb: fix remote wakeup racing with suspend David Rivshin (1): ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size Eric Dumazet (1): tcp: do not overshoot window_clamp in tcp_rcv_space_adjust() Eric W. Biederman (1): signal/xtensa: Consistenly use SIGBUS in do_unaligned_user Geert Uytterhoeven (1): time: Make sure jiffies_to_msecs() preserves non-zero time periods Greg Kroah-Hartman (1): Linux 3.18.114 Hans de Goede (1): libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk Himanshu Madhani (1): scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails Huacai Chen (1): MIPS: io: Add barrier after register read in inX() Ilan Peer (1): mac80211: Adjust SAE authentication timeout Jakob Unterwurzacher (1): can: dev: increase bus-off message severity Jan Kara (2): ext4: fix fencepost error in check for inode count overflow during resize udf: Detect incorrect directory size Jim Gill (1): scsi: vmw-pvscsi: return DID_BUS_BUSY for adapter-initated aborts Jingju Hou (1): net: phy: marvell: clear wol event before setting it Jiri Olsa (2): tools build: No need to make libapi for perf explicitly tools build: Fix Makefile(s) to properly invoke tools build Joakim Tjernlund (4): mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. Johan Hovold (3): backlight: as3711_bl: Fix Device Tree node lookup backlight: max8925_bl: Fix Device Tree node lookup backlight: tps65217_bl: Fix Device Tree node lookup John Fastabend (1): bpf: fix uninitialized variable in bpf tools Kai-Heng Feng (1): media: cx231xx: Add support for AverMedia DVD EZMaker 7 Kees Cook (1): video: uvesafb: Fix integer overflow in allocation Keith Busch (1): block: Fix transfer when chunk sectors exceeds max Kevin Easton (1): af_key: Always verify length of provided sadb_key Lukas Czerner (1): ext4: update mtime in ext4_punch_hole even if no blocks are released Mahesh Salgaonkar (1): powerpc/fadump: Unregister fadump on kexec down path. Mark Rutland (1): arm64: ptrace: remove addr_limit manipulation Martin Schwidefsky (1): s390/smsgiucv: disable SMSG on module unload Masami Hiramatsu (1): selftests: ftrace: Add a testcase for multiple actions on trigger Mathieu Malaterre (2): driver core: add __printf verification to __ata_ehi_pushv_desc agp: uninorth: make two functions static Matthias Schiffer (1): mips: ftrace: fix static function graph tracing Mauro Carvalho Chehab (2): media: v4l2-compat-ioctl32: prevent go past max size media: dvb_frontend: fix locking issues at dvb_frontend_get_event() Maxim Moseychuk (1): usb: do not reset if a low-speed or full-speed device timed out Michael Neuling (2): powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG powerpc/ptrace: Fix enforcement of DAWR constraints Michael Schmitz (1): m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() Mika Westerberg (1): PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume Mike Snitzer (1): dm thin: handle running out of data space vs concurrent discard Miklos Szeredi (1): fuse: atomic_o_trunc should truncate pagecache Mikulas Patocka (1): branch-check: fix long->int truncation when profiling branches Peter Rosin (3): i2c: pmcmsp: return message count on master_xfer success i2c: pmcmsp: fix error return from master_xfer i2c: viperboard: return message count on master_xfer success Peter Zijlstra (1): kthread, sched/wait: Fix kthread_parkme() wait-loop Qu Wenruo (1): btrfs: scrub: Don't use inode pages for device replace Russell King (1): ARM: keystone: fix platform_domain_notifier array overrun Scott Mayhew (1): nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir Sekhar Nori (2): ARM: davinci: board-dm355-evm: fix broken networking ARM: davinci: board-dm646x-evm: set VPIF capture card name Silvio Cesare (1): UBIFS: Fix potential integer overflow in allocation Sinan Kaya (1): MIPS: io: Add barrier after register read in readX() Srinivas Kandagatla (1): ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it Stefan Potyra (1): w1: mxc_w1: Enable clock before calling clk_get_rate() on it Tetsuo Handa (1): fuse: don't keep dead fuse_conn at fuse_fill_super(). Thadeu Lima de Souza Cascardo (1): fs/binfmt_misc.c: do not allow offset overflow Tokunori Ikegami (2): mtd: cfi_cmdset_0002: Change write buffer to check correct value MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum Tomi Valkeinen (1): drm/omap: fix possible NULL ref issue in tiler_reserve_2d jacek.tomaka(a)poczta.fm (1): x86/cpu/intel: Add missing TLB cpuid values Łukasz Stelmach (1): ARM: 8753/1: decompressor: add a missing parameter to the addruart macro

6 years, 11 months

1
1
0 0

patch "mei: discard messages from not connected client during power down." added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mei: discard messages from not connected client during power down. to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From b7a020bff31318fc8785e6f96b1d38c1625cf1fb Mon Sep 17 00:00:00 2001 From: Alexander Usyskin <alexander.usyskin(a)intel.com> Date: Thu, 7 Jun 2018 00:31:48 +0300 Subject: mei: discard messages from not connected client during power down. This fixes regression introduced by commit 8d52af6795c0 ("mei: speed up the power down flow") In power down or suspend flow a message can still be received from the FW because the clients fake disconnection. In normal case we interpret messages w/o destination as corrupted and link reset is performed in order to clean the channel, but during power down link reset is already in progress resulting in endless loop. To resolve the issue under power down flow we discard messages silently. Cc: <stable(a)vger.kernel.org> 4.16+ Fixes: 8d52af6795c0 ("mei: speed up the power down flow") Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199541 Signed-off-by: Alexander Usyskin <alexander.usyskin(a)intel.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/mei/interrupt.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/misc/mei/interrupt.c b/drivers/misc/mei/interrupt.c index b0b8f18a85e3..6649f0d56d2f 100644 --- a/drivers/misc/mei/interrupt.c +++ b/drivers/misc/mei/interrupt.c @@ -310,8 +310,11 @@ int mei_irq_read_handler(struct mei_device *dev, if (&cl->link == &dev->file_list) { /* A message for not connected fixed address clients * should be silently discarded + * On power down client may be force cleaned, + * silently discard such messages */ - if (hdr_is_fixed(mei_hdr)) { + if (hdr_is_fixed(mei_hdr) || + dev->dev_state == MEI_DEV_POWER_DOWN) { mei_irq_discard_msg(dev, mei_hdr); ret = 0; goto reset_slots; -- 2.18.0

6 years, 11 months

1
0
0 0

patch "Drivers: hv: vmbus: Fix the offer_in_progress in" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled Drivers: hv: vmbus: Fix the offer_in_progress in to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 50229128727f7e11840ca1b2b501f880818d56b6 Mon Sep 17 00:00:00 2001 From: Dexuan Cui <decui(a)microsoft.com> Date: Tue, 5 Jun 2018 13:37:52 -0700 Subject: Drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer() I didn't really hit a real bug, but just happened to spot the bug: we have decreased the counter at the beginning of vmbus_process_offer(), so we mustn't decrease it again. Fixes: 6f3d791f3006 ("Drivers: hv: vmbus: Fix rescind handling issues") Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Cc: stable(a)vger.kernel.org Cc: Stephen Hemminger <sthemmin(a)microsoft.com> Cc: K. Y. Srinivasan <kys(a)microsoft.com> Cc: Stable <stable(a)vger.kernel.org> # 4.14 and above Signed-off-by: K. Y. Srinivasan <kys(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/hv/channel_mgmt.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c index ecc2bd275a73..f3b551a50653 100644 --- a/drivers/hv/channel_mgmt.c +++ b/drivers/hv/channel_mgmt.c @@ -527,10 +527,8 @@ static void vmbus_process_offer(struct vmbus_channel *newchannel) struct hv_device *dev = newchannel->primary_channel->device_obj; - if (vmbus_add_channel_kobj(dev, newchannel)) { - atomic_dec(&vmbus_connection.offer_in_progress); + if (vmbus_add_channel_kobj(dev, newchannel)) goto err_free_chan; - } if (channel->sc_creation_callback != NULL) channel->sc_creation_callback(newchannel); -- 2.18.0

6 years, 11 months

1
0
0 0

patch "staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data()." added to staging-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data(). to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 920c92448839bd4f8eb87a92b08cad56d449caff Mon Sep 17 00:00:00 2001 From: Murray McAllister <murray.mcallister(a)insomniasec.com> Date: Mon, 2 Jul 2018 13:07:28 +1200 Subject: staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data(). Dan Carpenter reported an integer underflow issue in the rtl8188eu driver. This is also needed for the length (signed integer) in rtl8723bs, as it is later converted to an unsigned integer and used in a memcpy operation. Original issue is at https://patchwork.kernel.org/patch/9796371/ Reported-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Murray McAllister <murray.mcallister(a)insomniasec.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/rtl8723bs/core/rtw_ap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/rtl8723bs/core/rtw_ap.c b/drivers/staging/rtl8723bs/core/rtw_ap.c index 45c05527a57a..faf4b4158cfa 100644 --- a/drivers/staging/rtl8723bs/core/rtw_ap.c +++ b/drivers/staging/rtl8723bs/core/rtw_ap.c @@ -1051,7 +1051,7 @@ int rtw_check_beacon_data(struct adapter *padapter, u8 *pbuf, int len) return _FAIL; - if (len > MAX_IE_SZ) + if (len < 0 || len > MAX_IE_SZ) return _FAIL; pbss_network->IELength = len; -- 2.18.0

6 years, 11 months

3
2
0 0

[PATCH v5 0/7] powerpc/pseries: Machien check handler improvements.

by Mahesh J Salgaonkar

This patch series includes some improvement to Machine check handler for pseries. Patch 1 fixes a buffer overrun issue if rtas extended error log size is greater than RTAS_ERROR_LOG_MAX. Patch 2 fixes an issue where machine check handler crashes kernel while accessing vmalloc-ed buffer while in nmi context. Patch 3 fixes endain bug while restoring of r3 in MCE handler. Patch 5 implements a real mode mce handler and flushes the SLBs on SLB error. Patch 6 display's the MCE error details on console. Patch 7 saves and dumps the SLB contents on SLB MCE errors to improve the debugability. Change in V5: - Use min_t instead of max_t. - Fix an issue reported by kbuild test robot and addressed review comments. Change in V4: - Flush the SLBs in real mode mce handler to handle SLB errors for entry 0. - Allocate buffers per cpu to hold rtas error log and old slb contents. - Defer the logging of rtas error log to irq work queue. Change in V3: - Moved patch 5 to patch 2 Change in V2: - patch 3: Display additional info (NIP and task info) in MCE error details. - patch 5: Fix endain bug while restoring of r3 in MCE handler. --- Mahesh Salgaonkar (7): powerpc/pseries: Avoid using the size greater than powerpc/pseries: Defer the logging of rtas error to irq work queue. powerpc/pseries: Fix endainness while restoring of r3 in MCE handler. powerpc/pseries: Define MCE error event section. powerpc/pseries: flush SLB contents on SLB MCE errors. powerpc/pseries: Display machine check error details. powerpc/pseries: Dump the SLB contents on SLB MCE errors. arch/powerpc/include/asm/book3s/64/mmu-hash.h | 8 + arch/powerpc/include/asm/machdep.h | 1 arch/powerpc/include/asm/paca.h | 4 arch/powerpc/include/asm/rtas.h | 116 ++++++++++++ arch/powerpc/kernel/exceptions-64s.S | 42 ++++ arch/powerpc/kernel/mce.c | 16 +- arch/powerpc/mm/slb.c | 63 +++++++ arch/powerpc/platforms/powernv/opal.c | 1 arch/powerpc/platforms/pseries/pseries.h | 1 arch/powerpc/platforms/pseries/ras.c | 241 +++++++++++++++++++++++-- arch/powerpc/platforms/pseries/setup.c | 27 +++ 11 files changed, 499 insertions(+), 21 deletions(-) -- Signature

6 years, 11 months

3
4
0 0

[PATCH 1/2] misc: sram: fix resource leaks in probe error path

by Johan Hovold

Make sure to disable clocks and deregister any exported partitions before returning on late probe errors. Note that since commit ee895ccdf776 ("misc: sram: fix enabled clock leak on error path"), partitions are deliberately exported before enabling the clock so we stick to that logic here. A follow up patch will address this. Fixes: 2ae2e28852f2 ("misc: sram: add Atmel securam support") Cc: stable <stable(a)vger.kernel.org> # 4.9 Cc: Alexandre Belloni <alexandre.belloni(a)free-electrons.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/misc/sram.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/misc/sram.c b/drivers/misc/sram.c index c5dc6095686a..679647713e36 100644 --- a/drivers/misc/sram.c +++ b/drivers/misc/sram.c @@ -407,13 +407,20 @@ static int sram_probe(struct platform_device *pdev) if (init_func) { ret = init_func(); if (ret) - return ret; + goto err_disable_clk; } dev_dbg(sram->dev, "SRAM pool: %zu KiB @ 0x%p\n", gen_pool_size(sram->pool) / 1024, sram->virt_base); return 0; + +err_disable_clk: + if (sram->clk) + clk_disable_unprepare(sram->clk); + sram_free_partitions(sram); + + return ret; } static int sram_remove(struct platform_device *pdev) -- 2.18.0

6 years, 11 months

1
0
0 0

[PATCH 3.18 00/85] 3.18.114-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.114 release. There are 85 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Jul 3 15:31:04 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.114-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.114-rc1 Mike Snitzer <snitzer(a)redhat.com> dm thin: handle running out of data space vs concurrent discard Keith Busch <keith.busch(a)intel.com> block: Fix transfer when chunk sectors exceeds max Jan Kara <jack(a)suse.cz> udf: Detect incorrect directory size Boris Ostrovsky <boris.ostrovsky(a)oracle.com> xen: Remove unnecessary BUG_ON from __unbind_from_irq() Kees Cook <keescook(a)chromium.org> video: uvesafb: Fix integer overflow in allocation Scott Mayhew <smayhew(a)redhat.com> nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir Mauro Carvalho Chehab <mchehab(a)s-opensource.com> media: dvb_frontend: fix locking issues at dvb_frontend_get_event() Kai-Heng Feng <kai.heng.feng(a)canonical.com> media: cx231xx: Add support for AverMedia DVD EZMaker 7 Mauro Carvalho Chehab <mchehab(a)s-opensource.com> media: v4l2-compat-ioctl32: prevent go past max size Johan Hovold <johan(a)kernel.org> backlight: tps65217_bl: Fix Device Tree node lookup Johan Hovold <johan(a)kernel.org> backlight: max8925_bl: Fix Device Tree node lookup Johan Hovold <johan(a)kernel.org> backlight: as3711_bl: Fix Device Tree node lookup Silvio Cesare <silvio.cesare(a)gmail.com> UBIFS: Fix potential integer overflow in allocation Himanshu Madhani <himanshu.madhani(a)cavium.com> scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails Geert Uytterhoeven <geert(a)linux-m68k.org> time: Make sure jiffies_to_msecs() preserves non-zero time periods Huacai Chen <chenhc(a)lemote.com> MIPS: io: Add barrier after register read in inX() Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> mtd: cfi_cmdset_0002: Change write buffer to check correct value David Rivshin <DRivshin(a)allworx.com> ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size Mahesh Salgaonkar <mahesh(a)linux.vnet.ibm.com> powerpc/fadump: Unregister fadump on kexec down path. Michael Neuling <mikey(a)neuling.org> powerpc/ptrace: Fix enforcement of DAWR constraints Michael Neuling <mikey(a)neuling.org> powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fuse: don't keep dead fuse_conn at fuse_fill_super(). Miklos Szeredi <mszeredi(a)redhat.com> fuse: atomic_o_trunc should truncate pagecache Corey Minyard <cminyard(a)mvista.com> ipmi:bt: Set the timeout before doing a capabilities check Mikulas Patocka <mpatocka(a)redhat.com> branch-check: fix long->int truncation when profiling branches Matthias Schiffer <mschiffer(a)universe-factory.net> mips: ftrace: fix static function graph tracing Alexander Sverdlin <alexander.sverdlin(a)gmail.com> ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup Alexander Sverdlin <alexander.sverdlin(a)gmail.com> ASoC: cirrus: i2s: Fix LRCLK configuration Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it Maxim Moseychuk <franchesko.salias.hudro.pedros(a)gmail.com> usb: do not reset if a low-speed or full-speed device timed out Eric W. Biederman <ebiederm(a)xmission.com> signal/xtensa: Consistenly use SIGBUS in do_unaligned_user Michael Schmitz <schmitzmic(a)gmail.com> m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> fs/binfmt_misc.c: do not allow offset overflow Stefan Potyra <Stefan.Potyra(a)elektrobit.com> w1: mxc_w1: Enable clock before calling clk_get_rate() on it Hans de Goede <hdegoede(a)redhat.com> libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk Dan Carpenter <dan.carpenter(a)oracle.com> libata: zpodd: small read overflow in eject_tray() Colin Ian King <colin.king(a)canonical.com> libata: zpodd: make arrays cdb static, reduces object code size Bo Chen <chenbo(a)pdx.edu> ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() Qu Wenruo <wqu(a)suse.com> btrfs: scrub: Don't use inode pages for device replace Jan Kara <jack(a)suse.cz> ext4: fix fencepost error in check for inode count overflow during resize Lukas Czerner <lczerner(a)redhat.com> ext4: update mtime in ext4_punch_hole even if no blocks are released Eric Dumazet <edumazet(a)google.com> tcp: do not overshoot window_clamp in tcp_rcv_space_adjust() Łukasz Stelmach <l.stelmach(a)samsung.com> ARM: 8753/1: decompressor: add a missing parameter to the addruart macro Helge Deller <deller(a)gmx.de> parisc: Move setup_profiling_timer() out of init section Sekhar Nori <nsekhar(a)ti.com> ARM: davinci: board-dm646x-evm: set VPIF capture card name Peter Rosin <peda(a)axentia.se> i2c: viperboard: return message count on master_xfer success Peter Rosin <peda(a)axentia.se> i2c: pmcmsp: fix error return from master_xfer Peter Rosin <peda(a)axentia.se> i2c: pmcmsp: return message count on master_xfer success Russell King <rmk+kernel(a)armlinux.org.uk> ARM: keystone: fix platform_domain_notifier array overrun Daniel Glöckner <dg(a)emlix.com> usb: musb: fix remote wakeup racing with suspend Mathieu Malaterre <malat(a)debian.org> agp: uninorth: make two functions static Jakob Unterwurzacher <jakob.unterwurzacher(a)theobroma-systems.com> can: dev: increase bus-off message severity Mathieu Malaterre <malat(a)debian.org> driver core: add __printf verification to __ata_ehi_pushv_desc Tomi Valkeinen <tomi.valkeinen(a)ti.com> drm/omap: fix possible NULL ref issue in tiler_reserve_2d Ilan Peer <ilan.peer(a)intel.com> mac80211: Adjust SAE authentication timeout Peter Zijlstra <peterz(a)infradead.org> kthread, sched/wait: Fix kthread_parkme() wait-loop Helge Deller <deller(a)gmx.de> parisc: drivers.c: Fix section mismatches Jim Gill <jgill(a)vmware.com> scsi: vmw-pvscsi: return DID_BUS_BUSY for adapter-initated aborts Arnd Bergmann <arnd(a)arndb.de> hexagon: export csum_partial_copy_nocheck Arnd Bergmann <arnd(a)arndb.de> hexagon: add memset_io() helper Sekhar Nori <nsekhar(a)ti.com> ARM: davinci: board-dm355-evm: fix broken networking John Fastabend <john.fastabend(a)gmail.com> bpf: fix uninitialized variable in bpf tools jacek.tomaka(a)poczta.fm <jacek.tomaka(a)poczta.fm> x86/cpu/intel: Add missing TLB cpuid values Dag Moxnes <dag.moxnes(a)oracle.com> rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp Masami Hiramatsu <mhiramat(a)kernel.org> selftests: ftrace: Add a testcase for multiple actions on trigger Mark Rutland <mark.rutland(a)arm.com> arm64: ptrace: remove addr_limit manipulation Jingju Hou <Jingju.Hou(a)synaptics.com> net: phy: marvell: clear wol event before setting it Colin Ian King <colin.king(a)canonical.com> scsi: isci: Fix infinite loop in while loop Baolin Wang <baolin.wang(a)linaro.org> parisc: time: Convert read_persistent_clock() to read_persistent_clock64() Ben Hutchings <ben.hutchings(a)codethink.co.uk> drm/msm: Fix possible null dereference on failure of get_pages() Chris Leech <cleech(a)redhat.com> scsi: iscsi: respond to netlink with unicast when appropriate Chengguang Xu <cgxu519(a)gmx.com> isofs: fix potential memory leak in mount option parsing Martin Schwidefsky <schwidefsky(a)de.ibm.com> s390/smsgiucv: disable SMSG on module unload Sinan Kaya <okaya(a)codeaurora.org> MIPS: io: Add barrier after register read in readX() Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix ignore mask logic in send_to_group() Kevin Easton <kevin(a)guarana.org> af_key: Always verify length of provided sadb_key Jiri Olsa <jolsa(a)kernel.org> tools build: Fix Makefile(s) to properly invoke tools build Jiri Olsa <jolsa(a)kernel.org> tools build: No need to make libapi for perf explicitly ------------- Diffstat: Makefile | 9 ++--- arch/arm/boot/compressed/head.S | 16 ++++---- arch/arm/include/asm/kgdb.h | 2 +- arch/arm/mach-davinci/board-dm355-evm.c | 6 +++ arch/arm/mach-davinci/board-dm646x-evm.c | 3 +- arch/arm/mach-keystone/pm_domain.c | 1 + arch/arm64/kernel/ptrace.c | 6 --- arch/hexagon/include/asm/io.h | 6 +++ arch/hexagon/lib/checksum.c | 1 + arch/m68k/mm/kmap.c | 3 +- arch/mips/bcm47xx/setup.c | 6 +++ arch/mips/include/asm/io.h | 4 ++ arch/mips/include/asm/mipsregs.h | 3 ++ arch/mips/kernel/mcount.S | 27 ++++++------- arch/parisc/kernel/drivers.c | 7 ++-- arch/parisc/kernel/smp.c | 3 +- arch/parisc/kernel/time.c | 2 +- arch/powerpc/kernel/entry_64.S | 1 + arch/powerpc/kernel/fadump.c | 3 ++ arch/powerpc/kernel/hw_breakpoint.c | 4 +- arch/powerpc/kernel/ptrace.c | 1 + arch/x86/kernel/cpu/intel.c | 3 ++ arch/xtensa/kernel/traps.c | 2 +- drivers/ata/libata-core.c | 3 -- drivers/ata/libata-eh.c | 4 +- drivers/ata/libata-zpodd.c | 4 +- drivers/char/agp/uninorth-agp.c | 4 +- drivers/char/ipmi/ipmi_bt_sm.c | 3 +- drivers/gpu/drm/msm/msm_gem.c | 20 +++++----- drivers/gpu/drm/omapdrm/omap_dmm_tiler.c | 6 ++- drivers/i2c/busses/i2c-pmcmsp.c | 4 +- drivers/i2c/busses/i2c-viperboard.c | 2 +- drivers/md/dm-thin.c | 11 +++++- drivers/media/dvb-core/dvb_frontend.c | 23 +++++++---- drivers/media/usb/cx231xx/cx231xx-cards.c | 3 ++ drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 +- drivers/mtd/chips/cfi_cmdset_0002.c | 21 +++++----- drivers/net/can/dev.c | 2 +- drivers/net/phy/marvell.c | 9 +++++ drivers/pci/hotplug/pciehp.h | 2 +- drivers/pci/hotplug/pciehp_core.c | 2 +- drivers/pci/hotplug/pciehp_hpc.c | 13 ++++++- drivers/s390/net/smsgiucv.c | 2 +- drivers/scsi/isci/port_config.c | 3 +- drivers/scsi/qla2xxx/qla_init.c | 3 +- drivers/scsi/scsi_transport_iscsi.c | 29 ++++++++------ drivers/scsi/vmw_pvscsi.c | 2 +- drivers/usb/core/hub.c | 4 +- drivers/usb/musb/musb_host.c | 5 ++- drivers/usb/musb/musb_host.h | 7 +++- drivers/usb/musb/musb_virthub.c | 25 +++++++----- drivers/video/backlight/as3711_bl.c | 33 +++++++++++----- drivers/video/backlight/max8925_bl.c | 4 +- drivers/video/backlight/tps65217_bl.c | 4 +- drivers/video/fbdev/uvesafb.c | 3 +- drivers/w1/masters/mxc_w1.c | 20 ++++++---- drivers/xen/events/events_base.c | 2 - fs/binfmt_misc.c | 12 ++++-- fs/btrfs/scrub.c | 2 +- fs/ext4/inode.c | 36 ++++++++--------- fs/ext4/resize.c | 2 +- fs/fuse/dir.c | 13 ++++++- fs/fuse/inode.c | 1 + fs/isofs/inode.c | 3 ++ fs/nfsd/nfs4xdr.c | 5 ++- fs/notify/fsnotify.c | 25 ++++++------ fs/ubifs/journal.c | 2 +- fs/udf/directory.c | 3 ++ include/linux/blkdev.h | 4 +- include/linux/compiler.h | 2 +- kernel/kthread.c | 7 ++-- kernel/time/time.c | 6 ++- net/ipv4/tcp_input.c | 2 +- net/key/af_key.c | 45 +++++++++++++++++----- net/mac80211/mlme.c | 25 ++++++++---- net/rds/ib_cm.c | 3 +- sound/pci/hda/hda_controller.c | 4 +- sound/soc/cirrus/edb93xx.c | 2 +- sound/soc/cirrus/ep93xx-i2s.c | 26 +++++++------ sound/soc/cirrus/snappercl15.c | 2 +- sound/soc/soc-dapm.c | 2 + tools/Makefile | 20 +++++++--- tools/net/bpf_dbg.c | 7 +++- .../inter-event/trigger-multi-actions-accept.tc | 44 +++++++++++++++++++++ 84 files changed, 472 insertions(+), 236 deletions(-)

6 years, 11 months

5
83
0 0

[PATCH V3] ARM: dts: omap3: Fix am3517 mdio and emac clock references

by Adam Ford

A previous patch removed OMAP clock aliases that were perceived to be unnecessary. Unfortunately, it broke the ethernet on the am3517-evm. This patch enables the MDIO clock and EMAC clock. Fixes: 0ed266d7ae5e ("clk: ti: omap3: cleanup unnecessary clock aliases") Cc: stable(a)vger.kernel.org #4.16+ Signed-off-by: Adam Ford <aford173(a)gmail.com> --- V3: Fix subject heading since we're no longer modifying the clk driver V2: Instead of modifying clk-3xxx.c, this patch modifie the device tree to work like the original patch intended. diff --git a/arch/arm/boot/dts/am3517.dtsi b/arch/arm/boot/dts/am3517.dtsi index ca294914bbb1..4b6062b631b1 100644 --- a/arch/arm/boot/dts/am3517.dtsi +++ b/arch/arm/boot/dts/am3517.dtsi @@ -39,6 +39,8 @@ ti,davinci-ctrl-ram-size = <0x2000>; ti,davinci-rmii-en = /bits/ 8 <1>; local-mac-address = [ 00 00 00 00 00 00 ]; + clocks = <&emac_ick>; + clock-names = "ick"; }; davinci_mdio: ethernet@5c030000 { @@ -49,6 +51,8 @@ bus_freq = <1000000>; #address-cells = <1>; #size-cells = <0>; + clocks = <&emac_fck>; + clock-names = "fck"; }; uart4: serial@4809e000 { -- 2.17.1

6 years, 11 months

3
2
0 0

[PATCH 4.17 000/220] 4.17.4-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.17.4 release. There are 220 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Jul 3 16:08:27 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.17.4-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.17.4-rc1 Wenwen Wang <wang6495(a)umn.edu> virt: vbox: Only copy_from_user the request-header once Mike Snitzer <snitzer(a)redhat.com> dm thin: handle running out of data space vs concurrent discard Bart Van Assche <bart.vanassche(a)wdc.com> dm zoned: avoid triggering reclaim from inside dmz_map() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y Andy Lutomirski <luto(a)kernel.org> x86/entry/64/compat: Fix "x86/entry/64/compat: Preserve r8-r11 in int $0x80" Jann Horn <jannh(a)google.com> selinux: move user accesses in selinuxfs out of locked regions Naoya Horiguchi <n-horiguchi(a)ah.jp.nec.com> x86/e820: put !E820_TYPE_RAM regions into memblock.reserved Bart Van Assche <bart.vanassche(a)wdc.com> block: Fix cloning of requests with a special payload Keith Busch <keith.busch(a)intel.com> block: Fix transfer when chunk sectors exceeds max Ross Zwisler <ross.zwisler(a)linux.intel.com> pmem: only set QUEUE_FLAG_DAX for fsdax mode Mike Snitzer <snitzer(a)redhat.com> dm: use bio_split() when splitting out the already processed bio Jason A. Donenfeld <Jason(a)zx2c4.com> kasan: depend on CONFIG_SLUB_DEBUG Mikulas Patocka <mpatocka(a)redhat.com> slub: fix failure when we delete and create a slab cache Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: gpio: initialize SCL to HIGH again Wolfram Sang <wsa+renesas(a)sang-engineering.com> Revert "i2c: algo-bit: init the bus to a known state" Hui Wang <hui.wang(a)canonical.com> ALSA: hda/realtek - Fix the problem of two front mics on more machines Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co Takashi Iwai <tiwai(a)suse.de> ALSA: hda - Force to link down at runtime suspend on ATI/AMD HDMI Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Fix UBSAN warning at SNDRV_TIMER_IOCTL_NEXT_DEVICE ioctl ??? <kt.liao(a)emc.com.tw> Input: elantech - fix V4 report decoding for module with middle key Aaron Ma <aaron.ma(a)canonical.com> Input: elantech - enable middle button of touchpads on ThinkPad P52 Ben Hutchings <ben.hutchings(a)codethink.co.uk> Input: elan_i2c_smbus - fix more potential stack buffer overflows Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: psmouse - fix button reporting for basic protocols Enno Boland <gottox(a)voidlinux.eu> Input: xpad - fix GPD Win 2 controller name Jan Kara <jack(a)suse.cz> udf: Detect incorrect directory size Bartosz Golaszewski <bgolaszewski(a)baylibre.com> net: ethernet: fix suspend/resume in davinci_emac Boris Ostrovsky <boris.ostrovsky(a)oracle.com> xen: Remove unnecessary BUG_ON from __unbind_from_irq() Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Check for no filter when processing event filters Dan Williams <dan.j.williams(a)intel.com> mm: fix devmem_is_allowed() for sub-page System RAM intersections Jia He <jia.he(a)hxt-semitech.com> mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() Dongsheng Yang <dongsheng.yang(a)easystack.cn> rbd: flush rbd_dev->watch_dwork after watch is unregistered Hans de Goede <hdegoede(a)redhat.com> pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume Alexandr Savca <alexandr.savca(a)saltedge.com> Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID Hans de Goede <hdegoede(a)redhat.com> Input: silead - add MSSL0002 ACPI HID Hans de Goede <hdegoede(a)redhat.com> ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices Kees Cook <keescook(a)chromium.org> video: uvesafb: Fix integer overflow in allocation Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix a typo in nfs41_sequence_process Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..") Dave Wysochanski <dwysocha(a)redhat.com> NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message Scott Mayhew <smayhew(a)redhat.com> nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dvb_frontend: fix locking issues at dvb_frontend_get_event() Sean Young <sean(a)mess.org> media: rc: mce_kbd decoder: fix stuck keys Kai-Heng Feng <kai.heng.feng(a)canonical.com> media: cx231xx: Add support for AverMedia DVD EZMaker 7 Mauro Carvalho Chehab <mchehab(a)kernel.org> media: v4l2-compat-ioctl32: prevent go past max size Brad Love <brad(a)nextdimension.cc> media: cx231xx: Ignore an i2c mux adapter ming_qian <ming_qian(a)realsil.com.cn> media: uvcvideo: Support realtek's UVC 1.5 device Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> media: vsp1: Release buffers for each video node Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix packet decoding of CYC packets Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix "Unexpected indirect branch" error Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix MTC timing after overflow Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING Adrian Hunter <adrian.hunter(a)intel.com> perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 Sean Wang <sean.wang(a)mediatek.com> arm: dts: mt7623: fix invalid memory node being generated Sibi Sankar <sibis(a)codeaurora.org> remoteproc: Prevent incorrect rproc state on xfer mem ownership failure Jarkko Nikula <jarkko.nikula(a)linux.intel.com> mfd: intel-lpss: Fix Intel Cannon Lake LPSS I2C input clock Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel-lpss: Program REMAP register in PIO mode Peter Ujfalusi <peter.ujfalusi(a)ti.com> mfd: twl-core: Fix clock initialization Anton Ivanov <anton.ivanov(a)cambridgegreys.com> um: Fix raw interface options Anton Ivanov <anton.ivanov(a)cambridgegreys.com> um: Fix initialization of vector queues Chao Yu <yuchao0(a)huawei.com> f2fs: don't use GFP_ZERO for page caches Linus Torvalds <torvalds(a)linux-foundation.org> Revert "iommu/amd_iommu: Use CONFIG_DMA_DIRECT_OPS=y and dma_direct_{alloc,free}()" Johan Hovold <johan(a)kernel.org> backlight: tps65217_bl: Fix Device Tree node lookup Johan Hovold <johan(a)kernel.org> backlight: max8925_bl: Fix Device Tree node lookup Johan Hovold <johan(a)kernel.org> backlight: as3711_bl: Fix Device Tree node lookup Silvio Cesare <silvio.cesare(a)gmail.com> UBIFS: Fix potential integer overflow in allocation Richard Weinberger <richard(a)nod.at> ubi: fastmap: Correctly handle interrupted erasures in EBA Richard Weinberger <richard(a)nod.at> ubi: fastmap: Cancel work upon detach Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> rpmsg: smd: do not use mananged resources for endpoints and channels NeilBrown <neilb(a)suse.com> md: fix two problems with setting the "re-add" device state. Michael Trimarchi <michael(a)amarulasolutions.com> rtc: sun6i: Fix bit_idx value for clk_register_gate Marcin Ziemianowicz <marcin(a)ziemianowicz.com> clk: at91: PLL recalc_rate() now using cached MUL and DIV values Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clk: meson: meson8b: mark fclk_div2 gate clocks as CLK_IS_CRITICAL Ross Zwisler <ross.zwisler(a)linux.intel.com> libnvdimm, pmem: Unconditionally deep flush on *sync Robert Elliott <elliott(a)hpe.com> linvdimm, pmem: Preserve read-only setting for pmem devices Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler Mikhail Malygin <m.malygin(a)yadro.com> scsi: qla2xxx: Spinlock recursion in qla_target Anil Gurumurthy <anil.gurumurthy(a)cavium.com> scsi: qla2xxx: Mask off Scope bits in retry delay Himanshu Madhani <himanshu.madhani(a)cavium.com> scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails Quinn Tran <quinn.tran(a)cavium.com> scsi: qla2xxx: Delete session for nport id change Sinan Kaya <okaya(a)codeaurora.org> scsi: hpsa: disable device during shutdown Luis Henriques <lhenriques(a)suse.com> scsi: scsi_debug: Fix memory leak on module unload Dan Williams <dan.j.williams(a)intel.com> mm: fix __gup_device_huge vs unmap Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio: sca3000: Fix an error handling path in 'sca3000_probe()' Alexandru Ardelean <alexandru.ardelean(a)analog.com> iio: adc: ad7791: remove sample freq sysfs attributes Filipe Manana <fdmanana(a)suse.com> Btrfs: fix return value on rename exchange failure Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> X.509: unpack RSA signatureValue field from BIT STRING Waiman Long <longman(a)redhat.com> locking/rwsem: Fix up_read_non_owner() warning with DEBUG_RWSEMS Yang Yingliang <yangyingliang(a)huawei.com> irqchip/gic-v3-its: Don't bind LPI to unavailable NUMA node Geert Uytterhoeven <geert(a)linux-m68k.org> time: Make sure jiffies_to_msecs() preserves non-zero time periods Huacai Chen <chenhc(a)lemote.com> MIPS: io: Add barrier after register read in inX() Linus Walleij <linus.walleij(a)linaro.org> MIPS: pb44: Fix i2c-gpio GPIO descriptor table Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0 Fabio Estevam <fabio.estevam(a)nxp.com> pinctrl: devicetree: Fix pctldev pointer overwrite Paweł Chmiel <pawel.mikolaj.chmiel(a)gmail.com> pinctrl: samsung: Correct EINTG banks order Terry Zhou <bjzhou(a)marvell.com> pinctrl: armada-37xx: Fix spurious irq management Randy Dunlap <rdunlap(a)infradead.org> auxdisplay: fix broken menu Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI: Account for all bridges on bus when distributing bus numbers Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI: Add ACS quirk for Intel 300 series Alex Williamson <alex.williamson(a)redhat.com> PCI: Add ACS quirk for Intel 7th & 8th Gen mobile Sridhar Pitchai <Sridhar.Pitchai(a)microsoft.com> PCI: hv: Make sure the bus domain is really unique Jae Hyun Yoo <jae.hyun.yoo(a)linux.intel.com> clk:aspeed: Fix reset bits for PCI/VGA and PECI Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() Mason Yang <masonccyang(a)mxic.com.tw> mtd: rawnand: All AC chips have a broken GET_FEATURES(TIMINGS). Chris Packham <chris.packham(a)alliedtelesis.co.nz> mtd: rawnand: micron: add ONFI_FEATURE_ON_DIE_ECC to supported features Martin Kaiser <martin(a)kaiser.cx> mtd: rawnand: mxc: set spare area size register explicitly Abhishek Sahu <absahu(a)codeaurora.org> mtd: rawnand: fix return value check for bad block status Masahiro Yamada <yamada.masahiro(a)socionext.com> mtd: rawnand: denali_dt: set clk_x_rate to 200 MHz unconditionally Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> mtd: cfi_cmdset_0002: Change write buffer to check correct value Boris Brezillon <boris.brezillon(a)bootlin.com> mtd: rawnand: Do not check FAIL bit when executing a SET_FEATURES op Bharat Potnuri <bharat(a)chelsio.com> RDMA/core: Save kernel caller name when creating CQ using ib_create_cq() Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Return -ENOBUFS when no pages are available Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Discard unknown SQP work requests Jason Gunthorpe <jgg(a)ziepe.ca> IB/uverbs: Fix ordering of ucontext check in ib_uverbs_write Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/hfi1: Fix user context tail allocation for DMA_RTAIL Sebastian Sanchez <sebastian.sanchez(a)intel.com> IB/hfi1: Optimize kthread pointer locking when queuing CQ entries Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Reorder incorrect send context disable Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/hfi1: Fix fault injection init/exit issues Max Gurtovoy <maxg(a)mellanox.com> IB/isert: fix T10-pi check mask setting Alex Estrin <alex.estrin(a)intel.com> IB/isert: Fix for lib/dma_debug check_sync warning Erez Shitrit <erezsh(a)mellanox.com> IB/mlx5: Fetch soft WQE's on fatal error state Jack Morgenstein <jackm(a)dev.mellanox.co.il> IB/core: Make testing MR flags for writability a static inline function Jack Morgenstein <jackm(a)dev.mellanox.co.il> IB/mlx4: Mark user MR as writable if actual virtual memory is writable Alex Estrin <alex.estrin(a)intel.com> IB/{hfi1, qib}: Add handling of kernel restart Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/qib: Fix DMA api warning with debug kernel Hans de Goede <hdegoede(a)redhat.com> efi/libstub/tpm: Initialize efi_physical_addr_t vars to zero for mixed mode Tadeusz Struk <tadeusz.struk(a)intel.com> tpm: fix race condition in tpm_common_write() Tadeusz Struk <tadeusz.struk(a)intel.com> tpm: fix use after free in tpm2_load_context() Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> of: platform: stop accessing invalid dev in of_platform_device_destroy Stefan M Schaeckeler <sschaeck(a)cisco.com> of: unittest: for strings, account for trailing \0 in property length field Frank Rowand <frank.rowand(a)sony.com> of: overlay: validate offset from property fixups Kevin Hilman <khilman(a)baylibre.com> ARM64: dts: meson-gx: fix ATF reserved memory region Jerome Brunet <jbrunet(a)baylibre.com> ARM64: dts: meson: disable sd-uhs modes on the libretech-cc Thor Thayer <thor.thayer(a)linux.intel.com> arm64: dts: stratix10: Fix SPI nodes for Stratix10 Miquel Raynal <miquel.raynal(a)bootlin.com> arm64: dts: marvell: fix CP110 ICU node size Will Deacon <will.deacon(a)arm.com> arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance Will Deacon <will.deacon(a)arm.com> arm64: kpti: Use early_param for kpti= command-line option Jia He <hejianet(a)gmail.com> crypto: arm64/aes-blk - fix and move skcipher_walk_done out of kernel_neon_begin, _end Dave Martin <Dave.Martin(a)arm.com> arm64: Fix syscall restarting around signal suppressed by tracer Joel Fernandes (Google) <joel(a)joelfernandes.org> softirq: Reorder trace_softirqs_on to prevent lockdep splat Michael Buesch <m(a)bues.ch> hwrng: core - Always drop the RNG in hwrng_unregister() Dinh Nguyen <dinguyen(a)kernel.org> ARM: dts: socfpga: Fix NAND controller node compatible for Arria10 Marek Vasut <marex(a)denx.de> ARM: dts: socfpga: Fix NAND controller clock supply Marek Vasut <marex(a)denx.de> ARM: dts: socfpga: Fix NAND controller node compatible Thor Thayer <thor.thayer(a)linux.intel.com> ARM: dts: Fix SPI node for Arria10 Chen-Yu Tsai <wens(a)csie.org> ARM: dts: sun8i: h3: fix ALL-H3-CC H3 ver VCC-1V2 regulator voltage Icenowy Zheng <icenowy(a)aosc.io> ARM: dts: sun8i: h3: fix ALL-H3-CC H3 ver VDD-CPUX voltage David Rivshin <DRivshin(a)allworx.com> ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size Vaibhav Jain <vaibhav(a)linux.ibm.com> cxl: Disable prefault_mode in Radix mode Vaibhav Jain <vaibhav(a)linux.vnet.ibm.com> cxl: Configure PSL to not use APC virtual machines Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Fix DT CPU features Power9 DD2.1 logic Michael Jeanson <mjeanson(a)efficios.com> powerpc/e500mc: Set assembler machine type to e500mc Nicholas Piggin <npiggin(a)gmail.com> powerpc/64s/radix: Fix radix_kvm_prefetch_workaround paca access of not possible CPU Finley Xiao <finley.xiao(a)rock-chips.com> soc: rockchip: power-domain: Fix wrong value when power up pd with writemask Ross Zwisler <ross.zwisler(a)linux.intel.com> libnvdimm, pmem: Do not flush power-fail protected CPU caches Mahesh Salgaonkar <mahesh(a)linux.vnet.ibm.com> powerpc/fadump: Unregister fadump on kexec down path. Gautham R. Shenoy <ego(a)linux.vnet.ibm.com> cpuidle: powernv: Fix promotion from snooze if next state disabled Akshay Adiga <akshay.adiga(a)linux.vnet.ibm.com> powerpc/powernv/cpuidle: Init all present cpus for deep states Haren Myneni <haren(a)us.ibm.com> powerpc/powernv: copy/paste - Mask SO bit in CR Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Remove redundant free of TCE pages Michael Neuling <mikey(a)neuling.org> powerpc/ptrace: Fix enforcement of DAWR constraints Anju T Sudhakar <anju(a)linux.vnet.ibm.com> powerpc/perf: Fix memory allocation for core-imc based on num_possible_cpus() Michael Neuling <mikey(a)neuling.org> powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG Ram Pai <linuxram(a)us.ibm.com> powerpc/pkeys: Detach execute_only key on !PROT_EXEC Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix control dir setup and teardown Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fuse: don't keep dead fuse_conn at fuse_fill_super(). Miklos Szeredi <mszeredi(a)redhat.com> fuse: atomic_o_trunc should truncate pagecache Tejun Heo <tj(a)kernel.org> fuse: fix congested state leak on aborted connections Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> printk: fix possible reuse of va_list variable Amit Pundir <amit.pundir(a)linaro.org> Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader Corey Minyard <cminyard(a)mvista.com> ipmi:bt: Set the timeout before doing a capabilities check Mikulas Patocka <mpatocka(a)redhat.com> branch-check: fix long->int truncation when profiling branches Matthias Schiffer <mschiffer(a)universe-factory.net> mips: ftrace: fix static function graph tracing Steven Rostedt (VMware) <rostedt(a)goodmis.org> ftrace/selftest: Have the reset_trigger code be a bit more careful Geert Uytterhoeven <geert+renesas(a)glider.be> lib/vsprintf: Remove atomic-unsafe support for %pCr Geert Uytterhoeven <geert+renesas(a)glider.be> clk: renesas: cpg-mssr: Stop using printk format %pCr Geert Uytterhoeven <geert+renesas(a)glider.be> thermal: bcm2835: Stop using printk format %pCr Alexander Sverdlin <alexander.sverdlin(a)gmail.com> ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup Alexander Sverdlin <alexander.sverdlin(a)gmail.com> ASoC: cirrus: i2s: Fix LRCLK configuration Kai Chieh Chuang <kaichieh.chuang(a)mediatek.com> ASoC: mediatek: preallocate pages use platform device Paul Handrigan <Paul.Handrigan(a)cirrus.com> ASoC: cs35l35: Add use_single_rw to regmap config Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it Ingo Flaschberger <ingo.flaschberger(a)gmail.com> 1wire: family module autoload fails because of upper/lower case mismatch. Maxim Moseychuk <franchesko.salias.hudro.pedros(a)gmail.com> usb: do not reset if a low-speed or full-speed device timed out Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: renesas_sdhi: really fix WP logic regressions Waldemar Rymarkiewicz <waldemar.rymarkiewicz(a)gmail.com> PM / OPP: Update voltage in case freq == old_freq Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM / core: Fix supplier device runtime PM usage counter imbalance Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI / LPSS: Avoid PM quirks on suspend and resume from S3 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI / PM: Do not clear state_saved for devices that remain suspended Ulf Hansson <ulf.hansson(a)linaro.org> PM / Domains: Fix error path during attach in genpd Eric W. Biederman <ebiederm(a)xmission.com> signal/xtensa: Consistenly use SIGBUS in do_unaligned_user Daniel Wagner <daniel.wagner(a)siemens.com> serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version Mika Westerberg <mika.westerberg(a)linux.intel.com> mtd: spi-nor: intel-spi: Fix atomic sequence handling Guenter Roeck <linux(a)roeck-us.net> hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs Dmitry Torokhov <dmitry.torokhov(a)gmail.com> platform/chrome: cros_ec_lpc: do not try DMI match when ACPI device found Finn Thain <fthain(a)telegraphics.com.au> m68k/mac: Fix SWIM memory resource end address Michael Schmitz <schmitzmic(a)gmail.com> m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() Siarhei Liakh <Siarhei.Liakh(a)concurrent-rt.com> x86: Call fixup_exception() before notify_die() in math_error() Borislav Petkov <bp(a)suse.de> x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() Tony Luck <tony.luck(a)intel.com> x86/mce: Fix incorrect "Machine check from unknown source" message Tony Luck <tony.luck(a)intel.com> x86/mce: Check for alternate indication of machine check recovery on Skylake Tony Luck <tony.luck(a)intel.com> x86/mce: Improve error message when kernel cannot recover mike.travis(a)hpe.com <mike.travis(a)hpe.com> x86/platform/UV: Add kernel parameter to set memory block size mike.travis(a)hpe.com <mike.travis(a)hpe.com> x86/platform/UV: Use new set memory block size function mike.travis(a)hpe.com <mike.travis(a)hpe.com> x86/platform/UV: Add adjustable set memory block size function Juergen Gross <jgross(a)suse.com> x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths Dan Williams <dan.j.williams(a)intel.com> x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec() ------------- Diffstat: Documentation/ABI/testing/sysfs-class-cxl | 4 +- Documentation/core-api/printk-formats.rst | 3 +- Makefile | 4 +- arch/arm/boot/dts/mt7623.dtsi | 3 +- arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts | 1 + arch/arm/boot/dts/mt7623n-rfb.dtsi | 1 + arch/arm/boot/dts/socfpga.dtsi | 4 +- arch/arm/boot/dts/socfpga_arria10.dtsi | 5 +- arch/arm/boot/dts/sun8i-h3-libretech-all-h3-cc.dts | 8 +- arch/arm/include/asm/kgdb.h | 2 +- arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi | 6 +- arch/arm64/boot/dts/amlogic/meson-gx.dtsi | 6 + .../dts/amlogic/meson-gxl-s905x-libretech-cc.dts | 3 - arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 8 -- arch/arm64/boot/dts/marvell/armada-cp110.dtsi | 2 +- arch/arm64/crypto/aes-glue.c | 2 +- arch/arm64/kernel/cpufeature.c | 2 +- arch/arm64/kernel/signal.c | 5 +- arch/arm64/mm/proc.S | 5 +- arch/m68k/mac/config.c | 2 +- arch/m68k/mm/kmap.c | 3 +- arch/mips/ath79/mach-pb44.c | 2 +- arch/mips/bcm47xx/setup.c | 6 + arch/mips/include/asm/io.h | 2 + arch/mips/include/asm/mipsregs.h | 3 + arch/mips/kernel/mcount.S | 27 ++--- arch/powerpc/Makefile | 1 + arch/powerpc/kernel/dt_cpu_ftrs.c | 3 +- arch/powerpc/kernel/entry_64.S | 1 + arch/powerpc/kernel/fadump.c | 3 + arch/powerpc/kernel/hw_breakpoint.c | 4 +- arch/powerpc/kernel/ptrace.c | 1 + arch/powerpc/mm/pkeys.c | 4 +- arch/powerpc/mm/tlb-radix.c | 2 + arch/powerpc/perf/imc-pmu.c | 4 +- arch/powerpc/platforms/powernv/copy-paste.h | 3 +- arch/powerpc/platforms/powernv/idle.c | 4 +- arch/powerpc/platforms/powernv/pci-ioda.c | 1 - arch/um/drivers/vector_kern.c | 20 +++- arch/x86/entry/entry_64_compat.S | 16 +-- arch/x86/include/asm/barrier.h | 2 +- arch/x86/kernel/apic/x2apic_uv_x.c | 60 +++++++++- arch/x86/kernel/cpu/mcheck/mce-severity.c | 5 + arch/x86/kernel/cpu/mcheck/mce.c | 44 +++++--- arch/x86/kernel/e820.c | 15 ++- arch/x86/kernel/quirks.c | 11 +- arch/x86/kernel/traps.c | 14 ++- arch/x86/mm/init.c | 4 +- arch/x86/mm/init_64.c | 20 +++- arch/x86/platform/efi/efi_64.c | 4 +- arch/x86/xen/smp_pv.c | 5 + arch/xtensa/kernel/traps.c | 2 +- block/blk-core.c | 4 + crypto/asymmetric_keys/x509_cert_parser.c | 9 ++ drivers/acpi/acpi_lpss.c | 20 ++-- drivers/auxdisplay/Kconfig | 10 +- drivers/base/core.c | 15 ++- drivers/base/power/domain.c | 3 + drivers/block/rbd.c | 2 +- drivers/bluetooth/hci_qca.c | 6 + drivers/char/hw_random/core.c | 11 +- drivers/char/ipmi/ipmi_bt_sm.c | 3 +- drivers/char/tpm/tpm-dev-common.c | 40 +++---- drivers/char/tpm/tpm-dev.h | 2 +- drivers/char/tpm/tpm2-space.c | 3 +- drivers/clk/at91/clk-pll.c | 13 +-- drivers/clk/clk-aspeed.c | 4 +- drivers/clk/meson/meson8b.c | 7 ++ drivers/clk/renesas/renesas-cpg-mssr.c | 9 +- drivers/cpufreq/intel_pstate.c | 27 ++++- drivers/cpuidle/cpuidle-powernv.c | 32 +++++- drivers/firmware/efi/libstub/tpm.c | 2 +- drivers/hwmon/k10temp.c | 5 + drivers/i2c/algos/i2c-algo-bit.c | 5 - drivers/i2c/busses/i2c-gpio.c | 4 +- drivers/iio/accel/sca3000.c | 9 +- drivers/iio/adc/ad7791.c | 49 -------- drivers/infiniband/core/umem.c | 11 +- drivers/infiniband/core/uverbs_main.c | 14 ++- drivers/infiniband/core/verbs.c | 14 ++- drivers/infiniband/hw/hfi1/chip.c | 8 +- drivers/infiniband/hw/hfi1/debugfs.c | 8 +- drivers/infiniband/hw/hfi1/file_ops.c | 4 +- drivers/infiniband/hw/hfi1/hfi.h | 1 + drivers/infiniband/hw/hfi1/init.c | 22 +++- drivers/infiniband/hw/hfi1/pio.c | 44 ++++++-- drivers/infiniband/hw/mlx4/mad.c | 1 - drivers/infiniband/hw/mlx4/mr.c | 50 +++++++-- drivers/infiniband/hw/mlx5/cq.c | 15 ++- drivers/infiniband/hw/qib/qib.h | 4 +- drivers/infiniband/hw/qib/qib_file_ops.c | 10 +- drivers/infiniband/hw/qib/qib_init.c | 13 +++ drivers/infiniband/hw/qib/qib_user_pages.c | 20 ++-- drivers/infiniband/sw/rdmavt/cq.c | 31 ++++-- drivers/infiniband/ulp/isert/ib_isert.c | 28 +++-- drivers/input/joystick/xpad.c | 2 +- drivers/input/mouse/elan_i2c.h | 2 + drivers/input/mouse/elan_i2c_core.c | 3 +- drivers/input/mouse/elan_i2c_smbus.c | 10 +- drivers/input/mouse/elantech.c | 11 +- drivers/input/mouse/psmouse-base.c | 12 +- drivers/input/touchscreen/silead.c | 1 + drivers/iommu/Kconfig | 1 - drivers/iommu/amd_iommu.c | 68 ++++++++---- drivers/irqchip/irq-gic-v3-its.c | 9 +- drivers/md/dm-thin.c | 11 +- drivers/md/dm-zoned-target.c | 2 +- drivers/md/dm.c | 5 +- drivers/md/md.c | 4 +- drivers/media/dvb-core/dvb_frontend.c | 23 ++-- drivers/media/platform/vsp1/vsp1_video.c | 21 ++-- drivers/media/rc/ir-mce_kbd-decoder.c | 2 + drivers/media/usb/cx231xx/cx231xx-cards.c | 3 + drivers/media/usb/cx231xx/cx231xx-dvb.c | 2 +- drivers/media/usb/uvc/uvc_video.c | 24 +++- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 +- drivers/mfd/intel-lpss-pci.c | 25 +++-- drivers/mfd/intel-lpss.c | 4 +- drivers/mfd/twl-core.c | 2 +- drivers/misc/cxl/pci.c | 4 +- drivers/misc/cxl/sysfs.c | 16 ++- drivers/mmc/host/renesas_sdhi_core.c | 5 + drivers/mmc/host/renesas_sdhi_internal_dmac.c | 1 + drivers/mmc/host/renesas_sdhi_sys_dmac.c | 3 + drivers/mtd/chips/cfi_cmdset_0002.c | 21 ++-- drivers/mtd/nand/raw/denali_dt.c | 6 +- drivers/mtd/nand/raw/mxc_nand.c | 5 +- drivers/mtd/nand/raw/nand_base.c | 29 ++--- drivers/mtd/nand/raw/nand_macronix.c | 48 ++++++-- drivers/mtd/nand/raw/nand_micron.c | 2 + drivers/mtd/spi-nor/intel-spi.c | 76 +++++++++++-- drivers/mtd/ubi/build.c | 3 + drivers/mtd/ubi/eba.c | 90 ++++++++++++++- drivers/mtd/ubi/wl.c | 4 +- drivers/net/ethernet/ti/davinci_emac.c | 15 ++- drivers/nvdimm/bus.c | 14 ++- drivers/nvdimm/pmem.c | 10 +- drivers/nvdimm/region_devs.c | 3 +- drivers/of/platform.c | 5 +- drivers/of/resolver.c | 5 + drivers/of/unittest.c | 8 +- drivers/opp/core.c | 2 +- drivers/pci/host/pci-hyperv.c | 11 -- drivers/pci/hotplug/pciehp.h | 2 +- drivers/pci/hotplug/pciehp_core.c | 2 +- drivers/pci/hotplug/pciehp_hpc.c | 13 ++- drivers/pci/pci-driver.c | 5 +- drivers/pci/probe.c | 15 ++- drivers/pci/quirks.c | 20 ++++ drivers/pinctrl/devicetree.c | 7 +- drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 3 +- drivers/pinctrl/samsung/pinctrl-exynos-arm.c | 4 +- drivers/platform/chrome/cros_ec_lpc.c | 13 ++- drivers/pwm/pwm-lpss-platform.c | 5 + drivers/pwm/pwm-lpss.c | 30 +++++ drivers/pwm/pwm-lpss.h | 2 + drivers/remoteproc/qcom_q6v5_pil.c | 10 +- drivers/rpmsg/qcom_smd.c | 18 +-- drivers/rtc/rtc-sun6i.c | 4 +- drivers/s390/scsi/zfcp_dbf.c | 40 +++++++ drivers/s390/scsi/zfcp_erp.c | 123 ++++++++++++++++----- drivers/s390/scsi/zfcp_ext.h | 5 + drivers/s390/scsi/zfcp_scsi.c | 18 ++- drivers/scsi/hpsa.c | 10 +- drivers/scsi/qla2xxx/qla_gs.c | 4 +- drivers/scsi/qla2xxx/qla_init.c | 3 +- drivers/scsi/qla2xxx/qla_isr.c | 8 +- drivers/scsi/qla2xxx/qla_target.c | 7 +- drivers/scsi/scsi_debug.c | 2 +- drivers/soc/rockchip/pm_domains.c | 2 +- drivers/thermal/broadcom/bcm2835_thermal.c | 4 +- drivers/tty/serial/sh-sci.c | 8 +- drivers/usb/core/hub.c | 4 +- drivers/video/backlight/as3711_bl.c | 33 ++++-- drivers/video/backlight/max8925_bl.c | 4 +- drivers/video/backlight/tps65217_bl.c | 4 +- drivers/video/fbdev/uvesafb.c | 3 +- drivers/virt/vboxguest/vboxguest_linux.c | 4 +- drivers/w1/w1.c | 2 +- drivers/xen/events/events_base.c | 2 - fs/btrfs/inode.c | 4 +- fs/f2fs/checkpoint.c | 4 +- fs/f2fs/inode.c | 4 +- fs/f2fs/segment.c | 3 + fs/f2fs/segment.h | 1 + fs/fuse/control.c | 13 ++- fs/fuse/dev.c | 3 +- fs/fuse/dir.c | 13 ++- fs/fuse/inode.c | 1 + fs/nfs/callback_proc.c | 7 +- fs/nfs/nfs4idmap.c | 5 +- fs/nfs/nfs4proc.c | 2 +- fs/nfsd/nfs4xdr.c | 5 +- fs/ubifs/journal.c | 5 +- fs/udf/directory.c | 3 + include/dt-bindings/clock/aspeed-clock.h | 2 +- include/linux/blkdev.h | 4 +- include/linux/compiler.h | 2 +- include/linux/memory.h | 1 + include/linux/slub_def.h | 4 + include/rdma/ib_verbs.h | 27 ++++- include/rdma/rdma_vt.h | 2 +- kernel/locking/rwsem.c | 1 + kernel/printk/printk_safe.c | 5 +- kernel/softirq.c | 6 +- kernel/time/time.c | 6 +- kernel/trace/trace_events_filter.c | 10 +- lib/Kconfig.kasan | 1 + lib/vsprintf.c | 3 - mm/gup.c | 36 ++++-- mm/ksm.c | 14 ++- mm/slab_common.c | 4 + mm/slub.c | 7 +- net/sunrpc/xprtrdma/rpc_rdma.c | 2 +- security/selinux/selinuxfs.c | 78 ++++++------- sound/core/timer.c | 2 +- sound/pci/hda/hda_codec.c | 5 +- sound/pci/hda/hda_codec.h | 1 + sound/pci/hda/patch_hdmi.c | 5 + sound/pci/hda/patch_realtek.c | 20 +++- sound/soc/cirrus/edb93xx.c | 2 +- sound/soc/cirrus/ep93xx-i2s.c | 26 +++-- sound/soc/cirrus/snappercl15.c | 2 +- sound/soc/codecs/cs35l35.c | 1 + .../soc/mediatek/common/mtk-afe-platform-driver.c | 4 +- sound/soc/soc-dapm.c | 2 + tools/perf/util/dso.c | 2 + .../perf/util/intel-pt-decoder/intel-pt-decoder.c | 23 +++- .../perf/util/intel-pt-decoder/intel-pt-decoder.h | 9 ++ .../util/intel-pt-decoder/intel-pt-pkt-decoder.c | 2 +- tools/perf/util/intel-pt.c | 5 + tools/testing/selftests/ftrace/test.d/functions | 21 +++- 232 files changed, 1706 insertions(+), 756 deletions(-)

6 years, 11 months

4
218
0 0

[PATCH] vmw_balloon: fix inflation with batching

by Nadav Amit

Embarrassingly, the recent fix introduced worse problem than it solved, causing the balloon not to inflate. The VM informed the hypervisor that the pages for lock/unlock are sitting in the wrong address, as it used the page that is used the uninitialized page variable. Fixes: b23220fe054e9 ("vmw_balloon: fixing double free when batching mode is off") Cc: stable(a)vger.kernel.org Reviewed-by: Xavier Deguillard <xdeguillard(a)vmware.com> Signed-off-by: Nadav Amit <namit(a)vmware.com> --- drivers/misc/vmw_balloon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c index efd733472a35..56c6f79a5c5a 100644 --- a/drivers/misc/vmw_balloon.c +++ b/drivers/misc/vmw_balloon.c @@ -467,7 +467,7 @@ static int vmballoon_send_batched_lock(struct vmballoon *b, unsigned int num_pages, bool is_2m_pages, unsigned int *target) { unsigned long status; - unsigned long pfn = page_to_pfn(b->page); + unsigned long pfn = PHYS_PFN(virt_to_phys(b->batch_page)); STATS_INC(b->stats.lock[is_2m_pages]); @@ -515,7 +515,7 @@ static bool vmballoon_send_batched_unlock(struct vmballoon *b, unsigned int num_pages, bool is_2m_pages, unsigned int *target) { unsigned long status; - unsigned long pfn = page_to_pfn(b->page); + unsigned long pfn = PHYS_PFN(virt_to_phys(b->batch_page)); STATS_INC(b->stats.unlock[is_2m_pages]); -- 2.17.1

6 years, 11 months

1
0
0 0

[PATCH 1/2] Revert "UBIFS: Fix potential integer overflow in allocation"

by Richard Weinberger

This reverts commit 353748a359f1821ee934afc579cf04572406b420. It bypassed the linux-mtd review process and fixes the issue not as it should. Cc: Kees Cook <keescook(a)chromium.org> Cc: Silvio Cesare <silvio.cesare(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Richard Weinberger <richard(a)nod.at> --- fs/ubifs/journal.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/fs/ubifs/journal.c b/fs/ubifs/journal.c index 07b4956e0425..da8afdfccaa6 100644 --- a/fs/ubifs/journal.c +++ b/fs/ubifs/journal.c @@ -1282,11 +1282,10 @@ static int truncate_data_node(const struct ubifs_info *c, const struct inode *in int *new_len) { void *buf; - int err, compr_type; - u32 dlen, out_len, old_dlen; + int err, dlen, compr_type, out_len, old_dlen; out_len = le32_to_cpu(dn->size); - buf = kmalloc_array(out_len, WORST_COMPR_FACTOR, GFP_NOFS); + buf = kmalloc(out_len * WORST_COMPR_FACTOR, GFP_NOFS); if (!buf) return -ENOMEM; -- 2.18.0

6 years, 11 months

2
7
0 0

+ mm-teach-dump_page-to-correctly-output-poisoned-struct-pages.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm: teach dump_page() to correctly output poisoned struct pages has been added to the -mm tree. Its filename is mm-teach-dump_page-to-correctly-output-poisoned-struct-pages.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-teach-dump_page-to-correctly-ou… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-teach-dump_page-to-correctly-ou… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Pavel Tatashin <pasha.tatashin(a)oracle.com> Subject: mm: teach dump_page() to correctly output poisoned struct pages If struct page is poisoned, and uninitialized access is detected via PF_POISONED_CHECK(page) dump_page() is called to output the page. But, the dump_page() itself accesses struct page to determine how to print it, and therefore gets into a recursive loop. For example: dump_page() __dump_page() PageSlab(page) PF_POISONED_CHECK(page) VM_BUG_ON_PGFLAGS(PagePoisoned(page), page) dump_page() recursion loop. Link: http://lkml.kernel.org/r/20180702180536.2552-1-pasha.tatashin@oracle.com Fixes: f165b378bbdf ("mm: uninitialized struct page poisoning sanity checking") Signed-off-by: Pavel Tatashin <pasha.tatashin(a)oracle.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/debug.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff -puN mm/debug.c~mm-teach-dump_page-to-correctly-output-poisoned-struct-pages mm/debug.c --- a/mm/debug.c~mm-teach-dump_page-to-correctly-output-poisoned-struct-pages +++ a/mm/debug.c @@ -43,12 +43,25 @@ const struct trace_print_flags vmaflag_n void __dump_page(struct page *page, const char *reason) { + bool page_poisoned = PagePoisoned(page); + int mapcount; + + /* + * If struct page is poisoned don't access Page*() functions as that + * leads to recursive loop. Page*() check for poisoned pages, and calls + * dump_page() when detected. + */ + if (page_poisoned) { + pr_emerg("page:%px is uninitialized and poisoned", page); + goto hex_only; + } + /* * Avoid VM_BUG_ON() in page_mapcount(). * page->_mapcount space in struct page is used by sl[aou]b pages to * encode own info. */ - int mapcount = PageSlab(page) ? 0 : page_mapcount(page); + mapcount = PageSlab(page) ? 0 : page_mapcount(page); pr_emerg("page:%px count:%d mapcount:%d mapping:%px index:%#lx", page, page_ref_count(page), mapcount, @@ -60,6 +73,7 @@ void __dump_page(struct page *page, cons pr_emerg("flags: %#lx(%pGp)\n", page->flags, &page->flags); +hex_only: print_hex_dump(KERN_ALERT, "raw: ", DUMP_PREFIX_NONE, 32, sizeof(unsigned long), page, sizeof(struct page), false); @@ -68,7 +82,7 @@ void __dump_page(struct page *page, cons pr_alert("page dumped because: %s\n", reason); #ifdef CONFIG_MEMCG - if (page->mem_cgroup) + if (!page_poisoned && page->mem_cgroup) pr_alert("page->mem_cgroup:%px\n", page->mem_cgroup); #endif } _ Patches currently in -mm which might be from pasha.tatashin(a)oracle.com are mm-teach-dump_page-to-correctly-output-poisoned-struct-pages.patch mm-skip-invalid-pages-block-at-a-time-in-zero_resv_unresv.patch sparc64-ng4-memset-32-bits-overflow.patch

6 years, 11 months

1
0
0 0

[PATCH 4.14 000/157] 4.14.53-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.53 release. There are 157 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Jul 3 16:08:21 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.53-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.53-rc1 Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix use-after-free in xhci_free_virt_device Mike Snitzer <snitzer(a)redhat.com> dm thin: handle running out of data space vs concurrent discard Bart Van Assche <bart.vanassche(a)wdc.com> dm zoned: avoid triggering reclaim from inside dmz_map() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y Bart Van Assche <bart.vanassche(a)wdc.com> block: Fix cloning of requests with a special payload Keith Busch <keith.busch(a)intel.com> block: Fix transfer when chunk sectors exceeds max Mikulas Patocka <mpatocka(a)redhat.com> slub: fix failure when we delete and create a slab cache Hui Wang <hui.wang(a)canonical.com> ALSA: hda/realtek - Fix the problem of two front mics on more machines Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Fix UBSAN warning at SNDRV_TIMER_IOCTL_NEXT_DEVICE ioctl ??? <kt.liao(a)emc.com.tw> Input: elantech - fix V4 report decoding for module with middle key Aaron Ma <aaron.ma(a)canonical.com> Input: elantech - enable middle button of touchpads on ThinkPad P52 Ben Hutchings <ben.hutchings(a)codethink.co.uk> Input: elan_i2c_smbus - fix more potential stack buffer overflows Enno Boland <gottox(a)voidlinux.eu> Input: xpad - fix GPD Win 2 controller name Jan Kara <jack(a)suse.cz> udf: Detect incorrect directory size Boris Ostrovsky <boris.ostrovsky(a)oracle.com> xen: Remove unnecessary BUG_ON from __unbind_from_irq() Dan Williams <dan.j.williams(a)intel.com> mm: fix devmem_is_allowed() for sub-page System RAM intersections Jia He <jia.he(a)hxt-semitech.com> mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() Dongsheng Yang <dongsheng.yang(a)easystack.cn> rbd: flush rbd_dev->watch_dwork after watch is unregistered Hans de Goede <hdegoede(a)redhat.com> pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume Alexandr Savca <alexandr.savca(a)saltedge.com> Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID Hans de Goede <hdegoede(a)redhat.com> ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices Kees Cook <keescook(a)chromium.org> video: uvesafb: Fix integer overflow in allocation Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix a typo in nfs41_sequence_process Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..") Dave Wysochanski <dwysocha(a)redhat.com> NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message Scott Mayhew <smayhew(a)redhat.com> nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dvb_frontend: fix locking issues at dvb_frontend_get_event() Kai-Heng Feng <kai.heng.feng(a)canonical.com> media: cx231xx: Add support for AverMedia DVD EZMaker 7 Mauro Carvalho Chehab <mchehab(a)kernel.org> media: v4l2-compat-ioctl32: prevent go past max size Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> media: vsp1: Release buffers for each video node Kan Liang <kan.liang(a)intel.com> perf/x86/intel/uncore: Add event constraint for BDX PCU Kan Liang <Kan.liang(a)intel.com> perf vendor events: Add Goldmont Plus V1 event file Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix packet decoding of CYC packets Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix "Unexpected indirect branch" error Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix MTC timing after overflow Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING Adrian Hunter <adrian.hunter(a)intel.com> perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 Sean Wang <sean.wang(a)mediatek.com> arm: dts: mt7623: fix invalid memory node being generated Jarkko Nikula <jarkko.nikula(a)linux.intel.com> mfd: intel-lpss: Fix Intel Cannon Lake LPSS I2C input clock Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel-lpss: Program REMAP register in PIO mode Johan Hovold <johan(a)kernel.org> backlight: tps65217_bl: Fix Device Tree node lookup Johan Hovold <johan(a)kernel.org> backlight: max8925_bl: Fix Device Tree node lookup Johan Hovold <johan(a)kernel.org> backlight: as3711_bl: Fix Device Tree node lookup Silvio Cesare <silvio.cesare(a)gmail.com> UBIFS: Fix potential integer overflow in allocation Richard Weinberger <richard(a)nod.at> ubi: fastmap: Correctly handle interrupted erasures in EBA Richard Weinberger <richard(a)nod.at> ubi: fastmap: Cancel work upon detach Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> rpmsg: smd: do not use mananged resources for endpoints and channels NeilBrown <neilb(a)suse.com> md: fix two problems with setting the "re-add" device state. Michael Trimarchi <michael(a)amarulasolutions.com> rtc: sun6i: Fix bit_idx value for clk_register_gate Marcin Ziemianowicz <marcin(a)ziemianowicz.com> clk: at91: PLL recalc_rate() now using cached MUL and DIV values Robert Elliott <elliott(a)hpe.com> linvdimm, pmem: Preserve read-only setting for pmem devices Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF Steffen Maier <maier(a)linux.ibm.com> scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler Anil Gurumurthy <anil.gurumurthy(a)cavium.com> scsi: qla2xxx: Mask off Scope bits in retry delay Himanshu Madhani <himanshu.madhani(a)cavium.com> scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails Sinan Kaya <okaya(a)codeaurora.org> scsi: hpsa: disable device during shutdown Dan Williams <dan.j.williams(a)intel.com> mm: fix __gup_device_huge vs unmap Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio: sca3000: Fix an error handling path in 'sca3000_probe()' Alexandru Ardelean <alexandru.ardelean(a)analog.com> iio: adc: ad7791: remove sample freq sysfs attributes Filipe Manana <fdmanana(a)suse.com> Btrfs: fix return value on rename exchange failure Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> X.509: unpack RSA signatureValue field from BIT STRING Yang Yingliang <yangyingliang(a)huawei.com> irqchip/gic-v3-its: Don't bind LPI to unavailable NUMA node Geert Uytterhoeven <geert(a)linux-m68k.org> time: Make sure jiffies_to_msecs() preserves non-zero time periods Huacai Chen <chenhc(a)lemote.com> MIPS: io: Add barrier after register read in inX() Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0 Fabio Estevam <fabio.estevam(a)nxp.com> pinctrl: devicetree: Fix pctldev pointer overwrite Paweł Chmiel <pawel.mikolaj.chmiel(a)gmail.com> pinctrl: samsung: Correct EINTG banks order Randy Dunlap <rdunlap(a)infradead.org> auxdisplay: fix broken menu Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI: Add ACS quirk for Intel 300 series Alex Williamson <alex.williamson(a)redhat.com> PCI: Add ACS quirk for Intel 7th & 8th Gen mobile Sridhar Pitchai <Sridhar.Pitchai(a)microsoft.com> PCI: hv: Make sure the bus domain is really unique Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips Joakim Tjernlund <joakim.tjernlund(a)infinera.com> mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> mtd: cfi_cmdset_0002: Change write buffer to check correct value Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Return -ENOBUFS when no pages are available Leon Romanovsky <leonro(a)mellanox.com> RDMA/mlx4: Discard unknown SQP work requests Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/hfi1: Fix user context tail allocation for DMA_RTAIL Sebastian Sanchez <sebastian.sanchez(a)intel.com> IB/hfi1: Optimize kthread pointer locking when queuing CQ entries Michael J. Ruhl <michael.j.ruhl(a)intel.com> IB/hfi1: Reorder incorrect send context disable Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/hfi1: Fix fault injection init/exit issues Max Gurtovoy <maxg(a)mellanox.com> IB/isert: fix T10-pi check mask setting Alex Estrin <alex.estrin(a)intel.com> IB/isert: Fix for lib/dma_debug check_sync warning Erez Shitrit <erezsh(a)mellanox.com> IB/mlx5: Fetch soft WQE's on fatal error state Jack Morgenstein <jackm(a)dev.mellanox.co.il> IB/core: Make testing MR flags for writability a static inline function Jack Morgenstein <jackm(a)dev.mellanox.co.il> IB/mlx4: Mark user MR as writable if actual virtual memory is writable Alex Estrin <alex.estrin(a)intel.com> IB/{hfi1, qib}: Add handling of kernel restart Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/qib: Fix DMA api warning with debug kernel Tadeusz Struk <tadeusz.struk(a)intel.com> tpm: fix race condition in tpm_common_write() Tadeusz Struk <tadeusz.struk(a)intel.com> tpm: fix use after free in tpm2_load_context() Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> of: platform: stop accessing invalid dev in of_platform_device_destroy Stefan M Schaeckeler <sschaeck(a)cisco.com> of: unittest: for strings, account for trailing \0 in property length field Frank Rowand <frank.rowand(a)sony.com> of: overlay: validate offset from property fixups Jerome Brunet <jbrunet(a)baylibre.com> ARM64: dts: meson: disable sd-uhs modes on the libretech-cc Will Deacon <will.deacon(a)arm.com> arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance Will Deacon <will.deacon(a)arm.com> arm64: kpti: Use early_param for kpti= command-line option Dave Martin <Dave.Martin(a)arm.com> arm64: Fix syscall restarting around signal suppressed by tracer Dinh Nguyen <dinguyen(a)kernel.org> ARM: dts: socfpga: Fix NAND controller node compatible for Arria10 Marek Vasut <marex(a)denx.de> ARM: dts: socfpga: Fix NAND controller clock supply Marek Vasut <marex(a)denx.de> ARM: dts: socfpga: Fix NAND controller node compatible Thor Thayer <thor.thayer(a)linux.intel.com> ARM: dts: Fix SPI node for Arria10 David Rivshin <DRivshin(a)allworx.com> ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size Vaibhav Jain <vaibhav(a)linux.ibm.com> cxl: Disable prefault_mode in Radix mode Finley Xiao <finley.xiao(a)rock-chips.com> soc: rockchip: power-domain: Fix wrong value when power up pd with writemask Mahesh Salgaonkar <mahesh(a)linux.vnet.ibm.com> powerpc/fadump: Unregister fadump on kexec down path. Gautham R. Shenoy <ego(a)linux.vnet.ibm.com> cpuidle: powernv: Fix promotion from snooze if next state disabled Akshay Adiga <akshay.adiga(a)linux.vnet.ibm.com> powerpc/powernv/cpuidle: Init all present cpus for deep states Haren Myneni <haren(a)us.ibm.com> powerpc/powernv: copy/paste - Mask SO bit in CR Alexey Kardashevskiy <aik(a)ozlabs.ru> powerpc/powernv/ioda2: Remove redundant free of TCE pages Michael Neuling <mikey(a)neuling.org> powerpc/ptrace: Fix enforcement of DAWR constraints Anju T Sudhakar <anju(a)linux.vnet.ibm.com> powerpc/perf: Fix memory allocation for core-imc based on num_possible_cpus() Michael Neuling <mikey(a)neuling.org> powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG Aneesh Kumar K.V <aneesh.kumar(a)linux.ibm.com> powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix control dir setup and teardown Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> fuse: don't keep dead fuse_conn at fuse_fill_super(). Miklos Szeredi <mszeredi(a)redhat.com> fuse: atomic_o_trunc should truncate pagecache Tejun Heo <tj(a)kernel.org> fuse: fix congested state leak on aborted connections Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> printk: fix possible reuse of va_list variable Amit Pundir <amit.pundir(a)linaro.org> Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader Corey Minyard <cminyard(a)mvista.com> ipmi:bt: Set the timeout before doing a capabilities check Mikulas Patocka <mpatocka(a)redhat.com> branch-check: fix long->int truncation when profiling branches Matthias Schiffer <mschiffer(a)universe-factory.net> mips: ftrace: fix static function graph tracing Steven Rostedt (VMware) <rostedt(a)goodmis.org> ftrace/selftest: Have the reset_trigger code be a bit more careful Geert Uytterhoeven <geert+renesas(a)glider.be> lib/vsprintf: Remove atomic-unsafe support for %pCr Geert Uytterhoeven <geert+renesas(a)glider.be> clk: renesas: cpg-mssr: Stop using printk format %pCr Geert Uytterhoeven <geert+renesas(a)glider.be> thermal: bcm2835: Stop using printk format %pCr Alexander Sverdlin <alexander.sverdlin(a)gmail.com> ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup Alexander Sverdlin <alexander.sverdlin(a)gmail.com> ASoC: cirrus: i2s: Fix LRCLK configuration Paul Handrigan <Paul.Handrigan(a)cirrus.com> ASoC: cs35l35: Add use_single_rw to regmap config Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it Ingo Flaschberger <ingo.flaschberger(a)gmail.com> 1wire: family module autoload fails because of upper/lower case mismatch. Maxim Moseychuk <franchesko.salias.hudro.pedros(a)gmail.com> usb: do not reset if a low-speed or full-speed device timed out Waldemar Rymarkiewicz <waldemar.rymarkiewicz(a)gmail.com> PM / OPP: Update voltage in case freq == old_freq Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM / core: Fix supplier device runtime PM usage counter imbalance Ulf Hansson <ulf.hansson(a)linaro.org> PM / Domains: Fix error path during attach in genpd Eric W. Biederman <ebiederm(a)xmission.com> signal/xtensa: Consistenly use SIGBUS in do_unaligned_user Daniel Wagner <daniel.wagner(a)siemens.com> serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version Finn Thain <fthain(a)telegraphics.com.au> m68k/mac: Fix SWIM memory resource end address Michael Schmitz <schmitzmic(a)gmail.com> m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() Siarhei Liakh <Siarhei.Liakh(a)concurrent-rt.com> x86: Call fixup_exception() before notify_die() in math_error() Borislav Petkov <bp(a)suse.de> x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out() Tony Luck <tony.luck(a)intel.com> x86/mce: Fix incorrect "Machine check from unknown source" message Tony Luck <tony.luck(a)intel.com> x86/mce: Check for alternate indication of machine check recovery on Skylake Tony Luck <tony.luck(a)intel.com> x86/mce: Improve error message when kernel cannot recover Juergen Gross <jgross(a)suse.com> x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths Dan Williams <dan.j.williams(a)intel.com> x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec() ------------- Diffstat: Documentation/ABI/testing/sysfs-class-cxl | 4 +- Documentation/printk-formats.txt | 3 +- Makefile | 4 +- arch/arm/boot/dts/mt7623.dtsi | 3 +- arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts | 1 + arch/arm/boot/dts/mt7623n-rfb.dtsi | 1 + arch/arm/boot/dts/socfpga.dtsi | 4 +- arch/arm/boot/dts/socfpga_arria10.dtsi | 5 +- arch/arm/include/asm/kgdb.h | 2 +- .../dts/amlogic/meson-gxl-s905x-libretech-cc.dts | 3 - arch/arm64/kernel/cpufeature.c | 2 +- arch/arm64/kernel/signal.c | 5 +- arch/arm64/mm/proc.S | 5 +- arch/m68k/mac/config.c | 2 +- arch/m68k/mm/kmap.c | 3 +- arch/mips/bcm47xx/setup.c | 6 + arch/mips/include/asm/io.h | 2 + arch/mips/include/asm/mipsregs.h | 3 + arch/mips/kernel/mcount.S | 27 +- arch/powerpc/kernel/entry_64.S | 1 + arch/powerpc/kernel/fadump.c | 3 + arch/powerpc/kernel/hw_breakpoint.c | 4 +- arch/powerpc/kernel/ptrace.c | 1 + arch/powerpc/perf/imc-pmu.c | 4 +- arch/powerpc/platforms/powernv/copy-paste.h | 3 +- arch/powerpc/platforms/powernv/idle.c | 4 +- arch/powerpc/platforms/powernv/pci-ioda.c | 1 - arch/x86/events/intel/uncore_snbep.c | 8 + arch/x86/include/asm/barrier.h | 2 +- arch/x86/kernel/cpu/mcheck/mce-severity.c | 5 + arch/x86/kernel/cpu/mcheck/mce.c | 44 +- arch/x86/kernel/quirks.c | 11 +- arch/x86/kernel/traps.c | 14 +- arch/x86/mm/init.c | 4 +- arch/x86/platform/efi/efi_64.c | 4 +- arch/x86/xen/smp_pv.c | 5 + arch/xtensa/kernel/traps.c | 2 +- block/blk-core.c | 4 + crypto/asymmetric_keys/x509_cert_parser.c | 9 + drivers/acpi/acpi_lpss.c | 2 + drivers/auxdisplay/Kconfig | 10 +- drivers/base/core.c | 15 +- drivers/base/power/domain.c | 3 + drivers/base/power/opp/core.c | 2 +- drivers/block/rbd.c | 2 +- drivers/bluetooth/hci_qca.c | 6 + drivers/char/ipmi/ipmi_bt_sm.c | 3 +- drivers/char/tpm/tpm-dev-common.c | 40 +- drivers/char/tpm/tpm-dev.h | 2 +- drivers/char/tpm/tpm2-space.c | 3 +- drivers/clk/at91/clk-pll.c | 13 +- drivers/clk/renesas/renesas-cpg-mssr.c | 9 +- drivers/cpufreq/intel_pstate.c | 27 +- drivers/cpuidle/cpuidle-powernv.c | 32 +- drivers/iio/accel/sca3000.c | 9 +- drivers/iio/adc/ad7791.c | 49 - drivers/infiniband/core/umem.c | 11 +- drivers/infiniband/hw/hfi1/chip.c | 8 +- drivers/infiniband/hw/hfi1/debugfs.c | 8 +- drivers/infiniband/hw/hfi1/file_ops.c | 4 +- drivers/infiniband/hw/hfi1/hfi.h | 1 + drivers/infiniband/hw/hfi1/init.c | 22 +- drivers/infiniband/hw/hfi1/pio.c | 44 +- drivers/infiniband/hw/mlx4/mad.c | 1 - drivers/infiniband/hw/mlx4/mr.c | 50 +- drivers/infiniband/hw/mlx5/cq.c | 15 +- drivers/infiniband/hw/qib/qib.h | 4 +- drivers/infiniband/hw/qib/qib_file_ops.c | 10 +- drivers/infiniband/hw/qib/qib_init.c | 13 + drivers/infiniband/hw/qib/qib_user_pages.c | 20 +- drivers/infiniband/sw/rdmavt/cq.c | 31 +- drivers/infiniband/ulp/isert/ib_isert.c | 28 +- drivers/input/joystick/xpad.c | 2 +- drivers/input/mouse/elan_i2c.h | 2 + drivers/input/mouse/elan_i2c_core.c | 3 +- drivers/input/mouse/elan_i2c_smbus.c | 10 +- drivers/input/mouse/elantech.c | 11 +- drivers/irqchip/irq-gic-v3-its.c | 9 +- drivers/md/dm-thin.c | 11 +- drivers/md/dm-zoned-target.c | 2 +- drivers/md/md.c | 4 +- drivers/media/dvb-core/dvb_frontend.c | 23 +- drivers/media/platform/vsp1/vsp1_video.c | 21 +- drivers/media/usb/cx231xx/cx231xx-cards.c | 3 + drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 +- drivers/mfd/intel-lpss-pci.c | 25 +- drivers/mfd/intel-lpss.c | 4 +- drivers/misc/cxl/sysfs.c | 16 +- drivers/mtd/chips/cfi_cmdset_0002.c | 21 +- drivers/mtd/ubi/build.c | 3 + drivers/mtd/ubi/eba.c | 90 +- drivers/mtd/ubi/wl.c | 4 +- drivers/nvdimm/bus.c | 14 +- drivers/of/platform.c | 5 +- drivers/of/resolver.c | 5 + drivers/of/unittest.c | 8 +- drivers/pci/host/pci-hyperv.c | 11 - drivers/pci/hotplug/pciehp.h | 2 +- drivers/pci/hotplug/pciehp_core.c | 2 +- drivers/pci/hotplug/pciehp_hpc.c | 13 +- drivers/pci/quirks.c | 20 + drivers/pinctrl/devicetree.c | 7 +- drivers/pinctrl/samsung/pinctrl-exynos-arm.c | 4 +- drivers/pwm/pwm-lpss-platform.c | 5 + drivers/pwm/pwm-lpss.c | 30 + drivers/pwm/pwm-lpss.h | 2 + drivers/rpmsg/qcom_smd.c | 18 +- drivers/rtc/rtc-sun6i.c | 4 +- drivers/s390/scsi/zfcp_dbf.c | 40 + drivers/s390/scsi/zfcp_erp.c | 123 +- drivers/s390/scsi/zfcp_ext.h | 5 + drivers/s390/scsi/zfcp_scsi.c | 18 +- drivers/scsi/hpsa.c | 10 +- drivers/scsi/qla2xxx/qla_init.c | 3 +- drivers/scsi/qla2xxx/qla_isr.c | 8 +- drivers/soc/rockchip/pm_domains.c | 2 +- drivers/thermal/broadcom/bcm2835_thermal.c | 4 +- drivers/tty/serial/sh-sci.c | 8 +- drivers/usb/core/hub.c | 4 +- drivers/usb/host/xhci.c | 1 + drivers/video/backlight/as3711_bl.c | 33 +- drivers/video/backlight/max8925_bl.c | 4 +- drivers/video/backlight/tps65217_bl.c | 4 +- drivers/video/fbdev/uvesafb.c | 3 +- drivers/w1/w1.c | 2 +- drivers/xen/events/events_base.c | 2 - fs/btrfs/inode.c | 4 +- fs/fuse/control.c | 13 +- fs/fuse/dev.c | 3 +- fs/fuse/dir.c | 13 +- fs/fuse/inode.c | 1 + fs/nfs/callback_proc.c | 7 +- fs/nfs/nfs4idmap.c | 5 +- fs/nfs/nfs4proc.c | 2 +- fs/nfsd/nfs4xdr.c | 5 +- fs/ubifs/journal.c | 5 +- fs/udf/directory.c | 3 + include/linux/blkdev.h | 4 +- include/linux/compiler.h | 2 +- include/linux/slub_def.h | 4 + include/rdma/ib_verbs.h | 14 + include/rdma/rdma_vt.h | 2 +- kernel/printk/printk_safe.c | 5 +- kernel/time/time.c | 6 +- lib/vsprintf.c | 3 - mm/gup.c | 36 +- mm/ksm.c | 14 +- mm/slab_common.c | 4 + mm/slub.c | 7 +- net/sunrpc/xprtrdma/rpc_rdma.c | 2 +- sound/core/timer.c | 2 +- sound/pci/hda/patch_realtek.c | 20 +- sound/soc/cirrus/edb93xx.c | 2 +- sound/soc/cirrus/ep93xx-i2s.c | 26 +- sound/soc/cirrus/snappercl15.c | 2 +- sound/soc/codecs/cs35l35.c | 1 + sound/soc/soc-dapm.c | 2 + .../pmu-events/arch/x86/goldmontplus/cache.json | 1453 ++++++++++++++++++++ .../pmu-events/arch/x86/goldmontplus/frontend.json | 62 + .../pmu-events/arch/x86/goldmontplus/memory.json | 38 + .../pmu-events/arch/x86/goldmontplus/other.json | 98 ++ .../pmu-events/arch/x86/goldmontplus/pipeline.json | 544 ++++++++ .../arch/x86/goldmontplus/virtual-memory.json | 218 +++ tools/perf/pmu-events/arch/x86/mapfile.csv | 1 + tools/perf/util/dso.c | 2 + .../perf/util/intel-pt-decoder/intel-pt-decoder.c | 23 +- .../perf/util/intel-pt-decoder/intel-pt-decoder.h | 9 + .../util/intel-pt-decoder/intel-pt-pkt-decoder.c | 2 +- tools/perf/util/intel-pt.c | 5 + tools/testing/selftests/ftrace/test.d/functions | 21 +- 170 files changed, 3595 insertions(+), 505 deletions(-)

6 years, 11 months

4
155
0 0

[PATCH] usb/host/pci-quirks: Only reset USB bus on NVIDIA devices

by Paul Menzel

Currently, on the AMD board Asus F2A85-M Pro there is a 100 ms delay as the USB bus of each of the two OHCI PCI devices is reset. As a 50 ms delay is done per the USB specification. Commit c6187597 (OHCI: final fix for NVIDIA problems (I hope)) unconditionally does the bus reset for all chipsets, while it was only doen for NVIDIA chipsets before. As it should not be needed for non-NVIDIA chipsets, only do the reset for Nvidia devices. Tested on Asus F2A85-M PRO and ASRock E350M1. The USB keyboard works and the LUKS passphrase can be e ntered. Signed-off-by: Paul Menzel <pmenzel(a)molgen.mpg.de> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: linux-usb(a)vger.kernel.org Cc: Alan Stern <stern(a)rowland.harvard.edu> Cc: linux-kernel(a)vger.kernel.org Cc: stable(a)vger.kernel.org --- drivers/usb/host/pci-quirks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/host/pci-quirks.c b/drivers/usb/host/pci-quirks.c index 3625a5c1a41b..f6b1a9bbe301 100644 --- a/drivers/usb/host/pci-quirks.c +++ b/drivers/usb/host/pci-quirks.c @@ -784,7 +784,7 @@ static void quirk_usb_handoff_ohci(struct pci_dev *pdev) writel((u32) ~0, base + OHCI_INTRDISABLE); /* Reset the USB bus, if the controller isn't already in RESET */ - if (control & OHCI_HCFS) { + if ((pdev->vendor == PCI_VENDOR_ID_NVIDIA) && (control & OHCI_HCFS)) { /* Go into RESET, preserving RWC (and possibly IR) */ writel(control & OHCI_CTRL_MASK, base + OHCI_CONTROL); readl(base + OHCI_CONTROL); -- 2.17.1

6 years, 11 months

2
1
0 0

[PATCH] IB/hfi1: Fix user context tail allocation for DMA_RTAIL

by Mike Marciniszyn

commit 1bc0299d976e000ececc6acd76e33b4582646cb7 upstream. The following code fails to allocate a buffer for the tail address that the hardware DMAs into when the user context DMA_RTAIL is set. if (HFI1_CAP_KGET_MASK(rcd->flags, DMA_RTAIL)) { rcd->rcvhdrtail_kvaddr = dma_zalloc_coherent( &dd->pcidev->dev, PAGE_SIZE, &dma_hdrqtail, gfp_flags); if (!rcd->rcvhdrtail_kvaddr) goto bail_free; rcd->rcvhdrqtailaddr_dma = dma_hdrqtail; } So the rcvhdrtail_kvaddr would then be NULL. The mmap logic fails to check for a NULL rcvhdrtail_kvaddr. The fix is to test for both user and kernel DMA_TAIL options during the allocation as well as testing for a NULL rcvhdrtail_kvaddr during the mmap processing. Additionally, all downstream testing of the capmask for DMA_RTAIL have been eliminated in favor of testing rcvhdrtail_kvaddr. The patch had to be adjusted for lack of VNIC and interating contexts differently in the 4.9 code base. Reviewed-by: Michael J. Ruhl <michael.j.ruhl(a)intel.com> Signed-off-by: Mike Marciniszyn <mike.marciniszyn(a)intel.com> Signed-off-by: Dennis Dalessandro <dennis.dalessandro(a)intel.com> Signed-off-by: Jason Gunthorpe <jgg(a)mellanox.com> --- drivers/infiniband/hw/hfi1/chip.c | 8 ++++---- drivers/infiniband/hw/hfi1/file_ops.c | 2 +- drivers/infiniband/hw/hfi1/init.c | 9 ++++----- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/drivers/infiniband/hw/hfi1/chip.c b/drivers/infiniband/hw/hfi1/chip.c index 148b313..d30b3b9 100644 --- a/drivers/infiniband/hw/hfi1/chip.c +++ b/drivers/infiniband/hw/hfi1/chip.c @@ -6717,7 +6717,7 @@ static void rxe_kernel_unfreeze(struct hfi1_devdata *dd) for (i = 0; i < dd->n_krcv_queues; i++) { rcvmask = HFI1_RCVCTRL_CTXT_ENB; /* HFI1_RCVCTRL_TAILUPD_[ENB|DIS] needs to be set explicitly */ - rcvmask |= HFI1_CAP_KGET_MASK(dd->rcd[i]->flags, DMA_RTAIL) ? + rcvmask |= dd->rcd[i]->rcvhdrtail_kvaddr ? HFI1_RCVCTRL_TAILUPD_ENB : HFI1_RCVCTRL_TAILUPD_DIS; hfi1_rcvctrl(dd, rcvmask, i); } @@ -8211,7 +8211,7 @@ static inline int check_packet_present(struct hfi1_ctxtdata *rcd) u32 tail; int present; - if (!HFI1_CAP_IS_KSET(DMA_RTAIL)) + if (!rcd->rcvhdrtail_kvaddr) present = (rcd->seq_cnt == rhf_rcv_seq(rhf_to_cpu(get_rhf_addr(rcd)))); else /* is RDMA rtail */ @@ -11550,7 +11550,7 @@ void hfi1_rcvctrl(struct hfi1_devdata *dd, unsigned int op, int ctxt) /* reset the tail and hdr addresses, and sequence count */ write_kctxt_csr(dd, ctxt, RCV_HDR_ADDR, rcd->rcvhdrq_dma); - if (HFI1_CAP_KGET_MASK(rcd->flags, DMA_RTAIL)) + if (rcd->rcvhdrtail_kvaddr) write_kctxt_csr(dd, ctxt, RCV_HDR_TAIL_ADDR, rcd->rcvhdrqtailaddr_dma); rcd->seq_cnt = 1; @@ -11630,7 +11630,7 @@ void hfi1_rcvctrl(struct hfi1_devdata *dd, unsigned int op, int ctxt) rcvctrl |= RCV_CTXT_CTRL_INTR_AVAIL_SMASK; if (op & HFI1_RCVCTRL_INTRAVAIL_DIS) rcvctrl &= ~RCV_CTXT_CTRL_INTR_AVAIL_SMASK; - if (op & HFI1_RCVCTRL_TAILUPD_ENB && rcd->rcvhdrqtailaddr_dma) + if ((op & HFI1_RCVCTRL_TAILUPD_ENB) && rcd->rcvhdrtail_kvaddr) rcvctrl |= RCV_CTXT_CTRL_TAIL_UPD_SMASK; if (op & HFI1_RCVCTRL_TAILUPD_DIS) { /* See comment on RcvCtxtCtrl.TailUpd above */ diff --git a/drivers/infiniband/hw/hfi1/file_ops.c b/drivers/infiniband/hw/hfi1/file_ops.c index bb72976..d612f9d 100644 --- a/drivers/infiniband/hw/hfi1/file_ops.c +++ b/drivers/infiniband/hw/hfi1/file_ops.c @@ -609,7 +609,7 @@ static int hfi1_file_mmap(struct file *fp, struct vm_area_struct *vma) ret = -EINVAL; goto done; } - if (flags & VM_WRITE) { + if ((flags & VM_WRITE) || !uctxt->rcvhdrtail_kvaddr) { ret = -EPERM; goto done; } diff --git a/drivers/infiniband/hw/hfi1/init.c b/drivers/infiniband/hw/hfi1/init.c index ae1f90d..28f4079 100644 --- a/drivers/infiniband/hw/hfi1/init.c +++ b/drivers/infiniband/hw/hfi1/init.c @@ -1605,7 +1605,6 @@ int hfi1_create_rcvhdrq(struct hfi1_devdata *dd, struct hfi1_ctxtdata *rcd) u64 reg; if (!rcd->rcvhdrq) { - dma_addr_t dma_hdrqtail; gfp_t gfp_flags; /* @@ -1628,13 +1627,13 @@ int hfi1_create_rcvhdrq(struct hfi1_devdata *dd, struct hfi1_ctxtdata *rcd) goto bail; } - if (HFI1_CAP_KGET_MASK(rcd->flags, DMA_RTAIL)) { + if (HFI1_CAP_KGET_MASK(rcd->flags, DMA_RTAIL) || + HFI1_CAP_UGET_MASK(rcd->flags, DMA_RTAIL)) { rcd->rcvhdrtail_kvaddr = dma_zalloc_coherent( - &dd->pcidev->dev, PAGE_SIZE, &dma_hdrqtail, - gfp_flags); + &dd->pcidev->dev, PAGE_SIZE, + &rcd->rcvhdrqtailaddr_dma, gfp_flags); if (!rcd->rcvhdrtail_kvaddr) goto bail_free; - rcd->rcvhdrqtailaddr_dma = dma_hdrqtail; } rcd->rcvhdrq_size = amt;

6 years, 11 months

1
0
0 0

[PATCH] sched/nohz: Skip remote tick on idle task entirely

by Frederic Weisbecker

Some people have reported that the warning in sched_tick_remote() occasionally triggers, especially in favour of some RCU-Torture pressure: WARNING: CPU: 11 PID: 906 at kernel/sched/core.c:3138 sched_tick_remote+0xb6/0xc0 Modules linked in: CPU: 11 PID: 906 Comm: kworker/u32:3 Not tainted 4.18.0-rc2+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Workqueue: events_unbound sched_tick_remote RIP: 0010:sched_tick_remote+0xb6/0xc0 Code: e8 0f 06 b8 00 c6 03 00 fb eb 9d 8b 43 04 85 c0 75 8d 48 8b 83 e0 0a 00 00 48 85 c0 75 81 eb 88 48 89 df e8 bc fe ff ff eb aa <0f> 0b eb +c5 66 0f 1f 44 00 00 bf 17 00 00 00 e8 b6 2e fe ff 0f b6 Call Trace: process_one_work+0x1df/0x3b0 worker_thread+0x44/0x3d0 kthread+0xf3/0x130 ? set_worker_desc+0xb0/0xb0 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x35/0x40 This happens when the remote tick applies on an idle task. Usually the idle_cpu() check avoids that, but it is performed before we lock the runqueue and it is therefore racy. It was intended to be that way in order to prevent from useless runqueue locks since idle task tick callback is a no-op. Now if the racy check slips out of our hands and we end up remotely ticking an idle task, the empty task_tick_idle() is harmless. Still it won't pass the WARN_ON_ONCE() test that ensures rq_clock_task() is not too far from curr->se.exec_start because update_curr_idle() doesn't update the exec_start value like other scheduler policies. Hence the reported false positive. So let's have another check, while the rq is locked, to make sure we don't remote tick on an idle task. The lockless idle_cpu() still applies to avoid unecessary rq lock contention. Reported-by: Jacek Tomaka <jacekt(a)dug.com> Reported-by: Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> Reported-by: Anna-Maria Gleixner <anna-maria(a)linutronix.de> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> --- kernel/sched/core.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 78d8fac..da8f121 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -3127,16 +3127,18 @@ static void sched_tick_remote(struct work_struct *work) u64 delta; rq_lock_irq(rq, &rf); - update_rq_clock(rq); curr = rq->curr; - delta = rq_clock_task(rq) - curr->se.exec_start; + if (!is_idle_task(curr)) { + update_rq_clock(rq); + delta = rq_clock_task(rq) - curr->se.exec_start; - /* - * Make sure the next tick runs within a reasonable - * amount of time. - */ - WARN_ON_ONCE(delta > (u64)NSEC_PER_SEC * 3); - curr->sched_class->task_tick(rq, curr, 0); + /* + * Make sure the next tick runs within a reasonable + * amount of time. + */ + WARN_ON_ONCE(delta > (u64)NSEC_PER_SEC * 3); + curr->sched_class->task_tick(rq, curr, 0); + } rq_unlock_irq(rq, &rf); } -- 2.7.4

6 years, 11 months

3
2
0 0

[PATCH] ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS

by Hans de Goede

There have been several reports of LPM related hard freezes about once a day on multiple Lenovo 50 series models. Strange enough these reports where not disk model specific as LPM issues usually are and some users with the exact same disk + laptop where seeing them while other users where not seeing these issues. It turns out that enabling LPM triggers a firmware bug somewhere, which has been fixed in later BIOS versions. This commit adds a new ahci_broken_lpm() function and a new ATA_FLAG_NO_LPM for dealing with this. The ahci_broken_lpm() function contains DMI match info for the 4 models which are known to be affected by this and the DMI BIOS date field for known good BIOS versions. If the BIOS date is older then the one in the table LPM will be disabled and a warning will be printed. Note the BIOS dates are for known good versions, some older versions may work too, but we don't know for sure, the table is using dates from BIOS versions for which users have confirmed that upgrading to that version makes the problem go away. Unfortunately I've been unable to get hold of the reporter who reported that BIOS version 2.35 fixed the problems on the W541 for him. I've been able to verify the DMI_SYS_VENDOR and DMI_PRODUCT_VERSION from an older dmidecode, but I don't know the exact BIOS date as reported in the DMI. Lenovo keeps a changelog with dates in their release notes, but the dates there are the release dates not the build dates which are in DMI. So I've chosen to set the date to which we compare to one day past the release date of the 2.34 BIOS. I plan to fix this with a follow up commit once I've the necessary info. Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/ata/ahci.c | 59 +++++++++++++++++++++++++++++++++++++++ drivers/ata/libata-core.c | 3 ++ include/linux/libata.h | 1 + 3 files changed, 63 insertions(+) diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c index 738fb22978dd..fdeb3b4d0f4a 100644 --- a/drivers/ata/ahci.c +++ b/drivers/ata/ahci.c @@ -1280,6 +1280,59 @@ static bool ahci_broken_suspend(struct pci_dev *pdev) return strcmp(buf, dmi->driver_data) < 0; } +static bool ahci_broken_lpm(struct pci_dev *pdev) +{ + static const struct dmi_system_id sysids[] = { + /* Various Lenovo 50 series have LPM issues with older BIOSen */ + { + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad X250"), + }, + .driver_data = "20180406", /* 1.31 */ + }, + { + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad L450"), + }, + .driver_data = "20180420", /* 1.28 */ + }, + { + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad T450s"), + }, + .driver_data = "20180315", /* 1.33 */ + }, + { + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad W541"), + }, + /* + * Note date based on release notes, 2.35 has been + * reported to be good, but I've been unable to get + * a hold of the reporter to get the DMI BIOS date. + * TODO: fix this. + */ + .driver_data = "20180310", /* 2.35 */ + }, + { } /* terminate list */ + }; + const struct dmi_system_id *dmi = dmi_first_match(sysids); + int year, month, date; + char buf[9]; + + if (!dmi) + return false; + + dmi_get_date(DMI_BIOS_DATE, &year, &month, &date); + snprintf(buf, sizeof(buf), "%04d%02d%02d", year, month, date); + + return strcmp(buf, dmi->driver_data) < 0; +} + static bool ahci_broken_online(struct pci_dev *pdev) { #define ENCODE_BUSDEVFN(bus, slot, func) \ @@ -1694,6 +1747,12 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) "quirky BIOS, skipping spindown on poweroff\n"); } + if (ahci_broken_lpm(pdev)) { + pi.flags |= ATA_FLAG_NO_LPM; + dev_warn(&pdev->dev, + "BIOS update required for Link Power Management support\n"); + } + if (ahci_broken_suspend(pdev)) { hpriv->flags |= AHCI_HFLAG_NO_SUSPEND; dev_warn(&pdev->dev, diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c index 27d15ed7fa3d..cc71c63df381 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -2493,6 +2493,9 @@ int ata_dev_configure(struct ata_device *dev) (id[ATA_ID_SATA_CAPABILITY] & 0xe) == 0x2) dev->horkage |= ATA_HORKAGE_NOLPM; + if (ap->flags & ATA_FLAG_NO_LPM) + dev->horkage |= ATA_HORKAGE_NOLPM; + if (dev->horkage & ATA_HORKAGE_NOLPM) { ata_dev_warn(dev, "LPM support broken, forcing max_power\n"); dev->link->ap->target_lpm_policy = ATA_LPM_MAX_POWER; diff --git a/include/linux/libata.h b/include/linux/libata.h index 8b8946dd63b9..26719233a5b1 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h @@ -210,6 +210,7 @@ enum { ATA_FLAG_SLAVE_POSS = (1 << 0), /* host supports slave dev */ /* (doesn't imply presence) */ ATA_FLAG_SATA = (1 << 1), + ATA_FLAG_NO_LPM = (1 << 2), /* host not happy with LPM */ ATA_FLAG_NO_LOG_PAGE = (1 << 5), /* do not issue log page read */ ATA_FLAG_NO_ATAPI = (1 << 6), /* No ATAPI support */ ATA_FLAG_PIO_DMA = (1 << 7), /* PIO cmds via DMA */ -- 2.17.1

6 years, 11 months

2
1
0 0

[PATCH v2 0/2] mmc: renesas_sdhi_internal_dmac: fix two issues for error path

by Yoshihiro Shimoda

This patch set is based on the mmc.git / fixes branch. Changes from v1: - Add Reviewed-by Geert-san. - Add a new goto label for error path. Yoshihiro Shimoda (2): mmc: renesas_sdhi_internal_dmac: Fix missing unmap in error patch mmc: renesas_sdhi_internal_dmac: Cannot clear the RX_IN_USE in abort drivers/mmc/host/renesas_sdhi_internal_dmac.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) -- 1.9.1

6 years, 11 months

3
5
0 0

[PATCH] spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe

by Krzysztof Kozlowski

Registers of DSPI should not be accessed before enabling its clock. On Toradex Colibri VF50 on Iris carrier board this could be seen during bootup as imprecise abort: Unhandled fault: imprecise external abort (0x1c06) at 0x00000000 Internal error: : 1c06 [#1] ARM Modules linked in: CPU: 0 PID: 1 Comm: swapper Not tainted 4.14.39-dirty #97 Hardware name: Freescale Vybrid VF5xx/VF6xx (Device Tree) Backtrace: [<804166a8>] (regmap_write) from [<80466b5c>] (dspi_probe+0x1f0/0x8dc) [<8046696c>] (dspi_probe) from [<8040107c>] (platform_drv_probe+0x54/0xb8) [<80401028>] (platform_drv_probe) from [<803ff53c>] (driver_probe_device+0x280/0x2f8) [<803ff2bc>] (driver_probe_device) from [<803ff674>] (__driver_attach+0xc0/0xc4) [<803ff5b4>] (__driver_attach) from [<803fd818>] (bus_for_each_dev+0x70/0xa4) [<803fd7a8>] (bus_for_each_dev) from [<803fee74>] (driver_attach+0x24/0x28) [<803fee50>] (driver_attach) from [<803fe980>] (bus_add_driver+0x1a0/0x218) [<803fe7e0>] (bus_add_driver) from [<803fffe8>] (driver_register+0x80/0x100) [<803fff68>] (driver_register) from [<80400fdc>] (__platform_driver_register+0x48/0x50) [<80400f94>] (__platform_driver_register) from [<8091cf7c>] (fsl_dspi_driver_init+0x1c/0x20) [<8091cf60>] (fsl_dspi_driver_init) from [<8010195c>] (do_one_initcall+0x4c/0x174) [<80101910>] (do_one_initcall) from [<80900e8c>] (kernel_init_freeable+0x144/0x1d8) [<80900d48>] (kernel_init_freeable) from [<805ff6a8>] (kernel_init+0x10/0x114) [<805ff698>] (kernel_init) from [<80107be8>] (ret_from_fork+0x14/0x2c) Cc: <stable(a)vger.kernel.org> Fixes: 5ee67b587a2b ("spi: dspi: clear SPI_SR before enable interrupt") Signed-off-by: Krzysztof Kozlowski <krzk(a)kernel.org> --- drivers/spi/spi-fsl-dspi.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/drivers/spi/spi-fsl-dspi.c b/drivers/spi/spi-fsl-dspi.c index ff7456be9d6d..89a1e7a4fe5d 100644 --- a/drivers/spi/spi-fsl-dspi.c +++ b/drivers/spi/spi-fsl-dspi.c @@ -1071,30 +1071,30 @@ static int dspi_probe(struct platform_device *pdev) } } + dspi->clk = devm_clk_get(&pdev->dev, "dspi"); + if (IS_ERR(dspi->clk)) { + ret = PTR_ERR(dspi->clk); + dev_err(&pdev->dev, "unable to get clock\n"); + goto out_master_put; + } + ret = clk_prepare_enable(dspi->clk); + if (ret) + goto out_master_put; + dspi_init(dspi); dspi->irq = platform_get_irq(pdev, 0); if (dspi->irq < 0) { dev_err(&pdev->dev, "can't get platform irq\n"); ret = dspi->irq; - goto out_master_put; + goto out_clk_put; } ret = devm_request_irq(&pdev->dev, dspi->irq, dspi_interrupt, 0, pdev->name, dspi); if (ret < 0) { dev_err(&pdev->dev, "Unable to attach DSPI interrupt\n"); - goto out_master_put; - } - - dspi->clk = devm_clk_get(&pdev->dev, "dspi"); - if (IS_ERR(dspi->clk)) { - ret = PTR_ERR(dspi->clk); - dev_err(&pdev->dev, "unable to get clock\n"); - goto out_master_put; + goto out_clk_put; } - ret = clk_prepare_enable(dspi->clk); - if (ret) - goto out_master_put; if (dspi->devtype_data->trans_mode == DSPI_DMA_MODE) { ret = dspi_request_dma(dspi, res->start); -- 2.7.4

6 years, 11 months

3
2
0 0

Re: [Xen-devel] [PATCH] xen: setup pv irq ops vector earlier

by Juergen Gross

On 02/07/18 13:18, Jan Beulich wrote: >>>> On 02.07.18 at 12:00, <jgross(a)suse.com> wrote: >> --- a/arch/x86/xen/enlighten_pv.c >> +++ b/arch/x86/xen/enlighten_pv.c >> @@ -1213,6 +1213,7 @@ asmlinkage __visible void __init xen_start_kernel(void) >> pv_info = xen_info; >> pv_init_ops.patch = paravirt_patch_default; >> pv_cpu_ops = xen_cpu_ops; >> + xen_init_irq_ops(); > > Isn't this still too late? xen_setup_machphys_mapping(), for example, > has a WARN_ON(), which implies multiple printk()s. Seems as if it would be a good idea to move calling xen_setup_machphys_mapping() into xen_init_mmu_ops(). There is really no need to do it earlier. Juergen

6 years, 11 months

1
0
0 0

[PATCH 1/5] ARM: dts: dra7: Disable metastability workaround for USB2

by Roger Quadros

Disable the metastability workaround for USB2. The original patch disabled the workaround on the wrong USB port. Fixes: b8c9c6fa2002 ("ARM: dts: dra7: Disable USB metastability workaround for USB2") Cc: <stable(a)vger.kernel.org> [4.16+] Signed-off-by: Roger Quadros <rogerq(a)ti.com> --- arch/arm/boot/dts/dra7.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/boot/dts/dra7.dtsi b/arch/arm/boot/dts/dra7.dtsi index f4ddd86..9cace9f 100644 --- a/arch/arm/boot/dts/dra7.dtsi +++ b/arch/arm/boot/dts/dra7.dtsi @@ -1582,7 +1582,6 @@ dr_mode = "otg"; snps,dis_u3_susphy_quirk; snps,dis_u2_susphy_quirk; - snps,dis_metastability_quirk; }; }; @@ -1610,6 +1609,7 @@ dr_mode = "otg"; snps,dis_u3_susphy_quirk; snps,dis_u2_susphy_quirk; + snps,dis_metastability_quirk; }; }; -- cheers, -roger Texas Instruments Finland Oy, Porkkalankatu 22, 00180 Helsinki. Y-tunnus/Business ID: 0615521-4. Kotipaikka/Domicile: Helsinki

6 years, 11 months

2
1
0 0

[PATCH] arm64: Use aarch64elf and aarch64elfb emulation mode variants

by Paul Kocialkowski

The aarch64linux and aarch64linuxb emulation modes are not supported by bare-metal toolchains and Linux using them forbids building the kernel with these toolchains. Since there is apparently no reason to target these emulation modes, the more generic elf modes are used instead, allowing to build on bare-metal toolchains as well as the already-supported ones. Fixes: 3d6a7b99e3fa ("arm64: ensure the kernel is compiled for LP64") Cc: stable(a)vger.kernel.org Signed-off-by: Paul Kocialkowski <contact(a)paulk.fr> --- arch/arm64/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index 87f7d2f9f17c..3e959ac43b40 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -67,14 +67,14 @@ KBUILD_CPPFLAGS += -mbig-endian CHECKFLAGS += -D__AARCH64EB__ AS += -EB LD += -EB -LDFLAGS += -maarch64linuxb +LDFLAGS += -maarch64elfb UTS_MACHINE := aarch64_be else KBUILD_CPPFLAGS += -mlittle-endian CHECKFLAGS += -D__AARCH64EL__ AS += -EL LD += -EL -LDFLAGS += -maarch64linux +LDFLAGS += -maarch64elf UTS_MACHINE := aarch64 endif -- 2.17.1

6 years, 11 months

2
1
0 0

[PATCH 4.17 v2] x86/mm: Don't free P4D table when it is folded at runtime

by Andrey Ryabinin

commit 0e311d237d7f3022b7dafb639b42541bfb42fe94 upstream. When the P4D page table layer is folded at runtime, the p4d_free() should do nothing, the same as in <asm-generic/pgtable-nop4d.h>. It seems this bug should cause double-free in efi_call_phys_epilog(), but I don't know how to trigger that code path, so I can't confirm that by testing. Signed-off-by: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Reviewed-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org # 4.17 Fixes: 98219dda2ab5 ("x86/mm: Fold p4d page table layer at runtime") Link: http://lkml.kernel.org/r/20180625102427.15015-1-aryabinin@virtuozzo.com Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Andrey Ryabinin <aryabinin(a)virtuozzo.com> --- Changes since v1: - Fix wrong "From:" field arch/x86/include/asm/pgalloc.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h index 263c142a6a6c..f65e9e1cea4c 100644 --- a/arch/x86/include/asm/pgalloc.h +++ b/arch/x86/include/asm/pgalloc.h @@ -184,6 +184,9 @@ static inline p4d_t *p4d_alloc_one(struct mm_struct *mm, unsigned long addr) static inline void p4d_free(struct mm_struct *mm, p4d_t *p4d) { + if (!pgtable_l5_enabled) + return; + BUG_ON((unsigned long)p4d & (PAGE_SIZE-1)); free_page((unsigned long)p4d); } -- 2.16.4

6 years, 11 months

2
3
0 0

[PATCH 4.17] x86/mm: Don't free P4D table when it is folded at runtime

by Andrey Ryabinin

From: "gregkh(a)linuxfoundation.org" <gregkh(a)linuxfoundation.org> commit 0e311d237d7f3022b7dafb639b42541bfb42fe94 upstream. When the P4D page table layer is folded at runtime, the p4d_free() should do nothing, the same as in <asm-generic/pgtable-nop4d.h>. It seems this bug should cause double-free in efi_call_phys_epilog(), but I don't know how to trigger that code path, so I can't confirm that by testing. Signed-off-by: Andrey Ryabinin <aryabinin(a)virtuozzo.com> Reviewed-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org # 4.17 Fixes: 98219dda2ab5 ("x86/mm: Fold p4d page table layer at runtime") Link: http://lkml.kernel.org/r/20180625102427.15015-1-aryabinin@virtuozzo.com Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Andrey Ryabinin <aryabinin(a)virtuozzo.com> --- arch/x86/include/asm/pgalloc.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h index 263c142a6a6c..f65e9e1cea4c 100644 --- a/arch/x86/include/asm/pgalloc.h +++ b/arch/x86/include/asm/pgalloc.h @@ -184,6 +184,9 @@ static inline p4d_t *p4d_alloc_one(struct mm_struct *mm, unsigned long addr) static inline void p4d_free(struct mm_struct *mm, p4d_t *p4d) { + if (!pgtable_l5_enabled) + return; + BUG_ON((unsigned long)p4d & (PAGE_SIZE-1)); free_page((unsigned long)p4d); } -- 2.16.4

6 years, 11 months

2
2
0 0

nfp: don't tell FW about the reserved buffer space

by Jakub Kicinski

Hi! Can we get the following backported to the 4.9 branch? commit 9383b33771e566fa547daa2d09c6e0f1aaa298c3 Author: Jakub Kicinski <jakub.kicinski(a)netronome.com> Date: Thu Mar 2 15:26:20 2017 -0800 nfp: don't tell FW about the reserved buffer space Since commit c0f031bc8866 ("nfp_net: use alloc_frag() and build_skb()") we are allocating buffers which have to hold both the data and skb to be created in place by build_skb(). FW should only be told about the buffer space it can DMA to, that is without the build_skb() headroom and tailroom. Note: firmware applications should validate the buffers against both MTU and free list buffer size so oversized packets would not pass through the NIC anyway. Fixes: c0f031bc8866 ("nfp: use alloc_frag() and build_skb()") Signed-off-by: Jakub Kicinski <jakub.kicinski(a)netronome.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Thank you!

6 years, 11 months

2
3
0 0

[PATCH 4/4] mtd: cfi_cmdset_0002: Change erase functions to check chip good only

by Tokunori Ikegami

Currently the functions use to check both chip ready and good. But the chip ready is not enough to check the operation status. So change this to check the chip good instead of this. About the retry functions to make sure the error handling remain it. Signed-off-by: Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> Reviewed-by: Joakim Tjernlund <Joakim.Tjernlund(a)infinera.com> Cc: Chris Packham <chris.packham(a)alliedtelesis.co.nz> Cc: Brian Norris <computersforpeace(a)gmail.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Boris Brezillon <boris.brezillon(a)free-electrons.com> Cc: Marek Vasut <marek.vasut(a)gmail.com> Cc: Richard Weinberger <richard(a)nod.at> Cc: Cyrille Pitchen <cyrille.pitchen(a)wedev4u.fr> Cc: linux-mtd(a)lists.infradead.org Cc: stable(a)vger.kernel.org Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- drivers/mtd/chips/cfi_cmdset_0002.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c index 13ce64362db8..2a39dc3a4760 100644 --- a/drivers/mtd/chips/cfi_cmdset_0002.c +++ b/drivers/mtd/chips/cfi_cmdset_0002.c @@ -2296,12 +2296,13 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) chip->erase_suspended = 0; } - if (chip_ready(map, adr)) + if (chip_good(map, adr, map_word_ff(map))) break; if (time_after(jiffies, timeo)) { printk(KERN_WARNING "MTD %s(): software timeout\n", __func__ ); + ret = -EIO; break; } @@ -2309,15 +2310,15 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) UDELAY(map, chip, adr, 1000000/HZ); } /* Did we succeed? */ - if (!chip_good(map, adr, map_word_ff(map))) { + if (ret) { /* reset on all failures. */ map_write( map, CMD(0xF0), chip->start ); /* FIXME - should have reset delay before continuing */ - if (++retry_cnt <= MAX_RETRIES) + if (++retry_cnt <= MAX_RETRIES) { + ret = 0; goto retry; - - ret = -EIO; + } } chip->state = FL_READY; @@ -2391,7 +2392,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, chip->erase_suspended = 0; } - if (chip_ready(map, adr)) { + if (chip_good(map, adr, map_word_ff(map))) { xip_enable(map, chip, adr); break; } @@ -2400,6 +2401,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, xip_enable(map, chip, adr); printk(KERN_WARNING "MTD %s(): software timeout\n", __func__ ); + ret = -EIO; break; } @@ -2407,15 +2409,15 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, UDELAY(map, chip, adr, 1000000/HZ); } /* Did we succeed? */ - if (!chip_good(map, adr, map_word_ff(map))) { + if (ret) { /* reset on all failures. */ map_write( map, CMD(0xF0), chip->start ); /* FIXME - should have reset delay before continuing */ - if (++retry_cnt <= MAX_RETRIES) + if (++retry_cnt <= MAX_RETRIES) { + ret = 0; goto retry; - - ret = -EIO; + } } chip->state = FL_READY; -- 2.16.1

6 years, 11 months

1
0
0 0

[PATCH 3/4] mtd: cfi_cmdset_0002: Change erase functions to retry for error

by Tokunori Ikegami

For the word write functions it is retried for error. But it is not implemented to retry for the erase functions. To make sure for the erase functions change to retry as same. This is needed to prevent the flash erase error caused only once. It was caused by the error case of chip_good() in the do_erase_oneblock(). Also it was confirmed on the MACRONIX flash device MX29GL512FHT2I-11G. But the error issue behavior is not able to reproduce at this moment. The flash controller is parallel Flash interface integrated on BCM53003. Signed-off-by: Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> Reviewed-by: Joakim Tjernlund <Joakim.Tjernlund(a)infinera.com> Cc: Chris Packham <chris.packham(a)alliedtelesis.co.nz> Cc: Brian Norris <computersforpeace(a)gmail.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Boris Brezillon <boris.brezillon(a)free-electrons.com> Cc: Marek Vasut <marek.vasut(a)gmail.com> Cc: Richard Weinberger <richard(a)nod.at> Cc: Cyrille Pitchen <cyrille.pitchen(a)wedev4u.fr> Cc: linux-mtd(a)lists.infradead.org Cc: stable(a)vger.kernel.org Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- drivers/mtd/chips/cfi_cmdset_0002.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c index 29913eeac5fb..13ce64362db8 100644 --- a/drivers/mtd/chips/cfi_cmdset_0002.c +++ b/drivers/mtd/chips/cfi_cmdset_0002.c @@ -2241,6 +2241,7 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) unsigned long int adr; DECLARE_WAITQUEUE(wait, current); int ret = 0; + int retry_cnt = 0; adr = cfi->addr_unlock1; @@ -2258,6 +2259,7 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) ENABLE_VPP(map); xip_disable(map, chip, adr); + retry: cfi_send_gen_cmd(0xAA, cfi->addr_unlock1, chip->start, map, cfi, cfi->device_type, NULL); cfi_send_gen_cmd(0x55, cfi->addr_unlock2, chip->start, map, cfi, cfi->device_type, NULL); cfi_send_gen_cmd(0x80, cfi->addr_unlock1, chip->start, map, cfi, cfi->device_type, NULL); @@ -2312,6 +2314,9 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) map_write( map, CMD(0xF0), chip->start ); /* FIXME - should have reset delay before continuing */ + if (++retry_cnt <= MAX_RETRIES) + goto retry; + ret = -EIO; } @@ -2331,6 +2336,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, unsigned long timeo = jiffies + HZ; DECLARE_WAITQUEUE(wait, current); int ret = 0; + int retry_cnt = 0; adr += chip->start; @@ -2348,6 +2354,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, ENABLE_VPP(map); xip_disable(map, chip, adr); + retry: cfi_send_gen_cmd(0xAA, cfi->addr_unlock1, chip->start, map, cfi, cfi->device_type, NULL); cfi_send_gen_cmd(0x55, cfi->addr_unlock2, chip->start, map, cfi, cfi->device_type, NULL); cfi_send_gen_cmd(0x80, cfi->addr_unlock1, chip->start, map, cfi, cfi->device_type, NULL); @@ -2405,6 +2412,9 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, map_write( map, CMD(0xF0), chip->start ); /* FIXME - should have reset delay before continuing */ + if (++retry_cnt <= MAX_RETRIES) + goto retry; + ret = -EIO; } -- 2.16.1

6 years, 11 months

1
0
0 0

[PATCH 2/4] mtd: cfi_cmdset_0002: Change definition naming to retry write operation

by Tokunori Ikegami

The definition can be used for other program and erase operations also. So change the naming to MAX_RETRIES from MAX_WORD_RETRIES. Signed-off-by: Tokunori Ikegami <ikegami(a)allied-telesis.co.jp> Reviewed-by: Joakim Tjernlund <Joakim.Tjernlund(a)infinera.com> Cc: Chris Packham <chris.packham(a)alliedtelesis.co.nz> Cc: Brian Norris <computersforpeace(a)gmail.com> Cc: David Woodhouse <dwmw2(a)infradead.org> Cc: Boris Brezillon <boris.brezillon(a)free-electrons.com> Cc: Marek Vasut <marek.vasut(a)gmail.com> Cc: Richard Weinberger <richard(a)nod.at> Cc: Cyrille Pitchen <cyrille.pitchen(a)wedev4u.fr> Cc: linux-mtd(a)lists.infradead.org Cc: stable(a)vger.kernel.org Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> --- drivers/mtd/chips/cfi_cmdset_0002.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c index 9ab521d25ea2..29913eeac5fb 100644 --- a/drivers/mtd/chips/cfi_cmdset_0002.c +++ b/drivers/mtd/chips/cfi_cmdset_0002.c @@ -42,7 +42,7 @@ #define AMD_BOOTLOC_BUG #define FORCE_WORD_WRITE 0 -#define MAX_WORD_RETRIES 3 +#define MAX_RETRIES 3 #define SST49LF004B 0x0060 #define SST49LF040B 0x0050 @@ -1647,7 +1647,7 @@ static int __xipram do_write_oneword(struct map_info *map, struct flchip *chip, map_write( map, CMD(0xF0), chip->start ); /* FIXME - should have reset delay before continuing */ - if (++retry_cnt <= MAX_WORD_RETRIES) + if (++retry_cnt <= MAX_RETRIES) goto retry; ret = -EIO; @@ -2106,7 +2106,7 @@ static int do_panic_write_oneword(struct map_info *map, struct flchip *chip, map_write(map, CMD(0xF0), chip->start); /* FIXME - should have reset delay before continuing */ - if (++retry_cnt <= MAX_WORD_RETRIES) + if (++retry_cnt <= MAX_RETRIES) goto retry; ret = -EIO; -- 2.16.1

6 years, 11 months

1
0
0 0

virt: vbox: Only copy_from_user the request-header once

by Justin Forbes

I didn't see this one sent to stable, though it probably should be. commit bd23a7269834dc7c1f93e83535d16ebc44b75eba Author: Wenwen Wang <wang6495(a)umn.edu> Date: Tue May 8 08:50:28 2018 -0500 virt: vbox: Only copy_from_user the request-header once Thanks, Justin

6 years, 11 months

2
1
0 0

FAILED: patch "[PATCH] Bluetooth: Fix connection if directed advertising and privacy" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 082f2300cfa1a3d9d5221c38c5eba85d4ab98bd8 Mon Sep 17 00:00:00 2001 From: Szymon Janc <szymon.janc(a)codecoup.pl> Date: Tue, 3 Apr 2018 13:40:06 +0200 Subject: [PATCH] Bluetooth: Fix connection if directed advertising and privacy is used Local random address needs to be updated before creating connection if RPA from LE Direct Advertising Report was resolved in host. Otherwise remote device might ignore connection request due to address mismatch. This was affecting following qualification test cases: GAP/CONN/SCEP/BV-03-C, GAP/CONN/GCEP/BV-05-C, GAP/CONN/DCEP/BV-05-C Before patch: < HCI Command: LE Set Random Address (0x08|0x0005) plen 6 #11350 [hci0] 84680.231216 Address: 56:BC:E8:24:11:68 (Resolvable) Identity type: Random (0x01) Identity: F2:F1:06:3D:9C:42 (Static) > HCI Event: Command Complete (0x0e) plen 4 #11351 [hci0] 84680.246022 LE Set Random Address (0x08|0x0005) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 #11352 [hci0] 84680.246417 Type: Passive (0x00) Interval: 60.000 msec (0x0060) Window: 30.000 msec (0x0030) Own address type: Random (0x01) Filter policy: Accept all advertisement, inc. directed unresolved RPA (0x02) > HCI Event: Command Complete (0x0e) plen 4 #11353 [hci0] 84680.248854 LE Set Scan Parameters (0x08|0x000b) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #11354 [hci0] 84680.249466 Scanning: Enabled (0x01) Filter duplicates: Enabled (0x01) > HCI Event: Command Complete (0x0e) plen 4 #11355 [hci0] 84680.253222 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 18 #11356 [hci0] 84680.458387 LE Direct Advertising Report (0x0b) Num reports: 1 Event type: Connectable directed - ADV_DIRECT_IND (0x01) Address type: Random (0x01) Address: 53:38:DA:46:8C:45 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Direct address type: Random (0x01) Direct address: 7C:D6:76:8C:DF:82 (Resolvable) Identity type: Random (0x01) Identity: F2:F1:06:3D:9C:42 (Static) RSSI: -74 dBm (0xb6) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #11357 [hci0] 84680.458737 Scanning: Disabled (0x00) Filter duplicates: Disabled (0x00) > HCI Event: Command Complete (0x0e) plen 4 #11358 [hci0] 84680.469982 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) < HCI Command: LE Create Connection (0x08|0x000d) plen 25 #11359 [hci0] 84680.470444 Scan interval: 60.000 msec (0x0060) Scan window: 60.000 msec (0x0060) Filter policy: White list is not used (0x00) Peer address type: Random (0x01) Peer address: 53:38:DA:46:8C:45 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Own address type: Random (0x01) Min connection interval: 30.00 msec (0x0018) Max connection interval: 50.00 msec (0x0028) Connection latency: 0 (0x0000) Supervision timeout: 420 msec (0x002a) Min connection length: 0.000 msec (0x0000) Max connection length: 0.000 msec (0x0000) > HCI Event: Command Status (0x0f) plen 4 #11360 [hci0] 84680.474971 LE Create Connection (0x08|0x000d) ncmd 1 Status: Success (0x00) < HCI Command: LE Create Connection Cancel (0x08|0x000e) plen 0 #11361 [hci0] 84682.545385 > HCI Event: Command Complete (0x0e) plen 4 #11362 [hci0] 84682.551014 LE Create Connection Cancel (0x08|0x000e) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 19 #11363 [hci0] 84682.551074 LE Connection Complete (0x01) Status: Unknown Connection Identifier (0x02) Handle: 0 Role: Master (0x00) Peer address type: Public (0x00) Peer address: 00:00:00:00:00:00 (OUI 00-00-00) Connection interval: 0.00 msec (0x0000) Connection latency: 0 (0x0000) Supervision timeout: 0 msec (0x0000) Master clock accuracy: 0x00 After patch: < HCI Command: LE Set Scan Parameters (0x08|0x000b) plen 7 #210 [hci0] 667.152459 Type: Passive (0x00) Interval: 60.000 msec (0x0060) Window: 30.000 msec (0x0030) Own address type: Random (0x01) Filter policy: Accept all advertisement, inc. directed unresolved RPA (0x02) > HCI Event: Command Complete (0x0e) plen 4 #211 [hci0] 667.153613 LE Set Scan Parameters (0x08|0x000b) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #212 [hci0] 667.153704 Scanning: Enabled (0x01) Filter duplicates: Enabled (0x01) > HCI Event: Command Complete (0x0e) plen 4 #213 [hci0] 667.154584 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 18 #214 [hci0] 667.182619 LE Direct Advertising Report (0x0b) Num reports: 1 Event type: Connectable directed - ADV_DIRECT_IND (0x01) Address type: Random (0x01) Address: 50:52:D9:A6:48:A0 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Direct address type: Random (0x01) Direct address: 7C:C1:57:A5:B7:A8 (Resolvable) Identity type: Random (0x01) Identity: F4:28:73:5D:38:B0 (Static) RSSI: -70 dBm (0xba) < HCI Command: LE Set Scan Enable (0x08|0x000c) plen 2 #215 [hci0] 667.182704 Scanning: Disabled (0x00) Filter duplicates: Disabled (0x00) > HCI Event: Command Complete (0x0e) plen 4 #216 [hci0] 667.183599 LE Set Scan Enable (0x08|0x000c) ncmd 1 Status: Success (0x00) < HCI Command: LE Set Random Address (0x08|0x0005) plen 6 #217 [hci0] 667.183645 Address: 7C:C1:57:A5:B7:A8 (Resolvable) Identity type: Random (0x01) Identity: F4:28:73:5D:38:B0 (Static) > HCI Event: Command Complete (0x0e) plen 4 #218 [hci0] 667.184590 LE Set Random Address (0x08|0x0005) ncmd 1 Status: Success (0x00) < HCI Command: LE Create Connection (0x08|0x000d) plen 25 #219 [hci0] 667.184613 Scan interval: 60.000 msec (0x0060) Scan window: 60.000 msec (0x0060) Filter policy: White list is not used (0x00) Peer address type: Random (0x01) Peer address: 50:52:D9:A6:48:A0 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Own address type: Random (0x01) Min connection interval: 30.00 msec (0x0018) Max connection interval: 50.00 msec (0x0028) Connection latency: 0 (0x0000) Supervision timeout: 420 msec (0x002a) Min connection length: 0.000 msec (0x0000) Max connection length: 0.000 msec (0x0000) > HCI Event: Command Status (0x0f) plen 4 #220 [hci0] 667.186558 LE Create Connection (0x08|0x000d) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 19 #221 [hci0] 667.485824 LE Connection Complete (0x01) Status: Success (0x00) Handle: 0 Role: Master (0x00) Peer address type: Random (0x01) Peer address: 50:52:D9:A6:48:A0 (Resolvable) Identity type: Public (0x00) Identity: 11:22:33:44:55:66 (OUI 11-22-33) Connection interval: 50.00 msec (0x0028) Connection latency: 0 (0x0000) Supervision timeout: 420 msec (0x002a) Master clock accuracy: 0x07 @ MGMT Event: Device Connected (0x000b) plen 13 {0x0002} [hci0] 667.485996 LE Address: 11:22:33:44:55:66 (OUI 11-22-33) Flags: 0x00000000 Data length: 0 Signed-off-by: Szymon Janc <szymon.janc(a)codecoup.pl> Signed-off-by: Marcel Holtmann <marcel(a)holtmann.org> Cc: stable(a)vger.kernel.org diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 95ccc1eef558..b619a190ff12 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h @@ -895,7 +895,7 @@ struct hci_conn *hci_connect_le_scan(struct hci_dev *hdev, bdaddr_t *dst, u16 conn_timeout); struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, u8 dst_type, u8 sec_level, u16 conn_timeout, - u8 role); + u8 role, bdaddr_t *direct_rpa); struct hci_conn *hci_connect_acl(struct hci_dev *hdev, bdaddr_t *dst, u8 sec_level, u8 auth_type); struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type, bdaddr_t *dst, diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index a9682534c377..45ff5dc124cc 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -749,18 +749,31 @@ static bool conn_use_rpa(struct hci_conn *conn) } static void hci_req_add_le_create_conn(struct hci_request *req, - struct hci_conn *conn) + struct hci_conn *conn, + bdaddr_t *direct_rpa) { struct hci_cp_le_create_conn cp; struct hci_dev *hdev = conn->hdev; u8 own_addr_type; - /* Update random address, but set require_privacy to false so - * that we never connect with an non-resolvable address. + /* If direct address was provided we use it instead of current + * address. */ - if (hci_update_random_address(req, false, conn_use_rpa(conn), - &own_addr_type)) - return; + if (direct_rpa) { + if (bacmp(&req->hdev->random_addr, direct_rpa)) + hci_req_add(req, HCI_OP_LE_SET_RANDOM_ADDR, 6, + direct_rpa); + + /* direct address is always RPA */ + own_addr_type = ADDR_LE_DEV_RANDOM; + } else { + /* Update random address, but set require_privacy to false so + * that we never connect with an non-resolvable address. + */ + if (hci_update_random_address(req, false, conn_use_rpa(conn), + &own_addr_type)) + return; + } memset(&cp, 0, sizeof(cp)); @@ -825,7 +838,7 @@ static void hci_req_directed_advertising(struct hci_request *req, struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, u8 dst_type, u8 sec_level, u16 conn_timeout, - u8 role) + u8 role, bdaddr_t *direct_rpa) { struct hci_conn_params *params; struct hci_conn *conn; @@ -940,7 +953,7 @@ struct hci_conn *hci_connect_le(struct hci_dev *hdev, bdaddr_t *dst, hci_dev_set_flag(hdev, HCI_LE_SCAN_INTERRUPTED); } - hci_req_add_le_create_conn(&req, conn); + hci_req_add_le_create_conn(&req, conn, direct_rpa); create_conn: err = hci_req_run(&req, create_le_conn_complete); diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index cd3bbb766c24..139707cd9d35 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -4648,7 +4648,8 @@ static void hci_le_conn_update_complete_evt(struct hci_dev *hdev, /* This function requires the caller holds hdev->lock */ static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, bdaddr_t *addr, - u8 addr_type, u8 adv_type) + u8 addr_type, u8 adv_type, + bdaddr_t *direct_rpa) { struct hci_conn *conn; struct hci_conn_params *params; @@ -4699,7 +4700,8 @@ static struct hci_conn *check_pending_le_conn(struct hci_dev *hdev, } conn = hci_connect_le(hdev, addr, addr_type, BT_SECURITY_LOW, - HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER); + HCI_LE_AUTOCONN_TIMEOUT, HCI_ROLE_MASTER, + direct_rpa); if (!IS_ERR(conn)) { /* If HCI_AUTO_CONN_EXPLICIT is set, conn is already owned * by higher layer that tried to connect, if no then @@ -4808,8 +4810,13 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr, bdaddr_type = irk->addr_type; } - /* Check if we have been requested to connect to this device */ - conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type); + /* Check if we have been requested to connect to this device. + * + * direct_addr is set only for directed advertising reports (it is NULL + * for advertising reports) and is already verified to be RPA above. + */ + conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type, + direct_addr); if (conn && type == LE_ADV_IND) { /* Store report for later inclusion by * mgmt_device_connected diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index fc6615d59165..9b7907ebfa01 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -7156,7 +7156,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid, hcon = hci_connect_le(hdev, dst, dst_type, chan->sec_level, HCI_LE_CONN_TIMEOUT, - HCI_ROLE_SLAVE); + HCI_ROLE_SLAVE, NULL); else hcon = hci_connect_le_scan(hdev, dst, dst_type, chan->sec_level,

6 years, 11 months

3
2
0 0

[PATCH stable 4.9 and 4.4] cdc_ncm: avoid padding beyond end of skb

by Bjørn Mork

[ Upstream commit 49c2c3f246e2fc3009039e31a826333dcd0283cd ] Commit 4a0e3e989d66 ("cdc_ncm: Add support for moving NDP to end of NCM frame") added logic to reserve space for the NDP at the end of the NTB/skb. This reservation did not take the final alignment of the NDP into account, causing us to reserve too little space. Additionally the padding prior to NDP addition did not ensure there was enough space for the NDP. The NTB/skb with the NDP appended would then exceed the configured max size. This caused the final padding of the NTB to use a negative count, padding to almost INT_MAX, and resulting in: [60103.825970] BUG: unable to handle kernel paging request at ffff9641f2004000 [60103.825998] IP: __memset+0x24/0x30 [60103.826001] PGD a6a06067 P4D a6a06067 PUD 4f65a063 PMD 72003063 PTE 0 [60103.826013] Oops: 0002 [#1] SMP NOPTI [60103.826018] Modules linked in: (removed( [60103.826158] CPU: 0 PID: 5990 Comm: Chrome_DevTools Tainted: G O 4.14.0-3-amd64 #1 Debian 4.14.17-1 [60103.826162] Hardware name: LENOVO 20081 BIOS 41CN28WW(V2.04) 05/03/2012 [60103.826166] task: ffff964193484fc0 task.stack: ffffb2890137c000 [60103.826171] RIP: 0010:__memset+0x24/0x30 [60103.826174] RSP: 0000:ffff964316c03b68 EFLAGS: 00010216 [60103.826178] RAX: 0000000000000000 RBX: 00000000fffffffd RCX: 000000001ffa5000 [60103.826181] RDX: 0000000000000005 RSI: 0000000000000000 RDI: ffff9641f2003ffc [60103.826184] RBP: ffff964192f6c800 R08: 00000000304d434e R09: ffff9641f1d2c004 [60103.826187] R10: 0000000000000002 R11: 00000000000005ae R12: ffff9642e6957a80 [60103.826190] R13: ffff964282ff2ee8 R14: 000000000000000d R15: ffff9642e4843900 [60103.826194] FS: 00007f395aaf6700(0000) GS:ffff964316c00000(0000) knlGS:0000000000000000 [60103.826197] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [60103.826200] CR2: ffff9641f2004000 CR3: 0000000013b0c000 CR4: 00000000000006f0 [60103.826204] Call Trace: [60103.826212] <IRQ> [60103.826225] cdc_ncm_fill_tx_frame+0x5e3/0x740 [cdc_ncm] [60103.826236] cdc_ncm_tx_fixup+0x57/0x70 [cdc_ncm] [60103.826246] usbnet_start_xmit+0x5d/0x710 [usbnet] [60103.826254] ? netif_skb_features+0x119/0x250 [60103.826259] dev_hard_start_xmit+0xa1/0x200 [60103.826267] sch_direct_xmit+0xf2/0x1b0 [60103.826273] __dev_queue_xmit+0x5e3/0x7c0 [60103.826280] ? ip_finish_output2+0x263/0x3c0 [60103.826284] ip_finish_output2+0x263/0x3c0 [60103.826289] ? ip_output+0x6c/0xe0 [60103.826293] ip_output+0x6c/0xe0 [60103.826298] ? ip_forward_options+0x1a0/0x1a0 [60103.826303] tcp_transmit_skb+0x516/0x9b0 [60103.826309] tcp_write_xmit+0x1aa/0xee0 [60103.826313] ? sch_direct_xmit+0x71/0x1b0 [60103.826318] tcp_tasklet_func+0x177/0x180 [60103.826325] tasklet_action+0x5f/0x110 [60103.826332] __do_softirq+0xde/0x2b3 [60103.826337] irq_exit+0xae/0xb0 [60103.826342] do_IRQ+0x81/0xd0 [60103.826347] common_interrupt+0x98/0x98 [60103.826351] </IRQ> [60103.826355] RIP: 0033:0x7f397bdf2282 [60103.826358] RSP: 002b:00007f395aaf57d8 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff6e [60103.826362] RAX: 0000000000000000 RBX: 00002f07bc6d0900 RCX: 00007f39752d7fe7 [60103.826365] RDX: 0000000000000022 RSI: 0000000000000147 RDI: 00002f07baea02c0 [60103.826368] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [60103.826371] R10: 00000000ffffffff R11: 0000000000000000 R12: 00002f07baea02c0 [60103.826373] R13: 00002f07bba227a0 R14: 00002f07bc6d090c R15: 0000000000000000 [60103.826377] Code: 90 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 [60103.826442] RIP: __memset+0x24/0x30 RSP: ffff964316c03b68 [60103.826444] CR2: ffff9641f2004000 Commit e1069bbfcf3b ("net: cdc_ncm: Reduce memory use when kernel memory low") made this bug much more likely to trigger by reducing the NTB size under memory pressure. Link: https://bugs.debian.org/893393 Reported-by: Горбешко Богдан <bodqhrohro(a)gmail.com> Reported-and-tested-by: Dennis Wassenberg <dennis.wassenberg(a)secunet.com> Cc: Enrico Mioso <mrkiko.rs(a)gmail.com> Fixes: 4a0e3e989d66 ("cdc_ncm: Add support for moving NDP to end of NCM frame") [ bmork: tx_curr_size => tx_max and context fixup for v4.12 and older ] Signed-off-by: Bjørn Mork <bjorn(a)mork.no> Signed-off-by: David S. Miller <davem(a)davemloft.net> --- This has already been applied to stable 4.14 and newer, but needed two minor changes for anything older than v4.13. The bug is only present in v4.3 and and newer, so there is no need to consider this backport for anything older than stable 4.4. Please apply to 4.4 and 4.9 stable. Thanks, Bjørn drivers/net/usb/cdc_ncm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c index feb61eaffe32..3086cae62fdc 100644 --- a/drivers/net/usb/cdc_ncm.c +++ b/drivers/net/usb/cdc_ncm.c @@ -1124,7 +1124,7 @@ cdc_ncm_fill_tx_frame(struct usbnet *dev, struct sk_buff *skb, __le32 sign) * accordingly. Otherwise, we should check here. */ if (ctx->drvflags & CDC_NCM_FLAG_NDP_TO_END) - delayed_ndp_size = ctx->max_ndp_size; + delayed_ndp_size = ALIGN(ctx->max_ndp_size, ctx->tx_ndp_modulus); else delayed_ndp_size = 0; @@ -1257,7 +1257,7 @@ cdc_ncm_fill_tx_frame(struct usbnet *dev, struct sk_buff *skb, __le32 sign) /* If requested, put NDP at end of frame. */ if (ctx->drvflags & CDC_NCM_FLAG_NDP_TO_END) { nth16 = (struct usb_cdc_ncm_nth16 *)skb_out->data; - cdc_ncm_align_tail(skb_out, ctx->tx_ndp_modulus, 0, ctx->tx_max); + cdc_ncm_align_tail(skb_out, ctx->tx_ndp_modulus, 0, ctx->tx_max - ctx->max_ndp_size); nth16->wNdpIndex = cpu_to_le16(skb_out->len); memcpy(skb_put(skb_out, ctx->max_ndp_size), ctx->delayed_ndp16, ctx->max_ndp_size); -- 2.11.0

6 years, 11 months

2
1
0 0

stable request for v4.14.x: xhci: Fix use-after-free in xhci_free_virt_device

by Sudip Mukherjee

Hi Greg, This fix missed the v4.14.x stable tree. The original patch with the bug was added in v4.14.44. The backported patch is attached with this mail, please apply to v4.14.x. -- Regards Sudip

6 years, 11 months

2
1
0 0

FAILED: patch "[PATCH] selinux: move user accesses in selinuxfs out of locked" failed to apply to 3.18-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 3.18-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0da74120c5341389b97c4ee27487a97224999ee1 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Thu, 28 Jun 2018 20:39:54 -0400 Subject: [PATCH] selinux: move user accesses in selinuxfs out of locked regions If a user is accessing a file in selinuxfs with a pointer to a userspace buffer that is backed by e.g. a userfaultfd, the userspace access can stall indefinitely, which can block fsi->mutex if it is held. For sel_read_policy(), remove the locking, since this method doesn't seem to access anything that requires locking. For sel_read_bool(), move the user access below the locked region. For sel_write_bool() and sel_commit_bools_write(), move the user access up above the locked region. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Stephen Smalley <sds(a)tycho.nsa.gov> [PM: removed an unused variable in sel_read_policy()] Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index c0cadbc5f85c..19e35dd695d7 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -441,22 +441,16 @@ static int sel_release_policy(struct inode *inode, struct file *filp) static ssize_t sel_read_policy(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { - struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; struct policy_load_memory *plm = filp->private_data; int ret; - mutex_lock(&fsi->mutex); - ret = avc_has_perm(&selinux_state, current_sid(), SECINITSID_SECURITY, SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); if (ret) - goto out; + return ret; - ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); -out: - mutex_unlock(&fsi->mutex); - return ret; + return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); } static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf) @@ -1188,25 +1182,29 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, ret = -EINVAL; if (index >= fsi->bool_num || strcmp(name, fsi->bool_pending_names[index])) - goto out; + goto out_unlock; ret = -ENOMEM; page = (char *)get_zeroed_page(GFP_KERNEL); if (!page) - goto out; + goto out_unlock; cur_enforcing = security_get_bool_value(fsi->state, index); if (cur_enforcing < 0) { ret = cur_enforcing; - goto out; + goto out_unlock; } length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, fsi->bool_pending_values[index]); - ret = simple_read_from_buffer(buf, count, ppos, page, length); -out: mutex_unlock(&fsi->mutex); + ret = simple_read_from_buffer(buf, count, ppos, page, length); +out_free: free_page((unsigned long)page); return ret; + +out_unlock: + mutex_unlock(&fsi->mutex); + goto out_free; } static ssize_t sel_write_bool(struct file *filep, const char __user *buf, @@ -1219,6 +1217,17 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; const char *name = filep->f_path.dentry->d_name.name; + if (count >= PAGE_SIZE) + return -ENOMEM; + + /* No partial writes. */ + if (*ppos != 0) + return -EINVAL; + + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -1233,22 +1242,6 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, fsi->bool_pending_names[index])) goto out; - length = -ENOMEM; - if (count >= PAGE_SIZE) - goto out; - - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - page = memdup_user_nul(buf, count); - if (IS_ERR(page)) { - length = PTR_ERR(page); - page = NULL; - goto out; - } - length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out; @@ -1280,6 +1273,17 @@ static ssize_t sel_commit_bools_write(struct file *filep, ssize_t length; int new_value; + if (count >= PAGE_SIZE) + return -ENOMEM; + + /* No partial writes. */ + if (*ppos != 0) + return -EINVAL; + + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -1289,22 +1293,6 @@ static ssize_t sel_commit_bools_write(struct file *filep, if (length) goto out; - length = -ENOMEM; - if (count >= PAGE_SIZE) - goto out; - - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - page = memdup_user_nul(buf, count); - if (IS_ERR(page)) { - length = PTR_ERR(page); - page = NULL; - goto out; - } - length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out;

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] selinux: move user accesses in selinuxfs out of locked" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0da74120c5341389b97c4ee27487a97224999ee1 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Thu, 28 Jun 2018 20:39:54 -0400 Subject: [PATCH] selinux: move user accesses in selinuxfs out of locked regions If a user is accessing a file in selinuxfs with a pointer to a userspace buffer that is backed by e.g. a userfaultfd, the userspace access can stall indefinitely, which can block fsi->mutex if it is held. For sel_read_policy(), remove the locking, since this method doesn't seem to access anything that requires locking. For sel_read_bool(), move the user access below the locked region. For sel_write_bool() and sel_commit_bools_write(), move the user access up above the locked region. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Stephen Smalley <sds(a)tycho.nsa.gov> [PM: removed an unused variable in sel_read_policy()] Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index c0cadbc5f85c..19e35dd695d7 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -441,22 +441,16 @@ static int sel_release_policy(struct inode *inode, struct file *filp) static ssize_t sel_read_policy(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { - struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; struct policy_load_memory *plm = filp->private_data; int ret; - mutex_lock(&fsi->mutex); - ret = avc_has_perm(&selinux_state, current_sid(), SECINITSID_SECURITY, SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); if (ret) - goto out; + return ret; - ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); -out: - mutex_unlock(&fsi->mutex); - return ret; + return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); } static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf) @@ -1188,25 +1182,29 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, ret = -EINVAL; if (index >= fsi->bool_num || strcmp(name, fsi->bool_pending_names[index])) - goto out; + goto out_unlock; ret = -ENOMEM; page = (char *)get_zeroed_page(GFP_KERNEL); if (!page) - goto out; + goto out_unlock; cur_enforcing = security_get_bool_value(fsi->state, index); if (cur_enforcing < 0) { ret = cur_enforcing; - goto out; + goto out_unlock; } length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, fsi->bool_pending_values[index]); - ret = simple_read_from_buffer(buf, count, ppos, page, length); -out: mutex_unlock(&fsi->mutex); + ret = simple_read_from_buffer(buf, count, ppos, page, length); +out_free: free_page((unsigned long)page); return ret; + +out_unlock: + mutex_unlock(&fsi->mutex); + goto out_free; } static ssize_t sel_write_bool(struct file *filep, const char __user *buf, @@ -1219,6 +1217,17 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; const char *name = filep->f_path.dentry->d_name.name; + if (count >= PAGE_SIZE) + return -ENOMEM; + + /* No partial writes. */ + if (*ppos != 0) + return -EINVAL; + + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -1233,22 +1242,6 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, fsi->bool_pending_names[index])) goto out; - length = -ENOMEM; - if (count >= PAGE_SIZE) - goto out; - - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - page = memdup_user_nul(buf, count); - if (IS_ERR(page)) { - length = PTR_ERR(page); - page = NULL; - goto out; - } - length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out; @@ -1280,6 +1273,17 @@ static ssize_t sel_commit_bools_write(struct file *filep, ssize_t length; int new_value; + if (count >= PAGE_SIZE) + return -ENOMEM; + + /* No partial writes. */ + if (*ppos != 0) + return -EINVAL; + + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -1289,22 +1293,6 @@ static ssize_t sel_commit_bools_write(struct file *filep, if (length) goto out; - length = -ENOMEM; - if (count >= PAGE_SIZE) - goto out; - - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - page = memdup_user_nul(buf, count); - if (IS_ERR(page)) { - length = PTR_ERR(page); - page = NULL; - goto out; - } - length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out;

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] selinux: move user accesses in selinuxfs out of locked" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0da74120c5341389b97c4ee27487a97224999ee1 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Thu, 28 Jun 2018 20:39:54 -0400 Subject: [PATCH] selinux: move user accesses in selinuxfs out of locked regions If a user is accessing a file in selinuxfs with a pointer to a userspace buffer that is backed by e.g. a userfaultfd, the userspace access can stall indefinitely, which can block fsi->mutex if it is held. For sel_read_policy(), remove the locking, since this method doesn't seem to access anything that requires locking. For sel_read_bool(), move the user access below the locked region. For sel_write_bool() and sel_commit_bools_write(), move the user access up above the locked region. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Stephen Smalley <sds(a)tycho.nsa.gov> [PM: removed an unused variable in sel_read_policy()] Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index c0cadbc5f85c..19e35dd695d7 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -441,22 +441,16 @@ static int sel_release_policy(struct inode *inode, struct file *filp) static ssize_t sel_read_policy(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { - struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; struct policy_load_memory *plm = filp->private_data; int ret; - mutex_lock(&fsi->mutex); - ret = avc_has_perm(&selinux_state, current_sid(), SECINITSID_SECURITY, SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); if (ret) - goto out; + return ret; - ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); -out: - mutex_unlock(&fsi->mutex); - return ret; + return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); } static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf) @@ -1188,25 +1182,29 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, ret = -EINVAL; if (index >= fsi->bool_num || strcmp(name, fsi->bool_pending_names[index])) - goto out; + goto out_unlock; ret = -ENOMEM; page = (char *)get_zeroed_page(GFP_KERNEL); if (!page) - goto out; + goto out_unlock; cur_enforcing = security_get_bool_value(fsi->state, index); if (cur_enforcing < 0) { ret = cur_enforcing; - goto out; + goto out_unlock; } length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, fsi->bool_pending_values[index]); - ret = simple_read_from_buffer(buf, count, ppos, page, length); -out: mutex_unlock(&fsi->mutex); + ret = simple_read_from_buffer(buf, count, ppos, page, length); +out_free: free_page((unsigned long)page); return ret; + +out_unlock: + mutex_unlock(&fsi->mutex); + goto out_free; } static ssize_t sel_write_bool(struct file *filep, const char __user *buf, @@ -1219,6 +1217,17 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; const char *name = filep->f_path.dentry->d_name.name; + if (count >= PAGE_SIZE) + return -ENOMEM; + + /* No partial writes. */ + if (*ppos != 0) + return -EINVAL; + + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -1233,22 +1242,6 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, fsi->bool_pending_names[index])) goto out; - length = -ENOMEM; - if (count >= PAGE_SIZE) - goto out; - - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - page = memdup_user_nul(buf, count); - if (IS_ERR(page)) { - length = PTR_ERR(page); - page = NULL; - goto out; - } - length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out; @@ -1280,6 +1273,17 @@ static ssize_t sel_commit_bools_write(struct file *filep, ssize_t length; int new_value; + if (count >= PAGE_SIZE) + return -ENOMEM; + + /* No partial writes. */ + if (*ppos != 0) + return -EINVAL; + + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -1289,22 +1293,6 @@ static ssize_t sel_commit_bools_write(struct file *filep, if (length) goto out; - length = -ENOMEM; - if (count >= PAGE_SIZE) - goto out; - - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - page = memdup_user_nul(buf, count); - if (IS_ERR(page)) { - length = PTR_ERR(page); - page = NULL; - goto out; - } - length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out;

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] selinux: move user accesses in selinuxfs out of locked" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 0da74120c5341389b97c4ee27487a97224999ee1 Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Thu, 28 Jun 2018 20:39:54 -0400 Subject: [PATCH] selinux: move user accesses in selinuxfs out of locked regions If a user is accessing a file in selinuxfs with a pointer to a userspace buffer that is backed by e.g. a userfaultfd, the userspace access can stall indefinitely, which can block fsi->mutex if it is held. For sel_read_policy(), remove the locking, since this method doesn't seem to access anything that requires locking. For sel_read_bool(), move the user access below the locked region. For sel_write_bool() and sel_commit_bools_write(), move the user access up above the locked region. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Jann Horn <jannh(a)google.com> Acked-by: Stephen Smalley <sds(a)tycho.nsa.gov> [PM: removed an unused variable in sel_read_policy()] Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index c0cadbc5f85c..19e35dd695d7 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -441,22 +441,16 @@ static int sel_release_policy(struct inode *inode, struct file *filp) static ssize_t sel_read_policy(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { - struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info; struct policy_load_memory *plm = filp->private_data; int ret; - mutex_lock(&fsi->mutex); - ret = avc_has_perm(&selinux_state, current_sid(), SECINITSID_SECURITY, SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL); if (ret) - goto out; + return ret; - ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); -out: - mutex_unlock(&fsi->mutex); - return ret; + return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len); } static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf) @@ -1188,25 +1182,29 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, ret = -EINVAL; if (index >= fsi->bool_num || strcmp(name, fsi->bool_pending_names[index])) - goto out; + goto out_unlock; ret = -ENOMEM; page = (char *)get_zeroed_page(GFP_KERNEL); if (!page) - goto out; + goto out_unlock; cur_enforcing = security_get_bool_value(fsi->state, index); if (cur_enforcing < 0) { ret = cur_enforcing; - goto out; + goto out_unlock; } length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, fsi->bool_pending_values[index]); - ret = simple_read_from_buffer(buf, count, ppos, page, length); -out: mutex_unlock(&fsi->mutex); + ret = simple_read_from_buffer(buf, count, ppos, page, length); +out_free: free_page((unsigned long)page); return ret; + +out_unlock: + mutex_unlock(&fsi->mutex); + goto out_free; } static ssize_t sel_write_bool(struct file *filep, const char __user *buf, @@ -1219,6 +1217,17 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK; const char *name = filep->f_path.dentry->d_name.name; + if (count >= PAGE_SIZE) + return -ENOMEM; + + /* No partial writes. */ + if (*ppos != 0) + return -EINVAL; + + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -1233,22 +1242,6 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, fsi->bool_pending_names[index])) goto out; - length = -ENOMEM; - if (count >= PAGE_SIZE) - goto out; - - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - page = memdup_user_nul(buf, count); - if (IS_ERR(page)) { - length = PTR_ERR(page); - page = NULL; - goto out; - } - length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out; @@ -1280,6 +1273,17 @@ static ssize_t sel_commit_bools_write(struct file *filep, ssize_t length; int new_value; + if (count >= PAGE_SIZE) + return -ENOMEM; + + /* No partial writes. */ + if (*ppos != 0) + return -EINVAL; + + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -1289,22 +1293,6 @@ static ssize_t sel_commit_bools_write(struct file *filep, if (length) goto out; - length = -ENOMEM; - if (count >= PAGE_SIZE) - goto out; - - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - page = memdup_user_nul(buf, count); - if (IS_ERR(page)) { - length = PTR_ERR(page); - page = NULL; - goto out; - } - length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out;

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] dax: check for QUEUE_FLAG_DAX in bdev_dax_supported()" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 15256f6cc4b44f2e70503758150267fd2a53c0d6 Mon Sep 17 00:00:00 2001 From: Ross Zwisler <ross.zwisler(a)linux.intel.com> Date: Tue, 26 Jun 2018 16:30:40 -0600 Subject: [PATCH] dax: check for QUEUE_FLAG_DAX in bdev_dax_supported() Add an explicit check for QUEUE_FLAG_DAX to __bdev_dax_supported(). This is needed for DM configurations where the first element in the dm-linear or dm-stripe target supports DAX, but other elements do not. Without this check __bdev_dax_supported() will pass for such devices, letting a filesystem on that device mount with the DAX option. Signed-off-by: Ross Zwisler <ross.zwisler(a)linux.intel.com> Suggested-by: Mike Snitzer <snitzer(a)redhat.com> Fixes: commit 545ed20e6df6 ("dm: add infrastructure for DAX support") Cc: stable(a)vger.kernel.org Acked-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Toshi Kani <toshi.kani(a)hpe.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/dax/super.c b/drivers/dax/super.c index 903d9c473749..45276abf03aa 100644 --- a/drivers/dax/super.c +++ b/drivers/dax/super.c @@ -86,6 +86,7 @@ bool __bdev_dax_supported(struct block_device *bdev, int blocksize) { struct dax_device *dax_dev; bool dax_enabled = false; + struct request_queue *q; pgoff_t pgoff; int err, id; void *kaddr; @@ -99,6 +100,13 @@ bool __bdev_dax_supported(struct block_device *bdev, int blocksize) return false; } + q = bdev_get_queue(bdev); + if (!q || !blk_queue_dax(q)) { + pr_debug("%s: error: request queue doesn't support dax\n", + bdevname(bdev, buf)); + return false; + } + err = bdev_dax_pgoff(bdev, 0, PAGE_SIZE, &pgoff); if (err) { pr_debug("%s: error: unaligned partition for dax\n",

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] dax: check for QUEUE_FLAG_DAX in bdev_dax_supported()" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 15256f6cc4b44f2e70503758150267fd2a53c0d6 Mon Sep 17 00:00:00 2001 From: Ross Zwisler <ross.zwisler(a)linux.intel.com> Date: Tue, 26 Jun 2018 16:30:40 -0600 Subject: [PATCH] dax: check for QUEUE_FLAG_DAX in bdev_dax_supported() Add an explicit check for QUEUE_FLAG_DAX to __bdev_dax_supported(). This is needed for DM configurations where the first element in the dm-linear or dm-stripe target supports DAX, but other elements do not. Without this check __bdev_dax_supported() will pass for such devices, letting a filesystem on that device mount with the DAX option. Signed-off-by: Ross Zwisler <ross.zwisler(a)linux.intel.com> Suggested-by: Mike Snitzer <snitzer(a)redhat.com> Fixes: commit 545ed20e6df6 ("dm: add infrastructure for DAX support") Cc: stable(a)vger.kernel.org Acked-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Toshi Kani <toshi.kani(a)hpe.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/dax/super.c b/drivers/dax/super.c index 903d9c473749..45276abf03aa 100644 --- a/drivers/dax/super.c +++ b/drivers/dax/super.c @@ -86,6 +86,7 @@ bool __bdev_dax_supported(struct block_device *bdev, int blocksize) { struct dax_device *dax_dev; bool dax_enabled = false; + struct request_queue *q; pgoff_t pgoff; int err, id; void *kaddr; @@ -99,6 +100,13 @@ bool __bdev_dax_supported(struct block_device *bdev, int blocksize) return false; } + q = bdev_get_queue(bdev); + if (!q || !blk_queue_dax(q)) { + pr_debug("%s: error: request queue doesn't support dax\n", + bdevname(bdev, buf)); + return false; + } + err = bdev_dax_pgoff(bdev, 0, PAGE_SIZE, &pgoff); if (err) { pr_debug("%s: error: unaligned partition for dax\n",

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] dax: check for QUEUE_FLAG_DAX in bdev_dax_supported()" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 15256f6cc4b44f2e70503758150267fd2a53c0d6 Mon Sep 17 00:00:00 2001 From: Ross Zwisler <ross.zwisler(a)linux.intel.com> Date: Tue, 26 Jun 2018 16:30:40 -0600 Subject: [PATCH] dax: check for QUEUE_FLAG_DAX in bdev_dax_supported() Add an explicit check for QUEUE_FLAG_DAX to __bdev_dax_supported(). This is needed for DM configurations where the first element in the dm-linear or dm-stripe target supports DAX, but other elements do not. Without this check __bdev_dax_supported() will pass for such devices, letting a filesystem on that device mount with the DAX option. Signed-off-by: Ross Zwisler <ross.zwisler(a)linux.intel.com> Suggested-by: Mike Snitzer <snitzer(a)redhat.com> Fixes: commit 545ed20e6df6 ("dm: add infrastructure for DAX support") Cc: stable(a)vger.kernel.org Acked-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Toshi Kani <toshi.kani(a)hpe.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/dax/super.c b/drivers/dax/super.c index 903d9c473749..45276abf03aa 100644 --- a/drivers/dax/super.c +++ b/drivers/dax/super.c @@ -86,6 +86,7 @@ bool __bdev_dax_supported(struct block_device *bdev, int blocksize) { struct dax_device *dax_dev; bool dax_enabled = false; + struct request_queue *q; pgoff_t pgoff; int err, id; void *kaddr; @@ -99,6 +100,13 @@ bool __bdev_dax_supported(struct block_device *bdev, int blocksize) return false; } + q = bdev_get_queue(bdev); + if (!q || !blk_queue_dax(q)) { + pr_debug("%s: error: request queue doesn't support dax\n", + bdevname(bdev, buf)); + return false; + } + err = bdev_dax_pgoff(bdev, 0, PAGE_SIZE, &pgoff); if (err) { pr_debug("%s: error: unaligned partition for dax\n",

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] dm: use bio_split() when splitting out the already processed" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From f21c601a2bb319ec19eb4562eadc7797d90fd90e Mon Sep 17 00:00:00 2001 From: Mike Snitzer <snitzer(a)redhat.com> Date: Fri, 15 Jun 2018 09:35:33 -0400 Subject: [PATCH] dm: use bio_split() when splitting out the already processed bio Use of bio_clone_bioset() is inefficient if there is no need to clone the original bio's bio_vec array. Best to use the bio_clone_fast() variant. Also, just using bio_advance() is only part of what is needed to properly setup the clone -- it doesn't account for the various bio_integrity() related work that also needs to be performed (see bio_split). Address both of these issues by switching from bio_clone_bioset() to bio_split(). Fixes: 18a25da8 ("dm: ensure bio submission follows a depth-first tree walk") Cc: stable(a)vger.kernel.org # 4.15+, requires removal of '&' before md->queue->bio_split Reported-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: NeilBrown <neilb(a)suse.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/md/dm.c b/drivers/md/dm.c index e65429a29c06..a3b103e8e3ce 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -1606,10 +1606,9 @@ static blk_qc_t __split_and_process_bio(struct mapped_device *md, * the usage of io->orig_bio in dm_remap_zone_report() * won't be affected by this reassignment. */ - struct bio *b = bio_clone_bioset(bio, GFP_NOIO, - &md->queue->bio_split); + struct bio *b = bio_split(bio, bio_sectors(bio) - ci.sector_count, + GFP_NOIO, &md->queue->bio_split); ci.io->orig_bio = b; - bio_advance(bio, (bio_sectors(bio) - ci.sector_count) << 9); bio_chain(b, bio); ret = generic_make_request(bio); break;

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] dm: use bio_split() when splitting out the already processed" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From f21c601a2bb319ec19eb4562eadc7797d90fd90e Mon Sep 17 00:00:00 2001 From: Mike Snitzer <snitzer(a)redhat.com> Date: Fri, 15 Jun 2018 09:35:33 -0400 Subject: [PATCH] dm: use bio_split() when splitting out the already processed bio Use of bio_clone_bioset() is inefficient if there is no need to clone the original bio's bio_vec array. Best to use the bio_clone_fast() variant. Also, just using bio_advance() is only part of what is needed to properly setup the clone -- it doesn't account for the various bio_integrity() related work that also needs to be performed (see bio_split). Address both of these issues by switching from bio_clone_bioset() to bio_split(). Fixes: 18a25da8 ("dm: ensure bio submission follows a depth-first tree walk") Cc: stable(a)vger.kernel.org # 4.15+, requires removal of '&' before md->queue->bio_split Reported-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: NeilBrown <neilb(a)suse.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/md/dm.c b/drivers/md/dm.c index e65429a29c06..a3b103e8e3ce 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -1606,10 +1606,9 @@ static blk_qc_t __split_and_process_bio(struct mapped_device *md, * the usage of io->orig_bio in dm_remap_zone_report() * won't be affected by this reassignment. */ - struct bio *b = bio_clone_bioset(bio, GFP_NOIO, - &md->queue->bio_split); + struct bio *b = bio_split(bio, bio_sectors(bio) - ci.sector_count, + GFP_NOIO, &md->queue->bio_split); ci.io->orig_bio = b; - bio_advance(bio, (bio_sectors(bio) - ci.sector_count) << 9); bio_chain(b, bio); ret = generic_make_request(bio); break;

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] dm: use bio_split() when splitting out the already processed" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From f21c601a2bb319ec19eb4562eadc7797d90fd90e Mon Sep 17 00:00:00 2001 From: Mike Snitzer <snitzer(a)redhat.com> Date: Fri, 15 Jun 2018 09:35:33 -0400 Subject: [PATCH] dm: use bio_split() when splitting out the already processed bio Use of bio_clone_bioset() is inefficient if there is no need to clone the original bio's bio_vec array. Best to use the bio_clone_fast() variant. Also, just using bio_advance() is only part of what is needed to properly setup the clone -- it doesn't account for the various bio_integrity() related work that also needs to be performed (see bio_split). Address both of these issues by switching from bio_clone_bioset() to bio_split(). Fixes: 18a25da8 ("dm: ensure bio submission follows a depth-first tree walk") Cc: stable(a)vger.kernel.org # 4.15+, requires removal of '&' before md->queue->bio_split Reported-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: NeilBrown <neilb(a)suse.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/md/dm.c b/drivers/md/dm.c index e65429a29c06..a3b103e8e3ce 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -1606,10 +1606,9 @@ static blk_qc_t __split_and_process_bio(struct mapped_device *md, * the usage of io->orig_bio in dm_remap_zone_report() * won't be affected by this reassignment. */ - struct bio *b = bio_clone_bioset(bio, GFP_NOIO, - &md->queue->bio_split); + struct bio *b = bio_split(bio, bio_sectors(bio) - ci.sector_count, + GFP_NOIO, &md->queue->bio_split); ci.io->orig_bio = b; - bio_advance(bio, (bio_sectors(bio) - ci.sector_count) << 9); bio_chain(b, bio); ret = generic_make_request(bio); break;

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] dm: prevent DAX mounts if not supported" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From dbc626597c39b24cefce09fbd8e9dea85869a801 Mon Sep 17 00:00:00 2001 From: Ross Zwisler <ross.zwisler(a)linux.intel.com> Date: Tue, 26 Jun 2018 16:30:41 -0600 Subject: [PATCH] dm: prevent DAX mounts if not supported Currently device_supports_dax() just checks to see if the QUEUE_FLAG_DAX flag is set on the device's request queue to decide whether or not the device supports filesystem DAX. Really we should be using bdev_dax_supported() like filesystems do at mount time. This performs other tests like checking to make sure the dax_direct_access() path works. We also explicitly clear QUEUE_FLAG_DAX on the DM device's request queue if any of the underlying devices do not support DAX. This makes the handling of QUEUE_FLAG_DAX consistent with the setting/clearing of most other flags in dm_table_set_restrictions(). Now that bdev_dax_supported() explicitly checks for QUEUE_FLAG_DAX, this will ensure that filesystems built upon DM devices will only be able to mount with DAX if all underlying devices also support DAX. Signed-off-by: Ross Zwisler <ross.zwisler(a)linux.intel.com> Fixes: commit 545ed20e6df6 ("dm: add infrastructure for DAX support") Cc: stable(a)vger.kernel.org Acked-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Toshi Kani <toshi.kani(a)hpe.com> Signed-off-by: Mike Snitzer <snitzer(a)redhat.com> diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c index 938766794c2e..3d0e2c198f06 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -885,9 +885,7 @@ EXPORT_SYMBOL_GPL(dm_table_set_type); static int device_supports_dax(struct dm_target *ti, struct dm_dev *dev, sector_t start, sector_t len, void *data) { - struct request_queue *q = bdev_get_queue(dev->bdev); - - return q && blk_queue_dax(q); + return bdev_dax_supported(dev->bdev, PAGE_SIZE); } static bool dm_table_supports_dax(struct dm_table *t) @@ -1907,6 +1905,9 @@ void dm_table_set_restrictions(struct dm_table *t, struct request_queue *q, if (dm_table_supports_dax(t)) blk_queue_flag_set(QUEUE_FLAG_DAX, q); + else + blk_queue_flag_clear(QUEUE_FLAG_DAX, q); + if (dm_table_supports_dax_write_cache(t)) dax_write_cache(t->md->dax_dev, true); diff --git a/drivers/md/dm.c b/drivers/md/dm.c index a3b103e8e3ce..b0dd7027848b 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -1056,8 +1056,7 @@ static long dm_dax_direct_access(struct dax_device *dax_dev, pgoff_t pgoff, if (len < 1) goto out; nr_pages = min(len, nr_pages); - if (ti->type->direct_access) - ret = ti->type->direct_access(ti, pgoff, nr_pages, kaddr, pfn); + ret = ti->type->direct_access(ti, pgoff, nr_pages, kaddr, pfn); out: dm_put_live_table(md, srcu_idx);

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] spi: Fix scatterlist elements size in spi_map_buf" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ce99319a182fe766be67f96338386f3ec73e321c Mon Sep 17 00:00:00 2001 From: Maxime Chevallier <maxime.chevallier(a)bootlin.com> Date: Fri, 2 Mar 2018 15:55:09 +0100 Subject: [PATCH] spi: Fix scatterlist elements size in spi_map_buf When SPI transfers can be offloaded using DMA, the SPI core need to build a scatterlist to make sure that the buffer to be transferred is dma-able. This patch fixes the scatterlist entry size computation in the case where the maximum acceptable scatterlist entry supported by the DMA controller is less than PAGE_SIZE, when the buffer is vmalloced. For each entry, the actual size is given by the minimum between the desc_len (which is the max buffer size supported by the DMA controller) and the remaining buffer length until we cross a page boundary. Fixes: 65598c13fd66 ("spi: Fix per-page mapping of unaligned vmalloc-ed buffer") Signed-off-by: Maxime Chevallier <maxime.chevallier(a)bootlin.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c index b33a727a0158..4153f959f28c 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c @@ -779,8 +779,14 @@ static int spi_map_buf(struct spi_controller *ctlr, struct device *dev, for (i = 0; i < sgs; i++) { if (vmalloced_buf || kmap_buf) { - min = min_t(size_t, - len, desc_len - offset_in_page(buf)); + /* + * Next scatterlist entry size is the minimum between + * the desc_len and the remaining buffer length that + * fits in a page. + */ + min = min_t(size_t, desc_len, + min_t(size_t, len, + PAGE_SIZE - offset_in_page(buf))); if (vmalloced_buf) vm_page = vmalloc_to_page(buf); else

6 years, 11 months

3
2
0 0

FAILED: patch "[PATCH] Btrfs: fix unexpected cow in run_delalloc_nocow" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5811375325420052fcadd944792a416a43072b7f Mon Sep 17 00:00:00 2001 From: Liu Bo <bo.li.liu(a)oracle.com> Date: Wed, 31 Jan 2018 17:09:13 -0700 Subject: [PATCH] Btrfs: fix unexpected cow in run_delalloc_nocow Fstests generic/475 provides a way to fail metadata reads while checking if checksum exists for the inode inside run_delalloc_nocow(), and csum_exist_in_range() interprets error (-EIO) as inode having checksum and makes its caller enter the cow path. In case of free space inode, this ends up with a warning in cow_file_range(). The same problem applies to btrfs_cross_ref_exist() since it may also read metadata in between. With this, run_delalloc_nocow() bails out when errors occur at the two places. cc: <stable(a)vger.kernel.org> v2.6.28+ Fixes: 17d217fe970d ("Btrfs: fix nodatasum handling in balancing code") Signed-off-by: Liu Bo <bo.li.liu(a)oracle.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 6504e63b2317..491a7397f6fa 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1256,6 +1256,8 @@ static noinline int csum_exist_in_range(struct btrfs_fs_info *fs_info, list_del(&sums->list); kfree(sums); } + if (ret < 0) + return ret; return 1; } @@ -1388,10 +1390,23 @@ static noinline int run_delalloc_nocow(struct inode *inode, goto out_check; if (btrfs_extent_readonly(fs_info, disk_bytenr)) goto out_check; - if (btrfs_cross_ref_exist(root, ino, - found_key.offset - - extent_offset, disk_bytenr)) + ret = btrfs_cross_ref_exist(root, ino, + found_key.offset - + extent_offset, disk_bytenr); + if (ret) { + /* + * ret could be -EIO if the above fails to read + * metadata. + */ + if (ret < 0) { + if (cow_start != (u64)-1) + cur_offset = cow_start; + goto error; + } + + WARN_ON_ONCE(nolock); goto out_check; + } disk_bytenr += extent_offset; disk_bytenr += cur_offset - found_key.offset; num_bytes = min(end + 1, extent_end) - cur_offset; @@ -1409,10 +1424,22 @@ static noinline int run_delalloc_nocow(struct inode *inode, * this ensure that csum for a given extent are * either valid or do not exist. */ - if (csum_exist_in_range(fs_info, disk_bytenr, - num_bytes)) { + ret = csum_exist_in_range(fs_info, disk_bytenr, + num_bytes); + if (ret) { if (!nolock) btrfs_end_write_no_snapshotting(root); + + /* + * ret could be -EIO if the above fails to read + * metadata. + */ + if (ret < 0) { + if (cow_start != (u64)-1) + cur_offset = cow_start; + goto error; + } + WARN_ON_ONCE(nolock); goto out_check; } if (!btrfs_inc_nocow_writers(fs_info, disk_bytenr)) {

6 years, 11 months

3
2
0 0

FAILED: patch "[PATCH] ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From fdcb613d49321b5bf5d5a1bd0fba8e7c241dcc70 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Thu, 26 Apr 2018 14:10:24 +0200 Subject: [PATCH] ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices The LPSS PWM device on on Bay Trail and Cherry Trail devices has a set of private registers at offset 0x800, the current lpss_device_desc for them already sets the LPSS_SAVE_CTX flag to have these saved/restored over device-suspend, but the current lpss_device_desc was not setting the prv_offset field, leading to the regular device registers getting saved/restored instead. This is causing the PWM controller to no longer work, resulting in a black screen, after a suspend/resume on systems where the firmware clears the APB clock and reset bits at offset 0x804. This commit fixes this by properly setting prv_offset to 0x800 for the PWM devices. Cc: stable(a)vger.kernel.org Fixes: e1c748179754 ("ACPI / LPSS: Add Intel BayTrail ACPI mode PWM") Fixes: 1bfbd8eb8a7f ("ACPI / LPSS: Add ACPI IDs for Intel Braswell") Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Acked-by: Rafael J . Wysocki <rjw(a)rjwysocki.net> Signed-off-by: Thierry Reding <thierry.reding(a)gmail.com> diff --git a/drivers/acpi/acpi_lpss.c b/drivers/acpi/acpi_lpss.c index 2bcffec8dbf0..c4ba9164e582 100644 --- a/drivers/acpi/acpi_lpss.c +++ b/drivers/acpi/acpi_lpss.c @@ -229,11 +229,13 @@ static const struct lpss_device_desc lpt_sdio_dev_desc = { static const struct lpss_device_desc byt_pwm_dev_desc = { .flags = LPSS_SAVE_CTX, + .prv_offset = 0x800, .setup = byt_pwm_setup, }; static const struct lpss_device_desc bsw_pwm_dev_desc = { .flags = LPSS_SAVE_CTX | LPSS_NO_D3_DELAY, + .prv_offset = 0x800, .setup = bsw_pwm_setup, };

6 years, 11 months

1
0
0 0

perf/x86/intel/uncore: Add event constraint for BDX PCU

by Jin, Yao

Subject of the patch: perf/x86/intel/uncore: Add event constraint for BDX PCU Commit id: bb9fbe1b57503f790dbbf9f06e72cb0fb9e60740 Wish to apply to: 4.14 Fix an issue on BDX. Thanks Jin Yao

6 years, 11 months

2
1
0 0

perf vendor events: Add Goldmont Plus V1 event file to

by Jin, Yao

Subject of the patch: perf vendor events: Add Goldmont Plus V1 event file Commit id: 65db92e0965ab56e8031d5c804f26d5be0e47047 Wish to apply to: 4.14, 4.9, 4.4 Wish to support Goldmont Plus event since it's needed for some productions which run with stable kernel. Thanks Jin Yao

6 years, 11 months

2
1
0 0

FAILED: patch "[PATCH] arm: dts: mt7623: fix invalid memory node being generated" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c0b0d540db1a8bfb041166c4991dd6f624e8de45 Mon Sep 17 00:00:00 2001 From: Sean Wang <sean.wang(a)mediatek.com> Date: Wed, 11 Apr 2018 16:53:56 +0800 Subject: [PATCH] arm: dts: mt7623: fix invalid memory node being generated Below two wrong nodes in existing DTS files would cause a fail boot since in fact the address 0 is not the correct place the memory device locates at. memory { device_type = "memory"; reg = <0x0 0x0 0x0 0x0>; }; memory@80000000 { reg = <0x0 0x80000000 0x0 0x40000000>; }; In order to avoid having a memory node starting at address 0, we can't include file skeleton64.dtsi and instead need to explicitly manually define a few of properties the DTS relies on such as #address-cells and #size-cells in root node and device_type in the node memory@80000000. Cc: stable(a)vger.kernel.org Fixes: 31ac0d69a1d4 ("ARM: dts: mediatek: add MT7623 basic support") Signed-off-by: Sean Wang <sean.wang(a)mediatek.com> Cc: Rob Herring <robh+dt(a)kernel.org> Signed-off-by: Matthias Brugger <matthias.bgg(a)gmail.com> diff --git a/arch/arm/boot/dts/mt7623.dtsi b/arch/arm/boot/dts/mt7623.dtsi index 68e987ddedc7..d4d04c365960 100644 --- a/arch/arm/boot/dts/mt7623.dtsi +++ b/arch/arm/boot/dts/mt7623.dtsi @@ -15,11 +15,12 @@ #include <dt-bindings/phy/phy.h> #include <dt-bindings/reset/mt2701-resets.h> #include <dt-bindings/thermal/thermal.h> -#include "skeleton64.dtsi" / { compatible = "mediatek,mt7623"; interrupt-parent = <&sysirq>; + #address-cells = <2>; + #size-cells = <2>; cpu_opp_table: opp-table { compatible = "operating-points-v2"; diff --git a/arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts b/arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts index bbf56f855e46..5938e4c79deb 100644 --- a/arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts +++ b/arch/arm/boot/dts/mt7623n-bananapi-bpi-r2.dts @@ -109,6 +109,7 @@ }; memory@80000000 { + device_type = "memory"; reg = <0 0x80000000 0 0x40000000>; }; }; diff --git a/arch/arm/boot/dts/mt7623n-rfb.dtsi b/arch/arm/boot/dts/mt7623n-rfb.dtsi index a199ae78dd25..343e8efe5f25 100644 --- a/arch/arm/boot/dts/mt7623n-rfb.dtsi +++ b/arch/arm/boot/dts/mt7623n-rfb.dtsi @@ -40,6 +40,7 @@ }; memory@80000000 { + device_type = "memory"; reg = <0 0x80000000 0 0x40000000>; };

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] f2fs: don't use GFP_ZERO for page caches" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 81114baa835b59ed02d14aa1d67f91ea874077cd Mon Sep 17 00:00:00 2001 From: Chao Yu <yuchao0(a)huawei.com> Date: Mon, 9 Apr 2018 20:25:06 +0800 Subject: [PATCH] f2fs: don't use GFP_ZERO for page caches Related to https://lkml.org/lkml/2018/4/8/661 Sometimes, we need to write meta data to new allocated block address, then we will allocate a zeroed page in inner inode's address space, and fill partial data in it, and leave other place with zero value which means some fields are initial status. There are two inner inodes (meta inode and node inode) setting __GFP_ZERO, I have just checked them, for both of them, we can avoid using __GFP_ZERO, and do initialization by ourselves to avoid unneeded/redundant zeroing from mm. Cc: <stable(a)vger.kernel.org> Signed-off-by: Chao Yu <yuchao0(a)huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c index 3d3a1f6b21a1..8fc55d42ba25 100644 --- a/fs/f2fs/checkpoint.c +++ b/fs/f2fs/checkpoint.c @@ -100,8 +100,10 @@ repeat: * readonly and make sure do not write checkpoint with non-uptodate * meta page. */ - if (unlikely(!PageUptodate(page))) + if (unlikely(!PageUptodate(page))) { + memset(page_address(page), 0, PAGE_SIZE); f2fs_stop_checkpoint(sbi, false); + } out: return page; } diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index 417c9dcd0269..87535bf63421 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -320,10 +320,10 @@ struct inode *f2fs_iget(struct super_block *sb, unsigned long ino) make_now: if (ino == F2FS_NODE_INO(sbi)) { inode->i_mapping->a_ops = &f2fs_node_aops; - mapping_set_gfp_mask(inode->i_mapping, GFP_F2FS_ZERO); + mapping_set_gfp_mask(inode->i_mapping, GFP_NOFS); } else if (ino == F2FS_META_INO(sbi)) { inode->i_mapping->a_ops = &f2fs_meta_aops; - mapping_set_gfp_mask(inode->i_mapping, GFP_F2FS_ZERO); + mapping_set_gfp_mask(inode->i_mapping, GFP_NOFS); } else if (S_ISREG(inode->i_mode)) { inode->i_op = &f2fs_file_inode_operations; inode->i_fop = &f2fs_file_operations; diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index a7ec952093f8..0fb006f591a4 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -1979,6 +1979,7 @@ static void write_current_sum_page(struct f2fs_sb_info *sbi, struct f2fs_summary_block *dst; dst = (struct f2fs_summary_block *)page_address(page); + memset(dst, 0, PAGE_SIZE); mutex_lock(&curseg->curseg_mutex); @@ -3133,6 +3134,7 @@ static void write_compacted_summaries(struct f2fs_sb_info *sbi, block_t blkaddr) page = grab_meta_page(sbi, blkaddr++); kaddr = (unsigned char *)page_address(page); + memset(kaddr, 0, PAGE_SIZE); /* Step 1: write nat cache */ seg_i = CURSEG_I(sbi, CURSEG_HOT_DATA); @@ -3157,6 +3159,7 @@ static void write_compacted_summaries(struct f2fs_sb_info *sbi, block_t blkaddr) if (!page) { page = grab_meta_page(sbi, blkaddr++); kaddr = (unsigned char *)page_address(page); + memset(kaddr, 0, PAGE_SIZE); written_size = 0; } summary = (struct f2fs_summary *)(kaddr + written_size); diff --git a/fs/f2fs/segment.h b/fs/f2fs/segment.h index 3325d0769723..492ad0c86fa9 100644 --- a/fs/f2fs/segment.h +++ b/fs/f2fs/segment.h @@ -375,6 +375,7 @@ static inline void seg_info_to_sit_page(struct f2fs_sb_info *sbi, int i; raw_sit = (struct f2fs_sit_block *)page_address(page); + memset(raw_sit, 0, PAGE_SIZE); for (i = 0; i < end - start; i++) { rs = &raw_sit->entries[i]; se = get_seg_entry(sbi, start + i);

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] f2fs: don't use GFP_ZERO for page caches" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 81114baa835b59ed02d14aa1d67f91ea874077cd Mon Sep 17 00:00:00 2001 From: Chao Yu <yuchao0(a)huawei.com> Date: Mon, 9 Apr 2018 20:25:06 +0800 Subject: [PATCH] f2fs: don't use GFP_ZERO for page caches Related to https://lkml.org/lkml/2018/4/8/661 Sometimes, we need to write meta data to new allocated block address, then we will allocate a zeroed page in inner inode's address space, and fill partial data in it, and leave other place with zero value which means some fields are initial status. There are two inner inodes (meta inode and node inode) setting __GFP_ZERO, I have just checked them, for both of them, we can avoid using __GFP_ZERO, and do initialization by ourselves to avoid unneeded/redundant zeroing from mm. Cc: <stable(a)vger.kernel.org> Signed-off-by: Chao Yu <yuchao0(a)huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c index 3d3a1f6b21a1..8fc55d42ba25 100644 --- a/fs/f2fs/checkpoint.c +++ b/fs/f2fs/checkpoint.c @@ -100,8 +100,10 @@ repeat: * readonly and make sure do not write checkpoint with non-uptodate * meta page. */ - if (unlikely(!PageUptodate(page))) + if (unlikely(!PageUptodate(page))) { + memset(page_address(page), 0, PAGE_SIZE); f2fs_stop_checkpoint(sbi, false); + } out: return page; } diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index 417c9dcd0269..87535bf63421 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -320,10 +320,10 @@ struct inode *f2fs_iget(struct super_block *sb, unsigned long ino) make_now: if (ino == F2FS_NODE_INO(sbi)) { inode->i_mapping->a_ops = &f2fs_node_aops; - mapping_set_gfp_mask(inode->i_mapping, GFP_F2FS_ZERO); + mapping_set_gfp_mask(inode->i_mapping, GFP_NOFS); } else if (ino == F2FS_META_INO(sbi)) { inode->i_mapping->a_ops = &f2fs_meta_aops; - mapping_set_gfp_mask(inode->i_mapping, GFP_F2FS_ZERO); + mapping_set_gfp_mask(inode->i_mapping, GFP_NOFS); } else if (S_ISREG(inode->i_mode)) { inode->i_op = &f2fs_file_inode_operations; inode->i_fop = &f2fs_file_operations; diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index a7ec952093f8..0fb006f591a4 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -1979,6 +1979,7 @@ static void write_current_sum_page(struct f2fs_sb_info *sbi, struct f2fs_summary_block *dst; dst = (struct f2fs_summary_block *)page_address(page); + memset(dst, 0, PAGE_SIZE); mutex_lock(&curseg->curseg_mutex); @@ -3133,6 +3134,7 @@ static void write_compacted_summaries(struct f2fs_sb_info *sbi, block_t blkaddr) page = grab_meta_page(sbi, blkaddr++); kaddr = (unsigned char *)page_address(page); + memset(kaddr, 0, PAGE_SIZE); /* Step 1: write nat cache */ seg_i = CURSEG_I(sbi, CURSEG_HOT_DATA); @@ -3157,6 +3159,7 @@ static void write_compacted_summaries(struct f2fs_sb_info *sbi, block_t blkaddr) if (!page) { page = grab_meta_page(sbi, blkaddr++); kaddr = (unsigned char *)page_address(page); + memset(kaddr, 0, PAGE_SIZE); written_size = 0; } summary = (struct f2fs_summary *)(kaddr + written_size); diff --git a/fs/f2fs/segment.h b/fs/f2fs/segment.h index 3325d0769723..492ad0c86fa9 100644 --- a/fs/f2fs/segment.h +++ b/fs/f2fs/segment.h @@ -375,6 +375,7 @@ static inline void seg_info_to_sit_page(struct f2fs_sb_info *sbi, int i; raw_sit = (struct f2fs_sit_block *)page_address(page); + memset(raw_sit, 0, PAGE_SIZE); for (i = 0; i < end - start; i++) { rs = &raw_sit->entries[i]; se = get_seg_entry(sbi, start + i);

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] f2fs: don't use GFP_ZERO for page caches" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 81114baa835b59ed02d14aa1d67f91ea874077cd Mon Sep 17 00:00:00 2001 From: Chao Yu <yuchao0(a)huawei.com> Date: Mon, 9 Apr 2018 20:25:06 +0800 Subject: [PATCH] f2fs: don't use GFP_ZERO for page caches Related to https://lkml.org/lkml/2018/4/8/661 Sometimes, we need to write meta data to new allocated block address, then we will allocate a zeroed page in inner inode's address space, and fill partial data in it, and leave other place with zero value which means some fields are initial status. There are two inner inodes (meta inode and node inode) setting __GFP_ZERO, I have just checked them, for both of them, we can avoid using __GFP_ZERO, and do initialization by ourselves to avoid unneeded/redundant zeroing from mm. Cc: <stable(a)vger.kernel.org> Signed-off-by: Chao Yu <yuchao0(a)huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c index 3d3a1f6b21a1..8fc55d42ba25 100644 --- a/fs/f2fs/checkpoint.c +++ b/fs/f2fs/checkpoint.c @@ -100,8 +100,10 @@ repeat: * readonly and make sure do not write checkpoint with non-uptodate * meta page. */ - if (unlikely(!PageUptodate(page))) + if (unlikely(!PageUptodate(page))) { + memset(page_address(page), 0, PAGE_SIZE); f2fs_stop_checkpoint(sbi, false); + } out: return page; } diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index 417c9dcd0269..87535bf63421 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -320,10 +320,10 @@ struct inode *f2fs_iget(struct super_block *sb, unsigned long ino) make_now: if (ino == F2FS_NODE_INO(sbi)) { inode->i_mapping->a_ops = &f2fs_node_aops; - mapping_set_gfp_mask(inode->i_mapping, GFP_F2FS_ZERO); + mapping_set_gfp_mask(inode->i_mapping, GFP_NOFS); } else if (ino == F2FS_META_INO(sbi)) { inode->i_mapping->a_ops = &f2fs_meta_aops; - mapping_set_gfp_mask(inode->i_mapping, GFP_F2FS_ZERO); + mapping_set_gfp_mask(inode->i_mapping, GFP_NOFS); } else if (S_ISREG(inode->i_mode)) { inode->i_op = &f2fs_file_inode_operations; inode->i_fop = &f2fs_file_operations; diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index a7ec952093f8..0fb006f591a4 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -1979,6 +1979,7 @@ static void write_current_sum_page(struct f2fs_sb_info *sbi, struct f2fs_summary_block *dst; dst = (struct f2fs_summary_block *)page_address(page); + memset(dst, 0, PAGE_SIZE); mutex_lock(&curseg->curseg_mutex); @@ -3133,6 +3134,7 @@ static void write_compacted_summaries(struct f2fs_sb_info *sbi, block_t blkaddr) page = grab_meta_page(sbi, blkaddr++); kaddr = (unsigned char *)page_address(page); + memset(kaddr, 0, PAGE_SIZE); /* Step 1: write nat cache */ seg_i = CURSEG_I(sbi, CURSEG_HOT_DATA); @@ -3157,6 +3159,7 @@ static void write_compacted_summaries(struct f2fs_sb_info *sbi, block_t blkaddr) if (!page) { page = grab_meta_page(sbi, blkaddr++); kaddr = (unsigned char *)page_address(page); + memset(kaddr, 0, PAGE_SIZE); written_size = 0; } summary = (struct f2fs_summary *)(kaddr + written_size); diff --git a/fs/f2fs/segment.h b/fs/f2fs/segment.h index 3325d0769723..492ad0c86fa9 100644 --- a/fs/f2fs/segment.h +++ b/fs/f2fs/segment.h @@ -375,6 +375,7 @@ static inline void seg_info_to_sit_page(struct f2fs_sb_info *sbi, int i; raw_sit = (struct f2fs_sit_block *)page_address(page); + memset(raw_sit, 0, PAGE_SIZE); for (i = 0; i < end - start; i++) { rs = &raw_sit->entries[i]; se = get_seg_entry(sbi, start + i);

6 years, 11 months

1
0
0 0

862591bf4("xfrm: skip policies marked as dead while rehashing")

by Zubin Mithra

Hello, Syzkaller has reported a crash here[1] for a slab OOB read in xfrm_hash_rebuild. Could the following 2 patches be applied in order to on 4.4.y? 6916fb3b10("xfrm: Ignore socket policies when rebuilding hash tables") 862591bf4f("xfrm: skip policies marked as dead while rehashing") [1] https://syzkaller.appspot.com/bug?id=1c11a638b7d27e871aa297f3b4d5fd5bc90f0c… Thanks, - Zubin

6 years, 11 months

2
1
0 0

FAILED: patch "[PATCH] mm: fix __gup_device_huge vs unmap" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From a9b6de77b1a3ff729f7bfc54b2e17711776a416c Mon Sep 17 00:00:00 2001 From: Dan Williams <dan.j.williams(a)intel.com> Date: Thu, 19 Apr 2018 21:32:19 -0700 Subject: [PATCH] mm: fix __gup_device_huge vs unmap get_user_pages_fast() for device pages is missing the typical validation that all page references have been taken while the mapping was valid. Without this validation truncate operations can not reliably coordinate against new page reference events like O_DIRECT. Cc: <stable(a)vger.kernel.org> Fixes: 3565fce3a659 ("mm, x86: get_user_pages() for dax mappings") Reported-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> diff --git a/mm/gup.c b/mm/gup.c index 76af4cfeaf68..84dd2063ca3d 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -1456,32 +1456,48 @@ static int __gup_device_huge(unsigned long pfn, unsigned long addr, return 1; } -static int __gup_device_huge_pmd(pmd_t pmd, unsigned long addr, +static int __gup_device_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr, unsigned long end, struct page **pages, int *nr) { unsigned long fault_pfn; + int nr_start = *nr; + + fault_pfn = pmd_pfn(orig) + ((addr & ~PMD_MASK) >> PAGE_SHIFT); + if (!__gup_device_huge(fault_pfn, addr, end, pages, nr)) + return 0; - fault_pfn = pmd_pfn(pmd) + ((addr & ~PMD_MASK) >> PAGE_SHIFT); - return __gup_device_huge(fault_pfn, addr, end, pages, nr); + if (unlikely(pmd_val(orig) != pmd_val(*pmdp))) { + undo_dev_pagemap(nr, nr_start, pages); + return 0; + } + return 1; } -static int __gup_device_huge_pud(pud_t pud, unsigned long addr, +static int __gup_device_huge_pud(pud_t orig, pud_t *pudp, unsigned long addr, unsigned long end, struct page **pages, int *nr) { unsigned long fault_pfn; + int nr_start = *nr; + + fault_pfn = pud_pfn(orig) + ((addr & ~PUD_MASK) >> PAGE_SHIFT); + if (!__gup_device_huge(fault_pfn, addr, end, pages, nr)) + return 0; - fault_pfn = pud_pfn(pud) + ((addr & ~PUD_MASK) >> PAGE_SHIFT); - return __gup_device_huge(fault_pfn, addr, end, pages, nr); + if (unlikely(pud_val(orig) != pud_val(*pudp))) { + undo_dev_pagemap(nr, nr_start, pages); + return 0; + } + return 1; } #else -static int __gup_device_huge_pmd(pmd_t pmd, unsigned long addr, +static int __gup_device_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr, unsigned long end, struct page **pages, int *nr) { BUILD_BUG(); return 0; } -static int __gup_device_huge_pud(pud_t pud, unsigned long addr, +static int __gup_device_huge_pud(pud_t pud, pud_t *pudp, unsigned long addr, unsigned long end, struct page **pages, int *nr) { BUILD_BUG(); @@ -1499,7 +1515,7 @@ static int gup_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr, return 0; if (pmd_devmap(orig)) - return __gup_device_huge_pmd(orig, addr, end, pages, nr); + return __gup_device_huge_pmd(orig, pmdp, addr, end, pages, nr); refs = 0; page = pmd_page(orig) + ((addr & ~PMD_MASK) >> PAGE_SHIFT); @@ -1537,7 +1553,7 @@ static int gup_huge_pud(pud_t orig, pud_t *pudp, unsigned long addr, return 0; if (pud_devmap(orig)) - return __gup_device_huge_pud(orig, addr, end, pages, nr); + return __gup_device_huge_pud(orig, pudp, addr, end, pages, nr); refs = 0; page = pud_page(orig) + ((addr & ~PUD_MASK) >> PAGE_SHIFT);

6 years, 11 months

1
0
0 0

[PATCH 4.9] iio:buffer: make length types match kfifo types

by Ben Hutchings

From: Martin Kelly <mkelly(a)xevo.com> commit c043ec1ca5baae63726aae32abbe003192bc6eec upstream. Currently, we use int for buffer length and bytes_per_datum. However, kfifo uses unsigned int for length and size_t for element size. We need to make sure these matches or we will have bugs related to overflow (in the range between INT_MAX and UINT_MAX for length, for example). In addition, set_bytes_per_datum uses size_t while bytes_per_datum is an int, which would cause bugs for large values of bytes_per_datum. Change buffer length to use unsigned int and bytes_per_datum to use size_t. Signed-off-by: Martin Kelly <mkelly(a)xevo.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> [bwh: Backported to 4.9: - Drop change to iio_dma_buffer_set_length() - Adjust filename, context] Signed-off-by: Ben Hutchings <ben.hutchings(a)codethink.co.uk> --- drivers/iio/buffer/kfifo_buf.c | 4 ++-- include/linux/iio/buffer.h | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/iio/buffer/kfifo_buf.c b/drivers/iio/buffer/kfifo_buf.c index 7ef9b13262a8..e44181f9eb36 100644 --- a/drivers/iio/buffer/kfifo_buf.c +++ b/drivers/iio/buffer/kfifo_buf.c @@ -19,7 +19,7 @@ struct iio_kfifo { #define iio_to_kfifo(r) container_of(r, struct iio_kfifo, buffer) static inline int __iio_allocate_kfifo(struct iio_kfifo *buf, - int bytes_per_datum, int length) + size_t bytes_per_datum, unsigned int length) { if ((length == 0) || (bytes_per_datum == 0)) return -EINVAL; @@ -71,7 +71,7 @@ static int iio_set_bytes_per_datum_kfifo(struct iio_buffer *r, size_t bpd) return 0; } -static int iio_set_length_kfifo(struct iio_buffer *r, int length) +static int iio_set_length_kfifo(struct iio_buffer *r, unsigned int length) { /* Avoid an invalid state */ if (length < 2) diff --git a/include/linux/iio/buffer.h b/include/linux/iio/buffer.h index 70a5164f4728..821965c90070 100644 --- a/include/linux/iio/buffer.h +++ b/include/linux/iio/buffer.h @@ -61,7 +61,7 @@ struct iio_buffer_access_funcs { int (*request_update)(struct iio_buffer *buffer); int (*set_bytes_per_datum)(struct iio_buffer *buffer, size_t bpd); - int (*set_length)(struct iio_buffer *buffer, int length); + int (*set_length)(struct iio_buffer *buffer, unsigned int length); int (*enable)(struct iio_buffer *buffer, struct iio_dev *indio_dev); int (*disable)(struct iio_buffer *buffer, struct iio_dev *indio_dev); @@ -96,8 +96,8 @@ struct iio_buffer_access_funcs { * @watermark: [INTERN] number of datums to wait for poll/read. */ struct iio_buffer { - int length; - int bytes_per_datum; + unsigned int length; + size_t bytes_per_datum; struct attribute_group *scan_el_attrs; long *scan_mask; bool scan_timestamp; -- Ben Hutchings, Software Developer Codethink Ltd https://www.codethink.co.uk/ Dale House, 35 Dale Street Manchester, M1 2HF, United Kingdom

6 years, 11 months

2
1
0 0

FAILED: patch "[PATCH] iio: imu: inv_mpu6050: fix possible deadlock between mutex" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ca4c8fc97e669d7464a95e006d0ca4eadfa4e4bc Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Maneyrol <jmaneyrol(a)invensense.com> Date: Mon, 30 Apr 2018 12:14:09 +0200 Subject: [PATCH] iio: imu: inv_mpu6050: fix possible deadlock between mutex and iio Detected by kernel circular locking dependency checker. We are locking iio mutex (iio_device_claim_direct_mode) after locking our internal mutex. But when the buffer starts, iio first locks its mutex and then we lock our internal one. To avoid possible deadlock, we need to use the same order everwhere. So we change the ordering by locking first iio mutex, then our internal mutex. Fixes: 68cd6e5b206b ("iio: imu: inv_mpu6050: fix lock issues by using our own mutex") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jmaneyrol(a)invensense.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c index aafa77766b08..7358935fb391 100644 --- a/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c +++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c @@ -340,12 +340,9 @@ static int inv_mpu6050_read_channel_data(struct iio_dev *indio_dev, int result; int ret; - result = iio_device_claim_direct_mode(indio_dev); - if (result) - return result; result = inv_mpu6050_set_power_itg(st, true); if (result) - goto error_release; + return result; switch (chan->type) { case IIO_ANGL_VEL: @@ -386,14 +383,11 @@ static int inv_mpu6050_read_channel_data(struct iio_dev *indio_dev, result = inv_mpu6050_set_power_itg(st, false); if (result) goto error_power_off; - iio_device_release_direct_mode(indio_dev); return ret; error_power_off: inv_mpu6050_set_power_itg(st, false); -error_release: - iio_device_release_direct_mode(indio_dev); return result; } @@ -407,9 +401,13 @@ inv_mpu6050_read_raw(struct iio_dev *indio_dev, switch (mask) { case IIO_CHAN_INFO_RAW: + ret = iio_device_claim_direct_mode(indio_dev); + if (ret) + return ret; mutex_lock(&st->lock); ret = inv_mpu6050_read_channel_data(indio_dev, chan, val); mutex_unlock(&st->lock); + iio_device_release_direct_mode(indio_dev); return ret; case IIO_CHAN_INFO_SCALE: switch (chan->type) { @@ -532,17 +530,18 @@ static int inv_mpu6050_write_raw(struct iio_dev *indio_dev, struct inv_mpu6050_state *st = iio_priv(indio_dev); int result; - mutex_lock(&st->lock); /* * we should only update scale when the chip is disabled, i.e. * not running */ result = iio_device_claim_direct_mode(indio_dev); if (result) - goto error_write_raw_unlock; + return result; + + mutex_lock(&st->lock); result = inv_mpu6050_set_power_itg(st, true); if (result) - goto error_write_raw_release; + goto error_write_raw_unlock; switch (mask) { case IIO_CHAN_INFO_SCALE: @@ -581,10 +580,9 @@ static int inv_mpu6050_write_raw(struct iio_dev *indio_dev, } result |= inv_mpu6050_set_power_itg(st, false); -error_write_raw_release: - iio_device_release_direct_mode(indio_dev); error_write_raw_unlock: mutex_unlock(&st->lock); + iio_device_release_direct_mode(indio_dev); return result; } @@ -643,17 +641,18 @@ inv_mpu6050_fifo_rate_store(struct device *dev, struct device_attribute *attr, fifo_rate > INV_MPU6050_MAX_FIFO_RATE) return -EINVAL; + result = iio_device_claim_direct_mode(indio_dev); + if (result) + return result; + mutex_lock(&st->lock); if (fifo_rate == st->chip_config.fifo_rate) { result = 0; goto fifo_rate_fail_unlock; } - result = iio_device_claim_direct_mode(indio_dev); - if (result) - goto fifo_rate_fail_unlock; result = inv_mpu6050_set_power_itg(st, true); if (result) - goto fifo_rate_fail_release; + goto fifo_rate_fail_unlock; d = INV_MPU6050_ONE_K_HZ / fifo_rate - 1; result = regmap_write(st->map, st->reg->sample_rate_div, d); @@ -667,10 +666,9 @@ inv_mpu6050_fifo_rate_store(struct device *dev, struct device_attribute *attr, fifo_rate_fail_power_off: result |= inv_mpu6050_set_power_itg(st, false); -fifo_rate_fail_release: - iio_device_release_direct_mode(indio_dev); fifo_rate_fail_unlock: mutex_unlock(&st->lock); + iio_device_release_direct_mode(indio_dev); if (result) return result;

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] iio: imu: inv_mpu6050: fix possible deadlock between mutex" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ca4c8fc97e669d7464a95e006d0ca4eadfa4e4bc Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Maneyrol <jmaneyrol(a)invensense.com> Date: Mon, 30 Apr 2018 12:14:09 +0200 Subject: [PATCH] iio: imu: inv_mpu6050: fix possible deadlock between mutex and iio Detected by kernel circular locking dependency checker. We are locking iio mutex (iio_device_claim_direct_mode) after locking our internal mutex. But when the buffer starts, iio first locks its mutex and then we lock our internal one. To avoid possible deadlock, we need to use the same order everwhere. So we change the ordering by locking first iio mutex, then our internal mutex. Fixes: 68cd6e5b206b ("iio: imu: inv_mpu6050: fix lock issues by using our own mutex") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jmaneyrol(a)invensense.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c index aafa77766b08..7358935fb391 100644 --- a/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c +++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c @@ -340,12 +340,9 @@ static int inv_mpu6050_read_channel_data(struct iio_dev *indio_dev, int result; int ret; - result = iio_device_claim_direct_mode(indio_dev); - if (result) - return result; result = inv_mpu6050_set_power_itg(st, true); if (result) - goto error_release; + return result; switch (chan->type) { case IIO_ANGL_VEL: @@ -386,14 +383,11 @@ static int inv_mpu6050_read_channel_data(struct iio_dev *indio_dev, result = inv_mpu6050_set_power_itg(st, false); if (result) goto error_power_off; - iio_device_release_direct_mode(indio_dev); return ret; error_power_off: inv_mpu6050_set_power_itg(st, false); -error_release: - iio_device_release_direct_mode(indio_dev); return result; } @@ -407,9 +401,13 @@ inv_mpu6050_read_raw(struct iio_dev *indio_dev, switch (mask) { case IIO_CHAN_INFO_RAW: + ret = iio_device_claim_direct_mode(indio_dev); + if (ret) + return ret; mutex_lock(&st->lock); ret = inv_mpu6050_read_channel_data(indio_dev, chan, val); mutex_unlock(&st->lock); + iio_device_release_direct_mode(indio_dev); return ret; case IIO_CHAN_INFO_SCALE: switch (chan->type) { @@ -532,17 +530,18 @@ static int inv_mpu6050_write_raw(struct iio_dev *indio_dev, struct inv_mpu6050_state *st = iio_priv(indio_dev); int result; - mutex_lock(&st->lock); /* * we should only update scale when the chip is disabled, i.e. * not running */ result = iio_device_claim_direct_mode(indio_dev); if (result) - goto error_write_raw_unlock; + return result; + + mutex_lock(&st->lock); result = inv_mpu6050_set_power_itg(st, true); if (result) - goto error_write_raw_release; + goto error_write_raw_unlock; switch (mask) { case IIO_CHAN_INFO_SCALE: @@ -581,10 +580,9 @@ static int inv_mpu6050_write_raw(struct iio_dev *indio_dev, } result |= inv_mpu6050_set_power_itg(st, false); -error_write_raw_release: - iio_device_release_direct_mode(indio_dev); error_write_raw_unlock: mutex_unlock(&st->lock); + iio_device_release_direct_mode(indio_dev); return result; } @@ -643,17 +641,18 @@ inv_mpu6050_fifo_rate_store(struct device *dev, struct device_attribute *attr, fifo_rate > INV_MPU6050_MAX_FIFO_RATE) return -EINVAL; + result = iio_device_claim_direct_mode(indio_dev); + if (result) + return result; + mutex_lock(&st->lock); if (fifo_rate == st->chip_config.fifo_rate) { result = 0; goto fifo_rate_fail_unlock; } - result = iio_device_claim_direct_mode(indio_dev); - if (result) - goto fifo_rate_fail_unlock; result = inv_mpu6050_set_power_itg(st, true); if (result) - goto fifo_rate_fail_release; + goto fifo_rate_fail_unlock; d = INV_MPU6050_ONE_K_HZ / fifo_rate - 1; result = regmap_write(st->map, st->reg->sample_rate_div, d); @@ -667,10 +666,9 @@ inv_mpu6050_fifo_rate_store(struct device *dev, struct device_attribute *attr, fifo_rate_fail_power_off: result |= inv_mpu6050_set_power_itg(st, false); -fifo_rate_fail_release: - iio_device_release_direct_mode(indio_dev); fifo_rate_fail_unlock: mutex_unlock(&st->lock); + iio_device_release_direct_mode(indio_dev); if (result) return result;

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] Btrfs: fix unexpected cow in run_delalloc_nocow" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5811375325420052fcadd944792a416a43072b7f Mon Sep 17 00:00:00 2001 From: Liu Bo <bo.li.liu(a)oracle.com> Date: Wed, 31 Jan 2018 17:09:13 -0700 Subject: [PATCH] Btrfs: fix unexpected cow in run_delalloc_nocow Fstests generic/475 provides a way to fail metadata reads while checking if checksum exists for the inode inside run_delalloc_nocow(), and csum_exist_in_range() interprets error (-EIO) as inode having checksum and makes its caller enter the cow path. In case of free space inode, this ends up with a warning in cow_file_range(). The same problem applies to btrfs_cross_ref_exist() since it may also read metadata in between. With this, run_delalloc_nocow() bails out when errors occur at the two places. cc: <stable(a)vger.kernel.org> v2.6.28+ Fixes: 17d217fe970d ("Btrfs: fix nodatasum handling in balancing code") Signed-off-by: Liu Bo <bo.li.liu(a)oracle.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 6504e63b2317..491a7397f6fa 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1256,6 +1256,8 @@ static noinline int csum_exist_in_range(struct btrfs_fs_info *fs_info, list_del(&sums->list); kfree(sums); } + if (ret < 0) + return ret; return 1; } @@ -1388,10 +1390,23 @@ static noinline int run_delalloc_nocow(struct inode *inode, goto out_check; if (btrfs_extent_readonly(fs_info, disk_bytenr)) goto out_check; - if (btrfs_cross_ref_exist(root, ino, - found_key.offset - - extent_offset, disk_bytenr)) + ret = btrfs_cross_ref_exist(root, ino, + found_key.offset - + extent_offset, disk_bytenr); + if (ret) { + /* + * ret could be -EIO if the above fails to read + * metadata. + */ + if (ret < 0) { + if (cow_start != (u64)-1) + cur_offset = cow_start; + goto error; + } + + WARN_ON_ONCE(nolock); goto out_check; + } disk_bytenr += extent_offset; disk_bytenr += cur_offset - found_key.offset; num_bytes = min(end + 1, extent_end) - cur_offset; @@ -1409,10 +1424,22 @@ static noinline int run_delalloc_nocow(struct inode *inode, * this ensure that csum for a given extent are * either valid or do not exist. */ - if (csum_exist_in_range(fs_info, disk_bytenr, - num_bytes)) { + ret = csum_exist_in_range(fs_info, disk_bytenr, + num_bytes); + if (ret) { if (!nolock) btrfs_end_write_no_snapshotting(root); + + /* + * ret could be -EIO if the above fails to read + * metadata. + */ + if (ret < 0) { + if (cow_start != (u64)-1) + cur_offset = cow_start; + goto error; + } + WARN_ON_ONCE(nolock); goto out_check; } if (!btrfs_inc_nocow_writers(fs_info, disk_bytenr)) {

6 years, 11 months

3
2
0 0

FAILED: patch "[PATCH] Btrfs: fix clone vs chattr NODATASUM race" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From b5c40d598f5408bd0ca22dfffa82f03cd9433f23 Mon Sep 17 00:00:00 2001 From: Omar Sandoval <osandov(a)fb.com> Date: Tue, 22 May 2018 15:02:12 -0700 Subject: [PATCH] Btrfs: fix clone vs chattr NODATASUM race In btrfs_clone_files(), we must check the NODATASUM flag while the inodes are locked. Otherwise, it's possible that btrfs_ioctl_setflags() will change the flags after we check and we can end up with a party checksummed file. The race window is only a few instructions in size, between the if and the locks which is: 3834 if (S_ISDIR(src->i_mode) || S_ISDIR(inode->i_mode)) 3835 return -EISDIR; where the setflags must be run and toggle the NODATASUM flag (provided the file size is 0). The clone will block on the inode lock, segflags takes the inode lock, changes flags, releases log and clone continues. Not impossible but still needs a lot of bad luck to hit unintentionally. Fixes: 0e7b824c4ef9 ("Btrfs: don't make a file partly checksummed through file clone") CC: stable(a)vger.kernel.org # 4.4+ Signed-off-by: Omar Sandoval <osandov(a)fb.com> Reviewed-by: Nikolay Borisov <nborisov(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> [ update changelog ] Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 743c4f1b8001..b9b779a4ab6e 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -3808,11 +3808,6 @@ static noinline int btrfs_clone_files(struct file *file, struct file *file_src, src->i_sb != inode->i_sb) return -EXDEV; - /* don't make the dst file partly checksummed */ - if ((BTRFS_I(src)->flags & BTRFS_INODE_NODATASUM) != - (BTRFS_I(inode)->flags & BTRFS_INODE_NODATASUM)) - return -EINVAL; - if (S_ISDIR(src->i_mode) || S_ISDIR(inode->i_mode)) return -EISDIR; @@ -3822,6 +3817,13 @@ static noinline int btrfs_clone_files(struct file *file, struct file *file_src, inode_lock(src); } + /* don't make the dst file partly checksummed */ + if ((BTRFS_I(src)->flags & BTRFS_INODE_NODATASUM) != + (BTRFS_I(inode)->flags & BTRFS_INODE_NODATASUM)) { + ret = -EINVAL; + goto out_unlock; + } + /* determine range to clone */ ret = -EINVAL; if (off + len > src->i_size || off + len < off)

6 years, 11 months

3
2
0 0

FAILED: patch "[PATCH] cpufreq: intel_pstate: Fix scaling max/min limits with Turbo" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From ff7c9917143b3a6cf2fa61212a32d67cf259bf9c Mon Sep 17 00:00:00 2001 From: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Date: Mon, 18 Jun 2018 12:47:45 -0700 Subject: [PATCH] cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0 When scaling max/min settings are changed, internally they are converted to a ratio using the max turbo 1 core turbo frequency. This works fine when 1 core max is same irrespective of the core. But under Turbo 3.0, this will not be the case. For example: Core 0: max turbo pstate: 43 (4.3GHz) Core 1: max turbo pstate: 45 (4.5GHz) In this case 1 core turbo ratio will be maximum of all, so it will be 45 (4.5GHz). Suppose scaling max is set to 4GHz (ratio 40) for all cores ,then on core one it will be = max_state * policy->max / max_freq; = 43 * (4000000/4500000) = 38 (3.8GHz) = 38 which is 200MHz less than the desired. On core2, it will be correctly set to ratio 40 (4GHz). Same holds true for scaling min frequency limit. So this requires usage of correct turbo max frequency for core one, which in this case is 4.3GHz. So we need to adjust per CPU cpu->pstate.turbo_freq using the maximum HWP ratio of that core. This change uses the HWP capability of a core to adjust max turbo frequency. But since Broadwell HWP doesn't use ratios in the HWP capabilities, we have to use legacy max 1 core turbo ratio. This is not a problem as the HWP capabilities don't differ among cores in Broadwell. We need to check for non Broadwell CPU model for applying this change, though. Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Cc: 4.6+ <stable(a)vger.kernel.org> # 4.6+ Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c index 1de5ec8d5ea3..ece120da3353 100644 --- a/drivers/cpufreq/intel_pstate.c +++ b/drivers/cpufreq/intel_pstate.c @@ -294,6 +294,7 @@ struct pstate_funcs { static struct pstate_funcs pstate_funcs __read_mostly; static int hwp_active __read_mostly; +static int hwp_mode_bdw __read_mostly; static bool per_cpu_limits __read_mostly; static bool hwp_boost __read_mostly; @@ -1413,7 +1414,15 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) cpu->pstate.turbo_pstate = pstate_funcs.get_turbo(); cpu->pstate.scaling = pstate_funcs.get_scaling(); cpu->pstate.max_freq = cpu->pstate.max_pstate * cpu->pstate.scaling; - cpu->pstate.turbo_freq = cpu->pstate.turbo_pstate * cpu->pstate.scaling; + + if (hwp_active && !hwp_mode_bdw) { + unsigned int phy_max, current_max; + + intel_pstate_get_hwp_max(cpu->cpu, &phy_max, &current_max); + cpu->pstate.turbo_freq = phy_max * cpu->pstate.scaling; + } else { + cpu->pstate.turbo_freq = cpu->pstate.turbo_pstate * cpu->pstate.scaling; + } if (pstate_funcs.get_aperf_mperf_shift) cpu->aperf_mperf_shift = pstate_funcs.get_aperf_mperf_shift(); @@ -2467,28 +2476,36 @@ static inline bool intel_pstate_has_acpi_ppc(void) { return false; } static inline void intel_pstate_request_control_from_smm(void) {} #endif /* CONFIG_ACPI */ +#define INTEL_PSTATE_HWP_BROADWELL 0x01 + +#define ICPU_HWP(model, hwp_mode) \ + { X86_VENDOR_INTEL, 6, model, X86_FEATURE_HWP, hwp_mode } + static const struct x86_cpu_id hwp_support_ids[] __initconst = { - { X86_VENDOR_INTEL, 6, X86_MODEL_ANY, X86_FEATURE_HWP }, + ICPU_HWP(INTEL_FAM6_BROADWELL_X, INTEL_PSTATE_HWP_BROADWELL), + ICPU_HWP(INTEL_FAM6_BROADWELL_XEON_D, INTEL_PSTATE_HWP_BROADWELL), + ICPU_HWP(X86_MODEL_ANY, 0), {} }; static int __init intel_pstate_init(void) { + const struct x86_cpu_id *id; int rc; if (no_load) return -ENODEV; - if (x86_match_cpu(hwp_support_ids)) { + id = x86_match_cpu(hwp_support_ids); + if (id) { copy_cpu_funcs(&core_funcs); if (!no_hwp) { hwp_active++; + hwp_mode_bdw = id->driver_data; intel_pstate.attr = hwp_cpufreq_attrs; goto hwp_cpu_matched; } } else { - const struct x86_cpu_id *id; - id = x86_match_cpu(intel_pstate_cpu_ids); if (!id) return -ENODEV;

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] pinctrl: mt7622: fix a kernel panic when pio don't work as" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5f591543a937310e48baf0ee23680be09cdedfb8 Mon Sep 17 00:00:00 2001 From: Sean Wang <sean.wang(a)mediatek.com> Date: Thu, 14 Jun 2018 16:55:49 +0800 Subject: [PATCH] pinctrl: mt7622: fix a kernel panic when pio don't work as EINT controller The function, external interrupt controller, is made as an optional to mt7622 pinctrl. But if we don't want pio behaves as an external interrupt controller, it would lead to hw->eint not be created properly and then will cause 'kernel NULL pointer' issue when gpiochip try to call .to_irq or .set_config. To fix it, check hw->eint before accessing the member. [ 1.339494] Unable to handle kernel NULL pointer dereference at virtual address 00000010 [ 1.347857] Mem abort info: [ 1.350742] ESR = 0x96000005 [ 1.353905] Exception class = DABT (current EL), IL = 32 bits [ 1.360024] SET = 0, FnV = 0 [ 1.363185] EA = 0, S1PTW = 0 [ 1.366431] Data abort info: [ 1.369405] ISV = 0, ISS = 0x00000005 [ 1.373363] CM = 0, WnR = 0 [ 1.376437] [0000000000000010] user address but active_mm is swapper [ 1.383005] Internal error: Oops: 96000005 [#1] PREEMPT SMP [ 1.388748] Modules linked in: [ 1.391897] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.16.0-rc1+ #344 [ 1.398625] Hardware name: MediaTek MT7622 RFB1 board (DT) [ 1.404279] pstate: 80000005 (Nzcv daif -PAN -UAO) [ 1.409221] pc : mtk_eint_find_irq+0x8/0x24 [ 1.413532] lr : mtk_gpio_to_irq+0x20/0x28 [ 1.417749] sp : ffffff800801baf0 [ 1.421161] x29: ffffff800801baf0 x28: ffffff8008792f40 [ 1.426637] x27: ffffff800886b000 x26: ffffff8008615620 [ 1.432113] x25: ffffffc00e4dbdc8 x24: ffffff80087b8000 [ 1.437589] x23: ffffffc00325a000 x22: ffffffc00325a010 [ 1.443066] x21: ffffffc0033dec18 x20: 00000000ffffffea [ 1.448542] x19: ffffffc00e4db800 x18: 0000000000000130 [ 1.454018] x17: 000000000000000e x16: 0000000000000007 [ 1.459494] x15: ffffff80085ee000 x14: 0000000000000001 [ 1.464970] x13: 0000000000000001 x12: 0000000000000010 [ 1.470446] x11: 0101010101010101 x10: 0000000000000880 [ 1.475922] x9 : ffffff800801b990 x8 : ffffffc0030688e0 [ 1.481399] x7 : ffffff80080c0660 x6 : ffffffc00e4dbbb0 [ 1.486875] x5 : 0000000000000000 x4 : 0000000000000000 [ 1.492351] x3 : ffffff80082a92f4 x2 : 00000000fffffffa [ 1.497826] x1 : 0000000000000051 x0 : 0000000000000000 [ 1.503305] Process swapper/0 (pid: 1, stack limit = 0x0000000054e053bd) [ 1.510210] Call trace: [ 1.512727] mtk_eint_find_irq+0x8/0x24 [ 1.516677] mtk_gpio_to_irq+0x20/0x28 [ 1.520539] gpiod_to_irq+0x48/0x60 [ 1.524135] mmc_gpiod_request_cd_irq+0x3c/0xc4 [ 1.528804] mmc_start_host+0x6c/0x8c [ 1.532575] mmc_add_host+0x58/0x7c [ 1.536168] msdc_drv_probe+0x4fc/0x67c [ 1.540121] platform_drv_probe+0x58/0xa4 [ 1.544251] driver_probe_device+0x204/0x44c [ 1.548649] __driver_attach+0x84/0xf8 [ 1.552512] bus_for_each_dev+0x68/0xa0 [ 1.556461] driver_attach+0x20/0x28 [ 1.560142] bus_add_driver+0xec/0x240 [ 1.564002] driver_register+0x98/0xe4 [ 1.567863] __platform_driver_register+0x48/0x50 [ 1.572711] mt_msdc_driver_init+0x18/0x20 [ 1.576932] do_one_initcall+0x98/0x130 [ 1.580886] kernel_init_freeable+0x13c/0x1d4 [ 1.585375] kernel_init+0x10/0xf8 [ 1.588879] ret_from_fork+0x10/0x18 [ 1.592564] Code: a8c67bfd d65f03c0 a9bf7bfd 910003fd (f9400800) [ 1.598849] ---[ end trace 4bbcb7bc30e98492 ]--- [ 1.603677] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b [ 1.603677] cc: Kevin Hilman <khilman(a)baylibre.com> Cc: stable(a)vger.kernel.org Fixes: e6dabd38d8e7 ("pinctrl: mediatek: add EINT support to MT7622 SoC") Signed-off-by: Sean Wang <sean.wang(a)mediatek.com> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> diff --git a/drivers/pinctrl/mediatek/pinctrl-mt7622.c b/drivers/pinctrl/mediatek/pinctrl-mt7622.c index ad6da1184c9f..e3f1ab2290fc 100644 --- a/drivers/pinctrl/mediatek/pinctrl-mt7622.c +++ b/drivers/pinctrl/mediatek/pinctrl-mt7622.c @@ -1459,6 +1459,9 @@ static int mtk_gpio_to_irq(struct gpio_chip *chip, unsigned int offset) struct mtk_pinctrl *hw = gpiochip_get_data(chip); unsigned long eint_n; + if (!hw->eint) + return -ENOTSUPP; + eint_n = offset; return mtk_eint_find_irq(hw->eint, eint_n); @@ -1471,7 +1474,8 @@ static int mtk_gpio_set_config(struct gpio_chip *chip, unsigned int offset, unsigned long eint_n; u32 debounce; - if (pinconf_to_config_param(config) != PIN_CONFIG_INPUT_DEBOUNCE) + if (!hw->eint || + pinconf_to_config_param(config) != PIN_CONFIG_INPUT_DEBOUNCE) return -ENOTSUPP; debounce = pinconf_to_config_argument(config);

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] pinctrl: samsung: Correct EINTG banks order" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 5cf9a338db94cfd570aa2607bef1b30996f188e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Chmiel?= <pawel.mikolaj.chmiel(a)gmail.com> Date: Mon, 16 Apr 2018 17:52:45 +0200 Subject: [PATCH] pinctrl: samsung: Correct EINTG banks order MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit All banks with GPIO interrupts should be at beginning of bank array and without any other types of banks between them. This order is expected by exynos_eint_gpio_irq, when doing interrupt group to bank translation. Otherwise, kernel NULL pointer dereference would happen when trying to handle interrupt, due to wrong bank being looked up. Observed on s5pv210, when trying to handle gpj0 interrupt, where kernel was mapping it to gpi bank. Cc: stable(a)vger.kernel.org Fixes: 023e06dfa688 ("pinctrl: exynos: add exynos5410 SoC specific data") Fixes: 608a26a7bc04 ("pinctrl: Add s5pv210 support to pinctrl-exynos) Signed-off-by: Paweł Chmiel <pawel.mikolaj.chmiel(a)gmail.com> Reviewed-by: Tomasz Figa <tomasz.figa(a)gmail.com> Signed-off-by: Krzysztof Kozlowski <krzk(a)kernel.org> diff --git a/drivers/pinctrl/samsung/pinctrl-exynos-arm.c b/drivers/pinctrl/samsung/pinctrl-exynos-arm.c index 90c274490181..4f4ae66a0ee3 100644 --- a/drivers/pinctrl/samsung/pinctrl-exynos-arm.c +++ b/drivers/pinctrl/samsung/pinctrl-exynos-arm.c @@ -105,12 +105,12 @@ static const struct samsung_pin_bank_data s5pv210_pin_bank[] __initconst = { EXYNOS_PIN_BANK_EINTG(7, 0x1c0, "gpg1", 0x38), EXYNOS_PIN_BANK_EINTG(7, 0x1e0, "gpg2", 0x3c), EXYNOS_PIN_BANK_EINTG(7, 0x200, "gpg3", 0x40), - EXYNOS_PIN_BANK_EINTN(7, 0x220, "gpi"), EXYNOS_PIN_BANK_EINTG(8, 0x240, "gpj0", 0x44), EXYNOS_PIN_BANK_EINTG(6, 0x260, "gpj1", 0x48), EXYNOS_PIN_BANK_EINTG(8, 0x280, "gpj2", 0x4c), EXYNOS_PIN_BANK_EINTG(8, 0x2a0, "gpj3", 0x50), EXYNOS_PIN_BANK_EINTG(5, 0x2c0, "gpj4", 0x54), + EXYNOS_PIN_BANK_EINTN(7, 0x220, "gpi"), EXYNOS_PIN_BANK_EINTN(8, 0x2e0, "mp01"), EXYNOS_PIN_BANK_EINTN(4, 0x300, "mp02"), EXYNOS_PIN_BANK_EINTN(8, 0x320, "mp03"), @@ -630,7 +630,6 @@ static const struct samsung_pin_bank_data exynos5410_pin_banks0[] __initconst = EXYNOS_PIN_BANK_EINTG(4, 0x100, "gpc3", 0x20), EXYNOS_PIN_BANK_EINTG(7, 0x120, "gpc1", 0x24), EXYNOS_PIN_BANK_EINTG(7, 0x140, "gpc2", 0x28), - EXYNOS_PIN_BANK_EINTN(2, 0x160, "gpm5"), EXYNOS_PIN_BANK_EINTG(8, 0x180, "gpd1", 0x2c), EXYNOS_PIN_BANK_EINTG(8, 0x1A0, "gpe0", 0x30), EXYNOS_PIN_BANK_EINTG(2, 0x1C0, "gpe1", 0x34), @@ -641,6 +640,7 @@ static const struct samsung_pin_bank_data exynos5410_pin_banks0[] __initconst = EXYNOS_PIN_BANK_EINTG(2, 0x260, "gpg2", 0x48), EXYNOS_PIN_BANK_EINTG(4, 0x280, "gph0", 0x4c), EXYNOS_PIN_BANK_EINTG(8, 0x2A0, "gph1", 0x50), + EXYNOS_PIN_BANK_EINTN(2, 0x160, "gpm5"), EXYNOS_PIN_BANK_EINTN(8, 0x2C0, "gpm7"), EXYNOS_PIN_BANK_EINTN(6, 0x2E0, "gpy0"), EXYNOS_PIN_BANK_EINTN(4, 0x300, "gpy1"),

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] printk: fix possible reuse of va_list variable" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 988a35f8da1dec5a8cd2788054d1e717be61bf25 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Date: Fri, 11 May 2018 19:54:19 +0900 Subject: [PATCH] printk: fix possible reuse of va_list variable I noticed that there is a possibility that printk_safe_log_store() causes kernel oops because "args" parameter is passed to vsnprintf() again when atomic_cmpxchg() detected that we raced. Fix this by using va_copy(). Link: http://lkml.kernel.org/r/201805112002.GIF21216.OFVHFOMLJtQFSO@I-love.SAKURA… Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: dvyukov(a)google.com Cc: syzkaller(a)googlegroups.com Cc: fengguang.wu(a)intel.com Cc: linux-kernel(a)vger.kernel.org Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Fixes: 42a0bb3f71383b45 ("printk/nmi: generic solution for safe printk in NMI") Cc: 4.7+ <stable(a)vger.kernel.org> # v4.7+ Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com> Signed-off-by: Petr Mladek <pmladek(a)suse.com> diff --git a/kernel/printk/printk_safe.c b/kernel/printk/printk_safe.c index 3e3c2004bb23..449d67edfa4b 100644 --- a/kernel/printk/printk_safe.c +++ b/kernel/printk/printk_safe.c @@ -82,6 +82,7 @@ static __printf(2, 0) int printk_safe_log_store(struct printk_safe_seq_buf *s, { int add; size_t len; + va_list ap; again: len = atomic_read(&s->len); @@ -100,7 +101,9 @@ static __printf(2, 0) int printk_safe_log_store(struct printk_safe_seq_buf *s, if (!len) smp_rmb(); - add = vscnprintf(s->buffer + len, sizeof(s->buffer) - len, fmt, args); + va_copy(ap, args); + add = vscnprintf(s->buffer + len, sizeof(s->buffer) - len, fmt, ap); + va_end(ap); if (!add) return 0;

6 years, 11 months

4
3
0 0

FAILED: patch "[PATCH] PCI: dwc: Fix enumeration end when reaching root subordinate" failed to apply to 4.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From c2deae44616dab0112d965a0dc72d053b5727b4b Mon Sep 17 00:00:00 2001 From: Koen Vandeputte <koen.vandeputte(a)ncentric.com> Date: Mon, 15 Jan 2018 10:36:08 +0100 Subject: [PATCH] PCI: dwc: Fix enumeration end when reaching root subordinate The subordinate value indicates the highest bus number which can be reached downstream though a certain device. Commit a20c7f36bd3d ("PCI: Do not allocate more buses than available in parent") ensures that downstream devices cannot assign busnumbers higher than the upstream device subordinate number, which was indeed illogical. By default, dw_pcie_setup_rc() inits the Root Complex subordinate to a value of 0x01. Due to this combined with above commit, enumeration stops digging deeper downstream as soon as bus num 0x01 has been assigned, which is always the case for a bridge device. This results in all devices behind a bridge bus to remain undetected, as these would be connected to bus 0x02 or higher. Fix this by initializing the RC to a subordinate value of 0xff, which is not altering hardware behaviour in any way, but informs probing function pci_scan_bridge() later on which reads this value back from register. Following nasty errors during boot are also fixed by this: [ 0.459145] pci_bus 0000:02: busn_res: can not insert [bus 02-ff] under [bus 01] (conflicts with (null) [bus 01]) ... [ 0.464515] pci_bus 0000:03: [bus 03] partially hidden behind bridge 0000:01 [bus 01] ... [ 0.464892] pci_bus 0000:04: [bus 04] partially hidden behind bridge 0000:01 [bus 01] ... [ 0.466488] pci_bus 0000:05: [bus 05] partially hidden behind bridge 0000:01 [bus 01] [ 0.466506] pci_bus 0000:02: busn_res: [bus 02-ff] end is updated to 05 [ 0.466517] pci_bus 0000:02: busn_res: can not insert [bus 02-05] under [bus 01] (conflicts with (null) [bus 01]) [ 0.466534] pci_bus 0000:02: [bus 02-05] partially hidden behind bridge 0000:01 [bus 01] Fixes: a20c7f36bd3d ("PCI: Do not allocate more buses than available in parent") Tested-by: Niklas Cassel <niklas.cassel(a)axis.com> Tested-by: Fabio Estevam <fabio.estevam(a)nxp.com> Tested-by: Sebastian Reichel <sebastian.reichel(a)collabora.co.uk> Signed-off-by: Koen Vandeputte <koen.vandeputte(a)ncentric.com> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Reviewed-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Acked-by: Lucas Stach <l.stach(a)pengutronix.de> Cc: <stable(a)vger.kernel.org> # 4.15 Cc: Binghui Wang <wangbinghui(a)hisilicon.com> Cc: Bjorn Helgaas <bhelgaas(a)google.com> Cc: Jesper Nilsson <jesper.nilsson(a)axis.com> Cc: Jianguo Sun <sunjianguo1(a)huawei.com> Cc: Jingoo Han <jingoohan1(a)gmail.com> Cc: Kishon Vijay Abraham I <kishon(a)ti.com> Cc: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> Cc: Lucas Stach <l.stach(a)pengutronix.de> Cc: Mika Westerberg <mika.westerberg(a)linux.intel.com> Cc: Minghuan Lian <minghuan.Lian(a)freescale.com> Cc: Mingkai Hu <mingkai.hu(a)freescale.com> Cc: Murali Karicheri <m-karicheri2(a)ti.com> Cc: Pratyush Anand <pratyush.anand(a)gmail.com> Cc: Richard Zhu <hongxing.zhu(a)nxp.com> Cc: Roy Zang <tie-fei.zang(a)freescale.com> Cc: Shawn Guo <shawn.guo(a)linaro.org> Cc: Stanimir Varbanov <svarbanov(a)mm-sol.com> Cc: Thomas Petazzoni <thomas.petazzoni(a)free-electrons.com> Cc: Xiaowei Song <songxiaowei(a)hisilicon.com> Cc: Zhou Wang <wangzhou1(a)hisilicon.com> diff --git a/drivers/pci/dwc/pcie-designware-host.c b/drivers/pci/dwc/pcie-designware-host.c index 8de2d5c69b1d..dc9303abda42 100644 --- a/drivers/pci/dwc/pcie-designware-host.c +++ b/drivers/pci/dwc/pcie-designware-host.c @@ -613,7 +613,7 @@ void dw_pcie_setup_rc(struct pcie_port *pp) /* setup bus numbers */ val = dw_pcie_readl_dbi(pci, PCI_PRIMARY_BUS); val &= 0xff000000; - val |= 0x00010100; + val |= 0x00ff0100; dw_pcie_writel_dbi(pci, PCI_PRIMARY_BUS, val); /* setup command register */

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] mtd: rawnand: mxc: set spare area size register explicitly" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3f77f244d8ec28e3a0a81240ffac7d626390060c Mon Sep 17 00:00:00 2001 From: Martin Kaiser <martin(a)kaiser.cx> Date: Mon, 18 Jun 2018 22:41:03 +0200 Subject: [PATCH] mtd: rawnand: mxc: set spare area size register explicitly The v21 version of the NAND flash controller contains a Spare Area Size Register (SPAS) at offset 0x10. Its setting defaults to the maximum spare area size of 218 bytes. The size that is set in this register is used by the controller when it calculates the ECC bytes internally in hardware. Usually, this register is updated from settings in the IIM fuses when the system is booting from NAND flash. For other boot media, however, the SPAS register remains at the default setting, which may not work for the particular flash chip on the board. The same goes for flash chips whose configuration cannot be set in the IIM fuses (e.g. chips with 2k sector size and 128 bytes spare area size can't be configured in the IIM fuses on imx25 systems). Set the SPAS register explicitly during the preset operation. Derive the register value from mtd->oobsize that was detected during probe by decoding the flash chip's ID bytes. While at it, rename the define for the spare area register's offset to NFC_V21_RSLTSPARE_AREA. The register at offset 0x10 on v1 controllers is different from the register on v21 controllers. Fixes: d484018 ("mtd: mxc_nand: set NFC registers after reset") Cc: stable(a)vger.kernel.org Signed-off-by: Martin Kaiser <martin(a)kaiser.cx> Reviewed-by: Sascha Hauer <s.hauer(a)pengutronix.de> Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> diff --git a/drivers/mtd/nand/raw/mxc_nand.c b/drivers/mtd/nand/raw/mxc_nand.c index 45786e707b7b..26cef218bb43 100644 --- a/drivers/mtd/nand/raw/mxc_nand.c +++ b/drivers/mtd/nand/raw/mxc_nand.c @@ -48,7 +48,7 @@ #define NFC_V1_V2_CONFIG (host->regs + 0x0a) #define NFC_V1_V2_ECC_STATUS_RESULT (host->regs + 0x0c) #define NFC_V1_V2_RSLTMAIN_AREA (host->regs + 0x0e) -#define NFC_V1_V2_RSLTSPARE_AREA (host->regs + 0x10) +#define NFC_V21_RSLTSPARE_AREA (host->regs + 0x10) #define NFC_V1_V2_WRPROT (host->regs + 0x12) #define NFC_V1_UNLOCKSTART_BLKADDR (host->regs + 0x14) #define NFC_V1_UNLOCKEND_BLKADDR (host->regs + 0x16) @@ -1274,6 +1274,9 @@ static void preset_v2(struct mtd_info *mtd) writew(config1, NFC_V1_V2_CONFIG1); /* preset operation */ + /* spare area size in 16-bit half-words */ + writew(mtd->oobsize / 2, NFC_V21_RSLTSPARE_AREA); + /* Unlock the internal RAM Buffer */ writew(0x2, NFC_V1_V2_CONFIG);

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] mtd: rawnand: mxc: set spare area size register explicitly" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 3f77f244d8ec28e3a0a81240ffac7d626390060c Mon Sep 17 00:00:00 2001 From: Martin Kaiser <martin(a)kaiser.cx> Date: Mon, 18 Jun 2018 22:41:03 +0200 Subject: [PATCH] mtd: rawnand: mxc: set spare area size register explicitly The v21 version of the NAND flash controller contains a Spare Area Size Register (SPAS) at offset 0x10. Its setting defaults to the maximum spare area size of 218 bytes. The size that is set in this register is used by the controller when it calculates the ECC bytes internally in hardware. Usually, this register is updated from settings in the IIM fuses when the system is booting from NAND flash. For other boot media, however, the SPAS register remains at the default setting, which may not work for the particular flash chip on the board. The same goes for flash chips whose configuration cannot be set in the IIM fuses (e.g. chips with 2k sector size and 128 bytes spare area size can't be configured in the IIM fuses on imx25 systems). Set the SPAS register explicitly during the preset operation. Derive the register value from mtd->oobsize that was detected during probe by decoding the flash chip's ID bytes. While at it, rename the define for the spare area register's offset to NFC_V21_RSLTSPARE_AREA. The register at offset 0x10 on v1 controllers is different from the register on v21 controllers. Fixes: d484018 ("mtd: mxc_nand: set NFC registers after reset") Cc: stable(a)vger.kernel.org Signed-off-by: Martin Kaiser <martin(a)kaiser.cx> Reviewed-by: Sascha Hauer <s.hauer(a)pengutronix.de> Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> diff --git a/drivers/mtd/nand/raw/mxc_nand.c b/drivers/mtd/nand/raw/mxc_nand.c index 45786e707b7b..26cef218bb43 100644 --- a/drivers/mtd/nand/raw/mxc_nand.c +++ b/drivers/mtd/nand/raw/mxc_nand.c @@ -48,7 +48,7 @@ #define NFC_V1_V2_CONFIG (host->regs + 0x0a) #define NFC_V1_V2_ECC_STATUS_RESULT (host->regs + 0x0c) #define NFC_V1_V2_RSLTMAIN_AREA (host->regs + 0x0e) -#define NFC_V1_V2_RSLTSPARE_AREA (host->regs + 0x10) +#define NFC_V21_RSLTSPARE_AREA (host->regs + 0x10) #define NFC_V1_V2_WRPROT (host->regs + 0x12) #define NFC_V1_UNLOCKSTART_BLKADDR (host->regs + 0x14) #define NFC_V1_UNLOCKEND_BLKADDR (host->regs + 0x16) @@ -1274,6 +1274,9 @@ static void preset_v2(struct mtd_info *mtd) writew(config1, NFC_V1_V2_CONFIG1); /* preset operation */ + /* spare area size in 16-bit half-words */ + writew(mtd->oobsize / 2, NFC_V21_RSLTSPARE_AREA); + /* Unlock the internal RAM Buffer */ writew(0x2, NFC_V1_V2_CONFIG);

6 years, 11 months

1
0
0 0

FAILED: patch "[PATCH] mtd: rawnand: fix return value check for bad block status" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e9893e6fa932f42c90c4ac5849fa9aa0f0f00a34 Mon Sep 17 00:00:00 2001 From: Abhishek Sahu <absahu(a)codeaurora.org> Date: Wed, 13 Jun 2018 14:32:36 +0530 Subject: [PATCH] mtd: rawnand: fix return value check for bad block status Positive return value from read_oob() is making false BAD blocks. For some of the NAND controllers, OOB bytes will be protected with ECC and read_oob() will return number of bitflips. If there is any bitflip in ECC protected OOB bytes for BAD block status page, then that block is getting treated as BAD. Fixes: c120e75e0e7d ("mtd: nand: use read_oob() instead of cmdfunc() for bad block check") Cc: <stable(a)vger.kernel.org> Signed-off-by: Abhishek Sahu <absahu(a)codeaurora.org> Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Boris Brezillon <boris.brezillon(a)bootlin.com> diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index 10c4f9919850..b01d15ec4c56 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -440,7 +440,7 @@ static int nand_block_bad(struct mtd_info *mtd, loff_t ofs) for (; page < page_end; page++) { res = chip->ecc.read_oob(mtd, chip, page); - if (res) + if (res < 0) return res; bad = chip->oob_poi[chip->badblockpos];

6 years, 11 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror